blob: 32207842baeec03ea65a28daf0ebb0987b6c0f48 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <string.h>
#include "os/mynewt.h"
#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
#include "bootutil/sign_key.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"
#include "tinycrypt/ecc_dsa.h"
#include "bootutil_priv.h"
/*
* Declaring these like this adds NULL termination.
*/
static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1;
/*
* Parse the public key used for signing.
*/
static int
tinycrypt_import_key(uint8_t *pubkey, uint8_t *cp, uint8_t *end)
{
size_t len;
mbedtls_asn1_buf alg;
mbedtls_asn1_buf param;
if (mbedtls_asn1_get_tag(&cp, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
return -1;
}
end = cp + len;
if (mbedtls_asn1_get_alg(&cp, end, &alg, &param)) {
return -2;
}
if (alg.len != sizeof(ec_pubkey_oid) - 1 ||
memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
return -3;
}
if (param.len != sizeof(ec_secp256r1_oid) - 1 ||
memcmp(param.p, ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
return -4;
}
if (mbedtls_asn1_get_bitstring_null(&cp, end, &len)) {
return -6;
}
if (cp + len != end) {
return -7;
}
if (len != 2 * NUM_ECC_BYTES + 1) {
return -8;
}
if (cp[0] != 0x04) {
return -9;
}
/* TODO avoid this copy? */
memcpy(pubkey, cp + 1, 2 * NUM_ECC_BYTES);
return 0;
}
/*
* cp points to ASN1 string containing an integer.
* Verify the tag, and that the length is 32 bytes.
*/
static int
tinycrypt_read_bigint(uint8_t i[NUM_ECC_BYTES], uint8_t **cp, uint8_t *end)
{
size_t len;
if (mbedtls_asn1_get_tag(cp, end, &len, MBEDTLS_ASN1_INTEGER)) {
return -3;
}
if (len > NUM_ECC_BYTES) {
memcpy(i, *cp + len - NUM_ECC_BYTES, NUM_ECC_BYTES);
} else {
memset(i + NUM_ECC_BYTES, 0, NUM_ECC_BYTES - len);
memcpy(i + NUM_ECC_BYTES - len, *cp, len);
}
*cp += len;
return 0;
}
/*
* Read in signature. Signature has r and s encoded as integers.
*/
static int
tinycrypt_decode_sig(uint8_t signature[NUM_ECC_BYTES * 2], uint8_t *cp, uint8_t *end)
{
int rc;
size_t len;
rc = mbedtls_asn1_get_tag(&cp, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
if (rc) {
return -1;
}
if (cp + len > end) {
return -2;
}
rc = tinycrypt_read_bigint(signature, &cp, end);
if (rc) {
return -3;
}
rc = tinycrypt_read_bigint(signature + NUM_ECC_BYTES, &cp, end);
if (rc) {
return -4;
}
return 0;
}
int
bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, int slen,
uint8_t key_id)
{
int rc;
uint8_t *cp;
uint8_t *end;
uint8_t public_key[2 * NUM_ECC_BYTES];
uint8_t signature[2 * NUM_ECC_BYTES];
cp = (uint8_t *)bootutil_keys[key_id].key;
end = cp + *bootutil_keys[key_id].len;
rc = tinycrypt_import_key(public_key, cp, end);
if (rc) {
return -1;
}
rc = tinycrypt_decode_sig(signature, sig, sig + slen);
if (rc) {
return -1;
}
/*
* This is simplified, as the hash length is also 32 bytes.
*/
if (hlen != NUM_ECC_BYTES) {
return -1;
}
rc = uECC_verify(public_key, hash, NUM_ECC_BYTES, signature, uECC_secp256r1());
if (rc == 1) {
return 0;
} else {
return -2;
}
}
#endif /* MYNEWT_VAL(BOOTUTIL_SIGN_EC256) */