Skip to content

Commit

Permalink
[nrf noup] crypto: ecdsa: Fix shared crypto MCUBoot EXT_ABI
Browse files Browse the repository at this point in the history
After the upmerge using external crypto from NSIB in MCUBoot resulted in
build failures. This commit fixes the build failures but also fixes a
change in the API call which resulted in `-102` error when calling the
verify function.

Ref. NCSDK-23994

Signed-off-by: Sigvart Hovland <[email protected]>
(cherry picked from commit dc0b692)
(cherry picked from commit 2891664)
Signed-off-by: Dominik Ermel <[email protected]>
  • Loading branch information
sigvartmh authored and de-nordic committed Dec 15, 2023
1 parent 4441695 commit 4015754
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 23 deletions.
43 changes: 23 additions & 20 deletions boot/bootutil/include/bootutil/crypto/ecdsa.h
Original file line number Diff line number Diff line change
Expand Up @@ -73,15 +73,16 @@

#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
#include <bl_crypto.h>
#define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
#define NUM_ECC_BYTES (256 / 8)
#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */

#ifdef __cplusplus
extern "C" {
#endif

#if (defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_MBED_TLS) || \
defined(MCUBOOT_USE_CC310)) && !defined(MCUBOOT_USE_PSA_CRYPTO)
defined(MCUBOOT_USE_CC310) || defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)) \
&& !defined(MCUBOOT_USE_PSA_CRYPTO)
/*
* Declaring these like this adds NULL termination.
*/
Expand Down Expand Up @@ -603,43 +604,45 @@ static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
#endif /* MCUBOOT_USE_MBED_TLS */

#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
typedef uintptr_t bootutil_ecdsa_p256_context;

static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)
typedef uintptr_t bootutil_ecdsa_context;
static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
{
(void)ctx;
}

static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
{
(void)ctx;
}

static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
uint8_t *pk, size_t pk_len,
uint8_t *hash,
uint8_t *sig, size_t sig_len)
static inline int bootutil_ecdsa_verify(bootutil_ecdsa_context *ctx,
uint8_t *pk, size_t pk_len,
uint8_t *hash, size_t hash_len,
uint8_t *sig, size_t sig_len)
{
(void)ctx;
(void)pk_len;
(void)hash_len;
uint8_t dsig[2 * NUM_ECC_BYTES];

if (bootutil_decode_sig(dsig, sig, sig + sig_len)) {
return -1;
}

/* As described on the compact representation in IETF protocols,
* the first byte of the key defines if the ECC points are
* compressed (0x2 or 0x3) or uncompressed (0x4).
* We only support uncompressed keys.
*/
if (pk[0] != 0x04)
return -1;
/* Only support uncompressed keys. */
if (pk[0] != 0x04) {
return -1;
}
pk++;

pk++;
return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, pk, dsig);
}

return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE,
pk, dsig);
static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
uint8_t **cp,uint8_t *end)
{
(void)ctx;
return bootutil_import_key(cp, end);
}
#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */

Expand Down
4 changes: 1 addition & 3 deletions boot/zephyr/prj_minimal.conf
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,8 @@ CONFIG_FLASH=y
CONFIG_FPROTECT=y
CONFIG_PM=n

CONFIG_BOOT_ENCRYPT_EC256=n
CONFIG_BOOT_ENCRYPT_RSA=n
CONFIG_BOOT_ENCRYPT_X25519=n
CONFIG_BOOT_SWAP_SAVE_ENCTLV=n
CONFIG_BOOT_ENCRYPT_IMAGE=n

CONFIG_BOOT_BOOTSTRAP=n
CONFIG_BOOT_UPGRADE_ONLY=n
Expand Down

0 comments on commit 4015754

Please sign in to comment.