Skip to content

Commit

Permalink
[nrf noup] crypto: ecdsa: Fix shared crypto MCUBoot EXT_ABI
Browse files Browse the repository at this point in the history
After the upmerge using external crypto from NSIB in MCUBoot resulted in
build failures. This commit fixes the build failures but also fixes a
change in the API call which resulted in `-102` error when calling the
verify function.

Ref. NCSDK-23994

Signed-off-by: Sigvart Hovland <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit a0c21e2)
  • Loading branch information
sigvartmh authored and anangl committed Jun 28, 2024
1 parent a42e9cc commit 895c76b
Showing 1 changed file with 23 additions and 20 deletions.
43 changes: 23 additions & 20 deletions boot/bootutil/include/bootutil/crypto/ecdsa.h
Original file line number Diff line number Diff line change
Expand Up @@ -73,15 +73,16 @@

#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
#include <bl_crypto.h>
#define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
#define NUM_ECC_BYTES (256 / 8)
#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */

#ifdef __cplusplus
extern "C" {
#endif

#if (defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_MBED_TLS) || \
defined(MCUBOOT_USE_CC310)) && !defined(MCUBOOT_USE_PSA_CRYPTO)
defined(MCUBOOT_USE_CC310) || defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)) \
&& !defined(MCUBOOT_USE_PSA_CRYPTO)
/*
* Declaring these like this adds NULL termination.
*/
Expand Down Expand Up @@ -622,43 +623,45 @@ static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
#endif /* MCUBOOT_USE_MBED_TLS */

#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
typedef uintptr_t bootutil_ecdsa_p256_context;

static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)
typedef uintptr_t bootutil_ecdsa_context;
static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
{
(void)ctx;
}

static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
{
(void)ctx;
}

static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
uint8_t *pk, size_t pk_len,
uint8_t *hash,
uint8_t *sig, size_t sig_len)
static inline int bootutil_ecdsa_verify(bootutil_ecdsa_context *ctx,
uint8_t *pk, size_t pk_len,
uint8_t *hash, size_t hash_len,
uint8_t *sig, size_t sig_len)
{
(void)ctx;
(void)pk_len;
(void)hash_len;
uint8_t dsig[2 * NUM_ECC_BYTES];

if (bootutil_decode_sig(dsig, sig, sig + sig_len)) {
return -1;
}

/* As described on the compact representation in IETF protocols,
* the first byte of the key defines if the ECC points are
* compressed (0x2 or 0x3) or uncompressed (0x4).
* We only support uncompressed keys.
*/
if (pk[0] != 0x04)
return -1;
/* Only support uncompressed keys. */
if (pk[0] != 0x04) {
return -1;
}
pk++;

pk++;
return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, pk, dsig);
}

return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE,
pk, dsig);
static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
uint8_t **cp,uint8_t *end)
{
(void)ctx;
return bootutil_import_key(cp, end);
}
#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */

Expand Down

0 comments on commit 895c76b

Please sign in to comment.