diff --git a/boot/bootutil/include/bootutil/crypto/aes_ctr.h b/boot/bootutil/include/bootutil/crypto/aes_ctr.h index 44190361c..23862825c 100644 --- a/boot/bootutil/include/bootutil/crypto/aes_ctr.h +++ b/boot/bootutil/include/bootutil/crypto/aes_ctr.h @@ -38,7 +38,6 @@ #define BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE TC_AES_BLOCK_SIZE #endif /* MCUBOOT_USE_TINYCRYPT */ - #if defined(MCUBOOT_USE_PSA_CRYPTO) #include #include "bootutil/enc_key_public.h" @@ -73,9 +72,9 @@ static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const } int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, - const uint8_t *m, uint32_t mlen, size_t blk_off, uint8_t *c); + const uint8_t *m, uint32_t mlen, size_t blk_off, uint8_t *c); int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, - const uint8_t *c, uint32_t clen, size_t blk_off, uint8_t *m); + const uint8_t *c, uint32_t clen, size_t blk_off, uint8_t *m); #endif #if defined(MCUBOOT_USE_MBED_TLS) diff --git a/boot/bootutil/include/bootutil/crypto/sha.h b/boot/bootutil/include/bootutil/crypto/sha.h index 6ba8d946d..b83a3ec40 100644 --- a/boot/bootutil/include/bootutil/crypto/sha.h +++ b/boot/bootutil/include/bootutil/crypto/sha.h @@ -70,7 +70,11 @@ #endif /* MCUBOOT_USE_MBED_TLS */ #if defined(MCUBOOT_USE_TINYCRYPT) +#if defined(MCUBOOT_SHA512) + #include +#else #include +#endif #include #endif /* MCUBOOT_USE_TINYCRYPT */ @@ -193,11 +197,19 @@ static inline int bootutil_sha_finish(bootutil_sha_context *ctx, #endif /* MCUBOOT_USE_MBED_TLS */ #if defined(MCUBOOT_USE_TINYCRYPT) +#if defined(MCUBOOT_SHA512) +typedef struct tc_sha512_state_struct bootutil_sha_context; +#else typedef struct tc_sha256_state_struct bootutil_sha_context; +#endif static inline int bootutil_sha_init(bootutil_sha_context *ctx) { +#if defined(MCUBOOT_SHA512) + tc_sha512_init(ctx); +#else tc_sha256_init(ctx); +#endif return 0; } @@ -211,13 +223,21 @@ static inline int bootutil_sha_update(bootutil_sha_context *ctx, const void *data, uint32_t data_len) { +#if defined(MCUBOOT_SHA512) + return tc_sha512_update(ctx, data, data_len); +#else return tc_sha256_update(ctx, data, data_len); +#endif } static inline int bootutil_sha_finish(bootutil_sha_context *ctx, uint8_t *output) { +#if defined(MCUBOOT_SHA512) + return tc_sha512_final(output, ctx); +#else return tc_sha256_final(output, ctx); +#endif } #endif /* MCUBOOT_USE_TINYCRYPT */ diff --git a/boot/bootutil/pkg.yml b/boot/bootutil/pkg.yml index ed6f35810..4a7fabc1c 100644 --- a/boot/bootutil/pkg.yml +++ b/boot/bootutil/pkg.yml @@ -47,6 +47,8 @@ pkg.ign_files.BOOTUTIL_SINGLE_APPLICATION_SLOT: pkg.ign_files: - "ram_load.c" + - "ed25519_psa.c" # Currently no PSA for mynewet + - "encrypted_psa.c" pkg.deps.BOOTUTIL_USE_MBED_TLS: - "@apache-mynewt-core/crypto/mbedtls" diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h index 5592f1a87..5703f627a 100644 --- a/boot/bootutil/src/bootutil_priv.h +++ b/boot/bootutil/src/bootutil_priv.h @@ -267,10 +267,16 @@ struct boot_loader_state { #endif /* MCUBOOT_DIRECT_XIP || MCUBOOT_RAM_LOAD */ }; +/* The function is intended for verification of image hash against + * provided signature. + */ fih_ret bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, uint8_t key_id); -fih_ret bootutil_verify_img(const uint8_t *img, uint32_t size, +/* The function is intended for direct verification of image + * against provided signature. + */ +fih_ret bootutil_verify_img(uint8_t *img, uint32_t size, uint8_t *sig, size_t slen, uint8_t key_id); fih_ret boot_fih_memequal(const void *s1, const void *s2, size_t n); diff --git a/boot/bootutil/src/ed25519_psa.c b/boot/bootutil/src/ed25519_psa.c index 3042eeabf..3e9cf2cbd 100644 --- a/boot/bootutil/src/ed25519_psa.c +++ b/boot/bootutil/src/ed25519_psa.c @@ -1,7 +1,7 @@ /* - * Copyright (c) 2020-2024 Nordic Semiconductor ASA + * Copyright (c) 2025 Nordic Semiconductor ASA * - * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + * SPDX-License-Identifier: Apache-2.0 */ #include #include @@ -38,8 +38,8 @@ BUILD_ASSERT(CONFIG_BOOT_SIGNATURE_KMU_SLOTS <= ARRAY_SIZE(kmu_key_ids), #if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) int ED25519_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[EDDSA_SIGNAGURE_LENGTH], - const uint8_t public_key[EDDSA_KEY_LENGTH]) + const uint8_t signature[EDDSA_SIGNAGURE_LENGTH], + const uint8_t public_key[EDDSA_KEY_LENGTH]) { /* Set to any error */ psa_status_t status = PSA_ERROR_BAD_STATE; diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c index 67fa819bb..8c631d731 100644 --- a/boot/bootutil/src/encrypted.c +++ b/boot/bootutil/src/encrypted.c @@ -3,6 +3,7 @@ * * Copyright (c) 2018-2019 JUUL Labs * Copyright (c) 2019-2024 Arm Limited + * Copyright (c) 2025 Nordic Semiconductor ASA */ #include "mcuboot_config/mcuboot_config.h" @@ -686,7 +687,6 @@ boot_enc_set_key(struct enc_key_data *enc_state, uint8_t slot, return 0; } - bool boot_enc_valid(struct enc_key_data *enc_state, int slot) { diff --git a/boot/bootutil/src/encrypted_psa.c b/boot/bootutil/src/encrypted_psa.c index c3f72884d..441ce94df 100644 --- a/boot/bootutil/src/encrypted_psa.c +++ b/boot/bootutil/src/encrypted_psa.c @@ -1,7 +1,7 @@ /* - * Copyright (c) 2024 Nordic Semiconductor ASA + * Copyright (c) 2025 Nordic Semiconductor ASA * - * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + * SPDX-License-Identifier: Apache-2.0 */ #include "mcuboot_config/mcuboot_config.h" diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c index 07131d1ae..d5aee65bc 100644 --- a/boot/bootutil/src/image_ed25519.c +++ b/boot/bootutil/src/image_ed25519.c @@ -3,27 +3,25 @@ * * Copyright (c) 2019 JUUL Labs * Copyright (c) 2021-2023 Arm Limited + * Copyright (c) 2025 Nordic Semiconductor ASA */ #include #include "mcuboot_config/mcuboot_config.h" -#if defined(CONFIG_NRF_SECURITY) -/* We are not really using the MBEDTLS but need the ASN.1 parsing funcitons */ -#define MBEDTLS_ASN1_PARSE_C -#endif - #ifdef MCUBOOT_SIGN_ED25519 #include "bootutil/sign_key.h" +#if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN) /* We are not really using the MBEDTLS but need the ASN.1 parsing functions */ #define MBEDTLS_ASN1_PARSE_C #include "mbedtls/oid.h" #include "mbedtls/asn1.h" +#include "bootutil/crypto/common.h" +#endif #include "bootutil_priv.h" -#include "bootutil/crypto/common.h" #include "bootutil/crypto/sha.h" #define EDDSA_SIGNATURE_LENGTH 64 @@ -34,12 +32,12 @@ extern int ED25519_verify(const uint8_t *message, size_t message_len, const uint8_t public_key[NUM_ED25519_BYTES]); #if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) - -static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70"; - +#if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN) /* * Parse the public key used for signing. */ +static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70"; + static int bootutil_import_key(uint8_t **cp, uint8_t *end) { @@ -75,11 +73,19 @@ bootutil_import_key(uint8_t **cp, uint8_t *end) return 0; } +#endif /* !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN) */ #endif -fih_ret -bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, - uint8_t key_id) +/* Signature verification base function. + * The function takes buffer of specified length and tries to verify + * it against provided signature. + * The function does key import and checks whether signature is + * of expected length. + */ +static fih_ret +bootutil_verify(uint8_t *buf, uint32_t blen, + uint8_t *sig, size_t slen, + uint8_t key_id) { int rc; FIH_DECLARE(fih_rc, FIH_FAILURE); @@ -88,7 +94,7 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, uint8_t *end; #endif - if (hlen != IMAGE_HASH_SIZE || slen != EDDSA_SIGNATURE_LENGTH) { + if (slen != EDDSA_SIGNATURE_LENGTH) { FIH_SET(fih_rc, FIH_FAILURE); goto out; } @@ -97,14 +103,29 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, pubkey = (uint8_t *)bootutil_keys[key_id].key; end = pubkey + *bootutil_keys[key_id].len; +#if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN) rc = bootutil_import_key(&pubkey, end); if (rc) { FIH_SET(fih_rc, FIH_FAILURE); goto out; } +#else + /* Directly use the key contents from the ASN stream, + * these are the last NUM_ED25519_BYTES. + * There is no check whether this is the correct key, + * here, by the algorithm selected. + */ + if (*bootutil_keys[key_id].len < NUM_ED25519_BYTES) { + FIH_SET(fih_rc, FIH_FAILURE); + goto out; + } + + pubkey = end - NUM_ED25519_BYTES; +#endif + #endif - rc = ED25519_verify(hash, IMAGE_HASH_SIZE, sig, pubkey); + rc = ED25519_verify(buf, blen, sig, pubkey); if (rc == 0) { /* if verify returns 0, there was an error. */ @@ -118,43 +139,43 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, FIH_RET(fih_rc); } +/* Hash signature verification function. + * Verifies hash against provided signature. + * The function verifies that hash is of expected size and then + * calls bootutil_verify to do the signature verification. + */ fih_ret -bootutil_verify_img(const uint8_t *img, uint32_t size, - uint8_t *sig, size_t slen, uint8_t key_id) +bootutil_verify_sig(uint8_t *hash, uint32_t hlen, + uint8_t *sig, size_t slen, + uint8_t key_id) { - int rc; FIH_DECLARE(fih_rc, FIH_FAILURE); - uint8_t *pubkey = NULL; -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) - uint8_t *end; -#endif - if (slen != EDDSA_SIGNATURE_LENGTH) { + if (hlen != IMAGE_HASH_SIZE) { FIH_SET(fih_rc, FIH_FAILURE); goto out; } -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) - pubkey = (uint8_t *)bootutil_keys[key_id].key; - end = pubkey + *bootutil_keys[key_id].len; + FIH_CALL(bootutil_verify, fih_rc, hash, IMAGE_HASH_SIZE, sig, + slen, key_id); - rc = bootutil_import_key(&pubkey, end); - if (rc) { - FIH_SET(fih_rc, FIH_FAILURE); - goto out; - } -#endif - - rc = ED25519_verify(img, size, sig, pubkey); +out: + FIH_RET(fih_rc); +} - if (rc == 0) { - /* if verify returns 0, there was an error. */ - FIH_SET(fih_rc, FIH_FAILURE); - goto out; - } +/* Image verification function. + * The function directly calls bootutil_verify to verify signature + * of image. + */ +fih_ret +bootutil_verify_img(uint8_t *img, uint32_t size, + uint8_t *sig, size_t slen, + uint8_t key_id) +{ + FIH_DECLARE(fih_rc, FIH_FAILURE); - FIH_SET(fih_rc, FIH_SUCCESS); -out: + FIH_CALL(bootutil_verify, fih_rc, img, size, sig, + slen, key_id); FIH_RET(fih_rc); } diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index 64983b318..6f1cbc568 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -392,25 +392,26 @@ static int bootutil_check_for_pure(const struct image_header *hdr, rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_SIG_PURE, false); if (rc) { - return rc; + return -1; } /* Search for the TLV */ rc = bootutil_tlv_iter_next(&it, &off, &len, NULL); if (rc == 0 && len == 1) { - bool val; + uint8_t val; - rc = LOAD_IMAGE_DATA(hdr, fap, off, &val, 1); + rc = LOAD_IMAGE_DATA(hdr, fap, off, &val, sizeof(val)); if (rc == 0) { - rc = !val; + return (val == 1) ? 0 : 1; + } else { + return -1; } } - return rc; + return 1; } #endif - #ifndef ALLOW_ROGUE_TLVS /* * The following list of TLVs are the only entries allowed in the unprotected diff --git a/boot/bootutil/zephyr/CMakeLists.txt b/boot/bootutil/zephyr/CMakeLists.txt index d5364d025..44f78f395 100644 --- a/boot/bootutil/zephyr/CMakeLists.txt +++ b/boot/bootutil/zephyr/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2020 Nordic Semiconductor ASA +# Copyright (c) 2020-2025 Nordic Semiconductor ASA # # SPDX-License-Identifier: Apache-2.0 @@ -40,7 +40,7 @@ if(CONFIG_BOOT_USE_PSA_CRYPTO) ) endif() -if(CONFIG_BOOT_USE_MBEDTLS OR CONFIG_BOOT_USE_PSA_CRYPTO AND NOT CONFIG_PSA_CORE_OBERON) +if(CONFIG_BOOT_USE_MBEDTLS OR CONFIG_BOOT_USE_PSA_CRYPTO AND NOT CONFIG_NRF_SECURITY) zephyr_link_libraries(mbedTLS) endif() endif() diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 596e698b3..537a7580c 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -1,7 +1,7 @@ # CMakeLists.txt for building mcuboot as a Zephyr project # # Copyright (c) 2017 Open Source Foundries Limited -# Copyright (c) 2023 Nordic Semiconductor ASA +# Copyright (c) 2023-2025 Nordic Semiconductor ASA # # SPDX-License-Identifier: Apache-2.0 @@ -25,8 +25,10 @@ assert_exists(TINYCRYPT_SHA512_DIR) set(FIAT_DIR "${MCUBOOT_DIR}/ext/fiat") assert_exists(FIAT_DIR) # Path to mbed-tls' asn1 parser library. -set(MBEDTLS_ASN1_DIR "${MCUBOOT_DIR}/ext/mbedtls-asn1") -assert_exists(MBEDTLS_ASN1_DIR) +if(NOT CONFIG_MBEDTLS_BUILTIN AND NOT CONFIG_BOOT_KEY_IMPORT_BYPASS_ASN) + set(MBEDTLS_ASN1_DIR "${MCUBOOT_DIR}/ext/mbedtls-asn1") + assert_exists(MBEDTLS_ASN1_DIR) +endif() set(MCUBOOT_NRF_EXT_DIR "${MCUBOOT_DIR}/ext/nrf") if(CONFIG_BOOT_USE_NRF_CC310_BL) @@ -163,14 +165,16 @@ if(CONFIG_BOOT_RAM_LOAD OR CONFIG_SINGLE_APPLICATION_SLOT_RAM_LOAD) endif() if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256) - zephyr_library_include_directories( - ${MBEDTLS_ASN1_DIR}/include + if(MBEDTLS_ASN1_DIR) + zephyr_library_include_directories( + ${MBEDTLS_ASN1_DIR}/include ) - zephyr_library_sources( - # Additionally pull in just the ASN.1 parser from mbedTLS. - ${MBEDTLS_ASN1_DIR}/src/asn1parse.c - ${MBEDTLS_ASN1_DIR}/src/platform_util.c + zephyr_library_sources( + # Additionally pull in just the ASN.1 parser from mbedTLS. + ${MBEDTLS_ASN1_DIR}/src/asn1parse.c + ${MBEDTLS_ASN1_DIR}/src/platform_util.c ) + endif() if(CONFIG_BOOT_USE_TINYCRYPT) # When using ECDSA signatures, pull in our copy of the tinycrypt library. zephyr_library_include_directories( @@ -222,8 +226,17 @@ elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA) endif() elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519) if(CONFIG_BOOT_USE_TINYCRYPT) + if(MBEDTLS_ASN1_DIR) + zephyr_library_include_directories( + ${MBEDTLS_ASN1_DIR}/include + ) + zephyr_library_sources( + # Additionally pull in just the ASN.1 parser from mbedTLS. + ${MBEDTLS_ASN1_DIR}/src/asn1parse.c + ${MBEDTLS_ASN1_DIR}/src/platform_util.c + ) + endif() zephyr_library_include_directories( - ${MBEDTLS_ASN1_DIR}/include ${BOOT_DIR}/zephyr/include ${TINYCRYPT_DIR}/include ${TINYCRYPT_SHA512_DIR}/include @@ -232,9 +245,6 @@ elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519) ${TINYCRYPT_DIR}/source/sha256.c ${TINYCRYPT_DIR}/source/utils.c ${TINYCRYPT_SHA512_DIR}/source/sha512.c - # Additionally pull in just the ASN.1 parser from mbedTLS. - ${MBEDTLS_ASN1_DIR}/src/asn1parse.c - ${MBEDTLS_ASN1_DIR}/src/platform_util.c ) zephyr_library_compile_definitions( MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h" diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 1632e6a34..a2614917b 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -29,10 +29,7 @@ config BOOT_USE_MBEDTLS config BOOT_USE_PSA_CRYPTO bool - default y if NRF_SECURITY - # This is counter intuitive but that is how PSA heap is enabled. - select MBEDTLS_ENABLE_HEAP - select MBEDTLS_PSA_CRYPTO_C + # Hidden option help Hidden option set if using PSA crypt for cryptography functionality @@ -69,6 +66,15 @@ config NRF_CC310_BL bool default n +if BOOT_USE_MBEDTLS && MBEDTLS_BUILTIN + +config BOOT_AES_MBEDTLS_DEPENDENCIES + bool + select MBEDTLS_CIPHER_AES_ENABLED + select MBEDTLS_CIPHER_MODE_CTR_ENABLED + +endif + if BOOT_USE_PSA_CRYPTO config BOOT_PSA_IMG_HASH_ALG_SHA256_DEPENDENCIES @@ -80,10 +86,11 @@ config BOOT_PSA_IMG_HASH_ALG_SHA256_DEPENDENCIES config BOOT_ED25519_PSA_DEPENDENCIES bool - select PSA_WANT_ALG_SHA_256 if BOOT_IMG_HASH_ALG_SHA256 + select PSA_WANT_ALG_SHA_256 select PSA_WANT_ALG_SHA_512 select PSA_WANT_ALG_PURE_EDDSA select PSA_WANT_ECC_TWISTED_EDWARDS_255 + select PSA_WANT_ECC_MONTGOMERY_255 select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT help Dependencies for ed25519 signature @@ -154,13 +161,13 @@ config BOOT_IMG_HASH_DIRECTLY_ON_STORAGE to address space or RAM area, enabling this option allows hash calculation functions to directly access the storage through that address space or using its own DMA. This reduces flash read overhead done - by the MCUboot. + by MCUboot. Notes: - not supported when encrypted images are in use, because calculating - SHA requires image to be decrypted first, which is done to RAM. + SHA requires image to be decrypted first, which is done in RAM. - currently only supported on internal storage of devices; this option will not work with devices that use external storage for - either of image slots. + either of the image slots. choice BOOT_IMG_HASH_ALG prompt "Selected image hash algorithm" @@ -214,8 +221,13 @@ config BOOT_SIGNATURE_TYPE_RSA bool "RSA signatures" select BOOT_USE_MBEDTLS select MBEDTLS + select MBEDTLS_ASN1_PARSE_C if MBEDTLS_BUILTIN + select MBEDTLS_KEY_EXCHANGE_RSA_ENABLED if MBEDTLS_BUILTIN + select MBEDTLS_PLATFORM_NO_STD_FUNCTIONS if MBEDTLS_BUILTIN + select MBEDTLS_PLATFORM_SNPRINTF_ALT if MBEDTLS_BUILTIN select BOOT_ENCRYPTION_SUPPORT select BOOT_IMG_HASH_ALG_SHA256_ALLOW + select BOOT_AES_MBEDTLS_DEPENDENCIES if MBEDTLS_BUILTIN && BOOT_ENCRYPT_IMAGE if BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_RSA_LEN @@ -253,14 +265,12 @@ config BOOT_SIGNATURE_TYPE_ED25519 select BOOT_ENCRYPTION_SUPPORT if !BOOT_SIGNATURE_TYPE_PURE select BOOT_IMG_HASH_ALG_SHA256_ALLOW if !BOOT_SIGNATURE_TYPE_PURE # The SHA is used only for key hashing, not for images. - select BOOT_IMG_HASH_ALG_SHA512_ALLOW if BOOT_USE_PSA_CRYPTO select BOOT_SIGNATURE_TYPE_PURE_ALLOW help This is ed25519 signature calculated over SHA512 of SHA256 of application - image; that is not completely correct approach as the SHA512 should be - rather directly calculated over an image. - Select BOOT_SIGNATURE_TYPE_PURE to have a PureEdDSA calculating image - signature directly on image, rather than hash of the image. + image. + To check signature over entire image directly, rather than hash, + select BOOT_SIGNATURE_TYPE_PURE. if BOOT_SIGNATURE_TYPE_ED25519 @@ -269,36 +279,56 @@ config BOOT_SIGNATURE_TYPE_PURE depends on BOOT_SIGNATURE_TYPE_PURE_ALLOW help The Pure signature is calculated directly over image rather than - hash of an image. - This is more secure signature, specifically if hardware can do the - verification without need to share key. - Note that this requires that all slots for which signature is to be - verified need to be accessible through memory address space that - cryptography can access. + hash of an image, as the BOOT_SIGNATURE_TYPE_ED25519 does by + default. + Image to be verified needs to be accessible through memory address + space that cryptography functions can access via pointers. choice BOOT_ED25519_IMPLEMENTATION prompt "Ecdsa implementation" + default BOOT_ED25519_PSA if NRF_SECURITY default BOOT_ED25519_TINYCRYPT config BOOT_ED25519_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT - depends on !NRF_SECURITY + select BOOT_IMG_HASH_ALG_SHA256_ALLOW + select BOOT_IMG_HASH_ALG_SHA512_ALLOW config BOOT_ED25519_MBEDTLS bool "Use mbedTLS" select BOOT_USE_MBEDTLS + select BOOT_IMG_HASH_ALG_SHA256_ALLOW + select BOOT_IMG_HASH_ALG_SHA512_ALLOW select MBEDTLS - depends on !NRF_SECURITY + select MBEDTLS_SHA512 + select MBEDTLS_ASN1_PARSE_C if MBEDTLS_BUILTIN && !BOOT_KEY_IMPORT_BYPASS_ASN + select BOOT_AES_MBEDTLS_DEPENDENCIES if MBEDTLS_BUILTIN && BOOT_ENCRYPT_IMAGE config BOOT_ED25519_PSA bool "Use PSA crypto" depends on NRF_SECURITY select BOOT_USE_PSA_CRYPTO + select PSA_CRYPTO_CLIENT + select PSA_CRYPTO_C + select MBEDTLS_PSA_CRYPTO_C + select MBEDTLS_ASN1_PARSE_C if MBEDTLS_BUILTIN + select MBEDTLS_ENABLE_HEAP + select BOOT_IMG_HASH_ALG_SHA256_ALLOW + select BOOT_IMG_HASH_ALG_SHA512_ALLOW select BOOT_ED25519_PSA_DEPENDENCIES select BOOT_X25519_PSA_DEPENDENCIES if BOOT_ENCRYPT_IMAGE endchoice + +config BOOT_KEY_IMPORT_BYPASS_ASN + bool "Directly access key value without ASN.1 parsing" + help + Originally, public keys compiled into MCUboot were + stored in ASN.1 encoded format. Enabling this option + bypasses the ASN.1 decoding and directly accesses the key + in ASN.1 bitstream; this reduces MCUboot code by removing + the ASN.1 processing. endif endchoice @@ -380,10 +410,11 @@ config MBEDTLS config NRF_SECURITY select MBEDTLS_PROMPTLESS -if MBEDTLS +if MBEDTLS || NRF_SECURITY config MBEDTLS_CFG_FILE - default "mcuboot-mbedtls-cfg.h" if !NRF_SECURITY + default "config-tls-generic.h" if MBEDTLS_BUILTIN || BOOT_USE_PSA_CRYPTO + default "mcuboot-mbedtls-cfg.h" if BOOT_USE_MBEDTLS && !NRF_SECURITY endif diff --git a/boot/zephyr/include/mcuboot-mbedtls-cfg.h b/boot/zephyr/include/mcuboot-mbedtls-cfg.h index a46fbb09f..2bab537d7 100644 --- a/boot/zephyr/include/mcuboot-mbedtls-cfg.h +++ b/boot/zephyr/include/mcuboot-mbedtls-cfg.h @@ -23,7 +23,7 @@ #if defined(CONFIG_BOOT_SIGNATURE_TYPE_RSA) || defined(CONFIG_BOOT_ENCRYPT_RSA) #include "config-rsa.h" -#elif defined(CONFIG_BOOT_USE_PSA_CRYPTO) || defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) || \ +#elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) || \ defined(CONFIG_BOOT_ENCRYPT_EC256) || \ (defined(CONFIG_BOOT_ENCRYPT_X25519) && !defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)) #include "config-asn1.h" diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index 36b5faa42..01a9439aa 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -34,6 +34,10 @@ # error "One crypto library implementation allowed at a time." #endif +#if defined(CONFIG_BOOT_KEY_IMPORT_BYPASS_ASN) +#define MCUBOOT_KEY_IMPORT_BYPASS_ASN +#endif + #ifdef CONFIG_BOOT_USE_MBEDTLS #define MCUBOOT_USE_MBED_TLS #elif defined(CONFIG_BOOT_USE_TINYCRYPT) @@ -148,8 +152,8 @@ #define MCUBOOT_DECOMPRESS_IMAGES #endif -/* Invoke hashing functions directly on storage. This requires for device - * to be able to map storage to address space or RAM. +/* Invoke hashing functions directly on storage device. This requires the device + * be able to map storage to address space or RAM. */ #ifdef CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE #define MCUBOOT_HASH_STORAGE_DIRECTLY diff --git a/docs/design.md b/docs/design.md index 7fa06fe6b..b1979a7c2 100755 --- a/docs/design.md +++ b/docs/design.md @@ -111,6 +111,8 @@ struct image_tlv { #define IMAGE_TLV_ECDSA_SIG 0x22 /* ECDSA of hash output */ #define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */ #define IMAGE_TLV_ED25519 0x24 /* ED25519 of hash output */ +#define IMAGE_TLV_SIG_PURE 0x25 /* If true then any signature found has been + calculated over image directly. */ #define IMAGE_TLV_ENC_RSA2048 0x30 /* Key encrypted with RSA-OAEP-2048 */ #define IMAGE_TLV_ENC_KW 0x31 /* Key encrypted with AES-KW-128 or 256 */