ED25519 implementation with SHA512 + support to calculate SHA512 directly on storage + PureEdDSA #325
Conversation
michalek-no
changed the title
|
I was finally able to develop the imgtool version that does the single hash ed25519. The problem is that while imgtool is able to verify signed image fine, the MCUboot is not. I am trying to figure out what is happening. |
de-nordic
force-pushed
the
x25519_enc_pure
branch
3 times, most recently
from
4631e1b
to
8c7f38c
Compare
de-nordic
force-pushed
the
x25519_enc_pure
branch
from
cd55052
to
e44f620
Compare
de-nordic
changed the title
de-nordic
force-pushed
the
x25519_enc_pure
branch
from
e44f620
to
6c8f526
Compare
boot/bootutil/zephyr/CMakeLists.txt
Outdated
| target_include_directories(MCUBOOT_BOOTUTIL INTERFACE | ||
| ${ZEPHYR_MBEDTLS_MODULE_DIR}/include | ||
| ) |
boot/zephyr/CMakeLists.txt
Outdated
| zephyr_library_include_directories( | ||
| ${ZEPHYR_MBEDTLS_MODULE_DIR}/include | ||
| ) |
boot/zephyr/Kconfig
Outdated
| @@ -27,6 +27,16 @@ config BOOT_USE_MBEDTLS | |||
| help | |||
| Use mbedTLS for crypto primitives. | |||
|
|
|||
| config BOOT_USE_PSA_CRYPTO | |||
| bool | |||
| # Hidden option | |||
There was a problem hiding this comment.
| # Hidden option |
boot/zephyr/Kconfig
Outdated
| @@ -60,6 +70,58 @@ config NRF_CC310_BL | |||
| bool | |||
| default n | |||
|
|
|||
| if BOOT_USE_PSA_CRYPTO | |||
| config BOOT_PSA_IMG_HASH_ALG_SHA256_DEPENDENCIES | |||
boot/zephyr/Kconfig
Outdated
| Dependencies for ed25519 signature | ||
|
|
||
| if BOOT_ENCRYPT_IMAGE | ||
| config BOOT_X25519_PSA_DEPENDENCIES |
boot/bootutil/src/ed25519_psa.c
Outdated
| const uint8_t signature[64], | ||
| const uint8_t public_key[32]) |
boot/bootutil/src/encrypted_psa.c
Outdated
| &buf[EC_CIPHERKEY_INDEX], | ||
| sizeof(iv_and_key) - PSA_CIPHER_IV_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CTR)); | ||
|
|
||
| /* QQQ: are we sure that enckey has the size proper to fit the key ? */ |
There was a problem hiding this comment.
should these comments be addressed/looked at?
There was a problem hiding this comment.
Removed. The comments are note for improvement, where MCUboot has very poor "management" of various identifiers/constants that are hard to track.
boot/bootutil/src/image_validate.c
Outdated
| @@ -126,6 +128,15 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, | |||
| /* If protected TLVs are present they are also hashed. */ | |||
| size += hdr->ih_protect_tlv_size; | |||
|
|
|||
| #ifdef MCUBOOT_HASH_STORAGE_DIRECTLY | |||
|
|
|||
boot/bootutil/src/image_validate.c
Outdated
| * be directly given to hashing function. | ||
| */ | ||
| bootutil_sha_update(&sha_ctx, (void *)flash_area_get_off(fap), size); | ||
|
|
boot/bootutil/src/image_validate.c
Outdated
| bootutil_sha_update(&sha_ctx, (void *)flash_area_get_off(fap), size); | ||
|
|
||
| #else /* MCUBOOT_HASH_STORAGE_DIRECTLY */ | ||
|
|
boot/bootutil/src/image_ed25519.c
Outdated
| uint8_t *pubkey; | ||
| uint8_t *end; | ||
|
|
||
| if (slen != 64) { |
| uint16_t len; | ||
| int32_t rc; | ||
|
|
||
| rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_SIG_PURE, false); |
There was a problem hiding this comment.
security vulnerability: this can reside in protected or unprotected TLV section, so someone can manipulate an image to either have or not have this from an update that has the inverse - can that cause problems? And why is this not forced to protected area?
There was a problem hiding this comment.
This only indicates that image is build with pure signature, if you turn this off the MCUboot that was build for pure will just not validate image as it expects "pure image"; if you pass image with this to something that does not understand pure, the chances of validation are slim, because it will just try to validate sha against pure signature.
The real reason for this is to be able to distinguish between images, because otherwise you can not tell the signatures apart, when trying to solve issues.
de-nordic
force-pushed
the
x25519_enc_pure
branch
5 times, most recently
from
c81af6d
to
04ae52b
Compare
Use SHA512 directly calculated over image with the ED25519 signature. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
de-nordic
force-pushed
the
x25519_enc_pure
branch
from
04ae52b
to
2fe6162
Compare
boot/bootutil/src/image_validate.c
Outdated
| bootutil_sha_update(&sha_ctx, (void *)flash_area_get_off(fap), size); | ||
|
|
||
| #else /* MCUBOOT_HASH_STORAGE_DIRECTLY */ | ||
|
|
| @@ -137,8 +137,18 @@ | |||
| #endif | |||
|
|
|||
| #ifdef CONFIG_BOOT_DECOMPRESSION | |||
|
|
|||
There was a problem hiding this comment.
Moved after the ifdef, to separate blocks.
boot/bootutil/src/image_validate.c
Outdated
| @@ -566,8 +613,12 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, | |||
| } | |||
|
|
|||
| image_hash_valid = 1; | |||
| break; | |||
| } | |||
| #endif /*def EXPECTED_HASH_TLV */ | |||
There was a problem hiding this comment.
defined(condition) also missing correct conditions
de-nordic
force-pushed
the
x25519_enc_pure
branch
from
2fe6162
to
5c7304a
Compare
| #ifdef MCUBOOT_ENC_IMAGES | ||
| #error "Direct hash check is currently not supported when encrypted images are enabled" | ||
| #endif |
There was a problem hiding this comment.
this check can go really, it's already enforced by Kconfig, doesn't make sense to check for something that isn't possible
There was a problem hiding this comment.
Removed, although I must admit that I do like to check these things also in code, at compile-time.
The commit add support for passing storage device address space to hash calculation functions, which allows to use hardware accelerated hash calculation on storage. This feature only works when image encryption is not enabled and all slots are defined within internal storage of device. The feature is enabled using Kconfig option CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds support for PureEdDSA, which validates signature of image rather than hash. This is most secure, available, ED25519 usage in MCUboot, but due to requirement of PureEdDSA to be able to calculate signature at whole message at once, here image, it only works on setups where entire image can be mapped to device address space, so that PSA functions calculating the signature can see the whole image at once. This option is enabled with Kconfig option: CONFIG_BOOT_SIGNATURE_TYPE_PURE when the ED25519 signature type is already selected. Note that the option will enable SHA512 for calculating public key hash. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
de-nordic
force-pushed
the
x25519_enc_pure
branch
from
5c7304a
to
705739c
Compare
Only top four commits are relevant here, the rest are changes the PR is based on ( #323)
The PR provides:
Note that there is upstream PR for imgtool that supports this changes:
mcu-tools/mcuboot#2063
and PR that reserves the TLV
mcu-tools/mcuboot#2029
in upstream, so that we do not get in conflict with definitions before we are able to upstream the code.
Placed on top of #323