Skip to content

Commit d6b38d2

Browse files
danielinuxdanielinux
authored
Merge pull request #3 from wolfSSL/ecdsa
support for ECC signature verification
2 parents f4f65ae + de07615 commit d6b38d2

17 files changed

Lines changed: 1003 additions & 124 deletions

File tree

.gitignore

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,13 @@
4949

5050
# automatically generated source files
5151
src/ed25519_pub_key.c
52+
src/ecc256_pub_key.c
53+
54+
# keygen binaries
55+
tools/ed25519/ed25519_sign
56+
tools/ed25519/ed25519_keygen
57+
tools/ecc256/ecc256_sign
58+
tools/ecc256/ecc256_keygen
5259

5360
# Vim swap files
5461
.*.swp

Makefile

Lines changed: 62 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
CROSS_COMPILE:=arm-none-eabi-
22
CC:=$(CROSS_COMPILE)gcc
33
LD:=$(CROSS_COMPILE)gcc
4+
AS:=$(CROSS_COMPILE)gcc
45

56

67
OBJCOPY:=$(CROSS_COMPILE)objcopy
@@ -13,13 +14,14 @@ DEBUG?=0
1314
VTOR?=1
1415
SWAP?=1
1516
CORTEX_M0?=0
17+
NO_ASM=0
1618

1719
LSCRIPT:=hal/$(TARGET).ld
1820

1921
OBJS:= \
2022
./hal/$(TARGET).o \
2123
./src/loader.o \
22-
./src/mem.o \
24+
./src/string.o \
2325
./src/crypto.o \
2426
./src/wolfboot.o \
2527
./src/image.o \
@@ -29,33 +31,68 @@ OBJS:= \
2931
./lib/wolfssl/wolfcrypt/src/wolfmath.o \
3032
./lib/wolfssl/wolfcrypt/src/fe_low_mem.o
3133

34+
3235
ifeq ($(TARGET),samr21)
3336
CORTEX_M0=1
3437
endif
3538

39+
ifeq ($(SIGN),ECC256)
40+
KEYGEN_TOOL=tools/ecc256/ecc256_keygen
41+
SIGN_TOOL=tools/ecc256/ecc256_sign
42+
PRIVATE_KEY=ecc256.der
43+
else
44+
KEYGEN_TOOL=tools/ed25519/ed25519_keygen
45+
SIGN_TOOL=tools/ed25519/ed25519_sign
46+
PRIVATE_KEY=ed25519.der
47+
endif
48+
49+
MATH_OBJS:=./lib/wolfssl/wolfcrypt/src/sp_int.o
50+
51+
52+
3653
ifeq ($(CORTEX_M0),1)
3754
CFLAGS:=-mcpu=cortex-m0
55+
MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_c32.o
3856
else
39-
CFLAGS:=-mcpu=cortex-m3
57+
ifeq ($(NO_ASM),1)
58+
MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_c32.o
59+
CFLAGS:=-mcpu=cortex-m3
60+
else
61+
CFLAGS:=-mcpu=cortex-m3 -DWOLFSSL_SP_ASM -DWOLFSSL_SP_ARM_CORTEX_M_ASM -fomit-frame-pointer
62+
MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_cortexm.o
63+
endif
64+
endif
65+
66+
ifeq ($(FASTMATH),1)
67+
MATH_OBJS:=./lib/wolfssl/wolfcrypt/src/integer.o
68+
CFLAGS+=-DUSE_FAST_MATH
4069
endif
4170

4271
CFLAGS+=-mthumb -Wall -Wextra -Wno-main -Wstack-usage=1024 -ffreestanding -Wno-unused \
4372
-Ilib/bootutil/include -Iinclude/ -Ilib/wolfssl -nostartfiles \
44-
-nostdlib \
4573
-DWOLFSSL_USER_SETTINGS \
74+
-mthumb -mlittle-endian -mthumb-interwork \
4675
-DPLATFORM_$(TARGET)
4776

4877
ifeq ($(SIGN),ED25519)
4978
OBJS+= ./lib/wolfssl/wolfcrypt/src/sha512.o \
5079
./lib/wolfssl/wolfcrypt/src/ed25519.o \
5180
./lib/wolfssl/wolfcrypt/src/ge_low_mem.o \
5281
./src/ed25519_pub_key.o
53-
CFLAGS+=-DWOLFBOOT_SIGN_ED25519
82+
CFLAGS+=-DWOLFBOOT_SIGN_ED25519 -nostdlib -DWOLFSSL_STATIC_MEMORY
83+
LDFLAGS+=-nostdlib
5484
endif
5585

56-
ifeq ($(SIGN),EC256)
57-
OBJS+= ./ext/wolfssl/wolfcrypt/src/ecc.o
58-
CFLAGS+=-DWOLFBOOT_SIGN_EC256
86+
ifeq ($(SIGN),ECC256)
87+
OBJS+= \
88+
$(MATH_OBJS) \
89+
./lib/wolfssl/wolfcrypt/src/ecc.o \
90+
./lib/wolfssl/wolfcrypt/src/ge_low_mem.o \
91+
./lib/wolfssl/wolfcrypt/src/memory.o \
92+
./lib/wolfssl/wolfcrypt/src/wc_port.o \
93+
./src/ecc256_pub_key.o \
94+
./src/xmalloc.o
95+
CFLAGS+=-DWOLFBOOT_SIGN_ECC256 -DXMALLOC_USER
5996
endif
6097

6198
ifeq ($(DEBUG),1)
@@ -68,7 +105,9 @@ ifeq ($(VTOR),0)
68105
CFLAGS+=-DNO_VTOR
69106
endif
70107

71-
LDFLAGS:=-T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles -mcpu=cortex-m3 -mthumb -nostdlib
108+
LDFLAGS:=-T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles -mcpu=cortex-m3 -mthumb
109+
110+
ASFLAGS:=$(CFLAGS)
72111

73112
all: factory.bin
74113

@@ -92,16 +131,22 @@ test-app/image.bin:
92131
tools/ed25519/ed25519_sign:
93132
make -C tools/ed25519
94133

134+
tools/ecc256/ecc256_sign:
135+
make -C tools/ecc256
136+
95137
ed25519.der: tools/ed25519/ed25519_sign
96138
tools/ed25519/ed25519_keygen src/ed25519_pub_key.c
97139

98-
factory.bin: $(BOOT_IMG) wolfboot-align.bin tools/ed25519/ed25519_sign ed25519.der
99-
tools/ed25519/ed25519_sign $(BOOT_IMG) ed25519.der 1
140+
ecc256.der: tools/ecc256/ecc256_sign
141+
tools/ecc256/ecc256_keygen src/ecc256_pub_key.c
142+
143+
factory.bin: $(BOOT_IMG) wolfboot-align.bin $(SIGN_TOOL) $(PRIVATE_KEY)
144+
$(SIGN_TOOL) $(BOOT_IMG) $(PRIVATE_KEY) 1
100145
cat wolfboot-align.bin $(BOOT_IMG).v1.signed > $@
101146

102-
second.img: $(BOOT_IMG) wolfboot-align.bin tools/ed25519/ed25519_sign ed25519.der
103-
tools/ed25519/ed25519_sign $(BOOT_IMG) ed25519.der 1 65536
104-
tools/ed25519/ed25519_sign $(BOOT_IMG) ed25519.der 2
147+
second.img: $(BOOT_IMG) wolfboot-align.bin $(SIGN_TOOL) $(PRIVATE_KEY)
148+
$(SIGN_TOOL) $(BOOT_IMG) $(PRIVATE_KEY) 1 65536
149+
$(SIGN_TOOL) $(BOOT_IMG) $(PRIVATE_KEY) 2
105150
cat wolfboot-align.bin $(BOOT_IMG).v1.signed $(BOOT_IMG).v2.signed > $@
106151

107152
wolfboot.elf: $(OBJS) $(LSCRIPT)
@@ -110,14 +155,16 @@ wolfboot.elf: $(OBJS) $(LSCRIPT)
110155

111156
src/ed25519_pub_key.c: ed25519.der
112157

113-
keys: ed25519.der
158+
src/ecc256_pub_key.c: ecc256.der
114159

160+
keys: $(PRIVATE_KEY)
115161

116162
clean:
117163
rm -f *.bin *.elf $(OBJS) wolfboot.map *.bin *.hex
118164
make -C test-app clean
119165

120166
distclean: clean
121167
make -C tools/ed25519 clean
122-
rm -f *.pem *.der tags ./src/ed25519_pub_key.c
168+
make -C tools/ecc256 clean
169+
rm -f *.pem *.der tags ./src/ed25519_pub_key.c ./src/ecc256_pub_key.c
123170

include/loader.h

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
11
#ifndef LOADER_H
22
#define LOADER_H
33

4-
#if defined(WOLFBOOT_SIGN_EC256)
5-
extern const unsigned char ecdsa_pub_key[];
6-
extern unsigned int ecdsa_pub_key_len;
7-
# define KEY_BUFFER ecdsa_pub_key
8-
# define KEY_LEN ecdsa_pub_key_len
9-
# define IMAGE_SIGNATURE_SIZE (72)
10-
#elif defined(WOLFBOOT_SIGN_ED25519)
4+
#if defined(WOLFBOOT_SIGN_ED25519)
115
extern const unsigned char ed25519_pub_key[];
126
extern unsigned int ed25519_pub_key_len;
137
# define KEY_BUFFER ed25519_pub_key
148
# define KEY_LEN ed25519_pub_key_len
159
# define IMAGE_SIGNATURE_SIZE (64)
10+
#elif defined(WOLFBOOT_SIGN_ECC256)
11+
extern const unsigned char ecc256_pub_key[];
12+
extern unsigned int ecc256_pub_key_len;
13+
# define KEY_BUFFER ecc256_pub_key
14+
# define KEY_LEN ecc256_pub_key_len
15+
# define IMAGE_SIGNATURE_SIZE (64)
1616
#else
1717
# error "No public key available for given signing algorithm."
1818
#endif /* Algorithm selection */

include/user_settings.h

Lines changed: 25 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,8 @@
55
#define NO_DEV_RANDOM
66
#define NO_FILESYSTEM
77
#define NO_MAIN_DRIVER
8-
#define NO_SIG_WRAPPER
98
#define NO_OLD_RNGNAME
10-
#define WOLFSSL_STATIC_MEMORY
9+
1110
//#define WOLFSSL_SMALL_STACK
1211
#define USE_SLOW_SHA512
1312

@@ -21,7 +20,6 @@
2120
# define NO_CERT
2221
# define NO_SESSION_CACHE
2322
# define NO_HC128
24-
# define NO_ASN
2523
# define NO_DES3
2624
# define NO_WOLFSSL_DIR
2725
# define NO_PWDBASED
@@ -32,24 +30,44 @@
3230

3331
#define SMALL_SESSION_CACHE
3432
#define WOLFSSL_DH_CONST
35-
#define WORD64_AVAILABLE
3633
#define TFM_TIMING_RESISTANT
37-
//#define USE_CERT_BUFFERS_2048
3834
#define NO_RC4
3935
#define WOLFCRYPT_ONLY
4036
#define WOLFSSL_NO_SOCK
41-
4237
# define WC_NO_RNG
38+
39+
#ifdef WOLFBOOT_SIGN_ED25519
4340
# define HAVE_ED25519
4441
# define ED25519_SMALL
4542
# define NO_ED25519_SIGN
4643
# define NO_ED25519_EXPORT
4744
# define USE_FAST_MATH
45+
# define WOLFSSL_SHA512
46+
# define NO_ASN
47+
#endif
48+
49+
#ifdef WOLFBOOT_SIGN_ECC256
50+
# define HAVE_ECC
51+
# define FP_ECC
52+
# define HAVE_ECC_VERIFY
53+
# define ECC_ALT_SIZE
54+
# define NO_ECC_SIGN
55+
# define NO_ECC_EXPORT
56+
# define USE_FAST_MATH
57+
# define WOLFSSL_SHA512
58+
# define WOLFSSL_SP_SMALL
59+
# define SP_WORD_SIZE 32
60+
# define WOLFSSL_HAVE_SP_ECC
61+
# define WOLFSSL_SP_MATH
62+
# define NO_ASN
63+
//# define NO_ECC_SIGN
64+
# define NO_ECC_DHE
65+
# define NO_ECC_KEY_EXPORT
66+
#endif
4867

4968
/* AES */
5069
# define NO_AES
5170
# define NO_CMAC
5271
# define NO_CODING
53-
# define WOLFSSL_SHA512
5472
# define NO_BIG_INT
5573
# define NO_RSA

lib/wolfssl

Submodule wolfssl updated 188 files

src/image.c

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,40 @@ static int wolfBoot_verify_signature(uint8_t *hash, uint8_t *sig)
4848
}
4949
#endif
5050

51+
#ifdef WOLFBOOT_SIGN_ECC256
52+
#include <wolfssl/wolfcrypt/ecc.h>
53+
#define ECC_KEY_SIZE 32
54+
#define ECC_SIG_SIZE 64
55+
static int wolfBoot_verify_signature(uint8_t *hash, uint8_t *sig)
56+
{
57+
int ret, res;
58+
mp_int r, s;
59+
ecc_key ecc;
60+
ret = wc_ecc_init(&ecc);
61+
if (ret < 0) {
62+
/* Failed to initialize key */
63+
return -1;
64+
}
65+
/* Import public key */
66+
ret = wc_ecc_import_unsigned(&ecc, KEY_BUFFER, KEY_BUFFER + 32, NULL, ECC_SECP256R1);
67+
if ((ret < 0) || ecc.type != ECC_PUBLICKEY) {
68+
/* Failed to import ecc key */
69+
return -1;
70+
}
71+
72+
/* Import signature into r,s */
73+
mp_init(&r);
74+
mp_init(&s);
75+
mp_read_unsigned_bin(&r, sig, ECC_KEY_SIZE);
76+
mp_read_unsigned_bin(&s, sig + ECC_KEY_SIZE, ECC_KEY_SIZE);
77+
ret = wc_ecc_verify_hash_ex(&r, &s, hash, SHA256_DIGEST_SIZE, &res, &ecc);
78+
if ((ret < 0) || (res == 0)) {
79+
return -1;
80+
}
81+
return 0;
82+
}
83+
#endif
84+
5185

5286
static uint8_t get_header(struct wolfBoot_image *img, uint8_t type, uint8_t **ptr)
5387
{

src/mem.c

Lines changed: 0 additions & 76 deletions
This file was deleted.

0 commit comments

Comments
 (0)