[PATCH v5 0/5] Enable ECDSA FIT verification for stm32mp
This series is based on the following: "[PATCH 00/18] image: Reduce #ifdef abuse in image code"
This rebase is awesome because we don't need to change #defines in common code or rely on hidden #ifdefs.
Q: Will there be a software-only implementation of ECDSA ? A: That is the goal, so that we can have more extensive testing with the sandbox. I don not have the bandwidth to implement it. There has been an initial poer of software ecdsa here: https://github.com/timr11/u-boot/tree/ecdsa-vrf-1
Q: Can more code be shared with the RSA verification path? A: Probably yes. Mostly having to do with parsing the "/signature" node and "key-name-hint"s in the u-boot FDT. Although there isn't any copypasted RSA code, or code with substantial similarity.
Changes since v4: - Use U_BOOT_CRYPTO_ALGO() to add ECDSA to .u_boot_list - No need to #define IMAGE_ENABLE_VERIFY_ECDSA - Use ut_asserteq(x, -ENODEV) instead of ut_assert(x == -ENODEV)
Changes since v3: - Remove unused ecdsa_check_key() function
Changes since v2: - Spell out "elliptic curve" in Kconfig (Although RSA isn't spelled out)
Changes since v1: - Add test to make sure the UCLASS is enabled - Fix check against wrong sig_len in ecdsa_romapi.c - s/U_BOOT_DEVICE/U_BOOT_DRVINFO/ - Use "if(!ret)" instead of "if (ret == 0)" - Use uclass_first_device_err() instead of uclass_first_device() - Make sure #includes are correctly alphabetized
Alexandru Gagniuc (5): dm: crypto: Define UCLASS API for ECDSA signature verification lib: ecdsa: Implement UCLASS_ECDSA verification on target arm: stm32mp1: Implement ECDSA signature verification Kconfig: FIT_SIGNATURE should not select RSA_VERIFY test: dm: Add test for ECDSA UCLASS support
arch/arm/mach-stm32mp/Kconfig | 9 ++ arch/arm/mach-stm32mp/Makefile | 1 + arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 ++++++++++++++++++++ common/Kconfig.boot | 8 +- configs/sandbox_defconfig | 2 + include/crypto/ecdsa-uclass.h | 39 ++++++++ include/dm/uclass-id.h | 1 + lib/Kconfig | 1 + lib/Makefile | 1 + lib/ecdsa/Kconfig | 23 +++++ lib/ecdsa/Makefile | 1 + lib/ecdsa/ecdsa-verify.c | 134 +++++++++++++++++++++++++++ test/dm/Makefile | 1 + test/dm/ecdsa.c | 39 ++++++++ 14 files changed, 358 insertions(+), 4 deletions(-) create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c create mode 100644 include/crypto/ecdsa-uclass.h create mode 100644 lib/ecdsa/Kconfig create mode 100644 lib/ecdsa/Makefile create mode 100644 lib/ecdsa/ecdsa-verify.c create mode 100644 test/dm/ecdsa.c
Define a UCLASS API for verifying ECDSA signatures. Unlike UCLASS_MOD_EXP, which focuses strictly on modular exponentiation, the ECDSA class focuses on verification. This is done so that it better aligns with mach-specific implementations, such as stm32mp.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com --- include/crypto/ecdsa-uclass.h | 39 +++++++++++++++++++++++++++++++++++ include/dm/uclass-id.h | 1 + 2 files changed, 40 insertions(+) create mode 100644 include/crypto/ecdsa-uclass.h
diff --git a/include/crypto/ecdsa-uclass.h b/include/crypto/ecdsa-uclass.h new file mode 100644 index 0000000000..189843820a --- /dev/null +++ b/include/crypto/ecdsa-uclass.h @@ -0,0 +1,39 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2020, Alexandru Gagniuc mr.nuke.me@gmail.com + */ + +#include <dm/device.h> + +/** + * struct ecdsa_public_key - ECDSA public key properties + * + * The struct has pointers to the (x, y) curve coordinates to an ECDSA public + * key, as well as the name of the ECDSA curve. The size of the key is inferred + * from the 'curve_name' + */ +struct ecdsa_public_key { + const char *curve_name; /* Name of curve, e.g. "prime256v1" */ + const void *x; /* x coordinate of public key */ + const void *y; /* y coordinate of public key */ + unsigned int size_bits; /* key size in bits, derived from curve name */ +}; + +struct ecdsa_ops { + /** + * Verify signature of hash against given public key + * + * @dev: ECDSA Device + * @pubkey: ECDSA public key + * @hash: Hash of binary image + * @hash_len: Length of hash in bytes + * @signature: Signature in a raw (R, S) point pair + * @sig_len: Length of signature in bytes + * + * This function verifies that the 'signature' of the given 'hash' was + * signed by the private key corresponding to 'pubkey'. + */ + int (*verify)(struct udevice *dev, const struct ecdsa_public_key *pubkey, + const void *hash, size_t hash_len, + const void *signature, size_t sig_len); +}; diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h index d800f679d5..2a32809669 100644 --- a/include/dm/uclass-id.h +++ b/include/dm/uclass-id.h @@ -47,6 +47,7 @@ enum uclass_id { UCLASS_DSI_HOST, /* Display Serial Interface host */ UCLASS_DMA, /* Direct Memory Access */ UCLASS_DSA, /* Distributed (Ethernet) Switch Architecture */ + UCLASS_ECDSA, /* Elliptic curve cryptographic device */ UCLASS_EFI, /* EFI managed devices */ UCLASS_ETH, /* Ethernet device */ UCLASS_ETH_PHY, /* Ethernet PHY device */
Hi Alex,
On Mon, 17 May 2021 at 12:39, Alexandru Gagniuc mr.nuke.me@gmail.com wrote:
Define a UCLASS API for verifying ECDSA signatures. Unlike UCLASS_MOD_EXP, which focuses strictly on modular exponentiation, the ECDSA class focuses on verification. This is done so that it better aligns with mach-specific implementations, such as stm32mp.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com
include/crypto/ecdsa-uclass.h | 39 +++++++++++++++++++++++++++++++++++ include/dm/uclass-id.h | 1 + 2 files changed, 40 insertions(+) create mode 100644 include/crypto/ecdsa-uclass.h
We cannot have a uclass with a test. You should implement at least a trivial test for this uclass, with a sandbox driver.
Regards, Simon
Implement the crypto_algo .verify() function for ecdsa256. Because it backends on UCLASS_ECDSA, this change is focused on parsing the keys from devicetree and passing this information to the specific UCLASS driver.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com --- lib/Kconfig | 1 + lib/Makefile | 1 + lib/ecdsa/Kconfig | 23 +++++++ lib/ecdsa/Makefile | 1 + lib/ecdsa/ecdsa-verify.c | 134 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 160 insertions(+) create mode 100644 lib/ecdsa/Kconfig create mode 100644 lib/ecdsa/Makefile create mode 100644 lib/ecdsa/ecdsa-verify.c
diff --git a/lib/Kconfig b/lib/Kconfig index 6d2d41de30..8719a51baa 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -295,6 +295,7 @@ config AES supported by the algorithm but only a 128-bit key is supported at present.
+source lib/ecdsa/Kconfig source lib/rsa/Kconfig source lib/crypto/Kconfig
diff --git a/lib/Makefile b/lib/Makefile index 6825671955..2c7c145a27 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -60,6 +60,7 @@ endif
obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/ obj-$(CONFIG_$(SPL_)MD5) += md5.o +obj-$(CONFIG_ECDSA) += ecdsa/ obj-$(CONFIG_$(SPL_)RSA) += rsa/ obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o obj-$(CONFIG_SHA1) += sha1.o diff --git a/lib/ecdsa/Kconfig b/lib/ecdsa/Kconfig new file mode 100644 index 0000000000..a95c4ff581 --- /dev/null +++ b/lib/ecdsa/Kconfig @@ -0,0 +1,23 @@ +config ECDSA + bool "Enable ECDSA support" + depends on DM + help + This enables the ECDSA (elliptic curve signature) algorithm for FIT + image verification in U-Boot. The ECDSA algorithm is implemented + using the driver model, so CONFIG_DM is required by this library. + See doc/uImage.FIT/signature.txt for more details. + ECDSA is enabled for mkimage regardless of this option. + +if ECDSA + +config ECDSA_VERIFY + bool "Enable ECDSA verification support in U-Boot." + help + Allow ECDSA signatures to be recognized and verified in U-Boot. + +config SPL_ECDSA_VERIFY + bool "Enable ECDSA verification support in SPL" + help + Allow ECDSA signatures to be recognized and verified in SPL. + +endif diff --git a/lib/ecdsa/Makefile b/lib/ecdsa/Makefile new file mode 100644 index 0000000000..771d6d3135 --- /dev/null +++ b/lib/ecdsa/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_$(SPL_)ECDSA_VERIFY) += ecdsa-verify.o diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c new file mode 100644 index 0000000000..0601700c4f --- /dev/null +++ b/lib/ecdsa/ecdsa-verify.c @@ -0,0 +1,134 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * ECDSA signature verification for u-boot + * + * This implements the firmware-side wrapper for ECDSA verification. It bridges + * the struct crypto_algo API to the ECDSA uclass implementations. + * + * Copyright (c) 2020, Alexandru Gagniuc mr.nuke.me@gmail.com + */ + +#include <crypto/ecdsa-uclass.h> +#include <dm/uclass.h> +#include <u-boot/ecdsa.h> + +/* + * Derive size of an ECDSA key from the curve name + * + * While it's possible to extract the key size by using string manipulation, + * use a list of known curves for the time being. + */ +static int ecdsa_key_size(const char *curve_name) +{ + if (!strcmp(curve_name, "prime256v1")) + return 256; + else + return 0; +} + +static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node) +{ + int x_len, y_len; + + key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL); + key->size_bits = ecdsa_key_size(key->curve_name); + if (key->size_bits == 0) { + debug("Unknown ECDSA curve '%s'", key->curve_name); + return -EINVAL; + } + + key->x = fdt_getprop(fdt, node, "ecdsa,x-point", &x_len); + key->y = fdt_getprop(fdt, node, "ecdsa,y-point", &y_len); + + if (!key->x || !key->y) + return -EINVAL; + + if (x_len != (key->size_bits / 8) || y_len != (key->size_bits / 8)) { + printf("%s: node=%d, curve@%p x@%p+%i y@%p+%i\n", __func__, + node, key->curve_name, key->x, x_len, key->y, y_len); + return -EINVAL; + } + + return 0; +} + +static int ecdsa_verify_hash(struct udevice *dev, + const struct image_sign_info *info, + const void *hash, const void *sig, uint sig_len) +{ + const struct ecdsa_ops *ops = device_get_ops(dev); + const struct checksum_algo *algo = info->checksum; + struct ecdsa_public_key key; + int sig_node, key_node, ret; + + if (!ops || !ops->verify) + return -ENODEV; + + if (info->required_keynode > 0) { + ret = fdt_get_key(&key, info->fdt_blob, info->required_keynode); + if (ret < 0) + return ret; + + return ops->verify(dev, &key, hash, algo->checksum_len, + sig, sig_len); + } + + sig_node = fdt_subnode_offset(info->fdt_blob, 0, FIT_SIG_NODENAME); + if (sig_node < 0) + return -ENOENT; + + /* Try all possible keys under the "/signature" node */ + fdt_for_each_subnode(key_node, info->fdt_blob, sig_node) { + ret = fdt_get_key(&key, info->fdt_blob, key_node); + if (ret < 0) + continue; + + ret = ops->verify(dev, &key, hash, algo->checksum_len, + sig, sig_len); + + /* On success, don't worry about remaining keys */ + if (!ret) + return 0; + } + + return -EPERM; +} + +int ecdsa_verify(struct image_sign_info *info, + const struct image_region region[], int region_count, + uint8_t *sig, uint sig_len) +{ + const struct checksum_algo *algo = info->checksum; + uint8_t hash[algo->checksum_len]; + struct udevice *dev; + int ret; + + ret = uclass_first_device_err(UCLASS_ECDSA, &dev); + if (ret) { + debug("ECDSA: Could not find ECDSA implementation: %d\n", ret); + return ret; + } + + ret = algo->calculate(algo->name, region, region_count, hash); + if (ret < 0) + return -EINVAL; + + return ecdsa_verify_hash(dev, info, hash, sig, sig_len); +} + +U_BOOT_CRYPTO_ALGO(ecdsa) = { + .name = "ecdsa256", + .key_len = ECDSA256_BYTES, + .verify = ecdsa_verify, +}; + +/* + * uclass definition for ECDSA API + * + * We don't implement any wrappers around ecdsa_ops->verify() because it's + * trivial to call ops->verify(). + */ +UCLASS_DRIVER(ecdsa) = { + .id = UCLASS_ECDSA, + .name = "ecdsa_verifier", +};
On Mon, 17 May 2021 at 12:39, Alexandru Gagniuc mr.nuke.me@gmail.com wrote:
Implement the crypto_algo .verify() function for ecdsa256. Because it backends on UCLASS_ECDSA, this change is focused on parsing the keys from devicetree and passing this information to the specific UCLASS driver.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com
lib/Kconfig | 1 + lib/Makefile | 1 + lib/ecdsa/Kconfig | 23 +++++++ lib/ecdsa/Makefile | 1 + lib/ecdsa/ecdsa-verify.c | 134 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 160 insertions(+) create mode 100644 lib/ecdsa/Kconfig create mode 100644 lib/ecdsa/Makefile create mode 100644 lib/ecdsa/ecdsa-verify.c
Reviewed-by: Simon Glass sjg@chromium.org
The STM32MP ROM provides several service. One of them is the ability to verify ecdsa256 signatures. Hook the ROM API into the ECDSA uclass.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com --- arch/arm/mach-stm32mp/Kconfig | 9 +++ arch/arm/mach-stm32mp/Makefile | 1 + arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 +++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c
diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig index 7c25266f33..b47fbbb97b 100644 --- a/arch/arm/mach-stm32mp/Kconfig +++ b/arch/arm/mach-stm32mp/Kconfig @@ -172,6 +172,15 @@ config STM32_ETZPC help Say y to enable STM32 Extended TrustZone Protection
+config STM32_ECDSA_VERIFY + bool "STM32 ECDSA verification via the ROM API" + depends on SPL_ECDSA_VERIFY + default y + help + Say y to enable the uclass driver for ECDSA verification using the + ROM API provided on STM32MP. + The ROM API is only available during SPL for now. + config CMD_STM32KEY bool "command stm32key to fuse public key hash" default y diff --git a/arch/arm/mach-stm32mp/Makefile b/arch/arm/mach-stm32mp/Makefile index aa39867080..0942092d8e 100644 --- a/arch/arm/mach-stm32mp/Makefile +++ b/arch/arm/mach-stm32mp/Makefile @@ -10,6 +10,7 @@ obj-y += bsec.o
ifdef CONFIG_SPL_BUILD obj-y += spl.o +obj-$(CONFIG_STM32_ECDSA_VERIFY) += ecdsa_romapi.o else obj-y += cmd_stm32prog/ obj-$(CONFIG_CMD_STM32KEY) += cmd_stm32key.o diff --git a/arch/arm/mach-stm32mp/ecdsa_romapi.c b/arch/arm/mach-stm32mp/ecdsa_romapi.c new file mode 100644 index 0000000000..a2f63ff879 --- /dev/null +++ b/arch/arm/mach-stm32mp/ecdsa_romapi.c @@ -0,0 +1,102 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * STM32MP ECDSA verification via the ROM API + * + * Implements ECDSA signature verification via the STM32MP ROM. + */ +#include <asm/system.h> +#include <dm/device.h> +#include <linux/types.h> +#include <u-boot/ecdsa.h> +#include <crypto/ecdsa-uclass.h> +#include <linux/libfdt.h> +#include <dm/platdata.h> + +#define ROM_API_SUCCESS 0x77 +#define ROM_API_ECDSA_ALGO_PRIME_256V1 1 +#define ROM_API_ECDSA_ALGO_BRAINPOOL_256 2 + +#define ROM_API_OFFSET_ECDSA_VERIFY 0x60 + +struct ecdsa_rom_api { + uint32_t (*ecdsa_verify_signature)(const void *hash, const void *pubkey, + const void *signature, + uint32_t ecc_algo); +}; + +/* + * Without forcing the ".data" section, this would get saved in ".bss". BSS + * will be cleared soon after, so it's not suitable. + */ +static uintptr_t rom_api_loc __section(".data"); + +/* + * The ROM gives us the API location in r0 when starting. This is only available + * during SPL, as there isn't (yet) a mechanism to pass this on to u-boot. + */ +void save_boot_params(unsigned long r0, unsigned long r1, unsigned long r2, + unsigned long r3) +{ + rom_api_loc = r0; + save_boot_params_ret(); +} + +static void stm32mp_rom_get_ecdsa_functions(struct ecdsa_rom_api *rom) +{ + uintptr_t verify_ptr = rom_api_loc + ROM_API_OFFSET_ECDSA_VERIFY; + + rom->ecdsa_verify_signature = *(void **)verify_ptr; +} + +static int ecdsa_key_algo(const char *curve_name) +{ + if (!strcmp(curve_name, "prime256v1")) + return ROM_API_ECDSA_ALGO_PRIME_256V1; + else if (!strcmp(curve_name, "brainpool256")) + return ROM_API_ECDSA_ALGO_BRAINPOOL_256; + else + return -ENOPROTOOPT; +} + +static int romapi_ecdsa_verify(struct udevice *dev, + const struct ecdsa_public_key *pubkey, + const void *hash, size_t hash_len, + const void *signature, size_t sig_len) +{ + struct ecdsa_rom_api rom; + uint8_t raw_key[64]; + uint32_t rom_ret; + int algo; + + /* The ROM API can only handle 256-bit ECDSA keys. */ + if (sig_len != 64 || hash_len != 32 || pubkey->size_bits != 256) + return -EINVAL; + + algo = ecdsa_key_algo(pubkey->curve_name); + if (algo < 0) + return algo; + + /* The ROM API wants the (X, Y) coordinates concatenated. */ + memcpy(raw_key, pubkey->x, 32); + memcpy(raw_key + 32, pubkey->y, 32); + + stm32mp_rom_get_ecdsa_functions(&rom); + rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature, algo); + + return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM; +} + +static const struct ecdsa_ops rom_api_ops = { + .verify = romapi_ecdsa_verify, +}; + +U_BOOT_DRIVER(stm32mp_rom_api_ecdsa) = { + .name = "stm32mp_rom_api_ecdsa", + .id = UCLASS_ECDSA, + .ops = &rom_api_ops, + .flags = DM_FLAG_PRE_RELOC, +}; + +U_BOOT_DRVINFO(stm32mp_rom_api_ecdsa) = { + .name = "stm32mp_rom_api_ecdsa", +};
FIT signatures can now be implemented with ECDSA. The assumption that all FIT images are signed with RSA is no longer valid. Thus, instead of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org --- common/Kconfig.boot | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 03a6e6f214..1527e3e600 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -76,8 +76,8 @@ config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM select HASH - select RSA - select RSA_VERIFY + imply RSA + imply RSA_VERIFY select IMAGE_SIGN_INFO select FIT_FULL_CHECK help @@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO_SUPPORT select SPL_HASH_SUPPORT - select SPL_RSA - select SPL_RSA_VERIFY + imply SPL_RSA + imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO select SPL_FIT_FULL_CHECK
On Mon, May 17, 2021 at 9:40 PM Alexandru Gagniuc mr.nuke.me@gmail.com wrote:
FIT signatures can now be implemented with ECDSA. The assumption that all FIT images are signed with RSA is no longer valid. Thus, instead of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org
common/Kconfig.boot | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 03a6e6f214..1527e3e600 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -76,8 +76,8 @@ config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM select HASH
select RSAselect RSA_VERIFY
imply RSAimply RSA_VERIFY select IMAGE_SIGN_INFO select FIT_FULL_CHECK help@@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO_SUPPORT select SPL_HASH_SUPPORT
select SPL_RSAselect SPL_RSA_VERIFY
imply SPL_RSAimply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO select SPL_FIT_FULL_CHECK-- 2.31.1
Reviewed-by: Igor Opaniuk igor.opaniuk@foundries.io
This test verifies that ECDSA_UCLASS is implemented, and that ecdsa_verify() works as expected. The definition of "expected" is "does not find a device, and returns -ENODEV".
The lack of a hardware-independent ECDSA implementation prevents us from having one in the sandbox, for now.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org --- configs/sandbox_defconfig | 2 ++ test/dm/Makefile | 1 + test/dm/ecdsa.c | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 test/dm/ecdsa.c
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 7b8603d1ef..e40bcb4b16 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -287,3 +287,5 @@ CONFIG_TEST_FDTDEC=y CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y +CONFIG_ECDSA=y +CONFIG_ECDSA_VERIFY=y diff --git a/test/dm/Makefile b/test/dm/Makefile index c9644617a1..3508aa1968 100644 --- a/test/dm/Makefile +++ b/test/dm/Makefile @@ -34,6 +34,7 @@ obj-$(CONFIG_DEVRES) += devres.o obj-$(CONFIG_DMA) += dma.o obj-$(CONFIG_VIDEO_MIPI_DSI) += dsi_host.o obj-$(CONFIG_DM_DSA) += dsa.o +obj-$(CONFIG_ECDSA_VERIFY) += ecdsa.o obj-$(CONFIG_DM_ETH) += eth.o ifneq ($(CONFIG_EFI_PARTITION),) obj-$(CONFIG_FASTBOOT_FLASH_MMC) += fastboot.o diff --git a/test/dm/ecdsa.c b/test/dm/ecdsa.c new file mode 100644 index 0000000000..9c0007b180 --- /dev/null +++ b/test/dm/ecdsa.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + +#include <crypto/ecdsa-uclass.h> +#include <dm.h> +#include <dm/test.h> +#include <test/ut.h> +#include <u-boot/ecdsa.h> + +/* + * Basic test of the ECDSA uclass and ecdsa_verify() + * + * ECDSA implementations in u-boot are hardware-dependent. Until we have a + * software implementation that can be compiled into the sandbox, all we can + * test is the uclass support. + * + * The uclass_get() test is redundant since ecdsa_verify() would also fail. We + * run both functions in order to isolate the cause more clearly. i.e. is + * ecdsa_verify() failing because the UCLASS is absent/broken? + */ +static int dm_test_ecdsa_verify(struct unit_test_state *uts) +{ + const struct ecdsa_ops *ops; + struct uclass *ucp; + + const struct checksum_algo algo = { + .checksum_len = 256, + }; + + struct image_sign_info info = { + .checksum = &algo, + }; + + ut_assertok(uclass_get(UCLASS_ECDSA, &ucp)); + ut_assertnonnull(ucp); + ut_asserteq(-ENODEV, ecdsa_verify(&info, NULL, 0, NULL, 0)); + + return 0; +} +DM_TEST(dm_test_ecdsa_verify, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT);
Hi Alexandru,
On 5/17/21 8:39 PM, Alexandru Gagniuc wrote:
This test verifies that ECDSA_UCLASS is implemented, and that ecdsa_verify() works as expected. The definition of "expected" is "does not find a device, and returns -ENODEV".
The lack of a hardware-independent ECDSA implementation prevents us from having one in the sandbox, for now.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org
configs/sandbox_defconfig | 2 ++ test/dm/Makefile | 1 + test/dm/ecdsa.c | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 test/dm/ecdsa.c
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 7b8603d1ef..e40bcb4b16 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -287,3 +287,5 @@ CONFIG_TEST_FDTDEC=y CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y +CONFIG_ECDSA=y +CONFIG_ECDSA_VERIFY=y diff --git a/test/dm/Makefile b/test/dm/Makefile index c9644617a1..3508aa1968 100644 --- a/test/dm/Makefile +++ b/test/dm/Makefile @@ -34,6 +34,7 @@ obj-$(CONFIG_DEVRES) += devres.o obj-$(CONFIG_DMA) += dma.o obj-$(CONFIG_VIDEO_MIPI_DSI) += dsi_host.o obj-$(CONFIG_DM_DSA) += dsa.o +obj-$(CONFIG_ECDSA_VERIFY) += ecdsa.o obj-$(CONFIG_DM_ETH) += eth.o ifneq ($(CONFIG_EFI_PARTITION),) obj-$(CONFIG_FASTBOOT_FLASH_MMC) += fastboot.o diff --git a/test/dm/ecdsa.c b/test/dm/ecdsa.c new file mode 100644 index 0000000000..9c0007b180 --- /dev/null +++ b/test/dm/ecdsa.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-or-later
+#include <crypto/ecdsa-uclass.h> +#include <dm.h> +#include <dm/test.h> +#include <test/ut.h> +#include <u-boot/ecdsa.h>
+/*
- Basic test of the ECDSA uclass and ecdsa_verify()
- ECDSA implementations in u-boot are hardware-dependent. Until we have a
- software implementation that can be compiled into the sandbox, all we can
- test is the uclass support.
- The uclass_get() test is redundant since ecdsa_verify() would also fail. We
- run both functions in order to isolate the cause more clearly. i.e. is
- ecdsa_verify() failing because the UCLASS is absent/broken?
- */
+static int dm_test_ecdsa_verify(struct unit_test_state *uts) +{
- const struct ecdsa_ops *ops;
- struct uclass *ucp;
- const struct checksum_algo algo = {
.checksum_len = 256,- };
- struct image_sign_info info = {
.checksum = &algo,- };
- ut_assertok(uclass_get(UCLASS_ECDSA, &ucp));
- ut_assertnonnull(ucp);
- ut_asserteq(-ENODEV, ecdsa_verify(&info, NULL, 0, NULL, 0));
- return 0;
+} +DM_TEST(dm_test_ecdsa_verify, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT);
When I prepare the stm32 pull request, I detect a issue with this patch in CI pipeline:
https://source.denx.de/u-boot/custodians/u-boot-stm/-/jobs/298432
+ sandbox test.py
+ sandbox with clang test.py
With the same errors:
Building current source for 1 boards (1 thread, 32 jobs per thread) sandbox: + sandbox +test/dm/ecdsa.c:30:15: error: initializing 'struct checksum_algo *' with an expression of type 'const struct checksum_algo *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] + .checksum = &algo, + ^~~~~ +test/dm/ecdsa.c:22:26: error: unused variable 'ops' [-Werror,-Wunused-variable] + const struct ecdsa_ops *ops; + ^ +2 errors generated. +make[3]: *** [scripts/Makefile.build:253: test/dm/ecdsa.o] Error 1 +make[2]: *** [scripts/Makefile.build:394: test/dm] Error 2 +make[1]: *** [Makefile:1815: test] Error 2 +make: *** [Makefile:177: sub-make] Error 2 0 0 1 /1 sandbox
Can you correct this issue.
Thanks,
Patrick
This series is based on the latest master, so no patch dependencies.
Q: Will there be a software-only implementation of ECDSA ? A: That is the goal, so that we can have more extensive testing with the sandbox. I don not have the bandwidth to implement it. There has been an initial poer of software ecdsa here: https://github.com/timr11/u-boot/tree/ecdsa-vrf-1
Q: Can more code be shared with the RSA verification path? A: Probably yes. Mostly having to do with parsing the "/signature" node and "key-name-hint"s in the u-boot FDT. Although there isn't any copypasted RSA code, or code with substantial similarity.
Changes since v5: - Fixed clang warning stemming from test/dm/ecdsa.c
Changes since v4: - Use U_BOOT_CRYPTO_ALGO() to add ECDSA to .u_boot_list - No need to #define IMAGE_ENABLE_VERIFY_ECDSA - Use ut_asserteq(x, -ENODEV) instead of ut_assert(x == -ENODEV)
Changes since v3: - Remove unused ecdsa_check_key() function
Changes since v2: - Spell out "elliptic curve" in Kconfig (Although RSA isn't spelled out)
Changes since v1: - Add test to make sure the UCLASS is enabled - Fix check against wrong sig_len in ecdsa_romapi.c - s/U_BOOT_DEVICE/U_BOOT_DRVINFO/ - Use "if(!ret)" instead of "if (ret == 0)" - Use uclass_first_device_err() instead of uclass_fi
Alexandru Gagniuc (5): dm: crypto: Define UCLASS API for ECDSA signature verification lib: ecdsa: Implement UCLASS_ECDSA verification on target arm: stm32mp1: Implement ECDSA signature verification Kconfig: FIT_SIGNATURE should not select RSA_VERIFY test: dm: Add test for ECDSA UCLASS support
arch/arm/mach-stm32mp/Kconfig | 9 ++ arch/arm/mach-stm32mp/Makefile | 1 + arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 ++++++++++++++++++++ common/Kconfig.boot | 8 +- configs/sandbox_defconfig | 2 + include/crypto/ecdsa-uclass.h | 39 ++++++++ include/dm/uclass-id.h | 1 + lib/Kconfig | 1 + lib/Makefile | 1 + lib/ecdsa/Kconfig | 23 +++++ lib/ecdsa/Makefile | 1 + lib/ecdsa/ecdsa-verify.c | 134 +++++++++++++++++++++++++++ test/dm/Makefile | 1 + test/dm/ecdsa.c | 38 ++++++++ 14 files changed, 357 insertions(+), 4 deletions(-) create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c create mode 100644 include/crypto/ecdsa-uclass.h create mode 100644 lib/ecdsa/Kconfig create mode 100644 lib/ecdsa/Makefile create mode 100644 lib/ecdsa/ecdsa-verify.c create mode 100644 test/dm/ecdsa.c
Define a UCLASS API for verifying ECDSA signatures. Unlike UCLASS_MOD_EXP, which focuses strictly on modular exponentiation, the ECDSA class focuses on verification. This is done so that it better aligns with mach-specific implementations, such as stm32mp.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com --- include/crypto/ecdsa-uclass.h | 39 +++++++++++++++++++++++++++++++++++ include/dm/uclass-id.h | 1 + 2 files changed, 40 insertions(+) create mode 100644 include/crypto/ecdsa-uclass.h
diff --git a/include/crypto/ecdsa-uclass.h b/include/crypto/ecdsa-uclass.h new file mode 100644 index 0000000000..189843820a --- /dev/null +++ b/include/crypto/ecdsa-uclass.h @@ -0,0 +1,39 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2020, Alexandru Gagniuc mr.nuke.me@gmail.com + */ + +#include <dm/device.h> + +/** + * struct ecdsa_public_key - ECDSA public key properties + * + * The struct has pointers to the (x, y) curve coordinates to an ECDSA public + * key, as well as the name of the ECDSA curve. The size of the key is inferred + * from the 'curve_name' + */ +struct ecdsa_public_key { + const char *curve_name; /* Name of curve, e.g. "prime256v1" */ + const void *x; /* x coordinate of public key */ + const void *y; /* y coordinate of public key */ + unsigned int size_bits; /* key size in bits, derived from curve name */ +}; + +struct ecdsa_ops { + /** + * Verify signature of hash against given public key + * + * @dev: ECDSA Device + * @pubkey: ECDSA public key + * @hash: Hash of binary image + * @hash_len: Length of hash in bytes + * @signature: Signature in a raw (R, S) point pair + * @sig_len: Length of signature in bytes + * + * This function verifies that the 'signature' of the given 'hash' was + * signed by the private key corresponding to 'pubkey'. + */ + int (*verify)(struct udevice *dev, const struct ecdsa_public_key *pubkey, + const void *hash, size_t hash_len, + const void *signature, size_t sig_len); +}; diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h index 9d474533ba..e7edd409f3 100644 --- a/include/dm/uclass-id.h +++ b/include/dm/uclass-id.h @@ -47,6 +47,7 @@ enum uclass_id { UCLASS_DSI_HOST, /* Display Serial Interface host */ UCLASS_DMA, /* Direct Memory Access */ UCLASS_DSA, /* Distributed (Ethernet) Switch Architecture */ + UCLASS_ECDSA, /* Elliptic curve cryptographic device */ UCLASS_EFI, /* EFI managed devices */ UCLASS_ETH, /* Ethernet device */ UCLASS_ETH_PHY, /* Ethernet PHY device */
Hi Alexandru,
On 7/29/21 6:47 PM, Alexandru Gagniuc wrote:
Define a UCLASS API for verifying ECDSA signatures. Unlike UCLASS_MOD_EXP, which focuses strictly on modular exponentiation, the ECDSA class focuses on verification. This is done so that it better aligns with mach-specific implementations, such as stm32mp.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com
include/crypto/ecdsa-uclass.h | 39 +++++++++++++++++++++++++++++++++++ include/dm/uclass-id.h | 1 + 2 files changed, 40 insertions(+) create mode 100644 include/crypto/ecdsa-uclass.h
Reviewed-by: Patrick Delaunay patrick.delaunay@foss.st.com
Thanks Patrick
Hi Alexandru
On 7/30/21 11:47 AM, Patrick DELAUNAY wrote:
Hi Alexandru,
On 7/29/21 6:47 PM, Alexandru Gagniuc wrote:
Define a UCLASS API for verifying ECDSA signatures. Unlike UCLASS_MOD_EXP, which focuses strictly on modular exponentiation, the ECDSA class focuses on verification. This is done so that it better aligns with mach-specific implementations, such as stm32mp.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com
include/crypto/ecdsa-uclass.h | 39 +++++++++++++++++++++++++++++++++++ include/dm/uclass-id.h | 1 + 2 files changed, 40 insertions(+) create mode 100644 include/crypto/ecdsa-uclass.h
Reviewed-by: Patrick Delaunay patrick.delaunay@foss.st.com
Thanks Patrick
Applied to u-boot-stm/master
Thanks Patrice
Implement the crypto_algo .verify() function for ecdsa256. Because it backends on UCLASS_ECDSA, this change is focused on parsing the keys from devicetree and passing this information to the specific UCLASS driver.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org --- lib/Kconfig | 1 + lib/Makefile | 1 + lib/ecdsa/Kconfig | 23 +++++++ lib/ecdsa/Makefile | 1 + lib/ecdsa/ecdsa-verify.c | 134 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 160 insertions(+) create mode 100644 lib/ecdsa/Kconfig create mode 100644 lib/ecdsa/Makefile create mode 100644 lib/ecdsa/ecdsa-verify.c
diff --git a/lib/Kconfig b/lib/Kconfig index fdcf7ea405..014a2f7f77 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -303,6 +303,7 @@ config AES supported by the algorithm but only a 128-bit key is supported at present.
+source lib/ecdsa/Kconfig source lib/rsa/Kconfig source lib/crypto/Kconfig source lib/crypt/Kconfig diff --git a/lib/Makefile b/lib/Makefile index 07c2ccd7cf..8ba745faa0 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -60,6 +60,7 @@ endif
obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/ obj-$(CONFIG_$(SPL_)MD5) += md5.o +obj-$(CONFIG_ECDSA) += ecdsa/ obj-$(CONFIG_$(SPL_)RSA) += rsa/ obj-$(CONFIG_HASH) += hash-checksum.o obj-$(CONFIG_SHA1) += sha1.o diff --git a/lib/ecdsa/Kconfig b/lib/ecdsa/Kconfig new file mode 100644 index 0000000000..a95c4ff581 --- /dev/null +++ b/lib/ecdsa/Kconfig @@ -0,0 +1,23 @@ +config ECDSA + bool "Enable ECDSA support" + depends on DM + help + This enables the ECDSA (elliptic curve signature) algorithm for FIT + image verification in U-Boot. The ECDSA algorithm is implemented + using the driver model, so CONFIG_DM is required by this library. + See doc/uImage.FIT/signature.txt for more details. + ECDSA is enabled for mkimage regardless of this option. + +if ECDSA + +config ECDSA_VERIFY + bool "Enable ECDSA verification support in U-Boot." + help + Allow ECDSA signatures to be recognized and verified in U-Boot. + +config SPL_ECDSA_VERIFY + bool "Enable ECDSA verification support in SPL" + help + Allow ECDSA signatures to be recognized and verified in SPL. + +endif diff --git a/lib/ecdsa/Makefile b/lib/ecdsa/Makefile new file mode 100644 index 0000000000..771d6d3135 --- /dev/null +++ b/lib/ecdsa/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_$(SPL_)ECDSA_VERIFY) += ecdsa-verify.o diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c new file mode 100644 index 0000000000..0601700c4f --- /dev/null +++ b/lib/ecdsa/ecdsa-verify.c @@ -0,0 +1,134 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * ECDSA signature verification for u-boot + * + * This implements the firmware-side wrapper for ECDSA verification. It bridges + * the struct crypto_algo API to the ECDSA uclass implementations. + * + * Copyright (c) 2020, Alexandru Gagniuc mr.nuke.me@gmail.com + */ + +#include <crypto/ecdsa-uclass.h> +#include <dm/uclass.h> +#include <u-boot/ecdsa.h> + +/* + * Derive size of an ECDSA key from the curve name + * + * While it's possible to extract the key size by using string manipulation, + * use a list of known curves for the time being. + */ +static int ecdsa_key_size(const char *curve_name) +{ + if (!strcmp(curve_name, "prime256v1")) + return 256; + else + return 0; +} + +static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node) +{ + int x_len, y_len; + + key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL); + key->size_bits = ecdsa_key_size(key->curve_name); + if (key->size_bits == 0) { + debug("Unknown ECDSA curve '%s'", key->curve_name); + return -EINVAL; + } + + key->x = fdt_getprop(fdt, node, "ecdsa,x-point", &x_len); + key->y = fdt_getprop(fdt, node, "ecdsa,y-point", &y_len); + + if (!key->x || !key->y) + return -EINVAL; + + if (x_len != (key->size_bits / 8) || y_len != (key->size_bits / 8)) { + printf("%s: node=%d, curve@%p x@%p+%i y@%p+%i\n", __func__, + node, key->curve_name, key->x, x_len, key->y, y_len); + return -EINVAL; + } + + return 0; +} + +static int ecdsa_verify_hash(struct udevice *dev, + const struct image_sign_info *info, + const void *hash, const void *sig, uint sig_len) +{ + const struct ecdsa_ops *ops = device_get_ops(dev); + const struct checksum_algo *algo = info->checksum; + struct ecdsa_public_key key; + int sig_node, key_node, ret; + + if (!ops || !ops->verify) + return -ENODEV; + + if (info->required_keynode > 0) { + ret = fdt_get_key(&key, info->fdt_blob, info->required_keynode); + if (ret < 0) + return ret; + + return ops->verify(dev, &key, hash, algo->checksum_len, + sig, sig_len); + } + + sig_node = fdt_subnode_offset(info->fdt_blob, 0, FIT_SIG_NODENAME); + if (sig_node < 0) + return -ENOENT; + + /* Try all possible keys under the "/signature" node */ + fdt_for_each_subnode(key_node, info->fdt_blob, sig_node) { + ret = fdt_get_key(&key, info->fdt_blob, key_node); + if (ret < 0) + continue; + + ret = ops->verify(dev, &key, hash, algo->checksum_len, + sig, sig_len); + + /* On success, don't worry about remaining keys */ + if (!ret) + return 0; + } + + return -EPERM; +} + +int ecdsa_verify(struct image_sign_info *info, + const struct image_region region[], int region_count, + uint8_t *sig, uint sig_len) +{ + const struct checksum_algo *algo = info->checksum; + uint8_t hash[algo->checksum_len]; + struct udevice *dev; + int ret; + + ret = uclass_first_device_err(UCLASS_ECDSA, &dev); + if (ret) { + debug("ECDSA: Could not find ECDSA implementation: %d\n", ret); + return ret; + } + + ret = algo->calculate(algo->name, region, region_count, hash); + if (ret < 0) + return -EINVAL; + + return ecdsa_verify_hash(dev, info, hash, sig, sig_len); +} + +U_BOOT_CRYPTO_ALGO(ecdsa) = { + .name = "ecdsa256", + .key_len = ECDSA256_BYTES, + .verify = ecdsa_verify, +}; + +/* + * uclass definition for ECDSA API + * + * We don't implement any wrappers around ecdsa_ops->verify() because it's + * trivial to call ops->verify(). + */ +UCLASS_DRIVER(ecdsa) = { + .id = UCLASS_ECDSA, + .name = "ecdsa_verifier", +};
Hi,
On 7/29/21 6:47 PM, Alexandru Gagniuc wrote:
Implement the crypto_algo .verify() function for ecdsa256. Because it backends on UCLASS_ECDSA, this change is focused on parsing the keys from devicetree and passing this information to the specific UCLASS driver.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org
lib/Kconfig | 1 + lib/Makefile | 1 + lib/ecdsa/Kconfig | 23 +++++++ lib/ecdsa/Makefile | 1 + lib/ecdsa/ecdsa-verify.c | 134 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 160 insertions(+) create mode 100644 lib/ecdsa/Kconfig create mode 100644 lib/ecdsa/Makefile create mode 100644 lib/ecdsa/ecdsa-verify.c
Reviewed-by: Patrick Delaunay patrick.delaunay@foss.st.com
Thanks Patrick
The STM32MP ROM provides several service. One of them is the ability to verify ecdsa256 signatures. Hook the ROM API into the ECDSA uclass.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com --- arch/arm/mach-stm32mp/Kconfig | 9 +++ arch/arm/mach-stm32mp/Makefile | 1 + arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 +++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c
diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig index ace07fd70f..4c1eeef165 100644 --- a/arch/arm/mach-stm32mp/Kconfig +++ b/arch/arm/mach-stm32mp/Kconfig @@ -172,6 +172,15 @@ config STM32_ETZPC help Say y to enable STM32 Extended TrustZone Protection
+config STM32_ECDSA_VERIFY + bool "STM32 ECDSA verification via the ROM API" + depends on SPL_ECDSA_VERIFY + default y + help + Say y to enable the uclass driver for ECDSA verification using the + ROM API provided on STM32MP. + The ROM API is only available during SPL for now. + config CMD_STM32KEY bool "command stm32key to fuse public key hash" default n diff --git a/arch/arm/mach-stm32mp/Makefile b/arch/arm/mach-stm32mp/Makefile index 879c1961fe..391b47cf13 100644 --- a/arch/arm/mach-stm32mp/Makefile +++ b/arch/arm/mach-stm32mp/Makefile @@ -11,6 +11,7 @@ obj-y += bsec.o ifdef CONFIG_SPL_BUILD obj-y += spl.o obj-y += tzc400.o +obj-$(CONFIG_STM32_ECDSA_VERIFY) += ecdsa_romapi.o else obj-y += cmd_stm32prog/ obj-$(CONFIG_CMD_STM32KEY) += cmd_stm32key.o diff --git a/arch/arm/mach-stm32mp/ecdsa_romapi.c b/arch/arm/mach-stm32mp/ecdsa_romapi.c new file mode 100644 index 0000000000..a2f63ff879 --- /dev/null +++ b/arch/arm/mach-stm32mp/ecdsa_romapi.c @@ -0,0 +1,102 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * STM32MP ECDSA verification via the ROM API + * + * Implements ECDSA signature verification via the STM32MP ROM. + */ +#include <asm/system.h> +#include <dm/device.h> +#include <linux/types.h> +#include <u-boot/ecdsa.h> +#include <crypto/ecdsa-uclass.h> +#include <linux/libfdt.h> +#include <dm/platdata.h> + +#define ROM_API_SUCCESS 0x77 +#define ROM_API_ECDSA_ALGO_PRIME_256V1 1 +#define ROM_API_ECDSA_ALGO_BRAINPOOL_256 2 + +#define ROM_API_OFFSET_ECDSA_VERIFY 0x60 + +struct ecdsa_rom_api { + uint32_t (*ecdsa_verify_signature)(const void *hash, const void *pubkey, + const void *signature, + uint32_t ecc_algo); +}; + +/* + * Without forcing the ".data" section, this would get saved in ".bss". BSS + * will be cleared soon after, so it's not suitable. + */ +static uintptr_t rom_api_loc __section(".data"); + +/* + * The ROM gives us the API location in r0 when starting. This is only available + * during SPL, as there isn't (yet) a mechanism to pass this on to u-boot. + */ +void save_boot_params(unsigned long r0, unsigned long r1, unsigned long r2, + unsigned long r3) +{ + rom_api_loc = r0; + save_boot_params_ret(); +} + +static void stm32mp_rom_get_ecdsa_functions(struct ecdsa_rom_api *rom) +{ + uintptr_t verify_ptr = rom_api_loc + ROM_API_OFFSET_ECDSA_VERIFY; + + rom->ecdsa_verify_signature = *(void **)verify_ptr; +} + +static int ecdsa_key_algo(const char *curve_name) +{ + if (!strcmp(curve_name, "prime256v1")) + return ROM_API_ECDSA_ALGO_PRIME_256V1; + else if (!strcmp(curve_name, "brainpool256")) + return ROM_API_ECDSA_ALGO_BRAINPOOL_256; + else + return -ENOPROTOOPT; +} + +static int romapi_ecdsa_verify(struct udevice *dev, + const struct ecdsa_public_key *pubkey, + const void *hash, size_t hash_len, + const void *signature, size_t sig_len) +{ + struct ecdsa_rom_api rom; + uint8_t raw_key[64]; + uint32_t rom_ret; + int algo; + + /* The ROM API can only handle 256-bit ECDSA keys. */ + if (sig_len != 64 || hash_len != 32 || pubkey->size_bits != 256) + return -EINVAL; + + algo = ecdsa_key_algo(pubkey->curve_name); + if (algo < 0) + return algo; + + /* The ROM API wants the (X, Y) coordinates concatenated. */ + memcpy(raw_key, pubkey->x, 32); + memcpy(raw_key + 32, pubkey->y, 32); + + stm32mp_rom_get_ecdsa_functions(&rom); + rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature, algo); + + return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM; +} + +static const struct ecdsa_ops rom_api_ops = { + .verify = romapi_ecdsa_verify, +}; + +U_BOOT_DRIVER(stm32mp_rom_api_ecdsa) = { + .name = "stm32mp_rom_api_ecdsa", + .id = UCLASS_ECDSA, + .ops = &rom_api_ops, + .flags = DM_FLAG_PRE_RELOC, +}; + +U_BOOT_DRVINFO(stm32mp_rom_api_ecdsa) = { + .name = "stm32mp_rom_api_ecdsa", +};
Hi,
On 7/29/21 6:47 PM, Alexandru Gagniuc wrote:
The STM32MP ROM provides several service. One of them is the ability to verify ecdsa256 signatures. Hook the ROM API into the ECDSA uclass.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com
arch/arm/mach-stm32mp/Kconfig | 9 +++ arch/arm/mach-stm32mp/Makefile | 1 + arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 +++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c
Reviewed-by: Patrick Delaunay patrick.delaunay@foss.st.com
Thanks Patrick
Hi Alexandru
On 7/30/21 11:51 AM, Patrick DELAUNAY wrote:
Hi,
On 7/29/21 6:47 PM, Alexandru Gagniuc wrote:
The STM32MP ROM provides several service. One of them is the ability to verify ecdsa256 signatures. Hook the ROM API into the ECDSA uclass.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com
arch/arm/mach-stm32mp/Kconfig | 9 +++ arch/arm/mach-stm32mp/Makefile | 1 + arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 +++++++++++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c
Reviewed-by: Patrick Delaunay patrick.delaunay@foss.st.com
Thanks Patrick
Applied to u-boot-stm/master
Thanks Patrice
FIT signatures can now be implemented with ECDSA. The assumption that all FIT images are signed with RSA is no longer valid. Thus, instead of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org Reviewed-by: Igor Opaniuk igor.opaniuk@foundries.io --- common/Kconfig.boot | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index f39df04bbf..0d4c38402c 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -76,8 +76,8 @@ config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM select HASH - select RSA - select RSA_VERIFY + imply RSA + imply RSA_VERIFY select IMAGE_SIGN_INFO select FIT_FULL_CHECK help @@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO select SPL_HASH_SUPPORT - select SPL_RSA - select SPL_RSA_VERIFY + imply SPL_RSA + imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO select SPL_FIT_FULL_CHECK
Hi,
On 7/29/21 6:47 PM, Alexandru Gagniuc wrote:
FIT signatures can now be implemented with ECDSA. The assumption that all FIT images are signed with RSA is no longer valid. Thus, instead of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org Reviewed-by: Igor Opaniuk igor.opaniuk@foundries.io
common/Kconfig.boot | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
Reviewed-by: Patrick Delaunay patrick.delaunay@foss.st.com
Thanks Patrick
Hi Alexandru
On 7/30/21 11:52 AM, Patrick DELAUNAY wrote:
Hi,
On 7/29/21 6:47 PM, Alexandru Gagniuc wrote:
FIT signatures can now be implemented with ECDSA. The assumption that all FIT images are signed with RSA is no longer valid. Thus, instead of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org Reviewed-by: Igor Opaniuk igor.opaniuk@foundries.io
common/Kconfig.boot | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
Reviewed-by: Patrick Delaunay patrick.delaunay@foss.st.com
Thanks Patrick
Applied to u-boot-stm/master
Thanks Patrice
This test verifies that ECDSA_UCLASS is implemented, and that ecdsa_verify() works as expected. The definition of "expected" is "does not find a device, and returns -ENODEV".
The lack of a hardware-independent ECDSA implementation prevents us from having one in the sandbox, for now.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org --- configs/sandbox_defconfig | 2 ++ test/dm/Makefile | 1 + test/dm/ecdsa.c | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 test/dm/ecdsa.c
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index bcd82f76ff..8bb981d6f5 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -299,3 +299,5 @@ CONFIG_TEST_FDTDEC=y CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y +CONFIG_ECDSA=y +CONFIG_ECDSA_VERIFY=y diff --git a/test/dm/Makefile b/test/dm/Makefile index d5c42e7643..516f69d61c 100644 --- a/test/dm/Makefile +++ b/test/dm/Makefile @@ -36,6 +36,7 @@ obj-$(CONFIG_DEVRES) += devres.o obj-$(CONFIG_DMA) += dma.o obj-$(CONFIG_VIDEO_MIPI_DSI) += dsi_host.o obj-$(CONFIG_DM_DSA) += dsa.o +obj-$(CONFIG_ECDSA_VERIFY) += ecdsa.o obj-$(CONFIG_DM_ETH) += eth.o ifneq ($(CONFIG_EFI_PARTITION),) obj-$(CONFIG_FASTBOOT_FLASH_MMC) += fastboot.o diff --git a/test/dm/ecdsa.c b/test/dm/ecdsa.c new file mode 100644 index 0000000000..da535c98b5 --- /dev/null +++ b/test/dm/ecdsa.c @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + +#include <crypto/ecdsa-uclass.h> +#include <dm.h> +#include <dm/test.h> +#include <test/ut.h> +#include <u-boot/ecdsa.h> + +/* + * Basic test of the ECDSA uclass and ecdsa_verify() + * + * ECDSA implementations in u-boot are hardware-dependent. Until we have a + * software implementation that can be compiled into the sandbox, all we can + * test is the uclass support. + * + * The uclass_get() test is redundant since ecdsa_verify() would also fail. We + * run both functions in order to isolate the cause more clearly. i.e. is + * ecdsa_verify() failing because the UCLASS is absent/broken? + */ +static int dm_test_ecdsa_verify(struct unit_test_state *uts) +{ + struct uclass *ucp; + + struct checksum_algo algo = { + .checksum_len = 256, + }; + + struct image_sign_info info = { + .checksum = &algo, + }; + + ut_assertok(uclass_get(UCLASS_ECDSA, &ucp)); + ut_assertnonnull(ucp); + ut_asserteq(-ENODEV, ecdsa_verify(&info, NULL, 0, NULL, 0)); + + return 0; +} +DM_TEST(dm_test_ecdsa_verify, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT);
Hi,
On 7/29/21 6:47 PM, Alexandru Gagniuc wrote:
This test verifies that ECDSA_UCLASS is implemented, and that ecdsa_verify() works as expected. The definition of "expected" is "does not find a device, and returns -ENODEV".
The lack of a hardware-independent ECDSA implementation prevents us from having one in the sandbox, for now.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org
configs/sandbox_defconfig | 2 ++ test/dm/Makefile | 1 + test/dm/ecdsa.c | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 test/dm/ecdsa.c
Reviewed-by: Patrick Delaunay patrick.delaunay@foss.st.com
Thanks Patrick
Hi Alexandru
On 7/30/21 11:53 AM, Patrick DELAUNAY wrote:
Hi,
On 7/29/21 6:47 PM, Alexandru Gagniuc wrote:
This test verifies that ECDSA_UCLASS is implemented, and that ecdsa_verify() works as expected. The definition of "expected" is "does not find a device, and returns -ENODEV".
The lack of a hardware-independent ECDSA implementation prevents us from having one in the sandbox, for now.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com Reviewed-by: Simon Glass sjg@chromium.org
configs/sandbox_defconfig | 2 ++ test/dm/Makefile | 1 + test/dm/ecdsa.c | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 test/dm/ecdsa.c
Reviewed-by: Patrick Delaunay patrick.delaunay@foss.st.com
Thanks Patrick
Applied to u-boot-stm/master
Thanks Patrice
participants (5)
-
Alexandru Gagniuc -
Igor Opaniuk -
Patrice CHOTARD -
Patrick DELAUNAY -
Simon Glass