bootutil/crypto: Handle hashing errors and refactorings#2579
Open
kkrentz wants to merge 5 commits intomcu-tools:mainfrom
Open
bootutil/crypto: Handle hashing errors and refactorings#2579kkrentz wants to merge 5 commits intomcu-tools:mainfrom
kkrentz wants to merge 5 commits intomcu-tools:mainfrom
Conversation
kkrentz
requested review from
almir-okato,
davidvincze,
de-nordic and
nordicjm
as code owners
kkrentz
force-pushed
the
hashing-pr
branch
7 times, most recently
from
11cd7cc to
59140a8
Compare
kkrentz
force-pushed
the
hashing-pr
branch
4 times, most recently
from
27a1a66 to
7298a73
Compare
The current API actually requires checking each call to bootutil_sha_init, bootutil_sha_update, bootutil_sha_finish, and bootutil_sha_abort for errors. This would result in a lot of clutter and is not done at the moment. This commit wraps these functions so as to silently ignore subsequent calls in a series upon errors. As a result, only bootutil_sha_finish needs error checking. Signed-off-by: kkrentz <konrad.krentz@gmail.com>
This simplifies the API for generating HMACs and deriving keys. Signed-off-by: kkrentz <konrad.krentz@gmail.com>
This introduces a shorthand for doing bootutil_sha_init, bootutil_sha_update, and bootutil_sha_finish at once. This simplifies matters in bootutil_find_key. Besides, there was no error handling in bootutil_find_key, which is also fixed. Signed-off-by: kkrentz <konrad.krentz@gmail.com>
Using the currently configured crypto back end, this implements HMAC and HKDF. This implementation serves as a fallback solution for crypto back ends that do not provide these functions. As there are plans to remove TinyCrypt from MCUboot, no effort is made to use TinyCrypt when MCUBOOT_USE_TINYCRYPT is set. Instead, this configuration falls back on the general-purpose HMAC and HKDF implementations. Signed-off-by: kkrentz <konrad.krentz@gmail.com>
Thus far, hashing errors were silently ignored when hashing images. Signed-off-by: kkrentz <konrad.krentz@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR complements invocations of hashing-related function with error handling. This is important in various occasions, such as when verifying the signature of an image in "pure" mode. In this case, an error during hashing may cause the computed hash digest to become the all-zero string. However, an arbitrary ECDSA signature over the all-zero hash digest will turn out authentic.
Also, this PR adds a new file called
sha.c, which encapsulates shorthands for common invocation patterns of SHA and HMAC, as well as an HKDF implementation. This simplifies matters in other files and having HKDF at a reusable place helped us integrate TCG's Device Identifier Composition Engine with MCUboot, too. This is because DICE uses the "expand" subroutine of HKDF.Besides, this PR makes HMAC available regardless of the crypto backend. Currently, only mbedTLS and TinyCrypt provide this function, thereby limiting firmware encryption to configurations with one of these crypto backends.