Add ed25519 verification to sim

Signed-off-by: Fabio Utzig <[email protected]>

Author: utzig

boot/bootutil/include/bootutil/caps.h

@@ -41,6 +41,7 @@ uint32_t bootutil_get_caps(void);
 #define BOOTUTIL_CAP_ENC_KW                 (1<<6)
 #define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT  (1<<7)
 #define BOOTUTIL_CAP_RSA3072                (1<<8)
+#define BOOTUTIL_CAP_ED25519                (1<<9)
 
 /*
  * Query the number of images this bootloader is configured for.  This

boot/bootutil/src/caps.c

@@ -35,6 +35,9 @@ uint32_t bootutil_get_caps(void)
 #if defined(MCUBOOT_SIGN_EC256)
     res |= BOOTUTIL_CAP_ECDSA_P256;
 #endif
+#if defined(MCUBOOT_SIGN_ED25519)
+    res |= BOOTUTIL_CAP_ED25519;
+#endif
 #if defined(MCUBOOT_OVERWRITE_ONLY)
     res |= BOOTUTIL_CAP_OVERWRITE_UPGRADE;
 #else

sim/Cargo.toml

@@ -10,6 +10,7 @@ default = []
 sig-rsa = ["mcuboot-sys/sig-rsa"]
 sig-rsa3072 = ["mcuboot-sys/sig-rsa3072"]
 sig-ecdsa = ["mcuboot-sys/sig-ecdsa"]
+sig-ed25519 = ["mcuboot-sys/sig-ed25519"]
 overwrite-only = ["mcuboot-sys/overwrite-only"]
 validate-primary-slot = ["mcuboot-sys/validate-primary-slot"]
 enc-rsa = ["mcuboot-sys/enc-rsa"]

sim/mcuboot-sys/Cargo.toml

@@ -21,6 +21,9 @@ sig-rsa3072 = []
 # Verify ECDSA (secp256r1) signatures.
 sig-ecdsa = []
 
+# Verify ED25519 signatures.
+sig-ed25519 = []
+
 # Overwrite only upgrade
 overwrite-only = []
 

sim/mcuboot-sys/build.rs

@@ -12,6 +12,7 @@ fn main() {
     let sig_rsa = env::var("CARGO_FEATURE_SIG_RSA").is_ok();
     let sig_rsa3072 = env::var("CARGO_FEATURE_SIG_RSA3072").is_ok();
     let sig_ecdsa = env::var("CARGO_FEATURE_SIG_ECDSA").is_ok();
+    let sig_ed25519 = env::var("CARGO_FEATURE_SIG_ED25519").is_ok();
     let overwrite_only = env::var("CARGO_FEATURE_OVERWRITE_ONLY").is_ok();
     let validate_primary_slot =
                   env::var("CARGO_FEATURE_VALIDATE_PRIMARY_SLOT").is_ok();
@@ -37,7 +38,7 @@ fn main() {
     }
 
     // Currently no more than one sig type can be used simultaneously.
-    if vec![sig_rsa, sig_rsa3072, sig_ecdsa].iter()
+    if vec![sig_rsa, sig_rsa3072, sig_ecdsa, sig_ed25519].iter()
         .fold(0, |sum, &v| sum + v as i32) > 1 {
         panic!("mcuboot does not support more than one sig type at the same time");
     }
@@ -83,6 +84,18 @@ fn main() {
 
         conf.file("../../ext/mbedtls/src/platform_util.c");
         conf.file("../../ext/mbedtls/src/asn1parse.c");
+    } else if sig_ed25519 {
+        conf.define("MCUBOOT_SIGN_ED25519", None);
+        conf.define("MCUBOOT_USE_MBED_TLS", None);
+
+        conf.include("mbedtls/include");
+        conf.file("mbedtls/library/sha256.c");
+        conf.file("mbedtls/library/sha512.c");
+        conf.file("csupport/keys.c");
+        conf.file("../../ext/fiat/src/curve25519.c");
+        conf.file("mbedtls/library/platform.c");
+        conf.file("mbedtls/library/platform_util.c");
+        conf.file("mbedtls/library/asn1parse.c");
     } else {
         // Neither signature type, only verify sha256. The default
         // configuration file bundled with mbedTLS is sufficient.
@@ -148,6 +161,10 @@ fn main() {
             conf.file("../../ext/tinycrypt/lib/source/aes_encrypt.c");
             conf.file("../../ext/tinycrypt/lib/source/aes_decrypt.c");
         }
+
+        if sig_ed25519 {
+            panic!("ed25519 does not support image encryption with KW yet");
+        }
     }
 
     if sig_rsa && enc_kw {
@@ -156,6 +173,8 @@ fn main() {
         conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa.h>"));
     } else if sig_ecdsa && !enc_kw {
         conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
+    } else if sig_ed25519 {
+        conf.define("MBEDTLS_CONFIG_FILE", Some("<config-ed25519.h>"));
     } else if enc_kw {
         conf.define("MBEDTLS_CONFIG_FILE", Some("<config-kw.h>"));
     }
@@ -165,6 +184,8 @@ fn main() {
         conf.file("../../boot/bootutil/src/image_rsa.c");
     } else if sig_ecdsa {
         conf.file("../../boot/bootutil/src/image_ec256.c");
+    } else if sig_ed25519 {
+        conf.file("../../boot/bootutil/src/image_ed25519.c");
     }
     conf.file("../../boot/bootutil/src/loader.c");
     conf.file("../../boot/bootutil/src/caps.c");

sim/mcuboot-sys/csupport/keys.c

@@ -122,6 +122,17 @@ const unsigned char root_pub_der[] = {
     0x8b, 0x68, 0x34, 0xcc, 0x3a, 0x6a, 0xfc, 0x53,
     0x8e, 0xfa, 0xc1, };
 const unsigned int root_pub_der_len = 91;
+#elif defined(MCUBOOT_SIGN_ED25519)
+#define HAVE_KEYS
+const unsigned char root_pub_der[] = {
+    0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+    0x70, 0x03, 0x21, 0x00, 0xd4, 0xb3, 0x1b, 0xa4,
+    0x9a, 0x3a, 0xdd, 0x3f, 0x82, 0x5d, 0x10, 0xca,
+    0x7f, 0x31, 0xb5, 0x0b, 0x0d, 0xe8, 0x7f, 0x37,
+    0xcc, 0xc4, 0x9f, 0x1a, 0x40, 0x3a, 0x5c, 0x13,
+    0x20, 0xff, 0xb4, 0xe0,
+};
+const unsigned int root_pub_der_len = 44;
 #endif
 
 #if defined(HAVE_KEYS)

sim/src/caps.rs

@@ -13,6 +13,7 @@ pub enum Caps {
     EncKw                = (1 << 6),
     ValidatePrimarySlot  = (1 << 7),
     RSA3072              = (1 << 8),
+    Ed25519              = (1 << 9),
 }
 
 impl Caps {

sim/src/ed25519_pub_key-rs.txt

@@ -0,0 +1,8 @@
+static ED25519_PUB_KEY: &'static [u8] = &[
+    0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+    0x70, 0x03, 0x21, 0x00, 0xd4, 0xb3, 0x1b, 0xa4,
+    0x9a, 0x3a, 0xdd, 0x3f, 0x82, 0x5d, 0x10, 0xca,
+    0x7f, 0x31, 0xb5, 0x0b, 0x0d, 0xe8, 0x7f, 0x37,
+    0xcc, 0xc4, 0x9f, 0x1a, 0x40, 0x3a, 0x5c, 0x13,
+    0x20, 0xff, 0xb4, 0xe0,
+];

sim/src/image.rs

@@ -1168,6 +1168,8 @@ fn make_tlv() -> TlvGen {
             TlvGen::new_rsa3072_pss()
         } else if Caps::EcdsaP256.present() {
             TlvGen::new_ecdsa()
+        } else if Caps::Ed25519.present() {
+            TlvGen::new_ed25519()
         } else {
             TlvGen::new_hash_only()
         }

sim/src/tlv.rs

@@ -16,6 +16,7 @@ use ring::signature::{
     RSA_PSS_SHA256,
     EcdsaKeyPair,
     ECDSA_P256_SHA256_ASN1_SIGNING,
+    Ed25519KeyPair,
 };
 use untrusted;
 use mcuboot_sys::c;
@@ -30,6 +31,7 @@ pub enum TlvKinds {
     ECDSA224 = 0x21,
     ECDSA256 = 0x22,
     RSA3072 = 0x23,
+    ED25519 = 0x24,
     ENCRSA2048 = 0x30,
     ENCKW128 = 0x31,
 }
@@ -110,6 +112,16 @@ impl TlvGen {
         }
     }
 
+    #[allow(dead_code)]
+    pub fn new_ed25519() -> TlvGen {
+        TlvGen {
+            flags: 0,
+            kinds: vec![TlvKinds::SHA256, TlvKinds::ED25519],
+            size: 4 + 32 + 4 + 32 + 4 + 64,
+            payload: vec![],
+        }
+    }
+
     #[allow(dead_code)]
     pub fn new_enc_rsa() -> TlvGen {
         TlvGen {
@@ -288,6 +300,38 @@ impl ManifestGen for TlvGen {
             result.extend_from_slice(signature.as_ref());
         }
 
+        if self.kinds.contains(&TlvKinds::ED25519) {
+            let keyhash = digest::digest(&digest::SHA256, ED25519_PUB_KEY);
+            let keyhash = keyhash.as_ref();
+
+            assert!(keyhash.len() == 32);
+            result.push(TlvKinds::KEYHASH as u8);
+            result.push(0);
+            result.push(32);
+            result.push(0);
+            result.extend_from_slice(keyhash);
+
+            let hash = digest::digest(&digest::SHA256, &self.payload);
+            let hash = hash.as_ref();
+            assert!(hash.len() == 32);
+
+            let key_bytes = pem::parse(include_bytes!("../../root-ed25519.pem").as_ref()).unwrap();
+            assert_eq!(key_bytes.tag, "PRIVATE KEY");
+
+            let seed = untrusted::Input::from(&key_bytes.contents[16..48]);
+            let public = untrusted::Input::from(&ED25519_PUB_KEY[12..44]);
+            let key_pair = Ed25519KeyPair::from_seed_and_public_key(seed, public).unwrap();
+            let signature = key_pair.sign(&hash);
+
+            result.push(TlvKinds::ED25519 as u8);
+            result.push(0);
+
+            let signature = signature.as_ref().to_vec();
+            result.push((signature.len() & 0xFF) as u8);
+            result.push(((signature.len() >> 8) & 0xFF) as u8);
+            result.extend_from_slice(signature.as_ref());
+        }
+
         if self.kinds.contains(&TlvKinds::ENCRSA2048) {
             let key_bytes = pem::parse(include_bytes!("../../enc-rsa2048-pub.pem")
                                        .as_ref()).unwrap();
@@ -330,3 +374,4 @@ impl ManifestGen for TlvGen {
 include!("rsa_pub_key-rs.txt");
 include!("rsa3072_pub_key-rs.txt");
 include!("ecdsa_pub_key-rs.txt");
+include!("ed25519_pub_key-rs.txt");