[nrf noup] boot: bootutil: Add shared crypto for ECDSA and SHA

* Add functions for ecdsa_verify_secp256r1 and sha256 to use the shared
crypto API
* Add Kconfig and CMake variables for selecting shared crypto when using
ecdsa
* Add custom section to project for placing the API section in the
correct location in flash
* Add kconfig fragment for using external crypto

Signed-off-by: Sigvart Hovland <[email protected]>
Signed-off-by: Martí Bolívar <[email protected]>
Signed-off-by: Emil Obalski <[email protected]>
Signed-off-by: Andrzej Puzdrowski <[email protected]>
Signed-off-by: Håkon Øye Amundsen <[email protected]>
Signed-off-by: Ioannis Glaropoulos <[email protected]>
Signed-off-by: Trond Einar Snekvik <[email protected]>
Signed-off-by: Georgios Vasilakis <[email protected]>
Signed-off-by: Johann Fischer <[email protected]>
Signed-off-by: Torsten Rasmussen <[email protected]>
Signed-off-by: Jamie McCrae <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit e741540)
(cherry picked from commit 6804ab2)

Author: sigvartmh

boot/bootutil/include/bootutil/crypto/ecdsa_p256.h

@@ -14,6 +14,7 @@
 
 #if (defined(MCUBOOT_USE_TINYCRYPT) + \
      defined(MCUBOOT_USE_CC310) + \
+     defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \
      defined(MCUBOOT_USE_MBED_TLS)) != 1
     #error "One crypto backend must be defined: either CC310, TINYCRYPT, or MBED_TLS"
 #endif
@@ -47,6 +48,11 @@
 #include "bootutil/sign_key.h"
 #include "common.h"
 
+#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
+    #include <bl_crypto.h>
+    #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
+#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -372,6 +378,43 @@ static inline int bootutil_ecdsa_p256_parse_public_key(bootutil_ecdsa_p256_conte
 
 #endif /* MCUBOOT_USE_MBED_TLS */
 
+#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
+typedef uintptr_t bootutil_ecdsa_p256_context;
+
+static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)
+{
+    (void)ctx;
+}
+
+static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
+{
+    (void)ctx;
+}
+
+static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
+                                             uint8_t *pk, size_t pk_len,
+                                             uint8_t *hash,
+                                             uint8_t *sig, size_t sig_len)
+{
+    (void)ctx;
+    (void)pk_len;
+    (void)sig_len;
+
+	/* As described on the compact representation in IETF protocols,
+	 * the first byte of the key defines if the ECC points are
+	 * compressed (0x2 or 0x3) or uncompressed (0x4).
+	 * We only support uncompressed keys.
+	 */
+	if (pk[0] != 0x04)
+		return -1;
+
+	pk++;
+
+    return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE,
+                                 pk, sig);
+}
+#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/include/bootutil/crypto/sha256.h

@@ -22,6 +22,7 @@
 
 #if (defined(MCUBOOT_USE_MBED_TLS) + \
      defined(MCUBOOT_USE_TINYCRYPT) + \
+     defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \
      defined(MCUBOOT_USE_CC310)) != 1
     #error "One crypto backend must be defined: either CC310, MBED_TLS or TINYCRYPT"
 #endif
@@ -139,6 +140,37 @@ static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx,
 }
 #endif /* MCUBOOT_USE_CC310 */
 
+#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
+
+#include <bl_crypto.h>
+
+typedef bl_sha256_ctx_t bootutil_sha256_context;
+
+static inline void bootutil_sha256_init(bootutil_sha256_context *ctx)
+{
+    bl_sha256_init(ctx);
+}
+
+static inline void bootutil_sha256_drop(bootutil_sha256_context *ctx)
+{
+    (void)ctx;
+}
+
+static inline int bootutil_sha256_update(bootutil_sha256_context *ctx,
+                                          const void *data,
+                                          uint32_t data_len)
+{
+    return bl_sha256_update(ctx, data, data_len);
+}
+
+static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx,
+                                          uint8_t *output)
+{
+    bl_sha256_finalize(ctx, output);
+    return 0;
+}
+#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/src/image_ec256.c

@@ -30,7 +30,6 @@
 #include "mcuboot_config/mcuboot_config.h"
 
 #ifdef MCUBOOT_SIGN_EC256
-
 #include "bootutil_priv.h"
 #include "bootutil/fault_injection_hardening.h"
 #include "bootutil/crypto/ecdsa_p256.h"

boot/zephyr/CMakeLists.txt

@@ -155,6 +155,8 @@ if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_
     zephyr_library_sources(${NRF_DIR}/cc310_glue.c)
     zephyr_library_include_directories(${NRF_DIR})
     zephyr_link_libraries(nrfxlib_crypto)
+  elseif(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO)
+    zephyr_include_directories(${BL_CRYPTO_DIR}/../include)
   endif()
 
   # Since here we are not using Zephyr's mbedTLS but rather our own, we need

boot/zephyr/external_crypto.conf

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2021 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# These configurations should be used when using nrf/samples/bootloader
+# as the immutable bootloader (B0), and MCUBoot as the second stage updateable
+# bootloader.
+
+# Set ECDSA as signing mechanism
+CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
+
+# Use crypto backend from B0
+CONFIG_BOOT_NRF_EXTERNAL_CRYPTO=y
+CONFIG_SECURE_BOOT_CRYPTO=y
+CONFIG_SB_CRYPTO_CLIENT_ECDSA_SECP256R1=y
+CONFIG_SB_CRYPTO_CLIENT_SHA256=y
+CONFIG_BL_SHA256_EXT_API_REQUIRED=y
+CONFIG_BL_SECP256R1_EXT_API_REQUIRED=y

boot/zephyr/include/mcuboot_config/mcuboot_config.h

@@ -39,9 +39,8 @@
 #define MCUBOOT_USE_TINYCRYPT
 #elif defined(CONFIG_BOOT_USE_CC310)
 #define MCUBOOT_USE_CC310
-#ifdef CONFIG_BOOT_USE_NRF_CC310_BL
-#define MCUBOOT_USE_NRF_CC310_BL
-#endif
+#elif defined(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO)
+#define MCUBOOT_USE_NRF_EXTERNAL_CRYPTO
 #endif
 
 /* Zephyr, regardless of C library used, provides snprintf */