LXR uboot/lib/ecdsa/ecdsa-verify.c

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * ECDSA signature verification for u-boot
   4 *
   5 * This implements the firmware-side wrapper for ECDSA verification. It bridges
   6 * the struct crypto_algo API to the ECDSA uclass implementations.
   7 *
   8 * Copyright (c) 2020, Alexandru Gagniuc <mr.nuke.me@gmail.com>
   9 */
  10
  11#include <crypto/ecdsa-uclass.h>
  12#include <dm/uclass.h>
  13#include <u-boot/ecdsa.h>
  14
  15/*
  16 * Derive size of an ECDSA key from the curve name
  17 *
  18 * While it's possible to extract the key size by using string manipulation,
  19 * use a list of known curves for the time being.
  20 */
  21static int ecdsa_key_size(const char *curve_name)
  22{
  23        if (!strcmp(curve_name, "prime256v1"))
  24                return 256;
  25        else
  26                return 0;
  27}
  28
  29static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
  30{
  31        int x_len, y_len;
  32
  33        key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);
  34        key->size_bits = ecdsa_key_size(key->curve_name);
  35        if (key->size_bits == 0) {
  36                debug("Unknown ECDSA curve '%s'", key->curve_name);
  37                return -EINVAL;
  38        }
  39
  40        key->x = fdt_getprop(fdt, node, "ecdsa,x-point", &x_len);
  41        key->y = fdt_getprop(fdt, node, "ecdsa,y-point", &y_len);
  42
  43        if (!key->x || !key->y)
  44                return -EINVAL;
  45
  46        if (x_len != (key->size_bits / 8) || y_len != (key->size_bits / 8)) {
  47                printf("%s: node=%d, curve@%p x@%p+%i y@%p+%i\n", __func__,
  48                       node, key->curve_name, key->x, x_len, key->y, y_len);
  49                return -EINVAL;
  50        }
  51
  52        return 0;
  53}
  54
  55static int ecdsa_verify_hash(struct udevice *dev,
  56                             const struct image_sign_info *info,
  57                             const void *hash, const void *sig, uint sig_len)
  58{
  59        const struct ecdsa_ops *ops = device_get_ops(dev);
  60        const struct checksum_algo *algo = info->checksum;
  61        struct ecdsa_public_key key;
  62        int sig_node, key_node, ret;
  63
  64        if (!ops || !ops->verify)
  65                return -ENODEV;
  66
  67        if (info->required_keynode > 0) {
  68                ret = fdt_get_key(&key, info->fdt_blob, info->required_keynode);
  69                if (ret < 0)
  70                        return ret;
  71
  72                return ops->verify(dev, &key, hash, algo->checksum_len,
  73                                   sig, sig_len);
  74        }
  75
  76        sig_node = fdt_subnode_offset(info->fdt_blob, 0, FIT_SIG_NODENAME);
  77        if (sig_node < 0)
  78                return -ENOENT;
  79
  80        /* Try all possible keys under the "/signature" node */
  81        fdt_for_each_subnode(key_node, info->fdt_blob, sig_node) {
  82                ret = fdt_get_key(&key, info->fdt_blob, key_node);
  83                if (ret < 0)
  84                        continue;
  85
  86                ret = ops->verify(dev, &key, hash, algo->checksum_len,
  87                                  sig, sig_len);
  88
  89                /* On success, don't worry about remaining keys */
  90                if (!ret)
  91                        return 0;
  92        }
  93
  94        return -EPERM;
  95}
  96
  97int ecdsa_verify(struct image_sign_info *info,
  98                 const struct image_region region[], int region_count,
  99                 uint8_t *sig, uint sig_len)
 100{
 101        const struct checksum_algo *algo = info->checksum;
 102        uint8_t hash[algo->checksum_len];
 103        struct udevice *dev;
 104        int ret;
 105
 106        ret = uclass_first_device_err(UCLASS_ECDSA, &dev);
 107        if (ret) {
 108                debug("ECDSA: Could not find ECDSA implementation: %d\n", ret);
 109                return ret;
 110        }
 111
 112        ret = algo->calculate(algo->name, region, region_count, hash);
 113        if (ret < 0)
 114                return -EINVAL;
 115
 116        return ecdsa_verify_hash(dev, info, hash, sig, sig_len);
 117}
 118
 119U_BOOT_CRYPTO_ALGO(ecdsa) = {
 120        .name = "ecdsa256",
 121        .key_len = ECDSA256_BYTES,
 122        .verify = ecdsa_verify,
 123};
 124
 125/*
 126 * uclass definition for ECDSA API
 127 *
 128 * We don't implement any wrappers around ecdsa_ops->verify() because it's
 129 * trivial to call ops->verify().
 130 */
 131UCLASS_DRIVER(ecdsa) = {
 132        .id             = UCLASS_ECDSA,
 133        .name           = "ecdsa_verifier",
 134};
 135