From a57c54dd355ff219d13861cda439c25282f54055 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Tue, 8 Oct 2024 16:31:48 +0000 Subject: [PATCH 1/3] [nrf fromlist] bootutil: Allow bypassing ASN.1 encoding for ED25519 key import The commit adds MCUBOOT_KEY_IMPORT_BYPASS_ASN configuration option that allows bypassing ASN.1 decoding of ED25519 public key, compiled into MCUboot. When the option is enabled the key will be accessed directly and ASN.1 processing is not compiled in, resulting in smaller footprint of MCUboot, at a cost of reduced detection of invalid key, i.e. public key designated for different method than compiled in. Upstream PR: https://github.com/mcu-tools/mcuboot/pull/2089 Signed-off-by: Dominik Ermel --- boot/bootutil/src/image_ed25519.c | 19 +++++++++++++++++++ .../include/mcuboot_config/mcuboot_config.h | 4 ++++ 2 files changed, 23 insertions(+) diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c index e6c792a99..42c1a86b9 100644 --- a/boot/bootutil/src/image_ed25519.c +++ b/boot/bootutil/src/image_ed25519.c @@ -25,6 +25,7 @@ #include "bootutil/crypto/sha.h" #define EDDSA_SIGNATURE_LENGTH 64 + #define NUM_ED25519_BYTES 32 extern int ED25519_verify(const uint8_t *message, size_t message_len, @@ -35,9 +36,12 @@ extern int ED25519_verify(const uint8_t *message, size_t message_len, static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70"; +#if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN) /* * Parse the public key used for signing. */ +static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70"; + static int bootutil_import_key(uint8_t **cp, uint8_t *end) { @@ -73,6 +77,8 @@ bootutil_import_key(uint8_t **cp, uint8_t *end) return 0; } +#endif /* !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN) */ + #endif fih_ret @@ -95,11 +101,24 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, pubkey = (uint8_t *)bootutil_keys[key_id].key; end = pubkey + *bootutil_keys[key_id].len; +#if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN) rc = bootutil_import_key(&pubkey, end); if (rc) { FIH_SET(fih_rc, FIH_FAILURE); goto out; } +#else + /* Directly use the key contents from the ASN stream, + * these are the last NUM_ED25519_BYTES. + * There is no check whether this is the correct key, + * here, by the algorithm selected. + */ + if (*bootutil_keys[key_id].len < NUM_ED25519_BYTES) { + FIH_SET(fih_rc, FIH_FAILURE); + goto out; + } + + pubkey = end - NUM_ED25519_BYTES; #endif rc = ED25519_verify(hash, IMAGE_HASH_SIZE, sig, pubkey); diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index 7896e0939..bc5188138 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -34,6 +34,10 @@ # error "One crypto library implementation allowed at a time." #endif +#if defined(CONFIG_BOOT_KEY_IMPORT_BYPASS_ASN) +#define MCUBOOT_KEY_IMPORT_BYPASS_ASN +#endif + #ifdef CONFIG_BOOT_USE_MBEDTLS #define MCUBOOT_USE_MBED_TLS #elif defined(CONFIG_BOOT_USE_TINYCRYPT) From 22db4fd0c2a7e6dcdf6041c2dc4af09c706bab98 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Tue, 8 Oct 2024 16:36:15 +0000 Subject: [PATCH 2/3] [nrf fromlist] zephyr: Add Kconfig option CONFIG_BOOT_KEY_IMPORT_BYPASS_ASN The option enables MCUboot configuration option MCUBOOT_KEY_IMPORT_BYPASS_ASN. Upstream PR: https://github.com/mcu-tools/mcuboot/pull/2089 Signed-off-by: Dominik Ermel --- boot/zephyr/Kconfig | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 77d57e15f..939de8129 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -299,6 +299,15 @@ config BOOT_ED25519_PSA select BOOT_X25519_PSA_DEPENDENCIES if BOOT_ENCRYPT_IMAGE endchoice + +config BOOT_KEY_IMPORT_BYPASS_ASN + bool "Directly access key value without ASN.1 parsing" + help + Originally, public keys compiled into MCUboot were + stored in ASN.1 encoded format. Enabling this option + bypasses the ASN.1 decoding and directly accesses the key + in ASN.1 bitstream; this reduces MCUboot code by removing + the ASN.1 processing. endif endchoice From b828c36776531b27731b86ed418661b58bfaabe9 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Wed, 9 Oct 2024 12:34:28 +0000 Subject: [PATCH 3/3] [nrf noup] Add ASN.1 bypass to bootutil_verify_img Allow ASN.1 bypass for image verification. Signed-off-by: Dominik Ermel --- boot/bootutil/src/image_ed25519.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c index 42c1a86b9..6d6ae525b 100644 --- a/boot/bootutil/src/image_ed25519.c +++ b/boot/bootutil/src/image_ed25519.c @@ -155,11 +155,24 @@ bootutil_verify_img(const uint8_t *img, uint32_t size, pubkey = (uint8_t *)bootutil_keys[key_id].key; end = pubkey + *bootutil_keys[key_id].len; +#if !defined(MCUBOOT_KEY_IMPORT_BYPASS_ASN) rc = bootutil_import_key(&pubkey, end); if (rc) { FIH_SET(fih_rc, FIH_FAILURE); goto out; } +#else + /* Directly use the key contents from the ASN stream, + * these are the last NUM_ED25519_BYTES. + * There is no check whether this is the correct key, + * here, by the algorithm selected. + */ + if (*bootutil_keys[key_id].len < NUM_ED25519_BYTES) { + FIH_SET(fih_rc, FIH_FAILURE); + goto out; + } + + pubkey = end - NUM_ED25519_BYTES; #endif rc = ED25519_verify(img, size, sig, pubkey);