Skip to content

Zephyr ECDSA P-256 support #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 9, 2017
Merged

Zephyr ECDSA P-256 support #11

merged 3 commits into from
Feb 9, 2017

Conversation

@d3zd3z
Copy link
Member

@d3zd3z d3zd3z commented Feb 2, 2017
edited
Loading

Add Zephyr support for ECDSA P-256 signatures.

d3zd3z added 3 commits February 2, 2017 08:28
@d3zd3z
bootutil: ecdsa P-256: Fix handling of sizes
baff96f 
The ECDSA signature is written as two DER-encoded INTEGERS.  Although
the values are always 256 bits, the encoding ends up being variable
length, because the encoding is signed, and therefore needs an extra
zero byte to keep the number positive.  This means that the length can
vary by up to two bytes.

The 'newt' tool handles this for signature by allowing space for the
largest encoding, and padding with one or two zeros.  However, the
bootutil image check code insists that the length is exact, resulting in
a decoding error on about 3/4 signatures.

Fix this by only verifying that we have at least enough payload to hold
the signature.  There are later checks that will fail if the integers
themselves are too large.
@d3zd3z
zephyr: Support RSA, and ECDSA P-256 signing
3869e76 
Make it clear in the top-level Makefile how to configure mcuboot for
Zephyr for a particular signing algorithm.  Currently supported, are the
RSA signatures, and ECDSA with the P-256 curve.  These configuration
lines will select the code built in the bootloader, as well as which
public key gets included with the image.

This also adds a demo public key for the P-256 signatures.
@d3zd3z
zephyr: Make makefile clearer about configuration
8322c30 
Separate the signature selection blocks, so that it is clearer to add
another config option for the boot verification.
@d3zd3z d3zd3z changed the title Zephyr Zephyr ECDSA P-256 support Feb 8, 2017
@ccollins476ad
Copy link
Collaborator

Looks good to me. Thanks, David.

@ccollins476ad ccollins476ad merged commit 8322c30 into mcu-tools:master Feb 9, 2017
ccollins476ad added a commit that referenced this pull request Feb 9, 2017
@ccollins476ad
This closes #11.
871054f 
Merge remote-tracking branch 'd3zd3z/zephyr'

* d3zd3z/zephyr:
  zephyr: Make makefile clearer about configuration
  zephyr: Support RSA, and ECDSA P-256 signing
  bootutil: ecdsa P-256: Fix handling of sizes
@d3zd3z d3zd3z deleted the zephyr branch June 22, 2017 18:18
nickrbogdanov pushed a commit to nickrbogdanov/mcuboot that referenced this pull request Mar 21, 2023
@amoskopp
Refactor imgtool.py to handle PKCS mcu-tools#11 URIs
d7c58b6
nickrbogdanov pushed a commit to nickrbogdanov/mcuboot that referenced this pull request Mar 21, 2023
@amoskopp @nickrbogdanov
Refactor imgtool.py to handle PKCS mcu-tools#11 URIs
9653239
nickrbogdanov pushed a commit to nickrbogdanov/mcuboot that referenced this pull request Jun 3, 2023
@amoskopp @nickrbogdanov
Refactor imgtool.py to handle PKCS mcu-tools#11 URIs
0258623
rretanubun pushed a commit to rretanubun/mcuboot that referenced this pull request Apr 26, 2024
@amoskopp @rretanubun
Refactor imgtool.py to handle PKCS mcu-tools#11 URIs
33c6400 
ref: mcu-tools#599
which is still not mainlined

ref: grandcentrix/mcuboot@d7c58b62
part 3 of a 3 commit series
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@d3zd3z @ccollins476ad