bootutil: Add support for HAMC-SHA512 with ECIES-X25519 (1d83177c) · Commits · Wenxi XU / Mcuboot

boot/bootutil/include/bootutil/enc_key_public.h

+15 −2

Original line number	Diff line number	Diff line
		@@ -70,10 +70,19 @@ extern "C" {
		# define BOOT_ENC_KEY_SIZE 16
		#endif

		#ifdef MCUBOOT_HMAC_SHA512
		# define BOOT_HMAC_SIZE 64
		#else
		# define BOOT_HMAC_SIZE 32
		#endif

		#if defined(MCUBOOT_ENCRYPT_RSA)
		# define BOOT_ENC_TLV_SIZE (256)
		# define BOOT_ENC_TLV IMAGE_TLV_ENC_RSA2048
		#elif defined(MCUBOOT_ENCRYPT_EC256)
		# if defined(MCUBOOT_HMAC_SHA512)
		# error "ECIES-P256 does not support HMAC-SHA512"
		# endif
		# define EC_PUBK_LEN (65)
		# define EC_PRIVK_LEN (32)
		# define EC_SHARED_LEN (32)
		@@ -82,7 +91,11 @@ extern "C" {
		# define EC_PUBK_LEN (32)
		# define EC_PRIVK_LEN (32)
		# define EC_SHARED_LEN (32)
		# if !defined(MCUBOOT_HMAC_SHA512)
		# define BOOT_ENC_TLV IMAGE_TLV_ENC_X25519
		# else
		# define BOOT_ENC_TLV IMAGE_TLV_ENC_X25519_SHA512
		# endif
		#elif defined(MCUBOOT_ENCRYPT_KW)
		# define BOOT_ENC_TLV_SIZE (BOOT_ENC_KEY_SIZE + 8)
		# define BOOT_ENC_TLV IMAGE_TLV_ENC_KW
		@@ -91,7 +104,7 @@ extern "C" {
		/* Common ECIES definitions */
		#if defined(EC_PUBK_LEN)
		# define EC_PUBK_INDEX (0)
		# define EC_TAG_LEN (32)
		# define EC_TAG_LEN (BOOT_HMAC_SIZE)
		# define EC_TAG_INDEX (EC_PUBK_INDEX + EC_PUBK_LEN)
		# define EC_CIPHERKEY_INDEX (EC_TAG_INDEX + EC_TAG_LEN)
		# define EC_CIPHERKEY_LEN BOOT_ENC_KEY_SIZE

+3 −0

Original line number	Diff line number	Diff line
		@@ -113,6 +113,9 @@ extern "C" {
		#define IMAGE_TLV_ENC_KW 0x31 /* Key encrypted with AES-KW 128 or 256*/
		#define IMAGE_TLV_ENC_EC256 0x32 /* Key encrypted with ECIES-EC256 */
		#define IMAGE_TLV_ENC_X25519 0x33 /* Key encrypted with ECIES-X25519 */
		#define IMAGE_TLV_ENC_X25519_SHA512 0x34 /* Key exchange using ECIES-X25519 and SHA512 for MAC
		* tag and HKDF in key derivation process
		*/
		#define IMAGE_TLV_DEPENDENCY 0x40 /* Image depends on other image */
		#define IMAGE_TLV_SEC_CNT 0x50 /* security counter */
		#define IMAGE_TLV_BOOT_RECORD 0x60 /* measured boot record */

+9 −3

Original line number	Diff line number	Diff line
		@@ -27,6 +27,12 @@

		BOOT_LOG_MODULE_DECLARE(mcuboot_psa_enc);

		#if defined(MCUBOOT_HMAC_SHA512)
		#define PSA_HMAC_HKDF_SHA PSA_ALG_SHA_512
		#else
		#define PSA_HMAC_HKDF_SHA PSA_ALG_SHA_256
		#endif

		#define X25519_OID "\x6e"
		static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG \
		MBEDTLS_OID_ORG_GOV X25519_OID;
		@@ -162,7 +168,7 @@ boot_decrypt_key(const uint8_t buf, uint8_t enckey)
		return -1;
		}

		key_do_alg = PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256));
		key_do_alg = PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_HMAC_HKDF_SHA));

		psa_ret = psa_key_derivation_setup(&key_do, key_do_alg);
		if (psa_ret != PSA_SUCCESS) {
		@@ -225,7 +231,7 @@ boot_decrypt_key(const uint8_t buf, uint8_t enckey)
		*/
		psa_set_key_type(&kattr, PSA_KEY_TYPE_HMAC);
		psa_set_key_usage_flags(&kattr, PSA_KEY_USAGE_VERIFY_MESSAGE);
		psa_set_key_algorithm(&kattr, PSA_ALG_HMAC(PSA_ALG_SHA_256));
		psa_set_key_algorithm(&kattr, PSA_ALG_HMAC(PSA_HMAC_HKDF_SHA));

		/* Import the MAC tag key part of derived key */
		psa_ret = psa_import_key(&kattr,
		@@ -239,7 +245,7 @@ boot_decrypt_key(const uint8_t buf, uint8_t enckey)
		}

		/* Verify the MAC tag of the random encryption key */
		psa_ret = psa_mac_verify(kid, PSA_ALG_HMAC(PSA_ALG_SHA_256),
		psa_ret = psa_mac_verify(kid, PSA_ALG_HMAC(PSA_HMAC_HKDF_SHA),
		&buf[EC_CIPHERKEY_INDEX], EC_CIPHERKEY_LEN,
		&buf[EC_TAG_INDEX],
		EC_TAG_LEN);

+4 −0

Original line number	Diff line number	Diff line
		@@ -474,7 +474,11 @@ static const uint16_t allowed_unprot_tlvs[] = {
		IMAGE_TLV_ENC_RSA2048,
		IMAGE_TLV_ENC_KW,
		IMAGE_TLV_ENC_EC256,
		#if !defined(MCUBOOT_HMAC_SHA512)
		IMAGE_TLV_ENC_X25519,
		#else
		IMAGE_TLV_ENC_X25519_SHA512,
		#endif
		/* Mark end with ANY. */
		IMAGE_TLV_ANY,
		};