Merge: Synchronized up to 5b7ed6a8

    - uses: actions/checkout@v2

      with:

        fetch-depth: 0

    - name: Cache pip

      uses: actions/cache@v1

      with:

        path: ~/.cache/pip

        key: ${{ runner.os }}-pip

    - name: Install packages

      run: |

        export PATH="$HOME/.local/bin:$PATH"

    strategy:

      matrix:

        features:

        - "sig-ecdsa,sig-ed25519,enc-kw,bootstrap"

        - "sig-ecdsa,sig-ecdsa-mbedtls,sig-ed25519,enc-kw,bootstrap"

        - "sig-rsa,sig-rsa3072,overwrite-only,validate-primary-slot,swap-move"

        - "enc-rsa"

        - "enc-ec256"

        - "enc-x25519"

        - "sig-rsa overwrite-only large-write,sig-ecdsa overwrite-only large-write,multiimage overwrite-only large-write"

        - "sig-rsa validate-primary-slot,sig-ecdsa validate-primary-slot,sig-rsa multiimage validate-primary-slot"

        - "sig-rsa overwrite-only large-write,sig-ecdsa overwrite-only large-write,sig-ecdsa-mbedtls overwrite-only large-write,multiimage overwrite-only large-write"

        - "sig-rsa validate-primary-slot,sig-ecdsa validate-primary-slot,sig-ecdsa-mbedtls validate-primary-slot,sig-rsa multiimage validate-primary-slot"

        - "enc-kw overwrite-only large-write,enc-rsa overwrite-only large-write"

        - "sig-rsa enc-rsa validate-primary-slot,swap-move enc-rsa sig-rsa validate-primary-slot bootstrap"

        - "sig-rsa enc-kw validate-primary-slot bootstrap,sig-ed25519 enc-x25519 validate-primary-slot"

        - "sig-ecdsa enc-kw validate-primary-slot"

        - "sig-ecdsa-mbedtls enc-kw validate-primary-slot"

        - "sig-rsa validate-primary-slot overwrite-only large-write"

        - "sig-ecdsa enc-ec256 validate-primary-slot"

        # ecdsa-mbedtls and enc-ec256 are not currently supported

        # together, as the ec256 code requires only one backend be

        # active.

        # - "sig-ecdsa-mbedtls enc-ec256 validate-primary-slot"

        - "sig-rsa validate-primary-slot overwrite-only downgrade-prevention"

    runs-on: ubuntu-latest

    env:

#if (defined(MCUBOOT_USE_TINYCRYPT) + \

     defined(MCUBOOT_USE_CC310) + \

     defined(MCUBOOT_USE_MBED_TLS)) != 1

    #error "One crypto backend must be defined: either CC310 or TINYCRYPT"

    #error "One crypto backend must be defined: either CC310, TINYCRYPT, or MBED_TLS"

#endif

#if defined(MCUBOOT_USE_TINYCRYPT)

    #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)

#endif /* MCUBOOT_USE_CC310 */

#if defined(MCUBOOT_USE_MBED_TLS)

    #include <mbedtls/ecdsa.h>

    #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)

#endif

#ifdef __cplusplus

extern "C" {

#endif

    (void)ctx;

}

static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, const uint8_t *pk, const uint8_t *hash, const uint8_t *sig)

static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,

                                             const uint8_t *pk, size_t pk_len,

                                             const uint8_t *hash,

                                             const uint8_t *sig, size_t sig_len)

{

    int rc;

    (void)ctx;

    (void)pk_len;

    (void)sig_len;

    /* Only support uncompressed keys. */

    if (pk[0] != 0x04) {

        return -1;

    }

    pk++;

    rc = uECC_verify(pk, hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, sig, uECC_secp256r1());

    if (rc != TC_CRYPTO_SUCCESS) {

        return -1;

    (void)ctx;

}

static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, uint8_t *pk, uint8_t *hash, uint8_t *sig)

static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,

                                             uint8_t *pk, size_t pk_len,

                                             uint8_t *hash,

                                             uint8_t *sig, size_t sig_len)

{

    (void)ctx;

    (void)pk_len;

    (void)sig_len;

    /* Only support uncompressed keys. */

    if (pk[0] != 0x04) {

        return -1;

    }

    pk++;

    return cc310_ecdsa_verify_secp256r1(hash, pk, sig, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE);

}

#endif /* MCUBOOT_USE_CC310 */

#if defined(MCUBOOT_USE_MBED_TLS)

/* Indicate to the caller that the verify function needs the raw ASN.1

 * signature, not a decoded one. */

#define MCUBOOT_ECDSA_NEED_ASN1_SIG

typedef mbedtls_ecdsa_context bootutil_ecdsa_p256_context;

static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)

{

    mbedtls_ecdsa_init(ctx);

}

static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)

{

    mbedtls_ecdsa_free(ctx);

}

static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,

                                             uint8_t *pk, size_t pk_len,

                                             uint8_t *hash,

                                             uint8_t *sig, size_t sig_len)

{

    int rc;

    (void)sig;

    (void)hash;

    rc = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1);

    if (rc) {

        return -1;

    }

    rc = mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, pk, pk_len);

    if (rc) {

        return -1;

    }

    rc = mbedtls_ecp_check_pubkey(&ctx->grp, &ctx->Q);

    if (rc) {

        return -1;

    }

    rc = mbedtls_ecdsa_read_signature(ctx, hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE,

                                      sig, sig_len);

    if (rc) {

        return -1;

    }

    return 0;

}

#endif /* MCUBOOT_USE_MBED_TLS */

#ifdef __cplusplus

}

#endif

 * Image header flags.

 */

#define IMAGE_F_PIC                      0x00000001 /* Not supported. */

#define IMAGE_F_NON_BOOTABLE             0x00000010 /* Split image app. */

#define IMAGE_F_ENCRYPTED                0x00000004 /* Encrypted. */

#define IMAGE_F_NON_BOOTABLE             0x00000010 /* Split image app. */

/*

 * Indicates that this image should be loaded into RAM instead of run

 * directly from flash.  The address to load should be in the

 */

#define IMAGE_F_RAM_LOAD                 0x00000020

/*

 * Indicates that ih_load_addr stores information on flash/ROM address the

 * image has been built for.

 */

#define IMAGE_F_ROM_FIXED                0x00000100

/*

 * ECSDA224 is with NIST P-224

 * ECSDA256 is with NIST P-256

#ifdef MCUBOOT_SIGN_EC256

/*TODO: remove this after cypress port mbedtls to abstract crypto api */

#ifdef MCUBOOT_USE_CC310

#if defined(MCUBOOT_USE_CC310) || defined(MCUBOOT_USE_MBED_TLS)

#define NUM_ECC_BYTES (256 / 8)

#endif

#if defined (MCUBOOT_USE_TINYCRYPT) || defined (MCUBOOT_USE_CC310)

#if defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_CC310) || \

    defined(MCUBOOT_USE_MBED_TLS)

#include "bootutil/sign_key.h"

#include "mbedtls/oid.h"

    if (len != 2 * NUM_ECC_BYTES + 1) {

        return -8;

    }

    /* Is uncompressed? */

    if (*cp[0] != 0x04) {

        return -9;

    }

    (*cp)++;

    return 0;

}

#ifndef MCUBOOT_ECDSA_NEED_ASN1_SIG

/*

 * cp points to ASN1 string containing an integer.

 * Verify the tag, and that the length is 32 bytes.

    }

    return 0;

}

#endif /* not MCUBOOT_ECDSA_NEED_ASN1_SIG */

int

bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,

    uint8_t *pubkey;

    uint8_t *end;

#ifndef MCUBOOT_ECDSA_NEED_ASN1_SIG

    uint8_t signature[2 * NUM_ECC_BYTES];

#endif

    pubkey = (uint8_t *)bootutil_keys[key_id].key;

    end = pubkey + *bootutil_keys[key_id].len;

        return -1;

    }

#ifndef MCUBOOT_ECDSA_NEED_ASN1_SIG

    rc = bootutil_decode_sig(signature, sig, sig + slen);

    if (rc) {

        return -1;

    }

#endif

    /*

     * This is simplified, as the hash length is also 32 bytes.

    }

    bootutil_ecdsa_p256_init(&ctx);

    rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, hash, signature);

#ifdef MCUBOOT_ECDSA_NEED_ASN1_SIG

    rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, end - pubkey, hash, sig, slen);

#else

    rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, end - pubkey, hash, signature,

                                    2 * NUM_ECC_BYTES);

#endif

    bootutil_ecdsa_p256_drop(&ctx);

    return rc;

}