components/bootloader_support/src/secure_boot_signatures.c

   1 // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
   2 //
   3 // Licensed under the Apache License, Version 2.0 (the "License");
   4 // you may not use this file except in compliance with the License.
   5 // You may obtain a copy of the License at
   6
   7 //     http://www.apache.org/licenses/LICENSE-2.0
   8 //
   9 // Unless required by applicable law or agreed to in writing, software
  10 // distributed under the License is distributed on an "AS IS" BASIS,
  11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 // See the License for the specific language governing permissions and
  13 // limitations under the License.
  14 #include "sdkconfig.h"
  15
  16 #include "bootloader_flash.h"
  17 #include "bootloader_sha.h"
  18 #include "esp_log.h"
  19 #include "esp_image_format.h"
  20 #include "esp_secure_boot.h"
  21
  22 #include "uECC.h"
  23
  24 #ifdef BOOTLOADER_BUILD
  25 #include "rom/sha.h"
  26 typedef SHA_CTX sha_context;
  27 #else
  28 #include "hwcrypto/sha.h"
  29 #endif
  30
  31 static const char* TAG = "secure_boot";
  32
  33 extern const uint8_t signature_verification_key_start[] asm("_binary_signature_verification_key_bin_start");
  34 extern const uint8_t signature_verification_key_end[] asm("_binary_signature_verification_key_bin_end");
  35
  36 #define SIGNATURE_VERIFICATION_KEYLEN 64
  37
  38 #define DIGEST_LEN 32
  39
  40 esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
  41 {
  42     uint8_t digest[DIGEST_LEN];
  43     const uint8_t *data;
  44     const esp_secure_boot_sig_block_t *sigblock;
  45
  46     ESP_LOGD(TAG, "verifying signature src_addr 0x%x length 0x%x", src_addr, length);
  47
  48     data = bootloader_mmap(src_addr, length + sizeof(esp_secure_boot_sig_block_t));
  49     if(data == NULL) {
  50         ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", src_addr, length+sizeof(esp_secure_boot_sig_block_t));
  51         return ESP_FAIL;
  52     }
  53
  54     // Calculate digest of main image
  55 #ifdef BOOTLOADER_BUILD
  56     bootloader_sha256_handle_t handle = bootloader_sha256_start();
  57     bootloader_sha256_data(handle, data, length);
  58     bootloader_sha256_finish(handle, digest);
  59 #else
  60     /* Use thread-safe esp-idf SHA function */
  61     esp_sha(SHA2_256, data, length, digest);
  62 #endif
  63
  64     // Map the signature block and verify the signature
  65     sigblock = (const esp_secure_boot_sig_block_t *)(data + length);
  66     esp_err_t err = esp_secure_boot_verify_signature_block(sigblock, digest);
  67     bootloader_munmap(data);
  68     return err;
  69 }
  70
  71 esp_err_t esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest)
  72 {
  73     ptrdiff_t keylen;
  74     bool is_valid;
  75
  76     keylen = signature_verification_key_end - signature_verification_key_start;
  77     if(keylen != SIGNATURE_VERIFICATION_KEYLEN) {
  78         ESP_LOGE(TAG, "Embedded public verification key has wrong length %d", keylen);
  79         return ESP_FAIL;
  80     }
  81
  82     if (sig_block->version != 0) {
  83         ESP_LOGE(TAG, "image has invalid signature version field 0x%08x", sig_block->version);
  84         return ESP_FAIL;
  85     }
  86
  87     is_valid = uECC_verify(signature_verification_key_start,
  88                                 image_digest,
  89                                 DIGEST_LEN,
  90                                 sig_block->signature,
  91                                 uECC_secp256r1());
  92     return is_valid ? ESP_OK : ESP_ERR_IMAGE_INVALID;
  93 }