2016-11-03 02:33:30 -04:00
|
|
|
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
#include "sdkconfig.h"
|
|
|
|
|
|
|
|
#include "bootloader_flash.h"
|
2017-06-28 02:46:34 -04:00
|
|
|
#include "bootloader_sha.h"
|
2016-11-03 02:33:30 -04:00
|
|
|
#include "esp_log.h"
|
|
|
|
#include "esp_image_format.h"
|
|
|
|
#include "esp_secure_boot.h"
|
|
|
|
|
|
|
|
#include "uECC.h"
|
|
|
|
|
|
|
|
#ifdef BOOTLOADER_BUILD
|
|
|
|
#include "rom/sha.h"
|
|
|
|
typedef SHA_CTX sha_context;
|
|
|
|
#else
|
|
|
|
#include "hwcrypto/sha.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static const char* TAG = "secure_boot";
|
|
|
|
|
|
|
|
extern const uint8_t signature_verification_key_start[] asm("_binary_signature_verification_key_bin_start");
|
|
|
|
extern const uint8_t signature_verification_key_end[] asm("_binary_signature_verification_key_bin_end");
|
|
|
|
|
|
|
|
#define SIGNATURE_VERIFICATION_KEYLEN 64
|
|
|
|
|
2017-06-28 02:46:34 -04:00
|
|
|
#define DIGEST_LEN 32
|
|
|
|
|
2016-11-03 02:33:30 -04:00
|
|
|
esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
|
|
|
|
{
|
2017-06-28 02:46:34 -04:00
|
|
|
uint8_t digest[DIGEST_LEN];
|
2016-11-15 23:42:38 -05:00
|
|
|
const uint8_t *data;
|
2016-11-11 01:00:34 -05:00
|
|
|
const esp_secure_boot_sig_block_t *sigblock;
|
2016-11-03 02:33:30 -04:00
|
|
|
|
|
|
|
ESP_LOGD(TAG, "verifying signature src_addr 0x%x length 0x%x", src_addr, length);
|
|
|
|
|
2016-11-11 01:00:34 -05:00
|
|
|
data = bootloader_mmap(src_addr, length + sizeof(esp_secure_boot_sig_block_t));
|
2016-11-03 02:33:30 -04:00
|
|
|
if(data == NULL) {
|
2016-11-11 01:00:34 -05:00
|
|
|
ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", src_addr, length+sizeof(esp_secure_boot_sig_block_t));
|
2016-11-03 02:33:30 -04:00
|
|
|
return ESP_FAIL;
|
|
|
|
}
|
|
|
|
|
2017-06-28 02:46:34 -04:00
|
|
|
// Calculate digest of main image
|
2016-11-03 02:33:30 -04:00
|
|
|
#ifdef BOOTLOADER_BUILD
|
2017-06-28 02:46:34 -04:00
|
|
|
bootloader_sha256_handle_t handle = bootloader_sha256_start();
|
|
|
|
bootloader_sha256_data(handle, data, length);
|
|
|
|
bootloader_sha256_finish(handle, digest);
|
2016-11-03 02:33:30 -04:00
|
|
|
#else
|
2016-11-20 00:29:29 -05:00
|
|
|
/* Use thread-safe esp-idf SHA function */
|
|
|
|
esp_sha(SHA2_256, data, length, digest);
|
2016-11-03 02:33:30 -04:00
|
|
|
#endif
|
|
|
|
|
2017-06-28 02:46:34 -04:00
|
|
|
// Map the signature block and verify the signature
|
|
|
|
sigblock = (const esp_secure_boot_sig_block_t *)(data + length);
|
|
|
|
esp_err_t err = esp_secure_boot_verify_signature_block(sigblock, digest);
|
|
|
|
bootloader_munmap(data);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
esp_err_t esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest)
|
|
|
|
{
|
|
|
|
ptrdiff_t keylen;
|
|
|
|
bool is_valid;
|
|
|
|
|
2016-11-03 02:33:30 -04:00
|
|
|
keylen = signature_verification_key_end - signature_verification_key_start;
|
|
|
|
if(keylen != SIGNATURE_VERIFICATION_KEYLEN) {
|
|
|
|
ESP_LOGE(TAG, "Embedded public verification key has wrong length %d", keylen);
|
2017-06-28 02:46:34 -04:00
|
|
|
return ESP_FAIL;
|
2016-11-03 02:33:30 -04:00
|
|
|
}
|
|
|
|
|
2017-06-28 02:46:34 -04:00
|
|
|
if (sig_block->version != 0) {
|
|
|
|
ESP_LOGE(TAG, "image has invalid signature version field 0x%08x", sig_block->version);
|
|
|
|
return ESP_FAIL;
|
|
|
|
}
|
2016-11-03 02:33:30 -04:00
|
|
|
|
2017-06-28 02:46:34 -04:00
|
|
|
is_valid = uECC_verify(signature_verification_key_start,
|
|
|
|
image_digest,
|
|
|
|
DIGEST_LEN,
|
|
|
|
sig_block->signature,
|
|
|
|
uECC_secp256r1());
|
2016-11-03 02:33:30 -04:00
|
|
|
return is_valid ? ESP_OK : ESP_ERR_IMAGE_INVALID;
|
|
|
|
}
|