[nrf noup] crypto: ecdsa: Fix shared crypto MCUBoot EXT_ABI

After the upmerge using external crypto from NSIB in MCUBoot resulted in build failures. This commit fixes the build failures but also fixes a change in the API call which resulted in `-102` error when calling the verify function. Ref. NCSDK-23994 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit dc0b692)
de-nordic · Oct 20, 2023 · 2891664 · 2891664
1 parent 4d9859a
commit 2891664
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 23 deletions.
diff --git a/boot/bootutil/include/bootutil/crypto/ecdsa.h b/boot/bootutil/include/bootutil/crypto/ecdsa.h
@@ -73,14 +73,15 @@
 
 #if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
     #include <bl_crypto.h>
-    #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
+    #define NUM_ECC_BYTES (256 / 8)
 #endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#if defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_MBED_TLS) || defined(MCUBOOT_USE_CC310)
+#if defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_MBED_TLS) || defined(MCUBOOT_USE_CC310) \
+    || defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
 /*
  * Declaring these like this adds NULL termination.
  */
@@ -602,43 +603,45 @@ static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
 #endif /* MCUBOOT_USE_MBED_TLS */
 
 #if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
-typedef uintptr_t bootutil_ecdsa_p256_context;
-
-static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)
+typedef uintptr_t bootutil_ecdsa_context;
+static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
 {
     (void)ctx;
 }
 
-static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
+static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
 {
     (void)ctx;
 }
 
-static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
-                                             uint8_t *pk, size_t pk_len,
-                                             uint8_t *hash,
-                                             uint8_t *sig, size_t sig_len)
+static inline int bootutil_ecdsa_verify(bootutil_ecdsa_context *ctx,
+                                        uint8_t *pk, size_t pk_len,
+                                        uint8_t *hash, size_t hash_len,
+                                        uint8_t *sig, size_t sig_len)
 {
     (void)ctx;
     (void)pk_len;
+    (void)hash_len;
     uint8_t dsig[2 * NUM_ECC_BYTES];
 
     if (bootutil_decode_sig(dsig, sig, sig + sig_len)) {
         return -1;
     }
 
-	/* As described on the compact representation in IETF protocols,
-	 * the first byte of the key defines if the ECC points are
-	 * compressed (0x2 or 0x3) or uncompressed (0x4).
-	 * We only support uncompressed keys.
-	 */
-	if (pk[0] != 0x04)
-		return -1;
+    /* Only support uncompressed keys. */
+    if (pk[0] != 0x04) {
+        return -1;
+    }
+    pk++;
 
-	pk++;
+    return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, pk, dsig);
+}
 
-    return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE,
-                                 pk, dsig);
+static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
+                                                  uint8_t **cp,uint8_t *end)
+{
+    (void)ctx;
+    return bootutil_import_key(cp, end);
 }
 #endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */
 

diff --git a/boot/zephyr/prj_minimal.conf b/boot/zephyr/prj_minimal.conf
@@ -11,10 +11,8 @@ CONFIG_FLASH=y
 CONFIG_FPROTECT=y
 CONFIG_PM=n
 
-CONFIG_BOOT_ENCRYPT_EC256=n
-CONFIG_BOOT_ENCRYPT_RSA=n
-CONFIG_BOOT_ENCRYPT_X25519=n
 CONFIG_BOOT_SWAP_SAVE_ENCTLV=n
+CONFIG_BOOT_ENCRYPT_IMAGE=n
 
 CONFIG_BOOT_BOOTSTRAP=n
 CONFIG_BOOT_UPGRADE_ONLY=n