1 /*
2  * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 #include "sdkconfig.h"
7 
8 #include "bootloader_flash_priv.h"
9 #include "bootloader_sha.h"
10 #include "bootloader_utility.h"
11 #include "esp_log.h"
12 #include "esp_image_format.h"
13 #include "esp_secure_boot.h"
14 #include "spi_flash_mmap.h"
15 #include "esp_fault.h"
16 #include "esp32/rom/sha.h"
17 #include "uECC_verify_antifault.h"
18 
19 #include <sys/param.h>
20 #include <string.h>
21 
22 static const char *TAG = "secure_boot";
23 
24 #ifdef CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME
25 extern const uint8_t signature_verification_key_start[] asm("_binary_signature_verification_key_bin_start");
26 extern const uint8_t signature_verification_key_end[] asm("_binary_signature_verification_key_bin_end");
27 
28 #define SIGNATURE_VERIFICATION_KEYLEN 64
29 
esp_secure_boot_verify_signature(uint32_t src_addr,uint32_t length)30 esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
31 {
32     uint8_t digest[ESP_SECURE_BOOT_DIGEST_LEN];
33     uint8_t verified_digest[ESP_SECURE_BOOT_DIGEST_LEN] = { 0 }; /* ignored in this function */
34     const esp_secure_boot_sig_block_t *sigblock;
35 
36     ESP_LOGD(TAG, "verifying signature src_addr 0x%x length 0x%x", src_addr, length);
37 
38     esp_err_t err = bootloader_sha256_flash_contents(src_addr, length, digest);
39     if (err != ESP_OK) {
40         return err;
41     }
42 
43     // Map the signature block
44     sigblock = (const esp_secure_boot_sig_block_t *) bootloader_mmap(src_addr + length, sizeof(esp_secure_boot_sig_block_t));
45     if(!sigblock) {
46         ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", src_addr + length, sizeof(esp_secure_boot_sig_block_t));
47         return ESP_FAIL;
48     }
49     // Verify the signature
50     err = esp_secure_boot_verify_ecdsa_signature_block(sigblock, digest, verified_digest);
51     // Unmap
52     bootloader_munmap(sigblock);
53 
54     return err;
55 }
56 
esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t * sig_block,const uint8_t * image_digest)57 esp_err_t esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest)
58 {
59     uint8_t verified_digest[ESP_SECURE_BOOT_DIGEST_LEN] = { 0 };
60     return esp_secure_boot_verify_ecdsa_signature_block(sig_block, image_digest, verified_digest);
61 }
62 
esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig_block_t * sig_block,const uint8_t * image_digest,uint8_t * verified_digest)63 esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest)
64 {
65     ptrdiff_t keylen;
66 
67     keylen = signature_verification_key_end - signature_verification_key_start;
68     if (keylen != SIGNATURE_VERIFICATION_KEYLEN) {
69         ESP_LOGE(TAG, "Embedded public verification key has wrong length %d", keylen);
70         return ESP_FAIL;
71     }
72 
73     if (sig_block->version != 0) {
74         ESP_LOGE(TAG, "image has invalid signature version field 0x%08x (image without a signature?)", sig_block->version);
75         return ESP_FAIL;
76     }
77 
78     ESP_LOGD(TAG, "Verifying secure boot signature");
79 
80     bool is_valid;
81     is_valid = uECC_verify_antifault(signature_verification_key_start,
82                            image_digest,
83                            ESP_SECURE_BOOT_DIGEST_LEN,
84                            sig_block->signature,
85                            uECC_secp256r1(),
86                            verified_digest);
87     ESP_LOGD(TAG, "Verification result %d", is_valid);
88 
89     return is_valid ? ESP_OK : ESP_ERR_IMAGE_INVALID;
90 }
91 
92 #endif // CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME
93