Add support for ECDSA signatures

This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.

Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
This commit is contained in:
Kenny Root
2013-10-09 10:14:35 -07:00
parent 58c60900ac
commit 7a4adb5268
12 changed files with 823 additions and 61 deletions
+84 -20
View File
@@ -100,6 +100,18 @@ RSAPublicKey test_f4_key =
65537
};
ECPublicKey test_ec_key =
{
{
{0xd656fa24u, 0x931416cau, 0x1c0278c6u, 0x174ebe4cu,
0x6018236au, 0x45ba1656u, 0xe8c05d84u, 0x670ed500u}
},
{
{0x0d179adeu, 0x4c16827du, 0x9f8cb992u, 0x8f69ff8au,
0x481b1020u, 0x798d91afu, 0x184db8e9u, 0xb5848dd9u}
}
};
RecoveryUI* ui = NULL;
// verifier expects to find a UI object; we provide one that does
@@ -136,34 +148,86 @@ ui_print(const char* format, ...) {
va_end(ap);
}
static Certificate* add_certificate(Certificate** certsp, int* num_keys,
Certificate::KeyType key_type) {
int i = *num_keys;
*num_keys = *num_keys + 1;
*certsp = (Certificate*) realloc(*certsp, *num_keys * sizeof(Certificate));
Certificate* certs = *certsp;
certs[i].rsa = NULL;
certs[i].ec = NULL;
certs[i].key_type = key_type;
certs[i].hash_len = SHA_DIGEST_SIZE;
return &certs[i];
}
int main(int argc, char **argv) {
if (argc < 2 || argc > 4) {
fprintf(stderr, "Usage: %s [-sha256] [-f4 | -file <keys>] <package>\n", argv[0]);
if (argc < 2) {
fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]);
return 2;
}
Certificate* certs = NULL;
int num_keys = 0;
int argn = 1;
while (argn < argc) {
if (strcmp(argv[argn], "-sha256") == 0) {
if (num_keys == 0) {
fprintf(stderr, "May only specify -sha256 after key type\n");
return 2;
}
++argn;
Certificate* cert = &certs[num_keys - 1];
cert->hash_len = SHA256_DIGEST_SIZE;
} else if (strcmp(argv[argn], "-ec") == 0) {
++argn;
Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC);
cert->ec = &test_ec_key;
} else if (strcmp(argv[argn], "-e3") == 0) {
++argn;
Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
cert->rsa = &test_key;
} else if (strcmp(argv[argn], "-f4") == 0) {
++argn;
Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
cert->rsa = &test_f4_key;
} else if (strcmp(argv[argn], "-file") == 0) {
if (certs != NULL) {
fprintf(stderr, "Cannot specify -file with other certs specified\n");
return 2;
}
++argn;
certs = load_keys(argv[argn], &num_keys);
++argn;
} else if (argv[argn][0] == '-') {
fprintf(stderr, "Unknown argument %s\n", argv[argn]);
return 2;
} else {
break;
}
}
if (argn == argc) {
fprintf(stderr, "Must specify package to verify\n");
return 2;
}
Certificate default_cert;
Certificate* cert = &default_cert;
cert->public_key = &test_key;
cert->hash_len = SHA_DIGEST_SIZE;
int num_keys = 1;
++argv;
if (strcmp(argv[0], "-sha256") == 0) {
++argv;
cert->hash_len = SHA256_DIGEST_SIZE;
}
if (strcmp(argv[0], "-f4") == 0) {
++argv;
cert->public_key = &test_f4_key;
} else if (strcmp(argv[0], "-file") == 0) {
++argv;
cert = load_keys(argv[0], &num_keys);
++argv;
if (num_keys == 0) {
certs = (Certificate*) calloc(1, sizeof(Certificate));
if (certs == NULL) {
fprintf(stderr, "Failure allocating memory for default certificate\n");
return 1;
}
certs->key_type = Certificate::RSA;
certs->rsa = &test_key;
certs->ec = NULL;
certs->hash_len = SHA_DIGEST_SIZE;
num_keys = 1;
}
ui = new FakeUI();
int result = verify_file(*argv, cert, num_keys);
int result = verify_file(argv[argn], certs, num_keys);
if (result == VERIFY_SUCCESS) {
printf("VERIFIED\n");
return 0;