bootutil/crypto: Have a single ECDSA verification module
Remove the generic ECDSA verification module and keep the
existing one, just renaming it image_ecdsa.c. Make sure
that the abstraction layer is generically called ecdsa.h
and the abstraction names are not P256 specific.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6f78cfc1b1c2851cdad67efa91c6cb49498187bb
diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c
deleted file mode 100644
index b06c281..0000000
--- a/boot/bootutil/src/image_ec256.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2016-2019 JUUL Labs
- * Copyright (c) 2017 Linaro LTD
- * Copyright (C) 2021-2023 Arm Limited
- *
- * Original license:
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#include <string.h>
-
-#include "mcuboot_config/mcuboot_config.h"
-
-#ifdef MCUBOOT_SIGN_EC256
-
-#include "bootutil_priv.h"
-#include "bootutil/fault_injection_hardening.h"
-#include "bootutil/crypto/ecdsa_p256.h"
-
-fih_ret
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
- uint8_t key_id)
-{
- int rc;
- bootutil_ecdsa_p256_context ctx;
- FIH_DECLARE(fih_rc, FIH_FAILURE);
- uint8_t *pubkey;
- uint8_t *end;
-
- pubkey = (uint8_t *)bootutil_keys[key_id].key;
- end = pubkey + *bootutil_keys[key_id].len;
- bootutil_ecdsa_p256_init(&ctx);
-
- rc = bootutil_ecdsa_p256_parse_public_key(&ctx, &pubkey, end);
- if (rc) {
- goto out;
- }
-
- rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, end-pubkey, hash, hlen, sig, slen);
- fih_rc = fih_ret_encode_zero_equality(rc);
- if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
- FIH_SET(fih_rc, FIH_FAILURE);
- }
-
-out:
- bootutil_ecdsa_p256_drop(&ctx);
-
- FIH_RET(fih_rc);
-}
-
-#endif /* MCUBOOT_SIGN_EC256 */
diff --git a/boot/bootutil/src/image_ecdsa.c b/boot/bootutil/src/image_ecdsa.c
index 53e5db1..1acfd54 100644
--- a/boot/bootutil/src/image_ecdsa.c
+++ b/boot/bootutil/src/image_ecdsa.c
@@ -1,64 +1,69 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2023 Arm Limited
- */
-
-#include <string.h>
-
-#include "mcuboot_config/mcuboot_config.h"
-
-#ifdef MCUBOOT_SIGN_ECDSA
-#include "bootutil_priv.h"
-#include "bootutil/sign_key.h"
-#include "bootutil/fault_injection_hardening.h"
-
-#include "bootutil/crypto/ecdsa.h"
-
-static fih_ret
-bootutil_cmp_ecdsa_sig(bootutil_ecdsa_context *ctx, uint8_t *hash, uint32_t hlen,
- uint8_t *sig, size_t slen)
-{
- int rc = -1;
- FIH_DECLARE(fih_rc, FIH_FAILURE);
-
- /* PSA Crypto APIs allow the verification in a single call */
- rc = bootutil_ecdsa_verify(ctx, hash, hlen, sig, slen);
-
- fih_rc = fih_ret_encode_zero_equality(rc);
- if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
- FIH_SET(fih_rc, FIH_FAILURE);
- }
-
- FIH_RET(fih_rc);
-}
-
-fih_ret
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
- uint8_t key_id)
-{
- int rc = -1;
- FIH_DECLARE(fih_rc, FIH_FAILURE);
- uint8_t *cp;
- uint8_t *end;
- bootutil_ecdsa_context ctx;
-
- bootutil_ecdsa_init(&ctx);
-
- cp = (uint8_t *)bootutil_keys[key_id].key;
- end = cp + *bootutil_keys[key_id].len;
-
- /* The key used for signature verification is a public ECDSA key */
- rc = bootutil_ecdsa_parse_public_key(&ctx, &cp, end);
- if (rc) {
- goto out;
- }
-
- FIH_CALL(bootutil_cmp_ecdsa_sig, fih_rc, &ctx, hash, hlen, sig, slen);
-
-out:
- bootutil_ecdsa_drop(&ctx);
-
- FIH_RET(fih_rc);
-}
-#endif /* MCUBOOT_SIGN_ECDSA */
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2016-2019 JUUL Labs
+ * Copyright (c) 2017 Linaro LTD
+ * Copyright (C) 2021-2023 Arm Limited
+ *
+ * Original license:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <string.h>
+
+#include "mcuboot_config/mcuboot_config.h"
+
+#if defined(MCUBOOT_SIGN_EC256) || defined(MCUBOOT_SIGN_EC384)
+
+#include "bootutil_priv.h"
+#include "bootutil/fault_injection_hardening.h"
+#include "bootutil/crypto/ecdsa.h"
+
+fih_ret
+bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
+ uint8_t key_id)
+{
+ int rc;
+ bootutil_ecdsa_context ctx;
+ FIH_DECLARE(fih_rc, FIH_FAILURE);
+ uint8_t *pubkey;
+ uint8_t *end;
+
+ pubkey = (uint8_t *)bootutil_keys[key_id].key;
+ end = pubkey + *bootutil_keys[key_id].len;
+ bootutil_ecdsa_init(&ctx);
+
+ rc = bootutil_ecdsa_parse_public_key(&ctx, &pubkey, end);
+ if (rc) {
+ goto out;
+ }
+
+ rc = bootutil_ecdsa_verify(&ctx, pubkey, end-pubkey, hash, hlen, sig, slen);
+ fih_rc = fih_ret_encode_zero_equality(rc);
+ if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
+ FIH_SET(fih_rc, FIH_FAILURE);
+ }
+
+out:
+ bootutil_ecdsa_drop(&ctx);
+
+ FIH_RET(fih_rc);
+}
+
+#endif /* MCUBOOT_SIGN_EC256 || MCUBOOT_SIGN_EC384 */