2020-09-21 05:32 AM
I'm working on a custom bootloader where the bootloader verifies the firmware with ecdsa before booting the firmware, but i cant seem to get it to verify my signature. Is there any examples with some external data is signed with ex openssl and then verified with the stm32f7xx.
EC_stt EC_st;
EC_st.pmB = NULL;
EC_st.mBsize = 0;
EC_st.pmA = P_256_a;
EC_st.pmB = P_256_b;
EC_st.pmP = P_256_p;
EC_st.pmN = P_256_n;
EC_st.pmGx = P_256_Gx;
EC_st.pmGy = P_256_Gy;
EC_st.mAsize = sizeof(P_256_a);
EC_st.mNsize = sizeof(P_256_n);
EC_st.mPsize = sizeof(P_256_p);
EC_st.mBsize = sizeof(P_256_b);
EC_st.mGxsize = sizeof(P_256_Gx);
EC_st.mGysize = sizeof(P_256_Gy);
/* We prepare the memory buffer strucure */
Crypto_Buffer.pmBuf = preallocated_buffer;
Crypto_Buffer.mUsed = 0;
Crypto_Buffer.mSize = sizeof(preallocated_buffer);
int dd = 0;
//ECCinitPrivKey
BigNum_stt bR;
BigNum_stt bS;
W8_to_Big(Signature_r, sizeof(Signature_r), &bR);
W8_to_Big(Signature_s, sizeof(Signature_s), &bS);
uint32_t status;
//ECCinitEC(&EC_st, &Crypto_Buffer );
__disable_irq();//
status = ECCinitEC(&EC_st, &Crypto_Buffer);
if (status == ECC_SUCCESS) {
status = ECCinitPoint(&PubKey, &EC_st, &Crypto_Buffer); //
if (status == ECC_SUCCESS) {
ECCsetPointCoordinate(PubKey, E_ECC_POINT_COORDINATE_X, P_256_Gx,sizeof(P_256_Gx)); //
ECCsetPointCoordinate(PubKey, E_ECC_POINT_COORDINATE_Y, P_256_Gy,sizeof(P_256_Gy)); //
//ECCgetPointCoordinate(P_pECPnt, P_Coordinate, P_pCoordinateValue, P_pCoordinateSize)
/* Try to validate the Public Key. */
status = ECCvalidatePubKey(PubKey, &EC_st, &Crypto_Buffer); //
if (status == ECC_SUCCESS) {
status = ECDSAinitSign(&sign, &EC_st, &Crypto_Buffer); //
if (status == ECC_SUCCESS) {
ECDSAverifyCtx_stt verctx; /* Import the signature values */
ECDSAsetSignature(sign, E_ECDSA_SIGNATURE_R_VALUE,
Signature_r, sizeof(Signature_r));
ECDSAsetSignature(sign, E_ECDSA_SIGNATURE_S_VALUE,
Signature_s, sizeof(Signature_s));
verctx.pmEC = &EC_st;
verctx.pmPubKey = PubKey;
stst = 0;
status = ECDSAverify(cheksum, sizeof(cheksum), sign, &verctx, &Crypto_Buffer);
if (status == SIGNATURE_VALID) {
stst = 1;
return 1;
} else {
stst = 0;
}
}
}
}
}
I have tried to generate a private/public key with openssl and then convert the parameters to the code but always it fails in the ECDSAverify.
If i run the st example where it genereates the private public keys and signs "abc" then it verifies and works.
Im pretty shure that the problem is somthing to do with the keys or signature i generate. Any help would be great!
Thanks!
2020-09-30 01:36 AM
Hello,
one first think I would think is related to the CRC.
I can see you use a checksum instead of a hash (just because of the name of the variable).
To be able to use the cryptolib you need that CRC clock is activated and at its reset state.
So, if you use CRC for other purpose you need to reset it before using the cryptolib.
Best regards
Jocelyn