Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

suit: Add support for Ed25519PH #20050

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

suit: Add support for Ed25519PH #20050

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0900df1
suit: Add support for Ed25519PH
ahasztag Jan 16, 2025
d08ae43
suit: Validate algorithm used for signing
ahasztag Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions subsys/suit/mci/include/suit_mci.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,22 +143,23 @@ mci_err_t suit_mci_independent_update_policy_get(const suit_manifest_class_id_t
mci_err_t suit_mci_manifest_class_id_validate(const suit_manifest_class_id_t *class_id);

/**
* @brief Verifying whether specific key_id is valid for signing/checking signature of specific
*manifest class
* @brief Verifying whether specific key_id and algorithm is valid for signing/checking
* signature of specific manifest class
*
* @param[in] class_id Manifest class id
* @param[in] key_id Identifier of key utilized for manifest signing. key_id may be equal
* to 0. In that case function returns success if manifest class id
* does not require signing.
* @param[in] cose_alg COSE algorithm identifier
*
* @retval SUIT_PLAT_SUCCESS on success
* @retval SUIT_PLAT_ERR_INVAL invalid parameter, i.e. null pointer
* @retval MCI_ERR_MANIFESTCLASSID manifest class id unsupported
* @retval MCI_ERR_WRONGKEYID provided key ID is invalid for signing
* @retval MCI_ERR_WRONGKEYID provided key ID or algorithm is invalid for signing
* for provided manifest class
*/
mci_err_t suit_mci_signing_key_id_validate(const suit_manifest_class_id_t *class_id,
uint32_t key_id);
mci_err_t suit_mci_signing_key_id_and_alg_validate(const suit_manifest_class_id_t *class_id,
uint32_t key_id, int32_t cose_alg);

#ifdef CONFIG_ZTEST
/**
Expand Down
11 changes: 7 additions & 4 deletions subsys/suit/mci/src/suit_mci_nrf54h20.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
#endif /* CONFIG_SDFW_LCS */
#include <zephyr/logging/log.h>
#include <sdfw/arbiter.h>
#include <suit_types.h>

#define MANIFEST_PUBKEY_NRF_TOP_GEN0 0x4000BB00
#define MANIFEST_PUBKEY_SYSCTRL_GEN0 0x40082100
Expand Down Expand Up @@ -229,8 +230,8 @@ static bool skip_validation(suit_manifest_role_t role)
return false;
}

mci_err_t suit_mci_signing_key_id_validate(const suit_manifest_class_id_t *class_id,
uint32_t key_id)
mci_err_t suit_mci_signing_key_id_and_alg_validate(const suit_manifest_class_id_t *class_id,
uint32_t key_id, int32_t cose_alg)
{
suit_manifest_role_t role = SUIT_MANIFEST_UNKNOWN;

Expand Down Expand Up @@ -271,14 +272,16 @@ mci_err_t suit_mci_signing_key_id_validate(const suit_manifest_class_id_t *class
case SUIT_MANIFEST_SEC_TOP:
case SUIT_MANIFEST_SEC_SDFW:
if (key_id >= MANIFEST_PUBKEY_NRF_TOP_GEN0 &&
key_id <= MANIFEST_PUBKEY_NRF_TOP_GEN0 + MANIFEST_PUBKEY_GEN_RANGE) {
key_id <= MANIFEST_PUBKEY_NRF_TOP_GEN0 + MANIFEST_PUBKEY_GEN_RANGE &&
(cose_alg == suit_cose_EdDSA)) {
return SUIT_PLAT_SUCCESS;
}
break;

case SUIT_MANIFEST_SEC_SYSCTRL:
if (key_id >= MANIFEST_PUBKEY_SYSCTRL_GEN0 &&
key_id <= MANIFEST_PUBKEY_SYSCTRL_GEN0 + MANIFEST_PUBKEY_GEN_RANGE) {
key_id <= MANIFEST_PUBKEY_SYSCTRL_GEN0 + MANIFEST_PUBKEY_GEN_RANGE &&
(cose_alg == suit_cose_EdDSA)) {
return SUIT_PLAT_SUCCESS;
}
break;
Expand Down
7 changes: 5 additions & 2 deletions subsys/suit/platform/sdfw/src/suit_plat_authenticate.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ int suit_plat_authenticate_manifest(struct zcbor_string *manifest_component_id,
case suit_cose_EdDSA:
psa_alg = PSA_ALG_PURE_EDDSA; /* ed25519/curve25519 without internal hashing */
break;
case suit_cose_VS_Hashed_EdDSA:
psa_alg = PSA_ALG_ED25519PH; /* ed25519/curve25519 with internal hashing */
break;
default:
return SUIT_ERR_DECODING;
}
Expand Down Expand Up @@ -73,7 +76,7 @@ int suit_plat_authenticate_manifest(struct zcbor_string *manifest_component_id,
}

/* Validate KEY ID */
ret = suit_mci_signing_key_id_validate(class_id, public_key_id);
ret = suit_mci_signing_key_id_and_alg_validate(class_id, public_key_id, alg_id);
if (ret != SUIT_PLAT_SUCCESS) {
LOG_ERR("Signing key validation failed: MCI err %i", ret);
return SUIT_ERR_AUTHENTICATION;
Expand Down Expand Up @@ -132,7 +135,7 @@ int suit_plat_authorize_unsigned_manifest(struct zcbor_string *manifest_componen
}

/* Check if unsigned manifest is allowed - pass key_id == 0*/
ret = suit_mci_signing_key_id_validate(class_id, 0);
ret = suit_mci_signing_key_id_and_alg_validate(class_id, 0, 0);

if (ret == SUIT_PLAT_SUCCESS) {
return SUIT_SUCCESS;
Expand Down
10 changes: 10 additions & 0 deletions sysbuild/Kconfig.suit
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,10 @@ config SUIT_ENVELOPE_ROOT_SIGN_ALG_ECDSA_384
config SUIT_ENVELOPE_ROOT_SIGN_ALG_ECDSA_521
bool "Use the ECDSA algorithm with key length of 521 bits"

config SUIT_ENVELOPE_ROOT_SIGN_ALG_HASHED_EDDSA
bool "Use the Hashed EdDSA algorithm (specifically: ed25519ph)"
select EXPERIMENTAL

endchoice

config SUIT_ENVELOPE_ROOT_SIGN_ALG_NAME
Expand All @@ -130,6 +134,7 @@ config SUIT_ENVELOPE_ROOT_SIGN_ALG_NAME
default "es-256" if SUIT_ENVELOPE_ROOT_SIGN_ALG_ECDSA_256
default "es-384" if SUIT_ENVELOPE_ROOT_SIGN_ALG_ECDSA_384
default "es-521" if SUIT_ENVELOPE_ROOT_SIGN_ALG_ECDSA_521
default "hashed-eddsa" if SUIT_ENVELOPE_ROOT_SIGN_ALG_HASHED_EDDSA

endif # SUIT_ENVELOPE_ROOT_SIGN

Expand Down Expand Up @@ -257,6 +262,10 @@ config SUIT_ENVELOPE_APP_RECOVERY_SIGN_ALG_ECDSA_384
config SUIT_ENVELOPE_APP_RECOVERY_SIGN_ALG_ECDSA_521
bool "Use the ECDSA algorithm with key length of 521 bits"

config SUIT_ENVELOPE_APP_RECOVERY_SIGN_ALG_HASHED_EDDSA
bool "Use the Hashed EdDSA algorithm (specifically: ed25519ph)"
select EXPERIMENTAL

endchoice

config SUIT_ENVELOPE_APP_RECOVERY_SIGN_ALG_NAME
Expand All @@ -265,6 +274,7 @@ config SUIT_ENVELOPE_APP_RECOVERY_SIGN_ALG_NAME
default "es-256" if SUIT_ENVELOPE_APP_RECOVERY_SIGN_ALG_ECDSA_256
default "es-384" if SUIT_ENVELOPE_APP_RECOVERY_SIGN_ALG_ECDSA_384
default "es-521" if SUIT_ENVELOPE_APP_RECOVERY_SIGN_ALG_ECDSA_521
default "hashed-eddsa" if SUIT_ENVELOPE_APP_RECOVERY_SIGN_ALG_HASHED_EDDSA

endif # SUIT_ENVELOPE_APP_RECOVERY_SIGN

Expand Down
5 changes: 4 additions & 1 deletion tests/subsys/suit/common/mci_test/mci_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,8 +231,11 @@ int suit_mci_manifest_class_id_validate(const suit_manifest_class_id_t *class_id
return SUIT_PLAT_SUCCESS;
}

int suit_mci_signing_key_id_validate(const suit_manifest_class_id_t *class_id, uint32_t key_id)
int suit_mci_signing_key_id_and_alg_validate(const suit_manifest_class_id_t *class_id,
uint32_t key_id, int32_t cose_alg)
{
(void) cose_alg;

if (NULL == class_id) {
return SUIT_PLAT_ERR_INVAL;
}
Expand Down
6 changes: 4 additions & 2 deletions tests/subsys/suit/mci/src/api_positive_scenarios.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,13 @@ ZTEST(mci_api_positive_scenarios_tests, test_signing_key_id_validate)

for (int i = 0; i < output_size; ++i) {
uint32_t key_id = 0;
int32_t alg_id = 0;

rc = suit_mci_signing_key_id_validate(result_class_info[i].class_id, key_id);
rc = suit_mci_signing_key_id_and_alg_validate(result_class_info[i].class_id,
key_id, alg_id);
zassert_true((rc == MCI_ERR_NOACCESS || rc == SUIT_PLAT_SUCCESS ||
rc == MCI_ERR_WRONGKEYID),
"suit_mci_signing_key_id_validate returned (%d)", rc);
"suit_mci_signing_key_id_and_alg_validate returned (%d)", rc);
}
}

Expand Down
7 changes: 4 additions & 3 deletions tests/subsys/suit/mci/src/sanity.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ ZTEST(mci_snity_tests, test_null_pointers)
{'u', 'n', 's', 'u', 'p', 'p', 'o', 'r', 't', 'e', 'd', '!', '!', '!', ' ', ' '}};
size_t output_size = OUTPUT_MAX_SIZE;
uint32_t key_id = 0;
int32_t alg_id = 0;
int processor_id = 0;
void *mem_address = &mem_address;
size_t mem_size = sizeof(mem_address);
Expand Down Expand Up @@ -80,9 +81,9 @@ ZTEST(mci_snity_tests, test_null_pointers)
zassert_equal(rc, SUIT_PLAT_ERR_INVAL,
"suit_mci_independent_update_policy_get returned (%d)", rc);

rc = suit_mci_signing_key_id_validate(NULL, key_id);
zassert_equal(rc, SUIT_PLAT_ERR_INVAL, "suit_mci_signing_key_id_validate returned (%d)",
rc);
rc = suit_mci_signing_key_id_and_alg_validate(NULL, key_id, alg_id);
zassert_equal(rc, SUIT_PLAT_ERR_INVAL,
"suit_mci_signing_key_id_and_alg_validate returned (%d)", rc);

rc = suit_mci_fw_encryption_key_id_validate(NULL, key_id);
zassert_equal(rc, SUIT_PLAT_ERR_INVAL,
Expand Down
5 changes: 3 additions & 2 deletions tests/subsys/suit/unit/mocks/include/mock_suit_mci.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ FAKE_VALUE_FUNC(int, suit_mci_downgrade_prevention_policy_get, const suit_manife
FAKE_VALUE_FUNC(int, suit_mci_independent_update_policy_get, const suit_manifest_class_id_t *,
suit_independent_updateability_policy_t *);
FAKE_VALUE_FUNC(int, suit_mci_manifest_class_id_validate, const suit_manifest_class_id_t *);
FAKE_VALUE_FUNC(int, suit_mci_signing_key_id_validate, const suit_manifest_class_id_t *, uint32_t);
FAKE_VALUE_FUNC(int, suit_mci_signing_key_id_and_alg_validate, const suit_manifest_class_id_t *,
uint32_t, int32_t);
FAKE_VALUE_FUNC(int, suit_mci_signing_key_id_get, const suit_manifest_class_id_t *, uint32_t *);
FAKE_VALUE_FUNC(int, suit_mci_processor_start_rights_validate, const suit_manifest_class_id_t *,
int);
Expand Down Expand Up @@ -67,7 +68,7 @@ static inline void mock_suit_mci_reset(void)
RESET_FAKE(suit_mci_downgrade_prevention_policy_get);
RESET_FAKE(suit_mci_independent_update_policy_get);
RESET_FAKE(suit_mci_manifest_class_id_validate);
RESET_FAKE(suit_mci_signing_key_id_validate);
RESET_FAKE(suit_mci_signing_key_id_and_alg_validate);
RESET_FAKE(suit_mci_signing_key_id_get);
RESET_FAKE(suit_mci_processor_start_rights_validate);
RESET_FAKE(suit_mci_memory_access_rights_validate);
Expand Down
4 changes: 2 additions & 2 deletions west.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,10 +242,10 @@ manifest:
upstream-sha: c6eaeda5a1c1c5dbb24dce7e027340cb8893a77b
compare-by-default: false
- name: suit-generator
revision: b37972cd90c122bb8f384f2509b72fad62c3aa4b
revision: pull/167/head
path: modules/lib/suit-generator
- name: suit-processor
revision: a499bcadceff8877da63a0a140c6a91ff2f87b25
revision: pull/101/head
path: modules/lib/suit-processor
- name: doc-internal
repo-path: doc-internal
Expand Down
Loading