Take the crypto_backend library into use in bootloader for signature verification

Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
2026-05-21 01:12:11 +00:00 · 2021-05-28 15:28:37 +03:00
parent 0d4f481035
commit d83033f449
5 changed files with 93 additions and 9 deletions
--- a/platforms/nuttx/src/bootloader/common/CMakeLists.txt
+++ b/platforms/nuttx/src/bootloader/common/CMakeLists.txt
@@ -34,6 +34,7 @@
 add_library(bootloader
 	bl.c
 	image_toc.c
+	crypto.c
 )

 target_link_libraries(bootloader
@@ -41,6 +42,13 @@ target_link_libraries(bootloader
 		arch_bootloader
 )

+if (DEFINED PX4_CRYPTO)
+	target_link_libraries(bootloader
+		PRIVATE
+			crypto_backend
+	)
+endif()
+
 add_dependencies(bootloader prebuild_targets)

 add_subdirectory(lib)
--- a/platforms/nuttx/src/bootloader/common/bl.c
+++ b/platforms/nuttx/src/bootloader/common/bl.c
@@ -51,6 +51,10 @@
 #include "cdcacm.h"
 #include "uart.h"

+#ifdef BOOTLOADER_USE_SECURITY
+#include <px4_platform_common/crypto_backend.h>
+#endif
+
 // bootloader flash update protocol.
 //
 // Command format:
@@ -301,6 +305,11 @@ jump_to_app()
 	}

 #ifdef BOOTLOADER_USE_TOC
+
+#ifdef BOOTLOADER_USE_SECURITY
+	crypto_init();
+#endif
+
 	const image_toc_entry_t *toc_entries;
 	uint8_t len;
 	uint8_t i = 0;
--- a/platforms/nuttx/src/bootloader/common/crypto.c
+++ b/platforms/nuttx/src/bootloader/common/crypto.c
@@ -0,0 +1,69 @@
+/****************************************************************************
+ *
+ *   Copyright (c) 2021 Technology Innovation Institute. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name PX4 nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+#include <stdbool.h>
+#include "image_toc.h"
+#include "hw_config.h"
+
+#ifdef BOOTLOADER_USE_SECURITY
+
+#include <px4_platform_common/crypto_backend.h>
+
+bool verify_app(uint16_t idx, const image_toc_entry_t *toc_entries)
+{
+	volatile uint8_t *app_signature_ptr = NULL;
+	volatile size_t len = 0;
+	bool ret;
+
+	uint8_t sig_idx = toc_entries[idx].signature_idx;
+	uint8_t sig_key = toc_entries[idx].signature_key;
+	crypto_session_handle_t handle = crypto_open(BOOTLOADER_SIGNING_ALGORITHM);
+	app_signature_ptr = (volatile uint8_t *)toc_entries[sig_idx].start;
+	len = (size_t)toc_entries[idx].end - (size_t)toc_entries[idx].start;
+
+	ret =  crypto_signature_check(handle, sig_key, (const uint8_t *)app_signature_ptr,
+				      (const uint8_t *)toc_entries[idx].start, len);
+
+	crypto_close(&handle);
+	return ret;
+}
+
+bool decrypt_app(uint16_t idx, const image_toc_entry_t *toc_entries)
+{
+	/*
+	 * Not implemented yet.
+	 */
+	return false;
+}
+
+#endif //BOOTLOADER_USE_SECURITY
--- a/platforms/nuttx/src/bootloader/common/crypto.h
+++ b/platforms/nuttx/src/bootloader/common/crypto.h
@@ -40,9 +40,9 @@

 #pragma once

-#ifdef BOOTLOADER_USE_TOC
-
-#ifdef BOOTLOADER_USE_SECURITY
+/* Using security always needs TOC (but TOC could be used without security) */
+#if defined(BOOTLOADER_USE_SECURITY)
+# define BOOTLOADER_USE_TOC

 #include <stdlib.h>

@@ -55,6 +55,8 @@ bool decrypt_app(uint16_t idx, const image_toc_entry_t *toc_entries);

 #else

+# if defined(BOOTLOADER_USE_TOC)
+
 /* No security, application verification passes always */

 static inline bool verify_app(uint16_t idx, const image_toc_entry_t *toc_entries) {return true;}
@@ -63,6 +65,6 @@ static inline bool verify_app(uint16_t idx, const image_toc_entry_t *toc_entries

 static inline bool decrypt_app(uint16_t idx, const image_toc_entry_t *toc_entries) {return false;}

-#endif
+# endif

-#endif
+#endif // BOOTLOADER_USE_SECURITY
--- a/platforms/nuttx/src/bootloader/common/image_toc.c
+++ b/platforms/nuttx/src/bootloader/common/image_toc.c
@@ -33,8 +33,6 @@

 #include "hw_config.h"

-#ifdef BOOTLOADER_USE_TOC
-
 #include <inttypes.h>
 #include <stdbool.h>
 #include <stddef.h>
@@ -102,5 +100,3 @@ bool find_toc(const image_toc_entry_t **toc_entries, uint8_t *len)
 	*len = 0;
 	return false;
 }
-
-#endif