1 // Copyright 2021 The Pigweed Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14 #define PW_LOG_MODULE_NAME "ECDSA-UECC"
15 #define PW_LOG_LEVEL PW_LOG_LEVEL_WARN
16
17 #include <cstring>
18
19 #include "pw_crypto/ecdsa.h"
20 #include "pw_log/log.h"
21 #include "uECC.h"
22
23 namespace pw::crypto::ecdsa {
24
25 constexpr size_t kP256CurveOrderBytes = 32;
26 constexpr size_t kP256PublicKeySize = 2 * kP256CurveOrderBytes + 1;
27 constexpr size_t kP256SignatureSize = kP256CurveOrderBytes * 2;
28
VerifyP256Signature(ConstByteSpan public_key,ConstByteSpan digest,ConstByteSpan signature)29 Status VerifyP256Signature(ConstByteSpan public_key,
30 ConstByteSpan digest,
31 ConstByteSpan signature) {
32 // Signature expected in raw format (r||s)
33 if (signature.size() != kP256SignatureSize) {
34 PW_LOG_DEBUG("Bad signature format");
35 return Status::InvalidArgument();
36 }
37
38 // Supports SEC 1 uncompressed form (04||X||Y) only.
39 if (public_key.size() != kP256PublicKeySize ||
40 std::to_integer<uint8_t>(public_key.data()[0]) != 0x04) {
41 PW_LOG_DEBUG("Bad public key format");
42 return Status::InvalidArgument();
43 }
44
45 #if defined(uECC_VLI_NATIVE_LITTLE_ENDIAN) && uECC_VLI_NATIVE_LITTLE_ENDIAN
46 // uECC_VLI_NATIVE_LITTLE_ENDIAN is defined with a non-zero value when
47 // pw_crypto_ECDSA_BACKEND is set to "//pw_crypto:ecdsa_uecc_little_endian".
48 //
49 // Since pw_crypto APIs are big endian only (standard practice), here we
50 // need to convert input parameters to little endian.
51 //
52 // Additionally uECC requires these little endian buffers to be word aligned
53 // in case unaligned accesses are not supported by the hardware. We choose
54 // the maximum 8-byte alignment to avoid referrencing internal uECC headers.
55 alignas(8) uint8_t signature_bytes[kP256SignatureSize];
56 memcpy(signature_bytes, signature.data(), sizeof(signature_bytes));
57 std::reverse(signature_bytes, signature_bytes + kP256CurveOrderBytes); // r
58 std::reverse(signature_bytes + kP256CurveOrderBytes,
59 signature_bytes + sizeof(signature_bytes)); // s
60
61 alignas(8) uint8_t public_key_bytes[kP256PublicKeySize - 1];
62 memcpy(public_key_bytes, public_key.data() + 1, sizeof(public_key_bytes));
63 std::reverse(public_key_bytes, public_key_bytes + kP256CurveOrderBytes); // X
64 std::reverse(public_key_bytes + kP256CurveOrderBytes,
65 public_key_bytes + sizeof(public_key_bytes)); // Y
66
67 alignas(8) uint8_t digest_bytes[kP256CurveOrderBytes];
68 memcpy(digest_bytes, digest.data(), sizeof(digest_bytes));
69 std::reverse(digest_bytes, digest_bytes + sizeof(digest_bytes));
70 #else
71 const uint8_t* public_key_bytes =
72 reinterpret_cast<const uint8_t*>(public_key.data()) + 1;
73 const uint8_t* digest_bytes = reinterpret_cast<const uint8_t*>(digest.data());
74 const uint8_t* signature_bytes =
75 reinterpret_cast<const uint8_t*>(signature.data());
76 #endif // uECC_VLI_NATIVE_LITTLE_ENDIAN
77
78 uECC_Curve curve = uECC_secp256r1();
79 // Make sure the public key is on the curve.
80 if (!uECC_valid_public_key(public_key_bytes, curve)) {
81 PW_LOG_DEBUG("Bad public key curve");
82 return Status::InvalidArgument();
83 }
84
85 // Digests must be at least 32 bytes. Digests longer than 32
86 // bytes are truncated to 32 bytes.
87 if (digest.size() < kP256CurveOrderBytes) {
88 PW_LOG_DEBUG("Digest is too short");
89 return Status::InvalidArgument();
90 }
91
92 // Verify the signature.
93 if (!uECC_verify(public_key_bytes,
94 digest_bytes,
95 digest.size(),
96 signature_bytes,
97 curve)) {
98 PW_LOG_DEBUG("Signature verification failed");
99 return Status::Unauthenticated();
100 }
101
102 return OkStatus();
103 }
104
105 } // namespace pw::crypto::ecdsa
106