Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

imgtool: Add --pure switch to allow calculating signatures over entire images #2063

Merged
merged 1 commit into from
Jan 7, 2025

Conversation

de-nordic
Copy link
Collaborator

@de-nordic de-nordic commented Sep 13, 2024

The PR adds --pure switch to imgtool that allows to run ED25519 over entire image calculating the PureEdDSA signature.

The imgtool will add SIG_PURE TLV as indicator that whatever signature is used is calculated directly over image.
The PR also provides different output for signature verification, where there is signature reported on verification, rather than digest as digest is no longer available, but will provide digest if key is not provided during verification.

Depends on #2029 -- that reserves the SIG_PURE in MCUboot code
Based on #2048

@de-nordic
Copy link
Collaborator Author

May be interesting for you @taltenbach

de-nordic added a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 1, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic de-nordic force-pushed the support-for-pure-signatures branch from 70177ad to e9e9cf4 Compare October 1, 2024 16:16
@de-nordic de-nordic requested a review from nordicjm October 1, 2024 16:17
@de-nordic de-nordic force-pushed the support-for-pure-signatures branch from e9e9cf4 to 99bc965 Compare October 2, 2024 14:16
de-nordic added a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 2, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
de-nordic added a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 3, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic de-nordic force-pushed the support-for-pure-signatures branch 2 times, most recently from 10b5d01 to e872745 Compare October 4, 2024 17:09
de-nordic added a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 4, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
de-nordic added a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 8, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic de-nordic force-pushed the support-for-pure-signatures branch from e872745 to d3ee8fb Compare October 10, 2024 10:25
message = digest
tlv.add(hash_tlv, digest)
else:
# Note that when Pure signature is used, hash TLV is not present.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nordicjm @nvlsianpu I am bypassing addition of hash TLV in case when signature is pure; pure signature is not using it, but maybe the hash may be useful for something else is worth leaving it as it is?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@de-nordic Yes, it might be usefull: Hash is for check the integrity of the image, while the signature is for checking authenticity of the image. Usually HASH calculation is faster and doesn't require any key. I can expect that some cases might require just integrity calculation.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now the TLV sha is there, planning, for the future - not here, to add switch to not include it.

de-nordic added a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 10, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic de-nordic force-pushed the support-for-pure-signatures branch from d3ee8fb to 2da9e63 Compare October 10, 2024 14:53
de-nordic added a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 10, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic de-nordic force-pushed the support-for-pure-signatures branch from 2da9e63 to bcb1965 Compare October 10, 2024 15:58
de-nordic added a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 10, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
@nvlsianpu
Copy link
Collaborator

@de-nordic I would merge that. Any obstacles?

nvlsianpu pushed a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 17, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Andrzej Puzdrowski <[email protected]>
nvlsianpu pushed a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 18, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Andrzej Puzdrowski <[email protected]>
nvlsianpu pushed a commit to de-nordic/sdk-mcuboot that referenced this pull request Oct 19, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Andrzej Puzdrowski <[email protected]>
tlv.add(hash_tlv, digest)
self.image_hash = digest
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

self.image_hash is used externally

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^^

nvlsianpu pushed a commit to nrfconnect/sdk-mcuboot that referenced this pull request Oct 19, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Andrzej Puzdrowski <[email protected]>
@nvlsianpu nvlsianpu force-pushed the support-for-pure-signatures branch from df52db5 to 7185bc3 Compare October 21, 2024 11:23
rlubos pushed a commit to rlubos/fw-nrfconnect-mcuboot that referenced this pull request Oct 22, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Andrzej Puzdrowski <[email protected]>
(cherry picked from commit 32a6e8c)
rlubos pushed a commit to rlubos/fw-nrfconnect-mcuboot that referenced this pull request Oct 22, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Andrzej Puzdrowski <[email protected]>
(cherry picked from commit 32a6e8c)
@de-nordic de-nordic force-pushed the support-for-pure-signatures branch from 7185bc3 to 5ca314d Compare October 24, 2024 11:28
@de-nordic de-nordic requested a review from gchwier November 15, 2024 13:45
@nvlsianpu
Copy link
Collaborator

@de-nordic Should we proceed with this patch?

@nordicjm
Copy link
Collaborator

nordicjm commented Dec 4, 2024

@d3zd3z can you review?

jukkar pushed a commit to jukkar/sdk-mcuboot that referenced this pull request Dec 5, 2024
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Upstream PR: mcu-tools/mcuboot#2063

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Andrzej Puzdrowski <[email protected]>
(cherry picked from commit 32a6e8c)
(cherry picked from commit a5786cd)
tlv.add(hash_tlv, digest)
self.image_hash = digest
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^^

@de-nordic de-nordic force-pushed the support-for-pure-signatures branch from 5ca314d to 2916fdd Compare December 5, 2024 09:56
@de-nordic de-nordic requested a review from nvlsianpu December 5, 2024 09:56
@nordicjm nordicjm force-pushed the support-for-pure-signatures branch from 2916fdd to 042f458 Compare December 23, 2024 11:58
Adds PureEdDSA signature support.

The change includes implementation of SIG_PURE TLV that, when present,
indicates the signature that is present is Pure type.

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Mateusz Michalek <[email protected]>
@nordicjm nordicjm force-pushed the support-for-pure-signatures branch from 042f458 to f757950 Compare December 23, 2024 12:02
@nvlsianpu nvlsianpu merged commit 1c04eac into mcu-tools:main Jan 7, 2025
58 checks passed
@de-nordic de-nordic deleted the support-for-pure-signatures branch January 8, 2025 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants