[nrf noup] boot: bootutil: Add required signature decoding

de-nordic · tejlmand · commit 51afa7ae974d · 2023-05-03T11:31:29.000+02:00
The CC310 and bl_crypto require decoded signature instead of raw ASN.1

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h b/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h
@@ -225,16 +225,20 @@ static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
 {
     (void)ctx;
     (void)pk_len;
-    (void)sig_len;
     (void)hash_len;
+    uint8_t dsig[2 * NUM_ECC_BYTES];
+
+    if (bootutil_decode_sig(dsig, sig, sig + sig_len)) {
+        return -1;
+    }
 
     /* Only support uncompressed keys. */
     if (pk[0] != 0x04) {
         return -1;
     }
     pk++;
 
-    return cc310_ecdsa_verify_secp256r1(hash, pk, sig, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE);
+    return cc310_ecdsa_verify_secp256r1(hash, pk, dsig, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE);
 }
 
 static inline int bootutil_ecdsa_p256_parse_public_key(bootutil_ecdsa_p256_context *ctx,
@@ -398,7 +402,11 @@ static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
 {
     (void)ctx;
     (void)pk_len;
-    (void)sig_len;
+    uint8_t dsig[2 * NUM_ECC_BYTES];
+
+    if (bootutil_decode_sig(dsig, sig, sig + sig_len)) {
+        return -1;
+    }
 
 	/* As described on the compact representation in IETF protocols,
 	 * the first byte of the key defines if the ECC points are
