RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

suit: try multiple keys

Browse Source
This commit is contained in:
Benjamin Valentin 2022-08-15 19:17:03 +02:00
parent 7f5c932f07
commit abb5d0fab6
2 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dist/tools/suit/suit-manifest-generator/suit_tool/get_pubkey.py vendored
View File

@ -49,11 +49,11 @@ def to_header(pk):
if isinstance(pk, ed25519.Ed25519PrivateKey): if isinstance(pk, ed25519.Ed25519PrivateKey):
public_bytes = pk.public_key().public_bytes(ks.Encoding.Raw, public_bytes = pk.public_key().public_bytes(ks.Encoding.Raw,
ks.PublicFormat.Raw) ks.PublicFormat.Raw)
public_c_def = ['const uint8_t public_key[] = {'] + textwrap.wrap( public_c_def = ['{'] + textwrap.wrap(
', '.join(['{:0=#4x}'.format(x) for x in public_bytes]), ', '.join(['{:0=#4x}'.format(x) for x in public_bytes]),
76 76
) )
return str.encode('\n '.join(public_c_def) + '\n};\n') return str.encode('\n '.join(public_c_def) + '\n},\n')
OutputFormaters = { OutputFormaters = {

29
sys/suit/handlers_envelope.c
View File

@ -32,17 +32,18 @@
#include "suit/handlers.h" #include "suit/handlers.h"
#include "suit.h" #include "suit.h"
static int _auth_handler(suit_manifest_t *manifest, int key, static int _verify_with_key(suit_manifest_t *manifest, const nanocbor_value_t *it,
nanocbor_value_t *it) const void *key)
{ {
(void)key;
cose_sign_dec_t verify; cose_sign_dec_t verify;
const uint8_t *cose_buf; const uint8_t *cose_buf;
const uint8_t *auth_container; const uint8_t *auth_container;
size_t auth_container_len; size_t auth_container_len;
size_t cose_len = 0; size_t cose_len = 0;
nanocbor_value_t tmp = *it;
/* It is a list of cose signatures */ /* It is a list of cose signatures */
if (nanocbor_get_bstr(it, &auth_container, &auth_container_len) < 0) { if (nanocbor_get_bstr(&tmp, &auth_container, &auth_container_len) < 0) {
LOG_INFO("Unable to get auth container\n"); LOG_INFO("Unable to get auth container\n");
return SUIT_ERR_INVALID_MANIFEST; return SUIT_ERR_INVALID_MANIFEST;
} }
@ -51,7 +52,7 @@ static int _auth_handler(suit_manifest_t *manifest, int key,
cose_key_t pkey; cose_key_t pkey;
cose_key_init(&pkey); cose_key_init(&pkey);
cose_key_set_keys(&pkey, COSE_EC_CURVE_ED25519, COSE_ALGO_EDDSA, cose_key_set_keys(&pkey, COSE_EC_CURVE_ED25519, COSE_ALGO_EDDSA,
(uint8_t *)public_key, NULL, NULL); (void *)key, NULL, NULL);
nanocbor_value_t _cont, arr; nanocbor_value_t _cont, arr;
nanocbor_decoder_init(&_cont, auth_container, auth_container_len); nanocbor_decoder_init(&_cont, auth_container, auth_container_len);
@ -96,6 +97,7 @@ static int _auth_handler(suit_manifest_t *manifest, int key,
} }
else { else {
LOG_INFO("Unable to validate signature: %d\n", verification); LOG_INFO("Unable to validate signature: %d\n", verification);
res = SUIT_ERR_SIGNATURE;
} }
} }
} }
@ -103,6 +105,23 @@ static int _auth_handler(suit_manifest_t *manifest, int key,
return res; return res;
} }
static int _auth_handler(suit_manifest_t *manifest, int key,
nanocbor_value_t *it)
{
(void)key;
int res = 0;
for (unsigned i = 0; i < ARRAY_SIZE(public_key); ++i) {
res = _verify_with_key(manifest, it, public_key[i]);
if (res != SUIT_ERR_SIGNATURE) {
break;
}
}
return res;
}
static int _manifest_handler(suit_manifest_t *manifest, int key, static int _manifest_handler(suit_manifest_t *manifest, int key,
nanocbor_value_t *it) nanocbor_value_t *it)
{ {