Skip to content

Verification of RSA signature fails when custom hash hardware is used on mynewt #2264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kasjer opened this issue Apr 15, 2025 · 3 comments · May be fixed by #2271
Open

Verification of RSA signature fails when custom hash hardware is used on mynewt #2264

kasjer opened this issue Apr 15, 2025 · 3 comments · May be fixed by #2271
Labels
crypto Encryption support

Comments

@kasjer
Copy link
Contributor

kasjer commented Apr 15, 2025

Function bootutil_verify_sig() indirectly calls pss_mgf1()
This function has sequence:

    while (count > 0) {
        bootutil_sha_init(&ctx); // !!! Called many times
        bootutil_sha_update(&ctx, hash, PSS_HLEN);
        bootutil_sha_update(&ctx, counter, 4);
        bootutil_sha_finish(&ctx, htmp);
        ...
    }
    bootutil_sha_drop(&ctx); // !!! called only once

For mynewt alternate implementation of hash requires only one bootutil_sha_init() for each bootutil_sha_drop().

Fix would be to put bootutil_sha_drop() just after bootutil_sha_finish() is called.

I'm not sure if moving call to bootutil_sha_drop() few lines about is acceptable or
mynewt code should handle such case on its own.

@utzig what is your opinion on that?
@de-nordic de-nordic added the crypto Encryption support label Apr 15, 2025
@de-nordic
Copy link
Collaborator

Also in bootutil_find_key, shouldn't we, to be consistent, move drop into the loop after finish?

@kasjer
Copy link
Contributor Author

kasjer commented Apr 15, 2025

Also in bootutil_find_key, shouldn't we, to be consistent, move drop into the loop after finish?

Probably, I just did not encounter this one yet.

@utzig
Copy link
Member

utzig commented Apr 21, 2025

Fix would be to put bootutil_sha_drop() just after bootutil_sha_finish() is called.

That sounds reasonable to me.

@kasjer kasjer linked a pull request Apr 22, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Encryption support
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bootutil: Fix crash when bootutil_sha_init() is called in loop kasjer/mcuboot
3 participants
@utzig @kasjer @de-nordic