This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

MCUboot ECIES encryption

Hello, I am trying to follow and understand the MCUboot encrypted image design found here: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/mcuboot/encrypted_images.html#ecies-encryption

Specifically these sections (marked blue below)

The whole key encryption can be summarized as:

  1. Generate a new private key and derive the public key; when using ECIES-P256 this is a secp256r1 keypair, when using ECIES-X25519 this will be a x25519 keypair. Those keys will be our ephemeral keys.
  2. Generate a new secret (DH) using the ephemeral private key and the public key that corresponds to the private key embedded in the HW.
  3. Derive the new keys from the secret using HKDF (built on HMAC-SHA256). We are not using a salt and using an info of MCUBoot_ECIES_v1, generating 48 bytes of key material.
  4. A new random encryption key of 16 bytes is generated (for AES-128). This is the AES key used to encrypt the images.
  5. The key is encrypted with AES-128-CTR and a nonce of 0 using the first 16 bytes of key material generated previously by the HKDF.
  6. The encrypted key now goes through a HMAC-SHA256 using the remaining 32 bytes of key material from the HKDF.

The final TLV is built from the 65 bytes for ECIES-P256 or 32 bytes for ECIES-X25519, which correspond to the ephemeral public key, followed by the 32 bytes of MAC tag and the 16 bytes of the encrypted key, resulting in a TLV of 113 bytes for ECIES-P256 or 80 bytes for ECIES-X25519.

Q1. Is the HKDF derivation something that can be done using openssl kdf like this:

    openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA2-256 \
                -kdfopt hexkey:<Diffie-Helman-Shared-Secret> -kdfopt hexinfo:<ASCII-"MCUBoot_ECIES_v1"-in-Hex> \
                SSKDF

Q2. If the final TLV sends 3 things:
1. ephemeral public key
2. 32 bytes of MAC tag (is this the HMAC-SHA256 output from step 6?)
3. the encrypted-key (encrypted in step 5 with AES-128-CTR, nonce of 0 and key of the first 16-bytes of key material from HKDF)

What sequence of steps does the bootloader takes to get back to the image-encryption-key to decrypt the image?
I understand that the ephemeral public key + bootloader private key can generate the Diffie-Helman shared secret.
How does that works with the other two pieces of information to get the image-encryption-key (as generated in step 4 above).

Thank you for everyone's time!
Parents Reply Children
No Data
Related