This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Cross checking nrfutil boot_validation_signature for VALIDATE_ECDSA_P256_SHA256 with openssl command line

Hello,

I setup nrfutil to use VALIDATE_ECDSA_P256_SHA256 and have this output from the pkg display output:

|- hash_type: SHA256
|- hash (little-endian): 60de8328530e5882b789259309c47d20dc1a9482f89606ad2cb70d9ad6456b1b
|
|- boot_validation_type: ['VALIDATE_ECDSA_P256_SHA256']
|- boot_validation_signature (little-endian): ['46bce1a61fda3d5aa8c3619d22b06d476f9462daeac753b563553e25eb8c0fe9b748763052e1390cf979e9d53ec043b894b1509a16c84b2829a7f9f1a49e941b']

Now I want to take the boot_validation_signature and transform it back into something that openssl dgst command can validate.

I have tried echo 46bce...941b | xxd -r -p > nrfutil.sign (following the hint from openssl).

However the resulting signature is a different length than what openssl actually generates

xxd nrfutil.sign
00000000: 46bc e1a6 1fda 3d5a a8c3 619d 22b0 6d47 F.....=Z..a.".mG
00000010: 6f94 62da eac7 53b5 6355 3e25 eb8c 0fe9 o.b...S.cU>%....
00000020: b748 7630 52e1 390c f979 e9d5 3ec0 43b8 .Hv0R.9..y..>.C.
00000030: 94b1 509a 16c8 4b28 29a7 f9f1 a49e 941b ..P...K().......

xxd openssl-signature.bin
00000000: 3045 0220 5526 372b 0415 026c 2308 f42d 0E. U&7+...l#..-
00000010: e1b6 5040 f7d0 a9bb 3755 9b4d 2954 c44b [email protected])T.K
00000020: e4a6 f79c 0221 00ae ec64 d704 a716 83b0 .....!...d......
00000030: db84 d9dd 58a2 588f be9c 5a52 8e25 4ea8 ....X.X...ZR.%N.
00000040: 1349 5c8d 07a8 5e .I\...^

As a reference, I am using these openssl commands to sign and verify (using openssl version 1.1.1g in case that matters)

openssl dgst -sha256 -sign private.pem < test.bin > openssl-signature.bin
openssl dgst -sha256 -verify public.pem -signature openssl-signature.bin < test.bin

And this commands verify okay if I am using the openssl-signature.bin

When I use the same -verify command with the nrfutil.sign, I got this error

Error Verifying Data
4540624320:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:101:
4540624320:error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object header:crypto/asn1/tasn_dec.c:1118:
4540624320:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:290:Type=ECDSA_SIG

What is the correct way to transform boot_validation_signature into something that openssl can cross-check?

Thank you for everyone's time!

Top Replies

Turbo J over 4 years ago +1

I cannot provide OpenSSL commands, but there are two important things missing: ASN.1 encoding big endian byte order The nrfutil.sign file is smaller because it is not ASN.1 encoded. OpenSSL expects…

0 Turbo J over 4 years ago
I cannot provide OpenSSL commands, but there are two important things missing:

ASN.1 encoding

big endian byte order

The nrfutil.sign file is smaller because it is not ASN.1 encoded. OpenSSL expects signatures to be ASN.1 encoded in order to provide meta information (e.g. which algorithm to use).

The encoded data is expected to be in network byte order (= big endian). The nrfutil program generates signatures in little endian, since that matches the endianess of the NordicSemi Cortex-M chips - and thus no byte order swapping needs to be done when checking the signature in the bootloader.

In summary, for OpenSSL to be useful one needs to swap byte order (reverse bytes), and then encode the result properly as ASN.1 data. Not sure if this is possible with the command line tool only.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Wendel over 4 years ago

Hi Richard

Have you got the method to cross check signature with openssl command line?

Thanks.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Richard R over 4 years ago in reply to Wendel

Hi Wendel,

Not directly, no. The answer from Turbo J is correct.

nrfutil stores the ecdsa signature as {r,s} value pairs (32-byte each) in little endian {r_le, s_le}. See nrfutil/dfu/signing.py for lines like this:

return signature[31::-1] + signature[63:31:-1]

I ended up creating a variant of that function that can return the big-endian format.

I can't find a simple openssl CLI to cross-check, so I end up using pyca/crytography library (https://cryptography.io/en/latest/index.html) which uses openssl as a back-end for testing.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Wendel over 4 years ago in reply to Richard R

Hi Richard,

Thanks for the clarification. It really helps a lot.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel