• State Not Answered
  • Replies 4 replies
  • Subscribers 76 subscribers
  • Views 1466 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 253100
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Cross checking nrfutil boot_validation_signature for VALIDATE_ECDSA_P256_SHA256 with openssl command line

Richard R

Hello,

I setup nrfutil to use VALIDATE_ECDSA_P256_SHA256 and have this output from the pkg display output:

|- hash_type: SHA256
|- hash (little-endian): 60de8328530e5882b789259309c47d20dc1a9482f89606ad2cb70d9ad6456b1b
|
|- boot_validation_type: ['VALIDATE_ECDSA_P256_SHA256']
|- boot_validation_signature (little-endian): ['46bce1a61fda3d5aa8c3619d22b06d476f9462daeac753b563553e25eb8c0fe9b748763052e1390cf979e9d53ec043b894b1509a16c84b2829a7f9f1a49e941b']

Now I want to take the boot_validation_signature and transform it back into something that openssl dgst command can validate.

I have tried echo 46bce...941b | xxd -r -p > nrfutil.sign (following the hint from openssl).


However the resulting signature is a different length than what openssl actually generates

xxd nrfutil.sign
00000000: 46bc e1a6 1fda 3d5a a8c3 619d 22b0 6d47 F.....=Z..a.".mG
00000010: 6f94 62da eac7 53b5 6355 3e25 eb8c 0fe9 o.b...S.cU>%....
00000020: b748 7630 52e1 390c f979 e9d5 3ec0 43b8 .Hv0R.9..y..>.C.
00000030: 94b1 509a 16c8 4b28 29a7 f9f1 a49e 941b ..P...K().......

xxd openssl-signature.bin
00000000: 3045 0220 5526 372b 0415 026c 2308 f42d 0E. U&7+...l#..-
00000010: e1b6 5040 f7d0 a9bb 3755 9b4d 2954 c44b [email protected])T.K
00000020: e4a6 f79c 0221 00ae ec64 d704 a716 83b0 .....!...d......
00000030: db84 d9dd 58a2 588f be9c 5a52 8e25 4ea8 ....X.X...ZR.%N.
00000040: 1349 5c8d 07a8 5e .I\...^

As a reference, I am using these openssl commands to sign and verify (using openssl version 1.1.1g in case that matters)

openssl dgst -sha256 -sign private.pem < test.bin > openssl-signature.bin
openssl dgst -sha256 -verify public.pem -signature openssl-signature.bin < test.bin

And this commands verify okay if I am using the openssl-signature.bin

When I use the same -verify command with the nrfutil.sign, I got this error

Error Verifying Data
4540624320:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:101:
4540624320:error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object header:crypto/asn1/tasn_dec.c:1118:
4540624320:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:290:Type=ECDSA_SIG

What is the correct way to transform boot_validation_signature into something that openssl can cross-check?

Thank you for everyone's time!

Parents
  • 0

    I cannot provide OpenSSL commands, but there are two important things missing:

    • ASN.1 encoding
    • big endian byte order

    The nrfutil.sign file is smaller because it is not ASN.1 encoded. OpenSSL expects signatures to be ASN.1 encoded in order to provide meta information (e.g. which algorithm to use).

    The encoded data is expected to be in network byte order (= big endian). The nrfutil program generates signatures in little endian, since that matches the endianess of the NordicSemi Cortex-M chips - and thus no byte order swapping needs to be done when checking the signature in the bootloader.

    In summary, for OpenSSL to be useful one needs to swap byte order (reverse bytes), and then encode the result properly as ASN.1 data. Not sure if this is possible with the command line tool only.

Reply
  • 0

    I cannot provide OpenSSL commands, but there are two important things missing:

    • ASN.1 encoding
    • big endian byte order

    The nrfutil.sign file is smaller because it is not ASN.1 encoded. OpenSSL expects signatures to be ASN.1 encoded in order to provide meta information (e.g. which algorithm to use).

    The encoded data is expected to be in network byte order (= big endian). The nrfutil program generates signatures in little endian, since that matches the endianess of the NordicSemi Cortex-M chips - and thus no byte order swapping needs to be done when checking the signature in the bootloader.

    In summary, for OpenSSL to be useful one needs to swap byte order (reverse bytes), and then encode the result properly as ASN.1 data. Not sure if this is possible with the command line tool only.

Children
No Data
Related
Terms of service