ECDSA#

ECDSA signing functionality for the bootloader.

Modules#

Functions#

int32_t

btl_verifyEcdsaP256r1(const uint8_t *sha256, const uint8_t *signatureR, const uint8_t *signatureS, const uint8_t *keyX, const uint8_t *keyY)

Verify an ECDSA signature of a SHA256-hash using secp256r1.

Macros#

#define

BTL_SECURITY_ECDSA_SHA256_LENGTH 32

Number of bytes of data to verify the signature against.

#define

BTL_SECURITY_ECDSA_POINT_LENGTH 32

Number of bytes in the EC points that the signature consists of.

Function Documentation#

btl_verifyEcdsaP256r1#

int32_t btl_verifyEcdsaP256r1 (const uint8_t * sha256, const uint8_t * signatureR, const uint8_t * signatureS, const uint8_t * keyX, const uint8_t * keyY)

Verify an ECDSA signature of a SHA256-hash using secp256r1.

Parameters

Type	Direction	Argument Name	Description
const uint8_t *	N/A	sha256	The hash of the data which is authenticated
const uint8_t *	N/A	signatureR	Byte array (MSB first) of R-point of the ECDSA signature
const uint8_t *	N/A	signatureS	Byte array (MSB first) of S-point of the ECDSA signature
const uint8_t *	N/A	keyX	Pointer to the X coordinate of the ECDSA public key
const uint8_t *	N/A	keyY	Pointer to the Y coordinate of the ECDSA public key

Verifies the authenticity of data by checking the ECDSA signature of the data's SHA256-hash. This function is only for use with the secp256r1 curve. The public key which the signature is validated against will be retrieved from the respective tokens in the lockbits-page.

Returns

BOOTLOADER_OK if signature is valid, else error code in BOOTLOADER_ERROR_SECURITY_BASE range.