Working on a embedded bootloader, which is trying to check ECDSA signatures for programs being loaded. In order to accomplish this, I am trying to do the following:
- First time - generate private and public keys. Sign any application using the private key, and place the public key in the bootloader to verify.
- Subsequent times - Read the private and public keys from file. Sign any application using the private key - the public key is already in the bootloader so no need to modify anything there.
My issue is with saving the private key. The first run of the signing software doesn't find files, so it calls to mbedtls_ecdsa_genkey, which works, and gives me two keys. I tried writing them to files like this:
Attempt 1) For both keys, calls to
mbedtls_ecp_point_write_binary(&ctx->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q), MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf); and mbedtls_ecp_point_write_binary(&ctx->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(d), MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf); and fwriting them to their own files.
On the second run, I read them both back in with mbedtls_ecp_point_read_binary(...)
and this works, however, although the keys appear identical under the debugger, the signature fails with something crashing in mbedtls_internal_aes_encrypt.
So instead I tried, for the private key, using mbed_ecp_write_key/read_key. The key was half the size (using MBEDTLS_ECP_DP_SEC521R1) - first method gave me keys of 133 bytes each, second made the private key 66 as I did this when writing:
len = (key->private_grp.nbits + 7)/8; // = 66 mbed_ecp_write_key(key, buf, len);
Same issue, though, crashing in mbedtls_internal_aes_encrypt.
I've been digging though mbed_ecdsa_genkey to see what else is happening which I am obviously missing, but have been unable to spot it yet.
