Add p521 to magiskboot

This commit is contained in:
LoveSy 2024-03-29 17:52:12 +08:00 committed by John Wu
parent fb5ee86615
commit 36bd00a046
4 changed files with 44 additions and 1 deletions

16
native/src/Cargo.lock generated
View File

@ -488,10 +488,12 @@ dependencies = [
"cxx-gen", "cxx-gen",
"der", "der",
"digest", "digest",
"ecdsa",
"fdt", "fdt",
"num-traits", "num-traits",
"p256", "p256",
"p384", "p384",
"p521",
"pb-rs", "pb-rs",
"quick-protobuf", "quick-protobuf",
"rsa", "rsa",
@ -624,6 +626,20 @@ dependencies = [
"sha2", "sha2",
] ]
[[package]]
name = "p521"
version = "0.13.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fc9e2161f1f215afdfce23677034ae137bbd45016a880c2eb3ba8eb95f085b2"
dependencies = [
"base16ct",
"ecdsa",
"elliptic-curve",
"primeorder",
"rand_core",
"sha2",
]
[[package]] [[package]]
name = "pb-rs" name = "pb-rs"
version = "0.10.0" version = "0.10.0"

View File

@ -18,6 +18,8 @@ sha2 = "0.10"
digest = "0.10" digest = "0.10"
p256 = "0.13" p256 = "0.13"
p384 = "0.13" p384 = "0.13"
p521 = "0.13"
ecdsa = "0.16"
rsa = "0.9" rsa = "0.9"
x509-cert = "0.2" x509-cert = "0.2"
der = "0.7" der = "0.7"

View File

@ -23,6 +23,8 @@ sha2 = { workspace = true }
digest = { workspace = true } digest = { workspace = true }
p256 = { workspace = true } p256 = { workspace = true }
p384 = { workspace = true } p384 = { workspace = true }
p521 = { workspace = true }
ecdsa = { workspace = true }
rsa = { workspace = true, features = ["sha2"] } rsa = { workspace = true, features = ["sha2"] }
x509-cert = { workspace = true } x509-cert = { workspace = true }
der = { workspace = true, features = ["derive"] } der = { workspace = true, features = ["derive"] }

View File

@ -1,6 +1,7 @@
use der::referenced::OwnedToRef; use der::referenced::OwnedToRef;
use der::{Decode, DecodePem, Encode, Sequence, SliceReader}; use der::{Decode, DecodePem, Encode, Sequence, SliceReader};
use digest::DynDigest; use digest::DynDigest;
use ecdsa;
use p256::ecdsa::{ use p256::ecdsa::{
Signature as P256Signature, SigningKey as P256SigningKey, VerifyingKey as P256VerifyingKey, Signature as P256Signature, SigningKey as P256SigningKey, VerifyingKey as P256VerifyingKey,
}; };
@ -8,6 +9,10 @@ use p256::pkcs8::DecodePrivateKey;
use p384::ecdsa::{ use p384::ecdsa::{
Signature as P384Signature, SigningKey as P384SigningKey, VerifyingKey as P384VerifyingKey, Signature as P384Signature, SigningKey as P384SigningKey, VerifyingKey as P384VerifyingKey,
}; };
use p521::{
ecdsa::{Signature as P521Signature, SigningKey as P521SigningKey},
NistP521,
};
use rsa::pkcs1v15::{ use rsa::pkcs1v15::{
Signature as RsaSignature, SigningKey as RsaSigningKey, VerifyingKey as RsaVerifyingKey, Signature as RsaSignature, SigningKey as RsaSigningKey, VerifyingKey as RsaVerifyingKey,
}; };
@ -16,7 +21,7 @@ use rsa::signature::hazmat::{PrehashSigner, PrehashVerifier};
use rsa::signature::SignatureEncoding; use rsa::signature::SignatureEncoding;
use rsa::{RsaPrivateKey, RsaPublicKey}; use rsa::{RsaPrivateKey, RsaPublicKey};
use sha1::Sha1; use sha1::Sha1;
use sha2::{Sha256, Sha384}; use sha2::{Sha256, Sha384, Sha512};
use x509_cert::der::asn1::{OctetString, PrintableString}; use x509_cert::der::asn1::{OctetString, PrintableString};
use x509_cert::der::Any; use x509_cert::der::Any;
use x509_cert::spki::AlgorithmIdentifier; use x509_cert::spki::AlgorithmIdentifier;
@ -27,6 +32,8 @@ use base::{log_err, LoggedResult, MappedFile, ResultExt, StrErr, Utf8CStr};
use crate::ffi::BootImage; use crate::ffi::BootImage;
type P521VerifyingKey = ecdsa::VerifyingKey<NistP521>;
#[allow(clippy::upper_case_acronyms)] #[allow(clippy::upper_case_acronyms)]
pub enum SHA { pub enum SHA {
SHA1(Sha1), SHA1(Sha1),
@ -82,6 +89,7 @@ enum SigningKey {
SHA256withRSA(RsaSigningKey<Sha256>), SHA256withRSA(RsaSigningKey<Sha256>),
SHA256withECDSA(P256SigningKey), SHA256withECDSA(P256SigningKey),
SHA384withECDSA(P384SigningKey), SHA384withECDSA(P384SigningKey),
SHA521withECDSA(P521SigningKey),
} }
#[allow(clippy::large_enum_variant)] #[allow(clippy::large_enum_variant)]
@ -89,6 +97,7 @@ enum VerifyingKey {
SHA256withRSA(RsaVerifyingKey<Sha256>), SHA256withRSA(RsaVerifyingKey<Sha256>),
SHA256withECDSA(P256VerifyingKey), SHA256withECDSA(P256VerifyingKey),
SHA384withECDSA(P384VerifyingKey), SHA384withECDSA(P384VerifyingKey),
SHA521withECDSA(P521VerifyingKey),
} }
struct Verifier { struct Verifier {
@ -108,6 +117,9 @@ impl Verifier {
} else if let Ok(ec) = P384VerifyingKey::try_from(key.clone()) { } else if let Ok(ec) = P384VerifyingKey::try_from(key.clone()) {
digest = Box::<Sha384>::default(); digest = Box::<Sha384>::default();
VerifyingKey::SHA384withECDSA(ec) VerifyingKey::SHA384withECDSA(ec)
} else if let Ok(ec) = P521VerifyingKey::try_from(key.clone()) {
digest = Box::<Sha512>::default();
VerifyingKey::SHA521withECDSA(ec)
} else { } else {
return Err(log_err!("Unsupported private key")); return Err(log_err!("Unsupported private key"));
}; };
@ -133,6 +145,10 @@ impl Verifier {
let sig = P384Signature::from_slice(signature)?; let sig = P384Signature::from_slice(signature)?;
key.verify_prehash(hash.as_ref(), &sig).log() key.verify_prehash(hash.as_ref(), &sig).log()
} }
VerifyingKey::SHA521withECDSA(key) => {
let sig = P521Signature::from_slice(signature)?;
key.verify_prehash(hash.as_ref(), &sig).log()
}
}; };
} }
} }
@ -154,6 +170,9 @@ impl Signer {
} else if let Ok(ec) = P384SigningKey::from_pkcs8_der(key) { } else if let Ok(ec) = P384SigningKey::from_pkcs8_der(key) {
digest = Box::<Sha384>::default(); digest = Box::<Sha384>::default();
SigningKey::SHA384withECDSA(ec) SigningKey::SHA384withECDSA(ec)
} else if let Ok(ec) = ecdsa::SigningKey::<NistP521>::from_pkcs8_der(key) {
digest = Box::<Sha512>::default();
SigningKey::SHA521withECDSA(P521SigningKey::from(ec))
} else { } else {
return Err(log_err!("Unsupported private key")); return Err(log_err!("Unsupported private key"));
}; };
@ -179,6 +198,10 @@ impl Signer {
let sig: P384Signature = key.sign_prehash(hash.as_ref())?; let sig: P384Signature = key.sign_prehash(hash.as_ref())?;
sig.to_vec() sig.to_vec()
} }
SigningKey::SHA521withECDSA(key) => {
let sig: P521Signature = key.sign_prehash(hash.as_ref())?;
sig.to_vec()
}
}; };
Ok(v) Ok(v)
} }