feat(firmware): implement ECDSA P-256 signature verification in OTA library

Replaces placeholder ota_verify_signature_with_key with real mbedtls ECDSA verify; adds 4-case native test suite with generated P-256 vectors. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-05-11 11:15:52 -07:00
parent 8b1fd10db7
commit 66e6808e13
2 changed files with 88 additions and 3 deletions
--- a/firmware/lib/ota_updater/ota_updater.cpp
+++ b/firmware/lib/ota_updater/ota_updater.cpp
@@ -2,6 +2,9 @@
 #include "ota_updater.h"
 #include <stdio.h>
 #include <string.h>
+#include <mbedtls/ecdsa.h>
+#include <mbedtls/ecp.h>
+#include <mbedtls/bignum.h>

 // ── version comparison ─────────────────────────────────────────────────────

@@ -16,11 +19,31 @@ bool ota_version_newer(const char* current, const char* remote) {
 }

 // ── signature verification ─────────────────────────────────────────────────
-// (real implementation added in Task 7)
 bool ota_verify_signature_with_key(const uint8_t hash32[32], const uint8_t sig64[64],
                                    const uint8_t pubkey65[65]) {
-    (void)hash32; (void)sig64; (void)pubkey65;
-    return false; // placeholder — filled in Task 7
+    mbedtls_ecp_group grp;
+    mbedtls_ecp_point Q;
+    mbedtls_mpi       r, s;
+
+    mbedtls_ecp_group_init(&grp);
+    mbedtls_ecp_point_init(&Q);
+    mbedtls_mpi_init(&r);
+    mbedtls_mpi_init(&s);
+
+    bool ok = false;
+    if (mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP256R1) == 0 &&
+        mbedtls_ecp_point_read_binary(&grp, &Q, pubkey65, 65) == 0 &&
+        mbedtls_mpi_read_binary(&r, sig64,      32) == 0 &&
+        mbedtls_mpi_read_binary(&s, sig64 + 32, 32) == 0 &&
+        mbedtls_ecdsa_verify(&grp, hash32, 32, &Q, &r, &s) == 0) {
+        ok = true;
+    }
+
+    mbedtls_ecp_group_free(&grp);
+    mbedtls_ecp_point_free(&Q);
+    mbedtls_mpi_free(&r);
+    mbedtls_mpi_free(&s);
+    return ok;
 }

 // ── device-only code ───────────────────────────────────────────────────────
--- a/firmware/test/test_ota_sig/test_sig_verify.cpp
+++ b/firmware/test/test_ota_sig/test_sig_verify.cpp
@@ -0,0 +1,62 @@
+// firmware/test/test_ota_sig/test_sig_verify.cpp
+#include <unity.h>
+#include <string.h>
+#define NATIVE_TEST
+#include "../../lib/ota_updater/ota_updater.cpp"
+
+// ── Test vectors generated by Python/cryptography (ECDSA P-256) ────────────
+static const uint8_t TEST_PUBKEY[65] = {
+    0x04, 0x96, 0x18, 0x6c, 0x8b, 0xb2, 0xdf, 0xea, 0x3f, 0xe4, 0x75, 0x35, 0x0e, 0x8a, 0x3e, 0x7d,
+    0x49, 0x7f, 0x56, 0xb5, 0xb4, 0x1a, 0xae, 0x05, 0xa3, 0x10, 0x6f, 0x02, 0x43, 0x84, 0xb3, 0x1c,
+    0x1f, 0x44, 0xef, 0x08, 0x84, 0x57, 0xca, 0x6e, 0xd8, 0x19, 0x74, 0x10, 0x8d, 0x95, 0xcc, 0x8c,
+    0x61, 0x89, 0x56, 0xea, 0xbc, 0x0c, 0xa2, 0x54, 0xd7, 0x02, 0xf3, 0x1d, 0x67, 0x7c, 0xa5, 0xba,
+    0x42
+};
+
+static const uint8_t TEST_HASH[32] = {
+    0x0a, 0x7e, 0x5f, 0x6a, 0x4c, 0x72, 0x11, 0xb7, 0x14, 0x3f, 0x85, 0x59, 0x50, 0x61, 0x8a, 0xa1,
+    0xab, 0xee, 0x7b, 0x57, 0x08, 0x59, 0x56, 0x09, 0x6d, 0x18, 0xaf, 0x70, 0xe6, 0x6e, 0x6c, 0xa8
+};
+
+static const uint8_t TEST_SIG[64] = {
+    0x4f, 0xff, 0xc3, 0xc6, 0xd5, 0x04, 0x71, 0x37, 0x87, 0x8c, 0xe1, 0xe5, 0x79, 0xef, 0x59, 0x2a,
+    0x63, 0xde, 0xf6, 0x96, 0x3e, 0x8f, 0x90, 0x2f, 0x46, 0x1f, 0x1b, 0x8a, 0xd5, 0x94, 0xb8, 0x28,
+    0x80, 0xfa, 0xe4, 0x26, 0x14, 0xbf, 0x91, 0x54, 0xbf, 0xa6, 0x2f, 0x67, 0xf9, 0x97, 0x45, 0x3a,
+    0x0f, 0xdc, 0x66, 0xcd, 0x21, 0xb8, 0x91, 0xdb, 0xb9, 0xaa, 0x6b, 0x5d, 0x6c, 0xa5, 0xcb, 0x96
+};
+// ──────────────────────────────────────────────────────────────────────────
+
+void setUp() {}
+void tearDown() {}
+
+void test_valid_signature_accepted() {
+    TEST_ASSERT_TRUE(ota_verify_signature_with_key(TEST_HASH, TEST_SIG, TEST_PUBKEY));
+}
+
+void test_corrupted_hash_rejected() {
+    uint8_t bad_hash[32];
+    memcpy(bad_hash, TEST_HASH, 32);
+    bad_hash[0] ^= 0xff;
+    TEST_ASSERT_FALSE(ota_verify_signature_with_key(bad_hash, TEST_SIG, TEST_PUBKEY));
+}
+
+void test_corrupted_signature_rejected() {
+    uint8_t bad_sig[64];
+    memcpy(bad_sig, TEST_SIG, 64);
+    bad_sig[0] ^= 0xff;
+    TEST_ASSERT_FALSE(ota_verify_signature_with_key(TEST_HASH, bad_sig, TEST_PUBKEY));
+}
+
+void test_zero_signature_rejected() {
+    uint8_t zero_sig[64] = {};
+    TEST_ASSERT_FALSE(ota_verify_signature_with_key(TEST_HASH, zero_sig, TEST_PUBKEY));
+}
+
+int main() {
+    UNITY_BEGIN();
+    RUN_TEST(test_valid_signature_accepted);
+    RUN_TEST(test_corrupted_hash_rejected);
+    RUN_TEST(test_corrupted_signature_rejected);
+    RUN_TEST(test_zero_signature_rejected);
+    return UNITY_END();
+}