This post summarizes the relevant RFCS (and other standards) related to cryptography and, specifically, relevant to MCUboot.
I intend to update this post with more RFCs as I refer to them in my work.
Last update: 2018-05-31
Cryptography The following documents describe protocols and encodings relevant to digital signatures.
RFC3447: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1
RFC4279: Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
RFC5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification Version 1.
Update: After a little digging, I understand where the leading 0x00 comes from on the EC public key.
I’ve recently been working on the MCUboot project. A key feature of this bootloader is its use of digital signatures to verify images both before performing upgrades, and optionally, also before running them. The code currently supports RSA and ECDSA signatures, and we are working on adding support for EdDSA signatures (specifically Ed25519).
This post is going to focus on some particular security issues in the embedded space (the IoT space, if you will). I regularly work with microcontrollers (MCUs) based on variants of the Cortex-M architecture. These are ARM processors that typically have a small amount of ROM (½–1 MiB) and an even smaller amount of RAM (16–128 KiB).
Traditionally, security has not been much of a focus on these types of devices (think toasters, washing machines, and the likes).