Digital Signatures & Certificate Chains

#!/usr/bin/env python3
# ECDSA-P256 firmware signing with RFC 6979 deterministic k
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.backends import default_backend

# Key pair generated once; private key stored in code-signing HSM (never exported)
priv = ec.generate_private_key(ec.SECP256R1(), default_backend())
pub  = priv.public_key()

def sign(data: bytes) -> bytes:
    return priv.sign(data, ec.ECDSA(hashes.SHA256()))

def verify(data: bytes, sig: bytes) -> bool:
    try:
        pub.verify(sig, data, ec.ECDSA(hashes.SHA256()))
        return True
    except Exception:
        return False

firmware = b"ECU_firmware_v3.2" + bytes(1024)
sig = sign(firmware)
print(f"Signature length: {len(sig)} bytes (DER-encoded r+s, 64 bytes raw)")
print(f"Valid:   {verify(firmware, sig)}")
print(f"Tampered: {verify(firmware[:100]+b'X'+firmware[101:], sig)}")

# RFC 6979 deterministic k: same message + key always produces same signature
# Prevents k-reuse attack that has broken deployed automotive ECDSA implementations
# where rand() returned 0 or a predictable value

/* Certificate chain validation: leaf → Intermediate CA → Root CA */
/* Root CA public key hash stored in OTP fuses -- tamper-proof */
#include "CertMgmt.h"

CertMgmt_VerifyResultType ValidateCert(const uint8* cert_der, uint32 len)
{
    CertMgmt_CertIdType id;

    if (CertMgmt_ParseX509Cert(cert_der, len, &id) != E_OK)
        return CERTMGMT_VERIFY_PARSE_FAILED;

    /* Verify leaf → Intermediate CA (stored in protected flash) */
    if (CertMgmt_VerifySignature(id, CERTMGMT_SLOT_INT_CA) != CERTMGMT_VERIFY_OK)
        return CERTMGMT_VERIFY_SIG_FAILED;

    /* Verify Intermediate CA → Root CA (hash in OTP fuses) */
    if (CertMgmt_VerifyIntermediateCA(CERTMGMT_SLOT_INT_CA,
                                       CERTMGMT_ROOT_CA_OTP_HASH) != CERTMGMT_VERIFY_OK)
        return CERTMGMT_VERIFY_CHAIN_FAILED;

    if (CertMgmt_CheckValidity(id) != E_OK) return CERTMGMT_VERIFY_EXPIRED;
    if (!CertMgmt_HasKeyUsage(id, CERTMGMT_KU_DIGITAL_SIGNATURE))
        return CERTMGMT_VERIFY_KEY_USAGE_MISMATCH;

    return CERTMGMT_VERIFY_OK;
}