sim: Add generic ECDSA TLV support (6205c10f) · Commits · Wenxi XU / Mcuboot

sim/src/image.rs

+4 −1

Original line number	Diff line number	Diff line
		@@ -1889,7 +1889,10 @@ fn make_tlv() -> TlvGen {
		TlvGen::new_rsa3072_pss()
		} else if Caps::EcdsaP256.present() {
		TlvGen::new_ecdsa()
		} else if Caps::Ed25519.present() {
		} else if Caps::EcdsaSig.present() {
		TlvGen::new_generic_ecdsa()
		}
		else if Caps::Ed25519.present() {
		TlvGen::new_ed25519()
		} else {
		TlvGen::new_hash_only()

sim/src/tlv.rs

+35 −1

Original line number	Diff line number	Diff line
		@@ -54,6 +54,7 @@ pub enum TlvKinds {
		ECDSA256 = 0x22,
		RSA3072 = 0x23,
		ED25519 = 0x24,
		ECDSASIG = 0x25,
		ENCRSA2048 = 0x30,
		ENCKW = 0x31,
		ENCEC256 = 0x32,
		@@ -161,6 +162,13 @@ impl TlvGen {
		}
		}

		#[allow(dead_code)]
		pub fn new_generic_ecdsa() -> TlvGen {
		TlvGen {
		kinds: vec![TlvKinds::SHA256,TlvKinds::ECDSASIG],
		..Default::default()}
		}

		#[allow(dead_code)]
		pub fn new_ed25519() -> TlvGen {
		TlvGen {
		@@ -367,6 +375,10 @@ impl ManifestGen for TlvGen {
		estimate += 4 + 32; // keyhash
		estimate += 4 + 64; // ED25519 signature.
		}
		if self.kinds.contains(&TlvKinds::ECDSASIG) {
		estimate += 4 + 32; // keyhash
		estimate += 4 + 72; // ECDSA256 (varies)
		}

		// Estimate encryption.
		let flag = TlvFlags::ENCRYPTED_AES256 as u32;
		@@ -450,7 +462,7 @@ impl ManifestGen for TlvGen {
		// signature verification can be validated.
		let mut corrupt_hash = self.gen_corrupted;
		for k in &[TlvKinds::RSA2048, TlvKinds::RSA3072,
		TlvKinds::ECDSA256, TlvKinds::ED25519]
		TlvKinds::ECDSA256, TlvKinds::ED25519, TlvKinds::ECDSASIG]
		{
		if self.kinds.contains(k) {
		corrupt_hash = false;
		@@ -527,6 +539,28 @@ impl ManifestGen for TlvGen {
		result.extend_from_slice(&signature);
		}

		if self.kinds.contains(&TlvKinds::ECDSASIG) {
		let rng = rand::SystemRandom::new();
		let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY);
		let key_bytes = pem::parse(include_bytes!("../../root-ec-p256-pkcs8.pem").as_ref()).unwrap();
		let sign_algo = &ECDSA_P256_SHA256_ASN1_SIGNING;
		let key_pair = EcdsaKeyPair::from_pkcs8(sign_algo, &key_bytes.contents).unwrap();
		let signature = key_pair.sign(&rng,&sig_payload).unwrap();

		// Write public key
		let keyhash_slice = keyhash.as_ref();
		assert!(keyhash_slice.len() == 32);
		result.write_u16::<LittleEndian>(TlvKinds::KEYHASH as u16).unwrap();
		result.write_u16::<LittleEndian>(32).unwrap();
		result.extend_from_slice(keyhash_slice);

		// Write signature
		result.write_u16::<LittleEndian>(TlvKinds::ECDSASIG as u16).unwrap();
		let signature = signature.as_ref().to_vec();
		result.write_u16::<LittleEndian>(signature.len() as u16).unwrap();
		result.extend_from_slice(&signature);
		}

		if self.kinds.contains(&TlvKinds::ECDSA256) {
		let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY);
		let keyhash = keyhash.as_ref();

Admin message