sim: Remove curve specific ECDSA TLVs

Remove those TLVs that are tied to a specific curve and modify the code to use the new generic ECDSA TLV. Signed-off-by: Roland Mikhel <roland.mikhel@arm.com> Change-Id: Iffe9052580c99e75118cf5df4286e0e9a2af4a8c
mcu-tools · Mar 14, 2023 · 011b442 · 011b442
1 parent 4d54899
commit 011b442
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 51 deletions.
diff --git a/sim/src/image.rs b/sim/src/image.rs
@@ -1892,10 +1892,7 @@ fn make_tlv() -> TlvGen {
             TlvGen::new_rsa3072_pss()
         } else if Caps::EcdsaP256.present() {
             TlvGen::new_ecdsa()
-        } else if Caps::EcdsaSig.present() {
-            TlvGen::new_generic_ecdsa()
-        }
-         else if Caps::Ed25519.present() {
+        } else if Caps::Ed25519.present() {
             TlvGen::new_ed25519()
         } else {
             TlvGen::new_hash_only()

diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs
@@ -51,8 +51,6 @@ pub enum TlvKinds {
     KEYHASH = 0x01,
     SHA256 = 0x10,
     RSA2048 = 0x20,
-    ECDSA224 = 0x21,
-    ECDSA256 = 0x22,
     RSA3072 = 0x23,
     ED25519 = 0x24,
     ECDSASIG = 0x25,
@@ -158,18 +156,11 @@ impl TlvGen {
     #[allow(dead_code)]
     pub fn new_ecdsa() -> TlvGen {
         TlvGen {
-            kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSA256],
+            kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSASIG],
             ..Default::default()
         }
     }
 
-    #[allow(dead_code)]
-    pub fn new_generic_ecdsa() -> TlvGen {
-        TlvGen {
-            kinds: vec![TlvKinds::SHA256,TlvKinds::ECDSASIG],
-            ..Default::default()}
-    }
-
     #[allow(dead_code)]
     pub fn new_ed25519() -> TlvGen {
         TlvGen {
@@ -243,7 +234,7 @@ impl TlvGen {
         };
         TlvGen {
             flags: flag,
-            kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSA256, TlvKinds::ENCKW],
+            kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSASIG, TlvKinds::ENCKW],
             ..Default::default()
         }
     }
@@ -271,7 +262,7 @@ impl TlvGen {
         };
         TlvGen {
             flags: flag,
-            kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSA256, TlvKinds::ENCEC256],
+            kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSASIG, TlvKinds::ENCEC256],
             ..Default::default()
         }
     }
@@ -364,20 +355,16 @@ impl ManifestGen for TlvGen {
             estimate += 4 + 32; // keyhash
             estimate += 4 + 384; // RSA3072
         }
-        if self.kinds.contains(&TlvKinds::ECDSA256) {
-            estimate += 4 + 32; // keyhash
-
-            // ECDSA signatures are encoded as ASN.1 with the x and y values stored as signed
-            // integers.  As such, the size can vary by 2 bytes, if the 256-bit value has the high
-            // bit, it takes an extra 0 byte to avoid it being seen as a negative number.
-            estimate += 4 + 72; // ECDSA256 (varies)
-        }
         if self.kinds.contains(&TlvKinds::ED25519) {
             estimate += 4 + 32; // keyhash
             estimate += 4 + 64; // ED25519 signature.
         }
         if self.kinds.contains(&TlvKinds::ECDSASIG) {
             estimate += 4 + 32; // keyhash
+
+            // ECDSA signatures are encoded as ASN.1 with the x and y values stored as signed
+            // integers.  As such, the size can vary by 2 bytes, if the 256-bit value has the high
+            // bit, it takes an extra 0 byte to avoid it being seen as a negative number.
             estimate += 4 + 72; // ECDSA256 (varies)
         }
 
@@ -463,7 +450,6 @@ impl ManifestGen for TlvGen {
             // signature verification can be validated.
             let mut corrupt_hash = self.gen_corrupted;
             for k in &[TlvKinds::RSA2048, TlvKinds::RSA3072,
-                TlvKinds::ECDSA224, TlvKinds::ECDSA256,
                 TlvKinds::ED25519, TlvKinds::ECDSASIG]
             {
                 if self.kinds.contains(k) {
@@ -562,32 +548,6 @@ impl ManifestGen for TlvGen {
             result.write_u16::<LittleEndian>(signature.len() as u16).unwrap();
             result.extend_from_slice(&signature);
         }
-
-        if self.kinds.contains(&TlvKinds::ECDSA256) {
-            let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY);
-            let keyhash = keyhash.as_ref();
-
-            assert!(keyhash.len() == 32);
-            result.write_u16::<LittleEndian>(TlvKinds::KEYHASH as u16).unwrap();
-            result.write_u16::<LittleEndian>(32).unwrap();
-            result.extend_from_slice(keyhash);
-
-            let key_bytes = pem::parse(include_bytes!("../../root-ec-p256-pkcs8.pem").as_ref()).unwrap();
-            assert_eq!(key_bytes.tag, "PRIVATE KEY");
-
-            let key_pair = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_ASN1_SIGNING,
-                                                    &key_bytes.contents).unwrap();
-            let rng = rand::SystemRandom::new();
-            let signature = key_pair.sign(&rng, &sig_payload).unwrap();
-
-            result.write_u16::<LittleEndian>(TlvKinds::ECDSA256 as u16).unwrap();
-
-            let signature = signature.as_ref().to_vec();
-
-            result.write_u16::<LittleEndian>(signature.len() as u16).unwrap();
-            result.extend_from_slice(signature.as_ref());
-        }
-
         if self.kinds.contains(&TlvKinds::ED25519) {
             let keyhash = digest::digest(&digest::SHA256, ED25519_PUB_KEY);
             let keyhash = keyhash.as_ref();