sim: Remove curve specific ECDSA TLVs

Remove those TLVs that are tied to a specific curve and modify the code to use the new generic ECDSA TLV. Signed-off-by: Roland Mikhel <roland.mikhel@arm.com> Change-Id: Iffe9052580c99e75118cf5df4286e0e9a2af4a8c
mcu-tools · Mar 14, 2023 · 011b442 · 011b442
1 parent 4d54899
commit 011b442
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 51 deletions.
diff --git a/sim/src/image.rs b/sim/src/image.rs
@@ -1892,10 +1892,7 @@ fn make_tlv() -> TlvGen {
  TlvGen::new_rsa3072_pss()
  } else if Caps::EcdsaP256.present() {
  TlvGen::new_ecdsa()
- } else if Caps::EcdsaSig.present() {
- TlvGen::new_generic_ecdsa()
- }
- else if Caps::Ed25519.present() {
+ } else if Caps::Ed25519.present() {
  TlvGen::new_ed25519()
  } else {
  TlvGen::new_hash_only()

diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs
@@ -51,8 +51,6 @@ pub enum TlvKinds {
  KEYHASH = 0x01,
  SHA256 = 0x10,
  RSA2048 = 0x20,
- ECDSA224 = 0x21,
- ECDSA256 = 0x22,
  RSA3072 = 0x23,
  ED25519 = 0x24,
  ECDSASIG = 0x25,
@@ -158,18 +156,11 @@ impl TlvGen {
  #[allow(dead_code)]
  pub fn new_ecdsa() -> TlvGen {
  TlvGen {
- kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSA256],
+ kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSASIG],
  ..Default::default()
  }
  }
 
- #[allow(dead_code)]
- pub fn new_generic_ecdsa() -> TlvGen {
- TlvGen {
- kinds: vec![TlvKinds::SHA256,TlvKinds::ECDSASIG],
- ..Default::default()}
- }
-
  #[allow(dead_code)]
  pub fn new_ed25519() -> TlvGen {
  TlvGen {
@@ -243,7 +234,7 @@ impl TlvGen {
  };
  TlvGen {
  flags: flag,
- kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSA256, TlvKinds::ENCKW],
+ kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSASIG, TlvKinds::ENCKW],
  ..Default::default()
  }
  }
@@ -271,7 +262,7 @@ impl TlvGen {
  };
  TlvGen {
  flags: flag,
- kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSA256, TlvKinds::ENCEC256],
+ kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSASIG, TlvKinds::ENCEC256],
  ..Default::default()
  }
  }
@@ -364,20 +355,16 @@ impl ManifestGen for TlvGen {
  estimate += 4 + 32; // keyhash
  estimate += 4 + 384; // RSA3072
  }
- if self.kinds.contains(&TlvKinds::ECDSA256) {
- estimate += 4 + 32; // keyhash
-
- // ECDSA signatures are encoded as ASN.1 with the x and y values stored as signed
- // integers. As such, the size can vary by 2 bytes, if the 256-bit value has the high
- // bit, it takes an extra 0 byte to avoid it being seen as a negative number.
- estimate += 4 + 72; // ECDSA256 (varies)
- }
  if self.kinds.contains(&TlvKinds::ED25519) {
  estimate += 4 + 32; // keyhash
  estimate += 4 + 64; // ED25519 signature.
  }
  if self.kinds.contains(&TlvKinds::ECDSASIG) {
  estimate += 4 + 32; // keyhash
+
+ // ECDSA signatures are encoded as ASN.1 with the x and y values stored as signed
+ // integers. As such, the size can vary by 2 bytes, if the 256-bit value has the high
+ // bit, it takes an extra 0 byte to avoid it being seen as a negative number.
  estimate += 4 + 72; // ECDSA256 (varies)
  }
 
@@ -463,7 +450,6 @@ impl ManifestGen for TlvGen {
  // signature verification can be validated.
  let mut corrupt_hash = self.gen_corrupted;
  for k in &[TlvKinds::RSA2048, TlvKinds::RSA3072,
- TlvKinds::ECDSA224, TlvKinds::ECDSA256,
  TlvKinds::ED25519, TlvKinds::ECDSASIG]
  {
  if self.kinds.contains(k) {
@@ -562,32 +548,6 @@ impl ManifestGen for TlvGen {
  result.write_u16::<LittleEndian>(signature.len() as u16).unwrap();
  result.extend_from_slice(&signature);
  }
-
- if self.kinds.contains(&TlvKinds::ECDSA256) {
- let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY);
- let keyhash = keyhash.as_ref();
-
- assert!(keyhash.len() == 32);
- result.write_u16::<LittleEndian>(TlvKinds::KEYHASH as u16).unwrap();
- result.write_u16::<LittleEndian>(32).unwrap();
- result.extend_from_slice(keyhash);
-
- let key_bytes = pem::parse(include_bytes!("../../root-ec-p256-pkcs8.pem").as_ref()).unwrap();
- assert_eq!(key_bytes.tag, "PRIVATE KEY");
-
- let key_pair = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_ASN1_SIGNING,
- &key_bytes.contents).unwrap();
- let rng = rand::SystemRandom::new();
- let signature = key_pair.sign(&rng, &sig_payload).unwrap();
-
- result.write_u16::<LittleEndian>(TlvKinds::ECDSA256 as u16).unwrap();
-
- let signature = signature.as_ref().to_vec();
-
- result.write_u16::<LittleEndian>(signature.len() as u16).unwrap();
- result.extend_from_slice(signature.as_ref());
- }
-
  if self.kinds.contains(&TlvKinds::ED25519) {
  let keyhash = digest::digest(&digest::SHA256, ED25519_PUB_KEY);
  let keyhash = keyhash.as_ref();