sim: Add generic ECDSA TLV support

Add support to the simulator so that the generic ECDSA TLV can be tested. Signed-off-by: Roland Mikhel <roland.mikhel@arm.com> Change-Id: I3322ed829d150ff35abfaaa8ecf69ab7017bd7cf
mcu-tools · Apr 13, 2023 · 01a02aa · 01a02aa
1 parent f879c45
commit 01a02aa
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 2 deletions.
diff --git a/sim/src/image.rs b/sim/src/image.rs
@@ -1889,7 +1889,10 @@ fn make_tlv() -> TlvGen {
             TlvGen::new_rsa3072_pss()
         } else if Caps::EcdsaP256.present() {
             TlvGen::new_ecdsa()
-        } else if Caps::Ed25519.present() {
+        } else if Caps::EcdsaSig.present() {
+            TlvGen::new_generic_ecdsa()
+        }
+         else if Caps::Ed25519.present() {
             TlvGen::new_ed25519()
         } else {
             TlvGen::new_hash_only()

diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs
@@ -54,6 +54,7 @@ pub enum TlvKinds {
     ECDSA256 = 0x22,
     RSA3072 = 0x23,
     ED25519 = 0x24,
+    ECDSASIG = 0x25,
     ENCRSA2048 = 0x30,
     ENCKW = 0x31,
     ENCEC256 = 0x32,
@@ -161,6 +162,13 @@ impl TlvGen {
         }
     }
 
+    #[allow(dead_code)]
+    pub fn new_generic_ecdsa() -> TlvGen {
+        TlvGen {
+            kinds: vec![TlvKinds::SHA256,TlvKinds::ECDSASIG],
+            ..Default::default()}
+    }
+
     #[allow(dead_code)]
     pub fn new_ed25519() -> TlvGen {
         TlvGen {
@@ -367,6 +375,10 @@ impl ManifestGen for TlvGen {
             estimate += 4 + 32; // keyhash
             estimate += 4 + 64; // ED25519 signature.
         }
+        if self.kinds.contains(&TlvKinds::ECDSASIG) {
+            estimate += 4 + 32; // keyhash
+            estimate += 4 + 72; // ECDSA256 (varies)
+        }
 
         // Estimate encryption.
         let flag = TlvFlags::ENCRYPTED_AES256 as u32;
@@ -450,7 +462,7 @@ impl ManifestGen for TlvGen {
             // signature verification can be validated.
             let mut corrupt_hash = self.gen_corrupted;
             for k in &[TlvKinds::RSA2048, TlvKinds::RSA3072,
-                TlvKinds::ECDSA256, TlvKinds::ED25519]
+                TlvKinds::ECDSA256, TlvKinds::ED25519, TlvKinds::ECDSASIG]
             {
                 if self.kinds.contains(k) {
                     corrupt_hash = false;
@@ -527,6 +539,28 @@ impl ManifestGen for TlvGen {
             result.extend_from_slice(&signature);
         }
 
+        if self.kinds.contains(&TlvKinds::ECDSASIG) {
+            let rng = rand::SystemRandom::new();
+            let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY);
+            let key_bytes = pem::parse(include_bytes!("../../root-ec-p256-pkcs8.pem").as_ref()).unwrap();
+            let sign_algo = &ECDSA_P256_SHA256_ASN1_SIGNING;
+            let key_pair = EcdsaKeyPair::from_pkcs8(sign_algo, &key_bytes.contents).unwrap();
+            let signature = key_pair.sign(&rng,&sig_payload).unwrap();
+
+            // Write public key
+            let keyhash_slice = keyhash.as_ref();
+            assert!(keyhash_slice.len() == 32);
+            result.write_u16::<LittleEndian>(TlvKinds::KEYHASH as u16).unwrap();
+            result.write_u16::<LittleEndian>(32).unwrap();
+            result.extend_from_slice(keyhash_slice);
+
+            // Write signature
+            result.write_u16::<LittleEndian>(TlvKinds::ECDSASIG as u16).unwrap();
+            let signature = signature.as_ref().to_vec();
+            result.write_u16::<LittleEndian>(signature.len() as u16).unwrap();
+            result.extend_from_slice(&signature);
+        }
+
         if self.kinds.contains(&TlvKinds::ECDSA256) {
             let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY);
             let keyhash = keyhash.as_ref();