diff --git a/sim/src/image.rs b/sim/src/image.rs index 568cf0aea9..0c3b916fcd 100644 --- a/sim/src/image.rs +++ b/sim/src/image.rs @@ -1,6 +1,6 @@ // Copyright (c) 2019-2021 Linaro LTD // Copyright (c) 2019-2020 JUUL Labs -// Copyright (c) 2019-2021 Arm Limited +// Copyright (c) 2019-2023 Arm Limited // // SPDX-License-Identifier: Apache-2.0 @@ -1892,7 +1892,10 @@ fn make_tlv() -> TlvGen { TlvGen::new_rsa3072_pss() } else if Caps::EcdsaP256.present() { TlvGen::new_ecdsa() - } else if Caps::Ed25519.present() { + } else if Caps::EcdsaSig.present() { + TlvGen::new_generic_ecdsa() + } + else if Caps::Ed25519.present() { TlvGen::new_ed25519() } else { TlvGen::new_hash_only() diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs index 61d56a25ae..dada6b832f 100644 --- a/sim/src/tlv.rs +++ b/sim/src/tlv.rs @@ -1,6 +1,6 @@ // Copyright (c) 2017-2021 Linaro LTD // Copyright (c) 2017-2020 JUUL Labs -// Copyright (c) 2021 Arm Limited +// Copyright (c) 2021-2023 Arm Limited // // SPDX-License-Identifier: Apache-2.0 @@ -55,6 +55,7 @@ pub enum TlvKinds { ECDSA256 = 0x22, RSA3072 = 0x23, ED25519 = 0x24, + ECDSASIG = 0x25, ENCRSA2048 = 0x30, ENCKW = 0x31, ENCEC256 = 0x32, @@ -162,6 +163,13 @@ impl TlvGen { } } + #[allow(dead_code)] + pub fn new_generic_ecdsa() -> TlvGen { + TlvGen { + kinds: vec![TlvKinds::SHA256,TlvKinds::ECDSASIG], + ..Default::default()} + } + #[allow(dead_code)] pub fn new_ed25519() -> TlvGen { TlvGen { @@ -368,6 +376,10 @@ impl ManifestGen for TlvGen { estimate += 4 + 32; // keyhash estimate += 4 + 64; // ED25519 signature. } + if self.kinds.contains(&TlvKinds::ECDSASIG) { + estimate += 4 + 32; // keyhash + estimate += 4 + 72; // ECDSA256 (varies) + } // Estimate encryption. let flag = TlvFlags::ENCRYPTED_AES256 as u32; @@ -452,7 +464,7 @@ impl ManifestGen for TlvGen { let mut corrupt_hash = self.gen_corrupted; for k in &[TlvKinds::RSA2048, TlvKinds::RSA3072, TlvKinds::ECDSA224, TlvKinds::ECDSA256, - TlvKinds::ED25519] + TlvKinds::ED25519, TlvKinds::ECDSASIG] { if self.kinds.contains(k) { corrupt_hash = false; @@ -529,6 +541,28 @@ impl ManifestGen for TlvGen { result.extend_from_slice(&signature); } + if self.kinds.contains(&TlvKinds::ECDSASIG) { + let rng = rand::SystemRandom::new(); + let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY); + let key_bytes = pem::parse(include_bytes!("../../root-ec-p256-pkcs8.pem").as_ref()).unwrap(); + let sign_algo = &ECDSA_P256_SHA256_ASN1_SIGNING; + let key_pair = EcdsaKeyPair::from_pkcs8(sign_algo, &key_bytes.contents).unwrap(); + let signature = key_pair.sign(&rng,&sig_payload).unwrap(); + + // Write public key + let keyhash_slice = keyhash.as_ref(); + assert!(keyhash_slice.len() == 32); + result.write_u16::(TlvKinds::KEYHASH as u16).unwrap(); + result.write_u16::(32).unwrap(); + result.extend_from_slice(keyhash_slice); + + // Write signature + result.write_u16::(TlvKinds::ECDSASIG as u16).unwrap(); + let signature = signature.as_ref().to_vec(); + result.write_u16::(signature.len() as u16).unwrap(); + result.extend_from_slice(&signature); + } + if self.kinds.contains(&TlvKinds::ECDSA256) { let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY); let keyhash = keyhash.as_ref();