From 900b5545e7bb24845918a1e5d2d4b5a21f5753ef Mon Sep 17 00:00:00 2001 From: Roland Mikhel Date: Wed, 8 Feb 2023 14:06:58 +0100 Subject: [PATCH] sim: Remove curve specific ECDSA TLVs Remove those TLVs that are tied to a specific curve and modify the code to use the new generic ECDSA TLV. Signed-off-by: Roland Mikhel Change-Id: Iffe9052580c99e75118cf5df4286e0e9a2af4a8c --- sim/src/image.rs | 5 +---- sim/src/tlv.rs | 54 +++++++----------------------------------------- 2 files changed, 8 insertions(+), 51 deletions(-) diff --git a/sim/src/image.rs b/sim/src/image.rs index 0c3b916fcd..2d942251cf 100644 --- a/sim/src/image.rs +++ b/sim/src/image.rs @@ -1892,10 +1892,7 @@ fn make_tlv() -> TlvGen { TlvGen::new_rsa3072_pss() } else if Caps::EcdsaP256.present() { TlvGen::new_ecdsa() - } else if Caps::EcdsaSig.present() { - TlvGen::new_generic_ecdsa() - } - else if Caps::Ed25519.present() { + } else if Caps::Ed25519.present() { TlvGen::new_ed25519() } else { TlvGen::new_hash_only() diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs index dada6b832f..cc5165af25 100644 --- a/sim/src/tlv.rs +++ b/sim/src/tlv.rs @@ -51,8 +51,6 @@ pub enum TlvKinds { KEYHASH = 0x01, SHA256 = 0x10, RSA2048 = 0x20, - ECDSA224 = 0x21, - ECDSA256 = 0x22, RSA3072 = 0x23, ED25519 = 0x24, ECDSASIG = 0x25, @@ -158,18 +156,11 @@ impl TlvGen { #[allow(dead_code)] pub fn new_ecdsa() -> TlvGen { TlvGen { - kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSA256], + kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSASIG], ..Default::default() } } - #[allow(dead_code)] - pub fn new_generic_ecdsa() -> TlvGen { - TlvGen { - kinds: vec![TlvKinds::SHA256,TlvKinds::ECDSASIG], - ..Default::default()} - } - #[allow(dead_code)] pub fn new_ed25519() -> TlvGen { TlvGen { @@ -243,7 +234,7 @@ impl TlvGen { }; TlvGen { flags: flag, - kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSA256, TlvKinds::ENCKW], + kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSASIG, TlvKinds::ENCKW], ..Default::default() } } @@ -271,7 +262,7 @@ impl TlvGen { }; TlvGen { flags: flag, - kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSA256, TlvKinds::ENCEC256], + kinds: vec![TlvKinds::SHA256, TlvKinds::ECDSASIG, TlvKinds::ENCEC256], ..Default::default() } } @@ -364,20 +355,16 @@ impl ManifestGen for TlvGen { estimate += 4 + 32; // keyhash estimate += 4 + 384; // RSA3072 } - if self.kinds.contains(&TlvKinds::ECDSA256) { - estimate += 4 + 32; // keyhash - - // ECDSA signatures are encoded as ASN.1 with the x and y values stored as signed - // integers. As such, the size can vary by 2 bytes, if the 256-bit value has the high - // bit, it takes an extra 0 byte to avoid it being seen as a negative number. - estimate += 4 + 72; // ECDSA256 (varies) - } if self.kinds.contains(&TlvKinds::ED25519) { estimate += 4 + 32; // keyhash estimate += 4 + 64; // ED25519 signature. } if self.kinds.contains(&TlvKinds::ECDSASIG) { estimate += 4 + 32; // keyhash + + // ECDSA signatures are encoded as ASN.1 with the x and y values stored as signed + // integers. As such, the size can vary by 2 bytes, if the 256-bit value has the high + // bit, it takes an extra 0 byte to avoid it being seen as a negative number. estimate += 4 + 72; // ECDSA256 (varies) } @@ -463,7 +450,6 @@ impl ManifestGen for TlvGen { // signature verification can be validated. let mut corrupt_hash = self.gen_corrupted; for k in &[TlvKinds::RSA2048, TlvKinds::RSA3072, - TlvKinds::ECDSA224, TlvKinds::ECDSA256, TlvKinds::ED25519, TlvKinds::ECDSASIG] { if self.kinds.contains(k) { @@ -562,32 +548,6 @@ impl ManifestGen for TlvGen { result.write_u16::(signature.len() as u16).unwrap(); result.extend_from_slice(&signature); } - - if self.kinds.contains(&TlvKinds::ECDSA256) { - let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY); - let keyhash = keyhash.as_ref(); - - assert!(keyhash.len() == 32); - result.write_u16::(TlvKinds::KEYHASH as u16).unwrap(); - result.write_u16::(32).unwrap(); - result.extend_from_slice(keyhash); - - let key_bytes = pem::parse(include_bytes!("../../root-ec-p256-pkcs8.pem").as_ref()).unwrap(); - assert_eq!(key_bytes.tag, "PRIVATE KEY"); - - let key_pair = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_ASN1_SIGNING, - &key_bytes.contents).unwrap(); - let rng = rand::SystemRandom::new(); - let signature = key_pair.sign(&rng, &sig_payload).unwrap(); - - result.write_u16::(TlvKinds::ECDSA256 as u16).unwrap(); - - let signature = signature.as_ref().to_vec(); - - result.write_u16::(signature.len() as u16).unwrap(); - result.extend_from_slice(signature.as_ref()); - } - if self.kinds.contains(&TlvKinds::ED25519) { let keyhash = digest::digest(&digest::SHA256, ED25519_PUB_KEY); let keyhash = keyhash.as_ref();