From 4395b80976ad8fc52347c42cfa9079517542ecf0 Mon Sep 17 00:00:00 2001 From: David Vincze Date: Thu, 27 Apr 2023 16:11:49 +0200 Subject: [PATCH] boot: Restore and extend the usage of 0x22 TLV (ECDSA256) The IMAGE_TLV_ECDSA256 TLV has been put out of use by commit 63d2346da428398077e3cf711d80ba8c0e6ff298. This commit reverts this part of that patch and at the same time it extends the usage of this TLV to cover all types of curves (replacing the newly introduced 0x25 TLV type) while retaining its value (0x22) for backward compatibility. Rename IMAGE_TLV_ECDSA256 to IMAGE_TLV_ECDSA_SIG. Change-Id: I904f292db775c38f26a5e9a87c5f414165efc173 Signed-off-by: David Vincze --- boot/bootutil/include/bootutil/image.h | 3 +-- docs/design.md | 3 +-- docs/release-notes.d/ecdsa-tlv-p384.md | 4 ++-- scripts/imgtool/image.py | 3 +-- sim/src/tlv.rs | 2 +- 5 files changed, 6 insertions(+), 9 deletions(-) diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h index 18b099cf..3291766d 100644 --- a/boot/bootutil/include/bootutil/image.h +++ b/boot/bootutil/include/bootutil/image.h @@ -86,10 +86,9 @@ struct flash_area; #define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */ #define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */ #define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output - Not supported anymore */ -#define IMAGE_TLV_ECDSA256 0x22 /* ECDSA of hash output - Not supported anymore */ +#define IMAGE_TLV_ECDSA_SIG 0x22 /* ECDSA of hash output */ #define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */ #define IMAGE_TLV_ED25519 0x24 /* ed25519 of hash output */ -#define IMAGE_TLV_ECDSA_SIG 0x25 /* ECDSA of hash output */ #define IMAGE_TLV_ENC_RSA2048 0x30 /* Key encrypted with RSA-OAEP-2048 */ #define IMAGE_TLV_ENC_KW 0x31 /* Key encrypted with AES-KW 128 or 256*/ #define IMAGE_TLV_ENC_EC256 0x32 /* Key encrypted with ECIES-EC256 */ diff --git a/docs/design.md b/docs/design.md index 12d68eeb..162927a7 100755 --- a/docs/design.md +++ b/docs/design.md @@ -108,10 +108,9 @@ struct image_tlv { #define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */ #define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */ #define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output - Not supported anymore */ -#define IMAGE_TLV_ECDSA256 0x22 /* ECDSA of hash output - Not supported anymore */ +#define IMAGE_TLV_ECDSA_SIG 0x22 /* ECDSA of hash output */ #define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */ #define IMAGE_TLV_ED25519 0x24 /* ED25519 of hash output */ -#define IMAGE_TLV_ECDSA_SIG 0x25 /* ECDSA of hash output */ #define IMAGE_TLV_ENC_RSA2048 0x30 /* Key encrypted with RSA-OAEP-2048 */ #define IMAGE_TLV_ENC_KW 0x31 /* Key encrypted with AES-KW-128 or 256 */ diff --git a/docs/release-notes.d/ecdsa-tlv-p384.md b/docs/release-notes.d/ecdsa-tlv-p384.md index 2f4a4589..48a70f2c 100644 --- a/docs/release-notes.d/ecdsa-tlv-p384.md +++ b/docs/release-notes.d/ecdsa-tlv-p384.md @@ -1,2 +1,2 @@ -- Add generic ECDSA TLV, remove the ECDSA256 and ECDSA224 curve TLVs. -- Add P384 support to imgtool. +- Make the ECDSA256 TLV curve agnostic and rename it to ECDSA_SIG. +- imgtool: add P384 support along with SHA384. diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py index de8352ac..d722efde 100644 --- a/scripts/imgtool/image.py +++ b/scripts/imgtool/image.py @@ -64,10 +64,9 @@ TLV_VALUES = { 'SHA256': 0x10, 'SHA384': 0x11, 'RSA2048': 0x20, - 'ECDSA256': 0x22, + 'ECDSASIG': 0x22, 'RSA3072': 0x23, 'ED25519': 0x24, - 'ECDSASIG': 0x25, 'ENCRSA2048': 0x30, 'ENCKW': 0x31, 'ENCEC256': 0x32, diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs index cc5165af..c9240438 100644 --- a/sim/src/tlv.rs +++ b/sim/src/tlv.rs @@ -51,9 +51,9 @@ pub enum TlvKinds { KEYHASH = 0x01, SHA256 = 0x10, RSA2048 = 0x20, + ECDSASIG = 0x22, RSA3072 = 0x23, ED25519 = 0x24, - ECDSASIG = 0x25, ENCRSA2048 = 0x30, ENCKW = 0x31, ENCEC256 = 0x32,