Revert "imgtool: Add backwards compatibility for ECDSA"

This reverts commit 78135ee6eb as bba5a711483447d7eee2531b65bd1c07c81746c9 made it unnecessary. Change-Id: Idee755f05c17502599aaa947826e9a7feb08b4a7 Signed-off-by: David Vincze <david.vincze@arm.com>
2023-04-27 16:12:17 +02:00 · 2023-04-27 16:12:17 +02:00 · 7f982b0f6f
parent 4395b80976
commit 7f982b0f6f
2 changed files with 5 additions and 16 deletions
--- a/scripts/imgtool/image.py
+++ b/scripts/imgtool/image.py
@ -317,8 +317,7 @@ class Image():

    def create(self, key, public_key_format, enckey, dependencies=None,
               sw_type=None, custom_tlvs=None, encrypt_keylen=128, clear=False,
-               fixed_sig=None, pub_key=None, vector_to_sign=None,
-               use_legacy_tlv=False):
+               fixed_sig=None, pub_key=None, vector_to_sign=None):
        self.enckey = enckey

        # Check what hashing algorithm should be used
@ -483,18 +482,10 @@ class Image():
                else:
                    print(os.path.basename(__file__) + ": sign the digest")
                    sig = key.sign_digest(digest)
-                # only ecdsa256 has legacy tlv type
-                if use_legacy_tlv and isinstance(key, ecdsa.ECDSA256P1):
-                    tlv.add(key.legacy_sig_tlv(), sig)
-                else:
-                    tlv.add(key.sig_tlv(), sig)
+                tlv.add(key.sig_tlv(), sig)
                self.signature = sig
            elif fixed_sig is not None and key is None:
-                if use_legacy_tlv and isinstance(pub_key,
-                                                 ecdsa.ECDSA256P1Public):
-                    tlv.add(pub_key.legacy_sig_tlv(), fixed_sig['value'])
-                else:
-                    tlv.add(pub_key.sig_tlv(), fixed_sig['value'])
+                tlv.add(pub_key.sig_tlv(), fixed_sig['value'])
                self.signature = fixed_sig['value']
            else:
                raise click.UsageError("Can not sign using key and provide fixed-signature at the same time")
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@ -362,8 +362,6 @@ class BasedIntParamType(click.ParamType):
              help='send to OUTFILE the payload or payload''s digest instead '
              'of complied image. These data can be used for external image '
              'signing')
-@click.option('--legacy-ecdsa-tlv', default=False, is_flag=True,
-              help='Use the old curve specific ECDSA TLV')
@click.command(help='''Create a signed or unsigned image\n
               INFILE and OUTFILE are parsed as Intel HEX if the params have
               .hex extension, otherwise binary format is used''')
@ -372,7 +370,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
         endian, encrypt_keylen, encrypt, infile, outfile, dependencies,
         load_addr, hex_addr, erased_val, save_enctlv, security_counter,
         boot_record, custom_tlv, rom_fixed, max_align, clear, fix_sig,
-         fix_sig_pubkey, sig_out, vector_to_sign, legacy_ecdsa_tlv):
+         fix_sig_pubkey, sig_out, vector_to_sign):

    if confirm:
        # Confirmed but non-padded images don't make much sense, because
@ -439,7 +437,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,

    img.create(key, public_key_format, enckey, dependencies, boot_record,
               custom_tlvs, int(encrypt_keylen), clear, baked_signature,
-               pub_key, vector_to_sign, legacy_ecdsa_tlv)
+               pub_key, vector_to_sign)
    img.save(outfile, hex_addr)

    if sig_out is not None: