From 7f982b0f6f7c817c7e282507b48ca6e2fafefa2b Mon Sep 17 00:00:00 2001 From: David Vincze Date: Thu, 27 Apr 2023 16:12:17 +0200 Subject: [PATCH] Revert "imgtool: Add backwards compatibility for ECDSA" This reverts commit 78135ee6eb6759ea009442d7f9bcec6bbe6934ef as bba5a711483447d7eee2531b65bd1c07c81746c9 made it unnecessary. Change-Id: Idee755f05c17502599aaa947826e9a7feb08b4a7 Signed-off-by: David Vincze --- scripts/imgtool/image.py | 15 +++------------ scripts/imgtool/main.py | 6 ++---- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py index d722efde..67f4a30b 100644 --- a/scripts/imgtool/image.py +++ b/scripts/imgtool/image.py @@ -317,8 +317,7 @@ class Image(): def create(self, key, public_key_format, enckey, dependencies=None, sw_type=None, custom_tlvs=None, encrypt_keylen=128, clear=False, - fixed_sig=None, pub_key=None, vector_to_sign=None, - use_legacy_tlv=False): + fixed_sig=None, pub_key=None, vector_to_sign=None): self.enckey = enckey # Check what hashing algorithm should be used @@ -483,18 +482,10 @@ class Image(): else: print(os.path.basename(__file__) + ": sign the digest") sig = key.sign_digest(digest) - # only ecdsa256 has legacy tlv type - if use_legacy_tlv and isinstance(key, ecdsa.ECDSA256P1): - tlv.add(key.legacy_sig_tlv(), sig) - else: - tlv.add(key.sig_tlv(), sig) + tlv.add(key.sig_tlv(), sig) self.signature = sig elif fixed_sig is not None and key is None: - if use_legacy_tlv and isinstance(pub_key, - ecdsa.ECDSA256P1Public): - tlv.add(pub_key.legacy_sig_tlv(), fixed_sig['value']) - else: - tlv.add(pub_key.sig_tlv(), fixed_sig['value']) + tlv.add(pub_key.sig_tlv(), fixed_sig['value']) self.signature = fixed_sig['value'] else: raise click.UsageError("Can not sign using key and provide fixed-signature at the same time") diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py index b8b2e49b..eba557fc 100755 --- a/scripts/imgtool/main.py +++ b/scripts/imgtool/main.py @@ -362,8 +362,6 @@ class BasedIntParamType(click.ParamType): help='send to OUTFILE the payload or payload''s digest instead ' 'of complied image. These data can be used for external image ' 'signing') -@click.option('--legacy-ecdsa-tlv', default=False, is_flag=True, - help='Use the old curve specific ECDSA TLV') @click.command(help='''Create a signed or unsigned image\n INFILE and OUTFILE are parsed as Intel HEX if the params have .hex extension, otherwise binary format is used''') @@ -372,7 +370,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size, endian, encrypt_keylen, encrypt, infile, outfile, dependencies, load_addr, hex_addr, erased_val, save_enctlv, security_counter, boot_record, custom_tlv, rom_fixed, max_align, clear, fix_sig, - fix_sig_pubkey, sig_out, vector_to_sign, legacy_ecdsa_tlv): + fix_sig_pubkey, sig_out, vector_to_sign): if confirm: # Confirmed but non-padded images don't make much sense, because @@ -439,7 +437,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size, img.create(key, public_key_format, enckey, dependencies, boot_record, custom_tlvs, int(encrypt_keylen), clear, baked_signature, - pub_key, vector_to_sign, legacy_ecdsa_tlv) + pub_key, vector_to_sign) img.save(outfile, hex_addr) if sig_out is not None: