ecdsa: Allow ECDSA signatures to be actual length
ECDSA signatures are variable length. They are also encoded as ASN.1. The ASN.1 parser we use is given the length, and will return a decoding error if the signature block is not sufficiently long. Instead of requiring the signature block be padded to the longest possible length a signature can be, allow them to be their natural length. This allows image signing tools to be able to generate signatures that don't have this padding. Along with removing the pad removal code from the EC224 code, this will allow this code to correctly validate all signatures, not just 255 out of 256. Signed-off-by: David Brown <david.brown@linaro.org>
This commit is contained in:
parent
3639aca071
commit
a36082664e
|
@ -161,11 +161,11 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index,
|
||||||
#elif defined(MCUBOOT_SIGN_EC)
|
#elif defined(MCUBOOT_SIGN_EC)
|
||||||
# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA224
|
# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA224
|
||||||
# define SIG_BUF_SIZE 128
|
# define SIG_BUF_SIZE 128
|
||||||
# define EXPECTED_SIG_LEN(x) ((x) >= 64) /* oids + 2 * 28 bytes */
|
# define EXPECTED_SIG_LEN(x) (1) /* always true, ASN.1 will validate */
|
||||||
#elif defined(MCUBOOT_SIGN_EC256)
|
#elif defined(MCUBOOT_SIGN_EC256)
|
||||||
# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA256
|
# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA256
|
||||||
# define SIG_BUF_SIZE 128
|
# define SIG_BUF_SIZE 128
|
||||||
# define EXPECTED_SIG_LEN(x) ((x) >= 72) /* oids + 2 * 32 bytes */
|
# define EXPECTED_SIG_LEN(x) (1) /* always true, ASN.1 will validate */
|
||||||
#elif defined(MCUBOOT_SIGN_ED25519)
|
#elif defined(MCUBOOT_SIGN_ED25519)
|
||||||
# define EXPECTED_SIG_TLV IMAGE_TLV_ED25519
|
# define EXPECTED_SIG_TLV IMAGE_TLV_ED25519
|
||||||
# define SIG_BUF_SIZE 64
|
# define SIG_BUF_SIZE 64
|
||||||
|
|
Loading…
Reference in New Issue