imgtool: Remove default padding of ECDSA sigs
Since commit:
commit a36082664ecc6b62ceea10aa617c546491c3093d
Author: David Brown <david.brown@linaro.org>
Date: Thu Dec 12 15:35:31 2019 -0700
ecdsa: Allow ECDSA signatures to be actual length
MCUboot no longer requires ECDSA signatures to be padded to a fixed
length. This change makes imgtool, by default, also no longer add this
padding to images. There is an option `--pad-sig` that can be given to
the sign command to re-instate this padding. This flag will be needed
to make images that will work with older (pre 1.5.0) versions of
MCUboot.
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index 436f3be..d998c5b 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@@ -244,6 +244,9 @@
'image')
@click.option('-H', '--header-size', callback=validate_header_size,
type=BasedIntParamType(), required=True)
+@click.option('--pad-sig', default=False, is_flag=True,
+ help='Add 0-2 bytes of padding to ECDSA signature '
+ '(for mcuboot <1.5)')
@click.option('-d', '--dependencies', callback=get_dependencies,
required=False, help='''Add dependence on another image, format:
"(<image_ID>,<image_version>), ... "''')
@@ -257,7 +260,7 @@
@click.command(help='''Create a signed or unsigned image\n
INFILE and OUTFILE are parsed as Intel HEX if the params have
.hex extension, otherwise binary format is used''')
-def sign(key, align, version, header_size, pad_header, slot_size, pad, confirm,
+def sign(key, align, version, pad_sig, header_size, pad_header, slot_size, pad, confirm,
max_sectors, overwrite_only, endian, encrypt, infile, outfile,
dependencies, load_addr, hex_addr, erased_val, save_enctlv,
security_counter):
@@ -279,6 +282,10 @@
# FIXME
raise click.UsageError("Signing and encryption must use the same "
"type of key")
+
+ if pad_sig and hasattr(key, 'pad_sig'):
+ key.pad_sig = True
+
img.create(key, enckey, dependencies)
img.save(outfile, hex_addr)