imgtool: Add generic ECDSA TLV support
Update imgtool to support the new
generic ECDSA TLV and the ECDSA
p384 curve type with sha-384
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I9b1887610cc5d0e7cde90f47999fcdf3500ef51c
diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index 2df06e1..eba557f 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@@ -48,6 +48,10 @@
keys.ECDSA256P1.generate().export_private(keyfile, passwd=passwd)
+def gen_ecdsa_p384(keyfile, passwd):
+ keys.ECDSA384P1.generate().export_private(keyfile, passwd=passwd)
+
+
def gen_ed25519(keyfile, passwd):
keys.Ed25519.generate().export_private(path=keyfile, passwd=passwd)
@@ -62,6 +66,7 @@
'rsa-2048': gen_rsa2048,
'rsa-3072': gen_rsa3072,
'ecdsa-p256': gen_ecdsa_p256,
+ 'ecdsa-p384': gen_ecdsa_p384,
'ed25519': gen_ed25519,
'x25519': gen_x25519,
}
@@ -183,7 +188,7 @@
elif ret == image.VerifyResult.INVALID_TLV_INFO_MAGIC:
print("Invalid TLV info magic; is this an MCUboot image?")
elif ret == image.VerifyResult.INVALID_HASH:
- print("Image has an invalid sha256 digest")
+ print("Image has an invalid hash")
elif ret == image.VerifyResult.INVALID_SIGNATURE:
print("No signature found for the given key")
else:
@@ -384,6 +389,8 @@
if enckey and key:
if ((isinstance(key, keys.ECDSA256P1) and
not isinstance(enckey, keys.ECDSA256P1Public))
+ or (isinstance(key, keys.ECDSA384P1) and
+ not isinstance(enckey, keys.ECDSA384P1Public))
or (isinstance(key, keys.RSA) and
not isinstance(enckey, keys.RSAPublic))):
# FIXME