sim: Add generic ECDSA TLV support
Add support to the simulator so that
the generic ECDSA TLV can be tested.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I3322ed829d150ff35abfaaa8ecf69ab7017bd7cf
diff --git a/sim/src/image.rs b/sim/src/image.rs
index 424f646..d484dc0 100644
--- a/sim/src/image.rs
+++ b/sim/src/image.rs
@@ -1889,7 +1889,10 @@
TlvGen::new_rsa3072_pss()
} else if Caps::EcdsaP256.present() {
TlvGen::new_ecdsa()
- } else if Caps::Ed25519.present() {
+ } else if Caps::EcdsaSig.present() {
+ TlvGen::new_generic_ecdsa()
+ }
+ else if Caps::Ed25519.present() {
TlvGen::new_ed25519()
} else {
TlvGen::new_hash_only()
diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs
index fcd6b57..ad0cce5 100644
--- a/sim/src/tlv.rs
+++ b/sim/src/tlv.rs
@@ -54,6 +54,7 @@
ECDSA256 = 0x22,
RSA3072 = 0x23,
ED25519 = 0x24,
+ ECDSASIG = 0x25,
ENCRSA2048 = 0x30,
ENCKW = 0x31,
ENCEC256 = 0x32,
@@ -162,6 +163,13 @@
}
#[allow(dead_code)]
+ pub fn new_generic_ecdsa() -> TlvGen {
+ TlvGen {
+ kinds: vec![TlvKinds::SHA256,TlvKinds::ECDSASIG],
+ ..Default::default()}
+ }
+
+ #[allow(dead_code)]
pub fn new_ed25519() -> TlvGen {
TlvGen {
kinds: vec![TlvKinds::SHA256, TlvKinds::ED25519],
@@ -367,6 +375,10 @@
estimate += 4 + 32; // keyhash
estimate += 4 + 64; // ED25519 signature.
}
+ if self.kinds.contains(&TlvKinds::ECDSASIG) {
+ estimate += 4 + 32; // keyhash
+ estimate += 4 + 72; // ECDSA256 (varies)
+ }
// Estimate encryption.
let flag = TlvFlags::ENCRYPTED_AES256 as u32;
@@ -450,7 +462,7 @@
// signature verification can be validated.
let mut corrupt_hash = self.gen_corrupted;
for k in &[TlvKinds::RSA2048, TlvKinds::RSA3072,
- TlvKinds::ECDSA256, TlvKinds::ED25519]
+ TlvKinds::ECDSA256, TlvKinds::ED25519, TlvKinds::ECDSASIG]
{
if self.kinds.contains(k) {
corrupt_hash = false;
@@ -527,6 +539,28 @@
result.extend_from_slice(&signature);
}
+ if self.kinds.contains(&TlvKinds::ECDSASIG) {
+ let rng = rand::SystemRandom::new();
+ let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY);
+ let key_bytes = pem::parse(include_bytes!("../../root-ec-p256-pkcs8.pem").as_ref()).unwrap();
+ let sign_algo = &ECDSA_P256_SHA256_ASN1_SIGNING;
+ let key_pair = EcdsaKeyPair::from_pkcs8(sign_algo, &key_bytes.contents).unwrap();
+ let signature = key_pair.sign(&rng,&sig_payload).unwrap();
+
+ // Write public key
+ let keyhash_slice = keyhash.as_ref();
+ assert!(keyhash_slice.len() == 32);
+ result.write_u16::<LittleEndian>(TlvKinds::KEYHASH as u16).unwrap();
+ result.write_u16::<LittleEndian>(32).unwrap();
+ result.extend_from_slice(keyhash_slice);
+
+ // Write signature
+ result.write_u16::<LittleEndian>(TlvKinds::ECDSASIG as u16).unwrap();
+ let signature = signature.as_ref().to_vec();
+ result.write_u16::<LittleEndian>(signature.len() as u16).unwrap();
+ result.extend_from_slice(&signature);
+ }
+
if self.kinds.contains(&TlvKinds::ECDSA256) {
let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY);
let keyhash = keyhash.as_ref();