TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 63d2346da428398077e3cf711d80ba8c0e6ff298^! / .
commit63d2346da428398077e3cf711d80ba8c0e6ff298[log] [tgz]
authorRoland Mikhel <roland.mikhel@arm.com>Wed Feb 08 14:00:54 2023 +0100
committerDávid Vincze <david.vincze@arm.com>Wed Apr 26 13:27:44 2023 +0200
treebea9498f42cebb7d0a9947a2e551db9d10d87174
parentb08e77e0f320ab7f165c668dc405b38910b3add5 [diff]
bootutil: Remove curve specific ECDSA TLVs

Remove those TLVs that are tied to a specific curve and update
the image validation logic to look for the new generic TLV

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I924f2742424bc255fbed1b0941648baa88f60147

diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h
index 22980d9..18b099c 100644
--- a/boot/bootutil/include/bootutil/image.h
+++ b/boot/bootutil/include/bootutil/image.h

@@ -86,10 +86,10 @@
 #define IMAGE_TLV_SHA256            0x10   /* SHA256 of image hdr and body */
 #define IMAGE_TLV_RSA2048_PSS       0x20   /* RSA2048 of hash output */
 #define IMAGE_TLV_ECDSA224          0x21   /* ECDSA of hash output - Not supported anymore */
-#define IMAGE_TLV_ECDSA256          0x22   /* ECDSA of hash output */
+#define IMAGE_TLV_ECDSA256          0x22   /* ECDSA of hash output - Not supported anymore */
 #define IMAGE_TLV_RSA3072_PSS       0x23   /* RSA3072 of hash output */
 #define IMAGE_TLV_ED25519           0x24   /* ed25519 of hash output */
-#define IMAGE_TLV_ECDSA_SIG         0x25   /* generic ECDSA signature */
+#define IMAGE_TLV_ECDSA_SIG         0x25   /* ECDSA of hash output */
 #define IMAGE_TLV_ENC_RSA2048       0x30   /* Key encrypted with RSA-OAEP-2048 */
 #define IMAGE_TLV_ENC_KW            0x31   /* Key encrypted with AES-KW 128 or 256*/
 #define IMAGE_TLV_ENC_EC256         0x32   /* Key encrypted with ECIES-EC256 */

diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index 07e0e85..699017a 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c

@@ -184,10 +184,11 @@
 #    endif
 #    define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
 #    define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE) /* 2048 bits */
-#elif defined(MCUBOOT_SIGN_EC256)
-#    define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA256
+#elif defined(MCUBOOT_SIGN_EC256) || \
+      defined(MCUBOOT_SIGN_EC)
+#    define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA_SIG
 #    define SIG_BUF_SIZE 128
-#    define EXPECTED_SIG_LEN(x)  (1) /* always true, ASN.1 will validate */
+#    define EXPECTED_SIG_LEN(x) (1) /* always true, ASN.1 will validate */
 #elif defined(MCUBOOT_SIGN_ED25519)
 #    define EXPECTED_SIG_TLV IMAGE_TLV_ED25519
 #    define SIG_BUF_SIZE 64

diff --git a/docs/design.md b/docs/design.md
index 7a192cd..12d68ee 100755
--- a/docs/design.md
+++ b/docs/design.md

@@ -108,9 +108,10 @@
 #define IMAGE_TLV_SHA256            0x10   /* SHA256 of image hdr and body */
 #define IMAGE_TLV_RSA2048_PSS       0x20   /* RSA2048 of hash output */
 #define IMAGE_TLV_ECDSA224          0x21   /* ECDSA of hash output - Not supported anymore */
-#define IMAGE_TLV_ECDSA256          0x22   /* ECDSA of hash output */
+#define IMAGE_TLV_ECDSA256          0x22   /* ECDSA of hash output - Not supported anymore */
 #define IMAGE_TLV_RSA3072_PSS       0x23   /* RSA3072 of hash output */
 #define IMAGE_TLV_ED25519           0x24   /* ED25519 of hash output */
+#define IMAGE_TLV_ECDSA_SIG         0x25   /* ECDSA of hash output */
 #define IMAGE_TLV_ENC_RSA2048       0x30   /* Key encrypted with RSA-OAEP-2048 */
 #define IMAGE_TLV_ENC_KW            0x31   /* Key encrypted with AES-KW-128 or
                                               256 */