imgtool: Remove default padding of ECDSA sigs
Since commit:
commit a36082664ecc6b62ceea10aa617c546491c3093d
Author: David Brown <david.brown@linaro.org>
Date: Thu Dec 12 15:35:31 2019 -0700
ecdsa: Allow ECDSA signatures to be actual length
MCUboot no longer requires ECDSA signatures to be padded to a fixed
length. This change makes imgtool, by default, also no longer add this
padding to images. There is an option `--pad-sig` that can be given to
the sign command to re-instate this padding. This flag will be needed
to make images that will work with older (pre 1.5.0) versions of
MCUboot.
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/scripts/imgtool/keys/ecdsa.py b/scripts/imgtool/keys/ecdsa.py
index 1fe805e..81aa321 100644
--- a/scripts/imgtool/keys/ecdsa.py
+++ b/scripts/imgtool/keys/ecdsa.py
@@ -52,12 +52,17 @@
return "ECDSA256"
def sig_len(self):
- # The DER encoding depends on the high bit, and can be
- # anywhere from 70 to 72 bytes. Because we have to fill in
- # the length field before computing the signature, however,
- # we'll give the largest, and the sig checking code will allow
- # for it to be up to two bytes larger than the actual
- # signature.
+ # Early versions of MCUboot (< v1.5.0) required ECDSA
+ # signatures to be padded to 72 bytes. Because the DER
+ # encoding is done with signed integers, the size of the
+ # signature will vary depending on whether the high bit is set
+ # in each value. This padding was done in a
+ # not-easily-reversible way (by just adding zeros).
+ #
+ # The signing code no longer requires this padding, and newer
+ # versions of MCUboot don't require it. But, continue to
+ # return the total length so that the padding can be done if
+ # requested.
return 72
def verify(self, signature, payload):
@@ -78,6 +83,7 @@
def __init__(self, key):
"""key should be an instance of EllipticCurvePrivateKey"""
self.key = key
+ self.pad_sig = False
@staticmethod
def generate():
@@ -142,7 +148,10 @@
signature_algorithm=ec.ECDSA(SHA256()))
def sign(self, payload):
- # To make fixed length, pad with one or two zeros.
sig = self.raw_sign(payload)
- sig += b'\000' * (self.sig_len() - len(sig))
- return sig
+ if self.pad_sig:
+ # To make fixed length, pad with one or two zeros.
+ sig += b'\000' * (self.sig_len() - len(sig))
+ return sig
+ else:
+ return sig
diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index 436f3be..d998c5b 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@@ -244,6 +244,9 @@
'image')
@click.option('-H', '--header-size', callback=validate_header_size,
type=BasedIntParamType(), required=True)
+@click.option('--pad-sig', default=False, is_flag=True,
+ help='Add 0-2 bytes of padding to ECDSA signature '
+ '(for mcuboot <1.5)')
@click.option('-d', '--dependencies', callback=get_dependencies,
required=False, help='''Add dependence on another image, format:
"(<image_ID>,<image_version>), ... "''')
@@ -257,7 +260,7 @@
@click.command(help='''Create a signed or unsigned image\n
INFILE and OUTFILE are parsed as Intel HEX if the params have
.hex extension, otherwise binary format is used''')
-def sign(key, align, version, header_size, pad_header, slot_size, pad, confirm,
+def sign(key, align, version, pad_sig, header_size, pad_header, slot_size, pad, confirm,
max_sectors, overwrite_only, endian, encrypt, infile, outfile,
dependencies, load_addr, hex_addr, erased_val, save_enctlv,
security_counter):
@@ -279,6 +282,10 @@
# FIXME
raise click.UsageError("Signing and encryption must use the same "
"type of key")
+
+ if pad_sig and hasattr(key, 'pad_sig'):
+ key.pad_sig = True
+
img.create(key, enckey, dependencies)
img.save(outfile, hex_addr)