imgtool: Add generic ECDSA TLV support
Update imgtool to support the new
generic ECDSA TLV and the ECDSA
p384 curve type with sha-384
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I9b1887610cc5d0e7cde90f47999fcdf3500ef51c
diff --git a/scripts/imgtool/keys/__init__.py b/scripts/imgtool/keys/__init__.py
index dfd101d..ed2fed5 100644
--- a/scripts/imgtool/keys/__init__.py
+++ b/scripts/imgtool/keys/__init__.py
@@ -1,4 +1,5 @@
# Copyright 2017 Linaro Limited
+# Copyright 2023 Arm Limited
#
# SPDX-License-Identifier: Apache-2.0
#
@@ -30,7 +31,8 @@
X25519PrivateKey, X25519PublicKey)
from .rsa import RSA, RSAPublic, RSAUsageError, RSA_KEY_SIZES
-from .ecdsa import ECDSA256P1, ECDSA256P1Public, ECDSAUsageError
+from .ecdsa import (ECDSA256P1, ECDSA256P1Public,
+ ECDSA384P1, ECDSA384P1Public, ECDSAUsageError)
from .ed25519 import Ed25519, Ed25519Public, Ed25519UsageError
from .x25519 import X25519, X25519Public, X25519UsageError
@@ -42,7 +44,8 @@
def load(path, passwd=None):
- """Try loading a key from the given path. Returns None if the password wasn't specified."""
+ """Try loading a key from the given path.
+ Returns None if the password wasn't specified."""
with open(path, 'rb') as f:
raw_pem = f.read()
try:
@@ -73,17 +76,23 @@
raise Exception("Unsupported RSA key size: " + pk.key_size)
return RSAPublic(pk)
elif isinstance(pk, EllipticCurvePrivateKey):
- if pk.curve.name != 'secp256r1':
+ if pk.curve.name not in ('secp256r1', 'secp384r1'):
raise Exception("Unsupported EC curve: " + pk.curve.name)
- if pk.key_size != 256:
+ if pk.key_size not in (256, 384):
raise Exception("Unsupported EC size: " + pk.key_size)
- return ECDSA256P1(pk)
+ if pk.curve.name == 'secp256r1':
+ return ECDSA256P1(pk)
+ elif pk.curve.name == 'secp384r1':
+ return ECDSA384P1(pk)
elif isinstance(pk, EllipticCurvePublicKey):
- if pk.curve.name != 'secp256r1':
+ if pk.curve.name not in ('secp256r1', 'secp384r1'):
raise Exception("Unsupported EC curve: " + pk.curve.name)
- if pk.key_size != 256:
+ if pk.key_size not in (256, 384):
raise Exception("Unsupported EC size: " + pk.key_size)
- return ECDSA256P1Public(pk)
+ if pk.curve.name == 'secp256r1':
+ return ECDSA256P1Public(pk)
+ elif pk.curve.name == 'secp384r1':
+ return ECDSA384P1Public(pk)
elif isinstance(pk, Ed25519PrivateKey):
return Ed25519(pk)
elif isinstance(pk, Ed25519PublicKey):