You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ma...@apache.org on 2016/12/30 01:36:10 UTC
incubator-mynewt-newt git commit: newt;
add option of signing images with NIST P-256 ECSDA.
Repository: incubator-mynewt-newt
Updated Branches:
refs/heads/develop 9c5047253 -> 660e916ac
newt; add option of signing images with NIST P-256 ECSDA.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-newt/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-newt/commit/660e916a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-newt/tree/660e916a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-newt/diff/660e916a
Branch: refs/heads/develop
Commit: 660e916ac278518fd6f7424dcf1f3c61a71f4af4
Parents: 9c50472
Author: Marko Kiiskila <ma...@runtime.io>
Authored: Thu Dec 29 17:35:38 2016 -0800
Committer: Marko Kiiskila <ma...@runtime.io>
Committed: Thu Dec 29 17:35:38 2016 -0800
----------------------------------------------------------------------
newt/image/image.go | 79 +++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 68 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-newt/blob/660e916a/newt/image/image.go
----------------------------------------------------------------------
diff --git a/newt/image/image.go b/newt/image/image.go
index 24e37c8..41dd20e 100644
--- a/newt/image/image.go
+++ b/newt/image/image.go
@@ -99,6 +99,7 @@ const (
IMAGE_F_PKCS15_RSA2048_SHA256 = 0x00000004 /* PKCS15 w/RSA2048 and SHA256 */
IMAGE_F_ECDSA224_SHA256 = 0x00000008 /* ECDSA224 over SHA256 */
IMAGE_F_NON_BOOTABLE = 0x00000010 /* non bootable image */
+ IMAGE_F_ECDSA256_SHA256 = 0x00000020 /* ECDSA256 over SHA256 */
)
/*
@@ -108,6 +109,7 @@ const (
IMAGE_TLV_SHA256 = 1
IMAGE_TLV_RSA2048 = 2
IMAGE_TLV_ECDSA224 = 3
+ IMAGE_TLV_ECDSA256 = 4
)
/*
@@ -247,6 +249,57 @@ func (image *Image) SetSigningKey(fileName string, keyId uint8) error {
return nil
}
+func (image *Image) sigHdrType() (uint32, error) {
+ if image.SigningRSA != nil {
+ return IMAGE_F_PKCS15_RSA2048_SHA256, nil
+ } else if image.SigningEC != nil {
+ switch image.SigningEC.Curve.Params().Name {
+ case "P-224":
+ return IMAGE_F_ECDSA224_SHA256, nil
+ case "P-256":
+ return IMAGE_F_ECDSA256_SHA256, nil
+ default:
+ return 0, util.NewNewtError("Unsupported ECC curve")
+ }
+ } else {
+ return 0, nil
+ }
+}
+
+func (image *Image) sigLen() uint16 {
+ if image.SigningRSA != nil {
+ return 256
+ } else if image.SigningEC != nil {
+ switch image.SigningEC.Curve.Params().Name {
+ case "P-224":
+ return 68
+ case "P-256":
+ return 72
+ default:
+ return 0
+ }
+ } else {
+ return 0
+ }
+}
+
+func (image *Image) sigTlvType() uint8 {
+ if image.SigningRSA != nil {
+ return IMAGE_TLV_RSA2048
+ } else if image.SigningEC != nil {
+ switch image.SigningEC.Curve.Params().Name {
+ case "P-224":
+ return IMAGE_TLV_ECDSA224
+ case "P-256":
+ return IMAGE_TLV_ECDSA256
+ default:
+ return 0
+ }
+ } else {
+ return 0
+ }
+}
+
func (image *Image) Generate(loader *Image) error {
binFile, err := os.Open(image.SourceBin)
if err != nil {
@@ -298,13 +351,15 @@ func (image *Image) Generate(loader *Image) error {
Pad3: 0,
}
- if image.SigningRSA != nil {
- hdr.TlvSz = 4 + 256
- hdr.Flags = IMAGE_F_PKCS15_RSA2048_SHA256
- hdr.KeyId = image.KeyId
- } else if image.SigningEC != nil {
- hdr.TlvSz = 4 + 68
- hdr.Flags = IMAGE_F_ECDSA224_SHA256
+ hdr.Flags, err = image.sigHdrType()
+ if err != nil {
+ return err
+ }
+ if hdr.Flags != 0 {
+ /*
+ * Signature present
+ */
+ hdr.TlvSz = 4 + image.sigLen()
hdr.KeyId = image.KeyId
}
@@ -406,6 +461,8 @@ func (image *Image) Generate(loader *Image) error {
"Failed to compute signature: %s", err))
}
+ sigLen := image.sigLen()
+
var ECDSA ECDSASig
ECDSA.R = r
ECDSA.S = s
@@ -414,14 +471,14 @@ func (image *Image) Generate(loader *Image) error {
return util.NewNewtError(fmt.Sprintf(
"Failed to construct signature: %s", err))
}
- if len(signature) > 68 {
+ if len(signature) > int(sigLen) {
return util.NewNewtError(fmt.Sprintf(
"Something is really wrong\n"))
}
tlv := &ImageTrailerTlv{
- Type: IMAGE_TLV_ECDSA224,
+ Type: image.sigTlvType(),
Pad: 0,
- Len: 68,
+ Len: sigLen,
}
err = binary.Write(imgFile, binary.LittleEndian, tlv)
if err != nil {
@@ -433,7 +490,7 @@ func (image *Image) Generate(loader *Image) error {
return util.NewNewtError(fmt.Sprintf("Failed to append sig: %s",
err.Error()))
}
- pad := make([]byte, 68-len(signature))
+ pad := make([]byte, int(sigLen)-len(signature))
_, err = imgFile.Write(pad)
if err != nil {
return util.NewNewtError(fmt.Sprintf("Failed to serialize image "+