Add support for ECDSA signatures
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.
Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
diff --git a/verifier.h b/verifier.h
index 6ce1b44..023d3bf 100644
--- a/verifier.h
+++ b/verifier.h
@@ -17,11 +17,24 @@
#ifndef _RECOVERY_VERIFIER_H
#define _RECOVERY_VERIFIER_H
+#include "mincrypt/p256.h"
#include "mincrypt/rsa.h"
-typedef struct Certificate {
+typedef struct {
+ p256_int x;
+ p256_int y;
+} ECPublicKey;
+
+typedef struct {
+ typedef enum {
+ RSA,
+ EC,
+ } KeyType;
+
int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256)
- RSAPublicKey* public_key;
+ KeyType key_type;
+ RSAPublicKey* rsa;
+ ECPublicKey* ec;
} Certificate;
/* Look in the file for a signature footer, and verify that it