commit 8bbda45fe5f471fbd5c709cba8356657d511d199
author Andy Gross <andy.gross@juul.com> Wed Oct 21 11:45:50 2020 -0500
committer Andy Gross <andy.gross@juul.com> Wed Oct 21 11:45:50 2020 -0500
tree 69e7d44ac6994eab16c91f91ae07e868c27cdbba
parent 210585493d4b3945b700bc9dd3fc14f6045bd7ac

image: Update overlapping TLVs

This patch updates the NONCE and SECRET_ID TLVs to use values in a reserved
vendor range.  The original values are now considered legacy and must remain in
place to deal with images already created using the new TLVs.

Signed-off-by: Andy Gross <andy.gross@juul.com>

image/image.go

diff --git a/image/image.go b/image/image.go
index f3dede9..7defa38 100644
--- a/image/image.go
+++ b/image/image.go
@@ -55,35 +55,39 @@
  * Image trailer TLV types.
  */
 const (
-	IMAGE_TLV_KEYHASH   = 0x01
-	IMAGE_TLV_SHA256    = 0x10
-	IMAGE_TLV_RSA2048   = 0x20
-	IMAGE_TLV_ECDSA224  = 0x21
-	IMAGE_TLV_ECDSA256  = 0x22
-	IMAGE_TLV_RSA3072   = 0x23
-	IMAGE_TLV_ED25519   = 0x24
-	IMAGE_TLV_ENC_RSA   = 0x30
-	IMAGE_TLV_ENC_KEK   = 0x31
-	IMAGE_TLV_ENC_EC256 = 0x32
-	IMAGE_TLV_AES_NONCE = 0x50
-	IMAGE_TLV_SECRET_ID = 0x60
-	IMAGE_TLV_SECTION   = 0xa3
+	IMAGE_TLV_KEYHASH          = 0x01
+	IMAGE_TLV_SHA256           = 0x10
+	IMAGE_TLV_RSA2048          = 0x20
+	IMAGE_TLV_ECDSA224         = 0x21
+	IMAGE_TLV_ECDSA256         = 0x22
+	IMAGE_TLV_RSA3072          = 0x23
+	IMAGE_TLV_ED25519          = 0x24
+	IMAGE_TLV_ENC_RSA          = 0x30
+	IMAGE_TLV_ENC_KEK          = 0x31
+	IMAGE_TLV_ENC_EC256        = 0x32
+	IMAGE_TLV_AES_NONCE_LEGACY = 0x50
+	IMAGE_TLV_SECRET_ID_LEGACY = 0x60
+	IMAGE_TLV_AES_NONCE        = 0xa1
+	IMAGE_TLV_SECRET_ID        = 0xa2
+	IMAGE_TLV_SECTION          = 0xa3
 )
 
 var imageTlvTypeNameMap = map[uint8]string{
-	IMAGE_TLV_KEYHASH:   "KEYHASH",
-	IMAGE_TLV_SHA256:    "SHA256",
-	IMAGE_TLV_RSA2048:   "RSA2048",
-	IMAGE_TLV_ECDSA224:  "ECDSA224",
-	IMAGE_TLV_ECDSA256:  "ECDSA256",
-	IMAGE_TLV_RSA3072:   "RSA3072",
-	IMAGE_TLV_ED25519:   "ED25519",
-	IMAGE_TLV_ENC_RSA:   "ENC_RSA",
-	IMAGE_TLV_ENC_KEK:   "ENC_KEK",
-	IMAGE_TLV_ENC_EC256: "ENC_EC256",
-	IMAGE_TLV_AES_NONCE: "AES_NONCE",
-	IMAGE_TLV_SECRET_ID: "SEC_KEY_ID",
-	IMAGE_TLV_SECTION:   "SECTION",
+	IMAGE_TLV_KEYHASH:          "KEYHASH",
+	IMAGE_TLV_SHA256:           "SHA256",
+	IMAGE_TLV_RSA2048:          "RSA2048",
+	IMAGE_TLV_ECDSA224:         "ECDSA224",
+	IMAGE_TLV_ECDSA256:         "ECDSA256",
+	IMAGE_TLV_RSA3072:          "RSA3072",
+	IMAGE_TLV_ED25519:          "ED25519",
+	IMAGE_TLV_ENC_RSA:          "ENC_RSA",
+	IMAGE_TLV_ENC_KEK:          "ENC_KEK",
+	IMAGE_TLV_ENC_EC256:        "ENC_EC256",
+	IMAGE_TLV_AES_NONCE:        "AES_NONCE",
+	IMAGE_TLV_SECRET_ID:        "SEC_KEY_ID",
+	IMAGE_TLV_AES_NONCE_LEGACY: "AES_NONCE",
+	IMAGE_TLV_SECRET_ID_LEGACY: "SEC_KEY_ID",
+	IMAGE_TLV_SECTION:          "SECTION",
 }
 
 var imageTlvTypeSigTypeMap = map[uint8]sec.SigType{