wolfSSL · danielinux · Apr 5, 2024 · Apr 1, 2024 · Apr 2, 2024 · Apr 3, 2024
diff --git a/.github/workflows/test-keytools.yml b/.github/workflows/test-keytools.yml
@@ -264,3 +264,9 @@ jobs:
           ./tools/keytools/sign --ecc256 --sha256 --custom-tlv-buffer 0x46 48656C6C6F20776F726C64 test-app/image.elf wolfboot_signing_private_key.der 3
           grep "Hello world" test-app/image_v3_signed.bin
 
+      - name: Sign app with custom string TLV included
+        run: |
+          ./tools/keytools/sign --ecc256 --sha256 --custom-tlv-string 0x46 "Hello world" test-app/image.elf wolfboot_signing_private_key.der 3
+          grep "Hello world" test-app/image_v3_signed.bin
+
+
diff --git a/docs/Signing.md b/docs/Signing.md
@@ -196,6 +196,12 @@ Provides a value to be set with a custom tag
    Value argument is in the form of a hex string, e.g. `--custom-tlv-buffer 0x0030 AABBCCDDEE`
    will add a TLV entry with tag 0x0030, length 5 and value 0xAABBCCDDEE.
 
+   * `--custom-tlv-string tag ascii-string`: Adds a TLV entry with arbitrary length to the manifest
+   header, corresponding to the type identified by `tag`, and assigns the value of `ascii-string`. The
+   tag is a 16-bit number. Valid tags are in the range between 0x0030 and 0xFEFE. The length
+   is implicit, and is the length of the `ascii-string`. `ascii-string` argument is in the form of a string,
+   e.g. `--custom-tlv-string 0x0030 "Version-1"` will add a TLV entry with tag 0x0030,
+   length 9 and value Version-1.
 
 #### Three-steps signing using external provisioning tools
 

diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c
@@ -2072,6 +2072,44 @@ int main(int argc, char** argv)
             }
             CMD.custom_tlvs++;
             i += 2;
+        } else if (strcmp(argv[i], "--custom-tlv-string") == 0) {
+            int p = CMD.custom_tlvs;
+            uint16_t tag, len;
+            uint32_t j;
+            if (p >= MAX_CUSTOM_TLVS) {
+                fprintf(stderr, "Too many custom TLVs.\n");
+                exit(16);
+            }
+            if (argc < (i + 2)) {
+                fprintf(stderr, "Invalid custom TLV fields. \n");
+                exit(16);
+            }
+            tag = (uint16_t)arg2num(argv[i + 1], 2);
+            len = (uint16_t)strlen(argv[i + 2]);
+            if (tag < 0x0030) {
+                fprintf(stderr, "Invalid custom tag: %s\n", argv[i + 1]);
+                exit(16);
+            }
+            if ( ((tag & 0xFF00) == 0xFF00) || ((tag & 0xFF) == 0xFF) ) {
+                fprintf(stderr, "Invalid custom tag: %s\n", argv[i + 1]);
+                exit(16);
+            }
+            if (len > 255) {
+                fprintf(stderr, "custom tlv buffer size too big: %s\n", argv[i + 2]);
+                exit(16);
+            }
+            CMD.custom_tlv[p].tag = tag;
+            CMD.custom_tlv[p].len = len;
+            CMD.custom_tlv[p].buffer = malloc(len);
+            if (CMD.custom_tlv[p].buffer == NULL) {
+                fprintf(stderr, "Error malloc for custom tlv buffer %d\n", len);
+                exit(16);
+            }
+            for (j = 0; j < len; j++) {
+                CMD.custom_tlv[p].buffer[j] = (uint8_t)argv[i+2][j];
+            }
+            CMD.custom_tlvs++;
+            i += 2;
         }
         else {
             i--;