14.3.3.1 ECDSA Signature
For ECDSA algorithm only, the user signature is organized based on the following layout:
ECDSA user application signature:
| OpenSSL ECDSA signature | Padding for 32-bit alignment | User App Size (32-bit word) |
The OpenSSL ECDSA signature is located at the beginning (lowest address in internal Flash) of the ECDSA user application signature. The 32-bit trailing word value is the size in bytes of the 128-bit aligned user application in little-endian format.
As an example, for a 1000-byte user application, the size of the 128-bit aligned user application is ((1000 + 16 - 1) / 16) * 16 = 1008 bytes. Hence the 32-bit word is 0x000003F0 and its byte sequence from lowest addresses to highest addresses is 0xF0, 0x03, 0x00, 0x00.
Thus the total size of the ECDSA user application signature, as verified by the ROM code, is always aligned to 32 bits. Therefore, the offset of the X.509 certificate chain in the internal Flash, given by the value of the 8th vector, is also always aligned to 32 bits. However, the size of this X.509 certificate chain, given by the value of the 9th vector, has no alignment constraint.
The layout of the user signature, its signature and the X.509 certificate chain is given in the table below.
| Byte Offset | Data |
|---|---|
| 0x000 | Stack Pointer |
| 0x004 | Reset |
| 0x008 | NMI |
| 0x00C | Hard Fault |
| 0x010 | Mem Manage |
| 0x014 | Bus Fault |
| 0x018 | Usage Fault |
| 0x01C | (User App + Signature) Size |
| 0x020 | X.509 Certificate Chain Size |
| ... | |
| User App Size | OpenSSL ECDSA Signature + Padding for 32-bit alignment |
| ... | |
| (User App + Signature) Size - 0x008 | |
| (User App + Signature) Size - 0x004 | User App Size |
| (User App + Signature) Size | X.509 Certificate Chain |
| ... | |
|
(User App + Signature) Size + X.509 Certificate Chain Size - 0x001 | |
|
(User App + Signature) Size + X.509 Certificate Chain Size | – |