Boot: Add RSA-3072 support to MCUBoot
PSA TBSA-M recommends to use RSA signature for firmware
authentication with at least 3072 bits length key size.
This patch introduces:
- add an example RSA-3072 key
- add configurable RSA-3072 support (RSA-2048 still available)
- set RSA-3072 to default
This change is based on:
https://github.com/JuulLabs-OSS/mcuboot/pull/476
authored by Fabio Utzig <utzig@apache.org>
Change-Id: Ic8d188f64d0dbe54aebf28c2778fb932e1afeeb9
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/bl2/ext/mcuboot/bootutil/include/bootutil/image.h b/bl2/ext/mcuboot/bootutil/include/bootutil/image.h
index 643997a..b9954f0 100644
--- a/bl2/ext/mcuboot/bootutil/include/bootutil/image.h
+++ b/bl2/ext/mcuboot/bootutil/include/bootutil/image.h
@@ -67,6 +67,7 @@
#define IMAGE_TLV_KEYHASH 0x01 /* hash of the public key */
#define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */
#define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */
+#define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */
#define IMAGE_TLV_SEC_CNT 0x50 /* security counter */
#define IMAGE_VER_MAJOR_LENGTH 8
diff --git a/bl2/ext/mcuboot/bootutil/src/image_rsa.c b/bl2/ext/mcuboot/bootutil/src/image_rsa.c
index 3ab03ce..a9f2393 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_rsa.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_rsa.c
@@ -38,13 +38,13 @@
/*
* Constants for this particular constrained implementation of
- * RSA-PSS. In particular, we support RSA 2048, with a SHA256 hash,
- * and a 32-byte salt. A signature with different parameters will be
+ * RSA-PSS. In particular, we support RSA 2048 and RSA 3072, with a SHA256
+ * hash, and a 32-byte salt. A signature with different parameters will be
* rejected as invalid.
*/
/* The size, in octets, of the message. */
-#define PSS_EMLEN 256
+#define PSS_EMLEN (MCUBOOT_SIGN_RSA_LEN / 8)
/* The size of the hash function. For SHA256, this is 32 bytes. */
#define PSS_HLEN 32
@@ -53,7 +53,7 @@
#define PSS_SLEN 32
/* The length of the mask: emLen - hLen - 1. */
-#define PSS_MASK_LEN (256 - PSS_HLEN - 1)
+#define PSS_MASK_LEN (PSS_EMLEN - PSS_HLEN - 1)
#define PSS_HASH_OFFSET PSS_MASK_LEN
diff --git a/bl2/ext/mcuboot/bootutil/src/image_validate.c b/bl2/ext/mcuboot/bootutil/src/image_validate.c
index b9db6de..036d242 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_validate.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_validate.c
@@ -106,9 +106,19 @@
* call. List the type of TLV we are expecting. If we aren't
* configured for any signature, don't define this macro.
*/
+
#if defined(MCUBOOT_SIGN_RSA)
-# define EXPECTED_SIG_TLV IMAGE_TLV_RSA2048_PSS
-# define EXPECTED_SIG_LEN(x) ((x) == 256) /* 2048 bits */
+# if MCUBOOT_SIGN_RSA_LEN == 2048
+# define EXPECTED_SIG_TLV IMAGE_TLV_RSA2048_PSS
+# elif MCUBOOT_SIGN_RSA_LEN == 3072
+# define EXPECTED_SIG_TLV IMAGE_TLV_RSA3072_PSS
+# else
+# error "Unsupported RSA signature length"
+# endif
+# define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
+# define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE)
+#else
+# define SIG_BUF_SIZE 32 /* no signing, sha256 digest only */
#endif
#ifdef EXPECTED_SIG_TLV
@@ -320,7 +330,7 @@
int key_id = -1;
#endif
struct image_tlv tlv;
- uint8_t buf[256];
+ uint8_t buf[SIG_BUF_SIZE];
uint8_t hash[32] = {0};
uint32_t security_cnt;
uint32_t img_security_cnt;