imgtool.py: Support PKCS#1.5 v2.1 RSA-PSS
Add support for the RSA-PSS signature algorithm to imgtool.py. This
algorithm has a strong security proof, and is recommended for all new
designs. The new algorithm is enabled by default for RSA signatures to
match the default in the bootloader also being changed.
diff --git a/scripts/imgtool/keys.py b/scripts/imgtool/keys.py
index d529b59..fc90f9e 100644
--- a/scripts/imgtool/keys.py
+++ b/scripts/imgtool/keys.py
@@ -4,11 +4,16 @@
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
-from Crypto.Signature import PKCS1_v1_5
+from Crypto.Signature import PKCS1_v1_5, PKCS1_PSS
from ecdsa import SigningKey, NIST256p, util
+import hashlib
from pyasn1.type import namedtype, univ
from pyasn1.codec.der.encoder import encode
+# By default, we use RSA-PSS (PKCS 2.1). That can be overridden on
+# the command line to support the older (less secure) PKCS1.5
+sign_rsa_pss = True
+
AUTOGEN_MESSAGE = "/* Autogenerated by imgtool.py, do not edit. */"
class RSAPublicKey(univ.Sequence):
@@ -47,7 +52,10 @@
def sig_type(self):
"""Return the type of this signature (as a string)"""
- return "PKCS15_RSA2048_SHA256"
+ if sign_rsa_pss:
+ return "PKCS1_PSS_RSA2048_SHA256"
+ else:
+ return "PKCS15_RSA2048_SHA256"
def sig_len(self):
return 256
@@ -57,7 +65,10 @@
def sign(self, payload):
sha = SHA256.new(payload)
- signer = PKCS1_v1_5.new(self.key)
+ if sign_rsa_pss:
+ signer = PKCS1_PSS.new(self.key)
+ else:
+ signer = PKCS1_v1_5.new(self.key)
signature = signer.sign(sha)
assert len(signature) == self.sig_len()
return signature