Add Zephyr config for RSA-3072 Signed-off-by: Fabio Utzig <utzig@apache.org>

commit: 105b59a9b91dbaeac04ef852a45206a57eed61db [log] [tgz]
author: Fabio Utzig <utzig@apache.org> Mon May 13 15:08:12 2019 -0700
committer: Fabio Utzig <utzig@utzig.org> Thu May 16 14:01:19 2019 -0300
tree: c5f736cc4f1a4b9e098170847de5942239dd8c43
parent: 61f86fd8480f5dce31df05d08c133f1012f32b13 [diff] [blame]
diff --git a/boot/zephyr/os.c b/boot/zephyr/os.c
index 48fb4de..2d9faae 100644
--- a/boot/zephyr/os.c
+++ b/boot/zephyr/os.c

@@ -29,11 +29,15 @@
 
 /*
  * This is the heap for mbed TLS.  The value needed depends on the key
- * size and algorithm used.  For RSA-2048 signing, 6144 bytes seems to be
- * enough. When using RSA-2048-OAEP encryption + RSA-2048 signing, 10240
- * bytes seem to be enough.
+ * size and algorithm used.
+ *
+ * - RSA-2048 signing without encryption is known to work well with 6144 bytes;
+ * - When using RSA-2048-OAEP encryption + RSA-2048 signing, or RSA-3072
+ *   signing (no encryption) 10240 bytes seems to be enough.
+ *
+ * NOTE: RSA-3072 signing + RSA-2048-OAEP might require growing the size...
  */
-#if !defined(CONFIG_BOOT_ENCRYPT_RSA)
+#if (CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN == 2048) && !defined(CONFIG_BOOT_ENCRYPT_RSA)
 #define CRYPTO_HEAP_SIZE 6144
 #else
 #define CRYPTO_HEAP_SIZE 10240
commit	105b59a9b91dbaeac04ef852a45206a57eed61db	[log] [tgz]
author	Fabio Utzig <utzig@apache.org>	Mon May 13 15:08:12 2019 -0700
committer	Fabio Utzig <utzig@utzig.org>	Thu May 16 14:01:19 2019 -0300
tree	c5f736cc4f1a4b9e098170847de5942239dd8c43
parent	61f86fd8480f5dce31df05d08c133f1012f32b13 [diff] [blame]