fix: RSA: Use 32-byte salt with PSS The verification code requires a fixed 32-byte salt, which seems is what the old crypto library did. Use this same value to avoid having to modify the code. Signed-off-by: David Brown <david.brown@linaro.org>

commit: 20462a717970cb811ecbb42650dd7bcb18561eb8 [log] [tgz]
author: David Brown <david.brown@linaro.org> Tue Nov 21 14:28:51 2017 -0700
committer: David Brown <davidb@davidb.org> Tue Jan 09 09:41:30 2018 -0700
tree: 138bb8f15f48664767fa28cd08e2afb54f1e272c
parent: 1d5bea1cf700bcb31d3853f7c3c2ed99f2bc9e66 [diff] [blame]
diff --git a/scripts/imgtool/keys/rsa.py b/scripts/imgtool/keys/rsa.py
index 96951c9..4ddbfc6 100644
--- a/scripts/imgtool/keys/rsa.py
+++ b/scripts/imgtool/keys/rsa.py

@@ -87,7 +87,9 @@
             f.write(pem)
 
     def sign(self, payload):
+        # The verification code only allows the salt length to be the
+        # same as the hash length, 32.
         return self.key.sign(
                 data=payload,
-                padding=PSS(mgf=MGF1(SHA256()), salt_length=PSS.MAX_LENGTH),
+                padding=PSS(mgf=MGF1(SHA256()), salt_length=32),
                 algorithm=SHA256())
commit	20462a717970cb811ecbb42650dd7bcb18561eb8	[log] [tgz]
author	David Brown <david.brown@linaro.org>	Tue Nov 21 14:28:51 2017 -0700
committer	David Brown <davidb@davidb.org>	Tue Jan 09 09:41:30 2018 -0700
tree	138bb8f15f48664767fa28cd08e2afb54f1e272c
parent	1d5bea1cf700bcb31d3853f7c3c2ed99f2bc9e66 [diff] [blame]