TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 3501c01641f080d0c1d8433eb299e218fb21c091^! / . / boot / bootutil / src
commit3501c01641f080d0c1d8433eb299e218fb21c091[log] [tgz]
authorFabio Utzig <utzig@apache.org>Mon May 13 15:07:25 2019 -0700
committerFabio Utzig <utzig@utzig.org>Thu May 16 14:01:19 2019 -0300
treebedde0f97d7cf350e77e91790dd494ec13ee702e
parent105b59a9b91dbaeac04ef852a45206a57eed61db [diff]
Add bootutil support for RSA-3072

Signed-off-by: Fabio Utzig <utzig@apache.org>

diff --git a/boot/bootutil/src/image_rsa.c b/boot/bootutil/src/image_rsa.c
index 0534c12..53a4591 100644
--- a/boot/bootutil/src/image_rsa.c
+++ b/boot/bootutil/src/image_rsa.c

@@ -39,7 +39,7 @@
  */
 
 /* The size, in octets, of the message. */
-#define PSS_EMLEN 256
+#define PSS_EMLEN (MCUBOOT_SIGN_RSA_LEN / 8)
 
 /* The size of the hash function.  For SHA256, this is 32 bytes. */
 #define PSS_HLEN 32
@@ -48,7 +48,7 @@
 #define PSS_SLEN 32
 
 /* The length of the mask: emLen - hLen - 1. */
-#define PSS_MASK_LEN (256 - PSS_HLEN - 1)
+#define PSS_MASK_LEN (PSS_EMLEN - PSS_HLEN - 1)
 
 #define PSS_HASH_OFFSET PSS_MASK_LEN
 

diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index 9a5fe57..6597a81 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c

@@ -123,21 +123,32 @@
  * call.  List the type of TLV we are expecting.  If we aren't
  * configured for any signature, don't define this macro.
  */
+#if (defined(MCUBOOT_SIGN_RSA)   + \
+     defined(MCUBOOT_SIGN_EC)    + \
+     defined(MCUBOOT_SIGN_EC256)) > 1
+#error "Only a single signature type is supported!"
+#endif
+
 #if defined(MCUBOOT_SIGN_RSA)
-#    define EXPECTED_SIG_TLV IMAGE_TLV_RSA2048_PSS
-#    define EXPECTED_SIG_LEN(x) ((x) == 256) /* 2048 bits */
-#    if defined(MCUBOOT_SIGN_EC) || defined(MCUBOOT_SIGN_EC256)
-#        error "Multiple signature types not yet supported"
+#    if MCUBOOT_SIGN_RSA_LEN == 2048
+#        define EXPECTED_SIG_TLV IMAGE_TLV_RSA2048_PSS
+#    elif MCUBOOT_SIGN_RSA_LEN == 3072
+#        define EXPECTED_SIG_TLV IMAGE_TLV_RSA3072_PSS
+#    else
+#        error "Unsupported RSA signature length"
 #    endif
+#    define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
+#    define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE) /* 2048 bits */
 #elif defined(MCUBOOT_SIGN_EC)
 #    define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA224
+#    define SIG_BUF_SIZE 128
 #    define EXPECTED_SIG_LEN(x) ((x) >= 64) /* oids + 2 * 28 bytes */
-#    if defined(MCUBOOT_SIGN_EC256)
-#        error "Multiple signature types not yet supported"
-#    endif
 #elif defined(MCUBOOT_SIGN_EC256)
 #    define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA256
+#    define SIG_BUF_SIZE 128
 #    define EXPECTED_SIG_LEN(x) ((x) >= 72) /* oids + 2 * 32 bytes */
+#else
+#    define SIG_BUF_SIZE 32 /* no signing, sha256 digest only */
 #endif
 
 #ifdef EXPECTED_SIG_TLV
@@ -182,7 +193,7 @@
     int key_id = -1;
 #endif
     struct image_tlv tlv;
-    uint8_t buf[256];
+    uint8_t buf[SIG_BUF_SIZE];
     uint8_t hash[32];
     int rc;