commit f4e904d4beee1645a01e0cec87350e025e5c3a0f
author David Brown <david.brown@linaro.org> Wed May 31 13:21:39 2017 -0600
committer David Brown <david.brown@linaro.org> Tue Jun 13 16:02:48 2017 -0400
tree aab2e4505a231a9eba7c02bb0e09a8a71263dba0
parent 85d879f195f23f6a8daa0c09957a01f887e96d72

rsa: Add support for RSA-PSS

The PKCS#1 standards, which define RSA signatures, are currently at
version 2.2.  Starting in v2.1, the standard defines a new signature
method RSA-PSS, which has a stronger security proof than the signature
method used in earlier versions.  The standard recommends that RSA-PSS
be used in new designs, instead of the older algorithm.

This patch implements RSA-PSS verification for a specific set of
parameters:

    - RSA-2048
    - SHA256 for both the message digest and the internal hash
    - 32-byte salt
    - 2047 bit message

Although RSA-PSS supports other parameters, due to size constraints,
this verificatino code only supports these specific parameters, and
signatures with other parameters will be considered invalid.

To encourage the use of the more secure algorithm, the default build
configuration is RSA-PSS.  BOOTUTIL_RSA_PKCS1_15 needs to be defined in
order to support the older signature algorithm.

boot/bootutil/src/image_validate.c

diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index 00d43c6..2741c37 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -110,9 +110,15 @@
     int rc;
 
 #ifdef MCUBOOT_SIGN_RSA
+#ifdef MCUBOOT_RSA_PKCS1_15
     if ((hdr->ih_flags & IMAGE_F_PKCS15_RSA2048_SHA256) == 0) {
         return -1;
     }
+#else
+    if ((hdr->ih_flags & IMAGE_F_PKCS1_PSS_RSA2048_SHA256) == 0) {
+        return -1;
+    }
+#endif
 #endif
 #ifdef MCUBOOT_SIGN_EC
     if ((hdr->ih_flags & IMAGE_F_ECDSA224_SHA256) == 0) {