Add simulator support for RSA-3072 sigs
Signed-off-by: Fabio Utzig <utzig@apache.org>
This commit is contained in:
parent
19fd79a496
commit
3929743408
|
@ -40,6 +40,7 @@ uint32_t bootutil_get_caps(void);
|
|||
#define BOOTUTIL_CAP_ENC_RSA (1<<5)
|
||||
#define BOOTUTIL_CAP_ENC_KW (1<<6)
|
||||
#define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT (1<<7)
|
||||
#define BOOTUTIL_CAP_RSA3072 (1<<8)
|
||||
|
||||
/*
|
||||
* Query the number of images this bootloader is configured for. This
|
||||
|
|
|
@ -22,8 +22,13 @@ uint32_t bootutil_get_caps(void)
|
|||
uint32_t res = 0;
|
||||
|
||||
#if defined(MCUBOOT_SIGN_RSA)
|
||||
#if MCUBOOT_SIGN_RSA_LEN == 2048
|
||||
res |= BOOTUTIL_CAP_RSA2048;
|
||||
#endif
|
||||
#if MCUBOOT_SIGN_RSA_LEN == 3072
|
||||
res |= BOOTUTIL_CAP_RSA3072;
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MCUBOOT_SIGN_EC)
|
||||
res |= BOOTUTIL_CAP_ECDSA_P224;
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIG5AIBAAKCAYEAtCwOmFgQpKdYmXwB3QgqKDQz+JYaNCBdRchxJiXl0pbqe7EV
|
||||
qqaKYyKLLU6Bc79uFWiMGvTvKo+MIp5xV0veD35y03q4px1ErYcAg1z9cwVyRj+L
|
||||
+RAA2G7Mhe35Sdt4NoBJOHbdX1QE2ow0pysTJW/RFU+twuGl0k5XDH6cm7pOaLLg
|
||||
JQKqANO0zC945b5HZx/IbiJsXmG2ms3lqLp6gBMbFy6W7c+zm+Qc6K2n9jpRZl6Z
|
||||
jofuYCX4jb7OpKjKk2zXv9RzM41EhcxzMAicTbKqWmxve6u3s3zD++fKxPiab8u7
|
||||
W4LneugZ/S8RIvt/doxrlKQJT6Vqd1Hrp37ahwbu3L7R6hpAHRv/GrFRfBKw8/aD
|
||||
AZznDJm/rGhYcqSwWYXuhawqIvTPFQiAHw3QHqCglMj3+mXdUuiWNyMwVzbmnfQM
|
||||
SgV1H60ByrdtjEN0BgqB8wFi//f1X6/nKw74gbVl3QHZnwcXihjPI26IZZG1e9Ow
|
||||
La+TZmN0rFrmc947AgMBAAECggGBAJjDTjCvYpUo6r9gXHgbZxslf/dC1b7ivhLf
|
||||
68gLk/xlRzVPJW7GvElnzZfBm5MXeXAfb8Ofb3WntorXyoPY6NQ8Q4G56PyQnV2A
|
||||
PNgkrSSsNoMHeFfZ0M2xzCm2Z4rO0fNr/Ckq53HfXCotfKtMo3Q3hZDLOSomhqF1
|
||||
GOuYIpMLeVXebJwU0S3YUtBZY+lv1zzBvwBaoYW41coVz6arThhvmqWiNAg49jG0
|
||||
TSqfquzj74abqRkned798uvEH5OPJJ6r/7HrjbSan2HfhiQgWebR6NV5xtmAy//2
|
||||
iuNqrm9e1Qrinjo1teHP63hzGQbk9HzXdIzMmw83vHOppFmteOCSxJIxJ2h4RlsV
|
||||
ln/7O5N4jAhdpqu/5AWBlWHefEsWvxfGUwmBdtxF0M4p+Z5qGIIX/WGHx+Eg9qsP
|
||||
1NhnMhQ8DJjCPNzej7dmsiHcICsI/SJ84Xby5KlG8OJbsYSpzyd4/PD789VXSTK/
|
||||
BwIN3IZsWhNw1G7AOfzch86fXNpCoQKBwQDlvyQII6M8etnZMYGFNKDxpcRahrF4
|
||||
znENW3IDsm41044oy+qv8fR7NFI+88xcbm/zzQ+oz4FGAcTNfUa1JAII/h1oJx7Q
|
||||
eAFytlGq41cxnGfVGSemmpEOgZqzWVneFnZ8s/81sq35/OzpQ+pKgTN8SYgjySQb
|
||||
f5pJECHV3oaX6g/DZcEU6JngYWyG4gAovBph/EXaPn3saHUo7u75yD6HnLxcxa4C
|
||||
//Zs9NOHmRDxW1AFq6c9qqHjAwiwoWz/1PECgcEAyMKx1WjcdW7AU4TmMoWY7dwc
|
||||
ginhBzEne7z5hgnabsnFaudRpAix/IBT0G0/lDEBXja+j8V56Jy7xCVLmJi044nj
|
||||
fzCn0bbtOHOE3BztGP7eWRODN+2u/V9xk6v7y4R7NOLzE7+1/SupaYWW5uQo9Z1v
|
||||
CamU7MuIXq6b9BS3HD8vS9IpeDQIJKQ9G0NIRN9naLwyfLk0EXBDqE0VlXWusDi8
|
||||
B9W5ZQ0l9dY2XLCx8Gx7Foc8UA85EvivtfpC3bXrAoHACywfYXHyNze2LlS0+rhT
|
||||
d0zbXpecO8a2QrMGuV1M9Lsj96Hq+MFoZTFnKn6KmpgYQ5/eOhRVMgVV/7Qu4xIs
|
||||
MynAXldArVyYnW52TDwf+l6jwf4mKnjrwuvUjRI0R5OKEYhjScY1pamCD9noo9Ti
|
||||
nxGoWC0o31l2NEVfj9nxa6PLPnJNUGn7SakTMP/+h/yVv9wXvYQ6dWui/umXn3f4
|
||||
annZwx0t2CGAZ04El1x/MW2CV7RAPsR0eOil3IkNFufRAoHAVDtj879oaBkMtr4W
|
||||
+3GURZBJoc9CbAsSntcd9kAiFsOvgfgGCAXh76hEAjokJ+Aby9S6RYY8bP19xoFD
|
||||
Y4YGt0U+Xzoh31qZ00qcnuHAFPGyhrsqHggqmII4HBZXsf8m1ny2Mj4IdG2iSfTT
|
||||
6JIoIU1prispoeSPlfI62sDqRv63sF9AKP/jvsPuI4cqRkNZltcHc88c6ogoyu90
|
||||
s93JaoSTV9IzVBOdLrUu39r+/Xn2dvBMvOZ2MuCGkJqs/Wr7AoHBAL1k1bH0+xs3
|
||||
sMQjxXyo5CYe5fmi1y8Gnt05kivgvGaGPLIb2lG8JRfIhasO04DrvxnW5EBiap6s
|
||||
rtAF+MU55/EjXn97fs1TvDRwZ2/SJRCACHepFnXrPMz1dBBe8IG7s8Ai5WTDuVbb
|
||||
7T4/8fwSrqAnIF7oQwHFwlpDnFGUJLZCJ/+H/jjcn2TgTnGIENTwlSIofhcWT+Ot
|
||||
GtlLLU4J6+l07vVfueEofoJMfqWjDUpOr3FmnP+K2drZWFnzv/3Rgg==
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -8,6 +8,7 @@ edition = "2018"
|
|||
default = []
|
||||
|
||||
sig-rsa = ["mcuboot-sys/sig-rsa"]
|
||||
sig-rsa3072 = ["mcuboot-sys/sig-rsa3072"]
|
||||
sig-ecdsa = ["mcuboot-sys/sig-ecdsa"]
|
||||
overwrite-only = ["mcuboot-sys/overwrite-only"]
|
||||
validate-primary-slot = ["mcuboot-sys/validate-primary-slot"]
|
||||
|
|
|
@ -15,6 +15,9 @@ default = []
|
|||
# compile with both sig-rsa and sig-ecdsa enabled.
|
||||
sig-rsa = []
|
||||
|
||||
# Verify RSA-3072 signatures.
|
||||
sig-rsa3072 = []
|
||||
|
||||
# Verify ECDSA (secp256r1) signatures.
|
||||
sig-ecdsa = []
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ use std::path::Path;
|
|||
fn main() {
|
||||
// Feature flags.
|
||||
let sig_rsa = env::var("CARGO_FEATURE_SIG_RSA").is_ok();
|
||||
let sig_rsa3072 = env::var("CARGO_FEATURE_SIG_RSA3072").is_ok();
|
||||
let sig_ecdsa = env::var("CARGO_FEATURE_SIG_ECDSA").is_ok();
|
||||
let overwrite_only = env::var("CARGO_FEATURE_OVERWRITE_ONLY").is_ok();
|
||||
let validate_primary_slot =
|
||||
|
@ -35,13 +36,23 @@ fn main() {
|
|||
conf.define("MCUBOOT_VALIDATE_PRIMARY_SLOT", None);
|
||||
}
|
||||
|
||||
// Currently, mbed TLS cannot build with both RSA and ECDSA.
|
||||
if sig_rsa && sig_ecdsa {
|
||||
panic!("mcuboot does not support RSA and ECDSA at the same time");
|
||||
// Currently no more than one sig type can be used simultaneously.
|
||||
if vec![sig_rsa, sig_rsa3072, sig_ecdsa].iter()
|
||||
.fold(0, |sum, &v| sum + v as i32) > 1 {
|
||||
panic!("mcuboot does not support more than one sig type at the same time");
|
||||
}
|
||||
|
||||
if sig_rsa {
|
||||
if sig_rsa || sig_rsa3072 {
|
||||
conf.define("MCUBOOT_SIGN_RSA", None);
|
||||
// The Kconfig style defines must be added here as well because
|
||||
// they are used internally by "config-rsa.h"
|
||||
if sig_rsa {
|
||||
conf.define("MCUBOOT_SIGN_RSA_LEN", "2048");
|
||||
conf.define("CONFIG_BOOT_SIGNATURE_TYPE_RSA_2048", None);
|
||||
} else {
|
||||
conf.define("MCUBOOT_SIGN_RSA_LEN", "3072");
|
||||
conf.define("CONFIG_BOOT_SIGNATURE_TYPE_RSA_3072", None);
|
||||
}
|
||||
conf.define("MCUBOOT_USE_MBED_TLS", None);
|
||||
|
||||
conf.include("mbedtls/include");
|
||||
|
@ -114,7 +125,7 @@ fn main() {
|
|||
conf.file("../../boot/bootutil/src/encrypted.c");
|
||||
conf.file("csupport/keys.c");
|
||||
|
||||
if sig_rsa {
|
||||
if sig_rsa || sig_rsa3072 {
|
||||
conf.file("mbedtls/library/sha256.c");
|
||||
}
|
||||
|
||||
|
@ -141,7 +152,7 @@ fn main() {
|
|||
|
||||
if sig_rsa && enc_kw {
|
||||
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa-kw.h>"));
|
||||
} else if sig_rsa || enc_rsa {
|
||||
} else if sig_rsa || sig_rsa3072 || enc_rsa {
|
||||
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa.h>"));
|
||||
} else if sig_ecdsa && !enc_kw {
|
||||
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
|
||||
|
@ -150,7 +161,7 @@ fn main() {
|
|||
}
|
||||
|
||||
conf.file("../../boot/bootutil/src/image_validate.c");
|
||||
if sig_rsa {
|
||||
if sig_rsa || sig_rsa3072 {
|
||||
conf.file("../../boot/bootutil/src/image_rsa.c");
|
||||
} else if sig_ecdsa {
|
||||
conf.file("../../boot/bootutil/src/image_ec256.c");
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
#include <mcuboot_config/mcuboot_config.h>
|
||||
|
||||
#if defined(MCUBOOT_SIGN_RSA)
|
||||
#if MCUBOOT_SIGN_RSA_LEN == 2048
|
||||
#define HAVE_KEYS
|
||||
const unsigned char root_pub_der[] = {
|
||||
0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd1, 0x06, 0x08,
|
||||
|
@ -49,6 +50,62 @@ const unsigned char root_pub_der[] = {
|
|||
0xc9, 0x02, 0x03, 0x01, 0x00, 0x01
|
||||
};
|
||||
const unsigned int root_pub_der_len = 270;
|
||||
#elif MCUBOOT_SIGN_RSA_LEN == 3072
|
||||
#define HAVE_KEYS
|
||||
const unsigned char root_pub_der[] = {
|
||||
0x30, 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81,
|
||||
0x00, 0xb4, 0x2c, 0x0e, 0x98, 0x58, 0x10, 0xa4,
|
||||
0xa7, 0x58, 0x99, 0x7c, 0x01, 0xdd, 0x08, 0x2a,
|
||||
0x28, 0x34, 0x33, 0xf8, 0x96, 0x1a, 0x34, 0x20,
|
||||
0x5d, 0x45, 0xc8, 0x71, 0x26, 0x25, 0xe5, 0xd2,
|
||||
0x96, 0xea, 0x7b, 0xb1, 0x15, 0xaa, 0xa6, 0x8a,
|
||||
0x63, 0x22, 0x8b, 0x2d, 0x4e, 0x81, 0x73, 0xbf,
|
||||
0x6e, 0x15, 0x68, 0x8c, 0x1a, 0xf4, 0xef, 0x2a,
|
||||
0x8f, 0x8c, 0x22, 0x9e, 0x71, 0x57, 0x4b, 0xde,
|
||||
0x0f, 0x7e, 0x72, 0xd3, 0x7a, 0xb8, 0xa7, 0x1d,
|
||||
0x44, 0xad, 0x87, 0x00, 0x83, 0x5c, 0xfd, 0x73,
|
||||
0x05, 0x72, 0x46, 0x3f, 0x8b, 0xf9, 0x10, 0x00,
|
||||
0xd8, 0x6e, 0xcc, 0x85, 0xed, 0xf9, 0x49, 0xdb,
|
||||
0x78, 0x36, 0x80, 0x49, 0x38, 0x76, 0xdd, 0x5f,
|
||||
0x54, 0x04, 0xda, 0x8c, 0x34, 0xa7, 0x2b, 0x13,
|
||||
0x25, 0x6f, 0xd1, 0x15, 0x4f, 0xad, 0xc2, 0xe1,
|
||||
0xa5, 0xd2, 0x4e, 0x57, 0x0c, 0x7e, 0x9c, 0x9b,
|
||||
0xba, 0x4e, 0x68, 0xb2, 0xe0, 0x25, 0x02, 0xaa,
|
||||
0x00, 0xd3, 0xb4, 0xcc, 0x2f, 0x78, 0xe5, 0xbe,
|
||||
0x47, 0x67, 0x1f, 0xc8, 0x6e, 0x22, 0x6c, 0x5e,
|
||||
0x61, 0xb6, 0x9a, 0xcd, 0xe5, 0xa8, 0xba, 0x7a,
|
||||
0x80, 0x13, 0x1b, 0x17, 0x2e, 0x96, 0xed, 0xcf,
|
||||
0xb3, 0x9b, 0xe4, 0x1c, 0xe8, 0xad, 0xa7, 0xf6,
|
||||
0x3a, 0x51, 0x66, 0x5e, 0x99, 0x8e, 0x87, 0xee,
|
||||
0x60, 0x25, 0xf8, 0x8d, 0xbe, 0xce, 0xa4, 0xa8,
|
||||
0xca, 0x93, 0x6c, 0xd7, 0xbf, 0xd4, 0x73, 0x33,
|
||||
0x8d, 0x44, 0x85, 0xcc, 0x73, 0x30, 0x08, 0x9c,
|
||||
0x4d, 0xb2, 0xaa, 0x5a, 0x6c, 0x6f, 0x7b, 0xab,
|
||||
0xb7, 0xb3, 0x7c, 0xc3, 0xfb, 0xe7, 0xca, 0xc4,
|
||||
0xf8, 0x9a, 0x6f, 0xcb, 0xbb, 0x5b, 0x82, 0xe7,
|
||||
0x7a, 0xe8, 0x19, 0xfd, 0x2f, 0x11, 0x22, 0xfb,
|
||||
0x7f, 0x76, 0x8c, 0x6b, 0x94, 0xa4, 0x09, 0x4f,
|
||||
0xa5, 0x6a, 0x77, 0x51, 0xeb, 0xa7, 0x7e, 0xda,
|
||||
0x87, 0x06, 0xee, 0xdc, 0xbe, 0xd1, 0xea, 0x1a,
|
||||
0x40, 0x1d, 0x1b, 0xff, 0x1a, 0xb1, 0x51, 0x7c,
|
||||
0x12, 0xb0, 0xf3, 0xf6, 0x83, 0x01, 0x9c, 0xe7,
|
||||
0x0c, 0x99, 0xbf, 0xac, 0x68, 0x58, 0x72, 0xa4,
|
||||
0xb0, 0x59, 0x85, 0xee, 0x85, 0xac, 0x2a, 0x22,
|
||||
0xf4, 0xcf, 0x15, 0x08, 0x80, 0x1f, 0x0d, 0xd0,
|
||||
0x1e, 0xa0, 0xa0, 0x94, 0xc8, 0xf7, 0xfa, 0x65,
|
||||
0xdd, 0x52, 0xe8, 0x96, 0x37, 0x23, 0x30, 0x57,
|
||||
0x36, 0xe6, 0x9d, 0xf4, 0x0c, 0x4a, 0x05, 0x75,
|
||||
0x1f, 0xad, 0x01, 0xca, 0xb7, 0x6d, 0x8c, 0x43,
|
||||
0x74, 0x06, 0x0a, 0x81, 0xf3, 0x01, 0x62, 0xff,
|
||||
0xf7, 0xf5, 0x5f, 0xaf, 0xe7, 0x2b, 0x0e, 0xf8,
|
||||
0x81, 0xb5, 0x65, 0xdd, 0x01, 0xd9, 0x9f, 0x07,
|
||||
0x17, 0x8a, 0x18, 0xcf, 0x23, 0x6e, 0x88, 0x65,
|
||||
0x91, 0xb5, 0x7b, 0xd3, 0xb0, 0x2d, 0xaf, 0x93,
|
||||
0x66, 0x63, 0x74, 0xac, 0x5a, 0xe6, 0x73, 0xde,
|
||||
0x3b, 0x02, 0x03, 0x01, 0x00, 0x01,
|
||||
};
|
||||
const unsigned int root_pub_der_len = 398;
|
||||
#endif
|
||||
#elif defined(MCUBOOT_SIGN_EC256)
|
||||
#define HAVE_KEYS
|
||||
const unsigned char root_pub_der[] = {
|
||||
|
|
|
@ -12,6 +12,7 @@ pub enum Caps {
|
|||
EncRsa = (1 << 5),
|
||||
EncKw = (1 << 6),
|
||||
ValidatePrimarySlot = (1 << 7),
|
||||
RSA3072 = (1 << 8),
|
||||
}
|
||||
|
||||
impl Caps {
|
||||
|
|
|
@ -1141,6 +1141,8 @@ fn make_tlv() -> TlvGen {
|
|||
// The non-encrypted configuration.
|
||||
if Caps::RSA2048.present() {
|
||||
TlvGen::new_rsa_pss()
|
||||
} else if Caps::RSA3072.present() {
|
||||
TlvGen::new_rsa3072_pss()
|
||||
} else if Caps::EcdsaP256.present() {
|
||||
TlvGen::new_ecdsa()
|
||||
} else {
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
/* Autogenerated by imgtool.py, do not edit. */
|
||||
static RSA3072_PUB_KEY: &'static [u8] = &[
|
||||
0x30, 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81,
|
||||
0x00, 0xb4, 0x2c, 0x0e, 0x98, 0x58, 0x10, 0xa4,
|
||||
0xa7, 0x58, 0x99, 0x7c, 0x01, 0xdd, 0x08, 0x2a,
|
||||
0x28, 0x34, 0x33, 0xf8, 0x96, 0x1a, 0x34, 0x20,
|
||||
0x5d, 0x45, 0xc8, 0x71, 0x26, 0x25, 0xe5, 0xd2,
|
||||
0x96, 0xea, 0x7b, 0xb1, 0x15, 0xaa, 0xa6, 0x8a,
|
||||
0x63, 0x22, 0x8b, 0x2d, 0x4e, 0x81, 0x73, 0xbf,
|
||||
0x6e, 0x15, 0x68, 0x8c, 0x1a, 0xf4, 0xef, 0x2a,
|
||||
0x8f, 0x8c, 0x22, 0x9e, 0x71, 0x57, 0x4b, 0xde,
|
||||
0x0f, 0x7e, 0x72, 0xd3, 0x7a, 0xb8, 0xa7, 0x1d,
|
||||
0x44, 0xad, 0x87, 0x00, 0x83, 0x5c, 0xfd, 0x73,
|
||||
0x05, 0x72, 0x46, 0x3f, 0x8b, 0xf9, 0x10, 0x00,
|
||||
0xd8, 0x6e, 0xcc, 0x85, 0xed, 0xf9, 0x49, 0xdb,
|
||||
0x78, 0x36, 0x80, 0x49, 0x38, 0x76, 0xdd, 0x5f,
|
||||
0x54, 0x04, 0xda, 0x8c, 0x34, 0xa7, 0x2b, 0x13,
|
||||
0x25, 0x6f, 0xd1, 0x15, 0x4f, 0xad, 0xc2, 0xe1,
|
||||
0xa5, 0xd2, 0x4e, 0x57, 0x0c, 0x7e, 0x9c, 0x9b,
|
||||
0xba, 0x4e, 0x68, 0xb2, 0xe0, 0x25, 0x02, 0xaa,
|
||||
0x00, 0xd3, 0xb4, 0xcc, 0x2f, 0x78, 0xe5, 0xbe,
|
||||
0x47, 0x67, 0x1f, 0xc8, 0x6e, 0x22, 0x6c, 0x5e,
|
||||
0x61, 0xb6, 0x9a, 0xcd, 0xe5, 0xa8, 0xba, 0x7a,
|
||||
0x80, 0x13, 0x1b, 0x17, 0x2e, 0x96, 0xed, 0xcf,
|
||||
0xb3, 0x9b, 0xe4, 0x1c, 0xe8, 0xad, 0xa7, 0xf6,
|
||||
0x3a, 0x51, 0x66, 0x5e, 0x99, 0x8e, 0x87, 0xee,
|
||||
0x60, 0x25, 0xf8, 0x8d, 0xbe, 0xce, 0xa4, 0xa8,
|
||||
0xca, 0x93, 0x6c, 0xd7, 0xbf, 0xd4, 0x73, 0x33,
|
||||
0x8d, 0x44, 0x85, 0xcc, 0x73, 0x30, 0x08, 0x9c,
|
||||
0x4d, 0xb2, 0xaa, 0x5a, 0x6c, 0x6f, 0x7b, 0xab,
|
||||
0xb7, 0xb3, 0x7c, 0xc3, 0xfb, 0xe7, 0xca, 0xc4,
|
||||
0xf8, 0x9a, 0x6f, 0xcb, 0xbb, 0x5b, 0x82, 0xe7,
|
||||
0x7a, 0xe8, 0x19, 0xfd, 0x2f, 0x11, 0x22, 0xfb,
|
||||
0x7f, 0x76, 0x8c, 0x6b, 0x94, 0xa4, 0x09, 0x4f,
|
||||
0xa5, 0x6a, 0x77, 0x51, 0xeb, 0xa7, 0x7e, 0xda,
|
||||
0x87, 0x06, 0xee, 0xdc, 0xbe, 0xd1, 0xea, 0x1a,
|
||||
0x40, 0x1d, 0x1b, 0xff, 0x1a, 0xb1, 0x51, 0x7c,
|
||||
0x12, 0xb0, 0xf3, 0xf6, 0x83, 0x01, 0x9c, 0xe7,
|
||||
0x0c, 0x99, 0xbf, 0xac, 0x68, 0x58, 0x72, 0xa4,
|
||||
0xb0, 0x59, 0x85, 0xee, 0x85, 0xac, 0x2a, 0x22,
|
||||
0xf4, 0xcf, 0x15, 0x08, 0x80, 0x1f, 0x0d, 0xd0,
|
||||
0x1e, 0xa0, 0xa0, 0x94, 0xc8, 0xf7, 0xfa, 0x65,
|
||||
0xdd, 0x52, 0xe8, 0x96, 0x37, 0x23, 0x30, 0x57,
|
||||
0x36, 0xe6, 0x9d, 0xf4, 0x0c, 0x4a, 0x05, 0x75,
|
||||
0x1f, 0xad, 0x01, 0xca, 0xb7, 0x6d, 0x8c, 0x43,
|
||||
0x74, 0x06, 0x0a, 0x81, 0xf3, 0x01, 0x62, 0xff,
|
||||
0xf7, 0xf5, 0x5f, 0xaf, 0xe7, 0x2b, 0x0e, 0xf8,
|
||||
0x81, 0xb5, 0x65, 0xdd, 0x01, 0xd9, 0x9f, 0x07,
|
||||
0x17, 0x8a, 0x18, 0xcf, 0x23, 0x6e, 0x88, 0x65,
|
||||
0x91, 0xb5, 0x7b, 0xd3, 0xb0, 0x2d, 0xaf, 0x93,
|
||||
0x66, 0x63, 0x74, 0xac, 0x5a, 0xe6, 0x73, 0xde,
|
||||
0x3b, 0x02, 0x03, 0x01, 0x00, 0x01,
|
||||
];
|
|
@ -29,6 +29,7 @@ pub enum TlvKinds {
|
|||
RSA2048 = 0x20,
|
||||
ECDSA224 = 0x21,
|
||||
ECDSA256 = 0x22,
|
||||
RSA3072 = 0x23,
|
||||
ENCRSA2048 = 0x30,
|
||||
ENCKW128 = 0x31,
|
||||
}
|
||||
|
@ -89,6 +90,16 @@ impl TlvGen {
|
|||
}
|
||||
}
|
||||
|
||||
#[allow(dead_code)]
|
||||
pub fn new_rsa3072_pss() -> TlvGen {
|
||||
TlvGen {
|
||||
flags: 0,
|
||||
kinds: vec![TlvKinds::SHA256, TlvKinds::RSA3072],
|
||||
size: 4 + 32 + 4 + 32 + 4 + 384,
|
||||
payload: vec![],
|
||||
}
|
||||
}
|
||||
|
||||
#[allow(dead_code)]
|
||||
pub fn new_ecdsa() -> TlvGen {
|
||||
TlvGen {
|
||||
|
@ -192,9 +203,17 @@ impl ManifestGen for TlvGen {
|
|||
result.extend_from_slice(hash);
|
||||
}
|
||||
|
||||
if self.kinds.contains(&TlvKinds::RSA2048) {
|
||||
if self.kinds.contains(&TlvKinds::RSA2048) ||
|
||||
self.kinds.contains(&TlvKinds::RSA3072) {
|
||||
|
||||
let is_rsa2048 = self.kinds.contains(&TlvKinds::RSA2048);
|
||||
|
||||
// Output the hash of the public key.
|
||||
let hash = digest::digest(&digest::SHA256, RSA_PUB_KEY);
|
||||
let hash = if is_rsa2048 {
|
||||
digest::digest(&digest::SHA256, RSA_PUB_KEY)
|
||||
} else {
|
||||
digest::digest(&digest::SHA256, RSA3072_PUB_KEY)
|
||||
};
|
||||
let hash = hash.as_ref();
|
||||
|
||||
assert!(hash.len() == 32);
|
||||
|
@ -205,16 +224,28 @@ impl ManifestGen for TlvGen {
|
|||
result.extend_from_slice(hash);
|
||||
|
||||
// For now assume PSS.
|
||||
let key_bytes = pem::parse(include_bytes!("../../root-rsa-2048.pem").as_ref()).unwrap();
|
||||
let key_bytes = if is_rsa2048 {
|
||||
pem::parse(include_bytes!("../../root-rsa-2048.pem").as_ref()).unwrap()
|
||||
} else {
|
||||
pem::parse(include_bytes!("../../root-rsa-3072.pem").as_ref()).unwrap()
|
||||
};
|
||||
assert_eq!(key_bytes.tag, "RSA PRIVATE KEY");
|
||||
let key_bytes = untrusted::Input::from(&key_bytes.contents);
|
||||
let key_pair = RsaKeyPair::from_der(key_bytes).unwrap();
|
||||
let rng = rand::SystemRandom::new();
|
||||
let mut signature = vec![0; key_pair.public_modulus_len()];
|
||||
if is_rsa2048 {
|
||||
assert_eq!(signature.len(), 256);
|
||||
} else {
|
||||
assert_eq!(signature.len(), 384);
|
||||
}
|
||||
key_pair.sign(&RSA_PSS_SHA256, &rng, &self.payload, &mut signature).unwrap();
|
||||
|
||||
if is_rsa2048 {
|
||||
result.push(TlvKinds::RSA2048 as u8);
|
||||
} else {
|
||||
result.push(TlvKinds::RSA3072 as u8);
|
||||
}
|
||||
result.push(0);
|
||||
result.push((signature.len() & 0xFF) as u8);
|
||||
result.push(((signature.len() >> 8) & 0xFF) as u8);
|
||||
|
@ -297,4 +328,5 @@ impl ManifestGen for TlvGen {
|
|||
}
|
||||
|
||||
include!("rsa_pub_key-rs.txt");
|
||||
include!("rsa3072_pub_key-rs.txt");
|
||||
include!("ecdsa_pub_key-rs.txt");
|
||||
|
|
Loading…
Reference in New Issue