Add simulator support for RSA-3072 sigs

Signed-off-by: Fabio Utzig <utzig@apache.org>
This commit is contained in:
Fabio Utzig 2019-05-08 18:51:10 -03:00 committed by Fabio Utzig
parent 19fd79a496
commit 3929743408
11 changed files with 217 additions and 12 deletions

View File

@ -40,6 +40,7 @@ uint32_t bootutil_get_caps(void);
#define BOOTUTIL_CAP_ENC_RSA (1<<5)
#define BOOTUTIL_CAP_ENC_KW (1<<6)
#define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT (1<<7)
#define BOOTUTIL_CAP_RSA3072 (1<<8)
/*
* Query the number of images this bootloader is configured for. This

View File

@ -22,8 +22,13 @@ uint32_t bootutil_get_caps(void)
uint32_t res = 0;
#if defined(MCUBOOT_SIGN_RSA)
#if MCUBOOT_SIGN_RSA_LEN == 2048
res |= BOOTUTIL_CAP_RSA2048;
#endif
#if MCUBOOT_SIGN_RSA_LEN == 3072
res |= BOOTUTIL_CAP_RSA3072;
#endif
#endif
#if defined(MCUBOOT_SIGN_EC)
res |= BOOTUTIL_CAP_ECDSA_P224;
#endif

39
root-rsa-3072.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAtCwOmFgQpKdYmXwB3QgqKDQz+JYaNCBdRchxJiXl0pbqe7EV
qqaKYyKLLU6Bc79uFWiMGvTvKo+MIp5xV0veD35y03q4px1ErYcAg1z9cwVyRj+L
+RAA2G7Mhe35Sdt4NoBJOHbdX1QE2ow0pysTJW/RFU+twuGl0k5XDH6cm7pOaLLg
JQKqANO0zC945b5HZx/IbiJsXmG2ms3lqLp6gBMbFy6W7c+zm+Qc6K2n9jpRZl6Z
jofuYCX4jb7OpKjKk2zXv9RzM41EhcxzMAicTbKqWmxve6u3s3zD++fKxPiab8u7
W4LneugZ/S8RIvt/doxrlKQJT6Vqd1Hrp37ahwbu3L7R6hpAHRv/GrFRfBKw8/aD
AZznDJm/rGhYcqSwWYXuhawqIvTPFQiAHw3QHqCglMj3+mXdUuiWNyMwVzbmnfQM
SgV1H60ByrdtjEN0BgqB8wFi//f1X6/nKw74gbVl3QHZnwcXihjPI26IZZG1e9Ow
La+TZmN0rFrmc947AgMBAAECggGBAJjDTjCvYpUo6r9gXHgbZxslf/dC1b7ivhLf
68gLk/xlRzVPJW7GvElnzZfBm5MXeXAfb8Ofb3WntorXyoPY6NQ8Q4G56PyQnV2A
PNgkrSSsNoMHeFfZ0M2xzCm2Z4rO0fNr/Ckq53HfXCotfKtMo3Q3hZDLOSomhqF1
GOuYIpMLeVXebJwU0S3YUtBZY+lv1zzBvwBaoYW41coVz6arThhvmqWiNAg49jG0
TSqfquzj74abqRkned798uvEH5OPJJ6r/7HrjbSan2HfhiQgWebR6NV5xtmAy//2
iuNqrm9e1Qrinjo1teHP63hzGQbk9HzXdIzMmw83vHOppFmteOCSxJIxJ2h4RlsV
ln/7O5N4jAhdpqu/5AWBlWHefEsWvxfGUwmBdtxF0M4p+Z5qGIIX/WGHx+Eg9qsP
1NhnMhQ8DJjCPNzej7dmsiHcICsI/SJ84Xby5KlG8OJbsYSpzyd4/PD789VXSTK/
BwIN3IZsWhNw1G7AOfzch86fXNpCoQKBwQDlvyQII6M8etnZMYGFNKDxpcRahrF4
znENW3IDsm41044oy+qv8fR7NFI+88xcbm/zzQ+oz4FGAcTNfUa1JAII/h1oJx7Q
eAFytlGq41cxnGfVGSemmpEOgZqzWVneFnZ8s/81sq35/OzpQ+pKgTN8SYgjySQb
f5pJECHV3oaX6g/DZcEU6JngYWyG4gAovBph/EXaPn3saHUo7u75yD6HnLxcxa4C
//Zs9NOHmRDxW1AFq6c9qqHjAwiwoWz/1PECgcEAyMKx1WjcdW7AU4TmMoWY7dwc
ginhBzEne7z5hgnabsnFaudRpAix/IBT0G0/lDEBXja+j8V56Jy7xCVLmJi044nj
fzCn0bbtOHOE3BztGP7eWRODN+2u/V9xk6v7y4R7NOLzE7+1/SupaYWW5uQo9Z1v
CamU7MuIXq6b9BS3HD8vS9IpeDQIJKQ9G0NIRN9naLwyfLk0EXBDqE0VlXWusDi8
B9W5ZQ0l9dY2XLCx8Gx7Foc8UA85EvivtfpC3bXrAoHACywfYXHyNze2LlS0+rhT
d0zbXpecO8a2QrMGuV1M9Lsj96Hq+MFoZTFnKn6KmpgYQ5/eOhRVMgVV/7Qu4xIs
MynAXldArVyYnW52TDwf+l6jwf4mKnjrwuvUjRI0R5OKEYhjScY1pamCD9noo9Ti
nxGoWC0o31l2NEVfj9nxa6PLPnJNUGn7SakTMP/+h/yVv9wXvYQ6dWui/umXn3f4
annZwx0t2CGAZ04El1x/MW2CV7RAPsR0eOil3IkNFufRAoHAVDtj879oaBkMtr4W
+3GURZBJoc9CbAsSntcd9kAiFsOvgfgGCAXh76hEAjokJ+Aby9S6RYY8bP19xoFD
Y4YGt0U+Xzoh31qZ00qcnuHAFPGyhrsqHggqmII4HBZXsf8m1ny2Mj4IdG2iSfTT
6JIoIU1prispoeSPlfI62sDqRv63sF9AKP/jvsPuI4cqRkNZltcHc88c6ogoyu90
s93JaoSTV9IzVBOdLrUu39r+/Xn2dvBMvOZ2MuCGkJqs/Wr7AoHBAL1k1bH0+xs3
sMQjxXyo5CYe5fmi1y8Gnt05kivgvGaGPLIb2lG8JRfIhasO04DrvxnW5EBiap6s
rtAF+MU55/EjXn97fs1TvDRwZ2/SJRCACHepFnXrPMz1dBBe8IG7s8Ai5WTDuVbb
7T4/8fwSrqAnIF7oQwHFwlpDnFGUJLZCJ/+H/jjcn2TgTnGIENTwlSIofhcWT+Ot
GtlLLU4J6+l07vVfueEofoJMfqWjDUpOr3FmnP+K2drZWFnzv/3Rgg==
-----END RSA PRIVATE KEY-----

View File

@ -8,6 +8,7 @@ edition = "2018"
default = []
sig-rsa = ["mcuboot-sys/sig-rsa"]
sig-rsa3072 = ["mcuboot-sys/sig-rsa3072"]
sig-ecdsa = ["mcuboot-sys/sig-ecdsa"]
overwrite-only = ["mcuboot-sys/overwrite-only"]
validate-primary-slot = ["mcuboot-sys/validate-primary-slot"]

View File

@ -15,6 +15,9 @@ default = []
# compile with both sig-rsa and sig-ecdsa enabled.
sig-rsa = []
# Verify RSA-3072 signatures.
sig-rsa3072 = []
# Verify ECDSA (secp256r1) signatures.
sig-ecdsa = []

View File

@ -10,6 +10,7 @@ use std::path::Path;
fn main() {
// Feature flags.
let sig_rsa = env::var("CARGO_FEATURE_SIG_RSA").is_ok();
let sig_rsa3072 = env::var("CARGO_FEATURE_SIG_RSA3072").is_ok();
let sig_ecdsa = env::var("CARGO_FEATURE_SIG_ECDSA").is_ok();
let overwrite_only = env::var("CARGO_FEATURE_OVERWRITE_ONLY").is_ok();
let validate_primary_slot =
@ -35,13 +36,23 @@ fn main() {
conf.define("MCUBOOT_VALIDATE_PRIMARY_SLOT", None);
}
// Currently, mbed TLS cannot build with both RSA and ECDSA.
if sig_rsa && sig_ecdsa {
panic!("mcuboot does not support RSA and ECDSA at the same time");
// Currently no more than one sig type can be used simultaneously.
if vec![sig_rsa, sig_rsa3072, sig_ecdsa].iter()
.fold(0, |sum, &v| sum + v as i32) > 1 {
panic!("mcuboot does not support more than one sig type at the same time");
}
if sig_rsa {
if sig_rsa || sig_rsa3072 {
conf.define("MCUBOOT_SIGN_RSA", None);
// The Kconfig style defines must be added here as well because
// they are used internally by "config-rsa.h"
if sig_rsa {
conf.define("MCUBOOT_SIGN_RSA_LEN", "2048");
conf.define("CONFIG_BOOT_SIGNATURE_TYPE_RSA_2048", None);
} else {
conf.define("MCUBOOT_SIGN_RSA_LEN", "3072");
conf.define("CONFIG_BOOT_SIGNATURE_TYPE_RSA_3072", None);
}
conf.define("MCUBOOT_USE_MBED_TLS", None);
conf.include("mbedtls/include");
@ -114,7 +125,7 @@ fn main() {
conf.file("../../boot/bootutil/src/encrypted.c");
conf.file("csupport/keys.c");
if sig_rsa {
if sig_rsa || sig_rsa3072 {
conf.file("mbedtls/library/sha256.c");
}
@ -141,7 +152,7 @@ fn main() {
if sig_rsa && enc_kw {
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa-kw.h>"));
} else if sig_rsa || enc_rsa {
} else if sig_rsa || sig_rsa3072 || enc_rsa {
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa.h>"));
} else if sig_ecdsa && !enc_kw {
conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
@ -150,7 +161,7 @@ fn main() {
}
conf.file("../../boot/bootutil/src/image_validate.c");
if sig_rsa {
if sig_rsa || sig_rsa3072 {
conf.file("../../boot/bootutil/src/image_rsa.c");
} else if sig_ecdsa {
conf.file("../../boot/bootutil/src/image_ec256.c");

View File

@ -22,6 +22,7 @@
#include <mcuboot_config/mcuboot_config.h>
#if defined(MCUBOOT_SIGN_RSA)
#if MCUBOOT_SIGN_RSA_LEN == 2048
#define HAVE_KEYS
const unsigned char root_pub_der[] = {
0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd1, 0x06, 0x08,
@ -49,6 +50,62 @@ const unsigned char root_pub_der[] = {
0xc9, 0x02, 0x03, 0x01, 0x00, 0x01
};
const unsigned int root_pub_der_len = 270;
#elif MCUBOOT_SIGN_RSA_LEN == 3072
#define HAVE_KEYS
const unsigned char root_pub_der[] = {
0x30, 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81,
0x00, 0xb4, 0x2c, 0x0e, 0x98, 0x58, 0x10, 0xa4,
0xa7, 0x58, 0x99, 0x7c, 0x01, 0xdd, 0x08, 0x2a,
0x28, 0x34, 0x33, 0xf8, 0x96, 0x1a, 0x34, 0x20,
0x5d, 0x45, 0xc8, 0x71, 0x26, 0x25, 0xe5, 0xd2,
0x96, 0xea, 0x7b, 0xb1, 0x15, 0xaa, 0xa6, 0x8a,
0x63, 0x22, 0x8b, 0x2d, 0x4e, 0x81, 0x73, 0xbf,
0x6e, 0x15, 0x68, 0x8c, 0x1a, 0xf4, 0xef, 0x2a,
0x8f, 0x8c, 0x22, 0x9e, 0x71, 0x57, 0x4b, 0xde,
0x0f, 0x7e, 0x72, 0xd3, 0x7a, 0xb8, 0xa7, 0x1d,
0x44, 0xad, 0x87, 0x00, 0x83, 0x5c, 0xfd, 0x73,
0x05, 0x72, 0x46, 0x3f, 0x8b, 0xf9, 0x10, 0x00,
0xd8, 0x6e, 0xcc, 0x85, 0xed, 0xf9, 0x49, 0xdb,
0x78, 0x36, 0x80, 0x49, 0x38, 0x76, 0xdd, 0x5f,
0x54, 0x04, 0xda, 0x8c, 0x34, 0xa7, 0x2b, 0x13,
0x25, 0x6f, 0xd1, 0x15, 0x4f, 0xad, 0xc2, 0xe1,
0xa5, 0xd2, 0x4e, 0x57, 0x0c, 0x7e, 0x9c, 0x9b,
0xba, 0x4e, 0x68, 0xb2, 0xe0, 0x25, 0x02, 0xaa,
0x00, 0xd3, 0xb4, 0xcc, 0x2f, 0x78, 0xe5, 0xbe,
0x47, 0x67, 0x1f, 0xc8, 0x6e, 0x22, 0x6c, 0x5e,
0x61, 0xb6, 0x9a, 0xcd, 0xe5, 0xa8, 0xba, 0x7a,
0x80, 0x13, 0x1b, 0x17, 0x2e, 0x96, 0xed, 0xcf,
0xb3, 0x9b, 0xe4, 0x1c, 0xe8, 0xad, 0xa7, 0xf6,
0x3a, 0x51, 0x66, 0x5e, 0x99, 0x8e, 0x87, 0xee,
0x60, 0x25, 0xf8, 0x8d, 0xbe, 0xce, 0xa4, 0xa8,
0xca, 0x93, 0x6c, 0xd7, 0xbf, 0xd4, 0x73, 0x33,
0x8d, 0x44, 0x85, 0xcc, 0x73, 0x30, 0x08, 0x9c,
0x4d, 0xb2, 0xaa, 0x5a, 0x6c, 0x6f, 0x7b, 0xab,
0xb7, 0xb3, 0x7c, 0xc3, 0xfb, 0xe7, 0xca, 0xc4,
0xf8, 0x9a, 0x6f, 0xcb, 0xbb, 0x5b, 0x82, 0xe7,
0x7a, 0xe8, 0x19, 0xfd, 0x2f, 0x11, 0x22, 0xfb,
0x7f, 0x76, 0x8c, 0x6b, 0x94, 0xa4, 0x09, 0x4f,
0xa5, 0x6a, 0x77, 0x51, 0xeb, 0xa7, 0x7e, 0xda,
0x87, 0x06, 0xee, 0xdc, 0xbe, 0xd1, 0xea, 0x1a,
0x40, 0x1d, 0x1b, 0xff, 0x1a, 0xb1, 0x51, 0x7c,
0x12, 0xb0, 0xf3, 0xf6, 0x83, 0x01, 0x9c, 0xe7,
0x0c, 0x99, 0xbf, 0xac, 0x68, 0x58, 0x72, 0xa4,
0xb0, 0x59, 0x85, 0xee, 0x85, 0xac, 0x2a, 0x22,
0xf4, 0xcf, 0x15, 0x08, 0x80, 0x1f, 0x0d, 0xd0,
0x1e, 0xa0, 0xa0, 0x94, 0xc8, 0xf7, 0xfa, 0x65,
0xdd, 0x52, 0xe8, 0x96, 0x37, 0x23, 0x30, 0x57,
0x36, 0xe6, 0x9d, 0xf4, 0x0c, 0x4a, 0x05, 0x75,
0x1f, 0xad, 0x01, 0xca, 0xb7, 0x6d, 0x8c, 0x43,
0x74, 0x06, 0x0a, 0x81, 0xf3, 0x01, 0x62, 0xff,
0xf7, 0xf5, 0x5f, 0xaf, 0xe7, 0x2b, 0x0e, 0xf8,
0x81, 0xb5, 0x65, 0xdd, 0x01, 0xd9, 0x9f, 0x07,
0x17, 0x8a, 0x18, 0xcf, 0x23, 0x6e, 0x88, 0x65,
0x91, 0xb5, 0x7b, 0xd3, 0xb0, 0x2d, 0xaf, 0x93,
0x66, 0x63, 0x74, 0xac, 0x5a, 0xe6, 0x73, 0xde,
0x3b, 0x02, 0x03, 0x01, 0x00, 0x01,
};
const unsigned int root_pub_der_len = 398;
#endif
#elif defined(MCUBOOT_SIGN_EC256)
#define HAVE_KEYS
const unsigned char root_pub_der[] = {

View File

@ -12,6 +12,7 @@ pub enum Caps {
EncRsa = (1 << 5),
EncKw = (1 << 6),
ValidatePrimarySlot = (1 << 7),
RSA3072 = (1 << 8),
}
impl Caps {

View File

@ -1141,6 +1141,8 @@ fn make_tlv() -> TlvGen {
// The non-encrypted configuration.
if Caps::RSA2048.present() {
TlvGen::new_rsa_pss()
} else if Caps::RSA3072.present() {
TlvGen::new_rsa3072_pss()
} else if Caps::EcdsaP256.present() {
TlvGen::new_ecdsa()
} else {

View File

@ -0,0 +1,53 @@
/* Autogenerated by imgtool.py, do not edit. */
static RSA3072_PUB_KEY: &'static [u8] = &[
0x30, 0x82, 0x01, 0x8a, 0x02, 0x82, 0x01, 0x81,
0x00, 0xb4, 0x2c, 0x0e, 0x98, 0x58, 0x10, 0xa4,
0xa7, 0x58, 0x99, 0x7c, 0x01, 0xdd, 0x08, 0x2a,
0x28, 0x34, 0x33, 0xf8, 0x96, 0x1a, 0x34, 0x20,
0x5d, 0x45, 0xc8, 0x71, 0x26, 0x25, 0xe5, 0xd2,
0x96, 0xea, 0x7b, 0xb1, 0x15, 0xaa, 0xa6, 0x8a,
0x63, 0x22, 0x8b, 0x2d, 0x4e, 0x81, 0x73, 0xbf,
0x6e, 0x15, 0x68, 0x8c, 0x1a, 0xf4, 0xef, 0x2a,
0x8f, 0x8c, 0x22, 0x9e, 0x71, 0x57, 0x4b, 0xde,
0x0f, 0x7e, 0x72, 0xd3, 0x7a, 0xb8, 0xa7, 0x1d,
0x44, 0xad, 0x87, 0x00, 0x83, 0x5c, 0xfd, 0x73,
0x05, 0x72, 0x46, 0x3f, 0x8b, 0xf9, 0x10, 0x00,
0xd8, 0x6e, 0xcc, 0x85, 0xed, 0xf9, 0x49, 0xdb,
0x78, 0x36, 0x80, 0x49, 0x38, 0x76, 0xdd, 0x5f,
0x54, 0x04, 0xda, 0x8c, 0x34, 0xa7, 0x2b, 0x13,
0x25, 0x6f, 0xd1, 0x15, 0x4f, 0xad, 0xc2, 0xe1,
0xa5, 0xd2, 0x4e, 0x57, 0x0c, 0x7e, 0x9c, 0x9b,
0xba, 0x4e, 0x68, 0xb2, 0xe0, 0x25, 0x02, 0xaa,
0x00, 0xd3, 0xb4, 0xcc, 0x2f, 0x78, 0xe5, 0xbe,
0x47, 0x67, 0x1f, 0xc8, 0x6e, 0x22, 0x6c, 0x5e,
0x61, 0xb6, 0x9a, 0xcd, 0xe5, 0xa8, 0xba, 0x7a,
0x80, 0x13, 0x1b, 0x17, 0x2e, 0x96, 0xed, 0xcf,
0xb3, 0x9b, 0xe4, 0x1c, 0xe8, 0xad, 0xa7, 0xf6,
0x3a, 0x51, 0x66, 0x5e, 0x99, 0x8e, 0x87, 0xee,
0x60, 0x25, 0xf8, 0x8d, 0xbe, 0xce, 0xa4, 0xa8,
0xca, 0x93, 0x6c, 0xd7, 0xbf, 0xd4, 0x73, 0x33,
0x8d, 0x44, 0x85, 0xcc, 0x73, 0x30, 0x08, 0x9c,
0x4d, 0xb2, 0xaa, 0x5a, 0x6c, 0x6f, 0x7b, 0xab,
0xb7, 0xb3, 0x7c, 0xc3, 0xfb, 0xe7, 0xca, 0xc4,
0xf8, 0x9a, 0x6f, 0xcb, 0xbb, 0x5b, 0x82, 0xe7,
0x7a, 0xe8, 0x19, 0xfd, 0x2f, 0x11, 0x22, 0xfb,
0x7f, 0x76, 0x8c, 0x6b, 0x94, 0xa4, 0x09, 0x4f,
0xa5, 0x6a, 0x77, 0x51, 0xeb, 0xa7, 0x7e, 0xda,
0x87, 0x06, 0xee, 0xdc, 0xbe, 0xd1, 0xea, 0x1a,
0x40, 0x1d, 0x1b, 0xff, 0x1a, 0xb1, 0x51, 0x7c,
0x12, 0xb0, 0xf3, 0xf6, 0x83, 0x01, 0x9c, 0xe7,
0x0c, 0x99, 0xbf, 0xac, 0x68, 0x58, 0x72, 0xa4,
0xb0, 0x59, 0x85, 0xee, 0x85, 0xac, 0x2a, 0x22,
0xf4, 0xcf, 0x15, 0x08, 0x80, 0x1f, 0x0d, 0xd0,
0x1e, 0xa0, 0xa0, 0x94, 0xc8, 0xf7, 0xfa, 0x65,
0xdd, 0x52, 0xe8, 0x96, 0x37, 0x23, 0x30, 0x57,
0x36, 0xe6, 0x9d, 0xf4, 0x0c, 0x4a, 0x05, 0x75,
0x1f, 0xad, 0x01, 0xca, 0xb7, 0x6d, 0x8c, 0x43,
0x74, 0x06, 0x0a, 0x81, 0xf3, 0x01, 0x62, 0xff,
0xf7, 0xf5, 0x5f, 0xaf, 0xe7, 0x2b, 0x0e, 0xf8,
0x81, 0xb5, 0x65, 0xdd, 0x01, 0xd9, 0x9f, 0x07,
0x17, 0x8a, 0x18, 0xcf, 0x23, 0x6e, 0x88, 0x65,
0x91, 0xb5, 0x7b, 0xd3, 0xb0, 0x2d, 0xaf, 0x93,
0x66, 0x63, 0x74, 0xac, 0x5a, 0xe6, 0x73, 0xde,
0x3b, 0x02, 0x03, 0x01, 0x00, 0x01,
];

View File

@ -29,6 +29,7 @@ pub enum TlvKinds {
RSA2048 = 0x20,
ECDSA224 = 0x21,
ECDSA256 = 0x22,
RSA3072 = 0x23,
ENCRSA2048 = 0x30,
ENCKW128 = 0x31,
}
@ -89,6 +90,16 @@ impl TlvGen {
}
}
#[allow(dead_code)]
pub fn new_rsa3072_pss() -> TlvGen {
TlvGen {
flags: 0,
kinds: vec![TlvKinds::SHA256, TlvKinds::RSA3072],
size: 4 + 32 + 4 + 32 + 4 + 384,
payload: vec![],
}
}
#[allow(dead_code)]
pub fn new_ecdsa() -> TlvGen {
TlvGen {
@ -192,9 +203,17 @@ impl ManifestGen for TlvGen {
result.extend_from_slice(hash);
}
if self.kinds.contains(&TlvKinds::RSA2048) {
if self.kinds.contains(&TlvKinds::RSA2048) ||
self.kinds.contains(&TlvKinds::RSA3072) {
let is_rsa2048 = self.kinds.contains(&TlvKinds::RSA2048);
// Output the hash of the public key.
let hash = digest::digest(&digest::SHA256, RSA_PUB_KEY);
let hash = if is_rsa2048 {
digest::digest(&digest::SHA256, RSA_PUB_KEY)
} else {
digest::digest(&digest::SHA256, RSA3072_PUB_KEY)
};
let hash = hash.as_ref();
assert!(hash.len() == 32);
@ -205,16 +224,28 @@ impl ManifestGen for TlvGen {
result.extend_from_slice(hash);
// For now assume PSS.
let key_bytes = pem::parse(include_bytes!("../../root-rsa-2048.pem").as_ref()).unwrap();
let key_bytes = if is_rsa2048 {
pem::parse(include_bytes!("../../root-rsa-2048.pem").as_ref()).unwrap()
} else {
pem::parse(include_bytes!("../../root-rsa-3072.pem").as_ref()).unwrap()
};
assert_eq!(key_bytes.tag, "RSA PRIVATE KEY");
let key_bytes = untrusted::Input::from(&key_bytes.contents);
let key_pair = RsaKeyPair::from_der(key_bytes).unwrap();
let rng = rand::SystemRandom::new();
let mut signature = vec![0; key_pair.public_modulus_len()];
if is_rsa2048 {
assert_eq!(signature.len(), 256);
} else {
assert_eq!(signature.len(), 384);
}
key_pair.sign(&RSA_PSS_SHA256, &rng, &self.payload, &mut signature).unwrap();
if is_rsa2048 {
result.push(TlvKinds::RSA2048 as u8);
} else {
result.push(TlvKinds::RSA3072 as u8);
}
result.push(0);
result.push((signature.len() & 0xFF) as u8);
result.push(((signature.len() >> 8) & 0xFF) as u8);
@ -297,4 +328,5 @@ impl ManifestGen for TlvGen {
}
include!("rsa_pub_key-rs.txt");
include!("rsa3072_pub_key-rs.txt");
include!("ecdsa_pub_key-rs.txt");