Skip to content

Commit 9cb98bf

Browse files
bigbrettbigbrett
committed
rename aggregate RSA PSS macro, add Renesas protection
1 parent 2482d67 commit 9cb98bf

File tree

2 files changed

+10
-7
lines changed

2 files changed

+10
-7
lines changed

include/loader.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ extern "C" {
4848
defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS2048) || \
4949
defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS3072) || \
5050
defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS4096)
51-
#define WOLFBOOT_RSA_PSS
51+
#define WOLFBOOT_SIGN_RSAPSS_ANY
5252
#endif
5353

5454
#if defined(WOLFBOOT_SIGN_RSA2048) || defined(WOLFBOOT_SIGN_SECONDARY_RSA2048) || \

src/image.c

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -442,7 +442,7 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot,
442442
(void)inOutIdx;
443443
(void)is_pss;
444444

445-
#ifdef WOLFBOOT_RSA_PSS
445+
#ifdef WOLFBOOT_SIGN_RSAPSS_ANY
446446
enum wc_HashType hash_type;
447447
int mgf;
448448
#if defined(WOLFBOOT_HASH_SHA256)
@@ -454,7 +454,7 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot,
454454
#else
455455
#error "RSA-PSS requires SHA-256 or SHA-384"
456456
#endif
457-
#endif /* WOLFBOOT_RSA_PSS */
457+
#endif /* WOLFBOOT_SIGN_RSAPSS_ANY */
458458

459459
#if (!defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
460460
!defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)) || \
@@ -471,7 +471,10 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot,
471471
#if defined(WOLFBOOT_RENESAS_SCEPROTECT) || \
472472
defined(WOLFBOOT_RENESAS_TSIP) || \
473473
defined(WOLFBOOT_RENESAS_RSIP)
474-
/* Renesas crypto callback — RSA PKCS#1 v1.5 only */
474+
/* Renesas crypto callback supports RSA PKCS#1 v1.5 only */
475+
#ifdef WOLFBOOT_SIGN_RSAPSS_ANY
476+
#error "RSA-PSS is not yet supported with Renesas crypto callbacks"
477+
#endif
475478
ret = wc_InitRsaKey_ex(&rsa, NULL, RENESAS_DEVID);
476479
if (ret == 0) {
477480
XMEMCPY(output, sig, RSA_IMAGE_SIGNATURE_SIZE);
@@ -535,7 +538,7 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot,
535538
}
536539
#endif /* !WOLFBOOT_USE_WOLFHSM_PUBKEY_ID */
537540
XMEMCPY(output, sig, RSA_IMAGE_SIGNATURE_SIZE);
538-
#ifdef WOLFBOOT_RSA_PSS
541+
#ifdef WOLFBOOT_SIGN_RSAPSS_ANY
539542
if (is_pss) {
540543
RSA_VERIFY_FN(ret, wc_RsaPSS_VerifyInline, output,
541544
RSA_IMAGE_SIGNATURE_SIZE, &digest_out, hash_type, mgf,
@@ -570,7 +573,7 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot,
570573
ret = wc_RsaPublicKeyDecode((byte*)pubkey, &inOutIdx, &rsa, pubkey_sz);
571574
if (ret >= 0) {
572575
XMEMCPY(output, sig, RSA_IMAGE_SIGNATURE_SIZE);
573-
#ifdef WOLFBOOT_RSA_PSS
576+
#ifdef WOLFBOOT_SIGN_RSAPSS_ANY
574577
if (is_pss) {
575578
RSA_VERIFY_FN(ret,
576579
wc_RsaPSS_VerifyInline, output, RSA_IMAGE_SIGNATURE_SIZE,
@@ -587,7 +590,7 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot,
587590
#endif /* SCE || TSIP */
588591
wc_FreeRsaKey(&rsa);
589592

590-
#ifdef WOLFBOOT_RSA_PSS
593+
#ifdef WOLFBOOT_SIGN_RSAPSS_ANY
591594
if (is_pss) {
592595
if (ret >= WOLFBOOT_SHA_DIGEST_SIZE && img && digest_out) {
593596
RSA_PSS_VERIFY_HASH(img, digest_out, ret, hash_type);

0 commit comments

Comments
 (0)