imgtool.py: Support PKCS#1.5 v2.1 RSA-PSS Add support for the RSA-PSS signature algorithm to imgtool.py. This algorithm has a strong security proof, and is recommended for all new designs. The new algorithm is enabled by default for RSA signatures to match the default in the bootloader also being changed.

commit: 07916c3155d14159e3ed3be494173bbd6c9fc274 [log] [tgz]
author: David Brown <david.brown@linaro.org> Wed May 31 13:38:31 2017 -0600
committer: David Brown <david.brown@linaro.org> Wed Jun 07 09:19:21 2017 -0600
tree: f00f952e13ac2d5762bf34ec476353bbdc6272b2
parent: 23f91ad1526e46acfd31de3da1c415d92832eb62 [diff] [blame]
diff --git a/scripts/imgtool.py b/scripts/imgtool.py
index 4f5e56b..8a3e233 100755
--- a/scripts/imgtool.py
+++ b/scripts/imgtool.py

@@ -30,7 +30,8 @@
 
 def do_sign(args):
     align = args.align
-    # print('sign:', args)
+    if args.rsa_pkcs1_15:
+        keys.sign_rsa_pss = False
     img = image.Image.load(args.infile, version=args.version,
             header_size=args.header_size,
             pad=args.pad)
@@ -80,6 +81,8 @@
     sign.add_argument("-H", "--header-size", type=intparse, required=True)
     sign.add_argument("--pad", type=intparse,
             help='Pad image to this many bytes, adding trailer magic')
+    sign.add_argument("--rsa-pkcs1-15", help='Use old PKCS#1 v1.5 signature algorithm',
+            default=False, action='store_true')
     sign.add_argument("infile")
     sign.add_argument("outfile")
commit	07916c3155d14159e3ed3be494173bbd6c9fc274	[log] [tgz]
author	David Brown <david.brown@linaro.org>	Wed May 31 13:38:31 2017 -0600
committer	David Brown <david.brown@linaro.org>	Wed Jun 07 09:19:21 2017 -0600
tree	f00f952e13ac2d5762bf34ec476353bbdc6272b2
parent	23f91ad1526e46acfd31de3da1c415d92832eb62 [diff] [blame]