commit 3929743408eaab6b308cbb7c09d634249a6f3a52
author Fabio Utzig <utzig@apache.org> Wed May 08 18:51:10 2019 -0300
committer Fabio Utzig <utzig@utzig.org> Thu May 16 14:01:19 2019 -0300
tree 616e011f7af5ceeeaa97619b2c3f4c254e5eb654
parent 19fd79a496248c40f95d3359e1e60931df5e734f

Add simulator support for RSA-3072 sigs

Signed-off-by: Fabio Utzig <utzig@apache.org>

sim/src/tlv.rs

diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs
index aa0d7f0..9896df6 100644
--- a/sim/src/tlv.rs
+++ b/sim/src/tlv.rs
@@ -29,6 +29,7 @@
     RSA2048 = 0x20,
     ECDSA224 = 0x21,
     ECDSA256 = 0x22,
+    RSA3072 = 0x23,
     ENCRSA2048 = 0x30,
     ENCKW128 = 0x31,
 }
@@ -90,6 +91,16 @@
     }
 
     #[allow(dead_code)]
+    pub fn new_rsa3072_pss() -> TlvGen {
+        TlvGen {
+            flags: 0,
+            kinds: vec![TlvKinds::SHA256, TlvKinds::RSA3072],
+            size: 4 + 32 + 4 + 32 + 4 + 384,
+            payload: vec![],
+        }
+    }
+
+    #[allow(dead_code)]
     pub fn new_ecdsa() -> TlvGen {
         TlvGen {
             flags: 0,
@@ -192,9 +203,17 @@
             result.extend_from_slice(hash);
         }
 
-        if self.kinds.contains(&TlvKinds::RSA2048) {
+        if self.kinds.contains(&TlvKinds::RSA2048) ||
+            self.kinds.contains(&TlvKinds::RSA3072) {
+
+            let is_rsa2048 = self.kinds.contains(&TlvKinds::RSA2048);
+
             // Output the hash of the public key.
-            let hash = digest::digest(&digest::SHA256, RSA_PUB_KEY);
+            let hash = if is_rsa2048 {
+                digest::digest(&digest::SHA256, RSA_PUB_KEY)
+            } else {
+                digest::digest(&digest::SHA256, RSA3072_PUB_KEY)
+            };
             let hash = hash.as_ref();
 
             assert!(hash.len() == 32);
@@ -205,16 +224,28 @@
             result.extend_from_slice(hash);
 
             // For now assume PSS.
-            let key_bytes = pem::parse(include_bytes!("../../root-rsa-2048.pem").as_ref()).unwrap();
+            let key_bytes = if is_rsa2048 {
+                pem::parse(include_bytes!("../../root-rsa-2048.pem").as_ref()).unwrap()
+            } else {
+                pem::parse(include_bytes!("../../root-rsa-3072.pem").as_ref()).unwrap()
+            };
             assert_eq!(key_bytes.tag, "RSA PRIVATE KEY");
             let key_bytes = untrusted::Input::from(&key_bytes.contents);
             let key_pair = RsaKeyPair::from_der(key_bytes).unwrap();
             let rng = rand::SystemRandom::new();
             let mut signature = vec![0; key_pair.public_modulus_len()];
-            assert_eq!(signature.len(), 256);
+            if is_rsa2048 {
+                assert_eq!(signature.len(), 256);
+            } else {
+                assert_eq!(signature.len(), 384);
+            }
             key_pair.sign(&RSA_PSS_SHA256, &rng, &self.payload, &mut signature).unwrap();
 
-            result.push(TlvKinds::RSA2048 as u8);
+            if is_rsa2048 {
+                result.push(TlvKinds::RSA2048 as u8);
+            } else {
+                result.push(TlvKinds::RSA3072 as u8);
+            }
             result.push(0);
             result.push((signature.len() & 0xFF) as u8);
             result.push(((signature.len() >> 8) & 0xFF) as u8);
@@ -297,4 +328,5 @@
 }
 
 include!("rsa_pub_key-rs.txt");
+include!("rsa3072_pub_key-rs.txt");
 include!("ecdsa_pub_key-rs.txt");