Remove RSA PKCS#1 v1.5 support from cert

Fork: 0

LuminaSensum / arm-trusted-firmware

Browse code Remove RSA PKCS#1 v1.5 support from cert_tool Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed in SHA fe199e3, however, cert_tool is still able to generate certificates in that form. This patch fully removes the ability for cert_tool to generate these certificates. Additionally, this patch also fixes a bug where the issuing certificate was a RSA and the issued certificate was EcDSA. In this case, the issued certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now that PKCS#1 v1.5 support is removed, all certificates that are signed with RSA now use the more modern padding scheme. Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a Signed-off-by: Justin Chadwell <justin.chadwell@arm.com> WIP_v2.3-LS master v2.2-LS v2.4-LS v2.3-rc2 v2.3-rc1 v2.3-rc0 v2.3 v2.2-rc2 v2.2-rc1 v2.2-rc0 v2.2
1 parent f29213d commit 6a415a508ea6acec321e4609d3f8e5c03ba67664 Justin Chadwell authored on 9 Sep 2019

Browse code

Remove RSA PKCS#1 v1.5 support from cert_tool

Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.

Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.

Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>

WIP_v2.3-LS master v2.2-LS v2.4-LS v2.3-rc2 v2.3-rc1 v2.3-rc0 v2.3 v2.2-rc2 v2.2-rc1 v2.2-rc0 v2.2

1 parent f29213d commit 6a415a508ea6acec321e4609d3f8e5c03ba67664

Justin Chadwell authored on 9 Sep 2019

Patch

Unified Split

Showing 7 changed files

Ignore Space Show notes View docs/getting_started/user-guide.rst

Ignore Space Show notes View drivers/auth/mbedtls/mbedtls_common.mk

Ignore Space Show notes View tools/cert_create/include/cert.h

Ignore Space Show notes View tools/cert_create/include/key.h

Ignore Space Show notes View tools/cert_create/src/cert.c

Ignore Space Show notes View tools/cert_create/src/key.c

Ignore Space Show notes View tools/cert_create/src/main.c

Show line notes below