commit ababd72d2fd76cb2ded8e202b49db28d6545f6eb
author Jens Wiklander <jens.wiklander@linaro.org> Mon Nov 25 16:00:51 2019 +0100
committer Jérôme Forissier <jerome@forissier.org> Fri Nov 29 15:50:02 2019 +0000
tree df234304765c6cca43c9bbc90448a843b87b37ab
parent 2139aa8c314f8aeb3c87203abb88741844332f28

scripts/sign_encrypt.py: Sign TA using PSS

Switches from the algorithm TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to
TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 when signing TAs. Even though there
are no known vulnerabilities in PCKS#1 RSASSA V1.5 at this date there
has been issues in the past (for instance Bleichenbacher).

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

scripts/sign_encrypt.py

diff --git a/scripts/sign_encrypt.py b/scripts/sign_encrypt.py
index 0b3408d..4cc9630 100755
--- a/scripts/sign_encrypt.py
+++ b/scripts/sign_encrypt.py
@@ -128,10 +128,10 @@
 
 
 def main():
-    from Crypto.Signature import PKCS1_v1_5
-    from Crypto.Hash import SHA256
-    from Crypto.PublicKey import RSA
-    from Crypto.Util.number import ceil_div
+    from Cryptodome.Signature import pss
+    from Cryptodome.Hash import SHA256
+    from Cryptodome.PublicKey import RSA
+    from Cryptodome.Util.number import ceil_div
     import base64
     import logging
     import os
@@ -167,7 +167,7 @@
         img_type = 2         # SHDR_ENCRYPTED_TA
     else:
         img_type = 1         # SHDR_BOOTSTRAP_TA
-    algo = 0x70004830    # TEE_ALG_RSASSA_PKCS1_V1_5_SHA256
+    algo = 0x70414930    # TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256
 
     shdr = struct.pack('<IIIIHH',
                        magic, img_type, img_size, algo, digest_len, sig_len)
@@ -215,7 +215,7 @@
                          'please use offline-signing mode.')
             sys.exit(1)
         else:
-            signer = PKCS1_v1_5.new(key)
+            signer = pss.new(key)
             sig = signer.sign(h)
             if len(sig) != sig_len:
                 raise Exception(("Actual signature length is not equal to ",
@@ -242,7 +242,7 @@
                          args.digf, args.sigf)
             sys.exit(1)
         else:
-            verifier = PKCS1_v1_5.new(key)
+            verifier = pss.new(key)
             if verifier.verify(h, sig):
                 write_image_with_signature(sig)
                 logger.info('Successfully applied signature.')