ENCRYPTING with RSA3072 - Not Support

[Gioelinho]

Hi all,

I have been trying to make decrypting of firmware image on MCUboot but have not been successful. Platform: Zephyr

This is what I've done;

On the bootloader

• Built the MCUboot bootloader with signature key and encryption key, CONFIG_BOOT_ENCRYPT_RSA=y CONFIG_BOOT_SIGNATURE_KEY_FILE=XXX I'm generetad my personal keys for signature and encrypt.

Both the key for signature and encrypt are RSA3072

The signature --> WORK FINE!

The encryption --> this does not work

Maybe the problem is that in MCUBOOT code the TLV accepted are:

` #define IMAGE_TLV_KEYHASH 0x01 /* hash of the public key */

#define IMAGE_TLV_PUBKEY 0x02 /* public key */

#define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */

#define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */

#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output */

#define IMAGE_TLV_ECDSA256 0x22 /* ECDSA of hash output */

#define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */

#define IMAGE_TLV_ED25519 0x24 /* ed25519 of hash output */

#define IMAGE_TLV_ENC_RSA2048 0x30 /* Key encrypted with RSA-OAEP-2048 */

#define IMAGE_TLV_ENC_KW 0x31 /* Key encrypted with AES-KW 128 or 256*/

#define IMAGE_TLV_ENC_EC256 0x32 /* Key encrypted with ECIES-EC256 */

#define IMAGE_TLV_ENC_X25519 0x33 /* Key encrypted with ECIES-X25519 */

#define IMAGE_TLV_DEPENDENCY 0x40 /* Image depends on other image */

#define IMAGE_TLV_SEC_CNT 0x50 /* security counter */

#define IMAGE_TLV_BOOT_RECORD 0x60 /* measured boot record */ `

Doesn't compare #define IMAGE_TLV_ENC_RSA3072

I saw , at the beginning, that there is a problem in the EXPECTED_ENC_LEN (file encrypted.c) :

if (len != EXPECTED_ENC_LEN) { return -1; }

---

Am I wrong something ? there is a way to do that? Is there a reason why this is missing ? Is there a way to introduce it ? Can i do it by my-self ? What is the correct path to add it ?

Regards, G.