Remove RSA PKCS#1 v1.5 support from cert_tool

Support for PKCS#1 v1.5 was deprecated in SHA 1001202 and fully removed
in SHA fe199e3, however, cert_tool is still able to generate
certificates in that form. This patch fully removes the ability for
cert_tool to generate these certificates.

Additionally, this patch also fixes a bug where the issuing certificate
was a RSA and the issued certificate was EcDSA. In this case, the issued
certificate would be signed using PKCS#1 v1.5 instead of RSAPSS per
PKCS#1 v2.1, preventing TF-A from verifying the image signatures. Now
that PKCS#1 v1.5 support is removed, all certificates that are signed
with RSA now use the more modern padding scheme.

Change-Id: Id87d7d915be594a1876a73080528d968e65c4e9a
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>

1 files changed, 0 insertions, 2 deletions

diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index c08beb8b..d96d9839 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -21,7 +21,6 @@ enum {
 /* Supported key algorithms */
 enum {
 	KEY_ALG_RSA,		/* RSA PSS as defined by PKCS#1 v2.1 (default) */
-	KEY_ALG_RSA_1_5,	/* RSA as defined by PKCS#1 v1.5 */
 #ifndef OPENSSL_NO_EC
 	KEY_ALG_ECDSA,
 #endif /* OPENSSL_NO_EC */
@@ -42,7 +41,6 @@ enum{
 /* NOTE: the first item in each array is the default key size */
 static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = {
 	{ 2048, 1024, 3072, 4096 },	/* KEY_ALG_RSA */
-	{ 2048, 1024, 3072, 4096 },	/* KEY_ALG_RSA_1_5 */
 #ifndef OPENSSL_NO_EC
 	{}				/* KEY_ALG_ECDSA */
 #endif /* OPENSSL_NO_EC */