wolfSSL
diff --git a/‎.github/workflows/test-sunnyday-simulator.yml‎
Lines changed: 240 additions & 0 deletions b/‎.github/workflows/test-sunnyday-simulator.yml‎
Lines changed: 240 additions & 0 deletions
diff --git a/‎config/examples/sim-rsapss2048.config‎
Lines changed: 21 additions & 0 deletions b/‎config/examples/sim-rsapss2048.config‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎include/image.h‎
Lines changed: 10 additions & 0 deletions b/‎include/image.h‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎include/loader.h‎
Lines changed: 6 additions & 3 deletions b/‎include/loader.h‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎include/user_settings.h‎
Lines changed: 22 additions & 4 deletions b/‎include/user_settings.h‎
Lines changed: 22 additions & 4 deletions
@@ -175,6 +175,66 @@ jobs:
         run: |
           tools/scripts/sim-sunnyday-update.sh
 
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS2048)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS2048 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS2048, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS2048 WOLFBOOT_SMALL_STACK=1 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS3072)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS3072 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS3072, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS3072 WOLFBOOT_SMALL_STACK=1 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS4096)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS4096 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS4096, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS4096 WOLFBOOT_SMALL_STACK=1 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
       # 32 Bit simulator, FASTMATH
       #
       - name: make clean
@@ -305,6 +365,66 @@ jobs:
         run: |
           tools/scripts/sim-sunnyday-update.sh
 
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS2048, FASTMATH)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS2048 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS2048, FASTMATH, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS2048 WOLFBOOT_SMALL_STACK=1 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS3072, FASTMATH)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS3072 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS3072, FASTMATH, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS3072 WOLFBOOT_SMALL_STACK=1 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS4096, FASTMATH)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS4096 SPMATH=0 WOLFBOOT_HUGE_STACK=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS4096, FASTMATH, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS4096 WOLFBOOT_SMALL_STACK=1 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
 
       # 64 Bit simulator, SP_MATH
       #
@@ -460,6 +580,66 @@ jobs:
         run: |
           tools/scripts/sim-sunnyday-update.sh
 
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS2048)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS2048 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS2048, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS2048 WOLFBOOT_SMALL_STACK=1 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS3072)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS3072 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS3072, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS3072 WOLFBOOT_SMALL_STACK=1 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS4096)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS4096 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS4096, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS4096 WOLFBOOT_SMALL_STACK=1 SPMATH=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
       # 64 Bit simulator, FASTMATH
       #
       - name: make clean
@@ -590,6 +770,66 @@ jobs:
         run: |
           tools/scripts/sim-sunnyday-update.sh
 
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS2048, FASTMATH)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS2048 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS2048, FASTMATH, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS2048 WOLFBOOT_SMALL_STACK=1 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS3072, FASTMATH)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS3072 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS3072, FASTMATH, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS3072 WOLFBOOT_SMALL_STACK=1 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Cleanup to change key type
+        run: |
+          make keysclean
+
+      - name: Build wolfboot.elf (RSAPSS4096, FASTMATH)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS4096 SPMATH=0 WOLFBOOT_HUGE_STACK=1
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Build wolfboot.elf (RSAPSS4096, FASTMATH, WOLFBOOT_SMALL_STACK)
+        run: |
+          make clean && make test-sim-internal-flash-with-update SIGN=RSAPSS4096 WOLFBOOT_SMALL_STACK=1 SPMATH=0
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
       - name: Run sunny day LMS update test
         run: |
           tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-lms.config
 
@@ -0,0 +1,21 @@
+ARCH=sim
+TARGET=sim
+SIGN?=RSAPSS2048
+HASH?=SHA256
+WOLFBOOT_SMALL_STACK?=0
+SPI_FLASH=0
+DEBUG=1
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1
+
+# For debugging XMALLOC/XFREE
+#CFLAGS_EXTRA+=-DWOLFBOOT_DEBUG_MALLOC
@@ -68,6 +68,11 @@ extern "C" {
     defined (WOLFBOOT_SIGN_RSA4096ENC)
 #define wolfBoot_verify_signature_primary wolfBoot_verify_signature_rsa
 #endif
+#if defined (WOLFBOOT_SIGN_RSAPSS2048) || \
+    defined (WOLFBOOT_SIGN_RSAPSS3072) || \
+    defined (WOLFBOOT_SIGN_RSAPSS4096)
+#define wolfBoot_verify_signature_primary wolfBoot_verify_signature_rsa_pss
+#endif
 #if defined (WOLFBOOT_SIGN_ECC256) || \
         defined (WOLFBOOT_SIGN_ECC384) || \
         defined (WOLFBOOT_SIGN_ECC521)
@@ -97,6 +102,11 @@ extern "C" {
     defined (WOLFBOOT_SIGN_SECONDARY_RSA4096ENC)
 #define wolfBoot_verify_signature_secondary wolfBoot_verify_signature_rsa
 #endif
+#if defined (WOLFBOOT_SIGN_SECONDARY_RSAPSS2048) || \
+    defined (WOLFBOOT_SIGN_SECONDARY_RSAPSS3072) || \
+    defined (WOLFBOOT_SIGN_SECONDARY_RSAPSS4096)
+#define wolfBoot_verify_signature_secondary wolfBoot_verify_signature_rsa_pss
+#endif
 #if defined (WOLFBOOT_SIGN_SECONDARY_ECC256) || \
         defined (WOLFBOOT_SIGN_SECONDARY_ECC384) || \
         defined (WOLFBOOT_SIGN_SECONDARY_ECC521)
 
@@ -40,11 +40,14 @@ extern "C" {
 #define ECC_IMAGE_SIGNATURE_SIZE (132)
 #endif
 
-#if defined(WOLFBOOT_SIGN_RSA2048) || defined(WOLFBOOT_SIGN_SECONDARY_RSA2048)
+#if defined(WOLFBOOT_SIGN_RSA2048) || defined(WOLFBOOT_SIGN_SECONDARY_RSA2048) || \
+    defined(WOLFBOOT_SIGN_RSAPSS2048) || defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS2048)
 #define RSA_IMAGE_SIGNATURE_SIZE (256)
-#elif defined(WOLFBOOT_SIGN_RSA3072) || defined(WOLFBOOT_SIGN_SECONDARY_RSA3072)
+#elif defined(WOLFBOOT_SIGN_RSA3072) || defined(WOLFBOOT_SIGN_SECONDARY_RSA3072) || \
+    defined(WOLFBOOT_SIGN_RSAPSS3072) || defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS3072)
 #define RSA_IMAGE_SIGNATURE_SIZE (384)
-#elif defined(WOLFBOOT_SIGN_RSA4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSA4096)
+#elif defined(WOLFBOOT_SIGN_RSA4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSA4096) || \
+    defined(WOLFBOOT_SIGN_RSAPSS4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS4096)
 #define RSA_IMAGE_SIGNATURE_SIZE (512)
 #endif
 
 
@@ -222,20 +222,35 @@ extern int tolower(int c);
     defined(WOLFBOOT_SIGN_SECONDARY_RSA2048) || \
     defined(WOLFBOOT_SIGN_SECONDARY_RSA3072) || \
     defined(WOLFBOOT_SIGN_SECONDARY_RSA4096) || \
+    defined(WOLFBOOT_SIGN_RSAPSS2048) || \
+    defined(WOLFBOOT_SIGN_RSAPSS3072) || \
+    defined(WOLFBOOT_SIGN_RSAPSS4096) || \
+    defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS2048) || \
+    defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS3072) || \
+    defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS4096) || \
     (defined(WOLFCRYPT_SECURE_MODE) && (!defined(PKCS11_SMALL)))
 
 #   define WC_RSA_BLINDING
 #   define WC_RSA_DIRECT
 #   define RSA_LOW_MEM
 #   define WC_ASN_HASH_SHA256
+#   if defined(WOLFBOOT_SIGN_RSAPSS2048) || defined(WOLFBOOT_SIGN_RSAPSS3072) || \
+       defined(WOLFBOOT_SIGN_RSAPSS4096) || \
+       defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS2048) || \
+       defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS3072) || \
+       defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS4096)
+#       define WC_RSA_PSS
+#   endif
 #   if !defined(WOLFBOOT_TPM) && !defined(WOLFCRYPT_SECURE_MODE) && \
        !defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK) && \
        !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
        !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
 #       define WOLFSSL_RSA_VERIFY_INLINE
 #       define WOLFSSL_RSA_VERIFY_ONLY
 #       define WOLFSSL_RSA_PUBLIC_ONLY
-#       define WC_NO_RSA_OAEP
+#       if !defined(WC_RSA_PSS)
+#           define WC_NO_RSA_OAEP
+#       endif
 #       define NO_RSA_BOUNDS_CHECK
 #   endif
 #   if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH_ALL)
@@ -244,7 +259,8 @@ extern int tolower(int c);
 #       define WOLFSSL_SP_SMALL
 #       define WOLFSSL_SP_MATH
 #   endif
-#   if defined(WOLFBOOT_SIGN_RSA2048) || defined(WOLFBOOT_SIGN_SECONDARY_RSA2048)
+#   if defined(WOLFBOOT_SIGN_RSA2048) || defined(WOLFBOOT_SIGN_SECONDARY_RSA2048) || \
+       defined(WOLFBOOT_SIGN_RSAPSS2048) || defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS2048)
 #       define FP_MAX_BITS (2048 * 2)
 #       define SP_INT_BITS 2048
 #       define WOLFSSL_SP_NO_3072
@@ -253,7 +269,8 @@ extern int tolower(int c);
 #       define RSA_MIN_SIZE 2048
 #       define RSA_MAX_SIZE 2048
 #   endif
-#   if defined(WOLFBOOT_SIGN_RSA3072) || defined(WOLFBOOT_SIGN_SECONDARY_RSA3072)
+#   if defined(WOLFBOOT_SIGN_RSA3072) || defined(WOLFBOOT_SIGN_SECONDARY_RSA3072) || \
+       defined(WOLFBOOT_SIGN_RSAPSS3072) || defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS3072)
 #       define FP_MAX_BITS (3072 * 2)
 #       define SP_INT_BITS 3072
 #       define WOLFSSL_SP_NO_2048
@@ -263,7 +280,8 @@ extern int tolower(int c);
 #       define RSA_MAX_SIZE 3072
 #   endif
 
-#   if defined(WOLFBOOT_SIGN_RSA4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSA4096)
+#   if defined(WOLFBOOT_SIGN_RSA4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSA4096) || \
+       defined(WOLFBOOT_SIGN_RSAPSS4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSAPSS4096)
 #       define FP_MAX_BITS (4096 * 2)
 #       define SP_INT_BITS 4096
 #       define WOLFSSL_SP_NO_2048