14.3.3.2 RSA Signature
For the RSA algorithm only, the user signature is directly the RSA signature alone. Unlike the ECDSA case, the size of the 128-bit aligned user application (without its signature) is not stored because the size of the RSA signature is always equal to the size of the modulo of the public key from the last X.509 certificate in the chain.
This modulo/signature size is extracted during the parsing and the authentication of the X.509 certificate chain. This signature size is subtracted to 32-bit size stored in the 8th vector to compute the offset of the RSA signature. The ROM code supports 2048 and 4096-bit RSA signature size.
The layout of the user signature, its signature and the X.509 certificate chain is given in the table below.
| Byte Offset | Data |
|---|---|
| 0x000 | Stack Pointer |
| 0x004 | Reset |
| 0x008 | NMI |
| 0x00C | Hard Fault |
| 0x010 | Mem Manage |
| 0x014 | Bus Fault |
| 0x018 | Usage Fault |
| 0x01C | (User App + Signature) Size |
| 0x020 | X.509 Certificate Chain Size |
| ... | |
| User App Size | 2048 or 4096-bit RSA signature |
| ... | |
| (User App + Signature) Size - 0x001 | |
| (User App + Signature) Size | X.509 Certificate Chain |
| ... | |
|
(User App + Signature) Size + X.509 Certificate Chain Size - 0x001 | |
|
(User App + Signature) Size + X.509 Certificate Chain Size |