From patchwork Fri May 22 14:19:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heiko Stuebner X-Patchwork-Id: 246294 List-Id: U-Boot discussion From: heiko at sntech.de (Heiko Stuebner) Date: Fri, 22 May 2020 16:19:35 +0200 Subject: [PATCH v5 6/8] lib: rsa: add documentation to padding_pss_verify to document limitations In-Reply-To: <20200522141937.3523692-1-heiko@sntech.de> References: <20200522141937.3523692-1-heiko@sntech.de> Message-ID: <20200522141937.3523692-6-heiko@sntech.de> From: Heiko Stuebner padding_pss_verify only works with the default pss salt setting of -2 (length to be automatically determined based on the PSS block structure) not -1 (salt length set to the maximum permissible value), which makes verifications of signatures with that saltlen fail. Until this gets implemented at least document this behaviour. Signed-off-by: Heiko Stuebner Reviewed-by: Philipp Tomsich --- change in v4: - new patch lib/rsa/rsa-verify.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 048f1ab789..61d98e6e2d 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -194,6 +194,19 @@ out: return ret; } +/* + * padding_pss_verify() - verify the pss padding of a signature + * + * Only works with a rsa_pss_saltlen:-2 (default value) right now + * saltlen:-1 "set the salt length to the digest length" is currently + * not supported. + * + * @info: Specifies key and FIT information + * @msg: byte array of message, len equal to msg_len + * @msg_len: Message length + * @hash: Pointer to the expected hash + * @hash_len: Length of the hash + */ int padding_pss_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len)