commit | 2139aa8c314f8aeb3c87203abb88741844332f28 | [log] [tgz] |
---|---|---|
author | Jens Wiklander <jens.wiklander@linaro.org> | Mon Nov 25 16:04:42 2019 +0100 |
committer | Jérôme Forissier <jerome@forissier.org> | Fri Nov 29 15:50:02 2019 +0000 |
tree | 21ba291f56e90c0b490abf29c9ff34ad2241c947 | |
parent | d77929ec2243b789b58b718d7cd50da87cd9cf97 [diff] |
core: shdr_verify_signature() supply hash length for salt length In order to support the TEE_ALG_RSASSA_PKCS1_PSS_MGF1_* group of algorithms supply the size of the hash as the size of the salt to crypto_acipher_rsassa_verify(). A salt is something introduced by PCKS1_PSS, PKCS1_V1.5 does not have a salt and the parameter will be ignored by crypto_acipher_rsassa_verify() for the latter. With the PCKS1_PSS algorithm it is common practice to use a salt with the same size as the hash, but it is not a requirement. The implementation here depends on using a salt with the same size as the hash. This is a compromise to avoid extending the signed header with a salt length field. Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
This git contains source code for the secure side implementation of OP-TEE project.
All official OP-TEE documentation has moved to http://optee.readthedocs.io.
// OP-TEE core maintainers