Re: [PATCH v5 6/8] lib: rsa: add documentation to padding_pss_verify to document limitations

[Heiko Stübner]

Am Freitag, 22. Mai 2020, 16:19:35 CEST schrieb Heiko Stuebner:
> From: Heiko Stuebner 
> 
> padding_pss_verify only works with the default pss salt setting of -2
> (length to be automatically determined based on the PSS block structure)
> not -1 (salt length set to the maximum permissible value), which makes
> verifications of signatures with that saltlen fail.
> 
> Until this gets implemented at least document this behaviour.
> 
> Signed-off-by: Heiko Stuebner 

transplanting a tag from v4:
Reviewed-by: Philipp Tomsich 

[PATCH v5 6/8] lib: rsa: add documentation to padding_pss_verify to document limitations

[Heiko Stuebner]

From: Heiko Stuebner 

padding_pss_verify only works with the default pss salt setting of -2
(length to be automatically determined based on the PSS block structure)
not -1 (salt length set to the maximum permissible value), which makes
verifications of signatures with that saltlen fail.

Until this gets implemented at least document this behaviour.

Signed-off-by: Heiko Stuebner 
---
change in v4:
- new patch

 lib/rsa/rsa-verify.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 048f1ab789..61d98e6e2d 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -194,6 +194,19 @@ out:
return ret;
 }
 
+/*
+ * padding_pss_verify() - verify the pss padding of a signature
+ *
+ * Only works with a rsa_pss_saltlen:-2 (default value) right now
+ * saltlen:-1 "set the salt length to the digest length" is currently
+ * not supported.
+ *
+ * @info:  Specifies key and FIT information
+ * @msg:   byte array of message, len equal to msg_len
+ * @msg_len:   Message length
+ * @hash:  Pointer to the expected hash
+ * @hash_len:  Length of the hash
+ */
 int padding_pss_verify(struct image_sign_info *info,
   uint8_t *msg, int msg_len,
   const uint8_t *hash, int hash_len)
-- 
2.25.1