On 11 November 2016 at 14:16, Andrew Duda <[email protected]> wrote: > > Simon, > > padded_len could work. I decided to go with key_len to be more > RSA-independent since I have been dealing with ECDSA primarily. More > specifically, ECDSA has no notion of padding or padded_len, but it > does have a notion of key_len. And in RSA, I believe the padded_len is > the same as the key_len. So the name key_len name would be applicable > to both RSA and ECDSA. Granted, only RSA is currently supported in > u-boot so I wouldn't have much of a problem updating this to > padded_len. > > (sorry for the duplicate Simon)
OK I see. Reviewed-by: Simon Glass <[email protected]> > > Thanks, > Andrew > > On Fri, Nov 11, 2016 at 8:17 AM, Simon Glass <[email protected]> wrote: > > Hi, > > > > On 8 November 2016 at 11:53, aduda <[email protected]> wrote: > >> From: Andrew Duda <[email protected]> > >> > >> checksum_algo's pad_len field isn't actually used to store the length of > >> the padding but the total length of the RSA key (msg_len + pad_len) > > > > Perhaps it should be padded_key_len or padded_len? > > > >> > >> Signed-off-by: Andrew Duda <[email protected]> > >> Signed-off-by: aduda <[email protected]> > >> --- > >> > >> include/image.h | 2 +- > >> lib/rsa/rsa-verify.c | 6 +++--- > >> 2 files changed, 4 insertions(+), 4 deletions(-) > >> > >> diff --git a/include/image.h b/include/image.h > >> index 2b1296c..bfe10a0 100644 > >> --- a/include/image.h > >> +++ b/include/image.h > >> @@ -1070,7 +1070,7 @@ struct image_region { > >> struct checksum_algo { > >> const char *name; > >> const int checksum_len; > >> - const int pad_len; > >> + const int key_len; > >> #if IMAGE_ENABLE_SIGN > >> const EVP_MD *(*calculate_sign)(void); > >> #endif > >> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c > >> index 442b769..5418f59 100644 > >> --- a/lib/rsa/rsa-verify.c > >> +++ b/lib/rsa/rsa-verify.c > >> @@ -84,7 +84,7 @@ static int rsa_verify_key(struct key_prop *prop, const > >> uint8_t *sig, > >> } > >> > >> padding = algo->rsa_padding; > >> - pad_len = algo->pad_len - algo->checksum_len; > >> + pad_len = algo->key_len - algo->checksum_len; > >> > >> /* Check pkcs1.5 padding bytes. */ > >> if (memcmp(buf, padding, pad_len)) { > >> @@ -160,7 +160,7 @@ int rsa_verify(struct image_sign_info *info, > >> { > >> const void *blob = info->fdt_blob; > >> /* Reserve memory for maximum checksum-length */ > >> - uint8_t hash[info->algo->checksum->pad_len]; > >> + uint8_t hash[info->algo->checksum->key_len]; > >> int ndepth, noffset; > >> int sig_node, node; > >> char name[100]; > >> @@ -171,7 +171,7 @@ int rsa_verify(struct image_sign_info *info, > >> * rsa-signature-length > >> */ > >> if (info->algo->checksum->checksum_len > > >> - info->algo->checksum->pad_len) { > >> + info->algo->checksum->key_len) { > >> debug("%s: invlaid checksum-algorithm %s for %s\n", > >> __func__, info->algo->checksum->name, > >> info->algo->name); > >> return -EINVAL; > >> -- > >> 2.10.2 > >> > > > > Regards, > > Simon _______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
