lib: rsa: add documentation to padding_pss_verify to document limitations

padding_pss_verify only works with the default pss salt setting of -2 (length to be automatically determined based on the PSS block structure) not -1 (salt length set to the maximum permissible value), which makes verifications of signatures with that saltlen fail. Until this gets implemented at least document this behaviour. Signed-off-by: N Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: N Simon Glass <sjg@chromium.org>

lib: rsa: add documentation to padding_pss_verify to document limitations
padding_pss_verify only works with the default pss salt setting of -2 (length to be automatically determined based on the PSS block structure) not -1 (salt length set to the maximum permissible value), which makes verifications of signatures with that saltlen fail. Until this gets implemented at least document this behaviour. Signed-off-by: N Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: N Simon Glass <sjg@chromium.org>
1a62c23e · Heiko Stuebner · Tom Rini · eda753be · 1a62c23e
隐藏空白更改
内联并排

Showing with 13 addition and 0 deletion

lib/rsa/rsa-verify.c lib/rsa/rsa-verify.c +13 -0

未找到文件。
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -194,6 +194,19 @@ out:
 	return ret;
 }

+/*
+ * padding_pss_verify() - verify the pss padding of a signature
+ *
+ * Only works with a rsa_pss_saltlen:-2 (default value) right now
+ * saltlen:-1 "set the salt length to the digest length" is currently
+ * not supported.
+ *
+ * @info:	Specifies key and FIT information
+ * @msg:	byte array of message, len equal to msg_len
+ * @msg_len:	Message length
+ * @hash:	Pointer to the expected hash
+ * @hash_len:	Length of the hash
+ */
 int padding_pss_verify(struct image_sign_info *info,
 		       uint8_t *msg, int msg_len,
 		       const uint8_t *hash, int hash_len)