On 03/14/2016 06:51 PM, Jimmy Zhang wrote:
Stephen Warren wrote atMonday, March 14, 2016 11:40 AM:
On 03/11/2016 06:02 PM, Jimmy Zhang wrote:
From: Alban Bedel <alban.bedel@xxxxxxxxxxxxxxxxx>
Add the support code needed to sign the RCM messages with RSA-PSS as
needed to communicate with secured production devices. This mode is
enabled by passing a key via the --pkc command line argument. If such
a key is set the RCM messages will be signed with it as well as the
bootloader.
diff --git a/src/rsa-pss.cpp b/src/rsa-pss.cpp
+extern "C" int rsa_pss_sign_file(const char *key_file, const char
*msg_file,
+ unsigned char *sig_buf)
+ int length = signature.length();
+ // error check
+ if (length != RCM_RSA_SIG_SIZE)
+ throw std::length_error("incorrect rsa key length");
I think that check is required in rsa_pss_sign() too.
I checked key's modulus length there. Once it passes, key's length should be correct.
Aren't the two functions essentially identical, the only difference
being that one signs an in-memory buffer and the other signs data read
from a file. As such, I don't see why they would be coded any
differently, apart from the file IO portion (and indeed, why doesn't
rsa_pss_sign_file() simply read file data into memory, then call the
other function?
--
To unsubscribe from this list: send the line "unsubscribe linux-tegra" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
