| Message ID | 20240902053326.3273410-4-chiawei_wang@aspeedtech.com |
|---|---|
| State | Superseded |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | aspeed: ast2700: Add Caliptra ECDSA driver | expand |
Hi, On Mon, 2 Sept 2024 at 07:33, Chia-Wei Wang <chiawei_wang@aspeedtech.com> wrote: > > The padding algorithm is not mandatory for all signing algorithm. > > For example, ECDSA does not require a padding method. The RSA case > which needs PKCS padding, the belonging info->crypto() also has the > check on the validity of info->padding(). Is that in rsa_verify_key() ? > > Thus, remove the info->padding check from the upper, general layer. > > Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> > --- > boot/image-fit-sig.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Simon Glass <sjg@chromium.org> > > diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c > index fe328df4a85..d06e6cc8ed6 100644 > --- a/boot/image-fit-sig.c > +++ b/boot/image-fit-sig.c > @@ -95,7 +95,7 @@ static int fit_image_setup_verify(struct image_sign_info *info, > info->required_keynode = required_keynode; > printf("%s:%s", algo_name, info->keyname); > > - if (!info->checksum || !info->crypto || !info->padding) { > + if (!info->checksum || !info->crypto) { > *err_msgp = "Unknown signature algorithm"; > return -1; > } > -- > 2.25.1 > Regards, Simon
Hi Simon, > -----Original Message----- > From: Simon Glass <sjg@chromium.org> > Sent: Saturday, September 21, 2024 12:02 AM> > > Hi, > > On Mon, 2 Sept 2024 at 07:33, Chia-Wei Wang > <chiawei_wang@aspeedtech.com> wrote: > > > > The padding algorithm is not mandatory for all signing algorithm. > > > > For example, ECDSA does not require a padding method. The RSA case > > which needs PKCS padding, the belonging info->crypto() also has the > > check on the validity of info->padding(). > > Is that in rsa_verify_key() ? Yes. Regards, Chiawei
diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c index fe328df4a85..d06e6cc8ed6 100644 --- a/boot/image-fit-sig.c +++ b/boot/image-fit-sig.c @@ -95,7 +95,7 @@ static int fit_image_setup_verify(struct image_sign_info *info, info->required_keynode = required_keynode; printf("%s:%s", algo_name, info->keyname); - if (!info->checksum || !info->crypto || !info->padding) { + if (!info->checksum || !info->crypto) { *err_msgp = "Unknown signature algorithm"; return -1; }
The padding algorithm is not mandatory for all signing algorithm. For example, ECDSA does not require a padding method. The RSA case which needs PKCS padding, the belonging info->crypto() also has the check on the validity of info->padding(). Thus, remove the info->padding check from the upper, general layer. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> --- boot/image-fit-sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)