From: Stephen Warren <swarren-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
To: Jimmy Zhang <jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
Cc: Allen Martin <AMartin-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>,
Stephen Warren <swarren-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>,
"alban.bedel-RM9K5IK7kjKj5M59NBduVrNAH6kLmebB@public.gmane.org"
<alban.bedel-RM9K5IK7kjKj5M59NBduVrNAH6kLmebB@public.gmane.org>,
"linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [tegrarcm PATCH V2 1/4] Add support for production devices secured with PKC
Date: Tue, 15 Mar 2016 10:20:32 -0600 [thread overview]
Message-ID: <56E83650.507@wwwdotorg.org> (raw)
In-Reply-To: <f0f79d636da2412f8dad980e4114a4c8-wO81nVYWzR7YuxH7O460wFaTQe2KTcn/@public.gmane.org>
On 03/14/2016 06:51 PM, Jimmy Zhang wrote:
> Stephen Warren wrote atMonday, March 14, 2016 11:40 AM:
>> On 03/11/2016 06:02 PM, Jimmy Zhang wrote:
>>> From: Alban Bedel <alban.bedel-RM9K5IK7kjKj5M59NBduVrNAH6kLmebB@public.gmane.org>
>>>
>>> Add the support code needed to sign the RCM messages with RSA-PSS as
>>> needed to communicate with secured production devices. This mode is
>>> enabled by passing a key via the --pkc command line argument. If such
>>> a key is set the RCM messages will be signed with it as well as the
>>> bootloader.
>>> diff --git a/src/rsa-pss.cpp b/src/rsa-pss.cpp
>>
>>> +extern "C" int rsa_pss_sign_file(const char *key_file, const char
>> *msg_file,
>>> + unsigned char *sig_buf)
>>
>>> + int length = signature.length();
>>> + // error check
>>> + if (length != RCM_RSA_SIG_SIZE)
>>> + throw std::length_error("incorrect rsa key length");
>>
>> I think that check is required in rsa_pss_sign() too.
>
> I checked key's modulus length there. Once it passes, key's length should be correct.
Aren't the two functions essentially identical, the only difference
being that one signs an in-memory buffer and the other signs data read
from a file. As such, I don't see why they would be coded any
differently, apart from the file IO portion (and indeed, why doesn't
rsa_pss_sign_file() simply read file data into memory, then call the
other function?
next prev parent reply other threads:[~2016-03-15 16:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-12 1:02 [tegrarcm PATCH V2 0/4] Add support for flashing PKC secured board Jimmy Zhang
[not found] ` <1457744552-30966-1-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-12 1:02 ` [tegrarcm PATCH V2 1/4] Add support for production devices secured with PKC Jimmy Zhang
[not found] ` <1457744552-30966-2-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-14 18:39 ` Stephen Warren
[not found] ` <56E70576.3050000-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2016-03-15 0:51 ` Jimmy Zhang
[not found] ` <f0f79d636da2412f8dad980e4114a4c8-wO81nVYWzR7YuxH7O460wFaTQe2KTcn/@public.gmane.org>
2016-03-15 16:20 ` Stephen Warren [this message]
2016-03-12 1:02 ` [tegrarcm PATCH V2 2/4] Add option --gen-signed-msgs and --signed-msgs-file to generate signed blobs Jimmy Zhang
[not found] ` <1457744552-30966-3-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-14 18:58 ` Stephen Warren
2016-03-12 1:02 ` [tegrarcm PATCH V2 3/4] Add option --download-signed-msgs to download " Jimmy Zhang
[not found] ` <1457744552-30966-4-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-14 19:17 ` Stephen Warren
[not found] ` <56E70E4F.80307-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2016-03-14 20:01 ` Jimmy Zhang
[not found] ` <41214cca62234ce1b7f238fa8fcb71aa-wO81nVYWzR7YuxH7O460wFaTQe2KTcn/@public.gmane.org>
2016-03-14 20:16 ` Stephen Warren
[not found] ` <56E71C30.7030503-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2016-03-14 20:24 ` Jimmy Zhang
2016-03-12 1:02 ` [tegrarcm PATCH V2 4/4] Add option --usb-timeout=<value> Jimmy Zhang
[not found] ` <1457744552-30966-5-git-send-email-jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org>
2016-03-14 18:31 ` Stephen Warren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56E83650.507@wwwdotorg.org \
--to=swarren-3lzwwm7+weoh9zmkesr00q@public.gmane.org \
--cc=AMartin-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org \
--cc=alban.bedel-RM9K5IK7kjKj5M59NBduVrNAH6kLmebB@public.gmane.org \
--cc=jimmzhang-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org \
--cc=linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=swarren-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.