xtest: add pkcs11_1031 for CKM_RSA_X_509 sign/verify #757
Conversation
Basic test on signing/verifying with raw RSA mechanism CKM_RSA_X_509. Signed-off-by: Etienne Carriere <[email protected]>
|
This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note that you can always re-open a closed pull request at any time. |
There was a problem hiding this comment.
One comment below.
Acked-by: Jerome Forissier <[email protected]>
Tested-by: Jerome Forissier <[email protected]> (vexpress-qemu_armv8a)
| if (!in_data[0] & !(in_data[1] & 0xf0)) { | ||
| in_data[2] = 0xff; | ||
| in_data[3] = 0xff; | ||
| } |
There was a problem hiding this comment.
This black magic is somewhat confusing. Why not use a kown good hardcoded in_data?
There was a problem hiding this comment.
I have not found good hardcoded input data for raw RSA cases. The algorithm leave it up to the caller to "pad" input data but some "padding" schemes are not reliable. I tried to test flexible padding scheme yet ensuring the the first byte do not lead to an invalid signature scheme where the size of the signature is not of the size of the RSA key. I agree my implementation here is quite empiric.
There was a problem hiding this comment.
I have not found good hardcoded input data for raw RSA cases.
My idea is to run this code once and print in_data. That's your known good input ;)
Basic test on signing/verifying with raw RSA mechanism CKM_RSA_X_509.
Depends on OP-TEE/optee_os#7030 and OP-TEE/optee_client#386.