crypto: don't check hash size when the main algorithm is ECDSA #1497
+20
−25
Commits on Apr 26, 2017
-
crypto: don't check hash size when the main algorithm is ECDSA
syscall_asymm_verify() (and therefore TEE_AsymmetricVerifyDigest()) incorrectly assumes that the hash algorithm is SHA1 when the main algorithm is ECDSA, and will panic the TA if the hash size is not set accordingly. This behavior does not comply with the TEE Internal Core API v1.1, which states: "Where a hash algorithm is specified in the algorithm, digestLen SHALL be equal to the digest length of this hash algorithm". For TEE_ALG_ECDSA_P192, TEE_ALG_ECDSA_P224, TEE_ALG_ECDSA_P256, TEE_ALG_ECDSA_P384 and TEE_ALG_ECDSA_P521, no hash algorithm is specified, and so we must not restrict the hash size to any specific value. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Henrik Andersson <Henrik.Andersson@se.bosch.com> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.