mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-16 17:44:19 +00:00
e639ad23c8
Currently when RSA-PSS signing is invoked, a salt length of 32 bytes is assumed. This works well when SHA-256 is the digest algorithm, but the standard industry practice is that the salt length should follow the digest length (e.g. 48/64 bytes for SHA-384/SHA-512). Various cloud services' key management services (KMS) offering have such restrictions in place, so if someone wants to integrate cert_create against these services for signing key/content certs, they will have problem with integration. Furthermore, JWS (RFC7518) defined these specific combinations as valid specs and other combinations are not supported: - PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256 - PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384 - PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512 Change-Id: Iafc7c60ccb36f4681053dbeb4147bac01b9d724d Signed-off-by: Donald Chan <donachan@tesla.com> |
||
|---|---|---|
| .. | ||
| amlogic | ||
| cert_create | ||
| conventional-changelog-tf-a | ||
| encrypt_fw | ||
| fiptool | ||
| marvell/doimage | ||
| memory | ||
| nxp | ||
| renesas | ||
| sptool | ||
| stm32image | ||