Check RSA padding in TZ

The only supported padding method is PKCS1

Change-Id: I3cd769d68f67b3ee2afb959bca2e74db8e6295c4

diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index 2a5d83c..1d14e08 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -733,6 +733,11 @@ RawBuffer sign(const RawBuffer &pkeyId,
        if (algo != AlgoType::RSA_SV && hash == HashAlgorithm::NONE)
                ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
 
+       RSAPaddingAlgorithm padding = RSAPaddingAlgorithm::NONE;
+       alg.getParam(ParamName::SV_RSA_PADDING, padding);
+       if (algo == AlgoType::RSA_SV && padding != RSAPaddingAlgorithm::PKCS1)
+               ThrowErr(Exc::Crypto::InputParam, "Only PKCS1 padding is supported");
+
        RawBuffer signature;
        TrustZoneContext::Instance().executeSign(getAlgType(algo),
                                                                                        getHashType(hash),
@@ -754,6 +759,11 @@ int verify(const RawBuffer &pkeyId,
        if (algo != AlgoType::RSA_SV && hash == HashAlgorithm::NONE)
                ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
 
+       RSAPaddingAlgorithm padding = RSAPaddingAlgorithm::NONE;
+       alg.getParam(ParamName::SV_RSA_PADDING, padding);
+       if (algo == AlgoType::RSA_SV && padding != RSAPaddingAlgorithm::PKCS1)
+               ThrowErr(Exc::Crypto::InputParam, "Only PKCS1 padding is supported");
+
        return TrustZoneContext::Instance().executeVerify(getAlgType(algo),
                                                                                                        getHashType(hash),
                                                                                                        pkeyId,