Merge "Use minimum 20 bytes salt for RSA PSS." into mnc-dev

commit: 3ac35814df71dce203c9b3cc1a937b178f7dc9c7 [log] [tgz]
author: Shawn Willden <swillden@google.com> Tue Jul 28 18:54:18 2015 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Tue Jul 28 18:54:18 2015 +0000
tree: 420fc62dec64a31b6c1c9065c5a3c0d8820f7add
parent: 0e0cea3bc8aea903a50c1ee18e9f3309e9f67515 [diff]
parent: 53488c665d57bf64ed7cf45b72599cff29c517c3 [diff]
diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp
index 96fc8b2..13ff796 100644
--- a/android_keymaster_test.cpp
+++ b/android_keymaster_test.cpp

@@ -1374,7 +1374,7 @@
                     key_bits = digest_bits + 8 * (11 + 19);
                     break;
                 case KM_PAD_RSA_PSS:
-                    key_bits = digest_bits + 8 * 10;
+                    key_bits = digest_bits + 22 * 8;
                     break;
                 default:
                     FAIL() << "Missing padding";

diff --git a/rsa_operation.cpp b/rsa_operation.cpp
index d9217fd..20ef45f 100644
--- a/rsa_operation.cpp
+++ b/rsa_operation.cpp

@@ -31,7 +31,7 @@
 namespace keymaster {
 
 const size_t kPssOverhead = 2;
-const size_t kMinPssSaltSize = 8;
+const size_t kMinPssSaltSize = 20;
 
 // Overhead for PKCS#1 v1.5 signature padding of undigested messages.  Digested messages have
 // additional overhead, for the digest algorithmIdentifier required by PKCS#1.
commit	3ac35814df71dce203c9b3cc1a937b178f7dc9c7	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Tue Jul 28 18:54:18 2015 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Tue Jul 28 18:54:18 2015 +0000
tree	420fc62dec64a31b6c1c9065c5a3c0d8820f7add
parent	0e0cea3bc8aea903a50c1ee18e9f3309e9f67515 [diff]
parent	53488c665d57bf64ed7cf45b72599cff29c517c3 [diff]