summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorAndrew Duda <aduda@meraki.com>2016-11-08 18:53:40 +0000
committerTom Rini <trini@konsulko.com>2016-11-21 14:07:30 -0500
commitda29f2991d75fc8aa3289407a0e686a4a22f8c9e (patch)
tree3c972878a859196e72be31fe6da6d0ae5047d38b /common
parent5300a4f9336291fb713fcfaf9ea6e51b71824800 (diff)
downloadu-boot-imx-da29f2991d75fc8aa3289407a0e686a4a22f8c9e.zip
u-boot-imx-da29f2991d75fc8aa3289407a0e686a4a22f8c9e.tar.gz
u-boot-imx-da29f2991d75fc8aa3289407a0e686a4a22f8c9e.tar.bz2
rsa: Verify RSA padding programatically
Padding verification was done against static SHA/RSA pair arrays which take up a lot of static memory, are mostly 0xff, and cannot be reused for additional SHA/RSA pairings. The padding can be easily computed according to PKCS#1v2.1 as: EM = 0x00 || 0x01 || PS || 0x00 || T where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding of the hash. Store DER prefix in checksum_algo and create rsa_verify_padding function to handle verification of a message for any SHA/RSA pairing. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'common')
-rw-r--r--common/image-sig.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/common/image-sig.c b/common/image-sig.c
index 28f7a20..008d2c5 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -34,32 +34,35 @@ struct checksum_algo checksum_algos[] = {
{
"sha1",
SHA1_SUM_LEN,
+ SHA1_DER_LEN,
+ sha1_der_prefix,
RSA2048_BYTES,
#if IMAGE_ENABLE_SIGN
EVP_sha1,
#endif
hash_calculate,
- padding_sha1_rsa2048,
},
{
"sha256",
SHA256_SUM_LEN,
+ SHA256_DER_LEN,
+ sha256_der_prefix,
RSA2048_BYTES,
#if IMAGE_ENABLE_SIGN
EVP_sha256,
#endif
hash_calculate,
- padding_sha256_rsa2048,
},
{
"sha256",
SHA256_SUM_LEN,
+ SHA256_DER_LEN,
+ sha256_der_prefix,
RSA4096_BYTES,
#if IMAGE_ENABLE_SIGN
EVP_sha256,
#endif
hash_calculate,
- padding_sha256_rsa4096,
}
};