rsa: Verify RSA padding programatically Padding verification was done against static SHA/RSA pair arrays which take up a lot of static memory, are mostly 0xff, and cannot be reused for additional SHA/RSA pairings. The padding can be easily computed according to PKCS#1v2.1 as: EM = 0x00 || 0x01 || PS || 0x00 || T where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding of the hash. Store DER prefix in checksum_algo and create rsa_verify_padding function to handle verification of a message for any SHA/RSA pairing. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>

commit: da29f2991d75fc8aa3289407a0e686a4a22f8c9e [log] [tgz]
author: Andrew Duda <aduda@meraki.com> Tue Nov 08 18:53:40 2016 +0000
committer: Tom Rini <trini@konsulko.com> Mon Nov 21 14:07:30 2016 -0500
tree: 3c972878a859196e72be31fe6da6d0ae5047d38b
parent: 5300a4f9336291fb713fcfaf9ea6e51b71824800 [diff] [blame]
diff --git a/lib/sha256.c b/lib/sha256.c
index bb338ba..7f5a361 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c

@@ -15,6 +15,12 @@
 #include <watchdog.h>
 #include <u-boot/sha256.h>
 
+const uint8_t sha256_der_prefix[SHA256_DER_LEN] = {
+	0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+	0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+	0x00, 0x04, 0x20
+};
+
 /*
  * 32-bit integer manipulation macros (big endian)
  */
commit	da29f2991d75fc8aa3289407a0e686a4a22f8c9e	[log] [tgz]
author	Andrew Duda <aduda@meraki.com>	Tue Nov 08 18:53:40 2016 +0000
committer	Tom Rini <trini@konsulko.com>	Mon Nov 21 14:07:30 2016 -0500
tree	3c972878a859196e72be31fe6da6d0ae5047d38b
parent	5300a4f9336291fb713fcfaf9ea6e51b71824800 [diff] [blame]