From da29f2991d75fc8aa3289407a0e686a4a22f8c9e Mon Sep 17 00:00:00 2001
From: Andrew Duda <aduda@meraki.com>
Date: Tue, 8 Nov 2016 18:53:40 +0000
Subject: rsa: Verify RSA padding programatically

Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:

  EM = 0x00 || 0x01 || PS || 0x00 || T

where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.

Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 common/image-sig.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'common')

diff --git a/common/image-sig.c b/common/image-sig.c
index 28f7a20..008d2c5 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -34,32 +34,35 @@ struct checksum_algo checksum_algos[] = {
 	{
 		"sha1",
 		SHA1_SUM_LEN,
+		SHA1_DER_LEN,
+		sha1_der_prefix,
 		RSA2048_BYTES,
 #if IMAGE_ENABLE_SIGN
 		EVP_sha1,
 #endif
 		hash_calculate,
-		padding_sha1_rsa2048,
 	},
 	{
 		"sha256",
 		SHA256_SUM_LEN,
+		SHA256_DER_LEN,
+		sha256_der_prefix,
 		RSA2048_BYTES,
 #if IMAGE_ENABLE_SIGN
 		EVP_sha256,
 #endif
 		hash_calculate,
-		padding_sha256_rsa2048,
 	},
 	{
 		"sha256",
 		SHA256_SUM_LEN,
+		SHA256_DER_LEN,
+		sha256_der_prefix,
 		RSA4096_BYTES,
 #if IMAGE_ENABLE_SIGN
 		EVP_sha256,
 #endif
 		hash_calculate,
-		padding_sha256_rsa4096,
 	}
 
 };
-- 
cgit v1.1