Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:
EM = 0x00 || 0x01 || PS || 0x00 || T
where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.
Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.
cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
Commit 2842c1c242 introduced lib/sha256 into
mkimage. Since then it will be compiled with HOSTCC which may produce errors
on some systems. Most BSD systems (like OS X for me) do not ship a
linux/string.h which will lead to take the U-Boot provided
include/linux/string.h in the end. This header howver is completely wrong
here. Just take the string.h if compiling with HOSTCC and linux/string.h when
not.
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Cc: Heiko Schocher <hs@denx.de>
Acked-by: Heiko Schocher<hs@denx.de>
In preparation for making the hash function common, we may as well use
const where we can.
Also add a watchdog version of the hashing function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Now that the other architecture-specific lib directories have been
moved out of the top-level directory there's not much reason to have the
'_generic' suffix on the common lib directory.
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>