mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-14 17:07:38 +00:00
da29f2991d
Padding verification was done against static SHA/RSA pair arrays which take up a lot of static memory, are mostly 0xff, and cannot be reused for additional SHA/RSA pairings. The padding can be easily computed according to PKCS#1v2.1 as: EM = 0x00 || 0x01 || PS || 0x00 || T where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding of the hash. Store DER prefix in checksum_algo and create rsa_verify_padding function to handle verification of a message for any SHA/RSA pairing. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
52 lines
989 B
C
52 lines
989 B
C
/*
|
|
* Copyright (c) 2013, Andreas Oetken.
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0+
|
|
*/
|
|
|
|
#ifndef USE_HOSTCC
|
|
#include <common.h>
|
|
#include <fdtdec.h>
|
|
#include <asm/byteorder.h>
|
|
#include <linux/errno.h>
|
|
#include <asm/unaligned.h>
|
|
#include <hash.h>
|
|
#else
|
|
#include "fdt_host.h"
|
|
#endif
|
|
#include <u-boot/rsa.h>
|
|
|
|
int hash_calculate(const char *name,
|
|
const struct image_region region[],
|
|
int region_count, uint8_t *checksum)
|
|
{
|
|
struct hash_algo *algo;
|
|
int ret = 0;
|
|
void *ctx;
|
|
uint32_t i;
|
|
i = 0;
|
|
|
|
ret = hash_progressive_lookup_algo(name, &algo);
|
|
if (ret)
|
|
return ret;
|
|
|
|
ret = algo->hash_init(algo, &ctx);
|
|
if (ret)
|
|
return ret;
|
|
|
|
for (i = 0; i < region_count - 1; i++) {
|
|
ret = algo->hash_update(algo, ctx, region[i].data,
|
|
region[i].size, 0);
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
|
|
ret = algo->hash_update(algo, ctx, region[i].data, region[i].size, 1);
|
|
if (ret)
|
|
return ret;
|
|
ret = algo->hash_finish(algo, ctx, checksum, algo->digest_size);
|
|
if (ret)
|
|
return ret;
|
|
|
|
return 0;
|
|
}
|