diff options
author | Andrew Duda | 2016-11-08 18:53:40 +0000 |
---|---|---|
committer | Tom Rini | 2016-11-21 14:07:30 -0500 |
commit | da29f2991d75fc8aa3289407a0e686a4a22f8c9e (patch) | |
tree | 3c972878a859196e72be31fe6da6d0ae5047d38b /lib/rsa/rsa-verify.c | |
parent | 5300a4f9336291fb713fcfaf9ea6e51b71824800 (diff) |
rsa: Verify RSA padding programatically
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:
EM = 0x00 || 0x01 || PS || 0x00 || T
where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.
Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'lib/rsa/rsa-verify.c')
-rw-r--r-- | lib/rsa/rsa-verify.c | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 5418f594aec..ee8988d6463 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -25,6 +25,40 @@ #define RSA_DEFAULT_PUBEXP 65537 /** + * rsa_verify_padding() - Verify RSA message padding is valid + * + * Verify a RSA message's padding is consistent with PKCS1.5 + * padding as described in the RSA PKCS#1 v2.1 standard. + * + * @msg: Padded message + * @pad_len: Number of expected padding bytes + * @algo: Checksum algo structure having information on DER encoding etc. + * @return 0 on success, != 0 on failure + */ +static int rsa_verify_padding(const uint8_t *msg, const int pad_len, + struct checksum_algo *algo) +{ + int ff_len; + int ret; + + /* first byte must be 0x00 */ + ret = *msg++; + /* second byte must be 0x01 */ + ret |= *msg++ ^ 0x01; + /* next ff_len bytes must be 0xff */ + ff_len = pad_len - algo->der_len - 3; + ret |= *msg ^ 0xff; + ret |= memcmp(msg, msg+1, ff_len-1); + msg += ff_len; + /* next byte must be 0x00 */ + ret |= *msg++; + /* next der_len bytes must match der_prefix */ + ret |= memcmp(msg, algo->der_prefix, algo->der_len); + + return ret; +} + +/** * rsa_verify_key() - Verify a signature against some data using RSA Key * * Verify a RSA PKCS1.5 signature against an expected hash using @@ -83,11 +117,11 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig, return ret; } - padding = algo->rsa_padding; pad_len = algo->key_len - algo->checksum_len; /* Check pkcs1.5 padding bytes. */ - if (memcmp(buf, padding, pad_len)) { + ret = rsa_verify_padding(buf, pad_len, algo); + if (ret) { debug("In RSAVerify(): Padding check failed!\n"); return -EINVAL; } |