On Fri, Feb 21, 2020 at 03:12:54PM +0900, AKASHI Takahiro wrote:
# This patch set is a prerequisite for UEFI secure boot.
The current rsa_verify() requires five parameters for a RSA public key for efficiency while RSA, in theory, requires only two. In addition, those parameters are expected to come from FIT image.
So this function won't fit very well when we want to use it for the purpose of implementing UEFI secure boot, in particular, image authentication as well as variable authentication, where the essential two parameters are set to be retrieved from one of X509 certificates in signature database.
So, in this patch, additional three parameters will be calculated on the fly when rsa_verify() is called without fdt which should contain parameters above.
This calculation heavily relies on "big-number (or multi-precision) library." Therefore some routines from BearSSL[1] under MIT license are imported in this implementation. See Patch#4. # Please let me know if this is not appropriate.
Prerequisite:
- public key parser in my "import x509/pkcs7 parser" patch[2]
This has been applied a long while back.
And for the record, without http://patchwork.ozlabs.org/patch/1239098/ applied sandbox fails to build. I had said I would take care of that specific issue, so I'm just noting it here. I'm kicking off a larger test now.