On Thu, Jul 31, 2025 at 05:31:49PM +0530, Sudhakar Kuppusamy wrote: > > > > On 24 Jul 2025, at 2:25 PM, Gary Lin <[email protected]> wrote: > > > > On Wed, Jul 09, 2025 at 05:15:21PM +0530, Sudhakar Kuppusamy wrote: > >> From: Daniel Axtens <[email protected]> > >> > >> rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme. > >> We want to use it in other RSA signature verification applications. > >> > >> I considered and rejected putting it in lib/crypto.c. That file doesn't > >> currently require any MPI functions, but rsa_pad does. That's not so > >> much of a problem for the grub kernel and modules, but crypto.c also > >> gets built into all the grub utilities. So - despite the utils not > >> using any asymmetric ciphers - we would need to built the entire MPI > >> infrastructure in to them. > >> > >> A better and simpler solution is just to spin rsa_pad out into its own > >> PKCS#1 v1.5 module. > >> > > > > The libgcrypt 1.11.0 patches were merged recently, and it seems not > > necessary to factor out rsa_pad anymore. The verification can be done > > with S-expression like this: > > > > _gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s %M)))", si->sig_mpi); > > _gcry_sexp_build (&s_data, NULL, "(data (flags pkcs1)(hash %s %b))", > > si->hash->name, si->hash->mdlen, hash); > > _gcry_sexp_build (&s_key, NULL, "(public-key(rsa(n%M)(e%M)))", > > cert->mpis[0], cert->mpis[1]); > > _gcry_pubkey_spec_rsa.verify (s_sig, s_data, s_key); > > > > Gary Lin > > Hi Gary Lin, > > Thanks for pointing this out. Updated the patch to reflect this change on v5 > (https://lists.gnu.org/archive/html/grub-devel/2025-07/msg00137.html). > And also recently posted v6. Appreciate the heads-up! > Oops, I overlooked v5. Thanks for updating the patch!
Gary Lin > V6: > https://lists.gnu.org/archive/html/grub-devel/2025-07/msg00255.html > > > Thanks, > Sudhakar > _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
