[U-Boot] U-Boot RSA en/decryption

Simon Glass sjg at chromium.org
Mon Aug 26 17:16:25 CEST 2013 

Hi Or,

On Sun, Aug 25, 2013 at 2:28 PM, Or Yochanan <ory at annapurnalabs.com> wrote:
> Hello,
>
> This is my first message to the U-Boot mailing list, so please go easy on me
> if my syntax is flawed.. ;)
>
> I need to use RSA decryption on my U-Boot, for a specific task i have. In
> order to do so - I'd like to use some of the RSA code that have been added
> to lib (instead of porting some other encryption code into my environment).
>
> After going over the RSA code, I came to conclusion that the portion of the
> code that performs RSA verification using an RSA key (rsa_verify_key) is
> exactly what I need, since I don't intend to use FIT nor add anything to DT
> (it seems like an overkill for my requirements).
>
> However, I fail to understand how to use the RSA's data structures
> correctly. Specifically, rsa_public_key input parameter requires arguments
> that aren't clear to me. I searched online, yet couldn't find any reference
> code to parse i.o. to understand what is required from this struct..
>
> So my main questions are regarding the rsa_public_key struct that is also
> mentioned on the documentation:
> 1. There's a requirement for bot num-bits, and r^2 - how comes? From what I
> understand, r^2 can be calculated using num-bits - so currently I suspect
> that I got it wrong?

Yes it can be calculated. The idea here is to pre-calculate things
that don't need to be done at run-time in U-Boot.

> 2. What is n0inverse? I didn't find anything on the web that explains this
> argument, nor did I find anything that resemble the calculation (-1 / N[0]
> mod 2^32).

If you look at rsa_get_params() you will see where it calculates these
parameters from the RSA key. n0inverse is -1 / n mod 2^32.

Normally these three parameters are stored in the DT, but if you don't
use that I suppose you could put them somewhere else.

>
> If there's a possibility to better explain these arguments, or even better -
> provide a usage example, I'd be grateful.

The basic idea is that with these values is to make it possible to
verify a signature using just the code in rsa-verify.c. There is no
'bignum' code required, nor any openssl key management/decoding code.
If you look at rsa_verify_key() you will see that it only needs
exponentiation (pow_mod()) and the code size is quite small.

>
> Thanks in advance,
> --
> Or

Regards,
Simon

More information about the U-Boot mailing list