[U-Boot] [PATCH 0/4] [RFC] rsa: Modify rsa lib to use hw acceleration
Ruchika Gupta
ruchika.gupta at freescale.com
Wed Dec 17 11:05:48 CET 2014
The rsa-verify functionality is a two step operation involving:
1. Checksum (hash) Calculation over image regions
2. Public Key Modular exponentiation over signature to generate hash
The following patch set modifies the rsa library to use hw
acceleration if available in platform.
The first two patches in the series, split the rsa-verify lib
into two files:
1. rsa-verify.c
- The file parses device tree keys node to fill a keyprop
structure. The key prop structure can then be converted
to implementation specific formal (struct rsa_pub_key
for sw implementation).
- The parsed device tree node is then passed to a generic
rsa_mod_exp function.
2. rsa-mod-exp.c
Move the software specific functions related to exponentiation
from rsa-verify.c to this file. The file is compiled if
"CONFIG_RSA_MOD_EXP_SW" is defined. In general if both
CONFIG_FIT_SIGNATURE and CONFIG_RSA are defined,
CONFIG_RSA_MOD_EXP_SW gets automatically defined.
Platforms having hardware implementation for rsa_mod_exp can
add a define "CONFIG_RSA_MOD_EXP_HW" to their config files.
Adding this defined, undefs the CONFIG_RSA_MOD_EXP_SW and
hardware implementation of mod_exp gets compiled.
Another option is to add a node in struct "image_sig_algos"
in image-sig.c as done in common/sha.c.
#ifdef CONFIG_RSA_HW
{
"sha1,rsa2048",
#ifdef HOST_CC
rsa_sign,
rsa_add_verify_data,
#else
NULL,
NULL,
#endif
rsa_verify_hw,
&checksum_algos[0],
},
#endif.
However the code related with parsing of devicetree for key properties,
calculation of hash and comparison of passed hash with signature derived
hash would need to be duplicated in the rsa_verify_hw function.
The next set of two patches are related with hash lib support
in RSA.
For hash, the infrastructure already exists in common/hash.c.
rsa_checksum is modified to use the API's registered with the
hash_algo structure. Once HW accelerated support for progressive
hash is available, RSA library can easily pick it up.
Ruchika Gupta (4):
rsa: Split the rsa-verify
crypto/fsl: Add support for RSA Modular Exponentiation
hash: Add function to find hash_algo struct with progressive hash
rsa: Use checksum algorithms from struct hash_algo
Signed-off-by: Ruchika Gupta <ruchika.gupta at freescale.com>
CC: Simon Glass <sjg at chromium.org>
common/hash.c | 35 +++--
drivers/crypto/fsl/Makefile | 1 +
drivers/crypto/fsl/fsl_rsa.c | 44 ++++++
drivers/crypto/fsl/jobdesc.c | 28 ++++
drivers/crypto/fsl/jobdesc.h | 5 +
drivers/crypto/fsl/rsa_caam.h | 27 ++++
include/config_fallbacks.h | 5 +
include/hash.h | 15 ++
include/image.h | 2 +-
include/u-boot/rsa-checksum.h | 4 +-
include/u-boot/rsa-mod-exp.h | 25 ++++
lib/rsa/Makefile | 1 +
lib/rsa/rsa-checksum.c | 61 ++++++++-
lib/rsa/rsa-mod-exp.c | 308 ++++++++++++++++++++++++++++++++++++++++++
lib/rsa/rsa-verify.c | 307 ++++-------------------------------------
tools/Makefile | 2 +-
16 files changed, 576 insertions(+), 294 deletions(-)
create mode 100644 drivers/crypto/fsl/fsl_rsa.c
create mode 100644 drivers/crypto/fsl/rsa_caam.h
create mode 100644 include/u-boot/rsa-mod-exp.h
create mode 100644 lib/rsa/rsa-mod-exp.c
--
1.8.1.4
More information about the U-Boot
mailing list