[U-Boot] [PATCH 0/4] [RFC] rsa: Modify rsa lib to use hw acceleration

Ruchika Gupta ruchika.gupta at freescale.com
Wed Dec 17 11:05:48 CET 2014


The rsa-verify functionality is a two step operation involving:
1. Checksum (hash) Calculation over image regions
2. Public Key Modular exponentiation over signature to generate hash
 
The following patch set modifies the rsa library to use hw 
acceleration if available in platform.

The first two patches in the series, split the rsa-verify lib
into two files:
1. rsa-verify.c
- The file parses device tree keys node to fill a keyprop
structure. The key prop structure can then be converted
to implementation specific formal (struct rsa_pub_key 
for sw implementation).
- The parsed device tree node is then passed to a generic
rsa_mod_exp function.

2. rsa-mod-exp.c
Move the software specific functions related to exponentiation
from rsa-verify.c to this file. The file is compiled if
"CONFIG_RSA_MOD_EXP_SW" is defined. In general if both
CONFIG_FIT_SIGNATURE and CONFIG_RSA are defined, 
CONFIG_RSA_MOD_EXP_SW gets automatically defined.

Platforms having hardware implementation for rsa_mod_exp can 
add a define "CONFIG_RSA_MOD_EXP_HW" to their config files.
Adding this defined, undefs the CONFIG_RSA_MOD_EXP_SW and 
hardware implementation of mod_exp gets compiled.

Another option is to add a node in struct "image_sig_algos"
in image-sig.c as done in common/sha.c. 

#ifdef CONFIG_RSA_HW
     {
                "sha1,rsa2048",
#ifdef HOST_CC
                rsa_sign,
                rsa_add_verify_data,
#else
		NULL,
		NULL,
#endif
                rsa_verify_hw,
                &checksum_algos[0],
        },
#endif.

However the code related with parsing of devicetree for key properties,
calculation of hash and comparison of passed hash with signature derived
hash would need to be duplicated in the rsa_verify_hw function. 

The next set of two patches are related with hash lib support 
in RSA.
 
For hash, the infrastructure already exists in common/hash.c.
rsa_checksum is modified to use the API's registered with the
hash_algo structure. Once HW accelerated support for progressive
hash is available, RSA library can easily pick it up.

Ruchika Gupta (4):
  rsa: Split the rsa-verify
  crypto/fsl: Add support for RSA Modular Exponentiation
  hash: Add function to find hash_algo struct with progressive hash
  rsa: Use checksum algorithms from struct hash_algo

Signed-off-by: Ruchika Gupta <ruchika.gupta at freescale.com>
CC: Simon Glass <sjg at chromium.org>

 common/hash.c                 |  35 +++--
 drivers/crypto/fsl/Makefile   |   1 +
 drivers/crypto/fsl/fsl_rsa.c  |  44 ++++++
 drivers/crypto/fsl/jobdesc.c  |  28 ++++
 drivers/crypto/fsl/jobdesc.h  |   5 +
 drivers/crypto/fsl/rsa_caam.h |  27 ++++
 include/config_fallbacks.h    |   5 +
 include/hash.h                |  15 ++
 include/image.h               |   2 +-
 include/u-boot/rsa-checksum.h |   4 +-
 include/u-boot/rsa-mod-exp.h  |  25 ++++
 lib/rsa/Makefile              |   1 +
 lib/rsa/rsa-checksum.c        |  61 ++++++++-
 lib/rsa/rsa-mod-exp.c         | 308 ++++++++++++++++++++++++++++++++++++++++++
 lib/rsa/rsa-verify.c          | 307 ++++-------------------------------------
 tools/Makefile                |   2 +-
 16 files changed, 576 insertions(+), 294 deletions(-)
 create mode 100644 drivers/crypto/fsl/fsl_rsa.c
 create mode 100644 drivers/crypto/fsl/rsa_caam.h
 create mode 100644 include/u-boot/rsa-mod-exp.h
 create mode 100644 lib/rsa/rsa-mod-exp.c

-- 
1.8.1.4



More information about the U-Boot mailing list