[U-Boot] [PATCH 4/4] [RFC] rsa: Use checksum algorithms from struct hash_algo

Simon Glass sjg at chromium.org
Wed Dec 17 22:52:37 CET 2014 

Hi,

On 17 December 2014 at 03:05, Ruchika Gupta <ruchika.gupta at freescale.com> wrote:
> Currently the hash functions used in RSA are called
> directly from the sha1 and sha256 libraries.
> Change the RSA checksum library to use the progressive
> hash API's registered with struct hash_algo. This will
> allow the checksum library to use the support of hardware
> accelerated progressive hash API's once available.
>
> Signed-off-by: Ruchika Gupta <ruchika.gupta at freescale.com>
> CC: Simon Glass <sjg at chromium.org>
> ---
>  include/image.h               |  2 +-
>  include/u-boot/rsa-checksum.h |  4 +--
>  lib/rsa/rsa-checksum.c        | 61 ++++++++++++++++++++++++++++++++++++++++---
>  3 files changed, 60 insertions(+), 7 deletions(-)
>
> diff --git a/include/image.h b/include/image.h
> index af30d60..0067c75 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -926,7 +926,7 @@ struct checksum_algo {
>  #if IMAGE_ENABLE_SIGN
>         const EVP_MD *(*calculate_sign)(void);
>  #endif
> -       void (*calculate)(const struct image_region region[],
> +       int (*calculate)(const struct image_region region[],
>                           int region_count, uint8_t *checksum);
>         const uint8_t *rsa_padding;
>  };
> diff --git a/include/u-boot/rsa-checksum.h b/include/u-boot/rsa-checksum.h
> index c996fb3..db55046 100644
> --- a/include/u-boot/rsa-checksum.h
> +++ b/include/u-boot/rsa-checksum.h
> @@ -16,9 +16,9 @@ extern const uint8_t padding_sha256_rsa4096[];
>  extern const uint8_t padding_sha256_rsa2048[];
>  extern const uint8_t padding_sha1_rsa2048[];
>
> -void sha256_calculate(const struct image_region region[], int region_count,
> +int sha256_calculate(const struct image_region region[], int region_count,
>                       uint8_t *checksum);
> -void sha1_calculate(const struct image_region region[], int region_count,
> +int sha1_calculate(const struct image_region region[], int region_count,
>                     uint8_t *checksum);

I wonder if the algorithm can become a parameter rather than
duplicating the code...

>
>  #endif
> diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c
> index 8d8b59f..af27c97 100644
> --- a/lib/rsa/rsa-checksum.c
> +++ b/lib/rsa/rsa-checksum.c
> @@ -10,12 +10,13 @@
>  #include <asm/byteorder.h>
>  #include <asm/errno.h>
>  #include <asm/unaligned.h>
> +#include <hash.h>
>  #else
>  #include "fdt_host.h"
> -#endif
> -#include <u-boot/rsa.h>
>  #include <u-boot/sha1.h>
>  #include <u-boot/sha256.h>
> +#endif
> +#include <u-boot/rsa.h>
>
>  /* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
>
> @@ -136,7 +137,54 @@ const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = {
>         0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
>  };
>
> -void sha1_calculate(const struct image_region region[], int region_count,
> +#ifndef USE_HOSTCC
> +void hash_calculate(struct hash_algo *algo, const struct image_region region[],
> +                  int region_count, uint8_t *checksum)
> +{
> +       void *ctx;
> +       uint32_t i;
> +       i = 0;
> +
> +       algo->hash_init(algo, &ctx);
> +       for (i = 0; i < region_count - 1; i++)
> +               algo->hash_update(algo, ctx, region[i].data, region[i].size, 0);
> +
> +       algo->hash_update(algo, ctx, region[i].data, region[i].size, 1);
> +       algo->hash_finish(algo, ctx, checksum, algo->digest_size);
> +}
> +
> +int sha1_calculate(const struct image_region region[], int region_count,
> +                   uint8_t *checksum)
> +{
> +       struct hash_algo *algo;
> +       int ret = 0;
> +
> +       ret = hash_progressive_lookup_algo("sha1", &algo);
> +       if (ret)
> +               return ret;
> +
> +       hash_calculate(algo, region, region_count, checksum);
> +
> +       return 0;
> +}
> +
> +int sha256_calculate(const struct image_region region[], int region_count,
> +                   uint8_t *checksum)
> +{
> +       struct hash_algo *algo;
> +       int ret;
> +
> +       ret = hash_progressive_lookup_algo("sha256", &algo);
> +       if (ret)
> +               return ret;
> +
> +       hash_calculate(algo, region, region_count, checksum);
> +
> +       return 0;
> +}

Here is the duplication - these functions are the same but for sha1 and sha256.

> +
> +#else
> +int sha1_calculate(const struct image_region region[], int region_count,
>                     uint8_t *checksum)
>  {
>         sha1_context ctx;
> @@ -147,9 +195,11 @@ void sha1_calculate(const struct image_region region[], int region_count,
>         for (i = 0; i < region_count; i++)
>                 sha1_update(&ctx, region[i].data, region[i].size);
>         sha1_finish(&ctx, checksum);
> +
> +       return 0;
>  }
>
> -void sha256_calculate(const struct image_region region[], int region_count,
> +int sha256_calculate(const struct image_region region[], int region_count,
>                       uint8_t *checksum)
>  {
>         sha256_context ctx;
> @@ -160,4 +210,7 @@ void sha256_calculate(const struct image_region region[], int region_count,
>         for (i = 0; i < region_count; i++)
>                 sha256_update(&ctx, region[i].data, region[i].size);
>         sha256_finish(&ctx, checksum);
> +
> +       return 0;
>  }
> +#endif
> --
> 1.8.1.4
>

Regards,
Simon

More information about the U-Boot mailing list