[U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available
Simon Glass
sjg at chromium.org
Mon Dec 29 21:26:05 CET 2014
Hi Ruchika,
On 28 December 2014 at 23:58, Ruchika Gupta <ruchika.gupta at freescale.com> wrote:
>
> Resending as the message bounced from u-boot mailing list.
>
> Hi Simon,
>
>> -----Original Message-----
>> From: sjg at google.com [mailto:sjg at google.com] On Behalf Of Simon Glass
>> Sent: Wednesday, December 24, 2014 6:19 AM
>> To: Gupta Ruchika-R66431
>> Cc: U-Boot Mailing List; Sun York-R58495
>> Subject: Re: [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if
>> available
>>
>> Hi Ruchika,
>>
>> On 23 December 2014 at 04:32, Ruchika Gupta
>> <ruchika.gupta at freescale.com>
>> wrote:
>> > Modify rsa_verify to use the rsa driver of DM library available.The
>> > tools and the configurations which don't use Driver Model, will
>> > continue to use the same RSA sw library. The software implementation
>> > of RSA Modular Exponentation is now compiled if RSA_MOD_EXP_SW is selected.
>> >
>> > Kconfig options are also added for rsa library.
>> >
>> > Signed-off-by: Ruchika Gupta <ruchika.gupta at freescale.com>
>> > CC: Simon Glass <sjg at chromium.org>
>> > ---
>> > Changes in v3:
>> > New patch
>> >
>> > include/configs/am335x_evm.h | 1 +
>> > lib/Kconfig | 6 +-----
>> > lib/rsa/Kconfig | 31 +++++++++++++++++++++++++++++++
>> > lib/rsa/Makefile | 3 ++-
>> > lib/rsa/rsa-verify.c | 18 ++++++++++++++++++
>> > 5 files changed, 53 insertions(+), 6 deletions(-) create mode
>> > 100644 lib/rsa/Kconfig
>> >
>> > diff --git a/include/configs/am335x_evm.h
>> > b/include/configs/am335x_evm.h index cc36985..aa79841 100644
>> > --- a/include/configs/am335x_evm.h
>> > +++ b/include/configs/am335x_evm.h
>> > @@ -25,6 +25,7 @@
>> > # ifdef CONFIG_ENABLE_VBOOT
>> > # define CONFIG_FIT_SIGNATURE
>> > # define CONFIG_RSA
>> > +# define CONFIG_RSA_MOD_EXP_SW
>>
>> This should go in am335x_boneblack_vboot_defconfig I think.
>
> I didn’t move it in the defconfig as it was conditionally defined under CONFIG_ENABLE_VBOOT
>
>>
>> > # endif
>> > #endif
>> >
>> > diff --git a/lib/Kconfig b/lib/Kconfig index 602dd37..a1f30a2 100644
>> > --- a/lib/Kconfig
>> > +++ b/lib/Kconfig
>> > @@ -27,10 +27,6 @@ config SYS_HZ
>> > get_timer() must operate in milliseconds and this option must be
>> > set to 1000.
>> >
>> > -config RSA
>> > - bool "Use RSA Library"
>> > - help
>> > - RSA support.This enables the RSA algorithm used for FIT image
>> > - verification in U-Boot.
>> > +source lib/rsa/Kconfig
>> >
>> > endmenu
>> > diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig new file mode 100644
>> > index 0000000..8f9aa44
>> > --- /dev/null
>> > +++ b/lib/rsa/Kconfig
>> > @@ -0,0 +1,31 @@
>> > +config RSA
>> > + bool "Use RSA Library"
>> > + select RSA_MOD_EXP_SW if !DM
>> > + select DM_RSA if DM
>> > + help
>> > + RSA support.This enables the RSA algorithm used for FIT image
>> > + verification in U-Boot.
>> > + See doc/uImage.FIT/signature.txt for more details.
>> > +
>> > +if RSA && DM_RSA
>> > +
>> > +config RSA_SW
>> > + bool "User driver Model for RSA Modular Exponentiation in software"
>> > + depends on DM && DM_RSA && RSA
>> > + select RSA_MOD_EXP_SW
>> > + default y
>> > + help
>> > + Enables driver for modular exponentiation in software.
>> > +This is a
>> RSA
>> > + algorithm used in FIT image verification. It required RSA Key as
>> > + input.
>> > + See doc/uImage.FIT/signature.txt for more details.
>> > +
>> > +endif
>> > +
>> > +config RSA_MOD_EXP_SW
>> > + bool
>> > + default n
>> > + help
>> > + Library for SW implementation of RSA Modular Exponentiation. This
>> > + library is used by the mkimage tool(not selected through
>> > +this
>> option)
>> > + as well as by the RSA driver model with SW implementation.
>> > diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index
>> > cc25b3c..ccc6060 100644
>> > --- a/lib/rsa/Makefile
>> > +++ b/lib/rsa/Makefile
>> > @@ -7,4 +7,5 @@
>> > # SPDX-License-Identifier: GPL-2.0+
>> > #
>> >
>> > -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> > rsa-mod-exp.o
>> > +obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> > +obj-$(CONFIG_RSA_MOD_EXP_SW) += rsa-mod-exp.o
>> > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index
>> > f8bc086..27f10ef 100644
>> > --- a/lib/rsa/rsa-verify.c
>> > +++ b/lib/rsa/rsa-verify.c
>> > @@ -12,6 +12,7 @@
>> > #include <asm/errno.h>
>> > #include <asm/types.h>
>> > #include <asm/unaligned.h>
>> > +#include <dm.h>
>> > #else
>> > #include "fdt_host.h"
>> > #include "mkimage.h"
>> > @@ -43,6 +44,9 @@ static int rsa_verify_key(struct key_prop *prop,
>> > const
>> uint8_t *sig,
>> > const uint8_t *padding;
>> > int pad_len;
>> > int ret;
>> > +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
>> > + struct udevice *rsa_dev;
>> > +#endif
>> >
>> > if (!prop || !sig || !hash || !algo)
>> > return -EIO;
>> > @@ -63,11 +67,25 @@ static int rsa_verify_key(struct key_prop *prop,
>> > const uint8_t *sig,
>> >
>> > uint8_t buf[sig_len];
>> >
>> > +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
>> > + ret = uclass_get_device(UCLASS_RSA, 0, &rsa_dev);
>> > + if (!ret) {
>> > + ret = rsa_mod_exp(rsa_dev, sig, sig_len, prop, buf);
>> > + if (ret) {
>> > + debug("Error in Modular exponentation\n");
>> > + return ret;
>> > + }
>> > + } else {
>> > + printf("RSA: Can't find Mod Exp implemnetation\n");
>> > + return -EINVAL;
>> > + }
>> > +#else
>> > ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
>> > if (ret) {
>> > debug("Error in Modular exponentation\n");
>> > return ret;
>> > }
>> > +#endif
>>
>> This should use the uclass regardless I think. The software
>> implementation should just be a driver like the hardware implementation.
>
> I have already added software implementation as a driver in the previous patch. I have kept it here for the tools (mkimage) and the platforms which don’t use CONFIG_DM by default.
Ah I see, OK. Sorry I missed this.
Then I think rsa_mod_exp_sw() should be called from within the
software driver also. You may already be doing that, but let's make
sure the code is as common as possible.
Regards,
Simon
More information about the U-Boot
mailing list