[U-Boot] [PATCH 3/9] [v4] DM: crypto/rsa: Add rsa Modular Exponentiation DM driver

Simon Glass sjg at chromium.org
Tue Jan 6 21:30:09 CET 2015


Hi Ruchika,

On 6 January 2015 at 02:37, Ruchika Gupta <ruchika.gupta at freescale.com>
wrote:

> Hi Simon,
>
> > -----Original Message-----
> > From: sjg at google.com [mailto:sjg at google.com] On Behalf Of Simon Glass
> > Sent: Saturday, January 03, 2015 3:54 AM
> > To: Gupta Ruchika-R66431
> > Cc: U-Boot Mailing List; Sun York-R58495
> > Subject: Re: [PATCH 3/9] [v4] DM: crypto/rsa: Add rsa Modular
> Exponentiation
> > DM driver
> >
> > Hi Ruchika,
> >
> > On 30 December 2014 at 02:30, Ruchika Gupta <ruchika.gupta at freescale.com
> >
> > wrote:
> > > Add a new rsa uclass for performing modular exponentiation and
> > > implement the software driver basing on this uclass.
> > >
> > > Signed-off-by: Ruchika Gupta <ruchika.gupta at freescale.com>
> > > CC: Simon Glass <sjg at chromium.org>
> > > ---
> > > Changes in v4:
> > > Removed Kconfig option for DM_RSA
> > > Corrected driver name for sw rsa driver Updated the rsa_mod_exp
> > > operation to have output length
> > >
> > > Changes in v3:
> > > New patch with driver model for RSA UCLASS
> > >
> > >  drivers/crypto/Makefile         |  1 +
> > >  drivers/crypto/rsa/Makefile     |  7 +++++++
> > >  drivers/crypto/rsa/rsa_sw.c     | 39
> > +++++++++++++++++++++++++++++++++++++++
> > >  drivers/crypto/rsa/rsa_uclass.c | 31 +++++++++++++++++++++++++++++++
> > >  include/dm/uclass-id.h          |  1 +
> > >  include/u-boot/rsa-mod-exp.h    | 37
> +++++++++++++++++++++++++++++++++++++
> > >  6 files changed, 116 insertions(+)
> > >  create mode 100644 drivers/crypto/rsa/Makefile  create mode 100644
> > > drivers/crypto/rsa/rsa_sw.c  create mode 100644
> > > drivers/crypto/rsa/rsa_uclass.c
> >
> > Again I'm a bit worried we are going off into the weeds.
> >
> > Is this an RSA driver or a modular exponentiation driver? It seems like
> the
> > latter to me. If so, the uclass should be UCLASS_MOD_EXP, not
> UCLASS_RSA, and
> > the files and directories should be renames also. Some hardware will
> > implement the entire RSA algorithm, which would be a true RSA uclass.
> Here I
> > think you are only doing part of it.
> I did this to introduce a generic class for RSA which has mod_exp
> implementation for now and can be extended to have sign or any other algo
> added later.For now I will change it to UCLASS_MOD_EXP as you have
> suggested.
>

>From what I understand the RSA API consists of two functions:

rsa_sign()
rsa_verify()

These are defined in rsa.h.

So if you are planning to implement an RSA uclass it should support these
two. In your case it seems like you are implementing a part of RSA, i.e.
lower-level functionality. That's why I'm saying it doesn't look like an
RSA uclass to me.


>
> >
> > Other than that rename the code looks fine.
> >
> > Minor point: again I don't see the value of returning the same value as
> > sig_len, so you may as well drop those last two args to mod_exp() -
> unless I
> > am missing something.
> I will do that and revert back to earlier implementation with uint8_t *out.
>
> >
> > >
> > > diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index
> > > 7b79237..a2f30fc 100644
> > > --- a/drivers/crypto/Makefile
> > > +++ b/drivers/crypto/Makefile
> > > @@ -6,4 +6,5 @@
> > >  #
> > >
> > >  obj-$(CONFIG_EXYNOS_ACE_SHA)   += ace_sha.o
> > > +obj-y += rsa/
> > >  obj-y += fsl/
> > > diff --git a/drivers/crypto/rsa/Makefile b/drivers/crypto/rsa/Makefile
> > > new file mode 100644 index 0000000..927c5bd
> > > --- /dev/null
> > > +++ b/drivers/crypto/rsa/Makefile
> > > @@ -0,0 +1,7 @@
> > > +#
> > > +# (C) Copyright 2014 Freescale Semiconductor, Inc.
> > > +#
> > > +# SPDX-License-Identifier:     GPL-2.0+
> > > +#
> > > +
> > > +obj-$(CONFIG_RSA) += rsa_uclass.o rsa_sw.o
> > > diff --git a/drivers/crypto/rsa/rsa_sw.c b/drivers/crypto/rsa/rsa_sw.c
> > > new file mode 100644 index 0000000..3dcd512
> > > --- /dev/null
> > > +++ b/drivers/crypto/rsa/rsa_sw.c
> > > @@ -0,0 +1,39 @@
> > > +/*
> > > + * (C) Copyright 2014 Freescale Semiconductor, Inc.
> > > + * Author: Ruchika Gupta <ruchika.gupta at freescale.com>
> > > + *
> > > + * SPDX-License-Identifier:    GPL-2.0+
> > > + */
> > > +
> > > +#include <config.h>
> > > +#include <common.h>
> > > +#include <dm.h>
> > > +#include <u-boot/rsa-mod-exp.h>
> > > +
> > > +int mod_exp_sw(struct udevice *dev, const uint8_t *sig, uint32_t
> sig_len,
> > > +               struct key_prop *prop, uint8_t **outp, uint32_t
> > > +*out_len) {
> > > +       int ret = 0;
> > > +
> > > +       ret = rsa_mod_exp_sw(sig, sig_len, prop, outp, out_len);
> > > +       if (ret) {
> > > +               debug("%s: RSA failed to verify: %d\n", __func__, ret);
> > > +               return ret;
> > > +       }
> > > +
> > > +       return 0;
> > > +}
> > > +
> > > +static const struct rsa_ops rsa_ops_sw = {
> > > +       .mod_exp        = mod_exp_sw,
> > > +};
> > > +
> > > +U_BOOT_DRIVER(rsa_sw) = {
> > > +       .name   = "rsa_sw",
> > > +       .id     = UCLASS_RSA,
> > > +       .ops    = &rsa_ops_sw,
> > > +};
> > > +
> > > +U_BOOT_DEVICE(rsa_sw) = {
> > > +       .name = "rsa_sw",
> > > +};
> > > diff --git a/drivers/crypto/rsa/rsa_uclass.c
> > > b/drivers/crypto/rsa/rsa_uclass.c new file mode 100644 index
> > > 0000000..4d52dcc
> > > --- /dev/null
> > > +++ b/drivers/crypto/rsa/rsa_uclass.c
> > > @@ -0,0 +1,31 @@
> > > +/*
> > > + * (C) Copyright 2014 Freescale Semiconductor, Inc
> > > + * Author: Ruchika Gupta <ruchika.gupta at freescale.com>
> > > + *
> > > + * SPDX-License-Identifier:    GPL-2.0+
> > > + */
> > > +
> > > +#include <common.h>
> > > +#include <dm.h>
> > > +#include <u-boot/rsa-mod-exp.h>
> > > +#include <errno.h>
> > > +#include <fdtdec.h>
> > > +#include <malloc.h>
> > > +#include <asm/io.h>
> > > +#include <linux/list.h>
> > > +
> > > +int rsa_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t
> sig_len,
> > > +               struct key_prop *node, uint8_t **out, uint32_t
> > > +*out_len) {
> > > +       const struct rsa_ops *ops = device_get_ops(dev);
> > > +
> > > +       if (!ops->mod_exp)
> > > +               return -ENOSYS;
> > > +
> > > +       return ops->mod_exp(dev, sig, sig_len, node, out, out_len); }
> > > +
> > > +UCLASS_DRIVER(rsa) = {
> > > +       .id             = UCLASS_RSA,
> > > +       .name           = "rsa",
> > > +};
> > > diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h index
> > > f17c3c2..823e43c 100644
> > > --- a/include/dm/uclass-id.h
> > > +++ b/include/dm/uclass-id.h
> > > @@ -33,6 +33,7 @@ enum uclass_id {
> > >         UCLASS_I2C,             /* I2C bus */
> > >         UCLASS_I2C_GENERIC,     /* Generic I2C device */
> > >         UCLASS_I2C_EEPROM,      /* I2C EEPROM device */
> > > +       UCLASS_RSA,             /* RSA Mod Exp device */
> > >
> > >         UCLASS_COUNT,
> > >         UCLASS_INVALID = -1,
> > > diff --git a/include/u-boot/rsa-mod-exp.h
> > > b/include/u-boot/rsa-mod-exp.h index 7b74f3c..417e468 100644
> > > --- a/include/u-boot/rsa-mod-exp.h
> > > +++ b/include/u-boot/rsa-mod-exp.h
> > > @@ -46,4 +46,41 @@ struct key_prop {
> > >  int rsa_mod_exp_sw(const uint8_t *sig, uint32_t sig_len,
> > >                 struct key_prop *node, uint8_t **outp, uint32_t
> > > *out_len);
> > >
> > > +int rsa_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t
> sig_len,
> > > +               struct key_prop *node, uint8_t **outp, uint32_t
> > > +*out_len);
> > > +
> > > +/**
> > > + * struct struct rsa_ops - Driver model for RSA operations
> > > + *
> > > + * The uclass interface is implemented by all crypto devices which
> > > +use
> > > + * driver model.
> > > + */
> > > +struct rsa_ops {
> > > +       /**
> > > +        * Perform Modular Exponentiation
> > > +        *
> > > +        * Operation: out[] = sig ^ exponent % modulus
> > > +        *
> > > +        * @dev:        RSA Device
> > > +        * @sig:        RSA PKCS1.5 signature
> > > +        * @sig_len:    Length of signature in number of bytes
> > > +        * @node:       Node with RSA key elements like modulus,
> exponent,
> > > +        *              R^2, n0inv
> > > +        * @outp:       Set to an allocated buffer holding the output
> hash
> > > +        * @out_len:    Set to length of hash(outp) calculated after
> > > +        *              exponentiation.
> > > +        *
> > > +        * This computes exponentiation over the signature. Resulting
> > > +        * hash value is placed in an allocated buffer, the pointer is
> > > +        * returned as *outp. The length of calulated hash is returned
> via
> > > +        * the out_len pointer argument. The caller should free *outp
> > > +        *
> > > +        * Returns: 0 if exponentiation is successful, or a negative
> value
> > > +        * if it wasn't.
> > > +        */
> > > +       int (*mod_exp)(struct udevice *dev, const uint8_t *sig,
> > > +                          uint32_t sig_len, struct key_prop *node,
> > > +                          uint8_t **outp, uint32_t *len); };
> > > +
> > >  #endif
> > > --
> > > 1.8.1.4
> > >
>
> Regards,
> Ruchika



Regards,
Simon


More information about the U-Boot mailing list