[U-Boot] [PATCH v1 5/9] fsl: secure boot: Add fsl_rsa_modexp_raw function for scenarios without DM model

15 May 2017

From: Ruchika Gupta ruchika.gupta@nxp.com
Add fsl_rsa_modexp_raw() for secure boot during SPL stage where DM
driver is not loaded.
Signed-off-by: Sumit Garg sumit.garg@nxp.com
Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Signed-off-by: York Sun york.sun@nxp.com
---
board/freescale/common/fsl_validate.c | 13 +++++++++----
 drivers/crypto/fsl/fsl_rsa.c          | 28 ++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 86baecc..96bd879 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -786,10 +786,6 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
 {
    int ret;
    uint32_t key_len;
-	struct key_prop prop;
-#if !defined(USE_HOSTCC)
-	struct udevice *mod_exp_dev;
-#endif
    ret = calc_esbchdr_esbc_hash(img);
    if (ret)
    	return ret;
@@ -797,6 +793,14 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
    /* Construct encoded hash EM' wrt PKCSv1.5 */
    construct_img_encoded_hash_second(img);
+#if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_SPL_DM)
+	ret = fsl_mod_exp_raw(img->img_sign, img->hdr.sign_len,
+			  img->img_key, key_len, img->img_encoded_hash);
+#else
+	struct key_prop prop;
+#if !defined(USE_HOSTCC)
+	struct udevice *mod_exp_dev;
+#endif
    /* Fill prop structure for public key */
    memset(&prop, 0, sizeof(struct key_prop));
    key_len = get_key_len(img) / 2;
@@ -813,6 +817,7 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
    		  &prop, img->img_encoded_hash);
+#endif
    if (ret)
    	return ret;
diff --git a/drivers/crypto/fsl/fsl_rsa.c b/drivers/crypto/fsl/fsl_rsa.c
index 5471504..32c059f 100644
--- a/drivers/crypto/fsl/fsl_rsa.c
+++ b/drivers/crypto/fsl/fsl_rsa.c
@@ -15,7 +15,34 @@
 #include "jr.h"
 #include "rsa_caam.h"
 #include <u-boot/rsa-mod-exp.h>
+#include <fsl_validate.h>
+#if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_SPL_DM)
+int fsl_mod_exp_raw(const uint8_t *sig, uint32_t sig_len,
+		uint8_t *rsa_pub_key, int keylen, uint8_t *out)
+{
+	struct pk_in_params pkin;
+	uint32_t *desc = malloc(sizeof(int) * MAX_CAAM_DESCSIZE);
+	int ret;
+
+	pkin.a = sig;
+	pkin.a_siz = sig_len;
+	pkin.n = rsa_pub_key;
+	pkin.n_siz = keylen;
+	pkin.e = rsa_pub_key + keylen;
+	pkin.e_siz = keylen;
+
+	inline_cnstr_jobdesc_pkha_rsaexp(desc, &pkin, out, sig_len);
+
+	ret = run_descriptor_jr(desc);
+	if (ret) {
+		debug("%s: RSA failed to verify: %d\n", __func__, ret);
+		return -EFAULT;
+	}
+
+	return 0;
+}
+#else
 int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
    	struct key_prop *prop, uint8_t *out)
 {
@@ -59,3 +86,4 @@ U_BOOT_DRIVER(fsl_rsa_mod_exp) = {
 U_BOOT_DEVICE(fsl_rsa) = {
    .name = "fsl_rsa_mod_exp",
 };
+#endif
-- 
2.7.4


    