The rsa-verify functionality is a two step operation involving: 1. Checksum (hash) Calculation over image regions 2. Public Key Modular exponentiation over signature to generate hash
The following patch set modifies the rsa library to use hw acceleration if available in platform.
The first two patches in the series, split the rsa-verify lib into two files: 1. rsa-verify.c - The file parses device tree keys node to fill a keyprop structure. The key prop structure can then be converted to implementation specific formal (struct rsa_pub_key for sw implementation). - The parsed device tree node is then passed to a generic rsa_mod_exp function.
2. rsa-mod-exp.c Move the software specific functions related to exponentiation from rsa-verify.c to this file. The file is compiled if "CONFIG_RSA_MOD_EXP_SW" is defined. In general if both CONFIG_FIT_SIGNATURE and CONFIG_RSA are defined, CONFIG_RSA_MOD_EXP_SW gets automatically defined.
Platforms having hardware implementation for rsa_mod_exp can add a define "CONFIG_RSA_MOD_EXP_HW" to their config files. Adding this defined, undefs the CONFIG_RSA_MOD_EXP_SW and hardware implementation of mod_exp gets compiled.
Another option is to add a node in struct "image_sig_algos" in image-sig.c as done in common/sha.c.
#ifdef CONFIG_RSA_HW { "sha1,rsa2048", #ifdef HOST_CC rsa_sign, rsa_add_verify_data, #else NULL, NULL, #endif rsa_verify_hw, &checksum_algos[0], }, #endif.
However the code related with parsing of devicetree for key properties, calculation of hash and comparison of passed hash with signature derived hash would need to be duplicated in the rsa_verify_hw function.
The next set of two patches are related with hash lib support in RSA.
For hash, the infrastructure already exists in common/hash.c. rsa_checksum is modified to use the API's registered with the hash_algo structure. Once HW accelerated support for progressive hash is available, RSA library can easily pick it up.
Ruchika Gupta (4): rsa: Split the rsa-verify crypto/fsl: Add support for RSA Modular Exponentiation hash: Add function to find hash_algo struct with progressive hash rsa: Use checksum algorithms from struct hash_algo
Signed-off-by: Ruchika Gupta ruchika.gupta@freescale.com CC: Simon Glass sjg@chromium.org
common/hash.c | 35 +++-- drivers/crypto/fsl/Makefile | 1 + drivers/crypto/fsl/fsl_rsa.c | 44 ++++++ drivers/crypto/fsl/jobdesc.c | 28 ++++ drivers/crypto/fsl/jobdesc.h | 5 + drivers/crypto/fsl/rsa_caam.h | 27 ++++ include/config_fallbacks.h | 5 + include/hash.h | 15 ++ include/image.h | 2 +- include/u-boot/rsa-checksum.h | 4 +- include/u-boot/rsa-mod-exp.h | 25 ++++ lib/rsa/Makefile | 1 + lib/rsa/rsa-checksum.c | 61 ++++++++- lib/rsa/rsa-mod-exp.c | 308 ++++++++++++++++++++++++++++++++++++++++++ lib/rsa/rsa-verify.c | 307 ++++------------------------------------- tools/Makefile | 2 +- 16 files changed, 576 insertions(+), 294 deletions(-) create mode 100644 drivers/crypto/fsl/fsl_rsa.c create mode 100644 drivers/crypto/fsl/rsa_caam.h create mode 100644 include/u-boot/rsa-mod-exp.h create mode 100644 lib/rsa/rsa-mod-exp.c