[U-Boot] [RFC 2/3] lib: rsa: generate additional parameters for public key

[AKASHI Takahiro <takahiro.akashi@linaro.org>]

Hi Simon,

On Mon, Sep 16, 2019 at 10:48:05PM -0700, Simon Glass wrote:
> Hi AKASHI,
> 
> On Fri, 6 Sep 2019 at 00:05, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote:
> >
> > In the current implementation of FIT_SIGNATURE, five parameters for
> > a RSA public key are required while only two of them are essential.
> > (See rsa-mod-exp.h and uImage.FIT/signature.txt)
> > This is a result of considering relatively limited computer power
> > and resources on embedded systems, while such a assumption may not
> > be quite practical for other use cases.
> >
> > In this patch, added is a function, rsa_gen_key_prop(), which will
> > generate additional parameters for other uses, in particular
> > UEFI secure boot, on the fly.
> >
> > Note: the current code uses some "big number" routines from BearSSL
> > for the calculation.
> >
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > ---
> >  include/u-boot/rsa-mod-exp.h |   3 +
> >  lib/rsa/Makefile             |   2 +-
> >  lib/rsa/rsa-keyprop.c        | 631 +++++++++++++++++++++++++++++++++++
> >  3 files changed, 635 insertions(+), 1 deletion(-)
> >  create mode 100644 lib/rsa/rsa-keyprop.c
> >
> > diff --git a/include/u-boot/rsa-mod-exp.h b/include/u-boot/rsa-mod-exp.h
> > index 8a428c4b6a1a..ca189292d869 100644
> > --- a/include/u-boot/rsa-mod-exp.h
> > +++ b/include/u-boot/rsa-mod-exp.h
> > @@ -26,6 +26,9 @@ struct key_prop {
> >         uint32_t exp_len;       /* Exponent length in number of uint8_t */
> >  };
> >
> > +struct key_prop *rsa_gen_key_prop(const void *key, uint32_t keylen);
> > +void rsa_free_key_prop(struct key_prop *prop);
> > +
> >  /**
> >   * rsa_mod_exp_sw() - Perform RSA Modular Exponentiation in sw
> >   *
> > diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
> > index 226d8f3514a9..d66eef74c514 100644
> > --- a/lib/rsa/Makefile
> > +++ b/lib/rsa/Makefile
> > @@ -5,5 +5,5 @@
> >  # (C) Copyright 2000-2007
> >  # Wolfgang Denk, DENX Software Engineering, wd at denx.de.
> >
> > -obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o
> > +obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o rsa-keyprop.o
> 
> Can this code only be included when needed? It seems a bit large,

Okay, compiled in only if CONFIG_RSA_VERIFY_WITH_PKEY.

> >  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
> > diff --git a/lib/rsa/rsa-keyprop.c b/lib/rsa/rsa-keyprop.c
> > new file mode 100644
> > index 000000000000..e650a931dff9
> > --- /dev/null
> > +++ b/lib/rsa/rsa-keyprop.c
> > @@ -0,0 +1,631 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + *  RSA library - generate parameters for a public key
> > + *
> > + *  Copyright (c) 2019 Linaro Limited
> > + *  Author: AKASHI Takahiro
> > + *
> > + *  Big number routines in this file come from BearSSL.
> > + *  See the original copyright below.
> > + *
> > + * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
> > + *
> > + * Permission is hereby granted, free of charge, to any person obtaining
> 
> Can you use SPDX?

I'm not sure this license is listed in SPDX, but will ask the author.

> > + * a copy of this software and associated documentation files (the
> > + * "Software"), to deal in the Software without restriction, including
> > + * without limitation the rights to use, copy, modify, merge, publish,
> > + * distribute, sublicense, and/or sell copies of the Software, and to
> > + * permit persons to whom the Software is furnished to do so, subject to
> > + * the following conditions:
> > + *
> > + * The above copyright notice and this permission notice shall be
> > + * included in all copies or substantial portions of the Software.
> > + *
> > + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> > + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> > + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
> > + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
> > + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
> > + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
> > + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
> > + * SOFTWARE.
> > + */
> > +#include <stdio.h>
> 
> Should this include common.h?

Okay.

> > +
> > +#include <image.h>
> > +#include <malloc.h>
> > +#include <crypto/internal/rsa.h>
> 
> Hmm this seems to be for running on the host?

rsa.h? No. It was imported from linux kernel to use rsa_parse_pub_key()
in rsa_gen_key_prop().

Thanks,
-Takahiro Akashi

> Regards,
> Simon