[U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available
       [not found] <BY1PR0301MB12889C93AD54022544095D3EEF540@BY1PR0301MB1288.namprd03.prod.outlook.com>
@ 2014-12-29  6:58 ` Ruchika Gupta
  2014-12-29 20:26   ` Simon Glass
  0 siblings, 1 reply; 5+ messages in thread
From: Ruchika Gupta @ 2014-12-29  6:58 UTC (permalink / raw)
  To: u-boot


Resending as the message bounced from u-boot mailing list.

Hi Simon,

> -----Original Message-----
> From: sjg at google.com [mailto:sjg at google.com] On Behalf Of Simon Glass
> Sent: Wednesday, December 24, 2014 6:19 AM
> To: Gupta Ruchika-R66431
> Cc: U-Boot Mailing List; Sun York-R58495
> Subject: Re: [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if
> available
>
> Hi Ruchika,
>
> On 23 December 2014 at 04:32, Ruchika Gupta
> <ruchika.gupta@freescale.com>
> wrote:
> > Modify rsa_verify to use the rsa driver of DM library available.The
> > tools and the configurations which don't use Driver Model, will
> > continue to use the same RSA sw library. The software implementation
> > of RSA Modular Exponentation is now compiled if RSA_MOD_EXP_SW is selected.
> >
> > Kconfig options are also added for rsa library.
> >
> > Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
> > CC: Simon Glass <sjg@chromium.org>
> > ---
> > Changes in v3:
> > New patch
> >
> >  include/configs/am335x_evm.h |  1 +
> >  lib/Kconfig                  |  6 +-----
> >  lib/rsa/Kconfig              | 31 +++++++++++++++++++++++++++++++
> >  lib/rsa/Makefile             |  3 ++-
> >  lib/rsa/rsa-verify.c         | 18 ++++++++++++++++++
> >  5 files changed, 53 insertions(+), 6 deletions(-)  create mode
> > 100644 lib/rsa/Kconfig
> >
> > diff --git a/include/configs/am335x_evm.h
> > b/include/configs/am335x_evm.h index cc36985..aa79841 100644
> > --- a/include/configs/am335x_evm.h
> > +++ b/include/configs/am335x_evm.h
> > @@ -25,6 +25,7 @@
> >  # ifdef CONFIG_ENABLE_VBOOT
> >  # define CONFIG_FIT_SIGNATURE
> >  # define CONFIG_RSA
> > +# define CONFIG_RSA_MOD_EXP_SW
>
> This should go in am335x_boneblack_vboot_defconfig I think.

I didn?t move it in the defconfig as it was conditionally defined under CONFIG_ENABLE_VBOOT

>
> >  # endif
> >  #endif
> >
> > diff --git a/lib/Kconfig b/lib/Kconfig index 602dd37..a1f30a2 100644
> > --- a/lib/Kconfig
> > +++ b/lib/Kconfig
> > @@ -27,10 +27,6 @@ config SYS_HZ
> >           get_timer() must operate in milliseconds and this option must be
> >           set to 1000.
> >
> > -config RSA
> > -       bool "Use RSA Library"
> > -       help
> > -         RSA support.This enables the RSA algorithm used for FIT image
> > -         verification in U-Boot.
> > +source lib/rsa/Kconfig
> >
> >  endmenu
> > diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig new file mode 100644
> > index 0000000..8f9aa44
> > --- /dev/null
> > +++ b/lib/rsa/Kconfig
> > @@ -0,0 +1,31 @@
> > +config RSA
> > +       bool "Use RSA Library"
> > +       select RSA_MOD_EXP_SW if !DM
> > +       select DM_RSA if DM
> > +       help
> > +         RSA support.This enables the RSA algorithm used for FIT image
> > +         verification in U-Boot.
> > +         See doc/uImage.FIT/signature.txt for more details.
> > +
> > +if RSA && DM_RSA
> > +
> > +config RSA_SW
> > +       bool "User driver Model for RSA Modular Exponentiation in software"
> > +       depends on DM && DM_RSA && RSA
> > +       select RSA_MOD_EXP_SW
> > +       default y
> > +       help
> > +         Enables driver for modular exponentiation in software.
> > +This is a
> RSA
> > +         algorithm used in FIT image verification. It required RSA Key as
> > +         input.
> > +         See doc/uImage.FIT/signature.txt for more details.
> > +
> > +endif
> > +
> > +config RSA_MOD_EXP_SW
> > +       bool
> > +       default n
> > +       help
> > +         Library for SW implementation of RSA Modular Exponentiation. This
> > +         library is used by the mkimage tool(not selected through
> > +this
> option)
> > +         as well as by the RSA driver model with SW implementation.
> > diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index
> > cc25b3c..ccc6060 100644
> > --- a/lib/rsa/Makefile
> > +++ b/lib/rsa/Makefile
> > @@ -7,4 +7,5 @@
> >  # SPDX-License-Identifier:     GPL-2.0+
> >  #
> >
> > -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> > rsa-mod-exp.o
> > +obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> > +obj-$(CONFIG_RSA_MOD_EXP_SW) += rsa-mod-exp.o
> > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index
> > f8bc086..27f10ef 100644
> > --- a/lib/rsa/rsa-verify.c
> > +++ b/lib/rsa/rsa-verify.c
> > @@ -12,6 +12,7 @@
> >  #include <asm/errno.h>
> >  #include <asm/types.h>
> >  #include <asm/unaligned.h>
> > +#include <dm.h>
> >  #else
> >  #include "fdt_host.h"
> >  #include "mkimage.h"
> > @@ -43,6 +44,9 @@ static int rsa_verify_key(struct key_prop *prop,
> > const
> uint8_t *sig,
> >         const uint8_t *padding;
> >         int pad_len;
> >         int ret;
> > +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
> > +       struct udevice *rsa_dev;
> > +#endif
> >
> >         if (!prop || !sig || !hash || !algo)
> >                 return -EIO;
> > @@ -63,11 +67,25 @@ static int rsa_verify_key(struct key_prop *prop,
> > const uint8_t *sig,
> >
> >         uint8_t buf[sig_len];
> >
> > +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
> > +       ret = uclass_get_device(UCLASS_RSA, 0, &rsa_dev);
> > +       if (!ret) {
> > +               ret = rsa_mod_exp(rsa_dev, sig, sig_len, prop, buf);
> > +               if (ret) {
> > +                       debug("Error in Modular exponentation\n");
> > +                       return ret;
> > +               }
> > +       } else {
> > +               printf("RSA: Can't find Mod Exp implemnetation\n");
> > +               return -EINVAL;
> > +       }
> > +#else
> >         ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
> >         if (ret) {
> >                 debug("Error in Modular exponentation\n");
> >                 return ret;
> >         }
> > +#endif
>
> This should use the uclass regardless I think. The software
> implementation should just be a driver like the hardware implementation.

I have already added software implementation as a driver in the previous patch. I have kept it here for the tools (mkimage) and the platforms which don?t use CONFIG_DM by default.

>
> >
> >         padding = algo->rsa_padding;
> >         pad_len = algo->pad_len - algo->checksum_len;
> > --
> > 1.8.1.4
> >
>
> Regards,
> Simon

Regards,
Ruchika

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available
  2014-12-29  6:58 ` [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available Ruchika Gupta
@ 2014-12-29 20:26   ` Simon Glass
  0 siblings, 0 replies; 5+ messages in thread
From: Simon Glass @ 2014-12-29 20:26 UTC (permalink / raw)
  To: u-boot

Hi Ruchika,

On 28 December 2014 at 23:58, Ruchika Gupta <ruchika.gupta@freescale.com> wrote:
>
> Resending as the message bounced from u-boot mailing list.
>
> Hi Simon,
>
>> -----Original Message-----
>> From: sjg at google.com [mailto:sjg at google.com] On Behalf Of Simon Glass
>> Sent: Wednesday, December 24, 2014 6:19 AM
>> To: Gupta Ruchika-R66431
>> Cc: U-Boot Mailing List; Sun York-R58495
>> Subject: Re: [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if
>> available
>>
>> Hi Ruchika,
>>
>> On 23 December 2014 at 04:32, Ruchika Gupta
>> <ruchika.gupta@freescale.com>
>> wrote:
>> > Modify rsa_verify to use the rsa driver of DM library available.The
>> > tools and the configurations which don't use Driver Model, will
>> > continue to use the same RSA sw library. The software implementation
>> > of RSA Modular Exponentation is now compiled if RSA_MOD_EXP_SW is selected.
>> >
>> > Kconfig options are also added for rsa library.
>> >
>> > Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
>> > CC: Simon Glass <sjg@chromium.org>
>> > ---
>> > Changes in v3:
>> > New patch
>> >
>> >  include/configs/am335x_evm.h |  1 +
>> >  lib/Kconfig                  |  6 +-----
>> >  lib/rsa/Kconfig              | 31 +++++++++++++++++++++++++++++++
>> >  lib/rsa/Makefile             |  3 ++-
>> >  lib/rsa/rsa-verify.c         | 18 ++++++++++++++++++
>> >  5 files changed, 53 insertions(+), 6 deletions(-)  create mode
>> > 100644 lib/rsa/Kconfig
>> >
>> > diff --git a/include/configs/am335x_evm.h
>> > b/include/configs/am335x_evm.h index cc36985..aa79841 100644
>> > --- a/include/configs/am335x_evm.h
>> > +++ b/include/configs/am335x_evm.h
>> > @@ -25,6 +25,7 @@
>> >  # ifdef CONFIG_ENABLE_VBOOT
>> >  # define CONFIG_FIT_SIGNATURE
>> >  # define CONFIG_RSA
>> > +# define CONFIG_RSA_MOD_EXP_SW
>>
>> This should go in am335x_boneblack_vboot_defconfig I think.
>
> I didn?t move it in the defconfig as it was conditionally defined under CONFIG_ENABLE_VBOOT
>
>>
>> >  # endif
>> >  #endif
>> >
>> > diff --git a/lib/Kconfig b/lib/Kconfig index 602dd37..a1f30a2 100644
>> > --- a/lib/Kconfig
>> > +++ b/lib/Kconfig
>> > @@ -27,10 +27,6 @@ config SYS_HZ
>> >           get_timer() must operate in milliseconds and this option must be
>> >           set to 1000.
>> >
>> > -config RSA
>> > -       bool "Use RSA Library"
>> > -       help
>> > -         RSA support.This enables the RSA algorithm used for FIT image
>> > -         verification in U-Boot.
>> > +source lib/rsa/Kconfig
>> >
>> >  endmenu
>> > diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig new file mode 100644
>> > index 0000000..8f9aa44
>> > --- /dev/null
>> > +++ b/lib/rsa/Kconfig
>> > @@ -0,0 +1,31 @@
>> > +config RSA
>> > +       bool "Use RSA Library"
>> > +       select RSA_MOD_EXP_SW if !DM
>> > +       select DM_RSA if DM
>> > +       help
>> > +         RSA support.This enables the RSA algorithm used for FIT image
>> > +         verification in U-Boot.
>> > +         See doc/uImage.FIT/signature.txt for more details.
>> > +
>> > +if RSA && DM_RSA
>> > +
>> > +config RSA_SW
>> > +       bool "User driver Model for RSA Modular Exponentiation in software"
>> > +       depends on DM && DM_RSA && RSA
>> > +       select RSA_MOD_EXP_SW
>> > +       default y
>> > +       help
>> > +         Enables driver for modular exponentiation in software.
>> > +This is a
>> RSA
>> > +         algorithm used in FIT image verification. It required RSA Key as
>> > +         input.
>> > +         See doc/uImage.FIT/signature.txt for more details.
>> > +
>> > +endif
>> > +
>> > +config RSA_MOD_EXP_SW
>> > +       bool
>> > +       default n
>> > +       help
>> > +         Library for SW implementation of RSA Modular Exponentiation. This
>> > +         library is used by the mkimage tool(not selected through
>> > +this
>> option)
>> > +         as well as by the RSA driver model with SW implementation.
>> > diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index
>> > cc25b3c..ccc6060 100644
>> > --- a/lib/rsa/Makefile
>> > +++ b/lib/rsa/Makefile
>> > @@ -7,4 +7,5 @@
>> >  # SPDX-License-Identifier:     GPL-2.0+
>> >  #
>> >
>> > -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> > rsa-mod-exp.o
>> > +obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> > +obj-$(CONFIG_RSA_MOD_EXP_SW) += rsa-mod-exp.o
>> > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index
>> > f8bc086..27f10ef 100644
>> > --- a/lib/rsa/rsa-verify.c
>> > +++ b/lib/rsa/rsa-verify.c
>> > @@ -12,6 +12,7 @@
>> >  #include <asm/errno.h>
>> >  #include <asm/types.h>
>> >  #include <asm/unaligned.h>
>> > +#include <dm.h>
>> >  #else
>> >  #include "fdt_host.h"
>> >  #include "mkimage.h"
>> > @@ -43,6 +44,9 @@ static int rsa_verify_key(struct key_prop *prop,
>> > const
>> uint8_t *sig,
>> >         const uint8_t *padding;
>> >         int pad_len;
>> >         int ret;
>> > +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
>> > +       struct udevice *rsa_dev;
>> > +#endif
>> >
>> >         if (!prop || !sig || !hash || !algo)
>> >                 return -EIO;
>> > @@ -63,11 +67,25 @@ static int rsa_verify_key(struct key_prop *prop,
>> > const uint8_t *sig,
>> >
>> >         uint8_t buf[sig_len];
>> >
>> > +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
>> > +       ret = uclass_get_device(UCLASS_RSA, 0, &rsa_dev);
>> > +       if (!ret) {
>> > +               ret = rsa_mod_exp(rsa_dev, sig, sig_len, prop, buf);
>> > +               if (ret) {
>> > +                       debug("Error in Modular exponentation\n");
>> > +                       return ret;
>> > +               }
>> > +       } else {
>> > +               printf("RSA: Can't find Mod Exp implemnetation\n");
>> > +               return -EINVAL;
>> > +       }
>> > +#else
>> >         ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
>> >         if (ret) {
>> >                 debug("Error in Modular exponentation\n");
>> >                 return ret;
>> >         }
>> > +#endif
>>
>> This should use the uclass regardless I think. The software
>> implementation should just be a driver like the hardware implementation.
>
> I have already added software implementation as a driver in the previous patch. I have kept it here for the tools (mkimage) and the platforms which don?t use CONFIG_DM by default.

Ah I see, OK. Sorry I missed this.

Then I think rsa_mod_exp_sw() should be called from within the
software driver also. You may already be doing that, but let's make
sure the code is as common as possible.

Regards,
Simon

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [U-Boot] [PATCH 0/9] [v3] rsa: Modify rsa lib to use hw acceleration
@ 2014-12-23 11:32 Ruchika Gupta
  2014-12-23 11:32 ` [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available Ruchika Gupta
  0 siblings, 1 reply; 5+ messages in thread
From: Ruchika Gupta @ 2014-12-23 11:32 UTC (permalink / raw)
  To: u-boot

The rsa-verify functionality is a two step operation involving:
1. Checksum (hash) Calculation over image regions
2. Public Key Modular exponentiation over signature to generate hash
 
The following patch set modifies the rsa library to use hw 
acceleration if available in platform.

The first two patches in the series, split the rsa-verify lib
into two files:
1. rsa-verify.c
Does Verification

2. rsa-mod-exp.c
Does Modular Exponentiation

Driver Model is added for RSA Modular Exponentiation. 

The patch set also has patches are related with hash lib support in RSA.
 
For hash, the infrastructure already exists in common/hash.c. 
rsa_checksum is modified to use the API's registered with the hash_algo
structure. Once HW accelerated support for progressive hash is available,
RSA library can easily pick it up.


Ruchika Gupta (9):
  rsa: Split the rsa-verify to separate the modular exponentiation
  FIT: Modify option FIT_SIGNATURE in Kconfig
  DM: crypto/rsa: Add rsa Modular Exponentiation DM driver
  configs: Move CONFIG_FIT_SIGNATURE to defconfig
  lib/rsa: Modify rsa to use DM driver if available
  DM: crypto/fsl - Add Freescale rsa DM driver
  lib/rsa: Add Kconfig option for HW accelerated RSA
  hash: Add function to find hash_algo struct with progressive hash
  rsa: Use checksum algorithms from struct hash_algo

Changes in v3:
Simon's comments incoprorated.
- Driver Model added for RSA Modular Exponentiation
- Other cosmetic changes like multiline comments etc incoporated
- CONFIG_FIT_SIGNATURE moved to defconfig file for the boards using it

I have tested it's compilation on sandbox platform. However, I don't have
the sandbox board available with me to test it. The patches have been
tested on freescale platform LS1020 with all the configs and tests
available in test/vboot. The tests have been done with both RSA_HW as well as
RSA_SW driver.

Changes in v2:
Kconfig option introduced

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>

 Kconfig                            |   3 +-
 common/hash.c                      |  33 +++-
 common/image-sig.c                 |   6 +-
 configs/ids8313_defconfig          |   2 +
 configs/sandbox_defconfig          |   3 +
 configs/zynq_microzed_defconfig    |   3 +
 configs/zynq_zc70x_defconfig       |   3 +
 configs/zynq_zc770_xm010_defconfig |   3 +
 configs/zynq_zc770_xm012_defconfig |   3 +
 configs/zynq_zc770_xm013_defconfig |   3 +
 configs/zynq_zed_defconfig         |   3 +
 configs/zynq_zybo_defconfig        |   3 +
 drivers/crypto/Kconfig             |   3 +
 drivers/crypto/Makefile            |   1 +
 drivers/crypto/fsl/Kconfig         |   6 +
 drivers/crypto/fsl/Makefile        |   1 +
 drivers/crypto/fsl/fsl_rsa.c       |  62 +++++++
 drivers/crypto/fsl/jobdesc.c       |  28 +++
 drivers/crypto/fsl/jobdesc.h       |   5 +
 drivers/crypto/fsl/rsa_caam.h      |  27 +++
 drivers/crypto/rsa/Kconfig         |   5 +
 drivers/crypto/rsa/Makefile        |   8 +
 drivers/crypto/rsa/rsa_sw.c        |  39 ++++
 drivers/crypto/rsa/rsa_uclass.c    |  32 ++++
 include/configs/am335x_evm.h       |   5 +-
 include/configs/ids8313.h          |   3 -
 include/configs/sandbox.h          |   3 -
 include/configs/zynq-common.h      |   6 -
 include/dm/uclass-id.h             |   1 +
 include/hash.h                     |  15 ++
 include/image.h                    |   5 +-
 include/u-boot/rsa-checksum.h      |   7 +-
 include/u-boot/rsa-mod-exp.h       |  83 +++++++++
 lib/Kconfig                        |   2 +
 lib/rsa/Kconfig                    |  52 ++++++
 lib/rsa/Makefile                   |   1 +
 lib/rsa/rsa-checksum.c             |  53 +++++-
 lib/rsa/rsa-mod-exp.c              | 307 ++++++++++++++++++++++++++++++++
 lib/rsa/rsa-verify.c               | 354 +++++++++----------------------------
 tools/Makefile                     |   3 +-
 40 files changed, 872 insertions(+), 313 deletions(-)
 create mode 100644 drivers/crypto/fsl/Kconfig
 create mode 100644 drivers/crypto/fsl/fsl_rsa.c
 create mode 100644 drivers/crypto/fsl/rsa_caam.h
 create mode 100644 drivers/crypto/rsa/Kconfig
 create mode 100644 drivers/crypto/rsa/Makefile
 create mode 100644 drivers/crypto/rsa/rsa_sw.c
 create mode 100644 drivers/crypto/rsa/rsa_uclass.c
 create mode 100644 include/u-boot/rsa-mod-exp.h
 create mode 100644 lib/rsa/Kconfig
 create mode 100644 lib/rsa/rsa-mod-exp.c

-- 
1.8.1.4

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available
  2014-12-23 11:32 [U-Boot] [PATCH 0/9] [v3] rsa: Modify rsa lib to use hw acceleration Ruchika Gupta
@ 2014-12-23 11:32 ` Ruchika Gupta
  2014-12-24  0:49   ` Simon Glass
  0 siblings, 1 reply; 5+ messages in thread
From: Ruchika Gupta @ 2014-12-23 11:32 UTC (permalink / raw)
  To: u-boot

Modify rsa_verify to use the rsa driver of DM library available.The tools
and the configurations which don't use Driver Model, will continue to use
the same RSA sw library. The software implementation of RSA Modular
Exponentation is now compiled if RSA_MOD_EXP_SW is selected.

Kconfig options are also added for rsa library.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
---
Changes in v3:
New patch

 include/configs/am335x_evm.h |  1 +
 lib/Kconfig                  |  6 +-----
 lib/rsa/Kconfig              | 31 +++++++++++++++++++++++++++++++
 lib/rsa/Makefile             |  3 ++-
 lib/rsa/rsa-verify.c         | 18 ++++++++++++++++++
 5 files changed, 53 insertions(+), 6 deletions(-)
 create mode 100644 lib/rsa/Kconfig

diff --git a/include/configs/am335x_evm.h b/include/configs/am335x_evm.h
index cc36985..aa79841 100644
--- a/include/configs/am335x_evm.h
+++ b/include/configs/am335x_evm.h
@@ -25,6 +25,7 @@
 # ifdef CONFIG_ENABLE_VBOOT
 # define CONFIG_FIT_SIGNATURE
 # define CONFIG_RSA
+# define CONFIG_RSA_MOD_EXP_SW
 # endif
 #endif
 
diff --git a/lib/Kconfig b/lib/Kconfig
index 602dd37..a1f30a2 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -27,10 +27,6 @@ config SYS_HZ
 	  get_timer() must operate in milliseconds and this option must be
 	  set to 1000.
 
-config RSA
-	bool "Use RSA Library"
-	help
-	  RSA support.This enables the RSA algorithm used for FIT image
-	  verification in U-Boot.
+source lib/rsa/Kconfig
 
 endmenu
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
new file mode 100644
index 0000000..8f9aa44
--- /dev/null
+++ b/lib/rsa/Kconfig
@@ -0,0 +1,31 @@
+config RSA
+	bool "Use RSA Library"
+	select RSA_MOD_EXP_SW if !DM
+	select DM_RSA if DM
+	help
+	  RSA support.This enables the RSA algorithm used for FIT image
+	  verification in U-Boot.
+	  See doc/uImage.FIT/signature.txt for more details.
+
+if RSA && DM_RSA
+
+config RSA_SW
+	bool "User driver Model for RSA Modular Exponentiation in software"
+	depends on DM && DM_RSA && RSA
+	select RSA_MOD_EXP_SW
+	default y
+	help
+	  Enables driver for modular exponentiation in software. This is a RSA
+	  algorithm used in FIT image verification. It required RSA Key as
+	  input.
+	  See doc/uImage.FIT/signature.txt for more details.
+
+endif
+
+config RSA_MOD_EXP_SW
+	bool
+	default n
+	help
+	  Library for SW implementation of RSA Modular Exponentiation. This
+	  library is used by the mkimage tool(not selected through this option)
+	  as well as by the RSA driver model with SW implementation.
diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
index cc25b3c..ccc6060 100644
--- a/lib/rsa/Makefile
+++ b/lib/rsa/Makefile
@@ -7,4 +7,5 @@
 # SPDX-License-Identifier:	GPL-2.0+
 #
 
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o rsa-mod-exp.o
+obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
+obj-$(CONFIG_RSA_MOD_EXP_SW) += rsa-mod-exp.o
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index f8bc086..27f10ef 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -12,6 +12,7 @@
 #include <asm/errno.h>
 #include <asm/types.h>
 #include <asm/unaligned.h>
+#include <dm.h>
 #else
 #include "fdt_host.h"
 #include "mkimage.h"
@@ -43,6 +44,9 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
 	const uint8_t *padding;
 	int pad_len;
 	int ret;
+#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
+	struct udevice *rsa_dev;
+#endif
 
 	if (!prop || !sig || !hash || !algo)
 		return -EIO;
@@ -63,11 +67,25 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
 
 	uint8_t buf[sig_len];
 
+#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
+	ret = uclass_get_device(UCLASS_RSA, 0, &rsa_dev);
+	if (!ret) {
+		ret = rsa_mod_exp(rsa_dev, sig, sig_len, prop, buf);
+		if (ret) {
+			debug("Error in Modular exponentation\n");
+			return ret;
+		}
+	} else {
+		printf("RSA: Can't find Mod Exp implemnetation\n");
+		return -EINVAL;
+	}
+#else
 	ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
 	if (ret) {
 		debug("Error in Modular exponentation\n");
 		return ret;
 	}
+#endif
 
 	padding = algo->rsa_padding;
 	pad_len = algo->pad_len - algo->checksum_len;
-- 
1.8.1.4

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available
  2014-12-23 11:32 ` [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available Ruchika Gupta
@ 2014-12-24  0:49   ` Simon Glass
       [not found]     ` <BY1PR0301MB1288C126892D064BE49D4E6FEF540@BY1PR0301MB1288.namprd03.prod.outlook.com>
  0 siblings, 1 reply; 5+ messages in thread
From: Simon Glass @ 2014-12-24  0:49 UTC (permalink / raw)
  To: u-boot

Hi Ruchika,

On 23 December 2014 at 04:32, Ruchika Gupta <ruchika.gupta@freescale.com> wrote:
> Modify rsa_verify to use the rsa driver of DM library available.The tools
> and the configurations which don't use Driver Model, will continue to use
> the same RSA sw library. The software implementation of RSA Modular
> Exponentation is now compiled if RSA_MOD_EXP_SW is selected.
>
> Kconfig options are also added for rsa library.
>
> Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
> CC: Simon Glass <sjg@chromium.org>
> ---
> Changes in v3:
> New patch
>
>  include/configs/am335x_evm.h |  1 +
>  lib/Kconfig                  |  6 +-----
>  lib/rsa/Kconfig              | 31 +++++++++++++++++++++++++++++++
>  lib/rsa/Makefile             |  3 ++-
>  lib/rsa/rsa-verify.c         | 18 ++++++++++++++++++
>  5 files changed, 53 insertions(+), 6 deletions(-)
>  create mode 100644 lib/rsa/Kconfig
>
> diff --git a/include/configs/am335x_evm.h b/include/configs/am335x_evm.h
> index cc36985..aa79841 100644
> --- a/include/configs/am335x_evm.h
> +++ b/include/configs/am335x_evm.h
> @@ -25,6 +25,7 @@
>  # ifdef CONFIG_ENABLE_VBOOT
>  # define CONFIG_FIT_SIGNATURE
>  # define CONFIG_RSA
> +# define CONFIG_RSA_MOD_EXP_SW

This should go in am335x_boneblack_vboot_defconfig I think.

>  # endif
>  #endif
>
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 602dd37..a1f30a2 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -27,10 +27,6 @@ config SYS_HZ
>           get_timer() must operate in milliseconds and this option must be
>           set to 1000.
>
> -config RSA
> -       bool "Use RSA Library"
> -       help
> -         RSA support.This enables the RSA algorithm used for FIT image
> -         verification in U-Boot.
> +source lib/rsa/Kconfig
>
>  endmenu
> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> new file mode 100644
> index 0000000..8f9aa44
> --- /dev/null
> +++ b/lib/rsa/Kconfig
> @@ -0,0 +1,31 @@
> +config RSA
> +       bool "Use RSA Library"
> +       select RSA_MOD_EXP_SW if !DM
> +       select DM_RSA if DM
> +       help
> +         RSA support.This enables the RSA algorithm used for FIT image
> +         verification in U-Boot.
> +         See doc/uImage.FIT/signature.txt for more details.
> +
> +if RSA && DM_RSA
> +
> +config RSA_SW
> +       bool "User driver Model for RSA Modular Exponentiation in software"
> +       depends on DM && DM_RSA && RSA
> +       select RSA_MOD_EXP_SW
> +       default y
> +       help
> +         Enables driver for modular exponentiation in software. This is a RSA
> +         algorithm used in FIT image verification. It required RSA Key as
> +         input.
> +         See doc/uImage.FIT/signature.txt for more details.
> +
> +endif
> +
> +config RSA_MOD_EXP_SW
> +       bool
> +       default n
> +       help
> +         Library for SW implementation of RSA Modular Exponentiation. This
> +         library is used by the mkimage tool(not selected through this option)
> +         as well as by the RSA driver model with SW implementation.
> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
> index cc25b3c..ccc6060 100644
> --- a/lib/rsa/Makefile
> +++ b/lib/rsa/Makefile
> @@ -7,4 +7,5 @@
>  # SPDX-License-Identifier:     GPL-2.0+
>  #
>
> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o rsa-mod-exp.o
> +obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> +obj-$(CONFIG_RSA_MOD_EXP_SW) += rsa-mod-exp.o
> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> index f8bc086..27f10ef 100644
> --- a/lib/rsa/rsa-verify.c
> +++ b/lib/rsa/rsa-verify.c
> @@ -12,6 +12,7 @@
>  #include <asm/errno.h>
>  #include <asm/types.h>
>  #include <asm/unaligned.h>
> +#include <dm.h>
>  #else
>  #include "fdt_host.h"
>  #include "mkimage.h"
> @@ -43,6 +44,9 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
>         const uint8_t *padding;
>         int pad_len;
>         int ret;
> +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
> +       struct udevice *rsa_dev;
> +#endif
>
>         if (!prop || !sig || !hash || !algo)
>                 return -EIO;
> @@ -63,11 +67,25 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
>
>         uint8_t buf[sig_len];
>
> +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
> +       ret = uclass_get_device(UCLASS_RSA, 0, &rsa_dev);
> +       if (!ret) {
> +               ret = rsa_mod_exp(rsa_dev, sig, sig_len, prop, buf);
> +               if (ret) {
> +                       debug("Error in Modular exponentation\n");
> +                       return ret;
> +               }
> +       } else {
> +               printf("RSA: Can't find Mod Exp implemnetation\n");
> +               return -EINVAL;
> +       }
> +#else
>         ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
>         if (ret) {
>                 debug("Error in Modular exponentation\n");
>                 return ret;
>         }
> +#endif

This should use the uclass regardless I think. The software
implementation should just be a driver like the hardware
implementation.

>
>         padding = algo->rsa_padding;
>         pad_len = algo->pad_len - algo->checksum_len;
> --
> 1.8.1.4
>

Regards,
Simon

^ permalink raw reply	[flat|nested] 5+ messages in thread

[parent not found: <BY1PR0301MB1288C126892D064BE49D4E6FEF540@BY1PR0301MB1288.namprd03.prod.outlook.com>]

* [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available
       [not found]     ` <BY1PR0301MB1288C126892D064BE49D4E6FEF540@BY1PR0301MB1288.namprd03.prod.outlook.com>
@ 2014-12-29 21:10       ` Simon Glass
  0 siblings, 0 replies; 5+ messages in thread
From: Simon Glass @ 2014-12-29 21:10 UTC (permalink / raw)
  To: u-boot

Hi Ruchika,

On 24 December 2014 at 03:28, Ruchika Gupta <ruchika.gupta@freescale.com> wrote:
> Hi Simon,
>
>> -----Original Message-----
>> From: sjg at google.com [mailto:sjg at google.com] On Behalf Of Simon Glass
>> Sent: Wednesday, December 24, 2014 6:19 AM
>> To: Gupta Ruchika-R66431
>> Cc: U-Boot Mailing List; Sun York-R58495
>> Subject: Re: [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if
>> available
>>
>> Hi Ruchika,
>>
>> On 23 December 2014 at 04:32, Ruchika Gupta <ruchika.gupta@freescale.com>
>> wrote:
>> > Modify rsa_verify to use the rsa driver of DM library available.The
>> > tools and the configurations which don't use Driver Model, will
>> > continue to use the same RSA sw library. The software implementation
>> > of RSA Modular Exponentation is now compiled if RSA_MOD_EXP_SW is selected.
>> >
>> > Kconfig options are also added for rsa library.
>> >
>> > Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
>> > CC: Simon Glass <sjg@chromium.org>
>> > ---
>> > Changes in v3:
>> > New patch
>> >
>> >  include/configs/am335x_evm.h |  1 +
>> >  lib/Kconfig                  |  6 +-----
>> >  lib/rsa/Kconfig              | 31 +++++++++++++++++++++++++++++++
>> >  lib/rsa/Makefile             |  3 ++-
>> >  lib/rsa/rsa-verify.c         | 18 ++++++++++++++++++
>> >  5 files changed, 53 insertions(+), 6 deletions(-)  create mode 100644
>> > lib/rsa/Kconfig
>> >
>> > diff --git a/include/configs/am335x_evm.h
>> > b/include/configs/am335x_evm.h index cc36985..aa79841 100644
>> > --- a/include/configs/am335x_evm.h
>> > +++ b/include/configs/am335x_evm.h
>> > @@ -25,6 +25,7 @@
>> >  # ifdef CONFIG_ENABLE_VBOOT
>> >  # define CONFIG_FIT_SIGNATURE
>> >  # define CONFIG_RSA
>> > +# define CONFIG_RSA_MOD_EXP_SW
>>
>> This should go in am335x_boneblack_vboot_defconfig I think.
> I didn?t move it in the defconfig as it was conditionally defined under CONFIG_ENABLE_VBOOT

Ah OK I see.

>
>>
>> >  # endif
>> >  #endif
>> >
>> > diff --git a/lib/Kconfig b/lib/Kconfig index 602dd37..a1f30a2 100644
>> > --- a/lib/Kconfig
>> > +++ b/lib/Kconfig
>> > @@ -27,10 +27,6 @@ config SYS_HZ
>> >           get_timer() must operate in milliseconds and this option must be
>> >           set to 1000.
>> >
>> > -config RSA
>> > -       bool "Use RSA Library"
>> > -       help
>> > -         RSA support.This enables the RSA algorithm used for FIT image
>> > -         verification in U-Boot.
>> > +source lib/rsa/Kconfig
>> >
>> >  endmenu
>> > diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig new file mode 100644
>> > index 0000000..8f9aa44
>> > --- /dev/null
>> > +++ b/lib/rsa/Kconfig
>> > @@ -0,0 +1,31 @@
>> > +config RSA
>> > +       bool "Use RSA Library"
>> > +       select RSA_MOD_EXP_SW if !DM
>> > +       select DM_RSA if DM
>> > +       help
>> > +         RSA support.This enables the RSA algorithm used for FIT image
>> > +         verification in U-Boot.
>> > +         See doc/uImage.FIT/signature.txt for more details.
>> > +
>> > +if RSA && DM_RSA
>> > +
>> > +config RSA_SW
>> > +       bool "User driver Model for RSA Modular Exponentiation in software"
>> > +       depends on DM && DM_RSA && RSA
>> > +       select RSA_MOD_EXP_SW
>> > +       default y
>> > +       help
>> > +         Enables driver for modular exponentiation in software. This is a
>> RSA
>> > +         algorithm used in FIT image verification. It required RSA Key as
>> > +         input.
>> > +         See doc/uImage.FIT/signature.txt for more details.
>> > +
>> > +endif
>> > +
>> > +config RSA_MOD_EXP_SW
>> > +       bool
>> > +       default n
>> > +       help
>> > +         Library for SW implementation of RSA Modular Exponentiation. This
>> > +         library is used by the mkimage tool(not selected through this
>> option)
>> > +         as well as by the RSA driver model with SW implementation.
>> > diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index
>> > cc25b3c..ccc6060 100644
>> > --- a/lib/rsa/Makefile
>> > +++ b/lib/rsa/Makefile
>> > @@ -7,4 +7,5 @@
>> >  # SPDX-License-Identifier:     GPL-2.0+
>> >  #
>> >
>> > -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> > rsa-mod-exp.o
>> > +obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> > +obj-$(CONFIG_RSA_MOD_EXP_SW) += rsa-mod-exp.o
>> > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index
>> > f8bc086..27f10ef 100644
>> > --- a/lib/rsa/rsa-verify.c
>> > +++ b/lib/rsa/rsa-verify.c
>> > @@ -12,6 +12,7 @@
>> >  #include <asm/errno.h>
>> >  #include <asm/types.h>
>> >  #include <asm/unaligned.h>
>> > +#include <dm.h>
>> >  #else
>> >  #include "fdt_host.h"
>> >  #include "mkimage.h"
>> > @@ -43,6 +44,9 @@ static int rsa_verify_key(struct key_prop *prop, const
>> uint8_t *sig,
>> >         const uint8_t *padding;
>> >         int pad_len;
>> >         int ret;
>> > +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
>> > +       struct udevice *rsa_dev;
>> > +#endif
>> >
>> >         if (!prop || !sig || !hash || !algo)
>> >                 return -EIO;
>> > @@ -63,11 +67,25 @@ static int rsa_verify_key(struct key_prop *prop,
>> > const uint8_t *sig,
>> >
>> >         uint8_t buf[sig_len];
>> >
>> > +#if defined(CONFIG_DM_RSA) && !defined(USE_HOSTCC)
>> > +       ret = uclass_get_device(UCLASS_RSA, 0, &rsa_dev);
>> > +       if (!ret) {
>> > +               ret = rsa_mod_exp(rsa_dev, sig, sig_len, prop, buf);
>> > +               if (ret) {
>> > +                       debug("Error in Modular exponentation\n");
>> > +                       return ret;
>> > +               }
>> > +       } else {
>> > +               printf("RSA: Can't find Mod Exp implemnetation\n");
>> > +               return -EINVAL;
>> > +       }
>> > +#else
>> >         ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
>> >         if (ret) {
>> >                 debug("Error in Modular exponentation\n");
>> >                 return ret;
>> >         }
>> > +#endif
>>
>> This should use the uclass regardless I think. The software implementation
>> should just be a driver like the hardware implementation.
> I have already added software implementation as a driver in the previous patch. I have kept it here for the tools (mkimage) and the platforms which don?t use CONFIG_DM by default.

OK.
[ship]

Regards,
Simon

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-12-29 21:10 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <BY1PR0301MB12889C93AD54022544095D3EEF540@BY1PR0301MB1288.namprd03.prod.outlook.com>
2014-12-29  6:58 ` [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available Ruchika Gupta
2014-12-29 20:26   ` Simon Glass
2014-12-23 11:32 [U-Boot] [PATCH 0/9] [v3] rsa: Modify rsa lib to use hw acceleration Ruchika Gupta
2014-12-23 11:32 ` [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available Ruchika Gupta
2014-12-24  0:49   ` Simon Glass
     [not found]     ` <BY1PR0301MB1288C126892D064BE49D4E6FEF540@BY1PR0301MB1288.namprd03.prod.outlook.com>
2014-12-29 21:10       ` Simon Glass

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox