[U-Boot] [PATCH 9/9] [v3] rsa: Use checksum algorithms from struct hash_algo

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Ruchika Gupta <ruchika.gupta@freescale.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 9/9] [v3] rsa: Use checksum algorithms from struct hash_algo
Date: Mon, 29 Dec 2014 08:00:55 +0000	[thread overview]
Message-ID: <1419840053921.58638@freescale.com> (raw)
In-Reply-To: <BY1PR0301MB1288E92E4FEF74B81F040302EF510@BY1PR0301MB1288.namprd03.prod.outlook.com>

Sorry. Resending as message bounced on uboot mailing list.

Hi Simon,

> -----Original Message-----
> From: sjg at google.com [mailto:sjg at google.com] On Behalf Of Simon Glass
> Sent: Wednesday, December 24, 2014 6:20 AM
> To: Gupta Ruchika-R66431
> Cc: U-Boot Mailing List; Sun York-R58495
> Subject: Re: [PATCH 9/9] [v3] rsa: Use checksum algorithms from struct
> hash_algo
>
> Hi Ruchika,
>
> On 23 December 2014 at 04:32, Ruchika Gupta <ruchika.gupta@freescale.com>
> wrote:
> > Currently the hash functions used in RSA are called directly from the
> > sha1 and sha256 libraries. Change the RSA checksum library to use the
> > progressive hash API's registered with struct hash_algo. This will
> > allow the checksum library to use the hardware accelerated progressive hash
> API's once available.
> >
> > Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
> > CC: Simon Glass <sjg@chromium.org>
> > ---
> > Changes in v3:
> > Modified rsa-verify to check for return from checksum function
> >
> > Changes in v2:
> > Added generic function hash_calculate. Pass an additional argument as
> > name of algorithm.
> >
> >  common/image-sig.c            |  6 ++---
> >  include/image.h               |  5 ++--
> >  include/u-boot/rsa-checksum.h |  7 +++---
> >  lib/rsa/rsa-checksum.c        | 53
> +++++++++++++++++++++++++++++++++++++++----
> >  lib/rsa/rsa-verify.c          |  7 +++++-
> >  5 files changed, 64 insertions(+), 14 deletions(-)
> >
> > diff --git a/common/image-sig.c b/common/image-sig.c index
> > 8601eda..2c9f0cd 100644
> > --- a/common/image-sig.c
> > +++ b/common/image-sig.c
> > @@ -38,7 +38,7 @@ struct checksum_algo checksum_algos[] = {  #if
> > IMAGE_ENABLE_SIGN
> >                 EVP_sha1,
> >  #endif
> > -               sha1_calculate,
> > +               hash_calculate,
> >                 padding_sha1_rsa2048,
> >         },
> >         {
> > @@ -48,7 +48,7 @@ struct checksum_algo checksum_algos[] = {  #if
> > IMAGE_ENABLE_SIGN
> >                 EVP_sha256,
> >  #endif
> > -               sha256_calculate,
> > +               hash_calculate,
> >                 padding_sha256_rsa2048,
> >         },
> >         {
> > @@ -58,7 +58,7 @@ struct checksum_algo checksum_algos[] = {  #if
> > IMAGE_ENABLE_SIGN
> >                 EVP_sha256,
> >  #endif
> > -               sha256_calculate,
> > +               hash_calculate,
> >                 padding_sha256_rsa4096,
> >         }
> >
> > diff --git a/include/image.h b/include/image.h index af30d60..ec55f23
> > 100644
> > --- a/include/image.h
> > +++ b/include/image.h
> > @@ -926,8 +926,9 @@ struct checksum_algo {  #if IMAGE_ENABLE_SIGN
> >         const EVP_MD *(*calculate_sign)(void);  #endif
> > -       void (*calculate)(const struct image_region region[],
> > -                         int region_count, uint8_t *checksum);
> > +       int (*calculate)(const char *name,
> > +                        const struct image_region region[],
> > +                        int region_count, uint8_t *checksum);
> >         const uint8_t *rsa_padding;
> >  };
> >
> > diff --git a/include/u-boot/rsa-checksum.h
> > b/include/u-boot/rsa-checksum.h index c996fb3..c546c80 100644
> > --- a/include/u-boot/rsa-checksum.h
> > +++ b/include/u-boot/rsa-checksum.h
> > @@ -16,9 +16,8 @@ extern const uint8_t padding_sha256_rsa4096[];
> > extern const uint8_t padding_sha256_rsa2048[];  extern const uint8_t
> > padding_sha1_rsa2048[];
> >
> > -void sha256_calculate(const struct image_region region[], int
> region_count,
> > -                     uint8_t *checksum);
> > -void sha1_calculate(const struct image_region region[], int region_count,
> > -                   uint8_t *checksum);
> > +int hash_calculate(const char *name,
> > +                  const struct image_region region[], int region_count,
> > +                  uint8_t *checksum);
> >
>
> This could use a function comment.
>
> >  #endif
> > diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c index
> > 8d8b59f..7f1909a 100644
> > --- a/lib/rsa/rsa-checksum.c
> > +++ b/lib/rsa/rsa-checksum.c
> > @@ -10,12 +10,13 @@
> >  #include <asm/byteorder.h>
> >  #include <asm/errno.h>
> >  #include <asm/unaligned.h>
> > +#include <hash.h>
> >  #else
> >  #include "fdt_host.h"
> > -#endif
> > -#include <u-boot/rsa.h>
> >  #include <u-boot/sha1.h>
> >  #include <u-boot/sha256.h>
> > +#endif
> > +#include <u-boot/rsa.h>
> >
> >  /* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
> >
> > @@ -136,7 +137,33 @@ const uint8_t padding_sha256_rsa4096[RSA4096_BYTES -
> SHA256_SUM_LEN] = {
> >         0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20  };
> >
> > -void sha1_calculate(const struct image_region region[], int
> > region_count,
> > +#ifndef USE_HOSTCC
> > +int hash_calculate(const char *name,
> > +                   const struct image_region region[],
> > +                   int region_count, uint8_t *checksum) {
> > +       struct hash_algo *algo;
> > +       int ret = 0;
> > +       void *ctx;
> > +       uint32_t i;
> > +       i = 0;
> > +
> > +       ret = hash_progressive_lookup_algo(name, &algo);
> > +       if (ret)
> > +               return ret;
> > +
> > +       algo->hash_init(algo, &ctx);
> > +       for (i = 0; i < region_count - 1; i++)
> > +               algo->hash_update(algo, ctx, region[i].data,
> > + region[i].size, 0);
> > +
> > +       algo->hash_update(algo, ctx, region[i].data, region[i].size, 1);
> > +       algo->hash_finish(algo, ctx, checksum, algo->digest_size);
> > +
> > +       return 0;
> > +}
> > +
> > +#else
>
> The above looks good, but what is happening here? Why do you need to do
> something different for USE_HOSTCC?
The hash_algo struct is defined in common/hash.c which doesn?t get compiled for tools. That is why I did it differently for USE_HOSTCC

>
> > +int sha1_calculate(const struct image_region region[], int
> > +region_count,
> >                     uint8_t *checksum)  {
> >         sha1_context ctx;
> > @@ -147,9 +174,11 @@ void sha1_calculate(const struct image_region
> region[], int region_count,
> >         for (i = 0; i < region_count; i++)
> >                 sha1_update(&ctx, region[i].data, region[i].size);
> >         sha1_finish(&ctx, checksum);
> > +
> > +       return 0;
> >  }
> >
> > -void sha256_calculate(const struct image_region region[], int
> > region_count,
> > +int sha256_calculate(const struct image_region region[], int
> > +region_count,
> >                       uint8_t *checksum)  {
> >         sha256_context ctx;
> > @@ -160,4 +189,20 @@ void sha256_calculate(const struct image_region
> region[], int region_count,
> >         for (i = 0; i < region_count; i++)
> >                 sha256_update(&ctx, region[i].data, region[i].size);
> >         sha256_finish(&ctx, checksum);
> > +
> > +       return 0;
> >  }
> > +
> > +int hash_calculate(const char *name,
> > +                  const struct image_region region[], int region_count,
> > +                  uint8_t *checksum)
> > +{
> > +       if (!strcmp(name, "sha1"))
> > +               sha1_calculate(region, region_count, checksum);
> > +
> > +       if (!strcmp(name, "sha256"))
> > +               sha256_calculate(region, region_count, checksum);
> > +
> > +       return 0;
> > +}
> > +#endif
> > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index
> > 27f10ef..0028304 100644
> > --- a/lib/rsa/rsa-verify.c
> > +++ b/lib/rsa/rsa-verify.c
> > @@ -188,7 +188,12 @@ int rsa_verify(struct image_sign_info *info,
> >         }
> >
> >         /* Calculate checksum with checksum-algorithm */
> > -       info->algo->checksum->calculate(region, region_count, hash);
> > +       ret = info->algo->checksum->calculate(info->algo->checksum->name,
> > +                                       region, region_count, hash);
> > +       if (ret < 0) {
> > +               debug("%s: Error in checksum calculation\n", __func__);
> > +               return -EINVAL;
> > +       }
> >
> >         /* See if we must use a particular key */
> >         if (info->required_keynode != -1) {
> > --
> > 1.8.1.4
> >
>
> Regards,
> Simon
Regards,
Ruchika

next prev parent reply	other threads:[~2014-12-29  8:00 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-23 11:32 [U-Boot] [PATCH 0/9] [v3] rsa: Modify rsa lib to use hw acceleration Ruchika Gupta
2014-12-23 11:32 ` [U-Boot] [PATCH 1/9] [v3] rsa: Split the rsa-verify to separate the modular exponentiation Ruchika Gupta
2014-12-24  0:47   ` Simon Glass
2014-12-23 11:32 ` [U-Boot] [PATCH 2/9] [v3] FIT: Modify option FIT_SIGNATURE in Kconfig Ruchika Gupta
2014-12-24  0:47   ` Simon Glass
2014-12-23 11:32 ` [U-Boot] [PATCH 3/9] [v3] DM: crypto/rsa: Add rsa Modular Exponentiation DM driver Ruchika Gupta
2014-12-24  0:48   ` Simon Glass
2014-12-23 11:32 ` [U-Boot] [PATCH 4/9] [v3] configs: Move CONFIG_FIT_SIGNATURE to defconfig Ruchika Gupta
2014-12-24  0:48   ` Simon Glass
2014-12-23 11:32 ` [U-Boot] [PATCH 5/9] [v3] lib/rsa: Modify rsa to use DM driver if available Ruchika Gupta
2014-12-24  0:49   ` Simon Glass
     [not found]     ` <BY1PR0301MB1288C126892D064BE49D4E6FEF540@BY1PR0301MB1288.namprd03.prod.outlook.com>
2014-12-29 21:10       ` Simon Glass
2014-12-23 11:32 ` [U-Boot] [PATCH 6/9] [v3] DM: crypto/fsl - Add Freescale rsa DM driver Ruchika Gupta
2014-12-24  0:49   ` Simon Glass
2014-12-23 11:32 ` [U-Boot] [PATCH 7/9] [v3] lib/rsa: Add Kconfig option for HW accelerated RSA Ruchika Gupta
2014-12-24  0:49   ` Simon Glass
2014-12-29  7:05     ` Ruchika Gupta
2014-12-29 20:28       ` Simon Glass
2014-12-23 11:32 ` [U-Boot] [PATCH 8/9] [v3] hash: Add function to find hash_algo struct with progressive hash Ruchika Gupta
2014-12-24  0:50   ` Simon Glass
2014-12-29  7:07     ` Ruchika Gupta
2014-12-29 21:13       ` Simon Glass
2014-12-30  9:04         ` Ruchika Gupta
2014-12-23 11:32 ` [U-Boot] [PATCH 9/9] [v3] rsa: Use checksum algorithms from struct hash_algo Ruchika Gupta
2014-12-24  0:50   ` Simon Glass
     [not found]     ` <BY1PR0301MB1288E92E4FEF74B81F040302EF510@BY1PR0301MB1288.namprd03.prod.outlook.com>
2014-12-29  8:00       ` Ruchika Gupta [this message]
2014-12-29 21:12       ` Simon Glass
2014-12-30  8:58         ` Ruchika Gupta

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1419840053921.58638@freescale.com \
    --to=ruchika.gupta@freescale.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox