[U-Boot] [RFC 2/3] lib: rsa: generate additional parameters for public key

[AKASHI Takahiro <takahiro.akashi@linaro.org>]

Ilias,

On Thu, Oct 03, 2019 at 10:34:33AM +0300, Ilias Apalodimas wrote:
> On Fri, Sep 06, 2019 at 04:08:07PM +0900, AKASHI Takahiro wrote:
> > In the current implementation of FIT_SIGNATURE, five parameters for
> > a RSA public key are required while only two of them are essential.
> > (See rsa-mod-exp.h and uImage.FIT/signature.txt)
> > This is a result of considering relatively limited computer power
> > and resources on embedded systems, while such a assumption may not
> > be quite practical for other use cases.
> > 
> > In this patch, added is a function, rsa_gen_key_prop(), which will
> > generate additional parameters for other uses, in particular
> > UEFI secure boot, on the fly.
> > 
> > Note: the current code uses some "big number" routines from BearSSL
> > for the calculation.
> > 
> > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > ---
> >  include/u-boot/rsa-mod-exp.h |   3 +
> >  lib/rsa/Makefile             |   2 +-
> >  lib/rsa/rsa-keyprop.c        | 631 +++++++++++++++++++++++++++++++++++
> >  3 files changed, 635 insertions(+), 1 deletion(-)
> >  create mode 100644 lib/rsa/rsa-keyprop.c
> > 
> > diff --git a/include/u-boot/rsa-mod-exp.h b/include/u-boot/rsa-mod-exp.h
> > index 8a428c4b6a1a..ca189292d869 100644
> > --- a/include/u-boot/rsa-mod-exp.h
> > +++ b/include/u-boot/rsa-mod-exp.h
> > @@ -26,6 +26,9 @@ struct key_prop {
> >  	uint32_t exp_len;	/* Exponent length in number of uint8_t */
> >  };
> >  
> > +struct key_prop *rsa_gen_key_prop(const void *key, uint32_t keylen);
> > +void rsa_free_key_prop(struct key_prop *prop);
> > +
> >  /**
> >   * rsa_mod_exp_sw() - Perform RSA Modular Exponentiation in sw
> >   *
> > --- /dev/null
> > +++ b/lib/rsa/rsa-keyprop.c
> > @@ -0,0 +1,631 @@
> > +
> 
> [...]
> 
> > +/* stripped version of src/inner.h */
> > +
> > +static inline unsigned
> > +br_dec16be(const void *src)
> > +{
> > +#if 0 /* BR_BE_UNALIGNED */
> > +	return ((const br_union_u16 *)src)->u;
> > +#else
> > +	const unsigned char *buf;
> > +
> > +	buf = src;
> > +	return ((unsigned)buf[0] << 8) | (unsigned)buf[1];
> > +#endif
> > +}
> > +
> > +static inline uint32_t
> > +br_dec32be(const void *src)
> > +{
> > +#if 0 /* BR_BE_UNALIGNED */
> > +	return ((const br_union_u32 *)src)->u;
> > +#else
> > +	const unsigned char *buf;
> > +
> > +	buf = src;
> > +	return ((uint32_t)buf[0] << 24)
> > +		| ((uint32_t)buf[1] << 16)
> > +		| ((uint32_t)buf[2] << 8)
> > +		| (uint32_t)buf[3];
> > +#endif
> > +}
> > +
> > +static inline void
> > +br_enc32be(void *dst, uint32_t x)
> > +{
> > +#if 0 /* BR_BE_UNALIGNED */
> > +	((br_union_u32 *)dst)->u = x;
> > +#else
> > +	unsigned char *buf;
> > +
> > +	buf = dst;
> > +	buf[0] = (unsigned char)(x >> 24);
> > +	buf[1] = (unsigned char)(x >> 16);
> > +	buf[2] = (unsigned char)(x >> 8);
> > +	buf[3] = (unsigned char)x;
> > +#endif
> > +}
> > +
> 
> There's no U-Boot API for the above?

Do you mean dec32be() and enc32be()?
Yes, there are similar functions but I intentionally don't
use them as I want to keep the difference between BearSSL's
original code and imported one in this file to a minimum.

Anyhow, this code won't work for big-endian. We should manage it.

> > +static inline uint32_t
> > +NOT(uint32_t ctl)
> > +{
> > +	return ctl ^ 1;
> > +}
> 
> Ditto
> 
> > +
> > +static inline uint32_t
> > +MUX(uint32_t ctl, uint32_t x, uint32_t y)
> > +{
> > +	return y ^ (-ctl & (x ^ y));
> > +}
> > +
> > +static inline uint32_t
> > +EQ(uint32_t x, uint32_t y)
> > +{
> > +	uint32_t q;
> > +
> > +	q = x ^ y;
> > +	return NOT((q | -q) >> 31);
> > +}
> > +
> > +static inline uint32_t
> > +NEQ(uint32_t x, uint32_t y)
> > +{
> > +	uint32_t q;
> > +
> > +	q = x ^ y;
> > +	return (q | -q) >> 31;
> > +}
> > +
> > +static inline uint32_t
> > +GT(uint32_t x, uint32_t y)
> > +{
> > +	/*
> > +	 * If both x < 2^31 and x < 2^31, then y-x will have its high
> 
> second one should be y^31

Do you mean that the second "x < 2^31" be "y < 2^31"?
You're right.

Thanks,
-Takahiro Akashi

> 
> > +	 * bit set if x > y, cleared otherwise.
> > +	 *
> > +}
> > +
> > +struct key_prop *rsa_gen_key_prop(const void *key, uint32_t keylen)
> > +{
> > +	struct key_prop *prop;
> > +	struct rsa_key rsa_key;
> > +#define BR_MAX_RSA_SIZE 4096
> > +	uint32_t *n, *rr, *rrtmp;
> > +	int rlen, i, ret;
> > +	prop->n0inv = br_i32_ninv32(n[1]);
> > -- 
> > 2.21.0
> > 
> > _______________________________________________
> > U-Boot mailing list
> > U-Boot at lists.denx.de
> > https://lists.denx.de/listinfo/u-boot
> 
> 
> Regards
> /Ilias