diff options
author | Kangheui Won <khwon@chromium.org> | 2020-10-02 16:12:02 +1000 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2020-10-19 06:53:51 +0000 |
commit | 362ec8dee21950b1f5e7f209c22311d7bebfb435 (patch) | |
tree | be4bc4aad99940c03410ea10dcab57169dd46973 | |
parent | 5b6ec3e4dcd63baea3355dd1af075ae44b4cd091 (diff) | |
download | coreboot-362ec8dee21950b1f5e7f209c22311d7bebfb435.tar.xz |
amd/picasso/verstage: replace rsa accel with modexp
Replace vb2ex_hwcrypto_rsa_verify_digest with vb2ex_hwcrypto_modexp.
Instead of using hardware acceleration for whole RSA process,
acclerating only calculation part(modexp) increases transparency
without affecting boot time.
BUG=b:169157796
BRANCH=zork
TEST=build and flash, check time spent on RSA is not changed
Change-Id: I085f043bf2014615d2c9db6df0b7947ee84b9546
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45987
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
-rw-r--r-- | src/soc/amd/picasso/psp_verstage/vboot_crypto.c | 57 |
1 files changed, 30 insertions, 27 deletions
diff --git a/src/soc/amd/picasso/psp_verstage/vboot_crypto.c b/src/soc/amd/picasso/psp_verstage/vboot_crypto.c index 0bb9066f9c..d9364d0ebe 100644 --- a/src/soc/amd/picasso/psp_verstage/vboot_crypto.c +++ b/src/soc/amd/picasso/psp_verstage/vboot_crypto.c @@ -8,6 +8,7 @@ #include "psp_verstage.h" #include <stddef.h> #include <string.h> +#include <swab.h> #include <vb2_api.h> static struct SHA_GENERIC_DATA_T sha_op; @@ -103,48 +104,50 @@ vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size return VB2_SUCCESS; } -vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key, - const uint8_t *sig, const uint8_t *digest) +vb2_error_t vb2ex_hwcrypto_modexp(const struct vb2_public_key *key, + uint8_t *inout, + uint32_t *workbuf32, int exp) { - RSAPKCS_VERIFY_PARAMS RSAParams; + /* workbuf32 is guaranteed to be a length of + * 3 * key->arrsize * sizeof(uint32_t). + * Since PSP expects everything in LE and *inout is BE array, + * we'll use workbuf for temporary buffer for endian conversion. + */ + MOD_EXP_PARAMS mod_exp_param; + unsigned int key_bytes = key->arrsize * sizeof(uint32_t); + uint32_t *sig_swapped = workbuf32; + uint32_t *output_buffer = &workbuf32[key->arrsize]; + uint32_t *inout_32 = (uint32_t *)inout; uint32_t retval; - uint32_t exp = 65537; - uint32_t sig_size; - size_t digest_size; + uint32_t i; - /* PSP only supports 2K and 4K RSA */ + /* PSP only supports 2K and 4K moduli */ if (key->sig_alg != VB2_SIG_RSA2048 && key->sig_alg != VB2_SIG_RSA2048_EXP3 && key->sig_alg != VB2_SIG_RSA4096) { return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; } - /* PSP only supports SHA256, SHA384 and SHA512*/ - if (key->hash_alg != VB2_HASH_SHA256 && - key->hash_alg != VB2_HASH_SHA384 && - key->hash_alg != VB2_HASH_SHA512) { - return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; - } - - if (key->sig_alg == VB2_SIG_RSA2048_EXP3) - exp = 3; - sig_size = vb2_rsa_sig_size(key->sig_alg); - digest_size = vb2_digest_size(key->hash_alg); + for (i = 0; i < key->arrsize; i++) + sig_swapped[i] = swab32(inout_32[key->arrsize - i - 1]); - RSAParams.pHash = (char *)digest; - RSAParams.HashLen = digest_size; - RSAParams.pModulus = (char *)key->n; - RSAParams.ModulusSize = sig_size; - RSAParams.pExponent = (char *)&exp; - RSAParams.ExpSize = sizeof(exp); - RSAParams.pSig = (char *)sig; + mod_exp_param.pExponent = (char *)&exp; + mod_exp_param.ExpSize = sizeof(exp); + mod_exp_param.pModulus = (char *)key->n; + mod_exp_param.ModulusSize = key_bytes; + mod_exp_param.pMessage = (char *)sig_swapped; + mod_exp_param.pOutput = (char *)output_buffer; - retval = svc_rsa_pkcs_verify(&RSAParams); + retval = svc_modexp(&mod_exp_param); if (retval) { printk(BIOS_ERR, "ERROR: HW crypto failed - errorcode: %#x\n", retval); - return VB2_ERROR_RSA_VERIFY_DIGEST; + return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; } + /* vboot expects results in *inout with BE, so copy & convert. */ + for (i = 0; i < key->arrsize; i++) + inout_32[i] = swab32(output_buffer[key->arrsize - i - 1]); + return VB2_SUCCESS; } |