CR50: add support for hardware modexp

This commit includes changes required for supporting a hardware based montgomery modexp (r = a ^ e mod N). The function bn_is_bit_set() was previously static, and now added to internal.h, as this function is used by the hardware implementation. Add function declarations for new functions related to the hardware implementation to chip/g/dcrypto/internal.h BRANCH=none CQ-DEPEND=CL:*260618,CL:*260895 BUG=chrome-os-partner:43025,chrome-os-partner:47524 TEST=all tests in test/tpm_test/tpmtest.py pass Change-Id: I5fe4a6692678b64f27659f42a08d200b6fe6f0cc Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/347462 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2026-01-08 16:41:55 +00:00 · 2016-05-31 17:10:53 -07:00
parent f13f45bfc9
commit a80d840509
4 changed files with 25 additions and 3 deletions
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -28,6 +28,9 @@ CFLAGS += -I$(realpath $(BDIR)/tpm2)
 dirs-y += chip/$(CHIP)/dcrypto
 dirs-y += $(BDIR)/tpm2

+# Add hardware crypto support.
+PDIR=private-cr51
+
 # Objects that we need to build
 board-y =  board.o
 board-${CONFIG_RDD} += rdd.o
--- a/chip/g/dcrypto/bn.c
+++ b/chip/g/dcrypto/bn.c
@@ -64,7 +64,7 @@ int bn_check_topbit(const struct BIGNUM *N)
 }

 /* a[n]. */
-static int bn_is_bit_set(const struct BIGNUM *a, int n)
+int bn_is_bit_set(const struct BIGNUM *a, int n)
 {
 	int i, j;

@@ -340,6 +340,12 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
 	struct BIGNUM acc;
 	struct BIGNUM aR;

+	if (bn_bits(N) == 2048 || bn_bits(N) == 1024) {
+		/* TODO(ngm): add hardware support for standard key sizes. */
+		bn_mont_modexp_asm(output, input, exp, N);
+		return;
+	}
+
 	bn_init(&RR, RR_buf, bn_size(N));
 	bn_init(&acc, acc_buf, bn_size(N));
 	bn_init(&aR, aR_buf, bn_size(N));
@@ -348,7 +354,6 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
 	bn_compute_RR(&RR, N);
 	bn_mont_mul(&acc, NULL, &RR, nprime, N);      /* R = 1 * RR / R % N */
 	bn_mont_mul(&aR, input, &RR, nprime, N);      /* aR = a * RR / R % N */
-	BN_DIGIT(output, 0) = 1;

 	/* TODO(ngm): burn stack space and use windowing. */
 	for (i = exp->dmax * BN_BITS2 - 1; i >= 0; i--) {
--- a/chip/g/dcrypto/internal.h
+++ b/chip/g/dcrypto/internal.h
@@ -68,15 +68,28 @@ struct BIGNUM {

 void bn_init(struct BIGNUM *bn, void *buf, size_t len);
 #define bn_size(b) ((b)->dmax * BN_BYTES)
+#define bn_words(b) ((b)->dmax)
 #define bn_bits(b) ((b)->dmax * BN_BITS2)
 int bn_check_topbit(const struct BIGNUM *N);
 void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
 		const struct BIGNUM *exp, const struct BIGNUM *N);
+void bn_mont_modexp_asm(struct BIGNUM *output, const struct BIGNUM *input,
+			const struct BIGNUM *exp, const struct BIGNUM *N);
 uint32_t bn_add(struct BIGNUM *c, const struct BIGNUM *a);
 uint32_t bn_sub(struct BIGNUM *c, const struct BIGNUM *a);
 void bn_mul(struct BIGNUM *c, const struct BIGNUM *a, const struct BIGNUM *b);
 int bn_modinv_vartime(struct BIGNUM *r, const struct BIGNUM *e,
 		const struct BIGNUM *MOD);
+int bn_is_bit_set(const struct BIGNUM *a, int n);
+
+/*
+ * Runtime.
+ */
+void dcrypto_init(void);
+uint32_t dcrypto_call(uint32_t adr);
+void dcrypto_imem_load(size_t offset, const uint32_t *opcodes,
+		       size_t n_opcodes);
+void dcrypto_dmem_load(size_t offset, const void *words, size_t n_words);

 /*
 * Utility functions.
--- a/include/config.h
+++ b/include/config.h
@@ -660,7 +660,8 @@
 #undef CONFIG_CUSTOMIZED_RO

 /*
- * When enabled, build in support for hardware crypto; only supported on CR50.
+ * When enabled, build in support for software & hardware crypto;
+ * only supported on CR50.
 */
 #undef CONFIG_DCRYPTO