[PATCH v5 02/16] crypto/fsl: Add CAAM support for bkek, random number generation
Gaurav Jain
gaurav.jain at nxp.com
Mon Nov 15 08:00:00 CET 2021
added api and descriptor for blob key encryption key(bkek) generation.
added api for random number generation.
Signed-off-by: Gaurav Jain <gaurav.jain at nxp.com>
Signed-off-by: Ji Luo <ji.luo at nxp.com>
Reviewed-by: Ye Li <ye.li at nxp.com>
---
drivers/crypto/fsl/desc.h | 5 +++
drivers/crypto/fsl/fsl_blob.c | 82 +++++++++++++++++++++++++++++++++++
drivers/crypto/fsl/jobdesc.c | 20 +++++++--
drivers/crypto/fsl/jobdesc.h | 4 ++
4 files changed, 108 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h
index 5705c4f944..5958ebd3ac 100644
--- a/drivers/crypto/fsl/desc.h
+++ b/drivers/crypto/fsl/desc.h
@@ -4,6 +4,7 @@
* Definitions to support CAAM descriptor instruction generation
*
* Copyright 2008-2014 Freescale Semiconductor, Inc.
+ * Copyright 2021 NXP
*
* Based on desc.h file in linux drivers/crypto/caam
*/
@@ -15,6 +16,7 @@
#define KEY_BLOB_SIZE 32
#define MAC_SIZE 16
+#define BKEK_SIZE 32
/* Max size of any CAAM descriptor in 32-bit words, inclusive of header */
#define MAX_CAAM_DESCSIZE 64
@@ -463,6 +465,9 @@
#define OP_PROTINFO_HASH_SHA384 0x00000200
#define OP_PROTINFO_HASH_SHA512 0x00000280
+/* PROTINFO fields for Blob Operations */
+#define OP_PROTINFO_MKVB 0x00000002
+
/* For non-protocol/alg-only op commands */
#define OP_ALG_TYPE_SHIFT 24
#define OP_ALG_TYPE_MASK (0x7 << OP_ALG_TYPE_SHIFT)
diff --git a/drivers/crypto/fsl/fsl_blob.c b/drivers/crypto/fsl/fsl_blob.c
index e8202cc569..e8bc009daf 100644
--- a/drivers/crypto/fsl/fsl_blob.c
+++ b/drivers/crypto/fsl/fsl_blob.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0+
/*
* Copyright 2014 Freescale Semiconductor, Inc.
+ * Copyright 2021 NXP
*
*/
@@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len)
return ret;
}
+int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
+{
+ int ret, size;
+ u32 *desc;
+
+ if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||
+ !IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {
+ puts("Error: derive_bkek: Address arguments are not aligned!\n");
+ return -EINVAL;
+ }
+
+ printf("\nBlob key encryption key(bkek)\n");
+ desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);
+ if (!desc) {
+ printf("Not enough memory for descriptor allocation\n");
+ return -ENOMEM;
+ }
+
+ size = ALIGN(key_sz, ARCH_DMA_MINALIGN);
+ flush_dcache_range((unsigned long)key_mod, (unsigned long)key_mod + size);
+
+ /* construct blob key encryption key(bkek) derive descriptor */
+ inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod, key_sz);
+
+ size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE, ARCH_DMA_MINALIGN);
+ flush_dcache_range((unsigned long)desc, (unsigned long)desc + size);
+ size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);
+ invalidate_dcache_range((unsigned long)bkek_buf,
+ (unsigned long)bkek_buf + size);
+
+ /* run descriptor */
+ ret = run_descriptor_jr(desc);
+ if (ret < 0) {
+ printf("Error: %s failed 0x%x\n", __func__, ret);
+ } else {
+ invalidate_dcache_range((unsigned long)bkek_buf,
+ (unsigned long)bkek_buf + size);
+ puts("derive bkek successful.\n");
+ }
+
+ free(desc);
+ return ret;
+}
+
+int hwrng_generate(u8 *dst, u32 len)
+{
+ int ret, size;
+ u32 *desc;
+
+ if (!IS_ALIGNED((uintptr_t)dst, ARCH_DMA_MINALIGN)) {
+ puts("Error: caam_hwrng_test: Address arguments are not aligned!\n");
+ return -EINVAL;
+ }
+
+ printf("\nRNG generate\n");
+ desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);
+ if (!desc) {
+ printf("Not enough memory for descriptor allocation\n");
+ return -ENOMEM;
+ }
+
+ inline_cnstr_jobdesc_rng(desc, dst, len);
+
+ size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE, ARCH_DMA_MINALIGN);
+ flush_dcache_range((unsigned long)desc, (unsigned long)desc + size);
+ size = ALIGN(len, ARCH_DMA_MINALIGN);
+ invalidate_dcache_range((unsigned long)dst, (unsigned long)dst + size);
+
+ ret = run_descriptor_jr(desc);
+ if (ret < 0) {
+ printf("Error: RNG generate failed 0x%x\n", ret);
+ } else {
+ invalidate_dcache_range((unsigned long)dst,
+ (unsigned long)dst + size);
+ puts("RNG generation successful.\n");
+ }
+
+ free(desc);
+ return ret;
+}
+
#ifdef CONFIG_CMD_DEKBLOB
int blob_dek(const u8 *src, u8 *dst, u8 len)
{
diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c
index c350b32856..d58937c284 100644
--- a/drivers/crypto/fsl/jobdesc.c
+++ b/drivers/crypto/fsl/jobdesc.c
@@ -4,7 +4,7 @@
* Basic job descriptor construction
*
* Copyright 2014 Freescale Semiconductor, Inc.
- * Copyright 2018 NXP
+ * Copyright 2018, 2021 NXP
*
*/
@@ -207,7 +207,7 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc,
append_store(desc, dma_addr_out, storelen,
LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT);
}
-#ifndef CONFIG_SPL_BUILD
+
void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr,
uint8_t *plain_txt, uint8_t *enc_blob,
uint32_t in_sz)
@@ -255,7 +255,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr,
append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB);
}
-#endif
+
/*
* Descriptor to instantiate RNG State Handle 0 in normal mode and
* load the JDKEK, TDKEK and TDSK registers
@@ -334,3 +334,17 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc,
append_fifo_store(desc, dma_addr_out, out_siz,
LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B);
}
+
+void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void *bkek_out,
+ void *key_mod, uint32_t key_sz)
+{
+ dma_addr_t dma_key_mod = virt_to_phys(key_mod);
+ dma_addr_t dma_bkek_out = virt_to_phys(bkek_out);
+
+ init_job_desc(desc, 0);
+ append_load(desc, dma_key_mod, key_sz, LDST_CLASS_2_CCB |
+ LDST_SRCDST_BYTE_KEY);
+ append_seq_out_ptr_intlen(desc, dma_bkek_out, BKEK_SIZE, 0);
+ append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB |
+ OP_PROTINFO_MKVB);
+}
diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h
index c4501abd26..a720d68e82 100644
--- a/drivers/crypto/fsl/jobdesc.h
+++ b/drivers/crypto/fsl/jobdesc.h
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: GPL-2.0+ */
/*
* Copyright 2014 Freescale Semiconductor, Inc.
+ * Copyright 2021 NXP
*
*/
@@ -49,4 +50,7 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc,
struct pk_in_params *pkin, uint8_t *out,
uint32_t out_siz);
+void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void *bkek_out,
+ void *key_mod, uint32_t key_sz);
+
#endif
--
2.17.1
More information about the U-Boot
mailing list