[EXT] Re: [PATCH v5 02/16] crypto/fsl: Add CAAM support for bkek, random number generation

Tue Nov 16 12:23:03 CET 2021

Hi,

Am 2021-11-16 12:09, schrieb Gaurav Jain:
>> > --- a/drivers/crypto/fsl/fsl_blob.c
>> > +++ b/drivers/crypto/fsl/fsl_blob.c
>> > @@ -1,6 +1,7 @@
>> >  // SPDX-License-Identifier: GPL-2.0+
>> >  /*
>> >   * Copyright 2014 Freescale Semiconductor, Inc.
>> > + * Copyright 2021 NXP
>> >   *
>> >   */
>> >
>> > @@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst,
>> u32 len)
>> >       return ret;
>> >  }
>> >
>> > +int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
>> 
>> where is this function actually used? looks like dead code to me.
> 
> I was thinking to add the command for this function later.
> But will remove this patch from this series and send this later with
> derive blob kek cmd implementation.

ok, but you've missed the question below.

>> 
>> > +{
>> > +     int ret, size;
>> > +     u32 *desc;
>> > +
>> > +     if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||
>> > +         !IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {
>> > +             puts("Error: derive_bkek: Address arguments are not aligned!\n");
>> > +             return -EINVAL;
>> > +     }
>> > +
>> > +     printf("\nBlob key encryption key(bkek)\n");
>> > +     desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);
>> > +     if (!desc) {
>> > +             printf("Not enough memory for descriptor allocation\n");
>> > +             return -ENOMEM;
>> > +     }
>> > +
>> > +     size = ALIGN(key_sz, ARCH_DMA_MINALIGN);
>> > +     flush_dcache_range((unsigned long)key_mod, (unsigned
>> > + long)key_mod + size);
>> > +
>> > +     /* construct blob key encryption key(bkek) derive descriptor */
>> > +     inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod,
>> > + key_sz);
>> > +
>> > +     size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
>> ARCH_DMA_MINALIGN);
>> > +     flush_dcache_range((unsigned long)desc, (unsigned long)desc + size);
>> > +     size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);
>> > +     invalidate_dcache_range((unsigned long)bkek_buf,
>> > +                             (unsigned long)bkek_buf + size);
>> > +
>> > +     /* run descriptor */
>> > +     ret = run_descriptor_jr(desc);
>> > +     if (ret < 0) {
>> > +             printf("Error: %s failed 0x%x\n", __func__, ret);
>> > +     } else {
>> > +             invalidate_dcache_range((unsigned long)bkek_buf,
>> > +                                     (unsigned long)bkek_buf + size);
>> > +             puts("derive bkek successful.\n");
>> > +     }
>> > +
>> > +     free(desc);
>> > +     return ret;
>> > +}
>> > +
>> > +int hwrng_generate(u8 *dst, u32 len)
>> 
>> likewise.
>> But more important what is the difference to drivers/crypto/fsl/rng.c? 
>> Why
>> do you need a new function here?

This one. Why can't you reuse the code which is already there?

-michael