[PATCH v2 02/15] crypto/fsl: Add CAAM support for bkek, random number generation

Ye Li ye.li at nxp.com
Fri Sep 10 11:46:13 CEST 2021 

On Fri, 2021-09-03 at 12:33 +0530, Gaurav Jain wrote:
> added api and descriptor for blob key encryption key(bkek)
> generation.
> added api for random number generation.
> 
> Signed-off-by: Gaurav Jain <gaurav.jain at nxp.com>
> Signed-off-by: Ji Luo <ji.luo at nxp.com>

Reviewed-by: Ye Li <ye.li at nxp.com>

Best regards,
Ye Li

> ---
>  drivers/crypto/fsl/desc.h     |  5 +++
>  drivers/crypto/fsl/fsl_blob.c | 82
> +++++++++++++++++++++++++++++++++++
>  drivers/crypto/fsl/jobdesc.c  | 20 +++++++--
>  drivers/crypto/fsl/jobdesc.h  |  4 ++
>  4 files changed, 108 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h
> index 5705c4f944..5958ebd3ac 100644
> --- a/drivers/crypto/fsl/desc.h
> +++ b/drivers/crypto/fsl/desc.h
> @@ -4,6 +4,7 @@
>   * Definitions to support CAAM descriptor instruction generation
>   *
>   * Copyright 2008-2014 Freescale Semiconductor, Inc.
> + * Copyright 2021 NXP
>   *
>   * Based on desc.h file in linux drivers/crypto/caam
>   */
> @@ -15,6 +16,7 @@
>  
>  #define KEY_BLOB_SIZE		32
>  #define MAC_SIZE			16
> +#define BKEK_SIZE		32
>  
>  /* Max size of any CAAM descriptor in 32-bit words, inclusive of
> header */
>  #define MAX_CAAM_DESCSIZE	64
> @@ -463,6 +465,9 @@
>  #define OP_PROTINFO_HASH_SHA384	0x00000200
>  #define OP_PROTINFO_HASH_SHA512	0x00000280
>  
> +/* PROTINFO fields for Blob Operations */
> +#define OP_PROTINFO_MKVB	0x00000002
> +
>  /* For non-protocol/alg-only op commands */
>  #define OP_ALG_TYPE_SHIFT	24
>  #define OP_ALG_TYPE_MASK	(0x7 << OP_ALG_TYPE_SHIFT)
> diff --git a/drivers/crypto/fsl/fsl_blob.c
> b/drivers/crypto/fsl/fsl_blob.c
> index e8202cc569..e8bc009daf 100644
> --- a/drivers/crypto/fsl/fsl_blob.c
> +++ b/drivers/crypto/fsl/fsl_blob.c
> @@ -1,6 +1,7 @@
>  // SPDX-License-Identifier: GPL-2.0+
>  /*
>   * Copyright 2014 Freescale Semiconductor, Inc.
> + * Copyright 2021 NXP
>   *
>   */
>  
> @@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst,
> u32 len)
>  	return ret;
>  }
>  
> +int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
> +{
> +	int ret, size;
> +	u32 *desc;
> +
> +	if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||
> +	    !IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {
> +		puts("Error: derive_bkek: Address arguments are not
> aligned!\n");
> +		return -EINVAL;
> +	}
> +
> +	printf("\nBlob key encryption key(bkek)\n");
> +	desc = malloc_cache_aligned(sizeof(int) *
> MAX_CAAM_DESCSIZE);
> +	if (!desc) {
> +		printf("Not enough memory for descriptor
> allocation\n");
> +		return -ENOMEM;
> +	}
> +
> +	size = ALIGN(key_sz, ARCH_DMA_MINALIGN);
> +	flush_dcache_range((unsigned long)key_mod, (unsigned
> long)key_mod + size);
> +
> +	/* construct blob key encryption key(bkek) derive descriptor
> */
> +	inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod,
> key_sz);
> +
> +	size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
> ARCH_DMA_MINALIGN);
> +	flush_dcache_range((unsigned long)desc, (unsigned long)desc
> + size);
> +	size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);
> +	invalidate_dcache_range((unsigned long)bkek_buf,
> +				(unsigned long)bkek_buf + size);
> +
> +	/* run descriptor */
> +	ret = run_descriptor_jr(desc);
> +	if (ret < 0) {
> +		printf("Error: %s failed 0x%x\n", __func__, ret);
> +	} else {
> +		invalidate_dcache_range((unsigned long)bkek_buf,
> +					(unsigned long)bkek_buf +
> size);
> +		puts("derive bkek successful.\n");
> +	}
> +
> +	free(desc);
> +	return ret;
> +}
> +
> +int hwrng_generate(u8 *dst, u32 len)
> +{
> +	int ret, size;
> +	u32 *desc;
> +
> +	if (!IS_ALIGNED((uintptr_t)dst, ARCH_DMA_MINALIGN)) {
> +		puts("Error: caam_hwrng_test: Address arguments are
> not aligned!\n");
> +		return -EINVAL;
> +	}
> +
> +	printf("\nRNG generate\n");
> +	desc = malloc_cache_aligned(sizeof(int) *
> MAX_CAAM_DESCSIZE);
> +	if (!desc) {
> +		printf("Not enough memory for descriptor
> allocation\n");
> +		return -ENOMEM;
> +	}
> +
> +	inline_cnstr_jobdesc_rng(desc, dst, len);
> +
> +	size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
> ARCH_DMA_MINALIGN);
> +	flush_dcache_range((unsigned long)desc, (unsigned long)desc
> + size);
> +	size = ALIGN(len, ARCH_DMA_MINALIGN);
> +	invalidate_dcache_range((unsigned long)dst, (unsigned
> long)dst + size);
> +
> +	ret = run_descriptor_jr(desc);
> +	if (ret < 0) {
> +		printf("Error: RNG generate failed 0x%x\n", ret);
> +	} else {
> +		invalidate_dcache_range((unsigned long)dst,
> +					(unsigned long)dst + size);
> +		puts("RNG generation successful.\n");
> +	}
> +
> +	free(desc);
> +	return ret;
> +}
> +
>  #ifdef CONFIG_CMD_DEKBLOB
>  int blob_dek(const u8 *src, u8 *dst, u8 len)
>  {
> diff --git a/drivers/crypto/fsl/jobdesc.c
> b/drivers/crypto/fsl/jobdesc.c
> index c350b32856..d58937c284 100644
> --- a/drivers/crypto/fsl/jobdesc.c
> +++ b/drivers/crypto/fsl/jobdesc.c
> @@ -4,7 +4,7 @@
>   * Basic job descriptor construction
>   *
>   * Copyright 2014 Freescale Semiconductor, Inc.
> - * Copyright 2018 NXP
> + * Copyright 2018, 2021 NXP
>   *
>   */
>  
> @@ -207,7 +207,7 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc,
>  	append_store(desc, dma_addr_out, storelen,
>  		     LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT);
>  }
> -#ifndef CONFIG_SPL_BUILD
> +
>  void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t
> *key_idnfr,
>  				     uint8_t *plain_txt, uint8_t
> *enc_blob,
>  				     uint32_t in_sz)
> @@ -255,7 +255,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t
> *desc, uint8_t *key_idnfr,
>  
>  	append_operation(desc, OP_TYPE_DECAP_PROTOCOL |
> OP_PCLID_BLOB);
>  }
> -#endif
> +
>  /*
>   * Descriptor to instantiate RNG State Handle 0 in normal mode and
>   * load the JDKEK, TDKEK and TDSK registers
> @@ -334,3 +334,17 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t
> *desc,
>  	append_fifo_store(desc, dma_addr_out, out_siz,
>  			  LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B);
>  }
> +
> +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void
> *bkek_out,
> +				      void *key_mod, uint32_t
> key_sz)
> +{
> +	dma_addr_t dma_key_mod = virt_to_phys(key_mod);
> +	dma_addr_t dma_bkek_out = virt_to_phys(bkek_out);
> +
> +	init_job_desc(desc, 0);
> +	append_load(desc, dma_key_mod, key_sz,	LDST_CLASS_2_C
> CB |
> +						LDST_SRCDST_BYTE_KEY
> );
> +	append_seq_out_ptr_intlen(desc, dma_bkek_out, BKEK_SIZE, 0);
> +	append_operation(desc, OP_TYPE_ENCAP_PROTOCOL |
> OP_PCLID_BLOB |
> +							OP_PROTINFO_
> MKVB);
> +}
> diff --git a/drivers/crypto/fsl/jobdesc.h
> b/drivers/crypto/fsl/jobdesc.h
> index c4501abd26..a720d68e82 100644
> --- a/drivers/crypto/fsl/jobdesc.h
> +++ b/drivers/crypto/fsl/jobdesc.h
> @@ -1,6 +1,7 @@
>  /* SPDX-License-Identifier: GPL-2.0+ */
>  /*
>   * Copyright 2014 Freescale Semiconductor, Inc.
> + * Copyright 2021 NXP
>   *
>   */
>  
> @@ -49,4 +50,7 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t
> *desc,
>  				      struct pk_in_params *pkin,
> uint8_t *out,
>  				      uint32_t out_siz);
>  
> +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void
> *bkek_out,
> +				      void *key_mod, uint32_t
> key_sz);
> +
>  #endif

More information about the U-Boot mailing list