On Fri, 2021-09-03 at 12:33 +0530, Gaurav Jain wrote:
added api and descriptor for blob key encryption key(bkek) generation. added api for random number generation.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Signed-off-by: Ji Luo ji.luo@nxp.com
Reviewed-by: Ye Li ye.li@nxp.com
Best regards, Ye Li
drivers/crypto/fsl/desc.h | 5 +++ drivers/crypto/fsl/fsl_blob.c | 82 +++++++++++++++++++++++++++++++++++ drivers/crypto/fsl/jobdesc.c | 20 +++++++-- drivers/crypto/fsl/jobdesc.h | 4 ++ 4 files changed, 108 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h index 5705c4f944..5958ebd3ac 100644 --- a/drivers/crypto/fsl/desc.h +++ b/drivers/crypto/fsl/desc.h @@ -4,6 +4,7 @@ * Definitions to support CAAM descriptor instruction generation * * Copyright 2008-2014 Freescale Semiconductor, Inc.
- Copyright 2021 NXP
* * Based on desc.h file in linux drivers/crypto/caam */ @@ -15,6 +16,7 @@ #define KEY_BLOB_SIZE 32 #define MAC_SIZE 16 +#define BKEK_SIZE 32 /* Max size of any CAAM descriptor in 32-bit words, inclusive of header */ #define MAX_CAAM_DESCSIZE 64 @@ -463,6 +465,9 @@ #define OP_PROTINFO_HASH_SHA384 0x00000200 #define OP_PROTINFO_HASH_SHA512 0x00000280 +/* PROTINFO fields for Blob Operations */ +#define OP_PROTINFO_MKVB 0x00000002
/* For non-protocol/alg-only op commands */ #define OP_ALG_TYPE_SHIFT 24 #define OP_ALG_TYPE_MASK (0x7 << OP_ALG_TYPE_SHIFT) diff --git a/drivers/crypto/fsl/fsl_blob.c b/drivers/crypto/fsl/fsl_blob.c index e8202cc569..e8bc009daf 100644 --- a/drivers/crypto/fsl/fsl_blob.c +++ b/drivers/crypto/fsl/fsl_blob.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2014 Freescale Semiconductor, Inc.
- Copyright 2021 NXP
* */ @@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) return ret; } +int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz) +{
- int ret, size;
- u32 *desc;
- if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||
- !IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {
puts("Error: derive_bkek: Address arguments are notaligned!\n");
return -EINVAL;- }
- printf("\nBlob key encryption key(bkek)\n");
- desc = malloc_cache_aligned(sizeof(int) *
MAX_CAAM_DESCSIZE);
- if (!desc) {
printf("Not enough memory for descriptorallocation\n");
return -ENOMEM;- }
- size = ALIGN(key_sz, ARCH_DMA_MINALIGN);
- flush_dcache_range((unsigned long)key_mod, (unsigned
long)key_mod + size);
- /* construct blob key encryption key(bkek) derive descriptor
*/
- inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod,
key_sz);
- size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
ARCH_DMA_MINALIGN);
- flush_dcache_range((unsigned long)desc, (unsigned long)desc
- size);
- size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);
- invalidate_dcache_range((unsigned long)bkek_buf,
(unsigned long)bkek_buf + size);- /* run descriptor */
- ret = run_descriptor_jr(desc);
- if (ret < 0) {
printf("Error: %s failed 0x%x\n", __func__, ret);- } else {
invalidate_dcache_range((unsigned long)bkek_buf,(unsigned long)bkek_buf +size);
puts("derive bkek successful.\n");- }
- free(desc);
- return ret;
+}
+int hwrng_generate(u8 *dst, u32 len) +{
- int ret, size;
- u32 *desc;
- if (!IS_ALIGNED((uintptr_t)dst, ARCH_DMA_MINALIGN)) {
puts("Error: caam_hwrng_test: Address arguments arenot aligned!\n");
return -EINVAL;- }
- printf("\nRNG generate\n");
- desc = malloc_cache_aligned(sizeof(int) *
MAX_CAAM_DESCSIZE);
- if (!desc) {
printf("Not enough memory for descriptorallocation\n");
return -ENOMEM;- }
- inline_cnstr_jobdesc_rng(desc, dst, len);
- size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
ARCH_DMA_MINALIGN);
- flush_dcache_range((unsigned long)desc, (unsigned long)desc
- size);
- size = ALIGN(len, ARCH_DMA_MINALIGN);
- invalidate_dcache_range((unsigned long)dst, (unsigned
long)dst + size);
- ret = run_descriptor_jr(desc);
- if (ret < 0) {
printf("Error: RNG generate failed 0x%x\n", ret);- } else {
invalidate_dcache_range((unsigned long)dst,(unsigned long)dst + size);puts("RNG generation successful.\n");- }
- free(desc);
- return ret;
+}
#ifdef CONFIG_CMD_DEKBLOB int blob_dek(const u8 *src, u8 *dst, u8 len) { diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c index c350b32856..d58937c284 100644 --- a/drivers/crypto/fsl/jobdesc.c +++ b/drivers/crypto/fsl/jobdesc.c @@ -4,7 +4,7 @@ * Basic job descriptor construction * * Copyright 2014 Freescale Semiconductor, Inc.
- Copyright 2018 NXP
- Copyright 2018, 2021 NXP
* */ @@ -207,7 +207,7 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc, append_store(desc, dma_addr_out, storelen, LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT); } -#ifndef CONFIG_SPL_BUILD
void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *plain_txt, uint8_t *enc_blob, uint32_t in_sz) @@ -255,7 +255,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB); } -#endif
/* * Descriptor to instantiate RNG State Handle 0 in normal mode and * load the JDKEK, TDKEK and TDSK registers @@ -334,3 +334,17 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc, append_fifo_store(desc, dma_addr_out, out_siz, LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B); }
+void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void *bkek_out,
void *key_mod, uint32_tkey_sz) +{
- dma_addr_t dma_key_mod = virt_to_phys(key_mod);
- dma_addr_t dma_bkek_out = virt_to_phys(bkek_out);
- init_job_desc(desc, 0);
- append_load(desc, dma_key_mod, key_sz, LDST_CLASS_2_C
CB |
LDST_SRCDST_BYTE_KEY);
- append_seq_out_ptr_intlen(desc, dma_bkek_out, BKEK_SIZE, 0);
- append_operation(desc, OP_TYPE_ENCAP_PROTOCOL |
OP_PCLID_BLOB |
OP_PROTINFO_MKVB); +} diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h index c4501abd26..a720d68e82 100644 --- a/drivers/crypto/fsl/jobdesc.h +++ b/drivers/crypto/fsl/jobdesc.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0+ */ /* * Copyright 2014 Freescale Semiconductor, Inc.
- Copyright 2021 NXP
* */ @@ -49,4 +50,7 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc, struct pk_in_params *pkin, uint8_t *out, uint32_t out_siz); +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void *bkek_out,
void *key_mod, uint32_tkey_sz);
#endif