On Fri, 2021-09-03 at 12:33 +0530, Gaurav Jain wrote: > added api and descriptor for blob key encryption key(bkek) > generation. > added api for random number generation. > > Signed-off-by: Gaurav Jain <gaurav.j...@nxp.com> > Signed-off-by: Ji Luo <ji....@nxp.com>
Reviewed-by: Ye Li <ye...@nxp.com> Best regards, Ye Li > --- > drivers/crypto/fsl/desc.h | 5 +++ > drivers/crypto/fsl/fsl_blob.c | 82 > +++++++++++++++++++++++++++++++++++ > drivers/crypto/fsl/jobdesc.c | 20 +++++++-- > drivers/crypto/fsl/jobdesc.h | 4 ++ > 4 files changed, 108 insertions(+), 3 deletions(-) > > diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h > index 5705c4f944..5958ebd3ac 100644 > --- a/drivers/crypto/fsl/desc.h > +++ b/drivers/crypto/fsl/desc.h > @@ -4,6 +4,7 @@ > * Definitions to support CAAM descriptor instruction generation > * > * Copyright 2008-2014 Freescale Semiconductor, Inc. > + * Copyright 2021 NXP > * > * Based on desc.h file in linux drivers/crypto/caam > */ > @@ -15,6 +16,7 @@ > > #define KEY_BLOB_SIZE 32 > #define MAC_SIZE 16 > +#define BKEK_SIZE 32 > > /* Max size of any CAAM descriptor in 32-bit words, inclusive of > header */ > #define MAX_CAAM_DESCSIZE 64 > @@ -463,6 +465,9 @@ > #define OP_PROTINFO_HASH_SHA384 0x00000200 > #define OP_PROTINFO_HASH_SHA512 0x00000280 > > +/* PROTINFO fields for Blob Operations */ > +#define OP_PROTINFO_MKVB 0x00000002 > + > /* For non-protocol/alg-only op commands */ > #define OP_ALG_TYPE_SHIFT 24 > #define OP_ALG_TYPE_MASK (0x7 << OP_ALG_TYPE_SHIFT) > diff --git a/drivers/crypto/fsl/fsl_blob.c > b/drivers/crypto/fsl/fsl_blob.c > index e8202cc569..e8bc009daf 100644 > --- a/drivers/crypto/fsl/fsl_blob.c > +++ b/drivers/crypto/fsl/fsl_blob.c > @@ -1,6 +1,7 @@ > // SPDX-License-Identifier: GPL-2.0+ > /* > * Copyright 2014 Freescale Semiconductor, Inc. > + * Copyright 2021 NXP > * > */ > > @@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst, > u32 len) > return ret; > } > > +int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz) > +{ > + int ret, size; > + u32 *desc; > + > + if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) || > + !IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) { > + puts("Error: derive_bkek: Address arguments are not > aligned!\n"); > + return -EINVAL; > + } > + > + printf("\nBlob key encryption key(bkek)\n"); > + desc = malloc_cache_aligned(sizeof(int) * > MAX_CAAM_DESCSIZE); > + if (!desc) { > + printf("Not enough memory for descriptor > allocation\n"); > + return -ENOMEM; > + } > + > + size = ALIGN(key_sz, ARCH_DMA_MINALIGN); > + flush_dcache_range((unsigned long)key_mod, (unsigned > long)key_mod + size); > + > + /* construct blob key encryption key(bkek) derive descriptor > */ > + inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod, > key_sz); > + > + size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE, > ARCH_DMA_MINALIGN); > + flush_dcache_range((unsigned long)desc, (unsigned long)desc > + size); > + size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN); > + invalidate_dcache_range((unsigned long)bkek_buf, > + (unsigned long)bkek_buf + size); > + > + /* run descriptor */ > + ret = run_descriptor_jr(desc); > + if (ret < 0) { > + printf("Error: %s failed 0x%x\n", __func__, ret); > + } else { > + invalidate_dcache_range((unsigned long)bkek_buf, > + (unsigned long)bkek_buf + > size); > + puts("derive bkek successful.\n"); > + } > + > + free(desc); > + return ret; > +} > + > +int hwrng_generate(u8 *dst, u32 len) > +{ > + int ret, size; > + u32 *desc; > + > + if (!IS_ALIGNED((uintptr_t)dst, ARCH_DMA_MINALIGN)) { > + puts("Error: caam_hwrng_test: Address arguments are > not aligned!\n"); > + return -EINVAL; > + } > + > + printf("\nRNG generate\n"); > + desc = malloc_cache_aligned(sizeof(int) * > MAX_CAAM_DESCSIZE); > + if (!desc) { > + printf("Not enough memory for descriptor > allocation\n"); > + return -ENOMEM; > + } > + > + inline_cnstr_jobdesc_rng(desc, dst, len); > + > + size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE, > ARCH_DMA_MINALIGN); > + flush_dcache_range((unsigned long)desc, (unsigned long)desc > + size); > + size = ALIGN(len, ARCH_DMA_MINALIGN); > + invalidate_dcache_range((unsigned long)dst, (unsigned > long)dst + size); > + > + ret = run_descriptor_jr(desc); > + if (ret < 0) { > + printf("Error: RNG generate failed 0x%x\n", ret); > + } else { > + invalidate_dcache_range((unsigned long)dst, > + (unsigned long)dst + size); > + puts("RNG generation successful.\n"); > + } > + > + free(desc); > + return ret; > +} > + > #ifdef CONFIG_CMD_DEKBLOB > int blob_dek(const u8 *src, u8 *dst, u8 len) > { > diff --git a/drivers/crypto/fsl/jobdesc.c > b/drivers/crypto/fsl/jobdesc.c > index c350b32856..d58937c284 100644 > --- a/drivers/crypto/fsl/jobdesc.c > +++ b/drivers/crypto/fsl/jobdesc.c > @@ -4,7 +4,7 @@ > * Basic job descriptor construction > * > * Copyright 2014 Freescale Semiconductor, Inc. > - * Copyright 2018 NXP > + * Copyright 2018, 2021 NXP > * > */ > > @@ -207,7 +207,7 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc, > append_store(desc, dma_addr_out, storelen, > LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT); > } > -#ifndef CONFIG_SPL_BUILD > + > void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t > *key_idnfr, > uint8_t *plain_txt, uint8_t > *enc_blob, > uint32_t in_sz) > @@ -255,7 +255,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t > *desc, uint8_t *key_idnfr, > > append_operation(desc, OP_TYPE_DECAP_PROTOCOL | > OP_PCLID_BLOB); > } > -#endif > + > /* > * Descriptor to instantiate RNG State Handle 0 in normal mode and > * load the JDKEK, TDKEK and TDSK registers > @@ -334,3 +334,17 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t > *desc, > append_fifo_store(desc, dma_addr_out, out_siz, > LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B); > } > + > +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void > *bkek_out, > + void *key_mod, uint32_t > key_sz) > +{ > + dma_addr_t dma_key_mod = virt_to_phys(key_mod); > + dma_addr_t dma_bkek_out = virt_to_phys(bkek_out); > + > + init_job_desc(desc, 0); > + append_load(desc, dma_key_mod, key_sz, LDST_CLASS_2_C > CB | > + LDST_SRCDST_BYTE_KEY > ); > + append_seq_out_ptr_intlen(desc, dma_bkek_out, BKEK_SIZE, 0); > + append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | > OP_PCLID_BLOB | > + OP_PROTINFO_ > MKVB); > +} > diff --git a/drivers/crypto/fsl/jobdesc.h > b/drivers/crypto/fsl/jobdesc.h > index c4501abd26..a720d68e82 100644 > --- a/drivers/crypto/fsl/jobdesc.h > +++ b/drivers/crypto/fsl/jobdesc.h > @@ -1,6 +1,7 @@ > /* SPDX-License-Identifier: GPL-2.0+ */ > /* > * Copyright 2014 Freescale Semiconductor, Inc. > + * Copyright 2021 NXP > * > */ > > @@ -49,4 +50,7 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t > *desc, > struct pk_in_params *pkin, > uint8_t *out, > uint32_t out_siz); > > +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void > *bkek_out, > + void *key_mod, uint32_t > key_sz); > + > #endif