From: Ye Li <ye.li@nxp.com>
To: Gaurav Jain <gaurav.jain@nxp.com>,
"u-boot@lists.denx.de" <u-boot@lists.denx.de>
Cc: "olteanv@gmail.com" <olteanv@gmail.com>,
Priyanka Jain <priyanka.jain@nxp.com>,
Pankaj Gupta <pankaj.gupta@nxp.com>,
Mingkai Hu <mingkai.hu@nxp.com>,
Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>,
Silvano Di Ninno <silvano.dininno@nxp.com>,
"sjg@chromium.org" <sjg@chromium.org>, Ji Luo <ji.luo@nxp.com>,
"festevam@gmail.com" <festevam@gmail.com>,
dl-uboot-imx <uboot-imx@nxp.com>,
Shengzhou Liu <shengzhou.liu@nxp.com>,
Rajesh Bhagat <rajesh.bhagat@nxp.com>,
Franck Lenormand <franck.lenormand@nxp.com>,
Varun Sethi <V.Sethi@nxp.com>, Alison Wang <alison.wang@nxp.com>,
Peng Fan <peng.fan@nxp.com>, Wasim Khan <wasim.khan@nxp.com>,
Pramod Kumar <pramod.kumar_1@nxp.com>,
"sbabic@denx.de" <sbabic@denx.de>,
Horia Geanta <horia.geanta@nxp.com>,
Andy Tang <andy.tang@nxp.com>,
Sahil Malhotra <sahil.malhotra@nxp.com>,
Adrian Alonso <adrian.alonso@nxp.com>
Subject: Re: [PATCH v2 02/15] crypto/fsl: Add CAAM support for bkek, random number generation
Date: Fri, 10 Sep 2021 09:46:13 +0000 [thread overview]
Message-ID: <1631267172.43076.56.camel@nxp.com> (raw)
In-Reply-To: <20210903070319.13484-3-gaurav.jain@nxp.com>
On Fri, 2021-09-03 at 12:33 +0530, Gaurav Jain wrote:
> added api and descriptor for blob key encryption key(bkek)
> generation.
> added api for random number generation.
>
> Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
> Signed-off-by: Ji Luo <ji.luo@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Best regards,
Ye Li
> ---
> drivers/crypto/fsl/desc.h | 5 +++
> drivers/crypto/fsl/fsl_blob.c | 82
> +++++++++++++++++++++++++++++++++++
> drivers/crypto/fsl/jobdesc.c | 20 +++++++--
> drivers/crypto/fsl/jobdesc.h | 4 ++
> 4 files changed, 108 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h
> index 5705c4f944..5958ebd3ac 100644
> --- a/drivers/crypto/fsl/desc.h
> +++ b/drivers/crypto/fsl/desc.h
> @@ -4,6 +4,7 @@
> * Definitions to support CAAM descriptor instruction generation
> *
> * Copyright 2008-2014 Freescale Semiconductor, Inc.
> + * Copyright 2021 NXP
> *
> * Based on desc.h file in linux drivers/crypto/caam
> */
> @@ -15,6 +16,7 @@
>
> #define KEY_BLOB_SIZE 32
> #define MAC_SIZE 16
> +#define BKEK_SIZE 32
>
> /* Max size of any CAAM descriptor in 32-bit words, inclusive of
> header */
> #define MAX_CAAM_DESCSIZE 64
> @@ -463,6 +465,9 @@
> #define OP_PROTINFO_HASH_SHA384 0x00000200
> #define OP_PROTINFO_HASH_SHA512 0x00000280
>
> +/* PROTINFO fields for Blob Operations */
> +#define OP_PROTINFO_MKVB 0x00000002
> +
> /* For non-protocol/alg-only op commands */
> #define OP_ALG_TYPE_SHIFT 24
> #define OP_ALG_TYPE_MASK (0x7 << OP_ALG_TYPE_SHIFT)
> diff --git a/drivers/crypto/fsl/fsl_blob.c
> b/drivers/crypto/fsl/fsl_blob.c
> index e8202cc569..e8bc009daf 100644
> --- a/drivers/crypto/fsl/fsl_blob.c
> +++ b/drivers/crypto/fsl/fsl_blob.c
> @@ -1,6 +1,7 @@
> // SPDX-License-Identifier: GPL-2.0+
> /*
> * Copyright 2014 Freescale Semiconductor, Inc.
> + * Copyright 2021 NXP
> *
> */
>
> @@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst,
> u32 len)
> return ret;
> }
>
> +int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
> +{
> + int ret, size;
> + u32 *desc;
> +
> + if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||
> + !IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {
> + puts("Error: derive_bkek: Address arguments are not
> aligned!\n");
> + return -EINVAL;
> + }
> +
> + printf("\nBlob key encryption key(bkek)\n");
> + desc = malloc_cache_aligned(sizeof(int) *
> MAX_CAAM_DESCSIZE);
> + if (!desc) {
> + printf("Not enough memory for descriptor
> allocation\n");
> + return -ENOMEM;
> + }
> +
> + size = ALIGN(key_sz, ARCH_DMA_MINALIGN);
> + flush_dcache_range((unsigned long)key_mod, (unsigned
> long)key_mod + size);
> +
> + /* construct blob key encryption key(bkek) derive descriptor
> */
> + inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod,
> key_sz);
> +
> + size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
> ARCH_DMA_MINALIGN);
> + flush_dcache_range((unsigned long)desc, (unsigned long)desc
> + size);
> + size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);
> + invalidate_dcache_range((unsigned long)bkek_buf,
> + (unsigned long)bkek_buf + size);
> +
> + /* run descriptor */
> + ret = run_descriptor_jr(desc);
> + if (ret < 0) {
> + printf("Error: %s failed 0x%x\n", __func__, ret);
> + } else {
> + invalidate_dcache_range((unsigned long)bkek_buf,
> + (unsigned long)bkek_buf +
> size);
> + puts("derive bkek successful.\n");
> + }
> +
> + free(desc);
> + return ret;
> +}
> +
> +int hwrng_generate(u8 *dst, u32 len)
> +{
> + int ret, size;
> + u32 *desc;
> +
> + if (!IS_ALIGNED((uintptr_t)dst, ARCH_DMA_MINALIGN)) {
> + puts("Error: caam_hwrng_test: Address arguments are
> not aligned!\n");
> + return -EINVAL;
> + }
> +
> + printf("\nRNG generate\n");
> + desc = malloc_cache_aligned(sizeof(int) *
> MAX_CAAM_DESCSIZE);
> + if (!desc) {
> + printf("Not enough memory for descriptor
> allocation\n");
> + return -ENOMEM;
> + }
> +
> + inline_cnstr_jobdesc_rng(desc, dst, len);
> +
> + size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
> ARCH_DMA_MINALIGN);
> + flush_dcache_range((unsigned long)desc, (unsigned long)desc
> + size);
> + size = ALIGN(len, ARCH_DMA_MINALIGN);
> + invalidate_dcache_range((unsigned long)dst, (unsigned
> long)dst + size);
> +
> + ret = run_descriptor_jr(desc);
> + if (ret < 0) {
> + printf("Error: RNG generate failed 0x%x\n", ret);
> + } else {
> + invalidate_dcache_range((unsigned long)dst,
> + (unsigned long)dst + size);
> + puts("RNG generation successful.\n");
> + }
> +
> + free(desc);
> + return ret;
> +}
> +
> #ifdef CONFIG_CMD_DEKBLOB
> int blob_dek(const u8 *src, u8 *dst, u8 len)
> {
> diff --git a/drivers/crypto/fsl/jobdesc.c
> b/drivers/crypto/fsl/jobdesc.c
> index c350b32856..d58937c284 100644
> --- a/drivers/crypto/fsl/jobdesc.c
> +++ b/drivers/crypto/fsl/jobdesc.c
> @@ -4,7 +4,7 @@
> * Basic job descriptor construction
> *
> * Copyright 2014 Freescale Semiconductor, Inc.
> - * Copyright 2018 NXP
> + * Copyright 2018, 2021 NXP
> *
> */
>
> @@ -207,7 +207,7 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc,
> append_store(desc, dma_addr_out, storelen,
> LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT);
> }
> -#ifndef CONFIG_SPL_BUILD
> +
> void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t
> *key_idnfr,
> uint8_t *plain_txt, uint8_t
> *enc_blob,
> uint32_t in_sz)
> @@ -255,7 +255,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t
> *desc, uint8_t *key_idnfr,
>
> append_operation(desc, OP_TYPE_DECAP_PROTOCOL |
> OP_PCLID_BLOB);
> }
> -#endif
> +
> /*
> * Descriptor to instantiate RNG State Handle 0 in normal mode and
> * load the JDKEK, TDKEK and TDSK registers
> @@ -334,3 +334,17 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t
> *desc,
> append_fifo_store(desc, dma_addr_out, out_siz,
> LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B);
> }
> +
> +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void
> *bkek_out,
> + void *key_mod, uint32_t
> key_sz)
> +{
> + dma_addr_t dma_key_mod = virt_to_phys(key_mod);
> + dma_addr_t dma_bkek_out = virt_to_phys(bkek_out);
> +
> + init_job_desc(desc, 0);
> + append_load(desc, dma_key_mod, key_sz, LDST_CLASS_2_C
> CB |
> + LDST_SRCDST_BYTE_KEY
> );
> + append_seq_out_ptr_intlen(desc, dma_bkek_out, BKEK_SIZE, 0);
> + append_operation(desc, OP_TYPE_ENCAP_PROTOCOL |
> OP_PCLID_BLOB |
> + OP_PROTINFO_
> MKVB);
> +}
> diff --git a/drivers/crypto/fsl/jobdesc.h
> b/drivers/crypto/fsl/jobdesc.h
> index c4501abd26..a720d68e82 100644
> --- a/drivers/crypto/fsl/jobdesc.h
> +++ b/drivers/crypto/fsl/jobdesc.h
> @@ -1,6 +1,7 @@
> /* SPDX-License-Identifier: GPL-2.0+ */
> /*
> * Copyright 2014 Freescale Semiconductor, Inc.
> + * Copyright 2021 NXP
> *
> */
>
> @@ -49,4 +50,7 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t
> *desc,
> struct pk_in_params *pkin,
> uint8_t *out,
> uint32_t out_siz);
>
> +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void
> *bkek_out,
> + void *key_mod, uint32_t
> key_sz);
> +
> #endif
next prev parent reply other threads:[~2021-09-10 9:46 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-03 7:03 [PATCH v2 00/15] Add CAAM driver model support Gaurav Jain
2021-09-03 7:03 ` [PATCH v2 01/15] crypto/fsl: Add support for CAAM Job ring driver model Gaurav Jain
2021-09-10 10:01 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 02/15] crypto/fsl: Add CAAM support for bkek, random number generation Gaurav Jain
2021-09-10 9:46 ` Ye Li [this message]
2021-09-03 7:03 ` [PATCH v2 03/15] i.MX8M: crypto: updated device tree for supporting DM in SPL Gaurav Jain
2021-09-10 9:03 ` Ye Li
2021-09-10 14:46 ` Tim Harvey
2021-09-13 4:55 ` [EXT] " Gaurav Jain
2021-09-23 22:40 ` Tim Harvey
2021-09-28 5:20 ` Gaurav Jain
2021-09-03 7:03 ` [PATCH v2 04/15] crypto/fsl: i.MX8M: Enable Job ring driver model in SPL and U-Boot Gaurav Jain
2021-09-10 9:04 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 05/15] i.MX6: Enable Job ring driver model in U-Boot Gaurav Jain
2021-09-10 9:20 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 06/15] i.MX7: " Gaurav Jain
2021-09-10 9:36 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 07/15] i.MX7ULP: " Gaurav Jain
2021-09-10 9:36 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 08/15] i.MX8: Add crypto node in device tree Gaurav Jain
2021-09-10 9:39 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 09/15] crypto/fsl: i.MX8: Enable Job ring driver model in SPL and U-Boot Gaurav Jain
2021-09-10 9:43 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 10/15] crypto/fsl: Fix kick_trng Gaurav Jain
2021-09-03 7:03 ` [PATCH v2 11/15] Layerscape: Add crypto node in device tree Gaurav Jain
2021-09-13 7:08 ` Priyanka Jain (OSS)
2021-09-03 7:03 ` [PATCH v2 12/15] Layerscape: Enable Job ring driver model in U-Boot Gaurav Jain
2021-09-13 7:10 ` Priyanka Jain (OSS)
2021-09-03 7:03 ` [PATCH v2 13/15] PPC: Add crypto node in device tree Gaurav Jain
2021-09-13 7:10 ` Priyanka Jain (OSS)
2021-09-03 7:03 ` [PATCH v2 14/15] PPC: Enable Job ring driver model in U-Boot Gaurav Jain
2021-09-13 7:13 ` Priyanka Jain (OSS)
2021-09-03 7:03 ` [PATCH v2 15/15] update CAAM MAINTAINER Gaurav Jain
2021-09-23 23:01 ` [PATCH v2 00/15] Add CAAM driver model support Tim Harvey
2021-09-28 5:39 ` [EXT] " Gaurav Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1631267172.43076.56.camel@nxp.com \
--to=ye.li@nxp.com \
--cc=V.Sethi@nxp.com \
--cc=adrian.alonso@nxp.com \
--cc=alison.wang@nxp.com \
--cc=andy.tang@nxp.com \
--cc=festevam@gmail.com \
--cc=franck.lenormand@nxp.com \
--cc=gaurav.jain@nxp.com \
--cc=horia.geanta@nxp.com \
--cc=ji.luo@nxp.com \
--cc=meenakshi.aggarwal@nxp.com \
--cc=mingkai.hu@nxp.com \
--cc=olteanv@gmail.com \
--cc=pankaj.gupta@nxp.com \
--cc=peng.fan@nxp.com \
--cc=pramod.kumar_1@nxp.com \
--cc=priyanka.jain@nxp.com \
--cc=rajesh.bhagat@nxp.com \
--cc=sahil.malhotra@nxp.com \
--cc=sbabic@denx.de \
--cc=shengzhou.liu@nxp.com \
--cc=silvano.dininno@nxp.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=uboot-imx@nxp.com \
--cc=wasim.khan@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.