From: Ye Li <ye.li@nxp.com>
To: Gaurav Jain <gaurav.jain@nxp.com>,
"u-boot@lists.denx.de" <u-boot@lists.denx.de>
Cc: "olteanv@gmail.com" <olteanv@gmail.com>,
Priyanka Jain <priyanka.jain@nxp.com>,
Pankaj Gupta <pankaj.gupta@nxp.com>,
Mingkai Hu <mingkai.hu@nxp.com>,
Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>,
Silvano Di Ninno <silvano.dininno@nxp.com>,
"sjg@chromium.org" <sjg@chromium.org>, Ji Luo <ji.luo@nxp.com>,
"festevam@gmail.com" <festevam@gmail.com>,
dl-uboot-imx <uboot-imx@nxp.com>,
Shengzhou Liu <shengzhou.liu@nxp.com>,
Rajesh Bhagat <rajesh.bhagat@nxp.com>,
Franck Lenormand <franck.lenormand@nxp.com>,
Varun Sethi <V.Sethi@nxp.com>, Alison Wang <alison.wang@nxp.com>,
Peng Fan <peng.fan@nxp.com>, Wasim Khan <wasim.khan@nxp.com>,
Pramod Kumar <pramod.kumar_1@nxp.com>,
"sbabic@denx.de" <sbabic@denx.de>,
Horia Geanta <horia.geanta@nxp.com>,
Andy Tang <andy.tang@nxp.com>,
Sahil Malhotra <sahil.malhotra@nxp.com>,
Adrian Alonso <adrian.alonso@nxp.com>
Subject: Re: [PATCH v2 02/15] crypto/fsl: Add CAAM support for bkek, random number generation
Date: Fri, 10 Sep 2021 09:46:13 +0000 [thread overview]
Message-ID: <1631267172.43076.56.camel@nxp.com> (raw)
In-Reply-To: <20210903070319.13484-3-gaurav.jain@nxp.com>
On Fri, 2021-09-03 at 12:33 +0530, Gaurav Jain wrote:
> added api and descriptor for blob key encryption key(bkek)
> generation.
> added api for random number generation.
>
> Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
> Signed-off-by: Ji Luo <ji.luo@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Best regards,
Ye Li
> ---
> drivers/crypto/fsl/desc.h | 5 +++
> drivers/crypto/fsl/fsl_blob.c | 82
> +++++++++++++++++++++++++++++++++++
> drivers/crypto/fsl/jobdesc.c | 20 +++++++--
> drivers/crypto/fsl/jobdesc.h | 4 ++
> 4 files changed, 108 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h
> index 5705c4f944..5958ebd3ac 100644
> --- a/drivers/crypto/fsl/desc.h
> +++ b/drivers/crypto/fsl/desc.h
> @@ -4,6 +4,7 @@
> * Definitions to support CAAM descriptor instruction generation
> *
> * Copyright 2008-2014 Freescale Semiconductor, Inc.
> + * Copyright 2021 NXP
> *
> * Based on desc.h file in linux drivers/crypto/caam
> */
> @@ -15,6 +16,7 @@
>
> #define KEY_BLOB_SIZE 32
> #define MAC_SIZE 16
> +#define BKEK_SIZE 32
>
> /* Max size of any CAAM descriptor in 32-bit words, inclusive of
> header */
> #define MAX_CAAM_DESCSIZE 64
> @@ -463,6 +465,9 @@
> #define OP_PROTINFO_HASH_SHA384 0x00000200
> #define OP_PROTINFO_HASH_SHA512 0x00000280
>
> +/* PROTINFO fields for Blob Operations */
> +#define OP_PROTINFO_MKVB 0x00000002
> +
> /* For non-protocol/alg-only op commands */
> #define OP_ALG_TYPE_SHIFT 24
> #define OP_ALG_TYPE_MASK (0x7 << OP_ALG_TYPE_SHIFT)
> diff --git a/drivers/crypto/fsl/fsl_blob.c
> b/drivers/crypto/fsl/fsl_blob.c
> index e8202cc569..e8bc009daf 100644
> --- a/drivers/crypto/fsl/fsl_blob.c
> +++ b/drivers/crypto/fsl/fsl_blob.c
> @@ -1,6 +1,7 @@
> // SPDX-License-Identifier: GPL-2.0+
> /*
> * Copyright 2014 Freescale Semiconductor, Inc.
> + * Copyright 2021 NXP
> *
> */
>
> @@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst,
> u32 len)
> return ret;
> }
>
> +int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
> +{
> + int ret, size;
> + u32 *desc;
> +
> + if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||
> + !IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {
> + puts("Error: derive_bkek: Address arguments are not
> aligned!\n");
> + return -EINVAL;
> + }
> +
> + printf("\nBlob key encryption key(bkek)\n");
> + desc = malloc_cache_aligned(sizeof(int) *
> MAX_CAAM_DESCSIZE);
> + if (!desc) {
> + printf("Not enough memory for descriptor
> allocation\n");
> + return -ENOMEM;
> + }
> +
> + size = ALIGN(key_sz, ARCH_DMA_MINALIGN);
> + flush_dcache_range((unsigned long)key_mod, (unsigned
> long)key_mod + size);
> +
> + /* construct blob key encryption key(bkek) derive descriptor
> */
> + inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod,
> key_sz);
> +
> + size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
> ARCH_DMA_MINALIGN);
> + flush_dcache_range((unsigned long)desc, (unsigned long)desc
> + size);
> + size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);
> + invalidate_dcache_range((unsigned long)bkek_buf,
> + (unsigned long)bkek_buf + size);
> +
> + /* run descriptor */
> + ret = run_descriptor_jr(desc);
> + if (ret < 0) {
> + printf("Error: %s failed 0x%x\n", __func__, ret);
> + } else {
> + invalidate_dcache_range((unsigned long)bkek_buf,
> + (unsigned long)bkek_buf +
> size);
> + puts("derive bkek successful.\n");
> + }
> +
> + free(desc);
> + return ret;
> +}
> +
> +int hwrng_generate(u8 *dst, u32 len)
> +{
> + int ret, size;
> + u32 *desc;
> +
> + if (!IS_ALIGNED((uintptr_t)dst, ARCH_DMA_MINALIGN)) {
> + puts("Error: caam_hwrng_test: Address arguments are
> not aligned!\n");
> + return -EINVAL;
> + }
> +
> + printf("\nRNG generate\n");
> + desc = malloc_cache_aligned(sizeof(int) *
> MAX_CAAM_DESCSIZE);
> + if (!desc) {
> + printf("Not enough memory for descriptor
> allocation\n");
> + return -ENOMEM;
> + }
> +
> + inline_cnstr_jobdesc_rng(desc, dst, len);
> +
> + size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
> ARCH_DMA_MINALIGN);
> + flush_dcache_range((unsigned long)desc, (unsigned long)desc
> + size);
> + size = ALIGN(len, ARCH_DMA_MINALIGN);
> + invalidate_dcache_range((unsigned long)dst, (unsigned
> long)dst + size);
> +
> + ret = run_descriptor_jr(desc);
> + if (ret < 0) {
> + printf("Error: RNG generate failed 0x%x\n", ret);
> + } else {
> + invalidate_dcache_range((unsigned long)dst,
> + (unsigned long)dst + size);
> + puts("RNG generation successful.\n");
> + }
> +
> + free(desc);
> + return ret;
> +}
> +
> #ifdef CONFIG_CMD_DEKBLOB
> int blob_dek(const u8 *src, u8 *dst, u8 len)
> {
> diff --git a/drivers/crypto/fsl/jobdesc.c
> b/drivers/crypto/fsl/jobdesc.c
> index c350b32856..d58937c284 100644
> --- a/drivers/crypto/fsl/jobdesc.c
> +++ b/drivers/crypto/fsl/jobdesc.c
> @@ -4,7 +4,7 @@
> * Basic job descriptor construction
> *
> * Copyright 2014 Freescale Semiconductor, Inc.
> - * Copyright 2018 NXP
> + * Copyright 2018, 2021 NXP
> *
> */
>
> @@ -207,7 +207,7 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc,
> append_store(desc, dma_addr_out, storelen,
> LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT);
> }
> -#ifndef CONFIG_SPL_BUILD
> +
> void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t
> *key_idnfr,
> uint8_t *plain_txt, uint8_t
> *enc_blob,
> uint32_t in_sz)
> @@ -255,7 +255,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t
> *desc, uint8_t *key_idnfr,
>
> append_operation(desc, OP_TYPE_DECAP_PROTOCOL |
> OP_PCLID_BLOB);
> }
> -#endif
> +
> /*
> * Descriptor to instantiate RNG State Handle 0 in normal mode and
> * load the JDKEK, TDKEK and TDSK registers
> @@ -334,3 +334,17 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t
> *desc,
> append_fifo_store(desc, dma_addr_out, out_siz,
> LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B);
> }
> +
> +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void
> *bkek_out,
> + void *key_mod, uint32_t
> key_sz)
> +{
> + dma_addr_t dma_key_mod = virt_to_phys(key_mod);
> + dma_addr_t dma_bkek_out = virt_to_phys(bkek_out);
> +
> + init_job_desc(desc, 0);
> + append_load(desc, dma_key_mod, key_sz, LDST_CLASS_2_C
> CB |
> + LDST_SRCDST_BYTE_KEY
> );
> + append_seq_out_ptr_intlen(desc, dma_bkek_out, BKEK_SIZE, 0);
> + append_operation(desc, OP_TYPE_ENCAP_PROTOCOL |
> OP_PCLID_BLOB |
> + OP_PROTINFO_
> MKVB);
> +}
> diff --git a/drivers/crypto/fsl/jobdesc.h
> b/drivers/crypto/fsl/jobdesc.h
> index c4501abd26..a720d68e82 100644
> --- a/drivers/crypto/fsl/jobdesc.h
> +++ b/drivers/crypto/fsl/jobdesc.h
> @@ -1,6 +1,7 @@
> /* SPDX-License-Identifier: GPL-2.0+ */
> /*
> * Copyright 2014 Freescale Semiconductor, Inc.
> + * Copyright 2021 NXP
> *
> */
>
> @@ -49,4 +50,7 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t
> *desc,
> struct pk_in_params *pkin,
> uint8_t *out,
> uint32_t out_siz);
>
> +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void
> *bkek_out,
> + void *key_mod, uint32_t
> key_sz);
> +
> #endif
next prev parent reply other threads:[~2021-09-10 9:46 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-03 7:03 [PATCH v2 00/15] Add CAAM driver model support Gaurav Jain
2021-09-03 7:03 ` [PATCH v2 01/15] crypto/fsl: Add support for CAAM Job ring driver model Gaurav Jain
2021-09-10 10:01 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 02/15] crypto/fsl: Add CAAM support for bkek, random number generation Gaurav Jain
2021-09-10 9:46 ` Ye Li [this message]
2021-09-03 7:03 ` [PATCH v2 03/15] i.MX8M: crypto: updated device tree for supporting DM in SPL Gaurav Jain
2021-09-10 9:03 ` Ye Li
2021-09-10 14:46 ` Tim Harvey
2021-09-13 4:55 ` [EXT] " Gaurav Jain
2021-09-23 22:40 ` Tim Harvey
2021-09-28 5:20 ` Gaurav Jain
2021-09-03 7:03 ` [PATCH v2 04/15] crypto/fsl: i.MX8M: Enable Job ring driver model in SPL and U-Boot Gaurav Jain
2021-09-10 9:04 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 05/15] i.MX6: Enable Job ring driver model in U-Boot Gaurav Jain
2021-09-10 9:20 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 06/15] i.MX7: " Gaurav Jain
2021-09-10 9:36 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 07/15] i.MX7ULP: " Gaurav Jain
2021-09-10 9:36 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 08/15] i.MX8: Add crypto node in device tree Gaurav Jain
2021-09-10 9:39 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 09/15] crypto/fsl: i.MX8: Enable Job ring driver model in SPL and U-Boot Gaurav Jain
2021-09-10 9:43 ` Ye Li
2021-09-03 7:03 ` [PATCH v2 10/15] crypto/fsl: Fix kick_trng Gaurav Jain
2021-09-03 7:03 ` [PATCH v2 11/15] Layerscape: Add crypto node in device tree Gaurav Jain
2021-09-13 7:08 ` Priyanka Jain (OSS)
2021-09-03 7:03 ` [PATCH v2 12/15] Layerscape: Enable Job ring driver model in U-Boot Gaurav Jain
2021-09-13 7:10 ` Priyanka Jain (OSS)
2021-09-03 7:03 ` [PATCH v2 13/15] PPC: Add crypto node in device tree Gaurav Jain
2021-09-13 7:10 ` Priyanka Jain (OSS)
2021-09-03 7:03 ` [PATCH v2 14/15] PPC: Enable Job ring driver model in U-Boot Gaurav Jain
2021-09-13 7:13 ` Priyanka Jain (OSS)
2021-09-03 7:03 ` [PATCH v2 15/15] update CAAM MAINTAINER Gaurav Jain
2021-09-23 23:01 ` [PATCH v2 00/15] Add CAAM driver model support Tim Harvey
2021-09-28 5:39 ` [EXT] " Gaurav Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1631267172.43076.56.camel@nxp.com \
--to=ye.li@nxp.com \
--cc=V.Sethi@nxp.com \
--cc=adrian.alonso@nxp.com \
--cc=alison.wang@nxp.com \
--cc=andy.tang@nxp.com \
--cc=festevam@gmail.com \
--cc=franck.lenormand@nxp.com \
--cc=gaurav.jain@nxp.com \
--cc=horia.geanta@nxp.com \
--cc=ji.luo@nxp.com \
--cc=meenakshi.aggarwal@nxp.com \
--cc=mingkai.hu@nxp.com \
--cc=olteanv@gmail.com \
--cc=pankaj.gupta@nxp.com \
--cc=peng.fan@nxp.com \
--cc=pramod.kumar_1@nxp.com \
--cc=priyanka.jain@nxp.com \
--cc=rajesh.bhagat@nxp.com \
--cc=sahil.malhotra@nxp.com \
--cc=sbabic@denx.de \
--cc=shengzhou.liu@nxp.com \
--cc=silvano.dininno@nxp.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=uboot-imx@nxp.com \
--cc=wasim.khan@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox