]>
Commit | Line | Data |
---|---|---|
b9eebfad RG |
1 | /* |
2 | * SEC Descriptor Construction Library | |
3 | * Basic job descriptor construction | |
4 | * | |
5 | * Copyright 2014 Freescale Semiconductor, Inc. | |
6 | * | |
7 | * SPDX-License-Identifier: GPL-2.0+ | |
8 | * | |
9 | */ | |
10 | ||
11 | #include <common.h> | |
0200020b | 12 | #include <fsl_sec.h> |
b9eebfad RG |
13 | #include "desc_constr.h" |
14 | #include "jobdesc.h" | |
34276478 | 15 | #include "rsa_caam.h" |
b9eebfad | 16 | |
0200020b RC |
17 | #ifdef CONFIG_MX6 |
18 | /*! | |
19 | * Secure memory run command | |
20 | * | |
21 | * @param sec_mem_cmd Secure memory command register | |
22 | * @return cmd_status Secure memory command status register | |
23 | */ | |
24 | uint32_t secmem_set_cmd(uint32_t sec_mem_cmd) | |
25 | { | |
26 | uint32_t temp_reg; | |
27 | ||
28 | sec_out32(CAAM_SMCJR0, sec_mem_cmd); | |
29 | ||
30 | do { | |
31 | temp_reg = sec_in32(CAAM_SMCSJR0); | |
32 | } while (temp_reg & CMD_COMPLETE); | |
33 | ||
34 | return temp_reg; | |
35 | } | |
36 | ||
37 | /*! | |
38 | * CAAM page allocation: | |
39 | * Allocates a partition from secure memory, with the id | |
40 | * equal to partion_num. This will de-allocate the page | |
41 | * if it is already allocated. The partition will have | |
42 | * full access permissions. The permissions are set before, | |
43 | * running a job descriptor. A memory page of secure RAM | |
44 | * is allocated for the partition. | |
45 | * | |
46 | * @param page Number of the page to allocate. | |
47 | * @param partition Number of the partition to allocate. | |
48 | * @return 0 on success, ERROR_IN_PAGE_ALLOC otherwise | |
49 | */ | |
50 | int caam_page_alloc(uint8_t page_num, uint8_t partition_num) | |
51 | { | |
52 | uint32_t temp_reg; | |
53 | ||
54 | /* | |
55 | * De-Allocate partition_num if already allocated to ARM core | |
56 | */ | |
57 | if (sec_in32(CAAM_SMPO_0) & PARTITION_OWNER(partition_num)) { | |
58 | temp_reg = secmem_set_cmd(PARTITION(partition_num) | | |
59 | CMD_PART_DEALLOC); | |
60 | if (temp_reg & SMCSJR_AERR) { | |
61 | printf("Error: De-allocation status 0x%X\n", temp_reg); | |
62 | return ERROR_IN_PAGE_ALLOC; | |
63 | } | |
64 | } | |
65 | ||
66 | /* set the access rights to allow full access */ | |
67 | sec_out32(CAAM_SMAG1JR0(partition_num), 0xF); | |
68 | sec_out32(CAAM_SMAG2JR0(partition_num), 0xF); | |
69 | sec_out32(CAAM_SMAPJR0(partition_num), 0xFF); | |
70 | ||
71 | /* Now need to allocate partition_num of secure RAM. */ | |
72 | /* De-Allocate page_num by starting with a page inquiry command */ | |
73 | temp_reg = secmem_set_cmd(PAGE(page_num) | CMD_INQUIRY); | |
74 | ||
75 | /* if the page is owned, de-allocate it */ | |
76 | if ((temp_reg & SMCSJR_PO) == PAGE_OWNED) { | |
77 | temp_reg = secmem_set_cmd(PAGE(page_num) | CMD_PAGE_DEALLOC); | |
78 | if (temp_reg & SMCSJR_AERR) { | |
79 | printf("Error: Allocation status 0x%X\n", temp_reg); | |
80 | return ERROR_IN_PAGE_ALLOC; | |
81 | } | |
82 | } | |
83 | ||
84 | /* Allocate page_num to partition_num */ | |
85 | temp_reg = secmem_set_cmd(PAGE(page_num) | PARTITION(partition_num) | |
86 | | CMD_PAGE_ALLOC); | |
87 | if (temp_reg & SMCSJR_AERR) { | |
88 | printf("Error: Allocation status 0x%X\n", temp_reg); | |
89 | return ERROR_IN_PAGE_ALLOC; | |
90 | } | |
91 | /* page inquiry command to ensure that the page was allocated */ | |
92 | temp_reg = secmem_set_cmd(PAGE(page_num) | CMD_INQUIRY); | |
93 | ||
94 | /* if the page is not owned => problem */ | |
95 | if ((temp_reg & SMCSJR_PO) != PAGE_OWNED) { | |
96 | printf("Allocation of page %d in partition %d failed 0x%X\n", | |
97 | temp_reg, page_num, partition_num); | |
98 | ||
99 | return ERROR_IN_PAGE_ALLOC; | |
100 | } | |
101 | ||
102 | return 0; | |
103 | } | |
104 | ||
105 | int inline_cnstr_jobdesc_blob_dek(uint32_t *desc, const uint8_t *plain_txt, | |
106 | uint8_t *dek_blob, uint32_t in_sz) | |
107 | { | |
108 | uint32_t ret = 0; | |
109 | u32 aad_w1, aad_w2; | |
110 | /* output blob will have 32 bytes key blob in beginning and | |
111 | * 16 byte HMAC identifier at end of data blob */ | |
112 | uint32_t out_sz = in_sz + KEY_BLOB_SIZE + MAC_SIZE; | |
113 | /* Setting HDR for blob */ | |
114 | uint8_t wrapped_key_hdr[8] = {HDR_TAG, 0x00, WRP_HDR_SIZE + out_sz, | |
115 | HDR_PAR, HAB_MOD, HAB_ALG, in_sz, HAB_FLG}; | |
116 | ||
117 | /* initialize the blob array */ | |
118 | memset(dek_blob, 0, out_sz + 8); | |
119 | /* Copy the header into the DEK blob buffer */ | |
120 | memcpy(dek_blob, wrapped_key_hdr, sizeof(wrapped_key_hdr)); | |
121 | ||
122 | /* allocating secure memory */ | |
123 | ret = caam_page_alloc(PAGE_1, PARTITION_1); | |
124 | if (ret) | |
125 | return ret; | |
126 | ||
127 | /* Write DEK to secure memory */ | |
128 | memcpy((uint32_t *)SEC_MEM_PAGE1, (uint32_t *)plain_txt, in_sz); | |
129 | ||
130 | unsigned long start = (unsigned long)SEC_MEM_PAGE1 & | |
131 | ~(ARCH_DMA_MINALIGN - 1); | |
132 | unsigned long end = ALIGN(start + 0x1000, ARCH_DMA_MINALIGN); | |
133 | flush_dcache_range(start, end); | |
134 | ||
135 | /* Now configure the access rights of the partition */ | |
136 | sec_out32(CAAM_SMAG1JR0(PARTITION_1), KS_G1); /* set group 1 */ | |
137 | sec_out32(CAAM_SMAG2JR0(PARTITION_1), 0); /* clear group 2 */ | |
138 | sec_out32(CAAM_SMAPJR0(PARTITION_1), PERM); /* set perm & locks */ | |
139 | ||
140 | /* construct aad for AES */ | |
141 | aad_w1 = (in_sz << OP_ALG_ALGSEL_SHIFT) | KEY_AES_SRC | LD_CCM_MODE; | |
142 | aad_w2 = 0x0; | |
143 | ||
144 | init_job_desc(desc, 0); | |
145 | ||
146 | append_cmd(desc, CMD_LOAD | CLASS_2 | KEY_IMM | KEY_ENC | | |
147 | (0x0c << LDST_OFFSET_SHIFT) | 0x08); | |
148 | ||
149 | append_u32(desc, aad_w1); | |
150 | ||
151 | append_u32(desc, aad_w2); | |
152 | ||
153 | append_cmd_ptr(desc, (dma_addr_t)SEC_MEM_PAGE1, in_sz, CMD_SEQ_IN_PTR); | |
154 | ||
155 | append_cmd_ptr(desc, (dma_addr_t)dek_blob + 8, out_sz, CMD_SEQ_OUT_PTR); | |
156 | ||
157 | append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB | | |
158 | OP_PCLID_SECMEM); | |
159 | ||
160 | return ret; | |
161 | } | |
162 | #endif | |
c5de15cb | 163 | |
b9eebfad RG |
164 | void inline_cnstr_jobdesc_hash(uint32_t *desc, |
165 | const uint8_t *msg, uint32_t msgsz, uint8_t *digest, | |
166 | u32 alg_type, uint32_t alg_size, int sg_tbl) | |
167 | { | |
168 | /* SHA 256 , output is of length 32 words */ | |
169 | uint32_t storelen = alg_size; | |
170 | u32 options; | |
171 | dma_addr_t dma_addr_in, dma_addr_out; | |
172 | ||
173 | dma_addr_in = virt_to_phys((void *)msg); | |
174 | dma_addr_out = virt_to_phys((void *)digest); | |
175 | ||
176 | init_job_desc(desc, 0); | |
177 | append_operation(desc, OP_TYPE_CLASS2_ALG | | |
178 | OP_ALG_AAI_HASH | OP_ALG_AS_INITFINAL | | |
179 | OP_ALG_ENCRYPT | OP_ALG_ICV_OFF | alg_type); | |
180 | ||
181 | options = LDST_CLASS_2_CCB | FIFOLD_TYPE_MSG | FIFOLD_TYPE_LAST2; | |
182 | if (sg_tbl) | |
183 | options |= FIFOLDST_SGF; | |
184 | if (msgsz > 0xffff) { | |
185 | options |= FIFOLDST_EXT; | |
186 | append_fifo_load(desc, dma_addr_in, 0, options); | |
187 | append_cmd(desc, msgsz); | |
188 | } else { | |
189 | append_fifo_load(desc, dma_addr_in, msgsz, options); | |
190 | } | |
191 | ||
192 | append_store(desc, dma_addr_out, storelen, | |
193 | LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT); | |
194 | } | |
c5de15cb RG |
195 | |
196 | void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, | |
197 | uint8_t *plain_txt, uint8_t *enc_blob, | |
198 | uint32_t in_sz) | |
199 | { | |
200 | dma_addr_t dma_addr_key_idnfr, dma_addr_in, dma_addr_out; | |
201 | uint32_t key_sz = KEY_IDNFR_SZ_BYTES; | |
202 | /* output blob will have 32 bytes key blob in beginning and | |
203 | * 16 byte HMAC identifier at end of data blob */ | |
204 | uint32_t out_sz = in_sz + KEY_BLOB_SIZE + MAC_SIZE; | |
205 | ||
206 | dma_addr_key_idnfr = virt_to_phys((void *)key_idnfr); | |
207 | dma_addr_in = virt_to_phys((void *)plain_txt); | |
208 | dma_addr_out = virt_to_phys((void *)enc_blob); | |
209 | ||
210 | init_job_desc(desc, 0); | |
211 | ||
212 | append_key(desc, dma_addr_key_idnfr, key_sz, CLASS_2); | |
213 | ||
214 | append_seq_in_ptr(desc, dma_addr_in, in_sz, 0); | |
215 | ||
216 | append_seq_out_ptr(desc, dma_addr_out, out_sz, 0); | |
217 | ||
218 | append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB); | |
219 | } | |
220 | ||
221 | void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, | |
222 | uint8_t *enc_blob, uint8_t *plain_txt, | |
223 | uint32_t out_sz) | |
224 | { | |
225 | dma_addr_t dma_addr_key_idnfr, dma_addr_in, dma_addr_out; | |
226 | uint32_t key_sz = KEY_IDNFR_SZ_BYTES; | |
227 | uint32_t in_sz = out_sz + KEY_BLOB_SIZE + MAC_SIZE; | |
228 | ||
229 | dma_addr_key_idnfr = virt_to_phys((void *)key_idnfr); | |
230 | dma_addr_in = virt_to_phys((void *)enc_blob); | |
231 | dma_addr_out = virt_to_phys((void *)plain_txt); | |
232 | ||
233 | init_job_desc(desc, 0); | |
234 | ||
235 | append_key(desc, dma_addr_key_idnfr, key_sz, CLASS_2); | |
236 | ||
237 | append_seq_in_ptr(desc, dma_addr_in, in_sz, 0); | |
238 | ||
239 | append_seq_out_ptr(desc, dma_addr_out, out_sz, 0); | |
240 | ||
241 | append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB); | |
242 | } | |
243 | ||
244 | /* | |
245 | * Descriptor to instantiate RNG State Handle 0 in normal mode and | |
246 | * load the JDKEK, TDKEK and TDSK registers | |
247 | */ | |
248 | void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc) | |
249 | { | |
250 | u32 *jump_cmd; | |
251 | ||
252 | init_job_desc(desc, 0); | |
253 | ||
254 | /* INIT RNG in non-test mode */ | |
255 | append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG | | |
256 | OP_ALG_AS_INIT); | |
257 | ||
258 | /* wait for done */ | |
259 | jump_cmd = append_jump(desc, JUMP_CLASS_CLASS1); | |
260 | set_jump_tgt_here(desc, jump_cmd); | |
261 | ||
262 | /* | |
263 | * load 1 to clear written reg: | |
264 | * resets the done interrrupt and returns the RNG to idle. | |
265 | */ | |
266 | append_load_imm_u32(desc, 1, LDST_SRCDST_WORD_CLRW); | |
267 | ||
268 | /* generate secure keys (non-test) */ | |
269 | append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG | | |
270 | OP_ALG_RNG4_SK); | |
271 | } | |
34276478 RG |
272 | |
273 | /* Change key size to bytes form bits in calling function*/ | |
274 | void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc, | |
275 | struct pk_in_params *pkin, uint8_t *out, | |
276 | uint32_t out_siz) | |
277 | { | |
278 | dma_addr_t dma_addr_e, dma_addr_a, dma_addr_n, dma_addr_out; | |
279 | ||
280 | dma_addr_e = virt_to_phys((void *)pkin->e); | |
281 | dma_addr_a = virt_to_phys((void *)pkin->a); | |
282 | dma_addr_n = virt_to_phys((void *)pkin->n); | |
283 | dma_addr_out = virt_to_phys((void *)out); | |
284 | ||
285 | init_job_desc(desc, 0); | |
286 | append_key(desc, dma_addr_e, pkin->e_siz, KEY_DEST_PKHA_E | CLASS_1); | |
287 | ||
288 | append_fifo_load(desc, dma_addr_a, | |
289 | pkin->a_siz, LDST_CLASS_1_CCB | FIFOLD_TYPE_PK_A); | |
290 | ||
291 | append_fifo_load(desc, dma_addr_n, | |
292 | pkin->n_siz, LDST_CLASS_1_CCB | FIFOLD_TYPE_PK_N); | |
293 | ||
294 | append_operation(desc, OP_TYPE_PK | OP_ALG_PK | OP_ALG_PKMODE_MOD_EXPO); | |
295 | ||
296 | append_fifo_store(desc, dma_addr_out, out_siz, | |
297 | LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B); | |
298 | } |