From: Pankaj Gupta <pankaj.gupta@nxp.com>
To: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com,
jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com,
sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc,
john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com,
herbert@gondor.apana.org.au, davem@davemloft.net,
j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com,
kshitiz.varshney@nxp.com, horia.geanta@nxp.com,
pankaj.gupta@nxp.com, V.Sethi@nxp.com
Subject: [RFC PATCH HBK: 4/8] keys-trusted: re-factored caam based trusted key
Date: Tue, 6 Sep 2022 12:21:53 +0530 [thread overview]
Message-ID: <20220906065157.10662-5-pankaj.gupta@nxp.com> (raw)
In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com>
Re-factored caam based trusted key code:
- Two separate definition for encap and decap having
separate code for creating CAAM job descriptor.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
---
drivers/crypto/caam/blob_gen.c | 122 +++++++++++++++++++++++++++++----
include/soc/fsl/caam-blob.h | 28 +++-----
2 files changed, 118 insertions(+), 32 deletions(-)
diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c
index 6345c7269eb0..c128a83cc8dd 100644
--- a/drivers/crypto/caam/blob_gen.c
+++ b/drivers/crypto/caam/blob_gen.c
@@ -2,6 +2,7 @@
/*
* Copyright (C) 2015 Pengutronix, Steffen Trumtrar <kernel@pengutronix.de>
* Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
+ * Copyright 2022 NXP, Pankaj Gupta <pankaj.gupta@nxp.com>
*/
#define pr_fmt(fmt) "caam blob_gen: " fmt
@@ -29,10 +30,6 @@
/* Command describing the operation to perform */ \
CAAM_CMD_SZ)
-struct caam_blob_priv {
- struct device jrdev;
-};
-
struct caam_blob_job_result {
int err;
struct completion completion;
@@ -58,8 +55,19 @@ static void caam_blob_job_done(struct device *dev, u32 *desc, u32 err, void *con
complete(&res->completion);
}
-int caam_process_blob(struct caam_blob_priv *priv,
- struct caam_blob_info *info, bool encap)
+
+
+/** caam_encap_blob - encapsulate blob
+ *
+ * @priv: instance returned by caam_blob_gen_init
+ * @info: pointer to blobbing info describing input key,
+ * output blob and key modifier buffers.
+ *
+ * returns 0 and sets info->output_len on success and returns
+ * a negative error code otherwise.
+ */
+int caam_encap_blob(struct caam_blob_priv *priv,
+ struct caam_blob_info *info)
{
struct caam_blob_job_result testres;
struct device *jrdev = &priv->jrdev;
@@ -72,14 +80,102 @@ int caam_process_blob(struct caam_blob_priv *priv,
if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH)
return -EINVAL;
- if (encap) {
- op |= OP_TYPE_ENCAP_PROTOCOL;
- output_len = info->input_len + CAAM_BLOB_OVERHEAD;
- } else {
- op |= OP_TYPE_DECAP_PROTOCOL;
- output_len = info->input_len - CAAM_BLOB_OVERHEAD;
+ op |= OP_TYPE_ENCAP_PROTOCOL;
+ output_len = info->input_len + CAAM_BLOB_OVERHEAD;
+
+ desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA);
+ if (!desc)
+ return -ENOMEM;
+
+ dma_in = dma_map_single(jrdev, info->input, info->input_len,
+ DMA_TO_DEVICE);
+ if (dma_mapping_error(jrdev, dma_in)) {
+ dev_err(jrdev, "unable to map input DMA buffer\n");
+ ret = -ENOMEM;
+ goto out_free;
+ }
+
+ dma_out = dma_map_single(jrdev, info->output, output_len,
+ DMA_FROM_DEVICE);
+ if (dma_mapping_error(jrdev, dma_out)) {
+ dev_err(jrdev, "unable to map output DMA buffer\n");
+ ret = -ENOMEM;
+ goto out_unmap_in;
+ }
+
+ /*
+ * A data blob is encrypted using a blob key (BK); a random number.
+ * The BK is used as an AES-CCM key. The initial block (B0) and the
+ * initial counter (Ctr0) are generated automatically and stored in
+ * Class 1 Context DWords 0+1+2+3. The random BK is stored in the
+ * Class 1 Key Register. Operation Mode is set to AES-CCM.
+ */
+
+ init_job_desc(desc, 0);
+ append_key_as_imm(desc, info->key_mod, info->key_mod_len,
+ info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG);
+ append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0);
+ append_seq_out_ptr_intlen(desc, dma_out, output_len, 0);
+ append_operation(desc, op);
+
+ print_hex_dump_debug("data@"__stringify(__LINE__)": ",
+ DUMP_PREFIX_ADDRESS, 16, 1, info->input,
+ info->input_len, false);
+ print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ",
+ DUMP_PREFIX_ADDRESS, 16, 1, desc,
+ desc_bytes(desc), false);
+
+ testres.err = 0;
+ init_completion(&testres.completion);
+
+ ret = caam_jr_enqueue(jrdev, desc, caam_blob_job_done, &testres);
+ if (ret == -EINPROGRESS) {
+ wait_for_completion(&testres.completion);
+ ret = testres.err;
+ print_hex_dump_debug("output@"__stringify(__LINE__)": ",
+ DUMP_PREFIX_ADDRESS, 16, 1, info->output,
+ output_len, false);
}
+ if (ret == 0)
+ info->output_len = output_len;
+
+ dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE);
+out_unmap_in:
+ dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE);
+out_free:
+ kfree(desc);
+
+ return ret;
+}
+EXPORT_SYMBOL(caam_encap_blob);
+
+/** caam_decap_blob - decapsulate blob
+ *
+ * @priv: instance returned by caam_blob_gen_init
+ * @info: pointer to blobbing info describing output key,
+ * input blob and key modifier buffers.
+ *
+ * returns 0 and sets info->output_len on success and returns
+ * a negative error code otherwise.
+ */
+int caam_decap_blob(struct caam_blob_priv *priv,
+ struct caam_blob_info *info)
+{
+ struct caam_blob_job_result testres;
+ struct device *jrdev = &priv->jrdev;
+ dma_addr_t dma_in, dma_out;
+ int op = OP_PCLID_BLOB;
+ size_t output_len;
+ u32 *desc;
+ int ret;
+
+ if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH)
+ return -EINVAL;
+
+ op |= OP_TYPE_DECAP_PROTOCOL;
+ output_len = info->input_len - CAAM_BLOB_OVERHEAD;
+
desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA);
if (!desc)
return -ENOMEM;
@@ -145,7 +241,7 @@ int caam_process_blob(struct caam_blob_priv *priv,
return ret;
}
-EXPORT_SYMBOL(caam_process_blob);
+EXPORT_SYMBOL(caam_decap_blob);
struct caam_blob_priv *caam_blob_gen_init(void)
{
diff --git a/include/soc/fsl/caam-blob.h b/include/soc/fsl/caam-blob.h
index 937cac52f36d..632944df29f7 100644
--- a/include/soc/fsl/caam-blob.h
+++ b/include/soc/fsl/caam-blob.h
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: GPL-2.0-only */
/*
* Copyright (C) 2020 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
+ * Copyright 2022 NXP, Pankaj Gupta <pankaj.gupta@nxp.com>
*/
#ifndef __CAAM_BLOB_GEN
@@ -13,7 +14,10 @@
#define CAAM_BLOB_OVERHEAD (32 + 16)
#define CAAM_BLOB_MAX_LEN 4096
-struct caam_blob_priv;
+struct caam_blob_priv {
+ struct device jrdev;
+};
+
/**
* struct caam_blob_info - information for CAAM blobbing
@@ -72,15 +76,8 @@ int caam_process_blob(struct caam_blob_priv *priv,
* Return: %0 and sets ``info->output_len`` on success and
* a negative error code otherwise.
*/
-static inline int caam_encap_blob(struct caam_blob_priv *priv,
- struct caam_blob_info *info)
-{
- if (info->output_len < info->input_len + CAAM_BLOB_OVERHEAD)
- return -EINVAL;
-
- return caam_process_blob(priv, info, true);
-}
-
+int caam_encap_blob(struct caam_blob_priv *priv,
+ struct caam_blob_info *info);
/**
* caam_decap_blob - decapsulate blob
* @priv: instance returned by caam_blob_gen_init()
@@ -90,14 +87,7 @@ static inline int caam_encap_blob(struct caam_blob_priv *priv,
* Return: %0 and sets ``info->output_len`` on success and
* a negative error code otherwise.
*/
-static inline int caam_decap_blob(struct caam_blob_priv *priv,
- struct caam_blob_info *info)
-{
- if (info->input_len < CAAM_BLOB_OVERHEAD ||
- info->output_len < info->input_len - CAAM_BLOB_OVERHEAD)
- return -EINVAL;
-
- return caam_process_blob(priv, info, false);
-}
+int caam_decap_blob(struct caam_blob_priv *priv,
+ struct caam_blob_info *info);
#endif
--
2.17.1
next prev parent reply other threads:[~2022-09-06 5:51 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-06 6:51 [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option added Pankaj Gupta
2022-09-06 13:01 ` Ben Boeckel
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to the tfm Pankaj Gupta
2022-09-06 6:43 ` Herbert Xu
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-07 7:26 ` Herbert Xu
2022-09-07 9:58 ` Pankaj Gupta
2022-09-07 10:10 ` Herbert Xu
2022-09-12 17:19 ` Varun Sethi
2022-09-13 2:05 ` Herbert Xu
2022-09-13 10:01 ` Varun Sethi
2022-09-13 10:28 ` Herbert Xu
2022-09-21 11:07 ` Varun Sethi
2022-09-06 6:51 ` [RFC PATCH HBK: 3/8] sk_cipher: checking for hw bound operation Pankaj Gupta
2022-09-06 6:51 ` Pankaj Gupta [this message]
2022-09-06 6:51 ` [RFC PATCH HBK: 5/8] caam blob-gen: moving blob_priv to caam_drv_private Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 6/8] KEYS: trusted: caam based black key Pankaj Gupta
2022-09-06 13:03 ` Ben Boeckel
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 7/8] caam alg: symmetric key ciphers are updated Pankaj Gupta
2022-09-06 6:51 ` [RFC PATCH HBK: 8/8] dm-crypt: consumer-app setting the flag-is_hbk Pankaj Gupta
2022-09-06 7:12 ` [RFC PATCH HBK: 0/8] HW BOUND KEY as TRUSTED KEY Michael Walle
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-07 7:29 ` Michael Walle
2022-09-07 7:46 ` [EXT] " David Gstir
2022-09-07 8:11 ` Michael Walle
2022-09-07 9:57 ` Pankaj Gupta
2022-09-06 8:58 ` Jarkko Sakkinen
2022-09-07 7:22 ` [EXT] " Pankaj Gupta
2022-09-07 8:10 ` Jan Lübbe
2022-09-07 9:57 ` Pankaj Gupta
-- strict thread matches above, loose matches on Subject: below --
2022-09-05 14:36 Pankaj Gupta
2022-09-05 14:36 ` [RFC PATCH HBK: 4/8] keys-trusted: re-factored caam based trusted key Pankaj Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220906065157.10662-5-pankaj.gupta@nxp.com \
--to=pankaj.gupta@nxp.com \
--cc=Jason@zx2c4.com \
--cc=V.Sethi@nxp.com \
--cc=a.fatoum@pengutronix.de \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=john.ernberg@actia.se \
--cc=keyrings@vger.kernel.org \
--cc=kshitiz.varshney@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=michael@walle.cc \
--cc=richard@nod.at \
--cc=sahil.malhotra@nxp.com \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).