1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
From df1b397d7c5e79052fa56d1b256ededcd301a27a Mon Sep 17 00:00:00 2001
From: Franck LENORMAND <franck.lenormand@nxp.com>
Date: Fri, 5 Oct 2018 16:41:54 +0200
Subject: [PATCH] MLK-19801-2 crypto: caam - add support of tagged keys in
caamalg
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
A tagged key is a key which has been tagged with metadata
using tag_object.h API.
We add the support for these keys to caamalg.
For each algo of caamalg which supports tagged keys , it is done by:
- Creating a modified version of the algo
- Registering the modified version
- When the modified transform is used, it gets
the load parameter of the key.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
(cherry picked from commit 88dee97d985890dbf37cafa7934c476d0ecfd0b3)
(Vipul: Fixed merge conflicts)
Conflicts:
drivers/crypto/caam/caamalg.c
Signed-off-by: Vipul Kumar <vipul_kumar@mentor.com>
(cherry picked from commit 5adebac40a7a8065c074f4a69f4ad760c67233f5)
-port from ablkcipher to current skcipher implementation
-since in linux-imx true key_inline was always true: a. simplify
the descriptors and b. use key_cmd_opt to differentiate b/w tk and non-tk
cases
-change commit headline prefix
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
---
drivers/crypto/caam/Makefile | 3 +-
drivers/crypto/caam/caamalg.c | 91 +++++++++++++++++++++++++++++++++++++-
drivers/crypto/caam/caamalg_desc.c | 20 +++++++--
drivers/crypto/caam/desc_constr.h | 4 ++
drivers/crypto/caam/tag_object.c | 6 +--
drivers/crypto/caam/tag_object.h | 6 +--
6 files changed, 118 insertions(+), 12 deletions(-)
--- a/drivers/crypto/caam/Makefile
+++ b/drivers/crypto/caam/Makefile
@@ -15,6 +15,7 @@ obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_
obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API_DESC) += caamhash_desc.o
caam-y := ctrl.o
+caam-$(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) += tag_object.o
caam_jr-y := jr.o key_gen.o
caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API) += caamalg.o
caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI) += caamalg_qi.o
@@ -24,7 +25,7 @@ caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_PKC
caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM) += sm_store.o
caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM_TEST) += sm_test.o
caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SECVIO) += secvio.o
-caam-jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) += tag_object.o
+#caam-jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) += tag_object.o
caam-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI) += qi.o
ifneq ($(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI),)
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -57,6 +57,10 @@
#include "key_gen.h"
#include "caamalg_desc.h"
+#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API
+#include "tag_object.h"
+#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */
+
/*
* crypto alg
*/
@@ -83,6 +87,7 @@ struct caam_alg_entry {
bool rfc3686;
bool geniv;
bool nodkp;
+ bool support_tagged_key;
};
struct caam_aead_alg {
@@ -739,6 +744,44 @@ static int skcipher_setkey(struct crypto
ctx->cdata.key_virt = key;
ctx->cdata.key_inline = true;
+#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API
+ /*
+ * Check if the key is not in plaintext format
+ */
+ if (alg->caam.support_tagged_key) {
+ struct tag_object_conf *tagged_key_conf;
+ int ret;
+
+ /* Get the configuration */
+ ret = get_tag_object_conf(ctx->cdata.key_virt,
+ ctx->cdata.keylen, &tagged_key_conf);
+ if (ret) {
+ dev_err(jrdev,
+ "caam algorithms can't process tagged key\n");
+ return ret;
+ }
+
+ /* Only support black key */
+ if (!is_bk_conf(tagged_key_conf)) {
+ dev_err(jrdev,
+ "The tagged key provided is not a black key\n");
+ return -EINVAL;
+ }
+
+ get_blackey_conf(&tagged_key_conf->conf.bk_conf,
+ &ctx->cdata.key_real_len,
+ &ctx->cdata.key_cmd_opt);
+
+ ret = get_tagged_data(ctx->cdata.key_virt, ctx->cdata.keylen,
+ &ctx->cdata.key_virt, &ctx->cdata.keylen);
+ if (ret) {
+ dev_err(jrdev,
+ "caam algorithms wrong data from tagged key\n");
+ return ret;
+ }
+ }
+#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */
+
/* skcipher_encrypt shared descriptor */
desc = ctx->sh_desc_enc;
cnstr_shdsc_skcipher_encap(desc, &ctx->cdata, ivsize, is_rfc3686,
@@ -818,6 +861,14 @@ static int ctr_skcipher_setkey(struct cr
return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
}
+#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API
+static int tk_skcipher_setkey(struct crypto_skcipher *skcipher,
+ const u8 *key, unsigned int keylen)
+{
+ return skcipher_setkey(skcipher, key, keylen, 0);
+}
+#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */
+
static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
const u8 *key, unsigned int keylen)
{
@@ -1918,6 +1969,25 @@ static struct caam_skcipher_alg driver_a
},
.caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
},
+#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API
+ {
+ .skcipher = {
+ .base = {
+ .cra_name = "tk(cbc(aes))",
+ .cra_driver_name = "tk-cbc-aes-caam",
+ .cra_blocksize = AES_BLOCK_SIZE,
+ },
+ .setkey = tk_skcipher_setkey,
+ .encrypt = skcipher_encrypt,
+ .decrypt = skcipher_decrypt,
+ .min_keysize = TAG_MIN_SIZE,
+ .max_keysize = CAAM_MAX_KEY_SIZE,
+ .ivsize = AES_BLOCK_SIZE,
+ },
+ .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
+ .caam.support_tagged_key = true,
+ },
+#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */
{
.skcipher = {
.base = {
@@ -2037,6 +2107,24 @@ static struct caam_skcipher_alg driver_a
},
.caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_ECB,
},
+#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API
+ {
+ .skcipher = {
+ .base = {
+ .cra_name = "tk(ecb(aes))",
+ .cra_driver_name = "tk-ecb-aes-caam",
+ .cra_blocksize = AES_BLOCK_SIZE,
+ },
+ .setkey = tk_skcipher_setkey,
+ .encrypt = skcipher_encrypt,
+ .decrypt = skcipher_decrypt,
+ .min_keysize = TAG_MIN_SIZE,
+ .max_keysize = CAAM_MAX_KEY_SIZE,
+ },
+ .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_ECB,
+ .caam.support_tagged_key = true,
+ },
+#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */
{
.skcipher = {
.base = {
@@ -3486,7 +3574,8 @@ static void caam_skcipher_alg_init(struc
struct skcipher_alg *alg = &t_alg->skcipher;
alg->base.cra_module = THIS_MODULE;
- alg->base.cra_priority = CAAM_CRA_PRIORITY;
+ alg->base.cra_priority =
+ t_alg->caam.support_tagged_key ? 1 : CAAM_CRA_PRIORITY;
alg->base.cra_ctxsize = sizeof(struct caam_ctx);
alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
--- a/drivers/crypto/caam/caamalg_desc.c
+++ b/drivers/crypto/caam/caamalg_desc.c
@@ -1389,8 +1389,14 @@ void cnstr_shdsc_skcipher_encap(u32 * co
JUMP_COND_SHRD);
/* Load class1 key only */
- append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
- cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG);
+ if (IS_ENABLED(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) &&
+ cdata->key_cmd_opt)
+ append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
+ cdata->key_real_len, CLASS_1 |
+ KEY_DEST_CLASS_REG | cdata->key_cmd_opt);
+ else
+ append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
+ cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG);
/* Load nonce into CONTEXT1 reg */
if (is_rfc3686) {
@@ -1464,8 +1470,14 @@ void cnstr_shdsc_skcipher_decap(u32 * co
JUMP_COND_SHRD);
/* Load class1 key only */
- append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
- cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG);
+ if (IS_ENABLED(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) &&
+ cdata->key_cmd_opt)
+ append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
+ cdata->key_real_len, CLASS_1 |
+ KEY_DEST_CLASS_REG | cdata->key_cmd_opt);
+ else
+ append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
+ cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG);
/* Load nonce into CONTEXT1 reg */
if (is_rfc3686) {
--- a/drivers/crypto/caam/desc_constr.h
+++ b/drivers/crypto/caam/desc_constr.h
@@ -500,6 +500,8 @@ do { \
* @key_virt: virtual address where algorithm key resides
* @key_inline: true - key can be inlined in the descriptor; false - key is
* referenced by the descriptor
+ * @key_real_len: size of the key to be loaded by the CAAM
+ * @key_cmd_opt: optional parameters for KEY command
*/
struct alginfo {
u32 algtype;
@@ -508,6 +510,8 @@ struct alginfo {
dma_addr_t key_dma;
const void *key_virt;
bool key_inline;
+ u32 key_real_len;
+ u32 key_cmd_opt;
};
/**
--- a/drivers/crypto/caam/tag_object.c
+++ b/drivers/crypto/caam/tag_object.c
@@ -128,7 +128,7 @@ EXPORT_SYMBOL(is_valid_tag_object_conf);
*
* Return: 0 if success, else error code
*/
-int get_tag_object_conf(void *buffer, size_t size,
+int get_tag_object_conf(const void *buffer, size_t size,
struct tag_object_conf **tag_obj_conf)
{
bool is_valid;
@@ -240,8 +240,8 @@ EXPORT_SYMBOL(get_blackey_conf);
*
* Return: 0 if success, else error code
*/
-int get_tagged_data(void *tagged_object, size_t tagged_object_size,
- void **data, u32 *data_size)
+int get_tagged_data(const void *tagged_object, size_t tagged_object_size,
+ const void **data, u32 *data_size)
{
struct tagged_object *tago =
(struct tagged_object *)tagged_object;
--- a/drivers/crypto/caam/tag_object.h
+++ b/drivers/crypto/caam/tag_object.h
@@ -80,7 +80,7 @@ bool is_valid_tag_object_conf(const stru
void init_tag_object_header(struct conf_header *conf_header,
enum tag_type type);
-int get_tag_object_conf(void *buffer, size_t buffer_size,
+int get_tag_object_conf(const void *buffer, size_t buffer_size,
struct tag_object_conf **tag_obj_conf);
int set_tag_object_conf(const struct tag_object_conf *tag_obj_conf,
@@ -94,7 +94,7 @@ void get_blackey_conf(const struct black
void init_blackey_conf(struct blackey_conf *blackey_conf,
size_t len, bool ccm, bool tk);
-int get_tagged_data(void *buffer, size_t buffer_size,
- void **data, u32 *data_size);
+int get_tagged_data(const void *buffer, size_t buffer_size,
+ const void **data, u32 *data_size);
#endif /* _TAG_OBJECT_H_ */
|
