From patchwork Wed Sep 28 10:39:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gaurav Jain X-Patchwork-Id: 1683812 X-Patchwork-Delegate: van.freenix@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=nxp.com header.i=@nxp.com header.a=rsa-sha256 header.s=selector2 header.b=ccK0JQxQ; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MctLN1PVCz1yqH for ; Wed, 28 Sep 2022 20:40:28 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8B63884AC9; Wed, 28 Sep 2022 12:40:23 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=nxp.com header.i=@nxp.com header.b="ccK0JQxQ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 9EBBE80840; Wed, 28 Sep 2022 12:40:21 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2046.outbound.protection.outlook.com [40.107.20.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 009FE84AC9 for ; Wed, 28 Sep 2022 12:40:16 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=gaurav.jain@nxp.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A5bsCeRCLyuzGi4yTPelIxSjqE9aKqiWMLocOJ3Xs50+2l9Qi3Le46NKxKl7M2lYfurMS5mCExoxKCxUVaOOEbmQsq0aUOxWajtVsO3p7rLly6m8zLV08lj47t9fgvJ1zZf/1EQq3RFdV9rztVdu/yLUsoCPmRqUmg2g6Un98E8UNMG7+PbF23P783vgnhJPwq8jmgVNPNJ0D1EGultPSHTGQBVBB1AFjMz0hl/CVgh+OBOcC9NT9s2Gf/QEglqa2w2gVYAER6Ar8b6C0uRVussIn7SA+16Fa1iaO6nowXd8sfwQ+SX/8WJe+v6NMEeMCPH3n6XaC5zqlr+fA9PPIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fWMm8PCsjWrApJb2cKNS18R4r6ldU5Qb45dHsE2ezt0=; b=SI3gxbBmv+7bNdd5N7jH1xvIeYlhBlIUG41R3D7nkVBbcxjVAjquRQ6GrA845mpY5ngXNGKTiI9H0ThO4Vkl8NfjotW1CnVQ5rU9px1Zd+pCIVPlQbu1Hpg+PXN9yc4sh0hbK34aHE+MyoSux89G4RxSYj4o/YVLhZtQu350a1i/1fvPynxzBPOyCk5Bhn8pTD/Lz6D1gwoaZ6CKrl8bVc3+PGMUJGjqtAuUdAOTc3BJ3Brt7jos+HQNPKzqsOZcE/7iSPZt8l15NLul1azt4DRejWre3E6SRcvSSm6CEeVRtdx5YDispeALgh31l6wSk+Hwj5OX6e40Pza1F64sbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fWMm8PCsjWrApJb2cKNS18R4r6ldU5Qb45dHsE2ezt0=; b=ccK0JQxQbAOzN3Z8iFLIg7Ez0yfIO1iie4Aq8teJFrK6F4iL/yuPdfNrNpXN2IUxrwLqgLr86o0YFMD2FeY6I45OpTD9B+CneGZ/a1u30rfcKt42aRxSxVzT/TSy3f9PP2RFthvoRq7Ix/KYXOBXGoEiVkQ67qLt0rwWTak4XZo= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from VI1PR04MB5342.eurprd04.prod.outlook.com (2603:10a6:803:46::16) by AM7PR04MB7110.eurprd04.prod.outlook.com (2603:10a6:20b:119::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.17; Wed, 28 Sep 2022 10:40:12 +0000 Received: from VI1PR04MB5342.eurprd04.prod.outlook.com ([fe80::7427:80df:bf91:8dd6]) by VI1PR04MB5342.eurprd04.prod.outlook.com ([fe80::7427:80df:bf91:8dd6%6]) with mapi id 15.20.5676.017; Wed, 28 Sep 2022 10:40:12 +0000 From: Gaurav Jain To: u-boot@lists.denx.de, Stefano Babic Cc: Fabio Estevam , Peng Fan , Ye Li , "NXP i . MX U-Boot Team" , Horia Geanta , Varun Sethi , Gaurav Jain Subject: [PATCH v2] crypto/fsl: Add support for black key blob Date: Wed, 28 Sep 2022 16:09:52 +0530 Message-Id: <20220928103952.3873962-1-gaurav.jain@nxp.com> X-Mailer: git-send-email 2.25.1 X-ClientProxiedBy: SGXP274CA0021.SGPP274.PROD.OUTLOOK.COM (2603:1096:4:b8::33) To VI1PR04MB5342.eurprd04.prod.outlook.com (2603:10a6:803:46::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VI1PR04MB5342:EE_|AM7PR04MB7110:EE_ X-MS-Office365-Filtering-Correlation-Id: e22ff672-a7ff-42d3-5894-08daa13dd23d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rU1YDiQoqvtb1EJs7SbhylWyxylMSoTuYSkKbwkT/2r8WQV6OZcD7nch+Ntfs24R4x60akRbB4FFDyknNJx3aFRcMt5dDz2mHdXfKRfdrWwX8YVFFpkiJSj/FNJSFnAaj/RQmJ8BqBp1xfCQqnDsAJtcQL8ITnTPgYD8o/6MF5ElcR39o0ys64wMJ5SJGQDhFD9UH1pcz4eoUu7a4EYVfxd5LaXM0C1eweRvFzcwApSVilltuSFGf9TqwvoNXXQxZ8mUUCma2gD5LZF3swEXrOCwCtZH6cwNRYdCJ6/G6mTCZbCXvGvAtsrSD9WTIr5C8ze1pyQGOu0XoUPixGHdfAZiCm+k1Bnihat+1bDHIAeeVfrRFT8qOWWY7DcYhm5y/eSG+1U0QjqPG8VRCGXULcHSjSL8xxBfvVgpD25PlRsVOt4JnEgs4f+vCZMIMMYomG5Zd0Zjvy7tVw+SS8KIYTbsERpum3ueJoD2YCO1/axa5XAUAJj+KgGJsraZLGWt106efXcW0b6R94t42B8yJb7JnEgHQ7frqZuo6KzU9ElUFwj3pwodRjLD7SrF2aHLB57Y0fzrxxJnw+olmv4vT1iVEhfGHqzTT2lgSn1//puKPqIuQACfDp089BTcUibGt7U/tVY6MJu+CwpMp9LFjkvpbL0mJvAMoHbvlop8ckd1VWv5tjMm0rBjnJ0bXqnc+REDoNHAVPWmUUltNfrRKJ3hV7t9YbtVn4WX7wsy8MYbqfca7EqCJZue0oL/G2VEId2l/mIo9xwGmGGfWabgiw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR04MB5342.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(136003)(376002)(39860400002)(366004)(346002)(451199015)(2906002)(38350700002)(83380400001)(38100700002)(316002)(6506007)(2616005)(6666004)(478600001)(6486002)(6916009)(26005)(54906003)(44832011)(8936002)(86362001)(36756003)(41300700001)(1076003)(186003)(52116002)(5660300002)(6512007)(8676002)(4326008)(66476007)(66946007)(66556008); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Stpxc+AcVUBYMk9+rXzkEoVWpKKYSWhzIfDhwLqP7iJYlZsjl0KgOk8FzRgi3sZiZjo+xRYKgpn9FoVehcC2EBAe1I9w61ulVZb3JZCEpg/21k3F5SP8bWB5j2lQk5J+0x/RzLahHcz2VLqgX8vdW2zWWIBKzin8EC9pfN2FLUzkxwaiQ6LAm4omthkNBmMcdB33H8MlAuewP26NB4XzUBfY2/tD7WQSFVQ3swf7YKwuE84GKpYdHp2qsRUcca6ywgiYa+hMxIxEaGik+aNYZltKeLL2mWizULkVI61enW5EmddKrd1PTf9glwYBdte5KNEhLIqcF0Oh2FH+kF8D3yhgAG3pTnzK7K5vWbcBKSGcbz8ghQ0GjWXTY//SvM+9ijySlGTxMqwglZdCGwfBNXXbzMc31diFiY6gPeFV+gnoBoof4t66YygqKqsfFBXjR0d5jfe4LWltccvw3j29NJS8PAFwKBuInT/aGql1l3qHeemjPLajGlrOoYpD2qcwPSXUnD1IdAuQV+mno5+1RDomFVPzPbWI9vobFCtNNWfTr7HNfEStI4O/yMc85j9rjFnUQUInSW9t3MHP4ecIhJdl6TYHFp7ZTrNNoIanS6QEsNGOxjvu1tTEEO7I8PJaKIZYvYQHxT+BTmYS6LpSlL+yhUst9uRu5PruAZJUZzIt2ixGfnrPpnksQnkHGvYR7e3Bp8YN6VjiYTWYrPIZwAgojFR7DUY3cswnbRjiPJP3tqixAoKC0ZksRIbGUytI0qWiR/M/szWUA6uLK2y30pOeL3TmEnjtvh4eK7Do24Hce9t1vGQX+yb1c74dvvxnM5eGW8FYLorE8sNOyvp+JcUpO89dcCMEA9zdBZUNzZzEwp3PD9zCpbkDR2ImfUJfMxAkQmVsAUES4lvxLidCg6TlxZ2wB/OJKGDzCkHESTYbLDOfo26OPKTkdqv6xgT0dXFaSGPQVp+NWiUIjzc10+8q287YGflGfA3R+3sCX1+3EoXAoC2As0iACPJRZYXIZQqsKXrpKaKdVfusWjMGATUaWFCDZLp8ajpX/+sQ8dSXIpvR9mqO9UiFnQASoXZrmn4voyWaWJAFNcaZwzy8by07rS6xuhfdlkT0vmurzB3vuClX67SVnj7kgYFsirwiUW3BhIt3rS+EVvlQbERhwGx6SdnCR95HzC0qQs5M5TG8+8KRcdrM/t4qr+Fdvp7D9RGmM3veacZKZxbbrzYzH1Av/G+DpifdxU5ZA/4C9qs+xjphxR0lzJmIGetQtNUBQdOdzardiyL9AWghOOFF3yFI5Qz+kJxXL8OgfC1lAGSwqgY/ryJMci7AQANb1mhyPDc/C2WcaiFpaPAuo/fQY8ou+4r8P76NzWkxTC/8jLrnbI3zpg0+4g9LzXjFwAirMJQEtv7hRjoyQFpsCQPPhUYKwXcTrxRLoyopb8D5hUcAF0XLvLBT2gwkZybYIF55EX8A9m3/ZDy9cM6//HnhlJ2voB5StVtSpA8DhjZxPrTlNW8oZTjkvGaQDmeFTMcGBGp8K1nFTv8CiG8H49sm19myBlpKEdwC31Qq5B6r1tSuODYT3/lbUBIPmFM41Wzk X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: e22ff672-a7ff-42d3-5894-08daa13dd23d X-MS-Exchange-CrossTenant-AuthSource: VI1PR04MB5342.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Sep 2022 10:40:12.2408 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Gixf7BP0T1JvksLgAeRbgh3HBMjfBx1ALCQNccSQzNQXvtuY7MFpz3ZxbqutLD6DNVI1A1X5+hF7qnGLoAAAzg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR04MB7110 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean modified caam descriptor to support black key blob. Signed-off-by: Gaurav Jain --- changes in v2: - rebase to latest cmd/blob.c | 12 ++++++++---- drivers/crypto/fsl/desc.h | 1 + drivers/crypto/fsl/fsl_blob.c | 21 +++++++++++++-------- drivers/crypto/fsl/jobdesc.c | 24 +++++++++++++++++++----- drivers/crypto/fsl/jobdesc.h | 8 ++++++-- 5 files changed, 47 insertions(+), 19 deletions(-) diff --git a/cmd/blob.c b/cmd/blob.c index e2efae7a11..5c459b6f19 100644 --- a/cmd/blob.c +++ b/cmd/blob.c @@ -21,10 +21,12 @@ * @src: - Address of data to be decapsulated * @dst: - Address of data to be decapsulated * @len: - Size of data to be decapsulated + * @keycolor - Determines if the source data is covered (black key) or + * plaintext. * * Returns zero on success,and negative on error. */ -__weak int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) +__weak int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len, u8 keycolor) { return 0; } @@ -35,10 +37,12 @@ __weak int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) * @src: - Address of data to be encapsulated * @dst: - Address of data to be encapsulated * @len: - Size of data to be encapsulated + * @keycolor - Determines if the source data is covered (black key) or + * plaintext. * * Returns zero on success,and negative on error. */ -__weak int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) +__weak int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len, u8 keycolor) { return 0; } @@ -91,9 +95,9 @@ static int do_blob(struct cmd_tbl *cmdtp, int flag, int argc, #endif if (enc) - ret = blob_encap(km_ptr, src_ptr, dst_ptr, len); + ret = blob_encap(km_ptr, src_ptr, dst_ptr, len, 0); else - ret = blob_decap(km_ptr, src_ptr, dst_ptr, len); + ret = blob_decap(km_ptr, src_ptr, dst_ptr, len, 0); return ret; } diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h index 5705c4f944..4c148a2fc4 100644 --- a/drivers/crypto/fsl/desc.h +++ b/drivers/crypto/fsl/desc.h @@ -435,6 +435,7 @@ /* Assuming OP_TYPE = OP_TYPE_UNI_PROTOCOL */ #define OP_PCLID_SECMEM 0x08 #define OP_PCLID_BLOB (0x0d << OP_PCLID_SHIFT) +#define OP_PCL_BLOB_BLACK 0x0004 #define OP_PCLID_SECRETKEY (0x11 << OP_PCLID_SHIFT) #define OP_PCLID_PUBLICKEYPAIR (0x14 << OP_PCLID_SHIFT) #define OP_PCLID_DSA_SIGN (0x15 << OP_PCLID_SHIFT) diff --git a/drivers/crypto/fsl/fsl_blob.c b/drivers/crypto/fsl/fsl_blob.c index 9b6e4bca06..034e6ae5df 100644 --- a/drivers/crypto/fsl/fsl_blob.c +++ b/drivers/crypto/fsl/fsl_blob.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2014 Freescale Semiconductor, Inc. + * Copyright 2022 NXP * */ @@ -22,13 +23,15 @@ * @src: - Source address (blob) * @dst: - Destination address (data) * @len: - Size of decapsulated data + * @keycolor - Determines if the source data is covered (black key) or + * plaintext. * * Note: Start and end of the key_mod, src and dst buffers have to be aligned to * the cache line size (ARCH_DMA_MINALIGN) for the CAAM operation to succeed. * * Returns zero on success, negative on error. */ -int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) +int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len, u8 keycolor) { int ret, size, i = 0; u32 *desc; @@ -55,7 +58,7 @@ int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) flush_dcache_range((unsigned long)src, (unsigned long)src + size); - inline_cnstr_jobdesc_blob_decap(desc, key_mod, src, dst, len); + inline_cnstr_jobdesc_blob_decap(desc, key_mod, src, dst, len, keycolor); debug("Descriptor dump:\n"); for (i = 0; i < 14; i++) @@ -65,8 +68,8 @@ int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) flush_dcache_range((unsigned long)desc, (unsigned long)desc + size); - flush_dcache_range((unsigned long)dst, - (unsigned long)dst + size); + size = ALIGN(len, ARCH_DMA_MINALIGN); + invalidate_dcache_range((unsigned long)dst, (unsigned long)dst + size); ret = run_descriptor_jr(desc); @@ -94,13 +97,15 @@ int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) * @src: - Source address (data) * @dst: - Destination address (blob) * @len: - Size of data to be encapsulated + * @keycolor - Determines if the source data is covered (black key) or + * plaintext. * * Note: Start and end of the key_mod, src and dst buffers have to be aligned to * the cache line size (ARCH_DMA_MINALIGN) for the CAAM operation to succeed. * * Returns zero on success, negative on error. */ -int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) +int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len, u8 keycolor) { int ret, size, i = 0; u32 *desc; @@ -127,7 +132,7 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) flush_dcache_range((unsigned long)src, (unsigned long)src + size); - inline_cnstr_jobdesc_blob_encap(desc, key_mod, src, dst, len); + inline_cnstr_jobdesc_blob_encap(desc, key_mod, src, dst, len, keycolor); debug("Descriptor dump:\n"); for (i = 0; i < 14; i++) @@ -137,8 +142,8 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) flush_dcache_range((unsigned long)desc, (unsigned long)desc + size); - flush_dcache_range((unsigned long)dst, - (unsigned long)dst + size); + size = ALIGN(BLOB_SIZE(len), ARCH_DMA_MINALIGN); + invalidate_dcache_range((unsigned long)dst, (unsigned long)dst + size); ret = run_descriptor_jr(desc); diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c index 542b1652d8..1280e6122e 100644 --- a/drivers/crypto/fsl/jobdesc.c +++ b/drivers/crypto/fsl/jobdesc.c @@ -4,7 +4,7 @@ * Basic job descriptor construction * * Copyright 2014 Freescale Semiconductor, Inc. - * Copyright 2018 NXP + * Copyright 2018, 2022 NXP * */ @@ -210,13 +210,14 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc, #ifndef CONFIG_SPL_BUILD void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *plain_txt, uint8_t *enc_blob, - uint32_t in_sz) + uint32_t in_sz, uint8_t keycolor) { caam_dma_addr_t dma_addr_key_idnfr, dma_addr_in, dma_addr_out; uint32_t key_sz = KEY_IDNFR_SZ_BYTES; /* output blob will have 32 bytes key blob in beginning and * 16 byte HMAC identifier at end of data blob */ uint32_t out_sz = in_sz + KEY_BLOB_SIZE + MAC_SIZE; + uint32_t bk_store; dma_addr_key_idnfr = virt_to_phys((void *)key_idnfr); dma_addr_in = virt_to_phys((void *)plain_txt); @@ -230,16 +231,23 @@ void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, append_seq_out_ptr(desc, dma_addr_out, out_sz, 0); - append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB); + bk_store = OP_PCLID_BLOB; + + /* An input black key cannot be stored in a red blob */ + if (keycolor == BLACK_KEY) + bk_store |= OP_PCL_BLOB_BLACK; + + append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | bk_store); } void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *enc_blob, uint8_t *plain_txt, - uint32_t out_sz) + uint32_t out_sz, uint8_t keycolor) { caam_dma_addr_t dma_addr_key_idnfr, dma_addr_in, dma_addr_out; uint32_t key_sz = KEY_IDNFR_SZ_BYTES; uint32_t in_sz = out_sz + KEY_BLOB_SIZE + MAC_SIZE; + uint32_t bk_store; dma_addr_key_idnfr = virt_to_phys((void *)key_idnfr); dma_addr_in = virt_to_phys((void *)enc_blob); @@ -253,7 +261,13 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, append_seq_out_ptr(desc, dma_addr_out, out_sz, 0); - append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB); + bk_store = OP_PCLID_BLOB; + + /* An input black key cannot be stored in a red blob */ + if (keycolor == BLACK_KEY) + bk_store |= OP_PCL_BLOB_BLACK; + + append_operation(desc, OP_TYPE_DECAP_PROTOCOL | bk_store); } #endif /* diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h index c4501abd26..99ac049c3e 100644 --- a/drivers/crypto/fsl/jobdesc.h +++ b/drivers/crypto/fsl/jobdesc.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0+ */ /* * Copyright 2014 Freescale Semiconductor, Inc. + * Copyright 2022 NXP * */ @@ -13,6 +14,9 @@ #define KEY_IDNFR_SZ_BYTES 16 +/* Encrypted key */ +#define BLACK_KEY 1 + #ifdef CONFIG_CMD_DEKBLOB /* inline_cnstr_jobdesc_blob_dek: * Intializes and constructs the job descriptor for DEK encapsulation @@ -33,11 +37,11 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc, void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *plain_txt, uint8_t *enc_blob, - uint32_t in_sz); + uint32_t in_sz, uint8_t keycolor); void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *enc_blob, uint8_t *plain_txt, - uint32_t out_sz); + uint32_t out_sz, uint8_t keycolor); void inline_cnstr_jobdesc_rng_instantiation(u32 *desc, int handle, int do_sk);