From patchwork Mon Apr 18 10:33:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gaurav Jain X-Patchwork-Id: 1618330 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=nxp.com header.i=@nxp.com header.a=rsa-sha256 header.s=selector2 header.b=Z4e6Gigw; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KhjwZ6CVqz9sG6 for ; Mon, 18 Apr 2022 20:34:20 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A69B980A4E; Mon, 18 Apr 2022 12:34:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=nxp.com header.i=@nxp.com header.b="Z4e6Gigw"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F38A583ABE; Mon, 18 Apr 2022 12:34:09 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,SPF_HELO_PASS, T_SCC_BODY_TEXT_LINE,T_SPF_PERMERROR autolearn=ham autolearn_force=no version=3.4.2 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20625.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::625]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 7461181A02 for ; Mon, 18 Apr 2022 12:34:06 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=gaurav.jain@nxp.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Eg3RaaSU+6BqZA1vh6Xf8YHEYYh4jWVZscQvsdtlx6caIUZoODpIAZrf3F6Q9c+kNNn5GNJr1XBp961wTTUlDx7ena0/yt+uduX/9j2WxgSwA6EQ5bgtj4ACtCAPwZkleU7HO/baisF3YG0J8I6JnvRKTlPIFNJp6IICYxpU/Lf83L5MIMgYAVGbBAYsRLdOiDjCkwEsGhyL2kGnnm6oDGz6JR3nIu+hYhnzj0tkaL2KT47AVUxi1d3+Uh8C6mBSbdlIvc38oVrO1wt3mxLWbfX+ODzPoZbKb6AdZyKoy/injFnG8vZHpF4ZMwMBvt0Es6TjNjQUptvHKz7+OXeZig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7D+mZSgl6dM/5wU04OLPvOBjXSwlUsJW9aM/jJKt3eE=; b=YqKhM1VQXtavxwPLmkJjYPKWHNt5V19mbIG4x/jqqXr9XTeth2Kj3FiLmEdVFA8Asv7vbbfS1axcIVWU+CrfHt5b969qrgwtatf0ZentGqHd9OCZ5Eum+O6ihZgCorwj22o/BAibYbV+4STNIK/Cpr7nyC6s5XKuWKL1j5BgkkDXC2iCyCRv+zRXpPwQ7YCNrTq9B3kpK+XFQ8ks4zGfYSDRILmMD4FDFgieO3EjdCOXmpF0iTDxbbQoT2BxcCR6yN2EYzvA/aWDf5XHb1YPidsG9vjbRrbI7wT7IgVMxkO4z2q27vGBbleXeNF2lbt6wEVJRofovSMPn3pLPlzK3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7D+mZSgl6dM/5wU04OLPvOBjXSwlUsJW9aM/jJKt3eE=; b=Z4e6Gigw6tS6f3wy1o3HmJW3jocXRC1kGdc6kIyANnBFLFBBq2ugz2kQljAPhhkY0+8sd14JRk28Ea86YIxRC5RzGIDmiVYGdf+33vy5J4VynOdphfAIAHtiAvmTzFGD6z/jDZ85W4iwgYd1l3V1Ql1L50NZWy96KfggAt/K0kc= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from VI1PR04MB5342.eurprd04.prod.outlook.com (2603:10a6:803:46::16) by AM4PR0401MB2321.eurprd04.prod.outlook.com (2603:10a6:200:4e::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Mon, 18 Apr 2022 10:34:04 +0000 Received: from VI1PR04MB5342.eurprd04.prod.outlook.com ([fe80::c587:139c:5129:6d02]) by VI1PR04MB5342.eurprd04.prod.outlook.com ([fe80::c587:139c:5129:6d02%7]) with mapi id 15.20.5164.025; Mon, 18 Apr 2022 10:34:04 +0000 From: Gaurav Jain To: Stefano Babic , u-boot@lists.denx.de Cc: Fabio Estevam , Priyanka Jain , Ye Li , Horia Geanta , Silvano Di Ninno , Varun Sethi , "NXP i . MX U-Boot Team" , Gaurav Jain Subject: [PATCH] crypto/fsl: Add support for black key blob Date: Mon, 18 Apr 2022 16:03:42 +0530 Message-Id: <20220418103342.1201644-1-gaurav.jain@nxp.com> X-Mailer: git-send-email 2.25.1 X-ClientProxiedBy: SG2P153CA0005.APCP153.PROD.OUTLOOK.COM (2603:1096::15) To VI1PR04MB5342.eurprd04.prod.outlook.com (2603:10a6:803:46::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: dc2fc54e-2f8e-4ef7-6e67-08da2126f5f3 X-MS-TrafficTypeDiagnostic: AM4PR0401MB2321:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AEyybCRpqAbniwg8vVm0SDb0a28Zr3pXlq5m6xzjFG1ULpL0U/sctkr0UFEsvqkM5+vms57+6R+A0MpThC9z3EfVBf3Uj5ev7FcxTGBSx6A8nr7Rc3CIDODvwBP5rZ6YcHUS8x+W0q6Bn3/EGprz6p6xAuqUSMTsyjJK/uh8gHrBh2l2bxKg+964EeJBKuuL+eKOfSy6HJ2UjdhRtsTa9ABdnpQc6zi7cDjut0Mv2iDV75Qc2yl1pW3IlzfDdx40UpYAt5bNkZYofEKkf6MTvXpjkqCDH38EHy8nWcrSjiE6wg2HrdJwTMcKl+al1PsUsqsuJ6rjxqXJSde4+2QkySqlthA0/QyXoHkW1WcG3tRdZXVP6dyJKfMMOwWU5Zn2kEt72eMN5RG904/xo/z0ZJNGwrUmlVeGrKE1kXSnhEQ5Rz245999O8Zt4U/6NlxyVMNKSJuUHTEld2rM4Dfrs9tJJHyaaLR6xtnaiOyWlgMVZ02uT1EZO729B6pg5MDbHTBElLg0W1GvlWABGFp4V80kyj1XdMDDEHXxI+yywubNAgfKhYBSWykpAR0DUY5rPXTYR7ANIsoWOIAV6BbEiePwrTt7aDb+KZf08Ml9NNbRa89AWnUAA9zmComzsdb1UwwQ3DPCPpJwfSVB2NEL/+dlN68Bv0H/alduzNnCgBjPlzBeOtalDXqZZ93iJpTT0Wu5VsXVfm+4rOhL+6b18Q== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR04MB5342.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(4326008)(44832011)(508600001)(2616005)(6666004)(8676002)(66946007)(26005)(8936002)(83380400001)(186003)(5660300002)(6486002)(316002)(2906002)(6512007)(1076003)(66476007)(66556008)(38100700002)(38350700002)(54906003)(6506007)(36756003)(52116002)(55236004)(86362001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: fU/6o7I1CZqqTA9O/8+wddFA0MB1SlsFqqCw+Z76e+pcUMgYBNmfalppP49qUOomcGXh6yEi8LwSqxqHMQUQvRCP289vtj78UQioRrg67s7R/bQ/8xfa9M+O3HqnfcovqhVluE1mOQYIvEVKj7MX1c8kzbEkpeV7micPot5SoOba0uPL3l4KLn0PRG0YT3TV93tcFf7DJHE8x37yKhXCIm3SDO8Q3YP+uNHn4PzUK1zlnDcN4B+bK3+QBFAYDRXtSDwOMGcHJ3bOUoVkZf08xi0vV32Z0qiH9IBpNmT/7ipVqqC/l8UU+XqoCaAGIv/KhFiUMuuHIyMFfugsmPDGwKKmn6T7OjKHjvh4ml4/6ijg/uqkOT66IpigPuXdaMrcf4bDGn4mE4+lXBd1w+actMhuTicDJ/hbCvqYN44fS0fgVoaR0v1XZSjy++R3q9cmW6ZOrtPf5ctgXsWHL6lakb8zb1XWCXrf4LnhkXYHt8ubZ2kuYknhKO1uGNDeKXhFXhyjtP793FQBVvdeuCasK+mMnzyZfeousixbrdB400Vo5rTlxDihMVgCarWTgqnP3on4kh1TZd7WWGsYTd739A7MXfKvtmkU1gKF4p3/zU/l2++Xvf/zorAd9icgUHdYUeXSk/QIpAH9Pp+d59OGM/n67+hW0sahWz52TxCuw4d8oM/mlVqch+7E/Bz20jcrwUJ6pcXy560th5ug60uChcEUf0UGoe2LmW1q4GHYqTPwXfE+byxuVJQUBv4IsF6cUedVrQGI/MeTTENbz8OUABTh7axuOsNGV8U+AN+ruPfAreRTBTgm2MOg8ABnCmS/aVOZCWwlAJXHVAYQy3mn6mZzItSBxK6n0288YuAZP/m4yon2rIiWOR4LIIEExiGdNv67Rv1sWVRvMwwhO/P+rFK3McgbwXH54PBdfP+iycu3NGKQ3kK9Iwz+xX9VZSII1tvwNcqp2kfbGElfLWmoXiULnpBHBu2kOQQWQpEE9hEBE7E1zj6bSEBj9rJM25BTVmaRCMO8v6qWkRMEO8lrz5Sp6jVEbznMFzJZdl+e1SFm4z91BqZOp4v2vOKVoSR35NZsch9FlENvK7CpY8Fh35QztCE1Lek4YzAAgpQFsuv1EQ03oZw81MeoUUuOr3LX87YSbJe3EcPMF69rDyhbO3X/LTYPEFyHxpewsXh3bjXcJF9n+F4iv06/dA+y0WIMsKDZJZ5H+WkfVKU9VWpD/huu5rOqXVD0uFPKKW3VW+Cd49cULrMERNbBIlkqumm+zTVEn4sS1M2oxZW/TSQjjSwzL1fV/eFp/Pb9jGiJNkyC/YUSzOJr5WGN1VrrUq+C2gxJE9rYJBrHCQVzmpI7EMlrV18pBa5kjJOuz6M9zmJX2Yf01qZxMivT8Um82dTYyXHBWXNBbW71D9G+Lmv+AiPTH91S6x9vtGczJw6Q7T6K3d8OUkeqdhhTFBzLvc1QYhlvPoqgtGRvCc/Dq+058+wlUxHWuYp8MXnjaqXxzeAA8yq10SrEnF3B1L6H+6wbZqgrTDBWa3Hu2bmXT4cTqflRat869Rw6avgPkhq3GB2ATKggkDLl6F4KuklxdOI9CiurcSnUKC5LA9As3UG8tjRFX8+WRvrkFCgiIzfGTQx79ZAA8KnC3aMNyHaQQDJoR3va8TEAfoek15iZxodBlczxAIBmwVFzUjWOS0SEyBBLc+cpAM+MC1SajEJ90oARf7RpW5BEuVpOBsOLqKJQjWJJMT+yuYdVl/voAy0XLiw= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: dc2fc54e-2f8e-4ef7-6e67-08da2126f5f3 X-MS-Exchange-CrossTenant-AuthSource: VI1PR04MB5342.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2022 10:34:04.7222 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Bd+YcvkpyhG8GlZ6/cLHe7HigX7Qf340qBkvDiegXuhYj1FBLWfvnSL8YAH6z+C0wsadJl3boNEM6Dwf0SQQSg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0401MB2321 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean modified caam descriptor to support black key blob. Signed-off-by: Gaurav Jain --- cmd/blob.c | 12 ++++++++---- drivers/crypto/fsl/desc.h | 1 + drivers/crypto/fsl/fsl_blob.c | 21 +++++++++++++-------- drivers/crypto/fsl/jobdesc.c | 24 +++++++++++++++++++----- drivers/crypto/fsl/jobdesc.h | 8 ++++++-- 5 files changed, 47 insertions(+), 19 deletions(-) diff --git a/cmd/blob.c b/cmd/blob.c index e2efae7a11..5c459b6f19 100644 --- a/cmd/blob.c +++ b/cmd/blob.c @@ -21,10 +21,12 @@ * @src: - Address of data to be decapsulated * @dst: - Address of data to be decapsulated * @len: - Size of data to be decapsulated + * @keycolor - Determines if the source data is covered (black key) or + * plaintext. * * Returns zero on success,and negative on error. */ -__weak int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) +__weak int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len, u8 keycolor) { return 0; } @@ -35,10 +37,12 @@ __weak int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) * @src: - Address of data to be encapsulated * @dst: - Address of data to be encapsulated * @len: - Size of data to be encapsulated + * @keycolor - Determines if the source data is covered (black key) or + * plaintext. * * Returns zero on success,and negative on error. */ -__weak int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) +__weak int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len, u8 keycolor) { return 0; } @@ -91,9 +95,9 @@ static int do_blob(struct cmd_tbl *cmdtp, int flag, int argc, #endif if (enc) - ret = blob_encap(km_ptr, src_ptr, dst_ptr, len); + ret = blob_encap(km_ptr, src_ptr, dst_ptr, len, 0); else - ret = blob_decap(km_ptr, src_ptr, dst_ptr, len); + ret = blob_decap(km_ptr, src_ptr, dst_ptr, len, 0); return ret; } diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h index 5705c4f944..4c148a2fc4 100644 --- a/drivers/crypto/fsl/desc.h +++ b/drivers/crypto/fsl/desc.h @@ -435,6 +435,7 @@ /* Assuming OP_TYPE = OP_TYPE_UNI_PROTOCOL */ #define OP_PCLID_SECMEM 0x08 #define OP_PCLID_BLOB (0x0d << OP_PCLID_SHIFT) +#define OP_PCL_BLOB_BLACK 0x0004 #define OP_PCLID_SECRETKEY (0x11 << OP_PCLID_SHIFT) #define OP_PCLID_PUBLICKEYPAIR (0x14 << OP_PCLID_SHIFT) #define OP_PCLID_DSA_SIGN (0x15 << OP_PCLID_SHIFT) diff --git a/drivers/crypto/fsl/fsl_blob.c b/drivers/crypto/fsl/fsl_blob.c index 9b6e4bca06..034e6ae5df 100644 --- a/drivers/crypto/fsl/fsl_blob.c +++ b/drivers/crypto/fsl/fsl_blob.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2014 Freescale Semiconductor, Inc. + * Copyright 2022 NXP * */ @@ -22,13 +23,15 @@ * @src: - Source address (blob) * @dst: - Destination address (data) * @len: - Size of decapsulated data + * @keycolor - Determines if the source data is covered (black key) or + * plaintext. * * Note: Start and end of the key_mod, src and dst buffers have to be aligned to * the cache line size (ARCH_DMA_MINALIGN) for the CAAM operation to succeed. * * Returns zero on success, negative on error. */ -int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) +int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len, u8 keycolor) { int ret, size, i = 0; u32 *desc; @@ -55,7 +58,7 @@ int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) flush_dcache_range((unsigned long)src, (unsigned long)src + size); - inline_cnstr_jobdesc_blob_decap(desc, key_mod, src, dst, len); + inline_cnstr_jobdesc_blob_decap(desc, key_mod, src, dst, len, keycolor); debug("Descriptor dump:\n"); for (i = 0; i < 14; i++) @@ -65,8 +68,8 @@ int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) flush_dcache_range((unsigned long)desc, (unsigned long)desc + size); - flush_dcache_range((unsigned long)dst, - (unsigned long)dst + size); + size = ALIGN(len, ARCH_DMA_MINALIGN); + invalidate_dcache_range((unsigned long)dst, (unsigned long)dst + size); ret = run_descriptor_jr(desc); @@ -94,13 +97,15 @@ int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len) * @src: - Source address (data) * @dst: - Destination address (blob) * @len: - Size of data to be encapsulated + * @keycolor - Determines if the source data is covered (black key) or + * plaintext. * * Note: Start and end of the key_mod, src and dst buffers have to be aligned to * the cache line size (ARCH_DMA_MINALIGN) for the CAAM operation to succeed. * * Returns zero on success, negative on error. */ -int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) +int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len, u8 keycolor) { int ret, size, i = 0; u32 *desc; @@ -127,7 +132,7 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) flush_dcache_range((unsigned long)src, (unsigned long)src + size); - inline_cnstr_jobdesc_blob_encap(desc, key_mod, src, dst, len); + inline_cnstr_jobdesc_blob_encap(desc, key_mod, src, dst, len, keycolor); debug("Descriptor dump:\n"); for (i = 0; i < 14; i++) @@ -137,8 +142,8 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) flush_dcache_range((unsigned long)desc, (unsigned long)desc + size); - flush_dcache_range((unsigned long)dst, - (unsigned long)dst + size); + size = ALIGN(BLOB_SIZE(len), ARCH_DMA_MINALIGN); + invalidate_dcache_range((unsigned long)dst, (unsigned long)dst + size); ret = run_descriptor_jr(desc); diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c index 542b1652d8..1280e6122e 100644 --- a/drivers/crypto/fsl/jobdesc.c +++ b/drivers/crypto/fsl/jobdesc.c @@ -4,7 +4,7 @@ * Basic job descriptor construction * * Copyright 2014 Freescale Semiconductor, Inc. - * Copyright 2018 NXP + * Copyright 2018, 2022 NXP * */ @@ -210,13 +210,14 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc, #ifndef CONFIG_SPL_BUILD void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *plain_txt, uint8_t *enc_blob, - uint32_t in_sz) + uint32_t in_sz, uint8_t keycolor) { caam_dma_addr_t dma_addr_key_idnfr, dma_addr_in, dma_addr_out; uint32_t key_sz = KEY_IDNFR_SZ_BYTES; /* output blob will have 32 bytes key blob in beginning and * 16 byte HMAC identifier at end of data blob */ uint32_t out_sz = in_sz + KEY_BLOB_SIZE + MAC_SIZE; + uint32_t bk_store; dma_addr_key_idnfr = virt_to_phys((void *)key_idnfr); dma_addr_in = virt_to_phys((void *)plain_txt); @@ -230,16 +231,23 @@ void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, append_seq_out_ptr(desc, dma_addr_out, out_sz, 0); - append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB); + bk_store = OP_PCLID_BLOB; + + /* An input black key cannot be stored in a red blob */ + if (keycolor == BLACK_KEY) + bk_store |= OP_PCL_BLOB_BLACK; + + append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | bk_store); } void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *enc_blob, uint8_t *plain_txt, - uint32_t out_sz) + uint32_t out_sz, uint8_t keycolor) { caam_dma_addr_t dma_addr_key_idnfr, dma_addr_in, dma_addr_out; uint32_t key_sz = KEY_IDNFR_SZ_BYTES; uint32_t in_sz = out_sz + KEY_BLOB_SIZE + MAC_SIZE; + uint32_t bk_store; dma_addr_key_idnfr = virt_to_phys((void *)key_idnfr); dma_addr_in = virt_to_phys((void *)enc_blob); @@ -253,7 +261,13 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, append_seq_out_ptr(desc, dma_addr_out, out_sz, 0); - append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB); + bk_store = OP_PCLID_BLOB; + + /* An input black key cannot be stored in a red blob */ + if (keycolor == BLACK_KEY) + bk_store |= OP_PCL_BLOB_BLACK; + + append_operation(desc, OP_TYPE_DECAP_PROTOCOL | bk_store); } #endif /* diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h index c4501abd26..99ac049c3e 100644 --- a/drivers/crypto/fsl/jobdesc.h +++ b/drivers/crypto/fsl/jobdesc.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0+ */ /* * Copyright 2014 Freescale Semiconductor, Inc. + * Copyright 2022 NXP * */ @@ -13,6 +14,9 @@ #define KEY_IDNFR_SZ_BYTES 16 +/* Encrypted key */ +#define BLACK_KEY 1 + #ifdef CONFIG_CMD_DEKBLOB /* inline_cnstr_jobdesc_blob_dek: * Intializes and constructs the job descriptor for DEK encapsulation @@ -33,11 +37,11 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc, void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *plain_txt, uint8_t *enc_blob, - uint32_t in_sz); + uint32_t in_sz, uint8_t keycolor); void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *enc_blob, uint8_t *plain_txt, - uint32_t out_sz); + uint32_t out_sz, uint8_t keycolor); void inline_cnstr_jobdesc_rng_instantiation(u32 *desc, int handle, int do_sk);