Merge branch 'master' of git://git.denx.de/u-boot

13 files changed, 397 insertions, 0 deletions

diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index e69de29..bd26a2b 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -0,0 +1 @@
+source drivers/crypto/fsl/Kconfig
diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index 7b79237..fb8c10b 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -6,4 +6,5 @@
 #
 
 obj-$(CONFIG_EXYNOS_ACE_SHA)	+= ace_sha.o
+obj-y += rsa_mod_exp/
 obj-y += fsl/
diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig
new file mode 100644
index 0000000..86b2f2f
--- /dev/null
+++ b/drivers/crypto/fsl/Kconfig
@@ -0,0 +1,6 @@
+config FSL_CAAM
+	bool "Freescale Crypto Driver Support"
+	help
+	  Enables the Freescale's Cryptographic Accelerator and Assurance
+	  Module (CAAM), also known as the SEC version 4 (SEC4). The driver uses
+	  Job Ring as interface to communicate with CAAM.
diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile
index cb13d2e..c0cf642 100644
--- a/drivers/crypto/fsl/Makefile
+++ b/drivers/crypto/fsl/Makefile
@@ -6,5 +6,7 @@
 # Version 2 as published by the Free Software Foundation.
 #
 
+obj-y += sec.o
 obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o
 obj-$(CONFIG_CMD_BLOB) += fsl_blob.o
+obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o
diff --git a/drivers/crypto/fsl/fsl_rsa.c b/drivers/crypto/fsl/fsl_rsa.c
new file mode 100644
index 0000000..cf1c4c1
--- /dev/null
+++ b/drivers/crypto/fsl/fsl_rsa.c
@@ -0,0 +1,60 @@
+/*
+ * (C) Copyright 2014 Freescale Semiconductor, Inc.
+ * Author: Ruchika Gupta <ruchika.gupta@freescale.com>
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#include <config.h>
+#include <common.h>
+#include <dm.h>
+#include <asm/types.h>
+#include <malloc.h>
+#include "jobdesc.h"
+#include "desc.h"
+#include "jr.h"
+#include "rsa_caam.h"
+#include <u-boot/rsa-mod-exp.h>
+
+int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
+		struct key_prop *prop, uint8_t *out)
+{
+	uint32_t keylen;
+	struct pk_in_params pkin;
+	uint32_t desc[MAX_CAAM_DESCSIZE];
+	int ret;
+
+	/* Length in bytes */
+	keylen = prop->num_bits / 8;
+
+	pkin.a = sig;
+	pkin.a_siz = sig_len;
+	pkin.n = prop->modulus;
+	pkin.n_siz = keylen;
+	pkin.e = prop->public_exponent;
+	pkin.e_siz = prop->exp_len;
+
+	inline_cnstr_jobdesc_pkha_rsaexp(desc, &pkin, out, sig_len);
+
+	ret = run_descriptor_jr(desc);
+	if (ret) {
+		debug("%s: RSA failed to verify: %d\n", __func__, ret);
+		return -EFAULT;
+	}
+
+	return 0;
+}
+
+static const struct mod_exp_ops fsl_mod_exp_ops = {
+	.mod_exp	= fsl_mod_exp,
+};
+
+U_BOOT_DRIVER(fsl_rsa_mod_exp) = {
+	.name	= "fsl_rsa_mod_exp",
+	.id	= UCLASS_MOD_EXP,
+	.ops	= &fsl_mod_exp_ops,
+};
+
+U_BOOT_DEVICE(fsl_rsa) = {
+	.name = "fsl_rsa_mod_exp",
+};
diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c
index 1386bae..cc0dced 100644
--- a/drivers/crypto/fsl/jobdesc.c
+++ b/drivers/crypto/fsl/jobdesc.c
@@ -11,6 +11,7 @@
 #include <common.h>
 #include "desc_constr.h"
 #include "jobdesc.h"
+#include "rsa_caam.h"
 
 #define KEY_BLOB_SIZE			32
 #define MAC_SIZE			16
@@ -123,3 +124,30 @@ void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc)
 	append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG |
 			 OP_ALG_RNG4_SK);
 }
+
+/* Change key size to bytes form bits in calling function*/
+void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc,
+				      struct pk_in_params *pkin, uint8_t *out,
+				      uint32_t out_siz)
+{
+	dma_addr_t dma_addr_e, dma_addr_a, dma_addr_n, dma_addr_out;
+
+	dma_addr_e = virt_to_phys((void *)pkin->e);
+	dma_addr_a = virt_to_phys((void *)pkin->a);
+	dma_addr_n = virt_to_phys((void *)pkin->n);
+	dma_addr_out = virt_to_phys((void *)out);
+
+	init_job_desc(desc, 0);
+	append_key(desc, dma_addr_e, pkin->e_siz, KEY_DEST_PKHA_E | CLASS_1);
+
+	append_fifo_load(desc, dma_addr_a,
+			 pkin->a_siz, LDST_CLASS_1_CCB | FIFOLD_TYPE_PK_A);
+
+	append_fifo_load(desc, dma_addr_n,
+			 pkin->n_siz, LDST_CLASS_1_CCB | FIFOLD_TYPE_PK_N);
+
+	append_operation(desc, OP_TYPE_PK | OP_ALG_PK | OP_ALG_PKMODE_MOD_EXPO);
+
+	append_fifo_store(desc, dma_addr_out, out_siz,
+			  LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B);
+}
diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h
index 3cf7226..84b3edd 100644
--- a/drivers/crypto/fsl/jobdesc.h
+++ b/drivers/crypto/fsl/jobdesc.h
@@ -10,6 +10,7 @@
 
 #include <common.h>
 #include <asm/io.h>
+#include "rsa_caam.h"
 
 #define KEY_IDNFR_SZ_BYTES		16
 
@@ -26,4 +27,8 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr,
 				     uint32_t out_sz);
 
 void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc);
+
+void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc,
+				      struct pk_in_params *pkin, uint8_t *out,
+				      uint32_t out_siz);
 #endif
diff --git a/drivers/crypto/fsl/rsa_caam.h b/drivers/crypto/fsl/rsa_caam.h
new file mode 100644
index 0000000..4ff87ef
--- /dev/null
+++ b/drivers/crypto/fsl/rsa_caam.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2014 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#ifndef __RSA_CAAM_H
+#define __RSA_CAAM_H
+
+#include <common.h>
+
+/**
+ * struct pk_in_params - holder for input to PKHA block in CAAM
+ * These parameters are required to perform Modular Exponentiation
+ * using PKHA Block in CAAM
+ */
+struct pk_in_params {
+	const uint8_t *e;	/* public exponent as byte array */
+	uint32_t e_siz;		/* size of e[] in number of bytes */
+	const uint8_t *n;	/* modulus as byte array */
+	uint32_t n_siz;		/* size of n[] in number of bytes */
+	const uint8_t *a;		/* Signature as byte array */
+	uint32_t a_siz;		/* size of a[] in number of bytes */
+	uint8_t *b;		/* Result exp. modulus in number of bytes */
+	uint32_t b_siz;		/* size of b[] in number of bytes */
+};
+
+#endif
diff --git a/drivers/crypto/fsl/sec.c b/drivers/crypto/fsl/sec.c
new file mode 100644
index 0000000..443ee96
--- /dev/null
+++ b/drivers/crypto/fsl/sec.c
@@ -0,0 +1,184 @@
+/*
+ * Copyright 2014 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#include <common.h>
+#include <libfdt.h>
+#include <fdt_support.h>
+#if CONFIG_SYS_FSL_SEC_COMPAT == 2 || CONFIG_SYS_FSL_SEC_COMPAT >= 4
+#include <fsl_sec.h>
+#endif
+
+/*
+ * update crypto node properties to a specified revision of the SEC
+ * called with sec_rev == 0 if not on an E processor
+ */
+#if CONFIG_SYS_FSL_SEC_COMPAT == 2 /* SEC 2.x/3.x */
+void fdt_fixup_crypto_node(void *blob, int sec_rev)
+{
+	static const struct sec_rev_prop {
+		u32 sec_rev;
+		u32 num_channels;
+		u32 channel_fifo_len;
+		u32 exec_units_mask;
+		u32 descriptor_types_mask;
+	} sec_rev_prop_list[] = {
+		{ 0x0200, 4, 24, 0x07e, 0x01010ebf }, /* SEC 2.0 */
+		{ 0x0201, 4, 24, 0x0fe, 0x012b0ebf }, /* SEC 2.1 */
+		{ 0x0202, 1, 24, 0x04c, 0x0122003f }, /* SEC 2.2 */
+		{ 0x0204, 4, 24, 0x07e, 0x012b0ebf }, /* SEC 2.4 */
+		{ 0x0300, 4, 24, 0x9fe, 0x03ab0ebf }, /* SEC 3.0 */
+		{ 0x0301, 4, 24, 0xbfe, 0x03ab0ebf }, /* SEC 3.1 */
+		{ 0x0303, 4, 24, 0x97c, 0x03a30abf }, /* SEC 3.3 */
+	};
+	static char compat_strlist[ARRAY_SIZE(sec_rev_prop_list) *
+				   sizeof("fsl,secX.Y")];
+	int crypto_node, sec_idx, err;
+	char *p;
+	u32 val;
+
+	/* locate crypto node based on lowest common compatible */
+	crypto_node = fdt_node_offset_by_compatible(blob, -1, "fsl,sec2.0");
+	if (crypto_node == -FDT_ERR_NOTFOUND)
+		return;
+
+	/* delete it if not on an E-processor */
+	if (crypto_node > 0 && !sec_rev) {
+		fdt_del_node(blob, crypto_node);
+		return;
+	}
+
+	/* else we got called for possible uprev */
+	for (sec_idx = 0; sec_idx < ARRAY_SIZE(sec_rev_prop_list); sec_idx++)
+		if (sec_rev_prop_list[sec_idx].sec_rev == sec_rev)
+			break;
+
+	if (sec_idx == ARRAY_SIZE(sec_rev_prop_list)) {
+		puts("warning: unknown SEC revision number\n");
+		return;
+	}
+
+	val = cpu_to_fdt32(sec_rev_prop_list[sec_idx].num_channels);
+	err = fdt_setprop(blob, crypto_node, "fsl,num-channels", &val, 4);
+	if (err < 0)
+		printf("WARNING: could not set crypto property: %s\n",
+		       fdt_strerror(err));
+
+	val = cpu_to_fdt32(sec_rev_prop_list[sec_idx].descriptor_types_mask);
+	err = fdt_setprop(blob, crypto_node, "fsl,descriptor-types-mask",
+			  &val, 4);
+	if (err < 0)
+		printf("WARNING: could not set crypto property: %s\n",
+		       fdt_strerror(err));
+
+	val = cpu_to_fdt32(sec_rev_prop_list[sec_idx].exec_units_mask);
+	err = fdt_setprop(blob, crypto_node, "fsl,exec-units-mask", &val, 4);
+	if (err < 0)
+		printf("WARNING: could not set crypto property: %s\n",
+		       fdt_strerror(err));
+
+	val = cpu_to_fdt32(sec_rev_prop_list[sec_idx].channel_fifo_len);
+	err = fdt_setprop(blob, crypto_node, "fsl,channel-fifo-len", &val, 4);
+	if (err < 0)
+		printf("WARNING: could not set crypto property: %s\n",
+		       fdt_strerror(err));
+
+	val = 0;
+	while (sec_idx >= 0) {
+		p = compat_strlist + val;
+		val += sprintf(p, "fsl,sec%d.%d",
+			(sec_rev_prop_list[sec_idx].sec_rev & 0xff00) >> 8,
+			sec_rev_prop_list[sec_idx].sec_rev & 0x00ff) + 1;
+		sec_idx--;
+	}
+	err = fdt_setprop(blob, crypto_node, "compatible", &compat_strlist,
+			  val);
+	if (err < 0)
+		printf("WARNING: could not set crypto property: %s\n",
+		       fdt_strerror(err));
+}
+#elif CONFIG_SYS_FSL_SEC_COMPAT >= 4  /* SEC4 */
+static u8 caam_get_era(void)
+{
+	static const struct {
+		u16 ip_id;
+		u8 maj_rev;
+		u8 era;
+	} caam_eras[] = {
+		{0x0A10, 1, 1},
+		{0x0A10, 2, 2},
+		{0x0A12, 1, 3},
+		{0x0A14, 1, 3},
+		{0x0A14, 2, 4},
+		{0x0A16, 1, 4},
+		{0x0A10, 3, 4},
+		{0x0A11, 1, 4},
+		{0x0A18, 1, 4},
+		{0x0A11, 2, 5},
+		{0x0A12, 2, 5},
+		{0x0A13, 1, 5},
+		{0x0A1C, 1, 5}
+	};
+
+	ccsr_sec_t __iomem *sec = (void __iomem *)CONFIG_SYS_FSL_SEC_ADDR;
+	u32 secvid_ms = sec_in32(&sec->secvid_ms);
+	u32 ccbvid = sec_in32(&sec->ccbvid);
+	u16 ip_id = (secvid_ms & SEC_SECVID_MS_IPID_MASK) >>
+				SEC_SECVID_MS_IPID_SHIFT;
+	u8 maj_rev = (secvid_ms & SEC_SECVID_MS_MAJ_REV_MASK) >>
+				SEC_SECVID_MS_MAJ_REV_SHIFT;
+	u8 era = (ccbvid & SEC_CCBVID_ERA_MASK) >> SEC_CCBVID_ERA_SHIFT;
+
+	int i;
+
+	if (era)	/* This is '0' prior to CAAM ERA-6 */
+		return era;
+
+	for (i = 0; i < ARRAY_SIZE(caam_eras); i++)
+		if (caam_eras[i].ip_id == ip_id &&
+		    caam_eras[i].maj_rev == maj_rev)
+			return caam_eras[i].era;
+
+	return 0;
+}
+
+static void fdt_fixup_crypto_era(void *blob, u32 era)
+{
+	int err;
+	int crypto_node;
+
+	crypto_node = fdt_path_offset(blob, "crypto");
+	if (crypto_node < 0) {
+		printf("WARNING: Missing crypto node\n");
+		return;
+	}
+
+	err = fdt_setprop(blob, crypto_node, "fsl,sec-era", &era,
+			  sizeof(era));
+	if (err < 0) {
+		printf("ERROR: could not set fsl,sec-era property: %s\n",
+		       fdt_strerror(err));
+	}
+}
+
+void fdt_fixup_crypto_node(void *blob, int sec_rev)
+{
+	u8 era;
+
+	if (!sec_rev) {
+		fdt_del_node_and_alias(blob, "crypto");
+		return;
+	}
+
+	/* Add SEC ERA information in compatible */
+	era = caam_get_era();
+	if (era) {
+		fdt_fixup_crypto_era(blob, era);
+	} else {
+		printf("WARNING: Unable to get ERA for CAAM rev: %d\n",
+		       sec_rev);
+	}
+}
+#endif
diff --git a/drivers/crypto/rsa_mod_exp/Kconfig b/drivers/crypto/rsa_mod_exp/Kconfig
new file mode 100644
index 0000000..6dcb39a
--- /dev/null
+++ b/drivers/crypto/rsa_mod_exp/Kconfig
@@ -0,0 +1,5 @@
+config DM_MOD_EXP
+	bool "Enable Driver Model for RSA Modular Exponentiation"
+	depends on DM
+	help
+	  If you want to use driver model for RSA Modular Exponentiation, say Y.
diff --git a/drivers/crypto/rsa_mod_exp/Makefile b/drivers/crypto/rsa_mod_exp/Makefile
new file mode 100644
index 0000000..915b751
--- /dev/null
+++ b/drivers/crypto/rsa_mod_exp/Makefile
@@ -0,0 +1,7 @@
+#
+# (C) Copyright 2014 Freescale Semiconductor, Inc.
+#
+# SPDX-License-Identifier:	GPL-2.0+
+#
+
+obj-$(CONFIG_RSA) += mod_exp_uclass.o mod_exp_sw.o
diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
new file mode 100644
index 0000000..dc6c064
--- /dev/null
+++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
@@ -0,0 +1,39 @@
+/*
+ * (C) Copyright 2014 Freescale Semiconductor, Inc.
+ * Author: Ruchika Gupta <ruchika.gupta@freescale.com>
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#include <config.h>
+#include <common.h>
+#include <dm.h>
+#include <u-boot/rsa-mod-exp.h>
+
+int mod_exp_sw(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
+		struct key_prop *prop, uint8_t *out)
+{
+	int ret = 0;
+
+	ret = rsa_mod_exp_sw(sig, sig_len, prop, out);
+	if (ret) {
+		debug("%s: RSA failed to verify: %d\n", __func__, ret);
+		return ret;
+	}
+
+	return 0;
+}
+
+static const struct mod_exp_ops mod_exp_ops_sw = {
+	.mod_exp	= mod_exp_sw,
+};
+
+U_BOOT_DRIVER(mod_exp_sw) = {
+	.name	= "mod_exp_sw",
+	.id	= UCLASS_MOD_EXP,
+	.ops	= &mod_exp_ops_sw,
+};
+
+U_BOOT_DEVICE(mod_exp_sw) = {
+	.name = "mod_exp_sw",
+};
diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_uclass.c b/drivers/crypto/rsa_mod_exp/mod_exp_uclass.c
new file mode 100644
index 0000000..266f094
--- /dev/null
+++ b/drivers/crypto/rsa_mod_exp/mod_exp_uclass.c
@@ -0,0 +1,31 @@
+/*
+ * (C) Copyright 2014 Freescale Semiconductor, Inc
+ * Author: Ruchika Gupta <ruchika.gupta@freescale.com>
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <u-boot/rsa-mod-exp.h>
+#include <errno.h>
+#include <fdtdec.h>
+#include <malloc.h>
+#include <asm/io.h>
+#include <linux/list.h>
+
+int rsa_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
+		struct key_prop *node, uint8_t *out)
+{
+	const struct mod_exp_ops *ops = device_get_ops(dev);
+
+	if (!ops->mod_exp)
+		return -ENOSYS;
+
+	return ops->mod_exp(dev, sig, sig_len, node, out);
+}
+
+UCLASS_DRIVER(mod_exp) = {
+	.id		= UCLASS_MOD_EXP,
+	.name		= "rsa_mod_exp",
+};