diff options
author | Stefano Babic <sbabic@denx.de> | 2015-02-13 11:17:01 +0100 |
---|---|---|
committer | Stefano Babic <sbabic@denx.de> | 2015-02-13 11:17:01 +0100 |
commit | e72d344386bf80738fab7a6bd37cb321f443093a (patch) | |
tree | d3e02055e6aa903ab80ef87c78d2f38e93981dcf /drivers/crypto | |
parent | 258c98f8d36ef35d7cb7604847ba73e64d702c2a (diff) | |
parent | bd2a4888b123713adec271d6c8040ca9f609aa2f (diff) | |
download | u-boot-imx-e72d344386bf80738fab7a6bd37cb321f443093a.zip u-boot-imx-e72d344386bf80738fab7a6bd37cb321f443093a.tar.gz u-boot-imx-e72d344386bf80738fab7a6bd37cb321f443093a.tar.bz2 |
Merge branch 'master' of git://git.denx.de/u-boot
Diffstat (limited to 'drivers/crypto')
-rw-r--r-- | drivers/crypto/Kconfig | 1 | ||||
-rw-r--r-- | drivers/crypto/Makefile | 1 | ||||
-rw-r--r-- | drivers/crypto/fsl/Kconfig | 6 | ||||
-rw-r--r-- | drivers/crypto/fsl/Makefile | 2 | ||||
-rw-r--r-- | drivers/crypto/fsl/fsl_rsa.c | 60 | ||||
-rw-r--r-- | drivers/crypto/fsl/jobdesc.c | 28 | ||||
-rw-r--r-- | drivers/crypto/fsl/jobdesc.h | 5 | ||||
-rw-r--r-- | drivers/crypto/fsl/rsa_caam.h | 28 | ||||
-rw-r--r-- | drivers/crypto/fsl/sec.c | 184 | ||||
-rw-r--r-- | drivers/crypto/rsa_mod_exp/Kconfig | 5 | ||||
-rw-r--r-- | drivers/crypto/rsa_mod_exp/Makefile | 7 | ||||
-rw-r--r-- | drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 39 | ||||
-rw-r--r-- | drivers/crypto/rsa_mod_exp/mod_exp_uclass.c | 31 |
13 files changed, 397 insertions, 0 deletions
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index e69de29..bd26a2b 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -0,0 +1 @@ +source drivers/crypto/fsl/Kconfig diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index 7b79237..fb8c10b 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -6,4 +6,5 @@ # obj-$(CONFIG_EXYNOS_ACE_SHA) += ace_sha.o +obj-y += rsa_mod_exp/ obj-y += fsl/ diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig new file mode 100644 index 0000000..86b2f2f --- /dev/null +++ b/drivers/crypto/fsl/Kconfig @@ -0,0 +1,6 @@ +config FSL_CAAM + bool "Freescale Crypto Driver Support" + help + Enables the Freescale's Cryptographic Accelerator and Assurance + Module (CAAM), also known as the SEC version 4 (SEC4). The driver uses + Job Ring as interface to communicate with CAAM. diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile index cb13d2e..c0cf642 100644 --- a/drivers/crypto/fsl/Makefile +++ b/drivers/crypto/fsl/Makefile @@ -6,5 +6,7 @@ # Version 2 as published by the Free Software Foundation. # +obj-y += sec.o obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o obj-$(CONFIG_CMD_BLOB) += fsl_blob.o +obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o diff --git a/drivers/crypto/fsl/fsl_rsa.c b/drivers/crypto/fsl/fsl_rsa.c new file mode 100644 index 0000000..cf1c4c1 --- /dev/null +++ b/drivers/crypto/fsl/fsl_rsa.c @@ -0,0 +1,60 @@ +/* + * (C) Copyright 2014 Freescale Semiconductor, Inc. + * Author: Ruchika Gupta <ruchika.gupta@freescale.com> + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <config.h> +#include <common.h> +#include <dm.h> +#include <asm/types.h> +#include <malloc.h> +#include "jobdesc.h" +#include "desc.h" +#include "jr.h" +#include "rsa_caam.h" +#include <u-boot/rsa-mod-exp.h> + +int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *prop, uint8_t *out) +{ + uint32_t keylen; + struct pk_in_params pkin; + uint32_t desc[MAX_CAAM_DESCSIZE]; + int ret; + + /* Length in bytes */ + keylen = prop->num_bits / 8; + + pkin.a = sig; + pkin.a_siz = sig_len; + pkin.n = prop->modulus; + pkin.n_siz = keylen; + pkin.e = prop->public_exponent; + pkin.e_siz = prop->exp_len; + + inline_cnstr_jobdesc_pkha_rsaexp(desc, &pkin, out, sig_len); + + ret = run_descriptor_jr(desc); + if (ret) { + debug("%s: RSA failed to verify: %d\n", __func__, ret); + return -EFAULT; + } + + return 0; +} + +static const struct mod_exp_ops fsl_mod_exp_ops = { + .mod_exp = fsl_mod_exp, +}; + +U_BOOT_DRIVER(fsl_rsa_mod_exp) = { + .name = "fsl_rsa_mod_exp", + .id = UCLASS_MOD_EXP, + .ops = &fsl_mod_exp_ops, +}; + +U_BOOT_DEVICE(fsl_rsa) = { + .name = "fsl_rsa_mod_exp", +}; diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c index 1386bae..cc0dced 100644 --- a/drivers/crypto/fsl/jobdesc.c +++ b/drivers/crypto/fsl/jobdesc.c @@ -11,6 +11,7 @@ #include <common.h> #include "desc_constr.h" #include "jobdesc.h" +#include "rsa_caam.h" #define KEY_BLOB_SIZE 32 #define MAC_SIZE 16 @@ -123,3 +124,30 @@ void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc) append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG | OP_ALG_RNG4_SK); } + +/* Change key size to bytes form bits in calling function*/ +void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc, + struct pk_in_params *pkin, uint8_t *out, + uint32_t out_siz) +{ + dma_addr_t dma_addr_e, dma_addr_a, dma_addr_n, dma_addr_out; + + dma_addr_e = virt_to_phys((void *)pkin->e); + dma_addr_a = virt_to_phys((void *)pkin->a); + dma_addr_n = virt_to_phys((void *)pkin->n); + dma_addr_out = virt_to_phys((void *)out); + + init_job_desc(desc, 0); + append_key(desc, dma_addr_e, pkin->e_siz, KEY_DEST_PKHA_E | CLASS_1); + + append_fifo_load(desc, dma_addr_a, + pkin->a_siz, LDST_CLASS_1_CCB | FIFOLD_TYPE_PK_A); + + append_fifo_load(desc, dma_addr_n, + pkin->n_siz, LDST_CLASS_1_CCB | FIFOLD_TYPE_PK_N); + + append_operation(desc, OP_TYPE_PK | OP_ALG_PK | OP_ALG_PKMODE_MOD_EXPO); + + append_fifo_store(desc, dma_addr_out, out_siz, + LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B); +} diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h index 3cf7226..84b3edd 100644 --- a/drivers/crypto/fsl/jobdesc.h +++ b/drivers/crypto/fsl/jobdesc.h @@ -10,6 +10,7 @@ #include <common.h> #include <asm/io.h> +#include "rsa_caam.h" #define KEY_IDNFR_SZ_BYTES 16 @@ -26,4 +27,8 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, uint32_t out_sz); void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc); + +void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc, + struct pk_in_params *pkin, uint8_t *out, + uint32_t out_siz); #endif diff --git a/drivers/crypto/fsl/rsa_caam.h b/drivers/crypto/fsl/rsa_caam.h new file mode 100644 index 0000000..4ff87ef --- /dev/null +++ b/drivers/crypto/fsl/rsa_caam.h @@ -0,0 +1,28 @@ +/* + * Copyright 2014 Freescale Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef __RSA_CAAM_H +#define __RSA_CAAM_H + +#include <common.h> + +/** + * struct pk_in_params - holder for input to PKHA block in CAAM + * These parameters are required to perform Modular Exponentiation + * using PKHA Block in CAAM + */ +struct pk_in_params { + const uint8_t *e; /* public exponent as byte array */ + uint32_t e_siz; /* size of e[] in number of bytes */ + const uint8_t *n; /* modulus as byte array */ + uint32_t n_siz; /* size of n[] in number of bytes */ + const uint8_t *a; /* Signature as byte array */ + uint32_t a_siz; /* size of a[] in number of bytes */ + uint8_t *b; /* Result exp. modulus in number of bytes */ + uint32_t b_siz; /* size of b[] in number of bytes */ +}; + +#endif diff --git a/drivers/crypto/fsl/sec.c b/drivers/crypto/fsl/sec.c new file mode 100644 index 0000000..443ee96 --- /dev/null +++ b/drivers/crypto/fsl/sec.c @@ -0,0 +1,184 @@ +/* + * Copyright 2014 Freescale Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <libfdt.h> +#include <fdt_support.h> +#if CONFIG_SYS_FSL_SEC_COMPAT == 2 || CONFIG_SYS_FSL_SEC_COMPAT >= 4 +#include <fsl_sec.h> +#endif + +/* + * update crypto node properties to a specified revision of the SEC + * called with sec_rev == 0 if not on an E processor + */ +#if CONFIG_SYS_FSL_SEC_COMPAT == 2 /* SEC 2.x/3.x */ +void fdt_fixup_crypto_node(void *blob, int sec_rev) +{ + static const struct sec_rev_prop { + u32 sec_rev; + u32 num_channels; + u32 channel_fifo_len; + u32 exec_units_mask; + u32 descriptor_types_mask; + } sec_rev_prop_list[] = { + { 0x0200, 4, 24, 0x07e, 0x01010ebf }, /* SEC 2.0 */ + { 0x0201, 4, 24, 0x0fe, 0x012b0ebf }, /* SEC 2.1 */ + { 0x0202, 1, 24, 0x04c, 0x0122003f }, /* SEC 2.2 */ + { 0x0204, 4, 24, 0x07e, 0x012b0ebf }, /* SEC 2.4 */ + { 0x0300, 4, 24, 0x9fe, 0x03ab0ebf }, /* SEC 3.0 */ + { 0x0301, 4, 24, 0xbfe, 0x03ab0ebf }, /* SEC 3.1 */ + { 0x0303, 4, 24, 0x97c, 0x03a30abf }, /* SEC 3.3 */ + }; + static char compat_strlist[ARRAY_SIZE(sec_rev_prop_list) * + sizeof("fsl,secX.Y")]; + int crypto_node, sec_idx, err; + char *p; + u32 val; + + /* locate crypto node based on lowest common compatible */ + crypto_node = fdt_node_offset_by_compatible(blob, -1, "fsl,sec2.0"); + if (crypto_node == -FDT_ERR_NOTFOUND) + return; + + /* delete it if not on an E-processor */ + if (crypto_node > 0 && !sec_rev) { + fdt_del_node(blob, crypto_node); + return; + } + + /* else we got called for possible uprev */ + for (sec_idx = 0; sec_idx < ARRAY_SIZE(sec_rev_prop_list); sec_idx++) + if (sec_rev_prop_list[sec_idx].sec_rev == sec_rev) + break; + + if (sec_idx == ARRAY_SIZE(sec_rev_prop_list)) { + puts("warning: unknown SEC revision number\n"); + return; + } + + val = cpu_to_fdt32(sec_rev_prop_list[sec_idx].num_channels); + err = fdt_setprop(blob, crypto_node, "fsl,num-channels", &val, 4); + if (err < 0) + printf("WARNING: could not set crypto property: %s\n", + fdt_strerror(err)); + + val = cpu_to_fdt32(sec_rev_prop_list[sec_idx].descriptor_types_mask); + err = fdt_setprop(blob, crypto_node, "fsl,descriptor-types-mask", + &val, 4); + if (err < 0) + printf("WARNING: could not set crypto property: %s\n", + fdt_strerror(err)); + + val = cpu_to_fdt32(sec_rev_prop_list[sec_idx].exec_units_mask); + err = fdt_setprop(blob, crypto_node, "fsl,exec-units-mask", &val, 4); + if (err < 0) + printf("WARNING: could not set crypto property: %s\n", + fdt_strerror(err)); + + val = cpu_to_fdt32(sec_rev_prop_list[sec_idx].channel_fifo_len); + err = fdt_setprop(blob, crypto_node, "fsl,channel-fifo-len", &val, 4); + if (err < 0) + printf("WARNING: could not set crypto property: %s\n", + fdt_strerror(err)); + + val = 0; + while (sec_idx >= 0) { + p = compat_strlist + val; + val += sprintf(p, "fsl,sec%d.%d", + (sec_rev_prop_list[sec_idx].sec_rev & 0xff00) >> 8, + sec_rev_prop_list[sec_idx].sec_rev & 0x00ff) + 1; + sec_idx--; + } + err = fdt_setprop(blob, crypto_node, "compatible", &compat_strlist, + val); + if (err < 0) + printf("WARNING: could not set crypto property: %s\n", + fdt_strerror(err)); +} +#elif CONFIG_SYS_FSL_SEC_COMPAT >= 4 /* SEC4 */ +static u8 caam_get_era(void) +{ + static const struct { + u16 ip_id; + u8 maj_rev; + u8 era; + } caam_eras[] = { + {0x0A10, 1, 1}, + {0x0A10, 2, 2}, + {0x0A12, 1, 3}, + {0x0A14, 1, 3}, + {0x0A14, 2, 4}, + {0x0A16, 1, 4}, + {0x0A10, 3, 4}, + {0x0A11, 1, 4}, + {0x0A18, 1, 4}, + {0x0A11, 2, 5}, + {0x0A12, 2, 5}, + {0x0A13, 1, 5}, + {0x0A1C, 1, 5} + }; + + ccsr_sec_t __iomem *sec = (void __iomem *)CONFIG_SYS_FSL_SEC_ADDR; + u32 secvid_ms = sec_in32(&sec->secvid_ms); + u32 ccbvid = sec_in32(&sec->ccbvid); + u16 ip_id = (secvid_ms & SEC_SECVID_MS_IPID_MASK) >> + SEC_SECVID_MS_IPID_SHIFT; + u8 maj_rev = (secvid_ms & SEC_SECVID_MS_MAJ_REV_MASK) >> + SEC_SECVID_MS_MAJ_REV_SHIFT; + u8 era = (ccbvid & SEC_CCBVID_ERA_MASK) >> SEC_CCBVID_ERA_SHIFT; + + int i; + + if (era) /* This is '0' prior to CAAM ERA-6 */ + return era; + + for (i = 0; i < ARRAY_SIZE(caam_eras); i++) + if (caam_eras[i].ip_id == ip_id && + caam_eras[i].maj_rev == maj_rev) + return caam_eras[i].era; + + return 0; +} + +static void fdt_fixup_crypto_era(void *blob, u32 era) +{ + int err; + int crypto_node; + + crypto_node = fdt_path_offset(blob, "crypto"); + if (crypto_node < 0) { + printf("WARNING: Missing crypto node\n"); + return; + } + + err = fdt_setprop(blob, crypto_node, "fsl,sec-era", &era, + sizeof(era)); + if (err < 0) { + printf("ERROR: could not set fsl,sec-era property: %s\n", + fdt_strerror(err)); + } +} + +void fdt_fixup_crypto_node(void *blob, int sec_rev) +{ + u8 era; + + if (!sec_rev) { + fdt_del_node_and_alias(blob, "crypto"); + return; + } + + /* Add SEC ERA information in compatible */ + era = caam_get_era(); + if (era) { + fdt_fixup_crypto_era(blob, era); + } else { + printf("WARNING: Unable to get ERA for CAAM rev: %d\n", + sec_rev); + } +} +#endif diff --git a/drivers/crypto/rsa_mod_exp/Kconfig b/drivers/crypto/rsa_mod_exp/Kconfig new file mode 100644 index 0000000..6dcb39a --- /dev/null +++ b/drivers/crypto/rsa_mod_exp/Kconfig @@ -0,0 +1,5 @@ +config DM_MOD_EXP + bool "Enable Driver Model for RSA Modular Exponentiation" + depends on DM + help + If you want to use driver model for RSA Modular Exponentiation, say Y. diff --git a/drivers/crypto/rsa_mod_exp/Makefile b/drivers/crypto/rsa_mod_exp/Makefile new file mode 100644 index 0000000..915b751 --- /dev/null +++ b/drivers/crypto/rsa_mod_exp/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2014 Freescale Semiconductor, Inc. +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_RSA) += mod_exp_uclass.o mod_exp_sw.o diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c new file mode 100644 index 0000000..dc6c064 --- /dev/null +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -0,0 +1,39 @@ +/* + * (C) Copyright 2014 Freescale Semiconductor, Inc. + * Author: Ruchika Gupta <ruchika.gupta@freescale.com> + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <config.h> +#include <common.h> +#include <dm.h> +#include <u-boot/rsa-mod-exp.h> + +int mod_exp_sw(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *prop, uint8_t *out) +{ + int ret = 0; + + ret = rsa_mod_exp_sw(sig, sig_len, prop, out); + if (ret) { + debug("%s: RSA failed to verify: %d\n", __func__, ret); + return ret; + } + + return 0; +} + +static const struct mod_exp_ops mod_exp_ops_sw = { + .mod_exp = mod_exp_sw, +}; + +U_BOOT_DRIVER(mod_exp_sw) = { + .name = "mod_exp_sw", + .id = UCLASS_MOD_EXP, + .ops = &mod_exp_ops_sw, +}; + +U_BOOT_DEVICE(mod_exp_sw) = { + .name = "mod_exp_sw", +}; diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_uclass.c b/drivers/crypto/rsa_mod_exp/mod_exp_uclass.c new file mode 100644 index 0000000..266f094 --- /dev/null +++ b/drivers/crypto/rsa_mod_exp/mod_exp_uclass.c @@ -0,0 +1,31 @@ +/* + * (C) Copyright 2014 Freescale Semiconductor, Inc + * Author: Ruchika Gupta <ruchika.gupta@freescale.com> + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <dm.h> +#include <u-boot/rsa-mod-exp.h> +#include <errno.h> +#include <fdtdec.h> +#include <malloc.h> +#include <asm/io.h> +#include <linux/list.h> + +int rsa_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *node, uint8_t *out) +{ + const struct mod_exp_ops *ops = device_get_ops(dev); + + if (!ops->mod_exp) + return -ENOSYS; + + return ops->mod_exp(dev, sig, sig_len, node, out); +} + +UCLASS_DRIVER(mod_exp) = { + .id = UCLASS_MOD_EXP, + .name = "rsa_mod_exp", +}; |