summaryrefslogtreecommitdiff
path: root/drivers/crypto
Commit message (Collapse)AuthorAgeLines
* Merge branch 'master' of git://git.denx.de/u-boot-mpc85xxTom Rini2015-03-05-1/+2
|\
| * rsa : Compile Modular Exponentiation files based on CONFIG_RSA_SOFTWARE_EXPgaurav rana2015-03-05-1/+2
| | | | | | | | | | | | | | | | | | | | Remove dependency of rsa_mod_exp from CONFIG_FIT_SIGNATURE. As rsa modular exponentiation is an independent module and can be invoked independently. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Acked-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <yorksun@freescale.com>
* | imx6: Added DEK blob generator commandRaul Cardenas2015-03-02-7/+256
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
* crypto/fsl - Add progressive hashing support using hardware acceleration.gaurav rana2015-02-25-1/+171
| | | | | | | | | | | Currently only normal hashing is supported using hardware acceleration. Added support for progressive hashing using hardware. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> CC: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <yorksun@freescale.com>
* crypto/fsl: Make function names consistent for blob encapsulation/decapsulation.gaurav rana2015-02-25-2/+2
| | | | | | | | | | | | | | | | This patch does the following: 1. The function names for encapsulation and decapsulation were inconsitent in freescale's implementation and cmd_blob file. This patch corrects the issues. 2. The function protopye is also modified to change the length parameter from u8 to u32 to allow encapsulation and decapsulation of larger images. 3. Modified the description of km paramter in the command usage for better readability. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
* DM: crypto/fsl - Add Freescale rsa DM driverRuchika Gupta2015-01-29-0/+129
| | | | | | | | | Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
* DM: crypto/rsa_mod_exp: Add rsa Modular Exponentiation DM driverRuchika Gupta2015-01-29-0/+83
| | | | | | | | | Add a new rsa uclass for performing modular exponentiation and implement the software driver basing on this uclass. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
* crypto/fsl: Add fixup for crypto nodeRuchika Gupta2015-01-23-0/+185
| | | | | | | | | | | Era property is added in the crypto node in device tree. Move the code to do so from arch/powerpc/mpc8xxx/fdt.c to drivers/sec/sec.c so that it can be used across arm and powerpc platforms having crypto node. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> [York Sun: Fix commit message indentation] Reviewed-by: York Sun <yorksun@freescale.com>
* crypto/fsl: Fix RNG instantiation failure.gaurav rana2014-12-15-1/+1
| | | | | | | | | | Corrected the order of arguments in memset in run_descriptor function. Wrong order of argumnets led to improper initialization of members of struct type result. This resulted in RNG instantiation error. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
* crypto/fsl: Add command for encapsulating/decapsulating blobsRuchika Gupta2014-10-16-1/+279
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
* fsl_sec: Add hardware accelerated SHA256 and SHA1Ruchika Gupta2014-10-16-0/+1773
| | | | | | | | | | SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
* kconfig: add blank Kconfig filesMasahiro Yamada2014-09-24-0/+0
| | | | | | | | This would be useful to start moving various config options. Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> Acked-by: Simon Glass <sjg@chromium.org> Tested-by: Simon Glass <sjg@chromium.org>
* includes: move openssl headers to include/u-bootJeroen Hofstee2014-06-19-2/+2
| | | | | | | | | | | | commit 18b06652cd "tools: include u-boot version of sha256.h" unconditionally forced the sha256.h from u-boot to be used for tools instead of the host version. This is fragile though as it will also include the host version. Therefore move it to include/u-boot to join u-boot/md5.h etc which were renamed for the same reason. cc: Simon Glass <sjg@chromium.org> Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
* drivers: crypto: ace_sha: add implementation of hardware based lib randPrzemyslaw Marczak2014-03-28-4/+77
| | | | | | | | | | | | | | | | | | | | This patch adds implementation of rand library based on hardware random number generator of security subsystem in Exynos SOC. This library includes: - srand() - used for seed hardware block - rand() - returns random number - rand_r() - the same as above with given seed which depends on CONFIG_EXYNOS_ACE_SHA and CONFIG_LIB_HW_RAND. Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com> cc: Akshay Saraswat <akshay.s@samsung.com> cc: ARUN MANKUZHI <arun.m@samsung.com> cc: Minkyu Kang <mk7.kang@samsung.com> Cc: Michael Walle <michael@walle.cc> Cc: Tom Rini <trini@ti.com> Cc: Masahiro Yamada <yamada.m@jp.panasonic.com>
* drivers: convert makefiles to Kbuild styleMasahiro Yamada2013-10-31-24/+1
| | | | Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
* Add GPL-2.0+ SPDX-License-Identifier to source filesWolfgang Denk2013-07-24-45/+3
| | | | | | Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Fixup common/cmd_io.c] Signed-off-by: Tom Rini <trini@ti.com>
* Exynos: Add hardware accelerated SHA256 and SHA1Akshay Saraswat2013-03-29-0/+498
SHA-256 and SHA-1 accelerated using ACE hardware. Signed-off-by: ARUN MANKUZHI <arun.m@samsung.com> Signed-off-by: Akshay Saraswat <akshay.s@samsung.com> Acked-by: Simon Glass <sjg@chromium.org>