diff mbox series

[v0,7/8] caam alg: symmetric key ciphers are updated

Message ID 20221006130837.17587-8-pankaj.gupta@nxp.com (mailing list archive)
State New, archived
Headers show
Series Hardware Bound key added to Trusted Key-Ring | expand

Commit Message

Pankaj Gupta Oct. 6, 2022, 1:08 p.m. UTC
Changes to enable:
- To work both with black key and plain key.
- It is supported in context of trusted key only.
  - as meta-data is added as part of trusted key generation.
  - otherwise, work as previously.

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
---
 drivers/crypto/caam/caamalg.c      | 43 ++++++++++++++++++++++++++++--
 drivers/crypto/caam/caamalg_desc.c |  8 +++---
 drivers/crypto/caam/desc_constr.h  |  6 ++++-
 3 files changed, 51 insertions(+), 6 deletions(-)

Comments

Jarkko Sakkinen Oct. 12, 2022, 9:01 a.m. UTC | #1
On Thu, Oct 06, 2022 at 06:38:36PM +0530, Pankaj Gupta wrote:
> Changes to enable:
> - To work both with black key and plain key.
> - It is supported in context of trusted key only.
>   - as meta-data is added as part of trusted key generation.
>   - otherwise, work as previously.
> 
> Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>

These commit messages look more like a personal backlog
copy-pasted than a reasonable summary of what is the
movation with the change and how the change achieves
the goals.

BR, Jarkko
diff mbox series

Patch

diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index d3d8bb0a6990..94e971297a9d 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -3,7 +3,7 @@ 
  * caam - Freescale FSL CAAM support for crypto API
  *
  * Copyright 2008-2011 Freescale Semiconductor, Inc.
- * Copyright 2016-2019 NXP
+ * Copyright 2016-2022 NXP
  *
  * Based on talitos crypto API driver.
  *
@@ -59,6 +59,8 @@ 
 #include <crypto/engine.h>
 #include <crypto/xts.h>
 #include <asm/unaligned.h>
+#include <linux/hw_bound_key.h>
+#include <soc/fsl/caam-blob.h>
 
 /*
  * crypto alg
@@ -741,9 +743,25 @@  static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
 	print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
 			     DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
 
+	/* Here keylen is actual key length */
 	ctx->cdata.keylen = keylen;
 	ctx->cdata.key_virt = key;
 	ctx->cdata.key_inline = true;
+	/* Here real key len is plain key length */
+	ctx->cdata.key_real_len = keylen;
+	ctx->cdata.key_cmd_opt = 0;
+
+	/* check if the key is HBK */
+	if (skcipher->base.is_hbk) {
+		ctx->cdata.key_cmd_opt |= KEY_ENC;
+
+		/* check if the HBK is CCM key */
+		if (skcipher->base.hbk_info.flags
+				& HWBK_FLAGS_CAAM_CCM_ALGO_MASK)
+			ctx->cdata.key_cmd_opt |= KEY_EKT;
+
+		ctx->cdata.key_real_len = skcipher->base.hbk_info.key_sz;
+	}
 
 	/* skcipher_encrypt shared descriptor */
 	desc = ctx->sh_desc_enc;
@@ -762,12 +780,33 @@  static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
 	return 0;
 }
 
+static int caam_hbk_check_keylen(struct hw_bound_key_info *hbk_info,
+				 unsigned int keylen)
+{
+	u32 overhead = 0;
+
+	if (hbk_info->flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK)
+		overhead += CCM_OVERHEAD;
+
+	/* deduce the hb_key_len, by adding plain-key len
+	 * and encryption overhead.
+	 */
+	if (keylen != (hbk_info->key_sz + overhead))
+		return -EINVAL;
+
+	return aes_check_keylen(hbk_info->key_sz);
+}
+
 static int aes_skcipher_setkey(struct crypto_skcipher *skcipher,
 			       const u8 *key, unsigned int keylen)
 {
 	int err;
 
-	err = aes_check_keylen(keylen);
+	if (skcipher->base.is_hbk)
+		err = caam_hbk_check_keylen(&(skcipher->base.hbk_info), keylen);
+	else
+		err = aes_check_keylen(keylen);
+
 	if (err)
 		return err;
 
diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c
index 7571e1ac913b..784acae8c9b7 100644
--- a/drivers/crypto/caam/caamalg_desc.c
+++ b/drivers/crypto/caam/caamalg_desc.c
@@ -2,7 +2,7 @@ 
 /*
  * Shared descriptors for aead, skcipher algorithms
  *
- * Copyright 2016-2019 NXP
+ * Copyright 2016-2022 NXP
  */
 
 #include "compat.h"
@@ -1391,7 +1391,8 @@  void cnstr_shdsc_skcipher_encap(u32 * const desc, struct alginfo *cdata,
 
 	/* Load class1 key only */
 	append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
-			  cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG);
+			  cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG
+					       | cdata->key_cmd_opt);
 
 	/* Load nonce into CONTEXT1 reg */
 	if (is_rfc3686) {
@@ -1466,7 +1467,8 @@  void cnstr_shdsc_skcipher_decap(u32 * const desc, struct alginfo *cdata,
 
 	/* Load class1 key only */
 	append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
-			  cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG);
+			  cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG
+					       | cdata->key_cmd_opt);
 
 	/* Load nonce into CONTEXT1 reg */
 	if (is_rfc3686) {
diff --git a/drivers/crypto/caam/desc_constr.h b/drivers/crypto/caam/desc_constr.h
index 62ce6421bb3f..d652bdbf3f91 100644
--- a/drivers/crypto/caam/desc_constr.h
+++ b/drivers/crypto/caam/desc_constr.h
@@ -3,7 +3,7 @@ 
  * caam descriptor construction helper functions
  *
  * Copyright 2008-2012 Freescale Semiconductor, Inc.
- * Copyright 2019 NXP
+ * Copyright 2019-2022 NXP
  */
 
 #ifndef DESC_CONSTR_H
@@ -500,6 +500,8 @@  do { \
  * @key_virt: virtual address where algorithm key resides
  * @key_inline: true - key can be inlined in the descriptor; false - key is
  *              referenced by the descriptor
+ * @key_real_len: size of the key to be loaded by the CAAM
+ * @key_cmd_opt: optional parameters for KEY command
  */
 struct alginfo {
 	u32 algtype;
@@ -508,6 +510,8 @@  struct alginfo {
 	dma_addr_t key_dma;
 	const void *key_virt;
 	bool key_inline;
+	u32 key_real_len;
+	u32 key_cmd_opt;
 };
 
 /**