diff options
Diffstat (limited to 'target/linux/layerscape/patches-5.4/804-crypto-0022-MLK-19801-2-crypto-caam-add-support-of-tagged-keys-i.patch')
-rw-r--r-- | target/linux/layerscape/patches-5.4/804-crypto-0022-MLK-19801-2-crypto-caam-add-support-of-tagged-keys-i.patch | 304 |
1 files changed, 304 insertions, 0 deletions
diff --git a/target/linux/layerscape/patches-5.4/804-crypto-0022-MLK-19801-2-crypto-caam-add-support-of-tagged-keys-i.patch b/target/linux/layerscape/patches-5.4/804-crypto-0022-MLK-19801-2-crypto-caam-add-support-of-tagged-keys-i.patch new file mode 100644 index 0000000000..915a2cdb47 --- /dev/null +++ b/target/linux/layerscape/patches-5.4/804-crypto-0022-MLK-19801-2-crypto-caam-add-support-of-tagged-keys-i.patch @@ -0,0 +1,304 @@ +From df1b397d7c5e79052fa56d1b256ededcd301a27a Mon Sep 17 00:00:00 2001 +From: Franck LENORMAND <franck.lenormand@nxp.com> +Date: Fri, 5 Oct 2018 16:41:54 +0200 +Subject: [PATCH] MLK-19801-2 crypto: caam - add support of tagged keys in + caamalg +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A tagged key is a key which has been tagged with metadata +using tag_object.h API. + +We add the support for these keys to caamalg. + +For each algo of caamalg which supports tagged keys , it is done by: + - Creating a modified version of the algo + - Registering the modified version + - When the modified transform is used, it gets + the load parameter of the key. + +Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> +(cherry picked from commit 88dee97d985890dbf37cafa7934c476d0ecfd0b3) +(Vipul: Fixed merge conflicts) +Conflicts: + drivers/crypto/caam/caamalg.c +Signed-off-by: Vipul Kumar <vipul_kumar@mentor.com> +(cherry picked from commit 5adebac40a7a8065c074f4a69f4ad760c67233f5) + +-port from ablkcipher to current skcipher implementation +-since in linux-imx true key_inline was always true: a. simplify +the descriptors and b. use key_cmd_opt to differentiate b/w tk and non-tk +cases +-change commit headline prefix + +Signed-off-by: Horia Geantă <horia.geanta@nxp.com> +--- + drivers/crypto/caam/Makefile | 3 +- + drivers/crypto/caam/caamalg.c | 91 +++++++++++++++++++++++++++++++++++++- + drivers/crypto/caam/caamalg_desc.c | 20 +++++++-- + drivers/crypto/caam/desc_constr.h | 4 ++ + drivers/crypto/caam/tag_object.c | 6 +-- + drivers/crypto/caam/tag_object.h | 6 +-- + 6 files changed, 118 insertions(+), 12 deletions(-) + +--- a/drivers/crypto/caam/Makefile ++++ b/drivers/crypto/caam/Makefile +@@ -15,6 +15,7 @@ obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_ + obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API_DESC) += caamhash_desc.o + + caam-y := ctrl.o ++caam-$(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) += tag_object.o + caam_jr-y := jr.o key_gen.o + caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API) += caamalg.o + caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI) += caamalg_qi.o +@@ -24,7 +25,7 @@ caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_PKC + caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM) += sm_store.o + caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM_TEST) += sm_test.o + caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SECVIO) += secvio.o +-caam-jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) += tag_object.o ++#caam-jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) += tag_object.o + + caam-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI) += qi.o + ifneq ($(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI),) +--- a/drivers/crypto/caam/caamalg.c ++++ b/drivers/crypto/caam/caamalg.c +@@ -57,6 +57,10 @@ + #include "key_gen.h" + #include "caamalg_desc.h" + ++#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API ++#include "tag_object.h" ++#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */ ++ + /* + * crypto alg + */ +@@ -83,6 +87,7 @@ struct caam_alg_entry { + bool rfc3686; + bool geniv; + bool nodkp; ++ bool support_tagged_key; + }; + + struct caam_aead_alg { +@@ -739,6 +744,44 @@ static int skcipher_setkey(struct crypto + ctx->cdata.key_virt = key; + ctx->cdata.key_inline = true; + ++#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API ++ /* ++ * Check if the key is not in plaintext format ++ */ ++ if (alg->caam.support_tagged_key) { ++ struct tag_object_conf *tagged_key_conf; ++ int ret; ++ ++ /* Get the configuration */ ++ ret = get_tag_object_conf(ctx->cdata.key_virt, ++ ctx->cdata.keylen, &tagged_key_conf); ++ if (ret) { ++ dev_err(jrdev, ++ "caam algorithms can't process tagged key\n"); ++ return ret; ++ } ++ ++ /* Only support black key */ ++ if (!is_bk_conf(tagged_key_conf)) { ++ dev_err(jrdev, ++ "The tagged key provided is not a black key\n"); ++ return -EINVAL; ++ } ++ ++ get_blackey_conf(&tagged_key_conf->conf.bk_conf, ++ &ctx->cdata.key_real_len, ++ &ctx->cdata.key_cmd_opt); ++ ++ ret = get_tagged_data(ctx->cdata.key_virt, ctx->cdata.keylen, ++ &ctx->cdata.key_virt, &ctx->cdata.keylen); ++ if (ret) { ++ dev_err(jrdev, ++ "caam algorithms wrong data from tagged key\n"); ++ return ret; ++ } ++ } ++#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */ ++ + /* skcipher_encrypt shared descriptor */ + desc = ctx->sh_desc_enc; + cnstr_shdsc_skcipher_encap(desc, &ctx->cdata, ivsize, is_rfc3686, +@@ -824,6 +867,14 @@ static int arc4_skcipher_setkey(struct c + return skcipher_setkey(skcipher, key, keylen, 0); + } + ++#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API ++static int tk_skcipher_setkey(struct crypto_skcipher *skcipher, ++ const u8 *key, unsigned int keylen) ++{ ++ return skcipher_setkey(skcipher, key, keylen, 0); ++} ++#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */ ++ + static int des_skcipher_setkey(struct crypto_skcipher *skcipher, + const u8 *key, unsigned int keylen) + { +@@ -1924,6 +1975,25 @@ static struct caam_skcipher_alg driver_a + }, + .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, + }, ++#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API ++ { ++ .skcipher = { ++ .base = { ++ .cra_name = "tk(cbc(aes))", ++ .cra_driver_name = "tk-cbc-aes-caam", ++ .cra_blocksize = AES_BLOCK_SIZE, ++ }, ++ .setkey = tk_skcipher_setkey, ++ .encrypt = skcipher_encrypt, ++ .decrypt = skcipher_decrypt, ++ .min_keysize = TAG_MIN_SIZE, ++ .max_keysize = CAAM_MAX_KEY_SIZE, ++ .ivsize = AES_BLOCK_SIZE, ++ }, ++ .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC, ++ .caam.support_tagged_key = true, ++ }, ++#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */ + { + .skcipher = { + .base = { +@@ -2043,6 +2113,24 @@ static struct caam_skcipher_alg driver_a + }, + .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_ECB, + }, ++#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API ++ { ++ .skcipher = { ++ .base = { ++ .cra_name = "tk(ecb(aes))", ++ .cra_driver_name = "tk-ecb-aes-caam", ++ .cra_blocksize = AES_BLOCK_SIZE, ++ }, ++ .setkey = tk_skcipher_setkey, ++ .encrypt = skcipher_encrypt, ++ .decrypt = skcipher_decrypt, ++ .min_keysize = TAG_MIN_SIZE, ++ .max_keysize = CAAM_MAX_KEY_SIZE, ++ }, ++ .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_ECB, ++ .caam.support_tagged_key = true, ++ }, ++#endif /* CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API */ + { + .skcipher = { + .base = { +@@ -3507,7 +3595,8 @@ static void caam_skcipher_alg_init(struc + struct skcipher_alg *alg = &t_alg->skcipher; + + alg->base.cra_module = THIS_MODULE; +- alg->base.cra_priority = CAAM_CRA_PRIORITY; ++ alg->base.cra_priority = ++ t_alg->caam.support_tagged_key ? 1 : CAAM_CRA_PRIORITY; + alg->base.cra_ctxsize = sizeof(struct caam_ctx); + alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY; + +--- a/drivers/crypto/caam/caamalg_desc.c ++++ b/drivers/crypto/caam/caamalg_desc.c +@@ -1386,8 +1386,14 @@ void cnstr_shdsc_skcipher_encap(u32 * co + JUMP_COND_SHRD); + + /* Load class1 key only */ +- append_key_as_imm(desc, cdata->key_virt, cdata->keylen, +- cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); ++ if (IS_ENABLED(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) && ++ cdata->key_cmd_opt) ++ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, ++ cdata->key_real_len, CLASS_1 | ++ KEY_DEST_CLASS_REG | cdata->key_cmd_opt); ++ else ++ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, ++ cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + + /* Load nonce into CONTEXT1 reg */ + if (is_rfc3686) { +@@ -1458,8 +1464,14 @@ void cnstr_shdsc_skcipher_decap(u32 * co + JUMP_COND_SHRD); + + /* Load class1 key only */ +- append_key_as_imm(desc, cdata->key_virt, cdata->keylen, +- cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); ++ if (IS_ENABLED(CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API) && ++ cdata->key_cmd_opt) ++ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, ++ cdata->key_real_len, CLASS_1 | ++ KEY_DEST_CLASS_REG | cdata->key_cmd_opt); ++ else ++ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, ++ cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + + /* Load nonce into CONTEXT1 reg */ + if (is_rfc3686) { +--- a/drivers/crypto/caam/desc_constr.h ++++ b/drivers/crypto/caam/desc_constr.h +@@ -500,6 +500,8 @@ do { \ + * @key_virt: virtual address where algorithm key resides + * @key_inline: true - key can be inlined in the descriptor; false - key is + * referenced by the descriptor ++ * @key_real_len: size of the key to be loaded by the CAAM ++ * @key_cmd_opt: optional parameters for KEY command + */ + struct alginfo { + u32 algtype; +@@ -508,6 +510,8 @@ struct alginfo { + dma_addr_t key_dma; + const void *key_virt; + bool key_inline; ++ u32 key_real_len; ++ u32 key_cmd_opt; + }; + + /** +--- a/drivers/crypto/caam/tag_object.c ++++ b/drivers/crypto/caam/tag_object.c +@@ -128,7 +128,7 @@ EXPORT_SYMBOL(is_valid_tag_object_conf); + * + * Return: 0 if success, else error code + */ +-int get_tag_object_conf(void *buffer, size_t size, ++int get_tag_object_conf(const void *buffer, size_t size, + struct tag_object_conf **tag_obj_conf) + { + bool is_valid; +@@ -240,8 +240,8 @@ EXPORT_SYMBOL(get_blackey_conf); + * + * Return: 0 if success, else error code + */ +-int get_tagged_data(void *tagged_object, size_t tagged_object_size, +- void **data, u32 *data_size) ++int get_tagged_data(const void *tagged_object, size_t tagged_object_size, ++ const void **data, u32 *data_size) + { + struct tagged_object *tago = + (struct tagged_object *)tagged_object; +--- a/drivers/crypto/caam/tag_object.h ++++ b/drivers/crypto/caam/tag_object.h +@@ -80,7 +80,7 @@ bool is_valid_tag_object_conf(const stru + void init_tag_object_header(struct conf_header *conf_header, + enum tag_type type); + +-int get_tag_object_conf(void *buffer, size_t buffer_size, ++int get_tag_object_conf(const void *buffer, size_t buffer_size, + struct tag_object_conf **tag_obj_conf); + + int set_tag_object_conf(const struct tag_object_conf *tag_obj_conf, +@@ -94,7 +94,7 @@ void get_blackey_conf(const struct black + void init_blackey_conf(struct blackey_conf *blackey_conf, + size_t len, bool ccm, bool tk); + +-int get_tagged_data(void *buffer, size_t buffer_size, +- void **data, u32 *data_size); ++int get_tagged_data(const void *buffer, size_t buffer_size, ++ const void **data, u32 *data_size); + + #endif /* _TAG_OBJECT_H_ */ |