Changes to enable: - To work both with black key and plain key. - It is supported in context of trusted key only. - as meta-data is added as part of trusted key generation. - otherwise, work as previously. Signed-off-by: Pankaj Gupta <pankaj.gupta@xxxxxxx> --- drivers/crypto/caam/caamalg.c | 43 ++++++++++++++++++++++++++++-- drivers/crypto/caam/caamalg_desc.c | 8 +++--- drivers/crypto/caam/desc_constr.h | 6 ++++- 3 files changed, 51 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index d3d8bb0a6990..94e971297a9d 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -3,7 +3,7 @@ * caam - Freescale FSL CAAM support for crypto API * * Copyright 2008-2011 Freescale Semiconductor, Inc. - * Copyright 2016-2019 NXP + * Copyright 2016-2022 NXP * * Based on talitos crypto API driver. * @@ -59,6 +59,8 @@ #include <crypto/engine.h> #include <crypto/xts.h> #include <asm/unaligned.h> +#include <linux/hw_bound_key.h> +#include <soc/fsl/caam-blob.h> /* * crypto alg @@ -741,9 +743,25 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, print_hex_dump_debug("key in @"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); + /* Here keylen is actual key length */ ctx->cdata.keylen = keylen; ctx->cdata.key_virt = key; ctx->cdata.key_inline = true; + /* Here real key len is plain key length */ + ctx->cdata.key_real_len = keylen; + ctx->cdata.key_cmd_opt = 0; + + /* check if the key is HBK */ + if (skcipher->base.is_hbk) { + ctx->cdata.key_cmd_opt |= KEY_ENC; + + /* check if the HBK is CCM key */ + if (skcipher->base.hbk_info.flags + & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) + ctx->cdata.key_cmd_opt |= KEY_EKT; + + ctx->cdata.key_real_len = skcipher->base.hbk_info.key_sz; + } /* skcipher_encrypt shared descriptor */ desc = ctx->sh_desc_enc; @@ -762,12 +780,33 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, return 0; } +static int caam_hbk_check_keylen(struct hw_bound_key_info *hbk_info, + unsigned int keylen) +{ + u32 overhead = 0; + + if (hbk_info->flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) + overhead += CCM_OVERHEAD; + + /* deduce the hb_key_len, by adding plain-key len + * and encryption overhead. + */ + if (keylen != (hbk_info->key_sz + overhead)) + return -EINVAL; + + return aes_check_keylen(hbk_info->key_sz); +} + static int aes_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, unsigned int keylen) { int err; - err = aes_check_keylen(keylen); + if (skcipher->base.is_hbk) + err = caam_hbk_check_keylen(&(skcipher->base.hbk_info), keylen); + else + err = aes_check_keylen(keylen); + if (err) return err; diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c index 7571e1ac913b..784acae8c9b7 100644 --- a/drivers/crypto/caam/caamalg_desc.c +++ b/drivers/crypto/caam/caamalg_desc.c @@ -2,7 +2,7 @@ /* * Shared descriptors for aead, skcipher algorithms * - * Copyright 2016-2019 NXP + * Copyright 2016-2022 NXP */ #include "compat.h" @@ -1391,7 +1391,8 @@ void cnstr_shdsc_skcipher_encap(u32 * const desc, struct alginfo *cdata, /* Load class1 key only */ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, - cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG + | cdata->key_cmd_opt); /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { @@ -1466,7 +1467,8 @@ void cnstr_shdsc_skcipher_decap(u32 * const desc, struct alginfo *cdata, /* Load class1 key only */ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, - cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG + | cdata->key_cmd_opt); /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { diff --git a/drivers/crypto/caam/desc_constr.h b/drivers/crypto/caam/desc_constr.h index 62ce6421bb3f..d652bdbf3f91 100644 --- a/drivers/crypto/caam/desc_constr.h +++ b/drivers/crypto/caam/desc_constr.h @@ -3,7 +3,7 @@ * caam descriptor construction helper functions * * Copyright 2008-2012 Freescale Semiconductor, Inc. - * Copyright 2019 NXP + * Copyright 2019-2022 NXP */ #ifndef DESC_CONSTR_H @@ -500,6 +500,8 @@ do { \ * @key_virt: virtual address where algorithm key resides * @key_inline: true - key can be inlined in the descriptor; false - key is * referenced by the descriptor + * @key_real_len: size of the key to be loaded by the CAAM + * @key_cmd_opt: optional parameters for KEY command */ struct alginfo { u32 algtype; @@ -508,6 +510,8 @@ struct alginfo { dma_addr_t key_dma; const void *key_virt; bool key_inline; + u32 key_real_len; + u32 key_cmd_opt; }; /** -- 2.17.1