Commit de975d8500dc9423d10faf8c8290f6463662144c
1 parent
68261e4ca3
Exists in
smarc-imx_v2018.03_4.14.78_1.0.0_ga
MA-13831-3 [trusty] Add command to generate rng with CAAM
Add new hwcrypto command to support rng generation with CAAM. Test: rng generated on imx8qxp_mek. Change-Id: I756f3e99423f0f9dfc2bcd30117a3f96e9f5f2f7 Signed-off-by: Ji Luo <ji.luo@nxp.com>
Showing 3 changed files with 39 additions and 0 deletions Inline Diff
include/interface/hwcrypto/hwcrypto.h
1 | /* | 1 | /* |
2 | * Copyright (C) 2016 The Android Open Source Project | 2 | * Copyright (C) 2016 The Android Open Source Project |
3 | * Copyright NXP 2018 | 3 | * Copyright NXP 2018 |
4 | * | 4 | * |
5 | * Permission is hereby granted, free of charge, to any person | 5 | * Permission is hereby granted, free of charge, to any person |
6 | * obtaining a copy of this software and associated documentation | 6 | * obtaining a copy of this software and associated documentation |
7 | * files (the "Software"), to deal in the Software without | 7 | * files (the "Software"), to deal in the Software without |
8 | * restriction, including without limitation the rights to use, copy, | 8 | * restriction, including without limitation the rights to use, copy, |
9 | * modify, merge, publish, distribute, sublicense, and/or sell copies | 9 | * modify, merge, publish, distribute, sublicense, and/or sell copies |
10 | * of the Software, and to permit persons to whom the Software is | 10 | * of the Software, and to permit persons to whom the Software is |
11 | * furnished to do so, subject to the following conditions: | 11 | * furnished to do so, subject to the following conditions: |
12 | * | 12 | * |
13 | * The above copyright notice and this permission notice shall be | 13 | * The above copyright notice and this permission notice shall be |
14 | * included in all copies or substantial portions of the Software. | 14 | * included in all copies or substantial portions of the Software. |
15 | * | 15 | * |
16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | 17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | 18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS | 19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
20 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN | 20 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
21 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | 21 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | 22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
23 | * SOFTWARE. | 23 | * SOFTWARE. |
24 | * | 24 | * |
25 | */ | 25 | */ |
26 | 26 | ||
27 | #ifndef TRUSTY_INTERFACE_HWCRYPTO_H_ | 27 | #ifndef TRUSTY_INTERFACE_HWCRYPTO_H_ |
28 | #define TRUSTY_INTERFACE_HWCRYPTO_H_ | 28 | #define TRUSTY_INTERFACE_HWCRYPTO_H_ |
29 | 29 | ||
30 | #include <trusty/sysdeps.h> | 30 | #include <trusty/sysdeps.h> |
31 | 31 | ||
32 | #define HWCRYPTO_PORT "com.android.trusty.hwcrypto" | 32 | #define HWCRYPTO_PORT "com.android.trusty.hwcrypto" |
33 | #define HWCRYPTO_MAX_BUFFER_LENGTH 2048 | 33 | #define HWCRYPTO_MAX_BUFFER_LENGTH 2048 |
34 | 34 | ||
35 | enum hwcrypto_command { | 35 | enum hwcrypto_command { |
36 | HWCRYPTO_REQ_SHIFT = 1, | 36 | HWCRYPTO_REQ_SHIFT = 1, |
37 | HWCRYPTO_RESP_BIT = 1, | 37 | HWCRYPTO_RESP_BIT = 1, |
38 | 38 | ||
39 | HWCRYPTO_HASH = (1 << HWCRYPTO_REQ_SHIFT), | 39 | HWCRYPTO_HASH = (1 << HWCRYPTO_REQ_SHIFT), |
40 | HWCRYPTO_ENCAP_BLOB = (2 << HWCRYPTO_REQ_SHIFT), | 40 | HWCRYPTO_ENCAP_BLOB = (2 << HWCRYPTO_REQ_SHIFT), |
41 | HWCRYPTO_GEN_RNG = (3 << HWCRYPTO_REQ_SHIFT), | ||
41 | }; | 42 | }; |
42 | 43 | ||
43 | /** | 44 | /** |
44 | * enum hwcrypto_error - error codes for HWCRYPTO protocol | 45 | * enum hwcrypto_error - error codes for HWCRYPTO protocol |
45 | * @HWCRYPTO_ERROR_NONE: All OK | 46 | * @HWCRYPTO_ERROR_NONE: All OK |
46 | * @HWCRYPTO_ERROR_INVALID: Invalid input | 47 | * @HWCRYPTO_ERROR_INVALID: Invalid input |
47 | * @HWCRYPTO_ERROR_INTERNAL: Error occurred during an operation in Trusty | 48 | * @HWCRYPTO_ERROR_INTERNAL: Error occurred during an operation in Trusty |
48 | */ | 49 | */ |
49 | enum hwcrypto_error { | 50 | enum hwcrypto_error { |
50 | HWCRYPTO_ERROR_NONE = 0, | 51 | HWCRYPTO_ERROR_NONE = 0, |
51 | HWCRYPTO_ERROR_INVALID = 1, | 52 | HWCRYPTO_ERROR_INVALID = 1, |
52 | HWCRYPTO_ERROR_INTERNAL = 2, | 53 | HWCRYPTO_ERROR_INTERNAL = 2, |
53 | }; | 54 | }; |
54 | 55 | ||
55 | enum hwcrypto_hash_algo { | 56 | enum hwcrypto_hash_algo { |
56 | SHA1 = 0, | 57 | SHA1 = 0, |
57 | SHA256 | 58 | SHA256 |
58 | }; | 59 | }; |
59 | /** | 60 | /** |
60 | * hwcrypto_message - Serial header for communicating with hwcrypto server | 61 | * hwcrypto_message - Serial header for communicating with hwcrypto server |
61 | * @cmd: the command. Payload must be a serialized buffer of the | 62 | * @cmd: the command. Payload must be a serialized buffer of the |
62 | * corresponding request object. | 63 | * corresponding request object. |
63 | * @result: resulting error code for message, one of hwcrypto_error. | 64 | * @result: resulting error code for message, one of hwcrypto_error. |
64 | * @payload: start of the serialized command specific payload | 65 | * @payload: start of the serialized command specific payload |
65 | */ | 66 | */ |
66 | struct hwcrypto_message { | 67 | struct hwcrypto_message { |
67 | uint32_t cmd; | 68 | uint32_t cmd; |
68 | uint32_t result; | 69 | uint32_t result; |
69 | uint8_t payload[0]; | 70 | uint8_t payload[0]; |
70 | }; | 71 | }; |
71 | 72 | ||
72 | /** | 73 | /** |
73 | * hwcrypto_hash_msg - Serial header for communicating with hwcrypto server | 74 | * hwcrypto_hash_msg - Serial header for communicating with hwcrypto server |
74 | * @in_addr: start address of the input buf. | 75 | * @in_addr: start address of the input buf. |
75 | * @in_len: size of the input buf. | 76 | * @in_len: size of the input buf. |
76 | * @out_addr: start addrss of the output buf. | 77 | * @out_addr: start addrss of the output buf. |
77 | * @out_len: size of the output buf. | 78 | * @out_len: size of the output buf. |
78 | * @algo: hash algorithm expect to use. | 79 | * @algo: hash algorithm expect to use. |
79 | */ | 80 | */ |
80 | typedef struct hwcrypto_hash_msg { | 81 | typedef struct hwcrypto_hash_msg { |
81 | uint32_t in_addr; | 82 | uint32_t in_addr; |
82 | uint32_t in_len; | 83 | uint32_t in_len; |
83 | uint32_t out_addr; | 84 | uint32_t out_addr; |
84 | uint32_t out_len; | 85 | uint32_t out_len; |
85 | enum hwcrypto_hash_algo algo; | 86 | enum hwcrypto_hash_algo algo; |
86 | } hwcrypto_hash_msg; | 87 | } hwcrypto_hash_msg; |
87 | 88 | ||
88 | /** | 89 | /** |
89 | * @plain_pa: physical start address of the plain blob buf. | 90 | * @plain_pa: physical start address of the plain blob buf. |
90 | * @plain_size: size of the plain blob. | 91 | * @plain_size: size of the plain blob. |
91 | * @blob: physical start addrss of the output buf. | 92 | * @blob: physical start addrss of the output buf. |
92 | */ | 93 | */ |
93 | typedef struct hwcrypto_blob_msg { | 94 | typedef struct hwcrypto_blob_msg { |
94 | uint32_t plain_pa; | 95 | uint32_t plain_pa; |
95 | uint32_t plain_size; | 96 | uint32_t plain_size; |
96 | uint32_t blob_pa; | 97 | uint32_t blob_pa; |
97 | }hwcrypto_blob_msg; | 98 | }hwcrypto_blob_msg; |
98 | 99 | ||
100 | /** | ||
101 | * @buf: physical start address of the output rng buf. | ||
102 | * @len: size of required rng. | ||
103 | */ | ||
104 | typedef struct hwcrypto_rng_msg { | ||
105 | uint32_t buf; | ||
106 | uint32_t len; | ||
107 | }hwcrypto_rng_msg; | ||
99 | #endif /* TRUSTY_INTERFACE_HWCRYPTO_H_ */ | 108 | #endif /* TRUSTY_INTERFACE_HWCRYPTO_H_ */ |
100 | 109 |
include/trusty/hwcrypto.h
1 | /* | 1 | /* |
2 | * Copyright (C) 2016 The Android Open Source Project | 2 | * Copyright (C) 2016 The Android Open Source Project |
3 | * Copyright NXP 2018 | 3 | * Copyright NXP 2018 |
4 | * | 4 | * |
5 | * Permission is hereby granted, free of charge, to any person | 5 | * Permission is hereby granted, free of charge, to any person |
6 | * obtaining a copy of this software and associated documentation | 6 | * obtaining a copy of this software and associated documentation |
7 | * files (the "Software"), to deal in the Software without | 7 | * files (the "Software"), to deal in the Software without |
8 | * restriction, including without limitation the rights to use, copy, | 8 | * restriction, including without limitation the rights to use, copy, |
9 | * modify, merge, publish, distribute, sublicense, and/or sell copies | 9 | * modify, merge, publish, distribute, sublicense, and/or sell copies |
10 | * of the Software, and to permit persons to whom the Software is | 10 | * of the Software, and to permit persons to whom the Software is |
11 | * furnished to do so, subject to the following conditions: | 11 | * furnished to do so, subject to the following conditions: |
12 | * | 12 | * |
13 | * The above copyright notice and this permission notice shall be | 13 | * The above copyright notice and this permission notice shall be |
14 | * included in all copies or substantial portions of the Software. | 14 | * included in all copies or substantial portions of the Software. |
15 | * | 15 | * |
16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | 17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | 18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS | 19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
20 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN | 20 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
21 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | 21 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | 22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
23 | * SOFTWARE. | 23 | * SOFTWARE. |
24 | * | 24 | * |
25 | */ | 25 | */ |
26 | 26 | ||
27 | #ifndef TRUSTY_HWCRYPTO_H_ | 27 | #ifndef TRUSTY_HWCRYPTO_H_ |
28 | #define TRUSTY_HWCRYPTO_H_ | 28 | #define TRUSTY_HWCRYPTO_H_ |
29 | 29 | ||
30 | #include <trusty/sysdeps.h> | 30 | #include <trusty/sysdeps.h> |
31 | #include <trusty/trusty_ipc.h> | 31 | #include <trusty/trusty_ipc.h> |
32 | #include <interface/hwcrypto/hwcrypto.h> | 32 | #include <interface/hwcrypto/hwcrypto.h> |
33 | 33 | ||
34 | /* | 34 | /* |
35 | * Initialize HWCRYPTO TIPC client. Returns one of trusty_err. | 35 | * Initialize HWCRYPTO TIPC client. Returns one of trusty_err. |
36 | * | 36 | * |
37 | * @dev: initialized with trusty_ipc_dev_create | 37 | * @dev: initialized with trusty_ipc_dev_create |
38 | */ | 38 | */ |
39 | int hwcrypto_tipc_init(struct trusty_ipc_dev *dev); | 39 | int hwcrypto_tipc_init(struct trusty_ipc_dev *dev); |
40 | /* | 40 | /* |
41 | * Shutdown HWCRYPTO TIPC client. | 41 | * Shutdown HWCRYPTO TIPC client. |
42 | * | 42 | * |
43 | * @dev: initialized with trusty_ipc_dev_create | 43 | * @dev: initialized with trusty_ipc_dev_create |
44 | */ | 44 | */ |
45 | void hwcrypto_tipc_shutdown(struct trusty_ipc_dev *dev); | 45 | void hwcrypto_tipc_shutdown(struct trusty_ipc_dev *dev); |
46 | /* | 46 | /* |
47 | * Send request to secure side to calculate sha256 hash with caam. | 47 | * Send request to secure side to calculate sha256 hash with caam. |
48 | * Returns one of trusty_err. | 48 | * Returns one of trusty_err. |
49 | * | 49 | * |
50 | * @in_addr: start address of the input buf | 50 | * @in_addr: start address of the input buf |
51 | * @in_len: size of the input buf | 51 | * @in_len: size of the input buf |
52 | * @out_addr: start address of the output buf | 52 | * @out_addr: start address of the output buf |
53 | * @out_len: size of the output buf | 53 | * @out_len: size of the output buf |
54 | * @algo: hash algorithm type expect to use | 54 | * @algo: hash algorithm type expect to use |
55 | */ | 55 | */ |
56 | int hwcrypto_hash(uint32_t in_addr, uint32_t in_len, uint32_t out_addr, | 56 | int hwcrypto_hash(uint32_t in_addr, uint32_t in_len, uint32_t out_addr, |
57 | uint32_t out_len, enum hwcrypto_hash_algo algo); | 57 | uint32_t out_len, enum hwcrypto_hash_algo algo); |
58 | 58 | ||
59 | /* | 59 | /* |
60 | * Send request to secure side to generate blob with caam. | 60 | * Send request to secure side to generate blob with caam. |
61 | * Returns one of trusty_err. | 61 | * Returns one of trusty_err. |
62 | * | 62 | * |
63 | * @plain_pa: physical start address of the plain blob buffer. | 63 | * @plain_pa: physical start address of the plain blob buffer. |
64 | * @plain_size: size of the plain blob buffer. | 64 | * @plain_size: size of the plain blob buffer. |
65 | * @blob_pa: physical start address of the generated blob buffer. | 65 | * @blob_pa: physical start address of the generated blob buffer. |
66 | */ | 66 | */ |
67 | int hwcrypto_gen_blob(uint32_t plain_pa, | 67 | int hwcrypto_gen_blob(uint32_t plain_pa, |
68 | uint32_t plain_size, uint32_t blob_pa); | 68 | uint32_t plain_size, uint32_t blob_pa); |
69 | |||
70 | /* Send request to secure side to generate rng with caam. | ||
71 | * Returns one of trusty_err. | ||
72 | * | ||
73 | * @buf: physical start address of the output rng buf. | ||
74 | * @len: size of required rng. | ||
75 | * */ | ||
76 | int hwcrypto_gen_rng(uint32_t buf, uint32_t len); | ||
69 | #endif /* TRUSTY_HWCRYPTO_H_ */ | 77 | #endif /* TRUSTY_HWCRYPTO_H_ */ |
70 | 78 |
lib/trusty/ql-tipc/hwcrypto.c
1 | /* | 1 | /* |
2 | * Copyright (C) 2016 The Android Open Source Project | 2 | * Copyright (C) 2016 The Android Open Source Project |
3 | * Copyright NXP 2018 | 3 | * Copyright NXP 2018 |
4 | * | 4 | * |
5 | * Permission is hereby granted, free of charge, to any person | 5 | * Permission is hereby granted, free of charge, to any person |
6 | * obtaining a copy of this software and associated documentation | 6 | * obtaining a copy of this software and associated documentation |
7 | * files (the "Software"), to deal in the Software without | 7 | * files (the "Software"), to deal in the Software without |
8 | * restriction, including without limitation the rights to use, copy, | 8 | * restriction, including without limitation the rights to use, copy, |
9 | * modify, merge, publish, distribute, sublicense, and/or sell copies | 9 | * modify, merge, publish, distribute, sublicense, and/or sell copies |
10 | * of the Software, and to permit persons to whom the Software is | 10 | * of the Software, and to permit persons to whom the Software is |
11 | * furnished to do so, subject to the following conditions: | 11 | * furnished to do so, subject to the following conditions: |
12 | * | 12 | * |
13 | * The above copyright notice and this permission notice shall be | 13 | * The above copyright notice and this permission notice shall be |
14 | * included in all copies or substantial portions of the Software. | 14 | * included in all copies or substantial portions of the Software. |
15 | * | 15 | * |
16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | 17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | 18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS | 19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
20 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN | 20 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
21 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | 21 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | 22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
23 | * SOFTWARE. | 23 | * SOFTWARE. |
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include <trusty/hwcrypto.h> | 26 | #include <trusty/hwcrypto.h> |
27 | #include <trusty/rpmb.h> | 27 | #include <trusty/rpmb.h> |
28 | #include <trusty/trusty_ipc.h> | 28 | #include <trusty/trusty_ipc.h> |
29 | #include <trusty/util.h> | 29 | #include <trusty/util.h> |
30 | #include "common.h" | 30 | #include "common.h" |
31 | 31 | ||
32 | #define LOCAL_LOG 0 | 32 | #define LOCAL_LOG 0 |
33 | #define CAAM_KB_HEADER_LEN 48 | 33 | #define CAAM_KB_HEADER_LEN 48 |
34 | 34 | ||
35 | static bool initialized; | 35 | static bool initialized; |
36 | static struct trusty_ipc_chan hwcrypto_chan; | 36 | static struct trusty_ipc_chan hwcrypto_chan; |
37 | 37 | ||
38 | static int hwcrypto_send_request(struct hwcrypto_message *msg, void *req, size_t req_len) | 38 | static int hwcrypto_send_request(struct hwcrypto_message *msg, void *req, size_t req_len) |
39 | { | 39 | { |
40 | struct trusty_ipc_iovec req_iovs[2] = { | 40 | struct trusty_ipc_iovec req_iovs[2] = { |
41 | { .base = msg, .len = sizeof(*msg) }, | 41 | { .base = msg, .len = sizeof(*msg) }, |
42 | { .base = req, .len = req_len }, | 42 | { .base = req, .len = req_len }, |
43 | }; | 43 | }; |
44 | 44 | ||
45 | return trusty_ipc_send(&hwcrypto_chan, req_iovs, req ? 2 : 1, true); | 45 | return trusty_ipc_send(&hwcrypto_chan, req_iovs, req ? 2 : 1, true); |
46 | } | 46 | } |
47 | 47 | ||
48 | static int hwcrypto_read_response(struct hwcrypto_message *msg, uint32_t cmd, void *resp, | 48 | static int hwcrypto_read_response(struct hwcrypto_message *msg, uint32_t cmd, void *resp, |
49 | size_t resp_len) | 49 | size_t resp_len) |
50 | { | 50 | { |
51 | int rc; | 51 | int rc; |
52 | struct trusty_ipc_iovec resp_iovs[2] = { | 52 | struct trusty_ipc_iovec resp_iovs[2] = { |
53 | { .base = msg, .len = sizeof(*msg) }, | 53 | { .base = msg, .len = sizeof(*msg) }, |
54 | { .base = resp, .len = resp_len }, | 54 | { .base = resp, .len = resp_len }, |
55 | }; | 55 | }; |
56 | 56 | ||
57 | rc = trusty_ipc_recv(&hwcrypto_chan, resp_iovs, resp ? 2 : 1, true); | 57 | rc = trusty_ipc_recv(&hwcrypto_chan, resp_iovs, resp ? 2 : 1, true); |
58 | if (rc < 0) { | 58 | if (rc < 0) { |
59 | trusty_error("failed (%d) to recv response\n", rc); | 59 | trusty_error("failed (%d) to recv response\n", rc); |
60 | return rc; | 60 | return rc; |
61 | } | 61 | } |
62 | if (msg->cmd != (cmd | HWCRYPTO_RESP_BIT)) { | 62 | if (msg->cmd != (cmd | HWCRYPTO_RESP_BIT)) { |
63 | trusty_error("malformed response\n"); | 63 | trusty_error("malformed response\n"); |
64 | return TRUSTY_ERR_GENERIC; | 64 | return TRUSTY_ERR_GENERIC; |
65 | } | 65 | } |
66 | /* return payload size */ | 66 | /* return payload size */ |
67 | return rc - sizeof(*msg); | 67 | return rc - sizeof(*msg); |
68 | } | 68 | } |
69 | 69 | ||
70 | /* | 70 | /* |
71 | * Convenience function to send a request to the hwcrypto service and read the | 71 | * Convenience function to send a request to the hwcrypto service and read the |
72 | * response. | 72 | * response. |
73 | * | 73 | * |
74 | * @cmd: the command | 74 | * @cmd: the command |
75 | * @req: the request buffer | 75 | * @req: the request buffer |
76 | * @req_size: size of the request buffer | 76 | * @req_size: size of the request buffer |
77 | * @resp: the response buffer | 77 | * @resp: the response buffer |
78 | * @resp_size_p: pointer to the size of the response buffer. changed to the | 78 | * @resp_size_p: pointer to the size of the response buffer. changed to the |
79 | actual size of the response read from the secure side | 79 | actual size of the response read from the secure side |
80 | * @handle_rpmb: true if the request is expected to invoke RPMB callbacks | 80 | * @handle_rpmb: true if the request is expected to invoke RPMB callbacks |
81 | */ | 81 | */ |
82 | static int hwcrypto_do_tipc(uint32_t cmd, void *req, uint32_t req_size, void *resp, | 82 | static int hwcrypto_do_tipc(uint32_t cmd, void *req, uint32_t req_size, void *resp, |
83 | uint32_t *resp_size_p, bool handle_rpmb) | 83 | uint32_t *resp_size_p, bool handle_rpmb) |
84 | { | 84 | { |
85 | int rc; | 85 | int rc; |
86 | struct hwcrypto_message msg = { .cmd = cmd }; | 86 | struct hwcrypto_message msg = { .cmd = cmd }; |
87 | 87 | ||
88 | if (!initialized) { | 88 | if (!initialized) { |
89 | trusty_error("%s: HWCRYPTO TIPC client not initialized\n", __func__); | 89 | trusty_error("%s: HWCRYPTO TIPC client not initialized\n", __func__); |
90 | return TRUSTY_ERR_GENERIC; | 90 | return TRUSTY_ERR_GENERIC; |
91 | } | 91 | } |
92 | 92 | ||
93 | rc = hwcrypto_send_request(&msg, req, req_size); | 93 | rc = hwcrypto_send_request(&msg, req, req_size); |
94 | if (rc < 0) { | 94 | if (rc < 0) { |
95 | trusty_error("%s: failed (%d) to send hwcrypto request\n", __func__, rc); | 95 | trusty_error("%s: failed (%d) to send hwcrypto request\n", __func__, rc); |
96 | return rc; | 96 | return rc; |
97 | } | 97 | } |
98 | 98 | ||
99 | if (handle_rpmb) { | 99 | if (handle_rpmb) { |
100 | /* handle any incoming RPMB requests */ | 100 | /* handle any incoming RPMB requests */ |
101 | rc = rpmb_storage_proxy_poll(); | 101 | rc = rpmb_storage_proxy_poll(); |
102 | if (rc < 0) { | 102 | if (rc < 0) { |
103 | trusty_error("%s: failed (%d) to get RPMB requests\n", __func__, | 103 | trusty_error("%s: failed (%d) to get RPMB requests\n", __func__, |
104 | rc); | 104 | rc); |
105 | return rc; | 105 | return rc; |
106 | } | 106 | } |
107 | } | 107 | } |
108 | 108 | ||
109 | uint32_t resp_size = resp_size_p ? *resp_size_p : 0; | 109 | uint32_t resp_size = resp_size_p ? *resp_size_p : 0; |
110 | rc = hwcrypto_read_response(&msg, cmd, resp, resp_size); | 110 | rc = hwcrypto_read_response(&msg, cmd, resp, resp_size); |
111 | if (rc < 0) { | 111 | if (rc < 0) { |
112 | trusty_error("%s: failed (%d) to read HWCRYPTO response\n", __func__, rc); | 112 | trusty_error("%s: failed (%d) to read HWCRYPTO response\n", __func__, rc); |
113 | return rc; | 113 | return rc; |
114 | } | 114 | } |
115 | /* change response size to actual response size */ | 115 | /* change response size to actual response size */ |
116 | if (resp_size_p && rc != *resp_size_p) { | 116 | if (resp_size_p && rc != *resp_size_p) { |
117 | *resp_size_p = rc; | 117 | *resp_size_p = rc; |
118 | } | 118 | } |
119 | if (msg.result != HWCRYPTO_ERROR_NONE) { | 119 | if (msg.result != HWCRYPTO_ERROR_NONE) { |
120 | trusty_error("%s: HWCRYPTO service returned error (%d)\n", __func__, | 120 | trusty_error("%s: HWCRYPTO service returned error (%d)\n", __func__, |
121 | msg.result); | 121 | msg.result); |
122 | return TRUSTY_ERR_GENERIC; | 122 | return TRUSTY_ERR_GENERIC; |
123 | } | 123 | } |
124 | return TRUSTY_ERR_NONE; | 124 | return TRUSTY_ERR_NONE; |
125 | } | 125 | } |
126 | 126 | ||
127 | int hwcrypto_tipc_init(struct trusty_ipc_dev *dev) | 127 | int hwcrypto_tipc_init(struct trusty_ipc_dev *dev) |
128 | { | 128 | { |
129 | int rc; | 129 | int rc; |
130 | 130 | ||
131 | trusty_assert(dev); | 131 | trusty_assert(dev); |
132 | trusty_assert(!initialized); | 132 | trusty_assert(!initialized); |
133 | 133 | ||
134 | trusty_ipc_chan_init(&hwcrypto_chan, dev); | 134 | trusty_ipc_chan_init(&hwcrypto_chan, dev); |
135 | trusty_debug("Connecting to hwcrypto service\n"); | 135 | trusty_debug("Connecting to hwcrypto service\n"); |
136 | 136 | ||
137 | /* connect to hwcrypto service and wait for connect to complete */ | 137 | /* connect to hwcrypto service and wait for connect to complete */ |
138 | rc = trusty_ipc_connect(&hwcrypto_chan, HWCRYPTO_PORT, true); | 138 | rc = trusty_ipc_connect(&hwcrypto_chan, HWCRYPTO_PORT, true); |
139 | if (rc < 0) { | 139 | if (rc < 0) { |
140 | trusty_error("failed (%d) to connect to '%s'\n", rc, HWCRYPTO_PORT); | 140 | trusty_error("failed (%d) to connect to '%s'\n", rc, HWCRYPTO_PORT); |
141 | return rc; | 141 | return rc; |
142 | } | 142 | } |
143 | 143 | ||
144 | /* mark as initialized */ | 144 | /* mark as initialized */ |
145 | initialized = true; | 145 | initialized = true; |
146 | 146 | ||
147 | return TRUSTY_ERR_NONE; | 147 | return TRUSTY_ERR_NONE; |
148 | } | 148 | } |
149 | 149 | ||
150 | void hwcrypto_tipc_shutdown(struct trusty_ipc_dev *dev) | 150 | void hwcrypto_tipc_shutdown(struct trusty_ipc_dev *dev) |
151 | { | 151 | { |
152 | if (!initialized) | 152 | if (!initialized) |
153 | return; /* nothing to do */ | 153 | return; /* nothing to do */ |
154 | 154 | ||
155 | /* close channel */ | 155 | /* close channel */ |
156 | trusty_ipc_close(&hwcrypto_chan); | 156 | trusty_ipc_close(&hwcrypto_chan); |
157 | 157 | ||
158 | initialized = false; | 158 | initialized = false; |
159 | } | 159 | } |
160 | 160 | ||
161 | int hwcrypto_hash(uint32_t in_addr, uint32_t in_len, uint32_t out_addr, | 161 | int hwcrypto_hash(uint32_t in_addr, uint32_t in_len, uint32_t out_addr, |
162 | uint32_t out_len, enum hwcrypto_hash_algo algo) | 162 | uint32_t out_len, enum hwcrypto_hash_algo algo) |
163 | { | 163 | { |
164 | hwcrypto_hash_msg req; | 164 | hwcrypto_hash_msg req; |
165 | unsigned long start, end; | 165 | unsigned long start, end; |
166 | 166 | ||
167 | /* check the address */ | 167 | /* check the address */ |
168 | if (in_addr == 0 || out_addr == 0) | 168 | if (in_addr == 0 || out_addr == 0) |
169 | return TRUSTY_ERR_INVALID_ARGS; | 169 | return TRUSTY_ERR_INVALID_ARGS; |
170 | /* fill the request buffer */ | 170 | /* fill the request buffer */ |
171 | req.in_addr = in_addr; | 171 | req.in_addr = in_addr; |
172 | req.out_addr = out_addr; | 172 | req.out_addr = out_addr; |
173 | req.in_len = in_len; | 173 | req.in_len = in_len; |
174 | req.out_len = out_len; | 174 | req.out_len = out_len; |
175 | req.algo = algo; | 175 | req.algo = algo; |
176 | 176 | ||
177 | /* flush dcache for input buffer */ | 177 | /* flush dcache for input buffer */ |
178 | start = (unsigned long)in_addr & ~(ARCH_DMA_MINALIGN - 1); | 178 | start = (unsigned long)in_addr & ~(ARCH_DMA_MINALIGN - 1); |
179 | end = ALIGN((unsigned long)in_addr + in_len, ARCH_DMA_MINALIGN); | 179 | end = ALIGN((unsigned long)in_addr + in_len, ARCH_DMA_MINALIGN); |
180 | flush_dcache_range(start, end); | 180 | flush_dcache_range(start, end); |
181 | 181 | ||
182 | /* invalidate dcache for output buffer */ | 182 | /* invalidate dcache for output buffer */ |
183 | start = (unsigned long)out_addr & ~(ARCH_DMA_MINALIGN - 1); | 183 | start = (unsigned long)out_addr & ~(ARCH_DMA_MINALIGN - 1); |
184 | end = ALIGN((unsigned long)out_addr + out_len, ARCH_DMA_MINALIGN); | 184 | end = ALIGN((unsigned long)out_addr + out_len, ARCH_DMA_MINALIGN); |
185 | invalidate_dcache_range(start, end); | 185 | invalidate_dcache_range(start, end); |
186 | 186 | ||
187 | int rc = hwcrypto_do_tipc(HWCRYPTO_HASH, (void*)&req, | 187 | int rc = hwcrypto_do_tipc(HWCRYPTO_HASH, (void*)&req, |
188 | sizeof(req), NULL, 0, false); | 188 | sizeof(req), NULL, 0, false); |
189 | return rc; | 189 | return rc; |
190 | } | 190 | } |
191 | 191 | ||
192 | int hwcrypto_gen_blob(uint32_t plain_pa, | 192 | int hwcrypto_gen_blob(uint32_t plain_pa, |
193 | uint32_t plain_size, uint32_t blob_pa) | 193 | uint32_t plain_size, uint32_t blob_pa) |
194 | { | 194 | { |
195 | hwcrypto_blob_msg req; | 195 | hwcrypto_blob_msg req; |
196 | unsigned long start, end; | 196 | unsigned long start, end; |
197 | 197 | ||
198 | /* check the address */ | 198 | /* check the address */ |
199 | if (plain_pa == 0 || blob_pa == 0) | 199 | if (plain_pa == 0 || blob_pa == 0) |
200 | return TRUSTY_ERR_INVALID_ARGS; | 200 | return TRUSTY_ERR_INVALID_ARGS; |
201 | /* fill the request buffer */ | 201 | /* fill the request buffer */ |
202 | req.plain_pa = plain_pa; | 202 | req.plain_pa = plain_pa; |
203 | req.plain_size = plain_size; | 203 | req.plain_size = plain_size; |
204 | req.blob_pa = blob_pa; | 204 | req.blob_pa = blob_pa; |
205 | 205 | ||
206 | /* flush dcache for input buffer */ | 206 | /* flush dcache for input buffer */ |
207 | start = (unsigned long)plain_pa & ~(ARCH_DMA_MINALIGN - 1); | 207 | start = (unsigned long)plain_pa & ~(ARCH_DMA_MINALIGN - 1); |
208 | end = ALIGN((unsigned long)plain_pa + plain_size, ARCH_DMA_MINALIGN); | 208 | end = ALIGN((unsigned long)plain_pa + plain_size, ARCH_DMA_MINALIGN); |
209 | flush_dcache_range(start, end); | 209 | flush_dcache_range(start, end); |
210 | 210 | ||
211 | /* invalidate dcache for output buffer */ | 211 | /* invalidate dcache for output buffer */ |
212 | start = (unsigned long)blob_pa & ~(ARCH_DMA_MINALIGN - 1); | 212 | start = (unsigned long)blob_pa & ~(ARCH_DMA_MINALIGN - 1); |
213 | end = ALIGN((unsigned long)blob_pa + plain_size + | 213 | end = ALIGN((unsigned long)blob_pa + plain_size + |
214 | CAAM_KB_HEADER_LEN, ARCH_DMA_MINALIGN); | 214 | CAAM_KB_HEADER_LEN, ARCH_DMA_MINALIGN); |
215 | invalidate_dcache_range(start, end); | 215 | invalidate_dcache_range(start, end); |
216 | 216 | ||
217 | int rc = hwcrypto_do_tipc(HWCRYPTO_ENCAP_BLOB, (void*)&req, | 217 | int rc = hwcrypto_do_tipc(HWCRYPTO_ENCAP_BLOB, (void*)&req, |
218 | sizeof(req), NULL, 0, false); | 218 | sizeof(req), NULL, 0, false); |
219 | return rc; | 219 | return rc; |
220 | } | 220 | } |
221 | |||
222 | int hwcrypto_gen_rng(uint32_t buf, uint32_t len) | ||
223 | { | ||
224 | hwcrypto_rng_msg req; | ||
225 | unsigned long start, end; | ||
226 | |||
227 | /* check the address */ | ||
228 | if (buf == 0) | ||
229 | return TRUSTY_ERR_INVALID_ARGS; | ||
230 | /* fill the request buffer */ | ||
231 | req.buf = buf; | ||
232 | req.len = len; | ||
233 | |||
234 | /* invalidate dcache for output buffer */ | ||
235 | start = (unsigned long)buf & ~(ARCH_DMA_MINALIGN - 1); | ||
236 | end = ALIGN((unsigned long)buf + len, ARCH_DMA_MINALIGN); | ||
237 | invalidate_dcache_range(start, end); | ||
238 | |||
239 | int rc = hwcrypto_do_tipc(HWCRYPTO_GEN_RNG, (void*)&req, | ||
240 | sizeof(req), NULL, 0, false); | ||
241 | return rc; | ||
242 | } | ||
221 | 243 |