[ARM/tegra]AES:SW WAR for reading updated IV for X9.31

Implemented SW WAR for getting Updated IV for X9.31 using
following steps:
1. Perform CBC encryption on zero data to get
   A=CBC(encrypt, plaintext=zeroes)
2. Perform ECB decryption on A. This will result in Updated IV.
   UpdatedIV = ECB(decrypt, A)

In the current implementation X9.31 operations are disabled with
key slots where reads of Updated IV have been disabled.
This restriction has been removed now.

Bug 672022

Change-Id: I756d8500e00b9572648eec5803a5a04e25a7b70d
Reviewed-on: http://git-master/r/4129
Tested-by: Mallikarjun Kasoju <mkasoju@nvidia.com>
Reviewed-by: Hanumanth Venkateswa Moganty <vmoganty@nvidia.com>
Reviewed-by: Gary King <gking@nvidia.com>

5 files changed, 31 insertions, 87 deletions

diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes.c b/arch/arm/mach-tegra/nvddk/nvddk_aes.c
index 2091c42c10f2..9e7008c0e464 100644
--- a/arch/arm/mach-tegra/nvddk/nvddk_aes.c
+++ b/arch/arm/mach-tegra/nvddk/nvddk_aes.c
@@ -203,7 +203,6 @@ void NvDdkAesResume(void)
     pAesHwCtxt = &gs_pAesCoreEngine->AesHwCtxt;
     NvOsMemset(Iv, 0, sizeof(Iv));
 
-    // Get the dedicated slot
     for (Engine = AesHwEngine_A; Engine < AesHwEngine_Num; Engine++)
     {
         NVDDK_AES_CHECK_INTERFACE(pAesHwCtxt, Engine);
@@ -1865,10 +1864,6 @@ NvError AesCoreInitEngine(const NvRmDeviceHandle hRmDevice)
             pAesHwCtxt,
             Engine,
             pAesHwCtxt->ppEngineCaps[Engine]->NumSlotsSupported);
-
-        // Get the Iv read permissions
-        NVDDK_AES_CHECK_INTERFACE_FUNC(pAesHwCtxt, Engine, AesHwGetIvReadPermissions);
-        pAesHwCtxt->ppEngineCaps[Engine]->pAesInterf->AesHwGetIvReadPermissions(Engine, pAesHwCtxt);
     }
 
     // Release the H/W semaphore
diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c
index b2edb6f19b5d..ad94855b149e 100644
--- a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c
+++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c
@@ -534,24 +534,6 @@ NvAesCoreAp20LoadSskToSecureScratchAndLock(
     NvRmPhysicalMemUnmap(pPmicBaseAddr, Size);
 }
 
-void
-NvAesCoreAp20GetIvReadPermissions(
-    const AesHwEngine Engine,
-    const NvU32 *const pEngineVirAddr,
-    NvBool *const pReadPermissions)
-{
-    AesHwKeySlot KeySlot;
-    NvU32 RegValue = 0;
-
-    NV_ASSERT(pReadPermissions);
-
-    for (KeySlot = AesHwKeySlot_0; KeySlot < AesHwKeySlot_NumExt; KeySlot++)
-    {
-        SECURE_INDEXED_REGR(Engine, pEngineVirAddr, KeySlot, RegValue);
-        SECURE_DRF_READ_VAL(Engine, SECURE_SEC_SEL0, IVREAD_ENB0, RegValue, pReadPermissions[KeySlot]);
-    }
-}
-
 void NvAesCoreAp20KeyReadDisable(
     const AesHwEngine Engine,
     const AesHwKeySlot Slot,
diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h
index 1f7188c256f1..728a3e276165 100644
--- a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h
+++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h
@@ -206,21 +206,6 @@ NvAesCoreAp20LoadSskToSecureScratchAndLock(
     const size_t Size);
 
 /**
- * Get the read permissions for IV for each key slot of an engine.
- *
- * @param Engine AES Engine for which Iv permissions for an engine are sought.
- * @param pEngineVirAddr AES engine virtual address.
- * @param pReadPermissions Pointer to read permissions.
- *
- * @retval None.
- */
-void
-NvAesCoreAp20GetIvReadPermissions(
-    const AesHwEngine Engine,
-    const NvU32 *const pEngineVirAddr,
-    NvBool *const pReadPermissions);
-
-/**
  * Disables read access to the given key slot
  *
  * @param Engine AES engine for which read access needs to be disabled
diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c b/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c
index 1c3d5fa44092..0eeab861f3ad 100644
--- a/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c
+++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c
@@ -90,7 +90,6 @@ Ap20AesHwLoadSskToSecureScratchAndLock(
     const AesHwKey *const pKey,
     const size_t Size);
 static void Ap20AesHwGetUsedSlots(AesCoreEngine *const pAesCoreEngine);
-static void Ap20AesHwGetIvReadPermissions(const AesHwEngine Engine, AesHwContext *const pAesHwCtxt);
 static void
 Ap20AesHwSetKeyAndIv(
     const AesHwEngine Engine,
@@ -173,9 +172,6 @@ Ap20AesHwSelectKeyIvSlot(
     // Wait till engine becomes IDLE
     NvAesCoreAp20WaitTillEngineIdle(Engine, pAesHwCtxt->pVirAdr[Engine]);
 
-    // Allow or disallow X9.31 operations
-    pAesHwCtxt->IsX931OpsDisallowed = !pAesHwCtxt->IvContext[Engine].IsIvReadable[Slot];
-
     // Select the KEY slot for updating the IV vectors
     NvAesCoreAp20SelectKeyIvSlot(Engine, pAesHwCtxt->pVirAdr[Engine], Slot);
 
@@ -465,13 +461,6 @@ Ap20AesHwStartEngine(
     switch (OpMode)
     {
         case NvDdkAesOperationalMode_AnsiX931:
-        {
-            // If Iv is not readable, don't allow operations to be performed.
-            // Since setting the Iv also uses this API, it should be enough to
-            // disallow operations here.
-            if (pAesHwCtxt->IsX931OpsDisallowed)
-                return NvError_InvalidState;
-        }
         case NvDdkAesOperationalMode_Cbc:
         case NvDdkAesOperationalMode_Ecb:
             break;
@@ -535,6 +524,37 @@ Ap20AesHwStartEngine(
             (pDest + DataSize - NvDdkAesConst_BlockLengthBytes),
              NvDdkAesConst_BlockLengthBytes);
     }
+    else if (DataSize && (OpMode == NvDdkAesOperationalMode_AnsiX931))
+    {
+        // For X931 operation, get the updated IV by following steps:
+        // 1. Perform CBC encryption on zero data to get A=CBC(encrypt, plaintext=zeroes)
+        // 2. Perform ECB decryption on A. This will result in Updated IV. UpdatedIV = ECB(decrypt, A)
+        NvOsMemset(pAesHwCtxt->pDmaVirAddr[Engine], 0, NvDdkAesKeySize_128Bit);
+        NvOsFlushWriteCombineBuffer();
+        NvAesCoreAp20ProcessBuffer(
+            Engine,
+            pAesHwCtxt->pVirAdr[Engine],
+            pAesHwCtxt->DmaPhyAddr[Engine],
+            pAesHwCtxt->DmaPhyAddr[Engine],
+            1,
+            NV_TRUE,
+            NvDdkAesOperationalMode_Cbc);
+        NvOsFlushWriteCombineBuffer();
+
+        NvAesCoreAp20ProcessBuffer(
+            Engine,
+            pAesHwCtxt->pVirAdr[Engine],
+            pAesHwCtxt->DmaPhyAddr[Engine],
+            pAesHwCtxt->DmaPhyAddr[Engine],
+            1,
+            NV_FALSE,
+            NvDdkAesOperationalMode_Ecb);
+        NvOsFlushWriteCombineBuffer();
+        NvOsMemcpy(&pAesHwCtxt->IvContext[Engine].CurIv[pAesHwCtxt->IvContext[Engine].CurKeySlot],
+            pAesHwCtxt->pDmaVirAddr[Engine],
+            NvDdkAesConst_BlockLengthBytes);
+    }
+
     NvOsMutexUnlock(pAesHwCtxt->Mutex[Engine]);
 
     return NvSuccess;
@@ -615,29 +635,6 @@ NvBool Ap20AesHwIsEngineDisabled(const AesHwContext *const pAesHwCtxt, const Aes
 }
 
 /**
- * Get the read permissions for IV for each key slot of an engine.
- *
- * @param Engine AES Engine for which Iv permissions for an engine are sought.
- * @param pAesHwCtxt Pointer to the AES H/W context.
- *
- * @retval None.
- *
- */
-void Ap20AesHwGetIvReadPermissions(const AesHwEngine Engine, AesHwContext *const pAesHwCtxt)
-{
-    NV_ASSERT(pAesHwCtxt);
-
-    NvOsMutexLock(pAesHwCtxt->Mutex[Engine]);
-
-    NvAesCoreAp20GetIvReadPermissions(
-        Engine,
-        pAesHwCtxt->pVirAdr[Engine],
-        &pAesHwCtxt->IvContext[Engine].IsIvReadable[0]);
-
-    NvOsMutexUnlock(pAesHwCtxt->Mutex[Engine]);
-}
-
-/**
  * Disables read access to all key slots for the given engine.
  *
  * @param pAesHwCtxt Pointer to the AES H/W context
@@ -682,6 +679,5 @@ void NvAesIntfAp20GetHwInterface(AesHwInterface *const pAp20AesHw)
     pAp20AesHw->AesHwLoadSskToSecureScratchAndLock = Ap20AesHwLoadSskToSecureScratchAndLock;
     pAp20AesHw->AesHwGetUsedSlots = Ap20AesHwGetUsedSlots;
     pAp20AesHw->AesHwIsEngineDisabled = Ap20AesHwIsEngineDisabled;
-    pAp20AesHw->AesHwGetIvReadPermissions = Ap20AesHwGetIvReadPermissions;
     pAp20AesHw->AesHwDisableAllKeyRead = Ap20AesHwDisableAllKeyRead;
 }
diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h b/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h
index 3dcc80966dc9..a1fc9a540481 100644
--- a/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h
+++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h
@@ -84,8 +84,6 @@ typedef struct AesIvContextRec
 {
     // Updated/current Iv for each key slot
     NvU32 CurIv[AesHwKeySlot_NumExt][AES_HW_IV_LENGTH];
-    // Iv read permissions for each key slot
-    NvBool IsIvReadable[AesHwKeySlot_NumExt];
     // The current key slot in use
     AesHwKeySlot CurKeySlot;
 } AesIvContext;
@@ -157,8 +155,6 @@ typedef struct AesHwContextRec
     NvU32 CommandQueueData[AesHwEngine_Num][AES_HW_MAX_ICQ_LENGTH];
     // Iv Context for each AES engine
     AesIvContext IvContext[AesHwEngine_Num];
-    // Indicates whether X9.31 operations are allowed or not
-    NvBool IsX931OpsDisallowed;
 } AesHwContext;
 
 // AES Core Engine record
@@ -391,16 +387,6 @@ struct AesHwInterfaceRec
     NvBool (*AesHwIsEngineDisabled)(const AesHwContext *const pAesHwCtxt, const AesHwEngine Engine);
 
     /**
-     * Get the read permissions for IV for each key slot of an engine.
-     *
-     * @param Engine AES Engine for which Iv permissions for an engine are sought.
-     * @param pAesHwCtxt Pointer to the AES H/W context.
-     *
-     * @retval None.
-     */
-    void (*AesHwGetIvReadPermissions)(const AesHwEngine Engine, AesHwContext *const pAesHwCtxt);
-
-    /**
      * Disables read access to all key slots for the given engine.
      *
      * @param pAesHwCtxt Pointer to the AES H/W context