diff options
Diffstat (limited to 'drivers/mxc/security/rng')
21 files changed, 11243 insertions, 0 deletions
diff --git a/drivers/mxc/security/rng/Makefile b/drivers/mxc/security/rng/Makefile new file mode 100644 index 000000000000..7d3332e2e675 --- /dev/null +++ b/drivers/mxc/security/rng/Makefile @@ -0,0 +1,35 @@ +# Makefile for the Linux RNG Driver +# +# This makefile works within a kernel driver tree + + # Makefile for rng_driver + + +# Possible configurable paramters +CFG_RNG += -DRNGA_MAX_REQUEST_SIZE=32 + +#DBG_RNGA = -DRNGA_DEBUG +#DBG_RNGA += -DRNGA_REGISTER_DEBUG +#DBG_RNGA += -DRNGA_ENTROPY_DEBUG + +EXTRA_CFLAGS = -DLINUX_KERNEL $(CFG_RNG) $(DBG_RNG) + + +ifeq ($(CONFIG_MXC_RNG_TEST_DRIVER),y) +EXTRA_CFLAGS += -DRNG_REGISTER_PEEK_POKE +endif +ifeq ($(CONFIG_RNG_DEBUG),y) +EXTRA_CFLAGS += -DDEBUG +endif + + +EXTRA_CFLAGS += -Idrivers/mxc/security/rng/include -Idrivers/mxc/security/sahara2/include + +obj-$(CONFIG_MXC_SECURITY_RNG) += shw.o +#shw-objs := shw_driver.o shw_memory_mapper.o ../sahara2/fsl_shw_keystore.o +shw-objs := shw_driver.o shw_memory_mapper.o ../sahara2/fsl_shw_keystore.o \ + fsl_shw_sym.o fsl_shw_wrap.o shw_dryice.o des_key.o \ + shw_hash.o shw_hmac.o + +obj-$(CONFIG_MXC_SECURITY_RNG) += rng.o +rng-objs := rng_driver.o diff --git a/drivers/mxc/security/rng/des_key.c b/drivers/mxc/security/rng/des_key.c new file mode 100644 index 000000000000..14ac2b3cdd5e --- /dev/null +++ b/drivers/mxc/security/rng/des_key.c @@ -0,0 +1,385 @@ +/* + * Copyright (C) 2009-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + + +/*! + * @file des_key.c + * + * This file implements the function #fsl_shw_permute1_bytes(). + * + * The code was lifted from crypto++ v5.5.2, which is public domain code. The + * code to handle words instead of bytes was extensively modified from the byte + * version and then converted to handle one to three keys at once. + * + */ + +#include "shw_driver.h" +#ifdef DIAG_SECURITY_FUNC +#include "apihelp.h" +#endif + +#ifndef __KERNEL__ +#include <asm/types.h> +#include <linux/byteorder/little_endian.h> /* or whichever is proper for target arch */ +#endif + +#ifdef DEBUG +#undef DEBUG /* TEMPORARY */ +#endif + +#if defined(DEBUG) || defined(SELF_TEST) +static void DUMP_BYTES(const char *label, const uint8_t * data, int len) +{ + int i; + + printf("%s: ", label); + for (i = 0; i < len; i++) { + printf("%02X", data[i]); + if ((i % 8 == 0) && (i != 0)) { + printf("_"); /* key separator */ + } + } + printf("\n"); +} + +static void DUMP_WORDS(const char *label, const uint32_t * data, int len) +{ + int i, j; + + printf("%s: ", label); + /* Dump the words in reverse order, so that they are intelligible */ + for (i = len - 1; i >= 0; i--) { + for (j = 3; j >= 0; j--) { + uint32_t word = data[i]; + printf("%02X", (word >> ((j * 8)) & 0xff)); + if ((i != 0) && ((((i) * 4 + 5 + j) % 7) == 5)) + printf("_"); /* key separator */ + } + printf("|"); /* word separator */ + } + printf("\n"); +} +#else +#define DUMP_BYTES(label, data,len) +#define DUMP_WORDS(label, data,len) +#endif + +/*! + * permuted choice table (key) + * + * Note that this table has had one subtracted from each element so that the + * code doesn't have to do it. + */ +static const uint8_t pc1[] = { + 56, 48, 40, 32, 24, 16, 8, + 0, 57, 49, 41, 33, 25, 17, + 9, 1, 58, 50, 42, 34, 26, + 18, 10, 2, 59, 51, 43, 35, + 62, 54, 46, 38, 30, 22, 14, + 6, 61, 53, 45, 37, 29, 21, + 13, 5, 60, 52, 44, 36, 28, + 20, 12, 4, 27, 19, 11, 3, +}; + +/*! bit 0 is left-most in byte */ +static const int bytebit[] = { + 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 +}; + +/*! + * Convert a 3-key 3DES key into the first-permutation 168-bit version. + * + * This is the format of the input key: + * + * @verbatim + BIT: |191 128|127 64|63 0| + BYTE: | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | + KEY: | 0 | 1 | 2 | + @endverbatim + * + * This is the format of the output key: + * + * @verbatim + BIT: |167 112|111 56|55 0| + BYTE: | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | + KEY: | 1 | 2 | 3 | + @endverbatim + * + * @param[in] key bytes of 3DES key + * @param[out] permuted_key 21 bytes of permuted key + * @param[in] key_count How many DES keys (2 or 3) + */ +void fsl_shw_permute1_bytes(const uint8_t * key, uint8_t * permuted_key, + int key_count) +{ + int i; + int j; + int l; + int m; + + DUMP_BYTES("Input key", key, 8 * key_count); + + /* For each individual sub-key */ + for (i = 0; i < 3; i++) { + DUMP_BYTES("(key)", key, 8); + memset(permuted_key, 0, 7); + /* For each bit of key */ + for (j = 0; j < 56; j++) { /* convert pc1 to bits of key */ + l = pc1[j]; /* integer bit location */ + m = l & 07; /* find bit */ + permuted_key[j >> 3] |= (((key[l >> 3] & /* find which key byte l is in */ + bytebit[m]) /* and which bit of that byte */ + ? 0x80 : 0) >> (j % 8)); /* and store 1-bit result */ + } + switch (i) { + case 0: + if (key_count != 1) + key += 8; /* move on to second key */ + break; + case 1: + if (key_count == 2) + key -= 8; /* go back to first key */ + else if (key_count == 3) + key += 8; /* move on to third key */ + break; + default: + break; + } + permuted_key += 7; + } + DUMP_BYTES("Output key (bytes)", permuted_key - 21, 21); +} + +#ifdef SELF_TEST +const uint8_t key1_in[] = { + /* FE01FE01FE01FE01_01FE01FE01FE01FE_FEFE0101FEFE0101 */ + 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, + 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, + 0xFE, 0xFE, 0x01, 0x01, 0xFE, 0xFE, 0x01, 0x01 +}; + +const uint32_t key1_word_in[] = { + 0xFE01FE01, 0xFE01FE01, + 0x01FE01FE, 0x01FE01FE, + 0xFEFE0101, 0xFEFE0101 +}; + +uint8_t exp_key1_out[] = { + 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33 +}; + +uint32_t exp_word_key1_out[] = { + 0x33333333, 0xAA333333, 0xAAAAAAAA, 0x5555AAAA, + 0x55555555, 0x00000055, +}; + +const uint8_t key2_in[] = { + 0xEF, 0x10, 0xBB, 0xA4, 0x23, 0x49, 0x42, 0x58, + 0x01, 0x28, 0x01, 0x4A, 0x10, 0xE4, 0x03, 0x59, + 0xFE, 0x84, 0x30, 0x29, 0x8E, 0xF1, 0x10, 0x5A +}; + +const uint32_t key2_word_in[] = { + 0xEF10BBA4, 0x23494258, + 0x0128014A, 0x10E40359, + 0xFE843029, 0x8EF1105A +}; + +uint8_t exp_key2_out[] = { + 0x0D, 0xE1, 0x1D, 0x85, 0x50, 0x9A, 0x56, 0x20, + 0xA8, 0x22, 0x94, 0x82, 0x08, 0xA0, 0x33, 0xA1, + 0x2D, 0xE9, 0x11, 0x39, 0x95 +}; + +uint32_t exp_word_key2_out[] = { + 0xE9113995, 0xA033A12D, 0x22948208, 0x9A5620A8, + 0xE11D8550, 0x0000000D +}; + +const uint8_t key3_in[] = { + 0x3F, 0xE9, 0x49, 0x4B, 0x67, 0x57, 0x07, 0x3C, + 0x89, 0x77, 0x73, 0x0C, 0xA0, 0x05, 0x41, 0x69, + 0xB3, 0x7C, 0x98, 0xD8, 0xC9, 0x35, 0x57, 0x19 +}; + +const uint32_t key3_word_in[] = { + 0xEF10BBA4, 0x23494258, + 0x0128014A, 0x10E40359, + 0xFE843029, 0x8EF1105A +}; + +uint8_t exp_key3_out[] = { + 0x02, 0x3E, 0x93, 0xA7, 0x9F, 0x18, 0xF1, 0x11, + 0xC6, 0x96, 0x00, 0x62, 0xA8, 0x96, 0x02, 0x3E, + 0x93, 0xA7, 0x9F, 0x18, 0xF1 +}; + +uint32_t exp_word_key3_out[] = { + 0xE9113995, 0xA033A12D, 0x22948208, 0x9A5620A8, + 0xE11D8550, 0x0000000D +}; + +const uint8_t key4_in[] = { + 0x3F, 0xE9, 0x49, 0x4B, 0x67, 0x57, 0x07, 0x3C, + 0x89, 0x77, 0x73, 0x0C, 0xA0, 0x05, 0x41, 0x69, +}; + +const uint32_t key4_word_in[] = { + 0xEF10BBA4, 0x23494258, + 0x0128014A, 0x10E40359, + 0xFE843029, 0x8EF1105A +}; + +const uint8_t key5_in[] = { + 0x3F, 0xE9, 0x49, 0x4B, 0x67, 0x57, 0x07, 0x3C, + 0x89, 0x77, 0x73, 0x0C, 0xA0, 0x05, 0x41, 0x69, + 0x3F, 0xE9, 0x49, 0x4B, 0x67, 0x57, 0x07, 0x3C, +}; + +uint8_t exp_key4_out[] = { + 0x0D, 0xE1, 0x1D, 0x85, 0x50, 0x9A, 0x56, 0x20, + 0xA8, 0x22, 0x94, 0x82, 0x08, 0xA0, 0x33, 0xA1, + 0x2D, 0xE9, 0x11, 0x39, 0x95 +}; + +uint32_t exp_word_key4_out[] = { + 0xE9113995, 0xA033A12D, 0x22948208, 0x9A5620A8, + 0xE11D8550, 0x0000000D +}; + +const uint8_t key6_in[] = { + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 +}; + +uint8_t exp_key6_out[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +uint32_t exp_word_key6_out[] = { + 0x00000000, 0x0000000, 0x0000000, 0x00000000, + 0x00000000, 0x0000000 +}; + +const uint8_t key7_in[] = { + /* 01FE01FE01FE01FE_FE01FE01FE01FE01_0101FEFE0101FEFE */ + /* 0101FEFE0101FEFE_FE01FE01FE01FE01_01FE01FE01FE01FE */ + 0x01, 0x01, 0xFE, 0xFE, 0x01, 0x01, 0xFE, 0xFE, + 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, + 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, +}; + +uint8_t exp_key7_out[] = { + 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x55, + 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa +}; + +uint32_t exp_word_key7_out[] = { + 0xcccccccc, 0x55cccccc, 0x55555555, 0xaaaa5555, + 0xaaaaaaaa, 0x000000aa +}; + +int run_test(const uint8_t * key_in, + const int key_count, + const uint32_t * key_word_in, + const uint8_t * exp_bytes_key_out, + const uint32_t * exp_word_key_out) +{ + uint8_t key_out[22]; + uint32_t word_key_out[6]; + int failed = 0; + + memset(key_out, 0x42, 22); + fsl_shw_permute1_bytes(key_in, key_out, key_count); + if (memcmp(key_out, exp_bytes_key_out, 21) != 0) { + printf("bytes_to_bytes: ERROR: \n"); + DUMP_BYTES("key_in", key_in, 8 * key_count); + DUMP_BYTES("key_out", key_out, 21); + DUMP_BYTES("exp_out", exp_bytes_key_out, 21); + failed |= 1; + } else if (key_out[21] != 0x42) { + printf("bytes_to_bytes: ERROR: Buffer overflow 0x%02x\n", + (int)key_out[21]); + } else { + printf("bytes_to_bytes: OK\n"); + } +#if 0 + memset(word_key_out, 0x42, 21); + fsl_shw_permute1_bytes_to_words(key_in, word_key_out, key_count); + if (memcmp(word_key_out, exp_word_key_out, 21) != 0) { + printf("bytes_to_words: ERROR: \n"); + DUMP_BYTES("key_in", key_in, 8 * key_count); + DUMP_WORDS("key_out", word_key_out, 6); + DUMP_WORDS("exp_out", exp_word_key_out, 6); + failed |= 1; + } else { + printf("bytes_to_words: OK\n"); + } + + if (key_word_in != NULL) { + memset(word_key_out, 0x42, 21); + fsl_shw_permute1_words_to_words(key_word_in, word_key_out); + if (memcmp(word_key_out, exp_word_key_out, 21) != 0) { + printf("words_to_words: ERROR: \n"); + DUMP_BYTES("key_in", key_in, 24); + DUMP_WORDS("key_out", word_key_out, 6); + DUMP_WORDS("exp_out", exp_word_key_out, 6); + failed |= 1; + } else { + printf("words_to_words: OK\n"); + } + } +#endif + + return failed; +} /* end fn run_test */ + +int main() +{ + int failed = 0; + + printf("key1\n"); + failed |= + run_test(key1_in, 3, key1_word_in, exp_key1_out, exp_word_key1_out); + printf("\nkey2\n"); + failed |= + run_test(key2_in, 3, key2_word_in, exp_key2_out, exp_word_key2_out); + printf("\nkey3\n"); + failed |= run_test(key3_in, 3, NULL, exp_key3_out, exp_word_key3_out); + printf("\nkey4\n"); + failed |= run_test(key4_in, 2, NULL, exp_key4_out, exp_word_key4_out); + printf("\nkey5\n"); + failed |= run_test(key5_in, 3, NULL, exp_key4_out, exp_word_key4_out); + printf("\nkey6 - 3\n"); + failed |= run_test(key6_in, 3, NULL, exp_key6_out, exp_word_key6_out); + printf("\nkey6 - 2\n"); + failed |= run_test(key6_in, 2, NULL, exp_key6_out, exp_word_key6_out); + printf("\nkey6 - 1\n"); + failed |= run_test(key6_in, 1, NULL, exp_key6_out, exp_word_key6_out); + printf("\nkey7\n"); + failed |= run_test(key7_in, 3, NULL, exp_key7_out, exp_word_key7_out); + printf("\n"); + + if (failed != 0) { + printf("TEST FAILED\n"); + } + return failed; +} + +#endif /* SELF_TEST */ diff --git a/drivers/mxc/security/rng/fsl_shw_hash.c b/drivers/mxc/security/rng/fsl_shw_hash.c new file mode 100644 index 000000000000..56b2dcc34035 --- /dev/null +++ b/drivers/mxc/security/rng/fsl_shw_hash.c @@ -0,0 +1,84 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + + +/*! + * @file fsl_shw_hash.c + * + * This file implements Cryptographic Hashing functions of the FSL SHW API + * for Sahara. This does not include HMAC. + */ + +#include "shw_driver.h" + +/* REQ-S2LRD-PINTFC-API-BASIC-HASH-005 */ +/*! + * Hash a stream of data with a cryptographic hash algorithm. + * + * The flags in the @a hash_ctx control the operation of this function. + * + * Hashing functions work on 64 octets of message at a time. Therefore, when + * any partial hashing of a long message is performed, the message @a length of + * each segment must be a multiple of 64. When ready to + * #FSL_HASH_FLAGS_FINALIZE the hash, the @a length may be any value. + * + * With the #FSL_HASH_FLAGS_INIT and #FSL_HASH_FLAGS_FINALIZE flags on, a + * one-shot complete hash, including padding, will be performed. The @a length + * may be any value. + * + * The first octets of a data stream can be hashed by setting the + * #FSL_HASH_FLAGS_INIT and #FSL_HASH_FLAGS_SAVE flags. The @a length must be + * a multiple of 64. + * + * The flag #FSL_HASH_FLAGS_LOAD is used to load a context previously saved by + * #FSL_HASH_FLAGS_SAVE. The two in combination will allow a (multiple-of-64 + * octets) 'middle sequence' of the data stream to be hashed with the + * beginning. The @a length must again be a multiple of 64. + * + * Since the flag #FSL_HASH_FLAGS_LOAD is used to load a context previously + * saved by #FSL_HASH_FLAGS_SAVE, the #FSL_HASH_FLAGS_LOAD and + * #FSL_HASH_FLAGS_FINALIZE flags, used together, can be used to finish the + * stream. The @a length may be any value. + * + * If the user program wants to do the padding for the hash, it can leave off + * the #FSL_HASH_FLAGS_FINALIZE flag. The @a length must then be a multiple of + * 64 octets. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param[in,out] hash_ctx Hashing algorithm and state of the cipher. + * @param msg Pointer to the data to be hashed. + * @param length Length, in octets, of the @a msg. + * @param[out] result If not null, pointer to where to store the hash + * digest. + * @param result_len Number of octets to store in @a result. + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_hash(fsl_shw_uco_t * user_ctx, + fsl_shw_hco_t * hash_ctx, + const uint8_t * msg, + uint32_t length, + uint8_t * result, uint32_t result_len) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + + /* Unused */ + (void)user_ctx; + (void)hash_ctx; + (void)msg; + (void)length; + (void)result; + (void)result_len; + + return ret; +} diff --git a/drivers/mxc/security/rng/fsl_shw_hmac.c b/drivers/mxc/security/rng/fsl_shw_hmac.c new file mode 100644 index 000000000000..23a2fb3d3292 --- /dev/null +++ b/drivers/mxc/security/rng/fsl_shw_hmac.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + + +/*! + * @file fsl_shw_hmac.c + * + * This file implements Hashed Message Authentication Code functions of the FSL + * SHW API. + */ + +#include "shw_driver.h" + +/* REQ-S2LRD-PINTFC-API-BASIC-HMAC-001 */ +/*! + * Get the precompute information + * + * + * @param user_ctx + * @param key_info + * @param hmac_ctx + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_hmac_precompute(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_hmco_t * hmac_ctx) +{ + fsl_shw_return_t status = FSL_RETURN_ERROR_S; + + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)hmac_ctx; + + return status; +} + +/* REQ-S2LRD-PINTFC-API-BASIC-HMAC-002 */ +/*! + * Get the hmac + * + * + * @param user_ctx Info for acquiring memory + * @param key_info + * @param hmac_ctx + * @param msg + * @param length + * @param result + * @param result_len + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_hmac(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_hmco_t * hmac_ctx, + const uint8_t * msg, + uint32_t length, + uint8_t * result, uint32_t result_len) +{ + fsl_shw_return_t status = FSL_RETURN_ERROR_S; + + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)hmac_ctx; + (void)msg; + (void)length; + (void)result; + (void)result_len; + + return status; +} diff --git a/drivers/mxc/security/rng/fsl_shw_rand.c b/drivers/mxc/security/rng/fsl_shw_rand.c new file mode 100644 index 000000000000..7ba49d8d470f --- /dev/null +++ b/drivers/mxc/security/rng/fsl_shw_rand.c @@ -0,0 +1,122 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + + +/*! + * @file fsl_shw_rand.c + * + * This file implements Random Number Generation functions of the FSL SHW API + * in USER MODE for talking to a standalone RNGA/RNGC device driver. + * + * It contains the fsl_shw_get_random() and fsl_shw_add_entropy() functions. + * + * These routines will build a request block and pass it to the SHW driver. + */ + +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/fcntl.h> +#include <sys/ioctl.h> +#include <signal.h> + +#ifdef FSL_DEBUG +#include <stdio.h> +#include <errno.h> +#include <string.h> +#endif /* FSL_DEBUG */ + +#include "shw_driver.h" + +extern fsl_shw_return_t validate_uco(fsl_shw_uco_t * uco); + +#if defined(FSL_HAVE_RNGA) || defined(FSL_HAVE_RNGB) || defined(FSL_HAVE_RNGC) + +/* REQ-S2LRD-PINTFC-API-BASIC-RNG-002 */ +fsl_shw_return_t fsl_shw_get_random(fsl_shw_uco_t * user_ctx, + uint32_t length, uint8_t * data) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + + /* perform a sanity check / update uco */ + ret = validate_uco(user_ctx); + if (ret == FSL_RETURN_OK_S) { + struct get_random_req *req = malloc(sizeof(*req)); + + if (req == NULL) { + ret = FSL_RETURN_NO_RESOURCE_S; + } else { + + init_req(&req->hdr, user_ctx); + req->size = length; + req->random = data; + + ret = + send_req(SHW_USER_REQ_GET_RANDOM, &req->hdr, + user_ctx); + } + } + + return ret; +} + +fsl_shw_return_t fsl_shw_add_entropy(fsl_shw_uco_t * user_ctx, + uint32_t length, uint8_t * data) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + + /* perform a sanity check on the uco */ + ret = validate_uco(user_ctx); + if (ret == FSL_RETURN_OK_S) { + struct add_entropy_req *req = malloc(sizeof(*req)); + + if (req == NULL) { + ret = FSL_RETURN_NO_RESOURCE_S; + } else { + init_req(&req->hdr, user_ctx); + req->size = length; + req->entropy = data; + + ret = + send_req(SHW_USER_REQ_ADD_ENTROPY, &req->hdr, + user_ctx); + } + } + + return ret; +} + +#else /* no H/W RNG block */ + +fsl_shw_return_t fsl_shw_get_random(fsl_shw_uco_t * user_ctx, + uint32_t length, uint8_t * data) +{ + + (void)user_ctx; + (void)length; + (void)data; + + return FSL_RETURN_ERROR_S; +} + +fsl_shw_return_t fsl_shw_add_entropy(fsl_shw_uco_t * user_ctx, + uint32_t length, uint8_t * data) +{ + + (void)user_ctx; + (void)length; + (void)data; + + return FSL_RETURN_ERROR_S; +} +#endif diff --git a/drivers/mxc/security/rng/fsl_shw_sym.c b/drivers/mxc/security/rng/fsl_shw_sym.c new file mode 100644 index 000000000000..bcd8a0efcced --- /dev/null +++ b/drivers/mxc/security/rng/fsl_shw_sym.c @@ -0,0 +1,317 @@ +/* + * Copyright (C) 2009-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + + +/*! + * @file fsl_shw_sym.c + * + * This file implements the Symmetric Cipher functions of the FSL SHW API. Its + * features are limited to what can be done with the combination of SCC and + * DryIce. + */ +#include "fsl_platform.h" +#include "shw_driver.h" + +#if defined(__KERNEL__) && defined(FSL_HAVE_DRYICE) + +#include "../dryice.h" +#include <linux/mxc_scc_driver.h> +#ifdef DIAG_SECURITY_FUNC +#include "apihelp.h" +#endif + +#include <diagnostic.h> + +#define SYM_DECRYPT 0 +#define SYM_ENCRYPT 1 + +extern fsl_shw_return_t shw_convert_pf_key(fsl_shw_pf_key_t shw_pf_key, + di_key_t * di_keyp); + +/*! 'Initial' IV for presence of FSL_SYM_CTX_LOAD flag */ +static uint8_t zeros[8] = { + 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/*! + * Common function for encryption and decryption + * + * This is for a device with DryIce. + * + * A key must either refer to a 'pure' HW key, or, if PRG or PRG_IIM, + * established, then that key will be programmed. Then, the HW_key in the + * object will be selected. After this setup, the ciphering will be performed + * by calling the SCC driver.. + * + * The function 'releases' the reservations before it completes. + */ +fsl_shw_return_t do_symmetric(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_scco_t * sym_ctx, + int encrypt, + uint32_t length, + const uint8_t * in, uint8_t * out) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + int key_selected = 0; + uint8_t *iv = NULL; + unsigned long count_out = length; + di_key_t di_key = DI_KEY_PK; /* default for user key */ + di_key_t di_key_orig; /* currently selected key */ + di_key_t selected_key = -1; + di_return_t di_code; + scc_return_t scc_code; + + /* For now, only blocking mode calls are supported */ + if (!(user_ctx->flags & FSL_UCO_BLOCKING_MODE)) { + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + + /* No software keys allowed */ + if (key_info->flags & FSL_SKO_KEY_SW_KEY) { + ret = FSL_RETURN_BAD_FLAG_S; + } + + /* The only algorithm the SCC supports */ + if (key_info->algorithm != FSL_KEY_ALG_TDES) { + ret = FSL_RETURN_BAD_ALGORITHM_S; + goto out; + } + + /* Validate key length */ + if ((key_info->key_length != 16) + && (key_info->key_length != 21) + && (key_info->key_length != 24)) { + ret = FSL_RETURN_BAD_KEY_LENGTH_S; + goto out; + } + + /* Validate data is multiple of DES/TDES block */ + if ((length & 7) != 0) { + ret = FSL_RETURN_BAD_DATA_LENGTH_S; + goto out; + } + + /* Do some setup according to where the key lives */ + if (key_info->flags & FSL_SKO_KEY_ESTABLISHED) { + if ((key_info->pf_key != FSL_SHW_PF_KEY_PRG) + && (key_info->pf_key != FSL_SHW_PF_KEY_IIM_PRG)) { + ret = FSL_RETURN_ERROR_S; + } + } else if (key_info->flags & FSL_SKO_KEY_PRESENT) { + ret = FSL_RETURN_BAD_FLAG_S; + } else if (key_info->flags & FSL_SKO_KEY_SELECT_PF_KEY) { + /* + * No key present or established, just refer to HW + * as programmed. + */ + } else { + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + + /* Now make proper selection */ + ret = shw_convert_pf_key(key_info->pf_key, &di_key); + if (ret != FSL_RETURN_OK_S) { + goto out; + } + + /* Determine the current DI key selection */ + di_code = dryice_check_key(&di_key_orig); + if (di_code != DI_SUCCESS) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Could not save current DI key state: %s\n", + di_error_string(di_code)); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + + /* If the requested DI key is already selected, don't re-select it. */ + if (di_key != di_key_orig) { + di_code = dryice_select_key(di_key, 0); + if (di_code != DI_SUCCESS) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Error from select_key: %s\n", + di_error_string(di_code)); +#endif + ret = FSL_RETURN_INTERNAL_ERROR_S; + goto out; + } + } + key_selected = 1; + + /* Verify that we are using the key we want */ + di_code = dryice_check_key(&selected_key); + if (di_code != DI_SUCCESS) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Error from check_key: %s\n", + di_error_string(di_code)); +#endif + ret = FSL_RETURN_INTERNAL_ERROR_S; + goto out; + } + + if (di_key != selected_key) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Wrong key in use: %d instead of %d\n\n", + selected_key, di_key); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + + if (sym_ctx->mode == FSL_SYM_MODE_CBC) { + if ((sym_ctx->flags & FSL_SYM_CTX_LOAD) + && !(sym_ctx->flags & FSL_SYM_CTX_INIT)) { + iv = sym_ctx->context; + } else if ((sym_ctx->flags & FSL_SYM_CTX_INIT) + && !(sym_ctx->flags & FSL_SYM_CTX_LOAD)) { + iv = zeros; + } else { + /* Exactly one must be set! */ + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + } + + /* Now run the data through the SCC */ + scc_code = scc_crypt(length, in, iv, + encrypt ? SCC_ENCRYPT : SCC_DECRYPT, + (sym_ctx->mode == FSL_SYM_MODE_ECB) + ? SCC_ECB_MODE : SCC_CBC_MODE, + SCC_VERIFY_MODE_NONE, out, &count_out); + if (scc_code != SCC_RET_OK) { + ret = FSL_RETURN_INTERNAL_ERROR_S; +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("scc_code from scc_crypt() is %d\n", scc_code); +#endif + goto out; + } + + if ((sym_ctx->mode == FSL_SYM_MODE_CBC) + && (sym_ctx->flags & FSL_SYM_CTX_SAVE)) { + /* Save the context for the caller */ + if (encrypt) { + /* Last ciphertext block ... */ + memcpy(sym_ctx->context, out + length - 8, 8); + } else { + /* Last ciphertext block ... */ + memcpy(sym_ctx->context, in + length - 8, 8); + } + } + + ret = FSL_RETURN_OK_S; + + out: + if (key_selected) { + (void)dryice_release_key_selection(); + } + + return ret; +} + +EXPORT_SYMBOL(fsl_shw_symmetric_encrypt); +/*! + * Compute symmetric encryption + * + * + * @param user_ctx + * @param key_info + * @param sym_ctx + * @param length + * @param pt + * @param ct + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_symmetric_encrypt(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_scco_t * sym_ctx, + uint32_t length, + const uint8_t * pt, uint8_t * ct) +{ + fsl_shw_return_t ret; + + ret = do_symmetric(user_ctx, key_info, sym_ctx, SYM_ENCRYPT, + length, pt, ct); + + return ret; +} + +EXPORT_SYMBOL(fsl_shw_symmetric_decrypt); +/*! + * Compute symmetric decryption + * + * + * @param user_ctx + * @param key_info + * @param sym_ctx + * @param length + * @param pt + * @param ct + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_symmetric_decrypt(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_scco_t * sym_ctx, + uint32_t length, + const uint8_t * ct, uint8_t * pt) +{ + fsl_shw_return_t ret; + + ret = do_symmetric(user_ctx, key_info, sym_ctx, SYM_DECRYPT, + length, ct, pt); + + return ret; +} + +#else /* __KERNEL__ && DRYICE */ + +fsl_shw_return_t fsl_shw_symmetric_encrypt(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_scco_t * sym_ctx, + uint32_t length, + const uint8_t * pt, uint8_t * ct) +{ + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)sym_ctx; + (void)length; + (void)pt; + (void)ct; + + return FSL_RETURN_ERROR_S; +} + +fsl_shw_return_t fsl_shw_symmetric_decrypt(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_scco_t * sym_ctx, + uint32_t length, + const uint8_t * ct, uint8_t * pt) +{ + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)sym_ctx; + (void)length; + (void)ct; + (void)pt; + + return FSL_RETURN_ERROR_S; +} + +#endif /* __KERNEL__ and DRYICE */ diff --git a/drivers/mxc/security/rng/fsl_shw_wrap.c b/drivers/mxc/security/rng/fsl_shw_wrap.c new file mode 100644 index 000000000000..c7d6947296af --- /dev/null +++ b/drivers/mxc/security/rng/fsl_shw_wrap.c @@ -0,0 +1,1301 @@ +/* + * Copyright (C) 2009-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + +/*! + * @file fsl_shw_wrap.c + * + * This file implements Key-Wrap (Black Key) and Key Establishment functions of + * the FSL SHW API for the SHW (non-SAHARA) driver. + * + * This is the Black Key information: + * + * <ul> + * <li> Ownerid is an 8-byte, user-supplied, value to keep KEY + * confidential.</li> + * <li> KEY is a 1-32 byte value which starts in SCC RED RAM before + * wrapping, and ends up there on unwrap. Length is limited because of + * size of SCC1 RAM.</li> + * <li> KEY' is the encrypted KEY</li> + * <li> LEN is a 1-byte (for now) byte-length of KEY</li> + * <li> ALG is a 1-byte value for the algorithm which which the key is + * associated. Values are defined by the FSL SHW API</li> + * <li> FLAGS is a 1-byte value contain information like "this key is for + * software" (TBD)</li> + * <li> Ownerid, LEN, and ALG come from the user's "key_info" object, as does + * the slot number where KEY already is/will be.</li> + * <li> T is a Nonce</li> + * <li> T' is the encrypted T</li> + * <li> KEK is a Key-Encryption Key for the user's Key</li> + * <li> ICV is the "Integrity Check Value" for the wrapped key</li> + * <li> Black Key is the string of bytes returned as the wrapped key</li> + * <li> Wrap Key is the user's choice for encrypting the nonce. One of + * the Fused Key, the Random Key, or the XOR of the two. + * </ul> +<table border="0"> +<tr><TD align="right">BLACK_KEY <TD width="3">=<TD>ICV | T' | LEN | ALG | + FLAGS | KEY'</td></tr> +<tr><td> </td></tr> + +<tr><th>To Wrap</th></tr> +<tr><TD align="right">T</td> <TD width="3">=</td> <TD>RND()<sub>16</sub> + </td></tr> +<tr><TD align="right">KEK</td><TD width="3">=</td><TD>HASH<sub>sha256</sub>(T | + Ownerid)<sub>16</sub></td></tr> +<tr><TD align="right">KEY'<TD width="3">=</td><TD> + TDES<sub>cbc-enc</sub>(Key=KEK, Data=KEY, IV=Ownerid)</td></tr> +<tr><TD align="right">ICV</td><TD width="3">=</td><td>HMAC<sub>sha256</sub> + (Key=T, Data=Ownerid | LEN | ALG | FLAGS | KEY')<sub>16</sub></td></tr> +<tr><TD align="right">T'</td><TD width="3">=</td><TD>TDES<sub>ecb-enc</sub> + (Key=Wrap_Key, IV=Ownerid, Data=T)</td></tr> + +<tr><td> </td></tr> + +<tr><th>To Unwrap</th></tr> +<tr><TD align="right">T</td><TD width="3">=</td><TD>TDES<sub>ecb-dec</sub> + (Key=Wrap_Key, IV=Ownerid, Data=T')</td></tr> +<tr><TD align="right">ICV</td><TD width="3">=</td><td>HMAC<sub>sha256</sub> + (Key=T, Data=Ownerid | LEN | ALG | FLAGS | KEY')<sub>16</sub></td></tr> +<tr><TD align="right">KEK</td><TD width="3">=</td><td>HASH<sub>sha256</sub> + (T | Ownerid)<sub>16</sub></td></tr> +<tr><TD align="right">KEY<TD width="3">=</td><TD>TDES<sub>cbc-dec</sub> + (Key=KEK, Data=KEY', IV=Ownerid)</td></tr> +</table> + + * This code supports two types of keys: Software Keys and keys destined for + * (or residing in) the DryIce Programmed Key Register. + * + * Software Keys go to / from the keystore. + * + * PK keys go to / from the DryIce Programmed Key Register. + * + * This code only works on a platform with DryIce. "software" keys go into + * the keystore. "Program" keys go to the DryIce Programmed Key Register. + * As far as this code is concerned, the size of that register is 21 bytes, + * the size of a 3DES key with parity stripped. + * + * The maximum key size supported for wrapped/unwrapped keys depends upon + * LENGTH_LENGTH. Currently, it is one byte, so the maximum key size is + * 255 bytes. However, key objects cannot currently hold a key of this + * length, so a smaller key size is the max. + */ + +#include "fsl_platform.h" + +/* This code only works in kernel mode */ + +#include "shw_driver.h" +#ifdef DIAG_SECURITY_FUNC +#include "apihelp.h" +#endif + +#if defined(__KERNEL__) && defined(FSL_HAVE_DRYICE) + +#include "../dryice.h" +#include <linux/mxc_scc_driver.h> + +#include "portable_os.h" +#include "fsl_shw_keystore.h" + +#include <diagnostic.h> + +#include "shw_hmac.h" +#include "shw_hash.h" + +#define ICV_LENGTH 16 +#define T_LENGTH 16 +#define KEK_LENGTH 21 +#define LENGTH_LENGTH 1 +#define ALGORITHM_LENGTH 1 +#define FLAGS_LENGTH 1 + +/* ICV | T' | LEN | ALG | FLAGS | KEY' */ +#define ICV_OFFSET 0 +#define T_PRIME_OFFSET (ICV_OFFSET + ICV_LENGTH) +#define LENGTH_OFFSET (T_PRIME_OFFSET + T_LENGTH) +#define ALGORITHM_OFFSET (LENGTH_OFFSET + LENGTH_LENGTH) +#define FLAGS_OFFSET (ALGORITHM_OFFSET + ALGORITHM_LENGTH) +#define KEY_PRIME_OFFSET (FLAGS_OFFSET + FLAGS_LENGTH) + +#define FLAGS_SW_KEY 0x01 + +#define LENGTH_PATCH 8 +#define LENGTH_PATCH_MASK (LENGTH_PATCH - 1) + +/*! rounded up from 168 bits to the next word size */ +#define HW_KEY_LEN_WORDS_BITS 192 + +/*! + * Round a key length up to the TDES block size + * + * @param len Length of key, in bytes + * + * @return Length rounded up, if necessary + */ +#define ROUND_LENGTH(len) \ +({ \ + uint32_t orig_len = len; \ + uint32_t new_len; \ + \ + if ((orig_len & LENGTH_PATCH_MASK) != 0) { \ + new_len = (orig_len + LENGTH_PATCH \ + - (orig_len & LENGTH_PATCH_MASK)); \ + } \ + else { \ + new_len = orig_len; \ + } \ + \ + new_len; \ +}) + +/* This is the system keystore object */ +extern fsl_shw_kso_t system_keystore; + +#ifdef DIAG_SECURITY_FUNC +static void dump(const char *name, const uint8_t * data, unsigned int len) +{ + os_printk("%s: ", name); + while (len > 0) { + os_printk("%02x ", (unsigned)*data++); + len--; + } + os_printk("\n"); +} +#endif + +/* + * For testing of the algorithm implementation,, the DO_REPEATABLE_WRAP flag + * causes the T_block to go into the T field during a wrap operation. This + * will make the black key value repeatable (for a given SCC secret key, or + * always if the default key is in use). + * + * Normally, a random sequence is used. + */ +#ifdef DO_REPEATABLE_WRAP +/*! + * Block of zeroes which is maximum Symmetric block size, used for + * initializing context register, etc. + */ +static uint8_t T_block[16] = { + 0x42, 0, 0, 0x42, 0x42, 0, 0, 0x42, + 0x42, 0, 0, 0x42, 0x42, 0, 0, 0x42 +}; +#endif + +EXPORT_SYMBOL(fsl_shw_establish_key); +EXPORT_SYMBOL(fsl_shw_read_key); +EXPORT_SYMBOL(fsl_shw_extract_key); +EXPORT_SYMBOL(fsl_shw_release_key); + +extern fsl_shw_return_t alloc_slot(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info); + +extern fsl_shw_return_t load_slot(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + const uint8_t * key); + +extern fsl_shw_return_t dealloc_slot(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info); + +/*! + * Initalialize SKO and SCCO used for T <==> T' cipher operation + * + * @param wrap_key Which wrapping key user wants + * @param key_info Key object for selecting wrap key + * @param wrap_ctx Sym Context object for doing the cipher op + */ +static inline void init_wrap_key(fsl_shw_pf_key_t wrap_key, + fsl_shw_sko_t * key_info, + fsl_shw_scco_t * wrap_ctx) +{ + fsl_shw_sko_init_pf_key(key_info, FSL_KEY_ALG_TDES, wrap_key); + fsl_shw_scco_init(wrap_ctx, FSL_KEY_ALG_TDES, FSL_SYM_MODE_ECB); +} + +/*! + * Insert descriptors to calculate ICV = HMAC(key=T, data=LEN|ALG|KEY') + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param T Location of nonce (length is T_LENGTH bytes) + * @param userid Location of userid/ownerid + * @param userid_len Length, in bytes of @c userid + * @param black_key Beginning of Black Key region + * @param key_length Number of bytes of key' there are in @c black_key + * @param[out] hmac Location to store ICV. Will be tagged "USES" so + * sf routines will not try to free it. + * + * @return A return code of type #fsl_shw_return_t. + */ +static fsl_shw_return_t calc_icv(const uint8_t * T, + const uint8_t * userid, + unsigned int userid_len, + const uint8_t * black_key, + uint32_t key_length, uint8_t * hmac) +{ + fsl_shw_return_t code; + shw_hmac_state_t hmac_state; + + /* Load up T as key for the HMAC */ + code = shw_hmac_init(&hmac_state, T, T_LENGTH); + if (code != FSL_RETURN_OK_S) { + goto out; + } + + /* Previous step loaded key; Now set up to hash the data */ + + /* Input - start with ownerid */ + code = shw_hmac_update(&hmac_state, userid, userid_len); + if (code != FSL_RETURN_OK_S) { + goto out; + } + + /* Still input - Append black-key fields len, alg, key' */ + code = shw_hmac_update(&hmac_state, + (void *)black_key + LENGTH_OFFSET, + (LENGTH_LENGTH + + ALGORITHM_LENGTH + + FLAGS_LENGTH + key_length)); + if (code != FSL_RETURN_OK_S) { + goto out; + } + + /* Output - computed ICV/HMAC */ + code = shw_hmac_final(&hmac_state, hmac, ICV_LENGTH); + if (code != FSL_RETURN_OK_S) { + goto out; + } + + out: + + return code; +} /* calc_icv */ + +/*! + * Compute and return the KEK (Key Encryption Key) from the inputs + * + * @param userid The user's 'secret' for the key + * @param userid_len Length, in bytes of @c userid + * @param T The nonce + * @param[out] kek Location to store the computed KEK. It will + * be 21 bytes long. + * + * @return the usual error code + */ +static fsl_shw_return_t calc_kek(const uint8_t * userid, + unsigned int userid_len, + const uint8_t * T, uint8_t * kek) +{ + fsl_shw_return_t code = FSL_RETURN_INTERNAL_ERROR_S; + shw_hash_state_t hash_state; + + code = shw_hash_init(&hash_state, FSL_HASH_ALG_SHA256); + if (code != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Hash init failed: %s\n", fsl_error_string(code)); +#endif + goto out; + } + + code = shw_hash_update(&hash_state, T, T_LENGTH); + if (code != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Hash for T failed: %s\n", + fsl_error_string(code)); +#endif + goto out; + } + + code = shw_hash_update(&hash_state, userid, userid_len); + if (code != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Hash for userid failed: %s\n", + fsl_error_string(code)); +#endif + goto out; + } + + code = shw_hash_final(&hash_state, kek, KEK_LENGTH); + if (code != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Could not extract kek: %s\n", + fsl_error_string(code)); +#endif + goto out; + } + +#if KEK_LENGTH != 21 + { + uint8_t permuted_kek[21]; + + fsl_shw_permute1_bytes(kek, permuted_kek, KEK_LENGTH / 8); + memcpy(kek, permuted_kek, 21); + memset(permuted_kek, 0, sizeof(permuted_kek)); + } +#endif + +#ifdef DIAG_SECURITY_FUNC + dump("kek", kek, 21); +#endif + + out: + + return code; +} /* end fn calc_kek */ + +/*! + * Validate user's wrap key selection + * + * @param wrap_key The user's desired wrapping key + */ +static fsl_shw_return_t check_wrap_key(fsl_shw_pf_key_t wrap_key) +{ + /* unable to use desired key */ + fsl_shw_return_t ret = FSL_RETURN_NO_RESOURCE_S; + + if ((wrap_key != FSL_SHW_PF_KEY_IIM) && + (wrap_key != FSL_SHW_PF_KEY_RND) && + (wrap_key != FSL_SHW_PF_KEY_IIM_RND)) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Invalid wrap_key in key wrap/unwrap attempt"); +#endif + goto out; + } + ret = FSL_RETURN_OK_S; + + out: + return ret; +} /* end fn check_wrap_key */ + +/*! + * Perform unwrapping of a black key into a RED slot + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param[in,out] key_info The information about the key to be which will + * be unwrapped... key length, slot info, etc. + * @param black_key Encrypted key + * + * @return A return code of type #fsl_shw_return_t. + */ +static fsl_shw_return_t unwrap(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + const uint8_t * black_key) +{ + fsl_shw_return_t ret; + uint8_t hmac[ICV_LENGTH]; + uint8_t T[T_LENGTH]; + uint8_t kek[KEK_LENGTH + 20]; + int key_length = black_key[LENGTH_OFFSET]; + int rounded_key_length = ROUND_LENGTH(key_length); + uint8_t key[rounded_key_length]; + fsl_shw_sko_t t_key_info; + fsl_shw_scco_t t_key_ctx; + fsl_shw_sko_t kek_key_info; + fsl_shw_scco_t kek_ctx; + int unwrapping_sw_key = key_info->flags & FSL_SKO_KEY_SW_KEY; + int pk_needs_restoration = 0; /* bool */ + unsigned original_key_length = key_info->key_length; + int pk_was_held = 0; + uint8_t current_pk[21]; + di_return_t di_code; + + ret = check_wrap_key(user_ctx->wrap_key); + if (ret != FSL_RETURN_OK_S) { + goto out; + } + + if (black_key == NULL) { + ret = FSL_RETURN_ERROR_S; + goto out; + } +#ifdef DIAG_SECURITY_FUNC + dump("black", black_key, KEY_PRIME_OFFSET + key_length); +#endif + /* Validate SW flags to prevent misuse */ + if ((key_info->flags & FSL_SKO_KEY_SW_KEY) + && !(black_key[FLAGS_OFFSET] & FLAGS_SW_KEY)) { + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + + /* Compute T = 3des-dec-ecb(wrap_key, T') */ + init_wrap_key(user_ctx->wrap_key, &t_key_info, &t_key_ctx); + ret = fsl_shw_symmetric_decrypt(user_ctx, &t_key_info, &t_key_ctx, + T_LENGTH, + black_key + T_PRIME_OFFSET, T); + if (ret != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Recovery of nonce (T) failed"); +#endif /*DIAG_SECURITY_FUNC */ + goto out; + } + + /* Compute ICV = HMAC(T, ownerid | len | alg | flags | key' */ + ret = calc_icv(T, (uint8_t *) & key_info->userid, + sizeof(key_info->userid), + black_key, original_key_length, hmac); + + if (ret != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Calculation of ICV failed"); +#endif /*DIAG_SECURITY_FUNC */ + goto out; + } +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Validating MAC of wrapped key"); +#endif + + /* Check computed ICV against value in Black Key */ + if (memcmp(black_key + ICV_OFFSET, hmac, ICV_LENGTH) != 0) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Computed ICV fails validation\n"); +#endif + ret = FSL_RETURN_AUTH_FAILED_S; + goto out; + } + + /* Compute KEK = SHA256(T | ownerid). */ + ret = calc_kek((uint8_t *) & key_info->userid, sizeof(key_info->userid), + T, kek); + if (ret != FSL_RETURN_OK_S) { + goto out; + } + + if (unwrapping_sw_key) { + di_code = dryice_get_programmed_key(current_pk, 8 * 21); + if (di_code != DI_SUCCESS) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Could not save current PK: %s\n", + di_error_string(di_code)); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + } + + /* + * "Establish" the KEK in the PK. If the PK was held and unwrapping a + * software key, then release it and try again, but remember that we need + * to leave it 'held' if we are unwrapping a software key. + * + * If the PK is held while we are unwrapping a key for the PK, then + * the user didn't call release, so gets an error. + */ + di_code = dryice_set_programmed_key(kek, 8 * 21, 0); + if ((di_code == DI_ERR_INUSE) && unwrapping_sw_key) { + /* Temporarily reprogram the PK out from under the user */ + pk_was_held = 1; + dryice_release_programmed_key(); + di_code = dryice_set_programmed_key(kek, 8 * 21, 0); + } + if (di_code != DI_SUCCESS) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Could not program KEK: %s\n", + di_error_string(di_code)); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + + if (unwrapping_sw_key) { + pk_needs_restoration = 1; + } + dryice_release_programmed_key(); /* Because of previous 'set' */ + + /* Compute KEY = TDES-decrypt(KEK, KEY') */ + fsl_shw_sko_init_pf_key(&kek_key_info, FSL_KEY_ALG_TDES, + FSL_SHW_PF_KEY_PRG); + fsl_shw_sko_set_key_length(&kek_key_info, KEK_LENGTH); + + fsl_shw_scco_init(&kek_ctx, FSL_KEY_ALG_TDES, FSL_SYM_MODE_CBC); + fsl_shw_scco_set_flags(&kek_ctx, FSL_SYM_CTX_LOAD); + fsl_shw_scco_set_context(&kek_ctx, (uint8_t *) & key_info->userid); +#ifdef DIAG_SECURITY_FUNC + dump("KEY'", black_key + KEY_PRIME_OFFSET, rounded_key_length); +#endif + ret = fsl_shw_symmetric_decrypt(user_ctx, &kek_key_info, &kek_ctx, + rounded_key_length, + black_key + KEY_PRIME_OFFSET, key); + if (ret != FSL_RETURN_OK_S) { + goto out; + } +#ifdef DIAG_SECURITY_FUNC + dump("KEY", key, original_key_length); +#endif + /* Now either put key into PK or into a slot */ + if (key_info->flags & FSL_SKO_KEY_SW_KEY) { + ret = load_slot(user_ctx, key_info, key); + } else { + /* + * Since we have just unwrapped a program key, it had + * to have been wrapped as a program key, so it must + * be 168 bytes long and permuted ... + */ + ret = dryice_set_programmed_key(key, 8 * key_length, 0); + if (ret != FSL_RETURN_OK_S) { + goto out; + } + } + + out: + key_info->key_length = original_key_length; + + if (pk_needs_restoration) { + di_code = dryice_set_programmed_key(current_pk, 8 * 21, 0); + } + + if (!pk_was_held) { + dryice_release_programmed_key(); + } + + /* Erase tracks of confidential data */ + memset(T, 0, T_LENGTH); + memset(key, 0, rounded_key_length); + memset(current_pk, 0, sizeof(current_pk)); + memset(&t_key_info, 0, sizeof(t_key_info)); + memset(&t_key_ctx, 0, sizeof(t_key_ctx)); + memset(&kek_key_info, 0, sizeof(kek_key_info)); + memset(&kek_ctx, 0, sizeof(kek_ctx)); + memset(kek, 0, KEK_LENGTH); + + return ret; +} /* unwrap */ + +/*! + * Perform wrapping of a black key from a RED slot (or the PK register) + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param[in,out] key_info The information about the key to be which will + * be wrapped... key length, slot info, etc. + * @param black_key Place to store encrypted key + * + * @return A return code of type #fsl_shw_return_t. + */ +static fsl_shw_return_t wrap(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, uint8_t * black_key) +{ + fsl_shw_return_t ret = FSL_RETURN_OK_S; + fsl_shw_sko_t t_key_info; /* for holding T */ + fsl_shw_scco_t t_key_ctx; + fsl_shw_sko_t kek_key_info; + fsl_shw_scco_t kek_ctx; + unsigned original_key_length = key_info->key_length; + unsigned rounded_key_length; + uint8_t T[T_LENGTH]; + uint8_t kek[KEK_LENGTH + 20]; + uint8_t *red_key = 0; + int red_key_malloced = 0; /* bool */ + int pk_was_held = 0; /* bool */ + uint8_t saved_pk[21]; + uint8_t pk_needs_restoration; /* bool */ + di_return_t di_code; + + ret = check_wrap_key(user_ctx->wrap_key); + if (ret != FSL_RETURN_OK_S) { + goto out; + } + + if (black_key == NULL) { + ret = FSL_RETURN_ERROR_S; + goto out; + } + + if (key_info->flags & FSL_SKO_KEY_SELECT_PF_KEY) { + if ((key_info->pf_key != FSL_SHW_PF_KEY_PRG) + && (key_info->pf_key != FSL_SHW_PF_KEY_IIM_PRG)) { + ret = FSL_RETURN_ERROR_S; + goto out; + } + } else { + if (!(key_info->flags & FSL_SKO_KEY_ESTABLISHED)) { + ret = FSL_RETURN_BAD_FLAG_S; /* not established! */ + goto out; + } + } + + black_key[ALGORITHM_OFFSET] = key_info->algorithm; + +#ifndef DO_REPEATABLE_WRAP + /* Compute T = RND() */ + ret = fsl_shw_get_random(user_ctx, T_LENGTH, T); + if (ret != FSL_RETURN_OK_S) { + goto out; + } +#else + memcpy(T, T_block, T_LENGTH); +#endif + + /* Compute KEK = SHA256(T | ownerid). */ + ret = calc_kek((uint8_t *) & key_info->userid, sizeof(key_info->userid), + T, kek); + if (ret != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Calculation of KEK failed\n"); +#endif /*DIAG_SECURITY_FUNC */ + goto out; + } + + rounded_key_length = ROUND_LENGTH(original_key_length); + + di_code = dryice_get_programmed_key(saved_pk, 8 * 21); + if (di_code != DI_SUCCESS) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Could not save current PK: %s\n", + di_error_string(di_code)); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + + /* + * Load KEK into DI PKR. Note that we are NOT permuting it before loading, + * so we are using it as though it is a 168-bit key ready for the SCC. + */ + di_code = dryice_set_programmed_key(kek, 8 * 21, 0); + if (di_code == DI_ERR_INUSE) { + /* Temporarily reprogram the PK out from under the user */ + pk_was_held = 1; + dryice_release_programmed_key(); + di_code = dryice_set_programmed_key(kek, 8 * 21, 0); + } + if (di_code != DI_SUCCESS) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("Could not program KEK: %s\n", + di_error_string(di_code)); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + pk_needs_restoration = 1; + dryice_release_programmed_key(); + + /* Find red key */ + if (key_info->flags & FSL_SKO_KEY_SELECT_PF_KEY) { + black_key[LENGTH_OFFSET] = 21; + rounded_key_length = 24; + + red_key = saved_pk; + } else { + black_key[LENGTH_OFFSET] = key_info->key_length; + + red_key = os_alloc_memory(key_info->key_length, 0); + if (red_key == NULL) { + ret = FSL_RETURN_NO_RESOURCE_S; + goto out; + } + red_key_malloced = 1; + + ret = fsl_shw_read_key(user_ctx, key_info, red_key); + if (ret != FSL_RETURN_OK_S) { + goto out; + } + } + +#ifdef DIAG_SECURITY_FUNC + dump("KEY", red_key, black_key[LENGTH_OFFSET]); +#endif + /* Compute KEY' = TDES-encrypt(KEK, KEY) */ + fsl_shw_sko_init_pf_key(&kek_key_info, FSL_KEY_ALG_TDES, + FSL_SHW_PF_KEY_PRG); + fsl_shw_sko_set_key_length(&kek_key_info, KEK_LENGTH); + + fsl_shw_scco_init(&kek_ctx, FSL_KEY_ALG_TDES, FSL_SYM_MODE_CBC); + fsl_shw_scco_set_flags(&kek_ctx, FSL_SYM_CTX_LOAD); + fsl_shw_scco_set_context(&kek_ctx, (uint8_t *) & key_info->userid); + ret = fsl_shw_symmetric_encrypt(user_ctx, &kek_key_info, &kek_ctx, + rounded_key_length, + red_key, black_key + KEY_PRIME_OFFSET); + if (ret != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Encryption of KEY failed\n"); +#endif /*DIAG_SECURITY_FUNC */ + goto out; + } + + /* Set up flags info */ + black_key[FLAGS_OFFSET] = 0; + if (key_info->flags & FSL_SKO_KEY_SW_KEY) { + black_key[FLAGS_OFFSET] |= FLAGS_SW_KEY; + } +#ifdef DIAG_SECURITY_FUNC + dump("KEY'", black_key + KEY_PRIME_OFFSET, rounded_key_length); +#endif + /* Compute and store ICV into Black Key */ + ret = calc_icv(T, + (uint8_t *) & key_info->userid, + sizeof(key_info->userid), + black_key, original_key_length, black_key + ICV_OFFSET); + if (ret != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Calculation of ICV failed\n"); +#endif /*DIAG_SECURITY_FUNC */ + goto out; + } + + /* Compute T' = 3des-enc-ecb(wrap_key, T); Result goes to Black Key */ + init_wrap_key(user_ctx->wrap_key, &t_key_info, &t_key_ctx); + ret = fsl_shw_symmetric_encrypt(user_ctx, &t_key_info, &t_key_ctx, + T_LENGTH, + T, black_key + T_PRIME_OFFSET); + if (ret != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Encryption of nonce failed"); +#endif + goto out; + } +#ifdef DIAG_SECURITY_FUNC + dump("black", black_key, KEY_PRIME_OFFSET + black_key[LENGTH_OFFSET]); +#endif + + out: + if (pk_needs_restoration) { + dryice_set_programmed_key(saved_pk, 8 * 21, 0); + } + + if (!pk_was_held) { + dryice_release_programmed_key(); + } + + if (red_key_malloced) { + memset(red_key, 0, key_info->key_length); + os_free_memory(red_key); + } + + key_info->key_length = original_key_length; + + /* Erase tracks of confidential data */ + memset(T, 0, T_LENGTH); + memset(&t_key_info, 0, sizeof(t_key_info)); + memset(&t_key_ctx, 0, sizeof(t_key_ctx)); + memset(&kek_key_info, 0, sizeof(kek_key_info)); + memset(&kek_ctx, 0, sizeof(kek_ctx)); + memset(kek, 0, sizeof(kek)); + memset(saved_pk, 0, sizeof(saved_pk)); + + return ret; +} /* wrap */ + +static fsl_shw_return_t create(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + unsigned key_length = key_info->key_length; + di_return_t di_code; + + if (!(key_info->flags & FSL_SKO_KEY_SW_KEY)) { + /* Must be creating key for PK */ + if ((key_info->algorithm != FSL_KEY_ALG_TDES) || + ((key_info->key_length != 16) + && (key_info->key_length != 21) /* permuted 168-bit key */ + &&(key_info->key_length != 24))) { + ret = FSL_RETURN_ERROR_S; + goto out; + } + + key_length = 21; /* 168-bit PK */ + } + + /* operational block */ + { + uint8_t key_value[key_length]; + +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Creating random key\n"); +#endif + ret = fsl_shw_get_random(user_ctx, key_length, key_value); + if (ret != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("get_random for CREATE KEY failed\n"); +#endif + goto out; + } + + if (key_info->flags & FSL_SKO_KEY_SW_KEY) { + ret = load_slot(user_ctx, key_info, key_value); + } else { + di_code = + dryice_set_programmed_key(key_value, 8 * key_length, + 0); + if (di_code != 0) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("di set_pk failed: %s\n", + di_error_string(di_code)); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + ret = FSL_RETURN_OK_S; + } + memset(key_value, 0, key_length); + } /* end operational block */ + +#ifdef DIAG_SECURITY_FUNC + if (ret != FSL_RETURN_OK_S) { + LOG_DIAG("Loading random key failed"); + } +#endif + + out: + + return ret; +} /* end fn create */ + +static fsl_shw_return_t accept(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, const uint8_t * key) +{ + uint8_t permuted_key[21]; + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + + if (key == NULL) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("ACCEPT: Red Key is NULL"); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } +#ifdef DIAG_SECURITY_FUNC + dump("red", key, key_info->key_length); +#endif + /* Only SW keys go into the keystore */ + if (key_info->flags & FSL_SKO_KEY_SW_KEY) { + + /* Copy in safe number of bytes of Red key */ + ret = load_slot(user_ctx, key_info, key); + } else { /* not SW key */ + di_return_t di_ret; + + /* Only 3DES PGM key types can be established */ + if (((key_info->pf_key != FSL_SHW_PF_KEY_PRG) + && (key_info->pf_key != FSL_SHW_PF_KEY_IIM_PRG)) + || (key_info->algorithm != FSL_KEY_ALG_TDES)) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS + ("ACCEPT: Failed trying to establish non-PRG" + " or invalid 3DES Key: iim%d, iim_prg%d, alg%d\n", + (key_info->pf_key != FSL_SHW_PF_KEY_PRG), + (key_info->pf_key != FSL_SHW_PF_KEY_IIM_PRG), + (key_info->algorithm != FSL_KEY_ALG_TDES)); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + if ((key_info->key_length != 16) + && (key_info->key_length != 21) + && (key_info->key_length != 24)) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("ACCEPT: Failed trying to establish" + " invalid 3DES Key: len=%d (%d)\n", + key_info->key_length, + ((key_info->key_length != 16) + && (key_info->key_length != 21) + && (key_info->key_length != 24))); +#endif + ret = FSL_RETURN_BAD_KEY_LENGTH_S; + goto out; + } + + /* Convert key into 168-bit value and put it into PK */ + if (key_info->key_length != 21) { + fsl_shw_permute1_bytes(key, permuted_key, + key_info->key_length / 8); + di_ret = + dryice_set_programmed_key(permuted_key, 168, 0); + } else { + /* Already permuted ! */ + di_ret = dryice_set_programmed_key(key, 168, 0); + } + if (di_ret != DI_SUCCESS) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS + ("ACCEPT: DryIce error setting Program Key: %s", + di_error_string(di_ret)); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + } + + ret = FSL_RETURN_OK_S; + + out: + memset(permuted_key, 0, 21); + + return ret; +} /* end fn accept */ + +/*! + * Place a key into a protected location for use only by cryptographic + * algorithms. + * + * This only needs to be used to a) unwrap a key, or b) set up a key which + * could be wrapped by calling #fsl_shw_extract_key() at some later time). + * + * The protected key will not be available for use until this operation + * successfully completes. + * + * @bug This whole discussion needs review. + * + * This feature is not available for all platforms, nor for all algorithms and + * modes. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param[in,out] key_info The information about the key to be which will + * be established. In the create case, the key + * length must be set. + * @param establish_type How @a key will be interpreted to establish a + * key for use. + * @param key If @a establish_type is #FSL_KEY_WRAP_UNWRAP, + * this is the location of a wrapped key. If + * @a establish_type is #FSL_KEY_WRAP_CREATE, this + * parameter can be @a NULL. If @a establish_type + * is #FSL_KEY_WRAP_ACCEPT, this is the location + * of a plaintext key. + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_establish_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_key_wrap_t establish_type, + const uint8_t * key) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + unsigned original_key_length = key_info->key_length; + unsigned rounded_key_length; + unsigned slot_allocated = 0; + + /* For now, only blocking mode calls are supported */ + if (!(user_ctx->flags & FSL_UCO_BLOCKING_MODE)) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("%s: Non-blocking call not supported\n", + __FUNCTION__); +#endif + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + + /* + HW keys are always 'established', but otherwise do not allow user + * to establish over the top of an established key. + */ + if ((key_info->flags & FSL_SKO_KEY_ESTABLISHED) + && !(key_info->flags & FSL_SKO_KEY_SELECT_PF_KEY)) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("%s: Key already established\n", __FUNCTION__); +#endif + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + + /* @bug VALIDATE KEY flags here -- SW or PRG/IIM_PRG */ + + /* Write operations into SCC memory require word-multiple number of + * bytes. For ACCEPT and CREATE functions, the key length may need + * to be rounded up. Calculate. */ + if (LENGTH_PATCH && (original_key_length & LENGTH_PATCH_MASK) != 0) { + rounded_key_length = original_key_length + LENGTH_PATCH + - (original_key_length & LENGTH_PATCH_MASK); + } else { + rounded_key_length = original_key_length; + } + + /* SW keys need a place to live */ + if (key_info->flags & FSL_SKO_KEY_SW_KEY) { + ret = alloc_slot(user_ctx, key_info); + if (ret != FSL_RETURN_OK_S) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Slot allocation failed\n"); +#endif + goto out; + } + slot_allocated = 1; + } + + switch (establish_type) { + case FSL_KEY_WRAP_CREATE: +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Creating random key\n"); +#endif + ret = create(user_ctx, key_info); + break; + + case FSL_KEY_WRAP_ACCEPT: +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Accepting plaintext key\n"); +#endif + ret = accept(user_ctx, key_info, key); + break; + + case FSL_KEY_WRAP_UNWRAP: +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Unwrapping wrapped key\n"); +#endif + ret = unwrap(user_ctx, key_info, key); + break; + + default: + ret = FSL_RETURN_BAD_FLAG_S; + break; + } /* switch */ + + out: + if (ret != FSL_RETURN_OK_S) { + if (slot_allocated) { + (void)dealloc_slot(user_ctx, key_info); + } + key_info->flags &= ~FSL_SKO_KEY_ESTABLISHED; + } else { + key_info->flags |= FSL_SKO_KEY_ESTABLISHED; + } + + return ret; +} /* end fn fsl_shw_establish_key */ + +/*! + * Wrap a key and retrieve the wrapped value. + * + * A wrapped key is a key that has been cryptographically obscured. It is + * only able to be used with #fsl_shw_establish_key(). + * + * This function will also release a software key (see #fsl_shw_release_key()) + * so it must be re-established before reuse. This is not true of PGM keys. + * + * This feature is not available for all platforms, nor for all algorithms and + * modes. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param key_info The information about the key to be deleted. + * @param[out] covered_key The location to store the 48-octet wrapped key. + * (This size is based upon the maximum key size + * of 32 octets). + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_extract_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + uint8_t * covered_key) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + + /* For now, only blocking mode calls are supported */ + if (!(user_ctx->flags & FSL_UCO_BLOCKING_MODE)) { + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Wrapping a key\n"); +#endif + + if (!(key_info->flags & FSL_SKO_KEY_ESTABLISHED)) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("%s: Key not established\n", __FUNCTION__); +#endif + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + /* Verify that a SW key info really belongs to a SW key */ + if (key_info->flags & FSL_SKO_KEY_SW_KEY) { + /* ret = FSL_RETURN_BAD_FLAG_S; + goto out;*/ + } + + ret = wrap(user_ctx, key_info, covered_key); + if (ret != FSL_RETURN_OK_S) { + goto out; + } + + if (key_info->flags & FSL_SKO_KEY_SW_KEY) { + /* Need to deallocate on successful extraction */ + (void)dealloc_slot(user_ctx, key_info); + /* Mark key not available in the flags */ + key_info->flags &= + ~(FSL_SKO_KEY_ESTABLISHED | FSL_SKO_KEY_PRESENT); + memset(key_info->key, 0, sizeof(key_info->key)); + } + + out: + return ret; +} /* end fn fsl_shw_extract_key */ + +/*! + * De-establish a key so that it can no longer be accessed. + * + * The key will need to be re-established before it can again be used. + * + * This feature is not available for all platforms, nor for all algorithms and + * modes. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param key_info The information about the key to be deleted. + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_release_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + + /* For now, only blocking mode calls are supported */ + if (!(user_ctx->flags & FSL_UCO_BLOCKING_MODE)) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Not in blocking mode\n"); +#endif + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Releasing a key\n"); +#endif + + if (!(key_info->flags & FSL_SKO_KEY_ESTABLISHED)) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Key not established\n"); +#endif + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + + if (key_info->flags & FSL_SKO_KEY_SW_KEY) { + (void)dealloc_slot(user_ctx, key_info); + /* Turn off 'established' flag */ +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("dealloc_slot() called\n"); +#endif + key_info->flags &= ~FSL_SKO_KEY_ESTABLISHED; + ret = FSL_RETURN_OK_S; + goto out; + } + + if ((key_info->pf_key == FSL_SHW_PF_KEY_PRG) + || (key_info->pf_key == FSL_SHW_PF_KEY_IIM_PRG)) { + di_return_t di_ret; + + di_ret = dryice_release_programmed_key(); + if (di_ret != DI_SUCCESS) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS + ("dryice_release_programmed_key() failed: %d\n", + di_ret); +#endif + ret = FSL_RETURN_ERROR_S; + goto out; + } + } else { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Neither SW nor HW key\n"); +#endif + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + + ret = FSL_RETURN_OK_S; + + out: + return ret; +} /* end fn fsl_shw_release_key */ + +fsl_shw_return_t fsl_shw_read_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, uint8_t * key) +{ + fsl_shw_return_t ret = FSL_RETURN_INTERNAL_ERROR_S; + + /* Only blocking mode calls are supported */ + if (!(user_ctx->flags & FSL_UCO_BLOCKING_MODE)) { + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + printk("Reading a key\n"); +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG("Reading a key"); +#endif + if (key_info->flags & FSL_SKO_KEY_PRESENT) { + memcpy(key_info->key, key, key_info->key_length); + ret = FSL_RETURN_OK_S; + } else if (key_info->flags & FSL_SKO_KEY_ESTABLISHED) { + printk("key established\n"); + if (key_info->keystore == NULL) { + printk("keystore is null\n"); + /* First verify that the key access is valid */ + ret = + system_keystore.slot_verify_access(system_keystore. + user_data, + key_info->userid, + key_info-> + handle); + + printk("key in system keystore\n"); + + /* Key is in system keystore */ + ret = keystore_slot_read(&system_keystore, + key_info->userid, + key_info->handle, + key_info->key_length, key); + } else { + printk("key goes in user keystore.\n"); + /* Key goes in user keystore */ + ret = keystore_slot_read(key_info->keystore, + key_info->userid, + key_info->handle, + key_info->key_length, key); + } + } + + out: + return ret; +} /* end fn fsl_shw_read_key */ + +#else /* __KERNEL__ && DRYICE */ + +/* User mode -- these functions are unsupported */ + +fsl_shw_return_t fsl_shw_establish_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_key_wrap_t establish_type, + const uint8_t * key) +{ + (void)user_ctx; + (void)key_info; + (void)establish_type; + (void)key; + + return FSL_RETURN_NO_RESOURCE_S; +} + +fsl_shw_return_t fsl_shw_extract_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + uint8_t * covered_key) +{ + (void)user_ctx; + (void)key_info; + (void)covered_key; + + return FSL_RETURN_NO_RESOURCE_S; +} + +fsl_shw_return_t fsl_shw_release_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info) +{ + (void)user_ctx; + (void)key_info; + + return FSL_RETURN_NO_RESOURCE_S; +} + +fsl_shw_return_t fsl_shw_read_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, uint8_t * key) +{ + (void)user_ctx; + (void)key_info; + (void)key; + + return FSL_RETURN_NO_RESOURCE_S; +} + +#endif /* __KERNEL__ && DRYICE */ diff --git a/drivers/mxc/security/rng/include/rng_driver.h b/drivers/mxc/security/rng/include/rng_driver.h new file mode 100644 index 000000000000..e760a14f2ded --- /dev/null +++ b/drivers/mxc/security/rng/include/rng_driver.h @@ -0,0 +1,134 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU Lesser General + * Public License. You may obtain a copy of the GNU Lesser General + * Public License Version 2.1 or later at the following locations: + * + * http://www.opensource.org/licenses/lgpl-license.html + * http://www.gnu.org/copyleft/lgpl.html + */ + +#ifndef RNG_DRIVER_H +#define RNG_DRIVER_H + +#include "shw_driver.h" + +/* This is a Linux flag meaning 'compiling kernel code'... */ +#ifndef __KERNEL__ +#include <inttypes.h> +#include <stdlib.h> +#include <memory.h> +#else +#include "../../sahara2/include/portable_os.h" +#endif + +#include "../../sahara2/include/fsl_platform.h" + +/*! @file rng_driver.h + * + * @brief Header file to use the RNG driver. + * + * @ingroup RNG + */ + +#if defined(FSL_HAVE_RNGA) + +#include "rng_rnga.h" + +#elif defined(FSL_HAVE_RNGB) || defined(FSL_HAVE_RNGC) + +#include "rng_rngc.h" + +#else /* neither RNGA, RNGB, nor RNGC */ + +#error NO_RNG_TYPE_IDENTIFIED + +#endif + +/***************************************************************************** + * Enumerations + *****************************************************************************/ + +/*! Values from Version ID register */ +enum rng_type { + /*! Type RNGA. */ + RNG_TYPE_RNGA = 0, + /*! Type RNGB. */ + RNG_TYPE_RNGB = 1, + /*! Type RNGC */ + RNG_TYPE_RNGC = 2 +}; + +/*! + * Return values (error codes) for kernel register interface functions + */ +typedef enum rng_return { + RNG_RET_OK = 0, /*!< Function succeeded */ + RNG_RET_FAIL /*!< Non-specific failure */ +} rng_return_t; + +/***************************************************************************** + * Data Structures + *****************************************************************************/ +/*! + * An entry in the RNG Work Queue. Based upon standard SHW queue entry. + * + * This entry also gets saved (for non-blocking requests) in the user's result + * pool. When the user picks up the request, the final processing (copy from + * data_local to data_user) will get made if status was good. + */ +typedef struct rng_work_entry { + struct shw_queue_entry_t hdr; /*!< Standards SHW queue info. */ + uint32_t length; /*!< Number of bytes still needed to satisfy request. */ + uint32_t *data_local; /*!< Where data from RNG FIFO gets placed. */ + uint8_t *data_user; /*!< Ultimate target of data. */ + unsigned completed; /*!< Non-zero if job is done. */ +} rng_work_entry_t; + +/***************************************************************************** + * Function Prototypes + *****************************************************************************/ + +#ifdef RNG_REGISTER_PEEK_POKE +/*! + * Read value from an RNG register. + * The offset will be checked for validity as well as whether it is + * accessible at the time of the call. + * + * This routine cannot be used to read the RNG's Output FIFO if the RNG is in + * High Assurance mode. + * + * @param[in] register_offset The (byte) offset within the RNG block + * of the register to be queried. See + * RNG(A, C) registers for meanings. + * @param[out] value Pointer to where value from the register + * should be placed. + * + * @return See #rng_return_t. + */ +/* REQ-FSLSHW-PINTFC-API-LLF-001 */ +extern rng_return_t rng_read_register(uint32_t register_offset, + uint32_t * value); + +/*! + * Write a new value into an RNG register. + * + * The offset will be checked for validity as well as whether it is + * accessible at the time of the call. + * + * @param[in] register_offset The (byte) offset within the RNG block + * of the register to be modified. See + * RNG(A, C) registers for meanings. + * @param[in] value The value to store into the register. + * + * @return See #rng_return_t. + */ +/* REQ-FSLSHW-PINTFC-API-LLF-002 */ +extern rng_return_t rng_write_register(uint32_t register_offset, + uint32_t value); +#endif /* RNG_REGISTER_PEEK_POKE */ + +#endif /* RNG_DRIVER_H */ diff --git a/drivers/mxc/security/rng/include/rng_internals.h b/drivers/mxc/security/rng/include/rng_internals.h new file mode 100644 index 000000000000..9f754a77e766 --- /dev/null +++ b/drivers/mxc/security/rng/include/rng_internals.h @@ -0,0 +1,680 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + +#ifndef RNG_INTERNALS_H +#define RNG_INTERNALS_H + +/*! @file rng_internals.h + * + * This file contains definitions which are internal to the RNG driver. + * + * This header file should only ever be needed by rng_driver.c + * + * Compile-time flags minimally needed: + * + * @li Some sort of platform flag. (FSL_HAVE_RNGA or FSL_HAVE_RNGC) + * + * @ingroup RNG + */ + +#include "portable_os.h" +#include "shw_driver.h" +#include "rng_driver.h" + +/*! @defgroup rngcompileflags RNG Compile Flags + * + * These are flags which are used to configure the RNG driver at compilation + * time. + * + * Most of them default to good values for normal operation, but some + * (#INT_RNG and #RNG_BASE_ADDR) need to be provided. + * + * The terms 'defined' and 'undefined' refer to whether a @c \#define (or -D on + * a compile command) has defined a given preprocessor symbol. If a given + * symbol is defined, then @c \#ifdef \<symbol\> will succeed. Some symbols + * described below default to not having a definition, i.e. they are undefined. + * + */ + +/*! @addtogroup rngcompileflags */ +/*! @{ */ + +/*! + * This is the maximum number of times the driver will loop waiting for the + * RNG hardware to say that it has generated random data. It prevents the + * driver from stalling forever should there be a hardware problem. + * + * Default value is 100. It should be revisited as CPU clocks speed up. + */ +#ifndef RNG_MAX_TRIES +#define RNG_MAX_TRIES 100 +#endif + +/* Temporarily define compile-time flags to make Doxygen happy and allow them + to get into the documentation. */ +#ifdef DOXYGEN_HACK + +/*! + * This symbol is the base address of the RNG in the CPU memory map. It may + * come from some included header file, or it may come from the compile command + * line. This symbol has no default, and the driver will not compile without + * it. + */ +#define RNG_BASE_ADDR +#undef RNG_BASE_ADDR + +/*! + * This symbol is the Interrupt Number of the RNG in the CPU. It may come + * from some included header file, or it may come from the compile command + * line. This symbol has no default, and the driver will not compile without + * it. + */ +#define INT_RNG +#undef INT_RNG + +/*! + * Defining this symbol will allow other kernel programs to call the + * #rng_read_register() and #rng_write_register() functions. If this symbol is + * not defined, those functions will not be present in the driver. + */ +#define RNG_REGISTER_PEEK_POKE +#undef RNG_REGISTER_PEEK_POKE + +/*! + * Turn on compilation of run-time operational, debug, and error messages. + * + * This flag is undefined by default. + */ +/* REQ-FSLSHW-DEBUG-001 */ + +/*! + * Turn on compilation of run-time logging of access to the RNG registers, + * except for the RNG's Output FIFO register. See #RNG_ENTROPY_DEBUG. + * + * This flag is undefined by default + */ +#define RNG_REGISTER_DEBUG +#undef RNG_REGISTER_DEBUG + +/*! + * Turn on compilation of run-time logging of reading of the RNG's Output FIFO + * register. This flag does nothing if #RNG_REGISTER_DEBUG is not defined. + * + * This flag is undefined by default + */ +#define RNG_ENTROPY_DEBUG +#undef RNG_ENTROPY_DEBUG + +/*! + * If this flag is defined, the driver will not attempt to put the RNG into + * High Assurance mode. + + * If it is undefined, the driver will attempt to put the RNG into High + * Assurance mode. If RNG fails to go into High Assurance mode, the driver + * will fail to initialize. + + * In either case, if the RNG is already in this mode, the driver will operate + * normally. + * + * This flag is undefined by default. + */ +#define RNG_NO_FORCE_HIGH_ASSURANCE +#undef RNG_NO_FORCE_HIGH_ASSURANCE + +/*! + * If this flag is defined, the driver will put the RNG into low power mode + * every opportunity. + * + * This flag is undefined by default. + */ +#define RNG_USE_LOW_POWER_MODE +#undef RNG_USE_LOW_POWER_MODE + +/*! @} */ +#endif /* end DOXYGEN_HACK */ + +/*! + * If this flag is defined, the driver will not attempt to put the RNG into + * High Assurance mode. + + * If it is undefined, the driver will attempt to put the RNG into High + * Assurance mode. If RNG fails to go into High Assurance mode, the driver + * will fail to initialize. + + * In either case, if the RNG is already in this mode, the driver will operate + * normally. + * + */ +#define RNG_NO_FORCE_HIGH_ASSURANCE + +/*! + * Read a 32-bit value from an RNG register. This macro depends upon + * #rng_base. The os_read32() macro operates on 32-bit quantities, as do + * all RNG register reads. + * + * @param offset Register byte offset within RNG. + * + * @return The value from the RNG's register. + */ +#ifndef RNG_REGISTER_DEBUG +#define RNG_READ_REGISTER(offset) os_read32(rng_base+(offset)) +#else +#define RNG_READ_REGISTER(offset) dbg_rng_read_register(offset) +#endif + +/*! + * Write a 32-bit value to an RNG register. This macro depends upon + * #rng_base. The os_write32() macro operates on 32-bit quantities, as do + * all RNG register writes. + * + * @param offset Register byte offset within RNG. + * @param value 32-bit value to store into the register + * + * @return (void) + */ +#ifndef RNG_REGISTER_DEBUG +#define RNG_WRITE_REGISTER(offset,value) \ + (void)os_write32(rng_base+(offset), value) +#else +#define RNG_WRITE_REGISTER(offset,value) dbg_rng_write_register(offset,value) +#endif + +#ifndef RNG_DRIVER_NAME +/*! @addtogroup rngcompileflags */ +/*! @{ */ +/*! Name the driver will use to register itself to the kernel as the driver. */ +#define RNG_DRIVER_NAME "rng" +/*! @} */ +#endif + +/*! + * Calculate number of words needed to hold the given number of bytes. + * + * @param byte_count Number of bytes + * + * @return Number of words + */ +#define BYTES_TO_WORDS(byte_count) \ + (((byte_count)+sizeof(uint32_t)-1)/sizeof(uint32_t)) + +/*! Gives high-level view of state of the RNG */ +typedef enum rng_status { + RNG_STATUS_INITIAL, /*!< Driver status before ever starting. */ + RNG_STATUS_CHECKING, /*!< During driver initialization. */ + RNG_STATUS_UNIMPLEMENTED, /*!< Hardware is non-existent / unreachable. */ + RNG_STATUS_OK, /*!< Hardware is In Secure or Default state. */ + RNG_STATUS_FAILED /*!< Hardware is In Failed state / other fatal + problem. Driver is still able to read/write + some registers, but cannot get Random + data. */ +} rng_status_t; + +static shw_queue_t rng_work_queue; + +/***************************************************************************** + * + * Function Declarations + * + *****************************************************************************/ + +/* kernel interface functions */ +OS_DEV_INIT_DCL(rng_init); +OS_DEV_TASK_DCL(rng_entropy_task); +OS_DEV_SHUTDOWN_DCL(rng_shutdown); +OS_DEV_ISR_DCL(rng_irq); + +#define RNG_ADD_QUEUE_ENTRY(pool, entry) \ + SHW_ADD_QUEUE_ENTRY(pool, (shw_queue_entry_t*)entry) + +#define RNG_REMOVE_QUEUE_ENTRY(pool, entry) \ + SHW_REMOVE_QUEUE_ENTRY(pool, (shw_queue_entry_t*)entry) +#define RNG_GET_WORK_ENTRY() \ + (rng_work_entry_t*)SHW_POP_FIRST_ENTRY(&rng_work_queue) + +/*! + * Add an work item to a work list. Item will be marked incomplete. + * + * @param work Work entry to place at tail of list. + * + * @return none + */ +inline static void RNG_ADD_WORK_ENTRY(rng_work_entry_t * work) +{ + work->completed = FALSE; + + SHW_ADD_QUEUE_ENTRY(&rng_work_queue, (shw_queue_entry_t *) work); + + os_dev_schedule_task(rng_entropy_task); +} + +/*! + * For #rng_check_register_accessible(), check read permission on given + * register. + */ +#define RNG_CHECK_READ 0 + +/*! + * For #rng_check_register_accessible(), check write permission on given + * register. + */ +#define RNG_CHECK_WRITE 1 + +/* Define different helper symbols based on RNG type */ +#ifdef FSL_HAVE_RNGA + +/****************************************************************************** + * + * RNGA support + * + *****************************************************************************/ + +/*! Interrupt number for driver. */ +#if defined(MXC_INT_RNG) +/* Most modern definition */ +#define INT_RNG MXC_INT_RNG +#elif defined(MXC_INT_RNGA) +#define INT_RNG MXC_INT_RNGA +#else +#define INT_RNG INT_RNGA +#endif + +/*! Base (bus?) address of RNG component. */ +#define RNG_BASE_ADDR RNGA_BASE_ADDR + +/*! Read and return the status register. */ +#define RNG_GET_STATUS() \ + RNG_READ_REGISTER(RNGA_STATUS) +/*! Configure RNG for Auto seeding */ +#define RNG_AUTO_SEED() +/* Put RNG for Seed Generation */ +#define RNG_SEED_GEN() +/*! + * Return RNG Type value. Should be RNG_TYPE_RNGA, RNG_TYPE_RNGB, + * or RNG_TYPE_RNGC. + */ +#define RNG_GET_RNG_TYPE() \ + ((RNG_READ_REGISTER(RNGA_CONTROL) & RNGA_CONTROL_RNG_TYPE_MASK) \ + >> RNGA_CONTROL_RNG_TYPE_SHIFT) + +/*! + * Verify Type value of RNG. + * + * Returns true of OK, false if not. + */ +#define RNG_VERIFY_TYPE(type) \ + ((type) == RNG_TYPE_RNGA) + +/*! Returns non-zero if RNG device is reporting an error. */ +#define RNG_HAS_ERROR() \ + (RNG_READ_REGISTER(RNGA_STATUS) & RNGA_STATUS_ERROR_INTERRUPT) +/*! Returns non-zero if Bad Key is selected */ +#define RNG_HAS_BAD_KEY() 0 +/*! Return non-zero if Self Test Done */ +#define RNG_SELF_TEST_DONE() 0 +/*! Returns non-zero if RNG ring oscillators have failed. */ +#define RNG_OSCILLATOR_FAILED() \ + (RNG_READ_REGISTER(RNGA_STATUS) & RNGA_STATUS_OSCILLATOR_DEAD) + +/*! Returns maximum number of 32-bit words in the RNG's output fifo. */ +#define RNG_GET_FIFO_SIZE() \ + ((RNG_READ_REGISTER(RNGA_STATUS) & RNGA_STATUS_OUTPUT_FIFO_SIZE_MASK) \ + >> RNGA_STATUS_OUTPUT_FIFO_SIZE_SHIFT) + +/*! Returns number of 32-bit words currently in the RNG's output fifo. */ +#define RNG_GET_WORDS_IN_FIFO() \ + ((RNG_READ_REGISTER(RNGA_STATUS) & RNGA_STATUS_OUTPUT_FIFO_LEVEL_MASK) \ + >> RNGA_STATUS_OUTPUT_FIFO_LEVEL_SHIFT) +/* Configuring RNG for Self Test */ +#define RNG_SELF_TEST() +/*! Get a random value from the RNG's output FIFO. */ +#define RNG_READ_FIFO() \ + RNG_READ_REGISTER(RNGA_OUTPUT_FIFO) + +/*! Put entropy into the RNG's algorithm. + * @param value 32-bit value to add to RNG's entropy. + **/ +#define RNG_ADD_ENTROPY(value) \ + RNG_WRITE_REGISTER(RNGA_ENTROPY, (value)) +/*! Return non-zero in case of Error during Self Test */ +#define RNG_CHECK_SELF_ERR() 0 +/*! Return non-zero in case of Error during Seed Generation */ +#define RNG_CHECK_SEED_ERR() 0 +/*! Get the RNG started at generating output. */ +#define RNG_GO() \ +{ \ + register uint32_t control = RNG_READ_REGISTER(RNGA_CONTROL); \ + RNG_WRITE_REGISTER(RNGA_CONTROL, control | RNGA_CONTROL_GO); \ +} +/*! To clear all Error Bits in Error Status Register */ +#define RNG_CLEAR_ERR() +/*! Put RNG into High Assurance mode */ +#define RNG_SET_HIGH_ASSURANCE() \ +{ \ + register uint32_t control = RNG_READ_REGISTER(RNGA_CONTROL); \ + RNG_WRITE_REGISTER(RNGA_CONTROL, control | RNGA_CONTROL_HIGH_ASSURANCE); \ +} + +/*! Return non-zero if the RNG is in High Assurance mode. */ +#define RNG_GET_HIGH_ASSURANCE() \ + (RNG_READ_REGISTER(RNGA_CONTROL) & RNGA_CONTROL_HIGH_ASSURANCE) + +/*! Clear all status, error and otherwise. */ +#define RNG_CLEAR_ALL_STATUS() \ +{ \ + register uint32_t control = RNG_READ_REGISTER(RNGA_CONTROL); \ + RNG_WRITE_REGISTER(RNGA_CONTROL, control | RNGA_CONTROL_CLEAR_INTERRUPT); \ +} +/* Return non-zero if RESEED Required */ +#define RNG_RESEED() 1 + +/*! Return non-zero if Seeding is done */ +#define RNG_SEED_DONE() 1 + +/*! Return non-zero if everything seems OK with the RNG. */ +#define RNG_WORKING() \ + ((RNG_READ_REGISTER(RNGA_STATUS) \ + & (RNGA_STATUS_SLEEP | RNGA_STATUS_SECURITY_VIOLATION \ + | RNGA_STATUS_ERROR_INTERRUPT | RNGA_STATUS_FIFO_UNDERFLOW \ + | RNGA_STATUS_LAST_READ_STATUS )) == 0) + +/*! Put the RNG into sleep (low-power) mode. */ +#define RNG_SLEEP() \ +{ \ + register uint32_t control = RNG_READ_REGISTER(RNGA_CONTROL); \ + RNG_WRITE_REGISTER(RNGA_CONTROL, control | RNGA_CONTROL_SLEEP); \ +} + +/*! Wake the RNG from sleep (low-power) mode. */ +#define RNG_WAKE() \ +{ \ + uint32_t control = RNG_READ_REGISTER(RNGA_CONTROL); \ + RNG_WRITE_REGISTER(RNGA_CONTROL, control & ~RNGA_CONTROL_SLEEP); \ +} + +/*! Mask interrupts so that the driver/OS will not see them. */ +#define RNG_MASK_ALL_INTERRUPTS() \ +{ \ + register uint32_t control = RNG_READ_REGISTER(RNGA_CONTROL); \ + RNG_WRITE_REGISTER(RNGA_CONTROL, control | RNGA_CONTROL_MASK_INTERRUPTS); \ +} + +/*! Unmask interrupts so that the driver/OS will see them. */ +#define RNG_UNMASK_ALL_INTERRUPTS() \ +{ \ + register uint32_t control = RNG_READ_REGISTER(RNGA_CONTROL); \ + RNG_WRITE_REGISTER(RNGA_CONTROL, control & ~RNGA_CONTROL_MASK_INTERRUPTS);\ +} + +/*! + * @def RNG_PUT_RNG_TO_SLEEP() + * + * If compiled with #RNG_USE_LOW_POWER_MODE, this routine will put the RNG + * to sleep (low power mode). + * + * @return none + */ +/*! + * @def RNG_WAKE_RNG_FROM_SLEEP() + * + * If compiled with #RNG_USE_LOW_POWER_MODE, this routine will wake the RNG + * from sleep (low power mode). + * + * @return none + */ +#ifdef RNG_USE_LOW_POWER_MODE + +#define RNG_PUT_RNG_TO_SLEEP() \ + RNG_SLEEP() + +#define RNG_WAKE_FROM_SLEEP() \ + RNG_WAKE() 1 + +#else /* not low power mode */ + +#define RNG_PUT_RNG_TO_SLEEP() + +#define RNG_WAKE_FROM_SLEEP() + +#endif /* Use low-power mode */ + +#else /* FSL_HAVE_RNGB or FSL_HAVE_RNGC */ + +/****************************************************************************** + * + * RNGB and RNGC support + * + *****************************************************************************/ +/* + * The operational interfaces for RNGB and RNGC are almost identical, so + * the defines for RNGC work fine for both. There are minor differences + * which will be treated within this conditional block. + */ + +/*! Interrupt number for driver. */ +#if defined(MXC_INT_RNG) +/* Most modern definition */ +#define INT_RNG MXC_INT_RNG +#elif defined(MXC_INT_RNGC) +#define INT_RNG MXC_INT_RNGC +#elif defined(MXC_INT_RNGB) +#define INT_RNG MXC_INT_RNGB +#elif defined(INT_RNGC) +#define INT_RNG INT_RNGC +#else +#error NO_INTERRUPT_DEFINED +#endif + +/*! Base address of RNG component. */ +#ifdef FSL_HAVE_RNGB +#define RNG_BASE_ADDR RNGB_BASE_ADDR +#else +#define RNG_BASE_ADDR RNGC_BASE_ADDR +#endif + +/*! Read and return the status register. */ +#define RNG_GET_STATUS() \ + RNG_READ_REGISTER(RNGC_ERROR) + +/*! + * Return RNG Type value. Should be RNG_TYPE_RNGA or RNG_TYPE_RNGC. + */ +#define RNG_GET_RNG_TYPE() \ + ((RNG_READ_REGISTER(RNGC_VERSION_ID) & RNGC_VERID_RNG_TYPE_MASK) \ + >> RNGC_VERID_RNG_TYPE_SHIFT) + +/*! + * Verify Type value of RNG. + * + * Returns true of OK, false if not. + */ +#ifdef FSL_HAVE_RNGB +#define RNG_VERIFY_TYPE(type) \ + ((type) == RNG_TYPE_RNGB) +#else /* RNGC */ +#define RNG_VERIFY_TYPE(type) \ + ((type) == RNG_TYPE_RNGC) +#endif + +/*! Returns non-zero if RNG device is reporting an error. */ +#define RNG_HAS_ERROR() \ + (RNG_READ_REGISTER(RNGC_STATUS) & RNGC_STATUS_ERROR) +/*! Returns non-zero if Bad Key is selected */ +#define RNG_HAS_BAD_KEY() \ + (RNG_READ_REGISTER(RNGC_ERROR) & RNGC_ERROR_STATUS_BAD_KEY) +/*! Returns non-zero if RNG ring oscillators have failed. */ +#define RNG_OSCILLATOR_FAILED() \ + (RNG_READ_REGISTER(RNGC_ERROR) & RNGC_ERROR_STATUS_OSC_ERR) + +/*! Returns maximum number of 32-bit words in the RNG's output fifo. */ +#define RNG_GET_FIFO_SIZE() \ + ((RNG_READ_REGISTER(RNGC_STATUS) & RNGC_STATUS_FIFO_SIZE_MASK) \ + >> RNGC_STATUS_FIFO_SIZE_SHIFT) + +/*! Returns number of 32-bit words currently in the RNG's output fifo. */ +#define RNG_GET_WORDS_IN_FIFO() \ + ((RNG_READ_REGISTER(RNGC_STATUS) & RNGC_STATUS_FIFO_LEVEL_MASK) \ + >> RNGC_STATUS_FIFO_LEVEL_SHIFT) + +/*! Get a random value from the RNG's output FIFO. */ +#define RNG_READ_FIFO() \ + RNG_READ_REGISTER(RNGC_FIFO) + +/*! Put entropy into the RNG's algorithm. + * @param value 32-bit value to add to RNG's entropy. + **/ +#ifdef FSL_HAVE_RNGB +#define RNG_ADD_ENTROPY(value) \ + RNG_WRITE_REGISTER(RNGB_ENTROPY, value) +#else /* RNGC does not have Entropy register */ +#define RNG_ADD_ENTROPY(value) +#endif +/*! Wake the RNG from sleep (low-power) mode. */ +#define RNG_WAKE() 1 +/*! Get the RNG started at generating output. */ +#define RNG_GO() +/*! Put RNG into High Assurance mode. */ +#define RNG_SET_HIGH_ASSURANCE() +/*! Returns non-zero in case of Error during Self Test */ +#define RNG_CHECK_SELF_ERR() \ + (RNG_READ_REGISTER(RNGC_ERROR) & RNGC_ERROR_STATUS_ST_ERR) +/*! Return non-zero in case of Error during Seed Generation */ +#define RNG_CHECK_SEED_ERR() \ + (RNG_READ_REGISTER(RNGC_ERROR) & RNGC_ERROR_STATUS_STAT_ERR) + +/*! Configure RNG for Self Test */ +#define RNG_SELF_TEST() \ +{ \ + register uint32_t command = RNG_READ_REGISTER(RNGC_COMMAND); \ + RNG_WRITE_REGISTER(RNGC_COMMAND, command \ + | RNGC_COMMAND_SELF_TEST); \ +} +/*! Clearing the Error bits in Error Status Register */ +#define RNG_CLEAR_ERR() \ +{ \ + register uint32_t command = RNG_READ_REGISTER(RNGC_COMMAND); \ + RNG_WRITE_REGISTER(RNGC_COMMAND, command \ + | RNGC_COMMAND_CLEAR_ERROR); \ +} + +/*! Return non-zero if Self Test Done */ +#define RNG_SELF_TEST_DONE() \ + (RNG_READ_REGISTER(RNGC_STATUS) & RNGC_STATUS_ST_DONE) +/* Put RNG for SEED Generation */ +#define RNG_SEED_GEN() \ +{ \ + register uint32_t command = RNG_READ_REGISTER(RNGC_COMMAND); \ + RNG_WRITE_REGISTER(RNGC_COMMAND, command \ + | RNGC_COMMAND_SEED); \ +} +/* Return non-zero if RESEED Required */ +#define RNG_RESEED() \ + (RNG_READ_REGISTER(RNGC_STATUS) & RNGC_STATUS_RESEED) + +/*! Return non-zero if the RNG is in High Assurance mode. */ +#define RNG_GET_HIGH_ASSURANCE() (RNG_READ_REGISTER(RNGC_STATUS) & \ + RNGC_STATUS_SEC_STATE) + +/*! Clear all status, error and otherwise. */ +#define RNG_CLEAR_ALL_STATUS() \ + RNG_WRITE_REGISTER(RNGC_COMMAND, \ + RNGC_COMMAND_CLEAR_INTERRUPT \ + | RNGC_COMMAND_CLEAR_ERROR) + +/*! Return non-zero if everything seems OK with the RNG. */ +#define RNG_WORKING() \ + ((RNG_READ_REGISTER(RNGC_ERROR) \ + & (RNGC_ERROR_STATUS_STAT_ERR | RNGC_ERROR_STATUS_RAND_ERR \ + | RNGC_ERROR_STATUS_FIFO_ERR | RNGC_ERROR_STATUS_ST_ERR | \ + RNGC_ERROR_STATUS_OSC_ERR | RNGC_ERROR_STATUS_LFSR_ERR )) == 0) +/*! Return Non zero if SEEDING is DONE */ +#define RNG_SEED_DONE() \ + ((RNG_READ_REGISTER(RNGC_STATUS) & RNGC_STATUS_SEED_DONE) != 0) + +/*! Put the RNG into sleep (low-power) mode. */ +#define RNG_SLEEP() + +/*! Wake the RNG from sleep (low-power) mode. */ + +/*! Mask interrupts so that the driver/OS will not see them. */ +#define RNG_MASK_ALL_INTERRUPTS() \ +{ \ + register uint32_t control = RNG_READ_REGISTER(RNGC_CONTROL); \ + RNG_WRITE_REGISTER(RNGC_CONTROL, control \ + | RNGC_CONTROL_MASK_DONE \ + | RNGC_CONTROL_MASK_ERROR); \ +} +/*! Configuring RNGC for self Test. */ + +#define RNG_AUTO_SEED() \ +{ \ + register uint32_t control = RNG_READ_REGISTER(RNGC_CONTROL); \ + RNG_WRITE_REGISTER(RNGC_CONTROL, control \ + | RNGC_CONTROL_AUTO_SEED); \ +} + +/*! Unmask interrupts so that the driver/OS will see them. */ +#define RNG_UNMASK_ALL_INTERRUPTS() \ +{ \ + register uint32_t control = RNG_READ_REGISTER(RNGC_CONTROL); \ + RNG_WRITE_REGISTER(RNGC_CONTROL, \ + control & ~(RNGC_CONTROL_MASK_DONE|RNGC_CONTROL_MASK_ERROR)); \ +} + +/*! Put RNG to sleep if appropriate. */ +#define RNG_PUT_RNG_TO_SLEEP() + +/*! Wake RNG from sleep if necessary. */ +#define RNG_WAKE_FROM_SLEEP() + +#endif /* RNG TYPE */ + +/* internal functions */ +static os_error_code rng_map_RNG_memory(void); +static os_error_code rng_setup_interrupt_handling(void); +#ifdef RNG_REGISTER_PEEK_POKE +inline static int rng_check_register_offset(uint32_t offset); +inline static int rng_check_register_accessible(uint32_t offset, + int access_write); +#endif /* DEBUG_RNG_REGISTERS */ +static fsl_shw_return_t rng_drain_fifo(uint32_t * random_p, int count_words); +static os_error_code rng_grab_config_values(void); +static void rng_cleanup(void); + +#ifdef FSL_HAVE_RNGA +static void rng_sec_failure(void); +#endif + +#ifdef RNG_REGISTER_DEBUG +static uint32_t dbg_rng_read_register(uint32_t offset); +static void dbg_rng_write_register(uint32_t offset, uint32_t value); +#endif + +#if defined(LINUX_VERSION_CODE) + +EXPORT_SYMBOL(fsl_shw_add_entropy); +EXPORT_SYMBOL(fsl_shw_get_random); + +#ifdef RNG_REGISTER_PEEK_POKE +/* For Linux kernel, export the API functions to other kernel modules */ +EXPORT_SYMBOL(rng_read_register); +EXPORT_SYMBOL(rng_write_register); +#endif /* DEBUG_RNG_REGISTERS */ + + + +MODULE_AUTHOR("Freescale Semiconductor"); +MODULE_DESCRIPTION("Device Driver for RNG"); + +#endif /* LINUX_VERSION_CODE */ + +#endif /* RNG_INTERNALS_H */ diff --git a/drivers/mxc/security/rng/include/rng_rnga.h b/drivers/mxc/security/rng/include/rng_rnga.h new file mode 100644 index 000000000000..a3a86b961506 --- /dev/null +++ b/drivers/mxc/security/rng/include/rng_rnga.h @@ -0,0 +1,181 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + +#ifndef RNG_RNGA_H +#define RNG_RNGA_H + +/*! @defgroup rngaregs RNGA Registers + * @ingroup RNG + * These are the definitions for the RNG registers and their offsets + * within the RNG. They are used in the @c register_offset parameter of + * #rng_read_register() and #rng_write_register(). + */ +/*! @addtogroup rngaregs */ +/*! @{ */ + +/*! Control Register. See @ref rngacontrolreg. */ +#define RNGA_CONTROL 0x00 +/*! Status Register. See @ref rngastatusreg. */ +#define RNGA_STATUS 0x04 +/*! Register for adding to the Entropy of the RNG */ +#define RNGA_ENTROPY 0x08 +/*! Register containing latest 32 bits of random value */ +#define RNGA_OUTPUT_FIFO 0x0c +/*! Mode Register. Non-secure mode access only. See @ref rngmodereg. */ +#define RNGA_MODE 0x10 +/*! Verification Control Register. Non-secure mode access only. See + * @ref rngvfctlreg. */ +#define RNGA_VERIFICATION_CONTROL 0x14 +/*! Oscillator Control Counter Register. Non-secure mode access only. + * See @ref rngosccntctlreg. */ +#define RNGA_OSCILLATOR_CONTROL_COUNTER 0x18 +/*! Oscillator 1 Counter Register. Non-secure mode access only. See + * @ref rngosccntreg. */ +#define RNGA_OSCILLATOR1_COUNTER 0x1c +/*! Oscillator 2 Counter Register. Non-secure mode access only. See + * @ref rngosccntreg. */ +#define RNGA_OSCILLATOR2_COUNTER 0x20 +/*! Oscillator Counter Status Register. Non-secure mode access only. See + * @ref rngosccntstatreg. */ +#define RNGA_OSCILLATOR_COUNTER_STATUS 0x24 +/*! @} */ + +/*! Total address space of the RNGA, in bytes */ +#define RNG_ADDRESS_RANGE 0x28 + +/*! @defgroup rngacontrolreg RNGA Control Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngacontrolreg */ +/*! @{ */ +/*! These bits are unimplemented or reserved */ +#define RNGA_CONTROL_ZEROS_MASK 0x0fffffe0 +/*! 'RNG type' - should be 0 for RNGA */ +#define RNGA_CONTROL_RNG_TYPE_MASK 0xf0000000 +/*! Number of bits to shift the type to get it to LSB */ +#define RNGA_CONTROL_RNG_TYPE_SHIFT 28 +/*! Put RNG to sleep */ +#define RNGA_CONTROL_SLEEP 0x00000010 +/*! Clear interrupt & status */ +#define RNGA_CONTROL_CLEAR_INTERRUPT 0x00000008 +/*! Mask interrupt generation */ +#define RNGA_CONTROL_MASK_INTERRUPTS 0x00000004 +/*! Enter into Secure Mode. Notify SCC of security violation should FIFO + * underflow occur. */ +#define RNGA_CONTROL_HIGH_ASSURANCE 0x00000002 +/*! Load data into FIFO */ +#define RNGA_CONTROL_GO 0x00000001 +/*! @} */ + +/*! @defgroup rngastatusreg RNGA Status Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngastatusreg */ +/*! @{ */ +/*! RNG Oscillator not working */ +#define RNGA_STATUS_OSCILLATOR_DEAD 0x80000000 +/*! These bits are undefined or reserved */ +#define RNGA_STATUS_ZEROS1_MASK 0x7f000000 +/*! How big FIFO is, in bytes */ +#define RNGA_STATUS_OUTPUT_FIFO_SIZE_MASK 0x00ff0000 +/*! How many bits right to shift fifo size to make it LSB */ +#define RNGA_STATUS_OUTPUT_FIFO_SIZE_SHIFT 16 +/*! How many bytes are currently in the FIFO */ +#define RNGA_STATUS_OUTPUT_FIFO_LEVEL_MASK 0x0000ff00 +/*! How many bits right to shift fifo level to make it LSB */ +#define RNGA_STATUS_OUTPUT_FIFO_LEVEL_SHIFT 8 +/*! These bits are undefined or reserved. */ +#define RNGA_STATUS_ZEROS2_MASK 0x000000e0 +/*! RNG is sleeping. */ +#define RNGA_STATUS_SLEEP 0x00000010 +/*! Error detected. */ +#define RNGA_STATUS_ERROR_INTERRUPT 0x00000008 +/*! FIFO was empty on some read since last status read. */ +#define RNGA_STATUS_FIFO_UNDERFLOW 0x00000004 +/*! FIFO was empty on most recent read. */ +#define RNGA_STATUS_LAST_READ_STATUS 0x00000002 +/*! Security violation occurred. Will only happen in High Assurance mode. */ +#define RNGA_STATUS_SECURITY_VIOLATION 0x00000001 +/*! @} */ + +/*! @defgroup rngmodereg RNG Mode Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngmodereg */ +/*! @{ */ +/*! These bits are undefined or reserved */ +#define RNGA_MODE_ZEROS_MASK 0xfffffffc +/*! RNG is in / put RNG in Oscillator Frequency Test Mode. */ +#define RNGA_MODE_OSCILLATOR_FREQ_TEST 0x00000002 +/*! Put RNG in verification mode / RNG is in verification mode. */ +#define RNGA_MODE_VERIFICATION 0x00000001 +/*! @} */ + +/*! @defgroup rngvfctlreg RNG Verification Control Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngvfctlreg */ +/*! @{ */ +/*! These bits are undefined or reserved. */ +#define RNGA_VFCTL_ZEROS_MASK 0xfffffff8 +/*! Reset the shift registers. */ +#define RNGA_VFCTL_RESET_SHIFT_REGISTERS 0x00000004 +/*! Drive shift registers from system clock. */ +#define RNGA_VFCTL_FORCE_SYSTEM_CLOCK 0x00000002 +/*! Turn off shift register clocks. */ +#define RNGA_VFCTL_SHIFT_CLOCK_OFF 0x00000001 +/*! @} */ + +/*! + * @defgroup rngosccntctlreg RNG Oscillator Counter Control Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngosccntctlreg */ +/*! @{ */ +/*! These bits are undefined or reserved. */ +#define RNGA_OSCCR_ZEROS_MASK 0xfffc0000 +/*! Bits containing clock cycle counter */ +#define RNGA_OSCCR_CLOCK_CYCLES_MASK 0x0003ffff +/*! Bits to shift right RNG_OSCCR_CLOCK_CYCLES_MASK */ +#define RNGA_OSCCR_CLOCK_CYCLES_SHIFT 0 +/*! @} */ + +/*! + * @defgroup rngosccntreg RNG Oscillator (1 and 2) Counter Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngosccntreg */ +/*! @{ */ +/*! These bits are undefined or reserved. */ +#define RNGA_COUNTER_ZEROS_MASK 0xfff00000 +/*! Bits containing number of clock pulses received from the oscillator. */ +#define RNGA_COUNTER_PULSES_MASK 0x000fffff +/*! Bits right to shift RNG_COUNTER_PULSES_MASK to make it LSB. */ +#define RNGA_COUNTER_PULSES_SHIFT 0 +/*! @} */ + +/*! + * @defgroup rngosccntstatreg RNG Oscillator Counter Status Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngosccntstatreg */ +/*! @{ */ +/*! These bits are undefined or reserved. */ +#define RNGA_COUNTER_STATUS_ZEROS_MASK 0xfffffffc +/*! Oscillator 2 has toggled 0x400 times */ +#define RNGA_COUNTER_STATUS_OSCILLATOR2 0x00000002 +/*! Oscillator 1 has toggled 0x400 times */ +#define RNGA_COUNTER_STATUS_OSCILLATOR1 0x00000001 +/*! @} */ + +#endif /* RNG_RNGA_H */ diff --git a/drivers/mxc/security/rng/include/rng_rngc.h b/drivers/mxc/security/rng/include/rng_rngc.h new file mode 100644 index 000000000000..d7b7f127f74c --- /dev/null +++ b/drivers/mxc/security/rng/include/rng_rngc.h @@ -0,0 +1,235 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ +/*! + * @file rng_rngc.h + * + * Definition of the registers for the RNGB and RNGC. The names start with + * RNGC where they are in common or relate only to the RNGC; the RNGB-only + * definitions begin with RNGB. + * + */ + +#ifndef RNG_RNGC_H +#define RNG_RNGC_H + +#define RNGC_VERSION_MAJOR3 3 + +/*! @defgroup rngcregs RNGB/RNGC Registers + * These are the definitions for the RNG registers and their offsets + * within the RNG. They are used in the @c register_offset parameter of + * #rng_read_register() and #rng_write_register(). + * + * @ingroup RNG + */ +/*! @addtogroup rngcregs */ +/*! @{ */ + +/*! RNGC Version ID Register R/W */ +#define RNGC_VERSION_ID 0x0000 +/*! RNGC Command Register R/W */ +#define RNGC_COMMAND 0x0004 +/*! RNGC Control Register R/W */ +#define RNGC_CONTROL 0x0008 +/*! RNGC Status Register R */ +#define RNGC_STATUS 0x000C +/*! RNGC Error Status Register R */ +#define RNGC_ERROR 0x0010 +/*! RNGC FIFO Register W */ +#define RNGC_FIFO 0x0014 +/*! Undefined */ +#define RNGC_UNDEF_18 0x0018 +/*! RNGB Entropy Register W */ +#define RNGB_ENTROPY 0x0018 +/*! Undefined */ +#define RNGC_UNDEF_1C 0x001C +/*! RNGC Verification Control Register1 R/W */ +#define RNGC_VERIFICATION_CONTROL 0x0020 +/*! Undefined */ +#define RNGC_UNDEF_24 0x0024 +/*! RNGB XKEY Data Register R */ +#define RNGB_XKEY 0x0024 +/*! RNGC Oscillator Counter Control Register1 R/W */ +#define RNGC_OSC_COUNTER_CONTROL 0x0028 +/*! RNGC Oscillator Counter Register1 R */ +#define RNGC_OSC_COUNTER 0x002C +/*! RNGC Oscillator Counter Status Register1 R */ +#define RNGC_OSC_COUNTER_STATUS 0x0030 +/*! @} */ + +/*! @defgroup rngcveridreg RNGB/RNGC Version ID Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngcveridreg */ +/*! @{ */ +/*! These bits are unimplemented or reserved */ +#define RNGC_VERID_ZEROS_MASK 0x0f000000 +/*! Mask for RNG TYPE */ +#define RNGC_VERID_RNG_TYPE_MASK 0xf0000000 +/*! Shift to make RNG TYPE be LSB */ +#define RNGC_VERID_RNG_TYPE_SHIFT 28 +/*! Mask for RNG Chip Version */ +#define RNGC_VERID_CHIP_VERSION_MASK 0x00ff0000 +/*! Shift to make RNG Chip version be LSB */ +#define RNGC_VERID_CHIP_VERSION_SHIFT 16 +/*! Mask for RNG Major Version */ +#define RNGC_VERID_VERSION_MAJOR_MASK 0x0000ff00 +/*! Shift to make RNG Major version be LSB */ +#define RNGC_VERID_VERSION_MAJOR_SHIFT 8 +/*! Mask for RNG Minor Version */ +#define RNGC_VERID_VERSION_MINOR_MASK 0x000000ff +/*! Shift to make RNG Minor version be LSB */ +#define RNGC_VERID_VERSION_MINOR_SHIFT 0 +/*! @} */ + +/*! @defgroup rngccommandreg RNGB/RNGC Command Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngccommandreg */ +/*! @{ */ +/*! These bits are unimplemented or reserved. */ +#define RNGC_COMMAND_ZEROS_MASK 0xffffff8c +/*! Perform a software reset of the RNGC. */ +#define RNGC_COMMAND_SOFTWARE_RESET 0x00000040 +/*! Clear error from Error Status register (and interrupt). */ +#define RNGC_COMMAND_CLEAR_ERROR 0x00000020 +/*! Clear interrupt & status. */ +#define RNGC_COMMAND_CLEAR_INTERRUPT 0x00000010 +/*! Start RNGC seed generation. */ +#define RNGC_COMMAND_SEED 0x00000002 +/*! Perform a self test of (and reset) the RNGC. */ +#define RNGC_COMMAND_SELF_TEST 0x00000001 +/*! @} */ + +/*! @defgroup rngccontrolreg RNGB/RNGC Control Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngccontrolreg */ +/*! @{ */ +/*! These bits are unimplemented or reserved */ +#define RNGC_CONTROL_ZEROS_MASK 0xfffffc8c +/*! Allow access to verification registers. */ +#define RNGC_CONTROL_CTL_ACC 0x00000200 +/*! Put RNGC into deterministic verifcation mode. */ +#define RNGC_CONTROL_VERIF_MODE 0x00000100 +/*! Prevent RNGC from generating interrupts caused by errors. */ +#define RNGC_CONTROL_MASK_ERROR 0x00000040 + +/*! + * Prevent RNGB/RNGC from generating interrupts after Seed Done or Self Test + * Mode completion. + */ +#define RNGC_CONTROL_MASK_DONE 0x00000020 +/*! Allow RNGC to generate a new seed whenever it is needed. */ +#define RNGC_CONTROL_AUTO_SEED 0x00000010 +/*! Set FIFO Underflow Response.*/ +#define RNGC_CONTROL_FIFO_UFLOW_MASK 0x00000003 +/*! Shift value to make FIFO Underflow Response be LSB. */ +#define RNGC_CONTROL_FIFO_UFLOW_SHIFT 0 + +/*! @} */ + +/*! @{ */ +/*! FIFO Underflow should cause ... */ +#define RNGC_CONTROL_FIFO_UFLOW_ZEROS_ERROR 0 +/*! FIFO Underflow should cause ... */ +#define RNGC_CONTROL_FIFO_UFLOW_ZEROS_ERROR2 1 +/*! FIFO Underflow should cause ... */ +#define RNGC_CONTROL_FIFO_UFLOW_BUS_XFR 2 +/*! FIFO Underflow should cause ... */ +#define RNGC_CONTROL_FIFO_UFLOW_ZEROS_INTR 3 +/*! @} */ + +/*! @defgroup rngcstatusreg RNGB/RNGC Status Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngcstatusreg */ +/*! @{ */ +/*! Unused or MBZ. */ +#define RNGC_STATUS_ZEROS_MASK 0x003e0080 +/*! + * Statistical tests pass-fail. Individual bits on indicate failure of a + * particular test. + */ +#define RNGC_STATUS_STAT_TEST_PF_MASK 0xff000000 +/*! Mask to get Statistical PF to be LSB. */ +#define RNGC_STATUS_STAT_TEST_PF_SHIFT 24 +/*! + * Self tests pass-fail. Individual bits on indicate failure of a + * particular test. + */ +#define RNGC_STATUS_ST_PF_MASK 0x00c00000 +/*! Shift value to get Self Test PF field to be LSB. */ +#define RNGC_STATUS_ST_PF_SHIFT 22 +/* TRNG Self test pass-fail */ +#define RNGC_STATUS_ST_PF_TRNG 0x00800000 +/* PRNG Self test pass-fail */ +#define RNGC_STATUS_ST_PF_PRNG 0x00400000 +/*! Error detected in RNGC. See Error Status register. */ +#define RNGC_STATUS_ERROR 0x00010000 +/*! Size of the internal FIFO in 32-bit words. */ +#define RNGC_STATUS_FIFO_SIZE_MASK 0x0000f000 +/*! Shift value to get FIFO Size to be LSB. */ +#define RNGC_STATUS_FIFO_SIZE_SHIFT 12 +/*! The level (available data) of the internal FIFO in 32-bit words. */ +#define RNGC_STATUS_FIFO_LEVEL_MASK 0x00000f00 +/*! Shift value to get FIFO Level to be LSB. */ +#define RNGC_STATUS_FIFO_LEVEL_SHIFT 8 +/*! A new seed is ready for use. */ +#define RNGC_STATUS_NEXT_SEED_DONE 0x00000040 +/*! The first seed has been generated. */ +#define RNGC_STATUS_SEED_DONE 0x00000020 +/*! Self Test has been completed. */ +#define RNGC_STATUS_ST_DONE 0x00000010 +/*! Reseed is necessary. */ +#define RNGC_STATUS_RESEED 0x00000008 +/*! RNGC is sleeping. */ +#define RNGC_STATUS_SLEEP 0x00000004 +/*! RNGC is currently generating numbers, seeding, generating next seed, or + performing a self test. */ +#define RNGC_STATUS_BUSY 0x00000002 +/*! RNGC is in secure state. */ +#define RNGC_STATUS_SEC_STATE 0x00000001 + +/*! @} */ + +/*! @defgroup rngcerrstatusreg RNGB/RNGC Error Status Register Definitions + * @ingroup RNG + */ +/*! @addtogroup rngcerrstatusreg */ +/*! @{ */ +/*! Unused or MBZ. */ +#define RNGC_ERROR_STATUS_ZEROS_MASK 0xffffff80 +/*! Bad Key Error Status */ +#define RNGC_ERROR_STATUS_BAD_KEY 0x00000040 +/*! Random Compare Error. Previous number matched the current number. */ +#define RNGC_ERROR_STATUS_RAND_ERR 0x00000020 +/*! FIFO Underflow. FIFO was read while empty. */ +#define RNGC_ERROR_STATUS_FIFO_ERR 0x00000010 +/*! Statistic Error Statistic Test failed for the last seed. */ +#define RNGC_ERROR_STATUS_STAT_ERR 0x00000008 +/*! Self-test error. Some self test has failed. */ +#define RNGC_ERROR_STATUS_ST_ERR 0x00000004 +/*! + * Oscillator Error. The oscillator may be broken. Clear by hard or soft + * reset. + */ +#define RNGC_ERROR_STATUS_OSC_ERR 0x00000002 +/*! LFSR Error. Clear by hard or soft reset. */ +#define RNGC_ERROR_STATUS_LFSR_ERR 0x00000001 + +/*! @} */ + +/*! Total address space of the RNGB/RNGC registers, in bytes */ +#define RNG_ADDRESS_RANGE 0x34 + +#endif /* RNG_RNGC_H */ diff --git a/drivers/mxc/security/rng/include/shw_driver.h b/drivers/mxc/security/rng/include/shw_driver.h new file mode 100644 index 000000000000..d529b4fe6e6b --- /dev/null +++ b/drivers/mxc/security/rng/include/shw_driver.h @@ -0,0 +1,2971 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU Lesser General + * Public License. You may obtain a copy of the GNU Lesser General + * Public License Version 2.1 or later at the following locations: + * + * http://www.opensource.org/licenses/lgpl-license.html + * http://www.gnu.org/copyleft/lgpl.html + */ + +#ifndef SHW_DRIVER_H +#define SHW_DRIVER_H + +/* This is a Linux flag meaning 'compiling kernel code'... */ +#ifndef __KERNEL__ +#include <inttypes.h> +#include <stdlib.h> +#include <sys/ioctl.h> +#include <memory.h> +#include <stdio.h> +#else +#include "../../sahara2/include/portable_os.h" +#endif /* __KERNEL__ */ + +#include "../../sahara2/include/fsl_platform.h" + +/*! @file shw_driver.h + * + * @brief Header file to use the SHW driver. + * + * The SHW driver is used in two modes: By a user, from the FSL SHW API in user + * space, which goes through /dev/fsl_shw to make open(), ioctl(), and close() + * calls; and by other kernel modules/drivers, which use the FSL SHW API, parts + * of which are supported directly by the SHW driver. + * + * Testing is performed by using the apitest and kernel api test routines + * developed for the Sahara2 driver. + */ +/*#define DIAG_SECURITY_FUNC*/ +/*! Perform a security function. */ +#define SHW_IOCTL_REQUEST 21 + +/* This definition may need a new name, and needs to go somewhere which + * can determine platform, kernel vs. user, os, etc. + */ +#define copy_bytes(out, in, len) memcpy(out, in, len) + + +/*! + * This is part of the IOCTL request type passed between kernel and user space. + * It is added to #SHW_IOCTL_REQUEST to generate the actual value. + */ +typedef enum shw_user_request_t { + SHW_USER_REQ_REGISTER_USER, /*!< Initialize user-kernel discussion. */ + SHW_USER_REQ_DEREGISTER_USER, /*!< Terminate user-kernel discussion. */ + SHW_USER_REQ_GET_RESULTS, /*!< Get information on outstanding + results. */ + SHW_USER_REQ_GET_CAPABILITIES, /*!< Get information on hardware support. */ + SHW_USER_REQ_GET_RANDOM, /*!< Get random data from RNG. */ + SHW_USER_REQ_ADD_ENTROPY, /*!< Add entropy to hardware RNG. */ + SHW_USER_REQ_DROP_PERMS, /*!< Diminish the permissions of a block of + secure memory */ + SHW_USER_REQ_SSTATUS, /*!< Check the status of a block of secure + memory */ + SHW_USER_REQ_SFREE, /*!< Free a block of secure memory */ + SHW_USER_REQ_SCC_ENCRYPT, /*!< Encrypt a region of user-owned secure + memory */ + SHW_USER_REQ_SCC_DECRYPT, /*!< Decrypt a region of user-owned secure + memory */ +} shw_user_request_t; + + +/*! + * @typedef scc_partition_status_t + */ +/** Partition status information. */ +typedef enum fsl_shw_partition_status_t { + FSL_PART_S_UNUSABLE, /*!< Partition not implemented */ + FSL_PART_S_UNAVAILABLE, /*!< Partition owned by other host */ + FSL_PART_S_AVAILABLE, /*!< Partition available */ + FSL_PART_S_ALLOCATED, /*!< Partition owned by host but not engaged + */ + FSL_PART_S_ENGAGED, /*!< Partition owned by host and engaged */ +} fsl_shw_partition_status_t; + + +/* + * Structure passed during user ioctl() calls to manage secure partitions. + */ +typedef struct scc_partition_info_t { + uint32_t user_base; /*!< Userspace pointer to base of partition */ + uint32_t permissions; /*!< Permissions to give the partition (only + used in call to _DROP_PERMS) */ + fsl_shw_partition_status_t status; /*!< Status of the partition */ +} scc_partition_info_t; + + +/****************************************************************************** + * Enumerations + *****************************************************************************/ +/*! + * Flags for the state of the User Context Object (#fsl_shw_uco_t). + */ +typedef enum fsl_shw_user_ctx_flags_t +{ + /*! + * API will block the caller until operation completes. The result will be + * available in the return code. If this is not set, user will have to get + * results using #fsl_shw_get_results(). + */ + FSL_UCO_BLOCKING_MODE = 0x01, + /*! + * User wants callback (at the function specified with + * #fsl_shw_uco_set_callback()) when the operation completes. This flag is + * valid only if #FSL_UCO_BLOCKING_MODE is not set. + */ + FSL_UCO_CALLBACK_MODE = 0x02, + /*! Do not free descriptor chain after driver (adaptor) finishes */ + FSL_UCO_SAVE_DESC_CHAIN = 0x04, + /*! + * User has made at least one request with callbacks requested, so API is + * ready to handle others. + */ + FSL_UCO_CALLBACK_SETUP_COMPLETE = 0x08, + /*! + * (virtual) pointer to descriptor chain is completely linked with physical + * (DMA) addresses, ready for the hardware. This flag should not be used + * by FSL SHW API programs. + */ + FSL_UCO_CHAIN_PREPHYSICALIZED = 0x10, + /*! + * The user has changed the context but the changes have not been copied to + * the kernel driver. + */ + FSL_UCO_CONTEXT_CHANGED = 0x20, + /*! Internal Use. This context belongs to a user-mode API user. */ + FSL_UCO_USERMODE_USER = 0x40, +} fsl_shw_user_ctx_flags_t; + + +/*! + * Return code for FSL_SHW library. + * + * These codes may be returned from a function call. In non-blocking mode, + * they will appear as the status in a Result Object. + */ +/* REQ-FSLSHW-ERR-001 */ +typedef enum fsl_shw_return_t +{ + /*! + * No error. As a function return code in Non-blocking mode, this may + * simply mean that the operation was accepted for eventual execution. + */ + FSL_RETURN_OK_S = 0, + /*! Failure for non-specific reason. */ + FSL_RETURN_ERROR_S, + /*! + * Operation failed because some resource was not able to be allocated. + */ + FSL_RETURN_NO_RESOURCE_S, + /*! Crypto algorithm unrecognized or improper. */ + FSL_RETURN_BAD_ALGORITHM_S, + /*! Crypto mode unrecognized or improper. */ + FSL_RETURN_BAD_MODE_S, + /*! Flag setting unrecognized or inconsistent. */ + FSL_RETURN_BAD_FLAG_S, + /*! Improper or unsupported key length for algorithm. */ + FSL_RETURN_BAD_KEY_LENGTH_S, + /*! Improper parity in a (DES, TDES) key. */ + FSL_RETURN_BAD_KEY_PARITY_S, + /*! + * Improper or unsupported data length for algorithm or internal buffer. + */ + FSL_RETURN_BAD_DATA_LENGTH_S, + /*! Authentication / Integrity Check code check failed. */ + FSL_RETURN_AUTH_FAILED_S, + /*! A memory error occurred. */ + FSL_RETURN_MEMORY_ERROR_S, + /*! An error internal to the hardware occurred. */ + FSL_RETURN_INTERNAL_ERROR_S, + /*! ECC detected Point at Infinity */ + FSL_RETURN_POINT_AT_INFINITY_S, + /*! ECC detected No Point at Infinity */ + FSL_RETURN_POINT_NOT_AT_INFINITY_S, + /*! GCD is One */ + FSL_RETURN_GCD_IS_ONE_S, + /*! GCD is not One */ + FSL_RETURN_GCD_IS_NOT_ONE_S, + /*! Candidate is Prime */ + FSL_RETURN_PRIME_S, + /*! Candidate is not Prime */ + FSL_RETURN_NOT_PRIME_S, + /*! N register loaded improperly with even value */ + FSL_RETURN_EVEN_MODULUS_ERROR_S, + /*! Divisor is zero. */ + FSL_RETURN_DIVIDE_BY_ZERO_ERROR_S, + /*! Bad Exponent or Scalar value for Point Multiply */ + FSL_RETURN_BAD_EXPONENT_ERROR_S, + /*! RNG hardware problem. */ + FSL_RETURN_OSCILLATOR_ERROR_S, + /*! RNG hardware problem. */ + FSL_RETURN_STATISTICS_ERROR_S, +} fsl_shw_return_t; + + +/*! + * Algorithm Identifier. + * + * Selection of algorithm will determine how large the block size of the + * algorithm is. Context size is the same length unless otherwise specified. + * Selection of algorithm also affects the allowable key length. + */ +typedef enum fsl_shw_key_alg_t +{ + /*! + * Key will be used to perform an HMAC. Key size is 1 to 64 octets. Block + * size is 64 octets. + */ + FSL_KEY_ALG_HMAC, + /*! + * Advanced Encryption Standard (Rijndael). Block size is 16 octets. Key + * size is 16 octets. (The single choice of key size is a Sahara platform + * limitation.) + */ + FSL_KEY_ALG_AES, + /*! + * Data Encryption Standard. Block size is 8 octets. Key size is 8 + * octets. + */ + FSL_KEY_ALG_DES, + /*! + * 2- or 3-key Triple DES. Block size is 8 octets. Key size is 16 octets + * for 2-key Triple DES, and 24 octets for 3-key. + */ + FSL_KEY_ALG_TDES, + /*! + * ARC4. No block size. Context size is 259 octets. Allowed key size is + * 1-16 octets. (The choices for key size are a Sahara platform + * limitation.) + */ + FSL_KEY_ALG_ARC4, +} fsl_shw_key_alg_t; + + +/*! + * Mode selector for Symmetric Ciphers. + * + * The selection of mode determines how a cryptographic algorithm will be + * used to process the plaintext or ciphertext. + * + * For all modes which are run block-by-block (that is, all but + * #FSL_SYM_MODE_STREAM), any partial operations must be performed on a text + * length which is multiple of the block size. Except for #FSL_SYM_MODE_CTR, + * these block-by-block algorithms must also be passed a total number of octets + * which is a multiple of the block size. + * + * In modes which require that the total number of octets of data be a multiple + * of the block size (#FSL_SYM_MODE_ECB and #FSL_SYM_MODE_CBC), and the user + * has a total number of octets which are not a multiple of the block size, the + * user must perform any necessary padding to get to the correct data length. + */ +typedef enum fsl_shw_sym_mode_t +{ + /*! + * Stream. There is no associated block size. Any request to process data + * may be of any length. This mode is only for ARC4 operations, and is + * also the only mode used for ARC4. + */ + FSL_SYM_MODE_STREAM, + + /*! + * Electronic Codebook. Each block of data is encrypted/decrypted. The + * length of the data stream must be a multiple of the block size. This + * mode may be used for DES, 3DES, and AES. The block size is determined + * by the algorithm. + */ + FSL_SYM_MODE_ECB, + /*! + * Cipher-Block Chaining. Each block of data is encrypted/decrypted and + * then "chained" with the previous block by an XOR function. Requires + * context to start the XOR (previous block). This mode may be used for + * DES, 3DES, and AES. The block size is determined by the algorithm. + */ + FSL_SYM_MODE_CBC, + /*! + * Counter. The counter is encrypted, then XORed with a block of data. + * The counter is then incremented (using modulus arithmetic) for the next + * block. The final operation may be non-multiple of block size. This mode + * may be used for AES. The block size is determined by the algorithm. + */ + FSL_SYM_MODE_CTR, +} fsl_shw_sym_mode_t; + + +/*! + * Algorithm selector for Cryptographic Hash functions. + * + * Selection of algorithm determines how large the context and digest will be. + * Context is the same size as the digest (resulting hash), unless otherwise + * specified. + */ +typedef enum fsl_shw_hash_alg_t +{ + FSL_HASH_ALG_MD5, /*!< MD5 algorithm. Digest is 16 octets. */ + FSL_HASH_ALG_SHA1, /*!< SHA-1 (aka SHA or SHA-160) algorithm. + Digest is 20 octets. */ + FSL_HASH_ALG_SHA224, /*!< SHA-224 algorithm. Digest is 28 octets, + though context is 32 octets. */ + FSL_HASH_ALG_SHA256 /*!< SHA-256 algorithm. Digest is 32 + octets. */ +} fsl_shw_hash_alg_t; + + +/*! + * The type of Authentication-Cipher function which will be performed. + */ +typedef enum fsl_shw_acc_mode_t +{ + /*! + * CBC-MAC for Counter. Requires context and modulus. Final operation may + * be non-multiple of block size. This mode may be used for AES. + */ + FSL_ACC_MODE_CCM, + /*! + * SSL mode. Not supported. Combines HMAC and encrypt (or decrypt). + * Needs one key object for encryption, another for the HMAC. The usual + * hashing and symmetric encryption algorithms are supported. + */ + FSL_ACC_MODE_SSL +} fsl_shw_acc_mode_t; + + +/* REQ-FSLSHW-PINTFC-COA-HCO-001 */ +/*! + * Flags which control a Hash operation. + */ +typedef enum fsl_shw_hash_ctx_flags_t +{ + FSL_HASH_FLAGS_INIT = 0x01, /*!< Context is empty. Hash is started + from scratch, with a message-processed + count of zero. */ + FSL_HASH_FLAGS_SAVE = 0x02, /*!< Retrieve context from hardware after + hashing. If used with the + #FSL_HASH_FLAGS_FINALIZE flag, the final + digest value will be saved in the + object. */ + FSL_HASH_FLAGS_LOAD = 0x04, /*!< Place context into hardware before + hashing. */ + FSL_HASH_FLAGS_FINALIZE = 0x08, /*!< PAD message and perform final digest + operation. If user message is + pre-padded, this flag should not be + used. */ +} fsl_shw_hash_ctx_flags_t; + + +/*! + * Flags which control an HMAC operation. + * + * These may be combined by ORing them together. See #fsl_shw_hmco_set_flags() + * and #fsl_shw_hmco_clear_flags(). + */ +typedef enum fsl_shw_hmac_ctx_flags_t +{ + FSL_HMAC_FLAGS_INIT = 1, /**< Message context is empty. HMAC is + started from scratch (with key) or from + precompute of inner hash, depending on + whether + #FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT is + set. */ + FSL_HMAC_FLAGS_SAVE = 2, /**< Retrieve ongoing context from hardware + after hashing. If used with the + #FSL_HMAC_FLAGS_FINALIZE flag, the final + digest value (HMAC) will be saved in the + object. */ + FSL_HMAC_FLAGS_LOAD = 4, /**< Place ongoing context into hardware + before hashing. */ + FSL_HMAC_FLAGS_FINALIZE = 8, /**< PAD message and perform final HMAC + operations of inner and outer hashes. */ + FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT = 16 /**< This means that the context + contains precomputed inner and outer + hash values. */ +} fsl_shw_hmac_ctx_flags_t; + + +/** + * Flags to control use of the #fsl_shw_scco_t. + * + * These may be ORed together to get the desired effect. + * See #fsl_shw_scco_set_flags() and #fsl_shw_scco_clear_flags() + */ +typedef enum fsl_shw_sym_ctx_flags_t +{ + /** + * Context is empty. In ARC4, this means that the S-Box needs to be + * generated from the key. In #FSL_SYM_MODE_CBC mode, this allows an IV of + * zero to be specified. In #FSL_SYM_MODE_CTR mode, it means that an + * initial CTR value of zero is desired. + */ + FSL_SYM_CTX_INIT = 1, + /** + * Load context from object into hardware before running cipher. In + * #FSL_SYM_MODE_CTR mode, this would refer to the Counter Value. + */ + FSL_SYM_CTX_LOAD = 2, + /** + * Save context from hardware into object after running cipher. In + * #FSL_SYM_MODE_CTR mode, this would refer to the Counter Value. + */ + FSL_SYM_CTX_SAVE = 4, + /** + * Context (SBox) is to be unwrapped and wrapped on each use. + * This flag is unsupported. + * */ + FSL_SYM_CTX_PROTECT = 8, +} fsl_shw_sym_ctx_flags_t; + + +/** + * Flags which describe the state of the #fsl_shw_sko_t. + * + * These may be ORed together to get the desired effect. + * See #fsl_shw_sko_set_flags() and #fsl_shw_sko_clear_flags() + */ +typedef enum fsl_shw_key_flags_t +{ + FSL_SKO_KEY_IGNORE_PARITY = 1, /*!< If algorithm is DES or 3DES, do not + validate the key parity bits. */ + FSL_SKO_KEY_PRESENT = 2, /*!< Clear key is present in the object. */ + FSL_SKO_KEY_ESTABLISHED = 4, /*!< Key has been established for use. This + feature is not available for all + platforms, nor for all algorithms and + modes.*/ + FSL_SKO_USE_SECRET_KEY = 8, /*!< Use device-unique key. Not always + available. */ + FSL_SKO_KEY_SW_KEY = 16, /*!< Clear key can be provided to the user */ + FSL_SKO_KEY_SELECT_PF_KEY = 32, /*!< Internal flag to show that this key + references one of the hardware keys, and + its value is in pf_key. */ +} fsl_shw_key_flags_t; + + +/** + * Type of value which is associated with an established key. + */ +typedef uint64_t key_userid_t; + + +/** + * Flags which describe the state of the #fsl_shw_acco_t. + * + * The @a FSL_ACCO_CTX_INIT and @a FSL_ACCO_CTX_FINALIZE flags, when used + * together, provide for a one-shot operation. + */ +typedef enum fsl_shw_auth_ctx_flags_t +{ + FSL_ACCO_CTX_INIT = 1, /**< Initialize Context(s) */ + FSL_ACCO_CTX_LOAD = 2, /**< Load intermediate context(s). + This flag is unsupported. */ + FSL_ACCO_CTX_SAVE = 4, /**< Save intermediate context(s). + This flag is unsupported. */ + FSL_ACCO_CTX_FINALIZE = 8, /**< Create MAC during this operation. */ + FSL_ACCO_NIST_CCM = 0x10, /**< Formatting of CCM input data is + performed by calls to + #fsl_shw_ccm_nist_format_ctr_and_iv() and + #fsl_shw_ccm_nist_update_ctr_and_iv(). */ +} fsl_shw_auth_ctx_flags_t; + + +/** + * The operation which controls the behavior of #fsl_shw_establish_key(). + * + * These values are passed to #fsl_shw_establish_key(). + */ +typedef enum fsl_shw_key_wrap_t +{ + FSL_KEY_WRAP_CREATE, /**< Generate a key from random values. */ + FSL_KEY_WRAP_ACCEPT, /**< Use the provided clear key. */ + FSL_KEY_WRAP_UNWRAP /**< Unwrap a previously wrapped key. */ +} fsl_shw_key_wrap_t; + + +/** + * Modulus Selector for CTR modes. + * + * The incrementing of the Counter value may be modified by a modulus. If no + * modulus is needed or desired for AES, use #FSL_CTR_MOD_128. + */ +typedef enum fsl_shw_ctr_mod_t +{ + FSL_CTR_MOD_8, /**< Run counter with modulus of 2^8. */ + FSL_CTR_MOD_16, /**< Run counter with modulus of 2^16. */ + FSL_CTR_MOD_24, /**< Run counter with modulus of 2^24. */ + FSL_CTR_MOD_32, /**< Run counter with modulus of 2^32. */ + FSL_CTR_MOD_40, /**< Run counter with modulus of 2^40. */ + FSL_CTR_MOD_48, /**< Run counter with modulus of 2^48. */ + FSL_CTR_MOD_56, /**< Run counter with modulus of 2^56. */ + FSL_CTR_MOD_64, /**< Run counter with modulus of 2^64. */ + FSL_CTR_MOD_72, /**< Run counter with modulus of 2^72. */ + FSL_CTR_MOD_80, /**< Run counter with modulus of 2^80. */ + FSL_CTR_MOD_88, /**< Run counter with modulus of 2^88. */ + FSL_CTR_MOD_96, /**< Run counter with modulus of 2^96. */ + FSL_CTR_MOD_104, /**< Run counter with modulus of 2^104. */ + FSL_CTR_MOD_112, /**< Run counter with modulus of 2^112. */ + FSL_CTR_MOD_120, /**< Run counter with modulus of 2^120. */ + FSL_CTR_MOD_128 /**< Run counter with modulus of 2^128. */ +} fsl_shw_ctr_mod_t; + + +/** + * A work type associated with a work/result queue request. + */ +typedef enum shw_work_type_t +{ + SHW_WORK_GET_RANDOM = 1, /**< fsl_shw_get_random() request. */ + SHW_WORK_ADD_RANDOM, /**< fsl_shw_add_entropy() request. */ +} shw_work_type_t; + + +/** + * Permissions flags for Secure Partitions + */ +typedef enum fsl_shw_permission_t +{ +/** SCM Access Permission: Do not zeroize/deallocate partition on SMN Fail state */ + FSL_PERM_NO_ZEROIZE = 0x80000000, +/** SCM Access Permission: Enforce trusted key read in */ + FSL_PERM_TRUSTED_KEY_READ = 0x40000000, +/** SCM Access Permission: Ignore Supervisor/User mode in permission determination */ + FSL_PERM_HD_S = 0x00000800, +/** SCM Access Permission: Allow Read Access to Host Domain */ + FSL_PERM_HD_R = 0x00000400, +/** SCM Access Permission: Allow Write Access to Host Domain */ + FSL_PERM_HD_W = 0x00000200, +/** SCM Access Permission: Allow Execute Access to Host Domain */ + FSL_PERM_HD_X = 0x00000100, +/** SCM Access Permission: Allow Read Access to Trusted Host Domain */ + FSL_PERM_TH_R = 0x00000040, +/** SCM Access Permission: Allow Write Access to Trusted Host Domain */ + FSL_PERM_TH_W = 0x00000020, +/** SCM Access Permission: Allow Read Access to Other/World Domain */ + FSL_PERM_OT_R = 0x00000004, +/** SCM Access Permission: Allow Write Access to Other/World Domain */ + FSL_PERM_OT_W = 0x00000002, +/** SCM Access Permission: Allow Execute Access to Other/World Domain */ + FSL_PERM_OT_X = 0x00000001, +} fsl_shw_permission_t; + +/*! + * Select the cypher mode to use for partition cover/uncover operations. + * + * They currently map directly to the values used in the SCC2 driver, but this + * is not guarinteed behavior. + */ +typedef enum fsl_shw_cypher_mode_t +{ + FSL_SHW_CYPHER_MODE_ECB = 1, /*!< ECB mode */ + FSL_SHW_CYPHER_MODE_CBC = 2, /*!< CBC mode */ +} fsl_shw_cypher_mode_t; + +/*! + * Which platform key should be presented for cryptographic use. + */ +typedef enum fsl_shw_pf_key_t { + FSL_SHW_PF_KEY_IIM, /*!< Present fused IIM key */ + FSL_SHW_PF_KEY_PRG, /*!< Present Program key */ + FSL_SHW_PF_KEY_IIM_PRG, /*!< Present IIM ^ Program key */ + FSL_SHW_PF_KEY_IIM_RND, /*!< Present Random key */ + FSL_SHW_PF_KEY_RND, /*!< Present IIM ^ Random key */ +} fsl_shw_pf_key_t; + +/*! + * The various security tamper events + */ +typedef enum fsl_shw_tamper_t { + FSL_SHW_TAMPER_NONE, /*!< No error detected */ + FSL_SHW_TAMPER_WTD, /*!< wire-mesh tampering det */ + FSL_SHW_TAMPER_ETBD, /*!< ext tampering det: input B */ + FSL_SHW_TAMPER_ETAD, /*!< ext tampering det: input A */ + FSL_SHW_TAMPER_EBD, /*!< external boot detected */ + FSL_SHW_TAMPER_SAD, /*!< security alarm detected */ + FSL_SHW_TAMPER_TTD, /*!< temperature tampering det */ + FSL_SHW_TAMPER_CTD, /*!< clock tampering det */ + FSL_SHW_TAMPER_VTD, /*!< voltage tampering det */ + FSL_SHW_TAMPER_MCO, /*!< monotonic counter overflow */ + FSL_SHW_TAMPER_TCO, /*!< time counter overflow */ +} fsl_shw_tamper_t; + +/* + * Structure passed during user ioctl() calls to manage data stored in secure + * partitions. + */ + +typedef struct scc_region_t { + uint32_t partition_base; /*!< Base address of partition */ + uint32_t offset; /*!< Byte offset into partition */ + uint32_t length; /*!< Number of bytes in request */ + uint8_t *black_data; /*!< Address of cipher text */ + uint64_t owner_id; /*!< user's secret */ + fsl_shw_cypher_mode_t cypher_mode; /*!< ECB or CBC */ + uint32_t IV[4]; /*!< IV for CBC mode */ +} scc_region_t; + +/****************************************************************************** + * Data Structures + *****************************************************************************/ + +/** + * Initialization Object + */ +typedef struct fsl_sho_ibo +{ +} fsl_sho_ibo_t; + + +/** + * Common Entry structure for work queues, results queues. + */ +typedef struct shw_queue_entry_t { + struct shw_queue_entry_t* next; /**< Next entry in queue. */ + struct fsl_shw_uco_t* user_ctx; /**< Associated user context. */ + uint32_t flags; /**< User context flags at time of request. */ + void (*callback)(struct fsl_shw_uco_t* uco); /**< Any callback request. */ + uint32_t user_ref; /**< User's reference for this request. */ + fsl_shw_return_t code; /**< FSL SHW result of this operation. */ + uint32_t detail1; /**< Any extra error info. */ + uint32_t detail2; /**< More any extra error info. */ + void* user_mode_req; /**< Pointer into user space. */ + uint32_t (*postprocess)(struct shw_queue_entry_t* q); /**< (internal) + function to call + when this operation + completes. + */ +} shw_queue_entry_t; + + +/** + * A queue. Fields must be initialized to NULL before use. + */ +typedef struct shw_queue_t +{ + struct shw_queue_entry_t* head; /**< First entry in queue. */ + struct shw_queue_entry_t* tail; /**< Last entry. */ +} shw_queue_t; + + +/** + * Secure Partition information + */ +typedef struct fsl_shw_spo_t +{ + uint32_t user_base; + void* kernel_base; + struct fsl_shw_spo_t* next; +} fsl_shw_spo_t; + + +/* REQ-FSLSHW-PINTFC-COA-UCO-001 */ +/** + * User Context Object + */ +typedef struct fsl_shw_uco_t +{ + int openfd; /**< user-mode file descriptor */ + uint32_t user_ref; /**< User's reference */ + void (*callback)(struct fsl_shw_uco_t* uco); /**< User's callback fn */ + uint32_t flags; /**< from fsl_shw_user_ctx_flags_t */ + unsigned pool_size; /**< maximum size of user result pool */ +#ifdef __KERNEL__ + shw_queue_t result_pool; /**< where non-blocking results go */ + os_process_handle_t process; /**< remember for signalling User mode */ + fsl_shw_spo_t* partition; /**< chain of secure partitions owned by + the user */ +#endif + struct fsl_shw_uco_t* next; /**< To allow user-mode chaining of contexts, + for signalling and in kernel, to link user + contexts. */ + fsl_shw_pf_key_t wrap_key; /*!< What key for ciphering T */ +} fsl_shw_uco_t; + + +/* REQ-FSLSHW-PINTFC-API-GEN-006 ?? */ +/** + * Result object + */ +typedef struct fsl_shw_result_t +{ + uint32_t user_ref; /**< User's reference at time of request. */ + fsl_shw_return_t code; /**< Return code from request. */ + uint32_t detail1; /**< Extra error info. Unused in SHW driver. */ + uint32_t detail2; /**< Extra error info. Unused in SHW driver. */ + void* user_req; /**< Pointer to original user request. */ +} fsl_shw_result_t; + + +/** + * Keystore Object + */ +typedef struct fsl_shw_kso_t +{ +#ifdef __KERNEL__ + os_lock_t lock; /**< Pointer to lock that controls access to + the keystore. */ +#endif + void* user_data; /**< Pointer to user structure that handles + the internals of the keystore. */ + fsl_shw_return_t (*data_init) (fsl_shw_uco_t* user_ctx, + void** user_data); + void (*data_cleanup) (fsl_shw_uco_t* user_ctx, + void** user_data); + fsl_shw_return_t (*slot_verify_access)(void* user_data, uint64_t owner_id, + uint32_t slot); + fsl_shw_return_t (*slot_alloc) (void* user_data, uint32_t size_bytes, + uint64_t owner_id, uint32_t* slot); + fsl_shw_return_t (*slot_dealloc) (void* user_data, + uint64_t owner_id, uint32_t slot); + void* (*slot_get_address) (void* user_data, uint32_t slot); + uint32_t (*slot_get_base) (void* user_data, uint32_t slot); + uint32_t (*slot_get_offset) (void* user_data, uint32_t slot); + uint32_t (*slot_get_slot_size) (void* user_data, uint32_t slot); +} fsl_shw_kso_t; + + +/* REQ-FSLSHW-PINTFC-COA-SKO-001 */ +/** + * Secret Key Context Object + */ +typedef struct fsl_shw_sko_t +{ + uint32_t flags; /**< Flags from #fsl_shw_sym_ctx_flags_t. */ + fsl_shw_key_alg_t algorithm; /**< Algorithm for this key. */ + key_userid_t userid; /**< User's identifying value for Black key. */ + uint32_t handle; /**< Reference in SCC driver for Red key. */ + uint16_t key_length; /**< Length of stored key, in bytes. */ + uint8_t key[64]; /**< Bytes of stored key. */ + struct fsl_shw_kso_t* keystore; /**< If present, key is in keystore */ + fsl_shw_pf_key_t pf_key; /*!< What key to select for use when this key + is doing ciphering. If FSL_SHW_PF_KEY_PRG + or FSL_SHW_PF_KEY_PRG_IIM is the value, then + a 'present' or 'established' key will be + programed into the PK. */ +} fsl_shw_sko_t; + + +/* REQ-FSLSHW-PINTFC-COA-CO-001 */ +/** + * Platform Capability Object + * + * Pointer to this structure is returned by fsl_shw_get_capabilities() and + * queried with the various fsl_shw_pco_() functions. + */ +typedef struct fsl_shw_pco_t +{ + int api_major; /**< Major version number for API. */ + int api_minor; /**< Minor version number for API. */ + int driver_major; /**< Major version of some driver. */ + int driver_minor; /**< Minor version of some driver. */ + unsigned sym_algorithm_count; /**< Number of sym_algorithms. */ + fsl_shw_key_alg_t* sym_algorithms; /**< Pointer to array. */ + unsigned sym_mode_count; /**< Number of sym_modes. */ + fsl_shw_sym_mode_t* sym_modes; /**< Pointer to array. */ + unsigned hash_algorithm_count; /**< Number of hash_algorithms. */ + fsl_shw_hash_alg_t* hash_algorithms; /**< Pointer to array */ + uint8_t sym_support[5][4]; /**< indexed by key alg then mode */ + + int scc_driver_major; + int scc_driver_minor; + int scm_version; /**< Version from SCM Configuration register */ + int smn_version; /**< Version from SMN Status register */ + int block_size_bytes; /**< Number of bytes per block of RAM; also + block size of the crypto algorithm. */ + union { + struct scc_info { + int black_ram_size_blocks; /**< Number of blocks of Black RAM */ + int red_ram_size_blocks; /**< Number of blocks of Red RAM */ + } scc_info; + struct scc2_info { + int partition_size_bytes; /**< Number of bytes in each partition */ + int partition_count; /**< Number of partitions on this platform */ + } scc2_info; + } u; +} fsl_shw_pco_t; + + +/* REQ-FSLSHW-PINTFC-COA-HCO-001 */ +/** + * Hash Context Object + */ +typedef struct fsl_shw_hco_t /* fsl_shw_hash_context_object */ +{ + fsl_shw_hash_alg_t algorithm; /**< Algorithm for this context. */ + uint32_t flags; /**< Flags from + #fsl_shw_hash_ctx_flags_t. */ + uint8_t digest_length; /**< hash result length in bytes */ + uint8_t context_length; /**< Context length in bytes */ + uint8_t context_register_length; /**< in bytes */ + uint32_t context[9]; /**< largest digest + msg size */ +} fsl_shw_hco_t; + + +/* REQ-FSLSHW-PINTFC-COA-HCO-001 */ +/** + * HMAC Context Object + */ +typedef struct fsl_shw_hmco_t /* fsl_shw_hmac_context_object */ +{ + fsl_shw_hash_alg_t algorithm; /**< Hash algorithm for the HMAC. */ + uint32_t flags; /**< Flags from + #fsl_shw_hmac_ctx_flags_t. */ + uint8_t digest_length; /**< in bytes */ + uint8_t context_length; /**< in bytes */ + uint8_t context_register_length; /**< in bytes */ + uint32_t ongoing_context[9]; /**< largest digest + msg + size */ + uint32_t inner_precompute[9]; /**< largest digest + msg + size */ + uint32_t outer_precompute[9]; /**< largest digest + msg + size */ +} fsl_shw_hmco_t; + + +/* REQ-FSLSHW-PINTFC-COA-SCCO-001 */ +/** + * Symmetric Crypto Context Object Context Object + */ +typedef struct fsl_shw_scco_t +{ + uint32_t flags; /**< Flags from #fsl_shw_sym_ctx_flags_t. */ + unsigned block_size_bytes; /**< Both block and ctx size */ + fsl_shw_sym_mode_t mode; /**< Symmetric mode for this context. */ + /* Could put modulus plus 16-octet context in union with arc4 + sbox+ptrs... */ + fsl_shw_ctr_mod_t modulus_exp; /**< Exponent value for CTR modulus */ + uint8_t context[8]; /**< Stored context. Large enough + for 3DES. */ +} fsl_shw_scco_t; + + +/** + * Authenticate-Cipher Context Object + + * An object for controlling the function of, and holding information about, + * data for the authenticate-cipher functions, #fsl_shw_gen_encrypt() and + * #fsl_shw_auth_decrypt(). + */ +typedef struct fsl_shw_acco_t +{ + uint32_t flags; /**< See #fsl_shw_auth_ctx_flags_t for + meanings */ + fsl_shw_acc_mode_t mode; /**< CCM only */ + uint8_t mac_length; /**< User's value for length */ + unsigned q_length; /**< NIST parameter - */ + fsl_shw_scco_t cipher_ctx_info; /**< For running + encrypt/decrypt. */ + union { + fsl_shw_scco_t CCM_ctx_info; /**< For running the CBC in + AES-CCM. */ + fsl_shw_hco_t hash_ctx_info; /**< For running the hash */ + } auth_info; /**< "auth" info struct */ + uint8_t unencrypted_mac[16]; /**< max block size... */ +} fsl_shw_acco_t; + + +/** + * Common header in request structures between User-mode API and SHW driver. + */ +struct shw_req_header { + uint32_t flags; /**< Flags - from user-mode context. */ + uint32_t user_ref; /**< Reference - from user-mode context. */ + fsl_shw_return_t code; /**< Result code for operation. */ +}; + +/** + * Used by user-mode API to retrieve completed non-blocking results in + * SHW_USER_REQ_GET_RESULTS ioctl(). + */ +struct results_req { + struct shw_req_header hdr; /**< Boilerplate. */ + unsigned requested; /**< number of results requested, */ + unsigned actual; /**< number of results obtained. */ + fsl_shw_result_t *results; /**< pointer to memory to hold results. */ +}; + + +/** + * Used by user-mode API to retrieve hardware capabilities in + * SHW_USER_REQ_GET_CAPABILITIES ioctl(). + */ +struct capabilities_req { + struct shw_req_header hdr; /**< Boilerplate. */ + unsigned size; /**< Size, in bytes, capabilities. */ + fsl_shw_pco_t* capabilities; /**< Place to copy out the info. */ +}; + + +/** + * Used by user-mode API to get a random number + */ +struct get_random_req { + struct shw_req_header hdr; /**< Boilerplate. */ + unsigned size; /**< Size, in bytes, of random. */ + uint8_t* random; /**< Place to copy out the random number. */ +}; + + +/** + * Used by API to add entropy to a random number generator + */ +struct add_entropy_req { + struct shw_req_header hdr; /**< Boilerplate. */ + unsigned size; /**< Size, in bytes, of entropy. */ + uint8_t* entropy; /**< Location of the entropy to be added. */ +}; + + +/****************************************************************************** + * External variables + *****************************************************************************/ +#ifdef __KERNEL__ +extern os_lock_t shw_queue_lock; + +extern fsl_shw_uco_t* user_list; +#endif + + +/****************************************************************************** + * Access Macros for Objects + *****************************************************************************/ +/** + * Get FSL SHW API version + * + * @param pcobject The Platform Capababilities Object to query. + * @param[out] pcmajor A pointer to where the major version + * of the API is to be stored. + * @param[out] pcminor A pointer to where the minor version + * of the API is to be stored. + */ +#define fsl_shw_pco_get_version(pcobject, pcmajor, pcminor) \ +do { \ + *(pcmajor) = (pcobject)->api_major; \ + *(pcminor) = (pcobject)->api_minor; \ +} while (0) + + +/** + * Get underlying driver version. + * + * @param pcobject The Platform Capababilities Object to query. + * @param[out] pcmajor A pointer to where the major version + * of the driver is to be stored. + * @param[out] pcminor A pointer to where the minor version + * of the driver is to be stored. + */ +#define fsl_shw_pco_get_driver_version(pcobject, pcmajor, pcminor) \ +do { \ + *(pcmajor) = (pcobject)->driver_major; \ + *(pcminor) = (pcobject)->driver_minor; \ +} while (0) + + +/** + * Get list of symmetric algorithms supported. + * + * @param pcobject The Platform Capababilities Object to query. + * @param[out] pcalgorithms A pointer to where to store the location of + * the list of algorithms. + * @param[out] pcacount A pointer to where to store the number of + * algorithms in the list at @a algorithms. + */ +#define fsl_shw_pco_get_sym_algorithms(pcobject, pcalgorithms, pcacount) \ +do { \ + *(pcalgorithms) = (pcobject)->sym_algorithms; \ + *(pcacount) = (pcobject)->sym_algorithm_count; \ +} while (0) + + +/** + * Get list of symmetric modes supported. + * + * @param pcobject The Platform Capababilities Object to query. + * @param[out] gsmodes A pointer to where to store the location of + * the list of modes. + * @param[out] gsacount A pointer to where to store the number of + * algorithms in the list at @a modes. + */ +#define fsl_shw_pco_get_sym_modes(pcobject, gsmodes, gsacount) \ +do { \ + *(gsmodes) = (pcobject)->sym_modes; \ + *(gsacount) = (pcobject)->sym_mode_count; \ +} while (0) + + +/** + * Get list of hash algorithms supported. + * + * @param pcobject The Platform Capababilities Object to query. + * @param[out] gsalgorithms A pointer which will be set to the list of + * algorithms. + * @param[out] gsacount The number of algorithms in the list at @a + * algorithms. + */ +#define fsl_shw_pco_get_hash_algorithms(pcobject, gsalgorithms, gsacount) \ +do { \ + *(gsalgorithms) = (pcobject)->hash_algorithms; \ + *(gsacount) = (pcobject)->hash_algorithm_count; \ +} while (0) + + +/** + * Determine whether the combination of a given symmetric algorithm and a given + * mode is supported. + * + * @param pcobject The Platform Capababilities Object to query. + * @param pcalg A Symmetric Cipher algorithm. + * @param pcmode A Symmetric Cipher mode. + * + * @return 0 if combination is not supported, non-zero if supported. + */ +#if defined(FSL_HAVE_DRYICE) && defined(__KERNEL__) +#define fsl_shw_pco_check_sym_supported(pcobject, pcalg, pcmode) \ + ((pcobject)->sym_support[pcalg][pcmode]) +#else +#define fsl_shw_pco_check_sym_supported(pcobject, pcalg, pcmode) \ + 0 +#endif + +/** + * Determine whether a given Encryption-Authentication mode is supported. + * + * @param pcobject The Platform Capababilities Object to query. + * @param pcmode The Authentication mode. + * + * @return 0 if mode is not supported, non-zero if supported. + */ +#define fsl_shw_pco_check_auth_supported(pcobject, pcmode) \ + 0 + + +/** + * Determine whether Black Keys (key establishment / wrapping) is supported. + * + * @param pcobject The Platform Capababilities Object to query. + * + * @return 0 if wrapping is not supported, non-zero if supported. + */ +#if defined(FSL_HAVE_DRYICE) && defined(__KERNEL__) +#define fsl_shw_pco_check_black_key_supported(pcobject) \ + 1 +#else +#define fsl_shw_pco_check_black_key_supported(pcobject) \ + 0 + +#endif + +/*! + * Determine whether Programmed Key features are available + * + * @param pcobject The Platform Capabilities Object to query. + * + * @return 1 if Programmed Key features are available, otherwise zero. + */ +#if defined(FSL_HAVE_DRYICE) && defined(__KERNEL__) +#define fsl_shw_pco_check_pk_supported(pcobject) \ + 1 +#else +#define fsl_shw_pco_check_pk_supported(pcobject) \ + 0 +#endif + +/*! + * Determine whether Software Key features are available + * + * @param pc_info The Platform Capabilities Object to query. + * + * @return 1 if Software key features are available, otherwise zero. + */ +#if defined(FSL_HAVE_DRYICE) && defined(__KERNEL__) +#define fsl_shw_pco_check_sw_keys_supported(pcobject) \ + 1 +#else +#define fsl_shw_pco_check_sw_keys_supported(pcobject) \ + 0 +#endif + +/*! + * Get FSL SHW SCC driver version + * + * @param pcobject The Platform Capababilities Object to query. + * @param[out] pcmajor A pointer to where the major version + * of the SCC driver is to be stored. + * @param[out] pcminor A pointer to where the minor version + * of the SCC driver is to be stored. + */ +#define fsl_shw_pco_get_scc_driver_version(pcobject, pcmajor, pcminor) \ +{ \ + *(pcmajor) = (pcobject)->scc_driver_major; \ + *(pcminor) = (pcobject)->scc_driver_minor; \ +} + + +/** + * Get SCM hardware version + * + * @param pcobject The Platform Capababilities Object to query. + * @return The SCM hardware version + */ +#define fsl_shw_pco_get_scm_version(pcobject) \ + ((pcobject)->scm_version) + + +/** + * Get SMN hardware version + * + * @param pcobject The Platform Capababilities Object to query. + * @return The SMN hardware version + */ +#define fsl_shw_pco_get_smn_version(pcobject) \ + ((pcobject)->smn_version) + + +/** + * Get the size of an SCM block, in bytes + * + * @param pcobject The Platform Capababilities Object to query. + * @return The size of an SCM block, in bytes. + */ +#define fsl_shw_pco_get_scm_block_size(pcobject) \ + ((pcobject)->block_size_bytes) + + +/** + * Get size of Black and Red RAM memory + * + * @param pcobject The Platform Capababilities Object to query. + * @param[out] black_size A pointer to where the size of the Black RAM, in + * blocks, is to be placed. + * @param[out] red_size A pointer to where the size of the Red RAM, in + * blocks, is to be placed. + */ +#define fsl_shw_pco_get_smn_size(pcobject, black_size, red_size) \ +{ \ + if ((pcobject)->scm_version == 1) { \ + *(black_size) = (pcobject)->u.scc_info.black_ram_size_blocks; \ + *(red_size) = (pcobject)->u.scc_info.red_ram_size_blocks; \ + } else { \ + *(black_size) = 0; \ + *(red_size) = 0; \ + } \ +} + + +/** + * Determine whether Secure Partitions are supported + * + * @param pcobject The Platform Capababilities Object to query. + * + * @return 0 if secure partitions are not supported, non-zero if supported. + */ +#define fsl_shw_pco_check_spo_supported(pcobject) \ + ((pcobject)->scm_version == 2) + + +/** + * Get the size of a Secure Partitions + * + * @param pcobject The Platform Capababilities Object to query. + * + * @return Partition size, in bytes. 0 if Secure Partitions not supported. + */ +#define fsl_shw_pco_get_spo_size_bytes(pcobject) \ + (((pcobject)->scm_version == 2) ? \ + ((pcobject)->u.scc2_info.partition_size_bytes) : 0 ) \ + + +/** + * Get the number of Secure Partitions on this platform + * + * @param pcobject The Platform Capababilities Object to query. + * + * @return Number of partitions. 0 if Secure Paritions not supported. Note + * that this returns the total number of partitions, not all may be + * available to the user. + */ +#define fsl_shw_pco_get_spo_count(pcobject) \ + (((pcobject)->scm_version == 2) ? \ + ((pcobject)->u.scc2_info.partition_count) : 0 ) \ + + +/*! + * Initialize a Secret Key Object. + * + * This function must be called before performing any other operation with + * the Object. + * + * @param skobject The Secret Key Object to be initialized. + * @param skalgorithm DES, AES, etc. + * + */ +#define fsl_shw_sko_init(skobject,skalgorithm) \ +{ \ + fsl_shw_sko_t* skop = skobject; \ + \ + skop->algorithm = skalgorithm; \ + skop->flags = 0; \ + skop->keystore = NULL; \ + skop->pf_key = FSL_SHW_PF_KEY_PRG; \ +} + +/*! + * Initialize a Secret Key Object to use a Platform Key register. + * + * This function must be called before performing any other operation with + * the Object. + * + * @param skobject The Secret Key Object to be initialized. + * @param skalgorithm DES, AES, etc. + * @param skhwkey one of the fsl_shw_pf_key_t values. + * + */ +#define fsl_shw_sko_init_pf_key(skobject,skalgorithm,skhwkey) \ +{ \ + fsl_shw_sko_t* skop = skobject; \ + fsl_shw_key_alg_t alg = skalgorithm; \ + fsl_shw_pf_key_t key = skhwkey; \ + \ + skop->algorithm = alg; \ + if (alg == FSL_KEY_ALG_TDES) { \ + skop->key_length = 21; \ + } \ + skop->keystore = NULL; \ + skop->flags = FSL_SKO_KEY_SELECT_PF_KEY; \ + skop->pf_key = key; \ + if ((key == FSL_SHW_PF_KEY_IIM) || (key == FSL_SHW_PF_KEY_PRG) \ + || (key == FSL_SHW_PF_KEY_IIM_PRG) \ + || (key == FSL_SHW_PF_KEY_IIM_RND) \ + || (key == FSL_SHW_PF_KEY_RND)) { \ + skop->flags |= FSL_SKO_KEY_ESTABLISHED; \ + } \ +} + +/*! + * Store a cleartext key in the key object. + * + * This has the side effect of setting the #FSL_SKO_KEY_PRESENT flag and + * resetting the #FSL_SKO_KEY_ESTABLISHED flag. + * + * @param skobject A variable of type #fsl_shw_sko_t. + * @param skkey A pointer to the beginning of the key. + * @param skkeylen The length, in octets, of the key. The value should be + * appropriate to the key size supported by the algorithm. + * 64 octets is the absolute maximum value allowed for this + * call. + */ +#define fsl_shw_sko_set_key(skobject, skkey, skkeylen) \ +{ \ + (skobject)->key_length = skkeylen; \ + copy_bytes((skobject)->key, skkey, skkeylen); \ + (skobject)->flags |= FSL_SKO_KEY_PRESENT; \ + (skobject)->flags &= ~FSL_SKO_KEY_ESTABLISHED; \ +} + +/** + * Set a size for the key. + * + * This function would normally be used when the user wants the key to be + * generated from a random source. + * + * @param skobject A variable of type #fsl_shw_sko_t. + * @param skkeylen The length, in octets, of the key. The value should be + * appropriate to the key size supported by the algorithm. + * 64 octets is the absolute maximum value allowed for this + * call. + */ +#define fsl_shw_sko_set_key_length(skobject, skkeylen) \ + (skobject)->key_length = skkeylen; + + +/** + * Set the User ID associated with the key. + * + * @param skobject A variable of type #fsl_shw_sko_t. + * @param skuserid The User ID to identify authorized users of the key. + */ +#define fsl_shw_sko_set_user_id(skobject, skuserid) \ + (skobject)->userid = (skuserid) + +/** + * Establish a user Keystore to hold the key. + */ +#define fsl_shw_sko_set_keystore(skobject, user_keystore) \ + (skobject)->keystore = (user_keystore) + + + +/** + * Set the establish key handle into a key object. + * + * The @a userid field will be used to validate the access to the unwrapped + * key. This feature is not available for all platforms, nor for all + * algorithms and modes. + * + * The #FSL_SKO_KEY_ESTABLISHED will be set (and the #FSL_SKO_KEY_PRESENT flag + * will be cleared). + * + * @param skobject A variable of type #fsl_shw_sko_t. + * @param skuserid The User ID to verify this user is an authorized user of + * the key. + * @param skhandle A @a handle from #fsl_shw_sko_get_established_info. + */ +#define fsl_shw_sko_set_established_info(skobject, skuserid, skhandle) \ +{ \ + (skobject)->userid = (skuserid); \ + (skobject)->handle = (skhandle); \ + (skobject)->flags |= FSL_SKO_KEY_ESTABLISHED; \ + (skobject)->flags &= \ + ~(FSL_SKO_KEY_PRESENT); \ +} + + +/** + * Retrieve the established-key handle from a key object. + * + * @param skobject A variable of type #fsl_shw_sko_t. + * @param skhandle The location to store the @a handle of the unwrapped + * key. + */ +#define fsl_shw_sko_get_established_info(skobject, skhandle) \ + *(skhandle) = (skobject)->handle + + +/** + * Extract the algorithm from a key object. + * + * @param skobject The Key Object to be queried. + * @param[out] skalgorithm A pointer to the location to store the algorithm. + */ +#define fsl_shw_sko_get_algorithm(skobject, skalgorithm) \ + *(skalgorithm) = (skobject)->algorithm + + +/** + * Retrieve the cleartext key from a key object that is stored in a user + * keystore. + * + * @param skobject The Key Object to be queried. + * @param[out] skkey A pointer to the location to store the key. NULL + * if the key is not stored in a user keystore. + */ +#define fsl_shw_sko_get_key(skobject, skkey) \ +{ \ + fsl_shw_kso_t* keystore = (skobject)->keystore; \ + if (keystore != NULL) { \ + *(skkey) = keystore->slot_get_address(keystore->user_data, \ + (skobject)->handle); \ + } else { \ + *(skkey) = NULL; \ + } \ +} + + +/*! + * Determine the size of a wrapped key based upon the cleartext key's length. + * + * This function can be used to calculate the number of octets that + * #fsl_shw_extract_key() will write into the location at @a covered_key. + * + * If zero is returned at @a length, this means that the key length in + * @a key_info is not supported. + * + * @param wkeyinfo Information about a key to be wrapped. + * @param wkeylen Location to store the length of a wrapped + * version of the key in @a key_info. + */ +#define fsl_shw_sko_calculate_wrapped_size(wkeyinfo, wkeylen) \ +{ \ + register fsl_shw_sko_t* kp = wkeyinfo; \ + register uint32_t kl = kp->key_length; \ + int key_blocks; \ + int base_size = 35; /* ICV + T' + ALG + LEN + FLAGS */ \ + \ + if (kp->flags & FSL_SKO_KEY_SELECT_PF_KEY) { \ + kl = 21; /* 168-bit 3DES key */ \ + } \ + key_blocks = (kl + 7) / 8; \ + /* Round length up to 3DES block size for CBC mode */ \ + *(wkeylen) = base_size + 8 * key_blocks; \ +} + +/*! + * Set some flags in the key object. + * + * Turns on the flags specified in @a flags. Other flags are untouched. + * + * @param skobject A variable of type #fsl_shw_sko_t. + * @param skflags (One or more) ORed members of #fsl_shw_key_flags_t which + * are to be set. + */ +#define fsl_shw_sko_set_flags(skobject, skflags) \ + (skobject)->flags |= (skflags) + + +/** + * Clear some flags in the key object. + * + * Turns off the flags specified in @a flags. Other flags are untouched. + * + * @param skobject A variable of type #fsl_shw_sko_t. + * @param skflags (One or more) ORed members of #fsl_shw_key_flags_t + * which are to be reset. + */ +#define fsl_shw_sko_clear_flags(skobject, skflags) \ + (skobject)->flags &= ~(skflags) + +/** + * Initialize a User Context Object. + * + * This function must be called before performing any other operation with the + * Object. It sets the User Context Object to initial values, and set the size + * of the results pool. The mode will be set to a default of + * #FSL_UCO_BLOCKING_MODE. + * + * When using non-blocking operations, this sets the maximum number of + * operations which can be outstanding. This number includes the counts of + * operations waiting to start, operation(s) being performed, and results which + * have not been retrieved. + * + * Changes to this value are ignored once user registration has completed. It + * should be set to 1 if only blocking operations will ever be performed. + * + * @param ucontext The User Context object to operate on. + * @param usize The maximum number of operations which can be + * outstanding. + */ +#ifdef __KERNEL__ + +#define fsl_shw_uco_init(ucontext, usize) \ +do { \ + fsl_shw_uco_t* uco = ucontext; \ + \ + (uco)->pool_size = usize; \ + (uco)->flags = FSL_UCO_BLOCKING_MODE | FSL_UCO_CONTEXT_CHANGED; \ + (uco)->openfd = -1; \ + (uco)->callback = NULL; \ + (uco)->partition = NULL; \ + (uco)->wrap_key = FSL_SHW_PF_KEY_IIM; \ +} while (0) + +#else /* __KERNEL__ */ + +#define fsl_shw_uco_init(ucontext, usize) \ +do { \ + fsl_shw_uco_t* uco = ucontext; \ + \ + (uco)->pool_size = usize; \ + (uco)->flags = FSL_UCO_BLOCKING_MODE | FSL_UCO_CONTEXT_CHANGED; \ + (uco)->openfd = -1; \ + (uco)->callback = NULL; \ + (uco)->wrap_key = FSL_SHW_PF_KEY_IIM; \ +} while (0) + +#endif /* __KERNEL__ */ + + +/** + * Set the User Reference for the User Context. + * + * @param ucontext The User Context object to operate on. + * @param uref A value which will be passed back with a result. + */ +#define fsl_shw_uco_set_reference(ucontext, uref) \ +do { \ + fsl_shw_uco_t* uco = ucontext; \ + \ + (uco)->user_ref = uref; \ + (uco)->flags |= FSL_UCO_CONTEXT_CHANGED; \ +} while (0) + + +/** + * Set the User Reference for the User Context. + * + * @param ucontext The User Context object to operate on. + * @param ucallback The function the API will invoke when an operation + * completes. + */ +#define fsl_shw_uco_set_callback(ucontext, ucallback) \ +do { \ + fsl_shw_uco_t* uco = ucontext; \ + \ + (uco)->callback = ucallback; \ + (uco)->flags |= FSL_UCO_CONTEXT_CHANGED; \ +} while (0) + +/** + * Set flags in the User Context. + * + * Turns on the flags specified in @a flags. Other flags are untouched. + * + * @param ucontext The User Context object to operate on. + * @param uflags ORed values from #fsl_shw_user_ctx_flags_t. + */ +#define fsl_shw_uco_set_flags(ucontext, uflags) \ + (ucontext)->flags |= (uflags) | FSL_UCO_CONTEXT_CHANGED + + +/** + * Clear flags in the User Context. + * + * Turns off the flags specified in @a flags. Other flags are untouched. + * + * @param ucontext The User Context object to operate on. + * @param uflags ORed values from #fsl_shw_user_ctx_flags_t. + */ +#define fsl_shw_uco_clear_flags(ucontext, uflags) \ +do { \ + fsl_shw_uco_t* uco = ucontext; \ + \ + (uco)->flags &= ~(uflags); \ + (uco)->flags |= FSL_UCO_CONTEXT_CHANGED; \ +} while (0) + + +/** + * Retrieve the reference value from a Result Object. + * + * @param robject The result object to query. + * + * @return The reference associated with the request. + */ +#define fsl_shw_ro_get_reference(robject) \ + (robject)->user_ref + + +/** + * Retrieve the status code from a Result Object. + * + * @param robject The result object to query. + * + * @return The status of the request. + */ +#define fsl_shw_ro_get_status(robject) \ + (robject)->code + + + +/* REQ-FSL-SHW-PINTFC-API-BASIC-HASH-004 */ +/** + * Initialize a Hash Context Object. + * + * This function must be called before performing any other operation with the + * Object. It sets the current message length and hash algorithm in the hash + * context object. + * + * @param hcobject The hash context to operate upon. + * @param hcalgorithm The hash algorithm to be used (#FSL_HASH_ALG_MD5, + * #FSL_HASH_ALG_SHA256, etc). + * + */ +#define fsl_shw_hco_init(hcobject, hcalgorithm) \ +do { \ + (hcobject)->algorithm = hcalgorithm; \ + (hcobject)->flags = 0; \ + switch (hcalgorithm) { \ + case FSL_HASH_ALG_MD5: \ + (hcobject)->digest_length = 16; \ + (hcobject)->context_length = 16; \ + (hcobject)->context_register_length = 24; \ + break; \ + case FSL_HASH_ALG_SHA1: \ + (hcobject)->digest_length = 20; \ + (hcobject)->context_length = 20; \ + (hcobject)->context_register_length = 24; \ + break; \ + case FSL_HASH_ALG_SHA224: \ + (hcobject)->digest_length = 28; \ + (hcobject)->context_length = 32; \ + (hcobject)->context_register_length = 36; \ + break; \ + case FSL_HASH_ALG_SHA256: \ + (hcobject)->digest_length = 32; \ + (hcobject)->context_length = 32; \ + (hcobject)->context_register_length = 36; \ + break; \ + default: \ + /* error ! */ \ + (hcobject)->digest_length = 1; \ + (hcobject)->context_length = 1; \ + (hcobject)->context_register_length = 1; \ + break; \ + } \ +} while (0) + + +/* REQ-FSL-SHW-PINTFC-API-BASIC-HASH-001 */ +/** + * Get the current hash value and message length from the hash context object. + * + * The algorithm must have already been specified. See #fsl_shw_hco_init(). + * + * @param hcobject The hash context to query. + * @param[out] hccontext Pointer to the location of @a length octets where to + * store a copy of the current value of the digest. + * @param hcclength Number of octets of hash value to copy. + * @param[out] hcmsglen Pointer to the location to store the number of octets + * already hashed. + */ +#define fsl_shw_hco_get_digest(hcobject, hccontext, hcclength, hcmsglen) \ +do { \ + memcpy(hccontext, (hcobject)->context, hcclength); \ + if ((hcobject)->algorithm == FSL_HASH_ALG_SHA224 \ + || (hcobject)->algorithm == FSL_HASH_ALG_SHA256) { \ + *(hcmsglen) = (hcobject)->context[8]; \ + } else { \ + *(hcmsglen) = (hcobject)->context[5]; \ + } \ +} while (0) + + +/* REQ-FSL-SHW-PINTFC-API-BASIC-HASH-002 */ +/** + * Get the hash algorithm from the hash context object. + * + * @param hcobject The hash context to query. + * @param[out] hcalgorithm Pointer to where the algorithm is to be stored. + */ +#define fsl_shw_hco_get_info(hcobject, hcalgorithm) \ +do { \ + *(hcalgorithm) = (hcobject)->algorithm; \ +} while (0) + + +/* REQ-FSL-SHW-PINTFC-API-BASIC-HASH-003 */ +/* REQ-FSL-SHW-PINTFC-API-BASIC-HASH-004 */ +/** + * Set the current hash value and message length in the hash context object. + * + * The algorithm must have already been specified. See #fsl_shw_hco_init(). + * + * @param hcobject The hash context to operate upon. + * @param hccontext Pointer to buffer of appropriate length to copy into + * the hash context object. + * @param hcmsglen The number of octets of the message which have + * already been hashed. + * + */ +#define fsl_shw_hco_set_digest(hcobject, hccontext, hcmsglen) \ +do { \ + memcpy((hcobject)->context, hccontext, (hcobject)->context_length); \ + if (((hcobject)->algorithm == FSL_HASH_ALG_SHA224) \ + || ((hcobject)->algorithm == FSL_HASH_ALG_SHA256)) { \ + (hcobject)->context[8] = hcmsglen; \ + } else { \ + (hcobject)->context[5] = hcmsglen; \ + } \ +} while (0) + + +/** + * Set flags in a Hash Context Object. + * + * Turns on the flags specified in @a flags. Other flags are untouched. + * + * @param hcobject The hash context to be operated on. + * @param hcflags The flags to be set in the context. These can be ORed + * members of #fsl_shw_hash_ctx_flags_t. + */ +#define fsl_shw_hco_set_flags(hcobject, hcflags) \ + (hcobject)->flags |= (hcflags) + + +/** + * Clear flags in a Hash Context Object. + * + * Turns off the flags specified in @a flags. Other flags are untouched. + * + * @param hcobject The hash context to be operated on. + * @param hcflags The flags to be reset in the context. These can be ORed + * members of #fsl_shw_hash_ctx_flags_t. + */ +#define fsl_shw_hco_clear_flags(hcobject, hcflags) \ + (hcobject)->flags &= ~(hcflags) + + +/** + * Initialize an HMAC Context Object. + * + * This function must be called before performing any other operation with the + * Object. It sets the current message length and hash algorithm in the HMAC + * context object. + * + * @param hcobject The HMAC context to operate upon. + * @param hcalgorithm The hash algorithm to be used (#FSL_HASH_ALG_MD5, + * #FSL_HASH_ALG_SHA256, etc). + * + */ +#define fsl_shw_hmco_init(hcobject, hcalgorithm) \ + fsl_shw_hco_init(hcobject, hcalgorithm) + + +/** + * Set flags in an HMAC Context Object. + * + * Turns on the flags specified in @a flags. Other flags are untouched. + * + * @param hcobject The HMAC context to be operated on. + * @param hcflags The flags to be set in the context. These can be ORed + * members of #fsl_shw_hmac_ctx_flags_t. + */ +#define fsl_shw_hmco_set_flags(hcobject, hcflags) \ + (hcobject)->flags |= (hcflags) + + +/** + * Clear flags in an HMAC Context Object. + * + * Turns off the flags specified in @a flags. Other flags are untouched. + * + * @param hcobject The HMAC context to be operated on. + * @param hcflags The flags to be reset in the context. These can be ORed + * members of #fsl_shw_hmac_ctx_flags_t. + */ +#define fsl_shw_hmco_clear_flags(hcobject, hcflags) \ + (hcobject)->flags &= ~(hcflags) + + +/** + * Initialize a Symmetric Cipher Context Object. + * + * This function must be called before performing any other operation with the + * Object. This will set the @a mode and @a algorithm and initialize the + * Object. + * + * @param scobject The context object to operate on. + * @param scalg The cipher algorithm this context will be used with. + * @param scmode #FSL_SYM_MODE_CBC, #FSL_SYM_MODE_ECB, etc. + * + */ +#define fsl_shw_scco_init(scobject, scalg, scmode) \ +do { \ + register uint32_t bsb; /* block-size bytes */ \ + \ + switch (scalg) { \ + case FSL_KEY_ALG_AES: \ + bsb = 16; \ + break; \ + case FSL_KEY_ALG_DES: \ + /* fall through */ \ + case FSL_KEY_ALG_TDES: \ + bsb = 8; \ + break; \ + case FSL_KEY_ALG_ARC4: \ + bsb = 259; \ + break; \ + case FSL_KEY_ALG_HMAC: \ + bsb = 1; /* meaningless */ \ + break; \ + default: \ + bsb = 00; \ + } \ + (scobject)->block_size_bytes = bsb; \ + (scobject)->mode = scmode; \ + (scobject)->flags = 0; \ +} while (0) + + +/** + * Set the flags for a Symmetric Cipher Context. + * + * Turns on the flags specified in @a flags. Other flags are untouched. + * + * @param scobject The context object to operate on. + * @param scflags The flags to reset (one or more values from + * #fsl_shw_sym_ctx_flags_t ORed together). + * + */ +#define fsl_shw_scco_set_flags(scobject, scflags) \ + (scobject)->flags |= (scflags) + + +/** + * Clear some flags in a Symmetric Cipher Context Object. + * + * Turns off the flags specified in @a flags. Other flags are untouched. + * + * @param scobject The context object to operate on. + * @param scflags The flags to reset (one or more values from + * #fsl_shw_sym_ctx_flags_t ORed together). + * + */ +#define fsl_shw_scco_clear_flags(scobject, scflags) \ + (scobject)->flags &= ~(scflags) + + +/** + * Set the Context (IV) for a Symmetric Cipher Context. + * + * This is to set the context/IV for #FSL_SYM_MODE_CBC mode, or to set the + * context (the S-Box and pointers) for ARC4. The full context size will + * be copied. + * + * @param scobject The context object to operate on. + * @param sccontext A pointer to the buffer which contains the context. + * + */ +#define fsl_shw_scco_set_context(scobject, sccontext) \ + memcpy((scobject)->context, sccontext, \ + (scobject)->block_size_bytes) + + +/** + * Get the Context for a Symmetric Cipher Context. + * + * This is to retrieve the context/IV for #FSL_SYM_MODE_CBC mode, or to + * retrieve context (the S-Box and pointers) for ARC4. The full context + * will be copied. + * + * @param scobject The context object to operate on. + * @param[out] sccontext Pointer to location where context will be stored. + */ +#define fsl_shw_scco_get_context(scobject, sccontext) \ + memcpy(sccontext, (scobject)->context, (scobject)->block_size_bytes) + + +/** + * Set the Counter Value for a Symmetric Cipher Context. + * + * This will set the Counter Value for CTR mode. + * + * @param scobject The context object to operate on. + * @param sccounter The starting counter value. The number of octets. + * copied will be the block size for the algorithm. + * @param scmodulus The modulus for controlling the incrementing of the + * counter. + * + */ +#define fsl_shw_scco_set_counter_info(scobject, sccounter, scmodulus) \ +do { \ + if ((sccounter) != NULL) { \ + memcpy((scobject)->context, sccounter, \ + (scobject)->block_size_bytes); \ + } \ + (scobject)->modulus_exp = scmodulus; \ +} while (0) + + +/** + * Get the Counter Value for a Symmetric Cipher Context. + * + * This will retrieve the Counter Value is for CTR mode. + * + * @param scobject The context object to query. + * @param[out] sccounter Pointer to location to store the current counter + * value. The number of octets copied will be the + * block size for the algorithm. + * @param[out] scmodulus Pointer to location to store the modulus. + * + */ +#define fsl_shw_scco_get_counter_info(scobject, sccounter, scmodulus) \ +do { \ + if ((sccounter) != NULL) { \ + memcpy(sccounter, (scobject)->context, \ + (scobject)->block_size_bytes); \ + } \ + if ((scmodulus) != NULL) { \ + *(scmodulus) = (scobject)->modulus_exp; \ + } \ +} while (0) + + +/** + * Initialize a Authentication-Cipher Context. + * + * @param acobject Pointer to object to operate on. + * @param acmode The mode for this object (only #FSL_ACC_MODE_CCM + * supported). + */ +#define fsl_shw_acco_init(acobject, acmode) \ +do { \ + (acobject)->flags = 0; \ + (acobject)->mode = (acmode); \ +} while (0) + + +/** + * Set the flags for a Authentication-Cipher Context. + * + * Turns on the flags specified in @a flags. Other flags are untouched. + * + * @param acobject Pointer to object to operate on. + * @param acflags The flags to set (one or more from + * #fsl_shw_auth_ctx_flags_t ORed together). + * + */ +#define fsl_shw_acco_set_flags(acobject, acflags) \ + (acobject)->flags |= (acflags) + + +/** + * Clear some flags in a Authentication-Cipher Context Object. + * + * Turns off the flags specified in @a flags. Other flags are untouched. + * + * @param acobject Pointer to object to operate on. + * @param acflags The flags to reset (one or more from + * #fsl_shw_auth_ctx_flags_t ORed together). + * + */ +#define fsl_shw_acco_clear_flags(acobject, acflags) \ + (acobject)->flags &= ~(acflags) + + +/** + * Set up the Authentication-Cipher Object for CCM mode. + * + * This will set the @a auth_object for CCM mode and save the @a ctr, + * and @a mac_length. This function can be called instead of + * #fsl_shw_acco_init(). + * + * The paramater @a ctr is Counter Block 0, (counter value 0), which is for the + * MAC. + * + * @param acobject Pointer to object to operate on. + * @param acalg Cipher algorithm. Only AES is supported. + * @param accounter The initial counter value. + * @param acmaclen The number of octets used for the MAC. Valid values are + * 4, 6, 8, 10, 12, 14, and 16. + */ +/* Do we need to stash the +1 value of the CTR somewhere? */ +#define fsl_shw_acco_set_ccm(acobject, acalg, accounter, acmaclen) \ + do { \ + (acobject)->flags = 0; \ + (acobject)->mode = FSL_ACC_MODE_CCM; \ + (acobject)->auth_info.CCM_ctx_info.block_size_bytes = 16; \ + (acobject)->cipher_ctx_info.block_size_bytes = 16; \ + (acobject)->mac_length = acmaclen; \ + fsl_shw_scco_set_counter_info(&(acobject)->cipher_ctx_info, accounter, \ + FSL_CTR_MOD_128); \ +} while (0) + + +/** + * Format the First Block (IV) & Initial Counter Value per NIST CCM. + * + * This function will also set the IV and CTR values per Appendix A of NIST + * Special Publication 800-38C (May 2004). It will also perform the + * #fsl_shw_acco_set_ccm() operation with information derived from this set of + * parameters. + * + * Note this function assumes the algorithm is AES. It initializes the + * @a auth_object by setting the mode to #FSL_ACC_MODE_CCM and setting the + * flags to be #FSL_ACCO_NIST_CCM. + * + * @param acobject Pointer to object to operate on. + * @param act The number of octets used for the MAC. Valid values are + * 4, 6, 8, 10, 12, 14, and 16. + * @param acad Number of octets of Associated Data (may be zero). + * @param acq A value for the size of the length of @a q field. Valid + * values are 1-8. + * @param acN The Nonce (packet number or other changing value). Must + * be (15 - @a q_length) octets long. + * @param acQ The value of Q (size of the payload in octets). + * + */ +#define fsl_shw_ccm_nist_format_ctr_and_iv(acobject, act, acad, acq, acN, acQ)\ + do { \ + uint64_t Q = acQ; \ + uint8_t bflag = ((acad)?0x40:0) | ((((act)-2)/2)<<3) | ((acq)-1); \ + unsigned i; \ + uint8_t* qptr = (acobject)->auth_info.CCM_ctx_info.context + 15; \ + (acobject)->auth_info.CCM_ctx_info.block_size_bytes = 16; \ + (acobject)->cipher_ctx_info.block_size_bytes = 16; \ + (acobject)->mode = FSL_ACC_MODE_CCM; \ + (acobject)->flags = FSL_ACCO_NIST_CCM; \ + \ + /* Store away the MAC length (after calculating actual value */ \ + (acobject)->mac_length = (act); \ + /* Set Flag field in Block 0 */ \ + *((acobject)->auth_info.CCM_ctx_info.context) = bflag; \ + /* Set Nonce field in Block 0 */ \ + memcpy((acobject)->auth_info.CCM_ctx_info.context+1, acN, \ + 15-(acq)); \ + /* Set Flag field in ctr */ \ + *((acobject)->cipher_ctx_info.context) = (acq)-1; \ + /* Update the Q (payload length) field of Block0 */ \ + (acobject)->q_length = acq; \ + for (i = 0; i < (acq); i++) { \ + *qptr-- = Q & 0xFF; \ + Q >>= 8; \ + } \ + /* Set the Nonce field of the ctr */ \ + memcpy((acobject)->cipher_ctx_info.context+1, acN, 15-(acq)); \ + /* Clear the block counter field of the ctr */ \ + memset((acobject)->cipher_ctx_info.context+16-(acq), 0, (acq)+1); \ + } while (0) + + +/** + * Update the First Block (IV) & Initial Counter Value per NIST CCM. + * + * This function will set the IV and CTR values per Appendix A of NIST Special + * Publication 800-38C (May 2004). + * + * Note this function assumes that #fsl_shw_ccm_nist_format_ctr_and_iv() has + * previously been called on the @a auth_object. + * + * @param acobject Pointer to object to operate on. + * @param acN The Nonce (packet number or other changing value). Must + * be (15 - @a q_length) octets long. + * @param acQ The value of Q (size of the payload in octets). + * + */ +/* Do we need to stash the +1 value of the CTR somewhere? */ +#define fsl_shw_ccm_nist_update_ctr_and_iv(acobject, acN, acQ) \ + do { \ + uint64_t Q = acQ; \ + unsigned i; \ + uint8_t* qptr = (acobject)->auth_info.CCM_ctx_info.context + 15; \ + \ + /* Update the Nonce field field of Block0 */ \ + memcpy((acobject)->auth_info.CCM_ctx_info.context+1, acN, \ + 15 - (acobject)->q_length); \ + /* Update the Q (payload length) field of Block0 */ \ + for (i = 0; i < (acobject)->q_length; i++) { \ + *qptr-- = Q & 0xFF; \ + Q >>= 8; \ + } \ + /* Update the Nonce field of the ctr */ \ + memcpy((acobject)->cipher_ctx_info.context+1, acN, \ + 15 - (acobject)->q_length); \ + } while (0) + + +/****************************************************************************** + * Library functions + *****************************************************************************/ +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSLSHW-PINTFC-API-GEN-003 */ +/** + * Determine the hardware security capabilities of this platform. + * + * Though a user context object is passed into this function, it will always + * act in a non-blocking manner. + * + * @param user_ctx The user context which will be used for the query. + * + * @return A pointer to the capabilities object. + */ +extern fsl_shw_pco_t* fsl_shw_get_capabilities(fsl_shw_uco_t* user_ctx); + + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSLSHW-PINTFC-API-GEN-004 */ +/** + * Create an association between the the user and the provider of the API. + * + * @param user_ctx The user context which will be used for this association. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_register_user(fsl_shw_uco_t* user_ctx); + + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSLSHW-PINTFC-API-GEN-005 */ +/** + * Destroy the association between the the user and the provider of the API. + * + * @param user_ctx The user context which is no longer needed. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_deregister_user(fsl_shw_uco_t* user_ctx); + + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSLSHW-PINTFC-API-GEN-006 */ +/** + * Retrieve results from earlier operations. + * + * @param user_ctx The user's context. + * @param result_size The number of array elements of @a results. + * @param[in,out] results Pointer to first of the (array of) locations to + * store results. + * @param[out] result_count Pointer to store the number of results which + * were returned. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_get_results(fsl_shw_uco_t* user_ctx, + unsigned result_size, + fsl_shw_result_t results[], + unsigned* result_count); + +/** + * Place a key into a protected location for use only by cryptographic + * algorithms. + * + * This only needs to be used to a) unwrap a key, or b) set up a key which + * could be wrapped with a later call to #fsl_shw_extract_key(). Normal + * cleartext keys can simply be placed into #fsl_shw_sko_t key objects with + * #fsl_shw_sko_set_key() and used directly. + * + * The maximum key size supported for wrapped/unwrapped keys is 32 octets. + * (This is the maximum reasonable key length on Sahara - 32 octets for an HMAC + * key based on SHA-256.) The key size is determined by the @a key_info. The + * expected length of @a key can be determined by + * #fsl_shw_sko_calculate_wrapped_size() + * + * The protected key will not be available for use until this operation + * successfully completes. + * + * This feature is not available for all platforms, nor for all algorithms and + * modes. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param[in,out] key_info The information about the key to be which will + * be established. In the create case, the key + * length must be set. + * @param establish_type How @a key will be interpreted to establish a + * key for use. + * @param key If @a establish_type is #FSL_KEY_WRAP_UNWRAP, + * this is the location of a wrapped key. If + * @a establish_type is #FSL_KEY_WRAP_CREATE, this + * parameter can be @a NULL. If @a establish_type + * is #FSL_KEY_WRAP_ACCEPT, this is the location + * of a plaintext key. + */ +extern fsl_shw_return_t fsl_shw_establish_key( + fsl_shw_uco_t* user_ctx, + fsl_shw_sko_t* key_info, + fsl_shw_key_wrap_t establish_type, + const uint8_t* key); + + +/** + * Wrap a key and retrieve the wrapped value. + * + * A wrapped key is a key that has been cryptographically obscured. It is + * only able to be used with #fsl_shw_establish_key(). + * + * This function will also release the key (see #fsl_shw_release_key()) so + * that it must be re-established before reuse. + * + * This feature is not available for all platforms, nor for all algorithms and + * modes. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param key_info The information about the key to be deleted. + * @param[out] covered_key The location to store the wrapped key. + * (This size is based upon the maximum key size + * of 32 octets). + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_extract_key(fsl_shw_uco_t* user_ctx, + fsl_shw_sko_t* key_info, + uint8_t* covered_key); + +/*! + * Read the key value from a key object. + * + * Only a key marked as a software key (#FSL_SKO_KEY_SW_KEY) can be read with + * this call. It has no effect on the status of the key store. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param key_info The referenced key. + * @param[out] key The location to store the key value. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_read_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + uint8_t * key); + +/** + * De-establish a key so that it can no longer be accessed. + * + * The key will need to be re-established before it can again be used. + * + * This feature is not available for all platforms, nor for all algorithms and + * modes. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param key_info The information about the key to be deleted. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_release_key( + fsl_shw_uco_t* user_ctx, + fsl_shw_sko_t* key_info); + + +/* + * In userspace, partition assignments will be tracked using the user context. + * In kernel mode, partition assignments are based on address only. + */ + +/** + * Allocate a block of secure memory + * + * @param user_ctx User context + * @param size Memory size (octets). Note: currently only + * supports only single-partition sized blocks. + * @param UMID User Mode ID to use when registering the + * partition. + * @param permissions Permissions to initialize the partition with. + * Can be made by ORing flags from the + * #fsl_shw_permission_t. + * + * @return Address of the allocated memory. NULL if the + * call was not successful. + */ +extern void *fsl_shw_smalloc(fsl_shw_uco_t* user_ctx, + uint32_t size, + const uint8_t* UMID, + uint32_t permissions); + + +/** + * Free a block of secure memory that was allocated with #fsl_shw_smalloc + * + * @param user_ctx User context + * @param address Address of the block of secure memory to be + * released. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_sfree( + fsl_shw_uco_t* user_ctx, + void* address); + + +/** + * Check the status of a block of a secure memory that was allocated with + * #fsl_shw_smalloc + * + * @param user_ctx User context + * @param address Address of the block of secure memory to be + * released. + * @param status Status of the partition, of type + * #fsl_partition_status_t + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_sstatus(fsl_shw_uco_t* user_ctx, + void* address, + fsl_shw_partition_status_t* status); + + +/** + * Diminish the permissions of a block of secure memory. Note that permissions + * can only be revoked. + * + * @param user_ctx User context + * @param address Base address of the secure memory to work with + * @param permissions Permissions to initialize the partition with. + * Can be made by ORing flags from the + * #fsl_shw_permission_t. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_diminish_perms( + fsl_shw_uco_t* user_ctx, + void* address, + uint32_t permissions); + +extern fsl_shw_return_t do_scc_engage_partition( + fsl_shw_uco_t* user_ctx, + void* address, + const uint8_t* UMID, + uint32_t permissions); + +extern fsl_shw_return_t do_system_keystore_slot_alloc( + fsl_shw_uco_t* user_ctx, + uint32_t key_lenth, + uint64_t ownerid, + uint32_t *slot); + +extern fsl_shw_return_t do_system_keystore_slot_dealloc( + fsl_shw_uco_t* user_ctx, + uint64_t ownerid, + uint32_t slot); + +extern fsl_shw_return_t do_system_keystore_slot_load( + fsl_shw_uco_t* user_ctx, + uint64_t ownerid, + uint32_t slot, + const uint8_t *key, + uint32_t key_length); + +extern fsl_shw_return_t do_system_keystore_slot_encrypt( + fsl_shw_uco_t* user_ctx, + uint64_t ownerid, + uint32_t slot, + uint32_t key_length, + uint8_t* black_data); + +extern fsl_shw_return_t do_system_keystore_slot_decrypt( + fsl_shw_uco_t* user_ctx, + uint64_t ownerid, + uint32_t slot, + uint32_t key_length, + const uint8_t* black_data); + + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSL-SHW-PINTFC-COA-SKO */ +/* REQ-FSL-SHW-PINTFC-COA-SCCO */ +/* REQ-FSLSHW-PINTFC-API-BASIC-SYM-001 */ +/* PINTFC-API-BASIC-SYM-ARC4-001 */ +/* PINTFC-API-BASIC-SYM-ARC4-002 */ +/** + * Encrypt a stream of data with a symmetric-key algorithm. + * + * In ARC4, and also in #FSL_SYM_MODE_CBC and #FSL_SYM_MODE_CTR modes, the + * flags of the @a sym_ctx object will control part of the operation of this + * function. The #FSL_SYM_CTX_INIT flag means that there is no context info in + * the object. The #FSL_SYM_CTX_LOAD means to use information in the + * @a sym_ctx at the start of the operation, and the #FSL_SYM_CTX_SAVE flag + * means to update the object's context information after the operation has + * been performed. + * + * All of the data for an operation can be run through at once using the + * #FSL_SYM_CTX_INIT or #FSL_SYM_CTX_LOAD flags, as appropriate, and then using + * a @a length for the whole of the data. + * + * If a #FSL_SYM_CTX_SAVE flag were added, an additional call to the function + * would "pick up" where the previous call left off, allowing the user to + * perform the larger function in smaller steps. + * + * In #FSL_SYM_MODE_CBC and #FSL_SYM_MODE_ECB modes, the @a length must always + * be a multiple of the block size for the algorithm being used. For proper + * operation in #FSL_SYM_MODE_CTR mode, the @a length must be a multiple of the + * block size until the last operation on the total octet stream. + * + * Some users of ARC4 may want to compute the context (S-Box and pointers) from + * the key before any data is available. This may be done by running this + * function with a @a length of zero, with the init & save flags flags on in + * the @a sym_ctx. Subsequent operations would then run as normal with the + * load and save flags. Note that they key object is still required. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param key_info Key and algorithm being used for this operation. + * @param[in,out] sym_ctx Info on cipher mode, state of the cipher. + * @param length Length, in octets, of the pt (and ct). + * @param pt pointer to plaintext to be encrypted. + * @param[out] ct pointer to where to store the resulting ciphertext. + * + * @return A return code of type #fsl_shw_return_t. + * + */ +extern fsl_shw_return_t fsl_shw_symmetric_encrypt( + fsl_shw_uco_t* user_ctx, + fsl_shw_sko_t* key_info, + fsl_shw_scco_t* sym_ctx, + uint32_t length, + const uint8_t* pt, + uint8_t* ct); + + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSL-SHW-PINTFC-COA-SKO */ +/* REQ-FSL-SHW-PINTFC-COA-SCCO */ +/* PINTFC-API-BASIC-SYM-002 */ +/* PINTFC-API-BASIC-SYM-ARC4-001 */ +/* PINTFC-API-BASIC-SYM-ARC4-002 */ +/** + * Decrypt a stream of data with a symmetric-key algorithm. + * + * In ARC4, and also in #FSL_SYM_MODE_CBC and #FSL_SYM_MODE_CTR modes, the + * flags of the @a sym_ctx object will control part of the operation of this + * function. The #FSL_SYM_CTX_INIT flag means that there is no context info in + * the object. The #FSL_SYM_CTX_LOAD means to use information in the + * @a sym_ctx at the start of the operation, and the #FSL_SYM_CTX_SAVE flag + * means to update the object's context information after the operation has + * been performed. + * + * All of the data for an operation can be run through at once using the + * #FSL_SYM_CTX_INIT or #FSL_SYM_CTX_LOAD flags, as appropriate, and then using + * a @a length for the whole of the data. + * + * If a #FSL_SYM_CTX_SAVE flag were added, an additional call to the function + * would "pick up" where the previous call left off, allowing the user to + * perform the larger function in smaller steps. + * + * In #FSL_SYM_MODE_CBC and #FSL_SYM_MODE_ECB modes, the @a length must always + * be a multiple of the block size for the algorithm being used. For proper + * operation in #FSL_SYM_MODE_CTR mode, the @a length must be a multiple of the + * block size until the last operation on the total octet stream. + * + * Some users of ARC4 may want to compute the context (S-Box and pointers) from + * the key before any data is available. This may be done by running this + * function with a @a length of zero, with the #FSL_SYM_CTX_INIT & + * #FSL_SYM_CTX_SAVE flags on in the @a sym_ctx. Subsequent operations would + * then run as normal with the load & save flags. Note that they key object is + * still required. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param key_info The key and algorithm being used in this operation. + * @param[in,out] sym_ctx Info on cipher mode, state of the cipher. + * @param length Length, in octets, of the ct (and pt). + * @param ct pointer to ciphertext to be decrypted. + * @param[out] pt pointer to where to store the resulting plaintext. + * + * @return A return code of type #fsl_shw_return_t + * + */ +extern fsl_shw_return_t fsl_shw_symmetric_decrypt( + fsl_shw_uco_t* user_ctx, + fsl_shw_sko_t* key_info, + fsl_shw_scco_t* sym_ctx, + uint32_t length, + const uint8_t* ct, + uint8_t* pt); + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSL-SHW-PINTFC-COA-HCO */ +/* REQ-FSLSHW-PINTFC-API-BASIC-HASH-005 */ +/** + * Hash a stream of data with a cryptographic hash algorithm. + * + * The flags in the @a hash_ctx control the operation of this function. + * + * Hashing functions work on 64 octets of message at a time. Therefore, when + * any partial hashing of a long message is performed, the message @a length of + * each segment must be a multiple of 64. When ready to + * #FSL_HASH_FLAGS_FINALIZE the hash, the @a length may be any value. + * + * With the #FSL_HASH_FLAGS_INIT and #FSL_HASH_FLAGS_FINALIZE flags on, a + * one-shot complete hash, including padding, will be performed. The @a length + * may be any value. + * + * The first octets of a data stream can be hashed by setting the + * #FSL_HASH_FLAGS_INIT and #FSL_HASH_FLAGS_SAVE flags. The @a length must be + * a multiple of 64. + * + * The flag #FSL_HASH_FLAGS_LOAD is used to load a context previously saved by + * #FSL_HASH_FLAGS_SAVE. The two in combination will allow a (multiple-of-64 + * octets) 'middle sequence' of the data stream to be hashed with the + * beginning. The @a length must again be a multiple of 64. + * + * Since the flag #FSL_HASH_FLAGS_LOAD is used to load a context previously + * saved by #FSL_HASH_FLAGS_SAVE, the #FSL_HASH_FLAGS_LOAD and + * #FSL_HASH_FLAGS_FINALIZE flags, used together, can be used to finish the + * stream. The @a length may be any value. + * + * If the user program wants to do the padding for the hash, it can leave off + * the #FSL_HASH_FLAGS_FINALIZE flag. The @a length must then be a multiple of + * 64 octets. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param[in,out] hash_ctx Hashing algorithm and state of the cipher. + * @param msg Pointer to the data to be hashed. + * @param length Length, in octets, of the @a msg. + * @param[out] result If not null, pointer to where to store the hash + * digest. + * @param result_len Number of octets to store in @a result. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_hash( + fsl_shw_uco_t* user_ctx, + fsl_shw_hco_t* hash_ctx, + const uint8_t* msg, + uint32_t length, + uint8_t* result, + uint32_t result_len); + + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSL-SHW-PINTFC-API-BASIC-HMAC-001 */ +/** + * Precompute the Key hashes for an HMAC operation. + * + * This function may be used to calculate the inner and outer precomputes, + * which are the hash contexts resulting from hashing the XORed key for the + * 'inner hash' and the 'outer hash', respectively, of the HMAC function. + * + * After execution of this function, the @a hmac_ctx will contain the + * precomputed inner and outer contexts, so that they may be used by + * #fsl_shw_hmac(). The flags of @a hmac_ctx will be updated with + * #FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT to mark their presence. In addtion, the + * #FSL_HMAC_FLAGS_INIT flag will be set. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param key_info The key being used in this operation. Key must be + * 1 to 64 octets long. + * @param[in,out] hmac_ctx The context which controls, by its flags and + * algorithm, the operation of this function. + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_hmac_precompute( + fsl_shw_uco_t* user_ctx, + fsl_shw_sko_t* key_info, + fsl_shw_hmco_t* hmac_ctx); + + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSLSHW-PINTFC-API-BASIC-HMAC-002 */ +/** + * Continue, finalize, or one-shot an HMAC operation. + * + * There are a number of ways to use this function. The flags in the + * @a hmac_ctx object will determine what operations occur. + * + * If #FSL_HMAC_FLAGS_INIT is set, then the hash will be started either from + * the @a key_info, or from the precomputed inner hash value in the + * @a hmac_ctx, depending on the value of #FSL_HMAC_FLAGS_PRECOMPUTES_PRESENT. + * + * If, instead, #FSL_HMAC_FLAGS_LOAD is set, then the hash will be continued + * from the ongoing inner hash computation in the @a hmac_ctx. + * + * If #FSL_HMAC_FLAGS_FINALIZE are set, then the @a msg will be padded, hashed, + * the outer hash will be performed, and the @a result will be generated. + * + * If the #FSL_HMAC_FLAGS_SAVE flag is set, then the (ongoing or final) digest + * value will be stored in the ongoing inner hash computation field of the @a + * hmac_ctx. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param key_info If #FSL_HMAC_FLAGS_INIT is set in the @a hmac_ctx, + * this is the key being used in this operation, and the + * IPAD. If #FSL_HMAC_FLAGS_INIT is set in the @a + * hmac_ctx and @a key_info is NULL, then + * #fsl_shw_hmac_precompute() has been used to populate + * the @a inner_precompute and @a outer_precompute + * contexts. If #FSL_HMAC_FLAGS_INIT is not set, this + * parameter is ignored. + + * @param[in,out] hmac_ctx The context which controls, by its flags and + * algorithm, the operation of this function. + * @param msg Pointer to the message to be hashed. + * @param length Length, in octets, of the @a msg. + * @param[out] result Pointer, of @a result_len octets, to where to + * store the HMAC. + * @param result_len Length of @a result buffer. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_hmac( + fsl_shw_uco_t* user_ctx, + fsl_shw_sko_t* key_info, + fsl_shw_hmco_t* hmac_ctx, + const uint8_t* msg, + uint32_t length, + uint8_t* result, + uint32_t result_len); + + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSLSHW-PINTFC-API-BASIC-RNG-002 */ +/** + * Get random data. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param length The number of octets of @a data being requested. + * @param[out] data A pointer to a location of @a length octets to where + * random data will be returned. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_get_random( + fsl_shw_uco_t* user_ctx, + uint32_t length, + uint8_t* data); + + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSLSHW-PINTFC-API-BASIC-RNG-003 */ +/** + * Add entropy to random number generator. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param length Number of bytes at @a data. + * @param data Entropy to add to random number generator. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_add_entropy( + fsl_shw_uco_t* user_ctx, + uint32_t length, + uint8_t* data); + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSL-SHW-PINTFC-COA-SKO */ +/** + * Perform Generation-Encryption by doing a Cipher and a Hash. + * + * Generate the authentication value @a auth_value as well as encrypt the @a + * payload into @a ct (the ciphertext). This is a one-shot function, so all of + * the @a auth_data and the total message @a payload must passed in one call. + * This also means that the flags in the @a auth_ctx must be #FSL_ACCO_CTX_INIT + * and #FSL_ACCO_CTX_FINALIZE. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param auth_ctx Controlling object for Authenticate-decrypt. + * @param cipher_key_info The key being used for the cipher part of this + * operation. In CCM mode, this key is used for + * both parts. + * @param auth_key_info The key being used for the authentication part + * of this operation. In CCM mode, this key is + * ignored and may be NULL. + * @param auth_data_length Length, in octets, of @a auth_data. + * @param auth_data Data to be authenticated but not encrypted. + * @param payload_length Length, in octets, of @a payload. + * @param payload Pointer to the plaintext to be encrypted. + * @param[out] ct Pointer to the where the encrypted @a payload + * will be stored. Must be @a payload_length + * octets long. + * @param[out] auth_value Pointer to where the generated authentication + * field will be stored. Must be as many octets as + * indicated by MAC length in the @a function_ctx. + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_gen_encrypt( + fsl_shw_uco_t* user_ctx, + fsl_shw_acco_t* auth_ctx, + fsl_shw_sko_t* cipher_key_info, + fsl_shw_sko_t* auth_key_info, + uint32_t auth_data_length, + const uint8_t* auth_data, + uint32_t payload_length, + const uint8_t* payload, + uint8_t* ct, + uint8_t* auth_value); + +/* REQ-FSL-SHW-PINTFC-COA-UCO */ +/* REQ-FSL-SHW-PINTFC-COA-SKO */ +/** + * Perform Authentication-Decryption in Cipher + Hash. + * + * This function will perform a one-shot decryption of a data stream as well as + * authenticate the authentication value. This is a one-shot function, so all + * of the @a auth_data and the total message @a payload must passed in one + * call. This also means that the flags in the @a auth_ctx must be + * #FSL_ACCO_CTX_INIT and #FSL_ACCO_CTX_FINALIZE. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param auth_ctx Controlling object for Authenticate-decrypt. + * @param cipher_key_info The key being used for the cipher part of this + * operation. In CCM mode, this key is used for + * both parts. + * @param auth_key_info The key being used for the authentication part + * of this operation. In CCM mode, this key is + * ignored and may be NULL. + * @param auth_data_length Length, in octets, of @a auth_data. + * @param auth_data Data to be authenticated but not decrypted. + * @param payload_length Length, in octets, of @a ct and @a pt. + * @param ct Pointer to the encrypted input stream. + * @param auth_value The (encrypted) authentication value which will + * be authenticated. This is the same data as the + * (output) @a auth_value argument to + * #fsl_shw_gen_encrypt(). + * @param[out] payload Pointer to where the plaintext resulting from + * the decryption will be stored. + * + * @return A return code of type #fsl_shw_return_t. + */ +extern fsl_shw_return_t fsl_shw_auth_decrypt( + fsl_shw_uco_t* user_ctx, + fsl_shw_acco_t* auth_ctx, + fsl_shw_sko_t* cipher_key_info, + fsl_shw_sko_t* auth_key_info, + uint32_t auth_data_length, + const uint8_t* auth_data, + uint32_t payload_length, + const uint8_t* ct, + const uint8_t* auth_value, + uint8_t* payload); + +/*! + * Cause the hardware to create a new random key for secure memory use. + * + * Have the hardware use the secure hardware random number generator to load a + * new secret key into the hardware random key register. It will not be made + * active without a call to #fsl_shw_select_pf_key(). + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * + * @return A return code of type #fsl_shw_return_t. + */ +#ifdef __KERNEL__ + +extern fsl_shw_return_t fsl_shw_gen_random_pf_key(fsl_shw_uco_t * user_ctx); + +#else + +#define fsl_shw_gen_random_pf_key(user_ctx) FSL_RETURN_NO_RESOURCE_S + +#endif /* __KERNEL__ */ + +/*! + * Retrieve the detected tamper event. + * + * Note that if more than one event was detected, this routine will only ever + * return one of them. + * + * @param[in] user_ctx A user context from #fsl_shw_register_user(). + * @param[out] tamperp Location to store the tamper information. + * @param[out] timestampp Locate to store timestamp from hardwhare when + * an event was detected. + * + * + * @return A return code of type #fsl_shw_return_t (for instance, if the platform + * is not in a fail state. + */ +#ifdef __KERNEL__ + +extern fsl_shw_return_t fsl_shw_read_tamper_event(fsl_shw_uco_t * user_ctx, + fsl_shw_tamper_t * tamperp, + uint64_t * timestampp); +#else + +#define fsl_shw_read_tamper_event(user_ctx,tamperp,timestampp) \ + FSL_RETURN_NO_RESOURCE_S + +#endif /* __KERNEL__ */ + +/***************************************************************************** + * + * Functions internal to SHW driver. + * +*****************************************************************************/ + +fsl_shw_return_t +do_scc_encrypt_region(fsl_shw_uco_t* user_ctx, + void* partition_base, uint32_t offset_bytes, + uint32_t byte_count, uint8_t* black_data, + uint32_t* IV, fsl_shw_cypher_mode_t cypher_mode); + +fsl_shw_return_t +do_scc_decrypt_region(fsl_shw_uco_t* user_ctx, + void* partition_base, uint32_t offset_bytes, + uint32_t byte_count, const uint8_t* black_data, + uint32_t* IV, fsl_shw_cypher_mode_t cypher_mode); + + +/***************************************************************************** + * + * Functions available to other SHW-family drivers. + * +*****************************************************************************/ + +#ifdef __KERNEL__ +/** + * Add an entry to a work/result queue. + * + * @param pool Pointer to list structure + * @param entry Entry to place at tail of list + * + * @return void + */ +inline static void SHW_ADD_QUEUE_ENTRY(shw_queue_t* pool, + shw_queue_entry_t* entry) +{ + os_lock_context_t lock_context; + + entry->next = NULL; + os_lock_save_context(shw_queue_lock, lock_context); + + if (pool->tail != NULL) { + pool->tail->next = entry; + } else { + /* Queue was empty, so this is also the head. */ + pool->head = entry; + } + pool->tail = entry; + + os_unlock_restore_context(shw_queue_lock, lock_context); + + return; + + +} + + +/** + * Get first entry on the queue and remove it from the queue. + * + * @return Pointer to first entry, or NULL if none. + */ +inline static shw_queue_entry_t* SHW_POP_FIRST_ENTRY(shw_queue_t* queue) +{ + shw_queue_entry_t* entry; + os_lock_context_t lock_context; + + os_lock_save_context(shw_queue_lock, lock_context); + + entry = queue->head; + + if (entry != NULL) { + queue->head = entry->next; + entry->next = NULL; + /* If this was only entry, clear the tail. */ + if (queue->tail == entry) { + queue->tail = NULL; + } + } + + os_unlock_restore_context(shw_queue_lock, lock_context); + + return entry; +} + + + +/** + * Remove an entry from the list. + * + * If the entry not on the queue, no error will be returned. + * + * @param pool Pointer to work queue + * @param entry Entry to remove from queue + * + * @return void + * + */ +inline static void SHW_QUEUE_REMOVE_ENTRY(shw_queue_t* pool, + shw_queue_entry_t* entry) +{ + os_lock_context_t lock_context; + + os_lock_save_context(shw_queue_lock, lock_context); + + /* Check for quick case.*/ + if (pool->head == entry) { + pool->head = entry->next; + entry->next = NULL; + if (pool->tail == entry) { + pool->tail = NULL; + } + } else { + register shw_queue_entry_t* prev = pool->head; + + /* We know it is not the head, so start looking at entry after head. */ + while (prev->next) { + if (prev->next != entry) { + prev = prev->next; /* Try another */ + continue; + } else { + /* Unlink from chain. */ + prev->next = entry->next; + entry->next = NULL; + /* If last in chain, update tail. */ + if (pool->tail == entry) { + pool->tail = prev; + } + break; + } + } /* while */ + } + + os_unlock_restore_context(shw_queue_lock, lock_context); + + return; +} +#endif /* __KERNEL__ */ + + +/***************************************************************************** + * + * Functions available to User-Mode API functions + * + ****************************************************************************/ +#ifndef __KERNEL__ + + + /** + * Sanity checks the user context object fields to ensure that they make some + * sense before passing the uco as a parameter. + * + * @brief Verify the user context object + * + * @param uco user context object + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t validate_uco(fsl_shw_uco_t *uco); + + +/** + * Initialize a request block to go to the driver. + * + * @param hdr Pointer to request block header + * @param user_ctx Pointer to user's context + * + * @return void + */ +inline static void init_req(struct shw_req_header* hdr, + fsl_shw_uco_t* user_ctx) +{ + hdr->flags = user_ctx->flags; + hdr->user_ref = user_ctx->user_ref; + hdr->code = FSL_RETURN_ERROR_S; + + return; +} + + +/** + * Send a request block off to the driver. + * + * If this is a non-blocking request, then req will be freed. + * + * @param type The type of request being sent + * @param req Pointer to the request block + * @param ctx Pointer to user's context + * + * @return code from driver if ioctl() succeeded, otherwise + * FSL_RETURN_INTERNAL_ERROR_S. + */ +inline static fsl_shw_return_t send_req(shw_user_request_t type, + struct shw_req_header* req, + fsl_shw_uco_t* ctx) +{ + fsl_shw_return_t ret = FSL_RETURN_INTERNAL_ERROR_S; + unsigned blocking = ctx->flags & FSL_UCO_BLOCKING_MODE; + int code; + + code = ioctl(ctx->openfd, SHW_IOCTL_REQUEST + type, req); + + if (code == 0) { + if (blocking) { + ret = req->code; + } else { + ret = FSL_RETURN_OK_S; + } + } else { +#ifdef FSL_DEBUG + fprintf(stderr, "SHW: send_req failed with (%d), %s\n", errno, + strerror(errno)); +#endif + } + + if (blocking) { + free(req); + } + + return ret; +} + + +#endif /* no __KERNEL__ */ + +#if defined(FSL_HAVE_DRYICE) +/* Some kernel functions */ +void fsl_shw_permute1_bytes(const uint8_t * key, uint8_t * permuted_key, + int key_count); +void fsl_shw_permute1_bytes_to_words(const uint8_t * key, + uint32_t * permuted_key, int key_count); + +#define PFKEY_TO_STR(key_in) \ +({ \ + di_key_t key = key_in; \ + \ + ((key == DI_KEY_FK) ? "IIM" : \ + ((key == DI_KEY_PK) ? "PRG" : \ + ((key == DI_KEY_RK) ? "RND" : \ + ((key == DI_KEY_FPK) ? "IIM_PRG" : \ + ((key == DI_KEY_FRK) ? "IIM_RND" : "unk"))))); \ +}) + +#ifdef DIAG_SECURITY_FUNC +extern const char *di_error_string(int code); +#endif + +#endif /* HAVE DRYICE */ + +#endif /* SHW_DRIVER_H */ diff --git a/drivers/mxc/security/rng/include/shw_hash.h b/drivers/mxc/security/rng/include/shw_hash.h new file mode 100644 index 000000000000..8026c7ecb3fd --- /dev/null +++ b/drivers/mxc/security/rng/include/shw_hash.h @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2009-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU Lesser General + * Public License. You may obtain a copy of the GNU Lesser General + * Public License Version 2.1 or later at the following locations: + * + * http://www.opensource.org/licenses/lgpl-license.html + * http://www.gnu.org/copyleft/lgpl.html + */ + +/*! + * @file shw_hash.h + * + * This file contains definitions for use of the (internal) SHW hash + * software computation. It defines the usual three steps: + * + * - #shw_hash_init() + * - #shw_hash_update() + * - #shw_hash_final() + * + * The only other item of note to callers is #SHW_HASH_LEN, which is the number + * of bytes calculated for the hash. + */ + +#ifndef SHW_HASH_H +#define SHW_HASH_H + +/*! Define which gives the number of bytes available in an hash result */ +#define SHW_HASH_LEN 32 + +/* Define which matches block length in bytes of the underlying hash */ +#define SHW_HASH_BLOCK_LEN 64 + +/* "Internal" define which matches SHA-256 state size (32-bit words) */ +#define SHW_HASH_STATE_WORDS 8 + +/* "Internal" define which matches word length in blocks of the underlying + hash. */ +#define SHW_HASH_BLOCK_WORD_SIZE 16 + +#define SHW_HASH_STATE_SIZE 32 + +/*! + * State for a SHA-1/SHA-2 Hash + * + * (Note to maintainers: state needs to be updated to uint64_t to handle + * SHA-384/SHA-512)... And bit_count to uint128_t (heh). + */ +typedef struct shw_hash_state { + unsigned int partial_count_bytes; /*!< Number of bytes of message sitting + * in @c partial_block */ + uint8_t partial_block[SHW_HASH_BLOCK_LEN]; /*!< Data waiting to be processed as a block */ + uint32_t state[SHW_HASH_STATE_WORDS]; /*!< Current hash state variables */ + uint64_t bit_count; /*!< Number of bits sent through the update function */ +} shw_hash_state_t; + +/*! + * Initialize the hash state structure + * + * @param state Address of hash state structure. + * @param algorithm Which hash algorithm to use (must be FSL_HASH_ALG_SHA256) + * + * @return FSL_RETURN_OK_S if all went well, otherwise an error code. + */ +fsl_shw_return_t shw_hash_init(shw_hash_state_t * state, + fsl_shw_hash_alg_t algorithm); + +/*! + * Put data into the hash calculation + * + * @param state Address of hash state structure. + * @param msg Address of the message data for the hash. + * @param msg_len Number of bytes of @c msg. + * + * @return FSL_RETURN_OK_S if all went well, otherwise an error code. + */ +fsl_shw_return_t shw_hash_update(shw_hash_state_t * state, + const uint8_t * msg, unsigned int msg_len); + +/*! + * Calculate the final hash value + * + * @param state Address of hash state structure. + * @param hash Address of location to store the hash. + * @param hash_len Number of bytes of @c hash to be stored. + * + * @return FSL_RETURN_OK_S if all went well, FSL_RETURN_BAD_DATA_LENGTH_S if + * hash_len is too long, otherwise an error code. + */ +fsl_shw_return_t shw_hash_final(shw_hash_state_t * state, + uint8_t * hash, unsigned int hash_len); + +#endif /* SHW_HASH_H */ diff --git a/drivers/mxc/security/rng/include/shw_hmac.h b/drivers/mxc/security/rng/include/shw_hmac.h new file mode 100644 index 000000000000..f73a78f5b02d --- /dev/null +++ b/drivers/mxc/security/rng/include/shw_hmac.h @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2009-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU Lesser General + * Public License. You may obtain a copy of the GNU Lesser General + * Public License Version 2.1 or later at the following locations: + * + * http://www.opensource.org/licenses/lgpl-license.html + * http://www.gnu.org/copyleft/lgpl.html + */ + +/*! + * @file shw_hmac.h + * + * This file contains definitions for use of the (internal) SHW HMAC + * software computation. It defines the usual three steps: + * + * - #shw_hmac_init() + * - #shw_hmac_update() + * - #shw_hmac_final() + * + * The only other item of note to callers is #SHW_HASH_LEN, which is the number + * of bytes calculated for the HMAC. + */ + +#ifndef SHW_HMAC_H +#define SHW_HMAC_H + +#include "shw_hash.h" + +/*! + * State for an HMAC + * + * Note to callers: This structure contains key material and should be kept in + * a secure location, such as internal RAM. + */ +typedef struct shw_hmac_state { + shw_hash_state_t inner_hash; /*!< Current state of inner hash */ + shw_hash_state_t outer_hash; /*!< Current state of outer hash */ +} shw_hmac_state_t; + +/*! + * Initialize the HMAC state structure with the HMAC key + * + * @param state Address of HMAC state structure. + * @param key Address of the key to be used for the HMAC. + * @param key_len Number of bytes of @c key. This must not be greater than + * the block size of the underlying hash (#SHW_HASH_BLOCK_LEN). + * + * @return FSL_RETURN_OK_S if all went well, otherwise an error code. + */ +fsl_shw_return_t shw_hmac_init(shw_hmac_state_t * state, + const uint8_t * key, unsigned int key_len); + +/*! + * Put data into the HMAC calculation + * + * @param state Address of HMAC state structure. + * @param msg Address of the message data for the HMAC. + * @param msg_len Number of bytes of @c msg. + * + * @return FSL_RETURN_OK_S if all went well, otherwise an error code. + */ +fsl_shw_return_t shw_hmac_update(shw_hmac_state_t * state, + const uint8_t * msg, unsigned int msg_len); + +/*! + * Calculate the final HMAC + * + * @param state Address of HMAC state structure. + * @param hmac Address of location to store the HMAC. + * @param hmac_len Number of bytes of @c mac to be stored. Probably best if + * this value is no greater than #SHW_HASH_LEN. + * + * @return FSL_RETURN_OK_S if all went well, otherwise an error code. + */ +fsl_shw_return_t shw_hmac_final(shw_hmac_state_t * state, + uint8_t * hmac, unsigned int hmac_len); + +#endif /* SHW_HMAC_H */ diff --git a/drivers/mxc/security/rng/include/shw_internals.h b/drivers/mxc/security/rng/include/shw_internals.h new file mode 100644 index 000000000000..1bf3b1a86374 --- /dev/null +++ b/drivers/mxc/security/rng/include/shw_internals.h @@ -0,0 +1,162 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + +#ifndef SHW_INTERNALS_H +#define SHW_INTERNALS_H + +/*! @file shw_internals.h + * + * This file contains definitions which are internal to the SHW driver. + * + * This header file should only ever be included by shw_driver.c + * + * Compile-time flags minimally needed: + * + * @li Some sort of platform flag. + * + */ + +#include "portable_os.h" +#include "shw_driver.h" + +/*! @defgroup shwcompileflags SHW Compile Flags + * + * These are flags which are used to configure the SHW driver at compilation + * time. + * + * The terms 'defined' and 'undefined' refer to whether a @c \#define (or -D on + * a compile command) has defined a given preprocessor symbol. If a given + * symbol is defined, then @c \#ifdef \<symbol\> will succeed. Some symbols + * described below default to not having a definition, i.e. they are undefined. + * + */ + +/*! @addtogroup shwcompileflags */ +/*! @{ */ +#ifndef SHW_MAJOR_NODE +/*! + * This should be configured in a Makefile/compile command line. It is the + * value the driver will use to register itself as a device driver for a + * /dev/node file. Zero means allow (Linux) to assign a value. Any positive + * number will be attempted as the registration value, to allow for + * coordination with the creation/existence of a /dev/fsl_shw (for instance) + * file in the filesystem. + */ +#define SHW_MAJOR_NODE 0 +#endif + +/* Temporarily define compile-time flags to make Doxygen happy and allow them + to get into the documentation. */ +#ifdef DOXYGEN_HACK + +/*! + * Turn on compilation of run-time operational, debug, and error messages. + * + * This flag is undefined by default. + */ +/* REQ-FSLSHW-DEBUG-001 */ +#define SHW_DEBUG +#undef SHW_DEBUG + +/*! @} */ +#endif /* end DOXYGEN_HACK */ + +#ifndef SHW_DRIVER_NAME +/*! @addtogroup shwcompileflags */ +/*! @{ */ +/*! Name the driver will use to register itself to the kernel as the driver for + * the #shw_major_node and interrupt handling. */ +#define SHW_DRIVER_NAME "fsl_shw" +/*! @} */ +#endif +/*#define SHW_DEBUG*/ + +/*! + * Add a user context onto the list of registered users. + * + * Place it at the head of the #user_list queue. + * + * @param ctx A pointer to a user context + * + * @return void + */ +inline static void SHW_ADD_USER(fsl_shw_uco_t * ctx) +{ + os_lock_context_t lock_context; + + os_lock_save_context(shw_queue_lock, lock_context); + ctx->next = user_list; + user_list = ctx; + os_unlock_restore_context(shw_queue_lock, lock_context); + +} + +/*! + * Remove a user context from the list of registered users. + * + * @param ctx A pointer to a user context + * + * @return void + * + */ +inline static void SHW_REMOVE_USER(fsl_shw_uco_t * ctx) +{ + fsl_shw_uco_t *prev_ctx = user_list; + os_lock_context_t lock_context; + + os_lock_save_context(shw_queue_lock, lock_context); + + if (prev_ctx == ctx) { + /* Found at head, so just set new head */ + user_list = ctx->next; + } else { + for (; (prev_ctx != NULL); prev_ctx = prev_ctx->next) { + if (prev_ctx->next == ctx) { + prev_ctx->next = ctx->next; + break; + } + } + } + os_unlock_restore_context(shw_queue_lock, lock_context); +} + +static void shw_user_callback(fsl_shw_uco_t * uco); + +/* internal functions */ +static os_error_code shw_setup_user_driver_interaction(void); +static void shw_cleanup(void); + +static os_error_code init_uco(fsl_shw_uco_t * user_ctx, void *user_mode_uco); +static os_error_code get_capabilities(fsl_shw_uco_t * user_ctx, + void *user_mode_pco_request); +static os_error_code get_results(fsl_shw_uco_t * user_ctx, + void *user_mode_result_req); +static os_error_code get_random(fsl_shw_uco_t * user_ctx, + void *user_mode_get_random_req); +static os_error_code add_entropy(fsl_shw_uco_t * user_ctx, + void *user_mode_add_entropy_req); + +void* wire_user_memory(void* address, uint32_t length, void** page_ctx); +void unwire_user_memory(void** page_ctx); +os_error_code map_user_memory(struct vm_area_struct* vma, + uint32_t physical_addr, uint32_t size); +os_error_code unmap_user_memory(uint32_t user_addr, uint32_t size); + +#if defined(LINUX_VERSION_CODE) + +MODULE_AUTHOR("Freescale Semiconductor"); +MODULE_DESCRIPTION("Device Driver for FSL SHW API"); + +#endif /* LINUX_VERSION_CODE */ + +#endif /* SHW_INTERNALS_H */ diff --git a/drivers/mxc/security/rng/rng_driver.c b/drivers/mxc/security/rng/rng_driver.c new file mode 100644 index 000000000000..51eda5ccbe61 --- /dev/null +++ b/drivers/mxc/security/rng/rng_driver.c @@ -0,0 +1,1150 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + +/*! @file rng_driver.c + * + * This is the driver code for the hardware Random Number Generator (RNG). + * + * It provides the following functions to callers: + * fsl_shw_return_t fsl_shw_get_random(fsl_shw_uco_t* user_ctx, + * uint32_t length, + * uint8_t* data); + * + * fsl_shw_return_t fsl_shw_add_entropy(fsl_shw_uco_t* user_ctx, + * uint32_t length, + * uint8_t* data); + * + * The life of the driver starts at boot (or module load) time, with a call by + * the kernel to #rng_init(). As part of initialization, a background task + * running #rng_entropy_task() will be created. + * + * The life of the driver ends when the kernel is shutting down (or the driver + * is being unloaded). At this time, #rng_shutdown() is called. No function + * will ever be called after that point. In the case that the driver is + * reloaded, a new copy of the driver, with fresh global values, etc., is + * loaded, and there will be a new call to #rng_init(). + * + * A call to fsl_shw_get_random() gets converted into a work entry which is + * queued and handed off to a background task for fulfilment. This provides + * for a single thread of control for reading the RNG's FIFO register, which + * might otherwise underflow if not carefully managed. + * + * A call to fsl_shw_add_entropy() will cause the additional entropy to + * be passed directly into the hardware. + * + * In a debug configuration, it provides the following kernel functions: + * rng_return_t rng_read_register(uint32_t byte_offset, uint32_t* valuep); + * rng_return_t rng_write_register(uint32_t byte_offset, uint32_t value); + * @ingroup RNG + */ + +#include "portable_os.h" +#include "fsl_shw.h" +#include "rng_internals.h" + +#ifdef FSL_HAVE_SCC2 +#include <linux/mxc_scc2_driver.h> +#else +#include <linux/mxc_scc_driver.h> +#endif + +#if defined(RNG_DEBUG) || defined(RNG_ENTROPY_DEBUG) || \ + defined(RNG_REGISTER_DEBUG) + +#include <diagnostic.h> + +#else + +#define LOG_KDIAG_ARGS(fmt, ...) +#define LOG_KDIAG(diag) + +#endif + +/* These are often handy */ +#ifndef FALSE +/*! Non-true value for arguments, return values. */ +#define FALSE 0 +#endif +#ifndef TRUE +/*! True value for arguments, return values. */ +#define TRUE 1 +#endif + +/****************************************************************************** + * + * Global / Static Variables + * + *****************************************************************************/ + +/*! + * This is type void* so that a) it cannot directly be dereferenced, and b) + * pointer arithmetic on it will function for the byte offsets in rng_rnga.h + * and rng_rngc.h + * + * rng_base is the location in the iomap where the RNG's registers + * (and memory) start. + * + * The referenced data is declared volatile so that the compiler will + * not make any assumptions about the value of registers in the RNG, + * and thus will always reload the register into CPU memory before + * using it (i.e. wherever it is referenced in the driver). + * + * This value should only be referenced by the #RNG_READ_REGISTER and + * #RNG_WRITE_REGISTER macros and their ilk. All dereferences must be + * 32 bits wide. + */ +static volatile void *rng_base; + +/*! + * Flag to say whether interrupt handler has been registered for RNG + * interrupt */ +static int rng_irq_set = FALSE; + +/*! + * Size of the RNG's OUTPUT_FIFO, in words. Retrieved with + * #RNG_GET_FIFO_SIZE() during driver initialization. + */ +static int rng_output_fifo_size; + +/*! Major number for device driver. */ +static int rng_major; + +/*! Registration handle for registering driver with OS. */ +os_driver_reg_t rng_reg_handle; + +/*! + * Internal flag to know whether RNG is in Failed state (and thus many + * registers are unavailable). If the value ever goes to #RNG_STATUS_FAILED, + * it will never change. + */ +static volatile rng_status_t rng_availability = RNG_STATUS_INITIAL; + +/*! + * Global lock for the RNG driver. Mainly used for entries on the RNG work + * queue. + */ +static os_lock_t rng_queue_lock = NULL; + +/*! + * Queue for the RNG task to process. + */ +static shw_queue_t rng_work_queue; + +/*! + * Flag to say whether task initialization succeeded. + */ +static unsigned task_started = FALSE; +/*! + * Waiting queue for RNG SELF TESTING + */ +static DECLARE_COMPLETION(rng_self_testing); +static DECLARE_COMPLETION(rng_seed_done); +/*! + * Object for blocking-mode callers of RNG driver to sleep. + */ +OS_WAIT_OBJECT(rng_wait_queue); + +/****************************************************************************** + * + * Function Implementations - Externally Accessible + * + *****************************************************************************/ + +/*****************************************************************************/ +/* fn rng_init() */ +/*****************************************************************************/ +/*! + * Initialize the driver. + * + * Set up the driver to have access to RNG device registers and verify that + * it appears to be a proper working device. + * + * Set up interrupt handling. Assure RNG is ready to go and (possibly) set it + * into High Assurance mode. Create a background task to run + * #rng_entropy_task(). Set up up a callback with the SCC driver should the + * security alarm go off. Tell the kernel that the driver is here. + * + * This routine is called during kernel init or module load (insmod). + * + * The function will fail in one of two ways: Returning OK to the caller so + * that kernel startup / driver initialization completes, or returning an + * error. In the success case, the function could set the rng_avaailability to + * RNG_STATUS_FAILED so that only minimal support (e.g. register peek / poke) + * is available in the driver. + * + * @return a call to os_dev_init_return() + */ +OS_DEV_INIT(rng_init) +{ + struct clk *clk; + os_error_code return_code = OS_ERROR_FAIL_S; + rng_availability = RNG_STATUS_CHECKING; + +#if !defined(FSL_HAVE_RNGA) + INIT_COMPLETION(rng_self_testing); + INIT_COMPLETION(rng_seed_done); +#endif + rng_work_queue.head = NULL; + rng_work_queue.tail = NULL; + + clk = clk_get(NULL, "rng_clk"); + + // Check that the clock was found + if (IS_ERR(clk)) { + LOG_KDIAG("RNG: Failed to find rng_clock."); + return_code = OS_ERROR_FAIL_S; + goto check_err; + } + + clk_enable(clk); + + os_printk(KERN_INFO "RNG Driver: Loading\n"); + + return_code = rng_map_RNG_memory(); + if (return_code != OS_ERROR_OK_S) { + rng_availability = RNG_STATUS_UNIMPLEMENTED; + LOG_KDIAG_ARGS("RNG: Driver failed to map RNG registers. %d", + return_code); + goto check_err; + } + LOG_KDIAG_ARGS("RNG Driver: rng_base is 0x%08x", (uint32_t) rng_base); + /*Check SCC keys are fused */ + if (RNG_HAS_ERROR()) { + if (RNG_HAS_BAD_KEY()) { +#ifdef RNG_DEBUG +#if !defined(FSL_HAVE_RNGA) + LOG_KDIAG("ERROR: BAD KEYS SELECTED"); + { + uint32_t rngc_status = + RNG_READ_REGISTER(RNGC_STATUS); + uint32_t rngc_error = + RNG_READ_REGISTER(RNGC_ERROR); + LOG_KDIAG_ARGS + ("status register: %08x, error status: %08x", + rngc_status, rngc_error); + } +#endif +#endif + rng_availability = RNG_STATUS_FAILED; + return_code = OS_ERROR_FAIL_S; + goto check_err; + } + } + + /* Check RNG configuration and status */ + return_code = rng_grab_config_values(); + if (return_code != OS_ERROR_OK_S) { + rng_availability = RNG_STATUS_UNIMPLEMENTED; + goto check_err; + } + + /* Masking All Interrupts */ + /* They are unmasked later in rng_setup_interrupt_handling() */ + RNG_MASK_ALL_INTERRUPTS(); + + RNG_WAKE(); + + /* Determine status of RNG */ + if (RNG_OSCILLATOR_FAILED()) { + LOG_KDIAG("RNG Driver: RNG Oscillator is dead"); + rng_availability = RNG_STATUS_FAILED; + goto check_err; + } + + /* Oscillator not dead. Setup interrupt code and start the RNG. */ + if ((return_code = rng_setup_interrupt_handling()) == OS_ERROR_OK_S) { +#if defined(FSL_HAVE_RNGA) + scc_return_t scc_code; +#endif + + RNG_GO(); + + /* Self Testing For RNG */ + do { + RNG_CLEAR_ERR(); + + /* wait for Clearing Erring finished */ + msleep(1); + + RNG_UNMASK_ALL_INTERRUPTS(); + RNG_SELF_TEST(); +#if !defined(FSL_HAVE_RNGA) + wait_for_completion(&rng_self_testing); +#endif + } while (RNG_CHECK_SELF_ERR()); + + RNG_CLEAR_ALL_STATUS(); + /* checking for RNG SEED done */ + do { + RNG_CLEAR_ERR(); + RNG_SEED_GEN(); +#if !defined(FSL_HAVE_RNGA) + wait_for_completion(&rng_seed_done); +#endif + } while (RNG_CHECK_SEED_ERR()); +#ifndef RNG_NO_FORCE_HIGH_ASSURANCE + RNG_SET_HIGH_ASSURANCE(); +#endif + if (RNG_GET_HIGH_ASSURANCE()) { + LOG_KDIAG("RNG Driver: RNG is in High Assurance mode"); + } else { +#ifndef RNG_NO_FORCE_HIGH_ASSURANCE + LOG_KDIAG + ("RNG Driver: RNG could not be put in High Assurance mode"); + rng_availability = RNG_STATUS_FAILED; + goto check_err; +#endif /* RNG_NO_FORCE_HIGH_ASSURANCE */ + } + + /* Check that RNG is OK */ + if (!RNG_WORKING()) { + LOG_KDIAG_ARGS + ("RNG determined to be inoperable. Status %08x", + RNG_GET_STATUS()); + /* Couldn't wake it up or other problem */ + rng_availability = RNG_STATUS_FAILED; + goto check_err; + } + + rng_queue_lock = os_lock_alloc_init(); + if (rng_queue_lock == NULL) { + LOG_KDIAG("RNG: lock initialization failed"); + rng_availability = RNG_STATUS_FAILED; + goto check_err; + } + + return_code = os_create_task(rng_entropy_task); + if (return_code != OS_ERROR_OK_S) { + LOG_KDIAG("RNG: task initialization failed"); + rng_availability = RNG_STATUS_FAILED; + goto check_err; + } else { + task_started = TRUE; + } +#ifdef FSL_HAVE_RNGA + scc_code = scc_monitor_security_failure(rng_sec_failure); + if (scc_code != SCC_RET_OK) { + LOG_KDIAG_ARGS("Failed to register SCC callback: %d", + scc_code); +#ifndef RNG_NO_FORCE_HIGH_ASSURANCE + return_code = OS_ERROR_FAIL_S; + goto check_err; +#endif + } +#endif /* FSL_HAVE_RNGA */ + return_code = os_driver_init_registration(rng_reg_handle); + if (return_code != OS_ERROR_OK_S) { + goto check_err; + } + /* add power suspend here */ + /* add power resume here */ + return_code = + os_driver_complete_registration(rng_reg_handle, + rng_major, RNG_DRIVER_NAME); + } + /* RNG is working */ + + check_err: + + /* If FIFO underflow or other error occurred during drain, this will fail, + * as system will have been put into fail mode by SCC. */ + if ((return_code == OS_ERROR_OK_S) + && (rng_availability == RNG_STATUS_CHECKING)) { + RNG_PUT_RNG_TO_SLEEP(); + rng_availability = RNG_STATUS_OK; /* RNG & driver are ready */ + } else if (return_code != OS_ERROR_OK_S) { + os_printk(KERN_ALERT "Driver initialization failed. %d", + return_code); + rng_cleanup(); + } + + os_dev_init_return(return_code); + +} /* rng_init */ + +/*****************************************************************************/ +/* fn rng_shutdown() */ +/*****************************************************************************/ +/*! + * Prepare driver for exit. + * + * This is called during @c rmmod when the driver is unloading. + * Try to undo whatever was done during #rng_init(), to make the machine be + * in the same state, if possible. + * + * Calls rng_cleanup() to do all work, and then unmap device's register space. + */ +OS_DEV_SHUTDOWN(rng_shutdown) +{ + LOG_KDIAG("shutdown called"); + + rng_cleanup(); + + os_driver_remove_registration(rng_reg_handle); + if (rng_base != NULL) { + /* release the virtual memory map to the RNG */ + os_unmap_device((void *)rng_base, RNG_ADDRESS_RANGE); + rng_base = NULL; + } + + os_dev_shutdown_return(OS_ERROR_OK_S); +} /* rng_shutdown */ + +/*****************************************************************************/ +/* fn rng_cleanup() */ +/*****************************************************************************/ +/*! + * Undo everything done by rng_init() and place driver in fail mode. + * + * Deregister from SCC, stop tasklet, shutdown the RNG. Leave the register + * map in place in case other drivers call rng_read/write_register() + * + * @return void + */ +static void rng_cleanup(void) +{ + struct clk *clk; + +#ifdef FSL_HAVE_RNGA + scc_stop_monitoring_security_failure(rng_sec_failure); +#endif + + clk = clk_get(NULL, "rng_clk"); + clk_disable(clk); + if (task_started) { + os_dev_stop_task(rng_entropy_task); + } + + if (rng_base != NULL) { + /* mask off RNG interrupts */ + RNG_MASK_ALL_INTERRUPTS(); + RNG_SLEEP(); + + if (rng_irq_set) { + /* unmap the interrupts from the IRQ lines */ + os_deregister_interrupt(INT_RNG); + rng_irq_set = FALSE; + } + LOG_KDIAG("Leaving rng driver status as failed"); + rng_availability = RNG_STATUS_FAILED; + } else { + LOG_KDIAG("Leaving rng driver status as unimplemented"); + rng_availability = RNG_STATUS_UNIMPLEMENTED; + } + LOG_KDIAG("Cleaned up"); +} /* rng_cleanup */ + +/*! + * Post-process routine for fsl_shw_get_random(). + * + * This function will copy the random data generated by the background task + * into the user's buffer and then free the local buffer. + * + * @param gen_entry The work request. + * + * @return 0 = meaning work completed, pass back result. + */ +static uint32_t finish_random(shw_queue_entry_t * gen_entry) +{ + rng_work_entry_t *work = (rng_work_entry_t *) gen_entry; + + if (work->hdr.flags & FSL_UCO_USERMODE_USER) { + os_copy_to_user(work->data_user, work->data_local, + work->length); + } else { + memcpy(work->data_user, work->data_local, work->length); + } + + os_free_memory(work->data_local); + work->data_local = NULL; + + return 0; /* means completed. */ +} + +/* REQ-FSLSHW-PINTFC-API-BASIC-RNG-002 */ +/*****************************************************************************/ +/* fn fsl_shw_get_random() */ +/*****************************************************************************/ +/*! + * Get random data. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param length The number of octets of @a data being requested. + * @param data A pointer to a location of @a length octets to where + * random data will be returned. + * + * @return FSL_RETURN_NO_RESOURCE_S A return code of type #fsl_shw_return_t. + * FSL_RETURN_OK_S + */ +fsl_shw_return_t fsl_shw_get_random(fsl_shw_uco_t * user_ctx, uint32_t length, + uint8_t * data) +{ + fsl_shw_return_t return_code = FSL_RETURN_NO_RESOURCE_S; + /* Boost up length to cover any 'missing' bytes at end of a word */ + uint32_t *buf = os_alloc_memory(length + 3, 0); + volatile rng_work_entry_t *work = os_alloc_memory(sizeof(*work), 0); + + if ((rng_availability != RNG_STATUS_OK) || (buf == NULL) + || (work == NULL)) { + if (rng_availability != RNG_STATUS_OK) { + LOG_KDIAG_ARGS("rng not available: %d\n", + rng_availability); + } else { + LOG_KDIAG_ARGS + ("Resource allocation failure: %d or %d bytes", + length, sizeof(*work)); + } + /* Cannot perform function. Clean up and clear out. */ + if (buf != NULL) { + os_free_memory(buf); + } + if (work != NULL) { + os_free_memory((void *)work); + } + } else { + unsigned blocking = user_ctx->flags & FSL_UCO_BLOCKING_MODE; + + work->hdr.user_ctx = user_ctx; + work->hdr.flags = user_ctx->flags; + work->hdr.callback = user_ctx->callback; + work->hdr.user_ref = user_ctx->user_ref; + work->hdr.postprocess = finish_random; + work->length = length; + work->data_local = buf; + work->data_user = data; + + RNG_ADD_WORK_ENTRY((rng_work_entry_t *) work); + + if (blocking) { + os_sleep(rng_wait_queue, work->completed != FALSE, + FALSE); + finish_random((shw_queue_entry_t *) work); + return_code = work->hdr.code; + os_free_memory((void *)work); + } else { + return_code = FSL_RETURN_OK_S; + } + } + + return return_code; +} /* fsl_shw_get_entropy */ + +/*****************************************************************************/ +/* fn fsl_shw_add_entropy() */ +/*****************************************************************************/ +/*! + * Add entropy to random number generator. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * @param length Number of bytes at @a data. + * @param data Entropy to add to random number generator. + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_add_entropy(fsl_shw_uco_t * user_ctx, uint32_t length, + uint8_t * data) +{ + fsl_shw_return_t return_code = FSL_RETURN_NO_RESOURCE_S; +#if defined(FSL_HAVE_RNGC) + /* No Entropy Register in RNGC */ + return_code = FSL_RETURN_OK_S; +#else + uint32_t *local_data = NULL; + if (rng_availability == RNG_STATUS_OK) { + /* make 32-bit aligned place to hold data */ + local_data = os_alloc_memory(length + 3, 0); + if (local_data == NULL) { + return_code = FSL_RETURN_NO_RESOURCE_S; + } else { + memcpy(local_data, data, length); + + /* Copy one word at a time to hardware */ + while (TRUE) { + register uint32_t *ptr = local_data; + + RNG_ADD_ENTROPY(*ptr++); + if (length <= 4) { + break; + } + length -= 4; + } + return_code = FSL_RETURN_OK_S; + os_free_memory(local_data); + } /* else local_data not NULL */ + + } +#endif + /* rng_availability is OK */ + return return_code; +} /* fsl_shw_add_entropy */ + +#ifdef RNG_REGISTER_PEEK_POKE +/*****************************************************************************/ +/* fn rng_read_register() */ +/*****************************************************************************/ +/* + * Debug routines to allow reading of RNG registers. + * + * This routine is only for accesses by other than this driver. + * + * @param register_offset The byte offset of the register to be read. + * @param value Pointer to store the value of the register. + * + * @return RNG_RET_OK or an error return. + */ +rng_return_t rng_read_register(uint32_t register_offset, uint32_t * value) +{ + rng_return_t return_code = RNG_RET_FAIL; + + if ((rng_availability == RNG_STATUS_OK) + || (rng_availability == RNG_STATUS_FAILED)) { + if ((rng_check_register_offset(register_offset) + && rng_check_register_accessible(register_offset, + RNG_CHECK_READ))) { + /* The guards let the check through */ + *value = RNG_READ_REGISTER(register_offset); + return_code = RNG_RET_OK; + } + } + + return return_code; +} /* rng_read_register */ + +/*****************************************************************************/ +/* fn rng_write_register() */ +/*****************************************************************************/ +/* + * Debug routines to allow writing of RNG registers. + * + * This routine is only for accesses by other than this driver. + * + * @param register_offset The byte offset of the register to be written. + * @param value Value to store in the register. + * + * @return RNG_RET_OK or an error return. + */ +rng_return_t rng_write_register(uint32_t register_offset, uint32_t value) +{ + rng_return_t return_code = RNG_RET_FAIL; + + if ((rng_availability == RNG_STATUS_OK) + || (rng_availability == RNG_STATUS_FAILED)) { + if ((rng_check_register_offset(register_offset) + && rng_check_register_accessible(register_offset, + RNG_CHECK_WRITE))) { + RNG_WRITE_REGISTER(register_offset, value); + return_code = RNG_RET_OK; + } + } + + return return_code; +} /* rng_write_register */ +#endif /* RNG_REGISTER_PEEK_POKE */ + +/****************************************************************************** + * + * Function Implementations - Internal + * + *****************************************************************************/ + +#ifdef RNG_REGISTER_PEEK_POKE +/*****************************************************************************/ +/* fn check_register_offset() */ +/*****************************************************************************/ +/*! + * Verify that the @c offset is appropriate for the RNG's register set. + * + * @param[in] offset The (byte) offset within the RNG block + * of the register to be accessed. See + * RNG(A, C) register definitions for meanings. + * + * This routine is only for checking accesses by other than this driver. + * + * @return 0 if register offset out of bounds, 1 if ok to use + */ +inline int rng_check_register_offset(uint32_t offset) +{ + int return_code = FALSE; /* invalid */ + + /* Make sure offset isn't too high and also that it is aligned to + * aa 32-bit offset (multiple of four). + */ + if ((offset < RNG_ADDRESS_RANGE) && (offset % sizeof(uint32_t) == 0)) { + return_code = TRUE; /* OK */ + } else { + pr_debug("RNG: Denied access to offset %8x\n", offset); + } + + return return_code; + +} /* rng_check_register */ + +/*****************************************************************************/ +/* fn check_register_accessible() */ +/*****************************************************************************/ +/*! + * Make sure that register access is legal. + * + * Verify that, if in secure mode, only safe registers are used. + * For any register access, make sure that read-only registers are not written + * and that write-only registers are not read. This check also disallows any + * access to the RNG's Output FIFO, to prevent other drivers from draining the + * FIFO and causing an underflow condition. + * + * This routine is only for checking accesses by other than this driver. + * + * @param offset The (byte) offset within the RNG block + * of the register to be accessed. See + * @ref rngregs for meanings. + * @param access_write 0 for read, anything else for write + * + * @return 0 if invalid, 1 if OK. + */ +static int rng_check_register_accessible(uint32_t offset, int access_write) +{ + int return_code = FALSE; /* invalid */ + uint32_t secure = RNG_GET_HIGH_ASSURANCE(); + + /* First check for RNG in Secure Mode -- most registers inaccessible. + * Also disallowing access to RNG_OUTPUT_FIFO except by the driver. + */ + if (! +#ifdef FSL_HAVE_RNGA + (secure && + ((offset == RNGA_OUTPUT_FIFO) || + (offset == RNGA_MODE) || + (offset == RNGA_VERIFICATION_CONTROL) || + (offset == RNGA_OSCILLATOR_CONTROL_COUNTER) || + (offset == RNGA_OSCILLATOR1_COUNTER) || + (offset == RNGA_OSCILLATOR2_COUNTER) || + (offset == RNGA_OSCILLATOR_COUNTER_STATUS))) +#else /* RNGB or RNGC */ + (secure && + ((offset == RNGC_FIFO) || + (offset == RNGC_VERIFICATION_CONTROL) || + (offset == RNGC_OSC_COUNTER_CONTROL) || + (offset == RNGC_OSC_COUNTER) || + (offset == RNGC_OSC_COUNTER_STATUS))) +#endif + ) { + + /* Passed that test. Either not in high assurance, and/or are + checking register that is always available. Now check + R/W permissions. */ + if (access_write == RNG_CHECK_READ) { /* read request */ + /* Only the entropy register is write-only */ +#ifdef FSL_HAVE_RNGC + /* No registers are write-only */ + return_code = TRUE; +#else /* else RNGA or RNGB */ +#ifdef FSL_HAVE_RNGA + if (1) { +#else + if (!(offset == RNGB_ENTROPY)) { +#endif + return_code = TRUE; /* Let all others be read */ + } else { + pr_debug + ("RNG: Offset %04x denied read access\n", + offset); + } +#endif /* RNGA or RNGB */ + } /* read */ + else { /* access_write means write */ + /* Check against list of non-writable registers */ + if (! +#ifdef FSL_HAVE_RNGA + ((offset == RNGA_STATUS) || + (offset == RNGA_OUTPUT_FIFO) || + (offset == RNGA_OSCILLATOR1_COUNTER) || + (offset == RNGA_OSCILLATOR2_COUNTER) || + (offset == RNGA_OSCILLATOR_COUNTER_STATUS)) +#else /* FSL_HAVE_RNGB or FSL_HAVE_RNGC */ + ((offset == RNGC_STATUS) || + (offset == RNGC_FIFO) || + (offset == RNGC_OSC_COUNTER) || + (offset == RNGC_OSC_COUNTER_STATUS)) +#endif + ) { + return_code = TRUE; /* can be written */ + } else { + LOG_KDIAG_ARGS + ("Offset %04x denied write access", offset); + } + } /* write */ + } /* not high assurance and inaccessible register... */ + else { + LOG_KDIAG_ARGS("Offset %04x denied high-assurance access", + offset); + } + + return return_code; +} /* rng_check_register_accessible */ +#endif /* RNG_REGISTER_PEEK_POKE */ + +/*****************************************************************************/ +/* fn rng_irq() */ +/*****************************************************************************/ +/*! + * This is the interrupt handler for the RNG. It is only ever invoked if the + * RNG detects a FIFO Underflow error. + * + * If the error is a Security Violation, this routine will + * set the #rng_availability to #RNG_STATUS_FAILED, as the entropy pool may + * have been corrupted. The RNG will also be placed into low power mode. The + * SCC will have noticed the problem as well. + * + * The other possibility, if the RNG is not in High Assurance mode, would be + * simply a FIFO Underflow. No special action, other than to + * clear the interrupt, is taken. + */ +OS_DEV_ISR(rng_irq) +{ + int handled = FALSE; /* assume interrupt isn't from RNG */ + + LOG_KDIAG("rng irq!"); + + if (RNG_SEED_DONE()) { + complete(&rng_seed_done); + RNG_CLEAR_ALL_STATUS(); + handled = TRUE; + } + + if (RNG_SELF_TEST_DONE()) { + complete(&rng_self_testing); + RNG_CLEAR_ALL_STATUS(); + handled = TRUE; + } + /* Look to see whether RNG needs attention */ + if (RNG_HAS_ERROR()) { + if (RNG_GET_HIGH_ASSURANCE()) { + RNG_SLEEP(); + rng_availability = RNG_STATUS_FAILED; + RNG_MASK_ALL_INTERRUPTS(); + } + handled = TRUE; + /* Clear the interrupt */ + RNG_CLEAR_ALL_STATUS(); + + } + os_dev_isr_return(handled); +} /* rng_irq */ + +/*****************************************************************************/ +/* fn map_RNG_memory() */ +/*****************************************************************************/ +/*! + * Place the RNG's memory into kernel virtual space. + * + * @return OS_ERROR_OK_S on success, os_error_code on failure + */ +static os_error_code rng_map_RNG_memory(void) +{ + os_error_code error_code = OS_ERROR_FAIL_S; + + rng_base = os_map_device(RNG_BASE_ADDR, RNG_ADDRESS_RANGE); + if (rng_base == NULL) { + /* failure ! */ + LOG_KDIAG("RNG Driver: ioremap failed."); + } else { + error_code = OS_ERROR_OK_S; + } + + return error_code; +} /* rng_map_RNG_memory */ + +/*****************************************************************************/ +/* fn rng_setup_interrupt_handling() */ +/*****************************************************************************/ +/*! + * Register #rng_irq() as the interrupt handler for #INT_RNG. + * + * @return OS_ERROR_OK_S on success, os_error_code on failure + */ +static os_error_code rng_setup_interrupt_handling(void) +{ + os_error_code error_code; + + /* + * Install interrupt service routine for the RNG. Ignore the + * assigned IRQ number. + */ + error_code = os_register_interrupt(RNG_DRIVER_NAME, INT_RNG, + OS_DEV_ISR_REF(rng_irq)); + if (error_code != OS_ERROR_OK_S) { + LOG_KDIAG("RNG Driver: Error installing Interrupt Handler"); + } else { + rng_irq_set = TRUE; + RNG_UNMASK_ALL_INTERRUPTS(); + } + + return error_code; +} /* rng_setup_interrupt_handling */ + +/*****************************************************************************/ +/* fn rng_grab_config_values() */ +/*****************************************************************************/ +/*! + * Read configuration information from the RNG. + * + * Sets #rng_output_fifo_size. + * + * @return A error code indicating whether the part is the expected one. + */ +static os_error_code rng_grab_config_values(void) +{ + enum rng_type type; + os_error_code ret = OS_ERROR_FAIL_S; + + /* Go for type, versions... */ + type = RNG_GET_RNG_TYPE(); + + /* Make sure type is the one this code has been compiled for. */ + if (RNG_VERIFY_TYPE(type)) { + rng_output_fifo_size = RNG_GET_FIFO_SIZE(); + if (rng_output_fifo_size != 0) { + ret = OS_ERROR_OK_S; + } + } + if (ret != OS_ERROR_OK_S) { + LOG_KDIAG_ARGS + ("Unknown or unexpected RNG type %d (FIFO size %d)." + " Failing driver initialization", type, + rng_output_fifo_size); + } + + return ret; +} + + /* rng_grab_config_values */ + +/*****************************************************************************/ +/* fn rng_drain_fifo() */ +/*****************************************************************************/ +/*! + * This function copies words from the RNG FIFO into the caller's buffer. + * + * + * @param random_p Location to copy random data + * @param count_words Number of words to copy + * + * @return An error code. + */ +static fsl_shw_return_t rng_drain_fifo(uint32_t * random_p, int count_words) +{ + + int words_in_rng; /* Number of words available now in RNG */ + fsl_shw_return_t code = FSL_RETURN_ERROR_S; + int sequential_count = 0; /* times through big while w/empty FIFO */ + int fifo_empty_count = 0; /* number of times FIFO was empty */ + int max_sequential = 0; /* max times 0 seen in a row */ +#if !defined(FSL_HAVE_RNGA) + int count_for_reseed = 0; + INIT_COMPLETION(rng_seed_done); +#endif +#if !defined(FSL_HAVE_RNGA) + if (RNG_RESEED()) { + do { + LOG_KDIAG("Reseeding RNG"); + + RNG_CLEAR_ERR(); + RNG_SEED_GEN(); + wait_for_completion(&rng_seed_done); + if (count_for_reseed == 3) { + os_printk(KERN_ALERT + "Device was not able to enter RESEED Mode\n"); + code = FSL_RETURN_INTERNAL_ERROR_S; + } + count_for_reseed++; + } while (RNG_CHECK_SEED_ERR()); + } +#endif + /* Copy all of them in. Stop if pool fills. */ + while ((rng_availability == RNG_STATUS_OK) && (count_words > 0)) { + /* Ask RNG how many words currently in FIFO */ + words_in_rng = RNG_GET_WORDS_IN_FIFO(); + if (words_in_rng == 0) { + ++sequential_count; + fifo_empty_count++; + if (sequential_count > max_sequential) { + max_sequential = sequential_count; + } + if (sequential_count >= RNG_MAX_TRIES) { + LOG_KDIAG_ARGS("FIFO staying empty (%d)", + words_in_rng); + code = FSL_RETURN_NO_RESOURCE_S; + break; + } + } else { + /* Found at least one word */ + sequential_count = 0; + /* Now adjust: words_in_rng = MAX(count_words, words_in_rng) */ + words_in_rng = (count_words < words_in_rng) + ? count_words : words_in_rng; + } /* else found words */ + +#ifdef RNG_FORCE_FIFO_UNDERFLOW + /* + * For unit test, force occasional extraction of more words than + * available. This should cause FIFO Underflow, and IRQ invocation. + */ + words_in_rng = count_words; +#endif + + /* Copy out all available & neeeded data */ + while (words_in_rng-- > 0) { + *random_p++ = RNG_READ_FIFO(); + count_words--; + } + } /* while words still needed */ + + if (count_words == 0) { + code = FSL_RETURN_OK_S; + } + if (fifo_empty_count != 0) { + LOG_KDIAG_ARGS("FIFO empty %d times, max loop count %d", + fifo_empty_count, max_sequential); + } + + return code; +} /* rng_drain_fifo */ + +/*****************************************************************************/ +/* fn rng_entropy_task() */ +/*****************************************************************************/ +/*! + * This is the background task of the driver. It is scheduled by + * RNG_ADD_WORK_ENTRY(). + * + * This will process each entry on the #rng_work_queue. Blocking requests will + * cause sleepers to be awoken. Non-blocking requests will be placed on the + * results queue, and if appropriate, the callback function will be invoked. + */ +OS_DEV_TASK(rng_entropy_task) +{ + rng_work_entry_t *work; + + os_dev_task_begin(); + +#ifdef RNG_ENTROPY_DEBUG + LOG_KDIAG("entropy task starting"); +#endif + + while ((work = RNG_GET_WORK_ENTRY()) != NULL) { +#ifdef RNG_ENTROPY_DEBUG + LOG_KDIAG_ARGS("found %d bytes of work at %p (%p)", + work->length, work, work->data_local); +#endif + work->hdr.code = rng_drain_fifo(work->data_local, + BYTES_TO_WORDS(work->length)); + work->completed = TRUE; + + if (work->hdr.flags & FSL_UCO_BLOCKING_MODE) { +#ifdef RNG_ENTROPY_DEBUG + LOG_KDIAG("Waking queued processes"); +#endif + os_wake_sleepers(rng_wait_queue); + } else { + os_lock_context_t lock_context; + + os_lock_save_context(rng_queue_lock, lock_context); + RNG_ADD_QUEUE_ENTRY(&work->hdr.user_ctx->result_pool, + work); + os_unlock_restore_context(rng_queue_lock, lock_context); + + if (work->hdr.flags & FSL_UCO_CALLBACK_MODE) { + if (work->hdr.callback != NULL) { + work->hdr.callback(work->hdr.user_ctx); + } else { +#ifdef RNG_ENTROPY_DEBUG + LOG_KDIAG_ARGS + ("Callback ptr for %p is NULL", + work); +#endif + } + } + } + } /* while */ + +#ifdef RNG_ENTROPY_DEBUG + LOG_KDIAG("entropy task ending"); +#endif + + os_dev_task_return(OS_ERROR_OK_S); +} /* rng_entropy_task */ + +#ifdef FSL_HAVE_RNGA +/*****************************************************************************/ +/* fn rng_sec_failure() */ +/*****************************************************************************/ +/*! + * Function to handle "Security Alarm" indication from SCC. + * + * This function is registered with the Security Monitor ans the callback + * function for the RNG driver. Upon alarm, it will shut down the driver so + * that no more random data can be retrieved. + * + * @return void + */ +static void rng_sec_failure(void) +{ + os_printk(KERN_ALERT "RNG Driver: Security Failure Alarm received.\n"); + + rng_cleanup(); + + return; +} +#endif + +#ifdef RNG_REGISTER_DEBUG +/*****************************************************************************/ +/* fn dbg_rng_read_register() */ +/*****************************************************************************/ +/*! + * Noisily read a 32-bit value to an RNG register. + * @param offset The address of the register to read. + * + * @return The register value + * */ +static uint32_t dbg_rng_read_register(uint32_t offset) +{ + uint32_t value; + + value = os_read32(rng_base + offset); +#ifndef RNG_ENTROPY_DEBUG + if (offset != RNG_OUTPUT_FIFO) { +#endif + pr_debug("RNG RD: 0x%4x : 0x%08x\n", offset, value); +#ifndef RNG_ENTROPY_DEBUG + } +#endif + return value; +} + +/*****************************************************************************/ +/* fn dbg_rng_write_register() */ +/*****************************************************************************/ +/*! + * Noisily write a 32-bit value to an RNG register. + * @param offset The address of the register to written. + * + * @param value The new register value + */ +static void dbg_rng_write_register(uint32_t offset, uint32_t value) +{ + LOG_KDIAG_ARGS("WR: 0x%4x : 0x%08x", offset, value); + os_write32(value, rng_base + offset); + return; +} + +#endif /* RNG_REGISTER_DEBUG */ diff --git a/drivers/mxc/security/rng/shw_driver.c b/drivers/mxc/security/rng/shw_driver.c new file mode 100644 index 000000000000..a6e80a0d4eb0 --- /dev/null +++ b/drivers/mxc/security/rng/shw_driver.c @@ -0,0 +1,2335 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + +/*! @file shw_driver.c + * + * This is the user-mode driver code for the FSL Security Hardware (SHW) API. + * as well as the 'common' FSL SHW API code for kernel API users. + * + * Its interaction with the Linux kernel is from calls to shw_init() when the + * driver is loaded, and shw_shutdown() should the driver be unloaded. + * + * The User API (driver interface) is handled by the following functions: + * @li shw_open() - handles open() system call on FSL SHW device + * @li shw_release() - handles close() system call on FSL SHW device + * @li shw_ioctl() - handles ioctl() system call on FSL SHW device + * + * The driver also provides the following functions for kernel users of the FSL + * SHW API: + * @li fsl_shw_register_user() + * @li fsl_shw_deregister_user() + * @li fsl_shw_get_capabilities() + * @li fsl_shw_get_results() + * + * All other functions are internal to the driver. + * + * The life of the driver starts at boot (or module load) time, with a call by + * the kernel to shw_init(). + * + * The life of the driver ends when the kernel is shutting down (or the driver + * is being unloaded). At this time, shw_shutdown() is called. No function + * will ever be called after that point. + * + * In the case that the driver is reloaded, a new copy of the driver, with + * fresh global values, etc., is loaded, and there will be a new call to + * shw_init(). + * + * In user mode, the user's fsl_shw_register_user() call causes an open() event + * on the driver followed by a ioctl() with the registration information. Any + * subsequent API calls by the user are handled through the ioctl() function + * and shuffled off to the appropriate routine (or driver) for service. The + * fsl_shw_deregister_user() call by the user results in a close() function + * call on the driver. + * + * In kernel mode, the driver provides the functions fsl_shw_register_user(), + * fsl_shw_deregister_user(), fsl_shw_get_capabilities(), and + * fsl_shw_get_results(). Other parts of the API are provided by other + * drivers, if available, to support the cryptographic functions. + */ + +#include "portable_os.h" +#include "fsl_shw.h" +#include "fsl_shw_keystore.h" + +#include "shw_internals.h" + +#ifdef FSL_HAVE_SCC2 +#include <linux/mxc_scc2_driver.h> +#else +#include <linux/mxc_scc_driver.h> +#endif + +#ifdef SHW_DEBUG +#include <diagnostic.h> +#endif + +/****************************************************************************** + * + * Function Declarations + * + *****************************************************************************/ + +/* kernel interface functions */ +OS_DEV_INIT_DCL(shw_init); +OS_DEV_SHUTDOWN_DCL(shw_shutdown); +OS_DEV_IOCTL_DCL(shw_ioctl); +OS_DEV_MMAP_DCL(shw_mmap); + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_smalloc); +EXPORT_SYMBOL(fsl_shw_sfree); +EXPORT_SYMBOL(fsl_shw_sstatus); +EXPORT_SYMBOL(fsl_shw_diminish_perms); +EXPORT_SYMBOL(do_scc_encrypt_region); +EXPORT_SYMBOL(do_scc_decrypt_region); + +EXPORT_SYMBOL(do_system_keystore_slot_alloc); +EXPORT_SYMBOL(do_system_keystore_slot_dealloc); +EXPORT_SYMBOL(do_system_keystore_slot_load); +EXPORT_SYMBOL(do_system_keystore_slot_encrypt); +EXPORT_SYMBOL(do_system_keystore_slot_decrypt); +#endif + +static os_error_code +shw_handle_scc_sfree(fsl_shw_uco_t * user_ctx, uint32_t info); + +static os_error_code +shw_handle_scc_sstatus(fsl_shw_uco_t * user_ctx, uint32_t info); + +static os_error_code +shw_handle_scc_drop_perms(fsl_shw_uco_t * user_ctx, uint32_t info); + +static os_error_code +shw_handle_scc_encrypt(fsl_shw_uco_t * user_ctx, uint32_t info); + +static os_error_code +shw_handle_scc_decrypt(fsl_shw_uco_t * user_ctx, uint32_t info); + +#ifdef FSL_HAVE_SCC2 +static fsl_shw_return_t register_user_partition(fsl_shw_uco_t * user_ctx, + uint32_t user_base, + void *kernel_base); +static fsl_shw_return_t deregister_user_partition(fsl_shw_uco_t * user_ctx, + uint32_t user_base); +void *lookup_user_partition(fsl_shw_uco_t * user_ctx, uint32_t user_base); + +#endif /* FSL_HAVE_SCC2 */ + +/****************************************************************************** + * + * Global / Static Variables + * + *****************************************************************************/ + +/*! + * Major node (user/device interaction value) of this driver. + */ +static int shw_major_node = SHW_MAJOR_NODE; + +/*! + * Flag to know whether the driver has been associated with its user device + * node (e.g. /dev/shw). + */ +static int shw_device_registered = 0; + +/*! + * OS-dependent handle used for registering user interface of a driver. + */ +static os_driver_reg_t reg_handle; + +/*! + * Linked List of registered users of the API + */ +fsl_shw_uco_t *user_list; + +/*! + * This is the lock for all user request pools. H/W component drivers may also + * use it for their own work queues. + */ +os_lock_t shw_queue_lock = NULL; + +/* This is the system keystore object */ +fsl_shw_kso_t system_keystore; + +#ifndef FSL_HAVE_SAHARA +/*! Empty list of supported symmetric algorithms. */ +static fsl_shw_key_alg_t pf_syms[] = { +}; + +/*! Empty list of supported symmetric modes. */ +static fsl_shw_sym_mode_t pf_modes[] = { +}; + +/*! Empty list of supported hash algorithms. */ +static fsl_shw_hash_alg_t pf_hashes[] = { +}; +#endif /* no Sahara */ + +/*! This matches SHW capabilities... */ +static fsl_shw_pco_t cap = { + 1, 3, /* api version number - major & minor */ + 2, 3, /* driver version number - major & minor */ + sizeof(pf_syms) / sizeof(fsl_shw_key_alg_t), /* key alg count */ + pf_syms, /* key alg list ptr */ + sizeof(pf_modes) / sizeof(fsl_shw_sym_mode_t), /* sym mode count */ + pf_modes, /* modes list ptr */ + sizeof(pf_hashes) / sizeof(fsl_shw_hash_alg_t), /* hash alg count */ + pf_hashes, /* hash list ptr */ + /* + * The following table must be set to handle all values of key algorithm + * and sym mode, and be in the correct order.. + */ + { /* Stream, ECB, CBC, CTR */ + {0, 0, 0, 0} + , /* HMAC */ + {0, 0, 0, 0} + , /* AES */ + {0, 0, 0, 0} + , /* DES */ +#ifdef FSL_HAVE_DRYICE + {0, 1, 1, 0} + , /* 3DES - ECB and CBC */ +#else + {0, 0, 0, 0} + , /* 3DES */ +#endif + {0, 0, 0, 0} /* ARC4 */ + } + , + 0, 0, /* SCC driver version */ + 0, 0, 0, /* SCC version/capabilities */ + {{0, 0} + } + , /* (filled in during OS_INIT) */ +}; + +/* These are often handy */ +#ifndef FALSE +/*! Not true. Guaranteed to be zero. */ +#define FALSE 0 +#endif +#ifndef TRUE +/*! True. Guaranteed to be non-zero. */ +#define TRUE 1 +#endif + +/****************************************************************************** + * + * Function Implementations - Externally Accessible + * + *****************************************************************************/ + +/*****************************************************************************/ +/* fn shw_init() */ +/*****************************************************************************/ +/*! + * Initialize the driver. + * + * This routine is called during kernel init or module load (insmod). + * + * @return OS_ERROR_OK_S on success, errno on failure + */ +OS_DEV_INIT(shw_init) +{ + os_error_code error_code = OS_ERROR_NO_MEMORY_S; /* assume failure */ + scc_config_t *shw_capabilities; + +#ifdef SHW_DEBUG + LOG_KDIAG("SHW Driver: Loading"); +#endif + + user_list = NULL; + shw_queue_lock = os_lock_alloc_init(); + + if (shw_queue_lock != NULL) { + error_code = shw_setup_user_driver_interaction(); + if (error_code != OS_ERROR_OK_S) { +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS + ("SHW Driver: Failed to setup user i/f: %d", + error_code); +#endif + } + } + + /* queue_lock not NULL */ + /* Fill in the SCC portion of the capabilities object */ + shw_capabilities = scc_get_configuration(); + cap.scc_driver_major = shw_capabilities->driver_major_version; + cap.scc_driver_minor = shw_capabilities->driver_minor_version; + cap.scm_version = shw_capabilities->scm_version; + cap.smn_version = shw_capabilities->smn_version; + cap.block_size_bytes = shw_capabilities->block_size_bytes; + +#ifdef FSL_HAVE_SCC + cap.u.scc_info.black_ram_size_blocks = + shw_capabilities->black_ram_size_blocks; + cap.u.scc_info.red_ram_size_blocks = + shw_capabilities->red_ram_size_blocks; +#elif defined(FSL_HAVE_SCC2) + cap.u.scc2_info.partition_size_bytes = + shw_capabilities->partition_size_bytes; + cap.u.scc2_info.partition_count = shw_capabilities->partition_count; +#endif + +#if defined(FSL_HAVE_SCC2) || defined(FSL_HAVE_DRYICE) + if (error_code == OS_ERROR_OK_S) { + /* set up the system keystore, using the default keystore handler */ + fsl_shw_init_keystore_default(&system_keystore); + + if (fsl_shw_establish_keystore(NULL, &system_keystore) + == FSL_RETURN_OK_S) { + error_code = OS_ERROR_OK_S; + } else { + error_code = OS_ERROR_FAIL_S; + } + + if (error_code != OS_ERROR_OK_S) { +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS + ("Registering the system keystore failed with error" + " code: %d\n", error_code); +#endif + } + } +#endif /* FSL_HAVE_SCC2 */ + + if (error_code != OS_ERROR_OK_S) { +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHW: Driver initialization failed. %d", + error_code); +#endif + shw_cleanup(); + } else { +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: Driver initialization complete."); +#endif + } + + os_dev_init_return(error_code); +} /* shw_init */ + +/*****************************************************************************/ +/* fn shw_shutdown() */ +/*****************************************************************************/ +/*! + * Prepare driver for exit. + * + * This is called during @c rmmod when the driver is unloading or when the + * kernel is shutting down. + * + * Calls shw_cleanup() to do all work to undo anything that happened during + * initialization or while driver was running. + */ +OS_DEV_SHUTDOWN(shw_shutdown) +{ + +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: shutdown called"); +#endif + shw_cleanup(); + + os_dev_shutdown_return(OS_ERROR_OK_S); +} /* shw_shutdown */ + +/*****************************************************************************/ +/* fn shw_cleanup() */ +/*****************************************************************************/ +/*! + * Prepare driver for shutdown. + * + * Remove the driver registration. + * + */ +static void shw_cleanup(void) +{ + if (shw_device_registered) { + + /* Turn off the all association with OS */ + os_driver_remove_registration(reg_handle); + shw_device_registered = 0; + } + + if (shw_queue_lock != NULL) { + os_lock_deallocate(shw_queue_lock); + } +#ifdef SHW_DEBUG + LOG_KDIAG("SHW Driver: Cleaned up"); +#endif +} /* shw_cleanup */ + +/*****************************************************************************/ +/* fn shw_open() */ +/*****************************************************************************/ +/*! + * Handle @c open() call from user. + * + * @return OS_ERROR_OK_S on success (always!) + */ +OS_DEV_OPEN(shw_open) +{ + os_error_code status = OS_ERROR_OK_S; + + os_dev_set_user_private(NULL); /* Make sure */ + + os_dev_open_return(status); +} /* shw_open */ + +/*****************************************************************************/ +/* fn shw_ioctl() */ +/*****************************************************************************/ +/*! + * Process an ioctl() request from user-mode API. + * + * This code determines which of the API requests the user has made and then + * sends the request off to the appropriate function. + * + * @return ioctl_return() + */ +OS_DEV_IOCTL(shw_ioctl) +{ + os_error_code code = OS_ERROR_FAIL_S; + + fsl_shw_uco_t *user_ctx = os_dev_get_user_private(); + +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHW: IOCTL %d received", os_dev_get_ioctl_op()); +#endif + switch (os_dev_get_ioctl_op()) { + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_REGISTER_USER: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: register_user ioctl received"); +#endif + { + fsl_shw_uco_t *user_ctx = + os_alloc_memory(sizeof(*user_ctx), 0); + + if (user_ctx == NULL) { + code = OS_ERROR_NO_MEMORY_S; + } else { + code = + init_uco(user_ctx, + (fsl_shw_uco_t *) + os_dev_get_ioctl_arg()); + if (code == OS_ERROR_OK_S) { + os_dev_set_user_private(user_ctx); + } else { + os_free_memory(user_ctx); + } + } + } + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_DEREGISTER_USER: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: deregister_user ioctl received"); +#endif + { + fsl_shw_uco_t *user_ctx = os_dev_get_user_private(); + SHW_REMOVE_USER(user_ctx); + } + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_GET_RESULTS: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: get_results ioctl received"); +#endif + code = get_results(user_ctx, + (struct results_req *) + os_dev_get_ioctl_arg()); + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_GET_CAPABILITIES: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: get_capabilities ioctl received"); +#endif + code = get_capabilities(user_ctx, + (fsl_shw_pco_t *) + os_dev_get_ioctl_arg()); + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_GET_RANDOM: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: get_random ioctl received"); +#endif + code = get_random(user_ctx, + (struct get_random_req *) + os_dev_get_ioctl_arg()); + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_ADD_ENTROPY: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: add_entropy ioctl received"); +#endif + code = add_entropy(user_ctx, + (struct add_entropy_req *) + os_dev_get_ioctl_arg()); + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_DROP_PERMS: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: drop permissions ioctl received"); +#endif + code = + shw_handle_scc_drop_perms(user_ctx, os_dev_get_ioctl_arg()); + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_SSTATUS: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: sstatus ioctl received"); +#endif + code = shw_handle_scc_sstatus(user_ctx, os_dev_get_ioctl_arg()); + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_SFREE: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: sfree ioctl received"); +#endif + code = shw_handle_scc_sfree(user_ctx, os_dev_get_ioctl_arg()); + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_SCC_ENCRYPT: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: scc encrypt ioctl received"); +#endif + code = shw_handle_scc_encrypt(user_ctx, os_dev_get_ioctl_arg()); + break; + + case SHW_IOCTL_REQUEST + SHW_USER_REQ_SCC_DECRYPT: +#ifdef SHW_DEBUG + LOG_KDIAG("SHW: scc decrypt ioctl received"); +#endif + code = shw_handle_scc_decrypt(user_ctx, os_dev_get_ioctl_arg()); + break; + + default: +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHW: Unexpected ioctl %d", + os_dev_get_ioctl_op()); +#endif + break; + } + + os_dev_ioctl_return(code); +} + +#ifdef FSL_HAVE_SCC2 + +/*****************************************************************************/ +/* fn get_user_smid() */ +/*****************************************************************************/ +uint32_t get_user_smid(void *proc) +{ + /* + * A real implementation would have some way to handle signed applications + * which wouild be assigned distinct SMIDs. For the reference + * implementation, we show where this would be determined (here), but + * always provide a fixed answer, thus not separating users at all. + */ + + return 0x42eaae42; +} + +/* user_base: userspace base address of the partition + * kernel_base: kernel mode base address of the partition + */ +static fsl_shw_return_t register_user_partition(fsl_shw_uco_t * user_ctx, + uint32_t user_base, + void *kernel_base) +{ + fsl_shw_spo_t *partition_info; + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + + if (user_ctx == NULL) { + goto out; + } + + partition_info = os_alloc_memory(sizeof(fsl_shw_spo_t), GFP_KERNEL); + + if (partition_info == NULL) { + goto out; + } + + /* stuff the partition info, then put it at the front of the chain */ + partition_info->user_base = user_base; + partition_info->kernel_base = kernel_base; + partition_info->next = user_ctx->partition; + + user_ctx->partition = (struct fsl_shw_spo_t *)partition_info; + +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS + ("partition with user_base=%p, kernel_base=%p registered.", + (void *)user_base, kernel_base); +#endif + + ret = FSL_RETURN_OK_S; + + out: + + return ret; +} + +/* if the partition is in the users list, remove it */ +static fsl_shw_return_t deregister_user_partition(fsl_shw_uco_t * user_ctx, + uint32_t user_base) +{ + fsl_shw_spo_t *curr = (fsl_shw_spo_t *) user_ctx->partition; + fsl_shw_spo_t *last = (fsl_shw_spo_t *) user_ctx->partition; + + while (curr != NULL) { + if (curr->user_base == user_base) { + +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS + ("deregister_user_partition: partition with " + "user_base=%p, kernel_base=%p deregistered.\n", + (void *)curr->user_base, curr->kernel_base); +#endif + + if (last == curr) { + user_ctx->partition = curr->next; + os_free_memory(curr); + return FSL_RETURN_OK_S; + } else { + last->next = curr->next; + os_free_memory(curr); + return FSL_RETURN_OK_S; + } + } + last = curr; + curr = (fsl_shw_spo_t *) curr->next; + } + + return FSL_RETURN_ERROR_S; +} + +/* Find the kernel-mode address of the partition. + * This can then be passed to the SCC functions. + */ +void *lookup_user_partition(fsl_shw_uco_t * user_ctx, uint32_t user_base) +{ + /* search through the partition chain to find one that matches the user base + * address. + */ + fsl_shw_spo_t *curr = (fsl_shw_spo_t *) user_ctx->partition; + + while (curr != NULL) { + if (curr->user_base == user_base) { + return curr->kernel_base; + } + curr = (fsl_shw_spo_t *) curr->next; + } + return NULL; +} + +#endif /* FSL_HAVE_SCC2 */ + +/*! +******************************************************************************* +* This function implements the smalloc() function for userspace programs, by +* making a call to the SCC2 mmap() function that acquires a region of secure +* memory on behalf of the user, and then maps it into the users memory space. +* Currently, the only memory size supported is that of a single SCC2 partition. +* Requests for other sized memory regions will fail. +*/ +OS_DEV_MMAP(shw_mmap) +{ + os_error_code status = OS_ERROR_NO_MEMORY_S; + +#ifdef FSL_HAVE_SCC2 + { + scc_return_t scc_ret; + fsl_shw_return_t fsl_ret; + uint32_t partition_registered = FALSE; + + uint32_t user_base; + void *partition_base; + uint32_t smid; + scc_config_t *scc_configuration; + + int part_no = -1; + uint32_t part_phys; + + fsl_shw_uco_t *user_ctx = + (fsl_shw_uco_t *) os_dev_get_user_private(); + + /* Make sure that the user context is valid */ + if (user_ctx == NULL) { + user_ctx = + os_alloc_memory(sizeof(*user_ctx), GFP_KERNEL); + + if (user_ctx == NULL) { + status = OS_ERROR_NO_MEMORY_S; + goto out; + } + fsl_shw_register_user(user_ctx); + os_dev_set_user_private(user_ctx); + } + + /* Determine the size of a secure partition */ + scc_configuration = scc_get_configuration(); + + /* Check that the memory size requested is equal to the partition + * size, and that the requested destination is on a page boundary. + */ + if (((os_mmap_user_base() % PAGE_SIZE) != 0) || + (os_mmap_memory_size() != + scc_configuration->partition_size_bytes)) { + status = OS_ERROR_BAD_ARG_S; + goto out; + } + + /* Retrieve the SMID associated with the user */ + smid = get_user_smid(user_ctx->process); + + /* Attempt to allocate a secure partition */ + scc_ret = + scc_allocate_partition(smid, &part_no, &partition_base, + &part_phys); + if (scc_ret != SCC_RET_OK) { + pr_debug + ("SCC mmap() request failed to allocate partition;" + " error %d\n", status); + status = OS_ERROR_FAIL_S; + goto out; + } + + pr_debug("scc_mmap() acquired partition %d at %08x\n", + part_no, part_phys); + + /* Record partition info in the user context */ + user_base = os_mmap_user_base(); + fsl_ret = + register_user_partition(user_ctx, user_base, + partition_base); + + if (fsl_ret != FSL_RETURN_OK_S) { + pr_debug + ("SCC mmap() request failed to register partition with user" + " context, error: %d\n", fsl_ret); + status = OS_ERROR_FAIL_S; + } + + partition_registered = TRUE; + + status = map_user_memory(os_mmap_memory_ctx(), part_phys, + os_mmap_memory_size()); + +#ifdef SHW_DEBUG + if (status == OS_ERROR_OK_S) { + LOG_KDIAG_ARGS + ("Partition allocated: user_base=%p, partition_base=%p.", + (void *)user_base, partition_base); + } +#endif + + out: + /* If there is an error it has to be handled here */ + if (status != OS_ERROR_OK_S) { + /* if the partition was registered with the user, unregister it. */ + if (partition_registered == TRUE) { + deregister_user_partition(user_ctx, user_base); + } + + /* if the partition was allocated, deallocate it */ + if (partition_base != NULL) { + scc_release_partition(partition_base); + } + } + } +#endif /* FSL_HAVE_SCC2 */ + + return status; +} + +/*****************************************************************************/ +/* fn shw_release() */ +/*****************************************************************************/ +/*! + * Handle @c close() call from user. + * This is a Linux device driver interface routine. + * + * @return OS_ERROR_OK_S on success (always!) + */ +OS_DEV_CLOSE(shw_release) +{ + fsl_shw_uco_t *user_ctx = os_dev_get_user_private(); + os_error_code code = OS_ERROR_OK_S; + + if (user_ctx != NULL) { + + fsl_shw_deregister_user(user_ctx); + os_free_memory(user_ctx); + os_dev_set_user_private(NULL); + + } + + os_dev_close_return(code); +} /* shw_release */ + +/*****************************************************************************/ +/* fn shw_user_callback() */ +/*****************************************************************************/ +/*! + * FSL SHW User callback function. + * + * This function is set in the kernel version of the user context as the + * callback function when the user mode user wants a callback. Its job is to + * inform the user process that results (may) be available. It does this by + * sending a SIGUSR2 signal which is then caught by the user-mode FSL SHW + * library. + * + * @param user_ctx Kernel version of uco associated with the request. + * + * @return void + */ +static void shw_user_callback(fsl_shw_uco_t * user_ctx) +{ +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHW: Signalling callback user process for context %p\n", + user_ctx); +#endif + os_send_signal(user_ctx->process, SIGUSR2); +} + +/*****************************************************************************/ +/* fn setup_user_driver_interaction() */ +/*****************************************************************************/ +/*! + * Register the driver with the kernel as the driver for shw_major_node. Note + * that this value may be zero, in which case the major number will be assigned + * by the OS. shw_major_node is never modified. + * + * The open(), ioctl(), and close() handles for the driver ned to be registered + * with the kernel. Upon success, shw_device_registered will be true; + * + * @return OS_ERROR_OK_S on success, or an os err code + */ +static os_error_code shw_setup_user_driver_interaction(void) +{ + os_error_code error_code; + + os_driver_init_registration(reg_handle); + os_driver_add_registration(reg_handle, OS_FN_OPEN, + OS_DEV_OPEN_REF(shw_open)); + os_driver_add_registration(reg_handle, OS_FN_IOCTL, + OS_DEV_IOCTL_REF(shw_ioctl)); + os_driver_add_registration(reg_handle, OS_FN_CLOSE, + OS_DEV_CLOSE_REF(shw_release)); + os_driver_add_registration(reg_handle, OS_FN_MMAP, + OS_DEV_MMAP_REF(shw_mmap)); + error_code = os_driver_complete_registration(reg_handle, shw_major_node, + SHW_DRIVER_NAME); + + if (error_code != OS_ERROR_OK_S) { + /* failure ! */ +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHW Driver: register device driver failed: %d", + error_code); +#endif + } else { /* success */ + shw_device_registered = TRUE; +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHW Driver: Major node is %d\n", + os_driver_get_major(reg_handle)); +#endif + } + + return error_code; +} /* shw_setup_user_driver_interaction */ + +/******************************************************************/ +/* User Mode Support */ +/******************************************************************/ + +/*! + * Initialze kernel User Context Object from User-space version. + * + * Copy user UCO into kernel UCO, set flags and fields for operation + * within kernel space. Add user to driver's list of users. + * + * @param user_ctx Pointer to kernel space UCO + * @param user_mode_uco User pointer to user space version + * + * @return os_error_code + */ +static os_error_code init_uco(fsl_shw_uco_t * user_ctx, void *user_mode_uco) +{ + os_error_code code; + + code = os_copy_from_user(user_ctx, user_mode_uco, sizeof(*user_ctx)); + if (code == OS_ERROR_OK_S) { + user_ctx->flags |= FSL_UCO_USERMODE_USER; + user_ctx->result_pool.head = NULL; + user_ctx->result_pool.tail = NULL; + user_ctx->process = os_get_process_handle(); + user_ctx->callback = shw_user_callback; + SHW_ADD_USER(user_ctx); + } +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHW: init uco returning %d (flags %x)", + code, user_ctx->flags); +#endif + + return code; +} + +/*! + * Copy array from kernel to user space. + * + * This routine will check bounds before trying to copy, and return failure + * on bounds violation or error during the copy. + * + * @param userloc Location in userloc to place data. If NULL, the function + * will do nothing (except return NULL). + * @param userend Address beyond allowed copy region at @c userloc. + * @param data_start Location of data to be copied + * @param element_size sizeof() an element + * @param element_count Number of elements of size element_size to copy. + * @return New value of userloc, or NULL if there was an error. + */ +inline static void *copy_array(void *userloc, void *userend, void *data_start, + unsigned element_size, unsigned element_count) +{ + unsigned byte_count = element_size * element_count; + + if ((userloc == NULL) || (userend == NULL) + || ((userloc + byte_count) >= userend) || + (copy_to_user(userloc, data_start, byte_count) != OS_ERROR_OK_S)) { + userloc = NULL; + } else { + userloc += byte_count; + } + + return userloc; +} + +/*! + * Send an FSL SHW API return code up into the user-space request structure. + * + * @param user_header User address of request block / request header + * @param result_code The FSL SHW API code to be placed at header.code + * + * @return an os_error_code + * + * NOTE: This function assumes that the shw_req_header is at the beginning of + * each request structure. + */ +inline static os_error_code copy_fsl_code(void *user_header, + fsl_shw_return_t result_code) +{ + return os_copy_to_user(user_header + + offsetof(struct shw_req_header, code), + &result_code, sizeof(result_code)); +} + +static os_error_code shw_handle_scc_drop_perms(fsl_shw_uco_t * user_ctx, + uint32_t info) +{ + os_error_code status = OS_ERROR_NO_MEMORY_S; +#ifdef FSL_HAVE_SCC2 + scc_return_t scc_ret; + scc_partition_info_t partition_info; + void *kernel_base; + + status = + os_copy_from_user(&partition_info, (void *)info, + sizeof(partition_info)); + + if (status != OS_ERROR_OK_S) { + goto out; + } + + /* validate that the user owns this partition, and look up its handle */ + kernel_base = lookup_user_partition(user_ctx, partition_info.user_base); + + if (kernel_base == NULL) { + status = OS_ERROR_FAIL_S; +#ifdef SHW_DEBUG + LOG_KDIAG("_scc_drop_perms(): failed to find partition\n"); +#endif + goto out; + } + + /* call scc driver to perform the drop */ + scc_ret = scc_diminish_permissions(kernel_base, + partition_info.permissions); + if (scc_ret == SCC_RET_OK) { + status = OS_ERROR_OK_S; + } else { + status = OS_ERROR_FAIL_S; + } + + out: +#endif /* FSL_HAVE_SCC2 */ + return status; +} + +static os_error_code shw_handle_scc_sstatus(fsl_shw_uco_t * user_ctx, + uint32_t info) +{ + os_error_code status = OS_ERROR_NO_MEMORY_S; +#ifdef FSL_HAVE_SCC2 + scc_partition_info_t partition_info; + void *kernel_base; + + status = os_copy_from_user(&partition_info, + (void *)info, sizeof(partition_info)); + + if (status != OS_ERROR_OK_S) { + goto out; + } + + /* validate that the user owns this partition, and look up its handle */ + kernel_base = lookup_user_partition(user_ctx, partition_info.user_base); + + if (kernel_base == NULL) { + status = OS_ERROR_FAIL_S; +#ifdef SHW_DEBUG + LOG_KDIAG("Failed to find partition\n"); +#endif + goto out; + } + + /* Call the SCC driver to ask about the partition status */ + partition_info.status = scc_partition_status(kernel_base); + + /* and copy the structure out */ + status = os_copy_to_user((void *)info, + &partition_info, sizeof(partition_info)); + + out: +#endif /* FSL_HAVE_SCC2 */ + return status; +} + +static os_error_code shw_handle_scc_sfree(fsl_shw_uco_t * user_ctx, + uint32_t info) +{ + os_error_code status = OS_ERROR_NO_MEMORY_S; +#ifdef FSL_HAVE_SCC2 + { + scc_partition_info_t partition_info; + void *kernel_base; + int ret; + + status = os_copy_from_user(&partition_info, + (void *)info, + sizeof(partition_info)); + + /* check that the copy was successful */ + if (status != OS_ERROR_OK_S) { + goto out; + } + + /* validate that the user owns this partition, and look up its handle */ + kernel_base = + lookup_user_partition(user_ctx, partition_info.user_base); + + if (kernel_base == NULL) { + status = OS_ERROR_FAIL_S; +#ifdef SHW_DEBUG + LOG_KDIAG("failed to find partition\n"); +#endif /*SHW_DEBUG */ + goto out; + } + + /* Unmap the memory region (see sys_munmap in mmap.c) */ + ret = unmap_user_memory(partition_info.user_base, 8192); + + /* If the memory was successfully released */ + if (ret == OS_ERROR_OK_S) { + + /* release the partition */ + scc_release_partition(kernel_base); + + /* and remove it from the users context */ + deregister_user_partition(user_ctx, + partition_info.user_base); + + status = OS_ERROR_OK_S; + + } else { +#ifdef SHW_DEBUG + LOG_KDIAG("do_munmap not successful!"); +#endif + } + + } + out: +#endif /* FSL_HAVE_SCC2 */ + return status; +} + +static os_error_code shw_handle_scc_encrypt(fsl_shw_uco_t * user_ctx, + uint32_t info) +{ + os_error_code status = OS_ERROR_FAIL_S; +#ifdef FSL_HAVE_SCC2 + { + fsl_shw_return_t retval; + scc_region_t region_info; + void *page_ctx = NULL; + void *black_addr = NULL; + void *partition_base = NULL; + scc_config_t *scc_configuration; + + status = + os_copy_from_user(®ion_info, (void *)info, + sizeof(region_info)); + + if (status != OS_ERROR_OK_S) { + goto out; + } + + /* validate that the user owns this partition, and look up its handle */ + partition_base = lookup_user_partition(user_ctx, + region_info. + partition_base); + + if (partition_base == NULL) { + status = OS_ERROR_FAIL_S; +#ifdef SHW_DEBUG + LOG_KDIAG("failed to find secure partition\n"); +#endif + goto out; + } + + /* Check that the memory size requested is correct */ + scc_configuration = scc_get_configuration(); + if (region_info.offset + region_info.length > + scc_configuration->partition_size_bytes) { + status = OS_ERROR_FAIL_S; + goto out; + } + + /* wire down black_data */ + black_addr = wire_user_memory(region_info.black_data, + region_info.length, &page_ctx); + + if (black_addr == NULL) { + status = OS_ERROR_FAIL_S; + goto out; + } + + retval = + do_scc_encrypt_region(NULL, partition_base, + region_info.offset, + region_info.length, black_addr, + region_info.IV, + region_info.cypher_mode); + + if (retval == FSL_RETURN_OK_S) { + status = OS_ERROR_OK_S; + } else { + status = OS_ERROR_FAIL_S; + } + + /* release black data */ + unwire_user_memory(&page_ctx); + } + out: + +#endif /* FSL_HAVE_SCC2 */ + return status; +} + +static os_error_code shw_handle_scc_decrypt(fsl_shw_uco_t * user_ctx, + uint32_t info) +{ + os_error_code status = OS_ERROR_FAIL_S; +#ifdef FSL_HAVE_SCC2 + { + fsl_shw_return_t retval; + scc_region_t region_info; + void *page_ctx = NULL; + void *black_addr; + void *partition_base; + scc_config_t *scc_configuration; + + status = + os_copy_from_user(®ion_info, (void *)info, + sizeof(region_info)); + +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS + ("partition_base: %p, offset: %i, length: %i, black data: %p", + (void *)region_info.partition_base, region_info.offset, + region_info.length, (void *)region_info.black_data); +#endif + + if (status != OS_ERROR_OK_S) { + goto out; + } + + /* validate that the user owns this partition, and look up its handle */ + partition_base = lookup_user_partition(user_ctx, + region_info. + partition_base); + + if (partition_base == NULL) { + status = OS_ERROR_FAIL_S; +#ifdef SHW_DEBUG + LOG_KDIAG("failed to find partition\n"); +#endif + goto out; + } + + /* Check that the memory size requested is correct */ + scc_configuration = scc_get_configuration(); + if (region_info.offset + region_info.length > + scc_configuration->partition_size_bytes) { + status = OS_ERROR_FAIL_S; + goto out; + } + + /* wire down black_data */ + black_addr = wire_user_memory(region_info.black_data, + region_info.length, &page_ctx); + + if (black_addr == NULL) { + status = OS_ERROR_FAIL_S; + goto out; + } + + retval = + do_scc_decrypt_region(NULL, partition_base, + region_info.offset, + region_info.length, black_addr, + region_info.IV, + region_info.cypher_mode); + + if (retval == FSL_RETURN_OK_S) { + status = OS_ERROR_OK_S; + } else { + status = OS_ERROR_FAIL_S; + } + + /* release black data */ + unwire_user_memory(&page_ctx); + } + out: + +#endif /* FSL_HAVE_SCC2 */ + return status; +} + +fsl_shw_return_t do_system_keystore_slot_alloc(fsl_shw_uco_t * user_ctx, + uint32_t key_length, + uint64_t ownerid, + uint32_t * slot) +{ + (void)user_ctx; + return keystore_slot_alloc(&system_keystore, key_length, ownerid, slot); +} + +fsl_shw_return_t do_system_keystore_slot_dealloc(fsl_shw_uco_t * user_ctx, + uint64_t ownerid, + uint32_t slot) +{ + (void)user_ctx; + return keystore_slot_dealloc(&system_keystore, ownerid, slot); +} + +fsl_shw_return_t do_system_keystore_slot_load(fsl_shw_uco_t * user_ctx, + uint64_t ownerid, + uint32_t slot, + const uint8_t * key, + uint32_t key_length) +{ + (void)user_ctx; + return keystore_slot_load(&system_keystore, ownerid, slot, + (void *)key, key_length); +} + +fsl_shw_return_t do_system_keystore_slot_encrypt(fsl_shw_uco_t * user_ctx, + uint64_t ownerid, + uint32_t slot, + uint32_t key_length, + uint8_t * black_data) +{ + (void)user_ctx; + return keystore_slot_encrypt(NULL, &system_keystore, ownerid, + slot, key_length, black_data); +} + +fsl_shw_return_t do_system_keystore_slot_decrypt(fsl_shw_uco_t * user_ctx, + uint64_t ownerid, + uint32_t slot, + uint32_t key_length, + const uint8_t * black_data) +{ + (void)user_ctx; + return keystore_slot_decrypt(NULL, &system_keystore, ownerid, + slot, key_length, black_data); +} + +fsl_shw_return_t do_system_keystore_slot_read(fsl_shw_uco_t * user_ctx, + uint64_t ownerid, + uint32_t slot, + uint32_t key_length, + uint8_t * key_data) +{ + (void)user_ctx; + + return keystore_slot_read(&system_keystore, ownerid, + slot, key_length, key_data); +} + +/*! + * Handle user-mode Get Capabilities request + * + * Right now, this function can only have a failure if the user has failed to + * provide a pointer to a location in user space with enough room to hold the + * fsl_shw_pco_t structure and any associated data. It will treat this failure + * as an ioctl failure and return an ioctl error code, instead of treating it + * as an API failure. + * + * @param user_ctx The kernel version of user's context + * @param user_mode_pco_request Pointer to user-space request + * + * @return an os_error_code + */ +static os_error_code get_capabilities(fsl_shw_uco_t * user_ctx, + void *user_mode_pco_request) +{ + os_error_code code; + struct capabilities_req req; + fsl_shw_pco_t local_cap; + + memcpy(&local_cap, &cap, sizeof(cap)); + /* Initialize pointers to out-of-struct arrays */ + local_cap.sym_algorithms = NULL; + local_cap.sym_modes = NULL; + local_cap.sym_modes = NULL; + + code = os_copy_from_user(&req, user_mode_pco_request, sizeof(req)); + if (code == OS_ERROR_OK_S) { + void *endcap; + void *user_bounds; +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHE: Received get_cap request: 0x%p/%u/0x%x", + req.capabilities, req.size, + sizeof(fsl_shw_pco_t)); +#endif + endcap = req.capabilities + 1; /* point to end of structure */ + user_bounds = (void *)req.capabilities + req.size; /* end of area */ + + /* First verify that request is big enough for the main structure */ + if (endcap >= user_bounds) { + endcap = NULL; /* No! */ + } + + /* Copy any Symmetric Algorithm suppport */ + if (cap.sym_algorithm_count != 0) { + local_cap.sym_algorithms = endcap; + endcap = + copy_array(endcap, user_bounds, cap.sym_algorithms, + sizeof(fsl_shw_key_alg_t), + cap.sym_algorithm_count); + } + + /* Copy any Symmetric Modes suppport */ + if (cap.sym_mode_count != 0) { + local_cap.sym_modes = endcap; + endcap = copy_array(endcap, user_bounds, cap.sym_modes, + sizeof(fsl_shw_sym_mode_t), + cap.sym_mode_count); + } + + /* Copy any Hash Algorithm suppport */ + if (cap.hash_algorithm_count != 0) { + local_cap.hash_algorithms = endcap; + endcap = + copy_array(endcap, user_bounds, cap.hash_algorithms, + sizeof(fsl_shw_hash_alg_t), + cap.hash_algorithm_count); + } + + /* Now copy up the (possibly modified) main structure */ + if (endcap != NULL) { + code = + os_copy_to_user(req.capabilities, &local_cap, + sizeof(cap)); + } + + if (endcap == NULL) { + code = OS_ERROR_BAD_ADDRESS_S; + } + + /* And return the FSL SHW code in the request structure. */ + if (code == OS_ERROR_OK_S) { + code = + copy_fsl_code(user_mode_pco_request, + FSL_RETURN_OK_S); + } + } + + /* code may already be set to an error. This is another error case. */ + +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHW: get capabilities returning %d", code); +#endif + + return code; +} + +/*! + * Handle user-mode Get Results request + * + * Get arguments from user space into kernel space, then call + * fsl_shw_get_results, and then copy its return code and any results from + * kernel space back to user space. + * + * @param user_ctx The kernel version of user's context + * @param user_mode_results_req Pointer to user-space request + * + * @return an os_error_code + */ +static os_error_code get_results(fsl_shw_uco_t * user_ctx, + void *user_mode_results_req) +{ + os_error_code code; + struct results_req req; + fsl_shw_result_t *results = NULL; + int loop; + + code = os_copy_from_user(&req, user_mode_results_req, sizeof(req)); + loop = 0; + + if (code == OS_ERROR_OK_S) { + results = os_alloc_memory(req.requested * sizeof(*results), 0); + if (results == NULL) { + code = OS_ERROR_NO_MEMORY_S; + } + } + + if (code == OS_ERROR_OK_S) { + fsl_shw_return_t err = + fsl_shw_get_results(user_ctx, req.requested, + results, &req.actual); + + /* Send API return code up to user. */ + code = copy_fsl_code(user_mode_results_req, err); + + if ((code == OS_ERROR_OK_S) && (err == FSL_RETURN_OK_S)) { + /* Now copy up the result count */ + code = os_copy_to_user(user_mode_results_req + + offsetof(struct results_req, + actual), &req.actual, + sizeof(req.actual)); + if ((code == OS_ERROR_OK_S) && (req.actual != 0)) { + /* now copy up the results... */ + code = os_copy_to_user(req.results, results, + req.actual * + sizeof(*results)); + } + } + } + + if (results != NULL) { + os_free_memory(results); + } + + return code; +} + +/*! + * Process header of user-mode request. + * + * Mark header as User Mode request. Update UCO's flags and reference fields + * with current versions from the header. + * + * @param user_ctx Pointer to kernel version of UCO. + * @param hdr Pointer to common part of user request. + * + * @return void + */ +inline static void process_hdr(fsl_shw_uco_t * user_ctx, + struct shw_req_header *hdr) +{ + hdr->flags |= FSL_UCO_USERMODE_USER; + user_ctx->flags = hdr->flags; + user_ctx->user_ref = hdr->user_ref; + + return; +} + +/*! + * Handle user-mode Get Random request + * + * @param user_ctx The kernel version of user's context + * @param user_mode_get_random_req Pointer to user-space request + * + * @return an os_error_code + */ +static os_error_code get_random(fsl_shw_uco_t * user_ctx, + void *user_mode_get_random_req) +{ + os_error_code code; + struct get_random_req req; + + code = os_copy_from_user(&req, user_mode_get_random_req, sizeof(req)); + if (code == OS_ERROR_OK_S) { + process_hdr(user_ctx, &req.hdr); +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS + ("SHW: get_random() for %d bytes in %sblocking mode", + req.size, + (req.hdr.flags & FSL_UCO_BLOCKING_MODE) ? "" : "non-"); +#endif + req.hdr.code = + fsl_shw_get_random(user_ctx, req.size, req.random); + +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("SHW: get_random() returning %d", req.hdr.code); +#endif + + /* Copy FSL function status back to user */ + code = copy_fsl_code(user_mode_get_random_req, req.hdr.code); + } + + return code; +} + +/*! + * Handle user-mode Add Entropy request + * + * @param user_ctx Pointer to the kernel version of user's context + * @param user_mode_add_entropy_req Address of user-space request + * + * @return an os_error_code + */ +static os_error_code add_entropy(fsl_shw_uco_t * user_ctx, + void *user_mode_add_entropy_req) +{ + os_error_code code; + struct add_entropy_req req; + uint8_t *local_buffer = NULL; + + code = os_copy_from_user(&req, user_mode_add_entropy_req, sizeof(req)); + if (code == OS_ERROR_OK_S) { + local_buffer = os_alloc_memory(req.size, 0); /* for random */ + if (local_buffer != NULL) { + code = + os_copy_from_user(local_buffer, req.entropy, + req.size); + } + if (code == OS_ERROR_OK_S) { + req.hdr.code = fsl_shw_add_entropy(user_ctx, req.size, + local_buffer); + + code = + copy_fsl_code(user_mode_add_entropy_req, + req.hdr.code); + } + } + + if (local_buffer != NULL) { + os_free_memory(local_buffer); + } + + return code; +} + +/******************************************************************/ +/* End User Mode Support */ +/******************************************************************/ + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_register_user); +#endif +/* REQ-S2LRD-PINTFC-API-GEN-004 */ +/* + * Handle user registration. + * + * @param user_ctx The user context for the registration. + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_register_user(fsl_shw_uco_t * user_ctx) +{ + fsl_shw_return_t code = FSL_RETURN_INTERNAL_ERROR_S; + + if ((user_ctx->flags & FSL_UCO_BLOCKING_MODE) && + (user_ctx->flags & FSL_UCO_CALLBACK_MODE)) { + code = FSL_RETURN_BAD_FLAG_S; + goto error_exit; + } else if (user_ctx->pool_size == 0) { + code = FSL_RETURN_NO_RESOURCE_S; + goto error_exit; + } else { + user_ctx->result_pool.head = NULL; + user_ctx->result_pool.tail = NULL; + SHW_ADD_USER(user_ctx); + code = FSL_RETURN_OK_S; + } + + error_exit: + return code; +} + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_deregister_user); +#endif +/* REQ-S2LRD-PINTFC-API-GEN-005 */ +/*! + * Destroy the association between the the user and the provider of the API. + * + * @param user_ctx The user context which is no longer needed. + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_deregister_user(fsl_shw_uco_t * user_ctx) +{ + shw_queue_entry_t *finished_request; + fsl_shw_return_t ret = FSL_RETURN_OK_S; + + /* Clean up what we find in result pool. */ + do { + os_lock_context_t lock_context; + os_lock_save_context(shw_queue_lock, lock_context); + finished_request = user_ctx->result_pool.head; + + if (finished_request != NULL) { + SHW_QUEUE_REMOVE_ENTRY(&user_ctx->result_pool, + finished_request); + os_unlock_restore_context(shw_queue_lock, lock_context); + os_free_memory(finished_request); + } else { + os_unlock_restore_context(shw_queue_lock, lock_context); + } + } while (finished_request != NULL); + +#ifdef FSL_HAVE_SCC2 + { + fsl_shw_spo_t *partition; + struct mm_struct *mm = current->mm; + + while ((user_ctx->partition != NULL) + && (ret == FSL_RETURN_OK_S)) { + + partition = user_ctx->partition; + +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS + ("Found an abandoned secure partition at %p, releasing", + partition); +#endif + + /* It appears that current->mm is not valid if this is called from a + * close routine (perhaps only if the program raised an exception that + * caused it to close?) If that is the case, then still free the + * partition, but do not remove it from the memory space (dangerous?) + */ + + if (mm == NULL) { +#ifdef SHW_DEBUG + LOG_KDIAG + ("Warning: no mm structure found, not unmapping " + "partition from user memory\n"); +#endif + } else { + /* Unmap the memory region (see sys_munmap in mmap.c) */ + /* Note that this assumes a single memory partition */ + unmap_user_memory(partition->user_base, 8192); + } + + /* If the memory was successfully released */ + if (ret == OS_ERROR_OK_S) { + /* release the partition */ + scc_release_partition(partition->kernel_base); + + /* and remove it from the users context */ + deregister_user_partition(user_ctx, + partition->user_base); + + ret = FSL_RETURN_OK_S; + } else { + ret = FSL_RETURN_ERROR_S; + + goto out; + } + } + } + out: +#endif /* FSL_HAVE_SCC2 */ + + SHW_REMOVE_USER(user_ctx); + + return ret; +} + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_get_results); +#endif +/* REQ-S2LRD-PINTFC-API-GEN-006 */ +fsl_shw_return_t fsl_shw_get_results(fsl_shw_uco_t * user_ctx, + unsigned result_size, + fsl_shw_result_t results[], + unsigned *result_count) +{ + shw_queue_entry_t *finished_request; + unsigned loop = 0; + + do { + os_lock_context_t lock_context; + + /* Protect state of user's result pool until we have retrieved and + * remove the first entry, or determined that the pool is empty. */ + os_lock_save_context(shw_queue_lock, lock_context); + finished_request = user_ctx->result_pool.head; + + if (finished_request != NULL) { + uint32_t code = 0; + + SHW_QUEUE_REMOVE_ENTRY(&user_ctx->result_pool, + finished_request); + os_unlock_restore_context(shw_queue_lock, lock_context); + + results[loop].user_ref = finished_request->user_ref; + results[loop].code = finished_request->code; + results[loop].detail1 = 0; + results[loop].detail2 = 0; + results[loop].user_req = + finished_request->user_mode_req; + if (finished_request->postprocess != NULL) { + code = + finished_request-> + postprocess(finished_request); + } + + results[loop].code = finished_request->code; + os_free_memory(finished_request); + if (code == 0) { + loop++; + } + } else { /* finished_request is NULL */ + /* pool is empty */ + os_unlock_restore_context(shw_queue_lock, lock_context); + } + + } while ((loop < result_size) && (finished_request != NULL)); + + *result_count = loop; + + return FSL_RETURN_OK_S; +} + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_get_capabilities); +#endif +fsl_shw_pco_t *fsl_shw_get_capabilities(fsl_shw_uco_t * user_ctx) +{ + + /* Unused */ + (void)user_ctx; + + return ∩ +} + +#if !(defined(FSL_HAVE_SAHARA) || defined(FSL_HAVE_RNGA) \ + || defined(FSL_HAVE_RNGB) || defined(FSL_HAVE_RNGC)) + +#if defined(LINUX_VERSION_CODE) +EXPORT_SYMBOL(fsl_shw_get_random); +#endif +fsl_shw_return_t fsl_shw_get_random(fsl_shw_uco_t * user_ctx, + uint32_t length, uint8_t * data) +{ + + /* Unused */ + (void)user_ctx; + (void)length; + (void)data; + + return FSL_RETURN_ERROR_S; +} + +#if defined(LINUX_VERSION_CODE) +EXPORT_SYMBOL(fsl_shw_add_entropy); +#endif +fsl_shw_return_t fsl_shw_add_entropy(fsl_shw_uco_t * user_ctx, + uint32_t length, uint8_t * data) +{ + + /* Unused */ + (void)user_ctx; + (void)length; + (void)data; + + return FSL_RETURN_ERROR_S; +} +#endif + +#if !defined(FSL_HAVE_DRYICE) && !defined(FSL_HAVE_SAHARA2) +#if 0 +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_symmetric_decrypt); +#endif +fsl_shw_return_t fsl_shw_symmetric_decrypt(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_scco_t * sym_ctx, + uint32_t length, + const uint8_t * ct, uint8_t * pt) +{ + + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)sym_ctx; + (void)length; + (void)ct; + (void)pt; + + return FSL_RETURN_ERROR_S; +} + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_symmetric_encrypt); +#endif +fsl_shw_return_t fsl_shw_symmetric_encrypt(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_scco_t * sym_ctx, + uint32_t length, + const uint8_t * pt, uint8_t * ct) +{ + + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)sym_ctx; + (void)length; + (void)pt; + (void)ct; + + return FSL_RETURN_ERROR_S; +} + +/* DryIce support provided in separate file */ + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_establish_key); +#endif +fsl_shw_return_t fsl_shw_establish_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_key_wrap_t establish_type, + const uint8_t * key) +{ + + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)establish_type; + (void)key; + + return FSL_RETURN_ERROR_S; +} + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_extract_key); +#endif +fsl_shw_return_t fsl_shw_extract_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + uint8_t * covered_key) +{ + + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)covered_key; + + return FSL_RETURN_ERROR_S; +} + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_release_key); +#endif +fsl_shw_return_t fsl_shw_release_key(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info) +{ + + /* Unused */ + (void)user_ctx; + (void)key_info; + + return FSL_RETURN_ERROR_S; +} +#endif +#endif /* SAHARA or DRYICE */ + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_hash); +#endif +#if !defined(FSL_HAVE_SAHARA) +fsl_shw_return_t fsl_shw_hash(fsl_shw_uco_t * user_ctx, + fsl_shw_hco_t * hash_ctx, + const uint8_t * msg, + uint32_t length, + uint8_t * result, uint32_t result_len) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + + /* Unused */ + (void)user_ctx; + (void)hash_ctx; + (void)msg; + (void)length; + (void)result; + (void)result_len; + + return ret; +} +#endif + +#ifndef FSL_HAVE_SAHARA +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_hmac_precompute); +#endif + +fsl_shw_return_t fsl_shw_hmac_precompute(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_hmco_t * hmac_ctx) +{ + fsl_shw_return_t status = FSL_RETURN_ERROR_S; + + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)hmac_ctx; + + return status; +} + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_hmac); +#endif + +fsl_shw_return_t fsl_shw_hmac(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, + fsl_shw_hmco_t * hmac_ctx, + const uint8_t * msg, + uint32_t length, + uint8_t * result, uint32_t result_len) +{ + fsl_shw_return_t status = FSL_RETURN_ERROR_S; + + /* Unused */ + (void)user_ctx; + (void)key_info; + (void)hmac_ctx; + (void)msg; + (void)length; + (void)result; + (void)result_len; + + return status; +} +#endif + +/*! + * Call the proper function to encrypt a region of encrypted secure memory + * + * @brief + * + * @param user_ctx User context of the partition owner (NULL in kernel) + * @param partition_base Base address (physical) of the partition + * @param offset_bytes Offset from base address of the data to be encrypted + * @param byte_count Length of the message (bytes) + * @param black_data Pointer to where the encrypted data is stored + * @param IV IV to use for encryption + * @param cypher_mode Cyphering mode to use, specified by type + * #fsl_shw_cypher_mode_t + * + * @return status + */ +fsl_shw_return_t +do_scc_encrypt_region(fsl_shw_uco_t * user_ctx, + void *partition_base, uint32_t offset_bytes, + uint32_t byte_count, uint8_t * black_data, + uint32_t * IV, fsl_shw_cypher_mode_t cypher_mode) +{ + fsl_shw_return_t retval = FSL_RETURN_ERROR_S; +#ifdef FSL_HAVE_SCC2 + + scc_return_t scc_ret; + +#ifdef SHW_DEBUG + uint32_t *owner_32 = (uint32_t *) & (owner_id); + + LOG_KDIAG_ARGS + ("partition base: %p, offset: %i, count: %i, black data: %p\n", + partition_base, offset_bytes, byte_count, (void *)black_data); + + LOG_KDIAG_ARGS("Owner ID: %08x%08x\n", owner_32[1], owner_32[0]); +#endif /* SHW_DEBUG */ + (void)user_ctx; + + os_cache_flush_range(black_data, byte_count); + + scc_ret = + scc_encrypt_region((uint32_t) partition_base, offset_bytes, + byte_count, __virt_to_phys(black_data), IV, + cypher_mode); + + if (scc_ret == SCC_RET_OK) { + retval = FSL_RETURN_OK_S; + } else { + retval = FSL_RETURN_ERROR_S; + } + + /* The SCC2 DMA engine should have written to the black ram, so we need to + * invalidate that region of memory. Note that the red ram is not an + * because it is mapped with the cache disabled. + */ + os_cache_inv_range(black_data, byte_count); + +#endif /* FSL_HAVE_SCC2 */ + return retval; +} + +/*! + * Call the proper function to decrypt a region of encrypted secure memory + * + * @brief + * + * @param user_ctx User context of the partition owner (NULL in kernel) + * @param partition_base Base address (physical) of the partition + * @param offset_bytes Offset from base address that the decrypted data + * shall be placed + * @param byte_count Length of the message (bytes) + * @param black_data Pointer to where the encrypted data is stored + * @param IV IV to use for decryption + * @param cypher_mode Cyphering mode to use, specified by type + * #fsl_shw_cypher_mode_t + * + * @return status + */ +fsl_shw_return_t +do_scc_decrypt_region(fsl_shw_uco_t * user_ctx, + void *partition_base, uint32_t offset_bytes, + uint32_t byte_count, const uint8_t * black_data, + uint32_t * IV, fsl_shw_cypher_mode_t cypher_mode) +{ + fsl_shw_return_t retval = FSL_RETURN_ERROR_S; + +#ifdef FSL_HAVE_SCC2 + + scc_return_t scc_ret; + +#ifdef SHW_DEBUG + uint32_t *owner_32 = (uint32_t *) & (owner_id); + + LOG_KDIAG_ARGS + ("partition base: %p, offset: %i, count: %i, black data: %p\n", + partition_base, offset_bytes, byte_count, (void *)black_data); + + LOG_KDIAG_ARGS("Owner ID: %08x%08x\n", owner_32[1], owner_32[0]); +#endif /* SHW_DEBUG */ + + (void)user_ctx; + + /* The SCC2 DMA engine will be reading from the black ram, so we need to + * make sure that the data is pushed out of the cache. Note that the red + * ram is not an issue because it is mapped with the cache disabled. + */ + os_cache_flush_range(black_data, byte_count); + + scc_ret = + scc_decrypt_region((uint32_t) partition_base, offset_bytes, + byte_count, + (uint8_t *) __virt_to_phys(black_data), IV, + cypher_mode); + + if (scc_ret == SCC_RET_OK) { + retval = FSL_RETURN_OK_S; + } else { + retval = FSL_RETURN_ERROR_S; + } + +#endif /* FSL_HAVE_SCC2 */ + + return retval; +} + +void *fsl_shw_smalloc(fsl_shw_uco_t * user_ctx, + uint32_t size, const uint8_t * UMID, uint32_t permissions) +{ +#ifdef FSL_HAVE_SCC2 + int part_no; + void *part_base; + uint32_t part_phys; + scc_config_t *scc_configuration; + + /* Check that the memory size requested is correct */ + scc_configuration = scc_get_configuration(); + if (size != scc_configuration->partition_size_bytes) { + return NULL; + } + + /* attempt to grab a partition. */ + if (scc_allocate_partition(0, &part_no, &part_base, &part_phys) + != SCC_RET_OK) { + return NULL; + } +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("Partition_base: %p, partition_base_phys: %p\n", + part_base, (void *)part_phys); +#endif + + if (scc_engage_partition(part_base, UMID, permissions) + != SCC_RET_OK) { + /* Engagement failed, so the partition needs to be de-allocated */ + +#ifdef SHW_DEBUG + LOG_KDIAG_ARGS("Failed to engage partition %p, de-allocating", + part_base); +#endif + scc_release_partition(part_base); + + return NULL; + } + + return part_base; + +#else /* FSL_HAVE_SCC2 */ + + (void)user_ctx; + (void)size; + (void)UMID; + (void)permissions; + return NULL; + +#endif /* FSL_HAVE_SCC2 */ +} + +/* Release a block of secure memory */ +fsl_shw_return_t fsl_shw_sfree(fsl_shw_uco_t * user_ctx, void *address) +{ + (void)user_ctx; + +#ifdef FSL_HAVE_SCC2 + if (scc_release_partition(address) == SCC_RET_OK) { + return FSL_RETURN_OK_S; + } +#endif + + return FSL_RETURN_ERROR_S; +} + +/* Check the status of a block of secure memory */ +fsl_shw_return_t fsl_shw_sstatus(fsl_shw_uco_t * user_ctx, + void *address, + fsl_shw_partition_status_t * part_status) +{ + (void)user_ctx; + +#ifdef FSL_HAVE_SCC2 + *part_status = scc_partition_status(address); + + return FSL_RETURN_OK_S; +#endif + + return FSL_RETURN_ERROR_S; +} + +/* Diminish permissions on some secure memory */ +fsl_shw_return_t fsl_shw_diminish_perms(fsl_shw_uco_t * user_ctx, + void *address, uint32_t permissions) +{ + + (void)user_ctx; /* unused parameter warning */ + +#ifdef FSL_HAVE_SCC2 + if (scc_diminish_permissions(address, permissions) == SCC_RET_OK) { + return FSL_RETURN_OK_S; + } +#endif + return FSL_RETURN_ERROR_S; +} + +#ifndef FSL_HAVE_SAHARA +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_gen_encrypt); +#endif + +fsl_shw_return_t fsl_shw_gen_encrypt(fsl_shw_uco_t * user_ctx, + fsl_shw_acco_t * auth_ctx, + fsl_shw_sko_t * cipher_key_info, + fsl_shw_sko_t * auth_key_info, + uint32_t auth_data_length, + const uint8_t * auth_data, + uint32_t payload_length, + const uint8_t * payload, + uint8_t * ct, uint8_t * auth_value) +{ + volatile fsl_shw_return_t status = FSL_RETURN_ERROR_S; + + /* Unused */ + (void)user_ctx; + (void)auth_ctx; + (void)cipher_key_info; + (void)auth_key_info; /* save compilation warning */ + (void)auth_data_length; + (void)auth_data; + (void)payload_length; + (void)payload; + (void)ct; + (void)auth_value; + + return status; +} + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_auth_decrypt); +#endif +/*! + * @brief Authenticate and decrypt a (CCM) stream. + * + * @param user_ctx The user's context + * @param auth_ctx Info on this Auth operation + * @param cipher_key_info Key to encrypt payload + * @param auth_key_info (unused - same key in CCM) + * @param auth_data_length Length in bytes of @a auth_data + * @param auth_data Any auth-only data + * @param payload_length Length in bytes of @a payload + * @param ct The encrypted data + * @param auth_value The authentication code to validate + * @param[out] payload The location to store decrypted data + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_auth_decrypt(fsl_shw_uco_t * user_ctx, + fsl_shw_acco_t * auth_ctx, + fsl_shw_sko_t * cipher_key_info, + fsl_shw_sko_t * auth_key_info, + uint32_t auth_data_length, + const uint8_t * auth_data, + uint32_t payload_length, + const uint8_t * ct, + const uint8_t * auth_value, + uint8_t * payload) +{ + volatile fsl_shw_return_t status = FSL_RETURN_ERROR_S; + + /* Unused */ + (void)user_ctx; + (void)auth_ctx; + (void)cipher_key_info; + (void)auth_key_info; /* save compilation warning */ + (void)auth_data_length; + (void)auth_data; + (void)payload_length; + (void)ct; + (void)auth_value; + (void)payload; + + return status; +} + +#endif /* no SAHARA */ + +#ifndef FSL_HAVE_DRYICE + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_gen_random_pf_key); +#endif +/*! + * Cause the hardware to create a new random key for secure memory use. + * + * Have the hardware use the secure hardware random number generator to load a + * new secret key into the hardware random key register. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_gen_random_pf_key(fsl_shw_uco_t * user_ctx) +{ + volatile fsl_shw_return_t status = FSL_RETURN_ERROR_S; + + return status; +} + +#endif /* not have DRYICE */ + +fsl_shw_return_t alloc_slot(fsl_shw_uco_t * user_ctx, fsl_shw_sko_t * key_info) +{ + fsl_shw_return_t ret = FSL_RETURN_INTERNAL_ERROR_S; + + if (key_info->keystore == NULL) { + /* Key goes in system keystore */ + ret = do_system_keystore_slot_alloc(user_ctx, + key_info->key_length, + key_info->userid, + &(key_info->handle)); +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("key length: %i, handle: %i", + key_info->key_length, key_info->handle); +#endif + + } else { + /* Key goes in user keystore */ + ret = keystore_slot_alloc(key_info->keystore, + key_info->key_length, + key_info->userid, + &(key_info->handle)); + } + + return ret; +} /* end fn alloc_slot */ + +fsl_shw_return_t load_slot(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info, const uint8_t * key) +{ + fsl_shw_return_t ret = FSL_RETURN_INTERNAL_ERROR_S; + + if (key_info->keystore == NULL) { + /* Key goes in system keystore */ + ret = do_system_keystore_slot_load(user_ctx, + key_info->userid, + key_info->handle, key, + key_info->key_length); + } else { + /* Key goes in user keystore */ + ret = keystore_slot_load(key_info->keystore, + key_info->userid, + key_info->handle, key, + key_info->key_length); + } + + return ret; +} /* end fn load_slot */ + +fsl_shw_return_t dealloc_slot(fsl_shw_uco_t * user_ctx, + fsl_shw_sko_t * key_info) +{ + fsl_shw_return_t ret = FSL_RETURN_INTERNAL_ERROR_S; + + if (key_info->keystore == NULL) { + /* Key goes in system keystore */ + do_system_keystore_slot_dealloc(user_ctx, + key_info->userid, + key_info->handle); + } else { + /* Key goes in user keystore */ + keystore_slot_dealloc(key_info->keystore, + key_info->userid, key_info->handle); + } + + key_info->flags &= ~(FSL_SKO_KEY_ESTABLISHED | FSL_SKO_KEY_PRESENT); + + return ret; +} /* end fn slot_dealloc */ diff --git a/drivers/mxc/security/rng/shw_dryice.c b/drivers/mxc/security/rng/shw_dryice.c new file mode 100644 index 000000000000..bcf1794f7351 --- /dev/null +++ b/drivers/mxc/security/rng/shw_dryice.c @@ -0,0 +1,204 @@ +/* + * Copyright (C) 2009-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + +#include "shw_driver.h" +#include "../dryice.h" + +#include <diagnostic.h> + +#ifdef FSL_HAVE_DRYICE + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_gen_random_pf_key); +#endif +/*! + * Cause the hardware to create a new random key for secure memory use. + * + * Have the hardware use the secure hardware random number generator to load a + * new secret key into the hardware random key register. + * + * @param user_ctx A user context from #fsl_shw_register_user(). + * + * @return A return code of type #fsl_shw_return_t. + */ +fsl_shw_return_t fsl_shw_gen_random_pf_key(fsl_shw_uco_t * user_ctx) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + di_return_t di_ret; + + /* For now, only blocking mode calls are supported */ + if (!(user_ctx->flags & FSL_UCO_BLOCKING_MODE)) { + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + + di_ret = dryice_set_random_key(0); + if (di_ret != DI_SUCCESS) { + printk("dryice_set_random_key returned %d\n", di_ret); + goto out; + } + + ret = FSL_RETURN_OK_S; + + out: + return ret; +} + +#ifdef LINUX_VERSION_CODE +EXPORT_SYMBOL(fsl_shw_read_tamper_event); +#endif +fsl_shw_return_t fsl_shw_read_tamper_event(fsl_shw_uco_t * user_ctx, + fsl_shw_tamper_t * tamperp, + uint64_t * timestampp) +{ + fsl_shw_return_t ret = FSL_RETURN_ERROR_S; + di_return_t di_ret; + uint32_t di_events = 0; + uint32_t di_time_stamp; + + /* Only blocking mode calls are supported */ + if (!(user_ctx->flags & FSL_UCO_BLOCKING_MODE)) { + ret = FSL_RETURN_BAD_FLAG_S; + goto out; + } + + di_ret = dryice_get_tamper_event(&di_events, &di_time_stamp, 0); + if ((di_ret != DI_SUCCESS) && (di_ret != DI_ERR_STATE)) { +#ifdef DIAG_SECURITY_FUNC + LOG_DIAG_ARGS("dryice_get_tamper_event returned %s\n", + di_error_string(di_ret)); +#endif + goto out; + } + + /* Pass time back to caller */ + *timestampp = (uint64_t) di_time_stamp; + + if (di_events & DI_TAMPER_EVENT_WTD) { + *tamperp = FSL_SHW_TAMPER_WTD; + } else if (di_events & DI_TAMPER_EVENT_ETBD) { + *tamperp = FSL_SHW_TAMPER_ETBD; + } else if (di_events & DI_TAMPER_EVENT_ETAD) { + *tamperp = FSL_SHW_TAMPER_ETAD; + } else if (di_events & DI_TAMPER_EVENT_EBD) { + *tamperp = FSL_SHW_TAMPER_EBD; + } else if (di_events & DI_TAMPER_EVENT_SAD) { + *tamperp = FSL_SHW_TAMPER_SAD; + } else if (di_events & DI_TAMPER_EVENT_TTD) { + *tamperp = FSL_SHW_TAMPER_TTD; + } else if (di_events & DI_TAMPER_EVENT_CTD) { + *tamperp = FSL_SHW_TAMPER_CTD; + } else if (di_events & DI_TAMPER_EVENT_VTD) { + *tamperp = FSL_SHW_TAMPER_VTD; + } else if (di_events & DI_TAMPER_EVENT_MCO) { + *tamperp = FSL_SHW_TAMPER_MCO; + } else if (di_events & DI_TAMPER_EVENT_TCO) { + *tamperp = FSL_SHW_TAMPER_TCO; + } else if (di_events != 0) { + /* Apparentliy a tamper type not known to this driver was detected */ + goto out; + } else { + *tamperp = FSL_SHW_TAMPER_NONE; + } + + ret = FSL_RETURN_OK_S; + + out: + return ret; +} /* end fn fsl_shw_read_tamper_event */ +#endif +/*! + * Convert an SHW HW key reference into a DI driver key reference + * + * @param shw_pf_key An SHW HW key value + * @param di_keyp Location to store the equivalent DI driver key + * + * @return FSL_RETURN_OK_S, or error if key is unknown or cannot translate. + */ +fsl_shw_return_t shw_convert_pf_key(fsl_shw_pf_key_t shw_pf_key, + di_key_t * di_keyp) +{ + fsl_shw_return_t ret = FSL_RETURN_BAD_FLAG_S; + + switch (shw_pf_key) { + case FSL_SHW_PF_KEY_IIM: + *di_keyp = DI_KEY_FK; + break; + case FSL_SHW_PF_KEY_RND: + *di_keyp = DI_KEY_RK; + break; + case FSL_SHW_PF_KEY_IIM_RND: + *di_keyp = DI_KEY_FRK; + break; + case FSL_SHW_PF_KEY_PRG: + *di_keyp = DI_KEY_PK; + break; + case FSL_SHW_PF_KEY_IIM_PRG: + *di_keyp = DI_KEY_FPK; + break; + default: + goto out; + } + + ret = FSL_RETURN_OK_S; + + out: + return ret; +} + +#ifdef DIAG_SECURITY_FUNC +const char *di_error_string(int code) +{ + char *str = "unknown"; + + switch (code) { + case DI_SUCCESS: + str = "operation was successful"; + break; + case DI_ERR_BUSY: + str = "device or resource busy"; + break; + case DI_ERR_STATE: + str = "dryice is in incompatible state"; + break; + case DI_ERR_INUSE: + str = "resource is already in use"; + break; + case DI_ERR_UNSET: + str = "resource has not been initialized"; + break; + case DI_ERR_WRITE: + str = "error occurred during register write"; + break; + case DI_ERR_INVAL: + str = "invalid argument"; + break; + case DI_ERR_FAIL: + str = "operation failed"; + break; + case DI_ERR_HLOCK: + str = "resource is hard locked"; + break; + case DI_ERR_SLOCK: + str = "resource is soft locked"; + break; + case DI_ERR_NOMEM: + str = "out of memory"; + break; + default: + break; + } + + return str; +} +#endif /* HAVE DRYICE */ diff --git a/drivers/mxc/security/rng/shw_hash.c b/drivers/mxc/security/rng/shw_hash.c new file mode 100644 index 000000000000..3aac05235bfa --- /dev/null +++ b/drivers/mxc/security/rng/shw_hash.c @@ -0,0 +1,328 @@ +/* + * Copyright (C) 2009-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + +/*! + * @file shw_hash.c + * + * This file contains implementations for use of the (internal) SHW hash + * software computation. It defines the usual three steps: + * + * - #shw_hash_init() + * - #shw_hash_update() + * - #shw_hash_final() + * + * In support of the above functions, it also contains these functions: + * - #sha256_init() + * - #sha256_process_block() + * + * + * These functions depend upon the Linux Endian functions __be32_to_cpu(), + * __cpu_to_be32() to convert a 4-byte big-endian array to an integer and + * vice-versa. For those without Linux, it should be pretty obvious what they + * do. + * + * The #shw_hash_update() and #shw_hash_final() functions are generic enough to + * support SHA-1/SHA-224/SHA-256, as needed. Some extra tweaking would be + * necessary to get them to support SHA-384/SHA-512. + * + */ + +#include "shw_driver.h" +#include "shw_hash.h" + +#ifndef __KERNEL__ +#include <asm/types.h> +#include <linux/byteorder/little_endian.h> /* or whichever is proper for target arch */ +#define printk printf +#endif + +/*! + * Rotate a value right by a number of bits. + * + * @param x Word of data which needs rotating + * @param y Number of bits to rotate + * + * @return The new value + */ +inline uint32_t rotr32fixed(uint32_t x, unsigned int y) +{ + return (uint32_t) ((x >> y) | (x << (32 - y))); +} + +#define blk0(i) (W[i] = data[i]) +// Referencing parameters so many times is really poor practice. Do not imitate these macros +#define blk2(i) (W[i & 15] += s1(W[(i - 2) & 15]) + W[(i - 7) & 15] + s0(W[(i - 15) & 15])) + +#define Ch(x,y,z) (z ^ (x & (y ^ z))) +#define Maj(x,y,z) ((x & y) | (z & (x | y))) + +#define a(i) T[(0 - i) & 7] +#define b(i) T[(1 - i) & 7] +#define c(i) T[(2 - i) & 7] +#define d(i) T[(3 - i) & 7] +#define e(i) T[(4 - i) & 7] +#define f(i) T[(5 - i) & 7] +#define g(i) T[(6 - i) & 7] +#define h(i) T[(7 - i) & 7] + +// This is a bad way to write a multi-statement macro... and referencing 'i' so many +// times is really poor practice. Do not imitate. +#define R(i) h(i) += S1( e(i)) + Ch(e(i), f(i), g(i)) + K[i + j] +(j ? blk2(i) : blk0(i));\ + d(i) += h(i);h(i) += S0(a(i)) + Maj(a(i), b(i), c(i)) + +// for SHA256 +#define S0(x) (rotr32fixed(x, 2) ^ rotr32fixed(x, 13) ^ rotr32fixed(x, 22)) +#define S1(x) (rotr32fixed(x, 6) ^ rotr32fixed(x, 11) ^ rotr32fixed(x, 25)) +#define s0(x) (rotr32fixed(x, 7) ^ rotr32fixed(x, 18) ^ (x >> 3)) +#define s1(x) (rotr32fixed(x, 17) ^ rotr32fixed(x, 19) ^ (x >> 10)) + +/*! + * Initialize the Hash State + * + * Constructs the SHA256 hash engine. + * Specification: + * State Size = 32 bytes + * Block Size = 64 bytes + * Digest Size = 32 bytes + * + * @param state Address of hash state structure + * + */ +void sha256_init(shw_hash_state_t * state) +{ + state->bit_count = 0; + state->partial_count_bytes = 0; + + state->state[0] = 0x6a09e667; + state->state[1] = 0xbb67ae85; + state->state[2] = 0x3c6ef372; + state->state[3] = 0xa54ff53a; + state->state[4] = 0x510e527f; + state->state[5] = 0x9b05688c; + state->state[6] = 0x1f83d9ab; + state->state[7] = 0x5be0cd19; +} + +const uint32_t K[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +/*! + * Hash a block of data into the SHA-256 hash state. + * + * This function hash the block of data in the @c partial_block + * element of the state structure into the state variables of the + * state structure. + * + * @param state Address of hash state structure + * + */ +static void sha256_process_block(shw_hash_state_t * state) +{ + uint32_t W[16]; + uint32_t T[8]; + uint32_t stack_buffer[SHW_HASH_BLOCK_WORD_SIZE]; + uint32_t *data = &stack_buffer[0]; + uint8_t *input = state->partial_block; + unsigned int i; + unsigned int j; + + /* Copy byte-oriented input block into word-oriented registers */ + for (i = 0; i < SHW_HASH_BLOCK_LEN / sizeof(uint32_t); + i++, input += sizeof(uint32_t)) { + stack_buffer[i] = __be32_to_cpu(*(uint32_t *) input); + } + + /* Copy context->state[] to working vars */ + memcpy(T, state->state, sizeof(T)); + + /* 64 operations, partially loop unrolled */ + for (j = 0; j < SHW_HASH_BLOCK_LEN; j += 16) { + R(0); + R(1); + R(2); + R(3); + R(4); + R(5); + R(6); + R(7); + R(8); + R(9); + R(10); + R(11); + R(12); + R(13); + R(14); + R(15); + } + /* Add the working vars back into context.state[] */ + state->state[0] += a(0); + state->state[1] += b(0); + state->state[2] += c(0); + state->state[3] += d(0); + state->state[4] += e(0); + state->state[5] += f(0); + state->state[6] += g(0); + state->state[7] += h(0); + + /* Wipe variables */ + memset(W, 0, sizeof(W)); + memset(T, 0, sizeof(T)); +} + +/*! + * Initialize the hash state structure + * + * @param state Address of hash state structure. + * @param alg Which hash algorithm to use (must be FSL_HASH_ALG_SHA1) + * + * @return FSL_RETURN_OK_S if all went well, otherwise an error code. + */ +fsl_shw_return_t shw_hash_init(shw_hash_state_t * state, fsl_shw_hash_alg_t alg) +{ + if (alg != FSL_HASH_ALG_SHA256) { + return FSL_RETURN_BAD_ALGORITHM_S; + } + + sha256_init(state); + + return FSL_RETURN_OK_S; +} + +/*! + * Add input bytes to the hash + * + * The bytes are added to the partial_block element of the hash state, and as + * the partial block is filled, it is processed by sha1_process_block(). This + * function also updates the bit_count element of the hash state. + * + * @param state Address of hash state structure + * @param input Address of bytes to add to the hash + * @param input_len Numbef of bytes at @c input + * + */ +fsl_shw_return_t shw_hash_update(shw_hash_state_t * state, + const uint8_t * input, unsigned int input_len) +{ + unsigned int bytes_needed; /* Needed to fill a block */ + unsigned int bytes_to_copy; /* to copy into the block */ + + /* Account for new data */ + state->bit_count += 8 * input_len; + + /* + * Process input bytes into the ongoing block; process the block when it + * gets full. + */ + while (input_len > 0) { + bytes_needed = SHW_HASH_BLOCK_LEN - state->partial_count_bytes; + bytes_to_copy = ((input_len < bytes_needed) ? + input_len : bytes_needed); + + /* Add in the bytes and do the accounting */ + memcpy(state->partial_block + state->partial_count_bytes, + input, bytes_to_copy); + input += bytes_to_copy; + input_len -= bytes_to_copy; + state->partial_count_bytes += bytes_to_copy; + + /* Run a full block through the transform */ + if (state->partial_count_bytes == SHW_HASH_BLOCK_LEN) { + sha256_process_block(state); + state->partial_count_bytes = 0; + } + } + + return FSL_RETURN_OK_S; +} /* end fn shw_hash_update */ + +/*! + * Finalize the hash + * + * Performs the finalize operation on the previous input data & returns the + * resulting digest. The finalize operation performs the appropriate padding + * up to the block size. + * + * @param state Address of hash state structure + * @param result Location to store the hash result + * @param result_len Number of bytes of @c result to be stored. + * + * @return FSL_RETURN_OK_S if all went well, FSL_RETURN_BAD_DATA_LENGTH_S if + * hash_len is too long, otherwise an error code. + */ +fsl_shw_return_t shw_hash_final(shw_hash_state_t * state, uint8_t * result, + unsigned int result_len) +{ + static const uint8_t pad[SHW_HASH_BLOCK_LEN * 2] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + + uint8_t data[sizeof(state->bit_count)]; + uint32_t pad_length; + uint64_t bit_count = state->bit_count; + uint8_t hash[SHW_HASH_LEN]; + int i; + + if (result_len > SHW_HASH_LEN) { + return FSL_RETURN_BAD_DATA_LENGTH_S; + } + + /* Save the length before padding. */ + for (i = sizeof(state->bit_count) - 1; i >= 0; i--) { + data[i] = bit_count & 0xFF; + bit_count >>= 8; + } + pad_length = ((state->partial_count_bytes < 56) ? + (56 - state->partial_count_bytes) : + (120 - state->partial_count_bytes)); + + /* Pad to 56 bytes mod 64 (BLOCK_SIZE). */ + shw_hash_update(state, pad, pad_length); + + /* + * Append the length. This should trigger transform of the final block. + */ + shw_hash_update(state, data, sizeof(state->bit_count)); + + /* Copy the result into a byte array */ + for (i = 0; i < SHW_HASH_STATE_WORDS; i++) { + *(uint32_t *) (hash + 4 * i) = __cpu_to_be32(state->state[i]); + } + + /* And copy the result out to caller */ + memcpy(result, hash, result_len); + + return FSL_RETURN_OK_S; +} /* end fn shw_hash_final */ diff --git a/drivers/mxc/security/rng/shw_hmac.c b/drivers/mxc/security/rng/shw_hmac.c new file mode 100644 index 000000000000..57c086405a49 --- /dev/null +++ b/drivers/mxc/security/rng/shw_hmac.c @@ -0,0 +1,145 @@ +/* + * Copyright (C) 2009-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + +/*! + * @file shw_hmac.c + * + * This file contains implementations for use of the (internal) SHW HMAC + * software computation. It defines the usual three steps: + * + * - #shw_hmac_init() + * - #shw_hmac_update() + * - #shw_hmac_final() + * + * + */ + +#include "shw_driver.h" +#include "shw_hmac.h" + +#ifndef __KERNEL__ +#include <asm/types.h> +#include <linux/byteorder/little_endian.h> /* or whichever is proper for target arch */ +#define printk printf +#endif + +/*! XOR value for HMAC inner key */ +#define INNER_HASH_CONSTANT 0x36 + +/*! XOR value for HMAC outer key */ +#define OUTER_HASH_CONSTANT 0x5C + +/*! + * Initialize the HMAC state structure with the HMAC key + * + * @param state Address of HMAC state structure + * @param key Address of the key to be used for the HMAC. + * @param key_len Number of bytes of @c key. + * + * Convert the key into its equivalent inner and outer hash state objects. + * + * @return FSL_RETURN_OK_S if all went well, otherwise an error code. + */ +fsl_shw_return_t shw_hmac_init(shw_hmac_state_t * state, + const uint8_t * key, unsigned int key_len) +{ + fsl_shw_return_t code = FSL_RETURN_ERROR_S; + uint8_t first_block[SHW_HASH_BLOCK_LEN]; + unsigned int i; + + /* Don't bother handling the pre-hash. */ + if (key_len > SHW_HASH_BLOCK_LEN) { + code = FSL_RETURN_BAD_KEY_LENGTH_S; + goto out; + } + + /* Prepare inner hash */ + for (i = 0; i < SHW_HASH_BLOCK_LEN; i++) { + if (i < key_len) { + first_block[i] = key[i] ^ INNER_HASH_CONSTANT; + } else { + first_block[i] = INNER_HASH_CONSTANT; + } + } + code = shw_hash_init(&state->inner_hash, FSL_HASH_ALG_SHA256); + if (code != FSL_RETURN_OK_S) { + goto out; + } + shw_hash_update(&state->inner_hash, first_block, SHW_HASH_BLOCK_LEN); + + /* Prepare outer hash */ + for (i = 0; i < SHW_HASH_BLOCK_LEN; i++) { + if (i < key_len) { + first_block[i] = key[i] ^ OUTER_HASH_CONSTANT; + } else { + first_block[i] = OUTER_HASH_CONSTANT; + } + } + code = shw_hash_init(&state->outer_hash, FSL_HASH_ALG_SHA256); + if (code != FSL_RETURN_OK_S) { + goto out; + } + shw_hash_update(&state->outer_hash, first_block, SHW_HASH_BLOCK_LEN); + + /* Wipe evidence of key */ + memset(first_block, 0, SHW_HASH_BLOCK_LEN); + + out: + return code; +} + +/*! + * Put data into the HMAC calculation + * + * Send the msg data inner inner hash's update function. + * + * @param state Address of HMAC state structure. + * @param msg Address of the message data for the HMAC. + * @param msg_len Number of bytes of @c msg. + * + * @return FSL_RETURN_OK_S if all went well, otherwise an error code. + */ +fsl_shw_return_t shw_hmac_update(shw_hmac_state_t * state, + const uint8_t * msg, unsigned int msg_len) +{ + shw_hash_update(&state->inner_hash, msg, msg_len); + + return FSL_RETURN_OK_S; +} + +/*! + * Calculate the final HMAC + * + * @param state Address of HMAC state structure. + * @param hmac Address of location to store the HMAC. + * @param hmac_len Number of bytes of @c mac to be stored. Probably best if + * this value is no greater than #SHW_HASH_LEN. + * + * This function finalizes the internal hash, and uses that result as + * data for the outer hash. As many bytes of that result are passed + * to the user as desired. + * + * @return FSL_RETURN_OK_S if all went well, otherwise an error code. + */ +fsl_shw_return_t shw_hmac_final(shw_hmac_state_t * state, + uint8_t * hmac, unsigned int hmac_len) +{ + uint8_t hash_result[SHW_HASH_LEN]; + + shw_hash_final(&state->inner_hash, hash_result, sizeof(hash_result)); + shw_hash_update(&state->outer_hash, hash_result, SHW_HASH_LEN); + + shw_hash_final(&state->outer_hash, hmac, hmac_len); + + return FSL_RETURN_OK_S; +} diff --git a/drivers/mxc/security/rng/shw_memory_mapper.c b/drivers/mxc/security/rng/shw_memory_mapper.c new file mode 100644 index 000000000000..d7b82576a6cd --- /dev/null +++ b/drivers/mxc/security/rng/shw_memory_mapper.c @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2005-2010 Freescale Semiconductor, Inc. All Rights Reserved. + */ + +/* + * The code contained herein is licensed under the GNU General Public + * License. You may obtain a copy of the GNU General Public License + * Version 2 or later at the following locations: + * + * http://www.opensource.org/licenses/gpl-license.html + * http://www.gnu.org/copyleft/gpl.html + */ + + + +/** + * Memory management functions, from Sahara Crypto API + * + * This is a subset of the memory management functions from the Sahara Crypto + * API, and is intended to support user secure partitions. + */ + +#include "portable_os.h" +#include "fsl_shw.h" + +#include <linux/mm.h> +#include <linux/slab.h> +#include <linux/pagemap.h> + +#ifdef SHW_DEBUG +#include <diagnostic.h> +#endif + +/* Page context structure. Used by wire_user_memory and unwire_user_memory */ +typedef struct page_ctx_t { + uint32_t count; + struct page **local_pages; +} page_ctx_t; + +/** +******************************************************************************* +* Map and wire down a region of user memory. +* +* +* @param address Userspace address of the memory to wire +* @param length Length of the memory region to wire +* @param page_ctx Page context, to be passed to unwire_user_memory +* +* @return (if successful) Kernel virtual address of the wired pages +*/ +void* wire_user_memory(void* address, uint32_t length, void **page_ctx) +{ + void* kernel_black_addr = NULL; + int result = -1; + int page_index = 0; + page_ctx_t *page_context; + int nr_pages = 0; + unsigned long start_page; + fsl_shw_return_t status; + + /* Determine the number of pages being used for this link */ + nr_pages = (((unsigned long)(address) & ~PAGE_MASK) + + length + ~PAGE_MASK) >> PAGE_SHIFT; + + start_page = (unsigned long)(address) & PAGE_MASK; + + /* Allocate some memory to keep track of the wired user pages, so that + * they can be deallocated later. The block of memory will contain both + * the structure and the array of pages. + */ + page_context = kmalloc(sizeof(page_ctx_t) + + nr_pages * sizeof(struct page *), GFP_KERNEL); + + if (page_context == NULL) { + status = FSL_RETURN_NO_RESOURCE_S; /* no memory! */ +#ifdef DIAG_DRV_IF + LOG_KDIAG("kmalloc() failed."); +#endif + return NULL; + } + + /* Set the page pointer to point to the allocated region of memory */ + page_context->local_pages = (void*)page_context + sizeof(page_ctx_t); + +#ifdef DIAG_DRV_IF + LOG_KDIAG_ARGS("page_context at: %p, local_pages at: %p", + (void *)page_context, + (void *)(page_context->local_pages)); +#endif + + /* Wire down the pages from user space */ + down_read(¤t->mm->mmap_sem); + result = get_user_pages(current, current->mm, + start_page, nr_pages, + WRITE, 0 /* noforce */, + (page_context->local_pages), NULL); + up_read(¤t->mm->mmap_sem); + + if (result < nr_pages) { +#ifdef DIAG_DRV_IF + LOG_KDIAG("get_user_pages() failed."); +#endif + if (result > 0) { + for (page_index = 0; page_index < result; page_index++) + page_cache_release((page_context->local_pages[page_index])); + + kfree(page_context); + } + return NULL; + } + + kernel_black_addr = page_address(page_context->local_pages[0]) + + ((unsigned long)address & ~PAGE_MASK); + + page_context->count = nr_pages; + *page_ctx = page_context; + + return kernel_black_addr; +} + + +/** +******************************************************************************* +* Release and unmap a region of user memory. +* +* @param page_ctx Page context from wire_user_memory +*/ +void unwire_user_memory(void** page_ctx) +{ + int page_index = 0; + struct page_ctx_t *page_context = *page_ctx; + +#ifdef DIAG_DRV_IF + LOG_KDIAG_ARGS("page_context at: %p, first page at:%p, count: %i", + (void *)page_context, + (void *)(page_context->local_pages), + page_context->count); +#endif + + if ((page_context != NULL) && (page_context->local_pages != NULL)) { + for (page_index = 0; page_index < page_context->count; page_index++) + page_cache_release(page_context->local_pages[page_index]); + + kfree(page_context); + *page_ctx = NULL; + } +} + + +/** +******************************************************************************* +* Map some physical memory into a users memory space +* +* @param vma Memory structure to map to +* @param physical_addr Physical address of the memory to be mapped in +* @param size Size of the memory to map (bytes) +* +* @return +*/ +os_error_code +map_user_memory(struct vm_area_struct *vma, uint32_t physical_addr, uint32_t size) +{ + os_error_code retval; + + /* Map the acquired partition into the user's memory space */ + vma->vm_end = vma->vm_start + size; + + /* set cache policy to uncached so that each write of the UMID and + * permissions get directly to the SCC2 in order to engage it + * properly. Once the permissions have been written, it may be + * useful to provide a service for the user to request a different + * cache policy + */ + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); + + /* Make sure that the user cannot fork() a child which will inherit + * this mapping, as it creates a security hole. Likewise, do not + * allow the user to 'expand' his mapping beyond this partition. + */ + vma->vm_flags |= VM_IO | VM_RESERVED | VM_DONTCOPY | VM_DONTEXPAND; + + retval = remap_pfn_range(vma, + vma->vm_start, + __phys_to_pfn(physical_addr), + size, + vma->vm_page_prot); + + return retval; +} + + +/** +******************************************************************************* +* Remove some memory from a user's memory space +* +* @param user_addr Userspace address of the memory to be unmapped +* @param size Size of the memory to map (bytes) +* +* @return +*/ +os_error_code +unmap_user_memory(uint32_t user_addr, uint32_t size) +{ + os_error_code retval; + struct mm_struct *mm = current->mm; + + /* Unmap the memory region (see sys_munmap in mmap.c) */ + down_write(&mm->mmap_sem); + retval = do_munmap(mm, (unsigned long)user_addr, size); + up_write(&mm->mmap_sem); + + return retval; +} |