diff options
Diffstat (limited to 'drivers/nxp/crypto/caam/src/auth')
-rw-r--r-- | drivers/nxp/crypto/caam/src/auth/auth.mk | 12 | ||||
-rw-r--r-- | drivers/nxp/crypto/caam/src/auth/hash.c | 155 | ||||
-rw-r--r-- | drivers/nxp/crypto/caam/src/auth/nxp_crypto.c | 123 | ||||
-rw-r--r-- | drivers/nxp/crypto/caam/src/auth/rsa.c | 179 |
4 files changed, 469 insertions, 0 deletions
diff --git a/drivers/nxp/crypto/caam/src/auth/auth.mk b/drivers/nxp/crypto/caam/src/auth/auth.mk new file mode 100644 index 0000000..d1f8c75 --- /dev/null +++ b/drivers/nxp/crypto/caam/src/auth/auth.mk @@ -0,0 +1,12 @@ +# +# Copyright 2018-2020 NXP +# +# SPDX-License-Identifier: BSD-3-Clause +# +# + +SEC_DRIVERS_PATH := drivers/nxp/crypto/caam + +ifeq (${TRUSTED_BOARD_BOOT},1) +AUTH_SOURCES += $(wildcard $(SEC_DRIVERS_PATH)/src/auth/*.c) +endif diff --git a/drivers/nxp/crypto/caam/src/auth/hash.c b/drivers/nxp/crypto/caam/src/auth/hash.c new file mode 100644 index 0000000..1665df1 --- /dev/null +++ b/drivers/nxp/crypto/caam/src/auth/hash.c @@ -0,0 +1,155 @@ +/* + * Copyright 2021 NXP + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <errno.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <arch_helpers.h> +#include "caam.h" +#include <common/debug.h> +#include <drivers/auth/crypto_mod.h> + +#include "hash.h" +#include "jobdesc.h" +#include "sec_hw_specific.h" + +/* Since no Allocator is available . Taking a global static ctx. + * This would mean that only one active ctx can be there at a time. + */ + +static struct hash_ctx glbl_ctx; + +static void hash_done(uint32_t *desc, uint32_t status, void *arg, + void *job_ring) +{ + INFO("Hash Desc SUCCESS with status %x\n", status); +} + +/*************************************************************************** + * Function : hash_init + * Arguments : ctx - SHA context + * Return : init, + * Description : This function initializes the context for SHA calculation + ***************************************************************************/ +int hash_init(enum hash_algo algo, void **ctx) +{ + if (glbl_ctx.active == false) { + memset(&glbl_ctx, 0, sizeof(struct hash_ctx)); + glbl_ctx.active = true; + glbl_ctx.algo = algo; + *ctx = &glbl_ctx; + return 0; + } else { + return -1; + } +} + +/*************************************************************************** + * Function : hash_update + * Arguments : ctx - SHA context + * buffer - Data + * length - Length + * Return : -1 on error + * 0 on SUCCESS + * Description : This function creates SG entry of the data provided + ***************************************************************************/ +int hash_update(enum hash_algo algo, void *context, void *data_ptr, + unsigned int data_len) +{ + struct hash_ctx *ctx = context; + /* MAX_SG would be MAX_SG_ENTRIES + key + hdr + sg table */ + if (ctx->sg_num >= MAX_SG) { + ERROR("Reached limit for calling %s\n", __func__); + ctx->active = false; + return -EINVAL; + + } + + if (ctx->algo != algo) { + ERROR("ctx for algo not correct\n"); + ctx->active = false; + return -EINVAL; + } + +#if defined(SEC_MEM_NON_COHERENT) && defined(IMAGE_BL2) + flush_dcache_range((uintptr_t)data_ptr, data_len); + dmbsy(); +#endif + +#ifdef CONFIG_PHYS_64BIT + sec_out32(&ctx->sg_tbl[ctx->sg_num].addr_hi, + (uint32_t) ((uintptr_t) data_ptr >> 32)); +#else + sec_out32(&ctx->sg_tbl[ctx->sg_num].addr_hi, 0x0); +#endif + sec_out32(&ctx->sg_tbl[ctx->sg_num].addr_lo, (uintptr_t) data_ptr); + + sec_out32(&ctx->sg_tbl[ctx->sg_num].len_flag, + (data_len & SG_ENTRY_LENGTH_MASK)); + + ctx->sg_num++; + + ctx->len += data_len; + + return 0; +} + +/*************************************************************************** + * Function : hash_final + * Arguments : ctx - SHA context + * Return : SUCCESS or FAILURE + * Description : This function sets the final bit and enqueues the decriptor + ***************************************************************************/ +int hash_final(enum hash_algo algo, void *context, void *hash_ptr, + unsigned int hash_len) +{ + int ret = 0; + struct hash_ctx *ctx = context; + uint32_t final = 0U; + + struct job_descriptor jobdesc __aligned(CACHE_WRITEBACK_GRANULE); + + jobdesc.arg = NULL; + jobdesc.callback = hash_done; + + if (ctx->algo != algo) { + ERROR("ctx for algo not correct\n"); + ctx->active = false; + return -EINVAL; + } + + final = sec_in32(&ctx->sg_tbl[ctx->sg_num - 1].len_flag) | + SG_ENTRY_FINAL_BIT; + sec_out32(&ctx->sg_tbl[ctx->sg_num - 1].len_flag, final); + + dsb(); + + /* create the hw_rng descriptor */ + cnstr_hash_jobdesc(jobdesc.desc, (uint8_t *) ctx->sg_tbl, + ctx->len, hash_ptr); + +#if defined(SEC_MEM_NON_COHERENT) && defined(IMAGE_BL2) + flush_dcache_range((uintptr_t)ctx->sg_tbl, + (sizeof(struct sg_entry) * MAX_SG)); + inv_dcache_range((uintptr_t)hash_ptr, hash_len); + + dmbsy(); +#endif + + /* Finally, generate the requested random data bytes */ + ret = run_descriptor_jr(&jobdesc); + if (ret != 0) { + ERROR("Error in running descriptor\n"); + ret = -1; + } + ctx->active = false; + return ret; +} diff --git a/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c b/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c new file mode 100644 index 0000000..646e981 --- /dev/null +++ b/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c @@ -0,0 +1,123 @@ +/* + * Copyright 2021 NXP + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <stddef.h> +#include <string.h> + +#include "caam.h" +#include <common/debug.h> +#include <drivers/auth/crypto_mod.h> + +#include "hash.h" +#include "rsa.h" + +#define LIB_NAME "NXP crypto" + +/* + * Initialize the library and export the descriptor + */ +static void init(void) +{ + /* Initialize NXP crypto library`:*/ + NOTICE("Initializing & configuring SEC block.\n"); + + if (config_sec_block() < 0) { + ERROR("Init & config failure for caam.\n"); + } +} + +/* + * Verify a signature. + * + * For IMG_PLAT - data points to a PKCS#1.5 encoded HASH + * sig_alg will be RSA or ECC + * Parameters are passed using the DER encoding format following the ASN.1 + * structures detailed above. + */ +static int verify_signature(void *data_ptr, unsigned int data_len, + void *sig_ptr, unsigned int sig_len, + void *sign_alg, unsigned int sig_alg_len, + void *pk_ptr, unsigned int pk_len) +{ + int ret = CRYPTO_SUCCESS; + + enum sig_alg alg = *(enum sig_alg *)sign_alg; + + switch (alg) { + case RSA: + NOTICE("Verifying RSA\n"); + ret = rsa_verify_signature(data_ptr, data_len, sig_ptr, sig_len, + pk_ptr, pk_len); + break; + case ECC: + default: + ret = CRYPTO_ERR_SIGNATURE; + break; + } + + if (ret != 0) { + ERROR("RSA verification Failed\n"); + } + return ret; + +} + +/* + * Match a hash + * + * Digest info is passed as a table of SHA-26 hashes and digest_info_len + * is number of entries in the table + * This implementation is very specific to the CSF header parser ROTPK + * comparison. + */ +static int verify_hash(void *data_ptr, unsigned int data_len, + void *digest_info_ptr, unsigned int digest_info_len) +{ + void *ctx = NULL; + int i = 0, ret = 0; + enum hash_algo algo = SHA256; + uint8_t hash[SHA256_BYTES] __aligned(CACHE_WRITEBACK_GRANULE) = {0}; + uint32_t digest_size = SHA256_BYTES; + uint8_t *hash_tbl = digest_info_ptr; + + NOTICE("Verifying hash\n"); + ret = hash_init(algo, &ctx); + if (ret != 0) { + return CRYPTO_ERR_HASH; + } + + /* Update hash with that of SRK table */ + ret = hash_update(algo, ctx, data_ptr, data_len); + if (ret != 0) { + return CRYPTO_ERR_HASH; + } + + /* Copy hash at destination buffer */ + ret = hash_final(algo, ctx, hash, digest_size); + if (ret != 0) { + return CRYPTO_ERR_HASH; + } + + VERBOSE("%s Calculated hash\n", __func__); + for (i = 0; i < SHA256_BYTES/4; i++) { + VERBOSE("%x\n", *((uint32_t *)hash + i)); + } + + for (i = 0; i < digest_info_len; i++) { + if (memcmp(hash, (hash_tbl + (i * digest_size)), + digest_size) == 0) { + return CRYPTO_SUCCESS; + } + } + + return CRYPTO_ERR_HASH; +} + +/* + * Register crypto library descriptor + */ +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); diff --git a/drivers/nxp/crypto/caam/src/auth/rsa.c b/drivers/nxp/crypto/caam/src/auth/rsa.c new file mode 100644 index 0000000..0c44462 --- /dev/null +++ b/drivers/nxp/crypto/caam/src/auth/rsa.c @@ -0,0 +1,179 @@ +/* + * Copyright 2021 NXP + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <errno.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <arch_helpers.h> +#include "caam.h" +#include <common/debug.h> +#include <drivers/auth/crypto_mod.h> + +#include "jobdesc.h" +#include "rsa.h" +#include "sec_hw_specific.h" + +/* This array contains DER value for SHA-256 */ +static const uint8_t hash_identifier[] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, + 0x04, 0x20 +}; + +static void rsa_done(uint32_t *desc, uint32_t status, void *arg, + void *job_ring) +{ + INFO("RSA Desc SUCCESS with status %x\n", status); +} + +static int rsa_public_verif_sec(uint8_t *sign, uint8_t *to, + uint8_t *rsa_pub_key, uint32_t klen) +{ + int ret = 0; + struct rsa_context ctx __aligned(CACHE_WRITEBACK_GRANULE); + struct job_descriptor jobdesc __aligned(CACHE_WRITEBACK_GRANULE); + + jobdesc.arg = NULL; + jobdesc.callback = rsa_done; + + memset(&ctx, 0, sizeof(struct rsa_context)); + + ctx.pkin.a = sign; + ctx.pkin.a_siz = klen; + ctx.pkin.n = rsa_pub_key; + ctx.pkin.n_siz = klen; + ctx.pkin.e = rsa_pub_key + klen; + ctx.pkin.e_siz = klen; + + cnstr_jobdesc_pkha_rsaexp(jobdesc.desc, &ctx.pkin, to, klen); + +#if defined(SEC_MEM_NON_COHERENT) && defined(IMAGE_BL2) + flush_dcache_range((uintptr_t)sign, klen); + flush_dcache_range((uintptr_t)rsa_pub_key, 2 * klen); + flush_dcache_range((uintptr_t)&ctx.pkin, sizeof(ctx.pkin)); + inv_dcache_range((uintptr_t)to, klen); + + dmbsy(); + dsbsy(); + isb(); +#endif + + /* Finally, generate the requested random data bytes */ + ret = run_descriptor_jr(&jobdesc); + if (ret != 0) { + ERROR("Error in running descriptor\n"); + ret = -1; + } +#if defined(SEC_MEM_NON_COHERENT) && defined(IMAGE_BL2) + inv_dcache_range((uintptr_t)to, klen); + dmbsy(); + dsbsy(); + isb(); +#endif + return ret; +} + +/* + * Construct encoded hash EM' wrt PKCSv1.5. This function calculates the + * pointers for padding, DER value and hash. And finally, constructs EM' + * which includes hash of complete CSF header and ESBC image. If SG flag + * is on, hash of SG table and entries is also included. + */ +static int construct_img_encoded_hash_second(uint8_t *hash, uint8_t hash_len, + uint8_t *encoded_hash_second, + unsigned int key_len) +{ + /* + * RSA PKCSv1.5 encoding format for encoded message is below + * EM = 0x0 || 0x1 || PS || 0x0 || DER || Hash + * PS is Padding String + * DER is DER value for SHA-256 + * Hash is SHA-256 hash + * ********************************************************* + * representative points to first byte of EM initially and is + * filled with 0x0 + * representative is incremented by 1 and second byte is filled + * with 0x1 + * padding points to third byte of EM + * digest points to full length of EM - 32 bytes + * hash_id (DER value) points to 19 bytes before pDigest + * separator is one byte which separates padding and DER + */ + + unsigned int len; + uint8_t *representative; + uint8_t *padding, *digest; + uint8_t *hash_id, *separator; + int i; + int ret = 0; + + if (hash_len != SHA256_BYTES) { + return -1; + } + + /* Key length = Modulus length */ + len = (key_len / 2U) - 1U; + representative = encoded_hash_second; + representative[0] = 0U; + representative[1] = 1U; /* block type 1 */ + + padding = &representative[2]; + digest = &representative[1] + len - 32; + hash_id = digest - sizeof(hash_identifier); + separator = hash_id - 1; + + /* fill padding area pointed by padding with 0xff */ + memset(padding, 0xff, separator - padding); + + /* fill byte pointed by separator */ + *separator = 0U; + + /* fill SHA-256 DER value pointed by HashId */ + memcpy(hash_id, hash_identifier, sizeof(hash_identifier)); + + /* fill hash pointed by Digest */ + for (i = 0; i < SHA256_BYTES; i++) { + digest[i] = hash[i]; + } + + return ret; +} + +int rsa_verify_signature(void *hash_ptr, unsigned int hash_len, + void *sig_ptr, unsigned int sig_len, + void *pk_ptr, unsigned int pk_len) +{ + uint8_t img_encoded_hash_second[RSA_4K_KEY_SZ_BYTES]; + uint8_t encoded_hash[RSA_4K_KEY_SZ_BYTES] __aligned(CACHE_WRITEBACK_GRANULE); + int ret = 0; + + ret = construct_img_encoded_hash_second(hash_ptr, hash_len, + img_encoded_hash_second, + pk_len); + if (ret != 0) { + ERROR("Encoded Hash Failure\n"); + return CRYPTO_ERR_SIGNATURE; + } + + ret = rsa_public_verif_sec(sig_ptr, encoded_hash, pk_ptr, pk_len / 2); + if (ret != 0) { + ERROR("RSA signature Failure\n"); + return CRYPTO_ERR_SIGNATURE; + } + + ret = memcmp(img_encoded_hash_second, encoded_hash, sig_len); + if (ret != 0) { + ERROR("Comparison Failure\n"); + return CRYPTO_ERR_SIGNATURE; + } + + return CRYPTO_SUCCESS; +} |