brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 23:36:23 +09:00
Code Issues Projects Releases Wiki Activity
84287c5d3b
linux-brain/drivers/crypto/caam/caamkeyblob.h
Iuliana Prodan 84287c5d3b MLK-24420-2 crypto: caam - add support for black keys and blobs 
CAAM's Black Key mechanism is intended for protection
of user keys against bus snooping. This automatically
encapsulates and decapsulates cryptographic keys ''on-the-fly''
in an encrypted data structure called a Black Key.
Before a value is copied from a Key Register to memory,
CAAM will automatically encrypt the key as a Black Key
(encrypted key) using the current value in the JDKEKR or
TDKEKR as the encryption key.

CAAM's built-in Blob Protocol provides a method for protecting
user-defined data across system power cycles. CAAM protects data
in a data structure called a Blob, which provides both confidentiality
and integrity protection. The data to be protected is encrypted so that
it can be safely placed into non-volatile storage before the SoC is
powered down.

This patch includes the support to generate a black key from random or
from a plaintext. Also one can encapsulate it into a blob or decapsulate
a black key from a blob.
The key and blob generation descriptors are exported into a separate file,
such that they could be shared with other interfaces (qi, qi2).

This feature has support only for black keys, encapsulated in
black blobs in General Memory.

In caamkeyblob_test.c file is a test that validates the above
operations: create a black key from plaintext or from random,
encapsulate and decapsulate a blob and compare the obtained black key.
This test is configured as a kernel module.

Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
2020-08-13 18:16:06 +03:00

78 lines
2.4 KiB
C
Raw Blame History

/* SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) */
/*
* Black key generation and blob encapsulation/decapsualtion for CAAM
*
* Copyright 2018-2020 NXP
*/
#ifndef _CAAMKEYBLOB_H_
#define _CAAMKEYBLOB_H_
#include <linux/device.h>
#include "caamkeyblob_desc.h"
/*
* Minimum key size to be used is 16 bytes and maximum key size fixed
* is 64 bytes.
* Blob size to be kept is Maximum key size + blob header added by CAAM.
*/
#define MIN_KEY_SIZE 16
#define MAX_KEY_SIZE 64
#define MAX_BLACK_KEY_SIZE (MAX_KEY_SIZE + CCM_OVERHEAD +\
TAG_OVERHEAD_SIZE)
#define BLOB_HEADER_SIZE 4
#define MAX_BLOB_SIZE (MAX_KEY_SIZE + BLOB_OVERHEAD +\
BLOB_HEADER_SIZE)
/* Key modifier for CAAM blobs, used as a revision number */
static const char caam_key_modifier[KEYMOD_SIZE_GM] = {
'C', 'A', 'A', 'M', '_', 'K', 'E', 'Y',
'_', 'T', 'Y', 'P', 'E', '_', 'V', '1',
};
/**
* struct keyblob_info - Structure that contains all the data necessary
* to generate a black key and encapsulate it into a blob
*
* @key : The plaintext used as input key
* for black key generation
* @key_len : Size of plaintext or size of key in case of
* black key generated from random
* @type : The type of data contained (e.g. black key, blob, etc.)
* @black_key_len : Length of the generated black key
* @black_key : Black key data obtained from CAAM
* @blob_len : Length of the blob that encapsulates the black key
* @blob : Blob data obtained from CAAM
* @key_modifier_len : 8-byte or 16-byte Key_Modifier based on general or
* secure memory blob type
* @key_modifier : can be either a secret value, or used as a revision
* number, revision date or nonce
* In this case is used as a revision number.
*/
struct keyblob_info {
char *key;
size_t key_len;
u32 type;
size_t black_key_len;
unsigned char black_key[MAX_BLACK_KEY_SIZE];
size_t blob_len;
unsigned char blob[MAX_BLOB_SIZE];
size_t key_mod_len;
const void *key_mod;
};
int generate_black_key(struct device *dev, struct keyblob_info *info);
int caam_blob_encap(struct device *dev, struct keyblob_info *info);
int caam_blob_decap(struct device *dev, struct keyblob_info *info);
#endif /* _CAAMKEYBLOB_H_ */
Reference in New Issue View Git Blame Copy Permalink