mirror of
https://github.com/brain-hackers/linux-brain.git
synced 2024-06-09 23:36:23 +09:00
84287c5d3b
CAAM's Black Key mechanism is intended for protection of user keys against bus snooping. This automatically encapsulates and decapsulates cryptographic keys ''on-the-fly'' in an encrypted data structure called a Black Key. Before a value is copied from a Key Register to memory, CAAM will automatically encrypt the key as a Black Key (encrypted key) using the current value in the JDKEKR or TDKEKR as the encryption key. CAAM's built-in Blob Protocol provides a method for protecting user-defined data across system power cycles. CAAM protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. The data to be protected is encrypted so that it can be safely placed into non-volatile storage before the SoC is powered down. This patch includes the support to generate a black key from random or from a plaintext. Also one can encapsulate it into a blob or decapsulate a black key from a blob. The key and blob generation descriptors are exported into a separate file, such that they could be shared with other interfaces (qi, qi2). This feature has support only for black keys, encapsulated in black blobs in General Memory. In caamkeyblob_test.c file is a test that validates the above operations: create a black key from plaintext or from random, encapsulate and decapsulate a blob and compare the obtained black key. This test is configured as a kernel module. Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
78 lines
2.4 KiB
C
78 lines
2.4 KiB
C
/* SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) */
|
|
/*
|
|
* Black key generation and blob encapsulation/decapsualtion for CAAM
|
|
*
|
|
* Copyright 2018-2020 NXP
|
|
*/
|
|
|
|
#ifndef _CAAMKEYBLOB_H_
|
|
#define _CAAMKEYBLOB_H_
|
|
|
|
#include <linux/device.h>
|
|
#include "caamkeyblob_desc.h"
|
|
|
|
/*
|
|
* Minimum key size to be used is 16 bytes and maximum key size fixed
|
|
* is 64 bytes.
|
|
* Blob size to be kept is Maximum key size + blob header added by CAAM.
|
|
*/
|
|
|
|
#define MIN_KEY_SIZE 16
|
|
#define MAX_KEY_SIZE 64
|
|
|
|
#define MAX_BLACK_KEY_SIZE (MAX_KEY_SIZE + CCM_OVERHEAD +\
|
|
TAG_OVERHEAD_SIZE)
|
|
|
|
#define BLOB_HEADER_SIZE 4
|
|
#define MAX_BLOB_SIZE (MAX_KEY_SIZE + BLOB_OVERHEAD +\
|
|
BLOB_HEADER_SIZE)
|
|
|
|
/* Key modifier for CAAM blobs, used as a revision number */
|
|
static const char caam_key_modifier[KEYMOD_SIZE_GM] = {
|
|
'C', 'A', 'A', 'M', '_', 'K', 'E', 'Y',
|
|
'_', 'T', 'Y', 'P', 'E', '_', 'V', '1',
|
|
};
|
|
|
|
/**
|
|
* struct keyblob_info - Structure that contains all the data necessary
|
|
* to generate a black key and encapsulate it into a blob
|
|
*
|
|
* @key : The plaintext used as input key
|
|
* for black key generation
|
|
* @key_len : Size of plaintext or size of key in case of
|
|
* black key generated from random
|
|
* @type : The type of data contained (e.g. black key, blob, etc.)
|
|
* @black_key_len : Length of the generated black key
|
|
* @black_key : Black key data obtained from CAAM
|
|
* @blob_len : Length of the blob that encapsulates the black key
|
|
* @blob : Blob data obtained from CAAM
|
|
* @key_modifier_len : 8-byte or 16-byte Key_Modifier based on general or
|
|
* secure memory blob type
|
|
* @key_modifier : can be either a secret value, or used as a revision
|
|
* number, revision date or nonce
|
|
* In this case is used as a revision number.
|
|
*/
|
|
struct keyblob_info {
|
|
char *key;
|
|
size_t key_len;
|
|
|
|
u32 type;
|
|
|
|
size_t black_key_len;
|
|
unsigned char black_key[MAX_BLACK_KEY_SIZE];
|
|
|
|
size_t blob_len;
|
|
unsigned char blob[MAX_BLOB_SIZE];
|
|
|
|
size_t key_mod_len;
|
|
const void *key_mod;
|
|
};
|
|
|
|
int generate_black_key(struct device *dev, struct keyblob_info *info);
|
|
|
|
int caam_blob_encap(struct device *dev, struct keyblob_info *info);
|
|
|
|
int caam_blob_decap(struct device *dev, struct keyblob_info *info);
|
|
|
|
#endif /* _CAAMKEYBLOB_H_ */
|