MLK-24496 crypto: caam - add tag object header to blob
Tagged object header was added to have red key (plaintext)
length available for blob decapsulation.
Fixes: 60baeafa83
("MLK-24420-3 crypto: caam - add ioctl calls for black keys and blobs generation")
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
5.4-rM2-2.2.x-imx-squashed
parent
8ab16bdb78
commit
1a6588c4a4
|
@ -22,42 +22,54 @@ static long caam_keygen_ioctl(struct file *file, unsigned int cmd,
|
||||||
unsigned long arg);
|
unsigned long arg);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* tag_black_key - Tag a black key with a tag object header.
|
* tag_black_obj - Tag a black object (key/blob) with a tag object header.
|
||||||
*
|
*
|
||||||
* @info : keyblob_info structure, which contains
|
* @info : keyblob_info structure, which contains
|
||||||
* the black key, obtained from CAAM,
|
* the black key/blob, obtained from CAAM,
|
||||||
* that needs to be tagged
|
* that needs to be tagged
|
||||||
* @black_key_max_len : The maximum size of a black key
|
* @black_max_len : The maximum size of the black object (blob/key)
|
||||||
|
* @blob : Used to determine if it's a blob or key object
|
||||||
*
|
*
|
||||||
* Return : '0' on success, error code otherwise
|
* Return : '0' on success, error code otherwise
|
||||||
*/
|
*/
|
||||||
static int tag_black_key(struct keyblob_info *info, size_t black_key_max_len)
|
static int tag_black_obj(struct keyblob_info *info, size_t black_max_len,
|
||||||
|
bool blob)
|
||||||
{
|
{
|
||||||
struct header_conf tag;
|
struct header_conf tag;
|
||||||
u32 type;
|
u32 type;
|
||||||
int ret;
|
int ret;
|
||||||
u32 size_tagged = black_key_max_len;
|
u32 size_tagged = black_max_len;
|
||||||
|
|
||||||
if (!info)
|
if (!info)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
type = info->type;
|
type = info->type;
|
||||||
|
|
||||||
/* Prepare the tag */
|
/* Prepare and set the tag */
|
||||||
init_tag_object_header(&tag, 0, type, info->black_key_len);
|
if (blob) {
|
||||||
|
init_tag_object_header(&tag, 0, type, info->key_len,
|
||||||
/* Set the tag */
|
info->blob_len);
|
||||||
ret = set_tag_object_header_conf(&tag, info->black_key,
|
ret = set_tag_object_header_conf(&tag, info->blob,
|
||||||
info->black_key_len, &size_tagged);
|
info->blob_len,
|
||||||
|
&size_tagged);
|
||||||
|
} else {
|
||||||
|
init_tag_object_header(&tag, 0, type, info->key_len,
|
||||||
|
info->black_key_len);
|
||||||
|
ret = set_tag_object_header_conf(&tag, info->black_key,
|
||||||
|
info->black_key_len,
|
||||||
|
&size_tagged);
|
||||||
|
}
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
/* Update the size of the black key tagged */
|
/* Update the size of the black key tagged */
|
||||||
info->black_key_len = size_tagged;
|
if (blob)
|
||||||
|
info->blob_len = size_tagged;
|
||||||
|
else
|
||||||
|
info->black_key_len = size_tagged;
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* send_err_msg - Send the error message from kernel to user-space
|
* send_err_msg - Send the error message from kernel to user-space
|
||||||
*
|
*
|
||||||
|
@ -326,16 +338,18 @@ static int keygen_create_keyblob(struct keyblob_info *info)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Tag the black key so it can be passed to CAAM Crypto API */
|
/* Tag the black key so it can be passed to CAAM Crypto API */
|
||||||
ret = tag_black_key(info, sizeof(info->black_key));
|
ret = tag_black_obj(info, sizeof(info->black_key), false);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
dev_err(jrdev, "Black key tagging failed: %d\n", ret);
|
dev_err(jrdev, "Black key tagging failed: %d\n", ret);
|
||||||
goto free_jr;
|
goto free_jr;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Add the object type as a header to the blob */
|
/* Tag the black blob so it can be passed to CAAM Crypto API */
|
||||||
memcpy(info->blob, &info->type, BLOB_HEADER_SIZE);
|
ret = tag_black_obj(info, sizeof(info->blob), true);
|
||||||
/* Update blob length with the new added header */
|
if (ret) {
|
||||||
info->blob_len += BLOB_HEADER_SIZE;
|
dev_err(jrdev, "Black blob tagging failed: %d\n", ret);
|
||||||
|
goto free_jr;
|
||||||
|
}
|
||||||
|
|
||||||
free_jr:
|
free_jr:
|
||||||
caam_jr_free(jrdev);
|
caam_jr_free(jrdev);
|
||||||
|
@ -355,6 +369,8 @@ static int keygen_import_key(struct keyblob_info *info)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
struct device *jrdev;
|
struct device *jrdev;
|
||||||
|
struct header_conf *header;
|
||||||
|
struct tagged_object *tag_obj;
|
||||||
|
|
||||||
/* Allocate CAAM Job Ring for operation to be performed from CAAM */
|
/* Allocate CAAM Job Ring for operation to be performed from CAAM */
|
||||||
jrdev = caam_jr_alloc();
|
jrdev = caam_jr_alloc();
|
||||||
|
@ -371,11 +387,53 @@ static int keygen_import_key(struct keyblob_info *info)
|
||||||
DUMP_PREFIX_ADDRESS, 16, 4, info->blob,
|
DUMP_PREFIX_ADDRESS, 16, 4, info->blob,
|
||||||
info->blob_len, 1);
|
info->blob_len, 1);
|
||||||
|
|
||||||
/* Get object type from blob header */
|
/* Check if one can retrieve the tag object header configuration */
|
||||||
memcpy(&info->type, info->blob, BLOB_HEADER_SIZE);
|
if (info->blob_len <= TAG_OVERHEAD_SIZE) {
|
||||||
|
dev_err(jrdev, "Invalid blob length\n");
|
||||||
|
ret = -EINVAL;
|
||||||
|
goto free_jr;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Retrieve the tag object */
|
||||||
|
tag_obj = (struct tagged_object *)info->blob;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Check tag object header configuration
|
||||||
|
* and retrieve the tag object header configuration
|
||||||
|
*/
|
||||||
|
if (is_valid_header_conf(&tag_obj->header)) {
|
||||||
|
header = &tag_obj->header;
|
||||||
|
} else {
|
||||||
|
dev_err(jrdev,
|
||||||
|
"Unable to get tag object header configuration for blob\n");
|
||||||
|
ret = -EINVAL;
|
||||||
|
goto free_jr;
|
||||||
|
}
|
||||||
|
|
||||||
|
info->key_len = header->red_key_len;
|
||||||
|
|
||||||
|
/* Validate the red key size extracted from blob */
|
||||||
|
if (info->key_len < MIN_KEY_SIZE || info->key_len > MAX_KEY_SIZE) {
|
||||||
|
dev_err(jrdev,
|
||||||
|
"Invalid red key length extracted from blob, expected values are between 16 and 64 bytes\n");
|
||||||
|
ret = -EINVAL;
|
||||||
|
goto free_jr;
|
||||||
|
}
|
||||||
|
|
||||||
|
info->type = header->type;
|
||||||
|
|
||||||
/* Update blob length by removing the header size */
|
/* Update blob length by removing the header size */
|
||||||
info->blob_len -= BLOB_HEADER_SIZE;
|
info->blob_len -= TAG_OVERHEAD_SIZE;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Check the received, from user, blob length
|
||||||
|
* with the one from tag header
|
||||||
|
*/
|
||||||
|
if (info->blob_len != header->obj_len) {
|
||||||
|
dev_err(jrdev, "Mismatch between received blob length and the one from tag header\n");
|
||||||
|
ret = -EINVAL;
|
||||||
|
goto free_jr;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Decapsulate the blob into a black key,
|
* Decapsulate the blob into a black key,
|
||||||
|
@ -388,7 +446,7 @@ static int keygen_import_key(struct keyblob_info *info)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Tag the black key so it can be passed to CAAM Crypto API */
|
/* Tag the black key so it can be passed to CAAM Crypto API */
|
||||||
ret = tag_black_key(info, sizeof(info->black_key));
|
ret = tag_black_obj(info, sizeof(info->black_key), false);
|
||||||
if (ret)
|
if (ret)
|
||||||
dev_err(jrdev, "Black key tagging failed: %d\n", ret);
|
dev_err(jrdev, "Black key tagging failed: %d\n", ret);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue