123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605 |
- /*
- * Copyright (C) 2006-2020 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #if defined(WOLFSSL_IMX6_CAAM) || defined(WOLFSSL_IMX6_CAAM_RNG) || \
- defined(WOLFSSL_IMX6UL_CAAM) || defined(WOLFSSL_IMX6_CAAM_BLOB)
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- #define WC_CAAM_BLOB_SZ 48
- /* determine which porting header to include */
- #if defined(__INTEGRITY) || defined(INTEGRITY)
- #ifndef WC_CAAM_PASSWORD
- #define WC_CAAM_PASSWORD "!systempassword"
- #endif
- #include <INTEGRITY.h>
- static IODevice caam = NULLIODevice;
- #define CAAM_SEND_REQUEST(type, sz, arg, buf) \
- SynchronousSendIORequest(caam, (type), (const Value*)(arg), (buf))
- #endif
- #if defined(__INTEGRITY) || defined(INTEGRITY)
- /* Allow runtime setting for CAAM IODevice in case user wants to use password
- * at run time.
- *
- * returns 0 on success
- *
- * NOTE this is how IODevice is defined in INTEGRITY "typedef struct
- * IODeviceStruct *IODevice;"
- */
- int wc_caamSetResource(IODevice ioDev)
- {
- WOLFSSL_MSG("Setting CAAM driver");
- caam = ioDev;
- return 0;
- }
- #endif
- /* used to route crypto operations through crypto callback */
- static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
- {
- int ret = CRYPTOCB_UNAVAILABLE;
- (void)ctx;
- (void)devId;
- switch (info->algo_type) {
- case WC_ALGO_TYPE_PK:
- switch (info->pk.type) {
- case WC_PK_TYPE_ECDSA_SIGN:
- ret = wc_CAAM_EccSign(info->pk.eccsign.in,
- info->pk.eccsign.inlen, info->pk.eccsign.out,
- info->pk.eccsign.outlen, info->pk.eccsign.rng,
- info->pk.eccsign.key);
- break;
- case WC_PK_TYPE_ECDSA_VERIFY:
- ret = wc_CAAM_EccVerify(info->pk.eccverify.sig,
- info->pk.eccverify.siglen, info->pk.eccverify.hash,
- info->pk.eccverify.hashlen, info->pk.eccverify.res,
- info->pk.eccverify.key);
- break;
- case WC_PK_TYPE_EC_KEYGEN:
- ret = wc_CAAM_MakeEccKey(info->pk.eckg.rng,
- info->pk.eckg.size, info->pk.eckg.key,
- info->pk.eckg.curveId);
- break;
- case WC_PK_TYPE_ECDH:
- ret = wc_CAAM_Ecdh(info->pk.ecdh.private_key,
- info->pk.ecdh.public_key, info->pk.ecdh.out,
- info->pk.ecdh.outlen);
- break;
- case WC_PK_TYPE_EC_CHECK_PRIV_KEY:
- ret = wc_CAAM_EccCheckPrivKey(info->pk.ecc_check.key,
- info->pk.ecc_check.pubKey,
- info->pk.ecc_check.pubKeySz);
- break;
- default:
- WOLFSSL_MSG("unsupported public key operation");
- }
- break;
- case WC_ALGO_TYPE_CMAC:
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && \
- defined(WOLFSSL_AES_DIRECT)
- ret = wc_CAAM_Cmac(info->cmac.cmac, info->cmac.key,
- info->cmac.keySz, info->cmac.in, info->cmac.inSz,
- info->cmac.out, info->cmac.outSz, info->cmac.type,
- info->cmac.ctx);
- #else
- WOLFSSL_MSG("CMAC not compiled in");
- ret = NOT_COMPILED_IN;
- #endif
- break;
- case WC_ALGO_TYPE_NONE:
- case WC_ALGO_TYPE_HASH:
- case WC_ALGO_TYPE_CIPHER:
- case WC_ALGO_TYPE_RNG:
- case WC_ALGO_TYPE_SEED:
- case WC_ALGO_TYPE_HMAC:
- default:
- WOLFSSL_MSG("Not implemented yet with CAAM");
- }
- return ret;
- }
- /* Check hardware support
- *
- * returns 0 on success
- */
- int wc_caamInit(void)
- {
- int ret;
- WOLFSSL_MSG("Starting interface with CAAM driver");
- if (CAAM_INIT_INTERFACE() != 0) {
- WOLFSSL_MSG("Error initializing CAAM");
- return -1;
- }
- #if 0
- /* check that for implemented modules
- * bits 0-3 AES, 4-7 DES, 12-15 Hashing , 16-19 RNG, 28-31 public key module */
- reg = WC_CAAM_READ(CAMM_SUPPORT_LS);
- #ifndef WC_NO_RNG
- if (((reg & 0x000F0000) >> 16) > 0) {
- WOLFSSL_MSG("Found CAAM RNG hardware module");
- if ((WC_CAAM_READ(CAAM_RTMCTL) & 0x40000001) != 0x40000001) {
- WOLFSSL_MSG("Error CAAM RNG has not been set up");
- }
- }
- #endif
- #ifndef NO_SHA256
- if ((reg & 0x0000F000) > 0) {
- WOLFSSL_MSG("Found CAAM MDHA module");
- }
- else {
- WOLFSSL_MSG("Hashing not supported by CAAM");
- return WC_HW_E;
- }
- #endif
- #ifndef NO_AES
- if ((reg & 0x0000000F) > 0) {
- WOLFSSL_MSG("Found CAAM AES module");
- }
- else {
- WOLFSSL_MSG("AES not supported by CAAM");
- return WC_HW_E;
- }
- #endif
- #ifdef HAVE_ECC
- if ((reg & 0xF0000000) > 0) {
- WOLFSSL_MSG("Found CAAM Public Key module");
- }
- else {
- WOLFSSL_MSG("Public Key not supported by CAAM");
- }
- #endif
- #endif
- (void)ret;
- ret = wc_CryptoDev_RegisterDevice(WOLFSSL_CAAM_DEVID, wc_CAAM_router, NULL);
- return 0;
- }
- /* free up all resources used for CAAM */
- int wc_caamFree(void)
- {
- CAAM_FREE_INTERFACE();
- return 0;
- }
- #ifndef WOLFSSL_QNX_CAAM
- word32 wc_caamReadRegister(word32 reg)
- {
- word32 out = 0;
- if (caam == NULLIODevice) {
- WOLFSSL_MSG("Error CAAM IODevice not found! Bad password?");
- return 0;
- }
- if (ReadIODeviceRegister(caam, reg, &out) != Success) {
- WOLFSSL_MSG("Error reading register\n");
- }
- return (word32)out;
- }
- void wc_caamWriteRegister(word32 reg, word32 value)
- {
- if (caam == NULLIODevice) {
- WOLFSSL_MSG("Error CAAM IODevice not found! Bad password?");
- return;
- }
- if (WriteIODeviceRegister(caam, reg, value) != Success) {
- WOLFSSL_MSG("Error writing to register\n");
- }
- }
- #endif
- /* return 0 on success and WC_HW_E on failure. Can also return WC_HW_WAIT_E
- * in the case that the driver is waiting for a resource or RAN_BLOCK_E if
- * waiting for entropy. */
- int wc_caamAddAndWait(CAAM_BUFFER* buf, int sz, word32 arg[4], word32 type)
- {
- int ret;
- #ifdef DEBUG_WOLFSSL
- static int wait = 0;
- #endif
- #ifndef WOLFSSL_QNX_CAAM
- if (caam == NULLIODevice) {
- WOLFSSL_MSG("Error CAAM IODevice not found! Bad password?");
- return WC_HW_E;
- }
- #endif
- if ((ret = CAAM_SEND_REQUEST(type, sz, arg, buf)) != Success) {
- /* if waiting for resource or RNG return waiting */
- if (ret == CAAM_WAITING) {
- #ifdef DEBUG_WOLFSSL
- if (wait == 0) {
- wait = 1;
- WOLFSSL_MSG("Waiting on entropy from driver");
- }
- fprintf(stderr, ".");
- #endif
- return RAN_BLOCK_E;
- }
- if (ret == ResourceNotAvailable) {
- WOLFSSL_MSG("Waiting on CAAM driver");
- return WC_HW_WAIT_E;
- }
- return WC_HW_E;
- }
- #ifdef DEBUG_WOLFSSL
- if (wait) {
- wait = 0;
- fprintf(stderr, "\n");
- }
- #endif
- (void)ret;
- return 0;
- }
- /* Create a red or black blob
- *
- * mod : key modifier, expected 8 bytes for RED key types and 16 for BLACK
- * if 'mod' is null than 0's are used
- *
- * returns 0 on success
- */
- int wc_caamCreateBlob_ex(byte* data, word32 dataSz, byte* out, word32* outSz,
- int type, byte* mod, word32 modSz)
- {
- CAAM_BUFFER in[3];
- word32 arg[4];
- int ret;
- byte local[16] = {0};
- byte* keyMod;
- int keyModSz;
- keyMod = mod;
- XMEMSET(local, 0, sizeof(local));
- if (data == NULL || out == NULL || outSz == NULL ||
- *outSz < dataSz + WC_CAAM_BLOB_SZ) {
- return BAD_FUNC_ARG;
- }
- if (type == WC_CAAM_BLOB_RED) {
- arg[0] = 0;
- if (mod != NULL) {
- if (modSz != 8) {
- WOLFSSL_MSG("bad key mod red size");
- return BAD_FUNC_ARG;
- }
- }
- keyModSz = 8;
- }
- else if (type == WC_CAAM_BLOB_BLACK) {
- arg[0] = 1;
- if (mod != NULL) {
- if (modSz != 16) {
- WOLFSSL_MSG("bad key mod black size");
- return BAD_FUNC_ARG;
- }
- }
- keyModSz = 16;
- }
- else {
- WOLFSSL_MSG("unknown blob type!");
- return BAD_FUNC_ARG;
- }
- if (mod == NULL) {
- WOLFSSL_MSG("using local all 0's key modifier");
- keyMod = local;
- }
- in[0].BufferType = DataBuffer;
- in[0].TheAddress = (CAAM_ADDRESS)keyMod;
- in[0].Length = keyModSz;
- in[1].BufferType = DataBuffer;
- in[1].TheAddress = (CAAM_ADDRESS)data;
- in[1].Length = dataSz;
- in[2].BufferType = DataBuffer | LastBuffer;
- in[2].TheAddress = (CAAM_ADDRESS)out;
- in[2].Length = dataSz + WC_CAAM_BLOB_SZ;
- arg[2] = dataSz;
- arg[3] = keyModSz;
- if ((ret = wc_caamAddAndWait(in, 3, arg, CAAM_BLOB_ENCAP)) != 0) {
- WOLFSSL_MSG("Error with CAAM blob create");
- return ret;
- }
- *outSz = dataSz + WC_CAAM_BLOB_SZ;
- return 0;
- }
- /* create a red key blob
- * returns 0 on success */
- int wc_caamCreateBlob(byte* data, word32 dataSz, byte* out, word32* outSz)
- {
- return wc_caamCreateBlob_ex(data, dataSz, out, outSz, WC_CAAM_BLOB_RED,
- NULL, 0);
- }
- /* uncover black or red keys
- * returns 0 on success */
- int wc_caamOpenBlob_ex(byte* data, word32 dataSz, byte* out, word32* outSz,
- int type, byte* mod, word32 modSz)
- {
- CAAM_BUFFER in[3];
- word32 arg[4];
- int ret;
- byte local[16];
- byte* keyMod;
- int keyModSz;
- keyMod = mod;
- XMEMSET(local, 0, sizeof(local));
- if (data == NULL || out == NULL || outSz == NULL ||
- *outSz < dataSz - WC_CAAM_BLOB_SZ) {
- WOLFSSL_MSG("NULL argument or outSz is too small");
- return BAD_FUNC_ARG;
- }
- if (type == WC_CAAM_BLOB_RED) {
- arg[0] = 0;
- if (mod != NULL) {
- if (modSz != 8) {
- WOLFSSL_MSG("bad key mod red size");
- return BAD_FUNC_ARG;
- }
- }
- keyModSz = 8;
- }
- else if (type == WC_CAAM_BLOB_BLACK) {
- arg[0] = 1;
- if (mod != NULL) {
- if (modSz != 16) {
- WOLFSSL_MSG("bad key mod black size");
- return BAD_FUNC_ARG;
- }
- }
- keyModSz = 16;
- }
- else {
- WOLFSSL_MSG("unknown blob type!");
- return BAD_FUNC_ARG;
- }
- if (mod == NULL) {
- WOLFSSL_MSG("using local all 0's key modifier");
- keyMod = local;
- }
- in[0].BufferType = DataBuffer;
- in[0].TheAddress = (CAAM_ADDRESS)keyMod;
- in[0].Length = keyModSz;
- in[1].BufferType = DataBuffer;
- in[1].TheAddress = (CAAM_ADDRESS)data;
- in[1].Length = dataSz;
- in[2].BufferType = DataBuffer | LastBuffer;
- in[2].TheAddress = (CAAM_ADDRESS)out;
- in[2].Length = dataSz - WC_CAAM_BLOB_SZ;
- arg[2] = dataSz;
- arg[3] = keyModSz;
- if ((ret = wc_caamAddAndWait(in, 3, arg, CAAM_BLOB_DECAP)) != 0) {
- WOLFSSL_MSG("Error with CAAM blob open");
- return ret;
- }
- *outSz = dataSz - WC_CAAM_BLOB_SZ;
- return 0;
- }
- /* open a red blob
- * returns 0 on success */
- int wc_caamOpenBlob(byte* data, word32 dataSz, byte* out, word32* outSz)
- {
- return wc_caamOpenBlob_ex(data, dataSz, out, outSz, WC_CAAM_BLOB_RED,
- NULL, 0);
- }
- /* outSz gets set to key size plus 16 for mac and padding
- * return 0 on success
- */
- int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, int flag)
- {
- CAAM_BUFFER buf[2];
- word32 arg[4];
- int ret;
- (void)flag;
- if (*outSz < inSz + WC_CAAM_MAC_SZ) {
- return BUFFER_E;
- }
- buf[0].BufferType = DataBuffer;
- buf[0].TheAddress = (CAAM_ADDRESS)in;
- buf[0].Length = inSz;
- buf[1].BufferType = DataBuffer;
- buf[1].TheAddress = (CAAM_ADDRESS)out;
- buf[1].Length = inSz;
- arg[0] = 0x00140000; /* AES-CCM */
- arg[1] = inSz;
- if ((ret = wc_caamAddAndWait(buf, 2, arg, CAAM_FIFO_S)) != 0) {
- WOLFSSL_MSG("Error with CAAM blob create");
- return ret;
- }
- *outSz = inSz + WC_CAAM_MAC_SZ;
- return 0;
- }
- int caamFindUnusuedPartition()
- {
- CAAM_BUFFER buf[1];
- word32 arg[4];
- int ret = 0;
- buf[0].BufferType = DataBuffer;
- buf[0].TheAddress = (CAAM_ADDRESS)&ret;
- buf[0].Length = sizeof(int);
- if ((wc_caamAddAndWait(buf, 1, arg, CAAM_FIND_PART)) != 0) {
- WOLFSSL_MSG("Error finding a partition to use");
- return -1;
- }
- return ret;
- }
- CAAM_ADDRESS caamGetPartition(int part, int sz)
- {
- CAAM_BUFFER buf[1];
- word32 arg[4];
- CAAM_ADDRESS ret = 0;
- buf[0].BufferType = DataBuffer;
- buf[0].TheAddress = (CAAM_ADDRESS)(&ret);
- buf[0].Length = sizeof(int);
- arg[0] = part;
- arg[1] = sz;
- if ((wc_caamAddAndWait(buf, 1, arg, CAAM_GET_PART)) != 0) {
- WOLFSSL_MSG("Error getting a partition");
- return -1;
- }
- return ret;
- }
- /* Internal function to free a secure partition
- * return 0 on success */
- int caamFreePart(int partNum)
- {
- word32 arg[4];
- arg[0] = partNum;
- if ((wc_caamAddAndWait(NULL, 0, arg, CAAM_FREE_PART)) != 0) {
- WOLFSSL_MSG("Error freeing a partition");
- return -1;
- }
- return 0;
- }
- /* Internal function to help write to a secure partition
- * return 0 on success */
- int caamWriteToPartition(CAAM_ADDRESS addr, const unsigned char* in, int inSz)
- {
- CAAM_BUFFER buf[1];
- word32 arg[4];
- buf[0].BufferType = DataBuffer;
- buf[0].TheAddress = (CAAM_ADDRESS)in;
- buf[0].Length = inSz;
- arg[0] = addr;
- arg[1] = inSz;
- if ((wc_caamAddAndWait(buf, 1, arg, CAAM_WRITE_PART)) != 0) {
- WOLFSSL_MSG("Error writing to a partition");
- return -1;
- }
- return 0;
- }
- /* Internal function to help read from a secure partition
- * return 0 on success */
- int caamReadPartition(CAAM_ADDRESS addr, unsigned char* out, int outSz)
- {
- CAAM_BUFFER buf[1];
- word32 arg[4];
- buf[0].BufferType = DataBuffer;
- buf[0].TheAddress = (CAAM_ADDRESS)out;
- buf[0].Length = outSz;
- arg[0] = addr;
- arg[1] = outSz;
- if ((wc_caamAddAndWait(buf, 1, arg, CAAM_READ_PART)) != 0) {
- WOLFSSL_MSG("Error reading a partition");
- return -1;
- }
- return 0;
- }
- #endif /* WOLFSSL_IMX6_CAAM */
|