123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349 |
- /* wolfcaam_qnx.h
- *
- * Copyright (C) 2006-2020 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #if defined(WOLFSSL_QNX_CAAM)
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- #include <fcntl.h>
- #include <sys/ioctl.h>
- #include <devctl.h>
- /* for devctl use */
- int caamFd = -1;
- wolfSSL_Mutex caamMutex;
- /* return 0 on success */
- int wc_CAAMInitInterface()
- {
- if (wc_InitMutex(&caamMutex) != 0) {
- WOLFSSL_MSG("Could not init mutex");
- return -1;
- }
- caamFd = open("/dev/wolfCrypt", O_RDWR);
- if (caamFd < 0) {
- WOLFSSL_MSG("Could not open /dev/wolfCrypt");
- return -1;
- }
- return 0;
- }
- void wc_CAAMFreeInterface()
- {
- wc_FreeMutex(&caamMutex);
- if (caamFd >= 0)
- close(caamFd);
- }
- #define WC_TRNG_CMD __DIOTF(_DCMD_ALL, CAAM_ENTROPY, iov_t)
- #define WC_CAAM_GET_PART __DIOTF(_DCMD_ALL, CAAM_GET_PART, iov_t)
- #define WC_CAAM_FREE_PART __DIOT(_DCMD_ALL, CAAM_FREE_PART, iov_t)
- #define WC_CAAM_FIND_PART __DIOTF(_DCMD_ALL, CAAM_FIND_PART, iov_t)
- #define WC_CAAM_READ_PART __DIOTF(_DCMD_ALL, CAAM_READ_PART, iov_t)
- #define WC_CAAM_WRITE_PART __DIOT(_DCMD_ALL, CAAM_WRITE_PART, iov_t)
- #define WC_CAAM_ECDSA_KEYPAIR __DIOTF(_DCMD_ALL, CAAM_ECDSA_KEYPAIR, iov_t)
- #define WC_CAAM_ECDSA_VERIFY __DIOT(_DCMD_ALL, CAAM_ECDSA_VERIFY, iov_t)
- #define WC_CAAM_ECDSA_SIGN __DIOTF(_DCMD_ALL, CAAM_ECDSA_SIGN, iov_t)
- #define WC_CAAM_ECDSA_ECDH __DIOTF(_DCMD_ALL, CAAM_ECDSA_ECDH, iov_t)
- #define WC_CAAM_BLOB_ENCAP __DIOTF(_DCMD_ALL, CAAM_BLOB_ENCAP, iov_t)
- #define WC_CAAM_BLOB_DECAP __DIOTF(_DCMD_ALL, CAAM_BLOB_DECAP, iov_t)
- #define WC_CAAM_CMAC __DIOTF(_DCMD_ALL, CAAM_CMAC, iov_t)
- #define WC_CAAM_FIFO_S __DIOTF(_DCMD_ALL, CAAM_FIFO_S, iov_t)
- #define MAX_IN_IOVS 5
- #define MAX_OUT_IOVS 3
- /* Do a synchronous operations and block till done
- * returns 0 on success */
- int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf,
- int sz)
- {
- int ret, inIdx = 0, outIdx = 0;
- int cmd = 0;
- iov_t in[MAX_IN_IOVS], out[MAX_OUT_IOVS];
- CAAM_ADDRESS pubkey, privkey;
- if (args != NULL) {
- SETIOV(&in[inIdx], args, sizeof(unsigned int) * 4);
- inIdx = inIdx + 1;
- }
- else {
- unsigned int localArgs[4] = {0};
- SETIOV(&in[inIdx], localArgs, sizeof(unsigned int) * 4);
- inIdx = inIdx + 1;
- }
- switch (type) {
- case CAAM_ENTROPY:
- SETIOV(&out[outIdx], (buf->TheAddress), (buf->Length));
- outIdx = outIdx + 1;
- cmd = WC_TRNG_CMD;
- break;
- case CAAM_GET_PART:
- SETIOV(&out[outIdx], (buf->TheAddress), (buf->Length));
- outIdx = outIdx + 1;
- cmd = WC_CAAM_GET_PART;
- break;
- case CAAM_FREE_PART:
- cmd = WC_CAAM_FREE_PART;
- break;
- case CAAM_FIND_PART:
- SETIOV(&out[outIdx], (buf->TheAddress), (buf->Length));
- outIdx = outIdx + 1;
- cmd = WC_CAAM_FIND_PART;
- break;
- case CAAM_READ_PART:
- SETIOV(&out[outIdx], (buf->TheAddress), (buf->Length));
- outIdx = outIdx + 1;
- cmd = WC_CAAM_READ_PART;
- break;
- case CAAM_WRITE_PART:
- SETIOV(&in[inIdx], (buf->TheAddress), (buf->Length));
- inIdx = inIdx + 1;
- cmd = WC_CAAM_WRITE_PART;
- break;
- case CAAM_ECDSA_KEYPAIR:
- /* set input to get lengths */
- SETIOV(&in[inIdx], &buf[0], sizeof(CAAM_BUFFER));
- inIdx = inIdx + 1;
- SETIOV(&in[inIdx], &buf[1], sizeof(CAAM_BUFFER));
- inIdx = inIdx + 1;
- /* set output to store directly to CAAM_BUFFER's */
- SETIOV(&out[outIdx], &buf[0], sizeof(CAAM_BUFFER));
- outIdx = outIdx + 1;
- SETIOV(&out[outIdx], &buf[1], sizeof(CAAM_BUFFER));
- outIdx = outIdx + 1;
- /* get args for updated partition number used */
- SETIOV(&out[outIdx], args, sizeof(unsigned int) * 4);
- outIdx = outIdx + 1;
- cmd = WC_CAAM_ECDSA_KEYPAIR;
- break;
- case CAAM_ECDSA_VERIFY:
- /* public key */
- if (args[0] == 1) {
- pubkey = buf[0].TheAddress;
- SETIOV(&in[inIdx], &pubkey, sizeof(CAAM_ADDRESS));
- inIdx = inIdx + 1;
- }
- else {
- SETIOV(&in[inIdx], buf[0].TheAddress, buf[0].Length);
- inIdx = inIdx + 1;
- }
- /* msg */
- SETIOV(&in[inIdx], buf[1].TheAddress, buf[1].Length);
- inIdx = inIdx + 1;
- /* r */
- SETIOV(&in[inIdx], buf[2].TheAddress, buf[2].Length);
- inIdx = inIdx + 1;
- /* s */
- SETIOV(&in[inIdx], buf[3].TheAddress, buf[3].Length);
- inIdx = inIdx + 1;
- cmd = WC_CAAM_ECDSA_VERIFY;
- break;
- case CAAM_ECDSA_SIGN:
- /* private key */
- if (args[0] == 1) {
- privkey = buf[0].TheAddress;
- SETIOV(&in[inIdx], &privkey, sizeof(CAAM_ADDRESS));
- inIdx = inIdx + 1;
- }
- else {
- SETIOV(&in[inIdx], buf[0].TheAddress, buf[0].Length);
- inIdx = inIdx + 1;
- }
- /* msg */
- SETIOV(&in[inIdx], buf[1].TheAddress, buf[1].Length);
- inIdx = inIdx + 1;
- /* r out */
- SETIOV(&out[outIdx], buf[2].TheAddress, buf[2].Length);
- outIdx = outIdx + 1;
- /* s out */
- SETIOV(&out[outIdx], buf[3].TheAddress, buf[3].Length);
- outIdx = outIdx + 1;
- cmd = WC_CAAM_ECDSA_SIGN;
- break;
- case CAAM_ECDSA_ECDH:
- /* when using memory in secure partition just send the address */
- if (args[1] == 1) {
- pubkey = buf[0].TheAddress;
- SETIOV(&in[inIdx], &pubkey, sizeof(CAAM_ADDRESS));
- inIdx = inIdx + 1;
- }
- else {
- SETIOV(&in[inIdx], buf[0].TheAddress, buf[0].Length);
- inIdx = inIdx + 1;
- }
- /* private key */
- if (args[0] == 1) {
- privkey = buf[1].TheAddress;
- SETIOV(&in[inIdx], &privkey, sizeof(CAAM_ADDRESS));
- inIdx = inIdx + 1;
- }
- else {
- SETIOV(&in[inIdx], buf[1].TheAddress, buf[1].Length);
- inIdx = inIdx + 1;
- }
- /* shared secret */
- SETIOV(&out[outIdx], buf[2].TheAddress, buf[2].Length);
- outIdx = outIdx + 1;
- cmd = WC_CAAM_ECDSA_ECDH;
- break;
- case CAAM_BLOB_ENCAP:
- SETIOV(&in[inIdx], buf[0].TheAddress, buf[0].Length);
- inIdx = inIdx + 1;
- if (args[0] == 1) {
- SETIOV(&in[inIdx], buf[1].TheAddress, buf[1].Length + WC_CAAM_MAC_SZ);
- inIdx = inIdx + 1;
- }
- else {
- SETIOV(&in[inIdx], buf[1].TheAddress, buf[1].Length);
- inIdx = inIdx + 1;
- }
- SETIOV(&out[outIdx], buf[2].TheAddress, buf[2].Length);
- outIdx = outIdx + 1;
- cmd = WC_CAAM_BLOB_ENCAP;
- break;
- case CAAM_BLOB_DECAP:
- SETIOV(&in[inIdx], buf[0].TheAddress, buf[0].Length);
- inIdx = inIdx + 1;
- SETIOV(&in[inIdx], buf[1].TheAddress, buf[1].Length);
- inIdx = inIdx + 1;
- if (args[0] == 1) {
- SETIOV(&out[outIdx], buf[2].TheAddress,
- buf[2].Length + WC_CAAM_MAC_SZ);
- outIdx = outIdx + 1;
- }
- else {
- SETIOV(&out[outIdx], buf[2].TheAddress, buf[2].Length);
- outIdx = outIdx + 1;
- }
- cmd = WC_CAAM_BLOB_DECAP;
- break;
- case CAAM_CMAC:
- {
- int i;
- if (args[2] == 1) {
- SETIOV(&in[inIdx], buf[0].TheAddress, buf[0].Length + 16);
- inIdx = inIdx + 1;
- }
- else {
- SETIOV(&in[inIdx], buf[0].TheAddress, buf[0].Length);
- inIdx = inIdx + 1;
- }
- SETIOV(&in[inIdx], buf[1].TheAddress, buf[1].Length);
- inIdx = inIdx + 1;
- /* get input buffers */
- args[3] = 0;
- for (i = 2; i < sz && i < MAX_IN_IOVS; i++) {
- SETIOV(&in[inIdx], buf[i].TheAddress, buf[i].Length);
- inIdx = inIdx + 1;
- args[3] += buf[i].Length;
- }
- SETIOV(&out[outIdx], buf[1].TheAddress, buf[1].Length);
- outIdx = outIdx + 1;
- }
- cmd = WC_CAAM_CMAC;
- break;
- case CAAM_FIFO_S:
- SETIOV(&in[inIdx], buf[0].TheAddress, buf[0].Length);
- inIdx = inIdx + 1;
- SETIOV(&out[outIdx], buf[1].TheAddress, buf[1].Length + WC_CAAM_MAC_SZ);
- outIdx = outIdx + 1;
- cmd = WC_CAAM_FIFO_S;
- break;
- default:
- WOLFSSL_MSG("Unknown/unsupported type");
- return -1;
- }
- wc_LockMutex(&caamMutex);
- ret = devctlv(caamFd, cmd, inIdx, outIdx, in, out, NULL);
- wc_UnLockMutex(&caamMutex);
- if (ret != 0) {
- if (ret == EFAULT) {
- WOLFSSL_MSG("bad address on one of the in/out buffers");
- return -1;
- }
- if (ret == EAGAIN && type == CAAM_ENTROPY) {
- return CAAM_WAITING;
- }
- return -1;
- }
- return Success;
- }
- #endif
|