diff options
| -rw-r--r-- | include/interface/hwcrypto/hwcrypto.h | 87 | ||||
| -rw-r--r-- | include/trusty/hwcrypto.h | 59 | ||||
| -rw-r--r-- | lib/trusty/ql-tipc/Makefile | 1 | ||||
| -rw-r--r-- | lib/trusty/ql-tipc/hwcrypto.c | 189 | ||||
| -rw-r--r-- | lib/trusty/ql-tipc/libtipc.c | 10 |
5 files changed, 346 insertions, 0 deletions
diff --git a/include/interface/hwcrypto/hwcrypto.h b/include/interface/hwcrypto/hwcrypto.h new file mode 100644 index 0000000000..116bfe079f --- /dev/null +++ b/include/interface/hwcrypto/hwcrypto.h @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * Copyright NXP 2018 + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + */ + +#ifndef TRUSTY_INTERFACE_HWCRYPTO_H_ +#define TRUSTY_INTERFACE_HWCRYPTO_H_ + +#include <trusty/sysdeps.h> + +#define HWCRYPTO_PORT "com.android.trusty.hwcrypto" +#define HWCRYPTO_MAX_BUFFER_LENGTH 2048 + +enum hwcrypto_command { + HWCRYPTO_REQ_SHIFT = 1, + HWCRYPTO_RESP_BIT = 1, + + HWCRYPTO_HASH = (1 << HWCRYPTO_REQ_SHIFT), +}; + +/** + * enum hwcrypto_error - error codes for HWCRYPTO protocol + * @HWCRYPTO_ERROR_NONE: All OK + * @HWCRYPTO_ERROR_INVALID: Invalid input + * @HWCRYPTO_ERROR_INTERNAL: Error occurred during an operation in Trusty + */ +enum hwcrypto_error { + HWCRYPTO_ERROR_NONE = 0, + HWCRYPTO_ERROR_INVALID = 1, + HWCRYPTO_ERROR_INTERNAL = 2, +}; + +enum hwcrypto_hash_algo { + SHA1 = 0, + SHA256 +}; +/** + * hwcrypto_message - Serial header for communicating with hwcrypto server + * @cmd: the command. Payload must be a serialized buffer of the + * corresponding request object. + * @result: resulting error code for message, one of hwcrypto_error. + * @payload: start of the serialized command specific payload + */ +struct hwcrypto_message { + uint32_t cmd; + uint32_t result; + uint8_t payload[0]; +}; + +/** + * hwcrypto_hash_msg - Serial header for communicating with hwcrypto server + * @in_addr: start address of the input buf. + * @in_len: size of the input buf. + * @out_addr: start addrss of the output buf. + * @out_len: size of the output buf. + * @algo: hash algorithm expect to use. + */ +typedef struct hwcrypto_hash_msg { + uint32_t in_addr; + uint32_t in_len; + uint32_t out_addr; + uint32_t out_len; + enum hwcrypto_hash_algo algo; +} hwcrypto_hash_msg; + +#endif /* TRUSTY_INTERFACE_HWCRYPTO_H_ */ diff --git a/include/trusty/hwcrypto.h b/include/trusty/hwcrypto.h new file mode 100644 index 0000000000..fd522dfd4a --- /dev/null +++ b/include/trusty/hwcrypto.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * Copyright NXP 2018 + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + */ + +#ifndef TRUSTY_HWCRYPTO_H_ +#define TRUSTY_HWCRYPTO_H_ + +#include <trusty/sysdeps.h> +#include <trusty/trusty_ipc.h> +#include <interface/hwcrypto/hwcrypto.h> + +/* + * Initialize HWCRYPTO TIPC client. Returns one of trusty_err. + * + * @dev: initialized with trusty_ipc_dev_create + */ +int hwcrypto_tipc_init(struct trusty_ipc_dev *dev); +/* + * Shutdown HWCRYPTO TIPC client. + * + * @dev: initialized with trusty_ipc_dev_create + */ +void hwcrypto_tipc_shutdown(struct trusty_ipc_dev *dev); +/* + * Send request to secure side to calculate sha256 hash with caam. + * Returns one of trusty_err. + * + * @in_addr: start address of the input buf + * @in_len: size of the input buf + * @out_addr: start address of the output buf + * @out_len: size of the output buf + * @algo: hash algorithm type expect to use + */ +int hwcrypto_hash(uint32_t in_addr, uint32_t in_len, uint32_t out_addr, + uint32_t out_len, enum hwcrypto_hash_algo algo); + +#endif /* TRUSTY_HWCRYPTO_H_ */ diff --git a/lib/trusty/ql-tipc/Makefile b/lib/trusty/ql-tipc/Makefile index df68cc625f..5ee616ba93 100644 --- a/lib/trusty/ql-tipc/Makefile +++ b/lib/trusty/ql-tipc/Makefile @@ -33,6 +33,7 @@ ccflags-y += -I$(TRUSTY_DIR)/interface/include QL_TIPC = . obj-y += \ $(QL_TIPC)/avb.o \ + $(QL_TIPC)/hwcrypto.o \ $(QL_TIPC)/keymaster.o \ $(QL_TIPC)/keymaster_serializable.o \ $(QL_TIPC)/ipc.o \ diff --git a/lib/trusty/ql-tipc/hwcrypto.c b/lib/trusty/ql-tipc/hwcrypto.c new file mode 100644 index 0000000000..1cefdc46fa --- /dev/null +++ b/lib/trusty/ql-tipc/hwcrypto.c @@ -0,0 +1,189 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * Copyright NXP 2018 + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include <trusty/hwcrypto.h> +#include <trusty/rpmb.h> +#include <trusty/trusty_ipc.h> +#include <trusty/util.h> +#include "common.h" + +#define LOCAL_LOG 0 + +static bool initialized; +static struct trusty_ipc_chan hwcrypto_chan; + +static int hwcrypto_send_request(struct hwcrypto_message *msg, void *req, size_t req_len) +{ + struct trusty_ipc_iovec req_iovs[2] = { + { .base = msg, .len = sizeof(*msg) }, + { .base = req, .len = req_len }, + }; + + return trusty_ipc_send(&hwcrypto_chan, req_iovs, req ? 2 : 1, true); +} + +static int hwcrypto_read_response(struct hwcrypto_message *msg, uint32_t cmd, void *resp, + size_t resp_len) +{ + int rc; + struct trusty_ipc_iovec resp_iovs[2] = { + { .base = msg, .len = sizeof(*msg) }, + { .base = resp, .len = resp_len }, + }; + + rc = trusty_ipc_recv(&hwcrypto_chan, resp_iovs, resp ? 2 : 1, true); + if (rc < 0) { + trusty_error("failed (%d) to recv response\n", rc); + return rc; + } + if (msg->cmd != (cmd | HWCRYPTO_RESP_BIT)) { + trusty_error("malformed response\n"); + return TRUSTY_ERR_GENERIC; + } + /* return payload size */ + return rc - sizeof(*msg); +} + +/* + * Convenience function to send a request to the hwcrypto service and read the + * response. + * + * @cmd: the command + * @req: the request buffer + * @req_size: size of the request buffer + * @resp: the response buffer + * @resp_size_p: pointer to the size of the response buffer. changed to the + actual size of the response read from the secure side + * @handle_rpmb: true if the request is expected to invoke RPMB callbacks + */ +static int hwcrypto_do_tipc(uint32_t cmd, void *req, uint32_t req_size, void *resp, + uint32_t *resp_size_p, bool handle_rpmb) +{ + int rc; + struct hwcrypto_message msg = { .cmd = cmd }; + + if (!initialized) { + trusty_error("%s: HWCRYPTO TIPC client not initialized\n", __func__); + return TRUSTY_ERR_GENERIC; + } + + rc = hwcrypto_send_request(&msg, req, req_size); + if (rc < 0) { + trusty_error("%s: failed (%d) to send hwcrypto request\n", __func__, rc); + return rc; + } + + if (handle_rpmb) { + /* handle any incoming RPMB requests */ + rc = rpmb_storage_proxy_poll(); + if (rc < 0) { + trusty_error("%s: failed (%d) to get RPMB requests\n", __func__, + rc); + return rc; + } + } + + uint32_t resp_size = resp_size_p ? *resp_size_p : 0; + rc = hwcrypto_read_response(&msg, cmd, resp, resp_size); + if (rc < 0) { + trusty_error("%s: failed (%d) to read HWCRYPTO response\n", __func__, rc); + return rc; + } + /* change response size to actual response size */ + if (resp_size_p && rc != *resp_size_p) { + *resp_size_p = rc; + } + if (msg.result != HWCRYPTO_ERROR_NONE) { + trusty_error("%s: HWCRYPTO service returned error (%d)\n", __func__, + msg.result); + return TRUSTY_ERR_GENERIC; + } + return TRUSTY_ERR_NONE; +} + +int hwcrypto_tipc_init(struct trusty_ipc_dev *dev) +{ + int rc; + + trusty_assert(dev); + trusty_assert(!initialized); + + trusty_ipc_chan_init(&hwcrypto_chan, dev); + trusty_debug("Connecting to hwcrypto service\n"); + + /* connect to hwcrypto service and wait for connect to complete */ + rc = trusty_ipc_connect(&hwcrypto_chan, HWCRYPTO_PORT, true); + if (rc < 0) { + trusty_error("failed (%d) to connect to '%s'\n", rc, HWCRYPTO_PORT); + return rc; + } + + /* mark as initialized */ + initialized = true; + + return TRUSTY_ERR_NONE; +} + +void hwcrypto_tipc_shutdown(struct trusty_ipc_dev *dev) +{ + if (!initialized) + return; /* nothing to do */ + + /* close channel */ + trusty_ipc_close(&hwcrypto_chan); + + initialized = false; +} + +int hwcrypto_hash(uint32_t in_addr, uint32_t in_len, uint32_t out_addr, + uint32_t out_len, enum hwcrypto_hash_algo algo) +{ + hwcrypto_hash_msg req; + unsigned long start, end; + + /* check the address */ + if (in_addr == 0 || out_addr == 0) + return TRUSTY_ERR_INVALID_ARGS; + /* fill the request buffer */ + req.in_addr = in_addr; + req.out_addr = out_addr; + req.in_len = in_len; + req.out_len = out_len; + req.algo = algo; + + /* flush dcache for input buffer */ + start = (unsigned long)in_addr & ~(ARCH_DMA_MINALIGN - 1); + end = ALIGN((unsigned long)in_addr + in_len, ARCH_DMA_MINALIGN); + flush_dcache_range(start, end); + + /* invalidate dcache for output buffer */ + start = (unsigned long)out_addr & ~(ARCH_DMA_MINALIGN - 1); + end = ALIGN((unsigned long)out_addr + out_len, ARCH_DMA_MINALIGN); + invalidate_dcache_range(start, end); + + int rc = hwcrypto_do_tipc(HWCRYPTO_HASH, (void*)&req, + sizeof(req), NULL, 0, false); + return rc; +} diff --git a/lib/trusty/ql-tipc/libtipc.c b/lib/trusty/ql-tipc/libtipc.c index 0affd4aac2..03e6906de4 100644 --- a/lib/trusty/ql-tipc/libtipc.c +++ b/lib/trusty/ql-tipc/libtipc.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2016 The Android Open Source Project + * Copyright NXP 2018 * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation @@ -23,6 +24,7 @@ */ #include <trusty/avb.h> +#include <trusty/hwcrypto.h> #include <trusty/keymaster.h> #include <trusty/rpmb.h> #include <trusty/trusty_dev.h> @@ -45,6 +47,7 @@ void trusty_ipc_shutdown(void) (void)avb_tipc_shutdown(_ipc_dev); (void)km_tipc_shutdown(_ipc_dev); + (void)hwcrypto_tipc_shutdown(_ipc_dev); /* shutdown Trusty IPC device */ (void)trusty_ipc_dev_shutdown(_ipc_dev); @@ -98,5 +101,12 @@ int trusty_ipc_init(void) return rc; } + trusty_info("Initializing Trusty Hardware Crypto client\n"); + rc = hwcrypto_tipc_init(_ipc_dev); + if (rc != 0) { + trusty_error("Initlializing Trusty Keymaster client failed (%d)\n", rc); + return rc; + } + return TRUSTY_ERR_NONE; } |