diff options
author | Jorge Ramirez-Ortiz <jorge@foundries.io> | 2020-09-24 18:23:38 +0200 |
---|---|---|
committer | Jérôme Forissier <jerome@forissier.org> | 2020-11-20 10:48:58 +0100 |
commit | 03889d5413d7cb1877b0a8a5dd924ae3522dc48d (patch) | |
tree | b7f5189d69a4303dbc2e65bbde1fbb035c8c0ad1 | |
parent | 60c2d1df47a1e32914fbe4c86ca20975a0b3338d (diff) |
drivers: se050: glue layer
The glue layer implements functionality required by the Plug And Trust
library from OP-TEE.
1) user crypto operations: these operations must run outside the SE050
in order to implement SCP03.
2) i2c operations: these operations provide access to the I2C bus to
communicate with the SE050.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
-rw-r--r-- | core/drivers/crypto/se050/glue/i2c.c | 88 | ||||
-rw-r--r-- | core/drivers/crypto/se050/glue/user.c | 95 | ||||
-rw-r--r-- | core/drivers/crypto/se050/sub.mk | 4 |
3 files changed, 185 insertions, 2 deletions
diff --git a/core/drivers/crypto/se050/glue/i2c.c b/core/drivers/crypto/se050/glue/i2c.c new file mode 100644 index 00000000..387b0465 --- /dev/null +++ b/core/drivers/crypto/se050/glue/i2c.c @@ -0,0 +1,88 @@ +// SPDX-License-Identifier: BSD-2-Clause +/* + * Copyright (C) Foundries Ltd. 2020 - All Rights Reserved + * Author: Jorge Ramirez <jorge@foundries.io> + */ + +#include <compiler.h> +#include <drivers/imx_i2c.h> +#include <glue.h> +#include <initcall.h> +#include <kernel/rpc_io_i2c.h> +#include <phNxpEsePal_i2c.h> + +static TEE_Result (*transfer)(struct rpc_i2c_request *req, size_t *bytes); + +static TEE_Result native_i2c_transfer(struct rpc_i2c_request *req, + size_t *bytes) +{ + TEE_Result ret = TEE_ERROR_GENERIC; + + if (req->mode == RPC_I2C_MODE_READ) + ret = imx_i2c_read(req->bus, req->chip, req->buffer, + req->buffer_len); + else + ret = imx_i2c_write(req->bus, req->chip, req->buffer, + req->buffer_len); + + if (!ret) + *bytes = req->buffer_len; + + return ret; +} + +static int i2c_transfer(uint8_t *buffer, int len, enum rpc_i2c_mode mode) +{ + struct rpc_i2c_request request = { + .bus = CFG_CORE_SE05X_I2C_BUS, + .chip = SMCOM_I2C_ADDRESS >> 1, + .mode = mode, + .buffer = buffer, + .buffer_len = len, + .flags = 0, + }; + size_t bytes = 0; + int retry = 5; + + do { + if ((*transfer)(&request, &bytes) == TEE_SUCCESS) + return bytes; + } while (--retry); + + return -1; +} + +int glue_i2c_read(uint8_t *buffer, int len) +{ + return i2c_transfer(buffer, len, RPC_I2C_MODE_READ); +} + +int glue_i2c_write(uint8_t *buffer, int len) +{ + return i2c_transfer(buffer, len, RPC_I2C_MODE_WRITE); +} + +int glue_i2c_init(void) +{ + if (transfer == &rpc_io_i2c_transfer) + return 0; + + transfer = &native_i2c_transfer; + + if (imx_i2c_init(CFG_CORE_SE05X_I2C_BUS, CFG_CORE_SE05X_BAUDRATE)) + return -1; + + if (imx_i2c_probe(CFG_CORE_SE05X_I2C_BUS, SMCOM_I2C_ADDRESS >> 1)) + return -1; + + return 0; +} + +static TEE_Result load_trampoline(void) +{ + transfer = &rpc_io_i2c_transfer; + + return TEE_SUCCESS; +} + +boot_final(load_trampoline); diff --git a/core/drivers/crypto/se050/glue/user.c b/core/drivers/crypto/se050/glue/user.c new file mode 100644 index 00000000..9c762de6 --- /dev/null +++ b/core/drivers/crypto/se050/glue/user.c @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: BSD-2-Clause +/* + * Copyright (C) Foundries Ltd. 2020 - All Rights Reserved + * Author: Jorge Ramirez <jorge@foundries.io> + */ +#include <compiler.h> +#include <config.h> +#include <crypto/crypto.h> +#include <fsl_sss_user_apis.h> +#include <glue.h> +#include <stdlib.h> + +sss_status_t glue_mac_context_init(void **mac, const uint8_t *key, size_t len) +{ + if (crypto_mac_alloc_ctx(mac, TEE_ALG_AES_CMAC)) + return kStatus_SSS_Fail; + + if (crypto_mac_init(*mac, key, len)) + return kStatus_SSS_Fail; + + return kStatus_SSS_Success; +} + +void glue_mac_context_free(void *mac) +{ + crypto_mac_free_ctx(mac); +} + +sss_status_t glue_mac_update(void *mac, const uint8_t *msg, size_t len) +{ + if (crypto_mac_update(mac, msg, len)) + return kStatus_SSS_Fail; + + return kStatus_SSS_Success; +} + +sss_status_t glue_mac_final(void *mac, uint8_t *buf, size_t len) +{ + if (crypto_mac_final(mac, buf, len)) + return kStatus_SSS_Fail; + + return kStatus_SSS_Success; +} + +sss_status_t glue_mac_one_go(void *mac, const uint8_t *msg, size_t msg_len, + uint8_t *buf, size_t mac_len) +{ + if (crypto_mac_update(mac, msg, msg_len)) + return kStatus_SSS_Fail; + + if (crypto_mac_final(mac, buf, mac_len)) + return kStatus_SSS_Fail; + + return kStatus_SSS_Success; +} + +sss_status_t glue_symmetric_context_init(void **cipher) +{ + if (crypto_cipher_alloc_ctx(cipher, TEE_ALG_AES_CBC_NOPAD)) + return kStatus_SSS_Fail; + + return kStatus_SSS_Success; +} + +sss_status_t glue_cipher_one_go(void *cipher, TEE_OperationMode mode, + uint8_t *iv, size_t iv_len, + uint8_t *key, size_t key_len, + const uint8_t *src, uint8_t *dst, size_t len) +{ + if (crypto_cipher_init(cipher, mode, key, key_len, NULL, 0, iv, iv_len)) + return kStatus_SSS_Fail; + + if (crypto_cipher_update(cipher, 0, true, src, len, dst)) + return kStatus_SSS_Fail; + + crypto_cipher_final(cipher); + + return kStatus_SSS_Success; +} + +void glue_context_free(void *cipher) +{ + crypto_cipher_free_ctx(cipher); +} + +sss_status_t glue_rng_get_random(uint8_t *data, size_t len) +{ + if (IS_ENABLED(CFG_NXP_SE05X_RNG_DRV)) + return kStatus_SSS_InvalidArgument; + + if (crypto_rng_read(data, len)) + return kStatus_SSS_Fail; + + return kStatus_SSS_Success; +} diff --git a/core/drivers/crypto/se050/sub.mk b/core/drivers/crypto/se050/sub.mk index 407dc93a..09572f17 100644 --- a/core/drivers/crypto/se050/sub.mk +++ b/core/drivers/crypto/se050/sub.mk @@ -1,7 +1,5 @@ core-platform-cflags += "-I${CFG_NXP_SE05X_PLUG_AND_TRUST}/optee_lib/include" -cflags-y += -Wno-error -cflags-y += -Wno-implicit-function-declaration cflags-y += -DAX_EMBEDDED=1 cflags-y += -DVERBOSE_APDU_LOGS=0 cflags-y += -DT1oI2C_UM11225 @@ -14,3 +12,5 @@ subdirs-y += adaptors subdirs-y += core srcs-y += session.c +srcs-y += glue/i2c.c +srcs-y += glue/user.c |