drivers: se050: glue layer

The glue layer implements functionality required by the Plug And Trust
library from OP-TEE.

1) user crypto operations: these operations must run outside the SE050
in order to implement SCP03.

2) i2c operations: these operations provide access to the I2C bus to
communicate with the SE050.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

3 files changed, 185 insertions, 2 deletions

diff --git a/core/drivers/crypto/se050/glue/i2c.c b/core/drivers/crypto/se050/glue/i2c.c
new file mode 100644
index 00000000..387b0465
--- /dev/null
+++ b/core/drivers/crypto/se050/glue/i2c.c
@@ -0,0 +1,88 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (C) Foundries Ltd. 2020 - All Rights Reserved
+ * Author: Jorge Ramirez <jorge@foundries.io>
+ */
+
+#include <compiler.h>
+#include <drivers/imx_i2c.h>
+#include <glue.h>
+#include <initcall.h>
+#include <kernel/rpc_io_i2c.h>
+#include <phNxpEsePal_i2c.h>
+
+static TEE_Result (*transfer)(struct rpc_i2c_request *req, size_t *bytes);
+
+static TEE_Result native_i2c_transfer(struct rpc_i2c_request *req,
+				      size_t *bytes)
+{
+	TEE_Result ret = TEE_ERROR_GENERIC;
+
+	if (req->mode == RPC_I2C_MODE_READ)
+		ret = imx_i2c_read(req->bus, req->chip, req->buffer,
+				   req->buffer_len);
+	else
+		ret = imx_i2c_write(req->bus, req->chip, req->buffer,
+				    req->buffer_len);
+
+	if (!ret)
+		*bytes = req->buffer_len;
+
+	return ret;
+}
+
+static int i2c_transfer(uint8_t *buffer, int len, enum rpc_i2c_mode mode)
+{
+	struct rpc_i2c_request request = {
+		.bus = CFG_CORE_SE05X_I2C_BUS,
+		.chip = SMCOM_I2C_ADDRESS >> 1,
+		.mode = mode,
+		.buffer = buffer,
+		.buffer_len = len,
+		.flags = 0,
+	};
+	size_t bytes = 0;
+	int retry = 5;
+
+	do {
+		if ((*transfer)(&request, &bytes) == TEE_SUCCESS)
+			return bytes;
+	} while (--retry);
+
+	return -1;
+}
+
+int glue_i2c_read(uint8_t *buffer, int len)
+{
+	return i2c_transfer(buffer, len, RPC_I2C_MODE_READ);
+}
+
+int glue_i2c_write(uint8_t *buffer, int len)
+{
+	return i2c_transfer(buffer, len, RPC_I2C_MODE_WRITE);
+}
+
+int glue_i2c_init(void)
+{
+	if (transfer == &rpc_io_i2c_transfer)
+		return 0;
+
+	transfer = &native_i2c_transfer;
+
+	if (imx_i2c_init(CFG_CORE_SE05X_I2C_BUS, CFG_CORE_SE05X_BAUDRATE))
+		return -1;
+
+	if (imx_i2c_probe(CFG_CORE_SE05X_I2C_BUS, SMCOM_I2C_ADDRESS >> 1))
+		return -1;
+
+	return 0;
+}
+
+static TEE_Result load_trampoline(void)
+{
+	transfer = &rpc_io_i2c_transfer;
+
+	return TEE_SUCCESS;
+}
+
+boot_final(load_trampoline);
diff --git a/core/drivers/crypto/se050/glue/user.c b/core/drivers/crypto/se050/glue/user.c
new file mode 100644
index 00000000..9c762de6
--- /dev/null
+++ b/core/drivers/crypto/se050/glue/user.c
@@ -0,0 +1,95 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (C) Foundries Ltd. 2020 - All Rights Reserved
+ * Author: Jorge Ramirez <jorge@foundries.io>
+ */
+#include <compiler.h>
+#include <config.h>
+#include <crypto/crypto.h>
+#include <fsl_sss_user_apis.h>
+#include <glue.h>
+#include <stdlib.h>
+
+sss_status_t glue_mac_context_init(void **mac, const uint8_t *key, size_t len)
+{
+	if (crypto_mac_alloc_ctx(mac, TEE_ALG_AES_CMAC))
+		return kStatus_SSS_Fail;
+
+	if (crypto_mac_init(*mac, key, len))
+		return kStatus_SSS_Fail;
+
+	return kStatus_SSS_Success;
+}
+
+void glue_mac_context_free(void *mac)
+{
+	crypto_mac_free_ctx(mac);
+}
+
+sss_status_t glue_mac_update(void *mac, const uint8_t *msg, size_t len)
+{
+	if (crypto_mac_update(mac, msg, len))
+		return kStatus_SSS_Fail;
+
+	return kStatus_SSS_Success;
+}
+
+sss_status_t glue_mac_final(void *mac, uint8_t *buf, size_t len)
+{
+	if (crypto_mac_final(mac, buf, len))
+		return kStatus_SSS_Fail;
+
+	return kStatus_SSS_Success;
+}
+
+sss_status_t glue_mac_one_go(void *mac, const uint8_t *msg, size_t msg_len,
+			     uint8_t *buf, size_t mac_len)
+{
+	if (crypto_mac_update(mac, msg, msg_len))
+		return kStatus_SSS_Fail;
+
+	if (crypto_mac_final(mac, buf, mac_len))
+		return kStatus_SSS_Fail;
+
+	return kStatus_SSS_Success;
+}
+
+sss_status_t glue_symmetric_context_init(void **cipher)
+{
+	if (crypto_cipher_alloc_ctx(cipher, TEE_ALG_AES_CBC_NOPAD))
+		return kStatus_SSS_Fail;
+
+	return kStatus_SSS_Success;
+}
+
+sss_status_t glue_cipher_one_go(void *cipher, TEE_OperationMode mode,
+				uint8_t *iv, size_t iv_len,
+				uint8_t *key, size_t key_len,
+				const uint8_t *src, uint8_t *dst, size_t len)
+{
+	if (crypto_cipher_init(cipher, mode, key, key_len, NULL, 0, iv, iv_len))
+		return kStatus_SSS_Fail;
+
+	if (crypto_cipher_update(cipher, 0, true, src, len, dst))
+		return kStatus_SSS_Fail;
+
+	crypto_cipher_final(cipher);
+
+	return kStatus_SSS_Success;
+}
+
+void glue_context_free(void *cipher)
+{
+	crypto_cipher_free_ctx(cipher);
+}
+
+sss_status_t glue_rng_get_random(uint8_t *data, size_t len)
+{
+	if (IS_ENABLED(CFG_NXP_SE05X_RNG_DRV))
+		return kStatus_SSS_InvalidArgument;
+
+	if (crypto_rng_read(data, len))
+		return kStatus_SSS_Fail;
+
+	return kStatus_SSS_Success;
+}
diff --git a/core/drivers/crypto/se050/sub.mk b/core/drivers/crypto/se050/sub.mk
index 407dc93a..09572f17 100644
--- a/core/drivers/crypto/se050/sub.mk
+++ b/core/drivers/crypto/se050/sub.mk
@@ -1,7 +1,5 @@
 core-platform-cflags += "-I${CFG_NXP_SE05X_PLUG_AND_TRUST}/optee_lib/include"
 
-cflags-y += -Wno-error
-cflags-y += -Wno-implicit-function-declaration
 cflags-y += -DAX_EMBEDDED=1
 cflags-y += -DVERBOSE_APDU_LOGS=0
 cflags-y += -DT1oI2C_UM11225
@@ -14,3 +12,5 @@ subdirs-y += adaptors
 subdirs-y += core
 
 srcs-y += session.c
+srcs-y += glue/i2c.c
+srcs-y += glue/user.c