fix(intel): extending to support large file size for SHA2/HMAC get digest and verifying
This patch is to extend to support large file size
for SHA2/HMAC get digest and verifying. The large
file will be split into smaller chunk and send using
initialize, update and finalize staging method.
Signed-off-by: Yuslaimi, Alif Zakuan <alif.zakuan.yuslaimi@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I1815deeb61287b32c3e77c5ac1b547b79ef12674
diff --git a/plat/intel/soc/common/include/socfpga_fcs.h b/plat/intel/soc/common/include/socfpga_fcs.h
index 37456bc..893551d 100644
--- a/plat/intel/soc/common/include/socfpga_fcs.h
+++ b/plat/intel/soc/common/include/socfpga_fcs.h
@@ -231,18 +231,19 @@
int intel_fcs_get_digest_init(uint32_t session_id, uint32_t context_id,
uint32_t key_id, uint32_t param_size,
uint64_t param_data, uint32_t *mbox_error);
-int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
+int intel_fcs_get_digest_update_finalize(uint32_t session_id, uint32_t context_id,
uint32_t src_addr, uint32_t src_size,
uint64_t dst_addr, uint32_t *dst_size,
- uint32_t *mbox_error);
+ uint8_t is_finalised, uint32_t *mbox_error);
int intel_fcs_mac_verify_init(uint32_t session_id, uint32_t context_id,
uint32_t key_id, uint32_t param_size,
uint64_t param_data, uint32_t *mbox_error);
-int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
+int intel_fcs_mac_verify_update_finalize(uint32_t session_id, uint32_t context_id,
uint32_t src_addr, uint32_t src_size,
uint64_t dst_addr, uint32_t *dst_size,
- uint32_t data_size, uint32_t *mbox_error);
+ uint32_t data_size, uint8_t is_finalised,
+ uint32_t *mbox_error);
int intel_fcs_ecdsa_hash_sign_init(uint32_t session_id, uint32_t context_id,
uint32_t key_id, uint32_t param_size,
diff --git a/plat/intel/soc/common/include/socfpga_sip_svc.h b/plat/intel/soc/common/include/socfpga_sip_svc.h
index 36ba4aa..f9a6ffd 100644
--- a/plat/intel/soc/common/include/socfpga_sip_svc.h
+++ b/plat/intel/soc/common/include/socfpga_sip_svc.h
@@ -110,8 +110,10 @@
#define INTEL_SIP_SMC_FCS_AES_CRYPT_UPDATE 0x42000075
#define INTEL_SIP_SMC_FCS_AES_CRYPT_FINALIZE 0x42000076
#define INTEL_SIP_SMC_FCS_GET_DIGEST_INIT 0xC2000077
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE 0xC2000078
#define INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE 0xC2000079
#define INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT 0xC200007A
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE 0xC200007B
#define INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE 0xC200007C
#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGN_INIT 0xC200007D
#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGN_FINALIZE 0xC200007F
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index 8e22386..c4e30a2 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -844,13 +844,16 @@
mbox_error);
}
-int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
- uint32_t src_addr, uint32_t src_size,
- uint64_t dst_addr, uint32_t *dst_size,
+int intel_fcs_get_digest_update_finalize(uint32_t session_id,
+ uint32_t context_id, uint32_t src_addr,
+ uint32_t src_size, uint64_t dst_addr,
+ uint32_t *dst_size, uint8_t is_finalised,
uint32_t *mbox_error)
{
int status;
uint32_t i;
+ uint32_t flag;
+ uint32_t crypto_header;
uint32_t resp_len;
uint32_t payload[FCS_GET_DIGEST_CMD_MAX_WORD_SIZE] = {0U};
@@ -875,29 +878,48 @@
resp_len = *dst_size / MBOX_WORD_BYTE;
+ /* Prepare crypto header */
+ flag = 0;
+
+ if (fcs_sha_get_digest_param.is_updated) {
+ fcs_sha_get_digest_param.crypto_param_size = 0;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_INIT;
+ }
+
+ if (is_finalised != 0U) {
+ flag |= FCS_CS_FIELD_FLAG_FINALIZE;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_UPDATE;
+ fcs_sha_get_digest_param.is_updated = 1;
+ }
+
+ crypto_header = ((flag << FCS_CS_FIELD_FLAG_OFFSET) |
+ (fcs_sha_get_digest_param.crypto_param_size &
+ FCS_CS_FIELD_SIZE_MASK));
+
/* Prepare command payload */
i = 0;
- /* Crypto header */
payload[i] = fcs_sha_get_digest_param.session_id;
i++;
payload[i] = fcs_sha_get_digest_param.context_id;
i++;
- payload[i] = fcs_sha_get_digest_param.crypto_param_size
- & FCS_CS_FIELD_SIZE_MASK;
- payload[i] |= (FCS_CS_FIELD_FLAG_INIT | FCS_CS_FIELD_FLAG_UPDATE
- | FCS_CS_FIELD_FLAG_FINALIZE)
- << FCS_CS_FIELD_FLAG_OFFSET;
+ payload[i] = crypto_header;
i++;
- payload[i] = fcs_sha_get_digest_param.key_id;
- i++;
- /* Crypto parameters */
- payload[i] = fcs_sha_get_digest_param.crypto_param
- & INTEL_SIP_SMC_FCS_SHA_MODE_MASK;
- payload[i] |= ((fcs_sha_get_digest_param.crypto_param
- >> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
- & INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
- << FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
- i++;
+
+ if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+ FCS_CS_FIELD_FLAG_INIT) {
+ payload[i] = fcs_sha_get_digest_param.key_id;
+ i++;
+ /* Crypto parameters */
+ payload[i] = fcs_sha_get_digest_param.crypto_param
+ & INTEL_SIP_SMC_FCS_SHA_MODE_MASK;
+ payload[i] |= ((fcs_sha_get_digest_param.crypto_param
+ >> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
+ & INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
+ << FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
+ i++;
+ }
/* Data source address and size */
payload[i] = src_addr;
i++;
@@ -908,7 +930,10 @@
payload, i, CMD_CASUAL,
(uint32_t *) dst_addr, &resp_len);
- memset((void *)&fcs_sha_get_digest_param, 0, sizeof(fcs_crypto_service_data));
+ if (is_finalised != 0U) {
+ memset((void *)&fcs_sha_get_digest_param, 0,
+ sizeof(fcs_crypto_service_data));
+ }
if (status < 0) {
*mbox_error = -status;
@@ -931,13 +956,16 @@
mbox_error);
}
-int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
- uint32_t src_addr, uint32_t src_size,
- uint64_t dst_addr, uint32_t *dst_size,
- uint32_t data_size, uint32_t *mbox_error)
+int intel_fcs_mac_verify_update_finalize(uint32_t session_id,
+ uint32_t context_id, uint32_t src_addr,
+ uint32_t src_size, uint64_t dst_addr,
+ uint32_t *dst_size, uint32_t data_size,
+ uint8_t is_finalised, uint32_t *mbox_error)
{
int status;
uint32_t i;
+ uint32_t flag;
+ uint32_t crypto_header;
uint32_t resp_len;
uint32_t payload[FCS_MAC_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
uintptr_t mac_offset;
@@ -967,45 +995,70 @@
resp_len = *dst_size / MBOX_WORD_BYTE;
+ /* Prepare crypto header */
+ flag = 0;
+
+ if (fcs_sha_mac_verify_param.is_updated) {
+ fcs_sha_mac_verify_param.crypto_param_size = 0;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_INIT;
+ }
+
+ if (is_finalised) {
+ flag |= FCS_CS_FIELD_FLAG_FINALIZE;
+ } else {
+ flag |= FCS_CS_FIELD_FLAG_UPDATE;
+ fcs_sha_mac_verify_param.is_updated = 1;
+ }
+
+ crypto_header = ((flag << FCS_CS_FIELD_FLAG_OFFSET) |
+ (fcs_sha_mac_verify_param.crypto_param_size &
+ FCS_CS_FIELD_SIZE_MASK));
+
/* Prepare command payload */
i = 0;
- /* Crypto header */
payload[i] = fcs_sha_mac_verify_param.session_id;
i++;
payload[i] = fcs_sha_mac_verify_param.context_id;
i++;
- payload[i] = fcs_sha_mac_verify_param.crypto_param_size
- & FCS_CS_FIELD_SIZE_MASK;
- payload[i] |= (FCS_CS_FIELD_FLAG_INIT | FCS_CS_FIELD_FLAG_UPDATE
- | FCS_CS_FIELD_FLAG_FINALIZE)
- << FCS_CS_FIELD_FLAG_OFFSET;
- i++;
- payload[i] = fcs_sha_mac_verify_param.key_id;
+ payload[i] = crypto_header;
i++;
- /* Crypto parameters */
- payload[i] = ((fcs_sha_mac_verify_param.crypto_param
- >> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
- & INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
- << FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
- i++;
+
+ if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+ FCS_CS_FIELD_FLAG_INIT) {
+ payload[i] = fcs_sha_mac_verify_param.key_id;
+ i++;
+ /* Crypto parameters */
+ payload[i] = ((fcs_sha_mac_verify_param.crypto_param
+ >> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
+ & INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
+ << FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
+ i++;
+ }
/* Data source address and size */
payload[i] = src_addr;
i++;
payload[i] = data_size;
i++;
- /* Copy mac data to command */
- mac_offset = src_addr + data_size;
- memcpy((uint8_t *) &payload[i], (uint8_t *) mac_offset,
- src_size - data_size);
- i += (src_size - data_size) / MBOX_WORD_BYTE;
+ if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+ FCS_CS_FIELD_FLAG_FINALIZE) {
+ /* Copy mac data to command */
+ mac_offset = src_addr + data_size;
+ memcpy((uint8_t *) &payload[i], (uint8_t *) mac_offset,
+ src_size - data_size);
+
+ i += (src_size - data_size) / MBOX_WORD_BYTE;
+ }
status = mailbox_send_cmd(MBOX_JOB_ID, MBOX_FCS_MAC_VERIFY_REQ,
payload, i, CMD_CASUAL,
(uint32_t *) dst_addr, &resp_len);
- memset((void *)&fcs_sha_mac_verify_param, 0,
- sizeof(fcs_crypto_service_data));
+ if (is_finalised) {
+ memset((void *)&fcs_sha_mac_verify_param, 0,
+ sizeof(fcs_crypto_service_data));
+ }
if (status < 0) {
*mbox_error = -status;
diff --git a/plat/intel/soc/common/socfpga_sip_svc.c b/plat/intel/soc/common/socfpga_sip_svc.c
index b2133cc..421d59a 100644
--- a/plat/intel/soc/common/socfpga_sip_svc.c
+++ b/plat/intel/soc/common/socfpga_sip_svc.c
@@ -903,11 +903,20 @@
x4, x5, &mbox_error);
SMC_RET2(handle, status, mbox_error);
+ case INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ status = intel_fcs_get_digest_update_finalize(x1, x2, x3,
+ x4, x5, (uint32_t *) &x6, false,
+ &mbox_error);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
case INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE:
x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
- status = intel_fcs_get_digest_finalize(x1, x2, x3,
- x4, x5, (uint32_t *) &x6, &mbox_error);
+ status = intel_fcs_get_digest_update_finalize(x1, x2, x3,
+ x4, x5, (uint32_t *) &x6, true,
+ &mbox_error);
SMC_RET4(handle, status, mbox_error, x5, x6);
case INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT:
@@ -916,12 +925,22 @@
x4, x5, &mbox_error);
SMC_RET2(handle, status, mbox_error);
+ case INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE:
+ x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+ x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+ x7 = SMC_GET_GP(handle, CTX_GPREG_X7);
+ status = intel_fcs_mac_verify_update_finalize(x1, x2, x3,
+ x4, x5, (uint32_t *) &x6, x7,
+ false, &mbox_error);
+ SMC_RET4(handle, status, mbox_error, x5, x6);
+
case INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE:
x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
x7 = SMC_GET_GP(handle, CTX_GPREG_X7);
- status = intel_fcs_mac_verify_finalize(x1, x2, x3,
- x4, x5, (uint32_t *) &x6, x7, &mbox_error);
+ status = intel_fcs_mac_verify_update_finalize(x1, x2, x3,
+ x4, x5, (uint32_t *) &x6, x7,
+ true, &mbox_error);
SMC_RET4(handle, status, mbox_error, x5, x6);
case INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_INIT: