crypto/fsl: Add command for encapsulating/decapsulating blobs
Freescale's SEC block has built-in Blob Protocol which provides
a method for protecting user-defined data across system power
cycles. SEC block protects data in a data structure called a Blob,
which provides both confidentiality and integrity protection.
Encapsulating data as a blob
Each time that the Blob Protocol is used to protect data, a
different randomly generated key is used to encrypt the data.
This random key is itself encrypted using a key which is derived
from SoC's non volatile secret key and a 16 bit Key identifier.
The resulting encrypted key along with encrypted data is called a blob.
The non volatile secure key is available for use only during secure boot.
During decapsulation, the reverse process is performed to get back
the original data.
Commands added
--------------
blob enc - encapsulating data as a cryptgraphic blob
blob dec - decapsulating cryptgraphic blob to get the data
Commands Syntax
---------------
blob enc src dst len km
Encapsulate and create blob of data $len bytes long
at address $src and store the result at address $dst.
$km is the 16 byte key modifier is also required for
generation/use as key for cryptographic operation. Key
modifier should be 16 byte long.
blob dec src dst len km
Decapsulate the blob of data at address $src and
store result of $len byte at addr $dst.
$km is the 16 byte key modifier is also required for
generation/use as key for cryptographic operation. Key
modifier should be 16 byte long.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
diff --git a/drivers/crypto/fsl/fsl_blob.c b/drivers/crypto/fsl/fsl_blob.c
new file mode 100644
index 0000000..bc01075
--- /dev/null
+++ b/drivers/crypto/fsl/fsl_blob.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2014 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ *
+ */
+
+#include <common.h>
+#include <malloc.h>
+#include "jobdesc.h"
+#include "desc.h"
+#include "jr.h"
+
+int blob_decrypt(u8 *key_mod, u8 *src, u8 *dst, u8 len)
+{
+ int ret, i = 0;
+ u32 *desc;
+
+ printf("\nDecapsulating data to form blob\n");
+ desc = malloc(sizeof(int) * MAX_CAAM_DESCSIZE);
+ if (!desc) {
+ debug("Not enough memory for descriptor allocation\n");
+ return -1;
+ }
+
+ inline_cnstr_jobdesc_blob_decap(desc, key_mod, src, dst, len);
+
+ for (i = 0; i < 14; i++)
+ printf("%x\n", *(desc + i));
+ ret = run_descriptor_jr(desc);
+
+ if (ret)
+ printf("Error in Decapsulation %d\n", ret);
+
+ free(desc);
+ return ret;
+}
+
+int blob_encrypt(u8 *key_mod, u8 *src, u8 *dst, u8 len)
+{
+ int ret, i = 0;
+ u32 *desc;
+
+ printf("\nEncapsulating data to form blob\n");
+ desc = malloc(sizeof(int) * MAX_CAAM_DESCSIZE);
+ if (!desc) {
+ debug("Not enough memory for descriptor allocation\n");
+ return -1;
+ }
+
+ inline_cnstr_jobdesc_blob_encap(desc, key_mod, src, dst, len);
+ for (i = 0; i < 14; i++)
+ printf("%x\n", *(desc + i));
+ ret = run_descriptor_jr(desc);
+
+ if (ret)
+ printf("Error in Encapsulation %d\n", ret);
+
+ free(desc);
+ return ret;
+}