diff options
author | Kasoju Mallikarjun <mkasoju@nvidia.com> | 2010-07-20 12:53:18 +0530 |
---|---|---|
committer | Gary King <gking@nvidia.com> | 2010-07-21 09:03:57 -0700 |
commit | dd03be59ae18076839bd3c4d4470bc79a5cd2843 (patch) | |
tree | 9b35cca557aa21f871473a0b2bf381118637a6ae | |
parent | 8ec5b7e6e9f15a341dd72bb4ee0387197df9571f (diff) |
[ARM/tegra]AES:SW WAR for reading updated IV for X9.31
Implemented SW WAR for getting Updated IV for X9.31 using
following steps:
1. Perform CBC encryption on zero data to get
A=CBC(encrypt, plaintext=zeroes)
2. Perform ECB decryption on A. This will result in Updated IV.
UpdatedIV = ECB(decrypt, A)
In the current implementation X9.31 operations are disabled with
key slots where reads of Updated IV have been disabled.
This restriction has been removed now.
Bug 672022
Change-Id: I756d8500e00b9572648eec5803a5a04e25a7b70d
Reviewed-on: http://git-master/r/4129
Tested-by: Mallikarjun Kasoju <mkasoju@nvidia.com>
Reviewed-by: Hanumanth Venkateswa Moganty <vmoganty@nvidia.com>
Reviewed-by: Gary King <gking@nvidia.com>
-rw-r--r-- | arch/arm/mach-tegra/nvddk/nvddk_aes.c | 5 | ||||
-rw-r--r-- | arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c | 18 | ||||
-rw-r--r-- | arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h | 15 | ||||
-rw-r--r-- | arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c | 66 | ||||
-rw-r--r-- | arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h | 14 |
5 files changed, 31 insertions, 87 deletions
diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes.c b/arch/arm/mach-tegra/nvddk/nvddk_aes.c index 2091c42c10f2..9e7008c0e464 100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes.c +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes.c @@ -203,7 +203,6 @@ void NvDdkAesResume(void) pAesHwCtxt = &gs_pAesCoreEngine->AesHwCtxt; NvOsMemset(Iv, 0, sizeof(Iv)); - // Get the dedicated slot for (Engine = AesHwEngine_A; Engine < AesHwEngine_Num; Engine++) { NVDDK_AES_CHECK_INTERFACE(pAesHwCtxt, Engine); @@ -1865,10 +1864,6 @@ NvError AesCoreInitEngine(const NvRmDeviceHandle hRmDevice) pAesHwCtxt, Engine, pAesHwCtxt->ppEngineCaps[Engine]->NumSlotsSupported); - - // Get the Iv read permissions - NVDDK_AES_CHECK_INTERFACE_FUNC(pAesHwCtxt, Engine, AesHwGetIvReadPermissions); - pAesHwCtxt->ppEngineCaps[Engine]->pAesInterf->AesHwGetIvReadPermissions(Engine, pAesHwCtxt); } // Release the H/W semaphore diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c index b2edb6f19b5d..ad94855b149e 100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c @@ -534,24 +534,6 @@ NvAesCoreAp20LoadSskToSecureScratchAndLock( NvRmPhysicalMemUnmap(pPmicBaseAddr, Size); } -void -NvAesCoreAp20GetIvReadPermissions( - const AesHwEngine Engine, - const NvU32 *const pEngineVirAddr, - NvBool *const pReadPermissions) -{ - AesHwKeySlot KeySlot; - NvU32 RegValue = 0; - - NV_ASSERT(pReadPermissions); - - for (KeySlot = AesHwKeySlot_0; KeySlot < AesHwKeySlot_NumExt; KeySlot++) - { - SECURE_INDEXED_REGR(Engine, pEngineVirAddr, KeySlot, RegValue); - SECURE_DRF_READ_VAL(Engine, SECURE_SEC_SEL0, IVREAD_ENB0, RegValue, pReadPermissions[KeySlot]); - } -} - void NvAesCoreAp20KeyReadDisable( const AesHwEngine Engine, const AesHwKeySlot Slot, diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h index 1f7188c256f1..728a3e276165 100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h @@ -206,21 +206,6 @@ NvAesCoreAp20LoadSskToSecureScratchAndLock( const size_t Size); /** - * Get the read permissions for IV for each key slot of an engine. - * - * @param Engine AES Engine for which Iv permissions for an engine are sought. - * @param pEngineVirAddr AES engine virtual address. - * @param pReadPermissions Pointer to read permissions. - * - * @retval None. - */ -void -NvAesCoreAp20GetIvReadPermissions( - const AesHwEngine Engine, - const NvU32 *const pEngineVirAddr, - NvBool *const pReadPermissions); - -/** * Disables read access to the given key slot * * @param Engine AES engine for which read access needs to be disabled diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c b/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c index 1c3d5fa44092..0eeab861f3ad 100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c @@ -90,7 +90,6 @@ Ap20AesHwLoadSskToSecureScratchAndLock( const AesHwKey *const pKey, const size_t Size); static void Ap20AesHwGetUsedSlots(AesCoreEngine *const pAesCoreEngine); -static void Ap20AesHwGetIvReadPermissions(const AesHwEngine Engine, AesHwContext *const pAesHwCtxt); static void Ap20AesHwSetKeyAndIv( const AesHwEngine Engine, @@ -173,9 +172,6 @@ Ap20AesHwSelectKeyIvSlot( // Wait till engine becomes IDLE NvAesCoreAp20WaitTillEngineIdle(Engine, pAesHwCtxt->pVirAdr[Engine]); - // Allow or disallow X9.31 operations - pAesHwCtxt->IsX931OpsDisallowed = !pAesHwCtxt->IvContext[Engine].IsIvReadable[Slot]; - // Select the KEY slot for updating the IV vectors NvAesCoreAp20SelectKeyIvSlot(Engine, pAesHwCtxt->pVirAdr[Engine], Slot); @@ -465,13 +461,6 @@ Ap20AesHwStartEngine( switch (OpMode) { case NvDdkAesOperationalMode_AnsiX931: - { - // If Iv is not readable, don't allow operations to be performed. - // Since setting the Iv also uses this API, it should be enough to - // disallow operations here. - if (pAesHwCtxt->IsX931OpsDisallowed) - return NvError_InvalidState; - } case NvDdkAesOperationalMode_Cbc: case NvDdkAesOperationalMode_Ecb: break; @@ -535,6 +524,37 @@ Ap20AesHwStartEngine( (pDest + DataSize - NvDdkAesConst_BlockLengthBytes), NvDdkAesConst_BlockLengthBytes); } + else if (DataSize && (OpMode == NvDdkAesOperationalMode_AnsiX931)) + { + // For X931 operation, get the updated IV by following steps: + // 1. Perform CBC encryption on zero data to get A=CBC(encrypt, plaintext=zeroes) + // 2. Perform ECB decryption on A. This will result in Updated IV. UpdatedIV = ECB(decrypt, A) + NvOsMemset(pAesHwCtxt->pDmaVirAddr[Engine], 0, NvDdkAesKeySize_128Bit); + NvOsFlushWriteCombineBuffer(); + NvAesCoreAp20ProcessBuffer( + Engine, + pAesHwCtxt->pVirAdr[Engine], + pAesHwCtxt->DmaPhyAddr[Engine], + pAesHwCtxt->DmaPhyAddr[Engine], + 1, + NV_TRUE, + NvDdkAesOperationalMode_Cbc); + NvOsFlushWriteCombineBuffer(); + + NvAesCoreAp20ProcessBuffer( + Engine, + pAesHwCtxt->pVirAdr[Engine], + pAesHwCtxt->DmaPhyAddr[Engine], + pAesHwCtxt->DmaPhyAddr[Engine], + 1, + NV_FALSE, + NvDdkAesOperationalMode_Ecb); + NvOsFlushWriteCombineBuffer(); + NvOsMemcpy(&pAesHwCtxt->IvContext[Engine].CurIv[pAesHwCtxt->IvContext[Engine].CurKeySlot], + pAesHwCtxt->pDmaVirAddr[Engine], + NvDdkAesConst_BlockLengthBytes); + } + NvOsMutexUnlock(pAesHwCtxt->Mutex[Engine]); return NvSuccess; @@ -615,29 +635,6 @@ NvBool Ap20AesHwIsEngineDisabled(const AesHwContext *const pAesHwCtxt, const Aes } /** - * Get the read permissions for IV for each key slot of an engine. - * - * @param Engine AES Engine for which Iv permissions for an engine are sought. - * @param pAesHwCtxt Pointer to the AES H/W context. - * - * @retval None. - * - */ -void Ap20AesHwGetIvReadPermissions(const AesHwEngine Engine, AesHwContext *const pAesHwCtxt) -{ - NV_ASSERT(pAesHwCtxt); - - NvOsMutexLock(pAesHwCtxt->Mutex[Engine]); - - NvAesCoreAp20GetIvReadPermissions( - Engine, - pAesHwCtxt->pVirAdr[Engine], - &pAesHwCtxt->IvContext[Engine].IsIvReadable[0]); - - NvOsMutexUnlock(pAesHwCtxt->Mutex[Engine]); -} - -/** * Disables read access to all key slots for the given engine. * * @param pAesHwCtxt Pointer to the AES H/W context @@ -682,6 +679,5 @@ void NvAesIntfAp20GetHwInterface(AesHwInterface *const pAp20AesHw) pAp20AesHw->AesHwLoadSskToSecureScratchAndLock = Ap20AesHwLoadSskToSecureScratchAndLock; pAp20AesHw->AesHwGetUsedSlots = Ap20AesHwGetUsedSlots; pAp20AesHw->AesHwIsEngineDisabled = Ap20AesHwIsEngineDisabled; - pAp20AesHw->AesHwGetIvReadPermissions = Ap20AesHwGetIvReadPermissions; pAp20AesHw->AesHwDisableAllKeyRead = Ap20AesHwDisableAllKeyRead; } diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h b/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h index 3dcc80966dc9..a1fc9a540481 100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h @@ -84,8 +84,6 @@ typedef struct AesIvContextRec { // Updated/current Iv for each key slot NvU32 CurIv[AesHwKeySlot_NumExt][AES_HW_IV_LENGTH]; - // Iv read permissions for each key slot - NvBool IsIvReadable[AesHwKeySlot_NumExt]; // The current key slot in use AesHwKeySlot CurKeySlot; } AesIvContext; @@ -157,8 +155,6 @@ typedef struct AesHwContextRec NvU32 CommandQueueData[AesHwEngine_Num][AES_HW_MAX_ICQ_LENGTH]; // Iv Context for each AES engine AesIvContext IvContext[AesHwEngine_Num]; - // Indicates whether X9.31 operations are allowed or not - NvBool IsX931OpsDisallowed; } AesHwContext; // AES Core Engine record @@ -391,16 +387,6 @@ struct AesHwInterfaceRec NvBool (*AesHwIsEngineDisabled)(const AesHwContext *const pAesHwCtxt, const AesHwEngine Engine); /** - * Get the read permissions for IV for each key slot of an engine. - * - * @param Engine AES Engine for which Iv permissions for an engine are sought. - * @param pAesHwCtxt Pointer to the AES H/W context. - * - * @retval None. - */ - void (*AesHwGetIvReadPermissions)(const AesHwEngine Engine, AesHwContext *const pAesHwCtxt); - - /** * Disables read access to all key slots for the given engine. * * @param pAesHwCtxt Pointer to the AES H/W context |