1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright 2021 NXP 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu * 6*91f16700Schasinglulu */ 7*91f16700Schasinglulu 8*91f16700Schasinglulu #include <errno.h> 9*91f16700Schasinglulu #include <stdbool.h> 10*91f16700Schasinglulu #include <stdint.h> 11*91f16700Schasinglulu #include <stdio.h> 12*91f16700Schasinglulu #include <stdlib.h> 13*91f16700Schasinglulu #include <string.h> 14*91f16700Schasinglulu 15*91f16700Schasinglulu #include "caam.h" 16*91f16700Schasinglulu #include <common/debug.h> 17*91f16700Schasinglulu #include "jobdesc.h" 18*91f16700Schasinglulu #include "sec_hw_specific.h" 19*91f16700Schasinglulu 20*91f16700Schasinglulu 21*91f16700Schasinglulu /* Callback function after Instantiation descriptor is submitted to SEC 22*91f16700Schasinglulu */ 23*91f16700Schasinglulu static void blob_done(uint32_t *desc, uint32_t status, void *arg, 24*91f16700Schasinglulu void *job_ring) 25*91f16700Schasinglulu { 26*91f16700Schasinglulu INFO("Blob Desc SUCCESS with status %x\n", status); 27*91f16700Schasinglulu } 28*91f16700Schasinglulu 29*91f16700Schasinglulu /* @brief Submit descriptor to create blob 30*91f16700Schasinglulu * @retval 0 on success 31*91f16700Schasinglulu * @retval -1 on error 32*91f16700Schasinglulu */ 33*91f16700Schasinglulu int get_hw_unq_key_blob_hw(uint8_t *hw_key, int size) 34*91f16700Schasinglulu { 35*91f16700Schasinglulu int ret = 0; 36*91f16700Schasinglulu int i = 0; 37*91f16700Schasinglulu 38*91f16700Schasinglulu uint32_t key_sz = KEY_IDNFR_SZ_BYTES; 39*91f16700Schasinglulu uint8_t key_data[KEY_IDNFR_SZ_BYTES]; 40*91f16700Schasinglulu uint8_t in_data[16]; 41*91f16700Schasinglulu uint8_t out_data[16 + KEY_BLOB_SIZE + MAC_SIZE]; 42*91f16700Schasinglulu struct job_descriptor desc __aligned(CACHE_WRITEBACK_GRANULE); 43*91f16700Schasinglulu struct job_descriptor *jobdesc = &desc; 44*91f16700Schasinglulu uint32_t in_sz = 16U; 45*91f16700Schasinglulu 46*91f16700Schasinglulu /* Output blob will have 32 bytes key blob in beginning and 47*91f16700Schasinglulu * 16 byte HMAC identifier at end of data blob 48*91f16700Schasinglulu */ 49*91f16700Schasinglulu uint32_t out_sz = in_sz + KEY_BLOB_SIZE + MAC_SIZE; 50*91f16700Schasinglulu 51*91f16700Schasinglulu uint32_t operation = CMD_OPERATION | OP_TYPE_ENCAP_PROTOCOL | 52*91f16700Schasinglulu OP_PCLID_BLOB | BLOB_PROTO_INFO; 53*91f16700Schasinglulu 54*91f16700Schasinglulu memset(key_data, 0xff, KEY_IDNFR_SZ_BYTES); 55*91f16700Schasinglulu memset(in_data, 0x00, in_sz); 56*91f16700Schasinglulu memset(out_data, 0x00, in_sz); 57*91f16700Schasinglulu 58*91f16700Schasinglulu jobdesc->arg = NULL; 59*91f16700Schasinglulu jobdesc->callback = blob_done; 60*91f16700Schasinglulu 61*91f16700Schasinglulu INFO("\nGenerating Master Key Verification Blob.\n"); 62*91f16700Schasinglulu 63*91f16700Schasinglulu /* Create the hw_rng descriptor */ 64*91f16700Schasinglulu ret = cnstr_hw_encap_blob_jobdesc(jobdesc->desc, key_data, key_sz, 65*91f16700Schasinglulu CLASS_2, in_data, in_sz, out_data, 66*91f16700Schasinglulu out_sz, operation); 67*91f16700Schasinglulu 68*91f16700Schasinglulu /* Finally, generate the blob. */ 69*91f16700Schasinglulu ret = run_descriptor_jr(jobdesc); 70*91f16700Schasinglulu if (ret != 0) { 71*91f16700Schasinglulu ERROR("Error in running hw unq key blob descriptor\n"); 72*91f16700Schasinglulu return -1; 73*91f16700Schasinglulu } 74*91f16700Schasinglulu /* Copying alternate bytes of the Master Key Verification Blob. 75*91f16700Schasinglulu */ 76*91f16700Schasinglulu for (i = 0; i < size; i++) { 77*91f16700Schasinglulu hw_key[i] = out_data[2 * i]; 78*91f16700Schasinglulu } 79*91f16700Schasinglulu 80*91f16700Schasinglulu return ret; 81*91f16700Schasinglulu } 82