ARM: tegra: Use AES engine for crypto functions

Previously software based AES encryption was used with previously known
device specific keys (SBK), now that we have AES driver we can simply
delegate this to the engine without prior knowledge of the key (assuming
it is still loaded).

Signed-off-by: Ion Agorria <ion@agorria.com>

arch/arm/include/asm/arch-tegra/crypto.h

@@ -10,40 +10,33 @@
 #define TEGRA_AES_SLOT_SBK		0
 
 /**
- * Sign a block of data
+ * sign_data_block - Sign a block of data
  *
- * \param source	Source data
- * \param length	Size of source data
- * \param signature	Destination address for signature, AES_KEY_LENGTH bytes
+ * @source		Source data
+ * @length		Size of source data in bytes
+ * @signature		Destination address for signature, AES_KEY_LENGTH bytes
+ * Return:		0 on success, negative value on failure
  */
 int sign_data_block(u8 *source, unsigned int length, u8 *signature);
 
 /**
- * Sign an encrypted block of data
+ * encrypt_data_block - Encrypt a block of data
  *
- * \param source	Source data
- * \param length	Size of source data
- * \param signature	Destination address for signature, AES_KEY_LENGTH bytes
- * \param key		AES128 encryption key
+ * @source		Source data
+ * @dest		Destination data
+ * @length		Size of source data in bytes
+ * Return:		0 on success, negative value on failure
  */
-int sign_enc_data_block(u8 *source, unsigned int length, u8 *signature, u8 *key);
+int encrypt_data_block(u8 *source, u8 *dest, unsigned int length);
 
 /**
- * Encrypt a block of data
+ * decrypt_data_block - Decrypt a block of data
  *
- * \param source	Source data
- * \param length	Size of source data
- * \param key		AES128 encryption key
+ * @source		Source data
+ * @dest		Destination data
+ * @length		Size of source data in bytes
+ * Return:		0 on success, negative value on failure
  */
-int encrypt_data_block(u8 *source, unsigned int length, u8 *key);
-
-/**
- * Decrypt a block of data
- *
- * \param source	Source data
- * \param length	Size of source data
- * \param key		AES128 encryption key
- */
-int decrypt_data_block(u8 *source, unsigned int length, u8 *key);
+int decrypt_data_block(u8 *source, u8 *dest, unsigned int length);
 
 #endif /* #ifndef _CRYPTO_H_ */

arch/arm/mach-tegra/Kconfig

@@ -17,7 +17,9 @@ config TEGRA_CLKRST
 
 config TEGRA_CRYPTO
 	bool "Tegra AES128 crypto module"
+	select DM_AES
 	select AES
+	select TEGRA_AES
 
 config TEGRA_GP_PADCTRL
 	bool

arch/arm/mach-tegra/crypto.c

@@ -4,164 +4,68 @@
  * (C) Copyright 2010 - 2011 NVIDIA Corporation <www.nvidia.com>
  */
 
+#include <dm.h>
 #include <log.h>
 #include <linux/errno.h>
 #include <asm/arch-tegra/crypto.h>
 #include "uboot_aes.h"
 
-static u8 zero_key[16];
-
-#define AES_CMAC_CONST_RB 0x87  /* from RFC 4493, Figure 2.2 */
-
-enum security_op {
-	SECURITY_SIGN		= 1 << 0,	/* Sign the data */
-	SECURITY_ENCRYPT	= 1 << 1,	/* Encrypt the data */
-	SECURITY_DECRYPT	= 1 << 2,	/* Dectypt the data */
-};
-
-/**
- * Shift a vector left by one bit
- *
- * \param in	Input vector
- * \param out	Output vector
- * \param size	Length of vector in bytes
- */
-static void left_shift_vector(u8 *in, u8 *out, int size)
-{
-	int carry = 0;
-	int i;
-
-	for (i = size - 1; i >= 0; i--) {
-		out[i] = (in[i] << 1) | carry;
-		carry = in[i] >> 7;	/* get most significant bit */
-	}
-}
-
-/**
- * Sign a block of data, putting the result into dst.
- *
- * \param key			Input AES key, length AES128_KEY_LENGTH
- * \param key_schedule		Expanded key to use
- * \param src			Source data of length 'num_aes_blocks' blocks
- * \param dst			Destination buffer, length AES128_KEY_LENGTH
- * \param num_aes_blocks	Number of AES blocks to encrypt
- */
-static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst,
-			u32 num_aes_blocks)
-{
-	u8 tmp_data[AES128_KEY_LENGTH];
-	u8 iv[AES128_KEY_LENGTH] = {0};
-	u8 left[AES128_KEY_LENGTH];
-	u8 k1[AES128_KEY_LENGTH];
-	u8 *cbc_chain_data;
-	unsigned int i;
-
-	cbc_chain_data = zero_key;	/* Convenient array of 0's for IV */
-
-	/* compute K1 constant needed by AES-CMAC calculation */
-	for (i = 0; i < AES128_KEY_LENGTH; i++)
-		tmp_data[i] = 0;
-
-	aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv,
-			       tmp_data, left, 1);
-
-	left_shift_vector(left, k1, sizeof(left));
-
-	if ((left[0] >> 7) != 0) /* get MSB of L */
-		k1[AES128_KEY_LENGTH - 1] ^= AES_CMAC_CONST_RB;
-
-	/* compute the AES-CMAC value */
-	for (i = 0; i < num_aes_blocks; i++) {
-		/* Apply the chain data */
-		aes_apply_cbc_chain_data(cbc_chain_data, src, tmp_data);
-
-		/* for the final block, XOR K1 into the IV */
-		if (i == num_aes_blocks - 1)
-			aes_apply_cbc_chain_data(tmp_data, k1, tmp_data);
-
-		/* encrypt the AES block */
-		aes_encrypt(AES128_KEY_LENGTH, tmp_data,
-			    key_schedule, dst);
-
-		debug("sign_obj: block %d of %d\n", i, num_aes_blocks);
-
-		/* Update pointers for next loop. */
-		cbc_chain_data = dst;
-		src += AES128_KEY_LENGTH;
-	}
-}
-
-/**
- * Decrypt, encrypt or sign a block of data (depending on security mode).
- *
- * \param key		Input AES key, length AES128_KEY_LENGTH
- * \param oper		Security operations mask to perform (enum security_op)
- * \param src		Source data
- * \param length	Size of source data
- * \param sig_dst	Destination address for signature, AES128_KEY_LENGTH bytes
- */
-static int tegra_crypto_core(u8 *key, enum security_op oper, u8 *src,
-			     u32 length, u8 *sig_dst)
-{
-	u32 num_aes_blocks;
-	u8 key_schedule[AES128_EXPAND_KEY_LENGTH];
-	u8 iv[AES128_KEY_LENGTH] = {0};
-
-	debug("%s: length = %d\n", __func__, length);
-
-	aes_expand_key(key, AES128_KEY_LENGTH, key_schedule);
-
-	num_aes_blocks = (length + AES128_KEY_LENGTH - 1) / AES128_KEY_LENGTH;
-
-	if (oper & SECURITY_DECRYPT) {
-		/* Perform this in place, resulting in src being decrypted. */
-		debug("%s: begin decryption\n", __func__);
-		aes_cbc_decrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv, src,
-				       src, num_aes_blocks);
-		debug("%s: end decryption\n", __func__);
-	}
-
-	if (oper & SECURITY_ENCRYPT) {
-		/* Perform this in place, resulting in src being encrypted. */
-		debug("%s: begin encryption\n", __func__);
-		aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv, src,
-				       src, num_aes_blocks);
-		debug("%s: end encryption\n", __func__);
-	}
-
-	if (oper & SECURITY_SIGN) {
-		/* encrypt the data, overwriting the result in signature. */
-		debug("%s: begin signing\n", __func__);
-		sign_object(key, key_schedule, src, sig_dst, num_aes_blocks);
-		debug("%s: end signing\n", __func__);
-	}
-
-	return 0;
-}
-
-/**
- * Tegra crypto group
- */
 int sign_data_block(u8 *source, unsigned int length, u8 *signature)
 {
-	return tegra_crypto_core(zero_key, SECURITY_SIGN, source,
-				 length, signature);
+	struct udevice *dev;
+	int ret;
+
+	/* Only one AES engine should be present */
+	ret = uclass_get_device(UCLASS_AES, 0, &dev);
+	if (ret) {
+		log_err("%s: failed to get tegra_aes: %d\n", __func__, ret);
+		return ret;
+	}
+
+	ret = dm_aes_select_key_slot(dev, 128, TEGRA_AES_SLOT_SBK);
+	if (ret)
+		return ret;
+
+	return dm_aes_cmac(dev, source, signature,
+			   DIV_ROUND_UP(length, AES_BLOCK_LENGTH));
 }
 
-int sign_enc_data_block(u8 *source, unsigned int length, u8 *signature, u8 *key)
+int encrypt_data_block(u8 *source, u8 *dest, unsigned int length)
 {
-	return tegra_crypto_core(key, SECURITY_SIGN, source,
-				 length, signature);
+	struct udevice *dev;
+	int ret;
+
+	/* Only one AES engine should be present */
+	ret = uclass_get_device(UCLASS_AES, 0, &dev);
+	if (ret) {
+		log_err("%s: failed to get tegra_aes: %d\n", __func__, ret);
+		return ret;
+	}
+
+	ret = dm_aes_select_key_slot(dev, 128, TEGRA_AES_SLOT_SBK);
+	if (ret)
+		return ret;
+
+	return dm_aes_cbc_encrypt(dev, (u8 *)AES_ZERO_BLOCK, source, dest,
+				  DIV_ROUND_UP(length, AES_BLOCK_LENGTH));
 }
 
-int encrypt_data_block(u8 *source, unsigned int length, u8 *key)
+int decrypt_data_block(u8 *source, u8 *dest, unsigned int length)
 {
-	return tegra_crypto_core(key, SECURITY_ENCRYPT, source,
-				 length, NULL);
-}
+	struct udevice *dev;
+	int ret;
 
-int decrypt_data_block(u8 *source, unsigned int length, u8 *key)
-{
-	return tegra_crypto_core(key, SECURITY_DECRYPT, source,
-				 length, NULL);
+	/* Only one AES engine should be present */
+	ret = uclass_get_device(UCLASS_AES, 0, &dev);
+	if (ret) {
+		log_err("%s: failed to get tegra_aes: %d\n", __func__, ret);
+		return ret;
+	}
+
+	ret = dm_aes_select_key_slot(dev, 128, TEGRA_AES_SLOT_SBK);
+	if (ret)
+		return ret;
+
+	return dm_aes_cbc_decrypt(dev, (u8 *)AES_ZERO_BLOCK, source, dest,
+				  DIV_ROUND_UP(length, AES_BLOCK_LENGTH));
 }

arch/arm/mach-tegra/tegra124/bct.c

@@ -9,12 +9,10 @@
 #include <vsprintf.h>
 #include <linux/string.h>
 #include <asm/arch-tegra/crypto.h>
+#include <asm/arch-tegra/fuse.h>
 #include "bct.h"
 #include "uboot_aes.h"
 
-/* Device with "sbk burned: false" will expose zero key */
-const u8 nosbk[AES128_KEY_LENGTH] = { 0 };
-
 /*
  * @param  bct		boot config table start in RAM
  * @param  ect		bootloader start in RAM
@@ -26,29 +24,25 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
 	struct nvboot_config_table *bct_tbl = NULL;
 	u8 ebt_hash[AES128_KEY_LENGTH] = { 0 };
 	u8 bct_hash[AES128_KEY_LENGTH] = { 0 };
-	u8 sbk[AES128_KEY_LENGTH] = { 0 };
 	u8 *sbct = bct + UBCT_LENGTH;
 	bool encrypted;
 	int ret;
 
 	ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
 
-	memcpy(sbk, (u8 *)(bct + UBCT_LENGTH + SBCT_LENGTH),
-	       NVBOOT_CMAC_AES_HASH_LENGTH * 4);
-
-	encrypted = memcmp(&sbk, &nosbk, AES128_KEY_LENGTH);
+	encrypted = tegra_fuse_get_operation_mode() == MODE_ODM_PRODUCTION_SECURE;
 
 	if (encrypted) {
-		ret = decrypt_data_block(sbct, SBCT_LENGTH, sbk);
+		ret = decrypt_data_block(sbct, sbct, SBCT_LENGTH);
 		if (ret)
 			return 1;
 
-		ret = encrypt_data_block(ebt, ebt_size, sbk);
+		ret = encrypt_data_block(ebt, ebt, ebt_size);
 		if (ret)
 			return 1;
 	}
 
-	ret = sign_enc_data_block(ebt, ebt_size, ebt_hash, sbk);
+	ret = sign_data_block(ebt, ebt_size, ebt_hash);
 	if (ret)
 		return 1;
 
@@ -61,12 +55,12 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
 	bct_tbl->bootloader[0].length = ebt_size;
 
 	if (encrypted) {
-		ret = encrypt_data_block(sbct, SBCT_LENGTH, sbk);
+		ret = encrypt_data_block(sbct, sbct, SBCT_LENGTH);
 		if (ret)
 			return 1;
 	}
 
-	ret = sign_enc_data_block(sbct, SBCT_LENGTH, bct_hash, sbk);
+	ret = sign_data_block(sbct, SBCT_LENGTH, bct_hash);
 	if (ret)
 		return 1;
 

arch/arm/mach-tegra/tegra20/bct.c

@@ -9,12 +9,10 @@
 #include <vsprintf.h>
 #include <linux/string.h>
 #include <asm/arch-tegra/crypto.h>
+#include <asm/arch-tegra/fuse.h>
 #include "bct.h"
 #include "uboot_aes.h"
 
-/* Device with "sbk burned: false" will expose zero key */
-const u8 nosbk[AES128_KEY_LENGTH] = { 0 };
-
 /*
  * @param  bct		boot config table start in RAM
  * @param  ect		bootloader start in RAM
@@ -25,7 +23,6 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
 {
 	struct nvboot_config_table *bct_tbl = NULL;
 	u8 ebt_hash[AES128_KEY_LENGTH] = { 0 };
-	u8 sbk[AES128_KEY_LENGTH] = { 0 };
 	u8 *bct_hash = bct;
 	bool encrypted;
 	int ret;
@@ -34,22 +31,19 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
 
 	ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
 
-	memcpy(sbk, (u8 *)(bct + BCT_LENGTH),
-	       NVBOOT_CMAC_AES_HASH_LENGTH * 4);
-
-	encrypted = memcmp(&sbk, &nosbk, AES128_KEY_LENGTH);
+	encrypted = tegra_fuse_get_operation_mode() == MODE_ODM_PRODUCTION_SECURE;
 
 	if (encrypted) {
-		ret = decrypt_data_block(bct, BCT_LENGTH, sbk);
+		ret = decrypt_data_block(bct, bct, BCT_LENGTH);
 		if (ret)
 			return 1;
 
-		ret = encrypt_data_block(ebt, ebt_size, sbk);
+		ret = encrypt_data_block(ebt, ebt, ebt_size);
 		if (ret)
 			return 1;
 	}
 
-	ret = sign_enc_data_block(ebt, ebt_size, ebt_hash, sbk);
+	ret = sign_data_block(ebt, ebt_size, ebt_hash);
 	if (ret)
 		return 1;
 
@@ -62,12 +56,12 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
 	bct_tbl->bootloader[0].length = ebt_size;
 
 	if (encrypted) {
-		ret = encrypt_data_block(bct, BCT_LENGTH, sbk);
+		ret = encrypt_data_block(bct, bct, BCT_LENGTH);
 		if (ret)
 			return 1;
 	}
 
-	ret = sign_enc_data_block(bct, BCT_LENGTH, bct_hash, sbk);
+	ret = sign_data_block(bct, BCT_LENGTH, bct_hash);
 	if (ret)
 		return 1;
 

arch/arm/mach-tegra/tegra30/bct.c

@@ -9,12 +9,10 @@
 #include <vsprintf.h>
 #include <linux/string.h>
 #include <asm/arch-tegra/crypto.h>
+#include <asm/arch-tegra/fuse.h>
 #include "bct.h"
 #include "uboot_aes.h"
 
-/* Device with "sbk burned: false" will expose zero key */
-const u8 nosbk[AES128_KEY_LENGTH] = { 0 };
-
 /*
  * @param  bct		boot config table start in RAM
  * @param  ect		bootloader start in RAM
@@ -25,7 +23,6 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
 {
 	struct nvboot_config_table *bct_tbl = NULL;
 	u8 ebt_hash[AES128_KEY_LENGTH] = { 0 };
-	u8 sbk[AES128_KEY_LENGTH] = { 0 };
 	u8 *bct_hash = bct;
 	bool encrypted;
 	int ret;
@@ -34,22 +31,19 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
 
 	ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
 
-	memcpy(sbk, (u8 *)(bct + BCT_LENGTH),
-	       NVBOOT_CMAC_AES_HASH_LENGTH * 4);
-
-	encrypted = memcmp(&sbk, &nosbk, AES128_KEY_LENGTH);
+	encrypted = tegra_fuse_get_operation_mode() == MODE_ODM_PRODUCTION_SECURE;
 
 	if (encrypted) {
-		ret = decrypt_data_block(bct, BCT_LENGTH, sbk);
+		ret = decrypt_data_block(bct, bct, BCT_LENGTH);
 		if (ret)
 			return 1;
 
-		ret = encrypt_data_block(ebt, ebt_size, sbk);
+		ret = encrypt_data_block(ebt, ebt, ebt_size);
 		if (ret)
 			return 1;
 	}
 
-	ret = sign_enc_data_block(ebt, ebt_size, ebt_hash, sbk);
+	ret = sign_data_block(ebt, ebt_size, ebt_hash);
 	if (ret)
 		return 1;
 
@@ -62,12 +56,12 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
 	bct_tbl->bootloader[0].length = ebt_size;
 
 	if (encrypted) {
-		ret = encrypt_data_block(bct, BCT_LENGTH, sbk);
+		ret = encrypt_data_block(bct, bct, BCT_LENGTH);
 		if (ret)
 			return 1;
 	}
 
-	ret = sign_enc_data_block(bct, BCT_LENGTH, bct_hash, sbk);
+	ret = sign_data_block(bct, BCT_LENGTH, bct_hash);
 	if (ret)
 		return 1;