Skip to content
This repository has been archived by the owner on Aug 29, 2024. It is now read-only.

Commit

Permalink
Merge "Get raw secret from secure world"
Browse files Browse the repository at this point in the history
  • Loading branch information
qctecmdr authored and Gerrit - the friendly Code Review server committed Jul 24, 2020
2 parents 0873aa6 + b0fb0c9 commit d16f8f0
Show file tree
Hide file tree
Showing 5 changed files with 77 additions and 15 deletions.
17 changes: 4 additions & 13 deletions drivers/mmc/host/cqhci-crypto-qti.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,19 +129,10 @@ static int cqhci_crypto_qti_derive_raw_secret(struct keyslot_manager *ksm,
{
int err = 0;

if (wrapped_key_size <= RAW_SECRET_SIZE) {
pr_err("%s: Invalid wrapped_key_size: %u\n", __func__,
wrapped_key_size);
err = -EINVAL;
return err;
}
if (secret_size != RAW_SECRET_SIZE) {
pr_err("%s: Invalid secret size: %u\n", __func__, secret_size);
err = -EINVAL;
return err;
}
memcpy(secret, wrapped_key, secret_size);
return 0;
err = crypto_qti_derive_raw_secret(wrapped_key, wrapped_key_size,
secret, secret_size);

return err;
}

static const struct keyslot_mgmt_ll_ops cqhci_crypto_qti_ksm_ops = {
Expand Down
6 changes: 5 additions & 1 deletion drivers/soc/qcom/crypto-qti-common.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -461,7 +461,11 @@ int crypto_qti_derive_raw_secret(const u8 *wrapped_key,
return err;
}

memcpy(secret, wrapped_key, secret_size);
if (wrapped_key_size > 64)
err = crypto_qti_tz_raw_secret(wrapped_key, wrapped_key_size,
secret, secret_size);
else
memcpy(secret, wrapped_key, secret_size);

return err;
}
9 changes: 9 additions & 0 deletions drivers/soc/qcom/crypto-qti-platform.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ int crypto_qti_program_key(struct crypto_vops_qti_entry *ice_entry,
unsigned int data_unit_mask, int capid);
int crypto_qti_invalidate_key(struct crypto_vops_qti_entry *ice_entry,
unsigned int slot);
int crypto_qti_tz_raw_secret(const u8 *wrapped_key,
unsigned int wrapped_key_size, u8 *secret,
unsigned int secret_size);
#else
static inline int crypto_qti_program_key(
struct crypto_vops_qti_entry *ice_entry,
Expand All @@ -31,6 +34,12 @@ static inline int crypto_qti_invalidate_key(
{
return 0;
}
static int crypto_qti_tz_raw_secret(u8 *wrapped_key,
unsigned int wrapped_key_size,
u8 *secret, unsigned int secret_size)
{
return 0;
}
#endif /* CONFIG_QTI_CRYPTO_TZ */

static inline void crypto_qti_disable_platform(
Expand Down
50 changes: 49 additions & 1 deletion drivers/soc/qcom/crypto-qti-tz.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ int crypto_qti_program_key(struct crypto_vops_qti_entry *ice_entry,
desc.arginfo = TZ_ES_CONFIG_SET_ICE_KEY_CE_TYPE_PARAM_ID;
desc.args[0] = slot;
desc.args[1] = shm.paddr;
desc.args[2] = shm.size;
desc.args[2] = key->size;
desc.args[3] = ICE_CIPHER_MODE_XTS_256;
desc.args[4] = data_unit_mask;
desc.args[5] = storage_type;
Expand Down Expand Up @@ -93,6 +93,54 @@ int crypto_qti_invalidate_key(
return err;
}

int crypto_qti_tz_raw_secret(const u8 *wrapped_key,
unsigned int wrapped_key_size, u8 *secret,
unsigned int secret_size)
{
int err = 0;
struct qtee_shm shm_key, shm_secret;
uint32_t smc_id = 0;

struct scm_desc desc = {0};
char *tzbuf_key;

err = qtee_shmbridge_allocate_shm(wrapped_key_size, &shm_key);
if (err)
return -ENOMEM;

err = qtee_shmbridge_allocate_shm(secret_size, &shm_secret);
if (err)
return -ENOMEM;

tzbuf_key = shm_key.vaddr;
memcpy(tzbuf_key, wrapped_key, wrapped_key_size);
dmac_flush_range(tzbuf_key, tzbuf_key + wrapped_key_size);

smc_id = TZ_ES_RETRIEVE_RAW_SECRET_CE_TYPE_ID;
desc.arginfo = TZ_ES_RETRIEVE_RAW_SECRET_CE_TYPE_PARAM_ID;
desc.args[0] = shm_key.paddr;
desc.args[1] = wrapped_key_size;
desc.args[2] = shm_secret.paddr;
desc.args[3] = secret_size;

memset(shm_secret.vaddr, 0, secret_size);
dmac_flush_range(shm_secret.vaddr, shm_secret.vaddr + secret_size);

err = scm_call2_noretry(smc_id, &desc);
if (err) {
pr_err("%s failed to retrieve raw secret\n", __func__, err);
return err;
}

dmac_inv_range(shm_secret.vaddr, shm_secret.vaddr + secret_size);
memcpy(secret, shm_secret.vaddr, secret_size);

qtee_shmbridge_free_shm(&shm_key);
qtee_shmbridge_free_shm(&shm_secret);

return err;
}

static int crypto_qti_storage_type(unsigned int *s_type)
{
char boot[20] = {'\0'};
Expand Down
10 changes: 10 additions & 0 deletions drivers/soc/qcom/crypto-qti-tz.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

#define TZ_ES_CONFIG_SET_ICE_KEY_CE_TYPE 0x5
#define TZ_ES_INVALIDATE_ICE_KEY_CE_TYPE 0x6
#define TZ_ES_RETRIEVE_RAW_SECRET_CE_TYPE 0x7

#define TZ_ES_CONFIG_SET_ICE_KEY_CE_TYPE_ID \
TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, TZ_SVC_ES, \
Expand All @@ -19,6 +20,10 @@
TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, \
TZ_SVC_ES, TZ_ES_INVALIDATE_ICE_KEY_CE_TYPE)

#define TZ_ES_RETRIEVE_RAW_SECRET_CE_TYPE_ID \
TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, \
TZ_SVC_ES, TZ_ES_RETRIEVE_RAW_SECRET_CE_TYPE)

#define TZ_ES_INVALIDATE_ICE_KEY_CE_TYPE_PARAM_ID \
TZ_SYSCALL_CREATE_PARAM_ID_2( \
TZ_SYSCALL_PARAM_TYPE_VAL, TZ_SYSCALL_PARAM_TYPE_VAL)
Expand All @@ -30,6 +35,11 @@
TZ_SYSCALL_PARAM_TYPE_VAL, TZ_SYSCALL_PARAM_TYPE_VAL, \
TZ_SYSCALL_PARAM_TYPE_VAL)

#define TZ_ES_RETRIEVE_RAW_SECRET_CE_TYPE_PARAM_ID \
TZ_SYSCALL_CREATE_PARAM_ID_4( \
TZ_SYSCALL_PARAM_TYPE_BUF_RW, TZ_SYSCALL_PARAM_TYPE_VAL, \
TZ_SYSCALL_PARAM_TYPE_BUF_RW, TZ_SYSCALL_PARAM_TYPE_VAL)

enum {
ICE_CIPHER_MODE_XTS_128 = 0,
ICE_CIPHER_MODE_CBC_128 = 1,
Expand Down

0 comments on commit d16f8f0

Please sign in to comment.