blob: 23232ed9b57cdf093199820c869370235b4b231f [file] [log] [blame]
/*
* Copyright (c) 2023 Basalte bv
*
* SPDX-License-Identifier: Apache-2.0
*/
#define DT_DRV_COMPAT nxp_mcux_dcp
#include <zephyr/logging/log.h>
LOG_MODULE_REGISTER(mcux_dcp, CONFIG_CRYPTO_LOG_LEVEL);
#include <errno.h>
#include <string.h>
#include <zephyr/kernel.h>
#include <zephyr/cache.h>
#include <zephyr/crypto/crypto.h>
#include <zephyr/sys/util.h>
#include <fsl_dcp.h>
#define CRYPTO_DCP_CIPHER_CAPS (CAP_RAW_KEY | CAP_SEPARATE_IO_BUFS |\
CAP_SYNC_OPS | CAP_NO_IV_PREFIX)
#define CRYPTO_DCP_HASH_CAPS (CAP_SEPARATE_IO_BUFS | CAP_SYNC_OPS)
struct crypto_dcp_session {
dcp_handle_t handle;
dcp_hash_ctx_t hash_ctx;
bool in_use;
};
struct crypto_dcp_config {
DCP_Type *base;
};
struct crypto_dcp_data {
struct crypto_dcp_session sessions[CONFIG_CRYPTO_MCUX_DCP_MAX_SESSION];
};
/* Helper function to convert common FSL error status codes to errno codes */
static inline int fsl_to_errno(status_t status)
{
switch (status) {
case kStatus_Success:
return 0;
case kStatus_InvalidArgument:
return -EINVAL;
case kStatus_Timeout:
return -EAGAIN;
}
return -1;
}
static struct crypto_dcp_session *get_session(const struct device *dev)
{
struct crypto_dcp_data *data = dev->data;
for (size_t i = 0; i < CONFIG_CRYPTO_MCUX_DCP_MAX_SESSION; ++i) {
if (!data->sessions[i].in_use) {
data->sessions[i].in_use = true;
return &data->sessions[i];
}
}
return NULL;
}
static inline void free_session(struct crypto_dcp_session *session)
{
session->in_use = false;
}
static int crypto_dcp_query_hw_caps(const struct device *dev)
{
ARG_UNUSED(dev);
return CRYPTO_DCP_CIPHER_CAPS | CRYPTO_DCP_HASH_CAPS;
}
static int crypto_dcp_aes_cbc_encrypt(struct cipher_ctx *ctx, struct cipher_pkt *pkt, uint8_t *iv)
{
const struct crypto_dcp_config *cfg = ctx->device->config;
struct crypto_dcp_session *session = ctx->drv_sessn_state;
status_t status;
size_t iv_bytes;
uint8_t *p_iv, iv_loc[16];
if ((ctx->flags & CAP_NO_IV_PREFIX) == 0U) {
/* Prefix IV to ciphertext, which is default behavior of Zephyr
* crypto API, unless CAP_NO_IV_PREFIX is requested.
*/
iv_bytes = 16U;
memcpy(pkt->out_buf, iv, 16U);
p_iv = iv;
} else {
iv_bytes = 0U;
memcpy(iv_loc, iv, 16U);
p_iv = iv_loc;
}
sys_cache_data_disable();
status = DCP_AES_EncryptCbc(cfg->base, &session->handle, pkt->in_buf,
pkt->out_buf + iv_bytes, pkt->in_len, p_iv);
sys_cache_data_enable();
if (status != kStatus_Success) {
return fsl_to_errno(status);
}
pkt->out_len = pkt->in_len + iv_bytes;
return 0;
}
static int crypto_dcp_aes_cbc_decrypt(struct cipher_ctx *ctx, struct cipher_pkt *pkt, uint8_t *iv)
{
const struct crypto_dcp_config *cfg = ctx->device->config;
struct crypto_dcp_session *session = ctx->drv_sessn_state;
status_t status;
size_t iv_bytes;
uint8_t *p_iv, iv_loc[16];
if ((ctx->flags & CAP_NO_IV_PREFIX) == 0U) {
iv_bytes = 16U;
p_iv = iv;
} else {
iv_bytes = 0U;
memcpy(iv_loc, iv, 16U);
p_iv = iv_loc;
}
sys_cache_data_disable();
status = DCP_AES_DecryptCbc(cfg->base, &session->handle, pkt->in_buf + iv_bytes,
pkt->out_buf, pkt->in_len, p_iv);
sys_cache_data_enable();
if (status != kStatus_Success) {
return fsl_to_errno(status);
}
pkt->out_len = pkt->in_len - iv_bytes;
return 0;
}
static int crypto_dcp_aes_ecb_encrypt(struct cipher_ctx *ctx, struct cipher_pkt *pkt)
{
const struct crypto_dcp_config *cfg = ctx->device->config;
struct crypto_dcp_session *session = ctx->drv_sessn_state;
status_t status;
sys_cache_data_disable();
status = DCP_AES_EncryptEcb(cfg->base, &session->handle, pkt->in_buf, pkt->out_buf,
pkt->in_len);
sys_cache_data_enable();
if (status != kStatus_Success) {
return fsl_to_errno(status);
}
pkt->out_len = pkt->in_len;
return 0;
}
static int crypto_dcp_aes_ecb_decrypt(struct cipher_ctx *ctx, struct cipher_pkt *pkt)
{
const struct crypto_dcp_config *cfg = ctx->device->config;
struct crypto_dcp_session *session = ctx->drv_sessn_state;
status_t status;
sys_cache_data_disable();
status = DCP_AES_DecryptEcb(cfg->base, &session->handle, pkt->in_buf, pkt->out_buf,
pkt->in_len);
sys_cache_data_enable();
if (status != kStatus_Success) {
return fsl_to_errno(status);
}
pkt->out_len = pkt->in_len;
return 0;
}
static int crypto_dcp_cipher_begin_session(const struct device *dev, struct cipher_ctx *ctx,
enum cipher_algo algo, enum cipher_mode mode,
enum cipher_op op_type)
{
const struct crypto_dcp_config *cfg = dev->config;
struct crypto_dcp_session *session;
status_t status;
if (algo != CRYPTO_CIPHER_ALGO_AES ||
(mode != CRYPTO_CIPHER_MODE_CBC && mode != CRYPTO_CIPHER_MODE_ECB)) {
return -ENOTSUP;
}
if (ctx->flags & ~(CRYPTO_DCP_CIPHER_CAPS)) {
return -ENOTSUP;
}
session = get_session(dev);
if (session == NULL) {
return -ENOSPC;
}
if (mode == CRYPTO_CIPHER_MODE_CBC) {
if (op_type == CRYPTO_CIPHER_OP_DECRYPT) {
ctx->ops.cbc_crypt_hndlr = crypto_dcp_aes_cbc_decrypt;
} else {
ctx->ops.cbc_crypt_hndlr = crypto_dcp_aes_cbc_encrypt;
}
} else {
if (op_type == CRYPTO_CIPHER_OP_DECRYPT) {
ctx->ops.block_crypt_hndlr = crypto_dcp_aes_ecb_decrypt;
} else {
ctx->ops.block_crypt_hndlr = crypto_dcp_aes_ecb_encrypt;
}
}
ctx->drv_sessn_state = session;
status = DCP_AES_SetKey(cfg->base, &session->handle, ctx->key.bit_stream, ctx->keylen);
if (status != kStatus_Success) {
free_session(session);
return fsl_to_errno(status);
}
return 0;
}
static int crypto_dcp_cipher_free_session(const struct device *dev, struct cipher_ctx *ctx)
{
struct crypto_dcp_session *session;
ARG_UNUSED(dev);
session = ctx->drv_sessn_state;
free_session(session);
return 0;
}
static int crypto_dcp_sha256(struct hash_ctx *ctx, struct hash_pkt *pkt, bool finish)
{
const struct crypto_dcp_config *cfg = ctx->device->config;
struct crypto_dcp_session *session = ctx->drv_sessn_state;
status_t status;
sys_cache_data_disable();
status = DCP_HASH_Update(cfg->base, &session->hash_ctx, pkt->in_buf, pkt->in_len);
sys_cache_data_enable();
if (status != kStatus_Success) {
return fsl_to_errno(status);
}
if (finish) {
sys_cache_data_disable();
status = DCP_HASH_Finish(cfg->base, &session->hash_ctx, pkt->out_buf, NULL);
sys_cache_data_enable();
}
return fsl_to_errno(status);
}
static int crypto_dcp_hash_begin_session(const struct device *dev, struct hash_ctx *ctx,
enum hash_algo algo)
{
const struct crypto_dcp_config *cfg = dev->config;
struct crypto_dcp_session *session;
status_t status;
if (algo != CRYPTO_HASH_ALGO_SHA256) {
return -ENOTSUP;
}
if (ctx->flags & ~(CRYPTO_DCP_HASH_CAPS)) {
return -ENOTSUP;
}
session = get_session(dev);
if (session == NULL) {
return -ENOSPC;
}
status = DCP_HASH_Init(cfg->base, &session->handle, &session->hash_ctx, kDCP_Sha256);
if (status != kStatus_Success) {
free_session(session);
return fsl_to_errno(status);
}
ctx->drv_sessn_state = session;
ctx->hash_hndlr = crypto_dcp_sha256;
return 0;
}
static int crypto_dcp_hash_free_session(const struct device *dev, struct hash_ctx *ctx)
{
struct crypto_dcp_session *session;
ARG_UNUSED(dev);
session = ctx->drv_sessn_state;
free_session(session);
return 0;
}
static int crypto_dcp_init(const struct device *dev)
{
const struct crypto_dcp_config *cfg = dev->config;
struct crypto_dcp_data *data = dev->data;
dcp_config_t hal_cfg;
DCP_GetDefaultConfig(&hal_cfg);
DCP_Init(cfg->base, &hal_cfg);
/* Assign unique channels/key slots to each session */
for (size_t i = 0; i < CONFIG_CRYPTO_MCUX_DCP_MAX_SESSION; ++i) {
data->sessions[i].in_use = false;
data->sessions[i].handle.channel = kDCP_Channel0 << i;
data->sessions[i].handle.keySlot = kDCP_KeySlot0 + i;
data->sessions[i].handle.swapConfig = kDCP_NoSwap;
}
return 0;
}
static const struct crypto_driver_api crypto_dcp_api = {
.query_hw_caps = crypto_dcp_query_hw_caps,
.cipher_begin_session = crypto_dcp_cipher_begin_session,
.cipher_free_session = crypto_dcp_cipher_free_session,
.hash_begin_session = crypto_dcp_hash_begin_session,
.hash_free_session = crypto_dcp_hash_free_session,
};
#define CRYPTO_DCP_DEFINE(inst) \
static const struct crypto_dcp_config crypto_dcp_config_##inst = { \
.base = (DCP_Type *)DT_INST_REG_ADDR(inst), \
}; \
static struct crypto_dcp_data crypto_dcp_data_##inst; \
DEVICE_DT_INST_DEFINE(inst, crypto_dcp_init, NULL, \
&crypto_dcp_data_##inst, &crypto_dcp_config_##inst, \
POST_KERNEL, CONFIG_CRYPTO_INIT_PRIORITY, &crypto_dcp_api);
DT_INST_FOREACH_STATUS_OKAY(CRYPTO_DCP_DEFINE)