From: "Teh, Wen Ping" <[email protected]> commit af8e078c2ba1f02440467ce0c2fae0ffed8c7128 from https://github.com/altera-opensource/linux-socfpga.git
Add support for large file size SHA2/HMAC data signing and verify using new 'update' mailbox command. The large file will be splitted into smaller chunk and send using initialize, update and finalize mailbox command. Signed-off-by: Teh, Wen Ping <[email protected]> Signed-off-by: Wenlin Kang <[email protected]> --- drivers/crypto/intel_fcs.c | 169 ++++++++++++++++++++++++++----------- 1 file changed, 118 insertions(+), 51 deletions(-) diff --git a/drivers/crypto/intel_fcs.c b/drivers/crypto/intel_fcs.c index 6a3e7b5abc03..4f6aa59d2c42 100644 --- a/drivers/crypto/intel_fcs.c +++ b/drivers/crypto/intel_fcs.c @@ -1756,6 +1756,9 @@ static long fcs_ioctl(struct file *file, unsigned int cmd, return -EFAULT; } + input_file_pointer = data->com_paras.s_mac_data.src; + remaining_size = data->com_paras.s_mac_data.src_size; + s_buf = stratix10_svc_allocate_memory(priv->chan, AES_CRYPT_CMD_MAX_SZ); if (!s_buf) { @@ -1772,34 +1775,57 @@ static long fcs_ioctl(struct file *file, unsigned int cmd, return -ENOMEM; } - memcpy(s_buf, data->com_paras.s_mac_data.src, - data->com_paras.s_mac_data.src_size); + while (remaining_size > 0) { + if (remaining_size > AES_CRYPT_CMD_MAX_SZ) { + msg->command = COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE; + data_size = AES_CRYPT_CMD_MAX_SZ; + dev_dbg(dev, "Crypto get digest update. data_size=%d\n", + data_size); + } else { + msg->command = COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE; + data_size = remaining_size; + dev_dbg(dev, "Crypto get digest finalize. data_size=%d\n", + data_size); + } - msg->command = COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE; - msg->arg[0] = sid; - msg->arg[1] = cid; - msg->payload = s_buf; - msg->payload_length = data->com_paras.s_mac_data.src_size; - msg->payload_output = d_buf; - msg->payload_length_output = AES_CRYPT_CMD_MAX_SZ; - priv->client.receive_cb = fcs_attestation_callback; + memcpy(s_buf, input_file_pointer, data_size); - ret = fcs_request_service(priv, (void *)msg, - 10 * FCS_REQUEST_TIMEOUT); - if (!ret && !priv->status) { - if (priv->size > AES_CRYPT_CMD_MAX_SZ) { - dev_err(dev, "returned size %d is incorrect\n", - priv->size); - fcs_close_services(priv, s_buf, d_buf); - return -EFAULT; - } + msg->arg[0] = sid; + msg->arg[1] = cid; + msg->payload = s_buf; + msg->payload_length = data_size; + msg->payload_output = d_buf; + msg->payload_length_output = AES_CRYPT_CMD_MAX_SZ; + priv->client.receive_cb = fcs_attestation_callback; - memcpy(data->com_paras.s_mac_data.dst, - priv->kbuf, priv->size); - data->com_paras.s_mac_data.dst_size = priv->size; - } else { - data->com_paras.s_mac_data.dst = NULL; - data->com_paras.s_mac_data.dst_size = 0; + ret = fcs_request_service(priv, (void *)msg, + 10 * FCS_REQUEST_TIMEOUT); + if (!ret && !priv->status) { + if (priv->size > AES_CRYPT_CMD_MAX_SZ) { + dev_err(dev, "returned size %d is incorrect\n", + priv->size); + fcs_close_services(priv, s_buf, d_buf); + return -EFAULT; + } + } else { + data->com_paras.s_mac_data.dst = NULL; + data->com_paras.s_mac_data.dst_size = 0; + dev_err(dev, "unregconize response. ret=%d. status=%d\n", + ret, priv->status); + break; + } + + remaining_size -= data_size; + if (remaining_size == 0) { + dev_dbg(dev, "Crypto get digest finish sending\n"); + memcpy(data->com_paras.s_mac_data.dst, priv->kbuf, priv->size); + data->com_paras.s_mac_data.dst_size = priv->size; + break; + } else { + input_file_pointer += data_size; + dev_dbg(dev, "Complete update. Remaining size = %d\n", + remaining_size); + } } data->status = priv->status; @@ -1845,6 +1871,11 @@ static long fcs_ioctl(struct file *file, unsigned int cmd, return -EFAULT; } + input_file_pointer = data->com_paras.s_mac_data.src; + remaining_size = data->com_paras.s_mac_data.src_size; + sign_size = data->com_paras.s_mac_data.src_size + - data->com_paras.s_mac_data.userdata_sz; + s_buf = stratix10_svc_allocate_memory(priv->chan, AES_CRYPT_CMD_MAX_SZ); if (!s_buf) { @@ -1860,35 +1891,71 @@ static long fcs_ioctl(struct file *file, unsigned int cmd, return -ENOMEM; } - memcpy(s_buf, data->com_paras.s_mac_data.src, - data->com_paras.s_mac_data.src_size); + while (remaining_size > 0) { + if (remaining_size > AES_CRYPT_CMD_MAX_SZ) { + /* Finalize stage require minimun 8bytes data size */ + if ((remaining_size - AES_CRYPT_CMD_MAX_SZ) >= + (CRYPTO_SERVICE_MIN_DATA_SIZE + sign_size)) { + data_size = AES_CRYPT_CMD_MAX_SZ; + ud_sz = AES_CRYPT_CMD_MAX_SZ; + dev_dbg(dev, "Update full. data_size=%d, ud_sz=%ld\n", + data_size, ud_sz); + } else { + data_size = (remaining_size - CRYPTO_SERVICE_MIN_DATA_SIZE - + sign_size); + ud_sz = (remaining_size - CRYPTO_SERVICE_MIN_DATA_SIZE - + sign_size); + dev_dbg(dev, "Update partial. data_size=%d, ud_sz=%ld\n", + data_size, ud_sz); + } + msg->command = COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE; + } else { + data_size = remaining_size; + ud_sz = remaining_size - sign_size; + msg->command = COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE; + dev_dbg(dev, "Finalize. data_size=%d, ud_sz=%ld\n", data_size, + ud_sz); + } + + memcpy(s_buf, input_file_pointer, data_size); - msg->command = COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE; - msg->arg[0] = sid; - msg->arg[1] = cid; - msg->arg[2] = ud_sz; - msg->payload = s_buf; - msg->payload_length = data->com_paras.s_mac_data.src_size; - msg->payload_output = d_buf; - msg->payload_length_output = out_sz; - priv->client.receive_cb = fcs_attestation_callback; + msg->arg[0] = sid; + msg->arg[1] = cid; + msg->arg[2] = ud_sz; + msg->payload = s_buf; + msg->payload_length = data_size; + msg->payload_output = d_buf; + msg->payload_length_output = out_sz; + priv->client.receive_cb = fcs_attestation_callback; - ret = fcs_request_service(priv, (void *)msg, - 10 * FCS_REQUEST_TIMEOUT); - if (!ret && !priv->status) { - if (priv->size > out_sz) { - dev_err(dev, "returned size %d is incorrect\n", - priv->size); - fcs_close_services(priv, s_buf, d_buf); - return -EFAULT; - } + ret = fcs_request_service(priv, (void *)msg, + 10 * FCS_REQUEST_TIMEOUT); + if (!ret && !priv->status) { + if (priv->size > out_sz) { + dev_err(dev, "returned size %d is incorrect\n", + priv->size); + fcs_close_services(priv, s_buf, d_buf); + return -EFAULT; + } + } else { + data->com_paras.s_mac_data.dst = NULL; + data->com_paras.s_mac_data.dst_size = 0; + dev_err(dev, "unregconize response. ret=%d. status=%d\n", + ret, priv->status); + break; + } - memcpy(data->com_paras.s_mac_data.dst, - priv->kbuf, priv->size); - data->com_paras.s_mac_data.dst_size = priv->size; - } else { - data->com_paras.s_mac_data.dst = NULL; - data->com_paras.s_mac_data.dst_size = 0; + remaining_size -= data_size; + if (remaining_size == 0) { + dev_dbg(dev, "Crypto get verify finish sending\n"); + memcpy(data->com_paras.s_mac_data.dst, priv->kbuf, priv->size); + data->com_paras.s_mac_data.dst_size = priv->size; + break; + } else { + input_file_pointer += data_size; + dev_dbg(dev, "Complete one update. Remaining size = %d\n", + remaining_size); + } } data->status = priv->status; -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#12514): https://lists.yoctoproject.org/g/linux-yocto/message/12514 Mute This Topic: https://lists.yoctoproject.org/mt/98898748/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
