Add support of PKA peripheral on stm32mp13 #7151
Conversation
use st,stm32mp13-pka instead of st,stm32mp13-pka64 to be aligned with all other st compatibles. Signed-off-by: Thomas Bourgoin <[email protected]>
Adds missing RNG clock resource in PKA nodes in stm32mp13 SoC DTSI files. Signed-off-by: Etienne Carriere <[email protected]> Signed-off-by: Thomas Bourgoin <[email protected]>
Add PKA IP drivers, and add hooks in OP-TEE crypto framework to use PKA IP to do ECC process. Truncate hash during ECDSA signature according to the NIST recommendation: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf Signed-off-by: Thomas Bourgoin <[email protected]> Co-developed-by: Patrick Delaunay <[email protected]> Signed-off-by: Patrick Delaunay <[email protected]> Signed-off-by: Nicolas Toromanoff <[email protected]>
Fix regression of xtest 4006 testing TEE_ALG_SM2_PKE. PKA only support ECDSA key generation ECDH key exchange. Signed-off-by: Thomas Bourgoin <[email protected]>
Default enable PKA compilation. Enable the STM32_CRYPTO_DRIVERS if PKA is compiled. Signed-off-by: Thomas Bourgoin <[email protected]>
Sets PKA peripheral status to okay. Signed-off-by: Thomas Bourgoin <[email protected]>
tbourgoi
changed the title
ecc.c : swap the 2 include lines change DMSG to FMSG Use common out label stm32_pka.c : reorder _PKA_CRxx defines use upper cases for pka_op enum values update documentation for struct curve_parameters update documentation of read_eo_data() use IO_READ32_POLL_TIMEOUT, SHIFT_U32 and SHIF_U64 macros use EMSG for error messages. Add const for pka_ram offset definition Use bit_mask as parameter for pka_wait_bit() function fix documentation of read_eo_data() Use U() or ULL() insteald of U and ULL Use type enum pka_op instead of int for parameter of op in stm32_pka_configure_curve() stm32_pka.h : Fix date issue Signed-off-by: Thomas Bourgoin <[email protected]>
Use TEE_TYPE_xxx_PUBLIC_KEY instead of TEE_TYPE_xxx_KEYPAIR in stm32_alloc_publickey() Signed-off-by: Thomas Bourgoin <[email protected]>
Use fdt_reg_info() to read base address and size instead of fdt_fill_device_info(). Signed-off-by: Thomas Bourgoin <[email protected]>
ecc.c :
use PKA_LAST_CID instead of -1;
use free_wipe() where it is relevant
stm32_pka.c :
change len to length
fix coding style for curve parameters
fix inline documentation
use for loop instead of do{}while() in function is_smaller()
Signed-off-by: Thomas Bourgoin <[email protected]>
| @@ -107,15 +108,15 @@ static TEE_Result stm32_gen_keypair(struct ecc_keypair *key, size_t size_bits) | |||
| pk.x.val = calloc(1, bytes); | |||
| pk.x.size = bytes; | |||
| if (!pk.x.val) { | |||
| free(d.val); | |||
| free_wipe(d.val); | |||
There was a problem hiding this comment.
At this stage, d does not hold a secret. free() is enough IMHO.
There was a problem hiding this comment.
d.val has been filled (with the random value)
If free_wipe does not apply here it is useless for d.val in all below cases IMO
There was a problem hiding this comment.
You're right, upon other error cases in this function, d does not hold any secret. You can restore the free() operation at line 119, but IMO you should preserve the free_wipe() operation at function exit at line 140.
| free(pk.x.val); | ||
| free(d.val); | ||
| free_wipe(pk.y.val); | ||
| free_wipe(pk.x.val); |
There was a problem hiding this comment.
pk is a public key. I don't think it deserves a wipe operation.
| .size = U(24), | ||
| }, | ||
| .a_sign = U(1), | ||
| .a = { .val = (uint8_t[]){0x03}, | ||
| .a = { | ||
| .val = (uint8_t[]){0x03}, |
There was a problem hiding this comment.
nitpicking: { 0x03 } (with space chars inside the braces)
Ditto at lines 353, 425, 509 and 614.
| @@ -863,24 +949,20 @@ static bool is_smaller(const struct stm32_pka_bn *a, | |||
| { | |||
| unsigned int i = MAX(a->size, b->size) + 1; | |||
|
|
|||
| do { | |||
| for (; i != U(1); i--) { | |||
There was a problem hiding this comment.
Prefer with i initial value defined within the for () instruction.
Note that i shall start at MAX() without the increment previously used and stop once reaching 0:
for (i = MAX(a->size, b->size); i; i--)
| while ((i < sizeof(tmp)) && (data_index >= 0)) { | ||
| tmp |= SHIFT_U64(data[data_index], (INT8_LEN * i)); | ||
| i++; /* Move byte index in current (u64)tmp */ | ||
| data_index--; /* Move to next most significant byte */ |
There was a problem hiding this comment.
/* Move byte index in current (u64)tmp */
i++;
/* Move to next most significant byte */
data_index--;| if (PM_HINT_IS_STATE(pm_hint, CONTEXT)) { | ||
| if (stm32_pka_reset()) | ||
| panic(); | ||
| } |
There was a problem hiding this comment.
Nitpicnking:
if (PM_HINT_IS_STATE(pm_hint, CONTEXT) && stm32_pka_reset())
panic();| struct stm32_pka_bn sig_s = { }; | ||
| struct stm32_pka_point pk = { }; | ||
| enum stm32_pka_curve_id cid_from_algo = PKA_LAST_CID; | ||
| enum stm32_pka_curve_id cid = -1; |
| * @n: Curve prime order n | ||
| * @n_len: Curve prime order bit size | ||
| */ | ||
|
|
| struct mutex *lock; | ||
| }; | ||
|
|
||
| static struct stm32_pka_platdata pka_pdata = {}; |
There was a problem hiding this comment.
No need to use an explicit all-zero initializer.
| if (!n_len || !n || !r2modn) | ||
| return TEE_ERROR_BAD_PARAMETERS; | ||
|
|
||
| mutex_lock(pka_pdata.lock); |
There was a problem hiding this comment.
Would'nt you prefer to use mutex_lock(&pka_lock) straight here and everywhere the mutex is locked/unlocked?
Add support of PKA peripheral for stm32mp13.
This PR :
- fix the device tree node
- add the driver stm32-pka.c
- compile the driver by default
- enable pka on stm32mp135-dk