tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * Copyright (C) 2020 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
4 * Copyright 2024-2025 NXP
5 */
6
7#ifndef __CAAM_BLOB_GEN
8#define __CAAM_BLOB_GEN
9
10#include <linux/types.h>
11#include <linux/errno.h>
12
13#define CAAM_BLOB_KEYMOD_LENGTH 16
14#define CAAM_BLOB_OVERHEAD (32 + 16)
15#define CAAM_BLOB_MAX_LEN 4096
16#define CAAM_ENC_ALGO_CCM 0x1
17#define CAAM_ENC_ALGO_ECB 0x2
18#define CAAM_NONCE_SIZE 6
19#define CAAM_ICV_SIZE 6
20#define CAAM_CCM_OVERHEAD (CAAM_NONCE_SIZE + CAAM_ICV_SIZE)
21
22struct caam_blob_priv;
23
24/**
25 * struct caam_pkey_info - information for CAAM protected key
26 * @is_pkey: flag to identify, if the key is protected.
27 * @key_enc_algo: identifies the algorithm, ccm or ecb
28 * @plain_key_sz: size of plain key.
29 * @key_buf: contains key data
30 */
31struct caam_pkey_info {
32 u8 is_pkey;
33 u8 key_enc_algo;
34 u16 plain_key_sz;
35 u8 key_buf[];
36} __packed;
37
38/* sizeof struct caam_pkey_info */
39#define CAAM_PKEY_HEADER 4
40
41/**
42 * struct caam_blob_info - information for CAAM blobbing
43 * @pkey_info: pointer to keep protected key information
44 * @input: pointer to input buffer (must be DMAable)
45 * @input_len: length of @input buffer in bytes.
46 * @output: pointer to output buffer (must be DMAable)
47 * @output_len: length of @output buffer in bytes.
48 * @key_mod: key modifier
49 * @key_mod_len: length of @key_mod in bytes.
50 * May not exceed %CAAM_BLOB_KEYMOD_LENGTH
51 */
52struct caam_blob_info {
53 struct caam_pkey_info pkey_info;
54
55 void *input;
56 size_t input_len;
57
58 void *output;
59 size_t output_len;
60
61 const void *key_mod;
62 size_t key_mod_len;
63};
64
65/**
66 * caam_blob_gen_init - initialize blob generation
67 * Return: pointer to new &struct caam_blob_priv instance on success
68 * and ``ERR_PTR(-ENODEV)`` if CAAM has no hardware blobbing support
69 * or no job ring could be allocated.
70 */
71struct caam_blob_priv *caam_blob_gen_init(void);
72
73/**
74 * caam_blob_gen_exit - free blob generation resources
75 * @priv: instance returned by caam_blob_gen_init()
76 */
77void caam_blob_gen_exit(struct caam_blob_priv *priv);
78
79/**
80 * caam_process_blob - encapsulate or decapsulate blob
81 * @priv: instance returned by caam_blob_gen_init()
82 * @info: pointer to blobbing info describing key, blob and
83 * key modifier buffers.
84 * @encap: true for encapsulation, false for decapsulation
85 *
86 * Return: %0 and sets ``info->output_len`` on success and a negative
87 * error code otherwise.
88 */
89int caam_process_blob(struct caam_blob_priv *priv,
90 struct caam_blob_info *info, bool encap);
91
92/**
93 * caam_encap_blob - encapsulate blob
94 * @priv: instance returned by caam_blob_gen_init()
95 * @info: pointer to blobbing info describing input key,
96 * output blob and key modifier buffers.
97 *
98 * Return: %0 and sets ``info->output_len`` on success and
99 * a negative error code otherwise.
100 */
101static inline int caam_encap_blob(struct caam_blob_priv *priv,
102 struct caam_blob_info *info)
103{
104 if (info->output_len < info->input_len + CAAM_BLOB_OVERHEAD)
105 return -EINVAL;
106
107 return caam_process_blob(priv, info, true);
108}
109
110/**
111 * caam_decap_blob - decapsulate blob
112 * @priv: instance returned by caam_blob_gen_init()
113 * @info: pointer to blobbing info describing output key,
114 * input blob and key modifier buffers.
115 *
116 * Return: %0 and sets ``info->output_len`` on success and
117 * a negative error code otherwise.
118 */
119static inline int caam_decap_blob(struct caam_blob_priv *priv,
120 struct caam_blob_info *info)
121{
122 if (info->input_len < CAAM_BLOB_OVERHEAD ||
123 info->output_len < info->input_len - CAAM_BLOB_OVERHEAD)
124 return -EINVAL;
125
126 return caam_process_blob(priv, info, false);
127}
128
129#endif