aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGilad Ben-Yossef <gilad.benyossef@arm.com>2019-09-15 13:29:29 +0300
committerGilad Ben-Yossef <gilad.benyossef@arm.com>2019-12-11 14:18:18 +0200
commitb8622922c8ab7a450a3184b7a5f4929bd95ffaad (patch)
tree3c6c64d8daf2dbf52effd419bac7c52b034f5f02
parent87b582ef5b31c5893a470b61c217931fc7602da3 (diff)
downloadtrusted-firmware-a-b8622922c8ab7a450a3184b7a5f4929bd95ffaad.tar.gz
cryptocell: add cryptocell 712 RSA 3K support
Add the support needed to enable using CryptoCell integration with with RSA 3K support. Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com> Change-Id: I95527cb0c41ae012109e8968dd20a4ae9fe67f17
-rw-r--r--docs/getting_started/build-options.rst15
-rw-r--r--drivers/auth/cryptocell/712/cryptocell_crypto.c2
-rw-r--r--drivers/auth/cryptocell/cryptocell_crypto.mk4
-rw-r--r--include/drivers/arm/cryptocell/712/rsa.h16
-rw-r--r--include/drivers/arm/cryptocell/712/secureboot_gen_defs.h16
5 files changed, 41 insertions, 12 deletions
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index fded1e0c92..583e8caf35 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -350,6 +350,21 @@ Common build options
compliant and is retained only for compatibility. The default value of this
flag is ``rsa`` which is the TBBR compliant PKCS#1 RSA 2.1 scheme.
+- ``KEY_SIZE``: This build flag enables the user to select the key size for
+ the algorithm specified by ``KEY_ALG``. The valid values for ``KEY_SIZE``
+ depend on the chosen algorithm and the cryptographic module.
+
+ +-----------+------------------------------------+
+ | KEY_ALG | Possible key sizes |
+ +===========+====================================+
+ | rsa | 1024 , 2048 (default), 3072, 4096* |
+ +-----------+------------------------------------+
+ | ecdsa | unavailable |
+ +-----------+------------------------------------+
+
+ * Only 2048 bits size is available with CryptoCell 712 SBROM release 1.
+ Only 3072 bits size is available with CryptoCell 712 SBROM release 2.
+
- ``HASH_ALG``: This build flag enables the user to select the secure hash
algorithm. It accepts 3 values: ``sha256``, ``sha384`` and ``sha512``.
The default value of this flag is ``sha256``.
diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c
index 395c550859..25eb6bcb6d 100644
--- a/drivers/auth/cryptocell/712/cryptocell_crypto.c
+++ b/drivers/auth/cryptocell/712/cryptocell_crypto.c
@@ -225,7 +225,7 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
/* Verify the signature */
error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uint32_t *)data_ptr, &pk, &signature,
- data_len, RSA_PSS_2048);
+ data_len, RSA_PSS);
if (error != CC_OK)
return CRYPTO_ERR_SIGNATURE;
diff --git a/drivers/auth/cryptocell/cryptocell_crypto.mk b/drivers/auth/cryptocell/cryptocell_crypto.mk
index d42a2e7e12..2fc4ddb11b 100644
--- a/drivers/auth/cryptocell/cryptocell_crypto.mk
+++ b/drivers/auth/cryptocell/cryptocell_crypto.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -12,6 +12,8 @@ TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
# Needs to be set to drive mbed TLS configuration correctly
$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
+$(eval $(call add_define,KEY_SIZE))
+
# CCSBROM_LIB_PATH must be set to the Cryptocell SBROM library path
ifeq (${CCSBROM_LIB_PATH},)
$(error Error: CCSBROM_LIB_PATH not set)
diff --git a/include/drivers/arm/cryptocell/712/rsa.h b/include/drivers/arm/cryptocell/712/rsa.h
index cd9925b325..825214d20f 100644
--- a/include/drivers/arm/cryptocell/712/rsa.h
+++ b/include/drivers/arm/cryptocell/712/rsa.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,19 +21,21 @@ extern "C"
/************************ Defines ******************************/
-/* the modulus size ion bits */
+/* the modulus size in bits */
+#if (KEY_SIZE == 2048)
#define RSA_MOD_SIZE_IN_BITS 2048UL
+#elif (KEY_SIZE == 3072)
+#define RSA_MOD_SIZE_IN_BITS 3072UL
+#else
+#error Unsupported CryptoCell key size requested
+#endif
+
#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
#define RSA_EXP_SIZE_IN_BITS 17UL
#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
-/* size of buffer for Barrett modulus tag NP, used in PKA algorithms */
-#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS 132
-#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS))
-#define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS))
-
/*
* @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
*
diff --git a/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h b/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
index 68b9ef8aec..ed1f2835c8 100644
--- a/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
+++ b/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -24,7 +24,14 @@ extern "C"
/***********************/
/*RSA definitions*/
+#if (KEY_SIZE == 2048)
#define SB_RSA_MOD_SIZE_IN_WORDS 64
+#elif (KEY_SIZE == 3072)
+#define SB_RSA_MOD_SIZE_IN_WORDS 96
+#else
+#error Unsupported CryptoCell key size requested
+#endif
+
#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
@@ -43,9 +50,12 @@ typedef struct {
/********* Supported algorithms definitions ***********/
/*! RSA supported algorithms */
+/* Note: this applies to either 2k or 3k based on CryptoCell SBROM library
+ * version - it means 2k in version 1 and 3k in version 2 (yes, really).
+ */
typedef enum {
- RSA_PSS_2048 = 0x01, /*!< RSA PSS 2048 after hash SHA 256 */
- RSA_PKCS15_2048 = 0x02, /*!< RSA PKX15 */
+ RSA_PSS = 0x01, /*!< RSA PSS after hash SHA 256 */
+ RSA_PKCS15 = 0x02, /*!< RSA PKX15 */
RSA_Last = 0x7FFFFFFF
} CCSbRsaAlg_t;