wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4090 from JacobBarthelmeh/CAAM

Browse Source 
CAAM: add dynamic setup of entropy delay on init
This commit is contained in:
Sean Parkinson
2021-06-17 17:06:01 +10:00
committed by GitHub
parent 54cef64250 d09b7153f2
commit ad4baec0f5
4 changed files with 119 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
wolfcrypt/src/port/caam/caam_driver.c
View File

@ -436,9 +436,11 @@ static void print_jdkek()
/* instantiate RNG and create JDKEK, TDKEK, and TDSK key */ /* instantiate RNG and create JDKEK, TDKEK, and TDSK key */
static unsigned int wc_rng_start[] = { #define WC_RNG_START_SIZE 6
static unsigned int wc_rng_start[WC_RNG_START_SIZE] = {
CAAM_HEAD | 0x00000006, CAAM_HEAD | 0x00000006,
CAAM_OP | CAAM_CLASS1 | CAAM_RNG | 0x00000004, /* Instantiate RNG handle 0 with TRNG */ CAAM_OP | CAAM_CLASS1 | CAAM_RNG | 0x00000004, /* Instantiate RNG handle 0
with TRNG */
CAAM_JUMP | 0x02000001, /* wait for Class1 RNG and jump to next cmd */ CAAM_JUMP | 0x02000001, /* wait for Class1 RNG and jump to next cmd */
CAAM_LOAD | 0x00880004, /* Load to clear written register */ CAAM_LOAD | 0x00880004, /* Load to clear written register */
0x00000001, /* reset done interrupt */ 0x00000001, /* reset done interrupt */
@ -446,86 +448,83 @@ static unsigned int wc_rng_start[] = {
}; };
/* Initialize CAAM RNG /* Initialize CAAM RNG
* returns 0 on success */ * returns 0 on success */
int caamInitRng(struct CAAM_DEVICE* dev); int caamInitRng(struct CAAM_DEVICE* dev);
int caamInitRng(struct CAAM_DEVICE* dev) int caamInitRng(struct CAAM_DEVICE* dev)
{ {
DESCSTRUCT desc; DESCSTRUCT desc;
unsigned int reg, status; unsigned int reg, entropy_delay;
int ret = 0; int ret = 0, i;
/* set up the job description for RNG initialization */
memset(&desc, 0, sizeof(DESCSTRUCT)); memset(&desc, 0, sizeof(DESCSTRUCT));
desc.desc[desc.idx++] = CAAM_HEAD; /* later will put size to header*/
/* Set up use of the TRNG for seeding wolfSSL HASH-DRBG */ for (i = 1; i < WC_RNG_START_SIZE; i++) {
/* check out the status and see if already setup */ desc.desc[desc.idx++] = wc_rng_start[i];
CAAM_WRITE(CAAM_RTMCTL, CAAM_PRGM);
CAAM_WRITE(CAAM_RTMCTL, CAAM_READ(CAAM_RTMCTL) | 0x40); /* reset */
/* Set up reading from TRNG */
CAAM_WRITE(CAAM_RTMCTL, CAAM_READ(CAAM_RTMCTL) | CAAM_TRNG);
/* Set up delay for TRNG @TODO Optimizations?
* Shift left with RTSDCTL because 0-15 is for sample number
* Also setting the max and min frequencies */
CAAM_WRITE(CAAM_RTSDCTL, (CAAM_ENT_DLY << 16) | 0x09C4);
CAAM_WRITE(CAAM_RTFRQMIN, CAAM_ENT_DLY >> 1); /* 1/2 */
CAAM_WRITE(CAAM_RTFRQMAX, CAAM_ENT_DLY << 3); /* up to 8x */
/* Set back to run mode and clear RTMCL error bit */
reg = CAAM_READ(CAAM_RTMCTL) ^ CAAM_PRGM;
CAAM_WRITE(CAAM_RTMCTL, reg);
reg = CAAM_READ(CAAM_RTMCTL);
reg |= CAAM_CTLERR;
CAAM_WRITE(CAAM_RTMCTL, reg);
/* check out the status and see if already setup */
reg = CAAM_READ(CAAM_RDSTA);
if (((reg >> 16) & 0xF) > 0) {
WOLFSSL_MSG("RNG is in error state");
caamReset();
} }
desc.caam = dev;
if (reg & (1U << 30)) { /* Attempt to start the RNG, first trying the fastest entropy delay value
WOLFSSL_MSG("JKDKEK rng was setup using a non determinstic key"); * and increasing it after each failed attempt until either a success is hit
return 0; * or the max delay value is.
} */
for (entropy_delay = CAAM_ENT_DLY; entropy_delay <= CAAM_ENT_DLY_MAX;
entropy_delay = entropy_delay + CAAM_ENT_DLY_INCREMENT) {
if (CAAM_READ(0x1014) > 0) { /* Set up use of the TRNG for seeding wolfSSL HASH-DRBG */
int i; /* check out the status and see if already setup */
#ifdef CAAM_DEBUG_MODE CAAM_WRITE(CAAM_RTMCTL, CAAM_PRGM);
for (i = 0; i < 6; i = i + 1) { CAAM_WRITE(CAAM_RTMCTL, CAAM_READ(CAAM_RTMCTL) | CAAM_RTMCTL_RESET);
desc.desc[desc.idx++] = wc_rng_start[i];
/* Set up reading from TRNG */
CAAM_WRITE(CAAM_RTMCTL, CAAM_READ(CAAM_RTMCTL) | CAAM_TRNG);
/* Set up delay for TRNG
* Shift left with RTSDCTL because 0-15 is for sample number
* Also setting the max and min frequencies */
CAAM_WRITE(CAAM_RTSDCTL, (entropy_delay << 16) | CAAM_ENT_SAMPLE);
CAAM_WRITE(CAAM_RTFRQMIN, entropy_delay >> CAAM_ENT_MINSHIFT);
CAAM_WRITE(CAAM_RTFRQMAX, entropy_delay << CAAM_ENT_MAXSHIFT);
#ifdef WOLFSSL_CAAM_PRINT
printf("Attempt with entropy delay set to %d\n", entropy_delay);
printf("Min delay of %d and max of %d\n",
entropy_delay >> CAAM_ENT_MINSHIFT,
entropy_delay << CAAM_ENT_MAXSHIFT);
#endif
/* Set back to run mode and clear RTMCL error bit */
reg = CAAM_READ(CAAM_RTMCTL) & (~CAAM_PRGM);
CAAM_WRITE(CAAM_RTMCTL, reg);
reg = CAAM_READ(CAAM_RTMCTL);
reg |= CAAM_CTLERR;
CAAM_WRITE(CAAM_RTMCTL, reg);
/* check out the status and see if already setup */
reg = CAAM_READ(CAAM_RDSTA);
if (((reg >> 16) & 0xF) > 0) {
WOLFSSL_MSG("RNG is in error state, resetting");
caamReset();
} }
desc.caam = dev; if (reg & (1U << 30)) {
ret = caamDoJob(&desc); WOLFSSL_MSG("JKDKEK rng was setup using a non determinstic key");
#else return 0;
unsigned int *pt = (unsigned int*)caam.ring.VirtualDesc; }
for (i = 0; i < 6; i = i + 1) {
pt[i] = wc_rng_start[i];
}
pt = (unsigned int*)caam.ring.VirtualIn;
pt[0] = (unsigned int)caam.ring.Desc;
/* start process */ do {
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT) ret = caamDoJob(&desc);
printf("incrementing job count\n"); } while (ret == CAAM_WAITING);
fflush(stdout);
#endif
CAAM_WRITE(CAAM_IRJAR0, 0x00000001);
#endif
}
else {
return CAAM_WAITING;
}
do { /* if this entropy delay frequency succeeded then break out, otherwise
ret = caamGetJob(dev, &status); * try again with increasing the delay value */
CAAM_CPU_CHILL(); if (ret == Success) {
} while (ret == CAAM_WAITING); WOLFSSL_MSG("Init RNG success");
break;
}
WOLFSSL_MSG("Increasing entropy delay");
}
if (ret == Success) if (ret == Success)
return 0; return 0;
@ -1442,6 +1441,8 @@ int InitCAAM(void)
break; break;
} }
if (ret != Success) { if (ret != Success) {
WOLFSSL_MSG("Failed to find a partition on startup");
INTERRUPT_Panic();
return -1; return -1;
} }
@ -1457,16 +1458,31 @@ int InitCAAM(void)
CAAM_JOBRING_SIZE * sizeof(unsigned int), CAAM_JOBRING_SIZE * sizeof(unsigned int),
PROT_READ | PROT_WRITE | PROT_NOCACHE, PROT_READ | PROT_WRITE | PROT_NOCACHE,
MAP_SHARED | MAP_PHYS, caam.ring.JobIn); MAP_SHARED | MAP_PHYS, caam.ring.JobIn);
if (caam.ring.VirtualIn == MAP_FAILED) {
WOLFSSL_MSG("Error mapping virtual in");
INTERRUPT_Panic();
return -1;
}
memset(caam.ring.VirtualIn, 0, CAAM_JOBRING_SIZE * sizeof(unsigned int)); memset(caam.ring.VirtualIn, 0, CAAM_JOBRING_SIZE * sizeof(unsigned int));
caam.ring.VirtualOut = mmap_device_memory(NULL, caam.ring.VirtualOut = mmap_device_memory(NULL,
2 * CAAM_JOBRING_SIZE * sizeof(unsigned int), 2 * CAAM_JOBRING_SIZE * sizeof(unsigned int),
PROT_READ | PROT_WRITE | PROT_NOCACHE, PROT_READ | PROT_WRITE | PROT_NOCACHE,
MAP_SHARED | MAP_PHYS, caam.ring.JobOut); MAP_SHARED | MAP_PHYS, caam.ring.JobOut);
if (caam.ring.VirtualOut == MAP_FAILED) {
WOLFSSL_MSG("Error mapping virtual out");
INTERRUPT_Panic();
return -1;
}
memset(caam.ring.VirtualOut, 0, 2 * CAAM_JOBRING_SIZE * sizeof(unsigned int)); memset(caam.ring.VirtualOut, 0, 2 * CAAM_JOBRING_SIZE * sizeof(unsigned int));
caam.ring.VirtualDesc = mmap_device_memory(NULL, caam.ring.VirtualDesc = mmap_device_memory(NULL,
CAAM_DESC_MAX * CAAM_JOBRING_SIZE, CAAM_DESC_MAX * CAAM_JOBRING_SIZE,
PROT_READ | PROT_WRITE | PROT_NOCACHE, PROT_READ | PROT_WRITE | PROT_NOCACHE,
MAP_SHARED | MAP_PHYS, caam.ring.Desc); MAP_SHARED | MAP_PHYS, caam.ring.Desc);
if (caam.ring.VirtualDesc == MAP_FAILED) {
WOLFSSL_MSG("Error mapping virtual desc");
INTERRUPT_Panic();
return -1;
}
memset(caam.ring.VirtualDesc, 0, CAAM_DESC_MAX * CAAM_JOBRING_SIZE); memset(caam.ring.VirtualDesc, 0, CAAM_DESC_MAX * CAAM_JOBRING_SIZE);
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT) #if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
@ -1497,6 +1513,9 @@ int InitCAAM(void)
printf("RTMCTL = 0x%08X\n", CAAM_READ(0x0600)); printf("RTMCTL = 0x%08X\n", CAAM_READ(0x0600));
#endif #endif
WOLFSSL_MSG("Successfully initilazed CAAM driver"); WOLFSSL_MSG("Successfully initilazed CAAM driver");
#if defined(WOLFSSL_CAAM_DEBUG) || defined(WOLFSSL_CAAM_PRINT)
fflush(stdout);
#endif
return 0; return 0;
} }

10
wolfcrypt/src/port/caam/caam_qnx.c
View File

@ -1190,7 +1190,7 @@ static int getSupported(char* in)
#endif #endif
char cannedResponse[] = { char cannedResponse[] = {
"wolfCrypt QNX CAAM driver\n" "wolfCrypt QNX CAAM driver version 4.7.1 (9)\n"
"Supports:\n" "Supports:\n"
"\tAES-CMAC\n" "\tAES-CMAC\n"
"\tECC (sign, verify, ecdh, keygen)\n" "\tECC (sign, verify, ecdh, keygen)\n"
@ -1255,8 +1255,8 @@ int main(int argc, char *argv[])
if (dpp == NULL) { if (dpp == NULL) {
exit (1); exit (1);
} }
memset (&rattr, 0, sizeof (rattr)); memset(&rattr, 0, sizeof(rattr));
iofunc_func_init (_RESMGR_CONNECT_NFUNCS, &connect_funcs, iofunc_func_init(_RESMGR_CONNECT_NFUNCS, &connect_funcs,
_RESMGR_IO_NFUNCS, &io_funcs); _RESMGR_IO_NFUNCS, &io_funcs);
connect_funcs.open = io_open; connect_funcs.open = io_open;
@ -1266,7 +1266,7 @@ int main(int argc, char *argv[])
io_funcs.devctl = io_devctl; io_funcs.devctl = io_devctl;
iofunc_attr_init (&ioattr, S_IFCHR | 0666, NULL, NULL); iofunc_attr_init (&ioattr, S_IFCHR | 0666, NULL, NULL);
name = resmgr_attach (dpp, &rattr, "/dev/wolfCrypt", name = resmgr_attach(dpp, &rattr, "/dev/wolfCrypt",
_FTYPE_ANY, 0, &connect_funcs, &io_funcs, &ioattr); _FTYPE_ANY, 0, &connect_funcs, &io_funcs, &ioattr);
if (name == -1) { if (name == -1) {
exit (1); exit (1);
@ -1279,7 +1279,7 @@ int main(int argc, char *argv[])
CleanupCAAM(); CleanupCAAM();
exit (1); exit (1);
} }
dispatch_handler (ctp); dispatch_handler(ctp);
} }
pthread_mutex_destroy(&sm_mutex); pthread_mutex_destroy(&sm_mutex);

24
wolfssl/wolfcrypt/port/caam/caam_driver.h
View File

@ -182,10 +182,32 @@
/* RNG Masks/Values */ /* RNG Masks/Values */
#ifndef CAAM_ENT_DLY #ifndef CAAM_ENT_DLY
#define CAAM_ENT_DLY 1200 /* @TODO lower value may gain performance */ /* Less than half the default value to try and increase entropy collection.
* Value is system clock cycles. */
#define CAAM_ENT_DLY 1200
#endif #endif
#ifndef CAAM_ENT_DLY_INCREMENT
#define CAAM_ENT_DLY_INCREMENT 500
#endif
#ifndef CAAM_ENT_SAMPLE
/* default sample value from reference manual */
#define CAAM_ENT_SAMPLE 0x09C4
#endif
#ifndef CAAM_ENT_DLY_MAX
#define CAAM_ENT_DLY_MAX 12000
#endif
#ifndef CAAM_ENT_MINSHIFT
/* default to the minimum entropy delay of 1/4 */
#define CAAM_ENT_MINSHIFT 2
#endif
#ifndef CAAM_ENT_MAXSHIFT
/* default to the maximum entropy delay of 16 times */
#define CAAM_ENT_MAXSHIFT 4
#endif
#define CAAM_PRGM 0x00010000 /* Set RTMCTL to program state */ #define CAAM_PRGM 0x00010000 /* Set RTMCTL to program state */
#define CAAM_TRNG 0x00000020 /* Set TRNG access */ #define CAAM_TRNG 0x00000020 /* Set TRNG access */
#define CAAM_RTMCTL_RESET 0x40 /* TRNG reset to defaults */
#define CAAM_CTLERR 0x00001000 #define CAAM_CTLERR 0x00001000
#define CAAM_ENTVAL 0x00000400 /* checking RTMCTL for entropy ready */ #define CAAM_ENTVAL 0x00000400 /* checking RTMCTL for entropy ready */

5
wolfssl/wolfcrypt/port/caam/caam_qnx.h
View File

@ -25,7 +25,12 @@
#ifndef CAAM_QNX_H #ifndef CAAM_QNX_H
#define CAAM_QNX_H #define CAAM_QNX_H
#ifdef WOLFSSL_CAAM_PRINT
#include <stdio.h>
#define WOLFSSL_MSG(in) printf("%s\n", (in))
#else
#define WOLFSSL_MSG(in) #define WOLFSSL_MSG(in)
#endif
#include <sys/mman.h> #include <sys/mman.h>
#include <hw/inout.h> #include <hw/inout.h>