drv: sa: Add USE_DKEK flag support REL.CORESDK.07.00.04.07 REL.CORESDK.07.00.04.08 REL.CORESDK.07.00.04.09 REL.CORESDK.07.00.04.10 REL.CORESDK.07.00.04.11 REL.CORESDK.07.00.04.11.01
authorStephen Molfetta <sjmolfetta@ti.com>
Tue, 14 Jul 2020 15:42:28 +0000 (10:42 -0500)
committerStephen Molfetta <sjmolfetta@ti.com>
Wed, 23 Sep 2020 03:48:48 +0000 (22:48 -0500)
Update key configuration bit field to enable the user to supply USE_DKEK
flag. This is used to program the field in the security context to use
DKEK programmed by DMSC into SA2UL registers instead of user supplying
the key value directly.

Fixes PDK-7045

Signed-off-by: Stephen Molfetta <sjmolfetta@ti.com>
salld.h
src/proto/datamode/sallddm.c
src/salldctx.h

diff --git a/salld.h b/salld.h
index b81b5f1866f6c00af19d51aaa447699c834bfc13..ffe9022676c75e358d96fe14649a29ca932c9547 100644 (file)
--- a/salld.h
+++ b/salld.h
@@ -891,6 +891,19 @@ typedef struct {
  */
 #define sa_DM_CONFIG_USE_SECURE_CTX_FOR_NON_SECURE_CHANNEL  ((uint16_t) (0x0008U))
 
+/**
+ *  @def  sa_DM_CONFIG_USE_DKEK
+ *        Control Info -- 1: Set the USE_DKEK flag in the security context so
+ *                           that DKEK programmed by DMSC is loaded in-band
+ *                           instead of user-supplied key
+ *                        0: Do not set USE_DKEK flag. User supplies a key
+ *                           directly.
+ *
+ *  For devices that do not have SA2UL setting this bit would cause no action
+ *
+ */
+#define sa_DM_CONFIG_USE_DKEK  ((uint16_t) (0x0010U))
+
 
 /*@}*/
 /** @} */
@@ -1323,6 +1336,11 @@ typedef struct {
  *        Control Info -- Set: SALT available
  */
 #define sa_DATA_MODE_KEY_CTRL_SALT             0x0004 
+/**
+ *  @def  sa_DATA_MODE_KEY_USE_DKEK
+ *        Control Info -- Set: USE_DKEK field in security context
+ */
+#define sa_DATA_MODE_KEY_USE_DKEK              0x0008
 /*@}*/
 /** @} */
 
index ad4e243433c2b367ee6bb8da0d7a72a84bc9d7f2..29a3a01970b328491a9eecc2ded43ff34eb41eb7 100644 (file)
@@ -91,6 +91,12 @@ uint16_t salld_data_mode_setup_key(salldDataModeInst_t *inst,
       memcpy(pComInfo->sessionSalt, pKeyParams->sessionSalt, pComInfo->config.sessionSaltSize);
   }
 
+  if(ctrlBitMap & sa_DATA_MODE_KEY_USE_DKEK)
+  {
+      /* Set USE_DKEK flag */
+      pComInfo->config.ctrlBitMap |= sa_DM_CONFIG_USE_DKEK;
+  }
+
   return TRUE;
 } 
 
@@ -681,6 +687,11 @@ int16_t salld_data_mode_set_sc(salldDataModeInst_t *inst)
                          pComInfo->sessionEncKey, (uint8_t) pConfig->aadSize, pConfig->enc, 
                          (tword *)pScInfo->scBuf + encScOffset);
     }               
+
+    if (pConfig->ctrlBitMap & sa_DM_CONFIG_USE_DKEK)
+    {
+        pktWrite8bits_m((tword *)pScInfo->scBuf, encScOffset, SA_ENC_MODE_USE_DKEK);
+    }
   }
   
   /* Prepare Security Context for the authentication Engine */
index f46a9fdb88008f9bca334fa886035976db977317..b87ee01b3dd318daa9eb98981a9aa2700707c032 100644 (file)
@@ -1109,6 +1109,12 @@ typedef struct SA_CTX_ENC_tag
     #define SA_ENC_MODE_SEL_MASK        0x80
     #define SA_ENC_MODE_SEL_ENC         0x00
     #define SA_ENC_MODE_SEC_NULL        0x80
+
+#if defined (NSS_LITE2)
+    /* Mask for setting USE_DKEK flag in the encryption context RAM */
+    #define SA_ENC_MODE_USE_DKEK        0x40
+#endif
+
     #define SA_ENC_DEFAULT_ENG_ID_MASK  0x1F
     
     /*