nvvse: Enable SM4 CMAC support

Jira ESSS-1409 Change-Id: Ib13b2901cbec8e4b9670fbe43960514e614a60c0 Signed-off-by: Prashant Parihar <pparihar@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3170104 Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com> Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
2025-12-22 17:25:35 +03:00 · 2024-07-04 05:46:39 +00:00
parent 783f728b32
commit afb2145beb
4 changed files with 31 additions and 0 deletions
--- a/drivers/crypto/tegra-hv-vse-safety.c
+++ b/drivers/crypto/tegra-hv-vse-safety.c
@@ -346,6 +346,16 @@ enum cmac_request_type {
 	CMAC_VERIFY
 };

+/*
+ * @enum vse_sym_cipher_choice
+ * @brief Symmetric cipher to be used for CMAC sign/verify
+ * Currently two choices are supported - AES, SM4.
+ */
+enum vse_sym_cipher_choice {
+	VSE_SYM_CIPH_AES = 0,
+	VSE_SYM_CIPH_SM4 = 0xFFFFFFFF
+};
+
 /* CMAC request data */
 struct tegra_vse_cmac_req_data {
 	enum cmac_request_type request_type;
@@ -475,6 +485,7 @@ union tegra_virtual_se_aes_args {
 		u8 cmac_result[TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE];
 		u64 mac_addr;
 		u64 mac_comp_res_addr;
+		enum vse_sym_cipher_choice sym_ciph;
 	} op_cmac_sv;
 	struct aes_rng {
 		struct tegra_virtual_se_addr dst_addr;
@@ -2968,6 +2979,12 @@ static int tegra_hv_vse_safety_cmac_sv_op_hw_verify_supported(
 	memcpy(ivc_tx->aes.op_cmac_sv.keyslot, cmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 	ivc_tx->aes.op_cmac_sv.key_length = cmac_ctx->keylen;
 	ivc_tx->aes.op_cmac_sv.config = 0;
+
+	if (cmac_ctx->b_is_sm4 == 1U)
+		ivc_tx->aes.op_cmac_sv.sym_ciph = VSE_SYM_CIPH_SM4;
+	else
+		ivc_tx->aes.op_cmac_sv.sym_ciph = VSE_SYM_CIPH_AES;
+
 	if (is_last == true)
 		ivc_tx->aes.op_cmac_sv.config |= TEGRA_VIRTUAL_SE_AES_CMAC_SV_CONFIG_LASTREQ;

@@ -3111,6 +3128,12 @@ static int tegra_hv_vse_safety_cmac_sv_op(struct ahash_request *req, bool is_las
 	ivc_tx->aes.op_cmac_sv.lastblock_len = last_block_bytes;
 	ivc_tx->aes.op_cmac_sv.src_addr = src_addr64.addr;
 	ivc_tx->aes.op_cmac_sv.src_buf_size = src_addr64.buf_size;
+
+	if (cmac_ctx->b_is_sm4 == 1U) {
+		ivc_tx->aes.op_cmac_sv.sym_ciph = VSE_SYM_CIPH_SM4;
+	} else {
+		ivc_tx->aes.op_cmac_sv.sym_ciph = VSE_SYM_CIPH_AES;
+	}
 	sg_pcopy_to_buffer(req->src,
 			(u32)num_sgs,
 			ivc_tx->aes.op_cmac_sv.lastblock,
--- a/drivers/crypto/tegra-hv-vse.h
+++ b/drivers/crypto/tegra-hv-vse.h
@@ -118,6 +118,8 @@ struct tegra_virtual_se_aes_cmac_context {
 	bool is_key_slot_allocated;
 	/*Crypto dev instance*/
 	uint32_t node_id;
+	/* Flag to indicate if sm4 is enabled*/
+	uint8_t b_is_sm4;
 };

 /* Security Engine AES GMAC context */
--- a/drivers/crypto/tegra-nvvse-cryptodev.c
+++ b/drivers/crypto/tegra-nvvse-cryptodev.c
@@ -856,6 +856,7 @@ static int tnvvse_crypto_aes_cmac_sign_verify(struct tnvvse_crypto_ctx *ctx,

 	cmac_ctx = crypto_ahash_ctx(tfm);
 	cmac_ctx->node_id = ctx->node_id;
+	cmac_ctx->b_is_sm4 = aes_cmac_ctl->is_SM4;

 	driver_name = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
 	if (driver_name == NULL) {
--- a/include/uapi/misc/tegra-nvvse-cryptodev.h
+++ b/include/uapi/misc/tegra-nvvse-cryptodev.h
@@ -425,6 +425,11 @@ struct tegra_nvvse_aes_cmac_sign_verify_ctl {
 	 * - Non-zero value indicates CMAC verification failure.
 	 */
 	uint8_t  result;
+	/** [out] Holds SM4 CMAC flag value for request
+	 * - '0' indicates AES CMAC request
+	 * - Non-zero value indicates SM4 CMAC request.
+	 */
+	uint8_t  is_SM4;
 };
 #define NVVSE_IOCTL_CMDID_AES_CMAC_SIGN_VERIFY _IOWR(TEGRA_NVVSE_IOC_MAGIC, \
 						TEGRA_NVVSE_CMDID_AES_CMAC_SIGN_VERIFY, \