FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CAAM operation failure with secure memory

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CAAM operation failure with secure memory

‎08-02-2016 08:51 PM
1,402 Views
ethanyang
Contributor II

Hi,

When we use the linux asynchronous crypto api calls with the secure memory slots as source and destination of the operations, they complete without reporting any error, but when we examine the destination slot, its contents remain unchanged.

When we use buffers allocated using kmalloc or buffers on the stack, the destination buffers are properly updated with the desired results.

Here is how we use the secure memory with the linux crypto API:

(we don't use unit 0 when establishing keystores.)

// init.. establist keystore using secure memory api, acquire/init cipher etc.
...
// allocate secure memory slots for src and dst
sm_keystore_slot_alloc(ksdev, unit, size, &slot_src);
sm_keystore_slot_alloc(ksdev, unit, size, &slot_dst);
// get address of the src and dst slots
addr_src=kspriv->slot_get_address(ksdev, unit, slot_src);
addr_dst = kspriv->slot_get_address(ksdev, unit, slot_dst);
// copy data to source (addr_src)
...
// set src and dst scatterlists
sg_init_one(&sg_src, addr_src, size);
sg_init_one(&sg_dst, addr_dst, size);
// invoke appropriate linux async crypto api calls
ablkcipher_request_set_crypt(ablk->req, &sg_src, &sg_dst, size, iv_data);
...

Is this using scenario allowed with the CAAM implementation?
And how to make it work?

Thanks.

Labels (3)
Labels
0 Kudos
Reply
4 Replies

‎09-01-2016 01:11 AM
760 Views
Yuri
NXP Employee
NXP Employee

Hello,

  Hope the following helps.

https://community.nxp.com/message/825746 

Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply

‎09-09-2016 06:27 AM
760 Views
ethanyang
Contributor II

Yuri,

Thanks for your reply.

In the sample code, they use buffer allocated with kzalloc() as the

input = kzalloc(block_size, GFP_KERNEL | GFP_DMA);
 memcpy(input, text, block_size);
 sg_init_one(sg, input, block_size);
iv_len = crypto_ablkcipher_ivsize(tfm);
 if (iv_len)
 memset(&iv, 0xff, iv_len);
ablkcipher_request_set_crypt(req, sg, sg, block_size, iv);‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Is is possible to use the memory from keystore to do the ciphering?

  1. addr_dst = kspriv->slot_get_address(ksdev, unit, slot_dst);  
  2. sm_keystore_slot_alloc(ksdev, unit, size, &slot_dst);  

We need this when we're doing the key variant calculation.

We want the calculated result is located in the secure memory as it will be used as a cipher key.

Regards,

Ethan

0 Kudos
Reply

‎11-17-2016 12:40 AM
760 Views
teddyhsiung
Contributor I

Hi NXP Team,

Any update on this issue? We're still anticipating for your rely since September, thanks.

Best Regards

Teddy

0 Kudos
Reply

‎12-01-2016 11:29 PM
760 Views
Yuri
NXP Employee
NXP Employee

Hello,

 

 “CAAM implements operations that convert between blob encapsulation
and black-key encapsulation without exposing the key in plaintext.”

   But we do not have such example for publishing, sorry.

NXP Professional Services|NXP 

Regards,

Yuri.

0 Kudos
Reply