feat(intel): support ECDSA Get Public Key

To support the ECDSA feature and send the command
as a request to get the public key

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I9d7bb5b6ab8ef7d4f3ceb21ff0068baf3175a1ac

plat/intel/soc/common/include/socfpga_fcs.h

@@ -76,6 +76,8 @@
 #define FCS_MAC_VERIFY_CMD_MAX_WORD_SIZE	23U
 #define FCS_MAC_VERIFY_RESP_MAX_WORD_SIZE	4U
 #define FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET	8U
+
+#define FCS_ECDSA_GET_PUBKEY_MAX_WORD_SIZE	5U
 /* FCS Payload Structure */
 typedef struct fcs_rng_payload_t {
 	uint32_t session_id;
@@ -234,6 +236,13 @@ int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
 				uint64_t dst_addr, uint32_t *dst_size,
 				uint32_t data_size, uint32_t *mbox_error);
 
+int intel_fcs_ecdsa_get_pubkey_init(uint32_t session_id, uint32_t context_id,
+				uint32_t key_id, uint32_t param_size,
+				uint64_t param_data, uint32_t *mbox_error);
+int intel_fcs_ecdsa_get_pubkey_finalize(uint32_t session_id, uint32_t context_id,
+				uint64_t dst_addr, uint32_t *dst_size,
+				uint32_t *mbox_error);
+
 int intel_fcs_aes_crypt_init(uint32_t session_id, uint32_t context_id,
 				uint32_t key_id, uint64_t param_addr,
 				uint32_t param_size, uint32_t *mbox_error);

plat/intel/soc/common/include/socfpga_mailbox.h

@@ -78,6 +78,7 @@
 #define MBOX_FCS_AES_CRYPT_REQ				0x81
 #define MBOX_FCS_GET_DIGEST_REQ				0x82
 #define MBOX_FCS_MAC_VERIFY_REQ				0x83
+#define MBOX_FCS_ECDSA_GET_PUBKEY			0x88
 #define MBOX_FCS_OPEN_CS_SESSION			0xA0
 #define MBOX_FCS_CLOSE_CS_SESSION			0xA1
 #define MBOX_FCS_IMPORT_CS_KEY				0xA5

plat/intel/soc/common/include/socfpga_sip_svc.h

@@ -100,10 +100,13 @@
 #define INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE		0xC2000079
 #define INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT		0xC200007A
 #define INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE		0xC200007C
+#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBKEY_INIT		0xC2000089
+#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBKEY_FINALIZE	0xC200008B
 
 #define INTEL_SIP_SMC_FCS_SHA_MODE_MASK			0xF
 #define INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK		0xF
 #define INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET		4U
+#define INTEL_SIP_SMC_FCS_ECC_ALGO_MASK			0xF
 /* ECC DBE */
 #define WARM_RESET_WFI_FLAG				BIT(31)
 #define SYSMGR_ECC_DBE_COLD_RST_MASK			(SYSMGR_ECC_OCRAM_MASK |\

plat/intel/soc/common/sip/socfpga_sip_fcs.c

@@ -15,6 +15,7 @@
 static fcs_crypto_service_aes_data fcs_aes_init_payload;
 static fcs_crypto_service_data fcs_sha_get_digest_param;
 static fcs_crypto_service_data fcs_sha_mac_verify_param;
+static fcs_crypto_service_data fcs_ecdsa_get_pubkey_param;
 
 bool is_size_4_bytes_aligned(uint32_t size)
 {
@@ -1016,6 +1017,72 @@ int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
 	return INTEL_SIP_SMC_STATUS_OK;
 }
 
+int intel_fcs_ecdsa_get_pubkey_init(uint32_t session_id, uint32_t context_id,
+				uint32_t key_id, uint32_t param_size,
+				uint64_t param_data, uint32_t *mbox_error)
+{
+	return intel_fcs_crypto_service_init(session_id, context_id,
+				key_id, param_size, param_data,
+				(void *) &fcs_ecdsa_get_pubkey_param,
+				mbox_error);
+}
+
+int intel_fcs_ecdsa_get_pubkey_finalize(uint32_t session_id, uint32_t context_id,
+				uint64_t dst_addr, uint32_t *dst_size,
+				uint32_t *mbox_error)
+{
+	int status;
+	int i;
+	uint32_t crypto_header;
+	uint32_t ret_size = *dst_size / MBOX_WORD_BYTE;
+	uint32_t payload[FCS_ECDSA_GET_PUBKEY_MAX_WORD_SIZE] = {0U};
+
+	if ((dst_size == NULL) || (mbox_error == NULL)) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
+	if (fcs_ecdsa_get_pubkey_param.session_id != session_id ||
+		fcs_ecdsa_get_pubkey_param.context_id != context_id) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
+	crypto_header = ((FCS_CS_FIELD_FLAG_INIT |
+			FCS_CS_FIELD_FLAG_UPDATE |
+			FCS_CS_FIELD_FLAG_FINALIZE) <<
+			FCS_CS_FIELD_FLAG_OFFSET) |
+			fcs_ecdsa_get_pubkey_param.crypto_param_size;
+	i = 0;
+	/* Prepare command payload */
+	payload[i] = session_id;
+	i++;
+	payload[i] = context_id;
+	i++;
+	payload[i] = crypto_header;
+	i++;
+	payload[i] = fcs_ecdsa_get_pubkey_param.key_id;
+	i++;
+	payload[i] = (uint32_t) fcs_ecdsa_get_pubkey_param.crypto_param &
+			INTEL_SIP_SMC_FCS_ECC_ALGO_MASK;
+	i++;
+
+	status = mailbox_send_cmd(MBOX_JOB_ID, MBOX_FCS_ECDSA_GET_PUBKEY,
+			payload, i, CMD_CASUAL,
+			(uint32_t *) dst_addr, &ret_size);
+
+	memset((void *) &fcs_ecdsa_get_pubkey_param, 0,
+		sizeof(fcs_crypto_service_data));
+
+	if (status < 0) {
+		*mbox_error = -status;
+		return INTEL_SIP_SMC_STATUS_ERROR;
+	}
+
+	*dst_size = ret_size * MBOX_WORD_BYTE;
+	flush_dcache_range(dst_addr, *dst_size);
+
+	return INTEL_SIP_SMC_STATUS_OK;
+}
+
 int intel_fcs_aes_crypt_init(uint32_t session_id, uint32_t context_id,
 				uint32_t key_id, uint64_t param_addr,
 				uint32_t param_size, uint32_t *mbox_error)

plat/intel/soc/common/socfpga_sip_svc.c

@@ -911,6 +911,17 @@ uintptr_t sip_smc_handler(uint32_t smc_fid,
 					 x4, x5, (uint32_t *) &x6, x7, &mbox_error);
 		SMC_RET4(handle, status, mbox_error, x5, x6);
 
+	case INTEL_SIP_SMC_FCS_ECDSA_GET_PUBKEY_INIT:
+		x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+		status = intel_fcs_ecdsa_get_pubkey_init(x1, x2, x3,
+					x4, x5, &mbox_error);
+		SMC_RET2(handle, status, mbox_error);
+
+	case INTEL_SIP_SMC_FCS_ECDSA_GET_PUBKEY_FINALIZE:
+		status = intel_fcs_ecdsa_get_pubkey_finalize(x1, x2, x3,
+					(uint32_t *) &x4, &mbox_error);
+		SMC_RET4(handle, status, mbox_error, x3, x4);
+
 	case INTEL_SIP_SMC_FCS_AES_CRYPT_INIT:
 		x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
 		status = intel_fcs_aes_crypt_init(x1, x2, x3, x4, x5,