UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 
Visitor gschwaer
Visitor
308 Views
Registered: ‎03-04-2019

Using HW SHA-3 from Linux

Jump to solution

Hi there community,

I want to use the HW SHA-3 of the CIB from Linux (A53, PetaLinux) on my ZCU102. Is that possible? So here are some thought that I had:
- The XilSecure library is only usable when running bare metal applications (standalone).
- If i compile a program utilizing the XilSecure library and try to run it in Linux nevertheless, I get the following error (Here I assume the memory range for the CSU DMA registers is not accessible from Linux applications, which makes sense): LinuxTest.elf[4181]: unhandled level 1 translation fault (11) at 0xffca000c, esr 0x92000045, in LinuxTest.elf[400000+3000]
- So now there are two possibilities: Either the CSU is protected by ARM Trust Zone or the CSU registers are not accessible from user space Linux applications.
- I assume the first case. So to access the CSU registers I would need to call the ATF. In ug1137 I couldn't find any reference to using the CSU with SMC. Is it possible to access the CSU registers using SMCs?
- In case the CSU is not protected by the ARM Trust Zone and the fault above is only due to access restrictions by the MMU, would it be possible to access the CSU registers with a different configuration of the memory layout and how do I do that?

I would be really greatful for any hint!
Thanks!

1 Solution

Accepted Solutions
Visitor gschwaer
Visitor
253 Views
Registered: ‎03-04-2019

Re: Using HW SHA-3 from Linux

Jump to solution

Hi again,

I figured out how to use sha3 from linux. It was a bit tricky to find the right documentations (esp. ref1 and ref2 (since ref1 has two broken images with crucial information)). Here is what you need to do:

1. As written in ref1 the device tree must be modified. Just add the following inside e. g. system-user.dtsi:

xlnx_keccak_384: sha384 {
        compatible = "xlnx,zynqmp-keccak-384";
};

2. In "petalinux-config -c kernel" enable the following:
 - Cryptographic API --> User-space interface for hash algorithms (CONFIG_CRYPTO_USER_API_HASH = y)
 - Cryptographic API --> Hardware crypto devices (CONFIG_CRYPTO_HW = y)
 - Cryptographic API --> Hardware crypto devices --> Support for Xilinx ZynqMP SHA3 hw accelerator (CONFIG_CRYPTO_DEV_ZYNQMP_SHA3 = y)

3. Build petalinux, compile and run the following code (based on ref1 and ref3):

#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/socket.h>
#include <linux/if_alg.h>
#include <sys/param.h>
#include <string.h>
#include <strings.h>

#define SHA384_DIGEST_SZ 48

int
main (int argc, char **argv) {
	int sds[2] = { -1, -1 };
	struct sockaddr_alg sa = {
		.salg_family = AF_ALG,
		.salg_type   = "hash",
		.salg_name   = "xilinx-keccak-384"
	};
	if ((sds[0] = socket(AF_ALG, SOCK_SEQPACKET, 0)) == -1 ){
		printf("call to socket failed\n");
		return -1;
	}
	if( bind(sds[0], (struct sockaddr *) &sa, sizeof(sa)) != 0 ){
		printf("call to bind failed\n");
		return -2;
	}
	if( (sds[1] = accept(sds[0], NULL, 0)) == -1 ){
		printf("call to accept failed\n");
		return -3;
	}
	char *s = "just a test!"; // should be word aligned and a multiple of 4 byte/char
	size_t n = strlen(s);
	if (send(sds[1], s, n, MSG_MORE) != n){
		printf("call to send failed\n");
		return -4;
	}
	unsigned char digest[SHA384_DIGEST_SZ];
	if(read(sds[1], digest, SHA384_DIGEST_SZ) != SHA384_DIGEST_SZ){
		printf("call to read failed\n");
		return -5;
	}
	int i;
	for (i = 0; i < SHA384_DIGEST_SZ; i++)
		printf("%02x", digest[i]);
	printf("\n");
	close(sds[1]);
	close(sds[0]);
	return 0;
}

If you get "call to socket failed" the configuration of petalinux probably went wrong.

2 Replies
Visitor gschwaer
Visitor
254 Views
Registered: ‎03-04-2019

Re: Using HW SHA-3 from Linux

Jump to solution

Hi again,

I figured out how to use sha3 from linux. It was a bit tricky to find the right documentations (esp. ref1 and ref2 (since ref1 has two broken images with crucial information)). Here is what you need to do:

1. As written in ref1 the device tree must be modified. Just add the following inside e. g. system-user.dtsi:

xlnx_keccak_384: sha384 {
        compatible = "xlnx,zynqmp-keccak-384";
};

2. In "petalinux-config -c kernel" enable the following:
 - Cryptographic API --> User-space interface for hash algorithms (CONFIG_CRYPTO_USER_API_HASH = y)
 - Cryptographic API --> Hardware crypto devices (CONFIG_CRYPTO_HW = y)
 - Cryptographic API --> Hardware crypto devices --> Support for Xilinx ZynqMP SHA3 hw accelerator (CONFIG_CRYPTO_DEV_ZYNQMP_SHA3 = y)

3. Build petalinux, compile and run the following code (based on ref1 and ref3):

#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/socket.h>
#include <linux/if_alg.h>
#include <sys/param.h>
#include <string.h>
#include <strings.h>

#define SHA384_DIGEST_SZ 48

int
main (int argc, char **argv) {
	int sds[2] = { -1, -1 };
	struct sockaddr_alg sa = {
		.salg_family = AF_ALG,
		.salg_type   = "hash",
		.salg_name   = "xilinx-keccak-384"
	};
	if ((sds[0] = socket(AF_ALG, SOCK_SEQPACKET, 0)) == -1 ){
		printf("call to socket failed\n");
		return -1;
	}
	if( bind(sds[0], (struct sockaddr *) &sa, sizeof(sa)) != 0 ){
		printf("call to bind failed\n");
		return -2;
	}
	if( (sds[1] = accept(sds[0], NULL, 0)) == -1 ){
		printf("call to accept failed\n");
		return -3;
	}
	char *s = "just a test!"; // should be word aligned and a multiple of 4 byte/char
	size_t n = strlen(s);
	if (send(sds[1], s, n, MSG_MORE) != n){
		printf("call to send failed\n");
		return -4;
	}
	unsigned char digest[SHA384_DIGEST_SZ];
	if(read(sds[1], digest, SHA384_DIGEST_SZ) != SHA384_DIGEST_SZ){
		printf("call to read failed\n");
		return -5;
	}
	int i;
	for (i = 0; i < SHA384_DIGEST_SZ; i++)
		printf("%02x", digest[i]);
	printf("\n");
	close(sds[1]);
	close(sds[0]);
	return 0;
}

If you get "call to socket failed" the configuration of petalinux probably went wrong.

Observer maxdz8
Observer
240 Views
Registered: ‎01-08-2018

Re: Using HW SHA-3 from Linux

Jump to solution

Wow, thank you for sharing!

0 Kudos