From patchwork Tue Sep 6 06:51:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 12966853 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23A8CC6FA89 for ; Tue, 6 Sep 2022 05:50:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236506AbiIFFun (ORCPT ); Tue, 6 Sep 2022 01:50:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231947AbiIFFud (ORCPT ); Tue, 6 Sep 2022 01:50:33 -0400 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2044.outbound.protection.outlook.com [40.107.22.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA5651570F; Mon, 5 Sep 2022 22:50:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zlr3cw1nI9XcRK2rdK2T9cYZaK3q1+Pgu3/hbXrEjNGOsL7HLc4jckxoaZHSRBVmnIHnX5g3hhp6G9AJRrQvtOYZq/YGoo3L9WMQgrZ+hThyuNeqJxflK+sINDgos+/cGWxNm5S6x0HKy8jLfMOivW6Z6bTUenvxBibIVcdg1ze4T/NDe0u7Ny7g5+o7yADCSfnwy9P04J6WCIRnmQh/dLy4Y07EYEDAtNLrcPvx2U1U90oa4PK9tHMEmX1aruPTbqBUJVNHXjB+Xrt6uQWGncBmdZaYiMTVCyQhFtYobhIejDaZXyp65+Ol59+QBrxFoDSZ7NJDN3/Vcp//zDU+Ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RazakFVmBTP9WFcSFYdhGMh3h1u2i57yzpiLl038jIk=; b=elB30LNlg8N/Jt5g3X7XMM/i20MOoBivSWS9fRnvffbMOETCnmuYN8schytIvLUnsDsG8T+tDAm4TQh8qu6UiD0QksEvmAwnBroi+dwvnp2rW8JzXupAhXVwal99Ix4fIRWrDWr5xzEp6A9AttVPwNYcIXQfslIN8cA9RVXPmvDRPK2oC2MtvQpISWVuNnkfa/S4VjLsvL0X0D50Je4kjD6Qm+WBYg6h5YcVB4RHUBO8zjH+925XfK0/wt9f3ULlPEbLT25D3xTOwJ3ZzDpiZcHsL+Z1PPRJ2lcHLwfvBoE9LtoV83Do2wBL04YP2k7e/I6yZ3FIw1Ss+rGYr8HRdA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RazakFVmBTP9WFcSFYdhGMh3h1u2i57yzpiLl038jIk=; b=VY55izSkZMxSt+ctK/uvbeFcwz3AXwpk7+plO39hpDFmu/DY4uaMASk33Np/+3BfkirH8NE9SjeJVbpkvAZPvFjkUCNJ9lZ39+eFBvcBT14mB6Z+g4rmQYM+N9RJXBon/w17cgsaM19/5694spH1B1DmYfi0neVHE+TYoP5+srE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM0PR04MB6657.eurprd04.prod.outlook.com (2603:10a6:208:17a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Tue, 6 Sep 2022 05:50:25 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b%4]) with mapi id 15.20.5588.018; Tue, 6 Sep 2022 05:50:25 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, pankaj.gupta@nxp.com, V.Sethi@nxp.com Subject: [RFC PATCH HBK: 1/8] keys-trusted: new cmd line option added Date: Tue, 6 Sep 2022 12:21:50 +0530 Message-Id: <20220906065157.10662-2-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI2PR01CA0001.apcprd01.prod.exchangelabs.com (2603:1096:4:191::13) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: eee0fbbd-a017-4702-9849-08da8fcbafac X-MS-TrafficTypeDiagnostic: AM0PR04MB6657:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: RNF2NJknmEjHh4xp3Ou6QB5dtppUl42YN8JcLBosUzyKTb/gr2xNCWm0+cqvAh0QG8DNM9N2Dbk30lGz+VmYF5uNotNn5RDkhEPlxAnCcP9eF1/h4hZK6DtFKd15vUk2nEBidduT1CcfAJ/Wxy9glpg5iJ2uQrdndRIGvZ1dE+xHK9X3OTvPIEtPIwhtbzxXadOPnqpsTu9Q/Os8P9VM/xHOy0kRuWKv1P9fHPq7gJRICSs6DIR6GqwKGOPSc18Ow03USiJEbzhGdwiiB2ALsEGSNpBBmeiAYDroqtth1ztLz1+OfUPJ9qVCpmsqfLETyBDqyEMyWwMX7Kbtg5iawXzqW7+heSvwcGdyEOi83198er4kzDyH9MBePlFmQyFN3V5FMAhPiPipNH2a8crFutb0EWsy2HjkK0ofgZecWYmVuk2qZoMBnc6g24NWP+PcZRM+T/IntO5yWZpQvnmHqGJFTswu9gazAy4SgzjAiFpHQ/L+hUtJphmgmLt6WCRjc/DDBygKzQIdj6O8xHcW53xZMEPi2oJNQdOQoCm+M8p1RuHGT6XvMLbcCnuOsrVlLBM3LM5ZYvgyOH6CTiPMIUWDFs0vXLulWKUiCRGL9oO1tUqwnsbx5TyEoWHAzFhMGrjNnHKaWrv7LwcNIivzAJW2atrYJWuZP6Z4rCc30dIj7rpVYCOQJV2XZpQvDKLTYr2AiDjiTJh0u8zYG3upyFLmYuRBv9vVV5xjNZpbIaq68fXJK1yudlP7NkCaDxbgg5ojy0/KYsDpAY0hawrbU7/vZBSzQeISMY7HoE5h6ks= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(136003)(376002)(366004)(39860400002)(346002)(396003)(6486002)(6512007)(316002)(52116002)(6506007)(478600001)(6636002)(41300700001)(86362001)(26005)(6666004)(38350700002)(38100700002)(83380400001)(2616005)(186003)(921005)(1076003)(66556008)(66946007)(66476007)(36756003)(2906002)(8936002)(7416002)(8676002)(5660300002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: reAJlRn3f0q299wsAiMb5eKb6ra2LbXEBj4NhSxcoZhSug7BKtVhBjC5+aH+SJUGWwFCJnLq1Platf7veLIKXTbr4/kUy79/CJEtDa4fp/wPGYXNuTZUz2PyPgPCw0kwbmM+VvwD3ZDKI1OGWDdKoBkSzoaG9TKL6cvDvxUIBsBu+JG7xqRB0/HrKNCGUMGh3MZcle5H4QDVYiqm27tB8+ANBFVYTlU3xJqqgLRh2IuFB4Pe9eErTLyOCZV6h6cY/e91pVT0oeHprjt236T6OC9e16c4B62MsNjH0m5la3XR7S0K/2+Ds/suqt7lprOx7+4lg4aQh8pjSvFGhTBIhHrpM+rk0bmgiO0HOiz7p9mMLSOIcz+CfAqt5CPR7ajgHuEiQkmoBOvSMXKi+z8WVcB/FJQlw99uDtND/vS3kENSCtiqW2VYERUao5HX9w6hI8dnNcHVOfjKvsOWcBnDF2riHzeBdyNgXxAuE1YNsd+RJOxi82JAJpj2+RvohVNHnPofo40wKeAz2jmR7+yRpatbIy9+1qZR4R2pzxkMalPkSiPhgD45L9JqIDCBLwVlOmnjK2jC/2yDE9P+IQXqv2C1F8FeoPqopRMBHvAXZSj2qPvtuCohP3LkzNcvk+Dmtm+3AaBizUlAqkq3HWskVVaDaMiu3bxeT4Wn3O2onK5D4KXh+IhUHrULSNSt70kUOhIMpT3iiV98GQL6duczwWFluBkJxTl6YzAEEUtnzeT+Kc4eziZcEH6vh4AAVjmxWK6DyiPPVMAkBT4QSlOX2tn0xZ1Fytfymzq2TbYRL8EE40k+gK0EclTNF0QbrFQaGskHVAqdfqJi7R7xNgrsmStjtCDoaaeHZGhasKcbhxKVBPl0ooJBGGC+Fq0vqaSa4GhHkiTf7khG9CbFC2lJiZuhKdqBtPW3yOLzrYBrhmX6RQZrzjLUceTjWYvDPTDvWCLVqaNndcnf6GL0vi3mkEOnBQHu+nq1LBt5UzdbOPeiaZjn1S4+ATkBbKIvM+qdY/2oMC69YVVcOlt4yvmCuiWANYxthPmhAfry6ybmFsCpNeruff26iek9u/GQccMTB+PymRg1DHbRUt2lVz5EWCyqC7EfJk6DoQQjo48JbttXArSwY/NFDlU93XZ6maC3PG5IlxC92/oDbSPlynuBqdUxhPPchATiMcDtVj7ru9p5qREGKd+BUoyKpigjhh4NfqWI4uAu/Mv14cdiuco/hYUgZfoKl67Nar6p5jfWm2hXlfVyXwqgd1i2L0UHnABPi/sxJfun6kijxa7lIlvRul+h2KQSQYv8DfFvdKMrPqw07oL/+DUEPB1ZVm7S4iFzOcZTFwsGeL850fwGktrv+aaprsFQooiyUb26pjFgq93iOukabKiJHXI8HZBtzyWDRUJEVPqjxjifqk6pyNszWKcOI5C0NOYpZUyRnqEIY4RSifT2UUB0rmI/v6KvTiIvlI0xX/m2Dzx9wGy9qWJjBt30M82sZaozGHEcFS2qwYI6WikftmsTg8gSYfbA7zupd3TAa6AVU4RE8yHd88zWQiBVjOrJBhE7d/rxP0S9Afd4vQcVflYtbp11PFB/1vVw X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: eee0fbbd-a017-4702-9849-08da8fcbafac X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2022 05:50:21.8239 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EiqA14YrXwAWsuEN1lng5PKE6ojQQ7+nQG5pORxC+X7/PPBbwXbqGkp2bWuJB+haSJ28IGeAApgOwL6Qfj0vCw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6657 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Two changes are done: - new cmd line option "hw" needs to be suffix, to generate the hw bound key. for ex: $:> keyctl add trusted 'new 32 hw' @s $:> keyctl add trusted 'load $(cat ) hw' @s - For "new", generating the hw bounded trusted key, updating the input key length as part of seal operation as well. Signed-off-by: Pankaj Gupta --- include/keys/trusted-type.h | 2 ++ security/keys/trusted-keys/trusted_caam.c | 6 ++++++ security/keys/trusted-keys/trusted_core.c | 14 ++++++++++++++ 3 files changed, 22 insertions(+) diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index 4eb64548a74f..064266b936c7 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -22,6 +22,7 @@ #define MAX_BLOB_SIZE 512 #define MAX_PCRINFO_SIZE 64 #define MAX_DIGEST_SIZE 64 +#define HW_BOUND_KEY 1 struct trusted_key_payload { struct rcu_head rcu; @@ -29,6 +30,7 @@ struct trusted_key_payload { unsigned int blob_len; unsigned char migratable; unsigned char old_format; + unsigned char is_hw_bound; unsigned char key[MAX_KEY_SIZE + 1]; unsigned char blob[MAX_BLOB_SIZE]; }; diff --git a/security/keys/trusted-keys/trusted_caam.c b/security/keys/trusted-keys/trusted_caam.c index e3415c520c0a..fceb9a271c4d 100644 --- a/security/keys/trusted-keys/trusted_caam.c +++ b/security/keys/trusted-keys/trusted_caam.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2021 Pengutronix, Ahmad Fatoum + * Copyright 2022 NXP, Pankaj Gupta */ #include @@ -23,6 +24,7 @@ static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob) .input = p->key, .input_len = p->key_len, .output = p->blob, .output_len = MAX_BLOB_SIZE, .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, + .is_hw_bound = p->is_hw_bound, }; ret = caam_encap_blob(blobifier, &info); @@ -30,6 +32,9 @@ static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob) return ret; p->blob_len = info.output_len; + if (p->is_hw_bound) + p->key_len = info.input_len; + return 0; } @@ -40,6 +45,7 @@ static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob) .input = p->blob, .input_len = p->blob_len, .output = p->key, .output_len = MAX_KEY_SIZE, .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, + .is_hw_bound = p->is_hw_bound, }; ret = caam_decap_blob(blobifier, &info); diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c index c6fc50d67214..7f7cc2551b92 100644 --- a/security/keys/trusted-keys/trusted_core.c +++ b/security/keys/trusted-keys/trusted_core.c @@ -79,6 +79,8 @@ static int datablob_parse(char **datablob, struct trusted_key_payload *p) int key_cmd; char *c; + p->is_hw_bound = !HW_BOUND_KEY; + /* main command */ c = strsep(datablob, " \t"); if (!c) @@ -94,6 +96,12 @@ static int datablob_parse(char **datablob, struct trusted_key_payload *p) if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE) return -EINVAL; p->key_len = keylen; + /* second argument is to determine if tied to HW */ + c = strsep(datablob, " \t"); + if (c) { + if (strcmp(c, "hw") == 0) + p->is_hw_bound = HW_BOUND_KEY; + } ret = Opt_new; break; case Opt_load: @@ -107,6 +115,12 @@ static int datablob_parse(char **datablob, struct trusted_key_payload *p) ret = hex2bin(p->blob, c, p->blob_len); if (ret < 0) return -EINVAL; + /* second argument is to determine if tied to HW */ + c = strsep(datablob, " \t"); + if (c) { + if (strcmp(c, "hw") == 0) + p->is_hw_bound = HW_BOUND_KEY; + } ret = Opt_load; break; case Opt_update: From patchwork Tue Sep 6 06:51:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 12966854 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A60E7C6FA8B for ; Tue, 6 Sep 2022 05:50:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236817AbiIFFup (ORCPT ); Tue, 6 Sep 2022 01:50:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52050 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232365AbiIFFuk (ORCPT ); Tue, 6 Sep 2022 01:50:40 -0400 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2057.outbound.protection.outlook.com [40.107.22.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8966E58DE4; Mon, 5 Sep 2022 22:50:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A3SYaRriF2jZBVoXckLTALyMSXDGQJd50vaJqeLx3xNNkJDb3XxTtnKigqtv2ssQBCE2JyRB1BXUS+XXVooG5zQvWouKhddFBex0OXX2Ne0c2OuVpQhE0LoecmiVvNcfW0yrP7BEK6N7rn9Rsq5CyZuuP18D3aN+cYeEP7+HFRUuG1ce5SokFaeT12qZCIvGJVlF6jfHu4O31R4sMHyVWGVYK/iw3LnEDIgqs8W0lpNq9uuDJ/b5ayDV1Yt4CbBUI8HYuIhvIfLa06hTgj0+Um7aMQKZLKhC4NZEnOHRxf6aT59q4VpuNsfGs/oS5KjWM1cwDLXTfNaxu4gVjQ+7gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6GndXkJkPfORYmKcovuFi24Udklu9kGU68uV6SYGtSs=; b=FuauGIvFT4tVFlByLqCtOJ+3qx0iXOS0aGei/HVgwLaE8UYEfyMpmIjr1VfevIjFEVdWUZwKzJ9NuQG3GFx+kNBoUjduHqQlPrZnqp0n/0Py+sdpqD0GbluOFdQ/uGByMCABoq4OyeMl5l+UePmfy0qRo/ktjv10N4SUAqQDOLe4plnHzd0ukKGdka8chcAr3zt5qG3+YiuKfiYhBJuZmEeV7KoptALjx/hpH5LXPrCyutBi8N9hIp8BCqyQS9x9oAUrWSXt/+Om+uBvr1allLMryQGMuJ5oQFU3AFgqgGiqRr9zm74Mz/bP9hyAvQyD64IMkVKXJ9y4m9QulrNkEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6GndXkJkPfORYmKcovuFi24Udklu9kGU68uV6SYGtSs=; b=OMdSoZAIhUJLuBgxjBQhG+XsOqMkQfWiL7SXQEYDnXqW7e1tk6+L1+6OgrEjJ9mq4s6o5bS2HTUC34U6GkM+WdveuTBU4MSyynP8hHxWK9UpICj0t82XOyvQsKofxgFqIF6xYmW6fxS5cVl4VRDKnkWWn4lo7FPB2S+X2D4n60M= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM0PR04MB6657.eurprd04.prod.outlook.com (2603:10a6:208:17a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Tue, 6 Sep 2022 05:50:29 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b%4]) with mapi id 15.20.5588.018; Tue, 6 Sep 2022 05:50:29 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, pankaj.gupta@nxp.com, V.Sethi@nxp.com Subject: [RFC PATCH HBK: 2/8] hw-bound-key: flag-is_hbk added to the tfm Date: Tue, 6 Sep 2022 12:21:51 +0530 Message-Id: <20220906065157.10662-3-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI2PR01CA0001.apcprd01.prod.exchangelabs.com (2603:1096:4:191::13) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2b94f26f-a8a9-4ae3-a5b6-08da8fcbb43d X-MS-TrafficTypeDiagnostic: AM0PR04MB6657:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4NUZvrliIvreb7pPeOn3tCN+nTmFyCFiZQWJ0mJQ8bUGuLFGxDNMbaHKL35lLp963OevTgoRHdHeZPo9Lj+qPqwg8QDS5tzIM3yiZ8lWWncy22VptcW1DPMODyEMGOOvSJk/4qfOqzjdnxwpLpNZSoExptCV6wu66NYvpTQIiizcjRu89MMo3BgsLQrujozCxTJippJxvPsdhlvOZE13ZISQBvrO8dWgsiAkSYmO/OErTQxHYIVi4UqiLDXTtUgjYy8LcDxtjyu9ZmbTl0OlOYXJRcGFUBrDhBp6zpzYAPYpXnBjL/AdFanoRbo+ipZRMycbZnPe/iMQIjCROzvSHiNhAXP5w+Crls6Uu3pbdddxcwfbdotJQRxQec4xvEFH7+HRK11wAbAc6FQOxQDh64HlRsu2FMNIXms4Wy2rlzSmd3p8Ebnfo+T3Mzg3tHST+xolrHyTDJg/rQrFYI74A28FV5foBpjuvNpdfVfPN68TfcGdyoHftJaM6D9tnFdsthBueW7+PxStax/RvaBXvE3nilYjISyDNUyXnoThcUyt95a4FHtAvNy06LpRebY+xjOhnRRgEKUsMvlkJGejL0UoPJ/9YlXs+On0WbFxLDbUlUiiXEeRS7gOv98ViYeY83CiFnW0ALlKdpA8fozXK/6sYqYlJxLgTqwFtP2+jrjx/MIiYn1J7cMpwiHiED8WDtP+ChKVSfgOmIzlKrSdh/SNVUjf7loK/HNEsqtebl6SHPvpAzkEjdsIU8HJmjxVk+Ugg74BXSqTKfLqpodUxPHCJ8mAuBiJFLYNumD7JqE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(136003)(376002)(366004)(39860400002)(346002)(396003)(6486002)(6512007)(316002)(52116002)(6506007)(478600001)(6636002)(41300700001)(86362001)(26005)(6666004)(38350700002)(38100700002)(2616005)(186003)(921005)(1076003)(66556008)(66946007)(66476007)(36756003)(2906002)(4744005)(8936002)(7416002)(8676002)(5660300002)(44832011)(21314003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: MGtQfiibBjvVEakIFICJeaoNW59gfNWWwbrqZZyB6+OrAl3h74nnK0ljyzoQZzdSeRRVtXPmGTSR18ferolP10RbRRja7GJB4jprBUxzrilghrYlhTKgnGyh/sOpSC9m+F2aNTYfALHX9A5JDvdgEVb/HPpjhVHv7da4OsuAXTEdLNAoU9hRJCnoa6a5q2fkvU1+BU8COZK5Z9k5vTu6Ps0fATtemghrQWUdMawYYT8VeECX0PuurADzBmZZlZKoxDCJ7Ri+QMyYEwlUA3pRMfVkHu3uZRE0rRqvvCazm7J9QT8Kxk8o5rLWGyzO+qkWttR3JXgtz9aXkbyAgXjGWkEXWzYQOo5es+pEvenFqkeSjQ2jdrbDf7LCS+YljHIs7G4bThB+jbvs75o/GP6NdVfxZw57vpBkJK5+fwz/bhyGtaZSZdTMy6TAi8IjBer+BdV+Cujy0ZFBCv6tfWtmYXF6K1VOrIMTBY1SjNpuubqNEeTTBRNbQWOmjPHquHqHn5zS2VVFjY1WFgXfjHm0vmseCZavhBDjp9mHQFKHN7tErmT22A9bhHtf6hr8HPhNE4WvfXKnP3Q6D2BWB4a2TeBTBzXPWq05BylpjbLxAn5ArJdg3i0ikFnLf09ylGouwIj5Ogq75VDadoR8EEn0ab8enlnTLNUVaAi5c0o6d8oRNqdCriK/fCzVmQ03KpyRXS0S6cgB3jqsow+0vSYV70ehdtGjW9LnME98wClboVqCllLaaAKapt0zFoNunmY0T45BaX4LvZSJUjOE1WnzV7KUTHusf3oe9tq384tV/MN71vHP19VOTvnH1E74dWmEFZCXdp1ZMHGmZYIPaAV2MaCCqmM3ar/BJt7TBEpHBwkYEFGEnXSpco5noGFbOxSGk7+Hu1Zlh2TF6YqhVcexE5jNC/sGx5iqTc4io3J2eYoSSDWlJbGyguhPC2b7RiDAvOo/Hzw7mpbbGEmIwgAHg1B9vd+9PWdMzztYu2E2Az+PyjJZoYUTSrwrz/OlccAaMDi0NYphWn63JaFy9pwEdcZ1zPUlAA3XdypdGIL91QRTzDosp3MPorJRHGSyB1fjl3pIHMG+8liwpDaCqW9YnigCNVH/UC7a37YGV7r2/18AYx0Z/5OTWnnbv9CpyeXPuhoEBEv5bZUmHHDarW/DKQfqERpGd+y5L4FHiCWgdI+KATtzYLr4rIHEaDGLvMy+WAV4l3UdKZLlgj9mureFlC/uF9AkIcLIoDKPR1V1Gejz1bHildrQtZhTUluETTAgh2ASiBh38o5fnOr0Rb4lueiB+Qq//Hc7J8LIWJvCXE7CcDldc9d0ewwKUR5WX1ZULnyiAbM1utgE4caxdq7EKLCzH43Y9Ft8oBbIE0RPcQWEFvI/x5uIdKn/LAP6x24dtDQ18gaz7h5/E5LAvGC+zCxBBdoQT9pJSFJQjXXDPnMQ1fjvNLHc/roL+BV8dFazZ2CxLd3cVXNqVEA6dignp34M8f5jCvE5C+QBoRYQ5txArkZBWs9y8nOFzapoGnnSvgP792mQCjLVUFIXhWxmW7Ef4L8C2TLSwZp8Ag4shOn9ABQXPF7xZvnZW60Ns8gi X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2b94f26f-a8a9-4ae3-a5b6-08da8fcbb43d X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2022 05:50:29.5015 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EnQAd0YyfVG/D80BtpnSz0CYqHyVdLoCI9uKWsRjA5zxLzbR3yjaW2Z7FLoHvrNDcUFuWVyNpiwC3PNKbGO/qg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6657 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Consumer of the kernel crypto api, after allocating the transformation, sets this flag based on the basis of the type of key consumer has. This helps: - This helps to influence the core processing logic for the encapsulated algorithm. - This flag is set by the consumer after allocating the tfm and before calling the function crypto_xxx_setkey(). Signed-off-by: Pankaj Gupta --- include/linux/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 2324ab6f1846..b4fa83ca87bd 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -639,6 +639,8 @@ struct crypto_tfm { u32 crt_flags; + unsigned int is_hbk; + int node; void (*exit)(struct crypto_tfm *tfm); From patchwork Tue Sep 6 06:51:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 12966855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62894C6FA90 for ; Tue, 6 Sep 2022 05:50:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232322AbiIFFur (ORCPT ); Tue, 6 Sep 2022 01:50:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232503AbiIFFun (ORCPT ); Tue, 6 Sep 2022 01:50:43 -0400 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2057.outbound.protection.outlook.com [40.107.22.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23B426527C; Mon, 5 Sep 2022 22:50:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MJYYLjHqeYYXNzGvHZSaQ1VIJFQDAWEmzI7WPhmNiH+ONJOIrduYFTVS24igy7N5ARv1Onx2UPL80NyIj+rsBSAxhJz3UwhCk4EhdxpkdeikGIBI9gr71RSzhoy36WV6ofXMOgfoYK/z9KTB7vS0FJzWZVMYlu3k7sUlizLOSdaA8tattrHvogfbRxHDEPjxMSmbNThumfpvsuTyFA/YEcCNMmp0ABryij66p+opg8Fqew9vGsE7vuIvvHcKxFAdNZ3msmT74u5ITiKkeK1WNGMX3YewCNg5tdeMY4KDPne2qLbqz1mgNtQpvTdxeKC9Ulm0Zsvcf3JeaQ2bWnxdRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XZNSue1BB98oOwbk5xjFV6FMaUS6f3bYXUbZ7gMa0J0=; b=h+nEESh6WgRzTwaKeqBH0oq7vpxvdNCcx98pybrXd+4H2ZmHBGVTj08qkV9Wy1SE6Q6GBXcFaCCJzfeR4Pfs//xHVzPSJtPAJNoSfDCsvrGu7c+uNuq7Eyda9pCHoyssGCBxvO1TDORr7uUlGANkTQP42+Qh832YDWPMak278CvRiI/PfEN0r+aapUMAHhgSuV9n3e42mk5lkBElvNrZUNWNCgNlrmmXpzz7PWjlEDQl8SiCpVXpsqJna2BUAdEVUnTLcnKFWa/pEAH3Cnc6N8XCF8TspjD1WuGPCLORDH1P/HsjamhKduAnkePfU74Cp2etQfCAiDr1+tXlAhTOZw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XZNSue1BB98oOwbk5xjFV6FMaUS6f3bYXUbZ7gMa0J0=; b=fySifEL/pQxpIEoSjNVqSdquHbPP9ofhJWiw1tbSMQPEYlcxsPhYHZo1Pw7zk3j2p0EC3I2euogMavQDHw7VkY4qjdMVCG0VMW1xtVbp8o6bCGi2BJWSv1XUVXwBBTtc881wXPGe5homo+01+gd2pSI4hZvJrI6gxEa8ruOagS8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM0PR04MB6657.eurprd04.prod.outlook.com (2603:10a6:208:17a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Tue, 6 Sep 2022 05:50:37 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b%4]) with mapi id 15.20.5588.018; Tue, 6 Sep 2022 05:50:37 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, pankaj.gupta@nxp.com, V.Sethi@nxp.com Subject: [RFC PATCH HBK: 3/8] sk_cipher: checking for hw bound operation Date: Tue, 6 Sep 2022 12:21:52 +0530 Message-Id: <20220906065157.10662-4-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI2PR01CA0001.apcprd01.prod.exchangelabs.com (2603:1096:4:191::13) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e3a4f3b6-f438-4c2b-c112-08da8fcbb8af X-MS-TrafficTypeDiagnostic: AM0PR04MB6657:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OYaxSDhcDC3fJC3Kjm5PIZFQ0CrmX+S93kk5J7/jNGObkKcSg7nfENCqJeopnZdqRuLtbpsVtv9yC7Cwg0Q4MDvMs2vxlgcGVD2QXn4SIt4zMt/rKN6D4d3X7vRuBuLbHhR1JheQp2twA+JJfv3j5JCow/q0jBUkelHvq1QCSTrZZ5YLJA7y2s7sp1mmeNjewsKXdWOUd+Yr2xd+Ve6Nt0cD+qRZqfhtFfql9RLaof3wA6wg8Lv63AtazrolxUu6geTJycrxHJ9kDP1ING1o69VPAOxwdgX1bT7czHJE1XChkRVejk1AKX/zniAaiIROs2EiVfFmdN270/NIErFNZcXik+A5+YTtXm1B9uTKy1cM7/eSUzzF1EFGiE9Bl/c0gi8fLPBO2751e42IDoWR/tzxDO2x++XpjG54JFItIIzOP0frby7aX4tnet+N3T/K4MLQkKk8jsUh7QyyQRnL4orq+nSv2rOtxZ6Gp8w9wzdlKv7Ov4zMCm/WQsQXO/sv1mq04adOMcu571K8HqjfHybJo6IIrKozBoE1tEifHkgrP7D0dx0Xtvl1I9dgiQZEzcvlrhTBpFqBc7DKW2OyE/PYi4ZNX6BtQxVJJ0AvwQ3aEZxslCoNdM34nyVX0/TDzZePNxJFr98SYtLcjlp5kZWNFcwrY+T4ARhL5zlLhU2IZrAXxmh7D5iASFoMazpNuOxOMnsU/3E3ugqi2hyjRfNjUOwBtMzbR0TQE8HW7jFzPhMTIoGYNyRKgz8DonvqyXGECLSMPS/UbnQM/Eh5q4YVYx1c0BHTNTW1feJ9a1M= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(136003)(376002)(366004)(39860400002)(346002)(396003)(6486002)(6512007)(316002)(52116002)(6506007)(478600001)(6636002)(41300700001)(86362001)(26005)(6666004)(38350700002)(38100700002)(83380400001)(2616005)(186003)(921005)(1076003)(66556008)(66946007)(66476007)(36756003)(2906002)(4744005)(8936002)(7416002)(8676002)(5660300002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 3gafLITasyrtzxTTHIkiBgXXLi0i2BqLjMLcndgJCgCQlfpK6lECKdmJ6xQCrwlj6APiPTsDQtnUSQTPEZ6iuU0uE+lRBqPFjtgj6BwkSSvScb95iz+2/0haC6RdISYAg5HI0fdWA/b20HOEDws9yKrHl6inrb7ac4lt4FyKWbZ8rczmdsXQg36lk2RJYOqBFZOrT3r3ZnM1+/Zy9h+GXYh9knWL50ODcKnKrOzZ/0m/tsFrm9M361+6igS/cpN1oXIMmQK6IEoMQcVK4epbt9YvMi++EL4A5PCiUc6AukWdJjBSDYXLi2I1NB8OD9kxYzgvAC8SNkJf734tJeZ2Sjqu6AKHX951R5+qddkjTLELApGgWkbq41L1RP5ANbLcM4IGo5h1+oQuNLtABWTMPto5WFtntx0d5gjRkubxfJ629Wv188O1rupz1NXdv/g7KSlXe8Bgb7h+t9vncmOcRGEIEdKkxZhD3AePPIu9uk8/7bmNYtgtcwSmIJQ1TTEcFddsUA5vRkPhSaOE5Ja8E1BU1SlQ51GG4JDZpnlTnBJ2wmxWENMqWPqaFYssde7ttE8dnKCIwRg9AGRCHQwpF7HFs21qGuJ3WuzMo6O1cEcl6em/SVWPQcOjdi+9/ef4zcPiFRVubpO/p4ENKVVjhIMNu9AMeWmI+EBI1mJyapd0ZDKM8foazsQGpex2Y3moiUJJBsLykaeD0Dao5PlULeEiMYn+nP95q9vtt4VXb6JwnEhQfG71Y/r9zMxEuhwZhF2gPSROFIm/QTQ4R15Gnty39P0U/FisYib6gTxSOyXYidGkIGIMklszGGgnf62/B7LiO2nF0I4jAFMG1QncOd5RDm3AUGRVRUfotsXtvX9YpeArczf5C9+zt4CSyHX4b+0Unkcr77L4/gPyivzGx3/jNsK5HVdZml/u0g263Couz3kSebR3nPqVUkK4nRiwantKU3gNL3ajNS7InDLmlO0MLJ+gaeSxYpFZoVoVfwZdMB/M3BRwHQXnFCbsTfkDdBHoukXnZ8iv1pSJUIv6dQA6FX5U4pPrjB+oOhZ2CnMvx0WZ6VASDJDZEoldRAI+3j0aZhVaRXirvFggBK+alnLx7ZCrgG1SgwIpDRPAZGyrecHdEwU9D77XsDbWmy/5ue/EtJkBWh3B9Xdk55qJXyDqH/E14ucvy+HgBEJdesP0vw867j61uKZXWfWqXvVzWg4gNKZCJEhRumk9rJAVPnwbn0jbfl9l5LCjwlVW1Gv4u7E/q7fFI0NDUTwrO7+NcN/4mdMo8xyw/KajAS4VegQ8ZqaX4STe7CEg9lZ648CtXGlA2wNnD6bUrWRgSsITHn8AOJEHxnWjAxYpDHxNznNqdbPknuRaooebhqq3F/EDhGzla5OfQUgl459nQkDrGX+ndxtF4xXCcqcF3NFzxdUV4SIpbIKiwUj9cz70mfpjQnwsMLeHqRJf1wCqLTJV6CcGR0qbBVEavAkbvx2M35UwwJE4QYwReHUGDUtKcENi+5ImE4FfpBhrLE3QaeuuZqXu2gfzgWBx/eOA9XEjSopIuWT6CX6d+MEtmpRad42Aecr5dIiXRaHUX0J5UBeD X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: e3a4f3b6-f438-4c2b-c112-08da8fcbb8af X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2022 05:50:36.9442 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NI1vJV2rz1/Ylw8Gcdr1WacGZ9AOs1UQnJDtlqkHRxD9jsvlE5jvD987cTJmBJe9gPc75uyVhK6DnMGKnNUsYA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6657 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Checking for hw bound key. If yes, - skipping the key-length validation, against the valid min-max range. Signed-off-by: Pankaj Gupta --- crypto/skcipher.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/skcipher.c b/crypto/skcipher.c index 418211180cee..0f2d0228d73e 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -598,7 +598,8 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, unsigned long alignmask = crypto_skcipher_alignmask(tfm); int err; - if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) + if ((!tfm->base.is_hbk) + && (keylen < cipher->min_keysize || keylen > cipher->max_keysize)) return -EINVAL; if ((unsigned long)key & alignmask) From patchwork Tue Sep 6 06:51:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 12966856 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A851C6FA83 for ; Tue, 6 Sep 2022 05:51:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238085AbiIFFvT (ORCPT ); Tue, 6 Sep 2022 01:51:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237864AbiIFFux (ORCPT ); Tue, 6 Sep 2022 01:50:53 -0400 Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10062.outbound.protection.outlook.com [40.107.1.62]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 81CF95B063; Mon, 5 Sep 2022 22:50:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NLYxT39r/2AbGQGsVUGRs1vPS3k9XJFW3jNomrfM2J/qJkYQOhQKBpW5QE9RPn+1M+dWZvML71xf6h4/n5Ab00+IrNDwMU5/JYBZwB4jBA4Nswo1HLizCWYb7E9M1uVd1LEP0x8U2zsoQee8BTcO1y938DQhgfGU/CnI3RBimRTOudE8pF20B+b6hB5shwez1d0C9v2K8ufCD6CHMzcqq/AR4TzmU0oOsSFRF5tVKLeowZkbRvmzOaPUCWHO1f6THLox5eNCiWc7/lKWe2ODtqkNRAmkxcuZ4LibT7Nv+tSJF/HoWCm8PZXia5HVAYOz3JOE6f3Imyl7snJJsb0qqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JxIElYum3e9A7v8sdm6x798tL61g4LMWOYtHfaJWI4k=; b=b0rErnHZNt8EJC+U6oX7LolLtEmsOXLT09WDaLpsDq3teuqEWkxTOlb/XQNvyltIBZtkuIEkocFm0fjssF/yQAi5XD8S5Hfkex7yBa0i1u/oul7IUILs9vWsLA37vI1szT7VgFVaCNaz4Xn0e0+7ls+HeyeiDON1x86yaupIkLj7I0FyF9pdSGJtsCAG7T0K0Ec2MxFPRvqoLOczY4GIfVXlZIBnjEpHevLpkOaHhV0I0xR8R8S5YRY6VXJcH+J0c9pmTUoea7TJ6Xv7HGZIAhyL1fmewM8+1t3AIdj9gMbvA7Nl9YoXwSg9xsC+YsxEKMdak3AYztHFU7neFpf2oA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JxIElYum3e9A7v8sdm6x798tL61g4LMWOYtHfaJWI4k=; b=jI5tG+TTgho4TOzwS6sbHFkm0ivGvtxyWmIDeeeaf240tyKVK8hyuLVdrx6yaI21CqIdQAZqKbQ5RHa3gDuFOWUkVc9hvl2vK82Gg+qdJ6BW/17HIs03s+WipkDPoZasEa/UZCNICjpHU1tau9wrKffQqF0FU+9bKTKwdRZszlY= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM0PR04MB6657.eurprd04.prod.outlook.com (2603:10a6:208:17a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Tue, 6 Sep 2022 05:50:44 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b%4]) with mapi id 15.20.5588.018; Tue, 6 Sep 2022 05:50:44 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, pankaj.gupta@nxp.com, V.Sethi@nxp.com Subject: [RFC PATCH HBK: 4/8] keys-trusted: re-factored caam based trusted key Date: Tue, 6 Sep 2022 12:21:53 +0530 Message-Id: <20220906065157.10662-5-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI2PR01CA0001.apcprd01.prod.exchangelabs.com (2603:1096:4:191::13) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c24dc6a6-cfaa-4908-b784-08da8fcbbd10 X-MS-TrafficTypeDiagnostic: AM0PR04MB6657:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TTkuGv0pgxFTFh3koR1XcOy4FhvQ63ZhNr2e1wNfBRfP/QXpOFGZG2BslfvZTOId4M0ZPbqlf5AKb08ZiI4mKbaFSTzZ2kAs+SbQCI7nbhR0RDxqN3YanhyT8/pSNdNJenE6iRklufTulLRHldTvJUDn2GKkFjkWGPoaZLkYVy14tsHAva4FOTYMMD1qMUF77Z559O5cPKJO6791WNdm9QdZFnxOm2B0b3mEbfjfALRnPCGExx7yb6HjtnVAa5lUqt5QfiaBvVSawWjdEgLmjLfKXUpLjkmreXXuuBnSkEW+SfkLAlpkecIezck3z1h5fsZ28X1bnrSMTGI1R7eFGTp23RUOU9/+hKR3LfLorgyXhwPt7ptPqB/yq6fHRHgiNN525M41rGOF0kMlg7b013T+lvjZ2BQQidsgbM8g2LdTP2FTYEmAcBprdLMzANjb13J3ba9XmW3FaNAsZ5WQs6qren+hpGKNuLG4PD0qxXvFEI3xVdw56Y/RGjywWQIlC+1V3NNSHn0Nc+lQbtSb1xKarLyyMLPNgHXnnvaQXdPQ3+hgYgV6U/C9JCddUySbsL22obHZ9KOar2j7nPQJiwVFbnIaynDOVvT9Twwc3DHWWJ/R7Rb72RhIgJA6t6ybirzYer2PkR21I6NBFCx1mh6V1I7G99LkHaeiZgseXsf0zf93K4/TjkSzYicy7g8c69lKcpTz+peYrRZ6fDCHgMulW7jxN7Zzc4ZGJQCVqS/xn9b39rltgY8/MIoB5t3/OGx2X9B0QiM8haD/jFpODUHlbc+4kpuHWlycr3kClXk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(136003)(376002)(366004)(39860400002)(346002)(396003)(6486002)(6512007)(316002)(52116002)(6506007)(478600001)(6636002)(41300700001)(86362001)(26005)(6666004)(38350700002)(38100700002)(83380400001)(2616005)(186003)(921005)(1076003)(66556008)(66946007)(66476007)(36756003)(2906002)(8936002)(7416002)(8676002)(5660300002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: K76pVVpKwI0kRLHWhp/PGlRaNLkwU1yE336o2qmbab6VZBdDvFNJOj+VJMCEQG3IDJQ1YAnzUDM9/soP/MEFkWoBFHoDAdecb3T0jY9hfXbETG9RRy24Y6r98/1PLCSxcIONbMCiBLVvg0ug9Pq1HugGAUFIeiE0regr2g1fBAvWNUZQV8ljx6EbCC0rh48UVqVLiawmC7S1WqMQhRfpcZ1NF2cbaWpc4YjAnvr92Fshq8r9qjOy9lI9FduzzoQDmhC/jVjZAWTECUAFYQwTDLZoKN/jamHBsplx0wQBSuN1omAqrVJ+Cpz7TiCZejQGW6k9AwGla5vbCSJWJ00wjV+HxL1cCPBJSgjiz9a/HSdSy1bjHxWFu7mQMLi0TevwDVzNFtr+e8ZCiP+vcEGJGD5d7+t7jQTvYGfRL9slD6L8W27+c+soovcHxKCWWZEKeb7K2ZY2+m8iLyo9JKngpfNslOM/SpSlPnlua5VuKA/kBFYTysuUbjHghd+GWIGzpKBSudpLCgSbinCZm9gwGzori1YaYTcl4DpHc7g/f8aO71X4q4TS45DIoj47Hd/10gxRBynjKIACbnPJVZPLjMA52fDUdI8eRE5TryJewPQ2V5zQSk6bQHaoJOZke2H5ZFfjrbD3FtuXrdIozzlczEb+KK9t8O25oOt2txyeXjQErDMOm+ue1lx+DOp7KanAQXsei4n5q0e8FzewNu5+c9g8c54I0xUeBJCfeUD77nmk+I8MBzVy4wygJ3K3bTuSS1wHrZQXH14e9D/KNlnGRJKG4MwPcTeT7kjnMASV3whk2b7MuQsgcB+k0pcjLnlpDQMVcOQQmnMnndeoms0joo5jiOBZGC/5VRO0v9ymA/YCe5I2KhC8j8mdMWODhU4zPEnjKWHlpeAInBocCFNnTn0kDKIl/71LYg2Zi7OpDen0vumaRWxkcu6gZt2BMRVRTZvXRrlSIALqFso8vaaYOH61KphpGvwnrq0H+Crw6uO/sWbJa6weLNIu4eOTfLT6n0v/jZk978G90WUQSht/1B1HbhlFOMQOveNh5ygLJ7MNdhi9vptQvn9hUN2DIvIMRMf0z0iBP8qweaIaX9+guT9vZUx1CV1VDz6Zes3uAkF+vYLlu7JZtzVdk9vdeCYItHqpTuv4VLZiWkuq+swUEg2Bk/EQkDWlP1Zs19gOaszZVPQk4QRmdgiqFZ64syJIzcWyjkvRkMlWhOe8d6+PawZiHb0PaxMo9KWuisTF+cUACcaGrPnzVpIIZeIibzOlIQXhsPKMGR2IRy+aSDd4jbFkj6aMaGfgP8FVFCK8YH31eQEov2Grqw8M3RSRHh9B9T40lS/VErkyxisfgnec7QDTDnfI4vVMHhf7LQdjqkYgODALmkprHi+s0PcgNB0UcKs3/SssU3HdPSamBRLENfr+FfwahjEhVgTtVwgLyHUyLZAnrNVXeF77Zw6AAzUvnPS2pCxLpwhoCKj0cbhKm7jJG+t7McK5czpfJmp4FY4XbDdZ/9MFC3cPtgl0tA1jGgr5Keh5bwwEXGyxT4RwBgFy/PHejfpva0qJPSQfyFQJXpaIKWy9PikS99ZwJP9w X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: c24dc6a6-cfaa-4908-b784-08da8fcbbd10 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2022 05:50:44.1656 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Bru+JnjxlWoBUUht9058sIjVm7ylKzNHSKW9t5x4yQN7Wtg0/RhPO6gRhcOEe9NC0zjBdUQlmrpMMn1wTmuoYg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6657 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Re-factored caam based trusted key code: - Two separate definition for encap and decap having separate code for creating CAAM job descriptor. Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/blob_gen.c | 122 +++++++++++++++++++++++++++++---- include/soc/fsl/caam-blob.h | 28 +++----- 2 files changed, 118 insertions(+), 32 deletions(-) diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c index 6345c7269eb0..c128a83cc8dd 100644 --- a/drivers/crypto/caam/blob_gen.c +++ b/drivers/crypto/caam/blob_gen.c @@ -2,6 +2,7 @@ /* * Copyright (C) 2015 Pengutronix, Steffen Trumtrar * Copyright (C) 2021 Pengutronix, Ahmad Fatoum + * Copyright 2022 NXP, Pankaj Gupta */ #define pr_fmt(fmt) "caam blob_gen: " fmt @@ -29,10 +30,6 @@ /* Command describing the operation to perform */ \ CAAM_CMD_SZ) -struct caam_blob_priv { - struct device jrdev; -}; - struct caam_blob_job_result { int err; struct completion completion; @@ -58,8 +55,19 @@ static void caam_blob_job_done(struct device *dev, u32 *desc, u32 err, void *con complete(&res->completion); } -int caam_process_blob(struct caam_blob_priv *priv, - struct caam_blob_info *info, bool encap) + + +/** caam_encap_blob - encapsulate blob + * + * @priv: instance returned by caam_blob_gen_init + * @info: pointer to blobbing info describing input key, + * output blob and key modifier buffers. + * + * returns 0 and sets info->output_len on success and returns + * a negative error code otherwise. + */ +int caam_encap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info) { struct caam_blob_job_result testres; struct device *jrdev = &priv->jrdev; @@ -72,14 +80,102 @@ int caam_process_blob(struct caam_blob_priv *priv, if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) return -EINVAL; - if (encap) { - op |= OP_TYPE_ENCAP_PROTOCOL; - output_len = info->input_len + CAAM_BLOB_OVERHEAD; - } else { - op |= OP_TYPE_DECAP_PROTOCOL; - output_len = info->input_len - CAAM_BLOB_OVERHEAD; + op |= OP_TYPE_ENCAP_PROTOCOL; + output_len = info->input_len + CAAM_BLOB_OVERHEAD; + + desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); + if (!desc) + return -ENOMEM; + + dma_in = dma_map_single(jrdev, info->input, info->input_len, + DMA_TO_DEVICE); + if (dma_mapping_error(jrdev, dma_in)) { + dev_err(jrdev, "unable to map input DMA buffer\n"); + ret = -ENOMEM; + goto out_free; + } + + dma_out = dma_map_single(jrdev, info->output, output_len, + DMA_FROM_DEVICE); + if (dma_mapping_error(jrdev, dma_out)) { + dev_err(jrdev, "unable to map output DMA buffer\n"); + ret = -ENOMEM; + goto out_unmap_in; + } + + /* + * A data blob is encrypted using a blob key (BK); a random number. + * The BK is used as an AES-CCM key. The initial block (B0) and the + * initial counter (Ctr0) are generated automatically and stored in + * Class 1 Context DWords 0+1+2+3. The random BK is stored in the + * Class 1 Key Register. Operation Mode is set to AES-CCM. + */ + + init_job_desc(desc, 0); + append_key_as_imm(desc, info->key_mod, info->key_mod_len, + info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG); + append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); + append_seq_out_ptr_intlen(desc, dma_out, output_len, 0); + append_operation(desc, op); + + print_hex_dump_debug("data@"__stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 1, info->input, + info->input_len, false); + print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 1, desc, + desc_bytes(desc), false); + + testres.err = 0; + init_completion(&testres.completion); + + ret = caam_jr_enqueue(jrdev, desc, caam_blob_job_done, &testres); + if (ret == -EINPROGRESS) { + wait_for_completion(&testres.completion); + ret = testres.err; + print_hex_dump_debug("output@"__stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 1, info->output, + output_len, false); } + if (ret == 0) + info->output_len = output_len; + + dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE); +out_unmap_in: + dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE); +out_free: + kfree(desc); + + return ret; +} +EXPORT_SYMBOL(caam_encap_blob); + +/** caam_decap_blob - decapsulate blob + * + * @priv: instance returned by caam_blob_gen_init + * @info: pointer to blobbing info describing output key, + * input blob and key modifier buffers. + * + * returns 0 and sets info->output_len on success and returns + * a negative error code otherwise. + */ +int caam_decap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info) +{ + struct caam_blob_job_result testres; + struct device *jrdev = &priv->jrdev; + dma_addr_t dma_in, dma_out; + int op = OP_PCLID_BLOB; + size_t output_len; + u32 *desc; + int ret; + + if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) + return -EINVAL; + + op |= OP_TYPE_DECAP_PROTOCOL; + output_len = info->input_len - CAAM_BLOB_OVERHEAD; + desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); if (!desc) return -ENOMEM; @@ -145,7 +241,7 @@ int caam_process_blob(struct caam_blob_priv *priv, return ret; } -EXPORT_SYMBOL(caam_process_blob); +EXPORT_SYMBOL(caam_decap_blob); struct caam_blob_priv *caam_blob_gen_init(void) { diff --git a/include/soc/fsl/caam-blob.h b/include/soc/fsl/caam-blob.h index 937cac52f36d..632944df29f7 100644 --- a/include/soc/fsl/caam-blob.h +++ b/include/soc/fsl/caam-blob.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* * Copyright (C) 2020 Pengutronix, Ahmad Fatoum + * Copyright 2022 NXP, Pankaj Gupta */ #ifndef __CAAM_BLOB_GEN @@ -13,7 +14,10 @@ #define CAAM_BLOB_OVERHEAD (32 + 16) #define CAAM_BLOB_MAX_LEN 4096 -struct caam_blob_priv; +struct caam_blob_priv { + struct device jrdev; +}; + /** * struct caam_blob_info - information for CAAM blobbing @@ -72,15 +76,8 @@ int caam_process_blob(struct caam_blob_priv *priv, * Return: %0 and sets ``info->output_len`` on success and * a negative error code otherwise. */ -static inline int caam_encap_blob(struct caam_blob_priv *priv, - struct caam_blob_info *info) -{ - if (info->output_len < info->input_len + CAAM_BLOB_OVERHEAD) - return -EINVAL; - - return caam_process_blob(priv, info, true); -} - +int caam_encap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info); /** * caam_decap_blob - decapsulate blob * @priv: instance returned by caam_blob_gen_init() @@ -90,14 +87,7 @@ static inline int caam_encap_blob(struct caam_blob_priv *priv, * Return: %0 and sets ``info->output_len`` on success and * a negative error code otherwise. */ -static inline int caam_decap_blob(struct caam_blob_priv *priv, - struct caam_blob_info *info) -{ - if (info->input_len < CAAM_BLOB_OVERHEAD || - info->output_len < info->input_len - CAAM_BLOB_OVERHEAD) - return -EINVAL; - - return caam_process_blob(priv, info, false); -} +int caam_decap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info); #endif From patchwork Tue Sep 6 06:51:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 12966857 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D29B1ECAAA1 for ; Tue, 6 Sep 2022 05:51:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238278AbiIFFvh (ORCPT ); Tue, 6 Sep 2022 01:51:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238007AbiIFFvG (ORCPT ); Tue, 6 Sep 2022 01:51:06 -0400 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70050.outbound.protection.outlook.com [40.107.7.50]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A19858DE4; Mon, 5 Sep 2022 22:50:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bKpEdmX1ikIGjcfTQ8L7qx/7dyG2cF5D4Jardmq1qI+9IwBPTpThfX1sBlpMpndEEeqTA/ciQLScTdkFJ5lw2K9U0lS8l686sddzhCiGXO8W0bnPVrmT+8RPpGxdAOllxcLmkfzqPjxTSXcWKELLbOjsGgd0rNZFNdJiuPxSOSNJBK97UoKz9I0vVaCgvdij2oPExEInLlJ9108qOXJSqtD+SoAQfsCOuvjYE9VIjvCkmdJKp+vdDtDHb3sfO+XvrXoa3tCbbbgEPyvZDvkrAk6UY/jO8w07RCk4iJayB4DT4LLZguH/zifFxQNGkIZMYW2jFH2mSDmrz+cyANtZcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ouXMirUJooxVjewuyl91g8VCVuTnSKkxZ1LRI17MI+8=; b=OwUqxS5HjFUR83aiuUV+wC72vO7d58rf8IoB7pJeEZ0mYmNZQVax4GGzFm6VAKv6lkxqWNgi1F0MkVIgt5fd8JEtvbUo6XwiSYBEC1tbTEydKJ3TiqwYyNYI75gx+gncVWqvoyGwSzCYwQ28y8WcqJCCcfejc/9MPq090YhP+bWZ4A7zQ5cxHLXiU423hg9qy/CkOryU6s2zEiKivuLBlzRnTFQf8AUlLzqlOUA7ACUjTbifpCH48qnCO9gt8y1a7/zmvBn1ZxZRZ6Nv+kl2aoknIxy3uB98yceeQENNeKpUOLmlxZ19sd9WSoXR+SY0qkJ3JU7/SaXn0zoCfy2vbg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ouXMirUJooxVjewuyl91g8VCVuTnSKkxZ1LRI17MI+8=; b=ZFg0BVKTgT8SnpoOzNn9ha8V5b/2wDms6+u60ulRrWw+O9ihAZU/nuU/wVXGwTEgL/w+gDBlj3Zo7I+ah4QA4xVtYDFBDNrAzeSz43Kotl2oulIb2vRy8A8uxnkBdKUdizNCNupwKjzgRn8gW9ZAVoEaHePqX5pzAtA6zAYtgpQ= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by VI1PR0402MB3550.eurprd04.prod.outlook.com (2603:10a6:803:3::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.18; Tue, 6 Sep 2022 05:50:51 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b%4]) with mapi id 15.20.5588.018; Tue, 6 Sep 2022 05:50:51 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, pankaj.gupta@nxp.com, V.Sethi@nxp.com Subject: [RFC PATCH HBK: 5/8] caam blob-gen: moving blob_priv to caam_drv_private Date: Tue, 6 Sep 2022 12:21:54 +0530 Message-Id: <20220906065157.10662-6-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI2PR01CA0001.apcprd01.prod.exchangelabs.com (2603:1096:4:191::13) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2d297bc8-b626-4f71-b645-08da8fcbc18f X-MS-TrafficTypeDiagnostic: VI1PR0402MB3550:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +lO3bD7ludBiVwVSiatBY3/v5Xadd5yZaAXPhYAAnhXIc2XNvM4zSIF6tRFSCrBad90zx+RmPdKBmn3JHRC1cmNWdSnYMruSR6tEfttvAleKY3ePQne4PK7jKlB0pLC6hScSomnJwR8fT2hXtU4WMk6rLzy6mSA/A30+q1eSRSHCLuSgMDYDzYYhWaVBRwqHBwf35tjuebWBke8ThV213rMkBjd01zaQyd6oVfbJ9IUDsaIQf9ZKx2iEfZtSU1v/9GxjpYHWEqixLz4RpVFqQP8Y12fIcrDrHXFAIYZsMXcq9Paf+SBCRS69mdUvvO5s8o73avfAexkShLjtx2Q8/RrUUH7YpHK8d6JvRpmoY5sCSfSqmhMZ6epD/qqVjfeKRGKQpY7yoQ4Leldp+C1CtnTt1Oy6nxBRXdUXpAO6G+nSFDyk7hMbutungz9yr3DueTvG3jugrYYTNixgd/wbU55zwG9B3ctIOU5nRCTmzUtnRdFLXNZKClP3rvsdm7Z6hBWbkqfed5+0LYeHyJg1tUcxqkDS66cXK3LYqu7dFgYnPxWqQCcwQN320hJNuQQhJHQ2EwJ/81aOG9G2h3dzSyIJuAlb/1naIrbXIBnFZ5uuqBq/aoqcPUcuk9SkbdSFmRVXAj7nl5m+J0ZH+2OtUSuJAuL4lqWfrMcZWq3CPUbKbYoY3oAwlHqfV3ibkLqbXQDbGmUHalRu9HxbiLDjThOAYVvBdN/Xzk8VpDy2Ts3u1+Mr18cqOO/x/D1Bt/pTjMqcxI4hOQpkL/mnufDuKfvZGVDliLRNzzVtqgnjrpk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(39860400002)(396003)(346002)(376002)(136003)(366004)(6512007)(86362001)(26005)(921005)(41300700001)(478600001)(52116002)(38100700002)(6506007)(6486002)(2616005)(38350700002)(83380400001)(66556008)(1076003)(186003)(44832011)(316002)(2906002)(8676002)(6636002)(66946007)(66476007)(36756003)(7416002)(8936002)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: AD0HCwR41W7sRP05U0VUekO4HTzI2U0PvYzvG2Q+mxFSzHDsloqJ84zViBPF5aJRkixEwbSPA6WqpZLm7nIIoThiToTHcx5gS5HR9qGmswCLnFXKKcMd5TNbsGBPo4tS4rMQXxi/VaoyKvxlXyz0Sn3JWzSdHtX15biAagRG26iQ1VfolmAkhkX7X75baF5sevzgvpEhacrd/VS7dGmh2fXSj2pgNXK4ku0DrEI3uVi5RT3U9eMI6BuzTaO8QyelotLsGm29U8zJn9iLmOQTBRBWPnqdjKW94Ioo9beSJopKEphPf8VpXANQs79Id2h+Qjf/XFJlx2x5qtMSLq0mk+DnGlMi8GT+oKcdH/NazyOL9JsEnZ6uRe462NukthGHTTSq4pS74W4SEW/J/faNwDSW7rVzpjBGEYgYP+7pMt9sHVH/oVbaF3RlOZXNBVc4+DQnvkYRZqHCypfiv+75yDm8wP2S4pZloLdpOAydlkn6o8uO91wRzxqrg+tJ94QHM5kgk8dvWrPiE+o80brIT+AJ94YjvtAh1o5sBS3fQ1pYXQtpOeMNPQomDZUy3J6QLkz2eB40PivmXNA0/TPUY439vqXF4iv0+cj/O8k1E8ii3a6vNy9oU/517eh4x2ZrzgNhF9cbG3XbckHBhKaHNjKzw/S/cFjNq8BZWsbKbikAmiv0LWcJOLO6/GybHjsRDqq2lltVIFvXuliuA+X9QcDuuxRJTVcZQHs2xSRYMKr03DEzgjdL8Sri+KKn9FVbj+VlxIOOB7ai/8mscW3luXFrg1Ljr/VVNYxXIuXwNBgIOQZrzyn3a9eMgambbnb0Ft60pEd7QQQel5ZvqS6ws6WWNCLSNpNvAZfohahkxiY/Dc/b6zHNeLrIDdPtLLq/3KYtWLh6g+hcEqMLAibd13YwYXtHBb6AzkytIVYhNFdPqWWI2htHUvk+Gv4MiNW2VTmi4X0n765kiI6XnYSNumAiEbNRyRcYJahMIIBxZVrfa83oskzWSh1auuf7OeOc4bUeYjyVX/SjN9MDdWPc7aGlUPKFO2Sfspw3kHBY4lPLwjIiFnXxf7ZTxuR7oR6tcFPulWFBEoYbz/PO07BPHDFtHwKz8gKUooA05PE8RtexZwct0EcAffLIODPhbN7ynNpsBn69Vk2+KF1sF4XkzNi4j9ccsEOc6Ijtu0ic6PMp0qOux0UFeu1f1uoSlAeDDKPxD5qanwjGsxbDNJuS731bywmCgxqxHB1TCsCVzWLzKFehLrpRLP1otHfi7qMSwaudCLnxXhzsTIWHtXIJaIueuKX5eWHGQ8uILpa5AhPENISBxKvW8tzC3Sxo05lTrLyUzrT+f4/5gYmNpVsDaWW+XOvtKBMF9AEeGroB/iNkdmkSDOYPh3AQ2V/LknbEcXMHU5NA7zOOxZUOtXdsEDi0Zviyg2tTeZPu1K+7Od5nKCKFH2N3REioQuGtCw/Ni8eKgBfx7FtGDdnglci51097zK7Uox7jp023FP41Ix/FKubIFZWT6gQlROAh9m+wxp1hLX58kuYiG/Vm7fWNVy/RToBF3BK+pI1Y5/8abUfrhGQxDE5MA0rqaIXHjBDy X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2d297bc8-b626-4f71-b645-08da8fcbc18f X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2022 05:50:51.6931 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9jogXo8tS3oaREWyBw07xuGksEAvXiM48cHMCsy2v9PzcIdYhhTfc+XNyhJh/yVPXHGaRFHsFNilvZduResP5Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0402MB3550 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org caam blob-gen: moving structure blob_priv to structure caam_drv_private. Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/blob_gen.c | 8 ++++---- drivers/crypto/caam/intern.h | 6 +++++- include/soc/fsl/caam-blob.h | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c index c128a83cc8dd..5164e62f9596 100644 --- a/drivers/crypto/caam/blob_gen.c +++ b/drivers/crypto/caam/blob_gen.c @@ -70,7 +70,7 @@ int caam_encap_blob(struct caam_blob_priv *priv, struct caam_blob_info *info) { struct caam_blob_job_result testres; - struct device *jrdev = &priv->jrdev; + struct device *jrdev = priv->jrdev; dma_addr_t dma_in, dma_out; int op = OP_PCLID_BLOB; size_t output_len; @@ -163,7 +163,7 @@ int caam_decap_blob(struct caam_blob_priv *priv, struct caam_blob_info *info) { struct caam_blob_job_result testres; - struct device *jrdev = &priv->jrdev; + struct device *jrdev = priv->jrdev; dma_addr_t dma_in, dma_out; int op = OP_PCLID_BLOB; size_t output_len; @@ -267,12 +267,12 @@ struct caam_blob_priv *caam_blob_gen_init(void) return ERR_PTR(-ENODEV); } - return container_of(jrdev, struct caam_blob_priv, jrdev); + return &ctrlpriv->blob_priv; } EXPORT_SYMBOL(caam_blob_gen_init); void caam_blob_gen_exit(struct caam_blob_priv *priv) { - caam_jr_free(&priv->jrdev); + caam_jr_free(priv->jrdev); } EXPORT_SYMBOL(caam_blob_gen_exit); diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index 572cf66c887a..2fb7df3ffda5 100644 --- a/drivers/crypto/caam/intern.h +++ b/drivers/crypto/caam/intern.h @@ -4,7 +4,7 @@ * Private/internal definitions between modules * * Copyright 2008-2011 Freescale Semiconductor, Inc. - * Copyright 2019 NXP + * Copyright 2019-2022 NXP */ #ifndef INTERN_H @@ -12,6 +12,7 @@ #include "ctrl.h" #include +#include /* Currently comes from Kconfig param as a ^2 (driver-required) */ #define JOBR_DEPTH (1 << CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE) @@ -114,6 +115,9 @@ struct caam_drv_private { struct dentry *ctl; /* controller dir */ struct debugfs_blob_wrapper ctl_kek_wrap, ctl_tkek_wrap, ctl_tdsk_wrap; #endif +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_BLOB_GEN + struct caam_blob_priv blob_priv; +#endif }; #ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API diff --git a/include/soc/fsl/caam-blob.h b/include/soc/fsl/caam-blob.h index 632944df29f7..380b0bcb79dc 100644 --- a/include/soc/fsl/caam-blob.h +++ b/include/soc/fsl/caam-blob.h @@ -15,7 +15,7 @@ #define CAAM_BLOB_MAX_LEN 4096 struct caam_blob_priv { - struct device jrdev; + struct device *jrdev; }; From patchwork Tue Sep 6 06:51:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 12966858 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB45EC6FA89 for ; Tue, 6 Sep 2022 05:51:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238416AbiIFFv5 (ORCPT ); Tue, 6 Sep 2022 01:51:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238231AbiIFFv0 (ORCPT ); Tue, 6 Sep 2022 01:51:26 -0400 Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10074.outbound.protection.outlook.com [40.107.1.74]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 566EC65804; Mon, 5 Sep 2022 22:51:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dONvjE+Dma1gGknamz0uBMm4A3nv5z4pgOoP7oBf+VdD45zIF6DKkwLV90lhp3rignLH8YHkk7Ov5RZrxhTA9egXpaIOazQJlBiDEeaoYfm1WIYyUpZmNjepjEuj3cFMpzCtvPQPD1Zxy8AlarUAovBwswMGJblt0fmSWwB2GBZi/NBFGpVaivHvGHfRtlabe0MrjdArN5TD5ywqjOjQ3fOBKrHU8Ypji8uASOgBdOY/vULojn5z1tHPa3IrEb/I6NYAf4bnpADgn3pcvVE0LZzK178sOOA9MS0u76oZUcBcujcotX+F7PpTJ3g6RH9k5gTgjjKNCHbGxXIm33c63Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xcCLvgTpwkHq1/FO0qm84w6sR6hR0QNPu4jIAmnLxJw=; b=VCu6VlkmYv0M3cbLyyLv28EsikbhqaY2brLsvkdCdv5oI4KvqOsM9jvELqy3w68A5Zva2+raTCEq6y1XN13EygFRQi5nvgzwvq684dkXb5vR60AdVWFPnHIS0WNxYiN5UTW/ORw5RPJZPhyhCu9OD0FdkK3rA1EoqIj6xXnGbPSWdrDs0MVmZstZtyN4Db4Gsqr2bb+5MufL7IgfK7mzZb3DGXlfjYdrboGsdNn9jg/Kh5KmtUOS8eEF+6YXN3+ZNVGbxCFMVpMIrPCT9xcT1Xw38TBpShYMPiWjr0yxwr0HDK5b+Vqi+RE1KzyQCzHmBEaeomxJ3n7g8yp0zLmo7g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xcCLvgTpwkHq1/FO0qm84w6sR6hR0QNPu4jIAmnLxJw=; b=RMJt9oVVlmuOg9Wy+2vdVJDi/b0B4hfJLt7oN+Q18NXx2hBMHBUQsI8S9ehname5Y7PzlIGgfrnKWgnwMPRhatCIZH3wUmbc8LKL2d01MnfE+JrI2jqDiU1Hzj7LI8/zl1wNPwURjUMalko3C8sme7qtfKs/DyhT1S2BnP0gQ8I= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM0PR04MB6657.eurprd04.prod.outlook.com (2603:10a6:208:17a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Tue, 6 Sep 2022 05:50:59 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b%4]) with mapi id 15.20.5588.018; Tue, 6 Sep 2022 05:50:59 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, pankaj.gupta@nxp.com, V.Sethi@nxp.com Subject: [RFC PATCH HBK: 6/8] KEYS: trusted: caam based black key Date: Tue, 6 Sep 2022 12:21:55 +0530 Message-Id: <20220906065157.10662-7-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI2PR01CA0001.apcprd01.prod.exchangelabs.com (2603:1096:4:191::13) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 10c417ca-1789-49a2-389d-08da8fcbc5f5 X-MS-TrafficTypeDiagnostic: AM0PR04MB6657:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nzIWm3n3dJsVK5bFZG3GYongLW/pl/2LK16wFtW1PRpviU/aLN0OcBY2xqOy2nWTiASQjBUMjlgG703wpWAdPrZsVZ0rf88plwb/F4m7Vf7lOxbBA+3ZVwh4ifd46najw08+60Irlo4IjKTaPfedm2JcD7nDgcVM7ZagEHpdb1vaFOnQmciWX4IQMl9BgAIxqwVGydYkxr2KziyrbR8lADFO7N49+sSXEuSQKR4kAcO2lD+l1+UythjgMWl9impHHGDnl1UcZLgI4nn8f2Ie07kE7LEGtX74EdBg9uOqBLopkPXjJM/DnNlnTY8qERHaxTBT9guqBSlPJqUi5ef1p4VO1BLygzzIvz0TPC0gS+bn7pChI2KShDd3BX59MJ6syHMEZSEOF/MS43zGfk5MmBB+VDSVYnxc/vsT4nUHJYdQqlwo6SnMvaZknbPV60VHUm5GetisQbSpQUX6+JusQXFaSdF+aE/jEtTqq/16T4ctF7IG9vQQZv6m5iLP9Lk+SzFmovaz4E21U6raxLWaCQCuv4WyRWGTiim7BCLWP4yjIXnXG737k2L9A+tuAME9Z/WYjo6lD8fgbFyCMevaxZnp/++rkyIlN7D4wRfOESot2/8v7ks47YtVfIk49UCiUhCXjWBK4an9Z/B2fQ3viQi6ykPv2D9l7C67kDNz7wVwDpB00Xio9+LtWJQKk1iR5wook5NQ/kETqK8iOeaUqodDymAt39xdNXTf6lwgsK/w1/KKRYADup3JYPqp0tgEGBvHdzYtUrlEZj+LFcO10w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(136003)(376002)(366004)(39860400002)(346002)(396003)(6486002)(6512007)(316002)(52116002)(6506007)(478600001)(6636002)(41300700001)(86362001)(26005)(6666004)(38350700002)(38100700002)(83380400001)(2616005)(186003)(921005)(1076003)(66556008)(66946007)(66476007)(36756003)(2906002)(8936002)(7416002)(8676002)(5660300002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: b8qH9imoEJPQfx6xxCspAZeap0FsOOgkQJ2QKmBJIwRhve3IMLMV/oahzlF7hcnkSCamUextZhIi0hA411KbS7yd4nD7l3eKMxR1+2VwN/fE+jhPiI+f0s1PEDb0DW6NelvMLEgkiEsFRW/wxVUuhEEnUD3SWXsEEIH5zLpWtONxQFEaogNWYzb6t6dAG5CXqEGghhlryfV9gpYuw7a23j50e2vms2nfEDMavOs+5vbPIIQ0k5OjI3GHsWbNHf3r4zqrDh9UxPuAjMt012DT/CrhQVWq1ChKLuR3rllKWvLDdVcO0TKIVepu1HcTiskYZIG2liqYkVY+EaVgWP9Cu5HQY5o8vU/ZmUgU5I35IgYUKiEKdTVgMe5vkz+XrEmj42ZSe9TWpXb0/GfKVj74rFJLfr3/nIU1R4Prm9D2AbCMiwwJWF0Sq7STRaR9Y8b5ptukr1BMRpeUPWcZMzOevVGPhrAFp3OFy+S2VdNRNDnKz930Pb7jFtxKAlXE5V4c+FGa1EXyLC4aiRCiSs31h7DoiBcI4VEXdOgL/BLNCYA85OdiIkWTAwVspI61H3vq5QoUi7Ipk0N/4P/nca2LGkcNNTG1tAghMa+1vgGsGYmWLUfoeI5EXQFkfy/BxUliORmNJ8twyV2s5XoKymATbmkwkiJoaYk/0aHe2kLIwFMtEVwkZDhx7i6vPEYDRgqiv1RoWovgknSa31j8i1wYS8hfxRy4WtGly2OXF0bJEsH+I81m59bfM0RywS22E18AutewrXGfBH6v2qKyGYLDXqO9pvNcLmbdSGdVkWexMEuCNo5xyTCgZyKR0nUb8XM4mdS6eKsMTaqEERYsHPuIW1jwj3V6/s6ADpoDHFA4qmXV8pI2wBppXimaScwryWwIOcTGyySG+tryIpCT1ShRm+OMNUQM0Nun5O6erJMOd36AW7GvEFOy4NNS1zVmgZn6k5Tvf92t3P3u+c9Mw4efxYgTUrXoc9jT8h5njFic6SI00NS7Bax85mqGNLRSnPFlLbmA6izFhwZ8b/A6fe/J2/j4SdkefbUUgmXA8bkdnLuj4g6qHrrriSM6rgtBB8YP18IS7sEeXH6Q0wr3g8XL+cAVaxqZ4YiQ1i2e6y7XDGRS0vpn2eCPk2N61PijrSv/fP3oVejipYg9BvHMJ9Vm2ohsN2rb1thcLRv9FpQQXFaxfmPXkUmYcQeWaqiPCY5hid/2GcMHt0QS4pyauVK1zugfi6edTJWgLKe44RRVuSrsRSF394GDxXEc44WORST7O5U58o3Z/24DSgU6qedt+kygoQfvn668BqT/YPT+ATKdCdzvTvwUL/aCL7urWFQgIaASXkpeTaJvM7ebnzqOisCDH2XLJKCYlbl8w5CNg/YDZdix5+gQYv9mq5Zd2TLYcOJuW3lSr0qnqaj/uPnjekGKluepoUqYPIRcrvimEf2PEBznW3TrbcDlQuzWL0a+cPer1eFCR5yl5Rd5h+WJ9tFXIz37HXnfakdT1boxADQ0a9IXg2hPQj93R7Zjmr8P1ZTyZ5BoFteXn027Jb/ppykKNdFBIhau1Lg5CrXCV0VdruyJ+9Au/jcdm0c31QoG X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 10c417ca-1789-49a2-389d-08da8fcbc5f5 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2022 05:50:59.0536 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MP3LuObwiPCCQbZZWPhKheUT7VsMhqvyT3KAz99lnOwPjTvqJsdvTcQFxZswq+H/OH+6wcelJ3BS1ulVkifAPw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6657 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org - CAAM supports two types of black keys: -- Plain key encrypted with ECB -- Plain key encrypted with CCM Note: Due to robustness, default encytption used for black key is CCM. - A black key blob is generated, and added to trusted key payload. This is done as part of sealing operation, that was triggered as a result of: -- new key generation -- load key, Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/blob_gen.c | 132 +++++++++++++++++++++++++++++---- drivers/crypto/caam/desc.h | 8 +- include/soc/fsl/caam-blob.h | 16 ++++ 3 files changed, 140 insertions(+), 16 deletions(-) diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c index 5164e62f9596..2354e3c6fc61 100644 --- a/drivers/crypto/caam/blob_gen.c +++ b/drivers/crypto/caam/blob_gen.c @@ -8,6 +8,7 @@ #define pr_fmt(fmt) "caam blob_gen: " fmt #include +#include #include #include "compat.h" @@ -74,8 +75,16 @@ int caam_encap_blob(struct caam_blob_priv *priv, dma_addr_t dma_in, dma_out; int op = OP_PCLID_BLOB; size_t output_len; + dma_addr_t dma_blk; + u8 *input = info->input; + u8 *blk_out; + size_t input_len = info->input_len; u32 *desc; int ret; + int hwbk_caam_ovhd = 0; + + if (info->output_len < info->input_len + CAAM_BLOB_OVERHEAD) + return -EINVAL; if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) return -EINVAL; @@ -83,11 +92,33 @@ int caam_encap_blob(struct caam_blob_priv *priv, op |= OP_TYPE_ENCAP_PROTOCOL; output_len = info->input_len + CAAM_BLOB_OVERHEAD; + if (info->is_hw_bound == 1) { + op |= OP_PCL_BLOB_BLACK; + if (priv->hbk_flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) { + op |= OP_PCL_BLOB_EKT; + hwbk_caam_ovhd = CCM_OVERHEAD; + } + + if ((input_len + hwbk_caam_ovhd) > MAX_KEY_SIZE) + return -EINVAL; + + /* create copy of input buffer */ + input = kzalloc(info->input_len, GFP_KERNEL | GFP_DMA); + if (!input) + return -ENOMEM; + memcpy(input, info->input, info->input_len); + + /* create hw bound key on input buffer reference */ + blk_out = info->input; + + info->input_len = input_len + hwbk_caam_ovhd; + } + desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); if (!desc) return -ENOMEM; - dma_in = dma_map_single(jrdev, info->input, info->input_len, + dma_in = dma_map_single(jrdev, input, input_len, DMA_TO_DEVICE); if (dma_mapping_error(jrdev, dma_in)) { dev_err(jrdev, "unable to map input DMA buffer\n"); @@ -95,12 +126,26 @@ int caam_encap_blob(struct caam_blob_priv *priv, goto out_free; } + if (info->is_hw_bound == 1) { + dma_blk = dma_map_single(jrdev, blk_out, + input_len + hwbk_caam_ovhd, + DMA_FROM_DEVICE); + if (dma_mapping_error(jrdev, dma_out)) { + dev_err(jrdev, "unable to map output DMA buffer\n"); + ret = -ENOMEM; + goto out_unmap_in; + } + } + dma_out = dma_map_single(jrdev, info->output, output_len, DMA_FROM_DEVICE); if (dma_mapping_error(jrdev, dma_out)) { dev_err(jrdev, "unable to map output DMA buffer\n"); ret = -ENOMEM; - goto out_unmap_in; + if (info->is_hw_bound == 1) + goto out_unmap_blk; + else + goto out_unmap_in; } /* @@ -112,15 +157,40 @@ int caam_encap_blob(struct caam_blob_priv *priv, */ init_job_desc(desc, 0); + + if (info->is_hw_bound == 1) { + /*!1. key command used to load class 1 key register + * from input plain key. + */ + append_key(desc, dma_in, input_len, + CLASS_1 | KEY_DEST_CLASS_REG); + + /*!2. Fifostore to store black key from class 1 key register. */ + append_fifo_store(desc, dma_blk, input_len, + LDST_CLASS_1_CCB | FIFOST_TYPE_KEY_CCM_JKEK); + + append_jump(desc, JUMP_COND_NOP | 1); + } + /*!3. Load class 2 key with key modifier. */ append_key_as_imm(desc, info->key_mod, info->key_mod_len, info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG); - append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); + + /*!4. SEQ IN PTR Command. */ + if (info->is_hw_bound == 1) { + append_seq_in_ptr_intlen(desc, dma_blk, input_len, 0); + } else { + append_seq_in_ptr_intlen(desc, dma_in, input_len, 0); + } + + /*!5. SEQ OUT PTR Command. */ append_seq_out_ptr_intlen(desc, dma_out, output_len, 0); + + /*!6. BlackBlob encapsulation PROTOCOL Command. */ append_operation(desc, op); print_hex_dump_debug("data@"__stringify(__LINE__)": ", - DUMP_PREFIX_ADDRESS, 16, 1, info->input, - info->input_len, false); + DUMP_PREFIX_ADDRESS, 16, 1, input, + input_len + hwbk_caam_ovhd, false); print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 1, desc, desc_bytes(desc), false); @@ -136,15 +206,19 @@ int caam_encap_blob(struct caam_blob_priv *priv, DUMP_PREFIX_ADDRESS, 16, 1, info->output, output_len, false); } - - if (ret == 0) + if (ret == 0) { info->output_len = output_len; - + } dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE); +out_unmap_blk: + if (info->is_hw_bound == 1) { + dma_unmap_single(jrdev, dma_blk, info->input_len, DMA_TO_DEVICE); + } out_unmap_in: dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE); out_free: kfree(desc); + kfree(input); return ret; } @@ -168,13 +242,41 @@ int caam_decap_blob(struct caam_blob_priv *priv, int op = OP_PCLID_BLOB; size_t output_len; u32 *desc; + u8 *output = info->output; int ret; + int hwbk_caam_ovhd = 0; + + if (info->input_len < CAAM_BLOB_OVERHEAD) + return -EINVAL; if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) return -EINVAL; op |= OP_TYPE_DECAP_PROTOCOL; output_len = info->input_len - CAAM_BLOB_OVERHEAD; + info->output_len = output_len; + + if (info->is_hw_bound == 1) { + op |= OP_PCL_BLOB_BLACK; + if (priv->hbk_flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) { + op |= OP_PCL_BLOB_EKT; + hwbk_caam_ovhd = CCM_OVERHEAD; + } + + if ((output_len + hwbk_caam_ovhd) > MAX_KEY_SIZE) + return -EINVAL; + + /* In case of HW Bound Key, lengths have different purpose: + * - output_len = HW encrypted key length. + * - info->output_len = Length of HW Bound Key Payload + * (Payload = Header + outlen) + */ + info->output_len = output_len + hwbk_caam_ovhd; + + output_len += hwbk_caam_ovhd; + + output = info->output; + } desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); if (!desc) @@ -188,7 +290,7 @@ int caam_decap_blob(struct caam_blob_priv *priv, goto out_free; } - dma_out = dma_map_single(jrdev, info->output, output_len, + dma_out = dma_map_single(jrdev, output, output_len, DMA_FROM_DEVICE); if (dma_mapping_error(jrdev, dma_out)) { dev_err(jrdev, "unable to map output DMA buffer\n"); @@ -207,8 +309,8 @@ int caam_decap_blob(struct caam_blob_priv *priv, init_job_desc(desc, 0); append_key_as_imm(desc, info->key_mod, info->key_mod_len, info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG); - append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); - append_seq_out_ptr_intlen(desc, dma_out, output_len, 0); + append_seq_in_ptr(desc, dma_in, info->input_len, 0); + append_seq_out_ptr(desc, dma_out, output_len, 0); append_operation(desc, op); print_hex_dump_debug("data@"__stringify(__LINE__)": ", @@ -226,13 +328,10 @@ int caam_decap_blob(struct caam_blob_priv *priv, wait_for_completion(&testres.completion); ret = testres.err; print_hex_dump_debug("output@"__stringify(__LINE__)": ", - DUMP_PREFIX_ADDRESS, 16, 1, info->output, + DUMP_PREFIX_ADDRESS, 16, 1, output, output_len, false); } - if (ret == 0) - info->output_len = output_len; - dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE); out_unmap_in: dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE); @@ -267,6 +366,9 @@ struct caam_blob_priv *caam_blob_gen_init(void) return ERR_PTR(-ENODEV); } + ctrlpriv->blob_priv.hbk_flags = HWBK_FLAGS_CAAM_CCM_ALGO_MASK; + ctrlpriv->blob_priv.jrdev = jrdev; + return &ctrlpriv->blob_priv; } EXPORT_SYMBOL(caam_blob_gen_init); diff --git a/drivers/crypto/caam/desc.h b/drivers/crypto/caam/desc.h index e13470901586..41b2d0226bdf 100644 --- a/drivers/crypto/caam/desc.h +++ b/drivers/crypto/caam/desc.h @@ -4,7 +4,7 @@ * Definitions to support CAAM descriptor instruction generation * * Copyright 2008-2011 Freescale Semiconductor, Inc. - * Copyright 2018 NXP + * Copyright 2018-2022 NXP */ #ifndef DESC_H @@ -403,6 +403,7 @@ #define FIFOST_TYPE_PKHA_N (0x08 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_PKHA_A (0x0c << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_PKHA_B (0x0d << FIFOST_TYPE_SHIFT) +#define FIFOST_TYPE_KEY_CCM_JKEK (0x14 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_AF_SBOX_JKEK (0x20 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_AF_SBOX_TKEK (0x21 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_PKHA_E_JKEK (0x22 << FIFOST_TYPE_SHIFT) @@ -1001,6 +1002,11 @@ #define OP_PCL_TLS12_AES_256_CBC_SHA384 0xff63 #define OP_PCL_TLS12_AES_256_CBC_SHA512 0xff65 +/* Blob protocol protinfo bits */ + +#define OP_PCL_BLOB_BLACK 0x0004 +#define OP_PCL_BLOB_EKT 0x0100 + /* For DTLS - OP_PCLID_DTLS */ #define OP_PCL_DTLS_AES_128_CBC_SHA 0x002f diff --git a/include/soc/fsl/caam-blob.h b/include/soc/fsl/caam-blob.h index 380b0bcb79dc..ae2c2a6c8c23 100644 --- a/include/soc/fsl/caam-blob.h +++ b/include/soc/fsl/caam-blob.h @@ -10,12 +10,26 @@ #include #include +#define HWBK_FLAGS_CAAM_CCM_ALGO_MASK 0x01 + +/* + * CCM-Black Key will always be at least 12 bytes longer, + * since the encapsulation uses a 6-byte nonce and adds + * a 6-byte ICV. But first, the key is padded as necessary so + * that CCM-Black Key is a multiple of 8 bytes long. + */ +#define NONCE_SIZE 6 +#define ICV_SIZE 6 +#define CCM_OVERHEAD (NONCE_SIZE + ICV_SIZE) #define CAAM_BLOB_KEYMOD_LENGTH 16 #define CAAM_BLOB_OVERHEAD (32 + 16) #define CAAM_BLOB_MAX_LEN 4096 struct caam_blob_priv { struct device *jrdev; + /* Flags: whether generated trusted key, is ECB or CCM encrypted.*/ + uint8_t hbk_flags; + uint8_t rsv[3]; }; @@ -38,6 +52,8 @@ struct caam_blob_info { const void *key_mod; size_t key_mod_len; + + const char is_hw_bound; }; /** From patchwork Tue Sep 6 06:51:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 12966874 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B375C38145 for ; Tue, 6 Sep 2022 05:52:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238327AbiIFFwS (ORCPT ); Tue, 6 Sep 2022 01:52:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237736AbiIFFvh (ORCPT ); Tue, 6 Sep 2022 01:51:37 -0400 Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10074.outbound.protection.outlook.com [40.107.1.74]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C3686582E; Mon, 5 Sep 2022 22:51:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ebxEn08C61oTwe6gPb7efjVBuvQfGr3MGfRofWOvMVS15SaXxyt99iINpHRx2MgqXmSsoair+gjwEOKay0Ri9xTozQu6EkbDEVd3OpyZG4g96QBqUcNkUAbtQaVKPo9Q9akYpTWJs0uSOt+yW+RahP9pj/+cj4FlclOCiTfsegAyu67xMgkZbBuB+l8+roWAQHf3W2j+d5T7eGfsY7o4WtDYPnYS2tKk+8HU+S0CUGJWdDkBxRVACYMfb2kxQ/umzxMiz7twQXs4TCu7MneHEZPB2TKgz10WkDNOsA/NKmcw/KtKdbf1ZNmfwhhjaCtc+a1ElSkRQlSzcsg5+hcepw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c6FQW9hNUjaVzqCmSWBiXp+ijFABj5QYHO3sceWPnqI=; b=h6oIO2zQOcaI5GDvvrnkUCE/c+Q+VjQyUPLWx9d9qL6YtWCAvZNBdNavaxCTyDFnINSa7g5zdC+GT7XnCaRrWyuFPFwhabgfx12KzcGnCNqPxmCu2gNUO7ozV6WWIdXPw9/BKWzDOC8ZzT8D0z2kshezeUQFFWylJzyzWk9mDTQHYXU9ktmo08QETtCoK8/FvjBpZJciApKVT9MwIFGid2jlzdLJZLBimClqRjjr0Jv9S14glS0f7CKFXb4pL6pQCj937qs0HRzvMMzWmpnCjEf4NRHd0L9iqlZ7N9+8Lwfc3ODBcBdHi5OzRre6bqs3Ih2/87lLQDYO43XBMe8mgg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c6FQW9hNUjaVzqCmSWBiXp+ijFABj5QYHO3sceWPnqI=; b=VrUNKVDnRQMV+7Br7tcmZxvwUFFwW8EuvDRyUilxQ/hsTuLniBV7U3oSvJ/Ia2dHMLiDPvdtdtxqe6Tag6573niXmAlwJN8kNm80ArIwo7+0GDn2+3/tntDCQTzheQwd1LtVCqVtSUazP0p8kABWSFGTArdF34YFupTxgoRS6DE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM0PR04MB6657.eurprd04.prod.outlook.com (2603:10a6:208:17a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Tue, 6 Sep 2022 05:51:06 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b%4]) with mapi id 15.20.5588.018; Tue, 6 Sep 2022 05:51:06 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, pankaj.gupta@nxp.com, V.Sethi@nxp.com Subject: [RFC PATCH HBK: 7/8] caam alg: symmetric key ciphers are updated Date: Tue, 6 Sep 2022 12:21:56 +0530 Message-Id: <20220906065157.10662-8-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI2PR01CA0001.apcprd01.prod.exchangelabs.com (2603:1096:4:191::13) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8b4fbbab-f219-4d83-1657-08da8fcbca43 X-MS-TrafficTypeDiagnostic: AM0PR04MB6657:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2RzErukOS570x0c+ALJCkFcjS/LbyZ1o/T5hNVUHlNfOkTNZVrd5qNVkh2iyXzstqYXZllwWOLjPEHhqQc+j8rScdl92UGmVI6K3bvATYeZE7k3oSZrcQk2mmkhXt1ENHPprQvzeb3DHi9LKJu3BZhANiUeXhy0XcmFZCoP2xQfo+7hWfz0RvYVlTjAtcOyVo2ccTuLunjZ5h01nRAe8G1PcGyUpDL2RhPdlHrG2NiVOqXRGDebSYyvJuYdXwmj1vKcnWtFiWbSjLmGBz1O4Q9jBVwvJB2AqKQ6InMQ46DYtDdfc2RysVLP3FtGum3YYGsFLra5nHjHU6DXzK7viaVdQ78gHaY7I8Mnk6aBT3EL/9DqSPpvEOEg+wkdHP3YudvrY88Tm/QJfjXHpsilQcbrqcofBZfGSPagdbX0K7ct6LFYg15F1EnFRJ4nOSwR/5FMXILFihTFKX3hlE5hF0PASfpxgDGRku2+/Es9CDqVT2txxJgI1SBzVvKaJ2MRFISyzx+DG1uxyLK5AjbAAklRvxDDBdWpjllNEYVe7FP/6ezoObsfejvFYBwojJGocR+h3MMaFOu15eRYkRs+LVVX+NP68wlMdO8XMlDjqf/yLYbPWW2O3r99vaLNwXoXWrhdB5IKC3XMdAto7XM6Rk/I/jlct1id9O4cB1Dw/W7gyz6GAW8Kodwc1oXc3wh14EtVeMbxuyIDIJVy3Et9IH7lnZRzh+ltqqCN9vW2/03BGFQrt/xzP8JeVVVTw/ZPcbQqT/nuNHygnJz24hr99GcxvYp1MNBTrga6GRrJ8Lko= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(136003)(376002)(366004)(39860400002)(346002)(396003)(6486002)(6512007)(316002)(52116002)(6506007)(478600001)(6636002)(41300700001)(86362001)(26005)(6666004)(38350700002)(38100700002)(83380400001)(2616005)(186003)(921005)(1076003)(66556008)(66946007)(66476007)(36756003)(2906002)(8936002)(7416002)(8676002)(5660300002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: faN1j7XalYOtfdWF0SU3z/IKckSuEDVI4KfcrbpcByhHaOpYprg+/Fb1ynEYMpM675HtyYk40U09J9JzhNpaLCHbBnUVrSJCCpKevFAXPLOF3NUb6tvRYvg95QDpqC9dAxCtPhKuKKg5/gLn9J6COLD1iKEPyIIwhm95vYdzFCLJW2YTOysPZolUL9Of7abQPT1iU2hrY6SJ7OaXjYewNqsQK+ofq9Y/lYKWaVcd6CeRYZYJl8OVs6Dy4FBH4jMcaD6jNn0K14RGisnNYX/T5VWRz8TxG/cIkRDUNGAyy2LhQvzrV6xVa0NNqpzvsEVk/RkmHALUxwvYz3xwHxu14ukr45VzyBz32SVVEQhK4+bRumvYF6Us1GSoYKo/KT0fiHTNG/OLeBTEJm6I6Ig1S4+dnBfMmD4YAidGshO/4w6kIRby75R2qNbELKc+e7zs/cF5SmcEb5nSgqj6TFNurvbSOhWvKSJYir70psq5q1yJp3PKQ2kB4LhB/8R/L+nbgEnJYyBYDSGoij44jaDFB3p5JNGeGUHDWpeVhJqCqk60kq895Yf9JjyI8Se3G0LKUdoZxAhsgkvZ/vl4W00VJsUgBmHsSJlVrg6q6wPr/pc8+F7stoN4fbG88kG8RbNFwkYojlfdqxgWle9rVLKLgXCuqJfIB4e8MjqNRafVZqu1k+TTX5Vsa1x7DWTFN87mTdqpmtBA61BIsyaMzx8EuEQi52nm+8BhJzwF+QRs5u8TsUxwpufaxK0jNiH/Js5zLwJDk5hs+ueH1Sfdz8FudJWrW8dB8zcDoh96PeGdkrrDYnfhy/b0DIc11fxgb1O7XVYT3lZSjD1QT3e9lEVbvEVEPrBNBq+4MOFPQJz8QcYMt3dp4mcsMwvTiB7JEC4U5VHmj4rYUS1oCbpXRFm2ImxpEtqIw/UM1HZb1rW974QK3cWwOkr6z1d9XhganZ72bqwO3RfLNfGcJ0zoqUm+lf7c3Nvr/QVZx6EEpO+ZQhEbP2tu3w9CaDerRRcvt69JM8/91EaeKCjIy9avLbadXpGSHahhdOY6+74peZ9OaR7qJCUYjwVeyjDvnYi/s4A5J8eDwGXikvlhGuY6lMEGU/psEbXbVaWhLr9s0S58YD8grezuE0r2CmnZf5WBCgwyqoDboGetDZ1CGcq+Y7tth435LQHKkYrJ5xmUDJiHMYH41IjrTC3eVl6Jy8PY1h7rOsF83INl+8RoG1s1to8uP8qatSdbDq2QnQMUGZbP9JFeHiLDNXrz4Mh7pZmDgHM11Se1Of7zjQWkS3+bJvjjbAoLWO6tkPYbmM0/ymjjo1dWMnlabVSvcJmeFQ9p5tWlw0uUGgwRkYb3OkL6zUgjIpcmbI37mWLEtPGsJhvtkUdcUdaolzeq5jszlrT9zuUZf59gcfRNQ84fQ50TTtxxYUqc7Byq3h8Szzzd2FGRAq11oSze9/9R8f+2RcHcnrMh3/4ofVcn7utgSGkbEMxSJIT3Hngll4diRk4nREslyOiHV1OZ15y1onquXugrU4FbYhx+Xh2VWCwlRPW/YbV/r+v+7UWSk6+xwy8ve+hm3Qbcn3xSQ846BdzKviAKn4Ol X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8b4fbbab-f219-4d83-1657-08da8fcbca43 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2022 05:51:06.4792 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hcwSAyJ4ogJsm4RLp4ZQYm29OQ25PYpvmLGs/M2ClXFj4Q4UmCOMv2e242/hVqPD2ben7Xdr7cHUm/1fysc50Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6657 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Changes to enable: - To work both with black key and plain key. - It is supported in context of symmetric key ciphers only. - Based on as crypto layer's flag: tfm->is_hbk, handling for h/w bound key is done. - Otherwise, work as previously. Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/caamalg.c | 37 ++++++++++++++++++++++++++++-- drivers/crypto/caam/caamalg_desc.c | 8 ++++--- drivers/crypto/caam/desc_constr.h | 6 ++++- 3 files changed, 45 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index d3d8bb0a6990..2c96aecab627 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -3,7 +3,7 @@ * caam - Freescale FSL CAAM support for crypto API * * Copyright 2008-2011 Freescale Semiconductor, Inc. - * Copyright 2016-2019 NXP + * Copyright 2016-2022 NXP * * Based on talitos crypto API driver. * @@ -59,6 +59,7 @@ #include #include #include +#include /* * crypto alg @@ -734,6 +735,7 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, container_of(crypto_skcipher_alg(skcipher), typeof(*alg), skcipher); struct device *jrdev = ctx->jrdev; + struct caam_drv_private *ctrlpriv; unsigned int ivsize = crypto_skcipher_ivsize(skcipher); u32 *desc; const bool is_rfc3686 = alg->caam.rfc3686; @@ -741,9 +743,26 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, print_hex_dump_debug("key in @"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); + /* Here keylen is actual key length */ ctx->cdata.keylen = keylen; ctx->cdata.key_virt = key; ctx->cdata.key_inline = true; + /* Here real key len is plain key length */ + ctx->cdata.key_real_len = keylen; + ctx->cdata.key_cmd_opt = 0; + + /* check if the key is HBK */ + if (skcipher->base.is_hbk) { + ctrlpriv = dev_get_drvdata(jrdev->parent); + ctx->cdata.key_cmd_opt |= KEY_ENC; + + /* check if the HBK is CCM key */ + if (ctrlpriv->blob_priv.hbk_flags + & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) { + ctx->cdata.key_cmd_opt |= KEY_EKT; + ctx->cdata.key_real_len = keylen - CCM_OVERHEAD; + } + } /* skcipher_encrypt shared descriptor */ desc = ctx->sh_desc_enc; @@ -766,8 +785,22 @@ static int aes_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, unsigned int keylen) { int err; + int overhead = 0; + struct caam_ctx *ctx; + struct device *jrdev; + struct caam_drv_private *ctrlpriv; + + if (skcipher->base.is_hbk) { + ctx = crypto_skcipher_ctx(skcipher); + jrdev = ctx->jrdev; + ctrlpriv = dev_get_drvdata(jrdev->parent); + if (ctrlpriv->blob_priv.hbk_flags + & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) + overhead += CCM_OVERHEAD; + } + + err = aes_check_keylen((keylen - overhead)); - err = aes_check_keylen(keylen); if (err) return err; diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c index 7571e1ac913b..784acae8c9b7 100644 --- a/drivers/crypto/caam/caamalg_desc.c +++ b/drivers/crypto/caam/caamalg_desc.c @@ -2,7 +2,7 @@ /* * Shared descriptors for aead, skcipher algorithms * - * Copyright 2016-2019 NXP + * Copyright 2016-2022 NXP */ #include "compat.h" @@ -1391,7 +1391,8 @@ void cnstr_shdsc_skcipher_encap(u32 * const desc, struct alginfo *cdata, /* Load class1 key only */ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, - cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG + | cdata->key_cmd_opt); /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { @@ -1466,7 +1467,8 @@ void cnstr_shdsc_skcipher_decap(u32 * const desc, struct alginfo *cdata, /* Load class1 key only */ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, - cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG + | cdata->key_cmd_opt); /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { diff --git a/drivers/crypto/caam/desc_constr.h b/drivers/crypto/caam/desc_constr.h index 62ce6421bb3f..d652bdbf3f91 100644 --- a/drivers/crypto/caam/desc_constr.h +++ b/drivers/crypto/caam/desc_constr.h @@ -3,7 +3,7 @@ * caam descriptor construction helper functions * * Copyright 2008-2012 Freescale Semiconductor, Inc. - * Copyright 2019 NXP + * Copyright 2019-2022 NXP */ #ifndef DESC_CONSTR_H @@ -500,6 +500,8 @@ do { \ * @key_virt: virtual address where algorithm key resides * @key_inline: true - key can be inlined in the descriptor; false - key is * referenced by the descriptor + * @key_real_len: size of the key to be loaded by the CAAM + * @key_cmd_opt: optional parameters for KEY command */ struct alginfo { u32 algtype; @@ -508,6 +510,8 @@ struct alginfo { dma_addr_t key_dma; const void *key_virt; bool key_inline; + u32 key_real_len; + u32 key_cmd_opt; }; /** From patchwork Tue Sep 6 06:51:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 12966875 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DFBDC38145 for ; Tue, 6 Sep 2022 05:52:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238381AbiIFFwl (ORCPT ); Tue, 6 Sep 2022 01:52:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232503AbiIFFvx (ORCPT ); Tue, 6 Sep 2022 01:51:53 -0400 Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10074.outbound.protection.outlook.com [40.107.1.74]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D38BC6E8BA; Mon, 5 Sep 2022 22:51:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M+MrGulFf/QlOCbojT2zly7DjF4VsGjq2m1cZhhveCJT8kOLNzlVhc0UC0VyPkLuhWaS61i1b+k+9fgnl1ryQw2yTCWtAyhybZWSfhNshjxhkt9WtEK9PWDw6+cX3tHJ0HmRJnErEhe77ke7PC9M5OrH4S06yhUQhI6I+RxrCxzSzUv136Ts2XDJR/Vmxi9QnqkRq7B1lDa+hQOzTQlC2vHejU/OS0Hy0lhFi3mHBhUk4d+oqsdFEdfKuoQuIU2mYl2tudtK1Rp/AO9+SGSJpPPBE68uaUSpPeARLMz0X9sLNxkUqej2r25gApBfRp7r8QhOV1QWnycQ2aa8CcW6bQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tTSJ4DEQZ1rlAIrW9LGVy1RJjj1BmzngUFmb3iC1gGY=; b=cUO+CY72vF5b1m4eoWF21JtI3DqsnYkKwRrxAhpgfL282aLsOpckR6nnmWt/txWfJoy3pXciSCgK/F7/tT395RNh7hEa+eeYZR4oeTHGdDZQiYUCb4aNrbMRk1rQnurHohFLiiMZMlVwFknqjLWNf//P4rMfqsaYEIpq/7v6+GXyGMYlq1xf9rhCVkavPB33LR6ndWH3X3aL1q57Ak1qbIjL9vQ8HekYelvOVx7cGIIvkzwGn8GZnV2XfD6w73u4KadtN9uNeFJVfXWFQ5/TDbzLy6j3Rlu/w5d75BThUVnGAyrOPawwXHgPTMkEOqiKvqAZAjENhzmQLssYfHj3lg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tTSJ4DEQZ1rlAIrW9LGVy1RJjj1BmzngUFmb3iC1gGY=; b=OGSBXEQXnvexg8X32kNnZob4Gt6av2YaCotuZgY/JfqwA2TWfXA4/GMFiwG1kNLhRJZHQs2ABMo9Pl0tWoYAWw/izvRwBmjd+C7rwHDumC+93c4FrtKYHfBaoEVXE3rNmaNlp8E8tIQRiwC7QYzNFmnTKn7HBd+G3VaJr+SNRIU= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM0PR04MB6657.eurprd04.prod.outlook.com (2603:10a6:208:17a::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Tue, 6 Sep 2022 05:51:14 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::6cde:8704:ed0a:c87b%4]) with mapi id 15.20.5588.018; Tue, 6 Sep 2022 05:51:13 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, pankaj.gupta@nxp.com, V.Sethi@nxp.com Subject: [RFC PATCH HBK: 8/8] dm-crypt: consumer-app setting the flag-is_hbk Date: Tue, 6 Sep 2022 12:21:57 +0530 Message-Id: <20220906065157.10662-9-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220906065157.10662-1-pankaj.gupta@nxp.com> References: <20220906065157.10662-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI2PR01CA0001.apcprd01.prod.exchangelabs.com (2603:1096:4:191::13) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7781a519-9edf-47e9-1acb-08da8fcbcec3 X-MS-TrafficTypeDiagnostic: AM0PR04MB6657:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qI6dBEa27cwGMKhSv1fAizGjZnEKFa+57IP4Q9YRVdpGoZcx2jNOlPu3YuRiXuVZ9ZNmL2sjKuV339Qloj6yl2hPeF9wvlxuy33lEKkRnMrZB8o/N4/SbYXkF8/gCsnCK9f6bCJgDkXu6msbygsAfQ7RIgIUHCTRMxBXRSktXa5QCtzoTT8vkL2oQPf/h4Bu6XQbRAcRPR+A0PfTv3MFl4yW4MR4erp+dapRKN2M7u2yIoFsKm38gOeOHYjBkpYhjxhD1+tsi854rkD1znVwWLSvKRxrOxvPawzWKHqn2eAE3HKZpBS0ojjyJo0fY4vzF6zh/dXGJsGMw/5KqyLnyXqIi0C4KID3NaHRSZ9dqFDklVIiGHM3b7nYE1WmypfA9l+vpLN44R4fjmOjJFbQByiPO72Kk1KBw+mIBqsIX+pJntaV/sIjNI9BYOLxtK+6zN/1JuTSOBFbwBH1CBHkP8Q8YcAfyxtWmgBkPzO93sWUN43Jx/fQ1cw8cTlFX2SqDTANQ1LOHxd8N/NqIxY9aD7vzc+fy58fA1ONKO+bIXCmPZqgGTnTsRTfPBlKeDOxr+4A3nweuqvnLqgKA8wtEe8wsdDcMrSBVV5JYH+BgZkQTM8W+awmxIucpuMpg8SqIrxY29qOJeGHsd3APsQ6waqv+NcieI6IBMbw+F5P06LziNA+rSN3J+yULb6N/94Gv6wJmPAWXmnKbEe+DvJke3mSBoKOk1e9k+jsJ4OlxttNXVAbslwqA5U8eMYiSGCePU3AlKsdvP4Q/m7ODl9fup2uSP9M8pbn4uL5Q55T3RVcn44VfDNUW2ET7YQNQwx1 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(136003)(376002)(366004)(39860400002)(346002)(396003)(6486002)(6512007)(316002)(52116002)(6506007)(478600001)(6636002)(41300700001)(86362001)(26005)(6666004)(38350700002)(38100700002)(83380400001)(2616005)(186003)(921005)(1076003)(66556008)(66946007)(66476007)(36756003)(2906002)(8936002)(7416002)(8676002)(5660300002)(44832011)(21314003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: KHkEF98PjKQ3JuUzBrhd3Zex2/taBCwMIUUeCS6bQUumOLBQ8JYK2ABX+oV2My+Zdgfv55lGaU2DJMMCIpZEzA6+1M6EeYOGvFDgI4gJ709QW82ArtOyQXWdNcFi70T4NYz5tMrNiPaDdI2iiOyeEC+jRz+5HY4+jM6s2iJ5auOGETEAxmqMIDOoi9QSs3SDtJyuhVZRO+Q+4TNbFFaYMp806t5VoJCrA1yAIhE63S9SGdTRm6mPF0fbAHctBdBRB0PgvTdtfbV8I+tqjz/XjFUQjQZg4BEezbtSv+QqBSyrJZOoTnZD0pKELMjale/67X4Iego43BrXf4Iy8tFmIV+YvMDfUHMT7gFycmwG9JSZBB9TElMZrirxaAA62leRJOxgHNBJjX5nCmlWCD8/d261EAHZYA4ON2X1mF75AeA0Ks42sUW7NB6qpgvxT34KsRf4ExK75Hmo7LG93rfZxJF2c4Z9XFv09nE5BiDiD0Q77/zfEepfB8Qdc3SzsQJYNWYgLAElNbRy1a7D3AQOkrX+Rlm0Uu5ot7gd6vb7F6CowTYK5ZTI9VeMtL6kbhcA8qxXPnH3yTkpiuUeRpckT687G5isQtxDk16aG79WDVK2gTCIHVaoam8XeINnO/tFVvyBFUxG+1qINIfRrVXOxAQoNTe7uJvb1pW9EffEn2bm5o2v8euwy238iRgewhuC2pD5xNW2OfisYlVx3dmM2QS39flob6yei9QFARiaE0mj2zCQwxQtHOwyh/r2NvFfafa70s5UQZ8MlfLgQXzJXTnxN8OVv5w0CJ9Z4DKRwDjbH+y14EiSY8U5hfm1d2QC7MuZmtmi/HLZiyJxnwwOpce39Q6Gc1VQCNFPmePTmT6vV8qAVoc2Hkqs/5le/EYzaSdede+FPbwObkHic8jLU3I2uDgm8BpkfUD2Bqo/w2sK6T4Pm2PNtmpap1uW3yYquRwV229woQ38s5X4Dqxj9tzh4YOYJ0+Us5T5+utRDf8Mj6cN6IWJKlYhURW7EwdUO1j8Ru5dOffC1kpyeMmU/haKfjlnVZ2h3IYzc4vntEfF+miwpxad5t1Dy+tWw5A3eyNFJ3TzBMNsVZND38WAl3K4FoMAl/iwxlO76gi27Khz7J+A7g4GveyE1NARuKvg8R1+9r0ITe+uPzexwqcN1IWl1i9tUtorSGhmNuCkx+1ZGgzzNtEyX2QFjTHz00ZhM+LsUPav77zBSbiQRXoJ/CU4Tyq6GPrNCzS3X6j99kmQ3aP82ldg6y42MddJmuwZ/mBgVjemyHzaT5wIlQYnM0/fb5J647nMghR1Ixazrtg0p9QhGjZ4oVcEJMNkxaBvQCq4M+RcpHoVVDAf0lONWsnUVY9pg6KIGgX3Azk3h9HpjEKV/LXGyCJvozbjN5KDMgum79Sn8rUrY/iOg2btim+ntT7owDtrt5e9XAjt4nM5M3lNGwnXF8Fl18WYDacFEHOScHtiMmoJnw625lv6P9+IblalxXukWgYoz1rFitZyC0YCzwXgdfRhmqKygpARcTheB2cxI/R0Ym4oS3Omonc1WO3hWckutlaPM/K3LfzpDBHJF+YYWZCmzviVobIv X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7781a519-9edf-47e9-1acb-08da8fcbcec3 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2022 05:51:13.8403 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: je8949H6t1m4jndK2f6WV8PfEl+xlEpTMTOk0Q4/N/+mV45F7zA++PyRLNv5o/rJpO4lBrIIWFCKgtupb5IuIw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6657 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Consumer application: - Adding a flag 'is_hbk', in its "struct crypto_config". - After fetching the keys, it is setting the above mentioned flag, based on the key fetched. -- Note: Supported for trusted keys only. - After allocating the tfm, and before calling crypto_xxx_setkey(), setting the tfm flag 'is_hbk': cc->cipher_tfm.tfms[i]->base.is_hbk = cc->is_hbk; -- Note: Supported for symmetric-key ciphers only. Signed-off-by: Pankaj Gupta --- drivers/md/dm-crypt.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 159c6806c19b..12b400e06cbf 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -221,6 +221,7 @@ struct crypt_config { struct mutex bio_alloc_lock; u8 *authenc_key; /* space for keys in authenc() format (if used) */ + unsigned int is_hbk; u8 key[]; }; @@ -2397,10 +2398,12 @@ static int crypt_setkey(struct crypt_config *cc) r = crypto_aead_setkey(cc->cipher_tfm.tfms_aead[i], cc->key + (i * subkey_size), subkey_size); - else + else { + cc->cipher_tfm.tfms[i]->base.is_hbk = cc->is_hbk; r = crypto_skcipher_setkey(cc->cipher_tfm.tfms[i], cc->key + (i * subkey_size), subkey_size); + } if (r) err = r; } @@ -2461,6 +2464,7 @@ static int set_key_trusted(struct crypt_config *cc, struct key *key) if (!tkp) return -EKEYREVOKED; + cc->is_hbk = tkp->is_hw_bound; if (cc->key_size != tkp->key_len) return -EINVAL;