From patchwork Thu Oct 6 13:08:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13000198 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2BECC4332F for ; Thu, 6 Oct 2022 12:03:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230337AbiJFMDH (ORCPT ); Thu, 6 Oct 2022 08:03:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36206 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230294AbiJFMDC (ORCPT ); Thu, 6 Oct 2022 08:03:02 -0400 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80049.outbound.protection.outlook.com [40.107.8.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 845809DF97; Thu, 6 Oct 2022 05:02:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ORWMUU1LIKiwz1S1CVF9IIRa+cP/blr4ZsiVYfgGU7ERXOMWmU4d4GHzFvm8n3Hu+gMhb5A5XkpQMHXf/XMR6GzWHSgqkeauHAPJSSNK96jO99pi8+hxFCnOTWDWaouKI7jS4N4y8kRikahgvDax/gaVthqTuTVlzojwlYDbQIZzGOOY2veb0Q7gCAHdvYlN6h6pnl0gS8IlQxyF4hwDyeJOVyt+c9JUed+SSegybaD7/f9i6eLCikP2GZh6JnTfEMDZfXNrd4KgpYQYDoQDHk6UoEVaV9/SIL606M2ZiAyc8jM9QtdhZ3q6MPgPZqO0awaiHHeYhxtAPOwYrYH33Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ut6SQk9xGws8OY0mrSJBJ4KVW4Sj21Bmvp4J0BHJjxw=; b=IOzHhnK1dBuLTjb2XJylICn3kNYbbwxiKdCumoZR0Mx6Q2H/DTXzzuuXCMjlK7otVj1IMbkqH5TMDbmXSCtSvrsdfuWVvKy2CJLHhSl7PWJQrCdEMvYtBw3MMA5i1p0sAJmBuPXGLOLv2JLTRMfDB/k9NR5uNtxrfmYurIUvc5MflUgPE8CUY/267jl/J12ImS6OiaoakytPYEKNRJMQTooMhTbWQmqgMLX96sS+42kotjmDu2qY/8aix/99fL+HGagGLoEgRwpGu1y7JMvOwjarn4g0dJF+iC3Tqx9ideLuOUdd/6BCfu1NfWOMsOpYCoxUv2LIyN/m89mDdGhKVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ut6SQk9xGws8OY0mrSJBJ4KVW4Sj21Bmvp4J0BHJjxw=; b=DBW7lCW/FpX5LAwAdKNsqDx5f63fLV9MPJQVBwRoeF5Oh02Kq2gp4E1aKhpWL3bge7JRXHj20KbqXGarUL6Fg7mrpCwEya5gDBb9vugqPVbOw/x270jBz72mn8qcTgH6dWFF4tunPwG4vZu8NdjpsrqeOawPkzrla4/6tEoRv8Y= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM9PR04MB8523.eurprd04.prod.outlook.com (2603:10a6:20b:432::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:02:53 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:02:53 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 1/8] hw-bound-key: introducing the generic structure Date: Thu, 6 Oct 2022 18:38:30 +0530 Message-Id: <20221006130837.17587-2-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AM9PR04MB8523:EE_ X-MS-Office365-Filtering-Correlation-Id: 0c565679-3cfb-435b-b069-08daa792b29a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mNv9UzIo114sYH77KTJWvFAuYM32i8LYQbWbINOHqPRbkPBqpxaEje0ojYhjx3k75yM4ejj0ot+TjhYKD9XO7OBXPAhz7Xzdj1kbRJjMFnS6enVeCr28PIh71/mujaZmFCnQ691getwCegEKvsXIknjK2L0JZ1g5te7VUhciIS/UEq6z1W921jOO7P63xRt7rjgXY42S3P+wH3WCKoxjTekp1aytSG7MAwBcxVcZurxXPtobdzHKQpR0HZrqdWzbMAEyvAXcDB18LhBHRRDE4cxwuiuWMO2XFK05ux3wguUmw/TpnQN5ftWakKCcoFXaY5ni68WaDDxOjmuoo118aUftAtqlZXICXnJZzVVzl740FSyjvLOcXuREs7eQka4Vj1mm7xLmcZ+a3/iyKERQWwTs/JENZlFcGrBgkkvm6FroRFN1qO0RVQyaRZjH1qACCzYS1NSGI8Tx3NpewE4/IQlLubchi/fB+hrt0NCVVV2OH8ry2S3taPOTqAHNm6O2yKv+kMuhaPhDjeXlb+v4q5IRMvfjVFT7wBFK+Z8XWg0+3GdrV/E9vLatA4al3FnijbOic0iNsWXyeP81Ck5FfCVbBNIYgBKITX9S/cakQGOQpzkXOG9g/1SsgiYz7AzlLXEh3QroZNRYd+jBu0scarEvSu8qtGKAEJg7aFwbQVaqKJtrwhrElozWDiFvO5bjt0zAsxhPKw5sn9mAww1cBq95V8svSlVKS84+6hk/F+ztWDcbNeeGvFx6lcKPg1b8HWtXCJAhqsN+q9IxO4Flp7m5TekbPgUs5Znmyq8Hx0639Hp4uOzjgcTOAGuaScOu X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(451199015)(66946007)(66556008)(4326008)(66476007)(8676002)(38350700002)(38100700002)(478600001)(83380400001)(1076003)(36756003)(41300700001)(2616005)(186003)(6486002)(316002)(6636002)(52116002)(6506007)(6512007)(86362001)(921005)(6666004)(26005)(2906002)(44832011)(5660300002)(7416002)(8936002)(41533002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: SHPknXPj6uzVPoUCnipRx5wXuFWNjABISF61Htf4uJunLoC/eK86Ygq4Xw86dzeK+7ye8MJGaayKG6GCNxYaUiJsoMPAIvFV/LLbuUCWu9i5ru6sdLK9FyQE93MPX18XJULSvqD6IJAaguQ2oFpq7bD/ex08UliUP+DfL0WGGPC3hMbwmmTBRK6fVwXxbk/+o2ju7sHydTQyEUsDyOp2OZLdXsVO4NcSfex7N2YHzGZ4Xjp0BrcRUuuQ3RTYXhsDdZYkEqci6j8RcZLN6g85FnFTweA6cn0mVxGiI0MppdjV6axgnrqnggPpDETi7kxf9iNAphppMHUAEf8d9qWG/glI52mewJQQNGLVoRr2dOToYt1Uqk0Si9nJFnboRZJZT0UtQQWWdYm62BtMuJQhck9bUBPlaLgwP/bQJkl8U6q+2iiocWCm2fjNW1fzyDgkecAFR6rVv3QvBTdgDPoxcYpPcDP3Mf5/D6o+S6GzDxmMwxGu9l32b49sbSPsBkldPpZg5hfprW1jgZgUCumndlzveDZV2zy9NcRq93VJGy+LN5iqkoNEcBih55sAj15Mpy286GFtZdfVQdenEgWi64ojsOk4FWVsgx9EcpexQe+ZjwewX6jsy2WSKfkXkCpq1HgOtkvs6F4tc9HHT1+Em+sxAB1d/vuQz5ejMVnNoTp+i1zClYqD43Q7j0bxZeimfGabdeoagEF6GDQCv1vLgBKh8o5rHZLfGyibkxOJqk6vZHGI3NwVhX+6vvpNhfPK3LWzxZvWVgBhFIve6EpmOav0uL+gJNzVT2NTRaPyNJqdr+dHBTxx1QwzB1u/AmRAgMc3a/E0HZggnBvlm2UHgyWtvmJ07KVWBzJY7ZPYHaITcUmteBgEAYt0x/esUHGQ0stwy2QaCKeGx7uvjGTC9Az83uB4LoaiHEeMVUtbSrTbDL+S2HUPftVbVMZO1VXOWusTuuAapedoYqV7ARPO90HcSjR9C9Pj4zAKDul0BVydzN/J2qDT6x4+bqhD28jtV4K/SXy4BUYtRMoCBmgclU7Hc7AFp+tVkv2Jfo+D1sf/PG6jpE2EbctRwpc5Si7wuJRDbBhH016o2UB68kCmkdoMt9XGM0eBnrkubE8vdA71Agos8OnhoUal9JI9wtQEdPfjzwM5ejAaeUegmwLjVEaMzXBVyQ/hooO1Z+KHAkN7ebTH/Vx7CL2xfxjGjdzchXfLVlIE5UYiNmN8rLcBFicWq/sIjFOQAuvhIQd19NxaohKSwNNVYhqBmhsauMPTsBj1rV9/CCotFQaWjiunLuCkOp8QopiojpuHgzIi3Gh7oubVcehIy3TL2Uk5rLxBpdniQqjjEbk1yCgYJVOzp6rrEWoywIxjt8wbLg6vwG/twZe39oIuqnY/DIQnLbBim7aoVxGl5Qg1VAOtG2UC0ILotnrFNHuMW+KwUeDvgjZCVoAt/xbPornV1L+JEhR5JZoSA51dLyX/91jsHOGU54QlzcL7rQqW2iE9TxEPJv1vmfIqWrcQTM30JTN6rbevCOViRy3L9meZfZitWG+HPTzygqEPwLb4C30LwrKBbfiamOsYtHKJw9vuIf7bOwag X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0c565679-3cfb-435b-b069-08daa792b29a X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:02:53.3810 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2MCT56vIO50H/bjB+2j01nh49xrmRFovzdOUEmL9a6aLbcLC5pZl8Uc/CtRXUizEwEumrdi1Ce2qAHB2WvojKg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB8523 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Hardware bound keys buffer has additional information, that will be accessed using this new structure. structure members are: - flags, flags for hardware specific information. - key_sz, size of the plain key. Signed-off-by: Pankaj Gupta --- include/linux/hw_bound_key.h | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 include/linux/hw_bound_key.h diff --git a/include/linux/hw_bound_key.h b/include/linux/hw_bound_key.h new file mode 100644 index 000000000000..e7f152410438 --- /dev/null +++ b/include/linux/hw_bound_key.h @@ -0,0 +1,27 @@ +/* SPDX-License-Identifier: GPL-2.0-only + * + * Copyright 2022 NXP + * Author: Pankaj Gupta + */ + +#ifndef _HW_BOUND_KEY_H +#define _HW_BOUND_KEY_H + +#include "types.h" + +struct hw_bound_key_info { + /* Key types specific to the hw. [Implementation Defined] + */ + uint8_t flags; + uint8_t reserved; + /* Plain key size. + */ + uint16_t key_sz; +}; + +#define set_hbk_info(hbk_info, hw_flags, key_len) do {\ + hbk_info->flags = hw_flags;\ + hbk_info->key_sz = key_len;\ +} while (0) + +#endif /* _HW_BOUND_KEY_H */ From patchwork Thu Oct 6 13:08:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13000199 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA538C433FE for ; Thu, 6 Oct 2022 12:03:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230463AbiJFMDW (ORCPT ); Thu, 6 Oct 2022 08:03:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230380AbiJFMDI (ORCPT ); Thu, 6 Oct 2022 08:03:08 -0400 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60059.outbound.protection.outlook.com [40.107.6.59]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9F099E0CE; Thu, 6 Oct 2022 05:03:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JUR9j58TsJ82bFO7+uDFXcf+kUWtvnM2532bv5RxAvtJ8SPU/Ct+D8GdVIrffKRDlQr/vFjwBLfrmjEvBpM+JBVyATPbd9xqA60VnKL8uxzOIc7nWskpQcMgbDGd4ivHhdJtshDGFHfxAKXSYHN+vlEPRc6WI7pLug6LRBxFMdwnYjMZmlSFdaUxc2x7CyLck786l0ox88tWIsOoavOMuamIEVVhVEaqt6G8mpeGKjdjDkrGeNMTLGdaMk8LVmRbs0wfL2PNTpX8xxNTaenNwfupituTc2AnQFtSgN6vRtVl1re4lHNTzZ3wM10T5rsyealMk6Vx1ydCYTvCQo7VuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9BIZeUlYTkkwEsnHPOV5W2MrbkHuv+NAMrifo5Urybs=; b=JQSz8osoave8WGdnInyi4QbdusQgOLpZtarVE3pGuIh/WUQD4S3l3PtyvdgnxFsMBtsbU0XiGy3JZDrMhHrZ/OeYFND8JzNXArBgv9IvHG8ph5URxTofLfvCB3EpeZ+3RXLZ3JnGpT+RUu7H4Rsp1BWgtJxgW/On7HcAVo4s5++JtBXfh/lnoWcWo8SoHCLOT0jaSOWRseo0DAYks8AMcatra9Dc0LLGRE/AVqy0S/cxdlTSGQPqEG7qKzRN6UkY/7qicDobtnir5FLgnINY8cncy1jnCiCWNZEmfd09OTqZsvw2hhcIXIaaKChkCzPrg44paJrYZ372ZFXR/u70Ow== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9BIZeUlYTkkwEsnHPOV5W2MrbkHuv+NAMrifo5Urybs=; b=bs3zfnttyTcJwElHwR1IHPFTY1cBwYQgtk9iM2/3MKJBbf4ldkC/pF5VZlrYRPReaoiVNBVo02cKGobeE2nMFx1V2dxKwPny9uoT3mZb/T/+GNJ0CVX79d52/1QlW9unCcCgGwxRiQHkNLALbUXiiKORQD6gQONNxjPhs5+LWg8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by VI1PR04MB7008.eurprd04.prod.outlook.com (2603:10a6:803:13b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:03:02 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:01 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 2/8] keys-trusted: new cmd line option added Date: Thu, 6 Oct 2022 18:38:31 +0530 Message-Id: <20221006130837.17587-3-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|VI1PR04MB7008:EE_ X-MS-Office365-Filtering-Correlation-Id: eafea71b-4dd8-47b3-44c2-08daa792b743 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: j3usDY2jeFFKX720x4didUtEzPGwwHbl5vtGZ8ZrEAObkDdjKkqzCf4KUBDP8KxD8y9PhnC1UXskkqdI+qeit2F9DYuY/+olVMDb4SOCcwrXKMS8ubfWcvlnYKVw1WXaPDijM1oJlkFNQ+iaOfAmm9Gp8jWfK27o/bpqt/YhdaBAH95Sh6qKdpeli2j+Y69RMMxjH7Ovk1R7VIz+LBQxSY26P1r7wBNu81guC0FGEsfeSnS8x23FI27oI2PxUKNFWmoXevsPAUlW2KSSVEFNBMiygfTxnvEMddNYVt9gMP+K56Mu+cFNLv23mRuBOCbTMjNFO2Ril9pp+ImkZkkjC0ZS6qK9Kgw6S4DShLhLkesm14fFPoxlQQ5qFe6BBaXFNsGgI46CUPkBVKLwIbDbmZ8Tr9SJX7AaN2tMMBn1NSAQYque40pka2xmVD3kyfedLpVW1LOdcOQ65Zbz6QOKk6YQJ2AsO0eehz1ZMnKv4uKwqEZvf3E5N6X3wP5lkl89Y9vKdy4p68b3t2LBxvD3k9CuqTv/Y17n1SjS5bYZ37Yw4UryxMRreDX+E3i4kzbeY07pYS05frRzNuAzRCZhx5LM8ULGYRexZ9OQf+JI755Av33DwNbGIHKhs+AQbG72flRysSav3E7FGI1hySyNzh+Akc3HpD2ZBb2ZYu8RaCV3mzbEoUd8i0DYBNwq1nprqhg7ifw2E53M6gd4esnDDlL6OB4ca23crpLDgBx8Ma9W+/llMENNKcYU+gd8fBr5pQj5seghLcH6BAZAuY5lc4cfwLikQ/9/FFeMBJkmc00= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(366004)(346002)(39860400002)(136003)(396003)(451199015)(2906002)(52116002)(26005)(6512007)(6666004)(7416002)(41300700001)(36756003)(478600001)(38350700002)(6486002)(38100700002)(86362001)(8936002)(5660300002)(921005)(2616005)(186003)(44832011)(1076003)(83380400001)(6506007)(316002)(66556008)(66946007)(66476007)(6636002)(4326008)(8676002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: hDN1w3Y6tDp6bCspK69IAi5ruQfq12nMAQ9UoXlNPoqLYF5wQHWvg8OkkOaz9fkMr/nmft2oAOp3gFCYZnBAA2pgpHYOuoXkgrPAFLo+cwM+sHNMM8Ns7zcyrZOh+bqYT7giIQ6E7mftV8PQUp5LrD88iuT9tTfZ+OOCmM97XPA2nEMI8DMLaDBP93DDL+pkOuEpHC4tMYwZVK6fqX7pqv1UHQUHG1+Tx6EC/DHhQgs4iQXx2d+3vVmJ7dTLV+FqDYj9JQFt1ARltiuC0UaXjdr/IvPTe150Vx2o+6szjL0SYrnNO3cpCvvVkh/L1OKZdk/r8jvpZ/fDtap0Z13wiH0oauDu/RzWCuNqceKUDhx1EPOEyBzZSvyhHlrTLfV6l6riOuKaRHWRta8zfdGd86W4F3mIOWo7vICBc9IOiUqa6rAQOtiXwKsV2++4sUhzFeEPB8153S6ZMzsKKZRAFjWCzd2pWBv4/Wa4LCf5PZ6nJtgZ13R0stLkpYsFVtAOUI2Hum1qwj3ItJIguNhk4Rx71IYBXpL5FE/qlT6recLeAwentPsbjRC/Iy+J9JtCscnAfbo4pFLn41SYBNczN5ZJo1vr4Z1g4XksSteM/K0qqLppOSUN+LrlSWfDtreM6F463/FKMQx+DKfxSn3WcYWv8VePBtPRsSyU+SuLMSMDQmNtQOXd+pxwoiY9sFoiGL9UyoxyqlHC2Xir58HjfDC9MVAE1lquwmPYhIN7O9qaI1b+r6tStSLAuJmK13+eiyC5cUblOMGQtZ2J1+oGY2xyRwBKpoZAWuNLfUvGRxdFmgOE5SpEPtl+vew/lBpsf+Gj13fqSF8oJdGmFGslLr9heN1YUgSHrAYQZNz9DQo5bgA5w5HBEp4TTSMn8sKOIU8ct4J5vjq2heigYonZ0BVQSoHlVbLGi44lhHmqBim0+2P/F2zY3Ko+p5AMHkceAhOivRswpGe5c816fHjAAK5QXKyX4V7yxbHdCMrNMWpZdVpk+jyjGwXGEg6DzuXAJQbTGpwSAmMKOIWdP0fMcvfaufzGA3rAby+wi+KWWyH3pWwNBKUY7TEJq1GdigYui8ugPaJId1kV0Ehjl7IOLj5lOdTX0OeDakTg0GomLTXyFdNtydFBG8X0fIORwbeZMG5jqXKJ5wJZTrufGFZhre7pIHb87sC1zSvG7288IAqZl6CQXEanYNeOe5uGzrqbAQMQUm7b+cWWmk8S5qigKJwdwbHD9zd9WH4T5OV46M+Nj6EyG7QXrm7YpbSP7WRHcuYK4OkyUgmxYMWB8luc39t7t07Z2aukFPo/HD9LpbScvLQseQqsL271NqcB1aTu3fTpsda8V+NapYImxAuEJueWgWPAjpaniw2FWMbhOUrWBvfMdg60SfVf/xoOi4+4GgSsAq6PFYOx37UlDhGQdd7Ppb+xYMR+cY2ili0HJfJxmbA22WZKoId61VnqdwLTPFQwt2s/5WZ07+7R/Mj9eMbR0ZQgrj0BKYoZwwRiYuy5ZVPB6kvTSrnnp96FLP5z2YHB+/6DWC7/MIsymttEb4Ykps+AOTbJ6cNUyIRCI/FDHrTokDvPYGPPy652F3hV X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: eafea71b-4dd8-47b3-44c2-08daa792b743 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:01.0080 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: n158RM4GMQUNY6f02H9Ga1Rg1K4IX2khJpaEMI4M42XwzElPHHYxxhkMOUL3sd1lwvaVW3+SQBHdpRAE//Gfww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7008 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Changes done: - new cmd line option "hw" needs to be suffix, to generate the hw bound key. for ex: $:> keyctl add trusted 'new 32 hw' @s $:> keyctl add trusted 'load $(cat ) hw' @s - Key-payload, is added with two more information element specific to HBK -- flag 'is_hw_bound' -- structure 'struct hw_bound_key_info hbk_info' Signed-off-by: Pankaj Gupta --- include/keys/trusted-type.h | 4 ++++ security/keys/trusted-keys/trusted_core.c | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index 4eb64548a74f..bf58a204a974 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -7,6 +7,7 @@ #ifndef _KEYS_TRUSTED_TYPE_H #define _KEYS_TRUSTED_TYPE_H +#include #include #include #include @@ -22,6 +23,7 @@ #define MAX_BLOB_SIZE 512 #define MAX_PCRINFO_SIZE 64 #define MAX_DIGEST_SIZE 64 +#define HW_BOUND_KEY 1 struct trusted_key_payload { struct rcu_head rcu; @@ -29,6 +31,8 @@ struct trusted_key_payload { unsigned int blob_len; unsigned char migratable; unsigned char old_format; + unsigned char is_hw_bound; + struct hw_bound_key_info hbk_info; unsigned char key[MAX_KEY_SIZE + 1]; unsigned char blob[MAX_BLOB_SIZE]; }; diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c index c6fc50d67214..cb1d56397ed0 100644 --- a/security/keys/trusted-keys/trusted_core.c +++ b/security/keys/trusted-keys/trusted_core.c @@ -79,6 +79,8 @@ static int datablob_parse(char **datablob, struct trusted_key_payload *p) int key_cmd; char *c; + p->is_hw_bound = !HW_BOUND_KEY; + /* main command */ c = strsep(datablob, " \t"); if (!c) @@ -94,6 +96,13 @@ static int datablob_parse(char **datablob, struct trusted_key_payload *p) if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE) return -EINVAL; p->key_len = keylen; + do { + /* Second argument onwards, + * determine if tied to HW */ + c = strsep(datablob, " \t"); + if ((c != NULL) && (strcmp(c, "hw") == 0)) + p->is_hw_bound = HW_BOUND_KEY; + } while (c != NULL); ret = Opt_new; break; case Opt_load: @@ -107,6 +116,13 @@ static int datablob_parse(char **datablob, struct trusted_key_payload *p) ret = hex2bin(p->blob, c, p->blob_len); if (ret < 0) return -EINVAL; + do { + /* Second argument onwards, + * determine if tied to HW */ + c = strsep(datablob, " \t"); + if ((c != NULL) && (strcmp(c, "hw") == 0)) + p->is_hw_bound = HW_BOUND_KEY; + } while (c != NULL); ret = Opt_load; break; case Opt_update: From patchwork Thu Oct 6 13:08:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13000200 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26AF5C433F5 for ; Thu, 6 Oct 2022 12:03:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230496AbiJFMDZ (ORCPT ); Thu, 6 Oct 2022 08:03:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230403AbiJFMDO (ORCPT ); Thu, 6 Oct 2022 08:03:14 -0400 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80071.outbound.protection.outlook.com [40.107.8.71]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 337949DFB9; Thu, 6 Oct 2022 05:03:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IOgd4maMTke7LcGtf5zC0UO+59Ph/xQJvRS++IeZuoFqr6XnNgcC6Z8DUvAHMHcqW7Z15Z3vNITW1oZwx6gVNqkl+z4gvAOi/QCqFBszCOToiZpUZsiSv8yAuDu66wH5fnwvmFRDryd/H6X1g2/cgHkjnjRBLgiivJ/w534C6Xsxew9gm5PffaFd6zpXgSh47pOTVGM8IEVYAo0VA5uYUhe+w3auE3fzx/ZMypEieTa1/K/w/tB753twq/9Bpn9dqMIkdRSV2IAvjXQeXHezzkC9lZE+Pe9J8ofEB+qYZNL6e95I2XYnPfC+p20HxiVl9bkYs0lV0qMnkn1lE9fgRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BR0jgTDctb8AveoCnh5toL0VHmlthJ0oAPEakOL+or4=; b=n+nIA0tS/SHxeqLcsPgV2Y6UIAty3afPg+DCIhKpr/pL9cU9Pn8VXwkP0nfuz6jJsh61mzY2SJ/gU91okU2MLc/B+flI5NSzKZgatRTlskvchhJsnMwJI/OnptfSLGePp2n2NuMD2FwsE2RqRKEV89YsmgeCirHuUX+agZ6QCZ6ybkNL9cQlZkzYuMUB0Qrsjd1X6P1aVUokjDVi+OVhjdi+lrt/04rWbeD3kq953OuR/cH7kRpW0NmVk5VQJBVB77tRU6Upef3m3BpZT/kN7hfHQdbsmM7xTL+ZMLK5iL8bDymBT5PgAtU5cXKTjyBluOBJwRjQiR26C+goHdODnQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BR0jgTDctb8AveoCnh5toL0VHmlthJ0oAPEakOL+or4=; b=rjAlJ9PPT5NCy4+PrF6YeTSYyzheDgwGn/QGPVNg/do/6WGYxpk3vxCHjyqhKC5N3unBqiQNPO1ou1HdEZnOCbtIH4w2J4rI/ROh+HqQbUUGfrixm8YVEYBSMFKBOiNlOZ+SN75WzhbNRPZX74Kl1hhkOSWN3N1SEAW5pJTEU70= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM9PR04MB8523.eurprd04.prod.outlook.com (2603:10a6:20b:432::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:03:08 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:08 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm Date: Thu, 6 Oct 2022 18:38:32 +0530 Message-Id: <20221006130837.17587-4-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AM9PR04MB8523:EE_ X-MS-Office365-Filtering-Correlation-Id: 4d90a3e3-1ce6-4acc-07db-08daa792bbdc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rj6+BbjLUsqpxESgLHG3Ri1CuGmw8+YM9fllT8vhIoOY+MDDAWJ3J3tiW6QFkA40PvpGVEWOs397hDKpnwZoGqbTm619ZQUozIl54ss/NrkFwbOPnV/LTJllNssbpr6dyc01vkOIeVu5qel8Brvz14oYzpbZ5fvbczQGFjeRbnGn7gzYO4SZ4p1ABgfXVnMCPbgfU3u5/oqDupa+GpOIuq7CsvCdLNFPYGy44Iu63VIQTYKK6rq9/xPfntCB/8rRRVXzqdRFITXVRYQM7VryiY57bJmTqD8O+JTb8YnZ6eZXNMLcMKdnlpeiPSb7AqPnsmHBJQofE4DwtlWKg5QmPg+CwFueXC77YN8vJfu+U2o0x8ig8Q3LyIoa8fpUoyKPENcI3GTzsYFzrVy4NA/uQ0nWaJlrN5PJWF5h/gBVxnTIwh1P/1CcHBQcVQkzdiRyzQ1cqToA3i8kbOdIt8U1Ss8FvwuVjwj1vCab/Ikqc+Fq1/ccyjs0i7m+HDdT5X8Gyy2LXdV38pCZi9FSPes7XPg8WVea/0lp+1057iKt7kkkikp/jcLdR/jyoJJ3riSIfYQS0u/ndCHRA0IXUcCrDjcStnEGBTL79HdxExPCcmDo+5fCACqwVr2z/EMLiJNO5iljI9KMW852fHkWTDtqfIBvjd+ik9zs3v9IRTlYs6s9n6A9wHddAglBagll4Pgq5JUeuK4TVDjh8wg3A5LwZOGXxiKatfPWUFj99tHlwLI2bBDdmOdpt9oBRTI1sH3vapj8+g77OYIHtQTn4XJsQR6HhRuxdzQcgaVHh/vVqG3p7EC0IrU7VlZAjTs4vXEX X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(451199015)(66946007)(66556008)(4326008)(66476007)(8676002)(38350700002)(38100700002)(478600001)(1076003)(36756003)(41300700001)(2616005)(186003)(6486002)(316002)(6636002)(52116002)(6506007)(6512007)(86362001)(921005)(6666004)(26005)(2906002)(44832011)(5660300002)(7416002)(8936002)(21314003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: otSzbL+wPMErzb1HCkqwj+dSfue9GPHjoAAlQi88QS058Y/CnOff0HJSPrIevGKzXcVqxHff77tuWTUA0WSJs40h8n92KLTIXuOlXqipnFCSv7A21oHHiaolnuB4O+flfS1j5Re/OW0VS9My5ZgfA6lNI6qDBz0fVT3hGPuL4Q+P7Q8Zeuqy1gaztYTSm4J3eOrymHVyU5GfC825VSLfKE0vFIU/0OCIKDD+r+fLjWE7e0mmfPEK/2SZVF1Iy3hBy/Ek8pEYu7MsT6glcYzvsdAPgWqckI4vs8Al6xLNKprv0a8ysccT8/iJ7ZuicLOM/pVHbPoV1B2He+HPFnsF3rySwoVmEr1FlC5PqucR/XgSEyfSuffXsl0YXP3ojLqu1bCMtHFNl3OQQEF6+BlqcRWorTd7CVgXV9JahxuMXXPu+rcCdQHK6FZVivJKUlWnZoG9CaDYTidFAIS09YJu3alBF3uo3gGTKVHT/mbDtD/5hvuV8rt9WmYqQCN6dVLl0oLNM4aXwHO1GRczaJuV72ItGvgPvhPPxal1RSiSvMfnjI6Br+8tUoYTRJhzgVe6f6SgxoX8o3J6at32mbYjkWqF9G7JuIDSZIPCVxVixUhX5BSkQP4zY2d3eJJQDiltwAw30CYWgAT8TexEwGPe7PpJmbLqexUMRah51QBDNtWgA9zsvjWO3JBppnSuh7RpwWjDEdr1iomgZIovtydzu4gGuG4caL7Kzj9ZDnV0baEP3RBLr5u94QZqniyp3GSMkZ7xaL8byxtXNmiF34+K6gjtmHmQJL33gb8zTyoFSno9leMwQGwXtZSxwfFPiwpqqYuEVblBElTCg2grFZKAMMl1v28hTqXXIbGAA0T/GYjmj+BRpcbHC734pX5vPjYlML+qum7UVxwKe/6FLXYxGOlt6J2OOgTxhY2pRVVB+ELLXssN254RstRQPb5N2hvBZxBHzqxyXio/3+66Heru5gm5Xe4/lzGZHv4WLai0ci8KpqrWVoWkFI0iwbnS9iQsjudn7b41Z9yBZSl7hCMMsiZZ/tbUhLM6CiamW/g1LvoO8f4UTLPIHVvAUi7CF3UUjeluSeRzk/zBkhOB4VcesX5jCgRcjEBHOYj3+hwv6DANXm4rXbLn9EKF3AaggH5s2GIH12rAbIwK546ZDmtuG9Ge1kC5i1R/hk1C8+MdWPNgeo0fNlwdgL7+sDpJy8QZ1RtvuIXahQEP8UvnNBpQo/RM7D9Ms23LocLpbhWMIk3Ykwxi3Q9DxCKHXxdc5d4YHEVe1ozsf4E+ubH9cYZDhA1XpMwU4bbDhEL+bJimJ3xQClASZYNhTNEXRZlAc5H1YfW9Tr2am9Ar++ZkQ9M88cbc2xZ540qr20Q9rlYMVlZKBPZ8QetC6eLOwv7bYofsZiZXFmiLraMAmREChMJeJzUeCe7xlizGw8FQZunFpk2bD2wE/RT+4sRLTxRlVd8Y8fD+yCpkEbKj/pi898NZYmo09h4CW1SaPPX52ZMFoJnQg6EVXAkLf++NNcBqqYumAjrrtJoByYRTDgAkAjRutOlx42eiPBojpwPgI5q96Wtgcl57aSOlxQWA63jzFIkY X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d90a3e3-1ce6-4acc-07db-08daa792bbdc X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:08.8918 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: scdvJctj0bTe5Yi+XgKVaIt1z+fri4OQPjA0n52owvbIJCxck/P2S8O8p1pJgzubRGSweqbnfKwaqmy3WBlHQA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB8523 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Consumer of the kernel crypto api, after allocating the transformation (tfm), sets the: - flag 'is_hbk' - structure 'struct hw_bound_key_info hbk_info' based on the type of key, the consumer is using. This helps: - This helps to influence the core processing logic for the encapsulated algorithm. - This flag is set by the consumer after allocating the tfm and before calling the function crypto_xxx_setkey(). Signed-off-by: Pankaj Gupta --- include/linux/crypto.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 2324ab6f1846..cd476f8a1cb4 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -19,6 +19,7 @@ #include #include #include +#include /* * Autoloaded crypto modules should only use a prefixed name to avoid allowing @@ -639,6 +640,10 @@ struct crypto_tfm { u32 crt_flags; + unsigned int is_hbk; + + struct hw_bound_key_info hbk_info; + int node; void (*exit)(struct crypto_tfm *tfm); From patchwork Thu Oct 6 13:08:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13000201 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C1A9C4332F for ; Thu, 6 Oct 2022 12:04:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230480AbiJFMD5 (ORCPT ); Thu, 6 Oct 2022 08:03:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230482AbiJFMDX (ORCPT ); Thu, 6 Oct 2022 08:03:23 -0400 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80054.outbound.protection.outlook.com [40.107.8.54]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9EA359E0EE; Thu, 6 Oct 2022 05:03:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g983v0DHYWBnjhjobwEMmj8H58yKxOvP5t6YPamP6gG2oy7j8/Hn4OYi3jwD0gilpZpyJqmEoX7buT3E7xXQtcUmEh5cIj/TOO15Ia+t4SA/5EftBfgUxhC4GSG1dh5tGhz09ROR8SytMVYllco7lHFX+x82+ep7hSeP5T3/wIJKPbWgMIKqUOhc8jZBYYcvY1sIvgnpoLyHmvwBHT4K0lgIejithe0iCCuoHamO4AlLWvvMF3Xr7NxHPJf2kZnGgHgqUTHmRzhbjwzDqH7ygb+axzFSG26iwPVzePHz+dN8G7VwPnNy11eD3YVmtVjUX9UvX2smM9C4582J+oNI5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C7YbdqO+/E4zVo+1YJyFVZGcdSM83A81NT0btdwkuSE=; b=jPKpCEz2Azl7UqsA/F1xhn+VQADyGxv9PfF9dgYnxtQFsYvzcXfDedBPe8Ic6/nuk+LMT7HeQmw9KRO5ofh+jsmI9KnPZJoNl4wnLI4NYg4tFFwD0cJ5exXQQ4EEb2fUURh7TqLR/bwEqzzYxa0lFA2cs6ng6ENRu8Xz2g5rbOxVMJSAOMJZoHAqVS7MOjdCD+T3keVyuS11GlBOCrkcJDT3poDSCW/1gb7mbWS9k58PLdtVPrBI3e+yjRVUu214UoSO5uRxvfrYHzJFo7x0zf8Hp/nAGpnFZ+0iX8C1AKDv207lsPobn/ZyVJa7yqgsCRrsh+NJjjuuyBK+QdTdYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C7YbdqO+/E4zVo+1YJyFVZGcdSM83A81NT0btdwkuSE=; b=o6Xf6DshfNzOOv1cl+HqT163olY0YQ7zheJEU5Y24w29N8gg3lCol8RTzT4CDfruy/M5ZLoee/FG1M5RszhmLLBh50UTSOeHMT9W1LHZownRnAolbHVE2eyTSCuSaKy0AY+GvYm7LbeC07m4uy6fX/rum/NwlF1nbuKQ1XOTzh8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM9PR04MB8523.eurprd04.prod.outlook.com (2603:10a6:20b:432::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:03:16 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:16 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 4/8] sk_cipher: checking for hw bound operation Date: Thu, 6 Oct 2022 18:38:33 +0530 Message-Id: <20221006130837.17587-5-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AM9PR04MB8523:EE_ X-MS-Office365-Filtering-Correlation-Id: a448c558-63cf-4500-c91e-08daa792c084 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: obDUzDvgzq1foSSvVzThro01boAf/9zdoMUgyJpDuiXJrj9d7HLSCmb9Lb3jNV7ZU1SetwM2H2Hum+f88Vt39rA5wrfZo1enLSsrMQ3VcJeU9P4eQzP0tnkC/UHCqhcqC4znSXJl8nYAOznwr+49SXyPZak34l5sEIZbQU6PTisHxbyoAj9dErymLYeOrQlArGQkQHWqRn6NATtoAFY4JAIy8UvDnMtomKAVYtrKrh9oLtVFE898gKUuIUTbAcnYR0uPe2z4IKtTZg5yvrJx+a9u9Y/8kNfXm4TTRbIxmA3fyYBOSfO4PkbCPrbom+IUXzUq5DfYgBSRUjI1jv89+oCKV2qhiYHO4Ax2g5yUXkNr+UAccZwCqDo+T9FBkTDf3UZAmCv7Fu6MhjI6GmeJnDMJwNK8Yhsh16Rk1b6iyLtniYm70NhrGCwqGpieYBqp6ADIjrxoKzoNhpqNnQPytYYAiJ/NCyioaLhJxuRa79moAhw3ajBMi1WGZAX2ig8tHVRrzFMB1Wx1hyoIe2zq/odjbc67EPKJc3cGuPz8sVMP1RRM3BprEM394xbw16GgKYnHBBIbBoDxHgY747D0LqDX+62/CVb9HcdL9cbh/MrAJYgxk3vW1GGFKWOwtFSN/nMqqsZVy5bzvrsYH6wH3ceBTBAcXwNd05H9ASB9PdKHc6RQcaEIqH0ZhQ8tNZ6R9D/C/p2Xo+Hc4yP6J+UAZyLL5xH5t/kOnk3Z7VZAS34LhTnQjY9MCHAEvoA36KfaUdT9HAimdlJoyPwP50xewEjlxuCkVnN1rAsZ6ykNGlE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(451199015)(66946007)(66556008)(4326008)(66476007)(8676002)(38350700002)(38100700002)(478600001)(83380400001)(1076003)(36756003)(41300700001)(2616005)(186003)(6486002)(316002)(6636002)(52116002)(6506007)(6512007)(86362001)(921005)(6666004)(26005)(2906002)(4744005)(44832011)(5660300002)(7416002)(8936002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ZCJm/1uPIbKzQ9zWyNMOOr3pFp3lgLhNV+PSYkJujkVo8XuVn5/7Oe+RGaWo/C2VUCEuYqCWPgIeTmOEWOiNWYOwSQgSGn/6K11y5aByHsbgmLhtYlfIq2Z/6PWQQg6na9mlcH6MRKY2u2bgYFa+vMywrsEfR+rhFxVvJrAwo74PR5x+7ymHD8dD5vEqzSUMwQZrLPw0JIT268+931Aj4AHVBznTHMPxO87maxDyCHCS/vk7KykpnceqeOkUaZ6/3qSXhy+7Wz7hcboyp9piEUr4D/G9X26NkoSxtoz/8Lz2xe2SXdAALlOwxm5rjP2kBbTRhjaJaKiROULoc3Uh/iUUMyYhkJtf2Nqbj7KUDDUzdggfF+GjVpyWcIX43ipUtNr3lIjgow2UWm/ESaeb88XH0wI6D9a4UNqTXfrkl2JRArtn+2jgqNr7VqXG33mPJKxRjPPIPgYF6LlNdylvujeqzBe1+7BE/MIgkHVOshwqGWl4yNbfByPWPxuw6XJfxyvTdQjB8+LApqSR/X6ZARslWqJ5mmv+/NjfbuOOO5xW83abswdCuE9e072vhqNme4W4nmsy/MSfyzo5mUaJ8hmxzF2xiCqKWZsarE62FVVqviWK7W+d5B6uNx11uHZIH2OaQLWIa7beNk/PHahMDSLyJWPxt7kKX1bnqSud9Cs1tsqv2mevgu5bE/dKGe6d/R3aMBGEa1J0oRZlWyEo1XWqW4mtMdlsjBBrO16bwoIRmk0N/1Oerg493XJwnmZ4H9VZZjaKVz0Q/yjFsqK8Rz3MRQnYXq5jzoyQeRHD12aAsobDhiT2T24aqaq+9VtlwkubDTBnM82llVMRzP43/uQHycbeIzGXO1UATlVKjRtg6GoOUDA90AdGn79YsyqSviz3Ssk6By2kk1hvXMw3knDNZmTu+0CE1yXggK+fFHK+kpYnFygYrVHhqUBUoS8NEhAnhvPUNAy2+MBireyTxKXjQvDA4wSA/VaqLfZ0jVSe5eTIdSD7xD1O7pZzSyDnqW1GrAX3a9XH18IXBiY/D6c+7U1RH+2py67VclXLaIF7djTlfSX5qJ0bbUYervskm8OMAqltEikWXVfstU54jLfD28KUBcaC7z/JcL7AvKvd4uy5UWii1/2cLrCusXyOjn+WhqWG1gyiZd8q5vdWWFbiI9egSoj221es1fhF/riE/A8FajXWdKYx24E4A+q4JQbpqEkW6XiAdRUNstx99TAd1H9eWuxvi5KLiDSnBLe5ecD+reHY9fj2qXqrPNSuxSF1MWDrHrEc/pU3cC4n3sbziLdjAL98wxJab2+eE+yvxp6o0oei2LEMg/dDPzK8VFQ01SFMkfxHXLcmcRFPw2OhOAnuEc+6z/6XfBScf8fmQmzs/8bavqB0crG+Q4Q1rdynOkRc+NNicjthkBPrY8qQVGnBDu5KONTzq22t/rL4p49sZ33GWEx/ol695/bo3wXrXyZ2fCLQ2VxTfY3xemfbtnJJmsZKPT8mVQT+pyY4GnAUN/XhTO8X1F6HdnUwvZBlGZQTG0VczsccKmjdtLle8/tnwCqYbpiEzk5NdfwHAC2um9w290c6UQ0X8Viu X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: a448c558-63cf-4500-c91e-08daa792c084 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:16.6931 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SC4/1chPpKYCILiSTmhfPDxCXXsPnOmSv9bV3x2+HuPx9055iQHH8p+Id6yoZSSk/5XC4ssn+BdGY1nt7r3wPQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB8523 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Checking for hw bound key. If yes, - skipping the key-length validation to fall in min-max range. Signed-off-by: Pankaj Gupta --- crypto/skcipher.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/skcipher.c b/crypto/skcipher.c index 418211180cee..0f2d0228d73e 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -598,7 +598,8 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, unsigned long alignmask = crypto_skcipher_alignmask(tfm); int err; - if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) + if ((!tfm->base.is_hbk) + && (keylen < cipher->min_keysize || keylen > cipher->max_keysize)) return -EINVAL; if ((unsigned long)key & alignmask) From patchwork Thu Oct 6 13:08:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13000202 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9BFF1C433FE for ; Thu, 6 Oct 2022 12:04:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230309AbiJFMEF (ORCPT ); Thu, 6 Oct 2022 08:04:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231187AbiJFMDf (ORCPT ); Thu, 6 Oct 2022 08:03:35 -0400 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80083.outbound.protection.outlook.com [40.107.8.83]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43DAA9DFBF; Thu, 6 Oct 2022 05:03:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VlvC67Z1enkQMkmSJlQ39YS8DTbIeZuD7ky5llukAazVLi6Hxsd8Eu1Mb7DSX9UJvPvM6sKRVDAnCadaPShccHuspaeo2jF1LSw42tEyhAvQk1D1+Qf6IrCu77ocn1D6agalsB6zDjoXwD5HSEH22MBYZj+OGX3woxJhuT1SFiwJPSg9ZqZyurUqHe+sSaS4c+/1+SKmxRDCm6ncDAuflDSTHxjtUf7UZBYnlg9lnrWkfdwdci17cbfzuhidAy6d36IkzwUK97z78oY/a1+eP92liSefHEnsHQxJiRTLoew+wEt7gPlaamvKYk6UXOLkguadWH8oM7kRZCQ2EOo9Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=o2UritZ64XhuLuHlDNnnLv+PulPgSfha2l3qQaupvMU=; b=oSDhUxjnqZaiyLjGw3AbOMst+YUO/VeUA8VFT0bBj/fLcSLDJhk8IZ3mB+k0kxGyu8bXB00+FRHSVuP5hqgnOI0nWQhlgUkG3mArMcfJ7GtmSRC+HmJpsIqkZ8PsxjBaMZCa4QpBE/5I4jFg4AT3Q5wRjOfRWxNMJbjCCyM8a8TtoSuxBReSquUxQ0bIy4F5dgjEzzDC2HmJnSAXCnf7jJjBQMfAZNVLI15Zny1TYUtZQjOEyQMLUOcUnbpCRz551RG3DbDFO7heqLClFJqw2OnwpEF1rgZ0x8W5FNT5JwtdDLEX7WWhJcXTEnDMGTOfV21+GJgFsTC2xUeu+0RE4w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o2UritZ64XhuLuHlDNnnLv+PulPgSfha2l3qQaupvMU=; b=QX5iQptiCSO87n/wxzXY52cjXIaMotgimCaJmHYs0W+fphSWDf5QmPkFa0KuLogn8w4UouZd1Az+2Qr8Xz726Ns61uxdayq1eAICMyTj42GW33UtupM7HgNcBNIOUxwPldk316CoeVgx1aHsEnY54RgK8U21t9mEZN8yp79IIWo= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM9PR04MB8523.eurprd04.prod.outlook.com (2603:10a6:20b:432::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:03:24 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:24 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 5/8] keys-trusted: re-factored caam based trusted key Date: Thu, 6 Oct 2022 18:38:34 +0530 Message-Id: <20221006130837.17587-6-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AM9PR04MB8523:EE_ X-MS-Office365-Filtering-Correlation-Id: 23a599bd-0eee-4aff-04eb-08daa792c540 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mBgm7ZPmylAiKlsaeZG+yIS2p23v80cBHzGjZpfkGPqH4UGoO/AwtxW0ZAXUWEUo0f+4SivS4tyU4UnwosV6GNLFVyVWnwx0jTdY7GA5JehlOS9ck4xykw0KdxENmJRjuM9lQwJWz/QGr1KepYF0+r4pMWceeyRKejEAmklNT9zd0SNSXqxYFAPcvW3f56hYC2pa0JhOjmjjDuXq6ClGOXbVux//rH8+EHm7WdLKKvSjYkaz4dlD5S8j/AcvipX4ovS2M5yuXji+pQrprZUVe0M/iLNIExq+bYc1lBZC0fYPhhIXtT3W8TW3PYpltSP4P02lRpjBOp1ani7zeaSN9oKawAnR509d0bTdMTks2aJTm31QIJyIsUxVOn4ZGkeYcgL254PepFVUv7Vr+cagdF3fmN4ot5zbXXK3VMrOeDzfN0fNaizCZaeZGqEttGxsEKsiMwxFgYp07GYQq/buTQf7dkeOizKzYCqR9oV+rCfiPRZ6cGFEhs0s1jVK0bzId/Q9a5q0Xk6VGyFnSlfIMs2ZYUfSSwNvyzTAqofvl28jwABA4RoL0SaX4JvMmqIpyzQoLC2SHImrSF0tY94AKPL1/tmliYm0lT1Qm+Nz4LVdgHqtVhBbl1xBjlhV5gUx8nnM5dM8HzjrcnRAmV5PAZbBS7WjrH8Y5YfGd4yx/dNJzzOtUmpZN2nSiLPcgaJ199BzJgSiPTO3seXt4U8DmpaNV6SDaBuazKOccGB5NCWPRxbNa20fOpFLhZ9kNQVJ+VPN8uW3M99D9EWs0v/Mz7RfK8bodCTR5Uz7gWAySX8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(451199015)(66946007)(66556008)(4326008)(66476007)(8676002)(38350700002)(38100700002)(478600001)(83380400001)(1076003)(36756003)(41300700001)(2616005)(186003)(6486002)(316002)(6636002)(52116002)(6506007)(6512007)(86362001)(921005)(6666004)(26005)(2906002)(44832011)(5660300002)(7416002)(8936002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: e6e+SMwx8GLMUlhorOigOYNoJzM/ABDOWYoGz+nh4pztMcfuqTBdCcEs5RWpbZ3crDvn0vloTH7SQIvhTMypan7HN/Zllg6A9xjyqC8l7yDeKeb44PDilQpb9FqEsAaRO7cQIJeB3TF7sw42I8GkSir7cxelc5e9eaX8+I9c8mfsVe5TKUgciQU4IlcOQ7AzDNkIP73qwUMY/xGDe1jbZvoXCZUo7WP/ASFlFeIZOKHvRnL1oHijM+Y7obuipBRVV3gv1Mvwbib17u01wBqYAnkvb4r0yRMjKMpQUq6L+5W99KP6wDH5N9qP67sBlQRPKOWptOogm6DiMNKdeS72MqKX1xq8Fg+PRw4mHWbC6htx9eQGIlTsD3c+4/nUzDlSzWoHSjx04nIz9ZctpX9oqqiCbJnldKtCv8GJRzD4yXFw3cSOkbuf4/HXIhoYd4ZAKeNxEYbHaZ0dxoutkRRCKw9rGUyc2LJIU11ujtfJ3cnLeLJ43feA4ztYtejDpX2UskxGKubyjFjvNUmjH2lJ29KOcN6g7+1qbhPhMRl6dzH4GMQPO2FZEdj4A2622XWjPv/F5c/cqxgjzYWKne4qgLSfYztY69n+cp19TBzTPIRRAPuvkjUnVlafQhWaXpn+8XxWETORUSWhRIGpxQdlO8GgKZoyddcCAazkTYsJPJWQsmCGmOBXB01DvecBq0naUXTEf+VQgj6em0PvXfjIFcwxlElbQHhVtBMWtRkVRUANDrQmO6uWNwrk0Gzf0muppZDOigeuHeCZ6Xua8fFtUo/DImkiMBVVEFtbMn5LVUAeZvfAbv0xUjq14FhUG2hPmIZYSHFzB4/7JkQR8xi2r0jgNdd2SvtATW9J8YA8v0vDsQBlgfeffCniHFLxqesDWvqj9m8JlSynRl3YGlj/Uu05SpIptQwxPHvvEUlJuf0P3K8negLW+hGPnOWx0JeJUiYH54KDbzRhiWDF3R72Xl1AXSpLxymdQ/Lq9w/UBnihT721U+VmkNfvNpYpxZCx2Z8/R+cBgQyxs8SyYaa95K1rZJy2sJiy3P44No9NdE2GRcplAtIniBKBFD5tWIg2SDkdlS2GLhRkdr1MyMOG5tf/QrZQqGuFwbjtuW9NNWcR6VDDnkAE/VuxAveG1bMTx4wI+smKJdW7JIcQlkyHrobUUTncko83vrLyRGF4wav26oBDRIGDIcu0t+SfNk62DxTSY/Zv05Ms5xMkGZKqzvJf3uWxUu+dAaqt931OQu8eoc8hfBofTalwNYqx+P/U+gQSEpSN6dxS1CIs7Mysk2mYlQzqHpc9Z7txo+mWe/BTTmEejegX7W/xjm2K28IUjmhXAk+AanhSyTPfDgp/Qh//I4yGlonkQ8pJmGCzUAsySSHkjZKZLQ9dRS626DtLTXM8Fj3Bsraczp+LGRKlbZSO7X2Rd4wTvgheNSiN8DANDF28lVhIncglolUbrJLDyt8F84Qvf45bZk0D/w0M28jtO6UkU+FHN9tEV2ndRfrMnVLGrXoH+NxXvbDZyMhe8NJ4vLlctZ6wqgC9K27S1ku9e9JtJRU9/+WXIwldoPikW1vNQqxHcghOCj+kAWDa X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 23a599bd-0eee-4aff-04eb-08daa792c540 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:24.5998 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YaLS7Nz9i6NMEmMgvwbwm3HD1t6HOnTWeaIOJNJ7KU2+YPx2R+KGOzflsPhXIRxYeQ7KFb0C+NQruwQV3l4vvw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB8523 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Re-factored caam based trusted key code: - Two separate definition for encap and decap having separate code for creating CAAM job descriptor. Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/blob_gen.c | 118 ++++++++++++++++++++++++++++++--- include/soc/fsl/caam-blob.h | 23 ++----- 2 files changed, 114 insertions(+), 27 deletions(-) diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c index 6345c7269eb0..36683ec9aee0 100644 --- a/drivers/crypto/caam/blob_gen.c +++ b/drivers/crypto/caam/blob_gen.c @@ -2,6 +2,7 @@ /* * Copyright (C) 2015 Pengutronix, Steffen Trumtrar * Copyright (C) 2021 Pengutronix, Ahmad Fatoum + * Copyright 2022 NXP, Pankaj Gupta */ #define pr_fmt(fmt) "caam blob_gen: " fmt @@ -58,8 +59,19 @@ static void caam_blob_job_done(struct device *dev, u32 *desc, u32 err, void *con complete(&res->completion); } -int caam_process_blob(struct caam_blob_priv *priv, - struct caam_blob_info *info, bool encap) + + +/** caam_encap_blob - encapsulate blob + * + * @priv: instance returned by caam_blob_gen_init + * @info: pointer to blobbing info describing input key, + * output blob and key modifier buffers. + * + * returns 0 and sets info->output_len on success and returns + * a negative error code otherwise. + */ +int caam_encap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info) { struct caam_blob_job_result testres; struct device *jrdev = &priv->jrdev; @@ -72,14 +84,102 @@ int caam_process_blob(struct caam_blob_priv *priv, if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) return -EINVAL; - if (encap) { - op |= OP_TYPE_ENCAP_PROTOCOL; - output_len = info->input_len + CAAM_BLOB_OVERHEAD; - } else { - op |= OP_TYPE_DECAP_PROTOCOL; - output_len = info->input_len - CAAM_BLOB_OVERHEAD; + op |= OP_TYPE_ENCAP_PROTOCOL; + output_len = info->input_len + CAAM_BLOB_OVERHEAD; + + desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); + if (!desc) + return -ENOMEM; + + dma_in = dma_map_single(jrdev, info->input, info->input_len, + DMA_TO_DEVICE); + if (dma_mapping_error(jrdev, dma_in)) { + dev_err(jrdev, "unable to map input DMA buffer\n"); + ret = -ENOMEM; + goto out_free; + } + + dma_out = dma_map_single(jrdev, info->output, output_len, + DMA_FROM_DEVICE); + if (dma_mapping_error(jrdev, dma_out)) { + dev_err(jrdev, "unable to map output DMA buffer\n"); + ret = -ENOMEM; + goto out_unmap_in; + } + + /* + * A data blob is encrypted using a blob key (BK); a random number. + * The BK is used as an AES-CCM key. The initial block (B0) and the + * initial counter (Ctr0) are generated automatically and stored in + * Class 1 Context DWords 0+1+2+3. The random BK is stored in the + * Class 1 Key Register. Operation Mode is set to AES-CCM. + */ + + init_job_desc(desc, 0); + append_key_as_imm(desc, info->key_mod, info->key_mod_len, + info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG); + append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); + append_seq_out_ptr_intlen(desc, dma_out, output_len, 0); + append_operation(desc, op); + + print_hex_dump_debug("data@"__stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 1, info->input, + info->input_len, false); + print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 1, desc, + desc_bytes(desc), false); + + testres.err = 0; + init_completion(&testres.completion); + + ret = caam_jr_enqueue(jrdev, desc, caam_blob_job_done, &testres); + if (ret == -EINPROGRESS) { + wait_for_completion(&testres.completion); + ret = testres.err; + print_hex_dump_debug("output@"__stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 1, info->output, + output_len, false); } + if (ret == 0) + info->output_len = output_len; + + dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE); +out_unmap_in: + dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE); +out_free: + kfree(desc); + + return ret; +} +EXPORT_SYMBOL(caam_encap_blob); + +/** caam_decap_blob - decapsulate blob + * + * @priv: instance returned by caam_blob_gen_init + * @info: pointer to blobbing info describing output key, + * input blob and key modifier buffers. + * + * returns 0 and sets info->output_len on success and returns + * a negative error code otherwise. + */ +int caam_decap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info) +{ + struct caam_blob_job_result testres; + struct device *jrdev = &priv->jrdev; + dma_addr_t dma_in, dma_out; + int op = OP_PCLID_BLOB; + size_t output_len; + u32 *desc; + int ret; + + if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) + return -EINVAL; + + op |= OP_TYPE_DECAP_PROTOCOL; + output_len = info->input_len - CAAM_BLOB_OVERHEAD; + desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); if (!desc) return -ENOMEM; @@ -145,7 +245,7 @@ int caam_process_blob(struct caam_blob_priv *priv, return ret; } -EXPORT_SYMBOL(caam_process_blob); +EXPORT_SYMBOL(caam_decap_blob); struct caam_blob_priv *caam_blob_gen_init(void) { diff --git a/include/soc/fsl/caam-blob.h b/include/soc/fsl/caam-blob.h index 937cac52f36d..de507e2a9555 100644 --- a/include/soc/fsl/caam-blob.h +++ b/include/soc/fsl/caam-blob.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* * Copyright (C) 2020 Pengutronix, Ahmad Fatoum + * Copyright 2022 NXP, Pankaj Gupta */ #ifndef __CAAM_BLOB_GEN @@ -72,15 +73,8 @@ int caam_process_blob(struct caam_blob_priv *priv, * Return: %0 and sets ``info->output_len`` on success and * a negative error code otherwise. */ -static inline int caam_encap_blob(struct caam_blob_priv *priv, - struct caam_blob_info *info) -{ - if (info->output_len < info->input_len + CAAM_BLOB_OVERHEAD) - return -EINVAL; - - return caam_process_blob(priv, info, true); -} - +int caam_encap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info); /** * caam_decap_blob - decapsulate blob * @priv: instance returned by caam_blob_gen_init() @@ -90,14 +84,7 @@ static inline int caam_encap_blob(struct caam_blob_priv *priv, * Return: %0 and sets ``info->output_len`` on success and * a negative error code otherwise. */ -static inline int caam_decap_blob(struct caam_blob_priv *priv, - struct caam_blob_info *info) -{ - if (info->input_len < CAAM_BLOB_OVERHEAD || - info->output_len < info->input_len - CAAM_BLOB_OVERHEAD) - return -EINVAL; - - return caam_process_blob(priv, info, false); -} +int caam_decap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info); #endif From patchwork Thu Oct 6 13:08:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13000203 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C4D3C4332F for ; Thu, 6 Oct 2022 12:04:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231148AbiJFMEa (ORCPT ); Thu, 6 Oct 2022 08:04:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231292AbiJFMDv (ORCPT ); Thu, 6 Oct 2022 08:03:51 -0400 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2078.outbound.protection.outlook.com [40.107.20.78]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 015BF9E0FF; Thu, 6 Oct 2022 05:03:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LUYVFHGLetpBMXujCCzjU4J2eFAa9zi0/GK68Jav68lHRU6Z8QZe++JX0jX5AM6CHQ9t+zNSfD5k7fkwT54QWELQuDFM6rJcr1cCryRJdg1wsxFb9kKUE9ip6pw9ue84L8oFd8EZWNAvMq2QomPRjp928DcjuCYmwubIhb2xf+cSKpdVa0p/dSEeleOOFRzYGKWomrPuljy2Q8fJhbgWwo0WZNiFAUOTWEiWyWw17H5e4bf4aFVHHDZM/V9kSQyE1x7Io1EKVvpO2fzy8Vyg7CT5M45PcKboc0cYe8cJFkGewYY9KfwUZm7oojeBo6GjY1iMYFfV7HjO2JPEwWRfPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PQQVzVk1wfibk9bdpjQfi8CXKdBDOHMEi7f9ZwMZzlM=; b=BmTUhlyF1hO1eQ59t8hgAT/TrjB3cOXwlNF1OIZYGzFxb9PE3NR4Zg7l30gURZq4qWfHYhHzIqhbtbHcFLpVUB5t1EPaYddyLAknnG04TjTdTXsOD8mK58UQ2waPLw3YnY7/06NbRf15ZarjMOHqM9w78QtqJ5BP7TuusL1R/Ed7GB2FZ/Hsc+VCe7SMsNi638sMLqwOcFpKMTlR8U0lSNhGpANcgsADHYPcJ7es23KuPWXVhSWkHP3uwZxhhbKUSH9rwmpfMz0jvjJD4fdv2FzNzlzu7v7voFpDzZP+l7z3CLWyK08mjAP42L1uehHe9zUw3dll1psUE4JBt8A5Gg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PQQVzVk1wfibk9bdpjQfi8CXKdBDOHMEi7f9ZwMZzlM=; b=CFbI1M2sgXRYk1aGNnTkT47FTQMV8bUVLjMI3Q/jyfMA2IJFbwFRtkV3UHPHTS44EKrzjapBBIuW1mFqn8Qg9fNYrK7UuISYbB9mnxVo9c6y+C8+SR/WjqCZJpGTu8Uoc4Zcy0oqbJT2hnBJq6nstKcGLmqtkEPOOl4GdPWUqHk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AS8PR04MB8245.eurprd04.prod.outlook.com (2603:10a6:20b:3f9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.32; Thu, 6 Oct 2022 12:03:32 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:32 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 6/8] KEYS: trusted: caam based black key Date: Thu, 6 Oct 2022 18:38:35 +0530 Message-Id: <20221006130837.17587-7-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AS8PR04MB8245:EE_ X-MS-Office365-Filtering-Correlation-Id: efadc8de-e4b9-4fa1-014f-08daa792c9d6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HBfFs0FdOQWgS2E8GIu/fsF/QnVPbI0tTFQNqXXnAjNXvZwuatNSbIMzuCIvQuj3Lc7jtN4MeZNlQz0i0sUW1UHcqoqkurCJjMgHdbqKL3dN6H+HZ91PDspUeldNUed5NoXjSnJ1C4IkBQcLNmBg0yPJiWLqGBEa2YsM2pzGv91zWAXXkD4Pu2ijHi21YWsRKtcFqSAqc2s845ilA9lrZ9Hj58cj2Ka9oJdsOqNRlfL/Wh0TKoDZ1nDBDkMldUf/bcCIm0WZ/+VSYnyPmL4PNqFNFuxf467mINcQuOizpO5l1BVZ8DDVZb0RWbvv9GdQh8Zxw89F7+7G23Mvk8N9fBfc4EsBX2tAbhC4CuGSKTgeHWfnloVn9k4iWCoXHGbTjad0gRcIyadUOkPPeCRwOaMB/8FsDAJGUwIgO8UJHZw9WucTDDszNEJs/zYYm5TvOSw9qu6C0vGkfbGIpy1teQKXgHwXYKYTNPTAlg3Pi2iwtJtoj1jZWEr84NCIv+kwrNRXT+z8I0WWHzb5bHrjp4V1MlxYwrs8IgNPMXGUo5lwgG+3owH38LuobLW0M/7Rti79U2EIyYpxz/alC5MY2QxGCg5tX1fQ2Ulu81pp4zr/xz+djFwWYYghXTxN9ejmzbuQP7PqSCvEOLQuXGSOFy7EIJ82QTKOEvR1yZk0G9CEezGOOQUrGpOm6EOWZPbZx9k9wWLSFrEc2V97ddn3HPdnrwRofFy6ho0U44YmcMn3DfsY98r7gw5aK3wPfo0ClWSWxJ3qNDW6IjhCR+xsgQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(39860400002)(136003)(346002)(366004)(396003)(451199015)(2616005)(186003)(83380400001)(1076003)(38100700002)(7416002)(38350700002)(921005)(30864003)(5660300002)(44832011)(2906002)(8936002)(6506007)(52116002)(6486002)(6512007)(41300700001)(478600001)(26005)(6636002)(8676002)(66476007)(66946007)(4326008)(66556008)(316002)(36756003)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: VLWh1KEDCEi11UWHGGByJLYYjOI7NNnjsEvgB4HKv6i4rNaP3EOwWFlYNvrgoQgCIwyczPu8opYp2o8xEq4sqU4NwCqGIbi2WreovLTEOo2XL6mgMeHCiH471XtO1QHCpuoaVUzrH443nZCkP+wh2IAcP2JaXXpQzoxV2kRptFYGn2Zn2c7GIlfMvB8pxHAfdO6ryCG9FX4H5DFEq6wtHNA77VNbZUNMyi6cJts6lTZ/sC1YlkXQRsAwEz9oH1qabHQvuiWvxcLk9eJkzT/ni5XDkXdjfcs+HSE1yOAyq28EFlB6uFZGLLMfKmfSOGihejPqulCYa8yNcuoDvurYChvWHANA5uWhZzuAqXQc0O3NYP/T2fRh7Qigs88Y/lx6e7MdL9gTNPxSBKVtA/7/SiRp8ry8mMHVt8sBw7fMzOPctVztFQ44ZJWCT3bu20MfWVcwVV0C++WZxR3gZjUF0LyCFZTWBYGgVCzkyG6qlzXoePlXfjNChfQgazs49J5jYoo4K/kkGTtb6z7Iy9afv7v8R0fQ6hehXybV8rYk1m0P2J/omdEU1sPIolaSdZklbdLVVQ44ulESktCrzIpeD8WdgGl2gCjcAmgr2vv4tOOrAIZa5rvcCcmh9oh9CXKsb/BMhB+goVoJXepErJgPWqMawl0k+Pzloa5pQLJ1O0ZpOV7nkuk5nUYB4rHgZwn4pBFhivNKUL/DwqLh3JbaVyRSkJ4jAz8L5ZeO8aIUV+wKokiTx89N/DtRMlLhsFbt0+V0liiTHYW+p4ptr5WSgxlfQgokp/hcXqV/obbceUOc3VsjlmDcpkzeUgiRm7SYR8Qmslwa3ZOsix+7MDUEphSWNUJnIcI9nzHi+YUtI5cqMfLMnpq/PGOxW0q2GN/9EucKd4sl8rO4UjqvN49aN9IoP0YAnA7V++C4QwJPwV40+Hb3aGpmoT0XhR7cMq5Y7/CGFzG3kL5w6yGo227DGWbVF7SGq0UOhCddmRhvZmFRPSu8kbIzX76Vy6JH74WzWErUTa9pS+qVWLNMBWAcIp4uHhAPGFFD2XqvrHxi7wJxAOMf0fD2AxvD85W6PUz8Jv8nCAw1kkjrYARXdC7XmF1AtfdOHipbrL4AmApuVjak2aekAS1ViNNNW1mNO0R6GOsQONNk/rI/tbP8Or3XCqOdgUXgm5eA936MKmTwemwFGu5YNOE+RSlppTKOGNfZlRAkDfrPhiETxztrEKlIkNi0ll6HJ2Tjk2zoR6pRqbeVxtFn/sxmd2CifYy/HLhXe1jAsYUHH9EwKcGWmaK05CBgH+OHLVdIQ/81e51ckIxXJZpFPsOxTUATogGNpMPX7l3KfHbV/ei8iJCZuPVcUemBpZgLUCPewSH6c7rHXAPzYQTgNfxXEELMqtoNlQjNcDcvgScY5OreTEop4NH95Ev5K9OinR9tAGMhuFNP2ev27jSobSMtV0VvGcgV7o8H54whGYeLuATOEv5gtYcHHy8GuKzO70/FFFrDeAum09ixieDoAVZWlW2i+47wyb1ibnNqWIMFMWke/MD5Y+HIM5JzFF6BomRhMeYFsQx9C2mOusXCM441QC+AbW4Z0+AD X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: efadc8de-e4b9-4fa1-014f-08daa792c9d6 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:32.3072 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: D2CsDQ44cSePbeADfRPG8K2L529bny37fBaWS1VSGIwhfufc89Qv3o+/I8O0Tmql9vHNdDManv6UddQGskj/Dw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8245 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org - CAAM supports two types of black keys: -- Plain key encrypted with ECB -- Plain key encrypted with CCM Note: Due to robustness, default encytption used for black key is CCM. - A black key blob is generated, and added to trusted key payload. This is done as part of sealing operation, that was triggered as a result of: -- new key generation -- load key, Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/blob_gen.c | 123 +++++++++++++++++++--- drivers/crypto/caam/desc.h | 8 +- include/soc/fsl/caam-blob.h | 15 +++ security/keys/trusted-keys/trusted_caam.c | 8 ++ 4 files changed, 136 insertions(+), 18 deletions(-) diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c index 36683ec9aee0..93e05557dcaa 100644 --- a/drivers/crypto/caam/blob_gen.c +++ b/drivers/crypto/caam/blob_gen.c @@ -8,6 +8,8 @@ #define pr_fmt(fmt) "caam blob_gen: " fmt #include +#include +#include #include #include "compat.h" @@ -32,6 +34,9 @@ struct caam_blob_priv { struct device jrdev; + /* Flags: whether generated trusted key, is ECB or CCM encrypted.*/ + uint8_t hbk_flags; + uint8_t rsv[3]; }; struct caam_blob_job_result { @@ -78,8 +83,13 @@ int caam_encap_blob(struct caam_blob_priv *priv, dma_addr_t dma_in, dma_out; int op = OP_PCLID_BLOB; size_t output_len; + dma_addr_t dma_blk; u32 *desc; int ret; + int hwbk_caam_ovhd = 0; + + if (info->output_len < info->input_len + CAAM_BLOB_OVERHEAD) + return -EINVAL; if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) return -EINVAL; @@ -87,6 +97,21 @@ int caam_encap_blob(struct caam_blob_priv *priv, op |= OP_TYPE_ENCAP_PROTOCOL; output_len = info->input_len + CAAM_BLOB_OVERHEAD; + if (info->is_hw_bound == 1) { + op |= OP_PCL_BLOB_BLACK; + if (priv->hbk_flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) { + op |= OP_PCL_BLOB_EKT; + hwbk_caam_ovhd = CCM_OVERHEAD; + } + + if ((info->input_len + hwbk_caam_ovhd) > MAX_KEY_SIZE) + return -EINVAL; + + set_hbk_info(info->hbk_info, + priv->hbk_flags, + info->input_len); + } + desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); if (!desc) return -ENOMEM; @@ -99,12 +124,26 @@ int caam_encap_blob(struct caam_blob_priv *priv, goto out_free; } + if (info->is_hw_bound == 1) { + dma_blk = dma_map_single(jrdev, info->input, + info->input_len + hwbk_caam_ovhd, + DMA_FROM_DEVICE); + if (dma_mapping_error(jrdev, dma_out)) { + dev_err(jrdev, "unable to map output DMA buffer\n"); + ret = -ENOMEM; + goto out_unmap_in; + } + } + dma_out = dma_map_single(jrdev, info->output, output_len, DMA_FROM_DEVICE); if (dma_mapping_error(jrdev, dma_out)) { dev_err(jrdev, "unable to map output DMA buffer\n"); ret = -ENOMEM; - goto out_unmap_in; + if (info->is_hw_bound == 1) + goto out_unmap_blk; + else + goto out_unmap_in; } /* @@ -116,15 +155,40 @@ int caam_encap_blob(struct caam_blob_priv *priv, */ init_job_desc(desc, 0); + + if (info->is_hw_bound == 1) { + /*!1. key command used to load class 1 key register + * from input plain key. + */ + append_key(desc, dma_in, info->input_len, + CLASS_1 | KEY_DEST_CLASS_REG); + + /*!2. Fifostore to store black key from class 1 key register. */ + append_fifo_store(desc, dma_blk, info->input_len, + LDST_CLASS_1_CCB | FIFOST_TYPE_KEY_CCM_JKEK); + + append_jump(desc, JUMP_COND_NOP | 1); + } + /*!3. Load class 2 key with key modifier. */ append_key_as_imm(desc, info->key_mod, info->key_mod_len, info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG); - append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); + + /*!4. SEQ IN PTR Command. */ + if (info->is_hw_bound == 1) { + append_seq_in_ptr_intlen(desc, dma_blk, info->input_len, 0); + } else { + append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); + } + + /*!5. SEQ OUT PTR Command. */ append_seq_out_ptr_intlen(desc, dma_out, output_len, 0); + + /*!6. BlackBlob encapsulation PROTOCOL Command. */ append_operation(desc, op); print_hex_dump_debug("data@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 1, info->input, - info->input_len, false); + info->input_len + hwbk_caam_ovhd, false); print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 1, desc, desc_bytes(desc), false); @@ -140,11 +204,15 @@ int caam_encap_blob(struct caam_blob_priv *priv, DUMP_PREFIX_ADDRESS, 16, 1, info->output, output_len, false); } - - if (ret == 0) + if (ret == 0) { + info->input_len += hwbk_caam_ovhd; info->output_len = output_len; - + } dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE); +out_unmap_blk: + if (info->is_hw_bound == 1) { + dma_unmap_single(jrdev, dma_blk, info->input_len, DMA_TO_DEVICE); + } out_unmap_in: dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE); out_free: @@ -170,15 +238,35 @@ int caam_decap_blob(struct caam_blob_priv *priv, struct device *jrdev = &priv->jrdev; dma_addr_t dma_in, dma_out; int op = OP_PCLID_BLOB; - size_t output_len; u32 *desc; int ret; + int hwbk_caam_ovhd = 0; + + if (info->input_len < CAAM_BLOB_OVERHEAD) + return -EINVAL; if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) return -EINVAL; op |= OP_TYPE_DECAP_PROTOCOL; - output_len = info->input_len - CAAM_BLOB_OVERHEAD; + info->output_len = info->input_len - CAAM_BLOB_OVERHEAD; + + if (info->is_hw_bound == 1) { + op |= OP_PCL_BLOB_BLACK; + if (priv->hbk_flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) { + op |= OP_PCL_BLOB_EKT; + hwbk_caam_ovhd = CCM_OVERHEAD; + } + + if ((info->output_len + hwbk_caam_ovhd) > MAX_KEY_SIZE) + return -EINVAL; + + set_hbk_info(info->hbk_info, + priv->hbk_flags, + info->output_len); + + info->output_len += hwbk_caam_ovhd; + } desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); if (!desc) @@ -192,7 +280,7 @@ int caam_decap_blob(struct caam_blob_priv *priv, goto out_free; } - dma_out = dma_map_single(jrdev, info->output, output_len, + dma_out = dma_map_single(jrdev, info->output, info->output_len, DMA_FROM_DEVICE); if (dma_mapping_error(jrdev, dma_out)) { dev_err(jrdev, "unable to map output DMA buffer\n"); @@ -211,8 +299,8 @@ int caam_decap_blob(struct caam_blob_priv *priv, init_job_desc(desc, 0); append_key_as_imm(desc, info->key_mod, info->key_mod_len, info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG); - append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); - append_seq_out_ptr_intlen(desc, dma_out, output_len, 0); + append_seq_in_ptr(desc, dma_in, info->input_len, 0); + append_seq_out_ptr(desc, dma_out, info->output_len, 0); append_operation(desc, op); print_hex_dump_debug("data@"__stringify(__LINE__)": ", @@ -231,13 +319,10 @@ int caam_decap_blob(struct caam_blob_priv *priv, ret = testres.err; print_hex_dump_debug("output@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 1, info->output, - output_len, false); + info->output_len, false); } - if (ret == 0) - info->output_len = output_len; - - dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE); + dma_unmap_single(jrdev, dma_out, info->output_len, DMA_FROM_DEVICE); out_unmap_in: dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE); out_free: @@ -251,6 +336,7 @@ struct caam_blob_priv *caam_blob_gen_init(void) { struct caam_drv_private *ctrlpriv; struct device *jrdev; + struct caam_blob_priv *blob_priv; /* * caam_blob_gen_init() may expectedly fail with -ENODEV, e.g. when @@ -271,7 +357,10 @@ struct caam_blob_priv *caam_blob_gen_init(void) return ERR_PTR(-ENODEV); } - return container_of(jrdev, struct caam_blob_priv, jrdev); + blob_priv = container_of(jrdev, struct caam_blob_priv, jrdev); + blob_priv->hbk_flags = HWBK_FLAGS_CAAM_CCM_ALGO_MASK; + + return blob_priv; } EXPORT_SYMBOL(caam_blob_gen_init); diff --git a/drivers/crypto/caam/desc.h b/drivers/crypto/caam/desc.h index e13470901586..41b2d0226bdf 100644 --- a/drivers/crypto/caam/desc.h +++ b/drivers/crypto/caam/desc.h @@ -4,7 +4,7 @@ * Definitions to support CAAM descriptor instruction generation * * Copyright 2008-2011 Freescale Semiconductor, Inc. - * Copyright 2018 NXP + * Copyright 2018-2022 NXP */ #ifndef DESC_H @@ -403,6 +403,7 @@ #define FIFOST_TYPE_PKHA_N (0x08 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_PKHA_A (0x0c << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_PKHA_B (0x0d << FIFOST_TYPE_SHIFT) +#define FIFOST_TYPE_KEY_CCM_JKEK (0x14 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_AF_SBOX_JKEK (0x20 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_AF_SBOX_TKEK (0x21 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_PKHA_E_JKEK (0x22 << FIFOST_TYPE_SHIFT) @@ -1001,6 +1002,11 @@ #define OP_PCL_TLS12_AES_256_CBC_SHA384 0xff63 #define OP_PCL_TLS12_AES_256_CBC_SHA512 0xff65 +/* Blob protocol protinfo bits */ + +#define OP_PCL_BLOB_BLACK 0x0004 +#define OP_PCL_BLOB_EKT 0x0100 + /* For DTLS - OP_PCLID_DTLS */ #define OP_PCL_DTLS_AES_128_CBC_SHA 0x002f diff --git a/include/soc/fsl/caam-blob.h b/include/soc/fsl/caam-blob.h index de507e2a9555..8d9f6b209418 100644 --- a/include/soc/fsl/caam-blob.h +++ b/include/soc/fsl/caam-blob.h @@ -9,7 +9,19 @@ #include #include +#include +#define HWBK_FLAGS_CAAM_CCM_ALGO_MASK 0x01 + +/* + * CCM-Black Key will always be at least 12 bytes longer, + * since the encapsulation uses a 6-byte nonce and adds + * a 6-byte ICV. But first, the key is padded as necessary so + * that CCM-Black Key is a multiple of 8 bytes long. + */ +#define NONCE_SIZE 6 +#define ICV_SIZE 6 +#define CCM_OVERHEAD (NONCE_SIZE + ICV_SIZE) #define CAAM_BLOB_KEYMOD_LENGTH 16 #define CAAM_BLOB_OVERHEAD (32 + 16) #define CAAM_BLOB_MAX_LEN 4096 @@ -35,6 +47,9 @@ struct caam_blob_info { const void *key_mod; size_t key_mod_len; + + const char is_hw_bound; + struct hw_bound_key_info *hbk_info; }; /** diff --git a/security/keys/trusted-keys/trusted_caam.c b/security/keys/trusted-keys/trusted_caam.c index e3415c520c0a..60e50bed7014 100644 --- a/security/keys/trusted-keys/trusted_caam.c +++ b/security/keys/trusted-keys/trusted_caam.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2021 Pengutronix, Ahmad Fatoum + * Copyright 2022 NXP, Pankaj Gupta */ #include @@ -23,6 +24,7 @@ static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob) .input = p->key, .input_len = p->key_len, .output = p->blob, .output_len = MAX_BLOB_SIZE, .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, + .is_hw_bound = p->is_hw_bound, .hbk_info = &p->hbk_info, }; ret = caam_encap_blob(blobifier, &info); @@ -30,6 +32,10 @@ static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob) return ret; p->blob_len = info.output_len; + + if (p->is_hw_bound) + p->key_len = info.input_len; + return 0; } @@ -40,6 +46,7 @@ static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob) .input = p->blob, .input_len = p->blob_len, .output = p->key, .output_len = MAX_KEY_SIZE, .key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1, + .is_hw_bound = p->is_hw_bound, .hbk_info = &p->hbk_info, }; ret = caam_decap_blob(blobifier, &info); @@ -47,6 +54,7 @@ static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob) return ret; p->key_len = info.output_len; + return 0; } From patchwork Thu Oct 6 13:08:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13000204 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BF85C4321E for ; Thu, 6 Oct 2022 12:04:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231246AbiJFMEe (ORCPT ); Thu, 6 Oct 2022 08:04:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231348AbiJFMDy (ORCPT ); Thu, 6 Oct 2022 08:03:54 -0400 Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10045.outbound.protection.outlook.com [40.107.1.45]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 905579E0C7; Thu, 6 Oct 2022 05:03:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lPlBng2WZQqxefJhRJz7+QItTSBG/KcowWtMd2Y7hy68R5nnXc7zMqiThGuDq3Iw3FEmEPj6FMRnz5T370WeqWMM8TCGA+EOTq7wh8Rtp2MSjOtj5yiMrvZrgJsZgn/YQswxg9WdQJO51wm5GyX3XIaXpSAk5inHhADoadgv/B4wXNNhrG4wdQ8fG7dJ49JDEaTYyHc5q0R/flJgMpW7ZlfOV7ftfvVkMGZUyAXp2MY5lVompfqMN5q+sVHJ7J+RVrNVeay4T5FOYLc9IF/JDgrSmbV8jFZnNiOdb1jBooWEdbSjXS2UIP/0H6xoOLdmHMyRgSB/9s8Jckwg4RISvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=abrzySLGYv1kAIE1YJdlACStwhE+6xZ7E9VIa8YEbC8=; b=G/8DoJAtpfIi8KJ3noO3PaW8WrPZpQ5lxa1wqbu+3f5zvk5etcJUGnwyPgr+cCEjP1numjd8GM0an6FA1S2yXWjBFsU/N7L2VjbhbPsvDGBF3DMa91IAGvV7VB6aeL14/yupbg9UTkRKW68Pj8m+WHmMWZvJtvtdXYTHtZuKJXg3Gk51A/8HS6hy9O+bVEea24Ww7ZcB/12eOG++y6QRD0LYhoryYgBoiJY6AtaqPV11Vnq460Enm3GJBpcVqHakwzxLK84tZkFoLbHz2PhS/zxEFKpP6waULHTtkZoIWQB5oFG5Hu9gVYQ6hukYwVcJBXYVcgO/f+ffs32v4hcwvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=abrzySLGYv1kAIE1YJdlACStwhE+6xZ7E9VIa8YEbC8=; b=JZSow/LJjur7oaTNvM+OZGPawRAA3G5zsbYZvFWaifT6jnHM1tRG5JRLQ5xnjehSzIbh8fRON46e9k6GAFAAjfDb61FL3F2hdkwUF+8hDzFbzXaEjW74DcRI3OwJ18PXY6Wn9Nz4spexfkDTXUFXGuuqfrqex6kb5jzRYBgSWrI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AS8PR04MB8245.eurprd04.prod.outlook.com (2603:10a6:20b:3f9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.32; Thu, 6 Oct 2022 12:03:40 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:39 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 7/8] caam alg: symmetric key ciphers are updated Date: Thu, 6 Oct 2022 18:38:36 +0530 Message-Id: <20221006130837.17587-8-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AS8PR04MB8245:EE_ X-MS-Office365-Filtering-Correlation-Id: fe2ed52f-0116-4106-9f75-08daa792ce6d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +ubATF1gL5PHsp/korj2YvIDmsY5Hms97jtYrq2XvYuuoeUdsC4M0BsI6GdU8QRHKYD1hs92iP36J6P/j0dcJ6x+FyJ1ksNrHbA8DwM2MEp+xtqJ85bQzwxIqFZ9M3dInyRzMPLSGeC79X0tzsIttMCUnlVP4jvb+5r0JRb2oZShWQ4fdc7KOSzdAttFFEDXgYBYIK9GiMNyxOzYcg+JrzUFbf8NJmlgcA+iYdnhHaTkwg7l2jS++a0G3SUI/hG3xNFvfMnJBqeHMsqKLltgQm9eko0Uyyevol1cTpOJYCnJgccrANpt8GqCwXozoSD5mP91EES8kbsCvnSxzzbWzBzgdk5GqPkckeK/ANCzwMVQsFt1jInewRtKCRIesY5GpDWzjiiVbrjLHZ0OuIFTbcKOcTwNu4LUM18FbpDhEsqPiG9iqt8vJMmaAMeD8RSNa2Dhx3Gf5fMLfVnf4Z9fBkGV3optlKy6MT7ufWI1VfZhle46E6WBDk0FPhTai4B9GDZ/TBVXTgY8TWwSxvlx6YySS7bTLeVlKbcUK6RrrkNVhMkZ5p+WnxuHu26iHB8/5Kj6OQRfm9CHJKO1Nh/YlwzK6UMQPLV58xn+8Em4FUmv4T2Xv38l1q1VkOSHFB6Tsp7VbYc/a83TRzqlti0qVVh9/OZO26aAcYkFgUjZkLoblGH99UvzQE3NQAQmCBLjbh8hSNjBsGwDLrbsmbHtpVoD6wGv0SuG2lU1WWQ/Q6LPqNnssp3bvKTgfmJKCgwSNIq33hWGyM2HIf4U+Z2aLTIEm2T6bSkFD0yI5Yw6Kj8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(39860400002)(136003)(346002)(366004)(396003)(451199015)(2616005)(186003)(83380400001)(1076003)(38100700002)(7416002)(38350700002)(921005)(5660300002)(44832011)(2906002)(8936002)(6666004)(6506007)(52116002)(6486002)(6512007)(41300700001)(478600001)(26005)(6636002)(8676002)(66476007)(66946007)(4326008)(66556008)(316002)(36756003)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 73J6pQy6xdyu35ICGhE9hKqvuA2x1ai2TxRtGivZzeK85xQ4ZwtrDWc0LNRaK/i09E4/7jJBt58g3DfCZkgfae85Coc+Mf7XP3Y4+ovvm/2JUfZiyzZ3bvyLRw/sE+LHwJWWAw5obn3sMl0ZqjADfNKgJyzCDU6Nqlj1VPrGvRxPBytX1IJypPKgcd/OE9mimP7pwB5T3dWYYmPegk22IkuiCTAaPoU8rZ1LPLmUdZHAyi+89QukmvF39LhV5//1BpbFBB4S4v5Kvsq1Qr44ebaycXEE/7psPYwC5wLQUBGXCSV7RKCXYDjVP10AgFadpCj0yiPvIFzRDnvm52fhvA2Xp0plmmpuncHQtnAM24Kf78kVhEzIAhITzgGrV5KhEBaLGnEd6ceWZMhuLr3g13xQvdXSs2WHIxH3Zd9C3/kOD7oNWu8mcAMZOMMUpsM+Y38+/JVamBNrljjUXRmV562uokhR2ahZbgIcmBZYLgt73u4ACbypHgvKd1nNAhpmwkFSuyF26A3lrCNpdrrgi4AXCAT/xG3ZBhxcNKGbDF9yJR/uG1wL0nw/ifl1JZqkgN2t5/y/e8pCdUV0FDSc+e3zBPgsltmkdsfnXScvSaFhQVh7w25w7O8LjYLOXttWSxwAoQwdC80WjbGKG+dbqXgPTdjCoTkRgYAZ3Y7T788KItGWUaijHmjz6evAM6r5xiTYnQtC3tMnDdUh21ZiGynyqZEEBOgoGrdiGwjEmfDcKhH+deWJDnKYRu78ch/sydkNFpFCSwiqw13ystg+/JFSNjR662mzmuegN0YFgpEUJ6VaPvNh/Ko9vPmCOn3x9zXP6UYEGYoF7d1kdLAlDs4sthkL7iRj1mZm5pLuulpDh56cjBjHjwJL1FamNEHP23yhm1XDmoEmrejElndVM0/Sd7Qa09vFWPJnqrviwer/Y6HMYuccTREqP5fokaRxivCAyUZpkkOpsNR/f+CwnGUY+1FsgJ9ESYx1FIcKiKZ2wSDAy3ywTrYNgfc0+U/ceRGKOhmdF6pZPHlr56TTvPFcANaB5pvgXJPQ2vR/d3KAbpnsxzmcQxFO+ySh6C6Zu8sQ+JssB4OB4hBDj6GLqaLR9WVhR3NsbfcmVVkpZN0ppSU5W63TdXOPmtjcjoSaOIdZkEvSg38wRT3wzjwDZq+MGwPsr3naJljUFEdpKloTrnesJFkqLiIAfpufX01vDXvAxLff5A7dtV/mPZNHpyTBpW2S30KtH71iq4Wv1kEWlb2dGBqwBJdR3SMmqMa053niGkvoTg9f9jAkoLXo8hyIr6//SoGdQwXNfOw4egVxE6gl0Tiv30/auPAFfeimKHPmVLfUYw4b36L5Ek9FuhKcFAKrdXbMOpYawC2d8a5tOVikqxo9soqhTB1ktwcw3iSN+Vdh8BstJXpY5w/3N5yxsCBSJyffaCrnfiCurm+5Kjpnjv1eHI757hA+XdEZ0VU5P0CFzmD5JpODjQBVm89DOQ3yZEamoQOdafjRovS5erK5lxvAh37GymZd1UFKzpu2pL3EkBV1FzHCd/zlbA5K44+sjI0eNJEI2INkUTqAHOiDTERsSarLFumeUHTE X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: fe2ed52f-0116-4106-9f75-08daa792ce6d X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:39.9044 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: E9sa35q6M57VoYirpEfE65TXhQdgOFyx1xU8dUyM/afG5SkPFsBv3TrGE3cDuHlG9fe/aXKMhxSnuC5zKsTBKQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8245 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Changes to enable: - To work both with black key and plain key. - It is supported in context of trusted key only. - as meta-data is added as part of trusted key generation. - otherwise, work as previously. Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/caamalg.c | 43 ++++++++++++++++++++++++++++-- drivers/crypto/caam/caamalg_desc.c | 8 +++--- drivers/crypto/caam/desc_constr.h | 6 ++++- 3 files changed, 51 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index d3d8bb0a6990..94e971297a9d 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -3,7 +3,7 @@ * caam - Freescale FSL CAAM support for crypto API * * Copyright 2008-2011 Freescale Semiconductor, Inc. - * Copyright 2016-2019 NXP + * Copyright 2016-2022 NXP * * Based on talitos crypto API driver. * @@ -59,6 +59,8 @@ #include #include #include +#include +#include /* * crypto alg @@ -741,9 +743,25 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, print_hex_dump_debug("key in @"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); + /* Here keylen is actual key length */ ctx->cdata.keylen = keylen; ctx->cdata.key_virt = key; ctx->cdata.key_inline = true; + /* Here real key len is plain key length */ + ctx->cdata.key_real_len = keylen; + ctx->cdata.key_cmd_opt = 0; + + /* check if the key is HBK */ + if (skcipher->base.is_hbk) { + ctx->cdata.key_cmd_opt |= KEY_ENC; + + /* check if the HBK is CCM key */ + if (skcipher->base.hbk_info.flags + & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) + ctx->cdata.key_cmd_opt |= KEY_EKT; + + ctx->cdata.key_real_len = skcipher->base.hbk_info.key_sz; + } /* skcipher_encrypt shared descriptor */ desc = ctx->sh_desc_enc; @@ -762,12 +780,33 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, return 0; } +static int caam_hbk_check_keylen(struct hw_bound_key_info *hbk_info, + unsigned int keylen) +{ + u32 overhead = 0; + + if (hbk_info->flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) + overhead += CCM_OVERHEAD; + + /* deduce the hb_key_len, by adding plain-key len + * and encryption overhead. + */ + if (keylen != (hbk_info->key_sz + overhead)) + return -EINVAL; + + return aes_check_keylen(hbk_info->key_sz); +} + static int aes_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, unsigned int keylen) { int err; - err = aes_check_keylen(keylen); + if (skcipher->base.is_hbk) + err = caam_hbk_check_keylen(&(skcipher->base.hbk_info), keylen); + else + err = aes_check_keylen(keylen); + if (err) return err; diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c index 7571e1ac913b..784acae8c9b7 100644 --- a/drivers/crypto/caam/caamalg_desc.c +++ b/drivers/crypto/caam/caamalg_desc.c @@ -2,7 +2,7 @@ /* * Shared descriptors for aead, skcipher algorithms * - * Copyright 2016-2019 NXP + * Copyright 2016-2022 NXP */ #include "compat.h" @@ -1391,7 +1391,8 @@ void cnstr_shdsc_skcipher_encap(u32 * const desc, struct alginfo *cdata, /* Load class1 key only */ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, - cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG + | cdata->key_cmd_opt); /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { @@ -1466,7 +1467,8 @@ void cnstr_shdsc_skcipher_decap(u32 * const desc, struct alginfo *cdata, /* Load class1 key only */ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, - cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG + | cdata->key_cmd_opt); /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { diff --git a/drivers/crypto/caam/desc_constr.h b/drivers/crypto/caam/desc_constr.h index 62ce6421bb3f..d652bdbf3f91 100644 --- a/drivers/crypto/caam/desc_constr.h +++ b/drivers/crypto/caam/desc_constr.h @@ -3,7 +3,7 @@ * caam descriptor construction helper functions * * Copyright 2008-2012 Freescale Semiconductor, Inc. - * Copyright 2019 NXP + * Copyright 2019-2022 NXP */ #ifndef DESC_CONSTR_H @@ -500,6 +500,8 @@ do { \ * @key_virt: virtual address where algorithm key resides * @key_inline: true - key can be inlined in the descriptor; false - key is * referenced by the descriptor + * @key_real_len: size of the key to be loaded by the CAAM + * @key_cmd_opt: optional parameters for KEY command */ struct alginfo { u32 algtype; @@ -508,6 +510,8 @@ struct alginfo { dma_addr_t key_dma; const void *key_virt; bool key_inline; + u32 key_real_len; + u32 key_cmd_opt; }; /** From patchwork Thu Oct 6 13:08:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pankaj Gupta X-Patchwork-Id: 13000205 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31D68C43217 for ; Thu, 6 Oct 2022 12:05:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231362AbiJFMFR (ORCPT ); Thu, 6 Oct 2022 08:05:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230225AbiJFMD6 (ORCPT ); Thu, 6 Oct 2022 08:03:58 -0400 Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10049.outbound.protection.outlook.com [40.107.1.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 158E49DFA8; Thu, 6 Oct 2022 05:03:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bIKhDFcdjxbYcM4HZCg9yRUru0yqJdZkHLAc4QASjnBbeB5dJ+Dip4n8oMDkSEWLdEhVXch0hHwLDvwBUOzLWDiQzyjrjByItTxjoV4eOedK71rOp2E6LHRMjlJz5zHRFJ+X9frg7yVO6gIe4HoWrlx1I6NmnVBci5yuvYA3vitoL0rwgXxrT6Q7XW5cLe9RbiKPH6e73w3cylVXBiYwdbmlS+JCGW2xIpgWvAo52/b7eHQXWsKRYYA3BELUCKrYzLAuJKlp7w2AlS3hYJnSqyu93+hQZHP8sUoTy40mfL93BjsSgYhaUqBBUqLrA0NJ+XhmdFrP2OJww2Ef+cv9EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zJHKE1DoG8ShMStm76AC3w1I6ls2KmauOqjww3i9/Iw=; b=RWoFi0U0uNApGhCHkaYFmsqOm1I1CA3M87k9u6KbaHdsca66j6XZ94KMVDZmEF70AoYkPZiZsYJ/kCiHjs4vLK0gh0r983zzAtZk9X2tkwA6Eeh0oZ/WEspaNMoAp4d610fw3PQ6+ayHmChTGUz3BOl22s9+s1/N8OcLFY0x+y/pxupHmbwpfST4XTf3AtQXAqAh8OJJi3/xfDsRnG3P+WflQAq+0GW2k4c1FMHThy3SaFDLjJxbFGn8Hwkgy08FDZh3o9XbvOUKDgxxdzx9nLBbetroV7GDZZSbAwPxaMSeY8YUSvULqt4xpSaM555kPLPZ7ITeqNq6NEuLFBEbVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zJHKE1DoG8ShMStm76AC3w1I6ls2KmauOqjww3i9/Iw=; b=E2NtCIQr+xLH/u1e4l9FfoO+kgtZGaadDhnJ0SOX5pzyYL46AawYhdFe/HJPFCNZamRhcIcfuIlEKCm1PF50S58y9kvt2B2xpwcrWJiSjKK0i2krEO4EVkrRo8Cc2hNJPBNPxG8Xp636N3Kq+kdRExSIVL2R8jIX+KU1FHKjmG8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AS8PR04MB8245.eurprd04.prod.outlook.com (2603:10a6:20b:3f9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.32; Thu, 6 Oct 2022 12:03:47 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:47 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 8/8] dm-crypt: consumer-app setting the flag-is_hbk Date: Thu, 6 Oct 2022 18:38:37 +0530 Message-Id: <20221006130837.17587-9-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AS8PR04MB8245:EE_ X-MS-Office365-Filtering-Correlation-Id: 85020fc1-a3f5-41d3-4e90-08daa792d30e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: E1LcyNylw7fekofHUsQbu62g2DZE0H1l5k6FZtNAKWoEh3Jb5BWerTPgalhPIyTe2iLMuiGy3z39rHl9estqjbfXC+F+eLahPZQWswMaob8F3LPKiGtOTA2asDke26wzNl30h9tQi7ObshxVkCbuGOlmYxyMpcgHnasXPRnngI+6+ICj7W+KIMT6nEBHBDvrgyPfVsTpqi/BmVinJ5w+PHN358/likvqyxay72RE7D/L8y3yAn/dlMqPO4CSYEtp96sYKG+yQiIh1tXGB8roUB4wRnrwsSgpJcCW7RwGAKsw13jQDhB01iOsKaaGmlnSR4mN0mNy540VHVYCV6jfDw8iPXnmBga+3iUwgQ5FzBfEZZ1ZqRqgz3NZEo46S6+/3wg8w8Q3fwnVELeJte4Ljf5HIFmL+nBZgZFBAtQ4NyMTeGI0FxLhczWuwQ3ERVlAmKjUuu6IMIcEQGiUXNeoBr67wsfgdpQqe/plA+jNQOkQ/aFabdlJmIEcDtQuHFdY8SGwtbwmZgeWtiFmGc25uGkT0o5yRsEA3DdVDX4hJJ6e6cxmShwoXXrcbFpwCGJwu8xIvMDxMiadGxH18w5uy4y5rkGzMngjN2i52KKjxyohpkpC8yZBA7D6472PKOHxTQ23NqAK1TDvpMCbNQ03hAY0dPq3sBDY2B/H2uZXu0Y2j15LqkW4jS6UcV8UymdW0I8BSyDHoJOBCwoFZhHYYH9pxJuij8X9j5JQSEiRgE1EIOo/cA1RyOVsSdbt065hrpSgHxK5YrnCd6cz4+/rA1FCbDjYUNJleQ3VDHy576spofbknHyw/KAizQHikPPs X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(39860400002)(136003)(346002)(366004)(396003)(451199015)(2616005)(186003)(83380400001)(1076003)(38100700002)(7416002)(38350700002)(921005)(5660300002)(44832011)(2906002)(8936002)(6666004)(6506007)(52116002)(6486002)(6512007)(41300700001)(478600001)(26005)(6636002)(8676002)(66476007)(66946007)(4326008)(66556008)(316002)(36756003)(86362001)(21314003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: cK3A61X15SvmEobr+R+H8VQcxWdjJaV0MYfdMmfF7nua+5B4tpfAcPKAPDzapfv+VxXF7LVwlWTXK17sdx/GxbE9/9LMo91ntnH8Yc4rxndsuV1ryhqe4wVBNa/igHz2YW1Q+QStKLbRpcctY/UJUft/x32521w+hKgZriZwRI/IuM0CPu90wLLF83mQHs5wNDofik0c9ViLhXh9/sppxTopEJP+RPf0pFrmPwB1v0pwz5uGdQ7zIUb5u7rCKLDAi2qwfjeku9PuCVqC728Db6BgWl/1DaOO3HwFpJa5IJOJoUAUaX5Q91z6ERLkNsM6VSQ16zK1BchsTJE7k2erTWMt2O4XsGCnBz/n1njmLBGmosn3HLLbkIW+DF8eFw+PdEH1CWsKu9R96MYXsQqQwqX/ZfXX9zLCDDo1janvK4MRkW7GRdXL58w2oBBLKOHo43Df4nLautxyQ2Dpc0s8irWscmi3p+pPybH49Sw2q+zrYQjsbDvyRdrwsBo7OW3O26dLlFTcRoOIHHB8n0WA6st+BQ2zggS3BN+laPUu+bqZZUu2Z+B7gBKRwek9au1Jo0EE8/hbEqHeQcUUIUqoJ0OTP88pizX+jApmUh7DkuxpzVcHTAZ4v1QGk1HMP2+O1Uy3RxluYJiYIkMp+1Y85YyPovZ6SWYOzgjnD0JpBlcwYZbk7mltnC4Cf3Aa1+0Xi7uplTQtwi82ouV5At/F7nwzS0YZqmhe9UI7h80TLltvLkQARmIYdyZ+GmSCGBp3Q6nV6wEOugKvRXcXbKSnTAKVm+dd5RP22HmZ+ek/kEeku5E9C0KaKxQcLHmsAunLw0n6gd6geVwUVHuDjYS2DH3O4oca/+VHOXr+iXwSFqscFRiRAhIjLI4JZhOKs8PJtISZPOQsGiUWOjMpj9gMBoUZ0u+6a2xDz8IjO3mOp9tmAHjkT4jaeWProUcRQ5wzmFI6k5lt4eUbLQkgLVKmsqYQdKf8IHlemqz9zSzbWPA+lx3qOVg1FIg5ReoU3TBSa1UhQ9RdrpeRilRG62WYVcwNdV9PHrjjZMRCoBe91YNLAkNFWxGEzCE7eZXPGu2wn4xF0lUKiJh9fTVIFXwPjt4SwsvS62uSxFo2/hMM2y7N/19hq10rPhNfxlGvxEbfjCBNriKoUOCFVW6mSX1mmVduS5PWZRsY6TvVOHHo1nlIiD+jdTC1w3ovFHsmc7pCL/NJvd+6s5zuM0bFsEMLEX9GDmrffmRdLzNiH4yfz6v2vlGVfE6f5OcxAydGMd901pi3KQ4qGLkqsgp1ENFdn5kKVQnD1uV5sjKMgyNZVTgttCksqNanaqbi24ToIWBVgYxH6avHHUlQ1RYuqbD5Df7vHqhUhbxAfOBJKMuqTNwcWchZPurEBBRi6W0stZXnWqQBl0jH8fm4LsgCPHCzQOP3R9ByGsmFAfJxwj6Wr6DUvGBUgFfCIju5jeViYIZ3RXoe3T7HZxANBsU+Az/RUZW2vFqhwK7y418qUB6tqjNMO4cpxFlcxwBXp/knUBpbe3YuJExeBMrQmFJzxh6c0x+z3Tl8yNk7HPut6Pgvg6/PSkBmdbVOta8xYboER4wA X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 85020fc1-a3f5-41d3-4e90-08daa792d30e X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:47.7464 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: noNZ/HZSnaYX+SLssiqhN3yULnVd9dy0eTPuDiqb/aPJDQBLJ9+vwuNeAnHC3Xfg3AdWWOIYeGAHFqXJblhgUw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8245 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Consumer application: - Adding a flag 'is_hbk', in its "struct crypto_config". - After fetching the keys, it is setting the above mentioned flag, based on the key fetched. -- Note: Supported for trusted keys only. - After allocating the tfm, and before calling crypto_xxx_setkey(), setting the: -- tfm flag 'is_hbk': cc->cipher_tfm.tfms[i]->base.is_hbk = cc->is_hbk; -- tfm hbk_info, if cc->is_hbk, is non-zero. Note: HBK Supported for symmetric-key ciphers only. Signed-off-by: Pankaj Gupta --- drivers/md/dm-crypt.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 159c6806c19b..d28c4af2904e 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -221,6 +221,8 @@ struct crypt_config { struct mutex bio_alloc_lock; u8 *authenc_key; /* space for keys in authenc() format (if used) */ + unsigned int is_hbk; + struct hw_bound_key_info hbk_info; u8 key[]; }; @@ -2397,10 +2399,16 @@ static int crypt_setkey(struct crypt_config *cc) r = crypto_aead_setkey(cc->cipher_tfm.tfms_aead[i], cc->key + (i * subkey_size), subkey_size); - else + else { + cc->cipher_tfm.tfms[i]->base.is_hbk = cc->is_hbk; + if (cc->is_hbk) + memcpy(&(cc->cipher_tfm.tfms[i]->base.hbk_info), + &(cc->hbk_info), + sizeof(struct hw_bound_key_info)); r = crypto_skcipher_setkey(cc->cipher_tfm.tfms[i], cc->key + (i * subkey_size), subkey_size); + } if (r) err = r; } @@ -2461,9 +2469,11 @@ static int set_key_trusted(struct crypt_config *cc, struct key *key) if (!tkp) return -EKEYREVOKED; + cc->is_hbk = tkp->is_hw_bound; if (cc->key_size != tkp->key_len) return -EINVAL; + memcpy(&(cc->hbk_info), &(tkp->hbk_info), sizeof(struct hw_bound_key_info)); memcpy(cc->key, tkp->key, cc->key_size); return 0;