From nobody Tue Dec 16 10:48:59 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67EBDC433FE for ; Thu, 6 Oct 2022 12:03:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230246AbiJFMDK (ORCPT ); Thu, 6 Oct 2022 08:03:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36206 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230294AbiJFMDC (ORCPT ); Thu, 6 Oct 2022 08:03:02 -0400 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80049.outbound.protection.outlook.com [40.107.8.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 845809DF97; Thu, 6 Oct 2022 05:02:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ORWMUU1LIKiwz1S1CVF9IIRa+cP/blr4ZsiVYfgGU7ERXOMWmU4d4GHzFvm8n3Hu+gMhb5A5XkpQMHXf/XMR6GzWHSgqkeauHAPJSSNK96jO99pi8+hxFCnOTWDWaouKI7jS4N4y8kRikahgvDax/gaVthqTuTVlzojwlYDbQIZzGOOY2veb0Q7gCAHdvYlN6h6pnl0gS8IlQxyF4hwDyeJOVyt+c9JUed+SSegybaD7/f9i6eLCikP2GZh6JnTfEMDZfXNrd4KgpYQYDoQDHk6UoEVaV9/SIL606M2ZiAyc8jM9QtdhZ3q6MPgPZqO0awaiHHeYhxtAPOwYrYH33Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ut6SQk9xGws8OY0mrSJBJ4KVW4Sj21Bmvp4J0BHJjxw=; b=IOzHhnK1dBuLTjb2XJylICn3kNYbbwxiKdCumoZR0Mx6Q2H/DTXzzuuXCMjlK7otVj1IMbkqH5TMDbmXSCtSvrsdfuWVvKy2CJLHhSl7PWJQrCdEMvYtBw3MMA5i1p0sAJmBuPXGLOLv2JLTRMfDB/k9NR5uNtxrfmYurIUvc5MflUgPE8CUY/267jl/J12ImS6OiaoakytPYEKNRJMQTooMhTbWQmqgMLX96sS+42kotjmDu2qY/8aix/99fL+HGagGLoEgRwpGu1y7JMvOwjarn4g0dJF+iC3Tqx9ideLuOUdd/6BCfu1NfWOMsOpYCoxUv2LIyN/m89mDdGhKVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ut6SQk9xGws8OY0mrSJBJ4KVW4Sj21Bmvp4J0BHJjxw=; b=DBW7lCW/FpX5LAwAdKNsqDx5f63fLV9MPJQVBwRoeF5Oh02Kq2gp4E1aKhpWL3bge7JRXHj20KbqXGarUL6Fg7mrpCwEya5gDBb9vugqPVbOw/x270jBz72mn8qcTgH6dWFF4tunPwG4vZu8NdjpsrqeOawPkzrla4/6tEoRv8Y= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM9PR04MB8523.eurprd04.prod.outlook.com (2603:10a6:20b:432::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:02:53 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:02:53 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 1/8] hw-bound-key: introducing the generic structure Date: Thu, 6 Oct 2022 18:38:30 +0530 Message-Id: <20221006130837.17587-2-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AM9PR04MB8523:EE_ X-MS-Office365-Filtering-Correlation-Id: 0c565679-3cfb-435b-b069-08daa792b29a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mNv9UzIo114sYH77KTJWvFAuYM32i8LYQbWbINOHqPRbkPBqpxaEje0ojYhjx3k75yM4ejj0ot+TjhYKD9XO7OBXPAhz7Xzdj1kbRJjMFnS6enVeCr28PIh71/mujaZmFCnQ691getwCegEKvsXIknjK2L0JZ1g5te7VUhciIS/UEq6z1W921jOO7P63xRt7rjgXY42S3P+wH3WCKoxjTekp1aytSG7MAwBcxVcZurxXPtobdzHKQpR0HZrqdWzbMAEyvAXcDB18LhBHRRDE4cxwuiuWMO2XFK05ux3wguUmw/TpnQN5ftWakKCcoFXaY5ni68WaDDxOjmuoo118aUftAtqlZXICXnJZzVVzl740FSyjvLOcXuREs7eQka4Vj1mm7xLmcZ+a3/iyKERQWwTs/JENZlFcGrBgkkvm6FroRFN1qO0RVQyaRZjH1qACCzYS1NSGI8Tx3NpewE4/IQlLubchi/fB+hrt0NCVVV2OH8ry2S3taPOTqAHNm6O2yKv+kMuhaPhDjeXlb+v4q5IRMvfjVFT7wBFK+Z8XWg0+3GdrV/E9vLatA4al3FnijbOic0iNsWXyeP81Ck5FfCVbBNIYgBKITX9S/cakQGOQpzkXOG9g/1SsgiYz7AzlLXEh3QroZNRYd+jBu0scarEvSu8qtGKAEJg7aFwbQVaqKJtrwhrElozWDiFvO5bjt0zAsxhPKw5sn9mAww1cBq95V8svSlVKS84+6hk/F+ztWDcbNeeGvFx6lcKPg1b8HWtXCJAhqsN+q9IxO4Flp7m5TekbPgUs5Znmyq8Hx0639Hp4uOzjgcTOAGuaScOu X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(451199015)(66946007)(66556008)(4326008)(66476007)(8676002)(38350700002)(38100700002)(478600001)(83380400001)(1076003)(36756003)(41300700001)(2616005)(186003)(6486002)(316002)(6636002)(52116002)(6506007)(6512007)(86362001)(921005)(6666004)(26005)(2906002)(44832011)(5660300002)(7416002)(8936002)(41533002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?SHPknXPj6uzVPoUCnipRx5wXuFWNjABISF61Htf4uJunLoC/eK86Ygq4Xw86?= =?us-ascii?Q?dzeK+7ye8MJGaayKG6GCNxYaUiJsoMPAIvFV/LLbuUCWu9i5ru6sdLK9FyQE?= =?us-ascii?Q?93MPX18XJULSvqD6IJAaguQ2oFpq7bD/ex08UliUP+DfL0WGGPC3hMbwmmTB?= =?us-ascii?Q?RK6fVwXxbk/+o2ju7sHydTQyEUsDyOp2OZLdXsVO4NcSfex7N2YHzGZ4Xjp0?= =?us-ascii?Q?BrcRUuuQ3RTYXhsDdZYkEqci6j8RcZLN6g85FnFTweA6cn0mVxGiI0MppdjV?= =?us-ascii?Q?6axgnrqnggPpDETi7kxf9iNAphppMHUAEf8d9qWG/glI52mewJQQNGLVoRr2?= =?us-ascii?Q?dOToYt1Uqk0Si9nJFnboRZJZT0UtQQWWdYm62BtMuJQhck9bUBPlaLgwP/bQ?= =?us-ascii?Q?Jkl8U6q+2iiocWCm2fjNW1fzyDgkecAFR6rVv3QvBTdgDPoxcYpPcDP3Mf5/?= =?us-ascii?Q?D6o+S6GzDxmMwxGu9l32b49sbSPsBkldPpZg5hfprW1jgZgUCumndlzveDZV?= =?us-ascii?Q?2zy9NcRq93VJGy+LN5iqkoNEcBih55sAj15Mpy286GFtZdfVQdenEgWi64oj?= =?us-ascii?Q?sOk4FWVsgx9EcpexQe+ZjwewX6jsy2WSKfkXkCpq1HgOtkvs6F4tc9HHT1+E?= =?us-ascii?Q?m+sxAB1d/vuQz5ejMVnNoTp+i1zClYqD43Q7j0bxZeimfGabdeoagEF6GDQC?= =?us-ascii?Q?v1vLgBKh8o5rHZLfGyibkxOJqk6vZHGI3NwVhX+6vvpNhfPK3LWzxZvWVgBh?= =?us-ascii?Q?FIve6EpmOav0uL+gJNzVT2NTRaPyNJqdr+dHBTxx1QwzB1u/AmRAgMc3a/E0?= =?us-ascii?Q?HZggnBvlm2UHgyWtvmJ07KVWBzJY7ZPYHaITcUmteBgEAYt0x/esUHGQ0stw?= =?us-ascii?Q?y2QaCKeGx7uvjGTC9Az83uB4LoaiHEeMVUtbSrTbDL+S2HUPftVbVMZO1VXO?= =?us-ascii?Q?WusTuuAapedoYqV7ARPO90HcSjR9C9Pj4zAKDul0BVydzN/J2qDT6x4+bqhD?= =?us-ascii?Q?28jtV4K/SXy4BUYtRMoCBmgclU7Hc7AFp+tVkv2Jfo+D1sf/PG6jpE2EbctR?= =?us-ascii?Q?wpc5Si7wuJRDbBhH016o2UB68kCmkdoMt9XGM0eBnrkubE8vdA71Agos8Onh?= =?us-ascii?Q?oUal9JI9wtQEdPfjzwM5ejAaeUegmwLjVEaMzXBVyQ/hooO1Z+KHAkN7ebTH?= =?us-ascii?Q?/Vx7CL2xfxjGjdzchXfLVlIE5UYiNmN8rLcBFicWq/sIjFOQAuvhIQd19Nxa?= =?us-ascii?Q?ohKSwNNVYhqBmhsauMPTsBj1rV9/CCotFQaWjiunLuCkOp8QopiojpuHgzIi?= =?us-ascii?Q?3Gh7oubVcehIy3TL2Uk5rLxBpdniQqjjEbk1yCgYJVOzp6rrEWoywIxjt8wb?= =?us-ascii?Q?Lg6vwG/twZe39oIuqnY/DIQnLbBim7aoVxGl5Qg1VAOtG2UC0ILotnrFNHuM?= =?us-ascii?Q?W+KwUeDvgjZCVoAt/xbPornV1L+JEhR5JZoSA51dLyX/91jsHOGU54QlzcL7?= =?us-ascii?Q?rQqW2iE9TxEPJv1vmfIqWrcQTM30JTN6rbevCOViRy3L9meZfZitWG+HPTzy?= =?us-ascii?Q?gqEPwLb4C30LwrKBbfiamOsYtHKJw9vuIf7bOwag?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0c565679-3cfb-435b-b069-08daa792b29a X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:02:53.3810 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2MCT56vIO50H/bjB+2j01nh49xrmRFovzdOUEmL9a6aLbcLC5pZl8Uc/CtRXUizEwEumrdi1Ce2qAHB2WvojKg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB8523 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Hardware bound keys buffer has additional information, that will be accessed using this new structure. structure members are: - flags, flags for hardware specific information. - key_sz, size of the plain key. Signed-off-by: Pankaj Gupta --- include/linux/hw_bound_key.h | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 include/linux/hw_bound_key.h diff --git a/include/linux/hw_bound_key.h b/include/linux/hw_bound_key.h new file mode 100644 index 000000000000..e7f152410438 --- /dev/null +++ b/include/linux/hw_bound_key.h @@ -0,0 +1,27 @@ +/* SPDX-License-Identifier: GPL-2.0-only + * + * Copyright 2022 NXP + * Author: Pankaj Gupta + */ + +#ifndef _HW_BOUND_KEY_H +#define _HW_BOUND_KEY_H + +#include "types.h" + +struct hw_bound_key_info { + /* Key types specific to the hw. [Implementation Defined] + */ + uint8_t flags; + uint8_t reserved; + /* Plain key size. + */ + uint16_t key_sz; +}; + +#define set_hbk_info(hbk_info, hw_flags, key_len) do {\ + hbk_info->flags =3D hw_flags;\ + hbk_info->key_sz =3D key_len;\ +} while (0) + +#endif /* _HW_BOUND_KEY_H */ --=20 2.17.1 From nobody Tue Dec 16 10:48:59 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 154D0C4332F for ; Thu, 6 Oct 2022 12:03:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230508AbiJFMD0 (ORCPT ); Thu, 6 Oct 2022 08:03:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230380AbiJFMDI (ORCPT ); Thu, 6 Oct 2022 08:03:08 -0400 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60059.outbound.protection.outlook.com [40.107.6.59]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9F099E0CE; Thu, 6 Oct 2022 05:03:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JUR9j58TsJ82bFO7+uDFXcf+kUWtvnM2532bv5RxAvtJ8SPU/Ct+D8GdVIrffKRDlQr/vFjwBLfrmjEvBpM+JBVyATPbd9xqA60VnKL8uxzOIc7nWskpQcMgbDGd4ivHhdJtshDGFHfxAKXSYHN+vlEPRc6WI7pLug6LRBxFMdwnYjMZmlSFdaUxc2x7CyLck786l0ox88tWIsOoavOMuamIEVVhVEaqt6G8mpeGKjdjDkrGeNMTLGdaMk8LVmRbs0wfL2PNTpX8xxNTaenNwfupituTc2AnQFtSgN6vRtVl1re4lHNTzZ3wM10T5rsyealMk6Vx1ydCYTvCQo7VuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9BIZeUlYTkkwEsnHPOV5W2MrbkHuv+NAMrifo5Urybs=; b=JQSz8osoave8WGdnInyi4QbdusQgOLpZtarVE3pGuIh/WUQD4S3l3PtyvdgnxFsMBtsbU0XiGy3JZDrMhHrZ/OeYFND8JzNXArBgv9IvHG8ph5URxTofLfvCB3EpeZ+3RXLZ3JnGpT+RUu7H4Rsp1BWgtJxgW/On7HcAVo4s5++JtBXfh/lnoWcWo8SoHCLOT0jaSOWRseo0DAYks8AMcatra9Dc0LLGRE/AVqy0S/cxdlTSGQPqEG7qKzRN6UkY/7qicDobtnir5FLgnINY8cncy1jnCiCWNZEmfd09OTqZsvw2hhcIXIaaKChkCzPrg44paJrYZ372ZFXR/u70Ow== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9BIZeUlYTkkwEsnHPOV5W2MrbkHuv+NAMrifo5Urybs=; b=bs3zfnttyTcJwElHwR1IHPFTY1cBwYQgtk9iM2/3MKJBbf4ldkC/pF5VZlrYRPReaoiVNBVo02cKGobeE2nMFx1V2dxKwPny9uoT3mZb/T/+GNJ0CVX79d52/1QlW9unCcCgGwxRiQHkNLALbUXiiKORQD6gQONNxjPhs5+LWg8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by VI1PR04MB7008.eurprd04.prod.outlook.com (2603:10a6:803:13b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:03:02 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:01 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 2/8] keys-trusted: new cmd line option added Date: Thu, 6 Oct 2022 18:38:31 +0530 Message-Id: <20221006130837.17587-3-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|VI1PR04MB7008:EE_ X-MS-Office365-Filtering-Correlation-Id: eafea71b-4dd8-47b3-44c2-08daa792b743 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: j3usDY2jeFFKX720x4didUtEzPGwwHbl5vtGZ8ZrEAObkDdjKkqzCf4KUBDP8KxD8y9PhnC1UXskkqdI+qeit2F9DYuY/+olVMDb4SOCcwrXKMS8ubfWcvlnYKVw1WXaPDijM1oJlkFNQ+iaOfAmm9Gp8jWfK27o/bpqt/YhdaBAH95Sh6qKdpeli2j+Y69RMMxjH7Ovk1R7VIz+LBQxSY26P1r7wBNu81guC0FGEsfeSnS8x23FI27oI2PxUKNFWmoXevsPAUlW2KSSVEFNBMiygfTxnvEMddNYVt9gMP+K56Mu+cFNLv23mRuBOCbTMjNFO2Ril9pp+ImkZkkjC0ZS6qK9Kgw6S4DShLhLkesm14fFPoxlQQ5qFe6BBaXFNsGgI46CUPkBVKLwIbDbmZ8Tr9SJX7AaN2tMMBn1NSAQYque40pka2xmVD3kyfedLpVW1LOdcOQ65Zbz6QOKk6YQJ2AsO0eehz1ZMnKv4uKwqEZvf3E5N6X3wP5lkl89Y9vKdy4p68b3t2LBxvD3k9CuqTv/Y17n1SjS5bYZ37Yw4UryxMRreDX+E3i4kzbeY07pYS05frRzNuAzRCZhx5LM8ULGYRexZ9OQf+JI755Av33DwNbGIHKhs+AQbG72flRysSav3E7FGI1hySyNzh+Akc3HpD2ZBb2ZYu8RaCV3mzbEoUd8i0DYBNwq1nprqhg7ifw2E53M6gd4esnDDlL6OB4ca23crpLDgBx8Ma9W+/llMENNKcYU+gd8fBr5pQj5seghLcH6BAZAuY5lc4cfwLikQ/9/FFeMBJkmc00= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(366004)(346002)(39860400002)(136003)(396003)(451199015)(2906002)(52116002)(26005)(6512007)(6666004)(7416002)(41300700001)(36756003)(478600001)(38350700002)(6486002)(38100700002)(86362001)(8936002)(5660300002)(921005)(2616005)(186003)(44832011)(1076003)(83380400001)(6506007)(316002)(66556008)(66946007)(66476007)(6636002)(4326008)(8676002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?hDN1w3Y6tDp6bCspK69IAi5ruQfq12nMAQ9UoXlNPoqLYF5wQHWvg8OkkOaz?= =?us-ascii?Q?9fkMr/nmft2oAOp3gFCYZnBAA2pgpHYOuoXkgrPAFLo+cwM+sHNMM8Ns7zcy?= =?us-ascii?Q?rZOh+bqYT7giIQ6E7mftV8PQUp5LrD88iuT9tTfZ+OOCmM97XPA2nEMI8DML?= =?us-ascii?Q?aDBP93DDL+pkOuEpHC4tMYwZVK6fqX7pqv1UHQUHG1+Tx6EC/DHhQgs4iQXx?= =?us-ascii?Q?2d+3vVmJ7dTLV+FqDYj9JQFt1ARltiuC0UaXjdr/IvPTe150Vx2o+6szjL0S?= =?us-ascii?Q?YrnNO3cpCvvVkh/L1OKZdk/r8jvpZ/fDtap0Z13wiH0oauDu/RzWCuNqceKU?= =?us-ascii?Q?Dhx1EPOEyBzZSvyhHlrTLfV6l6riOuKaRHWRta8zfdGd86W4F3mIOWo7vICB?= =?us-ascii?Q?c9IOiUqa6rAQOtiXwKsV2++4sUhzFeEPB8153S6ZMzsKKZRAFjWCzd2pWBv4?= =?us-ascii?Q?/Wa4LCf5PZ6nJtgZ13R0stLkpYsFVtAOUI2Hum1qwj3ItJIguNhk4Rx71IYB?= =?us-ascii?Q?XpL5FE/qlT6recLeAwentPsbjRC/Iy+J9JtCscnAfbo4pFLn41SYBNczN5ZJ?= =?us-ascii?Q?o1vr4Z1g4XksSteM/K0qqLppOSUN+LrlSWfDtreM6F463/FKMQx+DKfxSn3W?= =?us-ascii?Q?cYWv8VePBtPRsSyU+SuLMSMDQmNtQOXd+pxwoiY9sFoiGL9UyoxyqlHC2Xir?= =?us-ascii?Q?58HjfDC9MVAE1lquwmPYhIN7O9qaI1b+r6tStSLAuJmK13+eiyC5cUblOMGQ?= =?us-ascii?Q?tZ2J1+oGY2xyRwBKpoZAWuNLfUvGRxdFmgOE5SpEPtl+vew/lBpsf+Gj13fq?= =?us-ascii?Q?SF8oJdGmFGslLr9heN1YUgSHrAYQZNz9DQo5bgA5w5HBEp4TTSMn8sKOIU8c?= =?us-ascii?Q?t4J5vjq2heigYonZ0BVQSoHlVbLGi44lhHmqBim0+2P/F2zY3Ko+p5AMHkce?= =?us-ascii?Q?AhOivRswpGe5c816fHjAAK5QXKyX4V7yxbHdCMrNMWpZdVpk+jyjGwXGEg6D?= =?us-ascii?Q?zuXAJQbTGpwSAmMKOIWdP0fMcvfaufzGA3rAby+wi+KWWyH3pWwNBKUY7TEJ?= =?us-ascii?Q?q1GdigYui8ugPaJId1kV0Ehjl7IOLj5lOdTX0OeDakTg0GomLTXyFdNtydFB?= =?us-ascii?Q?G8X0fIORwbeZMG5jqXKJ5wJZTrufGFZhre7pIHb87sC1zSvG7288IAqZl6CQ?= =?us-ascii?Q?XEanYNeOe5uGzrqbAQMQUm7b+cWWmk8S5qigKJwdwbHD9zd9WH4T5OV46M+N?= =?us-ascii?Q?j6EyG7QXrm7YpbSP7WRHcuYK4OkyUgmxYMWB8luc39t7t07Z2aukFPo/HD9L?= =?us-ascii?Q?pbScvLQseQqsL271NqcB1aTu3fTpsda8V+NapYImxAuEJueWgWPAjpaniw2F?= =?us-ascii?Q?WMbhOUrWBvfMdg60SfVf/xoOi4+4GgSsAq6PFYOx37UlDhGQdd7Ppb+xYMR+?= =?us-ascii?Q?cY2ili0HJfJxmbA22WZKoId61VnqdwLTPFQwt2s/5WZ07+7R/Mj9eMbR0ZQg?= =?us-ascii?Q?rj0BKYoZwwRiYuy5ZVPB6kvTSrnnp96FLP5z2YHB+/6DWC7/MIsymttEb4Yk?= =?us-ascii?Q?ps+AOTbJ6cNUyIRCI/FDHrTokDvPYGPPy652F3hV?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: eafea71b-4dd8-47b3-44c2-08daa792b743 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:01.0080 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: n158RM4GMQUNY6f02H9Ga1Rg1K4IX2khJpaEMI4M42XwzElPHHYxxhkMOUL3sd1lwvaVW3+SQBHdpRAE//Gfww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7008 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Changes done: - new cmd line option "hw" needs to be suffix, to generate the hw bound key. for ex: $:> keyctl add trusted 'new 32 hw' @s $:> keyctl add trusted 'load $(cat ) hw' @s - Key-payload, is added with two more information element specific to HBK -- flag 'is_hw_bound' -- structure 'struct hw_bound_key_info hbk_info' Signed-off-by: Pankaj Gupta --- include/keys/trusted-type.h | 4 ++++ security/keys/trusted-keys/trusted_core.c | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index 4eb64548a74f..bf58a204a974 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -7,6 +7,7 @@ #ifndef _KEYS_TRUSTED_TYPE_H #define _KEYS_TRUSTED_TYPE_H =20 +#include #include #include #include @@ -22,6 +23,7 @@ #define MAX_BLOB_SIZE 512 #define MAX_PCRINFO_SIZE 64 #define MAX_DIGEST_SIZE 64 +#define HW_BOUND_KEY 1 =20 struct trusted_key_payload { struct rcu_head rcu; @@ -29,6 +31,8 @@ struct trusted_key_payload { unsigned int blob_len; unsigned char migratable; unsigned char old_format; + unsigned char is_hw_bound; + struct hw_bound_key_info hbk_info; unsigned char key[MAX_KEY_SIZE + 1]; unsigned char blob[MAX_BLOB_SIZE]; }; diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trus= ted-keys/trusted_core.c index c6fc50d67214..cb1d56397ed0 100644 --- a/security/keys/trusted-keys/trusted_core.c +++ b/security/keys/trusted-keys/trusted_core.c @@ -79,6 +79,8 @@ static int datablob_parse(char **datablob, struct trusted= _key_payload *p) int key_cmd; char *c; =20 + p->is_hw_bound =3D !HW_BOUND_KEY; + /* main command */ c =3D strsep(datablob, " \t"); if (!c) @@ -94,6 +96,13 @@ static int datablob_parse(char **datablob, struct truste= d_key_payload *p) if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE) return -EINVAL; p->key_len =3D keylen; + do { + /* Second argument onwards, + * determine if tied to HW */ + c =3D strsep(datablob, " \t"); + if ((c !=3D NULL) && (strcmp(c, "hw") =3D=3D 0)) + p->is_hw_bound =3D HW_BOUND_KEY; + } while (c !=3D NULL); ret =3D Opt_new; break; case Opt_load: @@ -107,6 +116,13 @@ static int datablob_parse(char **datablob, struct trus= ted_key_payload *p) ret =3D hex2bin(p->blob, c, p->blob_len); if (ret < 0) return -EINVAL; + do { + /* Second argument onwards, + * determine if tied to HW */ + c =3D strsep(datablob, " \t"); + if ((c !=3D NULL) && (strcmp(c, "hw") =3D=3D 0)) + p->is_hw_bound =3D HW_BOUND_KEY; + } while (c !=3D NULL); ret =3D Opt_load; break; case Opt_update: --=20 2.17.1 From nobody Tue Dec 16 10:48:59 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3063DC433FE for ; Thu, 6 Oct 2022 12:03:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231135AbiJFMDb (ORCPT ); Thu, 6 Oct 2022 08:03:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230403AbiJFMDO (ORCPT ); Thu, 6 Oct 2022 08:03:14 -0400 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80071.outbound.protection.outlook.com [40.107.8.71]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 337949DFB9; Thu, 6 Oct 2022 05:03:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IOgd4maMTke7LcGtf5zC0UO+59Ph/xQJvRS++IeZuoFqr6XnNgcC6Z8DUvAHMHcqW7Z15Z3vNITW1oZwx6gVNqkl+z4gvAOi/QCqFBszCOToiZpUZsiSv8yAuDu66wH5fnwvmFRDryd/H6X1g2/cgHkjnjRBLgiivJ/w534C6Xsxew9gm5PffaFd6zpXgSh47pOTVGM8IEVYAo0VA5uYUhe+w3auE3fzx/ZMypEieTa1/K/w/tB753twq/9Bpn9dqMIkdRSV2IAvjXQeXHezzkC9lZE+Pe9J8ofEB+qYZNL6e95I2XYnPfC+p20HxiVl9bkYs0lV0qMnkn1lE9fgRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BR0jgTDctb8AveoCnh5toL0VHmlthJ0oAPEakOL+or4=; b=n+nIA0tS/SHxeqLcsPgV2Y6UIAty3afPg+DCIhKpr/pL9cU9Pn8VXwkP0nfuz6jJsh61mzY2SJ/gU91okU2MLc/B+flI5NSzKZgatRTlskvchhJsnMwJI/OnptfSLGePp2n2NuMD2FwsE2RqRKEV89YsmgeCirHuUX+agZ6QCZ6ybkNL9cQlZkzYuMUB0Qrsjd1X6P1aVUokjDVi+OVhjdi+lrt/04rWbeD3kq953OuR/cH7kRpW0NmVk5VQJBVB77tRU6Upef3m3BpZT/kN7hfHQdbsmM7xTL+ZMLK5iL8bDymBT5PgAtU5cXKTjyBluOBJwRjQiR26C+goHdODnQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BR0jgTDctb8AveoCnh5toL0VHmlthJ0oAPEakOL+or4=; b=rjAlJ9PPT5NCy4+PrF6YeTSYyzheDgwGn/QGPVNg/do/6WGYxpk3vxCHjyqhKC5N3unBqiQNPO1ou1HdEZnOCbtIH4w2J4rI/ROh+HqQbUUGfrixm8YVEYBSMFKBOiNlOZ+SN75WzhbNRPZX74Kl1hhkOSWN3N1SEAW5pJTEU70= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM9PR04MB8523.eurprd04.prod.outlook.com (2603:10a6:20b:432::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:03:08 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:08 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm Date: Thu, 6 Oct 2022 18:38:32 +0530 Message-Id: <20221006130837.17587-4-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AM9PR04MB8523:EE_ X-MS-Office365-Filtering-Correlation-Id: 4d90a3e3-1ce6-4acc-07db-08daa792bbdc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rj6+BbjLUsqpxESgLHG3Ri1CuGmw8+YM9fllT8vhIoOY+MDDAWJ3J3tiW6QFkA40PvpGVEWOs397hDKpnwZoGqbTm619ZQUozIl54ss/NrkFwbOPnV/LTJllNssbpr6dyc01vkOIeVu5qel8Brvz14oYzpbZ5fvbczQGFjeRbnGn7gzYO4SZ4p1ABgfXVnMCPbgfU3u5/oqDupa+GpOIuq7CsvCdLNFPYGy44Iu63VIQTYKK6rq9/xPfntCB/8rRRVXzqdRFITXVRYQM7VryiY57bJmTqD8O+JTb8YnZ6eZXNMLcMKdnlpeiPSb7AqPnsmHBJQofE4DwtlWKg5QmPg+CwFueXC77YN8vJfu+U2o0x8ig8Q3LyIoa8fpUoyKPENcI3GTzsYFzrVy4NA/uQ0nWaJlrN5PJWF5h/gBVxnTIwh1P/1CcHBQcVQkzdiRyzQ1cqToA3i8kbOdIt8U1Ss8FvwuVjwj1vCab/Ikqc+Fq1/ccyjs0i7m+HDdT5X8Gyy2LXdV38pCZi9FSPes7XPg8WVea/0lp+1057iKt7kkkikp/jcLdR/jyoJJ3riSIfYQS0u/ndCHRA0IXUcCrDjcStnEGBTL79HdxExPCcmDo+5fCACqwVr2z/EMLiJNO5iljI9KMW852fHkWTDtqfIBvjd+ik9zs3v9IRTlYs6s9n6A9wHddAglBagll4Pgq5JUeuK4TVDjh8wg3A5LwZOGXxiKatfPWUFj99tHlwLI2bBDdmOdpt9oBRTI1sH3vapj8+g77OYIHtQTn4XJsQR6HhRuxdzQcgaVHh/vVqG3p7EC0IrU7VlZAjTs4vXEX X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(451199015)(66946007)(66556008)(4326008)(66476007)(8676002)(38350700002)(38100700002)(478600001)(1076003)(36756003)(41300700001)(2616005)(186003)(6486002)(316002)(6636002)(52116002)(6506007)(6512007)(86362001)(921005)(6666004)(26005)(2906002)(44832011)(5660300002)(7416002)(8936002)(21314003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?otSzbL+wPMErzb1HCkqwj+dSfue9GPHjoAAlQi88QS058Y/CnOff0HJSPrIe?= =?us-ascii?Q?vGKzXcVqxHff77tuWTUA0WSJs40h8n92KLTIXuOlXqipnFCSv7A21oHHiaol?= =?us-ascii?Q?nuB4O+flfS1j5Re/OW0VS9My5ZgfA6lNI6qDBz0fVT3hGPuL4Q+P7Q8Zeuqy?= =?us-ascii?Q?1gaztYTSm4J3eOrymHVyU5GfC825VSLfKE0vFIU/0OCIKDD+r+fLjWE7e0mm?= =?us-ascii?Q?fPEK/2SZVF1Iy3hBy/Ek8pEYu7MsT6glcYzvsdAPgWqckI4vs8Al6xLNKprv?= =?us-ascii?Q?0a8ysccT8/iJ7ZuicLOM/pVHbPoV1B2He+HPFnsF3rySwoVmEr1FlC5PqucR?= =?us-ascii?Q?/XgSEyfSuffXsl0YXP3ojLqu1bCMtHFNl3OQQEF6+BlqcRWorTd7CVgXV9Ja?= =?us-ascii?Q?hxuMXXPu+rcCdQHK6FZVivJKUlWnZoG9CaDYTidFAIS09YJu3alBF3uo3gGT?= =?us-ascii?Q?KVHT/mbDtD/5hvuV8rt9WmYqQCN6dVLl0oLNM4aXwHO1GRczaJuV72ItGvgP?= =?us-ascii?Q?vhPPxal1RSiSvMfnjI6Br+8tUoYTRJhzgVe6f6SgxoX8o3J6at32mbYjkWqF?= =?us-ascii?Q?9G7JuIDSZIPCVxVixUhX5BSkQP4zY2d3eJJQDiltwAw30CYWgAT8TexEwGPe?= =?us-ascii?Q?7PpJmbLqexUMRah51QBDNtWgA9zsvjWO3JBppnSuh7RpwWjDEdr1iomgZIov?= =?us-ascii?Q?tydzu4gGuG4caL7Kzj9ZDnV0baEP3RBLr5u94QZqniyp3GSMkZ7xaL8byxtX?= =?us-ascii?Q?NmiF34+K6gjtmHmQJL33gb8zTyoFSno9leMwQGwXtZSxwfFPiwpqqYuEVblB?= =?us-ascii?Q?ElTCg2grFZKAMMl1v28hTqXXIbGAA0T/GYjmj+BRpcbHC734pX5vPjYlML+q?= =?us-ascii?Q?um7UVxwKe/6FLXYxGOlt6J2OOgTxhY2pRVVB+ELLXssN254RstRQPb5N2hvB?= =?us-ascii?Q?ZxBHzqxyXio/3+66Heru5gm5Xe4/lzGZHv4WLai0ci8KpqrWVoWkFI0iwbnS?= =?us-ascii?Q?9iQsjudn7b41Z9yBZSl7hCMMsiZZ/tbUhLM6CiamW/g1LvoO8f4UTLPIHVvA?= =?us-ascii?Q?Ui7CF3UUjeluSeRzk/zBkhOB4VcesX5jCgRcjEBHOYj3+hwv6DANXm4rXbLn?= =?us-ascii?Q?9EKF3AaggH5s2GIH12rAbIwK546ZDmtuG9Ge1kC5i1R/hk1C8+MdWPNgeo0f?= =?us-ascii?Q?NlwdgL7+sDpJy8QZ1RtvuIXahQEP8UvnNBpQo/RM7D9Ms23LocLpbhWMIk3Y?= =?us-ascii?Q?kwxi3Q9DxCKHXxdc5d4YHEVe1ozsf4E+ubH9cYZDhA1XpMwU4bbDhEL+bJim?= =?us-ascii?Q?J3xQClASZYNhTNEXRZlAc5H1YfW9Tr2am9Ar++ZkQ9M88cbc2xZ540qr20Q9?= =?us-ascii?Q?rlYMVlZKBPZ8QetC6eLOwv7bYofsZiZXFmiLraMAmREChMJeJzUeCe7xlizG?= =?us-ascii?Q?w8FQZunFpk2bD2wE/RT+4sRLTxRlVd8Y8fD+yCpkEbKj/pi898NZYmo09h4C?= =?us-ascii?Q?W1SaPPX52ZMFoJnQg6EVXAkLf++NNcBqqYumAjrrtJoByYRTDgAkAjRutOlx?= =?us-ascii?Q?42eiPBojpwPgI5q96Wtgcl57aSOlxQWA63jzFIkY?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d90a3e3-1ce6-4acc-07db-08daa792bbdc X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:08.8918 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: scdvJctj0bTe5Yi+XgKVaIt1z+fri4OQPjA0n52owvbIJCxck/P2S8O8p1pJgzubRGSweqbnfKwaqmy3WBlHQA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB8523 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Consumer of the kernel crypto api, after allocating the transformation (tfm), sets the: - flag 'is_hbk' - structure 'struct hw_bound_key_info hbk_info' based on the type of key, the consumer is using. This helps: - This helps to influence the core processing logic for the encapsulated algorithm. - This flag is set by the consumer after allocating the tfm and before calling the function crypto_xxx_setkey(). Signed-off-by: Pankaj Gupta --- include/linux/crypto.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 2324ab6f1846..cd476f8a1cb4 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -19,6 +19,7 @@ #include #include #include +#include =20 /* * Autoloaded crypto modules should only use a prefixed name to avoid allo= wing @@ -639,6 +640,10 @@ struct crypto_tfm { =20 u32 crt_flags; =20 + unsigned int is_hbk; + + struct hw_bound_key_info hbk_info; + int node; =09 void (*exit)(struct crypto_tfm *tfm); --=20 2.17.1 From nobody Tue Dec 16 10:48:59 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D54EC433F5 for ; Thu, 6 Oct 2022 12:04:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230331AbiJFMEB (ORCPT ); Thu, 6 Oct 2022 08:04:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230482AbiJFMDX (ORCPT ); Thu, 6 Oct 2022 08:03:23 -0400 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80054.outbound.protection.outlook.com [40.107.8.54]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9EA359E0EE; Thu, 6 Oct 2022 05:03:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g983v0DHYWBnjhjobwEMmj8H58yKxOvP5t6YPamP6gG2oy7j8/Hn4OYi3jwD0gilpZpyJqmEoX7buT3E7xXQtcUmEh5cIj/TOO15Ia+t4SA/5EftBfgUxhC4GSG1dh5tGhz09ROR8SytMVYllco7lHFX+x82+ep7hSeP5T3/wIJKPbWgMIKqUOhc8jZBYYcvY1sIvgnpoLyHmvwBHT4K0lgIejithe0iCCuoHamO4AlLWvvMF3Xr7NxHPJf2kZnGgHgqUTHmRzhbjwzDqH7ygb+axzFSG26iwPVzePHz+dN8G7VwPnNy11eD3YVmtVjUX9UvX2smM9C4582J+oNI5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C7YbdqO+/E4zVo+1YJyFVZGcdSM83A81NT0btdwkuSE=; b=jPKpCEz2Azl7UqsA/F1xhn+VQADyGxv9PfF9dgYnxtQFsYvzcXfDedBPe8Ic6/nuk+LMT7HeQmw9KRO5ofh+jsmI9KnPZJoNl4wnLI4NYg4tFFwD0cJ5exXQQ4EEb2fUURh7TqLR/bwEqzzYxa0lFA2cs6ng6ENRu8Xz2g5rbOxVMJSAOMJZoHAqVS7MOjdCD+T3keVyuS11GlBOCrkcJDT3poDSCW/1gb7mbWS9k58PLdtVPrBI3e+yjRVUu214UoSO5uRxvfrYHzJFo7x0zf8Hp/nAGpnFZ+0iX8C1AKDv207lsPobn/ZyVJa7yqgsCRrsh+NJjjuuyBK+QdTdYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C7YbdqO+/E4zVo+1YJyFVZGcdSM83A81NT0btdwkuSE=; b=o6Xf6DshfNzOOv1cl+HqT163olY0YQ7zheJEU5Y24w29N8gg3lCol8RTzT4CDfruy/M5ZLoee/FG1M5RszhmLLBh50UTSOeHMT9W1LHZownRnAolbHVE2eyTSCuSaKy0AY+GvYm7LbeC07m4uy6fX/rum/NwlF1nbuKQ1XOTzh8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM9PR04MB8523.eurprd04.prod.outlook.com (2603:10a6:20b:432::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:03:16 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:16 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 4/8] sk_cipher: checking for hw bound operation Date: Thu, 6 Oct 2022 18:38:33 +0530 Message-Id: <20221006130837.17587-5-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AM9PR04MB8523:EE_ X-MS-Office365-Filtering-Correlation-Id: a448c558-63cf-4500-c91e-08daa792c084 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: obDUzDvgzq1foSSvVzThro01boAf/9zdoMUgyJpDuiXJrj9d7HLSCmb9Lb3jNV7ZU1SetwM2H2Hum+f88Vt39rA5wrfZo1enLSsrMQ3VcJeU9P4eQzP0tnkC/UHCqhcqC4znSXJl8nYAOznwr+49SXyPZak34l5sEIZbQU6PTisHxbyoAj9dErymLYeOrQlArGQkQHWqRn6NATtoAFY4JAIy8UvDnMtomKAVYtrKrh9oLtVFE898gKUuIUTbAcnYR0uPe2z4IKtTZg5yvrJx+a9u9Y/8kNfXm4TTRbIxmA3fyYBOSfO4PkbCPrbom+IUXzUq5DfYgBSRUjI1jv89+oCKV2qhiYHO4Ax2g5yUXkNr+UAccZwCqDo+T9FBkTDf3UZAmCv7Fu6MhjI6GmeJnDMJwNK8Yhsh16Rk1b6iyLtniYm70NhrGCwqGpieYBqp6ADIjrxoKzoNhpqNnQPytYYAiJ/NCyioaLhJxuRa79moAhw3ajBMi1WGZAX2ig8tHVRrzFMB1Wx1hyoIe2zq/odjbc67EPKJc3cGuPz8sVMP1RRM3BprEM394xbw16GgKYnHBBIbBoDxHgY747D0LqDX+62/CVb9HcdL9cbh/MrAJYgxk3vW1GGFKWOwtFSN/nMqqsZVy5bzvrsYH6wH3ceBTBAcXwNd05H9ASB9PdKHc6RQcaEIqH0ZhQ8tNZ6R9D/C/p2Xo+Hc4yP6J+UAZyLL5xH5t/kOnk3Z7VZAS34LhTnQjY9MCHAEvoA36KfaUdT9HAimdlJoyPwP50xewEjlxuCkVnN1rAsZ6ykNGlE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(451199015)(66946007)(66556008)(4326008)(66476007)(8676002)(38350700002)(38100700002)(478600001)(83380400001)(1076003)(36756003)(41300700001)(2616005)(186003)(6486002)(316002)(6636002)(52116002)(6506007)(6512007)(86362001)(921005)(6666004)(26005)(2906002)(4744005)(44832011)(5660300002)(7416002)(8936002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?ZCJm/1uPIbKzQ9zWyNMOOr3pFp3lgLhNV+PSYkJujkVo8XuVn5/7Oe+RGaWo?= =?us-ascii?Q?/C2VUCEuYqCWPgIeTmOEWOiNWYOwSQgSGn/6K11y5aByHsbgmLhtYlfIq2Z/?= =?us-ascii?Q?6PWQQg6na9mlcH6MRKY2u2bgYFa+vMywrsEfR+rhFxVvJrAwo74PR5x+7ymH?= =?us-ascii?Q?D8dD5vEqzSUMwQZrLPw0JIT268+931Aj4AHVBznTHMPxO87maxDyCHCS/vk7?= =?us-ascii?Q?KykpnceqeOkUaZ6/3qSXhy+7Wz7hcboyp9piEUr4D/G9X26NkoSxtoz/8Lz2?= =?us-ascii?Q?xe2SXdAALlOwxm5rjP2kBbTRhjaJaKiROULoc3Uh/iUUMyYhkJtf2Nqbj7KU?= =?us-ascii?Q?DDUzdggfF+GjVpyWcIX43ipUtNr3lIjgow2UWm/ESaeb88XH0wI6D9a4UNqT?= =?us-ascii?Q?Xfrkl2JRArtn+2jgqNr7VqXG33mPJKxRjPPIPgYF6LlNdylvujeqzBe1+7BE?= =?us-ascii?Q?/MIgkHVOshwqGWl4yNbfByPWPxuw6XJfxyvTdQjB8+LApqSR/X6ZARslWqJ5?= =?us-ascii?Q?mmv+/NjfbuOOO5xW83abswdCuE9e072vhqNme4W4nmsy/MSfyzo5mUaJ8hmx?= =?us-ascii?Q?zF2xiCqKWZsarE62FVVqviWK7W+d5B6uNx11uHZIH2OaQLWIa7beNk/PHahM?= =?us-ascii?Q?DSLyJWPxt7kKX1bnqSud9Cs1tsqv2mevgu5bE/dKGe6d/R3aMBGEa1J0oRZl?= =?us-ascii?Q?WyEo1XWqW4mtMdlsjBBrO16bwoIRmk0N/1Oerg493XJwnmZ4H9VZZjaKVz0Q?= =?us-ascii?Q?/yjFsqK8Rz3MRQnYXq5jzoyQeRHD12aAsobDhiT2T24aqaq+9VtlwkubDTBn?= =?us-ascii?Q?M82llVMRzP43/uQHycbeIzGXO1UATlVKjRtg6GoOUDA90AdGn79YsyqSviz3?= =?us-ascii?Q?Ssk6By2kk1hvXMw3knDNZmTu+0CE1yXggK+fFHK+kpYnFygYrVHhqUBUoS8N?= =?us-ascii?Q?EhAnhvPUNAy2+MBireyTxKXjQvDA4wSA/VaqLfZ0jVSe5eTIdSD7xD1O7pZz?= =?us-ascii?Q?SyDnqW1GrAX3a9XH18IXBiY/D6c+7U1RH+2py67VclXLaIF7djTlfSX5qJ0b?= =?us-ascii?Q?bUYervskm8OMAqltEikWXVfstU54jLfD28KUBcaC7z/JcL7AvKvd4uy5UWii?= =?us-ascii?Q?1/2cLrCusXyOjn+WhqWG1gyiZd8q5vdWWFbiI9egSoj221es1fhF/riE/A8F?= =?us-ascii?Q?ajXWdKYx24E4A+q4JQbpqEkW6XiAdRUNstx99TAd1H9eWuxvi5KLiDSnBLe5?= =?us-ascii?Q?ecD+reHY9fj2qXqrPNSuxSF1MWDrHrEc/pU3cC4n3sbziLdjAL98wxJab2+e?= =?us-ascii?Q?E+yvxp6o0oei2LEMg/dDPzK8VFQ01SFMkfxHXLcmcRFPw2OhOAnuEc+6z/6X?= =?us-ascii?Q?fBScf8fmQmzs/8bavqB0crG+Q4Q1rdynOkRc+NNicjthkBPrY8qQVGnBDu5K?= =?us-ascii?Q?ONTzq22t/rL4p49sZ33GWEx/ol695/bo3wXrXyZ2fCLQ2VxTfY3xemfbtnJJ?= =?us-ascii?Q?msZKPT8mVQT+pyY4GnAUN/XhTO8X1F6HdnUwvZBlGZQTG0VczsccKmjdtLle?= =?us-ascii?Q?8/tnwCqYbpiEzk5NdfwHAC2um9w290c6UQ0X8Viu?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: a448c558-63cf-4500-c91e-08daa792c084 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:16.6931 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SC4/1chPpKYCILiSTmhfPDxCXXsPnOmSv9bV3x2+HuPx9055iQHH8p+Id6yoZSSk/5XC4ssn+BdGY1nt7r3wPQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB8523 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Checking for hw bound key. If yes, - skipping the key-length validation to fall in min-max range. Signed-off-by: Pankaj Gupta --- crypto/skcipher.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/skcipher.c b/crypto/skcipher.c index 418211180cee..0f2d0228d73e 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -598,7 +598,8 @@ int crypto_skcipher_setkey(struct crypto_skcipher *tfm,= const u8 *key, unsigned long alignmask =3D crypto_skcipher_alignmask(tfm); int err; =20 - if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) + if ((!tfm->base.is_hbk) + && (keylen < cipher->min_keysize || keylen > cipher->max_keysize)) return -EINVAL; =20 if ((unsigned long)key & alignmask) --=20 2.17.1 From nobody Tue Dec 16 10:48:59 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6D7CC433FE for ; Thu, 6 Oct 2022 12:04:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231126AbiJFMEJ (ORCPT ); Thu, 6 Oct 2022 08:04:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231187AbiJFMDf (ORCPT ); Thu, 6 Oct 2022 08:03:35 -0400 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80083.outbound.protection.outlook.com [40.107.8.83]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43DAA9DFBF; Thu, 6 Oct 2022 05:03:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VlvC67Z1enkQMkmSJlQ39YS8DTbIeZuD7ky5llukAazVLi6Hxsd8Eu1Mb7DSX9UJvPvM6sKRVDAnCadaPShccHuspaeo2jF1LSw42tEyhAvQk1D1+Qf6IrCu77ocn1D6agalsB6zDjoXwD5HSEH22MBYZj+OGX3woxJhuT1SFiwJPSg9ZqZyurUqHe+sSaS4c+/1+SKmxRDCm6ncDAuflDSTHxjtUf7UZBYnlg9lnrWkfdwdci17cbfzuhidAy6d36IkzwUK97z78oY/a1+eP92liSefHEnsHQxJiRTLoew+wEt7gPlaamvKYk6UXOLkguadWH8oM7kRZCQ2EOo9Ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=o2UritZ64XhuLuHlDNnnLv+PulPgSfha2l3qQaupvMU=; b=oSDhUxjnqZaiyLjGw3AbOMst+YUO/VeUA8VFT0bBj/fLcSLDJhk8IZ3mB+k0kxGyu8bXB00+FRHSVuP5hqgnOI0nWQhlgUkG3mArMcfJ7GtmSRC+HmJpsIqkZ8PsxjBaMZCa4QpBE/5I4jFg4AT3Q5wRjOfRWxNMJbjCCyM8a8TtoSuxBReSquUxQ0bIy4F5dgjEzzDC2HmJnSAXCnf7jJjBQMfAZNVLI15Zny1TYUtZQjOEyQMLUOcUnbpCRz551RG3DbDFO7heqLClFJqw2OnwpEF1rgZ0x8W5FNT5JwtdDLEX7WWhJcXTEnDMGTOfV21+GJgFsTC2xUeu+0RE4w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o2UritZ64XhuLuHlDNnnLv+PulPgSfha2l3qQaupvMU=; b=QX5iQptiCSO87n/wxzXY52cjXIaMotgimCaJmHYs0W+fphSWDf5QmPkFa0KuLogn8w4UouZd1Az+2Qr8Xz726Ns61uxdayq1eAICMyTj42GW33UtupM7HgNcBNIOUxwPldk316CoeVgx1aHsEnY54RgK8U21t9mEZN8yp79IIWo= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AM9PR04MB8523.eurprd04.prod.outlook.com (2603:10a6:20b:432::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.34; Thu, 6 Oct 2022 12:03:24 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:24 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 5/8] keys-trusted: re-factored caam based trusted key Date: Thu, 6 Oct 2022 18:38:34 +0530 Message-Id: <20221006130837.17587-6-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AM9PR04MB8523:EE_ X-MS-Office365-Filtering-Correlation-Id: 23a599bd-0eee-4aff-04eb-08daa792c540 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mBgm7ZPmylAiKlsaeZG+yIS2p23v80cBHzGjZpfkGPqH4UGoO/AwtxW0ZAXUWEUo0f+4SivS4tyU4UnwosV6GNLFVyVWnwx0jTdY7GA5JehlOS9ck4xykw0KdxENmJRjuM9lQwJWz/QGr1KepYF0+r4pMWceeyRKejEAmklNT9zd0SNSXqxYFAPcvW3f56hYC2pa0JhOjmjjDuXq6ClGOXbVux//rH8+EHm7WdLKKvSjYkaz4dlD5S8j/AcvipX4ovS2M5yuXji+pQrprZUVe0M/iLNIExq+bYc1lBZC0fYPhhIXtT3W8TW3PYpltSP4P02lRpjBOp1ani7zeaSN9oKawAnR509d0bTdMTks2aJTm31QIJyIsUxVOn4ZGkeYcgL254PepFVUv7Vr+cagdF3fmN4ot5zbXXK3VMrOeDzfN0fNaizCZaeZGqEttGxsEKsiMwxFgYp07GYQq/buTQf7dkeOizKzYCqR9oV+rCfiPRZ6cGFEhs0s1jVK0bzId/Q9a5q0Xk6VGyFnSlfIMs2ZYUfSSwNvyzTAqofvl28jwABA4RoL0SaX4JvMmqIpyzQoLC2SHImrSF0tY94AKPL1/tmliYm0lT1Qm+Nz4LVdgHqtVhBbl1xBjlhV5gUx8nnM5dM8HzjrcnRAmV5PAZbBS7WjrH8Y5YfGd4yx/dNJzzOtUmpZN2nSiLPcgaJ199BzJgSiPTO3seXt4U8DmpaNV6SDaBuazKOccGB5NCWPRxbNa20fOpFLhZ9kNQVJ+VPN8uW3M99D9EWs0v/Mz7RfK8bodCTR5Uz7gWAySX8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(451199015)(66946007)(66556008)(4326008)(66476007)(8676002)(38350700002)(38100700002)(478600001)(83380400001)(1076003)(36756003)(41300700001)(2616005)(186003)(6486002)(316002)(6636002)(52116002)(6506007)(6512007)(86362001)(921005)(6666004)(26005)(2906002)(44832011)(5660300002)(7416002)(8936002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?e6e+SMwx8GLMUlhorOigOYNoJzM/ABDOWYoGz+nh4pztMcfuqTBdCcEs5RWp?= =?us-ascii?Q?bZ3crDvn0vloTH7SQIvhTMypan7HN/Zllg6A9xjyqC8l7yDeKeb44PDilQpb?= =?us-ascii?Q?9FqEsAaRO7cQIJeB3TF7sw42I8GkSir7cxelc5e9eaX8+I9c8mfsVe5TKUgc?= =?us-ascii?Q?iQU4IlcOQ7AzDNkIP73qwUMY/xGDe1jbZvoXCZUo7WP/ASFlFeIZOKHvRnL1?= =?us-ascii?Q?oHijM+Y7obuipBRVV3gv1Mvwbib17u01wBqYAnkvb4r0yRMjKMpQUq6L+5W9?= =?us-ascii?Q?9KP6wDH5N9qP67sBlQRPKOWptOogm6DiMNKdeS72MqKX1xq8Fg+PRw4mHWbC?= =?us-ascii?Q?6htx9eQGIlTsD3c+4/nUzDlSzWoHSjx04nIz9ZctpX9oqqiCbJnldKtCv8GJ?= =?us-ascii?Q?RzD4yXFw3cSOkbuf4/HXIhoYd4ZAKeNxEYbHaZ0dxoutkRRCKw9rGUyc2LJI?= =?us-ascii?Q?U11ujtfJ3cnLeLJ43feA4ztYtejDpX2UskxGKubyjFjvNUmjH2lJ29KOcN6g?= =?us-ascii?Q?7+1qbhPhMRl6dzH4GMQPO2FZEdj4A2622XWjPv/F5c/cqxgjzYWKne4qgLSf?= =?us-ascii?Q?YztY69n+cp19TBzTPIRRAPuvkjUnVlafQhWaXpn+8XxWETORUSWhRIGpxQdl?= =?us-ascii?Q?O8GgKZoyddcCAazkTYsJPJWQsmCGmOBXB01DvecBq0naUXTEf+VQgj6em0Pv?= =?us-ascii?Q?XfjIFcwxlElbQHhVtBMWtRkVRUANDrQmO6uWNwrk0Gzf0muppZDOigeuHeCZ?= =?us-ascii?Q?6Xua8fFtUo/DImkiMBVVEFtbMn5LVUAeZvfAbv0xUjq14FhUG2hPmIZYSHFz?= =?us-ascii?Q?B4/7JkQR8xi2r0jgNdd2SvtATW9J8YA8v0vDsQBlgfeffCniHFLxqesDWvqj?= =?us-ascii?Q?9m8JlSynRl3YGlj/Uu05SpIptQwxPHvvEUlJuf0P3K8negLW+hGPnOWx0JeJ?= =?us-ascii?Q?UiYH54KDbzRhiWDF3R72Xl1AXSpLxymdQ/Lq9w/UBnihT721U+VmkNfvNpYp?= =?us-ascii?Q?xZCx2Z8/R+cBgQyxs8SyYaa95K1rZJy2sJiy3P44No9NdE2GRcplAtIniBKB?= =?us-ascii?Q?FD5tWIg2SDkdlS2GLhRkdr1MyMOG5tf/QrZQqGuFwbjtuW9NNWcR6VDDnkAE?= =?us-ascii?Q?/VuxAveG1bMTx4wI+smKJdW7JIcQlkyHrobUUTncko83vrLyRGF4wav26oBD?= =?us-ascii?Q?RIGDIcu0t+SfNk62DxTSY/Zv05Ms5xMkGZKqzvJf3uWxUu+dAaqt931OQu8e?= =?us-ascii?Q?oc8hfBofTalwNYqx+P/U+gQSEpSN6dxS1CIs7Mysk2mYlQzqHpc9Z7txo+mW?= =?us-ascii?Q?e/BTTmEejegX7W/xjm2K28IUjmhXAk+AanhSyTPfDgp/Qh//I4yGlonkQ8pJ?= =?us-ascii?Q?mGCzUAsySSHkjZKZLQ9dRS626DtLTXM8Fj3Bsraczp+LGRKlbZSO7X2Rd4wT?= =?us-ascii?Q?vgheNSiN8DANDF28lVhIncglolUbrJLDyt8F84Qvf45bZk0D/w0M28jtO6Uk?= =?us-ascii?Q?U+FHN9tEV2ndRfrMnVLGrXoH+NxXvbDZyMhe8NJ4vLlctZ6wqgC9K27S1ku9?= =?us-ascii?Q?e9JtJRU9/+WXIwldoPikW1vNQqxHcghOCj+kAWDa?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 23a599bd-0eee-4aff-04eb-08daa792c540 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:24.5998 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YaLS7Nz9i6NMEmMgvwbwm3HD1t6HOnTWeaIOJNJ7KU2+YPx2R+KGOzflsPhXIRxYeQ7KFb0C+NQruwQV3l4vvw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB8523 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Re-factored caam based trusted key code: - Two separate definition for encap and decap having separate code for creating CAAM job descriptor. Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/blob_gen.c | 118 ++++++++++++++++++++++++++++++--- include/soc/fsl/caam-blob.h | 23 ++----- 2 files changed, 114 insertions(+), 27 deletions(-) diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c index 6345c7269eb0..36683ec9aee0 100644 --- a/drivers/crypto/caam/blob_gen.c +++ b/drivers/crypto/caam/blob_gen.c @@ -2,6 +2,7 @@ /* * Copyright (C) 2015 Pengutronix, Steffen Trumtrar * Copyright (C) 2021 Pengutronix, Ahmad Fatoum + * Copyright 2022 NXP, Pankaj Gupta */ =20 #define pr_fmt(fmt) "caam blob_gen: " fmt @@ -58,8 +59,19 @@ static void caam_blob_job_done(struct device *dev, u32 *= desc, u32 err, void *con complete(&res->completion); } =20 -int caam_process_blob(struct caam_blob_priv *priv, - struct caam_blob_info *info, bool encap) + + +/** caam_encap_blob - encapsulate blob + * + * @priv: instance returned by caam_blob_gen_init + * @info: pointer to blobbing info describing input key, + * output blob and key modifier buffers. + * + * returns 0 and sets info->output_len on success and returns + * a negative error code otherwise. + */ +int caam_encap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info) { struct caam_blob_job_result testres; struct device *jrdev =3D &priv->jrdev; @@ -72,14 +84,102 @@ int caam_process_blob(struct caam_blob_priv *priv, if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) return -EINVAL; =20 - if (encap) { - op |=3D OP_TYPE_ENCAP_PROTOCOL; - output_len =3D info->input_len + CAAM_BLOB_OVERHEAD; - } else { - op |=3D OP_TYPE_DECAP_PROTOCOL; - output_len =3D info->input_len - CAAM_BLOB_OVERHEAD; + op |=3D OP_TYPE_ENCAP_PROTOCOL; + output_len =3D info->input_len + CAAM_BLOB_OVERHEAD; + + desc =3D kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); + if (!desc) + return -ENOMEM; + + dma_in =3D dma_map_single(jrdev, info->input, info->input_len, + DMA_TO_DEVICE); + if (dma_mapping_error(jrdev, dma_in)) { + dev_err(jrdev, "unable to map input DMA buffer\n"); + ret =3D -ENOMEM; + goto out_free; + } + + dma_out =3D dma_map_single(jrdev, info->output, output_len, + DMA_FROM_DEVICE); + if (dma_mapping_error(jrdev, dma_out)) { + dev_err(jrdev, "unable to map output DMA buffer\n"); + ret =3D -ENOMEM; + goto out_unmap_in; + } + + /* + * A data blob is encrypted using a blob key (BK); a random number. + * The BK is used as an AES-CCM key. The initial block (B0) and the + * initial counter (Ctr0) are generated automatically and stored in + * Class 1 Context DWords 0+1+2+3. The random BK is stored in the + * Class 1 Key Register. Operation Mode is set to AES-CCM. + */ + + init_job_desc(desc, 0); + append_key_as_imm(desc, info->key_mod, info->key_mod_len, + info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG); + append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); + append_seq_out_ptr_intlen(desc, dma_out, output_len, 0); + append_operation(desc, op); + + print_hex_dump_debug("data@"__stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 1, info->input, + info->input_len, false); + print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 1, desc, + desc_bytes(desc), false); + + testres.err =3D 0; + init_completion(&testres.completion); + + ret =3D caam_jr_enqueue(jrdev, desc, caam_blob_job_done, &testres); + if (ret =3D=3D -EINPROGRESS) { + wait_for_completion(&testres.completion); + ret =3D testres.err; + print_hex_dump_debug("output@"__stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 1, info->output, + output_len, false); } =20 + if (ret =3D=3D 0) + info->output_len =3D output_len; + + dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE); +out_unmap_in: + dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE); +out_free: + kfree(desc); + + return ret; +} +EXPORT_SYMBOL(caam_encap_blob); + +/** caam_decap_blob - decapsulate blob + * + * @priv: instance returned by caam_blob_gen_init + * @info: pointer to blobbing info describing output key, + * input blob and key modifier buffers. + * + * returns 0 and sets info->output_len on success and returns + * a negative error code otherwise. + */ +int caam_decap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info) +{ + struct caam_blob_job_result testres; + struct device *jrdev =3D &priv->jrdev; + dma_addr_t dma_in, dma_out; + int op =3D OP_PCLID_BLOB; + size_t output_len; + u32 *desc; + int ret; + + if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) + return -EINVAL; + + op |=3D OP_TYPE_DECAP_PROTOCOL; + output_len =3D info->input_len - CAAM_BLOB_OVERHEAD; + desc =3D kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); if (!desc) return -ENOMEM; @@ -145,7 +245,7 @@ int caam_process_blob(struct caam_blob_priv *priv, =20 return ret; } -EXPORT_SYMBOL(caam_process_blob); +EXPORT_SYMBOL(caam_decap_blob); =20 struct caam_blob_priv *caam_blob_gen_init(void) { diff --git a/include/soc/fsl/caam-blob.h b/include/soc/fsl/caam-blob.h index 937cac52f36d..de507e2a9555 100644 --- a/include/soc/fsl/caam-blob.h +++ b/include/soc/fsl/caam-blob.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* * Copyright (C) 2020 Pengutronix, Ahmad Fatoum + * Copyright 2022 NXP, Pankaj Gupta */ =20 #ifndef __CAAM_BLOB_GEN @@ -72,15 +73,8 @@ int caam_process_blob(struct caam_blob_priv *priv, * Return: %0 and sets ``info->output_len`` on success and * a negative error code otherwise. */ -static inline int caam_encap_blob(struct caam_blob_priv *priv, - struct caam_blob_info *info) -{ - if (info->output_len < info->input_len + CAAM_BLOB_OVERHEAD) - return -EINVAL; - - return caam_process_blob(priv, info, true); -} - +int caam_encap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info); /** * caam_decap_blob - decapsulate blob * @priv: instance returned by caam_blob_gen_init() @@ -90,14 +84,7 @@ static inline int caam_encap_blob(struct caam_blob_priv = *priv, * Return: %0 and sets ``info->output_len`` on success and * a negative error code otherwise. */ -static inline int caam_decap_blob(struct caam_blob_priv *priv, - struct caam_blob_info *info) -{ - if (info->input_len < CAAM_BLOB_OVERHEAD || - info->output_len < info->input_len - CAAM_BLOB_OVERHEAD) - return -EINVAL; - - return caam_process_blob(priv, info, false); -} +int caam_decap_blob(struct caam_blob_priv *priv, + struct caam_blob_info *info); =20 #endif --=20 2.17.1 From nobody Tue Dec 16 10:48:59 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 541CEC433FE for ; Thu, 6 Oct 2022 12:04:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231301AbiJFMEe (ORCPT ); Thu, 6 Oct 2022 08:04:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231292AbiJFMDv (ORCPT ); Thu, 6 Oct 2022 08:03:51 -0400 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2078.outbound.protection.outlook.com [40.107.20.78]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 015BF9E0FF; Thu, 6 Oct 2022 05:03:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LUYVFHGLetpBMXujCCzjU4J2eFAa9zi0/GK68Jav68lHRU6Z8QZe++JX0jX5AM6CHQ9t+zNSfD5k7fkwT54QWELQuDFM6rJcr1cCryRJdg1wsxFb9kKUE9ip6pw9ue84L8oFd8EZWNAvMq2QomPRjp928DcjuCYmwubIhb2xf+cSKpdVa0p/dSEeleOOFRzYGKWomrPuljy2Q8fJhbgWwo0WZNiFAUOTWEiWyWw17H5e4bf4aFVHHDZM/V9kSQyE1x7Io1EKVvpO2fzy8Vyg7CT5M45PcKboc0cYe8cJFkGewYY9KfwUZm7oojeBo6GjY1iMYFfV7HjO2JPEwWRfPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PQQVzVk1wfibk9bdpjQfi8CXKdBDOHMEi7f9ZwMZzlM=; b=BmTUhlyF1hO1eQ59t8hgAT/TrjB3cOXwlNF1OIZYGzFxb9PE3NR4Zg7l30gURZq4qWfHYhHzIqhbtbHcFLpVUB5t1EPaYddyLAknnG04TjTdTXsOD8mK58UQ2waPLw3YnY7/06NbRf15ZarjMOHqM9w78QtqJ5BP7TuusL1R/Ed7GB2FZ/Hsc+VCe7SMsNi638sMLqwOcFpKMTlR8U0lSNhGpANcgsADHYPcJ7es23KuPWXVhSWkHP3uwZxhhbKUSH9rwmpfMz0jvjJD4fdv2FzNzlzu7v7voFpDzZP+l7z3CLWyK08mjAP42L1uehHe9zUw3dll1psUE4JBt8A5Gg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PQQVzVk1wfibk9bdpjQfi8CXKdBDOHMEi7f9ZwMZzlM=; b=CFbI1M2sgXRYk1aGNnTkT47FTQMV8bUVLjMI3Q/jyfMA2IJFbwFRtkV3UHPHTS44EKrzjapBBIuW1mFqn8Qg9fNYrK7UuISYbB9mnxVo9c6y+C8+SR/WjqCZJpGTu8Uoc4Zcy0oqbJT2hnBJq6nstKcGLmqtkEPOOl4GdPWUqHk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AS8PR04MB8245.eurprd04.prod.outlook.com (2603:10a6:20b:3f9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.32; Thu, 6 Oct 2022 12:03:32 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:32 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 6/8] KEYS: trusted: caam based black key Date: Thu, 6 Oct 2022 18:38:35 +0530 Message-Id: <20221006130837.17587-7-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AS8PR04MB8245:EE_ X-MS-Office365-Filtering-Correlation-Id: efadc8de-e4b9-4fa1-014f-08daa792c9d6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HBfFs0FdOQWgS2E8GIu/fsF/QnVPbI0tTFQNqXXnAjNXvZwuatNSbIMzuCIvQuj3Lc7jtN4MeZNlQz0i0sUW1UHcqoqkurCJjMgHdbqKL3dN6H+HZ91PDspUeldNUed5NoXjSnJ1C4IkBQcLNmBg0yPJiWLqGBEa2YsM2pzGv91zWAXXkD4Pu2ijHi21YWsRKtcFqSAqc2s845ilA9lrZ9Hj58cj2Ka9oJdsOqNRlfL/Wh0TKoDZ1nDBDkMldUf/bcCIm0WZ/+VSYnyPmL4PNqFNFuxf467mINcQuOizpO5l1BVZ8DDVZb0RWbvv9GdQh8Zxw89F7+7G23Mvk8N9fBfc4EsBX2tAbhC4CuGSKTgeHWfnloVn9k4iWCoXHGbTjad0gRcIyadUOkPPeCRwOaMB/8FsDAJGUwIgO8UJHZw9WucTDDszNEJs/zYYm5TvOSw9qu6C0vGkfbGIpy1teQKXgHwXYKYTNPTAlg3Pi2iwtJtoj1jZWEr84NCIv+kwrNRXT+z8I0WWHzb5bHrjp4V1MlxYwrs8IgNPMXGUo5lwgG+3owH38LuobLW0M/7Rti79U2EIyYpxz/alC5MY2QxGCg5tX1fQ2Ulu81pp4zr/xz+djFwWYYghXTxN9ejmzbuQP7PqSCvEOLQuXGSOFy7EIJ82QTKOEvR1yZk0G9CEezGOOQUrGpOm6EOWZPbZx9k9wWLSFrEc2V97ddn3HPdnrwRofFy6ho0U44YmcMn3DfsY98r7gw5aK3wPfo0ClWSWxJ3qNDW6IjhCR+xsgQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(39860400002)(136003)(346002)(366004)(396003)(451199015)(2616005)(186003)(83380400001)(1076003)(38100700002)(7416002)(38350700002)(921005)(30864003)(5660300002)(44832011)(2906002)(8936002)(6506007)(52116002)(6486002)(6512007)(41300700001)(478600001)(26005)(6636002)(8676002)(66476007)(66946007)(4326008)(66556008)(316002)(36756003)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?VLWh1KEDCEi11UWHGGByJLYYjOI7NNnjsEvgB4HKv6i4rNaP3EOwWFlYNvrg?= =?us-ascii?Q?oQgCIwyczPu8opYp2o8xEq4sqU4NwCqGIbi2WreovLTEOo2XL6mgMeHCiH47?= =?us-ascii?Q?1XtO1QHCpuoaVUzrH443nZCkP+wh2IAcP2JaXXpQzoxV2kRptFYGn2Zn2c7G?= =?us-ascii?Q?IlfMvB8pxHAfdO6ryCG9FX4H5DFEq6wtHNA77VNbZUNMyi6cJts6lTZ/sC1Y?= =?us-ascii?Q?lkXQRsAwEz9oH1qabHQvuiWvxcLk9eJkzT/ni5XDkXdjfcs+HSE1yOAyq28E?= =?us-ascii?Q?FlB6uFZGLLMfKmfSOGihejPqulCYa8yNcuoDvurYChvWHANA5uWhZzuAqXQc?= =?us-ascii?Q?0O3NYP/T2fRh7Qigs88Y/lx6e7MdL9gTNPxSBKVtA/7/SiRp8ry8mMHVt8sB?= =?us-ascii?Q?w7fMzOPctVztFQ44ZJWCT3bu20MfWVcwVV0C++WZxR3gZjUF0LyCFZTWBYGg?= =?us-ascii?Q?VCzkyG6qlzXoePlXfjNChfQgazs49J5jYoo4K/kkGTtb6z7Iy9afv7v8R0fQ?= =?us-ascii?Q?6hehXybV8rYk1m0P2J/omdEU1sPIolaSdZklbdLVVQ44ulESktCrzIpeD8Wd?= =?us-ascii?Q?gGl2gCjcAmgr2vv4tOOrAIZa5rvcCcmh9oh9CXKsb/BMhB+goVoJXepErJgP?= =?us-ascii?Q?WqMawl0k+Pzloa5pQLJ1O0ZpOV7nkuk5nUYB4rHgZwn4pBFhivNKUL/DwqLh?= =?us-ascii?Q?3JbaVyRSkJ4jAz8L5ZeO8aIUV+wKokiTx89N/DtRMlLhsFbt0+V0liiTHYW+?= =?us-ascii?Q?p4ptr5WSgxlfQgokp/hcXqV/obbceUOc3VsjlmDcpkzeUgiRm7SYR8Qmslwa?= =?us-ascii?Q?3ZOsix+7MDUEphSWNUJnIcI9nzHi+YUtI5cqMfLMnpq/PGOxW0q2GN/9EucK?= =?us-ascii?Q?d4sl8rO4UjqvN49aN9IoP0YAnA7V++C4QwJPwV40+Hb3aGpmoT0XhR7cMq5Y?= =?us-ascii?Q?7/CGFzG3kL5w6yGo227DGWbVF7SGq0UOhCddmRhvZmFRPSu8kbIzX76Vy6JH?= =?us-ascii?Q?74WzWErUTa9pS+qVWLNMBWAcIp4uHhAPGFFD2XqvrHxi7wJxAOMf0fD2AxvD?= =?us-ascii?Q?85W6PUz8Jv8nCAw1kkjrYARXdC7XmF1AtfdOHipbrL4AmApuVjak2aekAS1V?= =?us-ascii?Q?iNNNW1mNO0R6GOsQONNk/rI/tbP8Or3XCqOdgUXgm5eA936MKmTwemwFGu5Y?= =?us-ascii?Q?NOE+RSlppTKOGNfZlRAkDfrPhiETxztrEKlIkNi0ll6HJ2Tjk2zoR6pRqbeV?= =?us-ascii?Q?xtFn/sxmd2CifYy/HLhXe1jAsYUHH9EwKcGWmaK05CBgH+OHLVdIQ/81e51c?= =?us-ascii?Q?kIxXJZpFPsOxTUATogGNpMPX7l3KfHbV/ei8iJCZuPVcUemBpZgLUCPewSH6?= =?us-ascii?Q?c7rHXAPzYQTgNfxXEELMqtoNlQjNcDcvgScY5OreTEop4NH95Ev5K9OinR9t?= =?us-ascii?Q?AGMhuFNP2ev27jSobSMtV0VvGcgV7o8H54whGYeLuATOEv5gtYcHHy8GuKzO?= =?us-ascii?Q?70/FFFrDeAum09ixieDoAVZWlW2i+47wyb1ibnNqWIMFMWke/MD5Y+HIM5Jz?= =?us-ascii?Q?FF6BomRhMeYFsQx9C2mOusXCM441QC+AbW4Z0+AD?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: efadc8de-e4b9-4fa1-014f-08daa792c9d6 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:32.3072 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: D2CsDQ44cSePbeADfRPG8K2L529bny37fBaWS1VSGIwhfufc89Qv3o+/I8O0Tmql9vHNdDManv6UddQGskj/Dw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8245 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" - CAAM supports two types of black keys: -- Plain key encrypted with ECB -- Plain key encrypted with CCM Note: Due to robustness, default encytption used for black key is CCM. - A black key blob is generated, and added to trusted key payload. This is done as part of sealing operation, that was triggered as a result= of: -- new key generation -- load key, Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/blob_gen.c | 123 +++++++++++++++++++--- drivers/crypto/caam/desc.h | 8 +- include/soc/fsl/caam-blob.h | 15 +++ security/keys/trusted-keys/trusted_caam.c | 8 ++ 4 files changed, 136 insertions(+), 18 deletions(-) diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c index 36683ec9aee0..93e05557dcaa 100644 --- a/drivers/crypto/caam/blob_gen.c +++ b/drivers/crypto/caam/blob_gen.c @@ -8,6 +8,8 @@ #define pr_fmt(fmt) "caam blob_gen: " fmt =20 #include +#include +#include #include =20 #include "compat.h" @@ -32,6 +34,9 @@ =20 struct caam_blob_priv { struct device jrdev; + /* Flags: whether generated trusted key, is ECB or CCM encrypted.*/ + uint8_t hbk_flags; + uint8_t rsv[3]; }; =20 struct caam_blob_job_result { @@ -78,8 +83,13 @@ int caam_encap_blob(struct caam_blob_priv *priv, dma_addr_t dma_in, dma_out; int op =3D OP_PCLID_BLOB; size_t output_len; + dma_addr_t dma_blk; u32 *desc; int ret; + int hwbk_caam_ovhd =3D 0; + + if (info->output_len < info->input_len + CAAM_BLOB_OVERHEAD) + return -EINVAL; =20 if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) return -EINVAL; @@ -87,6 +97,21 @@ int caam_encap_blob(struct caam_blob_priv *priv, op |=3D OP_TYPE_ENCAP_PROTOCOL; output_len =3D info->input_len + CAAM_BLOB_OVERHEAD; =20 + if (info->is_hw_bound =3D=3D 1) { + op |=3D OP_PCL_BLOB_BLACK; + if (priv->hbk_flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) { + op |=3D OP_PCL_BLOB_EKT; + hwbk_caam_ovhd =3D CCM_OVERHEAD; + } + + if ((info->input_len + hwbk_caam_ovhd) > MAX_KEY_SIZE) + return -EINVAL; + + set_hbk_info(info->hbk_info, + priv->hbk_flags, + info->input_len); + } + desc =3D kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); if (!desc) return -ENOMEM; @@ -99,12 +124,26 @@ int caam_encap_blob(struct caam_blob_priv *priv, goto out_free; } =20 + if (info->is_hw_bound =3D=3D 1) { + dma_blk =3D dma_map_single(jrdev, info->input, + info->input_len + hwbk_caam_ovhd, + DMA_FROM_DEVICE); + if (dma_mapping_error(jrdev, dma_out)) { + dev_err(jrdev, "unable to map output DMA buffer\n"); + ret =3D -ENOMEM; + goto out_unmap_in; + } + } + dma_out =3D dma_map_single(jrdev, info->output, output_len, DMA_FROM_DEVICE); if (dma_mapping_error(jrdev, dma_out)) { dev_err(jrdev, "unable to map output DMA buffer\n"); ret =3D -ENOMEM; - goto out_unmap_in; + if (info->is_hw_bound =3D=3D 1) + goto out_unmap_blk; + else + goto out_unmap_in; } =20 /* @@ -116,15 +155,40 @@ int caam_encap_blob(struct caam_blob_priv *priv, */ =20 init_job_desc(desc, 0); + + if (info->is_hw_bound =3D=3D 1) { + /*!1. key command used to load class 1 key register + * from input plain key. + */ + append_key(desc, dma_in, info->input_len, + CLASS_1 | KEY_DEST_CLASS_REG); + + /*!2. Fifostore to store black key from class 1 key register. */ + append_fifo_store(desc, dma_blk, info->input_len, + LDST_CLASS_1_CCB | FIFOST_TYPE_KEY_CCM_JKEK); + + append_jump(desc, JUMP_COND_NOP | 1); + } + /*!3. Load class 2 key with key modifier. */ append_key_as_imm(desc, info->key_mod, info->key_mod_len, info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG); - append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); + + /*!4. SEQ IN PTR Command. */ + if (info->is_hw_bound =3D=3D 1) { + append_seq_in_ptr_intlen(desc, dma_blk, info->input_len, 0); + } else { + append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); + } + + /*!5. SEQ OUT PTR Command. */ append_seq_out_ptr_intlen(desc, dma_out, output_len, 0); + + /*!6. BlackBlob encapsulation PROTOCOL Command. */ append_operation(desc, op); =20 print_hex_dump_debug("data@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 1, info->input, - info->input_len, false); + info->input_len + hwbk_caam_ovhd, false); print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 1, desc, desc_bytes(desc), false); @@ -140,11 +204,15 @@ int caam_encap_blob(struct caam_blob_priv *priv, DUMP_PREFIX_ADDRESS, 16, 1, info->output, output_len, false); } - - if (ret =3D=3D 0) + if (ret =3D=3D 0) { + info->input_len +=3D hwbk_caam_ovhd; info->output_len =3D output_len; - + } dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE); +out_unmap_blk: + if (info->is_hw_bound =3D=3D 1) { + dma_unmap_single(jrdev, dma_blk, info->input_len, DMA_TO_DEVICE); + } out_unmap_in: dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE); out_free: @@ -170,15 +238,35 @@ int caam_decap_blob(struct caam_blob_priv *priv, struct device *jrdev =3D &priv->jrdev; dma_addr_t dma_in, dma_out; int op =3D OP_PCLID_BLOB; - size_t output_len; u32 *desc; int ret; + int hwbk_caam_ovhd =3D 0; + + if (info->input_len < CAAM_BLOB_OVERHEAD) + return -EINVAL; =20 if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) return -EINVAL; =20 op |=3D OP_TYPE_DECAP_PROTOCOL; - output_len =3D info->input_len - CAAM_BLOB_OVERHEAD; + info->output_len =3D info->input_len - CAAM_BLOB_OVERHEAD; + + if (info->is_hw_bound =3D=3D 1) { + op |=3D OP_PCL_BLOB_BLACK; + if (priv->hbk_flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) { + op |=3D OP_PCL_BLOB_EKT; + hwbk_caam_ovhd =3D CCM_OVERHEAD; + } + + if ((info->output_len + hwbk_caam_ovhd) > MAX_KEY_SIZE) + return -EINVAL; + + set_hbk_info(info->hbk_info, + priv->hbk_flags, + info->output_len); + + info->output_len +=3D hwbk_caam_ovhd; + } =20 desc =3D kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA); if (!desc) @@ -192,7 +280,7 @@ int caam_decap_blob(struct caam_blob_priv *priv, goto out_free; } =20 - dma_out =3D dma_map_single(jrdev, info->output, output_len, + dma_out =3D dma_map_single(jrdev, info->output, info->output_len, DMA_FROM_DEVICE); if (dma_mapping_error(jrdev, dma_out)) { dev_err(jrdev, "unable to map output DMA buffer\n"); @@ -211,8 +299,8 @@ int caam_decap_blob(struct caam_blob_priv *priv, init_job_desc(desc, 0); append_key_as_imm(desc, info->key_mod, info->key_mod_len, info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG); - append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0); - append_seq_out_ptr_intlen(desc, dma_out, output_len, 0); + append_seq_in_ptr(desc, dma_in, info->input_len, 0); + append_seq_out_ptr(desc, dma_out, info->output_len, 0); append_operation(desc, op); =20 print_hex_dump_debug("data@"__stringify(__LINE__)": ", @@ -231,13 +319,10 @@ int caam_decap_blob(struct caam_blob_priv *priv, ret =3D testres.err; print_hex_dump_debug("output@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 1, info->output, - output_len, false); + info->output_len, false); } =20 - if (ret =3D=3D 0) - info->output_len =3D output_len; - - dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE); + dma_unmap_single(jrdev, dma_out, info->output_len, DMA_FROM_DEVICE); out_unmap_in: dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE); out_free: @@ -251,6 +336,7 @@ struct caam_blob_priv *caam_blob_gen_init(void) { struct caam_drv_private *ctrlpriv; struct device *jrdev; + struct caam_blob_priv *blob_priv; =20 /* * caam_blob_gen_init() may expectedly fail with -ENODEV, e.g. when @@ -271,7 +357,10 @@ struct caam_blob_priv *caam_blob_gen_init(void) return ERR_PTR(-ENODEV); } =20 - return container_of(jrdev, struct caam_blob_priv, jrdev); + blob_priv =3D container_of(jrdev, struct caam_blob_priv, jrdev); + blob_priv->hbk_flags =3D HWBK_FLAGS_CAAM_CCM_ALGO_MASK; + + return blob_priv; } EXPORT_SYMBOL(caam_blob_gen_init); =20 diff --git a/drivers/crypto/caam/desc.h b/drivers/crypto/caam/desc.h index e13470901586..41b2d0226bdf 100644 --- a/drivers/crypto/caam/desc.h +++ b/drivers/crypto/caam/desc.h @@ -4,7 +4,7 @@ * Definitions to support CAAM descriptor instruction generation * * Copyright 2008-2011 Freescale Semiconductor, Inc. - * Copyright 2018 NXP + * Copyright 2018-2022 NXP */ =20 #ifndef DESC_H @@ -403,6 +403,7 @@ #define FIFOST_TYPE_PKHA_N (0x08 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_PKHA_A (0x0c << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_PKHA_B (0x0d << FIFOST_TYPE_SHIFT) +#define FIFOST_TYPE_KEY_CCM_JKEK (0x14 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_AF_SBOX_JKEK (0x20 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_AF_SBOX_TKEK (0x21 << FIFOST_TYPE_SHIFT) #define FIFOST_TYPE_PKHA_E_JKEK (0x22 << FIFOST_TYPE_SHIFT) @@ -1001,6 +1002,11 @@ #define OP_PCL_TLS12_AES_256_CBC_SHA384 0xff63 #define OP_PCL_TLS12_AES_256_CBC_SHA512 0xff65 =20 +/* Blob protocol protinfo bits */ + +#define OP_PCL_BLOB_BLACK 0x0004 +#define OP_PCL_BLOB_EKT 0x0100 + /* For DTLS - OP_PCLID_DTLS */ =20 #define OP_PCL_DTLS_AES_128_CBC_SHA 0x002f diff --git a/include/soc/fsl/caam-blob.h b/include/soc/fsl/caam-blob.h index de507e2a9555..8d9f6b209418 100644 --- a/include/soc/fsl/caam-blob.h +++ b/include/soc/fsl/caam-blob.h @@ -9,7 +9,19 @@ =20 #include #include +#include =20 +#define HWBK_FLAGS_CAAM_CCM_ALGO_MASK 0x01 + +/* + * CCM-Black Key will always be at least 12 bytes longer, + * since the encapsulation uses a 6-byte nonce and adds + * a 6-byte ICV. But first, the key is padded as necessary so + * that CCM-Black Key is a multiple of 8 bytes long. + */ +#define NONCE_SIZE 6 +#define ICV_SIZE 6 +#define CCM_OVERHEAD (NONCE_SIZE + ICV_SIZE) #define CAAM_BLOB_KEYMOD_LENGTH 16 #define CAAM_BLOB_OVERHEAD (32 + 16) #define CAAM_BLOB_MAX_LEN 4096 @@ -35,6 +47,9 @@ struct caam_blob_info { =20 const void *key_mod; size_t key_mod_len; + + const char is_hw_bound; + struct hw_bound_key_info *hbk_info; }; =20 /** diff --git a/security/keys/trusted-keys/trusted_caam.c b/security/keys/trus= ted-keys/trusted_caam.c index e3415c520c0a..60e50bed7014 100644 --- a/security/keys/trusted-keys/trusted_caam.c +++ b/security/keys/trusted-keys/trusted_caam.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2021 Pengutronix, Ahmad Fatoum + * Copyright 2022 NXP, Pankaj Gupta */ =20 #include @@ -23,6 +24,7 @@ static int trusted_caam_seal(struct trusted_key_payload *= p, char *datablob) .input =3D p->key, .input_len =3D p->key_len, .output =3D p->blob, .output_len =3D MAX_BLOB_SIZE, .key_mod =3D KEYMOD, .key_mod_len =3D sizeof(KEYMOD) - 1, + .is_hw_bound =3D p->is_hw_bound, .hbk_info =3D &p->hbk_info, }; =20 ret =3D caam_encap_blob(blobifier, &info); @@ -30,6 +32,10 @@ static int trusted_caam_seal(struct trusted_key_payload = *p, char *datablob) return ret; =20 p->blob_len =3D info.output_len; + + if (p->is_hw_bound) + p->key_len =3D info.input_len; + return 0; } =20 @@ -40,6 +46,7 @@ static int trusted_caam_unseal(struct trusted_key_payload= *p, char *datablob) .input =3D p->blob, .input_len =3D p->blob_len, .output =3D p->key, .output_len =3D MAX_KEY_SIZE, .key_mod =3D KEYMOD, .key_mod_len =3D sizeof(KEYMOD) - 1, + .is_hw_bound =3D p->is_hw_bound, .hbk_info =3D &p->hbk_info, }; =20 ret =3D caam_decap_blob(blobifier, &info); @@ -47,6 +54,7 @@ static int trusted_caam_unseal(struct trusted_key_payload= *p, char *datablob) return ret; =20 p->key_len =3D info.output_len; + return 0; } =20 --=20 2.17.1 From nobody Tue Dec 16 10:48:59 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E147C433FE for ; Thu, 6 Oct 2022 12:04:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231338AbiJFMEm (ORCPT ); Thu, 6 Oct 2022 08:04:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231348AbiJFMDy (ORCPT ); Thu, 6 Oct 2022 08:03:54 -0400 Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10045.outbound.protection.outlook.com [40.107.1.45]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 905579E0C7; Thu, 6 Oct 2022 05:03:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lPlBng2WZQqxefJhRJz7+QItTSBG/KcowWtMd2Y7hy68R5nnXc7zMqiThGuDq3Iw3FEmEPj6FMRnz5T370WeqWMM8TCGA+EOTq7wh8Rtp2MSjOtj5yiMrvZrgJsZgn/YQswxg9WdQJO51wm5GyX3XIaXpSAk5inHhADoadgv/B4wXNNhrG4wdQ8fG7dJ49JDEaTYyHc5q0R/flJgMpW7ZlfOV7ftfvVkMGZUyAXp2MY5lVompfqMN5q+sVHJ7J+RVrNVeay4T5FOYLc9IF/JDgrSmbV8jFZnNiOdb1jBooWEdbSjXS2UIP/0H6xoOLdmHMyRgSB/9s8Jckwg4RISvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=abrzySLGYv1kAIE1YJdlACStwhE+6xZ7E9VIa8YEbC8=; b=G/8DoJAtpfIi8KJ3noO3PaW8WrPZpQ5lxa1wqbu+3f5zvk5etcJUGnwyPgr+cCEjP1numjd8GM0an6FA1S2yXWjBFsU/N7L2VjbhbPsvDGBF3DMa91IAGvV7VB6aeL14/yupbg9UTkRKW68Pj8m+WHmMWZvJtvtdXYTHtZuKJXg3Gk51A/8HS6hy9O+bVEea24Ww7ZcB/12eOG++y6QRD0LYhoryYgBoiJY6AtaqPV11Vnq460Enm3GJBpcVqHakwzxLK84tZkFoLbHz2PhS/zxEFKpP6waULHTtkZoIWQB5oFG5Hu9gVYQ6hukYwVcJBXYVcgO/f+ffs32v4hcwvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=abrzySLGYv1kAIE1YJdlACStwhE+6xZ7E9VIa8YEbC8=; b=JZSow/LJjur7oaTNvM+OZGPawRAA3G5zsbYZvFWaifT6jnHM1tRG5JRLQ5xnjehSzIbh8fRON46e9k6GAFAAjfDb61FL3F2hdkwUF+8hDzFbzXaEjW74DcRI3OwJ18PXY6Wn9Nz4spexfkDTXUFXGuuqfrqex6kb5jzRYBgSWrI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AS8PR04MB8245.eurprd04.prod.outlook.com (2603:10a6:20b:3f9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.32; Thu, 6 Oct 2022 12:03:40 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:39 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 7/8] caam alg: symmetric key ciphers are updated Date: Thu, 6 Oct 2022 18:38:36 +0530 Message-Id: <20221006130837.17587-8-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AS8PR04MB8245:EE_ X-MS-Office365-Filtering-Correlation-Id: fe2ed52f-0116-4106-9f75-08daa792ce6d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +ubATF1gL5PHsp/korj2YvIDmsY5Hms97jtYrq2XvYuuoeUdsC4M0BsI6GdU8QRHKYD1hs92iP36J6P/j0dcJ6x+FyJ1ksNrHbA8DwM2MEp+xtqJ85bQzwxIqFZ9M3dInyRzMPLSGeC79X0tzsIttMCUnlVP4jvb+5r0JRb2oZShWQ4fdc7KOSzdAttFFEDXgYBYIK9GiMNyxOzYcg+JrzUFbf8NJmlgcA+iYdnhHaTkwg7l2jS++a0G3SUI/hG3xNFvfMnJBqeHMsqKLltgQm9eko0Uyyevol1cTpOJYCnJgccrANpt8GqCwXozoSD5mP91EES8kbsCvnSxzzbWzBzgdk5GqPkckeK/ANCzwMVQsFt1jInewRtKCRIesY5GpDWzjiiVbrjLHZ0OuIFTbcKOcTwNu4LUM18FbpDhEsqPiG9iqt8vJMmaAMeD8RSNa2Dhx3Gf5fMLfVnf4Z9fBkGV3optlKy6MT7ufWI1VfZhle46E6WBDk0FPhTai4B9GDZ/TBVXTgY8TWwSxvlx6YySS7bTLeVlKbcUK6RrrkNVhMkZ5p+WnxuHu26iHB8/5Kj6OQRfm9CHJKO1Nh/YlwzK6UMQPLV58xn+8Em4FUmv4T2Xv38l1q1VkOSHFB6Tsp7VbYc/a83TRzqlti0qVVh9/OZO26aAcYkFgUjZkLoblGH99UvzQE3NQAQmCBLjbh8hSNjBsGwDLrbsmbHtpVoD6wGv0SuG2lU1WWQ/Q6LPqNnssp3bvKTgfmJKCgwSNIq33hWGyM2HIf4U+Z2aLTIEm2T6bSkFD0yI5Yw6Kj8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(39860400002)(136003)(346002)(366004)(396003)(451199015)(2616005)(186003)(83380400001)(1076003)(38100700002)(7416002)(38350700002)(921005)(5660300002)(44832011)(2906002)(8936002)(6666004)(6506007)(52116002)(6486002)(6512007)(41300700001)(478600001)(26005)(6636002)(8676002)(66476007)(66946007)(4326008)(66556008)(316002)(36756003)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?73J6pQy6xdyu35ICGhE9hKqvuA2x1ai2TxRtGivZzeK85xQ4ZwtrDWc0LNRa?= =?us-ascii?Q?K/i09E4/7jJBt58g3DfCZkgfae85Coc+Mf7XP3Y4+ovvm/2JUfZiyzZ3bvyL?= =?us-ascii?Q?Rw/sE+LHwJWWAw5obn3sMl0ZqjADfNKgJyzCDU6Nqlj1VPrGvRxPBytX1IJy?= =?us-ascii?Q?pPKgcd/OE9mimP7pwB5T3dWYYmPegk22IkuiCTAaPoU8rZ1LPLmUdZHAyi+8?= =?us-ascii?Q?9QukmvF39LhV5//1BpbFBB4S4v5Kvsq1Qr44ebaycXEE/7psPYwC5wLQUBGX?= =?us-ascii?Q?CSV7RKCXYDjVP10AgFadpCj0yiPvIFzRDnvm52fhvA2Xp0plmmpuncHQtnAM?= =?us-ascii?Q?24Kf78kVhEzIAhITzgGrV5KhEBaLGnEd6ceWZMhuLr3g13xQvdXSs2WHIxH3?= =?us-ascii?Q?Zd9C3/kOD7oNWu8mcAMZOMMUpsM+Y38+/JVamBNrljjUXRmV562uokhR2ahZ?= =?us-ascii?Q?bgIcmBZYLgt73u4ACbypHgvKd1nNAhpmwkFSuyF26A3lrCNpdrrgi4AXCAT/?= =?us-ascii?Q?xG3ZBhxcNKGbDF9yJR/uG1wL0nw/ifl1JZqkgN2t5/y/e8pCdUV0FDSc+e3z?= =?us-ascii?Q?BPgsltmkdsfnXScvSaFhQVh7w25w7O8LjYLOXttWSxwAoQwdC80WjbGKG+db?= =?us-ascii?Q?qXgPTdjCoTkRgYAZ3Y7T788KItGWUaijHmjz6evAM6r5xiTYnQtC3tMnDdUh?= =?us-ascii?Q?21ZiGynyqZEEBOgoGrdiGwjEmfDcKhH+deWJDnKYRu78ch/sydkNFpFCSwiq?= =?us-ascii?Q?w13ystg+/JFSNjR662mzmuegN0YFgpEUJ6VaPvNh/Ko9vPmCOn3x9zXP6UYE?= =?us-ascii?Q?GYoF7d1kdLAlDs4sthkL7iRj1mZm5pLuulpDh56cjBjHjwJL1FamNEHP23yh?= =?us-ascii?Q?m1XDmoEmrejElndVM0/Sd7Qa09vFWPJnqrviwer/Y6HMYuccTREqP5fokaRx?= =?us-ascii?Q?ivCAyUZpkkOpsNR/f+CwnGUY+1FsgJ9ESYx1FIcKiKZ2wSDAy3ywTrYNgfc0?= =?us-ascii?Q?+U/ceRGKOhmdF6pZPHlr56TTvPFcANaB5pvgXJPQ2vR/d3KAbpnsxzmcQxFO?= =?us-ascii?Q?+ySh6C6Zu8sQ+JssB4OB4hBDj6GLqaLR9WVhR3NsbfcmVVkpZN0ppSU5W63T?= =?us-ascii?Q?dXOPmtjcjoSaOIdZkEvSg38wRT3wzjwDZq+MGwPsr3naJljUFEdpKloTrnes?= =?us-ascii?Q?JFkqLiIAfpufX01vDXvAxLff5A7dtV/mPZNHpyTBpW2S30KtH71iq4Wv1kEW?= =?us-ascii?Q?lb2dGBqwBJdR3SMmqMa053niGkvoTg9f9jAkoLXo8hyIr6//SoGdQwXNfOw4?= =?us-ascii?Q?egVxE6gl0Tiv30/auPAFfeimKHPmVLfUYw4b36L5Ek9FuhKcFAKrdXbMOpYa?= =?us-ascii?Q?wC2d8a5tOVikqxo9soqhTB1ktwcw3iSN+Vdh8BstJXpY5w/3N5yxsCBSJyff?= =?us-ascii?Q?aCrnfiCurm+5Kjpnjv1eHI757hA+XdEZ0VU5P0CFzmD5JpODjQBVm89DOQ3y?= =?us-ascii?Q?ZEamoQOdafjRovS5erK5lxvAh37GymZd1UFKzpu2pL3EkBV1FzHCd/zlbA5K?= =?us-ascii?Q?44+sjI0eNJEI2INkUTqAHOiDTERsSarLFumeUHTE?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: fe2ed52f-0116-4106-9f75-08daa792ce6d X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:39.9044 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: E9sa35q6M57VoYirpEfE65TXhQdgOFyx1xU8dUyM/afG5SkPFsBv3TrGE3cDuHlG9fe/aXKMhxSnuC5zKsTBKQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8245 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Changes to enable: - To work both with black key and plain key. - It is supported in context of trusted key only. - as meta-data is added as part of trusted key generation. - otherwise, work as previously. Signed-off-by: Pankaj Gupta --- drivers/crypto/caam/caamalg.c | 43 ++++++++++++++++++++++++++++-- drivers/crypto/caam/caamalg_desc.c | 8 +++--- drivers/crypto/caam/desc_constr.h | 6 ++++- 3 files changed, 51 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index d3d8bb0a6990..94e971297a9d 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -3,7 +3,7 @@ * caam - Freescale FSL CAAM support for crypto API * * Copyright 2008-2011 Freescale Semiconductor, Inc. - * Copyright 2016-2019 NXP + * Copyright 2016-2022 NXP * * Based on talitos crypto API driver. * @@ -59,6 +59,8 @@ #include #include #include +#include +#include =20 /* * crypto alg @@ -741,9 +743,25 @@ static int skcipher_setkey(struct crypto_skcipher *skc= ipher, const u8 *key, print_hex_dump_debug("key in @"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); =20 + /* Here keylen is actual key length */ ctx->cdata.keylen =3D keylen; ctx->cdata.key_virt =3D key; ctx->cdata.key_inline =3D true; + /* Here real key len is plain key length */ + ctx->cdata.key_real_len =3D keylen; + ctx->cdata.key_cmd_opt =3D 0; + + /* check if the key is HBK */ + if (skcipher->base.is_hbk) { + ctx->cdata.key_cmd_opt |=3D KEY_ENC; + + /* check if the HBK is CCM key */ + if (skcipher->base.hbk_info.flags + & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) + ctx->cdata.key_cmd_opt |=3D KEY_EKT; + + ctx->cdata.key_real_len =3D skcipher->base.hbk_info.key_sz; + } =20 /* skcipher_encrypt shared descriptor */ desc =3D ctx->sh_desc_enc; @@ -762,12 +780,33 @@ static int skcipher_setkey(struct crypto_skcipher *sk= cipher, const u8 *key, return 0; } =20 +static int caam_hbk_check_keylen(struct hw_bound_key_info *hbk_info, + unsigned int keylen) +{ + u32 overhead =3D 0; + + if (hbk_info->flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK) + overhead +=3D CCM_OVERHEAD; + + /* deduce the hb_key_len, by adding plain-key len + * and encryption overhead. + */ + if (keylen !=3D (hbk_info->key_sz + overhead)) + return -EINVAL; + + return aes_check_keylen(hbk_info->key_sz); +} + static int aes_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, unsigned int keylen) { int err; =20 - err =3D aes_check_keylen(keylen); + if (skcipher->base.is_hbk) + err =3D caam_hbk_check_keylen(&(skcipher->base.hbk_info), keylen); + else + err =3D aes_check_keylen(keylen); + if (err) return err; =20 diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caama= lg_desc.c index 7571e1ac913b..784acae8c9b7 100644 --- a/drivers/crypto/caam/caamalg_desc.c +++ b/drivers/crypto/caam/caamalg_desc.c @@ -2,7 +2,7 @@ /* * Shared descriptors for aead, skcipher algorithms * - * Copyright 2016-2019 NXP + * Copyright 2016-2022 NXP */ =20 #include "compat.h" @@ -1391,7 +1391,8 @@ void cnstr_shdsc_skcipher_encap(u32 * const desc, str= uct alginfo *cdata, =20 /* Load class1 key only */ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, - cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG + | cdata->key_cmd_opt); =20 /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { @@ -1466,7 +1467,8 @@ void cnstr_shdsc_skcipher_decap(u32 * const desc, str= uct alginfo *cdata, =20 /* Load class1 key only */ append_key_as_imm(desc, cdata->key_virt, cdata->keylen, - cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG + | cdata->key_cmd_opt); =20 /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { diff --git a/drivers/crypto/caam/desc_constr.h b/drivers/crypto/caam/desc_c= onstr.h index 62ce6421bb3f..d652bdbf3f91 100644 --- a/drivers/crypto/caam/desc_constr.h +++ b/drivers/crypto/caam/desc_constr.h @@ -3,7 +3,7 @@ * caam descriptor construction helper functions * * Copyright 2008-2012 Freescale Semiconductor, Inc. - * Copyright 2019 NXP + * Copyright 2019-2022 NXP */ =20 #ifndef DESC_CONSTR_H @@ -500,6 +500,8 @@ do { \ * @key_virt: virtual address where algorithm key resides * @key_inline: true - key can be inlined in the descriptor; false - key is * referenced by the descriptor + * @key_real_len: size of the key to be loaded by the CAAM + * @key_cmd_opt: optional parameters for KEY command */ struct alginfo { u32 algtype; @@ -508,6 +510,8 @@ struct alginfo { dma_addr_t key_dma; const void *key_virt; bool key_inline; + u32 key_real_len; + u32 key_cmd_opt; }; =20 /** --=20 2.17.1 From nobody Tue Dec 16 10:48:59 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88564C433F5 for ; Thu, 6 Oct 2022 12:05:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231418AbiJFMFT (ORCPT ); Thu, 6 Oct 2022 08:05:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230225AbiJFMD6 (ORCPT ); Thu, 6 Oct 2022 08:03:58 -0400 Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10049.outbound.protection.outlook.com [40.107.1.49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 158E49DFA8; Thu, 6 Oct 2022 05:03:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bIKhDFcdjxbYcM4HZCg9yRUru0yqJdZkHLAc4QASjnBbeB5dJ+Dip4n8oMDkSEWLdEhVXch0hHwLDvwBUOzLWDiQzyjrjByItTxjoV4eOedK71rOp2E6LHRMjlJz5zHRFJ+X9frg7yVO6gIe4HoWrlx1I6NmnVBci5yuvYA3vitoL0rwgXxrT6Q7XW5cLe9RbiKPH6e73w3cylVXBiYwdbmlS+JCGW2xIpgWvAo52/b7eHQXWsKRYYA3BELUCKrYzLAuJKlp7w2AlS3hYJnSqyu93+hQZHP8sUoTy40mfL93BjsSgYhaUqBBUqLrA0NJ+XhmdFrP2OJww2Ef+cv9EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zJHKE1DoG8ShMStm76AC3w1I6ls2KmauOqjww3i9/Iw=; b=RWoFi0U0uNApGhCHkaYFmsqOm1I1CA3M87k9u6KbaHdsca66j6XZ94KMVDZmEF70AoYkPZiZsYJ/kCiHjs4vLK0gh0r983zzAtZk9X2tkwA6Eeh0oZ/WEspaNMoAp4d610fw3PQ6+ayHmChTGUz3BOl22s9+s1/N8OcLFY0x+y/pxupHmbwpfST4XTf3AtQXAqAh8OJJi3/xfDsRnG3P+WflQAq+0GW2k4c1FMHThy3SaFDLjJxbFGn8Hwkgy08FDZh3o9XbvOUKDgxxdzx9nLBbetroV7GDZZSbAwPxaMSeY8YUSvULqt4xpSaM555kPLPZ7ITeqNq6NEuLFBEbVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zJHKE1DoG8ShMStm76AC3w1I6ls2KmauOqjww3i9/Iw=; b=E2NtCIQr+xLH/u1e4l9FfoO+kgtZGaadDhnJ0SOX5pzyYL46AawYhdFe/HJPFCNZamRhcIcfuIlEKCm1PF50S58y9kvt2B2xpwcrWJiSjKK0i2krEO4EVkrRo8Cc2hNJPBNPxG8Xp636N3Kq+kdRExSIVL2R8jIX+KU1FHKjmG8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) by AS8PR04MB8245.eurprd04.prod.outlook.com (2603:10a6:20b:3f9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.32; Thu, 6 Oct 2022 12:03:47 +0000 Received: from DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea]) by DU2PR04MB8630.eurprd04.prod.outlook.com ([fe80::d551:6af4:bca4:88ea%7]) with mapi id 15.20.5676.032; Thu, 6 Oct 2022 12:03:47 +0000 From: Pankaj Gupta To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com, Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at, michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org, serge@hallyn.com, herbert@gondor.apana.org.au, davem@davemloft.net, j.luebbe@pengutronix.de, ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com, kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com Cc: Pankaj Gupta Subject: [PATCH v0 8/8] dm-crypt: consumer-app setting the flag-is_hbk Date: Thu, 6 Oct 2022 18:38:37 +0530 Message-Id: <20221006130837.17587-9-pankaj.gupta@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com> References: <20221006130837.17587-1-pankaj.gupta@nxp.com> X-ClientProxiedBy: SI1PR02CA0011.apcprd02.prod.outlook.com (2603:1096:4:1f7::19) To DU2PR04MB8630.eurprd04.prod.outlook.com (2603:10a6:10:2dd::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8630:EE_|AS8PR04MB8245:EE_ X-MS-Office365-Filtering-Correlation-Id: 85020fc1-a3f5-41d3-4e90-08daa792d30e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: E1LcyNylw7fekofHUsQbu62g2DZE0H1l5k6FZtNAKWoEh3Jb5BWerTPgalhPIyTe2iLMuiGy3z39rHl9estqjbfXC+F+eLahPZQWswMaob8F3LPKiGtOTA2asDke26wzNl30h9tQi7ObshxVkCbuGOlmYxyMpcgHnasXPRnngI+6+ICj7W+KIMT6nEBHBDvrgyPfVsTpqi/BmVinJ5w+PHN358/likvqyxay72RE7D/L8y3yAn/dlMqPO4CSYEtp96sYKG+yQiIh1tXGB8roUB4wRnrwsSgpJcCW7RwGAKsw13jQDhB01iOsKaaGmlnSR4mN0mNy540VHVYCV6jfDw8iPXnmBga+3iUwgQ5FzBfEZZ1ZqRqgz3NZEo46S6+/3wg8w8Q3fwnVELeJte4Ljf5HIFmL+nBZgZFBAtQ4NyMTeGI0FxLhczWuwQ3ERVlAmKjUuu6IMIcEQGiUXNeoBr67wsfgdpQqe/plA+jNQOkQ/aFabdlJmIEcDtQuHFdY8SGwtbwmZgeWtiFmGc25uGkT0o5yRsEA3DdVDX4hJJ6e6cxmShwoXXrcbFpwCGJwu8xIvMDxMiadGxH18w5uy4y5rkGzMngjN2i52KKjxyohpkpC8yZBA7D6472PKOHxTQ23NqAK1TDvpMCbNQ03hAY0dPq3sBDY2B/H2uZXu0Y2j15LqkW4jS6UcV8UymdW0I8BSyDHoJOBCwoFZhHYYH9pxJuij8X9j5JQSEiRgE1EIOo/cA1RyOVsSdbt065hrpSgHxK5YrnCd6cz4+/rA1FCbDjYUNJleQ3VDHy576spofbknHyw/KAizQHikPPs X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8630.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(39860400002)(136003)(346002)(366004)(396003)(451199015)(2616005)(186003)(83380400001)(1076003)(38100700002)(7416002)(38350700002)(921005)(5660300002)(44832011)(2906002)(8936002)(6666004)(6506007)(52116002)(6486002)(6512007)(41300700001)(478600001)(26005)(6636002)(8676002)(66476007)(66946007)(4326008)(66556008)(316002)(36756003)(86362001)(21314003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?cK3A61X15SvmEobr+R+H8VQcxWdjJaV0MYfdMmfF7nua+5B4tpfAcPKAPDza?= =?us-ascii?Q?pfv+VxXF7LVwlWTXK17sdx/GxbE9/9LMo91ntnH8Yc4rxndsuV1ryhqe4wVB?= =?us-ascii?Q?Na/igHz2YW1Q+QStKLbRpcctY/UJUft/x32521w+hKgZriZwRI/IuM0CPu90?= =?us-ascii?Q?wLLF83mQHs5wNDofik0c9ViLhXh9/sppxTopEJP+RPf0pFrmPwB1v0pwz5uG?= =?us-ascii?Q?dQ7zIUb5u7rCKLDAi2qwfjeku9PuCVqC728Db6BgWl/1DaOO3HwFpJa5IJOJ?= =?us-ascii?Q?oUAUaX5Q91z6ERLkNsM6VSQ16zK1BchsTJE7k2erTWMt2O4XsGCnBz/n1njm?= =?us-ascii?Q?LBGmosn3HLLbkIW+DF8eFw+PdEH1CWsKu9R96MYXsQqQwqX/ZfXX9zLCDDo1?= =?us-ascii?Q?janvK4MRkW7GRdXL58w2oBBLKOHo43Df4nLautxyQ2Dpc0s8irWscmi3p+pP?= =?us-ascii?Q?ybH49Sw2q+zrYQjsbDvyRdrwsBo7OW3O26dLlFTcRoOIHHB8n0WA6st+BQ2z?= =?us-ascii?Q?ggS3BN+laPUu+bqZZUu2Z+B7gBKRwek9au1Jo0EE8/hbEqHeQcUUIUqoJ0OT?= =?us-ascii?Q?P88pizX+jApmUh7DkuxpzVcHTAZ4v1QGk1HMP2+O1Uy3RxluYJiYIkMp+1Y8?= =?us-ascii?Q?5YyPovZ6SWYOzgjnD0JpBlcwYZbk7mltnC4Cf3Aa1+0Xi7uplTQtwi82ouV5?= =?us-ascii?Q?At/F7nwzS0YZqmhe9UI7h80TLltvLkQARmIYdyZ+GmSCGBp3Q6nV6wEOugKv?= =?us-ascii?Q?RXcXbKSnTAKVm+dd5RP22HmZ+ek/kEeku5E9C0KaKxQcLHmsAunLw0n6gd6g?= =?us-ascii?Q?eVwUVHuDjYS2DH3O4oca/+VHOXr+iXwSFqscFRiRAhIjLI4JZhOKs8PJtISZ?= =?us-ascii?Q?POQsGiUWOjMpj9gMBoUZ0u+6a2xDz8IjO3mOp9tmAHjkT4jaeWProUcRQ5wz?= =?us-ascii?Q?mFI6k5lt4eUbLQkgLVKmsqYQdKf8IHlemqz9zSzbWPA+lx3qOVg1FIg5ReoU?= =?us-ascii?Q?3TBSa1UhQ9RdrpeRilRG62WYVcwNdV9PHrjjZMRCoBe91YNLAkNFWxGEzCE7?= =?us-ascii?Q?eZXPGu2wn4xF0lUKiJh9fTVIFXwPjt4SwsvS62uSxFo2/hMM2y7N/19hq10r?= =?us-ascii?Q?PhNfxlGvxEbfjCBNriKoUOCFVW6mSX1mmVduS5PWZRsY6TvVOHHo1nlIiD+j?= =?us-ascii?Q?dTC1w3ovFHsmc7pCL/NJvd+6s5zuM0bFsEMLEX9GDmrffmRdLzNiH4yfz6v2?= =?us-ascii?Q?vlGVfE6f5OcxAydGMd901pi3KQ4qGLkqsgp1ENFdn5kKVQnD1uV5sjKMgyNZ?= =?us-ascii?Q?VTgttCksqNanaqbi24ToIWBVgYxH6avHHUlQ1RYuqbD5Df7vHqhUhbxAfOBJ?= =?us-ascii?Q?KMuqTNwcWchZPurEBBRi6W0stZXnWqQBl0jH8fm4LsgCPHCzQOP3R9ByGsmF?= =?us-ascii?Q?AfJxwj6Wr6DUvGBUgFfCIju5jeViYIZ3RXoe3T7HZxANBsU+Az/RUZW2vFqh?= =?us-ascii?Q?wK7y418qUB6tqjNMO4cpxFlcxwBXp/knUBpbe3YuJExeBMrQmFJzxh6c0x+z?= =?us-ascii?Q?3Tl8yNk7HPut6Pgvg6/PSkBmdbVOta8xYboER4wA?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 85020fc1-a3f5-41d3-4e90-08daa792d30e X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8630.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Oct 2022 12:03:47.7464 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: noNZ/HZSnaYX+SLssiqhN3yULnVd9dy0eTPuDiqb/aPJDQBLJ9+vwuNeAnHC3Xfg3AdWWOIYeGAHFqXJblhgUw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8245 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Consumer application: - Adding a flag 'is_hbk', in its "struct crypto_config". - After fetching the keys, it is setting the above mentioned flag, based on the key fetched. -- Note: Supported for trusted keys only. - After allocating the tfm, and before calling crypto_xxx_setkey(), setting the: -- tfm flag 'is_hbk': cc->cipher_tfm.tfms[i]->base.is_hbk =3D cc->is_hbk; -- tfm hbk_info, if cc->is_hbk, is non-zero. Note: HBK Supported for symmetric-key ciphers only. Signed-off-by: Pankaj Gupta --- drivers/md/dm-crypt.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 159c6806c19b..d28c4af2904e 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -221,6 +221,8 @@ struct crypt_config { struct mutex bio_alloc_lock; =20 u8 *authenc_key; /* space for keys in authenc() format (if used) */ + unsigned int is_hbk; + struct hw_bound_key_info hbk_info; u8 key[]; }; =20 @@ -2397,10 +2399,16 @@ static int crypt_setkey(struct crypt_config *cc) r =3D crypto_aead_setkey(cc->cipher_tfm.tfms_aead[i], cc->key + (i * subkey_size), subkey_size); - else + else { + cc->cipher_tfm.tfms[i]->base.is_hbk =3D cc->is_hbk; + if (cc->is_hbk) + memcpy(&(cc->cipher_tfm.tfms[i]->base.hbk_info), + &(cc->hbk_info), + sizeof(struct hw_bound_key_info)); r =3D crypto_skcipher_setkey(cc->cipher_tfm.tfms[i], cc->key + (i * subkey_size), subkey_size); + } if (r) err =3D r; } @@ -2461,9 +2469,11 @@ static int set_key_trusted(struct crypt_config *cc, = struct key *key) if (!tkp) return -EKEYREVOKED; =20 + cc->is_hbk =3D tkp->is_hw_bound; if (cc->key_size !=3D tkp->key_len) return -EINVAL; =20 + memcpy(&(cc->hbk_info), &(tkp->hbk_info), sizeof(struct hw_bound_key_info= )); memcpy(cc->key, tkp->key, cc->key_size); =20 return 0; --=20 2.17.1