Add an option to enable the userspace interface for symmetric key
cipher algorithms marked as internal (CRYPTO_ALG_INTERNAL).

Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
---
 crypto/Kconfig          | 10 ++++++++++
 crypto/algif_skcipher.c |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index a779cab..2ce1877 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1392,6 +1392,16 @@ config CRYPTO_USER_API_SKCIPHER
 	  See Documentation/crypto/userspace-if.rst and
 	  https://www.chronox.de/libkcapi/html/index.html
 
+config CRYPTO_USER_API_SKCIPHER_INTERNAL
+	bool "Enable access to internal symmetric key cipher algorithms"
+	depends on CRYPTO_USER_API_SKCIPHER
+	default n
+	help
+	  Enable the userspace interface for symmetric key cipher algorithms
+	  marked as internal (CRYPTO_ALG_INTERNAL).
+
+	  Say N unless you know what you are doing.
+
 config CRYPTO_USER_API_RNG
 	tristate "RNG (random number generator) algorithms"
 	depends on NET
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 125d395..028aef7 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -342,6 +342,10 @@ static struct proto_ops algif_skcipher_ops_nokey = {
 
 static void *skcipher_bind(const char *name, u32 type, u32 mask)
 {
+#ifdef CONFIG_CRYPTO_USER_API_SKCIPHER_INTERNAL
+	type |= CRYPTO_ALG_INTERNAL;
+#endif
+
 	return crypto_alloc_skcipher(name, type, mask);
 }
 
-- 
2.7.4

On Tue, Sep 17, 2024 at 11:20:12AM +0200, Tomas Paukrt wrote:
> Add an option to enable the userspace interface for symmetric key
> cipher algorithms marked as internal (CRYPTO_ALG_INTERNAL).

Please create a new bit for this.  CRYPTO_ALG_INTERNAL is used
in a number of different scenarios and we certainly don't want
those other algorithms suddenly showing up in af_alg.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt