From: Pankaj Gupta <pankaj.gupta@nxp.com>
To: jarkko@kernel.org, a.fatoum@pengutronix.de, gilad@benyossef.com,
Jason@zx2c4.com, jejb@linux.ibm.com, zohar@linux.ibm.com,
dhowells@redhat.com, sumit.garg@linaro.org, david@sigma-star.at,
michael@walle.cc, john.ernberg@actia.se, jmorris@namei.org,
serge@hallyn.com, herbert@gondor.apana.org.au,
davem@davemloft.net, j.luebbe@pengutronix.de,
ebiggers@kernel.org, richard@nod.at, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, sahil.malhotra@nxp.com,
kshitiz.varshney@nxp.com, horia.geanta@nxp.com, V.Sethi@nxp.com
Cc: Pankaj Gupta <pankaj.gupta@nxp.com>
Subject: [PATCH v0 7/8] caam alg: symmetric key ciphers are updated
Date: Thu, 6 Oct 2022 18:38:36 +0530 [thread overview]
Message-ID: <20221006130837.17587-8-pankaj.gupta@nxp.com> (raw)
In-Reply-To: <20221006130837.17587-1-pankaj.gupta@nxp.com>
Changes to enable:
- To work both with black key and plain key.
- It is supported in context of trusted key only.
- as meta-data is added as part of trusted key generation.
- otherwise, work as previously.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
---
drivers/crypto/caam/caamalg.c | 43 ++++++++++++++++++++++++++++--
drivers/crypto/caam/caamalg_desc.c | 8 +++---
drivers/crypto/caam/desc_constr.h | 6 ++++-
3 files changed, 51 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index d3d8bb0a6990..94e971297a9d 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -3,7 +3,7 @@
* caam - Freescale FSL CAAM support for crypto API
*
* Copyright 2008-2011 Freescale Semiconductor, Inc.
- * Copyright 2016-2019 NXP
+ * Copyright 2016-2022 NXP
*
* Based on talitos crypto API driver.
*
@@ -59,6 +59,8 @@
#include <crypto/engine.h>
#include <crypto/xts.h>
#include <asm/unaligned.h>
+#include <linux/hw_bound_key.h>
+#include <soc/fsl/caam-blob.h>
/*
* crypto alg
@@ -741,9 +743,25 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
+ /* Here keylen is actual key length */
ctx->cdata.keylen = keylen;
ctx->cdata.key_virt = key;
ctx->cdata.key_inline = true;
+ /* Here real key len is plain key length */
+ ctx->cdata.key_real_len = keylen;
+ ctx->cdata.key_cmd_opt = 0;
+
+ /* check if the key is HBK */
+ if (skcipher->base.is_hbk) {
+ ctx->cdata.key_cmd_opt |= KEY_ENC;
+
+ /* check if the HBK is CCM key */
+ if (skcipher->base.hbk_info.flags
+ & HWBK_FLAGS_CAAM_CCM_ALGO_MASK)
+ ctx->cdata.key_cmd_opt |= KEY_EKT;
+
+ ctx->cdata.key_real_len = skcipher->base.hbk_info.key_sz;
+ }
/* skcipher_encrypt shared descriptor */
desc = ctx->sh_desc_enc;
@@ -762,12 +780,33 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
return 0;
}
+static int caam_hbk_check_keylen(struct hw_bound_key_info *hbk_info,
+ unsigned int keylen)
+{
+ u32 overhead = 0;
+
+ if (hbk_info->flags & HWBK_FLAGS_CAAM_CCM_ALGO_MASK)
+ overhead += CCM_OVERHEAD;
+
+ /* deduce the hb_key_len, by adding plain-key len
+ * and encryption overhead.
+ */
+ if (keylen != (hbk_info->key_sz + overhead))
+ return -EINVAL;
+
+ return aes_check_keylen(hbk_info->key_sz);
+}
+
static int aes_skcipher_setkey(struct crypto_skcipher *skcipher,
const u8 *key, unsigned int keylen)
{
int err;
- err = aes_check_keylen(keylen);
+ if (skcipher->base.is_hbk)
+ err = caam_hbk_check_keylen(&(skcipher->base.hbk_info), keylen);
+ else
+ err = aes_check_keylen(keylen);
+
if (err)
return err;
diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c
index 7571e1ac913b..784acae8c9b7 100644
--- a/drivers/crypto/caam/caamalg_desc.c
+++ b/drivers/crypto/caam/caamalg_desc.c
@@ -2,7 +2,7 @@
/*
* Shared descriptors for aead, skcipher algorithms
*
- * Copyright 2016-2019 NXP
+ * Copyright 2016-2022 NXP
*/
#include "compat.h"
@@ -1391,7 +1391,8 @@ void cnstr_shdsc_skcipher_encap(u32 * const desc, struct alginfo *cdata,
/* Load class1 key only */
append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
- cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG);
+ cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG
+ | cdata->key_cmd_opt);
/* Load nonce into CONTEXT1 reg */
if (is_rfc3686) {
@@ -1466,7 +1467,8 @@ void cnstr_shdsc_skcipher_decap(u32 * const desc, struct alginfo *cdata,
/* Load class1 key only */
append_key_as_imm(desc, cdata->key_virt, cdata->keylen,
- cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG);
+ cdata->key_real_len, CLASS_1 | KEY_DEST_CLASS_REG
+ | cdata->key_cmd_opt);
/* Load nonce into CONTEXT1 reg */
if (is_rfc3686) {
diff --git a/drivers/crypto/caam/desc_constr.h b/drivers/crypto/caam/desc_constr.h
index 62ce6421bb3f..d652bdbf3f91 100644
--- a/drivers/crypto/caam/desc_constr.h
+++ b/drivers/crypto/caam/desc_constr.h
@@ -3,7 +3,7 @@
* caam descriptor construction helper functions
*
* Copyright 2008-2012 Freescale Semiconductor, Inc.
- * Copyright 2019 NXP
+ * Copyright 2019-2022 NXP
*/
#ifndef DESC_CONSTR_H
@@ -500,6 +500,8 @@ do { \
* @key_virt: virtual address where algorithm key resides
* @key_inline: true - key can be inlined in the descriptor; false - key is
* referenced by the descriptor
+ * @key_real_len: size of the key to be loaded by the CAAM
+ * @key_cmd_opt: optional parameters for KEY command
*/
struct alginfo {
u32 algtype;
@@ -508,6 +510,8 @@ struct alginfo {
dma_addr_t key_dma;
const void *key_virt;
bool key_inline;
+ u32 key_real_len;
+ u32 key_cmd_opt;
};
/**
--
2.17.1
next prev parent reply other threads:[~2022-10-06 12:04 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-06 13:08 [PATCH v0 0/8] Hardware Bound key added to Trusted Key-Ring Pankaj Gupta
2022-10-06 13:08 ` [PATCH v0 1/8] hw-bound-key: introducing the generic structure Pankaj Gupta
2022-10-12 8:52 ` Jarkko Sakkinen
2022-10-12 8:53 ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 2/8] keys-trusted: new cmd line option added Pankaj Gupta
2022-10-06 12:37 ` Ben Boeckel
2022-10-06 13:08 ` [PATCH v0 3/8] crypto: hbk flags & info added to the tfm Pankaj Gupta
2022-10-07 6:58 ` Herbert Xu
2022-10-10 11:15 ` [EXT] " Pankaj Gupta
2022-10-10 15:15 ` Jason A. Donenfeld
2022-10-10 21:35 ` [EXT] " David Gstir
2022-10-11 9:03 ` [EXT] " Herbert Xu
2022-10-11 11:32 ` Pankaj Gupta
2022-10-11 20:01 ` Jason A. Donenfeld
2022-10-12 9:06 ` Herbert Xu
2022-10-14 19:19 ` Jason Gunthorpe
2022-10-20 4:26 ` Eric Biggers
2022-10-20 19:23 ` Jason Gunthorpe
2022-10-20 21:28 ` Eric Biggers
2022-10-20 23:42 ` Jason Gunthorpe
2022-10-11 11:05 ` Pankaj Gupta
2022-10-12 8:57 ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 4/8] sk_cipher: checking for hw bound operation Pankaj Gupta
2022-10-12 8:59 ` Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 5/8] keys-trusted: re-factored caam based trusted key Pankaj Gupta
2022-10-06 13:08 ` [PATCH v0 6/8] KEYS: trusted: caam based black key Pankaj Gupta
2022-10-06 12:42 ` Ben Boeckel
2022-10-06 12:52 ` James Bottomley
2022-10-06 13:08 ` Pankaj Gupta [this message]
2022-10-12 9:01 ` [PATCH v0 7/8] caam alg: symmetric key ciphers are updated Jarkko Sakkinen
2022-10-06 13:08 ` [PATCH v0 8/8] dm-crypt: consumer-app setting the flag-is_hbk Pankaj Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221006130837.17587-8-pankaj.gupta@nxp.com \
--to=pankaj.gupta@nxp.com \
--cc=Jason@zx2c4.com \
--cc=V.Sethi@nxp.com \
--cc=a.fatoum@pengutronix.de \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=gilad@benyossef.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=john.ernberg@actia.se \
--cc=keyrings@vger.kernel.org \
--cc=kshitiz.varshney@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=michael@walle.cc \
--cc=richard@nod.at \
--cc=sahil.malhotra@nxp.com \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).