lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 21 Aug 2019 15:42:06 +0900
From:   "boojin.kim" <boojin.kim@...sung.com>
To:     "'Herbert Xu'" <herbert@...dor.apana.org.au>,
        "'David S. Miller'" <davem@...emloft.net>,
        "'Eric Biggers'" <ebiggers@...nel.org>,
        "'Theodore Y. Ts'o'" <tytso@....edu>,
        "'Chao Yu'" <chao@...nel.org>,
        "'Jaegeuk Kim'" <jaegeuk@...nel.org>,
        "'Andreas Dilger'" <adilger.kernel@...ger.ca>,
        "'Theodore Ts'o'" <tytso@....edu>, <dm-devel@...hat.com>,
        "'Mike Snitzer'" <snitzer@...hat.com>,
        "'Alasdair Kergon'" <agk@...hat.com>,
        "'Jens Axboe'" <axboe@...nel.dk>,
        "'Krzysztof Kozlowski'" <krzk@...nel.org>,
        "'Kukjin Kim'" <kgene@...nel.org>,
        "'Jaehoon Chung'" <jh80.chung@...sung.com>,
        "'Ulf Hansson'" <ulf.hansson@...aro.org>,
        <linux-crypto@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <linux-fscrypt@...r.kernel.org>, <linux-mmc@...r.kernel.org>,
        <linux-samsung-soc@...r.kernel.org>, <linux-block@...r.kernel.org>,
        <linux-ext4@...r.kernel.org>,
        <linux-f2fs-devel@...ts.sourceforge.net>,
        <linux-samsung-soc@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-fsdevel@...r.kernel.org>
Subject: [PATCH 0/9] Flash Memory Protector Support

Exynos has a H/W block called FMP (Flash Memory Protector) to protect data
stored on storage device.
FMP interworks with the storage controller to encrypt a data before writing
to the storage device and decrypt the data after reading from storage
device.
FMP is a kind of ICE (inline crypto engines), which is generally known
as being used for the above role.

To use FMP, the modification of various layers such as Fscrypt, ext4, f2fs,
DM-crypt, storage controller driver and block is required.
FMP solution introduces a new diskcipher similar to the existing skcipher
in crypo API in order to minimize the modification of these layers and
to improve the code readability.

This patchset includes the following for using FMP:
- Diskcipher and FMP are added to crypto API.
- The crypto users such as dm-crypt and fscrypt are modified to support
  diskcipher.
- The bio submitters such as f2fs, ext4, dm-crypt are modified to support
  diskcipher.
- Block layer is modified to pass diskcipher to storage controller driver.
- Storage controller driver is modified to support crypto operation.

Exynos FMP solution consists of Diskcipher and FMP driver.
Diskcipher is a symmetric key cipher of crypto API that supports inline
crypto engine like FMP.
FMP driver is a cipher algorithm running on diskcipher.
FMP driver registers 'cbc(aes)-disk' and 'xts(aes)-disk' algorithms to
crypto API.
FMP can be tested with various test vectors in testmgr of crypto API.

When encrypting using FMP, additional control is required to deliver and
manage encryption information between encryption users (fscrypt, DM-crypt)
and FMP drivers. Diskcipher provides this control.

The encryption using FMP is made up of 4 steps.
The first step is to assign a password and set a key.
Encryption users such as Fscrypt or DM-crypt assign diskcipher, and set key
to the diskcipher.
The second step is to deliver diskcipher that has crypto information to
storage drivers such as UFS and MMC. BIO is used to this delivery.
The BIO submitters, such as ext4, f2fs and DM-crypt, checks if there is
diskcipher in crypto configuration before issuing BIO. If there are
diskcipher, the submitter sets it to BIO.
In addition, the BIO submitter skips the task of encrypting data before BIO
and decrypting data after BIO is completed.
In the third step, the storage driver gets the diskcipher from the BIO and
requests the FMP to encrypt.
In the final step, the FMP extracts crypto information from the diskcipher
and writes it in the descriptor area allocated for FMP H/W.
The FMP H/W uses the descriptor of the storage controller to contain crypto
information. So the descriptor of storage controller should be expanded
for FMP.

Boojin Kim (9):
  crypt: Add diskcipher
  crypto: fmp: add Flash Memory Protector driver
  mmc: dw_mmc: support crypto operation
  mmc: dw_mmc-exynos: support FMP
  block: support diskcipher
  dm crypt: support diskcipher
  fscrypt: support diskcipher
  fs: ext4: support diskcipher
  fs: f2fs: support diskcipher

 block/bio.c                      |   1 +
 block/blk-merge.c                |  19 +-
 block/bounce.c                   |   5 +-
 crypto/Kconfig                   |   9 +
 crypto/Makefile                  |   1 +
 crypto/diskcipher.c              | 349 +++++++++++++++++++++++
 crypto/testmgr.c                 | 157 +++++++++++
 drivers/crypto/Kconfig           |   2 +
 drivers/crypto/Makefile          |   1 +
 drivers/crypto/fmp/Kconfig       |  13 +
 drivers/crypto/fmp/Makefile      |   1 +
 drivers/crypto/fmp/fmp.c         | 595
+++++++++++++++++++++++++++++++++++++++
 drivers/crypto/fmp/fmp_crypt.c   | 243 ++++++++++++++++
 drivers/crypto/fmp/fmp_test.c    | 310 ++++++++++++++++++++
 drivers/crypto/fmp/fmp_test.h    |  30 ++
 drivers/md/dm-crypt.c            | 112 +++++++-
 drivers/mmc/host/Kconfig         |   8 +
 drivers/mmc/host/dw_mmc-exynos.c |  62 ++++
 drivers/mmc/host/dw_mmc.c        |  48 +++-
 drivers/mmc/host/dw_mmc.h        |   6 +
 fs/buffer.c                      |   2 +
 fs/crypto/bio.c                  |  43 ++-
 fs/crypto/fscrypt_private.h      |  28 +-
 fs/crypto/keysetup.c             |  60 +++-
 fs/crypto/keysetup_v1.c          |   2 +-
 fs/ext4/inode.c                  |  39 ++-
 fs/ext4/page-io.c                |   8 +-
 fs/ext4/readpage.c               |   7 +
 fs/f2fs/data.c                   |  98 ++++++-
 fs/f2fs/f2fs.h                   |   2 +-
 include/crypto/diskcipher.h      | 245 ++++++++++++++++
 include/crypto/fmp.h             | 324 +++++++++++++++++++++
 include/linux/bio.h              |  10 +
 include/linux/blk_types.h        |   4 +
 include/linux/bvec.h             |   3 +
 include/linux/crypto.h           |   1 +
 include/linux/fscrypt.h          |  19 ++
 include/uapi/linux/fscrypt.h     |   2 +
 tools/include/uapi/linux/fs.h    |   1 +
 39 files changed, 2837 insertions(+), 33 deletions(-)
 create mode 100644 crypto/diskcipher.c
 create mode 100644 drivers/crypto/fmp/Kconfig
 create mode 100644 drivers/crypto/fmp/Makefile
 create mode 100644 drivers/crypto/fmp/fmp.c
 create mode 100644 drivers/crypto/fmp/fmp_crypt.c
 create mode 100644 drivers/crypto/fmp/fmp_test.c
 create mode 100644 drivers/crypto/fmp/fmp_test.h
 create mode 100644 include/crypto/diskcipher.h
 create mode 100644 include/crypto/fmp.h

-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ