lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240906-wrapped-keys-v6-13-d59e61bc0cb4@linaro.org> Date: Fri, 06 Sep 2024 20:07:16 +0200 From: Bartosz Golaszewski <brgl@...ev.pl> To: Jens Axboe <axboe@...nel.dk>, Jonathan Corbet <corbet@....net>, Alasdair Kergon <agk@...hat.com>, Mike Snitzer <snitzer@...nel.org>, Mikulas Patocka <mpatocka@...hat.com>, Adrian Hunter <adrian.hunter@...el.com>, Asutosh Das <quic_asutoshd@...cinc.com>, Ritesh Harjani <ritesh.list@...il.com>, Ulf Hansson <ulf.hansson@...aro.org>, Alim Akhtar <alim.akhtar@...sung.com>, Avri Altman <avri.altman@....com>, Bart Van Assche <bvanassche@....org>, "James E.J. Bottomley" <James.Bottomley@...senPartnership.com>, "Martin K. Petersen" <martin.petersen@...cle.com>, Eric Biggers <ebiggers@...nel.org>, "Theodore Y. Ts'o" <tytso@....edu>, Jaegeuk Kim <jaegeuk@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, Bjorn Andersson <andersson@...nel.org>, Konrad Dybcio <konradybcio@...nel.org>, Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>, Dmitry Baryshkov <dmitry.baryshkov@...aro.org>, Gaurav Kashyap <quic_gaurkash@...cinc.com>, Neil Armstrong <neil.armstrong@...aro.org> Cc: linux-block@...r.kernel.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, dm-devel@...ts.linux.dev, linux-mmc@...r.kernel.org, linux-scsi@...r.kernel.org, linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-arm-msm@...r.kernel.org, Bartosz Golaszewski <bartosz.golaszewski@...aro.org>, Om Prakash Singh <quic_omprsing@...cinc.com> Subject: [PATCH v6 13/17] ufs: core: add support for deriving the software secret From: Gaurav Kashyap <quic_gaurkash@...cinc.com> Extend the UFS core to allow calling the block layer's callback for deriving the software secret from a wrapped key. This is needed as in most cases the wrapped key support will be vendor-specific and the implementation will live in the specific UFS driver. Tested-by: Neil Armstrong <neil.armstrong@...aro.org> Reviewed-by: Om Prakash Singh <quic_omprsing@...cinc.com> Signed-off-by: Gaurav Kashyap <quic_gaurkash@...cinc.com> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@...aro.org> --- drivers/ufs/core/ufshcd-crypto.c | 15 +++++++++++++++ include/ufs/ufshcd.h | 3 +++ 2 files changed, 18 insertions(+) diff --git a/drivers/ufs/core/ufshcd-crypto.c b/drivers/ufs/core/ufshcd-crypto.c index 64389e876910..2530239d42af 100644 --- a/drivers/ufs/core/ufshcd-crypto.c +++ b/drivers/ufs/core/ufshcd-crypto.c @@ -113,6 +113,20 @@ static int ufshcd_crypto_keyslot_evict(struct blk_crypto_profile *profile, return ufshcd_program_key(hba, NULL, &cfg, slot); } +static int ufshcd_crypto_derive_sw_secret(struct blk_crypto_profile *profile, + const u8 wkey[], size_t wkey_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->derive_sw_secret) + return hba->vops->derive_sw_secret(hba, wkey, wkey_size, + sw_secret); + + return -EOPNOTSUPP; +} + /* * Reprogram the keyslots if needed, and return true if CRYPTO_GENERAL_ENABLE * should be used in the host controller initialization sequence. @@ -134,6 +148,7 @@ bool ufshcd_crypto_enable(struct ufs_hba *hba) static const struct blk_crypto_ll_ops ufshcd_crypto_ops = { .keyslot_program = ufshcd_crypto_keyslot_program, .keyslot_evict = ufshcd_crypto_keyslot_evict, + .derive_sw_secret = ufshcd_crypto_derive_sw_secret, }; static enum blk_crypto_mode_num diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index a2dad4f982c2..c11dd3baf53c 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -372,6 +372,9 @@ struct ufs_hba_variant_ops { int (*program_key)(struct ufs_hba *hba, const struct blk_crypto_key *bkey, const union ufs_crypto_cfg_entry *cfg, int slot); + int (*derive_sw_secret)(struct ufs_hba *hba, const u8 wkey[], + unsigned int wkey_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); int (*fill_crypto_prdt)(struct ufs_hba *hba, const struct bio_crypt_ctx *crypt_ctx, void *prdt, unsigned int num_segments); -- 2.43.0
Powered by blists - more mailing lists