lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20241101031539.13285-4-quic_spuppala@quicinc.com>
Date: Fri,  1 Nov 2024 08:45:36 +0530
From: Seshu Madhavi Puppala <quic_spuppala@...cinc.com>
To: Adrian Hunter <adrian.hunter@...el.com>,
        Asutosh Das <quic_asutoshd@...cinc.com>,
        Ulf Hansson <ulf.hansson@...aro.org>
Cc: Ritesh Harjani <ritesh.list@...il.com>, linux-mmc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org,
        quic_gaurkash@...cinc.com, quic_neersoni@...cinc.com,
        quic_spuppala@...cinc.com
Subject: [PATCH RFC 3/6] mmc: host: add support for generate, import and prepare keys

Block crypto allows storage controllers like MMC to
register ops to generate, prepare and import wrapped
keys in the kernel.

Wrapped keys in most cases will have vendor specific
implementations, which means these ops would need to have
corresponding MMC variant ops.

Signed-off-by: Seshu Madhavi Puppala <quic_spuppala@...cinc.com>
---
 drivers/mmc/host/cqhci-crypto.c | 42 +++++++++++++++++++++++++++++++++
 drivers/mmc/host/cqhci.h        | 11 +++++++++
 2 files changed, 53 insertions(+)

diff --git a/drivers/mmc/host/cqhci-crypto.c b/drivers/mmc/host/cqhci-crypto.c
index e2a4700f3153..4a05f5a5d92c 100644
--- a/drivers/mmc/host/cqhci-crypto.c
+++ b/drivers/mmc/host/cqhci-crypto.c
@@ -141,6 +141,45 @@ static int cqhci_crypto_derive_sw_secret(struct blk_crypto_profile *profile,
 	return -EOPNOTSUPP;
 }
 
+static int cqhci_crypto_generate_key(struct blk_crypto_profile *profile,
+				     u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
+{
+	struct cqhci_host *cq_host = cqhci_host_from_crypto_profile(profile);
+
+	if (cq_host->ops && cq_host->ops->generate_key)
+		return  cq_host->ops->generate_key(cq_host, lt_key);
+
+	return -EOPNOTSUPP;
+}
+
+static int cqhci_crypto_prepare_key(struct blk_crypto_profile *profile,
+				    const u8 *lt_key, size_t lt_key_size,
+				    u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
+{
+
+	struct cqhci_host *cq_host = cqhci_host_from_crypto_profile(profile);
+
+	if (cq_host->ops && cq_host->ops->prepare_key)
+		return  cq_host->ops->prepare_key(cq_host, lt_key,
+						  lt_key_size, eph_key);
+
+	return -EOPNOTSUPP;
+}
+
+static int cqhci_crypto_import_key(struct blk_crypto_profile *profile,
+				   const u8 *imp_key, size_t imp_key_size,
+				   u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
+{
+
+	struct cqhci_host *cq_host = cqhci_host_from_crypto_profile(profile);
+
+	if (cq_host->ops && cq_host->ops->import_key)
+		return  cq_host->ops->import_key(cq_host, imp_key,
+						 imp_key_size, lt_key);
+
+	return -EOPNOTSUPP;
+}
+
 /*
  * The keyslot management operations for CQHCI crypto.
  *
@@ -153,6 +192,9 @@ static const struct blk_crypto_ll_ops cqhci_crypto_ops = {
 	.keyslot_program	= cqhci_crypto_keyslot_program,
 	.keyslot_evict		= cqhci_crypto_keyslot_evict,
 	.derive_sw_secret	= cqhci_crypto_derive_sw_secret,
+	.generate_key		= cqhci_crypto_generate_key,
+	.prepare_key		= cqhci_crypto_prepare_key,
+	.import_key		= cqhci_crypto_import_key,
 };
 
 static enum blk_crypto_mode_num
diff --git a/drivers/mmc/host/cqhci.h b/drivers/mmc/host/cqhci.h
index 77368fb97eba..f2af8aaa4068 100644
--- a/drivers/mmc/host/cqhci.h
+++ b/drivers/mmc/host/cqhci.h
@@ -287,6 +287,9 @@ struct cqhci_host {
 };
 
 /* @derive_sw_secret: derive sw secret from a wrapped key
+ * @generate_key: generate a storage key and return longterm wrapped key
+ * @prepare_key: unwrap longterm key and return ephemeral wrapped key
+ * @import_key: import sw storage key and return longterm wrapped key
  */
 struct cqhci_host_ops {
 	void (*dumpregs)(struct mmc_host *mmc);
@@ -305,6 +308,14 @@ struct cqhci_host_ops {
 	int (*derive_sw_secret)(struct cqhci_host *cq_host, const u8 wkey[],
 				unsigned int wkey_size,
 				u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]);
+	int (*generate_key)(struct cqhci_host *cq_host,
+			    u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
+	int (*prepare_key)(struct cqhci_host *cq_host,
+			   const u8 *lt_key, size_t lt_key_size,
+			   u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
+	int (*import_key)(struct cqhci_host *cq_host, const u8 *imp_key,
+			  size_t imp_key_size,
+			  u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
 #endif
 	void (*set_tran_desc)(struct cqhci_host *cq_host, u8 **desc,
 			      dma_addr_t addr, int len, bool end, bool dma64);
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ