lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20241101031539.13285-3-quic_spuppala@quicinc.com>
Date: Fri,  1 Nov 2024 08:45:35 +0530
From: Seshu Madhavi Puppala <quic_spuppala@...cinc.com>
To: Adrian Hunter <adrian.hunter@...el.com>,
        Asutosh Das <quic_asutoshd@...cinc.com>,
        Ulf Hansson <ulf.hansson@...aro.org>
Cc: Ritesh Harjani <ritesh.list@...il.com>, linux-mmc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org,
        quic_gaurkash@...cinc.com, quic_neersoni@...cinc.com,
        quic_spuppala@...cinc.com
Subject: [PATCH RFC 2/6] mmc: host: add support to derive software secret

Block crypto allows storage controllers like MMC to
register an op derive a software secret from wrapped
keys added to the kernel.

Wrapped keys in most cases will have vendor specific
implementations, which means this op would need to have
a corresponding MMC variant op.
This change adds hooks in MMC to support this variant
ops and tie them to the blk crypto op.

Signed-off-by: Seshu Madhavi Puppala <quic_spuppala@...cinc.com>
---
 drivers/mmc/host/cqhci-crypto.c | 14 ++++++++++++++
 drivers/mmc/host/cqhci.h        |  5 +++++
 2 files changed, 19 insertions(+)

diff --git a/drivers/mmc/host/cqhci-crypto.c b/drivers/mmc/host/cqhci-crypto.c
index c4e7ae95bc7d..e2a4700f3153 100644
--- a/drivers/mmc/host/cqhci-crypto.c
+++ b/drivers/mmc/host/cqhci-crypto.c
@@ -128,6 +128,19 @@ static int cqhci_crypto_keyslot_evict(struct blk_crypto_profile *profile,
 	return cqhci_crypto_clear_keyslot(cq_host, slot);
 }
 
+static int cqhci_crypto_derive_sw_secret(struct blk_crypto_profile *profile,
+					  const u8 wkey[], size_t wkey_size,
+					  u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE])
+{
+	struct cqhci_host *cq_host = cqhci_host_from_crypto_profile(profile);
+
+	if (cq_host->ops && cq_host->ops->derive_sw_secret)
+		return  cq_host->ops->derive_sw_secret(cq_host, wkey, wkey_size,
+						    sw_secret);
+
+	return -EOPNOTSUPP;
+}
+
 /*
  * The keyslot management operations for CQHCI crypto.
  *
@@ -139,6 +152,7 @@ static int cqhci_crypto_keyslot_evict(struct blk_crypto_profile *profile,
 static const struct blk_crypto_ll_ops cqhci_crypto_ops = {
 	.keyslot_program	= cqhci_crypto_keyslot_program,
 	.keyslot_evict		= cqhci_crypto_keyslot_evict,
+	.derive_sw_secret	= cqhci_crypto_derive_sw_secret,
 };
 
 static enum blk_crypto_mode_num
diff --git a/drivers/mmc/host/cqhci.h b/drivers/mmc/host/cqhci.h
index f6bc66bc6418..77368fb97eba 100644
--- a/drivers/mmc/host/cqhci.h
+++ b/drivers/mmc/host/cqhci.h
@@ -286,6 +286,8 @@ struct cqhci_host {
 #endif
 };
 
+/* @derive_sw_secret: derive sw secret from a wrapped key
+ */
 struct cqhci_host_ops {
 	void (*dumpregs)(struct mmc_host *mmc);
 	void (*write_l)(struct cqhci_host *host, u32 val, int reg);
@@ -300,6 +302,9 @@ struct cqhci_host_ops {
 	int (*program_key)(struct cqhci_host *cq_host,
 			   const struct blk_crypto_key *bkey,
 			   const union cqhci_crypto_cfg_entry *cfg, int slot);
+	int (*derive_sw_secret)(struct cqhci_host *cq_host, const u8 wkey[],
+				unsigned int wkey_size,
+				u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]);
 #endif
 	void (*set_tran_desc)(struct cqhci_host *cq_host, u8 **desc,
 			      dma_addr_t addr, int len, bool end, bool dma64);
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ