| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250210044445.vmtfhqjibonhi6j2@thinkpad>
Date: Mon, 10 Feb 2025 10:14:45 +0530
From: Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-block@...r.kernel.org, Jens Axboe <axboe@...nel.dk>,
Bartosz Golaszewski <brgl@...ev.pl>,
Gaurav Kashyap <quic_gaurkash@...cinc.com>,
linux-fscrypt@...r.kernel.org, linux-mmc@...r.kernel.org,
linux-scsi@...r.kernel.org, linux-arm-msm@...r.kernel.org,
linux-kernel@...r.kernel.org,
Bjorn Andersson <andersson@...nel.org>,
Konrad Dybcio <konradybcio@...nel.org>,
Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
Subject: Re: [PATCH v11 7/7] ufs: qcom: add support for wrapped keys
On Mon, Feb 03, 2025 at 10:00:41PM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@...gle.com>
>
> Wire up the wrapped key support for ufs-qcom by implementing the needed
> methods in struct blk_crypto_ll_ops and setting the appropriate flag in
> blk_crypto_profile::key_types_supported.
>
> For more information about this feature and how to use it, refer to
> the sections about hardware-wrapped keys in
> Documentation/block/inline-encryption.rst and
> Documentation/filesystems/fscrypt.rst.
>
> Based on patches by Gaurav Kashyap <quic_gaurkash@...cinc.com>.
> Reworked to use the custom crypto profile support.
>
Instead of mentioning the contribution in description, you should use relevant
tags IMO.
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Acked-by: Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>
- Mani
> ---
> drivers/ufs/host/ufs-qcom.c | 51 ++++++++++++++++++++++++++++++++-----
> 1 file changed, 45 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c
> index f34527fb02fb2..dc3eb6f29f5b2 100644
> --- a/drivers/ufs/host/ufs-qcom.c
> +++ b/drivers/ufs/host/ufs-qcom.c
> @@ -132,15 +132,10 @@ static int ufs_qcom_ice_init(struct ufs_qcom_host *host)
> }
>
> if (IS_ERR_OR_NULL(ice))
> return PTR_ERR_OR_ZERO(ice);
>
> - if (qcom_ice_get_supported_key_type(ice) != BLK_CRYPTO_KEY_TYPE_RAW) {
> - dev_warn(dev, "Wrapped keys not supported. Disabling inline encryption support.\n");
> - return 0;
> - }
> -
> host->ice = ice;
>
> /* Initialize the blk_crypto_profile */
>
> caps.reg_val = cpu_to_le32(ufshcd_readl(hba, REG_UFS_CCAP));
> @@ -150,11 +145,11 @@ static int ufs_qcom_ice_init(struct ufs_qcom_host *host)
> if (err)
> return err;
>
> profile->ll_ops = ufs_qcom_crypto_ops;
> profile->max_dun_bytes_supported = 8;
> - profile->key_types_supported = BLK_CRYPTO_KEY_TYPE_RAW;
> + profile->key_types_supported = qcom_ice_get_supported_key_type(ice);
> profile->dev = dev;
>
> /*
> * Currently this driver only supports AES-256-XTS. All known versions
> * of ICE support it, but to be safe make sure it is really declared in
> @@ -218,13 +213,57 @@ static int ufs_qcom_ice_keyslot_evict(struct blk_crypto_profile *profile,
> err = qcom_ice_evict_key(host->ice, slot);
> ufshcd_release(hba);
> return err;
> }
>
> +static int ufs_qcom_ice_derive_sw_secret(struct blk_crypto_profile *profile,
> + const u8 *eph_key, size_t eph_key_size,
> + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE])
> +{
> + struct ufs_hba *hba = ufs_hba_from_crypto_profile(profile);
> + struct ufs_qcom_host *host = ufshcd_get_variant(hba);
> +
> + return qcom_ice_derive_sw_secret(host->ice, eph_key, eph_key_size,
> + sw_secret);
> +}
> +
> +static int ufs_qcom_ice_import_key(struct blk_crypto_profile *profile,
> + const u8 *raw_key, size_t raw_key_size,
> + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
> +{
> + struct ufs_hba *hba = ufs_hba_from_crypto_profile(profile);
> + struct ufs_qcom_host *host = ufshcd_get_variant(hba);
> +
> + return qcom_ice_import_key(host->ice, raw_key, raw_key_size, lt_key);
> +}
> +
> +static int ufs_qcom_ice_generate_key(struct blk_crypto_profile *profile,
> + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
> +{
> + struct ufs_hba *hba = ufs_hba_from_crypto_profile(profile);
> + struct ufs_qcom_host *host = ufshcd_get_variant(hba);
> +
> + return qcom_ice_generate_key(host->ice, lt_key);
> +}
> +
> +static int ufs_qcom_ice_prepare_key(struct blk_crypto_profile *profile,
> + const u8 *lt_key, size_t lt_key_size,
> + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
> +{
> + struct ufs_hba *hba = ufs_hba_from_crypto_profile(profile);
> + struct ufs_qcom_host *host = ufshcd_get_variant(hba);
> +
> + return qcom_ice_prepare_key(host->ice, lt_key, lt_key_size, eph_key);
> +}
> +
> static const struct blk_crypto_ll_ops ufs_qcom_crypto_ops = {
> .keyslot_program = ufs_qcom_ice_keyslot_program,
> .keyslot_evict = ufs_qcom_ice_keyslot_evict,
> + .derive_sw_secret = ufs_qcom_ice_derive_sw_secret,
> + .import_key = ufs_qcom_ice_import_key,
> + .generate_key = ufs_qcom_ice_generate_key,
> + .prepare_key = ufs_qcom_ice_prepare_key,
> };
>
> #else
>
> static inline void ufs_qcom_ice_enable(struct ufs_qcom_host *host)
> --
> 2.48.1
>
--
மணிவண்ணன் சதாசிவம்
Powered by blists - more mailing lists