| Message ID | 20240127232436.2632187-10-quic_gaurkash@quicinc.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Hardware wrapped key support for qcom ice and ufs | expand |
On 1/28/2024 4:44 AM, Gaurav Kashyap wrote: > Block crypto allows storage controllers like UFS to > register ops to generate, prepare and import wrapped > keys in the kernel. > > Wrapped keys in most cases will have vendor specific > implementations, which means these ops would need to have > corresponding UFS variant ops. > This change adds hooks in UFS core to support these variant > ops and tie them to the blk crypto ops. > > Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com> > Tested-by: Neil Armstrong <neil.armstrong@linaro.org> > --- Reviewed-by: Om Prakash Singh <quic_omprsing@quicinc.com> > drivers/ufs/core/ufshcd-crypto.c | 41 ++++++++++++++++++++++++++++++++ > include/ufs/ufshcd.h | 11 +++++++++ > 2 files changed, 52 insertions(+) > > diff --git a/drivers/ufs/core/ufshcd-crypto.c b/drivers/ufs/core/ufshcd-crypto.c > index c14800eac1ff..fb935a54acfa 100644 > --- a/drivers/ufs/core/ufshcd-crypto.c > +++ b/drivers/ufs/core/ufshcd-crypto.c > @@ -143,10 +143,51 @@ bool ufshcd_crypto_enable(struct ufs_hba *hba) > return true; > } > > +static int ufshcd_crypto_generate_key(struct blk_crypto_profile *profile, > + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) > +{ > + struct ufs_hba *hba = > + container_of(profile, struct ufs_hba, crypto_profile); > + > + if (hba->vops && hba->vops->generate_key) > + return hba->vops->generate_key(hba, lt_key); > + > + return -EOPNOTSUPP; > +} > + > +static int ufshcd_crypto_prepare_key(struct blk_crypto_profile *profile, > + const u8 *lt_key, size_t lt_key_size, > + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) > +{ > + struct ufs_hba *hba = > + container_of(profile, struct ufs_hba, crypto_profile); > + > + if (hba->vops && hba->vops->prepare_key) > + return hba->vops->prepare_key(hba, lt_key, lt_key_size, eph_key); > + > + return -EOPNOTSUPP; > +} > + > +static int ufshcd_crypto_import_key(struct blk_crypto_profile *profile, > + const u8 *imp_key, size_t imp_key_size, > + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) > +{ > + struct ufs_hba *hba = > + container_of(profile, struct ufs_hba, crypto_profile); > + > + if (hba->vops && hba->vops->import_key) > + return hba->vops->import_key(hba, imp_key, imp_key_size, lt_key); > + > + return -EOPNOTSUPP; > +} > + > static const struct blk_crypto_ll_ops ufshcd_crypto_ops = { > .keyslot_program = ufshcd_crypto_keyslot_program, > .keyslot_evict = ufshcd_crypto_keyslot_evict, > .derive_sw_secret = ufshcd_crypto_derive_sw_secret, > + .generate_key = ufshcd_crypto_generate_key, > + .prepare_key = ufshcd_crypto_prepare_key, > + .import_key = ufshcd_crypto_import_key, > }; > > static enum blk_crypto_mode_num > diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h > index 8a773434a329..fe66ba37e2ee 100644 > --- a/include/ufs/ufshcd.h > +++ b/include/ufs/ufshcd.h > @@ -322,6 +322,9 @@ struct ufs_pwr_mode_info { > * @config_scaling_param: called to configure clock scaling parameters > * @program_key: program or evict an inline encryption key > * @derive_sw_secret: derive sw secret from a wrapped key > + * @generate_key: generate a storage key and return longterm wrapped key > + * @prepare_key: unwrap longterm key and return ephemeral wrapped key > + * @import_key: import sw storage key and return longterm wrapped key > * @event_notify: called to notify important events > * @reinit_notify: called to notify reinit of UFSHCD during max gear switch > * @mcq_config_resource: called to configure MCQ platform resources > @@ -369,6 +372,14 @@ struct ufs_hba_variant_ops { > int (*derive_sw_secret)(struct ufs_hba *hba, const u8 wkey[], > unsigned int wkey_size, > u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); > + int (*generate_key)(struct ufs_hba *hba, > + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); > + int (*prepare_key)(struct ufs_hba *hba, > + const u8 *lt_key, size_t lt_key_size, > + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); > + int (*import_key)(struct ufs_hba *hba, > + const u8 *imp_key, size_t imp_key_size, > + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); > void (*event_notify)(struct ufs_hba *hba, > enum ufs_event_type evt, void *data); > void (*reinit_notify)(struct ufs_hba *);
diff --git a/drivers/ufs/core/ufshcd-crypto.c b/drivers/ufs/core/ufshcd-crypto.c index c14800eac1ff..fb935a54acfa 100644 --- a/drivers/ufs/core/ufshcd-crypto.c +++ b/drivers/ufs/core/ufshcd-crypto.c @@ -143,10 +143,51 @@ bool ufshcd_crypto_enable(struct ufs_hba *hba) return true; } +static int ufshcd_crypto_generate_key(struct blk_crypto_profile *profile, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->generate_key) + return hba->vops->generate_key(hba, lt_key); + + return -EOPNOTSUPP; +} + +static int ufshcd_crypto_prepare_key(struct blk_crypto_profile *profile, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->prepare_key) + return hba->vops->prepare_key(hba, lt_key, lt_key_size, eph_key); + + return -EOPNOTSUPP; +} + +static int ufshcd_crypto_import_key(struct blk_crypto_profile *profile, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->import_key) + return hba->vops->import_key(hba, imp_key, imp_key_size, lt_key); + + return -EOPNOTSUPP; +} + static const struct blk_crypto_ll_ops ufshcd_crypto_ops = { .keyslot_program = ufshcd_crypto_keyslot_program, .keyslot_evict = ufshcd_crypto_keyslot_evict, .derive_sw_secret = ufshcd_crypto_derive_sw_secret, + .generate_key = ufshcd_crypto_generate_key, + .prepare_key = ufshcd_crypto_prepare_key, + .import_key = ufshcd_crypto_import_key, }; static enum blk_crypto_mode_num diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 8a773434a329..fe66ba37e2ee 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -322,6 +322,9 @@ struct ufs_pwr_mode_info { * @config_scaling_param: called to configure clock scaling parameters * @program_key: program or evict an inline encryption key * @derive_sw_secret: derive sw secret from a wrapped key + * @generate_key: generate a storage key and return longterm wrapped key + * @prepare_key: unwrap longterm key and return ephemeral wrapped key + * @import_key: import sw storage key and return longterm wrapped key * @event_notify: called to notify important events * @reinit_notify: called to notify reinit of UFSHCD during max gear switch * @mcq_config_resource: called to configure MCQ platform resources @@ -369,6 +372,14 @@ struct ufs_hba_variant_ops { int (*derive_sw_secret)(struct ufs_hba *hba, const u8 wkey[], unsigned int wkey_size, u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); + int (*generate_key)(struct ufs_hba *hba, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); + int (*prepare_key)(struct ufs_hba *hba, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); + int (*import_key)(struct ufs_hba *hba, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); void (*event_notify)(struct ufs_hba *hba, enum ufs_event_type evt, void *data); void (*reinit_notify)(struct ufs_hba *);