From patchwork Mon Mar 26 07:32:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gilad Ben-Yossef X-Patchwork-Id: 132398 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3512976ljb; Mon, 26 Mar 2018 00:32:38 -0700 (PDT) X-Google-Smtp-Source: AIpwx49xvRdGkiDGkJ/Kykj4bOI3PtaSm0kjUYOH1mhp6aBibPbpB+SF3/gBFCcn605sfldWkHlP X-Received: by 10.167.128.217 with SMTP id a25mr215284pfn.132.1522049557867; Mon, 26 Mar 2018 00:32:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522049557; cv=none; d=google.com; s=arc-20160816; b=jblO8/uvjbQ+FyKc7KKKpEs2uIemUZjoQxs/Jb/RQ9ypHg7CK2YXIaR2NAKALFEkjR nqtz4VoR9B3JHCXd+ztP/c5K4sQovjmYDhe/uh+Irw/LT7Ofg2IRpP3WMoMMlmCdCs4a zT1T0nQvSJZHAarqd8PwcifdXlJg8Gr2cbUA2TZJGvRYR3nxmsw6bWBqr8h+oU2xY2oy 4vj2RR0U3gnvcr3ASEYxNbE0AdOxwFtff7EHd1pxGLLjepLyIbJO+hW+H5SPtM1ogQeW eUWutjseZL1q3CSRqP6ezOKT0ediHfF7jWAkrBdbK6fN1xBsL06EZZvaFg/WkRRX5fnZ jnuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=fLPVGHqbjPQdkgI7Y1bRA/1pv2E+P9l3c4np8yDXE1E=; b=F3Gd5kSBogKgHc0bUdML2d3R9RyGJcmzbLTKTBKDd+xoQrKpPII8a7W0cIsv87jeXG Dd8kfOgYazC6eT8dkSHAyZYUWP/ezStyoUoLYID0DePLLljpAtztjT6sOIE7cpdy5oTz WlG2Zi+NpWZEkme4kEGA9okIzZJ5AYS0YcsiT5+O1S9ixkeBLgP4OAHqpZ4ztL19bnrj djU9jTO3QYb1WFagS4rAWW821tYNLCxUzJwM/lOG9nWKyNHpToXPbP/eqZsIM0XcOh6l 6od2RCbKnMEcooaw5t34Jkz8alLK2foTsqQcHCSc3GNN9+e4IxS1TxUnqyGOhfhG3Fq3 s3Iw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t66si10206202pgc.606.2018.03.26.00.32.37; Mon, 26 Mar 2018 00:32:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752004AbeCZHcc (ORCPT + 28 others); Mon, 26 Mar 2018 03:32:32 -0400 Received: from foss.arm.com ([217.140.101.70]:37316 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750783AbeCZHcb (ORCPT ); Mon, 26 Mar 2018 03:32:31 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6BF3A1596; Mon, 26 Mar 2018 00:32:31 -0700 (PDT) Received: from sugar.kfn.arm.com (unknown [10.45.48.136]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id F05EB3F557; Mon, 26 Mar 2018 00:32:29 -0700 (PDT) From: Gilad Ben-Yossef To: Herbert Xu , "David S. Miller" Cc: Ofir Drang , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/2] crypto: ccree: remove unused enums Date: Mon, 26 Mar 2018 08:32:18 +0100 Message-Id: <1522049540-10042-2-git-send-email-gilad@benyossef.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1522049540-10042-1-git-send-email-gilad@benyossef.com> References: <1522049540-10042-1-git-send-email-gilad@benyossef.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Remove enums definitions unused in the driver code. Signed-off-by: Gilad Ben-Yossef --- drivers/crypto/ccree/cc_hw_queue_defs.h | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) -- 2.7.4 diff --git a/drivers/crypto/ccree/cc_hw_queue_defs.h b/drivers/crypto/ccree/cc_hw_queue_defs.h index bf0d235..a091ae5 100644 --- a/drivers/crypto/ccree/cc_hw_queue_defs.h +++ b/drivers/crypto/ccree/cc_hw_queue_defs.h @@ -124,13 +124,6 @@ enum cc_flow_mode { FLOW_MODE_END = S32_MAX, }; -enum cc_tunnel_op { - TUNNEL_OP_INVALID = -1, - TUNNEL_OFF = 0, - TUNNEL_ON = 1, - TUNNEL_OP_END = S32_MAX, -}; - enum cc_setup_op { SETUP_LOAD_NOP = 0, SETUP_LOAD_STATE0 = 1, @@ -145,6 +138,13 @@ enum cc_setup_op { SETUP_OP_END = S32_MAX, }; +enum cc_hash_conf_pad { + HASH_PADDING_DISABLED = 0, + HASH_PADDING_ENABLED = 1, + HASH_DIGEST_RESULT_LITTLE_ENDIAN = 2, + HASH_CONFIG1_PADDING_RESERVE32 = S32_MAX, +}; + enum cc_aes_mac_selector { AES_SK = 1, AES_CMAC_INIT = 2, @@ -179,20 +179,6 @@ enum cc_hw_aes_key_size { END_OF_AES_KEYS = S32_MAX, }; -enum cc_hw_des_key_size { - DES_ONE_KEY = 0, - DES_TWO_KEYS = 1, - DES_THREE_KEYS = 2, - END_OF_DES_KEYS = S32_MAX, -}; - -enum cc_hash_conf_pad { - HASH_PADDING_DISABLED = 0, - HASH_PADDING_ENABLED = 1, - HASH_DIGEST_RESULT_LITTLE_ENDIAN = 2, - HASH_CONFIG1_PADDING_RESERVE32 = S32_MAX, -}; - enum cc_hash_cipher_pad { DO_NOT_PAD = 0, DO_PAD = 1, From patchwork Mon Mar 26 07:32:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gilad Ben-Yossef X-Patchwork-Id: 132399 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3513019ljb; Mon, 26 Mar 2018 00:32:41 -0700 (PDT) X-Google-Smtp-Source: AG47ELu2Myzbwv6k6CEIv9ImNbhkkcFLqfeOt+xulf9b3+GX48AaRz//OZ+EXNXxPU0Z6sBwcCwN X-Received: by 10.98.153.86 with SMTP id d83mr32079520pfe.46.1522049560985; Mon, 26 Mar 2018 00:32:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522049560; cv=none; d=google.com; s=arc-20160816; b=ww34fI/Isq+SiIsgILGo1GtFslG0aDOE70bchTewhCVE6+iWGVXk8n0sOzqBN6gGfC 1CJzBKqJuFH/0pytqwLLxrzX0B129rBXNdcNRPZfQoKywHqJPM46riVSQkbReouUFBGB JeAMnqCRP+y90GndJTNbfM9qdqFGv2XXNycI3ddENiKF1oaebeOZ6Cd6obgJfEFx8Cif sJtetbip29usXRgIMpTD67alYvljlyye4GW7O5Pwy+sbj/w9Vh6xammEEjtEWGFm2OTI EDrf2dn3FrP98LgF8QCyZsr57NMYqXgHCPugVGKlPlxoxRYNN78yC9zqmEjdck/sx9ib yxNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=6YEtuWrFGx2ZStkcN6SkSEil8jN3Jh8O4T3AmyoUEh0=; b=gPVl90bCX9ZcX82ZR9r9BODl4Z03PW9buS4Gd9M+nmou00hgUJ6TruJdLAsQcsL6og zMlsRCjkr3q9j85XztWQsWj8j86M8lLJGxbAkMX5k6PwA+IjXCDWxSEpvVFClaWsiaM+ CSWTEXepP+XyN3qUJyKASxJaRN+KQxcIALVKrCX69xhFducMeezkjLEle30Qu0oIQ5LB vm/mBMrz9xrds2U9Q8W2uEK6iG9O7T2czMBD5mzPogmImPjWtaj0BNI+FUiXmhbiJVEn 0EtCPXmmXjly6fTQk7Zn5DM2yI7BNU3OArVnrZLD4oF52YFQkbLaNUGzcKmjEmGxuN/z meFQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u72si9933108pgc.545.2018.03.26.00.32.40; Mon, 26 Mar 2018 00:32:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752028AbeCZHci (ORCPT + 28 others); Mon, 26 Mar 2018 03:32:38 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:37320 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750783AbeCZHce (ORCPT ); Mon, 26 Mar 2018 03:32:34 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EFA7D1435; Mon, 26 Mar 2018 00:32:33 -0700 (PDT) Received: from sugar.kfn.arm.com (unknown [10.45.48.136]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7F1C63F557; Mon, 26 Mar 2018 00:32:32 -0700 (PDT) From: Gilad Ben-Yossef To: Herbert Xu , "David S. Miller" Cc: Ofir Drang , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/2] crypto: ccree: enable support for hardware keys Date: Mon, 26 Mar 2018 08:32:19 +0100 Message-Id: <1522049540-10042-3-git-send-email-gilad@benyossef.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1522049540-10042-1-git-send-email-gilad@benyossef.com> References: <1522049540-10042-1-git-send-email-gilad@benyossef.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Enable CryptoCell support for hardware keys. Hardware keys are regular AES keys loaded into CryptoCell internal memory via firmware, often from secure boot ROM or hardware fuses at boot time. As such, they can be used for enc/dec purposes like any other key but cannot (read: extremely hard to) be extracted since since they are not available anywhere in RAM during runtime. The mechanism has some similarities to s390 secure keys although the keys are not wrapped or sealed, but simply loaded offline. The interface was therefore modeled based on the s390 secure keys support. Signed-off-by: Gilad Ben-Yossef --- crypto/testmgr.c | 43 +++++ drivers/crypto/ccree/cc_cipher.c | 348 ++++++++++++++++++++++++++++++++++----- drivers/crypto/ccree/cc_cipher.h | 30 +--- 3 files changed, 359 insertions(+), 62 deletions(-) -- 2.7.4 diff --git a/crypto/testmgr.c b/crypto/testmgr.c index af4a01c..8a5a60c 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2558,6 +2558,13 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { + /* Same as cbc(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "cbc(haes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "cbc(serpent)", .test = alg_test_skcipher, .suite = { @@ -2704,6 +2711,13 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { + /* Same as ctr(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "ctr(haes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "ctr(serpent)", .test = alg_test_skcipher, .suite = { @@ -2974,6 +2988,13 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { + /* Same as ecb(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "ecb(haes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "ecb(khazad)", .test = alg_test_skcipher, .suite = { @@ -3301,6 +3322,13 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { + /* Same as ofb(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "ofb(haes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "pcbc(fcrypt)", .test = alg_test_skcipher, .suite = { @@ -3558,6 +3586,21 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { + /* Same as xts(aes) except the key is stored in + * hardware secure memory which we reference by index + */ + .alg = "xts(haes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "xts4096(haes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "xts512(haes)", + .test = alg_test_null, + .fips_allowed = 1, + }, { .alg = "xts(camellia)", .test = alg_test_skcipher, .suite = { diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index df98f7a..8ccb7c4 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -42,6 +42,7 @@ struct cc_cipher_ctx { int cipher_mode; int flow_mode; unsigned int flags; + bool hw_key; struct cc_user_key_info user; struct cc_hw_key_info hw; struct crypto_shash *shash_tfm; @@ -49,6 +50,13 @@ struct cc_cipher_ctx { static void cc_cipher_complete(struct device *dev, void *cc_req, int err); +static inline bool cc_is_hw_key(struct crypto_tfm *tfm) +{ + struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); + + return ctx_p->hw_key; +} + static int validate_keys_sizes(struct cc_cipher_ctx *ctx_p, u32 size) { switch (ctx_p->flow_mode) { @@ -211,7 +219,7 @@ struct tdes_keys { u8 key3[DES_KEY_SIZE]; }; -static enum cc_hw_crypto_key hw_key_to_cc_hw_key(int slot_num) +static enum cc_hw_crypto_key cc_slot_to_hw_key(int slot_num) { switch (slot_num) { case 0: @@ -226,69 +234,98 @@ static enum cc_hw_crypto_key hw_key_to_cc_hw_key(int slot_num) return END_OF_KEYS; } -static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key, - unsigned int keylen) +static int cc_cipher_sethkey(struct crypto_skcipher *sktfm, const u8 *key, + unsigned int keylen) { struct crypto_tfm *tfm = crypto_skcipher_tfm(sktfm); struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); struct device *dev = drvdata_to_dev(ctx_p->drvdata); - u32 tmp[DES3_EDE_EXPKEY_WORDS]; - struct cc_crypto_alg *cc_alg = - container_of(tfm->__crt_alg, struct cc_crypto_alg, - skcipher_alg.base); - unsigned int max_key_buf_size = cc_alg->skcipher_alg.max_keysize; + struct cc_hkey_info *hki = (struct cc_hkey_info *)key; - dev_dbg(dev, "Setting key in context @%p for %s. keylen=%u\n", + dev_dbg(dev, "Setting HW key in context @%p for %s. keylen=%u\n", ctx_p, crypto_tfm_alg_name(tfm), keylen); dump_byte_array("key", (u8 *)key, keylen); /* STAT_PHASE_0: Init and sanity checks */ + /* This check the size of the hardware key token */ + if (keylen != sizeof(*hki)) { + dev_err(dev, "Unsupported HW key size %d.\n", keylen); + crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + if (ctx_p->flow_mode != S_DIN_to_AES) { + dev_err(dev, "HW key not supported for non-AES flows\n"); + return -EINVAL; + } + + /* The real key len for crypto op is the size of the HW key + * referenced by the HW key slot, not the hardware key token + */ + keylen = hki->keylen; + if (validate_keys_sizes(ctx_p, keylen)) { dev_err(dev, "Unsupported key size %d.\n", keylen); crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); return -EINVAL; } - if (cc_is_hw_key(tfm)) { - /* setting HW key slots */ - struct arm_hw_key_info *hki = (struct arm_hw_key_info *)key; + ctx_p->hw.key1_slot = cc_slot_to_hw_key(hki->hw_key1); + if (ctx_p->hw.key1_slot == END_OF_KEYS) { + dev_err(dev, "Unsupported hw key1 number (%d)\n", hki->hw_key1); + return -EINVAL; + } - if (ctx_p->flow_mode != S_DIN_to_AES) { - dev_err(dev, "HW key not supported for non-AES flows\n"); + if (ctx_p->cipher_mode == DRV_CIPHER_XTS || + ctx_p->cipher_mode == DRV_CIPHER_ESSIV || + ctx_p->cipher_mode == DRV_CIPHER_BITLOCKER) { + if (hki->hw_key1 == hki->hw_key2) { + dev_err(dev, "Illegal hw key numbers (%d,%d)\n", + hki->hw_key1, hki->hw_key2); return -EINVAL; } - - ctx_p->hw.key1_slot = hw_key_to_cc_hw_key(hki->hw_key1); - if (ctx_p->hw.key1_slot == END_OF_KEYS) { - dev_err(dev, "Unsupported hw key1 number (%d)\n", - hki->hw_key1); + ctx_p->hw.key2_slot = cc_slot_to_hw_key(hki->hw_key2); + if (ctx_p->hw.key2_slot == END_OF_KEYS) { + dev_err(dev, "Unsupported hw key2 number (%d)\n", + hki->hw_key2); return -EINVAL; } + } - if (ctx_p->cipher_mode == DRV_CIPHER_XTS || - ctx_p->cipher_mode == DRV_CIPHER_ESSIV || - ctx_p->cipher_mode == DRV_CIPHER_BITLOCKER) { - if (hki->hw_key1 == hki->hw_key2) { - dev_err(dev, "Illegal hw key numbers (%d,%d)\n", - hki->hw_key1, hki->hw_key2); - return -EINVAL; - } - ctx_p->hw.key2_slot = - hw_key_to_cc_hw_key(hki->hw_key2); - if (ctx_p->hw.key2_slot == END_OF_KEYS) { - dev_err(dev, "Unsupported hw key2 number (%d)\n", - hki->hw_key2); - return -EINVAL; - } - } + ctx_p->keylen = keylen; + ctx_p->hw_key = true; + dev_dbg(dev, "cc_is_hw_key ret 0"); - ctx_p->keylen = keylen; - dev_dbg(dev, "cc_is_hw_key ret 0"); + return 0; +} - return 0; +static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key, + unsigned int keylen) +{ + struct crypto_tfm *tfm = crypto_skcipher_tfm(sktfm); + struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm); + struct device *dev = drvdata_to_dev(ctx_p->drvdata); + u32 tmp[DES3_EDE_EXPKEY_WORDS]; + struct cc_crypto_alg *cc_alg = + container_of(tfm->__crt_alg, struct cc_crypto_alg, + skcipher_alg.base); + unsigned int max_key_buf_size = cc_alg->skcipher_alg.max_keysize; + + dev_dbg(dev, "Setting key in context @%p for %s. keylen=%u\n", + ctx_p, crypto_tfm_alg_name(tfm), keylen); + dump_byte_array("key", (u8 *)key, keylen); + + /* STAT_PHASE_0: Init and sanity checks */ + + if (validate_keys_sizes(ctx_p, keylen)) { + dev_err(dev, "Unsupported key size %d.\n", keylen); + crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; } + ctx_p->hw_key = false; + /* * Verify DES weak keys * Note that we're dropping the expanded key since the @@ -735,6 +772,241 @@ static int cc_cipher_decrypt(struct skcipher_request *req) /* Block cipher alg */ static const struct cc_alg_template skcipher_algs[] = { { + .name = "xts(haes)", + .driver_name = "xts-haes-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_XTS, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_630, + }, + { + .name = "xts512(haes)", + .driver_name = "xts-haes-du512-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_XTS, + .flow_mode = S_DIN_to_AES, + .data_unit = 512, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "xts4096(haes)", + .driver_name = "xts-haes-du4096-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_XTS, + .flow_mode = S_DIN_to_AES, + .data_unit = 4096, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "essiv(haes)", + .driver_name = "essiv-haes-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_ESSIV, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "essiv512(haes)", + .driver_name = "essiv-haes-du512-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_ESSIV, + .flow_mode = S_DIN_to_AES, + .data_unit = 512, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "essiv4096(haes)", + .driver_name = "essiv-haes-du4096-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_ESSIV, + .flow_mode = S_DIN_to_AES, + .data_unit = 4096, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "bitlocker(haes)", + .driver_name = "bitlocker-haes-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_BITLOCKER, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "bitlocker512(haes)", + .driver_name = "bitlocker-haes-du512-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_BITLOCKER, + .flow_mode = S_DIN_to_AES, + .data_unit = 512, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "bitlocker4096(haes)", + .driver_name = "bitlocker-haes-du4096-ccree", + .blocksize = AES_BLOCK_SIZE, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_BITLOCKER, + .flow_mode = S_DIN_to_AES, + .data_unit = 4096, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "ecb(haes)", + .driver_name = "ecb-haes-ccree", + .blocksize = AES_BLOCK_SIZE, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = 0, + }, + .cipher_mode = DRV_CIPHER_ECB, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "cbc(haes)", + .driver_name = "cbc-haes-ccree", + .blocksize = AES_BLOCK_SIZE, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_CBC, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "ofb(haes)", + .driver_name = "ofb-haes-ccree", + .blocksize = AES_BLOCK_SIZE, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_OFB, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "cts1(cbc(haes))", + .driver_name = "cts1-cbc-haes-ccree", + .blocksize = AES_BLOCK_SIZE, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_CBC_CTS, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { + .name = "ctr(haes)", + .driver_name = "ctr-haes-ccree", + .blocksize = 1, + .type = CRYPTO_ALG_TYPE_ABLKCIPHER, + .template_skcipher = { + .setkey = cc_cipher_sethkey, + .encrypt = cc_cipher_encrypt, + .decrypt = cc_cipher_decrypt, + .min_keysize = CC_HW_KEY_SIZE, + .max_keysize = CC_HW_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + }, + .cipher_mode = DRV_CIPHER_CTR, + .flow_mode = S_DIN_to_AES, + .min_hw_rev = CC_HW_REV_712, + }, + { .name = "xts(aes)", .driver_name = "xts-aes-ccree", .blocksize = AES_BLOCK_SIZE, diff --git a/drivers/crypto/ccree/cc_cipher.h b/drivers/crypto/ccree/cc_cipher.h index 2a2a6f4..68444cf 100644 --- a/drivers/crypto/ccree/cc_cipher.h +++ b/drivers/crypto/ccree/cc_cipher.h @@ -13,18 +13,6 @@ #include "cc_driver.h" #include "cc_buffer_mgr.h" -/* Crypto cipher flags */ -#define CC_CRYPTO_CIPHER_KEY_KFDE0 BIT(0) -#define CC_CRYPTO_CIPHER_KEY_KFDE1 BIT(1) -#define CC_CRYPTO_CIPHER_KEY_KFDE2 BIT(2) -#define CC_CRYPTO_CIPHER_KEY_KFDE3 BIT(3) -#define CC_CRYPTO_CIPHER_DU_SIZE_512B BIT(4) - -#define CC_CRYPTO_CIPHER_KEY_KFDE_MASK (CC_CRYPTO_CIPHER_KEY_KFDE0 | \ - CC_CRYPTO_CIPHER_KEY_KFDE1 | \ - CC_CRYPTO_CIPHER_KEY_KFDE2 | \ - CC_CRYPTO_CIPHER_KEY_KFDE3) - struct cipher_req_ctx { struct async_gen_req_ctx gen_ctx; enum cc_req_dma_buf_type dma_buf_type; @@ -42,18 +30,12 @@ int cc_cipher_alloc(struct cc_drvdata *drvdata); int cc_cipher_free(struct cc_drvdata *drvdata); -struct arm_hw_key_info { - int hw_key1; - int hw_key2; -}; +struct cc_hkey_info { + u16 keylen; + u8 hw_key1; + u8 hw_key2; +} __packed; -/* - * This is a stub function that will replaced when we - * implement secure keys - */ -static inline bool cc_is_hw_key(struct crypto_tfm *tfm) -{ - return false; -} +#define CC_HW_KEY_SIZE sizeof(struct cc_hkey_info) #endif /*__CC_CIPHER_H__*/