Message ID | 1di.ZclR.6M4clePpGuH.1cv1hD@seznam.cz (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys | expand |
On Fri, Sep 13, 2024 at 12:58:21PM +0200, Tomas Paukrt wrote: > Add an option to enable user-space access to cbc(paes) and ecb(paes) > cipher algorithms via AF_ALG. > > Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz> > --- > drivers/crypto/Kconfig | 13 +++++++++++++ > drivers/crypto/mxs-dcp.c | 8 ++++++++ > 2 files changed, 21 insertions(+) > > diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig > index 94f23c6..4637c6f 100644 > --- a/drivers/crypto/Kconfig > +++ b/drivers/crypto/Kconfig > @@ -460,6 +460,19 @@ config CRYPTO_DEV_MXS_DCP > To compile this driver as a module, choose M here: the module > will be called mxs-dcp. > > +config CRYPTO_DEV_MXS_DCP_USER_PAES > + bool "Enable user-space access to AES with hardware-bound keys" > + depends on CRYPTO_DEV_MXS_DCP && CRYPTO_USER_API_SKCIPHER > + default n > + help > + Say Y to enable user-space access to cbc(paes) and ecb(paes) > + cipher algorithms via AF_ALG. > + > + In scenarios with untrustworthy users-pace, this may enable > + decryption of sensitive information. > + > + If unsure, say N. > + Why not just expose it uncondtionally? Cheers,
> Why not just expose it uncondtionally?
Please see the comment in the following patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d16af0b4cfac4b2c3b238e2ec37b38c2f316978
The goal of this change is to allow some users to use AES with hardware-bound keys from user-space without compromising others.
Best regards
Tomas
On Sat, Sep 14, 2024 at 01:32:37PM +0200, Tomas Paukrt wrote: > > Please see the comment in the following patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d16af0b4cfac4b2c3b238e2ec37b38c2f316978 > > The goal of this change is to allow some users to use AES with hardware-bound keys from user-space without compromising others. In that case I would suggest introducing a flag so that the key can only be accessed through the keyring subsystem. Cheers,
> In that case I would suggest introducing a flag so that the key > can only be accessed through the keyring subsystem. Do you mean CRYPTO_ALG_KERN_DRIVER_ONLY instead of CRYPTO_ALG_INTERNAL or something else?
On Sat, Sep 14, 2024 at 02:41:23PM +0200, Tomas Paukrt wrote: > > Do you mean CRYPTO_ALG_KERN_DRIVER_ONLY instead of CRYPTO_ALG_INTERNAL or something else? No I mean a new flag which forces af_alg to only use keys from the keyring subsystem. Cheers,
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 94f23c6..4637c6f 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -460,6 +460,19 @@ config CRYPTO_DEV_MXS_DCP To compile this driver as a module, choose M here: the module will be called mxs-dcp. +config CRYPTO_DEV_MXS_DCP_USER_PAES + bool "Enable user-space access to AES with hardware-bound keys" + depends on CRYPTO_DEV_MXS_DCP && CRYPTO_USER_API_SKCIPHER + default n + help + Say Y to enable user-space access to cbc(paes) and ecb(paes) + cipher algorithms via AF_ALG. + + In scenarios with untrustworthy users-pace, this may enable + decryption of sensitive information. + + If unsure, say N. + source "drivers/crypto/cavium/cpt/Kconfig" source "drivers/crypto/cavium/nitrox/Kconfig" source "drivers/crypto/marvell/Kconfig" diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c index c82775d..84df1cb 100644 --- a/drivers/crypto/mxs-dcp.c +++ b/drivers/crypto/mxs-dcp.c @@ -944,7 +944,11 @@ static struct skcipher_alg dcp_aes_algs[] = { .base.cra_driver_name = "ecb-paes-dcp", .base.cra_priority = 401, .base.cra_alignmask = 15, +#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES + .base.cra_flags = CRYPTO_ALG_ASYNC, +#else .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL, +#endif .base.cra_blocksize = AES_BLOCK_SIZE, .base.cra_ctxsize = sizeof(struct dcp_async_ctx), .base.cra_module = THIS_MODULE, @@ -960,7 +964,11 @@ static struct skcipher_alg dcp_aes_algs[] = { .base.cra_driver_name = "cbc-paes-dcp", .base.cra_priority = 401, .base.cra_alignmask = 15, +#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES + .base.cra_flags = CRYPTO_ALG_ASYNC, +#else .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL, +#endif .base.cra_blocksize = AES_BLOCK_SIZE, .base.cra_ctxsize = sizeof(struct dcp_async_ctx), .base.cra_module = THIS_MODULE,
Add an option to enable user-space access to cbc(paes) and ecb(paes) cipher algorithms via AF_ALG. Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz> --- drivers/crypto/Kconfig | 13 +++++++++++++ drivers/crypto/mxs-dcp.c | 8 ++++++++ 2 files changed, 21 insertions(+)