From patchwork Fri Sep 13 10:58:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomas Paukrt X-Patchwork-Id: 13803284 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A3DB6FA3741 for ; Fri, 13 Sep 2024 11:00:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: Content-Type:Mime-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=Go1Drl7Hc5TRGms6agMq/QAyf40vC00ZWCu62l3/7AM=; b=vxJmzKLSseU4gvRigkp7+ywar/ FPKEAyCHCe8djNyoXOER+b7fGZAyixiBQE/MqxO7q+Nwxmo9kgjMWDvUg2cpEEz7gTtFbR7vvZUPx YGaS5La3SxXWtCnOr9PRO5zadTTcIXI7kfVA+7EZfG/rOrAHPie5POMCe83V0ig60uUphmuagtW/b R9OZs/mf5b1wsOgsjKica1QgfP+zrDLqvMOUXT2vvGYn7kYZybLllxgvJ6r8a6ZqYF29iUjQOwjtA Lu10DQ+AK73Pcz8mrixqOsK/d5DP/luJXpH6PVgotUplIJeJtp1utCFgUI/YkB4Mt8RIh70/+1K/3 z3hUaYZA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sp42Q-0000000FgvC-3y0I; Fri, 13 Sep 2024 11:00:30 +0000 Received: from mxe-2-aed.seznam.cz ([2a02:598:64:8a00::1000:aed]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sp40q-0000000FgoV-1xuY for linux-arm-kernel@lists.infradead.org; Fri, 13 Sep 2024 10:58:54 +0000 Received: from email.seznam.cz by smtpc-mxe-7bdd9d48f6-vf57s (smtpc-mxe-7bdd9d48f6-vf57s [2a02:598:64:8a00::1000:aed]) id 7fb00c968144be3c7f3e828e; Fri, 13 Sep 2024 12:58:23 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.cz; s=szn20221014; t=1726225103; bh=Go1Drl7Hc5TRGms6agMq/QAyf40vC00ZWCu62l3/7AM=; h=Received:From:To:Cc:Subject:Date:Message-Id:Mime-Version:X-Mailer: Content-Type:Content-Transfer-Encoding; b=S6g1BsX4WqcsWQ7TEqI4Q5hinoIJvlK971uJpasNtpyi20KODBcbEHsvzihB/DjqV 9nTPqJhQnYYJdOQw8CpofRI/5Syg03jQhm1bU8pmFaQAAB65gkkFQxZLtSPd+8LqmD AvSDLoUXhbM1cvTN7KYpVwew2i3Lkp+4UNmtjeYapY4208NNGswyZwBKDp4pWMs4ui UCyXgwN3f76oAecxC0kh5q48tL8m4qiZSbOClyl/plisSmwjrURuYEnAlq7MWL4Z7O 2vj6VopjGvtxY/dR7FI9hz9ISoXP9JFJVFsHUiLc9EpLb7rybM0QjFygLVTLY5oaFv Yg3tPrro7BdxA== Received: from 184-143.ktuo.cz (184-143.ktuo.cz [82.144.143.184]) by email.seznam.cz (szn-ebox-5.0.189) with HTTP; Fri, 13 Sep 2024 12:58:21 +0200 (CEST) From: "Tomas Paukrt" To: Cc: "Herbert Xu" , "David S. Miller" , "Shawn Guo" , "Sascha Hauer" , "Pengutronix Kernel Team" , "Fabio Estevam" , , Subject: =?utf-8?q?=5BPATCH=5D_crypto=3A_mxs-dcp=3A_Enable_user-space_access?= =?utf-8?q?_to_AES_with_hardware-bound_keys?= Date: Fri, 13 Sep 2024 12:58:21 +0200 (CEST) Message-Id: <1di.ZclR.6M4clePpGuH.1cv1hD@seznam.cz> Mime-Version: 1.0 (szn-mime-2.1.61) X-Mailer: szn-ebox-5.0.189 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240913_035852_970241_2960691F X-CRM114-Status: UNSURE ( 7.67 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Add an option to enable user-space access to cbc(paes) and ecb(paes) cipher algorithms via AF_ALG. Signed-off-by: Tomas Paukrt --- drivers/crypto/Kconfig | 13 +++++++++++++ drivers/crypto/mxs-dcp.c | 8 ++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 94f23c6..4637c6f 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -460,6 +460,19 @@ config CRYPTO_DEV_MXS_DCP To compile this driver as a module, choose M here: the module will be called mxs-dcp. +config CRYPTO_DEV_MXS_DCP_USER_PAES + bool "Enable user-space access to AES with hardware-bound keys" + depends on CRYPTO_DEV_MXS_DCP && CRYPTO_USER_API_SKCIPHER + default n + help + Say Y to enable user-space access to cbc(paes) and ecb(paes) + cipher algorithms via AF_ALG. + + In scenarios with untrustworthy users-pace, this may enable + decryption of sensitive information. + + If unsure, say N. + source "drivers/crypto/cavium/cpt/Kconfig" source "drivers/crypto/cavium/nitrox/Kconfig" source "drivers/crypto/marvell/Kconfig" diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c index c82775d..84df1cb 100644 --- a/drivers/crypto/mxs-dcp.c +++ b/drivers/crypto/mxs-dcp.c @@ -944,7 +944,11 @@ static struct skcipher_alg dcp_aes_algs[] = { .base.cra_driver_name = "ecb-paes-dcp", .base.cra_priority = 401, .base.cra_alignmask = 15, +#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES + .base.cra_flags = CRYPTO_ALG_ASYNC, +#else .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL, +#endif .base.cra_blocksize = AES_BLOCK_SIZE, .base.cra_ctxsize = sizeof(struct dcp_async_ctx), .base.cra_module = THIS_MODULE, @@ -960,7 +964,11 @@ static struct skcipher_alg dcp_aes_algs[] = { .base.cra_driver_name = "cbc-paes-dcp", .base.cra_priority = 401, .base.cra_alignmask = 15, +#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES + .base.cra_flags = CRYPTO_ALG_ASYNC, +#else .base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL, +#endif .base.cra_blocksize = AES_BLOCK_SIZE, .base.cra_ctxsize = sizeof(struct dcp_async_ctx), .base.cra_module = THIS_MODULE,