[v4,08/33] crypto: rockchip: better handle cipher key

Message ID	20220401201804.2867154-9-clabbe@baylibre.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-rockchip-bounces+linux-rockchip=archiver.kernel.org@lists.infradead.org> From: Corentin Labbe <clabbe@baylibre.com> To: heiko@sntech.de, herbert@gondor.apana.org.au, krzk+dt@kernel.org, robh+dt@kernel.org Cc: devicetree@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-rockchip@lists.infradead.org, Corentin Labbe <clabbe@baylibre.com> Subject: [PATCH v4 08/33] crypto: rockchip: better handle cipher key Date: Fri, 1 Apr 2022 20:17:39 +0000 Message-Id: <20220401201804.2867154-9-clabbe@baylibre.com> In-Reply-To: <20220401201804.2867154-1-clabbe@baylibre.com> References: <20220401201804.2867154-1-clabbe@baylibre.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Linux-rockchip" <linux-rockchip-bounces@lists.infradead.org> Errors-To: linux-rockchip-bounces+linux-rockchip=archiver.kernel.org@lists.infradead.org
Series	crypto: rockchip: permit to pass self-tests \| expand [v4,00/33] crypto: rockchip: permit to pass self-tests [v4,01/33] crypto: rockchip: use dev_err for error message about interrupt [v4,02/33] crypto: rockchip: do not use uninitialized variable [v4,03/33] crypto: rockchip: do not do custom power management [v4,04/33] crypto: rockchip: fix privete/private typo [v4,05/33] crypto: rockchip: do not store mode globally [v4,06/33] crypto: rockchip: add fallback for cipher [v4,07/33] crypto: rockchip: add fallback for ahash [v4,08/33] crypto: rockchip: better handle cipher key [v4,09/33] crypto: rockchip: remove non-aligned handling [v4,10/33] crypto: rockchip: rework by using crypto_engine [v4,11/33] crypto: rockchip: rewrite type [v4,12/33] crypto: rockchip: add debugfs [v4,13/33] crypto: rockchip: introduce PM [v4,14/33] crypto: rockchip: handle reset also in PM [v4,15/33] crypto: rockchip: use clk_bulk to simplify clock management [v4,16/33] crypto: rockchip: add myself as maintainer [v4,17/33] crypto: rockchip: use read_poll_timeout [v4,18/33] crypto: rockchip: fix style issue [v4,19/33] crypto: rockchip: add support for rk3328 [v4,20/33] crypto: rockchip: rename ablk functions to cipher [v4,21/33] crypto: rockchip: rework rk_handle_req function [v4,22/33] crypto: rockchip: use a rk_crypto_info variable instead of lot of indirection [v4,23/33] crypto: rockchip: use the rk_crypto_info given as parameter [v4,24/33] crypto: rockchip: rename crypto_info to main in TFM context [v4,25/33] crypto: rockchip: store crypto_info in request context [v4,26/33] crypto: rockchip: Add support for rk3399 [v4,27/33] dt-bindings: crypto: convert rockchip-crypto to yaml [v4,28/33] dt-bindings: crypto: rockchip: convert to new driver bindings [v4,29/33] clk: rk3399: use proper crypto0 name [v4,30/33] ARM: dts: rk3288: crypto does not need reset-names anymore [v4,31/33] arm64: dts: rockchip: add rk3328 crypto node [v4,32/33] arm64: dts: rockchip: rk3399: add crypto node [v4,33/33] crypto: rockchip: Check for clocks numbers and their frequencies

Message ID

20220401201804.2867154-9-clabbe@baylibre.com (mailing list archive)

State

New, archived

Headers

From: Corentin Labbe <clabbe@baylibre.com>
To: heiko@sntech.de, herbert@gondor.apana.org.au, krzk+dt@kernel.org,
 robh+dt@kernel.org
Cc: devicetree@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
 linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
 linux-rockchip@lists.infradead.org, Corentin Labbe <clabbe@baylibre.com>
Subject: [PATCH v4 08/33] crypto: rockchip: better handle cipher key
Date: Fri,  1 Apr 2022 20:17:39 +0000
Message-Id: <20220401201804.2867154-9-clabbe@baylibre.com>
In-Reply-To: <20220401201804.2867154-1-clabbe@baylibre.com>
References: <20220401201804.2867154-1-clabbe@baylibre.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Linux-rockchip" <linux-rockchip-bounces@lists.infradead.org>
Errors-To: 
 linux-rockchip-bounces+linux-rockchip=archiver.kernel.org@lists.infradead.org

Series

crypto: rockchip: permit to pass self-tests | expand

Commit Message

Corentin LABBE April 1, 2022, 8:17 p.m. UTC

The key should not be set in hardware too much in advance, this will
fail it 2 TFM with different keys generate alternative requests.
The key should be stored and used just before doing cipher operations.

Fixes: ce0183cb6464b ("crypto: rockchip - switch to skcipher API")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
---
 drivers/crypto/rockchip/rk3288_crypto.h          |  1 +
 drivers/crypto/rockchip/rk3288_crypto_skcipher.c | 10 +++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

Comments

John Keeping April 4, 2022, 11:31 a.m. UTC | #1

On Fri, Apr 01, 2022 at 08:17:39PM +0000, Corentin Labbe wrote:
> The key should not be set in hardware too much in advance, this will
> fail it 2 TFM with different keys generate alternative requests.
> The key should be stored and used just before doing cipher operations.
> 
> Fixes: ce0183cb6464b ("crypto: rockchip - switch to skcipher API")
> Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
> ---
>  drivers/crypto/rockchip/rk3288_crypto.h          |  1 +
>  drivers/crypto/rockchip/rk3288_crypto_skcipher.c | 10 +++++++---
>  2 files changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h
> index 8b1e15d8ddc6..826508e4a0c3 100644
> --- a/drivers/crypto/rockchip/rk3288_crypto.h
> +++ b/drivers/crypto/rockchip/rk3288_crypto.h
> @@ -245,6 +245,7 @@ struct rk_ahash_rctx {
>  struct rk_cipher_ctx {
>  	struct rk_crypto_info		*dev;
>  	unsigned int			keylen;
> +	u32 key[AES_MAX_KEY_SIZE / 4];

Should this be u8?  It's only ever memcpy'd so the fact the registers
are 32-bit is irrelevant.

(Also a very minor nit: this should probably be aligned in the same was
as the above two variables.)

Corentin LABBE April 11, 2022, 8:51 a.m. UTC | #2

Le Mon, Apr 04, 2022 at 12:31:11PM +0100, John Keeping a écrit :
> On Fri, Apr 01, 2022 at 08:17:39PM +0000, Corentin Labbe wrote:
> > The key should not be set in hardware too much in advance, this will
> > fail it 2 TFM with different keys generate alternative requests.
> > The key should be stored and used just before doing cipher operations.
> > 
> > Fixes: ce0183cb6464b ("crypto: rockchip - switch to skcipher API")
> > Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
> > ---
> >  drivers/crypto/rockchip/rk3288_crypto.h          |  1 +
> >  drivers/crypto/rockchip/rk3288_crypto_skcipher.c | 10 +++++++---
> >  2 files changed, 8 insertions(+), 3 deletions(-)
> > 
> > diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h
> > index 8b1e15d8ddc6..826508e4a0c3 100644
> > --- a/drivers/crypto/rockchip/rk3288_crypto.h
> > +++ b/drivers/crypto/rockchip/rk3288_crypto.h
> > @@ -245,6 +245,7 @@ struct rk_ahash_rctx {
> >  struct rk_cipher_ctx {
> >  	struct rk_crypto_info		*dev;
> >  	unsigned int			keylen;
> > +	u32 key[AES_MAX_KEY_SIZE / 4];
> 
> Should this be u8?  It's only ever memcpy'd so the fact the registers
> are 32-bit is irrelevant.
> 
> (Also a very minor nit: this should probably be aligned in the same was
> as the above two variables.)

Yes, it could be u8 and I will fix the alignement.

Regards

diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h
index 8b1e15d8ddc6..826508e4a0c3 100644
--- a/drivers/crypto/rockchip/rk3288_crypto.h
+++ b/drivers/crypto/rockchip/rk3288_crypto.h
@@ -245,6 +245,7 @@  struct rk_ahash_rctx {
 struct rk_cipher_ctx {
 	struct rk_crypto_info		*dev;
 	unsigned int			keylen;
+	u32 key[AES_MAX_KEY_SIZE / 4];
 	u8				iv[AES_BLOCK_SIZE];
 	struct crypto_skcipher *fallback_tfm;
 };
diff --git a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
index c6b601086c04..5a9ba7c0206d 100644
--- a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
+++ b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
@@ -103,7 +103,7 @@  static int rk_aes_setkey(struct crypto_skcipher *cipher,
 	    keylen != AES_KEYSIZE_256)
 		return -EINVAL;
 	ctx->keylen = keylen;
-	memcpy_toio(ctx->dev->reg + RK_CRYPTO_AES_KEY_0, key, keylen);
+	memcpy(ctx->key, key, keylen);
 
 	return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
 }
@@ -119,7 +119,7 @@  static int rk_des_setkey(struct crypto_skcipher *cipher,
 		return err;
 
 	ctx->keylen = keylen;
-	memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen);
+	memcpy(ctx->key, key, keylen);
 
 	return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
 }
@@ -135,7 +135,8 @@  static int rk_tdes_setkey(struct crypto_skcipher *cipher,
 		return err;
 
 	ctx->keylen = keylen;
-	memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen);
+	memcpy(ctx->key, key, keylen);
+
 	return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
 }
 
@@ -291,6 +292,7 @@  static void rk_ablk_hw_init(struct rk_crypto_info *dev)
 			     RK_CRYPTO_TDES_BYTESWAP_IV;
 		CRYPTO_WRITE(dev, RK_CRYPTO_TDES_CTRL, rctx->mode);
 		memcpy_toio(dev->reg + RK_CRYPTO_TDES_IV_0, req->iv, ivsize);
+		memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, ctx->key, ctx->keylen);
 		conf_reg = RK_CRYPTO_DESSEL;
 	} else {
 		rctx->mode |= RK_CRYPTO_AES_FIFO_MODE |
@@ -303,6 +305,7 @@  static void rk_ablk_hw_init(struct rk_crypto_info *dev)
 			rctx->mode |= RK_CRYPTO_AES_256BIT_key;
 		CRYPTO_WRITE(dev, RK_CRYPTO_AES_CTRL, rctx->mode);
 		memcpy_toio(dev->reg + RK_CRYPTO_AES_IV_0, req->iv, ivsize);
+		memcpy_toio(ctx->dev->reg + RK_CRYPTO_AES_KEY_0, ctx->key, ctx->keylen);
 	}
 	conf_reg |= RK_CRYPTO_BYTESWAP_BTFIFO |
 		    RK_CRYPTO_BYTESWAP_BRFIFO;
@@ -492,6 +495,7 @@  static void rk_ablk_exit_tfm(struct crypto_skcipher *tfm)
 {
 	struct rk_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
 
+	memzero_explicit(ctx->key, ctx->keylen);
 	free_page((unsigned long)ctx->dev->addr_vir);
 	crypto_free_skcipher(ctx->fallback_tfm);
 }

[v4,08/33] crypto: rockchip: better handle cipher key

Commit Message

Comments

Patch