xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto: rockchip - better handle cipher key

Browse Source 
[ Upstream commit d6b23ccef82816050c2fd458c9dabfa0e0af09b9 ]

The key should not be set in hardware too much in advance, this will
fail it 2 TFM with different keys generate alternative requests.
The key should be stored and used just before doing cipher operations.

Fixes: ce0183cb64 ("crypto: rockchip - switch to skcipher API")
Reviewed-by: John Keeping <john@metanate.com>
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Corentin Labbe
2022-09-27 07:54:46 +00:00
committed by Greg Kroah-Hartman
parent b0b9635f09
commit 0971bc99d1
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
drivers/crypto/rockchip/rk3288_crypto.h
View File

@@ -244,6 +244,7 @@ struct rk_ahash_rctx {
struct rk_cipher_ctx { struct rk_cipher_ctx {
struct rk_crypto_info *dev; struct rk_crypto_info *dev;
unsigned int keylen; unsigned int keylen;
u8 key[AES_MAX_KEY_SIZE];
u8 iv[AES_BLOCK_SIZE]; u8 iv[AES_BLOCK_SIZE];
struct crypto_skcipher *fallback_tfm; struct crypto_skcipher *fallback_tfm;
}; };

10
drivers/crypto/rockchip/rk3288_crypto_skcipher.c
View File

@@ -95,7 +95,7 @@ static int rk_aes_setkey(struct crypto_skcipher *cipher,
keylen != AES_KEYSIZE_256) keylen != AES_KEYSIZE_256)
return -EINVAL; return -EINVAL;
ctx->keylen = keylen; ctx->keylen = keylen;
memcpy_toio(ctx->dev->reg + RK_CRYPTO_AES_KEY_0, key, keylen); memcpy(ctx->key, key, keylen);
return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen); return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
} }
@@ -111,7 +111,7 @@ static int rk_des_setkey(struct crypto_skcipher *cipher,
return err; return err;
ctx->keylen = keylen; ctx->keylen = keylen;
memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen); memcpy(ctx->key, key, keylen);
return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen); return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
} }
@@ -127,7 +127,8 @@ static int rk_tdes_setkey(struct crypto_skcipher *cipher,
return err; return err;
ctx->keylen = keylen; ctx->keylen = keylen;
memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen); memcpy(ctx->key, key, keylen);
return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen); return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
} }
@@ -283,6 +284,7 @@ static void rk_ablk_hw_init(struct rk_crypto_info *dev)
RK_CRYPTO_TDES_BYTESWAP_IV; RK_CRYPTO_TDES_BYTESWAP_IV;
CRYPTO_WRITE(dev, RK_CRYPTO_TDES_CTRL, rctx->mode); CRYPTO_WRITE(dev, RK_CRYPTO_TDES_CTRL, rctx->mode);
memcpy_toio(dev->reg + RK_CRYPTO_TDES_IV_0, req->iv, ivsize); memcpy_toio(dev->reg + RK_CRYPTO_TDES_IV_0, req->iv, ivsize);
memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, ctx->key, ctx->keylen);
conf_reg = RK_CRYPTO_DESSEL; conf_reg = RK_CRYPTO_DESSEL;
} else { } else {
rctx->mode |= RK_CRYPTO_AES_FIFO_MODE | rctx->mode |= RK_CRYPTO_AES_FIFO_MODE |
@@ -295,6 +297,7 @@ static void rk_ablk_hw_init(struct rk_crypto_info *dev)
rctx->mode |= RK_CRYPTO_AES_256BIT_key; rctx->mode |= RK_CRYPTO_AES_256BIT_key;
CRYPTO_WRITE(dev, RK_CRYPTO_AES_CTRL, rctx->mode); CRYPTO_WRITE(dev, RK_CRYPTO_AES_CTRL, rctx->mode);
memcpy_toio(dev->reg + RK_CRYPTO_AES_IV_0, req->iv, ivsize); memcpy_toio(dev->reg + RK_CRYPTO_AES_IV_0, req->iv, ivsize);
memcpy_toio(ctx->dev->reg + RK_CRYPTO_AES_KEY_0, ctx->key, ctx->keylen);
} }
conf_reg |= RK_CRYPTO_BYTESWAP_BTFIFO | conf_reg |= RK_CRYPTO_BYTESWAP_BTFIFO |
RK_CRYPTO_BYTESWAP_BRFIFO; RK_CRYPTO_BYTESWAP_BRFIFO;
@@ -484,6 +487,7 @@ static void rk_ablk_exit_tfm(struct crypto_skcipher *tfm)
{ {
struct rk_cipher_ctx *ctx = crypto_skcipher_ctx(tfm); struct rk_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
memzero_explicit(ctx->key, ctx->keylen);
free_page((unsigned long)ctx->dev->addr_vir); free_page((unsigned long)ctx->dev->addr_vir);
crypto_free_skcipher(ctx->fallback_tfm); crypto_free_skcipher(ctx->fallback_tfm);
} }