2024-02-05 18:54:15

by Om Prakash Singh

[permalink] [raw]
Subject: Re: [PATCH v4 09/15] ufs: core: add support for generate, import and prepare keys



On 1/28/2024 4:44 AM, Gaurav Kashyap wrote:
> Block crypto allows storage controllers like UFS to
> register ops to generate, prepare and import wrapped
> keys in the kernel.
>
> Wrapped keys in most cases will have vendor specific
> implementations, which means these ops would need to have
> corresponding UFS variant ops.
> This change adds hooks in UFS core to support these variant
> ops and tie them to the blk crypto ops.
>
> Signed-off-by: Gaurav Kashyap <[email protected]>
> Tested-by: Neil Armstrong <[email protected]>
> ---
Reviewed-by: Om Prakash Singh <[email protected]>

> drivers/ufs/core/ufshcd-crypto.c | 41 ++++++++++++++++++++++++++++++++
> include/ufs/ufshcd.h | 11 +++++++++
> 2 files changed, 52 insertions(+)
>
> diff --git a/drivers/ufs/core/ufshcd-crypto.c b/drivers/ufs/core/ufshcd-crypto.c
> index c14800eac1ff..fb935a54acfa 100644
> --- a/drivers/ufs/core/ufshcd-crypto.c
> +++ b/drivers/ufs/core/ufshcd-crypto.c
> @@ -143,10 +143,51 @@ bool ufshcd_crypto_enable(struct ufs_hba *hba)
> return true;
> }
>
> +static int ufshcd_crypto_generate_key(struct blk_crypto_profile *profile,
> + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
> +{
> + struct ufs_hba *hba =
> + container_of(profile, struct ufs_hba, crypto_profile);
> +
> + if (hba->vops && hba->vops->generate_key)
> + return hba->vops->generate_key(hba, lt_key);
> +
> + return -EOPNOTSUPP;
> +}
> +
> +static int ufshcd_crypto_prepare_key(struct blk_crypto_profile *profile,
> + const u8 *lt_key, size_t lt_key_size,
> + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
> +{
> + struct ufs_hba *hba =
> + container_of(profile, struct ufs_hba, crypto_profile);
> +
> + if (hba->vops && hba->vops->prepare_key)
> + return hba->vops->prepare_key(hba, lt_key, lt_key_size, eph_key);
> +
> + return -EOPNOTSUPP;
> +}
> +
> +static int ufshcd_crypto_import_key(struct blk_crypto_profile *profile,
> + const u8 *imp_key, size_t imp_key_size,
> + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
> +{
> + struct ufs_hba *hba =
> + container_of(profile, struct ufs_hba, crypto_profile);
> +
> + if (hba->vops && hba->vops->import_key)
> + return hba->vops->import_key(hba, imp_key, imp_key_size, lt_key);
> +
> + return -EOPNOTSUPP;
> +}
> +
> static const struct blk_crypto_ll_ops ufshcd_crypto_ops = {
> .keyslot_program = ufshcd_crypto_keyslot_program,
> .keyslot_evict = ufshcd_crypto_keyslot_evict,
> .derive_sw_secret = ufshcd_crypto_derive_sw_secret,
> + .generate_key = ufshcd_crypto_generate_key,
> + .prepare_key = ufshcd_crypto_prepare_key,
> + .import_key = ufshcd_crypto_import_key,
> };
>
> static enum blk_crypto_mode_num
> diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h
> index 8a773434a329..fe66ba37e2ee 100644
> --- a/include/ufs/ufshcd.h
> +++ b/include/ufs/ufshcd.h
> @@ -322,6 +322,9 @@ struct ufs_pwr_mode_info {
> * @config_scaling_param: called to configure clock scaling parameters
> * @program_key: program or evict an inline encryption key
> * @derive_sw_secret: derive sw secret from a wrapped key
> + * @generate_key: generate a storage key and return longterm wrapped key
> + * @prepare_key: unwrap longterm key and return ephemeral wrapped key
> + * @import_key: import sw storage key and return longterm wrapped key
> * @event_notify: called to notify important events
> * @reinit_notify: called to notify reinit of UFSHCD during max gear switch
> * @mcq_config_resource: called to configure MCQ platform resources
> @@ -369,6 +372,14 @@ struct ufs_hba_variant_ops {
> int (*derive_sw_secret)(struct ufs_hba *hba, const u8 wkey[],
> unsigned int wkey_size,
> u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]);
> + int (*generate_key)(struct ufs_hba *hba,
> + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
> + int (*prepare_key)(struct ufs_hba *hba,
> + const u8 *lt_key, size_t lt_key_size,
> + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
> + int (*import_key)(struct ufs_hba *hba,
> + const u8 *imp_key, size_t imp_key_size,
> + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);
> void (*event_notify)(struct ufs_hba *hba,
> enum ufs_event_type evt, void *data);
> void (*reinit_notify)(struct ufs_hba *);