2022-04-04 07:06:35

by Corentin LABBE

Subject: [PATCH v4 08/33] crypto: rockchip: better handle cipher key

The key should not be set in hardware too much in advance, this will
fail it 2 TFM with different keys generate alternative requests.
The key should be stored and used just before doing cipher operations.

Fixes: ce0183cb6464b ("crypto: rockchip - switch to skcipher API")
Signed-off-by: Corentin Labbe <[email protected]>
---
drivers/crypto/rockchip/rk3288_crypto.h | 1 +
drivers/crypto/rockchip/rk3288_crypto_skcipher.c | 10 +++++++---
2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h
index 8b1e15d8ddc6..826508e4a0c3 100644
--- a/drivers/crypto/rockchip/rk3288_crypto.h
+++ b/drivers/crypto/rockchip/rk3288_crypto.h
@@ -245,6 +245,7 @@ struct rk_ahash_rctx {
struct rk_cipher_ctx {
struct rk_crypto_info *dev;
unsigned int keylen;
+ u32 key[AES_MAX_KEY_SIZE / 4];
u8 iv[AES_BLOCK_SIZE];
struct crypto_skcipher *fallback_tfm;
};
diff --git a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
index c6b601086c04..5a9ba7c0206d 100644
--- a/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
+++ b/drivers/crypto/rockchip/rk3288_crypto_skcipher.c
@@ -103,7 +103,7 @@ static int rk_aes_setkey(struct crypto_skcipher *cipher,
keylen != AES_KEYSIZE_256)
return -EINVAL;
ctx->keylen = keylen;
- memcpy_toio(ctx->dev->reg + RK_CRYPTO_AES_KEY_0, key, keylen);
+ memcpy(ctx->key, key, keylen);

return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
}
@@ -119,7 +119,7 @@ static int rk_des_setkey(struct crypto_skcipher *cipher,
return err;

ctx->keylen = keylen;
- memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen);
+ memcpy(ctx->key, key, keylen);

return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
}
@@ -135,7 +135,8 @@ static int rk_tdes_setkey(struct crypto_skcipher *cipher,
return err;

ctx->keylen = keylen;
- memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen);
+ memcpy(ctx->key, key, keylen);
+
return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
}

@@ -291,6 +292,7 @@ static void rk_ablk_hw_init(struct rk_crypto_info *dev)
RK_CRYPTO_TDES_BYTESWAP_IV;
CRYPTO_WRITE(dev, RK_CRYPTO_TDES_CTRL, rctx->mode);
memcpy_toio(dev->reg + RK_CRYPTO_TDES_IV_0, req->iv, ivsize);
+ memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, ctx->key, ctx->keylen);
conf_reg = RK_CRYPTO_DESSEL;
} else {
rctx->mode |= RK_CRYPTO_AES_FIFO_MODE |
@@ -303,6 +305,7 @@ static void rk_ablk_hw_init(struct rk_crypto_info *dev)
rctx->mode |= RK_CRYPTO_AES_256BIT_key;
CRYPTO_WRITE(dev, RK_CRYPTO_AES_CTRL, rctx->mode);
memcpy_toio(dev->reg + RK_CRYPTO_AES_IV_0, req->iv, ivsize);
+ memcpy_toio(ctx->dev->reg + RK_CRYPTO_AES_KEY_0, ctx->key, ctx->keylen);
}
conf_reg |= RK_CRYPTO_BYTESWAP_BTFIFO |
RK_CRYPTO_BYTESWAP_BRFIFO;
@@ -492,6 +495,7 @@ static void rk_ablk_exit_tfm(struct crypto_skcipher *tfm)
{
struct rk_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);

+ memzero_explicit(ctx->key, ctx->keylen);
free_page((unsigned long)ctx->dev->addr_vir);
crypto_free_skcipher(ctx->fallback_tfm);
}
--
2.35.1

2022-04-04 14:39:45

by John Keeping

Subject: Re: [PATCH v4 08/33] crypto: rockchip: better handle cipher key

On Fri, Apr 01, 2022 at 08:17:39PM +0000, Corentin Labbe wrote:
> The key should not be set in hardware too much in advance, this will
> fail it 2 TFM with different keys generate alternative requests.
> The key should be stored and used just before doing cipher operations.
>
> Fixes: ce0183cb6464b ("crypto: rockchip - switch to skcipher API")
> Signed-off-by: Corentin Labbe <[email protected]>
> ---
> drivers/crypto/rockchip/rk3288_crypto.h | 1 +
> drivers/crypto/rockchip/rk3288_crypto_skcipher.c | 10 +++++++---
> 2 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h
> index 8b1e15d8ddc6..826508e4a0c3 100644
> --- a/drivers/crypto/rockchip/rk3288_crypto.h
> +++ b/drivers/crypto/rockchip/rk3288_crypto.h
> @@ -245,6 +245,7 @@ struct rk_ahash_rctx {
> struct rk_cipher_ctx {
> struct rk_crypto_info *dev;
> unsigned int keylen;
> + u32 key[AES_MAX_KEY_SIZE / 4];

Should this be u8? It's only ever memcpy'd so the fact the registers
are 32-bit is irrelevant.

(Also a very minor nit: this should probably be aligned in the same was
as the above two variables.)

2022-04-11 09:19:14

by Corentin LABBE

Subject: Re: [PATCH v4 08/33] crypto: rockchip: better handle cipher key

Le Mon, Apr 04, 2022 at 12:31:11PM +0100, John Keeping a ?crit :
> On Fri, Apr 01, 2022 at 08:17:39PM +0000, Corentin Labbe wrote:
> > The key should not be set in hardware too much in advance, this will
> > fail it 2 TFM with different keys generate alternative requests.
> > The key should be stored and used just before doing cipher operations.
> >
> > Fixes: ce0183cb6464b ("crypto: rockchip - switch to skcipher API")
> > Signed-off-by: Corentin Labbe <[email protected]>
> > ---
> > drivers/crypto/rockchip/rk3288_crypto.h | 1 +
> > drivers/crypto/rockchip/rk3288_crypto_skcipher.c | 10 +++++++---
> > 2 files changed, 8 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h
> > index 8b1e15d8ddc6..826508e4a0c3 100644
> > --- a/drivers/crypto/rockchip/rk3288_crypto.h
> > +++ b/drivers/crypto/rockchip/rk3288_crypto.h
> > @@ -245,6 +245,7 @@ struct rk_ahash_rctx {
> > struct rk_cipher_ctx {
> > struct rk_crypto_info *dev;
> > unsigned int keylen;
> > + u32 key[AES_MAX_KEY_SIZE / 4];
>
> Should this be u8? It's only ever memcpy'd so the fact the registers
> are 32-bit is irrelevant.
>
> (Also a very minor nit: this should probably be aligned in the same was
> as the above two variables.)

Yes, it could be u8 and I will fix the alignement.

Regards