Received: by 2002:a05:7412:9c07:b0:fa:6e18:a558 with SMTP id lr7csp478214rdb; Sat, 27 Jan 2024 15:37:09 -0800 (PST) X-Google-Smtp-Source: AGHT+IHHYgXtwB2hY3227y5HCKInEog1a5/Z03G3lMcS5931oYhNwKl2r8WGz0nCgt6UA5WS9DQI X-Received: by 2002:a17:906:141b:b0:a35:4a94:579f with SMTP id p27-20020a170906141b00b00a354a94579fmr1180121ejc.11.1706398629553; Sat, 27 Jan 2024 15:37:09 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706398629; cv=pass; d=google.com; s=arc-20160816; b=x2oTea1ja0CEgh+IGu9+ymrPQ88yDTJ20BSbs+21lbQiMm+kvfatsShKLgDbcoMgLd cA/8cOSALLqKrwqXscALLsEklYAXYTH1qXfG7dVgTF4T48GS7r8Ni25hr1MsHLUSyhoh 10ld49ELQRZTenJE630zSNQIgQI9OIntoZM2ZCw9062kbdMjSvsvcFNsiK8e8w7gwlYq qTVW79H/yIaIUfh78yABFCgc87plmELDzR0Kwo/EYfr9n3AR91+6IGy5BS9Ab63gOF7a Yxrnz6QoOTMBTMn8zpGUSkBR+YnZ0VGE6YyYEPLhV87d+9hrkJoPO7yZm+zi+Ud8TcmS 9lXA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=vJS08Fw2WFe0G2mcBacqKtL6W8yT+8AEMSL2W40y7yg=; fh=x1ujH+apNbfx6EPYmfSZIXjRGauUMOWMrgzkOfs+fAU=; b=QbIrkVUEEtOcSr+EmmMb3HnP2uSUbGCw7k5qr6w8NDbbQlHLG/HMpeCjmdd132+1uI sxx2eFZLnJXQdhJpaGEk/hVpNg9173fvg+KuyO+WG/E/c/5ixsIm+LvTjV8GwB+zhefF jt/jBqwvv7elTnSd65r+vDHOz5MzCh4FDL19lQh7wMdrlTkdQqbgfwI2lAjhIxfZWa+s BZLMRJvnTO7ZNl8IFUJjuON3oTn9q9NSB2IQoTmnBDHi2soiFgMyQ4pmovlqn03v5Aff IOuAMq052B6L4l04Da4Ltc/AyqPjqbv0Fn9x2+iYGtsF1wqSMKOSwRw4ivBU1KOWkZMB gxGw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=XnAfhngK; arc=pass (i=1 spf=pass spfdomain=quicinc.com dkim=pass dkdomain=quicinc.com dmarc=pass fromdomain=quicinc.com); spf=pass (google.com: domain of linux-crypto+bounces-1713-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1713-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id q13-20020a170906b28d00b00a34a1cc2a27si1968543ejz.360.2024.01.27.15.37.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 27 Jan 2024 15:37:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1713-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=XnAfhngK; arc=pass (i=1 spf=pass spfdomain=quicinc.com dkim=pass dkdomain=quicinc.com dmarc=pass fromdomain=quicinc.com); spf=pass (google.com: domain of linux-crypto+bounces-1713-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1713-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 4663D1F26EC9 for ; Sat, 27 Jan 2024 23:30:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A18CE208DB; Sat, 27 Jan 2024 23:26:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="XnAfhngK" X-Original-To: linux-crypto@vger.kernel.org Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E513B6026F; Sat, 27 Jan 2024 23:26:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398018; cv=none; b=HQktV9exDUBfn2eZSlouY19MBBhCDKKfW1V0ebn27wI6rgEKot3FJD6ZpEgBW9L+Wkwt12EP9Mq+yeDWQCdrGlI4uZCTprA4PabFmRPZ5tZFPyKxMUcYUjNet/Pyn5AmEL8TyAAXMh1bXyPfZPxLBX9CR0O9bGc3SDuYjk+SGuQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398018; c=relaxed/simple; bh=+oXVi0djULBrKImw3Uc97hXdNue42CkfpqLc4fioxUc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tfOcyfbqdRqUpY8VcY3ameZh7wp7e3CQTH/5RpEW9PXRrsUvpybuwsA6kcqoZcO0ZxFRFO7yf6ZORS25hM1IEZv9JtXI850kjCVNyERwjFlaYMdMLXvLYfzXPPb0ivdfED5G5bhIZJxGekSQ48R5gEwaFp/JfkWCc2yxnxLfbg4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=XnAfhngK; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNPoFw013809; Sat, 27 Jan 2024 23:26:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=vJS08Fw2WFe0G2mcBacqKtL6W8yT+8AEMSL2W40y7yg=; b=Xn AfhngKnJcL3U7neUM6azWat33wWoLh1vHLaOHjb9Hn0eTQcu/GJgtXXo1z/C/mO7 9Y/UfmK68CJdocJNyK3sFT1UMJpRAqnfCK0STdaDn/yzlO2CmC/1/IhCGx6bC5n/ j9uycpc2csaYzrnjGG49Bxlz5vD+jDXY6PUohx5c/L7FlDk+/bY/NnDYMfz3xacO MPZ9mxF8NlhkRA8u/PNGhe8B880AmlgwkFBSxuvfDfBVyTEH56GcbR/TDSnaDAWV GPAxbhGj/e7nSZXCfOjSS2MV2lvZoHTaytVpSzhlJpJyQN1rE6Ft8D520says5D7 PAHoF0f/DnKIlxzhTH1Q== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvqhms9yg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQNu4010249 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:18 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 09/15] ufs: core: add support for generate, import and prepare keys Date: Sat, 27 Jan 2024 15:14:07 -0800 Message-ID: <20240127232436.2632187-10-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: kD6398VUtUEX89pcaTLvOo0-qcbiT6mN X-Proofpoint-ORIG-GUID: kD6398VUtUEX89pcaTLvOo0-qcbiT6mN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 malwarescore=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 mlxlogscore=999 spamscore=0 impostorscore=0 clxscore=1015 mlxscore=0 bulkscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Block crypto allows storage controllers like UFS to register ops to generate, prepare and import wrapped keys in the kernel. Wrapped keys in most cases will have vendor specific implementations, which means these ops would need to have corresponding UFS variant ops. This change adds hooks in UFS core to support these variant ops and tie them to the blk crypto ops. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong --- drivers/ufs/core/ufshcd-crypto.c | 41 ++++++++++++++++++++++++++++++++ include/ufs/ufshcd.h | 11 +++++++++ 2 files changed, 52 insertions(+) diff --git a/drivers/ufs/core/ufshcd-crypto.c b/drivers/ufs/core/ufshcd-crypto.c index c14800eac1ff..fb935a54acfa 100644 --- a/drivers/ufs/core/ufshcd-crypto.c +++ b/drivers/ufs/core/ufshcd-crypto.c @@ -143,10 +143,51 @@ bool ufshcd_crypto_enable(struct ufs_hba *hba) return true; } +static int ufshcd_crypto_generate_key(struct blk_crypto_profile *profile, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->generate_key) + return hba->vops->generate_key(hba, lt_key); + + return -EOPNOTSUPP; +} + +static int ufshcd_crypto_prepare_key(struct blk_crypto_profile *profile, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->prepare_key) + return hba->vops->prepare_key(hba, lt_key, lt_key_size, eph_key); + + return -EOPNOTSUPP; +} + +static int ufshcd_crypto_import_key(struct blk_crypto_profile *profile, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->import_key) + return hba->vops->import_key(hba, imp_key, imp_key_size, lt_key); + + return -EOPNOTSUPP; +} + static const struct blk_crypto_ll_ops ufshcd_crypto_ops = { .keyslot_program = ufshcd_crypto_keyslot_program, .keyslot_evict = ufshcd_crypto_keyslot_evict, .derive_sw_secret = ufshcd_crypto_derive_sw_secret, + .generate_key = ufshcd_crypto_generate_key, + .prepare_key = ufshcd_crypto_prepare_key, + .import_key = ufshcd_crypto_import_key, }; static enum blk_crypto_mode_num diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 8a773434a329..fe66ba37e2ee 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -322,6 +322,9 @@ struct ufs_pwr_mode_info { * @config_scaling_param: called to configure clock scaling parameters * @program_key: program or evict an inline encryption key * @derive_sw_secret: derive sw secret from a wrapped key + * @generate_key: generate a storage key and return longterm wrapped key + * @prepare_key: unwrap longterm key and return ephemeral wrapped key + * @import_key: import sw storage key and return longterm wrapped key * @event_notify: called to notify important events * @reinit_notify: called to notify reinit of UFSHCD during max gear switch * @mcq_config_resource: called to configure MCQ platform resources @@ -369,6 +372,14 @@ struct ufs_hba_variant_ops { int (*derive_sw_secret)(struct ufs_hba *hba, const u8 wkey[], unsigned int wkey_size, u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); + int (*generate_key)(struct ufs_hba *hba, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); + int (*prepare_key)(struct ufs_hba *hba, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); + int (*import_key)(struct ufs_hba *hba, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); void (*event_notify)(struct ufs_hba *hba, enum ufs_event_type evt, void *data); void (*reinit_notify)(struct ufs_hba *); -- 2.43.0