Skip to content

Commit

Permalink
crypto: rockchip - better handle cipher key
Browse files Browse the repository at this point in the history 
The key should not be set in hardware too much in advance, this will
fail it 2 TFM with different keys generate alternative requests.
The key should be stored and used just before doing cipher operations.

Fixes: ce0183c ("crypto: rockchip - switch to skcipher API")
Reviewed-by: John Keeping <[email protected]>
Signed-off-by: Corentin Labbe <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
  • Loading branch information
@montjoie @herbertx
montjoie authored and herbertx committed Oct 28, 2022
1 parent 8166004 commit d6b23cc
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
1 change: 1 addition & 0 deletions drivers/crypto/rockchip/rk3288_crypto.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,7 @@ struct rk_ahash_rctx {
struct rk_cipher_ctx {
struct rk_crypto_info *dev;
unsigned int keylen;
u8 key[AES_MAX_KEY_SIZE];
u8 iv[AES_BLOCK_SIZE];
struct crypto_skcipher *fallback_tfm;
};
Expand Down
10 changes: 7 additions & 3 deletions drivers/crypto/rockchip/rk3288_crypto_skcipher.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ static int rk_aes_setkey(struct crypto_skcipher *cipher,
keylen != AES_KEYSIZE_256)
return -EINVAL;
ctx->keylen = keylen;
memcpy_toio(ctx->dev->reg + RK_CRYPTO_AES_KEY_0, key, keylen);
memcpy(ctx->key, key, keylen);

return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
}
Expand All @@ -111,7 +111,7 @@ static int rk_des_setkey(struct crypto_skcipher *cipher,
return err;

ctx->keylen = keylen;
memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen);
memcpy(ctx->key, key, keylen);

return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
}
Expand All @@ -127,7 +127,8 @@ static int rk_tdes_setkey(struct crypto_skcipher *cipher,
return err;

ctx->keylen = keylen;
memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen);
memcpy(ctx->key, key, keylen);

return crypto_skcipher_setkey(ctx->fallback_tfm, key, keylen);
}

Expand Down Expand Up @@ -283,6 +284,7 @@ static void rk_ablk_hw_init(struct rk_crypto_info *dev)
RK_CRYPTO_TDES_BYTESWAP_IV;
CRYPTO_WRITE(dev, RK_CRYPTO_TDES_CTRL, rctx->mode);
memcpy_toio(dev->reg + RK_CRYPTO_TDES_IV_0, req->iv, ivsize);
memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, ctx->key, ctx->keylen);
conf_reg = RK_CRYPTO_DESSEL;
} else {
rctx->mode |= RK_CRYPTO_AES_FIFO_MODE |
Expand All @@ -295,6 +297,7 @@ static void rk_ablk_hw_init(struct rk_crypto_info *dev)
rctx->mode |= RK_CRYPTO_AES_256BIT_key;
CRYPTO_WRITE(dev, RK_CRYPTO_AES_CTRL, rctx->mode);
memcpy_toio(dev->reg + RK_CRYPTO_AES_IV_0, req->iv, ivsize);
memcpy_toio(ctx->dev->reg + RK_CRYPTO_AES_KEY_0, ctx->key, ctx->keylen);
}
conf_reg |= RK_CRYPTO_BYTESWAP_BTFIFO |
RK_CRYPTO_BYTESWAP_BRFIFO;
Expand Down Expand Up @@ -484,6 +487,7 @@ static void rk_ablk_exit_tfm(struct crypto_skcipher *tfm)
{
struct rk_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);

memzero_explicit(ctx->key, ctx->keylen);
free_page((unsigned long)ctx->dev->addr_vir);
crypto_free_skcipher(ctx->fallback_tfm);
}
Expand Down

0 comments on commit d6b23cc

Please sign in to comment.