[PATCH] crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys

[PATCH] crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys

[Tomas Paukrt]

Add an option to enable user-space access to cbc(paes) and ecb(paes)
cipher algorithms via AF_ALG.

Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
---
 drivers/crypto/Kconfig   | 13 +++++++++++++
 drivers/crypto/mxs-dcp.c |  8 ++++++++
 2 files changed, 21 insertions(+)

diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 94f23c6..4637c6f 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -460,6 +460,19 @@ config CRYPTO_DEV_MXS_DCP
 	  To compile this driver as a module, choose M here: the module
 	  will be called mxs-dcp.

+config CRYPTO_DEV_MXS_DCP_USER_PAES
+	bool "Enable user-space access to AES with hardware-bound keys"
+	depends on CRYPTO_DEV_MXS_DCP && CRYPTO_USER_API_SKCIPHER
+	default n
+	help
+	  Say Y to enable user-space access to cbc(paes) and ecb(paes)
+	  cipher algorithms via AF_ALG.
+
+	  In scenarios with untrustworthy users-pace, this may enable
+	  decryption of sensitive information.
+
+	  If unsure, say N.
+
 source "drivers/crypto/cavium/cpt/Kconfig"
 source "drivers/crypto/cavium/nitrox/Kconfig"
 source "drivers/crypto/marvell/Kconfig"
diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
index c82775d..84df1cb 100644
--- a/drivers/crypto/mxs-dcp.c
+++ b/drivers/crypto/mxs-dcp.c
@@ -944,7 +944,11 @@ static struct skcipher_alg dcp_aes_algs[] = {
 		.base.cra_driver_name	= "ecb-paes-dcp",
 		.base.cra_priority	= 401,
 		.base.cra_alignmask	= 15,
+#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES
+		.base.cra_flags		= CRYPTO_ALG_ASYNC,
+#else
 		.base.cra_flags		= CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,
+#endif
 		.base.cra_blocksize	= AES_BLOCK_SIZE,
 		.base.cra_ctxsize	= sizeof(struct dcp_async_ctx),
 		.base.cra_module	= THIS_MODULE,
@@ -960,7 +964,11 @@ static struct skcipher_alg dcp_aes_algs[] = {
 		.base.cra_driver_name	= "cbc-paes-dcp",
 		.base.cra_priority	= 401,
 		.base.cra_alignmask	= 15,
+#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES
+		.base.cra_flags		= CRYPTO_ALG_ASYNC,
+#else
 		.base.cra_flags		= CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,
+#endif
 		.base.cra_blocksize	= AES_BLOCK_SIZE,
 		.base.cra_ctxsize	= sizeof(struct dcp_async_ctx),
 		.base.cra_module	= THIS_MODULE,
--
2.7.4

Re: [PATCH] crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys

[Herbert Xu]

On Fri, Sep 13, 2024 at 12:58:21PM +0200, Tomas Paukrt wrote:
> Add an option to enable user-space access to cbc(paes) and ecb(paes)
> cipher algorithms via AF_ALG.
> 
> Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
> ---
>  drivers/crypto/Kconfig   | 13 +++++++++++++
>  drivers/crypto/mxs-dcp.c |  8 ++++++++
>  2 files changed, 21 insertions(+)
> 
> diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
> index 94f23c6..4637c6f 100644
> --- a/drivers/crypto/Kconfig
> +++ b/drivers/crypto/Kconfig
> @@ -460,6 +460,19 @@ config CRYPTO_DEV_MXS_DCP
>  	  To compile this driver as a module, choose M here: the module
>  	  will be called mxs-dcp.
> 
> +config CRYPTO_DEV_MXS_DCP_USER_PAES
> +	bool "Enable user-space access to AES with hardware-bound keys"
> +	depends on CRYPTO_DEV_MXS_DCP && CRYPTO_USER_API_SKCIPHER
> +	default n
> +	help
> +	  Say Y to enable user-space access to cbc(paes) and ecb(paes)
> +	  cipher algorithms via AF_ALG.
> +
> +	  In scenarios with untrustworthy users-pace, this may enable
> +	  decryption of sensitive information.
> +
> +	  If unsure, say N.
> +

Why not just expose it uncondtionally?

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys

[Tomas Paukrt]

> Why not just expose it uncondtionally?

Please see the comment in the following patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d16af0b4cfac4b2c3b238e2ec37b38c2f316978

The goal of this change is to allow some users to use AES with hardware-bound keys from user-space without compromising others.

Best regards

Tomas

Re: [PATCH] crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys

[Herbert Xu]

On Sat, Sep 14, 2024 at 01:32:37PM +0200, Tomas Paukrt wrote:
> 
> Please see the comment in the following patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d16af0b4cfac4b2c3b238e2ec37b38c2f316978
> 
> The goal of this change is to allow some users to use AES with hardware-bound keys from user-space without compromising others.

In that case I would suggest introducing a flag so that the key
can only be accessed through the keyring subsystem.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys

[Tomas Paukrt]

> In that case I would suggest introducing a flag so that the key
> can only be accessed through the keyring subsystem.

Do you mean CRYPTO_ALG_KERN_DRIVER_ONLY instead of CRYPTO_ALG_INTERNAL or something else?

Re: [PATCH] crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys

[Herbert Xu]

On Sat, Sep 14, 2024 at 02:41:23PM +0200, Tomas Paukrt wrote:
>
> Do you mean CRYPTO_ALG_KERN_DRIVER_ONLY instead of CRYPTO_ALG_INTERNAL or something else?

No I mean a new flag which forces af_alg to only use keys from
the keyring subsystem.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt