[PATCH] crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys

"Tomas Paukrt" <tomaspaukrt@xxxxxxxx> · Fri, 13 Sep 2024 12:58:21 +0200 (CEST)

Add an option to enable user-space access to cbc(paes) and ecb(paes)
cipher algorithms via AF_ALG.

Signed-off-by: Tomas Paukrt <tomaspaukrt@xxxxxxxx>
---
 drivers/crypto/Kconfig   | 13 +++++++++++++
 drivers/crypto/mxs-dcp.c |  8 ++++++++
 2 files changed, 21 insertions(+)

diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 94f23c6..4637c6f 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -460,6 +460,19 @@ config CRYPTO_DEV_MXS_DCP
 	  To compile this driver as a module, choose M here: the module
 	  will be called mxs-dcp.
 
+config CRYPTO_DEV_MXS_DCP_USER_PAES
+	bool "Enable user-space access to AES with hardware-bound keys"
+	depends on CRYPTO_DEV_MXS_DCP && CRYPTO_USER_API_SKCIPHER
+	default n
+	help
+	  Say Y to enable user-space access to cbc(paes) and ecb(paes)
+	  cipher algorithms via AF_ALG.
+
+	  In scenarios with untrustworthy users-pace, this may enable
+	  decryption of sensitive information.
+
+	  If unsure, say N.
+
 source "drivers/crypto/cavium/cpt/Kconfig"
 source "drivers/crypto/cavium/nitrox/Kconfig"
 source "drivers/crypto/marvell/Kconfig"
diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
index c82775d..84df1cb 100644
--- a/drivers/crypto/mxs-dcp.c
+++ b/drivers/crypto/mxs-dcp.c
@@ -944,7 +944,11 @@ static struct skcipher_alg dcp_aes_algs[] = {
 		.base.cra_driver_name	= "ecb-paes-dcp",
 		.base.cra_priority	= 401,
 		.base.cra_alignmask	= 15,
+#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES
+		.base.cra_flags		= CRYPTO_ALG_ASYNC,
+#else
 		.base.cra_flags		= CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,
+#endif
 		.base.cra_blocksize	= AES_BLOCK_SIZE,
 		.base.cra_ctxsize	= sizeof(struct dcp_async_ctx),
 		.base.cra_module	= THIS_MODULE,
@@ -960,7 +964,11 @@ static struct skcipher_alg dcp_aes_algs[] = {
 		.base.cra_driver_name	= "cbc-paes-dcp",
 		.base.cra_priority	= 401,
 		.base.cra_alignmask	= 15,
+#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES
+		.base.cra_flags		= CRYPTO_ALG_ASYNC,
+#else
 		.base.cra_flags		= CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,
+#endif
 		.base.cra_blocksize	= AES_BLOCK_SIZE,
 		.base.cra_ctxsize	= sizeof(struct dcp_async_ctx),
 		.base.cra_module	= THIS_MODULE,
-- 
2.7.4
 








