Skip to content

Commit a794d8d

Browse files
Gilad Ben-Yossefherbertx
Gilad Ben-Yossef
authored and
herbertx
committed
crypto: ccree - enable support for hardware keys
Enable CryptoCell support for hardware keys. Hardware keys are regular AES keys loaded into CryptoCell internal memory via firmware, often from secure boot ROM or hardware fuses at boot time. As such, they can be used for enc/dec purposes like any other key but cannot (read: extremely hard to) be extracted since since they are not available anywhere in RAM during runtime. The mechanism has some similarities to s390 secure keys although the keys are not wrapped or sealed, but simply loaded offline. The interface was therefore modeled based on the s390 secure keys support. Signed-off-by: Gilad Ben-Yossef <[email protected]> Signed-off-by: Herbert Xu <[email protected]>
1 parent 658c9d2 commit a794d8d

File tree

3 files changed

+361
-62
lines changed

3 files changed

+361
-62
lines changed

crypto/testmgr.c

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2581,6 +2581,13 @@ static const struct alg_test_desc alg_test_descs[] = {
25812581
.dec = __VECS(des3_ede_cbc_dec_tv_template)
25822582
}
25832583
}
2584+
}, {
2585+
/* Same as cbc(aes) except the key is stored in
2586+
* hardware secure memory which we reference by index
2587+
*/
2588+
.alg = "cbc(paes)",
2589+
.test = alg_test_null,
2590+
.fips_allowed = 1,
25842591
}, {
25852592
.alg = "cbc(serpent)",
25862593
.test = alg_test_skcipher,
@@ -2727,6 +2734,13 @@ static const struct alg_test_desc alg_test_descs[] = {
27272734
.dec = __VECS(des3_ede_ctr_dec_tv_template)
27282735
}
27292736
}
2737+
}, {
2738+
/* Same as ctr(aes) except the key is stored in
2739+
* hardware secure memory which we reference by index
2740+
*/
2741+
.alg = "ctr(paes)",
2742+
.test = alg_test_null,
2743+
.fips_allowed = 1,
27302744
}, {
27312745
.alg = "ctr(serpent)",
27322746
.test = alg_test_skcipher,
@@ -2997,6 +3011,13 @@ static const struct alg_test_desc alg_test_descs[] = {
29973011
}
29983012
}
29993013
}
3014+
}, {
3015+
/* Same as ecb(aes) except the key is stored in
3016+
* hardware secure memory which we reference by index
3017+
*/
3018+
.alg = "ecb(paes)",
3019+
.test = alg_test_null,
3020+
.fips_allowed = 1,
30003021
}, {
30013022
.alg = "ecb(khazad)",
30023023
.test = alg_test_skcipher,
@@ -3324,6 +3345,13 @@ static const struct alg_test_desc alg_test_descs[] = {
33243345
.dec = __VECS(aes_ofb_dec_tv_template)
33253346
}
33263347
}
3348+
}, {
3349+
/* Same as ofb(aes) except the key is stored in
3350+
* hardware secure memory which we reference by index
3351+
*/
3352+
.alg = "ofb(paes)",
3353+
.test = alg_test_null,
3354+
.fips_allowed = 1,
33273355
}, {
33283356
.alg = "pcbc(fcrypt)",
33293357
.test = alg_test_skcipher,
@@ -3581,6 +3609,21 @@ static const struct alg_test_desc alg_test_descs[] = {
35813609
.dec = __VECS(aes_xts_dec_tv_template)
35823610
}
35833611
}
3612+
}, {
3613+
/* Same as xts(aes) except the key is stored in
3614+
* hardware secure memory which we reference by index
3615+
*/
3616+
.alg = "xts(paes)",
3617+
.test = alg_test_null,
3618+
.fips_allowed = 1,
3619+
}, {
3620+
.alg = "xts4096(paes)",
3621+
.test = alg_test_null,
3622+
.fips_allowed = 1,
3623+
}, {
3624+
.alg = "xts512(paes)",
3625+
.test = alg_test_null,
3626+
.fips_allowed = 1,
35843627
}, {
35853628
.alg = "xts(camellia)",
35863629
.test = alg_test_skcipher,

0 commit comments

Comments
 (0)