summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorGilad Ben-Yossef <gilad@benyossef.com>2018-04-23 08:25:14 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>2018-05-05 14:52:43 +0800
commita794d8d876d21d165721b5460264ca811245f5bd (patch)
tree6e052263b2ee918d639b94055c3466a4d3c2a3bc /crypto
parent658c9d2b9f374c835d0348d852a3f002196628d0 (diff)
downloadlinux-0-day-a794d8d876d21d165721b5460264ca811245f5bd.tar.gz
linux-0-day-a794d8d876d21d165721b5460264ca811245f5bd.tar.xz
crypto: ccree - enable support for hardware keys
Enable CryptoCell support for hardware keys. Hardware keys are regular AES keys loaded into CryptoCell internal memory via firmware, often from secure boot ROM or hardware fuses at boot time. As such, they can be used for enc/dec purposes like any other key but cannot (read: extremely hard to) be extracted since since they are not available anywhere in RAM during runtime. The mechanism has some similarities to s390 secure keys although the keys are not wrapped or sealed, but simply loaded offline. The interface was therefore modeled based on the s390 secure keys support. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/testmgr.c43
1 files changed, 43 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 397b117309f1a..c31da0f3f6804 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2582,6 +2582,13 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+ /* Same as cbc(aes) except the key is stored in
+ * hardware secure memory which we reference by index
+ */
+ .alg = "cbc(paes)",
+ .test = alg_test_null,
+ .fips_allowed = 1,
+ }, {
.alg = "cbc(serpent)",
.test = alg_test_skcipher,
.suite = {
@@ -2728,6 +2735,13 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+ /* Same as ctr(aes) except the key is stored in
+ * hardware secure memory which we reference by index
+ */
+ .alg = "ctr(paes)",
+ .test = alg_test_null,
+ .fips_allowed = 1,
+ }, {
.alg = "ctr(serpent)",
.test = alg_test_skcipher,
.suite = {
@@ -2998,6 +3012,13 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+ /* Same as ecb(aes) except the key is stored in
+ * hardware secure memory which we reference by index
+ */
+ .alg = "ecb(paes)",
+ .test = alg_test_null,
+ .fips_allowed = 1,
+ }, {
.alg = "ecb(khazad)",
.test = alg_test_skcipher,
.suite = {
@@ -3325,6 +3346,13 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+ /* Same as ofb(aes) except the key is stored in
+ * hardware secure memory which we reference by index
+ */
+ .alg = "ofb(paes)",
+ .test = alg_test_null,
+ .fips_allowed = 1,
+ }, {
.alg = "pcbc(fcrypt)",
.test = alg_test_skcipher,
.suite = {
@@ -3582,6 +3610,21 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+ /* Same as xts(aes) except the key is stored in
+ * hardware secure memory which we reference by index
+ */
+ .alg = "xts(paes)",
+ .test = alg_test_null,
+ .fips_allowed = 1,
+ }, {
+ .alg = "xts4096(paes)",
+ .test = alg_test_null,
+ .fips_allowed = 1,
+ }, {
+ .alg = "xts512(paes)",
+ .test = alg_test_null,
+ .fips_allowed = 1,
+ }, {
.alg = "xts(camellia)",
.test = alg_test_skcipher,
.suite = {