Skip to content

Commit

Permalink
crypto: ccree - enable support for hardware keys
Browse files Browse the repository at this point in the history 
Enable CryptoCell support for hardware keys.

Hardware keys are regular AES keys loaded into CryptoCell internal memory
via firmware, often from secure boot ROM or hardware fuses at boot time.

As such, they can be used for enc/dec purposes like any other key but
cannot (read: extremely hard to) be extracted since since they are not
available anywhere in RAM during runtime.

The mechanism has some similarities to s390 secure keys although the keys
are not wrapped or sealed, but simply loaded offline. The interface was
therefore modeled based on the s390 secure keys support.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  • Loading branch information
Gilad Ben-Yossef authored and Herbert Xu committed May 5, 2018
1 parent 658c9d2 commit a794d8d
Show file tree
Hide file tree
Showing 3 changed files with 361 additions and 62 deletions.
43 changes: 43 additions & 0 deletions crypto/testmgr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2581,6 +2581,13 @@ static const struct alg_test_desc alg_test_descs[] = {
.dec = __VECS(des3_ede_cbc_dec_tv_template)
}
}
}, {
/* Same as cbc(aes) except the key is stored in
* hardware secure memory which we reference by index
*/
.alg = "cbc(paes)",
.test = alg_test_null,
.fips_allowed = 1,
}, {
.alg = "cbc(serpent)",
.test = alg_test_skcipher,
Expand Down Expand Up @@ -2727,6 +2734,13 @@ static const struct alg_test_desc alg_test_descs[] = {
.dec = __VECS(des3_ede_ctr_dec_tv_template)
}
}
}, {
/* Same as ctr(aes) except the key is stored in
* hardware secure memory which we reference by index
*/
.alg = "ctr(paes)",
.test = alg_test_null,
.fips_allowed = 1,
}, {
.alg = "ctr(serpent)",
.test = alg_test_skcipher,
Expand Down Expand Up @@ -2997,6 +3011,13 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}
}, {
/* Same as ecb(aes) except the key is stored in
* hardware secure memory which we reference by index
*/
.alg = "ecb(paes)",
.test = alg_test_null,
.fips_allowed = 1,
}, {
.alg = "ecb(khazad)",
.test = alg_test_skcipher,
Expand Down Expand Up @@ -3324,6 +3345,13 @@ static const struct alg_test_desc alg_test_descs[] = {
.dec = __VECS(aes_ofb_dec_tv_template)
}
}
}, {
/* Same as ofb(aes) except the key is stored in
* hardware secure memory which we reference by index
*/
.alg = "ofb(paes)",
.test = alg_test_null,
.fips_allowed = 1,
}, {
.alg = "pcbc(fcrypt)",
.test = alg_test_skcipher,
Expand Down Expand Up @@ -3581,6 +3609,21 @@ static const struct alg_test_desc alg_test_descs[] = {
.dec = __VECS(aes_xts_dec_tv_template)
}
}
}, {
/* Same as xts(aes) except the key is stored in
* hardware secure memory which we reference by index
*/
.alg = "xts(paes)",
.test = alg_test_null,
.fips_allowed = 1,
}, {
.alg = "xts4096(paes)",
.test = alg_test_null,
.fips_allowed = 1,
}, {
.alg = "xts512(paes)",
.test = alg_test_null,
.fips_allowed = 1,
}, {
.alg = "xts(camellia)",
.test = alg_test_skcipher,
Expand Down
Loading

0 comments on commit a794d8d

Please sign in to comment.