diff --git a/drivers/crypto/tegra-hv-vse-safety.c b/drivers/crypto/tegra-hv-vse-safety.c index d991502a..5beca1a6 100644 --- a/drivers/crypto/tegra-hv-vse-safety.c +++ b/drivers/crypto/tegra-hv-vse-safety.c @@ -249,7 +249,7 @@ struct tegra_virtual_se_addr { union tegra_virtual_se_aes_args { struct keyiv { - u32 slot; + u8 slot[KEYSLOT_SIZE_BYTES]; u32 length; u32 type; u8 data[32]; @@ -257,7 +257,7 @@ union tegra_virtual_se_aes_args { u8 uiv[TEGRA_VIRTUAL_SE_AES_IV_SIZE]; } key; struct aes_encdec { - u32 keyslot; + u8 keyslot[KEYSLOT_SIZE_BYTES]; u32 mode; u32 ivsel; u8 lctr[TEGRA_VIRTUAL_SE_AES_LCTR_SIZE]; @@ -267,7 +267,7 @@ union tegra_virtual_se_aes_args { u32 key_length; } op; struct aes_cmac_subkey_s { - u32 keyslot; + u8 keyslot[KEYSLOT_SIZE_BYTES]; u32 key_length; } op_cmac_subkey_s; struct aes_gcm { @@ -276,7 +276,7 @@ union tegra_virtual_se_aes_args { * keyslot handle returned by TOS as part of load key operation. * It must be the first variable in the structure. */ - uint32_t keyslot; + uint8_t keyslot[KEYSLOT_SIZE_BYTES]; uint32_t dst_addr_lo; uint32_t dst_addr_hi; @@ -302,7 +302,7 @@ union tegra_virtual_se_aes_args { u8 expected_tag[TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE]; } op_gcm; struct aes_cmac_s { - u32 keyslot; + u8 keyslot[KEYSLOT_SIZE_BYTES]; u32 ivsel; u32 config; u32 lastblock_len; @@ -313,7 +313,7 @@ union tegra_virtual_se_aes_args { u32 key_length; } op_cmac_s; struct aes_cmac_sv { - u32 keyslot; + u8 keyslot[KEYSLOT_SIZE_BYTES]; u32 config; u32 lastblock_len; u8 lastblock[TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE]; @@ -342,7 +342,7 @@ struct tegra_virtual_tsec_args { /** * Keyslot index for keyslot containing TSEC key */ - uint32_t keyslot; + uint8_t keyslot[KEYSLOT_SIZE_BYTES]; /** * Size of input buffer in bytes. @@ -1529,7 +1529,7 @@ static void tegra_hv_vse_safety_prepare_cmd(struct tegra_virtual_se_dev *se_dev, else ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_DECRYPT; - aes->op.keyslot = aes_ctx->aes_keyslot; + memcpy(aes->op.keyslot, aes_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES); aes->op.key_length = aes_ctx->keylen; aes->op.mode = req_ctx->op_mode; aes->op.ivsel = AES_ORIGINAL_IV; @@ -1579,7 +1579,7 @@ static int tegra_hv_vse_safety_aes_gen_random_iv( ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_ENCRYPT_INIT; priv->cmd = VIRTUAL_SE_PROCESS; aes_ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); - aes->op.keyslot = aes_ctx->aes_keyslot; + memcpy(aes->op.keyslot, aes_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES); aes->op.key_length = aes_ctx->keylen; pivck = g_crypto_to_ivc_map[aes_ctx->node_id].ivck; @@ -2037,7 +2037,7 @@ static int tegra_hv_vse_safety_cmac_op(struct ahash_request *req, bool is_last) ivc_hdr->engine = g_crypto_to_ivc_map[cmac_ctx->node_id].se_engine; ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_CMAC; - ivc_tx->aes.op_cmac_s.keyslot = cmac_ctx->aes_keyslot; + memcpy(ivc_tx->aes.op_cmac_s.keyslot, cmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES); ivc_tx->aes.op_cmac_s.key_length = cmac_ctx->keylen; ivc_tx->aes.op_cmac_s.src_addr.hi = blocks_to_process * TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE; if (is_last == true) @@ -2150,7 +2150,7 @@ static int tegra_hv_vse_safety_tsec_sv_op(struct ahash_request *req) ivc_tx->tsec.src_addr = src_buf_addr; ivc_tx->tsec.src_buf_size = req->nbytes; - ivc_tx->tsec.keyslot = cmac_ctx->aes_keyslot; + memcpy(ivc_tx->tsec.keyslot, cmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES); if (cmac_req_data->request_type == CMAC_SIGN) { ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_TSEC_SIGN; @@ -2329,7 +2329,7 @@ static int tegra_hv_vse_safety_cmac_sv_op(struct ahash_request *req, bool is_las else ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_CMAC_VERIFY; - ivc_tx->aes.op_cmac_sv.keyslot = cmac_ctx->aes_keyslot; + memcpy(ivc_tx->aes.op_cmac_sv.keyslot, cmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES); ivc_tx->aes.op_cmac_sv.key_length = cmac_ctx->keylen; ivc_tx->aes.op_cmac_sv.src_addr.hi = blocks_to_process * TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE; ivc_tx->aes.op_cmac_sv.config = 0; @@ -2722,7 +2722,6 @@ static int tegra_hv_vse_safety_cmac_setkey(struct crypto_ahash *tfm, const u8 *k struct tegra_vse_tag *priv_data_ptr; int err = 0; s8 label[TEGRA_VIRTUAL_SE_AES_MAX_KEY_SIZE]; - u32 slot; bool is_keyslot_label; if (!ctx) @@ -2737,13 +2736,12 @@ static int tegra_hv_vse_safety_cmac_setkey(struct crypto_ahash *tfm, const u8 *k } /* format: 'NVSEAES 1234567\0' */ - is_keyslot_label = strnlen(key, keylen) <= keylen && - sscanf(key, "%s %x", label, &slot) == 2 && + is_keyslot_label = sscanf(key, "%s", label) == 1 && !strcmp(label, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL); if (is_keyslot_label) { ctx->keylen = keylen; - ctx->aes_keyslot = (u32)slot; + memcpy(ctx->aes_keyslot, key + KEYSLOT_OFFSET_BYTES, KEYSLOT_SIZE_BYTES); ctx->is_key_slot_allocated = true; } else { dev_err(se_dev->dev, "%s: Invalid keyslot label %s\n", __func__, key); @@ -2775,7 +2773,7 @@ static int tegra_hv_vse_safety_cmac_setkey(struct crypto_ahash *tfm, const u8 *k ivc_hdr->engine = g_crypto_to_ivc_map[ctx->node_id].se_engine; ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_CMAC_GEN_SUBKEY; - ivc_tx->aes.op_cmac_subkey_s.keyslot = ctx->aes_keyslot; + memcpy(ivc_tx->aes.op_cmac_subkey_s.keyslot, ctx->aes_keyslot, KEYSLOT_SIZE_BYTES); ivc_tx->aes.op_cmac_subkey_s.key_length = ctx->keylen; priv_data_ptr = (struct tegra_vse_tag *)ivc_req_msg->ivc_hdr.tag; @@ -2818,7 +2816,6 @@ static int tegra_hv_vse_safety_aes_setkey(struct crypto_skcipher *tfm, struct tegra_virtual_se_aes_context *ctx = crypto_skcipher_ctx(tfm); struct tegra_virtual_se_dev *se_dev; s8 label[TEGRA_VIRTUAL_SE_AES_MAX_KEY_SIZE]; - u32 slot; int err = 0; bool is_keyslot_label; @@ -2833,13 +2830,12 @@ static int tegra_hv_vse_safety_aes_setkey(struct crypto_skcipher *tfm, } /* format: 'NVSEAES 1234567\0' */ - is_keyslot_label = strnlen(key, keylen) <= keylen && - sscanf(key, "%s %x", label, &slot) == 2 && + is_keyslot_label = sscanf(key, "%s", label) == 1 && !strcmp(label, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL); if (is_keyslot_label) { ctx->keylen = keylen; - ctx->aes_keyslot = (u32)slot; + memcpy(ctx->aes_keyslot, key + KEYSLOT_OFFSET_BYTES, KEYSLOT_SIZE_BYTES); ctx->is_key_slot_allocated = true; } else { dev_err(se_dev->dev, "%s: Invalid keyslot label %s", __func__, key); @@ -2983,7 +2979,6 @@ static int tegra_vse_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, struct tegra_virtual_se_aes_context *ctx = crypto_aead_ctx(tfm); struct tegra_virtual_se_dev *se_dev; s8 label[TEGRA_VIRTUAL_SE_AES_MAX_KEY_SIZE]; - u32 slot; int err = 0; bool is_keyslot_label; @@ -2998,13 +2993,12 @@ static int tegra_vse_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, } /* format: 'NVSEAES 1234567\0' */ - is_keyslot_label = strnlen(key, keylen) <= keylen && - sscanf(key, "%s %x", label, &slot) == 2 && + is_keyslot_label = sscanf(key, "%s", label) == 1 && !strcmp(label, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL); if (is_keyslot_label) { ctx->keylen = keylen; - ctx->aes_keyslot = (u32)slot; + memcpy(ctx->aes_keyslot, key + KEYSLOT_OFFSET_BYTES, KEYSLOT_SIZE_BYTES); ctx->is_key_slot_allocated = true; } else { dev_err(se_dev->dev, "%s: Invalid keyslot label %s\n", __func__, key); @@ -3208,7 +3202,7 @@ static int tegra_vse_aes_gcm_enc_dec(struct aead_request *req, bool encrypt) g_crypto_to_ivc_map[aes_ctx->node_id].vse_thread_start = true; - ivc_tx->aes.op_gcm.keyslot = aes_ctx->aes_keyslot; + memcpy(ivc_tx->aes.op_gcm.keyslot, aes_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES); ivc_tx->aes.op_gcm.key_length = aes_ctx->keylen; if (encrypt) { @@ -3434,7 +3428,6 @@ static int tegra_hv_vse_aes_gmac_setkey(struct crypto_ahash *tfm, const u8 *key, struct tegra_virtual_se_aes_gmac_context *ctx = crypto_ahash_ctx(tfm); struct tegra_virtual_se_dev *se_dev; s8 label[TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL_SIZE]; - u32 slot; int err = 0; bool is_keyslot_label; @@ -3453,15 +3446,12 @@ static int tegra_hv_vse_aes_gmac_setkey(struct crypto_ahash *tfm, const u8 *key, } /* format: 'NVSEAES 1234567\0' */ - is_keyslot_label = - (strnlen(key, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL_SIZE) - <= TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL_SIZE) && - (sscanf(key, "%s %x", label, &slot) == 2) && + is_keyslot_label = sscanf(key, "%s", label) == 1 && (!strcmp(label, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL)); if (is_keyslot_label) { ctx->keylen = keylen; - ctx->aes_keyslot = (u32)slot; + memcpy(ctx->aes_keyslot, key + KEYSLOT_OFFSET_BYTES, KEYSLOT_SIZE_BYTES); ctx->is_key_slot_allocated = true; } else { dev_err(se_dev->dev, @@ -3560,7 +3550,7 @@ static int tegra_hv_vse_aes_gmac_sv_init(struct ahash_request *req) priv->se_dev = se_dev; ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_GMAC_CMD_INIT; - ivc_tx->aes.op_gcm.keyslot = gmac_ctx->aes_keyslot; + memcpy(ivc_tx->aes.op_gcm.keyslot, gmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES); ivc_tx->aes.op_gcm.key_length = gmac_ctx->keylen; g_crypto_to_ivc_map[gmac_ctx->node_id].vse_thread_start = true; @@ -3720,7 +3710,7 @@ static int tegra_hv_vse_aes_gmac_sv_op(struct ahash_request *req, bool is_last) else ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_GMAC_CMD_VERIFY; - ivc_tx->aes.op_gcm.keyslot = gmac_ctx->aes_keyslot; + memcpy(ivc_tx->aes.op_gcm.keyslot, gmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES); ivc_tx->aes.op_gcm.key_length = gmac_ctx->keylen; ivc_tx->aes.op_gcm.aad_addr_hi = req->nbytes; ivc_tx->aes.op_gcm.aad_addr_lo = (u32)(aad_buf_addr & U32_MAX); diff --git a/drivers/crypto/tegra-hv-vse.h b/drivers/crypto/tegra-hv-vse.h index 9cab28fd..c1e4bdee 100644 --- a/drivers/crypto/tegra-hv-vse.h +++ b/drivers/crypto/tegra-hv-vse.h @@ -6,6 +6,9 @@ #ifndef __TEGRA_HV_VSE_H #define __TEGRA_HV_VSE_H +#define KEYSLOT_SIZE_BYTES 16 +#define KEYSLOT_OFFSET_BYTES 8 + struct tegra_vse_soc_info { bool cmac_hw_padding_supported; bool gcm_decrypt_supported; @@ -66,7 +69,7 @@ struct tegra_virtual_se_aes_context { struct tegra_virtual_se_dev *se_dev; struct skcipher_request *req; /* Security Engine key slot */ - u32 aes_keyslot; + u8 aes_keyslot[KEYSLOT_SIZE_BYTES]; /* key length in bytes */ u32 keylen; /* AES operation mode */ @@ -88,7 +91,7 @@ struct tegra_virtual_se_aes_cmac_context { dma_addr_t hash_result_addr; /* Intermediate hash result dma addr */ bool is_first; /* Represents first block */ bool req_context_initialized; /* Mark initialization status */ - u32 aes_keyslot; + u8 aes_keyslot[KEYSLOT_SIZE_BYTES]; /* key length in bits */ u32 keylen; bool is_key_slot_allocated; @@ -102,7 +105,7 @@ struct tegra_virtual_se_aes_gmac_context { u32 authsize; /* Mark initialization status */ bool req_context_initialized; - u32 aes_keyslot; + u8 aes_keyslot[KEYSLOT_SIZE_BYTES]; /* key length in bits */ u32 keylen; bool is_key_slot_allocated; diff --git a/drivers/crypto/tegra-nvvse-cryptodev.c b/drivers/crypto/tegra-nvvse-cryptodev.c index 676e5770..b52f3f07 100644 --- a/drivers/crypto/tegra-nvvse-cryptodev.c +++ b/drivers/crypto/tegra-nvvse-cryptodev.c @@ -480,14 +480,9 @@ static int tnvvtsec_crypto_aes_cmac_sign_verify(struct tnvvse_crypto_ctx *ctx, priv_data.request_type = CMAC_SIGN; else priv_data.request_type = CMAC_VERIFY; - ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x", - aes_cmac_ctl->key_slot); - if (ret >= AES_KEYSLOT_NAME_SIZE) { - pr_err("%s(): Buffer overflow while setting key for cmac-tsec(aes): %d\n", - __func__, ret); - ret = -EINVAL; - goto free_req; - } + + ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES "); + memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, aes_cmac_ctl->key_slot, KEYSLOT_SIZE_BYTES); req->priv = &priv_data; priv_data.result = 0; @@ -629,14 +624,9 @@ static int tnvvse_crypto_aes_cmac_sign_verify(struct tnvvse_crypto_ctx *ctx, priv_data.request_type = CMAC_SIGN; else priv_data.request_type = CMAC_VERIFY; - ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x", - aes_cmac_ctl->key_slot); - if (ret >= AES_KEYSLOT_NAME_SIZE) { - pr_err("%s(): Buffer overflow while setting key for cmac-vse(aes): %d\n", - __func__, ret); - ret = -EINVAL; - goto free_xbuf; - } + + ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES "); + memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, aes_cmac_ctl->key_slot, KEYSLOT_SIZE_BYTES); req->priv = &priv_data; priv_data.result = 0; @@ -761,13 +751,8 @@ static int tnvvse_crypto_aes_gmac_init(struct tnvvse_crypto_ctx *ctx, init_completion(&sha_state->sha_complete.restart); sha_state->sha_complete.req_err = 0; - ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x", gmac_init_ctl->key_slot); - if (ret >= AES_KEYSLOT_NAME_SIZE) { - pr_err("%s(): Buffer overflow while setting key for gmac-vse(aes): %d\n", - __func__, ret); - ret = -EINVAL; - goto free_req; - } + ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES "); + memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, gmac_init_ctl->key_slot, KEYSLOT_SIZE_BYTES); klen = gmac_init_ctl->key_length; ret = crypto_ahash_setkey(tfm, key_as_keyslot, klen); @@ -845,14 +830,9 @@ static int tnvvse_crypto_aes_gmac_sign_verify_init(struct tnvvse_crypto_ctx *ctx init_completion(&sha_state->sha_complete.restart); sha_state->sha_complete.req_err = 0; - ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x", - gmac_sign_verify_ctl->key_slot); - if (ret >= AES_KEYSLOT_NAME_SIZE) { - pr_err("%s(): Buffer overflow while setting key for gmac-vse(aes): %d\n", - __func__, ret); - ret = -EINVAL; - goto free_xbuf; - } + ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES "); + memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, gmac_sign_verify_ctl->key_slot, + KEYSLOT_SIZE_BYTES); klen = gmac_sign_verify_ctl->key_length; ret = crypto_ahash_setkey(tfm, key_as_keyslot, klen); @@ -1040,7 +1020,6 @@ static int tnvvse_crypto_aes_enc_dec(struct tnvvse_crypto_ctx *ctx, char aes_algo[5][15] = {"cbc-vse(aes)", "ecb-vse(aes)", "ctr-vse(aes)"}; const char *driver_name; char key_as_keyslot[AES_KEYSLOT_NAME_SIZE] = {0,}; - int klen; char *pbuf; uint8_t next_block_iv[TEGRA_NVVSE_AES_IV_LEN]; bool first_loop = true; @@ -1093,22 +1072,10 @@ static int tnvvse_crypto_aes_enc_dec(struct tnvvse_crypto_ctx *ctx, crypto_skcipher_clear_flags(tfm, ~0); - ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x", - aes_enc_dec_ctl->key_slot); - if (ret >= AES_KEYSLOT_NAME_SIZE) { - pr_err("%s(): Buffer overflow while preparing key for %s: %d\n", - __func__, aes_algo[aes_enc_dec_ctl->aes_mode], ret); - ret = -EINVAL; - goto free_req; - } + ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES "); + memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, aes_enc_dec_ctl->key_slot, + KEYSLOT_SIZE_BYTES); - klen = strlen(key_as_keyslot); - if (klen != 16) { - pr_err("%s(): key length is invalid, length %d, key %s\n", __func__, klen, - key_as_keyslot); - ret = -EINVAL; - goto free_req; - } /* Null key is only allowed in SE driver */ if (!strstr(driver_name, "tegra")) { ret = -EINVAL; @@ -1373,14 +1340,9 @@ static int tnvvse_crypto_aes_enc_dec_gcm(struct tnvvse_crypto_ctx *ctx, crypto_aead_clear_flags(tfm, ~0); - ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x", - aes_enc_dec_ctl->key_slot); - if (ret >= AES_KEYSLOT_NAME_SIZE) { - pr_err("%s(): Buffer overflow while preparing key for gcm(aes): %d\n", - __func__, ret); - ret = -EINVAL; - goto free_req; - } + ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES "); + memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, aes_enc_dec_ctl->key_slot, + KEYSLOT_SIZE_BYTES); ret = crypto_aead_setkey(tfm, key_as_keyslot, aes_enc_dec_ctl->key_length); if (ret < 0) { diff --git a/include/uapi/misc/tegra-nvvse-cryptodev.h b/include/uapi/misc/tegra-nvvse-cryptodev.h index 9af450d4..672ca0e0 100644 --- a/include/uapi/misc/tegra-nvvse-cryptodev.h +++ b/include/uapi/misc/tegra-nvvse-cryptodev.h @@ -9,6 +9,7 @@ #include +#define KEYSLOT_SIZE_BYTES 16 #define TEGRA_NVVSE_IOC_MAGIC 0x98 #define MAX_NUMBER_MISC_DEVICES 46U @@ -151,7 +152,7 @@ struct tegra_nvvse_aes_enc_dec_ctl { * '0' value indicates First call and Non zero value indicates it is not the first call */ uint8_t is_non_first_call; /** [in] Holds a keyslot number */ - uint32_t key_slot; + uint8_t key_slot[KEYSLOT_SIZE_BYTES]; /** [in] Holds the Key length */ /** Supported keylengths are 16 and 32 bytes */ uint8_t key_length; @@ -227,7 +228,7 @@ struct tegra_nvvse_aes_enc_dec_ctl { */ struct tegra_nvvse_aes_gmac_init_ctl { /** [in] Holds a keyslot number */ - uint32_t key_slot; + uint8_t key_slot[KEYSLOT_SIZE_BYTES]; /** [in] Holds the Key length */ /** Supported keylengths are 16 and 32 bytes */ uint8_t key_length; @@ -257,7 +258,7 @@ struct tegra_nvvse_aes_gmac_sign_verify_ctl { */ uint8_t is_last; /** [in] Holds a keyslot handle which is used for GMAC operation */ - uint32_t key_slot; + uint8_t key_slot[KEYSLOT_SIZE_BYTES]; /** [in] Holds the Key length * Supported keylength is only 16 bytes and 32 bytes */ @@ -321,7 +322,7 @@ struct tegra_nvvse_aes_cmac_sign_verify_ctl { */ uint8_t is_last; /** [in] Holds a keyslot handle which is used for CMAC operation */ - uint32_t key_slot; + uint8_t key_slot[KEYSLOT_SIZE_BYTES]; /** [in] Holds the Key length * Supported keylength is only 16 bytes and 32 bytes */