nvidia-oot: Increase keyslot size to 16 bytes

syncing changes b/w nvidia and nvidia-oot repo Bug 3697677 Signed-off-by: Manish Bhardwaj <mbhardwaj@nvidia.com> Change-Id: I0faa4d3107de5d9430ca91b407903990254e3b49 Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2872402 Reviewed-by: Suresh Venkatachalam <skathirampat@nvidia.com> Reviewed-by: Sandeep Trasi <strasi@nvidia.com> GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
2025-12-22 17:25:35 +03:00 · 2023-03-16 20:27:18 +05:30
parent dd88969020
commit a8830def61
4 changed files with 52 additions and 96 deletions
--- a/drivers/crypto/tegra-hv-vse-safety.c
+++ b/drivers/crypto/tegra-hv-vse-safety.c
@@ -249,7 +249,7 @@ struct tegra_virtual_se_addr {
 union tegra_virtual_se_aes_args {
 	struct keyiv {
-		u32 slot;
+		u8 slot[KEYSLOT_SIZE_BYTES];
 		u32 length;
 		u32 type;
 		u8 data[32];
@@ -257,7 +257,7 @@ union tegra_virtual_se_aes_args {
 		u8 uiv[TEGRA_VIRTUAL_SE_AES_IV_SIZE];
 	} key;
 	struct aes_encdec {
-		u32 keyslot;
+		u8 keyslot[KEYSLOT_SIZE_BYTES];
 		u32 mode;
 		u32 ivsel;
 		u8 lctr[TEGRA_VIRTUAL_SE_AES_LCTR_SIZE];
@@ -267,7 +267,7 @@ union tegra_virtual_se_aes_args {
 		u32 key_length;
 	} op;
 	struct aes_cmac_subkey_s {
-		u32 keyslot;
+		u8 keyslot[KEYSLOT_SIZE_BYTES];
 		u32 key_length;
 	} op_cmac_subkey_s;
 	struct aes_gcm {
@@ -276,7 +276,7 @@ union tegra_virtual_se_aes_args {
 		 * keyslot handle returned by TOS as part of load key operation.
 		 * It must be the first variable in the structure.
 		 */
-		uint32_t keyslot;
+		uint8_t keyslot[KEYSLOT_SIZE_BYTES];
 		uint32_t dst_addr_lo;
 		uint32_t dst_addr_hi;
@@ -302,7 +302,7 @@ union tegra_virtual_se_aes_args {
 		u8 expected_tag[TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE];
 	} op_gcm;
 	struct aes_cmac_s {
-		u32 keyslot;
+		u8 keyslot[KEYSLOT_SIZE_BYTES];
 		u32 ivsel;
 		u32 config;
 		u32 lastblock_len;
@@ -313,7 +313,7 @@ union tegra_virtual_se_aes_args {
 		u32 key_length;
 	} op_cmac_s;
 	struct aes_cmac_sv {
-		u32 keyslot;
+		u8 keyslot[KEYSLOT_SIZE_BYTES];
 		u32 config;
 		u32 lastblock_len;
 		u8 lastblock[TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE];
@@ -342,7 +342,7 @@ struct tegra_virtual_tsec_args {
 	/**
 	 * Keyslot index for keyslot containing TSEC key
 	 */
-	uint32_t keyslot;
+	uint8_t keyslot[KEYSLOT_SIZE_BYTES];
 	/**
 	 * Size of input buffer in bytes.
@@ -1529,7 +1529,7 @@ static void tegra_hv_vse_safety_prepare_cmd(struct tegra_virtual_se_dev *se_dev,
 	else
 		ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_DECRYPT;
-	aes->op.keyslot = aes_ctx->aes_keyslot;
+	memcpy(aes->op.keyslot, aes_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 	aes->op.key_length = aes_ctx->keylen;
 	aes->op.mode = req_ctx->op_mode;
 	aes->op.ivsel = AES_ORIGINAL_IV;
@@ -1579,7 +1579,7 @@ static int tegra_hv_vse_safety_aes_gen_random_iv(
 	ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_ENCRYPT_INIT;
 	priv->cmd = VIRTUAL_SE_PROCESS;
 	aes_ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
-	aes->op.keyslot = aes_ctx->aes_keyslot;
+	memcpy(aes->op.keyslot, aes_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 	aes->op.key_length = aes_ctx->keylen;
 	pivck = g_crypto_to_ivc_map[aes_ctx->node_id].ivck;
@@ -2037,7 +2037,7 @@ static int tegra_hv_vse_safety_cmac_op(struct ahash_request *req, bool is_last)
 	ivc_hdr->engine = g_crypto_to_ivc_map[cmac_ctx->node_id].se_engine;
 	ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_CMAC;
-	ivc_tx->aes.op_cmac_s.keyslot = cmac_ctx->aes_keyslot;
+	memcpy(ivc_tx->aes.op_cmac_s.keyslot, cmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 	ivc_tx->aes.op_cmac_s.key_length = cmac_ctx->keylen;
 	ivc_tx->aes.op_cmac_s.src_addr.hi = blocks_to_process * TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE;
 	if (is_last == true)
@@ -2150,7 +2150,7 @@ static int tegra_hv_vse_safety_tsec_sv_op(struct ahash_request *req)
 	ivc_tx->tsec.src_addr = src_buf_addr;
 	ivc_tx->tsec.src_buf_size = req->nbytes;
-	ivc_tx->tsec.keyslot = cmac_ctx->aes_keyslot;
+	memcpy(ivc_tx->tsec.keyslot, cmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 	if (cmac_req_data->request_type == CMAC_SIGN) {
 		ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_TSEC_SIGN;
@@ -2329,7 +2329,7 @@ static int tegra_hv_vse_safety_cmac_sv_op(struct ahash_request *req, bool is_las
 	else
 		ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_CMAC_VERIFY;
-	ivc_tx->aes.op_cmac_sv.keyslot = cmac_ctx->aes_keyslot;
+	memcpy(ivc_tx->aes.op_cmac_sv.keyslot, cmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 	ivc_tx->aes.op_cmac_sv.key_length = cmac_ctx->keylen;
 	ivc_tx->aes.op_cmac_sv.src_addr.hi = blocks_to_process * TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE;
 	ivc_tx->aes.op_cmac_sv.config = 0;
@@ -2722,7 +2722,6 @@ static int tegra_hv_vse_safety_cmac_setkey(struct crypto_ahash *tfm, const u8 *k
 	struct tegra_vse_tag *priv_data_ptr;
 	int err = 0;
 	s8 label[TEGRA_VIRTUAL_SE_AES_MAX_KEY_SIZE];
 	u32 slot;
 	bool is_keyslot_label;
 	if (!ctx)
@@ -2737,13 +2736,12 @@ static int tegra_hv_vse_safety_cmac_setkey(struct crypto_ahash *tfm, const u8 *k
 	}
 	/* format: 'NVSEAES 1234567\0' */
-	is_keyslot_label = strnlen(key, keylen) <= keylen &&
+	is_keyslot_label = sscanf(key, "%s", label) == 1 &&
 		sscanf(key, "%s %x", label, &slot) == 2 &&
 		!strcmp(label, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL);
 	if (is_keyslot_label) {
 		ctx->keylen = keylen;
-		ctx->aes_keyslot = (u32)slot;
+		memcpy(ctx->aes_keyslot, key + KEYSLOT_OFFSET_BYTES, KEYSLOT_SIZE_BYTES);
 		ctx->is_key_slot_allocated = true;
 	} else {
 		dev_err(se_dev->dev, "%s: Invalid keyslot label %s\n", __func__, key);
@@ -2775,7 +2773,7 @@ static int tegra_hv_vse_safety_cmac_setkey(struct crypto_ahash *tfm, const u8 *k
 		ivc_hdr->engine = g_crypto_to_ivc_map[ctx->node_id].se_engine;
 		ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_CMAC_GEN_SUBKEY;
-		ivc_tx->aes.op_cmac_subkey_s.keyslot = ctx->aes_keyslot;
+		memcpy(ivc_tx->aes.op_cmac_subkey_s.keyslot, ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 		ivc_tx->aes.op_cmac_subkey_s.key_length = ctx->keylen;
 		priv_data_ptr =
 			(struct tegra_vse_tag *)ivc_req_msg->ivc_hdr.tag;
@@ -2818,7 +2816,6 @@ static int tegra_hv_vse_safety_aes_setkey(struct crypto_skcipher *tfm,
 	struct tegra_virtual_se_aes_context *ctx = crypto_skcipher_ctx(tfm);
 	struct tegra_virtual_se_dev *se_dev;
 	s8 label[TEGRA_VIRTUAL_SE_AES_MAX_KEY_SIZE];
 	u32 slot;
 	int err = 0;
 	bool is_keyslot_label;
@@ -2833,13 +2830,12 @@ static int tegra_hv_vse_safety_aes_setkey(struct crypto_skcipher *tfm,
 	}
 	/* format: 'NVSEAES 1234567\0' */
-	is_keyslot_label = strnlen(key, keylen) <= keylen &&
+	is_keyslot_label = sscanf(key, "%s", label) == 1 &&
 		sscanf(key, "%s %x", label, &slot) == 2 &&
 		!strcmp(label, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL);
 	if (is_keyslot_label) {
 		ctx->keylen = keylen;
-		ctx->aes_keyslot = (u32)slot;
+		memcpy(ctx->aes_keyslot, key + KEYSLOT_OFFSET_BYTES, KEYSLOT_SIZE_BYTES);
 		ctx->is_key_slot_allocated = true;
 	} else {
 		dev_err(se_dev->dev, "%s: Invalid keyslot label %s", __func__, key);
@@ -2983,7 +2979,6 @@ static int tegra_vse_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
 	struct tegra_virtual_se_aes_context *ctx = crypto_aead_ctx(tfm);
 	struct tegra_virtual_se_dev *se_dev;
 	s8 label[TEGRA_VIRTUAL_SE_AES_MAX_KEY_SIZE];
 	u32 slot;
 	int err = 0;
 	bool is_keyslot_label;
@@ -2998,13 +2993,12 @@ static int tegra_vse_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
 	}
 	/* format: 'NVSEAES 1234567\0' */
-	is_keyslot_label = strnlen(key, keylen) <= keylen &&
+	is_keyslot_label = sscanf(key, "%s", label) == 1 &&
 		sscanf(key, "%s %x", label, &slot) == 2 &&
 		!strcmp(label, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL);
 	if (is_keyslot_label) {
 		ctx->keylen = keylen;
-		ctx->aes_keyslot = (u32)slot;
+		memcpy(ctx->aes_keyslot, key + KEYSLOT_OFFSET_BYTES, KEYSLOT_SIZE_BYTES);
 		ctx->is_key_slot_allocated = true;
 	} else {
 		dev_err(se_dev->dev, "%s: Invalid keyslot label %s\n", __func__, key);
@@ -3208,7 +3202,7 @@ static int tegra_vse_aes_gcm_enc_dec(struct aead_request *req, bool encrypt)
 	g_crypto_to_ivc_map[aes_ctx->node_id].vse_thread_start = true;
-	ivc_tx->aes.op_gcm.keyslot = aes_ctx->aes_keyslot;
+	memcpy(ivc_tx->aes.op_gcm.keyslot, aes_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 	ivc_tx->aes.op_gcm.key_length = aes_ctx->keylen;
 	if (encrypt) {
@@ -3434,7 +3428,6 @@ static int tegra_hv_vse_aes_gmac_setkey(struct crypto_ahash *tfm, const u8 *key,
 	struct tegra_virtual_se_aes_gmac_context *ctx = crypto_ahash_ctx(tfm);
 	struct tegra_virtual_se_dev *se_dev;
 	s8 label[TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL_SIZE];
 	u32 slot;
 	int err = 0;
 	bool is_keyslot_label;
@@ -3453,15 +3446,12 @@ static int tegra_hv_vse_aes_gmac_setkey(struct crypto_ahash *tfm, const u8 *key,
 	}
 	/* format: 'NVSEAES 1234567\0' */
-	is_keyslot_label =
+	is_keyslot_label = sscanf(key, "%s", label) == 1 &&
 		(strnlen(key, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL_SIZE)
 			<= TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL_SIZE) &&
 		(sscanf(key, "%s %x", label, &slot) == 2) &&
 		(!strcmp(label, TEGRA_VIRTUAL_SE_AES_KEYSLOT_LABEL));
 	if (is_keyslot_label) {
 		ctx->keylen = keylen;
-		ctx->aes_keyslot = (u32)slot;
+		memcpy(ctx->aes_keyslot, key + KEYSLOT_OFFSET_BYTES, KEYSLOT_SIZE_BYTES);
 		ctx->is_key_slot_allocated = true;
 	} else {
 		dev_err(se_dev->dev,
@@ -3560,7 +3550,7 @@ static int tegra_hv_vse_aes_gmac_sv_init(struct ahash_request *req)
 	priv->se_dev = se_dev;
 	ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_GMAC_CMD_INIT;
-	ivc_tx->aes.op_gcm.keyslot = gmac_ctx->aes_keyslot;
+	memcpy(ivc_tx->aes.op_gcm.keyslot, gmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 	ivc_tx->aes.op_gcm.key_length = gmac_ctx->keylen;
 	g_crypto_to_ivc_map[gmac_ctx->node_id].vse_thread_start = true;
@@ -3720,7 +3710,7 @@ static int tegra_hv_vse_aes_gmac_sv_op(struct ahash_request *req, bool is_last)
 	else
 		ivc_tx->cmd = TEGRA_VIRTUAL_SE_CMD_AES_GMAC_CMD_VERIFY;
-	ivc_tx->aes.op_gcm.keyslot = gmac_ctx->aes_keyslot;
+	memcpy(ivc_tx->aes.op_gcm.keyslot, gmac_ctx->aes_keyslot, KEYSLOT_SIZE_BYTES);
 	ivc_tx->aes.op_gcm.key_length = gmac_ctx->keylen;
 	ivc_tx->aes.op_gcm.aad_addr_hi = req->nbytes;
 	ivc_tx->aes.op_gcm.aad_addr_lo = (u32)(aad_buf_addr & U32_MAX);
--- a/drivers/crypto/tegra-hv-vse.h
+++ b/drivers/crypto/tegra-hv-vse.h
@@ -6,6 +6,9 @@
 #ifndef __TEGRA_HV_VSE_H
 #define __TEGRA_HV_VSE_H
 #define KEYSLOT_SIZE_BYTES		16
 #define KEYSLOT_OFFSET_BYTES		8
 struct tegra_vse_soc_info {
 	bool cmac_hw_padding_supported;
 	bool gcm_decrypt_supported;
@@ -66,7 +69,7 @@ struct tegra_virtual_se_aes_context {
 	struct tegra_virtual_se_dev *se_dev;
 	struct skcipher_request *req;
 	/* Security Engine key slot */
-	u32 aes_keyslot;
+	u8 aes_keyslot[KEYSLOT_SIZE_BYTES];
 	/* key length in bytes */
 	u32 keylen;
 	/* AES operation mode */
@@ -88,7 +91,7 @@ struct tegra_virtual_se_aes_cmac_context {
 	dma_addr_t hash_result_addr;	/* Intermediate hash result dma addr */
 	bool is_first;			/* Represents first block */
 	bool req_context_initialized;	/* Mark initialization status */
-	u32 aes_keyslot;
+	u8 aes_keyslot[KEYSLOT_SIZE_BYTES];
 	/* key length in bits */
 	u32 keylen;
 	bool is_key_slot_allocated;
@@ -102,7 +105,7 @@ struct tegra_virtual_se_aes_gmac_context {
 	u32 authsize;
 	/* Mark initialization status */
 	bool req_context_initialized;
-	u32 aes_keyslot;
+	u8 aes_keyslot[KEYSLOT_SIZE_BYTES];
 	/* key length in bits */
 	u32 keylen;
 	bool is_key_slot_allocated;
--- a/drivers/crypto/tegra-nvvse-cryptodev.c
+++ b/drivers/crypto/tegra-nvvse-cryptodev.c
@@ -480,14 +480,9 @@ static int tnvvtsec_crypto_aes_cmac_sign_verify(struct tnvvse_crypto_ctx *ctx,
 		priv_data.request_type = CMAC_SIGN;
 	else
 		priv_data.request_type = CMAC_VERIFY;
-	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x",
+
-						aes_cmac_ctl->key_slot);
+	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES ");
-	if (ret >= AES_KEYSLOT_NAME_SIZE) {
+	memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, aes_cmac_ctl->key_slot, KEYSLOT_SIZE_BYTES);
 		pr_err("%s(): Buffer overflow while setting key for cmac-tsec(aes): %d\n",
 				__func__, ret);
 		ret = -EINVAL;
 		goto free_req;
 	}
 	req->priv = &priv_data;
 	priv_data.result = 0;
@@ -629,14 +624,9 @@ static int tnvvse_crypto_aes_cmac_sign_verify(struct tnvvse_crypto_ctx *ctx,
 		priv_data.request_type = CMAC_SIGN;
 	else
 		priv_data.request_type = CMAC_VERIFY;
-	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x",
+
-						aes_cmac_ctl->key_slot);
+	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES ");
-	if (ret >= AES_KEYSLOT_NAME_SIZE) {
+	memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, aes_cmac_ctl->key_slot, KEYSLOT_SIZE_BYTES);
 		pr_err("%s(): Buffer overflow while setting key for cmac-vse(aes): %d\n",
 				__func__, ret);
 		ret = -EINVAL;
 		goto free_xbuf;
 	}
 	req->priv = &priv_data;
 	priv_data.result = 0;
@@ -761,13 +751,8 @@ static int tnvvse_crypto_aes_gmac_init(struct tnvvse_crypto_ctx *ctx,
 	init_completion(&sha_state->sha_complete.restart);
 	sha_state->sha_complete.req_err = 0;
-	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x", gmac_init_ctl->key_slot);
+	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES ");
-	if (ret >= AES_KEYSLOT_NAME_SIZE) {
+	memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, gmac_init_ctl->key_slot, KEYSLOT_SIZE_BYTES);
 		pr_err("%s(): Buffer overflow while setting key for gmac-vse(aes): %d\n",
 					__func__, ret);
 		ret = -EINVAL;
 		goto free_req;
 	}
 	klen = gmac_init_ctl->key_length;
 	ret = crypto_ahash_setkey(tfm, key_as_keyslot, klen);
@@ -845,14 +830,9 @@ static int tnvvse_crypto_aes_gmac_sign_verify_init(struct tnvvse_crypto_ctx *ctx
 	init_completion(&sha_state->sha_complete.restart);
 	sha_state->sha_complete.req_err = 0;
-	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x",
+	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES ");
-					gmac_sign_verify_ctl->key_slot);
+	memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, gmac_sign_verify_ctl->key_slot,
-	if (ret >= AES_KEYSLOT_NAME_SIZE) {
+		KEYSLOT_SIZE_BYTES);
 		pr_err("%s(): Buffer overflow while setting key for gmac-vse(aes): %d\n",
 					__func__, ret);
 		ret = -EINVAL;
 		goto free_xbuf;
 	}
 	klen = gmac_sign_verify_ctl->key_length;
 	ret = crypto_ahash_setkey(tfm, key_as_keyslot, klen);
@@ -1040,7 +1020,6 @@ static int tnvvse_crypto_aes_enc_dec(struct tnvvse_crypto_ctx *ctx,
 	char aes_algo[5][15] = {"cbc-vse(aes)", "ecb-vse(aes)", "ctr-vse(aes)"};
 	const char *driver_name;
 	char key_as_keyslot[AES_KEYSLOT_NAME_SIZE] = {0,};
 	int klen;
 	char *pbuf;
 	uint8_t next_block_iv[TEGRA_NVVSE_AES_IV_LEN];
 	bool first_loop = true;
@@ -1093,22 +1072,10 @@ static int tnvvse_crypto_aes_enc_dec(struct tnvvse_crypto_ctx *ctx,
 	crypto_skcipher_clear_flags(tfm, ~0);
-	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x",
+	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES ");
-			   aes_enc_dec_ctl->key_slot);
+	memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, aes_enc_dec_ctl->key_slot,
-	if (ret >= AES_KEYSLOT_NAME_SIZE) {
+		KEYSLOT_SIZE_BYTES);
 		pr_err("%s(): Buffer overflow while preparing key for %s: %d\n",
 					__func__, aes_algo[aes_enc_dec_ctl->aes_mode], ret);
 		ret = -EINVAL;
 		goto free_req;
 	}
 	klen = strlen(key_as_keyslot);
 	if (klen != 16) {
 		pr_err("%s(): key length is invalid, length %d, key %s\n", __func__, klen,
 			key_as_keyslot);
 		ret = -EINVAL;
 		goto free_req;
 	}
 	/* Null key is only allowed in SE driver */
 	if (!strstr(driver_name, "tegra")) {
 		ret = -EINVAL;
@@ -1373,14 +1340,9 @@ static int tnvvse_crypto_aes_enc_dec_gcm(struct tnvvse_crypto_ctx *ctx,
 	crypto_aead_clear_flags(tfm, ~0);
-	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES %x",
+	ret = snprintf(key_as_keyslot, AES_KEYSLOT_NAME_SIZE, "NVSEAES ");
-			aes_enc_dec_ctl->key_slot);
+	memcpy(key_as_keyslot + KEYSLOT_OFFSET_BYTES, aes_enc_dec_ctl->key_slot,
-	if (ret >= AES_KEYSLOT_NAME_SIZE) {
+		KEYSLOT_SIZE_BYTES);
 		pr_err("%s(): Buffer overflow while preparing key for gcm(aes): %d\n",
 					__func__, ret);
 		ret = -EINVAL;
 		goto free_req;
 	}
 	ret = crypto_aead_setkey(tfm, key_as_keyslot, aes_enc_dec_ctl->key_length);
 	if (ret < 0) {
--- a/include/uapi/misc/tegra-nvvse-cryptodev.h
+++ b/include/uapi/misc/tegra-nvvse-cryptodev.h
@@ -9,6 +9,7 @@
 #include <asm-generic/ioctl.h>
 #define KEYSLOT_SIZE_BYTES				16
 #define TEGRA_NVVSE_IOC_MAGIC				0x98
 #define MAX_NUMBER_MISC_DEVICES				46U
@@ -151,7 +152,7 @@ struct  tegra_nvvse_aes_enc_dec_ctl {
 	 * '0' value indicates First call and Non zero value indicates it is not the first call */
 	uint8_t		is_non_first_call;
 	/** [in] Holds a keyslot number */
-	uint32_t	key_slot;
+	uint8_t	key_slot[KEYSLOT_SIZE_BYTES];
 	/** [in] Holds the Key length */
 	/** Supported keylengths are 16 and 32 bytes */
 	uint8_t		key_length;
@@ -227,7 +228,7 @@ struct  tegra_nvvse_aes_enc_dec_ctl {
 */
 struct tegra_nvvse_aes_gmac_init_ctl {
 	/** [in] Holds a keyslot number */
-	uint32_t   key_slot;
+	uint8_t	key_slot[KEYSLOT_SIZE_BYTES];
 	/** [in] Holds the Key length */
 	/** Supported keylengths are 16 and 32 bytes */
 	uint8_t   key_length;
@@ -257,7 +258,7 @@ struct tegra_nvvse_aes_gmac_sign_verify_ctl {
 	 */
 	uint8_t  is_last;
 	/** [in] Holds a keyslot handle which is used for GMAC operation */
-	uint32_t  key_slot;
+	uint8_t	key_slot[KEYSLOT_SIZE_BYTES];
 	/** [in] Holds the Key length
 	 * Supported keylength is only 16 bytes and 32 bytes
 	 */
@@ -321,7 +322,7 @@ struct tegra_nvvse_aes_cmac_sign_verify_ctl {
 	 */
 	uint8_t  is_last;
 	/** [in] Holds a keyslot handle which is used for CMAC operation */
-	uint32_t  key_slot;
+	uint8_t	key_slot[KEYSLOT_SIZE_BYTES];
 	/** [in] Holds the Key length
 	 * Supported keylength is only 16 bytes and 32 bytes
 	 */