From df68c65babe2182beabfafd47ea0e142454d18c1 Mon Sep 17 00:00:00 2001 From: Advaya Andhare Date: Tue, 19 Dec 2023 06:47:12 +0000 Subject: [PATCH] vse: crypto: Remove AES-ECB support Jira ESSS-1185 Change-Id: I9f0c9d8bb6e2816da2a826d3678dbbfc8bec2b2c Signed-off-by: Advaya Andhare Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3037693 (cherry picked from commit 035056a3e785251d03590f07fa30fae077a99cf0) Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3047736 Reviewed-by: Leo Chiu Reviewed-by: Nagaraj P N Reviewed-by: Vipin Kumar GVS: Gerrit_Virtual_Submit --- drivers/crypto/tegra-hv-vse-safety.c | 74 +---------------------- drivers/crypto/tegra-nvvse-cryptodev.c | 4 +- include/uapi/misc/tegra-nvvse-cryptodev.h | 2 - 3 files changed, 4 insertions(+), 76 deletions(-) diff --git a/drivers/crypto/tegra-hv-vse-safety.c b/drivers/crypto/tegra-hv-vse-safety.c index a645c6b7..4b873098 100644 --- a/drivers/crypto/tegra-hv-vse-safety.c +++ b/drivers/crypto/tegra-hv-vse-safety.c @@ -554,9 +554,8 @@ enum tegra_virtual_se_op_mode { }; enum tegra_virtual_se_aes_op_mode { - AES_CBC, - AES_ECB, - AES_CTR, + AES_CBC = 0U, + AES_CTR = 2U, }; /* Security Engine request context */ @@ -1865,8 +1864,6 @@ static void tegra_hv_vse_safety_prepare_cmd(struct tegra_virtual_se_dev *se_dev, else aes->op.ivsel = AES_IV_REG; } - else - aes->op.ivsel = AES_ORIGINAL_IV; } } @@ -2144,54 +2141,6 @@ static int tegra_hv_vse_safety_aes_cbc_decrypt(struct skcipher_request *req) return err; } -static int tegra_hv_vse_safety_aes_ecb_encrypt(struct skcipher_request *req) -{ - int err = 0; - struct tegra_virtual_se_aes_req_context *req_ctx = NULL; - struct tegra_virtual_se_aes_context *aes_ctx; - - if (!req) { - pr_err("NULL req received by %s", __func__); - return -EINVAL; - } - aes_ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); - req_ctx = skcipher_request_ctx(req); - - req_ctx->encrypt = true; - req_ctx->op_mode = AES_ECB; - req_ctx->engine_id = g_crypto_to_ivc_map[aes_ctx->node_id].se_engine; - req_ctx->se_dev = g_virtual_se_dev[g_crypto_to_ivc_map[aes_ctx->node_id].se_engine]; - err = tegra_hv_vse_safety_process_aes_req(req_ctx->se_dev, req); - if (err) - dev_err(req_ctx->se_dev->dev, - "%s failed with error %d\n", __func__, err); - return err; -} - -static int tegra_hv_vse_safety_aes_ecb_decrypt(struct skcipher_request *req) -{ - int err = 0; - struct tegra_virtual_se_aes_req_context *req_ctx = NULL; - struct tegra_virtual_se_aes_context *aes_ctx; - - if (!req) { - pr_err("NULL req received by %s", __func__); - return -EINVAL; - } - aes_ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); - req_ctx = skcipher_request_ctx(req); - - req_ctx->encrypt = false; - req_ctx->op_mode = AES_ECB; - req_ctx->engine_id = g_crypto_to_ivc_map[aes_ctx->node_id].se_engine; - req_ctx->se_dev = g_virtual_se_dev[g_crypto_to_ivc_map[aes_ctx->node_id].se_engine]; - err = tegra_hv_vse_safety_process_aes_req(req_ctx->se_dev, req); - if (err) - dev_err(req_ctx->se_dev->dev, - "%s failed with error %d\n", __func__, err); - return err; -} - static int tegra_hv_vse_safety_aes_ctr_encrypt(struct skcipher_request *req) { int err = 0; @@ -4264,25 +4213,6 @@ static struct skcipher_alg aes_algs[] = { .max_keysize = TEGRA_VIRTUAL_SE_AES_MAX_KEY_SIZE, .ivsize = TEGRA_VIRTUAL_SE_AES_IV_SIZE, }, - { - .base.cra_name = "ecb-vse(aes)", - .base.cra_driver_name = "ecb-aes-tegra", - .base.cra_priority = 400, - .base.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | - CRYPTO_ALG_ASYNC, - .base.cra_blocksize = TEGRA_VIRTUAL_SE_AES_BLOCK_SIZE, - .base.cra_ctxsize = HV_SAFETY_AES_CTX_SIZE, - .base.cra_alignmask = 0, - .base.cra_module = THIS_MODULE, - .init = tegra_hv_vse_safety_aes_cra_init, - .exit = tegra_hv_vse_safety_aes_cra_exit, - .setkey = tegra_hv_vse_safety_aes_setkey, - .encrypt = tegra_hv_vse_safety_aes_ecb_encrypt, - .decrypt = tegra_hv_vse_safety_aes_ecb_decrypt, - .min_keysize = TEGRA_VIRTUAL_SE_AES_MIN_KEY_SIZE, - .max_keysize = TEGRA_VIRTUAL_SE_AES_MAX_KEY_SIZE, - .ivsize = TEGRA_VIRTUAL_SE_AES_IV_SIZE, - }, { .base.cra_name = "ctr-vse(aes)", .base.cra_driver_name = "ctr-aes-tegra-safety", diff --git a/drivers/crypto/tegra-nvvse-cryptodev.c b/drivers/crypto/tegra-nvvse-cryptodev.c index 33d320c2..29e92251 100644 --- a/drivers/crypto/tegra-nvvse-cryptodev.c +++ b/drivers/crypto/tegra-nvvse-cryptodev.c @@ -1041,7 +1041,7 @@ static int tnvvse_crypto_aes_enc_dec(struct tnvvse_crypto_ctx *ctx, int ret = 0; struct tnvvse_crypto_completion tcrypt_complete; struct tegra_virtual_se_aes_context *aes_ctx; - char aes_algo[5][15] = {"cbc-vse(aes)", "ecb-vse(aes)", "ctr-vse(aes)"}; + char aes_algo[5][15] = {"cbc-vse(aes)", "ctr-vse(aes)"}; const char *driver_name; char key_as_keyslot[AES_KEYSLOT_NAME_SIZE] = {0,}; uint8_t next_block_iv[TEGRA_NVVSE_AES_IV_LEN]; @@ -1155,7 +1155,7 @@ static int tnvvse_crypto_aes_enc_dec(struct tnvvse_crypto_ctx *ctx, } else { if (aes_enc_dec_ctl->aes_mode == TEGRA_NVVSE_AES_MODE_CTR) memcpy(next_block_iv, ctx->intermediate_counter, TEGRA_NVVSE_AES_CTR_LEN); - else //As ecb does not need IV, and CBC uses IV stored in SE server + else //As CBC uses IV stored in SE server memset(next_block_iv, 0, TEGRA_NVVSE_AES_IV_LEN); } pr_debug("%s(): %scryption\n", __func__, (aes_enc_dec_ctl->is_encryption ? "en" : "de")); diff --git a/include/uapi/misc/tegra-nvvse-cryptodev.h b/include/uapi/misc/tegra-nvvse-cryptodev.h index e015cfdb..4ad03320 100644 --- a/include/uapi/misc/tegra-nvvse-cryptodev.h +++ b/include/uapi/misc/tegra-nvvse-cryptodev.h @@ -71,8 +71,6 @@ enum tegra_nvvse_sha_type { enum tegra_nvvse_aes_mode { /** Defines AES MODE CBC */ TEGRA_NVVSE_AES_MODE_CBC = 0u, - /** Defines AES MODE ECB */ - TEGRA_NVVSE_AES_MODE_ECB, /** Defines AES MODE CTR */ TEGRA_NVVSE_AES_MODE_CTR, /** Defines AES MODE GCM */