Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 322b301c authored by Neeraj Soni's avatar Neeraj Soni
Browse files

Use correct endianness for encryption keys 



From ICE 3.0 onwards the keys are used in little endian format
but legacy ICE driver in trustzone reverses the endianness. So reverse
the endianness of keys before passing it to trusted ICE driver.

Change-Id: I5c343054526d43234d5ab1f072a199c6f4203e5a
Signed-off-by: default avatarNeeraj Soni <neersoni@codeaurora.org>
parent 12388772

drivers/md/dm-default-key.c

+16 −2
Original line number Diff line number Diff line
@@ -134,13 +134,26 @@ static int default_key_ctr_optional(struct dm_target *ti, 
}



void default_key_adjust_sector_size_and_iv(char **argv, struct dm_target *ti,

					   struct default_key_c **dkc)

					   struct default_key_c **dkc, u8 *raw,

					   u32 size)

{

	struct dm_dev *dev;

	int i;

	union {

		u8 bytes[BLK_CRYPTO_MAX_WRAPPED_KEY_SIZE];

		u32 words[BLK_CRYPTO_MAX_WRAPPED_KEY_SIZE / sizeof(u32)];

	} key_new;



	dev = (*dkc)->dev;



	if (!strcmp(argv[0], "AES-256-XTS")) {

		memcpy(key_new.bytes, raw, size);



		for (i = 0; i < ARRAY_SIZE(key_new.words); i++)

			__cpu_to_be32s(&key_new.words[i]);



		memcpy(raw, key_new.bytes, size);



		if (ti->len & (((*dkc)->sector_size >> SECTOR_SHIFT) - 1))

			(*dkc)->sector_size = SECTOR_SIZE;
@@ -240,7 +253,8 @@ static int default_key_ctr(struct dm_target *ti, unsigned int argc, char **argv) 
			goto bad;

	}



	default_key_adjust_sector_size_and_iv(argv, ti, &dkc);

	default_key_adjust_sector_size_and_iv(argv, ti, &dkc, raw_key,

					      raw_key_size);



	dkc->sector_bits = ilog2(dkc->sector_size);

	if (ti->len & ((dkc->sector_size >> SECTOR_SHIFT) - 1)) {

drivers/soc/qcom/crypto-qti-tz.c

+12 −1
Original line number Diff line number Diff line
@@ -33,6 +33,11 @@ int crypto_qti_program_key(struct crypto_vops_qti_entry *ice_entry, 
	char *tzbuf = NULL;

	struct qtee_shm shm;

	struct scm_desc desc = {0};

	int i;

	union {

		u8 bytes[BLK_CRYPTO_MAX_WRAPPED_KEY_SIZE];

		u32 words[BLK_CRYPTO_MAX_WRAPPED_KEY_SIZE / sizeof(u32)];

	} key_new;



	err = qtee_shmbridge_allocate_shm(key->size, &shm);

	if (err)
@@ -40,7 +45,13 @@ int crypto_qti_program_key(struct crypto_vops_qti_entry *ice_entry, 


	tzbuf = shm.vaddr;



	memcpy(tzbuf, key->raw, key->size);

	memcpy(key_new.bytes, key->raw, key->size);

	if (!key->is_hw_wrapped) {

		for (i = 0; i < ARRAY_SIZE(key_new.words); i++)

			__cpu_to_be32s(&key_new.words[i]);

	}



	memcpy(tzbuf, key_new.bytes, key->size);

	dmac_flush_range(tzbuf, tzbuf + key->size);



	smc_id = TZ_ES_CONFIG_SET_ICE_KEY_CE_TYPE_ID;

fs/crypto/keysetup_v1.c

+11 −1
Original line number Diff line number Diff line
@@ -25,6 +25,7 @@ 
#include <keys/user-type.h>

#include <linux/hashtable.h>

#include <linux/scatterlist.h>

#include <linux/bio-crypt-ctx.h>



#include "fscrypt_private.h"
@@ -283,14 +284,23 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci, 
{

	u8 *derived_key;

	int err;

	int i;

	union {

		u8 bytes[FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE];

		u32 words[FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE / sizeof(u32)];

	} key_new;



	/*Support legacy ice based content encryption mode*/

	if ((fscrypt_policy_contents_mode(&ci->ci_policy) ==

					  FSCRYPT_MODE_PRIVATE) &&

					  fscrypt_using_inline_encryption(ci)) {

		memcpy(key_new.bytes, raw_master_key, ci->ci_mode->keysize);



		for (i = 0; i < ARRAY_SIZE(key_new.words); i++)

			__cpu_to_be32s(&key_new.words[i]);



		err = fscrypt_prepare_inline_crypt_key(&ci->ci_key,

						       raw_master_key,

						       key_new.bytes,

						       ci->ci_mode->keysize,

						       false,

						       ci);