@@ -460,6 +460,19 @@ config CRYPTO_DEV_MXS_DCP
To compile this driver as a module, choose M here: the module
will be called mxs-dcp.
+config CRYPTO_DEV_MXS_DCP_USER_PAES
+ bool "Enable user-space access to AES with hardware-bound keys"
+ depends on CRYPTO_DEV_MXS_DCP && CRYPTO_USER_API_SKCIPHER
+ default n
+ help
+ Say Y to enable user-space access to cbc(paes) and ecb(paes)
+ cipher algorithms via AF_ALG.
+
+ In scenarios with untrustworthy users-pace, this may enable
+ decryption of sensitive information.
+
+ If unsure, say N.
+
source "drivers/crypto/cavium/cpt/Kconfig"
source "drivers/crypto/cavium/nitrox/Kconfig"
source "drivers/crypto/marvell/Kconfig"
@@ -944,7 +944,11 @@ static struct skcipher_alg dcp_aes_algs[] = {
.base.cra_driver_name = "ecb-paes-dcp",
.base.cra_priority = 401,
.base.cra_alignmask = 15,
+#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES
+ .base.cra_flags = CRYPTO_ALG_ASYNC,
+#else
.base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,
+#endif
.base.cra_blocksize = AES_BLOCK_SIZE,
.base.cra_ctxsize = sizeof(struct dcp_async_ctx),
.base.cra_module = THIS_MODULE,
@@ -960,7 +964,11 @@ static struct skcipher_alg dcp_aes_algs[] = {
.base.cra_driver_name = "cbc-paes-dcp",
.base.cra_priority = 401,
.base.cra_alignmask = 15,
+#ifdef CONFIG_CRYPTO_DEV_MXS_DCP_USER_PAES
+ .base.cra_flags = CRYPTO_ALG_ASYNC,
+#else
.base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,
+#endif
.base.cra_blocksize = AES_BLOCK_SIZE,
.base.cra_ctxsize = sizeof(struct dcp_async_ctx),
.base.cra_module = THIS_MODULE,
Add an option to enable user-space access to cbc(paes) and ecb(paes) cipher algorithms via AF_ALG. Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz> --- drivers/crypto/Kconfig | 13 +++++++++++++ drivers/crypto/mxs-dcp.c | 8 ++++++++ 2 files changed, 21 insertions(+)