openwrt/staging/blogic.git
5 years agocrypto: inside-secure - Only enable algorithms advertised by the hardware
Pascal van Leeuwen [Fri, 30 Aug 2019 07:40:54 +0000 (09:40 +0200)]
crypto: inside-secure - Only enable algorithms advertised by the hardware

This patch probes the supported algorithms from the hardware and only
registers the ones that the hardware actually supports. This is necessary
because this is a generic driver supposed to run on a wide variety of
engines, which may or may not implement certain algorithms.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for the AES-XTS algorithm
Pascal van Leeuwen [Fri, 30 Aug 2019 07:40:53 +0000 (09:40 +0200)]
crypto: inside-secure - Add support for the AES-XTS algorithm

This patch adds support for the AES-XTS skcipher algorithm.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Move static cipher alg & mode settings to init
Pascal van Leeuwen [Fri, 30 Aug 2019 07:40:52 +0000 (09:40 +0200)]
crypto: inside-secure - Move static cipher alg & mode settings to init

ctx->alg and ctx->mode were set from safexcel_send_req through the
various safexcel_encrypt and _decrypt routines, but this makes little
sense as these are static per ciphersuite. So moved to _init instead,
in preparation of adding more ciphersuites.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - fix incorrect crypto key setting
Vic Wu [Wed, 28 Aug 2019 06:37:16 +0000 (14:37 +0800)]
crypto: mediatek - fix incorrect crypto key setting

Record crypto key to context during setkey and set the key to
transform state buffer in encrypt/decrypt process.

Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Tested-by: John Crispin <john@phrozen.og>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - add support to OFB/CFB mode
Ryder Lee [Wed, 28 Aug 2019 06:37:15 +0000 (14:37 +0800)]
crypto: mediatek - add support to OFB/CFB mode

This patch adds support to OFB/CFB mode.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - only treat EBUSY as transient if backlog
Ryder Lee [Wed, 28 Aug 2019 06:37:14 +0000 (14:37 +0800)]
crypto: mediatek - only treat EBUSY as transient if backlog

The driver was treating -EBUSY as indication of queueing to backlog
without checking that backlog is enabled for the request.

Fix it by checking request flags.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - fix uninitialized value of gctx->textlen
Ryder Lee [Wed, 28 Aug 2019 06:37:13 +0000 (14:37 +0800)]
crypto: mediatek - fix uninitialized value of gctx->textlen

Add a pre-computed text length to avoid uninitialized value in the check.

Fixes: e47270665b5f ("crypto: mediatek - Add empty messages check in GCM mode")
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - move mtk_aes_find_dev() to the right place
Ryder Lee [Wed, 28 Aug 2019 06:37:12 +0000 (14:37 +0800)]
crypto: mediatek - move mtk_aes_find_dev() to the right place

Move mtk_aes_find_dev() to right functions as nobody uses the
'cryp' under current flows.

We can also avoid duplicate checks here and there in this way.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - select CRYPTO_LIB_DES while compiling SEC driver
Mao Wenan [Wed, 28 Aug 2019 08:07:40 +0000 (16:07 +0800)]
crypto: hisilicon - select CRYPTO_LIB_DES while compiling SEC driver

When CRYPTO_DEV_HISI_SEC=y, below compilation error is found after
'commit 894b68d8be4b ("crypto: hisilicon/des - switch to new verification routines")':

drivers/crypto/hisilicon/sec/sec_algs.o: In function `sec_alg_skcipher_setkey_des_cbc':
sec_algs.c:(.text+0x11f0): undefined reference to `des_expand_key'
drivers/crypto/hisilicon/sec/sec_algs.o: In function `sec_alg_skcipher_setkey_des_ecb':
sec_algs.c:(.text+0x1390): undefined reference to `des_expand_key'
make: *** [vmlinux] Error 1

This because DES library has been moved to lib/crypto in this commit
'04007b0e6cbb ("crypto: des - split off DES library from generic DES cipher driver")'.
Fix this by selecting CRYPTO_LIB_DES in CRYPTO_DEV_HISI_SEC.

Fixes: 04007b0e6cbb ("crypto: des - split off DES library from generic DES cipher driver")
Fixes: 894b68d8be4b ("crypto: hisilicon/des - switch to new verification routines")
Signed-off-by: Mao Wenan <maowenan@huawei.com>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Add missing MODULE_LICENSE() to lib/crypto/sha256.c
Hans de Goede [Sun, 25 Aug 2019 18:18:41 +0000 (20:18 +0200)]
crypto: sha256 - Add missing MODULE_LICENSE() to lib/crypto/sha256.c

lib/crypto/sha256.c / lib/crypto/libsha256.o may end up being a module,
so it needs a MODULE_LICENSE() line, add this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - invoke fallback for XTS ciphertext stealing
Ard Biesheuvel [Thu, 22 Aug 2019 15:47:31 +0000 (18:47 +0300)]
crypto: ccp - invoke fallback for XTS ciphertext stealing

For correctness and compliance with the XTS-AES specification, we are
adding support for ciphertext stealing to XTS implementations, even
though no use cases are known that will be enabled by this.

Since the ccp driver already has a fallback skcipher standby for
dealing with input sizes other than [16, 512, 1024, 2048, 4096],
just drop the check against the block size.

Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gary Hook <gary.hook@amd.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: nx - remove unused variables 'nx_driver_string' and 'nx_driver_version'
YueHaibing [Thu, 22 Aug 2019 14:46:49 +0000 (22:46 +0800)]
crypto: nx - remove unused variables 'nx_driver_string' and 'nx_driver_version'

drivers/crypto/nx/nx.h:12:19: warning:
 nx_driver_string defined but not used [-Wunused-const-variable=]
drivers/crypto/nx/nx.h:13:19: warning:
 nx_driver_version defined but not used [-Wunused-const-variable=]

They are never used, so just remove it.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: atmel - Fix -Wunused-const-variable warning
YueHaibing [Thu, 22 Aug 2019 14:44:44 +0000 (22:44 +0800)]
crypto: atmel - Fix -Wunused-const-variable warning

drivers/crypto/atmel-i2c.h:68:3: warning:
 error_list defined but not used [-Wunused-const-variable=]

error_list is only used in atmel-i2c.c,
so just move the definition over there.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128 - Fix -Wunused-const-variable warning
YueHaibing [Thu, 22 Aug 2019 14:41:38 +0000 (22:41 +0800)]
crypto: aegis128 - Fix -Wunused-const-variable warning

crypto/aegis.h:27:32: warning:
 crypto_aegis_const defined but not used [-Wunused-const-variable=]

crypto_aegis_const is only used in aegis128-core.c,
just move the definition over there.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - add clock entry for i.MX8MQ
Andrey Smirnov [Tue, 20 Aug 2019 20:24:01 +0000 (13:24 -0700)]
crypto: caam - add clock entry for i.MX8MQ

Add clock entry needed to support i.MX8MQ.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - always select job ring via RSR on i.MX8MQ
Andrey Smirnov [Tue, 20 Aug 2019 20:24:00 +0000 (13:24 -0700)]
crypto: caam - always select job ring via RSR on i.MX8MQ

Per feedback from NXP tech support the way to use register based
service interface on i.MX8MQ is to follow the same set of steps
outlined for the case when virtualization is enabled, regardless if it
is. Current version of SRM for i.MX8MQ speaks of DECO DID_MS and DECO
DID_LS registers, but apparently those are not implemented, so the
case when SCFGR[VIRT_EN]=0 should be handled the same as the case when
SCFGR[VIRT_EN]=1

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - select DMA address size at runtime
Andrey Smirnov [Tue, 20 Aug 2019 20:23:59 +0000 (13:23 -0700)]
crypto: caam - select DMA address size at runtime

i.MX8 mScale SoC still use 32-bit addresses in its CAAM implmentation,
so we can't rely on sizeof(dma_addr_t) to detemine CAAM pointer
size. Convert the code to query CTPR and MCFGR for that during driver
probing.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - don't hardcode inpentry size
Andrey Smirnov [Tue, 20 Aug 2019 20:23:58 +0000 (13:23 -0700)]
crypto: caam - don't hardcode inpentry size

Using dma_addr_t for elements of JobR input ring is not appropriate on
all 64-bit SoCs, some of which, like i.MX8MQ, use only 32-bit wide
pointers there. Convert all of the code to use explicit helper
function that can be later extended to support i.MX8MQ. No functional
change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - drop explicit usage of struct jr_outentry
Andrey Smirnov [Tue, 20 Aug 2019 20:23:57 +0000 (13:23 -0700)]
crypto: caam - drop explicit usage of struct jr_outentry

Using struct jr_outentry to specify the layout of JobR output ring is
not appropriate for all 64-bit SoC, since some of them, like i.MX8MQ,
use 32-bit pointers there which doesn't match 64-bit
dma_addr_t. Convert existing code to use explicit helper functions to
access any of the JobR output ring elements, so that the support for
i.MX8MQ can be added later. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - move cpu_to_caam_dma() selection to runtime
Andrey Smirnov [Tue, 20 Aug 2019 20:23:56 +0000 (13:23 -0700)]
crypto: caam - move cpu_to_caam_dma() selection to runtime

Instead of selecting the implementation of
cpu_to_caam_dma()/caam_dma_to_cpu() at build time using the
preprocessor, convert the code to do that at run-time using IS_ENABLED
macro. This is needed to add support for i.MX8MQ. No functional change
intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - make CAAM_PTR_SZ dynamic
Andrey Smirnov [Tue, 20 Aug 2019 20:23:55 +0000 (13:23 -0700)]
crypto: caam - make CAAM_PTR_SZ dynamic

In order to be able to configure CAAM pointer size at run-time, which
needed to support i.MX8MQ, which is 64-bit SoC with 32-bit pointer
size, convert CAAM_PTR_SZ to refer to a global variable of the same
name ("caam_ptr_sz") and adjust the rest of the code accordingly. No
functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - share definition for MAX_SDLEN
Andrey Smirnov [Tue, 20 Aug 2019 20:23:54 +0000 (13:23 -0700)]
crypto: caam - share definition for MAX_SDLEN

Both qi.h and cammalg_qi2.h seem to define identical versions of
MAX_SDLEN. Move it to desc_constr.h to avoid duplication.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - drop 64-bit only wr/rd_reg64()
Andrey Smirnov [Tue, 20 Aug 2019 20:23:53 +0000 (13:23 -0700)]
crypto: caam - drop 64-bit only wr/rd_reg64()

Since 32-bit of both wr_reg64 and rd_reg64 now use 64-bit IO helpers,
these functions should no longer be necessary. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - use ioread64*_hi_lo in rd_reg64
Andrey Smirnov [Tue, 20 Aug 2019 20:23:52 +0000 (13:23 -0700)]
crypto: caam - use ioread64*_hi_lo in rd_reg64

Following the same transformation logic as outlined in previous commit
converting wr_reg64, convert rd_reg64 to use helpers from
<linux/io-64-nonatomic-hi-lo.h> first. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrytpo: caam - make use of iowrite64*_hi_lo in wr_reg64
Andrey Smirnov [Tue, 20 Aug 2019 20:23:51 +0000 (13:23 -0700)]
crytpo: caam - make use of iowrite64*_hi_lo in wr_reg64

In order to be able to unify 64 and 32 bit implementations of
wr_reg64, let's convert it to use helpers from
<linux/io-64-nonatomic-hi-lo.h> first. Here are the steps of the
transformation:

1. Inline wr_reg32 helpers:

if (!caam_imx && caam_little_end) {
if (caam_little_end) {
iowrite32(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32(data, (u32 __iomem *)(reg));
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32be(data, (u32 __iomem *)(reg));
}
} else {
if (caam_little_end) {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg));
iowrite32be(data, (u32 __iomem *)(reg) + 1);
}
}

2. Transfrom the conditionals such that the check for
'caam_little_end' is at the top level:

if (caam_little_end) {
if (!caam_imx) {
iowrite32(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32(data, (u32 __iomem *)(reg));
} else {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
}
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg));
iowrite32be(data, (u32 __iomem *)(reg) + 1);
}

3. Invert the check for !caam_imx:

if (caam_little_end) {
if (caam_imx) {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
} else {
iowrite32(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32(data, (u32 __iomem *)(reg));
}
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg));
iowrite32be(data, (u32 __iomem *)(reg) + 1);
}

4. Make use of iowrite64* helpers from <linux/io-64-nonatomic-hi-lo.h>

if (caam_little_end) {
if (caam_imx) {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
} else {
iowrite64(data, reg);
}
} else {
iowrite64be(data, reg);
}

No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - request JR IRQ as the last step
Andrey Smirnov [Tue, 20 Aug 2019 20:23:50 +0000 (13:23 -0700)]
crypto: caam - request JR IRQ as the last step

In order to avoid any risk of JR IRQ request being handled while some
of the resources used for that are not yet allocated move the code
requesting said IRQ to the endo of caam_jr_init().

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - convert caam_jr_init() to use devres
Andrey Smirnov [Tue, 20 Aug 2019 20:23:49 +0000 (13:23 -0700)]
crypto: caam - convert caam_jr_init() to use devres

Use devres to allocate all of the resources in caam_jr_init() (DMA
coherent and regular memory, IRQs) drop calls to corresponding
deallocation routines. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - simplfy clock initialization
Andrey Smirnov [Tue, 20 Aug 2019 20:23:48 +0000 (13:23 -0700)]
crypto: caam - simplfy clock initialization

Simplify clock initialization code by converting it to use clk-bulk,
devres and soc_device_match() match table. No functional change
intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Leonard Crestez <leonard.crestez@nxp.com>
Tested-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - move DMA mask selection into a function
Andrey Smirnov [Tue, 20 Aug 2019 20:23:47 +0000 (13:23 -0700)]
crypto: caam - move DMA mask selection into a function

Exactly the same code to figure out DMA mask is repeated twice in the
driver code. To avoid repetition, move that logic into a standalone
subroutine in intern.h. While at it re-shuffle the code to make it
more readable with early returns.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam/qi - use print_hex_dump_debug function to print debug messages
Iuliana Prodan [Tue, 20 Aug 2019 11:26:39 +0000 (14:26 +0300)]
crypto: caam/qi - use print_hex_dump_debug function to print debug messages

Use print_hex_dump_debug function to print debug messages, instead of
print_hex_dump inside #ifdef DEBUG.

Fixes: 6e005503199b ("crypto: caam - print debug messages at debug level")
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - add support for using the EIP197 without vendor firmware
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:26 +0000 (16:40 +0200)]
crypto: inside-secure - add support for using the EIP197 without vendor firmware

Until now, the inside-secure driver required a set of firmware images
supplied by the silicon vendor, typically under NDA, to be present in
/lib/firmware/inside-secure in order to be able to function.
This patch removes the dependence on this official vendor firmware by
falling back to generic "mini" FW - developed specifically for this
driver - that can be provided under GPL 2.0 through linux-firmwares.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - add support for PCI based FPGA development board
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:25 +0000 (16:40 +0200)]
crypto: inside-secure - add support for PCI based FPGA development board

This patch adds support for a PCIE development board with FPGA from Xilinx,
to facilitate pre-silicon driver development by both Inside Secure and its
IP customers. Since Inside Secure neither produces nor has access to actual
silicon, this is required functionality to allow us to contribute.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Remove redundant algo to engine mapping code
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:24 +0000 (16:40 +0200)]
crypto: inside-secure - Remove redundant algo to engine mapping code

This removes some code determine which engine has which algorithms which
was effectively redundant (may have been forward-looking?) due to always
enabling all algorithms for all currently supported engines.
A future patch will use a different, more scalable approach to achieve
this. This is removed now because otherwise the next patch will add new
hardware which would otherwise have to be added to all algorithms, so
now is a convenient time to just get rid of this.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - make driver selectable for non-Marvell hardware
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:23 +0000 (16:40 +0200)]
crypto: inside-secure - make driver selectable for non-Marvell hardware

While being a generic EIP97/EIP197 driver, the driver was only selectable
for Marvell Armada hardware. This fix makes the driver selectable for any
Device Tree supporting kernel configuration, allowing it to be used for
other compatible hardware by just adding the correct device tree entry.

It also allows the driver to be selected for PCI(E) supporting kernel con-
figurations, to be able to use it with PCIE based FPGA development boards
for pre-silicon driver development by both Inside Secure and its IP custo-
mers.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s5p - use correct block size of 1 for ctr(aes)
Ard Biesheuvel [Mon, 19 Aug 2019 14:22:26 +0000 (17:22 +0300)]
crypto: s5p - use correct block size of 1 for ctr(aes)

Align the s5p ctr(aes) implementation with other implementations
of the same mode, by setting the block size to 1.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Kamil Konieczny <k.konieczny@partner.samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s5p - deal gracefully with bogus input sizes
Ard Biesheuvel [Mon, 19 Aug 2019 14:22:25 +0000 (17:22 +0300)]
crypto: s5p - deal gracefully with bogus input sizes

The s5p skcipher driver returns -EINVAL for zero length inputs, which
deviates from the behavior of the generic ECB template, and causes fuzz
tests to fail. In cases where the input is not a multiple of the AES
block size (and the chaining mode is not CTR), it prints an error to
the kernel log, which is a thing we usually try to avoid in response
to situations that can be triggered by unprivileged users.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Kamil Konieczny <k.konieczny@partner.samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes - implement accelerated ESSIV/CBC mode
Ard Biesheuvel [Mon, 19 Aug 2019 14:17:36 +0000 (17:17 +0300)]
crypto: arm64/aes - implement accelerated ESSIV/CBC mode

Add an accelerated version of the 'essiv(cbc(aes),sha256)' skcipher,
which is used by fscrypt or dm-crypt on systems where CBC mode is
signficantly more performant than XTS mode (e.g., when using a h/w
accelerator which supports the former but not the latter) This avoids
a separate call into the AES cipher for every invocation.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes-cts-cbc - factor out CBC en/decryption of a walk
Ard Biesheuvel [Mon, 19 Aug 2019 14:17:35 +0000 (17:17 +0300)]
crypto: arm64/aes-cts-cbc - factor out CBC en/decryption of a walk

The plain CBC driver and the CTS one share some code that iterates over
a scatterwalk and invokes the CBC asm code to do the processing. The
upcoming ESSIV/CBC mode will clone that pattern for the third time, so
let's factor it out first.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: essiv - add tests for essiv in cbc(aes)+sha256 mode
Ard Biesheuvel [Mon, 19 Aug 2019 14:17:34 +0000 (17:17 +0300)]
crypto: essiv - add tests for essiv in cbc(aes)+sha256 mode

Add a test vector for the ESSIV mode that is the most widely used,
i.e., using cbc(aes) and sha256, in both skcipher and AEAD modes
(the latter is used by tcrypt to encapsulate the authenc template
or h/w instantiations of the same)

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aegis128 - use explicit vector load for permute vectors
Ard Biesheuvel [Mon, 19 Aug 2019 14:15:00 +0000 (17:15 +0300)]
crypto: arm64/aegis128 - use explicit vector load for permute vectors

When building the new aegis128 NEON code in big endian mode, Clang
complains about the const uint8x16_t permute vectors in the following
way:

  crypto/aegis128-neon-inner.c:58:40: warning: vector initializers are not
      compatible with NEON intrinsics in big endian mode
      [-Wnonportable-vector-initialization]
                static const uint8x16_t shift_rows = {
                                                     ^
  crypto/aegis128-neon-inner.c:58:40: note: consider using vld1q_u8() to
      initialize a vector from memory, or vcombine_u8(vcreate_u8(), vcreate_u8())
      to initialize from integer constants

Since the same issue applies to the uint8x16x4_t loads of the AES Sbox,
update those references as well. However, since GCC does not implement
the vld1q_u8_x4() intrinsic, switch from IS_ENABLED() to a preprocessor
conditional to conditionally include this code.

Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: picoxcell - Fix the name of the module in the description of CRYPTO_DEV_PICOXCELL
Christophe JAILLET [Mon, 19 Aug 2019 05:18:33 +0000 (07:18 +0200)]
crypto: picoxcell - Fix the name of the module in the description of CRYPTO_DEV_PICOXCELL

The help section says that the module will be called 'pipcoxcell_crypto'.
This is likely a typo.
Use 'picoxcell_crypto' instead

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: talitos - Fix build warning in aead_des3_setkey
Herbert Xu [Thu, 22 Aug 2019 12:09:15 +0000 (22:09 +1000)]
crypto: talitos - Fix build warning in aead_des3_setkey

This patch removes the variable flags which is now unused thanks
to the new DES helpers.

Fixes: 9d574ae8ebc1 ("crypto: talitos/des - switch to new...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: n2/des - fix build breakage after DES updates
Ard Biesheuvel [Thu, 22 Aug 2019 11:49:15 +0000 (14:49 +0300)]
crypto: n2/des - fix build breakage after DES updates

Fix build breakage caused by the DES library refactor.

Fixes: d4b90dbc8578 ("crypto: n2/des - switch to new verification routines")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390/aes - fix typo in XTS_BLOCK_SIZE identifier
Ard Biesheuvel [Thu, 22 Aug 2019 10:24:54 +0000 (13:24 +0300)]
crypto: s390/aes - fix typo in XTS_BLOCK_SIZE identifier

Fix a typo XTS_BLOCKSIZE -> XTS_BLOCK_SIZE, causing the build to
break.

Fixes: ce68acbcb6a5 ("crypto: s390/xts-aes - invoke fallback for...")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256_generic - Switch to the generic lib/crypto/sha256.c lib code
Hans de Goede [Sat, 17 Aug 2019 14:24:35 +0000 (16:24 +0200)]
crypto: sha256_generic - Switch to the generic lib/crypto/sha256.c lib code

Drop the duplicate generic sha256 (and sha224) implementation from
crypto/sha256_generic.c and use the implementation from
lib/crypto/sha256.c instead.

"diff -u lib/crypto/sha256.c sha256_generic.c" shows that the core
sha256_transform function from both implementations is identical and
the other code is functionally identical too.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Add sha224 support to sha256 library code
Hans de Goede [Sat, 17 Aug 2019 14:24:34 +0000 (16:24 +0200)]
crypto: sha256 - Add sha224 support to sha256 library code

Add sha224 support to the lib/crypto/sha256 library code. This will allow
us to replace both the sha256 and sha224 parts of crypto/sha256_generic.c
when we remove the code duplication in further patches in this series.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Make lib/crypto/sha256.c suitable for generic use
Hans de Goede [Sat, 17 Aug 2019 14:24:33 +0000 (16:24 +0200)]
crypto: sha256 - Make lib/crypto/sha256.c suitable for generic use

Before this commit lib/crypto/sha256.c has only been used in the s390 and
x86 purgatory code, make it suitable for generic use:

* Export interesting symbols
* Add  -D__DISABLE_EXPORTS to CFLAGS_sha256.o for purgatory builds to
  avoid the exports for the purgatory builds
* Add to lib/crypto/Makefile and crypto/Kconfig

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit
Hans de Goede [Sat, 17 Aug 2019 14:24:32 +0000 (16:24 +0200)]
crypto: sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit

Use get/put_unaligned_be32 in lib/crypto/sha256.c to load / store data
so that it can be used with unaligned buffers too, making it more generic.

And use memzero_explicit for better clearing of sensitive data.

Note unlike other patches in this series this commit actually makes
functional changes to the sha256 code as used by the purgatory code.

This fully aligns the lib/crypto/sha256.c sha256 implementation with the
one from crypto/sha256_generic.c allowing us to remove the latter in
further patches in this series.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Move lib/sha256.c to lib/crypto
Hans de Goede [Sat, 17 Aug 2019 14:24:31 +0000 (16:24 +0200)]
crypto: sha256 - Move lib/sha256.c to lib/crypto

Generic crypto implementations belong under lib/crypto not directly in
lib, likewise the header should be in include/crypto, not include/linux.

Note that the code in lib/crypto/sha256.c is not yet available for
generic use after this commit, it is still only used by the s390 and x86
purgatory code. Making it suitable for generic use is done in further
patches in this series.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256_generic - Fix some coding style issues
Hans de Goede [Sat, 17 Aug 2019 14:24:30 +0000 (16:24 +0200)]
crypto: sha256_generic - Fix some coding style issues

Add a bunch of missing spaces after commas and arround operators.

Note the main goal of this is to make sha256_transform and its helpers
identical in formatting too the duplcate implementation in lib/sha256.c,
so that "diff -u" can be used to compare them to prove that no functional
changes are made when further patches in this series consolidate the 2
implementations into 1.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Fix some coding style issues
Hans de Goede [Sat, 17 Aug 2019 14:24:29 +0000 (16:24 +0200)]
crypto: sha256 - Fix some coding style issues

For some reason after the first 15 steps the last statement of each
step ends with "t1+t2", missing spaces around the "+". This commit
fixes this. This was done with a 's/= t1+t2/= t1 + t2/' to make sure
no functional changes are introduced.

Note the main goal of this is to make lib/sha256.c's sha256_transform
and its helpers identical in formatting too the duplcate implementation
in crypto/sha256_generic.c so that "diff -u" can be used to compare them
to prove that no functional changes are made when further patches in
this series consolidate the 2 implementations into 1.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: vmx/xts - use fallback for ciphertext stealing
Ard Biesheuvel [Fri, 16 Aug 2019 14:06:24 +0000 (17:06 +0300)]
crypto: vmx/xts - use fallback for ciphertext stealing

For correctness and compliance with the XTS-AES specification, we are
adding support for ciphertext stealing to XTS implementations, even
though no use cases are known that will be enabled by this.

Since the Power8 implementation already has a fallback skcipher standby
for other purposes, let's use it for this purpose as well. If ciphertext
stealing use cases ever become a bottleneck, we can always revisit this.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390/xts-aes - invoke fallback for ciphertext stealing
Ard Biesheuvel [Fri, 16 Aug 2019 12:35:45 +0000 (15:35 +0300)]
crypto: s390/xts-aes - invoke fallback for ciphertext stealing

For correctness and compliance with the XTS-AES specification, we are
adding support for ciphertext stealing to XTS implementations, even
though no use cases are known that will be enabled by this.

Since the s390 implementation already has a fallback skcipher standby
for other purposes, let's use it for this purpose as well. If ciphertext
stealing use cases ever become a bottleneck, we can always revisit this.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: x86/xts - implement support for ciphertext stealing
Ard Biesheuvel [Fri, 16 Aug 2019 12:21:50 +0000 (15:21 +0300)]
crypto: x86/xts - implement support for ciphertext stealing

Align the x86 code with the generic XTS template, which now supports
ciphertext stealing as described by the IEEE XTS-AES spec P1619.

Tested-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - Fix warning on printing %p with dma_addr_t
Herbert Xu [Thu, 15 Aug 2019 22:47:43 +0000 (08:47 +1000)]
crypto: hisilicon - Fix warning on printing %p with dma_addr_t

This patch fixes a printk format warning by replacing %p with %#llx
for dma_addr_t.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agofs: cifs: move from the crypto cipher API to the new DES library interface
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:12 +0000 (12:01 +0300)]
fs: cifs: move from the crypto cipher API to the new DES library interface

Some legacy code in the CIFS driver uses single DES to calculate
some password hash, and uses the crypto cipher API to do so. Given
that there is no point in invoking an accelerated cipher for doing
56-bit symmetric encryption on a single 8-byte block of input, the
flexibility of the crypto cipher API does not add much value here,
and so we're much better off using a library call into the generic
C implementation.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: des - remove now unused __des3_ede_setkey()
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:11 +0000 (12:01 +0300)]
crypto: des - remove now unused __des3_ede_setkey()

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: x86/des - switch to library interface
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:10 +0000 (12:01 +0300)]
crypto: x86/des - switch to library interface

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: des - split off DES library from generic DES cipher driver
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:09 +0000 (12:01 +0300)]
crypto: des - split off DES library from generic DES cipher driver

Another one for the cipher museum: split off DES core processing into
a separate module so other drivers (mostly for crypto accelerators)
can reuse the code without pulling in the generic DES cipher itself.
This will also permit the cipher interface to be made private to the
crypto API itself once we move the only user in the kernel (CIFS) to
this library interface.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: des - remove unused function
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:08 +0000 (12:01 +0300)]
crypto: des - remove unused function

Remove the old DES3 verification functions that are no longer used.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: 3des - move verification out of exported routine
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:07 +0000 (12:01 +0300)]
crypto: 3des - move verification out of exported routine

In preparation of moving the shared key expansion routine into the
DES library, move the verification done by __des3_ede_setkey() into
its callers.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ux500/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:06 +0000 (12:01 +0300)]
crypto: ux500/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: talitos/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:05 +0000 (12:01 +0300)]
crypto: talitos/des - switch to new verification routines

Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sun4i/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:04 +0000 (12:01 +0300)]
crypto: sun4i/des - switch to new verification routines

Cc: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: stm32/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:03 +0000 (12:01 +0300)]
crypto: stm32/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: rk3288/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:02 +0000 (12:01 +0300)]
crypto: rk3288/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: qce/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:01 +0000 (12:01 +0300)]
crypto: qce/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: picoxcell/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:00 +0000 (12:01 +0300)]
crypto: picoxcell/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: omap/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:59 +0000 (12:00 +0300)]
crypto: omap/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: n2/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:58 +0000 (12:00 +0300)]
crypto: n2/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cesa/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:57 +0000 (12:00 +0300)]
crypto: cesa/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ixp4xx/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:56 +0000 (12:00 +0300)]
crypto: ixp4xx/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: safexcel/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:55 +0000 (12:00 +0300)]
crypto: safexcel/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:54 +0000 (12:00 +0300)]
crypto: hisilicon/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hifn/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:53 +0000 (12:00 +0300)]
crypto: hifn/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccree/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:52 +0000 (12:00 +0300)]
crypto: ccree/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:51 +0000 (12:00 +0300)]
crypto: ccp/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: nitrox/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:50 +0000 (12:00 +0300)]
crypto: nitrox/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cpt/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:49 +0000 (12:00 +0300)]
crypto: cpt/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:48 +0000 (12:00 +0300)]
crypto: caam/des - switch to new verification routines

Cc: Horia Geanta <horia.geanta@nxp.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: bcm/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:47 +0000 (12:00 +0300)]
crypto: bcm/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: atmel/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:46 +0000 (12:00 +0300)]
crypto: atmel/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sparc/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:45 +0000 (12:00 +0300)]
crypto: sparc/des - switch to new verification routines

Switch to the refactored DES key verification routines. While at it,
rename the DES encrypt/decrypt routines so they will not conflict with
the DES library later on.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:44 +0000 (12:00 +0300)]
crypto: s390/des - switch to new verification routines

Switch to the refactored DES key verification routines. While at it,
rename the DES encrypt/decrypt routines so they will not conflict with
the DES library later on.

Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: des/3des_ede - add new helpers to verify keys
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:43 +0000 (12:00 +0300)]
crypto: des/3des_ede - add new helpers to verify keys

The recently added helper routine to perform key strength validation
of triple DES keys is slightly inadequate, since it comes in two versions,
neither of which are highly useful for anything other than skciphers (and
many drivers still use the older blkcipher interfaces).

So let's add a new helper and, considering that this is a helper function
that is only intended to be used by crypto code itself, put it in a new
des.h header under crypto/internal.

While at it, implement a similar helper for single DES, so that we can
start replacing the pattern of calling des_ekey() into a temp buffer
that occurs in many drivers in drivers/crypto.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoMAINTAINERS: nx crypto: Fix typo in a filepath
Denis Efremov [Tue, 13 Aug 2019 06:06:10 +0000 (09:06 +0300)]
MAINTAINERS: nx crypto: Fix typo in a filepath

Fix typo in nx_debugfs.c filepath. File extension changed from .h to .c
The file nx_debugfs.h never existed.

Cc: Breno Leitão <leitao@debian.org>
Cc: Nayna Jain <nayna@linux.ibm.com>
Cc: Paulo Flabiano Smorigo <pfsmorigo@gmail.com>
Cc: Dan Streetman <ddstreet@ieee.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agolib/mpi: Eliminate unused umul_ppmm definitions for MIPS
Nathan Chancellor [Mon, 12 Aug 2019 19:32:57 +0000 (12:32 -0700)]
lib/mpi: Eliminate unused umul_ppmm definitions for MIPS

Clang errors out when building this macro:

lib/mpi/generic_mpih-mul1.c:37:24: error: invalid use of a cast in a
inline asm context requiring an l-value: remove the cast or build with
-fheinous-gnu-extensions
                umul_ppmm(prod_high, prod_low, s1_ptr[j], s2_limb);
                ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/mpi/longlong.h:652:20: note: expanded from macro 'umul_ppmm'
        : "=l" ((USItype)(w0)), \
                ~~~~~~~~~~^~~
lib/mpi/generic_mpih-mul1.c:37:3: error: invalid output constraint '=h'
in asm
                umul_ppmm(prod_high, prod_low, s1_ptr[j], s2_limb);
                ^
lib/mpi/longlong.h:653:7: note: expanded from macro 'umul_ppmm'
             "=h" ((USItype)(w1)) \
             ^
2 errors generated.

The C version that is used for GCC 4.4 and up works well with clang;
however, it is not currently being used because Clang masks itself
as GCC 4.2.1 for compatibility reasons. As Nick points out, we require
GCC 4.6 and newer in the kernel so we can eliminate all of the
versioning checks and just use the C version of umul_ppmm for all
supported compilers.

Link: https://github.com/ClangBuiltLinux/linux/issues/605
Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agorandom: Support freezable kthreads in add_hwgenerator_randomness()
Stephen Boyd [Mon, 19 Aug 2019 15:02:45 +0000 (08:02 -0700)]
random: Support freezable kthreads in add_hwgenerator_randomness()

The kthread calling this function is freezable after commit 03a3bb7ae631
("hwrng: core - Freeze khwrng thread during suspend") is applied.
Unfortunately, this function uses wait_event_interruptible() but doesn't
check for the kthread being woken up by the fake freezer signal. When a
user suspends the system, this kthread will wake up and if it fails the
entropy size check it will immediately go back to sleep and not go into
the freezer. Eventually, suspend will fail because the task never froze
and a warning message like this may appear:

 PM: suspend entry (deep)
 Filesystems sync: 0.000 seconds
 Freezing user space processes ... (elapsed 0.001 seconds) done.
 OOM killer disabled.
 Freezing remaining freezable tasks ...
 Freezing of tasks failed after 20.003 seconds (1 tasks refusing to freeze, wq_busy=0):
 hwrng           R  running task        0   289      2 0x00000020
 [<c08c64c4>] (__schedule) from [<c08c6a10>] (schedule+0x3c/0xc0)
 [<c08c6a10>] (schedule) from [<c05dbd8c>] (add_hwgenerator_randomness+0xb0/0x100)
 [<c05dbd8c>] (add_hwgenerator_randomness) from [<bf1803c8>] (hwrng_fillfn+0xc0/0x14c [rng_core])
 [<bf1803c8>] (hwrng_fillfn [rng_core]) from [<c015abec>] (kthread+0x134/0x148)
 [<c015abec>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c)

Check for a freezer signal here and skip adding any randomness if the
task wakes up because it was frozen. This should make the kthread freeze
properly and suspend work again.

Fixes: 03a3bb7ae631 ("hwrng: core - Freeze khwrng thread during suspend")
Reported-by: Keerthy <j-keerthy@ti.com>
Tested-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aegis128 - implement plain NEON version
Ard Biesheuvel [Sun, 11 Aug 2019 22:59:12 +0000 (01:59 +0300)]
crypto: arm64/aegis128 - implement plain NEON version

Provide a version of the core AES transform to the aegis128 SIMD
code that does not rely on the special AES instructions, but uses
plain NEON instructions instead. This allows the SIMD version of
the aegis128 driver to be used on arm64 systems that do not
implement those instructions (which are not mandatory in the
architecture), such as the Raspberry Pi 3.

Since GCC makes a mess of this when using the tbl/tbx intrinsics
to perform the sbox substitution, preload the Sbox into v16..v31
in this case and use inline asm to emit the tbl/tbx instructions.
Clang does not support this approach, nor does it require it, since
it does a much better job at code generation, so there we use the
intrinsics as usual.

Cc: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128 - provide a SIMD implementation based on NEON intrinsics
Ard Biesheuvel [Sun, 11 Aug 2019 22:59:11 +0000 (01:59 +0300)]
crypto: aegis128 - provide a SIMD implementation based on NEON intrinsics

Provide an accelerated implementation of aegis128 by wiring up the
SIMD hooks in the generic driver to an implementation based on NEON
intrinsics, which can be compiled to both ARM and arm64 code.

This results in a performance of 2.2 cycles per byte on Cortex-A53,
which is a performance increase of ~11x compared to the generic
code.

Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128 - add support for SIMD acceleration
Ard Biesheuvel [Sun, 11 Aug 2019 22:59:10 +0000 (01:59 +0300)]
crypto: aegis128 - add support for SIMD acceleration

Add some plumbing to allow the AEGIS128 code to be built with SIMD
routines for acceleration.

Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: xts - add support for ciphertext stealing
Ard Biesheuvel [Fri, 9 Aug 2019 17:14:57 +0000 (20:14 +0300)]
crypto: xts - add support for ciphertext stealing

Add support for the missing ciphertext stealing part of the XTS-AES
specification, which permits inputs of any size >= the block size.

Cc: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Cc: Ondrej Mosnacek <omosnace@redhat.com>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aead - Do not allow authsize=0 if auth. alg has digestsize>0
Pascal van Leeuwen [Fri, 9 Aug 2019 15:51:07 +0000 (17:51 +0200)]
crypto: aead - Do not allow authsize=0 if auth. alg has digestsize>0

Return -EINVAL on an attempt to set the authsize to 0 with an auth.
algorithm with a non-zero digestsize (i.e. anything but digest_null)
as authenticating the data and then throwing away the result does not
make any sense at all.

The digestsize zero exception is for use with digest_null for testing
purposes only.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: streebog - remove two unused variables
YueHaibing [Fri, 9 Aug 2019 08:49:05 +0000 (16:49 +0800)]
crypto: streebog - remove two unused variables

crypto/streebog_generic.c:162:17: warning:
 Pi defined but not used [-Wunused-const-variable=]
crypto/streebog_generic.c:151:17: warning:
 Tau defined but not used [-Wunused-const-variable=]

They are never used, so can be removed.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aes-generic - remove unused variable 'rco_tab'
YueHaibing [Fri, 9 Aug 2019 08:29:19 +0000 (16:29 +0800)]
crypto: aes-generic - remove unused variable 'rco_tab'

crypto/aes_generic.c:64:18: warning:
 rco_tab defined but not used [-Wunused-const-variable=]

It is never used, so can be removed.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoDocumentation: crypto: crypto_engine: Fix Sphinx warning
Jonathan Neuschäfer [Thu, 8 Aug 2019 16:30:11 +0000 (18:30 +0200)]
Documentation: crypto: crypto_engine: Fix Sphinx warning

This fixes the following Sphinx warning:

Documentation/crypto/crypto_engine.rst:2:
  WARNING: Explicit markup ends without a blank line; unexpected unindent.

Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cavium/nitrox - Configure asymmetric queue manager Hardware unit
Phani Kiran Hemadri [Thu, 8 Aug 2019 12:17:39 +0000 (12:17 +0000)]
crypto: cavium/nitrox - Configure asymmetric queue manager Hardware unit

This patch configures and initializes CNN55XX device AQM hardware unit.

Signed-off-by: Phani Kiran Hemadri <phemadri@marvell.com>
Reviewed-by: Srikanth Jampala <jsrikanth@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cavium/nitrox - Allocate asymmetric crypto command queues
Phani Kiran Hemadri [Thu, 8 Aug 2019 12:17:37 +0000 (12:17 +0000)]
crypto: cavium/nitrox - Allocate asymmetric crypto command queues

This patch adds support to allocate CNN55XX device AQMQ command queues
required for submitting asymmetric crypto requests.

Signed-off-by: Phani Kiran Hemadri <phemadri@marvell.com>
Reviewed-by: Srikanth Jampala <jsrikanth@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cryptd - Use refcount_t for refcount
Chuhong Yuan [Thu, 8 Aug 2019 08:00:22 +0000 (16:00 +0800)]
crypto: cryptd - Use refcount_t for refcount

Reference counters are preferred to use refcount_t instead of
atomic_t.
This is because the implementation of refcount_t can prevent
overflows and detect possible use-after-free.
So convert atomic_t ref counters to refcount_t.

Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: core - Freeze khwrng thread during suspend
Stephen Boyd [Mon, 5 Aug 2019 23:32:41 +0000 (16:32 -0700)]
hwrng: core - Freeze khwrng thread during suspend

The hwrng_fill() function can run while devices are suspending and
resuming. If the hwrng is behind a bus such as i2c or SPI and that bus
is suspended, the hwrng may hang the bus while attempting to add some
randomness. It's been observed on ChromeOS devices with suspend-to-idle
(s2idle) and an i2c based hwrng that this kthread may run and ask the
hwrng device for randomness before the i2c bus has been resumed.

Let's make this kthread freezable so that we don't try to touch the
hwrng during suspend/resume. This ensures that we can't cause the hwrng
backing driver to get into a bad state because the device is guaranteed
to be resumed before the hwrng kthread is thawed.

Cc: Andrey Pronin <apronin@chromium.org>
Cc: Duncan Laurie <dlaurie@chromium.org>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Guenter Roeck <groeck@chromium.org>
Cc: Alexander Steffen <Alexander.Steffen@infineon.com>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>