openwrt/staging/blogic.git
5 years agocrypto: caam - use ioread64*_hi_lo in rd_reg64
Andrey Smirnov [Tue, 20 Aug 2019 20:23:52 +0000 (13:23 -0700)]
crypto: caam - use ioread64*_hi_lo in rd_reg64

Following the same transformation logic as outlined in previous commit
converting wr_reg64, convert rd_reg64 to use helpers from
<linux/io-64-nonatomic-hi-lo.h> first. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrytpo: caam - make use of iowrite64*_hi_lo in wr_reg64
Andrey Smirnov [Tue, 20 Aug 2019 20:23:51 +0000 (13:23 -0700)]
crytpo: caam - make use of iowrite64*_hi_lo in wr_reg64

In order to be able to unify 64 and 32 bit implementations of
wr_reg64, let's convert it to use helpers from
<linux/io-64-nonatomic-hi-lo.h> first. Here are the steps of the
transformation:

1. Inline wr_reg32 helpers:

if (!caam_imx && caam_little_end) {
if (caam_little_end) {
iowrite32(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32(data, (u32 __iomem *)(reg));
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32be(data, (u32 __iomem *)(reg));
}
} else {
if (caam_little_end) {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg));
iowrite32be(data, (u32 __iomem *)(reg) + 1);
}
}

2. Transfrom the conditionals such that the check for
'caam_little_end' is at the top level:

if (caam_little_end) {
if (!caam_imx) {
iowrite32(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32(data, (u32 __iomem *)(reg));
} else {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
}
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg));
iowrite32be(data, (u32 __iomem *)(reg) + 1);
}

3. Invert the check for !caam_imx:

if (caam_little_end) {
if (caam_imx) {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
} else {
iowrite32(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32(data, (u32 __iomem *)(reg));
}
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg));
iowrite32be(data, (u32 __iomem *)(reg) + 1);
}

4. Make use of iowrite64* helpers from <linux/io-64-nonatomic-hi-lo.h>

if (caam_little_end) {
if (caam_imx) {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
} else {
iowrite64(data, reg);
}
} else {
iowrite64be(data, reg);
}

No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - request JR IRQ as the last step
Andrey Smirnov [Tue, 20 Aug 2019 20:23:50 +0000 (13:23 -0700)]
crypto: caam - request JR IRQ as the last step

In order to avoid any risk of JR IRQ request being handled while some
of the resources used for that are not yet allocated move the code
requesting said IRQ to the endo of caam_jr_init().

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - convert caam_jr_init() to use devres
Andrey Smirnov [Tue, 20 Aug 2019 20:23:49 +0000 (13:23 -0700)]
crypto: caam - convert caam_jr_init() to use devres

Use devres to allocate all of the resources in caam_jr_init() (DMA
coherent and regular memory, IRQs) drop calls to corresponding
deallocation routines. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - simplfy clock initialization
Andrey Smirnov [Tue, 20 Aug 2019 20:23:48 +0000 (13:23 -0700)]
crypto: caam - simplfy clock initialization

Simplify clock initialization code by converting it to use clk-bulk,
devres and soc_device_match() match table. No functional change
intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Leonard Crestez <leonard.crestez@nxp.com>
Tested-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - move DMA mask selection into a function
Andrey Smirnov [Tue, 20 Aug 2019 20:23:47 +0000 (13:23 -0700)]
crypto: caam - move DMA mask selection into a function

Exactly the same code to figure out DMA mask is repeated twice in the
driver code. To avoid repetition, move that logic into a standalone
subroutine in intern.h. While at it re-shuffle the code to make it
more readable with early returns.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam/qi - use print_hex_dump_debug function to print debug messages
Iuliana Prodan [Tue, 20 Aug 2019 11:26:39 +0000 (14:26 +0300)]
crypto: caam/qi - use print_hex_dump_debug function to print debug messages

Use print_hex_dump_debug function to print debug messages, instead of
print_hex_dump inside #ifdef DEBUG.

Fixes: 6e005503199b ("crypto: caam - print debug messages at debug level")
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - add support for using the EIP197 without vendor firmware
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:26 +0000 (16:40 +0200)]
crypto: inside-secure - add support for using the EIP197 without vendor firmware

Until now, the inside-secure driver required a set of firmware images
supplied by the silicon vendor, typically under NDA, to be present in
/lib/firmware/inside-secure in order to be able to function.
This patch removes the dependence on this official vendor firmware by
falling back to generic "mini" FW - developed specifically for this
driver - that can be provided under GPL 2.0 through linux-firmwares.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - add support for PCI based FPGA development board
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:25 +0000 (16:40 +0200)]
crypto: inside-secure - add support for PCI based FPGA development board

This patch adds support for a PCIE development board with FPGA from Xilinx,
to facilitate pre-silicon driver development by both Inside Secure and its
IP customers. Since Inside Secure neither produces nor has access to actual
silicon, this is required functionality to allow us to contribute.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Remove redundant algo to engine mapping code
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:24 +0000 (16:40 +0200)]
crypto: inside-secure - Remove redundant algo to engine mapping code

This removes some code determine which engine has which algorithms which
was effectively redundant (may have been forward-looking?) due to always
enabling all algorithms for all currently supported engines.
A future patch will use a different, more scalable approach to achieve
this. This is removed now because otherwise the next patch will add new
hardware which would otherwise have to be added to all algorithms, so
now is a convenient time to just get rid of this.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - make driver selectable for non-Marvell hardware
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:23 +0000 (16:40 +0200)]
crypto: inside-secure - make driver selectable for non-Marvell hardware

While being a generic EIP97/EIP197 driver, the driver was only selectable
for Marvell Armada hardware. This fix makes the driver selectable for any
Device Tree supporting kernel configuration, allowing it to be used for
other compatible hardware by just adding the correct device tree entry.

It also allows the driver to be selected for PCI(E) supporting kernel con-
figurations, to be able to use it with PCIE based FPGA development boards
for pre-silicon driver development by both Inside Secure and its IP custo-
mers.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s5p - use correct block size of 1 for ctr(aes)
Ard Biesheuvel [Mon, 19 Aug 2019 14:22:26 +0000 (17:22 +0300)]
crypto: s5p - use correct block size of 1 for ctr(aes)

Align the s5p ctr(aes) implementation with other implementations
of the same mode, by setting the block size to 1.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Kamil Konieczny <k.konieczny@partner.samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s5p - deal gracefully with bogus input sizes
Ard Biesheuvel [Mon, 19 Aug 2019 14:22:25 +0000 (17:22 +0300)]
crypto: s5p - deal gracefully with bogus input sizes

The s5p skcipher driver returns -EINVAL for zero length inputs, which
deviates from the behavior of the generic ECB template, and causes fuzz
tests to fail. In cases where the input is not a multiple of the AES
block size (and the chaining mode is not CTR), it prints an error to
the kernel log, which is a thing we usually try to avoid in response
to situations that can be triggered by unprivileged users.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Kamil Konieczny <k.konieczny@partner.samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes - implement accelerated ESSIV/CBC mode
Ard Biesheuvel [Mon, 19 Aug 2019 14:17:36 +0000 (17:17 +0300)]
crypto: arm64/aes - implement accelerated ESSIV/CBC mode

Add an accelerated version of the 'essiv(cbc(aes),sha256)' skcipher,
which is used by fscrypt or dm-crypt on systems where CBC mode is
signficantly more performant than XTS mode (e.g., when using a h/w
accelerator which supports the former but not the latter) This avoids
a separate call into the AES cipher for every invocation.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes-cts-cbc - factor out CBC en/decryption of a walk
Ard Biesheuvel [Mon, 19 Aug 2019 14:17:35 +0000 (17:17 +0300)]
crypto: arm64/aes-cts-cbc - factor out CBC en/decryption of a walk

The plain CBC driver and the CTS one share some code that iterates over
a scatterwalk and invokes the CBC asm code to do the processing. The
upcoming ESSIV/CBC mode will clone that pattern for the third time, so
let's factor it out first.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: essiv - add tests for essiv in cbc(aes)+sha256 mode
Ard Biesheuvel [Mon, 19 Aug 2019 14:17:34 +0000 (17:17 +0300)]
crypto: essiv - add tests for essiv in cbc(aes)+sha256 mode

Add a test vector for the ESSIV mode that is the most widely used,
i.e., using cbc(aes) and sha256, in both skcipher and AEAD modes
(the latter is used by tcrypt to encapsulate the authenc template
or h/w instantiations of the same)

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aegis128 - use explicit vector load for permute vectors
Ard Biesheuvel [Mon, 19 Aug 2019 14:15:00 +0000 (17:15 +0300)]
crypto: arm64/aegis128 - use explicit vector load for permute vectors

When building the new aegis128 NEON code in big endian mode, Clang
complains about the const uint8x16_t permute vectors in the following
way:

  crypto/aegis128-neon-inner.c:58:40: warning: vector initializers are not
      compatible with NEON intrinsics in big endian mode
      [-Wnonportable-vector-initialization]
                static const uint8x16_t shift_rows = {
                                                     ^
  crypto/aegis128-neon-inner.c:58:40: note: consider using vld1q_u8() to
      initialize a vector from memory, or vcombine_u8(vcreate_u8(), vcreate_u8())
      to initialize from integer constants

Since the same issue applies to the uint8x16x4_t loads of the AES Sbox,
update those references as well. However, since GCC does not implement
the vld1q_u8_x4() intrinsic, switch from IS_ENABLED() to a preprocessor
conditional to conditionally include this code.

Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: picoxcell - Fix the name of the module in the description of CRYPTO_DEV_PICOXCELL
Christophe JAILLET [Mon, 19 Aug 2019 05:18:33 +0000 (07:18 +0200)]
crypto: picoxcell - Fix the name of the module in the description of CRYPTO_DEV_PICOXCELL

The help section says that the module will be called 'pipcoxcell_crypto'.
This is likely a typo.
Use 'picoxcell_crypto' instead

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: talitos - Fix build warning in aead_des3_setkey
Herbert Xu [Thu, 22 Aug 2019 12:09:15 +0000 (22:09 +1000)]
crypto: talitos - Fix build warning in aead_des3_setkey

This patch removes the variable flags which is now unused thanks
to the new DES helpers.

Fixes: 9d574ae8ebc1 ("crypto: talitos/des - switch to new...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: n2/des - fix build breakage after DES updates
Ard Biesheuvel [Thu, 22 Aug 2019 11:49:15 +0000 (14:49 +0300)]
crypto: n2/des - fix build breakage after DES updates

Fix build breakage caused by the DES library refactor.

Fixes: d4b90dbc8578 ("crypto: n2/des - switch to new verification routines")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390/aes - fix typo in XTS_BLOCK_SIZE identifier
Ard Biesheuvel [Thu, 22 Aug 2019 10:24:54 +0000 (13:24 +0300)]
crypto: s390/aes - fix typo in XTS_BLOCK_SIZE identifier

Fix a typo XTS_BLOCKSIZE -> XTS_BLOCK_SIZE, causing the build to
break.

Fixes: ce68acbcb6a5 ("crypto: s390/xts-aes - invoke fallback for...")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256_generic - Switch to the generic lib/crypto/sha256.c lib code
Hans de Goede [Sat, 17 Aug 2019 14:24:35 +0000 (16:24 +0200)]
crypto: sha256_generic - Switch to the generic lib/crypto/sha256.c lib code

Drop the duplicate generic sha256 (and sha224) implementation from
crypto/sha256_generic.c and use the implementation from
lib/crypto/sha256.c instead.

"diff -u lib/crypto/sha256.c sha256_generic.c" shows that the core
sha256_transform function from both implementations is identical and
the other code is functionally identical too.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Add sha224 support to sha256 library code
Hans de Goede [Sat, 17 Aug 2019 14:24:34 +0000 (16:24 +0200)]
crypto: sha256 - Add sha224 support to sha256 library code

Add sha224 support to the lib/crypto/sha256 library code. This will allow
us to replace both the sha256 and sha224 parts of crypto/sha256_generic.c
when we remove the code duplication in further patches in this series.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Make lib/crypto/sha256.c suitable for generic use
Hans de Goede [Sat, 17 Aug 2019 14:24:33 +0000 (16:24 +0200)]
crypto: sha256 - Make lib/crypto/sha256.c suitable for generic use

Before this commit lib/crypto/sha256.c has only been used in the s390 and
x86 purgatory code, make it suitable for generic use:

* Export interesting symbols
* Add  -D__DISABLE_EXPORTS to CFLAGS_sha256.o for purgatory builds to
  avoid the exports for the purgatory builds
* Add to lib/crypto/Makefile and crypto/Kconfig

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit
Hans de Goede [Sat, 17 Aug 2019 14:24:32 +0000 (16:24 +0200)]
crypto: sha256 - Use get/put_unaligned_be32 to get input, memzero_explicit

Use get/put_unaligned_be32 in lib/crypto/sha256.c to load / store data
so that it can be used with unaligned buffers too, making it more generic.

And use memzero_explicit for better clearing of sensitive data.

Note unlike other patches in this series this commit actually makes
functional changes to the sha256 code as used by the purgatory code.

This fully aligns the lib/crypto/sha256.c sha256 implementation with the
one from crypto/sha256_generic.c allowing us to remove the latter in
further patches in this series.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Move lib/sha256.c to lib/crypto
Hans de Goede [Sat, 17 Aug 2019 14:24:31 +0000 (16:24 +0200)]
crypto: sha256 - Move lib/sha256.c to lib/crypto

Generic crypto implementations belong under lib/crypto not directly in
lib, likewise the header should be in include/crypto, not include/linux.

Note that the code in lib/crypto/sha256.c is not yet available for
generic use after this commit, it is still only used by the s390 and x86
purgatory code. Making it suitable for generic use is done in further
patches in this series.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256_generic - Fix some coding style issues
Hans de Goede [Sat, 17 Aug 2019 14:24:30 +0000 (16:24 +0200)]
crypto: sha256_generic - Fix some coding style issues

Add a bunch of missing spaces after commas and arround operators.

Note the main goal of this is to make sha256_transform and its helpers
identical in formatting too the duplcate implementation in lib/sha256.c,
so that "diff -u" can be used to compare them to prove that no functional
changes are made when further patches in this series consolidate the 2
implementations into 1.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Fix some coding style issues
Hans de Goede [Sat, 17 Aug 2019 14:24:29 +0000 (16:24 +0200)]
crypto: sha256 - Fix some coding style issues

For some reason after the first 15 steps the last statement of each
step ends with "t1+t2", missing spaces around the "+". This commit
fixes this. This was done with a 's/= t1+t2/= t1 + t2/' to make sure
no functional changes are introduced.

Note the main goal of this is to make lib/sha256.c's sha256_transform
and its helpers identical in formatting too the duplcate implementation
in crypto/sha256_generic.c so that "diff -u" can be used to compare them
to prove that no functional changes are made when further patches in
this series consolidate the 2 implementations into 1.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: vmx/xts - use fallback for ciphertext stealing
Ard Biesheuvel [Fri, 16 Aug 2019 14:06:24 +0000 (17:06 +0300)]
crypto: vmx/xts - use fallback for ciphertext stealing

For correctness and compliance with the XTS-AES specification, we are
adding support for ciphertext stealing to XTS implementations, even
though no use cases are known that will be enabled by this.

Since the Power8 implementation already has a fallback skcipher standby
for other purposes, let's use it for this purpose as well. If ciphertext
stealing use cases ever become a bottleneck, we can always revisit this.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390/xts-aes - invoke fallback for ciphertext stealing
Ard Biesheuvel [Fri, 16 Aug 2019 12:35:45 +0000 (15:35 +0300)]
crypto: s390/xts-aes - invoke fallback for ciphertext stealing

For correctness and compliance with the XTS-AES specification, we are
adding support for ciphertext stealing to XTS implementations, even
though no use cases are known that will be enabled by this.

Since the s390 implementation already has a fallback skcipher standby
for other purposes, let's use it for this purpose as well. If ciphertext
stealing use cases ever become a bottleneck, we can always revisit this.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: x86/xts - implement support for ciphertext stealing
Ard Biesheuvel [Fri, 16 Aug 2019 12:21:50 +0000 (15:21 +0300)]
crypto: x86/xts - implement support for ciphertext stealing

Align the x86 code with the generic XTS template, which now supports
ciphertext stealing as described by the IEEE XTS-AES spec P1619.

Tested-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - Fix warning on printing %p with dma_addr_t
Herbert Xu [Thu, 15 Aug 2019 22:47:43 +0000 (08:47 +1000)]
crypto: hisilicon - Fix warning on printing %p with dma_addr_t

This patch fixes a printk format warning by replacing %p with %#llx
for dma_addr_t.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agofs: cifs: move from the crypto cipher API to the new DES library interface
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:12 +0000 (12:01 +0300)]
fs: cifs: move from the crypto cipher API to the new DES library interface

Some legacy code in the CIFS driver uses single DES to calculate
some password hash, and uses the crypto cipher API to do so. Given
that there is no point in invoking an accelerated cipher for doing
56-bit symmetric encryption on a single 8-byte block of input, the
flexibility of the crypto cipher API does not add much value here,
and so we're much better off using a library call into the generic
C implementation.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: des - remove now unused __des3_ede_setkey()
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:11 +0000 (12:01 +0300)]
crypto: des - remove now unused __des3_ede_setkey()

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: x86/des - switch to library interface
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:10 +0000 (12:01 +0300)]
crypto: x86/des - switch to library interface

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: des - split off DES library from generic DES cipher driver
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:09 +0000 (12:01 +0300)]
crypto: des - split off DES library from generic DES cipher driver

Another one for the cipher museum: split off DES core processing into
a separate module so other drivers (mostly for crypto accelerators)
can reuse the code without pulling in the generic DES cipher itself.
This will also permit the cipher interface to be made private to the
crypto API itself once we move the only user in the kernel (CIFS) to
this library interface.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: des - remove unused function
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:08 +0000 (12:01 +0300)]
crypto: des - remove unused function

Remove the old DES3 verification functions that are no longer used.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: 3des - move verification out of exported routine
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:07 +0000 (12:01 +0300)]
crypto: 3des - move verification out of exported routine

In preparation of moving the shared key expansion routine into the
DES library, move the verification done by __des3_ede_setkey() into
its callers.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ux500/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:06 +0000 (12:01 +0300)]
crypto: ux500/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: talitos/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:05 +0000 (12:01 +0300)]
crypto: talitos/des - switch to new verification routines

Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sun4i/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:04 +0000 (12:01 +0300)]
crypto: sun4i/des - switch to new verification routines

Cc: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: stm32/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:03 +0000 (12:01 +0300)]
crypto: stm32/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: rk3288/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:02 +0000 (12:01 +0300)]
crypto: rk3288/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: qce/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:01 +0000 (12:01 +0300)]
crypto: qce/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: picoxcell/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:01:00 +0000 (12:01 +0300)]
crypto: picoxcell/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: omap/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:59 +0000 (12:00 +0300)]
crypto: omap/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: n2/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:58 +0000 (12:00 +0300)]
crypto: n2/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cesa/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:57 +0000 (12:00 +0300)]
crypto: cesa/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ixp4xx/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:56 +0000 (12:00 +0300)]
crypto: ixp4xx/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: safexcel/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:55 +0000 (12:00 +0300)]
crypto: safexcel/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:54 +0000 (12:00 +0300)]
crypto: hisilicon/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hifn/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:53 +0000 (12:00 +0300)]
crypto: hifn/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccree/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:52 +0000 (12:00 +0300)]
crypto: ccree/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:51 +0000 (12:00 +0300)]
crypto: ccp/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: nitrox/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:50 +0000 (12:00 +0300)]
crypto: nitrox/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cpt/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:49 +0000 (12:00 +0300)]
crypto: cpt/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:48 +0000 (12:00 +0300)]
crypto: caam/des - switch to new verification routines

Cc: Horia Geanta <horia.geanta@nxp.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: bcm/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:47 +0000 (12:00 +0300)]
crypto: bcm/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: atmel/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:46 +0000 (12:00 +0300)]
crypto: atmel/des - switch to new verification routines

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sparc/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:45 +0000 (12:00 +0300)]
crypto: sparc/des - switch to new verification routines

Switch to the refactored DES key verification routines. While at it,
rename the DES encrypt/decrypt routines so they will not conflict with
the DES library later on.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390/des - switch to new verification routines
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:44 +0000 (12:00 +0300)]
crypto: s390/des - switch to new verification routines

Switch to the refactored DES key verification routines. While at it,
rename the DES encrypt/decrypt routines so they will not conflict with
the DES library later on.

Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: des/3des_ede - add new helpers to verify keys
Ard Biesheuvel [Thu, 15 Aug 2019 09:00:43 +0000 (12:00 +0300)]
crypto: des/3des_ede - add new helpers to verify keys

The recently added helper routine to perform key strength validation
of triple DES keys is slightly inadequate, since it comes in two versions,
neither of which are highly useful for anything other than skciphers (and
many drivers still use the older blkcipher interfaces).

So let's add a new helper and, considering that this is a helper function
that is only intended to be used by crypto code itself, put it in a new
des.h header under crypto/internal.

While at it, implement a similar helper for single DES, so that we can
start replacing the pattern of calling des_ekey() into a temp buffer
that occurs in many drivers in drivers/crypto.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoMAINTAINERS: nx crypto: Fix typo in a filepath
Denis Efremov [Tue, 13 Aug 2019 06:06:10 +0000 (09:06 +0300)]
MAINTAINERS: nx crypto: Fix typo in a filepath

Fix typo in nx_debugfs.c filepath. File extension changed from .h to .c
The file nx_debugfs.h never existed.

Cc: Breno Leitão <leitao@debian.org>
Cc: Nayna Jain <nayna@linux.ibm.com>
Cc: Paulo Flabiano Smorigo <pfsmorigo@gmail.com>
Cc: Dan Streetman <ddstreet@ieee.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agolib/mpi: Eliminate unused umul_ppmm definitions for MIPS
Nathan Chancellor [Mon, 12 Aug 2019 19:32:57 +0000 (12:32 -0700)]
lib/mpi: Eliminate unused umul_ppmm definitions for MIPS

Clang errors out when building this macro:

lib/mpi/generic_mpih-mul1.c:37:24: error: invalid use of a cast in a
inline asm context requiring an l-value: remove the cast or build with
-fheinous-gnu-extensions
                umul_ppmm(prod_high, prod_low, s1_ptr[j], s2_limb);
                ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/mpi/longlong.h:652:20: note: expanded from macro 'umul_ppmm'
        : "=l" ((USItype)(w0)), \
                ~~~~~~~~~~^~~
lib/mpi/generic_mpih-mul1.c:37:3: error: invalid output constraint '=h'
in asm
                umul_ppmm(prod_high, prod_low, s1_ptr[j], s2_limb);
                ^
lib/mpi/longlong.h:653:7: note: expanded from macro 'umul_ppmm'
             "=h" ((USItype)(w1)) \
             ^
2 errors generated.

The C version that is used for GCC 4.4 and up works well with clang;
however, it is not currently being used because Clang masks itself
as GCC 4.2.1 for compatibility reasons. As Nick points out, we require
GCC 4.6 and newer in the kernel so we can eliminate all of the
versioning checks and just use the C version of umul_ppmm for all
supported compilers.

Link: https://github.com/ClangBuiltLinux/linux/issues/605
Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agorandom: Support freezable kthreads in add_hwgenerator_randomness()
Stephen Boyd [Mon, 19 Aug 2019 15:02:45 +0000 (08:02 -0700)]
random: Support freezable kthreads in add_hwgenerator_randomness()

The kthread calling this function is freezable after commit 03a3bb7ae631
("hwrng: core - Freeze khwrng thread during suspend") is applied.
Unfortunately, this function uses wait_event_interruptible() but doesn't
check for the kthread being woken up by the fake freezer signal. When a
user suspends the system, this kthread will wake up and if it fails the
entropy size check it will immediately go back to sleep and not go into
the freezer. Eventually, suspend will fail because the task never froze
and a warning message like this may appear:

 PM: suspend entry (deep)
 Filesystems sync: 0.000 seconds
 Freezing user space processes ... (elapsed 0.001 seconds) done.
 OOM killer disabled.
 Freezing remaining freezable tasks ...
 Freezing of tasks failed after 20.003 seconds (1 tasks refusing to freeze, wq_busy=0):
 hwrng           R  running task        0   289      2 0x00000020
 [<c08c64c4>] (__schedule) from [<c08c6a10>] (schedule+0x3c/0xc0)
 [<c08c6a10>] (schedule) from [<c05dbd8c>] (add_hwgenerator_randomness+0xb0/0x100)
 [<c05dbd8c>] (add_hwgenerator_randomness) from [<bf1803c8>] (hwrng_fillfn+0xc0/0x14c [rng_core])
 [<bf1803c8>] (hwrng_fillfn [rng_core]) from [<c015abec>] (kthread+0x134/0x148)
 [<c015abec>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c)

Check for a freezer signal here and skip adding any randomness if the
task wakes up because it was frozen. This should make the kthread freeze
properly and suspend work again.

Fixes: 03a3bb7ae631 ("hwrng: core - Freeze khwrng thread during suspend")
Reported-by: Keerthy <j-keerthy@ti.com>
Tested-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aegis128 - implement plain NEON version
Ard Biesheuvel [Sun, 11 Aug 2019 22:59:12 +0000 (01:59 +0300)]
crypto: arm64/aegis128 - implement plain NEON version

Provide a version of the core AES transform to the aegis128 SIMD
code that does not rely on the special AES instructions, but uses
plain NEON instructions instead. This allows the SIMD version of
the aegis128 driver to be used on arm64 systems that do not
implement those instructions (which are not mandatory in the
architecture), such as the Raspberry Pi 3.

Since GCC makes a mess of this when using the tbl/tbx intrinsics
to perform the sbox substitution, preload the Sbox into v16..v31
in this case and use inline asm to emit the tbl/tbx instructions.
Clang does not support this approach, nor does it require it, since
it does a much better job at code generation, so there we use the
intrinsics as usual.

Cc: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128 - provide a SIMD implementation based on NEON intrinsics
Ard Biesheuvel [Sun, 11 Aug 2019 22:59:11 +0000 (01:59 +0300)]
crypto: aegis128 - provide a SIMD implementation based on NEON intrinsics

Provide an accelerated implementation of aegis128 by wiring up the
SIMD hooks in the generic driver to an implementation based on NEON
intrinsics, which can be compiled to both ARM and arm64 code.

This results in a performance of 2.2 cycles per byte on Cortex-A53,
which is a performance increase of ~11x compared to the generic
code.

Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128 - add support for SIMD acceleration
Ard Biesheuvel [Sun, 11 Aug 2019 22:59:10 +0000 (01:59 +0300)]
crypto: aegis128 - add support for SIMD acceleration

Add some plumbing to allow the AEGIS128 code to be built with SIMD
routines for acceleration.

Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: xts - add support for ciphertext stealing
Ard Biesheuvel [Fri, 9 Aug 2019 17:14:57 +0000 (20:14 +0300)]
crypto: xts - add support for ciphertext stealing

Add support for the missing ciphertext stealing part of the XTS-AES
specification, which permits inputs of any size >= the block size.

Cc: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Cc: Ondrej Mosnacek <omosnace@redhat.com>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aead - Do not allow authsize=0 if auth. alg has digestsize>0
Pascal van Leeuwen [Fri, 9 Aug 2019 15:51:07 +0000 (17:51 +0200)]
crypto: aead - Do not allow authsize=0 if auth. alg has digestsize>0

Return -EINVAL on an attempt to set the authsize to 0 with an auth.
algorithm with a non-zero digestsize (i.e. anything but digest_null)
as authenticating the data and then throwing away the result does not
make any sense at all.

The digestsize zero exception is for use with digest_null for testing
purposes only.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: streebog - remove two unused variables
YueHaibing [Fri, 9 Aug 2019 08:49:05 +0000 (16:49 +0800)]
crypto: streebog - remove two unused variables

crypto/streebog_generic.c:162:17: warning:
 Pi defined but not used [-Wunused-const-variable=]
crypto/streebog_generic.c:151:17: warning:
 Tau defined but not used [-Wunused-const-variable=]

They are never used, so can be removed.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aes-generic - remove unused variable 'rco_tab'
YueHaibing [Fri, 9 Aug 2019 08:29:19 +0000 (16:29 +0800)]
crypto: aes-generic - remove unused variable 'rco_tab'

crypto/aes_generic.c:64:18: warning:
 rco_tab defined but not used [-Wunused-const-variable=]

It is never used, so can be removed.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoDocumentation: crypto: crypto_engine: Fix Sphinx warning
Jonathan Neuschäfer [Thu, 8 Aug 2019 16:30:11 +0000 (18:30 +0200)]
Documentation: crypto: crypto_engine: Fix Sphinx warning

This fixes the following Sphinx warning:

Documentation/crypto/crypto_engine.rst:2:
  WARNING: Explicit markup ends without a blank line; unexpected unindent.

Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cavium/nitrox - Configure asymmetric queue manager Hardware unit
Phani Kiran Hemadri [Thu, 8 Aug 2019 12:17:39 +0000 (12:17 +0000)]
crypto: cavium/nitrox - Configure asymmetric queue manager Hardware unit

This patch configures and initializes CNN55XX device AQM hardware unit.

Signed-off-by: Phani Kiran Hemadri <phemadri@marvell.com>
Reviewed-by: Srikanth Jampala <jsrikanth@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cavium/nitrox - Allocate asymmetric crypto command queues
Phani Kiran Hemadri [Thu, 8 Aug 2019 12:17:37 +0000 (12:17 +0000)]
crypto: cavium/nitrox - Allocate asymmetric crypto command queues

This patch adds support to allocate CNN55XX device AQMQ command queues
required for submitting asymmetric crypto requests.

Signed-off-by: Phani Kiran Hemadri <phemadri@marvell.com>
Reviewed-by: Srikanth Jampala <jsrikanth@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cryptd - Use refcount_t for refcount
Chuhong Yuan [Thu, 8 Aug 2019 08:00:22 +0000 (16:00 +0800)]
crypto: cryptd - Use refcount_t for refcount

Reference counters are preferred to use refcount_t instead of
atomic_t.
This is because the implementation of refcount_t can prevent
overflows and detect possible use-after-free.
So convert atomic_t ref counters to refcount_t.

Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: core - Freeze khwrng thread during suspend
Stephen Boyd [Mon, 5 Aug 2019 23:32:41 +0000 (16:32 -0700)]
hwrng: core - Freeze khwrng thread during suspend

The hwrng_fill() function can run while devices are suspending and
resuming. If the hwrng is behind a bus such as i2c or SPI and that bus
is suspended, the hwrng may hang the bus while attempting to add some
randomness. It's been observed on ChromeOS devices with suspend-to-idle
(s2idle) and an i2c based hwrng that this kthread may run and ask the
hwrng device for randomness before the i2c bus has been resumed.

Let's make this kthread freezable so that we don't try to touch the
hwrng during suspend/resume. This ensures that we can't cause the hwrng
backing driver to get into a bad state because the device is guaranteed
to be resumed before the hwrng kthread is thawed.

Cc: Andrey Pronin <apronin@chromium.org>
Cc: Duncan Laurie <dlaurie@chromium.org>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Guenter Roeck <groeck@chromium.org>
Cc: Alexander Steffen <Alexander.Steffen@infineon.com>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam/qi - execute library only on DPAA 1.x
Horia Geantă [Mon, 5 Aug 2019 12:49:55 +0000 (15:49 +0300)]
crypto: caam/qi - execute library only on DPAA 1.x

In the process of turning caam/qi into a library, the check of
MCFGR[QI] bit has been inadvertently dropped.
Fix the condition for DPAA 1.x QI detection, which should be:
MCFGR[QI] && !MCFGR[DPAA2]

A check in the library exit point is currently not needed,
since the list of registered algorithms is empty.

While here, silence the library initialization abort - since jr.c
calls it unconditionally.

Fixes: 1b46c90c8e00 ("crypto: caam - convert top level drivers to libraries")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - fix error handle in hisi_zip_create_req_q
Zhou Wang [Wed, 14 Aug 2019 09:28:39 +0000 (17:28 +0800)]
crypto: hisilicon - fix error handle in hisi_zip_create_req_q

Directly return error in the first loop in hisi_zip_create_req_q.

Fixes: 62c455ca853e ("crypto: hisilicon - add HiSilicon ZIP accelerator support")
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - add missing single_release
Zhou Wang [Wed, 14 Aug 2019 09:28:38 +0000 (17:28 +0800)]
crypto: hisilicon - add missing single_release

Fix to add missing single_release in qm_regs_fops.

Fixes: 263c9959c937 ("crypto: hisilicon - add queue management driver for HiSilicon QM module")
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - init curr_sgl_dma to fix compile warning
Zhou Wang [Wed, 14 Aug 2019 09:28:37 +0000 (17:28 +0800)]
crypto: hisilicon - init curr_sgl_dma to fix compile warning

Just init curr_sgl_dma = 0 to avoid compile warning.

Fixes: dfed0098ab91 ("crypto: hisilicon - add hardware SGL support")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - add dependency for CRYPTO_DEV_HISI_ZIP
Zhou Wang [Wed, 14 Aug 2019 09:28:36 +0000 (17:28 +0800)]
crypto: hisilicon - add dependency for CRYPTO_DEV_HISI_ZIP

Add ARM64/PCI/PCI_MSI dependency for CRYPTO_DEV_HISI_ZIP.

Fixes: 62c455ca853e ("crypto: hisilicon - add HiSilicon ZIP accelerator support")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - fix kbuild warnings
Zhou Wang [Wed, 14 Aug 2019 09:28:35 +0000 (17:28 +0800)]
crypto: hisilicon - fix kbuild warnings

Fix to use proper type of argument for dma_addr_t and size_t.

Fixes: 263c9959c937 ("crypto: hisilicon - add queue management driver for HiSilicon QM module")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agopadata: initialize pd->cpu with effective cpumask
Daniel Jordan [Thu, 8 Aug 2019 16:05:35 +0000 (12:05 -0400)]
padata: initialize pd->cpu with effective cpumask

Exercising CPU hotplug on a 5.2 kernel with recent padata fixes from
cryptodev-2.6.git in an 8-CPU kvm guest...

    # modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes)))" type=3
    # echo 0 > /sys/devices/system/cpu/cpu1/online
    # echo c > /sys/kernel/pcrypt/pencrypt/parallel_cpumask
    # modprobe tcrypt mode=215

...caused the following crash:

    BUG: kernel NULL pointer dereference, address: 0000000000000000
    #PF: supervisor read access in kernel mode
    #PF: error_code(0x0000) - not-present page
    PGD 0 P4D 0
    Oops: 0000 [#1] SMP PTI
    CPU: 2 PID: 134 Comm: kworker/2:2 Not tainted 5.2.0-padata-base+ #7
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-<snip>
    Workqueue: pencrypt padata_parallel_worker
    RIP: 0010:padata_reorder+0xcb/0x180
    ...
    Call Trace:
     padata_do_serial+0x57/0x60
     pcrypt_aead_enc+0x3a/0x50 [pcrypt]
     padata_parallel_worker+0x9b/0xe0
     process_one_work+0x1b5/0x3f0
     worker_thread+0x4a/0x3c0
     ...

In padata_alloc_pd, pd->cpu is set using the user-supplied cpumask
instead of the effective cpumask, and in this case cpumask_first picked
an offline CPU.

The offline CPU's reorder->list.next is NULL in padata_reorder because
the list wasn't initialized in padata_init_pqueues, which only operates
on CPUs in the effective mask.

Fix by using the effective mask in padata_alloc_pd.

Fixes: 6fc4dbcf0276 ("padata: Replace delayed timer with immediate workqueue in padata_reorder")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - Remove unnecessary linux/pci.h include
Bjorn Helgaas [Fri, 2 Aug 2019 23:20:12 +0000 (18:20 -0500)]
crypto: ccp - Remove unnecessary linux/pci.h include

Remove unused includes of linux/pci.h.

Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - Include DMA declarations explicitly
Bjorn Helgaas [Fri, 2 Aug 2019 23:20:11 +0000 (18:20 -0500)]
crypto: ccp - Include DMA declarations explicitly

ccp-dev.h uses dma_direction, which is defined in linux/dma-direction.h.
Include that explicitly instead of relying on it being included via
linux/pci.h, since ccp-dev.h requires nothing else from linux/pci.h.

Similarly, ccp-dmaengine.c uses dma_get_mask(), which is defined in
linux/dma-mapping.h, so include that explicitly since it requires nothing
else from linux/pci.h.

A future patch will remove the includes of linux/pci.h where it is not
needed.

Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: qcom-rng - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:09 +0000 (21:28 +0800)]
crypto: qcom-rng - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: qce - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:08 +0000 (21:28 +0800)]
crypto: qce - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: stm32 - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:07 +0000 (21:28 +0800)]
crypto: stm32 - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: rockchip - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:06 +0000 (21:28 +0800)]
crypto: rockchip - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sunxi-ss - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:05 +0000 (21:28 +0800)]
crypto: sunxi-ss - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: picoxcell - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:04 +0000 (21:28 +0800)]
crypto: picoxcell - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Jamie Iles <jamie@jamieiles.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:03 +0000 (21:28 +0800)]
crypto: mediatek - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:02 +0000 (21:28 +0800)]
crypto: inside-secure - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: img-hash - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:01 +0000 (21:28 +0800)]
crypto: img-hash - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: exynos - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:28:00 +0000 (21:28 +0800)]
crypto: exynos - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:27:59 +0000 (21:27 +0800)]
crypto: ccp - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: artpec6 - use devm_platform_ioremap_resource() to simplify code
YueHaibing [Fri, 2 Aug 2019 13:27:58 +0000 (21:27 +0800)]
crypto: artpec6 - use devm_platform_ioremap_resource() to simplify code

Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: gcm - restrict assoclen for rfc4543
Iuliana Prodan [Fri, 2 Aug 2019 08:47:33 +0000 (11:47 +0300)]
crypto: gcm - restrict assoclen for rfc4543

Based on seqiv, IPsec ESP and rfc4543/rfc4106 the assoclen can be 16 or
20 bytes.

From esp4/esp6, assoclen is sizeof IP Header. This includes spi, seq_no
and extended seq_no, that is 8 or 12 bytes.
In seqiv, to asscolen is added the IV size (8 bytes).
Therefore, the assoclen, for rfc4543, should be restricted to 16 or 20
bytes, as for rfc4106.

Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geanta <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoMAINTAINERS: add maintainer for HiSilicon QM and ZIP controller driver
Zhou Wang [Fri, 2 Aug 2019 07:57:56 +0000 (15:57 +0800)]
MAINTAINERS: add maintainer for HiSilicon QM and ZIP controller driver

Add Zhou Wang as a maintainer for HiSilicon QM and ZIP controller driver.

Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Reviewed-by: John Garry <john.garry@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>