openwrt/staging/blogic.git
5 years agocrypto: ccree - enable CTS support in AES-XTS
Uri Shir [Sun, 8 Sep 2019 08:04:26 +0000 (11:04 +0300)]
crypto: ccree - enable CTS support in AES-XTS

In XTS encryption/decryption the plaintext byte size
can be >= AES_BLOCK_SIZE. This patch enable the AES-XTS ciphertext
stealing implementation in ccree driver.

Signed-off-by: Uri Shir <uri.shir@arm.com>
Acked-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Probe transform record cache RAM sizes
Pascal van Leeuwen [Fri, 6 Sep 2019 14:31:53 +0000 (16:31 +0200)]
crypto: inside-secure - Probe transform record cache RAM sizes

This patch actually probes the transform record cache data and
administration RAM sizes, instead of making assumptions, and then
configures the TRC based on the actually probed values.
This allows the driver to work with EIP197 HW that has TRC RAM
sizes different from those of the Marvell EIP197B/D variants.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Base RD fetchcount on actual RD FIFO size
Pascal van Leeuwen [Fri, 6 Sep 2019 14:31:52 +0000 (16:31 +0200)]
crypto: inside-secure - Base RD fetchcount on actual RD FIFO size

This patch derives the result descriptor fetch count from the actual
FIFO size advertised by the hardware. Fetching result descriptors
one at a time is a performance bottleneck for small blocks, especially
on hardware with multiple pipes. Even moreso if the HW has few rings.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Base CD fetchcount on actual CD FIFO size
Pascal van Leeuwen [Fri, 6 Sep 2019 14:31:51 +0000 (16:31 +0200)]
crypto: inside-secure - Base CD fetchcount on actual CD FIFO size

This patch derives the command descriptor fetch count from the actual
FIFO size advertised by the hardware. Fetching command descriptors
one at a time is a performance bottleneck for small blocks, especially
on hardware with multiple pipes. Even moreso if the HW has few rings.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Enable extended algorithms on newer HW
Pascal van Leeuwen [Fri, 6 Sep 2019 14:31:50 +0000 (16:31 +0200)]
crypto: inside-secure - Enable extended algorithms on newer HW

This patch enables algorithms that did not fit the original 32 bit
FUNCTION_EN register anymore via the FUNCTION2_EN extension reg.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure: Corrected configuration of EIP96_TOKEN_CTRL
Pascal van Leeuwen [Fri, 6 Sep 2019 14:31:49 +0000 (16:31 +0200)]
crypto: inside-secure: Corrected configuration of EIP96_TOKEN_CTRL

This patch corrects the configuration of the EIP197_PE_EIP96_TOKEN_CTRL
register. Previous value was wrong and potentially dangerous.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add EIP97/EIP197 and endianness detection
Pascal van Leeuwen [Fri, 6 Sep 2019 14:31:48 +0000 (16:31 +0200)]
crypto: inside-secure - Add EIP97/EIP197 and endianness detection

This patch adds automatic EIP97/EIP197 detection, so it does not need to
rely on any static value from the device table anymore. In particular,
the static value from the table won't work for PCI devboards that cannot
be further identified save from this direct hardware probing.

The patch also adds automatic host xs endianness detection & correction.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agopadata: remove cpu_index from the parallel_queue
Daniel Jordan [Fri, 6 Sep 2019 01:40:29 +0000 (21:40 -0400)]
padata: remove cpu_index from the parallel_queue

With the removal of the ENODATA case from padata_get_next, the cpu_index
field is no longer useful, so it can go away.

Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agopadata: unbind parallel jobs from specific CPUs
Daniel Jordan [Fri, 6 Sep 2019 01:40:28 +0000 (21:40 -0400)]
padata: unbind parallel jobs from specific CPUs

Padata binds the parallel part of a job to a single CPU and round-robins
over all CPUs in the system for each successive job.  Though the serial
parts rely on per-CPU queues for correct ordering, they're not necessary
for parallel work, and it improves performance to run the job locally on
NUMA machines and let the scheduler pick the CPU within a node on a busy
system.

So, make the parallel workqueue unbound.

Update the parallel workqueue's cpumask when the instance's parallel
cpumask changes.

Now that parallel jobs no longer run on max_active=1 workqueues, two or
more parallel works that hash to the same CPU may run simultaneously,
finish out of order, and so be serialized out of order.  Prevent this by
keeping the works sorted on the reorder list by sequence number and
checking that in the reordering logic.

padata_get_next becomes padata_find_next so it can be reused for the end
of padata_reorder, where it's used to avoid uselessly queueing work when
the next job by sequence number isn't finished yet but a later job that
hashed to the same CPU has.

The ENODATA case in padata_find_next no longer makes sense because
parallel jobs aren't bound to specific CPUs.  The EINPROGRESS case takes
care of the scenario where a parallel job is potentially running on the
same CPU as padata_find_next, and with only one error code left, just
use NULL instead.

Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agopadata: use separate workqueues for parallel and serial work
Daniel Jordan [Fri, 6 Sep 2019 01:40:27 +0000 (21:40 -0400)]
padata: use separate workqueues for parallel and serial work

padata currently uses one per-CPU workqueue per instance for all work.

Prepare for running parallel jobs on an unbound workqueue by introducing
dedicated workqueues for parallel and serial work.

Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agopadata, pcrypt: take CPU hotplug lock internally in padata_alloc_possible
Daniel Jordan [Fri, 6 Sep 2019 01:40:26 +0000 (21:40 -0400)]
padata, pcrypt: take CPU hotplug lock internally in padata_alloc_possible

With pcrypt's cpumask no longer used, take the CPU hotplug lock inside
padata_alloc_possible.

Useful later in the series for avoiding nested acquisition of the CPU
hotplug lock in padata when padata_alloc_possible is allocating an
unbound workqueue.

Without this patch, this nested acquisition would happen later in the
series:

      pcrypt_init_padata
        get_online_cpus
        alloc_padata_possible
          alloc_padata
            alloc_workqueue(WQ_UNBOUND)   // later in the series
              alloc_and_link_pwqs
                apply_wqattrs_lock
                  get_online_cpus         // recursive rwsem acquisition

Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: pcrypt - remove padata cpumask notifier
Daniel Jordan [Fri, 6 Sep 2019 01:40:25 +0000 (21:40 -0400)]
crypto: pcrypt - remove padata cpumask notifier

Now that padata_do_parallel takes care of finding an alternate callback
CPU, there's no need for pcrypt's callback cpumask, so remove it and the
notifier callback that keeps it in sync.

Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agopadata: make padata_do_parallel find alternate callback CPU
Daniel Jordan [Fri, 6 Sep 2019 01:40:24 +0000 (21:40 -0400)]
padata: make padata_do_parallel find alternate callback CPU

padata_do_parallel currently returns -EINVAL if the callback CPU isn't
in the callback cpumask.

pcrypt tries to prevent this situation by keeping its own callback
cpumask in sync with padata's and checks that the callback CPU it passes
to padata is valid.  Make padata handle this instead.

padata_do_parallel now takes a pointer to the callback CPU and updates
it for the caller if an alternate CPU is used.  Overall behavior in
terms of which callback CPUs are chosen stays the same.

Prepares for removal of the padata cpumask notifier in pcrypt, which
will fix a lockdep complaint about nested acquisition of the CPU hotplug
lock later in the series.

Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoworkqueue: require CPU hotplug read exclusion for apply_workqueue_attrs
Daniel Jordan [Fri, 6 Sep 2019 01:40:23 +0000 (21:40 -0400)]
workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs

Change the calling convention for apply_workqueue_attrs to require CPU
hotplug read exclusion.

Avoids lockdep complaints about nested calls to get_online_cpus in a
future patch where padata calls apply_workqueue_attrs when changing
other CPU-hotplug-sensitive data structures with the CPU read lock
already held.

Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoworkqueue: unconfine alloc/apply/free_workqueue_attrs()
Daniel Jordan [Fri, 6 Sep 2019 01:40:22 +0000 (21:40 -0400)]
workqueue: unconfine alloc/apply/free_workqueue_attrs()

padata will use these these interfaces in a later patch, so unconfine them.

Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agopadata: allocate workqueue internally
Daniel Jordan [Fri, 6 Sep 2019 01:40:21 +0000 (21:40 -0400)]
padata: allocate workqueue internally

Move workqueue allocation inside of padata to prepare for further
changes to how padata uses workqueues.

Guarantees the workqueue is created with max_active=1, which padata
relies on to work correctly.  No functional change.

Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: linux-crypto@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoarm64: dts: imx8mq: Add CAAM node
Andrey Smirnov [Fri, 30 Aug 2019 21:01:39 +0000 (14:01 -0700)]
arm64: dts: imx8mq: Add CAAM node

Add node for CAAM - Cryptographic Acceleration and Assurance Module.

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Acked-by: Li Yang <leoyang.li@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agorandom: Use wait_event_freezable() in add_hwgenerator_randomness()
Stephen Boyd [Thu, 5 Sep 2019 16:41:12 +0000 (09:41 -0700)]
random: Use wait_event_freezable() in add_hwgenerator_randomness()

Sebastian reports that after commit ff296293b353 ("random: Support freezable
kthreads in add_hwgenerator_randomness()") we can call might_sleep() when the
task state is TASK_INTERRUPTIBLE (state=1). This leads to the following warning.

 do not call blocking ops when !TASK_RUNNING; state=1 set at [<00000000349d1489>] prepare_to_wait_event+0x5a/0x180
 WARNING: CPU: 0 PID: 828 at kernel/sched/core.c:6741 __might_sleep+0x6f/0x80
 Modules linked in:

 CPU: 0 PID: 828 Comm: hwrng Not tainted 5.3.0-rc7-next-20190903+ #46
 RIP: 0010:__might_sleep+0x6f/0x80

 Call Trace:
  kthread_freezable_should_stop+0x1b/0x60
  add_hwgenerator_randomness+0xdd/0x130
  hwrng_fillfn+0xbf/0x120
  kthread+0x10c/0x140
  ret_from_fork+0x27/0x50

We shouldn't call kthread_freezable_should_stop() from deep within the
wait_event code because the task state is still set as
TASK_INTERRUPTIBLE instead of TASK_RUNNING and
kthread_freezable_should_stop() will try to call into the freezer with
the task in the wrong state. Use wait_event_freezable() instead so that
it calls schedule() in the right place and tries to enter the freezer
when the task state is TASK_RUNNING instead.

Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Tested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Keerthy <j-keerthy@ti.com>
Fixes: ff296293b353 ("random: Support freezable kthreads in add_hwgenerator_randomness()")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ux500 - Fix COMPILE_TEST warnings
Herbert Xu [Thu, 5 Sep 2019 04:51:37 +0000 (14:51 +1000)]
crypto: ux500 - Fix COMPILE_TEST warnings

This patch fixes a number of warnings encountered when this driver
is built on a 64-bit platform with COMPILE_TEST.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: x86/aes-ni - use AES library instead of single-use AES cipher
Ard Biesheuvel [Wed, 4 Sep 2019 17:56:32 +0000 (10:56 -0700)]
crypto: x86/aes-ni - use AES library instead of single-use AES cipher

The RFC4106 key derivation code instantiates an AES cipher transform
to encrypt only a single block before it is freed again. Switch to
the new AES library which is more suitable for such use cases.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cavium/zip - Add missing single_release()
Wei Yongjun [Wed, 4 Sep 2019 14:18:09 +0000 (14:18 +0000)]
crypto: cavium/zip - Add missing single_release()

When using single_open() for opening, single_release() should be
used instead of seq_release(), otherwise there is a memory leak.

Fixes: 09ae5d37e093 ("crypto: zip - Add Compression/Decompression statistics")
Cc: <stable@vger.kernel.org>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: marvell - Use kzfree rather than its implementation
zhong jiang [Wed, 4 Sep 2019 03:01:17 +0000 (11:01 +0800)]
crypto: marvell - Use kzfree rather than its implementation

Use kzfree instead of memset() + kfree().

Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - dispose of IRQ mapping only after IRQ is freed
Andrey Smirnov [Wed, 4 Sep 2019 02:35:07 +0000 (19:35 -0700)]
crypto: caam - dispose of IRQ mapping only after IRQ is freed

With IRQ requesting being managed by devres we need to make sure that
we dispose of IRQ mapping after and not before it is free'd (otherwise
we'll end up with a warning from the kernel). To achieve that simply
convert IRQ mapping to rely on devres as well.

Fixes: f314f12db65c ("crypto: caam - convert caam_jr_init() to use devres")
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - check irq_of_parse_and_map for errors
Andrey Smirnov [Wed, 4 Sep 2019 02:35:06 +0000 (19:35 -0700)]
crypto: caam - check irq_of_parse_and_map for errors

Irq_of_parse_and_map will return zero in case of error, so add a error
check for that.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - use devres to unmap JR's registers
Andrey Smirnov [Wed, 4 Sep 2019 02:35:05 +0000 (19:35 -0700)]
crypto: caam - use devres to unmap JR's registers

Use devres to unmap memory and drop explicit de-initialization
code.

NOTE: There's no corresponding unmapping code in caam_jr_remove which
seems like a resource leak.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - make sure clocks are enabled first
Andrey Smirnov [Wed, 4 Sep 2019 02:35:04 +0000 (19:35 -0700)]
crypto: caam - make sure clocks are enabled first

In order to access IP block's registers we need to enable appropriate
clocks first, otherwise we are risking hanging the CPU.

The problem becomes very apparent when trying to use CAAM driver built
as a kernel module. In that case caam_probe() gets called after
clk_disable_unused() which means all of the necessary clocks are
guaranteed to be disabled.

Coincidentally, this change also fixes iomap leak introduced by early
return (instead of "goto iounmap_ctrl") in commit
41fc54afae70 ("crypto: caam - simplfy clock initialization")

Tested on ZII i.MX6Q+ RDU2

Fixes: 176435ad2ac7 ("crypto: caam - defer probing until QMan is available")
Fixes: 41fc54afae70 ("crypto: caam - simplfy clock initialization")
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Tested-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm/aes-ce - implement ciphertext stealing for CBC
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:37 +0000 (09:43 -0700)]
crypto: arm/aes-ce - implement ciphertext stealing for CBC

Instead of relying on the CTS template to wrap the accelerated CBC
skcipher, implement the ciphertext stealing part directly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm/aes-neonbs - implement ciphertext stealing for XTS
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:36 +0000 (09:43 -0700)]
crypto: arm/aes-neonbs - implement ciphertext stealing for XTS

Update the AES-XTS implementation based on NEON instructions so that it
can deal with inputs whose size is not a multiple of the cipher block
size. This is part of the original XTS specification, but was never
implemented before in the Linux kernel.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm/aes-ce - implement ciphertext stealing for XTS
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:35 +0000 (09:43 -0700)]
crypto: arm/aes-ce - implement ciphertext stealing for XTS

Update the AES-XTS implementation based on AES instructions so that it
can deal with inputs whose size is not a multiple of the cipher block
size. This is part of the original XTS specification, but was never
implemented before in the Linux kernel.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes-neonbs - implement ciphertext stealing for XTS
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:34 +0000 (09:43 -0700)]
crypto: arm64/aes-neonbs - implement ciphertext stealing for XTS

Update the AES-XTS implementation based on NEON instructions so that it
can deal with inputs whose size is not a multiple of the cipher block
size. This is part of the original XTS specification, but was never
implemented before in the Linux kernel.

Since the bit slicing driver is only faster if it can operate on at
least 7 blocks of input at the same time, let's reuse the alternate
path we are adding for CTS to process any data tail whose size is
not a multiple of 128 bytes.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes - implement support for XTS ciphertext stealing
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:33 +0000 (09:43 -0700)]
crypto: arm64/aes - implement support for XTS ciphertext stealing

Add the missing support for ciphertext stealing in the implementation
of AES-XTS, which is part of the XTS specification but was omitted up
until now due to lack of a need for it.

The asm helpers are updated so they can deal with any input size, as
long as the last full block and the final partial block are presented
at the same time. The glue code is updated so that the common case of
operating on a sector or page is mostly as before. When CTS is needed,
the walk is split up into two pieces, unless the entire input is covered
by a single step.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes-cts-cbc - move request context data to the stack
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:32 +0000 (09:43 -0700)]
crypto: arm64/aes-cts-cbc - move request context data to the stack

Since the CTS-CBC code completes synchronously, there is no point in
keeping part of the scratch data it uses in the request context, so
move it to the stack instead.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes-cts-cbc-ce - performance tweak
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:31 +0000 (09:43 -0700)]
crypto: arm64/aes-cts-cbc-ce - performance tweak

Optimize away one of the tbl instructions in the decryption path,
which turns out to be unnecessary.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: skcipher - add the ability to abort a skcipher walk
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:30 +0000 (09:43 -0700)]
crypto: skcipher - add the ability to abort a skcipher walk

After starting a skcipher walk, the only way to ensure that all
resources it has tied up are released is to complete it. In some
cases, it will be useful to be able to abort a walk cleanly after
it has started, so add this ability to the skcipher walk API.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes-neon - limit exposed routines if faster driver is enabled
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:29 +0000 (09:43 -0700)]
crypto: arm64/aes-neon - limit exposed routines if faster driver is enabled

The pure NEON AES implementation predates the bit-slicing one, and is
generally slower, unless the algorithm in question can only execute
sequentially.

So advertising the skciphers that the bit-slicing driver implements as
well serves no real purpose, and we can just disable them. Note that the
bit-slicing driver also has a link time dependency on the pure NEON
driver, for CBC encryption and for XTS tweak calculation, so we still
need both drivers on systems that do not implement the Crypto Extensions.

At the same time, expose those modaliases for the AES instruction based
driver. This is necessary since otherwise, we may end up loading the
wrong driver when any of the skciphers are instantiated before the CPU
capability based module loading has completed.

Finally, add the missing modalias for cts(cbc(aes)) so requests for
this algorithm will autoload the correct module.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes-neonbs - replace tweak mask literal with composition
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:28 +0000 (09:43 -0700)]
crypto: arm64/aes-neonbs - replace tweak mask literal with composition

Replace the vector load from memory sequence with a simple instruction
sequence to compose the tweak vector directly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm/aes-neonbs - replace tweak mask literal with composition
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:27 +0000 (09:43 -0700)]
crypto: arm/aes-neonbs - replace tweak mask literal with composition

Replace the vector load from memory sequence with a simple instruction
sequence to compose the tweak vector directly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm/aes-ce - replace tweak mask literal with composition
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:26 +0000 (09:43 -0700)]
crypto: arm/aes-ce - replace tweak mask literal with composition

Replace the vector load from memory sequence with a simple instruction
sequence to compose the tweak vector directly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm/aes-ce - switch to 4x interleave
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:25 +0000 (09:43 -0700)]
crypto: arm/aes-ce - switch to 4x interleave

When the ARM AES instruction based crypto driver was introduced, there
were no known implementations that could benefit from a 4-way interleave,
and so a 3-way interleave was used instead. Since we have sufficient
space in the SIMD register file, let's switch to a 4-way interleave to
align with the 64-bit driver, and to ensure that we can reach optimum
performance when running under emulation on high end 64-bit cores.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm/aes-ce - yield the SIMD unit between scatterwalk steps
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:24 +0000 (09:43 -0700)]
crypto: arm/aes-ce - yield the SIMD unit between scatterwalk steps

Reduce the scope of the kernel_neon_begin/end regions so that the SIMD
unit is released (and thus preemption re-enabled) if the crypto operation
cannot be completed in a single scatterwalk step. This avoids scheduling
blackouts due to preemption being enabled for unbounded periods, resulting
in a more responsive system.

After this change, we can also permit the cipher_walk infrastructure to
sleep, so set the 'atomic' parameter to skcipher_walk_virt() to false as
well.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm/aes - fix round key prototypes
Ard Biesheuvel [Tue, 3 Sep 2019 16:43:23 +0000 (09:43 -0700)]
crypto: arm/aes - fix round key prototypes

The AES round keys are arrays of u32s in native endianness now, so
update the function prototypes accordingly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: skcipher - Unmap pages after an external error
Herbert Xu [Fri, 6 Sep 2019 03:13:06 +0000 (13:13 +1000)]
crypto: skcipher - Unmap pages after an external error

skcipher_walk_done may be called with an error by internal or
external callers.  For those internal callers we shouldn't unmap
pages but for external callers we must unmap any pages that are
in use.

This patch distinguishes between the two cases by checking whether
walk->nbytes is zero or not.  For internal callers, we now set
walk->nbytes to zero prior to the call.  For external callers,
walk->nbytes has always been non-zero (as zero is used to indicate
the termination of a walk).

Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Fixes: 5cde0af2a982 ("[CRYPTO] cipher: Added block cipher type")
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes - Use PTR_ERR_OR_ZERO rather than its implementation.
zhong jiang [Tue, 3 Sep 2019 06:54:16 +0000 (14:54 +0800)]
crypto: arm64/aes - Use PTR_ERR_OR_ZERO rather than its implementation.

PTR_ERR_OR_ZERO contains if(IS_ERR(...)) + PTR_ERR. It is better to
use it directly. hence just replace it.

Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Remove sha256/224_init code duplication
Hans de Goede [Sun, 1 Sep 2019 20:35:32 +0000 (22:35 +0200)]
crypto: sha256 - Remove sha256/224_init code duplication

lib/crypto/sha256.c and include/crypto/sha256_base.h define
99% identical functions to init a sha256_state struct for sha224 or
sha256 use.

This commit moves the functions from lib/crypto/sha256.c to
include/crypto/sha.h (making them static inline) and makes the
sha224/256_base_init static inline functions from
include/crypto/sha256_base.h wrappers around the now also
static inline include/crypto/sha.h functions.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Merge crypto/sha256.h into crypto/sha.h
Hans de Goede [Sun, 1 Sep 2019 20:35:31 +0000 (22:35 +0200)]
crypto: sha256 - Merge crypto/sha256.h into crypto/sha.h

The generic sha256 implementation from lib/crypto/sha256.c uses data
structs defined in crypto/sha.h, so lets move the function prototypes
there too.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: n2 - Rename arrays to avoid conflict with crypto/sha256.h
Hans de Goede [Sun, 1 Sep 2019 20:35:30 +0000 (22:35 +0200)]
crypto: n2 - Rename arrays to avoid conflict with crypto/sha256.h

Rename the sha*_init arrays to n2_sha*_init so that they do not conflict
with the functions declared in crypto/sha256.h.

Also rename md5_init to n2_md5_init for consistency.

This is a preparation patch for folding crypto/sha256.h into crypto/sha.h.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: chelsio - Rename arrays to avoid conflict with crypto/sha256.h
Hans de Goede [Sun, 1 Sep 2019 20:35:29 +0000 (22:35 +0200)]
crypto: chelsio - Rename arrays to avoid conflict with crypto/sha256.h

Rename the sha*_init arrays to chcr_sha*_init so that they do not conflict
with the functions declared in crypto/sha256.h.

This is a preparation patch for folding crypto/sha256.h into crypto/sha.h.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccree - Rename arrays to avoid conflict with crypto/sha256.h
Hans de Goede [Sun, 1 Sep 2019 20:35:28 +0000 (22:35 +0200)]
crypto: ccree - Rename arrays to avoid conflict with crypto/sha256.h

Rename the algo_init arrays to cc_algo_init so that they do not conflict
with the functions declared in crypto/sha256.h.

This is a preparation patch for folding crypto/sha256.h into crypto/sha.h.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: x86 - Rename functions to avoid conflict with crypto/sha256.h
Hans de Goede [Sun, 1 Sep 2019 20:35:27 +0000 (22:35 +0200)]
crypto: x86 - Rename functions to avoid conflict with crypto/sha256.h

Rename static / file-local functions so that they do not conflict with
the functions declared in crypto/sha256.h.

This is a preparation patch for folding crypto/sha256.h into crypto/sha.h.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390 - Rename functions to avoid conflict with crypto/sha256.h
Hans de Goede [Sun, 1 Sep 2019 20:35:26 +0000 (22:35 +0200)]
crypto: s390 - Rename functions to avoid conflict with crypto/sha256.h

Rename static / file-local functions so that they do not conflict with
the functions declared in crypto/sha256.h.

This is a preparation patch for folding crypto/sha256.h into crypto/sha.h.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64 - Rename functions to avoid conflict with crypto/sha256.h
Hans de Goede [Sun, 1 Sep 2019 20:35:25 +0000 (22:35 +0200)]
crypto: arm64 - Rename functions to avoid conflict with crypto/sha256.h

Rename static / file-local functions so that they do not conflict with
the functions declared in crypto/sha256.h.

This is a preparation patch for folding crypto/sha256.h into crypto/sha.h.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm - Rename functions to avoid conflict with crypto/sha256.h
Hans de Goede [Sun, 1 Sep 2019 20:35:24 +0000 (22:35 +0200)]
crypto: arm - Rename functions to avoid conflict with crypto/sha256.h

Rename static / file-local functions so that they do not conflict with
the functions declared in crypto/sha256.h.

This is a preparation patch for folding crypto/sha256.h into crypto/sha.h.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: timeriomem - relax check on memory resource size
Daniel Mack [Sat, 31 Aug 2019 11:55:55 +0000 (13:55 +0200)]
hwrng: timeriomem - relax check on memory resource size

The timeriomem_rng driver only accesses the first 4 bytes of the given
memory area and currently, it also forces that memory resource to be
exactly 4 bytes in size.

This, however, is problematic when used with device-trees that are
generated from things like FPGA toolchains, where the minimum size
of an exposed memory block may be something like 4k.

Hence, let's only check for what's needed for the driver to operate
properly; namely that we have enough memory available to read the
random data from.

Signed-off-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for basic AES-CCM
Pascal van Leeuwen [Fri, 30 Aug 2019 07:52:33 +0000 (09:52 +0200)]
crypto: inside-secure - Added support for basic AES-CCM

This patch adds support for the basic AES-CCM AEAD cipher suite.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added AES-OFB support
Pascal van Leeuwen [Fri, 30 Aug 2019 07:52:32 +0000 (09:52 +0200)]
crypto: inside-secure - Added AES-OFB support

This patch adds support for AES in output feedback mode (AES-OFB).

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added AES-CFB support
Pascal van Leeuwen [Fri, 30 Aug 2019 07:52:31 +0000 (09:52 +0200)]
crypto: inside-secure - Added AES-CFB support

This patch adds support for AES in 128 bit cipher feedback mode (AES-CFB).

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for basic AES-GCM
Pascal van Leeuwen [Fri, 30 Aug 2019 07:52:30 +0000 (09:52 +0200)]
crypto: inside-secure - Added support for basic AES-GCM

This patch adds support for the basic AES-GCM AEAD cipher suite.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Minor code cleanup and optimizations
Pascal van Leeuwen [Fri, 30 Aug 2019 07:43:01 +0000 (09:43 +0200)]
crypto: inside-secure - Minor code cleanup and optimizations

Some minor cleanup changing e.g. "if (!x) A else B" to "if (x) B else A",
merging some back-to-back if's with the same condition, collapsing some
back-to-back assignments to the same variable and replacing some weird
assignments with proper symbolics.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Minor optimization recognizing CTR is always AES
Pascal van Leeuwen [Fri, 30 Aug 2019 07:42:29 +0000 (09:42 +0200)]
crypto: inside-secure - Minor optimization recognizing CTR is always AES

Moved counter mode handling code in front as it doesn't depend on the
rest of the code to be executed, it can just do its thing and exit.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Made .cra_priority value a define
Pascal van Leeuwen [Fri, 30 Aug 2019 07:41:47 +0000 (09:41 +0200)]
crypto: inside-secure - Made .cra_priority value a define

Instead of having a fixed value (of 300) all over the place, the value for
for .cra_priority is now made into a define (SAFEXCEL_CRA_PRIORITY).
This makes it easier to play with, e.g. during development.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Only enable algorithms advertised by the hardware
Pascal van Leeuwen [Fri, 30 Aug 2019 07:40:54 +0000 (09:40 +0200)]
crypto: inside-secure - Only enable algorithms advertised by the hardware

This patch probes the supported algorithms from the hardware and only
registers the ones that the hardware actually supports. This is necessary
because this is a generic driver supposed to run on a wide variety of
engines, which may or may not implement certain algorithms.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for the AES-XTS algorithm
Pascal van Leeuwen [Fri, 30 Aug 2019 07:40:53 +0000 (09:40 +0200)]
crypto: inside-secure - Add support for the AES-XTS algorithm

This patch adds support for the AES-XTS skcipher algorithm.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Move static cipher alg & mode settings to init
Pascal van Leeuwen [Fri, 30 Aug 2019 07:40:52 +0000 (09:40 +0200)]
crypto: inside-secure - Move static cipher alg & mode settings to init

ctx->alg and ctx->mode were set from safexcel_send_req through the
various safexcel_encrypt and _decrypt routines, but this makes little
sense as these are static per ciphersuite. So moved to _init instead,
in preparation of adding more ciphersuites.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - fix incorrect crypto key setting
Vic Wu [Wed, 28 Aug 2019 06:37:16 +0000 (14:37 +0800)]
crypto: mediatek - fix incorrect crypto key setting

Record crypto key to context during setkey and set the key to
transform state buffer in encrypt/decrypt process.

Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Tested-by: John Crispin <john@phrozen.og>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - add support to OFB/CFB mode
Ryder Lee [Wed, 28 Aug 2019 06:37:15 +0000 (14:37 +0800)]
crypto: mediatek - add support to OFB/CFB mode

This patch adds support to OFB/CFB mode.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - only treat EBUSY as transient if backlog
Ryder Lee [Wed, 28 Aug 2019 06:37:14 +0000 (14:37 +0800)]
crypto: mediatek - only treat EBUSY as transient if backlog

The driver was treating -EBUSY as indication of queueing to backlog
without checking that backlog is enabled for the request.

Fix it by checking request flags.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - fix uninitialized value of gctx->textlen
Ryder Lee [Wed, 28 Aug 2019 06:37:13 +0000 (14:37 +0800)]
crypto: mediatek - fix uninitialized value of gctx->textlen

Add a pre-computed text length to avoid uninitialized value in the check.

Fixes: e47270665b5f ("crypto: mediatek - Add empty messages check in GCM mode")
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - move mtk_aes_find_dev() to the right place
Ryder Lee [Wed, 28 Aug 2019 06:37:12 +0000 (14:37 +0800)]
crypto: mediatek - move mtk_aes_find_dev() to the right place

Move mtk_aes_find_dev() to right functions as nobody uses the
'cryp' under current flows.

We can also avoid duplicate checks here and there in this way.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - select CRYPTO_LIB_DES while compiling SEC driver
Mao Wenan [Wed, 28 Aug 2019 08:07:40 +0000 (16:07 +0800)]
crypto: hisilicon - select CRYPTO_LIB_DES while compiling SEC driver

When CRYPTO_DEV_HISI_SEC=y, below compilation error is found after
'commit 894b68d8be4b ("crypto: hisilicon/des - switch to new verification routines")':

drivers/crypto/hisilicon/sec/sec_algs.o: In function `sec_alg_skcipher_setkey_des_cbc':
sec_algs.c:(.text+0x11f0): undefined reference to `des_expand_key'
drivers/crypto/hisilicon/sec/sec_algs.o: In function `sec_alg_skcipher_setkey_des_ecb':
sec_algs.c:(.text+0x1390): undefined reference to `des_expand_key'
make: *** [vmlinux] Error 1

This because DES library has been moved to lib/crypto in this commit
'04007b0e6cbb ("crypto: des - split off DES library from generic DES cipher driver")'.
Fix this by selecting CRYPTO_LIB_DES in CRYPTO_DEV_HISI_SEC.

Fixes: 04007b0e6cbb ("crypto: des - split off DES library from generic DES cipher driver")
Fixes: 894b68d8be4b ("crypto: hisilicon/des - switch to new verification routines")
Signed-off-by: Mao Wenan <maowenan@huawei.com>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sha256 - Add missing MODULE_LICENSE() to lib/crypto/sha256.c
Hans de Goede [Sun, 25 Aug 2019 18:18:41 +0000 (20:18 +0200)]
crypto: sha256 - Add missing MODULE_LICENSE() to lib/crypto/sha256.c

lib/crypto/sha256.c / lib/crypto/libsha256.o may end up being a module,
so it needs a MODULE_LICENSE() line, add this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - invoke fallback for XTS ciphertext stealing
Ard Biesheuvel [Thu, 22 Aug 2019 15:47:31 +0000 (18:47 +0300)]
crypto: ccp - invoke fallback for XTS ciphertext stealing

For correctness and compliance with the XTS-AES specification, we are
adding support for ciphertext stealing to XTS implementations, even
though no use cases are known that will be enabled by this.

Since the ccp driver already has a fallback skcipher standby for
dealing with input sizes other than [16, 512, 1024, 2048, 4096],
just drop the check against the block size.

Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gary Hook <gary.hook@amd.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: nx - remove unused variables 'nx_driver_string' and 'nx_driver_version'
YueHaibing [Thu, 22 Aug 2019 14:46:49 +0000 (22:46 +0800)]
crypto: nx - remove unused variables 'nx_driver_string' and 'nx_driver_version'

drivers/crypto/nx/nx.h:12:19: warning:
 nx_driver_string defined but not used [-Wunused-const-variable=]
drivers/crypto/nx/nx.h:13:19: warning:
 nx_driver_version defined but not used [-Wunused-const-variable=]

They are never used, so just remove it.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: atmel - Fix -Wunused-const-variable warning
YueHaibing [Thu, 22 Aug 2019 14:44:44 +0000 (22:44 +0800)]
crypto: atmel - Fix -Wunused-const-variable warning

drivers/crypto/atmel-i2c.h:68:3: warning:
 error_list defined but not used [-Wunused-const-variable=]

error_list is only used in atmel-i2c.c,
so just move the definition over there.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128 - Fix -Wunused-const-variable warning
YueHaibing [Thu, 22 Aug 2019 14:41:38 +0000 (22:41 +0800)]
crypto: aegis128 - Fix -Wunused-const-variable warning

crypto/aegis.h:27:32: warning:
 crypto_aegis_const defined but not used [-Wunused-const-variable=]

crypto_aegis_const is only used in aegis128-core.c,
just move the definition over there.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - add clock entry for i.MX8MQ
Andrey Smirnov [Tue, 20 Aug 2019 20:24:01 +0000 (13:24 -0700)]
crypto: caam - add clock entry for i.MX8MQ

Add clock entry needed to support i.MX8MQ.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - always select job ring via RSR on i.MX8MQ
Andrey Smirnov [Tue, 20 Aug 2019 20:24:00 +0000 (13:24 -0700)]
crypto: caam - always select job ring via RSR on i.MX8MQ

Per feedback from NXP tech support the way to use register based
service interface on i.MX8MQ is to follow the same set of steps
outlined for the case when virtualization is enabled, regardless if it
is. Current version of SRM for i.MX8MQ speaks of DECO DID_MS and DECO
DID_LS registers, but apparently those are not implemented, so the
case when SCFGR[VIRT_EN]=0 should be handled the same as the case when
SCFGR[VIRT_EN]=1

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - select DMA address size at runtime
Andrey Smirnov [Tue, 20 Aug 2019 20:23:59 +0000 (13:23 -0700)]
crypto: caam - select DMA address size at runtime

i.MX8 mScale SoC still use 32-bit addresses in its CAAM implmentation,
so we can't rely on sizeof(dma_addr_t) to detemine CAAM pointer
size. Convert the code to query CTPR and MCFGR for that during driver
probing.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - don't hardcode inpentry size
Andrey Smirnov [Tue, 20 Aug 2019 20:23:58 +0000 (13:23 -0700)]
crypto: caam - don't hardcode inpentry size

Using dma_addr_t for elements of JobR input ring is not appropriate on
all 64-bit SoCs, some of which, like i.MX8MQ, use only 32-bit wide
pointers there. Convert all of the code to use explicit helper
function that can be later extended to support i.MX8MQ. No functional
change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - drop explicit usage of struct jr_outentry
Andrey Smirnov [Tue, 20 Aug 2019 20:23:57 +0000 (13:23 -0700)]
crypto: caam - drop explicit usage of struct jr_outentry

Using struct jr_outentry to specify the layout of JobR output ring is
not appropriate for all 64-bit SoC, since some of them, like i.MX8MQ,
use 32-bit pointers there which doesn't match 64-bit
dma_addr_t. Convert existing code to use explicit helper functions to
access any of the JobR output ring elements, so that the support for
i.MX8MQ can be added later. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - move cpu_to_caam_dma() selection to runtime
Andrey Smirnov [Tue, 20 Aug 2019 20:23:56 +0000 (13:23 -0700)]
crypto: caam - move cpu_to_caam_dma() selection to runtime

Instead of selecting the implementation of
cpu_to_caam_dma()/caam_dma_to_cpu() at build time using the
preprocessor, convert the code to do that at run-time using IS_ENABLED
macro. This is needed to add support for i.MX8MQ. No functional change
intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - make CAAM_PTR_SZ dynamic
Andrey Smirnov [Tue, 20 Aug 2019 20:23:55 +0000 (13:23 -0700)]
crypto: caam - make CAAM_PTR_SZ dynamic

In order to be able to configure CAAM pointer size at run-time, which
needed to support i.MX8MQ, which is 64-bit SoC with 32-bit pointer
size, convert CAAM_PTR_SZ to refer to a global variable of the same
name ("caam_ptr_sz") and adjust the rest of the code accordingly. No
functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - share definition for MAX_SDLEN
Andrey Smirnov [Tue, 20 Aug 2019 20:23:54 +0000 (13:23 -0700)]
crypto: caam - share definition for MAX_SDLEN

Both qi.h and cammalg_qi2.h seem to define identical versions of
MAX_SDLEN. Move it to desc_constr.h to avoid duplication.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - drop 64-bit only wr/rd_reg64()
Andrey Smirnov [Tue, 20 Aug 2019 20:23:53 +0000 (13:23 -0700)]
crypto: caam - drop 64-bit only wr/rd_reg64()

Since 32-bit of both wr_reg64 and rd_reg64 now use 64-bit IO helpers,
these functions should no longer be necessary. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - use ioread64*_hi_lo in rd_reg64
Andrey Smirnov [Tue, 20 Aug 2019 20:23:52 +0000 (13:23 -0700)]
crypto: caam - use ioread64*_hi_lo in rd_reg64

Following the same transformation logic as outlined in previous commit
converting wr_reg64, convert rd_reg64 to use helpers from
<linux/io-64-nonatomic-hi-lo.h> first. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrytpo: caam - make use of iowrite64*_hi_lo in wr_reg64
Andrey Smirnov [Tue, 20 Aug 2019 20:23:51 +0000 (13:23 -0700)]
crytpo: caam - make use of iowrite64*_hi_lo in wr_reg64

In order to be able to unify 64 and 32 bit implementations of
wr_reg64, let's convert it to use helpers from
<linux/io-64-nonatomic-hi-lo.h> first. Here are the steps of the
transformation:

1. Inline wr_reg32 helpers:

if (!caam_imx && caam_little_end) {
if (caam_little_end) {
iowrite32(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32(data, (u32 __iomem *)(reg));
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32be(data, (u32 __iomem *)(reg));
}
} else {
if (caam_little_end) {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg));
iowrite32be(data, (u32 __iomem *)(reg) + 1);
}
}

2. Transfrom the conditionals such that the check for
'caam_little_end' is at the top level:

if (caam_little_end) {
if (!caam_imx) {
iowrite32(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32(data, (u32 __iomem *)(reg));
} else {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
}
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg));
iowrite32be(data, (u32 __iomem *)(reg) + 1);
}

3. Invert the check for !caam_imx:

if (caam_little_end) {
if (caam_imx) {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
} else {
iowrite32(data >> 32, (u32 __iomem *)(reg) + 1);
iowrite32(data, (u32 __iomem *)(reg));
}
} else {
iowrite32be(data >> 32, (u32 __iomem *)(reg));
iowrite32be(data, (u32 __iomem *)(reg) + 1);
}

4. Make use of iowrite64* helpers from <linux/io-64-nonatomic-hi-lo.h>

if (caam_little_end) {
if (caam_imx) {
iowrite32(data >> 32, (u32 __iomem *)(reg));
iowrite32(data, (u32 __iomem *)(reg) + 1);
} else {
iowrite64(data, reg);
}
} else {
iowrite64be(data, reg);
}

No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - request JR IRQ as the last step
Andrey Smirnov [Tue, 20 Aug 2019 20:23:50 +0000 (13:23 -0700)]
crypto: caam - request JR IRQ as the last step

In order to avoid any risk of JR IRQ request being handled while some
of the resources used for that are not yet allocated move the code
requesting said IRQ to the endo of caam_jr_init().

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - convert caam_jr_init() to use devres
Andrey Smirnov [Tue, 20 Aug 2019 20:23:49 +0000 (13:23 -0700)]
crypto: caam - convert caam_jr_init() to use devres

Use devres to allocate all of the resources in caam_jr_init() (DMA
coherent and regular memory, IRQs) drop calls to corresponding
deallocation routines. No functional change intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - simplfy clock initialization
Andrey Smirnov [Tue, 20 Aug 2019 20:23:48 +0000 (13:23 -0700)]
crypto: caam - simplfy clock initialization

Simplify clock initialization code by converting it to use clk-bulk,
devres and soc_device_match() match table. No functional change
intended.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Leonard Crestez <leonard.crestez@nxp.com>
Tested-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - move DMA mask selection into a function
Andrey Smirnov [Tue, 20 Aug 2019 20:23:47 +0000 (13:23 -0700)]
crypto: caam - move DMA mask selection into a function

Exactly the same code to figure out DMA mask is repeated twice in the
driver code. To avoid repetition, move that logic into a standalone
subroutine in intern.h. While at it re-shuffle the code to make it
more readable with early returns.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Spencer <christopher.spencer@sea.co.uk>
Cc: Cory Tusar <cory.tusar@zii.aero>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Leonard Crestez <leonard.crestez@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam/qi - use print_hex_dump_debug function to print debug messages
Iuliana Prodan [Tue, 20 Aug 2019 11:26:39 +0000 (14:26 +0300)]
crypto: caam/qi - use print_hex_dump_debug function to print debug messages

Use print_hex_dump_debug function to print debug messages, instead of
print_hex_dump inside #ifdef DEBUG.

Fixes: 6e005503199b ("crypto: caam - print debug messages at debug level")
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - add support for using the EIP197 without vendor firmware
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:26 +0000 (16:40 +0200)]
crypto: inside-secure - add support for using the EIP197 without vendor firmware

Until now, the inside-secure driver required a set of firmware images
supplied by the silicon vendor, typically under NDA, to be present in
/lib/firmware/inside-secure in order to be able to function.
This patch removes the dependence on this official vendor firmware by
falling back to generic "mini" FW - developed specifically for this
driver - that can be provided under GPL 2.0 through linux-firmwares.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - add support for PCI based FPGA development board
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:25 +0000 (16:40 +0200)]
crypto: inside-secure - add support for PCI based FPGA development board

This patch adds support for a PCIE development board with FPGA from Xilinx,
to facilitate pre-silicon driver development by both Inside Secure and its
IP customers. Since Inside Secure neither produces nor has access to actual
silicon, this is required functionality to allow us to contribute.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Remove redundant algo to engine mapping code
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:24 +0000 (16:40 +0200)]
crypto: inside-secure - Remove redundant algo to engine mapping code

This removes some code determine which engine has which algorithms which
was effectively redundant (may have been forward-looking?) due to always
enabling all algorithms for all currently supported engines.
A future patch will use a different, more scalable approach to achieve
this. This is removed now because otherwise the next patch will add new
hardware which would otherwise have to be added to all algorithms, so
now is a convenient time to just get rid of this.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - make driver selectable for non-Marvell hardware
Pascal van Leeuwen [Mon, 19 Aug 2019 14:40:23 +0000 (16:40 +0200)]
crypto: inside-secure - make driver selectable for non-Marvell hardware

While being a generic EIP97/EIP197 driver, the driver was only selectable
for Marvell Armada hardware. This fix makes the driver selectable for any
Device Tree supporting kernel configuration, allowing it to be used for
other compatible hardware by just adding the correct device tree entry.

It also allows the driver to be selected for PCI(E) supporting kernel con-
figurations, to be able to use it with PCIE based FPGA development boards
for pre-silicon driver development by both Inside Secure and its IP custo-
mers.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s5p - use correct block size of 1 for ctr(aes)
Ard Biesheuvel [Mon, 19 Aug 2019 14:22:26 +0000 (17:22 +0300)]
crypto: s5p - use correct block size of 1 for ctr(aes)

Align the s5p ctr(aes) implementation with other implementations
of the same mode, by setting the block size to 1.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Kamil Konieczny <k.konieczny@partner.samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s5p - deal gracefully with bogus input sizes
Ard Biesheuvel [Mon, 19 Aug 2019 14:22:25 +0000 (17:22 +0300)]
crypto: s5p - deal gracefully with bogus input sizes

The s5p skcipher driver returns -EINVAL for zero length inputs, which
deviates from the behavior of the generic ECB template, and causes fuzz
tests to fail. In cases where the input is not a multiple of the AES
block size (and the chaining mode is not CTR), it prints an error to
the kernel log, which is a thing we usually try to avoid in response
to situations that can be triggered by unprivileged users.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Kamil Konieczny <k.konieczny@partner.samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes - implement accelerated ESSIV/CBC mode
Ard Biesheuvel [Mon, 19 Aug 2019 14:17:36 +0000 (17:17 +0300)]
crypto: arm64/aes - implement accelerated ESSIV/CBC mode

Add an accelerated version of the 'essiv(cbc(aes),sha256)' skcipher,
which is used by fscrypt or dm-crypt on systems where CBC mode is
signficantly more performant than XTS mode (e.g., when using a h/w
accelerator which supports the former but not the latter) This avoids
a separate call into the AES cipher for every invocation.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes-cts-cbc - factor out CBC en/decryption of a walk
Ard Biesheuvel [Mon, 19 Aug 2019 14:17:35 +0000 (17:17 +0300)]
crypto: arm64/aes-cts-cbc - factor out CBC en/decryption of a walk

The plain CBC driver and the CTS one share some code that iterates over
a scatterwalk and invokes the CBC asm code to do the processing. The
upcoming ESSIV/CBC mode will clone that pattern for the third time, so
let's factor it out first.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: essiv - add tests for essiv in cbc(aes)+sha256 mode
Ard Biesheuvel [Mon, 19 Aug 2019 14:17:34 +0000 (17:17 +0300)]
crypto: essiv - add tests for essiv in cbc(aes)+sha256 mode

Add a test vector for the ESSIV mode that is the most widely used,
i.e., using cbc(aes) and sha256, in both skcipher and AEAD modes
(the latter is used by tcrypt to encapsulate the authenc template
or h/w instantiations of the same)

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aegis128 - use explicit vector load for permute vectors
Ard Biesheuvel [Mon, 19 Aug 2019 14:15:00 +0000 (17:15 +0300)]
crypto: arm64/aegis128 - use explicit vector load for permute vectors

When building the new aegis128 NEON code in big endian mode, Clang
complains about the const uint8x16_t permute vectors in the following
way:

  crypto/aegis128-neon-inner.c:58:40: warning: vector initializers are not
      compatible with NEON intrinsics in big endian mode
      [-Wnonportable-vector-initialization]
                static const uint8x16_t shift_rows = {
                                                     ^
  crypto/aegis128-neon-inner.c:58:40: note: consider using vld1q_u8() to
      initialize a vector from memory, or vcombine_u8(vcreate_u8(), vcreate_u8())
      to initialize from integer constants

Since the same issue applies to the uint8x16x4_t loads of the AES Sbox,
update those references as well. However, since GCC does not implement
the vld1q_u8_x4() intrinsic, switch from IS_ENABLED() to a preprocessor
conditional to conditionally include this code.

Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>