Harsh Jain [Fri, 23 Jun 2017 14:15:11 +0000 (19:45 +0530)]
crypto: chcr - Avoid algo allocation in softirq.
Thsi patch fixes calling "crypto_alloc_cipher" call in bottom halves.
Pre allocate aes cipher required to update Tweak value for XTS.
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
David Gstir [Wed, 28 Jun 2017 13:27:10 +0000 (15:27 +0200)]
crypto: caam - properly set IV after {en,de}crypt
Certain cipher modes like CTS expect the IV (req->info) of
ablkcipher_request (or equivalently req->iv of skcipher_request) to
contain the last ciphertext block when the {en,de}crypt operation is done.
This is currently not the case for the CAAM driver which in turn breaks
e.g. cts(cbc(aes)) when the CAAM driver is enabled.
This patch fixes the CAAM driver to properly set the IV after the
{en,de}crypt operation of ablkcipher finishes.
This issue was revealed by the changes in the SW CTS mode in commit
0605c41cc53ca ("crypto: cts - Convert to skcipher")
Cc: <stable@vger.kernel.org> # 4.8+
Signed-off-by: David Gstir <david@sigma-star.at>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Gilad Ben-Yossef [Wed, 28 Jun 2017 07:22:03 +0000 (10:22 +0300)]
crypto: atmel - only treat EBUSY as transient if backlog
The Atmel SHA driver was treating -EBUSY as indication of queueing
to backlog without checking that backlog is enabled for the request.
Fix it by checking request flags.
Cc: <stable@vger.kernel.org>
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 10 Jul 2017 14:00:48 +0000 (22:00 +0800)]
Networking
crypto: af_alg - Avoid sock_graft call warning
The newly added sock_graft warning triggers in af_alg_accept.
It's harmless as we're essentially doing sock->sk = sock->sk.
The sock_graft call is actually redundant because all the work
it does is subsumed by sock_init_data. However, it was added
to placate SELinux as it uses it to initialise its internal state.
This patch avoisd the warning by making the SELinux call directly.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David S. Miller <davem@davemloft.net>
Horia Geantă [Fri, 7 Jul 2017 13:57:06 +0000 (16:57 +0300)]
crypto: caam - fix signals handling
Driver does not properly handle the case when signals interrupt
wait_for_completion_interruptible():
-it does not check for return value
-completion structure is allocated on stack; in case a signal interrupts
the sleep, it will go out of scope, causing the worker thread
(caam_jr_dequeue) to fail when it accesses it
wait_for_completion_interruptible() is replaced with uninterruptable
wait_for_completion().
We choose to block all signals while waiting for I/O (device executing
the split key generation job descriptor) since the alternative - in
order to have a deterministic device state - would be to flush the job
ring (aborting *all* in-progress jobs).
Cc: <stable@vger.kernel.org>
Fixes: 045e36780f115 ("crypto: caam - ahash hmac support")
Fixes: 4c1ec1f930154 ("crypto: caam - refactor key_gen, sg")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 4 Jul 2017 04:21:12 +0000 (12:21 +0800)]
crypto: sha1-ssse3 - Disable avx2
It has been reported that sha1-avx2 can cause page faults by reading
beyond the end of the input. This patch disables it until it can be
fixed.
Cc: <stable@vger.kernel.org>
Fixes: 7c1da8d0d046 ("crypto: sha - SHA1 transform x86_64 AVX2")
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 5 Jul 2017 07:17:26 +0000 (15:17 +0800)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6
Merge the crypto tree to pull in fixes for the next merge window.
Herbert Xu [Wed, 28 Jun 2017 11:09:07 +0000 (19:09 +0800)]
crypto: testmgr - Reenable sha1/aes in FIPS mode
The combination of sha1 and aes was disabled in FIPS Mode
accidentally. This patch reenables it.
Fixes: 284a0f6e87b0 ("crypto: testmgr - Disable fips-allowed for...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Stephan Müller <smueller@chronox.de>
Gary R Hook [Mon, 19 Jun 2017 17:31:17 +0000 (12:31 -0500)]
crypto: ccp - Release locks before returning
krobot warning: make sure that all error return paths release locks.
Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Dan Carpenter [Mon, 19 Jun 2017 10:51:25 +0000 (13:51 +0300)]
crypto: cavium/nitrox - dma_mapping_error() returns bool
We want to return negative error codes here, but we're accidentally
propogating the "true" return from dma_mapping_error().
Fixes: 14fa93cdcd9b ("crypto: cavium - Add support for CNN55XX adapters.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Benjamin Peterson [Mon, 19 Jun 2017 06:53:41 +0000 (23:53 -0700)]
crypto: doc - fix typo in docs
Signed-off-by: Benjamin Peterson <bp@benjamin.pe>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Wed, 24 May 2017 14:10:31 +0000 (16:10 +0200)]
Documentation/bindings: Document the SafeXel cryptographic engine driver
The Inside Secure Safexcel cryptographic engine is found on some Marvell
SoCs (7k/8k). Document the bindings used by its driver.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Horia Geantă [Mon, 19 Jun 2017 08:44:46 +0000 (11:44 +0300)]
crypto: caam - fix gfp allocation flags (part II)
This is the 2nd part of fixing the usage of GFP_KERNEL for memory
allocations, taking care off all the places that haven't caused a real
problem / failure.
Again, the issue being fixed is that GFP_KERNEL should be used only when
MAY_SLEEP flag is set, i.e. MAY_BACKLOG flag usage is orthogonal.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Horia Geantă [Mon, 19 Jun 2017 08:44:45 +0000 (11:44 +0300)]
crypto: caam - fix gfp allocation flags (part I)
Changes in the SW cts (ciphertext stealing) code in
commit
0605c41cc53ca ("crypto: cts - Convert to skcipher")
revealed a problem in the CAAM driver:
when cts(cbc(aes)) is executed and cts runs in SW,
cbc(aes) is offloaded in CAAM; cts encrypts the last block
in atomic context and CAAM incorrectly decides to use GFP_KERNEL
for memory allocation.
Fix this by allowing GFP_KERNEL (sleeping) only when MAY_SLEEP flag is
set, i.e. remove MAY_BACKLOG flag.
We split the fix in two parts - first is sent to -stable, while the
second is not (since there is no known failure case).
Link: http://lkml.kernel.org/g/20170602122446.2427-1-david@sigma-star.at
Cc: <stable@vger.kernel.org> # 4.8+
Reported-by: David Gstir <david@sigma-star.at>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stephan Mueller [Fri, 26 May 2017 10:11:31 +0000 (12:11 +0200)]
crypto: drbg - Fixes panic in wait_for_completion call
Initialise ctr_completion variable before use.
Cc: <stable@vger.kernel.org>
Signed-off-by: Harsh Jain <harshjain.prof@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Arvind Yadav [Fri, 16 Jun 2017 09:16:44 +0000 (14:46 +0530)]
crypto: caam - make of_device_ids const.
of_device_ids are not supposed to change at runtime. All functions
working with of_device_ids provided by <linux/of.h> work with const
of_device_ids. So mark the non-const structs as const.
File size before:
text data bss dec hex filename
2376 808 128 3312 cf0 drivers/crypto/caam/jr.o
File size after constify caam_jr_match:
text data bss dec hex filename
2976 192 128 3296 ce0 drivers/crypto/caam/jr.o
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Fri, 16 Jun 2017 08:39:48 +0000 (11:39 +0300)]
crypto: vmx - remove unnecessary check
You can't reach init() if parent alg_name is invalid. Moreover,
cypto_alloc_base() will return ENOENT if alg_name is NULL.
Found while grasping the fallback mechanism.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Arvind Yadav [Thu, 15 Jun 2017 11:58:10 +0000 (17:28 +0530)]
crypto: n2 - make of_device_ids const
of_device_ids are not supposed to change at runtime. All functions
working with of_device_ids provided by <linux/of.h> work with const
of_device_ids. So mark the non-const structs as const.
File size before:
text data bss dec hex filename
2001 2168 48 4217 1079 drivers/crypto/n2_core.o
File size after constify dummy_tlb_ops.:
text data bss dec hex filename
3601 536 48 4185 1059 drivers/crypto/n2_core.o
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:29 +0000 (09:56 +0200)]
crypto: inside-secure - use the base_end pointer in ring rollback
A base_end pointer is set and provided. Use it in the ring rollback
function to avoid using build-in defines.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:28 +0000 (09:56 +0200)]
crypto: inside-secure - increase the batch size
Increase the batch size to the maximum number of requests a ring can
handle at a time (its size). This is possible now that the request
queues are per hw ring. This improves performances.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:27 +0000 (09:56 +0200)]
crypto: inside-secure - only dequeue when needed
This force the need_dequeue flag to be unset whenever the dequeue
function is called, to avoid calling it when it is not necessary.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:26 +0000 (09:56 +0200)]
crypto: inside-secure - get the backlog before dequeueing the request
Get the backlog before dequeuing the request otherwise we'll miss the
first request in line.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:25 +0000 (09:56 +0200)]
crypto: inside-secure - stop requeueing failed requests
This update the dequeue function of the inside-secure safexcel driver so
that failed requests aren't requeued when they fail (for whatever
reason, which can be because the hw ring is full).
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:24 +0000 (09:56 +0200)]
crypto: inside-secure - use one queue per hw ring
Update the inside-secure safexcel driver from using one global queue to
one queue per hw ring. This ease the request management and keep the hw
in sync with what's done in sw.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:23 +0000 (09:56 +0200)]
crypto: inside-secure - update the context and request later
This move the context and request updates at the end of the cipher and
hash send() functions. This way the context and request fields are set
only when everything else was successful in the send() functions.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ofer Heifetz [Thu, 15 Jun 2017 07:56:22 +0000 (09:56 +0200)]
crypto: inside-secure - align the cipher and hash send functions
The cipher and hash send functions both set the results variable, to be
used later by the caller. Align the way they're setting this variable.
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Igal Liberman [Thu, 15 Jun 2017 07:56:21 +0000 (09:56 +0200)]
crypto: inside-secure - optimize DSE bufferability control
Configure the data write bufferability to always buffer packets in the
DSE. This change slightly improves performance.
Signed-off-by: Igal Liberman <igall@marvell.com>
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Igal Liberman [Thu, 15 Jun 2017 07:56:20 +0000 (09:56 +0200)]
crypto: inside-secure - enable single WR in DSE configuration
When enable_single_wr is not enabled, the DSE will only write those
parts of a result descriptor that need updating, which means a final
result descriptor will be written in 2 or 3 smaller transfers.
When enable_single_wr is enabled the DSE will combine these 2-3
updates into one large write transfer, generally improving performance.
Signed-off-by: Igal Liberman <igall@marvell.com>
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:19 +0000 (09:56 +0200)]
crypto: inside-secure - fix incorrect DSE data cache setting
Set the correct value to the DSE data cache, using WR_CACHE_3BITS
instead of RD_CACHE_3BITS. This fixes an incorrect setting and helps
improving performances.
Reported-by: Igal Liberman <igall@marvell.com>
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:18 +0000 (09:56 +0200)]
crypto: inside-secure - fix the ring wr_cache offset
The EIP197_HIA_xDR_CFG_WR_CACHE macro was defined to use an offset of
23, which is wrong as it's actually 25. Fix this.
Reported-by: Igal Liberman <igall@marvell.com>
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 15 Jun 2017 07:56:17 +0000 (09:56 +0200)]
crypto: inside-secure - use hmac ipad/opad constants
Replace the hmac ipad/opad values by their defined constants.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Harsh Jain [Thu, 15 Jun 2017 07:13:47 +0000 (12:43 +0530)]
crypto: chcr - Select device in Round Robin fashion
When multiple devices are present in system select device
in round-robin fashion for crypto operations
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Reviewed-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Harsh Jain [Thu, 15 Jun 2017 07:13:46 +0000 (12:43 +0530)]
crypto: chcr - Ensure Destination sg entry size less than 2k
Allocate new sg list in case received destination sg list has entry
greater that 2k.
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Harsh Jain [Thu, 15 Jun 2017 07:13:45 +0000 (12:43 +0530)]
MAINTAINERS: Add maintainer for chelsio crypto driver
Add myself as maintainer for chcr.
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Harsh Jain [Thu, 15 Jun 2017 07:13:44 +0000 (12:43 +0530)]
chcr - Add debug counters
Count types of operation done by HW.
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Harsh Jain [Thu, 15 Jun 2017 07:13:43 +0000 (12:43 +0530)]
crypto: chcr - Add ctr mode and process large sg entries for cipher
It send multiple WRs to H/W to handle large sg lists. Adds ctr(aes)
and rfc(ctr(aes)) modes.
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Harsh Jain [Thu, 15 Jun 2017 07:13:42 +0000 (12:43 +0530)]
crypto: chcr - Avoid changing request structure
Do not update assoclen received in aead_request.
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Harsh Jain [Thu, 15 Jun 2017 07:13:41 +0000 (12:43 +0530)]
crypto: chcr - Return correct error code
Return correct error instead of EINVAL.
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Harsh Jain [Thu, 15 Jun 2017 07:13:40 +0000 (12:43 +0530)]
crypto: chcr - Fix fallback key setting
Set key of fallback tfm for rfc4309.
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Harsh Jain [Thu, 15 Jun 2017 07:13:39 +0000 (12:43 +0530)]
crypto: chcr - Pass lcb bit setting to firmware
GCM and CBC mode of operation requires Last Cipher Block.
This patch set lcb bit in WR header when required.
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Colin Ian King [Tue, 13 Jun 2017 08:52:54 +0000 (09:52 +0100)]
crypto: cavium - fix spelling mistake "Revsion" -> "Revision"
Trivial fix to spelling mistake in seq_printf message
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Colin Ian King [Tue, 13 Jun 2017 08:46:47 +0000 (09:46 +0100)]
crypto: omap-aes - fix spelling mistake "Encryptio" -> "Encryption"
Trivial fix to spelling mistake in pr_err message
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stephan Mueller [Mon, 12 Jun 2017 21:27:51 +0000 (23:27 +0200)]
crypto: testmgr - add testvector for pkcs1pad(rsa)
The PKCS#1 RSA implementation is provided with a self test with RSA 2048
and SHA-256. This self test implicitly covers other RSA keys and other
hashes. Also, this self test implies that the pkcs1pad(rsa) is FIPS
140-2 compliant.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Sean Wang [Mon, 12 Jun 2017 15:56:56 +0000 (23:56 +0800)]
MAINTAINERS: add entry for MediaTek Random Number Generator
I work for MediaTek on maintaining the MediaTek RNG driver
for the existing SoCs and adding support for the following
SoCs.
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Sean Wang [Mon, 12 Jun 2017 15:56:55 +0000 (23:56 +0800)]
hwrng: mtk - add runtime PM support
Add runtime PM support. There will be the benefit on SoCs where the
clock to the RNG used can be shutdown.
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Sean Wang [Mon, 12 Jun 2017 15:56:54 +0000 (23:56 +0800)]
dt-bindings: rng: add MediaTek MT7622 Hardware Random Generator bindings
Document the bindings used by MediaTek MT7622 SoC hardware random number
generator.
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jason A. Donenfeld [Sun, 11 Jun 2017 21:20:23 +0000 (23:20 +0200)]
crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
Otherwise, we enable all sorts of forgeries via timing attack.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Suggested-by: Stephan Müller <smueller@chronox.de>
Cc: stable@vger.kernel.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Christophe Jaillet [Sat, 10 Jun 2017 12:54:33 +0000 (14:54 +0200)]
crypto: crypto4xx - fix an error code
If 'kzalloc' fails, we return 0 which means success.
return -ENOMEM instead as already done a few lines above.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Tue, 6 Jun 2017 13:44:16 +0000 (15:44 +0200)]
crypto: engine - replace pr_xxx by dev_xxx
By adding a struct device *dev to struct engine, we could store the
device used at register time and so use all dev_xxx functions instead of
pr_xxx.
Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Gilad Ben-Yossef [Mon, 5 Jun 2017 05:33:43 +0000 (08:33 +0300)]
crypto: testmgr - use consistent format for errors
Fix inconsistent format and spelling in hash tests error messages.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Colin Ian King [Sun, 4 Jun 2017 18:29:20 +0000 (19:29 +0100)]
crypto: brcm - fix spelling mistake: "fallbck" -> "fallback"
Trivial fix to spelling mistake in flow_log message
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Steve Lin <steven.lin1@broadcom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:39:03 +0000 (21:39 +0200)]
crypto: sun4i-ss - fix large block size support
The run-time self-tests fail quite early, as soon as the input block
size is larger than 64 bytes:
alg: hash: Test 4 failed for sha1-sun4i-ss
00000000: b9 c9 1e 52 c0 26 d8 39 81 ff f2 3c 99 b1 27 b2
00000010: 30 d6 c9 85
One thing to notice is the value of the last word, which is the one
expected (it can sometime be the last two words). The datasheet isn't
very clear about when the digest is ready to retrieve and is seems the
bit SS_DATA_END is cleared when the digest was computed *but* that
doesn't mean the digest is ready to retrieve in the registers.
A ndelay(1) is added before reading the computed digest to ensure it is
available in the SS_MD[] registers.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:39:02 +0000 (21:39 +0200)]
crypto: sun4i-ss - add the CRYPTO_ALG_KERN_DRIVER_ONLY flag
The CRYPTO_ALG_KERN_DRIVER_ONLY flag is set for hardware accelerated
ciphers accessible through a kernel driver only. This is the case for
ciphers exposed by the sun4i-ss driver. This patch sets this flag.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:39:01 +0000 (21:39 +0200)]
crypto: sun4i-ss - move from ablkcipher to skcipher API
Update the sun4i-ss driver to use the skcipher API instead of the old
ablkcipher one. It's a bit more tricky than s/ablkcipher/skcipher/, but
still nothing special and the driver's logic stays the same.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:39:00 +0000 (21:39 +0200)]
crypto: sun4i-ss - use GENMASK to generate masks
Use the GENMASK helper instead of custom calculations to generate masks,
It also helps the readability.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:38:59 +0000 (21:38 +0200)]
crypto: sun4i-ss - simplify the appended bit assignment
A bit is appended at the end of the input buffer for sha1. Simplify the
code assigning it.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:38:58 +0000 (21:38 +0200)]
crypto: sun4i-ss - simplify the pad length calculation
When sending the last block of data to the engine, it should be padded
so that the total length of the request can be given to the engine as
the last 2 words of the last 64 bytes block.
Simplify the calculation of this pad offset.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:38:57 +0000 (21:38 +0200)]
crypto: sun4i-ss - do not dynamically set parts of the last buffer to 0
Parts of the bf buffer were dynamically set to 0. Change this to set the
whole buffer to 0 by default to avoid any mistake.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:38:56 +0000 (21:38 +0200)]
crypto: sun4i-ss - cannot use DMA is the request is 0 length
Do not use DMA is the request is 0 length.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:38:55 +0000 (21:38 +0200)]
crypto: sun4i-ss - use lower/upper_32_bits helpers
Replace custom bit shifts and masks with lower/upper_32_bits helpers.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:38:54 +0000 (21:38 +0200)]
crypto: sun4i-ss - remove conditional checks against 0
Cosmetic clean up if conditional checks on 0s values.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Thu, 1 Jun 2017 19:38:53 +0000 (21:38 +0200)]
crypto: sun4i-ss - group variable definitions in sun4i_hash()
Cosmetic change to avoid having a full screen a variable definitions. It
also helps to see which variables share the same type.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Karim Eshapa [Sat, 13 May 2017 19:05:19 +0000 (21:05 +0200)]
crypto: algapi - Use pr_err common logging style.
Use more common error logging style.
Signed-off-by: Karim Eshapa <karim.eshapa@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kamil Konieczny [Fri, 12 May 2017 15:38:02 +0000 (17:38 +0200)]
crypto: doc - Fixed bugs, added example usage of calc_hash().
- Fixed bugs in example for shash and rng (added missing "*" and " *").
- Corrected pr_info() in calc_hash().
- Added example usage of calc_hash().
- No need for negate PTR_ERR to get error code, as crypto_alloc_rng
already returns negative values like ERR_PTR(-ENOMEM). Fixed.
Signed-off-by: Kamil Konieczny <k.konieczny@partner.samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Dan Carpenter [Wed, 10 May 2017 05:52:26 +0000 (08:52 +0300)]
crypto: glue_helper - Delete some dead code
We checked (nbytes < bsize) inside the loops so it's not possible to hit
the "goto done;" here. This code is cut and paste from other slightly
different loops where we don't have the check inside the loop.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Wed, 10 May 2017 00:20:27 +0000 (17:20 -0700)]
crypto: aes_ti - fix comment for MixColumns step
mix_columns() contains a comment which shows the matrix used by the
MixColumns step of AES, but the last entry in this matrix was incorrect
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Geliang Tang [Sat, 6 May 2017 15:35:29 +0000 (23:35 +0800)]
crypto: mediatek - drop .owner field in mtk_crypto_driver
Drop .owner field in mtk_crypto_driver, since platform_driver_register()
will set it automatically.
Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
George Cherian [Thu, 4 May 2017 11:34:46 +0000 (11:34 +0000)]
crypto: cavium - Add more algorithms
Add more algorithm support for the driver.
Add support for ecb(aes), cfb(aes) and ecb(des3_ede).
Signed-off-by: George Cherian <george.cherian@cavium.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
George Cherian [Thu, 4 May 2017 11:34:45 +0000 (11:34 +0000)]
crypto: cavium - Remove the individual encrypt/decrypt function for each algorithm
Remove the individual encrypt/decrypt function for easch algorithm.
This is in prepration of adding more crypto algorithms supported by
hardware. While at that simplify create_ctx_hdr/create_input_list
function interfaces.
Signed-off-by: George Cherian <george.cherian@cavium.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
George Cherian [Thu, 4 May 2017 11:34:44 +0000 (11:34 +0000)]
crypto: cavium - Downgrade the annoying misc interrupt print from dev_err to dev_dbg
Mailbox interrupt is common and it is not an error interrupt.
So downgrade the print from dev_err to dev_dbg.
Signed-off-by: George Cherian <george.cherian@cavium.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
pjambhlekar [Wed, 3 May 2017 04:02:09 +0000 (09:32 +0530)]
crypto: ccp - return NULL instead of 0
This change is to handle sparse warning. Return type of function is a pointer to the structure and
it returns 0. Instead it should return NULL.
Signed-off-by: Pushkar Jambhlekar <pushkar.iit@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Gary R Hook [Tue, 2 May 2017 22:33:40 +0000 (17:33 -0500)]
crypto: ccp - Add debugfs entries for CCP information
Expose some data about the configuration and operation of the CCP
through debugfs entries: device name, capabilities, configuration,
statistics.
Allow the user to reset the counters to zero by writing (any value)
to the 'stats' file. This can be done per queue or per device.
Changes from V1:
- Correct polarity of test when destroying devices at module unload
Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Martin Hicks [Tue, 2 May 2017 13:38:35 +0000 (09:38 -0400)]
crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
An updated patch that also handles the additional key length requirements
for the AEAD algorithms.
The max keysize is not 96. For SHA384/512 it's 128, and for the AEAD
algorithms it's longer still. Extend the max keysize for the
AEAD size for AES256 + HMAC(SHA512).
Cc: <stable@vger.kernel.org> # 3.6+
Fixes: 357fb60502ede ("crypto: talitos - add sha224, sha384 and sha512 to existing AEAD algorithms")
Signed-off-by: Martin Hicks <mort@bork.org>
Acked-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ryder Lee [Thu, 1 Jun 2017 02:30:22 +0000 (10:30 +0800)]
dt-bindings: crypto: remove mediatek ethif clock
This patch removes the parent clock 'ethif' in bindings, since we don't
need to control the parent of a clock in current clock framework.
Moreover, the clocks are get by name in the driver, thus this change
does not break backwards compatibility.
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ryder Lee [Thu, 1 Jun 2017 02:30:21 +0000 (10:30 +0800)]
crypto: mediatek - remove redundant clock setting
This patch removes redundant clock setting for 'clk_ethif', which is
the parent of 'clk_cryp'. Hence, we just need to handle its child.
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Tue, 30 May 2017 14:52:49 +0000 (17:52 +0300)]
crypto: testmgr - add genkey kpp test
The test considers a party that already has a private-public
key pair and a party that provides a NULL key. The kernel will
generate the private-public key pair for the latter, computes
the shared secret on both ends and verifies if it's the same.
The explicit private-public key pair was copied from
the previous test vector.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Tue, 30 May 2017 14:52:48 +0000 (17:52 +0300)]
crypto: ecdh - add privkey generation support
Add support for generating ecc private keys.
Generation of ecc private keys is helpful in a user-space to kernel
ecdh offload because the keys are not revealed to user-space. Private
key generation is also helpful to implement forward secrecy.
If the user provides a NULL ecc private key, the kernel will generate it
and further use it for ecdh.
Move ecdh's object files below drbg's. drbg must be present in the kernel
at the time of calling.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Reviewed-by: Stephan Müller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Srikanth Jampala [Tue, 30 May 2017 11:58:03 +0000 (17:28 +0530)]
crypto: cavium - Register the CNN55XX supported crypto algorithms.
Register the Symmetric crypto algorithms supported by
CNN55XX driver with crypto subsystem.
The following Symmetric crypto algorithms are supported,
- aes with cbc, ecb, cfb, xts, ctr and cts modes
- des3_ede with cbc and ecb modes
Signed-off-by: Srikanth Jampala <Jampala.Srikanth@cavium.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Srikanth Jampala [Tue, 30 May 2017 11:58:02 +0000 (17:28 +0530)]
crypto: cavium - Add debugfs support in CNN55XX driver.
Add debugfs support in CNN55XX Physical Function driver.
Provides hardware counters and firmware information.
Signed-off-by: Srikanth Jampala <Jampala.Srikanth@cavium.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Srikanth Jampala [Tue, 30 May 2017 11:58:01 +0000 (17:28 +0530)]
crypto: cavium - Add support for CNN55XX adapters.
Add Physical Function driver support for CNN55XX crypto adapters.
CNN55XX adapters belongs to Cavium NITROX family series,
which accelerate both Symmetric and Asymmetric crypto workloads.
These adapters have crypto engines that need firmware
to become operational.
Signed-off-by: Srikanth Jampala <Jampala.Srikanth@cavium.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Dan Carpenter [Mon, 29 May 2017 13:26:22 +0000 (16:26 +0300)]
X.509: Fix error code in x509_cert_parse()
We forgot to set the error code on this path so it could result in
returning NULL which leads to a NULL dereference.
Fixes: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stephan Mueller [Fri, 26 May 2017 10:12:51 +0000 (12:12 +0200)]
crypto: drbg - Fixes panic in wait_for_completion call
Initialise ctr_completion variable before use.
Signed-off-by: Harsh Jain <harshjain.prof@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:16 +0000 (10:18 +0300)]
crypto: pkcs1pad - comply with crypto_akcipher_maxsize()
crypto_akcipher_maxsize() asks for the output buffer size without
caring for errors. It allways assume that will be called after
a valid setkey. Comply with it and return what he wants.
crypto_akcipher_maxsize() now returns an unsigned int.
Remove the unnecessary check.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:15 +0000 (10:18 +0300)]
crypto: qat - comply with crypto_akcipher_maxsize()
crypto_akcipher_maxsize() asks for the output buffer size without
caring for errors. It allways assume that will be called after
a valid setkey. Comply with it and return what he wants.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:14 +0000 (10:18 +0300)]
crypto: caampkc - comply with crypto_akcipher_maxsize()
crypto_akcipher_maxsize() asks for the output buffer size without
caring for errors. It allways assume that will be called after
a valid setkey. Comply with it and return what he wants.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:13 +0000 (10:18 +0300)]
crypto: rsa - comply with crypto_akcipher_maxsize()
crypto_akcipher_maxsize() asks for the output buffer size without
caring for errors. It allways assume that will be called after
a valid setkey. Comply with it and return what he wants.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:12 +0000 (10:18 +0300)]
crypto: akcipher - assume key is already set in maxsize
As of now, crypto_akcipher_maxsize() can not be reached without
successfully setting the key for the transformation. akcipher
algorithm implementations check if the key was set and then return
the output buffer size required for the given key.
Change the return type to unsigned int and always assume that this
function is called after a successful setkey of the transformation.
akcipher algorithm implementations will remove the check if key is not NULL
and directly return the max size.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:11 +0000 (10:18 +0300)]
crypto: qat - comply with crypto_kpp_maxsize()
crypto_kpp_maxsize() asks for the output buffer size without
caring for errors. It allways assume that will be called after
a valid setkey. Comply with it and return what he wants.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:10 +0000 (10:18 +0300)]
crypto: ecdh - comply with crypto_kpp_maxsize()
crypto_kpp_maxsize() asks for the output buffer size without
caring for errors. It allways assume that will be called after
a valid setkey. Comply with it and return what he wants.
nbytes has no sense now, remove it and directly return the maxsize.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:09 +0000 (10:18 +0300)]
crypto: dh - comply with crypto_kpp_maxsize()
crypto_kpp_maxsize() asks for the output buffer size without
caring for errors. It allways assume that will be called after
a valid setkey. Comply with it and return what he wants.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:08 +0000 (10:18 +0300)]
crypto: kpp - assume key is already set in maxsize
As of now, crypto_kpp_maxsize() can not be reached without successfully
setting the key for the transformation. kpp algorithm implementations
check if the key was set and then return the output buffer size
required for the given key.
Change the return type to unsigned int and always assume that this
function is called after a successful setkey of the transformation.
kpp algorithm implementations will remove the check if key is not NULL
and directly return the max size.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:07 +0000 (10:18 +0300)]
crypto: dh - fix memleak in setkey
setkey can be called multiple times during the existence
of the transformation object. In case of multiple setkey calls,
the old key was not freed and we leaked memory.
Free the old MPI key if any.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Tue, 30 May 2017 12:37:56 +0000 (15:37 +0300)]
crypto: ecc - rename ecdh_make_pub_key()
Rename ecdh_make_pub_key() to ecc_make_pub_key().
ecdh_make_pub_key() is not dh specific and the reference
to dh is wrong.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:05 +0000 (10:18 +0300)]
crypto: ecc - remove unnecessary casts
ecc software implementation works with chunks of u64 data. There were some
unnecessary casts to u8 and then back to u64 for the ecc keys. This patch
removes the unnecessary casts.
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:04 +0000 (10:18 +0300)]
crypto: ecc - remove unused function arguments
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor-Dan Ambarus [Thu, 25 May 2017 07:18:03 +0000 (10:18 +0300)]
crypto: kpp, (ec)dh - fix typos
While here, add missing argument description (ndigits).
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Wed, 24 May 2017 14:10:35 +0000 (16:10 +0200)]
MAINTAINERS: add a maintainer for the Inside Secure crypto driver
A new cryptographic engine driver was added in
drivers/crypto/inside-secure. Add myself as a maintainer for this
driver.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Antoine Ténart [Wed, 24 May 2017 14:10:34 +0000 (16:10 +0200)]
crypto: inside-secure - add SafeXcel EIP197 crypto engine driver
Add support for Inside Secure SafeXcel EIP197 cryptographic engine,
which can be found on Marvell Armada 7k and 8k boards. This driver
currently implements: ecb(aes), cbc(aes), sha1, sha224, sha256 and
hmac(sah1) algorithms.
Two firmwares are needed for this engine to work. Their are mostly used
for more advanced operations than the ones supported (as of now), but we
still need them to pass the data to the internal cryptographic engine.
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Wed, 24 May 2017 07:35:34 +0000 (10:35 +0300)]
crypto: omap-sham - force word alignment on the xmit-buf also
This was previously missed from the code, causing SDMA to hang in
some cases where the buffer ended up being not aligned.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Wed, 24 May 2017 07:35:33 +0000 (10:35 +0300)]
crypto: omap-sham - fix closing of hash with separate finalize call
Currently there is an interesting corner case failure with omap-sham
driver, if the finalize call is done separately with no data, but
all previous data has already been processed. In this case, it is not
possible to close the hash with the hardware without providing any data,
so we get incorrect results. Fix this by adjusting the size of data
sent to the hardware crypto engine in case the non-final data size falls
on the block size boundary, by reducing the amount of data sent by one
full block. This makes it sure that we always have some data available
for the finalize call and we can close the hash properly.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Reported-by: Aparna Balasubramanian <aparnab@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>