summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* crypto: hisilicon/sec2 - fix some coding stylesLongfang Liu2020-07-161-5/+4
| | | | | | | | Modify some log output interfaces and update author information Signed-off-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: hisilicon/sec2 - update debugfs interface parametersLongfang Liu2020-07-161-27/+27
| | | | | | | | Update debugfs interface parameters, and adjust the processing logic inside the corresponding function Signed-off-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: hisilicon/sec2 - update SEC initialization and resetLongfang Liu2020-07-162-27/+29
| | | | | | | | Updates the initialization and reset of SEC driver's register operation. Signed-off-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto:hisilicon/sec2 - update busy processing logicKai Ye2020-07-163-25/+71
| | | | | | | | | | | | | | | | | | | As before, if a SEC queue is at the 'fake busy' status, the request with a 'fake busy' flag will be sent into hardware and the sending function returns busy. After the request is finished, SEC driver's call back will identify the 'fake busy' flag, and notifies the user that hardware is not busy now by calling user's call back function. Now, a request sent into busy hardware will be cached in the SEC queue's backlog, return '-EBUSY' to user. After the request being finished, the cached requests will be processed in the call back function. to notify the corresponding user that SEC queue can process more requests. Signed-off-by: Kai Ye <yekai13@huawei.com> Reviewed-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: hisilicon/sec2 - clear SEC debug regsKai Ye2020-07-161-0/+7
| | | | | | | | | SEC debug registers aren't cleared even if its driver is removed, so add a clearing operation in driver removing. Signed-off-by: Kai Ye <yekai13@huawei.com> Reviewed-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: caam - Remove broken arc4 supportHerbert Xu2020-07-162-30/+0
| | | | | | | | | | | | | | | The arc4 algorithm requires storing state in the request context in order to allow more than one encrypt/decrypt operation. As this driver does not seem to do that, it means that using it for more than one operation is broken. Fixes: eaed71a44ad9 ("crypto: caam - add ecb(*) support") Link: https://lore.kernel.org/linux-crypto/CAMj1kXGvMe_A_iQ43Pmygg9xaAM-RLy=_M=v+eg--8xNmv9P+w@mail.gmail.com Link: https://lore.kernel.org/linux-crypto/20200702101947.682-1-ardb@kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm/ghash - use variably sized key structArd Biesheuvel2020-07-091-27/+24
| | | | | | | | | | | | Of the two versions of GHASH that the ARM driver implements, only one performs aggregation, and so the other one has no use for the powers of H to be precomputed, or space to be allocated for them in the key struct. So make the context size dependent on which version is being selected, and while at it, use a static key to carry this decision, and get rid of the function pointer. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/gcm - use inline helper to suppress indirect callsArd Biesheuvel2020-07-091-39/+46
| | | | | | | | | | | Introduce an inline wrapper for ghash_do_update() that incorporates the indirect call to the asm routine that is passed as an argument, and keep the non-SIMD fallback code out of line. This ensures that all references to the function pointer are inlined where the address is taken, removing the need for any indirect calls to begin with. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/gcm - use variably sized key structArd Biesheuvel2020-07-091-28/+21
| | | | | | | | | Now that the ghash and gcm drivers are split, we no longer need to allocate a key struct for the former that carries powers of H that are only used by the latter. Also, take this opportunity to clean up the code a little bit. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/gcm - disentangle ghash and gcm setkey() routinesArd Biesheuvel2020-07-091-25/+22
| | | | | | | | | | The remaining ghash implementation does not support aggregation, and so there is no point in including the precomputed powers of H in the key struct. So move that into the GCM setkey routine, and get rid of the shared sub-routine entirely. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/ghash - drop PMULL based shashArd Biesheuvel2020-07-091-78/+12
| | | | | | | | | | | | | | | | | There are two ways to implement SIMD accelerated GCM on arm64: - using the PMULL instructions for carryless 64x64->128 multiplication, in which case the architecture guarantees that the AES instructions are available as well, and so we can use the AEAD implementation that combines both, - using the PMULL instructions for carryless 8x8->16 bit multiplication, which is implemented as a shash, and can be combined with any ctr(aes) implementation by the generic GCM AEAD template driver. So let's drop the 64x64->128 shash driver, which is never needed for GCM, and not suitable for use anywhere else. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: hisilicon/zip - permit users to specify NUMA nodeBarry Song2020-07-093-6/+7
| | | | | | | | | | If users don't specify NUMA node, the driver will use the ZIP module near the CPU allocating acomp. Otherwise, it uses the ZIP module according to the requirement of users. Cc: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Barry Song <song.bao.hua@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: api - permit users to specify numa node of acomp hardwareBarry Song2020-07-095-13/+62
| | | | | | | | | | | | | | | | | | | For a Linux server with NUMA, there are possibly multiple (de)compressors which are either local or remote to some NUMA node. Some drivers will automatically use the (de)compressor near the CPU calling acomp_alloc(). However, it is not necessarily correct because users who send acomp_req could be from different NUMA node with the CPU which allocates acomp. Just like kernel has kmalloc() and kmalloc_node(), here crypto can have same support. Cc: Seth Jennings <sjenning@redhat.com> Cc: Dan Streetman <ddstreet@ieee.org> Cc: Vitaly Wool <vitaly.wool@konsulko.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by: Barry Song <song.bao.hua@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aesni - Fix build with LLVM_IAS=1Sedat Dilek2020-07-091-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When building with LLVM_IAS=1 means using Clang's Integrated Assembly (IAS) from LLVM/Clang >= v10.0.1-rc1+ instead of GNU/as from GNU/binutils I see the following breakage in Debian/testing AMD64: <instantiation>:15:74: error: too many positional arguments PRECOMPUTE 8*3+8(%rsp), %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, ^ arch/x86/crypto/aesni-intel_asm.S:1598:2: note: while in macro instantiation GCM_INIT %r9, 8*3 +8(%rsp), 8*3 +16(%rsp), 8*3 +24(%rsp) ^ <instantiation>:47:2: error: unknown use of instruction mnemonic without a size suffix GHASH_4_ENCRYPT_4_PARALLEL_dec %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, enc ^ arch/x86/crypto/aesni-intel_asm.S:1599:2: note: while in macro instantiation GCM_ENC_DEC dec ^ <instantiation>:15:74: error: too many positional arguments PRECOMPUTE 8*3+8(%rsp), %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, ^ arch/x86/crypto/aesni-intel_asm.S:1686:2: note: while in macro instantiation GCM_INIT %r9, 8*3 +8(%rsp), 8*3 +16(%rsp), 8*3 +24(%rsp) ^ <instantiation>:47:2: error: unknown use of instruction mnemonic without a size suffix GHASH_4_ENCRYPT_4_PARALLEL_enc %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, enc ^ arch/x86/crypto/aesni-intel_asm.S:1687:2: note: while in macro instantiation GCM_ENC_DEC enc Craig Topper suggested me in ClangBuiltLinux issue #1050: > I think the "too many positional arguments" is because the parser isn't able > to handle the trailing commas. > > The "unknown use of instruction mnemonic" is because the macro was named > GHASH_4_ENCRYPT_4_PARALLEL_DEC but its being instantiated with > GHASH_4_ENCRYPT_4_PARALLEL_dec I guess gas ignores case on the > macro instantiation, but llvm doesn't. First, I removed the trailing comma in the PRECOMPUTE line. Second, I substituted: 1. GHASH_4_ENCRYPT_4_PARALLEL_DEC -> GHASH_4_ENCRYPT_4_PARALLEL_dec 2. GHASH_4_ENCRYPT_4_PARALLEL_ENC -> GHASH_4_ENCRYPT_4_PARALLEL_enc With these changes I was able to build with LLVM_IAS=1 and boot on bare metal. I confirmed that this works with Linux-kernel v5.7.5 final. NOTE: This patch is on top of Linux v5.7 final. Thanks to Craig and especially Nick for double-checking and his comments. Suggested-by: Craig Topper <craig.topper@intel.com> Suggested-by: Craig Topper <craig.topper@gmail.com> Suggested-by: Nick Desaulniers <ndesaulniers@google.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Cc: "ClangBuiltLinux" <clang-built-linux@googlegroups.com> Link: https://github.com/ClangBuiltLinux/linux/issues/1050 Link: https://bugs.llvm.org/show_bug.cgi?id=24494 Signed-off-by: Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: ccp - Fix sparse warningsHerbert Xu2020-07-093-13/+12
| | | | | | | | | This patch fixes a number of endianness marking issues in the ccp driver. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: John Allen <john.allen@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: af_alg - Fix regression on empty requestsHerbert Xu2020-07-091-1/+1
| | | | | | | | | | | | | | Some user-space programs rely on crypto requests that have no control metadata. This broke when a check was added to require the presence of control metadata with the ctx->init flag. This patch fixes the regression by setting ctx->init as long as one sendmsg(2) has been made, with or without a control message. Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org> Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when...") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: virtio - constify features[] and id_table[]Rikard Falkeborn2020-07-091-2/+2
| | | | | | | | | | | | | | | | features[] and id_table[] are not modified and can be made const to allow the compiler to put them in read-only memory. Before: text data bss dec hex filename 11534 2056 160 13750 35b6 drivers/crypto/virtio/virtio_crypto_core.o After: text data bss dec hex filename 11630 1992 128 13750 35b6 drivers/crypto/virtio/virtio_crypto_core.o Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: virtio - Constify id_table[]Rikard Falkeborn2020-07-091-1/+1
| | | | | | | | | | | | | | | | id_table[] is not modified and an be made const to allow the compiler to put it in read-only memory. Before: text data bss dec hex filename 1746 192 8 1946 79a drivers/char/hw_random/virtio-rng.o After: text data bss dec hex filename 1762 176 8 1946 79a drivers/char/hw_random/virtio-rng.o Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: nomadik - Constify nmk_rng_ids[]Rikard Falkeborn2020-07-091-1/+1
| | | | | | | | | | | | | | | | | nmk_rng_ids[] is not modified and can be made const to allow the compiler to put it in read-only memory. Before: text data bss dec hex filename 652 216 4 872 368 drivers/char/hw_random/nomadik-rng.o After: text data bss dec hex filename 676 192 4 872 368 drivers/char/hw_random/nomadik-rng.o Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: bcm2835 - Constify bcm2835_rng_devtype[]Rikard Falkeborn2020-07-091-1/+1
| | | | | | | | | | | | | | | | | bcm2835_rng_devtype[] is not modified and can be made const to allow the compiler to put it in read-only memory. Before: text data bss dec hex filename 2392 176 0 2568 a08 drivers/char/hw_random/bcm2835-rng.o After: text data bss dec hex filename 2464 104 0 2568 a08 drivers/char/hw_random/bcm2835-rng.o Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Acked-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: ba431 - HW_RANDOM_BA431 should not default to yGeert Uytterhoeven2020-07-091-3/+0
| | | | | | | | | As HW_RANDOM_BA431 does not have any platform dependency, it should not default to enabled. Fixes: 0289e9be5dc26d84 ("hwrng: ba431 - add support for BA431 hwrng") Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: ba431 - Add dependency on HAS_IOMEMHerbert Xu2020-07-091-0/+1
| | | | | | | | | The ba431 driver depends on HAS_IOMEM and this was missing from the Kconfig file. Reported-by: kernel test robot <lkp@intel.com> Fixes: 0289e9be5dc2 ("hwrng: ba431 - add support for BA431 hwrng") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qat - fallback for xts with 192 bit keysGiovanni Cabiddu2020-07-091-3/+65
| | | | | | | | | | | | | Forward requests to another provider if the key length for AES-XTS is 192 bits as this is not supported by the QAT accelerators. This fixes the following issue reported with the option CONFIG_CRYPTO_MANAGER_EXTRA_TESTS: alg: skcipher: qat_aes_xts setkey failed on test vector "random: len=3204 klen=48"; expected_error=0, actual_error=-22, flags=0x1 Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qat - remove unused field in skcipher ctxGiovanni Cabiddu2020-07-091-4/+0
| | | | | | | | Remove tfm field in qat_alg_skcipher_ctx structure. This is not used. Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qat - validate xts keyGiovanni Cabiddu2020-07-091-0/+6
| | | | | | | | Validate AES-XTS key using the function xts_verify_key() to prevent malformed keys. Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qat - allow xts requests not multiple of blockGiovanni Cabiddu2020-07-091-2/+20
| | | | | | | | | | | | | Allow AES-XTS requests that are not multiple of the block size. If a request is smaller than the block size, return -EINVAL. This fixes the following issue reported by the crypto testmgr self-test: alg: skcipher: qat_aes_xts encryption failed on test vector "random: len=116 klen=64"; expected_error=0, actual_error=-22, cfg="random: inplace may_sleep use_finup src_divs=[<reimport>45.85%@+4077, <flush>54.15%@alignmask+18]" Fixes: 96ee111a659e ("crypto: qat - return error for block...") Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: octeon - Fix sparse warningsHerbert Xu2020-07-091-3/+3
| | | | | | | This patch fixes a bunch of sparse warnings by adding __force tags when casting __iomem poitners to u64. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: pic32 - Fix W=1 unused variable warningHerbert Xu2020-07-091-1/+1
| | | | | | | This patch fixes an unused variable warning when this driver is built-in with CONFIG_OF=n. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: st - Fix W=1 unused variable warningHerbert Xu2020-07-091-1/+2
| | | | | | | This patch fixes an unused variable warning when this driver is built-in with CONFIG_OF=n. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: bcm2835 - Fix W=1 unused variable warningHerbert Xu2020-07-091-2/+1
| | | | | | | This patch fixes an unused variable warning when this driver is built with CONFIG_OF=n. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: hisi - Fix W=1 unused variable warningHerbert Xu2020-07-091-1/+1
| | | | | | | This patch fixes an unused variable warning when this driver is built-in with CONFIG_OF=n. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: omap - Fix W=1 unused variable warningHerbert Xu2020-07-091-9/+2
| | | | | | | | | This patch fixes an unused variable warning when this driver is built-in with CONFIG_OF=n. While we're at it this patch also expands the compiler coverage when CONFIG_OF is off by removing all the CONFIG_OF ifdefs. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: npcm - Fix W=1 unused variable warningHerbert Xu2020-07-091-1/+1
| | | | | | | | This patch fixes an unused variable warning when this driver is built-in with CONFIG_OF=n. Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* Merge branch 'ux500'Herbert Xu2020-07-091-9/+9
|\ | | | | | | The change on the ux500 branch is needed by the regulator API.
| * crypto: ux500/hash - Add namespacing to hash_init()Lee Jones2020-07-091-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A recent change to the Regulator consumer API (which this driver utilises) add prototypes for the some suspend functions. These functions require including header file include/linux/suspend.h. The following tree of includes affecting this driver will be present: In file included from include/linux/elevator.h:6, from include/linux/blkdev.h:288, from include/linux/blk-cgroup.h:23, from include/linux/writeback.h:14, from include/linux/memcontrol.h:22, from include/linux/swap.h:9, from include/linux/suspend.h:5, from include/linux/regulator/consumer.h:35, from drivers/crypto/ux500/hash/hash_core.c:28: include/linux/elevator.h pulls in include/linux/hashtable.h which contains its own version of hash_init(). This confuses the build system and results in the following error (amongst others): drivers/crypto/ux500/hash/hash_core.c:1362:19: error: passing argument 1 of '__hash_init' from incompatible pointer type [-Werror=incompatible-pointer-types] 1362 | return hash_init(req); Fix this by namespacing the local hash_init() such that the source of confusion is removed. Cc: Linus Walleij <linus.walleij@linaro.org> Cc: David S. Miller <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ccp - Update CCP driver maintainer informationTom Lendacky2020-07-031-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | Add John Allen as a new CCP driver maintainer. Additionally, break out the driver SEV support and create a new maintainer entry, with Brijesh Singh and Tom Lendacky as maintainers. Cc: John Allen <john.allen@amd.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: John Allen <john.allen@amd.com> Acked-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: cpt - Fix sparse warningsHerbert Xu2020-07-033-23/+22
| | | | | | | | | | | | | | | | | | | | | | | | This patch fixes all the sparse warnings in the octeontx driver. Some of these are just trivial type changes. However, some of the changes are non-trivial on little-endian hosts. Obviously the driver appears to be broken on either LE or BE as it was doing different things. I've taken the BE behaviour as the correct one. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: hisilicon/qm - Change type of pasid to u32Fenghua Yu2020-07-031-2/+2
| | | | | | | | | | | | | | | | | | | | PASID is defined as "int" although it's a 20-bit value and shouldn't be negative int. To be consistent with PASID type in iommu, define PASID as "u32". Suggested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Fenghua Yu <fenghua.yu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: aesni - add compatibility with IASJian Cai2020-07-031-11/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clang's integrated assembler complains "invalid reassignment of non-absolute variable 'var_ddq_add'" while assembling arch/x86/crypto/aes_ctrby8_avx-x86_64.S. It was because var_ddq_add was reassigned with non-absolute values several times, which IAS did not support. We can avoid the reassignment by replacing the uses of var_ddq_add with its definitions accordingly to have compatilibility with IAS. Link: https://github.com/ClangBuiltLinux/linux/issues/1008 Reported-by: Sedat Dilek <sedat.dilek@gmail.com> Reported-by: Fangrui Song <maskray@google.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # build+boot Linux v5.7.5; clang v11.0.0-git Signed-off-by: Jian Cai <caij2003@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ccp - Fix use of merged scatterlistsJohn Allen2020-07-032-11/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Running the crypto manager self tests with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS may result in several types of errors when using the ccp-crypto driver: alg: skcipher: cbc-des3-ccp encryption failed on test vector 0; expected_error=0, actual_error=-5 ... alg: skcipher: ctr-aes-ccp decryption overran dst buffer on test vector 0 ... alg: ahash: sha224-ccp test failed (wrong result) on test vector ... These errors are the result of improper processing of scatterlists mapped for DMA. Given a scatterlist in which entries are merged as part of mapping the scatterlist for DMA, the DMA length of a merged entry will reflect the combined length of the entries that were merged. The subsequent scatterlist entry will contain DMA information for the scatterlist entry after the last merged entry, but the non-DMA information will be that of the first merged entry. The ccp driver does not take this scatterlist merging into account. To address this, add a second scatterlist pointer to track the current position in the DMA mapped representation of the scatterlist. Both the DMA representation and the original representation of the scatterlist must be tracked as while most of the driver can use just the DMA representation, scatterlist_map_and_copy() must use the original representation and expects the scatterlist pointer to be accurate to the original representation. In order to properly walk the original scatterlist, the scatterlist must be walked until the combined lengths of the entries seen is equal to the DMA length of the current entry being processed in the DMA mapped representation. Fixes: 63b945091a070 ("crypto: ccp - CCP device driver and interface support") Signed-off-by: John Allen <john.allen@amd.com> Cc: stable@vger.kernel.org Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: qce/sha - Do not modify scatterlist passed along with requestSivaprakash Murugesan2020-07-031-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Crypto test driver's test_ahash_speed calls crypto_ahash_update and crypto_ahash_final APIs repeatedly for all the available test vector buffer lengths. if we mark the end for scatterlist based on the current vector size then the subsequent vectors might fail if the later buffer lengths are higher. To avoid this, in qce do not mark the end of scatterlist in update API, the qce_ahash_async_req_handle API already takes care of this copying right amount of buffer from the request scatter list. Signed-off-by: Sivaprakash Murugesan <sivaprak@codeaurora.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: qce - re-initialize context on importSivaprakash Murugesan2020-07-031-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | crypto testmgr deliberately corrupts the request context while passing vectors to the import. This is to make sure that drivers do not rely on request but they take all the necessary input from io vec passed to it. qce casts the request context from request parameter, since it is corrupted the sub squent hash request fails and qce hangs. To avoid this re-initialize request context on import. The qce import API alreasy takes care of taking the input vectors from passed io vec. Signed-off-by: Sivaprakash Murugesan <sivaprak@codeaurora.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: qce - support zero length test vectorsSivaprakash Murugesan2020-07-033-1/+21
| | | | | | | | | | | | | | | | | | crypto test module passes zero length vectors as test input to sha-1 and sha-256. To provide correct output for these vectors, hash zero support has been added as in other crypto drivers. Signed-off-by: Sivaprakash Murugesan <sivaprak@codeaurora.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: sun8i-ce - Fix runtime PM imbalance in sun8i_ce_cipher_initDinghao Liu2020-07-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | pm_runtime_get_sync() increments the runtime PM usage counter even the call returns an error code. Thus a corresponding decrement is needed on the error handling path to keep the counter balanced. Fix this by adding the missed function call. Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ccree - remove unused fieldGilad Ben-Yossef2020-06-261-1/+0
| | | | | | | | | | | | | | Remove yet another unused field left over from times gone by. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ccree - adapt ccree essiv support to kcapiGilad Ben-Yossef2020-06-261-31/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ESSIV support in ccree was added before the kernel generic support and using a slightly different API. Brings the ccree essiv interface into compliance with kernel crypto api one. Since CryptoCell only support 256 bit AES key for ESSIV, also use a fallback if requested a smaller key size. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Libo Wang <libo.wang@arm.com> Cc: Markus Elfring <Markus.Elfring@web.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ccree - fix resource leak on error pathGilad Ben-Yossef2020-06-261-12/+18
| | | | | | | | | | | | | | | | | | Fix a small resource leak on the error path of cipher processing. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Fixes: 63ee04c8b491e ("crypto: ccree - add skcipher support") Cc: Markus Elfring <Markus.Elfring@web.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: caam/qi2 - fix return code in ahash_finup_no_ctx()Horia Geantă2020-06-261-4/+6
| | | | | | | | | | | | | | | | | | | | | | ahash_finup_no_ctx() returns -ENOMEM in most error cases, and this is fine for almost all of them. However, the return code provided by dpaa2_caam_enqueue() (e.g. -EIO or -EBUSY) shouldn't be overridden by -ENOMEM. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: img-hash - remove redundant initialization of variable errColin Ian King2020-06-261-1/+1
| | | | | | | | | | | | | | | | | | | | The variable err is being initialized with a value that is never read and it is being updated later with a new value. The initialization is redundant and can be removed. Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ccp - remove redundant assignment to variable retColin Ian King2020-06-261-1/+0
| | | | | | | | | | | | | | | | | | | | | | The variable ret is being assigned with a value that is never read and it is being updated later with a new value. The assignment is redundant and can be removed. Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>