summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* crypto: caam - don't leak pointers to authenc keysTudor-Dan Ambarus2018-03-301-0/+2
| | | | | | | | | | | In caam's aead_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: lrw - Free rctx->ext with kzfreeHerbert Xu2018-03-301-1/+1
| | | | | | | | | | The buffer rctx->ext contains potentially sensitive data and should be freed with kzfree. Cc: <stable@vger.kernel.org> Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: talitos - fix IPsec cipher in lengthLEROY Christophe2018-03-301-16/+20
| | | | | | | | | | | | | For SEC 2.x+, cipher in length must contain only the ciphertext length. In case of using hardware ICV checking, the ICV length is provided via the "extent" field of the descriptor pointer. Cc: <stable@vger.kernel.org> # 4.8+ Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using HMAC_SNOOP_NO_AFEU") Reported-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Tested-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()Andy Shevchenko2018-03-303-34/+17
| | | | | | | | | | Deduplicate le32_to_cpu_array() and cpu_to_le32_array() by moving them to the generic header. No functional change implied. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: doc - clarify hash callbacks state machineHoria Geantă2018-03-301-0/+8
| | | | | | | | | | | Add a note that it is perfectly legal to "abandon" a request object: - call .init() and then (as many times) .update() - _not_ call any of .final(), .finup() or .export() at any point in future Link: https://lkml.kernel.org/r/20180222114741.GA27631@gondor.apana.org.au Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: api - Keep failed instances aliveHerbert Xu2018-03-302-17/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch reverts commit 9c521a200bc3 ("crypto: api - remove instance when test failed") and fixes the underlying problem in a different way. To recap, prior to the reverted commit, an instance that fails a self-test is kept around. However, it would satisfy any new lookups against its name and therefore the system may accumlulate an unbounded number of failed instances for the same algorithm name. The reverted commit fixed it by unregistering the instance. Hoever, this still does not prevent the creation of the same failed instance over and over again each time the name is looked up. This patch fixes it by keeping the failed instance around, just as we would if it were a normal algorithm. However, the lookup code has been udpated so that we do not attempt to create another instance as long as this failed one is still registered. Of course, you could still force a new creation by deleting the instance from user-space. A new error (ELIBBAD) has been commandeered for this purpose and will be returned when all registered algorithm of a given name have failed the self-test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: api - Make crypto_alg_lookup staticHerbert Xu2018-03-302-3/+2
| | | | | | | | The function crypto_alg_lookup is only usd within the crypto API and should be not be exported to the modules. This patch marks it as a static function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: api - Remove unused crypto_type lookup functionHerbert Xu2018-03-302-8/+1
| | | | | | | | | | The lookup function in crypto_type was only used for the implicit IV generators which have been completely removed from the crypto API. This patch removes the lookup function as it is now useless. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: chelsio - Remove declaration of static function from headerHarsh Jain2018-03-302-147/+145
| | | | | | | | | It fixes compilation warning introduced in commit Fixes: 5110e65536f3 ("crypto: chelsio - Split Hash requests for...") Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - hmac(sha224) supportAntoine Tenart2018-03-303-0/+58
| | | | | | | | This patch adds the hmac(sha224) support to the Inside Secure cryptographic engine driver. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - hmac(sha256) supportAntoine Tenart2018-03-303-9/+75
| | | | | | | | This patch adds the hmac(sha256) support to the Inside Secure cryptographic engine driver. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - the context ipad/opad should use the state szAntoine Tenart2018-03-301-4/+4
| | | | | | | | | | | | This patches uses the state size of the algorithms instead of their digest size to copy the ipad and opad in the context. This doesn't fix anything as the state and digest size are the same for many algorithms, and for all the hmac currently supported by this driver. However hmac(sha224) use the sha224 hash function which has a different digest and state size. This commit prepares the addition of such algorithms. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - improve the skcipher tokenAntoine Tenart2018-03-301-1/+2
| | | | | | | | | | | | | The token used for encryption and decryption of skcipher algorithms sets its stat field to "last packet". As it's a cipher only algorithm, there is not hash operation and thus the "last hash" bit should be set to tell the internal engine no hash operation should be performed. This does not fix a bug, but improves the token definition to follow exactly what's advised by the datasheet. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - do not access buffers mapped to the deviceAntoine Tenart2018-03-301-4/+4
| | | | | | | | | | This patches update the way the digest is copied from the state buffer to the result buffer, so that the copy only happen after the state buffer was DMA unmapped, as otherwise the buffer would be owned by the device. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - improve the send error pathAntoine Tenart2018-03-301-2/+5
| | | | | | | | | This patch improves the send error path as it wasn't handling all error cases. A new label is added, and some of the goto are updated to point to the right labels, so that the code is more robust to errors. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - fix a typo in a register nameAntoine Tenart2018-03-302-2/+2
| | | | | | | | | This patch fixes a typo in the EIP197_HIA_xDR_WR_CTRL_BUG register name, as it should be EIP197_HIA_xDR_WR_CTRL_BUF. This is a cosmetic only change. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - fix typo s/allways/always/ in a defineAntoine Tenart2018-03-302-2/+2
| | | | | | | | Small cosmetic patch fixing one typo in the EIP197_HIA_DSE_CFG_ALLWAYS_BUFFERABLE macro, it should be _ALWAYS_. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - move the digest to the request contextAntoine Tenart2018-03-301-12/+18
| | | | | | | | | | | | | | | | This patches moves the digest information from the transformation context to the request context. This fixes cases where HMAC init functions were called and override the digest value for a short period of time, as the HMAC init functions call the SHA init one which reset the value. This lead to a small percentage of HMAC being incorrectly computed under heavy load. Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") Suggested-by: Ofer Heifetz <oferh@marvell.com> Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> [Ofer here did all the work, from seeing the issue to understanding the root cause. I only made the patch.] Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: cavium - Replace mdelay with msleep in cpt_device_initJia-Ju Bai2018-03-231-1/+1
| | | | | | | | | | | | | | | | | | | cpt_device_init() is never called in atomic context. The call chain ending up at cpt_device_init() is: [1] cpt_device_init() <- cpt_probe() cpt_probe() is only set as ".probe" in pci_driver structure "cpt_pci_driver". Despite never getting called from atomic context, cpt_device_init() calls mdelay(100), i.e. busy wait for 100ms. That is not necessary and can be replaced with msleep to avoid busy waiting. This is found by a static analysis tool named DCNS written by myself. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: doc - Document remaining members in struct crypto_algGary R Hook2018-03-231-0/+8
| | | | | | | | | | Add missing comments for union members ablkcipher, blkcipher, cipher, and compress. This silences complaints when building the htmldocs. Fixes: 0d7f488f0305a (crypto: doc - cipher data structures) Signed-off-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: bfin_crc - remove blackfin CRC driverArnd Bergmann2018-03-234-885/+0
| | | | | | | | The blackfin architecture is getting removed, so this driver won't be used any more. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm,arm64 - Fix random regeneration of S_shippedLeonard Crestez2018-03-232-0/+4
| | | | | | | | | | | | | | | | | | | | | | The decision to rebuild .S_shipped is made based on the relative timestamps of .S_shipped and .pl files but git makes this essentially random. This means that the perl script might run anyway (usually at most once per checkout), defeating the whole purpose of _shipped. Fix by skipping the rule unless explicit make variables are provided: REGENERATE_ARM_CRYPTO or REGENERATE_ARM64_CRYPTO. This can produce nasty occasional build failures downstream, for example for toolchains with broken perl. The solution is minimally intrusive to make it easier to push into stable. Another report on a similar issue here: https://lkml.org/lkml/2018/3/8/1379 Signed-off-by: Leonard Crestez <leonard.crestez@nxp.com> Cc: <stable@vger.kernel.org> Reviewed-by: Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: ks-sa - add hw_random driverVitaly Andrianov2018-03-233-0/+265
| | | | | | | | | | | Keystone Security Accelerator module has a hardware random generator sub-module. This commit adds the driver for this sub-module. Signed-off-by: Vitaly Andrianov <vitalya@ti.com> [t-kristo@ti.com: dropped one unnecessary dev_err message] Signed-off-by: Tero Kristo <t-kristo@ti.com> Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* dt-bindings: rng: add bindings doc for Keystone SA HWRNG driverVitaly Andrianov2018-03-231-0/+21
| | | | | | | | | | The Keystone SA module has a hardware random generator module. This commit adds binding doc for the KS2 SA HWRNG driver. Signed-off-by: Vitaly Andrianov <vitalya@ti.com> Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> Reviewed-by: Rob Herring <robh@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - fix clock resource by adding a register clockGregory CLEMENT2018-03-233-10/+31
| | | | | | | | | | | On Armada 7K/8K we need to explicitly enable the register clock. This clock is optional because not all the SoCs using this IP need it but at least for Armada 7K/8K it is actually mandatory. The binding documentation is updated accordingly. Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - improve clock initializationGregory CLEMENT2018-03-231-5/+6
| | | | | | | | | | | | The clock is optional, but if it is present we should managed it. If there is an error while trying getting it, we should exit and report this error. So instead of returning an error only in the -EPROBE case, turn it in an other way and ignore the clock only if it is not present (-ENOENT case). Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - fix clock managementGregory CLEMENT2018-03-231-1/+1
| | | | | | | | | | | | | | In this driver the clock is got but never put when the driver is removed or if there is an error in the probe. Using the managed version of clk_get() allows to let the kernel take care of it. Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") cc: stable@vger.kernel.org Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: inside-secure - fix missing unlock on error in safexcel_ahash_send_req()weiyongjun \(A\)2018-03-231-1/+3
| | | | | | | | | | Add the missing unlock before return from function safexcel_ahash_send_req() in the error handling case. Fixes: cff9a17545a3 ("crypto: inside-secure - move cache result dma mapping to request") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Acked-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: talitos - Delete an error message for a failed memory allocation in ↵Markus Elfring2018-03-231-1/+0
| | | | | | | | | | | | talitos_edesc_alloc() Omit an extra message for a memory allocation failure in this function. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/sha256-neon - play nice with CONFIG_PREEMPT kernelsArd Biesheuvel2018-03-161-13/+23
| | | | | | | | | | | | Tweak the SHA256 update routines to invoke the SHA256 block transform block by block, to avoid excessive scheduling delays caused by the NEON algorithm running with preemption disabled. Also, remove a stale comment which no longer applies now that kernel mode NEON is actually disallowed in some contexts. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/aes-blk - add 4 way interleave to CBC-MAC encrypt pathArd Biesheuvel2018-03-161-2/+21
| | | | | | | | | | | | | | | CBC MAC is strictly sequential, and so the current AES code simply processes the input one block at a time. However, we are about to add yield support, which adds a bit of overhead, and which we prefer to align with other modes in terms of granularity (i.e., it is better to have all routines yield every 64 bytes and not have an exception for CBC MAC which yields every 16 bytes) So unroll the loop by 4. We still cannot perform the AES algorithm in parallel, but we can at least merge the loads and stores. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/aes-blk - add 4 way interleave to CBC encrypt pathArd Biesheuvel2018-03-161-6/+25
| | | | | | | | | | | | | | | CBC encryption is strictly sequential, and so the current AES code simply processes the input one block at a time. However, we are about to add yield support, which adds a bit of overhead, and which we prefer to align with other modes in terms of granularity (i.e., it is better to have all routines yield every 64 bytes and not have an exception for CBC encrypt which yields every 16 bytes) So unroll the loop by 4. We still cannot perform the AES algorithm in parallel, but we can at least merge the loads and stores. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/aes-blk - remove configurable interleaveArd Biesheuvel2018-03-162-200/+40
| | | | | | | | | | | | | | | The AES block mode implementation using Crypto Extensions or plain NEON was written before real hardware existed, and so its interleave factor was made build time configurable (as well as an option to instantiate all interleaved sequences inline rather than as subroutines) We ended up using INTERLEAVE=4 with inlining disabled for both flavors of the core AES routines, so let's stick with that, and remove the option to configure this at build time. This makes the code easier to modify, which is nice now that we're adding yield support. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/chacha20 - move kernel mode neon en/disable into loopArd Biesheuvel2018-03-161-3/+9
| | | | | | | | | | | | | | | | | | | | | | | When kernel mode NEON was first introduced on arm64, the preserve and restore of the userland NEON state was completely unoptimized, and involved saving all registers on each call to kernel_neon_begin(), and restoring them on each call to kernel_neon_end(). For this reason, the NEON crypto code that was introduced at the time keeps the NEON enabled throughout the execution of the crypto API methods, which may include calls back into the crypto API that could result in memory allocation or other actions that we should avoid when running with preemption disabled. Since then, we have optimized the kernel mode NEON handling, which now restores lazily (upon return to userland), and so the preserve action is only costly the first time it is called after entering the kernel. So let's put the kernel_neon_begin() and kernel_neon_end() calls around the actual invocations of the NEON crypto code, and run the remainder of the code with kernel mode NEON disabled (and preemption enabled) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/aes-bs - move kernel mode neon en/disable into loopArd Biesheuvel2018-03-161-19/+17
| | | | | | | | | | | | | | | | | | | | | | | When kernel mode NEON was first introduced on arm64, the preserve and restore of the userland NEON state was completely unoptimized, and involved saving all registers on each call to kernel_neon_begin(), and restoring them on each call to kernel_neon_end(). For this reason, the NEON crypto code that was introduced at the time keeps the NEON enabled throughout the execution of the crypto API methods, which may include calls back into the crypto API that could result in memory allocation or other actions that we should avoid when running with preemption disabled. Since then, we have optimized the kernel mode NEON handling, which now restores lazily (upon return to userland), and so the preserve action is only costly the first time it is called after entering the kernel. So let's put the kernel_neon_begin() and kernel_neon_end() calls around the actual invocations of the NEON crypto code, and run the remainder of the code with kernel mode NEON disabled (and preemption enabled) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/aes-blk - move kernel mode neon en/disable into loopArd Biesheuvel2018-03-163-102/+97
| | | | | | | | | | | | | | | | | | | | | | | | | | | When kernel mode NEON was first introduced on arm64, the preserve and restore of the userland NEON state was completely unoptimized, and involved saving all registers on each call to kernel_neon_begin(), and restoring them on each call to kernel_neon_end(). For this reason, the NEON crypto code that was introduced at the time keeps the NEON enabled throughout the execution of the crypto API methods, which may include calls back into the crypto API that could result in memory allocation or other actions that we should avoid when running with preemption disabled. Since then, we have optimized the kernel mode NEON handling, which now restores lazily (upon return to userland), and so the preserve action is only costly the first time it is called after entering the kernel. So let's put the kernel_neon_begin() and kernel_neon_end() calls around the actual invocations of the NEON crypto code, and run the remainder of the code with kernel mode NEON disabled (and preemption enabled) Note that this requires some reshuffling of the registers in the asm code, because the XTS routines can no longer rely on the registers to retain their contents between invocations. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: arm64/aes-ce-ccm - move kernel mode neon en/disable into loopArd Biesheuvel2018-03-161-24/+23
| | | | | | | | | | | | | | | | | | | | | | | When kernel mode NEON was first introduced on arm64, the preserve and restore of the userland NEON state was completely unoptimized, and involved saving all registers on each call to kernel_neon_begin(), and restoring them on each call to kernel_neon_end(). For this reason, the NEON crypto code that was introduced at the time keeps the NEON enabled throughout the execution of the crypto API methods, which may include calls back into the crypto API that could result in memory allocation or other actions that we should avoid when running with preemption disabled. Since then, we have optimized the kernel mode NEON handling, which now restores lazily (upon return to userland), and so the preserve action is only costly the first time it is called after entering the kernel. So let's put the kernel_neon_begin() and kernel_neon_end() calls around the actual invocations of the NEON crypto code, and run the remainder of the code with kernel mode NEON disabled (and preemption enabled) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - add a new test case for CRC-T10DIFArd Biesheuvel2018-03-161-0/+259
| | | | | | | | | | In order to be able to test yield support under preempt, add a test vector for CRC-T10DIF that is long enough to take multiple iterations (and thus possible preemption between them) of the primary loop of the accelerated x86 and arm64 implementations. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: ecc - Remove stack VLA usageKees Cook2018-03-161-6/+17
| | | | | | | | | | | | | On the quest to remove all VLAs from the kernel[1], this switches to a pair of kmalloc regions instead of using the stack. This also moves the get_random_bytes() after all allocations (and drops the needless "nbytes" variable). [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: ccp - Validate buffer lengths for copy operationsGary R Hook2018-03-161-30/+78
| | | | | | | | | | The CCP driver copies data between scatter/gather lists and DMA buffers. The length of the requested copy operation must be checked against the available destination buffer length. Reported-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name> Signed-off-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: hash - Prevent use of req->result in ahash updateKamil Konieczny2018-03-161-4/+7
| | | | | | | | | Prevent improper use of req->result field in ahash update, init, export and import functions in drivers code. A driver should use ahash request context if it needs to save internal state. Signed-off-by: Kamil Konieczny <k.konieczny@partner.samsung.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: virtio - remove dependency on CRYPTO_AUTHENCPeter Wu2018-03-162-2/+0
| | | | | | | | | | virtio_crypto does not use function crypto_authenc_extractkeys, remove this unnecessary dependency. Compiles fine and passes cryptodev-linux cipher and speed tests from https://wiki.qemu.org/Features/VirtioCrypto Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Signed-off-by: Peter Wu <peter@lekensteyn.nl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - introduce SM4 testsGilad Ben-Yossef2018-03-163-0/+143
| | | | | | | Add testmgr tests for the newly introduced SM4 ECB symmetric cipher. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: sm4 - introduce SM4 symmetric cipher algorithmGilad Ben-Yossef2018-03-164-0/+298
| | | | | | | | | | | | | | | | Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016). SM4 (GBT.32907-2016) is a cryptographic standard issued by the Organization of State Commercial Administration of China (OSCCA) as an authorized cryptographic algorithms for the use within China. SMS4 was originally created for use in protecting wireless networks, and is mandated in the Chinese National Standard for Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure) (GB.15629.11-2003). Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: chelsio -Split Hash requests for large scatter gather listHarsh Jain2018-03-164-108/+298
| | | | | | | | Send multiple WRs to H/W when No. of entries received in scatter list cannot be sent in single request. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: chelsio - Fix iv passed in fallback path for rfc3686Harsh Jain2018-03-161-1/+1
| | | | | | | We use ctr(aes) to fallback rfc3686(ctr) request. Send updated IV to fallback path. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: chelsio - Update IV before sending request to HWHarsh Jain2018-03-161-8/+11
| | | | | | | | | CBC Decryption requires Last Block as IV. In case src/dst buffer are same last block will be replaced by plain text. This patch copies the Last Block before sending request to HW. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: chelsio - Fix src buffer dma lengthHarsh Jain2018-03-161-5/+12
| | | | | | | ulptx header cannot have length > 64k. Adjust length accordingly. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: chelsio - Use kernel round function to align lengthsHarsh Jain2018-03-162-40/+34
| | | | | | | Replace DIV_ROUND_UP to roundup or rounddown Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* hwrng: mxc-rnga - add driver support on boards with device treeVladimir Zapolskiy2018-03-161-9/+14
| | | | | | | | | | | | The driver works well on i.MX31 powered boards with device description taken from board device tree, the only change to add to the driver is the missing OF device id, the affected list of included headers and indentation in platform driver struct are beautified a little. Signed-off-by: Vladimir Zapolskiy <vz@mleia.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Kim Phillips <kim.phillips@arm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>