#
a8d3cdcc |
|
21-Sep-2023 |
Gaurav Jain <gaurav.jain@nxp.com> |
crypto: caam/jr - fix Chacha20 + Poly1305 self test failure key buffer is not copied in chachapoly_setkey function, results in wrong output for encryption/decryption operation. fix this by memcpy the key in caam_ctx key arrary Fixes: d6bbd4eea243 ("crypto: caam/jr - add support for Chacha20 + Poly1305") Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
623814c0 |
|
13-Aug-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Use new crypto_engine_op interface Use the new crypto_engine_op interface where the callback is stored in the algorithm object. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4ac1a2d8 |
|
13-Aug-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Include internal/engine.h Inlucde internal/engine.h because this driver uses directly accesses attributes inside struct crypto_engine. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ae1dd17d |
|
05-Apr-2023 |
Horia GeantA <horia.geanta@nxp.com> |
crypto: caam - reduce page 0 regs access to minimum Use job ring register map, in place of controller register map to access page 0 registers, as access to the controller register map is not permitted. Signed-off-by: Horia GeantA <horia.geanta@nxp.com> Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Reviewed-by: Varun Sethi <v.sethi@nxp.com> Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
660ca947 |
|
27-Feb-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Fix edesc/iv ordering mixup The attempt to add DMA alignment padding by moving IV to the front of edesc was completely broken as it didn't change the places where edesc was freed. It's also wrong as the IV may still share a cache-line with the edesc. Fix this by restoring the original layout and simply reserving enough memmory so that the IV is on a DMA cache-line by itself. Reported-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Fixes: 199354d7fb6e ("crypto: caam - Remove GFP_DMA and add DMA alignment padding") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
199354d7 |
|
29-Dec-2022 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Remove GFP_DMA and add DMA alignment padding GFP_DMA does not guarantee that the returned memory is aligned for DMA. It should be removed where it is superfluous. However, kmalloc may start returning DMA-unaligned memory in future so fix this by adding the alignment by hand. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4cb4f7c1 |
|
24-Nov-2022 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Set DMA alignment explicitly This driver has been implicitly relying on kmalloc alignment to be sufficient for DMA. This may no longer be the case with upcoming arm64 changes. This patch changes it to explicitly request DMA alignment from the Crypto API. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
087e1d71 |
|
22-Nov-2021 |
Gaurav Jain <gaurav.jain@nxp.com> |
crypto: caam - save caam memory to support crypto engine retry mechanism. When caam queue is full (-ENOSPC), caam frees descriptor memory. crypto-engine checks if retry support is true and h/w queue is full(-ENOSPC), then requeue the crypto request. During processing the requested descriptor again, caam gives below error. (caam_jr 30902000.jr: 40000006: DECO: desc idx 0: Invalid KEY Command). This patch adds a check to return when caam input ring is full and retry support is true. so descriptor memory is not freed and requeued request can be processed again. Fixes: 2d653936eb2cf ("crypto: caam - enable crypto-engine retry mechanism") Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ab95bd2a |
|
01-Nov-2020 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix printing on xts fallback allocation error path At the time xts fallback tfm allocation fails the device struct hasn't been enabled yet in the caam xts tfm's private context. Fix this by using the device struct from xts algorithm's private context or, when not available, by replacing dev_err with pr_err. Fixes: 9d9b14dbe077 ("crypto: caam/jr - add fallback for XTS with more than 8B IV") Fixes: 83e8aa912138 ("crypto: caam/qi - add fallback for XTS with more than 8B IV") Fixes: 36e2d7cfdcf1 ("crypto: caam/qi2 - add fallback for XTS with more than 8B IV") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
78eebbfa |
|
22-Sep-2020 |
Andrei Botila <andrei.botila@nxp.com> |
crypto: caam/jr - add support for XTS with 16B IV Newer CAAM versions (Era 9+) support 16B IVs. Since for these devices the HW limitation is no longer present newer version should process the requests containing 16B IVs directly in hardware without using a fallback. Signed-off-by: Andrei Botila <andrei.botila@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
297b931c |
|
22-Sep-2020 |
Andrei Botila <andrei.botila@nxp.com> |
crypto: caam - add xts check for block length equal to zero XTS should not return succes when dealing with block length equal to zero. This is different than the rest of the skcipher algorithms. Fixes: 31bb2f0da1b50 ("crypto: caam - check zero-length input") Cc: <stable@vger.kernel.org> # v5.4+ Signed-off-by: Andrei Botila <andrei.botila@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
c91f7348 |
|
22-Sep-2020 |
Andrei Botila <andrei.botila@nxp.com> |
crypto: caam/jr - add support for more XTS key lengths CAAM accelerator only supports XTS-AES-128 and XTS-AES-256 since it adheres strictly to the standard. All the other key lengths are accepted and processed through a fallback as long as they pass the xts_verify_key() checks. Fixes: c6415a6016bf ("crypto: caam - add support for acipher xts(aes)") Cc: <stable@vger.kernel.org> # v4.4+ Signed-off-by: Andrei Botila <andrei.botila@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
9d9b14db |
|
22-Sep-2020 |
Andrei Botila <andrei.botila@nxp.com> |
crypto: caam/jr - add fallback for XTS with more than 8B IV A hardware limitation exists for CAAM until Era 9 which restricts the accelerator to IVs with only 8 bytes. When CAAM has a lower era a fallback is necessary to process 16 bytes IV. Fixes: c6415a6016bf ("crypto: caam - add support for acipher xts(aes)") Cc: <stable@vger.kernel.org> # v4.4+ Signed-off-by: Andrei Botila <andrei.botila@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
da6a6685 |
|
22-Jul-2020 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - silence .setkey in case of bad key length In case of bad key length, driver emits "key size mismatch" messages, but only for xts(aes) algorithms. Reduce verbosity by making them visible only when debugging. This way crypto fuzz testing log cleans up a bit. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
b8aa7dc5 |
|
10-Jul-2020 |
Mikulas Patocka <mpatocka@redhat.com> |
crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY Set the flag CRYPTO_ALG_ALLOCATES_MEMORY in the crypto drivers that allocate memory. drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c: sun8i_ce_cipher drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c: sun8i_ss_cipher drivers/crypto/amlogic/amlogic-gxl-core.c: meson_cipher drivers/crypto/axis/artpec6_crypto.c: artpec6_crypto_common_init drivers/crypto/bcm/cipher.c: spu_skcipher_rx_sg_create drivers/crypto/caam/caamalg.c: aead_edesc_alloc drivers/crypto/caam/caamalg_qi.c: aead_edesc_alloc drivers/crypto/caam/caamalg_qi2.c: aead_edesc_alloc drivers/crypto/caam/caamhash.c: hash_digest_key drivers/crypto/cavium/cpt/cptvf_algs.c: process_request drivers/crypto/cavium/nitrox/nitrox_aead.c: nitrox_process_se_request drivers/crypto/cavium/nitrox/nitrox_skcipher.c: nitrox_process_se_request drivers/crypto/ccp/ccp-crypto-aes-cmac.c: ccp_do_cmac_update drivers/crypto/ccp/ccp-crypto-aes-galois.c: ccp_crypto_enqueue_request drivers/crypto/ccp/ccp-crypto-aes-xts.c: ccp_crypto_enqueue_request drivers/crypto/ccp/ccp-crypto-aes.c: ccp_crypto_enqueue_request drivers/crypto/ccp/ccp-crypto-des3.c: ccp_crypto_enqueue_request drivers/crypto/ccp/ccp-crypto-sha.c: ccp_crypto_enqueue_request drivers/crypto/chelsio/chcr_algo.c: create_cipher_wr drivers/crypto/hisilicon/sec/sec_algs.c: sec_alloc_and_fill_hw_sgl drivers/crypto/hisilicon/sec2/sec_crypto.c: sec_alloc_req_id drivers/crypto/inside-secure/safexcel_cipher.c: safexcel_queue_req drivers/crypto/inside-secure/safexcel_hash.c: safexcel_ahash_enqueue drivers/crypto/ixp4xx_crypto.c: ablk_perform drivers/crypto/marvell/cesa/cipher.c: mv_cesa_skcipher_dma_req_init drivers/crypto/marvell/cesa/hash.c: mv_cesa_ahash_dma_req_init drivers/crypto/marvell/octeontx/otx_cptvf_algs.c: create_ctx_hdr drivers/crypto/n2_core.c: n2_compute_chunks drivers/crypto/picoxcell_crypto.c: spacc_sg_to_ddt drivers/crypto/qat/qat_common/qat_algs.c: qat_alg_skcipher_encrypt drivers/crypto/qce/skcipher.c: qce_skcipher_async_req_handle drivers/crypto/talitos.c : talitos_edesc_alloc drivers/crypto/virtio/virtio_crypto_algs.c: __virtio_crypto_skcipher_do_req drivers/crypto/xilinx/zynqmp-aes-gcm.c: zynqmp_aes_aead_cipher Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> [EB: avoid overly-long lines] Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
eeedb618 |
|
16-Jul-2020 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Remove broken arc4 support The arc4 algorithm requires storing state in the request context in order to allow more than one encrypt/decrypt operation. As this driver does not seem to do that, it means that using it for more than one operation is broken. Fixes: eaed71a44ad9 ("crypto: caam - add ecb(*) support") Link: https://lore.kernel.org/linux-crypto/CAMj1kXGvMe_A_iQ43Pmygg9xaAM-RLy=_M=v+eg--8xNmv9P+w@mail.gmail.com Link: https://lore.kernel.org/linux-crypto/20200702101947.682-1-ardb@kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
55b3209a |
|
07-Apr-2020 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - fix the address of the last entry of S/G For skcipher algorithms, the input, output HW S/G tables look like this: [IV, src][dst, IV] Now, we can have 2 conditions here: - there is no IV; - src and dst are equal (in-place encryption) and scattered and the error is an "off-by-one" in the HW S/G table. This issue was seen with KASAN: BUG: KASAN: slab-out-of-bounds in skcipher_edesc_alloc+0x95c/0x1018 Read of size 4 at addr ffff000022a02958 by task cryptomgr_test/321 CPU: 2 PID: 321 Comm: cryptomgr_test Not tainted 5.6.0-rc1-00165-ge4ef8383-dirty #4 Hardware name: LS1046A RDB Board (DT) Call trace: dump_backtrace+0x0/0x260 show_stack+0x14/0x20 dump_stack+0xe8/0x144 print_address_description.isra.11+0x64/0x348 __kasan_report+0x11c/0x230 kasan_report+0xc/0x18 __asan_load4+0x90/0xb0 skcipher_edesc_alloc+0x95c/0x1018 skcipher_encrypt+0x84/0x150 crypto_skcipher_encrypt+0x50/0x68 test_skcipher_vec_cfg+0x4d4/0xc10 test_skcipher_vec+0x178/0x1d8 alg_test_skcipher+0xec/0x230 alg_test.part.44+0x114/0x4a0 alg_test+0x1c/0x60 cryptomgr_test+0x34/0x58 kthread+0x1b8/0x1c0 ret_from_fork+0x10/0x18 Allocated by task 321: save_stack+0x24/0xb0 __kasan_kmalloc.isra.10+0xc4/0xe0 kasan_kmalloc+0xc/0x18 __kmalloc+0x178/0x2b8 skcipher_edesc_alloc+0x21c/0x1018 skcipher_encrypt+0x84/0x150 crypto_skcipher_encrypt+0x50/0x68 test_skcipher_vec_cfg+0x4d4/0xc10 test_skcipher_vec+0x178/0x1d8 alg_test_skcipher+0xec/0x230 alg_test.part.44+0x114/0x4a0 alg_test+0x1c/0x60 cryptomgr_test+0x34/0x58 kthread+0x1b8/0x1c0 ret_from_fork+0x10/0x18 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff000022a02800 which belongs to the cache dma-kmalloc-512 of size 512 The buggy address is located 344 bytes inside of 512-byte region [ffff000022a02800, ffff000022a02a00) The buggy address belongs to the page: page:fffffe00006a8000 refcount:1 mapcount:0 mapping:ffff00093200c400 index:0x0 compound_mapcount: 0 flags: 0xffff00000010200(slab|head) raw: 0ffff00000010200 dead000000000100 dead000000000122 ffff00093200c400 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff000022a02800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff000022a02880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff000022a02900: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc ^ ffff000022a02980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff000022a02a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Fixes: 334d37c9e263 ("crypto: caam - update IV using HW support") Cc: <stable@vger.kernel.org> # v5.3+ Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
5ed1e8b8 |
|
06-Apr-2020 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - fix use-after-free KASAN issue for AEAD algorithms Here's the KASAN report: BUG: KASAN: use-after-free in aead_crypt_done+0x60/0xd8 Read of size 1 at addr ffff00002303f014 by task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc1-00162-gfcb90d5 #58 Hardware name: LS1046A RDB Board (DT) Call trace: dump_backtrace+0x0/0x260 show_stack+0x14/0x20 dump_stack+0xe8/0x144 print_address_description.isra.11+0x64/0x348 __kasan_report+0x11c/0x230 kasan_report+0xc/0x18 __asan_load1+0x5c/0x68 aead_crypt_done+0x60/0xd8 caam_jr_dequeue+0x390/0x608 tasklet_action_common.isra.13+0x1ec/0x230 tasklet_action+0x24/0x30 efi_header_end+0x1a4/0x370 irq_exit+0x114/0x128 __handle_domain_irq+0x80/0xe0 gic_handle_irq+0x50/0xa0 el1_irq+0xb8/0x180 _raw_spin_unlock_irq+0x2c/0x78 finish_task_switch+0xa4/0x2f8 __schedule+0x3a4/0x890 schedule_idle+0x28/0x50 do_idle+0x22c/0x338 cpu_startup_entry+0x24/0x40 rest_init+0xf8/0x10c arch_call_rest_init+0xc/0x14 start_kernel+0x774/0x7b4 Allocated by task 263: save_stack+0x24/0xb0 __kasan_kmalloc.isra.10+0xc4/0xe0 kasan_kmalloc+0xc/0x18 __kmalloc+0x178/0x2b8 aead_edesc_alloc+0x1b4/0xbf0 ipsec_gcm_encrypt+0xd4/0x140 crypto_aead_encrypt+0x50/0x68 test_aead_vec_cfg+0x498/0xec0 test_aead_vec+0x110/0x200 alg_test_aead+0xfc/0x680 alg_test.part.44+0x114/0x4a0 alg_test+0x1c/0x60 cryptomgr_test+0x34/0x58 kthread+0x1b8/0x1c0 ret_from_fork+0x10/0x18 Freed by task 0: save_stack+0x24/0xb0 __kasan_slab_free+0x10c/0x188 kasan_slab_free+0x10/0x18 kfree+0x7c/0x298 aead_crypt_done+0x58/0xd8 caam_jr_dequeue+0x390/0x608 tasklet_action_common.isra.13+0x1ec/0x230 tasklet_action+0x24/0x30 efi_header_end+0x1a4/0x370 The buggy address belongs to the object at ffff00002303f000 which belongs to the cache dma-kmalloc-128 of size 128 The buggy address is located 20 bytes inside of 128-byte region [ffff00002303f000, ffff00002303f080) The buggy address belongs to the page: page:fffffe00006c0fc0 refcount:1 mapcount:0 mapping:ffff00093200c000 index:0x0 flags: 0xffff00000000200(slab) raw: 0ffff00000000200 dead000000000100 dead000000000122 ffff00093200c000 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff00002303ef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff00002303ef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff00002303f000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff00002303f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff00002303f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Fixes: 1c2402266713 ("crypto: caam - add crypto_engine support for AEAD algorithms") Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
5af4e8d4 |
|
06-Apr-2020 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - fix use-after-free KASAN issue for SKCIPHER algorithms Here's the KASAN report: BUG: KASAN: use-after-free in skcipher_crypt_done+0xe8/0x1a8 Read of size 1 at addr ffff00002304001c by task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc1-00162-gfcb90d5 #57 Hardware name: LS1046A RDB Board (DT) Call trace: dump_backtrace+0x0/0x260 show_stack+0x14/0x20 dump_stack+0xe8/0x144 print_address_description.isra.11+0x64/0x348 __kasan_report+0x11c/0x230 kasan_report+0xc/0x18 __asan_load1+0x5c/0x68 skcipher_crypt_done+0xe8/0x1a8 caam_jr_dequeue+0x390/0x608 tasklet_action_common.isra.13+0x1ec/0x230 tasklet_action+0x24/0x30 efi_header_end+0x1a4/0x370 irq_exit+0x114/0x128 __handle_domain_irq+0x80/0xe0 gic_handle_irq+0x50/0xa0 el1_irq+0xb8/0x180 _raw_spin_unlock_irq+0x2c/0x78 finish_task_switch+0xa4/0x2f8 __schedule+0x3a4/0x890 schedule_idle+0x28/0x50 do_idle+0x22c/0x338 cpu_startup_entry+0x24/0x40 rest_init+0xf8/0x10c arch_call_rest_init+0xc/0x14 start_kernel+0x774/0x7b4 Allocated by task 263: save_stack+0x24/0xb0 __kasan_kmalloc.isra.10+0xc4/0xe0 kasan_kmalloc+0xc/0x18 __kmalloc+0x178/0x2b8 skcipher_edesc_alloc+0x21c/0x1018 skcipher_encrypt+0x84/0x150 crypto_skcipher_encrypt+0x50/0x68 test_skcipher_vec_cfg+0x4d4/0xc10 test_skcipher_vec+0xf8/0x1d8 alg_test_skcipher+0xec/0x230 alg_test.part.44+0x114/0x4a0 alg_test+0x1c/0x60 cryptomgr_test+0x34/0x58 kthread+0x1b8/0x1c0 ret_from_fork+0x10/0x18 Freed by task 0: save_stack+0x24/0xb0 __kasan_slab_free+0x10c/0x188 kasan_slab_free+0x10/0x18 kfree+0x7c/0x298 skcipher_crypt_done+0xe0/0x1a8 caam_jr_dequeue+0x390/0x608 tasklet_action_common.isra.13+0x1ec/0x230 tasklet_action+0x24/0x30 efi_header_end+0x1a4/0x370 The buggy address belongs to the object at ffff000023040000 which belongs to the cache dma-kmalloc-512 of size 512 The buggy address is located 28 bytes inside of 512-byte region [ffff000023040000, ffff000023040200) The buggy address belongs to the page: page:fffffe00006c1000 refcount:1 mapcount:0 mapping:ffff00093200c400 index:0x0 compound_mapcount: 0 flags: 0xffff00000010200(slab|head) raw: 0ffff00000010200 dead000000000100 dead000000000122 ffff00093200c400 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff00002303ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff00002303ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff000023040000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff000023040080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff000023040100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: ee38767f152a ("crypto: caam - support crypto_engine framework for SKCIPHER algorithms") Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
5a8a0765 |
|
24-Feb-2020 |
Gustavo A. R. Silva <gustavo@embeddedor.com> |
crypto: Replace zero-length array with flexible-array member The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1c240226 |
|
12-Feb-2020 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - add crypto_engine support for AEAD algorithms Add crypto_engine support for AEAD algorithms, to make use of the engine queue. The requests, with backlog flag, will be listed into crypto-engine queue and processed by CAAM when free. If sending just the backlog request to crypto-engine, and non-blocking directly to CAAM, the latter requests have a better chance to be executed since JR has up to 1024 entries, more than the 10 entries from crypto-engine. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ee38767f |
|
12-Feb-2020 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - support crypto_engine framework for SKCIPHER algorithms Integrate crypto_engine into CAAM, to make use of the engine queue. Add support for SKCIPHER algorithms. This is intended to be used for CAAM backlogging support. The requests, with backlog flag (e.g. from dm-crypt) will be listed into crypto-engine queue and processed by CAAM when free. This changes the return codes for enqueuing a request: -EINPROGRESS if OK, -EBUSY if request is backlogged (via crypto-engine), -ENOSPC if the queue is full, -EIO if it cannot map the caller's descriptor. The requests, with backlog flag, will be listed into crypto-engine queue and processed by CAAM when free. Only the backlog request are sent to crypto-engine since the others can be handled by CAAM, if free, especially since JR has up to 1024 entries (more than the 10 entries from crypto-engine). Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4d370a10 |
|
12-Feb-2020 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - change return code in caam_jr_enqueue function Based on commit 6b80ea389a0b ("crypto: change transient busy return code to -ENOSPC"), change the return code of caam_jr_enqueue function to -EINPROGRESS, in case of success, -ENOSPC in case the CAAM is busy (has no space left in job ring queue), -EIO if it cannot map the caller's descriptor. Update, also, the cases for resource-freeing for each algorithm type. This is done for later use, on backlogging support in CAAM. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
b7f17fe2 |
|
12-Feb-2020 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - refactor skcipher/aead/gcm/chachapoly {en,de}crypt functions Create a common crypt function for each skcipher/aead/gcm/chachapoly algorithms and call it for encrypt/decrypt with the specific boolean - true for encrypt and false for decrypt. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
674f368a |
|
30-Dec-2019 |
Eric Biggers <ebiggers@google.com> |
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to make the ->setkey() functions provide more information about errors. However, no one actually checks for this flag, which makes it pointless. Also, many algorithms fail to set this flag when given a bad length key. Reviewing just the generic implementations, this is the case for aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309, rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably many more in arch/*/crypto/ and drivers/crypto/. Some algorithms can even set this flag when the key is the correct length. For example, authenc and authencesn set it when the key payload is malformed in any way (not just a bad length), the atmel-sha and ccree drivers can set it if a memory allocation fails, and the chelsio driver sets it for bad auth tag lengths, not just bad key lengths. So even if someone actually wanted to start checking this flag (which seems unlikely, since it's been unused for a long time), there would be a lot of work needed to get it working correctly. But it would probably be much better to go back to the drawing board and just define different return values, like -EINVAL if the key is invalid for the algorithm vs. -EKEYREJECTED if the key was rejected by a policy like "no weak keys". That would be much simpler, less error-prone, and easier to test. So just remove this flag. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1a3daadc |
|
20-Aug-2019 |
Andrey Smirnov <andrew.smirnov@gmail.com> |
crypto: caam - make CAAM_PTR_SZ dynamic In order to be able to configure CAAM pointer size at run-time, which needed to support i.MX8MQ, which is 64-bit SoC with 32-bit pointer size, convert CAAM_PTR_SZ to refer to a global variable of the same name ("caam_ptr_sz") and adjust the rest of the code accordingly. No functional change intended. Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com> Cc: Chris Spencer <christopher.spencer@sea.co.uk> Cc: Cory Tusar <cory.tusar@zii.aero> Cc: Chris Healy <cphealy@gmail.com> Cc: Lucas Stach <l.stach@pengutronix.de> Cc: Horia Geantă <horia.geanta@nxp.com> Cc: Aymen Sghaier <aymen.sghaier@nxp.com> Cc: Leonard Crestez <leonard.crestez@nxp.com> Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a628c5a1 |
|
14-Aug-2019 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: caam/des - switch to new verification routines Cc: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
e9b4913a |
|
31-Jul-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix MDHA key derivation for certain user key lengths Fuzz testing uncovered an issue when |user key| > |derived key|. Derived key generation has to be fixed in two cases: 1. Era >= 6 (DKP is available) DKP cannot be used with immediate input key if |user key| > |derived key|, since the resulting descriptor (after DKP execution) would be invalid - having a few bytes from user key left in descriptor buffer as incorrect opcodes. Fix DKP usage both in standalone hmac and in authenc algorithms. For authenc the logic is simplified, by always storing both virtual and dma key addresses. 2. Era < 6 The same case (|user key| > |derived key|) fails when DKP is not available. Make sure gen_split_key() dma maps max(|user key|, |derived key|), since this is an in-place (bidirectional) operation. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
31bb2f0d |
|
31-Jul-2019 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - check zero-length input Check zero-length input, for skcipher algorithm, to solve the extra tests. This is a valid operation, therefore the API will return no error. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
fcd23ed5 |
|
31-Jul-2019 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - check assoclen Check assoclen to solve the extra tests that expect -EINVAL to be returned when the associated data size is not valid. Validated assoclen for RFC4106 and RFC4543 which expects an assoclen of 16 or 20. Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof IP Header (spi, seq_no, extended seq_no) and IV len. This can be 16 or 20 bytes. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
68a51394 |
|
31-Jul-2019 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - check authsize Check authsize to solve the extra tests that expect -EINVAL to be returned when the authentication tag size is not valid. Validated authsize for GCM, RFC4106 and RFC4543. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
836d8f43 |
|
31-Jul-2019 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - check key length Check key length to solve the extra tests that expect -EINVAL to be returned when the key size is not valid. Validated AES keylen for skcipher, ahash and aead. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1ccb39eb |
|
31-Jul-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - update IV only when crypto operation succeeds skcipher encryption might fail and in some cases, like (invalid) input length smaller then block size, updating the IV would lead to a useless IV copy in case hardware issued an error. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1984aaee |
|
31-Jul-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix return code in completion callbacks Modify drive to provide a valid errno (and not the HW error ID) to the user, via completion callbacks. A "valid errno" is currently not explicitly mentioned in the docs, however the error code is expected to match the one returned by the generic SW implementation. Note: in most error cases caam/qi and caam/qi2 returned -EIO; align all caam drivers to return -EINVAL. While here, ratelimit prints triggered by fuzz testing, such that console is not flooded. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
334d37c9 |
|
10-Jun-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - update IV using HW support Modify drivers to perform skcipher IV update using the crypto engine, instead of performing the operation in SW. Besides being more efficient, this also fixes IV update for CTR mode. Output HW S/G table is appended with an entry pointing to the same IV buffer used as input (which is now mapped BIDIRECTIONAL). AS (Algorithm State) parameter of the OPERATION command is changed from INIFINAL to INIT in descriptors used by ctr(aes), cbc(aes). This is needed since in case FINAL bit is set, HW skips IV updating in the Context Register for the last data block. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
059d73ee |
|
10-Jun-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - use len instead of nents for bulding HW S/G table Currently, conversion of SW S/G table into HW S/G layout relies on nents returned by sg_nents_for_len(sg, len). However this leaves the possibility of HW S/G referencing more data then needed: since buffer length in HW S/G entries is filled using sg_dma_len(sg), the last entry in HW S/G table might have a length that is bigger than needed for the crypto request. This way of S/G table conversion is fine, unless after converting a table more entries have to be appended to the HW S/G table. In this case, crypto engine would access data from the S/G entry having the incorrect length, instead of advancing in the S/G table. This situation doesn't exist, but the upcoming implementation of IV update for skcipher algorithms needs to add a S/G entry after req->dst S/G (corresponding to output IV). Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ed527b13 |
|
31-May-2019 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue The CAAM driver currently violates an undocumented and slightly controversial requirement imposed by the crypto stack that a buffer referred to by the request structure via its virtual address may not be modified while any scatterlists passed via the same request structure are mapped for inbound DMA. This may result in errors like alg: aead: decryption failed on test 1 for gcm_base(ctr-aes-caam,ghash-generic): ret=74 alg: aead: Failed to load transform for gcm(aes): -2 on non-cache coherent systems, due to the fact that the GCM driver passes an IV buffer by virtual address which shares a cacheline with the auth_tag buffer passed via a scatterlist, resulting in corruption of the auth_tag when the IV is updated while the DMA mapping is live. Since the IV that is returned to the caller is only valid for CBC mode, and given that the in-kernel users of CBC (such as CTS) don't trigger the same issue as the GCM driver, let's just disable the output IV generation for all modes except CBC for the time being. Fixes: 854b06f76879 ("crypto: caam - properly set IV after {en,de}crypt") Cc: Horia Geanta <horia.geanta@nxp.com> Cc: Iuliana Prodan <iuliana.prodan@nxp.com> Reported-by: Sascha Hauer <s.hauer@pengutronix.de> Cc: <stable@vger.kernel.org> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
8a82451b |
|
23-May-2019 |
Sascha Hauer <s.hauer@pengutronix.de> |
crypto: caam - print messages in caam_dump_sg at debug level caam_dump_sg() is only compiled in when DEBUG is defined, hence the messages are debug messages. Remove the @level argument from caam_dump_sg() and print all messages at debug level. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
6e005503 |
|
23-May-2019 |
Sascha Hauer <s.hauer@pengutronix.de> |
crypto: caam - print debug messages at debug level The CAAM driver used to put its debug messages inside #ifdef DEBUG and then prints the messages at KERN_ERR level. Replace this with proper functions printing at KERN_DEBUG level. The #ifdef DEBUG gets unnecessary when the right functions are used. This replaces: - print_hex_dump(KERN_ERR ...) inside #ifdef DEBUG with print_hex_dump_debug(...) - dev_err() inside #ifdef DEBUG with dev_dbg() - printk(KERN_ERR ...) inside #ifdef DEBUG with dev_dbg() Some parts of the driver use these functions already, so it is only consequent to use the debug function consistently. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
32f75e67 |
|
23-May-2019 |
Sascha Hauer <s.hauer@pengutronix.de> |
crypto: caam - remove unused defines The CAAM driver defines its own debug() macro, but it is unused. Remove it. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
f6b99b6e |
|
23-May-2019 |
Sascha Hauer <s.hauer@pengutronix.de> |
crypto: caam - print IV only when non NULL Since eaed71a44ad9 ("crypto: caam - add ecb(*) support") the IV can be NULL, so only dump it when it's non NULL as designated by the ivsize variable. Fixes: eaed71a44ad9 ("crypto: caam - add ecb(*) support") Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
bb992bc4 |
|
16-May-2019 |
Sascha Hauer <s.hauer@pengutronix.de> |
crypto: caam - print debugging hex dumps after unmapping For encryption the destination pointer was still mapped, so the hex dump may be wrong. The IV still contained the input IV while printing instead of the output IV as intended. For decryption the destination pointer was still mapped, so the hex dump may be wrong. The IV dump was correct. Do the hex dumps consistenly after the buffers have been unmapped and in case of IV copied to their final destination. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1b46c90c |
|
03-May-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - convert top level drivers to libraries Currently we allow top level code, i.e. that which sits between the low level (HW-specific) drivers and crypto API, to be built as several drivers: caamalg, caamhash, caam_pkc, caamrng, caamalg_qi. There is no advantage in this, more it interferes with adding support for deferred probing (there are no corresponding devices and thus no bus). Convert these drivers and call init() / exit() manually at the right time. Move algorithms initialization at JR probe / remove time: -the first probed JR registers the crypto algs -the last removed JR unregisters the crypto algs Note: caam_qi_init() is called before JR platform devices creation (of_populate_bus()), such that QI interface is initialized when the caam/qi algorithms are registered in the JR driver (by calling caam_qi_algapi_init(). While here, fix the Kconfig entries under CRYPTO_DEV_FSL_CAAM_JR to be aligned. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a5e5c133 |
|
03-May-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix S/G table passing page boundary According to CAAM RM: -crypto engine reads 4 S/G entries (64 bytes) at a time, even if the S/G table has fewer entries -it's the responsibility of the user / programmer to make sure this HW behaviour has no side effect The drivers do not take care of this currently, leading to IOMMU faults when the S/G table ends close to a page boundary - since only one page is DMA mapped, while CAAM's DMA engine accesses two pages. Fix this by rounding up the number of allocated S/G table entries to a multiple of 4. Note that in case of two *contiguous* S/G tables, only the last table might needs extra entries. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
dcd9c76e |
|
03-May-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - avoid S/G table fetching for AEAD zero-length output When enabling IOMMU support, the following issue becomes visible in the AEAD zero-length case. Even though the output sequence length is set to zero, the crypto engine tries to prefetch 4 S/G table entries (since SGF bit is set in SEQ OUT PTR command - which is either generated in SW in case of caam/jr or in HW in case of caam/qi, caam/qi2). The DMA read operation will trigger an IOMMU fault since the address in the SEQ OUT PTR is "dummy" (set to zero / not obtained via DMA API mapping). 1. In case of caam/jr, avoid the IOMMU fault by clearing the SGF bit in SEQ OUT PTR command. 2. In case of caam/qi - setting address, bpid, length to zero for output entry in the compound frame has a special meaning (cf. CAAM RM): "Output frame = Unspecified, Input address = Y. A unspecified frame is indicated by an unused SGT entry (an entry in which the Address, Length, and BPID fields are all zero). SEC obtains output buffers from BMan as prescribed by the preheader." Since no output buffers are needed, modify the preheader by setting (ABS = 1, ADDBUF = 0): -"ABS = 1 means obtain the number of buffers in ADDBUF (0 or 1) from the pool POOL ID" -ADDBUF: "If ABS is set, ADD BUF specifies whether to allocate a buffer or not" 3. In case of caam/qi2, since engine: -does not support FLE[FMT]=2'b11 ("unused" entry) mentioned in DPAA2 RM -requires output entry to be present, even if not used the solution chosen is to leave output frame list entry zeroized. Fixes: 763069ba49d3 ("crypto: caam - handle zero-length AEAD output") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
24586b5f |
|
06-May-2019 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - fix DKP detection logic The detection for DKP (Derived Key Protocol) relied on the value of the setkey function. This was broken by the recent change which added des3_aead_setkey. This patch fixes this by introducing a new flag for DKP and setting that where needed. Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") Reported-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Tested-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
df80bfd3 |
|
16-Apr-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam/jr - update gcm detection logic GCM detection logic has to change for two reasons: -some CAAM instantiations with Era < 10, even though they have AES LP, they now support GCM mode -Era 10 upwards, there is a dedicated bit in AESA_VERSION[AESA_MISC] field for GCM support For Era 9 and earlier, all AES accelerator versions support GCM, except for AES LP (CHAVID_LS[AESVID]=3) with revision CRNR[AESRN] < 8. For Era 10 and later, bit 9 of the AESA_VERSION register should be used to detect GCM support in AES accelerator. Note: caam/qi and caam/qi2 are drivers for QI (Queue Interface), which is used in DPAA-based SoCs; for now, we rely on CAAM having an AES HP and this AES accelerator having support for GCM. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1b52c409 |
|
11-Apr-2019 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Forbid 2-key 3DES in FIPS mode This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Tested-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
00e87449 |
|
01-Mar-2019 |
Wen Yang <yellowriver2010@hotmail.com> |
crypto: caam - add missing put_device() call The of_find_device_by_node() takes a reference to the underlying device structure, we should release that reference. Fixes: 35af64038623 ("crypto: caam - Check for CAAM block presence before registering with crypto layer") Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms") Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Wen Yang <yellowriver2010@hotmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
cf64e495 |
|
08-Feb-2019 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - weak key checking for cbc des, 3des Modify setkey callback for cbc des and 3des to check for weak keys. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
eaed71a4 |
|
08-Feb-2019 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - add ecb(*) support Add ecb mode support for aes, des, 3des and arc4 ciphers. ecb(*) reuses existing skcipher implementation, updating it with support for no IV. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ba4cf71b |
|
08-Feb-2019 |
Iuliana Prodan <iuliana.prodan@nxp.com> |
crypto: caam - use mapped_{src,dst}_nents for job descriptor The mapped_{src,dst}_nents _returned_ from the dma_map_sg call (which could be less than src/dst_nents) have to be used to generate the aead, skcipher job descriptors. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
42e95d1f |
|
01-Feb-2019 |
Pankaj Gupta <pankaj.gupta@nxp.com> |
crypto: caam - fixed handling of sg list when the source sg contains more than 1 fragment and destination sg contains 1 fragment, the caam driver mishandle the buffers to be sent to caam. Fixes: f2147b88b2b1 ("crypto: caam - Convert GCM to new AEAD interface") Cc: <stable@vger.kernel.org> # 4.2+ Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Signed-off-by: Arun Pathak <arun.pathak@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
763069ba |
|
22-Jan-2019 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - handle zero-length AEAD output Recent AEAD changes in testmgr framework introduced by commit a0d608ee5ebf ("crypto: testmgr - unify the AEAD encryption and decryption test vectors") uncovered an error in the CAAM drivers, since they don't correctly handle the case when AEAD output length is zero. Add checks to avoid feeding zero-length req->dst to DMA API. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
2dd3fde4 |
|
21-Dec-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix SHA support detection The addition of Chacha20 + Poly1305 authenc support inadvertently broke detection of algorithms supported by MDHA (Message Digest Hardware Accelerator), fix it. Fixes: d6bbd4eea243 ("crypto: caam/jr - add support for Chacha20 + Poly1305") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1ca1b917 |
|
16-Nov-2018 |
Eric Biggers <ebiggers@google.com> |
crypto: chacha20-generic - refactor to allow varying number of rounds In preparation for adding XChaCha12 support, rename/refactor chacha20-generic to support different numbers of rounds. The justification for needing XChaCha12 support is explained in more detail in the patch "crypto: chacha - add XChaCha12 support". The only difference between ChaCha{8,12,20} are the number of rounds itself; all other parts of the algorithm are the same. Therefore, remove the "20" from all definitions, structures, functions, files, etc. that will be shared by all ChaCha versions. Also make ->setkey() store the round count in the chacha_ctx (previously chacha20_ctx). The generic code then passes the round count through to chacha_block(). There will be a ->setkey() function for each explicitly allowed round count; the encrypt/decrypt functions will be the same. I decided not to do it the opposite way (same ->setkey() function for all round counts, with different encrypt/decrypt functions) because that would have required more boilerplate code in architecture-specific implementations of ChaCha and XChaCha. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
c10a5336 |
|
08-Nov-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam/qi2 - add support for Chacha20 + Poly1305 Add support for Chacha20 + Poly1305 combined AEAD: -generic (rfc7539) -IPsec (rfc7634 - known as rfc7539esp in the kernel) Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
d6bbd4ee |
|
08-Nov-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam/jr - add support for Chacha20 + Poly1305 Add support for Chacha20 + Poly1305 combined AEAD: -generic (rfc7539) -IPsec (rfc7634 - known as rfc7539esp in the kernel) Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
d239b10d |
|
08-Nov-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - add register map changes cf. Era 10 Era 10 changes the register map. The updates that affect the drivers: -new version registers are added -DBG_DBG[deco_state] field is moved to a new register - DBG_EXEC[19:16] @ 8_0E3Ch. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
618b5dc4 |
|
10-Oct-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - add SPDX license identifier to all files Previously, a tree-wide change added SPDX license identifiers to files lacking licensing information: b24413180f56 ("License cleanup: add SPDX GPL-2.0 license identifier to files with no license") To be consistent update the rest of the files: -files with license specified by means of MODULE_LICENSE() -files with complete license text -Kconfig Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
13cc6f48 |
|
14-Sep-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic In some cases the zero-length hw_desc array at the end of ablkcipher_edesc struct requires for 4B of tail padding. Due to tail padding and the way pointers to S/G table and IV are computed: edesc->sec4_sg = (void *)edesc + sizeof(struct ablkcipher_edesc) + desc_bytes; iv = (u8 *)edesc->hw_desc + desc_bytes + sec4_sg_bytes; first 4 bytes of IV are overwritten by S/G table. Update computation of pointer to S/G table to rely on offset of hw_desc member and not on sizeof() operator. Cc: <stable@vger.kernel.org> # 4.13+ Fixes: 115957bb3e59 ("crypto: caam - fix IV DMA mapping and updating") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
9dbe3072 |
|
06-Aug-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam/qi - ablkcipher -> skcipher conversion Convert driver from deprecated ablkcipher API to skcipher. Link: https://www.mail-archive.com/search?l=mid&q=20170728085622.GC19664@gondor.apana.org.au Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
5ca7badb |
|
06-Aug-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam/jr - ablkcipher -> skcipher conversion Convert driver from deprecated ablkcipher API to skcipher. Link: https://www.mail-archive.com/search?l=mid&q=20170728085622.GC19664@gondor.apana.org.au Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
cf5448b5 |
|
06-Aug-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam/jr - remove ablkcipher IV generation IV generation is done only at AEAD level. Support in ablkcipher is not needed, thus remove the dead code. Link: https://www.mail-archive.com/search?l=mid&q=20160901101257.GA3362@gondor.apana.org.au Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
115957bb |
|
28-Mar-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix IV DMA mapping and updating There are two IV-related issues: (1) crypto API does not guarantee to provide an IV buffer that is DMAable, thus it's incorrect to DMA map it (2) for in-place decryption, since ciphertext is overwritten with plaintext, updated req->info will contain the last block of plaintext (instead of the last block of ciphertext) While these two issues could be fixed separately, it's straightforward to fix both in the same time - by allocating extra space in the ablkcipher_edesc for the IV that will be fed to the crypto engine; this allows for fixing (2) by saving req->src[last_block] in req->info directly, i.e. without allocating another temporary buffer. A side effect of the fix is that it's no longer possible to have the IV and req->src contiguous. Code checking for this case is removed. Cc: <stable@vger.kernel.org> # 4.13+ Fixes: 854b06f76879 ("crypto: caam - properly set IV after {en,de}crypt") Link: http://lkml.kernel.org/r/20170113084620.GF22022@gondor.apana.org.au Reported-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a38acd23 |
|
28-Mar-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix DMA mapping dir for generated IV In case of GIVCIPHER, IV is generated by the device. Fix the DMA mapping direction. Cc: <stable@vger.kernel.org> # 3.19+ Fixes: 7222d1a34103 ("crypto: caam - add support for givencrypt cbc(aes) and rfc3686(ctr(aes))") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
61dab972 |
|
22-Mar-2018 |
Tudor-Dan Ambarus <tudor.ambarus@microchip.com> |
crypto: caam - don't leak pointers to authenc keys In caam's aead_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
87ec3a0b |
|
29-Jan-2018 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - prepare for gcm(aes) support over QI interface Update gcm(aes) descriptors (generic, rfc4106 and rfc4543) such that they would also work when submitted via the QI interface. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
7e0880b9 |
|
18-Dec-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - add Derived Key Protocol (DKP) support Offload split key generation in CAAM engine, using DKP. DKP is supported starting with Era 6. Note that the way assoclen is transmitted from the job descriptor to the shared descriptor changes - DPOVRD register is used instead of MATH3 (where available), since DKP protocol thrashes the MATH registers. The replacement of MDHA split key generation with DKP has the side effect of the crypto engine writing the authentication key, and thus the DMA mapping direction for the buffer holding the key has to change from DMA_TO_DEVICE to DMA_BIDIRECTIONAL. There are two cases: -key is inlined in descriptor - descriptor buffer mapping changes -key is referenced - key buffer mapping changes Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
662f70ed |
|
18-Dec-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - remove needless ablkcipher key copy ablkcipher shared descriptors are relatively small, thus there is enough space for the key to be inlined. Accordingly, there is no need to copy the key in ctx->key. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
7545e166 |
|
22-Aug-2017 |
Corentin LABBE <clabbe.montjoie@gmail.com> |
crypto: caam - Use GCM IV size constant This patch replace GCM IV size value by their constant name. Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
972b812b |
|
09-Jul-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam/qi - fix compilation with DEBUG enabled caam/qi driver does not compile when DEBUG is enabled (CRYPTO_DEV_FSL_CAAM_DEBUG=y): drivers/crypto/caam/caamalg_qi.c: In function 'ablkcipher_done': drivers/crypto/caam/caamalg_qi.c:794:2: error: implicit declaration of function 'dbg_dump_sg' [-Werror=implicit-function-declaration] dbg_dump_sg(KERN_ERR, "dst @" __stringify(__LINE__)": ", Since dbg_dump_sg() is shared between caam/jr and caam/qi, move it in a shared location and export it. At the same time: -reduce ifdeferry by providing a no-op implementation for !DEBUG case -rename it to caam_dump_sg() to be consistent in terms of exported symbols namespace (caam_*) Cc: <stable@vger.kernel.org> Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
854b06f7 |
|
28-Jun-2017 |
David Gstir <david@sigma-star.at> |
crypto: caam - properly set IV after {en,de}crypt Certain cipher modes like CTS expect the IV (req->info) of ablkcipher_request (or equivalently req->iv of skcipher_request) to contain the last ciphertext block when the {en,de}crypt operation is done. This is currently not the case for the CAAM driver which in turn breaks e.g. cts(cbc(aes)) when the CAAM driver is enabled. This patch fixes the CAAM driver to properly set the IV after the {en,de}crypt operation of ablkcipher finishes. This issue was revealed by the changes in the SW CTS mode in commit 0605c41cc53ca ("crypto: cts - Convert to skcipher") Cc: <stable@vger.kernel.org> # 4.8+ Signed-off-by: David Gstir <david@sigma-star.at> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
019d62db |
|
19-Jun-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix gfp allocation flags (part II) This is the 2nd part of fixing the usage of GFP_KERNEL for memory allocations, taking care off all the places that haven't caused a real problem / failure. Again, the issue being fixed is that GFP_KERNEL should be used only when MAY_SLEEP flag is set, i.e. MAY_BACKLOG flag usage is orthogonal. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
42cfcafb |
|
19-Jun-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix gfp allocation flags (part I) Changes in the SW cts (ciphertext stealing) code in commit 0605c41cc53ca ("crypto: cts - Convert to skcipher") revealed a problem in the CAAM driver: when cts(cbc(aes)) is executed and cts runs in SW, cbc(aes) is offloaded in CAAM; cts encrypts the last block in atomic context and CAAM incorrectly decides to use GFP_KERNEL for memory allocation. Fix this by allowing GFP_KERNEL (sleeping) only when MAY_SLEEP flag is set, i.e. remove MAY_BACKLOG flag. We split the fix in two parts - first is sent to -stable, while the second is not (since there is no known failure case). Link: http://lkml.kernel.org/g/20170602122446.2427-1-david@sigma-star.at Cc: <stable@vger.kernel.org> # 4.8+ Reported-by: David Gstir <david@sigma-star.at> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
b189817c |
|
16-Mar-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam/qi - add ablkcipher and authenc algorithms Add support to submit ablkcipher and authenc algorithms via the QI backend: -ablkcipher: cbc({aes,des,des3_ede}) ctr(aes), rfc3686(ctr(aes)) xts(aes) -authenc: authenc(hmac(md5),cbc({aes,des,des3_ede})) authenc(hmac(sha*),cbc({aes,des,des3_ede})) caam/qi being a new driver, let's wait some time to settle down without interfering with existing caam/jr driver. Accordingly, for now all caam/qi algorithms (caamalg_qi module) are marked to be of lower priority than caam/jr ones (caamalg module). Signed-off-by: Vakul Garg <vakul.garg@nxp.com> Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
bbf22344 |
|
10-Feb-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix DMA API leaks for multiple setkey() calls setkey() callback may be invoked multiple times for the same tfm. In this case, DMA API leaks are caused by shared descriptors (and key for caamalg) being mapped several times and unmapped only once. Fix this by performing mapping / unmapping only in crypto algorithm's cra_init() / cra_exit() callbacks and sync_for_device in the setkey() tfm callback. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
838e0a89 |
|
10-Feb-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - use dma_map_sg() return code dma_map_sg() might coalesce S/G entries, so use the number of S/G entries returned by it instead of what sg_nents_for_len() initially returns. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
fa0c92db |
|
10-Feb-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - replace sg_count() with sg_nents_for_len() Replace internal sg_count() function and the convoluted logic around it with the standard sg_nents_for_len() function. src_nents, dst_nents now hold the number of SW S/G entries, instead of the HW S/G table entries. With this change, null (zero length) input data for AEAD case needs to be handled in a visible way. req->src is no longer (un)mapped, pointer address is set to 0 in SEQ IN PTR command. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
fd144d83 |
|
10-Feb-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - check sg_count() return value sg_count() internally calls sg_nents_for_len(), which could fail in case the required number of bytes is larger than the total bytes in the S/G. Thus, add checks to validate the input. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
fd88aac9 |
|
10-Feb-2017 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix HW S/G in ablkcipher_giv_edesc_alloc() HW S/G generation does not work properly when the following conditions are met: -src == dst -src/dst is S/G -IV is right before (contiguous with) the first src/dst S/G entry since "iv_contig" is set to true (iv_contig is a misnomer here and it actually refers to the whole output being contiguous) Fix this by setting dst S/G nents equal to src S/G nents, instead of leaving it set to init value (0). Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
9c0bc511 |
|
30-Nov-2016 |
Arnd Bergmann <arnd@arndb.de> |
crypto: caam - pass key buffers with typesafe pointers The 'key' field is defined as a 'u64' and used for two different pieces of information: either to store a pointer or a dma_addr_t. The former leads to a build error on 32-bit machines: drivers/crypto/caam/caamalg_desc.c: In function 'cnstr_shdsc_aead_null_encap': drivers/crypto/caam/caamalg_desc.c:67:27: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] drivers/crypto/caam/caamalg_desc.c: In function 'cnstr_shdsc_aead_null_decap': drivers/crypto/caam/caamalg_desc.c:143:27: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] Using a union to provide correct types gets rid of the warnings and as well as a couple of redundant casts. Fixes: db57656b0072 ("crypto: caam - group algorithm related params") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
6655cb8e |
|
22-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - consolidate split key length computation Move split key length and padded length computation from caamalg.c and caamhash.c to key_gen.c. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
8cea7b66 |
|
22-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - refactor encryption descriptors generation Refactor the generation of the authenc, ablkcipher shared descriptors and exports the functionality, such that they could be shared with the upcoming caam/qi (Queue Interface) driver. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
281669df |
|
22-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - rewrite some generic inline append cmds A few descriptor commands are generated using generic inline append "append_cmd" function. Rewrite them using specific inline append functions. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4cbe79cc |
|
22-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - improve key inlining For authenc / stitched AEAD algorithms, check independently each of the two (authentication, encryption) keys whether inlining is possible. Prioritize the inlining of the authentication key, since the length of the (split) key is bigger than that of the encryption key. For the other algorithms, compute only once per tfm the remaining available bytes and decide whether key inlining is possible based on this. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
488ebc3a |
|
22-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - remove superfluous alg_op algorithm param Information carried by alg_op can be deduced from adata->algtype plus some fixed flags. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
db57656b |
|
22-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - group algorithm related params In preparation of factoring out the shared descriptors, struct alginfo is introduced to group the algorithm related parameters. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
64c9295b |
|
22-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - move append_key_aead() into init_sh_desc_key_aead() append_key_aead() is used in only one place, thus inline it. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a5a40d46 |
|
25-Oct-2016 |
Arnd Bergmann <arnd@arndb.de> |
crypto: caam - fix type mismatch warning Building the caam driver on arm64 produces a harmless warning: drivers/crypto/caam/caamalg.c:140:139: warning: comparison of distinct pointer types lacks a cast We can use min_t to tell the compiler which type we want it to use here. Fixes: 5ecf8ef9103c ("crypto: caam - fix sg dump") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
c73e36e8 |
|
09-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix DMA API mapping leak in ablkcipher code alkcipher_edesc_alloc() and ablkcipher_giv_edesc_alloc() don't free / unmap resources on error path: - dmap_map_sg() could fail, thus make sure the return value is checked - unmap DMA mappings in case of error Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4ca7c7d8 |
|
09-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - trivial code clean-up -replace offsetof with container_of -remove unused "assoc_nents", "iv_dma" from aead_edesc and fix comments -remove unused CAAM_MAX_IV_LENGTH #define Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1b008eed |
|
09-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - remove unused command from aead givencrypt REG3 no longer needs to be updated, since it's not used after that. This shared descriptor command is a leftover of the conversion to AEAD interface. Fixes: 479bcc7c5b9e1 "crypto: caam - Convert authenc to new AEAD interface" Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
00fef2b2 |
|
09-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - remove unused may_sleep in dbg_dump_sg() Fixes: 5ecf8ef9103cb "crypto: caam - fix sg dump" Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
c530e341 |
|
09-Nov-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix smatch warnings Fix the following smatch warnings: drivers/crypto/caam/caamalg.c:2350 aead_edesc_alloc() warn: we tested 'src_nents' before and it was 'true' drivers/crypto/caam/caamrng.c:351 caam_rng_init() error: no modifiers for allocation. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
d128af17 |
|
09-Nov-2016 |
Alex Porosanu <alexandru.porosanu@nxp.com> |
crypto: caam - fix AEAD givenc descriptors The AEAD givenc descriptor relies on moving the IV through the output FIFO and then back to the CTX2 for authentication. The SEQ FIFO STORE could be scheduled before the data can be read from OFIFO, especially since the SEQ FIFO LOAD needs to wait for the SEQ FIFO LOAD SKIP to finish first. The SKIP takes more time when the input is SG than when it's a contiguous buffer. If the SEQ FIFO LOAD is not scheduled before the STORE, the DECO will hang waiting for data to be available in the OFIFO so it can be transferred to C2. In order to overcome this, first force transfer of IV to C2 by starting the "cryptlen" transfer first and then starting to store data from OFIFO to the output buffer. Fixes: 1acebad3d8db8 ("crypto: caam - faster aead implementation") Cc: <stable@vger.kernel.org> # 3.2+ Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
83d2c9a9 |
|
07-Nov-2016 |
Sven Ebenfeld <sven.ebenfeld@gmail.com> |
crypto: caam - do not register AES-XTS mode on LP units When using AES-XTS on a Wandboard, we receive a Mode error: caam_jr 2102000.jr1: 20001311: CCB: desc idx 19: AES: Mode error. According to the Security Reference Manual, the Low Power AES units of the i.MX6 do not support the XTS mode. Therefore we must not register XTS implementations in the Crypto API. Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Cc: <stable@vger.kernel.org> # 4.4+ Fixes: c6415a6016bf "crypto: caam - add support for acipher xts(aes)" Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
d69985a0 |
|
25-Oct-2016 |
Arnd Bergmann <arnd@arndb.de> |
crypto: caam - fix type mismatch warning Building the caam driver on arm64 produces a harmless warning: drivers/crypto/caam/caamalg.c:140:139: warning: comparison of distinct pointer types lacks a cast We can use min_t to tell the compiler which type we want it to use here. Fixes: 5ecf8ef9103c ("crypto: caam - fix sg dump") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
5ecf8ef9 |
|
22-Sep-2016 |
Catalin Vasile <cata.vasile@nxp.com> |
crypto: caam - fix sg dump Ensure scatterlists have a virtual memory mapping before dumping. Signed-off-by: Catalin Vasile <cata.vasile@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
5ba1c7b5 |
|
31-Aug-2016 |
Catalin Vasile <cata.vasile@nxp.com> |
crypto: caam - fix rfc3686(ctr(aes)) IV load -nonce is being loaded using append_load_imm_u32() instead of append_load_as_imm() (nonce is a byte array / stream, not a 4-byte variable) -counter is not being added in big endian format, as mandatated by RFC3686 and expected by the crypto engine Signed-off-by: Catalin Vasile <cata.vasile@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
8b18e235 |
|
29-Aug-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix IV loading for authenc (giv)decryption For algorithms that implement IV generators before the crypto ops, the IV needed for decryption is initially located in req->src scatterlist, not in req->iv. Avoid copying the IV into req->iv by modifying the (givdecrypt) descriptors to load it directly from req->src. aead_givdecrypt() is no longer needed and goes away. Cc: <stable@vger.kernel.org> # 4.3+ Fixes: 479bcc7c5b9e ("crypto: caam - Convert authenc to new AEAD interface") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
2fdea258 |
|
04-Aug-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - defer aead_set_sh_desc in case of zero authsize To be able to generate shared descriptors for AEAD, the authentication size needs to be known. However, there is no imposed order of calling .setkey, .setauthsize callbacks. Thus, in case authentication size is not known at .setkey time, defer it until .setauthsize is called. The authsize != 0 check was incorrectly removed when converting the driver to the new AEAD interface. Cc: <stable@vger.kernel.org> # 4.3+ Fixes: 479bcc7c5b9e ("crypto: caam - Convert authenc to new AEAD interface") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1d2d87e8 |
|
04-Aug-2016 |
Horia Geantă <horia.geanta@nxp.com> |
crypto: caam - fix echainiv(authenc) encrypt shared descriptor There are a few things missed by the conversion to the new AEAD interface: 1 - echainiv(authenc) encrypt shared descriptor The shared descriptor is incorrect: due to the order of operations, at some point in time MATH3 register is being overwritten. 2 - buffer used for echainiv(authenc) encrypt shared descriptor Encrypt and givencrypt shared descriptors (for AEAD ops) are mutually exclusive and thus use the same buffer in context state: sh_desc_enc. However, there's one place missed by s/sh_desc_givenc/sh_desc_enc, leading to errors when echainiv(authenc(...)) algorithms are used: DECO: desc idx 14: Header Error. Invalid length or parity, or certain other problems. While here, also fix a typo: dma_mapping_error() is checking for validity of sh_desc_givenc_dma instead of sh_desc_enc_dma. Cc: <stable@vger.kernel.org> # 4.3+ Fixes: 479bcc7c5b9e ("crypto: caam - Convert authenc to new AEAD interface") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
c6415a60 |
|
02-Oct-2015 |
Catalin Vasile <catalin.vasile@freescale.com> |
crypto: caam - add support for acipher xts(aes) Add support for AES working in XEX-based Tweaked-codebook mode with ciphertext Stealing (XTS) sector index - HW limitation: CAAM device supports sector index of only 8 bytes to be used for sector index inside IV, instead of whole 16 bytes received on request. This represents 2 ^ 64 = 16,777,216 Tera of possible values for sector index. Signed-off-by: Cristian Hristea <cristi.hristea@gmail.com> Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
13fb8fd7 |
|
23-Sep-2015 |
LABBE Corentin <clabbe.montjoie@gmail.com> |
crypto: caam - dma_map_sg can handle chained SG The caam driver use two dma_map_sg path according to SG are chained or not. Since dma_map_sg can handle both case, clean the code with all references to sg chained. Thus removing dma_map_sg_chained, dma_unmap_sg_chained and __sg_count functions. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
9c4f9733 |
|
21-Aug-2015 |
Fabio Estevam <fabio.estevam@freescale.com> |
crypto: caam - Use the preferred style for memory allocations "The preferred form for passing a size of a struct is the following: p = kmalloc(sizeof(*p), ...); .... The preferred form for allocating a zeroed array is the following: p = kcalloc(n, sizeof(...), ...); " ,so do as suggested. Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Reviewed-by: Horia Geant? <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
5e4b8c1f |
|
13-Aug-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag This patch removes the CRYPTO_ALG_AEAD_NEW flag now that everyone has been converted. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
bf83490e |
|
05-Aug-2015 |
Victoria Milhoan <vicki.milhoan@freescale.com> |
crypto: caam - Detect hardware features during algorithm registration Register only algorithms supported by CAAM hardware, using the CHA version and instantiation registers to identify hardware capabilities. Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com> Tested-by: Horia Geantă <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
dde20ae9 |
|
05-Aug-2015 |
Victoria Milhoan <vicki.milhoan@freescale.com> |
crypto: caam - Change kmalloc to kzalloc to avoid residual data Since fields must be ORed in to operate correctly using any order of operations, changed allocations of the combination of extended descriptor structs + hardware scatterlists to use kzalloc() instead of kmalloc(), so as to ensure that residue data would not be ORed in with the correct data. Signed-off-by: Steve Cornelius <steve.cornelius@freescale.com> Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com> Tested-by: Horia Geantă <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
479bcc7c |
|
30-Jul-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Convert authenc to new AEAD interface This patch converts the authenc implementations in caam to the new AEAD interface. The biggest change is that seqiv no longer generates a random IV. Instead the IPsec sequence number is used as the IV. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4aad0cc5 |
|
30-Jul-2015 |
Horia Geant? <horia.geanta@freescale.com> |
crypto: caam - fix rfc4106 encap shared descriptor The encap shared descriptor was changed to use the new IV convention. In the process some commands were shifted, making the output length zero, caam effectively writing garbage in dst. While here, update the decap descriptor to execute the "write" commands before the "read"s (as it previously was). This makes sure the input fifo is drained before becoming full. Fixes: 46218750d523 ("crypto: caam - Use new IV convention") Signed-off-by: Horia Geant? <horia.geanta@freescale.com> Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
46218750 |
|
08-Jul-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Use new IV convention This patch converts rfc4106 to the new calling convention where the IV is now part of the AD and needs to be skipped. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
7793bda8 |
|
18-Jun-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Set last bit on src SG list The new aead_edesc_alloc left out the bit indicating the last entry on the source SG list. This patch fixes it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
87e51b07 |
|
18-Jun-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Reintroduce DESC_MAX_USED_BYTES I incorrectly removed DESC_MAX_USED_BYTES when enlarging the size of the shared descriptor buffers, thus making it four times larger than what is necessary. This patch restores the division by four calculation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
f2147b88 |
|
15-Jun-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Convert GCM to new AEAD interface This patch converts the caam GCM implementations to the new AEAD interface. This is compile-tested only. Note that all IV generation for GCM algorithms have been removed. The reason is that the current generation uses purely random IVs which is not appropriate for counter-based algorithms where we first and foremost require uniqueness. Of course there is no reason why you couldn't implement seqiv or seqniv within caam since all they do is xor the sequence number with a salt, but since I can't test this on actual hardware I'll leave it alone for now. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
70c3c8a9 |
|
08-Jun-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Clamp AEAD SG list by input length Currently caam assumes that the SG list contains exactly the number of bytes required. This assumption is incorrect. Up until now this has been harmless. However with the new AEAD interface this now breaks as the AD SG list contains more bytes than just the AD. This patch fixes this by always clamping the AD SG list by the specified AD length. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ae13ed44 |
|
21-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Use old_aead_alg This patch replaces references to aead_alg with old_aead_alg. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
add86d55 |
|
11-May-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Remove unnecessary reference to crt_aead crt_aead is an internal implementation detail and must not be used outside of the crypto API itself. This patch replaces the unnecessary uses of crt_aead with crypto_aead_ivsize. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
d9b3682f |
|
21-Apr-2015 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: caam - Remove bogus references to crypto API internals The caam driver includes algorithm types that it doesn't even use, such as struct rng_alg which has recently been moved to an internal header file and consequently broke the build of caam. This patch removes these bogus references. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
35b82e55 |
|
21-Jan-2015 |
Cristian Stoica <cristian.stoica@freescale.com> |
crypto: caam - remove dead code - assoc_nents and src_nents are never zero when all_contig is false - iv_contig is zero on the else branch Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Reviewed-by: Richard Schmitt <richard.schmitt@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ff2c3a3b |
|
11-Nov-2014 |
Catalin Vasile <catalin.vasile@freescale.com> |
crypto: caam - add support for givencrypt cbc(des) and cbc(des3_ede) Merge DES Cipher Block Chaining mode (CBC) and Triple DES Cipher Block Chaining mode (CBC) algorithms from ablkcipher to givencrypt. Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
7222d1a3 |
|
30-Oct-2014 |
Catalin Vasile <catalin.vasile@freescale.com> |
crypto: caam - add support for givencrypt cbc(aes) and rfc3686(ctr(aes)) Add support for one-shot givencrypt algorithms. Givencrypt algorithms will generate their IV and encrypt data within the same shared job descriptors. Current algorithms merged from ablkcipher to givencrypt are: - AES Cipher Block Chaining (CBC) - AES Counter Mode (CTR) compliant with RFC3686 Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
daebc465 |
|
30-Oct-2014 |
Catalin Vasile <catalin.vasile@freescale.com> |
crypto: caam - add support for rfc3686 with authenc md5, sha1 and sha2 Add support for AES Counter Mode (CTR) compliant with RFC3686 to be used along with authenc algorithms (md5, sha1, sha224, sha256, sha384, sha512) as one-shot aead algorithms. Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a5f57cff |
|
30-Oct-2014 |
Catalin Vasile <catalin.vasile@freescale.com> |
crypto: caam - add support for rfc3686(ctr(aes)) Add support for Advanced Encryption Standard (AES) in Counter Mode (CTR) as provided in IPsec implementation standard RFC3686. ablkcipher shared descriptors now save context registers after job execution. This is used to load Nonce specific to RFC3686 only at first execution of shared job descriptor. Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
2b22f6c5 |
|
30-Oct-2014 |
Catalin Vasile <catalin.vasile@freescale.com> |
crypto: caam - add support for ctr(aes) Add support for AES working in Counter Mode Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
5d0429a3 |
|
30-Oct-2014 |
Tudor Ambarus <tudor.ambarus@freescale.com> |
crypto: caam - add support for rfc4543(gcm(aes)) Add AES-GMAC as an IPSec ESP mechanism to provide data origin authentication, but not confidentiality. This method is referred as ENCR_NULL_AUTH_AES_GMAC. Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
19167bfd |
|
24-Oct-2014 |
Tudor Ambarus <tudor.ambarus@freescale.com> |
crypto: caam - fix output sequence contiguity check This patch fixes the assumption that output sequence is not contiguous when input sequence is not contiguous and in-place encryption is done. Output sequence does not need to be contiguous with associated data. Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
bac68f2c |
|
23-Oct-2014 |
Tudor Ambarus <tudor.ambarus@freescale.com> |
crypto: caam - add support for rfc4106(gcm(aes)) Add Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) as an IPsec Encapsulating Security Payload (ESP) mechanism to provide confidentiality and data origin authentication. Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
3ef8d945 |
|
23-Oct-2014 |
Tudor Ambarus <tudor.ambarus@freescale.com> |
crypto: caam - add support for gcm(aes) Add support for AES working in Galois Counter Mode. There is a limitation related to IV size, similar to the one present in SW implementation (crypto/gcm.c): The only IV size allowed is 12 bytes. It will be padded by HW to the right with 0x0000_0001 (up to 16 bytes - AES block size), according to the GCM specification. Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a60384df |
|
11-Jul-2014 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - set DK (Decrypt Key) bit only for AES accelerator AES currently shares descriptor creation functions with DES and 3DES. DK bit is set in all cases, however it is valid only for the AES accelerator. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ce572085 |
|
11-Jul-2014 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - fix "failed to check map error" DMA warnings Use dma_mapping_error for every dma_map_single / dma_map_page. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Acked-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
71c65f7c |
|
11-Jul-2014 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - fix typo in dma_mapping_error dma_mapping_error checks for an incorrect DMA address: s/ctx->sh_desc_enc_dma/ctx->sh_desc_dec_dma Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Acked-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
35af6403 |
|
06-Jul-2014 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
crypto: caam - Check for CAAM block presence before registering with crypto layer The layer which registers with the crypto API should check for the presence of the CAAM device it is going to use. If the platform's device tree doesn't have the required CAAM node, the layer should return an error and not register the algorithms with crypto API layer. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1da2be33 |
|
23-Jun-2014 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
crypto: caam - Correct the dma mapping for sg table At few places in caamhash and caamalg, after allocating a dmable buffer for sg table , the buffer was being modified. As per definition of DMA_FROM_DEVICE ,afer allocation the memory should be treated as read-only by the driver. This patch shifts the allocation of dmable buffer for sg table after it is populated by the driver, making it read-only as per the DMA API's requirement. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
80cd88f2 |
|
09-May-2014 |
Vakul Garg <vakul@freescale.com> |
crypto: caam - reinitialize keys_fit_inline for decrypt and givencrypt Re-initialize keys_fit_inline to avoid using its stale encrypt() shared descriptor value prior to building descriptors for the decrypt() and givencrypt() cases. Signed-off-by: Vakul Garg <vakul@freescale.com> [reworded commit text, enhanced code readability] Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
fa9659cd |
|
24-Apr-2014 |
Marek Vasut <marex@denx.de> |
crypto: caam - Contain caam_jr_strstatus() ugliness The tentacles of this function were firmly attached to various places in the CAAM code. Just cut them, or this cthulhu function will sprout them anew. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ec31eed7 |
|
14-Mar-2014 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - add missing key_dma unmap (struct caam_ctx) ctx->key_dma needs to be unmapped when context is cleaned up. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ae4a825f |
|
14-Mar-2014 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - add support for aead null encryption Add support for the following combinations: -encryption: null -authentication: md5, sha* (1, 224, 256, 384, 512) Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4464a7d4 |
|
14-Mar-2014 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - remove error propagation handling Commit 61bb86bba169507a5f223b94b9176c32c84b4721 ("crypto: caam - set descriptor sharing type to SERIAL") changed the descriptor sharing mode from SHARE_WAIT to SHARE_SERIAL. All descriptor commands that handle the "ok to share" and "error propagation" settings should also go away, since they have no meaning for SHARE_SERIAL. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4e6e0b27 |
|
19-Dec-2013 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - simplify and harden key parsing Use the common helper function crypto_authenc_extractkeys() for key parsing. Also fix the key buffer overflow condition: use split key pad length instead of authentication key length. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
bbf9c893 |
|
28-Nov-2013 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - fix aead sglen for case 'dst != src' For aead case when source and destination buffers are different, there is an incorrect assumption that the source length includes the ICV length. Fix this, since it leads to an oops when using sg_count() to find the number of nents in the scatterlist: Unable to handle kernel paging request for data at address 0x00000004 Faulting instruction address: 0xf91f7634 Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=8 P4080 DS Modules linked in: caamalg(+) caam_jr caam CPU: 1 PID: 1053 Comm: cryptomgr_test Not tainted 3.11.0 #16 task: eeb24ab0 ti: eeafa000 task.ti: eeafa000 NIP: f91f7634 LR: f91f7f24 CTR: f91f7ef0 REGS: eeafbbc0 TRAP: 0300 Not tainted (3.11.0) MSR: 00029002 <CE,EE,ME> CR: 44044044 XER: 00000000 DEAR: 00000004, ESR: 00000000 GPR00: f91f7f24 eeafbc70 eeb24ab0 00000002 ee8e0900 ee8e0800 00000024 c45c4462 GPR08: 00000010 00000000 00000014 0c0e4000 24044044 00000000 00000000 c0691590 GPR16: eeab0000 eeb23000 00000000 00000000 00000000 00000001 00000001 eeafbcc8 GPR24: 000000d1 00000010 ee2d5000 ee49ea10 ee49ea10 ee46f640 ee46f640 c0691590 NIP [f91f7634] aead_edesc_alloc.constprop.14+0x144/0x780 [caamalg] LR [f91f7f24] aead_encrypt+0x34/0x288 [caamalg] Call Trace: [eeafbc70] [a1004000] 0xa1004000 (unreliable) [eeafbcc0] [f91f7f24] aead_encrypt+0x34/0x288 [caamalg] [eeafbcf0] [c020d77c] __test_aead+0x3ec/0xe20 [eeafbe20] [c020f35c] test_aead+0x6c/0xe0 [eeafbe40] [c020f420] alg_test_aead+0x50/0xd0 [eeafbe60] [c020e5e4] alg_test+0x114/0x2e0 [eeafbee0] [c020bd1c] cryptomgr_test+0x4c/0x60 [eeafbef0] [c0047058] kthread+0xa8/0xb0 [eeafbf40] [c000eb0c] ret_from_kernel_thread+0x5c/0x64 Instruction dump: 69084321 7d080034 5508d97e 69080001 0f080000 81290024 552807fe 0f080000 3a600001 5529003a 2f8a0000 40dd0028 <80e90004> 3ab50001 8109000c 70e30002 ---[ end trace b3c3e23925c7484e ]--- While here, add a tcrypt mode for making it easy to test authenc (needed for triggering case above). Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
cfc6f11b |
|
24-Oct-2013 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
crypto: caam - Modify the interface layers to use JR API's - Earlier interface layers - caamalg, caamhash, caamrng were directly using the Controller driver private structure to access the Job ring. - Changed the above to use alloc/free API's provided by Job Ring Drive Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: Garg Vakul-B16394 <vakul@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
313ea293 |
|
24-Oct-2013 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
crypto: caam - Add Platform driver for Job Ring The SEC Job Rings are now available as individual devices. This would enable sharing of job rings between kernel and user space. Job Rings can now be dynamically bound/unbound from kernel. Changes are made in the following layers of CAAM Driver 1. Controller driver - Does basic initialization of CAAM Block. - Creates platform devices for Job Rings. (Earlier the initialization of Job ring was done by the controller driver) 2. JobRing Platform driver - Manages the platform Job Ring devices created by the controller driver Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: Garg Vakul-B16394 <vakul@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
b2744dfd |
|
09-Sep-2013 |
Alex Porosanu <alexandru.porosanu@freescale.com> |
crypto: caam - fix hash, alg and rng registration if CAAM driver not initialized If the CAAM driver initialization failed (due to various reasons, e.g. RNG4 initialization failed), then the registration of hash/algorithms/rng shouldn't take place. This patch adds the necessary code to prevent this registration. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
514df281 |
|
14-Aug-2013 |
Alex Porosanu <alexandru.porosanu@freescale.com> |
crypto: caam - replace xstr macro with __stringify CAAM driver contains one macro (xstr) used for printing the line location in a file where a memdump is done. This patch replaces the xstr macro with the already existing __stringify macro that performs the same function. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
aa2faec1 |
|
10-Jul-2013 |
Vakul Garg <vakul@freescale.com> |
crypto: caam - Moved macro DESC_JOB_IO_LEN to desc_constr.h DESC_JOB_IO_LEN is a generic macro which indicates the space required in the descriptor for placing SEQIN/OUT commands, job descriptor header, shared descriptor pointer. Moving it to descriptor construction file which can be supposedly included by different algo offload files. Change-Id: Ic8900990d465e9079827b0c7fcacc61766d7efb6 Signed-off-by: Vakul Garg <vakul@freescale.com> Reviewed-by: Geanta Neag Horia Ioan-B05471 <horia.geanta@freescale.com> Reviewed-by: Fleming Andrew-AFLEMING <AFLEMING@freescale.com> Tested-by: Fleming Andrew-AFLEMING <AFLEMING@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
286233e6 |
|
10-May-2013 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - fix inconsistent assoc dma mapping direction req->assoc is dma mapped BIDIRECTIONAL and unmapped TO_DEVICE. Since it is read-only for the device, use TO_DEVICE both for mapping and unmapping. Cc: <stable@vger.kernel.org> # 3.9, 3.8 Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
cb7d5662 |
|
12-Mar-2013 |
Vakul Garg <vakul@freescale.com> |
crypto: caam - Fix missing init of '.type' in AEAD algos. Following AEAD algo templates are updated for '.type' initialization. (a) authenc(hmac(sha224),cbc(aes)) (b) authenc(hmac(sha384),cbc(aes)) (c) authenc(hmac(sha224),cbc(des3_ede)) (d) authenc(hmac(sha384),cbc(des3_ede)) (e) authenc(hmac(sha224),cbc(des)) (f) authenc(hmac(sha384),cbc(des)) Signed-off-by: Vakul Garg <vakul@freescale.com> Reviewed-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Andy Fleming <afleming@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
246bbedb |
|
20-Mar-2013 |
Horia Geanta <horia.geanta@freescale.com> |
Revert "crypto: caam - add IPsec ESN support" This reverts commit 891104ed008e8646c7860fe5bc70b0aac55dcc6c. Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha)) (separate encryption and integrity algorithms) does not conform to RFC4303. ICV is generated by hashing the sequence SPI, SeqNum-High, SeqNum-Low, IV, Payload instead of SPI, SeqNum-Low, IV, Payload, SeqNum-High. Cc: <stable@vger.kernel.org> # 3.8, 3.7 Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com> Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Reviewed-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
891104ed |
|
04-Sep-2012 |
Horia Geanta <horia.geanta@freescale.com> |
crypto: caam - add IPsec ESN support Support for ESNs (extended sequence numbers). Tested with strongswan by connecting back-to-back P1010RDB with P2020RDB. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
2af8f4a2 |
|
06-Sep-2012 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - coccicheck fixes use true/false for bool, fix code alignment, and fix two allocs with no test. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
61bb86bb |
|
13-Jul-2012 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - set descriptor sharing type to SERIAL SHARE_WAIT, whilst more optimal for association-less crypto, has the ability to start thrashing the CCB descriptor/key caches, given high levels of traffic across multiple security associations (and thus keys). Switch to using the SERIAL sharing type, which prefers the last used CCB for the SA. On a 2-DECO platform such as the P3041, this can improve performance by about 3.7%. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
643b39b0 |
|
22-Jun-2012 |
Yuan Kang <Yuan.Kang@freescale.com> |
crypto: caam - chaining support support chained scatterlists for aead, ablkcipher and ahash. Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com> - fix dma unmap leak - un-unlikely src == dst, due to experience with AF_ALG Signed-off-by: Kudupudi Ugendreshwar <B38865@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a299c837 |
|
22-Jun-2012 |
Yuan Kang <Yuan.Kang@freescale.com> |
crypto: caam - link_tbl rename - rename scatterlist and link_tbl functions - link_tbl changed to sec4_sg - sg_to_link_tbl_one changed to dma_to_sec4_sg_one, since no scatterlist is use Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4c1ec1f9 |
|
22-Jun-2012 |
Yuan Kang <Yuan.Kang@freescale.com> |
crypto: caam - refactor key_gen, sg create separate files for split key generation and scatterlist functions. Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
8009a383 |
|
22-Jun-2012 |
Yuan Kang <Yuan.Kang@freescale.com> |
crypto: caam - remove jr register/deregister remove caam_jr_register and caam_jr_deregister to allow sharing of job rings. Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
6ec47334 |
|
22-Jun-2012 |
Yuan Kang <Yuan.Kang@freescale.com> |
crypto: caam - support external seq in/out lengths functions for external storage of seq in/out lengths, i.e., for 32-bit lengths. These type-dependent functions automatically determine whether to store the length internally (embedded in the command header word) or externally (after the address pointer), based on size of the type given. Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
70d793cc |
|
22-Jun-2012 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - remove line continuations from ablkcipher_append_src_dst presumably leftovers from possible macro development. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a0ea0f6d |
|
21-Mar-2012 |
Shengzhou Liu <Shengzhou.Liu@freescale.com> |
crypto: caam - add backward compatible string sec4.0 In some device trees of previous version, there were string "fsl,sec4.0". To be backward compatible with device trees, we have CAAM driver first check "fsl,sec-v4.0", if it fails, then check for "fsl,sec4.0". Signed-off-by: Shengzhou Liu <Shengzhou.Liu@freescale.com> Acked-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
0113529f |
|
09-Jan-2012 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - be less noisy on startup sha224 and 384 support extends caam noise to 21 lines. Do the same as commit 5b859b6 "crypto: talitos - be less noisy on startup", but for caam, and display: caam ffe300000.crypto: fsl,sec-v4.0 algorithms registered in /proc/crypto Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
e863f9cc |
|
09-Jan-2012 |
Hemant Agrawal <hemant@freescale.com> |
crypto: caam - add sha224 and sha384 variants to existing AEAD algorithms Signed-off-by: Hemant Agrawal <hemant@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
d912bb76 |
|
01-Nov-2011 |
Nikos Mavrogiannopoulos <nmav@gnutls.org> |
crypto: Add CRYPTO_ALG_KERN_DRIVER_ONLY flag The added CRYPTO_ALG_KERN_DRIVER_ONLY indicates whether a cipher is only available via a kernel driver. If the cipher implementation might be available by using an instruction set or by porting the kernel code, then it must not be set. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a2ecb155 |
|
12-Dec-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - fix polarity of "propagate error" logic the polarity of the definition for error propagation was reverse in the initial desc.h. Fix desc.h and its users. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
8b4d43a4 |
|
21-Nov-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - add support for MD5 algorithm variants specifically, add these algorithm combinations: authenc-hmac-md5-cbc-aes-caam authenc-hmac-md5-cbc-des3_ede-caam authenc-hmac-md5-cbc-des-caam Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
acdca31d |
|
14-Jul-2011 |
Yuan Kang <Yuan.Kang@freescale.com> |
crypto: caam - ablkcipher support caam now supports encrypt and decrypt for aes, des and 3des Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
1acebad3 |
|
14-Jul-2011 |
Yuan Kang <Yuan.Kang@freescale.com> |
crypto: caam - faster aead implementation Job descriptors only contain header and seq pointers. Other commands are stored in separate shared descriptors for encrypt, decrypt and givencrypt, stored as arrays in caam_ctx. This requires additional macros to create math commands to calculate assoclen and cryptlen. Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
885e9e2f |
|
14-Jul-2011 |
Yuan Kang <Yuan.Kang@freescale.com> |
crypto: caam - structure renaming caam_ctx.key_phys to key_dma caam_alg_template supports multiple algorithm types listed in union, which requires cases for different types in function caam_alg_alloc Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
0e479300 |
|
14-Jul-2011 |
Yuan Kang <Yuan.Kang@freescale.com> |
crypto: caam - shorter names "aead_authenc" and "ipsec_esp" changed to "aead," except for function "ipsec_esp," which is changed to "init_aead_job." Variable name of aead_request structures changed to "req" and name of aead_givcrypt_request structure changed to "areq" Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
a18b989a |
|
25-May-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - fix operator precedence in shared descriptor allocation setkey allocates 16 bytes (CAAM_CMD_SZ * DESC_AEAD_SHARED_TEXT_LEN) shy of what is needed to store the shared descriptor, resulting in memory corruption. Fix this. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
4427b1b4 |
|
14-May-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - add support for sha512 variants of existing AEAD algorithms In doing so, sha512 sized keys would not fit with the current descriptor inlining mechanism, so we now calculate whether keys should be referenced instead by pointers in the shared descriptor. also, use symbols for descriptor text lengths, and, ahem, unmap and free key i/o memory in cra_exit. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
66664487 |
|
14-May-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - remove unused authkeylen from caam_ctx Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ddbb8088 |
|
14-May-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - fix decryption shared vs. non-shared key setting Key sharing is enabled by default in the shared descriptor. Using CBC decrypt, AES has to alter the key in order to decrypt. During high traffic decryption rates, i.e, when sharing starts to take place, we need to use a different OPERATION option to tell AES that the key was already altered by the PRIOR descriptor - we need the following kind of logic: if ( shared ) operation where AES uses decryption key (DK=1) else operation where AES uses encryption key (DK=0) this patch implements this logic using a conditional and a non-conditional local jump within the decryption job descriptor. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
de2954d6 |
|
02-May-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - fix printk recursion for long error texts during recent descriptor development, an Invalid Sequence Command error triggered a: BUG: recent printk recursion! due to insufficient memory allocated for the error text. The Invalid Sequence Command error text is the longest. The length of the maximum error string is computed as the sum of: "DECO: ": 6 "jump tgt desc idx 255: ": 23 Invalid Sequence Command text: 272 zero termination character: 1 i.e, 302 characters. Define this maximum error string length in error.h and fix caam_jr_strstatus callsites. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
701af31c |
|
02-May-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - remove unused keylen from session context Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
ec8e8dfe |
|
11-Apr-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - remove duplicate dev_err keep the hex error value reporting version (a) to be consistent with decrypt_done(), and (b) to keep our hardware guys happy. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
d37d36e3 |
|
11-Apr-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - remove WAIT-FOR-COMPLETIONs from givencrypt descriptor remains from descriptor debugging - not required for normal operation. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
b3b7f055 |
|
08-Apr-2011 |
Julia Lawall <julia@diku.dk> |
crypto: caam - introduce missing kfree Error handling code following a kmalloc should free the allocated data. The semantic match that finds the problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @r exists@ local idexpression x; statement S; expression E; identifier f,f1,l; position p1,p2; expression *ptr != NULL; @@ x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...); ... if (x == NULL) S <... when != x when != if (...) { <+...x...+> } ( x->f1 = E | (x->f1 == NULL || ...) | f(...,x->f1,...) ) ...> ( return \(0\|<+...x...+>\|ptr\); | return@p2 ...; ) @script:python@ p1 << r.p1; p2 << r.p2; @@ print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line) // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Acked-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
cdc712d8 |
|
23-Mar-2011 |
Dan Carpenter <error27@gmail.com> |
crypto: caam - dereferencing ERR_PTR on allocation failure t_alg is an ERR_PTR here so we can't dereference it. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
54e198d4 |
|
23-Mar-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - standardize device tree naming convention to utilize '-vX.Y' Help clarify that the number trailing in compatible nomenclature is the version number of the device, i.e., change: "fsl,p4080-sec4.0", "fsl,sec4.0"; to: "fsl,p4080-sec-v4.0", "fsl,sec-v4.0"; Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Cc: Kumar Gala <kumar.gala@freescale.com> Cc: Steve Cornelius <sec@pobox.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
#
8e8ec596 |
|
13-Mar-2011 |
Kim Phillips <kim.phillips@freescale.com> |
crypto: caam - Add support for the Freescale SEC4/CAAM The SEC4 supercedes the SEC2.x/3.x as Freescale's Integrated Security Engine. Its programming model is incompatible with all prior versions of the SEC (talitos). The SEC4 is also known as the Cryptographic Accelerator and Assurance Module (CAAM); this driver is named caam. This initial submission does not include support for Data Path mode operation - AEAD descriptors are submitted via the job ring interface, while the Queue Interface (QI) is enabled for use by others. Only AEAD algorithms are implemented at this time, for use with IPsec. Many thanks to the Freescale STC team for their contributions to this driver. Signed-off-by: Steve Cornelius <sec@pobox.com> Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|