platform/kernel/linux-rpi.git
4 years agocrypto: virtio - implement missing support for output IVs
Ard Biesheuvel [Sat, 9 Nov 2019 17:09:26 +0000 (18:09 +0100)]
crypto: virtio - implement missing support for output IVs

In order to allow for CBC to be chained, which is something that the
CTS template relies upon, implementations of CBC need to pass the
IV to be used for subsequent invocations via the IV buffer. This was
not implemented yet for virtio-crypto so implement it now.

Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Gonglei <arei.gonglei@huawei.com>
Cc: virtualization@lists.linux-foundation.org
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: tcrypt - constify check alg list
Corentin Labbe [Fri, 8 Nov 2019 15:42:13 +0000 (15:42 +0000)]
crypto: tcrypt - constify check alg list

this patchs constify the alg list because this list is never modified.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:40 +0000 (13:22 +0100)]
crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine

Reimplement the library routines to perform chacha20poly1305 en/decryption
on scatterlists, without [ab]using the [deprecated] blkcipher interface,
which is rather heavyweight and does things we don't really need.

Instead, we use the sg_miter API in a novel and clever way, to iterate
over the scatterlist in-place (i.e., source == destination, which is the
only way this library is expected to be used). That way, we don't have to
iterate over two scatterlists in parallel.

Another optimization is that, instead of relying on the blkcipher walker
to present the input in suitable chunks, we recognize that ChaCha is a
streamcipher, and so we can simply deal with partial blocks by keeping a
block of cipherstream on the stack and use crypto_xor() to mix it with
the in/output.

Finally, we omit the scatterwalk_and_copy() call if the last element of
the scatterlist covers the MAC as well (which is the common case),
avoiding the need to walk the scatterlist and kmap() the page twice.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: chacha20poly1305 - import construction and selftest from Zinc
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:39 +0000 (13:22 +0100)]
crypto: chacha20poly1305 - import construction and selftest from Zinc

This incorporates the chacha20poly1305 from the Zinc library, retaining
the library interface, but replacing the implementation with calls into
the code that already existed in the kernel's crypto API.

Note that this library API does not implement RFC7539 fully, given that
it is limited to 64-bit nonces. (The 96-bit nonce version that was part
of the selftest only has been removed, along with the 96-bit nonce test
vectors that only tested the selftest but not the actual library itself)

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: arm/curve25519 - wire up NEON implementation
Jason A. Donenfeld [Fri, 8 Nov 2019 12:22:38 +0000 (13:22 +0100)]
crypto: arm/curve25519 - wire up NEON implementation

This ports the SUPERCOP implementation for usage in kernel space. In
addition to the usual header, macro, and style changes required for
kernel space, it makes a few small changes to the code:

  - The stack alignment is relaxed to 16 bytes.
  - Superfluous mov statements have been removed.
  - ldr for constants has been replaced with movw.
  - ldreq has been replaced with moveq.
  - The str epilogue has been made more idiomatic.
  - SIMD registers are not pushed and popped at the beginning and end.
  - The prologue and epilogue have been made idiomatic.
  - A hole has been removed from the stack, saving 32 bytes.
  - We write-back the base register whenever possible for vld1.8.
  - Some multiplications have been reordered for better A7 performance.

There are more opportunities for cleanup, since this code is from qhasm,
which doesn't always do the most opportune thing. But even prior to
extensive hand optimizations, this code delivers significant performance
improvements (given in get_cycles() per call):

      ----------- -------------
             | generic C | this commit |
 ------------ ----------- -------------
| Cortex-A7  |     49136 |       22395 |
 ------------ ----------- -------------
| Cortex-A17 |     17326 |        4983 |
 ------------ ----------- -------------

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[ardb: - move to arch/arm/crypto
       - wire into lib/crypto framework
       - implement crypto API KPP hooks ]
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation
Jason A. Donenfeld [Fri, 8 Nov 2019 12:22:37 +0000 (13:22 +0100)]
crypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation

This comes from Dan Bernstein and Peter Schwabe's public domain NEON
code, and is included here in raw form so that subsequent commits that
fix these up for the kernel can see how it has changed. This code does
have some entirely cosmetic formatting differences, adding indentation
and so forth, so that when we actually port it for use in the kernel in
the subsequent commit, it's obvious what's changed in the process.

This code originates from SUPERCOP 20180818, available at
<https://bench.cr.yp.to/supercop.html>.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: curve25519 - x86_64 library and KPP implementations
Jason A. Donenfeld [Fri, 8 Nov 2019 12:22:36 +0000 (13:22 +0100)]
crypto: curve25519 - x86_64 library and KPP implementations

This implementation is the fastest available x86_64 implementation, and
unlike Sandy2x, it doesn't requie use of the floating point registers at
all. Instead it makes use of BMI2 and ADX, available on recent
microarchitectures. The implementation was written by Armando
Faz-Hernández with contributions (upstream) from Samuel Neves and me,
in addition to further changes in the kernel implementation from us.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
Co-developed-by: Samuel Neves <sneves@dei.uc.pt>
[ardb: - move to arch/x86/crypto
       - wire into lib/crypto framework
       - implement crypto API KPP hooks ]
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: lib/curve25519 - work around Clang stack spilling issue
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:35 +0000 (13:22 +0100)]
crypto: lib/curve25519 - work around Clang stack spilling issue

Arnd reports that the 32-bit generic library code for Curve25119 ends
up using an excessive amount of stack space when built with Clang:

  lib/crypto/curve25519-fiat32.c:756:6: error: stack frame size
      of 1384 bytes in function 'curve25519_generic'
      [-Werror,-Wframe-larger-than=]

Let's give some hints to the compiler regarding which routines should
not be inlined, to prevent it from running out of registers and spilling
to the stack. The resulting code performs identically under both GCC
and Clang, and makes the warning go away.

Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: curve25519 - implement generic KPP driver
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:34 +0000 (13:22 +0100)]
crypto: curve25519 - implement generic KPP driver

Expose the generic Curve25519 library via the crypto API KPP interface.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: curve25519 - add kpp selftest
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:33 +0000 (13:22 +0100)]
crypto: curve25519 - add kpp selftest

In preparation of introducing KPP implementations of Curve25519, import
the set of test cases proposed by the Zinc patch set, but converted to
the KPP format.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: curve25519 - generic C library implementations
Jason A. Donenfeld [Fri, 8 Nov 2019 12:22:32 +0000 (13:22 +0100)]
crypto: curve25519 - generic C library implementations

This contains two formally verified C implementations of the Curve25519
scalar multiplication function, one for 32-bit systems, and one for
64-bit systems whose compiler supports efficient 128-bit integer types.
Not only are these implementations formally verified, but they are also
the fastest available C implementations. They have been modified to be
friendly to kernel space and to be generally less horrendous looking,
but still an effort has been made to retain their formally verified
characteristic, and so the C might look slightly unidiomatic.

The 64-bit version comes from HACL*: https://github.com/project-everest/hacl-star
The 32-bit version comes from Fiat: https://github.com/mit-plv/fiat-crypto

Information: https://cr.yp.to/ecdh.html

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[ardb: - move from lib/zinc to lib/crypto
       - replace .c #includes with Kconfig based object selection
       - drop simd handling and simplify support for per-arch versions ]
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: blake2s - x86_64 SIMD implementation
Jason A. Donenfeld [Fri, 8 Nov 2019 12:22:31 +0000 (13:22 +0100)]
crypto: blake2s - x86_64 SIMD implementation

These implementations from Samuel Neves support AVX and AVX-512VL.
Originally this used AVX-512F, but Skylake thermal throttling made
AVX-512VL more attractive and possible to do with negligable difference.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
Co-developed-by: Samuel Neves <sneves@dei.uc.pt>
[ardb: move to arch/x86/crypto, wire into lib/crypto framework]
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: blake2s - implement generic shash driver
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:30 +0000 (13:22 +0100)]
crypto: blake2s - implement generic shash driver

Wire up our newly added Blake2s implementation via the shash API.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: testmgr - add test cases for Blake2s
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:29 +0000 (13:22 +0100)]
crypto: testmgr - add test cases for Blake2s

As suggested by Eric for the Blake2b implementation contributed by
David, introduce a set of test vectors for Blake2s covering different
digest and key sizes.

          blake2s-128  blake2s-160  blake2s-224  blake2s-256
         ---------------------------------------------------
len=0   | klen=0       klen=1       klen=16      klen=32
len=1   | klen=16      klen=32      klen=0       klen=1
len=7   | klen=32      klen=0       klen=1       klen=16
len=15  | klen=1       klen=16      klen=32      klen=0
len=64  | klen=0       klen=1       klen=16      klen=32
len=247 | klen=16      klen=32      klen=0       klen=1
len=256 | klen=32      klen=0       klen=1       klen=16

Cc: David Sterba <dsterba@suse.com>
Cc: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: blake2s - generic C library implementation and selftest
Jason A. Donenfeld [Fri, 8 Nov 2019 12:22:28 +0000 (13:22 +0100)]
crypto: blake2s - generic C library implementation and selftest

The C implementation was originally based on Samuel Neves' public
domain reference implementation but has since been heavily modified
for the kernel. We're able to do compile-time optimizations by moving
some scaffolding around the final function into the header file.

Information: https://blake2.net/

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
Co-developed-by: Samuel Neves <sneves@dei.uc.pt>
[ardb: - move from lib/zinc to lib/crypto
       - remove simd handling
       - rewrote selftest for better coverage
       - use fixed digest length for blake2s_hmac() and rename to
         blake2s256_hmac() ]
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agoint128: move __uint128_t compiler test to Kconfig
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:27 +0000 (13:22 +0100)]
int128: move __uint128_t compiler test to Kconfig

In order to use 128-bit integer arithmetic in C code, the architecture
needs to have declared support for it by setting ARCH_SUPPORTS_INT128,
and it requires a version of the toolchain that supports this at build
time. This is why all existing tests for ARCH_SUPPORTS_INT128 also test
whether __SIZEOF_INT128__ is defined, since this is only the case for
compilers that can support 128-bit integers.

Let's fold this additional test into the Kconfig declaration of
ARCH_SUPPORTS_INT128 so that we can also use the symbol in Makefiles,
e.g., to decide whether a certain object needs to be included in the
first place.

Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:26 +0000 (13:22 +0100)]
crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation

This is a straight import of the OpenSSL/CRYPTOGAMS Poly1305 implementation for
MIPS authored by Andy Polyakov, a prior 64-bit only version of which has been
contributed by him to the OpenSSL project. The file 'poly1305-mips.pl' is taken
straight from this upstream GitHub repository [0] at commit
d22ade312a7af958ec955620b0d241cf42c37feb, and already contains all the changes
required to build it as part of a Linux kernel module.

[0] https://github.com/dot-asm/cryptogams

Co-developed-by: Andy Polyakov <appro@cryptogams.org>
Signed-off-by: Andy Polyakov <appro@cryptogams.org>
Co-developed-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:25 +0000 (13:22 +0100)]
crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation

This is a straight import of the OpenSSL/CRYPTOGAMS Poly1305 implementation
for NEON authored by Andy Polyakov, and contributed by him to the OpenSSL
project. The file 'poly1305-armv4.pl' is taken straight from this upstream
GitHub repository [0] at commit ec55a08dc0244ce570c4fc7cade330c60798952f,
and already contains all the changes required to build it as part of a
Linux kernel module.

[0] https://github.com/dot-asm/cryptogams

Co-developed-by: Andy Polyakov <appro@cryptogams.org>
Signed-off-by: Andy Polyakov <appro@cryptogams.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:24 +0000 (13:22 +0100)]
crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation

This is a straight import of the OpenSSL/CRYPTOGAMS Poly1305 implementation
for NEON authored by Andy Polyakov, and contributed by him to the OpenSSL
project. The file 'poly1305-armv8.pl' is taken straight from this upstream
GitHub repository [0] at commit ec55a08dc0244ce570c4fc7cade330c60798952f,
and already contains all the changes required to build it as part of a
Linux kernel module.

[0] https://github.com/dot-asm/cryptogams

Co-developed-by: Andy Polyakov <appro@cryptogams.org>
Signed-off-by: Andy Polyakov <appro@cryptogams.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: x86/poly1305 - expose existing driver as poly1305 library
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:23 +0000 (13:22 +0100)]
crypto: x86/poly1305 - expose existing driver as poly1305 library

Implement the arch init/update/final Poly1305 library routines in the
accelerated SIMD driver for x86 so they are accessible to users of
the Poly1305 library interface as well.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: x86/poly1305 - depend on generic library not generic shash
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:22 +0000 (13:22 +0100)]
crypto: x86/poly1305 - depend on generic library not generic shash

Remove the dependency on the generic Poly1305 driver. Instead, depend
on the generic library so that we only reuse code without pulling in
the generic skcipher implementation as well.

While at it, remove the logic that prefers the non-SIMD path for short
inputs - this is no longer necessary after recent FPU handling changes
on x86.

Since this removes the last remaining user of the routines exported
by the generic shash driver, unexport them and make them static.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: poly1305 - expose init/update/final library interface
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:21 +0000 (13:22 +0100)]
crypto: poly1305 - expose init/update/final library interface

Expose the existing generic Poly1305 code via a init/update/final
library interface so that callers are not required to go through
the crypto API's shash abstraction to access it. At the same time,
make some preparations so that the library implementation can be
superseded by an accelerated arch-specific version in the future.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: x86/poly1305 - unify Poly1305 state struct with generic code
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:20 +0000 (13:22 +0100)]
crypto: x86/poly1305 - unify Poly1305 state struct with generic code

In preparation of exposing a Poly1305 library interface directly from
the accelerated x86 driver, align the state descriptor of the x86 code
with the one used by the generic driver. This is needed to make the
library interface unified between all implementations.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: poly1305 - move core routines into a separate library
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:19 +0000 (13:22 +0100)]
crypto: poly1305 - move core routines into a separate library

Move the core Poly1305 routines shared between the generic Poly1305
shash driver and the Adiantum and NHPoly1305 drivers into a separate
library so that using just this pieces does not pull in the crypto
API pieces of the generic Poly1305 routine.

In a subsequent patch, we will augment this generic library with
init/update/final routines so that Poyl1305 algorithm can be used
directly without the need for using the crypto API's shash abstraction.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: chacha - unexport chacha_generic routines
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:18 +0000 (13:22 +0100)]
crypto: chacha - unexport chacha_generic routines

Now that all users of generic ChaCha code have moved to the core library,
there is no longer a need for the generic ChaCha skcpiher driver to
export parts of it implementation for reuse by other drivers. So drop
the exports, and make the symbols static.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: mips/chacha - wire up accelerated 32r2 code from Zinc
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:17 +0000 (13:22 +0100)]
crypto: mips/chacha - wire up accelerated 32r2 code from Zinc

This integrates the accelerated MIPS 32r2 implementation of ChaCha
into both the API and library interfaces of the kernel crypto stack.

The significance of this is that, in addition to becoming available
as an accelerated library implementation, it can also be used by
existing crypto API code such as Adiantum (for block encryption on
ultra low performance cores) or IPsec using chacha20poly1305. These
are use cases that have already opted into using the abstract crypto
API. In order to support Adiantum, the core assembler routine has
been adapted to take the round count as a function argument rather
than hardcoding it to 20.

Co-developed-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: mips/chacha - import 32r2 ChaCha code from Zinc
Jason A. Donenfeld [Fri, 8 Nov 2019 12:22:16 +0000 (13:22 +0100)]
crypto: mips/chacha - import 32r2 ChaCha code from Zinc

This imports the accelerated MIPS 32r2 ChaCha20 implementation from the
Zinc patch set.

Co-developed-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: arm/chacha - expose ARM ChaCha routine as library function
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:15 +0000 (13:22 +0100)]
crypto: arm/chacha - expose ARM ChaCha routine as library function

Expose the accelerated NEON ChaCha routine directly as a symbol
export so that users of the ChaCha library API can use it directly.

Given that calls into the library API will always go through the
routines in this module if it is enabled, switch to static keys
to select the optimal implementation available (which may be none
at all, in which case we defer to the generic implementation for
all invocations).

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: arm/chacha - remove dependency on generic ChaCha driver
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:14 +0000 (13:22 +0100)]
crypto: arm/chacha - remove dependency on generic ChaCha driver

Instead of falling back to the generic ChaCha skcipher driver for
non-SIMD cases, use a fast scalar implementation for ARM authored
by Eric Biggers. This removes the module dependency on chacha-generic
altogether, which also simplifies things when we expose the ChaCha
library interface from this module.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:13 +0000 (13:22 +0100)]
crypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: arm64/chacha - expose arm64 ChaCha routine as library function
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:12 +0000 (13:22 +0100)]
crypto: arm64/chacha - expose arm64 ChaCha routine as library function

Expose the accelerated NEON ChaCha routine directly as a symbol
export so that users of the ChaCha library API can use it directly.

Given that calls into the library API will always go through the
routines in this module if it is enabled, switch to static keys
to select the optimal implementation available (which may be none
at all, in which case we defer to the generic implementation for
all invocations).

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: arm64/chacha - depend on generic chacha library instead of crypto driver
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:11 +0000 (13:22 +0100)]
crypto: arm64/chacha - depend on generic chacha library instead of crypto driver

Depend on the generic ChaCha library routines instead of pulling in the
generic ChaCha skcipher driver, which is more than we need, and makes
managing the dependencies between the generic library, generic driver,
accelerated library and driver more complicated.

While at it, drop the logic to prefer the scalar code on short inputs.
Turning the NEON on and off is cheap these days, and one major use case
for ChaCha20 is ChaCha20-Poly1305, which is guaranteed to hit the scalar
path upon every invocation  (when doing the Poly1305 nonce generation)

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: x86/chacha - expose SIMD ChaCha routine as library function
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:10 +0000 (13:22 +0100)]
crypto: x86/chacha - expose SIMD ChaCha routine as library function

Wire the existing x86 SIMD ChaCha code into the new ChaCha library
interface, so that users of the library interface will get the
accelerated version when available.

Given that calls into the library API will always go through the
routines in this module if it is enabled, switch to static keys
to select the optimal implementation available (which may be none
at all, in which case we defer to the generic implementation for
all invocations).

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: x86/chacha - depend on generic chacha library instead of crypto driver
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:09 +0000 (13:22 +0100)]
crypto: x86/chacha - depend on generic chacha library instead of crypto driver

In preparation of extending the x86 ChaCha driver to also expose the ChaCha
library interface, drop the dependency on the chacha_generic crypto driver
as a non-SIMD fallback, and depend on the generic ChaCha library directly.
This way, we only pull in the code we actually need, without registering
a set of ChaCha skciphers that we will never use.

Since turning the FPU on and off is cheap these days, simplify the SIMD
routine by dropping the per-page yield, which makes for a cleaner switch
to the library API as well. This also allows use to invoke the skcipher
walk routines in non-atomic mode.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: chacha - move existing library code into lib/crypto
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:08 +0000 (13:22 +0100)]
crypto: chacha - move existing library code into lib/crypto

Currently, our generic ChaCha implementation consists of a permute
function in lib/chacha.c that operates on the 64-byte ChaCha state
directly [and which is always included into the core kernel since it
is used by the /dev/random driver], and the crypto API plumbing to
expose it as a skcipher.

In order to support in-kernel users that need the ChaCha streamcipher
but have no need [or tolerance] for going through the abstractions of
the crypto API, let's expose the streamcipher bits via a library API
as well, in a way that permits the implementation to be superseded by
an architecture specific one if provided.

So move the streamcipher code into a separate module in lib/crypto,
and expose the init() and crypt() routines to users of the library.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: lib - tidy up lib/crypto Kconfig and Makefile
Ard Biesheuvel [Fri, 8 Nov 2019 12:22:07 +0000 (13:22 +0100)]
crypto: lib - tidy up lib/crypto Kconfig and Makefile

In preparation of introducing a set of crypto library interfaces, tidy
up the Makefile and split off the Kconfig symbols into a separate file.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: aead - Split out geniv into its own module
Herbert Xu [Fri, 8 Nov 2019 10:41:58 +0000 (18:41 +0800)]
crypto: aead - Split out geniv into its own module

If aead is built as a module along with cryptomgr, it creates a
dependency loop due to the dependency chain aead => crypto_null =>
cryptomgr => aead.

This is due to the presence of the AEAD geniv code.  This code is
not really part of the AEAD API but simply support code for IV
generators such as seqiv.  This patch moves the geniv code into
its own module thus breaking the dependency loop.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: api - Add softdep on cryptomgr
Herbert Xu [Fri, 8 Nov 2019 10:26:30 +0000 (18:26 +0800)]
crypto: api - Add softdep on cryptomgr

The crypto API requires cryptomgr to be present for probing to work
so we need a softdep to ensure that cryptomgr is added to the
initramfs.

This was usually not a problem because until very recently it was
not practical to build crypto API as module but with the recent
work to eliminate direct AES users this is now possible.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agoMAINTAINERS: add linux-amlogic list for amlogic crypto
Corentin Labbe [Fri, 8 Nov 2019 10:13:06 +0000 (10:13 +0000)]
MAINTAINERS: add linux-amlogic list for amlogic crypto

The linux-amlogic mailing list need to be in copy of all patch for the amlogic crypto.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: amlogic - fix two resources leak
Corentin Labbe [Fri, 8 Nov 2019 09:45:17 +0000 (09:45 +0000)]
crypto: amlogic - fix two resources leak

This patch fixes two resources leak that occur on error path.

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487403 ("RESOURCE_LEAK")
Addresses-Coverity-ID: 1487401 ("Resource leaks")
Fixes: 48fe583fe541 ("crypto: amlogic - Add crypto accelerator for amlogic GXL")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: inside-secure - Fixed authenc w/ (3)DES fails on Macchiatobin
Pascal van Leeuwen [Fri, 8 Nov 2019 09:00:21 +0000 (10:00 +0100)]
crypto: inside-secure - Fixed authenc w/ (3)DES fails on Macchiatobin

Fixed 2 copy-paste mistakes in the commit mentioned below that caused
authenc w/ (3)DES to consistently fail on Macchiatobin (but strangely
work fine on x86+FPGA??).
Now fully tested on both platforms.

Fixes: 13a1bb93f7b1c9 ("crypto: inside-secure - Fixed warnings...")
Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: hisilicon - no need to check return value of debugfs_create functions
Greg Kroah-Hartman [Thu, 7 Nov 2019 08:52:00 +0000 (09:52 +0100)]
crypto: hisilicon - no need to check return value of debugfs_create functions

When calling debugfs functions, there is no need to ever check the
return value.  The function can work or not, but the code logic should
never do something different based on this.

Cc: Zhou Wang <wangzhou1@hisilicon.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: hisilicon - add vfs_num module param for zip
Hao Fang [Thu, 7 Nov 2019 03:48:29 +0000 (11:48 +0800)]
crypto: hisilicon - add vfs_num module param for zip

Currently the VF can be enabled only through sysfs interface
after module loaded, but this also needs to be done when the
module loaded in some scenarios.

This patch adds module param vfs_num, adds hisi_zip_sriov_enable()
in probe, and also adjusts the position of probe.

Signed-off-by: Hao Fang <fanghao11@huawei.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: inside-secure - Fix hangup during probing for EIP97 engine
Pascal van Leeuwen [Wed, 6 Nov 2019 15:13:07 +0000 (16:13 +0100)]
crypto: inside-secure - Fix hangup during probing for EIP97 engine

Fixed mask used for CFSIZE and RFSIZE fields of HIA_OPTIONS register,
these were all 1 bit too wide. Which caused the probing of a standard
EIP97 to actually hang due to assume way too large descriptor FIFO's.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agohwrng: ks-sa - Add minimum sleep time before ready-polling
Alexander Sverdlin [Wed, 6 Nov 2019 09:30:49 +0000 (09:30 +0000)]
hwrng: ks-sa - Add minimum sleep time before ready-polling

Current polling timeout is 25 us. The hardware is currently configured to
harvest the entropy for 81920 us. This leads to timeouts even during
blocking read (wait=1).

Log snippet:
[    5.727589] [<c040ffcc>] (ks_sa_rng_probe) from [<c04181e8>] (platform_drv_probe+0x58/0xb4)
...
[    5.727805] hwrng: no data available
...
[   13.157016] random: systemd: uninitialized urandom read (16 bytes read)
[   13.157033] systemd[1]: Initializing machine ID from random generator.
...
[   15.848770] random: fast init done
...
[   15.848807] random: crng init done

After the patch:
[    6.223534] random: systemd: uninitialized urandom read (16 bytes read)
[    6.223551] systemd[1]: Initializing machine ID from random generator.
...
[    6.876075] random: fast init done
...
[    6.954200] random: systemd: uninitialized urandom read (16 bytes read)
[    6.955244] random: systemd: uninitialized urandom read (16 bytes read)
...
[    7.121948] random: crng init done

Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: tgr192 - remove unneeded semicolon
Tian Tao [Wed, 6 Nov 2019 00:53:41 +0000 (08:53 +0800)]
crypto: tgr192 - remove unneeded semicolon

Fix the warning below.
./crypto/tgr192.c:558:43-44: Unneeded semicolon
./crypto/tgr192.c:586:44-45: Unneeded semicolon

Fixes: f63fbd3d501b ("crypto: tgr192 - Switch to shash")

Signed-off-by: Tian Tao <tiantao6@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: allwinner - fix some spelling mistakes
Colin Ian King [Tue, 5 Nov 2019 15:03:59 +0000 (15:03 +0000)]
crypto: allwinner - fix some spelling mistakes

There are spelling mistakes in dev_warn and dev_err messages. Fix these.
Change "recommandation" to "recommendation" and "tryed" to "tried".

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agohwrng: atmel - add new platform support for sam9x60
Codrin Ciubotariu [Mon, 4 Nov 2019 11:54:57 +0000 (13:54 +0200)]
hwrng: atmel - add new platform support for sam9x60

Add platform support for the new IP found on sam9x60 SoC. For this
version, if the peripheral clk is above 100MHz, the HALFR bit must be
set. This bit is available only if the IP can generate a random number
every 168 cycles (instead of 84).

Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agodt-bindings: rng: atmel-trng: add new compatible
Codrin Ciubotariu [Mon, 4 Nov 2019 11:54:56 +0000 (13:54 +0200)]
dt-bindings: rng: atmel-trng: add new compatible

Add compatible for new IP found on sam9x60 SoC.

Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: atmel - Fix selection of CRYPTO_AUTHENC
Tudor Ambarus [Fri, 1 Nov 2019 16:40:37 +0000 (16:40 +0000)]
crypto: atmel - Fix selection of CRYPTO_AUTHENC

The following error is raised when CONFIG_CRYPTO_DEV_ATMEL_AES=y and
CONFIG_CRYPTO_DEV_ATMEL_AUTHENC=m:
drivers/crypto/atmel-aes.o: In function `atmel_aes_authenc_setkey':
atmel-aes.c:(.text+0x9bc): undefined reference to `crypto_authenc_extractkeys'
Makefile:1094: recipe for target 'vmlinux' failed

Fix it by moving the selection of CRYPTO_AUTHENC under
config CRYPTO_DEV_ATMEL_AES.

Fixes: 89a82ef87e01 ("crypto: atmel-authenc - add support to...")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: inside-secure - Add missed clk_disable_unprepare
Chuhong Yuan [Fri, 1 Nov 2019 14:37:15 +0000 (22:37 +0800)]
crypto: inside-secure - Add missed clk_disable_unprepare

safexcel_remove misses disabling priv->reg_clk like what is done when
probe fails.
Add the missed call to fix it.

Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: hisilicon - replace #ifdef with IS_ENABLED for CONFIG_NUMA
Zhou Wang [Fri, 1 Nov 2019 12:21:49 +0000 (20:21 +0800)]
crypto: hisilicon - replace #ifdef with IS_ENABLED for CONFIG_NUMA

Replace #ifdef CONFIG_NUMA with IS_ENABLED(CONFIG_NUMA) to fix kbuild error.

Fixes: 700f7d0d29c7 ("crypto: hisilicon - fix to return...")
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Reported-by: kbuild test robot <lkp@intel.com>
Acked-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: sun8i-ss - fix memdup.cocci warnings
kbuild test robot [Fri, 1 Nov 2019 08:55:34 +0000 (09:55 +0100)]
crypto: sun8i-ss - fix memdup.cocci warnings

Use kmemdup rather than duplicating its implementation

Generated by: scripts/coccinelle/api/memdup.cocci

Fixes: f08fcced6d00 ("crypto: allwinner - Add sun8i-ss cryptographic offloader")
CC: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: sun8i-ss - fix semicolon.cocci warnings
kbuild test robot Remove unneeded semicolon [Fri, 1 Nov 2019 08:52:06 +0000 (09:52 +0100)]
crypto: sun8i-ss - fix semicolon.cocci warnings

Generated by: scripts/coccinelle/misc/semicolon.cocci

Fixes: f08fcced6d00 ("crypto: allwinner - Add sun8i-ss cryptographic offloader")
CC: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Julia Lawall <julia.lawall@lip6.fr>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
Christian Lamparter [Thu, 31 Oct 2019 16:14:38 +0000 (17:14 +0100)]
crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr

This patch fixes a crash that can happen during probe
when the available dma memory is not enough (this can
happen if the crypto4xx is built as a module).

The descriptor window mapping would end up being free'd
twice, once in crypto4xx_build_pdr() and the second time
in crypto4xx_destroy_sdr().

Fixes: 5d59ad6eea82 ("crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak")
Cc: <stable@vger.kernel.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agoMAINTAINERS: Add maintainer for HiSilicon TRNG V2 driver
Zaibo Xu [Thu, 31 Oct 2019 08:34:30 +0000 (16:34 +0800)]
MAINTAINERS: Add maintainer for HiSilicon TRNG V2 driver

Here adds maintainer information for HiSilicon TRNG V2 driver.

Signed-off-by: Zaibo Xu <xuzaibo@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agohwrng: hisi - add HiSilicon TRNG driver support
Zaibo Xu [Thu, 31 Oct 2019 08:34:29 +0000 (16:34 +0800)]
hwrng: hisi - add HiSilicon TRNG driver support

This series adds HiSilicon true random number generator(TRNG)
driver in hw_random subsystem.

Signed-off-by: Zaibo Xu <xuzaibo@huawei.com>
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: amlogic - ensure error variable err is set before returning it
Colin Ian King [Tue, 29 Oct 2019 11:32:30 +0000 (11:32 +0000)]
crypto: amlogic - ensure error variable err is set before returning it

Currently when the call to crypto_engine_alloc_init fails the error
return path returns an uninitialized value in the variable err. Fix
this by setting err to -ENOMEM.

Addresses-Coverity: ("Uninitialized scalar variable")
Fixes: 48fe583fe541 ("crypto: amlogic - Add crypto accelerator for amlogic GXL")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: amlogic - Use kmemdup in meson_aes_setkey()
YueHaibing [Tue, 29 Oct 2019 01:55:23 +0000 (01:55 +0000)]
crypto: amlogic - Use kmemdup in meson_aes_setkey()

Use kmemdup rather than duplicating its implementation

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: atmel - Fix remaining endianess warnings
Herbert Xu [Mon, 28 Oct 2019 07:45:02 +0000 (15:45 +0800)]
crypto: atmel - Fix remaining endianess warnings

This patch fixes the remaining sparse endianness warnings.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4 years agocrypto: atmel - Fix authenc support when it is set to m
Herbert Xu [Mon, 28 Oct 2019 07:39:07 +0000 (15:39 +0800)]
crypto: atmel - Fix authenc support when it is set to m

As it is if CONFIG_CRYPTO_DEV_ATMEL_AUTHENC is set to m it is in
effect disabled.  This patch fixes it by using IS_ENABLED instead
of ifdef.

Fixes: 89a82ef87e01 ("crypto: atmel-authenc - add support to...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: amcc - restore CRYPTO_AES dependency
Christian Lamparter [Sun, 27 Oct 2019 15:47:47 +0000 (16:47 +0100)]
crypto: amcc - restore CRYPTO_AES dependency

This patch restores the CRYPTO_AES dependency. This is
necessary since some of the crypto4xx driver provided
modes need functioning software fallbacks for
AES-CTR/CCM and GCM.

Fixes: da3e7a9715ea ("crypto: amcc - switch to AES library for GCM key derivation")
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - fix to return sub-optimal device when best device has no qps
Zhou Wang [Sat, 26 Oct 2019 03:00:16 +0000 (11:00 +0800)]
crypto: hisilicon - fix to return sub-optimal device when best device has no qps

Currently find_zip_device() finds zip device which has the min NUMA
distance with current CPU.

This patch modifies find_zip_device to return sub-optimal device when best
device has no qps. This patch sorts all devices by NUMA distance, then
finds the best zip device which has free qp.

Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Shukun Tan <tanshukun1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - use sgl API to get sgl dma addr and len
Zhou Wang [Sat, 26 Oct 2019 02:57:21 +0000 (10:57 +0800)]
crypto: hisilicon - use sgl API to get sgl dma addr and len

Use sgl API to get sgl dma addr and len, this will help to avoid compile
error in some platforms. So NEED_SG_DMA_LENGTH can be removed here, which
can only be selected by arch code.

Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: skcipher - rename the crypto_blkcipher module and kconfig option
Eric Biggers [Fri, 25 Oct 2019 19:41:13 +0000 (12:41 -0700)]
crypto: skcipher - rename the crypto_blkcipher module and kconfig option

Now that the blkcipher algorithm type has been removed in favor of
skcipher, rename the crypto_blkcipher kernel module to crypto_skcipher,
and rename the config options accordingly:

CONFIG_CRYPTO_BLKCIPHER => CONFIG_CRYPTO_SKCIPHER
CONFIG_CRYPTO_BLKCIPHER2 => CONFIG_CRYPTO_SKCIPHER2

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: skcipher - remove the "blkcipher" algorithm type
Eric Biggers [Fri, 25 Oct 2019 19:41:12 +0000 (12:41 -0700)]
crypto: skcipher - remove the "blkcipher" algorithm type

Now that all "blkcipher" algorithms have been converted to "skcipher",
remove the blkcipher algorithm type.

The skcipher (symmetric key cipher) algorithm type was introduced a few
years ago to replace both blkcipher and ablkcipher (synchronous and
asynchronous block cipher).  The advantages of skcipher include:

  - A much less confusing name, since none of these algorithm types have
    ever actually been for raw block ciphers, but rather for all
    length-preserving encryption modes including block cipher modes of
    operation, stream ciphers, and other length-preserving modes.

  - It unified blkcipher and ablkcipher into a single algorithm type
    which supports both synchronous and asynchronous implementations.
    Note, blkcipher already operated only on scatterlists, so the fact
    that skcipher does too isn't a regression in functionality.

  - Better type safety by using struct skcipher_alg, struct
    crypto_skcipher, etc. instead of crypto_alg, crypto_tfm, etc.

  - It sometimes simplifies the implementations of algorithms.

Also, the blkcipher API was no longer being tested.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: skcipher - rename crypto_skcipher_type2 to crypto_skcipher_type
Eric Biggers [Fri, 25 Oct 2019 19:41:11 +0000 (12:41 -0700)]
crypto: skcipher - rename crypto_skcipher_type2 to crypto_skcipher_type

Now that the crypto_skcipher_type() function has been removed, there's
no reason to call the crypto_type struct for skciphers
"crypto_skcipher_type2".  Rename it to simply "crypto_skcipher_type".

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: skcipher - remove crypto_has_ablkcipher()
Eric Biggers [Fri, 25 Oct 2019 19:41:10 +0000 (12:41 -0700)]
crypto: skcipher - remove crypto_has_ablkcipher()

crypto_has_ablkcipher() has no users, and it does the same thing as
crypto_has_skcipher() anyway.  So remove it.  This also removes the last
user of crypto_skcipher_type() and crypto_skcipher_mask(), so remove
those too.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: skcipher - unify the crypto_has_skcipher*() functions
Eric Biggers [Fri, 25 Oct 2019 19:41:09 +0000 (12:41 -0700)]
crypto: skcipher - unify the crypto_has_skcipher*() functions

crypto_has_skcipher() and crypto_has_skcipher2() do the same thing: they
check for the availability of an algorithm of type skcipher, blkcipher,
or ablkcipher, which also meets any non-type constraints the caller
specified.  And they have exactly the same prototype.

Therefore, eliminate the redundancy by removing crypto_has_skcipher()
and renaming crypto_has_skcipher2() to crypto_has_skcipher().

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agodt-bindings: crypto: Add DT bindings documentation for sun8i-ss Security System
Corentin Labbe [Fri, 25 Oct 2019 18:51:26 +0000 (20:51 +0200)]
dt-bindings: crypto: Add DT bindings documentation for sun8i-ss Security System

This patch adds documentation for Device-Tree bindings of the
Security System cryptographic offloader driver.

Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Maxime Ripard <mripard@kernel.org>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: allwinner - Add sun8i-ss cryptographic offloader
Corentin Labbe [Fri, 25 Oct 2019 18:51:25 +0000 (20:51 +0200)]
crypto: allwinner - Add sun8i-ss cryptographic offloader

The Security System is an hardware cryptographic offloader present
on Allwinner SoCs A80 and A83T.
It is different from the previous sun4i-ss.

This driver supports AES cipher in CBC and ECB mode.

Acked-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: testmgr - add test vectors for blake2b
David Sterba [Thu, 24 Oct 2019 16:28:32 +0000 (18:28 +0200)]
crypto: testmgr - add test vectors for blake2b

Test vectors for blake2b with various digest sizes. As the algorithm is
the same up to the digest calculation, the key and input data length is
distributed in a way that tests all combinanions of the two over the
digest sizes.

Based on the suggestion from Eric, the following input sizes are tested
[0, 1, 7, 15, 64, 247, 256], where blake2b blocksize is 128, so the
padded and the non-padded input buffers are tested.

          blake2b-160  blake2b-256  blake2b-384  blake2b-512
         ---------------------------------------------------
len=0   | klen=0       klen=1       klen=32      klen=64
len=1   | klen=32      klen=64      klen=0       klen=1
len=7   | klen=64      klen=0       klen=1       klen=32
len=15  | klen=1       klen=32      klen=64      klen=0
len=64  | klen=0       klen=1       klen=32      klen=64
len=247 | klen=32      klen=64      klen=0       klen=1
len=256 | klen=64      klen=0       klen=1       klen=32

Where key:

- klen=0: empty key
- klen=1: 1 byte value 0x42, 'B'
- klen=32: first 32 bytes of the default key, sequence 00..1f
- klen=64: default key, sequence 00..3f

The unkeyed vectors are ordered before keyed, as this is required by
testmgr.

CC: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: blake2b - add blake2b generic implementation
David Sterba [Thu, 24 Oct 2019 16:28:31 +0000 (18:28 +0200)]
crypto: blake2b - add blake2b generic implementation

The patch brings support of several BLAKE2 variants (2b with various
digest lengths).  The keyed digest is supported, using tfm->setkey call.
The in-tree user will be btrfs (for checksumming), we're going to use
the BLAKE2b-256 variant.

The code is reference implementation taken from the official sources and
modified in terms of kernel coding style (whitespace, comments, uintXX_t
-> uXX types, removed unused prototypes and #ifdefs, removed testing
code, changed secure_zero_memory -> memzero_explicit, used own helpers
for unaligned reads/writes and rotations).

Further changes removed sanity checks of key length or output size,
these values are verified in the crypto API callbacks or hardcoded in
shash_alg and not exposed to users.

Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sun4i-ss - Move to Allwinner directory
Corentin Labbe [Wed, 23 Oct 2019 20:05:13 +0000 (22:05 +0200)]
crypto: sun4i-ss - Move to Allwinner directory

Since we have a dedicated Allwinner directory for crypto driver, move
the sun4i-ss driver in it.

Acked-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: allwinner - Add sun8i-ce Crypto Engine
Corentin Labbe [Wed, 23 Oct 2019 20:05:04 +0000 (22:05 +0200)]
crypto: allwinner - Add sun8i-ce Crypto Engine

The Crypto Engine is an hardware cryptographic offloader present
on all recent Allwinner SoCs H2+, H3, R40, A64, H5, H6

This driver supports AES cipher in CBC/ECB mode.

Acked-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: allwinner - Add allwinner subdirectory
Corentin Labbe [Wed, 23 Oct 2019 20:05:03 +0000 (22:05 +0200)]
crypto: allwinner - Add allwinner subdirectory

Since a second Allwinner crypto driver will be added, it is better to
create a dedicated subdirectory.

Acked-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: mediatek - remove redundant bitwise-or
Colin Ian King [Wed, 23 Oct 2019 11:48:24 +0000 (12:48 +0100)]
crypto: mediatek - remove redundant bitwise-or

Bitwise-or'ing 0xffffffff with the u32 variable ctr is the same result
as assigning the value to ctr.  Remove the redundant bitwise-or and
just use an assignment.

Addresses-Coverity: ("Suspicious &= or |= constant expression")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ecdh - fix big endian bug in ECC library
Ard Biesheuvel [Wed, 23 Oct 2019 09:50:44 +0000 (11:50 +0200)]
crypto: ecdh - fix big endian bug in ECC library

The elliptic curve arithmetic library used by the EC-DH KPP implementation
assumes big endian byte order, and unconditionally reverses the byte
and word order of multi-limb quantities. On big endian systems, the byte
reordering is not necessary, while the word ordering needs to be retained.

So replace the __swab64() invocation with a call to be64_to_cpu() which
should do the right thing for both little and big endian builds.

Fixes: 3c4b23901a0c ("crypto: ecdh - Add ECDH software support")
Cc: <stable@vger.kernel.org> # v4.9+
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - populate platform devices last
Andrey Smirnov [Tue, 22 Oct 2019 15:30:13 +0000 (08:30 -0700)]
crypto: caam - populate platform devices last

Move the call to devm_of_platform_populate() at the end of
caam_probe(), so we won't try to add any child devices until all of
the initialization is finished successfully.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - use devres to populate platform devices
Andrey Smirnov [Tue, 22 Oct 2019 15:30:12 +0000 (08:30 -0700)]
crypto: caam - use devres to populate platform devices

Use devres to de-initialize the RNG and drop explicit de-initialization
code in caam_remove().

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - use devres to de-initialize QI
Andrey Smirnov [Tue, 22 Oct 2019 15:30:11 +0000 (08:30 -0700)]
crypto: caam - use devres to de-initialize QI

Use devres to de-initialize the QI and drop explicit de-initialization
code in caam_remove().

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - use devres to de-initialize the RNG
Andrey Smirnov [Tue, 22 Oct 2019 15:30:10 +0000 (08:30 -0700)]
crypto: caam - use devres to de-initialize the RNG

Use devres to de-initialize the RNG and drop explicit de-initialization
code in caam_remove().

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - use devres to remove debugfs
Andrey Smirnov [Tue, 22 Oct 2019 15:30:09 +0000 (08:30 -0700)]
crypto: caam - use devres to remove debugfs

Use devres to remove debugfs and drop corresponding
debugfs_remove_recursive() call.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - use devres to unmap memory
Andrey Smirnov [Tue, 22 Oct 2019 15:30:08 +0000 (08:30 -0700)]
crypto: caam - use devres to unmap memory

Use devres to unmap memory and drop corresponding iounmap() call.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Iuliana Prodan <iuliana.prodan@nxp.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: omap3-rom - Fix unused function warnings
Arnd Bergmann [Tue, 22 Oct 2019 14:27:31 +0000 (16:27 +0200)]
hwrng: omap3-rom - Fix unused function warnings

When runtime-pm is disabled, we get a few harmless warnings:

drivers/char/hw_random/omap3-rom-rng.c:65:12: error: unused function 'omap_rom_rng_runtime_suspend' [-Werror,-Wunused-function]
drivers/char/hw_random/omap3-rom-rng.c:81:12: error: unused function 'omap_rom_rng_runtime_resume' [-Werror,-Wunused-function]

Mark these functions as __maybe_unused so gcc can drop them
silently.

Fixes: 8d9d4bdc495f ("hwrng: omap3-rom - Use runtime PM instead of custom functions")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Fixed warnings on inconsistent byte order handling
Pascal van Leeuwen [Tue, 22 Oct 2019 09:01:43 +0000 (11:01 +0200)]
crypto: inside-secure - Fixed warnings on inconsistent byte order handling

This fixes a bunch of endianness related sparse warnings reported by the
kbuild test robot as well as Ben Dooks.

Credits for the fix to safexcel.c go to Ben Dooks.

Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Ben Dooks <ben.dooks@codethink.co.uk>
Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/aes-neonbs - add return value of skcipher_walk_done() in __xts_crypt()
Yunfeng Ye [Tue, 22 Oct 2019 08:11:18 +0000 (16:11 +0800)]
crypto: arm64/aes-neonbs - add return value of skcipher_walk_done() in __xts_crypt()

A warning is found by the static code analysis tool:
  "Identical condition 'err', second condition is always false"

Fix this by adding return value of skcipher_walk_done().

Fixes: 67cfa5d3b721 ("crypto: arm64/aes-neonbs - implement ciphertext stealing for XTS")
Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - fix uninitialized list head
Mark Salter [Mon, 21 Oct 2019 15:29:49 +0000 (11:29 -0400)]
crypto: ccp - fix uninitialized list head

A NULL-pointer dereference was reported in fedora bz#1762199 while
reshaping a raid6 array after adding a fifth drive to an existing
array.

[   47.343549] md/raid:md0: raid level 6 active with 3 out of 5 devices, algorithm 2
[   47.804017] md0: detected capacity change from 0 to 7885289422848
[   47.822083] Unable to handle kernel read from unreadable memory at virtual address 0000000000000000
...
[   47.940477] CPU: 1 PID: 14210 Comm: md0_raid6 Tainted: G        W         5.2.18-200.fc30.aarch64 #1
[   47.949594] Hardware name: AMD Overdrive/Supercharger/To be filled by O.E.M., BIOS ROD1002C 04/08/2016
[   47.958886] pstate: 00400085 (nzcv daIf +PAN -UAO)
[   47.963668] pc : __list_del_entry_valid+0x2c/0xa8
[   47.968366] lr : ccp_tx_submit+0x84/0x168 [ccp]
[   47.972882] sp : ffff00001369b970
[   47.976184] x29: ffff00001369b970 x28: ffff00001369bdb8
[   47.981483] x27: 00000000ffffffff x26: ffff8003b758af70
[   47.986782] x25: ffff8003b758b2d8 x24: ffff8003e6245818
[   47.992080] x23: 0000000000000000 x22: ffff8003e62450c0
[   47.997379] x21: ffff8003dfd6add8 x20: 0000000000000003
[   48.002678] x19: ffff8003e6245100 x18: 0000000000000000
[   48.007976] x17: 0000000000000000 x16: 0000000000000000
[   48.013274] x15: 0000000000000000 x14: 0000000000000000
[   48.018572] x13: ffff7e000ef83a00 x12: 0000000000000001
[   48.023870] x11: ffff000010eff998 x10: 00000000000019a0
[   48.029169] x9 : 0000000000000000 x8 : ffff8003e6245180
[   48.034467] x7 : 0000000000000000 x6 : 000000000000003f
[   48.039766] x5 : 0000000000000040 x4 : ffff8003e0145080
[   48.045064] x3 : dead000000000200 x2 : 0000000000000000
[   48.050362] x1 : 0000000000000000 x0 : ffff8003e62450c0
[   48.055660] Call trace:
[   48.058095]  __list_del_entry_valid+0x2c/0xa8
[   48.062442]  ccp_tx_submit+0x84/0x168 [ccp]
[   48.066615]  async_tx_submit+0x224/0x368 [async_tx]
[   48.071480]  async_trigger_callback+0x68/0xfc [async_tx]
[   48.076784]  ops_run_biofill+0x178/0x1e8 [raid456]
[   48.081566]  raid_run_ops+0x248/0x818 [raid456]
[   48.086086]  handle_stripe+0x864/0x1208 [raid456]
[   48.090781]  handle_active_stripes.isra.0+0xb0/0x278 [raid456]
[   48.096604]  raid5d+0x378/0x618 [raid456]
[   48.100602]  md_thread+0xa0/0x150
[   48.103905]  kthread+0x104/0x130
[   48.107122]  ret_from_fork+0x10/0x18
[   48.110686] Code: d2804003 f2fbd5a3 eb03003f 54000320 (f9400021)
[   48.116766] ---[ end trace 23f390a527f7ad77 ]---

ccp_tx_submit is passed a dma_async_tx_descriptor which is contained in
a ccp_dma_desc and adds it to a ccp channel's pending list:

list_del(&desc->entry);
list_add_tail(&desc->entry, &chan->pending);

The problem is that desc->entry may be uninitialized in the
async_trigger_callback path where the descriptor was gotten
from ccp_prep_dma_interrupt which got it from ccp_alloc_dma_desc
which doesn't initialize the desc->entry list head. So, just
initialize the list head to avoid the problem.

Cc: <stable@vger.kernel.org>
Reported-by: Sahaj Sarup <sahajsarup@gmail.com>
Signed-off-by: Mark Salter <msalter@redhat.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: nx - Improve debugfs_create_u{32,64}() handling for atomics
Geert Uytterhoeven [Mon, 21 Oct 2019 14:51:45 +0000 (16:51 +0200)]
crypto: nx - Improve debugfs_create_u{32,64}() handling for atomics

Variables of type atomic{,64}_t can be used fine with
debugfs_create_u{32,64}, when passing a pointer to the embedded counter.
This allows to get rid of the casts, which prevented compiler checks.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - Verify access to device registers before initializing
Hook, Gary [Mon, 21 Oct 2019 13:44:44 +0000 (13:44 +0000)]
crypto: ccp - Verify access to device registers before initializing

Check early whether device registers can be accessed. Some BIOSes have
a broken security policy that prevents access to the device registers,
and return values from ioread() can be misinterpreted. If a read of
a feature register returns a -1, we may not be able to access
any device register, so report the problem and suggestion, and return.

For the PSP, the feature register is checked. For the CCP, the queue
register is checked.

Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - Change a message to reflect status instead of failure
Hook, Gary [Mon, 21 Oct 2019 13:44:37 +0000 (13:44 +0000)]
crypto: ccp - Change a message to reflect status instead of failure

If an AMD BIOS makes zero CCP queues available to the driver, the
device is unavailable and therefore can't be activated. When this
happens, report the status but don't report a (non-existent)
failure. The CCP will be unactivated.

Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - fix endianness verification problem of QM
Shukun Tan [Mon, 21 Oct 2019 07:41:03 +0000 (15:41 +0800)]
crypto: hisilicon - fix endianness verification problem of QM

This patch fixes following sparse warning:

qm.c:345:33: warning: cast removes address space '<asn:2>' of expression
qm.c:359:20: warning: incorrect type in assignment (different base types)
qm.c:359:20:    expected restricted __le16 [usertype] w0
qm.c:359:20:    got int
qm.c:362:27: warning: incorrect type in assignment (different base types)
qm.c:362:27:    expected restricted __le16 [usertype] queue_num
qm.c:362:27:    got unsigned short [usertype] queue
qm.c:363:24: warning: incorrect type in assignment (different base types)
qm.c:363:24:    expected restricted __le32 [usertype] base_l
qm.c:363:24:    got unsigned int [usertype]
qm.c:364:24: warning: incorrect type in assignment (different base types)
qm.c:364:24:    expected restricted __le32 [usertype] base_h
qm.c:364:24:    got unsigned int [usertype]
qm.c:451:22: warning: restricted __le32 degrades to integer
qm.c:471:24: warning: restricted __le16 degrades to integer
......
qm.c:1617:19: warning: incorrect type in assignment (different base types)
qm.c:1617:19:    expected restricted __le32 [usertype] dw6
qm.c:1617:19:    got int
qm.c:1891:24: warning: incorrect type in return expression (different base types)
qm.c:1891:24:    expected int
qm.c:1891:24:    got restricted pci_ers_result_t
qm.c:1894:40: warning: incorrect type in return expression (different base types)
qm.c:1894:40:    expected int
qm.c:1894:40:    got restricted pci_ers_result_t

Signed-off-by: Shukun Tan <tanshukun1@huawei.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - fix param should be static when not external.
Shukun Tan [Mon, 21 Oct 2019 07:41:02 +0000 (15:41 +0800)]
crypto: hisilicon - fix param should be static when not external.

This patch fixes following sparse warning:
zip_main.c:87:1: warning: symbol 'hisi_zip_list' was not declared.
Should it be static?
zip_main.c:88:1: warning: symbol 'hisi_zip_list_lock' was not declared.
Should it be static?
zip_main.c:948:68: warning: Using plain integer as NULL pointer

Signed-off-by: Shukun Tan <tanshukun1@huawei.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - Fix using plain integer as NULL pointer
Shukun Tan [Mon, 21 Oct 2019 07:41:01 +0000 (15:41 +0800)]
crypto: hisilicon - Fix using plain integer as NULL pointer

This patch fix sparse warning:
zip_crypto.c:425:26: warning: Using plain integer as NULL pointer

Replaces assignment of 0 to pointer with NULL assignment.

Signed-off-by: Shukun Tan <tanshukun1@huawei.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - tiny fix about QM/ZIP error callback print
Zhou Wang [Mon, 21 Oct 2019 07:41:00 +0000 (15:41 +0800)]
crypto: hisilicon - tiny fix about QM/ZIP error callback print

Tiny fix to make QM/ZIP error callback print clear and right. If one version
hardware does not support error handling, we directly print this.

And QM is embedded in ZIP, we can use ZIP print only, so remove unnecessary
QM print.

Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccree - fix comparison of unsigned expression warning
Tian Tao [Sat, 19 Oct 2019 00:41:37 +0000 (08:41 +0800)]
crypto: ccree - fix comparison of unsigned expression warning

This patch fixes the following warnings:
drivers/crypto/ccree/cc_aead.c:630:5-12: WARNING: Unsigned expression
compared with zero: seq_len > 0

Signed-off-by: Tian Tao <tiantao6@huawei.com>
v2:
change hmac_setkey() return type to unsigned int to fix the warning.
Acked-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - Retry SEV INIT command in case of integrity check failure.
Ashish Kalra [Thu, 17 Oct 2019 22:35:11 +0000 (22:35 +0000)]
crypto: ccp - Retry SEV INIT command in case of integrity check failure.

SEV INIT command loads the SEV related persistent data from NVS
and initializes the platform context. The firmware validates the
persistent state. If validation fails, the firmware will reset
the persisent state and return an integrity check failure status.

At this point, a subsequent INIT command should succeed, so retry
the command. The INIT command retry is only done during driver
initialization.

Additional enums along with SEV_RET_SECURE_DATA_INVALID are added
to sev_ret_code to maintain continuity and relevance of enum values.

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Acked-by: David Rientjes <rientjes@google.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: amlogic - Add crypto accelerator for amlogic GXL
Corentin Labbe [Thu, 17 Oct 2019 05:06:25 +0000 (05:06 +0000)]
crypto: amlogic - Add crypto accelerator for amlogic GXL

This patch adds support for the amlogic GXL cryptographic offloader present
on GXL SoCs.

This driver supports AES cipher in CBC/ECB mode.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoMAINTAINERS: Add myself as maintainer of amlogic crypto
Corentin Labbe [Thu, 17 Oct 2019 05:06:24 +0000 (05:06 +0000)]
MAINTAINERS: Add myself as maintainer of amlogic crypto

I will maintain the amlogic crypto driver.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agodt-bindings: crypto: Add DT bindings documentation for amlogic-crypto
Corentin Labbe [Thu, 17 Oct 2019 05:06:23 +0000 (05:06 +0000)]
dt-bindings: crypto: Add DT bindings documentation for amlogic-crypto

This patch adds documentation for Device-Tree bindings for the
Amlogic GXL cryptographic offloader driver.

Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>