platform/kernel/linux-rpi.git
5 years agocrypto: powerpc - don't set ivsize for AES-ECB
Eric Biggers [Tue, 15 Oct 2019 02:45:16 +0000 (19:45 -0700)]
crypto: powerpc - don't set ivsize for AES-ECB

Set the ivsize for the "ecb-ppc-spe" algorithm to 0, since ECB mode
doesn't take an IV.

This fixes a failure in the extra crypto self-tests:

alg: skcipher: ivsize for ecb-ppc-spe (16) doesn't match generic impl (0)

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: powerpc - don't unnecessarily use atomic scatterwalk
Eric Biggers [Tue, 15 Oct 2019 02:45:15 +0000 (19:45 -0700)]
crypto: powerpc - don't unnecessarily use atomic scatterwalk

The PowerPC SPE implementations of AES modes only disable preemption
during the actual encryption/decryption, not during the scatterwalk
functions.  It's therefore unnecessary to request an atomic scatterwalk.
So don't do so.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128 - duplicate init() and final() hooks in SIMD code
Ard Biesheuvel [Mon, 14 Oct 2019 16:16:45 +0000 (18:16 +0200)]
crypto: aegis128 - duplicate init() and final() hooks in SIMD code

In order to speed up aegis128 processing even more, duplicate the init()
and final() routines as SIMD versions in their entirety. This results
in a 2x speedup on ARM Cortex-A57 for ~1500 byte packets (using AES
instructions).

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128 - avoid function pointers for parameterization
Ard Biesheuvel [Mon, 14 Oct 2019 16:16:44 +0000 (18:16 +0200)]
crypto: aegis128 - avoid function pointers for parameterization

Instead of passing around an ops structure with function pointers,
which forces indirect calls to be used, refactor the code slightly
so we can use ordinary function calls. At the same time, switch to
a static key to decide whether or not the SIMD code path may be used.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: omap - Fix RNG wait loop timeout
Sumit Garg [Mon, 14 Oct 2019 12:02:45 +0000 (17:32 +0530)]
hwrng: omap - Fix RNG wait loop timeout

Existing RNG data read timeout is 200us but it doesn't cover EIP76 RNG
data rate which takes approx. 700us to produce 16 bytes of output data
as per testing results. So configure the timeout as 1000us to also take
account of lack of udelay()'s reliability.

Fixes: 383212425c92 ("hwrng: omap - Add device variant for SafeXcel IP-76 found in Armada 8K")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Made locally used safexcel_pci_remove() static
Pascal van Leeuwen [Thu, 17 Oct 2019 15:49:09 +0000 (17:49 +0200)]
crypto: inside-secure - Made locally used safexcel_pci_remove() static

safexcel_pci_remove() is only used locally in the module and not exported,
so added a static function specifier.
This fixes a sparse issue reported by Ben Dooks.

Fixes: 625f269a5a7a ("crypto: inside-secure - add support for...")
Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Fix build error with CONFIG_CRYPTO_SM3=m
Pascal van Leeuwen [Thu, 17 Oct 2019 15:36:28 +0000 (17:36 +0200)]
crypto: inside-secure - Fix build error with CONFIG_CRYPTO_SM3=m

Always take the zero length hash value for SM3 from the local constant
to avoid a reported build error when SM3 is configured to be a module.

Fixes: 0f2bc13181ce ("crypto: inside-secure - Added support for...")
Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon: Fix misuse of GENMASK macro
Rikard Falkeborn [Tue, 15 Oct 2019 20:13:30 +0000 (22:13 +0200)]
crypto: hisilicon: Fix misuse of GENMASK macro

Arguments are supposed to be ordered high then low.

Fixes: c8b4b477079d ("crypto: hisilicon - add HiSilicon HPRE accelerator")
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: core - Fix use-after-free warning in hwrng_register()
Laurent Vivier [Mon, 14 Oct 2019 11:46:32 +0000 (13:46 +0200)]
hwrng: core - Fix use-after-free warning in hwrng_register()

Commit daae28debcb0 has moved add_early_randomness() out of the
rng_mutex and tries to protect the reference of the new rng device
by incrementing the reference counter.

But in hwrng_register(), the function can be called with a new device
that is not set as the current_rng device and the reference has not been
initialized. This patch fixes the problem by not using the reference
counter when the device is not the current one: the reference counter
is only meaningful in the case of the current rng device and a device
is not used if it is not the current one (except in hwrng_register())

The problem has been reported by Marek Szyprowski on ARM 32bit
Exynos5420-based Chromebook Peach-Pit board:

WARNING: CPU: 3 PID: 1 at lib/refcount.c:156 hwrng_register+0x13c/0x1b4
refcount_t: increment on 0; use-after-free.
Modules linked in:
CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc1-00061-gdaae28debcb0
Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[<c01124c8>] (unwind_backtrace) from [<c010dfb8>] (show_stack+0x10/0x14)
[<c010dfb8>] (show_stack) from [<c0ae86d8>] (dump_stack+0xa8/0xd4)
[<c0ae86d8>] (dump_stack) from [<c0127428>] (__warn+0xf4/0x10c)
[<c0127428>] (__warn) from [<c01274b4>] (warn_slowpath_fmt+0x74/0xb8)
[<c01274b4>] (warn_slowpath_fmt) from [<c054729c>] (hwrng_register+0x13c/0x1b4)
[<c054729c>] (hwrng_register) from [<c0547e54>] (tpm_chip_register+0xc4/0x274)
...

Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Fixes: daae28debcb0 ("hwrng: core - move add_early_randomness() out of rng_mutex")
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: nx - convert AES-CTR to skcipher API
Eric Biggers [Sun, 13 Oct 2019 04:39:18 +0000 (21:39 -0700)]
crypto: nx - convert AES-CTR to skcipher API

Convert the PowerPC Nest (NX) implementation of AES-CTR from the
deprecated "blkcipher" API to the "skcipher" API.  This is needed in
order for the blkcipher API to be removed.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: nx - convert AES-CBC to skcipher API
Eric Biggers [Sun, 13 Oct 2019 04:39:17 +0000 (21:39 -0700)]
crypto: nx - convert AES-CBC to skcipher API

Convert the PowerPC Nest (NX) implementation of AES-CBC from the
deprecated "blkcipher" API to the "skcipher" API.  This is needed in
order for the blkcipher API to be removed.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: nx - convert AES-ECB to skcipher API
Eric Biggers [Sun, 13 Oct 2019 04:39:16 +0000 (21:39 -0700)]
crypto: nx - convert AES-ECB to skcipher API

Convert the PowerPC Nest (NX) implementation of AES-ECB from the
deprecated "blkcipher" API to the "skcipher" API.  This is needed in
order for the blkcipher API to be removed.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: nx - don't abuse blkcipher_desc to pass iv around
Eric Biggers [Sun, 13 Oct 2019 04:39:15 +0000 (21:39 -0700)]
crypto: nx - don't abuse blkcipher_desc to pass iv around

The NX crypto driver is using 'struct blkcipher_desc' to pass the IV
around, even for AEADs (for which it creates the struct on the stack).
This is not appropriate since this structure is part of the "blkcipher"
API, which is deprecated and will be removed.

Just pass around the IV directly instead.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: padlock-aes - convert to skcipher API
Eric Biggers [Sun, 13 Oct 2019 04:17:41 +0000 (21:17 -0700)]
crypto: padlock-aes - convert to skcipher API

Convert the VIA PadLock implementations of AES-ECB and AES-CBC from the
deprecated "blkcipher" API to the "skcipher" API.  This is needed in
order for the blkcipher API to be removed.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390/des - convert to skcipher API
Eric Biggers [Sat, 12 Oct 2019 20:18:09 +0000 (13:18 -0700)]
crypto: s390/des - convert to skcipher API

Convert the glue code for the S390 CPACF implementations of DES-ECB,
DES-CBC, DES-CTR, 3DES-ECB, 3DES-CBC, and 3DES-CTR from the deprecated
"blkcipher" API to the "skcipher" API.  This is needed in order for the
blkcipher API to be removed.

Note: I made CTR use the same function for encryption and decryption,
since CTR encryption and decryption are identical.

Signed-off-by: Eric Biggers <ebiggers@google.com>
reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390/paes - convert to skcipher API
Eric Biggers [Sat, 12 Oct 2019 20:18:08 +0000 (13:18 -0700)]
crypto: s390/paes - convert to skcipher API

Convert the glue code for the S390 CPACF protected key implementations
of AES-ECB, AES-CBC, AES-XTS, and AES-CTR from the deprecated
"blkcipher" API to the "skcipher" API.  This is needed in order for the
blkcipher API to be removed.

Note: I made CTR use the same function for encryption and decryption,
since CTR encryption and decryption are identical.

Signed-off-by: Eric Biggers <ebiggers@google.com>
reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: s390/aes - convert to skcipher API
Eric Biggers [Sat, 12 Oct 2019 20:18:07 +0000 (13:18 -0700)]
crypto: s390/aes - convert to skcipher API

Convert the glue code for the S390 CPACF implementations of AES-ECB,
AES-CBC, AES-XTS, and AES-CTR from the deprecated "blkcipher" API to the
"skcipher" API.  This is needed in order for the blkcipher API to be
removed.

Note: I made CTR use the same function for encryption and decryption,
since CTR encryption and decryption are identical.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sparc/des - convert to skcipher API
Eric Biggers [Sat, 12 Oct 2019 04:38:50 +0000 (21:38 -0700)]
crypto: sparc/des - convert to skcipher API

Convert the glue code for the SPARC64 DES opcodes implementations of
DES-ECB, DES-CBC, 3DES-ECB, and 3DES-CBC from the deprecated "blkcipher"
API to the "skcipher" API.  This is needed in order for the blkcipher
API to be removed.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sparc/camellia - convert to skcipher API
Eric Biggers [Sat, 12 Oct 2019 04:38:49 +0000 (21:38 -0700)]
crypto: sparc/camellia - convert to skcipher API

Convert the glue code for the SPARC64 Camellia opcodes implementations
of Camellia-ECB and Camellia-CBC from the deprecated "blkcipher" API to
the "skcipher" API.  This is needed in order for the blkcipher API to be
removed.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sparc/aes - convert to skcipher API
Eric Biggers [Sat, 12 Oct 2019 04:38:48 +0000 (21:38 -0700)]
crypto: sparc/aes - convert to skcipher API

Convert the glue code for the SPARC64 AES opcodes implementations of
AES-ECB, AES-CBC, and AES-CTR from the deprecated "blkcipher" API to the
"skcipher" API.  This is needed in order for the blkcipher API to be
removed.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: chtls - remove the redundant check in chtls_recvmsg()
Yunfeng Ye [Fri, 11 Oct 2019 12:44:53 +0000 (20:44 +0800)]
crypto: chtls - remove the redundant check in chtls_recvmsg()

A warning message reported by a static analysis tool:
  "
  Either the condition 'if(skb)' is redundant or there is possible null
  pointer dereference: skb.
  "

Remove the unused redundant check.

Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - select NEED_SG_DMA_LENGTH in qm Kconfig
Zhou Wang [Fri, 11 Oct 2019 11:18:10 +0000 (19:18 +0800)]
crypto: hisilicon - select NEED_SG_DMA_LENGTH in qm Kconfig

To avoid compile error in some platforms, select NEED_SG_DMA_LENGTH in
qm Kconfig.

Fixes: dfed0098ab91 ("crypto: hisilicon - add hardware SGL support")
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ux500 - Remove set but not used variable 'cookie'
zhengbin [Fri, 11 Oct 2019 10:08:02 +0000 (18:08 +0800)]
crypto: ux500 - Remove set but not used variable 'cookie'

Fixes gcc '-Wunused-but-set-variable' warning:

drivers/crypto/ux500/hash/hash_core.c: In function hash_set_dma_transfer:
drivers/crypto/ux500/hash/hash_core.c:143:15: warning: variable cookie set but not used [-Wunused-but-set-variable]

It is not used since commit 8a63b1994c50 ("crypto:
ux500 - Add driver for HASH hardware")

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm - use Kconfig based compiler checks for crypto opcodes
Ard Biesheuvel [Fri, 11 Oct 2019 09:08:00 +0000 (11:08 +0200)]
crypto: arm - use Kconfig based compiler checks for crypto opcodes

Instead of allowing the Crypto Extensions algorithms to be selected when
using a toolchain that does not support them, and complain about it at
build time, use the information we have about the compiler to prevent
them from being selected in the first place. Users that are stuck with
a GCC version <4.8 are unlikely to care about these routines anyway, and
it cleans up the Makefile considerably.

While at it, add explicit 'armv8-a' CPU specifiers to the code that uses
the 'crypto-neon-fp-armv8' FPU specifier so we don't regress Clang, which
will complain about this in version 10 and later.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: geode-aes - convert to skcipher API and make thread-safe
Eric Biggers [Fri, 11 Oct 2019 04:51:32 +0000 (21:51 -0700)]
crypto: geode-aes - convert to skcipher API and make thread-safe

The geode AES driver is heavily broken because it stores per-request
state in the transform context.  So it will crash or produce the wrong
result if used by any of the many places in the kernel that issue
concurrent requests for the same transform object.

This driver is also implemented using the deprecated blkcipher API,
which makes it difficult to fix, and puts it among the drivers
preventing that API from being removed.

Convert this driver to use the skcipher API, and change it to not store
per-request state in the transform context.

Fixes: 9fe757b0cfce ("[PATCH] crypto: Add support for the Geode LX AES hardware")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agodt-bindings: hwrng: Add Samsung Exynos 5250+ True RNG bindings
Łukasz Stelmach [Wed, 9 Oct 2019 14:17:32 +0000 (16:17 +0200)]
dt-bindings: hwrng: Add Samsung Exynos 5250+ True RNG bindings

Add binding documentation for the True Random Number Generator
found on Samsung Exynos 5250+ SoCs.

Acked-by: Rob Herring <robh@kernel.org>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Use PTR_ERR_OR_ZERO in safexcel_xcbcmac_cra_init()
YueHaibing [Wed, 9 Oct 2019 12:06:21 +0000 (12:06 +0000)]
crypto: inside-secure - Use PTR_ERR_OR_ZERO in safexcel_xcbcmac_cra_init()

Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Antoine Tenart <antoine.tenart@ack.tf>
Acked-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: jitter - add header to fix buildwarnings
Ben Dooks [Wed, 9 Oct 2019 09:12:56 +0000 (10:12 +0100)]
crypto: jitter - add header to fix buildwarnings

Fix the following build warnings by adding a header for
the definitions shared between jitterentropy.c and
jitterentropy-kcapi.c. Fixes the following:

crypto/jitterentropy.c:445:5: warning: symbol 'jent_read_entropy' was not declared. Should it be static?
crypto/jitterentropy.c:475:18: warning: symbol 'jent_entropy_collector_alloc' was not declared. Should it be static?
crypto/jitterentropy.c:509:6: warning: symbol 'jent_entropy_collector_free' was not declared. Should it be static?
crypto/jitterentropy.c:516:5: warning: symbol 'jent_entropy_init' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:59:6: warning: symbol 'jent_zalloc' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:64:6: warning: symbol 'jent_zfree' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:69:5: warning: symbol 'jent_fips_enabled' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:74:6: warning: symbol 'jent_panic' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:79:6: warning: symbol 'jent_memcpy' was not declared. Should it be static?
crypto/jitterentropy-kcapi.c:93:6: warning: symbol 'jent_get_nstime' was not declared. Should it be static?

Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Reviewed-by: Stephan Mueller <smueller@chronox.de
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - fix spelling mistake "algorithmn" -> "algorithm"
Colin Ian King [Tue, 8 Oct 2019 08:24:28 +0000 (09:24 +0100)]
crypto: inside-secure - fix spelling mistake "algorithmn" -> "algorithm"

There is a spelling mistake in a dev_err message. Fix it. Add in missing
newline.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: geode-aes - switch to skcipher for cbc(aes) fallback
Ard Biesheuvel [Sat, 5 Oct 2019 09:11:10 +0000 (11:11 +0200)]
crypto: geode-aes - switch to skcipher for cbc(aes) fallback

Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated
the generic CBC template wrapper from a blkcipher to a skcipher algo,
to get away from the deprecated blkcipher interface. However, as a side
effect, drivers that instantiate CBC transforms using the blkcipher as
a fallback no longer work, since skciphers can wrap blkciphers but not
the other way around. This broke the geode-aes driver.

So let's fix it by moving to the sync skcipher interface when allocating
the fallback. At the same time, align with the generic API for ECB and
CBC by rejecting inputs that are not a multiple of the AES block size.

Fixes: 79c65d179a40e145 ("crypto: cbc - Convert to skcipher")
Cc: <stable@vger.kernel.org> # v4.20+ ONLY
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Florian Bezdeka <florian@bezdeka.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: user - fix memory leak in crypto_reportstat
Navid Emamdoost [Fri, 4 Oct 2019 19:34:54 +0000 (14:34 -0500)]
crypto: user - fix memory leak in crypto_reportstat

In crypto_reportstat, a new skb is created by nlmsg_new(). This skb is
leaked if crypto_reportstat_alg() fails. Required release for skb is
added.

Fixes: cac5818c25d0 ("crypto: user - Implement a generic crypto statistics")
Cc: <stable@vger.kernel.org>
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: user - fix memory leak in crypto_report
Navid Emamdoost [Fri, 4 Oct 2019 19:29:16 +0000 (14:29 -0500)]
crypto: user - fix memory leak in crypto_report

In crypto_report, a new skb is created via nlmsg_new(). This skb should
be released if crypto_report_alg() fails.

Fixes: a38f7907b926 ("crypto: Add userspace configuration API")
Cc: <stable@vger.kernel.org>
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: af_alg - cast ki_complete ternary op to int
Ayush Sawal [Fri, 4 Oct 2019 17:50:58 +0000 (10:50 -0700)]
crypto: af_alg - cast ki_complete ternary op to int

when libkcapi test is executed  using HW accelerator, cipher operation
return -74.Since af_alg_async_cb->ki_complete treat err as unsigned int,
libkcapi receive 429467222 even though it expect -ve value.

Hence its required to cast resultlen to int so that proper
error is returned to libkcapi.

AEAD one shot non-aligned test 2(libkcapi test)
./../bin/kcapi   -x 10   -c "gcm(aes)" -i 7815d4b06ae50c9c56e87bd7
-k ea38ac0c9b9998c80e28fb496a2b88d9 -a
"853f98a750098bec1aa7497e979e78098155c877879556bb51ddeb6374cbaefc"
-t "c4ce58985b7203094be1d134c1b8ab0b" -q
"b03692f86d1b8b39baf2abb255197c98"

Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Cc: <stable@vger.kernel.org>
Signed-off-by: Ayush Sawal <ayush.sawal@chelsio.com>
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Ayush Sawal <ayush.sawal@chelsio.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: atmel-aes - Fix IV handling when req->nbytes < ivsize
Tudor Ambarus [Fri, 4 Oct 2019 08:55:37 +0000 (08:55 +0000)]
crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize

commit 394a9e044702 ("crypto: cfb - add missing 'chunksize' property")
adds a test vector where the input length is smaller than the IV length
(the second test vector). This revealed a NULL pointer dereference in
the atmel-aes driver, that is caused by passing an incorrect offset in
scatterwalk_map_and_copy() when atmel_aes_complete() is called.

Do not save the IV in req->info of ablkcipher_request (or equivalently
req->iv of skcipher_request) when req->nbytes < ivsize, because the IV
will not be further used.

While touching the code, modify the type of ivsize from int to
unsigned int, to comply with the return type of
crypto_ablkcipher_ivsize().

Fixes: 91308019ecb4 ("crypto: atmel-aes - properly set IV after {en,de}crypt")
Cc: <stable@vger.kernel.org>
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128/simd - build 32-bit ARM for v8 architecture explicitly
Ard Biesheuvel [Wed, 2 Oct 2019 07:54:48 +0000 (09:54 +0200)]
crypto: aegis128/simd - build 32-bit ARM for v8 architecture explicitly

Now that the Clang compiler has taken it upon itself to police the
compiler command line, and reject combinations for arguments it views
as incompatible, the AEGIS128 no longer builds correctly, and errors
out like this:

  clang-10: warning: ignoring extension 'crypto' because the 'armv7-a'
  architecture does not support it [-Winvalid-command-line-argument]

So let's switch to armv8-a instead, which matches the crypto-neon-fp-armv8
FPU profile we specify. Since neither were actually supported by GCC
versions before 4.8, let's tighten the Kconfig dependencies as well so
we won't run into errors when building with an ancient compiler.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Reported-by: <ci_notify@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Remove #ifdef checks
Arnd Bergmann [Mon, 30 Sep 2019 12:14:35 +0000 (14:14 +0200)]
crypto: inside-secure - Remove #ifdef checks

When both PCI and OF are disabled, no drivers are registered, and
we get some unused-function warnings:

drivers/crypto/inside-secure/safexcel.c:1221:13: error: unused function 'safexcel_unregister_algorithms' [-Werror,-Wunused-function]
static void safexcel_unregister_algorithms(struct safexcel_crypto_priv *priv)
drivers/crypto/inside-secure/safexcel.c:1307:12: error: unused function 'safexcel_probe_generic' [-Werror,-Wunused-function]
static int safexcel_probe_generic(void *pdev,
drivers/crypto/inside-secure/safexcel.c:1531:13: error: unused function 'safexcel_hw_reset_rings' [-Werror,-Wunused-function]
static void safexcel_hw_reset_rings(struct safexcel_crypto_priv *priv)

It's better to make the compiler see what is going on and remove
such ifdef checks completely. In case of PCI, this is trivial since
pci_register_driver() is defined to an empty function that makes the
compiler subsequently drop all unused code silently.

The global pcireg_rc/ofreg_rc variables are not actually needed here
since the driver registration does not fail in ways that would make
it helpful.

For CONFIG_OF, an IS_ENABLED() check is still required, since platform
drivers can exist both with and without it.

A little change to linux/pci.h is needed to ensure that
pcim_enable_device() is visible to the driver. Moving the declaration
outside of ifdef would be sufficient here, but for consistency with the
rest of the file, adding an inline helper is probably best.

Fixes: 212ef6f29e5b ("crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Bjorn Helgaas <bhelgaas@google.com> # pci.h
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Fix a maybe-uninitialized warning
Arnd Bergmann [Mon, 30 Sep 2019 12:14:33 +0000 (14:14 +0200)]
crypto: inside-secure - Fix a maybe-uninitialized warning

A previous fixup avoided an unused variable warning but replaced
it with a slightly scarier warning:

drivers/crypto/inside-secure/safexcel.c:1100:6: error: variable 'irq' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]

This is harmless as it is impossible to get into this case, but
the compiler has no way of knowing that. Add an explicit error
handling case to make it obvious to both compilers and humans
reading the source.

Fixes: 212ef6f29e5b ("crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoMAINTAINERS: Add maintainer for HiSilicon HPRE driver
Zaibo Xu [Mon, 30 Sep 2019 09:20:09 +0000 (17:20 +0800)]
MAINTAINERS: Add maintainer for HiSilicon HPRE driver

Here adds maintainer information for high performance RSA
engine (HPRE) driver.

Signed-off-by: Zaibo Xu <xuzaibo@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - Add debugfs for HPRE
Zaibo Xu [Mon, 30 Sep 2019 09:20:08 +0000 (17:20 +0800)]
crypto: hisilicon - Add debugfs for HPRE

HiSilicon HPRE engine driver uses debugfs to provide debug information,
the usage can be found in /Documentation/ABI/testing/debugfs-hisi-hpre.

Signed-off-by: Zaibo Xu <xuzaibo@huawei.com>
Signed-off-by: Hui Tang <tanghui20@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoDocumentation: Add debugfs doc for hisi_hpre
Zaibo Xu [Mon, 30 Sep 2019 09:20:07 +0000 (17:20 +0800)]
Documentation: Add debugfs doc for hisi_hpre

Add debugfs descriptions for HiSilicon HPRE driver.

Signed-off-by: Zaibo Xu <xuzaibo@huawei.com>
Signed-off-by: Hui Tang <tanghui20@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - add SRIOV support for HPRE
Zaibo Xu [Mon, 30 Sep 2019 09:20:06 +0000 (17:20 +0800)]
crypto: hisilicon - add SRIOV support for HPRE

HiSilicon HPRE engine supports PCI SRIOV. This patch enable
this feature. User can enable VFs and pass through them to VM,
same HPRE driver can work in VM to provide RSA and DH algorithms
by crypto akcipher and kpp interfaces.

Signed-off-by: Zaibo Xu <xuzaibo@huawei.com>
Signed-off-by: Hui tang <tanghui20@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - add HiSilicon HPRE accelerator
Zaibo Xu [Mon, 30 Sep 2019 09:20:05 +0000 (17:20 +0800)]
crypto: hisilicon - add HiSilicon HPRE accelerator

The HiSilicon HPRE accelerator implements RSA and DH algorithms. It
uses Hisilicon QM as interface to CPU.

This patch provides PCIe driver to the accelerator and registers its
algorithms to crypto akcipher and kpp interfaces.

Signed-off-by: Zaibo Xu <xuzaibo@huawei.com>
Signed-off-by: Hui Tang <tanghui20@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - misc fix about sgl
Zhou Wang [Mon, 30 Sep 2019 07:08:55 +0000 (15:08 +0800)]
crypto: hisilicon - misc fix about sgl

This patch fixes some misc problems in sgl codes, e.g. missing static,
sparse error and input parameter check.

Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Shukun Tan <tanshukun1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - fix large sgl memory allocation problem when disable smmu
Zhou Wang [Mon, 30 Sep 2019 07:08:54 +0000 (15:08 +0800)]
crypto: hisilicon - fix large sgl memory allocation problem when disable smmu

When disabling SMMU, it may fail to allocate large continuous memory. This
patch fixes this by allocating memory as blocks.

Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Shukun Tan <tanshukun1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - add sgl_sge_nr module param for zip
Shukun Tan [Mon, 30 Sep 2019 07:08:53 +0000 (15:08 +0800)]
crypto: hisilicon - add sgl_sge_nr module param for zip

Add a module parameter for zip driver to set the number of SGE in one SGL.

Signed-off-by: Shukun Tan <tanshukun1@huawei.com>
Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - merge sgl support to hisi_qm module
Zhou Wang [Mon, 30 Sep 2019 07:08:52 +0000 (15:08 +0800)]
crypto: hisilicon - merge sgl support to hisi_qm module

As HW SGL can be seen as a data format of QM's sqe, we merge sgl code into
qm module and rename it as hisi_qm, which reduces the number of module and
make the name less generic.

This patch also modify the interface of SGL:
 - Create/free hisi_acc_sgl_pool inside.
 - Let user to pass the SGE number in one SGL when creating sgl pool, which
   is better than a unified module parameter for sgl module before.
 - Modify zip driver according to sgl interface change.

Signed-off-by: Zhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: Shukun Tan <tanshukun1@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: core - move add_early_randomness() out of rng_mutex
Laurent Vivier [Thu, 12 Sep 2019 13:30:22 +0000 (15:30 +0200)]
hwrng: core - move add_early_randomness() out of rng_mutex

add_early_randomness() is called every time a new rng backend is added
and every time it is set as the current rng provider.

add_early_randomness() is called from functions locking rng_mutex,
and if it hangs all the hw_random framework hangs: we can't read sysfs,
add or remove a backend.

This patch move add_early_randomness() out of the rng_mutex zone.
It only needs the reading_mutex.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: caam - use mapped_{src,dst}_nents for descriptor
Iuliana Prodan [Thu, 26 Sep 2019 12:26:29 +0000 (15:26 +0300)]
crypto: caam - use mapped_{src,dst}_nents for descriptor

The mapped_{src,dst}_nents _returned_ from the dma_map_sg
call (which could be less than src/dst_nents) have to be
used to generate the job descriptors.

Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sun4i-ss - enable pm_runtime
Corentin Labbe [Tue, 24 Sep 2019 08:08:32 +0000 (10:08 +0200)]
crypto: sun4i-ss - enable pm_runtime

This patch enables power management on the Security System.
sun4i-ss now depends on PM because it simplify code and prevent some ifdef.
But this is not a problem since arch maintainer want ARCH_SUNXI to
depend on PM in the future.

Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: sun4i-ss - simplify enable/disable of the device
Corentin Labbe [Tue, 24 Sep 2019 08:08:31 +0000 (10:08 +0200)]
crypto: sun4i-ss - simplify enable/disable of the device

This patch regroups resource enabling/disabling in dedicated function.
This simplify error handling and will permit to support power
management.

Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cavium/nitrox - fix firmware assignment to AE cores
Phani Kiran Hemadri [Fri, 20 Sep 2019 06:35:19 +0000 (06:35 +0000)]
crypto: cavium/nitrox - fix firmware assignment to AE cores

This patch fixes assigning UCD block number of Asymmetric crypto
firmware to AE cores of CNN55XX device.

Fixes: a7268c4d4205 ("crypto: cavium/nitrox - Add support for loading asymmetric crypto firmware")
Signed-off-by: Phani Kiran Hemadri <phemadri@marvell.com>
Reviewed-by: Srikanth Jampala <jsrikanth@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: qce - add CRYPTO_ALG_KERN_DRIVER_ONLY flag
Eneas U de Queiroz [Thu, 19 Sep 2019 21:33:02 +0000 (18:33 -0300)]
crypto: qce - add CRYPTO_ALG_KERN_DRIVER_ONLY flag

Set the CRYPTO_ALG_KERN_DRIVER_ONLY flag to all algorithms exposed by
the qce driver, since they are all hardware accelerated, accessible
through a kernel driver only, and not available directly to userspace.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: chtls - simplify a bit 'create_flowc_wr_skb()'
Christophe JAILLET [Thu, 19 Sep 2019 20:04:28 +0000 (22:04 +0200)]
crypto: chtls - simplify a bit 'create_flowc_wr_skb()'

Use '__skb_put_data()' instead of rewritting it.
This improves readability.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: ccp - Release all allocated memory if sha type is invalid
Navid Emamdoost [Thu, 19 Sep 2019 16:04:48 +0000 (11:04 -0500)]
crypto: ccp - Release all allocated memory if sha type is invalid

Release all allocated memory if sha type is invalid:
In ccp_run_sha_cmd, if the type of sha is invalid, the allocated
hmac_buf should be released.

v2: fix the goto.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: hisilicon - allow compile-testing on x86
Arnd Bergmann [Thu, 19 Sep 2019 14:09:06 +0000 (16:09 +0200)]
crypto: hisilicon - allow compile-testing on x86

To avoid missing arm64 specific warnings that get introduced
in this driver, allow compile-testing on all 64-bit architectures.

The only actual arm64 specific code in this driver is an open-
coded 128 bit MMIO write. On non-arm64 the same can be done
using memcpy_toio. What I also noticed is that the mmio store
(either one) is not endian-safe, this will only work on little-
endian configurations, so I also add a Kconfig dependency on
that, regardless of the architecture.
Finally, a depenndecy on CONFIG_64BIT is needed because of the
writeq().

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for the EIP196
Pascal van Leeuwen [Wed, 18 Sep 2019 10:41:26 +0000 (12:41 +0200)]
crypto: inside-secure - Add support for the EIP196

This patch adds support for the EIP196, which is an EIP197 derivative
that has no classification hardware and a simplified record cache.

The patch has been tested with the eip196b-ie and eip197c-iewxkbc
configurations on the Xilinx VCU118 development board as well as on the
Macchiatobin board (Marvell A8K - EIP197b-ieswx), including the crypto
extra tests.

Note that this patchset applies on top of the earlier submitted
"Add support for eip197f_iewc" series.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cavium/nitrox - Add mailbox message to get mcode info in VF
Nagadheeraj Rottela [Wed, 18 Sep 2019 09:39:34 +0000 (09:39 +0000)]
crypto: cavium/nitrox - Add mailbox message to get mcode info in VF

Add support to get microcode information in VF from PF via mailbox
message.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Reviewed-by: Srikanth Jampala <jsrikanth@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: mediatek - Use devm_platform_ioremap_resource() in mtk_rng_probe()
Markus Elfring [Wed, 18 Sep 2019 07:34:11 +0000 (09:34 +0200)]
hwrng: mediatek - Use devm_platform_ioremap_resource() in mtk_rng_probe()

Simplify this function implementation by using a known wrapper function.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: jitter - fix comments
Alexander E. Patrakov [Wed, 18 Sep 2019 07:28:49 +0000 (12:28 +0500)]
crypto: jitter - fix comments

One should not say "ec can be NULL" and then dereference it.
One cannot talk about the return value if the function returns void.

Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: iproc-rng200 - Use devm_platform_ioremap_resource() in iproc_rng200_probe()
Markus Elfring [Wed, 18 Sep 2019 07:09:22 +0000 (09:09 +0200)]
hwrng: iproc-rng200 - Use devm_platform_ioremap_resource() in iproc_rng200_probe()

Simplify this function implementation by using a known wrapper function.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Reviewed-by: Ray Jui <ray.jui@broadcom.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for HW with less ring AIC's than rings
Pascal van Leeuwen [Wed, 18 Sep 2019 06:42:40 +0000 (08:42 +0200)]
crypto: inside-secure - Add support for HW with less ring AIC's than rings

The current driver assumes one dedicated ring interrupt controller per
ring. However, some existing EIP(1)97 HW has less ring AIC's than rings.
This patch allows the driver to work with such HW by detecting how many
ring AIC's are present and restricting the number of rings it *uses* by
the number of ring AIC's present. This allows it to at least function.
(optimization for the future: add ring dispatch functionality in the
interrupt service routine such that multiple rings can be supported from
one ring AIC, allowing all rings to be used)

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for 256 bit wide internal bus
Pascal van Leeuwen [Wed, 18 Sep 2019 06:42:39 +0000 (08:42 +0200)]
crypto: inside-secure - Add support for 256 bit wide internal bus

This patch adds support for large EIP197's with a 256 bit wide internal
bus, which affects the format of the result descriptor due to internal
alignment requirements.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for the rfc4309(ccm(aes)) AEAD
Pascal van Leeuwen [Tue, 17 Sep 2019 10:08:01 +0000 (12:08 +0200)]
crypto: inside-secure - Added support for the rfc4309(ccm(aes)) AEAD

This patch adds support for rfc4309(ccm(aes)) for use with IPsec ESP

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for the rfc4543(gcm(aes)) "AEAD"
Pascal van Leeuwen [Tue, 17 Sep 2019 10:08:00 +0000 (12:08 +0200)]
crypto: inside-secure - Added support for the rfc4543(gcm(aes)) "AEAD"

This patch adds support for rfc4543(gcm(aes)) - i.e. AES-GMAC - for use
with IPsec ESP

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for the rfc4106(gcm(aes)) AEAD
Pascal van Leeuwen [Tue, 17 Sep 2019 10:07:59 +0000 (12:07 +0200)]
crypto: inside-secure - Added support for the rfc4106(gcm(aes)) AEAD

This patch adds support for rfc4106(gcm(aes)) for use with IPsec ESP

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Fixed corner case TRC admin RAM probing issue
Pascal van Leeuwen [Tue, 17 Sep 2019 09:55:19 +0000 (11:55 +0200)]
crypto: inside-secure - Fixed corner case TRC admin RAM probing issue

This patch fixed a corner case admin RAM probing issue witnessed on the
Xilinx VCU118 FPGA development board with an EIP197 configuration with
4096 words of admin RAM, of which only 2050 were recognised.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Fix stability issue with Macchiatobin
Pascal van Leeuwen [Tue, 17 Sep 2019 09:55:18 +0000 (11:55 +0200)]
crypto: inside-secure - Fix stability issue with Macchiatobin

This patch corrects an error in the Transform Record Cache initialization
code that was causing intermittent stability problems on the Macchiatobin
board.

Unfortunately, due to HW platform specifics, the problem could not happen
on the main development platform, being the VCU118 Xilinx development
board. And since it was a problem with hash table access, it was very
dependent on the actual physical context record DMA buffers being used,
i.e. with some (bad) luck it could seemingly work quit stable for a while.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cavium/nitrox - Fix cbc ciphers self test failures
Nagadheeraj Rottela [Tue, 17 Sep 2019 06:36:50 +0000 (06:36 +0000)]
crypto: cavium/nitrox - Fix cbc ciphers self test failures

Self test failures are due to wrong output IV. This patch fixes this
issue by copying back output IV into skcipher request.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Reviewed-by: Srikanth Jampala <jsrikanth@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: cavium/nitrox - check assoclen and authsize for gcm(aes) cipher
Nagadheeraj Rottela [Mon, 16 Sep 2019 06:42:06 +0000 (06:42 +0000)]
crypto: cavium/nitrox - check assoclen and authsize for gcm(aes) cipher

Check if device supports assoclen to solve hung task timeout error when
extra tests are enabled. Return -EINVAL if assoclen is not supported.
Check authsize to return -EINVAL if authentication tag size is invalid.
Change blocksize to 1 to match with generic implementation.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Reported-by: Mallesham Jatharakonda <mallesham.jatharakonda@oneconvergence.com>
Suggested-by: Mallesham Jatharakonda <mallesham.jatharakonda@oneconvergence.com>
Reviewed-by: Srikanth Jampala <jsrikanth@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: omap3-rom - Use devm hwrng and runtime PM
Tony Lindgren [Sat, 14 Sep 2019 21:03:00 +0000 (14:03 -0700)]
hwrng: omap3-rom - Use devm hwrng and runtime PM

This allows us to simplify things more for probe and exit.

Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Adam Ford <aford173@gmail.com>
Cc: Pali Rohár <pali.rohar@gmail.com>
Cc: Sebastian Reichel <sre@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Suggested-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: omap3-rom - Use runtime PM instead of custom functions
Tony Lindgren [Sat, 14 Sep 2019 21:02:59 +0000 (14:02 -0700)]
hwrng: omap3-rom - Use runtime PM instead of custom functions

Nowadays we have runtime PM, and we can use it with autosuspend_timeout
to idle things automatically. This allows us to get rid of the custom
PM implementation.

We enable clocks and init RNG in runtime_resume, and reset RNG and
disable clocks in runtime_suspend. And then omap3_rom_rng_read()
becomes very simple and we don't need the old functions for
omap3_rom_rng_idle() and omap3_rom_rng_get_random(). We can now also
get rid of pr_fmt as we're using dev_err instead.

Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Adam Ford <aford173@gmail.com>
Cc: Pali Rohár <pali.rohar@gmail.com>
Cc: Sebastian Reichel <sre@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: omap3-rom - Update to use standard driver data
Tony Lindgren [Sat, 14 Sep 2019 21:02:58 +0000 (14:02 -0700)]
hwrng: omap3-rom - Update to use standard driver data

Let's update omap3-rom-rng to use standard driver data to make it easier
to add runtime PM support in the following patch. Just use it for the
rng ops and clock for now. Let's still keep also old rng_clk still around,
we will remove delayed work and rng_clk with runtime PM in the next patch.

Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Adam Ford <aford173@gmail.com>
Cc: Pali Rohár <pali.rohar@gmail.com>
Cc: Sebastian Reichel <sre@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: omap3-rom - Initialize default quality to get data
Tony Lindgren [Sat, 14 Sep 2019 21:02:57 +0000 (14:02 -0700)]
hwrng: omap3-rom - Initialize default quality to get data

Similar to commit 62f95ae805fa ("hwrng: omap - Set default quality")
we need to initialize the default quality for the RNG to be used.

The symptoms of this problem is that doing hd /dev/random does not
produce much data at all.

Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Adam Ford <aford173@gmail.com>
Cc: Pali Rohár <pali.rohar@gmail.com>
Cc: Sebastian Reichel <sre@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
Tony Lindgren [Sat, 14 Sep 2019 21:02:56 +0000 (14:02 -0700)]
hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled

When unloading omap3-rom-rng, we'll get the following:

WARNING: CPU: 0 PID: 100 at drivers/clk/clk.c:948 clk_core_disable

This is because the clock may be already disabled by omap3_rom_rng_idle().
Let's fix the issue by checking for rng_idle on exit.

Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Adam Ford <aford173@gmail.com>
Cc: Pali Rohár <pali.rohar@gmail.com>
Cc: Sebastian Reichel <sre@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Fixes: 1c6b7c2108bd ("hwrng: OMAP3 ROM Random Number Generator support")
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: omap3-rom - Fix missing clock by probing with device tree
Tony Lindgren [Sat, 14 Sep 2019 21:02:55 +0000 (14:02 -0700)]
hwrng: omap3-rom - Fix missing clock by probing with device tree

Commit 0ed266d7ae5e ("clk: ti: omap3: cleanup unnecessary clock aliases")
removed old omap3 clock framework aliases but caused omap3-rom-rng to
stop working with clock not found error.

Based on discussions on the mailing list it was requested by Tero Kristo
that it would be best to fix this issue by probing omap3-rom-rng using
device tree to provide a proper clk property. The other option would be
to add back the missing clock alias, but that does not help moving things
forward with removing old legacy platform_data.

Let's also add a proper device tree binding and keep it together with
the fix.

Cc: devicetree@vger.kernel.org
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Adam Ford <aford173@gmail.com>
Cc: Pali Rohár <pali.rohar@gmail.com>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: Sebastian Reichel <sre@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Fixes: 0ed266d7ae5e ("clk: ti: omap3: cleanup unnecessary clock aliases")
Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agoARM: OMAP2+: Check omap3-rom-rng for GP device instead of HS device
Tony Lindgren [Sat, 14 Sep 2019 21:02:54 +0000 (14:02 -0700)]
ARM: OMAP2+: Check omap3-rom-rng for GP device instead of HS device

In general we should check for GP device instead of HS device unless
the other options such as EMU are also checked. Otherwise omap3-rom-rng
won't probe on few of the old n900 macro boards still in service in
automated build and boot test systems.

Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Adam Ford <aford173@gmail.com>
Cc: Pali Rohár <pali.rohar@gmail.com>
Cc: Sebastian Reichel <sre@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for authenc HMAC-SHA2/DES-CBC
Pascal van Leeuwen [Fri, 13 Sep 2019 20:04:46 +0000 (22:04 +0200)]
crypto: inside-secure - Added support for authenc HMAC-SHA2/DES-CBC

This patch adds support for the authenc(hmac(sha224),cbc(des)),
authenc(hmac(sha256),cbc(des)), authenc(hmac(sha384),cbc(des))
and authenc(hmac(sha512),cbc(des)) aead's

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for authenc HMAC-SHA2/3DES-CBC
Pascal van Leeuwen [Fri, 13 Sep 2019 20:04:45 +0000 (22:04 +0200)]
crypto: inside-secure - Added support for authenc HMAC-SHA2/3DES-CBC

This patch adds support for the authenc(hmac(sha224),cbc(des3_ede)),
authenc(hmac(sha256),cbc(des3_ede)), authenc(hmac(sha384),cbc(des3_ede))
and authenc(hmac(sha512),cbc(des3_ede)) aead's

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC
Pascal van Leeuwen [Fri, 13 Sep 2019 20:04:44 +0000 (22:04 +0200)]
crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC

This patch adds support for the authenc(hmac(sha1),cbc(des)) aead

changes since v1:
- rebased on top of DES changes made to cryptodev/master

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add CRYPTO_SHA3 to CRYPTO_DEV_SAFEXCEL
Pascal van Leeuwen [Fri, 13 Sep 2019 18:56:49 +0000 (20:56 +0200)]
crypto: inside-secure - Add CRYPTO_SHA3 to CRYPTO_DEV_SAFEXCEL

Due to the addition of SHA3 and HMAC-SHA3 support to the inside-secure
driver, it now depends on CRYPTO_SHA3. Added reference.

changes since v1:
- added missing dependency to crypto/Kconfig

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add HMAC-SHA3 family of authentication algorithms
Pascal van Leeuwen [Fri, 13 Sep 2019 18:56:48 +0000 (20:56 +0200)]
crypto: inside-secure - Add HMAC-SHA3 family of authentication algorithms

This patch adds support for hmac(sha3-224), hmac(sha3-256), hmac(sha3-384)
and hmac(sha3-512) authentication algorithms.

The patch has been tested with the eip197c_iewxkbc configuration on the
Xilinx VCU118 development board, including the testmgr extra tests.

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add SHA3 family of basic hash algorithms
Pascal van Leeuwen [Fri, 13 Sep 2019 18:56:47 +0000 (20:56 +0200)]
crypto: inside-secure - Add SHA3 family of basic hash algorithms

This patch adds support for sha3-224, sha3-256, sha3-384 and sha3-512
basic hashes.

The patch has been tested with the eip197c_iewxkbc configuration on the
Xilinx VCU118 development board, including the testmgr extra tests.

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add SM4 based authenc AEAD ciphersuites
Pascal van Leeuwen [Fri, 13 Sep 2019 18:44:50 +0000 (20:44 +0200)]
crypto: inside-secure - Add SM4 based authenc AEAD ciphersuites

This patch adds support for the authenc(hmac(sha1),cbc(sm4)),
authenc(hmac(sm3),cbc(sm4)), authenc(hmac(sha1),rfc3686(ctr(sm4))),
and authenc(hmac(sm3),rfc3686(ctr(sm4))) aead ciphersuites.
These are necessary to support IPsec according to the Chinese standard
GM/T 022-1014 - IPsec VPN specification.

Note that there are no testvectors present in testmgr for these
ciphersuites. However, considering all building blocks have already been
verified elsewhere, it is fair to assume the generic implementation to be
correct-by-construction.
The hardware implementation has been fuzzed against this generic
implementation by means of a locally modified testmgr. The intention is
to upstream these testmgr changes but this is pending other testmgr changes
being made by Eric Biggers.

The patch has been tested with the eip197c_iewxkbc configuration on the
Xilinx VCU118 development board, using the abovementioned modified testmgr

This patch applies on top of "Add support for SM4 ciphers" and needs to
be applied before "Add (HMAC) SHA3 support".

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: aegis128-neon - use Clang compatible cflags for ARM
Ard Biesheuvel [Fri, 13 Sep 2019 18:36:18 +0000 (19:36 +0100)]
crypto: aegis128-neon - use Clang compatible cflags for ARM

The next version of Clang will start policing compiler command line
options, and will reject combinations of -march and -mfpu that it
thinks are incompatible.

This results in errors like

  clang-10: warning: ignoring extension 'crypto' because the 'armv7-a'
  architecture does not support it [-Winvalid-command-line-argument]
  /tmp/aegis128-neon-inner-5ee428.s: Assembler messages:
            /tmp/aegis128-neon-inner-5ee428.s:73: Error: selected
  processor does not support `aese.8 q2,q14' in ARM mode

when buiding the SIMD aegis128 code for 32-bit ARM, given that the
'armv7-a' -march argument is considered to be compatible with the
ARM crypto extensions. Instead, we should use armv8-a, which does
allow the crypto extensions to be enabled.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher
Pascal van Leeuwen [Fri, 13 Sep 2019 09:10:42 +0000 (11:10 +0200)]
crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher

Added testvectors for the rfc3686(ctr(sm4)) skcipher algorithm

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher
Pascal van Leeuwen [Fri, 13 Sep 2019 09:10:41 +0000 (11:10 +0200)]
crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher

This patch adds support for SM4 in (32 bit) CTR mode, i.e. skcipher
rfc3686(ctr(sm4)).

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for the cfb(sm4) skcipher
Pascal van Leeuwen [Fri, 13 Sep 2019 09:10:40 +0000 (11:10 +0200)]
crypto: inside-secure - Add support for the cfb(sm4) skcipher

This patch adds support for SM4 in CFB mode, i.e. skcipher cfb(sm4).

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers
Pascal van Leeuwen [Fri, 13 Sep 2019 09:10:39 +0000 (11:10 +0200)]
crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers

Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for the ofb(sm4) skcipher
Pascal van Leeuwen [Fri, 13 Sep 2019 09:10:38 +0000 (11:10 +0200)]
crypto: inside-secure - Add support for the ofb(sm4) skcipher

This patch adds support for SM4 in OFB mode, i.e. skcipher ofb(sm4).

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for the cbc(sm4) skcipher
Pascal van Leeuwen [Fri, 13 Sep 2019 09:10:37 +0000 (11:10 +0200)]
crypto: inside-secure - Add support for the cbc(sm4) skcipher

This patch adds support for SM4 in CBC mode, i.e. skcipher cbc(sm4).

changes since v1:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for the ecb(sm4) skcipher
Pascal van Leeuwen [Fri, 13 Sep 2019 09:10:36 +0000 (11:10 +0200)]
crypto: inside-secure - Add support for the ecb(sm4) skcipher

This patch adds support for SM4 in ECB mode, i.e. skcipher ecb(sm4).

changes since v1:
- make SAFEXCEL_SM4 case entry explit, using the proper SM4_BLOCK_SIZE
  instead of "borrowing" the AES code which "coincidentally" works

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: testmgr - Added testvectors for the hmac(sm3) ahash
Pascal van Leeuwen [Fri, 13 Sep 2019 15:20:38 +0000 (17:20 +0200)]
crypto: testmgr - Added testvectors for the hmac(sm3) ahash

Added testvectors for the hmac(sm3) ahash authentication algorithm

changes since v1 & v2:
-nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for HMAC-SM3 ahash
Pascal van Leeuwen [Fri, 13 Sep 2019 15:20:37 +0000 (17:20 +0200)]
crypto: inside-secure - Added support for HMAC-SM3 ahash

Added support for the hmac(sm3) ahash authentication algorithm

changes since v1:
- added Acked-by tag below, no changes to the source

changes since v2:
- nothing

Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for basic SM3 ahash
Pascal van Leeuwen [Fri, 13 Sep 2019 15:20:36 +0000 (17:20 +0200)]
crypto: inside-secure - Added support for basic SM3 ahash

Added support for the SM3 ahash algorithm

changes since v1:
- moved definition of CONTEXT_CONTROL_CRYPTO_ALG_SM3 (0x7) up above 0xf

changes since v2:
- allow compilation if CONFIG_CRYPTO_SM3 is not set

Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add CRYPTO_CHACHA20POLY1305 to CRYPTO_DEV_SAFEXCEL
Pascal van Leeuwen [Wed, 18 Sep 2019 21:25:58 +0000 (23:25 +0200)]
crypto: inside-secure - Add CRYPTO_CHACHA20POLY1305 to CRYPTO_DEV_SAFEXCEL

Due to the addition of Chacha20-Poly1305 support to the inside-secure
driver, it now depends on CRYPTO_CHACHA20POLY1305. Added reference.

changes since v1:
- added missing dependency to crypto/Kconfig

changes since v2:
- nothing

changes since v3:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD
Pascal van Leeuwen [Wed, 18 Sep 2019 21:25:57 +0000 (23:25 +0200)]
crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD

This patch adds support for the Chacha20-Poly1305 cipher suite.
It adds both the basic rfc7539(chacha20,poly1305) as well as the
rfc7539esp(chacha20,poly1305) variant for IPsec ESP acceleration.

changes since v1:
- rebased on top of DES library changes done on cryptodev/master
- fixed crypto/Kconfig so that generic fallback is compiled as well

changes since v2:
- nothing

changes since v3:
- Fixed a problem where the tcrypt performance test would run fully on the
  fallback cipher instead of the HW due to using an AAD length of 8 for
  rfc7539esp. While this is not actually legal ESP (which includes SPI and
  sequence number in the AAD as well), it is both inconvenient and not
  necessary to run these vectors on the fallback cipher.
- Due to above, also realised that for plain (non-ESP) rfc7539, you
  probably want to be able to run vectors with less than 8 bytes of AAD
  on the HW, and this is actually possible as long as cryptlen is large
  enough, so made that possible as well.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: inside-secure - Added support for the CHACHA20 skcipher
Pascal van Leeuwen [Wed, 18 Sep 2019 21:25:56 +0000 (23:25 +0200)]
crypto: inside-secure - Added support for the CHACHA20 skcipher

Added support for the CHACHA20 skcipher algorithm.
Tested on an eip197c-iesb configuration in the Xilinx VCU118 devboard,
passes all testmgr vectors plus the extra fuzzing tests.

changes since v1:
- rebased on top of DES library changes done on cryptodev/master
- fixed crypto/Kconfig so that generic fallback is compiled as well

changes since v2:
- made switch entry SAFEXCEL_AES explit and added empty default, as
  requested by Antoine Tenart. Also needed to make SM4 patches apply.

changes since v3:
- nothing

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agohwrng: npcm - add NPCM RNG driver
Tomer Maimon [Thu, 12 Sep 2019 09:01:49 +0000 (12:01 +0300)]
hwrng: npcm - add NPCM RNG driver

Add Nuvoton NPCM BMC Random Number Generator(RNG) driver.

Signed-off-by: Tomer Maimon <tmaimon77@gmail.com>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agodt-binding: hwrng: add NPCM RNG documentation
Tomer Maimon [Thu, 12 Sep 2019 09:01:48 +0000 (12:01 +0300)]
dt-binding: hwrng: add NPCM RNG documentation

Added device tree binding documentation for Nuvoton BMC
NPCM Random Number Generator (RNG).

Signed-off-by: Tomer Maimon <tmaimon77@gmail.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5 years agocrypto: arm64/gcm-ce - implement 4 way interleave
Ard Biesheuvel [Tue, 10 Sep 2019 23:19:00 +0000 (00:19 +0100)]
crypto: arm64/gcm-ce - implement 4 way interleave

To improve performance on cores with deep pipelines such as ThunderX2,
reimplement gcm(aes) using a 4-way interleave rather than the 2-way
interleave we use currently.

This comes down to a complete rewrite of the GCM part of the combined
GCM/GHASH driver, and instead of interleaving two invocations of AES
with the GHASH handling at the instruction level, the new version
uses a more coarse grained approach where each chunk of 64 bytes is
encrypted first and then ghashed (or ghashed and then decrypted in
the converse case).

The core NEON routine is now able to consume inputs of any size,
and tail blocks of less than 64 bytes are handled using overlapping
loads and stores, and processed by the same 4-way encryption and
hashing routines. This gets rid of most of the branches, and avoids
having to return to the C code to handle the tail block using a
stack buffer.

The table below compares the performance of the old driver and the new
one on various micro-architectures and running in various modes.

        |     AES-128      |     AES-192      |     AES-256      |
 #bytes | 512 | 1500 |  4k | 512 | 1500 |  4k | 512 | 1500 |  4k |
 -------+-----+------+-----+-----+------+-----+-----+------+-----+
    TX2 | 35% |  23% | 11% | 34% |  20% |  9% | 38% |  25% | 16% |
   EMAG | 11% |   6% |  3% | 12% |   4% |  2% | 11% |   4% |  2% |
    A72 |  8% |   5% | -4% |  9% |   4% | -5% |  7% |   4% | -5% |
    A53 | 11% |   6% | -1% | 10% |   8% | -1% | 10% |   8% | -2% |

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>