platform/kernel/linux-rpi.git
8 years agocrypto: scatterwalk - Inline start/map/done
Herbert Xu [Tue, 12 Jul 2016 05:18:00 +0000 (13:18 +0800)]
crypto: scatterwalk - Inline start/map/done

This patch inlines the functions scatterwalk_start, scatterwalk_map
and scatterwalk_done as they're all tiny and mostly used by the block
cipher walker.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: scatterwalk - Remove unnecessary BUG in scatterwalk_start
Herbert Xu [Tue, 12 Jul 2016 05:17:59 +0000 (13:17 +0800)]
crypto: scatterwalk - Remove unnecessary BUG in scatterwalk_start

Nothing bad will happen even if sg->length is zero, so there is
no point in keeping this BUG_ON in scatterwalk_start.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: scatterwalk - Remove unnecessary advance in scatterwalk_pagedone
Herbert Xu [Tue, 12 Jul 2016 05:17:58 +0000 (13:17 +0800)]
crypto: scatterwalk - Remove unnecessary advance in scatterwalk_pagedone

The offset advance in scatterwalk_pagedone not only is unnecessary,
but it was also buggy when it was needed by scatterwalk_copychunks.
As the latter has long ago been fixed to call scatterwalk_advance
directly, we can remove this unnecessary offset adjustment.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: scatterwalk - Fix test in scatterwalk_done
Herbert Xu [Tue, 12 Jul 2016 05:17:57 +0000 (13:17 +0800)]
crypto: scatterwalk - Fix test in scatterwalk_done

When there is more data to be processed, the current test in
scatterwalk_done may prevent us from calling pagedone even when
we should.

In particular, if we're on an SG entry spanning multiple pages
where the last page is not a full page, we will incorrectly skip
calling pagedone on the second last page.

This patch fixes this by adding a separate test for whether we've
reached the end of a page.

Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: api - Optimise away crypto_yield when hard preemption is on
Herbert Xu [Tue, 12 Jul 2016 05:17:56 +0000 (13:17 +0800)]
crypto: api - Optimise away crypto_yield when hard preemption is on

When hard preemption is enabled there is no need to explicitly
call crypto_yield.  This patch eliminates it if that is the case.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: scatterwalk - Add no-copy support to copychunks
Herbert Xu [Tue, 12 Jul 2016 05:17:55 +0000 (13:17 +0800)]
crypto: scatterwalk - Add no-copy support to copychunks

The function ablkcipher_done_slow is pretty much identical to
scatterwalk_copychunks except that it doesn't actually copy as
the processing hasn't been completed yet.

This patch allows scatterwalk_copychunks to be used in this case
by specifying out == 2.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: scatterwalk - Remove scatterwalk_bytes_sglen
Herbert Xu [Tue, 12 Jul 2016 05:17:53 +0000 (13:17 +0800)]
crypto: scatterwalk - Remove scatterwalk_bytes_sglen

This patch removes the now unused scatterwalk_bytes_sglen.  Anyone
using this out-of-tree should switch over to sg_nents_for_len.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap - Stop using crypto scatterwalk_bytes_sglen
Herbert Xu [Tue, 12 Jul 2016 05:17:52 +0000 (13:17 +0800)]
crypto: omap - Stop using crypto scatterwalk_bytes_sglen

We already have a generic function sg_nents_for_len which does
the same thing.  This patch switches omap over to it and also
adds error handling in case the SG list is short.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: skcipher - Remove top-level givcipher interface
Herbert Xu [Tue, 12 Jul 2016 05:17:50 +0000 (13:17 +0800)]
crypto: skcipher - Remove top-level givcipher interface

This patch removes the old crypto_grab_skcipher helper and replaces
it with crypto_grab_skcipher2.

As this is the final entry point into givcipher this patch also
removes all traces of the top-level givcipher interface, including
all implicit IV generators such as chainiv.

The bottom-level givcipher interface remains until the drivers
using it are converted.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: user - Remove crypto_lookup_skcipher call
Herbert Xu [Tue, 12 Jul 2016 05:17:49 +0000 (13:17 +0800)]
crypto: user - Remove crypto_lookup_skcipher call

As there are no more kernel users of built-in IV generators we
can remove the special lookup for skciphers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: cts - Convert to skcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:48 +0000 (13:17 +0800)]
crypto: cts - Convert to skcipher

This patch converts cts over to the skcipher interface.  It also
optimises the implementation to use one CBC operation for all but
the last block, which is then processed separately.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: null - Remove default null blkcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:47 +0000 (13:17 +0800)]
crypto: null - Remove default null blkcipher

The default null blkcipher is no longer used and can now be removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: aead - Remove blkcipher null for IV generators
Herbert Xu [Tue, 12 Jul 2016 05:17:46 +0000 (13:17 +0800)]
crypto: aead - Remove blkcipher null for IV generators

The blkcipher null object is no longer used and can now be removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: seqiv - Use skcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:45 +0000 (13:17 +0800)]
crypto: seqiv - Use skcipher

This patch replaces use of the obsolete blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: echainiv - Use skcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:43 +0000 (13:17 +0800)]
crypto: echainiv - Use skcipher

This patch replaces use of the obsolete blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: aead - Add skcipher null for IV generators
Herbert Xu [Tue, 12 Jul 2016 05:17:42 +0000 (13:17 +0800)]
crypto: aead - Add skcipher null for IV generators

This patch adds an skcipher null object alongside the existing
null blkcipher so that IV generators using it can switch over
to skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: chacha20poly1305 - Use skcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:40 +0000 (13:17 +0800)]
crypto: chacha20poly1305 - Use skcipher

This patch converts chacha20poly1305 to use the new skcipher
interface as opposed to ablkcipher.

It also fixes a buglet where we may end up with an async poly1305
when the user asks for a async algorithm.  This shouldn't be a
problem yet as there aren't any async implementations of poly1305
out there.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: gcm - Use skcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:39 +0000 (13:17 +0800)]
crypto: gcm - Use skcipher

This patch converts gcm to use the new skcipher interface as opposed
to ablkcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccm - Use skcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:38 +0000 (13:17 +0800)]
crypto: ccm - Use skcipher

This patch converts ccm to use the new skcipher interface as opposed
to ablkcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ctr - Use skcipher in rfc3686
Herbert Xu [Tue, 12 Jul 2016 05:17:37 +0000 (13:17 +0800)]
crypto: ctr - Use skcipher in rfc3686

This patch converts rfc3686 to use the new skcipher interface as
opposed to ablkcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: authencesn - Use skcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:35 +0000 (13:17 +0800)]
crypto: authencesn - Use skcipher

This patch converts authencesn to use the new skcipher interface as
opposed to ablkcipher.

It also fixes a little bug where if a sync version of authencesn
is requested we may still end up using an async ahash.  This should
have no effect as none of the authencesn users can request for a
sync authencesn.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: authenc - Use skcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:34 +0000 (13:17 +0800)]
crypto: authenc - Use skcipher

This patch converts authenc to use the new skcipher interface as
opposed to ablkcipher.

It also fixes a little bug where if a sync version of authenc
is requested we may still end up using an async ahash.  This should
have no effect as none of the authenc users can request for a
sync authenc.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: aead - Add chunk size
Herbert Xu [Tue, 12 Jul 2016 05:17:33 +0000 (13:17 +0800)]
crypto: aead - Add chunk size

This patch adds a chunk size parameter to aead algorithms, just
like the chunk size for skcipher algorithms.

However, unlike skcipher we do not currently export this to AEAD
users.  It is only meant to be used by AEAD implementors for now.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: null - Add new default null skcipher
Herbert Xu [Tue, 12 Jul 2016 05:17:32 +0000 (13:17 +0800)]
crypto: null - Add new default null skcipher

Current the default null skcipher is actually a crypto_blkcipher.
This patch creates a synchronous crypto_skcipher version of the
null cipher which unfortunately has to settle for the name skcipher2.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: skcipher - Add low-level skcipher interface
Herbert Xu [Tue, 12 Jul 2016 05:17:31 +0000 (13:17 +0800)]
crypto: skcipher - Add low-level skcipher interface

This patch allows skcipher algorithms and instances to be created
and registered with the crypto API.  They are accessible through
the top-level skcipher interface, along with ablkcipher/blkcipher
algorithms and instances.

This patch also introduces a new parameter called chunk size
which is meant for ciphers such as CTR and CTS which ostensibly
can handle arbitrary lengths, but still behave like block ciphers
in that you can only process a partial block at the very end.

For these ciphers the block size will continue to be set to 1
as it is now while the chunk size will be set to the underlying
block size.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha-mb - Cleanup code to use || instead of |
Tim Chen [Fri, 8 Jul 2016 16:28:03 +0000 (09:28 -0700)]
crypto: sha-mb - Cleanup code to use || instead of |

 for condition comparison and cleanup multiline comment style

In sha*_ctx_mgr_submit, we currently use the | operator instead of ||
((ctx->partial_block_buffer_length) | (len < SHA1_BLOCK_SIZE))

Switching it to || and remove extraneous paranthesis to
adhere to coding style.

Also cleanup inconsistent multiline comment style.

Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - Stop dropping leading zeros from RSA output
Salvatore Benedetto [Thu, 7 Jul 2016 14:52:17 +0000 (15:52 +0100)]
crypto: qat - Stop dropping leading zeros from RSA output

There is not need to drop leading zeros from the RSA output
operations results.

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - Add DH support
Salvatore Benedetto [Thu, 7 Jul 2016 14:27:29 +0000 (15:27 +0100)]
crypto: qat - Add DH support

Add DH support under kpp api. Drop struct qat_rsa_request and
introduce a more generic struct qat_asym_request and share it
between RSA and DH requests.

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: doc - Fix double words "the the" in crypto-API.tmpl
Masanari Iida [Thu, 7 Jul 2016 12:58:16 +0000 (21:58 +0900)]
crypto: doc - Fix double words "the the" in crypto-API.tmpl

This patch fix double words "the the" in crypto-API.tmpl.

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - Add RSA CRT mode
Salvatore Benedetto [Mon, 4 Jul 2016 16:21:40 +0000 (17:21 +0100)]
crypto: qat - Add RSA CRT mode

Extend qat driver to use RSA CRT mode when all CRT related components are
present in the private key. Simplify code in qat_rsa_setkey by adding
qat_rsa_clear_ctx.

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: testmgr - Add 4K private key to RSA testvector
Salvatore Benedetto [Mon, 4 Jul 2016 16:21:39 +0000 (17:21 +0100)]
crypto: testmgr - Add 4K private key to RSA testvector

Key generated with openssl. It also contains all fields required
for testing CRT mode

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa - Store rest of the private key components
Salvatore Benedetto [Mon, 4 Jul 2016 16:21:38 +0000 (17:21 +0100)]
crypto: rsa - Store rest of the private key components

When parsing a private key, store all non-optional fields. These
are required for enabling CRT mode for decrypt and verify

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - Use alternative reset methods depending on the specific device
Conor McLoughlin [Mon, 4 Jul 2016 15:26:00 +0000 (16:26 +0100)]
crypto: qat - Use alternative reset methods depending on the specific device

Different product families will use FLR or SBR.
Virtual Function devices have no reset method.

Signed-off-by: Conor McLoughlin <conor.mcloughlin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: bfin_crc - Simplify use of devm_ioremap_resource
Amitoj Kaur Chawla [Mon, 4 Jul 2016 13:00:21 +0000 (18:30 +0530)]
crypto: bfin_crc - Simplify use of devm_ioremap_resource

Remove unneeded error handling on the result of a call to
platform_get_resource when the value is passed to
devm_ioremap_resource.

The Coccinelle semantic patch that makes this change is as follows:

// <smpl>
@@
expression pdev,res,n,e,e1;
expression ret != 0;
identifier l;
@@

- res = platform_get_resource(pdev, IORESOURCE_MEM, n);
  ... when != res
- if (res == NULL) { ... \(goto l;\|return ret;\) }
  ... when != res
+ res = platform_get_resource(pdev, IORESOURCE_MEM, n);
  e = devm_ioremap_resource(e1, res);
// </smpl>

Signed-off-by: Amitoj Kaur Chawla <amitoj1606@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: caam - add support for RSA algorithm
Tudor Ambarus [Mon, 4 Jul 2016 10:12:08 +0000 (13:12 +0300)]
crypto: caam - add support for RSA algorithm

Add RSA support to caam driver.

Initial author is Yashpal Dutta <yashpal.dutta@freescale.com>.

Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: testmgr - Set err before proceeding
Salvatore Benedetto [Mon, 4 Jul 2016 09:52:34 +0000 (10:52 +0100)]
crypto: testmgr - Set err before proceeding

Report correct error in case of failure

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - Switch to new rsa_helper functions
Salvatore Benedetto [Mon, 4 Jul 2016 09:49:28 +0000 (10:49 +0100)]
crypto: qat - Switch to new rsa_helper functions

Drop all asn1 related code and use the new rsa_helper
functions rsa_parse_[pub|priv]_key for parsing the key

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: powerpc - Add POWER8 optimised crc32c
Anton Blanchard [Thu, 30 Jun 2016 22:19:45 +0000 (08:19 +1000)]
crypto: powerpc - Add POWER8 optimised crc32c

Use the vector polynomial multiply-sum instructions in POWER8 to
speed up crc32c.

This is just over 41x faster than the slice-by-8 method that it
replaces. Measurements on a 4.1 GHz POWER8 show it sustaining
52 GiB/sec.

A simple btrfs write performance test:

    dd if=/dev/zero of=/mnt/tmpfile bs=1M count=4096
    sync

is over 3.7x faster.

Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agopowerpc: define FUNC_START/FUNC_END
Anton Blanchard [Thu, 30 Jun 2016 22:19:44 +0000 (08:19 +1000)]
powerpc: define FUNC_START/FUNC_END

gcc provides FUNC_START/FUNC_END macros to help with creating
assembly functions. Mirror these in the kernel so we can more easily
share code between userspace and the kernel. FUNC_END is just a
stub since we don't currently annotate the end of kernel functions.

It might make sense to do a wholesale search and replace, but for
now just create a couple of defines.

Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa-pkcs1pad - Fix regression from leading zeros
Herbert Xu [Sun, 3 Jul 2016 02:46:11 +0000 (10:46 +0800)]
crypto: rsa-pkcs1pad - Fix regression from leading zeros

As the software RSA implementation now produces fixed-length
output, we need to eliminate leading zeros in the calling code
instead.

This patch does just that for pkcs1pad signature verification.

Fixes: 9b45b7bba3d2 ("crypto: rsa - Generate fixed-length output")
Reported-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha3 - Add HMAC-SHA3 test modes and test vectors
raveendra padasalagi [Fri, 1 Jul 2016 05:46:54 +0000 (11:16 +0530)]
crypto: sha3 - Add HMAC-SHA3 test modes and test vectors

This patch adds HMAC-SHA3 test modes in tcrypt module
and related test vectors.

Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-sham - increase cra_proirity to 400
Bin Liu [Thu, 30 Jun 2016 19:04:11 +0000 (14:04 -0500)]
crypto: omap-sham - increase cra_proirity to 400

The arm-neon-sha implementations have cra_priority of 150...300, so
increase omap-sham priority to 400 to ensure it is on top of any
software alg.

Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: tcrypt - Do not bail on EINPROGRESS in multibuffer hash test
Herbert Xu [Thu, 30 Jun 2016 03:00:13 +0000 (11:00 +0800)]
crypto: tcrypt - Do not bail on EINPROGRESS in multibuffer hash test

The multibuffer hash speed test is incorrectly bailing because
of an EINPROGRESS return value.  This patch fixes it by setting
ret to zero if it is equal to -EINPROGRESS.

Reported-by: Megha Dey <megha.dey@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa-pkcs1pad - Avoid copying output when possible
Herbert Xu [Wed, 29 Jun 2016 11:32:28 +0000 (19:32 +0800)]
crypto: rsa-pkcs1pad - Avoid copying output when possible

In the vast majority of cases (2^-32 on 32-bit and 2^-64 on 64-bit)
cases, the result from encryption/signing will require no padding.

This patch makes these two operations write their output directly
to the final destination.  Only in the exceedingly rare cases where
fixup is needed to we copy it out and back to add the leading zeroes.

This patch also makes use of the crypto_akcipher_set_crypt API
instead of writing the akcipher request directly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa-pkcs1pad - Move key size check to setkey
Herbert Xu [Wed, 29 Jun 2016 11:32:27 +0000 (19:32 +0800)]
crypto: rsa-pkcs1pad - Move key size check to setkey

Rather than repeatedly checking the key size on each operation,
we should be checking it once when the key is set.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa-pkcs1pad - Always use GFP_KERNEL
Herbert Xu [Wed, 29 Jun 2016 11:32:26 +0000 (19:32 +0800)]
crypto: rsa-pkcs1pad - Always use GFP_KERNEL

We don't currently support using akcipher in atomic contexts,
so GFP_KERNEL should always be used.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa-pkcs1pad - Remove bogus page splitting
Herbert Xu [Wed, 29 Jun 2016 11:32:24 +0000 (19:32 +0800)]
crypto: rsa-pkcs1pad - Remove bogus page splitting

The helper pkcs1pad_sg_set_buf tries to split a buffer that crosses
a page boundary into two SG entries.  This is unnecessary.  This
patch removes that.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa-pkcs1pad - Require hash to be present
Herbert Xu [Wed, 29 Jun 2016 11:32:23 +0000 (19:32 +0800)]
crypto: rsa-pkcs1pad - Require hash to be present

The only user of rsa-pkcs1pad always uses the hash so there is
no reason to support the case of not having a hash.

This patch also changes the digest info lookup so that it is
only done once during template instantiation rather than on each
operation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: Do not do sg_virt
Herbert Xu [Wed, 29 Jun 2016 11:32:22 +0000 (19:32 +0800)]
lib/mpi: Do not do sg_virt

Currently the mpi SG helpers use sg_virt which is completely
broken.  It happens to work with normal kernel memory but will
fail with anything that is not linearly mapped.

This patch fixes this by using the SG iterator helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa - Generate fixed-length output
Herbert Xu [Wed, 29 Jun 2016 11:32:21 +0000 (19:32 +0800)]
crypto: rsa - Generate fixed-length output

Every implementation of RSA that we have naturally generates
output with leading zeroes.  The one and only user of RSA,
pkcs1pad wants to have those leading zeroes in place, in fact
because they are currently absent it has to write those zeroes
itself.

So we shouldn't be stripping leading zeroes in the first place.
In fact this patch makes rsa-generic produce output with fixed
length so that pkcs1pad does not need to do any extra work.

This patch also changes DH to use the new interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: testmgr - Allow leading zeros in RSA
Herbert Xu [Wed, 29 Jun 2016 11:32:20 +0000 (19:32 +0800)]
crypto: testmgr - Allow leading zeros in RSA

This patch allows RSA implementations to produce output with
leading zeroes.  testmgr will skip leading zeroes when comparing
the output.

This patch also tries to make the RSA test function generic enough
to potentially handle other akcipher algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: tcrypt - Add speed test for cts
Herbert Xu [Wed, 29 Jun 2016 10:04:14 +0000 (18:04 +0800)]
crypto: tcrypt - Add speed test for cts

This patch adds speed tests for cts(cbc(aes)).

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: api - Add crypto_inst_setname
Herbert Xu [Wed, 29 Jun 2016 10:04:13 +0000 (18:04 +0800)]
crypto: api - Add crypto_inst_setname

This patch adds the helper crypto_inst_setname because the current
helper crypto_alloc_instance2 is no longer useful given that we
now look up the algorithm after we allocate the instance object.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s390/aes - Use skcipher for fallback
Herbert Xu [Wed, 29 Jun 2016 10:04:07 +0000 (18:04 +0800)]
crypto: s390/aes - Use skcipher for fallback

This patch replaces use of the obsolete blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sahara - Use skcipher for fallback
Herbert Xu [Wed, 29 Jun 2016 10:04:05 +0000 (18:04 +0800)]
crypto: sahara - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher.

It also removes shash_fallback which is totally unused.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qce - Use skcipher for fallback
Herbert Xu [Wed, 29 Jun 2016 10:04:04 +0000 (18:04 +0800)]
crypto: qce - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: picoxcell - Use skcipher for fallback
Herbert Xu [Wed, 29 Jun 2016 10:04:03 +0000 (18:04 +0800)]
crypto: picoxcell - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: mxs-dcp - Use skcipher for fallback
Herbert Xu [Wed, 29 Jun 2016 10:04:02 +0000 (18:04 +0800)]
crypto: mxs-dcp - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccp - Use skcipher for fallback
Herbert Xu [Wed, 29 Jun 2016 10:04:01 +0000 (18:04 +0800)]
crypto: ccp - Use skcipher for fallback

This patch replaces use of the obsolete ablkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: aesni - Use crypto_cipher to derive rfc4106 subkey
Herbert Xu [Wed, 29 Jun 2016 10:03:59 +0000 (18:03 +0800)]
crypto: aesni - Use crypto_cipher to derive rfc4106 subkey

Currently aesni uses an async ctr(aes) to derive the rfc4106
subkey, which was presumably copied over from the generic rfc4106
code.  Over there it's done that way because we already have a
ctr(aes) spawn.  But it is simply overkill for aesni since we
have to go get a ctr(aes) from scratch anyway.

This patch simplifies the subkey derivation by using a straight
aes cipher instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: tcrypt - Use skcipher
Herbert Xu [Wed, 29 Jun 2016 10:03:50 +0000 (18:03 +0800)]
crypto: tcrypt - Use skcipher

This patch converts tcrypt to use the new skcipher interface as
opposed to ablkcipher/blkcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ahash - Add padding in crypto_ahash_extsize
Herbert Xu [Wed, 29 Jun 2016 10:03:47 +0000 (18:03 +0800)]
crypto: ahash - Add padding in crypto_ahash_extsize

The function crypto_ahash_extsize did not include padding when
computing the tfm context size.  This patch fixes this by using
the generic crypto_alg_extsize helper.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: authenc - Consider ahash ASYNC bit
Herbert Xu [Wed, 29 Jun 2016 10:03:46 +0000 (18:03 +0800)]
crypto: authenc - Consider ahash ASYNC bit

As it is, if you get an async ahash with a sync skcipher you'll
end up with a sync authenc, which is wrong.

This patch fixes it by considering the ASYNC bit from ahash as
well.

It also fixes a little bug where if a sync version of authenc
is requested we may still end up using an async ahash.

Neither of them should have any effect as none of the authenc
users can request for a sync authenc.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: authenc - Remove redundant sg_init_table call.
Harsh Jain [Tue, 28 Jun 2016 18:54:43 +0000 (00:24 +0530)]
crypto: authenc - Remove redundant sg_init_table call.

Remove redundant sg_init_table call. scatterwalk_ffwd doing the same.

Signed-off-by: Harsh Jain <harshjain.prof@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: tcrypt - Fix memory leaks/crashes in multibuffer hash speed test
Herbert Xu [Tue, 28 Jun 2016 12:33:52 +0000 (20:33 +0800)]
crypto: tcrypt - Fix memory leaks/crashes in multibuffer hash speed test

This patch resolves a number of issues with the mb speed test
function:

* The tfm is never freed.
* Memory is allocated even when we're not using mb.
* When an error occurs we don't wait for completion for other requests.
* When an error occurs during allocation we may leak memory.
* The test function ignores plen but still runs for plen != blen.
* The backlog flag is incorrectly used (may crash).

This patch tries to resolve all these issues as well as making
the code consistent with the existing hash speed testing function.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
8 years agocrypto: tcrypt - Use unsigned long for mb ahash cycle counter
Herbert Xu [Tue, 28 Jun 2016 08:41:38 +0000 (16:41 +0800)]
crypto: tcrypt - Use unsigned long for mb ahash cycle counter

For the timescales we are working against there is no need to
go beyond unsigned long.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: tcrypt - Fix mixing printk/pr_err and obvious indentation issues
Krzysztof Kozlowski [Tue, 28 Jun 2016 07:23:06 +0000 (09:23 +0200)]
crypto: tcrypt - Fix mixing printk/pr_err and obvious indentation issues

The recently added test_mb_ahash_speed() has clearly serious coding
style issues. Try to fix some of them:
1. Don't mix pr_err() and printk();
2. Don't wrap strings;
3. Properly align goto statement in if() block;
4. Align wrapped arguments on new line;
5. Don't wrap functions on first argument;

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: tcrypt - Add new mode for sha512_mb
Megha Dey [Mon, 27 Jun 2016 17:20:09 +0000 (10:20 -0700)]
crypto: tcrypt - Add new mode for sha512_mb

Add a new mode to calculate the speed of the sha512_mb algorithm

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha512-mb - Crypto computation (x4 AVX2)
Megha Dey [Mon, 27 Jun 2016 17:20:08 +0000 (10:20 -0700)]
crypto: sha512-mb - Crypto computation (x4 AVX2)

This patch introduces the assembly routines to do SHA512 computation on
buffers belonging to several jobs at once. The assembly routines are
optimized with AVX2 instructions that have 4 data lanes and using AVX2
registers.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha512-mb - Algorithm data structures
Megha Dey [Mon, 27 Jun 2016 17:20:07 +0000 (10:20 -0700)]
crypto: sha512-mb - Algorithm data structures

This patch introduces the data structures and prototypes of functions
needed for computing SHA512 hash using multi-buffer. Included are the
structures of the multi-buffer SHA512 job, job scheduler in C and x86
assembly.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha512-mb - submit/flush routines for AVX2
Megha Dey [Mon, 27 Jun 2016 17:20:06 +0000 (10:20 -0700)]
crypto: sha512-mb - submit/flush routines for AVX2

This patch introduces the routines used to submit and flush buffers
belonging to SHA512 crypto jobs to the SHA512 multibuffer algorithm.
It is implemented mostly in assembly optimized with AVX2 instructions.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha512-mb - Enable SHA512 multibuffer support
Megha Dey [Mon, 27 Jun 2016 17:20:05 +0000 (10:20 -0700)]
crypto: sha512-mb - Enable SHA512 multibuffer support

Add the config CRYPTO_SHA512_MB which will enable the computation
using the SHA512 multi-buffer algorithm.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha512-mb - SHA512 multibuffer job manager and glue code
Megha Dey [Mon, 27 Jun 2016 17:20:04 +0000 (10:20 -0700)]
crypto: sha512-mb - SHA512 multibuffer job manager and glue code

This patch introduces the multi-buffer job manager which is responsible
for submitting scatter-gather buffers from several SHA512 jobs to the
multi-buffer algorithm. It also contains the flush routine that's called
by the crypto daemon to complete the job when no new jobs arrive before
the deadline of maximum latency of a SHA512 crypto job.

The SHA512 multi-buffer crypto algorithm is defined and initialized in this
patch.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ux500 - do not build with -O0
Arnd Bergmann [Mon, 27 Jun 2016 09:17:40 +0000 (11:17 +0200)]
crypto: ux500 - do not build with -O0

The ARM allmodconfig build currently warngs because of the
ux500 crypto driver not working well with the jump label
implementation that we started using for dynamic debug, which
breaks building with 'gcc -O0':

In file included from /git/arm-soc/include/linux/jump_label.h:105:0,
                 from /git/arm-soc/include/linux/dynamic_debug.h:5,
                 from /git/arm-soc/include/linux/printk.h:289,
                 from /git/arm-soc/include/linux/kernel.h:13,
                 from /git/arm-soc/include/linux/clk.h:16,
                 from /git/arm-soc/drivers/crypto/ux500/hash/hash_core.c:16:
/git/arm-soc/arch/arm/include/asm/jump_label.h: In function 'hash_set_dma_transfer':
/git/arm-soc/arch/arm/include/asm/jump_label.h:13:7: error: asm operand 0 probably doesn't match constraints [-Werror]
  asm_volatile_goto("1:\n\t"

Turning off compiler optimizations has never really been supported
here, and it's only used when debugging the driver. I have not found
a good reason for doing this here, other than a misguided attempt
to produce more readable assembly output. Also, the driver is only
used in obsolete hardware that almost certainly nobody will spend
time debugging any more.

This just removes the -O0 flag from the compiler options.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: omap - Fix assumption that runtime_get_sync will always succeed
Nishanth Menon [Fri, 24 Jun 2016 16:50:39 +0000 (11:50 -0500)]
hwrng: omap - Fix assumption that runtime_get_sync will always succeed

pm_runtime_get_sync does return a error value that must be checked for
error conditions, else, due to various reasons, the device maynot be
enabled and the system will crash due to lack of clock to the hardware
module.

Before:
12.562784] [00000000] *pgd=fe193835
12.562792] Internal error: : 1406 [#1] SMP ARM
[...]
12.562864] CPU: 1 PID: 241 Comm: modprobe Not tainted 4.7.0-rc4-next-20160624 #2
12.562867] Hardware name: Generic DRA74X (Flattened Device Tree)
12.562872] task: ed51f140 ti: ed44c000 task.ti: ed44c000
12.562886] PC is at omap4_rng_init+0x20/0x84 [omap_rng]
12.562899] LR is at set_current_rng+0xc0/0x154 [rng_core]
[...]

After the proper checks:
[   94.366705] omap_rng 48090000.rng: _od_fail_runtime_resume: FIXME:
missing hwmod/omap_dev info
[   94.375767] omap_rng 48090000.rng: Failed to runtime_get device -19
[   94.382351] omap_rng 48090000.rng: initialization failed.

Fixes: 665d92fa85b5 ("hwrng: OMAP: convert to use runtime PM")
Cc: Paul Walmsley <paul@pwsan.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoMAINTAINERS: update maintainer for qat
Tadeusz Struk [Fri, 24 Jun 2016 14:01:33 +0000 (07:01 -0700)]
MAINTAINERS: update maintainer for qat

Add Giovanni and Salvatore who will take over the qat maintenance.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha1-mb - rename sha-mb to sha1-mb
Megha Dey [Fri, 24 Jun 2016 01:40:48 +0000 (18:40 -0700)]
crypto: sha1-mb - rename sha-mb to sha1-mb

Until now, there was only support for the SHA1 multibuffer algorithm.
Hence, there was just one sha-mb folder. Now, with the introduction of
the SHA256 multi-buffer algorithm , it is logical to name the existing
folder as sha1-mb.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: tcrypt - Add speed tests for SHA multibuffer algorithms
Megha Dey [Fri, 24 Jun 2016 01:40:47 +0000 (18:40 -0700)]
crypto: tcrypt - Add speed tests for SHA multibuffer algorithms

The existing test suite to calculate the speed of the SHA algorithms
assumes serial (single buffer)) computation of data. With the SHA
multibuffer algorithms, we work on 8 lanes of data in parallel. Hence,
the need to introduce a new test suite to calculate the speed for these
algorithms.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha256-mb - Crypto computation (x8 AVX2)
Megha Dey [Fri, 24 Jun 2016 01:40:46 +0000 (18:40 -0700)]
crypto: sha256-mb - Crypto computation (x8 AVX2)

This patch introduces the assembly routines to do SHA256 computation
on buffers belonging to several jobs at once.  The assembly routines
are optimized with AVX2 instructions that have 8 data lanes and using
AVX2 registers.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha256-mb - Algorithm data structures
Megha Dey [Fri, 24 Jun 2016 01:40:45 +0000 (18:40 -0700)]
crypto: sha256-mb - Algorithm data structures

This patch introduces the data structures and prototypes of
functions needed for computing SHA256 hash using multi-buffer.
Included are the structures of the multi-buffer SHA256 job,
job scheduler in C and x86 assembly.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha256-mb - submit/flush routines for AVX2
Megha Dey [Fri, 24 Jun 2016 01:40:44 +0000 (18:40 -0700)]
crypto: sha256-mb - submit/flush routines for AVX2

This patch introduces the routines used to submit and flush buffers
belonging to SHA256 crypto jobs to the SHA256 multibuffer algorithm. It
is implemented mostly in assembly optimized with AVX2 instructions.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha256-mb - Enable multibuffer support
Megha Dey [Fri, 24 Jun 2016 01:40:43 +0000 (18:40 -0700)]
crypto: sha256-mb - Enable multibuffer support

Add the config CRYPTO_SHA256_MB which will enable the computation using the
SHA256 multi-buffer algorithm.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha256-mb - SHA256 multibuffer job manager and glue code
Megha Dey [Fri, 24 Jun 2016 01:40:42 +0000 (18:40 -0700)]
crypto: sha256-mb - SHA256 multibuffer job manager and glue code

This patch introduces the multi-buffer job manager which is responsible for
submitting scatter-gather buffers from several SHA256 jobs to the
multi-buffer algorithm. It also contains the flush routine to that's
called by the crypto daemon to complete the job when no new jobs arrive
before the deadline of maximum latency of a SHA256 crypto job.

The SHA256 multi-buffer crypto algorithm is defined and initialized in
this patch.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoDocumentation: devicetree: bindings: Add BCM5301x binding
Florian Fainelli [Thu, 23 Jun 2016 00:27:01 +0000 (17:27 -0700)]
Documentation: devicetree: bindings: Add BCM5301x binding

Document the binding used by the Broadcom BCM5301x (Northstar) SoC
random number generator.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ecdh - make ecdh_shared_secret unique
Stephen Rothwell [Fri, 24 Jun 2016 06:20:22 +0000 (16:20 +1000)]
crypto: ecdh - make ecdh_shared_secret unique

There is another ecdh_shared_secret in net/bluetooth/ecc.c

Fixes: 3c4b23901a0c ("crypto: ecdh - Add ECDH software support")
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: bcm2835 - Add support for Broadcom BCM5301x
Florian Fainelli [Thu, 23 Jun 2016 00:27:02 +0000 (17:27 -0700)]
hwrng: bcm2835 - Add support for Broadcom BCM5301x

The Broadcom BCM5301x SoCs (Northstar) utilize the same random number
generator peripheral as Northstar Plus and BCM2835, but just like the
NSP SoC, we need to enable the interrupt.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: jitterentropy - use ktime_get_ns as fallback
Stephan Mueller [Wed, 22 Jun 2016 17:26:06 +0000 (19:26 +0200)]
crypto: jitterentropy - use ktime_get_ns as fallback

As part of the Y2038 development, __getnstimeofday is not supposed to be
used any more. It is now replaced with ktime_get_ns. The Jitter RNG uses
the time stamp to measure the execution time of a given code path and
tries to detect variations in the execution time. Therefore, the only
requirement the Jitter RNG has, is a sufficient high resolution to
detect these variations.

The change was tested on x86 to show an identical behavior as RDTSC. The
used test code simply measures the execution time of the heart of the
RNG:

        jent_get_nstime(&time);
        jent_memaccess(ec, min);
        jent_fold_time(NULL, time, &folded, min);
        jent_get_nstime(&time2);
        return ((time2 - time));

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoKEYS: Use skcipher for big keys
Herbert Xu [Wed, 22 Jun 2016 14:13:53 +0000 (22:13 +0800)]
KEYS: Use skcipher for big keys

This patch replaces use of the obsolete blkcipher with skcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David Howells <dhowells@redhat.com>
8 years agocrypto: omap-sham - set sw fallback to 240 bytes
Bin Liu [Wed, 22 Jun 2016 13:23:37 +0000 (16:23 +0300)]
crypto: omap-sham - set sw fallback to 240 bytes

Adds software fallback support for small crypto requests. In these cases,
it is undesirable to use DMA, as setting it up itself is rather heavy
operation. Gives about 40% extra performance in ipsec usecase.

Signed-off-by: Bin Liu <b-liu@ti.com>
[t-kristo@ti.com: dropped the extra traces, updated some comments
 on the code]
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap - do not call dmaengine_terminate_all
Lokesh Vutla [Wed, 22 Jun 2016 13:23:36 +0000 (16:23 +0300)]
crypto: omap - do not call dmaengine_terminate_all

The extra call to dmaengine_terminate_all is not needed, as the DMA
is not running at this point. This improves performance slightly.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-sham - change queue size from 1 to 10
Tero Kristo [Wed, 22 Jun 2016 13:23:35 +0000 (16:23 +0300)]
crypto: omap-sham - change queue size from 1 to 10

Change crypto queue size from 1 to 10 for omap SHA driver. This should
allow clients to enqueue requests more effectively to avoid serializing
whole crypto sequences, giving extra performance.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-sham - use runtime_pm autosuspend for clock handling
Tero Kristo [Wed, 22 Jun 2016 13:23:34 +0000 (16:23 +0300)]
crypto: omap-sham - use runtime_pm autosuspend for clock handling

Calling runtime PM API for every block causes serious performance hit to
crypto operations that are done on a long buffer. As crypto is performed
on a page boundary, encrypting large buffers can cause a series of crypto
operations divided by page. The runtime PM API is also called those many
times.

Convert the driver to use runtime_pm autosuspend instead, with a default
timeout value of 1 second. This results in upto ~50% speedup.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ecdh - Add ECDH software support
Salvatore Benedetto [Wed, 22 Jun 2016 16:49:15 +0000 (17:49 +0100)]
crypto: ecdh - Add ECDH software support

* Implement ECDH under kpp API
 * Provide ECC software support for curve P-192 and
   P-256.
 * Add kpp test for ECDH with data generated by OpenSSL

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: dh - Add DH software implementation
Salvatore Benedetto [Wed, 22 Jun 2016 16:49:14 +0000 (17:49 +0100)]
crypto: dh - Add DH software implementation

* Implement MPI based Diffie-Hellman under kpp API
 * Test provided uses data generad by OpenSSL

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: kpp - Key-agreement Protocol Primitives API (KPP)
Salvatore Benedetto [Wed, 22 Jun 2016 16:49:13 +0000 (17:49 +0100)]
crypto: kpp - Key-agreement Protocol Primitives API (KPP)

Add key-agreement protocol primitives (kpp) API which allows to
implement primitives required by protocols such as DH and ECDH.
The API is composed mainly by the following functions
 * set_secret() - It allows the user to set his secret, also
   referred to as his private key, along with the parameters
   known to both parties involved in the key-agreement session.
 * generate_public_key() - It generates the public key to be sent to
   the other counterpart involved in the key-agreement session. The
   function has to be called after set_params() and set_secret()
 * generate_secret() - It generates the shared secret for the session

Other functions such as init() and exit() are provided for allowing
cryptographic hardware to be inizialized properly before use

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha1-mb - async implementation for sha1-mb
Megha Dey [Wed, 22 Jun 2016 01:21:46 +0000 (18:21 -0700)]
crypto: sha1-mb - async implementation for sha1-mb

Herbert wants the sha1-mb algorithm to have an async implementation:
https://lkml.org/lkml/2016/4/5/286.
Currently, sha1-mb uses an async interface for the outer algorithm
and a sync interface for the inner algorithm. This patch introduces
a async interface for even the inner algorithm.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ghash-ce - Fix cryptd reordering
Herbert Xu [Tue, 21 Jun 2016 08:55:17 +0000 (16:55 +0800)]
crypto: ghash-ce - Fix cryptd reordering

This patch fixes an old bug where requests can be reordered because
some are processed by cryptd while others are processed directly
in softirq context.

The fix is to always postpone to cryptd if there are currently
requests outstanding from the same tfm.

This patch also removes the redundant use of cryptd in the async
init function as init never touches the FPU.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ghash-clmulni - Fix cryptd reordering
Herbert Xu [Tue, 21 Jun 2016 08:55:16 +0000 (16:55 +0800)]
crypto: ghash-clmulni - Fix cryptd reordering

This patch fixes an old bug where requests can be reordered because
some are processed by cryptd while others are processed directly
in softirq context.

The fix is to always postpone to cryptd if there are currently
requests outstanding from the same tfm.

This patch also removes the redundant use of cryptd in the async
init function as init never touches the FPU.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ablk_helper - Fix cryptd reordering
Herbert Xu [Tue, 21 Jun 2016 08:55:15 +0000 (16:55 +0800)]
crypto: ablk_helper - Fix cryptd reordering

This patch fixes an old bug where requests can be reordered because
some are processed by cryptd while others are processed directly
in softirq context.

The fix is to always postpone to cryptd if there are currently
requests outstanding from the same tfm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: aesni - Fix cryptd reordering problem on gcm
Herbert Xu [Tue, 21 Jun 2016 08:55:14 +0000 (16:55 +0800)]
crypto: aesni - Fix cryptd reordering problem on gcm

This patch fixes an old bug where gcm requests can be reordered
because some are processed by cryptd while others are processed
directly in softirq context.

The fix is to always postpone to cryptd if there are currently
requests outstanding from the same tfm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>