platform/kernel/linux-rpi.git
2 years agolib/mpi: Add the return value check of kcalloc()
Zizhuang Deng [Thu, 30 Dec 2021 07:03:31 +0000 (15:03 +0800)]
lib/mpi: Add the return value check of kcalloc()

Add the return value check of kcalloc() to avoid potential
NULL ptr dereference.

Fixes: a8ea8bdd9df9 ("lib/mpi: Extend the MPI library")
Signed-off-by: Zizhuang Deng <sunsetdzz@gmail.com>
Reviewed-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - fix definition of ring reset results
Giovanni Cabiddu [Fri, 24 Dec 2021 11:05:32 +0000 (11:05 +0000)]
crypto: qat - fix definition of ring reset results

The ring reset result values are defined starting from 0x1 instead of 0.
This causes out-of-tree drivers that support this message to understand
that a ring reset failed even if the operation was successful.

Fix by starting the definition of ring reset result values from 0.

Fixes: 0bba03ce9739 ("crypto: qat - add PFVF support to enable the reset of ring pairs")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reported-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon - cleanup warning in qm_get_qos_value()
Tom Rix [Wed, 22 Dec 2021 17:29:23 +0000 (09:29 -0800)]
crypto: hisilicon - cleanup warning in qm_get_qos_value()

Building with clang static analysis returns this warning:

qm.c:4382:11: warning: The left operand of '==' is a garbage value
        if (*val == 0 || *val > QM_QOS_MAX_VAL || ret) {
            ~~~~ ^

The call to qm_qos_value_init() can return an error without setting
*val.  So check ret before checking *val.

Fixes: 72b010dc33b9 ("crypto: hisilicon/qm - supports writing QoS int the host")
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: kdf - select SHA-256 required for self-test
Stephan Müller [Tue, 21 Dec 2021 19:31:42 +0000 (20:31 +0100)]
crypto: kdf - select SHA-256 required for self-test

The self test of the KDF is based on SHA-256. Thus, this algorithm must
be present as otherwise a warning is issued.

Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: x86/aesni - don't require alignment of data
Jakub Kicinski [Tue, 21 Dec 2021 15:06:11 +0000 (07:06 -0800)]
crypto: x86/aesni - don't require alignment of data

x86 AES-NI routines can deal with unaligned data. Crypto context
(key, iv etc.) have to be aligned but we take care of that separately
by copying it onto the stack. We were feeding unaligned data into
crypto routines up until commit 83c83e658863 ("crypto: aesni -
refactor scatterlist processing") switched to use the full
skcipher API which uses cra_alignmask to decide data alignment.

This fixes 21% performance regression in kTLS.

Tested by booting with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
(and running thru various kTLS packets).

CC: stable@vger.kernel.org # 5.15+
Fixes: 83c83e658863 ("crypto: aesni - refactor scatterlist processing")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - remove unneeded semicolon
Yang Li [Tue, 21 Dec 2021 00:38:28 +0000 (08:38 +0800)]
crypto: ccp - remove unneeded semicolon

Eliminate the following coccicheck warning:
./drivers/crypto/ccp/sev-dev.c:263:2-3: Unneeded semicolon

Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Yang Li <yang.lee@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/crc32 - Fix kernel BUG triggered in probe()
Marek Vasut [Mon, 20 Dec 2021 19:50:22 +0000 (20:50 +0100)]
crypto: stm32/crc32 - Fix kernel BUG triggered in probe()

The include/linux/crypto.h struct crypto_alg field cra_driver_name description
states "Unique name of the transformation provider. " ... " this contains the
name of the chip or provider and the name of the transformation algorithm."

In case of the stm32-crc driver, field cra_driver_name is identical for all
registered transformation providers and set to the name of the driver itself,
which is incorrect. This patch fixes it by assigning a unique cra_driver_name
to each registered transformation provider.

The kernel crash is triggered when the driver calls crypto_register_shashes()
which calls crypto_register_shash(), which calls crypto_register_alg(), which
calls __crypto_register_alg(), which returns -EEXIST, which is propagated
back through this call chain. Upon -EEXIST from crypto_register_shash(), the
crypto_register_shashes() starts unregistering the providers back, and calls
crypto_unregister_shash(), which calls crypto_unregister_alg(), and this is
where the BUG() triggers due to incorrect cra_refcnt.

Fixes: b51dbe90912a ("crypto: stm32 - Support for STM32 CRC32 crypto module")
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: <stable@vger.kernel.org> # 4.12+
Cc: Alexandre Torgue <alexandre.torgue@foss.st.com>
Cc: Fabien Dessenne <fabien.dessenne@st.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lionel Debieve <lionel.debieve@st.com>
Cc: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-stm32@st-md-mailman.stormreply.com
To: linux-crypto@vger.kernel.org
Acked-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: s390/sha512 - Use macros instead of direct IV numbers
Tianjia Zhang [Mon, 20 Dec 2021 09:23:18 +0000 (17:23 +0800)]
crypto: s390/sha512 - Use macros instead of direct IV numbers

In the init functions of sha512 and sha384, the initial hash value
use macros instead of numbers.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: sparc/sha - remove duplicate hash init function
Tianjia Zhang [Mon, 20 Dec 2021 09:23:17 +0000 (17:23 +0800)]
crypto: sparc/sha - remove duplicate hash init function

sha*_base_init() series functions has implemented the initialization
of the hash context, this commit use sha*_base_init() function to
replace repeated implementations.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: powerpc/sha - remove duplicate hash init function
Tianjia Zhang [Mon, 20 Dec 2021 09:23:16 +0000 (17:23 +0800)]
crypto: powerpc/sha - remove duplicate hash init function

sha*_base_init() series functions has implemented the initialization
of the hash context, this commit use sha*_base_init() function to
replace repeated implementations.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: mips/sha - remove duplicate hash init function
Tianjia Zhang [Mon, 20 Dec 2021 09:23:15 +0000 (17:23 +0800)]
crypto: mips/sha - remove duplicate hash init function

sha*_base_init() series functions has implemented the initialization
of the hash context, this commit use sha*_base_init() function to
replace repeated implementations.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: sha256 - remove duplicate generic hash init function
Tianjia Zhang [Mon, 20 Dec 2021 09:23:14 +0000 (17:23 +0800)]
crypto: sha256 - remove duplicate generic hash init function

crypto_sha256_init() and sha256_base_init() are the same repeated
implementations, remove the crypto_sha256_init() in generic
implementation, sha224 is the same process.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: jitter - add oversampling of noise source
Stephan Müller [Mon, 20 Dec 2021 06:21:53 +0000 (07:21 +0100)]
crypto: jitter - add oversampling of noise source

The output n bits can receive more than n bits of min entropy, of course,
but the fixed output of the conditioning function can only asymptotically
approach the output size bits of min entropy, not attain that bound.
Random maps will tend to have output collisions, which reduces the
creditable output entropy (that is what SP 800-90B Section 3.1.5.1.2
attempts to bound).

The value "64" is justified in Appendix A.4 of the current 90C draft,
and aligns with NIST's in "epsilon" definition in this document, which is
that a string can be considered "full entropy" if you can bound the min
entropy in each bit of output to at least 1-epsilon, where epsilon is
required to be <= 2^(-32).

Note, this patch causes the Jitter RNG to cut its performance in half in
FIPS mode because the conditioning function of the LFSR produces 64 bits
of entropy in one block. The oversampling requires that additionally 64
bits of entropy are sampled from the noise source. If the conditioner is
changed, such as using SHA-256, the impact of the oversampling is only
one fourth, because for the 256 bit block of the conditioner, only 64
additional bits from the noise source must be sampled.

This patch is derived from the user space jitterentropy-library.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Reviewed-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoMAINTAINERS: update SEC2 driver maintainers list
Kai Ye [Mon, 20 Dec 2021 02:14:18 +0000 (10:14 +0800)]
MAINTAINERS: update SEC2 driver maintainers list

Adding Kai Ye as SEC2 maintainer.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Zaibo Xu <xuzaibo@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ux500 - Use platform_get_irq() to get the interrupt
Lad Prabhakar [Sat, 18 Dec 2021 15:06:25 +0000 (15:06 +0000)]
crypto: ux500 - Use platform_get_irq() to get the interrupt

platform_get_resource(pdev, IORESOURCE_IRQ, ..) relies on static
allocation of IRQ resources in DT core code, this causes an issue
when using hierarchical interrupt domains using "interrupts" property
in the node as this bypasses the hierarchical setup and messes up the
irq chaining.

In preparation for removal of static setup of IRQ resource from DT core
code use platform_get_irq() so that interrupt mapping is created on demand.

While at it also store the IRQ number in struct cryp_device_data so that
we don't have to call platform_get_irq() frequently.

Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - disable qm clock-gating
Weili Qian [Sat, 18 Dec 2021 10:17:20 +0000 (18:17 +0800)]
crypto: hisilicon/qm - disable qm clock-gating

For Kunpeng930, if qm clock-gating is enabled, rate limiter
will be inaccurate. Therefore, disable clock-gating before doing task.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: omap-aes - Fix broken pm_runtime_and_get() usage
Heiner Kallweit [Fri, 17 Dec 2021 09:03:30 +0000 (10:03 +0100)]
crypto: omap-aes - Fix broken pm_runtime_and_get() usage

This fix is basically the same as 3d6b661330a7 ("crypto: stm32 -
Revert broken pm_runtime_resume_and_get changes"), just for the omap
driver. If the return value isn't used, then pm_runtime_get_sync()
has to be used for ensuring that the usage count is balanced.

Fixes: 1f34cc4a8da3 ("crypto: omap-aes - Fix PM reference leak on omap-aes.c")
Cc: stable@vger.kernel.org
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoMAINTAINERS: update caam crypto driver maintainers list
Pankaj Gupta [Fri, 17 Dec 2021 08:12:33 +0000 (13:42 +0530)]
MAINTAINERS: update caam crypto driver maintainers list

Adding Gaurav as caam maintainer.

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: octeontx2 - prevent underflow in get_cores_bmap()
Dan Carpenter [Fri, 17 Dec 2021 07:13:32 +0000 (10:13 +0300)]
crypto: octeontx2 - prevent underflow in get_cores_bmap()

If we're going to cap "eng_grp->g->engs_num" upper bounds then we should
cap the lower bounds as well.

Fixes: 43ac0b824f1c ("crypto: octeontx2 - load microcode and create engine groups")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete()
Dan Carpenter [Fri, 17 Dec 2021 07:12:32 +0000 (10:12 +0300)]
crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete()

If "egrp" is negative then it is causes an out of bounds access in
eng_grps->grp[].

Fixes: d9d7749773e8 ("crypto: octeontx2 - add apis for custom engine groups")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - add support for compression for 4xxx
Tomasz Kowalik [Thu, 16 Dec 2021 09:13:34 +0000 (09:13 +0000)]
crypto: qat - add support for compression for 4xxx

Add the logic required to enable the compression service for 4xxx devices.
This allows to load the compression firmware image and report
the appropriate compression capabilities.

The firmware image selection for a given device is based on the
'ServicesEnabled' key stored in the internal configuration, which is
added statically at the probe of the device according to the following
rule, by default:
- odd numbered devices assigned to compression services
- even numbered devices assigned to crypto services

In addition, restore the 'ServicesEnabled' key, if present, when SRIOV
is enabled on the device.

Signed-off-by: Tomasz Kowalik <tomaszx.kowalik@intel.com>
Co-developed-by: Mateuszx Potrola <mateuszx.potrola@intel.com>
Signed-off-by: Mateuszx Potrola <mateuszx.potrola@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - allow detection of dc capabilities for 4xxx
Giovanni Cabiddu [Thu, 16 Dec 2021 09:13:33 +0000 (09:13 +0000)]
crypto: qat - allow detection of dc capabilities for 4xxx

Add logic to allow the detection of data compression capabilities for
4xxx devices.
The capability detection logic has been refactored to separate the
crypto capabilities from the compression ones.

This patch is not updating the returned capability mask as, up to now,
4xxx devices are configured only to handle crypto operations.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - add PFVF support to enable the reset of ring pairs
Marco Chiappero [Thu, 16 Dec 2021 09:13:32 +0000 (09:13 +0000)]
crypto: qat - add PFVF support to enable the reset of ring pairs

Extend support for resetting ring pairs on the device to VFs. Such
reset happens by sending a request to the PF over the PFVF protocol.

This patch defines two new PFVF messages and adds the PFVF logic for
handling the request on PF, triggering the reset, and VFs, accepting the
'success'/'error' response.

This feature is GEN4 specific.

This patch is based on earlier work done by Zelin Deng.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - add PFVF support to the GEN4 host driver
Marco Chiappero [Thu, 16 Dec 2021 09:13:31 +0000 (09:13 +0000)]
crypto: qat - add PFVF support to the GEN4 host driver

So far PFVF support for GEN4 devices has been kept effectively disabled
due to lack of support. This patch adds all the GEN4 specific logic to
make PFVF fully functional on PF.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - config VFs based on ring-to-svc mapping
Marco Chiappero [Thu, 16 Dec 2021 09:13:30 +0000 (09:13 +0000)]
crypto: qat - config VFs based on ring-to-svc mapping

Change the configuration logic for the VF driver to leverage the
ring-to-service mappings now received via PFVF.

While the driver config logic is not yet capable of supporting
configurations other than the default mapping, make sure that both VF
and PF share the same default configuration in order to work properly.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - exchange ring-to-service mappings over PFVF
Marco Chiappero [Thu, 16 Dec 2021 09:13:29 +0000 (09:13 +0000)]
crypto: qat - exchange ring-to-service mappings over PFVF

In addition to retrieving the device capabilities, a VF may also need to
retrieve the mapping of its ring pairs to crypto and or compression
services in order to work properly.

Make the VF receive the ring-to-service mappings from the PF by means of a
new REQ_RING_SVC_MAP Block Message and add the request and response
logic on VF and PF respectively. This change requires to bump the PFVF
protocol to version 4.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - support fast ACKs in the PFVF protocol
Marco Chiappero [Thu, 16 Dec 2021 09:13:28 +0000 (09:13 +0000)]
crypto: qat - support fast ACKs in the PFVF protocol

The original design and current implementation of the PFVF protocol
expects the sender to both acquire and relinquish the ownership of the
shared CSR by setting and clearing the "in use" pattern on the remote
half of the register when sending a message. This happens regardless of
the acknowledgment of the reception, to guarantee changes, including
collisions, are surely detected.

However, in the case of a request that requires a response, collisions
can also be detected by the lack of a reply. This can be exploited to
speed up and simplify the above behaviour, letting the receiver both
acknowledge the message and release the CSR in a single transaction:

1) the sender can return as soon as the message has been acknowledged
2) the receiver doesn't have to wait long before acquiring ownership
of the CSR for the response message, greatly improving the overall
throughput.

Howerver, this improvement cannot be leveraged for fire-and-forget
notifications, as it would be impossible for the sender to clearly
distinguish between a collision and an ack immediately followed by a new
message.

This patch implements this optimization in a new version of the protocol
(v3), which applies the fast-ack logic only whenever possible and
guarantees backward compatibility with older versions. For requests, a
new retry loop guarantees a correct behaviour.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - exchange device capabilities over PFVF
Marco Chiappero [Thu, 16 Dec 2021 09:13:27 +0000 (09:13 +0000)]
crypto: qat - exchange device capabilities over PFVF

Allow the VF driver to get the supported device capabilities through PFVF,
by adding a new block message, the Capability Summary.

This messages allows to exchange the capability through masks, which
report, depending on the Capability Summary version, up to the following
information:
- algorithms and/or services that are supported by the device (e.g.
  symmetric crypto, data compression, etc.)
- (extended) compression capabilities, with details about the compression
  service (e.g. if compress and verify is supported by this device)
- the frequency of the device

This patch supports the latest Capabilities Summary version 3 for VFs,
but will limit support for the PF driver to version 2. This change also
increases the PFVF protocol to version 2.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - introduce support for PFVF block messages
Marco Chiappero [Thu, 16 Dec 2021 09:13:26 +0000 (09:13 +0000)]
crypto: qat - introduce support for PFVF block messages

GEN2 devices use a single CSR for PFVF messages, which leaves up to 10 bits
of payload per single message. While such amount is sufficient for the
currently defined messages, the transfer of bigger and more complex data
streams from the PF to the VF requires a new mechanism that extends the
protocol.

This patch adds a new layer on top of the basic PFVF messaging, called
Block Messages, to encapsulate up to 126 bytes of data in a single
logical message across multiple PFVF messages of new types (SMALL,
MEDIUM and LARGE BLOCK), including (sub)types (BLKMSG_TYPE) to carry the
information about the actual Block Message.

Regardless of the size, each Block Message uses a two bytes header,
containing the version and size, to allow for extension while
maintaining compatibility. The size and the types of Block Messages are
defined as follow:

- small block messages:  up to 16 BLKMSG types of up to 30 bytes
- medium block messages: up to 8 BLKMSG types of up to 62 bytes
- large block messages:  up to 4 BLKMSG types of up to 126 bytes

It effectively works as reading a byte at a time from a block device and
for each of these new Block Messages:
- the requestor (always a VF) can either request a specific byte of the
  larger message, in order to retrieve the full message, or request the
  value of the CRC calculated for a specific message up to the provided
  size (to allow for messages to grow while maintaining forward
  compatibility)
- the responder (always the PF) will either return a single data or CRC
  byte, along with the indication of response type (or error).

This patch provides the basic infrastructure to perform the above
operations, without defining any new message.

As CRCs are required, this code now depends on the CRC8 module.

Note: as a consequence of the Block Messages design, sending multiple
PFVF messages in bursts, the interrupt rate limiting values on the PF are
increased.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - store the ring-to-service mapping
Marco Chiappero [Thu, 16 Dec 2021 09:13:25 +0000 (09:13 +0000)]
crypto: qat - store the ring-to-service mapping

This driver relies on either the FW (on the PF) or the PF (on the VF) to
know how crypto services and rings map to one another. Store this
information so that it can be referenced in the future at runtime for
checks or extensions.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - store the PFVF protocol version of the endpoints
Marco Chiappero [Thu, 16 Dec 2021 09:13:24 +0000 (09:13 +0000)]
crypto: qat - store the PFVF protocol version of the endpoints

This patch adds an entry for storing the PFVF protocol version for both
PF and VFs. While not currently used, knowing and storing the remote
protocol version enables more complex compatibility checks and/or newer
features for compatible PFVF endpoints in the future.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - improve the ACK timings in PFVF send
Marco Chiappero [Thu, 16 Dec 2021 09:13:23 +0000 (09:13 +0000)]
crypto: qat - improve the ACK timings in PFVF send

Review the ACK timings in adf_gen2_pfvf_send() to improve the latency
by reducing the polling interval. Also increase the timeout, for higher
tolerance in highly loaded systems, and reposition these new values to
allow for inclusion by the future GEN4 devices too.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - leverage read_poll_timeout in PFVF send
Marco Chiappero [Thu, 16 Dec 2021 09:13:22 +0000 (09:13 +0000)]
crypto: qat - leverage read_poll_timeout in PFVF send

Replace the polling loop, waiting for the remote end to acknowledge
the reception of the message, with the equivalent and standard
read_poll_timeout() in adf_gen2_pfvf_send().

Also, the use of the read_poll_timeout():
- implies the use of microseconds for the timings, so update the previous
  values from ms to us
- allows to leverage the return value for both success and error,
  removing the need for the reset of the 'ret' variable soon after the
  'start' label.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - leverage bitfield.h utils for PFVF messages
Marco Chiappero [Thu, 16 Dec 2021 09:13:21 +0000 (09:13 +0000)]
crypto: qat - leverage bitfield.h utils for PFVF messages

The PFVF protocol defines messages composed of a number of control
bitfields. Replace all the code setting and retrieving such bits
with the utilities from bitfield.h, to improve code quality and
readability.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - abstract PFVF messages with struct pfvf_message
Marco Chiappero [Thu, 16 Dec 2021 09:13:20 +0000 (09:13 +0000)]
crypto: qat - abstract PFVF messages with struct pfvf_message

This implementation of the PFVF protocol was designed around the GEN2
devices and its CSR format. In order to support future generations,
which come with differently sized fields, change the definition of the PFVF
message and make it abstract by means of a new pfvf_message struct. Also,
introduce some utilities to translate to and from the new message format
and the device specific CSR format.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - set PFVF_MSGORIGIN just before sending
Marco Chiappero [Thu, 16 Dec 2021 09:13:19 +0000 (09:13 +0000)]
crypto: qat - set PFVF_MSGORIGIN just before sending

In this implementation of the PFVF protocol every egressing message must
include the ADF_PFVF_MSGORIGIN_SYSTEM flag. However, this flag can be set
on all the outbound messages just before sending them rather than at
message build time, as currently done.

Remove the unnecessary code duplication by setting the
ADF_PFVF_MSGORIGIN_SYSTEM flag only once at send time in
adf_gen2_pfvf_send().

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - make PFVF send and receive direction agnostic
Marco Chiappero [Thu, 16 Dec 2021 09:13:18 +0000 (09:13 +0000)]
crypto: qat - make PFVF send and receive direction agnostic

Currently PF and VF share the same send and receive logic for the PFVF
protocol. However, the inner behaviour still depends on the specific
direction, requiring a test to determine the if the sender is a PF or a
VF. Moreover the vf_nr parameter is only required for PF2VF messages and
ignored for the opposite direction.

Make the GEN2 send and recv completely direction agnostic, by calculating
and determining any direction specific input in the caller instead, and
feeding the send and the receive functions with the same arguments for
both PF and VF. In order to accommodate for this change, the API of the
pfvf_ops send and recv has been modified to remove any reference to vf_nr.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - make PFVF message construction direction agnostic
Marco Chiappero [Thu, 16 Dec 2021 09:13:17 +0000 (09:13 +0000)]
crypto: qat - make PFVF message construction direction agnostic

Currently PFVF messages are created upfront in the CSR format, that is
PF2VF messages starting from bit 0 and VF2PF from bit 16, and passed
along unmodified to the PFVF send function.

Refactor the code to allow the VF2PF messages to be built starting from
bit 0, as for the PF2VF messages. Shift the VF to PF messages just
before sending them, and refactor the send logic to handle messages
properly depending on the direction.

As a result all the messages are composed the same way regardless of
the direction.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - add the adf_get_pmisc_base() helper function
Marco Chiappero [Thu, 16 Dec 2021 09:13:16 +0000 (09:13 +0000)]
crypto: qat - add the adf_get_pmisc_base() helper function

Add and use the new helper function adf_get_pmisc_base() where convenient.

Also:
- remove no longer shared variables
- leverage other utilities, such as GET_PFVF_OPS(), as a consequence
- consistently use the "pmisc_addr" name for the returned value of this
  new helper

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - support the reset of ring pairs on PF
Marco Chiappero [Thu, 16 Dec 2021 09:13:15 +0000 (09:13 +0000)]
crypto: qat - support the reset of ring pairs on PF

Add support for triggering a HW reset of a specific ring pair.
Being a device specific feature, add it to the hw_device_data struct.

This feature is supported only by QAT GEN4 devices.

This patch is based on earlier work done by Zelin Deng.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - extend crypto capability detection for 4xxx
Giovanni Cabiddu [Thu, 16 Dec 2021 09:13:14 +0000 (09:13 +0000)]
crypto: qat - extend crypto capability detection for 4xxx

Extended the capability detection logic for 4xxx devices.
Mask out unsupported algorithms and services based on the value read in
the fuse register.

This includes only capabilities for the crypto service.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - set COMPRESSION capability for QAT GEN2
Giovanni Cabiddu [Thu, 16 Dec 2021 09:13:13 +0000 (09:13 +0000)]
crypto: qat - set COMPRESSION capability for QAT GEN2

Enhance the device capability detection for QAT GEN2 devices to detect if
a device supports the compression service.

This is done by checking both the fuse and the strap registers for c62x
and c3xxx and only the fuse register for dh895xcc.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - set CIPHER capability for QAT GEN2
Giovanni Cabiddu [Thu, 16 Dec 2021 09:13:12 +0000 (09:13 +0000)]
crypto: qat - set CIPHER capability for QAT GEN2

Set the CIPHER capability for QAT GEN2 devices if the hardware supports
it. This is done if both the CIPHER and the AUTHENTICATION engines are
available on the device.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - get compression extended capabilities
Giovanni Cabiddu [Thu, 16 Dec 2021 09:13:11 +0000 (09:13 +0000)]
crypto: qat - get compression extended capabilities

Get compression extended capabilities mask from firmware through the
init/admin channel.
These capabilities are stored in the accel_dev structure and will be
communicated to VF through the PFVF channel.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: octeontx2 - Use swap() instead of swap_engines()
Jiapeng Chong [Thu, 16 Dec 2021 07:48:14 +0000 (15:48 +0800)]
crypto: octeontx2 - Use swap() instead of swap_engines()

Fix the following coccicheck warning:

./drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c:1523:16-17:
WARNING opportunity for swap().

Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: omap - increase priority of DES/3DES
Corentin Labbe [Wed, 15 Dec 2021 10:42:39 +0000 (10:42 +0000)]
crypto: omap - increase priority of DES/3DES

Give the same priority of OMAP DES/3DES than OMAP AES for being sure it
is picked before software implementation.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: x86/curve25519 - use in/out register constraints more precisely
Jason A. Donenfeld [Tue, 14 Dec 2021 16:01:46 +0000 (17:01 +0100)]
crypto: x86/curve25519 - use in/out register constraints more precisely

Rather than passing all variables as modified, pass ones that are only
read into that parameter. This helps with old gcc versions when
alternatives are additionally used, and lets gcc's codegen be a little
bit more efficient. This also syncs up with the latest Vale/EverCrypt
output.

Reported-by: Mathias Krause <minipli@grsecurity.net>
Cc: Aymeric Fromherz <aymeric.fromherz@inria.fr>
Link: https://lore.kernel.org/wireguard/1554725710.1290070.1639240504281.JavaMail.zimbra@inria.fr/
Link: https://github.com/project-everest/hacl-star/pull/501
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Mathias Krause <minipli@grsecurity.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: cn10k - Add random number generator support
Sunil Goutham [Tue, 14 Dec 2021 10:51:08 +0000 (16:21 +0530)]
hwrng: cn10k - Add random number generator support

CN10K series of silicons support true random number
generators. This patch adds support for the same. Also
supports entropy health status checking.

Signed-off-by: Sunil Goutham <sgoutham@marvell.com>
Signed-off-by: Bharat Bhushan <bbhushan2@marvell.com>
Signed-off-by: Joseph Longever <jlongever@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/zip - add new algorithms for uacce device
Yang Shen [Tue, 14 Dec 2021 06:45:09 +0000 (14:45 +0800)]
crypto: hisilicon/zip - add new algorithms for uacce device

Enable deflate/lz77_zstd algorithm for uacce device on Kunpeng930.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - disable queue when 'CQ' error
Weili Qian [Sat, 11 Dec 2021 11:25:19 +0000 (19:25 +0800)]
crypto: hisilicon/qm - disable queue when 'CQ' error

If the hardware reports the 'CQ' overflow or 'CQE' error by the abnormal
interrupt, disable the queue and stop tasks send to hardware.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - reset function if event queue overflows
Weili Qian [Sat, 11 Dec 2021 11:25:18 +0000 (19:25 +0800)]
crypto: hisilicon/qm - reset function if event queue overflows

If the hardware reports the event queue overflow by the abnormal interrupt,
the driver needs to reset the function and re-enable the event queue
interrupt and abnormal interrupt.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - use request_threaded_irq instead
Weili Qian [Sat, 11 Dec 2021 11:25:17 +0000 (19:25 +0800)]
crypto: hisilicon/qm - use request_threaded_irq instead

The abnormal interrupt method needs to be changed, and the changed method
needs to be locked in order to maintain atomicity. Therefore,
replace request_irq() with request_threaded_irq().

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - modify the handling method after abnormal interruption
Weili Qian [Sat, 11 Dec 2021 11:25:16 +0000 (19:25 +0800)]
crypto: hisilicon/qm - modify the handling method after abnormal interruption

After processing an interrupt event and the interrupt function is
enabled by writing the QM_DOORBELL_CMD_AEQ register, the hardware
may generate new interrupt events due to processing other user's task
when the subsequent interrupt events have not been processed. The new
interrupt event will disrupt the current normal processing flow and
cause other problems.

Therefore, the operation of writing the QM_DOORBELL_CMD_AEQ doorbell
register needs to be placed after all interrupt events processing
are completed.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - code movement
Weili Qian [Sat, 11 Dec 2021 11:25:15 +0000 (19:25 +0800)]
crypto: hisilicon/qm - code movement

This patch does not change any code, just code movement. Preparing for
next patch.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - remove unnecessary device memory reset
Weili Qian [Sat, 11 Dec 2021 11:25:14 +0000 (19:25 +0800)]
crypto: hisilicon/qm - remove unnecessary device memory reset

The internal memory of the device needs to be reset only when
the device is globally initialized. Other scenarios, such as
function reset, do not need to perform reset.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - fix deadlock for remove driver
Yang Shen [Sat, 11 Dec 2021 08:56:55 +0000 (16:56 +0800)]
crypto: hisilicon/qm - fix deadlock for remove driver

When remove the driver and executing the task occur at the same time,
the following deadlock will be triggered:

Chain exists of:
    sva_lock --> uacce_mutex --> &qm->qps_lock
    Possible unsafe locking scenario:
CPU0                    CPU1
----                    ----
lock(&qm->qps_lock);
lock(uacce_mutex);
lock(&qm->qps_lock);
lock(sva_lock);

And the lock 'qps_lock' is used to protect qp. Therefore, it's reasonable
cycle is to continue until the qp memory is released. So move the release
lock infront of 'uacce_remove'.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/zip - enable ssid for sva sgl
Yang Shen [Sat, 11 Dec 2021 08:52:05 +0000 (16:52 +0800)]
crypto: hisilicon/zip - enable ssid for sva sgl

For Kunpeng 920, the bit 0 of register 'HZIP_SGL_RUSER_32_63' stand for
whether the ssid is valid. So this bit should be set as valid for sva mode.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/hpre - fix memory leak in hpre_curve25519_src_init()
Weili Qian [Sat, 11 Dec 2021 08:17:19 +0000 (16:17 +0800)]
crypto: hisilicon/hpre - fix memory leak in hpre_curve25519_src_init()

hpre_curve25519_src_init() allocates memory for 'ptr' before calling
memcmp(). If memcmp() returns 0, the function will return '-EINVAL'
without freeing memory.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: api - Replace kernel.h with the necessary inclusions
Andy Shevchenko [Fri, 10 Dec 2021 14:30:09 +0000 (16:30 +0200)]
crypto: api - Replace kernel.h with the necessary inclusions

When kernel.h is used in the headers it adds a lot into dependency hell,
especially when there are circular dependencies are involved.

Replace kernel.h inclusion with the list of what is really being used.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: marvell/octeontx - Use kcalloc() instead of kzalloc()
Gustavo A. R. Silva [Wed, 8 Dec 2021 04:17:21 +0000 (22:17 -0600)]
crypto: marvell/octeontx - Use kcalloc() instead of kzalloc()

Use 2-factor multiplication argument form kcalloc() instead
of kzalloc().

Link: https://github.com/KSPP/linux/issues/162
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: cavium - Use kcalloc() instead of kzalloc()
Gustavo A. R. Silva [Wed, 8 Dec 2021 01:24:59 +0000 (19:24 -0600)]
crypto: cavium - Use kcalloc() instead of kzalloc()

Use 2-factor multiplication argument form kcalloc() instead
of kzalloc().

Link: https://github.com/KSPP/linux/issues/162
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add SEV_INIT_EX support
David Rientjes [Tue, 7 Dec 2021 23:33:06 +0000 (15:33 -0800)]
crypto: ccp - Add SEV_INIT_EX support

Add new module parameter to allow users to use SEV_INIT_EX instead of
SEV_INIT. This helps users who lock their SPI bus to use the PSP for SEV
functionality. The 'init_ex_path' parameter defaults to NULL which means
the kernel will use SEV_INIT, if a path is specified SEV_INIT_EX will be
used with the data found at the path. On certain PSP commands this
file is written to as the PSP updates the NV memory region. Depending on
file system initialization this file open may fail during module init
but the CCP driver for SEV already has sufficient retries for platform
initialization. During normal operation of PSP system and SEV commands
if the PSP has not been initialized it is at run time. If the file at
'init_ex_path' does not exist the PSP will not be initialized. The user
must create the file prior to use with 32Kb of 0xFFs per spec.

Signed-off-by: David Rientjes <rientjes@google.com>
Co-developed-by: Peter Gonda <pgonda@google.com>
Signed-off-by: Peter Gonda <pgonda@google.com>
Reviewed-by: Marc Orr <marcorr@google.com>
Reported-by: kernel test robot <lkp@intel.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Rientjes <rientjes@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add psp_init_on_probe module parameter
Peter Gonda [Tue, 7 Dec 2021 23:33:05 +0000 (15:33 -0800)]
crypto: ccp - Add psp_init_on_probe module parameter

Add psp_init_on_probe module parameter that allows for skipping the
PSP's SEV platform initialization during module init. User may decouple
module init from PSP init due to use of the INIT_EX support in upcoming
patch which allows for users to save PSP's internal state to file. The
file may be unavailable at module init.

Also moves the PSP ABI version log message to after successful PSP init
instead of module init in case this new parameter is used.

Signed-off-by: Peter Gonda <pgonda@google.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Rientjes <rientjes@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Refactor out sev_fw_alloc()
Peter Gonda [Tue, 7 Dec 2021 23:33:04 +0000 (15:33 -0800)]
crypto: ccp - Refactor out sev_fw_alloc()

Create a helper function sev_fw_alloc() which can be used to allocate
aligned memory regions for use by the PSP firmware. Currently only used
for the SEV-ES TMR region but will be used for the SEV_INIT_EX NV memory
region.

Signed-off-by: Peter Gonda <pgonda@google.com>
Reviewed-by: Marc Orr <marcorr@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Rientjes <rientjes@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Move SEV_INIT retry for corrupted data
Peter Gonda [Tue, 7 Dec 2021 23:33:03 +0000 (15:33 -0800)]
crypto: ccp - Move SEV_INIT retry for corrupted data

Move the data corrupted retry of SEV_INIT into the
__sev_platform_init_locked() function. This is for upcoming INIT_EX
support as well as helping direct callers of
__sev_platform_init_locked() which currently do not support the
retry.

Signed-off-by: Peter Gonda <pgonda@google.com>
Reviewed-by: Marc Orr <marcorr@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Rientjes <rientjes@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add SEV_INIT rc error logging on init
Peter Gonda [Tue, 7 Dec 2021 23:33:02 +0000 (15:33 -0800)]
crypto: ccp - Add SEV_INIT rc error logging on init

Currently only the firmware error code is printed. This is incomplete
and also incorrect as error cases exists where the firmware is never
called and therefore does not set an error code.

Signed-off-by: Peter Gonda <pgonda@google.com>
Reviewed-by: Marc Orr <marcorr@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Rientjes <rientjes@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: x86/des3 - remove redundant assignment of variable nbytes
Colin Ian King [Tue, 7 Dec 2021 18:58:09 +0000 (18:58 +0000)]
crypto: x86/des3 - remove redundant assignment of variable nbytes

The variable nbytes is being assigned a value that is never read, it is
being re-assigned in the following statement. The assignment is redundant
and can be removed.

Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - fix incorrect return value of hisi_qm_resume()
Weili Qian [Sat, 4 Dec 2021 10:43:01 +0000 (18:43 +0800)]
crypto: hisilicon/qm - fix incorrect return value of hisi_qm_resume()

When hisi_qm_resume() returns 0, it indicates that the device has started
successfully.  If the device fails to start, hisi_qm_resume() needs to
return the actual error code to the caller instead of 0.

Fixes: d7ea53395b72 ("crypto: hisilicon - add runtime PM ops")
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: octeontx2 - parameters for custom engine groups
Srujana Challa [Wed, 1 Dec 2021 09:02:01 +0000 (14:32 +0530)]
crypto: octeontx2 - parameters for custom engine groups

Added devlink parameters to create and delete custom CPT engine groups.

Example:
devlink dev param set pci/0002:20:00.0 name egrp_create value \
                "se:32;se.out" cmode runtime
devlink dev param set pci/0002:20:00.0 name egrp_delete value \
                "egrp:1" cmode runtime

Signed-off-by: Srujana Challa <schalla@marvell.com>
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: octeontx2 - add apis for custom engine groups
Srujana Challa [Wed, 1 Dec 2021 09:02:00 +0000 (14:32 +0530)]
crypto: octeontx2 - add apis for custom engine groups

Octeon TX2 CPT has three type of engines to handle symmetric, asymmetric
and ipsec specific workload. For better utilization, these engines can
be grouped to custom groups at runtime.

This patch adds APIs to create and delete custom CPT engine groups.

Signed-off-by: Srujana Challa <schalla@marvell.com>
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - Revert broken pm_runtime_resume_and_get changes
Herbert Xu [Wed, 1 Dec 2021 06:30:41 +0000 (17:30 +1100)]
crypto: stm32 - Revert broken pm_runtime_resume_and_get changes

We should not call pm_runtime_resume_and_get where the reference
count is expected to be incremented unconditionally.  This patch
reverts these calls to the original unconditional get_sync call.

Reported-by: Heiner Kallweit <hkallweit1@gmail.com>
Fixes: 747bf30fd944 ("crypto: stm32/cryp - Fix PM reference leak...")
Fixes: 1cb3ad701970 ("crypto: stm32/hash - Fix PM reference leak...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: jitter - quit sample collection loop upon RCT failure
Nicolai Stange [Tue, 30 Nov 2021 14:10:09 +0000 (15:10 +0100)]
crypto: jitter - quit sample collection loop upon RCT failure

The jitterentropy collection loop in jent_gen_entropy() can in principle
run indefinitely without making any progress if it only receives stuck
measurements as determined by jent_stuck(). After 31 consecutive stuck
samples, the Repetition Count Test (RCT) would fail anyway and the
jitterentropy RNG instances moved into ->health_failure == 1 state.
jent_gen_entropy()'s caller, jent_read_entropy() would then check for
this ->health_failure condition and return an error if found set. It
follows that there's absolutely no point in continuing the collection loop
in jent_gen_entropy() once the RCT has failed.

Make the jitterentropy collection loop more robust by terminating it upon
jent_health_failure() so that it won't continue to run indefinitely without
making any progress.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: jitter - don't limit ->health_failure check to FIPS mode
Nicolai Stange [Tue, 30 Nov 2021 14:10:08 +0000 (15:10 +0100)]
crypto: jitter - don't limit ->health_failure check to FIPS mode

The jitterentropy's Repetition Count Test (RCT) as well as the Adaptive
Proportion Test (APT) are run unconditionally on any collected samples.
However, their result, i.e. ->health_failure, will only get checked if
fips_enabled is set, c.f. the jent_health_failure() wrapper.

I would argue that a RCT or APT failure indicates that something's
seriously off and that this should always be reported as an error,
independently of whether FIPS mode is enabled or not: it should be up to
callers whether or not and how to handle jitterentropy failures.

Make jent_health_failure() to unconditionally return ->health_failure,
independent of whether fips_enabled is set.

Note that fips_enabled isn't accessed from the jitterentropy code anymore
now. Remove the linux/fips.h include as well as the jent_fips_enabled()
wrapper.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: drbg - ignore jitterentropy errors if not in FIPS mode
Nicolai Stange [Tue, 30 Nov 2021 14:10:07 +0000 (15:10 +0100)]
crypto: drbg - ignore jitterentropy errors if not in FIPS mode

A subsequent patch will make the jitterentropy RNG to unconditionally
report health test errors back to callers, independent of whether
fips_enabled is set or not. The DRBG needs access to a functional
jitterentropy instance only in FIPS mode (because it's the only SP800-90B
compliant entropy source as it currently stands). Thus, it is perfectly
fine for the DRBGs to obtain entropy from the jitterentropy source only
on a best effort basis if fips_enabled is off.

Make the DRBGs to ignore jitterentropy failures if fips_enabled is not set.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/cryp - reorder hw initialization
Nicolas Toromanoff [Tue, 30 Nov 2021 07:55:01 +0000 (08:55 +0100)]
crypto: stm32/cryp - reorder hw initialization

The CRYP IP checks the written key depending of the configuration, it's
safer to write the whole configuration to hardware then the key to avoid
unexpected key rejection.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/cryp - fix bugs and crash in tests
Nicolas Toromanoff [Tue, 30 Nov 2021 07:55:00 +0000 (08:55 +0100)]
crypto: stm32/cryp - fix bugs and crash in tests

Extra crypto manager auto test were crashing or failling due
to 2 reasons:
- block in a dead loop (dues to issues in cipher end process management)
- crash due to read/write unmapped memory (this crash was also reported
when using openssl afalg engine)

Rework interrupt management, interrupts are masked as soon as they are
no more used: if input buffer is fully consumed, "Input FIFO not full"
interrupt is masked and if output buffer is full, "Output FIFO not
empty" interrupt is masked.
And crypto request finish when input *and* outpout buffer are fully
read/write.

About the crash due to unmapped memory, using scatterwalk_copychunks()
that will map and copy each block fix the issue.
Using this api and copying full block will also fix unaligned data
access, avoid early copy of in/out buffer, and make useless the extra
alignment constraint.

Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")

Reported-by: Marek Vasut <marex@denx.de>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/cryp - fix lrw chaining mode
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:59 +0000 (08:54 +0100)]
crypto: stm32/cryp - fix lrw chaining mode

This fixes the lrw autotest if lrw uses the CRYP as the AES block cipher
provider (as ecb(aes)). At end of request, CRYP should not update the IV
in case of ECB chaining mode. Indeed the ECB chaining mode never uses
the IV, but the software LRW chaining mode uses the IV field as
a counter and due to the (unexpected) update done by CRYP while the AES
block process, the counter get a wrong value when the IV overflow.

Fixes: 5f49f18d27cd ("crypto: stm32/cryp - update to return iv_out")

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/cryp - fix double pm exit
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:58 +0000 (08:54 +0100)]
crypto: stm32/cryp - fix double pm exit

Delete extraneous lines in probe error handling code: pm was
disabled twice.

Fixes: 65f9aa36ee47 ("crypto: stm32/cryp - Add power management support")

Reported-by: Marek Vasut <marex@denx.de>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/cryp - check early input data
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:57 +0000 (08:54 +0100)]
crypto: stm32/cryp - check early input data

Some auto tests failed because driver wasn't returning the expected
error with some input size/iv value/tag size.
Now:
 Return 0 early for empty buffer. (We don't need to start the engine for
 an empty input buffer).
 Accept any valid authsize for gcm(aes).
 Return -EINVAL if iv for ccm(aes) is invalid.
 Return -EINVAL if buffer size is a not a multiple of algorithm block size.

Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/cryp - fix xts and race condition in crypto_engine requests
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:56 +0000 (08:54 +0100)]
crypto: stm32/cryp - fix xts and race condition in crypto_engine requests

Don't erase key:
If key is erased before the crypto_finalize_.*_request() call, some
pending process will run with a key={ 0 }.
Moreover if the key is reset at end of request, it breaks xts chaining
mode, as for last xts block (in case input len is not a multiple of
block) a new AES request is started without calling again set_key().

Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/cryp - fix CTR counter carry
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:55 +0000 (08:54 +0100)]
crypto: stm32/cryp - fix CTR counter carry

STM32 CRYP hardware doesn't manage CTR counter bigger than max U32, as
a workaround, at each block the current IV is saved, if the saved IV
lower u32 is 0xFFFFFFFF, the full IV is manually incremented, and set
in hardware.
Fixes: bbb2832620ac ("crypto: stm32 - Fix sparse warnings")

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/cryp - don't print error on probe deferral
Etienne Carriere [Tue, 30 Nov 2021 07:54:54 +0000 (08:54 +0100)]
crypto: stm32/cryp - don't print error on probe deferral

Change driver to not print an error message when the device
probe is deferred for a clock resource.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32/cryp - defer probe for reset controller
Etienne Carriere [Tue, 30 Nov 2021 07:54:53 +0000 (08:54 +0100)]
crypto: stm32/cryp - defer probe for reset controller

Change stm32 CRYP driver to defer its probe operation when
reset controller device is registered but has not been probed yet.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: dh - remove duplicate includes
Guo Zhengkui [Mon, 29 Nov 2021 08:34:56 +0000 (16:34 +0800)]
crypto: dh - remove duplicate includes

Remove a duplicate #include <linux/fips.h>.

Signed-off-by: Guo Zhengkui <guozhengkui@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: octeontx2 - uninitialized variable in kvf_limits_store()
Dan Carpenter [Sat, 27 Nov 2021 14:10:27 +0000 (17:10 +0300)]
crypto: octeontx2 - uninitialized variable in kvf_limits_store()

If kstrtoint() fails then "lfs_num" is uninitialized and the warning
doesn't make any sense.  Just delete it.

Fixes: 8ec8015a3168 ("crypto: octeontx2 - add support to process the crypto request")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: sa2ul - Use bitfield helpers
Geert Uytterhoeven [Mon, 22 Nov 2021 15:54:02 +0000 (16:54 +0100)]
crypto: sa2ul - Use bitfield helpers

Use the FIELD_PREP() helper, instead of open-coding the same operation.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam - save caam memory to support crypto engine retry mechanism.
Gaurav Jain [Mon, 22 Nov 2021 11:32:34 +0000 (17:02 +0530)]
crypto: caam - save caam memory to support crypto engine retry mechanism.

When caam queue is full (-ENOSPC), caam frees descriptor memory.
crypto-engine checks if retry support is true and h/w queue
is full(-ENOSPC), then requeue the crypto request.
During processing the requested descriptor again, caam gives below error.
(caam_jr 30902000.jr: 40000006: DECO: desc idx 0: Invalid KEY Command).

This patch adds a check to return when caam input ring is full
and retry support is true. so descriptor memory is not freed
and requeued request can be processed again.

Fixes: 2d653936eb2cf ("crypto: caam - enable crypto-engine retry mechanism")
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: des - disallow des3 in FIPS mode
Stephan Müller [Sun, 21 Nov 2021 15:10:33 +0000 (16:10 +0100)]
crypto: des - disallow des3 in FIPS mode

On Dec 31 2023 NIST sunsets TDES for FIPS use. To prevent FIPS
validations to be completed in the future to be affected by the TDES
sunsetting, disallow TDES already now. Otherwise a FIPS validation would
need to be "touched again" end 2023 to handle TDES accordingly.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: dh - limit key size to 2048 in FIPS mode
Stephan Müller [Sun, 21 Nov 2021 14:51:44 +0000 (15:51 +0100)]
crypto: dh - limit key size to 2048 in FIPS mode

FIPS disallows DH with keys < 2048 bits. Thus, the kernel should
consider the enforcement of this limit.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: rsa - limit key size to 2048 in FIPS mode
Stephan Müller [Sun, 21 Nov 2021 14:31:27 +0000 (15:31 +0100)]
crypto: rsa - limit key size to 2048 in FIPS mode

FIPS disallows RSA with keys < 2048 bits. Thus, the kernel should
consider the enforcement of this limit.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: jitter - consider 32 LSB for APT
Stephan Müller [Sun, 21 Nov 2021 14:14:20 +0000 (15:14 +0100)]
crypto: jitter - consider 32 LSB for APT

The APT compares the current time stamp with a pre-set value. The
current code only considered the 4 LSB only. Yet, after reviews by
mathematicians of the user space Jitter RNG version >= 3.1.0, it was
concluded that the APT can be calculated on the 32 LSB of the time
delta. Thi change is applied to the kernel.

This fixes a bug where an AMD EPYC fails this test as its RDTSC value
contains zeros in the LSB. The most appropriate fix would have been to
apply a GCD calculation and divide the time stamp by the GCD. Yet, this
is a significant code change that will be considered for a future
update. Note, tests showed that constantly the GCD always was 32 on
these systems, i.e. the 5 LSB were always zero (thus failing the APT
since it only considered the 4 LSB for its calculation).

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - simplified the calculation of qos shaper parameters
Kai Ye [Sat, 20 Nov 2021 04:47:39 +0000 (12:47 +0800)]
crypto: hisilicon/qm - simplified the calculation of qos shaper parameters

Some optimize for the calculation of qos shaper parameters.
and modify the comments.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - some optimizations of ths qos write process
Kai Ye [Sat, 20 Nov 2021 04:47:38 +0000 (12:47 +0800)]
crypto: hisilicon/qm - some optimizations of ths qos write process

1. Optimize overly long functions.
2. Fix the format symbol does not match the actual type.
3. Use the PCI_DEVFN to get the function id.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - modify the value of qos initialization
Kai Ye [Sat, 20 Nov 2021 04:47:37 +0000 (12:47 +0800)]
crypto: hisilicon/qm - modify the value of qos initialization

The value of qos should be reset after flr resetting or device
resetting. So set the max of qos value for every function. Then
update the value of qos when user writing the alg_qos.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon - modify the value of engine type rate
Kai Ye [Sat, 20 Nov 2021 04:47:36 +0000 (12:47 +0800)]
crypto: hisilicon - modify the value of engine type rate

Modify the value of type rate from new QM spec.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agosecurity: DH - use KDF implementation from crypto API
Stephan Müller [Fri, 19 Nov 2021 06:59:09 +0000 (07:59 +0100)]
security: DH - use KDF implementation from crypto API

The kernel crypto API provides the SP800-108 counter KDF implementation.
Thus, the separate implementation provided as part of the keys subsystem
can be replaced with calls to the KDF offered by the kernel crypto API.

The keys subsystem uses the counter KDF with a hash primitive. Thus,
it only uses the call to crypto_kdf108_ctr_generate.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agosecurity: DH - remove dead code for zero padding
Stephan Müller [Fri, 19 Nov 2021 06:58:44 +0000 (07:58 +0100)]
security: DH - remove dead code for zero padding

Remove the specific code that adds a zero padding that was intended
to be invoked when the DH operation result was smaller than the
modulus. However, this cannot occur any more these days because the
function mpi_write_to_sgl is used in the code path that calculates the
shared secret in dh_compute_value. This MPI service function guarantees
that leading zeros are introduced as needed to ensure the resulting data
is exactly as long as the modulus. This implies that the specific code
to add zero padding is dead code which can be safely removed.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: kdf - add SP800-108 counter key derivation function
Stephan Müller [Fri, 19 Nov 2021 06:55:58 +0000 (07:55 +0100)]
crypto: kdf - add SP800-108 counter key derivation function

SP800-108 defines three KDFs - this patch provides the counter KDF
implementation.

The KDF is implemented as a service function where the caller has to
maintain the hash / HMAC state. Apart from this hash/HMAC state, no
additional state is required to be maintained by either the caller or
the KDF implementation.

The key for the KDF is set with the crypto_kdf108_setkey function which
is intended to be invoked before the caller requests a key derivation
operation via crypto_kdf108_ctr_generate.

SP800-108 allows the use of either a HMAC or a hash as crypto primitive
for the KDF. When a HMAC primtive is intended to be used,
crypto_kdf108_setkey must be used to set the HMAC key. Otherwise, for a
hash crypto primitve crypto_kdf108_ctr_generate can be used immediately
after allocating the hash handle.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: kdf - Add key derivation self-test support code
Stephan Müller [Fri, 19 Nov 2021 06:55:33 +0000 (07:55 +0100)]
crypto: kdf - Add key derivation self-test support code

As a preparation to add the key derivation implementations, the
self-test data structure definition and the common test code is made
available.

The test framework follows the testing applied by the NIST CAVP test
approach.

The structure of the test code follows the implementations found in
crypto/testmgr.c|h. In case the KDF implementations will be made
available via a kernel crypto API templates, the test code is intended
to be merged into testmgr.c|h.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: sun8i-ce - Add support for the D1 variant
Corentin Labbe [Fri, 19 Nov 2021 05:10:25 +0000 (23:10 -0600)]
crypto: sun8i-ce - Add support for the D1 variant

The Allwinner D1 SoC has a crypto engine compatible with sun8i-ce.
Add support for it.

Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>