summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2016-03-11crypto: ccp - CCP versioning supportGary R Hook
Future hardware may introduce new algorithms wherein the driver will need to manage resources for different versions of the cryptographic coprocessor. This precursor patch determines the version of the available device, and marks and registers algorithms accordingly. A structure is added which manages the version-specific data. Signed-off-by: Gary R Hook <gary.hook@amd.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-03-11crypto: ccp - Support for multiple CCPsGary R Hook
Enable management of >1 CCPs in a system. Each device will get a unique identifier, as well as uniquely named resources. Treat each CCP as an orthogonal unit and register resources individually. Signed-off-by: Gary R Hook <gary.hook@amd.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-03-11crypto: ccp - Remove check for x86 family and modelGary R Hook
Each x86 SoC will make use of a unique PCI ID for the CCP device so it is not necessary to check for the CPU family and model. Signed-off-by: Gary R Hook <gary.hook@amd.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-28crypto: ccp - memset request context to zero during importTom Lendacky
Since a crypto_ahash_import() can be called against a request context that has not had a crypto_ahash_init() performed, the request context needs to be cleared to insure there is no random data present. If not, the random data can result in a kernel oops during crypto_ahash_update(). Cc: <stable@vger.kernel.org> # 3.14.x- Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-28lib/mpi: use "static inline" instead of "extern inline"Arnd Bergmann
When we use CONFIG_PROFILE_ALL_BRANCHES, every 'if()' introduces a static variable, but that is not allowed in 'extern inline' functions: mpi-inline.h:116:204: warning: '______f' is static but declared in inline function 'mpihelp_sub' which is not static mpi-inline.h:113:184: warning: '______f' is static but declared in inline function 'mpihelp_sub' which is not static mpi-inline.h:70:184: warning: '______f' is static but declared in inline function 'mpihelp_add' which is not static mpi-inline.h:56:204: warning: '______f' is static but declared in inline function 'mpihelp_add_1' which is not static This changes the MPI code to use 'static inline' instead, to get rid of hundreds of warnings. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-28lib/mpi: avoid assembler warningArnd Bergmann
A wrapper around the umull assembly instruction might reuse the input register as an output, which is undefined on some ARM machines, as pointed out by this assembler warning: CC lib/mpi/generic_mpih-mul1.o /tmp/ccxJuxIy.s: Assembler messages: /tmp/ccxJuxIy.s:53: rdhi, rdlo and rm must all be different CC lib/mpi/generic_mpih-mul2.o /tmp/ccI0scAD.s: Assembler messages: /tmp/ccI0scAD.s:53: rdhi, rdlo and rm must all be different CC lib/mpi/generic_mpih-mul3.o /tmp/ccMvVQcp.s: Assembler messages: /tmp/ccMvVQcp.s:53: rdhi, rdlo and rm must all be different This changes the constraints to force different registers to be used as output. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-28hwrng: bcm63xx - fix non device tree compatibilityÁlvaro Fernández Rojas
Allow building when OF is not enabled as suggested by Florian Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> Reported-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-28crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode.Marcus Meissner
RFC 3686 CTR in various authenc methods. rfc3686(ctr(aes)) is already marked fips compliant, so these should be fine. Signed-off-by: Marcus Meissner <meissner@suse.de> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-28crypto: qat - The AE id should be less than the maximal AE numberPingchao Yang
Signed-off-by: Yang Pingchao <pingchao.yang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-28lib/mpi: Endianness fixMichal Marek
The limbs are integers in the host endianness, so we can't simply iterate over the individual bytes. The current code happens to work on little-endian, because the order of the limbs in the MPI array is the same as the order of the bytes in each limb, but it breaks on big-endian. Fixes: 0f74fbf77d45 ("MPI: Fix mpi_read_buffer") Signed-off-by: Michal Marek <mmarek@suse.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-28crypto: rockchip - add hash support for crypto engine in rk3288Zain Wang
Add md5 sha1 sha256 support for crypto engine in rk3288. Signed-off-by: Zain Wang <zain.wang@rock-chips.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: xts - fix compile errorsStephan Mueller
Commit 28856a9e52c7 missed the addition of the crypto/xts.h include file for different architecture-specific AES implementations. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: doc - add skcipher API documentationStephan Mueller
The crypto API received the skcipher API which is intended to replace the ablkcipher and blkcipher API. This patch adds the skcipher API documentation to the DocBook, updates the code sample (including removing the blkcipher example) replaces the references to ablkcipher and blkcipher with skcipher. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: doc - update AEAD AD handlingStephan Mueller
The associated data handling with the kernel crypto API has been updated. This needs to be reflected in the documentation. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: doc - add crypto_rng_generateStephan Mueller
Add new crypto API call crypto_rng_generate to DocBook. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: doc - add akcipher APIStephan Mueller
Reference the new akcipher API calls in the kernel crypto API DocBook. Also, fix the comments in the akcipher.h file: double dashes do not look good in the DocBook; fix a typo. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: caam - Staticize caam_jr_shutdown()Fabio Estevam
caam_jr_shutdown() is only used in this file, so it can be made static. This avoids the following sparse warning: drivers/crypto/caam/jr.c:68:5: warning: symbol 'caam_jr_shutdown' was not declared. Should it be static? Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: qat - fix leak on error pathTadeusz Struk
Fix a leak on error path in qat asym Reported-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: xts - consolidate sanity check for keysStephan Mueller
The patch centralizes the XTS key check logic into the service function xts_check_key which is invoked from the different XTS implementations. With this, the XTS implementations in ARM, ARM64, PPC and S390 have now a sanity check for the XTS keys similar to the other arches. In addition, this service function received a check to ensure that the key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the check is not present in the standards defining XTS, it is only enforced in FIPS mode of the kernel. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17hwrng: pic32 - Add PIC32 RNG hardware driverJoshua Henderson
Add support for the hardware true random number generator peripheral found on PIC32. Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com> Signed-off-by: Purna Chandra Mandal <purna.mandal@microchip.com> Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17dt/bindings: Add bindings for the PIC32 random number generatorJoshua Henderson
Document the devicetree bindings for the random number generator found on Microchip PIC32 class devices. Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com> Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: atmel-sha - fix race in atmel_sha_final()Cyrille Pitchen
When (!ctx->bufcnt && !(ctx->flags & SHA_FLAGS_PAD)), the former source code used to set the SHA_FLAGS_BUSY without checking whether this flag was already set. If so, the hardware is already processing another hash request so the processing of the req argument of atmel_sha_final() should be delayed by queueing this request, the same way as done for the (ctx->bufcnt != 0) case. Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: atmel-sha - fix .import()/.export() implementationCyrille Pitchen
Using only the digest, digcnt[], bufcnt and buffer[] fields of the struct atmel_sha_reqctx was not enough to import/export the request state, so now we use the whole structure. Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-17crypto: testmgr - mark authenticated ctr(aes) also as FIPS ableMarcus Meissner
(2nd try that adds missing , to build.) Signed-off-by: Marcus Meissner <meissner@suse.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-09crypto: keys - Revert "convert public key to akcipher api"Herbert Xu
This needs to go through the security tree so I'm reverting the patches for now. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: testmgr - mark more algorithms as FIPS compliantMarcus Meissner
Some more authenc() wrapped algorithms are FIPS compliant, tag them as such. Signed-off-by: Marcus Meissner <meissner@suse.de> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: testmgr - fix out of bound read in __test_aead()Jerome Marchand
__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the actual length of the initialisation vector can be shorter. The length of the IV is already calculated earlier in the function. Let's just reuses that. Also the IV length is currently calculated several time for no reason. Let's fix that too. This fix an out-of-bound error detected by KASan. Signed-off-by: Jerome Marchand <jmarchan@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: sahara - fill the statesize fieldFabio Estevam
Currently the sahara driver fails to probe: sahara: probe of 63ff8000.crypto failed with error -22 This happens since commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero"), which requires statesize to be filled. Pass the statesize members for sha1 and sha256, so we can probe the driver successfully again. Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: sahara - avoid needlessly saving and restoring sahara_ctxFabio Estevam
Based on commit 434b421241f2d0 ("crypto: caam - avoid needlessly saving and restoring caam_hash_ctx") from Russell King. When exporting and importing the hash state, we will only export and import into hashes which share the same struct crypto_ahash pointer. (See hash_accept->af_alg_accept->hash_accept_parent.) This means that saving the sahara_ctx structure on export, and restoring it on import is a waste of resources. So, remove this code. Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: sahara - remove unneeded mutex in the exported stateFabio Estevam
As pointed out by Herbert Xu we should not include the mutex in the exported state, so let's just get rid of it. Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: testmgr - Add a test case for import()/export()Wang, Rui Y
Modify __test_hash() so that hash import/export can be tested from within the kernel. The test is unconditionally done when a struct hash_testvec has its .np > 1. v3: make the test unconditional v2: Leverage template[i].np as suggested by Tim Chen Signed-off-by: Rui Wang <rui.y.wang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: public_key - remove MPIs from public_key_signature structTadeusz Struk
After digsig_asymmetric.c is converted the MPIs can be now safely removed from the public_key_signature structure. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06integrity: convert digsig to akcipher apiTadeusz Struk
Convert asymmetric_verify to akcipher api. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: asymmetric_keys - convert public key and digsig asym to the akcipher apiTadeusz Struk
This patch converts the module verification code to the new akcipher API. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: ccp - Don't assume export/import areas are alignedTom Lendacky
Use a local variable for the exported and imported state so that alignment is not an issue. On export, set a local variable from the request context and then memcpy the contents of the local variable to the export memory area. On import, memcpy the import memory area into a local variable and then use the local variable to set the request context. Cc: <stable@vger.kernel.org> # 3.14.x- Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: sha-mb - Fix load failureWang, Rui Y
On Monday, February 1, 2016 4:18 PM, Herbert Xu wrote: > > On Wed, Jan 27, 2016 at 05:08:35PM +0800, Rui Wang wrote: >> >> +static int sha1_mb_async_import(struct ahash_request *req, const void >> +*in) { >> + struct ahash_request *mcryptd_req = ahash_request_ctx(req); >> + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); >> + struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm); >> + struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm; >> + struct crypto_shash *child = mcryptd_ahash_child(mcryptd_tfm); >> + struct mcryptd_hash_request_ctx *rctx; >> + struct shash_desc *desc; >> + int err; >> + >> + memcpy(mcryptd_req, req, sizeof(*req)); >> + ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base); >> + rctx = ahash_request_ctx(mcryptd_req); >> + desc = &rctx->desc; >> + desc->tfm = child; >> + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; >> + >> + err = crypto_shash_init(desc); >> + if (err) >> + return err; > > What is this desc for? Hi Herbert, Yeah I just realized that the call to crypto_shash_init() isn't necessary here. What it does is overwritten by crypto_ahash_import(). But this desc still needs to be initialized here because it's newly allocated by ahash_request_alloc(). We eventually calls the shash version of import() which needs desc as an argument. The real context to be imported is then derived from shash_desc_ctx(desc). desc is a sub-field of struct mcryptd_hash_request_ctx, which is again a sub-field of the bigger blob allocated by ahash_request_alloc(). The entire blob's size is set in sha1_mb_async_init_tfm(). So a better version is as follows: (just removed the call to crypto_shash_init()) >From 4bcb73adbef99aada94c49f352063619aa24d43d Mon Sep 17 00:00:00 2001 From: Rui Wang <rui.y.wang@intel.com> Date: Mon, 14 Dec 2015 17:22:13 +0800 Subject: [PATCH v2 1/4] crypto x86/sha1_mb: Fix load failure modprobe sha1_mb fails with the following message: modprobe: ERROR: could not insert 'sha1_mb': No such device It is because it needs to set its statesize and implement its import() and export() interface. v2: remove redundant call to crypto_shash_init() Signed-off-by: Rui Wang <rui.y.wang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: aead - move aead_request_cast helper to aead.hTadeusz Struk
Move the helper function to common header for everybody to use. changes in v2: - move the helper to crypto/internal/aead.h instead of crypto/aead.h Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: sunxi-ss - prevent compilation on 64-bitAndre Przywara
The driver for the sunxi-ss crypto engine is not entirely 64-bit safe, compilation on arm64 spits some warnings. The proper fix was deemed to involved [1], so since 64-bit SoCs won't have this IP block we just disable this driver for 64-bit. [1]: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-January/399988.html (and the reply) Signed-off-by: Andre Przywara <andre.przywara@arm.com> Acked-by: Corentin LABBE <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: hash - Remove crypto_hash interfaceHerbert Xu
This patch removes all traces of the crypto_hash interface, now that everyone has switched over to shash or ahash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06staging: lustre: Use ahashHerbert Xu
This patch replaces uses of the long obsolete hash interface with ahash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-02-06crypto: hash - Add helpers to return alg and driver namesHerbert Xu
This patch adds helpers to retrieve the alg name and driver name of crypto_shash and crypto_ahash objects. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: skcipher - Fix driver name helperHerbert Xu
The helper crypto_skcipher_driver_name was returning the alg name and not the driver name. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: doc - Use ahashHerbert Xu
This patch replaces the crypto_hash example in api-intro.txt with crypto_ahash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: tcrypt - Use ahashHerbert Xu
This patch removes the last user of the obsolete crypto_hash interface, tcrypt, by simply switching it over to ahash. In fact it already has all the code there so it's just a matter of calling the ahash speed test code with the right mask. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-01crypto: keywrap - memzero the correct memoryDan Carpenter
We're clearing the wrong memory. The memory corruption is likely harmless because we weren't going to use that stack memory again but not zeroing is a potential information leak. Fixes: e28facde3c39 ('crypto: keywrap - add key wrapping block chaining mode') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-01crypto: ccp - Limit the amount of information exportedTom Lendacky
Since the exported information can be exposed to user-space, instead of exporting the entire request context only export the minimum information needed. Cc: <stable@vger.kernel.org> # 3.14.x- Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-01crypto: omap-aes - Support crypto engine frameworkBaolin Wang
Integrate with the newly added crypto engine to make the crypto hardware engine underutilized as each block needs to be processed before the crypto hardware can start working on the next block. The requests from dm-crypt will be listed into engine queue and processed by engine automatically, so remove the 'queue' and 'queue_task' things in omap aes driver. Signed-off-by: Baolin Wang <baolin.wang@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-01crypto: engine - Introduce the block request crypto engine frameworkBaolin Wang
Now block cipher engines need to implement and maintain their own queue/thread for processing requests, moreover currently helpers provided for only the queue itself (in crypto_enqueue_request() and crypto_dequeue_request()) but they don't help with the mechanics of driving the hardware (things like running the request immediately, DMA map it or providing a thread to process the queue in) even though a lot of that code really shouldn't vary that much from device to device. Thus this patch provides a mechanism for pushing requests to the hardware as it becomes free that drivers could use. And this framework is patterned on the SPI code and has worked out well there. (https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/ drivers/spi/spi.c?id=ffbbdd21329f3e15eeca6df2d4bc11c04d9d91c0) Signed-off-by: Baolin Wang <baolin.wang@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-01crypto: api - Introduce crypto_queue_len() helper functionBaolin Wang
This patch introduces crypto_queue_len() helper function to help to get the queue length in the crypto queue list now. Signed-off-by: Baolin Wang <baolin.wang@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-01-30crypto: atmel-sha - fix algorihtm registrationCyrille Pitchen
This patch implements the missing .import() and .export() mandatory hooks for asynchronous hash algorithms. It also sets the relevant, non zero, value for the .statesize field when declaring the supported SHA algorithms. Indeed a zero value of .statesize prevents the algorithm from being registered. Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>