]> www.infradead.org Git - users/dwmw2/linux.git/log
users/dwmw2/linux.git
2 years agocrypto: qat - add namespace to driver
Giovanni Cabiddu [Mon, 2 Oct 2023 08:51:09 +0000 (09:51 +0100)]
crypto: qat - add namespace to driver

Create CRYPTO_QAT namespace for symbols exported by the qat_common
module and import those in the QAT drivers. It will reduce the global
namespace crowdedness and potential misuse or the API.

This does not introduce any functional change.

Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: testmgr - Remove zlib-deflate
Herbert Xu [Wed, 30 Aug 2023 09:57:06 +0000 (17:57 +0800)]
crypto: testmgr - Remove zlib-deflate

Remove zlib-deflate test vectors as it no longer exists in the kernel.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2 years agocrypto: deflate - Remove zlib-deflate
Herbert Xu [Wed, 30 Aug 2023 09:56:25 +0000 (17:56 +0800)]
crypto: deflate - Remove zlib-deflate

Remove the implementation of zlib-deflate because it is completely
unused in the kernel.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2 years agocrypto: qat - Remove zlib-deflate
Herbert Xu [Wed, 30 Aug 2023 09:55:02 +0000 (17:55 +0800)]
crypto: qat - Remove zlib-deflate

Remove the implementation of zlib-deflate because it is completely
unused in the kernel.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2 years agocrypto: pkcs7 - remove md4 md5 x.509 support
Dimitri John Ledkov [Sun, 1 Oct 2023 23:57:15 +0000 (00:57 +0100)]
crypto: pkcs7 - remove md4 md5 x.509 support

Remove support for md4 md5 hash and signatures in x.509 certificate
parsers, pkcs7 signature parser, authenticode parser.

All of these are insecure or broken, and everyone has long time ago
migrated to alternative hash implementations.

Also remove md2 & md3 oids which have already didn't have support.

This is also likely the last user of md4 in the kernel, and thus
crypto/md4.c and related tests in tcrypt & testmgr can likely be
removed. Other users such as cifs smbfs ext modpost sumversions have
their own internal implementation as needed.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: sig - fix kernel-doc typo
Randy Dunlap [Sun, 1 Oct 2023 00:00:44 +0000 (17:00 -0700)]
crypto: sig - fix kernel-doc typo

Correct typo of "destination".

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: akcipher - fix kernel-doc typos
Randy Dunlap [Sun, 1 Oct 2023 00:00:43 +0000 (17:00 -0700)]
crypto: akcipher - fix kernel-doc typos

Correct typos of "destination".

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agodt-bindings: rng: meson: add meson-rng-s4 compatible
Alexey Romanov [Fri, 29 Sep 2023 10:29:37 +0000 (13:29 +0300)]
dt-bindings: rng: meson: add meson-rng-s4 compatible

Add compatible for hardware number generator node for
Amlogic S4-series.

Signed-off-by: Alexey Romanov <avromanov@sberdevices.ru>
Acked-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: meson - add support for S4
Alexey Romanov [Fri, 29 Sep 2023 10:29:36 +0000 (13:29 +0300)]
hwrng: meson - add support for S4

For some Amlogic SOC's, mechanism to obtain random number
has been changed. For example, S4 now uses status bit waiting algo.

Signed-off-by: Alexey Romanov <avromanov@sberdevices.ru>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - check function qp num before alg register
Weili Qian [Thu, 28 Sep 2023 09:21:47 +0000 (17:21 +0800)]
crypto: hisilicon/qm - check function qp num before alg register

When the Kunpeng accelerator executes tasks such as encryption
and decryption have minimum requirements on the number of device
queues. If the number of queues does not meet the requirement,
the process initialization will fail. Therefore, the driver checks
the number of queues on the device before registering the algorithm.
If the number does not meet the requirements, the driver does not register
the algorithm to crypto subsystem, the device is still added to the
qm_list.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - fix the type value of aeq
Weili Qian [Thu, 28 Sep 2023 09:21:03 +0000 (17:21 +0800)]
crypto: hisilicon/qm - fix the type value of aeq

The type of aeq has only 4bits in dw0 17 to 20bits, but 15bits(17 to
31bits) are read in function qm_aeq_thread(). The remaining 11bits(21
to 31bits) are reserved for aeq, but may not be 0. To avoid getting
incorrect value of type, other bits are cleared.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - fix PF queue parameter issue
Longfang Liu [Thu, 28 Sep 2023 08:57:22 +0000 (16:57 +0800)]
crypto: hisilicon/qm - fix PF queue parameter issue

If the queue isolation feature is enabled, the number of queues
supported by the device changes. When PF is enabled using the
current default number of queues, the default number of queues may
be greater than the number supported by the device. As a result,
the PF fails to be bound to the driver.

After modification, if queue isolation feature is enabled, when
the default queue parameter is greater than the number supported
by the device, the number of enabled queues will be changed to
the number supported by the device, so that the PF and driver
can be properly bound.

Fixes: 8bbecfb402f7 ("crypto: hisilicon/qm - add queue isolation support for Kunpeng930")
Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: x86/aesni - Perform address alignment early for XTS mode
Chang S. Bae [Thu, 28 Sep 2023 07:25:08 +0000 (00:25 -0700)]
crypto: x86/aesni - Perform address alignment early for XTS mode

Currently, the alignment of each field in struct aesni_xts_ctx occurs
right before every access. However, it's possible to perform this
alignment ahead of time.

Introduce a helper function that converts struct crypto_skcipher *tfm
to struct aesni_xts_ctx *ctx and returns an aligned address. Utilize
this helper function at the beginning of each XTS function and then
eliminate redundant alignment code.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Link: https://lore.kernel.org/all/ZFWQ4sZEVu%2FLHq+Q@gmail.com/
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Cc: linux-crypto@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: x86/aesni - Correct the data type in struct aesni_xts_ctx
Chang S. Bae [Thu, 28 Sep 2023 07:25:07 +0000 (00:25 -0700)]
crypto: x86/aesni - Correct the data type in struct aesni_xts_ctx

Currently, every field in struct aesni_xts_ctx is defined as a byte
array of the same size as struct crypto_aes_ctx. This data type
is obscure and the choice lacks justification.

To rectify this, update the field type in struct aesni_xts_ctx to
match its actual structure.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Link: https://lore.kernel.org/all/ZFWQ4sZEVu%2FLHq+Q@gmail.com/
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Cc: linux-crypto@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: x86/aesni - Refactor the common address alignment code
Chang S. Bae [Thu, 28 Sep 2023 07:25:06 +0000 (00:25 -0700)]
crypto: x86/aesni - Refactor the common address alignment code

The address alignment code has been duplicated for each mode. Instead
of duplicating the same code, refactor the alignment code and simplify
the alignment helpers.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Link: https://lore.kernel.org/all/20230526065414.GB875@sol.localdomain/
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Cc: linux-crypto@vger.kernel.org
Cc: x86@kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoX.509: Add missing IMPLICIT annotations to AKID ASN.1 module
Lukas Wunner [Tue, 26 Sep 2023 09:46:41 +0000 (11:46 +0200)]
X.509: Add missing IMPLICIT annotations to AKID ASN.1 module

The ASN.1 module in RFC 5280 appendix A.1 uses EXPLICIT TAGS whereas the
one in appendix A.2 uses IMPLICIT TAGS.

The kernel's simplified asn1_compiler.c always uses EXPLICIT TAGS, hence
definitions from appendix A.2 need to be annotated as IMPLICIT for the
compiler to generate RFC-compliant code.

In particular, GeneralName is defined in appendix A.2:

GeneralName ::= CHOICE {
        otherName                       [0] OtherName,
        ...
        dNSName                         [2] IA5String,
        x400Address                     [3] ORAddress,
        directoryName                   [4] Name,
        ...
        }

Because appendix A.2 uses IMPLICIT TAGS, the IA5String tag (0x16) of a
dNSName is not rendered.  Instead, the string directly succeeds the
[2] tag (0x82).

Likewise, the SEQUENCE tag (0x30) of an OtherName is not rendered.
Instead, only the constituents of the SEQUENCE are rendered:  An OID tag
(0x06), a [0] tag (0xa0) and an ANY tag.  That's three consecutive tags
instead of a single encompassing tag.

The situation is different for x400Address and directoryName choices:
They reference ORAddress and Name, which are defined in appendix A.1,
therefore use EXPLICIT TAGS.

The AKID ASN.1 module is missing several IMPLICIT annotations, hence
isn't RFC-compliant.  In the unlikely event that an AKID contains other
elements beside a directoryName, users may see parse errors.

Add the missing annotations but do not tag this commit for stable as I
am not aware of any issue reports.  Fixes are only eligible for stable
if they're "obviously correct" and with ASN.1 there's no such thing.

Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agodt-bindings: crypto: fsl-imx-sahara: Fix the number of irqs
Fabio Estevam [Mon, 25 Sep 2023 11:12:20 +0000 (08:12 -0300)]
dt-bindings: crypto: fsl-imx-sahara: Fix the number of irqs

i.MX27 has only one Sahara interrupt. i.MX53 has two.

Describe this difference.

Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agodt-bindings: crypto: fsl-imx-sahara: Document the clocks
Fabio Estevam [Mon, 25 Sep 2023 11:12:19 +0000 (08:12 -0300)]
dt-bindings: crypto: fsl-imx-sahara: Document the clocks

Describe the clocks (ipg and ahb) needed by Sahara block to operate.

Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agodt-bindings: crypto: fsl-imx-sahara: Shorten the title
Fabio Estevam [Mon, 25 Sep 2023 11:12:18 +0000 (08:12 -0300)]
dt-bindings: crypto: fsl-imx-sahara: Shorten the title

In the title, there is no need to mention "included in some i.MX chips"
as it is too vague.

Remove it to make it simpler.

While at it, also remove the extra space in the first reg entry.

Signed-off-by: Fabio Estevam <festevam@denx.de>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: engine - Make crypto_engine_exit() return void
Uwe Kleine-König [Sat, 23 Sep 2023 10:08:06 +0000 (12:08 +0200)]
crypto: engine - Make crypto_engine_exit() return void

All callers ignore the return value, so simplify by not providing one.

Note that crypto_engine_exit() is typically called in a device driver's
remove path (or the error path in probe), where errors cannot be handled
anyhow.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: keembay - Don't pass errors to the caller in .remove()
Uwe Kleine-König [Sat, 23 Sep 2023 10:08:05 +0000 (12:08 +0200)]
crypto: keembay - Don't pass errors to the caller in .remove()

Returning an error code in the remove function of a platform device has
no effect (compared to returning zero) apart from an error message, that
the error is ignored. Then the device is removed irrespective of the
returned value.

As kmb_ocs_hcu_remove is only called after kmb_ocs_hcu_probe() returned
successfully, platform_get_drvdata() never returns NULL and so the
respective check can just be dropped.

crypto_engine_exit() might return an error code but already emits an
error message in that case, so better return zero in
kmb_ocs_hcu_remove() even in this case to suppress another error
message. All other crypto drivers also ignore the return value of
crypto_engine_exit().

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - Annotate struct adf_fw_counters with __counted_by
Kees Cook [Fri, 22 Sep 2023 17:54:33 +0000 (10:54 -0700)]
crypto: qat - Annotate struct adf_fw_counters with __counted_by

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct adf_fw_counters.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Tom Rix <trix@redhat.com>
Cc: Adam Guerin <adam.guerin@intel.com>
Cc: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: qat-linux@intel.com
Cc: linux-crypto@vger.kernel.org
Cc: llvm@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - increase size of buffers
Giovanni Cabiddu [Fri, 22 Sep 2023 09:03:47 +0000 (10:03 +0100)]
crypto: qat - increase size of buffers

Increase the size of the buffers used for composing the names used for
the transport debugfs entries and the vector name to avoid a potential
truncation.

This resolves the following errors when compiling the driver with W=1
and KCFLAGS=-Werror on GCC 12.3.1:

    drivers/crypto/intel/qat/qat_common/adf_transport_debug.c: In function ‘adf_ring_debugfs_add’:
    drivers/crypto/intel/qat/qat_common/adf_transport_debug.c:100:60: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
    drivers/crypto/intel/qat/qat_common/adf_isr.c: In function ‘adf_isr_resource_alloc’:
    drivers/crypto/intel/qat/qat_common/adf_isr.c:197:47: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 5 [-Werror=format-truncation=]

Fixes: a672a9dc872e ("crypto: qat - Intel(R) QAT transport code")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Damian Muszynski <damian.muszynski@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam/jr - fix Chacha20 + Poly1305 self test failure
Gaurav Jain [Thu, 21 Sep 2023 12:42:37 +0000 (18:12 +0530)]
crypto: caam/jr - fix Chacha20 + Poly1305 self test failure

key buffer is not copied in chachapoly_setkey function,
results in wrong output for encryption/decryption operation.

fix this by memcpy the key in caam_ctx key arrary

Fixes: d6bbd4eea243 ("crypto: caam/jr - add support for Chacha20 + Poly1305")
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: jitter - Allow configuration of oversampling rate
Stephan Müller [Thu, 21 Sep 2023 11:48:59 +0000 (13:48 +0200)]
crypto: jitter - Allow configuration of oversampling rate

The oversampling rate used by the Jitter RNG allows the configuration of
the heuristically implied entropy in one timing measurement. This
entropy rate is (1 / OSR) bits of entropy per time stamp.

Considering that the Jitter RNG now support APT/RCT health tests for
different OSRs, allow this value to be configured at compile time to
support systems with limited amount of entropy in their timer.

The allowed range of OSR values complies with the APT/RCT cutoff health
test values which range from 1 through 15.

The default value of the OSR selection support is left at 1 which is the
current default. Thus, the addition of the configuration support does
not alter the default Jitter RNG behavior.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: jitter - Allow configuration of memory size
Stephan Müller [Thu, 21 Sep 2023 11:48:33 +0000 (13:48 +0200)]
crypto: jitter - Allow configuration of memory size

The memory size consumed by the Jitter RNG is one contributing factor in
the amount of entropy that is gathered. As the amount of entropy
directly correlates with the distance of the memory from the CPU, the
caches that are possibly present on a given system have an impact on the
collected entropy.

Thus, the kernel compile time should offer a means to configure the
amount of memory used by the Jitter RNG. Although this option could be
turned into a runtime option (e.g. a kernel command line option), it
should remain a compile time option as otherwise adminsitrators who may
not have performed an entropy assessment may select a value that is
inappropriate.

The default value selected by the configuration is identical to the
current Jitter RNG value. Thus, the patch should not lead to any change
in the Jitter RNG behavior.

To accommodate larger memory buffers, kvzalloc / kvfree is used.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: jitter - add RCT/APT support for different OSRs
Stephan Müller [Thu, 21 Sep 2023 11:48:11 +0000 (13:48 +0200)]
crypto: jitter - add RCT/APT support for different OSRs

The oversampling rate (OSR) value specifies the heuristically implied
entropy in the recorded data - H_submitter = 1/osr. A different entropy
estimate implies a different APT/RCT cutoff value. This change adds
support for OSRs 1 through 15. This OSR can be selected by the caller
of the Jitter RNG.

For this patch, the caller still uses one hard-coded OSR. A subsequent
patch allows this value to be configured.

In addition, the power-up self test is adjusted as follows:

* It allows the caller to provide an oversampling rate that should be
tested with - commonly it should be the same as used for the actual
runtime operation. This makes the power-up testing therefore consistent
with the runtime operation.

* It calls now jent_measure_jitter (i.e. collects the full entropy
that can possibly be harvested by the Jitter RNG) instead of only
jent_condition_data (which only returns the entropy harvested from
the conditioning component). This should now alleviate reports where
the Jitter RNG initialization thinks there is too little entropy.

* The power-up test now solely relies on the (enhanced) APT and RCT
test that is used as a health test at runtime.

The code allowing the different OSRs as well as the power-up test
changes are present in the user space version of the Jitter RNG 3.4.1
and thus was already in production use for some time.

Reported-by "Ospan, Abylay" <aospan@amazon.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
Gaurav Jain [Thu, 21 Sep 2023 09:44:44 +0000 (15:14 +0530)]
crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure

key buffer is not copied in chachapoly_setkey function,
results in wrong output for encryption/decryption operation.

fix this by memcpy the key in caam_ctx key arrary

Fixes: c10a53367901 ("crypto: caam/qi2 - add support for Chacha20 + Poly1305")
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: stm32 - rework power management sequences
Gatien Chevallier [Thu, 21 Sep 2023 08:03:00 +0000 (10:03 +0200)]
hwrng: stm32 - rework power management sequences

Implement stm32_rng_suspend()/stm32_rng_resume() low-power APIs
called when the hardware block context will be lost.

There is no need to save the RNG_CR register in
stm32_rng_runtime_suspend() as the context is not lost. Therefore,
only enable/disable the RNG in the runtime sequences.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: stm32 - support RNG configuration locking mechanism
Gatien Chevallier [Thu, 21 Sep 2023 08:02:59 +0000 (10:02 +0200)]
hwrng: stm32 - support RNG configuration locking mechanism

If "st,rng-lock-conf" DT binding property is set for a stm32-rng node,
the RNG configuration will be locked until next hardware block reset
or platform reset.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: stm32 - restrain RNG noise source clock
Gatien Chevallier [Thu, 21 Sep 2023 08:02:58 +0000 (10:02 +0200)]
hwrng: stm32 - restrain RNG noise source clock

For NIST certification the noise source sampling may need to be
restrained.

This change implements an algorithm that gets the rate of the RNG
clock and apply the correct value in CLKDIV field in RNG_CR register
to force the RNG clock rate to be "max_clock_rate" maximum.

As it is platform-specific, implement it as a compat data.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: stm32 - rework error handling in stm32_rng_read()
Gatien Chevallier [Thu, 21 Sep 2023 08:02:57 +0000 (10:02 +0200)]
hwrng: stm32 - rework error handling in stm32_rng_read()

Try to conceal seed errors when possible. If, despite the error
concealing tries, a seed error is still present, then return an error.

A clock error does not compromise the hardware block and data can
still be read from RNG_DR. Just warn that the RNG clock is too slow
and clear RNG_SR.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: stm32 - implement error concealment
Gatien Chevallier [Thu, 21 Sep 2023 08:02:56 +0000 (10:02 +0200)]
hwrng: stm32 - implement error concealment

The RNG driver should be capable of recovering from an error. Implement
an error concealment API. This avoids irrecoverable RNG state.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: stm32 - implement STM32MP13x support
Gatien Chevallier [Thu, 21 Sep 2023 08:02:55 +0000 (10:02 +0200)]
hwrng: stm32 - implement STM32MP13x support

The RNG present on STM32MP13x platforms introduces a customizable
configuration and the conditional reset.

STM32 RNG configuration should best fit the requirements of the
platform. Therefore, put a platform-specific RNG configuration
field in the platform data. Default RNG configuration for STM32MP13
is the NIST certified configuration [1].

While there, fix and the RNG init sequence to support all RNG
versions.

[1] https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/53

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: stm32 - use devm_platform_get_and_ioremap_resource() API
Gatien Chevallier [Thu, 21 Sep 2023 08:02:54 +0000 (10:02 +0200)]
hwrng: stm32 - use devm_platform_get_and_ioremap_resource() API

Use devm_platform_get_and_ioremap_resource() to get and ioremap a
resource.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agodt-bindings: rng: introduce new compatible for STM32MP13x
Gatien Chevallier [Thu, 21 Sep 2023 08:02:53 +0000 (10:02 +0200)]
dt-bindings: rng: introduce new compatible for STM32MP13x

Introduce st,stm32mp13-rng compatible and add st,rng-lock-conf.

If st,rng-lock-conf is set, the RNG configuration in RNG_CR, RNG_HTCR
and RNG_NSCR will be locked. It is supported starting from the RNG
version present in the STM32MP13

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoipsec: Select CRYPTO_AEAD
Herbert Xu [Wed, 20 Sep 2023 23:20:25 +0000 (07:20 +0800)]
ipsec: Select CRYPTO_AEAD

Select CRYPTO_AEAD so that crypto_has_aead is available.

Fixes: 1383e2ab102c ("ipsec: Stop using crypto_has_alg")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202309202112.33V1Ezb1-lkp@intel.com/
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agodt-bindings: crypto: ice: document the sa8775p inline crypto engine
Bartosz Golaszewski [Wed, 13 Sep 2023 15:35:28 +0000 (17:35 +0200)]
dt-bindings: crypto: ice: document the sa8775p inline crypto engine

Add the compatible string for QCom ICE on sa8775p SoCs.

Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: x86/sha - load modules based on CPU features
Roxana Nicolescu [Fri, 15 Sep 2023 10:23:25 +0000 (12:23 +0200)]
crypto: x86/sha - load modules based on CPU features

x86 optimized crypto modules are built as modules rather than build-in and
they are not loaded when the crypto API is initialized, resulting in the
generic builtin module (sha1-generic) being used instead.

It was discovered when creating a sha1/sha256 checksum of a 2Gb file by
using kcapi-tools because it would take significantly longer than creating
a sha512 checksum of the same file. trace-cmd showed that for sha1/256 the
generic module was used, whereas for sha512 the optimized module was used
instead.

Add module aliases() for these x86 optimized crypto modules based on CPU
feature bits so udev gets a chance to load them later in the boot
process. This resulted in ~3x decrease in the real-time execution of
kcapi-dsg.

Fix is inspired from commit
aa031b8f702e ("crypto: x86/sha512 - load based on CPU features")
where a similar fix was done for sha512.

Cc: stable@vger.kernel.org # 5.15+
Suggested-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Suggested-by: Julian Andres Klode <julian.klode@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/sec - fix for sgl unmmap problem
Wenkai Lin [Fri, 15 Sep 2023 09:13:29 +0000 (17:13 +0800)]
crypto: hisilicon/sec - fix for sgl unmmap problem

When sec_aead_mac_init returns an error code, sec_cipher_map
will exit abnormally, the hardware sgl should be unmmaped.

Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - enable dc chaining service
Adam Guerin [Thu, 14 Sep 2023 14:14:13 +0000 (15:14 +0100)]
crypto: qat - enable dc chaining service

QAT GEN4 devices support chained compression operations. These
allow, with a single request to firmware, to hash then compress
data.

Extend the configuration to enable such mode. The cfg_services
operations in sysfs are extended to allow the string "dcc". When
selected, the driver downloads to the device both the symmetric
crypto and the compression firmware images and sends an admin message
to firmware which enables `chained` operations.
In addition, it sets the device's capabilities as the combination
of compression and symmetric crypto capabilities, while excluding
the ICP_ACCEL_CAPABILITIES_CRYPTO_SYMMETRIC bit to indicate
that in this mode, symmetric crypto instances are not supported.

When "dcc" is enabled, the device will handle compression requests
as if the "dc" configuration is loaded ("dcc" is a variation of "dc")
and the driver will register the acomp algorithms.

As for the other extended configurations, "dcc" is only available for
qat_4xxx devices and the chaining service will be only accessible from
user space.

Signed-off-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - consolidate services structure
Giovanni Cabiddu [Thu, 14 Sep 2023 14:14:12 +0000 (15:14 +0100)]
crypto: qat - consolidate services structure

The data structure that associates a service id with its name is
replicated across the driver.
Remove duplication by moving this data structure to a new include file,
adf_cfg_services.h in order to have consistency across the drivers.

Note that the data structure is re-instantiated every time the new
include is added to a compilation unit.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - fix unregistration of compression algorithms
Giovanni Cabiddu [Thu, 14 Sep 2023 09:55:49 +0000 (10:55 +0100)]
crypto: qat - fix unregistration of compression algorithms

The function adf_dev_init(), through the subsystem qat_compression,
populates the list of list of compression instances
accel_dev->compression_list. If the list of instances is not empty,
the function adf_dev_start() will then call qat_compression_registers()
register the compression algorithms into the crypto framework.

If any of the functions in adf_dev_start() fail, the caller of such
function, in the error path calls adf_dev_down() which in turn call
adf_dev_stop() and adf_dev_shutdown(), see for example the function
state_store in adf_sriov.c.
However, if the registration of compression algorithms is not done,
adf_dev_stop() will try to unregister the algorithms regardless.
This might cause the counter active_devs in qat_compression.c to get
to a negative value.

Add a new state, ADF_STATUS_COMPRESSION_ALGS_REGISTERED, which tracks
if the compression algorithms are registered into the crypto framework.
Then use this to unregister the algorithms if such flag is set. This
ensures that the compression algorithms are only unregistered if
previously registered.

Fixes: 1198ae56c9a5 ("crypto: qat - expose deflate through acomp api for QAT GEN2")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - fix unregistration of crypto algorithms
Giovanni Cabiddu [Thu, 14 Sep 2023 09:55:48 +0000 (10:55 +0100)]
crypto: qat - fix unregistration of crypto algorithms

The function adf_dev_init(), through the subsystem qat_crypto, populates
the list of list of crypto instances accel_dev->crypto_list.
If the list of instances is not empty, the function adf_dev_start() will
then call qat_algs_registers() and qat_asym_algs_register() to register
the crypto algorithms into the crypto framework.

If any of the functions in adf_dev_start() fail, the caller of such
function, in the error path calls adf_dev_down() which in turn call
adf_dev_stop() and adf_dev_shutdown(), see for example the function
state_store in adf_sriov.c.
However, if the registration of crypto algorithms is not done,
adf_dev_stop() will try to unregister the algorithms regardless.
This might cause the counter active_devs in qat_algs.c and
qat_asym_algs.c to get to a negative value.

Add a new state, ADF_STATUS_CRYPTO_ALGS_REGISTERED, which tracks if the
crypto algorithms are registered into the crypto framework. Then use
this to unregister the algorithms if such flag is set. This ensures that
the crypto algorithms are only unregistered if previously registered.

Fixes: d8cba25d2c68 ("crypto: qat - Intel(R) QAT driver framework")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - ignore subsequent state up commands
Giovanni Cabiddu [Thu, 14 Sep 2023 09:55:47 +0000 (10:55 +0100)]
crypto: qat - ignore subsequent state up commands

If the device is already in the up state, a subsequent write of `up` to
the sysfs attribute /sys/bus/pci/devices/<BDF>/qat/state brings the
device down.
Fix this behaviour by ignoring subsequent `up` commands if the device is
already in the up state.

Fixes: 1bdc85550a2b ("crypto: qat - fix concurrency issue when device state changes")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - do not shadow error code
Giovanni Cabiddu [Thu, 14 Sep 2023 09:55:46 +0000 (10:55 +0100)]
crypto: qat - do not shadow error code

Do not shadow the return code from adf_dev_down() in the error path of
the DEV_DOWN command.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - fix state machines cleanup paths
Giovanni Cabiddu [Thu, 14 Sep 2023 09:55:45 +0000 (10:55 +0100)]
crypto: qat - fix state machines cleanup paths

Commit 1bdc85550a2b ("crypto: qat - fix concurrency issue when device
state changes") introduced the function adf_dev_down() which wraps the
functions adf_dev_stop() and adf_dev_shutdown().
In a subsequent change, the sequence adf_dev_stop() followed by
adf_dev_shutdown() was then replaced across the driver with just a call
to the function adf_dev_down().

The functions adf_dev_stop() and adf_dev_shutdown() are called in error
paths to stop the accelerator and free up resources and can be called
even if the counterparts adf_dev_init() and adf_dev_start() did not
complete successfully.
However, the implementation of adf_dev_down() prevents the stop/shutdown
sequence if the device is found already down.
For example, if adf_dev_init() fails, the device status is not set as
started and therefore a call to adf_dev_down() won't be calling
adf_dev_shutdown() to undo what adf_dev_init() did.

Do not check if a device is started in adf_dev_down() but do the
equivalent check in adf_sysfs.c when handling a DEV_DOWN command from
the user.

Fixes: 2b60f79c7b81 ("crypto: qat - replace state machine calls")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/zip - remove zlib and gzip
Yang Shen [Thu, 14 Sep 2023 09:09:08 +0000 (17:09 +0800)]
crypto: hisilicon/zip - remove zlib and gzip

Remove the support of zlib-deflate and gzip.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Reviewed-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/zip - support deflate algorithm
Yang Shen [Thu, 14 Sep 2023 09:09:07 +0000 (17:09 +0800)]
crypto: hisilicon/zip - support deflate algorithm

Add the deflate algorithm support for hisilicon zip hardware.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: cbc - Convert from skcipher to lskcipher
Herbert Xu [Thu, 14 Sep 2023 08:28:28 +0000 (16:28 +0800)]
crypto: cbc - Convert from skcipher to lskcipher

Replace the existing skcipher CBC template with an lskcipher version.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ecb - Convert from skcipher to lskcipher
Herbert Xu [Thu, 14 Sep 2023 08:28:27 +0000 (16:28 +0800)]
crypto: ecb - Convert from skcipher to lskcipher

This patch adds two different implementations of ECB.  First of
all an lskcipher wrapper around existing ciphers is introduced as
a temporary transition aid.

Secondly a permanent lskcipher template is also added.  It's simply
a wrapper around the underlying lskcipher algorithm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: testmgr - Add support for lskcipher algorithms
Herbert Xu [Thu, 14 Sep 2023 08:28:26 +0000 (16:28 +0800)]
crypto: testmgr - Add support for lskcipher algorithms

Test lskcipher algorithms using the same logic as cipher algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: lskcipher - Add compatibility wrapper around ECB
Herbert Xu [Thu, 14 Sep 2023 08:28:25 +0000 (16:28 +0800)]
crypto: lskcipher - Add compatibility wrapper around ECB

As an aid to the transition from cipher algorithm implementations
to lskcipher, add a temporary wrapper when creating simple lskcipher
templates by using ecb(X) instead of X if an lskcipher implementation
of X cannot be found.

This can be reverted once all cipher implementations have switched
over to lskcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: skcipher - Add lskcipher
Herbert Xu [Thu, 14 Sep 2023 08:28:24 +0000 (16:28 +0800)]
crypto: skcipher - Add lskcipher

Add a new API type lskcipher designed for taking straight kernel
pointers instead of SG lists.  Its relationship to skcipher will
be analogous to that between shash and ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hash - Hide CRYPTO_ALG_TYPE_AHASH_MASK
Herbert Xu [Thu, 14 Sep 2023 08:28:23 +0000 (16:28 +0800)]
crypto: hash - Hide CRYPTO_ALG_TYPE_AHASH_MASK

Move the macro CRYPTO_ALG_TYPE_AHASH_MASK out of linux/crypto.h
and into crypto/ahash.c so that it's not visible to users of the
Crypto API.

Also remove the unused CRYPTO_ALG_TYPE_HASH_MASK macro.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoipsec: Stop using crypto_has_alg
Herbert Xu [Thu, 14 Sep 2023 08:28:22 +0000 (16:28 +0800)]
ipsec: Stop using crypto_has_alg

Stop using the obsolete crypto_has_alg helper that is type-agnostic.
Instead use the type-specific helpers such as the newly added
crypto_has_aead.

This means that changes in the underlying type/mask values won't
affect IPsec.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: aead - Add crypto_has_aead
Herbert Xu [Thu, 14 Sep 2023 08:28:21 +0000 (16:28 +0800)]
crypto: aead - Add crypto_has_aead

Add the helper crypto_has_aead.  This is meant to replace the
existing use of crypto_has_alg to locate AEAD algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: aesni - Fix double word in comments
Bo Liu [Thu, 14 Sep 2023 07:27:50 +0000 (03:27 -0400)]
crypto: aesni - Fix double word in comments

Remove the repeated word "if" in comments.

Signed-off-by: Bo Liu <liubo03@inspur.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: api - Remove unnecessary NULL initialisation
Li zeming [Wed, 13 Sep 2023 18:17:27 +0000 (02:17 +0800)]
crypto: api - Remove unnecessary NULL initialisation

tfm is assigned first, so it does not need to initialize
the assignment.

Signed-off-by: Li zeming <zeming@nfschina.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - refactor deprecated strncpy
Justin Stitt [Wed, 13 Sep 2023 00:51:05 +0000 (00:51 +0000)]
crypto: qat - refactor deprecated strncpy

`strncpy` is deprecated for use on NUL-terminated destination strings [1].

We should prefer more robust and less ambiguous string interfaces.

`buf` is expected to be NUL-terminated for its eventual use in
`kstrtoul()` and NUL-padding is not required.

Due to the above, a suitable replacement is `strscpy` [2] due to the
fact that it guarantees NUL-termination on the destination buffer.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: cavium/nitrox - refactor deprecated strncpy
Justin Stitt [Wed, 13 Sep 2023 00:32:31 +0000 (00:32 +0000)]
crypto: cavium/nitrox - refactor deprecated strncpy

`strncpy` is deprecated for use on NUL-terminated destination strings [1].

We know `hw.partname` is supposed to be NUL-terminated by its later use with seq_printf:
| nitrox_debugfs.c +25
|      seq_printf(s, "  Part Name: %s\n", ndev->hw.partname);

Let's prefer a more robust and less ambiguous string interface.

A suitable replacement is `strscpy` [2] due to the fact that it guarantees
NUL-termination on the destination buffer.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: imx-rngc - reasonable timeout for initial seed
Martin Kaiser [Tue, 12 Sep 2023 14:31:18 +0000 (16:31 +0200)]
hwrng: imx-rngc - reasonable timeout for initial seed

Set a more reasonable timeout for calculating the initial seed.

The reference manuals says that "The initial seed takes approximately
2,000,000 clock cycles." The rngc peripheral clock runs at >= 33.25MHz,
so seeding takes at most 60ms.

A timeout of 200ms is more appropriate than the current value of 3
seconds.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: imx-rngc - reasonable timeout for selftest
Martin Kaiser [Tue, 12 Sep 2023 14:31:17 +0000 (16:31 +0200)]
hwrng: imx-rngc - reasonable timeout for selftest

Set a more reasonable timeout for the rngc selftest.

According to the reference manual, "The self test takes approximately
29,000 cycles to complete." The lowest possible frequency of the rngc
peripheral clock is 33.25MHz, the selftest would then take about 872us.

2.5ms should be enough for the selftest timeout.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agochelsio: Do not include crypto/algapi.h
Herbert Xu [Wed, 23 Aug 2023 10:15:24 +0000 (18:15 +0800)]
chelsio: Do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoKEYS: encrypted: Do not include crypto/algapi.h
Herbert Xu [Tue, 22 Aug 2023 09:38:49 +0000 (17:38 +0800)]
KEYS: encrypted: Do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoevm: Do not include crypto/algapi.h
Herbert Xu [Tue, 22 Aug 2023 09:37:13 +0000 (17:37 +0800)]
evm: Do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoSUNRPC: Do not include crypto/algapi.h
Herbert Xu [Tue, 22 Aug 2023 09:36:16 +0000 (17:36 +0800)]
SUNRPC: Do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agomptcp: Do not include crypto/algapi.h
Herbert Xu [Tue, 22 Aug 2023 09:34:10 +0000 (17:34 +0800)]
mptcp: Do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoah: Do not include crypto/algapi.h
Herbert Xu [Tue, 22 Aug 2023 09:30:21 +0000 (17:30 +0800)]
ah: Do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoBluetooth: Do not include crypto/algapi.h
Herbert Xu [Tue, 22 Aug 2023 09:26:25 +0000 (17:26 +0800)]
Bluetooth: Do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoubifs: Do not include crypto/algapi.h
Herbert Xu [Tue, 22 Aug 2023 09:23:58 +0000 (17:23 +0800)]
ubifs: Do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agofscrypt: Do not include crypto/algapi.h
Herbert Xu [Tue, 22 Aug 2023 09:21:11 +0000 (17:21 +0800)]
fscrypt: Do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: geode - fix accessing registers
Jonas Gorski [Sun, 10 Sep 2023 08:34:17 +0000 (10:34 +0200)]
hwrng: geode - fix accessing registers

When the membase and pci_dev pointer were moved to a new struct in priv,
the actual membase users were left untouched, and they started reading
out arbitrary memory behind the struct instead of registers. This
unfortunately turned the RNG into a constant number generator, depending
on the content of what was at that offset.

To fix this, update geode_rng_data_{read,present}() to also get the
membase via amd_geode_priv, and properly read from the right addresses
again.

Fixes: 9f6ec8dc574e ("hwrng: geode - Fix PCI device refcount leak")
Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217882
Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: octeon - Fix warnings on 32-bit platforms
Herbert Xu [Fri, 8 Sep 2023 09:21:13 +0000 (17:21 +0800)]
hwrng: octeon - Fix warnings on 32-bit platforms

Use unsigned long instead of u64 to silence compile warnings on
32-bit platforms.  Also remove the __force bit which seems no
longer needed with a current sparse.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add support for DBC over PSP mailbox
Mario Limonciello [Thu, 7 Sep 2023 18:48:46 +0000 (13:48 -0500)]
crypto: ccp - Add support for DBC over PSP mailbox

On some SOCs DBC is supported through the PSP mailbox instead of
the platform mailbox. This capability is advertised in the PSP
capabilities register. Allow using this communication path if
supported.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add a macro to check capabilities register
Mario Limonciello [Thu, 7 Sep 2023 18:48:45 +0000 (13:48 -0500)]
crypto: ccp - Add a macro to check capabilities register

Offsets are checked by the capabilities register in multiple places.
To make the code more readable add a macro.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add a communication path abstraction for DBC
Mario Limonciello [Thu, 7 Sep 2023 18:48:44 +0000 (13:48 -0500)]
crypto: ccp - Add a communication path abstraction for DBC

DBC is currently accessed only from the platform access mailbox and
a lot of that implementation's communication path is intertwined
with DBC. Add an abstraction layer for pointers into the mailbox.

No intended functional changes.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add support for extended PSP mailbox commands
Mario Limonciello [Thu, 7 Sep 2023 18:48:43 +0000 (13:48 -0500)]
crypto: ccp - Add support for extended PSP mailbox commands

The PSP mailbox supports a number of extended sub-commands.  These
subcommands are placed in the header of the buffer sent to the mailbox.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Move direct access to some PSP registers out of TEE
Tom Lendacky [Thu, 7 Sep 2023 18:48:42 +0000 (13:48 -0500)]
crypto: ccp - Move direct access to some PSP registers out of TEE

With the PSP mailbox registers supporting more than just TEE, access to
them must be maintained and serialized by the PSP device support. Remove
TEE support direct access and create an interface in the PSP support
where the register access can be controlled/serialized.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Tested-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: bcm2835 - Fix hwrng throughput regression
Stefan Wahren [Tue, 5 Sep 2023 23:27:57 +0000 (01:27 +0200)]
hwrng: bcm2835 - Fix hwrng throughput regression

The last RCU stall fix caused a massive throughput regression of the
hwrng on Raspberry Pi 0 - 3. hwrng_msleep doesn't sleep precisely enough
and usleep_range doesn't allow scheduling. So try to restore the
best possible throughput by introducing hwrng_yield which interruptable
sleeps for one jiffy.

Some performance measurements on Raspberry Pi 3B+ (arm64/defconfig):

sudo dd if=/dev/hwrng of=/dev/null count=1 bs=10000

cpu_relax              ~138025 Bytes / sec
hwrng_msleep(1000)         ~13 Bytes / sec
hwrng_yield              ~2510 Bytes / sec

Fixes: 96cb9d055445 ("hwrng: bcm2835 - use hwrng_msleep() instead of cpu_relax()")
Link: https://lore.kernel.org/linux-arm-kernel/bc97ece5-44a3-4c4e-77da-2db3eb66b128@gmx.net/
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/hpre - Fix a erroneous check after snprintf()
Christophe JAILLET [Mon, 4 Sep 2023 20:17:29 +0000 (22:17 +0200)]
crypto: hisilicon/hpre - Fix a erroneous check after snprintf()

This error handling looks really strange.
Check if the string has been truncated instead.

Fixes: 02ab994635eb ("crypto: hisilicon - Fixed some tiny bugs of HPRE")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: pcrypt - Fix hungtask for PADATA_RESET
Lu Jialin [Mon, 4 Sep 2023 13:33:41 +0000 (13:33 +0000)]
crypto: pcrypt - Fix hungtask for PADATA_RESET

We found a hungtask bug in test_aead_vec_cfg as follows:

INFO: task cryptomgr_test:391009 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Call trace:
 __switch_to+0x98/0xe0
 __schedule+0x6c4/0xf40
 schedule+0xd8/0x1b4
 schedule_timeout+0x474/0x560
 wait_for_common+0x368/0x4e0
 wait_for_completion+0x20/0x30
 wait_for_completion+0x20/0x30
 test_aead_vec_cfg+0xab4/0xd50
 test_aead+0x144/0x1f0
 alg_test_aead+0xd8/0x1e0
 alg_test+0x634/0x890
 cryptomgr_test+0x40/0x70
 kthread+0x1e0/0x220
 ret_from_fork+0x10/0x18
 Kernel panic - not syncing: hung_task: blocked tasks

For padata_do_parallel, when the return err is 0 or -EBUSY, it will call
wait_for_completion(&wait->completion) in test_aead_vec_cfg. In normal
case, aead_request_complete() will be called in pcrypt_aead_serial and the
return err is 0 for padata_do_parallel. But, when pinst->flags is
PADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it
won't call aead_request_complete(). Therefore, test_aead_vec_cfg will
hung at wait_for_completion(&wait->completion), which will cause
hungtask.

The problem comes as following:
(padata_do_parallel)                 |
    rcu_read_lock_bh();              |
    err = -EINVAL;                   |   (padata_replace)
                                     |     pinst->flags |= PADATA_RESET;
    err = -EBUSY                     |
    if (pinst->flags & PADATA_RESET) |
        rcu_read_unlock_bh()         |
        return err

In order to resolve the problem, we replace the return err -EBUSY with
-EAGAIN, which means parallel_data is changing, and the caller should call
it again.

v3:
remove retry and just change the return err.
v2:
introduce padata_try_do_parallel() in pcrypt_aead_encrypt and
pcrypt_aead_decrypt to solve the hungtask.

Signed-off-by: Lu Jialin <lujialin4@huawei.com>
Signed-off-by: Guo Zihua <guozihua@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: vmx - Improved AES/XTS performance of 6-way unrolling for ppc
Danny Tsen [Wed, 30 Aug 2023 13:49:11 +0000 (09:49 -0400)]
crypto: vmx - Improved AES/XTS performance of 6-way unrolling for ppc

Improve AES/XTS performance of 6-way unrolling for PowerPC up
to 17% with tcrypt.  This is done by using one instruction,
vpermxor, to replace xor and vsldoi.

The same changes were applied to OpenSSL code and a pull request was
submitted.

This patch has been tested with the kernel crypto module tcrypt.ko and
has passed the selftest.  The patch is also tested with
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS enabled.

Signed-off-by: Danny Tsen <dtsen@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - Use list_for_each_entry() helper
Jinjie Ruan [Wed, 30 Aug 2023 07:54:51 +0000 (15:54 +0800)]
crypto: qat - Use list_for_each_entry() helper

Convert list_for_each() to list_for_each_entry() so that the list_itr
list_head pointer and list_entry() call are no longer needed, which
can reduce a few lines of code. No functional changed.

Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Fix some unfused tests
Mario Limonciello [Tue, 29 Aug 2023 15:07:59 +0000 (10:07 -0500)]
crypto: ccp - Fix some unfused tests

Some of the tests for unfused parts referenced a named member parameter,
but when the test suite was switched to call a python ctypes library they
weren't updated.  Adjust them to refer to the first argument of the
process_param() call and set the data type of the signature appropriately.

Fixes: 15f8aa7bb3e5 ("crypto: ccp - Add unit tests for dynamic boost control")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Fix sample application signature passing
Mario Limonciello [Tue, 29 Aug 2023 15:07:58 +0000 (10:07 -0500)]
crypto: ccp - Fix sample application signature passing

When parameters are sent the PSP returns back it's own signature
for the application to verify the authenticity of the result.

Display this signature to the caller instead of the one the caller
sent.

Fixes: f40d42f116cf ("crypto: ccp - Add a sample python script for Dynamic Boost Control")
Fixes: febe3ed3222f ("crypto: ccp - Add a sample library for ioctl use")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Fix DBC sample application error handling
Mario Limonciello [Tue, 29 Aug 2023 15:07:57 +0000 (10:07 -0500)]
crypto: ccp - Fix DBC sample application error handling

The sample application was taking values from ioctl() and treating
those as the error codes to present to a user.

This is incorrect when ret is non-zero, the error is stored to `errno`.
Use this value instead.

Fixes: f40d42f116cf ("crypto: ccp - Add a sample python script for Dynamic Boost Control")
Fixes: febe3ed3222f ("crypto: ccp - Add a sample library for ioctl use")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Fix ioctl unit tests
Mario Limonciello [Tue, 29 Aug 2023 15:07:56 +0000 (10:07 -0500)]
crypto: ccp - Fix ioctl unit tests

A local environment change was importing ioctl_opt which is required
for ioctl tests to pass.  Add the missing import for it.

Fixes: 15f8aa7bb3e5 ("crypto: ccp - Add unit tests for dynamic boost control")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Get a free page to use while fetching initial nonce
Mario Limonciello [Tue, 29 Aug 2023 15:07:55 +0000 (10:07 -0500)]
crypto: ccp - Get a free page to use while fetching initial nonce

dbc_dev_init() gets a free page from `GFP_KERNEL`, but if that page has
any data in it the first nonce request will fail.
This prevents dynamic boost control from probing. To fix this, explicitly
request a zeroed page with `__GFP_ZERO` to ensure first nonce fetch works.

Fixes: c04cf9e14f10 ("crypto: ccp - Add support for fetching a nonce for dynamic boost control")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoDocumentation: ABI: debugfs-driver-qat: fix fw_counters path
Giovanni Cabiddu [Tue, 29 Aug 2023 10:13:57 +0000 (11:13 +0100)]
Documentation: ABI: debugfs-driver-qat: fix fw_counters path

The debugfs description for fw_counters reports an incorrect path
indicating a qat folder that does not exist. Fix it.

Fixes: 865b50fe6ea8 ("crypto: qat - add fw_counters debugfs file")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: xiphera - removed unnneded platform_set_drvdata()
Andrei Coardos [Mon, 28 Aug 2023 10:29:43 +0000 (13:29 +0300)]
hwrng: xiphera - removed unnneded platform_set_drvdata()

This function call was found to be unnecessary as there is no equivalent
platform_get_drvdata() call to access the private data of the driver. Also,
the private data is defined in this driver, so there is no risk of it being
accessed outside of this driver file.

Signed-off-by: Andrei Coardos <aboutphysycs@gmail.com>
Reviewed-by: Alexandru Ardelean <alex@shruggie.ro>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: xgene - removed unneeded call to platform_set_drvdata()
Andrei Coardos [Mon, 28 Aug 2023 10:23:29 +0000 (13:23 +0300)]
hwrng: xgene - removed unneeded call to platform_set_drvdata()

This function call was found to be unnecessary as there is no equivalent
platform_get_drvdata() call to access the private data of the driver. Also,
the private data is defined in this driver, so there is no risk of it being
accessed outside of this driver file.

Signed-off-by: Andrei Coardos <aboutphysycs@gmail.com>
Reviewed-by: Martin Kaiser <martin@kaiser.cx>
Reviewed-by: Alexandru Ardelean <alex@shruggie.ro>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: mpfs - removed unneeded call to platform_set_drvdata()
Andrei Coardos [Mon, 28 Aug 2023 10:17:57 +0000 (13:17 +0300)]
hwrng: mpfs - removed unneeded call to platform_set_drvdata()

This function call was found to be unnecessary as there is no equivalent
platform_get_drvdata() call to access the private data of the driver. Also,
the private data is defined in this driver, so there is no risk of it being
accessed outside of this driver file.

Signed-off-by: Andrei Coardos <aboutphysycs@gmail.com>
Acked-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Alexandru Ardelean <alex@shruggie.ro>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoKEYS: Include linux/errno.h in linux/verification.h
Herbert Xu [Sat, 26 Aug 2023 08:36:41 +0000 (16:36 +0800)]
KEYS: Include linux/errno.h in linux/verification.h

Add inclusion of linux/errno.h as otherwise the reference to EINVAL
may be invalid.

Fixes: f3cf4134c5c6 ("bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202308261414.HKw1Mrip-lkp@intel.com/
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: st - add MODULE_DESCRIPTION
Martin Kaiser [Thu, 24 Aug 2023 19:57:40 +0000 (21:57 +0200)]
hwrng: st - add MODULE_DESCRIPTION

Add a MODULE_DESCRIPTION to fix the W=1 warning

WARNING: modpost: missing MODULE_DESCRIPTION() in
drivers/char/hw_random/st-rng.o

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: nomadik - add MODULE_DESCRIPTION
Martin Kaiser [Thu, 24 Aug 2023 19:56:58 +0000 (21:56 +0200)]
hwrng: nomadik - add MODULE_DESCRIPTION

Add a MODULE_DESCRIPTION to fix the W=1 warning

WARNING: modpost: missing MODULE_DESCRIPTION() in
drivers/char/hw_random/nomadik-rng.o

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ks-sa - use dev_err_probe
Martin Kaiser [Thu, 24 Aug 2023 19:40:37 +0000 (21:40 +0200)]
hwrng: ks-sa - use dev_err_probe

Replace dev_err + return with dev_err_probe.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ks-sa - remove dev from struct ks_sa_rng
Martin Kaiser [Thu, 24 Aug 2023 19:40:36 +0000 (21:40 +0200)]
hwrng: ks-sa - remove dev from struct ks_sa_rng

dev in struct ks_sa_rng is not used. Remove it.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ks-sa - access private data via struct hwrng
Martin Kaiser [Thu, 24 Aug 2023 19:40:35 +0000 (21:40 +0200)]
hwrng: ks-sa - access private data via struct hwrng

This driver uses a struct ks_sa_rng for its private data. It contains a
struct hwrng. Call container_of to get from hwrng to ks_sa_rng.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agowireguard: do not include crypto/algapi.h
Herbert Xu [Thu, 24 Aug 2023 05:17:45 +0000 (13:17 +0800)]
wireguard: do not include crypto/algapi.h

The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>