- 27 Jun, 2023 3 commits
-
-
Herbert Xu authored
As signature verification has a NULL destination buffer, the pointer needs to be checked before the memcpy is done. Fixes: addde1f2 ("crypto: akcipher - Add sync interface without SG lists") Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
The dst SG list needs to be set to NULL for verify calls. Do this as otherwise the underlying algorithm may fail. Furthermore the digest needs to be copied just like the source. Fixes: 6cb8815f ("crypto: sig - Add interface for sign/verify") Signed-off-by:
-
Herbert Xu authored
The request tfm needs to be set. Fixes: addde1f2 ("crypto: akcipher - Add sync interface without SG lists") Reported-by:
kernel test robot <oliver.sang@intel.com> Closes: https://lore.kernel.org/oe-lkp/202306261421.2ac744fa-oliver.sang@intel.comSigned-off-by:
-
- 26 Jun, 2023 1 commit
-
-
Herbert Xu authored
When sm2 is disabled we need to provide an implementation of sm2_compute_z_digest. Fixes: e5221fa6 ("KEYS: asymmetric: Move sm2 code into x509_public_key") Reported-by:
kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202306231917.utO12sx8-lkp@intel.com/Signed-off-by:
-
- 23 Jun, 2023 20 commits
-
-
Martin Kaiser authored
SIMPLE_DEV_PM_OPS is deprecated, replace it with DEFINE_SIMPLE_DEV_PM_OPS and use pm_sleep_ptr for setting the driver's pm routines. We can now remove the __maybe_unused qualifier in the suspend and resume functions. Signed-off-by:
Martin Kaiser <martin@kaiser.cx> Signed-off-by:
-
Martin Kaiser authored
The st-rng driver uses devres to register itself with the hwrng core, the driver will be unregistered from hwrng when its device goes out of scope. This happens after the driver's remove function is called. However, st-rng's clock is disabled in the remove function. There's a short timeframe where st-rng is still registered with the hwrng core although its clock is disabled. I suppose the clock must be active to access the hardware and serve requests from the hwrng core. Switch to devm_clk_get_enabled and let devres disable the clock and unregister the hwrng. This avoids the race condition. Fixes: 3e75241b ("hwrng: drivers - Use device-managed registration API") Signed-off-by:
-
Martin Kaiser authored
Allow compile-testing the st-rng driver if we're not running on an ST chipset. Signed-off-by:
-
Martin Kaiser authored
Fix the timeout that is used for the initialisation and for the self test. wait_for_completion_timeout expects a timeout in jiffies, but RNGC_TIMEOUT is in milliseconds. Call msecs_to_jiffies to do the conversion. Cc: stable@vger.kernel.org Fixes: 1d544944 ("hwrng: mx-rngc - add a driver for Freescale RNGC") Signed-off-by:
-
Herbert Xu authored
Use the new akcipher and sig interfaces which no longer have scatterlists in them. Signed-off-by: -
Herbert Xu authored
The sm2 certificate requires a modified digest. Move the code for the hashing from the signature verification path into the code where we generate the digest. Signed-off-by: -
Herbert Xu authored
Add forward declaration for struct key_preparsed_payload so that this header file is self-contained. Signed-off-by: -
Herbert Xu authored
Split out the sign/verify functionality from the existing akcipher interface. Most algorithms in akcipher either support encryption and decryption, or signing and verify. Only one supports both. As a signature algorithm may not support encryption at all, these two should be spearated. For now sig is simply a wrapper around akcipher as all algorithms remain unchanged. This is a first step and allows users to start allocating sig instead of akcipher. Signed-off-by: -
Herbert Xu authored
The only user of akcipher does not use SG lists. Therefore forcing users to use SG lists only results unnecessary overhead. Add a new interface that supports arbitrary kernel pointers. For the time being the copy will be performed unconditionally. But this will go away once the underlying interface is updated. Note also that only encryption and decryption is addressed by this patch as sign/verify will go into a new interface (sig). Signed-off-by: -
Dmitry Safonov authored
The refcounter of underlying algorithm should be incremented, otherwise it'll be destroyed with the cloned cipher, wrecking the original cipher. Signed-off-by:
Dmitry Safonov <dima@arista.com> Signed-off-by:
-
Herbert Xu authored
Use it straight away in crypto_clone_cipher(), as that is not meant to sleep. Fixes: 51d8d6d0 ("crypto: cipher - Add crypto_clone_cipher") Signed-off-by:
-
Dmitry Safonov authored
Purge crypto_type::init() as well. The last user seems to be gone with commit d63007eb ("crypto: ablkcipher - remove deprecated and unused ablkcipher support"). Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
-
Mahmoud Adam authored
check if rsa public exponent is odd and check its value is between 2^16 < e < 2^256. FIPS 186-5 DSS (page 35)[1] specify that: 1. The public exponent e shall be selected with the following constraints: (a) The public verification exponent e shall be selected prior to generating the primes, p and q, and the private signature exponent d. (b) The exponent e shall be an odd positive integer such that: 2^16 < e < 2^256. [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdfSigned-off-by:
Mahmoud Adam <mngyadam@amazon.com> Reviewed-by:
Stephan Mueller <smueller@chronox.de> Signed-off-by:
-
Herbert Xu authored
Give geniv its own Kconfig option so that its dependencies are distinct from that of the AEAD API code. This also allows it to be disabled if no IV generators (seqiv/echainiv) are enabled. Remove the obsolete select on RNG2 by SKCIPHER2 as skcipher IV generators disappeared long ago. Signed-off-by: -
Herbert Xu authored
The testmgr code uses crypto_rng without depending on it. Add an explicit dependency to Kconfig. Also sort the MANAGER2 dependencies alphabetically. Signed-off-by: -
Jia Jie Ho authored
Adding RSA enc/dec and sign/verify feature for StarFive cryptographic module. The module only supports mod sizes up to 2048, therefore calculations more than that will use fallback algo. Co-developed-by:
Huan Feng <huan.feng@starfivetech.com> Signed-off-by:
Jia Jie Ho <jiajie.ho@starfivetech.com> Signed-off-by:
-
Jia Jie Ho authored
Hash driver needs to check the value of irq mask register before writing as it will mask irq of other modules. Co-developed-by:
-
Meenakshi Aggarwal authored
TRNG "sample size" (the total number of entropy samples that will be taken during entropy generation) default / POR value is very conservatively set to 2500. Let's set it to 512, the same as the caam driver in U-boot (drivers/crypto/fsl_caam.c) does. This solves the issue of RNG performance dropping after a suspend/resume cycle on parts where caam loses power, since the initial U-boot setttings are lost and kernel does not restore them when resuming. Note: when changing the sample size, the self-test parameters need to be updated accordingly. Signed-off-by:
Horia Geantă <horia.geanta@nxp.com> Signed-off-by:
Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Reviewed-by:
Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by:
-
Victoria Milhoan (b42089) authored
CAAM includes a Random Number Generator. This change adds a kernel configuration option to test the RNG's capabilities via the hw_random framework. Signed-off-by:
Victoria Milhoan <vicki.milhoan@freescale.com> Signed-off-by:
Dan Douglass <dan.douglass@nxp.com> Signed-off-by:
Vipul Kumar <vipul_kumar@mentor.com> Signed-off-by:
-
Victoria Milhoan authored
Adjust RNG timing parameters to support more i.MX6 devices. Signed-off-by:
-
- 16 Jun, 2023 10 commits
-
-
Giovanni Cabiddu authored
The function adf_init_admin_pm() is not used outside of the intel_qat module. Do not export it. Signed-off-by:
Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by:
Damian Muszynski <damian.muszynski@intel.com> Reviewed-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by:
-
Rob Herring authored
Use the recently added of_property_read_reg() helper to get the untranslated "reg" address value. Signed-off-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
Lucas Segarra Fernandez authored
Expose 'pm_idle_enabled' sysfs attribute. This attribute controls how idle conditions are handled. If it is set to 1 (idle support enabled) when the device detects an idle condition, the driver will transition the device to the 'MIN' power configuration. In order to set the value of this attribute for a device, the device must be in the 'down' state. This only applies to qat_4xxx generation. Signed-off-by:
Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com> Reviewed-by:
-
Adam Guerin authored
A QAT GEN4 device can be currently configured for crypto (sym;asym) or compression (dc). This patch extends the configuration to support more variations of these services, download the correct FW images on the device and report the correct capabilities on the device based on the configured service. The device can now be configured with the following services: "sym", "asym", "dc", "sym;asym", "asym;sym", "sym;dc", "dc;sym", "asym;dc", "dc;asym". With this change, the configuration "sym", "asym", "sym;dc", "dc;sym", "asym;dc", "dc;asym" will be accessible only via userspace, i.e. the driver for those configurations will not register into the crypto framework. Support for such configurations in kernel will be enabled in a later patch. The pairs "sym;asym" and "asym;sym" result in identical device config. As do "sym;dc", "dc;sym", and "asym;dc", "dc;asym". Signed-off-by:
Adam Guerin <adam.guerin@intel.com> Reviewed-by:
-
Giovanni Cabiddu authored
The data structure adf_fw_config is used to select which firmware image is loaded on a certain set of accelerator engines. When support for 402xx was added, the adf_fw_config arrays were duplicated in order to select different firmware images. Since the configurations are the same regardless of the QAT GEN4 flavour, in preparation for adding support for multiple configurations, refactor the logic that retrieves the firmware names in the 4xxx driver. The structure adf_fw_config has been changed to contain a firmware object id that is then mapped to a firmware name depending of the device type. Signed-off-by:
-
Giovanni Cabiddu authored
Update fw image names to be constant throughout the driver. Signed-off-by:
-
Adam Guerin authored
Make use of the default statements by changing the pattern: switch(condition) { case COND_A: ... break; case COND_b: ... break; } return ret; in switch(condition) { case COND_A: ... break; case COND_b: ... break; default: return ret; } Signed-off-by: -
Franziska Naepelt authored
The following checkpatch warning has been fixed: - WARNING: Missing a blank line after declarations Signed-off-by:
Franziska Naepelt <franziska.naepelt@gmail.com> Signed-off-by:
-
Hareshx Sankar Raj authored
The callback function for RSA frees the memory allocated for the source and destination buffers before unmapping them. This sequence is wrong. Change the cleanup sequence to unmap the buffers before freeing them. Fixes: 3dfaf007 ("crypto: qat - remove dma_free_coherent() for RSA") Signed-off-by:
Hareshx Sankar Raj <hareshx.sankar.raj@intel.com> Co-developed-by:
Bolemx Sivanagaleela <bolemx.sivanagaleela@intel.com> Signed-off-by:
-
Hareshx Sankar Raj authored
The callback function for DH frees the memory allocated for the destination buffer before unmapping it. This sequence is wrong. Change the cleanup sequence to unmap the buffer before freeing it. Fixes: 029aa462 ("crypto: qat - remove dma_free_coherent() for DH") Signed-off-by:
-
- 09 Jun, 2023 3 commits
-
-
Herbert Xu authored
MAX_CIPHER_BLOCKSIZE is an internal implementation detail and should not be relied on by users of the Crypto API. Instead of storing the IV on the stack, allocate it together with the crypto request. Signed-off-by:
Mike Snitzer <snitzer@kernel.org> Signed-off-by:
-
Karthikeyan Gopal authored
Update slice mask enum for 4xxx device with BIT(7) to mask SMX fuse. This change is done to align the slice mask with the hardware fuse register. Signed-off-by:
Karthikeyan Gopal <karthikeyan.gopal@intel.com> Reviewed-by:
-
Karthikeyan Gopal authored
The LZS and RAND features are no longer available on QAT. Remove the definition of bit 6 (LZS) and bit 7 (RAND) in the enum that represents the capabilities and replace them with a comment mentioning that those bits are reserved. Those bits shall not be used in future. Signed-off-by:
-
- 06 Jun, 2023 1 commit
-
-
Giovanni Cabiddu authored
The function adf_dbgfs_exit() was improperly named causing the build to fail when CONFIG_DEBUG_FS=n. Rename adf_dbgfs_cleanup() as adf_dbgfs_exit(). This fixes the following build error: CC [M] drivers/crypto/intel/qat/qat_c62x/adf_drv.o drivers/crypto/intel/qat/qat_c62x/adf_drv.c: In function ‘adf_cleanup_accel’: drivers/crypto/intel/qat/qat_c62x/adf_drv.c:69:9: error: implicit declaration of function ‘adf_dbgfs_exit’; did you mean ‘adf_dbgfs_init’? [-Werror=implicit-function-declaration] 69 | adf_dbgfs_exit(accel_dev); | ^~~~~~~~~~~~~~ | adf_dbgfs_init cc1: all warnings being treated as errors make[2]: *** [scripts/Makefile.build:252: drivers/crypto/intel/qat/qat_c62x/adf_drv.o] Error 1 make[1]: *** [scripts/Makefile.build:494: drivers/crypto/intel/qat/qat_c62x] Error 2 make: *** [Makefile:2026: drivers/crypto/intel/qat] Error 2 Fixes: 9260db66 ("crypto: qat - move dbgfs init to separate file") Reported-by:
-
- 02 Jun, 2023 2 commits
-
-
Bhupesh Sharma authored
The core clock for the Crypto Engine block on Qualcomm SoCs SM6115 and QCM2290 are provided via the RPM block. So mark the compatibles for these SoCs to indicate that only 'core' clock is required for such SoCs. Acked-by:
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Tested-by:
Anders Roxell <anders.roxell@linaro.org> Tested-by:
Linux Kernel Functional Testing <lkft@linaro.org> Signed-off-by:
Bhupesh Sharma <bhupesh.sharma@linaro.org> Signed-off-by:
-
Bhupesh Sharma authored
Currently the compatible list available in 'qce' dt-bindings does not support SM8150 and IPQ4019 SoCs directly which may lead to potential 'dtbs_check' error(s). Fix the same. Fixes: 00f3bc2d ("dt-bindings: qcom-qce: Add new SoC compatible strings for Qualcomm QCE IP") Reviewed-by:
Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org> Acked-by:
-
