- 08 Jul, 2022 2 commits
-
-
Giovanni Cabiddu authored
The function adf_cfg_add_key_value_param() allows to insert duplicates entries in the key value store of the driver. Change the behaviour of that function to the following policy: - if the key doesn't exist, add it; - if the key already exists with a different value, then delete it and replace it with a new one containing the new value; - if the key exists with the same value, then return without doing anything. The behaviour of this function has been changed in order to easily update key-values in the driver database. In particular this is required to update the value of the ServiceEnables key used to change the service loaded on a device. Signed-off-by:
Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by:
Adam Guerin <adam.guerin@intel.com> Reviewed-by:
Fiona Trahe <fiona.trahe@intel.com> Reviewed-by:
Wojciech Ziemba <wojciech.ziemba@intel.com> Reviewed-by:
Vladis Dronov <vdronov@redhat.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Giovanni Cabiddu authored
Expose the device state through an attribute in sysfs and allow to change it. This is to stop and shutdown a QAT device in order to change its configuration. The state attribute has been added to a newly created `qat` attribute group which will contain all _QAT specific_ attributes. The logic that implements the sysfs entries is part of a new file, adf_sysfs.c. This exposes an entry point to allow the driver to create attributes. The function that creates the sysfs attributes is called from the probe function of the driver and not in the state machine init function to allow the change of states even if the device is in the down state. In order to restore the device configuration between a transition from down to up, the function that configures the devices has been abstracted into the HW data structure. The `state` attribute is only exposed for qat_4xxx devices. Signed-off-by:
Tomasz Kowallik <tomaszx.kowalik@intel.com> Signed-off-by:
-
- 30 Jun, 2022 10 commits
-
-
Qian Cai authored
Otherwise, we could fail to compile. ld: arch/arm64/crypto/ghash-ce-glue.o: in function 'ghash_ce_mod_exit': ghash-ce-glue.c:(.exit.text+0x24): undefined reference to 'crypto_unregister_aead' ld: arch/arm64/crypto/ghash-ce-glue.o: in function 'ghash_ce_mod_init': ghash-ce-glue.c:(.init.text+0x34): undefined reference to 'crypto_register_aead' Fixes: 537c1445 ("crypto: arm64/gcm - implement native driver using v8 Crypto Extensions") Signed-off-by:
Qian Cai <quic_qiancai@quicinc.com> Signed-off-by:
-
lei he authored
According to PKCS#1 standard, the 'otherPrimeInfos' field contains the information for the additional primes r_3, ..., r_u, in order. It shall be omitted if the version is 0 and shall contain at least one instance of OtherPrimeInfo if the version is 1, see: https://www.rfc-editor.org/rfc/rfc3447#page-44 Replace the version number '1' with 0, otherwise, some drivers may not pass the run-time tests. Signed-off-by:
lei he <helei.sig11@bytedance.com> Signed-off-by:
-
Jiang Jian authored
there is an unexpected word 'for' in the comments that need to be dropped file - drivers/crypto/vmx/ghashp8-ppc.pl line - 19 "# GHASH for for PowerISA v2.07." changed to: "# GHASH for PowerISA v2.07." Signed-off-by:
Jiang Jian <jiangjian@cdjrlc.com> Signed-off-by:
-
Jiang Jian authored
there is an unexpected word 'for' in the comments that need to be dropped file - drivers/crypto/caam/caamhash_desc.c line - 25 * must be false for for ahash first and digest changed to: * must be false for ahash first and digest Signed-off-by:
Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by:
-
Jiang Jian authored
Drop the unexpected word 'a' in the comments that need to be dropped * This is a a cache of buffers, from which the users of CAAM QI driver --> * This is a cache of buffers, from which the users of CAAM QI driver Signed-off-by:
-
Jiang Jian authored
Replace 'is' with 'it' file: drivers/crypto/cavium/cpt/cpt_hw_types.h line: 268 * which if the line hits and is is dirty will cause the line to be changed to: * which if the line hits and it is dirty will cause the line to be Signed-off-by:
-
Jilin Yuan authored
Delete the redundant word 'the'. Signed-off-by:
Jilin Yuan <yuanjilin@cdjrlc.com> Signed-off-by:
-
Jiang Jian authored
there is an unexpected word "the" in the comments that need to be dropped >- * specified in the the hw design spec. Either due to incorrect info in the >+ * specified in the hw design spec. Either due to incorrect info in the Signed-off-by:
-
Jiang Jian authored
there is an unexpected word "the" in the comments that need to be dropped >- * The DDE is setup with the the DDE count, byte count, and address of >+ * The DDE is setup with the DDE count, byte count, and address of Signed-off-by:
-
Jason A. Donenfeld authored
Using 3 blocks here doesn't give us much more than using 2, and it causes a stack frame size warning on certain compiler/config/arch combinations: lib/crypto/blake2s-selftest.c: In function 'blake2s_selftest': >> lib/crypto/blake2s-selftest.c:632:1: warning: the frame size of 1088 bytes is larger than 1024 bytes [-Wframe-larger-than=] 632 | } | ^ So this patch just reduces the block from 3 to 2, which makes the warning go away. Reported-by:kernel test robot <lkp@intel.com> Link: https://lore.kernel.org/linux-crypto/202206200851.gE3MHCgd-lkp@intel.com Fixes: 2d16803c ("crypto: blake2s - remove shash module") Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by:
-
- 24 Jun, 2022 4 commits
-
-
Yoan Picchi authored
This dependency looks outdated. After the previous patch, we have been able to use this driver to encrypt some data and to create working VF on arm64. We have not tested it yet on any big endian machine, hence the new dependency Signed-off-by:
Yoan Picchi <yoan.picchi@arm.com> Signed-off-by:
-
Andre Przywara authored
Currently the QAT driver code uses a self-defined wrapper function called get_current_node() when it wants to learn the current NUMA node. This implementation references the topology_physical_package_id[] array, which more or less coincidentally contains the NUMA node id, at least on x86. Because this is not universal, and Linux offers a direct function to learn the NUMA node ID, replace that function with a call to numa_node_id(), which would work everywhere. This fixes the QAT driver operation on arm64 machines. Reported-by:
Andre Przywara <andre.przywara@arm.com> Signed-off-by:
-
Ignat Korchagin authored
Changes from v1: * exported mpi_sub and mpi_mul, otherwise the build fails when RSA is a module The kernel RSA ASN.1 private key parser already supports only private keys with additional values to be used with the Chinese Remainder Theorem [1], but these values are currently not used. This rudimentary CRT implementation speeds up RSA private key operations for the following Go benchmark up to ~3x. This implementation also tries to minimise the allocation of additional MPIs, so existing MPIs are reused as much as possible (hence the variable names are a bit weird). The benchmark used: ``` package keyring_test import ( "crypto" "crypto/rand" "crypto/rsa" "crypto/x509" "io" "syscall" "testing" "unsafe" ) type KeySerial int32 type Keyring int32 const ( KEY_SPEC_PROCESS_KEYRING Keyring = -2 KEYCTL_PKEY_SIGN = 27 ) var ( keyTypeAsym = []byte("asymmetric\x00") sha256pkcs1 = []byte("enc=pkcs1 hash=sha256\x00") ) func (keyring Keyring) LoadAsym(desc string, payload []byte) (KeySerial, error) { cdesc := []byte(desc + "\x00") serial, _, errno := syscall.Syscall6(syscall.SYS_ADD_KEY, uintptr(unsafe.Pointer(&keyTypeAsym[0])), uintptr(unsafe.Pointer(&cdesc[0])), uintptr(unsafe.Pointer(&payload[0])), uintptr(len(payload)), uintptr(keyring), uintptr(0)) if errno == 0 { return KeySerial(serial), nil } return KeySerial(serial), errno } type pkeyParams struct { key_id KeySerial in_len uint32 out_or_in2_len uint32 __spare [7]uint32 } // the output signature buffer is an input parameter here, because we want to // avoid Go buffer allocation leaking into our benchmarks func (key KeySerial) Sign(info, digest, out []byte) error { var params pkeyParams params.key_id = key params.in_len = uint32(len(digest)) params.out_or_in2_len = uint32(len(out)) _, _, errno := syscall.Syscall6(syscall.SYS_KEYCTL, KEYCTL_PKEY_SIGN, uintptr(unsafe.Pointer(¶ms)), uintptr(unsafe.Pointer(&info[0])), uintptr(unsafe.Pointer(&digest[0])), uintptr(unsafe.Pointer(&out[0])), uintptr(0)) if errno == 0 { return nil } return errno } func BenchmarkSign(b *testing.B) { priv, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { b.Fatalf("failed to generate private key: %v", err) } pkcs8, err := x509.MarshalPKCS8PrivateKey(priv) if err != nil { b.Fatalf("failed to serialize the private key to PKCS8 blob: %v", err) } serial, err := KEY_SPEC_PROCESS_KEYRING.LoadAsym("test rsa key", pkcs8) if err != nil { b.Fatalf("failed to load the private key into the keyring: %v", err) } b.Logf("loaded test rsa key: %v", serial) digest := make([]byte, 32) _, err = io.ReadFull(rand.Reader, digest) if err != nil { b.Fatalf("failed to generate a random digest: %v", err) } sig := make([]byte, 256) for n := 0; n < b.N; n++ { err = serial.Sign(sha256pkcs1, digest, sig) if err != nil { b.Fatalf("failed to sign the digest: %v", err) } } err = rsa.VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, digest, sig) if err != nil { b.Fatalf("failed to verify the signature: %v", err) } } ``` [1]: https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Using_the_Chinese_remainder_algorithmSigned-off-by:Ignat Korchagin <ignat@cloudflare.com> Reported-by:
-
Tom Lendacky authored
On shutdown, each CCP device instance performs shutdown processing. However, __sev_platform_shutdown_locked() uses the controlling psp structure to obtain the pointer to the sev_device structure. However, during driver initialization, it is possible that an error can be received from the firmware that results in the sev_data pointer being cleared from the controlling psp structure. The __sev_platform_shutdown_locked() function does not check for this situation and will segfault. While not common, this scenario should be accounted for. Add a check for a NULL sev_device structure before attempting to use it. Fixes: 5441a07a ("crypto: ccp - shutdown SEV firmware on kexec") Signed-off-by:
Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by:
-
- 17 Jun, 2022 7 commits
-
-
Kai Ye authored
The base register address of V2 and V3 are different. HW V3 not needs to change the BD err detection. Signed-off-by:
Kai Ye <yekai13@huawei.com> Signed-off-by:
-
Alexey Khoroshilov authored
There is no i decrement in while (i >= 0) loop. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by:
Alexey Khoroshilov <khoroshilov@ispras.ru> Fixes: 359e893e ("crypto: sun8i-ss - rework handling of IV") Acked-by:
Corentin Labbe <clabbe.montjoie@gmail.com> Tested-by:
-
Weili Qian authored
When the driver receives an event interrupt, the driver will enable the event interrupt after handling all completed tasks on the function, tasks on the function are parsed through only one thread. If the task's user callback takes time, other tasks on the function will be blocked. Therefore, the event irq processing is modified as follows: 1. Obtain the ID of the queue that completes the task. 2. Enable event interrupt. 3. Parse the completed tasks in the queue and call the user callback. Enabling event interrupt in advance can quickly report pending event interrupts and process tasks in multiple threads. Signed-off-by:
Weili Qian <qianweili@huawei.com> Signed-off-by:
-
Weili Qian authored
Before stopping the function, the driver needs to flush all the remaining work about event irq. Therefore, accelerator drivers use a private workqueue(qm->wq) to handle event irq instead of the system workqueue. This patch moves alloc workqueue from sec_main.c and zip_main.c to qm.c. Signed-off-by:
-
Weili Qian authored
The resources allocated by hisi_qm_memory_init() are released by hisi_qm_uninit(). Add hisi_qm_memory_uninit() to release resources, no functional change. Signed-off-by:
-
Weili Qian authored
The return value of 'readl_poll_timeout' is '0' or '-ETIMEDOUT'. Therefore, change the local variable 'ret' type from 'u32' to 'int'. Signed-off-by:
-
Zhou Wang authored
This patch splits QM and ZIP in MAINTAINERS, then add Weili Qian for QM driver and Yang Shen for ZIP driver. This patch adds missing Kconfig and Makefile files as well. Signed-off-by:
Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by:
-
- 10 Jun, 2022 17 commits
-
-
Peng Wu authored
The crypto_alloc_shash() function never returns NULL. It returns error pointers. Fixes: 801b7d57 ("crypto: sun8i-ss - add hmac(sha1)") Signed-off-by:
Peng Wu <wupeng58@huawei.com> Reported-by:
Hulk Robot <hulkci@huawei.com> Signed-off-by:
-
Shijith Thotton authored
Added missing checks to avoid null pointer dereference. The patch fixes below issue reported by klocwork tool: . Pointer 'strsep( &val, ":" )' returned from call to function 'strsep' at line 1608 may be NULL and will be dereferenced at line 1608. Also there are 2 similar errors on lines 1620, 1632 in otx2_cptpf_ucode.c. Signed-off-by:
Shijith Thotton <sthotton@marvell.com> Signed-off-by:
-
Jason A. Donenfeld authored
BLAKE2s has no currently known use as an shash. Just remove all of this unnecessary plumbing. Removing this shash was something we talked about back when we were making BLAKE2s a built-in, but I simply never got around to doing it. So this completes that project. Importantly, this fixs a bug in which the lib code depends on crypto_simd_disabled_for_test, causing linker errors. Also add more alignment tests to the selftests and compare SIMD and non-SIMD compression functions, to make up for what we lose from testmgr.c. Reported-by:
gaochao <gaochao49@huawei.com> Cc: Eric Biggers <ebiggers@kernel.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: stable@vger.kernel.org Fixes: 6048fdcc ("lib/crypto: blake2s: include as built-in") Signed-off-by:
-
Jason A. Donenfeld authored
This is used by code that doesn't need CONFIG_CRYPTO, so move this into lib/ with a Kconfig option so that it can be selected by whatever needs it. This fixes a linker error Zheng pointed out when CRYPTO_MANAGER_DISABLE_TESTS!=y and CRYPTO=m: lib/crypto/curve25519-selftest.o: In function `curve25519_selftest': curve25519-selftest.c:(.init.text+0x60): undefined reference to `__crypto_memneq' curve25519-selftest.c:(.init.text+0xec): undefined reference to `__crypto_memneq' curve25519-selftest.c:(.init.text+0x114): undefined reference to `__crypto_memneq' curve25519-selftest.c:(.init.text+0x154): undefined reference to `__crypto_memneq' Reported-by:
Zheng Bin <zhengbin13@huawei.com> Cc: Eric Biggers <ebiggers@kernel.org> Cc: stable@vger.kernel.org Fixes: aa127963 ("crypto: lib/curve25519 - re-add selftests") Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
-
Shijith Thotton authored
Added running firmware version information of AE, SE and IE components in devlink info. Signed-off-by:
-
Julia Lawall authored
Spelling mistake (triple letters) in comment. Detected with the help of Coccinelle. Signed-off-by:
Julia Lawall <Julia.Lawall@inria.fr> Signed-off-by:
-
Julia Lawall authored
Spelling mistakes (triple letters) in comment. Detected with the help of Coccinelle. Signed-off-by:
-
Nathan Huckleberry authored
HCTR2 is a tweakable, length-preserving encryption mode that is intended for use on CPUs with dedicated crypto instructions. HCTR2 has the property that a bitflip in the plaintext changes the entire ciphertext. This property fixes a known weakness with filename encryption: when two filenames in the same directory share a prefix of >= 16 bytes, with AES-CTS-CBC their encrypted filenames share a common substring, leaking information. HCTR2 does not have this problem. More information on HCTR2 can be found here: "Length-preserving encryption with HCTR2": https://eprint.iacr.org/2021/1441.pdfSigned-off-by:
Nathan Huckleberry <nhuck@google.com> Reviewed-by:
Ard Biesheuvel <ardb@kernel.org> Acked-by:
-
Nathan Huckleberry authored
Add hardware accelerated version of POLYVAL for ARM64 CPUs with Crypto Extensions support. This implementation is accelerated using PMULL instructions to perform the finite field computations. For added efficiency, 8 blocks of the message are processed simultaneously by precomputing the first 8 powers of the key. Karatsuba multiplication is used instead of Schoolbook multiplication because it was found to be slightly faster on ARM64 CPUs. Montgomery reduction must be used instead of Barrett reduction due to the difference in modulus between POLYVAL's field and other finite fields. More information on POLYVAL can be found in the HCTR2 paper: "Length-preserving encryption with HCTR2": https://eprint.iacr.org/2021/1441.pdfSigned-off-by:
-
Nathan Huckleberry authored
Add hardware accelerated version of POLYVAL for x86-64 CPUs with PCLMULQDQ support. This implementation is accelerated using PCLMULQDQ instructions to perform the finite field computations. For added efficiency, 8 blocks of the message are processed simultaneously by precomputing the first 8 powers of the key. Schoolbook multiplication is used instead of Karatsuba multiplication because it was found to be slightly faster on x86-64 machines. Montgomery reduction must be used instead of Barrett reduction due to the difference in modulus between POLYVAL's field and other finite fields. More information on POLYVAL can be found in the HCTR2 paper: "Length-preserving encryption with HCTR2": https://eprint.iacr.org/2021/1441.pdfSigned-off-by:
-
Nathan Huckleberry authored
Added some clarifying comments, changed the register allocations to make the code clearer, and added register aliases. Signed-off-by:
-
Nathan Huckleberry authored
Add hardware accelerated version of XCTR for ARM64 CPUs with ARMv8 Crypto Extension support. This XCTR implementation is based on the CTR implementation in aes-modes.S. More information on XCTR can be found in the HCTR2 paper: "Length-preserving encryption with HCTR2": https://eprint.iacr.org/2021/1441.pdfSigned-off-by:
-
Nathan Huckleberry authored
Add hardware accelerated version of XCTR for x86-64 CPUs with AESNI support. More information on XCTR can be found in the HCTR2 paper: "Length-preserving encryption with HCTR2": https://eprint.iacr.org/2021/1441.pdfSigned-off-by:
-
Nathan Huckleberry authored
Add support for HCTR2 as a template. HCTR2 is a length-preserving encryption mode that is efficient on processors with instructions to accelerate AES and carryless multiplication, e.g. x86 processors with AES-NI and CLMUL, and ARM processors with the ARMv8 Crypto Extensions. As a length-preserving encryption mode, HCTR2 is suitable for applications such as storage encryption where ciphertext expansion is not possible, and thus authenticated encryption cannot be used. Currently, such applications usually use XTS, or in some cases Adiantum. XTS has the disadvantage that it is a narrow-block mode: a bitflip will only change 16 bytes in the resulting ciphertext or plaintext. This reveals more information to an attacker than necessary. HCTR2 is a wide-block mode, so it provides a stronger security property: a bitflip will change the entire message. HCTR2 is somewhat similar to Adiantum, which is also a wide-block mode. However, HCTR2 is designed to take advantage of existing crypto instructions, while Adiantum targets devices without such hardware support. Adiantum is also designed with longer messages in mind, while HCTR2 is designed to be efficient even on short messages. HCTR2 requires POLYVAL and XCTR as components. More information on HCTR2 can be found here: "Length-preserving encryption with HCTR2": https://eprint.iacr.org/2021/1441.pdfSigned-off-by:
-
Nathan Huckleberry authored
Add support for POLYVAL, an ε-Δ-universal hash function similar to GHASH. This patch only uses POLYVAL as a component to implement HCTR2 mode. It should be noted that POLYVAL was originally specified for use in AES-GCM-SIV (RFC 8452), but the kernel does not currently support this mode. POLYVAL is implemented as an shash algorithm. The implementation is modified from ghash-generic.c. For more information on POLYVAL see: Length-preserving encryption with HCTR2: https://eprint.iacr.org/2021/1441.pdf AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption: https://datatracker.ietf.org/doc/html/rfc8452Signed-off-by:
-
Nathan Huckleberry authored
Add a generic implementation of XCTR mode as a template. XCTR is a blockcipher mode similar to CTR mode. XCTR uses XORs and little-endian addition rather than big-endian arithmetic which has two advantages: It is slightly faster on little-endian CPUs and it is less likely to be implemented incorrect since integer overflows are not possible on practical input sizes. XCTR is used as a component to implement HCTR2. More information on XCTR mode can be found in the HCTR2 paper: https://eprint.iacr.org/2021/1441.pdfSigned-off-by:
-
Uwe Kleine-König authored
Returning an error value in an i2c remove callback results in an error message being emitted by the i2c core, but otherwise it doesn't make a difference. The device goes away anyhow and the devm cleanups are called. As atmel_ecc_remove() already emits an error message on failure and the additional error message by the i2c core doesn't add any useful information, change the return value to zero to suppress this message. Also make the error message a bit more drastical because when the device is still busy on remove, it's likely that it will access freed memory soon. This patch is a preparation for making i2c remove callbacks return void. Signed-off-by:
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Reviewed-by:
Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by:
-
