- 02 Jun, 2023 9 commits
-
-
Bhupesh Sharma authored
Currently the compatible list available in 'qce' dt-bindings does not support SM8150 and IPQ4019 SoCs directly which may lead to potential 'dtbs_check' error(s). Fix the same. Fixes: 00f3bc2d ("dt-bindings: qcom-qce: Add new SoC compatible strings for Qualcomm QCE IP") Reviewed-by:
Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org> Acked-by:
Rob Herring <robh@kernel.org> Tested-by:
Anders Roxell <anders.roxell@linaro.org> Tested-by:
Linux Kernel Functional Testing <lkft@linaro.org> Signed-off-by:
Bhupesh Sharma <bhupesh.sharma@linaro.org> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Damian Muszynski authored
Move initialization of debugfs entries to a separate file. This simplifies the exclusion of the debugfs logic in the QAT driver when the kernel is built with CONFIG_DEBUG_FS=n. In addition, it will allow to consolidate the addition of debugfs entries to a single location in the code. This implementation adds infrastructure to create (and remove) debugfs entries at two different stages. The first, done when a device is probed, allows to keep debugfs entries persistent between a transition in device state (up to down or vice versa). The second, done after the initialization phase, allows to have debugfs entries that are accessible only when the device is up. In addition, move the creation of debugfs entries for configuration to the newly created function adf_dbgfs_init() and replace symbolic permissions with octal permissions when creating the debugfs files. This is to resolve the following warning reported by checkpatch: WARNING: Symbolic permissions 'S_IRUSR' are not preferred. Consider using octal permissions '0400'. Signed-off-by:
Damian Muszynski <damian.muszynski@intel.com> Reviewed-by:
Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by:
-
Uwe Kleine-König authored
After commit b8a1a4cd ("i2c: Provide a temporary .probe_new() call-back type"), all drivers being converted to .probe_new() and then 03c835f4 ("i2c: Switch .probe() to not take an id parameter") convert back to (the new) .probe() to be able to eventually drop .probe_new() from struct i2c_driver. Signed-off-by:
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Reviewed-by:
Tudor Ambarus <tudor.ambarus@linaro.org> Signed-off-by:
-
Stephan Müller authored
With the update of the permanent and intermittent health errors, the actual indicator for the health test indicates a potential error only for the one offending time stamp gathered in the current iteration round. The next iteration round will "overwrite" the health test result. Thus, the entropy collection loop in jent_gen_entropy checks for the health test failure upon each loop iteration. However, the initialization operation checked for the APT health test once for an APT window which implies it would not catch most errors. Thus, the check for all health errors is now invoked unconditionally during each loop iteration for the startup test. With the change, the error JENT_ERCT becomes unused as all health errors are only reported with the JENT_HEALTH return code. This allows the removal of the error indicator. Fixes: 3fde2fe9 ("crypto: jitter - permanent and intermittent health errors" ) Reported-by:
Joachim Vandersmissen <git@jvdsn.com> Signed-off-by:
Stephan Mueller <smueller@chronox.de> Signed-off-by:
-
Bharat Bhushan authored
The way random data is read from hardware has changed from Octeon CN10KA-B0 and later SoCs onwards. A new set of registers have been added to read random data and to verify whether the read data is valid or not. This patch extends and uses RNM_PF_TRNG_DAT and RNM_PF_TRNG_STS CSRs to read random number and status for the applicable silicon variants. Signed-off-by:
Bharat Bhushan <bbhushan2@marvell.com> Signed-off-by:
-
Arnd Bergmann authored
Commit df8fc4e9 ("kbuild: Enable -fstrict-flex-arrays=3") uncovered a type mismatch in cesa 3des support that leads to a memcpy beyond the end of a structure: In function 'fortify_memcpy_chk', inlined from 'mv_cesa_des3_ede_setkey' at drivers/crypto/marvell/cesa/cipher.c:307:2: include/linux/fortify-string.h:583:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] 583 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is probably harmless as the actual data that is copied has the correct type, but clearly worth fixing nonetheless. Fixes: 4ada4839 ("crypto: marvell/cesa - add Triple-DES support") Cc: Kees Cook <keescook@chromium.org> Cc: Gustavo A. R. Silva" <gustavoars@kernel.org> Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Reviewed-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
-
John Allen authored
Add a new CCP/PSP PCI device ID and new PSP register offsets. Signed-off-by:
John Allen <john.allen@amd.com> Signed-off-by:
Mario Limonciello <mario.limonciello@amd.com> Signed-off-by:
-
Mario Limonciello authored
PCI device 0x17E0 includes new TEE offsets, doesn't support a platform mailbox, and does support platform doorbell so introduce a new structure to represent it. Signed-off-by:
-
Mario Limonciello authored
Some platforms might support platform access doorbell but not mailbox. Add an extra guard to ensure this doesn't cause accesses to wrong ranges if a consumer calls psp_send_platform_access_msg(). Signed-off-by:
-
- 24 May, 2023 13 commits
-
-
Eric Biggers authored
Make the help text for CRYPTO_STATS explicitly mention that it reduces the performance of the crypto API. Signed-off-by:
Eric Biggers <ebiggers@google.com> Acked-by:
Ard Biesheuvel <ardb@kernel.org> Signed-off-by:
-
Randy Dunlap authored
Fix build warnings when DEBUG_FS is not enabled by using an empty do-while loop instead of a value: In file included from ../drivers/crypto/nx/nx.c:27: ../drivers/crypto/nx/nx.c: In function 'nx_register_algs': ../drivers/crypto/nx/nx.h:173:33: warning: statement with no effect [-Wunused-value] 173 | #define NX_DEBUGFS_INIT(drv) (0) ../drivers/crypto/nx/nx.c:573:9: note: in expansion of macro 'NX_DEBUGFS_INIT' 573 | NX_DEBUGFS_INIT(&nx_driver); ../drivers/crypto/nx/nx.c: In function 'nx_remove': ../drivers/crypto/nx/nx.h:174:33: warning: statement with no effect [-Wunused-value] 174 | #define NX_DEBUGFS_FINI(drv) (0) ../drivers/crypto/nx/nx.c:793:17: note: in expansion of macro 'NX_DEBUGFS_FINI' 793 | NX_DEBUGFS_FINI(&nx_driver); Also, there is no need to build nx_debugfs.o when DEBUG_FS is not enabled, so change the Makefile to accommodate that. Fixes: ae0222b7 ("powerpc/crypto: nx driver code supporting nx encryption") Fixes: aef7b31c ("powerpc/crypto: Build files for the nx device driver") Signed-off-by:
Randy Dunlap <rdunlap@infradead.org> Cc: Breno Leitão <leitao@debian.org> Cc: Nayna Jain <nayna@linux.ibm.com> Cc: Paulo Flabiano Smorigo <pfsmorigo@gmail.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Nicholas Piggin <npiggin@gmail.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Cc: linuxppc-dev@lists.ozlabs.org Signed-off-by:
-
Martin Kaiser authored
We have no device-specific data for fsl,imx25-rngb. There's no need to set .data = NULL, this is the default. Signed-off-by:
Martin Kaiser <martin@kaiser.cx> Signed-off-by:
-
Martin Kaiser authored
Mark the imx_rngc_probe function as __init. There's no need to support hotplugging in the imx-rngc driver. We use module_platform_driver_probe, the probe function will only be called at startup. Signed-off-by:
-
Martin Kaiser authored
Rewrite the defines for register bits to use BIT(x) instead of writing out the 32-bit number. This makes it easier to compare the code with the register descriptions in the reference manual. Signed-off-by:
-
Martin Kaiser authored
Use the mechanism from bitfield.h to read the rng type field in the version_id register. This makes the code a tiny bit simpler. Signed-off-by:
-
Martin Kaiser authored
The "level" field in the status register contains the number of random bytes that are available in the FIFO. Use GENMASK to extract this field. We only want to check if level is 0 or if we can read another byte. There's no need for the shift or the level variable. Signed-off-by:
-
Herbert Xu authored
Some shash algorithms are so simple that they don't have an init_tfm function. These can be cloned trivially. Check this before failing in crypto_clone_shash. Signed-off-by:
-
Herbert Xu authored
Allow cmac to be cloned. The underlying cipher needs to support cloning by not having a cra_init function (all implementations of aes that do not require a fallback can be cloned). Signed-off-by:
-
Herbert Xu authored
Allow simple ciphers to be cloned, if they don't have a cra_init function. This basically rules out those ciphers that require a fallback. In future simple ciphers will be eliminated, and replaced with a linear skcipher interface. When that happens this restriction will disappear. Signed-off-by:
-
Herbert Xu authored
Use the modern init_tfm/exit_tfm interface instead of the obsolete cra_init/cra_exit interface. Signed-off-by:
-
Arnd Bergmann authored
gcc warns if prototypes are only visible to the caller but not the callee: crypto/aegis128-neon-inner.c:134:6: warning: no previous prototype for 'crypto_aegis128_init_neon' [-Wmissing-prototypes] crypto/aegis128-neon-inner.c:164:6: warning: no previous prototype for 'crypto_aegis128_update_neon' [-Wmissing-prototypes] crypto/aegis128-neon-inner.c:221:6: warning: no previous prototype for 'crypto_aegis128_encrypt_chunk_neon' [-Wmissing-prototypes] crypto/aegis128-neon-inner.c:270:6: warning: no previous prototype for 'crypto_aegis128_decrypt_chunk_neon' [-Wmissing-prototypes] crypto/aegis128-neon-inner.c:316:5: warning: no previous prototype for 'crypto_aegis128_final_neon' [-Wmissing-prototypes] The prototypes cannot be in the regular aegis.h, as the inner neon code cannot include normal kernel headers. Instead add a new header just for the functions provided by this file. Signed-off-by:
-
Herbert Xu authored
A platform option like AMBA should never be selected by a driver. Use a dependency instead. Also remove the depenency on DMADEVICES because the driver builds just fine without it. Instead add a dependency on HAS_DMA for dma mapping support. Reported-by:
Stephen Rothwell <sfr@canb.auug.org.au> Reported-by:
Conor Dooley <conor.dooley@microchip.com> Signed-off-by:
-
- 22 May, 2023 1 commit
-
-
Jia Jie Ho authored
Kconfig updated to depend on DMADEVICES instead of selecting it. Reported-by:
kernel test robot <lkp@intel.com> Link: https://lore.kernel.org/oe-kbuild-all/202305191929.Eq4OVZ6D-lkp@intel.com/Signed-off-by:
Jia Jie Ho <jiajie.ho@starfivetech.com> Signed-off-by:
-
- 19 May, 2023 8 commits
-
-
Herbert Xu authored
Include module.h in arch/arm64/crypto/sha256-glue.c as it uses various macros (such as MODULE_AUTHOR) that are defined there. Also fix the ordering of types.h. Reported-by:
-
Jia Jie Ho authored
Adding hash/HMAC support for SHA-2 and SM3 to StarFive cryptographic module. Co-developed-by:
Huan Feng <huan.feng@starfivetech.com> Signed-off-by:
-
Jia Jie Ho authored
Adding device probe and DMA init for StarFive cryptographic module. Co-developed-by:
-
Jia Jie Ho authored
Add documentation to describe StarFive cryptographic engine. Co-developed-by:
-
Pankaj Gupta authored
Since, CAAM driver is probed before soc_device_attribute done as part of: - drivers/soc/imx/soc-imx8m.c (for i.MX8M) - drivers/firmware/imx/ele_mu.c (EdgeLock Enclave kernel driver, for i.MX8ULP) It is needed to return -EPROBE_DEFER, after calling soc_device_match() in drivers/crypto/caam/ctrl.c. soc_device_match returns NULL for: - i.MX8M - i.MX8ULP, can be considered that the SoC device has not been probed yet. Hence, it returns -EPROBE_DEFER directly. caam: imx: change to use of_match_node in run_descriptor_deco0 Providing imx8m_machine_match to match: - i.MX8M{Q,M,N,P}, - i.MX8ULP, so as to start using of_match_node, to simplify the code. Signed-off-by:Alice Guo <alice.guo@nxp.com> Signed-off-by:
Pankaj Gupta <pankaj.gupta@nxp.com> Reviewed-by:
Dong Aisheng <aisheng.dong@nxp.com> Reviewed-by:
Horia Geanta <horia.geanta@nxp.com> Acked-by:
Peng Fan <peng.fan@nxp.com> Acked-by:
-
Tero Kristo authored
256 bytes is quite often used in performance benchmarks and this size appears to be also working just fine, so mark it as safe so that we do not fallback to software implementation for this packet size. Otherwise there is a strange bump up in crypto performance at 256 byte packet size. Signed-off-by:
Tero Kristo <t-kristo@ti.com> Signed-off-by:
Jayesh Choudhary <j-choudhary@ti.com> Signed-off-by:
-
Herbert Xu authored
Instead of duplicating the sha256 block processing code, reuse the common code from crypto/sha256_base.h. Signed-off-by: -
Herbert Xu authored
The function sha224_update is exactly the same as sha256_update. Moreover it's not even used in the kernel so it can be removed. Signed-off-by:
-
- 12 May, 2023 9 commits
-
-
Herbert Xu authored
The virtio rng device kicks off a new entropy request whenever the data available reaches zero. When a new request occurs at the end of a read operation, that is, when the result of that request is only needed by the next reader, then there is a race between the writing of the new data and the next reader. This is because there is no synchronisation whatsoever between the writer and the reader. Fix this by writing data_avail with smp_store_release and reading it with smp_load_acquire when we first enter read. The subsequent reads are safe because they're either protected by the first load acquire, or by the completion mechanism. Also remove the redundant zeroing of data_idx in random_recv_done (data_idx must already be zero at this point) and data_avail in request_entropy (ditto). Reported-by: syzbot+726dc8c62c3536431ceb@syzkaller.appspotmail.com Fixes: f7f510ec ("virtio: An entropy device, as suggested by hpa.") Signed-off-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
-
Srujana Challa authored
On OcteonTX2/OctoenTX3 variants of silicon, Admin function (AF) handles resource allocation and configuration for PFs and their VFs. PFs request the AF directly, via mailboxes. Unlike PFs, VFs cannot send a mailbox request directly. A VF sends mailbox messages to its parent PF, with which it shares a mailbox region. The PF then forwards these messages to the AF. This patch adds code to configure inline-IPsec HW resources for CPT VFs as CPT VFs cannot send a mailbox request directly to AF. Signed-off-by:
Srujana Challa <schalla@marvell.com> Signed-off-by:
-
Srujana Challa authored
This patch adds support for AF -> CPT PF uplink mailbox messages and adds a mailbox handler to submit a CPT instruction from AF as current architecture doesn't allow AF to submit CPT instruction directly to HW. Signed-off-by:
-
David Yang authored
Remove redundant underscore and fix some grammar in prepare_request doc. Signed-off-by:
David Yang <mmyangfl@gmail.com> Acked-by:
-
David Yang authored
Move to drivers/char/hw_random since histb-(t)rng does not provide cryptography pseudo rng. histb-rng is pretty like hisi-rng, but after investigation, we confirm there is no RNG_PHY_SEED register on histb-rng so a separate driver is needed. Still we rename relevant function names to match those in hisi-rng. Link: https://lore.kernel.org/r/20230401164448.1393336-1-mmyangfl@gmail.comSigned-off-by:
-
Stephan Müller authored
The test interface allows a privileged process to capture the raw unconditioned noise that is collected by the Jitter RNG for statistical analysis. Such testing allows the analysis how much entropy the Jitter RNG noise source provides on a given platform. The obtained data is the time stamp sampled by the Jitter RNG. Considering that the Jitter RNG inserts the delta of this time stamp compared to the immediately preceding time stamp, the obtained data needs to be post-processed accordingly to obtain the data the Jitter RNG inserts into its entropy pool. The raw entropy collection is provided to obtain the raw unmodified time stamps that are about to be added to the Jitter RNG entropy pool and are credited with entropy. Thus, this patch adds an interface which renders the Jitter RNG insecure. This patch is NOT INTENDED FOR PRODUCTION SYSTEMS, but solely for development/test systems to verify the available entropy rate. Access to the data is given through the jent_raw_hires debugfs file. The data buffer should be multiples of sizeof(u32) to fill the entire buffer. Using the option jitterentropy_testing.boot_raw_hires_test=1 the raw noise of the first 1000 entropy events since boot can be sampled. This test interface allows generating the data required for analysis whether the Jitter RNG is in compliance with SP800-90B sections 3.1.3 and 3.1.4. If the test interface is not compiled, its code is a noop which has no impact on the performance. Signed-off-by:
-
Stephan Müller authored
Using the kernel crypto API, the SHA3-256 algorithm is used as conditioning element to replace the LFSR in the Jitter RNG. All other parts of the Jitter RNG are unchanged. The application and use of the SHA-3 conditioning operation is identical to the user space Jitter RNG 3.4.0 by applying the following concept: - the Jitter RNG initializes a SHA-3 state which acts as the "entropy pool" when the Jitter RNG is allocated. - When a new time delta is obtained, it is inserted into the "entropy pool" with a SHA-3 update operation. Note, this operation in most of the cases is a simple memcpy() onto the SHA-3 stack. - To cause a true SHA-3 operation for each time delta operation, a second SHA-3 operation is performed hashing Jitter RNG status information. The final message digest is also inserted into the "entropy pool" with a SHA-3 update operation. Yet, this data is not considered to provide any entropy, but it shall stir the entropy pool. - To generate a random number, a SHA-3 final operation is performed to calculate a message digest followed by an immediate SHA-3 init to re-initialize the "entropy pool". The obtained message digest is one block of the Jitter RNG that is returned to the caller. Mathematically speaking, the random number generated by the Jitter RNG is: aux_t = SHA-3(Jitter RNG state data) Jitter RNG block = SHA-3(time_i || aux_i || time_(i-1) || aux_(i-1) || ... || time_(i-255) || aux_(i-255)) when assuming that the OSR = 1, i.e. the default value. This operation implies that the Jitter RNG has an output-blocksize of 256 bits instead of the 64 bits of the LFSR-based Jitter RNG that is replaced with this patch. The patch also replaces the varying number of invocations of the conditioning function with one fixed number of invocations. The use of the conditioning function consistent with the userspace Jitter RNG library version 3.4.0. The code is tested with a system that exhibited the least amount of entropy generated by the Jitter RNG: the SiFive Unmatched RISC-V system. The measured entropy rate is well above the heuristically implied entropy value of 1 bit of entropy per time delta. On all other tested systems, the measured entropy rate is even higher by orders of magnitude. The measurement was performed using updated tooling provided with the user space Jitter RNG library test framework. The performance of the Jitter RNG with this patch is about en par with the performance of the Jitter RNG without the patch. Signed-off-by: -
Herbert Xu authored
Move the crypto_ahash_alg helper into include/crypto/internal so that drivers can use it. Signed-off-by: -
Herbert Xu authored
As ahash drivers may need to use fallbacks, their state size is thus variable. Deal with this by making it an attribute of crypto_ahash. Signed-off-by:
-
