- 23 Jun, 2023 15 commits
-
-
Herbert Xu authored
The sm2 certificate requires a modified digest. Move the code for the hashing from the signature verification path into the code where we generate the digest. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
Add forward declaration for struct key_preparsed_payload so that this header file is self-contained. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
Split out the sign/verify functionality from the existing akcipher interface. Most algorithms in akcipher either support encryption and decryption, or signing and verify. Only one supports both. As a signature algorithm may not support encryption at all, these two should be spearated. For now sig is simply a wrapper around akcipher as all algorithms remain unchanged. This is a first step and allows users to start allocating sig instead of akcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
The only user of akcipher does not use SG lists. Therefore forcing users to use SG lists only results unnecessary overhead. Add a new interface that supports arbitrary kernel pointers. For the time being the copy will be performed unconditionally. But this will go away once the underlying interface is updated. Note also that only encryption and decryption is addressed by this patch as sign/verify will go into a new interface (sig). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Dmitry Safonov authored
The refcounter of underlying algorithm should be incremented, otherwise it'll be destroyed with the cloned cipher, wrecking the original cipher. Signed-off-by: Dmitry Safonov <dima@arista.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
Use it straight away in crypto_clone_cipher(), as that is not meant to sleep. Fixes: 51d8d6d0 ("crypto: cipher - Add crypto_clone_cipher") Signed-off-by: Dmitry Safonov <dima@arista.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Dmitry Safonov authored
Purge crypto_type::init() as well. The last user seems to be gone with commit d63007eb ("crypto: ablkcipher - remove deprecated and unused ablkcipher support"). Signed-off-by: Dmitry Safonov <dima@arista.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Mahmoud Adam authored
check if rsa public exponent is odd and check its value is between 2^16 < e < 2^256. FIPS 186-5 DSS (page 35)[1] specify that: 1. The public exponent e shall be selected with the following constraints: (a) The public verification exponent e shall be selected prior to generating the primes, p and q, and the private signature exponent d. (b) The exponent e shall be an odd positive integer such that: 2^16 < e < 2^256. [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdfSigned-off-by: Mahmoud Adam <mngyadam@amazon.com> Reviewed-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
Give geniv its own Kconfig option so that its dependencies are distinct from that of the AEAD API code. This also allows it to be disabled if no IV generators (seqiv/echainiv) are enabled. Remove the obsolete select on RNG2 by SKCIPHER2 as skcipher IV generators disappeared long ago. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
The testmgr code uses crypto_rng without depending on it. Add an explicit dependency to Kconfig. Also sort the MANAGER2 dependencies alphabetically. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Jia Jie Ho authored
Adding RSA enc/dec and sign/verify feature for StarFive cryptographic module. The module only supports mod sizes up to 2048, therefore calculations more than that will use fallback algo. Co-developed-by: Huan Feng <huan.feng@starfivetech.com> Signed-off-by: Huan Feng <huan.feng@starfivetech.com> Signed-off-by: Jia Jie Ho <jiajie.ho@starfivetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Jia Jie Ho authored
Hash driver needs to check the value of irq mask register before writing as it will mask irq of other modules. Co-developed-by: Huan Feng <huan.feng@starfivetech.com> Signed-off-by: Huan Feng <huan.feng@starfivetech.com> Signed-off-by: Jia Jie Ho <jiajie.ho@starfivetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Meenakshi Aggarwal authored
TRNG "sample size" (the total number of entropy samples that will be taken during entropy generation) default / POR value is very conservatively set to 2500. Let's set it to 512, the same as the caam driver in U-boot (drivers/crypto/fsl_caam.c) does. This solves the issue of RNG performance dropping after a suspend/resume cycle on parts where caam loses power, since the initial U-boot setttings are lost and kernel does not restore them when resuming. Note: when changing the sample size, the self-test parameters need to be updated accordingly. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Victoria Milhoan (b42089) authored
CAAM includes a Random Number Generator. This change adds a kernel configuration option to test the RNG's capabilities via the hw_random framework. Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com> Signed-off-by: Dan Douglass <dan.douglass@nxp.com> Signed-off-by: Vipul Kumar <vipul_kumar@mentor.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Victoria Milhoan authored
Adjust RNG timing parameters to support more i.MX6 devices. Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com> Signed-off-by: Dan Douglass <dan.douglass@nxp.com> Signed-off-by: Vipul Kumar <vipul_kumar@mentor.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 16 Jun, 2023 10 commits
-
-
Giovanni Cabiddu authored
The function adf_init_admin_pm() is not used outside of the intel_qat module. Do not export it. Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Damian Muszynski <damian.muszynski@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Rob Herring authored
Use the recently added of_property_read_reg() helper to get the untranslated "reg" address value. Signed-off-by: Rob Herring <robh@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Lucas Segarra Fernandez authored
Expose 'pm_idle_enabled' sysfs attribute. This attribute controls how idle conditions are handled. If it is set to 1 (idle support enabled) when the device detects an idle condition, the driver will transition the device to the 'MIN' power configuration. In order to set the value of this attribute for a device, the device must be in the 'down' state. This only applies to qat_4xxx generation. Signed-off-by: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Adam Guerin authored
A QAT GEN4 device can be currently configured for crypto (sym;asym) or compression (dc). This patch extends the configuration to support more variations of these services, download the correct FW images on the device and report the correct capabilities on the device based on the configured service. The device can now be configured with the following services: "sym", "asym", "dc", "sym;asym", "asym;sym", "sym;dc", "dc;sym", "asym;dc", "dc;asym". With this change, the configuration "sym", "asym", "sym;dc", "dc;sym", "asym;dc", "dc;asym" will be accessible only via userspace, i.e. the driver for those configurations will not register into the crypto framework. Support for such configurations in kernel will be enabled in a later patch. The pairs "sym;asym" and "asym;sym" result in identical device config. As do "sym;dc", "dc;sym", and "asym;dc", "dc;asym". Signed-off-by: Adam Guerin <adam.guerin@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Giovanni Cabiddu authored
The data structure adf_fw_config is used to select which firmware image is loaded on a certain set of accelerator engines. When support for 402xx was added, the adf_fw_config arrays were duplicated in order to select different firmware images. Since the configurations are the same regardless of the QAT GEN4 flavour, in preparation for adding support for multiple configurations, refactor the logic that retrieves the firmware names in the 4xxx driver. The structure adf_fw_config has been changed to contain a firmware object id that is then mapped to a firmware name depending of the device type. Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Adam Guerin <adam.guerin@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Giovanni Cabiddu authored
Update fw image names to be constant throughout the driver. Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Adam Guerin <adam.guerin@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Adam Guerin authored
Make use of the default statements by changing the pattern: switch(condition) { case COND_A: ... break; case COND_b: ... break; } return ret; in switch(condition) { case COND_A: ... break; case COND_b: ... break; default: return ret; } Signed-off-by: Adam Guerin <adam.guerin@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Franziska Naepelt authored
The following checkpatch warning has been fixed: - WARNING: Missing a blank line after declarations Signed-off-by: Franziska Naepelt <franziska.naepelt@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Hareshx Sankar Raj authored
The callback function for RSA frees the memory allocated for the source and destination buffers before unmapping them. This sequence is wrong. Change the cleanup sequence to unmap the buffers before freeing them. Fixes: 3dfaf007 ("crypto: qat - remove dma_free_coherent() for RSA") Signed-off-by: Hareshx Sankar Raj <hareshx.sankar.raj@intel.com> Co-developed-by: Bolemx Sivanagaleela <bolemx.sivanagaleela@intel.com> Signed-off-by: Bolemx Sivanagaleela <bolemx.sivanagaleela@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Hareshx Sankar Raj authored
The callback function for DH frees the memory allocated for the destination buffer before unmapping it. This sequence is wrong. Change the cleanup sequence to unmap the buffer before freeing it. Fixes: 029aa462 ("crypto: qat - remove dma_free_coherent() for DH") Signed-off-by: Hareshx Sankar Raj <hareshx.sankar.raj@intel.com> Co-developed-by: Bolemx Sivanagaleela <bolemx.sivanagaleela@intel.com> Signed-off-by: Bolemx Sivanagaleela <bolemx.sivanagaleela@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 09 Jun, 2023 3 commits
-
-
Herbert Xu authored
MAX_CIPHER_BLOCKSIZE is an internal implementation detail and should not be relied on by users of the Crypto API. Instead of storing the IV on the stack, allocate it together with the crypto request. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Mike Snitzer <snitzer@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Karthikeyan Gopal authored
Update slice mask enum for 4xxx device with BIT(7) to mask SMX fuse. This change is done to align the slice mask with the hardware fuse register. Signed-off-by: Karthikeyan Gopal <karthikeyan.gopal@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Karthikeyan Gopal authored
The LZS and RAND features are no longer available on QAT. Remove the definition of bit 6 (LZS) and bit 7 (RAND) in the enum that represents the capabilities and replace them with a comment mentioning that those bits are reserved. Those bits shall not be used in future. Signed-off-by: Karthikeyan Gopal <karthikeyan.gopal@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 06 Jun, 2023 1 commit
-
-
Giovanni Cabiddu authored
The function adf_dbgfs_exit() was improperly named causing the build to fail when CONFIG_DEBUG_FS=n. Rename adf_dbgfs_cleanup() as adf_dbgfs_exit(). This fixes the following build error: CC [M] drivers/crypto/intel/qat/qat_c62x/adf_drv.o drivers/crypto/intel/qat/qat_c62x/adf_drv.c: In function ‘adf_cleanup_accel’: drivers/crypto/intel/qat/qat_c62x/adf_drv.c:69:9: error: implicit declaration of function ‘adf_dbgfs_exit’; did you mean ‘adf_dbgfs_init’? [-Werror=implicit-function-declaration] 69 | adf_dbgfs_exit(accel_dev); | ^~~~~~~~~~~~~~ | adf_dbgfs_init cc1: all warnings being treated as errors make[2]: *** [scripts/Makefile.build:252: drivers/crypto/intel/qat/qat_c62x/adf_drv.o] Error 1 make[1]: *** [scripts/Makefile.build:494: drivers/crypto/intel/qat/qat_c62x] Error 2 make: *** [Makefile:2026: drivers/crypto/intel/qat] Error 2 Fixes: 9260db66 ("crypto: qat - move dbgfs init to separate file") Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202306030654.5t4qkyN1-lkp@intel.com/Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 02 Jun, 2023 10 commits
-
-
Bhupesh Sharma authored
The core clock for the Crypto Engine block on Qualcomm SoCs SM6115 and QCM2290 are provided via the RPM block. So mark the compatibles for these SoCs to indicate that only 'core' clock is required for such SoCs. Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Tested-by: Anders Roxell <anders.roxell@linaro.org> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Bhupesh Sharma authored
Currently the compatible list available in 'qce' dt-bindings does not support SM8150 and IPQ4019 SoCs directly which may lead to potential 'dtbs_check' error(s). Fix the same. Fixes: 00f3bc2d ("dt-bindings: qcom-qce: Add new SoC compatible strings for Qualcomm QCE IP") Reviewed-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org> Acked-by: Rob Herring <robh@kernel.org> Tested-by: Anders Roxell <anders.roxell@linaro.org> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Damian Muszynski authored
Move initialization of debugfs entries to a separate file. This simplifies the exclusion of the debugfs logic in the QAT driver when the kernel is built with CONFIG_DEBUG_FS=n. In addition, it will allow to consolidate the addition of debugfs entries to a single location in the code. This implementation adds infrastructure to create (and remove) debugfs entries at two different stages. The first, done when a device is probed, allows to keep debugfs entries persistent between a transition in device state (up to down or vice versa). The second, done after the initialization phase, allows to have debugfs entries that are accessible only when the device is up. In addition, move the creation of debugfs entries for configuration to the newly created function adf_dbgfs_init() and replace symbolic permissions with octal permissions when creating the debugfs files. This is to resolve the following warning reported by checkpatch: WARNING: Symbolic permissions 'S_IRUSR' are not preferred. Consider using octal permissions '0400'. Signed-off-by: Damian Muszynski <damian.muszynski@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Uwe Kleine-König authored
After commit b8a1a4cd ("i2c: Provide a temporary .probe_new() call-back type"), all drivers being converted to .probe_new() and then 03c835f4 ("i2c: Switch .probe() to not take an id parameter") convert back to (the new) .probe() to be able to eventually drop .probe_new() from struct i2c_driver. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Müller authored
With the update of the permanent and intermittent health errors, the actual indicator for the health test indicates a potential error only for the one offending time stamp gathered in the current iteration round. The next iteration round will "overwrite" the health test result. Thus, the entropy collection loop in jent_gen_entropy checks for the health test failure upon each loop iteration. However, the initialization operation checked for the APT health test once for an APT window which implies it would not catch most errors. Thus, the check for all health errors is now invoked unconditionally during each loop iteration for the startup test. With the change, the error JENT_ERCT becomes unused as all health errors are only reported with the JENT_HEALTH return code. This allows the removal of the error indicator. Fixes: 3fde2fe9 ("crypto: jitter - permanent and intermittent health errors" ) Reported-by: Joachim Vandersmissen <git@jvdsn.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Bharat Bhushan authored
The way random data is read from hardware has changed from Octeon CN10KA-B0 and later SoCs onwards. A new set of registers have been added to read random data and to verify whether the read data is valid or not. This patch extends and uses RNM_PF_TRNG_DAT and RNM_PF_TRNG_STS CSRs to read random number and status for the applicable silicon variants. Signed-off-by: Bharat Bhushan <bbhushan2@marvell.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Arnd Bergmann authored
Commit df8fc4e9 ("kbuild: Enable -fstrict-flex-arrays=3") uncovered a type mismatch in cesa 3des support that leads to a memcpy beyond the end of a structure: In function 'fortify_memcpy_chk', inlined from 'mv_cesa_des3_ede_setkey' at drivers/crypto/marvell/cesa/cipher.c:307:2: include/linux/fortify-string.h:583:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] 583 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is probably harmless as the actual data that is copied has the correct type, but clearly worth fixing nonetheless. Fixes: 4ada4839 ("crypto: marvell/cesa - add Triple-DES support") Cc: Kees Cook <keescook@chromium.org> Cc: Gustavo A. R. Silva" <gustavoars@kernel.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
John Allen authored
Add a new CCP/PSP PCI device ID and new PSP register offsets. Signed-off-by: John Allen <john.allen@amd.com> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Mario Limonciello authored
PCI device 0x17E0 includes new TEE offsets, doesn't support a platform mailbox, and does support platform doorbell so introduce a new structure to represent it. Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Mario Limonciello authored
Some platforms might support platform access doorbell but not mailbox. Add an extra guard to ensure this doesn't cause accesses to wrong ranges if a consumer calls psp_send_platform_access_msg(). Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 24 May, 2023 1 commit
-
-
Eric Biggers authored
Make the help text for CRYPTO_STATS explicitly mention that it reduces the performance of the crypto API. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-