summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-12-08crypto: testmgr - fix overlap in chunked tests againArd Biesheuvel1-1/+1
Commit 7e4c7f17cde2 ("crypto: testmgr - avoid overlap in chunked tests") attempted to address a problem in the crypto testmgr code where chunked test cases are copied to memory in a way that results in overlap. However, the fix recreated the exact same issue for other chunked tests, by putting IDX3 within 492 bytes of IDX1, which causes overlap if the first chunk exceeds 492 bytes, which is the case for at least one of the xts(aes) test cases. So increase IDX3 by another 1000 bytes. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-07crypto: arm/crc32 - accelerated support based on x86 SSE implementationArd Biesheuvel4-0/+555
This is a combination of the the Intel algorithm implemented using SSE and PCLMULQDQ instructions from arch/x86/crypto/crc32-pclmul_asm.S, and the new CRC32 extensions introduced for both 32-bit and 64-bit ARM in version 8 of the architecture. Two versions of the above combo are provided, one for CRC32 and one for CRC32C. The PMULL/NEON algorithm is faster, but operates on blocks of at least 64 bytes, and on multiples of 16 bytes only. For the remaining input, or for all input on systems that lack the PMULL 64x64->128 instructions, the CRC32 instructions will be used. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-07crypto: arm64/crc32 - accelerated support based on x86 SSE implementationArd Biesheuvel4-0/+487
This is a combination of the the Intel algorithm implemented using SSE and PCLMULQDQ instructions from arch/x86/crypto/crc32-pclmul_asm.S, and the new CRC32 extensions introduced for both 32-bit and 64-bit ARM in version 8 of the architecture. Two versions of the above combo are provided, one for CRC32 and one for CRC32C. The PMULL/NEON algorithm is faster, but operates on blocks of at least 64 bytes, and on multiples of 16 bytes only. For the remaining input, or for all input on systems that lack the PMULL 64x64->128 instructions, the CRC32 instructions will be used. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-07crypto: arm/crct10dif - port x86 SSE implementation to ARMArd Biesheuvel4-0/+535
This is a transliteration of the Intel algorithm implemented using SSE and PCLMULQDQ instructions that resides in the file arch/x86/crypto/crct10dif-pcl-asm_64.S, but simplified to only operate on buffers that are 16 byte aligned (but of any size) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-07crypto: arm64/crct10dif - port x86 SSE implementation to arm64Ard Biesheuvel4-0/+495
This is a transliteration of the Intel algorithm implemented using SSE and PCLMULQDQ instructions that resides in the file arch/x86/crypto/crct10dif-pcl-asm_64.S, but simplified to only operate on buffers that are 16 byte aligned (but of any size) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-07crypto: testmgr - add/enhance test cases for CRC-T10DIFArd Biesheuvel1-28/+42
The existing test cases only exercise a small slice of the various possible code paths through the x86 SSE/PCLMULQDQ implementation, and the upcoming ports of it for arm64. So add one that exceeds 256 bytes in size, and convert another to a chunked test. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-07crypto: testmgr - avoid overlap in chunked testsArd Biesheuvel1-1/+1
The IDXn offsets are chosen such that tap values (which may go up to 255) end up overlapping in the xbuf allocation. In particular, IDX1 and IDX3 are too close together, so update IDX3 to avoid this issue. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-07crypto: chcr - checking for IS_ERR() instead of NULLDan Carpenter1-9/+8
The create_hash_wr() function never returns error pointers. It returns NULL on error. Fixes: 358961d1cd1e ("crypto: chcr - Added new structure chcr_wr") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-07crypto: caam - check caam_emi_slow instead of re-lookup platformMarcus Folkesson1-3/+3
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypto: algif_aead - fix AIO handling of zero bufferStephan Mueller1-2/+3
Handle the case when the caller provided a zero buffer to sendmsg/sendpage. Such scenario is legal for AEAD ciphers when no plaintext / ciphertext and no AAD is provided and the caller only requests the generation of the tag value. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypto: aes-ce - Make aes_simd_algs staticHerbert Xu1-1/+1
The variable aes_simd_algs should be static. In fact if it isn't it causes build errors when multiple copies of aes-ce-glue.c are built into the kernel. Fixes: da40e7a4ba4d ("crypto: aes-ce - Convert to skcipher") Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypto: algif_skcipher - set error code when kcalloc failsPan Bian1-1/+3
Fix bug https://bugzilla.kernel.org/show_bug.cgi?id=188521. In function skcipher_recvmsg_async(), variable err takes the return value, and its value should be negative on failures. Because variable err may be reassigned and checked before calling kcalloc(), its value may be 0 (indicates no error) even if kcalloc() fails. This patch fixes the bug by explicitly assigning -ENOMEM to err when kcalloc() returns a NULL pointer. Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypto: caam - make aamalg_desc a proper moduleArnd Bergmann2-1/+5
The drivers/crypto/caam/ directory is entered during build only for building modules when CONFIG_CRYPTO_DEV_FSL_CAAM=m, but CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is defined as a 'bool' symbol, meaning that caamalg_desc.c is always compiled into built-in code, or not at all, leading to a link failure: ERROR: "cnstr_shdsc_xts_ablkcipher_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_xts_ablkcipher_encap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_givencap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_encap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_null_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_null_encap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_rfc4106_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_rfc4106_encap" [drivers/crypto/caam/caamalg.ko] undefined! ... Making caamalg_desc itself a loadable module fixes this configuration by ensuring the driver gets built. Aside from making the symbol 'tristate', I'm adding appropriate module metadata here. Fixes: 8cea7b66b821 ("crypto: caam - refactor encryption descriptors generation") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypto: caam - pass key buffers with typesafe pointersArnd Bergmann3-59/+62
The 'key' field is defined as a 'u64' and used for two different pieces of information: either to store a pointer or a dma_addr_t. The former leads to a build error on 32-bit machines: drivers/crypto/caam/caamalg_desc.c: In function 'cnstr_shdsc_aead_null_encap': drivers/crypto/caam/caamalg_desc.c:67:27: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] drivers/crypto/caam/caamalg_desc.c: In function 'cnstr_shdsc_aead_null_decap': drivers/crypto/caam/caamalg_desc.c:143:27: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] Using a union to provide correct types gets rid of the warnings and as well as a couple of redundant casts. Fixes: db57656b0072 ("crypto: caam - group algorithm related params") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypto: arm64/aes-ce-ccm - Fix AEAD decryption lengthHerbert Xu1-2/+2
This patch fixes the ARM64 CE CCM implementation decryption by using skcipher_walk_aead_decrypt instead of skcipher_walk_aead, which ensures the correct length is used when doing the walk. Fixes: cf2c0fe74084 ("crypto: aes-ce-ccm - Use skcipher walk interface") Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01MAINTAINERS: add crypto headers to crypto entryBaruch Siach1-0/+1
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypt: doc - remove misleading mention of async APIBaruch Siach1-3/+0
The asynchronous API is quite mature. Not mentioning is at all is probably better than saying it is under development. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypto: doc - fix header file nameBaruch Siach1-1/+1
Fixes: 8bc618d6a2e0 ("crypto: doc - Use ahash") Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypto: api - fix comment typoBaruch Siach1-1/+1
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-12-01crypto: skcipher - Add separate walker for AEAD decryptionHerbert Xu2-3/+34
The AEAD decrypt interface includes the authentication tag in req->cryptlen. Therefore we need to exlucde that when doing a walk over it. This patch adds separate walker functions for AEAD encryption and decryption. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2016-11-30crypto: arm/aesbs - fix brokenness after skcipher conversionArd Biesheuvel1-1/+1
The CBC encryption routine should use the encryption round keys, not the decryption round keys. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Add AEAD algos.Harsh Jain6-41/+1558
Add support for following AEAD algos. GCM,CCM,RFC4106,RFC4309,authenc(hmac(shaXXX),cbc(aes)). Reviewed-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Move tfm ctx variable to request contextHarsh Jain2-18/+17
Move request specific data in request context. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Use SHASH_DESC_ON_STACKHarsh Jain2-38/+27
Use SHASH_DESC_ON_STACK macro to allocate memory for ipad/opad calculation. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Adjust Dest. buffer sizeHarsh Jain1-30/+20
Destination buffer size passed to hardware should not be greater than crypto operation output. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Calculate Reverse round key in setkey callback.Harsh Jain2-30/+24
Move reverse round key calculation logic in setkey operation. Signed-off-by: Harsh Jain <harsh@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Remove dynamic allocationHarsh Jain2-32/+45
Remove malloc/free in hash operation and allocate memory in chcr_ahash_req_ctx structure. Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Fixes Unchecked dereference inside functionHarsh Jain1-1/+2
Fixes 324429d74127, Unchecked dereference inside function. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Added new structure chcr_wrHarsh Jain4-149/+140
Added new structure chcr_wr to populate Work Request Header. Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Cosmetic changeHarsh Jain2-58/+53
Moves get_aes_decrypt_key function to .c file and declare inline for "aes_ks_subword" Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: arm64/aes-ce-ctr - fix skcipher conversionArd Biesheuvel1-0/+1
Fix a missing statement that got lost in the skcipher conversion of the CTR transform. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: skcipher - fix crash in skcipher_walk_aead()Ard Biesheuvel1-0/+2
The new skcipher_walk_aead() may crash in the following way due to the walk flag SKCIPHER_WALK_PHYS not being cleared at the start of the walk: Unable to handle kernel NULL pointer dereference at virtual address 00000001 [..] Internal error: Oops: 96000044 [#1] PREEMPT SMP [..] PC is at skcipher_walk_next+0x208/0x450 LR is at skcipher_walk_next+0x1e4/0x450 pc : [<ffff2b93b7104e20>] lr : [<ffff2b93b7104dfc>] pstate: 40000045 sp : ffffb925fa517940 [...] [<ffff2b93b7104e20>] skcipher_walk_next+0x208/0x450 [<ffff2b93b710535c>] skcipher_walk_first+0x54/0x148 [<ffff2b93b7105664>] skcipher_walk_aead+0xd4/0x108 [<ffff2b93b6e77928>] ccm_encrypt+0x68/0x158 So clear the flag at the appropriate time. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: arm/aes-ce - fix broken monolithic buildArd Biesheuvel1-1/+1
When building the arm64 kernel with both CONFIG_CRYPTO_AES_ARM64_CE_BLK=y and CONFIG_CRYPTO_AES_ARM64_NEON_BLK=y configured, the build breaks with the following error: arch/arm64/crypto/aes-neon-blk.o:(.bss+0x0): multiple definition of `aes_simd_algs' arch/arm64/crypto/aes-ce-blk.o:(.bss+0x0): first defined here Fix this by making aes_simd_algs 'static'. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: arm/aes - Add missing SIMD select for aesbsHerbert Xu1-3/+3
This patch adds one more missing SIMD select for AES_ARM_BS. It also changes selects on ALGAPI to BLKCIPHER. Fixes: 211f41af534a ("crypto: aesbs - Convert to skcipher") Reported-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Herbert Xu7-17/+48
Merge the crypto tree to pull in chelsio chcr fix.
2016-11-30crypto: rsa - Add Makefile dependencies to fix parallel buildsDavid Michael1-0/+1
Both asn1 headers are included by rsa_helper.c, so rsa_helper.o should explicitly depend on them. Signed-off-by: David Michael <david.michael@coreos.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: chcr - Fix memory corruptionHarsh Jain1-1/+2
Fix memory corruption done by *((u32 *)dec_key + k) operation. Signed-off-by: Jitendra Lulla <JLULLA@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-30crypto: drbg - prevent invalid SG mappingsStephan Mueller2-5/+26
When using SGs, only heap memory (memory that is valid as per virt_addr_valid) is allowed to be referenced. The CTR DRBG used to reference the caller-provided memory directly in an SG. In case the caller provided stack memory pointers, the SG mapping is not considered to be valid. In some cases, this would even cause a paging fault. The change adds a new scratch buffer that is used unconditionally to catch the cases where the caller-provided buffer is not suitable for use in an SG. The crypto operation of the CTR DRBG produces its output with that scratch buffer and finally copies the content of the scratch buffer to the caller's buffer. The scratch buffer is allocated during allocation time of the CTR DRBG as its access is protected with the DRBG mutex. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-29crypto: arm/aes - Select SIMD in KconfigHerbert Xu2-3/+3
The skcipher conversion for ARM missed the select on CRYPTO_SIMD, causing build failures if SIMD was not otherwise enabled. Fixes: da40e7a4ba4d ("crypto: aes-ce - Convert to skcipher") Fixes: 211f41af534a ("crypto: aesbs - Convert to skcipher") Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-29crypto: arm64/sha2 - add generated .S files to .gitignoreArd Biesheuvel1-0/+2
Add the files that are generated by the recently merged OpenSSL SHA-256/512 implementation to .gitignore so Git disregards them when showing untracked files. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28crypto: testmgr - don't use stack buffer in test_acomp()Eric Biggers1-3/+8
With virtually-mapped stacks (CONFIG_VMAP_STACK=y), using the scatterlist crypto API with stack buffers is not allowed, and with appropriate debugging options will cause the 'BUG_ON(!virt_addr_valid(buf));' in sg_set_buf() to be triggered. Use a heap buffer instead. Fixes: d7db7a882deb ("crypto: acomp - update testmgr with support for acomp") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28MAINTAINERS: add maintainers for caam crypto driverHoria Geantă1-0/+8
Add myself and Dan as maintainers of the caam crypto driver. Cc: Dan Douglass <dan.douglass@nxp.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28crypto: caam - refactor ahash shared descriptor generationHoria Geantă1-94/+36
Move ahash shared descriptor generation into a single function. Currently there is no plan to support ahash on any other interface besides the Job Ring, thus for now the functionality is not exported. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28crypto: caam - consolidate split key length computationHoria Geantă4-45/+53
Move split key length and padded length computation from caamalg.c and caamhash.c to key_gen.c. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28crypto: caam - refactor encryption descriptors generationHoria Geantă5-1072/+1440
Refactor the generation of the authenc, ablkcipher shared descriptors and exports the functionality, such that they could be shared with the upcoming caam/qi (Queue Interface) driver. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28crypto: caam - remove unneded dependencies on CRYPTO_DEV_FSL_CAAMHoria Geantă1-4/+4
Remove dependency on CRYPTO_DEV_FSL_CAAM where superfluous: depends on CRYPTO_DEV_FSL_CAAM && CRYPTO_DEV_FSL_CAAM_JR is equivalent to depends on CRYPTO_DEV_FSL_CAAM_JR since CRYPTO_DEV_FSL_CAAM_JR depends on CRYPTO_DEV_FSL_CAAM. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28crypto: caam - rewrite some generic inline append cmdsHoria Geantă2-14/+14
A few descriptor commands are generated using generic inline append "append_cmd" function. Rewrite them using specific inline append functions. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28crypto: caam - improve key inliningHoria Geantă2-53/+116
For authenc / stitched AEAD algorithms, check independently each of the two (authentication, encryption) keys whether inlining is possible. Prioritize the inlining of the authentication key, since the length of the (split) key is bigger than that of the encryption key. For the other algorithms, compute only once per tfm the remaining available bytes and decide whether key inlining is possible based on this. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28crypto: caam - remove superfluous alg_op algorithm paramHoria Geantă4-81/+13
Information carried by alg_op can be deduced from adata->algtype plus some fixed flags. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-11-28crypto: caam - group algorithm related paramsHoria Geantă5-205/+274
In preparation of factoring out the shared descriptors, struct alginfo is introduced to group the algorithm related parameters. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>