Commit Graph

324 Commits

Author SHA1 Message Date
Kim Phillips
1c2b4abb19 crypto: talitos - don't bad_key in ablkcipher setkey
crypto/ablkcipher.c's setkey() has already checked against the min, max
key sizes before it calls here, and all max_keysize assignments in the
algorithm template array do not exceed TALITOS_MAX_KEY_SIZE.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-07-15 11:21:40 +08:00
Kim Phillips
febec54286 crypto: talitos - remove unused giv from ablkcipher methods
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-07-15 11:21:39 +08:00
Kim Phillips
602dba5a81 crypto: talitos - don't set done notification in hot path
IRQ done notification is always set.  Remove its explicit
assignment from the hot path by including it in the
descriptor header template assignment in talitos_cra_init.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-07-15 11:21:39 +08:00
Kim Phillips
5228f0f79e crypto: talitos - ensure request ordering within a single tfm
Assign single target channel per tfm in talitos_cra_init instead of
performing channel scheduling dynamically during the encryption request.
This changes the talitos_submit interface to accept a new channel
number argument.  Without this, rapid bursts of misc. sized requests
could make it possible for IPsec packets to be encrypted out-of-order,
which would result in packet drops due to sequence numbers falling
outside the anti-reply window on a peer gateway.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-07-15 11:21:38 +08:00
Josh Boyer
c5697462ae crypto: crypto4xx - Perform read/modify/write on device control register
The Security function on the AMCC SoCs has multiple engines within a
single MMIO range.  The crypto driver currently enables the 3DES
functionality by doing a blind write to the device control register.
This can unintentionally disable other functions like the PKA or TRNG
when the driver is loaded.

Perform a read/modify/write to enable the 3DES function instead.

Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:05 +08:00
Kim Phillips
23457bc956 crypto: caam - fix build warning when DEBUG_FS not configured
drivers/crypto/caam/ctrl.c: In function 'caam_probe':
drivers/crypto/caam/ctrl.c:55:23: warning: unused variable 'perfmon'

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:05 +08:00
Dmitry Kasatkin
cd3f1d545c crypto: omap-sham - do not schedule tasklet if there is no active requests
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:05 +08:00
Dmitry Kasatkin
0efd4d8a6a crypto: omap-sham - clear device flags when finishing request
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:04 +08:00
Dmitry Kasatkin
ed635cb85e crypto: omap-sham - irq handler must not clear error code
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:04 +08:00
Dmitry Kasatkin
6c63db821d crypto: omap-sham - irq and dma handling changes
It could be a situation, that tasklet is executed twice because of
certain delay between dma callback and irq handler execution.
In that case, second tasklet execution could actually corrupt the data
of the new started dma transactions.

This patch improves tasklet logic and prevents above described cases.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:04 +08:00
Dmitry Kasatkin
6cb3ffe100 crypto: omap-sham - remove dedicated queue handling tasklet
Calling omap_sham_handle_queue from "done" tasklet should be done
after irq scheduled tasklet completes.
Having additional tasklet does not solve that issue because it might
be execute before.
So queue handling tasklet has been removed and functionality integrated
into single tasklet.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:04 +08:00
Dmitry Kasatkin
171cb9a280 crypto: omap-sham - remove unnecessary local variable
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:03 +08:00
Dmitry Kasatkin
ed3ea9a82b crypto: omap-sham - move some flags to device context
Couple of context flags have been moved to device flags.
IRQ and tasklet handlers does not need to access request
context anymore.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:03 +08:00
Dmitry Kasatkin
a929cbeef7 crypto: omap-sham - replace flags operation with atomic bit operations
Some flags are changed in interrupt handlers and verified in the tasklet.
There might be a race condition when tasklet is interrupted or another
cpu/core will run IRQ handler and tasklet in parallel.
Atomic bitops functions are now used instead of bitmask operations.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:02 +08:00
Dmitry Kasatkin
ea1fd2246f crypto: omap-sham - replace flags bit mask with bit number
Flags mask cannot be used with atomic bit operations.
This patch changes masks to bit numbers.
Atomic bit operations will be used by following patches.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:02 +08:00
Dmitry Kasatkin
c3304721ed crypto: omap-sham - remove unused code
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:02 +08:00
Dmitry Kasatkin
0e87b159b3 crypto: omap-sham - remove extra reference
Request pointer is already available in the function.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:44:02 +08:00
Kim Phillips
a18b989a5c crypto: caam - fix operator precedence in shared descriptor allocation
setkey allocates 16 bytes (CAAM_CMD_SZ *
DESC_AEAD_SHARED_TEXT_LEN) shy of what is needed to
store the shared descriptor, resulting in memory
corruption.  Fix this.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:43:27 +08:00
Holger Dengler
cf2d007bd4 [S390] ap: skip device registration on type probe failure
The registration of an ap device will be skipped, if the device type
probing fails.
Add names of current crypto adapters to the Kconfig help.

Signed-off-by: Holger Dengler <hd@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2011-05-23 10:24:29 +02:00
Linus Torvalds
052497553e Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (45 commits)
  crypto: caam - add support for sha512 variants of existing AEAD algorithms
  crypto: caam - remove unused authkeylen from caam_ctx
  crypto: caam - fix decryption shared vs. non-shared key setting
  crypto: caam - platform_bus_type migration
  crypto: aesni-intel - fix aesni build on i386
  crypto: aesni-intel - Merge with fpu.ko
  crypto: mv_cesa - make count_sgs() null-pointer proof
  crypto: mv_cesa - copy remaining bytes to SRAM only when needed
  crypto: mv_cesa - move digest state initialisation to a better place
  crypto: mv_cesa - fill inner/outer IV fields only in HMAC case
  crypto: mv_cesa - refactor copy_src_to_buf()
  crypto: mv_cesa - no need to save digest state after the last chunk
  crypto: mv_cesa - print a warning when registration of AES algos fail
  crypto: mv_cesa - drop this call to mv_hash_final from mv_hash_finup
  crypto: mv_cesa - the descriptor pointer register needs to be set just once
  crypto: mv_cesa - use ablkcipher_request_cast instead of the manual container_of
  crypto: caam - fix printk recursion for long error texts
  crypto: caam - remove unused keylen from session context
  hwrng: amd - enable AMD hw rnd driver for Maple PPC boards
  hwrng: amd - manage resource allocation
  ...
2011-05-20 17:24:14 -07:00
Kim Phillips
4427b1b4ec crypto: caam - add support for sha512 variants of existing AEAD algorithms
In doing so, sha512 sized keys would not fit with the current
descriptor inlining mechanism, so we now calculate whether keys
should be referenced instead by pointers in the shared descriptor.

also, use symbols for descriptor text lengths, and, ahem, unmap and
free key i/o memory in cra_exit.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-19 14:38:00 +10:00
Kim Phillips
66664487b1 crypto: caam - remove unused authkeylen from caam_ctx
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-19 14:37:59 +10:00
Kim Phillips
ddbb80884a crypto: caam - fix decryption shared vs. non-shared key setting
Key sharing is enabled by default in the shared descriptor.

Using CBC decrypt, AES has to alter the key in order to decrypt.
During high traffic decryption rates, i.e, when sharing starts to
take place, we need to use a different OPERATION option to tell AES
that the key was already altered by the PRIOR descriptor - we need
the following kind of logic:

if ( shared )
    operation where AES uses decryption key (DK=1)
else
    operation where AES uses encryption key (DK=0)

this patch implements this logic using a conditional and
a non-conditional local jump within the decryption job
descriptor.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-19 14:37:59 +10:00
Kim Phillips
2930d49768 crypto: caam - platform_bus_type migration
this fixes a build error since cryptodev-2.6 got rebased
to include commit d714d1979d
"dt: eliminate of_platform_driver shim code".

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-19 14:37:58 +10:00
Phil Sutter
6ef84509f3 crypto: mv_cesa - make count_sgs() null-pointer proof
This also makes the dummy scatterlist in mv_hash_final() needless, so
drop it.

XXX: should this routine be made pulicly available? There are probably
other users with their own implementations.

Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:22 +10:00
Phil Sutter
7759995c75 crypto: mv_cesa - copy remaining bytes to SRAM only when needed
Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:21 +10:00
Phil Sutter
8652348754 crypto: mv_cesa - move digest state initialisation to a better place
On one hand, the digest state registers need to be set only when
actually using the crypto engine. On the other hand, there is a check
for ctx->first_hash in mv_process_hash_current() already, so use that.

Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:20 +10:00
Phil Sutter
cc8d35057c crypto: mv_cesa - fill inner/outer IV fields only in HMAC case
Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:19 +10:00
Phil Sutter
6677a776cf crypto: mv_cesa - refactor copy_src_to_buf()
The main goal was to have it not do anything when a zero len parameter
was being passed (which could lead to a null pointer dereference, as in
this case p->src_sg is null, either). Using the min() macro, the lower
part of the loop gets simpler, too.

Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:18 +10:00
Phil Sutter
7a1c6bcf26 crypto: mv_cesa - no need to save digest state after the last chunk
Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:17 +10:00
Phil Sutter
2a025f5dfc crypto: mv_cesa - print a warning when registration of AES algos fail
Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:16 +10:00
Phil Sutter
811e6ed623 crypto: mv_cesa - drop this call to mv_hash_final from mv_hash_finup
The code in mv_hash_final is actually a superset of mv_hash_finup's
body. Since the driver works fine without, drop it.

Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:15 +10:00
Phil Sutter
99db3eacac crypto: mv_cesa - the descriptor pointer register needs to be set just once
Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:14 +10:00
Phil Sutter
042e9e7356 crypto: mv_cesa - use ablkcipher_request_cast instead of the manual container_of
Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-11 15:06:13 +10:00
Kim Phillips
de2954d664 crypto: caam - fix printk recursion for long error texts
during recent descriptor development, an Invalid Sequence Command
error triggered a:

BUG: recent printk recursion!

due to insufficient memory allocated for the error text.

The Invalid Sequence Command error text is the longest.
The length of the maximum error string is computed as
the sum of:

"DECO: ": 6
"jump tgt desc idx 255: ": 23
Invalid Sequence Command text: 272
zero termination character: 1

i.e, 302 characters.

Define this maximum error string length in error.h and fix
caam_jr_strstatus callsites.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-04 15:15:06 +10:00
Kim Phillips
701af31ce0 crypto: caam - remove unused keylen from session context
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-04 15:15:05 +10:00
Gerald Schaefer
0200f3ecc1 crypto: s390 - add System z hardware support for CTR mode
This patch adds System z hardware acceleration support for AES, DES
and 3DES in CTR mode. The hardware support is available starting with
System z196.

Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-04 15:09:44 +10:00
Jan Glauber
d393d9b8ca crypto: s390 - cleanup s390 Kconfig options
Cleanup the remaining s390 crypto options by mentioning the earliest machine
type that supports an accelerated algorithm.

Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-04 15:06:34 +10:00
Gerald Schaefer
df1309ce95 crypto: s390 - add System z hardware support for GHASH
This patch adds System z hardware acceleration support for the GHASH
algorithm for GCM (Galois/Counter Mode).
The hardware support is available beginning with System z196.

Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-04 15:06:32 +10:00
Gerald Schaefer
99d9722215 crypto: s390 - add System z hardware support for XTS mode
This patch adds System z hardware acceleration support for the AES XTS mode.
The hardware support is available beginning with System z196.

Signed-off-by: Jan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-04 15:06:30 +10:00
Kim Phillips
ec8e8dfe5f crypto: caam - remove duplicate dev_err
keep the hex error value reporting version (a) to be consistent
with decrypt_done(), and (b) to keep our hardware guys happy.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-03 09:53:40 +10:00
Kim Phillips
d37d36e31c crypto: caam - remove WAIT-FOR-COMPLETIONs from givencrypt descriptor
remains from descriptor debugging - not required for normal operation.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-03 09:53:38 +10:00
Kim Phillips
f3af98681f crypto: caam - fix queue interface detection
The presence of a h/w Queue Interface would fail due to this
cut-n-paste snafu.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-03 09:53:35 +10:00
Kim Phillips
9620fd959f crypto: caam - handle interrupt lines shared across rings
- add IRQF_SHARED to request_irq flags to support parts such as
the p1023 that has one IRQ line per couple of rings.

- resetting a job ring triggers an interrupt, so move request_irq
prior to jr_reset to avoid 'got IRQ but nobody cared' messages.

- disable IRQs in h/w to avoid contention between reset and
interrupt status

- delete invalid comment - if there were incomplete jobs,
module would be in use, preventing an unload.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-03 09:53:31 +10:00
Dmitry Kasatkin
bf36275903 crypto: omap-sham - hmac calculation bug fix for sha1 base hash
This patch fixes 2 hmac inter-dependent bugs.

1. "omap-sham: hash-in-progress is stored in hw format" commit introduced
optimization where temporary hash had been stored in OMAP specific format
(big endian).
For SHA1 it is different to real hash format, which is little endian.
Final HMAC value was calculated using incorrect hash.
Because CONFIG_CRYPTO_MANAGER_TESTS was disabled this error remained
unnoticed. After enabling this option, bug has been found.

2. HMAC was calculated using temporrary hash value.
For a single-request updates, temporary hash was the final one and
HMAC result was correct. But in fact only the final hash had to be used.
All crypto tests for HMAC produces only single request and
could not catch the problem. This problem is fixed here.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-04-26 16:45:38 +10:00
Dmitry Kasatkin
528d26f57a crypto: omap-sham - enable driver for EMU chips
EMU chips also have crypto HW as HS chips.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-04-26 16:45:36 +10:00
Dmitry Kasatkin
07aab762fe crypto: omap-sham - remove debug print
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-04-26 16:45:34 +10:00
Markku Kylanpaa
455e33898e crypto: omap-sham - fix concurrent sha1 calculations
SHA1 accelerator can also be busy. Add -EBUSY status return option and
return busy status from omap_sham_finup().

Signed-off-by: Markku Kylanpaa <ext-markku.kylanpaa@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-04-26 16:45:32 +10:00
Vladimir Zapolskiy
a49e490c7a crypto: s5p-sss - add S5PV210 advanced crypto engine support
This change adds support for AES encrypting and decrypting using
advanced crypto engine found on Samsung S5PV210 and S5PC110 SoCs.

Signed-off-by: Vladimir Zapolskiy <vzapolskiy@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-04-08 20:40:51 +08:00
Julia Lawall
b3b7f0550f crypto: caam - introduce missing kfree
Error handling code following a kmalloc should free the allocated data.

The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@r exists@
local idexpression x;
statement S;
expression E;
identifier f,f1,l;
position p1,p2;
expression *ptr != NULL;
@@

x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
     when != if (...) { <+...x...+> }
(
x->f1 = E
|
 (x->f1 == NULL || ...)
|
 f(...,x->f1,...)
)
...>
(
 return \(0\|<+...x...+>\|ptr\);
|
 return@p2 ...;
)

@script:python@
p1 << r.p1;
p2 << r.p2;
@@

print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-04-08 20:39:23 +08:00