Re: [PATCH v6 0/3] crypto: caam - add support for RSA algorithm

[Stephan Mueller]

Am Donnerstag, 19. Mai 2016, 15:15:15 schrieb Tudor Ambarus:

Hi Tudor,

as I am looking into the RSA countermeasures, I am wondering how much of 
countermeasures are actually applied inside hardware implementations. Can you 
please point me to or illustrate any countermeasures your implementation does?

The goal for my question is to identify whether we need to have a generic 
implementation one that is enabled on a per-implementation basis.


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: IV generation in cryptographic driver in AEAD

[Catalin Vasile]

Inline comments


From: Denis B 
Sent: Wednesday, May 18, 2016 5:21 PM
To: Catalin Vasile
Cc: linux-crypto@vger.kernel.org
Subject: Re: IV generation in cryptographic driver in AEAD

Forgive my dumbness, but in:

  .cra_type = _aead_type,
  .cra_u = {
.aead = {
.setkey = pp_crypto_aead_setkey,
.setauthsize = pp_crypto_aead_setauthsize,
.decrypt = pp_crypto_aead_dec,
.encrypt = pp_crypto_aead_enc,
.givencrypt = pp_crypto_aead_genivencrypt,
.givdecrypt = pp_crypto_aead_genivdecrypt,
.ivsize = AES_BLOCK_SIZE,
.maxauthsize = SHA256_DIGEST_SIZE,
},
  },

Just delete the givencrypt and givdecrypt lines (or set to NULL)?
[Catalin Vasile]
You need to set it to NULL. If your struct is declared globally, the parts
that load your code will be set any uninitialized struct elements to NULL.

On Wed, May 18, 2016 at 4:56 PM, Catalin Vasile  wrote:
> Inline comments.
>
> 
> From: linux-crypto-ow...@vger.kernel.org  
> on behalf of Denis B 
> Sent: Wednesday, May 18, 2016 3:06 PM
> To: linux-crypto@vger.kernel.org
> Subject: IV generation in cryptographic driver in AEAD
>
> Hello,
>
> In AEAD mode (or in any case, in IPSec ESP IPv4 – esp4.c), in kernel
> versions prior to 4.2 the cryptographic driver is expected to generate
> an IV.
>
> What if my driver is unable to generate an IV?
> [Catalin Vasile]
> Simple: You do not implement the givcrypt() primitive. The kernel will 
> generate the IV in software and then call your encrypt() primitive.
>
> Thanks,
> Dennis.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 2/8] asm-generic/io.h: add io{read,write}64 accessors

[Horia Geantă]

This will allow device drivers to consistently use io{read,write}XX
also for 64-bit accesses.

Acked-by: Arnd Bergmann 
Signed-off-by: Horia Geantă 
---
 include/asm-generic/io.h| 63 +
 include/asm-generic/iomap.h |  8 ++
 2 files changed, 71 insertions(+)

diff --git a/include/asm-generic/io.h b/include/asm-generic/io.h
index b79fb2c248a1..2af6ea95762d 100644
--- a/include/asm-generic/io.h
+++ b/include/asm-generic/io.h
@@ -585,6 +585,16 @@ static inline u32 ioread32(const volatile void __iomem 
*addr)
 }
 #endif
 
+#ifdef CONFIG_64BIT
+#ifndef ioread64
+#define ioread64 ioread64
+static inline u64 ioread64(const volatile void __iomem *addr)
+{
+   return readq(addr);
+}
+#endif
+#endif /* CONFIG_64BIT */
+
 #ifndef iowrite8
 #define iowrite8 iowrite8
 static inline void iowrite8(u8 value, volatile void __iomem *addr)
@@ -609,6 +619,16 @@ static inline void iowrite32(u32 value, volatile void 
__iomem *addr)
 }
 #endif
 
+#ifdef CONFIG_64BIT
+#ifndef iowrite64
+#define iowrite64 iowrite64
+static inline void iowrite64(u64 value, volatile void __iomem *addr)
+{
+   writeq(value, addr);
+}
+#endif
+#endif /* CONFIG_64BIT */
+
 #ifndef ioread16be
 #define ioread16be ioread16be
 static inline u16 ioread16be(const volatile void __iomem *addr)
@@ -625,6 +645,16 @@ static inline u32 ioread32be(const volatile void __iomem 
*addr)
 }
 #endif
 
+#ifdef CONFIG_64BIT
+#ifndef ioread64be
+#define ioread64be ioread64be
+static inline u64 ioread64be(const volatile void __iomem *addr)
+{
+   return swab64(readq(addr));
+}
+#endif
+#endif /* CONFIG_64BIT */
+
 #ifndef iowrite16be
 #define iowrite16be iowrite16be
 static inline void iowrite16be(u16 value, void volatile __iomem *addr)
@@ -641,6 +671,16 @@ static inline void iowrite32be(u32 value, volatile void 
__iomem *addr)
 }
 #endif
 
+#ifdef CONFIG_64BIT
+#ifndef iowrite64be
+#define iowrite64be iowrite64be
+static inline void iowrite64be(u64 value, volatile void __iomem *addr)
+{
+   writeq(swab64(value), addr);
+}
+#endif
+#endif /* CONFIG_64BIT */
+
 #ifndef ioread8_rep
 #define ioread8_rep ioread8_rep
 static inline void ioread8_rep(const volatile void __iomem *addr, void *buffer,
@@ -668,6 +708,17 @@ static inline void ioread32_rep(const volatile void 
__iomem *addr,
 }
 #endif
 
+#ifdef CONFIG_64BIT
+#ifndef ioread64_rep
+#define ioread64_rep ioread64_rep
+static inline void ioread64_rep(const volatile void __iomem *addr,
+   void *buffer, unsigned int count)
+{
+   readsq(addr, buffer, count);
+}
+#endif
+#endif /* CONFIG_64BIT */
+
 #ifndef iowrite8_rep
 #define iowrite8_rep iowrite8_rep
 static inline void iowrite8_rep(volatile void __iomem *addr,
@@ -697,6 +748,18 @@ static inline void iowrite32_rep(volatile void __iomem 
*addr,
writesl(addr, buffer, count);
 }
 #endif
+
+#ifdef CONFIG_64BIT
+#ifndef iowrite64_rep
+#define iowrite64_rep iowrite64_rep
+static inline void iowrite64_rep(volatile void __iomem *addr,
+const void *buffer,
+unsigned int count)
+{
+   writesq(addr, buffer, count);
+}
+#endif
+#endif /* CONFIG_64BIT */
 #endif /* CONFIG_GENERIC_IOMAP */
 
 #ifdef __KERNEL__
diff --git a/include/asm-generic/iomap.h b/include/asm-generic/iomap.h
index d8f8622fa044..650fede33c25 100644
--- a/include/asm-generic/iomap.h
+++ b/include/asm-generic/iomap.h
@@ -30,12 +30,20 @@ extern unsigned int ioread16(void __iomem *);
 extern unsigned int ioread16be(void __iomem *);
 extern unsigned int ioread32(void __iomem *);
 extern unsigned int ioread32be(void __iomem *);
+#ifdef CONFIG_64BIT
+extern u64 ioread64(void __iomem *);
+extern u64 ioread64be(void __iomem *);
+#endif
 
 extern void iowrite8(u8, void __iomem *);
 extern void iowrite16(u16, void __iomem *);
 extern void iowrite16be(u16, void __iomem *);
 extern void iowrite32(u32, void __iomem *);
 extern void iowrite32be(u32, void __iomem *);
+#ifdef CONFIG_64BIT
+extern void iowrite64(u64, void __iomem *);
+extern void iowrite64be(u64, void __iomem *);
+#endif
 
 /*
  * "string" versions of the above. Note that they
-- 
2.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 3/8] arm64: add io{read,write}64be accessors

[Horia Geantă]

This will allow device drivers to consistently use io{read,write}XXbe
also for 64-bit accesses.

Acked-by: Catalin Marinas 
Signed-off-by: Alex Porosanu 
Signed-off-by: Horia Geantă 
---
 arch/arm64/include/asm/io.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/include/asm/io.h b/arch/arm64/include/asm/io.h
index 44be1e03ed65..9b6e408cfa51 100644
--- a/arch/arm64/include/asm/io.h
+++ b/arch/arm64/include/asm/io.h
@@ -174,13 +174,15 @@ extern void __iomem *ioremap_cache(phys_addr_t phys_addr, 
size_t size);
 #define iounmap__iounmap
 
 /*
- * io{read,write}{16,32}be() macros
+ * io{read,write}{16,32,64}be() macros
  */
 #define ioread16be(p)  ({ __u16 __v = be16_to_cpu((__force 
__be16)__raw_readw(p)); __iormb(); __v; })
 #define ioread32be(p)  ({ __u32 __v = be32_to_cpu((__force 
__be32)__raw_readl(p)); __iormb(); __v; })
+#define ioread64be(p)  ({ __u64 __v = be64_to_cpu((__force 
__be64)__raw_readq(p)); __iormb(); __v; })
 
 #define iowrite16be(v,p)   ({ __iowmb(); __raw_writew((__force 
__u16)cpu_to_be16(v), p); })
 #define iowrite32be(v,p)   ({ __iowmb(); __raw_writel((__force 
__u32)cpu_to_be32(v), p); })
+#define iowrite64be(v,p)   ({ __iowmb(); __raw_writeq((__force 
__u64)cpu_to_be64(v), p); })
 
 /*
  * Convert a physical pointer to a virtual kernel pointer for /dev/mem
-- 
2.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: IV generation in cryptographic driver in AEAD

[Herbert Xu]

Denis B  wrote:
> My algs struct now looks like this:
> 
> static struct crypto_alg pp_crypto_algs[] = {
>   {
>  .cra_name = "authenc(hmac(sha256),cbc(aes))",
>  .cra_driver_name = "pp_crypto_cbc_hmac_sha256",
>  .cra_priority = 1, /**TODO set to highest values after
> implementing encrypt decrypt functions */
>  .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC,
>  .cra_blocksize = AES_BLOCK_SIZE,
>  .cra_ctxsize = sizeof(struct pp_crypto_aead_ctx),
>  .cra_type = _nivaead_type,
>  .cra_u = {
>.aead = {
>.setkey = pp_crypto_aead_setkey,
>.setauthsize = pp_crypto_aead_setauthsize,
>.decrypt = pp_crypto_aead_dec,
>.encrypt = pp_crypto_aead_enc,
>.givencrypt = NULL,
>.givdecrypt = NULL,
>.ivsize = AES_BLOCK_SIZE,
>.maxauthsize = SHA256_DIGEST_SIZE,

You also need to set geniv to "eseqiv".

Cheers,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/7] crypto : async implementation for sha1-mb

[Megha Dey]

From: Megha Dey 

Herbert wants the sha1-mb algorithm to have an async implementation:
https://lkml.org/lkml/2016/4/5/286.
Currently, sha1-mb uses an async interface for the outer algorithm
and a sync interface for the inner algorithm. This patch introduces
a async interface for even the inner algorithm.

Signed-off-by: Megha Dey 
Signed-off-by: Tim Chen 
---
 arch/x86/crypto/sha-mb/sha1_mb.c | 190 ++-
 crypto/ahash.c   |   6 --
 crypto/mcryptd.c | 117 +---
 include/crypto/hash.h|   6 ++
 include/crypto/internal/hash.h   |   8 +-
 include/crypto/mcryptd.h |   8 +-
 6 files changed, 184 insertions(+), 151 deletions(-)

diff --git a/arch/x86/crypto/sha-mb/sha1_mb.c b/arch/x86/crypto/sha-mb/sha1_mb.c
index dcafb8e..7201255 100644
--- a/arch/x86/crypto/sha-mb/sha1_mb.c
+++ b/arch/x86/crypto/sha-mb/sha1_mb.c
@@ -68,6 +68,7 @@
 #include 
 #include 
 #include "sha_mb_ctx.h"
+#include 
 
 #define FLUSH_INTERVAL 1000 /* in usec */
 
@@ -80,10 +81,10 @@ struct sha1_mb_ctx {
 static inline struct mcryptd_hash_request_ctx
*cast_hash_to_mcryptd_ctx(struct sha1_hash_ctx *hash_ctx)
 {
-   struct shash_desc *desc;
+   struct ahash_request *areq;
 
-   desc = container_of((void *) hash_ctx, struct shash_desc, __ctx);
-   return container_of(desc, struct mcryptd_hash_request_ctx, desc);
+   areq = container_of((void *) hash_ctx, struct ahash_request, __ctx);
+   return container_of(areq, struct mcryptd_hash_request_ctx, areq);
 }
 
 static inline struct ahash_request
@@ -93,7 +94,7 @@ static inline struct ahash_request
 }
 
 static void req_ctx_init(struct mcryptd_hash_request_ctx *rctx,
-   struct shash_desc *desc)
+   struct ahash_request *areq)
 {
rctx->flag = HASH_UPDATE;
 }
@@ -375,9 +376,9 @@ static struct sha1_hash_ctx *sha1_ctx_mgr_flush(struct 
sha1_ctx_mgr *mgr)
}
 }
 
-static int sha1_mb_init(struct shash_desc *desc)
+static int sha1_mb_init(struct ahash_request *areq)
 {
-   struct sha1_hash_ctx *sctx = shash_desc_ctx(desc);
+   struct sha1_hash_ctx *sctx = ahash_request_ctx(areq);
 
hash_ctx_init(sctx);
sctx->job.result_digest[0] = SHA1_H0;
@@ -395,7 +396,7 @@ static int sha1_mb_init(struct shash_desc *desc)
 static int sha1_mb_set_results(struct mcryptd_hash_request_ctx *rctx)
 {
int i;
-   struct  sha1_hash_ctx *sctx = shash_desc_ctx(>desc);
+   struct  sha1_hash_ctx *sctx = ahash_request_ctx(>areq);
__be32  *dst = (__be32 *) rctx->out;
 
for (i = 0; i < 5; ++i)
@@ -427,7 +428,7 @@ static int sha_finish_walk(struct mcryptd_hash_request_ctx 
**ret_rctx,
 
}
sha_ctx = (struct sha1_hash_ctx *)
-   shash_desc_ctx(>desc);
+   ahash_request_ctx(>areq);
kernel_fpu_begin();
sha_ctx = sha1_ctx_mgr_submit(cstate->mgr, sha_ctx,
rctx->walk.data, nbytes, flag);
@@ -519,11 +520,10 @@ static void sha1_mb_add_list(struct 
mcryptd_hash_request_ctx *rctx,
mcryptd_arm_flusher(cstate, delay);
 }
 
-static int sha1_mb_update(struct shash_desc *desc, const u8 *data,
- unsigned int len)
+static int sha1_mb_update(struct ahash_request *areq)
 {
struct mcryptd_hash_request_ctx *rctx =
-   container_of(desc, struct mcryptd_hash_request_ctx, desc);
+   container_of(areq, struct mcryptd_hash_request_ctx, areq);
struct mcryptd_alg_cstate *cstate =
this_cpu_ptr(sha1_mb_alg_state.alg_cstate);
 
@@ -539,7 +539,7 @@ static int sha1_mb_update(struct shash_desc *desc, const u8 
*data,
}
 
/* need to init context */
-   req_ctx_init(rctx, desc);
+   req_ctx_init(rctx, areq);
 
nbytes = crypto_ahash_walk_first(req, >walk);
 
@@ -552,7 +552,7 @@ static int sha1_mb_update(struct shash_desc *desc, const u8 
*data,
rctx->flag |= HASH_DONE;
 
/* submit */
-   sha_ctx = (struct sha1_hash_ctx *) shash_desc_ctx(desc);
+   sha_ctx = (struct sha1_hash_ctx *) ahash_request_ctx(areq);
sha1_mb_add_list(rctx, cstate);
kernel_fpu_begin();
sha_ctx = sha1_ctx_mgr_submit(cstate->mgr, sha_ctx, rctx->walk.data,
@@ -579,11 +579,10 @@ done:
return ret;
 }
 
-static int sha1_mb_finup(struct shash_desc *desc, const u8 *data,
-unsigned int len, u8 *out)
+static int sha1_mb_finup(struct ahash_request *areq)
 {
struct mcryptd_hash_request_ctx *rctx =
-   container_of(desc, struct mcryptd_hash_request_ctx, desc);
+   container_of(areq, struct 

[PATCH 1/7] crypto : stylistic cleanup in sha1-mb

[Megha Dey]

From: Megha Dey 

Currently there are several checkpatch warnings in the sha1_mb.c file:
'WARNING: line over 80 characters' in the sha1_mb.c file. Also, the
syntax of some multi-line comments are not correct. This patch fixes
these issues.

Signed-off-by: Megha Dey 
---
 arch/x86/crypto/sha-mb/sha1_mb.c | 113 ++-
 1 file changed, 76 insertions(+), 37 deletions(-)

diff --git a/arch/x86/crypto/sha-mb/sha1_mb.c b/arch/x86/crypto/sha-mb/sha1_mb.c
index 081255c..dcafb8e 100644
--- a/arch/x86/crypto/sha-mb/sha1_mb.c
+++ b/arch/x86/crypto/sha-mb/sha1_mb.c
@@ -77,7 +77,8 @@ struct sha1_mb_ctx {
struct mcryptd_ahash *mcryptd_tfm;
 };
 
-static inline struct mcryptd_hash_request_ctx *cast_hash_to_mcryptd_ctx(struct 
sha1_hash_ctx *hash_ctx)
+static inline struct mcryptd_hash_request_ctx
+   *cast_hash_to_mcryptd_ctx(struct sha1_hash_ctx *hash_ctx)
 {
struct shash_desc *desc;
 
@@ -85,7 +86,8 @@ static inline struct mcryptd_hash_request_ctx 
*cast_hash_to_mcryptd_ctx(struct s
return container_of(desc, struct mcryptd_hash_request_ctx, desc);
 }
 
-static inline struct ahash_request *cast_mcryptd_ctx_to_req(struct 
mcryptd_hash_request_ctx *ctx)
+static inline struct ahash_request
+   *cast_mcryptd_ctx_to_req(struct mcryptd_hash_request_ctx *ctx)
 {
return container_of((void *) ctx, struct ahash_request, __ctx);
 }
@@ -97,10 +99,12 @@ static void req_ctx_init(struct mcryptd_hash_request_ctx 
*rctx,
 }
 
 static asmlinkage void (*sha1_job_mgr_init)(struct sha1_mb_mgr *state);
-static asmlinkage struct job_sha1* (*sha1_job_mgr_submit)(struct sha1_mb_mgr 
*state,
- struct job_sha1 *job);
-static asmlinkage struct job_sha1* (*sha1_job_mgr_flush)(struct sha1_mb_mgr 
*state);
-static asmlinkage struct job_sha1* (*sha1_job_mgr_get_comp_job)(struct 
sha1_mb_mgr *state);
+static asmlinkage struct job_sha1* (*sha1_job_mgr_submit)
+   (struct sha1_mb_mgr *state, struct job_sha1 *job);
+static asmlinkage struct job_sha1* (*sha1_job_mgr_flush)
+   (struct sha1_mb_mgr *state);
+static asmlinkage struct job_sha1* (*sha1_job_mgr_get_comp_job)
+   (struct sha1_mb_mgr *state);
 
 inline void sha1_init_digest(uint32_t *digest)
 {
@@ -131,7 +135,8 @@ inline uint32_t sha1_pad(uint8_t padblock[SHA1_BLOCK_SIZE * 
2],
return i >> SHA1_LOG2_BLOCK_SIZE;
 }
 
-static struct sha1_hash_ctx *sha1_ctx_mgr_resubmit(struct sha1_ctx_mgr *mgr, 
struct sha1_hash_ctx *ctx)
+static struct sha1_hash_ctx *sha1_ctx_mgr_resubmit(struct sha1_ctx_mgr *mgr,
+   struct sha1_hash_ctx *ctx)
 {
while (ctx) {
if (ctx->status & HASH_CTX_STS_COMPLETE) {
@@ -177,8 +182,8 @@ static struct sha1_hash_ctx *sha1_ctx_mgr_resubmit(struct 
sha1_ctx_mgr *mgr, str
 
ctx->job.buffer = (uint8_t *) buffer;
ctx->job.len = len;
-   ctx = (struct sha1_hash_ctx *) 
sha1_job_mgr_submit(>mgr,
-   
  >job);
+   ctx = (struct sha1_hash_ctx 
*)sha1_job_mgr_submit(>mgr,
+   
>job);
continue;
}
}
@@ -191,13 +196,15 @@ static struct sha1_hash_ctx *sha1_ctx_mgr_resubmit(struct 
sha1_ctx_mgr *mgr, str
if (ctx->status & HASH_CTX_STS_LAST) {
 
uint8_t *buf = ctx->partial_block_buffer;
-   uint32_t n_extra_blocks = sha1_pad(buf, 
ctx->total_length);
+   uint32_t n_extra_blocks =
+   sha1_pad(buf, ctx->total_length);
 
ctx->status = (HASH_CTX_STS_PROCESSING |
   HASH_CTX_STS_COMPLETE);
ctx->job.buffer = buf;
ctx->job.len = (uint32_t) n_extra_blocks;
-   ctx = (struct sha1_hash_ctx *) 
sha1_job_mgr_submit(>mgr, >job);
+   ctx = (struct sha1_hash_ctx *)
+   sha1_job_mgr_submit(>mgr, >job);
continue;
}
 
@@ -208,14 +215,17 @@ static struct sha1_hash_ctx *sha1_ctx_mgr_resubmit(struct 
sha1_ctx_mgr *mgr, str
return NULL;
 }
 
-static struct sha1_hash_ctx *sha1_ctx_mgr_get_comp_ctx(struct sha1_ctx_mgr 
*mgr)
+static struct sha1_hash_ctx
+   *sha1_ctx_mgr_get_comp_ctx (struct sha1_ctx_mgr *mgr)
 {
/*
 * If get_comp_job returns NULL, there are no jobs complete.
-* If get_comp_job returns a job, verify that it is 

Re: [patch] crypto: omap-sham - potential Oops on error in probe

[Herbert Xu]

On Wed, May 18, 2016 at 01:39:05PM +0300, Dan Carpenter wrote:
> This if statement is reversed so we end up either leaking or Oopsing on
> error.
> 
> Fixes: dbe246209bc1 ('crypto: omap-sham - Use dma_request_chan() for 
> requesting DMA channel')
> Signed-off-by: Dan Carpenter 

Patch applied.  Thanks!
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: IV generation in cryptographic driver in AEAD

[Denis B]

My algs struct now looks like this:

static struct crypto_alg pp_crypto_algs[] = {
   {
  .cra_name = "authenc(hmac(sha256),cbc(aes))",
  .cra_driver_name = "pp_crypto_cbc_hmac_sha256",
  .cra_priority = 1, /**TODO set to highest values after
implementing encrypt decrypt functions */
  .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC,
  .cra_blocksize = AES_BLOCK_SIZE,
  .cra_ctxsize = sizeof(struct pp_crypto_aead_ctx),
  .cra_type = _nivaead_type,
  .cra_u = {
.aead = {
.setkey = pp_crypto_aead_setkey,
.setauthsize = pp_crypto_aead_setauthsize,
.decrypt = pp_crypto_aead_dec,
.encrypt = pp_crypto_aead_enc,
.givencrypt = NULL,
.givdecrypt = NULL,
.ivsize = AES_BLOCK_SIZE,
.maxauthsize = SHA256_DIGEST_SIZE,
},
  },
  .cra_init = pp_crypto_aead_sha256_init,
  .cra_exit = pp_crypto_aead_exit,
  .cra_module = THIS_MODULE,
   },
   {
  .cra_name = "authenc(hmac(sha512),cbc(aes))",
  .cra_driver_name = "pp_crypto_cbc_hmac_sha512",
  .cra_priority = 1, /**TODO set to highest values after
implementing encrypt decrypt functions */
  .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC,
  .cra_blocksize = AES_BLOCK_SIZE,
  .cra_ctxsize = sizeof(struct pp_crypto_aead_ctx),
  .cra_type = _nivaead_type,
  .cra_u = {
.aead = {
.setkey = pp_crypto_aead_setkey,
.decrypt = pp_crypto_aead_dec,
.encrypt = pp_crypto_aead_enc,
.givencrypt = NULL,
.givdecrypt = NULL,
.ivsize = AES_BLOCK_SIZE,
.maxauthsize = SHA512_DIGEST_SIZE,
},
  },
  .cra_init = pp_crypto_aead_sha512_init,
  .cra_exit = pp_crypto_aead_exit,
  .cra_module = THIS_MODULE,
   }
};

I issue a ping and see esp_output() getting called. After that, I'm
used to seeing pp_crypto_givaead_enc() in my driver called. Now I see:

ping: sendto: Function not implemented


Please note that I am working with kernel 3.12, where in esp4.c line
266 we have:

err = crypto_aead_givencrypt(req);

On Thu, May 19, 2016 at 9:44 AM, Catalin Vasile  wrote:
> Inline comments
>
> 
> From: Denis B 
> Sent: Wednesday, May 18, 2016 5:21 PM
> To: Catalin Vasile
> Cc: linux-crypto@vger.kernel.org
> Subject: Re: IV generation in cryptographic driver in AEAD
>
> Forgive my dumbness, but in:
>
>   .cra_type = _aead_type,
>   .cra_u = {
> .aead = {
> .setkey = pp_crypto_aead_setkey,
> .setauthsize = pp_crypto_aead_setauthsize,
> .decrypt = pp_crypto_aead_dec,
> .encrypt = pp_crypto_aead_enc,
> .givencrypt = pp_crypto_aead_genivencrypt,
> .givdecrypt = pp_crypto_aead_genivdecrypt,
> .ivsize = AES_BLOCK_SIZE,
> .maxauthsize = SHA256_DIGEST_SIZE,
> },
>   },
>
> Just delete the givencrypt and givdecrypt lines (or set to NULL)?
> [Catalin Vasile]
> You need to set it to NULL. If your struct is declared globally, the parts
> that load your code will be set any uninitialized struct elements to NULL.
>
> On Wed, May 18, 2016 at 4:56 PM, Catalin Vasile  wrote:
>> Inline comments.
>>
>> 
>> From: linux-crypto-ow...@vger.kernel.org 
>>  on behalf of Denis B 
>> 
>> Sent: Wednesday, May 18, 2016 3:06 PM
>> To: linux-crypto@vger.kernel.org
>> Subject: IV generation in cryptographic driver in AEAD
>>
>> Hello,
>>
>> In AEAD mode (or in any case, in IPSec ESP IPv4 – esp4.c), in kernel
>> versions prior to 4.2 the cryptographic driver is expected to generate
>> an IV.
>>
>> What if my driver is unable to generate an IV?
>> [Catalin Vasile]
>> Simple: You do not implement the givcrypt() primitive. The kernel will 
>> generate the IV in software and then call your encrypt() primitive.
>>
>> Thanks,
>> Dennis.
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>> the body of a message to majord...@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 0/8] crypto: caam - add support for LS1043A SoC

[Horia Geantă]

v3:
-DT maintainers - please ack patch 8/8 "arm64: dts: ls1043a: add crypto node"
(to go into kernel 4.8 via crypto tree)
-Fixed typo in pdb.h: s/be32/__be32
-Appended Acks (from v2) into commit messages
-Tested that current patch set works on top of RSA support being added by
Tudor Ambarus:
[PATCH v6 0/3] crypto: caam - add support for RSA algorithm
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg19085.html

v2:
As suggested by Arnd, patch 1 fixes io{read,write}{16,32}be accessors
to prevent the case when {read,write}{w,l} are overriden by arch-specific
ones having barriers, while the BE accessors previously mentioned are not
(thus behaving differently, having no barriers).

Hi,

[Patches 2-4 add io{read,write}64[be] accessors (generic, arm64, ppc64),
such that CAAM's accessors in regs.h are simplified a bit.
Patch 8 adds crypto node for LS1043A platform.
Let me know if it's ok to go with these through the cryptodev-2.6 tree.]

This is a follow-up on the following RFC patch set:
crypto: caam - Revamp I/O accessors
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg15878.html

There are platforms such as LS1043A (or LS1012A) where core endianness
does not match CAAM/SEC endianness (LE vs. BE).
Add support in caam driver for these cases.

Current patch set detects device endianness at runtime (as opposed to
compile-time endianness), in order to support multiplatform kernels.
Detection of device endianness is not device-tree based.
Instead, SSTA ("SEC STAtus") register has a property such that
reading it in any endianness and masking it properly, it's possible
to deduce device endianness.

The performance drop due to the runtime detection is < 1.0%.
(An alternative implementation using function pointers has been tried,
but lead to a bigger performance drop.)

Thanks,
Horia

Cristian Stoica (1):
  crypto: caam - fix offset field in hw sg entries

Horia Geantă (7):
  asm-generic/io.h: allow barriers in io{read,write}{16,32}be
  asm-generic/io.h: add io{read,write}64 accessors
  arm64: add io{read,write}64be accessors
  powerpc: add io{read,write}64 accessors
  crypto: caam - handle core endianness != caam endianness
  crypto: caam - add ARCH_LAYERSCAPE to supported architectures
  arm64: dts: ls1043a: add crypto node

 arch/arm64/boot/dts/freescale/fsl-ls1043a-rdb.dts |   4 +
 arch/arm64/boot/dts/freescale/fsl-ls1043a.dtsi|  43 ++
 arch/arm64/include/asm/io.h   |   4 +-
 arch/powerpc/kernel/iomap.c   |  24 
 drivers/crypto/caam/Kconfig   |   6 +-
 drivers/crypto/caam/caamhash.c|   5 +-
 drivers/crypto/caam/ctrl.c| 125 +++---
 drivers/crypto/caam/desc.h|   9 +-
 drivers/crypto/caam/desc_constr.h |  44 ---
 drivers/crypto/caam/jr.c  |  22 ++--
 drivers/crypto/caam/pdb.h | 137 +++-
 drivers/crypto/caam/regs.h| 151 +++---
 drivers/crypto/caam/sg_sw_sec4.h  |  17 +--
 include/asm-generic/io.h  |  71 +-
 include/asm-generic/iomap.h   |   8 ++
 15 files changed, 494 insertions(+), 176 deletions(-)

-- 
2.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 7/8] crypto: caam - add ARCH_LAYERSCAPE to supported architectures

[Horia Geantă]

This basically adds support for ls1043a platform.

Signed-off-by: Horia Geantă 
---
 drivers/crypto/caam/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/caam/Kconfig b/drivers/crypto/caam/Kconfig
index d2c2909a4020..ff54c42e6e51 100644
--- a/drivers/crypto/caam/Kconfig
+++ b/drivers/crypto/caam/Kconfig
@@ -1,6 +1,6 @@
 config CRYPTO_DEV_FSL_CAAM
tristate "Freescale CAAM-Multicore driver backend"
-   depends on FSL_SOC || ARCH_MXC
+   depends on FSL_SOC || ARCH_MXC || ARCH_LAYERSCAPE
help
  Enables the driver module for Freescale's Cryptographic Accelerator
  and Assurance Module (CAAM), also known as the SEC version 4 (SEC4).
-- 
2.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 4/8] powerpc: add io{read,write}64 accessors

[Horia Geantă]

This will allow device drivers to consistently use io{read,write}XX
also for 64-bit accesses.

Acked-by: Michael Ellerman 
Signed-off-by: Horia Geantă 
---
 arch/powerpc/kernel/iomap.c | 24 
 1 file changed, 24 insertions(+)

diff --git a/arch/powerpc/kernel/iomap.c b/arch/powerpc/kernel/iomap.c
index 12e48d56f771..3963f0b68d52 100644
--- a/arch/powerpc/kernel/iomap.c
+++ b/arch/powerpc/kernel/iomap.c
@@ -38,6 +38,18 @@ EXPORT_SYMBOL(ioread16);
 EXPORT_SYMBOL(ioread16be);
 EXPORT_SYMBOL(ioread32);
 EXPORT_SYMBOL(ioread32be);
+#ifdef __powerpc64__
+u64 ioread64(void __iomem *addr)
+{
+   return readq(addr);
+}
+u64 ioread64be(void __iomem *addr)
+{
+   return readq_be(addr);
+}
+EXPORT_SYMBOL(ioread64);
+EXPORT_SYMBOL(ioread64be);
+#endif /* __powerpc64__ */
 
 void iowrite8(u8 val, void __iomem *addr)
 {
@@ -64,6 +76,18 @@ EXPORT_SYMBOL(iowrite16);
 EXPORT_SYMBOL(iowrite16be);
 EXPORT_SYMBOL(iowrite32);
 EXPORT_SYMBOL(iowrite32be);
+#ifdef __powerpc64__
+void iowrite64(u64 val, void __iomem *addr)
+{
+   writeq(val, addr);
+}
+void iowrite64be(u64 val, void __iomem *addr)
+{
+   writeq_be(val, addr);
+}
+EXPORT_SYMBOL(iowrite64);
+EXPORT_SYMBOL(iowrite64be);
+#endif /* __powerpc64__ */
 
 /*
  * These are the "repeat read/write" functions. Note the
-- 
2.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 5/8] crypto: caam - fix offset field in hw sg entries

[Horia Geantă]

From: Cristian Stoica 

The offset field is 13 bits wide; make sure we don't overwrite more than
that in the caam hardware scatter gather structure.

Signed-off-by: Cristian Stoica 
Signed-off-by: Horia Geantă 
---
 drivers/crypto/caam/desc.h   | 2 +-
 drivers/crypto/caam/sg_sw_sec4.h | 8 
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/caam/desc.h b/drivers/crypto/caam/desc.h
index 1e93c6af2275..fe30ff69088c 100644
--- a/drivers/crypto/caam/desc.h
+++ b/drivers/crypto/caam/desc.h
@@ -20,7 +20,7 @@
 #define SEC4_SG_BPID_MASK  0x00ff
 #define SEC4_SG_BPID_SHIFT 16
 #define SEC4_SG_LEN_MASK   0x3fff  /* Excludes EXT and FINAL */
-#define SEC4_SG_OFFS_MASK  0x1fff
+#define SEC4_SG_OFFSET_MASK0x1fff
 
 struct sec4_sg_entry {
 #ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_IMX
diff --git a/drivers/crypto/caam/sg_sw_sec4.h b/drivers/crypto/caam/sg_sw_sec4.h
index 12ec6616e89d..2311341b7356 100644
--- a/drivers/crypto/caam/sg_sw_sec4.h
+++ b/drivers/crypto/caam/sg_sw_sec4.h
@@ -11,12 +11,12 @@ struct sec4_sg_entry;
  * convert single dma address to h/w link table format
  */
 static inline void dma_to_sec4_sg_one(struct sec4_sg_entry *sec4_sg_ptr,
- dma_addr_t dma, u32 len, u32 offset)
+ dma_addr_t dma, u32 len, u16 offset)
 {
sec4_sg_ptr->ptr = dma;
sec4_sg_ptr->len = len;
sec4_sg_ptr->buf_pool_id = 0;
-   sec4_sg_ptr->offset = offset;
+   sec4_sg_ptr->offset = offset & SEC4_SG_OFFSET_MASK;
 #ifdef DEBUG
print_hex_dump(KERN_ERR, "sec4_sg_ptr@: ",
   DUMP_PREFIX_ADDRESS, 16, 4, sec4_sg_ptr,
@@ -30,7 +30,7 @@ static inline void dma_to_sec4_sg_one(struct sec4_sg_entry 
*sec4_sg_ptr,
  */
 static inline struct sec4_sg_entry *
 sg_to_sec4_sg(struct scatterlist *sg, int sg_count,
- struct sec4_sg_entry *sec4_sg_ptr, u32 offset)
+ struct sec4_sg_entry *sec4_sg_ptr, u16 offset)
 {
while (sg_count) {
dma_to_sec4_sg_one(sec4_sg_ptr, sg_dma_address(sg),
@@ -48,7 +48,7 @@ sg_to_sec4_sg(struct scatterlist *sg, int sg_count,
  */
 static inline void sg_to_sec4_sg_last(struct scatterlist *sg, int sg_count,
  struct sec4_sg_entry *sec4_sg_ptr,
- u32 offset)
+ u16 offset)
 {
sec4_sg_ptr = sg_to_sec4_sg(sg, sg_count, sec4_sg_ptr, offset);
sec4_sg_ptr->len |= SEC4_SG_LEN_FIN;
-- 
2.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 8/8] arm64: dts: ls1043a: add crypto node

[Horia Geantă]

LS1043A has a SEC v5.4 security engine.
For now don't add rtic or sec_mon subnodes, since these features
haven't been tested yet.

Signed-off-by: Horia Geantă 
---

To go into kernel 4.8 via crypto tree.

 arch/arm64/boot/dts/freescale/fsl-ls1043a-rdb.dts |  4 +++
 arch/arm64/boot/dts/freescale/fsl-ls1043a.dtsi| 43 +++
 2 files changed, 47 insertions(+)

diff --git a/arch/arm64/boot/dts/freescale/fsl-ls1043a-rdb.dts 
b/arch/arm64/boot/dts/freescale/fsl-ls1043a-rdb.dts
index ce235577e90f..9b5b75a4f02a 100644
--- a/arch/arm64/boot/dts/freescale/fsl-ls1043a-rdb.dts
+++ b/arch/arm64/boot/dts/freescale/fsl-ls1043a-rdb.dts
@@ -49,6 +49,10 @@
 
 / {
model = "LS1043A RDB Board";
+
+   aliases {
+   crypto = 
+   };
 };
 
  {
diff --git a/arch/arm64/boot/dts/freescale/fsl-ls1043a.dtsi 
b/arch/arm64/boot/dts/freescale/fsl-ls1043a.dtsi
index be72bf5b58b5..529c198494d5 100644
--- a/arch/arm64/boot/dts/freescale/fsl-ls1043a.dtsi
+++ b/arch/arm64/boot/dts/freescale/fsl-ls1043a.dtsi
@@ -159,6 +159,49 @@
big-endian;
};
 
+   crypto: crypto@170 {
+   compatible = "fsl,sec-v5.4", "fsl,sec-v5.0",
+"fsl,sec-v4.0";
+   fsl,sec-era = <3>;
+   #address-cells = <1>;
+   #size-cells = <1>;
+   ranges = <0x0 0x00 0x170 0x10>;
+   reg = <0x00 0x170 0x0 0x10>;
+   interrupts = <0 75 0x4>;
+
+   sec_jr0: jr@1 {
+   compatible = "fsl,sec-v5.4-job-ring",
+"fsl,sec-v5.0-job-ring",
+"fsl,sec-v4.0-job-ring";
+   reg= <0x1 0x1>;
+   interrupts = <0 71 0x4>;
+   };
+
+   sec_jr1: jr@2 {
+   compatible = "fsl,sec-v5.4-job-ring",
+"fsl,sec-v5.0-job-ring",
+"fsl,sec-v4.0-job-ring";
+   reg= <0x2 0x1>;
+   interrupts = <0 72 0x4>;
+   };
+
+   sec_jr2: jr@3 {
+   compatible = "fsl,sec-v5.4-job-ring",
+"fsl,sec-v5.0-job-ring",
+"fsl,sec-v4.0-job-ring";
+   reg= <0x3 0x1>;
+   interrupts = <0 73 0x4>;
+   };
+
+   sec_jr3: jr@4 {
+   compatible = "fsl,sec-v5.4-job-ring",
+"fsl,sec-v5.0-job-ring",
+"fsl,sec-v4.0-job-ring";
+   reg= <0x4 0x1>;
+   interrupts = <0 74 0x4>;
+   };
+   };
+
dcfg: dcfg@1ee {
compatible = "fsl,ls1043a-dcfg", "syscon";
reg = <0x0 0x1ee 0x0 0x1>;
-- 
2.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v6 0/3] crypto: caam - add support for RSA algorithm

[Tudor Ambarus]

Depends on:
[PATCH v2] crypto: rsa - return raw integers for the ASN.1 parser

Changes in v6:
- write descriptor PDB fields with inline append
- move Protocol Data Block (pdb) structures to pdb.h
- move setting of PDB fields in new functions
- unmap sec4_sg_dma on done callback
- remove redundant clean code on error path
- fix doc typos

Changes in v5:
- sync with ASN.1 parser

Changes in v4:
- sync with ASN.1 parser

Changes in v3:
- sync with ASN.1 parser

Changes in v2:
- fix memory leaks on error path
- rename struct akcipher_alg rsa to caam_rsa


Tudor Ambarus (3):
  crypto: scatterwak - Add scatterwalk_sg_copychunks
  crypto: scatterwalk - export scatterwalk_pagedone
  crypto: caam - add support for RSA algorithm

 crypto/scatterwalk.c  |  31 ++-
 drivers/crypto/caam/Kconfig   |  12 +
 drivers/crypto/caam/Makefile  |   4 +
 drivers/crypto/caam/caampkc.c | 569 ++
 drivers/crypto/caam/caampkc.h |  56 
 drivers/crypto/caam/desc.h|   2 +
 drivers/crypto/caam/desc_constr.h |   7 +
 drivers/crypto/caam/pdb.h |  51 +++-
 drivers/crypto/caam/pkc_desc.c|  35 +++
 include/crypto/scatterwalk.h  |   4 +
 10 files changed, 768 insertions(+), 3 deletions(-)
 create mode 100644 drivers/crypto/caam/caampkc.c
 create mode 100644 drivers/crypto/caam/caampkc.h
 create mode 100644 drivers/crypto/caam/pkc_desc.c

-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v6 2/3] crypto: scatterwalk - export scatterwalk_pagedone

[Tudor Ambarus]

Used in caam driver. Export the symbol since the caam driver
can be built as a module.

Signed-off-by: Tudor Ambarus 
---
 crypto/scatterwalk.c | 5 +++--
 include/crypto/scatterwalk.h | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
index bc3222d..03d34f9 100644
--- a/crypto/scatterwalk.c
+++ b/crypto/scatterwalk.c
@@ -47,8 +47,8 @@ void *scatterwalk_map(struct scatter_walk *walk)
 }
 EXPORT_SYMBOL_GPL(scatterwalk_map);
 
-static void scatterwalk_pagedone(struct scatter_walk *walk, int out,
-unsigned int more)
+void scatterwalk_pagedone(struct scatter_walk *walk, int out,
+ unsigned int more)
 {
if (out) {
struct page *page;
@@ -69,6 +69,7 @@ static void scatterwalk_pagedone(struct scatter_walk *walk, 
int out,
scatterwalk_start(walk, sg_next(walk->sg));
}
 }
+EXPORT_SYMBOL_GPL(scatterwalk_pagedone);
 
 void scatterwalk_done(struct scatter_walk *walk, int out, int more)
 {
diff --git a/include/crypto/scatterwalk.h b/include/crypto/scatterwalk.h
index 8b799c5..6535a20 100644
--- a/include/crypto/scatterwalk.h
+++ b/include/crypto/scatterwalk.h
@@ -89,6 +89,8 @@ void scatterwalk_copychunks(void *buf, struct scatter_walk 
*walk,
 void scatterwalk_sg_copychunks(struct scatter_walk *dest,
   struct scatter_walk *src, size_t nbytes);
 void *scatterwalk_map(struct scatter_walk *walk);
+void scatterwalk_pagedone(struct scatter_walk *walk, int out,
+ unsigned int more);
 void scatterwalk_done(struct scatter_walk *walk, int out, int more);
 
 void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg,
-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v6 1/3] crypto: scatterwak - Add scatterwalk_sg_copychunks

[Tudor Ambarus]

This patch adds the function scatterwalk_sg_copychunks which writes
a chunk of data from a scatterwalk to another scatterwalk.
It will be used by caam driver to remove the leading zeros
for the output data of the RSA algorithm, after the computation completes.

Signed-off-by: Tudor Ambarus 
---
 crypto/scatterwalk.c | 26 ++
 include/crypto/scatterwalk.h |  2 ++
 2 files changed, 28 insertions(+)

diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
index ea5815c..bc3222d 100644
--- a/crypto/scatterwalk.c
+++ b/crypto/scatterwalk.c
@@ -125,6 +125,32 @@ void scatterwalk_map_and_copy(void *buf, struct 
scatterlist *sg,
 }
 EXPORT_SYMBOL_GPL(scatterwalk_map_and_copy);
 
+void scatterwalk_sg_copychunks(struct scatter_walk *dest,
+  struct scatter_walk *src, size_t nbytes)
+{
+   for (;;) {
+   unsigned int len_this_page = scatterwalk_pagelen(dest);
+   u8 *vaddr;
+
+   if (len_this_page > nbytes)
+   len_this_page = nbytes;
+
+   vaddr = scatterwalk_map(dest);
+   scatterwalk_copychunks(vaddr, src, len_this_page, 0);
+   scatterwalk_unmap(vaddr);
+
+   scatterwalk_advance(dest, len_this_page);
+
+   if (nbytes == len_this_page)
+   break;
+
+   nbytes -= len_this_page;
+
+   scatterwalk_pagedone(dest, 0, 1);
+   }
+}
+EXPORT_SYMBOL_GPL(scatterwalk_sg_copychunks);
+
 int scatterwalk_bytes_sglen(struct scatterlist *sg, int num_bytes)
 {
int offset = 0, n = 0;
diff --git a/include/crypto/scatterwalk.h b/include/crypto/scatterwalk.h
index 35f99b6..8b799c5 100644
--- a/include/crypto/scatterwalk.h
+++ b/include/crypto/scatterwalk.h
@@ -86,6 +86,8 @@ static inline void scatterwalk_unmap(void *vaddr)
 void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg);
 void scatterwalk_copychunks(void *buf, struct scatter_walk *walk,
size_t nbytes, int out);
+void scatterwalk_sg_copychunks(struct scatter_walk *dest,
+  struct scatter_walk *src, size_t nbytes);
 void *scatterwalk_map(struct scatter_walk *walk);
 void scatterwalk_done(struct scatter_walk *walk, int out, int more);
 
-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 1/8] asm-generic/io.h: allow barriers in io{read,write}{16,32}be

[Horia Geantă]

While reviewing the addition of io{read,write}64be accessors, Arnd

-finds a potential problem:
"If an architecture overrides readq/writeq to have barriers but does
not override ioread64be/iowrite64be, this will lack the barriers and
behave differently from the little-endian version. I think the only
affected architecture is ARC, since ARM and ARM64 both override the
big-endian accessors to have the correct barriers, and all others
don't use barriers at all."

-suggests a fix for the same problem in existing code (16/32-bit
accessors); the fix leads "to a double-swap on architectures that
don't override the io{read,write}{16,32}be accessors, but it will
work correctly on all architectures without them having to override
these accessors."

Suggested-by: Arnd Bergmann 
Acked-by: Arnd Bergmann 
Signed-off-by: Horia Geantă 
---
 include/asm-generic/io.h | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/asm-generic/io.h b/include/asm-generic/io.h
index eed3bbe88c8a..b79fb2c248a1 100644
--- a/include/asm-generic/io.h
+++ b/include/asm-generic/io.h
@@ -613,7 +613,7 @@ static inline void iowrite32(u32 value, volatile void 
__iomem *addr)
 #define ioread16be ioread16be
 static inline u16 ioread16be(const volatile void __iomem *addr)
 {
-   return __be16_to_cpu(__raw_readw(addr));
+   return swab16(readw(addr));
 }
 #endif
 
@@ -621,7 +621,7 @@ static inline u16 ioread16be(const volatile void __iomem 
*addr)
 #define ioread32be ioread32be
 static inline u32 ioread32be(const volatile void __iomem *addr)
 {
-   return __be32_to_cpu(__raw_readl(addr));
+   return swab32(readl(addr));
 }
 #endif
 
@@ -629,7 +629,7 @@ static inline u32 ioread32be(const volatile void __iomem 
*addr)
 #define iowrite16be iowrite16be
 static inline void iowrite16be(u16 value, void volatile __iomem *addr)
 {
-   __raw_writew(__cpu_to_be16(value), addr);
+   writew(swab16(value), addr);
 }
 #endif
 
@@ -637,7 +637,7 @@ static inline void iowrite16be(u16 value, void volatile 
__iomem *addr)
 #define iowrite32be iowrite32be
 static inline void iowrite32be(u32 value, volatile void __iomem *addr)
 {
-   __raw_writel(__cpu_to_be32(value), addr);
+   writel(swab32(value), addr);
 }
 #endif
 
-- 
2.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2] crypto: public_key: select CRYPTO_AKCIPHER

[Herbert Xu]

On Wed, May 18, 2016 at 04:55:56PM +0200, Arnd Bergmann wrote:
> In some rare randconfig builds, we can end up with
> ASYMMETRIC_PUBLIC_KEY_SUBTYPE enabled but CRYPTO_AKCIPHER disabled,
> which fails to link because of the reference to crypto_alloc_akcipher:
> 
> crypto/built-in.o: In function `public_key_verify_signature':
> :(.text+0x110e4): undefined reference to `crypto_alloc_akcipher'
> 
> This adds a Kconfig 'select' statement to ensure the dependency
> is always there.
> 
> Signed-off-by: Arnd Bergmann 

Patch applied.  Thanks!
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v6 3/3] crypto: caam - add support for RSA algorithm

[Tudor Ambarus]

Add RSA support to caam driver.

Coauthored-by: Yashpal Dutta 

Signed-off-by: Tudor Ambarus 
---
 drivers/crypto/caam/Kconfig   |  12 +
 drivers/crypto/caam/Makefile  |   4 +
 drivers/crypto/caam/caampkc.c | 567 ++
 drivers/crypto/caam/caampkc.h |  52 
 drivers/crypto/caam/compat.h  |   3 +
 drivers/crypto/caam/desc.h|   2 +
 drivers/crypto/caam/desc_constr.h |   7 +
 drivers/crypto/caam/pdb.h |  51 +++-
 drivers/crypto/caam/pkc_desc.c|  36 +++
 9 files changed, 733 insertions(+), 1 deletion(-)
 create mode 100644 drivers/crypto/caam/caampkc.c
 create mode 100644 drivers/crypto/caam/caampkc.h
 create mode 100644 drivers/crypto/caam/pkc_desc.c

diff --git a/drivers/crypto/caam/Kconfig b/drivers/crypto/caam/Kconfig
index 5652a53..9ba 100644
--- a/drivers/crypto/caam/Kconfig
+++ b/drivers/crypto/caam/Kconfig
@@ -99,6 +99,18 @@ config CRYPTO_DEV_FSL_CAAM_AHASH_API
  To compile this as a module, choose M here: the module
  will be called caamhash.
 
+config CRYPTO_DEV_FSL_CAAM_PKC_API
+tristate "Register public key cryptography implementations with Crypto 
API"
+depends on CRYPTO_DEV_FSL_CAAM && CRYPTO_DEV_FSL_CAAM_JR
+default y
+select CRYPTO_RSA
+help
+  Selecting this will allow SEC Public key support for RSA.
+  Supported cryptographic primitives: encryption, decryption,
+  signature and verification.
+  To compile this as a module, choose M here: the module
+  will be called caam_pkc.
+
 config CRYPTO_DEV_FSL_CAAM_RNG_API
tristate "Register caam device for hwrng API"
depends on CRYPTO_DEV_FSL_CAAM && CRYPTO_DEV_FSL_CAAM_JR
diff --git a/drivers/crypto/caam/Makefile b/drivers/crypto/caam/Makefile
index 550758a..399ad55 100644
--- a/drivers/crypto/caam/Makefile
+++ b/drivers/crypto/caam/Makefile
@@ -5,11 +5,15 @@ ifeq ($(CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG), y)
EXTRA_CFLAGS := -DDEBUG
 endif
 
+ccflags-y += -I$(srctree)/crypto
+
 obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM) += caam.o
 obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_JR) += caam_jr.o
 obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API) += caamalg.o
 obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API) += caamhash.o
 obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API) += caamrng.o
+obj-$(CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API) += caam_pkc.o
 
 caam-objs := ctrl.o
 caam_jr-objs := jr.o key_gen.o error.o
+caam_pkc-y := caampkc.o pkc_desc.o
diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
new file mode 100644
index 000..2fa9f9f
--- /dev/null
+++ b/drivers/crypto/caam/caampkc.c
@@ -0,0 +1,567 @@
+/*
+ * caam - Freescale FSL CAAM support for Public Key Cryptography
+ *
+ * Copyright 2016 Freescale Semiconductor, Inc.
+ *
+ * There is no Shared Descriptor for PKC so that the Job Descriptor must carry
+ * all the desired key parameters, input and output pointers.
+ */
+#include "compat.h"
+#include "regs.h"
+#include "intern.h"
+#include "jr.h"
+#include "error.h"
+#include "desc_constr.h"
+#include "sg_sw_sec4.h"
+#include "caampkc.h"
+#include "rsapubkey-asn1.h"
+#include "rsaprivkey-asn1.h"
+
+#define DESC_RSA_PUB_LEN   (2 * CAAM_CMD_SZ + sizeof(struct rsa_pub_pdb))
+#define DESC_RSA_PRIV_F1_LEN   (2 * CAAM_CMD_SZ + \
+sizeof(struct rsa_priv_f1_pdb))
+
+static void rsa_io_unmap(struct device *dev, struct rsa_edesc *edesc,
+struct akcipher_request *req)
+{
+   dma_unmap_sg(dev, req->dst, edesc->dst_nents, DMA_FROM_DEVICE);
+   dma_unmap_sg(dev, req->src, edesc->src_nents, DMA_TO_DEVICE);
+
+   if (edesc->sec4_sg_bytes)
+   dma_unmap_single(dev, edesc->sec4_sg_dma, edesc->sec4_sg_bytes,
+DMA_TO_DEVICE);
+}
+
+static void rsa_pub_unmap(struct device *dev, struct rsa_edesc *edesc,
+ struct akcipher_request *req)
+{
+   struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
+   struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+   struct rsa_key *key = >key;
+   struct rsa_pub_pdb *pdb = >pdb.pub;
+
+   dma_unmap_single(dev, pdb->n_dma, key->n_sz, DMA_TO_DEVICE);
+   dma_unmap_single(dev, pdb->e_dma, key->e_sz, DMA_TO_DEVICE);
+}
+
+static void rsa_priv_f1_unmap(struct device *dev, struct rsa_edesc *edesc,
+ struct akcipher_request *req)
+{
+   struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
+   struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+   struct rsa_key *key = >key;
+   struct rsa_priv_f1_pdb *pdb = >pdb.priv_f1;
+
+   dma_unmap_single(dev, pdb->n_dma, key->n_sz, DMA_TO_DEVICE);
+   dma_unmap_single(dev, pdb->d_dma, key->n_sz, DMA_TO_DEVICE);
+}
+
+static size_t skip_to_nonzero(u8 *ptr, size_t nbytes)
+{
+   size_t nr_zeros = 0;
+
+   while (!(*ptr) && nbytes) {
+   

Re: [PATCH v6 0/3] crypto: caam - add support for RSA algorithm

[Horia Ioan Geanta Neag]

On 5/19/2016 3:15 PM, Tudor Ambarus wrote:
> Depends on:
> [PATCH v2] crypto: rsa - return raw integers for the ASN.1 parser
> 
> Changes in v6:
> - write descriptor PDB fields with inline append
> - move Protocol Data Block (pdb) structures to pdb.h
> - move setting of PDB fields in new functions
> - unmap sec4_sg_dma on done callback
> - remove redundant clean code on error path
> - fix doc typos
> 
> Changes in v5:
> - sync with ASN.1 parser
> 
> Changes in v4:
> - sync with ASN.1 parser
> 
> Changes in v3:
> - sync with ASN.1 parser
> 
> Changes in v2:
> - fix memory leaks on error path
> - rename struct akcipher_alg rsa to caam_rsa
> 
> 
> Tudor Ambarus (3):
>   crypto: scatterwak - Add scatterwalk_sg_copychunks
>   crypto: scatterwalk - export scatterwalk_pagedone
>   crypto: caam - add support for RSA algorithm
> 
>  crypto/scatterwalk.c  |  31 ++-
>  drivers/crypto/caam/Kconfig   |  12 +
>  drivers/crypto/caam/Makefile  |   4 +
>  drivers/crypto/caam/caampkc.c | 569 
> ++
>  drivers/crypto/caam/caampkc.h |  56 
>  drivers/crypto/caam/desc.h|   2 +
>  drivers/crypto/caam/desc_constr.h |   7 +
>  drivers/crypto/caam/pdb.h |  51 +++-
>  drivers/crypto/caam/pkc_desc.c|  35 +++
>  include/crypto/scatterwalk.h  |   4 +
>  10 files changed, 768 insertions(+), 3 deletions(-)
>  create mode 100644 drivers/crypto/caam/caampkc.c
>  create mode 100644 drivers/crypto/caam/caampkc.h
>  create mode 100644 drivers/crypto/caam/pkc_desc.c
> 
Checked that when adding on top the patch set from here:
[PATCH v3 0/8] crypto: caam - add support for LS1043A SoC
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg19096.html

RSA works on LS1043A, so

Tested-by: Horia Geantă 

Horia

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v6 3/3] crypto: caam - add support for RSA algorithm

[Horia Ioan Geanta Neag]

On 5/19/2016 3:15 PM, Tudor Ambarus wrote:
> Add RSA support to caam driver.
> 
> Coauthored-by: Yashpal Dutta 
> 
> Signed-off-by: Tudor Ambarus 

Reviewed-by: Horia Geantă 

Horia

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html