[PATCH 12/13] crypto: inside-secure - increase the batch size

Increase the batch size to the maximum number of requests a ring can handle at a time (its size). This is possible now that the request queues are per hw ring. This improves performances. Signed-off-by: Antoine Tenart ---

[PATCH 00/13] crypto: inside-secure - various improvements

Hi Herbert, This series improves the newly added inside-secure driver in various ways. There are also a few non-critical fixes. The series is based on top of your cryptodev/master branch, as it depends on the inside-secure driver addition ("crypto: inside-secure - add SafeXcel EIP197 crypto

[PATCH 04/13] crypto: inside-secure - enable single WR in DSE configuration

From: Igal Liberman When enable_single_wr is not enabled, the DSE will only write those parts of a result descriptor that need updating, which means a final result descriptor will be written in 2 or 3 smaller transfers. When enable_single_wr is enabled the DSE will combine

[PATCH 08/13] crypto: inside-secure - use one queue per hw ring

Update the inside-secure safexcel driver from using one global queue to one queue per hw ring. This ease the request management and keep the hw in sync with what's done in sw. Signed-off-by: Antoine Tenart --- drivers/crypto/inside-secure/safexcel.c|

[PATCH 09/13] crypto: inside-secure - stop requeueing failed requests

This update the dequeue function of the inside-secure safexcel driver so that failed requests aren't requeued when they fail (for whatever reason, which can be because the hw ring is full). Signed-off-by: Antoine Tenart ---

[PATCH 01/13] crypto: inside-secure - use hmac ipad/opad constants

Replace the hmac ipad/opad values by their defined constants. Signed-off-by: Antoine Tenart --- drivers/crypto/inside-secure/safexcel_hash.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/inside-secure/safexcel_hash.c

pkcs1pad and RSA e

Hi, during the preparation of the self-test patch for pkcs1pad, I noticed the following strange behavior: I set an RSA private key with e=0x10001 to generate a signature. This generation process was successful and the expected signature was generated. Now, when using the very same TFM with

[PATCH 7/9] MAINTAINERS:Add maintainer for chelsio crypto driver

Add myself as maintainer for chcr. Signed-off-by: Harsh Jain --- MAINTAINERS | 7 +++ 1 file changed, 7 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 1f20176..504dc65 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3706,6 +3706,13 @@ S: Supported F:

[PATCH 5/9] crypto:chcr - Add ctr mode and process large sg entries for cipher

It send multiple WRs to H/W to handle large sg lists. Adds ctr(aes) and rfc(ctr(aes)) modes. Signed-off-by: Harsh Jain --- drivers/crypto/chelsio/chcr_algo.c | 786 --- drivers/crypto/chelsio/chcr_algo.h | 26 +-

[PATCH 9/9] crypto: chcr - Select device in Round Robin fashion

When multiple devices are present in system select device in round-robin fashion for crypto operations Signed-off-by: Atul Gupta Reviewed-by: Ganesh Goudar --- drivers/crypto/chelsio/chcr_algo.c | 8 ++--

[PATCH 8/9] crypto: chcr - Ensure Destination sg entry size less than 2k

Allocate new sg list in case received destination sg list has entry greater that 2k. Signed-off-by: Harsh Jain --- drivers/crypto/chelsio/chcr_algo.c | 153 +++ drivers/crypto/chelsio/chcr_crypto.h | 6 ++ 2 files changed, 142

[PATCH 6/9] chcr - Add debug counters

Count types of operation done by HW. Signed-off-by: Harsh Jain --- drivers/crypto/chelsio/chcr_algo.c | 16 +- drivers/crypto/chelsio/chcr_core.c | 2 ++ drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 1 +

[PATCH 4/9] crypto: chcr - Avoid changing request structure

Do not update assoclen received in aead_request. Signed-off-by: Harsh Jain --- drivers/crypto/chelsio/chcr_algo.c | 37 ++--- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c

[PATCH 1/9] crypto: chcr - Pass lcb bit setting to firmware

GCM and CBC mode of operation requires Last Cipher Block. This patch set lcb bit in WR header when required. Signed-off-by: Harsh Jain --- drivers/crypto/chelsio/chcr_algo.c | 18 +++--- drivers/crypto/chelsio/chcr_algo.h | 4 ++-- 2 files changed, 13

[PATCH 2/9] crypto: chcr - Fix fallback key setting

Set key of fallback tfm for rfc4309. Signed-off-by: Harsh Jain --- drivers/crypto/chelsio/chcr_algo.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index

[PATCH 3/9] crypto: chcr - Return correct error code

Return correct error instead of EINVAL. Signed-off-by: Harsh Jain --- drivers/crypto/chelsio/chcr_algo.c | 76 +- 1 file changed, 42 insertions(+), 34 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c

[PATCH 0/9] Bug fixes and ctr mode of operation

This series is based on cryptodev2.6 tree and includes bug fix ,ctr(aes), rfc3686(ctr(aes)) algo. Harsh Jain (7): crypto: chcr - Pass lcb bit setting to firmware crypto: chcr - Set fallback key crypto: chcr - Return correct error code crypto: chcr - Avoid changing request structure

[PATCH 07/13] crypto: inside-secure - update the context and request later

This move the context and request updates at the end of the cipher and hash send() functions. This way the context and request fields are set only when everything else was successful in the send() functions. Signed-off-by: Antoine Tenart ---

[PATCH 03/13] crypto: inside-secure - fix incorrect DSE data cache setting

Set the correct value to the DSE data cache, using WR_CACHE_3BITS instead of RD_CACHE_3BITS. This fixes an incorrect setting and helps improving performances. Reported-by: Igal Liberman Signed-off-by: Antoine Tenart ---

[PATCH 11/13] crypto: inside-secure - only dequeue when needed

This force the need_dequeue flag to be unset whenever the dequeue function is called, to avoid calling it when it is not necessary. Signed-off-by: Antoine Tenart --- drivers/crypto/inside-secure/safexcel.c | 6 +++--- 1 file changed, 3 insertions(+), 3

[PATCH 05/13] crypto: inside-secure - optimize DSE bufferability control

From: Igal Liberman Configure the data write bufferability to always buffer packets in the DSE. This change slightly improves performance. Signed-off-by: Igal Liberman Signed-off-by: Antoine Tenart ---

[PATCH] crypto: n2: make of_device_ids const

of_device_ids are not supposed to change at runtime. All functions working with of_device_ids provided by work with const of_device_ids. So mark the non-const structs as const. File size before: textdata bss dec hex filename 20012168 4842171079

Re: [kernel-hardening] Re: [PATCH v4 13/13] random: warn when kernel uses unseeded randomness

Am Donnerstag, 15. Juni 2017, 13:03:48 CEST schrieb Michael Ellerman: Hi Michael, > > Even with this patch, it's still pretty spammy (today's linux-next): > I would think that the issue regarding the logging is relevant for cryptographic use cases or use cases requiring strong random numbers

Re: [kernel-hardening] Re: [PATCH v4 13/13] random: warn when kernel uses unseeded randomness

Theodore Ts'o writes: > On Tue, Jun 06, 2017 at 07:48:04PM +0200, Jason A. Donenfeld wrote: >> This enables an important dmesg notification about when drivers have >> used the crng without it being seeded first. Prior, these errors would >> occur silently, and so there hasn't been

Re: [PATCH v3 net-next 0/4] kernel TLS

From: Dave Watson Date: Wed, 14 Jun 2017 11:36:54 -0700 > This series adds support for kernel TLS encryption over TCP sockets. > A standard TCP socket is converted to a TLS socket using a setsockopt. > Only symmetric crypto is done in the kernel, as well as TLS record >

Re: [PATCH v2 2/6] ima: Simplify policy_func_show.

On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote: > If the func_tokens array uses the same indices as enum ima_hooks, > policy_func_show can be a lot simpler, and the func_* enum becomes > unnecessary. > > Also, if we use the same macro trick used by kernel_read_file_id_str we can >

Re: [PATCH v2 1/6] integrity: Small code improvements

On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote: > These changes are too small to warrant their own patches: > > The keyid and sig_size members of struct signature_v2_hdr are in BE format, > so use a type that makes this assumption explicit. Also, use beXX_to_cpu > instead of

Re: [PATCH v2 3/6] ima: Log the same audit cause whenever a file has no signature

On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote: > If the file doesn't have an xattr, ima_appraise_measurement sets cause to > "missing-hash" while if there's an xattr but it's a digest instead of a > signature it sets cause to "IMA-signature-required". > > Fix it by setting cause

Re: Crypto Fixes for 4.12

From: Linus Torvalds Date: Thu, 15 Jun 2017 18:04:44 +0900 > There's a fair number of SHASH_DESC_ON_STACK users, are all the others > safe for some random reason that just happens to be about code > generation? Did people actually verify that? I looked at the code

Re: [RFC PATCH 0/2] crypto: caam - fix cts(cbc(aes)) with CAAM driver

On 6/2/2017 3:25 PM, David Gstir wrote: > Hi! > > While testing fscrypt's filename encryption, I noticed that the implementation > of cts(cbc(aes)) is broken when the CAAM hardware crypto driver is enabled. > Some digging showed that the refactoring of crypto/cts.c in v4.8 > (commit

Re: Crypto Fixes for 4.12

From: Herbert Xu Date: Thu, 15 Jun 2017 17:42:10 +0800 > On Thu, Jun 15, 2017 at 06:04:44PM +0900, Linus Torvalds wrote: >> There's a fair number of SHASH_DESC_ON_STACK users, are all the others >> safe for some random reason that just happens to be about code >>

Re: [PATCH] crypto: n2: make of_device_ids const

From: Arvind Yadav Date: Thu, 15 Jun 2017 17:28:10 +0530 > of_device_ids are not supposed to change at runtime. All functions > working with of_device_ids provided by work with const > of_device_ids. So mark the non-const structs as const. > > File size before: >