kernel tainted while exporting shash context using af_alg interface

[Harsh Jain]

Hi,


When trying to calculate HMAC(SHA1) with openssl using af-alg engine
kernel crashes.Find below the command used and kernel. I have added
some debug print in logs.

Command used : ./openssl dgst -engine af_alg -sha1 -hmac "key" r.txt
kernel version : 3.17.8

Initial Investigation : In shash_desc structure tfm pointer contains
5a5a5a5a5a5a5a5a(invalid pointer), when it triess to reference export
function pointer it crashes. As per my understanding tfm object should
have pointer of memory bloack allocated in
"crypto_init_shash_ops_async" function

Please give some pointers to debug the issue.Any documentation to
understand the crypto-api code.

Kernel logs:


[ 3190.053499] Harsh : crypto_ahash_export
[ 3190.053499]  crypto_ahash_reqtfm
[ 3190.053500] req->base.tfm  880193478ec8
[ 3190.053500] __crypto_ahash_cast=req->base.tfm  880193478e80
[ 3190.053501] ahash_request_ctx{req} 8800362ebb98
[ 3190.053501] crypto_shash_alg entered
[ 3190.053502] crypto_shash_alg TFM  5a5a5a5a5a5a5a5a
[ 3190.053502] crypto_shash_alg TFM Base 5a5a5a5a5a5a5a62
[ 3190.053507] general protection fault:  [#1] SMP
[ 3190.053509] Modules linked in: coretemp kvm_intel kvm crc32c_intel
iTCO_wdt iTCO_vendor_support ppdev parport_pc parport i2c_i801 lpc_ich
microcode i2c_core serio_raw mfd_core tpm_infineon pcspkr shpchp
ioatdma i7core_edac edac_core dca acpi_cpufreq uinput xfs libcrc32c
exportfs sd_mod sr_mod crc_t10dif crct10dif_common cdrom ata_generic
pata_acpi e1000e ptp ata_piix mptsas scsi_transport_sas mptscsih
mptbase dm_mirror dm_region_hash dm_log dm_mod ipv6 autofs4
[ 3190.053527] CPU: 1 PID: 3043 Comm: openssl Not tainted 3.17.8_harsh #39
[ 3190.053528] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0a   11/28/2012
[ 3190.053529] task: 88019866e2d0 ti: 8800d71e4000 task.ti:
8800d71e4000
[ 3190.053530] RIP: 0010:[]  []
shash_async_export+0x5e/0x90
[ 3190.053533] RSP: 0018:8800d71e7de8  EFLAGS: 00010282
[ 3190.053533] RAX: 002a RBX: 5a5a5a5a5a5a5a5a RCX: 0006
[ 3190.053534] RDX:  RSI: 0246 RDI: 88019fc2c130
[ 3190.053535] RBP: 8800d71e7e00 R08: 0400 R09: 81db9f64
[ 3190.053536] R10: 0ced R11: 0cec R12: 8800362ebb98
[ 3190.053536] R13: 8800d71e7e10 R14: 8800d74bfcc0 R15: 8800362ebb48
[ 3190.053537] FS:  77fe1740() GS:88019fc2()
knlGS:
[ 3190.053538] CS:  0010 DS:  ES:  CR0: 80050033
[ 3190.053539] CR2: 01c3baf8 CR3: daa8b000 CR4: 07e0
[ 3190.053540] Stack:
[ 3190.053540]  8800362eb800 880193478ec8 8800d61b7800
8800d71e7e98
[ 3190.053542]  81295adc 815c3d53 0020
8800d71e7e70
[ 3190.053543]  8800d71e7e30 811b5fab 880193478ec8
81ad4cd0
[ 3190.053545] Call Trace:
[ 3190.053547]  [] hash_accept+0x13c/0x250
[ 3190.053548]  [] ? printk+0x54/0x56
[ 3190.053549]  [] ? alloc_file+0x1b/0xc0
[ 3190.053550]  [] ? hash_accept+0x85/0x250
[ 3190.053552]  [] SYSC_accept4+0xf4/0x200
[ 3190.053553]  [] ? vfs_write+0x15c/0x1f0
[ 3190.053555]  [] SyS_accept+0x10/0x20
[ 3190.053556]  [] system_call_fastpath+0x16/0x1b
[ 3190.053557] Code: 81 31 c0 e8 54 01 35 00 48 c7 c7 6e 61 82 81 31
c0 48 89 de e8 43 01 35 00 48 8d 73 08 48 c7 c7 e8 bd 82 81 31 c0 e8
31 01 35 00 <48> 8b 73 58 48 c7 c7 08 be 82 81 31 c0 e8 1f 01 35 00 48
8b 43
[ 3190.053575] RIP  [] shash_async_export+0x5e/0x90
[ 3190.053577]  RSP 
[ 3190.053578] ---[ end trace d9701f2848d12eb5 ]---
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: kernel tainted while exporting shash context using af_alg interface

[Harsh Jain]

Hi Stephan,

I tried 1 more patch. This time result is correct. Find attached patch
file. Is there any side effect of this patch.


Regards
Harsh Jain

On Mon, Oct 26, 2015 at 11:49 AM, Harsh Jain <harshjain.p...@gmail.com> wrote:
> Hi Stephan,
>
> I also tried test program in libkcapi and it works. libkcapi opens
> socket of type "hmac(sha1)" .Openssl opens multiple "sha1" type socket
> and uses the partial results to calculate hmac.
>
>  "crypto_ahash_init()" function initialises the *tfm variable in
> crypto_shash structure.It gets called when user calls write() system
> call. To give a try I updated the hash_accept() function and re-run.
> This time kernel didn't crashed but result calculated is wrong.
>
> How accept() sys call decide weather to call alg_accept() or hash_accept()?
>
> Find attached patch and strace.Right now af_alg code is not accessible
> to me. I will share it tomorrow.
>
>
>
> Thanks and Regards
> Harsh jain
>
> On Sun, Oct 25, 2015 at 5:28 PM, Stephan Mueller <smuel...@chronox.de> wrote:
>> Am Sonntag, 25. Oktober 2015, 11:56:27 schrieb Harsh Jain:
>>
>> Hi Harsh,
>>
>>>Hi,
>>>
>>>
>>>When trying to calculate HMAC(SHA1) with openssl using af-alg engine
>>>kernel crashes.Find below the command used and kernel. I have added
>>>some debug print in logs.
>>>
>>>Command used : ./openssl dgst -engine af_alg -sha1 -hmac "key" r.txt
>>>kernel version : 3.17.8
>>>
>>>Initial Investigation : In shash_desc structure tfm pointer contains
>>>5a5a5a5a5a5a5a5a(invalid pointer), when it triess to reference export
>>>function pointer it crashes. As per my understanding tfm object should
>>>have pointer of memory bloack allocated in
>>>"crypto_init_shash_ops_async" function
>>>
>>>Please give some pointers to debug the issue.Any documentation to
>>>understand the crypto-api code.
>>
>> May I ask you to send 2 things: the source code of the OpenSSL af_alg engine
>> that you use (IIRC it is not included upstream, I want to be sure I used the
>> right one).
>>
>> Further, can you attach an strace of the aforementioned command?
>>
>> Note, I am playing and abusing the AF_ALG interface for quite some time with
>> [1] but I did not come across any issues like the one you describe here.
>>
>> [1] http://www.chronox.de/libkcapi.html
>>
>> Ciao
>> Stephan


algif_hash_2.patch
Description: Binary data

Re: kernel tainted while exporting shash context using af_alg interface

[Harsh Jain]

Hi Stephan,

I also tried test program in libkcapi and it works. libkcapi opens
socket of type "hmac(sha1)" .Openssl opens multiple "sha1" type socket
and uses the partial results to calculate hmac.

 "crypto_ahash_init()" function initialises the *tfm variable in
crypto_shash structure.It gets called when user calls write() system
call. To give a try I updated the hash_accept() function and re-run.
This time kernel didn't crashed but result calculated is wrong.

How accept() sys call decide weather to call alg_accept() or hash_accept()?

Find attached patch and strace.Right now af_alg code is not accessible
to me. I will share it tomorrow.



Thanks and Regards
Harsh jain

On Sun, Oct 25, 2015 at 5:28 PM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Sonntag, 25. Oktober 2015, 11:56:27 schrieb Harsh Jain:
>
> Hi Harsh,
>
>>Hi,
>>
>>
>>When trying to calculate HMAC(SHA1) with openssl using af-alg engine
>>kernel crashes.Find below the command used and kernel. I have added
>>some debug print in logs.
>>
>>Command used : ./openssl dgst -engine af_alg -sha1 -hmac "key" r.txt
>>kernel version : 3.17.8
>>
>>Initial Investigation : In shash_desc structure tfm pointer contains
>>5a5a5a5a5a5a5a5a(invalid pointer), when it triess to reference export
>>function pointer it crashes. As per my understanding tfm object should
>>have pointer of memory bloack allocated in
>>"crypto_init_shash_ops_async" function
>>
>>Please give some pointers to debug the issue.Any documentation to
>>understand the crypto-api code.
>
> May I ask you to send 2 things: the source code of the OpenSSL af_alg engine
> that you use (IIRC it is not included upstream, I want to be sure I used the
> right one).
>
> Further, can you attach an strace of the aforementioned command?
>
> Note, I am playing and abusing the AF_ALG interface for quite some time with
> [1] but I did not come across any issues like the one you describe here.
>
> [1] http://www.chronox.de/libkcapi.html
>
> Ciao
> Stephan


algif_hash.patch
Description: Binary data


strace.log
Description: Binary data

Re: kernel tainted while exporting shash context using af_alg interface

[Harsh Jain]

Hi Stephan,

I tried your patch on my machine. Kernel is not crashing. The openssl
break with this. Can you share HMAC program which you are suspecting
it will not work or do you already have some test written in
libkcapi/test.sh which will fail.


Regards
Harsh Jain

On Wed, Oct 28, 2015 at 6:25 AM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Mittwoch, 28. Oktober 2015, 01:09:58 schrieb Stephan Mueller:
>
> Hi Harsh,
>
>>
>>
>> However, any error in user space should not crash the kernel. So, a fix
>> should be done. But I think your code is not correct as it solidifies a
>> broken user space code.
>
> After thinking a bit again, I think your approach is correct after all. I was
> able to reproduce the crash by simply adding more accept calls to my test
> code. And I can confirm that your patch works, for hashes.
>
> *BUT* it does NOT work for HMAC as the key is set on the TFM and the
> subsequent accepts do not transport the key. Albeit your code prevents the
> kernel from crashing, the HMAC calculation will be done with an empty key as
> the setkey operation does not reach the TFM handle in the subordinate accept()
> call.
>
> So, I would think that the second accept is simply broken, for HMAC at least.
>
> Herbert, what is the purpose of that subordinate accept that is implemented
> with hash_accept? As this is broken for HMACs, should it be removed entirely?
>
> --
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: kernel tainted while exporting shash context using af_alg interface

[Harsh Jain]

Hi Stephan,

If we add sendmsg() in between 2 accept calls then the setkey problem
will happen?

handle->opfd = accept(handle->tfmfd, NULL, 0);
sendmsg()
handle->opfd = accept(handle->opfd, NULL, 0);
sendmsg()
handle->opfd = accept(handle->opfd, NULL, 0);

If yes, Then may be it is expected behavior and user is supposed to
set the key explicitly with some other system call.Why I am saying
this is. I remember somewhere in kernel code I read some comment
related to setkey operations.

In that case my patch should work. 1 doubt I have related to patch is
do I need to set "ctx->more" =1 after initialisation.

Correct me If I am wrong.


Thanks for your support.


regards
Harsh Jain

On Wed, Oct 28, 2015 at 4:53 PM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Mittwoch, 28. Oktober 2015, 16:24:34 schrieb Harsh Jain:
>
> Hi Harsh,
>
>>Hi Stephan,
>>
>>I tried your patch on my machine. Kernel is not crashing. The openssl
>>break with this. Can you share HMAC program which you are suspecting
>>it will not work or do you already have some test written in
>>libkcapi/test.sh which will fail.
>
> See comments above test/kcapi-main.c:cavs_hash
>
>  * HMAC command line invocation:
>  * $ ./kcapi -x 3 -c "hmac(sha1)" -k 6e77ebd479da794707bc6cde3694f552ea892dab
> -p
> 31b62a797adbff6b8a358d2b5206e01fee079de8cdfc4695138bba163b4efbf30127343e7fd4fbc696c3d38d8f27f57c024b5056f726ceeb4c31d98e57751ec8cbe8904ee0f9b031ae6a0c55da5e062475b3d7832191d4057643ef5fa446801d59a04693e573a8159cd2416b7bd39c7f0fe63c599365e04d596c05736beaab58
>  * 7f204ea665666f5bd2b370e546d1b408005e4d85
>
> To do that, apply your patch and then
>
> 1. open lib/kcapi-kernel-if.c and change line 567 from
>
> handle->opfd = accept(handle->tfmfd, NULL, 0);
>
>
> to
>
> handle->opfd = accept(handle->tfmfd, NULL, 0);
> handle->opfd = accept(handle->opfd, NULL, 0);
> handle->opfd = accept(handle->opfd, NULL, 0);
> handle->opfd = accept(handle->opfd, NULL, 0);
> handle->opfd = accept(handle->opfd, NULL, 0);
>
> You will see that the hash commands will pass, the HMAC fails
>
> Without your patch, the kernel crashes (same as with your OpenSSL code).
>
> The reason is that setkey is applied on the TFM that is not conveyed to the
> subsequent TFMs generated with new accepts.
>>
>>
>>Regards
>>Harsh Jain
>>
>>On Wed, Oct 28, 2015 at 6:25 AM, Stephan Mueller <smuel...@chronox.de> wrote:
>>> Am Mittwoch, 28. Oktober 2015, 01:09:58 schrieb Stephan Mueller:
>>>
>>> Hi Harsh,
>>>
>>>> However, any error in user space should not crash the kernel. So, a fix
>>>> should be done. But I think your code is not correct as it solidifies a
>>>> broken user space code.
>>>
>>> After thinking a bit again, I think your approach is correct after all. I
>>> was able to reproduce the crash by simply adding more accept calls to my
>>> test code. And I can confirm that your patch works, for hashes.
>>>
>>> *BUT* it does NOT work for HMAC as the key is set on the TFM and the
>>> subsequent accepts do not transport the key. Albeit your code prevents the
>>> kernel from crashing, the HMAC calculation will be done with an empty key
>>> as
>>> the setkey operation does not reach the TFM handle in the subordinate
>>> accept() call.
>>>
>>> So, I would think that the second accept is simply broken, for HMAC at
>>> least.
>>>
>>> Herbert, what is the purpose of that subordinate accept that is implemented
>>> with hash_accept? As this is broken for HMACs, should it be removed
>>> entirely?
>>>
>>> --
>>> Ciao
>>> Stephan
>>
>>--
>>To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>>the body of a message to majord...@vger.kernel.org
>>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: kernel tainted while exporting shash context using af_alg interface

[Harsh Jain]

Hi,

I tried patch on my setup and its working fine.
Thanks Stephan, Herbert for your support.

Regards
Harsh Jain

On Fri, Oct 30, 2015 at 4:40 PM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Freitag, 30. Oktober 2015, 14:02:27 schrieb Harsh Jain:
>
> Hi Harsh,
>
>>Hi Stephan,
>>
>>If we add sendmsg() in between 2 accept calls then the setkey problem
>>will happen?
>>
>>handle->opfd = accept(handle->tfmfd, NULL, 0);
>>sendmsg()
>>handle->opfd = accept(handle->opfd, NULL, 0);
>>sendmsg()
>>handle->opfd = accept(handle->opfd, NULL, 0);
>
> Without testing, I would very much expect that, because the setkey does not
> apply to the subordinate tfm.
>>
>>If yes, Then may be it is expected behavior and user is supposed to
>>set the key explicitly with some other system call.Why I am saying
>>this is. I remember somewhere in kernel code I read some comment
>>related to setkey operations.
>
> I would like to wait for Herbert to chime in here on how he thinks this would
> work.
>>
>>In that case my patch should work. 1 doubt I have related to patch is
>>do I need to set "ctx->more" =1 after initialisation.
>>
>>Correct me If I am wrong.
>>
>>
>>Thanks for your support.
>>
>>
>>regards
>>Harsh Jain
>>
>>On Wed, Oct 28, 2015 at 4:53 PM, Stephan Mueller <smuel...@chronox.de> wrote:
>>> Am Mittwoch, 28. Oktober 2015, 16:24:34 schrieb Harsh Jain:
>>>
>>> Hi Harsh,
>>>
>>>>Hi Stephan,
>>>>
>>>>I tried your patch on my machine. Kernel is not crashing. The openssl
>>>>break with this. Can you share HMAC program which you are suspecting
>>>>it will not work or do you already have some test written in
>>>>libkcapi/test.sh which will fail.
>>>>
>>> See comments above test/kcapi-main.c:cavs_hash
>>>
>>>  * HMAC command line invocation:
>>>  * $ ./kcapi -x 3 -c "hmac(sha1)" -k
>>>  6e77ebd479da794707bc6cde3694f552ea892dab
>>>
>>> -p
>>> 31b62a797adbff6b8a358d2b5206e01fee079de8cdfc4695138bba163b4efbf30127343e7fd
>>> 4fbc696c3d38d8f27f57c024b5056f726ceeb4c31d98e57751ec8cbe8904ee0f9b031ae6a0c
>>> 55da5e062475b3d7832191d4057643ef5fa446801d59a04693e573a8159cd2416b7bd39c7f0
>>> fe63c599365e04d596c05736beaab58>
>>>  * 7f204ea665666f5bd2b370e546d1b408005e4d85
>>>
>>> To do that, apply your patch and then
>>>
>>> 1. open lib/kcapi-kernel-if.c and change line 567 from
>>>
>>> handle->opfd = accept(handle->tfmfd, NULL, 0);
>>>
>>>
>>> to
>>>
>>> handle->opfd = accept(handle->tfmfd, NULL, 0);
>>> handle->opfd = accept(handle->opfd, NULL, 0);
>>> handle->opfd = accept(handle->opfd, NULL, 0);
>>> handle->opfd = accept(handle->opfd, NULL, 0);
>>> handle->opfd = accept(handle->opfd, NULL, 0);
>>>
>>> You will see that the hash commands will pass, the HMAC fails
>>>
>>> Without your patch, the kernel crashes (same as with your OpenSSL code).
>>>
>>> The reason is that setkey is applied on the TFM that is not conveyed to the
>>> subsequent TFMs generated with new accepts.
>>>
>>>>Regards
>>>>Harsh Jain
>>>>
>>>>On Wed, Oct 28, 2015 at 6:25 AM, Stephan Mueller <smuel...@chronox.de>
> wrote:
>>>>> Am Mittwoch, 28. Oktober 2015, 01:09:58 schrieb Stephan Mueller:
>>>>>
>>>>> Hi Harsh,
>>>>>
>>>>>> However, any error in user space should not crash the kernel. So, a fix
>>>>>> should be done. But I think your code is not correct as it solidifies a
>>>>>> broken user space code.
>>>>>
>>>>> After thinking a bit again, I think your approach is correct after all. I
>>>>> was able to reproduce the crash by simply adding more accept calls to my
>>>>> test code. And I can confirm that your patch works, for hashes.
>>>>>
>>>>> *BUT* it does NOT work for HMAC as the key is set on the TFM and the
>>>>> subsequent accepts do not transport the key. Albeit your code prevents
>>>>> the
>>>>> kernel from crashing, the HMAC calculation will be done with an empty key
>>>>> as
>>>>> the setkey operation does not reach the TFM handle in the subordinate
>>>>> accept() call.
>>>>>
>>>>> So, I would think that the second accept is simply broken, for HMAC at
>>>>> least.
>>>>>
>>>>> Herbert, what is the purpose of that subordinate accept that is
>>>>> implemented
>>>>> with hash_accept? As this is broken for HMACs, should it be removed
>>>>> entirely?
>>>>>
>>>>> --
>>>>> Ciao
>>>>> Stephan
>>>>
>>>>--
>>>>To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>>>>the body of a message to majord...@vger.kernel.org
>>>>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>>
>>> Ciao
>>> Stephan
>
>
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2] crypto: algif_hash - Only export and import on sockets with data

[Harsh Jain]

Hi herbert,

Which kernel versions will have this patch?

Regards
Harsh Jain

On Mon, Nov 2, 2015 at 8:42 AM, Herbert Xu <herb...@gondor.apana.org.au> wrote:
> On Sun, Nov 01, 2015 at 12:07:12PM +0100, Stephan Mueller wrote:
>> Am Sonntag, 1. November 2015, 17:11:19 schrieb Herbert Xu:
>>
>> Hi Herbert,
>>
>> > On Sat, Oct 31, 2015 at 12:45:47AM +0100, Stephan Mueller wrote:
>> > > Testing complete: patch solves the oops and allows to successfully 
>> > > perform
>> > > HMAC even when having subsequent accepts and operating on those 
>> > > subsequent
>> > > accepts.
>> >
>> > Thanks Stephan!
>> >
>> > Unfortunately my patch is incomplete as some other thread could
>> > change ctx->more while we're in the middle of the accept call.
>> >
>> > So here is an updated version.
>>
>> Shouldn't that patch to into stable (and hopefully into 4.3) as well?
>
> Yes it is going into stable.
>
> Cheers,
> --
> Email: Herbert Xu <herb...@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Test AEAD/authenc algorithms from userspace

[Harsh Jain]

Hi All,

How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from
userspace program.I check libkcapi library. It has test programs for
GCM/CCM. There are 3 types of approaches to Authenticated Encryption,
Which of them is supported in crypto framework.

1) Encrypt-then-MAC (EtM)
 The plaintext is first encrypted, then a MAC is produced based on
the resulting ciphertext. The ciphertext and its MAC are sent
together.
2) Encrypt-and-MAC (E)
 A MAC is produced based on the plaintext, and the plaintext is
encrypted without the MAC. The plaintext's MAC and the ciphertext are
sent together.

3) MAC-then-Encrypt (MtE)
 A MAC is produced based on the plaintext, then the plaintext and
MAC are together encrypted to produce a ciphertext based on both. The
ciphertext (containing an encrypted MAC) is sent.


Regards
Harsh Jain
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Test AEAD/authenc algorithms from userspace

[Harsh Jain]

Hi,

You means to say like this

./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
48981da18e4bb9ef7e2e3162d16b19108b19050f66582cb7f7e4b6c873819b71 -k
8d7dd9b0170ce0b5f2f8e1aa768e01e91da8bfc67fd486d081b28254c99eb423 -i
7fbc02ebf5b93322329df9bfccb635af -a afcd7202d621e06ca53b70c2bdff7fb2
-l 16f4a3eacfbdadd3b1a17117b1d67ffc1f1e21efbbc6d83724a8c296e3bb8cda0c44

It gives following error with kernel 4.5.2
Symmetric cipher setkey failed
Failed to invoke testing



Regards
Harsh Jain

On Tue, May 31, 2016 at 12:35 PM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Hi All,
>>
>> How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from
>> userspace program.I check libkcapi library. It has test programs for
>> GCM/CCM. There are 3 types of approaches to Authenticated Encryption,
>> Which of them is supported in crypto framework.
>>
>> 1) Encrypt-then-MAC (EtM)
>>  The plaintext is first encrypted, then a MAC is produced based on
>> the resulting ciphertext. The ciphertext and its MAC are sent
>> together.
>> 2) Encrypt-and-MAC (E)
>>  A MAC is produced based on the plaintext, and the plaintext is
>> encrypted without the MAC. The plaintext's MAC and the ciphertext are
>> sent together.
>>
>> 3) MAC-then-Encrypt (MtE)
>>  A MAC is produced based on the plaintext, then the plaintext and
>> MAC are together encrypted to produce a ciphertext based on both. The
>> ciphertext (containing an encrypted MAC) is sent.
>
> The cipher types you mention refer to the implementation of authenc(). IIRC,
> authenc implements EtM as this is mandated by IPSEC.
>
> When you use libkcapi, you should simply be able to use your cipher name with
> the AEAD API. I.e. use the examples you see for CCM or GCM and use those with
> the chosen authenc() cipher. Do you experience any issues?
>
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Test AEAD/authenc algorithms from userspace

[Harsh Jain]

Hi,

Thanks Stephen, I will check the same.1 suggestion for kcapi tool. Add
some switch cases in tool to test digest and finup path of crypto
driver. Current implementation triggers only init/update/final.


Regards
Harsh Jain

On Tue, May 31, 2016 at 2:29 PM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Dienstag, 31. Mai 2016, 14:10:20 schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Hi,
>>
>> You means to say like this
>>
>> ./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
>> 48981da18e4bb9ef7e2e3162d16b19108b19050f66582cb7f7e4b6c873819b71 -k
>> 8d7dd9b0170ce0b5f2f8e1aa768e01e91da8bfc67fd486d081b28254c99eb423 -i
>> 7fbc02ebf5b93322329df9bfccb635af -a afcd7202d621e06ca53b70c2bdff7fb2
>> -l 16f4a3eacfbdadd3b1a17117b1d67ffc1f1e21efbbc6d83724a8c296e3bb8cda0c44
>>
>> It gives following error with kernel 4.5.2
>> Symmetric cipher setkey failed
>> Failed to invoke testing
>>
>
> Please see testmgr.h for usage (especially the key encoding):
>
> invocation:
> ./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
> 53696e676c6520626c6f636b206d7367 -k
> 0800011006a9214036b8a15b512e03d534120006
> -i 3dafba429d9eb430b422da802c9fac41 -a 3dafba429d9eb430b422da802c9fac41 -l 20
>
> return:
> e353779c1079aeb82708942dbe77181a1b13cbaf895ee12c13c52ea3cceddcb50371a206
>
> This is the first test of hmac_sha1_aes_cbc_enc_tv_temp (RFC3601 case 1).
> Note, the input string of "Single block msg" was converted to hex
> 53696e676c6520626c6f636b206d7367 as my tool always treats all input data as
> hex data.
>
>>
>>
>> Regards
>> Harsh Jain
>>
>> On Tue, May 31, 2016 at 12:35 PM, Stephan Mueller <smuel...@chronox.de>
> wrote:
>> > Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain:
>> >
>> > Hi Harsh,
>> >
>> >> Hi All,
>> >>
>> >> How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from
>> >> userspace program.I check libkcapi library. It has test programs for
>> >> GCM/CCM. There are 3 types of approaches to Authenticated Encryption,
>> >> Which of them is supported in crypto framework.
>> >>
>> >> 1) Encrypt-then-MAC (EtM)
>> >>
>> >>  The plaintext is first encrypted, then a MAC is produced based on
>> >>
>> >> the resulting ciphertext. The ciphertext and its MAC are sent
>> >> together.
>> >> 2) Encrypt-and-MAC (E)
>> >>
>> >>  A MAC is produced based on the plaintext, and the plaintext is
>> >>
>> >> encrypted without the MAC. The plaintext's MAC and the ciphertext are
>> >> sent together.
>> >>
>> >> 3) MAC-then-Encrypt (MtE)
>> >>
>> >>  A MAC is produced based on the plaintext, then the plaintext and
>> >>
>> >> MAC are together encrypted to produce a ciphertext based on both. The
>> >> ciphertext (containing an encrypted MAC) is sent.
>> >
>> > The cipher types you mention refer to the implementation of authenc().
>> > IIRC, authenc implements EtM as this is mandated by IPSEC.
>> >
>> > When you use libkcapi, you should simply be able to use your cipher name
>> > with the AEAD API. I.e. use the examples you see for CCM or GCM and use
>> > those with the chosen authenc() cipher. Do you experience any issues?
>> >
>> > Ciao
>> > Stephan
>
>
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Test AEAD/authenc algorithms from userspace

[Harsh Jain]

Hi,

1) User can use libkcapi to write program for finup/digest.
2) No, kernel test for finup (not sure).
3) We can test all callback of new hash tfm drivers added in kernel.
4) My driver had issue in finup path which is not caught by kcapi test
program :)

regards
Harsh Jain

regards
Harsh Jain

On Tue, May 31, 2016 at 4:35 PM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Dienstag, 31. Mai 2016, 16:28:14 schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Hi Stephen,
>>
>> Yes ,It's for Hash. The available API in library for hash update
>> "_kcapi_md_update" uses "MSG_MORE" flag always set. It will not
>> trigger driver's digest/finup implementation. We need something like
>> that
>>
>>  _kcapi_common_accept()
>> send(handle->opfd, buffer, len, 0); ==> flag = 0.
>>
>> It will execute digest callback of selected tfm from User
>> Space.(init->digest) Similarly
>>
>> _kcapi_common_accept()
>> send(handle->opfd, buffer, len, MSG_MORE);
>> send(handle->opfd, buffer, len, 0);
>>
>> It will execute finup callback of selected tfm. (init->update->finup).
>>
>> In that way we can test all callbacks from userspace. In future if you
>> feel this use case important. You can add API's to implement this.
>
> Ok, I see that the finup code path is not exercised in the kernel by my
> library.
>
> Why do you think that this code path should be tested by my test code?
>
> The test code shall verify that libkcapi works fine.
>
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Test AEAD/authenc algorithms from userspace

[Harsh Jain]

Hi Stephen,

Yes ,It's for Hash. The available API in library for hash update
"_kcapi_md_update" uses "MSG_MORE" flag always set. It will not
trigger driver's digest/finup implementation. We need something like
that

 _kcapi_common_accept()
send(handle->opfd, buffer, len, 0); ==> flag = 0.

It will execute digest callback of selected tfm from User
Space.(init->digest) Similarly

_kcapi_common_accept()
send(handle->opfd, buffer, len, MSG_MORE);
send(handle->opfd, buffer, len, 0);

It will execute finup callback of selected tfm. (init->update->finup).

In that way we can test all callbacks from userspace. In future if you
feel this use case important. You can add API's to implement this.


Regards
Harsh Jain

regards
Harsh Jain






regards
Harsh Jain

On Tue, May 31, 2016 at 2:51 PM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Dienstag, 31. Mai 2016, 14:45:27 schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Hi,
>>
>> Thanks Stephen, I will check the same.1 suggestion for kcapi tool. Add
>> some switch cases in tool to test digest and finup path of crypto
>> driver. Current implementation triggers only init/update/final.
>
> You mean for hashes? I guess the following is what you refer to? This logic is
> even found for the other cipher types (symmetric algos, AEAD ciphers). See the
> documentation on stream vs one-shot use cases.
>
> /**
>  * kcapi_md_init() - initialize cipher handle
>  * @handle: cipher handle filled during the call - output
>  * @ciphername: kernel crypto API cipher name as specified in
>  * /proc/crypto - input
>  * @flags: flags specifying the type of cipher handle
>  *
>  * This function provides the initialization of a (keyed) message digest
> handle
>  * and establishes the connection to the kernel.
>  *
>  * Return: 0 upon success; ENOENT - algorithm not available;
>  * -EOPNOTSUPP - AF_ALG family not available;
>  * -EINVAL - accept syscall failed
>  * -ENOMEM - cipher handle cannot be allocated
>  */
> int kcapi_md_init(struct kcapi_handle **handle, const char *ciphername,
>   uint32_t flags);
>
> /**
>  * kcapi_md_update() - message digest update function (stream)
>  * @handle: cipher handle - input
>  * @buffer: holding the data to add to the message digest - input
>  * @len: buffer length - input
>  *
>  * Return: 0 upon success;
>  * < 0 in case of error
>  */
> int32_t kcapi_md_update(struct kcapi_handle *handle,
> const uint8_t *buffer, uint32_t len);
>
> /**
>  * kcapi_md_final() - message digest finalization function (stream)
>  * @handle: cipher handle - input
>  * @buffer: filled with the message digest - output
>  * @len: buffer length - input
>  *
>  * Return: size of message digest upon success;
>  * -EIO - data cannot be obtained;
>  * -ENOMEM - buffer is too small for the complete message digest,
>  * the buffer is filled with the truncated message digest
>  */
> int32_t kcapi_md_final(struct kcapi_handle *handle,
>uint8_t *buffer, uint32_t len);
>
>
> The test/kcapi tool is a crude test tool that I use for my regression testing.
> It is not intended for anything else.
>>
>>
>> Regards
>> Harsh Jain
>>
>> On Tue, May 31, 2016 at 2:29 PM, Stephan Mueller <smuel...@chronox.de>
> wrote:
>> > Am Dienstag, 31. Mai 2016, 14:10:20 schrieb Harsh Jain:
>> >
>> > Hi Harsh,
>> >
>> >> Hi,
>> >>
>> >> You means to say like this
>> >>
>> >> ./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
>> >> 48981da18e4bb9ef7e2e3162d16b19108b19050f66582cb7f7e4b6c873819b71 -k
>> >> 8d7dd9b0170ce0b5f2f8e1aa768e01e91da8bfc67fd486d081b28254c99eb423 -i
>> >> 7fbc02ebf5b93322329df9bfccb635af -a afcd7202d621e06ca53b70c2bdff7fb2
>> >> -l 16f4a3eacfbdadd3b1a17117b1d67ffc1f1e21efbbc6d83724a8c296e3bb8cda0c44
>> >>
>> >> It gives following error with kernel 4.5.2
>> >> Symmetric cipher setkey failed
>> >> Failed to invoke testing
>> >
>> > Please see testmgr.h for usage (especially the key encoding):
>> >
>> > invocation:
>> > ./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
>> > 53696e676c6520626c6f636b206d7367 -k
>> > 0800011006a9214036b8a15b51
>> > 2e03d534120006 -i 3dafba429d9eb430b422da802c9fac41 -a
>> > 3dafba429d9eb430b422da802c9fac41 -l 20
>> >
>> > return:
>> > e353779c1079aeb82708942dbe77181a1b13cbaf895

Re: Encryption output buffer description in algif_aead.c file

[Harsh Jain]

Yes, I will share the patch.

regards
Harsh Jain



On Fri, Jun 24, 2016 at 5:31 PM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Freitag, 24. Juni 2016, 17:24:02 schrieb Harsh Jain:
>
> Hi Harsh,
>
>
>> 379  * The memory structure for cipher operation has the following
>> 380  * structure:
>> 381  *  AEAD encryption input:  assoc data || plaintext
>> 382  *  AEAD encryption output: cipherntext || auth tag
>> 383  *  AEAD decryption input:  assoc data || ciphertext || auth
>> tag 384  *  AEAD decryption output: plaintext
>
> Right, it returns AAD prepended to the stated output. Do you want to provide a
> patch?
>
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Encryption output buffer description in algif_aead.c file

[Harsh Jain]

Hi Stephan,

It seems now AEAD encryption operation also returns AAD to user space
in output buffer. Following comment in aead_recvmsg() needs updation:

/*
373  * AEAD memory structure: For encryption, the tag is appended to the
374  * ciphertext which implies that the memory allocated for
the ciphertext
375  * must be increased by the tag length. For decryption, the tag
376  * is expected to be concatenated to the ciphertext. The plaintext
377  * therefore has a memory size of the ciphertext minus the
tag length.
378  *
379  * The memory structure for cipher operation has the following
380  * structure:
381  *  AEAD encryption input:  assoc data || plaintext
382  *  AEAD encryption output: cipherntext || auth tag
383  *  AEAD decryption input:  assoc data || ciphertext || auth tag
384  *  AEAD decryption output: plaintext
385  */


Regards
Harsh Jain
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Max data limit for AEAD operation

[Harsh Jain]

Hi,

Thank for reply. As such I don't have any use case. But the use case I
can think of is AEAD operation on large file using AF_ALG interface.
If user tried this he/she will get invalid TAG value.


Regards
Harsh Jain

On Fri, Jul 22, 2016 at 10:10 AM, Herbert Xu
<herb...@gondor.apana.org.au> wrote:
> Harsh Jain <harshjain.p...@gmail.com> wrote:
>>
>> There is maximum limit of data which crypto user can send(in encrypt)
>> to get TAG in AEAD operations. We do not have update/final like
>> implementation for AEAD algo's. why is this so?
>
> Because our users haven't needed it so far.  Also algorithms like CCM
> cannot support such an operation.
>
> If you have a valid use case for it then I'll consider it.
>
> Cheers,
> --
> Email: Herbert Xu <herb...@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Max data limit for AEAD operation

[Harsh Jain]

Hi All,

There is maximum limit of data which crypto user can send(in encrypt)
to get TAG in AEAD operations. We do not have update/final like
implementation for AEAD algo's. why is this so?


Regards
Harsh Jain
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] Remove redundant sg_init_table call.

[Harsh Jain]

Remove redundant sg_init_table call. scatterwalk_ffwd doing the same.

Signed-off-by: Harsh Jain <harshjain.p...@gmail.com>
---
 crypto/authenc.c |7 +--
 1 files changed, 1 insertions(+), 6 deletions(-)

diff --git a/crypto/authenc.c b/crypto/authenc.c
index 55a354d..c7cc11d 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -206,7 +206,6 @@ static int crypto_authenc_encrypt(struct aead_request *req)
struct scatterlist *src, *dst;
int err;
 
-   sg_init_table(areq_ctx->src, 2);
src = scatterwalk_ffwd(areq_ctx->src, req->src, req->assoclen);
dst = src;
 
@@ -215,7 +214,6 @@ static int crypto_authenc_encrypt(struct aead_request *req)
if (err)
return err;
 
-   sg_init_table(areq_ctx->dst, 2);
dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
}
 
@@ -251,14 +249,11 @@ static int crypto_authenc_decrypt_tail(struct 
aead_request *req,
if (crypto_memneq(ihash, ahreq->result, authsize))
return -EBADMSG;
 
-   sg_init_table(areq_ctx->src, 2);
src = scatterwalk_ffwd(areq_ctx->src, req->src, req->assoclen);
dst = src;
 
-   if (req->src != req->dst) {
-   sg_init_table(areq_ctx->dst, 2);
+   if (req->src != req->dst)
dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
-   }
 
ablkcipher_request_set_tfm(abreq, ctx->enc);
ablkcipher_request_set_callback(abreq, aead_request_flags(req),
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Why null skcipher to copy AAD data?

[Harsh Jain]

Hi,

Why we need null skcipher to copy AAD from src to dst buffer. We can
do the same with some function,who can copy data from src sg list to
dst sg list.

Regards
Harsh Jain
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/1] crypto:algif_aead - Fix kernel panic on list_del

[Harsh Jain]

Kernel panics when userspace program try to access AEAD interface.
Remove node from Linked List before freeing its memory.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 crypto/algif_aead.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index f849311..533265f 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -661,9 +661,9 @@ static int aead_recvmsg_sync(struct socket *sock, struct 
msghdr *msg, int flags)
 unlock:
list_for_each_entry_safe(rsgl, tmp, >list, list) {
af_alg_free_sg(>sgl);
+   list_del(>list);
if (rsgl != >first_rsgl)
sock_kfree_s(sk, rsgl, sizeof(*rsgl));
-   list_del(>list);
}
INIT_LIST_HEAD(>list);
aead_wmem_wakeup(sk);
-- 
1.8.2.3

[PATCH v2 1/2] crypto:chcr- Fix panic on dma_unmap_sg

[Harsh Jain]

Save DMA mapped sg list addresses to request context buffer.

Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_algo.c   | 49 +++-
 drivers/crypto/chelsio/chcr_crypto.h |  3 +++
 2 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 2ed1e24..d29c2b4 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -158,7 +158,7 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
case CRYPTO_ALG_TYPE_AEAD:
ctx_req.req.aead_req = (struct aead_request *)req;
ctx_req.ctx.reqctx = aead_request_ctx(ctx_req.req.aead_req);
-   dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.req.aead_req->dst,
+   dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.ctx.reqctx->dst,
 ctx_req.ctx.reqctx->dst_nents, DMA_FROM_DEVICE);
if (ctx_req.ctx.reqctx->skb) {
kfree_skb(ctx_req.ctx.reqctx->skb);
@@ -1362,8 +1362,7 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
struct chcr_wr *chcr_req;
struct cpl_rx_phys_dsgl *phys_cpl;
struct phys_sge_parm sg_param;
-   struct scatterlist *src, *dst;
-   struct scatterlist src_sg[2], dst_sg[2];
+   struct scatterlist *src;
unsigned int frags = 0, transhdr_len;
unsigned int ivsize = crypto_aead_ivsize(tfm), dst_size = 0;
unsigned int   kctx_len = 0;
@@ -1383,19 +1382,21 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
 
if (sg_nents_for_len(req->src, req->assoclen + req->cryptlen) < 0)
goto err;
-   src = scatterwalk_ffwd(src_sg, req->src, req->assoclen);
-   dst = src;
+   src = scatterwalk_ffwd(reqctx->srcffwd, req->src, req->assoclen);
+   reqctx->dst = src;
+
if (req->src != req->dst) {
err = chcr_copy_assoc(req, aeadctx);
if (err)
return ERR_PTR(err);
-   dst = scatterwalk_ffwd(dst_sg, req->dst, req->assoclen);
+   reqctx->dst = scatterwalk_ffwd(reqctx->dstffwd, req->dst,
+  req->assoclen);
}
if (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_NULL) {
null = 1;
assoclen = 0;
}
-   reqctx->dst_nents = sg_nents_for_len(dst, req->cryptlen +
+   reqctx->dst_nents = sg_nents_for_len(reqctx->dst, req->cryptlen +
 (op_type ? -authsize : authsize));
if (reqctx->dst_nents <= 0) {
pr_err("AUTHENC:Invalid Destination sg entries\n");
@@ -1460,7 +1461,7 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize);
sg_param.qid = qid;
sg_param.align = 0;
-   if (map_writesg_phys_cpl(_ctx->lldi.pdev->dev, phys_cpl, dst,
+   if (map_writesg_phys_cpl(_ctx->lldi.pdev->dev, phys_cpl, reqctx->dst,
  _param))
goto dstmap_fail;
 
@@ -1711,8 +1712,7 @@ static struct sk_buff *create_aead_ccm_wr(struct 
aead_request *req,
struct chcr_wr *chcr_req;
struct cpl_rx_phys_dsgl *phys_cpl;
struct phys_sge_parm sg_param;
-   struct scatterlist *src, *dst;
-   struct scatterlist src_sg[2], dst_sg[2];
+   struct scatterlist *src;
unsigned int frags = 0, transhdr_len, ivsize = AES_BLOCK_SIZE;
unsigned int dst_size = 0, kctx_len;
unsigned int sub_type;
@@ -1728,17 +1728,19 @@ static struct sk_buff *create_aead_ccm_wr(struct 
aead_request *req,
if (sg_nents_for_len(req->src, req->assoclen + req->cryptlen) < 0)
goto err;
sub_type = get_aead_subtype(tfm);
-   src = scatterwalk_ffwd(src_sg, req->src, req->assoclen);
-   dst = src;
+   src = scatterwalk_ffwd(reqctx->srcffwd, req->src, req->assoclen);
+   reqctx->dst = src;
+
if (req->src != req->dst) {
err = chcr_copy_assoc(req, aeadctx);
if (err) {
pr_err("AAD copy to destination buffer fails\n");
return ERR_PTR(err);
}
-   dst = scatterwalk_ffwd(dst_sg, req->dst, req->assoclen);
+   reqctx->dst = scatterwalk_ffwd(reqctx->dstffwd, req->dst,
+  req->assoclen);
}
-   reqctx->dst_nents = sg_nents_for_len(dst, req->cryptlen +
+   reqctx->dst_nents = sg_nents_for_len(reqctx->dst, req->cryptlen +
 (op_type ? -authsize : authsize));
if (reqctx->dst_nents <= 0) {
pr_err("CCM:Invalid Destination sg entries\n");
@@ -1777,7 +1779,7 @@ static struct sk_buff 

[PATCH v2 0/2 ] Bug Fixes for 4.10

[Harsh Jain]

This patch series includes critical bug fixes

Atul Gupta (2):
  crypto:chcr- Fix panic on dma_unmap_sg
  crypto:chcr- Check device is allocated before use

 drivers/crypto/chelsio/chcr_algo.c   | 49 +++-
 drivers/crypto/chelsio/chcr_core.c   | 18 ++---
 drivers/crypto/chelsio/chcr_crypto.h |  3 +++
 3 files changed, 37 insertions(+), 33 deletions(-)

-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 2/2] crypto:chcr- Check device is allocated before use

[Harsh Jain]

Ensure dev is allocated for crypto uld context before using the device
for crypto operations.

Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_core.c | 18 --
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_core.c 
b/drivers/crypto/chelsio/chcr_core.c
index 918da8e..1c65f07 100644
--- a/drivers/crypto/chelsio/chcr_core.c
+++ b/drivers/crypto/chelsio/chcr_core.c
@@ -52,6 +52,7 @@
 int assign_chcr_device(struct chcr_dev **dev)
 {
struct uld_ctx *u_ctx;
+   int ret = -ENXIO;
 
/*
 * Which device to use if multiple devices are available TODO
@@ -59,15 +60,14 @@ int assign_chcr_device(struct chcr_dev **dev)
 * must go to the same device to maintain the ordering.
 */
mutex_lock(_mutex); /* TODO ? */
-   u_ctx = list_first_entry(_ctx_list, struct uld_ctx, entry);
-   if (!u_ctx) {
-   mutex_unlock(_mutex);
-   return -ENXIO;
+   list_for_each_entry(u_ctx, _ctx_list, entry)
+   if (u_ctx && u_ctx->dev) {
+   *dev = u_ctx->dev;
+   ret = 0;
+   break;
}
-
-   *dev = u_ctx->dev;
mutex_unlock(_mutex);
-   return 0;
+   return ret;
 }
 
 static int chcr_dev_add(struct uld_ctx *u_ctx)
@@ -202,10 +202,8 @@ static int chcr_uld_state_change(void *handle, enum 
cxgb4_state state)
 
 static int __init chcr_crypto_init(void)
 {
-   if (cxgb4_register_uld(CXGB4_ULD_CRYPTO, _uld_info)) {
+   if (cxgb4_register_uld(CXGB4_ULD_CRYPTO, _uld_info))
pr_err("ULD register fail: No chcr crypto support in cxgb4");
-   return -1;
-   }
 
return 0;
 }
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 5/8] crypto:chcr: Change cra_flags for cipher algos

[Harsh Jain]

Change cipher algos flags to CRYPTO_ALG_TYPE_ABLKCIPHER.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index d335943..21fc04c 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -171,7 +171,7 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
}
break;
 
-   case CRYPTO_ALG_TYPE_BLKCIPHER:
+   case CRYPTO_ALG_TYPE_ABLKCIPHER:
ctx_req.req.ablk_req = (struct ablkcipher_request *)req;
ctx_req.ctx.ablk_ctx =
ablkcipher_request_ctx(ctx_req.req.ablk_req);
@@ -2492,7 +2492,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_name   = "cbc(aes)",
.cra_driver_name= "cbc-aes-chcr",
.cra_priority   = CHCR_CRA_PRIORITY,
-   .cra_flags  = CRYPTO_ALG_TYPE_BLKCIPHER |
+   .cra_flags  = CRYPTO_ALG_TYPE_ABLKCIPHER |
CRYPTO_ALG_ASYNC,
.cra_blocksize  = AES_BLOCK_SIZE,
.cra_ctxsize= sizeof(struct chcr_context)
@@ -2519,7 +2519,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_name   = "xts(aes)",
.cra_driver_name= "xts-aes-chcr",
.cra_priority   = CHCR_CRA_PRIORITY,
-   .cra_flags  = CRYPTO_ALG_TYPE_BLKCIPHER |
+   .cra_flags  = CRYPTO_ALG_TYPE_ABLKCIPHER |
CRYPTO_ALG_ASYNC,
.cra_blocksize  = AES_BLOCK_SIZE,
.cra_ctxsize= sizeof(struct chcr_context) +
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/8] crypto:chcr- Fix key length for RFC4106

[Harsh Jain]

Check keylen before copying salt to avoid wrap around of Integer.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index deec7c0..6c2dea3 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2194,8 +2194,8 @@ static int chcr_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
unsigned int ck_size;
int ret = 0, key_ctx_size = 0;
 
-   if (get_aead_subtype(aead) ==
-   CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) {
+   if (get_aead_subtype(aead) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106 &&
+   keylen > 3) {
keylen -= 4;  /* nonce/salt is present in the last 4 bytes */
memcpy(aeadctx->salt, key + keylen, 4);
}
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/8] crypto:chcr-fix itnull.cocci warnings

[Harsh Jain]

The first argument to list_for_each_entry cannot be NULL.

Generated by: scripts/coccinelle/iterators/itnull.cocci

Signed-off-by: Julia Lawall <julia.law...@lip6.fr>
Signed-off-by: Fengguang Wu <fengguang...@intel.com>
Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_core.c 
b/drivers/crypto/chelsio/chcr_core.c
index 1c65f07..2bfd61a 100644
--- a/drivers/crypto/chelsio/chcr_core.c
+++ b/drivers/crypto/chelsio/chcr_core.c
@@ -61,7 +61,7 @@ int assign_chcr_device(struct chcr_dev **dev)
 */
mutex_lock(_mutex); /* TODO ? */
list_for_each_entry(u_ctx, _ctx_list, entry)
-   if (u_ctx && u_ctx->dev) {
+   if (u_ctx->dev) {
*dev = u_ctx->dev;
ret = 0;
break;
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 0/8] Bug fixes

[Harsh Jain]

This patch series is based on Herbert's cryptodev-2.6 tree and depends on 
patch series "Bug Fixes for 4.10". It includes Bug Fixes.

Atul Gupta (2)
  crypto:chcr-Change flow IDs
  crypto:chcr- Fix wrong typecasting
Harsh Jain (8):
  crypto:chcr- Fix key length for RFC4106
  crypto:chcr-fix itnull.cocci warnings
  crypto:chcr- Use cipher instead of Block Cipher in gcm setkey
  crypto:chcr: Change cra_flags for cipher algos
  crypto:chcr- Change algo priority
  crypto:chcr-Fix Smatch Complaint

 drivers/crypto/chelsio/chcr_algo.c| 53 ++-
 drivers/crypto/chelsio/chcr_algo.h|  9 +++--
 drivers/crypto/chelsio/chcr_core.c| 11 +++---
 drivers/crypto/chelsio/chcr_core.h|  1 +
 drivers/crypto/chelsio/chcr_crypto.h  |  2 +-
 drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h |  8 
 6 files changed, 47 insertions(+), 37 deletions(-)
 mode change 100644 => 100755 drivers/crypto/chelsio/chcr_algo.c

-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 6/8] crypto:chcr- Change algo priority

[Harsh Jain]

Update priorities to 3000

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_crypto.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_crypto.h 
b/drivers/crypto/chelsio/chcr_crypto.h
index 7ec0a8f..81cfd0b 100644
--- a/drivers/crypto/chelsio/chcr_crypto.h
+++ b/drivers/crypto/chelsio/chcr_crypto.h
@@ -48,7 +48,7 @@
  * giving the processed data
  */
 
-#define CHCR_CRA_PRIORITY 300
+#define CHCR_CRA_PRIORITY 3000
 
 #define CHCR_AES_MAX_KEY_LEN  (2 * (AES_MAX_KEY_SIZE)) /* consider xts */
 #define CHCR_MAX_CRYPTO_IV_LEN 16 /* AES IV len */
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 8/8] crypto:chcr-Fix Smatch Complaint

[Harsh Jain]

Initialise variable after null check.

Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 drivers/crypto/chelsio/chcr_algo.c

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
old mode 100644
new mode 100755
index 21fc04c..41bc7f4
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2456,13 +2456,14 @@ static int chcr_aead_op(struct aead_request *req,
 {
struct crypto_aead *tfm = crypto_aead_reqtfm(req);
struct chcr_context *ctx = crypto_aead_ctx(tfm);
-   struct uld_ctx *u_ctx = ULD_CTX(ctx);
+   struct uld_ctx *u_ctx;
struct sk_buff *skb;
 
-   if (ctx && !ctx->dev) {
+   if (!ctx->dev) {
pr_err("chcr : %s : No crypto device.\n", __func__);
return -ENXIO;
}
+   u_ctx = ULD_CTX(ctx);
if (cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0],
   ctx->tx_channel_id)) {
if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG))
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 7/8] crypto:chcr- Fix wrong typecasting

[Harsh Jain]

Typecast the pointer with correct structure.

Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_core.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_core.c 
b/drivers/crypto/chelsio/chcr_core.c
index 2bfd61a..c28e018 100644
--- a/drivers/crypto/chelsio/chcr_core.c
+++ b/drivers/crypto/chelsio/chcr_core.c
@@ -151,18 +151,17 @@ int chcr_uld_rx_handler(void *handle, const __be64 *rsp,
 {
struct uld_ctx *u_ctx = (struct uld_ctx *)handle;
struct chcr_dev *dev = u_ctx->dev;
-   const struct cpl_act_establish *rpl = (struct cpl_act_establish
-  *)rsp;
+   const struct cpl_fw6_pld *rpl = (struct cpl_fw6_pld *)rsp;
 
-   if (rpl->ot.opcode != CPL_FW6_PLD) {
+   if (rpl->opcode != CPL_FW6_PLD) {
pr_err("Unsupported opcode\n");
return 0;
}
 
if (!pgl)
-   work_handlers[rpl->ot.opcode](dev, (unsigned char *)[1]);
+   work_handlers[rpl->opcode](dev, (unsigned char *)[1]);
else
-   work_handlers[rpl->ot.opcode](dev, pgl->va);
+   work_handlers[rpl->opcode](dev, pgl->va);
return 0;
 }
 
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 4/8] crypto:chcr- Use cipher instead of Block Cipher in gcm setkey

[Harsh Jain]

1 Block of encrption can be done with aes-generic. no need of
cbc(aes). This patch replaces cbc(aes-generic) with aes-generic.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c | 20 +---
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 6c2dea3..d335943 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2189,8 +2189,7 @@ static int chcr_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
struct chcr_context *ctx = crypto_aead_ctx(aead);
struct chcr_aead_ctx *aeadctx = AEAD_CTX(ctx);
struct chcr_gcm_ctx *gctx = GCM_CTX(aeadctx);
-   struct blkcipher_desc h_desc;
-   struct scatterlist src[1];
+   struct crypto_cipher *cipher;
unsigned int ck_size;
int ret = 0, key_ctx_size = 0;
 
@@ -2223,27 +,26 @@ static int chcr_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
CHCR_KEYCTX_MAC_KEY_SIZE_128,
0, 0,
key_ctx_size >> 4);
-   /* Calculate the H = CIPH(K, 0 repeated 16 times) using sync aes
-* blkcipher It will go on key context
+   /* Calculate the H = CIPH(K, 0 repeated 16 times).
+* It will go in key context
 */
-   h_desc.tfm = crypto_alloc_blkcipher("cbc(aes-generic)", 0, 0);
-   if (IS_ERR(h_desc.tfm)) {
+   cipher = crypto_alloc_cipher("aes-generic", 0, 0);
+   if (IS_ERR(cipher)) {
aeadctx->enckey_len = 0;
ret = -ENOMEM;
goto out;
}
-   h_desc.flags = 0;
-   ret = crypto_blkcipher_setkey(h_desc.tfm, key, keylen);
+
+   ret = crypto_cipher_setkey(cipher, key, keylen);
if (ret) {
aeadctx->enckey_len = 0;
goto out1;
}
memset(gctx->ghash_h, 0, AEAD_H_SIZE);
-   sg_init_one([0], gctx->ghash_h, AEAD_H_SIZE);
-   ret = crypto_blkcipher_encrypt(_desc, [0], [0], AEAD_H_SIZE);
+   crypto_cipher_encrypt_one(cipher, gctx->ghash_h, gctx->ghash_h);
 
 out1:
-   crypto_free_blkcipher(h_desc.tfm);
+   crypto_free_cipher(cipher);
 out:
return ret;
 }
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/8] crypto:chcr-Change flow IDs

[Harsh Jain]

Change assign flowc id to each outgoing request.Firmware use flowc id
to schedule each request onto HW. FW reply may miss without this change.

Reviewed-by: Hariprasad Shenai 
Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_algo.c| 18 ++
 drivers/crypto/chelsio/chcr_algo.h|  9 +
 drivers/crypto/chelsio/chcr_core.h|  1 +
 drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h |  8 
 4 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index d29c2b4..deec7c0 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -542,10 +542,11 @@ static inline void create_wreq(struct chcr_context *ctx,
(calc_tx_flits_ofld(skb) * 8), 16)));
chcr_req->wreq.cookie = cpu_to_be64((uintptr_t)req);
chcr_req->wreq.rx_chid_to_rx_q_id =
-   FILL_WR_RX_Q_ID(ctx->dev->tx_channel_id, qid,
-   is_iv ? iv_loc : IV_NOP);
+   FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid,
+   is_iv ? iv_loc : IV_NOP, ctx->tx_channel_id);
 
-   chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id);
+   chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id,
+  qid);
chcr_req->ulptx.len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8),
16) - ((sizeof(chcr_req->wreq)) >> 4)));
 
@@ -606,7 +607,7 @@ static inline void create_wreq(struct chcr_context *ctx,
chcr_req = (struct chcr_wr *)__skb_put(skb, transhdr_len);
memset(chcr_req, 0, transhdr_len);
chcr_req->sec_cpl.op_ivinsrtofst =
-   FILL_SEC_CPL_OP_IVINSR(ctx->dev->tx_channel_id, 2, 1);
+   FILL_SEC_CPL_OP_IVINSR(ctx->dev->rx_channel_id, 2, 1);
 
chcr_req->sec_cpl.pldlen = htonl(ivsize + req->nbytes);
chcr_req->sec_cpl.aadstart_cipherstop_hi =
@@ -782,6 +783,7 @@ static int chcr_device_init(struct chcr_context *ctx)
spin_lock(>dev->lock_chcr_dev);
ctx->tx_channel_id = rxq_idx;
ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id;
+   ctx->dev->rx_channel_id = 0;
spin_unlock(>dev->lock_chcr_dev);
}
 out:
@@ -874,7 +876,7 @@ static struct sk_buff *create_hash_wr(struct ahash_request 
*req,
memset(chcr_req, 0, transhdr_len);
 
chcr_req->sec_cpl.op_ivinsrtofst =
-   FILL_SEC_CPL_OP_IVINSR(ctx->dev->tx_channel_id, 2, 0);
+   FILL_SEC_CPL_OP_IVINSR(ctx->dev->rx_channel_id, 2, 0);
chcr_req->sec_cpl.pldlen = htonl(param->bfr_len + param->sg_len);
 
chcr_req->sec_cpl.aadstart_cipherstop_hi =
@@ -1425,7 +1427,7 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
 * to the hardware spec
 */
chcr_req->sec_cpl.op_ivinsrtofst =
-   FILL_SEC_CPL_OP_IVINSR(ctx->dev->tx_channel_id, 2,
+   FILL_SEC_CPL_OP_IVINSR(ctx->dev->rx_channel_id, 2,
   (ivsize ? (assoclen + 1) : 0));
chcr_req->sec_cpl.pldlen = htonl(assoclen + ivsize + req->cryptlen);
chcr_req->sec_cpl.aadstart_cipherstop_hi = FILL_SEC_CPL_CIPHERSTOP_HI(
@@ -1601,7 +1603,7 @@ static void fill_sec_cpl_for_aead(struct cpl_tx_sec_pdu 
*sec_cpl,
unsigned int ivsize = AES_BLOCK_SIZE;
unsigned int cipher_mode = CHCR_SCMD_CIPHER_MODE_AES_CCM;
unsigned int mac_mode = CHCR_SCMD_AUTH_MODE_CBCMAC;
-   unsigned int c_id = chcrctx->dev->tx_channel_id;
+   unsigned int c_id = chcrctx->dev->rx_channel_id;
unsigned int ccm_xtra;
unsigned char tag_offset = 0, auth_offset = 0;
unsigned char hmac_ctrl = get_hmac(crypto_aead_authsize(tfm));
@@ -1877,7 +1879,7 @@ static struct sk_buff *create_gcm_wr(struct aead_request 
*req,
 
tag_offset = (op_type == CHCR_ENCRYPT_OP) ? 0 : authsize;
chcr_req->sec_cpl.op_ivinsrtofst = FILL_SEC_CPL_OP_IVINSR(
-   ctx->dev->tx_channel_id, 2, (ivsize ?
+   ctx->dev->rx_channel_id, 2, (ivsize ?
(req->assoclen + 1) : 0));
chcr_req->sec_cpl.pldlen = htonl(req->assoclen + ivsize + crypt_len);
chcr_req->sec_cpl.aadstart_cipherstop_hi = FILL_SEC_CPL_CIPHERSTOP_HI(
diff --git a/drivers/crypto/chelsio/chcr_algo.h 
b/drivers/crypto/chelsio/chcr_algo.h
index 3c7c51f..ba38bae 100644
--- a/drivers/crypto/chelsio/chcr_algo.h
+++ b/drivers/crypto/chelsio/chcr_algo.h
@@ -185,20 +185,21 @@
FW_CRYPTO_LOOKASIDE_WR_CCTX_LOC_V(1) | \
FW_CRYPTO_LOOKASIDE_WR_CCTX_SIZE_V((ctx_len)))
 
-#define FILL_WR_RX_Q_ID(cid, 

BUG: af_alg bind fails for 50 % request from userspace for hash algo

[Harsh Jain]

Hi Herbert/Stephen,

When I try to run 100 application which calculates sha384 digest from 
userspace, nearly 50 applications fail in bind system call with error ENOENT.

"crypto_alg_mod_lookup" in api.c call fails in kernel space. Issue comes in 1st 
try only(Seems some relation with crypto test executions).  If I execute same 
test again issue didn't reproduce.

Regards

Harsh Jain

Who will copy the AAD data to dest. buffer

[Harsh Jain]

Hi Herbert,

Is copy of AAD data to destination buffer when dst != src is mandatory
requirements for crypto drivers or we can skip this copy. Actually I
am bit confused, In following link Stephen had mentioned caller will
memcpy the AAD to destination buffer but authenc.c also copies the AAD
to dest. buffer.

http://www.chronox.de/libkcapi/html/ch02s02.html

Secondly When AAD data remains unchanged in AEAD encryption/decryption
operations. Why we copy the same data to destination buffer?

Thanks & Regards
Harsh Jain
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

rmmod crypto driver when ipsec is in use

[Harsh Jain]

Hi,

What is the expected behavior when driver is unregistered(Rmmod ) with
active ipsec session.?
I am getting stacktrace(BUG_ON in crypto_unregister_alg) instead of
"module in use".


Regards
Harsh Jain
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 6/6] Add support for AEAD algos.

[Harsh Jain]

On 14-10-2016 19:54, Stephan Mueller wrote:
> Am Donnerstag, 13. Oktober 2016, 16:39:39 CEST schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Add support for following AEAD algos.
>>  GCM,CCM,RFC4106,RFC4309,authenc(hmac(shaXXX),cbc(aes)).
>>
>> Signed-off-by: Harsh Jain <ha...@chelsio.com>
>> ---
>>  drivers/crypto/chelsio/Kconfig   |1 +
>>  drivers/crypto/chelsio/chcr_algo.c   | 1466
>> +- drivers/crypto/chelsio/chcr_algo.h   |  
>> 16 +-
>>  drivers/crypto/chelsio/chcr_core.c   |8 +-
>>  drivers/crypto/chelsio/chcr_core.h   |2 -
>>  drivers/crypto/chelsio/chcr_crypto.h |   90 ++-
>>  6 files changed, 1541 insertions(+), 42 deletions(-)
>>
>> diff --git a/drivers/crypto/chelsio/Kconfig b/drivers/crypto/chelsio/Kconfig
>> index 4ce67fb..3e104f5 100644
>> --- a/drivers/crypto/chelsio/Kconfig
>> +++ b/drivers/crypto/chelsio/Kconfig
>> @@ -4,6 +4,7 @@ config CRYPTO_DEV_CHELSIO
>>  select CRYPTO_SHA1
>>  select CRYPTO_SHA256
>>  select CRYPTO_SHA512
>> +select CRYPTO_AUTHENC
>>  ---help---
>>The Chelsio Crypto Co-processor driver for T6 adapters.
>>
>> diff --git a/drivers/crypto/chelsio/chcr_algo.c
>> b/drivers/crypto/chelsio/chcr_algo.c index 18385d6..cffc38f 100644
>> --- a/drivers/crypto/chelsio/chcr_algo.c
>> +++ b/drivers/crypto/chelsio/chcr_algo.c
>> @@ -54,6 +54,12 @@
>>  #include 
>>  #include 
>>  #include 
>> +#include 
>> +#include 
>> +#include 
>> +#include 
>> +#include 
>> +#include 
>>  #include 
>>
>>  #include "t4fw_api.h"
>> @@ -62,6 +68,11 @@
>>  #include "chcr_algo.h"
>>  #include "chcr_crypto.h"
>>
>> +static inline  struct chcr_aead_ctx *AEAD_CTX(struct chcr_context *ctx)
>> +{
>> +return ctx->crypto_ctx->aeadctx;
>> +}
>> +
>>  static inline struct ablk_ctx *ABLK_CTX(struct chcr_context *ctx)
>>  {
>>  return ctx->crypto_ctx->ablkctx;
>> @@ -72,6 +83,16 @@ static inline struct hmac_ctx *HMAC_CTX(struct
>> chcr_context *ctx) return ctx->crypto_ctx->hmacctx;
>>  }
>>
>> +static inline struct chcr_gcm_ctx *GCM_CTX(struct chcr_aead_ctx *gctx)
>> +{
>> +return gctx->ctx->gcm;
>> +}
>> +
>> +static inline struct chcr_authenc_ctx *AUTHENC_CTX(struct chcr_aead_ctx
>> *gctx) +{
>> +return gctx->ctx->authenc;
>> +}
>> +
>>  static inline struct uld_ctx *ULD_CTX(struct chcr_context *ctx)
>>  {
>>  return ctx->dev->u_ctx;
>> @@ -94,12 +115,37 @@ static inline unsigned int sgl_len(unsigned int n)
>>  return (3 * n) / 2 + (n & 1) + 2;
>>  }
>>
>> +static void chcr_verify_tag(struct aead_request *req, u8 *input, int *err)
>> +{
>> +u8 temp[SHA512_DIGEST_SIZE];
>> +struct crypto_aead *tfm = crypto_aead_reqtfm(req);
>> +int authsize = crypto_aead_authsize(tfm);
>> +struct cpl_fw6_pld *fw6_pld;
>> +int cmp = 0;
>> +
>> +fw6_pld = (struct cpl_fw6_pld *)input;
>> +if ((get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) ||
>> +(get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_GCM)) {
>> +cmp = memcmp(_pld->data[2], (fw6_pld + 1), authsize);
>> +} else {
>> +
>> +sg_pcopy_to_buffer(req->src, sg_nents(req->src), temp,
>> +authsize, req->assoclen +
>> +req->cryptlen - authsize);
> I am wondering whether the math is correct here in any case. It is 
> permissible 
> that we have an AAD size of 0 and even a zero-sized ciphertext. How is such 
> scenario covered here?
Here we are trying to copy user supplied tag to local buffer(temp) for decrypt 
operation only. relative index of tag in src sg list
will not change when AAD is zero and in decrypt operation cryptlen > authsize.
>
>> +cmp = memcmp(temp, (fw6_pld + 1), authsize);
> I would guess in both cases memcmp should be replaced with crypto_memneq
Yes can be done

>
>> +}
>> +if (cmp)
>> +*err = -EBADMSG;
>> +else
>> +*err = 0;
> What do you think about memzero_explicit(tmp)?
No Idea why we needs explicitly setting of zero for local variable.  Please 
share some online resources to understand this.

>
>> +}
>> +
>>  /*
>>   *  chcr_handle_resp - Unmap the DMA buffers associated with the request
>>   *  @req: c

Re: [PATCH 6/6] Add support for AEAD algos.

[Harsh Jain]

On 08-11-2016 18:29, Stephan Mueller wrote:
> Am Dienstag, 8. November 2016, 17:16:38 CET schrieb Harsh Jain:
>
> Hi Harsh,
>
>> On 08-11-2016 16:45, Stephan Mueller wrote:
>>> Am Donnerstag, 27. Oktober 2016, 15:36:08 CET schrieb Harsh Jain:
>>>
>>> Hi Harsh,
>>>
>>>>>> +static void chcr_verify_tag(struct aead_request *req, u8 *input, int
>>>>>> *err)
>>>>>> +{
>>>>>> +u8 temp[SHA512_DIGEST_SIZE];
>>>>>> +struct crypto_aead *tfm = crypto_aead_reqtfm(req);
>>>>>> +int authsize = crypto_aead_authsize(tfm);
>>>>>> +struct cpl_fw6_pld *fw6_pld;
>>>>>> +int cmp = 0;
>>>>>> +
>>>>>> +fw6_pld = (struct cpl_fw6_pld *)input;
>>>>>> +if ((get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) 
>>>>>> ||
>>>>>> +(get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_GCM)) {
>>>>>> +cmp = memcmp(_pld->data[2], (fw6_pld + 1), 
>>>>>> authsize);
>>>>>> +} else {
>>>>>> +
>>>>>> +sg_pcopy_to_buffer(req->src, sg_nents(req->src), temp,
>>>>>> +authsize, req->assoclen +
>>>>>> +req->cryptlen - authsize);
>>>>> I am wondering whether the math is correct here in any case. It is
>>>>> permissible that we have an AAD size of 0 and even a zero-sized
>>>>> ciphertext. How is such scenario covered here?
>>>> Here we are trying to copy user supplied tag to local buffer(temp) for
>>>> decrypt operation only. relative index of tag in src sg list will not
>>>> change when AAD is zero and in decrypt operation cryptlen > authsize.
>>> I am just wondering where this is checked. Since all of these
>>> implementations are directly accessible from unprivileged user space, we
>>> should be careful.
>> chcr_verify_tag() will be called when req->verify is set to "VERIFY_SW", 
>> same will set in decrypt callback function of Algo(like chcr_aead_decrypt)
>> only. It will ensure calling of chcr_verify_tag() in de-crypt operation
>> only.
> I think that limiting to the decryption path may not be enough. What happens 
> if a caller sets some assoclen, but when invoking the decryption operation it 
> provides input data that is smaller than the assoclen? The API allows this 
> scenario.
If I understand correctly, in this case passed sg list will be smaller. We 
should return with error -EINVAL at entry point only (like create_gcm_wr), 
control should not reach to chcr_verify_tag().

>
> Ciao
> Stephan

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 6/6] Add support for AEAD algos.

[Harsh Jain]

On 08-11-2016 19:51, Harsh Jain wrote:
>
> On 08-11-2016 18:29, Stephan Mueller wrote:
>> Am Dienstag, 8. November 2016, 17:16:38 CET schrieb Harsh Jain:
>>
>> Hi Harsh,
>>
>>> On 08-11-2016 16:45, Stephan Mueller wrote:
>>>> Am Donnerstag, 27. Oktober 2016, 15:36:08 CET schrieb Harsh Jain:
>>>>
>>>> Hi Harsh,
>>>>
>>>>>>> +static void chcr_verify_tag(struct aead_request *req, u8 *input, int
>>>>>>> *err)
>>>>>>> +{
>>>>>>> +   u8 temp[SHA512_DIGEST_SIZE];
>>>>>>> +   struct crypto_aead *tfm = crypto_aead_reqtfm(req);
>>>>>>> +   int authsize = crypto_aead_authsize(tfm);
>>>>>>> +   struct cpl_fw6_pld *fw6_pld;
>>>>>>> +   int cmp = 0;
>>>>>>> +
>>>>>>> +   fw6_pld = (struct cpl_fw6_pld *)input;
>>>>>>> +   if ((get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) 
>>>>>>> ||
>>>>>>> +   (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_GCM)) {
>>>>>>> +   cmp = memcmp(_pld->data[2], (fw6_pld + 1), 
>>>>>>> authsize);
>>>>>>> +   } else {
>>>>>>> +
>>>>>>> +   sg_pcopy_to_buffer(req->src, sg_nents(req->src), temp,
>>>>>>> +   authsize, req->assoclen +
>>>>>>> +   req->cryptlen - authsize);
>>>>>> I am wondering whether the math is correct here in any case. It is
>>>>>> permissible that we have an AAD size of 0 and even a zero-sized
>>>>>> ciphertext. How is such scenario covered here?
>>>>> Here we are trying to copy user supplied tag to local buffer(temp) for
>>>>> decrypt operation only. relative index of tag in src sg list will not
>>>>> change when AAD is zero and in decrypt operation cryptlen > authsize.
>>>> I am just wondering where this is checked. Since all of these
>>>> implementations are directly accessible from unprivileged user space, we
>>>> should be careful.
>>> chcr_verify_tag() will be called when req->verify is set to "VERIFY_SW", 
>>> same will set in decrypt callback function of Algo(like chcr_aead_decrypt)
>>> only. It will ensure calling of chcr_verify_tag() in de-crypt operation
>>> only.
>> I think that limiting to the decryption path may not be enough. What happens 
>> if a caller sets some assoclen, but when invoking the decryption operation 
>> it 
>> provides input data that is smaller than the assoclen? The API allows this 
>> scenario.
> If I understand correctly, in this case passed sg list will be smaller. We 
> should return with error -EINVAL at entry point only (like create_gcm_wr), 
> control should not reach to chcr_verify_tag().
I had a look in software implementation for check related to aad len > src sg 
list.  I doubt same is not handled in software also. See  below
In "crypto_authenc_encrypt" if assoclen passed to 
"scatterwalk_ffwd" is greater than src. It may panic with NULL pointer 
exception.

 I will add  this check in V2 of chcr driver.

>
>> Ciao
>> Stephan

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 6/6] Add support for AEAD algos.

[Harsh Jain]

On 08-11-2016 16:45, Stephan Mueller wrote:
> Am Donnerstag, 27. Oktober 2016, 15:36:08 CET schrieb Harsh Jain:
>
> Hi Harsh,
>
>>>> +static void chcr_verify_tag(struct aead_request *req, u8 *input, int
>>>> *err)
>>>> +{
>>>> +  u8 temp[SHA512_DIGEST_SIZE];
>>>> +  struct crypto_aead *tfm = crypto_aead_reqtfm(req);
>>>> +  int authsize = crypto_aead_authsize(tfm);
>>>> +  struct cpl_fw6_pld *fw6_pld;
>>>> +  int cmp = 0;
>>>> +
>>>> +  fw6_pld = (struct cpl_fw6_pld *)input;
>>>> +  if ((get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) ||
>>>> +  (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_GCM)) {
>>>> +  cmp = memcmp(_pld->data[2], (fw6_pld + 1), authsize);
>>>> +  } else {
>>>> +
>>>> +  sg_pcopy_to_buffer(req->src, sg_nents(req->src), temp,
>>>> +  authsize, req->assoclen +
>>>> +  req->cryptlen - authsize);
>>> I am wondering whether the math is correct here in any case. It is
>>> permissible that we have an AAD size of 0 and even a zero-sized
>>> ciphertext. How is such scenario covered here?
>> Here we are trying to copy user supplied tag to local buffer(temp) for
>> decrypt operation only. relative index of tag in src sg list will not
>> change when AAD is zero and in decrypt operation cryptlen > authsize.
> I am just wondering where this is checked. Since all of these implementations 
> are directly accessible from unprivileged user space, we should be careful.
chcr_verify_tag() will be called when req->verify is set to "VERIFY_SW",  same 
will set in decrypt callback function of Algo(like chcr_aead_decrypt) only. It 
will ensure calling of chcr_verify_tag() in de-crypt operation only.


>
>>>> +  cmp = memcmp(temp, (fw6_pld + 1), authsize);
>>> I would guess in both cases memcmp should be replaced with crypto_memneq
>> Yes can be done
>>
>>>> +  }
>>>> +  if (cmp)
>>>> +  *err = -EBADMSG;
>>>> +  else
>>>> +  *err = 0;
>>> What do you think about memzero_explicit(tmp)?
>> No Idea why we needs explicitly setting of zero for local variable.  Please
>> share some online resources to understand this.
> In dumps, the stack is also produced. Yet I see that stack memory is very 
> volatile and thus will be overwritten soon. Thus my common approach for 
> sensitive data is that heap variables must be zeroized. Stack variables are 
> suggested to be zeroized. As far as I understand the code, temp will hold a 
> copy of the tag value, i.e. a public piece of information. If this is 
> correct, 
> that I concur that a memset may not be needed after all.
Yes, temp contains user supplied tag. We can ignore memset here. I will review 
the other function weather they need similar memset or not.
>
> Ciao
> Stephan

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 2/9]crypto/chcr: Added new structure chcr_wr to populate Work Request Header.

[Harsh Jain]

Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c   | 239 +--
 drivers/crypto/chelsio/chcr_algo.h   |  28 ++--
 drivers/crypto/chelsio/chcr_core.h   |  16 +++
 drivers/crypto/chelsio/chcr_crypto.h |   6 -
 4 files changed, 140 insertions(+), 149 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 944c11f..5918e1e 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -414,8 +414,23 @@ static inline int get_cryptoalg_subtype(struct crypto_tfm 
*tfm)
return chcr_crypto_alg->type & CRYPTO_ALG_SUB_TYPE_MASK;
 }
 
+static inline void write_buffer_to_skb(struct sk_buff *skb,
+   unsigned int *frags,
+   char *bfr,
+   u8 bfr_len)
+{
+   skb->len += bfr_len;
+   skb->data_len += bfr_len;
+   skb->truesize += bfr_len;
+   get_page(virt_to_page(bfr));
+   skb_fill_page_desc(skb, *frags, virt_to_page(bfr),
+  offset_in_page(bfr), bfr_len);
+   (*frags)++;
+}
+
+
 static inline void
-write_sg_data_page_desc(struct sk_buff *skb, unsigned int *frags,
+write_sg_to_skb(struct sk_buff *skb, unsigned int *frags,
struct scatterlist *sg, unsigned int count)
 {
struct page *spage;
@@ -456,14 +471,12 @@ static int generate_copy_rrkey(struct ablk_ctx *ablkctx,
 }
 
 static inline void create_wreq(struct chcr_context *ctx,
-  struct fw_crypto_lookaside_wr *wreq,
+  struct chcr_wr *chcr_req,
   void *req, struct sk_buff *skb,
   int kctx_len, int hash_sz,
   unsigned int phys_dsgl)
 {
struct uld_ctx *u_ctx = ULD_CTX(ctx);
-   struct ulp_txpkt *ulptx = (struct ulp_txpkt *)(wreq + 1);
-   struct ulptx_idata *sc_imm = (struct ulptx_idata *)(ulptx + 1);
int iv_loc = IV_DSGL;
int qid = u_ctx->lldi.rxq_ids[ctx->tx_channel_id];
unsigned int immdatalen = 0, nr_frags = 0;
@@ -475,24 +488,27 @@ static inline void create_wreq(struct chcr_context *ctx,
nr_frags = skb_shinfo(skb)->nr_frags;
}
 
-   wreq->op_to_cctx_size = FILL_WR_OP_CCTX_SIZE(immdatalen,
-(kctx_len >> 4));
-   wreq->pld_size_hash_size =
+   chcr_req->wreq.op_to_cctx_size = FILL_WR_OP_CCTX_SIZE(immdatalen,
+   ((sizeof(chcr_req->key_ctx) + kctx_len) >> 4));
+   chcr_req->wreq.pld_size_hash_size =
htonl(FW_CRYPTO_LOOKASIDE_WR_PLD_SIZE_V(sgl_lengths[nr_frags]) |
  FW_CRYPTO_LOOKASIDE_WR_HASH_SIZE_V(hash_sz));
-   wreq->len16_pkd = htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP(
+   chcr_req->wreq.len16_pkd =
+   htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP(
(calc_tx_flits_ofld(skb) * 8), 16)));
-   wreq->cookie = cpu_to_be64((uintptr_t)req);
-   wreq->rx_chid_to_rx_q_id =
+   chcr_req->wreq.cookie = cpu_to_be64((uintptr_t)req);
+   chcr_req->wreq.rx_chid_to_rx_q_id =
FILL_WR_RX_Q_ID(ctx->dev->tx_channel_id, qid,
(hash_sz) ? IV_NOP : iv_loc);
 
-   ulptx->cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id);
-   ulptx->len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8),
-16) - ((sizeof(*wreq)) >> 4)));
+   chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id);
+   chcr_req->ulptx.len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8),
+   16) - ((sizeof(chcr_req->wreq)) >> 4)));
 
-   sc_imm->cmd_more = FILL_CMD_MORE(immdatalen);
-   sc_imm->len = cpu_to_be32(sizeof(struct cpl_tx_sec_pdu) + kctx_len +
+   chcr_req->sc_imm.cmd_more = FILL_CMD_MORE(immdatalen);
+   chcr_req->sc_imm.len = cpu_to_be32(sizeof(struct cpl_tx_sec_pdu) +
+  sizeof(chcr_req->key_ctx) +
+  kctx_len +
  ((hash_sz) ? DUMMY_BYTES :
  (sizeof(struct cpl_rx_phys_dsgl) +
   phys_dsgl)) + immdatalen);
@@ -506,23 +522,23 @@ static inline void create_wreq(struct chcr_context *ctx,
  * @op_type:   encryption or decryption
  */
 static struct sk_buff
-*create_cipher_wr(struct crypto_async_request *req_base,
- struct chcr_context *ctx, unsigned short qid,
+*create_cipher_wr(struct ablkcipher_request *req,
+ unsigned short qid,
  unsigned short op_type)
 {
-   struct ablkcipher_request *req = (struct ablkcipher_request *)req_base;
struct crypto_ablkcipher 

[PATCH v2 1/9] crypto/chcr:Fix memory corruption done

[Harsh Jain]

Fix memory corruption done by  *((u32 *)dec_key + k) operation.

Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c | 52 ++
 drivers/crypto/chelsio/chcr_algo.h | 58 +-
 2 files changed, 53 insertions(+), 57 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index e4ddb92..944c11f 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -178,6 +178,58 @@ static inline unsigned int calc_tx_flits_ofld(const struct 
sk_buff *skb)
return flits + sgl_len(cnt);
 }
 
+static void get_aes_decrypt_key(unsigned char *dec_key,
+   const unsigned char *key,
+   unsigned int keylength)
+{
+   u32 temp;
+   u32 w_ring[MAX_NK];
+   int i, j, k;
+   u8  nr, nk;
+
+   switch (keylength) {
+   case AES_KEYLENGTH_128BIT:
+   nk = KEYLENGTH_4BYTES;
+   nr = NUMBER_OF_ROUNDS_10;
+   break;
+   case AES_KEYLENGTH_192BIT:
+   nk = KEYLENGTH_6BYTES;
+   nr = NUMBER_OF_ROUNDS_12;
+   break;
+   case AES_KEYLENGTH_256BIT:
+   nk = KEYLENGTH_8BYTES;
+   nr = NUMBER_OF_ROUNDS_14;
+   break;
+   default:
+   return;
+   }
+   for (i = 0; i < nk; i++)
+   w_ring[i] = be32_to_cpu(*(u32 *)[4 * i]);
+
+   i = 0;
+   temp = w_ring[nk - 1];
+   while (i + nk < (nr + 1) * 4) {
+   if (!(i % nk)) {
+   /* RotWord(temp) */
+   temp = (temp << 8) | (temp >> 24);
+   temp = aes_ks_subword(temp);
+   temp ^= round_constant[i / nk];
+   } else if (nk == 8 && (i % 4 == 0)) {
+   temp = aes_ks_subword(temp);
+   }
+   w_ring[i % nk] ^= temp;
+   temp = w_ring[i % nk];
+   i++;
+   }
+   i--;
+   for (k = 0, j = i % nk; k < nk; k++) {
+   *((u32 *)dec_key + k) = htonl(w_ring[j]);
+   j--;
+   if (j < 0)
+   j += nk;
+   }
+}
+
 static struct shash_desc *chcr_alloc_shash(unsigned int ds)
 {
struct crypto_shash *base_hash = NULL;
diff --git a/drivers/crypto/chelsio/chcr_algo.h 
b/drivers/crypto/chelsio/chcr_algo.h
index ec64fbc..f34bc91 100644
--- a/drivers/crypto/chelsio/chcr_algo.h
+++ b/drivers/crypto/chelsio/chcr_algo.h
@@ -394,7 +394,7 @@ static inline u16 get_space_for_phys_dsgl(unsigned int 
sgl_entr)
187, 22
 };
 
-static u32 aes_ks_subword(const u32 w)
+static inline u32 aes_ks_subword(const u32 w)
 {
u8 bytes[4];
 
@@ -412,60 +412,4 @@ static u32 aes_ks_subword(const u32 w)
0x1B00, 0x3600, 0x6C00
 };
 
-/* dec_key - OUTPUT - Reverse round key
- * key - INPUT - key
- * keylength - INPUT - length of the key in number of bits
- */
-static inline void get_aes_decrypt_key(unsigned char *dec_key,
-  const unsigned char *key,
-  unsigned int keylength)
-{
-   u32 temp;
-   u32 w_ring[MAX_NK];
-   int i, j, k = 0;
-   u8  nr, nk;
-
-   switch (keylength) {
-   case AES_KEYLENGTH_128BIT:
-   nk = KEYLENGTH_4BYTES;
-   nr = NUMBER_OF_ROUNDS_10;
-   break;
-
-   case AES_KEYLENGTH_192BIT:
-   nk = KEYLENGTH_6BYTES;
-   nr = NUMBER_OF_ROUNDS_12;
-   break;
-   case AES_KEYLENGTH_256BIT:
-   nk = KEYLENGTH_8BYTES;
-   nr = NUMBER_OF_ROUNDS_14;
-   break;
-   default:
-   return;
-   }
-   for (i = 0; i < nk; i++ )
-   w_ring[i] = be32_to_cpu(*(u32 *)[4 * i]);
-
-   i = 0;
-   temp = w_ring[nk - 1];
-   while(i + nk < (nr + 1) * 4) {
-   if(!(i % nk)) {
-   /* RotWord(temp) */
-   temp = (temp << 8) | (temp >> 24);
-   temp = aes_ks_subword(temp);
-   temp ^= round_constant[i / nk];
-   }
-   else if (nk == 8 && (i % 4 == 0))
-   temp = aes_ks_subword(temp);
-   w_ring[i % nk] ^= temp;
-   temp = w_ring[i % nk];
-   i++;
-   }
-   for (k = 0, j = i % nk; k < nk; k++) {
-   *((u32 *)dec_key + k) = htonl(w_ring[j]);
-   j--;
-   if(j < 0)
-   j += nk;
-   }
-}
-
 #endif /* __CHCR_ALGO_H__ */
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 0/9] crypto/chcr: AEAD support and bug fixes

[Harsh Jain]

This patch series includes Bug Fixes, performance improvement and
support for following AEAD algos.
GCM,CCM,RFC4106,RFC4303,authenc(hmac(shaXXX),cbc(aes))

Jitendra Lulla (4):
  chcr:Fix memory corruption done
  Added new structure chcr_wr to populate Work Request Header.
  Fixes: 324429d74127, Unchecked dereference inside function.
  Remove malloc/free in hash operation and allocate memory in
chcr_ahash_req_ctx structure.
Harsh Jain (5):
  Calculate Reverse round key in setkey callback.
  chcr: Adjust Dest. buffer size
  chcr: Use SHASH_DESC_ON_STACK
  chcr: Move tfm ctx variable to request context
  Add AEAD algos.
GCM,CCM,RFC4106,RFC4309,authenc(hmac(shaXXX),cbc(aes)).

 drivers/crypto/chelsio/Kconfig   |1 +
 drivers/crypto/chelsio/chcr_algo.c   | 2014 +-
 drivers/crypto/chelsio/chcr_algo.h   |  102 +-
 drivers/crypto/chelsio/chcr_core.c   |8 +-
 drivers/crypto/chelsio/chcr_core.h   |   18 +-
 drivers/crypto/chelsio/chcr_crypto.h |  115 +-
 6 files changed, 1874 insertions(+), 384 deletions(-)

-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 9/9] crypto/chcr: Add AEAD algos

[Harsh Jain]

Add support for following AEAD algos.
 GCM,CCM,RFC4106,RFC4309,authenc(hmac(shaXXX),cbc(aes)).

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/Kconfig   |1 +
 drivers/crypto/chelsio/chcr_algo.c   | 1482 +-
 drivers/crypto/chelsio/chcr_algo.h   |   16 +-
 drivers/crypto/chelsio/chcr_core.c   |8 +-
 drivers/crypto/chelsio/chcr_core.h   |2 -
 drivers/crypto/chelsio/chcr_crypto.h |   90 ++-
 6 files changed, 1558 insertions(+), 41 deletions(-)

diff --git a/drivers/crypto/chelsio/Kconfig b/drivers/crypto/chelsio/Kconfig
index 4ce67fb..3e104f5 100644
--- a/drivers/crypto/chelsio/Kconfig
+++ b/drivers/crypto/chelsio/Kconfig
@@ -4,6 +4,7 @@ config CRYPTO_DEV_CHELSIO
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_SHA512
+   select CRYPTO_AUTHENC
---help---
  The Chelsio Crypto Co-processor driver for T6 adapters.
 
diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 18385d6..07e51ef 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -54,6 +54,12 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
 #include 
 
 #include "t4fw_api.h"
@@ -62,6 +68,11 @@
 #include "chcr_algo.h"
 #include "chcr_crypto.h"
 
+static inline  struct chcr_aead_ctx *AEAD_CTX(struct chcr_context *ctx)
+{
+   return ctx->crypto_ctx->aeadctx;
+}
+
 static inline struct ablk_ctx *ABLK_CTX(struct chcr_context *ctx)
 {
return ctx->crypto_ctx->ablkctx;
@@ -72,6 +83,16 @@ static inline struct hmac_ctx *HMAC_CTX(struct chcr_context 
*ctx)
return ctx->crypto_ctx->hmacctx;
 }
 
+static inline struct chcr_gcm_ctx *GCM_CTX(struct chcr_aead_ctx *gctx)
+{
+   return gctx->ctx->gcm;
+}
+
+static inline struct chcr_authenc_ctx *AUTHENC_CTX(struct chcr_aead_ctx *gctx)
+{
+   return gctx->ctx->authenc;
+}
+
 static inline struct uld_ctx *ULD_CTX(struct chcr_context *ctx)
 {
return ctx->dev->u_ctx;
@@ -94,12 +115,37 @@ static inline unsigned int sgl_len(unsigned int n)
return (3 * n) / 2 + (n & 1) + 2;
 }
 
+static void chcr_verify_tag(struct aead_request *req, u8 *input, int *err)
+{
+   u8 temp[SHA512_DIGEST_SIZE];
+   struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+   int authsize = crypto_aead_authsize(tfm);
+   struct cpl_fw6_pld *fw6_pld;
+   int cmp = 0;
+
+   fw6_pld = (struct cpl_fw6_pld *)input;
+   if ((get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) ||
+   (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_GCM)) {
+   cmp = memcmp(_pld->data[2], (fw6_pld + 1), authsize);
+   } else {
+
+   sg_pcopy_to_buffer(req->src, sg_nents(req->src), temp,
+   authsize, req->assoclen +
+   req->cryptlen - authsize);
+   cmp = memcmp(temp, (fw6_pld + 1), authsize);
+   }
+   if (cmp)
+   *err = -EBADMSG;
+   else
+   *err = 0;
+}
+
 /*
  * chcr_handle_resp - Unmap the DMA buffers associated with the request
  * @req: crypto request
  */
 int chcr_handle_resp(struct crypto_async_request *req, unsigned char *input,
-int error_status)
+int err)
 {
struct crypto_tfm *tfm = req->tfm;
struct chcr_context *ctx = crypto_tfm_ctx(tfm);
@@ -109,11 +155,27 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
unsigned int digestsize, updated_digestsize;
 
switch (tfm->__crt_alg->cra_flags & CRYPTO_ALG_TYPE_MASK) {
+   case CRYPTO_ALG_TYPE_AEAD:
+   ctx_req.req.aead_req = (struct aead_request *)req;
+   ctx_req.ctx.reqctx = aead_request_ctx(ctx_req.req.aead_req);
+   dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.req.aead_req->dst,
+ctx_req.ctx.reqctx->dst_nents, DMA_FROM_DEVICE);
+   if (ctx_req.ctx.reqctx->skb) {
+   kfree_skb(ctx_req.ctx.reqctx->skb);
+   ctx_req.ctx.reqctx->skb = NULL;
+   }
+   if (ctx_req.ctx.reqctx->verify == VERIFY_SW) {
+   chcr_verify_tag(ctx_req.req.aead_req, input,
+   );
+   ctx_req.ctx.reqctx->verify = VERIFY_HW;
+   }
+   break;
+
case CRYPTO_ALG_TYPE_BLKCIPHER:
ctx_req.req.ablk_req = (struct ablkcipher_request *)req;
ctx_req.ctx.ablk_ctx =
ablkcipher_request_ctx(ctx_req.req.ablk_req);
-   if (!error_status) {
+   if (!err) {
fw6_pld = (struct cpl_fw6_pld *)input;
  

[PATCH v2 8/9] crypto/chcr: Move tfm ctx variable to request context

[Harsh Jain]

Move request specific data in request context.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   | 26 +-
 drivers/crypto/chelsio/chcr_crypto.h |  9 -
 2 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 7262bb3..18385d6 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -119,7 +119,7 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
   AES_BLOCK_SIZE);
}
dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.req.ablk_req->dst,
-ABLK_CTX(ctx)->dst_nents, DMA_FROM_DEVICE);
+ctx_req.ctx.ablk_ctx->dst_nents, DMA_FROM_DEVICE);
if (ctx_req.ctx.ablk_ctx->skb) {
kfree_skb(ctx_req.ctx.ablk_ctx->skb);
ctx_req.ctx.ablk_ctx->skb = NULL;
@@ -138,8 +138,10 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
updated_digestsize = SHA256_DIGEST_SIZE;
else if (digestsize == SHA384_DIGEST_SIZE)
updated_digestsize = SHA512_DIGEST_SIZE;
-   if (ctx_req.ctx.ahash_ctx->skb)
+   if (ctx_req.ctx.ahash_ctx->skb) {
+   kfree_skb(ctx_req.ctx.ahash_ctx->skb);
ctx_req.ctx.ahash_ctx->skb = NULL;
+   }
if (ctx_req.ctx.ahash_ctx->result == 1) {
ctx_req.ctx.ahash_ctx->result = 0;
memcpy(ctx_req.req.ahash_req->result, input +
@@ -318,8 +320,7 @@ static inline int is_hmac(struct crypto_tfm *tfm)
struct chcr_alg_template *chcr_crypto_alg =
container_of(__crypto_ahash_alg(alg), struct chcr_alg_template,
 alg.hash);
-   if ((chcr_crypto_alg->type & CRYPTO_ALG_SUB_TYPE_MASK) ==
-   CRYPTO_ALG_SUB_TYPE_HASH_HMAC)
+   if (chcr_crypto_alg->type == CRYPTO_ALG_TYPE_HMAC)
return 1;
return 0;
 }
@@ -505,7 +506,7 @@ static inline void create_wreq(struct chcr_context *ctx,
struct sk_buff *skb = NULL;
struct chcr_wr *chcr_req;
struct cpl_rx_phys_dsgl *phys_cpl;
-   struct chcr_blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req);
+   struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req);
struct phys_sge_parm sg_param;
unsigned int frags = 0, transhdr_len, phys_dsgl;
unsigned int ivsize = crypto_ablkcipher_ivsize(tfm), kctx_len;
@@ -514,12 +515,11 @@ static inline void create_wreq(struct chcr_context *ctx,
 
if (!req->info)
return ERR_PTR(-EINVAL);
-   ablkctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
-   if (ablkctx->dst_nents <= 0) {
+   reqctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
+   if (reqctx->dst_nents <= 0) {
pr_err("AES:Invalid Destination sg lists\n");
return ERR_PTR(-EINVAL);
}
-   ablkctx->enc = op_type;
if ((ablkctx->enckey_len == 0) || (ivsize > AES_BLOCK_SIZE) ||
(req->nbytes <= 0) || (req->nbytes % AES_BLOCK_SIZE)) {
pr_err("AES: Invalid value of Key Len %d nbytes %d IV Len %d\n",
@@ -527,7 +527,7 @@ static inline void create_wreq(struct chcr_context *ctx,
return ERR_PTR(-EINVAL);
}
 
-   phys_dsgl = get_space_for_phys_dsgl(ablkctx->dst_nents);
+   phys_dsgl = get_space_for_phys_dsgl(reqctx->dst_nents);
 
kctx_len = (DIV_ROUND_UP(ablkctx->enckey_len, 16) * 16);
transhdr_len = CIPHER_TRANSHDR_SIZE(kctx_len, phys_dsgl);
@@ -570,7 +570,7 @@ static inline void create_wreq(struct chcr_context *ctx,
}
}
phys_cpl = (struct cpl_rx_phys_dsgl *)((u8 *)(chcr_req + 1) + kctx_len);
-   sg_param.nents = ablkctx->dst_nents;
+   sg_param.nents = reqctx->dst_nents;
sg_param.obsize = req->nbytes;
sg_param.qid = qid;
sg_param.align = 1;
@@ -579,11 +579,11 @@ static inline void create_wreq(struct chcr_context *ctx,
goto map_fail1;
 
skb_set_transport_header(skb, transhdr_len);
-   memcpy(ablkctx->iv, req->info, ivsize);
-   write_buffer_to_skb(skb, , ablkctx->iv, ivsize);
+   memcpy(reqctx->iv, req->info, ivsize);
+   write_buffer_to_skb(skb, , reqctx->iv, ivsize);
write_sg_to_skb(skb, , req->src, req->nbytes);
create_wreq(ctx, chcr_req, req, skb, kctx_len, 0, phys_dsgl);
-   req_ctx->skb = skb;
+   reqctx->skb = skb;
skb_get(skb);
return skb;
 map_fail1:
dif

[PATCH v2 5/9]crypto/chcr: Calculate Reverse round key in setkey callback.

[Harsh Jain]

Move reverse round key calculation logic in setkey operation.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   | 52 
 drivers/crypto/chelsio/chcr_crypto.h |  2 +-
 2 files changed, 24 insertions(+), 30 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index c78d107..d5e0066 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -455,16 +455,13 @@ static int generate_copy_rrkey(struct ablk_ctx *ablkctx,
   struct _key_ctx *key_ctx)
 {
if (ablkctx->ciph_mode == CHCR_SCMD_CIPHER_MODE_AES_CBC) {
-   get_aes_decrypt_key(key_ctx->key, ablkctx->key,
-   ablkctx->enckey_len << 3);
-   memset(key_ctx->key + ablkctx->enckey_len, 0,
-  CHCR_AES_MAX_KEY_LEN - ablkctx->enckey_len);
+   memcpy(key_ctx->key, ablkctx->rrkey, ablkctx->enckey_len);
} else {
memcpy(key_ctx->key,
   ablkctx->key + (ablkctx->enckey_len >> 1),
   ablkctx->enckey_len >> 1);
-   get_aes_decrypt_key(key_ctx->key + (ablkctx->enckey_len >> 1),
-   ablkctx->key, ablkctx->enckey_len << 2);
+   memcpy(key_ctx->key + (ablkctx->enckey_len >> 1),
+  ablkctx->rrkey, ablkctx->enckey_len >> 1);
}
return 0;
 }
@@ -620,15 +617,9 @@ static int chcr_aes_cbc_setkey(struct crypto_ablkcipher 
*tfm, const u8 *key,
 {
struct chcr_context *ctx = crypto_ablkcipher_ctx(tfm);
struct ablk_ctx *ablkctx = ABLK_CTX(ctx);
-   struct ablkcipher_alg *alg = crypto_ablkcipher_alg(tfm);
unsigned int ck_size, context_size;
u16 alignment = 0;
 
-   if ((keylen < alg->min_keysize) || (keylen > alg->max_keysize))
-   goto badkey_err;
-
-   memcpy(ablkctx->key, key, keylen);
-   ablkctx->enckey_len = keylen;
if (keylen == AES_KEYSIZE_128) {
ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_128;
} else if (keylen == AES_KEYSIZE_192) {
@@ -639,7 +630,9 @@ static int chcr_aes_cbc_setkey(struct crypto_ablkcipher 
*tfm, const u8 *key,
} else {
goto badkey_err;
}
-
+   memcpy(ablkctx->key, key, keylen);
+   ablkctx->enckey_len = keylen;
+   get_aes_decrypt_key(ablkctx->rrkey, ablkctx->key, keylen << 3);
context_size = (KEY_CONTEXT_HDR_SALT_AND_PAD +
keylen + alignment) >> 4;
 
@@ -1172,28 +1165,29 @@ static int chcr_aes_xts_setkey(struct crypto_ablkcipher 
*tfm, const u8 *key,
 {
struct chcr_context *ctx = crypto_ablkcipher_ctx(tfm);
struct ablk_ctx *ablkctx = ABLK_CTX(ctx);
-   int status = 0;
unsigned short context_size = 0;
 
-   if ((key_len == (AES_KEYSIZE_128 << 1)) ||
-   (key_len == (AES_KEYSIZE_256 << 1))) {
-   memcpy(ablkctx->key, key, key_len);
-   ablkctx->enckey_len = key_len;
-   context_size = (KEY_CONTEXT_HDR_SALT_AND_PAD + key_len) >> 4;
-   ablkctx->key_ctx_hdr =
-   FILL_KEY_CTX_HDR((key_len == AES_KEYSIZE_256) ?
-CHCR_KEYCTX_CIPHER_KEY_SIZE_128 :
-CHCR_KEYCTX_CIPHER_KEY_SIZE_256,
-CHCR_KEYCTX_NO_KEY, 1,
-0, context_size);
-   ablkctx->ciph_mode = CHCR_SCMD_CIPHER_MODE_AES_XTS;
-   } else {
+   if ((key_len != (AES_KEYSIZE_128 << 1)) &&
+   (key_len != (AES_KEYSIZE_256 << 1))) {
crypto_tfm_set_flags((struct crypto_tfm *)tfm,
 CRYPTO_TFM_RES_BAD_KEY_LEN);
ablkctx->enckey_len = 0;
-   status = -EINVAL;
+   return -EINVAL;
+
}
-   return status;
+
+   memcpy(ablkctx->key, key, key_len);
+   ablkctx->enckey_len = key_len;
+   get_aes_decrypt_key(ablkctx->rrkey, ablkctx->key, key_len << 2);
+   context_size = (KEY_CONTEXT_HDR_SALT_AND_PAD + key_len) >> 4;
+   ablkctx->key_ctx_hdr =
+   FILL_KEY_CTX_HDR((key_len == AES_KEYSIZE_256) ?
+CHCR_KEYCTX_CIPHER_KEY_SIZE_128 :
+CHCR_KEYCTX_CIPHER_KEY_SIZE_256,
+CHCR_KEYCTX_NO_KEY, 1,
+0, context_size);
+   ablkctx->ciph_mode = CHCR_SCMD_CIPHER_MODE_AES_XTS;
+   return 0;
 }
 
 static int chcr_sha_init(struct ahash_request *areq)
diff --git a/driver

[PATCH v2 7/9] crypto/chcr: Use SHASH_DESC_ON_STACK

[Harsh Jain]

Use SHASH_DESC_ON_STACK macro to allocate memory for ipad/opad
calculation.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   | 63 +++-
 drivers/crypto/chelsio/chcr_crypto.h |  2 +-
 2 files changed, 27 insertions(+), 38 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 17d0c1f..7262bb3 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -228,40 +228,29 @@ static void get_aes_decrypt_key(unsigned char *dec_key,
}
 }
 
-static struct shash_desc *chcr_alloc_shash(unsigned int ds)
+static struct crypto_shash *chcr_alloc_shash(unsigned int ds)
 {
struct crypto_shash *base_hash = NULL;
-   struct shash_desc *desc;
 
switch (ds) {
case SHA1_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha1-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha1", 0, 0);
break;
case SHA224_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha224-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha224", 0, 0);
break;
case SHA256_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha256-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha256", 0, 0);
break;
case SHA384_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha384-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha384", 0, 0);
break;
case SHA512_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha512-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha512", 0, 0);
break;
}
-   if (IS_ERR(base_hash)) {
-   pr_err("Can not allocate sha-generic algo.\n");
-   return (void *)base_hash;
-   }
 
-   desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(base_hash),
-  GFP_KERNEL);
-   if (!desc)
-   return ERR_PTR(-ENOMEM);
-   desc->tfm = base_hash;
-   desc->flags = crypto_shash_get_flags(base_hash);
-   return desc;
+   return base_hash;
 }
 
 static int chcr_compute_partial_hash(struct shash_desc *desc,
@@ -770,6 +759,11 @@ static int get_alg_config(struct algo_param *params,
return 0;
 }
 
+static inline void chcr_free_shash(struct crypto_shash *base_hash)
+{
+   crypto_free_shash(base_hash);
+}
+
 /**
  * create_hash_wr - Create hash work request
  * @req - Cipher req base
@@ -1106,15 +1100,16 @@ static int chcr_ahash_setkey(struct crypto_ahash *tfm, 
const u8 *key,
unsigned int bs = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
unsigned int i, err = 0, updated_digestsize;
 
-   /*
-* use the key to calculate the ipad and opad. ipad will sent with the
+   SHASH_DESC_ON_STACK(shash, hmacctx->base_hash);
+
+   /* use the key to calculate the ipad and opad. ipad will sent with the
 * first request's data. opad will be sent with the final hash result
 * ipad in hmacctx->ipad and opad in hmacctx->opad location
 */
-   if (!hmacctx->desc)
-   return -EINVAL;
+   shash->tfm = hmacctx->base_hash;
+   shash->flags = crypto_shash_get_flags(hmacctx->base_hash);
if (keylen > bs) {
-   err = crypto_shash_digest(hmacctx->desc, key, keylen,
+   err = crypto_shash_digest(shash, key, keylen,
  hmacctx->ipad);
if (err)
goto out;
@@ -1135,13 +1130,13 @@ static int chcr_ahash_setkey(struct crypto_ahash *tfm, 
const u8 *key,
updated_digestsize = SHA256_DIGEST_SIZE;
else if (digestsize == SHA384_DIGEST_SIZE)
updated_digestsize = SHA512_DIGEST_SIZE;
-   err = chcr_compute_partial_hash(hmacctx->desc, hmacctx->ipad,
+   err = chcr_compute_partial_hash(shash, hmacctx->ipad,
hmacctx->ipad, digestsize);
if (err)
goto out;
chcr_change_order(hmacctx->ipad, updated_digestsize);
 
-   err = chcr_compute_partial_hash(hmacctx->desc, hmacctx->opad,
+   err = chcr_compute_partial_hash(shash, hmacctx->opad,
hmacctx->opad, digestsize);
if (err)
goto out;
@@ -1237,26 +1232,20 @@ static int chcr_hmac_cra_init(struct crypto_tfm *tfm)
 
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
 sizeof(struct chcr_ahash_req_ctx));
-   hmacctx->desc = chcr_alloc_shash(digestsize);
-   if (IS_ERR(hmacctx->desc))
-   return P

[PATCH v2 3/9] crypto/chcr: Fixes Unchecked dereference inside function

[Harsh Jain]

Fixes 324429d74127, Unchecked dereference inside function.

Reported-by: Dan Carpenter 
Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 5918e1e..ff1c4e8 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -439,8 +439,9 @@ static inline void write_buffer_to_skb(struct sk_buff *skb,
skb->len += count;
skb->data_len += count;
skb->truesize += count;
+
while (count > 0) {
-   if (sg && (!(sg->length)))
+   if (!sg || (!(sg->length)))
break;
spage = sg_page(sg);
get_page(spage);
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 6/9] crypto/chcr: Adjust Dest. buffer size

[Harsh Jain]

Destination buffer size passed to hardware should not be greater
than crypto operation output.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c | 50 +++---
 1 file changed, 20 insertions(+), 30 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index d5e0066..17d0c1f 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -335,25 +335,13 @@ static inline int is_hmac(struct crypto_tfm *tfm)
return 0;
 }
 
-static inline unsigned int ch_nents(struct scatterlist *sg,
-   unsigned int *total_size)
-{
-   unsigned int nents;
-
-   for (nents = 0, *total_size = 0; sg; sg = sg_next(sg)) {
-   nents++;
-   *total_size += sg->length;
-   }
-   return nents;
-}
-
 static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl,
   struct scatterlist *sg,
   struct phys_sge_parm *sg_param)
 {
struct phys_sge_pairs *to;
-   unsigned int out_buf_size = sg_param->obsize;
-   unsigned int nents = sg_param->nents, i, j, tot_len = 0;
+   int out_buf_size = sg_param->obsize;
+   unsigned int nents = sg_param->nents, i, j = 0;
 
phys_cpl->op_to_tid = htonl(CPL_RX_PHYS_DSGL_OPCODE_V(CPL_RX_PHYS_DSGL)
| CPL_RX_PHYS_DSGL_ISRDMA_V(0));
@@ -371,25 +359,24 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl 
*phys_cpl,
   sizeof(struct cpl_rx_phys_dsgl));
 
for (i = 0; nents; to++) {
-   for (j = i; (nents && (j < (8 + i))); j++, nents--) {
-   to->len[j] = htons(sg->length);
+   for (j = 0; j < 8 && nents; j++, nents--) {
+   out_buf_size -= sg_dma_len(sg);
+   to->len[j] = htons(sg_dma_len(sg));
to->addr[j] = cpu_to_be64(sg_dma_address(sg));
-   if (out_buf_size) {
-   if (tot_len + sg_dma_len(sg) >= out_buf_size) {
-   to->len[j] = htons(out_buf_size -
-  tot_len);
-   return;
-   }
-   tot_len += sg_dma_len(sg);
-   }
sg = sg_next(sg);
}
}
+   if (out_buf_size) {
+   j--;
+   to--;
+   to->len[j] = htons(ntohs(to->len[j]) + (out_buf_size));
+   }
 }
 
-static inline unsigned
-int map_writesg_phys_cpl(struct device *dev, struct cpl_rx_phys_dsgl *phys_cpl,
-struct scatterlist *sg, struct phys_sge_parm *sg_param)
+static inline int map_writesg_phys_cpl(struct device *dev,
+   struct cpl_rx_phys_dsgl *phys_cpl,
+   struct scatterlist *sg,
+   struct phys_sge_parm *sg_param)
 {
if (!sg || !sg_param->nents)
return 0;
@@ -531,16 +518,19 @@ static inline void create_wreq(struct chcr_context *ctx,
struct cpl_rx_phys_dsgl *phys_cpl;
struct chcr_blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req);
struct phys_sge_parm sg_param;
-   unsigned int frags = 0, transhdr_len, phys_dsgl, dst_bufsize = 0;
+   unsigned int frags = 0, transhdr_len, phys_dsgl;
unsigned int ivsize = crypto_ablkcipher_ivsize(tfm), kctx_len;
gfp_t flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
GFP_ATOMIC;
 
if (!req->info)
return ERR_PTR(-EINVAL);
-   ablkctx->dst_nents = ch_nents(req->dst, _bufsize);
+   ablkctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
+   if (ablkctx->dst_nents <= 0) {
+   pr_err("AES:Invalid Destination sg lists\n");
+   return ERR_PTR(-EINVAL);
+   }
ablkctx->enc = op_type;
-
if ((ablkctx->enckey_len == 0) || (ivsize > AES_BLOCK_SIZE) ||
(req->nbytes <= 0) || (req->nbytes % AES_BLOCK_SIZE)) {
pr_err("AES: Invalid value of Key Len %d nbytes %d IV Len %d\n",
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 4/9] crypto/chcr: Remove dynamic allocation

[Harsh Jain]

Remove malloc/free in hash operation and allocate
 memory in chcr_ahash_req_ctx structure.

Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c   | 69 +---
 drivers/crypto/chelsio/chcr_crypto.h |  8 +++--
 2 files changed, 45 insertions(+), 32 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index ff1c4e8..c78d107 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -150,8 +150,6 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
   sizeof(struct cpl_fw6_pld),
   updated_digestsize);
}
-   kfree(ctx_req.ctx.ahash_ctx->dummy_payload_ptr);
-   ctx_req.ctx.ahash_ctx->dummy_payload_ptr = NULL;
break;
}
return 0;
@@ -860,8 +858,8 @@ static struct sk_buff *create_hash_wr(struct ahash_request 
*req,
 
skb_set_transport_header(skb, transhdr_len);
if (param->bfr_len != 0)
-   write_buffer_to_skb(skb, , req_ctx->bfr,
-   param->bfr_len);
+   write_buffer_to_skb(skb, , req_ctx->reqbfr,
+   param->bfr_len);
if (param->sg_len != 0)
write_sg_to_skb(skb, , req->src, param->sg_len);
 
@@ -892,30 +890,41 @@ static int chcr_ahash_update(struct ahash_request *req)
return -EBUSY;
}
 
-   if (nbytes + req_ctx->bfr_len >= bs) {
-   remainder = (nbytes + req_ctx->bfr_len) % bs;
-   nbytes = nbytes + req_ctx->bfr_len - remainder;
+   if (nbytes + req_ctx->reqlen >= bs) {
+   remainder = (nbytes + req_ctx->reqlen) % bs;
+   nbytes = nbytes + req_ctx->reqlen - remainder;
} else {
-   sg_pcopy_to_buffer(req->src, sg_nents(req->src), req_ctx->bfr +
-  req_ctx->bfr_len, nbytes, 0);
-   req_ctx->bfr_len += nbytes;
+   sg_pcopy_to_buffer(req->src, sg_nents(req->src), req_ctx->reqbfr
+  + req_ctx->reqlen, nbytes, 0);
+   req_ctx->reqlen += nbytes;
return 0;
}
 
params.opad_needed = 0;
params.more = 1;
params.last = 0;
+   params.sg_len = nbytes - req_ctx->reqlen;
+   params.bfr_len = req_ctx->reqlen;
params.scmd1 = 0;
get_alg_config(_prm, crypto_ahash_digestsize(rtfm));
req_ctx->result = 0;
req_ctx->data_len += params.sg_len + params.bfr_len;
skb = create_hash_wr(req, );
 
-   req_ctx->bfr_len = remainder;
-   if (remainder)
+   if (IS_ERR(skb))
+   return PTR_ERR(skb);
+
+   if (remainder) {
+   u8 *temp;
+   /* Swap buffers */
+   temp = req_ctx->reqbfr;
+   req_ctx->reqbfr = req_ctx->skbfr;
+   req_ctx->skbfr = temp;
sg_pcopy_to_buffer(req->src, sg_nents(req->src),
-  req_ctx->bfr, remainder, req->nbytes -
+  req_ctx->reqbfr, remainder, req->nbytes -
   remainder);
+   }
+   req_ctx->reqlen = remainder;
skb->dev = u_ctx->lldi.ports[0];
set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);
chcr_send_wr(skb);
@@ -951,10 +960,10 @@ static int chcr_ahash_final(struct ahash_request *req)
params.sg_len = 0;
get_alg_config(_prm, crypto_ahash_digestsize(rtfm));
req_ctx->result = 1;
-   params.bfr_len = req_ctx->bfr_len;
+   params.bfr_len = req_ctx->reqlen;
req_ctx->data_len += params.bfr_len + params.sg_len;
-   if (req_ctx->bfr && (req_ctx->bfr_len == 0)) {
-   create_last_hash_block(req_ctx->bfr, bs, req_ctx->data_len);
+   if (req_ctx->reqlen == 0) {
+   create_last_hash_block(req_ctx->reqbfr, bs, req_ctx->data_len);
params.last = 0;
params.more = 1;
params.scmd1 = 0;
@@ -1000,12 +1009,12 @@ static int chcr_ahash_finup(struct ahash_request *req)
params.opad_needed = 0;
 
params.sg_len = req->nbytes;
-   params.bfr_len = req_ctx->bfr_len;
+   params.bfr_len = req_ctx->reqlen;
get_alg_config(_prm, crypto_ahash_digestsize(rtfm));
req_ctx->data_len += params.bfr_len + params.sg_len;
req_ctx->result = 1;
-   if (req_ctx->bfr && (req_ctx->bfr_len + req->nbytes) == 0) {
-   create_last_hash_block(req_ctx->bfr, bs, req_ctx->data_len);
+   if ((req_ctx->reqlen + req->nbytes) == 0) {
+   create_last_hash_block(req_ctx->reqbfr, bs, req_ctx->data_len);
params.last = 0;
params.more = 1;
params.scmd1 = 0;
@@ -1061,8 +1070,8 @@ 

Re: [PATCH 2/6] chcr: Remove malloc/free

[Harsh Jain]

On 21-10-2016 07:50, Herbert Xu wrote:
> On Thu, Oct 13, 2016 at 04:39:35PM +0530, Harsh Jain wrote:
>> Remove malloc/free in crypto operation and allocate memory via cra_ctxsize.
>> Added new structure chcr_wr to populate Work Request Header.
>> Fixes: 324429d74127 (chcr: Support for Chelsio's Crypto Hardware)
> Do you mean the reqsize as opposed to ctxsize since the latter is
> shared by all tfm users?
It's reqsize for hash algos (chcr_ahash_req_ctx struct ) and ctxsize for Cipher 
algos(ablk_ctx struct),As rrkey(reverse round key) is also same for all tfm.
>
> In any case, your patch doesn't seem to change the size setting?
Added new variables in old structure. Size setting related code is unchanged.
In v2  will break the patch to smaller one.
>
> Cheers,

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/6] chcr: Adjust Dest. buffer size

[Harsh Jain]

Destination buffer size passed to hardware should not be greater
than crypto operation output.

Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c | 50 +++---
 1 file changed, 20 insertions(+), 30 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index d5e0066..17d0c1f 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -335,25 +335,13 @@ static inline int is_hmac(struct crypto_tfm *tfm)
return 0;
 }
 
-static inline unsigned int ch_nents(struct scatterlist *sg,
-   unsigned int *total_size)
-{
-   unsigned int nents;
-
-   for (nents = 0, *total_size = 0; sg; sg = sg_next(sg)) {
-   nents++;
-   *total_size += sg->length;
-   }
-   return nents;
-}
-
 static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl,
   struct scatterlist *sg,
   struct phys_sge_parm *sg_param)
 {
struct phys_sge_pairs *to;
-   unsigned int out_buf_size = sg_param->obsize;
-   unsigned int nents = sg_param->nents, i, j, tot_len = 0;
+   int out_buf_size = sg_param->obsize;
+   unsigned int nents = sg_param->nents, i, j = 0;
 
phys_cpl->op_to_tid = htonl(CPL_RX_PHYS_DSGL_OPCODE_V(CPL_RX_PHYS_DSGL)
| CPL_RX_PHYS_DSGL_ISRDMA_V(0));
@@ -371,25 +359,24 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl 
*phys_cpl,
   sizeof(struct cpl_rx_phys_dsgl));
 
for (i = 0; nents; to++) {
-   for (j = i; (nents && (j < (8 + i))); j++, nents--) {
-   to->len[j] = htons(sg->length);
+   for (j = 0; j < 8 && nents; j++, nents--) {
+   out_buf_size -= sg_dma_len(sg);
+   to->len[j] = htons(sg_dma_len(sg));
to->addr[j] = cpu_to_be64(sg_dma_address(sg));
-   if (out_buf_size) {
-   if (tot_len + sg_dma_len(sg) >= out_buf_size) {
-   to->len[j] = htons(out_buf_size -
-  tot_len);
-   return;
-   }
-   tot_len += sg_dma_len(sg);
-   }
sg = sg_next(sg);
}
}
+   if (out_buf_size) {
+   j--;
+   to--;
+   to->len[j] = htons(ntohs(to->len[j]) + (out_buf_size));
+   }
 }
 
-static inline unsigned
-int map_writesg_phys_cpl(struct device *dev, struct cpl_rx_phys_dsgl *phys_cpl,
-struct scatterlist *sg, struct phys_sge_parm *sg_param)
+static inline int map_writesg_phys_cpl(struct device *dev,
+   struct cpl_rx_phys_dsgl *phys_cpl,
+   struct scatterlist *sg,
+   struct phys_sge_parm *sg_param)
 {
if (!sg || !sg_param->nents)
return 0;
@@ -531,16 +518,19 @@ static struct sk_buff
struct cpl_rx_phys_dsgl *phys_cpl;
struct chcr_blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req);
struct phys_sge_parm sg_param;
-   unsigned int frags = 0, transhdr_len, phys_dsgl, dst_bufsize = 0;
+   unsigned int frags = 0, transhdr_len, phys_dsgl;
unsigned int ivsize = crypto_ablkcipher_ivsize(tfm), kctx_len;
gfp_t flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
GFP_ATOMIC;
 
if (!req->info)
return ERR_PTR(-EINVAL);
-   ablkctx->dst_nents = ch_nents(req->dst, _bufsize);
+   ablkctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
+   if (ablkctx->dst_nents <= 0) {
+   pr_err("AES:Invalid Destination sg lists\n");
+   return ERR_PTR(-EINVAL);
+   }
ablkctx->enc = op_type;
-
if ((ablkctx->enckey_len == 0) || (ivsize > AES_BLOCK_SIZE) ||
(req->nbytes <= 0) || (req->nbytes % AES_BLOCK_SIZE)) {
pr_err("AES: Invalid value of Key Len %d nbytes %d IV Len %d\n",
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 6/6] Add support for AEAD algos.

[Harsh Jain]

Add support for following AEAD algos.
 GCM,CCM,RFC4106,RFC4309,authenc(hmac(shaXXX),cbc(aes)).

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/Kconfig   |1 +
 drivers/crypto/chelsio/chcr_algo.c   | 1466 +-
 drivers/crypto/chelsio/chcr_algo.h   |   16 +-
 drivers/crypto/chelsio/chcr_core.c   |8 +-
 drivers/crypto/chelsio/chcr_core.h   |2 -
 drivers/crypto/chelsio/chcr_crypto.h |   90 ++-
 6 files changed, 1541 insertions(+), 42 deletions(-)

diff --git a/drivers/crypto/chelsio/Kconfig b/drivers/crypto/chelsio/Kconfig
index 4ce67fb..3e104f5 100644
--- a/drivers/crypto/chelsio/Kconfig
+++ b/drivers/crypto/chelsio/Kconfig
@@ -4,6 +4,7 @@ config CRYPTO_DEV_CHELSIO
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_SHA512
+   select CRYPTO_AUTHENC
---help---
  The Chelsio Crypto Co-processor driver for T6 adapters.
 
diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 18385d6..cffc38f 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -54,6 +54,12 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
 #include 
 
 #include "t4fw_api.h"
@@ -62,6 +68,11 @@
 #include "chcr_algo.h"
 #include "chcr_crypto.h"
 
+static inline  struct chcr_aead_ctx *AEAD_CTX(struct chcr_context *ctx)
+{
+   return ctx->crypto_ctx->aeadctx;
+}
+
 static inline struct ablk_ctx *ABLK_CTX(struct chcr_context *ctx)
 {
return ctx->crypto_ctx->ablkctx;
@@ -72,6 +83,16 @@ static inline struct hmac_ctx *HMAC_CTX(struct chcr_context 
*ctx)
return ctx->crypto_ctx->hmacctx;
 }
 
+static inline struct chcr_gcm_ctx *GCM_CTX(struct chcr_aead_ctx *gctx)
+{
+   return gctx->ctx->gcm;
+}
+
+static inline struct chcr_authenc_ctx *AUTHENC_CTX(struct chcr_aead_ctx *gctx)
+{
+   return gctx->ctx->authenc;
+}
+
 static inline struct uld_ctx *ULD_CTX(struct chcr_context *ctx)
 {
return ctx->dev->u_ctx;
@@ -94,12 +115,37 @@ static inline unsigned int sgl_len(unsigned int n)
return (3 * n) / 2 + (n & 1) + 2;
 }
 
+static void chcr_verify_tag(struct aead_request *req, u8 *input, int *err)
+{
+   u8 temp[SHA512_DIGEST_SIZE];
+   struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+   int authsize = crypto_aead_authsize(tfm);
+   struct cpl_fw6_pld *fw6_pld;
+   int cmp = 0;
+
+   fw6_pld = (struct cpl_fw6_pld *)input;
+   if ((get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) ||
+   (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_GCM)) {
+   cmp = memcmp(_pld->data[2], (fw6_pld + 1), authsize);
+   } else {
+
+   sg_pcopy_to_buffer(req->src, sg_nents(req->src), temp,
+   authsize, req->assoclen +
+   req->cryptlen - authsize);
+   cmp = memcmp(temp, (fw6_pld + 1), authsize);
+   }
+   if (cmp)
+   *err = -EBADMSG;
+   else
+   *err = 0;
+}
+
 /*
  * chcr_handle_resp - Unmap the DMA buffers associated with the request
  * @req: crypto request
  */
 int chcr_handle_resp(struct crypto_async_request *req, unsigned char *input,
-int error_status)
+int err)
 {
struct crypto_tfm *tfm = req->tfm;
struct chcr_context *ctx = crypto_tfm_ctx(tfm);
@@ -109,11 +155,27 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
unsigned int digestsize, updated_digestsize;
 
switch (tfm->__crt_alg->cra_flags & CRYPTO_ALG_TYPE_MASK) {
+   case CRYPTO_ALG_TYPE_AEAD:
+   ctx_req.req.aead_req = (struct aead_request *)req;
+   ctx_req.ctx.reqctx = aead_request_ctx(ctx_req.req.aead_req);
+   dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.req.aead_req->dst,
+ctx_req.ctx.reqctx->dst_nents, DMA_FROM_DEVICE);
+   if (ctx_req.ctx.reqctx->skb) {
+   kfree_skb(ctx_req.ctx.reqctx->skb);
+   ctx_req.ctx.reqctx->skb = NULL;
+   }
+   if (ctx_req.ctx.reqctx->verify == VERIFY_SW) {
+   chcr_verify_tag(ctx_req.req.aead_req, input,
+   );
+   ctx_req.ctx.reqctx->verify = VERIFY_HW;
+   }
+   break;
+
case CRYPTO_ALG_TYPE_BLKCIPHER:
ctx_req.req.ablk_req = (struct ablkcipher_request *)req;
ctx_req.ctx.ablk_ctx =
ablkcipher_request_ctx(ctx_req.req.ablk_req);
-   if (!error_status) {
+   if (!err) {
fw6_pld = (struct cpl_fw6_pld *)input;
  

[PATCH 5/6] chcr: Move tfm ctx variable to request context

[Harsh Jain]

Move tfm ctx variable to request context.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   | 26 +-
 drivers/crypto/chelsio/chcr_crypto.h |  9 -
 2 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 7262bb3..18385d6 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -119,7 +119,7 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
   AES_BLOCK_SIZE);
}
dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.req.ablk_req->dst,
-ABLK_CTX(ctx)->dst_nents, DMA_FROM_DEVICE);
+ctx_req.ctx.ablk_ctx->dst_nents, DMA_FROM_DEVICE);
if (ctx_req.ctx.ablk_ctx->skb) {
kfree_skb(ctx_req.ctx.ablk_ctx->skb);
ctx_req.ctx.ablk_ctx->skb = NULL;
@@ -138,8 +138,10 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
updated_digestsize = SHA256_DIGEST_SIZE;
else if (digestsize == SHA384_DIGEST_SIZE)
updated_digestsize = SHA512_DIGEST_SIZE;
-   if (ctx_req.ctx.ahash_ctx->skb)
+   if (ctx_req.ctx.ahash_ctx->skb) {
+   kfree_skb(ctx_req.ctx.ahash_ctx->skb);
ctx_req.ctx.ahash_ctx->skb = NULL;
+   }
if (ctx_req.ctx.ahash_ctx->result == 1) {
ctx_req.ctx.ahash_ctx->result = 0;
memcpy(ctx_req.req.ahash_req->result, input +
@@ -318,8 +320,7 @@ static inline int is_hmac(struct crypto_tfm *tfm)
struct chcr_alg_template *chcr_crypto_alg =
container_of(__crypto_ahash_alg(alg), struct chcr_alg_template,
 alg.hash);
-   if ((chcr_crypto_alg->type & CRYPTO_ALG_SUB_TYPE_MASK) ==
-   CRYPTO_ALG_SUB_TYPE_HASH_HMAC)
+   if (chcr_crypto_alg->type == CRYPTO_ALG_TYPE_HMAC)
return 1;
return 0;
 }
@@ -505,7 +506,7 @@ static struct sk_buff
struct sk_buff *skb = NULL;
struct chcr_wr *chcr_req;
struct cpl_rx_phys_dsgl *phys_cpl;
-   struct chcr_blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req);
+   struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req);
struct phys_sge_parm sg_param;
unsigned int frags = 0, transhdr_len, phys_dsgl;
unsigned int ivsize = crypto_ablkcipher_ivsize(tfm), kctx_len;
@@ -514,12 +515,11 @@ static struct sk_buff
 
if (!req->info)
return ERR_PTR(-EINVAL);
-   ablkctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
-   if (ablkctx->dst_nents <= 0) {
+   reqctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
+   if (reqctx->dst_nents <= 0) {
pr_err("AES:Invalid Destination sg lists\n");
return ERR_PTR(-EINVAL);
}
-   ablkctx->enc = op_type;
if ((ablkctx->enckey_len == 0) || (ivsize > AES_BLOCK_SIZE) ||
(req->nbytes <= 0) || (req->nbytes % AES_BLOCK_SIZE)) {
pr_err("AES: Invalid value of Key Len %d nbytes %d IV Len %d\n",
@@ -527,7 +527,7 @@ static struct sk_buff
return ERR_PTR(-EINVAL);
}
 
-   phys_dsgl = get_space_for_phys_dsgl(ablkctx->dst_nents);
+   phys_dsgl = get_space_for_phys_dsgl(reqctx->dst_nents);
 
kctx_len = (DIV_ROUND_UP(ablkctx->enckey_len, 16) * 16);
transhdr_len = CIPHER_TRANSHDR_SIZE(kctx_len, phys_dsgl);
@@ -570,7 +570,7 @@ static struct sk_buff
}
}
phys_cpl = (struct cpl_rx_phys_dsgl *)((u8 *)(chcr_req + 1) + kctx_len);
-   sg_param.nents = ablkctx->dst_nents;
+   sg_param.nents = reqctx->dst_nents;
sg_param.obsize = req->nbytes;
sg_param.qid = qid;
sg_param.align = 1;
@@ -579,11 +579,11 @@ static struct sk_buff
goto map_fail1;
 
skb_set_transport_header(skb, transhdr_len);
-   memcpy(ablkctx->iv, req->info, ivsize);
-   write_buffer_to_skb(skb, , ablkctx->iv, ivsize);
+   memcpy(reqctx->iv, req->info, ivsize);
+   write_buffer_to_skb(skb, , reqctx->iv, ivsize);
write_sg_to_skb(skb, , req->src, req->nbytes);
create_wreq(ctx, chcr_req, req, skb, kctx_len, 0, phys_dsgl);
-   req_ctx->skb = skb;
+   reqctx->skb = skb;
skb_get(skb);
return skb;
 map_fail1:
diff --git a/drivers/crypto/chelsio/chcr_crypto.h 
b/drivers/crypto/chelsio/chcr_crypto.h
index 977d205..40a5182 100644
--- a/drivers/crypto/chelsio/chcr_crypto.h
+++ b/drivers/crypt

[PATCH 4/6] chcr: Use SHASH_DESC_ON_STACK

[Harsh Jain]

Use SHASH_DESC_ON_STACK macro to allocate memory for ipad/opad
calculation.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   | 63 +++-
 drivers/crypto/chelsio/chcr_crypto.h |  2 +-
 2 files changed, 27 insertions(+), 38 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 17d0c1f..7262bb3 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -228,40 +228,29 @@ static void get_aes_decrypt_key(unsigned char *dec_key,
}
 }
 
-static struct shash_desc *chcr_alloc_shash(unsigned int ds)
+static struct crypto_shash *chcr_alloc_shash(unsigned int ds)
 {
struct crypto_shash *base_hash = NULL;
-   struct shash_desc *desc;
 
switch (ds) {
case SHA1_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha1-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha1", 0, 0);
break;
case SHA224_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha224-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha224", 0, 0);
break;
case SHA256_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha256-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha256", 0, 0);
break;
case SHA384_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha384-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha384", 0, 0);
break;
case SHA512_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha512-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha512", 0, 0);
break;
}
-   if (IS_ERR(base_hash)) {
-   pr_err("Can not allocate sha-generic algo.\n");
-   return (void *)base_hash;
-   }
 
-   desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(base_hash),
-  GFP_KERNEL);
-   if (!desc)
-   return ERR_PTR(-ENOMEM);
-   desc->tfm = base_hash;
-   desc->flags = crypto_shash_get_flags(base_hash);
-   return desc;
+   return base_hash;
 }
 
 static int chcr_compute_partial_hash(struct shash_desc *desc,
@@ -770,6 +759,11 @@ static int get_alg_config(struct algo_param *params,
return 0;
 }
 
+static inline void chcr_free_shash(struct crypto_shash *base_hash)
+{
+   crypto_free_shash(base_hash);
+}
+
 /**
  * create_hash_wr - Create hash work request
  * @req - Cipher req base
@@ -1106,15 +1100,16 @@ static int chcr_ahash_setkey(struct crypto_ahash *tfm, 
const u8 *key,
unsigned int bs = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
unsigned int i, err = 0, updated_digestsize;
 
-   /*
-* use the key to calculate the ipad and opad. ipad will sent with the
+   SHASH_DESC_ON_STACK(shash, hmacctx->base_hash);
+
+   /* use the key to calculate the ipad and opad. ipad will sent with the
 * first request's data. opad will be sent with the final hash result
 * ipad in hmacctx->ipad and opad in hmacctx->opad location
 */
-   if (!hmacctx->desc)
-   return -EINVAL;
+   shash->tfm = hmacctx->base_hash;
+   shash->flags = crypto_shash_get_flags(hmacctx->base_hash);
if (keylen > bs) {
-   err = crypto_shash_digest(hmacctx->desc, key, keylen,
+   err = crypto_shash_digest(shash, key, keylen,
  hmacctx->ipad);
if (err)
goto out;
@@ -1135,13 +1130,13 @@ static int chcr_ahash_setkey(struct crypto_ahash *tfm, 
const u8 *key,
updated_digestsize = SHA256_DIGEST_SIZE;
else if (digestsize == SHA384_DIGEST_SIZE)
updated_digestsize = SHA512_DIGEST_SIZE;
-   err = chcr_compute_partial_hash(hmacctx->desc, hmacctx->ipad,
+   err = chcr_compute_partial_hash(shash, hmacctx->ipad,
hmacctx->ipad, digestsize);
if (err)
goto out;
chcr_change_order(hmacctx->ipad, updated_digestsize);
 
-   err = chcr_compute_partial_hash(hmacctx->desc, hmacctx->opad,
+   err = chcr_compute_partial_hash(shash, hmacctx->opad,
hmacctx->opad, digestsize);
if (err)
goto out;
@@ -1237,26 +1232,20 @@ static int chcr_hmac_cra_init(struct crypto_tfm *tfm)
 
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
 sizeof(struct chcr_ahash_req_ctx));
-   hmacctx->desc = chcr_alloc_shash(digestsize);
-   if (IS_ERR(hmacctx->desc))
-   return P

[PATCH 2/6] chcr: Remove malloc/free

[Harsh Jain]

Remove malloc/free in crypto operation and allocate memory via cra_ctxsize.
Added new structure chcr_wr to populate Work Request Header.
Fixes: 324429d74127 (chcr: Support for Chelsio's Crypto Hardware)

Reported-by: Dan Carpenter 
Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c   | 361 +--
 drivers/crypto/chelsio/chcr_algo.h   |  28 ++-
 drivers/crypto/chelsio/chcr_core.h   |  16 ++
 drivers/crypto/chelsio/chcr_crypto.h |  16 +-
 4 files changed, 210 insertions(+), 211 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 944c11f..d5e0066 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -150,8 +150,6 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
   sizeof(struct cpl_fw6_pld),
   updated_digestsize);
}
-   kfree(ctx_req.ctx.ahash_ctx->dummy_payload_ptr);
-   ctx_req.ctx.ahash_ctx->dummy_payload_ptr = NULL;
break;
}
return 0;
@@ -414,8 +412,23 @@ static inline int get_cryptoalg_subtype(struct crypto_tfm 
*tfm)
return chcr_crypto_alg->type & CRYPTO_ALG_SUB_TYPE_MASK;
 }
 
+static inline void write_buffer_to_skb(struct sk_buff *skb,
+   unsigned int *frags,
+   char *bfr,
+   u8 bfr_len)
+{
+   skb->len += bfr_len;
+   skb->data_len += bfr_len;
+   skb->truesize += bfr_len;
+   get_page(virt_to_page(bfr));
+   skb_fill_page_desc(skb, *frags, virt_to_page(bfr),
+  offset_in_page(bfr), bfr_len);
+   (*frags)++;
+}
+
+
 static inline void
-write_sg_data_page_desc(struct sk_buff *skb, unsigned int *frags,
+write_sg_to_skb(struct sk_buff *skb, unsigned int *frags,
struct scatterlist *sg, unsigned int count)
 {
struct page *spage;
@@ -424,8 +437,9 @@ write_sg_data_page_desc(struct sk_buff *skb, unsigned int 
*frags,
skb->len += count;
skb->data_len += count;
skb->truesize += count;
+
while (count > 0) {
-   if (sg && (!(sg->length)))
+   if (!sg || (!(sg->length)))
break;
spage = sg_page(sg);
get_page(spage);
@@ -441,29 +455,24 @@ static int generate_copy_rrkey(struct ablk_ctx *ablkctx,
   struct _key_ctx *key_ctx)
 {
if (ablkctx->ciph_mode == CHCR_SCMD_CIPHER_MODE_AES_CBC) {
-   get_aes_decrypt_key(key_ctx->key, ablkctx->key,
-   ablkctx->enckey_len << 3);
-   memset(key_ctx->key + ablkctx->enckey_len, 0,
-  CHCR_AES_MAX_KEY_LEN - ablkctx->enckey_len);
+   memcpy(key_ctx->key, ablkctx->rrkey, ablkctx->enckey_len);
} else {
memcpy(key_ctx->key,
   ablkctx->key + (ablkctx->enckey_len >> 1),
   ablkctx->enckey_len >> 1);
-   get_aes_decrypt_key(key_ctx->key + (ablkctx->enckey_len >> 1),
-   ablkctx->key, ablkctx->enckey_len << 2);
+   memcpy(key_ctx->key + (ablkctx->enckey_len >> 1),
+  ablkctx->rrkey, ablkctx->enckey_len >> 1);
}
return 0;
 }
 
 static inline void create_wreq(struct chcr_context *ctx,
-  struct fw_crypto_lookaside_wr *wreq,
+  struct chcr_wr *chcr_req,
   void *req, struct sk_buff *skb,
   int kctx_len, int hash_sz,
   unsigned int phys_dsgl)
 {
struct uld_ctx *u_ctx = ULD_CTX(ctx);
-   struct ulp_txpkt *ulptx = (struct ulp_txpkt *)(wreq + 1);
-   struct ulptx_idata *sc_imm = (struct ulptx_idata *)(ulptx + 1);
int iv_loc = IV_DSGL;
int qid = u_ctx->lldi.rxq_ids[ctx->tx_channel_id];
unsigned int immdatalen = 0, nr_frags = 0;
@@ -475,24 +484,27 @@ static inline void create_wreq(struct chcr_context *ctx,
nr_frags = skb_shinfo(skb)->nr_frags;
}
 
-   wreq->op_to_cctx_size = FILL_WR_OP_CCTX_SIZE(immdatalen,
-(kctx_len >> 4));
-   wreq->pld_size_hash_size =
+   chcr_req->wreq.op_to_cctx_size = FILL_WR_OP_CCTX_SIZE(immdatalen,
+   ((sizeof(chcr_req->key_ctx) + kctx_len) >> 4));
+   chcr_req->wreq.pld_size_hash_size =
htonl(FW_CRYPTO_LOOKASIDE_WR_PLD_SIZE_V(sgl_lengths[nr_frags]) |
  FW_CRYPTO_LOOKASIDE_WR_HASH_SIZE_V(hash_sz));
-   wreq->len16_pkd = htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP(
+   chcr_req->wreq.len16_pkd =
+ 

[PATCH 0/6] chcr: AEAD support and bug fixes

[Harsh Jain]

This patch series includes Bug Fixes, performance improvement and
support for following AEAD algos.
GCM,CCM,RFC4106,RFC4303,authenc(hmac(shaXXX),cbc(aes))

This patch series is based on linux-next tree and depends on
("crypto/chcr: Add support for Chelsio Crypto Driver ") series.

https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg20658.html

Jitendra Lulla (3):
  Fix memory corruption done by  *((u32 *)dec_key + k) operation.
  Remove malloc/free in crypto operation and allocate memory in Init.
  Added new structure chcr_wr to populate Work Request Header.
  Destination buffer size passed to hardware should not be greater than
crypto operation output.
Harsh Jain (3):
  Use SHASH_DESC_ON_STACK macro to allocate memory for ipad/opad
calculation.
  Move tfm ctx variable to request context.
  Add support for AEAD algos
GCM,CCM,RFC4106,RFC4303,authenc(hmac(shaXXX),cbc(aes))

 drivers/crypto/chelsio/Kconfig   |1 +
 drivers/crypto/chelsio/chcr_algo.c   | 1998 +-
 drivers/crypto/chelsio/chcr_algo.h   |  102 +-
 drivers/crypto/chelsio/chcr_core.c   |8 +-
 drivers/crypto/chelsio/chcr_core.h   |   18 +-
 drivers/crypto/chelsio/chcr_crypto.h |  115 +-
 6 files changed, 1857 insertions(+), 385 deletions(-)

-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/6] chcr:Fix memory corruption done

[Harsh Jain]

Fix memory corruption done by  *((u32 *)dec_key + k) operation.

Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c | 52 ++
 drivers/crypto/chelsio/chcr_algo.h | 58 +-
 2 files changed, 53 insertions(+), 57 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index e4ddb92..944c11f 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -178,6 +178,58 @@ static inline unsigned int calc_tx_flits_ofld(const struct 
sk_buff *skb)
return flits + sgl_len(cnt);
 }
 
+static void get_aes_decrypt_key(unsigned char *dec_key,
+   const unsigned char *key,
+   unsigned int keylength)
+{
+   u32 temp;
+   u32 w_ring[MAX_NK];
+   int i, j, k;
+   u8  nr, nk;
+
+   switch (keylength) {
+   case AES_KEYLENGTH_128BIT:
+   nk = KEYLENGTH_4BYTES;
+   nr = NUMBER_OF_ROUNDS_10;
+   break;
+   case AES_KEYLENGTH_192BIT:
+   nk = KEYLENGTH_6BYTES;
+   nr = NUMBER_OF_ROUNDS_12;
+   break;
+   case AES_KEYLENGTH_256BIT:
+   nk = KEYLENGTH_8BYTES;
+   nr = NUMBER_OF_ROUNDS_14;
+   break;
+   default:
+   return;
+   }
+   for (i = 0; i < nk; i++)
+   w_ring[i] = be32_to_cpu(*(u32 *)[4 * i]);
+
+   i = 0;
+   temp = w_ring[nk - 1];
+   while (i + nk < (nr + 1) * 4) {
+   if (!(i % nk)) {
+   /* RotWord(temp) */
+   temp = (temp << 8) | (temp >> 24);
+   temp = aes_ks_subword(temp);
+   temp ^= round_constant[i / nk];
+   } else if (nk == 8 && (i % 4 == 0)) {
+   temp = aes_ks_subword(temp);
+   }
+   w_ring[i % nk] ^= temp;
+   temp = w_ring[i % nk];
+   i++;
+   }
+   i--;
+   for (k = 0, j = i % nk; k < nk; k++) {
+   *((u32 *)dec_key + k) = htonl(w_ring[j]);
+   j--;
+   if (j < 0)
+   j += nk;
+   }
+}
+
 static struct shash_desc *chcr_alloc_shash(unsigned int ds)
 {
struct crypto_shash *base_hash = NULL;
diff --git a/drivers/crypto/chelsio/chcr_algo.h 
b/drivers/crypto/chelsio/chcr_algo.h
index ec64fbc..f34bc91 100644
--- a/drivers/crypto/chelsio/chcr_algo.h
+++ b/drivers/crypto/chelsio/chcr_algo.h
@@ -394,7 +394,7 @@ static const u8 aes_sbox[256] = {
187, 22
 };
 
-static u32 aes_ks_subword(const u32 w)
+static inline u32 aes_ks_subword(const u32 w)
 {
u8 bytes[4];
 
@@ -412,60 +412,4 @@ static u32 round_constant[11] = {
0x1B00, 0x3600, 0x6C00
 };
 
-/* dec_key - OUTPUT - Reverse round key
- * key - INPUT - key
- * keylength - INPUT - length of the key in number of bits
- */
-static inline void get_aes_decrypt_key(unsigned char *dec_key,
-  const unsigned char *key,
-  unsigned int keylength)
-{
-   u32 temp;
-   u32 w_ring[MAX_NK];
-   int i, j, k = 0;
-   u8  nr, nk;
-
-   switch (keylength) {
-   case AES_KEYLENGTH_128BIT:
-   nk = KEYLENGTH_4BYTES;
-   nr = NUMBER_OF_ROUNDS_10;
-   break;
-
-   case AES_KEYLENGTH_192BIT:
-   nk = KEYLENGTH_6BYTES;
-   nr = NUMBER_OF_ROUNDS_12;
-   break;
-   case AES_KEYLENGTH_256BIT:
-   nk = KEYLENGTH_8BYTES;
-   nr = NUMBER_OF_ROUNDS_14;
-   break;
-   default:
-   return;
-   }
-   for (i = 0; i < nk; i++ )
-   w_ring[i] = be32_to_cpu(*(u32 *)[4 * i]);
-
-   i = 0;
-   temp = w_ring[nk - 1];
-   while(i + nk < (nr + 1) * 4) {
-   if(!(i % nk)) {
-   /* RotWord(temp) */
-   temp = (temp << 8) | (temp >> 24);
-   temp = aes_ks_subword(temp);
-   temp ^= round_constant[i / nk];
-   }
-   else if (nk == 8 && (i % 4 == 0))
-   temp = aes_ks_subword(temp);
-   w_ring[i % nk] ^= temp;
-   temp = w_ring[i % nk];
-   i++;
-   }
-   for (k = 0, j = i % nk; k < nk; k++) {
-   *((u32 *)dec_key + k) = htonl(w_ring[j]);
-   j--;
-   if(j < 0)
-   j += nk;
-   }
-}
-
 #endif /* __CHCR_ALGO_H__ */
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1 3/8] crypto:chcr- Fix key length for RFC4106

[Harsh Jain]

On 12-01-2017 21:39, Herbert Xu wrote:
> On Fri, Jan 06, 2017 at 02:01:34PM +0530, Harsh Jain wrote:
>> Check keylen before copying salt to avoid wrap around of Integer.
>>
>> Signed-off-by: Harsh Jain <ha...@chelsio.com>
>> ---
>>  drivers/crypto/chelsio/chcr_algo.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/crypto/chelsio/chcr_algo.c 
>> b/drivers/crypto/chelsio/chcr_algo.c
>> index deec7c0..6c2dea3 100644
>> --- a/drivers/crypto/chelsio/chcr_algo.c
>> +++ b/drivers/crypto/chelsio/chcr_algo.c
>> @@ -2194,8 +2194,8 @@ static int chcr_gcm_setkey(struct crypto_aead *aead, 
>> const u8 *key,
>>  unsigned int ck_size;
>>  int ret = 0, key_ctx_size = 0;
>>  
>> -if (get_aead_subtype(aead) ==
>> -CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) {
>> +if (get_aead_subtype(aead) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106 &&
>> +keylen > 3) {
>>  keylen -= 4;  /* nonce/salt is present in the last 4 bytes */
>>  memcpy(aeadctx->salt, key + keylen, 4);
>>  }
> We should return an error in this case.
That case is already handled in next if condition.It will error out with 
-EINVAL in next condition.

if (keylen == AES_KEYSIZE_128) {

>
> Cheers,

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v1 3/4] crypto:chcr- Check device is allocated before use

[Harsh Jain]

Ensure dev is allocated for crypto uld context before using the device
for crypto operations.

Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_core.c | 18 --
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_core.c 
b/drivers/crypto/chelsio/chcr_core.c
index 918da8e..1c65f07 100644
--- a/drivers/crypto/chelsio/chcr_core.c
+++ b/drivers/crypto/chelsio/chcr_core.c
@@ -52,6 +52,7 @@
 int assign_chcr_device(struct chcr_dev **dev)
 {
struct uld_ctx *u_ctx;
+   int ret = -ENXIO;
 
/*
 * Which device to use if multiple devices are available TODO
@@ -59,15 +60,14 @@ int assign_chcr_device(struct chcr_dev **dev)
 * must go to the same device to maintain the ordering.
 */
mutex_lock(_mutex); /* TODO ? */
-   u_ctx = list_first_entry(_ctx_list, struct uld_ctx, entry);
-   if (!u_ctx) {
-   mutex_unlock(_mutex);
-   return -ENXIO;
+   list_for_each_entry(u_ctx, _ctx_list, entry)
+   if (u_ctx && u_ctx->dev) {
+   *dev = u_ctx->dev;
+   ret = 0;
+   break;
}
-
-   *dev = u_ctx->dev;
mutex_unlock(_mutex);
-   return 0;
+   return ret;
 }
 
 static int chcr_dev_add(struct uld_ctx *u_ctx)
@@ -202,10 +202,8 @@ static int chcr_uld_state_change(void *handle, enum 
cxgb4_state state)
 
 static int __init chcr_crypto_init(void)
 {
-   if (cxgb4_register_uld(CXGB4_ULD_CRYPTO, _uld_info)) {
+   if (cxgb4_register_uld(CXGB4_ULD_CRYPTO, _uld_info))
pr_err("ULD register fail: No chcr crypto support in cxgb4");
-   return -1;
-   }
 
return 0;
 }
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v1 2/4] crypto:chcr- Fix panic on dma_unmap_sg

[Harsh Jain]

Save DMA mapped sg list addresses to request context buffer.

Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_algo.c   | 49 +++-
 drivers/crypto/chelsio/chcr_crypto.h |  3 +++
 2 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 1d7dfcf..deec7c0 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -158,7 +158,7 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
case CRYPTO_ALG_TYPE_AEAD:
ctx_req.req.aead_req = (struct aead_request *)req;
ctx_req.ctx.reqctx = aead_request_ctx(ctx_req.req.aead_req);
-   dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.req.aead_req->dst,
+   dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.ctx.reqctx->dst,
 ctx_req.ctx.reqctx->dst_nents, DMA_FROM_DEVICE);
if (ctx_req.ctx.reqctx->skb) {
kfree_skb(ctx_req.ctx.reqctx->skb);
@@ -1364,8 +1364,7 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
struct chcr_wr *chcr_req;
struct cpl_rx_phys_dsgl *phys_cpl;
struct phys_sge_parm sg_param;
-   struct scatterlist *src, *dst;
-   struct scatterlist src_sg[2], dst_sg[2];
+   struct scatterlist *src;
unsigned int frags = 0, transhdr_len;
unsigned int ivsize = crypto_aead_ivsize(tfm), dst_size = 0;
unsigned int   kctx_len = 0;
@@ -1385,19 +1384,21 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
 
if (sg_nents_for_len(req->src, req->assoclen + req->cryptlen) < 0)
goto err;
-   src = scatterwalk_ffwd(src_sg, req->src, req->assoclen);
-   dst = src;
+   src = scatterwalk_ffwd(reqctx->srcffwd, req->src, req->assoclen);
+   reqctx->dst = src;
+
if (req->src != req->dst) {
err = chcr_copy_assoc(req, aeadctx);
if (err)
return ERR_PTR(err);
-   dst = scatterwalk_ffwd(dst_sg, req->dst, req->assoclen);
+   reqctx->dst = scatterwalk_ffwd(reqctx->dstffwd, req->dst,
+  req->assoclen);
}
if (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_NULL) {
null = 1;
assoclen = 0;
}
-   reqctx->dst_nents = sg_nents_for_len(dst, req->cryptlen +
+   reqctx->dst_nents = sg_nents_for_len(reqctx->dst, req->cryptlen +
 (op_type ? -authsize : authsize));
if (reqctx->dst_nents <= 0) {
pr_err("AUTHENC:Invalid Destination sg entries\n");
@@ -1462,7 +1463,7 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize);
sg_param.qid = qid;
sg_param.align = 0;
-   if (map_writesg_phys_cpl(_ctx->lldi.pdev->dev, phys_cpl, dst,
+   if (map_writesg_phys_cpl(_ctx->lldi.pdev->dev, phys_cpl, reqctx->dst,
  _param))
goto dstmap_fail;
 
@@ -1713,8 +1714,7 @@ static struct sk_buff *create_aead_ccm_wr(struct 
aead_request *req,
struct chcr_wr *chcr_req;
struct cpl_rx_phys_dsgl *phys_cpl;
struct phys_sge_parm sg_param;
-   struct scatterlist *src, *dst;
-   struct scatterlist src_sg[2], dst_sg[2];
+   struct scatterlist *src;
unsigned int frags = 0, transhdr_len, ivsize = AES_BLOCK_SIZE;
unsigned int dst_size = 0, kctx_len;
unsigned int sub_type;
@@ -1730,17 +1730,19 @@ static struct sk_buff *create_aead_ccm_wr(struct 
aead_request *req,
if (sg_nents_for_len(req->src, req->assoclen + req->cryptlen) < 0)
goto err;
sub_type = get_aead_subtype(tfm);
-   src = scatterwalk_ffwd(src_sg, req->src, req->assoclen);
-   dst = src;
+   src = scatterwalk_ffwd(reqctx->srcffwd, req->src, req->assoclen);
+   reqctx->dst = src;
+
if (req->src != req->dst) {
err = chcr_copy_assoc(req, aeadctx);
if (err) {
pr_err("AAD copy to destination buffer fails\n");
return ERR_PTR(err);
}
-   dst = scatterwalk_ffwd(dst_sg, req->dst, req->assoclen);
+   reqctx->dst = scatterwalk_ffwd(reqctx->dstffwd, req->dst,
+  req->assoclen);
}
-   reqctx->dst_nents = sg_nents_for_len(dst, req->cryptlen +
+   reqctx->dst_nents = sg_nents_for_len(reqctx->dst, req->cryptlen +
 (op_type ? -authsize : authsize));
if (reqctx->dst_nents <= 0) {
pr_err("CCM:Invalid Destination sg entries\n");
@@ -1779,7 +1781,7 @@ static struct sk_buff 

[PATCH v1 0/4]crypto:chcr- Bug Fixes for 4.10

[Harsh Jain]

This patch series is based on Herbert's cryptodev-2.6 tree.
It includes several critical bug fixes.

Atul Gupta (3):
  crypto:chcr-Change flow IDs
  crypto:chcr- Fix panic on dma_unmap_sg
  crypto:chcr- Check device is allocated before use
Julia Lawall (1):
  crypto:chcr-fix itnull.cocci warnings

 drivers/crypto/chelsio/chcr_algo.c| 67 ++-
 drivers/crypto/chelsio/chcr_algo.h|  9 ++--
 drivers/crypto/chelsio/chcr_core.c| 18 ---
 drivers/crypto/chelsio/chcr_core.h|  1 +
 drivers/crypto/chelsio/chcr_crypto.h  |  3 ++
 drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h |  8 
 6 files changed, 61 insertions(+), 45 deletions(-)

-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v1 1/4] crypto:chcr-Change flow IDs

[Harsh Jain]

Change assign flowc id to each outgoing request.Firmware use flowc id
to schedule each request onto HW. FW reply may lost without this change.

Reviewed-by: Hariprasad Shenai 
Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_algo.c| 18 ++
 drivers/crypto/chelsio/chcr_algo.h|  9 +
 drivers/crypto/chelsio/chcr_core.h|  1 +
 drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h |  8 
 4 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 2ed1e24..1d7dfcf 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -542,10 +542,11 @@ static inline void create_wreq(struct chcr_context *ctx,
(calc_tx_flits_ofld(skb) * 8), 16)));
chcr_req->wreq.cookie = cpu_to_be64((uintptr_t)req);
chcr_req->wreq.rx_chid_to_rx_q_id =
-   FILL_WR_RX_Q_ID(ctx->dev->tx_channel_id, qid,
-   is_iv ? iv_loc : IV_NOP);
+   FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid,
+   is_iv ? iv_loc : IV_NOP, ctx->tx_channel_id);
 
-   chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id);
+   chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id,
+  qid);
chcr_req->ulptx.len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8),
16) - ((sizeof(chcr_req->wreq)) >> 4)));
 
@@ -606,7 +607,7 @@ static inline void create_wreq(struct chcr_context *ctx,
chcr_req = (struct chcr_wr *)__skb_put(skb, transhdr_len);
memset(chcr_req, 0, transhdr_len);
chcr_req->sec_cpl.op_ivinsrtofst =
-   FILL_SEC_CPL_OP_IVINSR(ctx->dev->tx_channel_id, 2, 1);
+   FILL_SEC_CPL_OP_IVINSR(ctx->dev->rx_channel_id, 2, 1);
 
chcr_req->sec_cpl.pldlen = htonl(ivsize + req->nbytes);
chcr_req->sec_cpl.aadstart_cipherstop_hi =
@@ -782,6 +783,7 @@ static int chcr_device_init(struct chcr_context *ctx)
spin_lock(>dev->lock_chcr_dev);
ctx->tx_channel_id = rxq_idx;
ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id;
+   ctx->dev->rx_channel_id = 0;
spin_unlock(>dev->lock_chcr_dev);
}
 out:
@@ -874,7 +876,7 @@ static struct sk_buff *create_hash_wr(struct ahash_request 
*req,
memset(chcr_req, 0, transhdr_len);
 
chcr_req->sec_cpl.op_ivinsrtofst =
-   FILL_SEC_CPL_OP_IVINSR(ctx->dev->tx_channel_id, 2, 0);
+   FILL_SEC_CPL_OP_IVINSR(ctx->dev->rx_channel_id, 2, 0);
chcr_req->sec_cpl.pldlen = htonl(param->bfr_len + param->sg_len);
 
chcr_req->sec_cpl.aadstart_cipherstop_hi =
@@ -1424,7 +1426,7 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
 * to the hardware spec
 */
chcr_req->sec_cpl.op_ivinsrtofst =
-   FILL_SEC_CPL_OP_IVINSR(ctx->dev->tx_channel_id, 2,
+   FILL_SEC_CPL_OP_IVINSR(ctx->dev->rx_channel_id, 2,
   (ivsize ? (assoclen + 1) : 0));
chcr_req->sec_cpl.pldlen = htonl(assoclen + ivsize + req->cryptlen);
chcr_req->sec_cpl.aadstart_cipherstop_hi = FILL_SEC_CPL_CIPHERSTOP_HI(
@@ -1600,7 +1602,7 @@ static void fill_sec_cpl_for_aead(struct cpl_tx_sec_pdu 
*sec_cpl,
unsigned int ivsize = AES_BLOCK_SIZE;
unsigned int cipher_mode = CHCR_SCMD_CIPHER_MODE_AES_CCM;
unsigned int mac_mode = CHCR_SCMD_AUTH_MODE_CBCMAC;
-   unsigned int c_id = chcrctx->dev->tx_channel_id;
+   unsigned int c_id = chcrctx->dev->rx_channel_id;
unsigned int ccm_xtra;
unsigned char tag_offset = 0, auth_offset = 0;
unsigned char hmac_ctrl = get_hmac(crypto_aead_authsize(tfm));
@@ -1875,7 +1877,7 @@ static struct sk_buff *create_gcm_wr(struct aead_request 
*req,
 
tag_offset = (op_type == CHCR_ENCRYPT_OP) ? 0 : authsize;
chcr_req->sec_cpl.op_ivinsrtofst = FILL_SEC_CPL_OP_IVINSR(
-   ctx->dev->tx_channel_id, 2, (ivsize ?
+   ctx->dev->rx_channel_id, 2, (ivsize ?
(req->assoclen + 1) : 0));
chcr_req->sec_cpl.pldlen = htonl(req->assoclen + ivsize + crypt_len);
chcr_req->sec_cpl.aadstart_cipherstop_hi = FILL_SEC_CPL_CIPHERSTOP_HI(
diff --git a/drivers/crypto/chelsio/chcr_algo.h 
b/drivers/crypto/chelsio/chcr_algo.h
index 3c7c51f..ba38bae 100644
--- a/drivers/crypto/chelsio/chcr_algo.h
+++ b/drivers/crypto/chelsio/chcr_algo.h
@@ -185,20 +185,21 @@
FW_CRYPTO_LOOKASIDE_WR_CCTX_LOC_V(1) | \
FW_CRYPTO_LOOKASIDE_WR_CCTX_SIZE_V((ctx_len)))
 
-#define FILL_WR_RX_Q_ID(cid, 

[PATCH v1 4/4] crypto:chcr-fix itnull.cocci warnings

[Harsh Jain]

The first argument to list_for_each_entry cannot be NULL.

Generated by: scripts/coccinelle/iterators/itnull.cocci

Signed-off-by: Julia Lawall <julia.law...@lip6.fr>
Signed-off-by: Fengguang Wu <fengguang...@intel.com>
Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_core.c 
b/drivers/crypto/chelsio/chcr_core.c
index 1c65f07..2bfd61a 100644
--- a/drivers/crypto/chelsio/chcr_core.c
+++ b/drivers/crypto/chelsio/chcr_core.c
@@ -61,7 +61,7 @@ int assign_chcr_device(struct chcr_dev **dev)
 */
mutex_lock(_mutex); /* TODO ? */
list_for_each_entry(u_ctx, _ctx_list, entry)
-   if (u_ctx && u_ctx->dev) {
+   if (u_ctx->dev) {
*dev = u_ctx->dev;
ret = 0;
break;
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 05/10] crypto/chcr: Remove dynamic allocation

[Harsh Jain]

Remove malloc/free in hash operation and allocate
 memory in chcr_ahash_req_ctx structure.

Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c   | 69 +---
 drivers/crypto/chelsio/chcr_crypto.h |  8 +++--
 2 files changed, 45 insertions(+), 32 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 0ae1b09..13aaca2 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -150,8 +150,6 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
   sizeof(struct cpl_fw6_pld),
   updated_digestsize);
}
-   kfree(ctx_req.ctx.ahash_ctx->dummy_payload_ptr);
-   ctx_req.ctx.ahash_ctx->dummy_payload_ptr = NULL;
break;
}
return 0;
@@ -860,8 +858,8 @@ static struct sk_buff *create_hash_wr(struct ahash_request 
*req,
 
skb_set_transport_header(skb, transhdr_len);
if (param->bfr_len != 0)
-   write_buffer_to_skb(skb, , req_ctx->bfr,
-   param->bfr_len);
+   write_buffer_to_skb(skb, , req_ctx->reqbfr,
+   param->bfr_len);
if (param->sg_len != 0)
write_sg_to_skb(skb, , req->src, param->sg_len);
 
@@ -892,30 +890,41 @@ static int chcr_ahash_update(struct ahash_request *req)
return -EBUSY;
}
 
-   if (nbytes + req_ctx->bfr_len >= bs) {
-   remainder = (nbytes + req_ctx->bfr_len) % bs;
-   nbytes = nbytes + req_ctx->bfr_len - remainder;
+   if (nbytes + req_ctx->reqlen >= bs) {
+   remainder = (nbytes + req_ctx->reqlen) % bs;
+   nbytes = nbytes + req_ctx->reqlen - remainder;
} else {
-   sg_pcopy_to_buffer(req->src, sg_nents(req->src), req_ctx->bfr +
-  req_ctx->bfr_len, nbytes, 0);
-   req_ctx->bfr_len += nbytes;
+   sg_pcopy_to_buffer(req->src, sg_nents(req->src), req_ctx->reqbfr
+  + req_ctx->reqlen, nbytes, 0);
+   req_ctx->reqlen += nbytes;
return 0;
}
 
params.opad_needed = 0;
params.more = 1;
params.last = 0;
+   params.sg_len = nbytes - req_ctx->reqlen;
+   params.bfr_len = req_ctx->reqlen;
params.scmd1 = 0;
get_alg_config(_prm, crypto_ahash_digestsize(rtfm));
req_ctx->result = 0;
req_ctx->data_len += params.sg_len + params.bfr_len;
skb = create_hash_wr(req, );
 
-   req_ctx->bfr_len = remainder;
-   if (remainder)
+   if (IS_ERR(skb))
+   return PTR_ERR(skb);
+
+   if (remainder) {
+   u8 *temp;
+   /* Swap buffers */
+   temp = req_ctx->reqbfr;
+   req_ctx->reqbfr = req_ctx->skbfr;
+   req_ctx->skbfr = temp;
sg_pcopy_to_buffer(req->src, sg_nents(req->src),
-  req_ctx->bfr, remainder, req->nbytes -
+  req_ctx->reqbfr, remainder, req->nbytes -
   remainder);
+   }
+   req_ctx->reqlen = remainder;
skb->dev = u_ctx->lldi.ports[0];
set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);
chcr_send_wr(skb);
@@ -951,10 +960,10 @@ static int chcr_ahash_final(struct ahash_request *req)
params.sg_len = 0;
get_alg_config(_prm, crypto_ahash_digestsize(rtfm));
req_ctx->result = 1;
-   params.bfr_len = req_ctx->bfr_len;
+   params.bfr_len = req_ctx->reqlen;
req_ctx->data_len += params.bfr_len + params.sg_len;
-   if (req_ctx->bfr && (req_ctx->bfr_len == 0)) {
-   create_last_hash_block(req_ctx->bfr, bs, req_ctx->data_len);
+   if (req_ctx->reqlen == 0) {
+   create_last_hash_block(req_ctx->reqbfr, bs, req_ctx->data_len);
params.last = 0;
params.more = 1;
params.scmd1 = 0;
@@ -1000,12 +1009,12 @@ static int chcr_ahash_finup(struct ahash_request *req)
params.opad_needed = 0;
 
params.sg_len = req->nbytes;
-   params.bfr_len = req_ctx->bfr_len;
+   params.bfr_len = req_ctx->reqlen;
get_alg_config(_prm, crypto_ahash_digestsize(rtfm));
req_ctx->data_len += params.bfr_len + params.sg_len;
req_ctx->result = 1;
-   if (req_ctx->bfr && (req_ctx->bfr_len + req->nbytes) == 0) {
-   create_last_hash_block(req_ctx->bfr, bs, req_ctx->data_len);
+   if ((req_ctx->reqlen + req->nbytes) == 0) {
+   create_last_hash_block(req_ctx->reqbfr, bs, req_ctx->data_len);
params.last = 0;
params.more = 1;
params.scmd1 = 0;
@@ -1061,8 +1070,8 @@ 

[PATCH v3 04/10] crypto/chcr: Fixes Unchecked dereference inside function

[Harsh Jain]

Fixes 324429d74127, Unchecked dereference inside function.

Reported-by: Dan Carpenter 
Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index d24b7ce..0ae1b09 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -439,8 +439,9 @@ static inline void write_buffer_to_skb(struct sk_buff *skb,
skb->len += count;
skb->data_len += count;
skb->truesize += count;
+
while (count > 0) {
-   if (sg && (!(sg->length)))
+   if (!sg || (!(sg->length)))
break;
spage = sg_page(sg);
get_page(spage);
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 10/10] Add AEAD algos.

[Harsh Jain]

Add support for following AEAD algos.
 GCM,CCM,RFC4106,RFC4309,authenc(hmac(shaXXX),cbc(aes)).

Reviewed-by: Stephan Mueller <smuel...@chronox.de>
Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/Kconfig   |1 +
 drivers/crypto/chelsio/chcr_algo.c   | 1482 +-
 drivers/crypto/chelsio/chcr_algo.h   |   16 +-
 drivers/crypto/chelsio/chcr_core.c   |8 +-
 drivers/crypto/chelsio/chcr_core.h   |2 -
 drivers/crypto/chelsio/chcr_crypto.h |   90 ++-
 6 files changed, 1558 insertions(+), 41 deletions(-)

diff --git a/drivers/crypto/chelsio/Kconfig b/drivers/crypto/chelsio/Kconfig
index 4ce67fb..3e104f5 100644
--- a/drivers/crypto/chelsio/Kconfig
+++ b/drivers/crypto/chelsio/Kconfig
@@ -4,6 +4,7 @@ config CRYPTO_DEV_CHELSIO
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_SHA512
+   select CRYPTO_AUTHENC
---help---
  The Chelsio Crypto Co-processor driver for T6 adapters.
 
diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 8d677c7..e73b980 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -54,6 +54,12 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
 #include 
 
 #include "t4fw_api.h"
@@ -62,6 +68,11 @@
 #include "chcr_algo.h"
 #include "chcr_crypto.h"
 
+static inline  struct chcr_aead_ctx *AEAD_CTX(struct chcr_context *ctx)
+{
+   return ctx->crypto_ctx->aeadctx;
+}
+
 static inline struct ablk_ctx *ABLK_CTX(struct chcr_context *ctx)
 {
return ctx->crypto_ctx->ablkctx;
@@ -72,6 +83,16 @@ static inline struct hmac_ctx *HMAC_CTX(struct chcr_context 
*ctx)
return ctx->crypto_ctx->hmacctx;
 }
 
+static inline struct chcr_gcm_ctx *GCM_CTX(struct chcr_aead_ctx *gctx)
+{
+   return gctx->ctx->gcm;
+}
+
+static inline struct chcr_authenc_ctx *AUTHENC_CTX(struct chcr_aead_ctx *gctx)
+{
+   return gctx->ctx->authenc;
+}
+
 static inline struct uld_ctx *ULD_CTX(struct chcr_context *ctx)
 {
return ctx->dev->u_ctx;
@@ -94,12 +115,37 @@ static inline unsigned int sgl_len(unsigned int n)
return (3 * n) / 2 + (n & 1) + 2;
 }
 
+static void chcr_verify_tag(struct aead_request *req, u8 *input, int *err)
+{
+   u8 temp[SHA512_DIGEST_SIZE];
+   struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+   int authsize = crypto_aead_authsize(tfm);
+   struct cpl_fw6_pld *fw6_pld;
+   int cmp = 0;
+
+   fw6_pld = (struct cpl_fw6_pld *)input;
+   if ((get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) ||
+   (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_GCM)) {
+   cmp = memcmp(_pld->data[2], (fw6_pld + 1), authsize);
+   } else {
+
+   sg_pcopy_to_buffer(req->src, sg_nents(req->src), temp,
+   authsize, req->assoclen +
+   req->cryptlen - authsize);
+   cmp = memcmp(temp, (fw6_pld + 1), authsize);
+   }
+   if (cmp)
+   *err = -EBADMSG;
+   else
+   *err = 0;
+}
+
 /*
  * chcr_handle_resp - Unmap the DMA buffers associated with the request
  * @req: crypto request
  */
 int chcr_handle_resp(struct crypto_async_request *req, unsigned char *input,
-int error_status)
+int err)
 {
struct crypto_tfm *tfm = req->tfm;
struct chcr_context *ctx = crypto_tfm_ctx(tfm);
@@ -109,11 +155,27 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
unsigned int digestsize, updated_digestsize;
 
switch (tfm->__crt_alg->cra_flags & CRYPTO_ALG_TYPE_MASK) {
+   case CRYPTO_ALG_TYPE_AEAD:
+   ctx_req.req.aead_req = (struct aead_request *)req;
+   ctx_req.ctx.reqctx = aead_request_ctx(ctx_req.req.aead_req);
+   dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.req.aead_req->dst,
+ctx_req.ctx.reqctx->dst_nents, DMA_FROM_DEVICE);
+   if (ctx_req.ctx.reqctx->skb) {
+   kfree_skb(ctx_req.ctx.reqctx->skb);
+   ctx_req.ctx.reqctx->skb = NULL;
+   }
+   if (ctx_req.ctx.reqctx->verify == VERIFY_SW) {
+   chcr_verify_tag(ctx_req.req.aead_req, input,
+   );
+   ctx_req.ctx.reqctx->verify = VERIFY_HW;
+   }
+   break;
+
case CRYPTO_ALG_TYPE_BLKCIPHER:
ctx_req.req.ablk_req = (struct ablkcipher_request *)req;
ctx_req.ctx.ablk_ctx =
ablkcipher_request_ctx(ctx_req.req.ablk_req);
-   if (!error_status) {
+   if (!err)

[PATCH v3 03/10] crypto/chcr: Added new structure chcr_wr

[Harsh Jain]

Added new structure chcr_wr to populate Work Request Header.

Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c   | 239 +--
 drivers/crypto/chelsio/chcr_algo.h   |  28 ++--
 drivers/crypto/chelsio/chcr_core.h   |  16 +++
 drivers/crypto/chelsio/chcr_crypto.h |   6 -
 4 files changed, 140 insertions(+), 149 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index daad2bf..d24b7ce 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -414,8 +414,23 @@ static inline int get_cryptoalg_subtype(struct crypto_tfm 
*tfm)
return chcr_crypto_alg->type & CRYPTO_ALG_SUB_TYPE_MASK;
 }
 
+static inline void write_buffer_to_skb(struct sk_buff *skb,
+   unsigned int *frags,
+   char *bfr,
+   u8 bfr_len)
+{
+   skb->len += bfr_len;
+   skb->data_len += bfr_len;
+   skb->truesize += bfr_len;
+   get_page(virt_to_page(bfr));
+   skb_fill_page_desc(skb, *frags, virt_to_page(bfr),
+  offset_in_page(bfr), bfr_len);
+   (*frags)++;
+}
+
+
 static inline void
-write_sg_data_page_desc(struct sk_buff *skb, unsigned int *frags,
+write_sg_to_skb(struct sk_buff *skb, unsigned int *frags,
struct scatterlist *sg, unsigned int count)
 {
struct page *spage;
@@ -456,14 +471,12 @@ static int generate_copy_rrkey(struct ablk_ctx *ablkctx,
 }
 
 static inline void create_wreq(struct chcr_context *ctx,
-  struct fw_crypto_lookaside_wr *wreq,
+  struct chcr_wr *chcr_req,
   void *req, struct sk_buff *skb,
   int kctx_len, int hash_sz,
   unsigned int phys_dsgl)
 {
struct uld_ctx *u_ctx = ULD_CTX(ctx);
-   struct ulp_txpkt *ulptx = (struct ulp_txpkt *)(wreq + 1);
-   struct ulptx_idata *sc_imm = (struct ulptx_idata *)(ulptx + 1);
int iv_loc = IV_DSGL;
int qid = u_ctx->lldi.rxq_ids[ctx->tx_channel_id];
unsigned int immdatalen = 0, nr_frags = 0;
@@ -475,24 +488,27 @@ static inline void create_wreq(struct chcr_context *ctx,
nr_frags = skb_shinfo(skb)->nr_frags;
}
 
-   wreq->op_to_cctx_size = FILL_WR_OP_CCTX_SIZE(immdatalen,
-(kctx_len >> 4));
-   wreq->pld_size_hash_size =
+   chcr_req->wreq.op_to_cctx_size = FILL_WR_OP_CCTX_SIZE(immdatalen,
+   ((sizeof(chcr_req->key_ctx) + kctx_len) >> 4));
+   chcr_req->wreq.pld_size_hash_size =
htonl(FW_CRYPTO_LOOKASIDE_WR_PLD_SIZE_V(sgl_lengths[nr_frags]) |
  FW_CRYPTO_LOOKASIDE_WR_HASH_SIZE_V(hash_sz));
-   wreq->len16_pkd = htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP(
+   chcr_req->wreq.len16_pkd =
+   htonl(FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP(
(calc_tx_flits_ofld(skb) * 8), 16)));
-   wreq->cookie = cpu_to_be64((uintptr_t)req);
-   wreq->rx_chid_to_rx_q_id =
+   chcr_req->wreq.cookie = cpu_to_be64((uintptr_t)req);
+   chcr_req->wreq.rx_chid_to_rx_q_id =
FILL_WR_RX_Q_ID(ctx->dev->tx_channel_id, qid,
(hash_sz) ? IV_NOP : iv_loc);
 
-   ulptx->cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id);
-   ulptx->len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8),
-16) - ((sizeof(*wreq)) >> 4)));
+   chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id);
+   chcr_req->ulptx.len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8),
+   16) - ((sizeof(chcr_req->wreq)) >> 4)));
 
-   sc_imm->cmd_more = FILL_CMD_MORE(immdatalen);
-   sc_imm->len = cpu_to_be32(sizeof(struct cpl_tx_sec_pdu) + kctx_len +
+   chcr_req->sc_imm.cmd_more = FILL_CMD_MORE(immdatalen);
+   chcr_req->sc_imm.len = cpu_to_be32(sizeof(struct cpl_tx_sec_pdu) +
+  sizeof(chcr_req->key_ctx) +
+  kctx_len +
  ((hash_sz) ? DUMMY_BYTES :
  (sizeof(struct cpl_rx_phys_dsgl) +
   phys_dsgl)) + immdatalen);
@@ -506,23 +522,23 @@ static inline void create_wreq(struct chcr_context *ctx,
  * @op_type:   encryption or decryption
  */
 static struct sk_buff
-*create_cipher_wr(struct crypto_async_request *req_base,
- struct chcr_context *ctx, unsigned short qid,
+*create_cipher_wr(struct ablkcipher_request *req,
+ unsigned short qid,
  unsigned short op_type)
 {
-   struct ablkcipher_request *req = (struct 

[PATCH v3 02/10] crypto/chcr:Cosmetic change

[Harsh Jain]

Moves get_aes_decrypt_key function to .c file and declare inline for
"aes_ks_subword"

Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.c | 52 +
 drivers/crypto/chelsio/chcr_algo.h | 59 +-
 2 files changed, 53 insertions(+), 58 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index e4ddb92..daad2bf 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -178,6 +178,58 @@ static inline unsigned int calc_tx_flits_ofld(const struct 
sk_buff *skb)
return flits + sgl_len(cnt);
 }
 
+static inline void get_aes_decrypt_key(unsigned char *dec_key,
+  const unsigned char *key,
+  unsigned int keylength)
+{
+   u32 temp;
+   u32 w_ring[MAX_NK];
+   int i, j, k;
+   u8  nr, nk;
+
+   switch (keylength) {
+   case AES_KEYLENGTH_128BIT:
+   nk = KEYLENGTH_4BYTES;
+   nr = NUMBER_OF_ROUNDS_10;
+   break;
+   case AES_KEYLENGTH_192BIT:
+   nk = KEYLENGTH_6BYTES;
+   nr = NUMBER_OF_ROUNDS_12;
+   break;
+   case AES_KEYLENGTH_256BIT:
+   nk = KEYLENGTH_8BYTES;
+   nr = NUMBER_OF_ROUNDS_14;
+   break;
+   default:
+   return;
+   }
+   for (i = 0; i < nk; i++)
+   w_ring[i] = be32_to_cpu(*(u32 *)[4 * i]);
+
+   i = 0;
+   temp = w_ring[nk - 1];
+   while (i + nk < (nr + 1) * 4) {
+   if (!(i % nk)) {
+   /* RotWord(temp) */
+   temp = (temp << 8) | (temp >> 24);
+   temp = aes_ks_subword(temp);
+   temp ^= round_constant[i / nk];
+   } else if (nk == 8 && (i % 4 == 0)) {
+   temp = aes_ks_subword(temp);
+   }
+   w_ring[i % nk] ^= temp;
+   temp = w_ring[i % nk];
+   i++;
+   }
+   i--;
+   for (k = 0, j = i % nk; k < nk; k++) {
+   *((u32 *)dec_key + k) = htonl(w_ring[j]);
+   j--;
+   if (j < 0)
+   j += nk;
+   }
+}
+
 static struct shash_desc *chcr_alloc_shash(unsigned int ds)
 {
struct crypto_shash *base_hash = NULL;
diff --git a/drivers/crypto/chelsio/chcr_algo.h 
b/drivers/crypto/chelsio/chcr_algo.h
index 199b0bb..f34bc91 100644
--- a/drivers/crypto/chelsio/chcr_algo.h
+++ b/drivers/crypto/chelsio/chcr_algo.h
@@ -394,7 +394,7 @@ static inline u16 get_space_for_phys_dsgl(unsigned int 
sgl_entr)
187, 22
 };
 
-static u32 aes_ks_subword(const u32 w)
+static inline u32 aes_ks_subword(const u32 w)
 {
u8 bytes[4];
 
@@ -412,61 +412,4 @@ static u32 aes_ks_subword(const u32 w)
0x1B00, 0x3600, 0x6C00
 };
 
-/* dec_key - OUTPUT - Reverse round key
- * key - INPUT - key
- * keylength - INPUT - length of the key in number of bits
- */
-static inline void get_aes_decrypt_key(unsigned char *dec_key,
-  const unsigned char *key,
-  unsigned int keylength)
-{
-   u32 temp;
-   u32 w_ring[MAX_NK];
-   int i, j, k;
-   u8  nr, nk;
-
-   switch (keylength) {
-   case AES_KEYLENGTH_128BIT:
-   nk = KEYLENGTH_4BYTES;
-   nr = NUMBER_OF_ROUNDS_10;
-   break;
-
-   case AES_KEYLENGTH_192BIT:
-   nk = KEYLENGTH_6BYTES;
-   nr = NUMBER_OF_ROUNDS_12;
-   break;
-   case AES_KEYLENGTH_256BIT:
-   nk = KEYLENGTH_8BYTES;
-   nr = NUMBER_OF_ROUNDS_14;
-   break;
-   default:
-   return;
-   }
-   for (i = 0; i < nk; i++ )
-   w_ring[i] = be32_to_cpu(*(u32 *)[4 * i]);
-
-   i = 0;
-   temp = w_ring[nk - 1];
-   while(i + nk < (nr + 1) * 4) {
-   if(!(i % nk)) {
-   /* RotWord(temp) */
-   temp = (temp << 8) | (temp >> 24);
-   temp = aes_ks_subword(temp);
-   temp ^= round_constant[i / nk];
-   }
-   else if (nk == 8 && (i % 4 == 0))
-   temp = aes_ks_subword(temp);
-   w_ring[i % nk] ^= temp;
-   temp = w_ring[i % nk];
-   i++;
-   }
-   i--;
-   for (k = 0, j = i % nk; k < nk; k++) {
-   *((u32 *)dec_key + k) = htonl(w_ring[j]);
-   j--;
-   if(j < 0)
-   j += nk;
-   }
-}
-
 #endif /* __CHCR_ALGO_H__ */
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 00/10] crypto/chcr: AEAD support and bug fixes

[Harsh Jain]

This patch series includes Bug Fixes, performance improvement and
support for following AEAD algos.
GCM,CCM,RFC4106,RFC4303,authenc(hmac(shaXXX),cbc(aes))

v3:
-Break patch 01 into 2.
v2:
-Replace memcmp to crypto_memneq.
-Handle cryptlen less than authsize.
-Check assoclen and cryptlen passed should not the greater 
 than src sg list.
-Break patch 02 into 3


Jitendra Lulla (5):
  Fix memory corruption done by  *((u32 *)dec_key + k) operation.
  Cosmetic change. Moves get_aes_decrypt_key function to .c file and
declare inline "aes_ks_subword"
  crypto/chcr: Added new structure chcr_wr to populate Work Request
Header.
  crypto/chcr: Fixes Unchecked dereference inside function
  crypto/chcr: Remove dynamic allocation
Harsh Jain (5):
  crypto/chcr: Calculate Reverse round key in setkey callback.
  crypto/chcr: Adjust Dest. buffer size
  crypto/chcr: Use SHASH_DESC_ON_STACK
  crypto/chcr: Move tfm ctx variable to request context
  Add support for following AEAD algos. 
GCM,CCM,RFC4106,RFC4309,authenc(hmac(shaXXX),cbc(aes)).

 drivers/crypto/chelsio/Kconfig   |1 +
 drivers/crypto/chelsio/chcr_algo.c   | 2014 +-
 drivers/crypto/chelsio/chcr_algo.h   |  102 +-
 drivers/crypto/chelsio/chcr_core.c   |8 +-
 drivers/crypto/chelsio/chcr_core.h   |   18 +-
 drivers/crypto/chelsio/chcr_crypto.h |  115 +-
 6 files changed, 1874 insertions(+), 384 deletions(-)

-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 07/10] crypto/chcr: Adjust Dest. buffer size

[Harsh Jain]

Destination buffer size passed to hardware should not be greater
than crypto operation output.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c | 50 +++---
 1 file changed, 20 insertions(+), 30 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 3cf0093..64cab64 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -335,25 +335,13 @@ static inline int is_hmac(struct crypto_tfm *tfm)
return 0;
 }
 
-static inline unsigned int ch_nents(struct scatterlist *sg,
-   unsigned int *total_size)
-{
-   unsigned int nents;
-
-   for (nents = 0, *total_size = 0; sg; sg = sg_next(sg)) {
-   nents++;
-   *total_size += sg->length;
-   }
-   return nents;
-}
-
 static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl,
   struct scatterlist *sg,
   struct phys_sge_parm *sg_param)
 {
struct phys_sge_pairs *to;
-   unsigned int out_buf_size = sg_param->obsize;
-   unsigned int nents = sg_param->nents, i, j, tot_len = 0;
+   int out_buf_size = sg_param->obsize;
+   unsigned int nents = sg_param->nents, i, j = 0;
 
phys_cpl->op_to_tid = htonl(CPL_RX_PHYS_DSGL_OPCODE_V(CPL_RX_PHYS_DSGL)
| CPL_RX_PHYS_DSGL_ISRDMA_V(0));
@@ -371,25 +359,24 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl 
*phys_cpl,
   sizeof(struct cpl_rx_phys_dsgl));
 
for (i = 0; nents; to++) {
-   for (j = i; (nents && (j < (8 + i))); j++, nents--) {
-   to->len[j] = htons(sg->length);
+   for (j = 0; j < 8 && nents; j++, nents--) {
+   out_buf_size -= sg_dma_len(sg);
+   to->len[j] = htons(sg_dma_len(sg));
to->addr[j] = cpu_to_be64(sg_dma_address(sg));
-   if (out_buf_size) {
-   if (tot_len + sg_dma_len(sg) >= out_buf_size) {
-   to->len[j] = htons(out_buf_size -
-  tot_len);
-   return;
-   }
-   tot_len += sg_dma_len(sg);
-   }
sg = sg_next(sg);
}
}
+   if (out_buf_size) {
+   j--;
+   to--;
+   to->len[j] = htons(ntohs(to->len[j]) + (out_buf_size));
+   }
 }
 
-static inline unsigned
-int map_writesg_phys_cpl(struct device *dev, struct cpl_rx_phys_dsgl *phys_cpl,
-struct scatterlist *sg, struct phys_sge_parm *sg_param)
+static inline int map_writesg_phys_cpl(struct device *dev,
+   struct cpl_rx_phys_dsgl *phys_cpl,
+   struct scatterlist *sg,
+   struct phys_sge_parm *sg_param)
 {
if (!sg || !sg_param->nents)
return 0;
@@ -531,16 +518,19 @@ static inline void create_wreq(struct chcr_context *ctx,
struct cpl_rx_phys_dsgl *phys_cpl;
struct chcr_blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req);
struct phys_sge_parm sg_param;
-   unsigned int frags = 0, transhdr_len, phys_dsgl, dst_bufsize = 0;
+   unsigned int frags = 0, transhdr_len, phys_dsgl;
unsigned int ivsize = crypto_ablkcipher_ivsize(tfm), kctx_len;
gfp_t flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
GFP_ATOMIC;
 
if (!req->info)
return ERR_PTR(-EINVAL);
-   ablkctx->dst_nents = ch_nents(req->dst, _bufsize);
+   ablkctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
+   if (ablkctx->dst_nents <= 0) {
+   pr_err("AES:Invalid Destination sg lists\n");
+   return ERR_PTR(-EINVAL);
+   }
ablkctx->enc = op_type;
-
if ((ablkctx->enckey_len == 0) || (ivsize > AES_BLOCK_SIZE) ||
(req->nbytes <= 0) || (req->nbytes % AES_BLOCK_SIZE)) {
pr_err("AES: Invalid value of Key Len %d nbytes %d IV Len %d\n",
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 09/10] crypto/chcr: Move tfm ctx variable to request context

[Harsh Jain]

Move request specific data in request context.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   | 26 +-
 drivers/crypto/chelsio/chcr_crypto.h |  9 -
 2 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index e19f7f4..8d677c7 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -119,7 +119,7 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
   AES_BLOCK_SIZE);
}
dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.req.ablk_req->dst,
-ABLK_CTX(ctx)->dst_nents, DMA_FROM_DEVICE);
+ctx_req.ctx.ablk_ctx->dst_nents, DMA_FROM_DEVICE);
if (ctx_req.ctx.ablk_ctx->skb) {
kfree_skb(ctx_req.ctx.ablk_ctx->skb);
ctx_req.ctx.ablk_ctx->skb = NULL;
@@ -138,8 +138,10 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
updated_digestsize = SHA256_DIGEST_SIZE;
else if (digestsize == SHA384_DIGEST_SIZE)
updated_digestsize = SHA512_DIGEST_SIZE;
-   if (ctx_req.ctx.ahash_ctx->skb)
+   if (ctx_req.ctx.ahash_ctx->skb) {
+   kfree_skb(ctx_req.ctx.ahash_ctx->skb);
ctx_req.ctx.ahash_ctx->skb = NULL;
+   }
if (ctx_req.ctx.ahash_ctx->result == 1) {
ctx_req.ctx.ahash_ctx->result = 0;
memcpy(ctx_req.req.ahash_req->result, input +
@@ -318,8 +320,7 @@ static inline int is_hmac(struct crypto_tfm *tfm)
struct chcr_alg_template *chcr_crypto_alg =
container_of(__crypto_ahash_alg(alg), struct chcr_alg_template,
 alg.hash);
-   if ((chcr_crypto_alg->type & CRYPTO_ALG_SUB_TYPE_MASK) ==
-   CRYPTO_ALG_SUB_TYPE_HASH_HMAC)
+   if (chcr_crypto_alg->type == CRYPTO_ALG_TYPE_HMAC)
return 1;
return 0;
 }
@@ -505,7 +506,7 @@ static inline void create_wreq(struct chcr_context *ctx,
struct sk_buff *skb = NULL;
struct chcr_wr *chcr_req;
struct cpl_rx_phys_dsgl *phys_cpl;
-   struct chcr_blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req);
+   struct chcr_blkcipher_req_ctx *reqctx = ablkcipher_request_ctx(req);
struct phys_sge_parm sg_param;
unsigned int frags = 0, transhdr_len, phys_dsgl;
unsigned int ivsize = crypto_ablkcipher_ivsize(tfm), kctx_len;
@@ -514,12 +515,11 @@ static inline void create_wreq(struct chcr_context *ctx,
 
if (!req->info)
return ERR_PTR(-EINVAL);
-   ablkctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
-   if (ablkctx->dst_nents <= 0) {
+   reqctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
+   if (reqctx->dst_nents <= 0) {
pr_err("AES:Invalid Destination sg lists\n");
return ERR_PTR(-EINVAL);
}
-   ablkctx->enc = op_type;
if ((ablkctx->enckey_len == 0) || (ivsize > AES_BLOCK_SIZE) ||
(req->nbytes <= 0) || (req->nbytes % AES_BLOCK_SIZE)) {
pr_err("AES: Invalid value of Key Len %d nbytes %d IV Len %d\n",
@@ -527,7 +527,7 @@ static inline void create_wreq(struct chcr_context *ctx,
return ERR_PTR(-EINVAL);
}
 
-   phys_dsgl = get_space_for_phys_dsgl(ablkctx->dst_nents);
+   phys_dsgl = get_space_for_phys_dsgl(reqctx->dst_nents);
 
kctx_len = (DIV_ROUND_UP(ablkctx->enckey_len, 16) * 16);
transhdr_len = CIPHER_TRANSHDR_SIZE(kctx_len, phys_dsgl);
@@ -570,7 +570,7 @@ static inline void create_wreq(struct chcr_context *ctx,
}
}
phys_cpl = (struct cpl_rx_phys_dsgl *)((u8 *)(chcr_req + 1) + kctx_len);
-   sg_param.nents = ablkctx->dst_nents;
+   sg_param.nents = reqctx->dst_nents;
sg_param.obsize = req->nbytes;
sg_param.qid = qid;
sg_param.align = 1;
@@ -579,11 +579,11 @@ static inline void create_wreq(struct chcr_context *ctx,
goto map_fail1;
 
skb_set_transport_header(skb, transhdr_len);
-   memcpy(ablkctx->iv, req->info, ivsize);
-   write_buffer_to_skb(skb, , ablkctx->iv, ivsize);
+   memcpy(reqctx->iv, req->info, ivsize);
+   write_buffer_to_skb(skb, , reqctx->iv, ivsize);
write_sg_to_skb(skb, , req->src, req->nbytes);
create_wreq(ctx, chcr_req, req, skb, kctx_len, 0, phys_dsgl);
-   req_ctx->skb = skb;
+   reqctx->skb = skb;
skb_get(skb);
return skb;
 map_fail1:
dif

[PATCH v3 06/10] crypto/chcr: Calculate Reverse round key in setkey callback.

[Harsh Jain]

Move reverse round key calculation logic in setkey operation.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   | 52 
 drivers/crypto/chelsio/chcr_crypto.h |  2 +-
 2 files changed, 24 insertions(+), 30 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 13aaca2..3cf0093 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -455,16 +455,13 @@ static int generate_copy_rrkey(struct ablk_ctx *ablkctx,
   struct _key_ctx *key_ctx)
 {
if (ablkctx->ciph_mode == CHCR_SCMD_CIPHER_MODE_AES_CBC) {
-   get_aes_decrypt_key(key_ctx->key, ablkctx->key,
-   ablkctx->enckey_len << 3);
-   memset(key_ctx->key + ablkctx->enckey_len, 0,
-  CHCR_AES_MAX_KEY_LEN - ablkctx->enckey_len);
+   memcpy(key_ctx->key, ablkctx->rrkey, ablkctx->enckey_len);
} else {
memcpy(key_ctx->key,
   ablkctx->key + (ablkctx->enckey_len >> 1),
   ablkctx->enckey_len >> 1);
-   get_aes_decrypt_key(key_ctx->key + (ablkctx->enckey_len >> 1),
-   ablkctx->key, ablkctx->enckey_len << 2);
+   memcpy(key_ctx->key + (ablkctx->enckey_len >> 1),
+  ablkctx->rrkey, ablkctx->enckey_len >> 1);
}
return 0;
 }
@@ -620,15 +617,9 @@ static int chcr_aes_cbc_setkey(struct crypto_ablkcipher 
*tfm, const u8 *key,
 {
struct chcr_context *ctx = crypto_ablkcipher_ctx(tfm);
struct ablk_ctx *ablkctx = ABLK_CTX(ctx);
-   struct ablkcipher_alg *alg = crypto_ablkcipher_alg(tfm);
unsigned int ck_size, context_size;
u16 alignment = 0;
 
-   if ((keylen < alg->min_keysize) || (keylen > alg->max_keysize))
-   goto badkey_err;
-
-   memcpy(ablkctx->key, key, keylen);
-   ablkctx->enckey_len = keylen;
if (keylen == AES_KEYSIZE_128) {
ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_128;
} else if (keylen == AES_KEYSIZE_192) {
@@ -639,7 +630,9 @@ static int chcr_aes_cbc_setkey(struct crypto_ablkcipher 
*tfm, const u8 *key,
} else {
goto badkey_err;
}
-
+   memcpy(ablkctx->key, key, keylen);
+   ablkctx->enckey_len = keylen;
+   get_aes_decrypt_key(ablkctx->rrkey, ablkctx->key, keylen << 3);
context_size = (KEY_CONTEXT_HDR_SALT_AND_PAD +
keylen + alignment) >> 4;
 
@@ -1172,28 +1165,29 @@ static int chcr_aes_xts_setkey(struct crypto_ablkcipher 
*tfm, const u8 *key,
 {
struct chcr_context *ctx = crypto_ablkcipher_ctx(tfm);
struct ablk_ctx *ablkctx = ABLK_CTX(ctx);
-   int status = 0;
unsigned short context_size = 0;
 
-   if ((key_len == (AES_KEYSIZE_128 << 1)) ||
-   (key_len == (AES_KEYSIZE_256 << 1))) {
-   memcpy(ablkctx->key, key, key_len);
-   ablkctx->enckey_len = key_len;
-   context_size = (KEY_CONTEXT_HDR_SALT_AND_PAD + key_len) >> 4;
-   ablkctx->key_ctx_hdr =
-   FILL_KEY_CTX_HDR((key_len == AES_KEYSIZE_256) ?
-CHCR_KEYCTX_CIPHER_KEY_SIZE_128 :
-CHCR_KEYCTX_CIPHER_KEY_SIZE_256,
-CHCR_KEYCTX_NO_KEY, 1,
-0, context_size);
-   ablkctx->ciph_mode = CHCR_SCMD_CIPHER_MODE_AES_XTS;
-   } else {
+   if ((key_len != (AES_KEYSIZE_128 << 1)) &&
+   (key_len != (AES_KEYSIZE_256 << 1))) {
crypto_tfm_set_flags((struct crypto_tfm *)tfm,
 CRYPTO_TFM_RES_BAD_KEY_LEN);
ablkctx->enckey_len = 0;
-   status = -EINVAL;
+   return -EINVAL;
+
}
-   return status;
+
+   memcpy(ablkctx->key, key, key_len);
+   ablkctx->enckey_len = key_len;
+   get_aes_decrypt_key(ablkctx->rrkey, ablkctx->key, key_len << 2);
+   context_size = (KEY_CONTEXT_HDR_SALT_AND_PAD + key_len) >> 4;
+   ablkctx->key_ctx_hdr =
+   FILL_KEY_CTX_HDR((key_len == AES_KEYSIZE_256) ?
+CHCR_KEYCTX_CIPHER_KEY_SIZE_128 :
+CHCR_KEYCTX_CIPHER_KEY_SIZE_256,
+CHCR_KEYCTX_NO_KEY, 1,
+0, context_size);
+   ablkctx->ciph_mode = CHCR_SCMD_CIPHER_MODE_AES_XTS;
+   return 0;
 }
 
 static int chcr_sha_init(struct ahash_request *areq)
diff --git a/driver

[PATCH v3 01/10] crypto/chcr:Fix memory corruption

[Harsh Jain]

Fix memory corruption done by  *((u32 *)dec_key + k)
 operation.

Signed-off-by: Jitendra Lulla 
---
 drivers/crypto/chelsio/chcr_algo.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.h 
b/drivers/crypto/chelsio/chcr_algo.h
index ec64fbc..199b0bb 100644
--- a/drivers/crypto/chelsio/chcr_algo.h
+++ b/drivers/crypto/chelsio/chcr_algo.h
@@ -422,7 +422,7 @@ static inline void get_aes_decrypt_key(unsigned char 
*dec_key,
 {
u32 temp;
u32 w_ring[MAX_NK];
-   int i, j, k = 0;
+   int i, j, k;
u8  nr, nk;
 
switch (keylength) {
@@ -460,6 +460,7 @@ static inline void get_aes_decrypt_key(unsigned char 
*dec_key,
temp = w_ring[i % nk];
i++;
}
+   i--;
for (k = 0, j = i % nk; k < nk; k++) {
*((u32 *)dec_key + k) = htonl(w_ring[j]);
j--;
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 08/10] crypto/chcr: Use SHASH_DESC_ON_STACK

[Harsh Jain]

Use SHASH_DESC_ON_STACK macro to allocate memory for ipad/opad
calculation.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   | 63 +++-
 drivers/crypto/chelsio/chcr_crypto.h |  2 +-
 2 files changed, 27 insertions(+), 38 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 64cab64..e19f7f4 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -228,40 +228,29 @@ static inline void get_aes_decrypt_key(unsigned char 
*dec_key,
}
 }
 
-static struct shash_desc *chcr_alloc_shash(unsigned int ds)
+static struct crypto_shash *chcr_alloc_shash(unsigned int ds)
 {
struct crypto_shash *base_hash = NULL;
-   struct shash_desc *desc;
 
switch (ds) {
case SHA1_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha1-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha1", 0, 0);
break;
case SHA224_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha224-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha224", 0, 0);
break;
case SHA256_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha256-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha256", 0, 0);
break;
case SHA384_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha384-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha384", 0, 0);
break;
case SHA512_DIGEST_SIZE:
-   base_hash = crypto_alloc_shash("sha512-generic", 0, 0);
+   base_hash = crypto_alloc_shash("sha512", 0, 0);
break;
}
-   if (IS_ERR(base_hash)) {
-   pr_err("Can not allocate sha-generic algo.\n");
-   return (void *)base_hash;
-   }
 
-   desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(base_hash),
-  GFP_KERNEL);
-   if (!desc)
-   return ERR_PTR(-ENOMEM);
-   desc->tfm = base_hash;
-   desc->flags = crypto_shash_get_flags(base_hash);
-   return desc;
+   return base_hash;
 }
 
 static int chcr_compute_partial_hash(struct shash_desc *desc,
@@ -770,6 +759,11 @@ static int get_alg_config(struct algo_param *params,
return 0;
 }
 
+static inline void chcr_free_shash(struct crypto_shash *base_hash)
+{
+   crypto_free_shash(base_hash);
+}
+
 /**
  * create_hash_wr - Create hash work request
  * @req - Cipher req base
@@ -1106,15 +1100,16 @@ static int chcr_ahash_setkey(struct crypto_ahash *tfm, 
const u8 *key,
unsigned int bs = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
unsigned int i, err = 0, updated_digestsize;
 
-   /*
-* use the key to calculate the ipad and opad. ipad will sent with the
+   SHASH_DESC_ON_STACK(shash, hmacctx->base_hash);
+
+   /* use the key to calculate the ipad and opad. ipad will sent with the
 * first request's data. opad will be sent with the final hash result
 * ipad in hmacctx->ipad and opad in hmacctx->opad location
 */
-   if (!hmacctx->desc)
-   return -EINVAL;
+   shash->tfm = hmacctx->base_hash;
+   shash->flags = crypto_shash_get_flags(hmacctx->base_hash);
if (keylen > bs) {
-   err = crypto_shash_digest(hmacctx->desc, key, keylen,
+   err = crypto_shash_digest(shash, key, keylen,
  hmacctx->ipad);
if (err)
goto out;
@@ -1135,13 +1130,13 @@ static int chcr_ahash_setkey(struct crypto_ahash *tfm, 
const u8 *key,
updated_digestsize = SHA256_DIGEST_SIZE;
else if (digestsize == SHA384_DIGEST_SIZE)
updated_digestsize = SHA512_DIGEST_SIZE;
-   err = chcr_compute_partial_hash(hmacctx->desc, hmacctx->ipad,
+   err = chcr_compute_partial_hash(shash, hmacctx->ipad,
hmacctx->ipad, digestsize);
if (err)
goto out;
chcr_change_order(hmacctx->ipad, updated_digestsize);
 
-   err = chcr_compute_partial_hash(hmacctx->desc, hmacctx->opad,
+   err = chcr_compute_partial_hash(shash, hmacctx->opad,
hmacctx->opad, digestsize);
if (err)
goto out;
@@ -1237,26 +1232,20 @@ static int chcr_hmac_cra_init(struct crypto_tfm *tfm)
 
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
 sizeof(struct chcr_ahash_req_ctx));
-   hmacctx->desc = chcr_alloc_shash(digestsize);
-   if (IS_ERR(hmacctx->desc))
-  

Re: [patch] crypto: chcr - checking for IS_ERR() instead of NULL

[Harsh Jain]

On 02-12-2016 11:29, Harsh Jain wrote:
>
> On 02-12-2016 02:19, Dan Carpenter wrote:
>> The create_hash_wr() function never returns error pointers.  It returns
>> NULL on error.
> Will fix the same, Thanks
It's a patch mail not bug reporting!  Sorry for confusion. You have already 
fixed it. Thanks.
>> Fixes: 358961d1cd1e ("crypto: chcr - Added new structure chcr_wr")
>> Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
>>
>> diff --git a/drivers/crypto/chelsio/chcr_algo.c 
>> b/drivers/crypto/chelsio/chcr_algo.c
>> index 32361dd..2ed1e24 100644
>> --- a/drivers/crypto/chelsio/chcr_algo.c
>> +++ b/drivers/crypto/chelsio/chcr_algo.c
>> @@ -958,9 +958,8 @@ static int chcr_ahash_update(struct ahash_request *req)
>>  req_ctx->result = 0;
>>  req_ctx->data_len += params.sg_len + params.bfr_len;
>>  skb = create_hash_wr(req, );
>> -
>> -if (IS_ERR(skb))
>> -return PTR_ERR(skb);
>> +if (!skb)
>> +return -ENOMEM;
>>  
>>  if (remainder) {
>>  u8 *temp;
>> @@ -1023,8 +1022,8 @@ static int chcr_ahash_final(struct ahash_request *req)
>>  params.more = 0;
>>  }
>>  skb = create_hash_wr(req, );
>> -if (IS_ERR(skb))
>> -return PTR_ERR(skb);
>> +if (!skb)
>> +return -ENOMEM;
>>  
>>  skb->dev = u_ctx->lldi.ports[0];
>>  set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);
>> @@ -1074,8 +1073,8 @@ static int chcr_ahash_finup(struct ahash_request *req)
>>  }
>>  
>>  skb = create_hash_wr(req, );
>> -if (IS_ERR(skb))
>> -return PTR_ERR(skb);
>> +if (!skb)
>> +return -ENOMEM;
>>  
>>  skb->dev = u_ctx->lldi.ports[0];
>>  set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);
>> @@ -1125,8 +1124,8 @@ static int chcr_ahash_digest(struct ahash_request *req)
>>  }
>>  
>>  skb = create_hash_wr(req, );
>> -if (IS_ERR(skb))
>> -return PTR_ERR(skb);
>> +if (!skb)
>> +return -ENOMEM;
>>  
>>  skb->dev = u_ctx->lldi.ports[0];
>>  set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch] crypto: chcr - checking for IS_ERR() instead of NULL

[Harsh Jain]

On 02-12-2016 02:19, Dan Carpenter wrote:
> The create_hash_wr() function never returns error pointers.  It returns
> NULL on error.
Will fix the same, Thanks
>
> Fixes: 358961d1cd1e ("crypto: chcr - Added new structure chcr_wr")
> Signed-off-by: Dan Carpenter 
>
> diff --git a/drivers/crypto/chelsio/chcr_algo.c 
> b/drivers/crypto/chelsio/chcr_algo.c
> index 32361dd..2ed1e24 100644
> --- a/drivers/crypto/chelsio/chcr_algo.c
> +++ b/drivers/crypto/chelsio/chcr_algo.c
> @@ -958,9 +958,8 @@ static int chcr_ahash_update(struct ahash_request *req)
>   req_ctx->result = 0;
>   req_ctx->data_len += params.sg_len + params.bfr_len;
>   skb = create_hash_wr(req, );
> -
> - if (IS_ERR(skb))
> - return PTR_ERR(skb);
> + if (!skb)
> + return -ENOMEM;
>  
>   if (remainder) {
>   u8 *temp;
> @@ -1023,8 +1022,8 @@ static int chcr_ahash_final(struct ahash_request *req)
>   params.more = 0;
>   }
>   skb = create_hash_wr(req, );
> - if (IS_ERR(skb))
> - return PTR_ERR(skb);
> + if (!skb)
> + return -ENOMEM;
>  
>   skb->dev = u_ctx->lldi.ports[0];
>   set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);
> @@ -1074,8 +1073,8 @@ static int chcr_ahash_finup(struct ahash_request *req)
>   }
>  
>   skb = create_hash_wr(req, );
> - if (IS_ERR(skb))
> - return PTR_ERR(skb);
> + if (!skb)
> + return -ENOMEM;
>  
>   skb->dev = u_ctx->lldi.ports[0];
>   set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);
> @@ -1125,8 +1124,8 @@ static int chcr_ahash_digest(struct ahash_request *req)
>   }
>  
>   skb = create_hash_wr(req, );
> - if (IS_ERR(skb))
> - return PTR_ERR(skb);
> + if (!skb)
> + return -ENOMEM;
>  
>   skb->dev = u_ctx->lldi.ports[0];
>   set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v1 4/8] crypto:chcr- Use cipher instead of Block Cipher in gcm setkey

[Harsh Jain]

1 Block of encrption can be done with aes-generic. no need of
cbc(aes). This patch replaces cbc(aes-generic) with aes-generic.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c | 20 +---
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 6c2dea3..d335943 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2189,8 +2189,7 @@ static int chcr_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
struct chcr_context *ctx = crypto_aead_ctx(aead);
struct chcr_aead_ctx *aeadctx = AEAD_CTX(ctx);
struct chcr_gcm_ctx *gctx = GCM_CTX(aeadctx);
-   struct blkcipher_desc h_desc;
-   struct scatterlist src[1];
+   struct crypto_cipher *cipher;
unsigned int ck_size;
int ret = 0, key_ctx_size = 0;
 
@@ -2223,27 +,26 @@ static int chcr_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
CHCR_KEYCTX_MAC_KEY_SIZE_128,
0, 0,
key_ctx_size >> 4);
-   /* Calculate the H = CIPH(K, 0 repeated 16 times) using sync aes
-* blkcipher It will go on key context
+   /* Calculate the H = CIPH(K, 0 repeated 16 times).
+* It will go in key context
 */
-   h_desc.tfm = crypto_alloc_blkcipher("cbc(aes-generic)", 0, 0);
-   if (IS_ERR(h_desc.tfm)) {
+   cipher = crypto_alloc_cipher("aes-generic", 0, 0);
+   if (IS_ERR(cipher)) {
aeadctx->enckey_len = 0;
ret = -ENOMEM;
goto out;
}
-   h_desc.flags = 0;
-   ret = crypto_blkcipher_setkey(h_desc.tfm, key, keylen);
+
+   ret = crypto_cipher_setkey(cipher, key, keylen);
if (ret) {
aeadctx->enckey_len = 0;
goto out1;
}
memset(gctx->ghash_h, 0, AEAD_H_SIZE);
-   sg_init_one([0], gctx->ghash_h, AEAD_H_SIZE);
-   ret = crypto_blkcipher_encrypt(_desc, [0], [0], AEAD_H_SIZE);
+   crypto_cipher_encrypt_one(cipher, gctx->ghash_h, gctx->ghash_h);
 
 out1:
-   crypto_free_blkcipher(h_desc.tfm);
+   crypto_free_cipher(cipher);
 out:
return ret;
 }
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v1 7/8] crypto:chcr- Check device is allocated before use

[Harsh Jain]

Ensure dev is allocated for crypto uld context before using the device
for crypto operations.

Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_core.c | 18 --
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_core.c 
b/drivers/crypto/chelsio/chcr_core.c
index 918da8e..1c65f07 100644
--- a/drivers/crypto/chelsio/chcr_core.c
+++ b/drivers/crypto/chelsio/chcr_core.c
@@ -52,6 +52,7 @@
 int assign_chcr_device(struct chcr_dev **dev)
 {
struct uld_ctx *u_ctx;
+   int ret = -ENXIO;
 
/*
 * Which device to use if multiple devices are available TODO
@@ -59,15 +60,14 @@ int assign_chcr_device(struct chcr_dev **dev)
 * must go to the same device to maintain the ordering.
 */
mutex_lock(_mutex); /* TODO ? */
-   u_ctx = list_first_entry(_ctx_list, struct uld_ctx, entry);
-   if (!u_ctx) {
-   mutex_unlock(_mutex);
-   return -ENXIO;
+   list_for_each_entry(u_ctx, _ctx_list, entry)
+   if (u_ctx && u_ctx->dev) {
+   *dev = u_ctx->dev;
+   ret = 0;
+   break;
}
-
-   *dev = u_ctx->dev;
mutex_unlock(_mutex);
-   return 0;
+   return ret;
 }
 
 static int chcr_dev_add(struct uld_ctx *u_ctx)
@@ -202,10 +202,8 @@ static int chcr_uld_state_change(void *handle, enum 
cxgb4_state state)
 
 static int __init chcr_crypto_init(void)
 {
-   if (cxgb4_register_uld(CXGB4_ULD_CRYPTO, _uld_info)) {
+   if (cxgb4_register_uld(CXGB4_ULD_CRYPTO, _uld_info))
pr_err("ULD register fail: No chcr crypto support in cxgb4");
-   return -1;
-   }
 
return 0;
 }
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v1 5/8] crypto:chcr: Change cra_flags for cipher algos

[Harsh Jain]

Change cipher algos flags to CRYPTO_ALG_TYPE_ABLKCIPHER.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index d335943..21fc04c 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -171,7 +171,7 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
}
break;
 
-   case CRYPTO_ALG_TYPE_BLKCIPHER:
+   case CRYPTO_ALG_TYPE_ABLKCIPHER:
ctx_req.req.ablk_req = (struct ablkcipher_request *)req;
ctx_req.ctx.ablk_ctx =
ablkcipher_request_ctx(ctx_req.req.ablk_req);
@@ -2492,7 +2492,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_name   = "cbc(aes)",
.cra_driver_name= "cbc-aes-chcr",
.cra_priority   = CHCR_CRA_PRIORITY,
-   .cra_flags  = CRYPTO_ALG_TYPE_BLKCIPHER |
+   .cra_flags  = CRYPTO_ALG_TYPE_ABLKCIPHER |
CRYPTO_ALG_ASYNC,
.cra_blocksize  = AES_BLOCK_SIZE,
.cra_ctxsize= sizeof(struct chcr_context)
@@ -2519,7 +2519,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_name   = "xts(aes)",
.cra_driver_name= "xts-aes-chcr",
.cra_priority   = CHCR_CRA_PRIORITY,
-   .cra_flags  = CRYPTO_ALG_TYPE_BLKCIPHER |
+   .cra_flags  = CRYPTO_ALG_TYPE_ABLKCIPHER |
CRYPTO_ALG_ASYNC,
.cra_blocksize  = AES_BLOCK_SIZE,
.cra_ctxsize= sizeof(struct chcr_context) +
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v1 0/8] crypto:chcr- Bug fixes

[Harsh Jain]

The patch series is based on Herbert's cryptodev-2.6 tree.
It include bug fixes.

Atul Gupta (4):
  crypto:chcr-Change flow IDs
  crypto:chcr- Fix panic on dma_unmap_sg
  crypto:chcr- Check device is allocated before use
  crypto:chcr- Fix wrong typecasting
Harsh Jain (4):
  crypto:chcr- Fix key length for RFC4106
  crypto:chcr- Use cipher instead of Block Cipher in gcm setkey
  crypto:chcr: Change cra_flags for cipher algos
  crypto:chcr- Change algo priority


 drivers/crypto/chelsio/chcr_algo.c| 97 ++-
 drivers/crypto/chelsio/chcr_algo.h|  9 +--
 drivers/crypto/chelsio/chcr_core.c| 27 
 drivers/crypto/chelsio/chcr_core.h|  1 +
 drivers/crypto/chelsio/chcr_crypto.h  |  5 +-
 drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h |  8 +++
 6 files changed, 80 insertions(+), 67 deletions(-)

-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v1 3/8] crypto:chcr- Fix key length for RFC4106

[Harsh Jain]

Check keylen before copying salt to avoid wrap around of Integer.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index deec7c0..6c2dea3 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2194,8 +2194,8 @@ static int chcr_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
unsigned int ck_size;
int ret = 0, key_ctx_size = 0;
 
-   if (get_aead_subtype(aead) ==
-   CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106) {
+   if (get_aead_subtype(aead) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4106 &&
+   keylen > 3) {
keylen -= 4;  /* nonce/salt is present in the last 4 bytes */
memcpy(aeadctx->salt, key + keylen, 4);
}
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v1 2/8] crypto:chcr- Fix panic on dma_unmap_sg

[Harsh Jain]

Save DMA mapped sg list addresses to request context buffer.

Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_algo.c   | 49 +++-
 drivers/crypto/chelsio/chcr_crypto.h |  3 +++
 2 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 1d7dfcf..deec7c0 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -158,7 +158,7 @@ int chcr_handle_resp(struct crypto_async_request *req, 
unsigned char *input,
case CRYPTO_ALG_TYPE_AEAD:
ctx_req.req.aead_req = (struct aead_request *)req;
ctx_req.ctx.reqctx = aead_request_ctx(ctx_req.req.aead_req);
-   dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.req.aead_req->dst,
+   dma_unmap_sg(_ctx->lldi.pdev->dev, ctx_req.ctx.reqctx->dst,
 ctx_req.ctx.reqctx->dst_nents, DMA_FROM_DEVICE);
if (ctx_req.ctx.reqctx->skb) {
kfree_skb(ctx_req.ctx.reqctx->skb);
@@ -1364,8 +1364,7 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
struct chcr_wr *chcr_req;
struct cpl_rx_phys_dsgl *phys_cpl;
struct phys_sge_parm sg_param;
-   struct scatterlist *src, *dst;
-   struct scatterlist src_sg[2], dst_sg[2];
+   struct scatterlist *src;
unsigned int frags = 0, transhdr_len;
unsigned int ivsize = crypto_aead_ivsize(tfm), dst_size = 0;
unsigned int   kctx_len = 0;
@@ -1385,19 +1384,21 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
 
if (sg_nents_for_len(req->src, req->assoclen + req->cryptlen) < 0)
goto err;
-   src = scatterwalk_ffwd(src_sg, req->src, req->assoclen);
-   dst = src;
+   src = scatterwalk_ffwd(reqctx->srcffwd, req->src, req->assoclen);
+   reqctx->dst = src;
+
if (req->src != req->dst) {
err = chcr_copy_assoc(req, aeadctx);
if (err)
return ERR_PTR(err);
-   dst = scatterwalk_ffwd(dst_sg, req->dst, req->assoclen);
+   reqctx->dst = scatterwalk_ffwd(reqctx->dstffwd, req->dst,
+  req->assoclen);
}
if (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_NULL) {
null = 1;
assoclen = 0;
}
-   reqctx->dst_nents = sg_nents_for_len(dst, req->cryptlen +
+   reqctx->dst_nents = sg_nents_for_len(reqctx->dst, req->cryptlen +
 (op_type ? -authsize : authsize));
if (reqctx->dst_nents <= 0) {
pr_err("AUTHENC:Invalid Destination sg entries\n");
@@ -1462,7 +1463,7 @@ static struct sk_buff *create_authenc_wr(struct 
aead_request *req,
sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize);
sg_param.qid = qid;
sg_param.align = 0;
-   if (map_writesg_phys_cpl(_ctx->lldi.pdev->dev, phys_cpl, dst,
+   if (map_writesg_phys_cpl(_ctx->lldi.pdev->dev, phys_cpl, reqctx->dst,
  _param))
goto dstmap_fail;
 
@@ -1713,8 +1714,7 @@ static struct sk_buff *create_aead_ccm_wr(struct 
aead_request *req,
struct chcr_wr *chcr_req;
struct cpl_rx_phys_dsgl *phys_cpl;
struct phys_sge_parm sg_param;
-   struct scatterlist *src, *dst;
-   struct scatterlist src_sg[2], dst_sg[2];
+   struct scatterlist *src;
unsigned int frags = 0, transhdr_len, ivsize = AES_BLOCK_SIZE;
unsigned int dst_size = 0, kctx_len;
unsigned int sub_type;
@@ -1730,17 +1730,19 @@ static struct sk_buff *create_aead_ccm_wr(struct 
aead_request *req,
if (sg_nents_for_len(req->src, req->assoclen + req->cryptlen) < 0)
goto err;
sub_type = get_aead_subtype(tfm);
-   src = scatterwalk_ffwd(src_sg, req->src, req->assoclen);
-   dst = src;
+   src = scatterwalk_ffwd(reqctx->srcffwd, req->src, req->assoclen);
+   reqctx->dst = src;
+
if (req->src != req->dst) {
err = chcr_copy_assoc(req, aeadctx);
if (err) {
pr_err("AAD copy to destination buffer fails\n");
return ERR_PTR(err);
}
-   dst = scatterwalk_ffwd(dst_sg, req->dst, req->assoclen);
+   reqctx->dst = scatterwalk_ffwd(reqctx->dstffwd, req->dst,
+  req->assoclen);
}
-   reqctx->dst_nents = sg_nents_for_len(dst, req->cryptlen +
+   reqctx->dst_nents = sg_nents_for_len(reqctx->dst, req->cryptlen +
 (op_type ? -authsize : authsize));
if (reqctx->dst_nents <= 0) {
pr_err("CCM:Invalid Destination sg entries\n");
@@ -1779,7 +1781,7 @@ static struct sk_buff 

[PATCH v1 8/8] crypto:chcr- Fix wrong typecasting

[Harsh Jain]

Typecast the pointer with correct structure.

Signed-off-by: Atul Gupta 
---
 drivers/crypto/chelsio/chcr_core.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_core.c 
b/drivers/crypto/chelsio/chcr_core.c
index 1c65f07..aec3562 100644
--- a/drivers/crypto/chelsio/chcr_core.c
+++ b/drivers/crypto/chelsio/chcr_core.c
@@ -151,18 +151,17 @@ int chcr_uld_rx_handler(void *handle, const __be64 *rsp,
 {
struct uld_ctx *u_ctx = (struct uld_ctx *)handle;
struct chcr_dev *dev = u_ctx->dev;
-   const struct cpl_act_establish *rpl = (struct cpl_act_establish
-  *)rsp;
+   const struct cpl_fw6_pld *rpl = (struct cpl_fw6_pld *)rsp;
 
-   if (rpl->ot.opcode != CPL_FW6_PLD) {
+   if (rpl->opcode != CPL_FW6_PLD) {
pr_err("Unsupported opcode\n");
return 0;
}
 
if (!pgl)
-   work_handlers[rpl->ot.opcode](dev, (unsigned char *)[1]);
+   work_handlers[rpl->opcode](dev, (unsigned char *)[1]);
else
-   work_handlers[rpl->ot.opcode](dev, pgl->va);
+   work_handlers[rpl->opcode](dev, pgl->va);
return 0;
 }
 
-- 
1.8.2.3

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Test AEAD/authenc algorithms from userspace

[Harsh Jain]

On 21-12-2016 14:24, Herbert Xu wrote:
> On Mon, Dec 19, 2016 at 04:08:11PM +0530, Harsh Jain wrote:
>> Hi Herbert,
>>
>> TLS default mode of operation is MAC-then-Encrypt for Authenc algos.
>> Currently framework only supports EtM used in IPSec. User space
>> programs like openssl cannot use af-alg interface to encrypt/decrypt
>> in TLS mode.
>> Are we going to support Mac-then-Encrypt mode in future kernel releases?
> If someone finally adds TLS to the kernel then we'll likely do
> something about it.  
Till that time we cannot use crypto authenc type algos with AF-ALG socket 
interface for TLS or MtE( separation into 2 operation always not possible).  
TLS RFC7366 allow users to decide weather to use EtM or MtE in TLS. We can 
solve this, If we have some way to communicate drivers  to operate in TLS mode 
like in setsockopt or msghdr of sendmsg.

> Otherwise you can just separate it out into
> two operations via af-alg.
 Always not possible. If openssl has software implementation of Authec( Cipher 
and hash with 1 algo) it expects same from af-alg engine only then he will 
override. Its like if Openssl has super set(AES+ SHA256) available it expect 
same super set in engine(af-alg) for comparison.
The machines with instruction set extensions has authenc implemented in user 
space like intel aes-ni.

>
> Cheers,

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Test AEAD/authenc algorithms from userspace

[Harsh Jain]

Hi Herbert,

TLS default mode of operation is MAC-then-Encrypt for Authenc algos.
Currently framework only supports EtM used in IPSec. User space
programs like openssl cannot use af-alg interface to encrypt/decrypt
in TLS mode.
Are we going to support Mac-then-Encrypt mode in future kernel releases?


Regards
Harsh Jain

On Tue, May 31, 2016 at 12:35 PM, Stephan Mueller <smuel...@chronox.de> wrote:
> Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Hi All,
>>
>> How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from
>> userspace program.I check libkcapi library. It has test programs for
>> GCM/CCM. There are 3 types of approaches to Authenticated Encryption,
>> Which of them is supported in crypto framework.
>>
>> 1) Encrypt-then-MAC (EtM)
>>  The plaintext is first encrypted, then a MAC is produced based on
>> the resulting ciphertext. The ciphertext and its MAC are sent
>> together.
>> 2) Encrypt-and-MAC (E)
>>  A MAC is produced based on the plaintext, and the plaintext is
>> encrypted without the MAC. The plaintext's MAC and the ciphertext are
>> sent together.
>>
>> 3) MAC-then-Encrypt (MtE)
>>  A MAC is produced based on the plaintext, then the plaintext and
>> MAC are together encrypted to produce a ciphertext based on both. The
>> ciphertext (containing an encrypted MAC) is sent.
>
> The cipher types you mention refer to the implementation of authenc(). IIRC,
> authenc implements EtM as this is mandated by IPSEC.
>
> When you use libkcapi, you should simply be able to use your cipher name with
> the AEAD API. I.e. use the examples you see for CCM or GCM and use those with
> the chosen authenc() cipher. Do you experience any issues?
>
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

BUG: Seems un-initialed dst pointer received from algif_aead when outlen is zero

[Harsh Jain]

Hi,

For tag only AEAD decrypt operation(Zero length Payload). The dst sg
list pointer panic with general protection fault. I think it should be
NULL when output buffer is supposed to be empty.

Kcapi command to re-produce the issue

./kcapi -x 2   -c "gcm(aes)" -i 0d92aa861746b324f20ee6b7 -k
f4a6a5e5f2066f6dd9ec6fc5169c29043560ef595c9e81e76f42d29212cc581c -a ""
-t "5f24c68cbe6f32c29652442bf5d483ad" -q ""

Its decrypt operation. Expected result should be EBADMSG.


Regards
Harsh Jain

Re: BUG: Seems un-initialed dst pointer received from algif_aead when outlen is zero

[Harsh Jain]

On Tue, Mar 21, 2017 at 5:13 PM, Stephan Müller <smuel...@chronox.de> wrote:
> Am Dienstag, 21. März 2017, 11:59:54 CET schrieb Harsh Jain:
>
> Hi Harsh,
>
>> > Executing this command on a 4.9 kernel, I get:
>> >
>> > bin/kcapi -x 2   -c "gcm(aes)" -i 0d92aa861746b324f20ee6b7 -k
>> > f4a6a5e5f2066f6dd9ec6fc5169c29043560ef595c9e81e76f42d29212cc581c -a "" -t
>> > "5f24c68cbe6f32c29652442bf5d483ad" -q ""
>> > EBADMSG
>>
>> Probably because s/w implementation is not trying to access dst sg
>> pointer because there's nothing to copy in destination buffer.  1
>> question If we don't have data to copy to destination buffer what
>> should dst pointer contains?
>
> The dst SGL should simply be discarded by implementations in the case you
> mention above.
>
> The implementation receives the tag size and the supplied input buffer. If
> that input buffer length is equal to the tag length (i.e. no AAD and no
> ciphertext), why would the dst SGL be ever touched during decrytion?

Yes, Driver can figure out when to discard dst SGL but for that Driver
has to put checks before accessing dst SGL. Isn't better if AF_ALG
sends NULL for dst SGL.

>
> Ciao
> Stephan

Re: BUG: Seems un-initialed dst pointer received from algif_aead when outlen is zero

[Harsh Jain]

On Tue, Mar 21, 2017 at 3:34 PM, Stephan Müller <smuel...@chronox.de> wrote:
> Am Dienstag, 21. März 2017, 07:13:53 CET schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Hi,
>>
>> For tag only AEAD decrypt operation(Zero length Payload). The dst sg
>> list pointer panic with general protection fault. I think it should be
>> NULL when output buffer is supposed to be empty.
>>
>> Kcapi command to re-produce the issue
>>
>> ./kcapi -x 2   -c "gcm(aes)" -i 0d92aa861746b324f20ee6b7 -k
>> f4a6a5e5f2066f6dd9ec6fc5169c29043560ef595c9e81e76f42d29212cc581c -a ""
>> -t "5f24c68cbe6f32c29652442bf5d483ad" -q ""
>>
>> Its decrypt operation. Expected result should be EBADMSG.
>
> Executing this command on a 4.9 kernel, I get:
>
> bin/kcapi -x 2   -c "gcm(aes)" -i 0d92aa861746b324f20ee6b7 -k
> f4a6a5e5f2066f6dd9ec6fc5169c29043560ef595c9e81e76f42d29212cc581c -a "" -t
> "5f24c68cbe6f32c29652442bf5d483ad" -q ""
> EBADMSG

Probably because s/w implementation is not trying to access dst sg
pointer because there's nothing to copy in destination buffer.  1
question If we don't have data to copy to destination buffer what
should dst pointer contains?

>
> There is no GP or other error. Can you please provide some details about your
> system? I.e. which kernel version and what cipher implementation resolves to
> gcm(aes)?

I tried with 4.10.13. It's with gcm(aes-chcr). changes which trigger
issue is not submitted to community yet.

>
> Thanks
>
> Ciao
> Stephan

Re: BUG: Seems un-initialed dst pointer received from algif_aead when outlen is zero

[Harsh Jain]

On Tue, Mar 21, 2017 at 4:29 PM, Harsh Jain <harshjain.p...@gmail.com> wrote:
> On Tue, Mar 21, 2017 at 3:34 PM, Stephan Müller <smuel...@chronox.de> wrote:
>> Am Dienstag, 21. März 2017, 07:13:53 CET schrieb Harsh Jain:
>>
>> Hi Harsh,
>>
>>> Hi,
>>>
>>> For tag only AEAD decrypt operation(Zero length Payload). The dst sg
>>> list pointer panic with general protection fault. I think it should be
>>> NULL when output buffer is supposed to be empty.
>>>
>>> Kcapi command to re-produce the issue
>>>
>>> ./kcapi -x 2   -c "gcm(aes)" -i 0d92aa861746b324f20ee6b7 -k
>>> f4a6a5e5f2066f6dd9ec6fc5169c29043560ef595c9e81e76f42d29212cc581c -a ""
>>> -t "5f24c68cbe6f32c29652442bf5d483ad" -q ""
>>>
>>> Its decrypt operation. Expected result should be EBADMSG.
>>
>> Executing this command on a 4.9 kernel, I get:
>>
>> bin/kcapi -x 2   -c "gcm(aes)" -i 0d92aa861746b324f20ee6b7 -k
>> f4a6a5e5f2066f6dd9ec6fc5169c29043560ef595c9e81e76f42d29212cc581c -a "" -t
>> "5f24c68cbe6f32c29652442bf5d483ad" -q ""
>> EBADMSG
>
> Probably because s/w implementation is not trying to access dst sg
> pointer because there's nothing to copy in destination buffer.  1
> question If we don't have data to copy to destination buffer what
> should dst pointer contains? I think either NULL or null sg entry.
>
>>
>> There is no GP or other error. Can you please provide some details about your
>> system? I.e. which kernel version and what cipher implementation resolves to
>> gcm(aes)?
>
> I tried with 4.10.13. It's with gcm(aes-chcr). changes which trigger
> issue is not submitted to community yet.
typo Its 4.10.0-rc3+
>
>>
>> Thanks
>>
>> Ciao
>> Stephan

Re: What should be the algo priority

[Harsh Jain]

On Tue, Apr 4, 2017 at 6:07 PM, Stephan Müller <smuel...@chronox.de> wrote:
> Am Dienstag, 4. April 2017, 09:53:17 CEST schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Hi,
>>
>> Do we have any guidelines documented to decide what should be the
>> algorithm priority. Specially for authenc implementation.Most of the
>> drivers have fixed priority for all algos. Problem comes in when we
>> have cbc(aes), hmac(sha1) and authenc(cbc(aes),hmac(sha1))
>> implementation in driver. Base authenc driver gets more precedence
>> because of higher priority(enc->base.cra_priority * 10 +
>> auth_base->cra_priority;)
>>
>> What should be the priority of
>> cbc(aes),
>> hmac(sha1)
>> authenc(cbc(aes),hmac(sha1))
>
> There is no general rule about the actual numbers. But commonly, the prios are
> set such that the prios of C implementations < ASM implementations < hardware
> accelerators. The idea is to give users the fastest implementation there is
> for his particular system.

It means cbc, hmac should have smaller(nearly 10 times less) priority
than their authenc implementation otherwise request will not offload
to driver because sw authenc priority is (aes * 10 + hmac).

>
> Ciao
> Stephan

[PATCH 2/4] chcr:Set hmac_ctrl bit to use HW register HMAC_CFG[456]

[Harsh Jain]

Use hmac_ctrl bit value saved in setauthsize callback.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c |   24 +---
 1 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 7d59591..2d61043 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -1335,19 +1335,6 @@ static int chcr_copy_assoc(struct aead_request *req,
return crypto_skcipher_encrypt(skreq);
 }
 
-static unsigned char get_hmac(unsigned int authsize)
-{
-   switch (authsize) {
-   case ICV_8:
-   return CHCR_SCMD_HMAC_CTRL_PL1;
-   case ICV_10:
-   return CHCR_SCMD_HMAC_CTRL_TRUNC_RFC4366;
-   case ICV_12:
-   return CHCR_SCMD_HMAC_CTRL_IPSEC_96BIT;
-   }
-   return CHCR_SCMD_HMAC_CTRL_NO_TRUNC;
-}
-
 
 static struct sk_buff *create_authenc_wr(struct aead_request *req,
 unsigned short qid,
@@ -1600,13 +1587,13 @@ static void fill_sec_cpl_for_aead(struct cpl_tx_sec_pdu 
*sec_cpl,
  struct chcr_context *chcrctx)
 {
struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+   struct chcr_aead_ctx *aeadctx = AEAD_CTX(crypto_aead_ctx(tfm));
unsigned int ivsize = AES_BLOCK_SIZE;
unsigned int cipher_mode = CHCR_SCMD_CIPHER_MODE_AES_CCM;
unsigned int mac_mode = CHCR_SCMD_AUTH_MODE_CBCMAC;
unsigned int c_id = chcrctx->dev->rx_channel_id;
unsigned int ccm_xtra;
unsigned char tag_offset = 0, auth_offset = 0;
-   unsigned char hmac_ctrl = get_hmac(crypto_aead_authsize(tfm));
unsigned int assoclen;
 
if (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4309)
@@ -1642,8 +1629,8 @@ static void fill_sec_cpl_for_aead(struct cpl_tx_sec_pdu 
*sec_cpl,
crypto_aead_authsize(tfm));
sec_cpl->seqno_numivs =  FILL_SEC_CPL_SCMD0_SEQNO(op_type,
(op_type == CHCR_ENCRYPT_OP) ? 0 : 1,
-   cipher_mode, mac_mode, hmac_ctrl,
-   ivsize >> 1);
+   cipher_mode, mac_mode,
+   aeadctx->hmac_ctrl, ivsize >> 1);
 
sec_cpl->ivgen_hdrlen = FILL_SEC_CPL_IVGEN_HDRLEN(0, 0, 1, 0,
1, dst_size);
@@ -1820,7 +1807,6 @@ unsigned int fill_aead_req_fields(struct sk_buff *skb,
unsigned char tag_offset = 0;
unsigned int crypt_len = 0;
unsigned int authsize = crypto_aead_authsize(tfm);
-   unsigned char hmac_ctrl = get_hmac(authsize);
int err = 0;
gfp_t flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
GFP_ATOMIC;
@@ -1893,8 +1879,8 @@ unsigned int fill_aead_req_fields(struct sk_buff *skb,
FILL_SEC_CPL_SCMD0_SEQNO(op_type, (op_type ==
CHCR_ENCRYPT_OP) ? 1 : 0,
CHCR_SCMD_CIPHER_MODE_AES_GCM,
-   CHCR_SCMD_AUTH_MODE_GHASH, hmac_ctrl,
-   ivsize >> 1);
+   CHCR_SCMD_AUTH_MODE_GHASH,
+   aeadctx->hmac_ctrl, ivsize >> 1);
} else {
chcr_req->sec_cpl.cipherstop_lo_authinsert =
FILL_SEC_CPL_AUTHINSERT(0, 0, 0, 0);
-- 
1.7.1

[PATCH 1/4] chcr: Increase priority of AEAD algos.

[Harsh Jain]

templates(gcm,ccm etc) inherit priority value of driver to
calculate its priority. In some cases template priority becomes
 more than driver priority for same algo.
Without this patch we will not be able to use driver authenc algos. It will
be good if it pushed in stable kernel.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   |   12 ++--
 drivers/crypto/chelsio/chcr_crypto.h |4 ++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 41bc7f4..7d59591 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2673,6 +2673,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_name = "gcm(aes)",
.cra_driver_name = "gcm-aes-chcr",
.cra_blocksize  = 1,
+   .cra_priority = CHCR_AEAD_PRIORITY,
.cra_ctxsize =  sizeof(struct chcr_context) +
sizeof(struct chcr_aead_ctx) +
sizeof(struct chcr_gcm_ctx),
@@ -2691,6 +2692,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_name = "rfc4106(gcm(aes))",
.cra_driver_name = "rfc4106-gcm-aes-chcr",
.cra_blocksize   = 1,
+   .cra_priority = CHCR_AEAD_PRIORITY + 1,
.cra_ctxsize =  sizeof(struct chcr_context) +
sizeof(struct chcr_aead_ctx) +
sizeof(struct chcr_gcm_ctx),
@@ -2710,6 +2712,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_name = "ccm(aes)",
.cra_driver_name = "ccm-aes-chcr",
.cra_blocksize   = 1,
+   .cra_priority = CHCR_AEAD_PRIORITY,
.cra_ctxsize =  sizeof(struct chcr_context) +
sizeof(struct chcr_aead_ctx),
 
@@ -2728,6 +2731,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_name = "rfc4309(ccm(aes))",
.cra_driver_name = "rfc4309-ccm-aes-chcr",
.cra_blocksize   = 1,
+   .cra_priority = CHCR_AEAD_PRIORITY + 1,
.cra_ctxsize =  sizeof(struct chcr_context) +
sizeof(struct chcr_aead_ctx),
 
@@ -2747,6 +2751,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_driver_name =
"authenc-hmac-sha1-cbc-aes-chcr",
.cra_blocksize   = AES_BLOCK_SIZE,
+   .cra_priority = CHCR_AEAD_PRIORITY,
.cra_ctxsize =  sizeof(struct chcr_context) +
sizeof(struct chcr_aead_ctx) +
sizeof(struct chcr_authenc_ctx),
@@ -2768,6 +2773,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_driver_name =
"authenc-hmac-sha256-cbc-aes-chcr",
.cra_blocksize   = AES_BLOCK_SIZE,
+   .cra_priority = CHCR_AEAD_PRIORITY,
.cra_ctxsize =  sizeof(struct chcr_context) +
sizeof(struct chcr_aead_ctx) +
sizeof(struct chcr_authenc_ctx),
@@ -2788,6 +2794,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_driver_name =
"authenc-hmac-sha224-cbc-aes-chcr",
.cra_blocksize   = AES_BLOCK_SIZE,
+   .cra_priority = CHCR_AEAD_PRIORITY,
.cra_ctxsize =  sizeof(struct chcr_context) +
sizeof(struct chcr_aead_ctx) +
sizeof(struct chcr_authenc_ctx),
@@ -2807,6 +2814,7 @@ static int chcr_aead_op(struct aead_request *req,
.cra_driver_name =
"authenc-hmac-sha384-cbc-aes-chcr",
.cra_blocksize   = AES_BLOCK_SIZE,
+   .cra_priority = CHCR_AEAD_PRIORITY,
   

[PATCH 0/4] Bug fixes and fallback for AEAD

[Harsh Jain]

This series based on Herbert cryptodev-2.6.
It includes bug fixes and fallback for AEAD algos.

Harsh Jain (3):
  chcr: Increase priority of AEAD algos.
  chcr:Set hmac_ctrl bit to use HW register HMAC_CFG[456].
  chcr: Add fallback for AEAD algos
Atul Gupta (1):
  chcr: Fix txq ids

 drivers/crypto/chelsio/chcr_algo.c  |  298 ++-
 drivers/crypto/chelsio/chcr_algo.h  |4 +
 drivers/crypto/chelsio/chcr_core.h  |2 +
 drivers/crypto/chelsio/chcr_crypto.h|   10 +-
 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c |9 +
 drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h  |1 +
 drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h   |3 +-
 7 files changed, 210 insertions(+), 117 deletions(-)

[PATCH 4/4] chcr: Add fallback for AEAD algos

[Harsh Jain]

Fallback to sw when
I AAD length greater than 511
II Zero length payload
II No of sg entries exceeds Request size.

Signed-off-by: Harsh Jain <ha...@chelsio.com>
---
 drivers/crypto/chelsio/chcr_algo.c   |  219 ++
 drivers/crypto/chelsio/chcr_algo.h   |4 +
 drivers/crypto/chelsio/chcr_crypto.h |3 +-
 3 files changed, 151 insertions(+), 75 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 5470e4e..53d9ce4 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -1343,7 +1343,36 @@ static int chcr_copy_assoc(struct aead_request *req,
 
return crypto_skcipher_encrypt(skreq);
 }
+static int chcr_aead_need_fallback(struct aead_request *req, int src_nent,
+  int aadmax, int wrlen,
+  unsigned short op_type)
+{
+   unsigned int authsize = crypto_aead_authsize(crypto_aead_reqtfm(req));
+
+   if (((req->cryptlen - (op_type ? authsize : 0)) == 0) ||
+   (req->assoclen > aadmax) ||
+   (src_nent > MAX_SKB_FRAGS) ||
+   (wrlen > MAX_WR_SIZE))
+   return 1;
+   return 0;
+}
 
+static int chcr_aead_fallback(struct aead_request *req, unsigned short op_type)
+{
+   struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+   struct chcr_context *ctx = crypto_aead_ctx(tfm);
+   struct chcr_aead_ctx *aeadctx = AEAD_CTX(ctx);
+   struct aead_request *subreq = aead_request_ctx(req);
+
+   aead_request_set_tfm(subreq, aeadctx->sw_cipher);
+   aead_request_set_callback(subreq, req->base.flags,
+ req->base.complete, req->base.data);
+aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
+req->iv);
+aead_request_set_ad(subreq, req->assoclen);
+   return op_type ? crypto_aead_decrypt(subreq) :
+   crypto_aead_encrypt(subreq);
+}
 
 static struct sk_buff *create_authenc_wr(struct aead_request *req,
 unsigned short qid,
@@ -1367,7 +1396,7 @@ static int chcr_copy_assoc(struct aead_request *req,
unsigned short stop_offset = 0;
unsigned int  assoclen = req->assoclen;
unsigned int  authsize = crypto_aead_authsize(tfm);
-   int err = 0;
+   int err = -EINVAL, src_nent;
int null = 0;
gfp_t flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
GFP_ATOMIC;
@@ -1377,8 +1406,8 @@ static int chcr_copy_assoc(struct aead_request *req,
 
if (op_type && req->cryptlen < crypto_aead_authsize(tfm))
goto err;
-
-   if (sg_nents_for_len(req->src, req->assoclen + req->cryptlen) < 0)
+   src_nent = sg_nents_for_len(req->src, req->assoclen + req->cryptlen);
+   if (src_nent < 0)
goto err;
src = scatterwalk_ffwd(reqctx->srcffwd, req->src, req->assoclen);
reqctx->dst = src;
@@ -1396,7 +1425,7 @@ static int chcr_copy_assoc(struct aead_request *req,
}
reqctx->dst_nents = sg_nents_for_len(reqctx->dst, req->cryptlen +
 (op_type ? -authsize : authsize));
-   if (reqctx->dst_nents <= 0) {
+   if (reqctx->dst_nents < 0) {
pr_err("AUTHENC:Invalid Destination sg entries\n");
goto err;
}
@@ -1404,6 +1433,12 @@ static int chcr_copy_assoc(struct aead_request *req,
kctx_len = (ntohl(KEY_CONTEXT_CTX_LEN_V(aeadctx->key_ctx_hdr)) << 4)
- sizeof(chcr_req->key_ctx);
transhdr_len = CIPHER_TRANSHDR_SIZE(kctx_len, dst_size);
+   if (chcr_aead_need_fallback(req, src_nent + MIN_AUTH_SG,
+   T6_MAX_AAD_SIZE,
+   transhdr_len + (sgl_len(src_nent + MIN_AUTH_SG) * 8),
+   op_type)) {
+   return ERR_PTR(chcr_aead_fallback(req, op_type));
+   }
skb = alloc_skb((transhdr_len + sizeof(struct sge_opaque_hdr)), flags);
if (!skb)
goto err;
@@ -1485,24 +1520,6 @@ static int chcr_copy_assoc(struct aead_request *req,
return ERR_PTR(-EINVAL);
 }
 
-static void aes_gcm_empty_pld_pad(struct scatterlist *sg,
- unsigned short offset)
-{
-   struct page *spage;
-   unsigned char *addr;
-
-   spage = sg_page(sg);
-   get_page(spage); /* so that it is not freed by NIC */
-#ifdef KMAP_ATOMIC_ARGS
-   addr = kmap_atomic(spage, KM_SOFTIRQ0);
-#else
-   addr = kmap_atomic(spage);
-#endif
-   memset(addr + sg->offset, 0, offset + 1);
-
-   kunmap_atomic(addr);
-}
-
 static int set_msg_len(u8 *block, unsigned int msglen, int csize)
 {
__be32 data;
@@ -156

[PATCH 3/4] chcr:Fix txq ids.

[Harsh Jain]

The patch fixes a critical issue to map txqid with flows on the hardware 
appropriately,
if tx queues created are more than flows configured then  txqid shall map within
the range of hardware flows configured. This ensure that un-mapped txqid does 
not remain un-handled.
The patch also segregated the rxqid and txqid for clarity.

Signed-off-by: Atul Gupta 
Reviewed-by: Ganesh Goudar 
---
 drivers/crypto/chelsio/chcr_algo.c  |   47 +-
 drivers/crypto/chelsio/chcr_core.h  |2 +
 drivers/crypto/chelsio/chcr_crypto.h|3 +-
 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c |9 
 drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h  |1 +
 drivers/net/ethernet/chelsio/cxgb4/t4fw_api.h   |3 +-
 6 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 2d61043..5470e4e 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -522,7 +522,7 @@ static inline void create_wreq(struct chcr_context *ctx,
 {
struct uld_ctx *u_ctx = ULD_CTX(ctx);
int iv_loc = IV_DSGL;
-   int qid = u_ctx->lldi.rxq_ids[ctx->tx_channel_id];
+   int qid = u_ctx->lldi.rxq_ids[ctx->rx_qidx];
unsigned int immdatalen = 0, nr_frags = 0;
 
if (is_ofld_imm(skb)) {
@@ -543,7 +543,7 @@ static inline void create_wreq(struct chcr_context *ctx,
chcr_req->wreq.cookie = cpu_to_be64((uintptr_t)req);
chcr_req->wreq.rx_chid_to_rx_q_id =
FILL_WR_RX_Q_ID(ctx->dev->rx_channel_id, qid,
-   is_iv ? iv_loc : IV_NOP, ctx->tx_channel_id);
+   is_iv ? iv_loc : IV_NOP, ctx->tx_qidx);
 
chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id,
   qid);
@@ -721,19 +721,19 @@ static int chcr_aes_encrypt(struct ablkcipher_request 
*req)
struct sk_buff *skb;
 
if (unlikely(cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0],
-   ctx->tx_channel_id))) {
+   ctx->tx_qidx))) {
if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG))
return -EBUSY;
}
 
-   skb = create_cipher_wr(req, u_ctx->lldi.rxq_ids[ctx->tx_channel_id],
+   skb = create_cipher_wr(req, u_ctx->lldi.rxq_ids[ctx->rx_qidx],
   CHCR_ENCRYPT_OP);
if (IS_ERR(skb)) {
pr_err("chcr : %s : Failed to form WR. No memory\n", __func__);
return  PTR_ERR(skb);
}
skb->dev = u_ctx->lldi.ports[0];
-   set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);
+   set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_qidx);
chcr_send_wr(skb);
return -EINPROGRESS;
 }
@@ -746,19 +746,19 @@ static int chcr_aes_decrypt(struct ablkcipher_request 
*req)
struct sk_buff *skb;
 
if (unlikely(cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0],
-   ctx->tx_channel_id))) {
+   ctx->tx_qidx))) {
if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG))
return -EBUSY;
}
 
-   skb = create_cipher_wr(req, u_ctx->lldi.rxq_ids[0],
+   skb = create_cipher_wr(req, u_ctx->lldi.rxq_ids[ctx->rx_qidx],
   CHCR_DECRYPT_OP);
if (IS_ERR(skb)) {
pr_err("chcr : %s : Failed to form WR. No memory\n", __func__);
return PTR_ERR(skb);
}
skb->dev = u_ctx->lldi.ports[0];
-   set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_channel_id);
+   set_wr_txq(skb, CPL_PRIORITY_DATA, ctx->tx_qidx);
chcr_send_wr(skb);
return -EINPROGRESS;
 }
@@ -766,7 +766,9 @@ static int chcr_aes_decrypt(struct ablkcipher_request *req)
 static int chcr_device_init(struct chcr_context *ctx)
 {
struct uld_ctx *u_ctx;
+   struct adapter *adap;
unsigned int id;
+   int txq_perchan, txq_idx, ntxq;
int err = 0, rxq_perchan, rxq_idx;
 
id = smp_processor_id();
@@ -777,11 +779,18 @@ static int chcr_device_init(struct chcr_context *ctx)
goto out;
}
u_ctx = ULD_CTX(ctx);
+   adap = padap(ctx->dev);
+   ntxq = min_not_zero((unsigned int)u_ctx->lldi.nrxq,
+   adap->vres.ncrypto_fc);
rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan;
+   txq_perchan = ntxq / u_ctx->lldi.nchan;
rxq_idx = ctx->dev->tx_channel_id * rxq_perchan;
rxq_idx += id % rxq_perchan;
+   txq_idx = ctx->dev->tx_channel_id * txq_perchan;
+   txq_idx += id % txq_perchan;

Re: [PATCH 08/22] crypto: chcr: Make use of the new sg_map helper function

[Harsh Jain]

On Fri, Apr 14, 2017 at 3:35 AM, Logan Gunthorpe  wrote:
> The get_page in this area looks *highly* suspect due to there being no
> corresponding put_page. However, I've left that as is to avoid breaking
> things.
chcr driver will post the request to LLD driver cxgb4 and put_page is
implemented there. it will no harm. Any how
we have removed the below code from driver.

http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg24561.html

After this merge we can ignore your patch. Thanks

>
> I've also removed the KMAP_ATOMIC_ARGS check as it appears to be dead
> code that dates back to when it was first committed...


>
> Signed-off-by: Logan Gunthorpe 
> ---
>  drivers/crypto/chelsio/chcr_algo.c | 28 +++-
>  1 file changed, 15 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/crypto/chelsio/chcr_algo.c 
> b/drivers/crypto/chelsio/chcr_algo.c
> index 41bc7f4..a993d1d 100644
> --- a/drivers/crypto/chelsio/chcr_algo.c
> +++ b/drivers/crypto/chelsio/chcr_algo.c
> @@ -1489,22 +1489,21 @@ static struct sk_buff *create_authenc_wr(struct 
> aead_request *req,
> return ERR_PTR(-EINVAL);
>  }
>
> -static void aes_gcm_empty_pld_pad(struct scatterlist *sg,
> - unsigned short offset)
> +static int aes_gcm_empty_pld_pad(struct scatterlist *sg,
> +unsigned short offset)
>  {
> -   struct page *spage;
> unsigned char *addr;
>
> -   spage = sg_page(sg);
> -   get_page(spage); /* so that it is not freed by NIC */
> -#ifdef KMAP_ATOMIC_ARGS
> -   addr = kmap_atomic(spage, KM_SOFTIRQ0);
> -#else
> -   addr = kmap_atomic(spage);
> -#endif
> -   memset(addr + sg->offset, 0, offset + 1);
> +   get_page(sg_page(sg)); /* so that it is not freed by NIC */
> +
> +   addr = sg_map(sg, SG_KMAP_ATOMIC);
> +   if (IS_ERR(addr))
> +   return PTR_ERR(addr);
> +
> +   memset(addr, 0, offset + 1);
> +   sg_unmap(sg, addr, SG_KMAP_ATOMIC);
>
> -   kunmap_atomic(addr);
> +   return 0;
>  }
>
>  static int set_msg_len(u8 *block, unsigned int msglen, int csize)
> @@ -1940,7 +1939,10 @@ static struct sk_buff *create_gcm_wr(struct 
> aead_request *req,
> if (req->cryptlen) {
> write_sg_to_skb(skb, , src, req->cryptlen);
> } else {
> -   aes_gcm_empty_pld_pad(req->dst, authsize - 1);
> +   err = aes_gcm_empty_pld_pad(req->dst, authsize - 1);
> +   if (err)
> +   goto dstmap_fail;
> +
> write_sg_to_skb(skb, , reqctx->dst, crypt_len);
>
> }
> --
> 2.1.4
>

Re: [PATCH 2/2] crypto: chcr - Fix error checking

[Harsh Jain]

On Thu, Apr 13, 2017 at 8:20 PM, Christophe JAILLET
 wrote:
> Le 13/04/2017 à 16:04, Dan Carpenter a écrit :
>>
>> On Thu, Apr 13, 2017 at 02:14:30PM +0200, Christophe JAILLET wrote:
>>>
>>> If 'chcr_alloc_shash()' a few lines above fails, 'base_hash' can be an
>>> error pointer when we 'goto out'.
>>> So checking for NULL here is not enough because it is likely that
>>> 'chcr_free_shash' will crash if we pass an error pointer.
>>>
>>> Signed-off-by: Christophe JAILLET 
>>> ---
>>> Another solution, amybe safer, would be to instrument 'chcr_free_shash'
>>> or
>>> 'crypto_free_shash' to accept an error pointer and return immediatelly in
>>> such a case.
>>> ---
>>>   drivers/crypto/chelsio/chcr_algo.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/crypto/chelsio/chcr_algo.c
>>> b/drivers/crypto/chelsio/chcr_algo.c
>>> index f19590ac8775..41750b97f43c 100644
>>> --- a/drivers/crypto/chelsio/chcr_algo.c
>>> +++ b/drivers/crypto/chelsio/chcr_algo.c
>>> @@ -2351,7 +2351,7 @@ static int chcr_authenc_setkey(struct crypto_aead
>>> *authenc, const u8 *key,
>>> }
>>>   out:
>>> aeadctx->enckey_len = 0;
>>> -   if (base_hash)
>>> +   if (!IS_ERR_OR_NULL(base_hash))
>>> chcr_free_shash(base_hash);
>>
>> Ah...  Ok.  Fine, but redo the first patch anyway because it shouldn't
>> ever be NULL.
>>
>> regards,
>> dan carpenter
>
> Hi Dan,
>
> I will update the first patch as you proposed in order to:
>- teach 'chcr_alloc_shash' not to return NULL
>- initialize 'base_hash' with ERR_PTR(-EINVAL)
>- update the above test to !IS_ERR.
> The 2 patches will be merged in only 1.
>
> Thanks for your suggestions.

Thanks for pointing the error. or You can simply return instead of
goto. Just like that.

 1.3 @@ -2455,7 +2455,8 @@ static int chcr_authenc_setkey(struct cr
 1.4   base_hash  = chcr_alloc_shash(max_authsize);
 1.5   if (IS_ERR(base_hash)) {
 1.6   pr_err("chcr : Base driver cannot be loaded\n");
 1.7 - goto out;
 1.8 + aeadctx->enckey_len = 0;
 1.9 + return -EINVAL;
1.10   }
1.11   {
1.12   SHASH_DESC_ON_STACK(shash, base_hash);





>
> Best regards,
> CJ
>

Re: [PATCH 5/8] crypto:chcr: Change cra_flags for cipher algos

[Harsh Jain]

Hi Herbert

On Fri, Jan 27, 2017 at 4:09 PM, Harsh Jain <ha...@chelsio.com> wrote:
> Change cipher algos flags to CRYPTO_ALG_TYPE_ABLKCIPHER.
>
> Signed-off-by: Harsh Jain <ha...@chelsio.com>
> ---
>  drivers/crypto/chelsio/chcr_algo.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/chelsio/chcr_algo.c 
> b/drivers/crypto/chelsio/chcr_algo.c
> index d335943..21fc04c 100644
> --- a/drivers/crypto/chelsio/chcr_algo.c
> +++ b/drivers/crypto/chelsio/chcr_algo.c
> @@ -171,7 +171,7 @@ int chcr_handle_resp(struct crypto_async_request *req, 
> unsigned char *input,
> }
> break;
>
> -   case CRYPTO_ALG_TYPE_BLKCIPHER:
> +   case CRYPTO_ALG_TYPE_ABLKCIPHER:
> ctx_req.req.ablk_req = (struct ablkcipher_request *)req;
> ctx_req.ctx.ablk_ctx =
> ablkcipher_request_ctx(ctx_req.req.ablk_req);
> @@ -2492,7 +2492,7 @@ static int chcr_aead_op(struct aead_request *req,
> .cra_name   = "cbc(aes)",
> .cra_driver_name= "cbc-aes-chcr",
> .cra_priority   = CHCR_CRA_PRIORITY,
> -   .cra_flags  = CRYPTO_ALG_TYPE_BLKCIPHER |
> +   .cra_flags  = CRYPTO_ALG_TYPE_ABLKCIPHER |
> CRYPTO_ALG_ASYNC,
> .cra_blocksize  = AES_BLOCK_SIZE,
> .cra_ctxsize= sizeof(struct chcr_context)
> @@ -2519,7 +2519,7 @@ static int chcr_aead_op(struct aead_request *req,
> .cra_name   = "xts(aes)",
> .cra_driver_name= "xts-aes-chcr",
> .cra_priority   = CHCR_CRA_PRIORITY,
> -   .cra_flags  = CRYPTO_ALG_TYPE_BLKCIPHER |
> +   .cra_flags  = CRYPTO_ALG_TYPE_ABLKCIPHER |
> CRYPTO_ALG_ASYNC,
> .cra_blocksize  = AES_BLOCK_SIZE,
> .cra_ctxsize= sizeof(struct chcr_context) 
> +

If I try above patch on 4.9.13 stable kernel. Kernel  stops executing
tests for cbc(aes), Same is working fine on cryptodev-2.6 latest tree.
It seems below patch set has changed the behavior.


crypto: testmgr - Do not test internal algorithms


diff --git a/crypto/algboss.c b/crypto/algboss.c
index 6e39d9c..ccb85e1 100644
--- a/crypto/algboss.c
+++ b/crypto/algboss.c
@@ -247,12 +247,8 @@ static int cryptomgr_schedule_test(struct crypto_alg *alg)
memcpy(param->alg, alg->cra_name, sizeof(param->alg));
type = alg->cra_flags;
- /* This piece of crap needs to disappear into per-type test hooks. */
- if (!((type ^ CRYPTO_ALG_TYPE_BLKCIPHER) &
- CRYPTO_ALG_TYPE_BLKCIPHER_MASK) && !(type & CRYPTO_ALG_GENIV) &&
- ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
- CRYPTO_ALG_TYPE_BLKCIPHER ? alg->cra_blkcipher.ivsize :
- alg->cra_ablkcipher.ivsize))
+ /* Do not test internal algorithms. */
+ if (type & CRYPTO_ALG_INTERNAL)
type |= CRYPTO_ALG_TESTED;

Its bit confusing for me. Are we supposed to declared it as
"CRYPTO_ALG_TYPE_BLKCIPHER" for older kernels.

Regards
Harsh Jain

Re: [bug report] crypto: chcr - Select device in Round Robin fashion

[Harsh Jain]

On 20-07-2017 16:02, Dan Carpenter wrote:
> Hello Harsh Jain,
>
> The patch 14c19b178a01: "crypto: chcr - Select device in Round Robin
> fashion" from Jun 15, 2017, leads to the following static checker
> warning:
>
>   drivers/crypto/chelsio/chcr_core.c:163 chcr_uld_add()
>   warn: overwrite may leak 'u_ctx'
>
> drivers/crypto/chelsio/chcr_core.c
>152  static void *chcr_uld_add(const struct cxgb4_lld_info *lld)
>153  {
>154  struct uld_ctx *u_ctx;
>155  
>156  /* Create the device and add it in the device list */
>157  u_ctx = kzalloc(sizeof(*u_ctx), GFP_KERNEL);
>158  if (!u_ctx) {
>159  u_ctx = ERR_PTR(-ENOMEM);
>160  goto out;
>161  }
>162  if (!(lld->ulp_crypto & ULP_CRYPTO_LOOKASIDE)) {
>
> Sure, we could move this check before the allocation, to prevent the
> leak but is -ENOMEM really the right error code?  It feels like -EINVAL
> with a WARN_ON_ONCE() message would be better but I don't really
> understand this code.
Will fix both issues in next change set. Thanks.
>
>163  u_ctx = ERR_PTR(-ENOMEM);
>164  goto out;
>165  }
>166  u_ctx->lldi = *lld;
>167  out:
>168  return u_ctx;
>169  }
>
> regards,
> dan carpenter

BUG: drbg: Added nodes from Stack Memory in link list

[Harsh Jain]

Hi Stephen,

In drbg driver local variable of function are added as list nodes. one
instance is given below.


static inline int __init drbg_healthcheck_sanity(void)



---
---

max_addtllen = drbg_max_addtl(drbg);
max_request_bytes = drbg_max_request_bytes(drbg);
drbg_string_fill(, buf, max_addtllen + 1);
/* overflow addtllen with additonal info string */
len = drbg_generate(drbg, buf, OUTBUFLEN, );

===> Added "addtllist"  to the tail. which local variable.


BUG_ON(0 < len);
/* overflow max_bits */
len = drbg_generate(drbg, buf, (max_request_bytes + 1), NULL);
BUG_ON(0 < len);

/* overflow max addtllen with personalization string */
ret = drbg_seed(drbg, , false);

> Added "seedlist" to the tail of same list. Previous
node(addtllist) already invalid(Out of scope when function returns)


BUG_ON(0 == ret);
/* all tests passed */
rc = 0;



Is't a BUG? or I missed something.


Regards
Harsh Jain

Re: Can someone check linux kernel 4.4, and 4.9 rfc4309 test vectors?

[Harsh Jain]

On Wed, Jun 7, 2017 at 7:27 PM, Che-Min Hsieh  wrote:
> Rfc4309 test vectors in testmgr.h have gone through major changes from linux3 
>  to linux4.
> In linux 4.4, linux4.9, there are vectors as such
>
> 23194 static struct aead_testvec aes_ccm_rfc4309_enc_tv_template[] = {
> 23195{ /* Generated using Crypto++ */
> 23196.key   = zeroed_string,
> 23197.klen  = 19,
> 23198.iv   = zeroed_string,
> 23199.input= zeroed_string,
> 23200.ilen   = 16,
> 23201.assoc= zeroed_string,
> 23202.alen  = 16,
> 23203.result   = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F"
> 23204  "\x12\x50\xE8\xDE\x81\x3C\x63\x08"
> 23205  "\x1A\x22\xBA\x75\xEE\xD4\xD5\xB5"
> 23206  "\x27\x50\x01\xAC\x03\x33\x39\xFB",
> 23207.rlen   = 32,
>
>
> I have a test program using open ssl API (-l crypto), and run on Ubuntu Linux 
> PC,   I  get the following  test result:
>
> 2e 9a ca 6b da 54 fc 6f 12 50 e8 de 81 3c 63 08
> fb 64 91 b4 dd dc bf 5d fd 67 e3 a2 f8 7c 0e 6c
>   The first part of encrypted text is correct. But MAC is not the 
> same.
>
> My program is as the following:
>
> void ccmTest()
> {
> /* Initialization */
> EVP_CIPHER_CTX ctx;
> EVP_CIPHER_CTX *cryptCtx = 
> EVP_CIPHER_CTX_init(cryptCtx);
> int i;
>
>unsigned char P[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
> int Psize = sizeof(P);
> unsigned char K[16] = {0};
> unsigned char N[11] = {0};
> unsigned char A[16] = {0};
> unsigned char CT[128];
>
> int Nsize = 11;
> int Tsize = 16;
>
> // Initialize the context with the alg only
> EVP_EncryptInit(cryptCtx, EVP_aes_128_ccm(), 0, 0);
>
> // Set nonce and tag sizes
> EVP_CIPHER_CTX_ctrl(cryptCtx, EVP_CTRL_CCM_SET_IVLEN, Nsize, 0);
> EVP_CIPHER_CTX_ctrl(cryptCtx, EVP_CTRL_CCM_SET_TAG, Tsize, 0);
>
> // Finally set the key and the nonce
> EVP_EncryptInit(cryptCtx, 0, K, N);
>
> // Tell the alg we will encrypt Psize bytes
> int outl = 0;
> EVP_EncryptUpdate(cryptCtx, 0, , 0, sizeof(P));
>// Add the AAD
> EVP_EncryptUpdate(cryptCtx, 0, , A, sizeof(A));
>// Now we encrypt the data in P, placing the output in CT
> EVP_EncryptUpdate(cryptCtx, CT, , P, Psize);
> EVP_EncryptFinal(cryptCtx, [outl], );
> // Append the tag to the end of the encrypted output
> EVP_CIPHER_CTX_ctrl(cryptCtx, EVP_CTRL_CCM_GET_TAG, Tsize, [Psize]);
> hexdump(CT, Tsize+Psize);
> }
>
>
> I run "insmod tcrypt.ko mode=45"  rfc4309 test with Qualcomm crypto hardware 
> on Linux4.4. The test fails. The generated output is the same as my openSSL 
> test application in 1.
Older kernel driver also includes IV in Authentication data.  Thats
why MAC is wrong . 4.4 kernel crypto drivers don't need to include IV
in authentication data. Updating driver not to include IV string in
authentication data for latest kernels should work.
>
> My test application runs on Ubuntu with linux 3.10 rfc4309 test vector, and 
> generated MAC as expected from test vectors.  Qualcomm crypto hardware runs 
> "insmod tcrypt.ko mode=45" successfully with linux 3.10.
>
> I am suspicious about the test vectors of 4.4. Can someone verify the Linux 
> 4.4 rfc4309 test vectors with his/her openSSL application on PC?
>
> Chemin