Re: [PATCH 7/7] mac80211: Switch to new AEAD interface
On Fri, May 22, 2015 at 09:43:28AM +0200, Johannes Berg wrote: Oops, sorry, of course - I was running in a VM :) Thanks! Does this patch on top help? diff --git a/net/mac80211/aes_gmac.c b/net/mac80211/aes_gmac.c index 7eee32b..133be53 100644 --- a/net/mac80211/aes_gmac.c +++ b/net/mac80211/aes_gmac.c @@ -24,22 +24,24 @@ int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce, const u8 *data, size_t data_len, u8 *mic) { - struct scatterlist sg[3]; + struct scatterlist sg[4]; char aead_req_data[sizeof(struct aead_request) + crypto_aead_reqsize(tfm)] __aligned(__alignof__(struct aead_request)); struct aead_request *aead_req = (void *)aead_req_data; - u8 iv[AES_BLOCK_SIZE]; + u8 zero[GMAC_MIC_LEN], iv[AES_BLOCK_SIZE]; if (data_len GMAC_MIC_LEN) return -EINVAL; memset(aead_req, 0, sizeof(aead_req_data)); - sg_init_table(sg, 3); + memset(zero, 0, GMAC_MIC_LEN); + sg_init_table(sg, 4); sg_set_buf(sg[0], aad, AAD_LEN); sg_set_buf(sg[1], data, data_len - GMAC_MIC_LEN); - sg_set_buf(sg[2], mic, GMAC_MIC_LEN); + sg_set_buf(sg[2], zero, GMAC_MIC_LEN); + sg_set_buf(sg[3], mic, GMAC_MIC_LEN); memcpy(iv, nonce, GMAC_NONCE_LEN); memset(iv + GMAC_NONCE_LEN, 0, sizeof(iv) - GMAC_NONCE_LEN); -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 7/7] mac80211: Switch to new AEAD interface
On Fri, May 22, 2015 at 10:18:03AM +0200, Johannes Berg wrote: Yep, that fixes things. Great I will respin the patches. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[v2 PATCH 11/13] mac80211: Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Tested-by: Johannes Berg johan...@sipsolutions.net Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/mac80211/aes_ccm.c | 30 ++ net/mac80211/aes_gcm.c | 30 ++ net/mac80211/aes_gmac.c | 12 +--- 3 files changed, 33 insertions(+), 39 deletions(-) diff --git a/net/mac80211/aes_ccm.c b/net/mac80211/aes_ccm.c index 70d53da..42575ef 100644 --- a/net/mac80211/aes_ccm.c +++ b/net/mac80211/aes_ccm.c @@ -22,7 +22,7 @@ void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, u8 *data, size_t data_len, u8 *mic, size_t mic_len) { - struct scatterlist assoc, pt, ct[2]; + struct scatterlist sg[3]; char aead_req_data[sizeof(struct aead_request) + crypto_aead_reqsize(tfm)] @@ -31,15 +31,14 @@ void ieee80211_aes_ccm_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, memset(aead_req, 0, sizeof(aead_req_data)); - sg_init_one(pt, data, data_len); - sg_init_one(assoc, aad[2], be16_to_cpup((__be16 *)aad)); - sg_init_table(ct, 2); - sg_set_buf(ct[0], data, data_len); - sg_set_buf(ct[1], mic, mic_len); + sg_init_table(sg, 3); + sg_set_buf(sg[0], aad[2], be16_to_cpup((__be16 *)aad)); + sg_set_buf(sg[1], data, data_len); + sg_set_buf(sg[2], mic, mic_len); aead_request_set_tfm(aead_req, tfm); - aead_request_set_assoc(aead_req, assoc, assoc.length); - aead_request_set_crypt(aead_req, pt, ct, data_len, b_0); + aead_request_set_crypt(aead_req, sg, sg, data_len, b_0); + aead_request_set_ad(aead_req, sg[0].length, 0); crypto_aead_encrypt(aead_req); } @@ -48,7 +47,7 @@ int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, u8 *data, size_t data_len, u8 *mic, size_t mic_len) { - struct scatterlist assoc, pt, ct[2]; + struct scatterlist sg[3]; char aead_req_data[sizeof(struct aead_request) + crypto_aead_reqsize(tfm)] __aligned(__alignof__(struct aead_request)); @@ -59,15 +58,14 @@ int ieee80211_aes_ccm_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, memset(aead_req, 0, sizeof(aead_req_data)); - sg_init_one(pt, data, data_len); - sg_init_one(assoc, aad[2], be16_to_cpup((__be16 *)aad)); - sg_init_table(ct, 2); - sg_set_buf(ct[0], data, data_len); - sg_set_buf(ct[1], mic, mic_len); + sg_init_table(sg, 3); + sg_set_buf(sg[0], aad[2], be16_to_cpup((__be16 *)aad)); + sg_set_buf(sg[1], data, data_len); + sg_set_buf(sg[2], mic, mic_len); aead_request_set_tfm(aead_req, tfm); - aead_request_set_assoc(aead_req, assoc, assoc.length); - aead_request_set_crypt(aead_req, ct, pt, data_len + mic_len, b_0); + aead_request_set_crypt(aead_req, sg, sg, data_len + mic_len, b_0); + aead_request_set_ad(aead_req, sg[0].length, 0); return crypto_aead_decrypt(aead_req); } diff --git a/net/mac80211/aes_gcm.c b/net/mac80211/aes_gcm.c index b91c9d7..12dcd66 100644 --- a/net/mac80211/aes_gcm.c +++ b/net/mac80211/aes_gcm.c @@ -18,7 +18,7 @@ void ieee80211_aes_gcm_encrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad, u8 *data, size_t data_len, u8 *mic) { - struct scatterlist assoc, pt, ct[2]; + struct scatterlist sg[3]; char aead_req_data[sizeof(struct aead_request) + crypto_aead_reqsize(tfm)] @@ -27,15 +27,14 @@ void ieee80211_aes_gcm_encrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad, memset(aead_req, 0, sizeof(aead_req_data)); - sg_init_one(pt, data, data_len); - sg_init_one(assoc, aad[2], be16_to_cpup((__be16 *)aad)); - sg_init_table(ct, 2); - sg_set_buf(ct[0], data, data_len); - sg_set_buf(ct[1], mic, IEEE80211_GCMP_MIC_LEN); + sg_init_table(sg, 3); + sg_set_buf(sg[0], aad[2], be16_to_cpup((__be16 *)aad)); + sg_set_buf(sg[1], data, data_len); + sg_set_buf(sg[2], mic, IEEE80211_GCMP_MIC_LEN); aead_request_set_tfm(aead_req, tfm); - aead_request_set_assoc(aead_req, assoc, assoc.length); - aead_request_set_crypt(aead_req, pt, ct, data_len, j_0); + aead_request_set_crypt(aead_req, sg, sg, data_len, j_0); + aead_request_set_ad(aead_req, sg[0].length, 0); crypto_aead_encrypt(aead_req); } @@ -43,7 +42,7 @@ void ieee80211_aes_gcm_encrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad, int ieee80211_aes_gcm_decrypt(struct crypto_aead *tfm, u8 *j_0, u8 *aad, u8 *data, size_t data_len, u8 *mic) { - struct scatterlist assoc, pt, ct[2]; + struct
[v2 PATCH 13/13] crypto: algif_aead - Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/algif_aead.c | 61 ++-- 1 file changed, 36 insertions(+), 25 deletions(-) diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index 53702e9..5674a33 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -26,7 +26,7 @@ struct aead_sg_list { unsigned int cur; - struct scatterlist sg[ALG_MAX_PAGES]; + struct scatterlist sg[ALG_MAX_PAGES + 1]; }; struct aead_ctx { @@ -357,7 +357,8 @@ static int aead_recvmsg(struct socket *sock, struct msghdr *msg, size_t ignored, unsigned as = crypto_aead_authsize(crypto_aead_reqtfm(ctx-aead_req)); struct aead_sg_list *sgl = ctx-tsgl; struct scatterlist *sg = NULL; - struct scatterlist assoc[ALG_MAX_PAGES]; + struct scatterlist dstbuf[ALG_MAX_PAGES + 1]; + struct scatterlist *dst = dstbuf; size_t assoclen = 0; unsigned int i = 0; int err = -EINVAL; @@ -453,7 +454,7 @@ static int aead_recvmsg(struct socket *sock, struct msghdr *msg, size_t ignored, if (usedpages outlen) goto unlock; - sg_init_table(assoc, ALG_MAX_PAGES); + sg_mark_end(sgl-sg + sgl-cur); assoclen = ctx-aead_assoclen; /* * Split scatterlist into two: first part becomes AD, second part @@ -465,35 +466,45 @@ static int aead_recvmsg(struct socket *sock, struct msghdr *msg, size_t ignored, sg = sgl-sg + i; if (sg-length = assoclen) { /* AD is larger than one page */ - sg_set_page(assoc + i, sg_page(sg), + sg_set_page(dst + i, sg_page(sg), sg-length, sg-offset); assoclen -= sg-length; - if (i = ctx-tsgl.cur) - goto unlock; - } else if (!assoclen) { - /* current page is to start of plaintext / ciphertext */ - if (i) - /* AD terminates at page boundary */ - sg_mark_end(assoc + i - 1); - else - /* AD size is zero */ - sg_mark_end(assoc); - break; - } else { + continue; + } + + if (assoclen) { /* AD does not terminate at page boundary */ - sg_set_page(assoc + i, sg_page(sg), + sg_set_page(dst + i, sg_page(sg), assoclen, sg-offset); - sg_mark_end(assoc + i); - /* plaintext / ciphertext starts after AD */ - sg-length -= assoclen; - sg-offset += assoclen; - break; + assoclen = 0; + i++; } + + break; } - aead_request_set_assoc(ctx-aead_req, assoc, ctx-aead_assoclen); - aead_request_set_crypt(ctx-aead_req, sg, ctx-rsgl[0].sg, used, - ctx-iv); + /* This should never happen because of aead_sufficient_data. */ + if (WARN_ON_ONCE(assoclen)) + goto unlock; + + /* current page is the start of plaintext / ciphertext */ + if (!i) + /* AD size is zero */ + dst = ctx-rsgl[0].sg; + else if (outlen) + /* AD size is non-zero */ + scatterwalk_crypto_chain( + dst, ctx-rsgl[0].sg, + sg_page(ctx-rsgl[0].sg) == sg_page(dst + i - 1) + ctx-rsgl[0].sg[0].offset == dst[i - 1].offset + +dst[i - 1].length, + i + 1); + else + /* AD only */ + sg_mark_end(dst + i); + + aead_request_set_crypt(ctx-aead_req, sgl-sg, dst, used, ctx-iv); + aead_request_set_ad(ctx-aead_req, ctx-aead_assoclen, 0); err = af_alg_wait_for_completion(ctx-enc ? crypto_aead_encrypt(ctx-aead_req) : -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[v2 PATCH 4/13] crypto: aead - Do not set cra_type for new style instances
The function aead_geniv_alloc currently sets cra_type even for new style instances. This is unnecessary and may hide bugs such as when our caller uses crypto_register_instance instead of the correct aead_register_instance. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/aead.c |4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/crypto/aead.c b/crypto/aead.c index c1f73a9..8b26613 100644 --- a/crypto/aead.c +++ b/crypto/aead.c @@ -468,12 +468,10 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, CRYPTO_MAX_ALG_NAME) goto err_drop_alg; - inst-alg.base.cra_flags = CRYPTO_ALG_TYPE_AEAD; - inst-alg.base.cra_flags |= alg-base.cra_flags CRYPTO_ALG_ASYNC; + inst-alg.base.cra_flags = alg-base.cra_flags CRYPTO_ALG_ASYNC; inst-alg.base.cra_priority = alg-base.cra_priority; inst-alg.base.cra_blocksize = alg-base.cra_blocksize; inst-alg.base.cra_alignmask = alg-base.cra_alignmask; - inst-alg.base.cra_type = crypto_new_aead_type; inst-alg.ivsize = ivsize; inst-alg.maxauthsize = maxauthsize; -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[v2 PATCH 8/13] esp4: Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. The IV generation is also now carried out through normal AEAD methods. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/ipv4/esp4.c | 197 ++-- 1 file changed, 122 insertions(+), 75 deletions(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 421a80b..855b1cb 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -49,7 +49,7 @@ static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags, int seqhilen) len = ALIGN(len, crypto_tfm_ctx_alignment()); } - len += sizeof(struct aead_givcrypt_request) + crypto_aead_reqsize(aead); + len += sizeof(struct aead_request) + crypto_aead_reqsize(aead); len = ALIGN(len, __alignof__(struct scatterlist)); len += sizeof(struct scatterlist) * nfrags; @@ -68,17 +68,6 @@ static inline u8 *esp_tmp_iv(struct crypto_aead *aead, void *tmp, int seqhilen) crypto_aead_alignmask(aead) + 1) : tmp + seqhilen; } -static inline struct aead_givcrypt_request *esp_tmp_givreq( - struct crypto_aead *aead, u8 *iv) -{ - struct aead_givcrypt_request *req; - - req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead), - crypto_tfm_ctx_alignment()); - aead_givcrypt_set_tfm(req, aead); - return req; -} - static inline struct aead_request *esp_tmp_req(struct crypto_aead *aead, u8 *iv) { struct aead_request *req; @@ -97,14 +86,6 @@ static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead, __alignof__(struct scatterlist)); } -static inline struct scatterlist *esp_givreq_sg( - struct crypto_aead *aead, struct aead_givcrypt_request *req) -{ - return (void *)ALIGN((unsigned long)(req + 1) + -crypto_aead_reqsize(aead), -__alignof__(struct scatterlist)); -} - static void esp_output_done(struct crypto_async_request *base, int err) { struct sk_buff *skb = base-data; @@ -113,14 +94,37 @@ static void esp_output_done(struct crypto_async_request *base, int err) xfrm_output_resume(skb, err); } +/* Move ESP header back into place. */ +static void esp_restore_header(struct sk_buff *skb, unsigned int offset) +{ + struct ip_esp_hdr *esph = (void *)(skb-data + offset); + void *tmp = ESP_SKB_CB(skb)-tmp; + __be32 *seqhi = esp_tmp_seqhi(tmp); + + esph-seq_no = esph-spi; + esph-spi = *seqhi; +} + +static void esp_output_restore_header(struct sk_buff *skb) +{ + esp_restore_header(skb, skb_transport_offset(skb) - sizeof(__be32)); +} + +static void esp_output_done_esn(struct crypto_async_request *base, int err) +{ + struct sk_buff *skb = base-data; + + esp_output_restore_header(skb); + esp_output_done(base, err); +} + static int esp_output(struct xfrm_state *x, struct sk_buff *skb) { int err; struct ip_esp_hdr *esph; struct crypto_aead *aead; - struct aead_givcrypt_request *req; + struct aead_request *req; struct scatterlist *sg; - struct scatterlist *asg; struct sk_buff *trailer; void *tmp; u8 *iv; @@ -129,17 +133,19 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) int clen; int alen; int plen; + int ivlen; int tfclen; int nfrags; int assoclen; - int sglists; int seqhilen; __be32 *seqhi; + __be64 seqno; /* skb is pure payload to encrypt */ aead = x-data; alen = crypto_aead_authsize(aead); + ivlen = crypto_aead_ivsize(aead); tfclen = 0; if (x-tfcpad) { @@ -160,16 +166,14 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) nfrags = err; assoclen = sizeof(*esph); - sglists = 1; seqhilen = 0; if (x-props.flags XFRM_STATE_ESN) { - sglists += 2; seqhilen += sizeof(__be32); assoclen += seqhilen; } - tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); + tmp = esp_alloc_tmp(aead, nfrags, seqhilen); if (!tmp) { err = -ENOMEM; goto error; @@ -177,9 +181,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) seqhi = esp_tmp_seqhi(tmp); iv = esp_tmp_iv(aead, tmp, seqhilen); - req = esp_tmp_givreq(aead, iv); - asg = esp_givreq_sg(aead, req); - sg = asg + sglists; + req = esp_tmp_req(aead, iv); + sg = esp_req_sg(aead, req); /* Fill padding... */ tail = skb_tail_pointer(trailer); @@ -235,36 +238,53 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) *skb_mac_header(skb) = IPPROTO_UDP; }
[v2 PATCH 9/13] esp6: Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. The IV generation is also now carried out through normal AEAD methods. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/ipv6/esp6.c | 197 ++-- 1 file changed, 122 insertions(+), 75 deletions(-) diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 31f1b5d..ff21a5d 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -76,7 +76,7 @@ static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags, int seqihlen) len = ALIGN(len, crypto_tfm_ctx_alignment()); } - len += sizeof(struct aead_givcrypt_request) + crypto_aead_reqsize(aead); + len += sizeof(struct aead_request) + crypto_aead_reqsize(aead); len = ALIGN(len, __alignof__(struct scatterlist)); len += sizeof(struct scatterlist) * nfrags; @@ -96,17 +96,6 @@ static inline u8 *esp_tmp_iv(struct crypto_aead *aead, void *tmp, int seqhilen) crypto_aead_alignmask(aead) + 1) : tmp + seqhilen; } -static inline struct aead_givcrypt_request *esp_tmp_givreq( - struct crypto_aead *aead, u8 *iv) -{ - struct aead_givcrypt_request *req; - - req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead), - crypto_tfm_ctx_alignment()); - aead_givcrypt_set_tfm(req, aead); - return req; -} - static inline struct aead_request *esp_tmp_req(struct crypto_aead *aead, u8 *iv) { struct aead_request *req; @@ -125,14 +114,6 @@ static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead, __alignof__(struct scatterlist)); } -static inline struct scatterlist *esp_givreq_sg( - struct crypto_aead *aead, struct aead_givcrypt_request *req) -{ - return (void *)ALIGN((unsigned long)(req + 1) + -crypto_aead_reqsize(aead), -__alignof__(struct scatterlist)); -} - static void esp_output_done(struct crypto_async_request *base, int err) { struct sk_buff *skb = base-data; @@ -141,32 +122,57 @@ static void esp_output_done(struct crypto_async_request *base, int err) xfrm_output_resume(skb, err); } +/* Move ESP header back into place. */ +static void esp_restore_header(struct sk_buff *skb, unsigned int offset) +{ + struct ip_esp_hdr *esph = (void *)(skb-data + offset); + void *tmp = ESP_SKB_CB(skb)-tmp; + __be32 *seqhi = esp_tmp_seqhi(tmp); + + esph-seq_no = esph-spi; + esph-spi = *seqhi; +} + +static void esp_output_restore_header(struct sk_buff *skb) +{ + esp_restore_header(skb, skb_transport_offset(skb) - sizeof(__be32)); +} + +static void esp_output_done_esn(struct crypto_async_request *base, int err) +{ + struct sk_buff *skb = base-data; + + esp_output_restore_header(skb); + esp_output_done(base, err); +} + static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) { int err; struct ip_esp_hdr *esph; struct crypto_aead *aead; - struct aead_givcrypt_request *req; + struct aead_request *req; struct scatterlist *sg; - struct scatterlist *asg; struct sk_buff *trailer; void *tmp; int blksize; int clen; int alen; int plen; + int ivlen; int tfclen; int nfrags; int assoclen; - int sglists; int seqhilen; u8 *iv; u8 *tail; __be32 *seqhi; + __be64 seqno; /* skb is pure payload to encrypt */ aead = x-data; alen = crypto_aead_authsize(aead); + ivlen = crypto_aead_ivsize(aead); tfclen = 0; if (x-tfcpad) { @@ -187,16 +193,14 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) nfrags = err; assoclen = sizeof(*esph); - sglists = 1; seqhilen = 0; if (x-props.flags XFRM_STATE_ESN) { - sglists += 2; seqhilen += sizeof(__be32); assoclen += seqhilen; } - tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); + tmp = esp_alloc_tmp(aead, nfrags, seqhilen); if (!tmp) { err = -ENOMEM; goto error; @@ -204,9 +208,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) seqhi = esp_tmp_seqhi(tmp); iv = esp_tmp_iv(aead, tmp, seqhilen); - req = esp_tmp_givreq(aead, iv); - asg = esp_givreq_sg(aead, req); - sg = asg + sglists; + req = esp_tmp_req(aead, iv); + sg = esp_req_sg(aead, req); /* Fill padding... */ tail = skb_tail_pointer(trailer); @@ -227,36 +230,53 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) esph = ip_esp_hdr(skb); *skb_mac_header(skb) = IPPROTO_ESP; - esph-spi = x-id.spi;
[v2 PATCH 5/13] crypto: testmgr - Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/testmgr.c | 84 +++ 1 file changed, 48 insertions(+), 36 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 1817252..e6472b2 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -427,7 +427,6 @@ static int __test_aead(struct crypto_aead *tfm, int enc, char *key; struct aead_request *req; struct scatterlist *sg; - struct scatterlist *asg; struct scatterlist *sgout; const char *e, *d; struct tcrypt_result result; @@ -454,11 +453,10 @@ static int __test_aead(struct crypto_aead *tfm, int enc, goto out_nooutbuf; /* avoid the frame size is larger than 1024 bytes compiler warning */ - sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 3 : 2), GFP_KERNEL); + sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 4 : 2), GFP_KERNEL); if (!sg) goto out_nosg; - asg = sg[8]; - sgout = asg[8]; + sgout = sg[16]; if (diff_dst) d = -ddst; @@ -537,23 +535,28 @@ static int __test_aead(struct crypto_aead *tfm, int enc, goto out; } + k = !!template[i].alen; + sg_init_table(sg, k + 1); + sg_set_buf(sg[0], assoc, template[i].alen); + if (diff_dst) { + sg_init_table(sgout, k + 1); + sg_set_buf(sgout[0], assoc, template[i].alen); + output = xoutbuf[0]; output += align_offset; - sg_init_one(sg[0], input, template[i].ilen); - sg_init_one(sgout[0], output, template[i].rlen); + sg_set_buf(sg[k], input, template[i].ilen); + sg_set_buf(sgout[k], output, template[i].rlen); } else { - sg_init_one(sg[0], input, - template[i].ilen + (enc ? authsize : 0)); + sg_set_buf(sg[k], input, + template[i].ilen + (enc ? authsize : 0)); output = input; } - sg_init_one(asg[0], assoc, template[i].alen); - aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, template[i].ilen, iv); - aead_request_set_assoc(req, asg, template[i].alen); + aead_request_set_ad(req, template[i].alen, 0); ret = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); @@ -633,9 +636,29 @@ static int __test_aead(struct crypto_aead *tfm, int enc, authsize = abs(template[i].rlen - template[i].ilen); ret = -EINVAL; - sg_init_table(sg, template[i].np); + sg_init_table(sg, template[i].anp + template[i].np); if (diff_dst) - sg_init_table(sgout, template[i].np); + sg_init_table(sgout, template[i].anp + template[i].np); + + ret = -EINVAL; + for (k = 0, temp = 0; k template[i].anp; k++) { + if (WARN_ON(offset_in_page(IDX[k]) + + template[i].atap[k] PAGE_SIZE)) + goto out; + sg_set_buf(sg[k], + memcpy(axbuf[IDX[k] PAGE_SHIFT] + + offset_in_page(IDX[k]), + template[i].assoc + temp, + template[i].atap[k]), + template[i].atap[k]); + if (diff_dst) + sg_set_buf(sgout[k], + axbuf[IDX[k] PAGE_SHIFT] + + offset_in_page(IDX[k]), + template[i].atap[k]); + temp += template[i].atap[k]; + } + for (k = 0, temp = 0; k template[i].np; k++) { if (WARN_ON(offset_in_page(IDX[k]) + template[i].tap[k] PAGE_SIZE)) @@ -643,7 +666,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc, q = xbuf[IDX[k] PAGE_SHIFT] + offset_in_page(IDX[k]); memcpy(q, template[i].input + temp, template[i].tap[k]); - sg_set_buf(sg[k], q, template[i].tap[k]); + sg_set_buf(sg[template[i].anp + k], + q, template[i].tap[k]); if (diff_dst) { q = xoutbuf[IDX[k]
[v2 PATCH 6/13] xfrm: Add IV generator information to xfrm_algo_desc
This patch adds IV generator information for each AEAD and block cipher to xfrm_algo_desc. This will be used to access the new AEAD interface. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- include/net/xfrm.h |2 ++ net/xfrm/xfrm_algo.c | 16 2 files changed, 18 insertions(+) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 36ac102..30bca86 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1314,6 +1314,7 @@ static inline int xfrm_id_proto_match(u8 proto, u8 userproto) * xfrm algorithm information */ struct xfrm_algo_aead_info { + char *geniv; u16 icv_truncbits; }; @@ -1323,6 +1324,7 @@ struct xfrm_algo_auth_info { }; struct xfrm_algo_encr_info { + char *geniv; u16 blockbits; u16 defkeybits; }; diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index 12e82a5..67266b7 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c @@ -31,6 +31,7 @@ static struct xfrm_algo_desc aead_list[] = { .uinfo = { .aead = { + .geniv = seqniv, .icv_truncbits = 64, } }, @@ -49,6 +50,7 @@ static struct xfrm_algo_desc aead_list[] = { .uinfo = { .aead = { + .geniv = seqniv, .icv_truncbits = 96, } }, @@ -67,6 +69,7 @@ static struct xfrm_algo_desc aead_list[] = { .uinfo = { .aead = { + .geniv = seqniv, .icv_truncbits = 128, } }, @@ -85,6 +88,7 @@ static struct xfrm_algo_desc aead_list[] = { .uinfo = { .aead = { + .geniv = seqniv, .icv_truncbits = 64, } }, @@ -103,6 +107,7 @@ static struct xfrm_algo_desc aead_list[] = { .uinfo = { .aead = { + .geniv = seqniv, .icv_truncbits = 96, } }, @@ -121,6 +126,7 @@ static struct xfrm_algo_desc aead_list[] = { .uinfo = { .aead = { + .geniv = seqniv, .icv_truncbits = 128, } }, @@ -139,6 +145,7 @@ static struct xfrm_algo_desc aead_list[] = { .uinfo = { .aead = { + .geniv = seqiv, .icv_truncbits = 128, } }, @@ -353,6 +360,7 @@ static struct xfrm_algo_desc ealg_list[] = { .uinfo = { .encr = { + .geniv = echainiv, .blockbits = 64, .defkeybits = 64, } @@ -373,6 +381,7 @@ static struct xfrm_algo_desc ealg_list[] = { .uinfo = { .encr = { + .geniv = echainiv, .blockbits = 64, .defkeybits = 192, } @@ -393,6 +402,7 @@ static struct xfrm_algo_desc ealg_list[] = { .uinfo = { .encr = { + .geniv = echainiv, .blockbits = 64, .defkeybits = 128, } @@ -413,6 +423,7 @@ static struct xfrm_algo_desc ealg_list[] = { .uinfo = { .encr = { + .geniv = echainiv, .blockbits = 64, .defkeybits = 128, } @@ -433,6 +444,7 @@ static struct xfrm_algo_desc ealg_list[] = { .uinfo = { .encr = { + .geniv = echainiv, .blockbits = 128, .defkeybits = 128, } @@ -453,6 +465,7 @@ static struct xfrm_algo_desc ealg_list[] = { .uinfo = { .encr = { + .geniv = echainiv, .blockbits = 128, .defkeybits = 128, } @@ -473,6 +486,7 @@ static struct xfrm_algo_desc ealg_list[] = { .uinfo = { .encr = { + .geniv = echainiv, .blockbits = 128, .defkeybits = 128, } @@ -493,6 +507,7 @@ static struct xfrm_algo_desc ealg_list[] = { .uinfo = { .encr = { + .geniv = echainiv, .blockbits = 128, .defkeybits = 128, } @@ -512,6 +527,7 @@ static struct xfrm_algo_desc ealg_list[] = { .uinfo = { .encr = { + .geniv = seqiv, .blockbits = 128, .defkeybits = 160, /* 128-bit key + 32-bit nonce */ } -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to
Re: [PATCH 5/7] esp6: Switch to new AEAD interface
On Fri, May 22, 2015 at 09:16:08AM +0200, Stephan Mueller wrote: Thanks for the pointer, but there I do not really see the functionality I am looking for. I see patch 10/16 which seems to indicate that the geniv logic is now to be invoked as a normal AEAD cipher. I yet fail to see where the distinction is made in the code that an IV is to be generated versus the given IV is to be used. Only IV generators algorithms will generate IV. The generated IV will be placed at the start of cipher text. See patches 14-16 for the actual implementation. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 7/7] mac80211: Switch to new AEAD interface
On Fri, 2015-05-22 at 15:41 +0800, Herbert Xu wrote: Did this have a code section at the end? Without it it's difficult to pin-point the crash because your compiler produces different output than mine. Oops, sorry, of course - I was running in a VM :) [ 26.143579] BUG: unable to handle kernel NULL pointer dereference at (null) [ 26.144406] IP: [811d9e7d] scatterwalk_map_and_copy+0x3d/0xd0 [ 26.145071] PGD da3a067 PUD d9ee067 PMD 0 [ 26.145514] Oops: [#1] PREEMPT SMP DEBUG_PAGEALLOC [ 26.146146] CPU: 1 PID: 661 Comm: hostapd Not tainted 4.0.0+ #860 [ 26.146746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 26.148333] task: 88000d9a4a20 ti: 8807 task.ti: 8807 [ 26.149625] RIP: 0010:[811d9e7d] [811d9e7d] scatterwalk_map_and_copy+0x3d/0xd0 [ 26.151223] RSP: 0018:880733b8 EFLAGS: 00010246 [ 26.152156] RAX: RBX: 0010 RCX: 77ff8000 [ 26.153396] RDX: 8000 RSI: RDI: 880733c8 [ 26.153481] RBP: 88073428 R08: 0001 R09: 0010 [ 26.153481] R10: 0010 R11: 0012 R12: 0001 [ 26.153481] R13: 880735f8 R14: R15: 0030 [ 26.153481] FS: 7f20eee60700() GS:88000f60() knlGS: [ 26.153481] CS: 0010 DS: ES: CR0: 80050033 [ 26.153481] CR2: CR3: 0da2a000 CR4: 07a0 [ 26.153481] Stack: [ 26.153481] 0030 880733d8 811e05c6 [ 26.153481] 880733f8 811df815 880735f8 88073598 [ 26.153481] 88073408 811dfc86 88073438 880735f8 [ 26.153481] Call Trace: [ 26.153481] [811e05c6] ? shash_async_final+0x16/0x20 [ 26.153481] [811df815] ? crypto_ahash_op+0x25/0x60 [ 26.153481] [811dfc86] ? crypto_ahash_final+0x16/0x20 [ 26.153481] [811e3608] gcm_enc_copy_hash+0x28/0x30 [ 26.153481] [811e36fc] crypto_gcm_encrypt+0xec/0x100 [ 26.153481] [811e3610] ? gcm_enc_copy_hash+0x30/0x30 [ 26.153481] [811da875] old_crypt+0xc5/0xe0 [ 26.153481] [811da8cd] old_encrypt+0x1d/0x20 [ 26.153481] [814b688b] ieee80211_aes_gmac+0x21b/0x230 [...] [ 26.153481] [81543dee] system_call_fastpath+0x12/0x76 [ 26.153481] Code: 89 e5 41 55 49 89 fd 41 54 48 8d 7d a0 45 89 c4 53 89 cb 48 83 ec 58 e8 12 ff ff ff ba 00 00 00 80 48 b9 00 00 00 80 ff 77 00 00 48 8b 30 48 83 e6 fc 4c 01 ea 48 0f 42 0d 81 31 63 00 48 01 ca [ 26.153481] RIP [811d9e7d] scatterwalk_map_and_copy +0x3d/0xd0 [ 26.153481] RSP 880733b8 [ 26.153481] CR2: [ 26.153481] ---[ end trace b6af799d0103eb26 ]--- johannes -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 7/7] mac80211: Switch to new AEAD interface
On Fri, May 22, 2015 at 09:32:28AM +0200, Johannes Berg wrote: The CCM and GCM part seems to work, but GMAC causes a kernel crash: Awesome :) [ 26.143579] BUG: unable to handle kernel NULL pointer dereference at (null) [ 26.144406] IP: [811d9e7d] scatterwalk_map_and_copy+0x3d/0xd0 [ 26.145071] PGD da3a067 PUD d9ee067 PMD 0 [ 26.145514] Oops: [#1] PREEMPT SMP DEBUG_PAGEALLOC [ 26.146146] CPU: 1 PID: 661 Comm: hostapd Not tainted 4.0.0+ #860 [ 26.146746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 26.148333] task: 88000d9a4a20 ti: 8807 task.ti: 8807 [ 26.149625] RIP: 0010:[811d9e7d] [811d9e7d] scatterwalk_map_and_copy+0x3d/0xd0 [ 26.151223] RSP: 0018:880733b8 EFLAGS: 00010246 [ 26.152156] RAX: RBX: 0010 RCX: 77ff8000 [ 26.153396] RDX: 8000 RSI: RDI: 880733c8 [ 26.153481] RBP: 88073428 R08: 0001 R09: 0010 [ 26.153481] R10: 0010 R11: 0012 R12: 0001 [ 26.153481] R13: 880735f8 R14: R15: 0030 [ 26.153481] FS: 7f20eee60700() GS:88000f60() knlGS: [ 26.153481] CS: 0010 DS: ES: CR0: 80050033 [ 26.153481] CR2: CR3: 0da2a000 CR4: 07a0 [ 26.153481] Stack: [ 26.153481] 0030 880733d8 811e05c6 [ 26.153481] 880733f8 811df815 880735f8 88073598 [ 26.153481] 88073408 811dfc86 88073438 880735f8 [ 26.153481] Call Trace: [ 26.153481] [811e05c6] ? shash_async_final+0x16/0x20 [ 26.153481] [811df815] ? crypto_ahash_op+0x25/0x60 [ 26.153481] [811dfc86] ? crypto_ahash_final+0x16/0x20 [ 26.153481] [811e3608] gcm_enc_copy_hash+0x28/0x30 [ 26.153481] [811e36fc] crypto_gcm_encrypt+0xec/0x100 [ 26.153481] [811e3610] ? gcm_enc_copy_hash+0x30/0x30 [ 26.153481] [811da875] old_crypt+0xc5/0xe0 [ 26.153481] [811da8cd] old_encrypt+0x1d/0x20 [ 26.153481] [814b688b] ieee80211_aes_gmac+0x21b/0x230 [ 26.153481] [811e3710] ? crypto_gcm_encrypt+0x100/0x100 [ 26.153481] [811e2f10] ? __gcm_hash_final_done+0x60/0x60 [ 26.153481] [814b66a4] ? ieee80211_aes_gmac+0x34/0x230 [ 26.153481] [81498621] ieee80211_crypto_aes_gmac_encrypt+0x191/0x1a0 [ 26.153481] [8153b794] ieee80211_tx_h_encrypt+0x67/0x77 [ 26.153481] [814cd496] invoke_tx_handlers+0xe6/0x1b0 Did this have a code section at the end? Without it it's difficult to pin-point the crash because your compiler produces different output than mine. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[v2 PATCH 3/13] crypto: echainiv - Use aead_register_instance
New style AEAD instances must use aead_register_instance. This worked by chance because aead_geniv_alloc is still setting things the old way. This patch converts the template over to the create model where we are responsible for instance registration so that we can call the correct function. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/echainiv.c | 42 +++--- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/crypto/echainiv.c b/crypto/echainiv.c index e5a9878..86e92fa 100644 --- a/crypto/echainiv.c +++ b/crypto/echainiv.c @@ -430,26 +430,24 @@ static void echainiv_exit(struct crypto_tfm *tfm) crypto_put_default_null_skcipher(); } -static struct crypto_template echainiv_tmpl; - -static struct crypto_instance *echainiv_aead_alloc(struct rtattr **tb) +static int echainiv_aead_create(struct crypto_template *tmpl, + struct rtattr **tb) { struct aead_instance *inst; struct crypto_aead_spawn *spawn; struct aead_alg *alg; + int err; - inst = aead_geniv_alloc(echainiv_tmpl, tb, 0, 0); + inst = aead_geniv_alloc(tmpl, tb, 0, 0); if (IS_ERR(inst)) - goto out; + return PTR_ERR(inst); + err = -EINVAL; if (inst-alg.ivsize sizeof(u64) || inst-alg.ivsize (sizeof(u32) - 1) || - inst-alg.ivsize MAX_IV_SIZE) { - aead_geniv_free(inst); - inst = ERR_PTR(-EINVAL); - goto out; - } + inst-alg.ivsize MAX_IV_SIZE) + goto free_inst; spawn = aead_instance_ctx(inst); alg = crypto_spawn_aead_alg(spawn); @@ -474,26 +472,32 @@ static struct crypto_instance *echainiv_aead_alloc(struct rtattr **tb) inst-alg.base.cra_exit = echainiv_compat_exit; } + err = aead_register_instance(tmpl, inst); + if (err) + goto free_inst; + out: - return aead_crypto_instance(inst); + return err; + +free_inst: + aead_geniv_free(inst); + goto out; } -static struct crypto_instance *echainiv_alloc(struct rtattr **tb) +static int echainiv_create(struct crypto_template *tmpl, struct rtattr **tb) { - struct crypto_instance *inst; int err; err = crypto_get_default_rng(); if (err) - return ERR_PTR(err); - - inst = echainiv_aead_alloc(tb); + goto out; - if (IS_ERR(inst)) + err = echainiv_aead_create(tmpl, tb); + if (err) goto put_rng; out: - return inst; + return err; put_rng: crypto_put_default_rng(); @@ -508,7 +512,7 @@ static void echainiv_free(struct crypto_instance *inst) static struct crypto_template echainiv_tmpl = { .name = echainiv, - .alloc = echainiv_alloc, + .create = echainiv_create, .free = echainiv_free, .module = THIS_MODULE, }; -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 5/7] esp6: Switch to new AEAD interface
Am Freitag, 22. Mai 2015, 14:45:54 schrieb Herbert Xu: Hi Herbert, On Fri, May 22, 2015 at 08:40:25AM +0200, Stephan Mueller wrote: If I may ask, where in your initial patch set is now decided that the IV generator is used (i.e. so that the givcrypt API is not needed any more)? Please see https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg14270.html Thanks for the pointer, but there I do not really see the functionality I am looking for. I see patch 10/16 which seems to indicate that the geniv logic is now to be invoked as a normal AEAD cipher. I yet fail to see where the distinction is made in the code that an IV is to be generated versus the given IV is to be used. Ciao Stephan -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[v2 PATCH 0/13] crypto: Convert all AEAD users to new interface
Hi: This is the second version of the series. The first four patches make the new IV generators use aead_register_instance instead of the obsolete crypto_register_instance. I've also added two more conversions for tcrypt and algif_aead. Original description: This series of patches convert all in-tree AEAD users that I could find to the new single SG list interface. For IPsec it also adopts the new explicit IV generator scheme. To recap, the old AEAD interface takes an associated data (AD) SG list in addition to the plain/cipher text SG list(s). That forces the underlying AEAD algorithm implementors to try to stitch those two lists together where possible in order to maximise the contiguous chunk of memory passed to the ICV/hash function. Things get even more hairy for IPsec as it has a third piece of memory, the generated IV (giv) that needs to be hashed. One look at the nasty things authenc does for example is enough to make anyone puke :) In fact the interface is just getting in our way because for the main user IPsec the data is naturally contiguous as the protocol was designed with this in mind. So the new AEAD interface gets rid of the separate AD SG list and instead simply requires the AD to be at the head of the src and dst SG lists. There is further provision for optional space between the AD and the plain/cipher text for ease of implementation. The conversion of in-tree users is fairly straightforward. The only non-trivial bit is IPsec as I'm taking this opportunity to move the IV generation knowledge into IPsec as that's where it belongs since we may in future wish to support different generation schemes for a single algorithm. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 5/7] esp6: Switch to new AEAD interface
On Fri, May 22, 2015 at 08:40:25AM +0200, Stephan Mueller wrote: If I may ask, where in your initial patch set is now decided that the IV generator is used (i.e. so that the givcrypt API is not needed any more)? Please see https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg14270.html Do I understand it correctly that you want to retire the givcrypt API entirely? Correct. IV generation will be carried as normal AEAD algorithms. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 7/7] mac80211: Switch to new AEAD interface
On Thu, 2015-05-21 at 18:44 +0800, Herbert Xu wrote: This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. The CCM and GCM part seems to work, but GMAC causes a kernel crash: [ 26.143579] BUG: unable to handle kernel NULL pointer dereference at (null) [ 26.144406] IP: [811d9e7d] scatterwalk_map_and_copy+0x3d/0xd0 [ 26.145071] PGD da3a067 PUD d9ee067 PMD 0 [ 26.145514] Oops: [#1] PREEMPT SMP DEBUG_PAGEALLOC [ 26.146146] CPU: 1 PID: 661 Comm: hostapd Not tainted 4.0.0+ #860 [ 26.146746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 26.148333] task: 88000d9a4a20 ti: 8807 task.ti: 8807 [ 26.149625] RIP: 0010:[811d9e7d] [811d9e7d] scatterwalk_map_and_copy+0x3d/0xd0 [ 26.151223] RSP: 0018:880733b8 EFLAGS: 00010246 [ 26.152156] RAX: RBX: 0010 RCX: 77ff8000 [ 26.153396] RDX: 8000 RSI: RDI: 880733c8 [ 26.153481] RBP: 88073428 R08: 0001 R09: 0010 [ 26.153481] R10: 0010 R11: 0012 R12: 0001 [ 26.153481] R13: 880735f8 R14: R15: 0030 [ 26.153481] FS: 7f20eee60700() GS:88000f60() knlGS: [ 26.153481] CS: 0010 DS: ES: CR0: 80050033 [ 26.153481] CR2: CR3: 0da2a000 CR4: 07a0 [ 26.153481] Stack: [ 26.153481] 0030 880733d8 811e05c6 [ 26.153481] 880733f8 811df815 880735f8 88073598 [ 26.153481] 88073408 811dfc86 88073438 880735f8 [ 26.153481] Call Trace: [ 26.153481] [811e05c6] ? shash_async_final+0x16/0x20 [ 26.153481] [811df815] ? crypto_ahash_op+0x25/0x60 [ 26.153481] [811dfc86] ? crypto_ahash_final+0x16/0x20 [ 26.153481] [811e3608] gcm_enc_copy_hash+0x28/0x30 [ 26.153481] [811e36fc] crypto_gcm_encrypt+0xec/0x100 [ 26.153481] [811e3610] ? gcm_enc_copy_hash+0x30/0x30 [ 26.153481] [811da875] old_crypt+0xc5/0xe0 [ 26.153481] [811da8cd] old_encrypt+0x1d/0x20 [ 26.153481] [814b688b] ieee80211_aes_gmac+0x21b/0x230 [ 26.153481] [811e3710] ? crypto_gcm_encrypt+0x100/0x100 [ 26.153481] [811e2f10] ? __gcm_hash_final_done+0x60/0x60 [ 26.153481] [814b66a4] ? ieee80211_aes_gmac+0x34/0x230 [ 26.153481] [81498621] ieee80211_crypto_aes_gmac_encrypt+0x191/0x1a0 [ 26.153481] [8153b794] ieee80211_tx_h_encrypt+0x67/0x77 [ 26.153481] [814cd496] invoke_tx_handlers+0xe6/0x1b0 johannes -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[v2 PATCH 1/13] crypto: aead - Add crypto_aead_alg_ivsize/maxauthsize
AEAD algorithm implementors need to figure out a given algorithm's IV size and maximum authentication size. During the transition this is difficult to do as an algorithm could be new style or old style. This patch creates two helpers to make this easier. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/aead.c | 15 +++ include/crypto/aead.h | 21 ++--- include/crypto/internal/aead.h | 19 +++ 3 files changed, 28 insertions(+), 27 deletions(-) diff --git a/crypto/aead.c b/crypto/aead.c index 5fa992a..c1f73a9 100644 --- a/crypto/aead.c +++ b/crypto/aead.c @@ -69,7 +69,7 @@ int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize) { int err; - if (authsize tfm-maxauthsize) + if (authsize crypto_aead_maxauthsize(tfm)) return -EINVAL; if (tfm-setauthsize) { @@ -162,8 +162,6 @@ static int crypto_old_aead_init_tfm(struct crypto_tfm *tfm) crt-givdecrypt = aead_null_givdecrypt; } crt-child = __crypto_aead_cast(tfm); - crt-ivsize = alg-ivsize; - crt-maxauthsize = alg-maxauthsize; crt-authsize = alg-maxauthsize; return 0; @@ -182,8 +180,6 @@ static int crypto_aead_init_tfm(struct crypto_tfm *tfm) aead-encrypt = alg-encrypt; aead-decrypt = alg-decrypt; aead-child = __crypto_aead_cast(tfm); - aead-ivsize = alg-ivsize; - aead-maxauthsize = alg-maxauthsize; aead-authsize = alg-maxauthsize; return 0; @@ -418,13 +414,8 @@ struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, alg = crypto_spawn_aead_alg(spawn); - if (alg-base.cra_aead.encrypt) { - ivsize = alg-base.cra_aead.ivsize; - maxauthsize = alg-base.cra_aead.maxauthsize; - } else { - ivsize = alg-ivsize; - maxauthsize = alg-maxauthsize; - } + ivsize = crypto_aead_alg_ivsize(alg); + maxauthsize = crypto_aead_alg_maxauthsize(alg); err = -EINVAL; if (!ivsize) diff --git a/include/crypto/aead.h b/include/crypto/aead.h index 177e6f4..ba28c61 100644 --- a/include/crypto/aead.h +++ b/include/crypto/aead.h @@ -139,9 +139,7 @@ struct crypto_aead { struct crypto_aead *child; - unsigned int ivsize; unsigned int authsize; - unsigned int maxauthsize; unsigned int reqsize; struct crypto_tfm base; @@ -187,6 +185,23 @@ static inline struct crypto_aead *crypto_aead_crt(struct crypto_aead *tfm) return tfm; } +static inline struct old_aead_alg *crypto_old_aead_alg(struct crypto_aead *tfm) +{ + return crypto_aead_tfm(tfm)-__crt_alg-cra_aead; +} + +static inline struct aead_alg *crypto_aead_alg(struct crypto_aead *tfm) +{ + return container_of(crypto_aead_tfm(tfm)-__crt_alg, + struct aead_alg, base); +} + +static inline unsigned int crypto_aead_alg_ivsize(struct aead_alg *alg) +{ + return alg-base.cra_aead.encrypt ? alg-base.cra_aead.ivsize : + alg-ivsize; +} + /** * crypto_aead_ivsize() - obtain IV size * @tfm: cipher handle @@ -198,7 +213,7 @@ static inline struct crypto_aead *crypto_aead_crt(struct crypto_aead *tfm) */ static inline unsigned int crypto_aead_ivsize(struct crypto_aead *tfm) { - return tfm-ivsize; + return crypto_aead_alg_ivsize(crypto_aead_alg(tfm)); } /** diff --git a/include/crypto/internal/aead.h b/include/crypto/internal/aead.h index 08f2ca6..4137330 100644 --- a/include/crypto/internal/aead.h +++ b/include/crypto/internal/aead.h @@ -30,17 +30,6 @@ struct crypto_aead_spawn { extern const struct crypto_type crypto_aead_type; extern const struct crypto_type crypto_nivaead_type; -static inline struct old_aead_alg *crypto_old_aead_alg(struct crypto_aead *tfm) -{ - return crypto_aead_tfm(tfm)-__crt_alg-cra_aead; -} - -static inline struct aead_alg *crypto_aead_alg(struct crypto_aead *tfm) -{ - return container_of(crypto_aead_tfm(tfm)-__crt_alg, - struct aead_alg, base); -} - static inline void *crypto_aead_ctx(struct crypto_aead *tfm) { return crypto_tfm_ctx(tfm-base); @@ -145,9 +134,15 @@ static inline void crypto_aead_set_reqsize(struct crypto_aead *aead, crypto_aead_crt(aead)-reqsize = reqsize; } +static inline unsigned int crypto_aead_alg_maxauthsize(struct aead_alg *alg) +{ + return alg-base.cra_aead.encrypt ? alg-base.cra_aead.maxauthsize : + alg-maxauthsize; +} + static inline unsigned int crypto_aead_maxauthsize(struct crypto_aead *aead) { - return aead-maxauthsize; + return crypto_aead_alg_maxauthsize(crypto_aead_alg(aead)); } int crypto_register_aead(struct aead_alg *alg); -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the
[v2 PATCH 2/13] crypto: seqiv - Use aead_register_instance
New style AEAD instances must use aead_register_instance. This worked by chance because aead_geniv_alloc is still setting things the old way. This patch converts the template over to the create model where we are responsible for instance registration so that we can call the correct function. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/seqiv.c | 135 + 1 file changed, 79 insertions(+), 56 deletions(-) diff --git a/crypto/seqiv.c b/crypto/seqiv.c index a9bfbda..2680e94 100644 --- a/crypto/seqiv.c +++ b/crypto/seqiv.c @@ -38,6 +38,8 @@ struct seqiv_aead_ctx { u8 salt[] __attribute__ ((aligned(__alignof__(u32; }; +static void seqiv_free(struct crypto_instance *inst); + static int seqiv_aead_setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) { @@ -583,23 +585,20 @@ static void seqiv_aead_exit(struct crypto_tfm *tfm) crypto_put_default_null_skcipher(); } -static struct crypto_template seqiv_tmpl; -static struct crypto_template seqniv_tmpl; - -static struct crypto_instance *seqiv_ablkcipher_alloc(struct rtattr **tb) +static int seqiv_ablkcipher_create(struct crypto_template *tmpl, + struct rtattr **tb) { struct crypto_instance *inst; + int err; - inst = skcipher_geniv_alloc(seqiv_tmpl, tb, 0, 0); + inst = skcipher_geniv_alloc(tmpl, tb, 0, 0); if (IS_ERR(inst)) - goto out; + return PTR_ERR(inst); - if (inst-alg.cra_ablkcipher.ivsize sizeof(u64)) { - skcipher_geniv_free(inst); - inst = ERR_PTR(-EINVAL); - goto out; - } + err = -EINVAL; + if (inst-alg.cra_ablkcipher.ivsize sizeof(u64)) + goto free_inst; inst-alg.cra_ablkcipher.givencrypt = seqiv_givencrypt_first; @@ -609,18 +608,28 @@ static struct crypto_instance *seqiv_ablkcipher_alloc(struct rtattr **tb) inst-alg.cra_ctxsize += inst-alg.cra_ablkcipher.ivsize; inst-alg.cra_ctxsize += sizeof(struct seqiv_ctx); + inst-alg.cra_alignmask |= __alignof__(u32) - 1; + + err = crypto_register_instance(tmpl, inst); + if (err) + goto free_inst; + out: - return inst; + return err; + +free_inst: + skcipher_geniv_free(inst); + goto out; } -static struct crypto_instance *seqiv_old_aead_alloc(struct aead_instance *aead) +static int seqiv_old_aead_create(struct crypto_template *tmpl, +struct aead_instance *aead) { struct crypto_instance *inst = aead_crypto_instance(aead); + int err = -EINVAL; - if (inst-alg.cra_aead.ivsize sizeof(u64)) { - aead_geniv_free(aead); - return ERR_PTR(-EINVAL); - } + if (inst-alg.cra_aead.ivsize sizeof(u64)) + goto free_inst; inst-alg.cra_aead.givencrypt = seqiv_aead_givencrypt_first; @@ -630,28 +639,38 @@ static struct crypto_instance *seqiv_old_aead_alloc(struct aead_instance *aead) inst-alg.cra_ctxsize = inst-alg.cra_aead.ivsize; inst-alg.cra_ctxsize += sizeof(struct seqiv_ctx); - return inst; + err = crypto_register_instance(tmpl, inst); + if (err) + goto free_inst; + +out: + return err; + +free_inst: + aead_geniv_free(aead); + goto out; } -static struct crypto_instance *seqiv_aead_alloc(struct rtattr **tb) +static int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb) { struct aead_instance *inst; struct crypto_aead_spawn *spawn; struct aead_alg *alg; + int err; - inst = aead_geniv_alloc(seqiv_tmpl, tb, 0, 0); + inst = aead_geniv_alloc(tmpl, tb, 0, 0); if (IS_ERR(inst)) - goto out; + return PTR_ERR(inst); + + inst-alg.base.cra_alignmask |= __alignof__(u32) - 1; if (inst-alg.base.cra_aead.encrypt) - return seqiv_old_aead_alloc(inst); + return seqiv_old_aead_create(tmpl, inst); - if (inst-alg.ivsize sizeof(u64)) { - aead_geniv_free(inst); - inst = ERR_PTR(-EINVAL); - goto out; - } + err = -EINVAL; + if (inst-alg.ivsize sizeof(u64)) + goto free_inst; spawn = aead_instance_ctx(inst); alg = crypto_spawn_aead_alg(spawn); @@ -675,43 +694,43 @@ static struct crypto_instance *seqiv_aead_alloc(struct rtattr **tb) inst-alg.base.cra_exit = seqiv_aead_compat_exit; } + err = aead_register_instance(tmpl, inst); + if (err) + goto free_inst; + out: - return aead_crypto_instance(inst); + return err; + +free_inst: + aead_geniv_free(inst); + goto out; } -static struct crypto_instance *seqiv_alloc(struct rtattr **tb) +static int
Re: [PATCH 5/7] esp6: Switch to new AEAD interface
Am Donnerstag, 21. Mai 2015, 18:44:03 schrieb Herbert Xu: Hi Herbert, - aead_givcrypt_set_callback(req, 0, esp_output_done, skb); - aead_givcrypt_set_crypt(req, sg, sg, clen, iv); - aead_givcrypt_set_assoc(req, asg, assoclen); - aead_givcrypt_set_giv(req, esph-enc_data, -XFRM_SKB_CB(skb)-seq.output.low); + aead_request_set_crypt(req, sg, sg, ivlen + clen, iv); + aead_request_set_ad(req, assoclen, 0); If I may ask, where in your initial patch set is now decided that the IV generator is used (i.e. so that the givcrypt API is not needed any more)? Do I understand it correctly that you want to retire the givcrypt API entirely? Thanks Stephan -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 7/7] mac80211: Switch to new AEAD interface
On Fri, 2015-05-22 at 16:05 +0800, Herbert Xu wrote: On Fri, May 22, 2015 at 09:43:28AM +0200, Johannes Berg wrote: Oops, sorry, of course - I was running in a VM :) Thanks! Does this patch on top help? Yep, that fixes things. johannes -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[v2 PATCH 10/13] mac802154: Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- net/mac802154/llsec.c | 41 ++--- 1 file changed, 14 insertions(+), 27 deletions(-) diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c index 3ccf1e9..e6332cd 100644 --- a/net/mac802154/llsec.c +++ b/net/mac802154/llsec.c @@ -650,7 +650,7 @@ llsec_do_encrypt_auth(struct sk_buff *skb, const struct mac802154_llsec *sec, u8 iv[16]; unsigned char *data; int authlen, assoclen, datalen, rc; - struct scatterlist src, assoc[2], dst[2]; + struct scatterlist sg; struct aead_request *req; authlen = ieee802154_sechdr_authtag_len(hdr-sec); @@ -660,30 +660,23 @@ llsec_do_encrypt_auth(struct sk_buff *skb, const struct mac802154_llsec *sec, if (!req) return -ENOMEM; - sg_init_table(assoc, 2); - sg_set_buf(assoc[0], skb_mac_header(skb), skb-mac_len); assoclen = skb-mac_len; data = skb_mac_header(skb) + skb-mac_len; datalen = skb_tail_pointer(skb) - data; - if (hdr-sec.level IEEE802154_SCF_SECLEVEL_ENC) { - sg_set_buf(assoc[1], data, 0); - } else { - sg_set_buf(assoc[1], data, datalen); + skb_put(skb, authlen); + + sg_init_one(sg, skb_mac_header(skb), assoclen + datalen + authlen); + + if (!(hdr-sec.level IEEE802154_SCF_SECLEVEL_ENC)) { assoclen += datalen; datalen = 0; } - sg_init_one(src, data, datalen); - - sg_init_table(dst, 2); - sg_set_buf(dst[0], data, datalen); - sg_set_buf(dst[1], skb_put(skb, authlen), authlen); - aead_request_set_callback(req, 0, NULL, NULL); - aead_request_set_assoc(req, assoc, assoclen); - aead_request_set_crypt(req, src, dst, datalen, iv); + aead_request_set_crypt(req, sg, sg, datalen, iv); + aead_request_set_ad(req, assoclen, 0); rc = crypto_aead_encrypt(req); @@ -859,7 +852,7 @@ llsec_do_decrypt_auth(struct sk_buff *skb, const struct mac802154_llsec *sec, u8 iv[16]; unsigned char *data; int authlen, datalen, assoclen, rc; - struct scatterlist src, assoc[2]; + struct scatterlist sg; struct aead_request *req; authlen = ieee802154_sechdr_authtag_len(hdr-sec); @@ -869,27 +862,21 @@ llsec_do_decrypt_auth(struct sk_buff *skb, const struct mac802154_llsec *sec, if (!req) return -ENOMEM; - sg_init_table(assoc, 2); - sg_set_buf(assoc[0], skb_mac_header(skb), skb-mac_len); assoclen = skb-mac_len; data = skb_mac_header(skb) + skb-mac_len; datalen = skb_tail_pointer(skb) - data; - if (hdr-sec.level IEEE802154_SCF_SECLEVEL_ENC) { - sg_set_buf(assoc[1], data, 0); - } else { - sg_set_buf(assoc[1], data, datalen - authlen); + sg_init_one(sg, skb_mac_header(skb), assoclen + datalen); + + if (!(hdr-sec.level IEEE802154_SCF_SECLEVEL_ENC)) { assoclen += datalen - authlen; - data += datalen - authlen; datalen = authlen; } - sg_init_one(src, data, datalen); - aead_request_set_callback(req, 0, NULL, NULL); - aead_request_set_assoc(req, assoc, assoclen); - aead_request_set_crypt(req, src, src, datalen, iv); + aead_request_set_crypt(req, sg, sg, datalen, iv); + aead_request_set_ad(req, assoclen, 0); rc = crypto_aead_decrypt(req); -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[v2 PATCH 12/13] crypto: tcrypt - Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- crypto/tcrypt.c | 15 +++ 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 2bff613..336bd94 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -277,7 +277,6 @@ static void test_aead_speed(const char *algo, int enc, unsigned int secs, const char *key; struct aead_request *req; struct scatterlist *sg; - struct scatterlist *asg; struct scatterlist *sgout; const char *e; void *assoc; @@ -309,11 +308,10 @@ static void test_aead_speed(const char *algo, int enc, unsigned int secs, if (testmgr_alloc_buf(xoutbuf)) goto out_nooutbuf; - sg = kmalloc(sizeof(*sg) * 8 * 3, GFP_KERNEL); + sg = kmalloc(sizeof(*sg) * 9 * 2, GFP_KERNEL); if (!sg) goto out_nosg; - asg = sg[8]; - sgout = asg[8]; + sgout = sg[9]; tfm = crypto_alloc_aead(algo, 0, 0); @@ -339,7 +337,8 @@ static void test_aead_speed(const char *algo, int enc, unsigned int secs, do { assoc = axbuf[0]; memset(assoc, 0xff, aad_size); - sg_init_one(asg[0], assoc, aad_size); + sg_set_buf(sg[0], assoc, aad_size); + sg_set_buf(sgout[0], assoc, aad_size); if ((*keysize + *b_size) TVMEMSIZE * PAGE_SIZE) { pr_err(template (%u) too big for tvmem (%lu)\n, @@ -375,14 +374,14 @@ static void test_aead_speed(const char *algo, int enc, unsigned int secs, goto out; } - sg_init_aead(sg[0], xbuf, + sg_init_aead(sg[1], xbuf, *b_size + (enc ? authsize : 0)); - sg_init_aead(sgout[0], xoutbuf, + sg_init_aead(sgout[1], xoutbuf, *b_size + (enc ? authsize : 0)); aead_request_set_crypt(req, sg, sgout, *b_size, iv); - aead_request_set_assoc(req, asg, aad_size); + aead_request_set_ad(req, aad_size, 0); if (secs) ret = test_aead_jiffies(req, enc, *b_size, -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[v2 PATCH 7/13] ipsec: Add IV generator information to xfrm_state
This patch adds IV generator information to xfrm_state. This is currently obtained from our own list of algorithm descriptions. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au --- include/net/xfrm.h |1 + net/key/af_key.c |1 + net/xfrm/xfrm_user.c | 40 +++- 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 30bca86..f0ee97e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -168,6 +168,7 @@ struct xfrm_state { struct xfrm_algo*ealg; struct xfrm_algo*calg; struct xfrm_algo_aead *aead; + const char *geniv; /* Data for encapsulator */ struct xfrm_encap_tmpl *encap; diff --git a/net/key/af_key.c b/net/key/af_key.c index f0d52d7..3c5b8ce 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -1190,6 +1190,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, memcpy(x-ealg-alg_key, key+1, keysize); } x-props.ealgo = sa-sadb_sa_encrypt; + x-geniv = a-uinfo.encr.geniv; } } /* x-algo.flags = sa-sadb_sa_flags; */ diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 2091664..bd16c6c 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -289,6 +289,31 @@ static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, return 0; } +static int attach_crypt(struct xfrm_state *x, struct nlattr *rta) +{ + struct xfrm_algo *p, *ualg; + struct xfrm_algo_desc *algo; + + if (!rta) + return 0; + + ualg = nla_data(rta); + + algo = xfrm_ealg_get_byname(ualg-alg_name, 1); + if (!algo) + return -ENOSYS; + x-props.ealgo = algo-desc.sadb_alg_id; + + p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL); + if (!p) + return -ENOMEM; + + strcpy(p-alg_name, algo-name); + x-ealg = p; + x-geniv = algo-uinfo.encr.geniv; + return 0; +} + static int attach_auth(struct xfrm_algo_auth **algpp, u8 *props, struct nlattr *rta) { @@ -349,8 +374,7 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, return 0; } -static int attach_aead(struct xfrm_algo_aead **algpp, u8 *props, - struct nlattr *rta) +static int attach_aead(struct xfrm_state *x, struct nlattr *rta) { struct xfrm_algo_aead *p, *ualg; struct xfrm_algo_desc *algo; @@ -363,14 +387,15 @@ static int attach_aead(struct xfrm_algo_aead **algpp, u8 *props, algo = xfrm_aead_get_byname(ualg-alg_name, ualg-alg_icv_len, 1); if (!algo) return -ENOSYS; - *props = algo-desc.sadb_alg_id; + x-props.ealgo = algo-desc.sadb_alg_id; p = kmemdup(ualg, aead_len(ualg), GFP_KERNEL); if (!p) return -ENOMEM; strcpy(p-alg_name, algo-name); - *algpp = p; + x-aead = p; + x-geniv = algo-uinfo.aead.geniv; return 0; } @@ -515,8 +540,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, if (attrs[XFRMA_SA_EXTRA_FLAGS]) x-props.extra_flags = nla_get_u32(attrs[XFRMA_SA_EXTRA_FLAGS]); - if ((err = attach_aead(x-aead, x-props.ealgo, - attrs[XFRMA_ALG_AEAD]))) + if ((err = attach_aead(x, attrs[XFRMA_ALG_AEAD]))) goto error; if ((err = attach_auth_trunc(x-aalg, x-props.aalgo, attrs[XFRMA_ALG_AUTH_TRUNC]))) @@ -526,9 +550,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, attrs[XFRMA_ALG_AUTH]))) goto error; } - if ((err = attach_one_algo(x-ealg, x-props.ealgo, - xfrm_ealg_get_byname, - attrs[XFRMA_ALG_CRYPT]))) + if ((err = attach_crypt(x, attrs[XFRMA_ALG_CRYPT]))) goto error; if ((err = attach_one_algo(x-calg, x-props.calgo, xfrm_calg_get_byname, -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/2] crypto: Use tmpl-create when registering geniv
On Fri, May 22, 2015 at 11:04:39PM +0200, Stephan Mueller wrote: Am Freitag, 22. Mai 2015, 22:59:34 schrieb Stephan Mueller: Hi Stephan, Am Freitag, 22. Mai 2015, 16:31:04 schrieb Herbert Xu: Hi Herbert, This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Using an up-to date tree with the full set of patches of this patch set, I get the following oops. It can easily be reproduced by using [1]: go to libkcapi/test/ and compile with make. Then execute ./test.sh [1] http://www.chronox.de/libkcapi.html Note, gcm(aes) looks good. Only rfc4106(gcm(aes)) causes the crash. Thanks for the report! The crash is because ablkcipher/aead are still using tmpl-alloc and I forgot about them. The following two patches will fix the crash by making them call tmpl-create if it is set. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [v2 PATCH 13/13] crypto: algif_aead - Switch to new AEAD interface
On Fri, May 22, 2015 at 11:04:39PM +0200, Stephan Mueller wrote: Note, gcm(aes) looks good. Only rfc4106(gcm(aes)) causes the crash. Actually it looks like the culprit hasn't been merged yet so I'll just respin the series. Anyway, this patch should fix your crash: diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index b3dded4..b15d797 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -586,6 +586,13 @@ static int crypto_givcipher_default(struct crypto_alg *alg, u32 type, u32 mask) if (!tmpl) goto kill_larval; + if (tmpl-create) { + err = tmpl-create(tmpl, tb); + if (err) + goto put_tmpl; + goto ok; + } + inst = tmpl-alloc(tb); err = PTR_ERR(inst); if (IS_ERR(inst)) @@ -597,6 +604,7 @@ static int crypto_givcipher_default(struct crypto_alg *alg, u32 type, u32 mask) goto put_tmpl; } +ok: /* Redo the lookup to use the instance we just registered. */ err = -EAGAIN; diff --git a/crypto/aead.c b/crypto/aead.c index 8b26613..070e4b9 100644 --- a/crypto/aead.c +++ b/crypto/aead.c @@ -570,6 +570,13 @@ static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask) if (!tmpl) goto kill_larval; + if (tmpl-create) { + err = tmpl-create(tmpl, tb); + if (err) + goto put_tmpl; + goto ok; + } + inst = tmpl-alloc(tb); err = PTR_ERR(inst); if (IS_ERR(inst)) @@ -581,6 +588,7 @@ static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask) goto put_tmpl; } +ok: /* Redo the lookup to use the instance we just registered. */ err = -EAGAIN; -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [V5 PATCH 1/5] ACPI / scan: Parse _CCA and setup device coherency
Not sure if this went out earlier. So I am resending. On 5/22/15 16:56, Rafael J. Wysocki wrote: diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c index 39c485b..b9657af 100644 --- a/drivers/acpi/glue.c +++ b/drivers/acpi/glue.c @@ -13,6 +13,7 @@ #include linux/slab.h #include linux/rwsem.h #include linux/acpi.h +#include linux/dma-mapping.h #include internal.h @@ -167,6 +168,7 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) struct list_head *physnode_list; unsigned int node_id; int retval = -EINVAL; + bool coherent; if (has_acpi_companion(dev)) { if (acpi_dev) { @@ -223,6 +225,9 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) if (!has_acpi_companion(dev)) ACPI_COMPANION_SET(dev, acpi_dev); + if (acpi_check_dma(acpi_dev, coherent)) + arch_setup_dma_ops(dev, 0, 0, NULL, coherent); + Well, so is this going to work for PCI too after all? No, as Bjorn suggested, PCI changes for setting DMA coherent from _CCA (patch 3/6 in V4) will be submitted separately. We are working on cleaning up and up-streaming the PCI ACPI support for ARM64. Thanks, Suravee -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [v2 PATCH 13/13] crypto: algif_aead - Switch to new AEAD interface
Am Freitag, 22. Mai 2015, 16:31:04 schrieb Herbert Xu: Hi Herbert, This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Using an up-to date tree with the full set of patches of this patch set, I get the following oops. It can easily be reproduced by using [1]: go to libkcapi/test/ and compile with make. Then execute ./test.sh [1] http://www.chronox.de/libkcapi.html [ 22.680910] BUG: unable to handle kernel NULL pointer dereference at (null) [ 22.680915] IP: [ (null)] (null) [ 22.680917] PGD 3c62e067 PUD 3b28e067 PMD 0 [ 22.680919] Oops: 0010 [#1] SMP [ 22.680921] Modules linked in: seqiv ccm gcm crypto_null algif_aead algif_skcipher sha512_ssse3 sha512_generic mcryptd sha1_ssse3 sha1_generic crypto_user des3_ede_x86_64 des_generic algif_hash af_alg nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack cfg80211 ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 glue_helper ablk_helper joydev microcode virtio_console serio_raw virtio_balloon pcspkr i2c_piix4 acpi_cpufreq qxl drm_kms_helper ttm drm virtio_net [ 22.680948] virtio_blk virtio_pci virtio_ring virtio [ 22.680952] CPU: 1 PID: 1889 Comm: kcapi Not tainted 4.0.0+ #122 [ 22.680954] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 22.680955] task: 88003c08cc80 ti: 88003b30 task.ti: 88003b30 [ 22.680956] RIP: 0010:[] [ (null)] (null) [ 22.680958] RSP: 0018:88003b303ce0 EFLAGS: 00010282 [ 22.680959] RAX: a02f5080 RBX: a0138b20 RCX: 0001 [ 22.680960] RDX: 0001 RSI: a02f5368 RDI: 88003b303cf8 [ 22.680961] RBP: 88003b303d88 R08: R09: eaecbd00 [ 22.680962] R10: 810676b4 R11: 88003c275240 R12: 88003b1ff200 [ 22.680963] R13: fffe R14: a02f5080 R15: 0203 [ 22.680965] FS: 7fade1fe8700() GS:88003fd0() knlGS: [ 22.680966] CS: 0010 DS: ES: CR0: 80050033 [ 22.680967] CR2: CR3: 3bdc9000 CR4: 000407e0 [ 22.680971] Stack: [ 22.680973] 812b7e6d 0002000c0003 020f0203 88003b303cec [ 22.680975] 88003b303d14 00010044812b49c4 2d36303134636672 [ 22.680977] 6e7365612d6d6367 0069 [ 22.680979] Call Trace: [ 22.680984] [812b7e6d] ? crypto_nivaead_default+0x14d/0x1a0 [ 22.680986] [812b7f5a] crypto_lookup_aead+0x9a/0xf0 [ 22.680989] [812b4f33] crypto_alloc_tfm+0x63/0x130 [ 22.680992] [81193dd1] ? kmem_cache_alloc_trace+0x1f1/0x230 [ 22.680994] [812b7fc9] crypto_alloc_aead+0x19/0x20 [ 22.680996] [a02d638e] aead_bind+0xe/0x10 [algif_aead] [ 22.680999] [a02848d0] alg_bind+0x60/0x130 [af_alg] [ 22.681003] [81561f68] SYSC_bind+0xb8/0xf0 [ 22.681003] [811c7eb5] ? fd_install+0x25/0x30 [ 22.681003] [81562850] ? SyS_socket+0x90/0xd0 [ 22.681003] [8104a0f7] ? trace_do_page_fault+0x37/0xb0 [ 22.681003] [81562ade] SyS_bind+0xe/0x10 [ 22.681003] [81687f6e] system_call_fastpath+0x12/0x71 [ 22.681003] Code: Bad RIP value. [ 22.681003] RIP [ (null)] (null) [ 22.681003] RSP 88003b303ce0 [ 22.681003] CR2: [ 22.681053] ---[ end trace c1a8ba963ebab541 ]--- -- Ciao Stephan -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [V5 PATCH 1/5] ACPI / scan: Parse _CCA and setup device coherency
On Wednesday, May 20, 2015 05:09:14 PM Suravee Suthikulpanit wrote: This patch implements support for ACPI _CCA object, which is introduced in ACPIv5.1, can be used for specifying device DMA coherency attribute. The parsing logic traverses device namespace to parse coherency information, and stores it in acpi_device_flags. Then uses it to call arch_setup_dma_ops() when creating each device enumerated in DSDT during ACPI scan. This patch also introduces acpi_dma_is_coherent(), which provides an interface for device drivers to check the coherency information similarly to the of_dma_is_coherent(). Signed-off-by: Mark Salter msal...@redhat.com Signed-off-by: Suravee Suthikulpanit suravee.suthikulpa...@amd.com --- drivers/acpi/Kconfig | 3 +++ drivers/acpi/acpi_platform.c | 2 +- drivers/acpi/glue.c | 5 + drivers/acpi/scan.c | 35 +++ include/acpi/acpi_bus.h | 37 - include/linux/acpi.h | 5 + 6 files changed, 85 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig index ab2cbb5..212735f 100644 --- a/drivers/acpi/Kconfig +++ b/drivers/acpi/Kconfig @@ -54,6 +54,9 @@ config ACPI_GENERIC_GSI config ACPI_SYSTEM_POWER_STATES_SUPPORT bool +config ACPI_CCA_REQUIRED + bool + config ACPI_SLEEP bool depends on SUSPEND || HIBERNATION diff --git a/drivers/acpi/acpi_platform.c b/drivers/acpi/acpi_platform.c index 4bf7559..06a67d5 100644 --- a/drivers/acpi/acpi_platform.c +++ b/drivers/acpi/acpi_platform.c @@ -103,7 +103,7 @@ struct platform_device *acpi_create_platform_device(struct acpi_device *adev) pdevinfo.res = resources; pdevinfo.num_res = count; pdevinfo.fwnode = acpi_fwnode_handle(adev); - pdevinfo.dma_mask = DMA_BIT_MASK(32); + pdevinfo.dma_mask = acpi_check_dma(adev, NULL) ? DMA_BIT_MASK(32) : 0; pdev = platform_device_register_full(pdevinfo); if (IS_ERR(pdev)) dev_err(adev-dev, platform device creation failed: %ld\n, diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c index 39c485b..b9657af 100644 --- a/drivers/acpi/glue.c +++ b/drivers/acpi/glue.c @@ -13,6 +13,7 @@ #include linux/slab.h #include linux/rwsem.h #include linux/acpi.h +#include linux/dma-mapping.h #include internal.h @@ -167,6 +168,7 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) struct list_head *physnode_list; unsigned int node_id; int retval = -EINVAL; + bool coherent; if (has_acpi_companion(dev)) { if (acpi_dev) { @@ -223,6 +225,9 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) if (!has_acpi_companion(dev)) ACPI_COMPANION_SET(dev, acpi_dev); + if (acpi_check_dma(acpi_dev, coherent)) + arch_setup_dma_ops(dev, 0, 0, NULL, coherent); + Well, so is this going to work for PCI too after all? acpi_physnode_link_name(physical_node_name, node_id); retval = sysfs_create_link(acpi_dev-dev.kobj, dev-kobj, physical_node_name); -- I speak only for myself. Rafael J. Wysocki, Intel Open Source Technology Center. -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [v2 PATCH 13/13] crypto: algif_aead - Switch to new AEAD interface
Am Freitag, 22. Mai 2015, 22:59:34 schrieb Stephan Mueller: Hi Stephan, Am Freitag, 22. Mai 2015, 16:31:04 schrieb Herbert Xu: Hi Herbert, This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Using an up-to date tree with the full set of patches of this patch set, I get the following oops. It can easily be reproduced by using [1]: go to libkcapi/test/ and compile with make. Then execute ./test.sh [1] http://www.chronox.de/libkcapi.html Note, gcm(aes) looks good. Only rfc4106(gcm(aes)) causes the crash. -- Ciao Stephan -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Crypto Fixes for 4.1
On Thu, May 21, 2015 at 9:05 PM, Herbert Xu herb...@gondor.apana.org.au wrote: Please pull from git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git or master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git Mind fixing your script to not have that old master.kernel.org' thing that no longer works and hasn't worked in a long time? I thought I asked you earlier, but it turns out that was Dmitry and the input tree who had the same old script... Linus -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto: move Kconfig 842 to end of list, default to N
On Fri, May 22, 2015 at 08:08:28PM -0400, Dan Streetman wrote: Move the 842 compression alg choice to last in the list, so it's not in the middle of LZO/LZ4/LZ4HC. Change its default to N, as it is a very slow alg, which generally should only be used with compression hardware that's capable of doing it much faster. Signed-off-by: Dan Streetman ddstr...@ieee.org The default default is n so this is redundant. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] crypto: move Kconfig 842 to end of list, default to N
On Fri, May 22, 2015 at 8:34 PM, Herbert Xu herb...@gondor.apana.org.au wrote: On Fri, May 22, 2015 at 08:08:28PM -0400, Dan Streetman wrote: Move the 842 compression alg choice to last in the list, so it's not in the middle of LZO/LZ4/LZ4HC. Change its default to N, as it is a very slow alg, which generally should only be used with compression hardware that's capable of doing it much faster. Signed-off-by: Dan Streetman ddstr...@ieee.org The default default is n so this is redundant. ah ok. never mind then! :-) Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [V5 PATCH 1/5] ACPI / scan: Parse _CCA and setup device coherency
On 5/22/2015 8:25 PM, Rafael J. Wysocki wrote: On Friday, May 22, 2015 07:15:17 PM Suravee Suthikulanit wrote: On 5/22/2015 6:05 PM, Rafael J. Wysocki wrote: On Friday, May 22, 2015 05:24:15 PM Suravee Suthikulanit wrote: Not sure if this went out earlier. So I am resending. On 5/22/15 16:56, Rafael J. Wysocki wrote: diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c index 39c485b..b9657af 100644 --- a/drivers/acpi/glue.c +++ b/drivers/acpi/glue.c @@ -13,6 +13,7 @@ #include linux/slab.h #include linux/rwsem.h #include linux/acpi.h +#include linux/dma-mapping.h #include internal.h @@ -167,6 +168,7 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) struct list_head *physnode_list; unsigned int node_id; int retval = -EINVAL; + bool coherent; if (has_acpi_companion(dev)) { if (acpi_dev) { @@ -223,6 +225,9 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) if (!has_acpi_companion(dev)) ACPI_COMPANION_SET(dev, acpi_dev); + if (acpi_check_dma(acpi_dev, coherent)) + arch_setup_dma_ops(dev, 0, 0, NULL, coherent); + Well, so is this going to work for PCI too after all? No, as Bjorn suggested, PCI changes for setting DMA coherent from _CCA (patch 3/6 in V4) will be submitted separately. We are working on cleaning up and up-streaming the PCI ACPI support for ARM64. OK, but acpi_bind_one() is called for PCI devices too. Won't that be a problem? In this case, we would be going through the following call path: -- pci_device_add() |-- pci_dma_configure() ** 1 ** |-- device_add() |-- platform_notify() |-- acpi_platform_notify() |-- acpi_bind_one() ** 2 ** At (1), we would be calling arch_setup_dma_ops() with the PCI host bridge _CCA information. So, it should have already taken care of setting up device coherency here. At (2), if there is no acpi_dev for endpoint devices (which I believe this is normally the case), it would return early and skip arch_setup_dma_ops(). That's not correct. There may be ACPI companions for endpoint devices too. Ok. Duly noted :) At (2), if there is an acpi_dev, the coherent_dma flag should have already been setup by the acpi_init_device_object during ACPI scan. That one sets the flag for the *ACPI* *companion* of the device, which I'm still thinking is pointless, isn't it? When you say pointless, are you referring to the part where we are end up calling arch_setup_dma_coherent() twice in this case? I am not quite following your point. However, I am not certain about this case since I don't have the DSDT containing PCI endpoint devices to test with. Every x86 PC has them (as far as I can say), but in that case there's no _CCA and they are all coherent. Ok. Thanks, Suravee -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH cryptodev] crypto: echainiv_read_iv() can be static
Signed-off-by: Fengguang Wu fengguang...@intel.com --- echainiv.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/echainiv.c b/crypto/echainiv.c index e5a9878..d0e325d0 100644 --- a/crypto/echainiv.c +++ b/crypto/echainiv.c @@ -67,7 +67,7 @@ static int echainiv_setauthsize(struct crypto_aead *tfm, } /* We don't care if we get preempted and read/write IVs from the next CPU. */ -void echainiv_read_iv(u8 *dst, unsigned size) +static void echainiv_read_iv(u8 *dst, unsigned size) { u32 *a = (u32 *)dst; u32 __percpu *b = echainiv_iv; @@ -78,7 +78,7 @@ void echainiv_read_iv(u8 *dst, unsigned size) } } -void echainiv_write_iv(const u8 *src, unsigned size) +static void echainiv_write_iv(const u8 *src, unsigned size) { const u32 *a = (const u32 *)src; u32 __percpu *b = echainiv_iv; -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: move Kconfig 842 to end of list, default to N
Move the 842 compression alg choice to last in the list, so it's not in the middle of LZO/LZ4/LZ4HC. Change its default to N, as it is a very slow alg, which generally should only be used with compression hardware that's capable of doing it much faster. Signed-off-by: Dan Streetman ddstr...@ieee.org --- crypto/Kconfig | 17 + 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 24df47b..62ced6f 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1419,14 +1419,6 @@ config CRYPTO_LZO help This is the LZO algorithm. -config CRYPTO_842 - tristate 842 compression algorithm - select CRYPTO_ALGAPI - select 842_COMPRESS - select 842_DECOMPRESS - help - This is the 842 algorithm. - config CRYPTO_LZ4 tristate LZ4 compression algorithm select CRYPTO_ALGAPI @@ -1443,6 +1435,15 @@ config CRYPTO_LZ4HC help This is the LZ4 high compression mode algorithm. +config CRYPTO_842 + tristate 842 compression algorithm + default n + select CRYPTO_ALGAPI + select 842_COMPRESS + select 842_DECOMPRESS + help + This is the 842 algorithm. + comment Random Number Generation config CRYPTO_ANSI_CPRNG -- 2.1.0 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [V5 PATCH 1/5] ACPI / scan: Parse _CCA and setup device coherency
On 5/22/2015 6:05 PM, Rafael J. Wysocki wrote: On Friday, May 22, 2015 05:24:15 PM Suravee Suthikulanit wrote: Not sure if this went out earlier. So I am resending. On 5/22/15 16:56, Rafael J. Wysocki wrote: diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c index 39c485b..b9657af 100644 --- a/drivers/acpi/glue.c +++ b/drivers/acpi/glue.c @@ -13,6 +13,7 @@ #include linux/slab.h #include linux/rwsem.h #include linux/acpi.h +#include linux/dma-mapping.h #include internal.h @@ -167,6 +168,7 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) struct list_head *physnode_list; unsigned int node_id; int retval = -EINVAL; + bool coherent; if (has_acpi_companion(dev)) { if (acpi_dev) { @@ -223,6 +225,9 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) if (!has_acpi_companion(dev)) ACPI_COMPANION_SET(dev, acpi_dev); + if (acpi_check_dma(acpi_dev, coherent)) + arch_setup_dma_ops(dev, 0, 0, NULL, coherent); + Well, so is this going to work for PCI too after all? No, as Bjorn suggested, PCI changes for setting DMA coherent from _CCA (patch 3/6 in V4) will be submitted separately. We are working on cleaning up and up-streaming the PCI ACPI support for ARM64. OK, but acpi_bind_one() is called for PCI devices too. Won't that be a problem? In this case, we would be going through the following call path: -- pci_device_add() |-- pci_dma_configure() ** 1 ** |-- device_add() |-- platform_notify() |-- acpi_platform_notify() |-- acpi_bind_one() ** 2 ** At (1), we would be calling arch_setup_dma_ops() with the PCI host bridge _CCA information. So, it should have already taken care of setting up device coherency here. At (2), if there is no acpi_dev for endpoint devices (which I believe this is normally the case), it would return early and skip arch_setup_dma_ops(). At (2), if there is an acpi_dev, the coherent_dma flag should have already been setup by the acpi_init_device_object during ACPI scan. However, I am not certain about this case since I don't have the DSDT containing PCI endpoint devices to test with. Thanks, Suravee -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [V5 PATCH 1/5] ACPI / scan: Parse _CCA and setup device coherency
On Friday, May 22, 2015 07:15:17 PM Suravee Suthikulanit wrote: On 5/22/2015 6:05 PM, Rafael J. Wysocki wrote: On Friday, May 22, 2015 05:24:15 PM Suravee Suthikulanit wrote: Not sure if this went out earlier. So I am resending. On 5/22/15 16:56, Rafael J. Wysocki wrote: diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c index 39c485b..b9657af 100644 --- a/drivers/acpi/glue.c +++ b/drivers/acpi/glue.c @@ -13,6 +13,7 @@ #include linux/slab.h #include linux/rwsem.h #include linux/acpi.h +#include linux/dma-mapping.h #include internal.h @@ -167,6 +168,7 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) struct list_head *physnode_list; unsigned int node_id; int retval = -EINVAL; + bool coherent; if (has_acpi_companion(dev)) { if (acpi_dev) { @@ -223,6 +225,9 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) if (!has_acpi_companion(dev)) ACPI_COMPANION_SET(dev, acpi_dev); + if (acpi_check_dma(acpi_dev, coherent)) + arch_setup_dma_ops(dev, 0, 0, NULL, coherent); + Well, so is this going to work for PCI too after all? No, as Bjorn suggested, PCI changes for setting DMA coherent from _CCA (patch 3/6 in V4) will be submitted separately. We are working on cleaning up and up-streaming the PCI ACPI support for ARM64. OK, but acpi_bind_one() is called for PCI devices too. Won't that be a problem? In this case, we would be going through the following call path: -- pci_device_add() |-- pci_dma_configure() ** 1 ** |-- device_add() |-- platform_notify() |-- acpi_platform_notify() |-- acpi_bind_one() ** 2 ** At (1), we would be calling arch_setup_dma_ops() with the PCI host bridge _CCA information. So, it should have already taken care of setting up device coherency here. At (2), if there is no acpi_dev for endpoint devices (which I believe this is normally the case), it would return early and skip arch_setup_dma_ops(). That's not correct. There may be ACPI companions for endpoint devices too. At (2), if there is an acpi_dev, the coherent_dma flag should have already been setup by the acpi_init_device_object during ACPI scan. That one sets the flag for the *ACPI* *companion* of the device, which I'm still thinking is pointless, isn't it? However, I am not certain about this case since I don't have the DSDT containing PCI endpoint devices to test with. Every x86 PC has them (as far as I can say), but in that case there's no _CCA and they are all coherent. -- I speak only for myself. Rafael J. Wysocki, Intel Open Source Technology Center. -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Crypto Fixes for 4.1
On Fri, May 22, 2015 at 02:29:11PM -0700, Linus Torvalds wrote: On Thu, May 21, 2015 at 9:05 PM, Herbert Xu herb...@gondor.apana.org.au wrote: Please pull from git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git or master.kernel.org:/pub/scm/linux/kernel/git/herbert/crypto-2.6.git Mind fixing your script to not have that old master.kernel.org' thing that no longer works and hasn't worked in a long time? I thought I asked you earlier, but it turns out that was Dmitry and the input tree who had the same old script... Sure I'll get rid of it. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [V5 PATCH 1/5] ACPI / scan: Parse _CCA and setup device coherency
On Friday, May 22, 2015 05:24:15 PM Suravee Suthikulanit wrote: Not sure if this went out earlier. So I am resending. On 5/22/15 16:56, Rafael J. Wysocki wrote: diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c index 39c485b..b9657af 100644 --- a/drivers/acpi/glue.c +++ b/drivers/acpi/glue.c @@ -13,6 +13,7 @@ #include linux/slab.h #include linux/rwsem.h #include linux/acpi.h +#include linux/dma-mapping.h #include internal.h @@ -167,6 +168,7 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) struct list_head *physnode_list; unsigned int node_id; int retval = -EINVAL; + bool coherent; if (has_acpi_companion(dev)) { if (acpi_dev) { @@ -223,6 +225,9 @@ int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev) if (!has_acpi_companion(dev)) ACPI_COMPANION_SET(dev, acpi_dev); + if (acpi_check_dma(acpi_dev, coherent)) + arch_setup_dma_ops(dev, 0, 0, NULL, coherent); + Well, so is this going to work for PCI too after all? No, as Bjorn suggested, PCI changes for setting DMA coherent from _CCA (patch 3/6 in V4) will be submitted separately. We are working on cleaning up and up-streaming the PCI ACPI support for ARM64. OK, but acpi_bind_one() is called for PCI devices too. Won't that be a problem? -- I speak only for myself. Rafael J. Wysocki, Intel Open Source Technology Center. -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: alloc of Intel rfc4106 crashes
On Fri, May 22, 2015 at 12:31:52PM +0200, Stephan Mueller wrote: With the current cryptodev-2.6 tree (ex the patches to AEAD from the last 2 days), I get the following oops that is triggered by simply calling This should be fixed in the latest tree by: commit 9b8c456e081e7eca856ad9b2a92980a68887f533 Author: Herbert Xu herb...@gondor.apana.org.au Date: Thu May 21 15:10:57 2015 +0800 crypto: cryptd - Use crypto_grab_aead Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
alloc of Intel rfc4106 crashes
Hi Herbert, Tadeusz, With the current cryptodev-2.6 tree (ex the patches to AEAD from the last 2 days), I get the following oops that is triggered by simply calling crypto_alloc_aead(rfc4106(gcm(aes)), 0, 0); Contrary, when calling crypto_alloc_aead(rfc4106(gcm(aes-generic)), 0, 0); all works fine. [ 57.461418] BUG: unable to handle kernel NULL pointer dereference at 0044 [ 57.461423] IP: [812b4e23] crypto_create_tfm+0x13/0xc0 [ 57.461428] PGD 0 [ 57.461430] Oops: [#1] SMP [ 57.461432] Modules linked in: gcm kcapi_cavs(OE) nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack cfg80211 ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 glue_helper ablk_helper microcode joydev virtio_balloon pcspkr serio_raw acpi_cpufreq i2c_piix4 qxl virtio_net virtio_blk drm_kms_helper ttm drm virtio_pci virtio_ring virtio [ 57.461457] CPU: 1 PID: 1975 Comm: cryptomgr_test Tainted: G OE 4.0.0+ #219 [ 57.461459] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140709_153950- 04/01/2014 [ 57.461460] task: 88007b40a200 ti: 88007b6f task.ti: 88007b6f [ 57.461461] RIP: 0010:[812b4e23] [812b4e23] crypto_create_tfm+0x13/0xc0 [ 57.461465] RSP: 0018:88007b6f3b08 EFLAGS: 00010287 [ 57.461466] RAX: a0131a00 RBX: a0131a00 RCX: 0003 [ 57.461467] RDX: 0001 RSI: RDI: a0131a00 [ 57.461468] RBP: 88007b6f3b28 R08: 000191e0 R09: 88007b08acc0 [ 57.461470] R10: 88007b08acc0 R11: R12: 88007a5a3338 [ 57.461471] R13: a0131a00 R14: R15: 8182fe80 [ 57.461472] FS: () GS:88007fd0() knlGS: [ 57.461473] CS: 0010 DS: ES: CR0: 80050033 [ 57.461475] CR2: 0044 CR3: 01c08000 CR4: 000407e0 [ 57.461478] Stack: [ 57.461480] a0131a00 88007a5a3338 88007a5a3200 [ 57.461482] 88007b6f3b58 812b5da4 88007b6f3b58 812b4e3a [ 57.461484] 88007b08acf8 88007b08acc0 88007b6f3b78 812c8361 [ 57.461486] Call Trace: [ 57.461492] [812b5da4] crypto_spawn_tfm2+0x34/0x60 [ 57.461494] [812b4e3a] ? crypto_create_tfm+0x2a/0xc0 [ 57.461497] [812c8361] cryptd_aead_init_tfm+0x21/0x50 [ 57.461499] [812b4e90] crypto_create_tfm+0x80/0xc0 [ 57.461501] [812b4f4b] crypto_alloc_tfm+0x7b/0x130 [ 57.461503] [8130bc44] ? snprintf+0x34/0x40 [ 57.461506] [812b7b89] crypto_alloc_aead+0x19/0x20 [ 57.461508] [812c7c0e] cryptd_alloc_aead+0x5e/0xb0 [ 57.461512] [81193b99] ? __kmalloc+0x259/0x2a0 [ 57.461517] [a0114233] rfc4106_init+0x33/0x80 [aesni_intel] [ 57.461521] [812b4e90] crypto_create_tfm+0x80/0xc0 [ 57.461523] [812b5da4] crypto_spawn_tfm2+0x34/0x60 [ 57.461526] [81193b99] ? __kmalloc+0x259/0x2a0 [ 57.461528] [812b78a1] aead_geniv_init+0x21/0x40 [ 57.461530] [812bb3cb] seqiv_aead_init+0x1b/0x20 [ 57.461532] [812b4e90] crypto_create_tfm+0x80/0xc0 [ 57.461544] [812b4f4b] crypto_alloc_tfm+0x7b/0x130 [ 57.461546] [812b7b89] crypto_alloc_aead+0x19/0x20 [ 57.461548] [812c2019] alg_test_aead+0x29/0xc0 [ 57.461550] [812be658] alg_test+0x198/0x3a0 [ 57.461553] [81682a30] ? __schedule+0x280/0x910 [ 57.461555] [812bd070] ? crypto_unregister_pcomp+0x20/0x20 [ 57.461556] [812bd0b5] cryptomgr_test+0x45/0x50 [ 57.461559] [81070b8b] kthread+0xdb/0x100 [ 57.461561] [81070ab0] ? kthread_create_on_node+0x170/0x170 [ 57.461564] [81687092] ret_from_fork+0x42/0x70 [ 57.461565] [81070ab0] ? kthread_create_on_node+0x170/0x170 [ 57.461566] Code: d2 48 8b 4d c0 48 8b 45 c8 eb aa 48 63 c3 e9 7c ff ff ff 0f 1f 44 00 00 66 66 66 66 90 55 48 89 e5 41 56 41 55 41 54 53 49 89 fd 8b 5e 44 49 89 f6 ff 56 08 be d0 80 00 00 8d 7c 03 50 e8 06 eb [ 57.461588] RIP [812b4e23] crypto_create_tfm+0x13/0xc0 [ 57.461591] RSP 88007b6f3b08 [ 57.461591] CR2: 0044 [ 57.461594] ---[ end trace 14501b7db9b27df8 ]--- [ 58.980163] [ cut here ] [ 58.980171] WARNING: CPU: 1 PID: 1944 at crypto/algapi.c:339 crypto_wait_for_test+0x71/0x90() [ 58.980172] Modules linked in: gcm kcapi_cavs(OE) nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT
crypto: pcrypt - Make tfm_count an atomic_t
The variable tfm_count is accessed by multiple threads without locking. This patch converts it to an atomic_t. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c index 3942a9f..ff174b6 100644 --- a/crypto/pcrypt.c +++ b/crypto/pcrypt.c @@ -20,6 +20,7 @@ #include crypto/algapi.h #include crypto/internal/aead.h +#include linux/atomic.h #include linux/err.h #include linux/init.h #include linux/module.h @@ -61,7 +62,7 @@ static struct kset *pcrypt_kset; struct pcrypt_instance_ctx { struct crypto_aead_spawn spawn; - unsigned int tfm_count; + atomic_t tfm_count; }; struct pcrypt_aead_ctx { @@ -278,9 +279,8 @@ static int pcrypt_aead_init_tfm(struct crypto_tfm *tfm) struct pcrypt_aead_ctx *ctx = crypto_tfm_ctx(tfm); struct crypto_aead *cipher; - ictx-tfm_count++; - - cpu_index = ictx-tfm_count % cpumask_weight(cpu_online_mask); + cpu_index = (unsigned int)atomic_inc_return(ictx-tfm_count) % + cpumask_weight(cpu_online_mask); ctx-cb_cpu = cpumask_first(cpu_online_mask); for (cpu = 0; cpu cpu_index; cpu++) -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 04/16] crypto: marvell/CESA: add DES support
Add support for DES operations. Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com Signed-off-by: Arnaud Ebalard a...@natisbad.org --- drivers/crypto/marvell/cesa.c | 2 + drivers/crypto/marvell/cesa.h | 2 + drivers/crypto/marvell/cipher.c | 150 3 files changed, 154 insertions(+) diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c index 1aef750..3e9aca5 100644 --- a/drivers/crypto/marvell/cesa.c +++ b/drivers/crypto/marvell/cesa.c @@ -165,6 +165,8 @@ static void mv_cesa_remove_algs(struct mv_cesa_dev *cesa) } static struct crypto_alg *armada_370_cipher_algs[] = { + mv_cesa_ecb_des_alg, + mv_cesa_cbc_des_alg, mv_cesa_ecb_aes_alg, mv_cesa_cbc_aes_alg, }; diff --git a/drivers/crypto/marvell/cesa.h b/drivers/crypto/marvell/cesa.h index fcacc70..5d91da3 100644 --- a/drivers/crypto/marvell/cesa.h +++ b/drivers/crypto/marvell/cesa.h @@ -790,6 +790,8 @@ int mv_cesa_dma_add_op_transfers(struct mv_cesa_tdma_chain *chain, extern struct ahash_alg mv_sha1_alg; extern struct ahash_alg mv_ahmac_sha1_alg; +extern struct crypto_alg mv_cesa_ecb_des_alg; +extern struct crypto_alg mv_cesa_cbc_des_alg; extern struct crypto_alg mv_cesa_ecb_aes_alg; extern struct crypto_alg mv_cesa_cbc_aes_alg; diff --git a/drivers/crypto/marvell/cipher.c b/drivers/crypto/marvell/cipher.c index 4296a58..0169fd7 100644 --- a/drivers/crypto/marvell/cipher.c +++ b/drivers/crypto/marvell/cipher.c @@ -13,9 +13,15 @@ */ #include crypto/aes.h +#include crypto/des.h #include cesa.h +struct mv_cesa_des_ctx { + struct mv_cesa_ctx base; + u8 key[DES_KEY_SIZE]; +}; + struct mv_cesa_aes_ctx { struct mv_cesa_ctx base; struct crypto_aes_ctx aes; @@ -223,6 +229,30 @@ static int mv_cesa_aes_setkey(struct crypto_ablkcipher *cipher, const u8 *key, return 0; } +static int mv_cesa_des_setkey(struct crypto_ablkcipher *cipher, const u8 *key, + unsigned int len) +{ + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); + struct mv_cesa_des_ctx *ctx = crypto_tfm_ctx(tfm); + u32 tmp[DES_EXPKEY_WORDS]; + int ret; + + if (len != DES_KEY_SIZE) { + crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + ret = des_ekey(tmp, key); + if (!ret (tfm-crt_flags CRYPTO_TFM_REQ_WEAK_KEY)) { + tfm-crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; + return -EINVAL; + } + + memcpy(ctx-key, key, DES_KEY_SIZE); + + return 0; +} + static int mv_cesa_ablkcipher_dma_req_init(struct ablkcipher_request *req, const struct mv_cesa_op_ctx *op_templ) { @@ -336,6 +366,126 @@ static int mv_cesa_ablkcipher_req_init(struct ablkcipher_request *req, return ret; } +static int mv_cesa_des_op(struct ablkcipher_request *req, + struct mv_cesa_op_ctx *tmpl) +{ + struct mv_cesa_des_ctx *ctx = crypto_tfm_ctx(req-base.tfm); + int ret; + + mv_cesa_update_op_cfg(tmpl, CESA_SA_DESC_CFG_CRYPTM_DES, + CESA_SA_DESC_CFG_CRYPTM_MSK); + + memcpy(tmpl-ctx.blkcipher.key, ctx-key, DES_KEY_SIZE); + + ret = mv_cesa_ablkcipher_req_init(req, tmpl); + if (ret) + return ret; + + ret = mv_cesa_queue_req(req-base); + if (ret ret != -EINPROGRESS) + mv_cesa_ablkcipher_cleanup(req); + + return ret; +} + +static int mv_cesa_ecb_des_encrypt(struct ablkcipher_request *req) +{ + struct mv_cesa_op_ctx tmpl; + + mv_cesa_set_op_cfg(tmpl, + CESA_SA_DESC_CFG_CRYPTCM_ECB | + CESA_SA_DESC_CFG_DIR_ENC); + + return mv_cesa_des_op(req, tmpl); +} + +static int mv_cesa_ecb_des_decrypt(struct ablkcipher_request *req) +{ + struct mv_cesa_op_ctx tmpl; + + mv_cesa_set_op_cfg(tmpl, + CESA_SA_DESC_CFG_CRYPTCM_ECB | + CESA_SA_DESC_CFG_DIR_DEC); + + return mv_cesa_des_op(req, tmpl); +} + +struct crypto_alg mv_cesa_ecb_des_alg = { + .cra_name = ecb(des), + .cra_driver_name = mv-ecb-des, + .cra_priority = 300, + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | +CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC, + .cra_blocksize = DES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct mv_cesa_des_ctx), + .cra_alignmask = 0, + .cra_type = crypto_ablkcipher_type, + .cra_module = THIS_MODULE, + .cra_init = mv_cesa_ablkcipher_cra_init, + .cra_u = { + .ablkcipher = { + .min_keysize = DES_KEY_SIZE, + .max_keysize = DES_KEY_SIZE, + .setkey = mv_cesa_des_setkey, + .encrypt = mv_cesa_ecb_des_encrypt, + .decrypt =
[PATCH v3 10/16] crypto: marvell/CESA: add support for Orion SoCs
Add the Orion SoC description, and select this implementation by default to support non-DT probing: Orion is the only platform where non-DT boards are declaring the CESA block. Control the allhwsupport module parameter to avoid probing the CESA IP when the old CESA driver is enabled (unless it is explicitly requested to do so). Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- drivers/crypto/marvell/cesa.c | 42 +++--- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c index f763981..a7a7e0e 100644 --- a/drivers/crypto/marvell/cesa.c +++ b/drivers/crypto/marvell/cesa.c @@ -168,6 +168,22 @@ static void mv_cesa_remove_algs(struct mv_cesa_dev *cesa) crypto_unregister_alg(cesa-caps-cipher_algs[i]); } +static struct crypto_alg *orion_cipher_algs[] = { + mv_cesa_ecb_des_alg, + mv_cesa_cbc_des_alg, + mv_cesa_ecb_des3_ede_alg, + mv_cesa_cbc_des3_ede_alg, + mv_cesa_ecb_aes_alg, + mv_cesa_cbc_aes_alg, +}; + +static struct ahash_alg *orion_ahash_algs[] = { + mv_md5_alg, + mv_sha1_alg, + mv_ahmac_md5_alg, + mv_ahmac_sha1_alg, +}; + static struct crypto_alg *armada_370_cipher_algs[] = { mv_cesa_ecb_des_alg, mv_cesa_cbc_des_alg, @@ -186,6 +202,15 @@ static struct ahash_alg *armada_370_ahash_algs[] = { mv_ahmac_sha256_alg, }; +static const struct mv_cesa_caps orion_caps = { + .nengines = 1, + .cipher_algs = orion_cipher_algs, + .ncipher_algs = ARRAY_SIZE(orion_cipher_algs), + .ahash_algs = orion_ahash_algs, + .nahash_algs = ARRAY_SIZE(orion_ahash_algs), + .has_tdma = false, +}; + static const struct mv_cesa_caps armada_370_caps = { .nengines = 1, .cipher_algs = armada_370_cipher_algs, @@ -205,6 +230,7 @@ static const struct mv_cesa_caps armada_xp_caps = { }; static const struct of_device_id mv_cesa_of_match_table[] = { + { .compatible = marvell,orion-crypto, .data = orion_caps }, { .compatible = marvell,armada-370-crypto, .data = armada_370_caps }, { .compatible = marvell,armada-xp-crypto, .data = armada_xp_caps }, { .compatible = marvell,armada-375-crypto, .data = armada_xp_caps }, @@ -330,7 +356,7 @@ static void mv_cesa_put_sram(struct platform_device *pdev, int idx) static int mv_cesa_probe(struct platform_device *pdev) { - const struct mv_cesa_caps *caps = NULL; + const struct mv_cesa_caps *caps = orion_caps; const struct mbus_dram_target_info *dram; const struct of_device_id *match; struct device *dev = pdev-dev; @@ -345,14 +371,16 @@ static int mv_cesa_probe(struct platform_device *pdev) return -EEXIST; } - if (!dev-of_node) - return -ENOTSUPP; + if (dev-of_node) { + match = of_match_node(mv_cesa_of_match_table, dev-of_node); + if (!match || !match-data) + return -ENOTSUPP; - match = of_match_node(mv_cesa_of_match_table, dev-of_node); - if (!match || !match-data) - return -ENOTSUPP; + caps = match-data; + } - caps = match-data; + if (caps == orion_caps !allhwsupport) + return -ENOTSUPP; cesa = devm_kzalloc(dev, sizeof(*cesa), GFP_KERNEL); if (!cesa) -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 07/16] crypto: marvell/CESA: add SHA256 support
From: Arnaud Ebalard a...@natisbad.org Add support for SHA256 operations. Signed-off-by: Arnaud Ebalard a...@natisbad.org Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- drivers/crypto/marvell/cesa.c | 2 + drivers/crypto/marvell/cesa.h | 2 + drivers/crypto/marvell/hash.c | 129 ++ 3 files changed, 133 insertions(+) diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c index 092304a..55fa6e8 100644 --- a/drivers/crypto/marvell/cesa.c +++ b/drivers/crypto/marvell/cesa.c @@ -176,8 +176,10 @@ static struct crypto_alg *armada_370_cipher_algs[] = { static struct ahash_alg *armada_370_ahash_algs[] = { mv_md5_alg, mv_sha1_alg, + mv_sha256_alg, mv_ahmac_md5_alg, mv_ahmac_sha1_alg, + mv_ahmac_sha256_alg, }; static const struct mv_cesa_caps armada_370_caps = { diff --git a/drivers/crypto/marvell/cesa.h b/drivers/crypto/marvell/cesa.h index 23c4603..497746b 100644 --- a/drivers/crypto/marvell/cesa.h +++ b/drivers/crypto/marvell/cesa.h @@ -789,8 +789,10 @@ int mv_cesa_dma_add_op_transfers(struct mv_cesa_tdma_chain *chain, extern struct ahash_alg mv_md5_alg; extern struct ahash_alg mv_sha1_alg; +extern struct ahash_alg mv_sha256_alg; extern struct ahash_alg mv_ahmac_md5_alg; extern struct ahash_alg mv_ahmac_sha1_alg; +extern struct ahash_alg mv_ahmac_sha256_alg; extern struct crypto_alg mv_cesa_ecb_des_alg; extern struct crypto_alg mv_cesa_cbc_des_alg; diff --git a/drivers/crypto/marvell/hash.c b/drivers/crypto/marvell/hash.c index 644c97d..890607b 100644 --- a/drivers/crypto/marvell/hash.c +++ b/drivers/crypto/marvell/hash.c @@ -917,6 +917,67 @@ struct ahash_alg mv_sha1_alg = { } }; +static int mv_cesa_sha256_init(struct ahash_request *req) +{ + struct mv_cesa_op_ctx tmpl; + + mv_cesa_set_op_cfg(tmpl, CESA_SA_DESC_CFG_MACM_SHA256); + + mv_cesa_ahash_init(req, tmpl); + + return 0; +} + +static int mv_cesa_sha256_digest(struct ahash_request *req) +{ + int ret; + + ret = mv_cesa_sha256_init(req); + if (ret) + return ret; + + return mv_cesa_ahash_finup(req); +} + +static int mv_cesa_sha256_export(struct ahash_request *req, void *out) +{ + struct sha256_state *out_state = out; + struct crypto_ahash *ahash = crypto_ahash_reqtfm(req); + struct mv_cesa_ahash_req *creq = ahash_request_ctx(req); + unsigned int ds = crypto_ahash_digestsize(ahash); + + out_state-count = creq-len; + memcpy(out_state-state, creq-state, ds); + memset(out_state-buf, 0, sizeof(out_state-buf)); + if (creq-cache) + memcpy(out_state-buf, creq-cache, creq-cache_ptr); + + return 0; +} + +struct ahash_alg mv_sha256_alg = { + .init = mv_cesa_sha256_init, + .update = mv_cesa_ahash_update, + .final = mv_cesa_ahash_final, + .finup = mv_cesa_ahash_finup, + .digest = mv_cesa_sha256_digest, + .export = mv_cesa_sha256_export, + .halg = { + .digestsize = SHA256_DIGEST_SIZE, + .base = { + .cra_name = sha256, + .cra_driver_name = mv-sha256, + .cra_priority = 300, + .cra_flags = CRYPTO_ALG_ASYNC | +CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = SHA256_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct mv_cesa_hash_ctx), + .cra_init = mv_cesa_ahash_cra_init, + .cra_module = THIS_MODULE, +} + } +}; + struct mv_cesa_ahash_result { struct completion completion; int error; @@ -1218,3 +1279,71 @@ struct ahash_alg mv_ahmac_sha1_alg = { } } }; + +static int mv_cesa_ahmac_sha256_setkey(struct crypto_ahash *tfm, const u8 *key, + unsigned int keylen) +{ + struct mv_cesa_hmac_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm)); + struct sha256_state istate, ostate; + int ret, i; + + ret = mv_cesa_ahmac_setkey(mv-sha256, key, keylen, istate, ostate); + if (ret) + return ret; + + for (i = 0; i ARRAY_SIZE(istate.state); i++) + ctx-iv[i] = be32_to_cpu(istate.state[i]); + + for (i = 0; i ARRAY_SIZE(ostate.state); i++) + ctx-iv[i + 8] = be32_to_cpu(ostate.state[i]); + + return 0; +} + +static int mv_cesa_ahmac_sha256_init(struct ahash_request *req) +{ + struct mv_cesa_hmac_ctx *ctx = crypto_tfm_ctx(req-base.tfm); + struct mv_cesa_op_ctx tmpl; + + mv_cesa_set_op_cfg(tmpl, CESA_SA_DESC_CFG_MACM_HMAC_SHA256); + memcpy(tmpl.ctx.hash.iv, ctx-iv, sizeof(ctx-iv)); + + mv_cesa_ahash_init(req, tmpl); + + return 0; +} + +static int mv_cesa_ahmac_sha256_digest(struct ahash_request *req) +{ + int ret; + +
[PATCH v3 14/16] ARM: marvell/dt: enable crypto on armada-xp-gp
Enable the crypto IP on armada-xp-gp. Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- arch/arm/boot/dts/armada-xp-gp.dts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/armada-xp-gp.dts b/arch/arm/boot/dts/armada-xp-gp.dts index 565227e..8a739f4 100644 --- a/arch/arm/boot/dts/armada-xp-gp.dts +++ b/arch/arm/boot/dts/armada-xp-gp.dts @@ -94,7 +94,9 @@ soc { ranges = MBUS_ID(0xf0, 0x01) 0 0 0xf100 0x10 MBUS_ID(0x01, 0x1d) 0 0 0xfff0 0x10 - MBUS_ID(0x01, 0x2f) 0 0 0xf000 0x100; + MBUS_ID(0x01, 0x2f) 0 0 0xf000 0x100 + MBUS_ID(0x09, 0x09) 0 0 0xf110 0x1 + MBUS_ID(0x09, 0x05) 0 0 0xf111 0x1; devbus-bootcs { status = okay; -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 11/16] crypto: marvell/CESA: add support for Kirkwood SoCs
From: Arnaud Ebalard a...@natisbad.org Add the Kirkwood SoC description, and control the allhwsupport module parameter to avoid probing the CESA IP when the old CESA driver is enabled (unless it is explicitly requested to do so). Signed-off-by: Arnaud Ebalard a...@natisbad.org Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- drivers/crypto/marvell/cesa.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c index a7a7e0e..16f9364 100644 --- a/drivers/crypto/marvell/cesa.c +++ b/drivers/crypto/marvell/cesa.c @@ -211,6 +211,15 @@ static const struct mv_cesa_caps orion_caps = { .has_tdma = false, }; +static const struct mv_cesa_caps kirkwood_caps = { + .nengines = 1, + .cipher_algs = orion_cipher_algs, + .ncipher_algs = ARRAY_SIZE(orion_cipher_algs), + .ahash_algs = orion_ahash_algs, + .nahash_algs = ARRAY_SIZE(orion_ahash_algs), + .has_tdma = true, +}; + static const struct mv_cesa_caps armada_370_caps = { .nengines = 1, .cipher_algs = armada_370_cipher_algs, @@ -231,6 +240,7 @@ static const struct mv_cesa_caps armada_xp_caps = { static const struct of_device_id mv_cesa_of_match_table[] = { { .compatible = marvell,orion-crypto, .data = orion_caps }, + { .compatible = marvell,kirkwood-crypto, .data = kirkwood_caps }, { .compatible = marvell,armada-370-crypto, .data = armada_370_caps }, { .compatible = marvell,armada-xp-crypto, .data = armada_xp_caps }, { .compatible = marvell,armada-375-crypto, .data = armada_xp_caps }, @@ -379,7 +389,7 @@ static int mv_cesa_probe(struct platform_device *pdev) caps = match-data; } - if (caps == orion_caps !allhwsupport) + if ((caps == orion_caps || caps == kirkwood_caps) !allhwsupport) return -ENOTSUPP; cesa = devm_kzalloc(dev, sizeof(*cesa), GFP_KERNEL); -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 16/16] ARM: marvell/dt: add crypto node to kirkwood dtsi
From: Arnaud Ebalard a...@natisbad.org Add crypto related nodes to kirkwood.dtsi. Signed-off-by: Arnaud Ebalard a...@natisbad.org Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- arch/arm/boot/dts/kirkwood.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/kirkwood.dtsi b/arch/arm/boot/dts/kirkwood.dtsi index 464f09a..1700b2b 100644 --- a/arch/arm/boot/dts/kirkwood.dtsi +++ b/arch/arm/boot/dts/kirkwood.dtsi @@ -41,7 +41,7 @@ pcie-io-aperture = 0xf200 0x10; /* 1 MiBI/O space */ cesa: crypto@0301 { - compatible = marvell,orion-crypto; + compatible = marvell,kirkwood-crypto; reg = MBUS_ID(0xf0, 0x01) 0x3 0x1, MBUS_ID(0x03, 0x01) 0 0x800; reg-names = regs, sram; -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 12/16] crypto: marvell/CESA: update DT bindings documentation
Add DT bindings documentation for the new marvell-cesa driver. Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- .../devicetree/bindings/crypto/marvell-cesa.txt| 46 ++ 1 file changed, 46 insertions(+) create mode 100644 Documentation/devicetree/bindings/crypto/marvell-cesa.txt diff --git a/Documentation/devicetree/bindings/crypto/marvell-cesa.txt b/Documentation/devicetree/bindings/crypto/marvell-cesa.txt new file mode 100644 index 000..4ce9bc5 --- /dev/null +++ b/Documentation/devicetree/bindings/crypto/marvell-cesa.txt @@ -0,0 +1,46 @@ +Marvell Cryptographic Engines And Security Accelerator + +Required properties: +- compatible: should be one of the following string + marvell,orion-crypto + marvell,kirkwood-crypto + marvell,armada-370-crypto + marvell,armada-xp-crypto + marvell,armada-375-crypto + marvell,armada-38x-crypto +- reg: base physical address of the engine and length of memory mapped + region +- reg-names: regs +- interrupts: interrupt number +- clocks: reference to the crypto engines clocks. This property is not + required for orion and kirkwood platforms +- clock-names: cesaX and cesazX, X should be replaced by the crypto engine + id. + This property is not required for the orion and kirkwoord + platforms. + cesazX clocks are not required on armada-370 platforms +- marvell,crypto-srams: phandle to crypto SRAM definitions + +Optional properties: +- marvell,crypto-sram-size: SRAM size reserved for crypto operations, if not + specified the whole SRAM is used (2KB) + +Deprecated properties: +- reg: base physical address of the engine and length of memory mapped + region, followed by base physical address of sram and its memory + length +- reg-names: regs , sram + +Examples: + + crypto@9 { + compatible = marvell,armada-xp-crypto; + reg = 0x9 0x1; + reg-names = regs; + interrupts = 48, 49; + clocks = gateclk 23, gateclk 23; + clock-names = cesa0, cesa1; + marvell,crypto-srams = crypto_sram0, crypto_sram1; + marvell,crypto-sram-size = 0x600; + status = okay; + }; -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 06/16] crypto: marvell/CESA: add MD5 support
From: Arnaud Ebalard a...@natisbad.org Add support for MD5 operations. Signed-off-by: Arnaud Ebalard a...@natisbad.org Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- drivers/crypto/marvell/cesa.c | 2 + drivers/crypto/marvell/cesa.h | 2 + drivers/crypto/marvell/hash.c | 142 +- 3 files changed, 144 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c index b1f7d38..092304a 100644 --- a/drivers/crypto/marvell/cesa.c +++ b/drivers/crypto/marvell/cesa.c @@ -174,7 +174,9 @@ static struct crypto_alg *armada_370_cipher_algs[] = { }; static struct ahash_alg *armada_370_ahash_algs[] = { + mv_md5_alg, mv_sha1_alg, + mv_ahmac_md5_alg, mv_ahmac_sha1_alg, }; diff --git a/drivers/crypto/marvell/cesa.h b/drivers/crypto/marvell/cesa.h index d886280..23c4603 100644 --- a/drivers/crypto/marvell/cesa.h +++ b/drivers/crypto/marvell/cesa.h @@ -787,7 +787,9 @@ int mv_cesa_dma_add_op_transfers(struct mv_cesa_tdma_chain *chain, /* Algorithm definitions */ +extern struct ahash_alg mv_md5_alg; extern struct ahash_alg mv_sha1_alg; +extern struct ahash_alg mv_ahmac_md5_alg; extern struct ahash_alg mv_ahmac_sha1_alg; extern struct crypto_alg mv_cesa_ecb_des_alg; diff --git a/drivers/crypto/marvell/hash.c b/drivers/crypto/marvell/hash.c index 94b3f97..644c97d 100644 --- a/drivers/crypto/marvell/hash.c +++ b/drivers/crypto/marvell/hash.c @@ -12,6 +12,7 @@ * by the Free Software Foundation. */ +#include crypto/md5.h #include crypto/sha.h #include cesa.h @@ -346,8 +347,16 @@ static int mv_cesa_ahash_process(struct crypto_async_request *req, u32 status) ahashreq-nbytes - creq-cache_ptr); if (creq-last_req) { - for (i = 0; i digsize / 4; i++) - creq-state[i] = cpu_to_be32(creq-state[i]); + for (i = 0; i digsize / 4; i++) { + /* +* Hardware provides MD5 digest in a different +* endianness than SHA-1 and SHA-256 ones. +*/ + if (digsize == MD5_DIGEST_SIZE) + creq-state[i] = cpu_to_le32(creq-state[i]); + else + creq-state[i] = cpu_to_be32(creq-state[i]); + } memcpy(ahashreq-result, creq-state, digsize); } @@ -786,6 +795,67 @@ static int mv_cesa_ahash_finup(struct ahash_request *req) return ret; } +static int mv_cesa_md5_init(struct ahash_request *req) +{ + struct mv_cesa_op_ctx tmpl; + + mv_cesa_set_op_cfg(tmpl, CESA_SA_DESC_CFG_MACM_MD5); + + mv_cesa_ahash_init(req, tmpl); + + return 0; +} + +static int mv_cesa_md5_export(struct ahash_request *req, void *out) +{ + struct md5_state *out_state = out; + struct crypto_ahash *ahash = crypto_ahash_reqtfm(req); + struct mv_cesa_ahash_req *creq = ahash_request_ctx(req); + unsigned int digsize = crypto_ahash_digestsize(ahash); + + out_state-byte_count = creq-len; + memcpy(out_state-hash, creq-state, digsize); + memset(out_state-block, 0, sizeof(out_state-block)); + if (creq-cache) + memcpy(out_state-block, creq-cache, creq-cache_ptr); + + return 0; +} + +static int mv_cesa_md5_digest(struct ahash_request *req) +{ + int ret; + + ret = mv_cesa_md5_init(req); + if (ret) + return ret; + + return mv_cesa_ahash_finup(req); +} + +struct ahash_alg mv_md5_alg = { + .init = mv_cesa_md5_init, + .update = mv_cesa_ahash_update, + .final = mv_cesa_ahash_final, + .finup = mv_cesa_ahash_finup, + .digest = mv_cesa_md5_digest, + .export = mv_cesa_md5_export, + .halg = { + .digestsize = MD5_DIGEST_SIZE, + .base = { + .cra_name = md5, + .cra_driver_name = mv-md5, + .cra_priority = 300, + .cra_flags = CRYPTO_ALG_ASYNC | +CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = MD5_HMAC_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct mv_cesa_hash_ctx), + .cra_init = mv_cesa_ahash_cra_init, + .cra_module = THIS_MODULE, +} + } +}; + static int mv_cesa_sha1_init(struct ahash_request *req) { struct mv_cesa_op_ctx tmpl; @@ -1013,6 +1083,74 @@ static int mv_cesa_ahmac_cra_init(struct crypto_tfm *tfm) return 0; } +static int mv_cesa_ahmac_md5_init(struct ahash_request *req) +{ + struct mv_cesa_hmac_ctx *ctx = crypto_tfm_ctx(req-base.tfm); + struct mv_cesa_op_ctx tmpl; + + mv_cesa_set_op_cfg(tmpl, CESA_SA_DESC_CFG_MACM_HMAC_MD5); + memcpy(tmpl.ctx.hash.iv,
[PATCH v3 02/16] crypto: add a new driver for Marvell's CESA
The existing mv_cesa driver supports some features of the CESA IP but is quite limited, and reworking it to support new features (like involving the TDMA engine to offload the CPU) is almost impossible. This driver has been rewritten from scratch to take those new features into account. This commit introduce the base infrastructure allowing us to add support for DMA optimization. It also includes support for one hash (SHA1) and one cipher (AES) algorithm, and enable those features on the Armada 370 SoC. Other algorithms and platforms will be added later on. Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com Signed-off-by: Arnaud Ebalard a...@natisbad.org --- drivers/crypto/Kconfig | 17 + drivers/crypto/Makefile | 1 + drivers/crypto/marvell/Makefile | 2 + drivers/crypto/marvell/cesa.c | 413 drivers/crypto/marvell/cesa.h | 567 + drivers/crypto/marvell/cipher.c | 315 ++ drivers/crypto/marvell/hash.c | 690 7 files changed, 2005 insertions(+) create mode 100644 drivers/crypto/marvell/Makefile create mode 100644 drivers/crypto/marvell/cesa.c create mode 100644 drivers/crypto/marvell/cesa.h create mode 100644 drivers/crypto/marvell/cipher.c create mode 100644 drivers/crypto/marvell/hash.c diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 033c0c8..fd4c94e 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -173,6 +173,23 @@ config CRYPTO_DEV_MV_CESA Currently the driver supports AES in ECB and CBC mode without DMA. +config CRYPTO_DEV_MARVELL_CESA + tristate New Marvell's Cryptographic Engine driver + depends on (PLAT_ORION || ARCH_MVEBU || COMPILE_TEST) HAS_DMA HAS_IOMEM + select CRYPTO_ALGAPI + select CRYPTO_AES + select CRYPTO_DES + select CRYPTO_BLKCIPHER2 + select CRYPTO_HASH + select SRAM + help + This driver allows you to utilize the Cryptographic Engines and + Security Accelerator (CESA) which can be found on the Armada 370. + + This driver is aimed at replacing the mv_cesa driver. This will only + happen once it has received proper testing and all the features + available in the mv_cesa driver are supported. + config CRYPTO_DEV_NIAGARA2 tristate Niagara2 Stream Processing Unit driver select CRYPTO_DES diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index fb84be7..e35c07a 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -9,6 +9,7 @@ obj-$(CONFIG_CRYPTO_DEV_HIFN_795X) += hifn_795x.o obj-$(CONFIG_CRYPTO_DEV_IMGTEC_HASH) += img-hash.o obj-$(CONFIG_CRYPTO_DEV_IXP4XX) += ixp4xx_crypto.o obj-$(CONFIG_CRYPTO_DEV_MV_CESA) += mv_cesa.o +obj-$(CONFIG_CRYPTO_DEV_MARVELL_CESA) += marvell/ obj-$(CONFIG_CRYPTO_DEV_MXS_DCP) += mxs-dcp.o obj-$(CONFIG_CRYPTO_DEV_NIAGARA2) += n2_crypto.o n2_crypto-y := n2_core.o n2_asm.o diff --git a/drivers/crypto/marvell/Makefile b/drivers/crypto/marvell/Makefile new file mode 100644 index 000..68d0982 --- /dev/null +++ b/drivers/crypto/marvell/Makefile @@ -0,0 +1,2 @@ +obj-$(CONFIG_CRYPTO_DEV_MARVELL_CESA) += marvell-cesa.o +marvell-cesa-objs := cesa.o cipher.o hash.o diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c new file mode 100644 index 000..d1ce440 --- /dev/null +++ b/drivers/crypto/marvell/cesa.c @@ -0,0 +1,413 @@ +/* + * Support for Marvell's Cryptographic Engine and Security Accelerator (CESA) + * that can be found on the following platform: Orion, Kirkwood, Armada. This + * driver supports the TDMA engine on platforms on which it is available. + * + * Author: Boris Brezillon boris.brezil...@free-electrons.com + * Author: Arnaud Ebalard a...@natisbad.org + * + * This work is based on an initial version written by + * Sebastian Andrzej Siewior sebastian at breakpoint dot cc + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + */ + +#include linux/delay.h +#include linux/genalloc.h +#include linux/interrupt.h +#include linux/io.h +#include linux/kthread.h +#include linux/mbus.h +#include linux/platform_device.h +#include linux/scatterlist.h +#include linux/slab.h +#include linux/module.h +#include linux/clk.h +#include linux/of.h +#include linux/of_platform.h +#include linux/of_irq.h + +#include cesa.h + +struct mv_cesa_dev *cesa_dev; + +static void mv_cesa_dequeue_req_unlocked(struct mv_cesa_engine *engine) +{ + struct crypto_async_request *req; + struct mv_cesa_ctx *ctx; + + spin_lock_bh(cesa_dev-lock); + req = crypto_dequeue_request(cesa_dev-queue); + engine-req = req; + spin_unlock_bh(cesa_dev-lock); + + if (!req) + return; + + ctx = crypto_tfm_ctx(req-tfm); +
[PATCH v3 03/16] crypto: marvell/CESA: add TDMA support
The CESA IP supports CPU offload through a dedicated DMA engine (TDMA) which can control the crypto block. When you use this mode, all the required data (operation metadata and payload data) are transferred using DMA, and the results are retrieved through DMA when possible (hash results are not retrieved through DMA yet), thus reducing the involvement of the CPU and providing better performances in most cases (for small requests, the cost of DMA preparation might exceed the performance gain). Note that some CESA IPs do not embed this dedicated DMA, hence the activation of this feature on a per platform basis. Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com Signed-off-by: Arnaud Ebalard a...@natisbad.org --- drivers/crypto/Kconfig | 1 + drivers/crypto/marvell/Makefile | 2 +- drivers/crypto/marvell/cesa.c | 68 +++ drivers/crypto/marvell/cesa.h | 229 ++ drivers/crypto/marvell/cipher.c | 167 +++- drivers/crypto/marvell/hash.c | 412 +++- drivers/crypto/marvell/tdma.c | 224 ++ 7 files changed, 1087 insertions(+), 16 deletions(-) create mode 100644 drivers/crypto/marvell/tdma.c diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index fd4c94e..c07ce2b 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -185,6 +185,7 @@ config CRYPTO_DEV_MARVELL_CESA help This driver allows you to utilize the Cryptographic Engines and Security Accelerator (CESA) which can be found on the Armada 370. + This driver supports CPU offload through DMA transfers. This driver is aimed at replacing the mv_cesa driver. This will only happen once it has received proper testing and all the features diff --git a/drivers/crypto/marvell/Makefile b/drivers/crypto/marvell/Makefile index 68d0982..0c12b13 100644 --- a/drivers/crypto/marvell/Makefile +++ b/drivers/crypto/marvell/Makefile @@ -1,2 +1,2 @@ obj-$(CONFIG_CRYPTO_DEV_MARVELL_CESA) += marvell-cesa.o -marvell-cesa-objs := cesa.o cipher.o hash.o +marvell-cesa-objs := cesa.o cipher.o hash.o tdma.o diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c index d1ce440..1aef750 100644 --- a/drivers/crypto/marvell/cesa.c +++ b/drivers/crypto/marvell/cesa.c @@ -180,6 +180,7 @@ static const struct mv_cesa_caps armada_370_caps = { .ncipher_algs = ARRAY_SIZE(armada_370_cipher_algs), .ahash_algs = armada_370_ahash_algs, .nahash_algs = ARRAY_SIZE(armada_370_ahash_algs), + .has_tdma = true, }; static const struct of_device_id mv_cesa_of_match_table[] = { @@ -188,6 +189,66 @@ static const struct of_device_id mv_cesa_of_match_table[] = { }; MODULE_DEVICE_TABLE(of, mv_cesa_of_match_table); +static void +mv_cesa_conf_mbus_windows(struct mv_cesa_engine *engine, + const struct mbus_dram_target_info *dram) +{ + void __iomem *iobase = engine-regs; + int i; + + for (i = 0; i 4; i++) { + writel(0, iobase + CESA_TDMA_WINDOW_CTRL(i)); + writel(0, iobase + CESA_TDMA_WINDOW_BASE(i)); + } + + for (i = 0; i dram-num_cs; i++) { + const struct mbus_dram_window *cs = dram-cs + i; + + writel(((cs-size - 1) 0x) | + (cs-mbus_attr 8) | + (dram-mbus_dram_target_id 4) | 1, + iobase + CESA_TDMA_WINDOW_CTRL(i)); + writel(cs-base, iobase + CESA_TDMA_WINDOW_BASE(i)); + } +} + +static int mv_cesa_dev_dma_init(struct mv_cesa_dev *cesa) +{ + struct device *dev = cesa-dev; + struct mv_cesa_dev_dma *dma; + + if (!cesa-caps-has_tdma) + return 0; + + dma = devm_kzalloc(dev, sizeof(*dma), GFP_KERNEL); + if (!dma) + return -ENOMEM; + + dma-tdma_desc_pool = dmam_pool_create(tdma_desc, dev, + sizeof(struct mv_cesa_tdma_desc), + 16, 0); + if (!dma-tdma_desc_pool) + return -ENOMEM; + + dma-op_pool = dmam_pool_create(cesa_op, dev, + sizeof(struct mv_cesa_op_ctx), 16, 0); + if (!dma-op_pool) + return -ENOMEM; + + dma-cache_pool = dmam_pool_create(cesa_cache, dev, + CESA_MAX_HASH_BLOCK_SIZE, 1, 0); + if (!dma-cache_pool) + return -ENOMEM; + + dma-padding_pool = dmam_pool_create(cesa_padding, dev, 72, 1, 0); + if (!dma-cache_pool) + return -ENOMEM; + + cesa-dma = dma; + + return 0; +} + static int mv_cesa_get_sram(struct platform_device *pdev, int idx) { struct mv_cesa_dev *cesa = platform_get_drvdata(pdev); @@ -295,6 +356,10 @@ static int mv_cesa_probe(struct platform_device *pdev) if (IS_ERR(cesa-regs))
[PATCH v3 01/16] crypto: mv_cesa: request registers memory region
The mv_cesa driver does not request the CESA registers memory region. Since we're about to add a new CESA driver, we need to make sure only one of these drivers probe the CESA device, and requesting the registers memory region is a good way to achieve that. Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- drivers/crypto/mv_cesa.c | 13 + 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c index f91f15d..27b2373 100644 --- a/drivers/crypto/mv_cesa.c +++ b/drivers/crypto/mv_cesa.c @@ -1041,23 +1041,23 @@ static int mv_probe(struct platform_device *pdev) spin_lock_init(cp-lock); crypto_init_queue(cp-queue, 50); - cp-reg = ioremap(res-start, resource_size(res)); - if (!cp-reg) { - ret = -ENOMEM; + cp-reg = devm_ioremap_resource(pdev-dev, res); + if (IS_ERR(cp-reg)) { + ret = PTR_ERR(cp-reg); goto err; } res = platform_get_resource_byname(pdev, IORESOURCE_MEM, sram); if (!res) { ret = -ENXIO; - goto err_unmap_reg; + goto err; } cp-sram_size = resource_size(res); cp-max_req_size = cp-sram_size - SRAM_CFG_SPACE; cp-sram = ioremap(res-start, cp-sram_size); if (!cp-sram) { ret = -ENOMEM; - goto err_unmap_reg; + goto err; } if (pdev-dev.of_node) @@ -1136,8 +1136,6 @@ err_thread: kthread_stop(cp-queue_th); err_unmap_sram: iounmap(cp-sram); -err_unmap_reg: - iounmap(cp-reg); err: kfree(cp); cpg = NULL; @@ -1158,7 +1156,6 @@ static int mv_remove(struct platform_device *pdev) free_irq(cp-irq, cp); memset(cp-sram, 0, cp-sram_size); iounmap(cp-sram); - iounmap(cp-reg); if (!IS_ERR(cp-clk)) { clk_disable_unprepare(cp-clk); -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 0/2] crypto: add a new driver for Marvell's CESA
Hello, This patch series adds a new driver supporting Marvell's CESA IP. This driver addresses some limitations of the existing one. From a performance and CPU load point of view the most important limitation in the existing driver is the lack of DMA support, thus preventing us from chaining crypto operations. I know we usually try to adapt existing drivers instead of replacing them by new ones, but after trying to refactor the mv_cesa driver I realized it would take longer than writing an new one from scratch. Here are the main features brought by this new driver: - support for armada SoCs (up to 38x) while keeping support for older ones (Orion and Kirkwood). Note that old DT bindings (those used on Orion and Kirkwood platforms) are supported, or IOTW, old DTs are compatible with this new driver. - DMA mode to offload the CPU in case of intensive crypto usage - new algorithms: SHA256, DES and 3DES In addition to this driver comes a bunch of DT updates adding crypto device nodes to several Marvell SoCs (those are only the tested ones, others might be added later). I'd like to thank Arnaud, who has carefully reviewed several iterations of this driver, helped me improved my implementation, provided support for several crypto algorithms, provided support for armada-370 and tested the driver on different platforms, hence the SoB and dual MODULE_AUTHOR in the driver code. Best Regards, Boris Changes since v2: - fixes in the cipher code (-dst_nents was assigned the -src_nents value and CBC state was overwritten by the IV after each chunk operation) - spit the code as suggested by Sebastian Changes since v1: - (suggested by Jason) kept the existing CESA driver and added a mechanism to prevent the new driver from probing devices handled my the existing one (Orion and Kirkwood platforms) - (reported by Paul) addressed a few Kconfig and module definition issues - (suggested by Andrew) added DT changes to the series Arnaud Ebalard (6): crypto: marvell/CESA: add Triple-DES support crypto: marvell/CESA: add MD5 support crypto: marvell/CESA: add SHA256 support crypto: marvell/CESA: add support for Kirkwood SoCs ARM: marvell/dt: add crypto node to armada 370 dtsi ARM: marvell/dt: add crypto node to kirkwood dtsi Boris Brezillon (10): crypto: mv_cesa: request registers memory region crypto: add a new driver for Marvell's CESA crypto: marvell/CESA: add TDMA support crypto: marvell/CESA: add DES support crypto: marvell/CESA: add support for all armada SoCs crypto: marvell/CESA: add allhwsupport module parameter crypto: marvell/CESA: add support for Orion SoCs crypto: marvell/CESA: update DT bindings documentation ARM: marvell/dt: add crypto node to armada-xp.dtsi ARM: marvell/dt: enable crypto on armada-xp-gp .../devicetree/bindings/crypto/marvell-cesa.txt| 46 + arch/arm/boot/dts/armada-370.dtsi | 20 + arch/arm/boot/dts/armada-xp-gp.dts |4 +- arch/arm/boot/dts/armada-xp.dtsi | 31 + arch/arm/boot/dts/kirkwood.dtsi|2 +- drivers/crypto/Kconfig | 18 + drivers/crypto/Makefile|1 + drivers/crypto/marvell/Makefile|2 + drivers/crypto/marvell/cesa.c | 543 drivers/crypto/marvell/cesa.h | 804 drivers/crypto/marvell/cipher.c| 769 +++ drivers/crypto/marvell/hash.c | 1349 drivers/crypto/marvell/tdma.c | 224 drivers/crypto/mv_cesa.c | 13 +- 14 files changed, 3816 insertions(+), 10 deletions(-) create mode 100644 Documentation/devicetree/bindings/crypto/marvell-cesa.txt create mode 100644 drivers/crypto/marvell/Makefile create mode 100644 drivers/crypto/marvell/cesa.c create mode 100644 drivers/crypto/marvell/cesa.h create mode 100644 drivers/crypto/marvell/cipher.c create mode 100644 drivers/crypto/marvell/hash.c create mode 100644 drivers/crypto/marvell/tdma.c -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 05/16] crypto: marvell/CESA: add Triple-DES support
From: Arnaud Ebalard a...@natisbad.org Add support for Triple-DES operations. Signed-off-by: Arnaud Ebalard a...@natisbad.org Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- drivers/crypto/marvell/cesa.c | 2 + drivers/crypto/marvell/cesa.h | 2 + drivers/crypto/marvell/cipher.c | 147 3 files changed, 151 insertions(+) diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c index 3e9aca5..b1f7d38 100644 --- a/drivers/crypto/marvell/cesa.c +++ b/drivers/crypto/marvell/cesa.c @@ -167,6 +167,8 @@ static void mv_cesa_remove_algs(struct mv_cesa_dev *cesa) static struct crypto_alg *armada_370_cipher_algs[] = { mv_cesa_ecb_des_alg, mv_cesa_cbc_des_alg, + mv_cesa_ecb_des3_ede_alg, + mv_cesa_cbc_des3_ede_alg, mv_cesa_ecb_aes_alg, mv_cesa_cbc_aes_alg, }; diff --git a/drivers/crypto/marvell/cesa.h b/drivers/crypto/marvell/cesa.h index 5d91da3..d886280 100644 --- a/drivers/crypto/marvell/cesa.h +++ b/drivers/crypto/marvell/cesa.h @@ -792,6 +792,8 @@ extern struct ahash_alg mv_ahmac_sha1_alg; extern struct crypto_alg mv_cesa_ecb_des_alg; extern struct crypto_alg mv_cesa_cbc_des_alg; +extern struct crypto_alg mv_cesa_ecb_des3_ede_alg; +extern struct crypto_alg mv_cesa_cbc_des3_ede_alg; extern struct crypto_alg mv_cesa_ecb_aes_alg; extern struct crypto_alg mv_cesa_cbc_aes_alg; diff --git a/drivers/crypto/marvell/cipher.c b/drivers/crypto/marvell/cipher.c index 0169fd7..8378c87 100644 --- a/drivers/crypto/marvell/cipher.c +++ b/drivers/crypto/marvell/cipher.c @@ -22,6 +22,11 @@ struct mv_cesa_des_ctx { u8 key[DES_KEY_SIZE]; }; +struct mv_cesa_des3_ctx { + struct mv_cesa_ctx base; + u8 key[DES3_EDE_KEY_SIZE]; +}; + struct mv_cesa_aes_ctx { struct mv_cesa_ctx base; struct crypto_aes_ctx aes; @@ -253,6 +258,22 @@ static int mv_cesa_des_setkey(struct crypto_ablkcipher *cipher, const u8 *key, return 0; } +static int mv_cesa_des3_ede_setkey(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int len) +{ + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); + struct mv_cesa_des_ctx *ctx = crypto_tfm_ctx(tfm); + + if (len != DES3_EDE_KEY_SIZE) { + crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + + memcpy(ctx-key, key, DES3_EDE_KEY_SIZE); + + return 0; +} + static int mv_cesa_ablkcipher_dma_req_init(struct ablkcipher_request *req, const struct mv_cesa_op_ctx *op_templ) { @@ -486,6 +507,132 @@ struct crypto_alg mv_cesa_cbc_des_alg = { }, }; +static int mv_cesa_des3_op(struct ablkcipher_request *req, + struct mv_cesa_op_ctx *tmpl) +{ + struct mv_cesa_des3_ctx *ctx = crypto_tfm_ctx(req-base.tfm); + int ret; + + mv_cesa_update_op_cfg(tmpl, CESA_SA_DESC_CFG_CRYPTM_3DES, + CESA_SA_DESC_CFG_CRYPTM_MSK); + + memcpy(tmpl-ctx.blkcipher.key, ctx-key, DES3_EDE_KEY_SIZE); + + ret = mv_cesa_ablkcipher_req_init(req, tmpl); + if (ret) + return ret; + + ret = mv_cesa_queue_req(req-base); + if (ret ret != -EINPROGRESS) + mv_cesa_ablkcipher_cleanup(req); + + return ret; +} + +static int mv_cesa_ecb_des3_ede_encrypt(struct ablkcipher_request *req) +{ + struct mv_cesa_op_ctx tmpl; + + mv_cesa_set_op_cfg(tmpl, + CESA_SA_DESC_CFG_CRYPTCM_ECB | + CESA_SA_DESC_CFG_3DES_EDE | + CESA_SA_DESC_CFG_DIR_ENC); + + return mv_cesa_des3_op(req, tmpl); +} + +static int mv_cesa_ecb_des3_ede_decrypt(struct ablkcipher_request *req) +{ + struct mv_cesa_op_ctx tmpl; + + mv_cesa_set_op_cfg(tmpl, + CESA_SA_DESC_CFG_CRYPTCM_ECB | + CESA_SA_DESC_CFG_3DES_EDE | + CESA_SA_DESC_CFG_DIR_DEC); + + return mv_cesa_des3_op(req, tmpl); +} + +struct crypto_alg mv_cesa_ecb_des3_ede_alg = { + .cra_name = ecb(des3_ede), + .cra_driver_name = mv-ecb-des3-ede, + .cra_priority = 300, + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | +CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC, + .cra_blocksize = DES3_EDE_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct mv_cesa_des3_ctx), + .cra_alignmask = 0, + .cra_type = crypto_ablkcipher_type, + .cra_module = THIS_MODULE, + .cra_init = mv_cesa_ablkcipher_cra_init, + .cra_u = { + .ablkcipher = { + .min_keysize = DES3_EDE_KEY_SIZE, + .max_keysize = DES3_EDE_KEY_SIZE, + .ivsize = DES3_EDE_BLOCK_SIZE, + .setkey = mv_cesa_des3_ede_setkey, + .encrypt =
[PATCH v3 09/16] crypto: marvell/CESA: add allhwsupport module parameter
The old and new marvell CESA drivers both support Orion and Kirkwood SoCs. Add a module parameter to choose whether these SoCs should be attached to the new or the old driver. The default policy is to keep attaching those IPs to the old driver if it is enabled, until we decide the new CESA driver is stable/secure enough. Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- drivers/crypto/marvell/cesa.c | 4 1 file changed, 4 insertions(+) diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c index dcfaacd..f763981 100644 --- a/drivers/crypto/marvell/cesa.c +++ b/drivers/crypto/marvell/cesa.c @@ -31,6 +31,10 @@ #include cesa.h +static int allhwsupport = !IS_ENABLED(CONFIG_CRYPTO_DEV_MV_CESA); +module_param_named(allhwsupport, allhwsupport, int, 0444); +MODULE_PARM_DESC(allhwsupport, Enable support for all hardware (even it if overlaps with the mv_cesa driver)); + struct mv_cesa_dev *cesa_dev; static void mv_cesa_dequeue_req_unlocked(struct mv_cesa_engine *engine) -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 08/16] crypto: marvell/CESA: add support for all armada SoCs
Add CESA IP description for all the missing armada SoCs (XP, 375 and 38x). Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- drivers/crypto/marvell/cesa.c | 12 1 file changed, 12 insertions(+) diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c index 55fa6e8..dcfaacd 100644 --- a/drivers/crypto/marvell/cesa.c +++ b/drivers/crypto/marvell/cesa.c @@ -191,8 +191,20 @@ static const struct mv_cesa_caps armada_370_caps = { .has_tdma = true, }; +static const struct mv_cesa_caps armada_xp_caps = { + .nengines = 2, + .cipher_algs = armada_370_cipher_algs, + .ncipher_algs = ARRAY_SIZE(armada_370_cipher_algs), + .ahash_algs = armada_370_ahash_algs, + .nahash_algs = ARRAY_SIZE(armada_370_ahash_algs), + .has_tdma = true, +}; + static const struct of_device_id mv_cesa_of_match_table[] = { { .compatible = marvell,armada-370-crypto, .data = armada_370_caps }, + { .compatible = marvell,armada-xp-crypto, .data = armada_xp_caps }, + { .compatible = marvell,armada-375-crypto, .data = armada_xp_caps }, + { .compatible = marvell,armada-38x-crypto, .data = armada_xp_caps }, {} }; MODULE_DEVICE_TABLE(of, mv_cesa_of_match_table); -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 13/16] ARM: marvell/dt: add crypto node to armada-xp.dtsi
Add crypto related nodes to armada-xp.dtsi. Signed-off-by: Boris Brezillon boris.brezil...@free-electrons.com --- arch/arm/boot/dts/armada-xp.dtsi | 31 +++ 1 file changed, 31 insertions(+) diff --git a/arch/arm/boot/dts/armada-xp.dtsi b/arch/arm/boot/dts/armada-xp.dtsi index 013d63f..a12a81f 100644 --- a/arch/arm/boot/dts/armada-xp.dtsi +++ b/arch/arm/boot/dts/armada-xp.dtsi @@ -220,6 +220,19 @@ }; }; + crypto@9 { + compatible = marvell,armada-xp-crypto; + reg = 0x9 0x1; + reg-names = regs; + interrupts = 48, 49; + clocks = gateclk 23, gateclk 23; + clock-names = cesa0, cesa1; + marvell,crypto-srams = crypto_sram0, + crypto_sram1; + marvell,crypto-sram-size = 0x600; + status = okay; + }; + xor@f0900 { compatible = marvell,orion-xor; reg = 0xF0900 0x100 @@ -240,6 +253,24 @@ }; }; }; + + crypto_sram0: sa-sram0 { + compatible = mmio-sram; + reg = MBUS_ID(0x09, 0x09) 0 0x800; + #address-cells = 1; + #size-cells = 1; + ranges = 0 MBUS_ID(0x09, 0x09) 0 0x800; + status = okay; + }; + + crypto_sram1: sa-sram1 { + compatible = mmio-sram; + reg = MBUS_ID(0x09, 0x05) 0 0x800; + #address-cells = 1; + #size-cells = 1; + ranges = 0 MBUS_ID(0x09, 0x05) 0 0x800; + status = okay; + }; }; clocks { -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v3 0/2] crypto: add a new driver for Marvell's CESA
+ Jason Gunthorpe, he may be interested in this. On Fri, May 22, 2015 at 03:33:46PM +0200, Boris Brezillon wrote: Hello, This patch series adds a new driver supporting Marvell's CESA IP. This driver addresses some limitations of the existing one. From a performance and CPU load point of view the most important limitation in the existing driver is the lack of DMA support, thus preventing us from chaining crypto operations. I know we usually try to adapt existing drivers instead of replacing them by new ones, but after trying to refactor the mv_cesa driver I realized it would take longer than writing an new one from scratch. Here are the main features brought by this new driver: - support for armada SoCs (up to 38x) while keeping support for older ones (Orion and Kirkwood). Note that old DT bindings (those used on Orion and Kirkwood platforms) are supported, or IOTW, old DTs are compatible with this new driver. - DMA mode to offload the CPU in case of intensive crypto usage - new algorithms: SHA256, DES and 3DES In addition to this driver comes a bunch of DT updates adding crypto device nodes to several Marvell SoCs (those are only the tested ones, others might be added later). I'd like to thank Arnaud, who has carefully reviewed several iterations of this driver, helped me improved my implementation, provided support for several crypto algorithms, provided support for armada-370 and tested the driver on different platforms, hence the SoB and dual MODULE_AUTHOR in the driver code. Best Regards, Boris Changes since v2: - fixes in the cipher code (-dst_nents was assigned the -src_nents value and CBC state was overwritten by the IV after each chunk operation) - spit the code as suggested by Sebastian Changes since v1: - (suggested by Jason) kept the existing CESA driver and added a mechanism to prevent the new driver from probing devices handled my the existing one (Orion and Kirkwood platforms) - (reported by Paul) addressed a few Kconfig and module definition issues - (suggested by Andrew) added DT changes to the series Arnaud Ebalard (6): crypto: marvell/CESA: add Triple-DES support crypto: marvell/CESA: add MD5 support crypto: marvell/CESA: add SHA256 support crypto: marvell/CESA: add support for Kirkwood SoCs ARM: marvell/dt: add crypto node to armada 370 dtsi ARM: marvell/dt: add crypto node to kirkwood dtsi Boris Brezillon (10): crypto: mv_cesa: request registers memory region crypto: add a new driver for Marvell's CESA crypto: marvell/CESA: add TDMA support crypto: marvell/CESA: add DES support crypto: marvell/CESA: add support for all armada SoCs crypto: marvell/CESA: add allhwsupport module parameter crypto: marvell/CESA: add support for Orion SoCs crypto: marvell/CESA: update DT bindings documentation ARM: marvell/dt: add crypto node to armada-xp.dtsi ARM: marvell/dt: enable crypto on armada-xp-gp .../devicetree/bindings/crypto/marvell-cesa.txt| 46 + arch/arm/boot/dts/armada-370.dtsi | 20 + arch/arm/boot/dts/armada-xp-gp.dts |4 +- arch/arm/boot/dts/armada-xp.dtsi | 31 + arch/arm/boot/dts/kirkwood.dtsi|2 +- drivers/crypto/Kconfig | 18 + drivers/crypto/Makefile|1 + drivers/crypto/marvell/Makefile|2 + drivers/crypto/marvell/cesa.c | 543 drivers/crypto/marvell/cesa.h | 804 drivers/crypto/marvell/cipher.c| 769 +++ drivers/crypto/marvell/hash.c | 1349 drivers/crypto/marvell/tdma.c | 224 drivers/crypto/mv_cesa.c | 13 +- 14 files changed, 3816 insertions(+), 10 deletions(-) create mode 100644 Documentation/devicetree/bindings/crypto/marvell-cesa.txt create mode 100644 drivers/crypto/marvell/Makefile create mode 100644 drivers/crypto/marvell/cesa.c create mode 100644 drivers/crypto/marvell/cesa.h create mode 100644 drivers/crypto/marvell/cipher.c create mode 100644 drivers/crypto/marvell/hash.c create mode 100644 drivers/crypto/marvell/tdma.c -- 1.9.1 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC v2 1/2] crypto: add PKE API
On 05/10/2015 11:32 PM, Herbert Xu wrote: On Wed, May 06, 2015 at 12:36:48PM -0700, Tadeusz Struk wrote: +const struct public_key_signature *signature; Doing this means that you aren't adding it to the crypto API properly. You need to start from scratch and design a proper interface and not just wrap some existing opaque data strcture. Cheers, Hi Herbert, Thanks for your feedback. How about this: /** * struct akcipher_request - public key request * * @base: Common attributes for async crypto requests * @inparams: scatterlist of input parameters (one ent per parameter) * for the operation as defined in RFC. * For instance for rsa encrypt only one input param is required, * (i.e. 'm' - message) as specified in RFC3447 sec 5.1.1 * (Note: the key belongs to the tfm) * @outparams: scatterlist of output parameters (one ent per parameter) * for the operation as defined in RFC. * For instance for rsa encrypt only one output param will be * produced (i.e. 'c' - cipher text) as specified in * RFC3447 sec 5.1.1 * * @__ctx: Start of private context data */ struct akcipher_request { struct crypto_async_request base; struct scatterlist *inparams; struct scatterlist *outparams; void *__ctx[] CRYPTO_MINALIGN_ATTR; }; /** * struct akcipher_alg - generic public key algorithm * * @sign: Function performs a sign operation as defined by public key * algorithm * @verify: Function performs a sign operation as defined by public key * algorithm * @encrypt:Function performs an encrypt operation as defined by public key * algorithm * @decrypt:Function performs a decrypt operation as defined by public key * algorithm * @reqsize:Request context size required by algorithm implementation * * @base: Common crypto API algorithm data structure */ struct akcipher_alg { int (*sign)(struct akcipher_request *req); int (*verify)(struct akcipher_request *req); int (*encrypt)(struct akcipher_request *req); int (*decrypt)(struct akcipher_request *req); unsigned int reqsize; struct crypto_alg base; }; /** * struct crypto_akcipher - user-instantiated objects which encapsulate * algorithms and core processing logic * * @base: Common crypto API algorithm data structure * @pkey: Key representation. Note: this can be both public or private * key, depending on the operation. * @__ctx: Start of private context data */ struct crypto_akcipher { struct crypto_tfm base; const struct public_key *pkey; void *__ctx[] CRYPTO_MINALIGN_ATTR; }; -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html