RE: [RFC crypto v3 8/9] chtls: Register the ULP
@Dave Watson, Did you get chance to look at my response? What I was referring is that passing "tls" ulp type in setsockopt may be insufficient to make the decision when multi HW assist Inline TLS solution exists. Some HW may go beyond defining sendmsg/sendpage of the prot and require additional info to setup the env? Also, we need to keep vendor specific code out of tls_main.c i.e anything other than base/sw_tx prot perhaps go to hw driver. Sabrina echoed similar concern early last week, can we discuss or have thoughts how to address this? Thanks Atul -Original Message- From: Atul Gupta Sent: Sunday, January 28, 2018 11:26 AM To: 'Dave Watson'Cc: herb...@gondor.apana.org.au; linux-crypto@vger.kernel.org; ganes...@chelsio.co; net...@vger.kernel.org; da...@davemloft.net; Boris Pismenny ; Ilya Lesokhin Subject: RE: [RFC crypto v3 8/9] chtls: Register the ULP -Original Message- From: Dave Watson [mailto:davejwat...@fb.com] Sent: Friday, January 26, 2018 2:39 AM To: Atul Gupta Cc: herb...@gondor.apana.org.au; linux-crypto@vger.kernel.org; ganes...@chelsio.co; net...@vger.kernel.org; da...@davemloft.net; Boris Pismenny ; Ilya Lesokhin Subject: Re: [RFC crypto v3 8/9] chtls: Register the ULP <1513769897-26945-1-git-send-email-atul.gu...@chelsio.com> On 12/20/17 05:08 PM, Atul Gupta wrote: > +static void __init chtls_init_ulp_ops(void) { > + chtls_base_prot = tcp_prot; > + chtls_base_prot.hash= chtls_hash; > + chtls_base_prot.unhash = chtls_unhash; > + chtls_base_prot.close = chtls_lsk_close; > + > + chtls_cpl_prot = chtls_base_prot; > + chtls_init_rsk_ops(_cpl_prot, _rsk_ops, > +_prot, PF_INET); > + chtls_cpl_prot.close= chtls_close; > + chtls_cpl_prot.disconnect = chtls_disconnect; > + chtls_cpl_prot.destroy = chtls_destroy_sock; > + chtls_cpl_prot.shutdown = chtls_shutdown; > + chtls_cpl_prot.sendmsg = chtls_sendmsg; > + chtls_cpl_prot.recvmsg = chtls_recvmsg; > + chtls_cpl_prot.sendpage = chtls_sendpage; > + chtls_cpl_prot.setsockopt = chtls_setsockopt; > + chtls_cpl_prot.getsockopt = chtls_getsockopt; > +} Much of this file should go in tls_main.c, reusing as much as possible. For example it doesn't look like the get/set sockopts have changed at all for chtls. Agree, should common code and anything other than TLS_BASE_TX/TLS_SW_TX prot should go in vendor specific file/driver. Since, prot require redefinition for hardware the code is kept in chtls_main.c > + > +static int __init chtls_register(void) { > + chtls_init_ulp_ops(); > + register_listen_notifier(_notifier); > + cxgb4_register_uld(CXGB4_ULD_TLS, _uld_info); > + tcp_register_ulp(_chtls_ulp_ops); > + return 0; > +} > + > +static void __exit chtls_unregister(void) { > + unregister_listen_notifier(_notifier); > + tcp_unregister_ulp(_chtls_ulp_ops); > + chtls_free_all_uld(); > + cxgb4_unregister_uld(CXGB4_ULD_TLS); > +} The idea with ULP is that there is one ULP hook per protocol, not per driver. One thought is that apps/lib calling setsockopt pass the required ulp type [tls or chtls or xtls], this enables any HW assist to define base_prot as required and keep common code [tls_main] independent of underlying HW. If we are to have single TLS ULP hook [good from user point] then need a way to determine which Inline tls hw is used? System with multiple Inline TLS capable hw and differing functionality would require checks in tls_main to exercise that specific functionality/callback?
Re: [PATCH] crypto: sha1-mb - remove HASH_FIRST flag
>> >> I suppose this will be okay as we are really doing the initialization in >> sha1_mb_init. Megha is now maintaining this code. Copying her >> so she can do some verification of this change. >> > > Please update the MAINTAINERS file so that people know who to Cc on patches. > > Eric > Herbert, Can you pull in the patch below to update MAINTAINERS for sha multibuffer? Tim >From 884095fccd36d2de8c6edfe6f4d60ab4a1b9339b Mon Sep 17 00:00:00 2001 From: Tim ChenDate: Mon, 29 Jan 2018 09:22:41 -0800 Subject: [PATCH] x86/crypto: Designate maintainer for SHA-1/256/512 multibuffer driver Even though I created the original implementation of SHA1 multibuffer driver, Megha extended it to SHA256 and SHA512 and she is now maintaining the code for SHA1/SHA256/SHA512 multi-buffer driver. Add the entry in the MAINTAINERS file so any update patch can find its way properly to Megha. Signed-off-by: Tim Chen --- MAINTAINERS | 8 1 file changed, 8 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 2811a21..2085171 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -7064,6 +7064,14 @@ L: linux-r...@vger.kernel.org S: Supported F: drivers/infiniband/hw/i40iw/ +INTEL SHA MULTIBUFFER DRIVER +M: Megha Dey +R: Tim Chen +L: linux-crypto@vger.kernel.org +S: Supported +F: arch/x86/crypto/sha*-mb +F: crypto/mcryptd.c + INTEL TELEMETRY DRIVER M: Souvik Kumar Chakravarty L: platform-driver-...@vger.kernel.org -- 2.7.4
Re: [PATCH v2] tpm: Move Linux RNG connection to hwrng
On Sat, Jan 27, 2018 at 12:20:18PM +0530, PrasannaKumar Muralidharan wrote: > Hi Jarkko, > > On 17 November 2017 at 19:27, Jarkko Sakkinen >wrote: > > On Fri, Nov 17, 2017 at 03:28:53PM +0200, Jarkko Sakkinen wrote: > > > > At least signed-off-by from PrassanaKumar is missing from the 2nd > > commit. I'll add it. > > I had the impression that my signed-off-by will be present in this > change. But it is missing in [1]. Is it supposed to be that way? > > 1. > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=6e592a065d51d26f9d62b8b7501a5114076af8b4 > > Thanks, > PrasannaKumar Yes, it would be senseful. James, would it still be possible to amend this tag to security tree? /Jarkko
[PATCH 1/5] hwrng: stm32 - add reset during probe
Avoid issue when probing the RNG without reset if bad status has been detected previously Signed-off-by: Lionel Debieve--- drivers/char/hw_random/stm32-rng.c | 9 + 1 file changed, 9 insertions(+) diff --git a/drivers/char/hw_random/stm32-rng.c b/drivers/char/hw_random/stm32-rng.c index 63d84e6f1891..83c695938a2d 100644 --- a/drivers/char/hw_random/stm32-rng.c +++ b/drivers/char/hw_random/stm32-rng.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #define RNG_CR 0x00 @@ -46,6 +47,7 @@ struct stm32_rng_private { struct hwrng rng; void __iomem *base; struct clk *clk; + struct reset_control *rst; }; static int stm32_rng_read(struct hwrng *rng, void *data, size_t max, bool wait) @@ -140,6 +142,13 @@ static int stm32_rng_probe(struct platform_device *ofdev) if (IS_ERR(priv->clk)) return PTR_ERR(priv->clk); + priv->rst = devm_reset_control_get(>dev, NULL); + if (!IS_ERR(priv->rst)) { + reset_control_assert(priv->rst); + udelay(2); + reset_control_deassert(priv->rst); + } + dev_set_drvdata(dev, priv); priv->rng.name = dev_driver_string(dev), -- 2.15.1
[PATCH 4/5] dt-bindings: rng: add clock detection error for stm32
Add optional property to enable the clock detection error on rng block. It is used to allow slow clock source which give correct entropy for rng. Signed-off-by: Lionel Debieve--- Documentation/devicetree/bindings/rng/st,stm32-rng.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt index cb7ca78135ff..1dfa7d51e006 100644 --- a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt +++ b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt @@ -13,6 +13,7 @@ Required properties: Optional properties: - resets : The reset to properly start RNG +- clock-error-detect : Enable the clock detection management Example: -- 2.15.1
[PATCH 0/5] hwrng: stm32 - Improvement for stm32-rng
This set of patches add extended functionalities for stm32 rng driver. Patch #1 includes a reset during probe to avoid any error status which can occur during bootup process and keep safe rng integrity. Patch #3 adds a new property to manage the clock error detection feature which can be disabled on specific target. Patch #5 rework the timeout calculation for read value that was previously defined based on loop operation and is now based on timer. Lionel Debieve (5): hwrng: stm32 - add reset during probe dt-bindings: rng: add reset node for stm32 hwrng: stm32 - allow disable clock error detection dt-bindings: rng: add clock detection error for stm32 hwrng: stm32 - rework read timeout calculation .../devicetree/bindings/rng/st,stm32-rng.txt | 4 ++ drivers/char/hw_random/stm32-rng.c | 44 ++ 2 files changed, 32 insertions(+), 16 deletions(-) -- 2.15.1
[PATCH 2/5] dt-bindings: rng: add reset node for stm32
Adding optional resets property for rng. Signed-off-by: Lionel Debieve--- Documentation/devicetree/bindings/rng/st,stm32-rng.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt index 47f04176f93b..cb7ca78135ff 100644 --- a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt +++ b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt @@ -11,6 +11,9 @@ Required properties: - interrupts : The designated IRQ line for the RNG - clocks : The clock needed to enable the RNG +Optional properties: +- resets : The reset to properly start RNG + Example: rng: rng@50060800 { -- 2.15.1
[PATCH 3/5] hwrng: stm32 - allow disable clock error detection
Add a new property that allow to disable the clock error detection which is required when the clock source selected is out of specification (which is not mandatory). Signed-off-by: Lionel Debieve--- drivers/char/hw_random/stm32-rng.c | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/char/hw_random/stm32-rng.c b/drivers/char/hw_random/stm32-rng.c index 83c695938a2d..709a8d061be3 100644 --- a/drivers/char/hw_random/stm32-rng.c +++ b/drivers/char/hw_random/stm32-rng.c @@ -26,6 +26,7 @@ #define RNG_CR 0x00 #define RNG_CR_RNGEN BIT(2) +#define RNG_CR_CED BIT(5) #define RNG_SR 0x04 #define RNG_SR_SEIS BIT(6) @@ -48,6 +49,7 @@ struct stm32_rng_private { void __iomem *base; struct clk *clk; struct reset_control *rst; + bool ced; }; static int stm32_rng_read(struct hwrng *rng, void *data, size_t max, bool wait) @@ -101,7 +103,11 @@ static int stm32_rng_init(struct hwrng *rng) if (err) return err; - writel_relaxed(RNG_CR_RNGEN, priv->base + RNG_CR); + if (priv->ced) + writel_relaxed(RNG_CR_RNGEN, priv->base + RNG_CR); + else + writel_relaxed(RNG_CR_RNGEN | RNG_CR_CED, + priv->base + RNG_CR); /* clear error indicators */ writel_relaxed(0, priv->base + RNG_SR); @@ -149,6 +155,8 @@ static int stm32_rng_probe(struct platform_device *ofdev) reset_control_deassert(priv->rst); } + priv->ced = of_property_read_bool(np, "clock-error-detect"); + dev_set_drvdata(dev, priv); priv->rng.name = dev_driver_string(dev), -- 2.15.1
Crypto Update for 4.16
Hi Linus: Here is the crypto update for 4.16: API: - Enforce the setting of keys for keyed aead/hash/skcipher algorithms. - Add multibuf speed tests in tcrypt. Algorithms: - Improve performance of sha3-generic. - Add native sha512 support on arm64. - Add v8.2 Crypto Extentions version of sha3/sm3 on arm64. - Avoid hmac nesting by requiring underlying algorithm to be unkeyed. - Add cryptd_max_cpu_qlen module parameter to cryptd. Drivers: - Add support for EIP97 engine in inside-secure. - Add inline IPsec support to chelsio. - Add RevB core support to crypto4xx. - Fix AEAD ICV check in crypto4xx. - Add stm32 crypto driver. - Add support for BCM63xx platforms in bcm2835 and remove bcm63xx. - Add Derived Key Protocol (DKP) support in caam. - Add Samsung Exynos True RNG driver. - Add support for Exynos5250+ SoCs in exynos PRNG driver. Please note that there will be a conflict with the net tree due updates to the same header file in the chelsio driver. Please pull from git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git linus Alexey Khoroshilov (1): crypto: picoxcell - Fix error handling in spacc_probe() Antoine Tenart (1): Documentation/bindings: crypto: document the SafeXcel EIP97 compatible Antoine Ténart (14): crypto: inside-secure - remove extra empty line crypto: inside-secure - fix typo in a comment crypto: inside-secure - remove useless memset crypto: inside-secure - comment the caching function crypto: inside-secure - move request dequeueing into a workqueue crypto: inside-secure - use threaded IRQs for result handling crypto: inside-secure - dequeue all requests at once crypto: inside-secure - increase the ring size crypto: inside-secure - acknowledge the result requests all at once crypto: inside-secure - handle more result requests when counter is full crypto: inside-secure - retry to proceed the request later on fail crypto: inside-secure - EIP97 support crypto: inside-secure - avoid unmapping DMA memory that was not mapped crypto: inside-secure - fix hash when length is a multiple of a block Ard Biesheuvel (16): crypto: arm64/aes-ce-cipher - move assembler code to .S file crypto: arm64 - implement SHA-512 using special instructions crypto: arm64/aes-cipher - move S-box to .rodata section crypto: arm64/aes-neon - move literal data to .rodata section crypto: arm64/crc32 - move literal data to .rodata section crypto: arm64/crct10dif - move literal data to .rodata section crypto: arm64/sha2-ce - move the round constant table to .rodata section crypto: arm64/sha1-ce - get rid of literal pool crypto: sha3-generic - fixes for alignment and big endian operation crypto: sha3-generic - rewrite KECCAK transform to help the compiler optimize crypto: sha3-generic - simplify code crypto: sha3-generic - export init/update/final routines crypto: testmgr - add new testcases for sha3 crypto: arm64/sha3 - new v8.2 Crypto Extensions implementation crypto: arm64/sm3 - new v8.2 Crypto Extensions implementation crypto: arm64/sha512 - fix/improve new v8.2 Crypto Extensions code Arnd Bergmann (3): crypto: qat - reduce stack size with KASAN crypto: aes-generic - build with -Os on gcc-7+ crypto: aes-generic - fix aes-generic regression on powerpc Atul Gupta (3): cxgb4: Add support for Inline IPSec Tx chcr: Add support for Inline IPSec crypto: chelsio - fix a type cast error Cheah Kok Cheong (1): padata: add SPDX identifier Christian Lamparter (5): crypto: crypto4xx - shuffle iomap in front of request_irq crypto: crypto4xx - support Revision B parts crypto: crypto4xx - fix missing irq devname crypto: crypto4xx - kill MODULE_NAME crypto: crypto4xx - perform aead icv check in the driver Christophe Jaillet (1): crypto: hifn_795x - Fix a memory leak in the error handling path of 'hifn_probe()' Colin Ian King (10): crypto: chelsio - remove redundant assignments to reqctx and dst_size crypto: nx - fix spelling mistake: "availavle" -> "available" crypto: cavium - fix memory leak on info crypto: cryptd - make cryptd_max_cpu_qlen module parameter static crypto: chelsio - make arrays sgl_ent_len and dsgl_ent_len static chcr: remove unused variables net_device, pi, adap and cntrl chcr: ensure cntrl is initialized to fix bit-wise or'ing of garabage data crypto: tcrypt - fix spelling mistake: "bufufer"-> "buffer" crypto: tcrypt - free xoutbuf instead of axbuf crypto: inside-secure - make function safexcel_try_push_requests static Corentin LABBE (2): crypto: stm32 - fix module device table name crypto: artpec6 - remove select on non-existing CRYPTO_SHA384 Corentin Labbe (4): crypto: arm64/aes - do not call crypto_unregister_skcipher twice on error
[PATCH 2/3] crypto: stm32/hash: fix performance issues
From: Lionel DebieveFixing bugs link to stress tests. Bad results are detected during testmgr selftests executing in a faster environment. bufcnt value may be resetted and false IT are sometimes detected. Signed-off-by: Lionel Debieve --- drivers/crypto/stm32/stm32-hash.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/stm32/stm32-hash.c b/drivers/crypto/stm32/stm32-hash.c index 73cdc3b4dca8..d8444aeb6609 100644 --- a/drivers/crypto/stm32/stm32-hash.c +++ b/drivers/crypto/stm32/stm32-hash.c @@ -743,13 +743,15 @@ static int stm32_hash_final_req(struct stm32_hash_dev *hdev) struct ahash_request *req = hdev->req; struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); int err; + int buflen = rctx->bufcnt; + + rctx->bufcnt = 0; if (!(rctx->flags & HASH_FLAGS_CPU)) err = stm32_hash_dma_send(hdev); else - err = stm32_hash_xmit_cpu(hdev, rctx->buffer, rctx->bufcnt, 1); + err = stm32_hash_xmit_cpu(hdev, rctx->buffer, buflen, 1); - rctx->bufcnt = 0; return err; } @@ -1096,6 +1098,8 @@ static irqreturn_t stm32_hash_irq_handler(int irq, void *dev_id) reg &= ~HASH_SR_OUTPUT_READY; stm32_hash_write(hdev, HASH_SR, reg); hdev->flags |= HASH_FLAGS_OUTPUT_READY; + /* Disable IT*/ + stm32_hash_write(hdev, HASH_IMR, 0); return IRQ_WAKE_THREAD; } -- 2.15.1
[PATCH 1/3] crypto: stm32/hash: avoid error if maxburst not defined
From: Lionel Debievedma-maxburst is an optional value and must not return error in case of dma not used (or max-burst not defined). Signed-off-by: Lionel Debieve --- drivers/crypto/stm32/stm32-hash.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/stm32/stm32-hash.c b/drivers/crypto/stm32/stm32-hash.c index 4ca4a264a833..73cdc3b4dca8 100644 --- a/drivers/crypto/stm32/stm32-hash.c +++ b/drivers/crypto/stm32/stm32-hash.c @@ -1404,18 +1404,19 @@ MODULE_DEVICE_TABLE(of, stm32_hash_of_match); static int stm32_hash_get_of_match(struct stm32_hash_dev *hdev, struct device *dev) { - int err; - hdev->pdata = of_device_get_match_data(dev); if (!hdev->pdata) { dev_err(dev, "no compatible OF match\n"); return -EINVAL; } - err = of_property_read_u32(dev->of_node, "dma-maxburst", - >dma_maxburst); + if (of_property_read_u32(dev->of_node, "dma-maxburst", +>dma_maxburst)) { + dev_info(dev, "dma-maxburst not specified, using 0\n"); + hdev->dma_maxburst = 0; + } - return err; + return 0; } static int stm32_hash_probe(struct platform_device *pdev) -- 2.15.1
[PATCH 0/3] crypto: stm32/hash: Correction to improve robustness
From: Lionel DebieveHi, This patch serie will improve global robustness for stm32-hash driver. Patch #1 is fixing dma-burst issue when configuration is not set. Patch #2 solves issue that occurs when irq append during final req processing. Patch #3 is fixing an issue that have been introduced while managing padding but breaking the padding length calculation by hardware to generate correct hash. Regards, Lionel Debieve (3): crypto: stm32/hash: avoid error if maxburst not defined crypto: stm32/hash: fix performance issues crypto: stm32/hash: rework padding length drivers/crypto/stm32/stm32-hash.c | 21 + 1 file changed, 13 insertions(+), 8 deletions(-) -- 2.15.1
[PATCH 3/3] crypto: stm32/hash: rework padding length
From: Lionel DebieveDue to another patch, the dma fails when padding is needed as the given length is not correct. Signed-off-by: Lionel Debieve --- drivers/crypto/stm32/stm32-hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/stm32/stm32-hash.c b/drivers/crypto/stm32/stm32-hash.c index d8444aeb6609..80b9ec76bbb5 100644 --- a/drivers/crypto/stm32/stm32-hash.c +++ b/drivers/crypto/stm32/stm32-hash.c @@ -626,7 +626,7 @@ static int stm32_hash_dma_send(struct stm32_hash_dev *hdev) writesl(hdev->io_base + HASH_DIN, buffer, DIV_ROUND_UP(ncp, sizeof(u32))); } - stm32_hash_set_nblw(hdev, DIV_ROUND_UP(ncp, sizeof(u32))); + stm32_hash_set_nblw(hdev, ncp); reg = stm32_hash_read(hdev, HASH_STR); reg |= HASH_STR_DCAL; stm32_hash_write(hdev, HASH_STR, reg); -- 2.15.1
Re: [PATCH][next] hwrng: exynos: check for -ve error return from readl_poll_timeout
It was <2018-01-12 pią 17:30>, when Colin King wrote: > From: Colin Ian King> > Currently, the return from readl_poll_timeout is being assigned to > a u32 and this is being checked for a -ve return which is always > false since a u32 cannot be less than zero. Fix this by changing > val to an int so that error returns can be correctly detected. > > Detected by CoverityScan, CID#1463776 ("Logically dead code") > > Fixes: 6cd225cc5d8a ("hwrng: exynos - add Samsung Exynos True RNG driver") > Signed-off-by: Colin Ian King > --- > drivers/char/hw_random/exynos-trng.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/char/hw_random/exynos-trng.c > b/drivers/char/hw_random/exynos-trng.c > index 34d6f51ecbee..f4643e3ec346 100644 > --- a/drivers/char/hw_random/exynos-trng.c > +++ b/drivers/char/hw_random/exynos-trng.c > @@ -55,7 +55,7 @@ static int exynos_trng_do_read(struct hwrng *rng, void > *data, size_t max, > bool wait) > { > struct exynos_trng_dev *trng; > - u32 val; > + int val; > > max = min_t(size_t, max, (EXYNOS_TRNG_FIFO_LEN * 4)); Fixed. https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=a8bc71d4960391f732ec0307ebd69e4a25aaf4d3 -- Łukasz Stelmach Samsung R Institute Poland Samsung Electronics signature.asc Description: PGP signature
Re: [PATCH RFC 0/3] API for 128-bit IO access
On Fri, Jan 26, 2018 at 06:11:49PM +, Will Deacon wrote: > On Fri, Jan 26, 2018 at 12:05:42PM +0300, Yury Norov wrote: > > On Wed, Jan 24, 2018 at 10:22:13AM +, Will Deacon wrote: > > > On Wed, Jan 24, 2018 at 12:05:16PM +0300, Yury Norov wrote: > > > > This series adds API for 128-bit memory IO access and enables it for > > > > ARM64. > > > > The original motivation for 128-bit API came from new Cavium network > > > > device > > > > driver. The hardware requires 128-bit access to make things work. See > > > > description in patch 3 for details. > > > > > > > > Also, starting from ARMv8.4, stp and ldp instructions become atomic, and > > > > API for 128-bit access would be helpful in core arm64 code. > > > > > > Only for normal, cacheable memory, so they're not suitable for IO accesses > > > as you're proposing here. > > > > Hi Will, > > > > Thanks for clarification. > > > > Could you elaborate, do you find 128-bit read/write API useless, or > > you just correct my comment? > > > > I think that ordered uniform 128-bit access API would be helpful, even > > if not atomic. > > Sorry, but I strongly disagree here. Having an IO accessor that isn't > guaranteed to be atomic is a recipe for disaster if it's not called out > explicitly. You're much better off implementing something along the lines > of using 2x64-bit accessors like we already > have for the 2x32-bit case. > > However, that doesn't solve your problem and is somewhat of a distraction. > I'd suggest that in your case, where you have a device that relies on > 128-bit atomic access that is assumedly tightly integrated into your SoC, > then the driver just codes it's own local implementation of the accessor, > given that there isn't a way to guarantee the atomicity architecturally > (and even within your SoC it might not be atomic to all endpoints). OK. Understand that. So we'll drop this RFC and implement those accessors in driver. Thank you and all for the review. Maybe later I'll submit 128-bit unification patch that was discussed here. Yury
[PATCH 2/3] crypto: caam - prepare for gcm(aes) support over QI interface
Update gcm(aes) descriptors (generic, rfc4106 and rfc4543) such that they would also work when submitted via the QI interface. Signed-off-by: Horia Geantă--- drivers/crypto/caam/caamalg.c | 19 +++-- drivers/crypto/caam/caamalg_desc.c | 165 ++--- drivers/crypto/caam/caamalg_desc.h | 24 -- 3 files changed, 183 insertions(+), 25 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 2188235be02d..584a6c183548 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -328,6 +328,7 @@ static int gcm_set_sh_desc(struct crypto_aead *aead) { struct caam_ctx *ctx = crypto_aead_ctx(aead); struct device *jrdev = ctx->jrdev; + unsigned int ivsize = crypto_aead_ivsize(aead); u32 *desc; int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN - ctx->cdata.keylen; @@ -349,7 +350,7 @@ static int gcm_set_sh_desc(struct crypto_aead *aead) } desc = ctx->sh_desc_enc; - cnstr_shdsc_gcm_encap(desc, >cdata, ctx->authsize); + cnstr_shdsc_gcm_encap(desc, >cdata, ivsize, ctx->authsize, false); dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, desc_bytes(desc), ctx->dir); @@ -366,7 +367,7 @@ static int gcm_set_sh_desc(struct crypto_aead *aead) } desc = ctx->sh_desc_dec; - cnstr_shdsc_gcm_decap(desc, >cdata, ctx->authsize); + cnstr_shdsc_gcm_decap(desc, >cdata, ivsize, ctx->authsize, false); dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, desc_bytes(desc), ctx->dir); @@ -387,6 +388,7 @@ static int rfc4106_set_sh_desc(struct crypto_aead *aead) { struct caam_ctx *ctx = crypto_aead_ctx(aead); struct device *jrdev = ctx->jrdev; + unsigned int ivsize = crypto_aead_ivsize(aead); u32 *desc; int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN - ctx->cdata.keylen; @@ -408,7 +410,8 @@ static int rfc4106_set_sh_desc(struct crypto_aead *aead) } desc = ctx->sh_desc_enc; - cnstr_shdsc_rfc4106_encap(desc, >cdata, ctx->authsize); + cnstr_shdsc_rfc4106_encap(desc, >cdata, ivsize, ctx->authsize, + false); dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, desc_bytes(desc), ctx->dir); @@ -425,7 +428,8 @@ static int rfc4106_set_sh_desc(struct crypto_aead *aead) } desc = ctx->sh_desc_dec; - cnstr_shdsc_rfc4106_decap(desc, >cdata, ctx->authsize); + cnstr_shdsc_rfc4106_decap(desc, >cdata, ivsize, ctx->authsize, + false); dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, desc_bytes(desc), ctx->dir); @@ -447,6 +451,7 @@ static int rfc4543_set_sh_desc(struct crypto_aead *aead) { struct caam_ctx *ctx = crypto_aead_ctx(aead); struct device *jrdev = ctx->jrdev; + unsigned int ivsize = crypto_aead_ivsize(aead); u32 *desc; int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN - ctx->cdata.keylen; @@ -468,7 +473,8 @@ static int rfc4543_set_sh_desc(struct crypto_aead *aead) } desc = ctx->sh_desc_enc; - cnstr_shdsc_rfc4543_encap(desc, >cdata, ctx->authsize); + cnstr_shdsc_rfc4543_encap(desc, >cdata, ivsize, ctx->authsize, + false); dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma, desc_bytes(desc), ctx->dir); @@ -485,7 +491,8 @@ static int rfc4543_set_sh_desc(struct crypto_aead *aead) } desc = ctx->sh_desc_dec; - cnstr_shdsc_rfc4543_decap(desc, >cdata, ctx->authsize); + cnstr_shdsc_rfc4543_decap(desc, >cdata, ivsize, ctx->authsize, + false); dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma, desc_bytes(desc), ctx->dir); diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c index ceb93fbb76e6..8ae7a1be7dfd 100644 --- a/drivers/crypto/caam/caamalg_desc.c +++ b/drivers/crypto/caam/caamalg_desc.c @@ -625,10 +625,13 @@ EXPORT_SYMBOL(cnstr_shdsc_aead_givencap); * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. + * @ivsize: initialization vector size * @icvsize: integrity check value (ICV) size (truncated or full) + * @is_qi: true when called from caam/qi */ void cnstr_shdsc_gcm_encap(u32 * const desc, struct alginfo *cdata, - unsigned int icvsize) + unsigned int ivsize, unsigned int icvsize, +
[PATCH 3/3] crypto: caam/qi - add GCM support
Add support for AES working in Galois Counter Mode. The following algorithms are added: gcm(aes) rfc4106(gcm(aes)) rfc4543(gcm(aes)) There is a limitation related to IV size, similar to the one present in SW implementation (crypto/gcm.c): The only IV size allowed is 12 bytes. It will be padded by HW to the right with 0x_0001 (up to 16 bytes - AES block size), according to the GCM specification. Signed-off-by: Horia Geantă--- drivers/crypto/caam/caamalg_qi.c | 374 +++ 1 file changed, 374 insertions(+) diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c index f4db39495d22..c2b5762d56a0 100644 --- a/drivers/crypto/caam/caamalg_qi.c +++ b/drivers/crypto/caam/caamalg_qi.c @@ -284,6 +284,309 @@ static int aead_setkey(struct crypto_aead *aead, const u8 *key, return -EINVAL; } +static int gcm_set_sh_desc(struct crypto_aead *aead) +{ + struct caam_ctx *ctx = crypto_aead_ctx(aead); + unsigned int ivsize = crypto_aead_ivsize(aead); + int rem_bytes = CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN - + ctx->cdata.keylen; + + if (!ctx->cdata.keylen || !ctx->authsize) + return 0; + + /* +* Job Descriptor and Shared Descriptor +* must fit into the 64-word Descriptor h/w Buffer +*/ + if (rem_bytes >= DESC_QI_GCM_ENC_LEN) { + ctx->cdata.key_inline = true; + ctx->cdata.key_virt = ctx->key; + } else { + ctx->cdata.key_inline = false; + ctx->cdata.key_dma = ctx->key_dma; + } + + cnstr_shdsc_gcm_encap(ctx->sh_desc_enc, >cdata, ivsize, + ctx->authsize, true); + + /* +* Job Descriptor and Shared Descriptor +* must fit into the 64-word Descriptor h/w Buffer +*/ + if (rem_bytes >= DESC_QI_GCM_DEC_LEN) { + ctx->cdata.key_inline = true; + ctx->cdata.key_virt = ctx->key; + } else { + ctx->cdata.key_inline = false; + ctx->cdata.key_dma = ctx->key_dma; + } + + cnstr_shdsc_gcm_decap(ctx->sh_desc_dec, >cdata, ivsize, + ctx->authsize, true); + + return 0; +} + +static int gcm_setauthsize(struct crypto_aead *authenc, unsigned int authsize) +{ + struct caam_ctx *ctx = crypto_aead_ctx(authenc); + + ctx->authsize = authsize; + gcm_set_sh_desc(authenc); + + return 0; +} + +static int gcm_setkey(struct crypto_aead *aead, + const u8 *key, unsigned int keylen) +{ + struct caam_ctx *ctx = crypto_aead_ctx(aead); + struct device *jrdev = ctx->jrdev; + int ret; + +#ifdef DEBUG + print_hex_dump(KERN_ERR, "key in @" __stringify(__LINE__)": ", + DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); +#endif + + memcpy(ctx->key, key, keylen); + dma_sync_single_for_device(jrdev, ctx->key_dma, keylen, ctx->dir); + ctx->cdata.keylen = keylen; + + ret = gcm_set_sh_desc(aead); + if (ret) + return ret; + + /* Now update the driver contexts with the new shared descriptor */ + if (ctx->drv_ctx[ENCRYPT]) { + ret = caam_drv_ctx_update(ctx->drv_ctx[ENCRYPT], + ctx->sh_desc_enc); + if (ret) { + dev_err(jrdev, "driver enc context update failed\n"); + return ret; + } + } + + if (ctx->drv_ctx[DECRYPT]) { + ret = caam_drv_ctx_update(ctx->drv_ctx[DECRYPT], + ctx->sh_desc_dec); + if (ret) { + dev_err(jrdev, "driver dec context update failed\n"); + return ret; + } + } + + return 0; +} + +static int rfc4106_set_sh_desc(struct crypto_aead *aead) +{ + struct caam_ctx *ctx = crypto_aead_ctx(aead); + unsigned int ivsize = crypto_aead_ivsize(aead); + int rem_bytes = CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN - + ctx->cdata.keylen; + + if (!ctx->cdata.keylen || !ctx->authsize) + return 0; + + ctx->cdata.key_virt = ctx->key; + + /* +* Job Descriptor and Shared Descriptor +* must fit into the 64-word Descriptor h/w Buffer +*/ + if (rem_bytes >= DESC_QI_RFC4106_ENC_LEN) { + ctx->cdata.key_inline = true; + } else { + ctx->cdata.key_inline = false; + ctx->cdata.key_dma = ctx->key_dma; + } + + cnstr_shdsc_rfc4106_encap(ctx->sh_desc_enc, >cdata, ivsize, + ctx->authsize, true); + + /* +* Job Descriptor and Shared Descriptor +* must fit into the 64-word Descriptor h/w Buffer +*/ + if (rem_bytes >= DESC_QI_RFC4106_DEC_LEN) { +
[PATCH 1/3] crypto: caam/qi - return -EBADMSG for ICV check failure
Crypto drivers are expected to return -EBADMSG in case of ICV check (authentication) failure. In this case it also makes sense to suppress the error message in the QI dequeue callback. Signed-off-by: Horia Geantă--- drivers/crypto/caam/caamalg_qi.c | 12 +++- drivers/crypto/caam/qi.c | 11 +-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c index 4aecc9435f69..f4db39495d22 100644 --- a/drivers/crypto/caam/caamalg_qi.c +++ b/drivers/crypto/caam/caamalg_qi.c @@ -562,8 +562,18 @@ static void aead_done(struct caam_drv_req *drv_req, u32 status) qidev = caam_ctx->qidev; if (unlikely(status)) { + u32 ssrc = status & JRSTA_SSRC_MASK; + u8 err_id = status & JRSTA_CCBERR_ERRID_MASK; + caam_jr_strstatus(qidev, status); - ecode = -EIO; + /* +* verify hw auth check passed else return -EBADMSG +*/ + if (ssrc == JRSTA_SSRC_CCB_ERROR && + err_id == JRSTA_CCBERR_ERRID_ICVCHK) + ecode = -EBADMSG; + else + ecode = -EIO; } edesc = container_of(drv_req, typeof(*edesc), drv_req); diff --git a/drivers/crypto/caam/qi.c b/drivers/crypto/caam/qi.c index f9a44f485aac..b9480828da38 100644 --- a/drivers/crypto/caam/qi.c +++ b/drivers/crypto/caam/qi.c @@ -579,8 +579,15 @@ static enum qman_cb_dqrr_result caam_rsp_fq_dqrr_cb(struct qman_portal *p, fd = >fd; status = be32_to_cpu(fd->status); - if (unlikely(status)) - dev_err(qidev, "Error: %#x in CAAM response FD\n", status); + if (unlikely(status)) { + u32 ssrc = status & JRSTA_SSRC_MASK; + u8 err_id = status & JRSTA_CCBERR_ERRID_MASK; + + if (ssrc != JRSTA_SSRC_CCB_ERROR || + err_id != JRSTA_CCBERR_ERRID_ICVCHK) + dev_err(qidev, "Error: %#x in CAAM response FD\n", + status); + } if (unlikely(qm_fd_get_format(fd) != qm_fd_compound)) { dev_err(qidev, "Non-compound FD from CAAM\n"); -- 2.12.0.264.gd6db3f216544