RE: [RFC crypto v3 8/9] chtls: Register the ULP

[Atul Gupta]

@Dave Watson, Did you get chance to look at my response?

What I was referring is that passing "tls" ulp type in setsockopt may be 
insufficient to make the decision when multi HW assist Inline TLS solution 
exists.
Some HW may go beyond defining sendmsg/sendpage of the prot and require 
additional info to setup the env? Also, we need to keep vendor specific code 
out of tls_main.c i.e anything other than base/sw_tx prot perhaps go to hw 
driver.

Sabrina echoed similar concern early last week, can we discuss or have thoughts 
how to address this?

Thanks
Atul

-Original Message-
From: Atul Gupta 
Sent: Sunday, January 28, 2018 11:26 AM
To: 'Dave Watson' 
Cc: herb...@gondor.apana.org.au; linux-crypto@vger.kernel.org; 
ganes...@chelsio.co; net...@vger.kernel.org; da...@davemloft.net; Boris 
Pismenny ; Ilya Lesokhin 
Subject: RE: [RFC crypto v3 8/9] chtls: Register the ULP



-Original Message-
From: Dave Watson [mailto:davejwat...@fb.com] 
Sent: Friday, January 26, 2018 2:39 AM
To: Atul Gupta 
Cc: herb...@gondor.apana.org.au; linux-crypto@vger.kernel.org; 
ganes...@chelsio.co; net...@vger.kernel.org; da...@davemloft.net; Boris 
Pismenny ; Ilya Lesokhin 
Subject: Re: [RFC crypto v3 8/9] chtls: Register the ULP

<1513769897-26945-1-git-send-email-atul.gu...@chelsio.com>

On 12/20/17 05:08 PM, Atul Gupta wrote:
> +static void __init chtls_init_ulp_ops(void) {
> + chtls_base_prot = tcp_prot;
> + chtls_base_prot.hash= chtls_hash;
> + chtls_base_prot.unhash  = chtls_unhash;
> + chtls_base_prot.close   = chtls_lsk_close;
> +
> + chtls_cpl_prot  = chtls_base_prot;
> + chtls_init_rsk_ops(_cpl_prot, _rsk_ops,
> +_prot, PF_INET);
> + chtls_cpl_prot.close= chtls_close;
> + chtls_cpl_prot.disconnect   = chtls_disconnect;
> + chtls_cpl_prot.destroy  = chtls_destroy_sock;
> + chtls_cpl_prot.shutdown = chtls_shutdown;
> + chtls_cpl_prot.sendmsg  = chtls_sendmsg;
> + chtls_cpl_prot.recvmsg  = chtls_recvmsg;
> + chtls_cpl_prot.sendpage = chtls_sendpage;
> + chtls_cpl_prot.setsockopt   = chtls_setsockopt;
> + chtls_cpl_prot.getsockopt   = chtls_getsockopt;
> +}

Much of this file should go in tls_main.c, reusing as much as possible. For 
example it doesn't look like the get/set sockopts have changed at all for chtls.

Agree, should common code and anything other than TLS_BASE_TX/TLS_SW_TX prot 
should go in vendor specific file/driver. Since, prot require redefinition for 
hardware the code is kept in chtls_main.c

> +
> +static int __init chtls_register(void) {
> + chtls_init_ulp_ops();
> + register_listen_notifier(_notifier);
> + cxgb4_register_uld(CXGB4_ULD_TLS, _uld_info);
> + tcp_register_ulp(_chtls_ulp_ops);
> + return 0;
> +}
> +
> +static void __exit chtls_unregister(void) {
> + unregister_listen_notifier(_notifier);
> + tcp_unregister_ulp(_chtls_ulp_ops);
> + chtls_free_all_uld();
> + cxgb4_unregister_uld(CXGB4_ULD_TLS);
> +}

The idea with ULP is that there is one ULP hook per protocol, not per driver.  

One thought is that apps/lib calling setsockopt pass the required ulp type [tls 
or chtls or xtls], this enables any HW assist to define base_prot as required 
and keep common code [tls_main] independent of underlying HW. 
If we are to have single TLS ULP hook [good from user point] then need a way to 
determine which Inline tls hw is used? System with multiple Inline TLS capable 
hw and differing functionality would require checks in tls_main to exercise 
that specific functionality/callback?

Re: [PATCH] crypto: sha1-mb - remove HASH_FIRST flag

[Tim Chen]

>>
>> I suppose this will be okay as we are really doing the initialization in
>> sha1_mb_init.  Megha is now maintaining this code.  Copying her
>> so she can do some verification of this change.
>>
> 
> Please update the MAINTAINERS file so that people know who to Cc on patches.
> 
> Eric
> 

Herbert,

Can you pull in the patch below to update MAINTAINERS for sha multibuffer?

Tim

>From 884095fccd36d2de8c6edfe6f4d60ab4a1b9339b Mon Sep 17 00:00:00 2001
From: Tim Chen 
Date: Mon, 29 Jan 2018 09:22:41 -0800
Subject: [PATCH] x86/crypto: Designate maintainer for SHA-1/256/512
 multibuffer driver

Even though I created the original implementation of SHA1 multibuffer
driver, Megha extended it to SHA256 and SHA512 and she is now maintaining
the code for SHA1/SHA256/SHA512 multi-buffer driver.

Add the entry in the MAINTAINERS file so any update patch can find
its way properly to Megha.

Signed-off-by: Tim Chen 
---
 MAINTAINERS | 8 
 1 file changed, 8 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 2811a21..2085171 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -7064,6 +7064,14 @@ L:   linux-r...@vger.kernel.org
 S: Supported
 F: drivers/infiniband/hw/i40iw/
 
+INTEL SHA MULTIBUFFER DRIVER
+M: Megha Dey 
+R: Tim Chen 
+L: linux-crypto@vger.kernel.org
+S: Supported
+F: arch/x86/crypto/sha*-mb
+F: crypto/mcryptd.c
+
 INTEL TELEMETRY DRIVER
 M: Souvik Kumar Chakravarty 
 L: platform-driver-...@vger.kernel.org
-- 
2.7.4

Re: [PATCH v2] tpm: Move Linux RNG connection to hwrng

[Jarkko Sakkinen]

On Sat, Jan 27, 2018 at 12:20:18PM +0530, PrasannaKumar Muralidharan wrote:
> Hi Jarkko,
> 
> On 17 November 2017 at 19:27, Jarkko Sakkinen
>  wrote:
> > On Fri, Nov 17, 2017 at 03:28:53PM +0200, Jarkko Sakkinen wrote:
> >
> > At least signed-off-by from PrassanaKumar is missing from the 2nd
> > commit. I'll add it.
> 
> I had the impression that my signed-off-by will be present in this
> change. But it is missing in [1]. Is it supposed to be that way?
> 
> 1. 
> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=6e592a065d51d26f9d62b8b7501a5114076af8b4
> 
> Thanks,
> PrasannaKumar

Yes, it would be senseful.

James, would it still be possible to amend this tag to security tree?

/Jarkko

[PATCH 1/5] hwrng: stm32 - add reset during probe

[Lionel Debieve]

Avoid issue when probing the RNG without
reset if bad status has been detected previously

Signed-off-by: Lionel Debieve 
---
 drivers/char/hw_random/stm32-rng.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/drivers/char/hw_random/stm32-rng.c 
b/drivers/char/hw_random/stm32-rng.c
index 63d84e6f1891..83c695938a2d 100644
--- a/drivers/char/hw_random/stm32-rng.c
+++ b/drivers/char/hw_random/stm32-rng.c
@@ -21,6 +21,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 
 #define RNG_CR 0x00
@@ -46,6 +47,7 @@ struct stm32_rng_private {
struct hwrng rng;
void __iomem *base;
struct clk *clk;
+   struct reset_control *rst;
 };
 
 static int stm32_rng_read(struct hwrng *rng, void *data, size_t max, bool wait)
@@ -140,6 +142,13 @@ static int stm32_rng_probe(struct platform_device *ofdev)
if (IS_ERR(priv->clk))
return PTR_ERR(priv->clk);
 
+   priv->rst = devm_reset_control_get(>dev, NULL);
+   if (!IS_ERR(priv->rst)) {
+   reset_control_assert(priv->rst);
+   udelay(2);
+   reset_control_deassert(priv->rst);
+   }
+
dev_set_drvdata(dev, priv);
 
priv->rng.name = dev_driver_string(dev),
-- 
2.15.1

[PATCH 4/5] dt-bindings: rng: add clock detection error for stm32

[Lionel Debieve]

Add optional property to enable the clock detection error
on rng block. It is used to allow slow clock source which
give correct entropy for rng.

Signed-off-by: Lionel Debieve 
---
 Documentation/devicetree/bindings/rng/st,stm32-rng.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt 
b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt
index cb7ca78135ff..1dfa7d51e006 100644
--- a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt
+++ b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt
@@ -13,6 +13,7 @@ Required properties:
 
 Optional properties:
 - resets : The reset to properly start RNG
+- clock-error-detect : Enable the clock detection management
 
 Example:
 
-- 
2.15.1

[PATCH 0/5] hwrng: stm32 - Improvement for stm32-rng

[Lionel Debieve]

This set of patches add extended functionalities for stm32 rng
driver.
Patch #1 includes a reset during probe to avoid any error status
which can occur during bootup process and keep safe rng integrity.

Patch #3 adds a new property to manage the clock error detection
feature which can be disabled on specific target.

Patch #5 rework the timeout calculation for read value that was
previously defined based on loop operation and is now based on
timer.

Lionel Debieve (5):
  hwrng: stm32 - add reset during probe
  dt-bindings: rng: add reset node for stm32
  hwrng: stm32 - allow disable clock error detection
  dt-bindings: rng: add clock detection error for stm32
  hwrng: stm32 - rework read timeout calculation

 .../devicetree/bindings/rng/st,stm32-rng.txt   |  4 ++
 drivers/char/hw_random/stm32-rng.c | 44 ++
 2 files changed, 32 insertions(+), 16 deletions(-)

-- 
2.15.1

[PATCH 2/5] dt-bindings: rng: add reset node for stm32

[Lionel Debieve]

Adding optional resets property for rng.

Signed-off-by: Lionel Debieve 
---
 Documentation/devicetree/bindings/rng/st,stm32-rng.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt 
b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt
index 47f04176f93b..cb7ca78135ff 100644
--- a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt
+++ b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt
@@ -11,6 +11,9 @@ Required properties:
 - interrupts : The designated IRQ line for the RNG
 - clocks : The clock needed to enable the RNG
 
+Optional properties:
+- resets : The reset to properly start RNG
+
 Example:
 
rng: rng@50060800 {
-- 
2.15.1

[PATCH 3/5] hwrng: stm32 - allow disable clock error detection

[Lionel Debieve]

Add a new property that allow to disable the clock error
detection which is required when the clock source selected
is out of specification (which is not mandatory).

Signed-off-by: Lionel Debieve 
---
 drivers/char/hw_random/stm32-rng.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/char/hw_random/stm32-rng.c 
b/drivers/char/hw_random/stm32-rng.c
index 83c695938a2d..709a8d061be3 100644
--- a/drivers/char/hw_random/stm32-rng.c
+++ b/drivers/char/hw_random/stm32-rng.c
@@ -26,6 +26,7 @@
 
 #define RNG_CR 0x00
 #define RNG_CR_RNGEN BIT(2)
+#define RNG_CR_CED BIT(5)
 
 #define RNG_SR 0x04
 #define RNG_SR_SEIS BIT(6)
@@ -48,6 +49,7 @@ struct stm32_rng_private {
void __iomem *base;
struct clk *clk;
struct reset_control *rst;
+   bool ced;
 };
 
 static int stm32_rng_read(struct hwrng *rng, void *data, size_t max, bool wait)
@@ -101,7 +103,11 @@ static int stm32_rng_init(struct hwrng *rng)
if (err)
return err;
 
-   writel_relaxed(RNG_CR_RNGEN, priv->base + RNG_CR);
+   if (priv->ced)
+   writel_relaxed(RNG_CR_RNGEN, priv->base + RNG_CR);
+   else
+   writel_relaxed(RNG_CR_RNGEN | RNG_CR_CED,
+  priv->base + RNG_CR);
 
/* clear error indicators */
writel_relaxed(0, priv->base + RNG_SR);
@@ -149,6 +155,8 @@ static int stm32_rng_probe(struct platform_device *ofdev)
reset_control_deassert(priv->rst);
}
 
+   priv->ced = of_property_read_bool(np, "clock-error-detect");
+
dev_set_drvdata(dev, priv);
 
priv->rng.name = dev_driver_string(dev),
-- 
2.15.1

Crypto Update for 4.16

[Herbert Xu]

Hi Linus: 

Here is the crypto update for 4.16:

API:

- Enforce the setting of keys for keyed aead/hash/skcipher
algorithms.
- Add multibuf speed tests in tcrypt.

Algorithms:

- Improve performance of sha3-generic.
- Add native sha512 support on arm64.
- Add v8.2 Crypto Extentions version of sha3/sm3 on arm64.
- Avoid hmac nesting by requiring underlying algorithm to be unkeyed.
- Add cryptd_max_cpu_qlen module parameter to cryptd.

Drivers:

- Add support for EIP97 engine in inside-secure.
- Add inline IPsec support to chelsio.
- Add RevB core support to crypto4xx.
- Fix AEAD ICV check in crypto4xx.
- Add stm32 crypto driver.
- Add support for BCM63xx platforms in bcm2835 and remove bcm63xx.
- Add Derived Key Protocol (DKP) support in caam.
- Add Samsung Exynos True RNG driver.
- Add support for Exynos5250+ SoCs in exynos PRNG driver.

Please note that there will be a conflict with the net tree due
updates to the same header file in the chelsio driver.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git linus


Alexey Khoroshilov (1):
  crypto: picoxcell - Fix error handling in spacc_probe()

Antoine Tenart (1):
  Documentation/bindings: crypto: document the SafeXcel EIP97 compatible

Antoine Ténart (14):
  crypto: inside-secure - remove extra empty line
  crypto: inside-secure - fix typo in a comment
  crypto: inside-secure - remove useless memset
  crypto: inside-secure - comment the caching function
  crypto: inside-secure - move request dequeueing into a workqueue
  crypto: inside-secure - use threaded IRQs for result handling
  crypto: inside-secure - dequeue all requests at once
  crypto: inside-secure - increase the ring size
  crypto: inside-secure - acknowledge the result requests all at once
  crypto: inside-secure - handle more result requests when counter is full
  crypto: inside-secure - retry to proceed the request later on fail
  crypto: inside-secure - EIP97 support
  crypto: inside-secure - avoid unmapping DMA memory that was not mapped
  crypto: inside-secure - fix hash when length is a multiple of a block

Ard Biesheuvel (16):
  crypto: arm64/aes-ce-cipher - move assembler code to .S file
  crypto: arm64 - implement SHA-512 using special instructions
  crypto: arm64/aes-cipher - move S-box to .rodata section
  crypto: arm64/aes-neon - move literal data to .rodata section
  crypto: arm64/crc32 - move literal data to .rodata section
  crypto: arm64/crct10dif - move literal data to .rodata section
  crypto: arm64/sha2-ce - move the round constant table to .rodata section
  crypto: arm64/sha1-ce - get rid of literal pool
  crypto: sha3-generic - fixes for alignment and big endian operation
  crypto: sha3-generic - rewrite KECCAK transform to help the compiler 
optimize
  crypto: sha3-generic - simplify code
  crypto: sha3-generic - export init/update/final routines
  crypto: testmgr - add new testcases for sha3
  crypto: arm64/sha3 - new v8.2 Crypto Extensions implementation
  crypto: arm64/sm3 - new v8.2 Crypto Extensions implementation
  crypto: arm64/sha512 - fix/improve new v8.2 Crypto Extensions code

Arnd Bergmann (3):
  crypto: qat - reduce stack size with KASAN
  crypto: aes-generic - build with -Os on gcc-7+
  crypto: aes-generic - fix aes-generic regression on powerpc

Atul Gupta (3):
  cxgb4: Add support for Inline IPSec Tx
  chcr: Add support for Inline IPSec
  crypto: chelsio - fix a type cast error

Cheah Kok Cheong (1):
  padata: add SPDX identifier

Christian Lamparter (5):
  crypto: crypto4xx - shuffle iomap in front of request_irq
  crypto: crypto4xx - support Revision B parts
  crypto: crypto4xx - fix missing irq devname
  crypto: crypto4xx - kill MODULE_NAME
  crypto: crypto4xx - perform aead icv check in the driver

Christophe Jaillet (1):
  crypto: hifn_795x - Fix a memory leak in the error handling path of 
'hifn_probe()'

Colin Ian King (10):
  crypto: chelsio - remove redundant assignments to reqctx and dst_size
  crypto: nx - fix spelling mistake: "availavle" -> "available"
  crypto: cavium - fix memory leak on info
  crypto: cryptd - make cryptd_max_cpu_qlen module parameter static
  crypto: chelsio - make arrays sgl_ent_len and dsgl_ent_len static
  chcr: remove unused variables net_device, pi, adap and cntrl
  chcr: ensure cntrl is initialized to fix bit-wise or'ing of garabage data
  crypto: tcrypt - fix spelling mistake: "bufufer"-> "buffer"
  crypto: tcrypt - free xoutbuf instead of axbuf
  crypto: inside-secure - make function safexcel_try_push_requests static

Corentin LABBE (2):
  crypto: stm32 - fix module device table name
  crypto: artpec6 - remove select on non-existing CRYPTO_SHA384

Corentin Labbe (4):
  crypto: arm64/aes - do not call crypto_unregister_skcipher twice on error
  

[PATCH 2/3] crypto: stm32/hash: fix performance issues

[Lionel Debieve]

From: Lionel Debieve 

Fixing bugs link to stress tests. Bad results are
detected during testmgr selftests executing in a
faster environment. bufcnt value may be resetted and
false IT are sometimes detected.

Signed-off-by: Lionel Debieve 
---
 drivers/crypto/stm32/stm32-hash.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/stm32/stm32-hash.c 
b/drivers/crypto/stm32/stm32-hash.c
index 73cdc3b4dca8..d8444aeb6609 100644
--- a/drivers/crypto/stm32/stm32-hash.c
+++ b/drivers/crypto/stm32/stm32-hash.c
@@ -743,13 +743,15 @@ static int stm32_hash_final_req(struct stm32_hash_dev 
*hdev)
struct ahash_request *req = hdev->req;
struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req);
int err;
+   int buflen = rctx->bufcnt;
+
+   rctx->bufcnt = 0;
 
if (!(rctx->flags & HASH_FLAGS_CPU))
err = stm32_hash_dma_send(hdev);
else
-   err = stm32_hash_xmit_cpu(hdev, rctx->buffer, rctx->bufcnt, 1);
+   err = stm32_hash_xmit_cpu(hdev, rctx->buffer, buflen, 1);
 
-   rctx->bufcnt = 0;
 
return err;
 }
@@ -1096,6 +1098,8 @@ static irqreturn_t stm32_hash_irq_handler(int irq, void 
*dev_id)
reg &= ~HASH_SR_OUTPUT_READY;
stm32_hash_write(hdev, HASH_SR, reg);
hdev->flags |= HASH_FLAGS_OUTPUT_READY;
+   /* Disable IT*/
+   stm32_hash_write(hdev, HASH_IMR, 0);
return IRQ_WAKE_THREAD;
}
 
-- 
2.15.1

[PATCH 1/3] crypto: stm32/hash: avoid error if maxburst not defined

[Lionel Debieve]

From: Lionel Debieve 

dma-maxburst is an optional value and must not return
error in case of dma not used (or max-burst not defined).

Signed-off-by: Lionel Debieve 
---
 drivers/crypto/stm32/stm32-hash.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/stm32/stm32-hash.c 
b/drivers/crypto/stm32/stm32-hash.c
index 4ca4a264a833..73cdc3b4dca8 100644
--- a/drivers/crypto/stm32/stm32-hash.c
+++ b/drivers/crypto/stm32/stm32-hash.c
@@ -1404,18 +1404,19 @@ MODULE_DEVICE_TABLE(of, stm32_hash_of_match);
 static int stm32_hash_get_of_match(struct stm32_hash_dev *hdev,
   struct device *dev)
 {
-   int err;
-
hdev->pdata = of_device_get_match_data(dev);
if (!hdev->pdata) {
dev_err(dev, "no compatible OF match\n");
return -EINVAL;
}
 
-   err = of_property_read_u32(dev->of_node, "dma-maxburst",
-  >dma_maxburst);
+   if (of_property_read_u32(dev->of_node, "dma-maxburst",
+>dma_maxburst)) {
+   dev_info(dev, "dma-maxburst not specified, using 0\n");
+   hdev->dma_maxburst = 0;
+   }
 
-   return err;
+   return 0;
 }
 
 static int stm32_hash_probe(struct platform_device *pdev)
-- 
2.15.1

[PATCH 0/3] crypto: stm32/hash: Correction to improve robustness

[Lionel Debieve]

From: Lionel Debieve 

Hi,

This patch serie will improve global robustness for stm32-hash driver. 

Patch #1 is fixing dma-burst issue when configuration is not set.
Patch #2 solves issue that occurs when irq append during final req processing.
Patch #3 is fixing an issue that have been introduced while managing padding but
breaking the padding length calculation by hardware to generate correct hash.

Regards,

Lionel Debieve (3):
  crypto: stm32/hash: avoid error if maxburst not defined
  crypto: stm32/hash: fix performance issues
  crypto: stm32/hash: rework padding length

 drivers/crypto/stm32/stm32-hash.c | 21 +
 1 file changed, 13 insertions(+), 8 deletions(-)

-- 
2.15.1

[PATCH 3/3] crypto: stm32/hash: rework padding length

[Lionel Debieve]

From: Lionel Debieve 

Due to another patch, the dma fails when padding is
needed as the given length is not correct.

Signed-off-by: Lionel Debieve 
---
 drivers/crypto/stm32/stm32-hash.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/stm32/stm32-hash.c 
b/drivers/crypto/stm32/stm32-hash.c
index d8444aeb6609..80b9ec76bbb5 100644
--- a/drivers/crypto/stm32/stm32-hash.c
+++ b/drivers/crypto/stm32/stm32-hash.c
@@ -626,7 +626,7 @@ static int stm32_hash_dma_send(struct stm32_hash_dev *hdev)
writesl(hdev->io_base + HASH_DIN, buffer,
DIV_ROUND_UP(ncp, sizeof(u32)));
}
-   stm32_hash_set_nblw(hdev, DIV_ROUND_UP(ncp, sizeof(u32)));
+   stm32_hash_set_nblw(hdev, ncp);
reg = stm32_hash_read(hdev, HASH_STR);
reg |= HASH_STR_DCAL;
stm32_hash_write(hdev, HASH_STR, reg);
-- 
2.15.1

Re: [PATCH][next] hwrng: exynos: check for -ve error return from readl_poll_timeout

[Łukasz Stelmach]

It was <2018-01-12 pią 17:30>, when Colin King wrote:
> From: Colin Ian King 
>
> Currently, the return from readl_poll_timeout is being assigned to
> a u32 and this is being checked for a -ve return which is always
> false since a u32 cannot be less than zero.  Fix this by changing
> val to an int so that error returns can be correctly detected.
>
> Detected by CoverityScan, CID#1463776 ("Logically dead code")
>
> Fixes: 6cd225cc5d8a ("hwrng: exynos - add Samsung Exynos True RNG driver")
> Signed-off-by: Colin Ian King 
> ---
>  drivers/char/hw_random/exynos-trng.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/hw_random/exynos-trng.c 
> b/drivers/char/hw_random/exynos-trng.c
> index 34d6f51ecbee..f4643e3ec346 100644
> --- a/drivers/char/hw_random/exynos-trng.c
> +++ b/drivers/char/hw_random/exynos-trng.c
> @@ -55,7 +55,7 @@ static int exynos_trng_do_read(struct hwrng *rng, void 
> *data, size_t max,
>  bool wait)
>  {
>   struct exynos_trng_dev *trng;
> - u32 val;
> + int val;
>  
>   max = min_t(size_t, max, (EXYNOS_TRNG_FIFO_LEN * 4));

Fixed.

https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=a8bc71d4960391f732ec0307ebd69e4a25aaf4d3

-- 
Łukasz Stelmach
Samsung R Institute Poland
Samsung Electronics


signature.asc
Description: PGP signature

Re: [PATCH RFC 0/3] API for 128-bit IO access

[Yury Norov]

On Fri, Jan 26, 2018 at 06:11:49PM +, Will Deacon wrote:
> On Fri, Jan 26, 2018 at 12:05:42PM +0300, Yury Norov wrote:
> > On Wed, Jan 24, 2018 at 10:22:13AM +, Will Deacon wrote:
> > > On Wed, Jan 24, 2018 at 12:05:16PM +0300, Yury Norov wrote:
> > > > This series adds API for 128-bit memory IO access and enables it for 
> > > > ARM64.
> > > > The original motivation for 128-bit API came from new Cavium network 
> > > > device
> > > > driver. The hardware requires 128-bit access to make things work. See
> > > > description in patch 3 for details.
> > > > 
> > > > Also, starting from ARMv8.4, stp and ldp instructions become atomic, and
> > > > API for 128-bit access would be helpful in core arm64 code.
> > > 
> > > Only for normal, cacheable memory, so they're not suitable for IO accesses
> > > as you're proposing here.
> > 
> > Hi Will,
> > 
> > Thanks for clarification.
> > 
> > Could you elaborate, do you find 128-bit read/write API useless, or
> > you just correct my comment?
> > 
> > I think that ordered uniform 128-bit access API would be helpful, even
> > if not atomic.
> 
> Sorry, but I strongly disagree here. Having an IO accessor that isn't
> guaranteed to be atomic is a recipe for disaster if it's not called out
> explicitly. You're much better off implementing something along the lines
> of  using 2x64-bit accessors like we already
> have for the 2x32-bit case.
> 
> However, that doesn't solve your problem and is somewhat of a distraction.
> I'd suggest that in your case, where you have a device that relies on
> 128-bit atomic access that is assumedly tightly integrated into your SoC,
> then the driver just codes it's own local implementation of the accessor,
> given that there isn't a way to guarantee the atomicity architecturally
> (and even within your SoC it might not be atomic to all endpoints).

OK. Understand that. So we'll drop this RFC and implement those accessors 
in driver.

Thank you and all for the review. Maybe later I'll submit 128-bit unification
patch that was discussed here.

Yury

[PATCH 2/3] crypto: caam - prepare for gcm(aes) support over QI interface

[Horia Geantă]

Update gcm(aes) descriptors (generic, rfc4106 and rfc4543) such that
they would also work when submitted via the QI interface.

Signed-off-by: Horia Geantă 
---
 drivers/crypto/caam/caamalg.c  |  19 +++--
 drivers/crypto/caam/caamalg_desc.c | 165 ++---
 drivers/crypto/caam/caamalg_desc.h |  24 --
 3 files changed, 183 insertions(+), 25 deletions(-)

diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 2188235be02d..584a6c183548 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -328,6 +328,7 @@ static int gcm_set_sh_desc(struct crypto_aead *aead)
 {
struct caam_ctx *ctx = crypto_aead_ctx(aead);
struct device *jrdev = ctx->jrdev;
+   unsigned int ivsize = crypto_aead_ivsize(aead);
u32 *desc;
int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN -
ctx->cdata.keylen;
@@ -349,7 +350,7 @@ static int gcm_set_sh_desc(struct crypto_aead *aead)
}
 
desc = ctx->sh_desc_enc;
-   cnstr_shdsc_gcm_encap(desc, >cdata, ctx->authsize);
+   cnstr_shdsc_gcm_encap(desc, >cdata, ivsize, ctx->authsize, false);
dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
   desc_bytes(desc), ctx->dir);
 
@@ -366,7 +367,7 @@ static int gcm_set_sh_desc(struct crypto_aead *aead)
}
 
desc = ctx->sh_desc_dec;
-   cnstr_shdsc_gcm_decap(desc, >cdata, ctx->authsize);
+   cnstr_shdsc_gcm_decap(desc, >cdata, ivsize, ctx->authsize, false);
dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
   desc_bytes(desc), ctx->dir);
 
@@ -387,6 +388,7 @@ static int rfc4106_set_sh_desc(struct crypto_aead *aead)
 {
struct caam_ctx *ctx = crypto_aead_ctx(aead);
struct device *jrdev = ctx->jrdev;
+   unsigned int ivsize = crypto_aead_ivsize(aead);
u32 *desc;
int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN -
ctx->cdata.keylen;
@@ -408,7 +410,8 @@ static int rfc4106_set_sh_desc(struct crypto_aead *aead)
}
 
desc = ctx->sh_desc_enc;
-   cnstr_shdsc_rfc4106_encap(desc, >cdata, ctx->authsize);
+   cnstr_shdsc_rfc4106_encap(desc, >cdata, ivsize, ctx->authsize,
+ false);
dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
   desc_bytes(desc), ctx->dir);
 
@@ -425,7 +428,8 @@ static int rfc4106_set_sh_desc(struct crypto_aead *aead)
}
 
desc = ctx->sh_desc_dec;
-   cnstr_shdsc_rfc4106_decap(desc, >cdata, ctx->authsize);
+   cnstr_shdsc_rfc4106_decap(desc, >cdata, ivsize, ctx->authsize,
+ false);
dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
   desc_bytes(desc), ctx->dir);
 
@@ -447,6 +451,7 @@ static int rfc4543_set_sh_desc(struct crypto_aead *aead)
 {
struct caam_ctx *ctx = crypto_aead_ctx(aead);
struct device *jrdev = ctx->jrdev;
+   unsigned int ivsize = crypto_aead_ivsize(aead);
u32 *desc;
int rem_bytes = CAAM_DESC_BYTES_MAX - GCM_DESC_JOB_IO_LEN -
ctx->cdata.keylen;
@@ -468,7 +473,8 @@ static int rfc4543_set_sh_desc(struct crypto_aead *aead)
}
 
desc = ctx->sh_desc_enc;
-   cnstr_shdsc_rfc4543_encap(desc, >cdata, ctx->authsize);
+   cnstr_shdsc_rfc4543_encap(desc, >cdata, ivsize, ctx->authsize,
+ false);
dma_sync_single_for_device(jrdev, ctx->sh_desc_enc_dma,
   desc_bytes(desc), ctx->dir);
 
@@ -485,7 +491,8 @@ static int rfc4543_set_sh_desc(struct crypto_aead *aead)
}
 
desc = ctx->sh_desc_dec;
-   cnstr_shdsc_rfc4543_decap(desc, >cdata, ctx->authsize);
+   cnstr_shdsc_rfc4543_decap(desc, >cdata, ivsize, ctx->authsize,
+ false);
dma_sync_single_for_device(jrdev, ctx->sh_desc_dec_dma,
   desc_bytes(desc), ctx->dir);
 
diff --git a/drivers/crypto/caam/caamalg_desc.c 
b/drivers/crypto/caam/caamalg_desc.c
index ceb93fbb76e6..8ae7a1be7dfd 100644
--- a/drivers/crypto/caam/caamalg_desc.c
+++ b/drivers/crypto/caam/caamalg_desc.c
@@ -625,10 +625,13 @@ EXPORT_SYMBOL(cnstr_shdsc_aead_givencap);
  * @desc: pointer to buffer used for descriptor construction
  * @cdata: pointer to block cipher transform definitions
  * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with 
OP_ALG_AAI_GCM.
+ * @ivsize: initialization vector size
  * @icvsize: integrity check value (ICV) size (truncated or full)
+ * @is_qi: true when called from caam/qi
  */
 void cnstr_shdsc_gcm_encap(u32 * const desc, struct alginfo *cdata,
-  unsigned int icvsize)
+  unsigned int ivsize, unsigned int icvsize,
+ 

[PATCH 3/3] crypto: caam/qi - add GCM support

[Horia Geantă]

Add support for AES working in Galois Counter Mode.
The following algorithms are added:
gcm(aes)
rfc4106(gcm(aes))
rfc4543(gcm(aes))

There is a limitation related to IV size, similar to the one present in
SW implementation (crypto/gcm.c):
The only IV size allowed is 12 bytes. It will be padded by HW to the right
with 0x_0001 (up to 16 bytes - AES block size), according to the
GCM specification.

Signed-off-by: Horia Geantă 
---
 drivers/crypto/caam/caamalg_qi.c | 374 +++
 1 file changed, 374 insertions(+)

diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index f4db39495d22..c2b5762d56a0 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -284,6 +284,309 @@ static int aead_setkey(struct crypto_aead *aead, const u8 
*key,
return -EINVAL;
 }
 
+static int gcm_set_sh_desc(struct crypto_aead *aead)
+{
+   struct caam_ctx *ctx = crypto_aead_ctx(aead);
+   unsigned int ivsize = crypto_aead_ivsize(aead);
+   int rem_bytes = CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN -
+   ctx->cdata.keylen;
+
+   if (!ctx->cdata.keylen || !ctx->authsize)
+   return 0;
+
+   /*
+* Job Descriptor and Shared Descriptor
+* must fit into the 64-word Descriptor h/w Buffer
+*/
+   if (rem_bytes >= DESC_QI_GCM_ENC_LEN) {
+   ctx->cdata.key_inline = true;
+   ctx->cdata.key_virt = ctx->key;
+   } else {
+   ctx->cdata.key_inline = false;
+   ctx->cdata.key_dma = ctx->key_dma;
+   }
+
+   cnstr_shdsc_gcm_encap(ctx->sh_desc_enc, >cdata, ivsize,
+ ctx->authsize, true);
+
+   /*
+* Job Descriptor and Shared Descriptor
+* must fit into the 64-word Descriptor h/w Buffer
+*/
+   if (rem_bytes >= DESC_QI_GCM_DEC_LEN) {
+   ctx->cdata.key_inline = true;
+   ctx->cdata.key_virt = ctx->key;
+   } else {
+   ctx->cdata.key_inline = false;
+   ctx->cdata.key_dma = ctx->key_dma;
+   }
+
+   cnstr_shdsc_gcm_decap(ctx->sh_desc_dec, >cdata, ivsize,
+ ctx->authsize, true);
+
+   return 0;
+}
+
+static int gcm_setauthsize(struct crypto_aead *authenc, unsigned int authsize)
+{
+   struct caam_ctx *ctx = crypto_aead_ctx(authenc);
+
+   ctx->authsize = authsize;
+   gcm_set_sh_desc(authenc);
+
+   return 0;
+}
+
+static int gcm_setkey(struct crypto_aead *aead,
+ const u8 *key, unsigned int keylen)
+{
+   struct caam_ctx *ctx = crypto_aead_ctx(aead);
+   struct device *jrdev = ctx->jrdev;
+   int ret;
+
+#ifdef DEBUG
+   print_hex_dump(KERN_ERR, "key in @" __stringify(__LINE__)": ",
+  DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
+#endif
+
+   memcpy(ctx->key, key, keylen);
+   dma_sync_single_for_device(jrdev, ctx->key_dma, keylen, ctx->dir);
+   ctx->cdata.keylen = keylen;
+
+   ret = gcm_set_sh_desc(aead);
+   if (ret)
+   return ret;
+
+   /* Now update the driver contexts with the new shared descriptor */
+   if (ctx->drv_ctx[ENCRYPT]) {
+   ret = caam_drv_ctx_update(ctx->drv_ctx[ENCRYPT],
+ ctx->sh_desc_enc);
+   if (ret) {
+   dev_err(jrdev, "driver enc context update failed\n");
+   return ret;
+   }
+   }
+
+   if (ctx->drv_ctx[DECRYPT]) {
+   ret = caam_drv_ctx_update(ctx->drv_ctx[DECRYPT],
+ ctx->sh_desc_dec);
+   if (ret) {
+   dev_err(jrdev, "driver dec context update failed\n");
+   return ret;
+   }
+   }
+
+   return 0;
+}
+
+static int rfc4106_set_sh_desc(struct crypto_aead *aead)
+{
+   struct caam_ctx *ctx = crypto_aead_ctx(aead);
+   unsigned int ivsize = crypto_aead_ivsize(aead);
+   int rem_bytes = CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN -
+   ctx->cdata.keylen;
+
+   if (!ctx->cdata.keylen || !ctx->authsize)
+   return 0;
+
+   ctx->cdata.key_virt = ctx->key;
+
+   /*
+* Job Descriptor and Shared Descriptor
+* must fit into the 64-word Descriptor h/w Buffer
+*/
+   if (rem_bytes >= DESC_QI_RFC4106_ENC_LEN) {
+   ctx->cdata.key_inline = true;
+   } else {
+   ctx->cdata.key_inline = false;
+   ctx->cdata.key_dma = ctx->key_dma;
+   }
+
+   cnstr_shdsc_rfc4106_encap(ctx->sh_desc_enc, >cdata, ivsize,
+ ctx->authsize, true);
+
+   /*
+* Job Descriptor and Shared Descriptor
+* must fit into the 64-word Descriptor h/w Buffer
+*/
+   if (rem_bytes >= DESC_QI_RFC4106_DEC_LEN) {
+   

[PATCH 1/3] crypto: caam/qi - return -EBADMSG for ICV check failure

[Horia Geantă]

Crypto drivers are expected to return -EBADMSG in case of
ICV check (authentication) failure.

In this case it also makes sense to suppress the error message
in the QI dequeue callback.

Signed-off-by: Horia Geantă 
---
 drivers/crypto/caam/caamalg_qi.c | 12 +++-
 drivers/crypto/caam/qi.c | 11 +--
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index 4aecc9435f69..f4db39495d22 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -562,8 +562,18 @@ static void aead_done(struct caam_drv_req *drv_req, u32 
status)
qidev = caam_ctx->qidev;
 
if (unlikely(status)) {
+   u32 ssrc = status & JRSTA_SSRC_MASK;
+   u8 err_id = status & JRSTA_CCBERR_ERRID_MASK;
+
caam_jr_strstatus(qidev, status);
-   ecode = -EIO;
+   /*
+* verify hw auth check passed else return -EBADMSG
+*/
+   if (ssrc == JRSTA_SSRC_CCB_ERROR &&
+   err_id == JRSTA_CCBERR_ERRID_ICVCHK)
+   ecode = -EBADMSG;
+   else
+   ecode = -EIO;
}
 
edesc = container_of(drv_req, typeof(*edesc), drv_req);
diff --git a/drivers/crypto/caam/qi.c b/drivers/crypto/caam/qi.c
index f9a44f485aac..b9480828da38 100644
--- a/drivers/crypto/caam/qi.c
+++ b/drivers/crypto/caam/qi.c
@@ -579,8 +579,15 @@ static enum qman_cb_dqrr_result caam_rsp_fq_dqrr_cb(struct 
qman_portal *p,
 
fd = >fd;
status = be32_to_cpu(fd->status);
-   if (unlikely(status))
-   dev_err(qidev, "Error: %#x in CAAM response FD\n", status);
+   if (unlikely(status)) {
+   u32 ssrc = status & JRSTA_SSRC_MASK;
+   u8 err_id = status & JRSTA_CCBERR_ERRID_MASK;
+
+   if (ssrc != JRSTA_SSRC_CCB_ERROR ||
+   err_id != JRSTA_CCBERR_ERRID_ICVCHK)
+   dev_err(qidev, "Error: %#x in CAAM response FD\n",
+   status);
+   }
 
if (unlikely(qm_fd_get_format(fd) != qm_fd_compound)) {
dev_err(qidev, "Non-compound FD from CAAM\n");
-- 
2.12.0.264.gd6db3f216544