[PATCH] crypto: rsa - fix dst len

[Tadeusz Struk]

The output buffer length has to be at least as big as the key_size.
It is then updated to the actual output size by the implementation.

Cc: 
Signed-off-by: Tadeusz Struk 
---
 crypto/rsa-pkcs1pad.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 1cea67d..ead8dc0 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -387,16 +387,16 @@ static int pkcs1pad_decrypt(struct akcipher_request *req)
req_ctx->child_req.src = req->src;
req_ctx->child_req.src_len = req->src_len;
req_ctx->child_req.dst = req_ctx->out_sg;
-   req_ctx->child_req.dst_len = ctx->key_size - 1;
+   req_ctx->child_req.dst_len = ctx->key_size ;
 
-   req_ctx->out_buf = kmalloc(ctx->key_size - 1,
+   req_ctx->out_buf = kmalloc(ctx->key_size,
(req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
GFP_KERNEL : GFP_ATOMIC);
if (!req_ctx->out_buf)
return -ENOMEM;
 
pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
-   ctx->key_size - 1, NULL);
+   ctx->key_size, NULL);
 
akcipher_request_set_tfm(_ctx->child_req, ctx->child);
akcipher_request_set_callback(_ctx->child_req, req->base.flags,
@@ -595,16 +595,16 @@ static int pkcs1pad_verify(struct akcipher_request *req)
req_ctx->child_req.src = req->src;
req_ctx->child_req.src_len = req->src_len;
req_ctx->child_req.dst = req_ctx->out_sg;
-   req_ctx->child_req.dst_len = ctx->key_size - 1;
+   req_ctx->child_req.dst_len = ctx->key_size;
 
-   req_ctx->out_buf = kmalloc(ctx->key_size - 1,
+   req_ctx->out_buf = kmalloc(ctx->key_size,
(req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
GFP_KERNEL : GFP_ATOMIC);
if (!req_ctx->out_buf)
return -ENOMEM;
 
pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
-   ctx->key_size - 1, NULL);
+   ctx->key_size, NULL);
 
akcipher_request_set_tfm(_ctx->child_req, ctx->child);
akcipher_request_set_callback(_ctx->child_req, req->base.flags,
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2] crypto: qat - adf_dev_stop should not be called in atomic context

[Tadeusz Struk]

VFs call adf_dev_stop() from a PF to VF interrupt bottom half.
This causes an oops "scheduling while atomic", because it tries
to acquire a mutex to un-register crypto algorithms.
This patch fixes the issue by calling adf_dev_stop() asynchronously.

Changes in v2:
 - change kthread to a work queue.

Signed-off-by: Tadeusz Struk 
---
 drivers/crypto/qat/qat_common/adf_common_drv.h |2 +
 drivers/crypto/qat/qat_common/adf_ctl_drv.c|6 ++
 drivers/crypto/qat/qat_common/adf_vf_isr.c |   59 +++-
 3 files changed, 64 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/qat/qat_common/adf_common_drv.h 
b/drivers/crypto/qat/qat_common/adf_common_drv.h
index c9e4d46..fd096ed 100644
--- a/drivers/crypto/qat/qat_common/adf_common_drv.h
+++ b/drivers/crypto/qat/qat_common/adf_common_drv.h
@@ -144,6 +144,8 @@ void adf_disable_aer(struct adf_accel_dev *accel_dev);
 void adf_dev_restore(struct adf_accel_dev *accel_dev);
 int adf_init_aer(void);
 void adf_exit_aer(void);
+int adf_init_vf_wq(void);
+void adf_exit_vf_wq(void);
 int adf_init_admin_comms(struct adf_accel_dev *accel_dev);
 void adf_exit_admin_comms(struct adf_accel_dev *accel_dev);
 int adf_send_admin_init(struct adf_accel_dev *accel_dev);
diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c 
b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
index 48a1248..116ddda 100644
--- a/drivers/crypto/qat/qat_common/adf_ctl_drv.c
+++ b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
@@ -471,12 +471,17 @@ static int __init adf_register_ctl_device_driver(void)
if (adf_init_aer())
goto err_aer;
 
+   if (adf_init_vf_wq())
+   goto err_vf_wq;
+
if (qat_crypto_register())
goto err_crypto_register;
 
return 0;
 
 err_crypto_register:
+   adf_exit_vf_wq();
+err_vf_wq:
adf_exit_aer();
 err_aer:
adf_chr_drv_destroy();
@@ -489,6 +494,7 @@ static void __exit adf_unregister_ctl_device_driver(void)
 {
adf_chr_drv_destroy();
adf_exit_aer();
+   adf_exit_vf_wq();
qat_crypto_unregister();
adf_clean_vf_map(false);
mutex_destroy(_ctl_lock);
diff --git a/drivers/crypto/qat/qat_common/adf_vf_isr.c 
b/drivers/crypto/qat/qat_common/adf_vf_isr.c
index 09427b3..c3d5016 100644
--- a/drivers/crypto/qat/qat_common/adf_vf_isr.c
+++ b/drivers/crypto/qat/qat_common/adf_vf_isr.c
@@ -51,6 +51,7 @@
 #include 
 #include 
 #include 
+#include 
 #include "adf_accel_devices.h"
 #include "adf_common_drv.h"
 #include "adf_cfg.h"
@@ -64,6 +65,13 @@
 #define ADF_VINTSOU_BUNBIT(0)
 #define ADF_VINTSOU_PF2VF  BIT(1)
 
+static struct workqueue_struct *adf_vf_stop_wq;
+
+struct adf_vf_stop_data {
+   struct adf_accel_dev *accel_dev;
+   struct work_struct work;
+};
+
 static int adf_enable_msi(struct adf_accel_dev *accel_dev)
 {
struct adf_accel_pci *pci_dev_info = _dev->accel_pci_dev;
@@ -90,6 +98,20 @@ static void adf_disable_msi(struct adf_accel_dev *accel_dev)
pci_disable_msi(pdev);
 }
 
+static void adf_dev_stop_async(struct work_struct *work)
+{
+   struct adf_vf_stop_data *stop_data =
+   container_of(work, struct adf_vf_stop_data, work);
+   struct adf_accel_dev *accel_dev = stop_data->accel_dev;
+
+   adf_dev_stop(accel_dev);
+   adf_dev_shutdown(accel_dev);
+
+   /* Re-enable PF2VF interrupts */
+   adf_enable_pf2vf_interrupts(accel_dev);
+   kfree(stop_data);
+}
+
 static void adf_pf2vf_bh_handler(void *data)
 {
struct adf_accel_dev *accel_dev = data;
@@ -107,11 +129,27 @@ static void adf_pf2vf_bh_handler(void *data)
goto err;
 
switch ((msg & ADF_PF2VF_MSGTYPE_MASK) >> ADF_PF2VF_MSGTYPE_SHIFT) {
-   case ADF_PF2VF_MSGTYPE_RESTARTING:
+   case ADF_PF2VF_MSGTYPE_RESTARTING: {
+   struct adf_vf_stop_data *stop_data;
+
dev_dbg(_DEV(accel_dev),
"Restarting msg received from PF 0x%x\n", msg);
-   adf_dev_stop(accel_dev);
-   break;
+
+   stop_data = kzalloc(sizeof(*stop_data), GFP_ATOMIC);
+   if (!stop_data) {
+   dev_err(_DEV(accel_dev),
+   "Couldn't schedule stop for vf_%d\n",
+   accel_dev->accel_id);
+   return;
+   }
+   stop_data->accel_dev = accel_dev;
+   INIT_WORK(_data->work, adf_dev_stop_async);
+   queue_work(adf_vf_stop_wq, _data->work);
+   /* To ack, clear the PF2VFINT bit */
+   msg &= ~BIT(0);
+   ADF_CSR_WR(pmisc_bar_addr, hw_data->get_pf2vf_offset(0), msg);
+   return;
+   }
case ADF_PF2VF_MSGTYPE_VERSION_RESP:
dev_dbg(_DEV(accel_dev),
"Version resp received from PF 0x%x\n", msg);
@@ -278,3 +316,18 @@ err_out:
return -EFAULT;
 

Re: [PATCH 0/3] crypto: af_alg - add TLS type encryption

[Tadeusz Struk]

Hi Herbert,
On 04/05/2016 04:29 AM, Herbert Xu wrote:
> On Sat, Mar 05, 2016 at 05:20:44PM -0800, Tadeusz Struk wrote:
>> > Hi,
>> > The following series adds TLS type authentication. To do this a new
>> > template, encauth, is introduced. It is derived from the existing authenc
>> > template and modified to work in "first auth then encrypt" mode.
>> > The algif interface is also changed to work with the new authentication 
>> > type.
> What is the point of this patch-set? Who is going to be the user?

The intend is to enable HW acceleration of the TLS protocol.
The way it will work is that the user space will send a packet of data
via AF_ALG and HW will authenticate and encrypt it in one go.

> 
> Also you're including padding into the algorithm.  That goes against
> the way we implemented IPsec.  What is the justification for doing
> it in the crypto layer instead of the protocol layer?

This is because of how the TLS protocol work. In IPSEC the stack does the job
of aligning the packet to block size and the crypto layer doesn't need to worry
about padding. In TLS we need to make sure that after auth the buff is still
block size align, and that is why we need padding.
Do you think we should make the user to provide the data in a big enough buffer
to accommodate the digest and padding and the padding itself?
Thanks,
-- 
TS
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 0/3] crypto: caam - add support for RSA algorithm

[Tudor Ambarus]

Depends on [PATCH v3 0/3] crypto: rsa - generalize ASN.1 sequences

v2 patch set can be found here:
  http://www.mail-archive.com/linux-crypto%40vger.kernel.org/msg18273.html

Changes to v2 patch set:

- "crypto: caam - add support for RSA algorithm"
- update Kconfig so that it selects CRYPTO_RSA

Tudor Ambarus (3):
  crypto: scatterwak - Add scatterwalk_sg_copychunks
  crypto: scatterwalk - export scatterwalk_pagedone
  crypto: caam - add support for RSA algorithm

 crypto/scatterwalk.c   |  31 ++-
 drivers/crypto/caam/Kconfig|  12 +
 drivers/crypto/caam/Makefile   |   4 +
 drivers/crypto/caam/caampkc.c  | 509 +
 drivers/crypto/caam/caampkc.h  |  84 +++
 drivers/crypto/caam/desc.h |   2 +
 drivers/crypto/caam/pdb.h  |  16 +-
 drivers/crypto/caam/pkc_desc.c | 138 +++
 include/crypto/scatterwalk.h   |   4 +
 9 files changed, 797 insertions(+), 3 deletions(-)
 create mode 100644 drivers/crypto/caam/caampkc.c
 create mode 100644 drivers/crypto/caam/caampkc.h
 create mode 100644 drivers/crypto/caam/pkc_desc.c

-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 2/3] crypto: scatterwalk - export scatterwalk_pagedone

[Tudor Ambarus]

Used in caam driver. Export the symbol since the caam driver
can be built as a module.

Signed-off-by: Tudor Ambarus 
---
 crypto/scatterwalk.c | 5 +++--
 include/crypto/scatterwalk.h | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
index bc3222d..03d34f9 100644
--- a/crypto/scatterwalk.c
+++ b/crypto/scatterwalk.c
@@ -47,8 +47,8 @@ void *scatterwalk_map(struct scatter_walk *walk)
 }
 EXPORT_SYMBOL_GPL(scatterwalk_map);
 
-static void scatterwalk_pagedone(struct scatter_walk *walk, int out,
-unsigned int more)
+void scatterwalk_pagedone(struct scatter_walk *walk, int out,
+ unsigned int more)
 {
if (out) {
struct page *page;
@@ -69,6 +69,7 @@ static void scatterwalk_pagedone(struct scatter_walk *walk, 
int out,
scatterwalk_start(walk, sg_next(walk->sg));
}
 }
+EXPORT_SYMBOL_GPL(scatterwalk_pagedone);
 
 void scatterwalk_done(struct scatter_walk *walk, int out, int more)
 {
diff --git a/include/crypto/scatterwalk.h b/include/crypto/scatterwalk.h
index 8b799c5..6535a20 100644
--- a/include/crypto/scatterwalk.h
+++ b/include/crypto/scatterwalk.h
@@ -89,6 +89,8 @@ void scatterwalk_copychunks(void *buf, struct scatter_walk 
*walk,
 void scatterwalk_sg_copychunks(struct scatter_walk *dest,
   struct scatter_walk *src, size_t nbytes);
 void *scatterwalk_map(struct scatter_walk *walk);
+void scatterwalk_pagedone(struct scatter_walk *walk, int out,
+ unsigned int more);
 void scatterwalk_done(struct scatter_walk *walk, int out, int more);
 
 void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg,
-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 3/3] crypto: rsa_helper - export symbols for asn1 structures

[Tudor Ambarus]

Export rsapubkey_decoder and rsaprivkey_decoder structures,
since they can (will) be used by caam and qat drivers.

Signed-off-by: Tudor Ambarus 
---
 crypto/rsa_helper.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index df1f480..d81a0ec 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -21,6 +21,9 @@
 #include "rsapubkey-asn1.h"
 #include "rsaprivkey-asn1.h"
 
+EXPORT_SYMBOL_GPL(rsapubkey_decoder);
+EXPORT_SYMBOL_GPL(rsaprivkey_decoder);
+
 int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
  const void *value, size_t vlen)
 {
-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 1/3] crypto: scatterwak - Add scatterwalk_sg_copychunks

[Tudor Ambarus]

This patch adds the function scatterwalk_sg_copychunks which writes
a chunk of data from a scatterwalk to another scatterwalk.
It will be used by caam driver to remove the leading zeros of RSA's
algorithm output.

Signed-off-by: Tudor Ambarus 
---
 crypto/scatterwalk.c | 26 ++
 include/crypto/scatterwalk.h |  2 ++
 2 files changed, 28 insertions(+)

diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
index ea5815c..bc3222d 100644
--- a/crypto/scatterwalk.c
+++ b/crypto/scatterwalk.c
@@ -125,6 +125,32 @@ void scatterwalk_map_and_copy(void *buf, struct 
scatterlist *sg,
 }
 EXPORT_SYMBOL_GPL(scatterwalk_map_and_copy);
 
+void scatterwalk_sg_copychunks(struct scatter_walk *dest,
+  struct scatter_walk *src, size_t nbytes)
+{
+   for (;;) {
+   unsigned int len_this_page = scatterwalk_pagelen(dest);
+   u8 *vaddr;
+
+   if (len_this_page > nbytes)
+   len_this_page = nbytes;
+
+   vaddr = scatterwalk_map(dest);
+   scatterwalk_copychunks(vaddr, src, len_this_page, 0);
+   scatterwalk_unmap(vaddr);
+
+   scatterwalk_advance(dest, len_this_page);
+
+   if (nbytes == len_this_page)
+   break;
+
+   nbytes -= len_this_page;
+
+   scatterwalk_pagedone(dest, 0, 1);
+   }
+}
+EXPORT_SYMBOL_GPL(scatterwalk_sg_copychunks);
+
 int scatterwalk_bytes_sglen(struct scatterlist *sg, int num_bytes)
 {
int offset = 0, n = 0;
diff --git a/include/crypto/scatterwalk.h b/include/crypto/scatterwalk.h
index 35f99b6..8b799c5 100644
--- a/include/crypto/scatterwalk.h
+++ b/include/crypto/scatterwalk.h
@@ -86,6 +86,8 @@ static inline void scatterwalk_unmap(void *vaddr)
 void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg);
 void scatterwalk_copychunks(void *buf, struct scatter_walk *walk,
size_t nbytes, int out);
+void scatterwalk_sg_copychunks(struct scatter_walk *dest,
+  struct scatter_walk *src, size_t nbytes);
 void *scatterwalk_map(struct scatter_walk *walk);
 void scatterwalk_done(struct scatter_walk *walk, int out, int more);
 
-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 1/3] crypto: rsa - generalize ASN.1 sequences

[Tudor Ambarus]

Use common ASN.1 sequences for all RSA implementations.

Give hardware RSA implementations the chance to use
the RSA's software implementation parser even if they
are likely to want to use raw integers.

The parser expects a context that contains at the first address
a pointer to a struct rsa_asn1_action instance that has function
pointers to specific parser actions (return MPI or raw integer keys),
followed by a key representation structure (for MPI or raw integers).

This approach has the advantage that users can select specific
parser actions by using a general parser with function pointers
to specific actions.

Signed-off-by: Tudor Ambarus 
---
 crypto/rsa.c  |  60 ++-
 crypto/rsa_helper.c   | 166 --
 include/crypto/internal/rsa.h |  31 ++--
 3 files changed, 194 insertions(+), 63 deletions(-)

diff --git a/crypto/rsa.c b/crypto/rsa.c
index 77d737f..7cb0153 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -19,7 +19,7 @@
  * RSAEP function [RFC3447 sec 5.1.1]
  * c = m^e mod n;
  */
-static int _rsa_enc(const struct rsa_key *key, MPI c, MPI m)
+static int _rsa_enc(const struct rsa_mpi_key *key, MPI c, MPI m)
 {
/* (1) Validate 0 <= m < n */
if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
@@ -33,7 +33,7 @@ static int _rsa_enc(const struct rsa_key *key, MPI c, MPI m)
  * RSADP function [RFC3447 sec 5.1.2]
  * m = c^d mod n;
  */
-static int _rsa_dec(const struct rsa_key *key, MPI m, MPI c)
+static int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c)
 {
/* (1) Validate 0 <= c < n */
if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0)
@@ -47,7 +47,7 @@ static int _rsa_dec(const struct rsa_key *key, MPI m, MPI c)
  * RSASP1 function [RFC3447 sec 5.2.1]
  * s = m^d mod n
  */
-static int _rsa_sign(const struct rsa_key *key, MPI s, MPI m)
+static int _rsa_sign(const struct rsa_mpi_key *key, MPI s, MPI m)
 {
/* (1) Validate 0 <= m < n */
if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
@@ -61,7 +61,7 @@ static int _rsa_sign(const struct rsa_key *key, MPI s, MPI m)
  * RSAVP1 function [RFC3447 sec 5.2.2]
  * m = s^e mod n;
  */
-static int _rsa_verify(const struct rsa_key *key, MPI m, MPI s)
+static int _rsa_verify(const struct rsa_mpi_key *key, MPI m, MPI s)
 {
/* (1) Validate 0 <= s < n */
if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0)
@@ -71,15 +71,17 @@ static int _rsa_verify(const struct rsa_key *key, MPI m, 
MPI s)
return mpi_powm(m, s, key->e, key->n);
 }
 
-static inline struct rsa_key *rsa_get_key(struct crypto_akcipher *tfm)
+static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm)
 {
-   return akcipher_tfm_ctx(tfm);
+   struct rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+
+   return >key;
 }
 
 static int rsa_enc(struct akcipher_request *req)
 {
struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
-   const struct rsa_key *pkey = rsa_get_key(tfm);
+   const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
MPI m, c = mpi_alloc(0);
int ret = 0;
int sign;
@@ -118,7 +120,7 @@ err_free_c:
 static int rsa_dec(struct akcipher_request *req)
 {
struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
-   const struct rsa_key *pkey = rsa_get_key(tfm);
+   const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
MPI c, m = mpi_alloc(0);
int ret = 0;
int sign;
@@ -156,7 +158,7 @@ err_free_m:
 static int rsa_sign(struct akcipher_request *req)
 {
struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
-   const struct rsa_key *pkey = rsa_get_key(tfm);
+   const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
MPI m, s = mpi_alloc(0);
int ret = 0;
int sign;
@@ -195,7 +197,7 @@ err_free_s:
 static int rsa_verify(struct akcipher_request *req)
 {
struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
-   const struct rsa_key *pkey = rsa_get_key(tfm);
+   const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
MPI s, m = mpi_alloc(0);
int ret = 0;
int sign;
@@ -251,15 +253,16 @@ static int rsa_check_key_length(unsigned int len)
 static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
   unsigned int keylen)
 {
-   struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
+   struct rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+   struct rsa_mpi_key *pkey = >key;
int ret;
 
-   ret = rsa_parse_pub_key(pkey, key, keylen);
+   ret = rsa_parse_mpi_pub_key(ctx, key, keylen);
if (ret)
return ret;
 
if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
-   rsa_free_key(pkey);
+   rsa_free_mpi_key(pkey);
ret = -EINVAL;
}
return ret;
@@ -268,15 +271,16 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, 
const 

[PATCH v3 0/3] crypto: rsa - generalize ASN.1 sequences

[Tudor Ambarus]

v2 patch set can be found here:
  http://www.mail-archive.com/linux-crypto%40vger.kernel.org/msg18269.html

Changes to v2 patch set:

- "crypto: add CONFIG_ symbol for rsa helper"
- removed. The drivers will select the CRYPTO_RSA symbol instead.

Tudor Ambarus (3):
  crypto: rsa - generalize ASN.1 sequences
  crypto: rsa_helper - add raw integer parser actions
  crypto: rsa_helper - export symbols for asn1 structures

 crypto/rsa.c  |  75 -
 crypto/rsa_helper.c   | 351 +-
 include/crypto/internal/rsa.h |  59 ++-
 3 files changed, 407 insertions(+), 78 deletions(-)

-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v3 2/3] crypto: rsa_helper - add raw integer parser actions

[Tudor Ambarus]

Dedicated to RSA (hardware) implementations that want to use
raw integers instead of MPI keys.

Signed-off-by: Tudor Ambarus 
---
 crypto/rsa.c  |  15 
 crypto/rsa_helper.c   | 182 ++
 include/crypto/internal/rsa.h |  28 +++
 3 files changed, 210 insertions(+), 15 deletions(-)

diff --git a/crypto/rsa.c b/crypto/rsa.c
index 7cb0153..37ac189 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -235,21 +235,6 @@ err_free_m:
return ret;
 }
 
-static int rsa_check_key_length(unsigned int len)
-{
-   switch (len) {
-   case 512:
-   case 1024:
-   case 1536:
-   case 2048:
-   case 3072:
-   case 4096:
-   return 0;
-   }
-
-   return -EINVAL;
-}
-
 static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
   unsigned int keylen)
 {
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index 0149ed3..df1f480 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -14,6 +14,9 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
 #include 
 #include "rsapubkey-asn1.h"
 #include "rsaprivkey-asn1.h"
@@ -239,3 +242,182 @@ error:
return ret;
 }
 EXPORT_SYMBOL_GPL(rsa_parse_mpi_priv_key);
+
+int rsa_check_key_length(unsigned int len)
+{
+   switch (len) {
+   case 512:
+   case 1024:
+   case 1536:
+   case 2048:
+   case 3072:
+   case 4096:
+   return 0;
+   }
+
+   return -EINVAL;
+}
+EXPORT_SYMBOL_GPL(rsa_check_key_length);
+
+void raw_rsa_free_key(struct rsa_raw_key *key)
+{
+   kzfree(key->d);
+   key->d = NULL;
+
+   kfree(key->e);
+   key->e = NULL;
+
+   kfree(key->n);
+   key->n = NULL;
+
+   key->n_sz = 0;
+   key->e_sz = 0;
+}
+EXPORT_SYMBOL_GPL(raw_rsa_free_key);
+
+void raw_rsa_free_coherent_key(struct device *dev, struct rsa_raw_key *key)
+{
+   if (key->d) {
+   memset(key->d, '\0', key->n_sz);
+   dma_free_coherent(dev, key->n_sz, key->d, key->dma_d);
+   key->d = NULL;
+   }
+
+   if (key->e) {
+   dma_free_coherent(dev, key->n_sz, key->e, key->dma_e);
+   key->e = NULL;
+   }
+
+   if (key->n) {
+   dma_free_coherent(dev, key->n_sz, key->n, key->dma_n);
+   key->n = NULL;
+   }
+
+   key->n_sz = 0;
+   key->e_sz = 0;
+}
+EXPORT_SYMBOL_GPL(raw_rsa_free_coherent_key);
+
+int raw_rsa_get_n(void *context, const void *value, size_t vlen)
+{
+   struct rsa_raw_ctx *ctx = context;
+   struct rsa_raw_key *key = >key;
+   const char *ptr = value;
+   int ret = -EINVAL;
+
+   while (!*ptr && vlen) {
+   ptr++;
+   vlen--;
+   }
+
+   key->n_sz = vlen;
+   /* In FIPS mode only allow key size 2K & 3K */
+   if (fips_enabled && (key->n_sz != 256 && key->n_sz != 384)) {
+   dev_err(ctx->dev, "RSA: key size not allowed in FIPS mode\n");
+   goto err;
+   }
+   /* invalid key size provided */
+   ret = rsa_check_key_length(key->n_sz << 3);
+   if (ret)
+   goto err;
+
+   if (key->is_coherent)
+   key->n = kzalloc(key->n_sz, key->flags);
+   else
+   key->n = dma_zalloc_coherent(ctx->dev, key->n_sz, >dma_n,
+key->flags);
+
+   if (!key->n) {
+   ret = -ENOMEM;
+   goto err;
+   }
+
+   memcpy(key->n, ptr, key->n_sz);
+
+   return 0;
+err:
+   key->n_sz = 0;
+   key->n = NULL;
+   return ret;
+}
+EXPORT_SYMBOL_GPL(raw_rsa_get_n);
+
+int raw_rsa_get_e(void *context, const void *value, size_t vlen)
+{
+   struct rsa_raw_ctx *ctx = context;
+   struct rsa_raw_key *key = >key;
+   const char *ptr = value;
+   size_t offset = 0;
+
+   while (!*ptr && vlen) {
+   ptr++;
+   vlen--;
+   }
+
+   key->e_sz = vlen;
+
+   if (!key->n_sz || !vlen || vlen > key->n_sz) {
+   key->e = NULL;
+   return -EINVAL;
+   }
+
+   if (key->is_coherent) {
+   key->e = kzalloc(key->e_sz, key->flags);
+   } else {
+   key->e = dma_zalloc_coherent(ctx->dev, key->n_sz, >dma_e,
+key->flags);
+   offset = key->n_sz - vlen;
+   }
+
+   if (!key->e)
+   return -ENOMEM;
+
+   memcpy(key->e + offset, ptr, vlen);
+
+   return 0;
+}
+EXPORT_SYMBOL_GPL(raw_rsa_get_e);
+
+int raw_rsa_get_d(void *context, const void *value, size_t vlen)
+{
+   struct rsa_raw_ctx *ctx = context;
+   struct rsa_raw_key *key = >key;
+   const char *ptr = value;
+   size_t offset = 0;
+   int ret = -EINVAL;
+
+   while (!*ptr && vlen) {
+   ptr++;
+   vlen--;
+   }
+
+   if 

Re: [PATCH] PKCS#7: fix missing break on OID_sha224 case

[David Howells]

Colin King  wrote:

> From: Colin Ian King 
> 
> The OID_sha224 case is missing a break and it falls through
> to the -ENOPKG error default.  Since HASH_ALGO_SHA224 seems
> to be supported, this looks like an unintentional missing break.
> 
> Fixes: 07f081fb5057 ("PKCS#7: Add OIDs for sha224, sha284 and sha512 hash 
> algos and use them")
> Cc:  # 4.2+
> Signed-off-by: Colin Ian King 

Acked-by: David Howells 
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2 22/30] crypto: use parity functions in qat_hal

[zengzhaoxiu]

From: Zhaoxiu Zeng 

Signed-off-by: Zhaoxiu Zeng 
---
 drivers/crypto/qat/qat_common/qat_hal.c | 32 ++--
 1 file changed, 10 insertions(+), 22 deletions(-)

diff --git a/drivers/crypto/qat/qat_common/qat_hal.c 
b/drivers/crypto/qat/qat_common/qat_hal.c
index 1e480f1..318558f 100644
--- a/drivers/crypto/qat/qat_common/qat_hal.c
+++ b/drivers/crypto/qat/qat_common/qat_hal.c
@@ -546,17 +546,6 @@ static void qat_hal_disable_ctx(struct 
icp_qat_fw_loader_handle *handle,
qat_hal_wr_ae_csr(handle, ae, CTX_ENABLES, ctx);
 }
 
-static uint64_t qat_hal_parity_64bit(uint64_t word)
-{
-   word ^= word >> 1;
-   word ^= word >> 2;
-   word ^= word >> 4;
-   word ^= word >> 8;
-   word ^= word >> 16;
-   word ^= word >> 32;
-   return word & 1;
-}
-
 static uint64_t qat_hal_set_uword_ecc(uint64_t uword)
 {
uint64_t bit0_mask = 0xff87fffULL, bit1_mask = 0x1f801ff801fULL,
@@ -566,13 +555,13 @@ static uint64_t qat_hal_set_uword_ecc(uint64_t uword)
 
/* clear the ecc bits */
uword &= ~(0x7fULL << 0x2C);
-   uword |= qat_hal_parity_64bit(bit0_mask & uword) << 0x2C;
-   uword |= qat_hal_parity_64bit(bit1_mask & uword) << 0x2D;
-   uword |= qat_hal_parity_64bit(bit2_mask & uword) << 0x2E;
-   uword |= qat_hal_parity_64bit(bit3_mask & uword) << 0x2F;
-   uword |= qat_hal_parity_64bit(bit4_mask & uword) << 0x30;
-   uword |= qat_hal_parity_64bit(bit5_mask & uword) << 0x31;
-   uword |= qat_hal_parity_64bit(bit6_mask & uword) << 0x32;
+   uword |= (uint64_t)parity64(bit0_mask & uword) << 0x2C;
+   uword |= (uint64_t)parity64(bit1_mask & uword) << 0x2D;
+   uword |= (uint64_t)parity64(bit2_mask & uword) << 0x2E;
+   uword |= (uint64_t)parity64(bit3_mask & uword) << 0x2F;
+   uword |= (uint64_t)parity64(bit4_mask & uword) << 0x30;
+   uword |= (uint64_t)parity64(bit5_mask & uword) << 0x31;
+   uword |= (uint64_t)parity64(bit6_mask & uword) << 0x32;
return uword;
 }
 
@@ -853,15 +842,14 @@ void qat_hal_wr_umem(struct icp_qat_fw_loader_handle 
*handle,
uaddr |= UA_ECS;
qat_hal_wr_ae_csr(handle, ae, USTORE_ADDRESS, uaddr);
for (i = 0; i < words_num; i++) {
-   unsigned int uwrd_lo, uwrd_hi, tmp;
+   unsigned int uwrd_lo, uwrd_hi;
 
uwrd_lo = ((data[i] & 0xfff) << 4) | (0x3 << 18) |
  ((data[i] & 0xff00) << 2) |
  (0x3 << 8) | (data[i] & 0xff);
uwrd_hi = (0xf << 4) | ((data[i] & 0xf000) >> 28);
-   uwrd_hi |= (hweight32(data[i] & 0x) & 0x1) << 8;
-   tmp = ((data[i] >> 0x10) & 0x);
-   uwrd_hi |= (hweight32(tmp) & 0x1) << 9;
+   uwrd_hi |= parity16(data[i]) << 8;
+   uwrd_hi |= parity16(data[i] >> 16) << 9;
qat_hal_wr_ae_csr(handle, ae, USTORE_DATA_LOWER, uwrd_lo);
qat_hal_wr_ae_csr(handle, ae, USTORE_DATA_UPPER, uwrd_hi);
}
-- 
2.5.0


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html