Re: [PATCH] crypto: ecc : Wipe memory for p on errors.

[Stephan Müller]

Am Samstag, 22. April 2017, 13:31:34 CEST schrieb Loganaden Velvindron:

Hi Loganaden,

> - kfree(p);
> + kzfree(p);

Why do you think this is necessary? p is not filled in this function as this 
function only allocates the memory.

Ciao
Stephan

Re: [PATCH] crypto: tcrypt: Zero iv before freeing it

[Stephan Müller]

Am Sonntag, 23. April 2017, 18:12:04 CEST schrieb Codarren Velvindron:

Hi Codarren,

> Signed-off-by: Codarren Velvindron 
> ---
>  crypto/tcrypt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
> index 9a11f3c..48a721c 100644
> --- a/crypto/tcrypt.c
> +++ b/crypto/tcrypt.c
> @@ -384,7 +384,7 @@ static void test_aead_speed(const char *algo, int enc,
> unsigned int secs, out_noaxbuf:
>   testmgr_free_buf(xbuf);
>  out_noxbuf:
> - kfree(iv);
> + kzfree(iv);

Why would you think this is needed?

   if (iv_len)
  memset(iv, 0xff, iv_len);


Ciao
Stephan

Re: [PATCH] crypto: testmgr: clean up memory for sensitive information

[Stephan Müller]

Am Sonntag, 23. April 2017, 01:40:56 CEST schrieb Pirabarlen-Cheenaramen:

Hi Pirabarlen,

> Signed-off-by: Pirabarlen-Cheenaramen 
> ---
>  crypto/testmgr.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> index cd075c7..0af2e16 100644
> --- a/crypto/testmgr.c
> +++ b/crypto/testmgr.c
> @@ -953,8 +953,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
> out_noaxbuf:
>   testmgr_free_buf(xbuf);
>  out_noxbuf:
> - kfree(key);
> - kfree(iv);
> + kzfree(key);
> + kzfree(iv);
>   return ret;

Hm, I do not think that key or IV are sensitive in this case.

memcpy(key, template[i].key, template[i].klen);

if (template[i].iv)
memcpy(iv, template[i].iv, iv_len);
else
memset(iv, 0, MAX_IVLEN);


Ciao
Stephan

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

[Stephan Müller]

Am Samstag, 22. April 2017, 09:54:08 CEST schrieb Sandy Harris:

Hi Sandy,

> In the FreeS/WAN project, back around the turn of the century,
> we refused to implement several things required by the RFCs
> because we thought they were insecure: null cipher, single
> DES & 768-bit DH Group 1.
> 
> At that time, not having DES did cause some problems in
> interoperating with other IPsec implementations, but I
> doubt it would today. Neither of the other dropped items
> caused any problems at all.
> 
> Today I'd say drop all of those plus the 1024-bit Group 2,
> and then look at whether others should go as well. As of
> 2001 or so, the 1536-bit Group 5 was very widely used,
> so dropping it might well be problematic, but I am not
> certain if it is either secure or widely used now.

This approach is fully appropriate and I strongly support that. However, the 
kernel crypto API has a need of a memcpy over SGLs, because the entire crypto 
API operates on SGLs. There are valid use cases. The one I am currently 
working on are AEAD ciphers where we want to copy the AAD from the src SGL to 
the dst SGL. Instead of walking through the SGLs in my code and invoke the 
memcpy, I simply use the null cipher.

What I would like to say is that there are valid use cases of the null cipher 
which do not impair security constraints. For those use cases, the null cipher 
should and must be allowed.

For all other use cases, including the "encryption operation" in IPSEC or dm-
crypt, it should never be used.

Ciao
Stephan

Re: [PATCH v2 6/9] staging: ccree: add FIPS support

[Stephan Müller]

Am Sonntag, 23. April 2017, 11:48:58 CEST schrieb Gilad Ben-Yossef:

Hi Gilad,

> I do wonder if there is value in alternate behavior of stopping crypto
> API on FIPS error rather than a panic though. I will try to get an
> explanation why we do it this way.

In FIPS, all crypto function must cease if a self test fails. This can be done 
by instrumenting the crypto API calls with a check to a global flag or by 
simply terminating the entire "FIPS module".

The panic() is the simplest approach to meet that requirement.

Ciao
Stephan

[PATCH] crypto: tcrypt: Zero iv before freeing it

[Codarren Velvindron]

Signed-off-by: Codarren Velvindron 
---
 crypto/tcrypt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 9a11f3c..48a721c 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -384,7 +384,7 @@ static void test_aead_speed(const char *algo, int enc, 
unsigned int secs,
 out_noaxbuf:
testmgr_free_buf(xbuf);
 out_noxbuf:
-   kfree(iv);
+   kzfree(iv);
return;
 }
 
-- 
2.7.4

[PATCH]crypto:asymmetric_keys:verify_pefile:zero memory content before freeing

[Yasir Auleear]

Signed-off-by: Yasir Auleear 
---
 crypto/asymmetric_keys/verify_pefile.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/asymmetric_keys/verify_pefile.c 
b/crypto/asymmetric_keys/verify_pefile.c
index 672a94c..d178650 100644
--- a/crypto/asymmetric_keys/verify_pefile.c
+++ b/crypto/asymmetric_keys/verify_pefile.c
@@ -381,7 +381,7 @@ static int pefile_digest_pe(const void *pebuf, unsigned int 
pelen,
}
 
 error:
-   kfree(desc);
+   kzfree(desc);
 error_no_desc:
crypto_free_shash(tfm);
kleave(" = %d", ret);
@@ -450,6 +450,6 @@ int verify_pefile_signature(const void *pebuf, unsigned 
pelen,
ret = pefile_digest_pe(pebuf, pelen, );
 
 error:
-   kfree(ctx.digest);
+   kzfree(ctx.digest);
return ret;
 }
-- 
2.9.3

Re: [PATCH v2 6/9] staging: ccree: add FIPS support

[Gilad Ben-Yossef]

Hi,

Thank you for the review.

On Thu, Apr 20, 2017 at 4:39 PM, Stephan Müller  wrote:

>> +/* The function verifies that tdes keys are not weak.*/
>> +static int ssi_fips_verify_3des_keys(const u8 *key, unsigned int keylen)
>> +{
>> +#ifdef CCREE_FIPS_SUPPORT
>> +tdes_keys_t *tdes_key = (tdes_keys_t*)key;
>> +
>> + /* verify key1 != key2 and key3 != key2*/
>
> I do not think that this check is necessary. There is no FIPS requirement or
> IG that mandates this (unlike the XTS key check).
>
> If there would be such requirement, we would need a common service function
> for all TDES implementations

I am not sure. I have forwarded a question internally and based on the
answer will either drop this or add a common function and post a patch
add the check to all 3DES implementation.

This has been added to the staging TODO list for the driver.

>
>> +if (unlikely( (memcmp((u8*)tdes_key->key1, (u8*)tdes_key->key2,
>> sizeof(tdes_key->key1)) == 0) || +  
>> (memcmp((u8*)tdes_key->key3,
>> (u8*)tdes_key->key2, sizeof(tdes_key->key3)) == 0) )) { +
>> return -ENOEXEC;
>> +}
>> +#endif /* CCREE_FIPS_SUPPORT */
>> +
>> +return 0;
>> +}
>> +
>> +/* The function verifies that xts keys are not weak.*/
>> +static int ssi_fips_verify_xts_keys(const u8 *key, unsigned int keylen)
>> +{
>> +#ifdef CCREE_FIPS_SUPPORT
>> +/* Weak key is define as key that its first half (128/256 lsb)
>> equals its second half (128/256 msb) */ +int singleKeySize = keylen
>> >> 1;
>> +
>> + if (unlikely(memcmp(key, [singleKeySize], singleKeySize) == 0)) {
>> + return -ENOEXEC;
>
> Use xts_check_key.

Will fix. Added to TODO staging list for the driver.

>
>> +The test vectors were taken from:
>> +
>> +* AES
>> +NIST Special Publication 800-38A 2001 Edition
>> +Recommendation for Block Cipher Modes of Operation
>> +http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
>> +Appendix F: Example Vectors for Modes of Operation of the AES
>> +
>> +* AES CTS
>> +Advanced Encryption Standard (AES) Encryption for Kerberos 5
>> +February 2005
>> +https://tools.ietf.org/html/rfc3962#appendix-B
>> +B.  Sample Test Vectors
>> +
>> +* AES XTS
>> +http://csrc.nist.gov/groups/STM/cavp/#08
>> +http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
>> +
>> +* AES CMAC
>> +http://csrc.nist.gov/groups/STM/cavp/index.html#07
>> +http://csrc.nist.gov/groups/STM/cavp/documents/mac/cmactestvectors.zip
>> +
>> +* AES-CCM
>> +http://csrc.nist.gov/groups/STM/cavp/#07
>> +http://csrc.nist.gov/groups/STM/cavp/documents/mac/ccmtestvectors.zip
>> +
>> +* AES-GCM
>> +http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip
>> +
>> +* Triple-DES
>> +NIST Special Publication 800-67 January 2012
>> +Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
>> +http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67-Rev1.pdf
>> +APPENDIX B: EXAMPLE OF TDEA FORWARD AND INVERSE CIPHER OPERATIONS +and
>> +http://csrc.nist.gov/groups/STM/cavp/#01
>> +http://csrc.nist.gov/groups/STM/cavp/documents/des/tdesmct_intermediate.zip
>> +
>> +* HASH
>> +http://csrc.nist.gov/groups/STM/cavp/#03
>> +http://csrc.nist.gov/groups/STM/cavp/documents/shs/shabytetestvectors.zip
>> +
>> +* HMAC
>> +http://csrc.nist.gov/groups/STM/cavp/#07
>> +http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmactestvectors.zip
>> +
>> +*/
>
> Is this test vector business really needed? Why do you think that testmgr.c is
> not sufficient? Other successful FIPS validations of the kernel crypto API
> managed without such special code.

That is a very good question. I am guessing this has something to do
to with this driver spending its life out of tree and being maintained
against old kernel versions that may have had some gaps in FIPS
testing and since fixed.

I will review what, if at all, is missing from testmgr and fold those
missing parts (if found) there and drop this from the driver.

>
> Also, your entire API seems to implement the approach that if there is a self
> test error, you disable the cipher functions, but leave the rest in-tact. The
> standard kernel crypto API handling logic is to simply panic the kernel. Is it
> really necessary to implement a special case for your driver?
>
>

No it isn't. What ever the behavior we need it should be added,
pending review of course, to the generic FIPS logic handling.

I do wonder if there is value in alternate behavior of stopping crypto
API on FIPS error rather than a panic though. I will try to get an
explanation why we do it this way.

Handling all these has been added to the driver staging TODO list and
will be handled before it matures into drivers/crypto/

Many thanks for the review!

Gilad


-- 
Gilad Ben-Yossef
Chief Coffee Drinker

"If you take a class in large-scale robotics, can you end up in a
situation where the homework eats your dog?"
 -- Jean-Baptiste Queru

Re: [PATCH v2 1/9] staging: ccree: introduce CryptoCell HW driver

[Gilad Ben-Yossef]

Hi,

[ Re sending with all recipients this time ... ]

On Thu, Apr 20, 2017 at 5:01 PM, Greg Kroah-Hartman
 wrote:

>> > Oh, I have to ask, do you really mean "any later version" here and
>> > elsewhere?
>> >
>> > If so, then your MODULE_LICENSE() marking is wrong, please fix that up,
>> > or fix up the license text, I can't take incompatible ones without
>> > getting angry emails from legal people sent to me...
>> >
>>
>> Thanks for noticing this.
>>
>> The copyright + license notice is a boilerplate I got from the powers
>> that be here.
>>
>> I'll consult internally what is the proper action. I don't want to
>> make legal mad either... :-)
>
> Ok, I'll drop this patch series then, and wait for an updated one with
> this fixed up.

This issue, along with some others pointed by reviewers, are fixed in
v3 of the patch set.

I will be happy if you choose to take it into the staging tree and
will continue to work to cut down the TODO list.

Thanks,
Gilad

-- 
Gilad Ben-Yossef
Chief Coffee Drinker

"If you take a class in large-scale robotics, can you end up in a
situation where the homework eats your dog?"
 -- Jean-Baptiste Queru

[PATCH v3 09/15] MAINTAINERS: add Gilad BY as ccree maintainer

[Gilad Ben-Yossef]

I work for Arm on maintaining the TrustZone CryptoCell driver.

Signed-off-by: Gilad Ben-Yossef 
---
 MAINTAINERS | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 676c139..f21caa1 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3066,6 +3066,13 @@ F:   drivers/net/ieee802154/cc2520.c
 F: include/linux/spi/cc2520.h
 F: Documentation/devicetree/bindings/net/ieee802154/cc2520.txt
 
+CCREE ARM TRUSTZONE CRYPTOCELL 700 REE DRIVER
+M: Gilad Ben-Yossef 
+L: linux-crypto@vger.kernel.org
+S: Supported
+F: drivers/staging/ccree/
+W: 
https://developer.arm.com/products/system-ip/trustzone-cryptocell/cryptocell-700-family
+
 CEC DRIVER
 M: Hans Verkuil 
 L: linux-me...@vger.kernel.org
-- 
2.1.4

[PATCH v3 12/15] staging: ccree: fix semicolon.cocci warnings

[Gilad Ben-Yossef]

From: kbuild test robot 

drivers/staging/ccree/ssi_request_mgr.c:623:3-4: Unneeded semicolon

 Remove unneeded semicolon.

Generated by: scripts/coccinelle/misc/semicolon.cocci

Signed-off-by: Gilad Ben-Yossef 
Signed-off-by: Fengguang Wu 
---
 drivers/staging/ccree/ssi_request_mgr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/ccree/ssi_request_mgr.c 
b/drivers/staging/ccree/ssi_request_mgr.c
index 42ab2b1..522bd62 100644
--- a/drivers/staging/ccree/ssi_request_mgr.c
+++ b/drivers/staging/ccree/ssi_request_mgr.c
@@ -653,7 +653,7 @@ static void comp_handler(unsigned long devarg)
/* Avoid race with above clear: Test completion counter 
once more */
request_mgr_handle->axi_completed += 
CC_REG_FLD_GET(CRY_KERNEL, AXIM_MON_COMP, VALUE, 
CC_HAL_READ_REGISTER(AXIM_MON_BASE_OFFSET));
-   };
+   }

}
/* after verifing that there is nothing to do, Unmask AXI completion 
interrupt */
-- 
2.1.4

[PATCH v3 10/15] staging: ccree: remove useless NULL test of field

[Gilad Ben-Yossef]

Remove kbuild test robot reported NULL check for a struct field address.

Signed-off-by: Gilad Ben-Yossef 
Reported-by: kbuild test robot 
---
 drivers/staging/ccree/ssi_buffer_mgr.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 0140199..af50904 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -755,9 +755,7 @@ void ssi_buffer_mgr_unmap_aead_request(
AES_BLOCK_SIZE, DMA_TO_DEVICE);
}
 
-   if (_ctx->ccm_adata_sg != NULL)
-   dma_unmap_sg(dev, _ctx->ccm_adata_sg,
-   1, DMA_TO_DEVICE);
+   dma_unmap_sg(dev, _ctx->ccm_adata_sg, 1, DMA_TO_DEVICE);
}
if (areq_ctx->gen_ctx.iv_dma_addr != 0) {
SSI_RESTORE_DMA_ADDR_TO_48BIT(areq_ctx->gen_ctx.iv_dma_addr);
-- 
2.1.4

[PATCH v3 11/15] staging: ccree: fix platform_no_drv_owner.cocci warnings

[Gilad Ben-Yossef]

From: kbuild test robot 

drivers/staging/ccree/ssi_driver.c:484:6-11: No need to set .owner here. The 
core will do it.

 Remove .owner field if calls are used which set it automatically

Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci

Signed-off-by: Gilad Ben-Yossef 
Signed-off-by: Fengguang Wu 
---
 drivers/staging/ccree/ssi_driver.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index 03a044a..bc19adc 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -539,7 +539,6 @@ MODULE_DEVICE_TABLE(of, arm_cc7x_dev_of_match);
 static struct platform_driver cc7x_driver = {
.driver = {
   .name = "cc7xree",
-  .owner = THIS_MODULE,
 #ifdef CONFIG_OF
   .of_match_table = arm_cc7x_dev_of_match,
 #endif
-- 
2.1.4

[PATCH v3 13/15] staging: ccree: fix array_size.cocci warnings

[Gilad Ben-Yossef]

From: kbuild test robot 

drivers/staging/ccree/ssi_sysfs.c:319:34-35: WARNING: Use ARRAY_SIZE
drivers/staging/ccree/ssi_sysfs.c:429:34-35: WARNING: Use ARRAY_SIZE

 Use ARRAY_SIZE instead of dividing sizeof array with sizeof an element

Semantic patch information:
 This makes an effort to find cases where ARRAY_SIZE can be used such as
 where there is a division of sizeof the array by the sizeof its first
 element or by any indexed element or the element type. It replaces the
 division of the two sizeofs by ARRAY_SIZE.

Generated by: scripts/coccinelle/misc/array_size.cocci

Signed-off-by: Gilad Ben-Yossef 
Signed-off-by: Fengguang Wu 
---
 drivers/staging/ccree/ssi_sysfs.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/ccree/ssi_sysfs.c 
b/drivers/staging/ccree/ssi_sysfs.c
index 6db7573..7c514c1 100644
--- a/drivers/staging/ccree/ssi_sysfs.c
+++ b/drivers/staging/ccree/ssi_sysfs.c
@@ -316,7 +316,7 @@ static ssize_t ssi_sys_help_show(struct kobject *kobj,
int i=0, offset = 0;
 
offset += scnprintf(buf + offset, PAGE_SIZE - offset, "Usage:\n");
-   for ( i = 0; i < (sizeof(help_str)/sizeof(help_str[0])); i+=2) {
+   for ( i = 0; i < ARRAY_SIZE(help_str); i+=2) {
   offset += scnprintf(buf + offset, PAGE_SIZE - offset, "%s\t\t%s\n", 
help_str[i], help_str[i+1]);
}
return offset;
@@ -426,8 +426,7 @@ int ssi_sysfs_init(struct kobject *sys_dev_obj, struct 
ssi_drvdata *drvdata)
/* Initialize top directory */
retval = sys_init_dir(_top_dir, drvdata, sys_dev_obj,
"cc_info", ssi_sys_top_level_attrs,
-   sizeof(ssi_sys_top_level_attrs) /
-   sizeof(struct kobj_attribute));
+   ARRAY_SIZE(ssi_sys_top_level_attrs));
return retval;
 }
 
-- 
2.1.4

[PATCH v3 14/15] staging: ccree: fix ifnullfree.cocci warnings

[Gilad Ben-Yossef]

From: kbuild test robot 

drivers/staging/ccree/ssi_buffer_mgr.c:530:3-19: WARNING: NULL check before 
freeing functions like kfree, debugfs_remove, debugfs_remove_recursive or 
usb_free_urb is not needed. Maybe consider reorganizing relevant code to avoid 
passing NULL values.

 NULL check before some freeing functions is not needed.

 Based on checkpatch warning
 "kfree(NULL) is safe this check is probably not required"
 and kfreeaddr.cocci by Julia Lawall.

Generated by: scripts/coccinelle/free/ifnullfree.cocci

Signed-off-by: Gilad Ben-Yossef 
Signed-off-by: Fengguang Wu 
---
 drivers/staging/ccree/ssi_buffer_mgr.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index af50904..038e2ff 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -1863,8 +1863,7 @@ int ssi_buffer_mgr_fini(struct ssi_drvdata *drvdata)
struct buff_mgr_handle *buff_mgr_handle = drvdata->buff_mgr_handle;
 
if (buff_mgr_handle  != NULL) {
-   if (buff_mgr_handle->mlli_buffs_pool != NULL)
-   dma_pool_destroy(buff_mgr_handle->mlli_buffs_pool);
+   dma_pool_destroy(buff_mgr_handle->mlli_buffs_pool);
kfree(drvdata->buff_mgr_handle);
drvdata->buff_mgr_handle = NULL;
 
-- 
2.1.4

[PATCH v3 15/15] staging: ccree: fix ifnullfree.cocci warnings

[Gilad Ben-Yossef]

From: kbuild test robot 

drivers/staging/ccree/ssi_hash.c:317:2-7: WARNING: NULL check before freeing 
functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb 
is not needed. Maybe consider reorganizing relevant code to avoid passing NULL 
values.
drivers/staging/ccree/ssi_hash.c:320:2-7: WARNING: NULL check before freeing 
functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb 
is not needed. Maybe consider reorganizing relevant code to avoid passing NULL 
values.
drivers/staging/ccree/ssi_hash.c:323:2-7: WARNING: NULL check before freeing 
functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb 
is not needed. Maybe consider reorganizing relevant code to avoid passing NULL 
values.
drivers/staging/ccree/ssi_hash.c:373:2-7: WARNING: NULL check before freeing 
functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb 
is not needed. Maybe consider reorganizing relevant code to avoid passing NULL 
values.
drivers/staging/ccree/ssi_hash.c:375:2-7: WARNING: NULL check before freeing 
functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb 
is not needed. Maybe consider reorganizing relevant code to avoid passing NULL 
values.
drivers/staging/ccree/ssi_hash.c:377:2-7: WARNING: NULL check before freeing 
functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb 
is not needed. Maybe consider reorganizing relevant code to avoid passing NULL 
values.
drivers/staging/ccree/ssi_hash.c:379:3-8: WARNING: NULL check before freeing 
functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb 
is not needed. Maybe consider reorganizing relevant code to avoid passing NULL 
values.
drivers/staging/ccree/ssi_hash.c:381:2-7: WARNING: NULL check before freeing 
functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb 
is not needed. Maybe consider reorganizing relevant code to avoid passing NULL 
values.
drivers/staging/ccree/ssi_hash.c:383:2-7: WARNING: NULL check before freeing 
functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb 
is not needed. Maybe consider reorganizing relevant code to avoid passing NULL 
values.

 NULL check before some freeing functions is not needed.

 Based on checkpatch warning
 "kfree(NULL) is safe this check is probably not required"
 and kfreeaddr.cocci by Julia Lawall.

Generated by: scripts/coccinelle/free/ifnullfree.cocci

Signed-off-by: Gilad Ben-Yossef 
Signed-off-by: Fengguang Wu 
---
 drivers/staging/ccree/ssi_hash.c | 27 +--
 1 file changed, 9 insertions(+), 18 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index ab191de..8ff5d4e 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -314,14 +314,11 @@ static int ssi_hash_map_request(struct device *dev,
state->digest_buff_dma_addr = 0;
}
 fail3:
-   if (state->opad_digest_buff != NULL)
-   kfree(state->opad_digest_buff);
+   kfree(state->opad_digest_buff);
 fail2:
-   if (state->digest_bytes_len != NULL)
-   kfree(state->digest_bytes_len);
+   kfree(state->digest_bytes_len);
 fail1:
-   if (state->digest_buff != NULL)
-   kfree(state->digest_buff);
+kfree(state->digest_buff);
 fail_digest_result_buff:
 if (state->digest_result_buff != NULL) {
 kfree(state->digest_result_buff);
@@ -370,18 +367,12 @@ static void ssi_hash_unmap_request(struct device *dev,
state->opad_digest_dma_addr = 0;
}
 
-   if (state->opad_digest_buff != NULL)
-   kfree(state->opad_digest_buff);
-   if (state->digest_bytes_len != NULL)
-   kfree(state->digest_bytes_len);
-   if (state->digest_buff != NULL)
-   kfree(state->digest_buff);
-   if (state->digest_result_buff != NULL) 
-   kfree(state->digest_result_buff);
-   if (state->buff1 != NULL) 
-   kfree(state->buff1);
-   if (state->buff0 != NULL)
-   kfree(state->buff0);
+   kfree(state->opad_digest_buff);
+   kfree(state->digest_bytes_len);
+   kfree(state->digest_buff);
+   kfree(state->digest_result_buff);
+   kfree(state->buff1);
+   kfree(state->buff0);
 }
 
 static void ssi_hash_unmap_result(struct device *dev, 
-- 
2.1.4

[PATCH v3 08/15] staging: ccree: add DT bindings for Arm CryptoCell

[Gilad Ben-Yossef]

This adds DT bindings for the Arm TrustZone CryptoCell cryptographic
accelerator IP.

Signed-off-by: Gilad Ben-Yossef 
---
 .../devicetree/bindings/crypto/arm-cryptocell.txt  | 27 ++
 1 file changed, 27 insertions(+)
 create mode 100644 
drivers/staging/ccree/Documentation/devicetree/bindings/crypto/arm-cryptocell.txt

diff --git 
a/drivers/staging/ccree/Documentation/devicetree/bindings/crypto/arm-cryptocell.txt
 
b/drivers/staging/ccree/Documentation/devicetree/bindings/crypto/arm-cryptocell.txt
new file mode 100644
index 000..2ea6517
--- /dev/null
+++ 
b/drivers/staging/ccree/Documentation/devicetree/bindings/crypto/arm-cryptocell.txt
@@ -0,0 +1,27 @@
+Arm TrustZone CryptoCell cryptographic accelerators
+
+Required properties:
+- compatible: must be "arm,cryptocell-712-ree".
+- reg: shall contain base register location and length.
+   Typically length is 0x1.
+- interrupts: shall contain the interrupt for the device.
+
+Optional properties:
+- interrupt-parent: can designate the interrupt controller the
+   device interrupt is connected to, if needed.
+- clocks: may contain the clock handling the device, if needed.
+- power-domains: may contain a reference to the PM domain, if applicable.
+
+
+Examples:
+
+Zynq FPGA device
+
+
+   arm_cc7x: arm_cc7x@8000 {
+   compatible = "arm,cryptocell-712-ree";
+   interrupt-parent = <>;
+   interrupts = < 0 30 4 >;
+   reg = < 0x8000 0x1 >;
+   };
+
-- 
2.1.4

[PATCH v3 07/15] staging: ccree: add TODO list

[Gilad Ben-Yossef]

Add TODO list for moving out of staging tree for ccree crypto driver

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/TODO | 30 ++
 1 file changed, 30 insertions(+)
 create mode 100644 drivers/staging/ccree/TODO

diff --git a/drivers/staging/ccree/TODO b/drivers/staging/ccree/TODO
new file mode 100644
index 000..c9f5754
--- /dev/null
+++ b/drivers/staging/ccree/TODO
@@ -0,0 +1,30 @@
+
+
+*
+*  *
+* Arm Trust Zone CryptoCell REE Linux driver upstreaming TODO items*
+*  *
+*
+
+ccree specific items
+a.k.a stuff fixing for this driver to move out of staging
+~
+
+1.  Move to using Crypto Engine to handle backlog queueing.
+2.  Remove synchronous algorithm support leftovers.
+3.  Separate platform specific code for FIPS and power management into 
separate platform modules.
+4.  Drop legacy kernel support code.
+5.  Move most (all?) #ifdef CONFIG into inline functions.
+6.  Remove all unused definitions.
+7.  Re-factor to accomediate newer/older HW revisions besides the 712.
+8.  Handle the many checkpatch errors.
+9.  Implement ahash import/export correctly.
+10. Go through a proper review of DT bindings and sysfs ABI
+11. Sort out FIPS mode: bake tests into testmgr, sort out behaviour on error, 
+figure if 3DES weak key check is needed
+
+Kernel infrastructure items
+a.k.a stuff we either neither need to fix in the kernel or understand what 
we're doing wrong
+
+1. ahash import/export context has a PAGE_SIZE/8 size limit.  We need more.
+2. Crypto Engine seems to be built for HW with hardware queue depth of 1, we 
have 600++.
-- 
2.1.4

[PATCH v3 06/15] staging: ccree: add FIPS support

[Gilad Ben-Yossef]

Add FIPS mode support to CryptoCell driver

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/Kconfig   |9 +
 drivers/staging/ccree/Makefile  |1 +
 drivers/staging/ccree/ssi_aead.c|6 +
 drivers/staging/ccree/ssi_cipher.c  |   52 +
 drivers/staging/ccree/ssi_driver.c  |   19 +-
 drivers/staging/ccree/ssi_driver.h  |2 +
 drivers/staging/ccree/ssi_fips.c|   65 ++
 drivers/staging/ccree/ssi_fips.h|   70 ++
 drivers/staging/ccree/ssi_fips_data.h   |  315 ++
 drivers/staging/ccree/ssi_fips_ext.c|   96 ++
 drivers/staging/ccree/ssi_fips_ll.c | 1681 +++
 drivers/staging/ccree/ssi_fips_local.c  |  369 +++
 drivers/staging/ccree/ssi_fips_local.h  |   77 ++
 drivers/staging/ccree/ssi_hash.c|   21 +-
 drivers/staging/ccree/ssi_request_mgr.c |2 +
 15 files changed, 2783 insertions(+), 2 deletions(-)
 create mode 100644 drivers/staging/ccree/ssi_fips.c
 create mode 100644 drivers/staging/ccree/ssi_fips.h
 create mode 100644 drivers/staging/ccree/ssi_fips_data.h
 create mode 100644 drivers/staging/ccree/ssi_fips_ext.c
 create mode 100644 drivers/staging/ccree/ssi_fips_ll.c
 create mode 100644 drivers/staging/ccree/ssi_fips_local.c
 create mode 100644 drivers/staging/ccree/ssi_fips_local.h

diff --git a/drivers/staging/ccree/Kconfig b/drivers/staging/ccree/Kconfig
index 2d11223..ae62704 100644
--- a/drivers/staging/ccree/Kconfig
+++ b/drivers/staging/ccree/Kconfig
@@ -24,6 +24,15 @@ config CRYPTO_DEV_CCREE
  cryptographic operations on the system REE.
  If unsure say Y.
 
+config CCREE_FIPS_SUPPORT
+   bool "Turn on CryptoCell 7XX REE FIPS mode support"
+   depends on CRYPTO_DEV_CCREE
+   default n
+   help
+ Say 'Y' to enable support for FIPS compliant mode by the
+ CCREE driver.
+ If unsure say N.
+
 config CCREE_DISABLE_COHERENT_DMA_OPS
bool "Disable Coherent DMA operations for the CCREE driver"
depends on CRYPTO_DEV_CCREE
diff --git a/drivers/staging/ccree/Makefile b/drivers/staging/ccree/Makefile
index b9285c0..44f3e3e 100644
--- a/drivers/staging/ccree/Makefile
+++ b/drivers/staging/ccree/Makefile
@@ -1,2 +1,3 @@
 obj-$(CONFIG_CRYPTO_DEV_CCREE) := ccree.o
 ccree-y := ssi_driver.o ssi_sysfs.o ssi_buffer_mgr.o ssi_request_mgr.o 
ssi_cipher.o ssi_hash.o ssi_aead.o ssi_ivgen.o ssi_sram_mgr.o ssi_pm.o 
ssi_pm_ext.o
+ccree-$(CCREE_FIPS_SUPPORT) += ssi_fips.o ssi_fips_ll.o ssi_fips_ext.o 
ssi_fips_local.o
diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index 33d72d2..0382917 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -36,6 +36,7 @@
 #include "ssi_hash.h"
 #include "ssi_sysfs.h"
 #include "ssi_sram_mgr.h"
+#include "ssi_fips_local.h"
 
 #define template_aead  template_u.aead
 
@@ -153,6 +154,8 @@ static int ssi_aead_init(struct crypto_aead *tfm)
container_of(alg, struct ssi_crypto_alg, aead_alg);
SSI_LOG_DEBUG("Initializing context @%p for %s\n", ctx, 
crypto_tfm_alg_name(&(tfm->base)));
 
+   CHECK_AND_RETURN_UPON_FIPS_ERROR();
+
/* Initialize modes in instance */
ctx->cipher_mode = ssi_alg->cipher_mode;
ctx->flow_mode = ssi_alg->flow_mode;
@@ -572,6 +575,7 @@ ssi_aead_setkey(struct crypto_aead *tfm, const u8 *key, 
unsigned int keylen)
SSI_LOG_DEBUG("Setting key in context @%p for %s. key=%p keylen=%u\n",
ctx, crypto_tfm_alg_name(crypto_aead_tfm(tfm)), key, keylen);
 
+   CHECK_AND_RETURN_UPON_FIPS_ERROR();
/* STAT_PHASE_0: Init and sanity checks */
START_CYCLE_COUNT();
 
@@ -699,6 +703,7 @@ static int ssi_aead_setauthsize(
 {
struct ssi_aead_ctx *ctx = crypto_aead_ctx(authenc);

+   CHECK_AND_RETURN_UPON_FIPS_ERROR();
/* Unsupported auth. sizes */
if ((authsize == 0) ||
(authsize >crypto_aead_maxauthsize(authenc))) {
@@ -2006,6 +2011,7 @@ static int ssi_aead_process(struct aead_request *req, 
enum drv_crypto_direction
SSI_LOG_DEBUG("%s context=%p req=%p iv=%p src=%p src_ofs=%d dst=%p 
dst_ofs=%d cryptolen=%d\n",
((direct==DRV_CRYPTO_DIRECTION_ENCRYPT)?"Encrypt":"Decrypt"), 
ctx, req, req->iv,
sg_virt(req->src), req->src->offset, sg_virt(req->dst), 
req->dst->offset, req->cryptlen);
+   CHECK_AND_RETURN_UPON_FIPS_ERROR();
 
/* STAT_PHASE_0: Init and sanity checks */
START_CYCLE_COUNT();
diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index 4a95f13..664ed7e 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -31,6 +31,7 @@
 #include "ssi_cipher.h"
 #include "ssi_request_mgr.h"
 #include "ssi_sysfs.h"
+#include "ssi_fips_local.h"
 
 #define MAX_ABLKCIPHER_SEQ_LEN 6
 
@@ -191,6 +192,7 @@ static int ssi_blkcipher_init(struct crypto_tfm *tfm)

[PATCH v3 04/15] staging: ccree: add IV generation support

[Gilad Ben-Yossef]

Add CryptoCell IV hardware generation support.

This patch adds the needed support to drive the HW but does not expose
the ability via the kernel crypto API yet.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/Makefile  |   2 +-
 drivers/staging/ccree/ssi_buffer_mgr.c  |   2 +
 drivers/staging/ccree/ssi_cipher.c  |  11 ++
 drivers/staging/ccree/ssi_cipher.h  |   1 +
 drivers/staging/ccree/ssi_driver.c  |   9 +
 drivers/staging/ccree/ssi_driver.h  |   7 +
 drivers/staging/ccree/ssi_ivgen.c   | 301 
 drivers/staging/ccree/ssi_ivgen.h   |  72 
 drivers/staging/ccree/ssi_pm.c  |   2 +
 drivers/staging/ccree/ssi_request_mgr.c |  33 +++-
 10 files changed, 438 insertions(+), 2 deletions(-)
 create mode 100644 drivers/staging/ccree/ssi_ivgen.c
 create mode 100644 drivers/staging/ccree/ssi_ivgen.h

diff --git a/drivers/staging/ccree/Makefile b/drivers/staging/ccree/Makefile
index 21a80d5..89afe9a 100644
--- a/drivers/staging/ccree/Makefile
+++ b/drivers/staging/ccree/Makefile
@@ -1,2 +1,2 @@
 obj-$(CONFIG_CRYPTO_DEV_CCREE) := ccree.o
-ccree-y := ssi_driver.o ssi_sysfs.o ssi_buffer_mgr.o ssi_request_mgr.o 
ssi_cipher.o ssi_hash.o ssi_sram_mgr.o ssi_pm.o ssi_pm_ext.o
+ccree-y := ssi_driver.o ssi_sysfs.o ssi_buffer_mgr.o ssi_request_mgr.o 
ssi_cipher.o ssi_hash.o ssi_ivgen.o ssi_sram_mgr.o ssi_pm.o ssi_pm_ext.o
diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index d0d5352..6ff5d6b 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -534,6 +534,7 @@ void ssi_buffer_mgr_unmap_blkcipher_request(
SSI_RESTORE_DMA_ADDR_TO_48BIT(req_ctx->gen_ctx.iv_dma_addr);
dma_unmap_single(dev, req_ctx->gen_ctx.iv_dma_addr, 
 ivsize, 
+req_ctx->is_giv ? DMA_BIDIRECTIONAL :
 DMA_TO_DEVICE);
}
/* Release pool */
@@ -587,6 +588,7 @@ int ssi_buffer_mgr_map_blkcipher_request(
req_ctx->gen_ctx.iv_dma_addr = 
dma_map_single(dev, (void *)info, 
   ivsize, 
+  req_ctx->is_giv ? DMA_BIDIRECTIONAL:
   DMA_TO_DEVICE);
if (unlikely(dma_mapping_error(dev, 
req_ctx->gen_ctx.iv_dma_addr))) {
diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index d22a1b3..4a95f13 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -819,6 +819,13 @@ static int ssi_blkcipher_process(
  areq,
  desc, _len);
 
+   /* do we need to generate IV? */
+   if (req_ctx->is_giv == true) {
+   ssi_req.ivgen_dma_addr[0] = req_ctx->gen_ctx.iv_dma_addr;
+   ssi_req.ivgen_dma_addr_len = 1;
+   /* set the IV size (8/16 B long)*/
+   ssi_req.ivgen_size = ivsize;
+   }
END_CYCLE_COUNT(ssi_req.op_type, STAT_PHASE_2);
 
/* STAT_PHASE_3: Lock HW and push sequence */
@@ -901,6 +908,7 @@ static int ssi_sblkcipher_encrypt(struct blkcipher_desc 
*desc,
unsigned int ivsize = crypto_blkcipher_ivsize(blk_tfm);
 
req_ctx->backup_info = desc->info;
+   req_ctx->is_giv = false;
 
return ssi_blkcipher_process(tfm, req_ctx, dst, src, nbytes, 
desc->info, ivsize, NULL, DRV_CRYPTO_DIRECTION_ENCRYPT);
 }
@@ -916,6 +924,7 @@ static int ssi_sblkcipher_decrypt(struct blkcipher_desc 
*desc,
unsigned int ivsize = crypto_blkcipher_ivsize(blk_tfm);
 
req_ctx->backup_info = desc->info;
+   req_ctx->is_giv = false;
 
return ssi_blkcipher_process(tfm, req_ctx, dst, src, nbytes, 
desc->info, ivsize, NULL, DRV_CRYPTO_DIRECTION_DECRYPT);
 }
@@ -948,6 +957,7 @@ static int ssi_ablkcipher_encrypt(struct ablkcipher_request 
*req)
unsigned int ivsize = crypto_ablkcipher_ivsize(ablk_tfm);
 
req_ctx->backup_info = req->info;
+   req_ctx->is_giv = false;
 
return ssi_blkcipher_process(tfm, req_ctx, req->dst, req->src, 
req->nbytes, req->info, ivsize, (void *)req, DRV_CRYPTO_DIRECTION_ENCRYPT);
 }
@@ -960,6 +970,7 @@ static int ssi_ablkcipher_decrypt(struct ablkcipher_request 
*req)
unsigned int ivsize = crypto_ablkcipher_ivsize(ablk_tfm);
 
req_ctx->backup_info = req->info;
+   req_ctx->is_giv = false;
return ssi_blkcipher_process(tfm, req_ctx, req->dst, req->src, 
req->nbytes, req->info, ivsize, (void *)req, DRV_CRYPTO_DIRECTION_DECRYPT);
 }
 
diff --git a/drivers/staging/ccree/ssi_cipher.h 
b/drivers/staging/ccree/ssi_cipher.h
index 9ceb0b6..ba4eb7c 100644
--- a/drivers/staging/ccree/ssi_cipher.h
+++ b/drivers/staging/ccree/ssi_cipher.h
@@ -45,6 +45,7 @@ struct 

[PATCH v3 05/15] staging: ccree: add AEAD support

[Gilad Ben-Yossef]

Add CryptoCell AEAD support

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/Kconfig  |1 +
 drivers/staging/ccree/Makefile |2 +-
 drivers/staging/ccree/cc_crypto_ctx.h  |   21 +
 drivers/staging/ccree/ssi_aead.c   | 2826 
 drivers/staging/ccree/ssi_aead.h   |  120 ++
 drivers/staging/ccree/ssi_buffer_mgr.c |  899 ++
 drivers/staging/ccree/ssi_buffer_mgr.h |4 +
 drivers/staging/ccree/ssi_driver.c |   11 +
 drivers/staging/ccree/ssi_driver.h |4 +
 9 files changed, 3887 insertions(+), 1 deletion(-)
 create mode 100644 drivers/staging/ccree/ssi_aead.c
 create mode 100644 drivers/staging/ccree/ssi_aead.h

diff --git a/drivers/staging/ccree/Kconfig b/drivers/staging/ccree/Kconfig
index 3fff040..2d11223 100644
--- a/drivers/staging/ccree/Kconfig
+++ b/drivers/staging/ccree/Kconfig
@@ -5,6 +5,7 @@ config CRYPTO_DEV_CCREE
select CRYPTO_HASH
select CRYPTO_BLKCIPHER
select CRYPTO_DES
+   select CRYPTO_AEAD
select CRYPTO_AUTHENC
select CRYPTO_SHA1
select CRYPTO_MD5
diff --git a/drivers/staging/ccree/Makefile b/drivers/staging/ccree/Makefile
index 89afe9a..b9285c0 100644
--- a/drivers/staging/ccree/Makefile
+++ b/drivers/staging/ccree/Makefile
@@ -1,2 +1,2 @@
 obj-$(CONFIG_CRYPTO_DEV_CCREE) := ccree.o
-ccree-y := ssi_driver.o ssi_sysfs.o ssi_buffer_mgr.o ssi_request_mgr.o 
ssi_cipher.o ssi_hash.o ssi_ivgen.o ssi_sram_mgr.o ssi_pm.o ssi_pm_ext.o
+ccree-y := ssi_driver.o ssi_sysfs.o ssi_buffer_mgr.o ssi_request_mgr.o 
ssi_cipher.o ssi_hash.o ssi_aead.o ssi_ivgen.o ssi_sram_mgr.o ssi_pm.o 
ssi_pm_ext.o
diff --git a/drivers/staging/ccree/cc_crypto_ctx.h 
b/drivers/staging/ccree/cc_crypto_ctx.h
index a7f7d95..9e10b26 100644
--- a/drivers/staging/ccree/cc_crypto_ctx.h
+++ b/drivers/staging/ccree/cc_crypto_ctx.h
@@ -263,6 +263,27 @@ struct drv_ctx_cipher {
(CC_AES_KEY_SIZE_MAX/sizeof(uint32_t))];
 };
 
+/* authentication and encryption with associated data class */
+struct drv_ctx_aead {
+   enum drv_crypto_alg alg; /* DRV_CRYPTO_ALG_AES */
+   enum drv_cipher_mode mode;
+   enum drv_crypto_direction direction;
+   uint32_t key_size; /* numeric value in bytes   */
+   uint32_t nonce_size; /* nonce size (octets) */
+   uint32_t header_size; /* finit additional data size (octets) */
+   uint32_t text_size; /* finit text data size (octets) */
+   uint32_t tag_size; /* mac size, element of {4, 6, 8, 10, 12, 14, 16} */
+   /* block_state1/2 is the AES engine block state */
+   uint8_t block_state[CC_AES_BLOCK_SIZE];
+   uint8_t mac_state[CC_AES_BLOCK_SIZE]; /* MAC result */
+   uint8_t nonce[CC_AES_BLOCK_SIZE]; /* nonce buffer */
+   uint8_t key[CC_AES_KEY_SIZE_MAX];
+   /* reserve to end of allocated context size */
+   uint32_t reserved[CC_DRV_CTX_SIZE_WORDS - 8 -
+   3 * (CC_AES_BLOCK_SIZE/sizeof(uint32_t)) -
+   CC_AES_KEY_SIZE_MAX/sizeof(uint32_t)];
+};
+
 /***/
 /* MESSAGE BASED CONTEXTS **/
 /***/
diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
new file mode 100644
index 000..33d72d2
--- /dev/null
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -0,0 +1,2826 @@
+/*
+ * Copyright (C) 2012-2017 ARM Limited or its affiliates.
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "ssi_config.h"
+#include "ssi_driver.h"
+#include "ssi_buffer_mgr.h"
+#include "ssi_aead.h"
+#include "ssi_request_mgr.h"
+#include "ssi_hash.h"
+#include "ssi_sysfs.h"
+#include "ssi_sram_mgr.h"
+
+#define template_aead  template_u.aead
+
+#define MAX_AEAD_SETKEY_SEQ 12
+#define MAX_AEAD_PROCESS_SEQ 23
+
+#define MAX_HMAC_DIGEST_SIZE (SHA256_DIGEST_SIZE)
+#define MAX_HMAC_BLOCK_SIZE (SHA256_BLOCK_SIZE)
+
+#define AES_CCM_RFC4309_NONCE_SIZE 3
+#define MAX_NONCE_SIZE CTR_RFC3686_NONCE_SIZE
+
+
+/* Value of each ICV_CMP byte (of 8) in case of success */
+#define ICV_VERIF_OK 0x01  
+
+struct ssi_aead_handle {
+   ssi_sram_addr_t sram_workspace_addr;
+   struct list_head 

[PATCH v3 03/15] staging: ccree: add skcipher support

[Gilad Ben-Yossef]

Add CryptoCell skcipher support

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/Kconfig  |8 +
 drivers/staging/ccree/Makefile |2 +-
 drivers/staging/ccree/cc_crypto_ctx.h  |   21 +
 drivers/staging/ccree/ssi_buffer_mgr.c |  147 
 drivers/staging/ccree/ssi_buffer_mgr.h |   16 +
 drivers/staging/ccree/ssi_cipher.c | 1440 
 drivers/staging/ccree/ssi_cipher.h |   88 ++
 drivers/staging/ccree/ssi_driver.c |   14 +
 drivers/staging/ccree/ssi_driver.h |   30 +
 9 files changed, 1765 insertions(+), 1 deletion(-)
 create mode 100644 drivers/staging/ccree/ssi_cipher.c
 create mode 100644 drivers/staging/ccree/ssi_cipher.h

diff --git a/drivers/staging/ccree/Kconfig b/drivers/staging/ccree/Kconfig
index a528a99..3fff040 100644
--- a/drivers/staging/ccree/Kconfig
+++ b/drivers/staging/ccree/Kconfig
@@ -3,11 +3,19 @@ config CRYPTO_DEV_CCREE
depends on CRYPTO_HW && OF && HAS_DMA
default n
select CRYPTO_HASH
+   select CRYPTO_BLKCIPHER
+   select CRYPTO_DES
+   select CRYPTO_AUTHENC
select CRYPTO_SHA1
select CRYPTO_MD5
select CRYPTO_SHA256
select CRYPTO_SHA512
select CRYPTO_HMAC
+   select CRYPTO_AES
+   select CRYPTO_CBC
+   select CRYPTO_ECB
+   select CRYPTO_CTR
+   select CRYPTO_XTS
help
  Say 'Y' to enable a driver for the Arm TrustZone CryptoCell 
  C7xx. Currently only the CryptoCell 712 REE is supported.
diff --git a/drivers/staging/ccree/Makefile b/drivers/staging/ccree/Makefile
index f94e225..21a80d5 100644
--- a/drivers/staging/ccree/Makefile
+++ b/drivers/staging/ccree/Makefile
@@ -1,2 +1,2 @@
 obj-$(CONFIG_CRYPTO_DEV_CCREE) := ccree.o
-ccree-y := ssi_driver.o ssi_sysfs.o ssi_buffer_mgr.o ssi_request_mgr.o 
ssi_hash.o ssi_sram_mgr.o ssi_pm.o ssi_pm_ext.o
+ccree-y := ssi_driver.o ssi_sysfs.o ssi_buffer_mgr.o ssi_request_mgr.o 
ssi_cipher.o ssi_hash.o ssi_sram_mgr.o ssi_pm.o ssi_pm_ext.o
diff --git a/drivers/staging/ccree/cc_crypto_ctx.h 
b/drivers/staging/ccree/cc_crypto_ctx.h
index a4aa066..a7f7d95 100644
--- a/drivers/staging/ccree/cc_crypto_ctx.h
+++ b/drivers/staging/ccree/cc_crypto_ctx.h
@@ -242,6 +242,27 @@ struct drv_ctx_hmac {
CC_DIGEST_SIZE_MAX - CC_HMAC_BLOCK_SIZE_MAX];
 };
 
+struct drv_ctx_cipher {
+   enum drv_crypto_alg alg; /* DRV_CRYPTO_ALG_AES */
+   enum drv_cipher_mode mode;
+   enum drv_crypto_direction direction;
+   enum drv_crypto_key_type crypto_key_type;
+   enum drv_crypto_padding_type padding_type;
+   uint32_t key_size; /* numeric value in bytes   */
+   uint32_t data_unit_size; /* required for XTS */
+   /* block_state is the AES engine block state.
+   *  It is used by the host to pass IV or counter at initialization.
+   *  It is used by SeP for intermediate block chaining state and for
+   *  returning MAC algorithms results.   */
+   uint8_t block_state[CC_AES_BLOCK_SIZE];
+   uint8_t key[CC_AES_KEY_SIZE_MAX];
+   uint8_t xex_key[CC_AES_KEY_SIZE_MAX];
+   /* reserve to end of allocated context size */
+   uint32_t reserved[CC_DRV_CTX_SIZE_WORDS - 7 -
+   CC_AES_BLOCK_SIZE/sizeof(uint32_t) - 2 *
+   (CC_AES_KEY_SIZE_MAX/sizeof(uint32_t))];
+};
+
 /***/
 /* MESSAGE BASED CONTEXTS **/
 /***/
diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index aceb01c..d0d5352 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -28,6 +28,7 @@
 
 #include "ssi_buffer_mgr.h"
 #include "cc_lli_defs.h"
+#include "ssi_cipher.h"
 #include "ssi_hash.h"
 
 #define LLI_MAX_NUM_OF_DATA_ENTRIES 128
@@ -517,6 +518,152 @@ static inline int ssi_ahash_handle_curr_buf(struct device 
*dev,
return 0;
 }
 
+void ssi_buffer_mgr_unmap_blkcipher_request(
+   struct device *dev,
+   void *ctx,
+   unsigned int ivsize,
+   struct scatterlist *src,
+   struct scatterlist *dst)
+{
+   struct blkcipher_req_ctx *req_ctx = (struct blkcipher_req_ctx *)ctx;
+
+   if (likely(req_ctx->gen_ctx.iv_dma_addr != 0)) {
+   SSI_LOG_DEBUG("Unmapped iv: iv_dma_addr=0x%llX iv_size=%u\n", 
+   (unsigned long long)req_ctx->gen_ctx.iv_dma_addr,
+   ivsize);
+   SSI_RESTORE_DMA_ADDR_TO_48BIT(req_ctx->gen_ctx.iv_dma_addr);
+   dma_unmap_single(dev, req_ctx->gen_ctx.iv_dma_addr, 
+ivsize, 
+DMA_TO_DEVICE);
+   }
+   /* Release pool */
+   if (req_ctx->dma_buf_type == SSI_DMA_BUF_MLLI) {
+   

[PATCH v3 02/15] staging: ccree: add ahash support

[Gilad Ben-Yossef]

Add CryptoCell async. hash and HMAC support.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/Kconfig  |6 +
 drivers/staging/ccree/Makefile |2 +-
 drivers/staging/ccree/cc_crypto_ctx.h  |   22 +
 drivers/staging/ccree/hash_defs.h  |   78 +
 drivers/staging/ccree/ssi_buffer_mgr.c |  311 +++-
 drivers/staging/ccree/ssi_buffer_mgr.h |6 +
 drivers/staging/ccree/ssi_driver.c |   11 +-
 drivers/staging/ccree/ssi_driver.h |4 +-
 drivers/staging/ccree/ssi_hash.c   | 2732 
 drivers/staging/ccree/ssi_hash.h   |  101 ++
 drivers/staging/ccree/ssi_pm.c |4 +
 11 files changed, 3263 insertions(+), 14 deletions(-)
 create mode 100644 drivers/staging/ccree/hash_defs.h
 create mode 100644 drivers/staging/ccree/ssi_hash.c
 create mode 100644 drivers/staging/ccree/ssi_hash.h

diff --git a/drivers/staging/ccree/Kconfig b/drivers/staging/ccree/Kconfig
index 0f723d7..a528a99 100644
--- a/drivers/staging/ccree/Kconfig
+++ b/drivers/staging/ccree/Kconfig
@@ -2,6 +2,12 @@ config CRYPTO_DEV_CCREE
tristate "Support for ARM TrustZone CryptoCell C7XX family of Crypto 
accelerators"
depends on CRYPTO_HW && OF && HAS_DMA
default n
+   select CRYPTO_HASH
+   select CRYPTO_SHA1
+   select CRYPTO_MD5
+   select CRYPTO_SHA256
+   select CRYPTO_SHA512
+   select CRYPTO_HMAC
help
  Say 'Y' to enable a driver for the Arm TrustZone CryptoCell 
  C7xx. Currently only the CryptoCell 712 REE is supported.
diff --git a/drivers/staging/ccree/Makefile b/drivers/staging/ccree/Makefile
index 972af69..f94e225 100644
--- a/drivers/staging/ccree/Makefile
+++ b/drivers/staging/ccree/Makefile
@@ -1,2 +1,2 @@
 obj-$(CONFIG_CRYPTO_DEV_CCREE) := ccree.o
-ccree-y := ssi_driver.o ssi_sysfs.o ssi_buffer_mgr.o ssi_request_mgr.o 
ssi_sram_mgr.o ssi_pm.o ssi_pm_ext.o
+ccree-y := ssi_driver.o ssi_sysfs.o ssi_buffer_mgr.o ssi_request_mgr.o 
ssi_hash.o ssi_sram_mgr.o ssi_pm.o ssi_pm_ext.o
diff --git a/drivers/staging/ccree/cc_crypto_ctx.h 
b/drivers/staging/ccree/cc_crypto_ctx.h
index 3547cb4..a4aa066 100644
--- a/drivers/staging/ccree/cc_crypto_ctx.h
+++ b/drivers/staging/ccree/cc_crypto_ctx.h
@@ -220,6 +220,28 @@ struct drv_ctx_generic {
 } __attribute__((__may_alias__));
 
 
+struct drv_ctx_hash {
+   enum drv_crypto_alg alg; /* DRV_CRYPTO_ALG_HASH */
+   enum drv_hash_mode mode;
+   uint8_t digest[CC_DIGEST_SIZE_MAX];
+   /* reserve to end of allocated context size */
+   uint8_t reserved[CC_CTX_SIZE - 2 * sizeof(uint32_t) -
+   CC_DIGEST_SIZE_MAX];
+};
+
+/*  drv_ctx_hmac should have the same structure as drv_ctx_hash except
+   k0, k0_size fields */
+struct drv_ctx_hmac {
+   enum drv_crypto_alg alg; /* DRV_CRYPTO_ALG_HMAC */
+   enum drv_hash_mode mode;
+   uint8_t digest[CC_DIGEST_SIZE_MAX];
+   uint32_t k0[CC_HMAC_BLOCK_SIZE_MAX/sizeof(uint32_t)];
+   uint32_t k0_size;
+   /* reserve to end of allocated context size */
+   uint8_t reserved[CC_CTX_SIZE - 3 * sizeof(uint32_t) -
+   CC_DIGEST_SIZE_MAX - CC_HMAC_BLOCK_SIZE_MAX];
+};
+
 /***/
 /* MESSAGE BASED CONTEXTS **/
 /***/
diff --git a/drivers/staging/ccree/hash_defs.h 
b/drivers/staging/ccree/hash_defs.h
new file mode 100644
index 000..5ab0861
--- /dev/null
+++ b/drivers/staging/ccree/hash_defs.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2012-2017 ARM Limited or its affiliates.
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#ifndef  _HASH_DEFS_H__
+#define  _HASH_DEFS_H__
+
+#include "cc_crypto_ctx.h"
+
+/* this files provides definitions required for hash engine drivers */
+#ifndef CC_CONFIG_HASH_SHA_512_SUPPORTED
+#define SEP_HASH_LENGTH_WORDS  2
+#else
+#define SEP_HASH_LENGTH_WORDS  4
+#endif
+
+#ifdef BIG__ENDIAN
+#define OPAD_CURRENT_LENGTH 0x4000, 0x , 0x, 0x
+#define HASH_LARVAL_MD5  0x76543210, 0xFEDCBA98, 0x89ABCDEF, 0x01234567
+#define HASH_LARVAL_SHA1 0xF0E1D2C3, 0x76543210, 0xFEDCBA98, 0x89ABCDEF, 
0x01234567
+#define HASH_LARVAL_SHA224 0XA44FFABE, 0XA78FF964, 0X11155868, 0X310BC0FF, 
0X39590EF7, 0X17DD7030, 0X07D57C36, 0XD89E05C1
+#define 

[PATCH v3 00/15] staging: ccree: add Arm TrustZone CryptoCell REE driver

[Gilad Ben-Yossef]

Arm TrustZone CryptoCell 700 is a family of cryptographic hardware
accelerators. It is supported by a long lived series of out of tree
drivers, which I am now in the process of unifying and upstreaming.
This is the first drop, supporting the new CryptoCell 712 REE.

The code still needs some cleanup before maturing to a proper
upstream driver, which I am in the process of doing. However,
as discussion of some of the capabilities of the hardware and
its application to some dm-crypt and dm-verity features recently
took place I though it is better to do this in the open via the
staging tree.

Signed-off-by: Gilad Ben-Yossef 
CC: Binoy Jayan 
CC: Ofir Drang 
CC: Stuart Yoder 
CC: Stephan Muller 

Changes from v2:
- Fix stupid build error on i386 due to left over Arm specific code.
- Fix copyright header to match GPLv2 license, as pointed out by Greg KH.
- Add proper handling of FIPS mode to TODO list, as pointed by Stephan Müller.
- Remove uneeded empty file bsp.h
- Fold in a bunch of fixes from kbuild robot.

Changes from v1:
- Broke up patch set into smaller units for mailing list review as per
  Greg KH's indication.
- Changed DT binding compatible tag as per Mark Rutland suggestion.
- Moved DT binding document inside the staging directory and added DT binding
  review to TODO list as per Mark Rutland's request.


Gilad Ben-Yossef (10):
  staging: ccree: introduce CryptoCell HW driver
  staging: ccree: add ahash support
  staging: ccree: add skcipher support
  staging: ccree: add IV generation support
  staging: ccree: add AEAD support
  staging: ccree: add FIPS support
  staging: ccree: add TODO list
  staging: ccree: add DT bindings for Arm CryptoCell
  MAINTAINERS: add Gilad BY as ccree maintainer
  staging: ccree: remove useless NULL test of field

kbuild test robot (5):
  staging: ccree: fix platform_no_drv_owner.cocci warnings
  staging: ccree: fix semicolon.cocci warnings
  staging: ccree: fix array_size.cocci warnings
  staging: ccree: fix ifnullfree.cocci warnings
  staging: ccree: fix ifnullfree.cocci warnings

 MAINTAINERS|7 +
 drivers/staging/Kconfig|2 +
 drivers/staging/Makefile   |2 +-
 .../devicetree/bindings/crypto/arm-cryptocell.txt  |   27 +
 drivers/staging/ccree/Kconfig  |   43 +
 drivers/staging/ccree/Makefile |3 +
 drivers/staging/ccree/TODO |   30 +
 drivers/staging/ccree/cc_bitops.h  |   62 +
 drivers/staging/ccree/cc_crypto_ctx.h  |  299 +++
 drivers/staging/ccree/cc_hal.h |   30 +
 drivers/staging/ccree/cc_hw_queue_defs.h   |  603 +
 drivers/staging/ccree/cc_lli_defs.h|   57 +
 drivers/staging/ccree/cc_pal_log.h |  188 ++
 drivers/staging/ccree/cc_pal_log_plat.h|   33 +
 drivers/staging/ccree/cc_pal_types.h   |   97 +
 drivers/staging/ccree/cc_pal_types_plat.h  |   29 +
 drivers/staging/ccree/cc_regs.h|  106 +
 drivers/staging/ccree/dx_crys_kernel.h |  180 ++
 drivers/staging/ccree/dx_env.h |  224 ++
 drivers/staging/ccree/dx_host.h|  155 ++
 drivers/staging/ccree/dx_reg_base_host.h   |   34 +
 drivers/staging/ccree/dx_reg_common.h  |   26 +
 drivers/staging/ccree/hash_defs.h  |   78 +
 drivers/staging/ccree/hw_queue_defs_plat.h |   43 +
 drivers/staging/ccree/ssi_aead.c   | 2832 
 drivers/staging/ccree/ssi_aead.h   |  120 +
 drivers/staging/ccree/ssi_buffer_mgr.c | 1873 +
 drivers/staging/ccree/ssi_buffer_mgr.h |  105 +
 drivers/staging/ccree/ssi_cipher.c | 1503 +++
 drivers/staging/ccree/ssi_cipher.h |   89 +
 drivers/staging/ccree/ssi_config.h |   61 +
 drivers/staging/ccree/ssi_driver.c |  556 
 drivers/staging/ccree/ssi_driver.h |  228 ++
 drivers/staging/ccree/ssi_fips.c   |   65 +
 drivers/staging/ccree/ssi_fips.h   |   70 +
 drivers/staging/ccree/ssi_fips_data.h  |  315 +++
 drivers/staging/ccree/ssi_fips_ext.c   |   96 +
 drivers/staging/ccree/ssi_fips_ll.c| 1681 
 drivers/staging/ccree/ssi_fips_local.c |  369 +++
 drivers/staging/ccree/ssi_fips_local.h |   77 +
 drivers/staging/ccree/ssi_hash.c   | 2742 +++
 drivers/staging/ccree/ssi_hash.h   |  101 +
 drivers/staging/ccree/ssi_ivgen.c  |  301 +++
 drivers/staging/ccree/ssi_ivgen.h  |   72 +
 drivers/staging/ccree/ssi_pm.c |  150