[Crypto v4 10/12] chtls: Inline crypto request Tx/Rx

2018-02-12 Thread Atul Gupta
TLS handler for record transmit and receive. Create Inline TLS work request and post to FW. Signed-off-by: Atul Gupta --- drivers/crypto/chelsio/chtls/chtls_io.c | 1867 +++ 1 file changed, 1867 insertions(+) create mode 100644

[Crypto v4 09/12] chtls: CPL handler definition

2018-02-12 Thread Atul Gupta
CPL handlers for TLS session, record transmit and receive. Signed-off-by: Atul Gupta --- drivers/crypto/chelsio/chtls/chtls_cm.c | 2045 +++ net/ipv4/tcp_minisocks.c|1 + 2 files changed, 2046 insertions(+) create mode

[Crypto v4 12/12] Makefile Kconfig

2018-02-12 Thread Atul Gupta
Entry for Inline TLS as another driver dependent on cxgb4 and chcr Signed-off-by: Atul Gupta --- drivers/crypto/chelsio/Kconfig| 11 +++ drivers/crypto/chelsio/Makefile | 1 + drivers/crypto/chelsio/chtls/Makefile | 4 3 files changed, 16

[Crypto v4 11/12] chtls: Register the chtls Inline TLS with net tls

2018-02-12 Thread Atul Gupta
Add new uld driver for Inline TLS support. Register ULP for chtls. Setsockopt to program key on chip. support AES GCM key size 128. Signed-off-by: Atul Gupta --- drivers/crypto/chelsio/chtls/chtls_main.c | 619 ++ include/uapi/linux/tls.h

[Crypto v4 00/12] Chelsio Inline TLS

2018-02-12 Thread Atul Gupta
RFC series for Chelsio Inline TLS driver (chtls.ko) Driver use the ULP infrastructure to register chtls as Inline TLS ULP. Chtls use TCP Sockets to transmit and receive TLS record. TCP proto_ops is extended to offload TLS record. T6 adapter provides the following features: -TLS record

[Crypto v4 01/12] tls: tls_device struct to register TLS drivers

2018-02-12 Thread Atul Gupta
added tls_device structure to register Inline TLS drivers with net/tls Signed-off-by: Atul Gupta --- include/net/tls.h | 21 + 1 file changed, 21 insertions(+) diff --git a/include/net/tls.h b/include/net/tls.h index 936cfc5..2a9f392 100644 ---

[Crypto v4 02/12] ethtool: feature for Inline TLS in HW

2018-02-12 Thread Atul Gupta
Signed-off-by: Atul Gupta --- include/linux/netdev_features.h | 2 ++ net/core/ethtool.c | 1 + 2 files changed, 3 insertions(+) diff --git a/include/linux/netdev_features.h b/include/linux/netdev_features.h index b1b0ca7..e1a33b7 100644 ---

[Crypto v4 04/12] chtls: structure and macro definiton

2018-02-12 Thread Atul Gupta
Inline TLS state, connection management. Supporting macros definition. Signed-off-by: Atul Gupta --- drivers/crypto/chelsio/chtls/chtls.h| 487 drivers/crypto/chelsio/chtls/chtls_cm.h | 203 + 2 files changed, 690

[Crypto v4 05/12] cxgb4: Inline TLS FW Interface

2018-02-12 Thread Atul Gupta
Key area size in hw-config file. CPL struct for TLS request and response. Work request for Inline TLS. Signed-off-by: Atul Gupta --- drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 121 ++- drivers/net/ethernet/chelsio/cxgb4/t4_regs.h | 2 +

[Crypto v4 03/12] support for inline tls

2018-02-12 Thread Atul Gupta
Signed-off-by: Atul Gupta --- net/tls/tls_main.c | 113 + 1 file changed, 113 insertions(+) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index e07ee3a..10a6d5d 100644 --- a/net/tls/tls_main.c +++

[Crypto v4 08/12] chtls: Key program

2018-02-12 Thread Atul Gupta
Program the tx and rx key on chip. Signed-off-by: Atul Gupta --- drivers/crypto/chelsio/chtls/chtls_hw.c | 394 1 file changed, 394 insertions(+) create mode 100644 drivers/crypto/chelsio/chtls/chtls_hw.c diff --git

[Crypto v4 06/12] cxgb4: LLD driver changes to enable TLS

2018-02-12 Thread Atul Gupta
Read FW capability. Read key area size. Dump the TLS record count. Signed-off-by: Atul Gupta --- drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c | 18 +++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c| 32 +-- drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h

[Crypto v4 07/12] chcr: Key Macro

2018-02-12 Thread Atul Gupta
Define macro for TLS Key context Signed-off-by: Atul Gupta --- drivers/crypto/chelsio/chcr_algo.h | 42 + drivers/crypto/chelsio/chcr_core.h | 55 +- 2 files changed, 96 insertions(+), 1 deletion(-) diff

[PATCH] crypto: arm/aes-cipher - move S-box to .rodata section

2018-02-12 Thread Jinbum Park
Move the AES inverse S-box to the .rodata section where it is safe from abuse by speculation. Signed-off-by: Jinbum Park --- arch/arm/crypto/aes-cipher-core.S | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git

[PATCH 10/14] x86/crypto: aesni: Move HashKey computation from stack to gcm_context

2018-02-12 Thread Dave Watson
HashKey computation only needs to happen once per scatter/gather operation, save it between calls in gcm_context struct instead of on the stack. Since the asm no longer stores anything on the stack, we can use %rsp directly, and clean up the frame save/restore macros a bit. Hashkeys actually only

[PATCH 14/14] x86/crypto: aesni: Update aesni-intel_glue to use scatter/gather

2018-02-12 Thread Dave Watson
Add gcmaes_en/decrypt_sg routines, that will do scatter/gather by sg. Either src or dst may contain multiple buffers, so iterate over both at the same time if they are different. If the input is the same as the output, iterate only over one. Currently both the AAD and TAG must be linear, so copy

[PATCH 13/14] x86/crypto: aesni: Introduce scatter/gather asm function stubs

2018-02-12 Thread Dave Watson
The asm macros are all set up now, introduce entry points. GCM_INIT and GCM_COMPLETE have arguments supplied, so that the new scatter/gather entry points don't have to take all the arguments, and only the ones they need. Signed-off-by: Dave Watson ---

Re: [PATCH 0/5] crypto: Speck support

2018-02-12 Thread Eric Biggers
Hi all, On Fri, Feb 09, 2018 at 07:07:01PM -0500, Jeffrey Walton wrote: > > Hi Jeffrey, > > > > I see you wrote the SPECK implementation in Crypto++, and you are treating > > the > > words as big endian. > > > > Do you have a reference for this being the "correct" order? Unfortunately > > the

[PATCH 01/14] x86/crypto: aesni: Merge INITIAL_BLOCKS_ENC/DEC

2018-02-12 Thread Dave Watson
Use macro operations to merge implemetations of INITIAL_BLOCKS, since they differ by only a small handful of lines. Use macro counter \@ to simplify implementation. Signed-off-by: Dave Watson --- arch/x86/crypto/aesni-intel_asm.S | 298 ++

Re: [Crypto v4 03/12] support for inline tls

2018-02-12 Thread David Miller
From: Atul Gupta Date: Mon, 12 Feb 2018 17:34:28 +0530 > +static int get_tls_prot(struct sock *sk) > +{ > + struct tls_context *ctx = tls_get_ctx(sk); > + struct net_device *netdev; > + struct tls_device *dev; > + > + /* Device bound to specific IP */ > +

[PATCH 02/14] x86/crypto: aesni: Macro-ify func save/restore

2018-02-12 Thread Dave Watson
Macro-ify function save and restore. These will be used in new functions added for scatter/gather update operations. Signed-off-by: Dave Watson --- arch/x86/crypto/aesni-intel_asm.S | 53 ++- 1 file changed, 24 insertions(+), 29

Re: [Crypto v4 01/12] tls: tls_device struct to register TLS drivers

2018-02-12 Thread David Miller
From: Atul Gupta Date: Mon, 12 Feb 2018 17:33:48 +0530 > + /* When calling get_netdev, the HW vendor's driver should return the > + * net device of device @device at port @port_num or NULL if such > + * a net device doesn't exist > + */ > + struct

[PATCH 09/14] x86/crypto: aesni: Move ghash_mul to GCM_COMPLETE

2018-02-12 Thread Dave Watson
Prepare to handle partial blocks between scatter/gather calls. For the last partial block, we only want to calculate the aadhash in GCM_COMPLETE, and a new partial block macro will handle both aadhash update and encrypting partial blocks between calls. Signed-off-by: Dave Watson

[PATCH 11/14] x86/crypto: aesni: Introduce partial block macro

2018-02-12 Thread Dave Watson
Before this diff, multiple calls to GCM_ENC_DEC will succeed, but only if all calls are a multiple of 16 bytes. Handle partial blocks at the start of GCM_ENC_DEC, and update aadhash as appropriate. The data offset %r11 is also updated after the partial block. Signed-off-by: Dave Watson

[PATCH 07/14] x86/crypto: aesni: Split AAD hash calculation to separate macro

2018-02-12 Thread Dave Watson
AAD hash only needs to be calculated once for each scatter/gather operation. Move it to its own macro, and call it from GCM_INIT instead of INITIAL_BLOCKS. Signed-off-by: Dave Watson --- arch/x86/crypto/aesni-intel_asm.S | 71 --- 1 file

[PATCH 08/14] x86/crypto: aesni: Fill in new context data structures

2018-02-12 Thread Dave Watson
Fill in aadhash, aadlen, pblocklen, curcount with appropriate values. pblocklen, aadhash, and pblockenckey are also updated at the end of each scatter/gather operation, to be carried over to the next operation. Signed-off-by: Dave Watson --- arch/x86/crypto/aesni-intel_asm.S

[PATCH 06/14] x86/crypto: aesni: Introduce gcm_context_data

2018-02-12 Thread Dave Watson
Introduce a gcm_context_data struct that will be used to pass context data between scatter/gather update calls. It is passed as the second argument (after crypto keys), other args are renumbered. Signed-off-by: Dave Watson --- arch/x86/crypto/aesni-intel_asm.S | 115

[PATCH 03/14] x86/crypto: aesni: Add GCM_INIT macro

2018-02-12 Thread Dave Watson
Reduce code duplication by introducting GCM_INIT macro. This macro will also be exposed as a function for implementing scatter/gather support, since INIT only needs to be called once for the full operation. Signed-off-by: Dave Watson --- arch/x86/crypto/aesni-intel_asm.S |

[PATCH 04/14] x86/crypto: aesni: Add GCM_COMPLETE macro

2018-02-12 Thread Dave Watson
Merge encode and decode tag calculations in GCM_COMPLETE macro. Scatter/gather routines will call this once at the end of encryption or decryption. Signed-off-by: Dave Watson --- arch/x86/crypto/aesni-intel_asm.S | 172 ++ 1 file changed,

[PATCH 00/14] x86/crypto gcmaes SSE scatter/gather support

2018-02-12 Thread Dave Watson
This patch set refactors the x86 aes/gcm SSE crypto routines to support true scatter/gather by adding gcm_enc/dec_update methods. The layout is: * First 5 patches refactor the code to use macros, so changes only need to be applied once for encode and decode. There should be no functional

[PATCH 12/14] x86/crypto: aesni: Add fast path for > 16 byte update

2018-02-12 Thread Dave Watson
We can fast-path any < 16 byte read if the full message is > 16 bytes, and shift over by the appropriate amount. Usually we are reading > 16 bytes, so this should be faster than the READ_PARTIAL macro introduced in b20209c91e2 for the average case. Signed-off-by: Dave Watson

[PATCH 05/14] x86/crypto: aesni: Merge encode and decode to GCM_ENC_DEC macro

2018-02-12 Thread Dave Watson
Make a macro for the main encode/decode routine. Only a small handful of lines differ for enc and dec. This will also become the main scatter/gather update routine. Signed-off-by: Dave Watson --- arch/x86/crypto/aesni-intel_asm.S | 293

Re: [PATCH 0/5] crypto: Speck support

2018-02-12 Thread Jeffrey Walton
On Mon, Feb 12, 2018 at 2:19 PM, Eric Biggers wrote: > Hi all, > > On Fri, Feb 09, 2018 at 07:07:01PM -0500, Jeffrey Walton wrote: >> > Hi Jeffrey, >> > >> > I see you wrote the SPECK implementation in Crypto++, and you are treating >> > the >> > words as big endian. >> > >>

Re: BUG: unable to handle kernel NULL pointer dereference in sha512_mb_mgr_get_comp_job_avx2

2018-02-12 Thread Eric Biggers
On Sun, Dec 03, 2017 at 12:31:01PM -0800, syzbot wrote: > syzkaller has found reproducer for the following crash on > 4131d5166185d0d75b5f1d4bf362a9e0bac05598 > git://git.cmpxchg.org/linux-mmots.git/master > compiler: gcc (GCC) 7.1.1 20170620 > .config is attached > Raw console output is attached.

Re: [PATCH] hwrng: bcm2835: Handle deferred clock properly

2018-02-12 Thread Florian Fainelli
On 02/12/2018 12:11 PM, Stefan Wahren wrote: > In case the probe of the clock is deferred, we would assume it is > optional. This is wrong, so defer the probe of this driver until > the clock is available. > > Fixes: 791af4f4907a ("hwrng: bcm2835 - Manage an optional clock") > Signed-off-by:

Re: [PATCH 14/14] x86/crypto: aesni: Update aesni-intel_glue to use scatter/gather

2018-02-12 Thread Junaid Shahid
Hi Dave, On 02/12/2018 11:51 AM, Dave Watson wrote: > +static int gcmaes_encrypt_sg(struct aead_request *req, unsigned int assoclen, > + u8 *hash_subkey, u8 *iv, void *aes_ctx) > > +static int gcmaes_decrypt_sg(struct aead_request *req, unsigned int assoclen, > +

[PATCH] hwrng: bcm2835: Handle deferred clock properly

2018-02-12 Thread Stefan Wahren
In case the probe of the clock is deferred, we would assume it is optional. This is wrong, so defer the probe of this driver until the clock is available. Fixes: 791af4f4907a ("hwrng: bcm2835 - Manage an optional clock") Signed-off-by: Stefan Wahren ---

Re: [PATCH 0/5] crypto: Speck support

2018-02-12 Thread Eric Biggers
Hi Jeff, On Mon, Feb 12, 2018 at 02:57:06PM -0500, Jeffrey Walton wrote: > On Mon, Feb 12, 2018 at 2:19 PM, Eric Biggers wrote: > > Hi all, > > > > On Fri, Feb 09, 2018 at 07:07:01PM -0500, Jeffrey Walton wrote: > >> > Hi Jeffrey, > >> > > >> > I see you wrote the SPECK

[PATCH v2 1/5] crypto: add support for the Speck block cipher

2018-02-12 Thread Eric Biggers
Add a generic implementation of Speck, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and

[PATCH v2 3/5] crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS

2018-02-12 Thread Eric Biggers
Add an ARM NEON-accelerated implementation of Speck-XTS. It operates on 128-byte chunks at a time, i.e. 8 blocks for Speck128 or 16 blocks for Speck64. Each 128-byte chunk goes through XTS preprocessing, then is encrypted/decrypted (doing one cipher round for all the blocks, then the next round,

[PATCH v2 4/5] crypto: speck - add test vectors for Speck128-XTS

2018-02-12 Thread Eric Biggers
Add test vectors for Speck128-XTS, generated in userspace using C code. The inputs were borrowed from the AES-XTS test vectors. Both xts(speck128-generic) and xts-speck128-neon pass these tests. Signed-off-by: Eric Biggers --- crypto/testmgr.c | 9 + crypto/testmgr.h |

[PATCH v2 5/5] crypto: speck - add test vectors for Speck64-XTS

2018-02-12 Thread Eric Biggers
Add test vectors for Speck64-XTS, generated in userspace using C code. The inputs were borrowed from the AES-XTS test vectors, with key lengths adjusted. xts-speck64-neon passes these tests. However, they aren't currently applicable for the generic XTS template, as that only supports a 128-bit

[PATCH v2 0/5] crypto: Speck support

2018-02-12 Thread Eric Biggers
Hello, This series adds Speck support to the crypto API, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option

[PATCH v2 2/5] crypto: speck - export common helpers

2018-02-12 Thread Eric Biggers
Export the Speck constants and transform context and the ->setkey(), ->encrypt(), and ->decrypt() functions so that they can be reused by the ARM NEON implementation of Speck-XTS. The generic key expansion code will be reused because it is not performance-critical and is not vectorizable, while