linux-toradex.git/drivers/crypto/inside-secure, branch v5.13-rc3 Linux kernel for Apalis and Colibri modules crypto: inside-secure - Minor typo fix in the file safexcel.c 2021-03-26T09:02:35+00:00 Bhaskar Chowdhury unixbhaskar@gmail.com 2021-03-17T09:14:45+00:00 27fb85783f0dcf40a7fd67a5ff37f01537aa577f s/procesing/processing/ Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com> Acked-by: Antoine Tenart <atenart@kernel.org> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
s/procesing/processing/

Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - fix platform_get_irq.cocci warnings 2021-01-02T21:41:35+00:00 Tian Tao tiantao6@hisilicon.com 2020-12-14T11:44:40+00:00 7334a4be50764500d5cae4d9a655f7755dbedd5d Remove dev_err() messages after platform_get_irq*() failures. drivers/crypto/inside-secure/safexcel.c: line 1161 is redundant because platform_get_irq() already prints an error Generated by: scripts/coccinelle/api/platform_get_irq.cocci Signed-off-by: Tian Tao <tiantao6@hisilicon.com> Acked-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Remove dev_err() messages after platform_get_irq*() failures.
drivers/crypto/inside-secure/safexcel.c: line 1161 is redundant
because platform_get_irq() already prints an error

Generated by: scripts/coccinelle/api/platform_get_irq.cocci

Signed-off-by: Tian Tao <tiantao6@hisilicon.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: remove cipher routines from public crypto API 2021-01-02T21:41:35+00:00 Ard Biesheuvel ardb@kernel.org 2020-12-11T12:27:15+00:00 0eb76ba29d16df2951d37c54ca279c4e5630b071 The cipher routines in the crypto API are mostly intended for templates implementing skcipher modes generically in software, and shouldn't be used outside of the crypto subsystem. So move the prototypes and all related definitions to a new header file under include/crypto/internal. Also, let's use the new module namespace feature to move the symbol exports into a new namespace CRYPTO_INTERNAL. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The cipher routines in the crypto API are mostly intended for templates
implementing skcipher modes generically in software, and shouldn't be
used outside of the crypto subsystem. So move the prototypes and all
related definitions to a new header file under include/crypto/internal.
Also, let's use the new module namespace feature to move the symbol
exports into a new namespace CRYPTO_INTERNAL.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20T03:45:33+00:00 Eric Biggers ebiggers@google.com 2020-11-13T05:20:21+00:00 a24d22b225ce158651378869a6b88105c4bdb887 Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2, and <crypto/sha3.h> contains declarations for SHA-3. This organization is inconsistent, but more importantly SHA-1 is no longer considered to be cryptographically secure. So to the extent possible, SHA-1 shouldn't be grouped together with any of the other SHA versions, and usage of it should be phased out. Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and <crypto/sha2.h>, and make everyone explicitly specify whether they want the declarations for SHA-1, SHA-2, or both. This avoids making the SHA-1 declarations visible to files that don't want anything to do with SHA-1. It also prepares for potentially moving sha1.h into a new insecure/ or dangerous/ directory. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2,
and <crypto/sha3.h> contains declarations for SHA-3.

This organization is inconsistent, but more importantly SHA-1 is no
longer considered to be cryptographically secure.  So to the extent
possible, SHA-1 shouldn't be grouped together with any of the other SHA
versions, and usage of it should be phased out.

Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and
<crypto/sha2.h>, and make everyone explicitly specify whether they want
the declarations for SHA-1, SHA-2, or both.

This avoids making the SHA-1 declarations visible to files that don't
want anything to do with SHA-1.  It also prepares for potentially moving
sha1.h into a new insecure/ or dangerous/ directory.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Fix sizeof() mismatch 2020-10-30T06:34:45+00:00 Colin Ian King colin.king@canonical.com 2020-10-10T16:47:36+00:00 c98e233062cd9d0e2f10e445a671f0799daaef67 An incorrect sizeof() is being used, sizeof(priv->ring[i].rdr_req) is not correct, it should be sizeof(*priv->ring[i].rdr_req). Note that since the size of ** is the same size as * this is not causing any issues. Addresses-Coverity: ("Sizeof not portable (SIZEOF_MISMATCH)") Fixes: 9744fec95f06 ("crypto: inside-secure - remove request list to improve performance") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
An incorrect sizeof() is being used, sizeof(priv->ring[i].rdr_req) is
not correct, it should be sizeof(*priv->ring[i].rdr_req). Note that
since the size of ** is the same size as * this is not causing any
issues.

Addresses-Coverity: ("Sizeof not portable (SIZEOF_MISMATCH)")
Fixes: 9744fec95f06 ("crypto: inside-secure - remove request list to improve performance")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Reuse code in safexcel_hmac_alg_setkey 2020-09-25T07:48:13+00:00 Herbert Xu herbert@gondor.apana.org.au 2020-09-14T04:22:16+00:00 63cdd870ab058e750b7358a979f8baccbbdcfdcc The code in the current implementation of safexcel_hmac_alg_setkey can be reused by safexcel_cipher. This patch does just that by renaming the previous safexcel_hmac_setkey to __safexcel_hmac_setkey. The now-shared safexcel_hmac_alg_setkey becomes safexcel_hmac_setkey and a new safexcel_hmac_alg_setkey has been added for use by ahash transforms. As a result safexcel_aead_setkey's stack frame has been reduced by about half in size, or about 512 bytes. Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The code in the current implementation of safexcel_hmac_alg_setkey
can be reused by safexcel_cipher.  This patch does just that by
renaming the previous safexcel_hmac_setkey to __safexcel_hmac_setkey.
The now-shared safexcel_hmac_alg_setkey becomes safexcel_hmac_setkey
and a new safexcel_hmac_alg_setkey has been added for use by ahash
transforms.

As a result safexcel_aead_setkey's stack frame has been reduced by
about half in size, or about 512 bytes.

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Move ipad/opad into safexcel_context 2020-09-25T07:48:13+00:00 Herbert Xu herbert@gondor.apana.org.au 2020-09-14T04:22:14+00:00 78cf1c8bfcb81a21347dfa57ce71d475cea9f595 As both safexcel_ahash_ctx and safexcel_cipher_ctx contain ipad and opad buffers this patch moves them into the common struct safexcel_context. It also adds a union so that they can be accessed in the appropriate endian without crazy casts. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
As both safexcel_ahash_ctx and safexcel_cipher_ctx contain ipad
and opad buffers this patch moves them into the common struct
safexcel_context.  It also adds a union so that they can be accessed
in the appropriate endian without crazy casts.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Move priv pointer into safexcel_context 2020-09-25T07:48:12+00:00 Herbert Xu herbert@gondor.apana.org.au 2020-09-14T04:22:11+00:00 18e5189535910450f6cf7a63f8f0b84153b91f66 This patch moves the priv pointer into struct safexcel_context because both structs that extend safexcel_context have that pointer as well. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch moves the priv pointer into struct safexcel_context
because both structs that extend safexcel_context have that pointer
as well.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Add support for EIP197 with output classifier 2020-09-18T07:20:12+00:00 Pascal van Leeuwen pvanleeuwen@rambus.com 2020-09-11T07:46:39+00:00 dbc756fcf7f3b843a3c96ac4d9522a86a757ae58 This patch adds support for EIP197 instances that include the output classifier (OCE) option, as used by one of our biggest customers. The OCE normally requires initialization and dedicated firmware, but for the simple operations supported by this driver, we just bypass it completely for now (using what is formally a debug feature). Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com> Acked-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch adds support for EIP197 instances that include the output
classifier (OCE) option, as used by one of our biggest customers.
The OCE normally requires initialization and dedicated firmware, but
for the simple operations supported by this driver, we just bypass it
completely for now (using what is formally a debug feature).

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Prevent missing of processing errors 2020-09-18T07:20:10+00:00 Pascal van Leeuwen pvanleeuwen@rambus.com 2020-09-08T06:10:45+00:00 bd03b0214ad426c078d46c2b54a3b14f81b97f6b On systems with coherence issues, packet processed could succeed while it should have failed, e.g. because of an authentication fail. This is because the driver would read stale status information that had all error bits initialised to zero = no error. Since this is potential a security risk, we want to prevent it from being a possibility at all. So initialize all error bits to error state, so that reading stale status information will always result in errors. Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com> Acked-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
On systems with coherence issues, packet processed could succeed while
it should have failed, e.g. because of an authentication fail.
This is because the driver would read stale status information that had
all error bits initialised to zero = no error.
Since this is potential a security risk, we want to prevent it from being
a possibility at all. So initialize all error bits to error state, so
that reading stale status information will always result in errors.

Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com>
Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>