linux-toradex.git/drivers/crypto/inside-secure, branch v6.1-rc3 Linux kernel for Apalis and Colibri modules crypto: inside-secure - Replace generic aes with libaes 2022-09-24T08:14:43+00:00 Peter Harliman Liem pliem@maxlinear.com 2022-09-13T08:03:48+00:00 320406cb60b6408d87f6a5bc729285fc44107352 Commit 363a90c2d517 ("crypto: safexcel/aes - switch to library version of key expansion routine") removed CRYPTO_AES in the config. However, some portions of codes still rely on generic AES cipher (e.g. refer to safexcel_aead_gcm_cra_init(), safexcel_xcbcmac_cra_init()). This causes transform allocation failure for those algos, if CRYPTO_AES is not manually enabled. To resolve that, we replace all existing AES cipher dependent codes with their AES library counterpart. Fixes: 363a90c2d517 ("crypto: safexcel/aes - switch to library version of key expansion routine") Signed-off-by: Peter Harliman Liem <pliem@maxlinear.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Commit 363a90c2d517 ("crypto: safexcel/aes - switch to
library version of key expansion routine") removed
CRYPTO_AES in the config. However, some portions of codes
still rely on generic AES cipher (e.g. refer to
safexcel_aead_gcm_cra_init(), safexcel_xcbcmac_cra_init()).
This causes transform allocation failure for those algos,
if CRYPTO_AES is not manually enabled.

To resolve that, we replace all existing AES cipher
dependent codes with their AES library counterpart.

Fixes: 363a90c2d517 ("crypto: safexcel/aes - switch to library version of key expansion routine")
Signed-off-by: Peter Harliman Liem <pliem@maxlinear.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside_secure - Avoid dma map if size is zero 2022-09-24T08:14:42+00:00 Peter Harliman Liem pliem@maxlinear.com 2022-09-13T08:03:47+00:00 49186a7d9e46ff132a0ed9b721ad6b6a58dba6c1 From commit d03c54419274 ("dma-mapping: disallow .map_sg operations from returning zero on error"), dma_map_sg() produces warning if size is 0. This results in visible warnings if crypto length is zero. To avoid that, we avoid calling dma_map_sg if size is zero. Signed-off-by: Peter Harliman Liem <pliem@maxlinear.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
From commit d03c54419274 ("dma-mapping: disallow .map_sg
operations from returning zero on error"), dma_map_sg()
produces warning if size is 0. This results in visible
warnings if crypto length is zero.
To avoid that, we avoid calling dma_map_sg if size is zero.

Signed-off-by: Peter Harliman Liem <pliem@maxlinear.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Change swab to swab32 2022-09-16T10:29:44+00:00 Peter Harliman Liem pliem@maxlinear.com 2022-09-06T02:51:28+00:00 664593407e936b6438fbfaaf98876910fd31cf9a The use of swab() is causing failures in 64-bit arch, as it translates to __swab64() instead of the intended __swab32(). It eventually causes wrong results in xcbcmac & cmac algo. Fixes: 78cf1c8bfcb8 ("crypto: inside-secure - Move ipad/opad into safexcel_context") Signed-off-by: Peter Harliman Liem <pliem@maxlinear.com> Acked-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The use of swab() is causing failures in 64-bit arch, as it
translates to __swab64() instead of the intended __swab32().
It eventually causes wrong results in xcbcmac & cmac algo.

Fixes: 78cf1c8bfcb8 ("crypto: inside-secure - Move ipad/opad into safexcel_context")
Signed-off-by: Peter Harliman Liem <pliem@maxlinear.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of 2022-07-29T10:28:54+00:00 Pali Rohár pali@kernel.org 2022-07-19T07:54:03+00:00 fa4d57b85786ec0e16565c75a51c208834b0c24d Without MODULE_DEVICE_TABLE, crypto_safexcel.ko module is not automatically loaded on platforms where inside-secure crypto HW is specified in device tree (e.g. Armada 3720). So add missing MODULE_DEVICE_TABLE for of. Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") Signed-off-by: Pali Rohár <pali@kernel.org> Acked-by: Marek Behún <kabel@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Without MODULE_DEVICE_TABLE, crypto_safexcel.ko module is not automatically
loaded on platforms where inside-secure crypto HW is specified in device
tree (e.g. Armada 3720). So add missing MODULE_DEVICE_TABLE for of.

Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - fix packed bit-field result descriptor 2022-07-08T07:21:17+00:00 Ofer Heifetz oferh@marvell.com 2022-07-02T07:14:26+00:00 932be3e95b228d13cd1b8aaf5c0578c76e3f7dc6 When mixing bit-field and none bit-filed in packed struct the none bit-field starts at a distinct memory location, thus adding an additional byte to the overall structure which is used in memory zero-ing and other configuration calculations. Fix this by removing the none bit-field that has a following bit-field. Signed-off-by: Ofer Heifetz <oferh@marvell.com> Acked-by: Antoine Tenart <atenart@kernel.org> Acked-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
When mixing bit-field and none bit-filed in packed struct the
none bit-field starts at a distinct memory location, thus adding
an additional byte to the overall structure which is used in
memory zero-ing and other configuration calculations.

Fix this by removing the none bit-field that has a following
bit-field.

Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Add MODULE_FIRMWARE macros 2022-05-06T10:16:55+00:00 Juerg Haefliger juerg.haefliger@canonical.com 2022-04-27T07:43:51+00:00 580c8619698f2c4af4c81abc2a26641d4162d9b3 The safexcel module loads firmware so add MODULE_FIRMWARE macros to provide that information via modinfo. Signed-off-by: Juerg Haefliger <juergh@protonmail.com> Acked-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The safexcel module loads firmware so add MODULE_FIRMWARE macros to
provide that information via modinfo.

Signed-off-by: Juerg Haefliger <juergh@protonmail.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Minor typo fix in the file safexcel.c 2021-03-26T09:02:35+00:00 Bhaskar Chowdhury unixbhaskar@gmail.com 2021-03-17T09:14:45+00:00 27fb85783f0dcf40a7fd67a5ff37f01537aa577f s/procesing/processing/ Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com> Acked-by: Antoine Tenart <atenart@kernel.org> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
s/procesing/processing/

Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - fix platform_get_irq.cocci warnings 2021-01-02T21:41:35+00:00 Tian Tao tiantao6@hisilicon.com 2020-12-14T11:44:40+00:00 7334a4be50764500d5cae4d9a655f7755dbedd5d Remove dev_err() messages after platform_get_irq*() failures. drivers/crypto/inside-secure/safexcel.c: line 1161 is redundant because platform_get_irq() already prints an error Generated by: scripts/coccinelle/api/platform_get_irq.cocci Signed-off-by: Tian Tao <tiantao6@hisilicon.com> Acked-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Remove dev_err() messages after platform_get_irq*() failures.
drivers/crypto/inside-secure/safexcel.c: line 1161 is redundant
because platform_get_irq() already prints an error

Generated by: scripts/coccinelle/api/platform_get_irq.cocci

Signed-off-by: Tian Tao <tiantao6@hisilicon.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: remove cipher routines from public crypto API 2021-01-02T21:41:35+00:00 Ard Biesheuvel ardb@kernel.org 2020-12-11T12:27:15+00:00 0eb76ba29d16df2951d37c54ca279c4e5630b071 The cipher routines in the crypto API are mostly intended for templates implementing skcipher modes generically in software, and shouldn't be used outside of the crypto subsystem. So move the prototypes and all related definitions to a new header file under include/crypto/internal. Also, let's use the new module namespace feature to move the symbol exports into a new namespace CRYPTO_INTERNAL. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The cipher routines in the crypto API are mostly intended for templates
implementing skcipher modes generically in software, and shouldn't be
used outside of the crypto subsystem. So move the prototypes and all
related definitions to a new header file under include/crypto/internal.
Also, let's use the new module namespace feature to move the symbol
exports into a new namespace CRYPTO_INTERNAL.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20T03:45:33+00:00 Eric Biggers ebiggers@google.com 2020-11-13T05:20:21+00:00 a24d22b225ce158651378869a6b88105c4bdb887 Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2, and <crypto/sha3.h> contains declarations for SHA-3. This organization is inconsistent, but more importantly SHA-1 is no longer considered to be cryptographically secure. So to the extent possible, SHA-1 shouldn't be grouped together with any of the other SHA versions, and usage of it should be phased out. Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and <crypto/sha2.h>, and make everyone explicitly specify whether they want the declarations for SHA-1, SHA-2, or both. This avoids making the SHA-1 declarations visible to files that don't want anything to do with SHA-1. It also prepares for potentially moving sha1.h into a new insecure/ or dangerous/ directory. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2,
and <crypto/sha3.h> contains declarations for SHA-3.

This organization is inconsistent, but more importantly SHA-1 is no
longer considered to be cryptographically secure.  So to the extent
possible, SHA-1 shouldn't be grouped together with any of the other SHA
versions, and usage of it should be phased out.

Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and
<crypto/sha2.h>, and make everyone explicitly specify whether they want
the declarations for SHA-1, SHA-2, or both.

This avoids making the SHA-1 declarations visible to files that don't
want anything to do with SHA-1.  It also prepares for potentially moving
sha1.h into a new insecure/ or dangerous/ directory.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>