Commit Graph

161 Commits

Author SHA1 Message Date
Catalin Vasile
ff2c3a3b8e crypto: caam - add support for givencrypt cbc(des) and cbc(des3_ede)
Merge DES Cipher Block Chaining mode (CBC) and Triple DES Cipher Block
Chaining mode (CBC) algorithms from ablkcipher to givencrypt.

Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-12 22:14:32 +08:00
Catalin Vasile
7222d1a341 crypto: caam - add support for givencrypt cbc(aes) and rfc3686(ctr(aes))
Add support for one-shot givencrypt algorithms.
Givencrypt algorithms will generate their IV and encrypt data
within the same shared job descriptors.
Current algorithms merged from ablkcipher to givencrypt are:
 - AES Cipher Block Chaining (CBC)
 - AES Counter Mode (CTR) compliant with RFC3686

Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-06 23:15:05 +08:00
Catalin Vasile
daebc46585 crypto: caam - add support for rfc3686 with authenc md5, sha1 and sha2
Add support for AES Counter Mode (CTR) compliant with RFC3686 to be
used along with authenc algorithms (md5, sha1, sha224, sha256, sha384,
sha512) as one-shot aead algorithms.

Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-06 23:15:04 +08:00
Catalin Vasile
a5f57cffce crypto: caam - add support for rfc3686(ctr(aes))
Add support for Advanced Encryption Standard (AES) in Counter Mode (CTR)
as provided in IPsec implementation standard RFC3686.

ablkcipher shared descriptors now save context registers after job
execution. This is used to load Nonce specific to RFC3686 only at
first execution of shared job descriptor.

Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-06 23:15:04 +08:00
Catalin Vasile
2b22f6c547 crypto: caam - add support for ctr(aes)
Add support for AES working in Counter Mode

Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-06 23:15:04 +08:00
Tudor Ambarus
5d0429a30f crypto: caam - add support for rfc4543(gcm(aes))
Add AES-GMAC as an IPSec ESP mechanism to provide
data origin authentication, but not confidentiality.
This method is referred as ENCR_NULL_AUTH_AES_GMAC.

Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-06 23:15:03 +08:00
Tudor Ambarus
19167bfd8a crypto: caam - fix output sequence contiguity check
This patch fixes the assumption that output sequence is not contiguous
when input sequence is not contiguous and in-place encryption is done.
Output sequence does not need to be contiguous with associated data.

Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-11-06 23:15:00 +08:00
Tudor Ambarus
bac68f2c9a crypto: caam - add support for rfc4106(gcm(aes))
Add Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM)
as an IPsec Encapsulating Security Payload (ESP) mechanism
to provide confidentiality and data origin authentication.

Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-10-24 22:52:28 +08:00
Tudor Ambarus
3ef8d945d0 crypto: caam - add support for gcm(aes)
Add support for AES working in Galois Counter Mode.

There is a limitation related to IV size, similar to the one present in
SW implementation (crypto/gcm.c):
The only IV size allowed is 12 bytes. It will be padded by HW to the right
with 0x0000_0001 (up to 16 bytes - AES block size), according to the GCM
specification.

Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-10-24 22:52:28 +08:00
Horia Geanta
a60384dfff crypto: caam - set DK (Decrypt Key) bit only for AES accelerator
AES currently shares descriptor creation functions with DES and 3DES.
DK bit is set in all cases, however it is valid only for
the AES accelerator.

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-07-23 21:31:36 +08:00
Horia Geanta
ce57208528 crypto: caam - fix "failed to check map error" DMA warnings
Use dma_mapping_error for every dma_map_single / dma_map_page.

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Acked-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-07-23 21:28:43 +08:00
Horia Geanta
71c65f7c90 crypto: caam - fix typo in dma_mapping_error
dma_mapping_error checks for an incorrect DMA address:
s/ctx->sh_desc_enc_dma/ctx->sh_desc_dec_dma

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Acked-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-07-23 21:28:43 +08:00
Ruchika Gupta
35af640386 crypto: caam - Check for CAAM block presence before registering with crypto layer
The layer which registers with the crypto API should check for the presence of
the CAAM device it is going to use.  If the platform's device tree doesn't have
the required CAAM node, the layer should return an error and not register the
algorithms with crypto API layer.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-07-10 16:50:33 +08:00
Ruchika Gupta
1da2be33ad crypto: caam - Correct the dma mapping for sg table
At few places in caamhash and caamalg, after allocating a dmable
buffer for sg table , the buffer was being modified.  As per
definition of DMA_FROM_DEVICE ,afer allocation the memory should
be treated as read-only by the driver. This patch shifts the
allocation of dmable buffer for sg table after it is populated
by the  driver, making it read-only as per the DMA API's requirement.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-06-25 21:38:41 +08:00
Vakul Garg
80cd88f2f5 crypto: caam - reinitialize keys_fit_inline for decrypt and givencrypt
Re-initialize keys_fit_inline to avoid using its stale encrypt() shared
descriptor value prior to building descriptors for the decrypt() and
givencrypt() cases.

Signed-off-by: Vakul Garg <vakul@freescale.com>
[reworded commit text, enhanced code readability]
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-05-13 19:43:46 +08:00
Marek Vasut
fa9659cd4d crypto: caam - Contain caam_jr_strstatus() ugliness
The tentacles of this function were firmly attached to various
places in the CAAM code. Just cut them, or this cthulhu function
will sprout them anew.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-05-08 21:58:06 +08:00
Horia Geanta
ec31eed754 crypto: caam - add missing key_dma unmap
(struct caam_ctx) ctx->key_dma needs to be unmapped
when context is cleaned up.

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-03-21 21:54:28 +08:00
Horia Geanta
ae4a825ffd crypto: caam - add support for aead null encryption
Add support for the following combinations:
-encryption: null
-authentication: md5, sha* (1, 224, 256, 384, 512)

Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-03-21 21:54:27 +08:00
Horia Geanta
4464a7d4f5 crypto: caam - remove error propagation handling
Commit 61bb86bba1
("crypto: caam - set descriptor sharing type to SERIAL")
changed the descriptor sharing mode from SHARE_WAIT to SHARE_SERIAL.

All descriptor commands that handle the "ok to share" and
"error propagation" settings should also go away, since they have no
meaning for SHARE_SERIAL.

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-03-21 21:54:24 +08:00
Horia Geanta
4e6e0b272d crypto: caam - simplify and harden key parsing
Use the common helper function crypto_authenc_extractkeys() for key
parsing.
Also fix the key buffer overflow condition: use split key pad length
instead of authentication key length.

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-12-20 20:06:27 +08:00
Horia Geanta
bbf9c8934b crypto: caam - fix aead sglen for case 'dst != src'
For aead case when source and destination buffers are different,
there is an incorrect assumption that the source length includes the ICV
length. Fix this, since it leads to an oops when using sg_count() to
find the number of nents in the scatterlist:

Unable to handle kernel paging request for data at address 0x00000004
Faulting instruction address: 0xf91f7634
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=8 P4080 DS
Modules linked in: caamalg(+) caam_jr caam
CPU: 1 PID: 1053 Comm: cryptomgr_test Not tainted 3.11.0 #16
task: eeb24ab0 ti: eeafa000 task.ti: eeafa000
NIP: f91f7634 LR: f91f7f24 CTR: f91f7ef0
REGS: eeafbbc0 TRAP: 0300   Not tainted  (3.11.0)
MSR: 00029002 <CE,EE,ME>  CR: 44044044  XER: 00000000
DEAR: 00000004, ESR: 00000000

GPR00: f91f7f24 eeafbc70 eeb24ab0 00000002 ee8e0900 ee8e0800 00000024 c45c4462
GPR08: 00000010 00000000 00000014 0c0e4000 24044044 00000000 00000000 c0691590
GPR16: eeab0000 eeb23000 00000000 00000000 00000000 00000001 00000001 eeafbcc8
GPR24: 000000d1 00000010 ee2d5000 ee49ea10 ee49ea10 ee46f640 ee46f640 c0691590
NIP [f91f7634] aead_edesc_alloc.constprop.14+0x144/0x780 [caamalg]
LR [f91f7f24] aead_encrypt+0x34/0x288 [caamalg]
Call Trace:
[eeafbc70] [a1004000] 0xa1004000 (unreliable)
[eeafbcc0] [f91f7f24] aead_encrypt+0x34/0x288 [caamalg]
[eeafbcf0] [c020d77c] __test_aead+0x3ec/0xe20
[eeafbe20] [c020f35c] test_aead+0x6c/0xe0
[eeafbe40] [c020f420] alg_test_aead+0x50/0xd0
[eeafbe60] [c020e5e4] alg_test+0x114/0x2e0
[eeafbee0] [c020bd1c] cryptomgr_test+0x4c/0x60
[eeafbef0] [c0047058] kthread+0xa8/0xb0
[eeafbf40] [c000eb0c] ret_from_kernel_thread+0x5c/0x64
Instruction dump:
69084321 7d080034 5508d97e 69080001 0f080000 81290024 552807fe 0f080000
3a600001 5529003a 2f8a0000 40dd0028 <80e90004> 3ab50001 8109000c 70e30002
---[ end trace b3c3e23925c7484e ]---

While here, add a tcrypt mode for making it easy to test authenc
(needed for triggering case above).

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-11-28 22:25:17 +08:00
Ruchika Gupta
cfc6f11b76 crypto: caam - Modify the interface layers to use JR API's
- Earlier interface layers - caamalg, caamhash, caamrng were
  directly using the Controller driver private structure to access
  the Job ring.
- Changed the above to use alloc/free API's provided by Job Ring Drive

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: Garg Vakul-B16394 <vakul@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-10-30 12:02:58 +08:00
Ruchika Gupta
313ea293e9 crypto: caam - Add Platform driver for Job Ring
The SEC Job Rings are now available as individual devices.
This would enable sharing of job rings between kernel and
user space. Job Rings can now be dynamically bound/unbound
from kernel.

Changes are made in the following layers of CAAM Driver
1. Controller driver
        - Does basic initialization of CAAM Block.
        - Creates platform devices for Job Rings.
(Earlier the initialization of Job ring  was done
 by the controller driver)

2. JobRing Platform driver
        - Manages the platform Job Ring devices created
          by the controller driver

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: Garg Vakul-B16394 <vakul@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-10-30 12:02:57 +08:00
Alex Porosanu
b2744dfd39 crypto: caam - fix hash, alg and rng registration if CAAM driver not initialized
If the CAAM driver initialization failed (due to various reasons, e.g. RNG4
initialization failed), then the registration of hash/algorithms/rng shouldn't
take place. This patch adds the necessary code to prevent this registration.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-09-13 21:43:54 +10:00
Alex Porosanu
514df2816f crypto: caam - replace xstr macro with __stringify
CAAM driver contains one macro (xstr) used for printing
the line location in a file where a memdump is done. This patch
replaces the xstr macro with the already existing __stringify
macro that performs the same function.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-08-21 21:08:36 +10:00
Vakul Garg
aa2faec1a0 crypto: caam - Moved macro DESC_JOB_IO_LEN to desc_constr.h
DESC_JOB_IO_LEN is a generic macro which indicates the space required in
the descriptor for placing SEQIN/OUT commands, job descriptor header,
shared descriptor pointer. Moving it to descriptor construction file
which can be supposedly included by different algo offload files.

Change-Id: Ic8900990d465e9079827b0c7fcacc61766d7efb6
Signed-off-by: Vakul Garg <vakul@freescale.com>
Reviewed-by: Geanta Neag Horia Ioan-B05471 <horia.geanta@freescale.com>
Reviewed-by: Fleming Andrew-AFLEMING <AFLEMING@freescale.com>
Tested-by: Fleming Andrew-AFLEMING <AFLEMING@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-07-10 16:53:28 +10:00
Horia Geanta
286233e604 crypto: caam - fix inconsistent assoc dma mapping direction
req->assoc is dma mapped BIDIRECTIONAL and unmapped TO_DEVICE.
Since it is read-only for the device, use TO_DEVICE both for mapping
and unmapping.

Cc: <stable@vger.kernel.org> # 3.9, 3.8
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-05-14 10:37:57 +08:00
Linus Torvalds
797994f81a Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto update from Herbert Xu:

 - XTS mode optimisation for twofish/cast6/camellia/aes on x86

 - AVX2/x86_64 implementation for blowfish/twofish/serpent/camellia

 - SSSE3/AVX/AVX2 optimisations for sha256/sha512

 - Added driver for SAHARA2 crypto accelerator

 - Fix for GMAC when used in non-IPsec secnarios

 - Added generic CMAC implementation (including IPsec glue)

 - IP update for crypto/atmel

 - Support for more than one device in hwrng/timeriomem

 - Added Broadcom BCM2835 RNG driver

 - Misc fixes

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (59 commits)
  crypto: caam - fix job ring cleanup code
  crypto: camellia - add AVX2/AES-NI/x86_64 assembler implementation of camellia cipher
  crypto: serpent - add AVX2/x86_64 assembler implementation of serpent cipher
  crypto: twofish - add AVX2/x86_64 assembler implementation of twofish cipher
  crypto: blowfish - add AVX2/x86_64 implementation of blowfish cipher
  crypto: tcrypt - add async cipher speed tests for blowfish
  crypto: testmgr - extend camellia test-vectors for camellia-aesni/avx2
  crypto: aesni_intel - fix Kconfig problem with CRYPTO_GLUE_HELPER_X86
  crypto: aesni_intel - add more optimized XTS mode for x86-64
  crypto: x86/camellia-aesni-avx - add more optimized XTS code
  crypto: cast6-avx: use new optimized XTS code
  crypto: x86/twofish-avx - use optimized XTS code
  crypto: x86 - add more optimized XTS-mode for serpent-avx
  xfrm: add rfc4494 AES-CMAC-96 support
  crypto: add CMAC support to CryptoAPI
  crypto: testmgr - add empty test vectors for null ciphers
  crypto: testmgr - add AES GMAC test vectors
  crypto: gcm - fix rfc4543 to handle async crypto correctly
  crypto: gcm - make GMAC work when dst and src are different
  hwrng: timeriomem - added devicetree hooks
  ...
2013-05-02 14:53:12 -07:00
Vakul Garg
cb7d5662d7 crypto: caam - Fix missing init of '.type' in AEAD algos.
Following AEAD algo templates are updated for '.type' initialization.
	(a) authenc(hmac(sha224),cbc(aes))
	(b) authenc(hmac(sha384),cbc(aes))
	(c) authenc(hmac(sha224),cbc(des3_ede))
	(d) authenc(hmac(sha384),cbc(des3_ede))
	(e) authenc(hmac(sha224),cbc(des))
	(f) authenc(hmac(sha384),cbc(des))

Signed-off-by: Vakul Garg <vakul@freescale.com>
Reviewed-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-03-22 18:13:54 +08:00
Horia Geanta
246bbedb9a Revert "crypto: caam - add IPsec ESN support"
This reverts commit 891104ed00.

Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.

ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.

Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Reviewed-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-03-21 17:36:03 +08:00
Horia Geanta
891104ed00 crypto: caam - add IPsec ESN support
Support for ESNs (extended sequence numbers).
Tested with strongswan by connecting back-to-back P1010RDB with P2020RDB.

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-09-07 04:17:07 +08:00
Kim Phillips
2af8f4a272 crypto: caam - coccicheck fixes
use true/false for bool, fix code alignment, and fix two allocs with
no test.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-09-07 04:17:03 +08:00
Kim Phillips
61bb86bba1 crypto: caam - set descriptor sharing type to SERIAL
SHARE_WAIT, whilst more optimal for association-less crypto,
has the ability to start thrashing the CCB descriptor/key
caches, given high levels of traffic across multiple security
associations (and thus keys).

Switch to using the SERIAL sharing type, which prefers
the last used CCB for the SA.  On a 2-DECO platform
such as the P3041, this can improve performance by
about 3.7%.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-08-01 17:47:31 +08:00
Yuan Kang
643b39b031 crypto: caam - chaining support
support chained scatterlists for aead, ablkcipher and ahash.

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>

- fix dma unmap leak
- un-unlikely src == dst, due to experience with AF_ALG

Signed-off-by: Kudupudi Ugendreshwar <B38865@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-06-27 14:42:05 +08:00
Yuan Kang
a299c83704 crypto: caam - link_tbl rename
- rename scatterlist and link_tbl functions
- link_tbl changed to sec4_sg
- sg_to_link_tbl_one changed to dma_to_sec4_sg_one,
  since no scatterlist is use

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-06-27 14:42:05 +08:00
Yuan Kang
4c1ec1f930 crypto: caam - refactor key_gen, sg
create separate files for split key generation and scatterlist functions.

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-06-27 14:42:05 +08:00
Yuan Kang
8009a383f2 crypto: caam - remove jr register/deregister
remove caam_jr_register and caam_jr_deregister
to allow sharing of job rings.

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-06-27 14:42:04 +08:00
Yuan Kang
6ec4733493 crypto: caam - support external seq in/out lengths
functions for external storage of seq in/out lengths,
i.e., for 32-bit lengths.

These type-dependent functions automatically determine whether to
store the length internally (embedded in the command header word) or
externally (after the address pointer), based on size of the type
given.

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-06-27 14:42:04 +08:00
Kim Phillips
70d793cc30 crypto: caam - remove line continuations from ablkcipher_append_src_dst
presumably leftovers from possible macro development.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-06-27 14:42:03 +08:00
Shengzhou Liu
a0ea0f6d17 crypto: caam - add backward compatible string sec4.0
In some device trees of previous version, there were string "fsl,sec4.0".
To be backward compatible with device trees, we have CAAM driver first
check "fsl,sec-v4.0", if it fails, then check for "fsl,sec4.0".

Signed-off-by: Shengzhou Liu <Shengzhou.Liu@freescale.com>
Acked-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-03-29 16:34:57 +08:00
Kim Phillips
0113529f37 crypto: caam - be less noisy on startup
sha224 and 384 support extends caam noise to 21 lines.  Do the same
as commit 5b859b6 "crypto: talitos - be less noisy on startup", but
for caam, and display:

caam ffe300000.crypto: fsl,sec-v4.0 algorithms registered in /proc/crypto

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-01-13 16:38:41 +11:00
Hemant Agrawal
e863f9ccc7 crypto: caam - add sha224 and sha384 variants to existing AEAD algorithms
Signed-off-by: Hemant Agrawal <hemant@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-01-13 16:38:41 +11:00
Nikos Mavrogiannopoulos
d912bb7677 crypto: Add CRYPTO_ALG_KERN_DRIVER_ONLY flag
The added CRYPTO_ALG_KERN_DRIVER_ONLY indicates whether a cipher
is only available via a kernel driver. If the cipher implementation
might be available by using an instruction set or by porting the
kernel code, then it must not be set.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-01-13 16:38:40 +11:00
Kim Phillips
a2ecb155a3 crypto: caam - fix polarity of "propagate error" logic
the polarity of the definition for error propagation was reverse
in the initial desc.h.  Fix desc.h and its users.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-12-20 15:20:04 +08:00
Kim Phillips
8b4d43a4e7 crypto: caam - add support for MD5 algorithm variants
specifically, add these algorithm combinations:

authenc-hmac-md5-cbc-aes-caam
authenc-hmac-md5-cbc-des3_ede-caam
authenc-hmac-md5-cbc-des-caam

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-11-21 16:21:53 +08:00
Yuan Kang
acdca31dba crypto: caam - ablkcipher support
caam now supports encrypt and decrypt
for aes, des and 3des

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-07-15 11:21:42 +08:00
Yuan Kang
1acebad3d8 crypto: caam - faster aead implementation
Job descriptors only contain header and seq pointers.

Other commands are stored in separate shared descriptors
for encrypt, decrypt and givencrypt, stored as arrays
in caam_ctx.

This requires additional macros to create math commands
to calculate assoclen and cryptlen.

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-07-15 11:21:42 +08:00
Yuan Kang
885e9e2fd3 crypto: caam - structure renaming
caam_ctx.key_phys to key_dma

caam_alg_template supports multiple algorithm types
listed in union, which requires cases for
different types in function caam_alg_alloc

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-07-15 11:21:41 +08:00
Yuan Kang
0e47930020 crypto: caam - shorter names
"aead_authenc" and "ipsec_esp" changed to "aead,"
except for function "ipsec_esp," which is changed
to "init_aead_job."

Variable name of aead_request structures changed
to "req" and name of aead_givcrypt_request structure
changed to "areq"

Signed-off-by: Yuan Kang <Yuan.Kang@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-07-15 11:21:41 +08:00
Kim Phillips
a18b989a5c crypto: caam - fix operator precedence in shared descriptor allocation
setkey allocates 16 bytes (CAAM_CMD_SZ *
DESC_AEAD_SHARED_TEXT_LEN) shy of what is needed to
store the shared descriptor, resulting in memory
corruption.  Fix this.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-06-30 07:43:27 +08:00
Kim Phillips
4427b1b4ec crypto: caam - add support for sha512 variants of existing AEAD algorithms
In doing so, sha512 sized keys would not fit with the current
descriptor inlining mechanism, so we now calculate whether keys
should be referenced instead by pointers in the shared descriptor.

also, use symbols for descriptor text lengths, and, ahem, unmap and
free key i/o memory in cra_exit.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-19 14:38:00 +10:00
Kim Phillips
66664487b1 crypto: caam - remove unused authkeylen from caam_ctx
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-19 14:37:59 +10:00
Kim Phillips
ddbb80884a crypto: caam - fix decryption shared vs. non-shared key setting
Key sharing is enabled by default in the shared descriptor.

Using CBC decrypt, AES has to alter the key in order to decrypt.
During high traffic decryption rates, i.e, when sharing starts to
take place, we need to use a different OPERATION option to tell AES
that the key was already altered by the PRIOR descriptor - we need
the following kind of logic:

if ( shared )
    operation where AES uses decryption key (DK=1)
else
    operation where AES uses encryption key (DK=0)

this patch implements this logic using a conditional and
a non-conditional local jump within the decryption job
descriptor.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-19 14:37:59 +10:00
Kim Phillips
de2954d664 crypto: caam - fix printk recursion for long error texts
during recent descriptor development, an Invalid Sequence Command
error triggered a:

BUG: recent printk recursion!

due to insufficient memory allocated for the error text.

The Invalid Sequence Command error text is the longest.
The length of the maximum error string is computed as
the sum of:

"DECO: ": 6
"jump tgt desc idx 255: ": 23
Invalid Sequence Command text: 272
zero termination character: 1

i.e, 302 characters.

Define this maximum error string length in error.h and fix
caam_jr_strstatus callsites.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-04 15:15:06 +10:00
Kim Phillips
701af31ce0 crypto: caam - remove unused keylen from session context
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-04 15:15:05 +10:00
Kim Phillips
ec8e8dfe5f crypto: caam - remove duplicate dev_err
keep the hex error value reporting version (a) to be consistent
with decrypt_done(), and (b) to keep our hardware guys happy.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-03 09:53:40 +10:00
Kim Phillips
d37d36e31c crypto: caam - remove WAIT-FOR-COMPLETIONs from givencrypt descriptor
remains from descriptor debugging - not required for normal operation.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-05-03 09:53:38 +10:00
Julia Lawall
b3b7f0550f crypto: caam - introduce missing kfree
Error handling code following a kmalloc should free the allocated data.

The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@r exists@
local idexpression x;
statement S;
expression E;
identifier f,f1,l;
position p1,p2;
expression *ptr != NULL;
@@

x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
     when != if (...) { <+...x...+> }
(
x->f1 = E
|
 (x->f1 == NULL || ...)
|
 f(...,x->f1,...)
)
...>
(
 return \(0\|<+...x...+>\|ptr\);
|
 return@p2 ...;
)

@script:python@
p1 << r.p1;
p2 << r.p2;
@@

print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-04-08 20:39:23 +08:00
Dan Carpenter
cdc712d884 crypto: caam - dereferencing ERR_PTR on allocation failure
t_alg is an ERR_PTR here so we can't dereference it.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-03-27 10:45:17 +08:00
Kim Phillips
54e198d4c1 crypto: caam - standardize device tree naming convention to utilize '-vX.Y'
Help clarify that the number trailing in compatible nomenclature
is the version number of the device, i.e., change:

"fsl,p4080-sec4.0", "fsl,sec4.0";

to:

"fsl,p4080-sec-v4.0", "fsl,sec-v4.0";

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Cc: Kumar Gala <kumar.gala@freescale.com>
Cc: Steve Cornelius <sec@pobox.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-03-27 10:45:17 +08:00
Kim Phillips
8e8ec596e6 crypto: caam - Add support for the Freescale SEC4/CAAM
The SEC4 supercedes the SEC2.x/3.x as Freescale's
Integrated Security Engine.  Its programming model is
incompatible with all prior versions of the SEC (talitos).

The SEC4 is also known as the Cryptographic Accelerator
and Assurance Module (CAAM); this driver is named caam.

This initial submission does not include support for Data Path
mode operation - AEAD descriptors are submitted via the job
ring interface, while the Queue Interface (QI) is enabled
for use by others.  Only AEAD algorithms are implemented
at this time, for use with IPsec.

Many thanks to the Freescale STC team for their contributions
to this driver.

Signed-off-by: Steve Cornelius <sec@pobox.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2011-03-27 10:45:16 +08:00