| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Be consistent with the rest of the codebase and use GFP_DMA when
allocating memory for a CAAM JR descriptor.
Signed-off-by: Andrey Smirnov <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Cc: Chris Healy <[email protected]>
Cc: Lucas Stach <[email protected]>
Cc: Horia Geantă <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Iuliana Prodan <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Herbert Xu <[email protected]>
|
|
Remove duplicated include.
Signed-off-by: YueHaibing <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Add SPDX License Identifier to all .gitignore files.
Signed-off-by: Masahiro Yamada <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
The new macro set has a consistent namespace and uses C99 initializers
instead of the grufty C89 ones.
Signed-off-by: Thomas Gleixner <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Reviewed-by: Greg Kroah-Hartman <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
|
|
Kernel TLS forms TLS header in kernel during encryption and removes
while decryption before giving packet back to user application. The
similar logic is introduced in chtls code as well.
v1->v2:
- tls_proccess_cmsg() uses tls_handle_open_record() which is not required
in TOE-TLS. Don't mix TOE with other TLS types.
Signed-off-by: Vinay Kumar Yadav <[email protected]>
Signed-off-by: Rohit Maheshwari <[email protected]>
Acked-by: Jakub Kicinski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
drivers/crypto/chelsio/chcr_algo.c: In function 'chcr_device_init':
drivers/crypto/chelsio/chcr_algo.c:1440:18: warning:
variable 'adap' set but not used [-Wunused-but-set-variable]
commit 567be3a5d227 ("crypto: chelsio - Use multiple txq/rxq per tfm
to process the requests") involved this unused variable.
Signed-off-by: YueHaibing <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Add the OcteonTX cpt options in crypto Kconfig and Makefile
Signed-off-by: SrujanaChalla <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Add support for the cryptographic accelerator unit virtual functions on
OcteonTX 83XX SoC.
Co-developed-by: Lukasz Bartosik <[email protected]>
Signed-off-by: Lukasz Bartosik <[email protected]>
Signed-off-by: SrujanaChalla <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Add support for the cryptographic acceleration unit (CPT) on
OcteonTX CN83XX SoC.
Co-developed-by: Lukasz Bartosik <[email protected]>
Signed-off-by: Lukasz Bartosik <[email protected]>
Signed-off-by: SrujanaChalla <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Creats common Kconfig and Makefile for Marvell crypto drivers.
Signed-off-by: SrujanaChalla <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The wake token cannot be sent without ignoring the nack for the
device address
Signed-off-by: Jianhui Zhao <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Combine found device and created qp into one operation instead of found
device and create qp both are independent operations. when execute
multiple tasks, the different threads may find same device at the same
time, but the number of queues is insufficient on the device. causing
one of threads fail to create a qp. Now fix this, First find device then
create qp, if result failure. the current thread will find next device.
Signed-off-by: Kai Ye <[email protected]>
Signed-off-by: Shukun Tan <[email protected]>
Reviewed-by: Zhou Wang <[email protected]>
Reviewed-by: Zaibo Xu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Optimize finding hpre device process according to priority of numa
distance.
Signed-off-by: Hui Tang <[email protected]>
Signed-off-by: Shukun Tan <[email protected]>
Reviewed-by: Zhou Wang <[email protected]>
Reviewed-by: Zaibo Xu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Encapsulate hisi_qm_alloc_qps_node() to new interface to replace
find_zip_device(), which will fix the bug of creating QP failure
especially in multi-thread scenario.
Signed-off-by: Shukun Tan <[email protected]>
Reviewed-by: Zhou Wang <[email protected]>
Reviewed-by: Zaibo Xu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Use struct hisi_qm to maintain device list. Meanwhile, add two external
interface into qm, merge find proper device and create qp into QP alloc
logic, merge release qps into QP free logic.
Signed-off-by: Weili Qian <[email protected]>
Signed-off-by: Shukun Tan <[email protected]>
Reviewed-by: Zhou Wang <[email protected]>
Reviewed-by: Zaibo Xu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
drivers/crypto/chelsio/chcr_ktls.c: In function chcr_ktls_cpl_set_tcb_rpl:
drivers/crypto/chelsio/chcr_ktls.c:662:11: warning:
variable status set but not used [-Wunused-but-set-variable]
commit 8a30923e1598 ("cxgb4/chcr: Save tx keys and handle HW response")
involved this unused variable, remove it.
Reported-by: Hulk Robot <[email protected]>
Signed-off-by: YueHaibing <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Our handling of ciphers with IV trailing the AAD was correct
but overly complicated. Refactor to simplify and possibly
save one DMA burst.
This has the added bonus of behaving the same as the generic
rfc4543 implementation for none compliants inputs where the
IV in the iv field was not the same as the IV in the AAD.
There should be no change in behaviour with correct inputs.
Signed-off-by: Gilad Ben-Yossef <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Use crypto_ipsec_check_assoclen() instead of home grown functions.
Clean up some unneeded code as a result. Delete stale comments
while we're at it.
Signed-off-by: Gilad Ben-Yossef <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Move testing of condition to after the point we decide if
we need it or not.
Signed-off-by: Gilad Ben-Yossef <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Remove left over ancient and now misleading TODO remarks.
Signed-off-by: Gilad Ben-Yossef <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
removed pointless comment
Signed-off-by: Hadar Gat <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Changed CC_GENMASK macro so it can be used for all HW registers.
Signed-off-by: Hadar Gat <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Instead of using CAP_SYS_ADMIN which is restricted to the root user,
check the file mode for write permissions before executing commands that
can affect the platform. This allows for more fine-grained access
control to the SEV ioctl interface. This would allow a SEV-only user
or group the ability to administer the platform without requiring them
to be root or granting them overly powerful permissions.
For example:
chown root:root /dev/sev
chmod 600 /dev/sev
setfacl -m g:sev:r /dev/sev
setfacl -m g:sev-admin:rw /dev/sev
In this instance, members of the "sev-admin" group have the ability to
perform all ioctl calls (including the ones that modify platform state).
Members of the "sev" group only have access to the ioctls that do not
modify the platform state.
This also makes opening "/dev/sev" more consistent with how file
descriptors are usually handled. By only checking for CAP_SYS_ADMIN,
the file descriptor could be opened read-only but could still execute
ioctls that modify the platform state. This patch enforces that the file
descriptor is opened with write privileges if it is going to be used to
modify the platform state.
This flexibility is completely opt-in, and if it is not desirable by
the administrator then they do not need to give anyone else access to
/dev/sev.
Signed-off-by: Connor Kuehl <[email protected]>
Reviewed-by: Brijesh Singh <[email protected]>
Reviewed-by: Bandan Das <[email protected]>
Acked-by: David Rientjes <[email protected]>
Acked-by: Tom Lendacky <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
In the scenario of SMMU translation, the SEC performance of short messages
(<512Bytes) cannot meet our expectations. To avoid this, we reserve the
plat buffer (PBUF) memory for small packets when creating TFM.
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Zaibo Xu <[email protected]>
Reviewed-by: Jonathan Cameron <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
We have updated the operation method of IV and MAC address
to prepare for pbuf patch and fixed coding style.
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Zaibo Xu <[email protected]>
Reviewed-by: Jonathan Cameron <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
In order to improve performance of small packets (<512Bytes)
in SMMU translation scenario, we need to identify the type of IOMMU
in the SEC probe to process small packets by a different method.
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Zaibo Xu <[email protected]>
Reviewed-by: Jonathan Cameron <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Allocate one workqueue for each QM instead of one for all QMs,
we found the throughput of SEC engine can be increased to
the hardware limit throughput during testing sec2 performance.
so we added this scheme.
Signed-off-by: Ye Kai <[email protected]>
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Zaibo Xu <[email protected]>
Reviewed-by: Jonathan Cameron <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Since SEC need not so many workqueues as our test, we just use
one workqueue created by the device driver of QM if necessary,
which will also reduce CPU waste without any throughput decreasing.
Signed-off-by: Shukun Tan <[email protected]>
Signed-off-by: Zaibo Xu <[email protected]>
Reviewed-by: Jonathan Cameron <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The CONFIG_CRYPTO_DEV_QCE_SOFT_THRESHOLD symbol was renamed during
development, but the stringify reference in the parameter description
sneaked by unnoticed.
Signed-off-by: Eneas U de Queiroz <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
simplify code to remove unnecessary constant string copies.
Signed-off-by: Tianjia Zhang <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Introduce clear_psp_master_device() to ensure that sp_dev_master gets
properly cleared on the release of a psp device.
Fixes: 2a6170dfe755 ("crypto: ccp: Add Platform Security Processor (PSP) device support")
Signed-off-by: John Allen <[email protected]>
Acked-by: Tom Lendacky <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Explicitly free and clear misc_dev in sev_exit(). Since devm_kzalloc()
associates misc_dev with the first device that gets probed, change from
devm_kzalloc() to kzalloc() and explicitly free memory in sev_exit() as
the first device probed is not guaranteed to be the last device released.
To ensure that the variable gets properly set to NULL, remove the local
definition of misc_dev.
Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support")
Signed-off-by: John Allen <[email protected]>
Acked-by: Tom Lendacky <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Adding ipv6 support and ktls related statistics.
v1->v2:
- added blank lines at 2 places.
v3->v4:
- Replaced atomic_t with atomic64_t
- added few necessary stat counters.
Signed-off-by: Rohit Maheshwari <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
This patch contains handling of first part or middle part of the record.
When we get a middle record, we will fetch few already sent bytes to
make packet start 16 byte aligned.
And if the packet has only the header part, we don't need to send it for
packet encryption, send that packet as a plaintext.
v1->v2:
- un-necessary updating left variable.
v3->v4:
- replaced kfree_skb with dev_kfree_skb_any.
Signed-off-by: Rohit Maheshwari <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
TCP segment can chop a record in any order. Record can either be
complete or it can be partial (first part which contains header,
middle part which doesn't have header or TAG, and the end part
which contains TAG. This patch handles partial end part of a tx
record. In case of partial end part's, driver will send complete
record to HW, so that HW will calculate GHASH (TAG) of complete
packet.
Also added support to handle multiple records in a segment.
v1->v2:
- miner change in calling chcr_write_cpl_set_tcb_ulp.
- no need of checking return value of chcr_ktls_write_tcp_options.
v3->v4:
- replaced kfree_skb with dev_kfree_skb_any.
Signed-off-by: Rohit Maheshwari <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Added tx handling in this patch. This includes handling of segments
contain single complete record.
v1->v2:
- chcr_write_cpl_set_tcb_ulp is added in this patch.
v3->v4:
- mss calculation logic.
- replaced kfree_skb with dev_kfree_skb_any.
- corrected error message reported by kbuild test robot <[email protected]>
Signed-off-by: Rohit Maheshwari <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
As part of this patch generated and saved crypto keys, handled HW
response of act_open_req and set_tcb_req. Defined connection state
update.
v1->v2:
- optimized tcb update using control queue.
- state machine handling when earlier states received.
v2->v3:
- Added one empty line after function declaration.
Signed-off-by: Rohit Maheshwari <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
A new macro is defined to enable ktls tx offload support on Chelsio
T6 adapter. And if this macro is enabled, cxgb4 will send mailbox to
enable or disable ktls settings on HW.
In chcr, enabled tx offload flag in netdev and registered tls_dev_add
and tls_dev_del.
v1->v2:
- mark tcb state to close in tls_dev_del.
- u_ctx is now picked from adapter structure.
- clear atid in case of failure.
- corrected ULP_CRYPTO_KTLS_INLINE value.
v2->v3:
- add empty line after variable declaration.
- local variable declaration in reverse christmas tree ordering.
Signed-off-by: Rohit Maheshwari <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Since in the software implementation of XTS-AES there is
no notion of sector every input length is processed the same way.
CAAM implementation has the notion of sector which causes different
results between the software implementation and the one in CAAM
for input lengths bigger than 512 bytes.
Increase sector size to maximum value on 16 bits.
Fixes: c6415a6016bf ("crypto: caam - add support for acipher xts(aes)")
Cc: <[email protected]> # v4.12+
Signed-off-by: Andrei Botila <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
HW generates a Data Size error for chacha20 requests that are not
a multiple of 64B, since algorithm state (AS) does not have
the FINAL bit set.
Since updating req->iv (for chaining) is not required,
modify skcipher descriptors to set the FINAL bit for chacha20.
[Note that for skcipher decryption we know that ctx1_iv_off is 0,
which allows for an optimization by not checking algorithm type,
since append_dec_op1() sets FINAL bit for all algorithms except AES.]
Also drop the descriptor operations that save the IV.
However, in order to keep code logic simple, things like
S/G tables generation etc. are not touched.
Cc: <[email protected]> # v5.3+
Fixes: 334d37c9e263 ("crypto: caam - update IV using HW support")
Signed-off-by: Horia Geantă <[email protected]>
Tested-by: Valentin Ciocoi Radulescu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
crypto: chtls - Fixed boolinit.cocci warning
Signed-off-by: Vinay Kumar Yadav <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
If UACCE=m and CRYPTO_DEV_HISI_QM=y, the following error
is seen while building qm.o:
drivers/crypto/hisilicon/qm.o: In function `hisi_qm_init':
(.text+0x23c6): undefined reference to `uacce_alloc'
(.text+0x2474): undefined reference to `uacce_remove'
(.text+0x286b): undefined reference to `uacce_remove'
drivers/crypto/hisilicon/qm.o: In function `hisi_qm_uninit':
(.text+0x2918): undefined reference to `uacce_remove'
make[1]: *** [vmlinux] Error 1
make: *** [autoksyms_recursive] Error 2
This patch fixes the config dependency for QM and ZIP.
reported-by: Hulk Robot <[email protected]>
Suggested-by: Herbert Xu <[email protected]>
Signed-off-by: Hongbo Yao <[email protected]>
Signed-off-by: Zhou Wang <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Added tls rx stats and reset tls rx/tx stats when chtls driver unload.
Signed-off-by: Vinay Kumar Yadav <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The incorrect traversal of the scatterlist, during the linearization phase
lead to computing the hash value of the wrong input buffer.
New implementation uses scatterwalk_map_and_copy()
to address this issue.
Cc: <[email protected]>
Fixes: 15b59e7c3733 ("crypto: mxs - Add Freescale MXS DCP driver")
Signed-off-by: Rosioru Dragos <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The description of stat_fb was wrong, let's fix it
Fixes: 06f751b61329 ("crypto: allwinner - Add sun8i-ce Crypto Engine")
Signed-off-by: Corentin Labbe <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The description of stat_fb was wrong, let's fix it.
Fixes: f08fcced6d00 ("crypto: allwinner - Add sun8i-ss cryptographic offloader")
Signed-off-by: Corentin Labbe <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by
this change:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]
This issue was found with the help of Coccinelle.
[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[2] https://github.com/KSPP/linux/issues/21
[3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour")
Signed-off-by: Gustavo A. R. Silva <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This patch enables chcr to use multiple txq/rxq per tfm
to process the crypto requests. The txq/rxq are selected based
on cpu core-id.
Signed-off-by: Ayush Sawal <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Recalculate iv only if it is needed i.e. if the last req to hw
was partial for aes-xts.
Signed-off-by: Ayush Sawal <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|