Commit Graph

601764 Commits

Author SHA1 Message Date
Herbert Xu
81760ea6a9 crypto: cryptd - Add helpers to check whether a tfm is queued
This patch adds helpers to check whether a given tfm is currently
queued.  This is meant to be used by ablk_helper and similar
entities to ensure that no reordering is introduced because of
requests queued in cryptd with respect to requests being processed
in softirq context.

The per-cpu queue length limit is also increased to 1000 in line
with network limits.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:29:52 +08:00
Romain Perier
47a1f0b2d1 crypto: marvell - Increase the size of the crypto queue
Now that crypto requests are chained together at the DMA level, we
increase the size of the crypto queue for each engine. The result is
that as the backlog list is reached later, it does not stop the crypto
stack from sending asychronous requests, so more cryptographic tasks
are processed by the engines.

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:29:52 +08:00
Romain Perier
85030c5168 crypto: marvell - Add support for chaining crypto requests in TDMA mode
The Cryptographic Engines and Security Accelerators (CESA) supports the
Multi-Packet Chain Mode. With this mode enabled, multiple tdma requests
can be chained and processed by the hardware without software
intervention. This mode was already activated, however the crypto
requests were not chained together. By doing so, we reduce significantly
the number of IRQs. Instead of being interrupted at the end of each
crypto request, we are interrupted at the end of the last cryptographic
request processed by the engine.

This commits re-factorizes the code, changes the code architecture and
adds the required data structures to chain cryptographic requests
together before sending them to an engine (stopped or possibly already
running).

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:29:51 +08:00
Romain Perier
bf8f91e711 crypto: marvell - Add load balancing between engines
This commits adds support for fine grained load balancing on
multi-engine IPs. The engine is pre-selected based on its current load
and on the weight of the crypto request that is about to be processed.
The global crypto queue is also moved to each engine. These changes are
required to allow chaining crypto requests at the DMA level. By using
a crypto queue per engine, we make sure that we keep the state of the
tdma chain synchronized with the crypto queue. We also reduce contention
on 'cesa_dev->lock' and improve parallelism.

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:29:51 +08:00
Romain Perier
2786cee8e5 crypto: marvell - Move SRAM I/O operations to step functions
Currently the crypto requests were sent to engines sequentially.
This commit moves the SRAM I/O operations from the prepare to the step
functions. It provides flexibility for future works and allow to prepare
a request while the engine is running.

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:17:25 +08:00
Romain Perier
1bf6682cb3 crypto: marvell - Add a complete operation for async requests
So far, the 'process' operation was used to check if the current request
was correctly handled by the engine, if it was the case it copied
information from the SRAM to the main memory. Now, we split this
operation. We keep the 'process' operation, which still checks if the
request was correctly handled by the engine or not, then we add a new
operation for completion. The 'complete' method copies the content of
the SRAM to memory. This will soon become useful if we want to call
the process and the complete operations from different locations
depending on the type of the request (different cleanup logic).

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:17:24 +08:00
Romain Perier
53da740fed crypto: marvell - Move tdma chain out of mv_cesa_tdma_req and remove it
Currently, the only way to access the tdma chain is to use the 'req'
union from a mv_cesa_{ablkcipher,ahash}. This will soon become a problem
if we want to handle the TDMA chaining vs standard/non-DMA processing in
a generic way (with generic functions at the cesa.c level detecting
whether the request should be queued at the DMA level or not). Hence the
decision to move the chain field a the mv_cesa_req level at the expense
of adding 2 void * fields to all request contexts (including non-DMA
ones) and to remove the type completly. To limit the overhead, we get
rid of the type field, which can now be deduced from the req->chain.first
value. Once these changes are done the union is no longer needed, so
remove it and move mv_cesa_ablkcipher_std_req and mv_cesa_req
to mv_cesa_ablkcipher_req directly. There are also no needs to keep the
'base' field into the union of mv_cesa_ahash_req, so move it into the
upper structure.

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:17:23 +08:00
Romain Perier
bac8e805a3 crypto: marvell - Copy IV vectors by DMA transfers for acipher requests
Add a TDMA descriptor at the end of the request for copying the
output IV vector via a DMA transfer. This is a good way for offloading
as much as processing as possible to the DMA and the crypto engine.
This is also required for processing multiple cipher requests
in chained mode, otherwise the content of the IV vector would be
overwritten by the last processed request.

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:14:03 +08:00
Romain Perier
b99acf79a1 crypto: marvell - Fix wrong type check in dma functions
So far, the way that the type of a TDMA operation was checked was wrong.
We have to use the type mask in order to get the right part of the flag
containing the type of the operation.

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:14:01 +08:00
Romain Perier
f62830886f crypto: marvell - Check engine is not already running when enabling a req
Add a BUG_ON() call when the driver tries to launch a crypto request
while the engine is still processing the previous one. This replaces
a silent system hang by a verbose kernel panic with the associated
backtrace to let the user know that something went wrong in the CESA
driver.

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:14:00 +08:00
Romain Perier
e26df73f80 crypto: marvell - Add a macro constant for the size of the crypto queue
Adding a macro constant to be used for the size of the crypto queue,
instead of using a numeric value directly. It will be easier to
maintain in case we add more than one crypto queue of the same size.

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:13:59 +08:00
Herbert Xu
7ea0da1d75 crypto: chacha20-simd - Use generic code for small requests
On 16-byte requests the optimised version is actually slower than
the generic code, so we should simply use that instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Cheers,
2016-06-23 18:13:58 +08:00
Herbert Xu
fd2efd93b6 Revert "crypto: user - no parsing of CRYPTO_MSG_GETALG"
This patch commit eed1e1afd8 as
it is only a workaround for the real bug and the proper fix has
now been applied as 055ddaace0
("crypto: user - re-add size check for CRYPTO_MSG_GETALG").

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23 18:06:02 +08:00
Dan Carpenter
01ac94580a crypto: drbg - fix an error code in drbg_init_sym_kernel()
We accidentally return PTR_ERR(NULL) which is success but we should
return -ENOMEM.

Fixes: 3559128521 ('crypto: drbg - use CTR AES instead of ECB AES')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-20 19:25:03 +08:00
raveendra padasalagi
79cc6ab894 crypto: sha3 - Add SHA-3 Test's in tcrypt
Added support for SHA-3 algorithm test's
in tcrypt module and related test vectors.

Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-20 19:25:02 +08:00
Jeff Garzik
53964b9ee6 crypto: sha3 - Add SHA-3 hash algorithm
This patch adds the implementation of SHA3 algorithm
in software and it's based on original implementation
pushed in patch https://lwn.net/Articles/518415/ with
additional changes to match the padding rules specified
in SHA-3 specification.

Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-20 19:25:01 +08:00
Tudor Ambarus
6999d504d4 crypto: caam - replace deprecated EXTRA_CFLAGS
EXTRA_CFLAGS is still supported but its usage is deprecated.

Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-20 19:25:00 +08:00
Arnd Bergmann
a6ed42dac4 crypto: caam - fix misspelled upper_32_bits
An endianess fix mistakenly used higher_32_bits() instead of
upper_32_bits(), and that doesn't exist:

drivers/crypto/caam/desc_constr.h: In function 'append_ptr':
drivers/crypto/caam/desc_constr.h:84:75: error: implicit declaration of function 'higher_32_bits' [-Werror=implicit-function-declaration]
  *offset = cpu_to_caam_dma(ptr);

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 261ea058f0 ("crypto: caam - handle core endianness != caam endianness")
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-20 19:24:39 +08:00
Herbert Xu
b30bdfa864 crypto: gcm - Filter out async ghash if necessary
As it is if you ask for a sync gcm you may actually end up with
an async one because it does not filter out async implementations
of ghash.

This patch fixes this by adding the necessary filter when looking
for ghash.

Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-20 19:24:37 +08:00
Wu Fengguang
88f1d316b9 crypto: drbg - fix semicolon.cocci warnings
crypto/drbg.c:1637:39-40: Unneeded semicolon

 Remove unneeded semicolon.

Generated by: scripts/coccinelle/misc/semicolon.cocci

CC: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-20 19:24:36 +08:00
Tudor Ambarus
5a7de97309 crypto: rsa - return raw integers for the ASN.1 parser
Return the raw key with no other processing so that the caller
can copy it or MPI parse it, etc.

The scope is to have only one ANS.1 parser for all RSA
implementations.

Update the RSA software implementation so that it does
the MPI conversion on top.

Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-15 17:07:54 +08:00
Stephan Mueller
103eb3f7bf crypto: drbg - avoid duplicate maintenance of key
The TFM object maintains the key for the CTR DRBG.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-15 17:07:54 +08:00
Stephan Mueller
a07203fbfc crypto: drbg - use full CTR AES for update
The CTR DRBG update function performs a full CTR AES operation including
the XOR with "plaintext" data. Hence, remove the XOR from the code and
use the CTR mode to do the XOR.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-15 17:07:53 +08:00
Stephan Mueller
3cfc3b9721 crypto: drbg - use aligned buffers
Hardware cipher implementation may require aligned buffers. All buffers
that potentially are processed with a cipher are now aligned.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-15 17:07:53 +08:00
Stephan Mueller
3559128521 crypto: drbg - use CTR AES instead of ECB AES
The CTR DRBG derives its random data from the CTR that is encrypted with
AES.

This patch now changes the CTR DRBG implementation such that the
CTR AES mode is employed. This allows the use of steamlined CTR AES
implementation such as ctr-aes-aesni.

Unfortunately there are the following subtile changes we need to apply
when using the CTR AES mode:

- the CTR mode increments the counter after the cipher operation, but
  the CTR DRBG requires the increment before the cipher op. Hence, the
  crypto_inc is applied to the counter (drbg->V) once it is
  recalculated.

- the CTR mode wants to encrypt data, but the CTR DRBG is interested in
  the encrypted counter only. The full CTR mode is the XOR of the
  encrypted counter with the plaintext data. To access the encrypted
  counter, the patch uses a NULL data vector as plaintext to be
  "encrypted".

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-15 17:07:53 +08:00
Neil Armstrong
e123be1612 hwrng: meson - Add Amlogic Meson Hardware Random Generator
Add support for the Amlogic Meson SoCs hardware random generator.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-13 17:47:51 +08:00
Ben Dooks
5ad67c1451 hwrng: exynos - fixup IO accesors
The __raw IO functions are not endian safe, so use the readl_relaxed
and writel_relaxed versions of these.

Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-13 17:47:50 +08:00
Bhaktipriya Shridhar
773b197972 crypto: qat - Remove deprecated create_workqueue
alloc_workqueue replaces deprecated create_workqueue().

The workqueue device_reset_wq has workitem &reset_data->reset_work per
adf_reset_dev_data. The workqueue  pf2vf_resp_wq is a workqueue for
PF2VF responses has workitem &pf2vf_resp->pf2vf_resp_work per pf2vf_resp.
The workqueue adf_vf_stop_wq is used to call adf_dev_stop()
asynchronously.

Dedicated workqueues have been used in all cases since the workitems
on the workqueues are involved in operation of crypto which can be used in
the IO path which is depended upon during memory reclaim. Hence,
WQ_MEM_RECLAIM has been set to gurantee forward progress under memory
pressure.
Since there are only a fixed number of work items, explicit concurrency
limit is unnecessary.

Signed-off-by: Bhaktipriya Shridhar <bhaktipriya96@gmail.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-13 17:47:48 +08:00
LEROY Christophe
7405c8d7ff crypto: talitos - templates for AEAD using HMAC_SNOOP_NO_AFEU
This will allow IPSEC on SEC1

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-08 16:20:04 +08:00
LEROY Christophe
b00577639d crypto: talitos - implement cra_priority
SEC1 doesn't have IPSEC_ESP descriptor type but it is able to perform
IPSEC using HMAC_SNOOP_NO_AFEU, which is also existing on SEC2
In order to be able to define descriptors templates for SEC1 without
breaking SEC2+, we have to give lower priority to HMAC_SNOOP_NO_AFEU
so that SEC2+ selects IPSEC_ESP and not HMAC_SNOOP_NO_AFEU which is
less performant.

This is done by adding a priority field in the template. If the field
is 0, we use the default priority, otherwise we used the one in the
field.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-08 16:20:04 +08:00
LEROY Christophe
e968b49f4d crypto: talitos - sg_to_link_tbl() not used anymore, remove it
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-08 16:20:03 +08:00
LEROY Christophe
549bd8bc59 crypto: talitos - Implement AEAD for SEC1 using HMAC_SNOOP_NO_AFEU
This patchs enhances the IPSEC_ESP related functions for them to
also supports the same operations with descriptor type
HMAC_SNOOP_NO_AFEU.

The differences between the two descriptor types are:
* pointeurs 2 and 3 are swaped (Confidentiality key and
    Primary EU Context IN)
* HMAC_SNOOP_NO_AFEU has CICV out in pointer 6
* HMAC_SNOOP_NO_AFEU has no primary EU context out so we get it
from the end of data out

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-08 16:20:03 +08:00
LEROY Christophe
6a1e8d1415 crypto: talitos - making mapping helpers more generic
In preparation of IPSEC for SEC1, first step is to make the mapping
helpers more generic so that they can also be used by AEAD functions.

First, the functions are moved before IPSEC functions in talitos.c

talitos_sg_unmap() and unmap_sg_talitos_ptr() are merged as they
are quite similar, the second one handling the SEC1 case an calling
the first one for SEC2

map_sg_in_talitos_ptr() and map_sg_out_talitos_ptr() are merged
into talitos_sg_map() and enhenced to support offseted zones
as used for AEAD. The actual mapping is now performed outside that
helper. The DMA sync is also done outside to not make it several
times.

talitos_edesc_alloc() size calculation are fixed to also take into
account AEAD specific parts also for SEC1

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-08 16:20:02 +08:00
LEROY Christophe
246a87cda0 crypto: talitos - move mapping helpers before IPSEC functions
In order to be able to use the mapping/unmapping helpers for IPSEC
it needs to be move upper in the file

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-08 16:20:02 +08:00
LEROY Christophe
b096b544d6 crypto: talitos - using helpers for all talitos_ptr operations
Use helper for all modifications to talitos_ptr in preparation to
the implementation of AEAD for SEC1

to_talitos_ptr_extent_clear() has been removed in favor of
to_talitos_ptr_ext_set() to set any value and
to_talitos_ptr_ext_or() to or the extent field with a value
name has been shorten to help keeping single lines of 80 chars

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-08 16:20:01 +08:00
Horia Geantă
63dac35b58 arm64: dts: ls1043a: add crypto node
LS1043A has a SEC v5.4 security engine.
For now don't add rtic or sec_mon subnodes, since these features
haven't been tested yet.

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-07 18:42:44 +08:00
Bob Ham
e4a886e811 hwrng: chaoskey - Fix URB warning due to timeout on Alea
The first read on an Alea takes about 1.8 seconds, more than the
timeout value waiting for the read.  As a consequence, later URB reuse
causes the warning given below.  To avoid this, we increase the wait
time for the first read on the Alea.

[   78.293247] WARNING: CPU: 3 PID: 1892 at drivers/usb/core/urb.c:338 usb_submit_urb+0x2b4/0x580 [usbcore]
[   78.293250] URB ffff8802135be3c0 submitted while active
[   78.293252] Modules linked in: chaoskey(+) rng_core rfcomm binfmt_misc bnep cfg80211 nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc bridge stp llc tun snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic iTCO_wdt iTCO_vendor_support nls_utf8 nls_cp437 vfat fat intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel efi_pstore kvm irqbypass pcspkr btusb btrtl btbcm btintel uvcvideo joydev bluetooth videobuf2_vmalloc videobuf2_memops efivars videobuf2_v4l2 serio_raw i2c_i801 videobuf2_core videodev cdc_mbim media lpc_ich shpchp mfd_core cdc_ncm usbnet mii cdc_wdm cdc_acm evdev snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core i915 snd_pcm snd_timer i2c_algo_bit drm_kms_helper wmi thinkpad_acpi drm nvram mei_me mei snd soundcore rfkill ac battery i2c_core
[   78.293335]  video button tpm_tis tpm fuse parport_pc ppdev lp parport autofs4 ext4 crc16 jbd2 mbcache algif_skcipher af_alg hid_generic usbhid hid dm_crypt dm_mod sg sr_mod cdrom sd_mod crct10dif_pclmul crc32_pclmul crc32c_intel jitterentropy_rng sha256_generic hmac drbg aesni_intel xhci_pci aes_x86_64 ahci glue_helper xhci_hcd ehci_pci lrw libahci gf128mul ablk_helper cryptd libata sdhci_pci psmouse sdhci scsi_mod ehci_hcd mmc_core usbcore usb_common thermal
[   78.293402] CPU: 3 PID: 1892 Comm: hwrng Not tainted 4.7.0-rc1-linux-14+ #16
[   78.293405] Hardware name: LENOVO 232577G/232577G, BIOS G2ET92WW (2.52 ) 02/22/2013
[   78.293408]  0000000000000000 ffffffff812dfa0f ffff8801fa5b3d68 0000000000000000
[   78.293413]  ffffffff81072224 ffff8802135be3c0 ffff8801fa5b3db8 ffff880212e44210
[   78.293418]  0000000000000040 ffff880209fb32c0 ffff880212e44200 ffffffff8107228f
[   78.293422] Call Trace:
[   78.293432]  [<ffffffff812dfa0f>] ? dump_stack+0x5c/0x7d
[   78.293437]  [<ffffffff81072224>] ? __warn+0xc4/0xe0
[   78.293441]  [<ffffffff8107228f>] ? warn_slowpath_fmt+0x4f/0x60
[   78.293451]  [<ffffffff810a46a2>] ? enqueue_task_fair+0xcd2/0x1260
[   78.293463]  [<ffffffffa001ec54>] ? usb_submit_urb+0x2b4/0x580 [usbcore]
[   78.293474]  [<ffffffff8140c2e5>] ? __pm_runtime_resume+0x55/0x70
[   78.293484]  [<ffffffffa0825212>] ? _chaoskey_fill+0x132/0x250 [chaoskey]
[   78.293485] usbcore: registered new interface driver chaoskey
[   78.293493]  [<ffffffff810aed50>] ? wait_woken+0x90/0x90
[   78.293500]  [<ffffffffa06448c0>] ? devm_hwrng_register+0x80/0x80 [rng_core]
[   78.293505]  [<ffffffffa0825907>] ? chaoskey_rng_read+0x127/0x140 [chaoskey]
[   78.293511]  [<ffffffffa06448c0>] ? devm_hwrng_register+0x80/0x80 [rng_core]
[   78.293515]  [<ffffffffa064492e>] ? hwrng_fillfn+0x6e/0x120 [rng_core]
[   78.293520]  [<ffffffff8108fb5f>] ? kthread+0xcf/0xf0
[   78.293529]  [<ffffffff81596d5f>] ? ret_from_fork+0x1f/0x40
[   78.293535]  [<ffffffff8108fa90>] ? kthread_park+0x50/0x50

Signed-off-by: Bob Ham <bob.ham@collabora.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-07 18:42:44 +08:00
Bob Ham
d3ede2dba3 hwrng: chaoskey - Add support for Araneus Alea I USB RNG
Adds support for the Araneus Alea I USB hardware Random Number
Generator which is interfaced with in exactly the same way as the
Altus Metrum ChaosKey.  We just add the appropriate device ID and
modify the config help text.

Signed-off-by: Bob Ham <bob.ham@collabora.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-07 18:42:43 +08:00
Giovanni Cabiddu
63044c4fd4 crypto: hash - shrink hash down to two types
Move hash to 0xe to free up the space for acomp/scomp

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-07 18:41:54 +08:00
Geliang Tang
88aff46040 crypto: skcipher - remove unused header cpumask.h
Remove unused header cpumask.h from crypto/ablkcipher.c.

Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-07 18:41:53 +08:00
Lokesh Vutla
3741bbb207 crypto: omap-aes - Fix registration of algorithms
Algorithms can be registered only once. So skip registration of
algorithms if already registered (i.e. in case we have two AES cores
in the system.)

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-07 18:41:52 +08:00
Megha Dey
0a7f330c12 crypto: sha1-mb - stylistic cleanup
Currently there are several checkpatch warnings in the sha1_mb.c file:
'WARNING: line over 80 characters' in the sha1_mb.c file. Also, the
syntax of some multi-line comments are not correct. This patch fixes
these issues.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-02 18:39:04 +08:00
Stephan Mueller
ed494d4fa2 crypto: drbg - reduce number of setkey calls
The CTR DRBG code always set the key for each sym cipher invocation even
though the key has not been changed.

The patch ensures that the setkey is only invoked when a new key is
generated by the DRBG.

With this patch, the CTR DRBG performance increases by more than 150%.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-02 18:39:01 +08:00
Krzysztof Kozlowski
5318c53d5b crypto: s5p-sss - Use consistent indentation for variables and members
Bring some consistency by:
1. Replacing fixed-space indentation of structure members with just
   tabs.
2. Remove indentation in declaration of local variable between type and
   name.  Driver was mixing usage of such indentation and lack of it.
   When removing indentation, reorder variables in
   reversed-christmas-tree order with first variables being initialized
   ones.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-05-31 17:52:30 +08:00
Yendapally Reddy Dhananjaya Reddy
4f8de65bab hwrng: bcm2835 - Read as much data as available
Read the requested number of data from the fifo

Signed-off-by: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-05-31 17:52:29 +08:00
Yendapally Reddy Dhananjaya Reddy
33a36a5bc0 ARM: dts: nsp: Add rng device tree entry
Add support for the random number generator to the Northstar Plus
SoC device tree.

Signed-off-by: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-05-31 17:52:29 +08:00
Yendapally Reddy Dhananjaya Reddy
422a749145 hwrng: bcm2835 - Support Broadcom NSP SoC rng
This supports the random number generator available in NSP SoC.
Masks the rng interrupt for NSP.

Signed-off-by: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
Acked-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-05-31 17:52:23 +08:00
Yendapally Reddy Dhananjaya Reddy
f8e4f9a0a8 dt-bindings: rng: Northstar Plus SoC rng bindings
Document the bindings used by Northstar Plus(NSP) SoC random number
generator.

Signed-off-by: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
Acked-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-05-31 17:52:21 +08:00
Nicolai Stange
20b5b7f3c2 lib/mpi: refactor mpi_read_from_buffer() in terms of mpi_read_raw_data()
mpi_read_from_buffer() and mpi_read_raw_data() do basically the same thing
except that the former extracts the number of payload bits from the first
two bytes of the input buffer.

Besides that, the data copying logic is exactly the same.

Replace the open coded buffer to MPI instance conversion by a call to
mpi_read_raw_data().

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-05-31 16:42:01 +08:00
Nicolai Stange
cdf24b42c6 lib/mpi: mpi_read_from_buffer(): sanitize short buffer printk
The first two bytes of the input buffer encode its expected length and
mpi_read_from_buffer() prints a console message if the given buffer is too
short.

However, there are some oddities with how this message is printed:
- It is printed at the default loglevel. This is different from the
  one used in the case that the first two bytes' value is unsupportedly
  large, i.e. KERN_INFO.
- The format specifier '%d' is used for unsigned ints.
- It prints the values of nread and *ret_nread. This is redundant since
  the former is always the latter + 1.

Clean this up as follows:
- Use pr_info() rather than printk() with no loglevel.
- Use the format specifiers '%u' in place if '%d'.
- Do not print the redundant 'nread' but the more helpful 'nbytes' value.

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-05-31 16:42:00 +08:00