summaryrefslogtreecommitdiff
path: root/drivers/crypto/qce
AgeCommit message (Collapse)Author
2024-10-19crypto: drivers - Switch back to struct platform_driver::remove()Uwe Kleine-König
After commit 0edb555a65d1 ("platform: Make platform_driver::remove() return void") .remove() is (again) the right callback to implement for platform drivers. Convert all platform drivers below drivers/crypto to use .remove(), with the eventual goal to drop struct platform_driver::remove_new(). As .remove() and .remove_new() have the same prototypes, conversion is done by just changing the structure member name in the driver initializer. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-10-27crypto: qce - Convert to platform remove callback returning voidUwe Kleine-König
The .remove() callback for a platform driver returns an int which makes many driver authors wrongly assume it's possible to do error handling by returning an error code. However the value returned is ignored (apart from emitting a warning) and this typically results in resource leaks. To improve here there is a quest to make the remove callback return void. In the first step of this quest all drivers are converted to .remove_new(), which already returns void. Eventually after all drivers are converted, .remove_new() will be renamed to .remove(). Trivially convert this driver from always returning zero in the remove callback to the void returning variant. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-03-14crypto: qce - Add a QCE IP family compatible 'qcom,qce'Vladimir Zapolskiy
The added 'qcom,qce' compatible value will serve as a sole QCE IP family compatible, since a particular QCE IP version is discoverablem thus, if it'd be needed to differentiate various IP versions, it can be obtained in runtime. Two IP version based compatibles are left untouched to preserve backward DTB ABI compatibility. Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org> Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-03-14crypto: qce - Make clocks optionalThara Gopinath
On certain Snapdragon processors, the crypto engine clocks are enabled by default by security firmware and the driver should not handle the clocks. Make acquiring of all the clocks optional in crypto engine driver, so that the driver initializes properly even if no clocks are specified in the dt. Tested-by: Jordan Crouse <jorcrous@amazon.com> Signed-off-by: Thara Gopinath <thara.gopinath@gmail.com> Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org> [Bhupesh: Massage the commit log] Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-03-14crypto: qce - Add support to initialize interconnect pathThara Gopinath
Crypto engine on certain Snapdragon processors like sm8150, sm8250, sm8350 etc. requires interconnect path between the engine and memory to be explicitly enabled and bandwidth set prior to any operations. Add support in the qce core to enable the interconnect path appropriately. Tested-by: Jordan Crouse <jorcrous@amazon.com> Signed-off-by: Thara Gopinath <thara.gopinath@gmail.com> [Bhupesh: Make header file inclusion alphabetical and use devm_of_icc_get()] Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org> [vladimir: moved icc bandwidth setup closer to its acquisition] Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org> Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-02-13crypto: qce - Use request_complete helpersHerbert Xu
Use the request_complete helpers instead of calling the completion function directly. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-12-09crypto: qce - Set DMA alignment explicitlyHerbert Xu
This driver has been implicitly relying on kmalloc alignment to be sufficient for DMA. This may no longer be the case with upcoming arm64 changes. This patch changes it to explicitly request DMA alignment from the Crypto API. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26crypto: qce - Fix dma_map_sg error checkJack Wang
dma_map_sg return 0 on error, fix the error check and return -EIO to caller. Cc: Thara Gopinath <thara.gopinath@gmail.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Cc: linux-arm-msm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Jack Wang <jinpu.wang@ionos.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-11-20crypto: qce - fix uaf on qce_skcipher_register_oneChengfeng Ye
Pointer alg points to sub field of tmpl, it is dereferenced after tmpl is freed. Fix this by accessing alg before free tmpl. Fixes: ec8f5d8f ("crypto: qce - Qualcomm crypto engine driver") Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk> Acked-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-11-20crypto: qce - fix uaf on qce_ahash_register_oneChengfeng Ye
Pointer base points to sub field of tmpl, it is dereferenced after tmpl is freed. Fix this by accessing base before free tmpl. Fixes: ec8f5d8f ("crypto: qce - Qualcomm crypto engine driver") Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk> Acked-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-11-20crypto: qce - fix uaf on qce_aead_register_oneChengfeng Ye
Pointer alg points to sub field of tmpl, it is dereferenced after tmpl is freed. Fix this by accessing alg before free tmpl. Fixes: 9363efb4 ("crypto: qce - Add support for AEAD algorithms") Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk> Acked-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-06-11crypto: qce - fix error return code in qce_skcipher_async_req_handle()Wei Yongjun
Fix to return a negative error code from the error handling case instead of 0, as done elsewhere in this function. Fixes: 1339a7c3ba05 ("crypto: qce: skcipher: Fix incorrect sg count for dma transfers") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Reviewed-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-28crypto: qce - Fix inconsistent indentingJiapeng Chong
Eliminate the follow smatch warning: drivers/crypto/qce/aead.c:85 qce_aead_done() warn: inconsistent indenting. Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-28crypto: qce: skcipher: Fix incorrect sg count for dma transfersThara Gopinath
Use the sg count returned by dma_map_sg to call into dmaengine_prep_slave_sg rather than using the original sg count. dma_map_sg can merge consecutive sglist entries, thus making the original sg count wrong. This is a fix for memory coruption issues observed while testing encryption/decryption of large messages using libkcapi framework. Patch has been tested further by running full suite of tcrypt.ko tests including fuzz tests. Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-28crypto: qce - Fix some error handling pathWei Yongjun
Fix to return negative error code from the error handling cases instead of 0. Fixes: 9363efb4181c ("crypto: qce - Add support for AEAD algorithms") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-14crypto: qce - Schedule fallback aead algorithmThara Gopinath
Qualcomm crypto engine does not handle the following scenarios and will issue an abort. In such cases, pass on the transformation to a fallback algorithm. - DES3 algorithms with all three keys same. - AES192 algorithms. - 0 length messages. Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-14crypto: qce - Add support for AEAD algorithmsThara Gopinath
Add register programming sequence for enabling AEAD algorithms on the Qualcomm crypto engine. Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-14crypto: qce - Clean up qce_auth_cfgThara Gopinath
Remove various redundant checks in qce_auth_cfg. Also allow qce_auth_cfg to take auth_size as a parameter which is a required setting for ccm(aes) algorithms Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-14crypto: qce - Add support for AEAD algorithmsThara Gopinath
Introduce support to enable following algorithms in Qualcomm Crypto Engine. - authenc(hmac(sha1),cbc(des)) - authenc(hmac(sha1),cbc(des3_ede)) - authenc(hmac(sha256),cbc(des)) - authenc(hmac(sha256),cbc(des3_ede)) - authenc(hmac(sha256),cbc(aes)) - ccm(aes) - rfc4309(ccm(aes)) Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-14crypto: qce - Add mode for rfc4309Thara Gopinath
rf4309 is the specification that uses aes ccm algorithms with IPsec security packets. Add a submode to identify rfc4309 ccm(aes) algorithm in the crypto driver. Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-14crypto: qce - Make result dump optionalThara Gopinath
Qualcomm crypto engine allows for IV registers and status register to be concatenated to the output. This option is enabled by setting the RESULTS_DUMP field in GOPROC register. This is useful for most of the algorithms to either retrieve status of operation or in case of authentication algorithms to retrieve the mac. But for ccm algorithms, the mac is part of the output stream and not retrieved from the IV registers, thus needing a separate buffer to retrieve it. Make enabling RESULTS_DUMP field optional so that algorithms can choose whether or not to enable the option. Note that in this patch, the enabled algorithms always choose RESULTS_DUMP to be enabled. But later with the introduction of ccm algorithms, this changes. Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-05-14crypto: qce - Add MAC failed error checkingThara Gopinath
MAC_FAILED gets set in the status register if authenthication fails for ccm algorithms(during decryption). Add support to catch and flag this error. Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Remove totallen and offset in qce_startThara Gopinath
totallen is used to get the size of the data to be transformed. This is also available via nbytes or cryptlen in the qce_sha_reqctx and qce_cipher_ctx. Similarly offset convey nothing for the supported encryption and authentication transformations and is always 0. Remove these two redundant parameters in qce_start. Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Remover src_tbl from qce_cipher_reqctxThara Gopinath
src_table is unused and hence remove it from struct qce_cipher_reqctx Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Set data unit size to message length for AES XTS transformationThara Gopinath
Set the register REG_ENCR_XTS_DU_SIZE to cryptlen for AES XTS transformation. Anything else causes the engine to return back wrong results. Acked-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Improve the conditions for requesting AES fallback cipherThara Gopinath
The following are the conditions for requesting AES fallback cipher. - AES-192 - AES-XTS request with len <= 512 byte (Allow messages of length less than 512 bytes for all other AES encryption algorithms other than AES XTS) - AES-XTS request with len > QCE_SECTOR_SIZE and is not a multiple of it Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Set ivsize to 0 for ecb(aes)Thara Gopinath
ECB transformations do not have an IV and hence set the ivsize to 0 for ecb(aes). Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Return error for non-blocksize data(ECB/CBC algorithms)Thara Gopinath
ECB/CBC encryption/decryption requires the data to be blocksize aligned. Crypto engine hangs on non-block sized operations for these algorithms. Return invalid data if data size is not blocksize aligned for these algorithms. Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Return error for zero length messagesThara Gopinath
Crypto engine BAM dma does not support 0 length data. Return unsupported if zero length messages are passed for transformation. Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Return unsupported if any three keys are same for DES3 algorithmsThara Gopinath
Return unsupported if any three keys are same for DES3 algorithms since CE does not support this and the operation causes the engine to hang. Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Return unsupported if key1 and key 2 are same for AES XTS ↵Thara Gopinath
algorithm Crypto engine does not support key1 = key2 for AES XTS algorithm; the operation hangs the engines. Return -EINVAL in case key1 and key2 are the same. Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Hold back a block of data to be transferred as part of finalThara Gopinath
If the available data to transfer is exactly a multiple of block size, save the last block to be transferred in qce_ahash_final (with the last block bit set) if this is indeed the end of data stream. If not this saved block will be transferred as part of next update. If this block is not held back and if this is indeed the end of data stream, the digest obtained will be wrong since qce_ahash_final will see that rctx->buflen is 0 and return doing nothing which in turn means that a digest will not be copied to the destination result buffer. qce_ahash_final cannot be made to alter this behavior and allowed to proceed if rctx->buflen is 0 because the crypto engine BAM does not allow for zero length transfers. Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-03-07crypto: qce - Restore/save ahash state with custom struct in export/importThara Gopinath
Export and import interfaces save and restore partial transformation states. The partial states were being stored and restored in struct sha1_state for sha1/hmac(sha1) transformations and sha256_state for sha256/hmac(sha256) transformations.This led to a bunch of corner cases where improper state was being stored and restored. A few of the corner cases that turned up during testing are: - wrong byte_count restored if export/import is called twice without h/w transaction in between - wrong buflen restored back if the pending buffer length is exactly the block size. - wrong state restored if buffer length is 0. To fix these issues, save and restore the partial transformation state using the newly introduced qce_sha_saved_state struct. This ensures that all the pieces required to properly restart the transformation is captured and restored back Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-11-27crypto: qce - Fix SHA result buffer corruption issuesThara Gopinath
Partial hash was being copied into the final result buffer without the entire message block processed. Depending on how the end user processes this result buffer, errors vary from result buffer corruption to result buffer poisoing. Fix this issue by ensuring that only the final hash value is copied into the result buffer. Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-11-27crypto: qce - Enable support for crypto engine on sdm845Thara Gopinath
Add support Qualcomm Crypto Engine accelerated encryption and authentication algorithms on sdm845. Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-11-20crypto: sha - split sha.h into sha1.h and sha2.hEric Biggers
Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2, and <crypto/sha3.h> contains declarations for SHA-3. This organization is inconsistent, but more importantly SHA-1 is no longer considered to be cryptographically secure. So to the extent possible, SHA-1 shouldn't be grouped together with any of the other SHA versions, and usage of it should be phased out. Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and <crypto/sha2.h>, and make everyone explicitly specify whether they want the declarations for SHA-1, SHA-2, or both. This avoids making the SHA-1 declarations visible to files that don't want anything to do with SHA-1. It also prepares for potentially moving sha1.h into a new insecure/ or dangerous/ directory. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-08-20crypto: algapi - Remove skbuff.h inclusionHerbert Xu
The header file algapi.h includes skbuff.h unnecessarily since all we need is a forward declaration for struct sk_buff. This patch removes that inclusion. Unfortunately skbuff.h pulls in a lot of things and drivers over the years have come to rely on it so this patch adds a lot of missing inclusions that result from this. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-07-16crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORYMikulas Patocka
Set the flag CRYPTO_ALG_ALLOCATES_MEMORY in the crypto drivers that allocate memory. drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c: sun8i_ce_cipher drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c: sun8i_ss_cipher drivers/crypto/amlogic/amlogic-gxl-core.c: meson_cipher drivers/crypto/axis/artpec6_crypto.c: artpec6_crypto_common_init drivers/crypto/bcm/cipher.c: spu_skcipher_rx_sg_create drivers/crypto/caam/caamalg.c: aead_edesc_alloc drivers/crypto/caam/caamalg_qi.c: aead_edesc_alloc drivers/crypto/caam/caamalg_qi2.c: aead_edesc_alloc drivers/crypto/caam/caamhash.c: hash_digest_key drivers/crypto/cavium/cpt/cptvf_algs.c: process_request drivers/crypto/cavium/nitrox/nitrox_aead.c: nitrox_process_se_request drivers/crypto/cavium/nitrox/nitrox_skcipher.c: nitrox_process_se_request drivers/crypto/ccp/ccp-crypto-aes-cmac.c: ccp_do_cmac_update drivers/crypto/ccp/ccp-crypto-aes-galois.c: ccp_crypto_enqueue_request drivers/crypto/ccp/ccp-crypto-aes-xts.c: ccp_crypto_enqueue_request drivers/crypto/ccp/ccp-crypto-aes.c: ccp_crypto_enqueue_request drivers/crypto/ccp/ccp-crypto-des3.c: ccp_crypto_enqueue_request drivers/crypto/ccp/ccp-crypto-sha.c: ccp_crypto_enqueue_request drivers/crypto/chelsio/chcr_algo.c: create_cipher_wr drivers/crypto/hisilicon/sec/sec_algs.c: sec_alloc_and_fill_hw_sgl drivers/crypto/hisilicon/sec2/sec_crypto.c: sec_alloc_req_id drivers/crypto/inside-secure/safexcel_cipher.c: safexcel_queue_req drivers/crypto/inside-secure/safexcel_hash.c: safexcel_ahash_enqueue drivers/crypto/ixp4xx_crypto.c: ablk_perform drivers/crypto/marvell/cesa/cipher.c: mv_cesa_skcipher_dma_req_init drivers/crypto/marvell/cesa/hash.c: mv_cesa_ahash_dma_req_init drivers/crypto/marvell/octeontx/otx_cptvf_algs.c: create_ctx_hdr drivers/crypto/n2_core.c: n2_compute_chunks drivers/crypto/picoxcell_crypto.c: spacc_sg_to_ddt drivers/crypto/qat/qat_common/qat_algs.c: qat_alg_skcipher_encrypt drivers/crypto/qce/skcipher.c: qce_skcipher_async_req_handle drivers/crypto/talitos.c : talitos_edesc_alloc drivers/crypto/virtio/virtio_crypto_algs.c: __virtio_crypto_skcipher_do_req drivers/crypto/xilinx/zynqmp-aes-gcm.c: zynqmp_aes_aead_cipher Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> [EB: avoid overly-long lines] Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-07-16crypto: qce - permit asynchronous skcipher as fallbackArd Biesheuvel
Even though the qce driver implements asynchronous versions of ecb(aes), cbc(aes)and xts(aes), the fallbacks it allocates are required to be synchronous. Given that SIMD based software implementations are usually asynchronous as well, even though they rarely complete asynchronously (this typically only happens in cases where the request was made from softirq context, while SIMD was already in use in the task context that it interrupted), these implementations are disregarded, and either the generic C version or another table based version implemented in assembler is selected instead. Since falling back to synchronous AES is not only a performance issue, but potentially a security issue as well (due to the fact that table based AES is not time invariant), let's fix this, by allocating an ordinary skcipher as the fallback, and invoke it with the completion routine that was given to the outer request. While at it, remove the pointless memset() from qce_skcipher_init(), and remove the call to it qce_skcipher_init_fallback(). Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-07-03crypto: qce/sha - Do not modify scatterlist passed along with requestSivaprakash Murugesan
Crypto test driver's test_ahash_speed calls crypto_ahash_update and crypto_ahash_final APIs repeatedly for all the available test vector buffer lengths. if we mark the end for scatterlist based on the current vector size then the subsequent vectors might fail if the later buffer lengths are higher. To avoid this, in qce do not mark the end of scatterlist in update API, the qce_ahash_async_req_handle API already takes care of this copying right amount of buffer from the request scatter list. Signed-off-by: Sivaprakash Murugesan <sivaprak@codeaurora.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-07-03crypto: qce - re-initialize context on importSivaprakash Murugesan
crypto testmgr deliberately corrupts the request context while passing vectors to the import. This is to make sure that drivers do not rely on request but they take all the necessary input from io vec passed to it. qce casts the request context from request parameter, since it is corrupted the sub squent hash request fails and qce hangs. To avoid this re-initialize request context on import. The qce import API alreasy takes care of taking the input vectors from passed io vec. Signed-off-by: Sivaprakash Murugesan <sivaprak@codeaurora.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-07-03crypto: qce - support zero length test vectorsSivaprakash Murugesan
crypto test module passes zero length vectors as test input to sha-1 and sha-256. To provide correct output for these vectors, hash zero support has been added as in other crypto drivers. Signed-off-by: Sivaprakash Murugesan <sivaprak@codeaurora.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-12crypto: qce - fix wrong config symbol referenceEneas U de Queiroz
The CONFIG_CRYPTO_DEV_QCE_SOFT_THRESHOLD symbol was renamed during development, but the stringify reference in the parameter description sneaked by unnoticed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-02-13crypto: qce - handle AES-XTS cases that qce failsEneas U de Queiroz
QCE hangs when presented with an AES-XTS request whose length is larger than QCE_SECTOR_SIZE (512-bytes), and is not a multiple of it. Let the fallback cipher handle them. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-02-13crypto: qce - use AES fallback for small requestsEneas U de Queiroz
Process small blocks using the fallback cipher, as a workaround for an observed failure (DMA-related, apparently) when computing the GCM ghash key. This brings a speed gain as well, since it avoids the latency of using the hardware engine to process small blocks. Using software for all 16-byte requests would be enough to make GCM work, but to increase performance, a larger threshold would be better. Measuring the performance of supported ciphers with openssl speed, software matches hardware at around 768-1024 bytes. Considering the 256-bit ciphers, software is 2-3 times faster than qce at 256-bytes, 30% faster at 512, and about even at 768-bytes. With 128-bit keys, the break-even point would be around 1024-bytes. This adds the 'aes_sw_max_len' parameter, to set the largest request length processed by the software fallback. Its default is being set to 512 bytes, a little lower than the break-even point, to balance the cost in CPU usage. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-02-13crypto: qce - use cryptlen when adding extra sglEneas U de Queiroz
The qce crypto driver appends an extra entry to the dst sgl, to maintain private state information. When the gcm driver sends requests to the ctr skcipher, it passes the authentication tag after the actual crypto payload, but it must not be touched. Commit 1336c2221bee ("crypto: qce - save a sg table slot for result buf") limited the destination sgl to avoid overwriting the authentication tag but it assumed the tag would be in a separate sgl entry. This is not always the case, so it is better to limit the length of the destination buffer to req->cryptlen before appending the result buf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-01-09crypto: remove CRYPTO_TFM_RES_BAD_KEY_LENEric Biggers
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to make the ->setkey() functions provide more information about errors. However, no one actually checks for this flag, which makes it pointless. Also, many algorithms fail to set this flag when given a bad length key. Reviewing just the generic implementations, this is the case for aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309, rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably many more in arch/*/crypto/ and drivers/crypto/. Some algorithms can even set this flag when the key is the correct length. For example, authenc and authencesn set it when the key payload is malformed in any way (not just a bad length), the atmel-sha and ccree drivers can set it if a memory allocation fails, and the chelsio driver sets it for bad auth tag lengths, not just bad key lengths. So even if someone actually wanted to start checking this flag (which seems unlikely, since it's been unused for a long time), there would be a lot of work needed to get it working correctly. But it would probably be much better to go back to the drawing board and just define different return values, like -EINVAL if the key is invalid for the algorithm vs. -EKEYREJECTED if the key was rejected by a policy like "no weak keys". That would be much simpler, less error-prone, and easier to test. So just remove this flag. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: qce - allow building only hashes/ciphersEneas U de Queiroz
Allow the user to choose whether to build support for all algorithms (default), hashes-only, or skciphers-only. The QCE engine does not appear to scale as well as the CPU to handle multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the QCE handles only 2 requests in parallel. Ipsec throughput seems to improve when disabling either family of algorithms, sharing the load with the CPU. Enabling skciphers-only appears to work best. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: qce - initialize fallback only for AESEneas U de Queiroz
Adjust cra_flags to add CRYPTO_NEED_FALLBACK only for AES ciphers, where AES-192 is not handled by the qce hardware, and don't allocate & free the fallback skcipher for other algorithms. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-27crypto: qce - update the skcipher IVEneas U de Queiroz
Update the IV after the completion of each cipher operation. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>