Age | Commit message (Collapse) | Author |
|
When caam_qi_enqueue() is called, compound FD has already been swapped
to CAAM endianness, thus accesing it ("length" field in this case) by
CPU has to be done by first unswapping.
Fixes: ca982fae08a2 ("crypto: caam/qi - use QBMan (NXP) SDK driver")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
The replacement of MDHA split key generation with DKP has the side
effect of the crypto engine writing the authentication key, and thus
the DMA mapping direction for the buffer holding the key has to change
from DMA_TO_DEVICE to DMA_BIDIRECTIONAL.
There are two cases:
-key is inlined in descriptor - descriptor buffer mapping changes
-key is referenced - key buffer mapping changes
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
setkey() callback may be invoked multiple times for the same tfm.
In this case, DMA API leaks are caused by shared descriptors
and keys being mapped several times and unmapped only once.
Fix this by performing mapping / unmapping only in crypto algorithm's
cra_init() / cra_exit() callbacks and sync_for_device in the setkey()
tfm callback.
This is similar to commit
bbf2234494af "crypto: caam - fix DMA API leaks for multiple setkey() calls"
and also to caam/qi2 ahash implementation.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Move flc_dma member (which is accessed only by GPP) out of the caam_flc
structure, which is DMA mapped and intended for crypto engine
consumption.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
ablkcipher (xts included) algorithms have shared descriptors with
immediate (inline) keys.
Accordingly, there is no need to:
-copy user-provided keys in ctx->key
-DMA map the keys
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Key data is not modified, it is copied in the shared descriptor.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Add DKP support for tls using caam/qi2 as backend.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Add DKP support for tls using caam/qi as backend.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Add support for unkeyed and keyed (hmac) md5, sha algorithms.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Add DKP support for authenc algorithms using caam/qi2 as backend.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Upcoming caam/qi2 driver will support ahash algorithms,
thus move ahash descriptors generation in a shared location.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Offload split key generation in CAAM engine, using DKP.
DKP is supported starting with Era 6.
Note that the way assoclen is transmitted from the job descriptor
to the shared descriptor changes - DPOVRD register is used instead
of MATH3 (where available), since DKP protocol thrashes the MATH
registers.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Save Era in driver's private data for further usage,
like deciding whether an erratum applies or a feature is available
based on its value.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
ctx_map_to_sec4_sg() function, added in
commit 045e36780f115 ("crypto: caam - ahash hmac support")
has never used the "desc" parameter, so let's drop it.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit dfcd8393efefb7a111f9cb6af69058ecaf4a4d72)
|
|
Extended descriptor allocation has been changed by
commit dde20ae9d6383 ("crypto: caam - Change kmalloc to kzalloc to avoid residual data")
to provide zeroized memory, meaning we no longer have to sanitize
its members - edesc->src_nents and edesc->dst_dma.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit f2ac67746534fab0cbc0bc29bfc3e507b1f58474)
|
|
This module introduces a SG DMA driver based on the DMA capabilities of
the CAAM hardware block. CAAM DMA is a platform driver that is only
probed if the device is defined in the device tree. The driver creates
a DMA channel for each JR of the CAAM. This introduces a dependency on
the JR driver. Therefore a defering mechanism was used to ensure that
the CAAM DMA driver is probed only after the JR driver.
Signed-off-by: Radu Alexe <radu.alexe@nxp.com>
Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Rajiv Vishwakarma <rajiv.vishwakarma@nxp.com>
|
|
Memory used for S/G entries (kmem cache-backed) is not zeroized.
More, the dpaa2_sg_* API does not offer getters, setters for all fields
/ bits.
This means that there are bits that currently have random values.
Probably the most problematic is SGE[BMT] (Bypass Memory Translation).
When this "happens" to be set and IOMMU is enabled in the system,
caam engine will report DMA errors - for e.g. see below self-tests
failing:
[...]
dpaa2_caam dpseci.1: FD error: 000000a8
dpaa2_caam dpseci.1: 40001216: DECO: desc idx 18: DMA Error
alg: skcipher: encryption failed on chunk test 1 for cbc-3des-caam-qi2: ret=5
dpaa2_caam dpseci.1: FD error: 00000088
dpaa2_caam dpseci.1: 40000916: DECO: desc idx 9: DMA Error
alg: aead: encryption failed on test 1 for rfc4106-gcm-aes-caam-qi2: ret=5
dpaa2_caam dpseci.1: FD error: 000000a8
dpaa2_caam dpseci.1: 40001516: DECO: desc idx 21: DMA Error
alg: aead-ddst: encryption failed on test 1 for rfc4543-gcm-aes-caam-qi2: ret=5
dpaa2_caam dpseci.1: FD error: 00000088
dpaa2_caam dpseci.1: 40000916: DECO: desc idx 9: DMA Error
alg: aead: encryption failed on test 1 for gcm-aes-caam-qi2: ret=5
[...]
Fix this by requiring allocated memory to be zeroized.
Fixes: d4df6899d2c6 ("crypto: caam/qi2 - add DPAA2-CAAM driver")
Fixes: 74e4a0d250d3 ("crypto: caam/qi2 - add ablkcipher algorithms")
Fixes: 40865366205a ("crypto: caam/qi2 - add support for TLS 1.0 record")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Decide whether to use GFP_ATOMIC / GFP_KERNEL solely based on
MAY_SLEEP flag, i.e. remove MAY_BACKLOG flag from the equation.
Fixes: 4aef966f7e8a ("crypto: caam/qi2 - add ablkcipher algorithms")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Decide whether to use GFP_ATOMIC / GFP_KERNEL solely based on
MAY_SLEEP flag, i.e. remove MAY_BACKLOG flag from the equation.
Fixes: 6220d7624b1d ("crypto: caam/qi2 - add DPAA2-CAAM driver")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Direction for fd_flt_dma dma unmapping must be identical with
the direction used for mapping, i.e. DMA_BIDIRECTIONAL.
Fixes: 6220d7624b1d ("crypto: caam/qi2 - add DPAA2-CAAM driver")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Fix caam_exit_common function signature - it gets a pointer to
a caam_ctx struct, not to a tfm.
Fixes: 6220d7624b1d ("crypto: caam/qi2 - add DPAA2-CAAM driver")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Update existing DPAA2-CAAM driver with the latest version
submitted in upstream:
https://patchwork.kernel.org/patch/9894411
https://patchwork.kernel.org/patch/9894415
https://patchwork.kernel.org/patch/9894413
https://patchwork.kernel.org/patch/9894423
https://patchwork.kernel.org/patch/9894421
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Fixes: 3ebfa92f49a6 ("crypto: caam - Add new macros for building extended SEC descriptors (> 64 words)")
Signed-off-by: Radu Alexe <radu.alexe@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Most of the dentry members from structure caam_drv_private
are never used at all, so it is safe to remove them.
Since debugfs_remove_recursive() is called, we don't need the
file entries.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit a92f7af3854ce6b80a4cd7e3df6148663f15671b)
|
|
kill_fq removes a complete frame queue, it needs to free the qman_fq
in the last. Else kmemleak will report the below warning:
unreferenced object 0xffff800073085c80 (size 128):
comm "cryptomgr_test", pid 199, jiffies 4294937850 (age 67.840s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 a0 80 7e 00 00 80 ff ff
00 00 00 00 00 00 00 00 04 00 04 00 5c 01 00 00
backtrace:
[<ffff8000001e5760>] create_object+0xf8/0x258
[<ffff800000994e38>] kmemleak_alloc+0x58/0xa0
[<ffff8000001d5f18>] kmem_cache_alloc_trace+0x2c8/0x358
[<ffff8000007e8410>] create_caam_req_fq+0x40/0x170
[<ffff8000007e870c>] caam_drv_ctx_update+0x54/0x248
[<ffff8000007fca54>] aead_setkey+0x154/0x300
[<ffff800000452120>] setkey+0x50/0xf0
[<ffff80000045b144>] __test_aead+0x5ec/0x1028
[<ffff80000045c28c>] test_aead+0x44/0xc8
[<ffff80000045c368>] alg_test_aead+0x58/0xd0
[<ffff80000045bdb4>] alg_test+0x14c/0x308
[<ffff8000004588e8>] cryptomgr_test+0x50/0x58
[<ffff8000000c3b2c>] kthread+0xdc/0xf0
[<ffff800000083c00>] ret_from_fork+0x10/0x50
And check where the function kill_fq() is called to remove
the additional kfree to qman_fq and avoid re-calling the released qman_fq.
Signed-off-by: Xulin Sun <xulin.sun@windriver.com>
Acked-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 430f13389bdafa6fd9ce2999fed01dca8a5d79ae)
Backported to NXP SDK kernel 4.9.
Signed-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Clean up the code, as indicated by Coccinelle.
Cc: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit f366af462aef1dcaeab0f68b031e5c4c4eb860e1)
|
|
Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 60a3f737badb0951dd27e93d24cb967dcc1fb855)
|
|
sg_to_sec4_sg_len() is no longer used since
commit 479bcc7c5b9e ("crypto: caam - Convert authenc to new AEAD interface")
Its functionality has been superseded by the usage of sg_nents_for_len()
returning the number of S/G entries corresponding to the provided length.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit bcde1f78cab6741073c32edeecec96e4183d381b)
Fixed conflicts.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Change log level for some prints from dev_info() to dev_dbg(), low-level
details are needed only when debugging.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit c7a91eb80b75513c67c0e0b347ac9e9605944341)
|
|
For more than 16 S/G entries, driver currently corrupts memory
on ARMv8, see below KASAN log.
Note: this does not reproduce on PowerPC due to different (smaller)
cache line size - 64 bytes on PPC vs. 128 bytes on ARMv8.
One such use case is one of the cbc(aes) test vectors - with 8 S/G
entries and src != dst. Driver needs 1 (IV) + 2 x 8 = 17 entries,
which goes over the 16 S/G entries limit:
(CAAM_QI_MEMCACHE_SIZE - offsetof(struct ablkcipher_edesc, sgt)) /
sizeof(struct qm_sg_entry) = 256 / 16 = 16 S/Gs
Fix this by:
-increasing object size in caamqicache pool from 512 to 768; this means
the maximum number of S/G entries grows from (at least) 16 to 32
(again, for ARMv8 case of 128-byte cache line)
-add checks in the driver to fail gracefully (ENOMEM) in case the 32 S/G
entries limit is exceeded
==================================================================
BUG: KASAN: slab-out-of-bounds in ablkcipher_edesc_alloc+0x4ec/0xf60
Write of size 1 at addr ffff800021cb6003 by task cryptomgr_test/1394
CPU: 3 PID: 1394 Comm: cryptomgr_test Not tainted 4.12.0-rc7-next-20170703-00023-g72badbcc1ea7-dirty #26
Hardware name: LS1046A RDB Board (DT)
Call trace:
[<ffff20000808ac6c>] dump_backtrace+0x0/0x290
[<ffff20000808b014>] show_stack+0x14/0x1c
[<ffff200008d62c00>] dump_stack+0xa4/0xc8
[<ffff200008264e40>] print_address_description+0x110/0x26c
[<ffff200008265224>] kasan_report+0x1d0/0x2fc
[<ffff2000082637b8>] __asan_store1+0x4c/0x54
[<ffff200008b4884c>] ablkcipher_edesc_alloc+0x4ec/0xf60
[<ffff200008b49304>] ablkcipher_encrypt+0x44/0xcc
[<ffff20000848a61c>] skcipher_encrypt_ablkcipher+0x120/0x138
[<ffff200008495014>] __test_skcipher+0xaec/0xe30
[<ffff200008497088>] test_skcipher+0x6c/0xd8
[<ffff200008497154>] alg_test_skcipher+0x60/0xe4
[<ffff2000084974c4>] alg_test.part.13+0x130/0x304
[<ffff2000084976d4>] alg_test+0x3c/0x68
[<ffff2000084938ac>] cryptomgr_test+0x54/0x5c
[<ffff20000810276c>] kthread+0x188/0x1c8
[<ffff2000080836c0>] ret_from_fork+0x10/0x50
Allocated by task 1394:
save_stack_trace_tsk+0x0/0x1ac
save_stack_trace+0x18/0x20
kasan_kmalloc.part.5+0x48/0x110
kasan_kmalloc+0x84/0xa0
kasan_slab_alloc+0x14/0x1c
kmem_cache_alloc+0x124/0x1e8
qi_cache_alloc+0x28/0x58
ablkcipher_edesc_alloc+0x244/0xf60
ablkcipher_encrypt+0x44/0xcc
skcipher_encrypt_ablkcipher+0x120/0x138
__test_skcipher+0xaec/0xe30
test_skcipher+0x6c/0xd8
alg_test_skcipher+0x60/0xe4
alg_test.part.13+0x130/0x304
alg_test+0x3c/0x68
cryptomgr_test+0x54/0x5c
kthread+0x188/0x1c8
ret_from_fork+0x10/0x50
Freed by task 0:
(stack is not available)
The buggy address belongs to the object at ffff800021cb5e00
which belongs to the cache caamqicache of size 512
The buggy address is located 3 bytes to the right of
512-byte region [ffff800021cb5e00, ffff800021cb6000)
The buggy address belongs to the page:
page:ffff7e0000872d00 count:1 mapcount:0 mapping: (null)
index:0x0 compound_mapcount: 0
flags: 0xfffc00000008100(slab|head)
raw: 0fffc00000008100 0000000000000000 0000000000000000 0000000180190019
raw: dead000000000100 dead000000000200 ffff800931268200 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff800021cb5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff800021cb5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff800021cb6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff800021cb6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff800021cb6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit eb9ba37dc15a6e6b6140eb6d62785ba99b7179d7)
|
|
caam/qi needs a fix similar to what was done for caam/jr in
commit "crypto: caam/qi - properly set IV after {en,de}crypt",
to allow for ablkcipher/skcipher chunking/streaming.
Cc: <stable@vger.kernel.org>
Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms")
Suggested-by: David Gstir <david@sigma-star.at>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit a68a193805224d90bedd94e9e8ac287600f07b78)
|
|
Certain cipher modes like CTS expect the IV (req->info) of
ablkcipher_request (or equivalently req->iv of skcipher_request) to
contain the last ciphertext block when the {en,de}crypt operation is done.
This is currently not the case for the CAAM driver which in turn breaks
e.g. cts(cbc(aes)) when the CAAM driver is enabled.
This patch fixes the CAAM driver to properly set the IV after the
{en,de}crypt operation of ablkcipher finishes.
This issue was revealed by the changes in the SW CTS mode in commit
0605c41cc53ca ("crypto: cts - Convert to skcipher")
Cc: <stable@vger.kernel.org> # 4.8+
Signed-off-by: David Gstir <david@sigma-star.at>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 854b06f768794cd664886ec3ba3a5b1c58d42167)
|
|
s/desi/des for echainiv(authenc(hmac(sha256),cbc(des))) alg.
Cc: <stable@vger.kernel.org>
Fixes: b189817cf7894 ("crypto: caam/qi - add ablkcipher and authenc algorithms")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 84ea95436b83884fa55780618ffaf4bbe3312166)
|
|
This is the 2nd part of fixing the usage of GFP_KERNEL for memory
allocations, taking care off all the places that haven't caused a real
problem / failure.
Again, the issue being fixed is that GFP_KERNEL should be used only when
MAY_SLEEP flag is set, i.e. MAY_BACKLOG flag usage is orthogonal.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 019d62db54017f4639fd7d4f6592f5a116a16695)
|
|
Changes in the SW cts (ciphertext stealing) code in
commit 0605c41cc53ca ("crypto: cts - Convert to skcipher")
revealed a problem in the CAAM driver:
when cts(cbc(aes)) is executed and cts runs in SW,
cbc(aes) is offloaded in CAAM; cts encrypts the last block
in atomic context and CAAM incorrectly decides to use GFP_KERNEL
for memory allocation.
Fix this by allowing GFP_KERNEL (sleeping) only when MAY_SLEEP flag is
set, i.e. remove MAY_BACKLOG flag.
We split the fix in two parts - first is sent to -stable, while the
second is not (since there is no known failure case).
Link: http://lkml.kernel.org/g/20170602122446.2427-1-david@sigma-star.at
Cc: <stable@vger.kernel.org> # 4.8+
Reported-by: David Gstir <david@sigma-star.at>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 42cfcafb91dabb0f9d9e08396c39824535948c67)
|
|
of_device_ids are not supposed to change at runtime. All functions
working with of_device_ids provided by <linux/of.h> work with const
of_device_ids. So mark the non-const structs as const.
File size before:
text data bss dec hex filename
2376 808 128 3312 cf0 drivers/crypto/caam/jr.o
File size after constify caam_jr_match:
text data bss dec hex filename
2976 192 128 3296 ce0 drivers/crypto/caam/jr.o
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 52a33d99882291808681af8582358ddca5b0d0bc)
|
|
Fix to return error code -ENOMEM from the kmem_cache_create() error
handling case instead of 0(err is 0 here), as done elsewhere in this
function.
Fixes: 67c2315def06 ("crypto: caam - add Queue Interface (QI) backend support")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 7e207d8550644c1076ceb070f40abf52701253ec)
|
|
dma_map_sg() might coalesce S/G entries, so use the number of S/G
entries returned by it instead of what sg_nents_for_len() initially
returns.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 838e0a89e33a6e15492b8e4d700fc64c21ca3587)
|
|
caam/qi has been backported to kernel v4.4, however the same is not
true for the Queue & Buffer Manager driver, i.e. the SDK version of it
is used instead of a backport of its upstream version.
Update caam/qi to work with QBMan from NXP SDK.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Even if MC f/w has support for DPSECI Congestion Group (CG), we still
have to check whether the dpseci object has been created with this
capability before setting it up.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Starting with MC firmware 10.2.0 (*), support has been added to obtain
the properties of dpseci objects, such as Congestion Group or
Order Preservation.
(*) DPSECI object (API) version has not bumped, it's still v5.1;
this makes it harder to offer backwards compatibility.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
authenc givencrypt shared descriptor is being saved in the wrong buffer,
i.e. flc[GIVENCRYPT].
For authenc, since .encrypt and .givencrypt cannot coexist:
-the same flc[ENCRYPT] buffer is used for the shared descriptor and
-flc[GIVENCRYPT] is not used
Fixes: 1417145b769f ("crypto: caam/qi2 - add DPAA2-CAAM driver")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Driver does not properly handle the case when signals interrupt
wait_for_completion_interruptible():
-it does not check for return value
-completion structure is allocated on stack; in case a signal interrupts
the sleep, it will go out of scope, causing the worker thread
(caam_jr_dequeue) to fail when it accesses it
wait_for_completion_interruptible() is replaced with uninterruptable
wait_for_completion().
We choose to block all signals while waiting for I/O (device executing
the split key generation job descriptor) since the alternative - in
order to have a deterministic device state - would be to flush the job
ring (aborting *all* in-progress jobs).
Cc: <stable@vger.kernel.org>
Fixes: 045e36780f115 ("crypto: caam - ahash hmac support")
Fixes: 4c1ec1f930154 ("crypto: caam - refactor key_gen, sg")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 7459e1d25ffefa2b1be799477fcc1f6c62f6cec7)
|
|
TLS 1.0 descriptors run on SEC 4.x or higher. For now, only
tls10(hmac(sha1),cbc(aes)) algorithm is registered by the driver.
Known limitations:
- when src == dst - there should be no element in the src scatterlist
array that contains both associated data and message data.
- when src != dst - associated data is not copied from source into
destination.
- for decryption when src != dst the size of the destination should be
large enough so that the buffer may contain the decrypted authenc and
padded data.
Signed-off-by: Radu Alexe <radu.alexe@nxp.com>
|
|
TLS 1.0 descriptors run on SEC 4.x or higher.
For now, only tls10(hmac(sha1),cbc(aes)) algorithm
is registered by the driver.
Known limitations:
- when src == dst - there should be no element in the src scatterlist array
that contains both associated data and message data.
- when src != dst - associated data is not copied from source into
destination.
- for decryption when src != dst the size of the destination should be
large enough so that the buffer may contain the decrypted authenc and
padded data.
Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Radu Alexe <radu.alexe@nxp.com>
|
|
CHAs of SEC work natively in BE mode. When moving
data to the alignment blocks, swapping is needed
for LE platforms. This is done by means of the MOVEB
command. This patch adds support
to DCL for this command.
Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Signed-off-by: Radu Alexe <radu.alexe@nxp.com>
|
|
caam/qi frontend (i.e. caamalg_qi) mustn't be used in case it runs on a
DPAA2 part (this could happen when using a multiplatform kernel).
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
sg_sw_sec4.h header is not used by caam/qi, thus remove its inclusion.
This also solves the compilation failure due to name clashes between
functions in sg_sw_qm.h and sg_sw_sec4.h -> sg_sw_qm2.h.
Fixes: dd1bcf32df59 ("crypto: caam/jr - add support for DPAA2 parts")
Reported-by: Radu Alexe <radu.alexe@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Since ARM64 commit 1dccb598df549 ("arm64: simplify dma_get_ops"),
dma_ops no longer default to swiotlb_dma_ops, but to dummy_dma_ops.
We have to explicitly set dma_ops in the driver - at least for ARM64.
Fixes: 67c2315def06 ("crypto: caam - add Queue Interface (QI) backend support")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|
|
Associated data (AD) length is read by CAAM from an S/G entry
that is initially filled by the GPP.
Accordingly, AD length has to be stored in CAAM endianness.
Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
|