GitHub/LineageOS/android_kernel_motorola_exynos9610.git
9 years agoARM: dts: sun6i: Add security system crypto engine clock and device nodes
Chen-Yu Tsai [Tue, 11 Aug 2015 05:32:57 +0000 (13:32 +0800)]
ARM: dts: sun6i: Add security system crypto engine clock and device nodes

A31/A31s have the same "Security System" crypto engine as A10/A20,
but with a separate reset control.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: sunxi-ss - Add optional reset control support
Chen-Yu Tsai [Tue, 11 Aug 2015 05:32:56 +0000 (13:32 +0800)]
crypto: sunxi-ss - Add optional reset control support

On sun6i and later platforms, the reset control is split out of the
clock gates. Add support for an optional reset control.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: sunxi-ss - Document optional reset control bindings
Chen-Yu Tsai [Tue, 11 Aug 2015 05:32:55 +0000 (13:32 +0800)]
crypto: sunxi-ss - Document optional reset control bindings

Later Allwinner SoCs split out the reset controls for individual modules
out of the clock gate controls. The "Security System" crypto engine is
no different.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Fix adf_isr_resource_free name clash
Tadeusz Struk [Mon, 10 Aug 2015 20:00:02 +0000 (13:00 -0700)]
crypto: qat - Fix adf_isr_resource_free name clash

When both PF and VF drivers are build in linker complains about multiple
definition of adf_isr_resource_[alloc/free] functions.

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoFix email address mistypo for NX/VMX crypto driver maintainers
Paulo Flabiano Smorigo [Mon, 10 Aug 2015 19:14:17 +0000 (16:14 -0300)]
Fix email address mistypo for NX/VMX crypto driver maintainers

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - Removing CTR mode from NX driver
Leonidas Da Silva Barbosa [Sat, 8 Aug 2015 21:31:01 +0000 (18:31 -0300)]
crypto: nx - Removing CTR mode from NX driver

CTR hardware implementation does not match with kernel spec causing a counter bug
where just low 8 bytes are used for counter, when should be all 16bytes.

Since we already have other counter modes working according with specs
not worth to keep CTR itself on NX.

Signed-off-by: Leonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoUpdate NX crypto driver maintainers and adding VMX maintainers
Leonidas Da Silva Barbosa [Sat, 8 Aug 2015 21:29:27 +0000 (18:29 -0300)]
Update NX crypto driver maintainers and adding VMX maintainers

Marcelo and Fin are no long IBMers, thus no longer NX maintainers.
Updating with the new names.

Adding VMX crypto maintainers.

Signed-off-by: Leonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoPCI: Add quirk for Intel DH895xCC VF PCI config erratum
Tadeusz Struk [Fri, 7 Aug 2015 18:34:42 +0000 (11:34 -0700)]
PCI: Add quirk for Intel DH895xCC VF PCI config erratum

The PCI capabilities list for Intel DH895xCC VFs (device id 0x0443) with
QuickAssist Technology is prematurely terminated in hardware.
Workaround the issue by hard-coding the known expected next capability
pointer and saving the PCIE cap into internal buffer.

Patch generated against cryptodev-2.6

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Add FW const table
Tadeusz Struk [Fri, 7 Aug 2015 18:34:36 +0000 (11:34 -0700)]
crypto: qat - Add FW const table

Some VF drivers need FW const table, so the PF driver needs to load it.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Add qat dh895xcc VF driver
Tadeusz Struk [Fri, 7 Aug 2015 18:34:31 +0000 (11:34 -0700)]
crypto: qat - Add qat dh895xcc VF driver

Add code specific for the dh895xcc virtual function.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Add support for SRIOV
Tadeusz Struk [Fri, 7 Aug 2015 18:34:25 +0000 (11:34 -0700)]
crypto: qat - Add support for SRIOV

Add code that enables SRIOV on dh895xcc devices.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Move adf admin and adf hw arbitrer to common code
Tadeusz Struk [Fri, 7 Aug 2015 18:34:20 +0000 (11:34 -0700)]
crypto: qat - Move adf admin and adf hw arbitrer to common code

Adf admin and HW arbiter function can be used by dh895xcc specific code
well as the new dh895xccvf and future devices so moving them to
qat_common so that they can be shared.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: authencesn - Convert to new AEAD interface
Herbert Xu [Fri, 7 Aug 2015 08:42:59 +0000 (16:42 +0800)]
crypto: authencesn - Convert to new AEAD interface

This patch converts authencesn to the new AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: doc - make URL into hyperlink
Brian Norris [Thu, 6 Aug 2015 21:49:00 +0000 (14:49 -0700)]
crypto: doc - make URL into hyperlink

The HTML output works a little nicer that way.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: talitos - Prevent panic in probe error path
Aaron Sierra [Wed, 5 Aug 2015 21:52:08 +0000 (16:52 -0500)]
crypto: talitos - Prevent panic in probe error path

The probe error path for this driver, for all intents and purposes,
is the talitos_remove() function due to the common "goto err_out".

Without this patch applied, talitos_remove() will panic under these
two conditions:

1. If the RNG device hasn't been registered via
   talitos_register_rng() prior to entry into talitos_remove(),
   then the attempt to unregister the RNG "device" will cause a panic.

2. If the priv->chan array has not been allocated prior to entry
   into talitos_remove(), then the per-channel FIFO cleanup will panic
   because of the dereference of that NULL "array".

Both of the above scenarios occur if talitos_probe_irq() fails.

This patch resolves issue #1 by introducing a boolean to mask the
hwrng_unregister() call in talitos_unregister_rng() if RNG device
registration was unsuccessful.

It resolves issue #2 by checking that priv->chan is not NULL in the
per-channel FIFO cleanup for loop.

Signed-off-by: Aaron Sierra <asierra@xes-inc.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoARM: imx_v6_v7_defconfig: Select CAAM
Victoria Milhoan [Wed, 5 Aug 2015 18:28:47 +0000 (11:28 -0700)]
ARM: imx_v6_v7_defconfig: Select CAAM

Select CAAM for i.MX6 devices.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Detect hardware features during algorithm registration
Victoria Milhoan [Wed, 5 Aug 2015 18:28:48 +0000 (11:28 -0700)]
crypto: caam - Detect hardware features during algorithm registration

Register only algorithms supported by CAAM hardware, using the CHA
version and instantiation registers to identify hardware capabilities.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Enable MXC devices to select CAAM driver in Kconfig
Steve Cornelius [Wed, 5 Aug 2015 18:28:46 +0000 (11:28 -0700)]
crypto: caam - Enable MXC devices to select CAAM driver in Kconfig

Allow CAAM to be selected in the kernel for Freescale i.MX devices if
ARCH_MXC is enabled.

Signed-off-by: Steve Cornelius <steve.cornelius@freescale.com>
Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoARM: dts: mx6sx: Add CAAM device node
Victoria Milhoan [Thu, 6 Aug 2015 18:42:37 +0000 (11:42 -0700)]
ARM: dts: mx6sx: Add CAAM device node

Add CAAM device node to the i.MX6SX device tree.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoARM: dts: mx6qdl: Add CAAM device node
Victoria Milhoan [Wed, 5 Aug 2015 18:28:44 +0000 (11:28 -0700)]
ARM: dts: mx6qdl: Add CAAM device node

Add CAAM device node to the i.MX6 device tree.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoARM: clk-imx6q: Add CAAM clock support
Victoria Milhoan [Wed, 5 Aug 2015 18:28:43 +0000 (11:28 -0700)]
ARM: clk-imx6q: Add CAAM clock support

Add CAAM clock support to the i.MX6 clocking infrastructure.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Added clocks and clock-names properties to SEC4.0 device tree binding
Victoria Milhoan [Wed, 5 Aug 2015 18:28:42 +0000 (11:28 -0700)]
crypto: caam - Added clocks and clock-names properties to SEC4.0 device tree binding

The clocks and clock-names properties describe input clocks that may be
required for enablement of CAAM.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Use local sg pointers to walk the scatterlist
Victoria Milhoan [Wed, 5 Aug 2015 18:28:41 +0000 (11:28 -0700)]
crypto: caam - Use local sg pointers to walk the scatterlist

Avoid moving the head of the scatterlist entry by using temporary
pointers to walk the scatterlist.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Correct DMA unmap size in ahash_update_ctx()
Victoria Milhoan [Wed, 5 Aug 2015 18:28:40 +0000 (11:28 -0700)]
crypto: caam - Correct DMA unmap size in ahash_update_ctx()

This change fixes:

------------[ cut here ]------------
WARNING: CPU: 0 PID: 456 at lib/dma-debug.c:1103 check_unmap+0x438/0x958()
caam_jr 2101000.jr0: DMA-API: device driver frees DMA memory with different size [device address=0x000000003a241080] [map ]
Modules linked in: tcrypt(+)
CPU: 0 PID: 456 Comm: insmod Not tainted 4.1.0-248766-gf823586-dirty #82
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[<80015e0c>] (unwind_backtrace) from [<80012764>] (show_stack+0x10/0x14)
[<80012764>] (show_stack) from [<806df8e8>] (dump_stack+0x84/0xc4)
[<806df8e8>] (dump_stack) from [<800266fc>] (warn_slowpath_common+0x84/0xb4)
[<800266fc>] (warn_slowpath_common) from [<8002675c>] (warn_slowpath_fmt+0x30/0x40)
[<8002675c>] (warn_slowpath_fmt) from [<802c7db8>] (check_unmap+0x438/0x958)
[<802c7db8>] (check_unmap) from [<802c835c>] (debug_dma_unmap_page+0x84/0x8c)
[<802c835c>] (debug_dma_unmap_page) from [<804d3b94>] (ahash_update_ctx+0xb08/0xec4)
[<804d3b94>] (ahash_update_ctx) from [<7f002984>] (test_ahash_pnum.isra.9.constprop.19+0x2b8/0x514 [tcrypt])
[<7f002984>] (test_ahash_pnum.isra.9.constprop.19 [tcrypt]) from [<7f005998>] (do_test+0x2db8/0x37cc [tcrypt])
[<7f005998>] (do_test [tcrypt]) from [<7f00b050>] (tcrypt_mod_init+0x50/0x9c [tcrypt])
[<7f00b050>] (tcrypt_mod_init [tcrypt]) from [<80009730>] (do_one_initcall+0x8c/0x1d4)
[<80009730>] (do_one_initcall) from [<806dda4c>] (do_init_module+0x5c/0x1a8)
[<806dda4c>] (do_init_module) from [<80085308>] (load_module+0x17e0/0x1da0)
[<80085308>] (load_module) from [<80085998>] (SyS_init_module+0xd0/0x120)
[<80085998>] (SyS_init_module) from [<8000f4c0>] (ret_fast_syscall+0x0/0x3c)
---[ end trace 60807cfb6521c79f ]---

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Change kmalloc to kzalloc to avoid residual data
Victoria Milhoan [Wed, 5 Aug 2015 18:28:39 +0000 (11:28 -0700)]
crypto: caam - Change kmalloc to kzalloc to avoid residual data

Since fields must be ORed in to operate correctly using any order of
operations, changed allocations of the combination of extended
descriptor structs + hardware scatterlists to use kzalloc() instead
of kmalloc(), so as to ensure that residue data would not be ORed in
with the correct data.

Signed-off-by: Steve Cornelius <steve.cornelius@freescale.com>
Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Modify Freescale CAAM driver Scatter Gather entry definition
Victoria Milhoan [Wed, 5 Aug 2015 18:28:38 +0000 (11:28 -0700)]
crypto: caam - Modify Freescale CAAM driver Scatter Gather entry definition

Modify the Scatter-Gather entry definitions for the Freescale
CAAM driver to include support for both 64- and 32-bit DMA pointers.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Enable and disable clocks on Freescale i.MX platforms
Victoria Milhoan [Wed, 5 Aug 2015 18:28:37 +0000 (11:28 -0700)]
crypto: caam - Enable and disable clocks on Freescale i.MX platforms

ARM-based systems may disable clocking to the CAAM device on the
Freescale i.MX platform for power management purposes.  This patch
enables the required clocks when the CAAM module is initialized and
disables the required clocks when the CAAM module is shut down.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Add setbits32/clrbits32/clrsetbits primitives for ARM compatibility
Victoria Milhoan [Wed, 5 Aug 2015 18:28:36 +0000 (11:28 -0700)]
crypto: caam - Add setbits32/clrbits32/clrsetbits primitives for ARM compatibility

Add set/clear 32-bit primitives for compatibility with ARM devices since
the primitives were previously only defined for the Power architecture.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Add cache coherency support
Victoria Milhoan [Wed, 5 Aug 2015 18:28:35 +0000 (11:28 -0700)]
crypto: caam - Add cache coherency support

Freescale i.MX6 ARM platforms do not support hardware cache coherency.
This patch adds cache coherency support to the CAAM driver.

Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Tested-by: Horia Geantă <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Herbert Xu [Mon, 10 Aug 2015 15:17:13 +0000 (23:17 +0800)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6

Merge the crypto tree to pull in the authencesn fix.

9 years agocrypto: authencesn - Fix breakage with new ESP code
Herbert Xu [Fri, 7 Aug 2015 08:00:04 +0000 (16:00 +0800)]
crypto: authencesn - Fix breakage with new ESP code

The ESP code has been updated to generate a completely linear
AD SG list.  This unfortunately broke authencesn which expects
the AD to be divided into at least three parts.

This patch fixes it to cope with the new format.  Later we will
fix it properly to accept arbitrary input and not rely on the
input being linear as part of the AEAD conversion.

Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: authenc - Add Kconfig dependency on CRYPTO_NULL
Herbert Xu [Tue, 4 Aug 2015 13:23:14 +0000 (21:23 +0800)]
crypto: authenc - Add Kconfig dependency on CRYPTO_NULL

CRYPTO_AUTHENC needs to depend on CRYPTO_NULL as authenc uses
null for copying.

Reported-by: Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: testmgr - Reenable authenc tests
Herbert Xu [Thu, 30 Jul 2015 09:53:23 +0000 (17:53 +0800)]
crypto: testmgr - Reenable authenc tests

Now that all implementations of authenc have been converted we can
reenable the tests.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: talitos - Convert to new AEAD interface
Herbert Xu [Thu, 30 Jul 2015 09:53:22 +0000 (17:53 +0800)]
crypto: talitos - Convert to new AEAD interface

This patch converts talitos to the new AEAD interface.  IV generation
has been removed since it's equivalent to a software implementation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Convert to new AEAD interface
Herbert Xu [Thu, 30 Jul 2015 09:53:20 +0000 (17:53 +0800)]
crypto: qat - Convert to new AEAD interface

This patch converts qat to the new AEAD interface.  IV generation
has been removed since it's equivalent to a software implementation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Tadeusz Struk <tadeusz.struk@intel.com>
9 years agocrypto: picoxcell - Convert to new AEAD interface
Herbert Xu [Thu, 30 Jul 2015 09:53:19 +0000 (17:53 +0800)]
crypto: picoxcell - Convert to new AEAD interface

This patch converts picoxcell to the new AEAD interface.  IV
generation has been removed since it's equivalent to a software
implementation.

As picoxcell cannot handle SG lists longer than 16 elements,
this patch has made the software fallback mandatory.  If an SG
list comes in that exceeds the limit, we will simply use the
fallback.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: ixp4xx - Convert to new AEAD interface
Herbert Xu [Thu, 30 Jul 2015 09:53:18 +0000 (17:53 +0800)]
crypto: ixp4xx - Convert to new AEAD interface

This patch converts ixp4xx to the new AEAD interface.  IV generation
has been removed since it's a purely software implementation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Convert authenc to new AEAD interface
Herbert Xu [Thu, 30 Jul 2015 09:53:17 +0000 (17:53 +0800)]
crypto: caam - Convert authenc to new AEAD interface

This patch converts the authenc implementations in caam to the
new AEAD interface.  The biggest change is that seqiv no longer
generates a random IV.  Instead the IPsec sequence number is used
as the IV.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: authenc - Convert to new AEAD interface
Herbert Xu [Thu, 30 Jul 2015 09:53:16 +0000 (17:53 +0800)]
crypto: authenc - Convert to new AEAD interface

This patch converts authenc to the new AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: testmgr - Disable authenc test and convert test vectors
Herbert Xu [Thu, 30 Jul 2015 09:53:14 +0000 (17:53 +0800)]
crypto: testmgr - Disable authenc test and convert test vectors

This patch disables the authenc tests while the conversion to the
new IV calling convention takes place.  It also replaces the authenc
test vectors with ones that will work with the new IV convention.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Herbert Xu [Tue, 4 Aug 2015 12:44:35 +0000 (20:44 +0800)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6

Merge the crypto tree to pull in the qat registration bug fix.

9 years agocrypto: talitos - Remove zero_entry static initializer
Aaron Sierra [Mon, 3 Aug 2015 23:56:21 +0000 (18:56 -0500)]
crypto: talitos - Remove zero_entry static initializer

Compiling the talitos driver with my GCC 4.3.1 e500v2 cross-compiler
resulted in a failed build due to the anonymous union/structures
introduced in this commit:

  crypto: talitos - enhanced talitos_desc struct for SEC1

The build error was:

  drivers/crypto/talitos.h:56: error: unknown field 'len' specified in initializer
  drivers/crypto/talitos.h:56: warning: missing braces around initializer
  drivers/crypto/talitos.h:56: warning: (near initialization for 'zero_entry.<anonymous>')
  drivers/crypto/talitos.h:57: error: unknown field 'j_extent' specified in initializer
  drivers/crypto/talitos.h:58: error: unknown field 'eptr' specified in initializer
  drivers/crypto/talitos.h:58: warning: excess elements in struct initializer
  drivers/crypto/talitos.h:58: warning: (near initialization for 'zero_entry')
  make[2]: *** [drivers/crypto/talitos.o] Error 1
  make[1]: *** [drivers/crypto] Error 2
  make: *** [drivers] Error 2

This patch eliminates the errors by relying on the C standard's
implicit assignment of zero to static variables.

Signed-off-by: Aaron Sierra <asierra@xes-inc.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: doc - AEAD API conversion
Stephan Mueller [Mon, 3 Aug 2015 07:08:05 +0000 (09:08 +0200)]
crypto: doc - AEAD API conversion

The AEAD API changes are now reflected in the crypto API doc book.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: img-hash - fix spelling mistake in dev_err error message
Colin Ian King [Sun, 2 Aug 2015 23:05:03 +0000 (00:05 +0100)]
crypto: img-hash - fix spelling mistake in dev_err error message

Trival change, fix spelling mistake 'aquire' -> 'acquire' in
dev_err message.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - fix rfc4106 encap shared descriptor
Horia Geant? [Thu, 30 Jul 2015 19:11:18 +0000 (22:11 +0300)]
crypto: caam - fix rfc4106 encap shared descriptor

The encap shared descriptor was changed to use the new IV convention.
In the process some commands were shifted, making the output length
zero, caam effectively writing garbage in dst.

While here, update the decap descriptor to execute the "write" commands
before the "read"s (as it previously was).
This makes sure the input fifo is drained before becoming full.

Fixes: 46218750d523 ("crypto: caam - Use new IV convention")
Signed-off-by: Horia Geant? <horia.geanta@freescale.com>
Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoMAINTAINERS: change 842 NX owner email address
Dan Streetman [Wed, 29 Jul 2015 23:50:46 +0000 (19:50 -0400)]
MAINTAINERS: change 842 NX owner email address

Change my IBM email to my personal IEEE email.

I'm leaving IBM, so my email there won't work anymore.  This changes
the owner to my personal email, so I can still get cc'ed on patches,
until someone at IBM sends a patch to take it over.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - use be32_to_cpu for __be32 field in debug msg
Dan Streetman [Wed, 29 Jul 2015 23:43:29 +0000 (19:43 -0400)]
crypto: nx - use be32_to_cpu for __be32 field in debug msg

One of the debug messages in the NX 842 PowerNV driver is missing
the required be32_to_cpu() wrapper when accessing the __be32 field
csb->count.  Add the wrapper so the message will show the correct count.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - don't err if compressed output > input
Dan Streetman [Wed, 29 Jul 2015 23:42:09 +0000 (19:42 -0400)]
crypto: nx - don't err if compressed output > input

Return success instead of error if compression succeeds but the output is
larger than the input.

It's unlikely that the caller will use the compressed data since it's
larger than the original uncompressed data, but there was no error and
returning an error code is incorrect.  Further, for testing small input
buffers, the output is likely to be larger than the input and success
needs to be returned to verify the test.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - remove unnecessary list iteration
Bruce Allan [Mon, 27 Jul 2015 19:58:32 +0000 (12:58 -0700)]
crypto: qat - remove unnecessary list iteration

There's no need to iterate through the list for instances in the
accel_table since the number of devices is already known in this file.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: jitterentropy - use safe format string parameters
Kees Cook [Fri, 24 Jul 2015 22:41:27 +0000 (15:41 -0700)]
crypto: jitterentropy - use safe format string parameters

Since the API for jent_panic() does not include format string parameters,
adjust the call to panic() to use a literal string to avoid any future
callers from leaking format strings into the panic message.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Fix typo othewise->otherwise
Ahsan Atta [Fri, 24 Jul 2015 20:18:26 +0000 (13:18 -0700)]
crypto: qat - Fix typo othewise->otherwise

Signed-off-by: Ahsan Atta <ahsan.atta@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - remove unused define
Bruce Allan [Fri, 24 Jul 2015 20:18:25 +0000 (13:18 -0700)]
crypto: qat - remove unused define

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - fix bug in ADF_RING_SIZE_BYTES_MIN macro
Bruce Allan [Fri, 24 Jul 2015 20:18:25 +0000 (13:18 -0700)]
crypto: qat - fix bug in ADF_RING_SIZE_BYTES_MIN macro

The subject macro mistakenly compares the passed-in ring size in bytes
with ADF_RING_SIZE_4K which is 0x6 (an internal representation of 4KB)
rather than comparing with the intended value of 4096.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - remove redundant struct elem
Bruce Allan [Fri, 24 Jul 2015 20:18:25 +0000 (13:18 -0700)]
crypto: qat - remove redundant struct elem

The element pci_dev_id in the struct adf_hw_device_data is redundant since
the PCI device id can be retrieved from the struct pci_dev.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agohwrng: core - correct error check of kthread_run call
Martin Schwidefsky [Fri, 24 Jul 2015 11:13:30 +0000 (13:13 +0200)]
hwrng: core - correct error check of kthread_run call

The kthread_run() function can return two different error values
but the hwrng core only checks for -ENOMEM. If the other error
value -EINTR is returned it is assigned to hwrng_fill and later
used on a kthread_stop() call which naturally crashes.

Cc: stable@vger.kernel.org
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - make platform drivers directly register with crypto
Dan Streetman [Wed, 22 Jul 2015 18:26:38 +0000 (14:26 -0400)]
crypto: nx - make platform drivers directly register with crypto

Remove the common 'platform' registration module, and move the crypto
compression driver registration into each of the pSeries and PowerNV
platform NX 842 drivers.  Change the nx-842.c code into simple common
functions that each platform driver uses to perform constraints-based
buffer changes, i.e. realigning and/or resizing buffers to match the
driver's hardware requirements.

The common 'platform' module was my mistake to create - since each
platform driver will only load/operate when running on its own
platform (i.e. a pSeries platform or a PowerNV platform), they can
directly register with the crypto subsystem, using the same alg and
driver name.  This removes unneeded complexity.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - rename nx-842-crypto.c to nx-842.c
Dan Streetman [Wed, 22 Jul 2015 18:26:37 +0000 (14:26 -0400)]
crypto: nx - rename nx-842-crypto.c to nx-842.c

The last commit merged nx-842.c's code into nx-842-crypto.c.  It
did not rename nx-842-crypto.c to nx-842.c, in order to let the
patch more clearly show what was merged.  This just renames
nx-842-crypto.c to nx-842.c, with no changes to its code.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - merge nx-compress and nx-compress-crypto
Dan Streetman [Wed, 22 Jul 2015 18:26:36 +0000 (14:26 -0400)]
crypto: nx - merge nx-compress and nx-compress-crypto

Merge the nx-842.c code into nx-842-crypto.c.

This allows later patches to remove the 'platform' driver, and instead
allow each platform driver to directly register with the crypto
compression api.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - use common code for both NX decompress success cases
Dan Streetman [Wed, 22 Jul 2015 18:26:35 +0000 (14:26 -0400)]
crypto: nx - use common code for both NX decompress success cases

Replace the duplicated finishing code (set destination buffer length and
set return code to 0) in the case of decompressing a buffer with no header
with a goto to the success case of decompressing a buffer with a header.

This is a trivial change that allows both success cases to use common code,
and includes the pr_debug() msg in both cases as well.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - don't register pSeries driver if ENODEV
Dan Streetman [Wed, 22 Jul 2015 18:26:34 +0000 (14:26 -0400)]
crypto: nx - don't register pSeries driver if ENODEV

Don't register the pSeries driver when parsing the device tree returns
ENODEV.

The nx842_probe() function in the pSeries driver returns error instead
of registering as a crypto compression driver, when it receives an
error return value from the nx842_OF_upd() function that probes the
device tree nodes, except when ENODEV is returned.  However ENODEV
should not be a special case and the driver should not register when
there is no hw device, or the hw device is disabled.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - move kzalloc() out of spinlock
Dan Streetman [Wed, 22 Jul 2015 18:26:33 +0000 (14:26 -0400)]
crypto: nx - move kzalloc() out of spinlock

Move the kzalloc() calls in nx842_probe() and nx842_OF_upd() to the top
of the functions, before taking the devdata spinlock.

Since kzalloc() without GFP_ATOMIC can sleep, it can't be called while
holding a spinlock.  Move the calls to before taking the lock.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - remove pSeries NX 'status' field
Dan Streetman [Wed, 22 Jul 2015 18:26:32 +0000 (14:26 -0400)]
crypto: nx - remove pSeries NX 'status' field

Remove the 'status' field from the pSeries NX driver data.

The 'status' field isn't used by the driver at all; it simply checks the
devicetree status node at initialization, and returns success if 'okay'
and failure otherwise.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - remove __init/__exit from VIO functions
Dan Streetman [Wed, 22 Jul 2015 18:26:31 +0000 (14:26 -0400)]
crypto: nx - remove __init/__exit from VIO functions

Remove the __init and __exit modifiers from the VIO driver probe and
remove functions.

The driver functions should not be marked __init/__exit because they
can/will be called during runtime, not only at module init and exit.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Don't attempt to register algorithm multiple times
Tadeusz Struk [Wed, 22 Jul 2015 05:07:47 +0000 (22:07 -0700)]
crypto: qat - Don't attempt to register algorithm multiple times

When multiple devices are present in the system the driver attempts
to register the same algorithm many times.

Changes in v2:
 - use proper synchronization mechanizm between register and unregister

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
Herbert Xu [Wed, 22 Jul 2015 10:05:35 +0000 (18:05 +0800)]
crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer

This patch removes a bogus BUG_ON in the ablkcipher path that
triggers when the destination buffer is different from the source
buffer and is scattered.

Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Fix invalid synchronization between register/unregister sym algs
Tadeusz Struk [Wed, 22 Jul 2015 05:07:47 +0000 (22:07 -0700)]
crypto: qat - Fix invalid synchronization between register/unregister sym algs

The synchronization method used atomic was bogus.
Use a proper synchronization with mutex.

Cc: stable@vger.kernel.org
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - fix invalid check for RSA keylen in fips mode
Tadeusz Struk [Tue, 21 Jul 2015 00:18:27 +0000 (17:18 -0700)]
crypto: qat - fix invalid check for RSA keylen in fips mode

The condition checking allowed key length was invalid.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: rsa - fix invalid check for keylen in fips mode
Tadeusz Struk [Tue, 21 Jul 2015 00:18:26 +0000 (17:18 -0700)]
crypto: rsa - fix invalid check for keylen in fips mode

The condition checking allowed key length was invalid.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoMAINTAINERS: Add myself as maintainer of Allwinner Security System
LABBE Corentin [Fri, 17 Jul 2015 14:39:42 +0000 (16:39 +0200)]
MAINTAINERS: Add myself as maintainer of Allwinner Security System

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: sunxi-ss - Add Allwinner Security System crypto accelerator
LABBE Corentin [Fri, 17 Jul 2015 14:39:41 +0000 (16:39 +0200)]
crypto: sunxi-ss - Add Allwinner Security System crypto accelerator

Add support for the Security System included in Allwinner SoC A20.
The Security System is a hardware cryptographic accelerator that support:
- MD5 and SHA1 hash algorithms
- AES block cipher in CBC/ECB mode with 128/196/256bits keys.
- DES and 3DES block cipher in CBC/ECB mode

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoARM: sun4i: dt: Add DT bindings documentation for SUN4I Security System
LABBE Corentin [Fri, 17 Jul 2015 14:39:40 +0000 (16:39 +0200)]
ARM: sun4i: dt: Add DT bindings documentation for SUN4I Security System

This patch adds documentation for Device-Tree bindings for the
Security System cryptographic accelerator driver.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoARM: sun7i: dt: Add Security System to A20 SoC DTS
LABBE Corentin [Fri, 17 Jul 2015 14:39:39 +0000 (16:39 +0200)]
ARM: sun7i: dt: Add Security System to A20 SoC DTS

The Security System is a hardware cryptographic accelerator that support
AES/MD5/SHA1/DES/3DES/PRNG algorithms.
It could be found on many Allwinner SoC.

This patch enable the Security System on the Allwinner A20 SoC Device-tree.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoARM: sun4i: dt: Add Security System to A10 SoC DTS
LABBE Corentin [Fri, 17 Jul 2015 14:39:38 +0000 (16:39 +0200)]
ARM: sun4i: dt: Add Security System to A10 SoC DTS

The Security System is a hardware cryptographic accelerator that support
AES/MD5/SHA1/DES/3DES/PRNG algorithms.
It could be found on many Allwinner SoC.

This patch enable the Security System on the Allwinner A10 SoC Device-tree.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - fix warning in APPEND_MATH_IMM_u64
Tudor Ambarus [Fri, 17 Jul 2015 13:54:54 +0000 (16:54 +0300)]
crypto: caam - fix warning in APPEND_MATH_IMM_u64

An implicit truncation is done when using a variable of 64 bits
in MATH command:

warning: large integer implicitly truncated to unsigned type [-Woverflow]

Silence the compiler by feeding it with an explicit truncated value.

Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: Horia Geant? <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - fix RNG init descriptor ret. code checking
Horia Geant? [Fri, 17 Jul 2015 13:54:53 +0000 (16:54 +0300)]
crypto: caam - fix RNG init descriptor ret. code checking

When successful, the descriptor that performs RNG initialization
is allowed to return a status code of 7000_0000h, since last command
in the descriptor is a JUMP HALT.

Signed-off-by: Horia Geant? <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - fix snooping for write transactions
Horia Geant? [Fri, 17 Jul 2015 13:54:52 +0000 (16:54 +0300)]
crypto: caam - fix snooping for write transactions

HW coherency won't work properly for CAAM write transactions
if AWCACHE is left to default (POR) value - 4'b0001.
It has to be programmed to 4'b0010, i.e. AXI3 Cacheable bit set.

For platforms that have HW coherency support:
-PPC-based: the update has no effect; CAAM coherency already works
due to the IOMMU (PAMU) driver setting the correct memory coherency
attributes
-ARM-based: the update fixes cache coherency issues,
since IOMMU (SMMU) driver is not programmed to behave similar to PAMU

Signed-off-by: Horia Geant? <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - fix ERA property reading
Alex Porosanu [Fri, 17 Jul 2015 13:54:51 +0000 (16:54 +0300)]
crypto: caam - fix ERA property reading

In order to ensure that the ERA property is properly read from DT
on all platforms, of_property_read* function needs to be used.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Signed-off-by: Horia Geant? <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: poly1305 - Add a four block AVX2 variant for x86_64
Martin Willi [Thu, 16 Jul 2015 17:14:08 +0000 (19:14 +0200)]
crypto: poly1305 - Add a four block AVX2 variant for x86_64

Extends the x86_64 Poly1305 authenticator by a function processing four
consecutive Poly1305 blocks in parallel using AVX2 instructions.

For large messages, throughput increases by ~15-45% compared to two
block SSE2:

testing speed of poly1305 (poly1305-simd)
test  0 (   96 byte blocks,   16 bytes per update,   6 updates): 3809514 opers/sec,  365713411 bytes/sec
test  1 (   96 byte blocks,   32 bytes per update,   3 updates): 5973423 opers/sec,  573448627 bytes/sec
test  2 (   96 byte blocks,   96 bytes per update,   1 updates): 9446779 opers/sec,  906890803 bytes/sec
test  3 (  288 byte blocks,   16 bytes per update,  18 updates): 1364814 opers/sec,  393066691 bytes/sec
test  4 (  288 byte blocks,   32 bytes per update,   9 updates): 2045780 opers/sec,  589184697 bytes/sec
test  5 (  288 byte blocks,  288 bytes per update,   1 updates): 3711946 opers/sec, 1069040592 bytes/sec
test  6 ( 1056 byte blocks,   32 bytes per update,  33 updates):  573686 opers/sec,  605812732 bytes/sec
test  7 ( 1056 byte blocks, 1056 bytes per update,   1 updates): 1647802 opers/sec, 1740079440 bytes/sec
test  8 ( 2080 byte blocks,   32 bytes per update,  65 updates):  292970 opers/sec,  609378224 bytes/sec
test  9 ( 2080 byte blocks, 2080 bytes per update,   1 updates):  943229 opers/sec, 1961916528 bytes/sec
test 10 ( 4128 byte blocks, 4128 bytes per update,   1 updates):  494623 opers/sec, 2041804569 bytes/sec
test 11 ( 8224 byte blocks, 8224 bytes per update,   1 updates):  254045 opers/sec, 2089271014 bytes/sec

testing speed of poly1305 (poly1305-simd)
test  0 (   96 byte blocks,   16 bytes per update,   6 updates): 3826224 opers/sec,  367317552 bytes/sec
test  1 (   96 byte blocks,   32 bytes per update,   3 updates): 5948638 opers/sec,  571069267 bytes/sec
test  2 (   96 byte blocks,   96 bytes per update,   1 updates): 9439110 opers/sec,  906154627 bytes/sec
test  3 (  288 byte blocks,   16 bytes per update,  18 updates): 1367756 opers/sec,  393913872 bytes/sec
test  4 (  288 byte blocks,   32 bytes per update,   9 updates): 2056881 opers/sec,  592381958 bytes/sec
test  5 (  288 byte blocks,  288 bytes per update,   1 updates): 3711153 opers/sec, 1068812179 bytes/sec
test  6 ( 1056 byte blocks,   32 bytes per update,  33 updates):  574940 opers/sec,  607136745 bytes/sec
test  7 ( 1056 byte blocks, 1056 bytes per update,   1 updates): 1948830 opers/sec, 2057964585 bytes/sec
test  8 ( 2080 byte blocks,   32 bytes per update,  65 updates):  293308 opers/sec,  610082096 bytes/sec
test  9 ( 2080 byte blocks, 2080 bytes per update,   1 updates): 1235224 opers/sec, 2569267792 bytes/sec
test 10 ( 4128 byte blocks, 4128 bytes per update,   1 updates):  684405 opers/sec, 2825226316 bytes/sec
test 11 ( 8224 byte blocks, 8224 bytes per update,   1 updates):  367101 opers/sec, 3019039446 bytes/sec

Benchmark results from a Core i5-4670T.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: poly1305 - Add a two block SSE2 variant for x86_64
Martin Willi [Thu, 16 Jul 2015 17:14:07 +0000 (19:14 +0200)]
crypto: poly1305 - Add a two block SSE2 variant for x86_64

Extends the x86_64 SSE2 Poly1305 authenticator by a function processing two
consecutive Poly1305 blocks in parallel using a derived key r^2. Loop
unrolling can be more effectively mapped to SSE instructions, further
increasing throughput.

For large messages, throughput increases by ~45-65% compared to single
block SSE2:

testing speed of poly1305 (poly1305-simd)
test  0 (   96 byte blocks,   16 bytes per update,   6 updates): 3790063 opers/sec,  363846076 bytes/sec
test  1 (   96 byte blocks,   32 bytes per update,   3 updates): 5913378 opers/sec,  567684355 bytes/sec
test  2 (   96 byte blocks,   96 bytes per update,   1 updates): 9352574 opers/sec,  897847104 bytes/sec
test  3 (  288 byte blocks,   16 bytes per update,  18 updates): 1362145 opers/sec,  392297990 bytes/sec
test  4 (  288 byte blocks,   32 bytes per update,   9 updates): 2007075 opers/sec,  578037628 bytes/sec
test  5 (  288 byte blocks,  288 bytes per update,   1 updates): 3709811 opers/sec, 1068425798 bytes/sec
test  6 ( 1056 byte blocks,   32 bytes per update,  33 updates):  566272 opers/sec,  597984182 bytes/sec
test  7 ( 1056 byte blocks, 1056 bytes per update,   1 updates): 1111657 opers/sec, 1173910108 bytes/sec
test  8 ( 2080 byte blocks,   32 bytes per update,  65 updates):  288857 opers/sec,  600823808 bytes/sec
test  9 ( 2080 byte blocks, 2080 bytes per update,   1 updates):  590746 opers/sec, 1228751888 bytes/sec
test 10 ( 4128 byte blocks, 4128 bytes per update,   1 updates):  301825 opers/sec, 1245936902 bytes/sec
test 11 ( 8224 byte blocks, 8224 bytes per update,   1 updates):  153075 opers/sec, 1258896201 bytes/sec

testing speed of poly1305 (poly1305-simd)
test  0 (   96 byte blocks,   16 bytes per update,   6 updates): 3809514 opers/sec,  365713411 bytes/sec
test  1 (   96 byte blocks,   32 bytes per update,   3 updates): 5973423 opers/sec,  573448627 bytes/sec
test  2 (   96 byte blocks,   96 bytes per update,   1 updates): 9446779 opers/sec,  906890803 bytes/sec
test  3 (  288 byte blocks,   16 bytes per update,  18 updates): 1364814 opers/sec,  393066691 bytes/sec
test  4 (  288 byte blocks,   32 bytes per update,   9 updates): 2045780 opers/sec,  589184697 bytes/sec
test  5 (  288 byte blocks,  288 bytes per update,   1 updates): 3711946 opers/sec, 1069040592 bytes/sec
test  6 ( 1056 byte blocks,   32 bytes per update,  33 updates):  573686 opers/sec,  605812732 bytes/sec
test  7 ( 1056 byte blocks, 1056 bytes per update,   1 updates): 1647802 opers/sec, 1740079440 bytes/sec
test  8 ( 2080 byte blocks,   32 bytes per update,  65 updates):  292970 opers/sec,  609378224 bytes/sec
test  9 ( 2080 byte blocks, 2080 bytes per update,   1 updates):  943229 opers/sec, 1961916528 bytes/sec
test 10 ( 4128 byte blocks, 4128 bytes per update,   1 updates):  494623 opers/sec, 2041804569 bytes/sec
test 11 ( 8224 byte blocks, 8224 bytes per update,   1 updates):  254045 opers/sec, 2089271014 bytes/sec

Benchmark results from a Core i5-4670T.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: poly1305 - Add a SSE2 SIMD variant for x86_64
Martin Willi [Thu, 16 Jul 2015 17:14:06 +0000 (19:14 +0200)]
crypto: poly1305 - Add a SSE2 SIMD variant for x86_64

Implements an x86_64 assembler driver for the Poly1305 authenticator. This
single block variant holds the 130-bit integer in 5 32-bit words, but uses
SSE to do two multiplications/additions in parallel.

When calling updates with small blocks, the overhead for kernel_fpu_begin/
kernel_fpu_end() negates the perfmance gain. We therefore use the
poly1305-generic fallback for small updates.

For large messages, throughput increases by ~5-10% compared to
poly1305-generic:

testing speed of poly1305 (poly1305-generic)
test  0 (   96 byte blocks,   16 bytes per update,   6 updates): 4080026 opers/sec,  391682496 bytes/sec
test  1 (   96 byte blocks,   32 bytes per update,   3 updates): 6221094 opers/sec,  597225024 bytes/sec
test  2 (   96 byte blocks,   96 bytes per update,   1 updates): 9609750 opers/sec,  922536057 bytes/sec
test  3 (  288 byte blocks,   16 bytes per update,  18 updates): 1459379 opers/sec,  420301267 bytes/sec
test  4 (  288 byte blocks,   32 bytes per update,   9 updates): 2115179 opers/sec,  609171609 bytes/sec
test  5 (  288 byte blocks,  288 bytes per update,   1 updates): 3729874 opers/sec, 1074203856 bytes/sec
test  6 ( 1056 byte blocks,   32 bytes per update,  33 updates):  593000 opers/sec,  626208000 bytes/sec
test  7 ( 1056 byte blocks, 1056 bytes per update,   1 updates): 1081536 opers/sec, 1142102332 bytes/sec
test  8 ( 2080 byte blocks,   32 bytes per update,  65 updates):  302077 opers/sec,  628320576 bytes/sec
test  9 ( 2080 byte blocks, 2080 bytes per update,   1 updates):  554384 opers/sec, 1153120176 bytes/sec
test 10 ( 4128 byte blocks, 4128 bytes per update,   1 updates):  278715 opers/sec, 1150536345 bytes/sec
test 11 ( 8224 byte blocks, 8224 bytes per update,   1 updates):  140202 opers/sec, 1153022070 bytes/sec

testing speed of poly1305 (poly1305-simd)
test  0 (   96 byte blocks,   16 bytes per update,   6 updates): 3790063 opers/sec,  363846076 bytes/sec
test  1 (   96 byte blocks,   32 bytes per update,   3 updates): 5913378 opers/sec,  567684355 bytes/sec
test  2 (   96 byte blocks,   96 bytes per update,   1 updates): 9352574 opers/sec,  897847104 bytes/sec
test  3 (  288 byte blocks,   16 bytes per update,  18 updates): 1362145 opers/sec,  392297990 bytes/sec
test  4 (  288 byte blocks,   32 bytes per update,   9 updates): 2007075 opers/sec,  578037628 bytes/sec
test  5 (  288 byte blocks,  288 bytes per update,   1 updates): 3709811 opers/sec, 1068425798 bytes/sec
test  6 ( 1056 byte blocks,   32 bytes per update,  33 updates):  566272 opers/sec,  597984182 bytes/sec
test  7 ( 1056 byte blocks, 1056 bytes per update,   1 updates): 1111657 opers/sec, 1173910108 bytes/sec
test  8 ( 2080 byte blocks,   32 bytes per update,  65 updates):  288857 opers/sec,  600823808 bytes/sec
test  9 ( 2080 byte blocks, 2080 bytes per update,   1 updates):  590746 opers/sec, 1228751888 bytes/sec
test 10 ( 4128 byte blocks, 4128 bytes per update,   1 updates):  301825 opers/sec, 1245936902 bytes/sec
test 11 ( 8224 byte blocks, 8224 bytes per update,   1 updates):  153075 opers/sec, 1258896201 bytes/sec

Benchmark results from a Core i5-4670T.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: poly1305 - Export common Poly1305 helpers
Martin Willi [Thu, 16 Jul 2015 17:14:05 +0000 (19:14 +0200)]
crypto: poly1305 - Export common Poly1305 helpers

As architecture specific drivers need a software fallback, export Poly1305
init/update/final functions together with some helpers in a header file.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: testmgr - Add a longer ChaCha20 test vector
Martin Willi [Thu, 16 Jul 2015 17:14:04 +0000 (19:14 +0200)]
crypto: testmgr - Add a longer ChaCha20 test vector

The AVX2 variant of ChaCha20 is used only for messages with >= 512 bytes
length. With the existing test vectors, the implementation could not be
tested. Due that lack of such a long official test vector, this one is
self-generated using chacha20-generic.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: chacha20 - Add an eight block AVX2 variant for x86_64
Martin Willi [Thu, 16 Jul 2015 17:14:03 +0000 (19:14 +0200)]
crypto: chacha20 - Add an eight block AVX2 variant for x86_64

Extends the x86_64 ChaCha20 implementation by a function processing eight
ChaCha20 blocks in parallel using AVX2.

For large messages, throughput increases by ~55-70% compared to four block
SSSE3:

testing speed of chacha20 (chacha20-simd) encryption
test 0 (256 bit key, 16 byte blocks): 42249230 operations in 10 seconds (675987680 bytes)
test 1 (256 bit key, 64 byte blocks): 46441641 operations in 10 seconds (2972265024 bytes)
test 2 (256 bit key, 256 byte blocks): 33028112 operations in 10 seconds (8455196672 bytes)
test 3 (256 bit key, 1024 byte blocks): 11568759 operations in 10 seconds (11846409216 bytes)
test 4 (256 bit key, 8192 byte blocks): 1448761 operations in 10 seconds (11868250112 bytes)

testing speed of chacha20 (chacha20-simd) encryption
test 0 (256 bit key, 16 byte blocks): 41999675 operations in 10 seconds (671994800 bytes)
test 1 (256 bit key, 64 byte blocks): 45805908 operations in 10 seconds (2931578112 bytes)
test 2 (256 bit key, 256 byte blocks): 32814947 operations in 10 seconds (8400626432 bytes)
test 3 (256 bit key, 1024 byte blocks): 19777167 operations in 10 seconds (20251819008 bytes)
test 4 (256 bit key, 8192 byte blocks): 2279321 operations in 10 seconds (18672197632 bytes)

Benchmark results from a Core i5-4670T.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: chacha20 - Add a four block SSSE3 variant for x86_64
Martin Willi [Thu, 16 Jul 2015 17:14:02 +0000 (19:14 +0200)]
crypto: chacha20 - Add a four block SSSE3 variant for x86_64

Extends the x86_64 SSSE3 ChaCha20 implementation by a function processing
four ChaCha20 blocks in parallel. This avoids the word shuffling needed
in the single block variant, further increasing throughput.

For large messages, throughput increases by ~110% compared to single block
SSSE3:

testing speed of chacha20 (chacha20-simd) encryption
test 0 (256 bit key, 16 byte blocks): 43141886 operations in 10 seconds (690270176 bytes)
test 1 (256 bit key, 64 byte blocks): 46845874 operations in 10 seconds (2998135936 bytes)
test 2 (256 bit key, 256 byte blocks): 18458512 operations in 10 seconds (4725379072 bytes)
test 3 (256 bit key, 1024 byte blocks): 5360533 operations in 10 seconds (5489185792 bytes)
test 4 (256 bit key, 8192 byte blocks): 692846 operations in 10 seconds (5675794432 bytes)

testing speed of chacha20 (chacha20-simd) encryption
test 0 (256 bit key, 16 byte blocks): 42249230 operations in 10 seconds (675987680 bytes)
test 1 (256 bit key, 64 byte blocks): 46441641 operations in 10 seconds (2972265024 bytes)
test 2 (256 bit key, 256 byte blocks): 33028112 operations in 10 seconds (8455196672 bytes)
test 3 (256 bit key, 1024 byte blocks): 11568759 operations in 10 seconds (11846409216 bytes)
test 4 (256 bit key, 8192 byte blocks): 1448761 operations in 10 seconds (11868250112 bytes)

Benchmark results from a Core i5-4670T.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: chacha20 - Add a SSSE3 SIMD variant for x86_64
Martin Willi [Thu, 16 Jul 2015 17:14:01 +0000 (19:14 +0200)]
crypto: chacha20 - Add a SSSE3 SIMD variant for x86_64

Implements an x86_64 assembler driver for the ChaCha20 stream cipher. This
single block variant works on a single state matrix using SSE instructions.
It requires SSSE3 due the use of pshufb for efficient 8/16-bit rotate
operations.

For large messages, throughput increases by ~65% compared to
chacha20-generic:

testing speed of chacha20 (chacha20-generic) encryption
test 0 (256 bit key, 16 byte blocks): 45089207 operations in 10 seconds (721427312 bytes)
test 1 (256 bit key, 64 byte blocks): 43839521 operations in 10 seconds (2805729344 bytes)
test 2 (256 bit key, 256 byte blocks): 12702056 operations in 10 seconds (3251726336 bytes)
test 3 (256 bit key, 1024 byte blocks): 3371173 operations in 10 seconds (3452081152 bytes)
test 4 (256 bit key, 8192 byte blocks): 422468 operations in 10 seconds (3460857856 bytes)

testing speed of chacha20 (chacha20-simd) encryption
test 0 (256 bit key, 16 byte blocks): 43141886 operations in 10 seconds (690270176 bytes)
test 1 (256 bit key, 64 byte blocks): 46845874 operations in 10 seconds (2998135936 bytes)
test 2 (256 bit key, 256 byte blocks): 18458512 operations in 10 seconds (4725379072 bytes)
test 3 (256 bit key, 1024 byte blocks): 5360533 operations in 10 seconds (5489185792 bytes)
test 4 (256 bit key, 8192 byte blocks): 692846 operations in 10 seconds (5675794432 bytes)

Benchmark results from a Core i5-4670T.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: chacha20 - Export common ChaCha20 helpers
Martin Willi [Thu, 16 Jul 2015 17:14:00 +0000 (19:14 +0200)]
crypto: chacha20 - Export common ChaCha20 helpers

As architecture specific drivers need a software fallback, export a
ChaCha20 en-/decryption function together with some helpers in a header
file.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: tcrypt - Add ChaCha20/Poly1305 speed tests
Martin Willi [Thu, 16 Jul 2015 17:13:59 +0000 (19:13 +0200)]
crypto: tcrypt - Add ChaCha20/Poly1305 speed tests

Adds individual ChaCha20 and Poly1305 and a combined rfc7539esp AEAD speed
test using mode numbers 214, 321 and 213. For Poly1305 we add a specific
speed template, as it expects the key prepended to the input data.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: chacha20poly1305 - Convert to new AEAD interface
Herbert Xu [Thu, 16 Jul 2015 04:35:08 +0000 (12:35 +0800)]
crypto: chacha20poly1305 - Convert to new AEAD interface

This patch converts rfc7539 and rfc7539esp to the new AEAD interface.
The test vectors for rfc7539esp have also been updated to include
the IV.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Martin Willi <martin@strongswan.org>
9 years agocrypto: rsa - limit supported key lengths
Tadeusz Struk [Wed, 15 Jul 2015 22:28:43 +0000 (15:28 -0700)]
crypto: rsa - limit supported key lengths

Introduce constrains for RSA keys lengths.
Only key lengths of 512, 1024, 1536, 2048, 3072, and 4096 bits
will be supported.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Add support for RSA algorithm
Tadeusz Struk [Wed, 15 Jul 2015 22:28:38 +0000 (15:28 -0700)]
crypto: qat - Add support for RSA algorithm

Add RSA support to QAT driver.
Removed unused RNG rings.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - add MMP FW support to accel engine
Tadeusz Struk [Wed, 15 Jul 2015 22:28:32 +0000 (15:28 -0700)]
crypto: qat - add MMP FW support to accel engine

Add code that loads the MMP firmware

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - add support for MMP FW
Pingchao Yang [Wed, 15 Jul 2015 22:28:26 +0000 (15:28 -0700)]
crypto: qat - add support for MMP FW

Load Modular Math Processor(MMP) firmware into QAT devices to support
public key algorithm acceleration.

Signed-off-by: Pingchao Yang <pingchao.yang@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: testmgr - Reenable rfc4309 test
Herbert Xu [Tue, 14 Jul 2015 08:53:22 +0000 (16:53 +0800)]
crypto: testmgr - Reenable rfc4309 test

Now that all implementations of rfc4309 have been converted we can
reenable the test.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - Convert ccm to new AEAD interface
Herbert Xu [Tue, 14 Jul 2015 08:53:21 +0000 (16:53 +0800)]
crypto: nx - Convert ccm to new AEAD interface

This patch converts the nx ccm and 4309 implementations to the
new AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aes-ce-ccm - Convert to new AEAD interface
Herbert Xu [Tue, 14 Jul 2015 08:53:19 +0000 (16:53 +0800)]
crypto: aes-ce-ccm - Convert to new AEAD interface

This patch converts the ARM64 aes-ce-ccm implementation to the
new AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
9 years agocrypto: ccm - Convert to new AEAD interface
Herbert Xu [Tue, 14 Jul 2015 08:53:18 +0000 (16:53 +0800)]
crypto: ccm - Convert to new AEAD interface

This patch converts generic ccm and its associated transforms to
the new AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: testmgr - Disable rfc4309 test and convert test vectors
Herbert Xu [Tue, 14 Jul 2015 08:53:17 +0000 (16:53 +0800)]
crypto: testmgr - Disable rfc4309 test and convert test vectors

This patch disables the rfc4309 test while the conversion to the
new seqiv calling convention takes place.  It also replaces the
rfc4309 test vectors with ones that will work with the new IV
convention.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: vmx - Adding enable_kernel_vsx() to access VSX instructions
Leonidas Da Silva Barbosa [Mon, 13 Jul 2015 16:51:39 +0000 (13:51 -0300)]
crypto: vmx - Adding enable_kernel_vsx() to access VSX instructions

vmx-crypto driver make use of some VSX instructions which are
only available if VSX is enabled. Running in cases where VSX
are not enabled vmx-crypto fails in a VSX exception.

In order to fix this enable_kernel_vsx() was added to turn on
VSX instructions for vmx-crypto.

Signed-off-by: Leonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agopowerpc: Uncomment and make enable_kernel_vsx() routine available
Leonidas Da Silva Barbosa [Mon, 13 Jul 2015 16:51:01 +0000 (13:51 -0300)]
powerpc: Uncomment and make enable_kernel_vsx() routine available

enable_kernel_vsx() function was commented since anything was using
it. However, vmx-crypto driver uses VSX instructions which are
only available if VSX is enable. Otherwise it rises an exception oops.

This patch uncomment enable_kernel_vsx() routine and makes it available.

Signed-off-by: Leonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: marvell/cesa - Drop owner assignment from platform_driver
Krzysztof Kozlowski [Fri, 10 Jul 2015 05:46:16 +0000 (14:46 +0900)]
crypto: marvell/cesa - Drop owner assignment from platform_driver

platform_driver does not need to set an owner because
platform_driver_register() will set it.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>