[PATCH] crypto: inside-secure - Fix corruption on not fully coherent systems
A customer of ours (Rambus) reported corruption issues running the driver
on their SoC platform, which turned out to be not fully coherent.
This caused problems with the DMA mapping of the state and cache buffers
stored inside the safexcel_ahash_req struct, as these buffers would not
start and/or end on a cacheline boundary, hence they could share a cache
line with the CPU. Which could cause the CPU to read stale data from the
cache (loaded from memory *before* the accelerator updated it).
Fixed by determining the system cacheline size and dynamically moving
these 2 buffers to a cacheline aligned boundary. Also ensuring that the
last cacheline of the last buffer is not shared (by overallocating).
This was tested by the customer to solve their coherence problems. It
was also tested by me on a VCU118 board w/ EIP-197c and Macchiatobin.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel_hash.c | 97 +++-
1 file changed, 65 insertions(+), 32 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 16a4679..e350f39 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -22,6 +22,8 @@ struct safexcel_ahash_ctx {
struct safexcel_context base;
struct safexcel_crypto_priv *priv;
+ int extra_req_bytes;
+ int req_align;
u32 alg;
u8 key_sz;
bool cbcmac;
@@ -56,17 +58,19 @@ struct safexcel_ahash_req {
u8 state_sz;/* expected state size, only set once */
u8 block_sz;/* block size, only set once */
u8 digest_sz; /* output digest size, only set once */
- __le32 state[SHA3_512_BLOCK_SIZE /
-sizeof(__le32)] __aligned(sizeof(__le32));
+ __le32 *state; /* pointer to DMA safe state buffer */
u64 len;
u64 processed;
- u8 cache[HASH_CACHE_SIZE] __aligned(sizeof(u32));
+ u8 *cache; /* pointer to DMA safe cache buffer */
dma_addr_t cache_dma;
unsigned int cache_sz;
u8 cache_next[HASH_CACHE_SIZE] __aligned(sizeof(u32));
+
+ /* this is where the DMA buffers for state & cache end up */
+ u8 dma_buf_area[];
};
static inline u64 safexcel_queued_len(struct safexcel_ahash_req *req)
@@ -613,7 +617,6 @@ static int safexcel_ahash_send(struct crypto_async_request
*async,
ret = safexcel_ahash_send_inv(async, ring, commands, results);
else
ret = safexcel_ahash_send_req(async, ring, commands, results);
-
return ret;
}
@@ -889,6 +892,25 @@ static int safexcel_ahash_export(struct ahash_request
*areq, void *out)
return 0;
}
+static void safexcel_hash_req_init(struct safexcel_ahash_req *req,
+ int req_align)
+{
+ memset(req, 0, sizeof(*req));
+
+ /*
+* put cache buffer at first cacheline aligned address at end of
+* struct safexcel_ahash_req
+*/
+ req->cache = (u8 *)__ALIGN_MASK((uintptr_t)req->dma_buf_area,
+ (uintptr_t)req_align);
+ /*
+* put state buffer at first cacheline aligned address behind
+* the cache buffer
+*/
+ req->state = (__le32 *)__ALIGN_MASK((uintptr_t)req->cache +
+ HASH_CACHE_SIZE,
(uintptr_t)req_align);
+}
+
static int safexcel_ahash_import(struct ahash_request *areq, const void *in)
{
struct safexcel_ahash_req *req = ahash_request_ctx(areq);
@@ -921,9 +943,20 @@ static int safexcel_ahash_cra_init(struct crypto_tfm *tfm)
ctx->base.send = safexcel_ahash_send;
ctx->base.handle_result = safexcel_handle_result;
ctx->fb_do_setkey = false;
+ ctx->req_align = cache_line_size() - 1;
+
+ /*
+* compute how many bytes we need, worst case, to store cache
+* aligned buffers for cache and state, padding to the next
+* cacheline as well to avoid anything else ending up there
+*/
+ ctx->extra_req_bytes = ctx->req_align; /* worst case to next line */
+ ctx->extra_req_bytes += __ALIGN_MASK(SHA3_512_BLOCK_SIZE,
ctx->req_align);
+ ctx->extra_req_bytes += __ALIGN_MASK(HASH_CACHE_SIZE, ctx->req_align);
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
-sizeof(struct safexcel_ahash_req));
+sizeof(struct safexcel_ahash_req) +
+ctx->extra_req_bytes);
return 0;
}
@@ -932,7 +965,7 @@ static int safexcel_sha1_init(struct ahash_request *areq)
struct safexcel_ahash_ctx *ctx =
crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
struct safexcel_ahash_req *req = ahash_request_ctx(areq);
- memset(req, 0, sizeof(*req));
+ safexcel_hash_
[PATCH] crypto: inside-secure - Prevent missing of processing errors
On systems with coherence issues, packet processed could succeed while it should have failed, e.g. because of an authentication fail. This is because the driver would read stale status information that had all error bits initialised to zero = no error. Since this is potential a security risk, we want to prevent it from being a possibility at all. So initialize all error bits to error state, so that reading stale status information will always result in errors. Signed-off-by: Pascal van Leeuwen --- drivers/crypto/inside-secure/safexcel_ring.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/inside-secure/safexcel_ring.c b/drivers/crypto/inside-secure/safexcel_ring.c index e454c3d..90f1503 100644 --- a/drivers/crypto/inside-secure/safexcel_ring.c +++ b/drivers/crypto/inside-secure/safexcel_ring.c @@ -236,8 +236,8 @@ struct safexcel_result_desc *safexcel_add_rdesc(struct safexcel_crypto_priv *pri rdesc->particle_size = len; rdesc->rsvd0 = 0; - rdesc->descriptor_overflow = 0; - rdesc->buffer_overflow = 0; + rdesc->descriptor_overflow = 1; /* assume error */ + rdesc->buffer_overflow = 1; /* assume error */ rdesc->last_seg = last; rdesc->first_seg = first; rdesc->result_size = EIP197_RD64_RESULT_SIZE; @@ -245,9 +245,10 @@ struct safexcel_result_desc *safexcel_add_rdesc(struct safexcel_crypto_priv *pri rdesc->data_lo = lower_32_bits(data); rdesc->data_hi = upper_32_bits(data); - /* Clear length & error code in result token */ + /* Clear length in result token */ rtoken->packet_length = 0; - rtoken->error_code = 0; + /* Assume errors - HW will clear if not the case */ + rtoken->error_code = 0x7fff; return rdesc; } -- 1.8.3.1
[PATCH] crypto: inside-secure - Add support for EIP197 with output classifier
This patch adds support for EIP197 instances that include the output
classifier (OCE) option, as used by one of our biggest customers.
The OCE normally requires initialization and dedicated firmware, but
for the simple operations supported by this driver, we just bypass it
completely for now (using what is formally a debug feature).
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 44 ++---
drivers/crypto/inside-secure/safexcel.h | 13 ++
2 files changed, 54 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index fa7398e..eb241845 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -304,6 +304,11 @@ static void eip197_init_firmware(struct
safexcel_crypto_priv *priv)
/* Enable access to all IFPP program memories */
writel(EIP197_PE_ICE_RAM_CTRL_FPP_PROG_EN,
EIP197_PE(priv) + EIP197_PE_ICE_RAM_CTRL(pe));
+
+ /* bypass the OCE, if present */
+ if (priv->flags & EIP197_OCE)
+ writel(EIP197_DEBUG_OCE_BYPASS, EIP197_PE(priv) +
+ EIP197_PE_DEBUG(pe));
}
}
@@ -1495,6 +1500,9 @@ static int safexcel_probe_generic(void *pdev,
hwopt = readl(EIP197_GLOBAL(priv) + EIP197_OPTIONS);
hiaopt = readl(EIP197_HIA_AIC(priv) + EIP197_HIA_OPTIONS);
+ priv->hwconfig.icever = 0;
+ priv->hwconfig.ocever = 0;
+ priv->hwconfig.psever = 0;
if (priv->flags & SAFEXCEL_HW_EIP197) {
/* EIP197 */
peopt = readl(EIP197_PE(priv) + EIP197_PE_OPTIONS(0));
@@ -1513,8 +1521,37 @@ static int safexcel_probe_generic(void *pdev,
EIP197_N_RINGS_MASK;
if (hiaopt & EIP197_HIA_OPT_HAS_PE_ARB)
priv->flags |= EIP197_PE_ARB;
- if (EIP206_OPT_ICE_TYPE(peopt) == 1)
+ if (EIP206_OPT_ICE_TYPE(peopt) == 1) {
priv->flags |= EIP197_ICE;
+ /* Detect ICE EIP207 class. engine and version */
+ version = readl(EIP197_PE(priv) +
+ EIP197_PE_ICE_VERSION(0));
+ if (EIP197_REG_LO16(version) != EIP207_VERSION_LE) {
+ dev_err(dev, "EIP%d: ICE EIP207 not
detected.\n",
+ peid);
+ return -ENODEV;
+ }
+ priv->hwconfig.icever = EIP197_VERSION_MASK(version);
+ }
+ if (EIP206_OPT_OCE_TYPE(peopt) == 1) {
+ priv->flags |= EIP197_OCE;
+ /* Detect EIP96PP packet stream editor and version */
+ version = readl(EIP197_PE(priv) +
EIP197_PE_PSE_VERSION(0));
+ if (EIP197_REG_LO16(version) != EIP96_VERSION_LE) {
+ dev_err(dev, "EIP%d: EIP96PP not detected.\n",
peid);
+ return -ENODEV;
+ }
+ priv->hwconfig.psever = EIP197_VERSION_MASK(version);
+ /* Detect OCE EIP207 class. engine and version */
+ version = readl(EIP197_PE(priv) +
+ EIP197_PE_ICE_VERSION(0));
+ if (EIP197_REG_LO16(version) != EIP207_VERSION_LE) {
+ dev_err(dev, "EIP%d: OCE EIP207 not
detected.\n",
+ peid);
+ return -ENODEV;
+ }
+ priv->hwconfig.ocever = EIP197_VERSION_MASK(version);
+ }
/* If not a full TRC, then assume simple TRC */
if (!(hwopt & EIP197_OPT_HAS_TRC))
priv->flags |= EIP197_SIMPLE_TRC;
@@ -1552,13 +1589,14 @@ static int safexcel_probe_generic(void *pdev,
EIP197_PE_EIP96_OPTIONS(0));
/* Print single info line describing what we just detected */
- dev_info(priv->dev,
"EIP%d:%x(%d,%d,%d,%d)-HIA:%x(%d,%d,%d),PE:%x/%x,alg:%08x\n",
+ dev_info(priv->dev,
"EIP%d:%x(%d,%d,%d,%d)-HIA:%x(%d,%d,%d),PE:%x/%x(alg:%08x)/%x/%x/%x\n",
peid, priv->hwconfig.hwver, hwctg, priv->hwconfig.hwnumpes,
priv->hwconfig.hwnumrings, priv->hwconfig.hwnumraic,
priv->hwconfig.hiaver, priv->hwconfig.hwdataw,
priv->hwconfig.hwcfsize, priv->hwconfig.hwrfsize,
priv->hwconfig.ppver, priv->hwconfig.pever,
-priv->hwconfig.
[PATCH 2/4] crypto: inside-secure - Added AES-CFB support
This patch adds support for AES in 128 bit cipher feedback mode (AES-CFB).
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 2 ++
drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++
3 files changed, 39 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 46cdcbe..3196cb3 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -981,6 +981,7 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
&safexcel_alg_cbc_des3_ede,
&safexcel_alg_ecb_aes,
&safexcel_alg_cbc_aes,
+ &safexcel_alg_cfb_aes,
&safexcel_alg_ctr_aes,
&safexcel_alg_md5,
&safexcel_alg_sha1,
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index c6f93ec..6f781ed 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -336,6 +336,7 @@ struct safexcel_context_record {
/* control1 */
#define CONTEXT_CONTROL_CRYPTO_MODE_ECB(0 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CBC(1 << 0)
+#define CONTEXT_CONTROL_CRYPTO_MODE_CFB(5 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD (6 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XTS(7 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XCM((6 << 0) | BIT(17))
@@ -767,6 +768,7 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_cbc_des3_ede;
extern struct safexcel_alg_template safexcel_alg_ecb_aes;
extern struct safexcel_alg_template safexcel_alg_cbc_aes;
+extern struct safexcel_alg_template safexcel_alg_cfb_aes;
extern struct safexcel_alg_template safexcel_alg_ctr_aes;
extern struct safexcel_alg_template safexcel_alg_md5;
extern struct safexcel_alg_template safexcel_alg_sha1;
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 6f088b4..2a7d51b 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -1142,6 +1142,42 @@ struct safexcel_alg_template safexcel_alg_cbc_aes = {
},
};
+static int safexcel_skcipher_aes_cfb_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_skcipher_cra_init(tfm);
+ ctx->alg = SAFEXCEL_AES;
+ ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CFB;
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_cfb_aes = {
+ .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+ .algo_mask = SAFEXCEL_ALG_AES | SAFEXCEL_ALG_AES_XFB,
+ .alg.skcipher = {
+ .setkey = safexcel_skcipher_aes_setkey,
+ .encrypt = safexcel_encrypt,
+ .decrypt = safexcel_decrypt,
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+ .ivsize = AES_BLOCK_SIZE,
+ .base = {
+ .cra_name = "cfb(aes)",
+ .cra_driver_name = "safexcel-cfb-aes",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = 1,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_skcipher_aes_cfb_cra_init,
+ .cra_exit = safexcel_skcipher_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
static int safexcel_skcipher_aesctr_setkey(struct crypto_skcipher *ctfm,
const u8 *key, unsigned int len)
{
--
1.8.3.1
[PATCH 3/3] crypto: inside-secure - Added support for the AES-CMAC ahash
This patch adds support for the AES-CMAC authentication algorithm.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_hash.c | 99
3 files changed, 101 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index bc8bd69..2e421f6 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1012,6 +1012,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_crc32,
&safexcel_alg_cbcmac,
&safexcel_alg_xcbcmac,
+ &safexcel_alg_cmac,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 809d8d0..d76a4fa 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -809,5 +809,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_crc32;
extern struct safexcel_alg_template safexcel_alg_cbcmac;
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
+extern struct safexcel_alg_template safexcel_alg_cmac;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 6576430..0224779 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -2122,3 +2122,102 @@ struct safexcel_alg_template safexcel_alg_xcbcmac = {
},
},
};
+
+static int safexcel_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int len)
+{
+ struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
+ struct crypto_aes_ctx aes;
+ __be64 consts[4];
+ u64 _const[2];
+ u8 msb_mask, gfmask;
+ int ret, i;
+
+ ret = aes_expandkey(&aes, key, len);
+ if (ret) {
+ crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return ret;
+ }
+
+ for (i = 0; i < len / sizeof(u32); i++)
+ ctx->ipad[i + 8] = cpu_to_be32(aes.key_enc[i]);
+
+ /* precompute the CMAC key material */
+ crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
+ crypto_cipher_set_flags(ctx->kaes, crypto_ahash_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ ret = crypto_cipher_setkey(ctx->kaes, key, len);
+ crypto_ahash_set_flags(tfm, crypto_cipher_get_flags(ctx->kaes) &
+ CRYPTO_TFM_RES_MASK);
+ if (ret)
+ return ret;
+
+ /* code below borrowed from crypto/cmac.c */
+ /* encrypt the zero block */
+ memset(consts, 0, AES_BLOCK_SIZE);
+ crypto_cipher_encrypt_one(ctx->kaes, (u8 *)consts, (u8 *)consts);
+
+ gfmask = 0x87;
+ _const[0] = be64_to_cpu(consts[1]);
+ _const[1] = be64_to_cpu(consts[0]);
+
+ /* gf(2^128) multiply zero-ciphertext with u and u^2 */
+ for (i = 0; i < 4; i += 2) {
+ msb_mask = ((s64)_const[1] >> 63) & gfmask;
+ _const[1] = (_const[1] << 1) | (_const[0] >> 63);
+ _const[0] = (_const[0] << 1) ^ msb_mask;
+
+ consts[i + 0] = cpu_to_be64(_const[1]);
+ consts[i + 1] = cpu_to_be64(_const[0]);
+ }
+ /* end of code borrowed from crypto/cmac.c */
+
+ for (i = 0; i < 2 * AES_BLOCK_SIZE / sizeof(u32); i++)
+ ctx->ipad[i] = cpu_to_be32(((u32 *)consts)[i]);
+
+ if (len == AES_KEYSIZE_192) {
+ ctx->alg= CONTEXT_CONTROL_CRYPTO_ALG_XCBC192;
+ ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
+ } else if (len == AES_KEYSIZE_256) {
+ ctx->alg= CONTEXT_CONTROL_CRYPTO_ALG_XCBC256;
+ ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
+ } else {
+ ctx->alg= CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
+ ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;
+ }
+ ctx->cbcmac = false;
+
+ memzero_explicit(&aes, sizeof(aes));
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_cmac = {
+ .type = SAFEXCEL_ALG_TYPE_AHASH,
+ .algo_mask = 0,
+ .alg.ahash = {
+ .init = safexcel_cbcmac_init,
+ .update = safexcel_ahash_update,
+ .final = safexcel_ahash_final,
+ .finup = safexcel_ahash_finup,
+ .digest = safexcel_cbcmac_digest,
+ .setkey = safexcel_cmac_setkey,
+ .export = safexcel_ahash_export,
+
[PATCH 1/3] crypto: inside-secure - Added support for the AES CBCMAC ahash
This patch adds support for the AES-CBCMAC authentication algorithm.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_hash.c | 235 ++-
3 files changed, 196 insertions(+), 41 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 02851b9..898a6b0 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1010,6 +1010,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_gcm,
&safexcel_alg_ccm,
&safexcel_alg_crc32,
+ &safexcel_alg_cbcmac,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index bb98c93..ff91141 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -807,5 +807,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_gcm;
extern struct safexcel_alg_template safexcel_alg_ccm;
extern struct safexcel_alg_template safexcel_alg_crc32;
+extern struct safexcel_alg_template safexcel_alg_cbcmac;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 9d1e8cf..8df4fdc 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -5,6 +5,7 @@
* Antoine Tenart
*/
+#include
#include
#include
#include
@@ -19,6 +20,7 @@ struct safexcel_ahash_ctx {
struct safexcel_crypto_priv *priv;
u32 alg;
+ u8 key_sz;
u32 ipad[SHA512_DIGEST_SIZE / sizeof(u32)];
u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
@@ -31,6 +33,8 @@ struct safexcel_ahash_req {
bool needs_inv;
bool hmac_zlen;
bool len_is_le;
+ bool not_first;
+ bool xcbcmac;
int nents;
dma_addr_t result_dma;
@@ -57,21 +61,31 @@ static inline u64 safexcel_queued_len(struct
safexcel_ahash_req *req)
}
static void safexcel_hash_token(struct safexcel_command_desc *cdesc,
- u32 input_length, u32 result_length)
+ u32 input_length, u32 result_length,
+ bool xcbcmac)
{
struct safexcel_token *token =
(struct safexcel_token *)cdesc->control_data.token;
token[0].opcode = EIP197_TOKEN_OPCODE_DIRECTION;
token[0].packet_length = input_length;
- token[0].stat = EIP197_TOKEN_STAT_LAST_HASH;
token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH;
- token[1].opcode = EIP197_TOKEN_OPCODE_INSERT;
- token[1].packet_length = result_length;
- token[1].stat = EIP197_TOKEN_STAT_LAST_HASH |
+ input_length &= 15;
+ if (unlikely(xcbcmac && input_length)) {
+ token[1].opcode = EIP197_TOKEN_OPCODE_INSERT;
+ token[1].packet_length = 16 - input_length;
+ token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;
+ token[1].instructions = EIP197_TOKEN_INS_TYPE_HASH;
+ } else {
+ token[0].stat = EIP197_TOKEN_STAT_LAST_HASH;
+ }
+
+ token[2].opcode = EIP197_TOKEN_OPCODE_INSERT;
+ token[2].stat = EIP197_TOKEN_STAT_LAST_HASH |
EIP197_TOKEN_STAT_LAST_PACKET;
- token[1].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT |
+ token[2].packet_length = result_length;
+ token[2].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT |
EIP197_TOKEN_INS_INSERT_HASH_DIGEST;
}
@@ -90,29 +104,40 @@ static void safexcel_context_control(struct
safexcel_ahash_ctx *ctx,
* descriptor.
*/
if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM)) {
- ctx->base.ctxr->data[0] = req->state[0];
-
- cdesc->control_data.control0 |= req->digest |
- CONTEXT_CONTROL_TYPE_HASH_OUT |
- CONTEXT_CONTROL_SIZE(4);
+ if (req->xcbcmac)
+ memcpy(ctx->base.ctxr->data, ctx->ipad, ctx->key_sz);
+ else
+ memcpy(ctx->base.ctxr->data, req->state, req->state_sz);
+ if (!req->finish && req->xcbcmac)
+ cdesc->control_data.control0 |=
+ CONTEXT_CONTROL_DIGEST_XCM |
+ CONTEXT_CONTROL_TYPE_HASH_OUT |
+ CONTEXT_CONTROL_NO_FINISH_HASH |
+ CONTEXT_CONTROL_SIZE(req->state_sz /
+
[PATCH 0/3] crypto: inside-secure - Add support for the CBCMAC
This patchset adds support for the (AES) CBCMAC family of authentication algorithms: AES-CBCMAC, AES-XCBCMAC and AES-MAC It has been verified with a Xilinx PCIE FPGA board as well as the Marvell Armada A8K based Macchiatobin development board. Pascal van Leeuwen (3): crypto: inside-secure - Added support for the AES CBCMAC ahash crypto: inside-secure - Added support for the AES XCBC ahash crypto: inside-secure - Added support for the AES-CMAC ahash drivers/crypto/inside-secure/safexcel.c | 3 + drivers/crypto/inside-secure/safexcel.h | 3 + drivers/crypto/inside-secure/safexcel_hash.c | 462 --- 3 files changed, 427 insertions(+), 41 deletions(-) -- 1.8.3.1
[PATCH 2/3] crypto: inside-secure - Added support for the AES XCBC ahash
This patch adds support for the AES XCBC authentication algorithm
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_hash.c | 136 ++-
3 files changed, 134 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 898a6b0..bc8bd69 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1011,6 +1011,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_ccm,
&safexcel_alg_crc32,
&safexcel_alg_cbcmac,
+ &safexcel_alg_xcbcmac,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index ff91141..809d8d0 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -808,5 +808,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_ccm;
extern struct safexcel_alg_template safexcel_alg_crc32;
extern struct safexcel_alg_template safexcel_alg_cbcmac;
+extern struct safexcel_alg_template safexcel_alg_xcbcmac;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 8df4fdc..6576430 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -9,6 +9,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -21,9 +22,12 @@ struct safexcel_ahash_ctx {
u32 alg;
u8 key_sz;
+ bool cbcmac;
u32 ipad[SHA512_DIGEST_SIZE / sizeof(u32)];
u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
+
+ struct crypto_cipher *kaes;
};
struct safexcel_ahash_req {
@@ -62,7 +66,7 @@ static inline u64 safexcel_queued_len(struct
safexcel_ahash_req *req)
static void safexcel_hash_token(struct safexcel_command_desc *cdesc,
u32 input_length, u32 result_length,
- bool xcbcmac)
+ bool cbcmac)
{
struct safexcel_token *token =
(struct safexcel_token *)cdesc->control_data.token;
@@ -72,7 +76,7 @@ static void safexcel_hash_token(struct safexcel_command_desc
*cdesc,
token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH;
input_length &= 15;
- if (unlikely(xcbcmac && input_length)) {
+ if (unlikely(cbcmac && input_length)) {
token[1].opcode = EIP197_TOKEN_OPCODE_INSERT;
token[1].packet_length = 16 - input_length;
token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;
@@ -354,6 +358,15 @@ static int safexcel_ahash_send_req(struct
crypto_async_request *async, int ring,
}
extra -= skip;
memset(req->cache + cache_len + skip, 0, extra);
+ if (!ctx->cbcmac && extra) {
+ // 10- padding for XCBCMAC & CMAC
+ req->cache[cache_len + skip] = 0x80;
+ // HW will use K2 iso K3 - compensate!
+ for (i = 0; i < AES_BLOCK_SIZE / sizeof(u32);
i++)
+ ((u32 *)req->cache)[i] ^=
+ cpu_to_be32(ctx->ipad[i]) ^
+ cpu_to_be32(ctx->ipad[i + 4]);
+ }
cache_len = AES_BLOCK_SIZE;
queued = queued + extra;
}
@@ -435,7 +448,7 @@ static int safexcel_ahash_send_req(struct
crypto_async_request *async, int ring,
/* Add the token. Note that the XCBC result is only 1 AES block. */
res_sz = req->xcbcmac ? AES_BLOCK_SIZE : req->state_sz;
- safexcel_hash_token(first_cdesc, len, res_sz, req->xcbcmac);
+ safexcel_hash_token(first_cdesc, len, res_sz, ctx->cbcmac);
req->result_dma = dma_map_single(priv->dev, req->state, req->state_sz,
DMA_FROM_DEVICE);
@@ -771,11 +784,22 @@ static int safexcel_ahash_final(struct ahash_request
*areq)
/* Zero length CRC32 */
memcpy(areq->result, ctx->ipad, sizeof(u32));
return 0;
- } else if (unlikely(req->xcbcmac && req->len == AES_BLOCK_SIZE &&
+ } else if (unlikely(ctx->cbcmac && req->len == AES_BLOCK_SIZE &&
!areq->nbytes)) {
/* Zero length CBC MAC */
RE: [PATCH v2 -next] crypto: inside-secure - Fix build error without CONFIG_PCI
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org
> On Behalf Of
> YueHaibing
> Sent: Tuesday, September 3, 2019 3:45 AM
> To: antoine.ten...@bootlin.com; herb...@gondor.apana.org.au;
> da...@davemloft.net;
> pvanleeu...@insidesecure.com
> Cc: linux-crypto@vger.kernel.org; linux-ker...@vger.kernel.org; YueHaibing
>
> Subject: [PATCH v2 -next] crypto: inside-secure - Fix build error without
> CONFIG_PCI
>
> If CONFIG_PCI is not set, building fails:
>
> rivers/crypto/inside-secure/safexcel.c: In function safexcel_request_ring_irq:
> drivers/crypto/inside-secure/safexcel.c:944:9: error: implicit declaration of
> function
> pci_irq_vector;
> did you mean rcu_irq_enter? [-Werror=implicit-function-declaration]
>irq = pci_irq_vector(pci_pdev, irqid);
> ^~
>
> Use #ifdef block to guard this.
>
Actually, this is interesting. My *original* implementation was using
straight #ifdefs, but then I got review feedback stating that I should not
do that, as it's not compile testable, suggesting to use regular C if's
instead. Then there was quite some back-and-forth on the actual
implementation and I ended up with this.
So now it turns out that doesn't work and I'm suggested to go full-circle
back to straight #ifdef's? Or is there some other way to make this work?
Because I don't know where to go from here ...
> Fixes: 625f269a5a7a ("crypto: inside-secure - add support for PCI based FPGA
> development
> board")
> Signed-off-by: YueHaibing
> ---
> v2: use 'ifdef' instead of 'IS_ENABLED'
> ---
> drivers/crypto/inside-secure/safexcel.c | 13 ++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-
> secure/safexcel.c
> index e12a2a3..5253900 100644
> --- a/drivers/crypto/inside-secure/safexcel.c
> +++ b/drivers/crypto/inside-secure/safexcel.c
> @@ -937,7 +937,8 @@ static int safexcel_request_ring_irq(void *pdev, int
> irqid,
> int ret, irq;
> struct device *dev;
>
> - if (IS_ENABLED(CONFIG_PCI) && is_pci_dev) {
> +#ifdef CONFIG_PCI
> + if (is_pci_dev) {
> struct pci_dev *pci_pdev = pdev;
>
> dev = &pci_pdev->dev;
> @@ -947,7 +948,10 @@ static int safexcel_request_ring_irq(void *pdev, int
> irqid,
> irqid, irq);
> return irq;
> }
> - } else if (IS_ENABLED(CONFIG_OF)) {
> + } else
> +#endif
> + {
> +#ifdef CONFIG_OF
> struct platform_device *plf_pdev = pdev;
> char irq_name[6] = {0}; /* "ringX\0" */
>
> @@ -960,6 +964,7 @@ static int safexcel_request_ring_irq(void *pdev, int
> irqid,
> irq_name, irq);
> return irq;
> }
> +#endif
> }
>
> ret = devm_request_threaded_irq(dev, irq, handler,
> @@ -1137,7 +1142,8 @@ static int safexcel_probe_generic(void *pdev,
>
> safexcel_configure(priv);
>
> - if (IS_ENABLED(CONFIG_PCI) && priv->version == EIP197_DEVBRD) {
> +#ifdef CONFIG_PCI
> + if (priv->version == EIP197_DEVBRD) {
> /*
>* Request MSI vectors for global + 1 per ring -
> * or just 1 for older dev images
> @@ -1153,6 +1159,7 @@ static int safexcel_probe_generic(void *pdev,
> return ret;
> }
> }
> +#endif
>
> /* Register the ring IRQ handlers and configure the rings */
> priv->ring = devm_kcalloc(dev, priv->config.rings,
> --
> 2.7.4
>
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
RE: [PATCH v2 -next] crypto: inside-secure - Fix build error without CONFIG_PCI
> -Original Message-
> From: Ard Biesheuvel
> Sent: Wednesday, September 4, 2019 2:11 PM
> To: Pascal Van Leeuwen
> Cc: YueHaibing ; antoine.ten...@bootlin.com;
> herb...@gondor.apana.org.au; da...@davemloft.net;
> pvanleeu...@insidesecure.com; linux-
> cry...@vger.kernel.org; linux-ker...@vger.kernel.org
> Subject: Re: [PATCH v2 -next] crypto: inside-secure - Fix build error without
> CONFIG_PCI
>
> On Wed, 4 Sep 2019 at 04:57, Pascal Van Leeuwen
> wrote:
> >
> >
> > > -Original Message-
> > > From: linux-crypto-ow...@vger.kernel.org
> > > On
> Behalf Of
> > > YueHaibing
> > > Sent: Tuesday, September 3, 2019 3:45 AM
> > > To: antoine.ten...@bootlin.com; herb...@gondor.apana.org.au;
> > > da...@davemloft.net;
> > > pvanleeu...@insidesecure.com
> > > Cc: linux-crypto@vger.kernel.org; linux-ker...@vger.kernel.org; YueHaibing
> > >
> > > Subject: [PATCH v2 -next] crypto: inside-secure - Fix build error without
> > > CONFIG_PCI
> > >
> > > If CONFIG_PCI is not set, building fails:
> > >
> > > rivers/crypto/inside-secure/safexcel.c: In function
> > > safexcel_request_ring_irq:
> > > drivers/crypto/inside-secure/safexcel.c:944:9: error: implicit
> > > declaration of function
> > > pci_irq_vector;
> > > did you mean rcu_irq_enter? [-Werror=implicit-function-declaration]
> > >irq = pci_irq_vector(pci_pdev, irqid);
> > > ^~
> > >
> > > Use #ifdef block to guard this.
> > >
> > Actually, this is interesting. My *original* implementation was using
> > straight #ifdefs, but then I got review feedback stating that I should not
> > do that, as it's not compile testable, suggesting to use regular C if's
> > instead. Then there was quite some back-and-forth on the actual
> > implementation and I ended up with this.
> >
> > So now it turns out that doesn't work and I'm suggested to go full-circle
> > back to straight #ifdef's? Or is there some other way to make this work?
> > Because I don't know where to go from here ...
> >
>
>
> C conditionals are preferred over preprocessor conditional, but if the
> conditional code refers to symbols that are not declared when the
> Kconfig symbol is not defined, preprocessor conditionals are the only
> option.
>
Sure, I get that. But I *had* the #ifdef's and then other people told me
to get rid of them. How is one supposed to know when which symbols are
declared exactly? Moreover, I feel that if #ifdef's are sometimes the
only way, then you should be careful providing feedback on the subject.
> This is the reason we have so many empty static inline functions in
> header files - it ensures that the symbols are declared even if the
> only invocations are from dead code.
>
This ties back into my previous question: how am I supposed to know whether
stuff is nicely covered by these empty static inlines or not? If this
happens to be a hit-and-miss affair.
Note that I tested the code with the 2 platforms at my disposal - actually
the only 2 relevant platforms for this driver, if you ask me - and they
both compiled just fine, so I had no way of finding this "problem" myself.
>
> > > Fixes: 625f269a5a7a ("crypto: inside-secure - add support for PCI based
> > > FPGA
> development
> > > board")
> > > Signed-off-by: YueHaibing
> > > ---
> > > v2: use 'ifdef' instead of 'IS_ENABLED'
> > > ---
> > > drivers/crypto/inside-secure/safexcel.c | 13 ++---
> > > 1 file changed, 10 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/drivers/crypto/inside-secure/safexcel.c
> > > b/drivers/crypto/inside-
> > > secure/safexcel.c
> > > index e12a2a3..5253900 100644
> > > --- a/drivers/crypto/inside-secure/safexcel.c
> > > +++ b/drivers/crypto/inside-secure/safexcel.c
> > > @@ -937,7 +937,8 @@ static int safexcel_request_ring_irq(void *pdev, int
> > > irqid,
> > > int ret, irq;
> > > struct device *dev;
> > >
> > > - if (IS_ENABLED(CONFIG_PCI) && is_pci_dev) {
> > > +#ifdef CONFIG_PCI
> > > + if (is_pci_dev) {
> > > struct pci_dev *pci_pdev = pdev;
> > >
> > > dev = &pci_pdev->dev;
> > > @@ -947,7 +948,10 @@ static int safexcel_request_ring_irq(void *pdev, int
> > > irqid,
> > > irqid, irq);
> > >
RE: [PATCH v2 -next] crypto: inside-secure - Fix build error without CONFIG_PCI
> -Original Message- > From: Ard Biesheuvel > Sent: Wednesday, September 4, 2019 2:27 PM > To: Pascal Van Leeuwen > Cc: YueHaibing ; antoine.ten...@bootlin.com; > herb...@gondor.apana.org.au; da...@davemloft.net; > pvanleeu...@insidesecure.com; linux- > cry...@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: Re: [PATCH v2 -next] crypto: inside-secure - Fix build error without > CONFIG_PCI > > On Wed, 4 Sep 2019 at 05:25, Pascal Van Leeuwen > wrote: > > > > > -Original Message- > > > From: Ard Biesheuvel > > > Sent: Wednesday, September 4, 2019 2:11 PM > > > To: Pascal Van Leeuwen > > > Cc: YueHaibing ; antoine.ten...@bootlin.com; > > > herb...@gondor.apana.org.au; da...@davemloft.net; > > > pvanleeu...@insidesecure.com; linux- > > > cry...@vger.kernel.org; linux-ker...@vger.kernel.org > > > Subject: Re: [PATCH v2 -next] crypto: inside-secure - Fix build error > > > without > CONFIG_PCI > > > > > > On Wed, 4 Sep 2019 at 04:57, Pascal Van Leeuwen > > > wrote: > > > > > > > > > > > > > -Original Message- > > > > > From: linux-crypto-ow...@vger.kernel.org > > > > > On > > > Behalf Of > > > > > YueHaibing > > > > > Sent: Tuesday, September 3, 2019 3:45 AM > > > > > To: antoine.ten...@bootlin.com; herb...@gondor.apana.org.au; > > > > > da...@davemloft.net; > > > > > pvanleeu...@insidesecure.com > > > > > Cc: linux-crypto@vger.kernel.org; linux-ker...@vger.kernel.org; > > > > > YueHaibing > > > > > > > > > > Subject: [PATCH v2 -next] crypto: inside-secure - Fix build error > > > > > without > CONFIG_PCI > > > > > > > > > > If CONFIG_PCI is not set, building fails: > > > > > > > > > > rivers/crypto/inside-secure/safexcel.c: In function > > > > > safexcel_request_ring_irq: > > > > > drivers/crypto/inside-secure/safexcel.c:944:9: error: implicit > > > > > declaration of > function > > > > > pci_irq_vector; > > > > > did you mean rcu_irq_enter? [-Werror=implicit-function-declaration] > > > > >irq = pci_irq_vector(pci_pdev, irqid); > > > > > ^~ > > > > > > > > > > Use #ifdef block to guard this. > > > > > > > > > Actually, this is interesting. My *original* implementation was using > > > > straight #ifdefs, but then I got review feedback stating that I should > > > > not > > > > do that, as it's not compile testable, suggesting to use regular C if's > > > > instead. Then there was quite some back-and-forth on the actual > > > > implementation and I ended up with this. > > > > > > > > So now it turns out that doesn't work and I'm suggested to go > > > > full-circle > > > > back to straight #ifdef's? Or is there some other way to make this work? > > > > Because I don't know where to go from here ... > > > > > > > > > > > > > C conditionals are preferred over preprocessor conditional, but if the > > > conditional code refers to symbols that are not declared when the > > > Kconfig symbol is not defined, preprocessor conditionals are the only > > > option. > > > > > Sure, I get that. But I *had* the #ifdef's and then other people told me > > to get rid of them. How is one supposed to know when which symbols are > > declared exactly? Moreover, I feel that if #ifdef's are sometimes the > > only way, then you should be careful providing feedback on the subject. > > > > If you compile your code with and without the Kconfig symbol defined, > the compiler will tell you if there is a problem or not. > Probably. Maybe. I don't know much about configuring Linux kernels (I'm just happy with working configs provided to me) so I don't know what problems that might give (beyond those in my own code). Actually, I assumed the Macchiatobin config did not have PCI (as Antoine asked me to ifdef that stuff out IIRC), so there was no incentive for me to try explictly. But it turns out the Macchiatobin config has PCI after all. Which makes me wonder what the point of #ifdef'ing out the PCI stuff is in the first place, considering there is no use case for this driver that I know of that does not have PCI support in the kernel. But I guess in that
RE: [PATCH v2 -next] crypto: inside-secure - Fix build error without CONFIG_PCI
So, with that patch you ONLY get a warning on that unused int rc, right? I do understand that one, that should have been inside an #ifdef as well. Everybody happy if I just fix that and leave the rest as is? Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com > -Original Message- > From: Herbert Xu > Sent: Wednesday, September 4, 2019 2:32 PM > To: Ard Biesheuvel > Cc: Pascal Van Leeuwen ; YueHaibing > ; > antoine.ten...@bootlin.com; da...@davemloft.net; > pvanleeu...@insidesecure.com; linux- > cry...@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: Re: [PATCH v2 -next] crypto: inside-secure - Fix build error without > CONFIG_PCI > > On Wed, Sep 04, 2019 at 05:27:19AM -0700, Ard Biesheuvel wrote: > > > > Did you try disabling CONFIG_PCI? > > Indeed. Even with my patch if you compile with CONFIG_PCI you still > get a warning: > > CC [M] drivers/crypto/inside-secure/safexcel.o > ../drivers/crypto/inside-secure/safexcel.c: In function > \u2018safexcel_init\u2019: > ../drivers/crypto/inside-secure/safexcel.c:1506:6: warning: unused variable > \u2018rc\u2019 > [-Wunused-variable] > int rc; > ^~ > > We should fix that in inside-secure. > > Thanks, > -- > Email: Herbert Xu > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[PATCH] crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n
This patch fixes an unused variable warning from the compiler when the
driver is being compiled without PCI support in the kernel.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index e12a2a3..0f1a9dc 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1503,7 +1503,9 @@ void safexcel_pci_remove(struct pci_dev *pdev)
static int __init safexcel_init(void)
{
+#if IS_ENABLED(CONFIG_PCI)
int rc;
+#endif
#if IS_ENABLED(CONFIG_OF)
/* Register platform driver */
--
1.8.3.1
RE: [PATCH] crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n
> -Original Message-
> From: Herbert Xu
> Sent: Thursday, September 5, 2019 3:04 PM
> To: Pascal van Leeuwen
> Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com;
> da...@davemloft.net;
> Pascal Van Leeuwen
> Subject: Re: [PATCH] crypto: inside-secure - Fix unused variable warning when
> CONFIG_PCI=n
>
> On Thu, Sep 05, 2019 at 08:01:13AM +0200, Pascal van Leeuwen wrote:
> > This patch fixes an unused variable warning from the compiler when the
> > driver is being compiled without PCI support in the kernel.
> >
> > Signed-off-by: Pascal van Leeuwen
> > ---
> > drivers/crypto/inside-secure/safexcel.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/crypto/inside-secure/safexcel.c
> > b/drivers/crypto/inside-
> secure/safexcel.c
> > index e12a2a3..0f1a9dc 100644
> > --- a/drivers/crypto/inside-secure/safexcel.c
> > +++ b/drivers/crypto/inside-secure/safexcel.c
> > @@ -1503,7 +1503,9 @@ void safexcel_pci_remove(struct pci_dev *pdev)
> >
> > static int __init safexcel_init(void)
> > {
> > +#if IS_ENABLED(CONFIG_PCI)
> > int rc;
> > +#endif
> >
> > #if IS_ENABLED(CONFIG_OF)
> > /* Register platform driver */
>
> Shouldn't you check for errors for CONFIG_OF too?
>
You are correct, the platform_driver_register can also return an error
code. So just fixing the compile warning was a bit short-sighted on my
behalf.
I'll redo that patch.
> Thanks,
> --
> Email: Herbert Xu
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
RE: [PATCH] crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n
> -Original Message-
> From: Herbert Xu
> Sent: Thursday, September 5, 2019 3:59 PM
> To: Pascal Van Leeuwen
> Cc: Pascal van Leeuwen ; linux-crypto@vger.kernel.org;
> antoine.ten...@bootlin.com; da...@davemloft.net
> Subject: Re: [PATCH] crypto: inside-secure - Fix unused variable warning when
> CONFIG_PCI=n
>
> On Thu, Sep 05, 2019 at 01:55:54PM +, Pascal Van Leeuwen wrote:
> >
> > > > index e12a2a3..0f1a9dc 100644
> > > > --- a/drivers/crypto/inside-secure/safexcel.c
> > > > +++ b/drivers/crypto/inside-secure/safexcel.c
> > > > @@ -1503,7 +1503,9 @@ void safexcel_pci_remove(struct pci_dev *pdev)
> > > >
> > > > static int __init safexcel_init(void)
> > > > {
> > > > +#if IS_ENABLED(CONFIG_PCI)
> > > > int rc;
> > > > +#endif
> > > >
> > > > #if IS_ENABLED(CONFIG_OF)
> > > > /* Register platform driver */
> > >
> > > Shouldn't you check for errors for CONFIG_OF too?
> >
> > You are correct, the platform_driver_register can also return an error
> > code. So just fixing the compile warning was a bit short-sighted on my
> > behalf.
> >
> > I'll redo that patch.
>
> While you're at it, please fix the strange indentation in that
> function too.
>
Deja vu. I already did a while ago. Git rebase throwing in curve balls?
Anyway, I'll take care of it ...
> Thanks,
> --
> Email: Herbert Xu
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
[PATCHv2] crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n
This patch fixes an unused variable warning from the compiler when the
driver is being compiled without PCI support in the kernel.
changes since v1:
- capture the platform_register_driver error code as well
- actually return the (last) error code
- swapped registration to do PCI first as that's just for development
boards anyway, so in case both are done we want the platform error
or no error at all if that passes
- also fixes some indentation issue in the affected code
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index e12a2a3..2331b31 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1505,29 +1505,29 @@ static int __init safexcel_init(void)
{
int rc;
-#if IS_ENABLED(CONFIG_OF)
- /* Register platform driver */
- platform_driver_register(&crypto_safexcel);
+#if IS_ENABLED(CONFIG_PCI)
+ /* Register PCI driver */
+ rc = pci_register_driver(&safexcel_pci_driver);
#endif
-#if IS_ENABLED(CONFIG_PCI)
- /* Register PCI driver */
- rc = pci_register_driver(&safexcel_pci_driver);
+#if IS_ENABLED(CONFIG_OF)
+ /* Register platform driver */
+ rc = platform_driver_register(&crypto_safexcel);
#endif
- return 0;
+ return rc;
}
static void __exit safexcel_exit(void)
{
#if IS_ENABLED(CONFIG_OF)
- /* Unregister platform driver */
- platform_driver_unregister(&crypto_safexcel);
+ /* Unregister platform driver */
+ platform_driver_unregister(&crypto_safexcel);
#endif
#if IS_ENABLED(CONFIG_PCI)
- /* Unregister PCI driver if successfully registered before */
- pci_unregister_driver(&safexcel_pci_driver);
+ /* Unregister PCI driver if successfully registered before */
+ pci_unregister_driver(&safexcel_pci_driver);
#endif
}
--
1.8.3.1
RE: [PATCHv2] crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org
> On Behalf
> Of Herbert Xu
> Sent: Friday, September 6, 2019 2:19 PM
> To: Pascal van Leeuwen
> Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com;
> da...@davemloft.net;
> Pascal Van Leeuwen ; Bjorn Helgaas
>
> Subject: Re: [PATCHv2] crypto: inside-secure - Fix unused variable warning
> when
> CONFIG_PCI=n
>
> On Fri, Sep 06, 2019 at 10:07:23AM +0200, Pascal van Leeuwen wrote:
> >
> > diff --git a/drivers/crypto/inside-secure/safexcel.c
> > b/drivers/crypto/inside-
> secure/safexcel.c
> > index e12a2a3..2331b31 100644
> > --- a/drivers/crypto/inside-secure/safexcel.c
> > +++ b/drivers/crypto/inside-secure/safexcel.c
> > @@ -1505,29 +1505,29 @@ static int __init safexcel_init(void)
> > {
> > int rc;
> >
> > -#if IS_ENABLED(CONFIG_OF)
> > - /* Register platform driver */
> > - platform_driver_register(&crypto_safexcel);
> > +#if IS_ENABLED(CONFIG_PCI)
> > + /* Register PCI driver */
> > + rc = pci_register_driver(&safexcel_pci_driver);
> > #endif
> >
> > -#if IS_ENABLED(CONFIG_PCI)
> > - /* Register PCI driver */
> > - rc = pci_register_driver(&safexcel_pci_driver);
> > +#if IS_ENABLED(CONFIG_OF)
> > + /* Register platform driver */
> > + rc = platform_driver_register(&crypto_safexcel);
> > #endif
> >
> > - return 0;
> > + return rc;
> > }
>
> According to the Kconfig it is theoretically possible for both
> PCI and OF to be off (with COMPILE_TEST enabled). So you should
> add an rc = 0 at the top.
>
Ok
> You also need to check rc after each registration and abort if
> an error is detected. After the second step, aborting would
> also require unwinding the first step.
>
I explicitly DON'T want to abort if the PCI registration fails,
since that may be irrelevant if the OF registration passes AND
the device actually happens to be Device Tree.
So not checking the result value is on purpose here.
> So something like:
>
> int rc = 0;
>
> #if IS_ENABLED(CONFIG_PCI)
> /* Register PCI driver */
> rc = pci_register_driver(&safexcel_pci_driver);
> #endif
> if (rc)
> goto out;
>
> #if IS_ENABLED(CONFIG_OF)
> /* Register platform driver */
> rc = platform_driver_register(&crypto_safexcel);
> #endif
> if (rc)
> goto undo_pci;
>
> undo_pci:
> #if IS_ENABLED(CONFIG_PCI)
> pci_unregister_driver(&safexcel_pci_driver);
> #endif
> out:
> return rc;
>
> As you can see, these ifdefs get out-of-control pretty quickly.
> In fact, we can remove all the CONFIG_PCI ifdefs by adding just
> one more stub function in pci.h for pcim_enable_device.
>
I'm fine with that, too. I did not want these ifdef's in the first
place, I was asked to put them in.
> Thanks,
> --
> Email: Herbert Xu
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
RE: [PATCHv2] crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n
> -Original Message- > From: Herbert Xu > Sent: Friday, September 6, 2019 3:05 PM > To: Pascal Van Leeuwen > Cc: Pascal van Leeuwen ; linux-crypto@vger.kernel.org; > antoine.ten...@bootlin.com; da...@davemloft.net; Bjorn Helgaas > > Subject: Re: [PATCHv2] crypto: inside-secure - Fix unused variable warning > when > CONFIG_PCI=n > > On Fri, Sep 06, 2019 at 01:01:19PM +, Pascal Van Leeuwen wrote: > > > > I explicitly DON'T want to abort if the PCI registration fails, > > since that may be irrelevant if the OF registration passes AND > > the device actually happens to be Device Tree. > > So not checking the result value is on purpose here. > > Well if you want to support that you'll need to remember whether > PCI registration succeeded or not before unregistering it in the > exit function. > Hmmm, actually I was assuming those unregister calls to be effective nops if no matching register succeeded previously. Like free() is a NOP if you pass it a null pointr. If that is not the case, then I indeed need to remember which call(s) passed, such that I only unregister those. But since the exit() function does not take any parameters, I don't see any way of doing that without using some global variable ... > Cheers, > -- > Email: Herbert Xu > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
[PATCH 0/6] crypto: inside-secure - Add supp. for non-Marvell HW
This patchset adds support for non-Marvell hardware, probing the HW configuration directly from the HW itself instead of making assumptions based on specific Marvell instances and applying appropriate settings. This should get most EIP97/EIP197 instances out there up and running, albeit not always with optimal settings yet. Still to be done: - support for EIP197 HW with 256 bit internal bus width - optimize settings for newer versions of the HW This was tested with both the Macchiatobin board, "similar to Marvell" HW on the Xilinx VCU118 devboard and a eip197c-iesb HW3.1 on the Xilinx VCU118 devboard. Pascal van Leeuwen (6): crypto: inside-secure - Add EIP97/EIP197 and endianness detection crypto: inside-secure: Corrected configuration of EIP96_TOKEN_CTRL crypto: inside-secure - Enable extended algorithms on newer HW crypto: inside-secure - Base CD fetchcount on actual CD FIFO size crypto: inside-secure - Base RD fetchcount on actual RD FIFO size crypto: inside-secure - Probe transform record cache RAM sizes drivers/crypto/inside-secure/safexcel.c | 459 drivers/crypto/inside-secure/safexcel.h | 78 -- 2 files changed, 418 insertions(+), 119 deletions(-) -- 1.8.3.1
[PATCH 2/6] crypto: inside-secure: Corrected configuration of EIP96_TOKEN_CTRL
This patch corrects the configuration of the EIP197_PE_EIP96_TOKEN_CTRL register. Previous value was wrong and potentially dangerous. Signed-off-by: Pascal van Leeuwen --- drivers/crypto/inside-secure/safexcel.c | 4 ++-- drivers/crypto/inside-secure/safexcel.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c index 7a37c40..d699827 100644 --- a/drivers/crypto/inside-secure/safexcel.c +++ b/drivers/crypto/inside-secure/safexcel.c @@ -498,8 +498,8 @@ static int safexcel_hw_init(struct safexcel_crypto_priv *priv) /* Token & context configuration */ val = EIP197_PE_EIP96_TOKEN_CTRL_CTX_UPDATES | - EIP197_PE_EIP96_TOKEN_CTRL_REUSE_CTX | - EIP197_PE_EIP96_TOKEN_CTRL_POST_REUSE_CTX; + EIP197_PE_EIP96_TOKEN_CTRL_NO_TOKEN_WAIT | + EIP197_PE_EIP96_TOKEN_CTRL_ENABLE_TIMEOUT; writel(val, EIP197_PE(priv) + EIP197_PE_EIP96_TOKEN_CTRL(pe)); /* H/W capabilities selection: just enable everything */ diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h index e4da706..10a96dc 100644 --- a/drivers/crypto/inside-secure/safexcel.h +++ b/drivers/crypto/inside-secure/safexcel.h @@ -296,8 +296,8 @@ /* EIP197_PE_EIP96_TOKEN_CTRL */ #define EIP197_PE_EIP96_TOKEN_CTRL_CTX_UPDATES BIT(16) -#define EIP197_PE_EIP96_TOKEN_CTRL_REUSE_CTX BIT(19) -#define EIP197_PE_EIP96_TOKEN_CTRL_POST_REUSE_CTX BIT(20) +#define EIP197_PE_EIP96_TOKEN_CTRL_NO_TOKEN_WAIT BIT(17) +#define EIP197_PE_EIP96_TOKEN_CTRL_ENABLE_TIMEOUT BIT(22) /* EIP197_PE_EIP96_FUNCTION_EN */ #define EIP197_FUNCTION_ALL0x -- 1.8.3.1
[PATCH 6/6] crypto: inside-secure - Probe transform record cache RAM sizes
This patch actually probes the transform record cache data and
administration RAM sizes, instead of making assumptions, and then
configures the TRC based on the actually probed values.
This allows the driver to work with EIP197 HW that has TRC RAM
sizes different from those of the Marvell EIP197B/D variants.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 229 ++--
drivers/crypto/inside-secure/safexcel.h | 21 +--
2 files changed, 200 insertions(+), 50 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index a607786..a34bf8c 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -28,63 +28,205 @@
module_param(max_rings, uint, 0644);
MODULE_PARM_DESC(max_rings, "Maximum number of rings to use.");
-static void eip197_trc_cache_init(struct safexcel_crypto_priv *priv)
+static void eip197_trc_cache_setupvirt(struct safexcel_crypto_priv *priv)
{
- u32 val, htable_offset;
- int i, cs_rc_max, cs_ht_wc, cs_trc_rec_wc, cs_trc_lg_rec_wc;
-
- if (priv->version == EIP197D_MRVL) {
- cs_rc_max = EIP197D_CS_RC_MAX;
- cs_ht_wc = EIP197D_CS_HT_WC;
- cs_trc_rec_wc = EIP197D_CS_TRC_REC_WC;
- cs_trc_lg_rec_wc = EIP197D_CS_TRC_LG_REC_WC;
- } else {
- /* Default to minimum "safe" settings */
- cs_rc_max = EIP197B_CS_RC_MAX;
- cs_ht_wc = EIP197B_CS_HT_WC;
- cs_trc_rec_wc = EIP197B_CS_TRC_REC_WC;
- cs_trc_lg_rec_wc = EIP197B_CS_TRC_LG_REC_WC;
+ int i;
+
+ /*
+* Map all interfaces/rings to register index 0
+* so they can share contexts. Without this, the EIP197 will
+* assume each interface/ring to be in its own memory domain
+* i.e. have its own subset of UNIQUE memory addresses.
+* Which would cause records with the SAME memory address to
+* use DIFFERENT cache buffers, causing both poor cache utilization
+* AND serious coherence/invalidation issues.
+*/
+ for (i = 0; i < 4; i++)
+ writel(0, priv->base + EIP197_FLUE_IFC_LUT(i));
+
+ /*
+* Initialize other virtualization regs for cache
+* These may not be in their reset state ...
+*/
+ for (i = 0; i < priv->config.rings; i++) {
+ writel(0, priv->base + EIP197_FLUE_CACHEBASE_LO(i));
+ writel(0, priv->base + EIP197_FLUE_CACHEBASE_HI(i));
+ writel(EIP197_FLUE_CONFIG_MAGIC,
+ priv->base + EIP197_FLUE_CONFIG(i));
}
+ writel(0, priv->base + EIP197_FLUE_OFFSETS);
+ writel(0, priv->base + EIP197_FLUE_ARC4_OFFSET);
+}
- /* Enable the record cache memory access */
- val = readl(priv->base + EIP197_CS_RAM_CTRL);
- val &= ~EIP197_TRC_ENABLE_MASK;
- val |= EIP197_TRC_ENABLE_0;
- writel(val, priv->base + EIP197_CS_RAM_CTRL);
+static void eip197_trc_cache_banksel(struct safexcel_crypto_priv *priv,
+u32 addrmid, int *actbank)
+{
+ u32 val;
+ int curbank;
+
+ curbank = addrmid >> 16;
+ if (curbank != *actbank) {
+ val = readl(priv->base + EIP197_CS_RAM_CTRL);
+ val = (val & ~EIP197_CS_BANKSEL_MASK) |
+ (curbank << EIP197_CS_BANKSEL_OFS);
+ writel(val, priv->base + EIP197_CS_RAM_CTRL);
+ *actbank = curbank;
+ }
+}
- /* Clear all ECC errors */
- writel(0, priv->base + EIP197_TRC_ECCCTRL);
+static u32 eip197_trc_cache_probe(struct safexcel_crypto_priv *priv,
+ int maxbanks, u32 probemask)
+{
+ u32 val, addrhi, addrlo, addrmid;
+ int actbank;
/*
-* Make sure the cache memory is accessible by taking record cache into
-* reset.
+* And probe the actual size of the physically attached cache data RAM
+* Using a binary subdivision algorithm downto 32 byte cache lines.
*/
- val = readl(priv->base + EIP197_TRC_PARAMS);
- val |= EIP197_TRC_PARAMS_SW_RESET;
- val &= ~EIP197_TRC_PARAMS_DATA_ACCESS;
- writel(val, priv->base + EIP197_TRC_PARAMS);
+ addrhi = 1 << (16 + maxbanks);
+ addrlo = 0;
+ actbank = min(maxbanks - 1, 0);
+ while ((addrhi - addrlo) > 32) {
+ /* write marker to lowest address in top half */
+ addrmid = (addrhi + addrlo) >> 1;
+ eip197_trc_cache_banksel(priv, addrmid, &actbank);
+ writel((addrmid | (addrlo << 16)) & probemask,
+ priv->base + EIP197_CLASSIFICATION_RAMS +
+ (addrmid & 0x));
+
[PATCH 4/6] crypto: inside-secure - Base CD fetchcount on actual CD FIFO size
This patch derives the command descriptor fetch count from the actual
FIFO size advertised by the hardware. Fetching command descriptors
one at a time is a performance bottleneck for small blocks, especially
on hardware with multiple pipes. Even moreso if the HW has few rings.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 47 ++---
drivers/crypto/inside-secure/safexcel.h | 11
2 files changed, 48 insertions(+), 10 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index d9b927b..9384491 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -310,13 +310,22 @@ static int eip197_load_firmwares(struct
safexcel_crypto_priv *priv)
static int safexcel_hw_setup_cdesc_rings(struct safexcel_crypto_priv *priv)
{
u32 hdw, cd_size_rnd, val;
- int i;
+ int i, cd_fetch_cnt;
- hdw = readl(EIP197_HIA_AIC_G(priv) + EIP197_HIA_OPTIONS);
- hdw &= GENMASK(27, 25);
- hdw >>= 25;
-
- cd_size_rnd = (priv->config.cd_size + (BIT(hdw) - 1)) >> hdw;
+ cd_size_rnd = (priv->config.cd_size +
+ (BIT(priv->hwconfig.hwdataw) - 1)) >>
+ priv->hwconfig.hwdataw;
+ /* determine number of CD's we can fetch into the CD FIFO as 1 block */
+ if (priv->flags & SAFEXCEL_HW_EIP197) {
+ /* EIP197: try to fetch enough in 1 go to keep all pipes busy */
+ cd_fetch_cnt = (1 << priv->hwconfig.hwcfsize) / cd_size_rnd;
+ cd_fetch_cnt = min_t(uint, cd_fetch_cnt,
+(priv->config.pes * EIP197_FETCH_DEPTH));
+ } else {
+ /* for the EIP97, just fetch all that fits minus 1 */
+ cd_fetch_cnt = ((1 << priv->hwconfig.hwcfsize) /
+ cd_size_rnd) - 1;
+ }
for (i = 0; i < priv->config.rings; i++) {
/* ring base address */
@@ -328,8 +337,8 @@ static int safexcel_hw_setup_cdesc_rings(struct
safexcel_crypto_priv *priv)
writel(EIP197_xDR_DESC_MODE_64BIT | (priv->config.cd_offset <<
16) |
priv->config.cd_size,
EIP197_HIA_CDR(priv, i) + EIP197_HIA_xDR_DESC_SIZE);
- writel(((EIP197_FETCH_COUNT * (cd_size_rnd << hdw)) << 16) |
- (EIP197_FETCH_COUNT * priv->config.cd_offset),
+ writel(((cd_fetch_cnt * (cd_size_rnd << hdw)) << 16) |
+ (cd_fetch_cnt * priv->config.cd_offset),
EIP197_HIA_CDR(priv, i) + EIP197_HIA_xDR_CFG);
/* Configure DMA tx control */
@@ -1146,7 +1155,7 @@ static int safexcel_probe_generic(void *pdev,
int is_pci_dev)
{
struct device *dev = priv->dev;
- u32 peid, version, mask, val;
+ u32 peid, version, mask, val, hiaopt;
int i, ret, hwctg;
priv->context_pool = dmam_pool_create("safexcel-context", dev,
@@ -1230,13 +1239,31 @@ static int safexcel_probe_generic(void *pdev,
}
priv->hwconfig.pever = EIP197_VERSION_MASK(version);
+ hiaopt = readl(EIP197_HIA_AIC(priv) + EIP197_HIA_OPTIONS);
+
+ if (priv->flags & SAFEXCEL_HW_EIP197) {
+ /* EIP197 */
+ priv->hwconfig.hwdataw = (hiaopt >> EIP197_HWDATAW_OFFSET) &
+ EIP197_HWDATAW_MASK;
+ priv->hwconfig.hwcfsize = ((hiaopt >> EIP197_CFSIZE_OFFSET) &
+ EIP197_CFSIZE_MASK) +
+ EIP197_CFSIZE_ADJUST;
+ } else {
+ /* EIP97 */
+ priv->hwconfig.hwdataw = (hiaopt >> EIP197_HWDATAW_OFFSET) &
+ EIP97_HWDATAW_MASK;
+ priv->hwconfig.hwcfsize = (hiaopt >> EIP97_CFSIZE_OFFSET) &
+ EIP97_CFSIZE_MASK;
+ }
+
/* Get supported algorithms from EIP96 transform engine */
priv->hwconfig.algo_flags = readl(EIP197_PE(priv) +
EIP197_PE_EIP96_OPTIONS(0));
/* Print single info line describing what we just detected */
- dev_info(priv->dev, "EIP%d:%x(%d)-HIA:%x,PE:%x,alg:%08x\n", peid,
+ dev_info(priv->dev, "EIP%d:%x(%d)-HIA:%x(%d,%d),PE:%x,alg:%08x\n", peid,
priv->hwconfig.hwver, hwctg, priv->hwconfig.hiaver,
+priv->hwconfig.hwdataw, priv->hwconfig.hwcfsize,
priv->hwconfig.pever, priv->hwconfig.algo_flags);
safexcel_configure(priv);
diff --git a/drivers/c
[PATCH 5/6] crypto: inside-secure - Base RD fetchcount on actual RD FIFO size
This patch derives the result descriptor fetch count from the actual
FIFO size advertised by the hardware. Fetching result descriptors
one at a time is a performance bottleneck for small blocks, especially
on hardware with multiple pipes. Even moreso if the HW has few rings.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 37 +++--
drivers/crypto/inside-secure/safexcel.h | 15 -
2 files changed, 40 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 9384491..a607786 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -357,13 +357,22 @@ static int safexcel_hw_setup_cdesc_rings(struct
safexcel_crypto_priv *priv)
static int safexcel_hw_setup_rdesc_rings(struct safexcel_crypto_priv *priv)
{
u32 hdw, rd_size_rnd, val;
- int i;
-
- hdw = readl(EIP197_HIA_AIC_G(priv) + EIP197_HIA_OPTIONS);
- hdw &= GENMASK(27, 25);
- hdw >>= 25;
+ int i, rd_fetch_cnt;
- rd_size_rnd = (priv->config.rd_size + (BIT(hdw) - 1)) >> hdw;
+ /* determine number of RD's we can fetch into the FIFO as one block */
+ rd_size_rnd = (EIP197_RD64_FETCH_SIZE +
+ BIT(priv->hwconfig.hwdataw) - 1) >>
+ priv->hwconfig.hwdataw;
+ if (priv->flags & SAFEXCEL_HW_EIP197) {
+ /* EIP197: try to fetch enough in 1 go to keep all pipes busy */
+ rd_fetch_cnt = (1 << priv->hwconfig.hwrfsize) / rd_size_rnd;
+ rd_fetch_cnt = min_t(uint, rd_fetch_cnt,
+(priv->config.pes * EIP197_FETCH_DEPTH));
+ } else {
+ /* for the EIP97, just fetch all that fits minus 1 */
+ rd_fetch_cnt = ((1 << priv->hwconfig.hwrfsize) /
+ rd_size_rnd) - 1;
+ }
for (i = 0; i < priv->config.rings; i++) {
/* ring base address */
@@ -376,8 +385,8 @@ static int safexcel_hw_setup_rdesc_rings(struct
safexcel_crypto_priv *priv)
priv->config.rd_size,
EIP197_HIA_RDR(priv, i) + EIP197_HIA_xDR_DESC_SIZE);
- writel(((EIP197_FETCH_COUNT * (rd_size_rnd << hdw)) << 16) |
- (EIP197_FETCH_COUNT * priv->config.rd_offset),
+ writel(((rd_fetch_cnt * (rd_size_rnd << hdw)) << 16) |
+ (rd_fetch_cnt * priv->config.rd_offset),
EIP197_HIA_RDR(priv, i) + EIP197_HIA_xDR_CFG);
/* Configure DMA tx control */
@@ -1248,12 +1257,17 @@ static int safexcel_probe_generic(void *pdev,
priv->hwconfig.hwcfsize = ((hiaopt >> EIP197_CFSIZE_OFFSET) &
EIP197_CFSIZE_MASK) +
EIP197_CFSIZE_ADJUST;
+ priv->hwconfig.hwrfsize = ((hiaopt >> EIP197_RFSIZE_OFFSET) &
+ EIP197_RFSIZE_MASK) +
+ EIP197_RFSIZE_ADJUST;
} else {
/* EIP97 */
priv->hwconfig.hwdataw = (hiaopt >> EIP197_HWDATAW_OFFSET) &
EIP97_HWDATAW_MASK;
priv->hwconfig.hwcfsize = (hiaopt >> EIP97_CFSIZE_OFFSET) &
EIP97_CFSIZE_MASK;
+ priv->hwconfig.hwrfsize = (hiaopt >> EIP97_RFSIZE_OFFSET) &
+ EIP97_RFSIZE_MASK;
}
/* Get supported algorithms from EIP96 transform engine */
@@ -1261,10 +1275,11 @@ static int safexcel_probe_generic(void *pdev,
EIP197_PE_EIP96_OPTIONS(0));
/* Print single info line describing what we just detected */
- dev_info(priv->dev, "EIP%d:%x(%d)-HIA:%x(%d,%d),PE:%x,alg:%08x\n", peid,
-priv->hwconfig.hwver, hwctg, priv->hwconfig.hiaver,
+ dev_info(priv->dev, "EIP%d:%x(%d)-HIA:%x(%d,%d,%d),PE:%x,alg:%08x\n",
+peid, priv->hwconfig.hwver, hwctg, priv->hwconfig.hiaver,
priv->hwconfig.hwdataw, priv->hwconfig.hwcfsize,
-priv->hwconfig.pever, priv->hwconfig.algo_flags);
+priv->hwconfig.hwrfsize, priv->hwconfig.pever,
+priv->hwconfig.algo_flags);
safexcel_configure(priv);
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index e01aa70..19049f1 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -30,7 +30,6 @@
#define EIP197_DEFAULT_RING_SIZE
[PATCH 3/6] crypto: inside-secure - Enable extended algorithms on newer HW
This patch enables algorithms that did not fit the original 32 bit FUNCTION_EN register anymore via the FUNCTION2_EN extension reg. Signed-off-by: Pascal van Leeuwen --- drivers/crypto/inside-secure/safexcel.c | 2 ++ drivers/crypto/inside-secure/safexcel.h | 1 + 2 files changed, 3 insertions(+) diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c index d699827..d9b927b 100644 --- a/drivers/crypto/inside-secure/safexcel.c +++ b/drivers/crypto/inside-secure/safexcel.c @@ -505,6 +505,8 @@ static int safexcel_hw_init(struct safexcel_crypto_priv *priv) /* H/W capabilities selection: just enable everything */ writel(EIP197_FUNCTION_ALL, EIP197_PE(priv) + EIP197_PE_EIP96_FUNCTION_EN(pe)); + writel(EIP197_FUNCTION_ALL, + EIP197_PE(priv) + EIP197_PE_EIP96_FUNCTION2_EN(pe)); } /* Command Descriptor Rings prepare */ diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h index 10a96dc..e9bda97 100644 --- a/drivers/crypto/inside-secure/safexcel.h +++ b/drivers/crypto/inside-secure/safexcel.h @@ -157,6 +157,7 @@ #define EIP197_PE_EIP96_FUNCTION_EN(n) (0x1004 + (0x2000 * (n))) #define EIP197_PE_EIP96_CONTEXT_CTRL(n)(0x1008 + (0x2000 * (n))) #define EIP197_PE_EIP96_CONTEXT_STAT(n)(0x100c + (0x2000 * (n))) +#define EIP197_PE_EIP96_FUNCTION2_EN(n)(0x1030 + (0x2000 * (n))) #define EIP197_PE_EIP96_OPTIONS(n) (0x13f8 + (0x2000 * (n))) #define EIP197_PE_EIP96_VERSION(n) (0x13fc + (0x2000 * (n))) #define EIP197_PE_OUT_DBUF_THRES(n)(0x1c00 + (0x2000 * (n))) -- 1.8.3.1
[PATCH 1/6] crypto: inside-secure - Add EIP97/EIP197 and endianness detection
This patch adds automatic EIP97/EIP197 detection, so it does not need to
rely on any static value from the device table anymore. In particular,
the static value from the table won't work for PCI devboards that cannot
be further identified save from this direct hardware probing.
The patch also adds automatic host xs endianness detection & correction.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 154 ++--
drivers/crypto/inside-secure/safexcel.h | 26 +-
2 files changed, 130 insertions(+), 50 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 2fdb188..7a37c40 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -393,29 +393,21 @@ static int safexcel_hw_setup_rdesc_rings(struct
safexcel_crypto_priv *priv)
static int safexcel_hw_init(struct safexcel_crypto_priv *priv)
{
- u32 version, val;
+ u32 val;
int i, ret, pe;
dev_dbg(priv->dev, "HW init: using %d pipe(s) and %d ring(s)\n",
priv->config.pes, priv->config.rings);
- /* Determine endianess and configure byte swap */
- version = readl(EIP197_HIA_AIC(priv) + EIP197_HIA_VERSION);
- val = readl(EIP197_HIA_AIC(priv) + EIP197_HIA_MST_CTRL);
-
- if ((version & 0x) == EIP197_HIA_VERSION_BE)
- val |= EIP197_MST_CTRL_BYTE_SWAP;
- else if (((version >> 16) & 0x) == EIP197_HIA_VERSION_LE)
- val |= (EIP197_MST_CTRL_NO_BYTE_SWAP >> 24);
-
/*
* For EIP197's only set maximum number of TX commands to 2^5 = 32
* Skip for the EIP97 as it does not have this field.
*/
- if (priv->version != EIP97IES_MRVL)
+ if (priv->flags & SAFEXCEL_HW_EIP197) {
+ val = readl(EIP197_HIA_AIC(priv) + EIP197_HIA_MST_CTRL);
val |= EIP197_MST_CTRL_TX_MAX_CMD(5);
-
- writel(val, EIP197_HIA_AIC(priv) + EIP197_HIA_MST_CTRL);
+ writel(val, EIP197_HIA_AIC(priv) + EIP197_HIA_MST_CTRL);
+ }
/* Configure wr/rd cache values */
writel(EIP197_MST_CTRL_RD_CACHE(RD_CACHE_4BITS) |
@@ -438,7 +430,7 @@ static int safexcel_hw_init(struct safexcel_crypto_priv
*priv)
writel(EIP197_DxE_THR_CTRL_RESET_PE,
EIP197_HIA_DFE_THR(priv) + EIP197_HIA_DFE_THR_CTRL(pe));
- if (priv->version != EIP97IES_MRVL)
+ if (priv->flags & SAFEXCEL_HW_EIP197)
/* Reset HIA input interface arbiter (EIP197 only) */
writel(EIP197_HIA_RA_PE_CTRL_RESET,
EIP197_HIA_AIC(priv) +
EIP197_HIA_RA_PE_CTRL(pe));
@@ -464,7 +456,7 @@ static int safexcel_hw_init(struct safexcel_crypto_priv
*priv)
EIP197_PE_IN_xBUF_THRES_MAX(7),
EIP197_PE(priv) + EIP197_PE_IN_TBUF_THRES(pe));
- if (priv->version != EIP97IES_MRVL)
+ if (priv->flags & SAFEXCEL_HW_EIP197)
/* enable HIA input interface arbiter and rings */
writel(EIP197_HIA_RA_PE_CTRL_EN |
GENMASK(priv->config.rings - 1, 0),
@@ -490,7 +482,7 @@ static int safexcel_hw_init(struct safexcel_crypto_priv
*priv)
/* FIXME: instability issues can occur for EIP97 but disabling
* it impacts performance.
*/
- if (priv->version != EIP97IES_MRVL)
+ if (priv->flags & SAFEXCEL_HW_EIP197)
val |= EIP197_HIA_DSE_CFG_EN_SINGLE_WR;
writel(val, EIP197_HIA_DSE(priv) + EIP197_HIA_DSE_CFG(pe));
@@ -577,8 +569,9 @@ static int safexcel_hw_init(struct safexcel_crypto_priv
*priv)
/* Clear any HIA interrupt */
writel(GENMASK(30, 20), EIP197_HIA_AIC_G(priv) + EIP197_HIA_AIC_G_ACK);
- if (priv->version != EIP97IES_MRVL) {
+ if (priv->flags & SAFEXCEL_HW_EIP197) {
eip197_trc_cache_init(priv);
+ priv->flags |= EIP197_TRC_CACHE;
ret = eip197_load_firmwares(priv);
if (ret)
@@ -1087,12 +1080,12 @@ static void safexcel_configure(struct
safexcel_crypto_priv *priv)
val = readl(EIP197_HIA_AIC_G(priv) + EIP197_HIA_OPTIONS);
/* Read number of PEs from the engine */
- if (priv->version == EIP97IES_MRVL)
- /* Narrow field width for EIP97 type engine */
- mask = EIP97_N_PES_MASK;
- else
+ if (priv->flags & SAFEXCEL_HW_EIP197)
/* Wider field width for all EIP197 type engines */
mask = EIP197_N_PES_MASK;
+ else
+ /* Narrow field width for EIP97 type engine */
+ mask = E
RE: [PATCH 1/2] crypto: inside-secure - fix uninitialized-variable warning
> -Original Message-
> From: Arnd Bergmann
> Sent: Friday, September 6, 2019 5:22 PM
> To: Herbert Xu ; David S. Miller
> ;
> Antoine Tenart
> Cc: Arnd Bergmann ; Pascal Van Leeuwen
> ; Ard
> Biesheuvel ; Kees Cook ;
> linux-
> cry...@vger.kernel.org; linux-ker...@vger.kernel.org
> Subject: [PATCH 1/2] crypto: inside-secure - fix uninitialized-variable
> warning
>
> The addition of PCI support introduced multiple randconfig issues.
>
> - When PCI is disabled, some external functions are undeclared:
> drivers/crypto/inside-secure/safexcel.c:944:9: error: implicit declaration of
> function
> 'pci_irq_vector' [-Werror,-Wimplicit-function-declaration]
>
> - Also, in the same configuration, there is an uninitialized variable:
> drivers/crypto/inside-secure/safexcel.c:940:6: error: variable 'irq' is used
> uninitialized whenever 'if' condition is false
> [-Werror,-Wsometimes-uninitialized]
>
> - Finally, the driver fails to completely if both PCI and OF
> are disabled.
>
> Take care of all of the above by adding more checks for CONFIG_PCI
> and CONFIG_OF.
>
> Fixes: 625f269a5a7a ("crypto: inside-secure - add support for PCI based FPGA
> development
> board")
> Signed-off-by: Arnd Bergmann
> ---
> drivers/crypto/Kconfig | 2 +-
> drivers/crypto/inside-secure/safexcel.c | 8
> 2 files changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
> index 3c4361947f8d..048bc4b393ac 100644
> --- a/drivers/crypto/Kconfig
> +++ b/drivers/crypto/Kconfig
> @@ -719,7 +719,7 @@ source "drivers/crypto/stm32/Kconfig"
>
> config CRYPTO_DEV_SAFEXCEL
> tristate "Inside Secure's SafeXcel cryptographic engine driver"
> - depends on OF || PCI || COMPILE_TEST
> + depends on OF || PCI
>
This seems like it just ignores the problem by not allowing compile testing
anymore? Somehow that does not feel right ...
> select CRYPTO_LIB_AES
> select CRYPTO_AUTHENC
> select CRYPTO_BLKCIPHER
> diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-
> secure/safexcel.c
> index e12a2a3a5422..9c0bce77de14 100644
> --- a/drivers/crypto/inside-secure/safexcel.c
> +++ b/drivers/crypto/inside-secure/safexcel.c
> @@ -938,6 +938,7 @@ static int safexcel_request_ring_irq(void *pdev, int
> irqid,
> struct device *dev;
>
> if (IS_ENABLED(CONFIG_PCI) && is_pci_dev) {
> +#ifdef CONFIG_PCI
>
The whole point was NOT to use regular #ifdefs such that the code can
be compile tested without needing to switch configurations.
There is already a different solution in the works involving some empty
inline stubs for those pci routines, please see an earlier mail by Herbert
titled "PCI: Add stub pci_irq_vector and others".
> struct pci_dev *pci_pdev = pdev;
>
> dev = &pci_pdev->dev;
> @@ -947,6 +948,7 @@ static int safexcel_request_ring_irq(void *pdev, int
> irqid,
> irqid, irq);
> return irq;
> }
> +#endif
> } else if (IS_ENABLED(CONFIG_OF)) {
> struct platform_device *plf_pdev = pdev;
> char irq_name[6] = {0}; /* "ringX\0" */
> @@ -960,6 +962,8 @@ static int safexcel_request_ring_irq(void *pdev, int
> irqid,
> irq_name, irq);
> return irq;
> }
> + } else {
> + return -ENXIO;
> }
>
> ret = devm_request_threaded_irq(dev, irq, handler,
> @@ -1138,6 +1142,7 @@ static int safexcel_probe_generic(void *pdev,
> safexcel_configure(priv);
>
> if (IS_ENABLED(CONFIG_PCI) && priv->version == EIP197_DEVBRD) {
> +#ifdef CONFIG_PCI
> /*
>* Request MSI vectors for global + 1 per ring -
>* or just 1 for older dev images
> @@ -1152,6 +1157,7 @@ static int safexcel_probe_generic(void *pdev,
> dev_err(dev, "Failed to allocate PCI MSI interrupts\n");
> return ret;
> }
> +#endif
> }
>
> /* Register the ring IRQ handlers and configure the rings */
> @@ -1503,7 +1509,9 @@ static struct pci_driver safexcel_pci_driver = {
>
> static int __init safexcel_init(void)
> {
> +#ifdef CONFIG_PCI
> int rc;
> +#endif
>
I'm working on a fix for this part already, seems to involve a bit
more than just removing the int declaration ...
>
> #if IS_ENABLED(CONFIG_OF)
> /* Register platform driver */
> --
> 2.20.0
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
[PATCHv3] crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n
This patch fixes an unused variable warning from the compiler when the
driver is being compiled without PCI support in the kernel.
changes since v1:
- capture the platform_register_driver error code as well
- actually return the (last) error code
- swapped registration to do PCI first as that's just for development
boards anyway, so in case both are done we want the platform error
or no error at all if that passes
- also fixes some indentation issue in the affected code
changes since v2:
- handle the situation where both CONFIG_PCI and CONFIG_OF are undefined
by always returning a -EINVAL error
- only unregister PCI or OF if it was previously successfully registered
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 35 ++---
1 file changed, 24 insertions(+), 11 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index e12a2a3..925c90f 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1501,32 +1501,45 @@ void safexcel_pci_remove(struct pci_dev *pdev)
};
#endif
-static int __init safexcel_init(void)
-{
- int rc;
-
+/* Unfortunately, we have to resort to global variables here */
+#if IS_ENABLED(CONFIG_PCI)
+int pcireg_rc = -EINVAL; /* Default safe value */
+#endif
#if IS_ENABLED(CONFIG_OF)
- /* Register platform driver */
- platform_driver_register(&crypto_safexcel);
+int ofreg_rc = -EINVAL; /* Default safe value */
#endif
+static int __init safexcel_init(void)
+{
#if IS_ENABLED(CONFIG_PCI)
- /* Register PCI driver */
- rc = pci_register_driver(&safexcel_pci_driver);
+ /* Register PCI driver */
+ pcireg_rc = pci_register_driver(&safexcel_pci_driver);
#endif
- return 0;
+#if IS_ENABLED(CONFIG_OF)
+ /* Register platform driver */
+ ofreg_rc = platform_driver_register(&crypto_safexcel);
+ return ofreg_rc;
+#else
+ #if IS_ENABLED(CONFIG_PCI)
+ return pcireg_rc;
+ #else
+ return -EINVAL;
+ #endif
+#endif
}
static void __exit safexcel_exit(void)
{
#if IS_ENABLED(CONFIG_OF)
- /* Unregister platform driver */
+ /* Unregister platform driver */
+ if (!ofreg_rc)
platform_driver_unregister(&crypto_safexcel);
#endif
#if IS_ENABLED(CONFIG_PCI)
- /* Unregister PCI driver if successfully registered before */
+ /* Unregister PCI driver if successfully registered before */
+ if (!pcireg_rc)
pci_unregister_driver(&safexcel_pci_driver);
#endif
}
--
1.8.3.1
RE: [PATCH 1/2] crypto: inside-secure - fix uninitialized-variable warning
> -Original Message-
> From: Arnd Bergmann
> Sent: Friday, September 6, 2019 8:40 PM
> To: Pascal Van Leeuwen
> Cc: Herbert Xu ; David S. Miller
> ; Antoine
> Tenart ; Ard Biesheuvel
> ; Kees Cook
> ; linux-crypto@vger.kernel.org;
> linux-ker...@vger.kernel.org
> Subject: Re: [PATCH 1/2] crypto: inside-secure - fix uninitialized-variable
> warning
>
> On Fri, Sep 6, 2019 at 6:08 PM Pascal Van Leeuwen
> wrote:
>
> > >
> > > config CRYPTO_DEV_SAFEXCEL
> > > tristate "Inside Secure's SafeXcel cryptographic engine driver"
> > > - depends on OF || PCI || COMPILE_TEST
> > > + depends on OF || PCI
> > >
> >
> > This seems like it just ignores the problem by not allowing compile testing
> > anymore? Somehow that does not feel right ...
>
> No, it just ignores the uninteresting case. You can compile-test this on
> any architecture by turning on OF.
>
You are entirely correct. Because of the COMPILE_TEST it could be compiled
without either OF or PCI support, which makes no sense whatsoever ...
> > > select CRYPTO_LIB_AES
> > > select CRYPTO_AUTHENC
> > > select CRYPTO_BLKCIPHER
> > > diff --git a/drivers/crypto/inside-secure/safexcel.c
> > > b/drivers/crypto/inside-
> > > secure/safexcel.c
> > > index e12a2a3a5422..9c0bce77de14 100644
> > > --- a/drivers/crypto/inside-secure/safexcel.c
> > > +++ b/drivers/crypto/inside-secure/safexcel.c
> > > @@ -938,6 +938,7 @@ static int safexcel_request_ring_irq(void *pdev, int
> > > irqid,
> > > struct device *dev;
> > >
> > > if (IS_ENABLED(CONFIG_PCI) && is_pci_dev) {
> > > +#ifdef CONFIG_PCI
> > >
> >
> > The whole point was NOT to use regular #ifdefs such that the code can
> > be compile tested without needing to switch configurations.
> > There is already a different solution in the works involving some empty
> > inline stubs for those pci routines, please see an earlier mail by Herbert
> > titled "PCI: Add stub pci_irq_vector and others".
>
> Ah, good. That should take care of most of the problems. I think
> we still need the Kconfig change, unless the safexcel_init()
> function is also changed to use if(IS_ENABLED()) checks
> instead of #if.
>
> Arnd
>
Yes, I agree.
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
RE: [PATCH 0/3] crypto: inside-secure - Add support for the CBCMAC
> -Original Message- > From: linux-crypto-ow...@vger.kernel.org > On Behalf > Of Herbert Xu > Sent: Monday, September 9, 2019 9:38 AM > To: Pascal van Leeuwen > Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com; > da...@davemloft.net; > Pascal Van Leeuwen > Subject: Re: [PATCH 0/3] crypto: inside-secure - Add support for the CBCMAC > > On Wed, Sep 04, 2019 at 09:36:45AM +0200, Pascal van Leeuwen wrote: > > This patchset adds support for the (AES) CBCMAC family of authentication > > algorithms: AES-CBCMAC, AES-XCBCMAC and AES-MAC > > It has been verified with a Xilinx PCIE FPGA board as well as the Marvell > > Armada A8K based Macchiatobin development board. > > > > Pascal van Leeuwen (3): > > crypto: inside-secure - Added support for the AES CBCMAC ahash > > crypto: inside-secure - Added support for the AES XCBC ahash > > crypto: inside-secure - Added support for the AES-CMAC ahash > > > > drivers/crypto/inside-secure/safexcel.c | 3 + > > drivers/crypto/inside-secure/safexcel.h | 3 + > > drivers/crypto/inside-secure/safexcel_hash.c | 462 > > --- > > 3 files changed, 427 insertions(+), 41 deletions(-) > > This does not apply against cryptodev. > Grml, looks like I forgot to include the previous commit. My bad, will send a fixed v2 shortly ... > Cheers, > -- > Email: Herbert Xu > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
RE: [PATCH 0/3] crypto: inside-secure - Add support for the CBCMAC
> -Original Message- > From: linux-crypto-ow...@vger.kernel.org > On Behalf > Of Pascal Van Leeuwen > Sent: Monday, September 9, 2019 12:38 PM > To: Herbert Xu ; Pascal van Leeuwen > > Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com; > da...@davemloft.net > Subject: RE: [PATCH 0/3] crypto: inside-secure - Add support for the CBCMAC > > > -Original Message- > > From: linux-crypto-ow...@vger.kernel.org > > On > Behalf > > Of Herbert Xu > > Sent: Monday, September 9, 2019 9:38 AM > > To: Pascal van Leeuwen > > Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com; > > da...@davemloft.net; > > Pascal Van Leeuwen > > Subject: Re: [PATCH 0/3] crypto: inside-secure - Add support for the CBCMAC > > > > On Wed, Sep 04, 2019 at 09:36:45AM +0200, Pascal van Leeuwen wrote: > > > This patchset adds support for the (AES) CBCMAC family of authentication > > > algorithms: AES-CBCMAC, AES-XCBCMAC and AES-MAC > > > It has been verified with a Xilinx PCIE FPGA board as well as the Marvell > > > Armada A8K based Macchiatobin development board. > > > > > > Pascal van Leeuwen (3): > > > crypto: inside-secure - Added support for the AES CBCMAC ahash > > > crypto: inside-secure - Added support for the AES XCBC ahash > > > crypto: inside-secure - Added support for the AES-CMAC ahash > > > > > > drivers/crypto/inside-secure/safexcel.c | 3 + > > > drivers/crypto/inside-secure/safexcel.h | 3 + > > > drivers/crypto/inside-secure/safexcel_hash.c | 462 > > > --- > > > 3 files changed, 427 insertions(+), 41 deletions(-) > > > > This does not apply against cryptodev. > > > Grml, looks like I forgot to include the previous commit. > My bad, will send a fixed v2 shortly ... > Actually, I'm wondering what would be the best approach here: 1) include the CRC32 support into a v2 of this patchset 2) provide the CRC32 support as a seperate, standalone patch to be applied prior to this patchset Since CRC32 has very little to do with the CBCMAC family, I would think option 2) makes the most sense. So my suggestion would be to supply the CRC32 patch and then resubmit this patchset unmodified. Would that be OK? > > Cheers, > > -- > > Email: Herbert Xu > > Home Page: http://gondor.apana.org.au/~herbert/ > > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt > > > Regards, > Pascal van Leeuwen > Silicon IP Architect, Multi-Protocol Engines @ Verimatrix > www.insidesecure.com Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
[PATCH] crypto: inside-secure - Added support for CRC32
This patch adds support for the CRC32 "hash" algorithm
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 2 +
drivers/crypto/inside-secure/safexcel_hash.c | 115 +--
3 files changed, 111 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 5d648ee..02851b9 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1009,6 +1009,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_xts_aes,
&safexcel_alg_gcm,
&safexcel_alg_ccm,
+ &safexcel_alg_crc32,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 1407804..bb98c93 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -324,6 +324,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_DIGEST_XCM (0x2 << 21)
#define CONTEXT_CONTROL_DIGEST_HMAC(0x3 << 21)
#define CONTEXT_CONTROL_CRYPTO_ALG_MD5 (0x0 << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_CRC32 (0x0 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_SHA1(0x2 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_SHA224 (0x4 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_SHA256 (0x3 << 23)
@@ -805,5 +806,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_xts_aes;
extern struct safexcel_alg_template safexcel_alg_gcm;
extern struct safexcel_alg_template safexcel_alg_ccm;
+extern struct safexcel_alg_template safexcel_alg_crc32;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 2effb6d..9d1e8cf 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -82,23 +82,31 @@ static void safexcel_context_control(struct
safexcel_ahash_ctx *ctx,
struct safexcel_crypto_priv *priv = ctx->priv;
u64 count = 0;
- cdesc->control_data.control0 |= ctx->alg;
+ cdesc->control_data.control0 = ctx->alg;
/*
* Copy the input digest if needed, and setup the context
* fields. Do this now as we need it to setup the first command
* descriptor.
*/
- if (!req->processed) {
+ if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM)) {
+ ctx->base.ctxr->data[0] = req->state[0];
+
+ cdesc->control_data.control0 |= req->digest |
+ CONTEXT_CONTROL_TYPE_HASH_OUT |
+ CONTEXT_CONTROL_SIZE(4);
+
+ return;
+ } else if (!req->processed) {
/* First - and possibly only - block of basic hash only */
if (req->finish) {
- cdesc->control_data.control0 |=
+ cdesc->control_data.control0 |= req->digest |
CONTEXT_CONTROL_TYPE_HASH_OUT |
CONTEXT_CONTROL_RESTART_HASH |
/* ensure its not 0! */
CONTEXT_CONTROL_SIZE(1);
} else {
- cdesc->control_data.control0 |=
+ cdesc->control_data.control0 |= req->digest |
CONTEXT_CONTROL_TYPE_HASH_OUT |
CONTEXT_CONTROL_RESTART_HASH |
CONTEXT_CONTROL_NO_FINISH_HASH |
@@ -238,8 +246,13 @@ static int safexcel_handle_req_result(struct
safexcel_crypto_priv *priv,
return 1;
}
- memcpy(areq->result, sreq->state,
- crypto_ahash_digestsize(ahash));
+ if (unlikely(sreq->digest == CONTEXT_CONTROL_DIGEST_XCM)) {
+ /* Undo final XOR with 0x ...*/
+ *(u32 *)areq->result = ~sreq->state[0];
+ } else {
+ memcpy(areq->result, sreq->state,
+ crypto_ahash_digestsize(ahash));
+ }
}
cache_len = safexcel_queued_len(sreq);
@@ -599,7 +612,7 @@ static int safexcel_ahash_enqueue(struct ahash_request
*areq)
/* invalidate for HMAC continuation finish */
(req->finish && (req->processed != req->block_sz)) ||
/* invalidate for HMAC finish with odigest changed */
-(req->finish &&
[PATCH 0/3] crypto: inside-secure - Add support for the CBCMAC
This patchset adds support for the (AES) CBCMAC family of authentication algorithms: AES-CBCMAC, AES-XCBCMAC and AES-MAC It has been verified with a Xilinx PCIE FPGA board as well as the Marvell Armada A8K based Macchiatobin development board. Pascal van Leeuwen (3): crypto: inside-secure - Added support for the AES CBCMAC ahash crypto: inside-secure - Added support for the AES XCBC ahash crypto: inside-secure - Added support for the AES-CMAC ahash drivers/crypto/inside-secure/safexcel.c | 3 + drivers/crypto/inside-secure/safexcel.h | 3 + drivers/crypto/inside-secure/safexcel_hash.c | 462 --- 3 files changed, 427 insertions(+), 41 deletions(-) -- 1.8.3.1
[PATCH 2/3] crypto: inside-secure - Added support for the AES XCBC ahash
This patch adds support for the AES XCBC authentication algorithm
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_hash.c | 136 ++-
3 files changed, 134 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 898a6b0..bc8bd69 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1011,6 +1011,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_ccm,
&safexcel_alg_crc32,
&safexcel_alg_cbcmac,
+ &safexcel_alg_xcbcmac,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index ff91141..809d8d0 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -808,5 +808,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_ccm;
extern struct safexcel_alg_template safexcel_alg_crc32;
extern struct safexcel_alg_template safexcel_alg_cbcmac;
+extern struct safexcel_alg_template safexcel_alg_xcbcmac;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 8df4fdc..6576430 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -9,6 +9,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -21,9 +22,12 @@ struct safexcel_ahash_ctx {
u32 alg;
u8 key_sz;
+ bool cbcmac;
u32 ipad[SHA512_DIGEST_SIZE / sizeof(u32)];
u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
+
+ struct crypto_cipher *kaes;
};
struct safexcel_ahash_req {
@@ -62,7 +66,7 @@ static inline u64 safexcel_queued_len(struct
safexcel_ahash_req *req)
static void safexcel_hash_token(struct safexcel_command_desc *cdesc,
u32 input_length, u32 result_length,
- bool xcbcmac)
+ bool cbcmac)
{
struct safexcel_token *token =
(struct safexcel_token *)cdesc->control_data.token;
@@ -72,7 +76,7 @@ static void safexcel_hash_token(struct safexcel_command_desc
*cdesc,
token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH;
input_length &= 15;
- if (unlikely(xcbcmac && input_length)) {
+ if (unlikely(cbcmac && input_length)) {
token[1].opcode = EIP197_TOKEN_OPCODE_INSERT;
token[1].packet_length = 16 - input_length;
token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;
@@ -354,6 +358,15 @@ static int safexcel_ahash_send_req(struct
crypto_async_request *async, int ring,
}
extra -= skip;
memset(req->cache + cache_len + skip, 0, extra);
+ if (!ctx->cbcmac && extra) {
+ // 10- padding for XCBCMAC & CMAC
+ req->cache[cache_len + skip] = 0x80;
+ // HW will use K2 iso K3 - compensate!
+ for (i = 0; i < AES_BLOCK_SIZE / sizeof(u32);
i++)
+ ((u32 *)req->cache)[i] ^=
+ cpu_to_be32(ctx->ipad[i]) ^
+ cpu_to_be32(ctx->ipad[i + 4]);
+ }
cache_len = AES_BLOCK_SIZE;
queued = queued + extra;
}
@@ -435,7 +448,7 @@ static int safexcel_ahash_send_req(struct
crypto_async_request *async, int ring,
/* Add the token. Note that the XCBC result is only 1 AES block. */
res_sz = req->xcbcmac ? AES_BLOCK_SIZE : req->state_sz;
- safexcel_hash_token(first_cdesc, len, res_sz, req->xcbcmac);
+ safexcel_hash_token(first_cdesc, len, res_sz, ctx->cbcmac);
req->result_dma = dma_map_single(priv->dev, req->state, req->state_sz,
DMA_FROM_DEVICE);
@@ -771,11 +784,22 @@ static int safexcel_ahash_final(struct ahash_request
*areq)
/* Zero length CRC32 */
memcpy(areq->result, ctx->ipad, sizeof(u32));
return 0;
- } else if (unlikely(req->xcbcmac && req->len == AES_BLOCK_SIZE &&
+ } else if (unlikely(ctx->cbcmac && req->len == AES_BLOCK_SIZE &&
!areq->nbytes)) {
/* Zero length CBC MAC */
[PATCH 3/3] crypto: inside-secure - Added support for the AES-CMAC ahash
This patch adds support for the AES-CMAC authentication algorithm.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_hash.c | 99
3 files changed, 101 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index bc8bd69..2e421f6 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1012,6 +1012,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_crc32,
&safexcel_alg_cbcmac,
&safexcel_alg_xcbcmac,
+ &safexcel_alg_cmac,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 809d8d0..d76a4fa 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -809,5 +809,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_crc32;
extern struct safexcel_alg_template safexcel_alg_cbcmac;
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
+extern struct safexcel_alg_template safexcel_alg_cmac;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 6576430..0224779 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -2122,3 +2122,102 @@ struct safexcel_alg_template safexcel_alg_xcbcmac = {
},
},
};
+
+static int safexcel_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int len)
+{
+ struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
+ struct crypto_aes_ctx aes;
+ __be64 consts[4];
+ u64 _const[2];
+ u8 msb_mask, gfmask;
+ int ret, i;
+
+ ret = aes_expandkey(&aes, key, len);
+ if (ret) {
+ crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return ret;
+ }
+
+ for (i = 0; i < len / sizeof(u32); i++)
+ ctx->ipad[i + 8] = cpu_to_be32(aes.key_enc[i]);
+
+ /* precompute the CMAC key material */
+ crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
+ crypto_cipher_set_flags(ctx->kaes, crypto_ahash_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ ret = crypto_cipher_setkey(ctx->kaes, key, len);
+ crypto_ahash_set_flags(tfm, crypto_cipher_get_flags(ctx->kaes) &
+ CRYPTO_TFM_RES_MASK);
+ if (ret)
+ return ret;
+
+ /* code below borrowed from crypto/cmac.c */
+ /* encrypt the zero block */
+ memset(consts, 0, AES_BLOCK_SIZE);
+ crypto_cipher_encrypt_one(ctx->kaes, (u8 *)consts, (u8 *)consts);
+
+ gfmask = 0x87;
+ _const[0] = be64_to_cpu(consts[1]);
+ _const[1] = be64_to_cpu(consts[0]);
+
+ /* gf(2^128) multiply zero-ciphertext with u and u^2 */
+ for (i = 0; i < 4; i += 2) {
+ msb_mask = ((s64)_const[1] >> 63) & gfmask;
+ _const[1] = (_const[1] << 1) | (_const[0] >> 63);
+ _const[0] = (_const[0] << 1) ^ msb_mask;
+
+ consts[i + 0] = cpu_to_be64(_const[1]);
+ consts[i + 1] = cpu_to_be64(_const[0]);
+ }
+ /* end of code borrowed from crypto/cmac.c */
+
+ for (i = 0; i < 2 * AES_BLOCK_SIZE / sizeof(u32); i++)
+ ctx->ipad[i] = cpu_to_be32(((u32 *)consts)[i]);
+
+ if (len == AES_KEYSIZE_192) {
+ ctx->alg= CONTEXT_CONTROL_CRYPTO_ALG_XCBC192;
+ ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
+ } else if (len == AES_KEYSIZE_256) {
+ ctx->alg= CONTEXT_CONTROL_CRYPTO_ALG_XCBC256;
+ ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;
+ } else {
+ ctx->alg= CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;
+ ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;
+ }
+ ctx->cbcmac = false;
+
+ memzero_explicit(&aes, sizeof(aes));
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_cmac = {
+ .type = SAFEXCEL_ALG_TYPE_AHASH,
+ .algo_mask = 0,
+ .alg.ahash = {
+ .init = safexcel_cbcmac_init,
+ .update = safexcel_ahash_update,
+ .final = safexcel_ahash_final,
+ .finup = safexcel_ahash_finup,
+ .digest = safexcel_cbcmac_digest,
+ .setkey = safexcel_cmac_setkey,
+ .export = safexcel_ahash_export,
+
[PATCH 1/3] crypto: inside-secure - Added support for the AES CBCMAC ahash
This patch adds support for the AES-CBCMAC authentication algorithm.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_hash.c | 235 ++-
3 files changed, 196 insertions(+), 41 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 02851b9..898a6b0 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1010,6 +1010,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_gcm,
&safexcel_alg_ccm,
&safexcel_alg_crc32,
+ &safexcel_alg_cbcmac,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index bb98c93..ff91141 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -807,5 +807,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_gcm;
extern struct safexcel_alg_template safexcel_alg_ccm;
extern struct safexcel_alg_template safexcel_alg_crc32;
+extern struct safexcel_alg_template safexcel_alg_cbcmac;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 9d1e8cf..8df4fdc 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -5,6 +5,7 @@
* Antoine Tenart
*/
+#include
#include
#include
#include
@@ -19,6 +20,7 @@ struct safexcel_ahash_ctx {
struct safexcel_crypto_priv *priv;
u32 alg;
+ u8 key_sz;
u32 ipad[SHA512_DIGEST_SIZE / sizeof(u32)];
u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
@@ -31,6 +33,8 @@ struct safexcel_ahash_req {
bool needs_inv;
bool hmac_zlen;
bool len_is_le;
+ bool not_first;
+ bool xcbcmac;
int nents;
dma_addr_t result_dma;
@@ -57,21 +61,31 @@ static inline u64 safexcel_queued_len(struct
safexcel_ahash_req *req)
}
static void safexcel_hash_token(struct safexcel_command_desc *cdesc,
- u32 input_length, u32 result_length)
+ u32 input_length, u32 result_length,
+ bool xcbcmac)
{
struct safexcel_token *token =
(struct safexcel_token *)cdesc->control_data.token;
token[0].opcode = EIP197_TOKEN_OPCODE_DIRECTION;
token[0].packet_length = input_length;
- token[0].stat = EIP197_TOKEN_STAT_LAST_HASH;
token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH;
- token[1].opcode = EIP197_TOKEN_OPCODE_INSERT;
- token[1].packet_length = result_length;
- token[1].stat = EIP197_TOKEN_STAT_LAST_HASH |
+ input_length &= 15;
+ if (unlikely(xcbcmac && input_length)) {
+ token[1].opcode = EIP197_TOKEN_OPCODE_INSERT;
+ token[1].packet_length = 16 - input_length;
+ token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;
+ token[1].instructions = EIP197_TOKEN_INS_TYPE_HASH;
+ } else {
+ token[0].stat = EIP197_TOKEN_STAT_LAST_HASH;
+ }
+
+ token[2].opcode = EIP197_TOKEN_OPCODE_INSERT;
+ token[2].stat = EIP197_TOKEN_STAT_LAST_HASH |
EIP197_TOKEN_STAT_LAST_PACKET;
- token[1].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT |
+ token[2].packet_length = result_length;
+ token[2].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT |
EIP197_TOKEN_INS_INSERT_HASH_DIGEST;
}
@@ -90,29 +104,40 @@ static void safexcel_context_control(struct
safexcel_ahash_ctx *ctx,
* descriptor.
*/
if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM)) {
- ctx->base.ctxr->data[0] = req->state[0];
-
- cdesc->control_data.control0 |= req->digest |
- CONTEXT_CONTROL_TYPE_HASH_OUT |
- CONTEXT_CONTROL_SIZE(4);
+ if (req->xcbcmac)
+ memcpy(ctx->base.ctxr->data, ctx->ipad, ctx->key_sz);
+ else
+ memcpy(ctx->base.ctxr->data, req->state, req->state_sz);
+ if (!req->finish && req->xcbcmac)
+ cdesc->control_data.control0 |=
+ CONTEXT_CONTROL_DIGEST_XCM |
+ CONTEXT_CONTROL_TYPE_HASH_OUT |
+ CONTEXT_CONTROL_NO_FINISH_HASH |
+ CONTEXT_CONTROL_SIZE(req->state_sz /
+
RE: [PATCH 0/3] crypto: inside-secure - Add support for the CBCMAC
> -Original Message- > From: linux-crypto-ow...@vger.kernel.org > On Behalf > Of Herbert Xu > Sent: Monday, September 9, 2019 1:35 PM > To: Pascal Van Leeuwen > Cc: Pascal van Leeuwen ; linux-crypto@vger.kernel.org; > antoine.ten...@bootlin.com; da...@davemloft.net > Subject: Re: [PATCH 0/3] crypto: inside-secure - Add support for the CBCMAC > > On Mon, Sep 09, 2019 at 10:50:12AM +, Pascal Van Leeuwen wrote: > > > > So my suggestion would be to supply the CRC32 patch and > > then resubmit this patchset unmodified. Would that be OK? > > That's fine. > Ok, I just submitted a patch called "crypto: inside-secure - Added support for CRC32" and then resubmitted the "crypto: inside-secure - Added support for the AES-CMAC" patchset. If you apply them in the order I just sent them (i.e., CRC32 first), it should apply just fine. > > Cheers, > -- > Email: Herbert Xu > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
Interesting crypto manager behavior
Herbert, Eric, I noticed some interesting behavior from the crypto manager when dealing with a fallback cipher situation. I'm allocating a fallback (AEAD) cipher to handle some corner cases my HW cannot handle, but I noticed that the fallback itself is being tested when I allocate it (or so it seems) and if the fallback itself fails on some testvector, it is not replaced by an alternative while such an alternative should be available. So I have to fail my entire init because the fallback could not be allocated. i.e. while requesting a fallback for rfc7539(chacha20, poly1305), it attempts rfc7539(safexcel-chacha20,poly1305-simd), which fails, but it could still fall back to e.g. rfc7539(chacha20-simd, poly1305-simd), which should work. Actually, I really do not want the fallback to hit another algorithm of my own driver. Is there some way to prevent that from happening? (without actually referencing hard cra_driver_name's ...) Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
RE: Interesting crypto manager behavior
> -Original Message- > From: Herbert Xu > Sent: Tuesday, September 10, 2019 2:59 PM > To: Pascal Van Leeuwen > Cc: linux-crypto@vger.kernel.org; Eric Biggers > Subject: Re: Interesting crypto manager behavior > > On Tue, Sep 10, 2019 at 12:50:04PM +, Pascal Van Leeuwen wrote: > > > > I'm allocating a fallback (AEAD) cipher to handle some corner cases > > my HW cannot handle, but I noticed that the fallback itself is being > > tested when I allocate it (or so it seems) and if the fallback itself > > fails on some testvector, it is not replaced by an alternative while > > such an alternative should be available. So I have to fail my entire > > init because the fallback could not be allocated. > > This has nothing to do with fallbacks and it's just how template > instantiation works. If the instantiation fails it will not try > to construct another one. The point is that if your algorithm > works then it should not fail the instantiation self-test. And > if it does fail then it's a bug in the algorithm, not the API. > > > i.e. while requesting a fallback for rfc7539(chacha20, poly1305), it > > attempts rfc7539(safexcel-chacha20,poly1305-simd), which fails, but > > it could still fall back to e.g. rfc7539(chacha20-simd, poly1305-simd), > > which should work. > > > > Actually, I really do not want the fallback to hit another algorithm > > of my own driver. Is there some way to prevent that from happening? > > (without actually referencing hard cra_driver_name's ...) > > I think if safexcel-chacha20 causes a failure when used with rfc7539 > then it should just be fixed, or unexported. > Actually, the whole situation occurred because I manually added a testvector to testmgr.h that even fails with generic, generic :-) So no, safexcel-chacha20 does not cause the failure, I was surprised by the behavior, expecting it to fallback all the way to generic if needed. Anyway, this leads me to a follow-up question: I'm trying to implement rfc7539esp(chacha20,poly1305) but I cannot make sense of what it *should* do. >From the generic template code, the only difference from the regular rfc7539 I could reverse engineer is that the first 4 bytes of the IV move to the end of the key (as "salt"). However, when I implemented just that, I got mismatches on the appended ICV. And, with rfc7539 working just fine and considering the minimal differences which are easy to review, I cannot make sense of it. So I copied the single rfc7539esp testvector to the regular rfc7539 vector set and modified it accordingly, i.e. I moved the last 4 bytes of the key to the start of IV again. But if I do that, the vector even fails on rfc7539esp(generic,generic). Upon closer inspection of the vector, I noticed the following: It is basically the exact same vector as the last (2nd) regular rfc7539 vector, with the first 4 bytes of the IV moved to the end of the key (OK) BUT also with 8 bytes added to the AAD (which look like it's the IV). While the expected ICV is still the same, which is of course impossible if you add more AAD data. So really, can someone tell me how this rfc7539esp mode is supposed to work? And where this is handled in chacha20_poly1305.c as I cannot find where it makes that exception ... > Cheers, > -- > Email: Herbert Xu > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
RE: Interesting crypto manager behavior
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org
> On Behalf
> Of Pascal Van Leeuwen
> Sent: Tuesday, September 10, 2019 3:10 PM
> To: Herbert Xu
> Cc: linux-crypto@vger.kernel.org; Eric Biggers
> Subject: RE: Interesting crypto manager behavior
>
>
>
> > -Original Message-
> > From: Herbert Xu
> > Sent: Tuesday, September 10, 2019 2:59 PM
> > To: Pascal Van Leeuwen
> > Cc: linux-crypto@vger.kernel.org; Eric Biggers
> > Subject: Re: Interesting crypto manager behavior
> >
> > On Tue, Sep 10, 2019 at 12:50:04PM +, Pascal Van Leeuwen wrote:
> > >
> > > I'm allocating a fallback (AEAD) cipher to handle some corner cases
> > > my HW cannot handle, but I noticed that the fallback itself is being
> > > tested when I allocate it (or so it seems) and if the fallback itself
> > > fails on some testvector, it is not replaced by an alternative while
> > > such an alternative should be available. So I have to fail my entire
> > > init because the fallback could not be allocated.
> >
> > This has nothing to do with fallbacks and it's just how template
> > instantiation works. If the instantiation fails it will not try
> > to construct another one. The point is that if your algorithm
> > works then it should not fail the instantiation self-test. And
> > if it does fail then it's a bug in the algorithm, not the API.
> >
> > > i.e. while requesting a fallback for rfc7539(chacha20, poly1305), it
> > > attempts rfc7539(safexcel-chacha20,poly1305-simd), which fails, but
> > > it could still fall back to e.g. rfc7539(chacha20-simd, poly1305-simd),
> > > which should work.
> > >
> > > Actually, I really do not want the fallback to hit another algorithm
> > > of my own driver. Is there some way to prevent that from happening?
> > > (without actually referencing hard cra_driver_name's ...)
> >
> > I think if safexcel-chacha20 causes a failure when used with rfc7539
> > then it should just be fixed, or unexported.
> >
> Actually, the whole situation occurred because I manually added a
> testvector to testmgr.h that even fails with generic, generic :-)
> So no, safexcel-chacha20 does not cause the failure, I was surprised
> by the behavior, expecting it to fallback all the way to generic if
> needed.
>
> Anyway, this leads me to a follow-up question:
> I'm trying to implement rfc7539esp(chacha20,poly1305) but I cannot
> make sense of what it *should* do.
> From the generic template code, the only difference from the regular
> rfc7539 I could reverse engineer is that the first 4 bytes of the IV
> move to the end of the key (as "salt").
> However, when I implemented just that, I got mismatches on the appended
> ICV. And, with rfc7539 working just fine and considering the minimal
> differences which are easy to review, I cannot make sense of it.
>
> So I copied the single rfc7539esp testvector to the regular rfc7539
> vector set and modified it accordingly, i.e. I moved the last 4 bytes
> of the key to the start of IV again.
> But if I do that, the vector even fails on rfc7539esp(generic,generic).
>
> Upon closer inspection of the vector, I noticed the following:
> It is basically the exact same vector as the last (2nd) regular rfc7539
> vector, with the first 4 bytes of the IV moved to the end of the key
> (OK) BUT also with 8 bytes added to the AAD (which look like it's the IV).
> While the expected ICV is still the same, which is of course impossible
> if you add more AAD data.
>
> So really, can someone tell me how this rfc7539esp mode is supposed to
> work? And where this is handled in chacha20_poly1305.c as I cannot find
> where it makes that exception ...
>
Ok, never mind. After confirming that, for ESP, the IV is not actually
authenticated at all, and therefore should be somehow skipped, and after
searching through the code for all instances of "assoclen", I finally
came across the following in the poly_genkey function (~last place you
would for such a thing):
rctx->assoclen = req->assoclen;
if (crypto_aead_ivsize(tfm) == 8) {
if (rctx->assoclen < 8)
return -EINVAL;
rctx->assoclen -= 8;
}
So, as it turns out, for an ivsize of 8, which happens to be the
case for rfc7539esp only, we need to skip the last 8 bytes of AAD.
QED
> > Cheers,
> > --
> > Email: Herbert Xu
> > Home Page: http://gondor.apana.org.au/~herbert/
> > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
>
>
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
[PATCH 0/2] crypto: inside-secure: Add support for the Chacha20 skcipher and the Chacha20-Poly1305 AEAD suites
Extend driver support with chacha20, rfc7539(chacha20,poly1305) and rfc7539esp(chacha20,poly1305) ciphers. The patchset has been tested with the eip197c_iesb and eip197c_iewxkbc configurations on the Xilinx VCU118 development board, including the crypto extra tests. Note that this patchset applies on top of the earlier submitted "Add support for the CBCMAC" series. Pascal van Leeuwen (2): crypto: inside-secure - Added support for the CHACHA20 skcipher crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD drivers/crypto/inside-secure/safexcel.c| 3 + drivers/crypto/inside-secure/safexcel.h| 11 + drivers/crypto/inside-secure/safexcel_cipher.c | 335 +++-- 3 files changed, 335 insertions(+), 14 deletions(-) -- 1.8.3.1
[PATCH 2/2] crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD
This patch adds support for the Chacha20-Poly1305 cipher suite.
It adds both the basic rfc7539(chacha20,poly1305) as well as the
rfc7539esp(chacha20,poly1305) variant for IPsec ESP acceleration.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 2 +
drivers/crypto/inside-secure/safexcel.h| 8 +
drivers/crypto/inside-secure/safexcel_cipher.c | 276 ++---
3 files changed, 262 insertions(+), 24 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index fd9c9e7..5886bcd 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1174,6 +1174,8 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_xcbcmac,
&safexcel_alg_cmac,
&safexcel_alg_chacha20,
+ &safexcel_alg_chachapoly,
+ &safexcel_alg_chachapoly_esp,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index c7f1a20..282d59e 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -373,6 +373,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC128 (0x1 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC192 (0x2 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC256 (0x3 << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_POLY1305(0xf << 23)
#define CONTEXT_CONTROL_INV_FR (0x5 << 24)
#define CONTEXT_CONTROL_INV_TR (0x6 << 24)
@@ -385,6 +386,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD (6 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XTS(7 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XCM((6 << 0) | BIT(17))
+#define CONTEXT_CONTROL_CHACHA20_MODE_CALC_OTK (12 << 0)
#define CONTEXT_CONTROL_IV0BIT(5)
#define CONTEXT_CONTROL_IV1BIT(6)
#define CONTEXT_CONTROL_IV2BIT(7)
@@ -397,6 +399,10 @@ struct safexcel_context_record {
#define EIP197_XCM_MODE_GCM1
#define EIP197_XCM_MODE_CCM2
+#define EIP197_AEAD_TYPE_IPSEC_ESP 2
+#define EIP197_AEAD_IPSEC_IV_SIZE 8
+#define EIP197_AEAD_IPSEC_NONCE_SIZE 4
+
/* The hash counter given to the engine in the context has a granularity of
* 64 bits.
*/
@@ -861,5 +867,7 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
extern struct safexcel_alg_template safexcel_alg_cmac;
extern struct safexcel_alg_template safexcel_alg_chacha20;
+extern struct safexcel_alg_template safexcel_alg_chachapoly;
+extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 44dc13a..00bf220 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -17,6 +17,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -43,8 +44,8 @@ struct safexcel_cipher_ctx {
u32 mode;
enum safexcel_cipher_alg alg;
- bool aead;
- int xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
+ char aead; /* !=0=AEAD, 2=IPSec ESP AEAD */
+ char xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
__le32 key[16];
u32 nonce;
@@ -57,6 +58,7 @@ struct safexcel_cipher_ctx {
u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
struct crypto_cipher *hkaes;
+ struct crypto_aead *fback;
};
struct safexcel_cipher_req {
@@ -86,10 +88,24 @@ static void safexcel_cipher_token(struct
safexcel_cipher_ctx *ctx, u8 *iv,
} else if (ctx->alg == SAFEXCEL_CHACHA20) {
cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
- /* 96 bit nonce part */
- memcpy(&cdesc->control_data.token[0], &iv[4], 12);
- /* 32 bit counter */
- cdesc->control_data.token[3] = *(u32 *)iv;
+ if (ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
+ /* 32 bit nonce part */
+ cdesc->control_data.token[0] = ctx->nonce;
+ /* 64 bit IV part */
+ memcpy(&cdesc->control_data.token[1], iv, 8);
+ /* 32 bit counter, starting at 0 */
+ cdesc->control_data.token[3] = 0;
+ } else if (ctx->aead) {
+ /* 96 bit nonce part */
+ memcpy(&cdesc->control_data.token[0], iv, 12);
+
[PATCH 1/2] crypto: inside-secure - Added support for the CHACHA20 skcipher
Added support for the CHACHA20 skcipher algorithm.
Tested on an eip197c-iesb configuration in the Xilinx VCU118 devboard,
passes all testmgr vectors plus the extra fuzzing tests.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 3 +
drivers/crypto/inside-secure/safexcel_cipher.c | 83 +-
3 files changed, 85 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index a34bf8c..fd9c9e7 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1173,6 +1173,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_cbcmac,
&safexcel_alg_xcbcmac,
&safexcel_alg_cmac,
+ &safexcel_alg_chacha20,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 6ddc6d1..c7f1a20 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -358,6 +358,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_AES128 (0x5 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES192 (0x6 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES256 (0x7 << 17)
+#define CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20(0x8 << 17)
#define CONTEXT_CONTROL_DIGEST_PRECOMPUTED (0x1 << 21)
#define CONTEXT_CONTROL_DIGEST_XCM (0x2 << 21)
#define CONTEXT_CONTROL_DIGEST_HMAC(0x3 << 21)
@@ -378,6 +379,7 @@ struct safexcel_context_record {
/* control1 */
#define CONTEXT_CONTROL_CRYPTO_MODE_ECB(0 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CBC(1 << 0)
+#define CONTEXT_CONTROL_CHACHA20_MODE_256_32 (2 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_OFB(4 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CFB(5 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD (6 << 0)
@@ -858,5 +860,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_cbcmac;
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
extern struct safexcel_alg_template safexcel_alg_cmac;
+extern struct safexcel_alg_template safexcel_alg_chacha20;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 023cabc..44dc13a 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -5,13 +5,14 @@
* Antoine Tenart
*/
+#include
#include
#include
#include
-
#include
#include
#include
+#include
#include
#include
#include
@@ -33,6 +34,7 @@ enum safexcel_cipher_alg {
SAFEXCEL_DES,
SAFEXCEL_3DES,
SAFEXCEL_AES,
+ SAFEXCEL_CHACHA20,
};
struct safexcel_cipher_ctx {
@@ -81,6 +83,15 @@ static void safexcel_cipher_token(struct safexcel_cipher_ctx
*ctx, u8 *iv,
cdesc->control_data.token[3] = cpu_to_be32(1);
return;
+ } else if (ctx->alg == SAFEXCEL_CHACHA20) {
+ cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
+
+ /* 96 bit nonce part */
+ memcpy(&cdesc->control_data.token[0], &iv[4], 12);
+ /* 32 bit counter */
+ cdesc->control_data.token[3] = *(u32 *)iv;
+
+ return;
} else if (ctx->xcm == EIP197_XCM_MODE_GCM) {
cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
@@ -112,7 +123,7 @@ static void safexcel_cipher_token(struct
safexcel_cipher_ctx *ctx, u8 *iv,
block_sz = DES3_EDE_BLOCK_SIZE;
cdesc->control_data.options |=
EIP197_OPTION_2_TOKEN_IV_CMD;
break;
- case SAFEXCEL_AES:
+ default: /* case SAFEXCEL_AES */
block_sz = AES_BLOCK_SIZE;
cdesc->control_data.options |=
EIP197_OPTION_4_TOKEN_IV_CMD;
break;
@@ -486,6 +497,9 @@ static int safexcel_context_control(struct
safexcel_cipher_ctx *ctx,
ctx->key_len >> ctx->xts);
return -EINVAL;
}
+ } else if (ctx->alg == SAFEXCEL_CHACHA20) {
+ cdesc->control_data.control0 |=
+ CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20;
}
return 0;
@@ -2313,3 +2327,68 @@ struct safexcel_alg_template safexcel_alg_ccm = {
},
},
};
+
+static int safexcel_skcipher_chacha20_setkey(struct crypto_skcipher *ctfm,
+
RE: [PATCH 1/2] crypto: inside-secure - Added support for the CHACHA20 skcipher
> -Original Message- > From: Antoine Tenart > Sent: Tuesday, September 10, 2019 7:33 PM > To: Pascal van Leeuwen > Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com; > herb...@gondor.apana.org.au; > da...@davemloft.net; Pascal Van Leeuwen > Subject: Re: [PATCH 1/2] crypto: inside-secure - Added support for the > CHACHA20 skcipher > > Hi Pascal, > > On Tue, Sep 10, 2019 at 04:38:12PM +0200, Pascal van Leeuwen wrote: > > > > @@ -112,7 +123,7 @@ static void safexcel_cipher_token(struct > > safexcel_cipher_ctx *ctx, u8 > *iv, > > block_sz = DES3_EDE_BLOCK_SIZE; > > cdesc->control_data.options |= > > EIP197_OPTION_2_TOKEN_IV_CMD; > > break; > > - case SAFEXCEL_AES: > > + default: /* case SAFEXCEL_AES */ > > Can't you keep an explicit case here? > If I do that, the compiler will complain about SAFEXCEL_CHACHA20 not being covered. And Chacha20 won't even make it this far, so it doesn't make much sense to add that to the switch. I suppose an explicit case plus an empty default would be an alternative? But I figured the comment should suffice to remind anyone working on that switch statement what it should really do. I'm fine with either approach. > > block_sz = AES_BLOCK_SIZE; > > cdesc->control_data.options |= > > EIP197_OPTION_4_TOKEN_IV_CMD; > > break; > > Thanks, > Antoine > > -- > Antoine Ténart, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
[PATCH 2/3] crypto: inside-secure - Added support for HMAC-SM3 ahash
Added support for the hmac(sm3) ahash authentication algorithm
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_hash.c | 70
3 files changed, 72 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 826d1fb..7d907d5 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1177,6 +1177,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_chachapoly,
&safexcel_alg_chachapoly_esp,
&safexcel_alg_sm3,
+ &safexcel_alg_hmac_sm3,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index fc2aba2..7ee09fe 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -871,5 +871,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_chachapoly;
extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
extern struct safexcel_alg_template safexcel_alg_sm3;
+extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index a4107bb..fdf4bcc 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -2280,3 +2280,73 @@ struct safexcel_alg_template safexcel_alg_sm3 = {
},
},
};
+
+static int safexcel_hmac_sm3_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sm3",
+ SM3_DIGEST_SIZE);
+}
+
+static int safexcel_hmac_sm3_init(struct ahash_request *areq)
+{
+ struct safexcel_ahash_ctx *ctx =
crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
+ struct safexcel_ahash_req *req = ahash_request_ctx(areq);
+
+ memset(req, 0, sizeof(*req));
+
+ /* Start from ipad precompute */
+ memcpy(req->state, ctx->ipad, SM3_DIGEST_SIZE);
+ /* Already processed the key^ipad part now! */
+ req->len= SM3_BLOCK_SIZE;
+ req->processed = SM3_BLOCK_SIZE;
+
+ ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
+ req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
+ req->state_sz = SM3_DIGEST_SIZE;
+ req->block_sz = SM3_BLOCK_SIZE;
+ req->hmac = true;
+
+ return 0;
+}
+
+static int safexcel_hmac_sm3_digest(struct ahash_request *areq)
+{
+ int ret = safexcel_hmac_sm3_init(areq);
+
+ if (ret)
+ return ret;
+
+ return safexcel_ahash_finup(areq);
+}
+
+struct safexcel_alg_template safexcel_alg_hmac_sm3 = {
+ .type = SAFEXCEL_ALG_TYPE_AHASH,
+ .algo_mask = SAFEXCEL_ALG_SM3,
+ .alg.ahash = {
+ .init = safexcel_hmac_sm3_init,
+ .update = safexcel_ahash_update,
+ .final = safexcel_ahash_final,
+ .finup = safexcel_ahash_finup,
+ .digest = safexcel_hmac_sm3_digest,
+ .setkey = safexcel_hmac_sm3_setkey,
+ .export = safexcel_ahash_export,
+ .import = safexcel_ahash_import,
+ .halg = {
+ .digestsize = SM3_DIGEST_SIZE,
+ .statesize = sizeof(struct safexcel_ahash_export_state),
+ .base = {
+ .cra_name = "hmac(sm3)",
+ .cra_driver_name = "safexcel-hmac-sm3",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = SM3_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct
safexcel_ahash_ctx),
+ .cra_init = safexcel_ahash_cra_init,
+ .cra_exit = safexcel_ahash_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+ },
+};
--
1.8.3.1
[PATCH 1/3] crypto: inside-secure - Added support for basic SM3 ahash
Added support for the SM3 ahash algorithm
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 2 +
drivers/crypto/inside-secure/safexcel_hash.c | 59
3 files changed, 62 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 5886bcd..826d1fb 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1176,6 +1176,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_chacha20,
&safexcel_alg_chachapoly,
&safexcel_alg_chachapoly_esp,
+ &safexcel_alg_sm3,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 282d59e..fc2aba2 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -374,6 +374,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC192 (0x2 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC256 (0x3 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_POLY1305(0xf << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SM3 (0x7 << 23)
#define CONTEXT_CONTROL_INV_FR (0x5 << 24)
#define CONTEXT_CONTROL_INV_TR (0x6 << 24)
@@ -869,5 +870,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_chacha20;
extern struct safexcel_alg_template safexcel_alg_chachapoly;
extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
+extern struct safexcel_alg_template safexcel_alg_sm3;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 0224779..a4107bb 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -10,6 +10,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -776,6 +777,9 @@ static int safexcel_ahash_final(struct ahash_request *areq)
else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA512)
memcpy(areq->result, sha512_zero_message_hash,
SHA512_DIGEST_SIZE);
+ else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SM3)
+ memcpy(areq->result, sm3_zero_message_hash,
+ SM3_DIGEST_SIZE);
return 0;
} else if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM &&
@@ -2221,3 +2225,58 @@ struct safexcel_alg_template safexcel_alg_cmac = {
},
},
};
+
+static int safexcel_sm3_init(struct ahash_request *areq)
+{
+ struct safexcel_ahash_ctx *ctx =
crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
+ struct safexcel_ahash_req *req = ahash_request_ctx(areq);
+
+ memset(req, 0, sizeof(*req));
+
+ ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
+ req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
+ req->state_sz = SM3_DIGEST_SIZE;
+ req->block_sz = SM3_BLOCK_SIZE;
+
+ return 0;
+}
+
+static int safexcel_sm3_digest(struct ahash_request *areq)
+{
+ int ret = safexcel_sm3_init(areq);
+
+ if (ret)
+ return ret;
+
+ return safexcel_ahash_finup(areq);
+}
+
+struct safexcel_alg_template safexcel_alg_sm3 = {
+ .type = SAFEXCEL_ALG_TYPE_AHASH,
+ .algo_mask = SAFEXCEL_ALG_SM3,
+ .alg.ahash = {
+ .init = safexcel_sm3_init,
+ .update = safexcel_ahash_update,
+ .final = safexcel_ahash_final,
+ .finup = safexcel_ahash_finup,
+ .digest = safexcel_sm3_digest,
+ .export = safexcel_ahash_export,
+ .import = safexcel_ahash_import,
+ .halg = {
+ .digestsize = SM3_DIGEST_SIZE,
+ .statesize = sizeof(struct safexcel_ahash_export_state),
+ .base = {
+ .cra_name = "sm3",
+ .cra_driver_name = "safexcel-sm3",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = SM3_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct
safexcel_ahash_ctx),
+ .cra_init = safexcel_ahash_cra_init,
+ .cra_exit = safexcel_ahash_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+ },
+};
--
1.8.3.1
[PATCH 0/3] crypto: inside-secure - Add support for (HMAC) SM3
Extend driver support with sm3 and hmac(sm3) ahash support. Also add GM/T 0042-2015 hmac(sm3) testvectors to the testmgr. The patchset has been tested with the eip197c_iewxkbc configuration on the Xilinx VCU118 development board, including the crypto extra tests. Note that this patchset applies on top of the earlier submitted "Add support for the Chacha20 kcipher and the Chacha20-Poly..." series. Pascal van Leeuwen (3): crypto: inside-secure - Added support for basic SM3 ahash crypto: inside-secure - Added support for HMAC-SM3 ahash crypto: testmgr - Added testvectors for the hmac(sm3) ahash crypto/testmgr.c | 6 ++ crypto/testmgr.h | 56 drivers/crypto/inside-secure/safexcel.c | 2 + drivers/crypto/inside-secure/safexcel.h | 3 + drivers/crypto/inside-secure/safexcel_hash.c | 129 +++ 5 files changed, 196 insertions(+) -- 1.8.3.1
[PATCH 3/3] crypto: testmgr - Added testvectors for the hmac(sm3) ahash
Added testvectors for the hmac(sm3) ahash authentication algorithm
Signed-off-by: Pascal van Leeuwen
---
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 56
2 files changed, 62 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 001e62f..3604c9d 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4921,6 +4921,12 @@ static int alg_test_null(const struct alg_test_desc
*desc,
.hash = __VECS(hmac_sha512_tv_template)
}
}, {
+ .alg = "hmac(sm3)",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(hmac_sm3_tv_template)
+ }
+ }, {
.alg = "hmac(streebog256)",
.test = alg_test_hash,
.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 25572c3..1f56293 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -2935,6 +2935,62 @@ struct len_range_sel {
}
};
+/* Example vectors below taken from
+ * GM/T 0042-2015 Appendix D.3
+ */
+static const struct hash_testvec hmac_sm3_tv_template[] = {
+ {
+ .key= "\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18"
+ "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20",
+ .ksize = 32,
+ .plaintext =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .psize = 112,
+ .digest = "\xca\x05\xe1\x44\xed\x05\xd1\x85"
+ "\x78\x40\xd1\xf3\x18\xa4\xa8\x66"
+ "\x9e\x55\x9f\xc8\x39\x1f\x41\x44"
+ "\x85\xbf\xdf\x7b\xb4\x08\x96\x3a",
+ }, {
+ .key= "\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18"
+ "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
+ "\x21\x22\x23\x24\x25",
+ .ksize = 37,
+ .plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
+ .psize = 50,
+ .digest = "\x22\x0b\xf5\x79\xde\xd5\x55\x39"
+ "\x3f\x01\x59\xf6\x6c\x99\x87\x78"
+ "\x22\xa3\xec\xf6\x10\xd1\x55\x21"
+ "\x54\xb4\x1d\x44\xb9\x4d\xb3\xae",
+ }, {
+ .key= "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+"\x0b\x0b\x0b\x0b\x0b\x0b",
+ .ksize = 32,
+ .plaintext = "Hi There",
+ .psize = 8,
+ .digest = "\xc0\xba\x18\xc6\x8b\x90\xc8\x8b"
+ "\xc0\x7d\xe7\x94\xbf\xc7\xd2\xc8"
+ "\xd1\x9e\xc3\x1e\xd8\x77\x3b\xc2"
+ "\xb3\x90\xc9\x60\x4e\x0b\xe1\x1e",
+ }, {
+ .key= "Jefe",
+ .ksize = 4,
+ .plaintext = "what do ya want for nothing?",
+ .psize = 28,
+ .digest = "\x2e\x87\xf1\xd1\x68\x62\xe6\xd9"
+ "\x64\xb5\x0a\x52\x00\xbf\x2b\x10"
+ "\xb7\x64\xfa\xa9\x68\x0a\x29\x6a"
+ "\x24\x05\xf2\x4b\xec\x39\xf8\x82",
+ },
+};
+
/*
* SHA1 test vectors from from FIPS PUB 180-1
* Long vector from CAVS 5.0
--
1.8.3.1
[PATCH 1/7] crypto: inside-secure - Add support for the ecb(sm4) skcipher
This patch adds support for SM4 in ECB mode, i.e. skcipher ecb(sm4).
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 2 +
drivers/crypto/inside-secure/safexcel_cipher.c | 90 ++
3 files changed, 93 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 7d907d5..fe785e8 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1178,6 +1178,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_chachapoly_esp,
&safexcel_alg_sm3,
&safexcel_alg_hmac_sm3,
+ &safexcel_alg_ecb_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 7ee09fe..970b5cd 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -359,6 +359,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_AES192 (0x6 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES256 (0x7 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20(0x8 << 17)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SM4 (0xd << 17)
#define CONTEXT_CONTROL_DIGEST_PRECOMPUTED (0x1 << 21)
#define CONTEXT_CONTROL_DIGEST_XCM (0x2 << 21)
#define CONTEXT_CONTROL_DIGEST_HMAC(0x3 << 21)
@@ -872,5 +873,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
extern struct safexcel_alg_template safexcel_alg_sm3;
extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
+extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 00bf220..fc75f2f 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -36,6 +37,7 @@ enum safexcel_cipher_alg {
SAFEXCEL_3DES,
SAFEXCEL_AES,
SAFEXCEL_CHACHA20,
+ SAFEXCEL_SM4,
};
struct safexcel_cipher_ctx {
@@ -530,6 +532,9 @@ static int safexcel_context_control(struct
safexcel_cipher_ctx *ctx,
} else if (ctx->alg == SAFEXCEL_CHACHA20) {
cdesc->control_data.control0 |=
CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20;
+ } else if (ctx->alg == SAFEXCEL_SM4) {
+ cdesc->control_data.control0 |=
+ CONTEXT_CONTROL_CRYPTO_ALG_SM4;
}
return 0;
@@ -2620,3 +2625,88 @@ struct safexcel_alg_template safexcel_alg_chachapoly_esp
= {
},
},
};
+
+static int safexcel_skcipher_sm4_setkey(struct crypto_skcipher *ctfm,
+ const u8 *key, unsigned int len)
+{
+ struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+ struct safexcel_crypto_priv *priv = ctx->priv;
+ int i;
+
+ if (len != SM4_KEY_SIZE) {
+ crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+
+ if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
+ for (i = 0; i < SM4_KEY_SIZE / sizeof(u32); i++) {
+ if (ctx->key[i] !=
+ get_unaligned_le32(key + i * sizeof(u32))) {
+ ctx->base.needs_inv = true;
+ break;
+ }
+ }
+ }
+
+ for (i = 0; i < SM4_KEY_SIZE / sizeof(u32); i++)
+ ctx->key[i] = get_unaligned_le32(key + i * sizeof(u32));
+ ctx->key_len = SM4_KEY_SIZE;
+
+ return 0;
+}
+
+static int safexcel_sm4_blk_encrypt(struct skcipher_request *req)
+{
+ /* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
+ if (req->cryptlen & (SM4_BLOCK_SIZE - 1))
+ return -EINVAL;
+ else
+ return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
+ SAFEXCEL_ENCRYPT);
+}
+
+static int safexcel_sm4_blk_decrypt(struct skcipher_request *req)
+{
+ /* Workaround for HW bug: EIP96 4.3 does not report blocksize error */
+ if (req->cryptlen & (SM4_BLOCK_SIZE - 1))
+ return -EINVAL;
+ else
+ return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
+ SAFEXCEL_DECRYPT);
+}
[PATCH 0/7] crypto: inside-secure - Add support for SM4 ciphers
Extend driver support with ecb(sm4), cbc(sm4), ofb(sm4), cfb(sm4) and rfc3686(ctr(sm4)) skcipher algorithms. Also add ofb(sm4), cfb(sm4) and rfc3686(ctr(sm4)) testvectors to testmgr. The patchset has been tested with the eip197c_iewxkbc configuration on the Xilinx VCU118 development board, including the crypto extra tests. Note that this patchset applies on top of the earlier submitted "Add support for (HMAC) SM3" series. Pascal van Leeuwen (7): crypto: inside-secure - Add support for the ecb(sm4) skcipher crypto: inside-secure - Add support for the cbc(sm4) skcipher crypto: inside-secure - Add support for the ofb(sm4) skcipher crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers crypto: inside-secure - Add support for the cfb(sm4) skcipher crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher crypto/testmgr.c | 18 ++ crypto/testmgr.h | 127 + drivers/crypto/inside-secure/safexcel.c| 5 + drivers/crypto/inside-secure/safexcel.h| 6 + drivers/crypto/inside-secure/safexcel_cipher.c | 249 + 5 files changed, 405 insertions(+) -- 1.8.3.1
[PATCH 7/7] crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher
Added testvectors for the rfc3686(ctr(sm4)) skcipher algorithm
Signed-off-by: Pascal van Leeuwen
---
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 29 +
2 files changed, 35 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index fbc19bc..90a9f08 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5113,6 +5113,12 @@ static int alg_test_null(const struct alg_test_desc
*desc,
.cipher = __VECS(aes_ctr_rfc3686_tv_template)
}
}, {
+ .alg = "rfc3686(ctr(sm4))",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(sm4_ctr_rfc3686_tv_template)
+ }
+ }, {
.alg = "rfc4106(gcm(aes))",
.generic_driver =
"rfc4106(gcm_base(ctr(aes-generic),ghash-generic))",
.test = alg_test_aead,
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 4e74f65..871d9db 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -12209,6 +12209,35 @@ struct len_range_sel {
}
};
+static const struct cipher_testvec sm4_ctr_rfc3686_tv_template[] = {
+ {
+ .key= "\xae\x68\x52\xf8\x12\x10\x67\xcc"
+ "\x4b\xf7\xa5\x76\x55\x77\xf3\x9e"
+ "\x00\x00\x00\x30",
+ .klen = 20,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "Single block msg",
+ .ctext = "\x20\x9b\x77\x31\xd3\x65\xdb\xab"
+ "\x9e\x48\x74\x7e\xbd\x13\x83\xeb",
+ .len= 16,
+ }, {
+ .key= "\x7e\x24\x06\x78\x17\xfa\xe0\xd7"
+ "\x43\xd6\xce\x1f\x32\x53\x91\x63"
+ "\x00\x6c\xb6\xdb",
+ .klen = 20,
+ .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b",
+ .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .ctext = "\x33\xe0\x28\x01\x92\xed\xc9\x1e"
+ "\x97\x35\xd9\x4a\xec\xd4\xbc\x23"
+ "\x4f\x35\x9f\x1c\x55\x1f\xe0\x27"
+ "\xe0\xdf\xc5\x43\xbc\xb0\x23\x94",
+ .len= 32,
+ }
+};
+
static const struct cipher_testvec sm4_ofb_tv_template[] = {
{ /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.3 */
.key= "\x01\x23\x45\x67\x89\xab\xcd\xef"
--
1.8.3.1
[PATCH 6/7] crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher
This patch adds support for SM4 in (32 bit) CTR mode, i.e. skcipher
rfc3686(ctr(sm4)).
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 51 ++
3 files changed, 53 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 1679b41..7da4801 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1182,6 +1182,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_cbc_sm4,
&safexcel_alg_ofb_sm4,
&safexcel_alg_cfb_sm4,
+ &safexcel_alg_ctr_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 07aa46b..d45ecf3 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -877,5 +877,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
extern struct safexcel_alg_template safexcel_alg_cfb_sm4;
+extern struct safexcel_alg_template safexcel_alg_ctr_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 89cef28..5f65748 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2818,3 +2818,54 @@ struct safexcel_alg_template safexcel_alg_cfb_sm4 = {
},
},
};
+
+static int safexcel_skcipher_sm4ctr_setkey(struct crypto_skcipher *ctfm,
+ const u8 *key, unsigned int len)
+{
+ struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ /* last 4 bytes of key are the nonce! */
+ ctx->nonce = *(u32 *)(key + len - CTR_RFC3686_NONCE_SIZE);
+ /* exclude the nonce here */
+ len -= CTR_RFC3686_NONCE_SIZE;
+
+ return safexcel_skcipher_sm4_setkey(ctfm, key, len);
+}
+
+static int safexcel_skcipher_sm4_ctr_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_skcipher_cra_init(tfm);
+ ctx->alg = SAFEXCEL_SM4;
+ ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD;
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_ctr_sm4 = {
+ .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+ .algo_mask = SAFEXCEL_ALG_SM4,
+ .alg.skcipher = {
+ .setkey = safexcel_skcipher_sm4ctr_setkey,
+ .encrypt = safexcel_encrypt,
+ .decrypt = safexcel_decrypt,
+ /* Add nonce size */
+ .min_keysize = SM4_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
+ .max_keysize = SM4_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
+ .ivsize = CTR_RFC3686_IV_SIZE,
+ .base = {
+ .cra_name = "rfc3686(ctr(sm4))",
+ .cra_driver_name = "safexcel-ctr-sm4",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = 1,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_skcipher_sm4_ctr_cra_init,
+ .cra_exit = safexcel_skcipher_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
--
1.8.3.1
[PATCH 3/7] crypto: inside-secure - Add support for the ofb(sm4) skcipher
This patch adds support for SM4 in OFB mode, i.e. skcipher ofb(sm4).
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++
3 files changed, 38 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 4320992..fbfda68 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1180,6 +1180,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_hmac_sm3,
&safexcel_alg_ecb_sm4,
&safexcel_alg_cbc_sm4,
+ &safexcel_alg_ofb_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 1339f0e..448db38 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -875,5 +875,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
+extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index a2e65fd..0a30e7a 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2746,3 +2746,39 @@ struct safexcel_alg_template safexcel_alg_cbc_sm4 = {
},
},
};
+
+static int safexcel_skcipher_sm4_ofb_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_skcipher_cra_init(tfm);
+ ctx->alg = SAFEXCEL_SM4;
+ ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_OFB;
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_ofb_sm4 = {
+ .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+ .algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_AES_XFB,
+ .alg.skcipher = {
+ .setkey = safexcel_skcipher_sm4_setkey,
+ .encrypt = safexcel_encrypt,
+ .decrypt = safexcel_decrypt,
+ .min_keysize = SM4_KEY_SIZE,
+ .max_keysize = SM4_KEY_SIZE,
+ .ivsize = SM4_BLOCK_SIZE,
+ .base = {
+ .cra_name = "ofb(sm4)",
+ .cra_driver_name = "safexcel-ofb-sm4",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = 1,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_skcipher_sm4_ofb_cra_init,
+ .cra_exit = safexcel_skcipher_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
--
1.8.3.1
[PATCH 2/7] crypto: inside-secure - Add support for the cbc(sm4) skcipher
This patch adds support for SM4 in CBC mode, i.e. skcipher cbc(sm4).
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++
3 files changed, 38 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index fe785e8..4320992 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1179,6 +1179,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_sm3,
&safexcel_alg_hmac_sm3,
&safexcel_alg_ecb_sm4,
+ &safexcel_alg_cbc_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 970b5cd..1339f0e 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -874,5 +874,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_sm3;
extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
+extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index fc75f2f..a2e65fd 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2710,3 +2710,39 @@ struct safexcel_alg_template safexcel_alg_ecb_sm4 = {
},
},
};
+
+static int safexcel_skcipher_sm4_cbc_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_skcipher_cra_init(tfm);
+ ctx->alg = SAFEXCEL_SM4;
+ ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CBC;
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_cbc_sm4 = {
+ .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+ .algo_mask = SAFEXCEL_ALG_SM4,
+ .alg.skcipher = {
+ .setkey = safexcel_skcipher_sm4_setkey,
+ .encrypt = safexcel_sm4_blk_encrypt,
+ .decrypt = safexcel_sm4_blk_decrypt,
+ .min_keysize = SM4_KEY_SIZE,
+ .max_keysize = SM4_KEY_SIZE,
+ .ivsize = SM4_BLOCK_SIZE,
+ .base = {
+ .cra_name = "cbc(sm4)",
+ .cra_driver_name = "safexcel-cbc-sm4",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = SM4_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_skcipher_sm4_cbc_cra_init,
+ .cra_exit = safexcel_skcipher_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
--
1.8.3.1
[PATCH 5/7] crypto: inside-secure - Add support for the cfb(sm4) skcipher
This patch adds support for SM4 in CFB mode, i.e. skcipher cfb(sm4).
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++
3 files changed, 38 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index fbfda68..1679b41 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1181,6 +1181,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_ecb_sm4,
&safexcel_alg_cbc_sm4,
&safexcel_alg_ofb_sm4,
+ &safexcel_alg_cfb_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 448db38..07aa46b 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -876,5 +876,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
+extern struct safexcel_alg_template safexcel_alg_cfb_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 0a30e7a..89cef28 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2782,3 +2782,39 @@ struct safexcel_alg_template safexcel_alg_ofb_sm4 = {
},
},
};
+
+static int safexcel_skcipher_sm4_cfb_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_skcipher_cra_init(tfm);
+ ctx->alg = SAFEXCEL_SM4;
+ ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CFB;
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_cfb_sm4 = {
+ .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+ .algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_AES_XFB,
+ .alg.skcipher = {
+ .setkey = safexcel_skcipher_sm4_setkey,
+ .encrypt = safexcel_encrypt,
+ .decrypt = safexcel_decrypt,
+ .min_keysize = SM4_KEY_SIZE,
+ .max_keysize = SM4_KEY_SIZE,
+ .ivsize = SM4_BLOCK_SIZE,
+ .base = {
+ .cra_name = "cfb(sm4)",
+ .cra_driver_name = "safexcel-cfb-sm4",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = 1,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_skcipher_sm4_cfb_cra_init,
+ .cra_exit = safexcel_skcipher_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
--
1.8.3.1
[PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers
Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms
Signed-off-by: Pascal van Leeuwen
---
crypto/testmgr.c | 12 +++
crypto/testmgr.h | 98
2 files changed, 110 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 3604c9d..fbc19bc 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4406,6 +4406,12 @@ static int alg_test_null(const struct alg_test_desc
*desc,
.cipher = __VECS(aes_cfb_tv_template)
},
}, {
+ .alg = "cfb(sm4)",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(sm4_cfb_tv_template)
+ }
+ }, {
.alg = "chacha20",
.test = alg_test_skcipher,
.suite = {
@@ -5063,6 +5069,12 @@ static int alg_test_null(const struct alg_test_desc
*desc,
.test = alg_test_null,
.fips_allowed = 1,
}, {
+ .alg = "ofb(sm4)",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(sm4_ofb_tv_template)
+ }
+ }, {
.alg = "pcbc(fcrypt)",
.test = alg_test_skcipher,
.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 1f56293..4e74f65 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -12209,6 +12209,104 @@ struct len_range_sel {
}
};
+static const struct cipher_testvec sm4_ofb_tv_template[] = {
+ { /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.3 */
+ .key= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .klen = 16,
+ .iv = "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10"
+ "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .ctext = "\x69\x3d\x9a\x53\x5b\xad\x5b\xb1"
+ "\x78\x6f\x53\xd7\x25\x3a\x70\x56"
+ "\xf2\x07\x5d\x28\xb5\x23\x5f\x58"
+ "\xd5\x00\x27\xe4\x17\x7d\x2b\xce",
+ .len= 32,
+ }, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.3, Example 1 */
+ .key= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .klen = 16,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+ .ctext = "\xac\x32\x36\xcb\x86\x1d\xd3\x16"
+ "\xe6\x41\x3b\x4e\x3c\x75\x24\xb7"
+ "\x1d\x01\xac\xa2\x48\x7c\xa5\x82"
+ "\xcb\xf5\x46\x3e\x66\x98\x53\x9b",
+ .len= 32,
+ }, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.3, Example 2 */
+ .key= "\xfe\xdc\xba\x98\x76\x54\x32\x10"
+ "\x01\x23\x45\x67\x89\xab\xcd\xef",
+ .klen = 16,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+ .ctext = "\x5d\xcc\xcd\x25\xa8\x4b\xa1\x65"
+ "\x60\xd7\xf2\x65\x88\x70\x68\x49"
+ "\x33\xfa\x16\xbd\x5c\xd9\xc8\x56"
+ "\xca\xca\xa1\xe1\x01\x89\x7a\x97",
+ .len= 32,
+ }
+};
+
+static const struct cipher_testvec sm4_cfb_tv_template[] = {
+ { /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.4 */
+ .key= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .klen = 16,
+ .iv = "\x01\x23\x45\x67\x89\xab\xcd\xef&quo
RE: [PATCH 1/2] crypto: inside-secure - Added support for the CHACHA20 skcipher
> -Original Message- > From: Antoine Tenart > Sent: Wednesday, September 11, 2019 5:21 PM > To: Pascal Van Leeuwen > Cc: Antoine Tenart ; Pascal van Leeuwen > ; linux-crypto@vger.kernel.org; > herb...@gondor.apana.org.au; > da...@davemloft.net > Subject: Re: [PATCH 1/2] crypto: inside-secure - Added support for the > CHACHA20 skcipher > > Hello Pascal, > > On Tue, Sep 10, 2019 at 06:58:18PM +, Pascal Van Leeuwen wrote: > > > On Tue, Sep 10, 2019 at 04:38:12PM +0200, Pascal van Leeuwen wrote: > > > > @@ -112,7 +123,7 @@ static void safexcel_cipher_token(struct > > > > safexcel_cipher_ctx > *ctx, u8 > > > *iv, > > > > block_sz = DES3_EDE_BLOCK_SIZE; > > > > cdesc->control_data.options |= > > > > EIP197_OPTION_2_TOKEN_IV_CMD; > > > > break; > > > > - case SAFEXCEL_AES: > > > > + default: /* case SAFEXCEL_AES */ > > > > > > Can't you keep an explicit case here? > > > > > If I do that, the compiler will complain about SAFEXCEL_CHACHA20 not > > being covered. And Chacha20 won't even make it this far, so it doesn't > > make much sense to add that to the switch. > > > > I suppose an explicit case plus an empty default would be an alternative? > > But I figured the comment should suffice to remind anyone working on that > > switch statement what it should really do. I'm fine with either approach. > > Yes, please use an explicit case and an empty default. > OK, will do > Thanks, > Antoine > > -- > Antoine Ténart, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com Thanks, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
RE: [PATCH 2/2] crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD
> -Original Message-
> From: Antoine Tenart
> Sent: Wednesday, September 11, 2019 5:30 PM
> To: Pascal van Leeuwen
> Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com;
> herb...@gondor.apana.org.au; da...@davemloft.net; Pascal Van Leeuwen
>
> Subject: Re: [PATCH 2/2] crypto: inside-secure - Add support for the
> Chacha20-Poly1305
> AEAD
>
> Hello Pascal,
>
> On Tue, Sep 10, 2019 at 04:38:13PM +0200, Pascal van Leeuwen wrote:
> > @@ -43,8 +44,8 @@ struct safexcel_cipher_ctx {
> >
> > u32 mode;
> > enum safexcel_cipher_alg alg;
> > - bool aead;
> > - int xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
> > + char aead; /* !=0=AEAD, 2=IPSec ESP AEAD */
> > + char xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
>
> You could use an u8 instead. It also seems the aead comment has an
> issue, I'll let you check that.
>
Yes, u8 would be better, I'll fix that.
I don't see what's wrong with the comment though?
Anything unequal to 0 is AEAD, with value 2 being the ESP variant.
> > - dev_err(priv->dev, "aead: unsupported hash algorithm\n");
> > + dev_err(priv->dev, "aead: unsupported hash algorithmn");
>
> You remove the '\' here.
>
Oops. Must've accidentally happended during editing. Good catch.
> > @@ -440,6 +459,17 @@ static int safexcel_context_control(struct
> > safexcel_cipher_ctx
> *ctx,
> > CONTEXT_CONTROL_DIGEST_XCM |
> > ctx->hash_alg |
> > CONTEXT_CONTROL_SIZE(ctrl_size);
> > + } else if (ctx->alg == SAFEXCEL_CHACHA20) {
> > + /* Chacha20-Poly1305 */
> > + cdesc->control_data.control0 =
> > + CONTEXT_CONTROL_KEY_EN |
> > + CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20 |
> > + (sreq->direction == SAFEXCEL_ENCRYPT ?
> > + CONTEXT_CONTROL_TYPE_ENCRYPT_HASH_OUT :
> > + CONTEXT_CONTROL_TYPE_HASH_DECRYPT_IN) |
> > + ctx->hash_alg |
> > + CONTEXT_CONTROL_SIZE(ctrl_size);
>
> I think you could use an if + |= for readability here.
>
Ok, I can do that
> > +static int safexcel_aead_chachapoly_crypt(struct aead_request *req,
> > + enum safexcel_cipher_direction dir)
> > +{
> > + struct safexcel_cipher_req *creq = aead_request_ctx(req);
> > + struct crypto_aead *aead = crypto_aead_reqtfm(req);
> > + struct crypto_tfm *tfm = crypto_aead_tfm(aead);
> > + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
> > + struct aead_request *subreq = aead_request_ctx(req);
> > + u32 key[CHACHA_KEY_SIZE / sizeof(u32) + 1];
>
> Shouldn't you explicitly memzero the key at the end of the function?
>
Yes! :-) And good catch, again.
> Thanks!
> Antoine
>
> --
> Antoine Ténart, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Thanks,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
RE: [PATCH 1/3] crypto: inside-secure - Added support for basic SM3 ahash
> -Original Message-
> From: Antoine Tenart
> Sent: Wednesday, September 11, 2019 5:41 PM
> To: Pascal van Leeuwen
> Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com;
> herb...@gondor.apana.org.au; da...@davemloft.net; Pascal Van Leeuwen
>
> Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for basic SM3
> ahash
>
> Hi Pascal,
>
> On Wed, Sep 11, 2019 at 09:41:09AM +0200, Pascal van Leeuwen wrote:
> > static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
> > diff --git a/drivers/crypto/inside-secure/safexcel.h
> > b/drivers/crypto/inside-
> secure/safexcel.h
> > index 282d59e..fc2aba2 100644
> > --- a/drivers/crypto/inside-secure/safexcel.h
> > +++ b/drivers/crypto/inside-secure/safexcel.h
> > @@ -374,6 +374,7 @@ struct safexcel_context_record {
> > #define CONTEXT_CONTROL_CRYPTO_ALG_XCBC192 (0x2 << 23)
> > #define CONTEXT_CONTROL_CRYPTO_ALG_XCBC256 (0x3 << 23)
> > #define CONTEXT_CONTROL_CRYPTO_ALG_POLY1305(0xf << 23)
> > +#define CONTEXT_CONTROL_CRYPTO_ALG_SM3 (0x7 << 23)
>
> Please order the definitions (0x7 before 0xf).
>
While I generally agree with you that having them in order is
nicer, the other already existing algorithms weren't in order
either (i.e. SHA224 is 4 but comes before SHA256 which is 3,
same for SHA384 and SHA512), hence I just appended at the
end of the list in the order I actually added them.
Do you want me to put them *all* in order? Because otherwise
it doesn't make sense to make an exception for SM3.
> Otherwise the patch looks good, and with that you can add:
>
> Acked-by: Antoine Tenart
>
> Thanks!
> Antoine
>
> --
> Antoine Ténart, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Thanks,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
RE: [PATCH 2/2] crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD
> -Original Message-
> From: Antoine Tenart
> Sent: Wednesday, September 11, 2019 5:45 PM
> To: Pascal Van Leeuwen
> Cc: Antoine Tenart ; Pascal van Leeuwen
> ; linux-crypto@vger.kernel.org;
> herb...@gondor.apana.org.au;
> da...@davemloft.net
> Subject: Re: [PATCH 2/2] crypto: inside-secure - Add support for the
> Chacha20-Poly1305
> AEAD
>
> On Wed, Sep 11, 2019 at 03:37:25PM +, Pascal Van Leeuwen wrote:
> > > On Tue, Sep 10, 2019 at 04:38:13PM +0200, Pascal van Leeuwen wrote:
> > > > @@ -43,8 +44,8 @@ struct safexcel_cipher_ctx {
> > > >
> > > > u32 mode;
> > > > enum safexcel_cipher_alg alg;
> > > > - bool aead;
> > > > - int xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
> > > > + char aead; /* !=0=AEAD, 2=IPSec ESP AEAD */
> > > > + char xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
> > >
> > > You could use an u8 instead. It also seems the aead comment has an
> > > issue, I'll let you check that.
> > >
> > I don't see what's wrong with the comment though?
> > Anything unequal to 0 is AEAD, with value 2 being the ESP variant.
>
> OK, that wasn't clear to me when I first read it. Maybe you could say
> that 1: AEAD, 2: IPsec ESP AEAD; and then of course the check of this
> value being > 0 would mean it's one of the two.
>
OK, agree that that's clearer so I will change it to that.
> Thanks!
> Antoine
>
> --
> Antoine Ténart, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
RE: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers
> -Original Message- > From: Eric Biggers > Sent: Wednesday, September 11, 2019 6:06 PM > To: Pascal van Leeuwen > Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com; > herb...@gondor.apana.org.au; > da...@davemloft.net; Pascal Van Leeuwen > Subject: Re: [PATCH 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) > & cfb(sm4) > skciphers > > On Wed, Sep 11, 2019 at 12:38:21PM +0200, Pascal van Leeuwen wrote: > > Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms > > > > What is the use case for these algorithms? Who/what is going to use them? > > - Eric > SM4 is a Chinese replacement for 128 bit AES, which is mandatory to be used for many Chinese use cases. So they would use these whereever you would normally use ofb(aes) or cfb(aes). Frankly, I'm not aware of any practicle use cases for these feedback modes, but we've been supporting them for decades and apparently the Crypto API supports them for AES as well. So they must be useful for something ... The obvious advantage over CBC mode was that they only require the encrypt part of the cipher, but that holds for the (newer) CTR mode as well. So, my guess would be some legacy uses cases from before the time CTR mode and AEAD's became popular. Maybe someone remembers why these were added for AES in the first place? Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
[PATCHv2 0/2] rypto: inside-secure: Add support for the Chacha20 skcipher and the Chacha20-Poly1305 AEAD suites
Extend driver support with chacha20, rfc7539(chacha20,poly1305) and rfc7539esp(chacha20,poly1305) ciphers. The patchset has been tested with the eip197c_iesb and eip197c_iewxkbc configurations on the Xilinx VCU118 development board, including the crypto extra tests. Note that this patchset applies on top of the earlier submitted "Add support for the CBCMAC" series. changes since v1: - incorporated feedback by Antoine Tenart, see individual patches for details Pascal van Leeuwen (2): crypto: inside-secure - Added support for the CHACHA20 skcipher crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD drivers/crypto/inside-secure/safexcel.c| 3 + drivers/crypto/inside-secure/safexcel.h| 11 + drivers/crypto/inside-secure/safexcel_cipher.c | 337 - 3 files changed, 339 insertions(+), 12 deletions(-) -- 1.8.3.1
[PATCHv2 2/2] crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD
This patch adds support for the Chacha20-Poly1305 cipher suite.
It adds both the basic rfc7539(chacha20,poly1305) as well as the
rfc7539esp(chacha20,poly1305) variant for IPsec ESP acceleration.
changes since v1:
- changed char to u8 (2x)
- clarified comment for safexcel_cipher_ctx.aead
- added a missing \ in an (intended) newline marker in an error message
- moved selector out to standalone if for readability
- added explicit memzero for AEAD fallback chacha key
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 2 +
drivers/crypto/inside-secure/safexcel.h| 8 +
drivers/crypto/inside-secure/safexcel_cipher.c | 278 +++--
3 files changed, 265 insertions(+), 23 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index fd9c9e7..5886bcd 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1174,6 +1174,8 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_xcbcmac,
&safexcel_alg_cmac,
&safexcel_alg_chacha20,
+ &safexcel_alg_chachapoly,
+ &safexcel_alg_chachapoly_esp,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index c7f1a20..282d59e 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -373,6 +373,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC128 (0x1 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC192 (0x2 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC256 (0x3 << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_POLY1305(0xf << 23)
#define CONTEXT_CONTROL_INV_FR (0x5 << 24)
#define CONTEXT_CONTROL_INV_TR (0x6 << 24)
@@ -385,6 +386,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD (6 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XTS(7 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XCM((6 << 0) | BIT(17))
+#define CONTEXT_CONTROL_CHACHA20_MODE_CALC_OTK (12 << 0)
#define CONTEXT_CONTROL_IV0BIT(5)
#define CONTEXT_CONTROL_IV1BIT(6)
#define CONTEXT_CONTROL_IV2BIT(7)
@@ -397,6 +399,10 @@ struct safexcel_context_record {
#define EIP197_XCM_MODE_GCM1
#define EIP197_XCM_MODE_CCM2
+#define EIP197_AEAD_TYPE_IPSEC_ESP 2
+#define EIP197_AEAD_IPSEC_IV_SIZE 8
+#define EIP197_AEAD_IPSEC_NONCE_SIZE 4
+
/* The hash counter given to the engine in the context has a granularity of
* 64 bits.
*/
@@ -861,5 +867,7 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
extern struct safexcel_alg_template safexcel_alg_cmac;
extern struct safexcel_alg_template safexcel_alg_chacha20;
+extern struct safexcel_alg_template safexcel_alg_chachapoly;
+extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 63b2269..40f98f1 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -17,6 +17,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -43,8 +44,8 @@ struct safexcel_cipher_ctx {
u32 mode;
enum safexcel_cipher_alg alg;
- bool aead;
- int xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
+ u8 aead; /* 1=generic AEAD, 2=IPSec ESP specific AEAD */
+ u8 xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
__le32 key[16];
u32 nonce;
@@ -57,6 +58,7 @@ struct safexcel_cipher_ctx {
u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
struct crypto_cipher *hkaes;
+ struct crypto_aead *fback;
};
struct safexcel_cipher_req {
@@ -86,10 +88,24 @@ static void safexcel_cipher_token(struct
safexcel_cipher_ctx *ctx, u8 *iv,
} else if (ctx->alg == SAFEXCEL_CHACHA20) {
cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
- /* 96 bit nonce part */
- memcpy(&cdesc->control_data.token[0], &iv[4], 12);
- /* 32 bit counter */
- cdesc->control_data.token[3] = *(u32 *)iv;
+ if (ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
+ /* 32 bit nonce part */
+ cdesc->control_data.token[0] = ctx->nonce;
+ /* 64 bit IV part */
+ memcpy(&cdesc->control_data.token[1], iv, 8);
+ /*
[PATCHv2 1/2] crypto: inside-secure - Added support for the CHACHA20 skcipher
Added support for the CHACHA20 skcipher algorithm.
Tested on an eip197c-iesb configuration in the Xilinx VCU118 devboard,
passes all testmgr vectors plus the extra fuzzing tests.
changes since v1:
- changed switch statement entry from default to explicit+empty default
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 3 +
drivers/crypto/inside-secure/safexcel_cipher.c | 83 +-
3 files changed, 86 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index a34bf8c..fd9c9e7 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1173,6 +1173,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_cbcmac,
&safexcel_alg_xcbcmac,
&safexcel_alg_cmac,
+ &safexcel_alg_chacha20,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 6ddc6d1..c7f1a20 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -358,6 +358,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_AES128 (0x5 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES192 (0x6 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES256 (0x7 << 17)
+#define CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20(0x8 << 17)
#define CONTEXT_CONTROL_DIGEST_PRECOMPUTED (0x1 << 21)
#define CONTEXT_CONTROL_DIGEST_XCM (0x2 << 21)
#define CONTEXT_CONTROL_DIGEST_HMAC(0x3 << 21)
@@ -378,6 +379,7 @@ struct safexcel_context_record {
/* control1 */
#define CONTEXT_CONTROL_CRYPTO_MODE_ECB(0 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CBC(1 << 0)
+#define CONTEXT_CONTROL_CHACHA20_MODE_256_32 (2 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_OFB(4 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CFB(5 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD (6 << 0)
@@ -858,5 +860,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_cbcmac;
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
extern struct safexcel_alg_template safexcel_alg_cmac;
+extern struct safexcel_alg_template safexcel_alg_chacha20;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 023cabc..63b2269 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -5,13 +5,14 @@
* Antoine Tenart
*/
+#include
#include
#include
#include
-
#include
#include
#include
+#include
#include
#include
#include
@@ -33,6 +34,7 @@ enum safexcel_cipher_alg {
SAFEXCEL_DES,
SAFEXCEL_3DES,
SAFEXCEL_AES,
+ SAFEXCEL_CHACHA20,
};
struct safexcel_cipher_ctx {
@@ -81,6 +83,15 @@ static void safexcel_cipher_token(struct safexcel_cipher_ctx
*ctx, u8 *iv,
cdesc->control_data.token[3] = cpu_to_be32(1);
return;
+ } else if (ctx->alg == SAFEXCEL_CHACHA20) {
+ cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
+
+ /* 96 bit nonce part */
+ memcpy(&cdesc->control_data.token[0], &iv[4], 12);
+ /* 32 bit counter */
+ cdesc->control_data.token[3] = *(u32 *)iv;
+
+ return;
} else if (ctx->xcm == EIP197_XCM_MODE_GCM) {
cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
@@ -116,6 +127,8 @@ static void safexcel_cipher_token(struct
safexcel_cipher_ctx *ctx, u8 *iv,
block_sz = AES_BLOCK_SIZE;
cdesc->control_data.options |=
EIP197_OPTION_4_TOKEN_IV_CMD;
break;
+ default:
+ break;
}
memcpy(cdesc->control_data.token, iv, block_sz);
}
@@ -486,6 +499,9 @@ static int safexcel_context_control(struct
safexcel_cipher_ctx *ctx,
ctx->key_len >> ctx->xts);
return -EINVAL;
}
+ } else if (ctx->alg == SAFEXCEL_CHACHA20) {
+ cdesc->control_data.control0 |=
+ CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20;
}
return 0;
@@ -2313,3 +2329,68 @@ struct safexcel_alg_template safexcel_alg_ccm = {
},
},
};
+
+static int safexcel_skcipher_chacha20_setkey(struct crypto_skcipher *ctfm,
+const u8 *k
[PATCHv2 1/3] crypto: inside-secure - Added support for basic SM3 ahash
Added support for the SM3 ahash algorithm
changes since v1:
- moved definition of CONTEXT_CONTROL_CRYPTO_ALG_SM3 (0x7) up above 0xf
Acked-by: Antoine Tenart
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 2 +
drivers/crypto/inside-secure/safexcel_hash.c | 59
3 files changed, 62 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 5886bcd..826d1fb 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1176,6 +1176,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_chacha20,
&safexcel_alg_chachapoly,
&safexcel_alg_chachapoly_esp,
+ &safexcel_alg_sm3,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 282d59e..4c22df8 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -373,6 +373,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC128 (0x1 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC192 (0x2 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC256 (0x3 << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SM3 (0x7 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_POLY1305(0xf << 23)
#define CONTEXT_CONTROL_INV_FR (0x5 << 24)
#define CONTEXT_CONTROL_INV_TR (0x6 << 24)
@@ -869,5 +870,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_chacha20;
extern struct safexcel_alg_template safexcel_alg_chachapoly;
extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
+extern struct safexcel_alg_template safexcel_alg_sm3;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 0224779..a4107bb 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -10,6 +10,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -776,6 +777,9 @@ static int safexcel_ahash_final(struct ahash_request *areq)
else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA512)
memcpy(areq->result, sha512_zero_message_hash,
SHA512_DIGEST_SIZE);
+ else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SM3)
+ memcpy(areq->result, sm3_zero_message_hash,
+ SM3_DIGEST_SIZE);
return 0;
} else if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM &&
@@ -2221,3 +2225,58 @@ struct safexcel_alg_template safexcel_alg_cmac = {
},
},
};
+
+static int safexcel_sm3_init(struct ahash_request *areq)
+{
+ struct safexcel_ahash_ctx *ctx =
crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
+ struct safexcel_ahash_req *req = ahash_request_ctx(areq);
+
+ memset(req, 0, sizeof(*req));
+
+ ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
+ req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
+ req->state_sz = SM3_DIGEST_SIZE;
+ req->block_sz = SM3_BLOCK_SIZE;
+
+ return 0;
+}
+
+static int safexcel_sm3_digest(struct ahash_request *areq)
+{
+ int ret = safexcel_sm3_init(areq);
+
+ if (ret)
+ return ret;
+
+ return safexcel_ahash_finup(areq);
+}
+
+struct safexcel_alg_template safexcel_alg_sm3 = {
+ .type = SAFEXCEL_ALG_TYPE_AHASH,
+ .algo_mask = SAFEXCEL_ALG_SM3,
+ .alg.ahash = {
+ .init = safexcel_sm3_init,
+ .update = safexcel_ahash_update,
+ .final = safexcel_ahash_final,
+ .finup = safexcel_ahash_finup,
+ .digest = safexcel_sm3_digest,
+ .export = safexcel_ahash_export,
+ .import = safexcel_ahash_import,
+ .halg = {
+ .digestsize = SM3_DIGEST_SIZE,
+ .statesize = sizeof(struct safexcel_ahash_export_state),
+ .base = {
+ .cra_name = "sm3",
+ .cra_driver_name = "safexcel-sm3",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = SM3_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct
safexcel_ahash_ctx),
+ .cra_init = safexcel_ahash_cra_init,
[PATCHv2 3/3] crypto: testmgr - Added testvectors for the hmac(sm3) ahash
Added testvectors for the hmac(sm3) ahash authentication algorithm
changes since v1:
- nothing
Signed-off-by: Pascal van Leeuwen
---
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 56
2 files changed, 62 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 001e62f..3604c9d 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4921,6 +4921,12 @@ static int alg_test_null(const struct alg_test_desc
*desc,
.hash = __VECS(hmac_sha512_tv_template)
}
}, {
+ .alg = "hmac(sm3)",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(hmac_sm3_tv_template)
+ }
+ }, {
.alg = "hmac(streebog256)",
.test = alg_test_hash,
.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 25572c3..1f56293 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -2935,6 +2935,62 @@ struct len_range_sel {
}
};
+/* Example vectors below taken from
+ * GM/T 0042-2015 Appendix D.3
+ */
+static const struct hash_testvec hmac_sm3_tv_template[] = {
+ {
+ .key= "\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18"
+ "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20",
+ .ksize = 32,
+ .plaintext =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .psize = 112,
+ .digest = "\xca\x05\xe1\x44\xed\x05\xd1\x85"
+ "\x78\x40\xd1\xf3\x18\xa4\xa8\x66"
+ "\x9e\x55\x9f\xc8\x39\x1f\x41\x44"
+ "\x85\xbf\xdf\x7b\xb4\x08\x96\x3a",
+ }, {
+ .key= "\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18"
+ "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
+ "\x21\x22\x23\x24\x25",
+ .ksize = 37,
+ .plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
+ .psize = 50,
+ .digest = "\x22\x0b\xf5\x79\xde\xd5\x55\x39"
+ "\x3f\x01\x59\xf6\x6c\x99\x87\x78"
+ "\x22\xa3\xec\xf6\x10\xd1\x55\x21"
+ "\x54\xb4\x1d\x44\xb9\x4d\xb3\xae",
+ }, {
+ .key= "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+"\x0b\x0b\x0b\x0b\x0b\x0b",
+ .ksize = 32,
+ .plaintext = "Hi There",
+ .psize = 8,
+ .digest = "\xc0\xba\x18\xc6\x8b\x90\xc8\x8b"
+ "\xc0\x7d\xe7\x94\xbf\xc7\xd2\xc8"
+ "\xd1\x9e\xc3\x1e\xd8\x77\x3b\xc2"
+ "\xb3\x90\xc9\x60\x4e\x0b\xe1\x1e",
+ }, {
+ .key= "Jefe",
+ .ksize = 4,
+ .plaintext = "what do ya want for nothing?",
+ .psize = 28,
+ .digest = "\x2e\x87\xf1\xd1\x68\x62\xe6\xd9"
+ "\x64\xb5\x0a\x52\x00\xbf\x2b\x10"
+ "\xb7\x64\xfa\xa9\x68\x0a\x29\x6a"
+ "\x24\x05\xf2\x4b\xec\x39\xf8\x82",
+ },
+};
+
/*
* SHA1 test vectors from from FIPS PUB 180-1
* Long vector from CAVS 5.0
--
1.8.3.1
[PATCHv2 2/3] crypto: inside-secure - Added support for HMAC-SM3 ahash
Added support for the hmac(sm3) ahash authentication algorithm
changes since v1:
- added Acked-by tag below, no changes to the source
Acked-by: Antoine Tenart
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_hash.c | 70
3 files changed, 72 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 826d1fb..7d907d5 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1177,6 +1177,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_chachapoly,
&safexcel_alg_chachapoly_esp,
&safexcel_alg_sm3,
+ &safexcel_alg_hmac_sm3,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 4c22df8..73055dc 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -871,5 +871,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_chachapoly;
extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
extern struct safexcel_alg_template safexcel_alg_sm3;
+extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index a4107bb..fdf4bcc 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -2280,3 +2280,73 @@ struct safexcel_alg_template safexcel_alg_sm3 = {
},
},
};
+
+static int safexcel_hmac_sm3_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sm3",
+ SM3_DIGEST_SIZE);
+}
+
+static int safexcel_hmac_sm3_init(struct ahash_request *areq)
+{
+ struct safexcel_ahash_ctx *ctx =
crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
+ struct safexcel_ahash_req *req = ahash_request_ctx(areq);
+
+ memset(req, 0, sizeof(*req));
+
+ /* Start from ipad precompute */
+ memcpy(req->state, ctx->ipad, SM3_DIGEST_SIZE);
+ /* Already processed the key^ipad part now! */
+ req->len= SM3_BLOCK_SIZE;
+ req->processed = SM3_BLOCK_SIZE;
+
+ ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
+ req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
+ req->state_sz = SM3_DIGEST_SIZE;
+ req->block_sz = SM3_BLOCK_SIZE;
+ req->hmac = true;
+
+ return 0;
+}
+
+static int safexcel_hmac_sm3_digest(struct ahash_request *areq)
+{
+ int ret = safexcel_hmac_sm3_init(areq);
+
+ if (ret)
+ return ret;
+
+ return safexcel_ahash_finup(areq);
+}
+
+struct safexcel_alg_template safexcel_alg_hmac_sm3 = {
+ .type = SAFEXCEL_ALG_TYPE_AHASH,
+ .algo_mask = SAFEXCEL_ALG_SM3,
+ .alg.ahash = {
+ .init = safexcel_hmac_sm3_init,
+ .update = safexcel_ahash_update,
+ .final = safexcel_ahash_final,
+ .finup = safexcel_ahash_finup,
+ .digest = safexcel_hmac_sm3_digest,
+ .setkey = safexcel_hmac_sm3_setkey,
+ .export = safexcel_ahash_export,
+ .import = safexcel_ahash_import,
+ .halg = {
+ .digestsize = SM3_DIGEST_SIZE,
+ .statesize = sizeof(struct safexcel_ahash_export_state),
+ .base = {
+ .cra_name = "hmac(sm3)",
+ .cra_driver_name = "safexcel-hmac-sm3",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = SM3_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct
safexcel_ahash_ctx),
+ .cra_init = safexcel_ahash_cra_init,
+ .cra_exit = safexcel_ahash_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+ },
+};
--
1.8.3.1
[PATCHv2 0/3] crypto: inside-secure - Add support for (HMAC) SM3
Extend driver support with sm3 and hmac(sm3) ahash support. Also add GM/T 0042-2015 hmac(sm3) testvectors to the testmgr. The patchset has been tested with the eip197c_iewxkbc configuration on the Xilinx VCU118 development board, including the crypto extra tests. Note that this patchset applies on top of the earlier submitted "Add support for the Chacha20 kcipher and the Chacha20-Poly..." series. changes since v1: - incorporated feedback by Antoine Tenart, see individual patches for details Pascal van Leeuwen (3): crypto: inside-secure - Added support for basic SM3 ahash crypto: inside-secure - Added support for HMAC-SM3 ahash crypto: testmgr - Added testvectors for the hmac(sm3) ahash crypto/testmgr.c | 6 ++ crypto/testmgr.h | 56 drivers/crypto/inside-secure/safexcel.c | 2 + drivers/crypto/inside-secure/safexcel.h | 3 + drivers/crypto/inside-secure/safexcel_hash.c | 129 +++ 5 files changed, 196 insertions(+) -- 1.8.3.1
testmgr: HMAC-SHA3-224/256 test vector issue
Hi, I just noticed that for HMAC-SHA3-224 and HMAC-SHA3-256, the current testvectors (and the fuzzing) do NOT test ANY case where the key is larger than the blocksize and thus first needs to be hashed. The thing is, SHA3-224 has a blocksize of 144 bytes and -256 has a blocksize of 140 bytes while the largest key used (supposedly "Larger Than Block-Size" according to the plaintext) is actually 131 bytes. Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
RE: [PATCHv3] crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org
> On Behalf
> Of Herbert Xu
> Sent: Friday, September 13, 2019 11:21 AM
> To: Pascal van Leeuwen
> Cc: linux-crypto@vger.kernel.org; antoine.ten...@bootlin.com;
> da...@davemloft.net;
> Pascal Van Leeuwen
> Subject: Re: [PATCHv3] crypto: inside-secure - Fix unused variable warning
> when
> CONFIG_PCI=n
>
> On Fri, Sep 06, 2019 at 05:25:14PM +0200, Pascal van Leeuwen wrote:
> > This patch fixes an unused variable warning from the compiler when the
> > driver is being compiled without PCI support in the kernel.
> >
> > changes since v1:
> > - capture the platform_register_driver error code as well
> > - actually return the (last) error code
> > - swapped registration to do PCI first as that's just for development
> > boards anyway, so in case both are done we want the platform error
> > or no error at all if that passes
> > - also fixes some indentation issue in the affected code
> >
> > changes since v2:
> > - handle the situation where both CONFIG_PCI and CONFIG_OF are undefined
> > by always returning a -EINVAL error
> > - only unregister PCI or OF if it was previously successfully registered
> >
> > Signed-off-by: Pascal van Leeuwen
> > ---
> > drivers/crypto/inside-secure/safexcel.c | 35
> > ++---
> > 1 file changed, 24 insertions(+), 11 deletions(-)
> >
> > diff --git a/drivers/crypto/inside-secure/safexcel.c
> > b/drivers/crypto/inside-
> secure/safexcel.c
> > index e12a2a3..925c90f 100644
> > --- a/drivers/crypto/inside-secure/safexcel.c
> > +++ b/drivers/crypto/inside-secure/safexcel.c
> > @@ -1501,32 +1501,45 @@ void safexcel_pci_remove(struct pci_dev *pdev)
> > };
> > #endif
> >
> > -static int __init safexcel_init(void)
> > -{
> > - int rc;
> > -
> > +/* Unfortunately, we have to resort to global variables here */
> > +#if IS_ENABLED(CONFIG_PCI)
> > +int pcireg_rc = -EINVAL; /* Default safe value */
> > +#endif
> > #if IS_ENABLED(CONFIG_OF)
> > - /* Register platform driver */
> > - platform_driver_register(&crypto_safexcel);
> > +int ofreg_rc = -EINVAL; /* Default safe value */
> > #endif
> >
> > +static int __init safexcel_init(void)
> > +{
> > #if IS_ENABLED(CONFIG_PCI)
> > - /* Register PCI driver */
> > - rc = pci_register_driver(&safexcel_pci_driver);
> > + /* Register PCI driver */
> > + pcireg_rc = pci_register_driver(&safexcel_pci_driver);
> > #endif
> >
> > - return 0;
> > +#if IS_ENABLED(CONFIG_OF)
> > + /* Register platform driver */
> > + ofreg_rc = platform_driver_register(&crypto_safexcel);
> > + return ofreg_rc;
>
> If OF registration fails then you will return an error even if
> PCI registration succeeded without undoing the PCI registration.
>
... because the _exit does not get called. Crap, did not realise that :-(
Will fix and send a PATCHv4 shortly ...
> Cheers,
> --
> Email: Herbert Xu
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Thanks,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
[PATCHv4] crypto: inside-secure - Fix unused variable warning when CONFIG_PCI=n
This patch fixes an unused variable warning from the compiler when the
driver is being compiled without PCI support in the kernel.
changes since v1:
- capture the platform_register_driver error code as well
- actually return the (last) error code
- swapped registration to do PCI first as that's just for development
boards anyway, so in case both are done we want the platform error
or no error at all if that passes
- also fixes some indentation issue in the affected code
changes since v2:
- handle the situation where both CONFIG_PCI and CONFIG_OF are undefined
by always returning a -EINVAL error
- only unregister PCI or OF if it was previously successfully registered
changes since v3:
- if *both* PCI and OF are configured, then return success if *either*
registration was OK, also ensuring exit is called and PCI unregister
occurs (eventually) if only OF registration fails
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 40 -
1 file changed, 29 insertions(+), 11 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index e12a2a3..5abe8b6 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1501,32 +1501,50 @@ void safexcel_pci_remove(struct pci_dev *pdev)
};
#endif
-static int __init safexcel_init(void)
-{
- int rc;
-
+/* Unfortunately, we have to resort to global variables here */
+#if IS_ENABLED(CONFIG_PCI)
+int pcireg_rc = -EINVAL; /* Default safe value */
+#endif
#if IS_ENABLED(CONFIG_OF)
- /* Register platform driver */
- platform_driver_register(&crypto_safexcel);
+int ofreg_rc = -EINVAL; /* Default safe value */
#endif
+static int __init safexcel_init(void)
+{
#if IS_ENABLED(CONFIG_PCI)
- /* Register PCI driver */
- rc = pci_register_driver(&safexcel_pci_driver);
+ /* Register PCI driver */
+ pcireg_rc = pci_register_driver(&safexcel_pci_driver);
#endif
- return 0;
+#if IS_ENABLED(CONFIG_OF)
+ /* Register platform driver */
+ ofreg_rc = platform_driver_register(&crypto_safexcel);
+ #if IS_ENABLED(CONFIG_PCI)
+ /* Return success if either PCI or OF registered OK */
+ return pcireg_rc ? ofreg_rc : 0;
+ #else
+ return ofreg_rc;
+ #endif
+#else
+ #if IS_ENABLED(CONFIG_PCI)
+ return pcireg_rc;
+ #else
+ return -EINVAL;
+ #endif
+#endif
}
static void __exit safexcel_exit(void)
{
#if IS_ENABLED(CONFIG_OF)
- /* Unregister platform driver */
+ /* Unregister platform driver */
+ if (!ofreg_rc)
platform_driver_unregister(&crypto_safexcel);
#endif
#if IS_ENABLED(CONFIG_PCI)
- /* Unregister PCI driver if successfully registered before */
+ /* Unregister PCI driver if successfully registered before */
+ if (!pcireg_rc)
pci_unregister_driver(&safexcel_pci_driver);
#endif
}
--
1.8.3.1
[PATCHv2 4/7] crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers
Added testvectors for the ofb(sm4) and cfb(sm4) skcipher algorithms
changes since v1:
- nothing
Signed-off-by: Pascal van Leeuwen
---
crypto/testmgr.c | 12 +++
crypto/testmgr.h | 98
2 files changed, 110 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 3604c9d..fbc19bc 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4406,6 +4406,12 @@ static int alg_test_null(const struct alg_test_desc
*desc,
.cipher = __VECS(aes_cfb_tv_template)
},
}, {
+ .alg = "cfb(sm4)",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(sm4_cfb_tv_template)
+ }
+ }, {
.alg = "chacha20",
.test = alg_test_skcipher,
.suite = {
@@ -5063,6 +5069,12 @@ static int alg_test_null(const struct alg_test_desc
*desc,
.test = alg_test_null,
.fips_allowed = 1,
}, {
+ .alg = "ofb(sm4)",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(sm4_ofb_tv_template)
+ }
+ }, {
.alg = "pcbc(fcrypt)",
.test = alg_test_skcipher,
.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 1f56293..4e74f65 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -12209,6 +12209,104 @@ struct len_range_sel {
}
};
+static const struct cipher_testvec sm4_ofb_tv_template[] = {
+ { /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.3 */
+ .key= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .klen = 16,
+ .iv = "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10"
+ "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .ctext = "\x69\x3d\x9a\x53\x5b\xad\x5b\xb1"
+ "\x78\x6f\x53\xd7\x25\x3a\x70\x56"
+ "\xf2\x07\x5d\x28\xb5\x23\x5f\x58"
+ "\xd5\x00\x27\xe4\x17\x7d\x2b\xce",
+ .len= 32,
+ }, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.3, Example 1 */
+ .key= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .klen = 16,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+ .ctext = "\xac\x32\x36\xcb\x86\x1d\xd3\x16"
+ "\xe6\x41\x3b\x4e\x3c\x75\x24\xb7"
+ "\x1d\x01\xac\xa2\x48\x7c\xa5\x82"
+ "\xcb\xf5\x46\x3e\x66\x98\x53\x9b",
+ .len= 32,
+ }, { /* From: draft-ribose-cfrg-sm4-09, appendix A.2.3, Example 2 */
+ .key= "\xfe\xdc\xba\x98\x76\x54\x32\x10"
+ "\x01\x23\x45\x67\x89\xab\xcd\xef",
+ .klen = 16,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+ .ctext = "\x5d\xcc\xcd\x25\xa8\x4b\xa1\x65"
+ "\x60\xd7\xf2\x65\x88\x70\x68\x49"
+ "\x33\xfa\x16\xbd\x5c\xd9\xc8\x56"
+ "\xca\xca\xa1\xe1\x01\x89\x7a\x97",
+ .len= 32,
+ }
+};
+
+static const struct cipher_testvec sm4_cfb_tv_template[] = {
+ { /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.4 */
+ .key= "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .klen = 16,
+ .iv = "\x01\x23\x45\x67\x89\xab
[PATCHv2 1/7] crypto: inside-secure - Add support for the ecb(sm4) skcipher
This patch adds support for SM4 in ECB mode, i.e. skcipher ecb(sm4).
changes since v1:
- make SAFEXCEL_SM4 case entry explit, using the proper SM4_BLOCK_SIZE
instead of "borrowing" the AES code which "coincidentally" works
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 2 +
drivers/crypto/inside-secure/safexcel_cipher.c | 94 ++
3 files changed, 97 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 7d907d5..fe785e8 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1178,6 +1178,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_chachapoly_esp,
&safexcel_alg_sm3,
&safexcel_alg_hmac_sm3,
+ &safexcel_alg_ecb_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 73055dc..7a3183e 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -359,6 +359,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_AES192 (0x6 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES256 (0x7 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20(0x8 << 17)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SM4 (0xd << 17)
#define CONTEXT_CONTROL_DIGEST_PRECOMPUTED (0x1 << 21)
#define CONTEXT_CONTROL_DIGEST_XCM (0x2 << 21)
#define CONTEXT_CONTROL_DIGEST_HMAC(0x3 << 21)
@@ -872,5 +873,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
extern struct safexcel_alg_template safexcel_alg_sm3;
extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
+extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 40f98f1..f389a3c 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -36,6 +37,7 @@ enum safexcel_cipher_alg {
SAFEXCEL_3DES,
SAFEXCEL_AES,
SAFEXCEL_CHACHA20,
+ SAFEXCEL_SM4,
};
struct safexcel_cipher_ctx {
@@ -139,6 +141,10 @@ static void safexcel_cipher_token(struct
safexcel_cipher_ctx *ctx, u8 *iv,
block_sz = DES3_EDE_BLOCK_SIZE;
cdesc->control_data.options |=
EIP197_OPTION_2_TOKEN_IV_CMD;
break;
+ case SAFEXCEL_SM4:
+ block_sz = SM4_BLOCK_SIZE;
+ cdesc->control_data.options |=
EIP197_OPTION_4_TOKEN_IV_CMD;
+ break;
case SAFEXCEL_AES:
block_sz = AES_BLOCK_SIZE;
cdesc->control_data.options |=
EIP197_OPTION_4_TOKEN_IV_CMD;
@@ -535,6 +541,9 @@ static int safexcel_context_control(struct
safexcel_cipher_ctx *ctx,
} else if (ctx->alg == SAFEXCEL_CHACHA20) {
cdesc->control_data.control0 |=
CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20;
+ } else if (ctx->alg == SAFEXCEL_SM4) {
+ cdesc->control_data.control0 |=
+ CONTEXT_CONTROL_CRYPTO_ALG_SM4;
}
return 0;
@@ -2626,3 +2635,88 @@ struct safexcel_alg_template safexcel_alg_chachapoly_esp
= {
},
},
};
+
+static int safexcel_skcipher_sm4_setkey(struct crypto_skcipher *ctfm,
+ const u8 *key, unsigned int len)
+{
+ struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+ struct safexcel_crypto_priv *priv = ctx->priv;
+ int i;
+
+ if (len != SM4_KEY_SIZE) {
+ crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+
+ if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma) {
+ for (i = 0; i < SM4_KEY_SIZE / sizeof(u32); i++) {
+ if (ctx->key[i] !=
+ get_unaligned_le32(key + i * sizeof(u32))) {
+ ctx->base.needs_inv = true;
+ break;
+ }
+ }
+ }
+
+ for (i = 0; i < SM4_KEY_SIZE / sizeof(u32); i++)
+ ctx->key[i] = get_unaligned_le32(key + i * sizeof(u32));
+ ctx->key_len = SM4_KEY_SIZE;
+
+ return 0;
+}
+
+static
[PATCHv2 2/7] crypto: inside-secure - Add support for the cbc(sm4) skcipher
This patch adds support for SM4 in CBC mode, i.e. skcipher cbc(sm4).
changes since v1:
- nothing
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++
3 files changed, 38 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index fe785e8..4320992 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1179,6 +1179,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_sm3,
&safexcel_alg_hmac_sm3,
&safexcel_alg_ecb_sm4,
+ &safexcel_alg_cbc_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 7a3183e..71eec5c 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -874,5 +874,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_sm3;
extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
+extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index f389a3c..ae2b634 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2720,3 +2720,39 @@ struct safexcel_alg_template safexcel_alg_ecb_sm4 = {
},
},
};
+
+static int safexcel_skcipher_sm4_cbc_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_skcipher_cra_init(tfm);
+ ctx->alg = SAFEXCEL_SM4;
+ ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CBC;
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_cbc_sm4 = {
+ .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+ .algo_mask = SAFEXCEL_ALG_SM4,
+ .alg.skcipher = {
+ .setkey = safexcel_skcipher_sm4_setkey,
+ .encrypt = safexcel_sm4_blk_encrypt,
+ .decrypt = safexcel_sm4_blk_decrypt,
+ .min_keysize = SM4_KEY_SIZE,
+ .max_keysize = SM4_KEY_SIZE,
+ .ivsize = SM4_BLOCK_SIZE,
+ .base = {
+ .cra_name = "cbc(sm4)",
+ .cra_driver_name = "safexcel-cbc-sm4",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = SM4_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_skcipher_sm4_cbc_cra_init,
+ .cra_exit = safexcel_skcipher_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
--
1.8.3.1
[PATCHv2 3/7] crypto: inside-secure - Add support for the ofb(sm4) skcipher
This patch adds support for SM4 in OFB mode, i.e. skcipher ofb(sm4).
changes since v1:
- nothing
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++
3 files changed, 38 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 4320992..fbfda68 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1180,6 +1180,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_hmac_sm3,
&safexcel_alg_ecb_sm4,
&safexcel_alg_cbc_sm4,
+ &safexcel_alg_ofb_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 71eec5c..8e01d24 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -875,5 +875,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
+extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index ae2b634..95f9214 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2756,3 +2756,39 @@ struct safexcel_alg_template safexcel_alg_cbc_sm4 = {
},
},
};
+
+static int safexcel_skcipher_sm4_ofb_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_skcipher_cra_init(tfm);
+ ctx->alg = SAFEXCEL_SM4;
+ ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_OFB;
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_ofb_sm4 = {
+ .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+ .algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_AES_XFB,
+ .alg.skcipher = {
+ .setkey = safexcel_skcipher_sm4_setkey,
+ .encrypt = safexcel_encrypt,
+ .decrypt = safexcel_decrypt,
+ .min_keysize = SM4_KEY_SIZE,
+ .max_keysize = SM4_KEY_SIZE,
+ .ivsize = SM4_BLOCK_SIZE,
+ .base = {
+ .cra_name = "ofb(sm4)",
+ .cra_driver_name = "safexcel-ofb-sm4",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = 1,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_skcipher_sm4_ofb_cra_init,
+ .cra_exit = safexcel_skcipher_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
--
1.8.3.1
[PATCHv2 6/7] crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher
This patch adds support for SM4 in (32 bit) CTR mode, i.e. skcipher
rfc3686(ctr(sm4)).
changes since v1:
- nothing
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 51 ++
3 files changed, 53 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 1679b41..7da4801 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1182,6 +1182,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_cbc_sm4,
&safexcel_alg_ofb_sm4,
&safexcel_alg_cfb_sm4,
+ &safexcel_alg_ctr_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index db9bc80..0cf4c87 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -877,5 +877,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
extern struct safexcel_alg_template safexcel_alg_cfb_sm4;
+extern struct safexcel_alg_template safexcel_alg_ctr_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 1d8aca2..b14984b3 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2828,3 +2828,54 @@ struct safexcel_alg_template safexcel_alg_cfb_sm4 = {
},
},
};
+
+static int safexcel_skcipher_sm4ctr_setkey(struct crypto_skcipher *ctfm,
+ const u8 *key, unsigned int len)
+{
+ struct crypto_tfm *tfm = crypto_skcipher_tfm(ctfm);
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ /* last 4 bytes of key are the nonce! */
+ ctx->nonce = *(u32 *)(key + len - CTR_RFC3686_NONCE_SIZE);
+ /* exclude the nonce here */
+ len -= CTR_RFC3686_NONCE_SIZE;
+
+ return safexcel_skcipher_sm4_setkey(ctfm, key, len);
+}
+
+static int safexcel_skcipher_sm4_ctr_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_skcipher_cra_init(tfm);
+ ctx->alg = SAFEXCEL_SM4;
+ ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD;
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_ctr_sm4 = {
+ .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+ .algo_mask = SAFEXCEL_ALG_SM4,
+ .alg.skcipher = {
+ .setkey = safexcel_skcipher_sm4ctr_setkey,
+ .encrypt = safexcel_encrypt,
+ .decrypt = safexcel_decrypt,
+ /* Add nonce size */
+ .min_keysize = SM4_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
+ .max_keysize = SM4_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
+ .ivsize = CTR_RFC3686_IV_SIZE,
+ .base = {
+ .cra_name = "rfc3686(ctr(sm4))",
+ .cra_driver_name = "safexcel-ctr-sm4",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = 1,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_skcipher_sm4_ctr_cra_init,
+ .cra_exit = safexcel_skcipher_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
--
1.8.3.1
[PATCHv2 0/7] crypto: inside-secure - Add support for SM4 ciphers
Extend driver support with ecb(sm4), cbc(sm4), ofb(sm4), cfb(sm4) and rfc3686(ctr(sm4)) skcipher algorithms. Also add ofb(sm4), cfb(sm4) and rfc3686(ctr(sm4)) testvectors to testmgr. The patchset has been tested with the eip197c_iewxkbc configuration on the Xilinx VCU118 development board, including the crypto extra tests. Note that this patchset applies on top of the earlier submitted "Add support for (HMAC) SM3" series. changes since v1: - rebased on top of v2 of "Added support for the CHACHA20 skcipher", fixing an issue that caused SM4 to no longer function Pascal van Leeuwen (7): crypto: inside-secure - Add support for the ecb(sm4) skcipher crypto: inside-secure - Add support for the cbc(sm4) skcipher crypto: inside-secure - Add support for the ofb(sm4) skcipher crypto: testmgr - Added testvectors for the ofb(sm4) & cfb(sm4) skciphers crypto: inside-secure - Add support for the cfb(sm4) skcipher crypto: inside-secure - Add support for the rfc3685(ctr(sm4)) skcipher crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher crypto/testmgr.c | 18 ++ crypto/testmgr.h | 127 + drivers/crypto/inside-secure/safexcel.c| 5 + drivers/crypto/inside-secure/safexcel.h| 6 + drivers/crypto/inside-secure/safexcel_cipher.c | 253 + 5 files changed, 409 insertions(+) -- 1.8.3.1
[PATCHv2 5/7] crypto: inside-secure - Add support for the cfb(sm4) skcipher
This patch adds support for SM4 in CFB mode, i.e. skcipher cfb(sm4).
changes since v1:
- nothing
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 36 ++
3 files changed, 38 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index fbfda68..1679b41 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1181,6 +1181,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_ecb_sm4,
&safexcel_alg_cbc_sm4,
&safexcel_alg_ofb_sm4,
+ &safexcel_alg_cfb_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 8e01d24..db9bc80 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -876,5 +876,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_ecb_sm4;
extern struct safexcel_alg_template safexcel_alg_cbc_sm4;
extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
+extern struct safexcel_alg_template safexcel_alg_cfb_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 95f9214..1d8aca2 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2792,3 +2792,39 @@ struct safexcel_alg_template safexcel_alg_ofb_sm4 = {
},
},
};
+
+static int safexcel_skcipher_sm4_cfb_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_skcipher_cra_init(tfm);
+ ctx->alg = SAFEXCEL_SM4;
+ ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CFB;
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_cfb_sm4 = {
+ .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
+ .algo_mask = SAFEXCEL_ALG_SM4 | SAFEXCEL_ALG_AES_XFB,
+ .alg.skcipher = {
+ .setkey = safexcel_skcipher_sm4_setkey,
+ .encrypt = safexcel_encrypt,
+ .decrypt = safexcel_decrypt,
+ .min_keysize = SM4_KEY_SIZE,
+ .max_keysize = SM4_KEY_SIZE,
+ .ivsize = SM4_BLOCK_SIZE,
+ .base = {
+ .cra_name = "cfb(sm4)",
+ .cra_driver_name = "safexcel-cfb-sm4",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = 1,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_skcipher_sm4_cfb_cra_init,
+ .cra_exit = safexcel_skcipher_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
--
1.8.3.1
[PATCHv2 7/7] crypto: testmgr - Added testvectors for the rfc3686(ctr(sm4)) skcipher
Added testvectors for the rfc3686(ctr(sm4)) skcipher algorithm
changes since v1:
- nothing
Signed-off-by: Pascal van Leeuwen
---
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 29 +
2 files changed, 35 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index fbc19bc..90a9f08 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5113,6 +5113,12 @@ static int alg_test_null(const struct alg_test_desc
*desc,
.cipher = __VECS(aes_ctr_rfc3686_tv_template)
}
}, {
+ .alg = "rfc3686(ctr(sm4))",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(sm4_ctr_rfc3686_tv_template)
+ }
+ }, {
.alg = "rfc4106(gcm(aes))",
.generic_driver =
"rfc4106(gcm_base(ctr(aes-generic),ghash-generic))",
.test = alg_test_aead,
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 4e74f65..871d9db 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -12209,6 +12209,35 @@ struct len_range_sel {
}
};
+static const struct cipher_testvec sm4_ctr_rfc3686_tv_template[] = {
+ {
+ .key= "\xae\x68\x52\xf8\x12\x10\x67\xcc"
+ "\x4b\xf7\xa5\x76\x55\x77\xf3\x9e"
+ "\x00\x00\x00\x30",
+ .klen = 20,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "Single block msg",
+ .ctext = "\x20\x9b\x77\x31\xd3\x65\xdb\xab"
+ "\x9e\x48\x74\x7e\xbd\x13\x83\xeb",
+ .len= 16,
+ }, {
+ .key= "\x7e\x24\x06\x78\x17\xfa\xe0\xd7"
+ "\x43\xd6\xce\x1f\x32\x53\x91\x63"
+ "\x00\x6c\xb6\xdb",
+ .klen = 20,
+ .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b",
+ .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .ctext = "\x33\xe0\x28\x01\x92\xed\xc9\x1e"
+ "\x97\x35\xd9\x4a\xec\xd4\xbc\x23"
+ "\x4f\x35\x9f\x1c\x55\x1f\xe0\x27"
+ "\xe0\xdf\xc5\x43\xbc\xb0\x23\x94",
+ .len= 32,
+ }
+};
+
static const struct cipher_testvec sm4_ofb_tv_template[] = {
{ /* From: draft-ribose-cfrg-sm4-02, paragraph 12.2.3 */
.key= "\x01\x23\x45\x67\x89\xab\xcd\xef"
--
1.8.3.1
[PATCH 1/2] crypto: inside-secure - Add SHA3 family of basic hash algorithms
This patch adds support for sha3-224, sha3-256, sha3-384 and sha3-512
basic hashes.
The patch has been tested with the eip197c_iewxkbc configuration on the
Xilinx VCU118 development board, including the testmgr extra tests.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 4 +
drivers/crypto/inside-secure/safexcel.h | 9 +
drivers/crypto/inside-secure/safexcel_hash.c | 351 +++
3 files changed, 364 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 69079fb..f211082 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1187,6 +1187,10 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_authenc_hmac_sm3_cbc_sm4,
&safexcel_alg_authenc_hmac_sha1_ctr_sm4,
&safexcel_alg_authenc_hmac_sm3_ctr_sm4,
+ &safexcel_alg_sha3_224,
+ &safexcel_alg_sha3_256,
+ &safexcel_alg_sha3_384,
+ &safexcel_alg_sha3_512,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 77e71c2..16d09f2 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -360,6 +360,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_AES256 (0x7 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20(0x8 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_SM4 (0xd << 17)
+#define CONTEXT_CONTROL_DIGEST_INITIAL (0x0 << 21)
#define CONTEXT_CONTROL_DIGEST_PRECOMPUTED (0x1 << 21)
#define CONTEXT_CONTROL_DIGEST_XCM (0x2 << 21)
#define CONTEXT_CONTROL_DIGEST_HMAC(0x3 << 21)
@@ -375,6 +376,10 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC192 (0x2 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC256 (0x3 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_SM3 (0x7 << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SHA3_256(0xb << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SHA3_224(0xc << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SHA3_512(0xd << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SHA3_384(0xe << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_POLY1305(0xf << 23)
#define CONTEXT_CONTROL_INV_FR (0x5 << 24)
#define CONTEXT_CONTROL_INV_TR (0x6 << 24)
@@ -882,5 +887,9 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sm3_cbc_sm4;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_ctr_sm4;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sm3_ctr_sm4;
+extern struct safexcel_alg_template safexcel_alg_sha3_224;
+extern struct safexcel_alg_template safexcel_alg_sha3_256;
+extern struct safexcel_alg_template safexcel_alg_sha3_384;
+extern struct safexcel_alg_template safexcel_alg_sha3_512;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index fdf4bcc..50f2050 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -9,6 +9,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -24,11 +25,14 @@ struct safexcel_ahash_ctx {
u32 alg;
u8 key_sz;
bool cbcmac;
+ bool do_fallback;
+ bool fb_init_done;
u32 ipad[SHA512_DIGEST_SIZE / sizeof(u32)];
u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
struct crypto_cipher *kaes;
+ struct crypto_ahash *fback;
};
struct safexcel_ahash_req {
@@ -2350,3 +2354,350 @@ struct safexcel_alg_template safexcel_alg_hmac_sm3 = {
},
},
};
+
+static int safexcel_sha3_224_init(struct ahash_request *areq)
+{
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
+ struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
+ struct safexcel_ahash_req *req = ahash_request_ctx(areq);
+
+ memset(req, 0, sizeof(*req));
+
+ ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_224;
+ req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;
+ req->state_sz = SHA3_224_DIGEST_SIZE;
+ req->block_sz = SHA3_224_BLOCK_SIZE;
+ ctx->do_fallback = false;
+ ctx->fb_init_done = false;
+ return 0;
+}
+
+static int safexcel_sha3_fbcheck(struct ahash_request *req)
+{
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+ struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);
+ struct ahash_request *subreq = ahash_request_ctx(req);
+ int ret = 0;
+
+ if (ctx->do_fallback) {
+ ahash_request_set_tfm(subreq, ctx->
[PATCH 0/2] crypto: inside-secure - Add (HMAC) SHA3 support
This patchset adds support for all flavours of sha3-xxx and hmac(sha3-xxx) ahash algorithms. The patchset has been tested with the eip197c_iewxkbc configuration on the Xilinx VCU118 development board, including the testmgr extra tests. Pascal van Leeuwen (2): crypto: inside-secure - Add SHA3 family of basic hash algorithms crypto: inside-secure - Add HMAC-SHA3 family of authentication algorithms drivers/crypto/inside-secure/safexcel.c | 8 + drivers/crypto/inside-secure/safexcel.h | 13 + drivers/crypto/inside-secure/safexcel_hash.c | 790 ++- 3 files changed, 799 insertions(+), 12 deletions(-) -- 1.8.3.1
[PATCH 2/2] crypto: inside-secure - Add HMAC-SHA3 family of authentication algorithms
This patch adds support for hmac(sha3-224), hmac(sha3-256), hmac(sha3-384)
and hmac(sha3-512) authentication algorithms.
The patch has been tested with the eip197c_iewxkbc configuration on the
Xilinx VCU118 development board, including the testmgr extra tests.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 4 +
drivers/crypto/inside-secure/safexcel.h | 4 +
drivers/crypto/inside-secure/safexcel_hash.c | 441 ++-
3 files changed, 436 insertions(+), 13 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index f211082..12cb939 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1191,6 +1191,10 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_sha3_256,
&safexcel_alg_sha3_384,
&safexcel_alg_sha3_512,
+ &safexcel_alg_hmac_sha3_224,
+ &safexcel_alg_hmac_sha3_256,
+ &safexcel_alg_hmac_sha3_384,
+ &safexcel_alg_hmac_sha3_512,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 16d09f2..82953b3 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -891,5 +891,9 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_sha3_256;
extern struct safexcel_alg_template safexcel_alg_sha3_384;
extern struct safexcel_alg_template safexcel_alg_sha3_512;
+extern struct safexcel_alg_template safexcel_alg_hmac_sha3_224;
+extern struct safexcel_alg_template safexcel_alg_hmac_sha3_256;
+extern struct safexcel_alg_template safexcel_alg_hmac_sha3_384;
+extern struct safexcel_alg_template safexcel_alg_hmac_sha3_512;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 50f2050..a2161c2 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -27,12 +27,15 @@ struct safexcel_ahash_ctx {
bool cbcmac;
bool do_fallback;
bool fb_init_done;
+ bool fb_do_setkey;
- u32 ipad[SHA512_DIGEST_SIZE / sizeof(u32)];
- u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
+ u32 ipad[SHA3_512_BLOCK_SIZE / sizeof(u32)];
+ u32 opad[SHA3_512_BLOCK_SIZE / sizeof(u32)];
struct crypto_cipher *kaes;
struct crypto_ahash *fback;
+ struct crypto_shash *shpre;
+ struct shash_desc *shdesc;
};
struct safexcel_ahash_req {
@@ -52,7 +55,8 @@ struct safexcel_ahash_req {
u8 state_sz;/* expected state size, only set once */
u8 block_sz;/* block size, only set once */
- u32 state[SHA512_DIGEST_SIZE / sizeof(u32)] __aligned(sizeof(u32));
+ u8 digest_sz; /* output digest size, only set once */
+ u32 state[SHA3_512_BLOCK_SIZE / sizeof(u32)] __aligned(sizeof(u32));
u64 len;
u64 processed;
@@ -246,7 +250,7 @@ static int safexcel_handle_req_result(struct
safexcel_crypto_priv *priv,
}
if (sreq->result_dma) {
- dma_unmap_single(priv->dev, sreq->result_dma, sreq->state_sz,
+ dma_unmap_single(priv->dev, sreq->result_dma, sreq->digest_sz,
DMA_FROM_DEVICE);
sreq->result_dma = 0;
}
@@ -265,7 +269,7 @@ static int safexcel_handle_req_result(struct
safexcel_crypto_priv *priv,
memcpy(sreq->cache, sreq->state,
crypto_ahash_digestsize(ahash));
- memcpy(sreq->state, ctx->opad, sreq->state_sz);
+ memcpy(sreq->state, ctx->opad, sreq->digest_sz);
sreq->len = sreq->block_sz +
crypto_ahash_digestsize(ahash);
@@ -309,7 +313,7 @@ static int safexcel_ahash_send_req(struct
crypto_async_request *async, int ring,
struct safexcel_command_desc *cdesc, *first_cdesc = NULL;
struct safexcel_result_desc *rdesc;
struct scatterlist *sg;
- int i, extra = 0, n_cdesc = 0, ret = 0, cache_len, skip = 0, res_sz;
+ int i, extra = 0, n_cdesc = 0, ret = 0, cache_len, skip = 0;
u64 queued, len;
queued = safexcel_queued_len(req);
@@ -451,11 +455,10 @@ static int safexcel_ahash_send_req(struct
crypto_async_request *async, int ring,
/* Setup the context options */
safexcel_context_control(ctx, req, first_cdesc);
- /* Add the token. Note that the XCBC result is only 1 AES block. */
- res_sz = req->xcbcmac ? AES_BLOCK_SIZE : req->state_sz;
- safexcel_hash_token(first_cdesc, len, res_sz, ctx->cbcmac);
+ /*
[PATCH 2/3] crypto: inside-secure - Added support for authenc HMAC-SHA2/3DES-CBC
This patch adds support for the authenc(hmac(sha224),cbc(des3_ede)),
authenc(hmac(sha256),cbc(des3_ede)), authenc(hmac(sha384),cbc(des3_ede))
and authenc(hmac(sha512),cbc(des3_ede)) aead's
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 4 +
drivers/crypto/inside-secure/safexcel.h| 4 +
drivers/crypto/inside-secure/safexcel_cipher.c | 136 +
3 files changed, 144 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 617c70b..4222ffa 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1196,6 +1196,10 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_hmac_sha3_384,
&safexcel_alg_hmac_sha3_512,
&safexcel_alg_authenc_hmac_sha1_cbc_des,
+ &safexcel_alg_authenc_hmac_sha256_cbc_des3_ede,
+ &safexcel_alg_authenc_hmac_sha224_cbc_des3_ede,
+ &safexcel_alg_authenc_hmac_sha512_cbc_des3_ede,
+ &safexcel_alg_authenc_hmac_sha384_cbc_des3_ede,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index b020e27..fd6798f 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -896,5 +896,9 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_384;
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_512;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des;
+extern struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha256_cbc_des3_ede;
+extern struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha224_cbc_des3_ede;
+extern struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha512_cbc_des3_ede;
+extern struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha384_cbc_des3_ede;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 435f184..0d26bea 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -1865,6 +1865,142 @@ struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = {
},
};
+static int safexcel_aead_sha256_des3_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha256_cra_init(tfm);
+ ctx->alg = SAFEXCEL_3DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_des3_ede = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES3_EDE_BLOCK_SIZE,
+ .maxauthsize = SHA256_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha256),cbc(des3_ede))",
+ .cra_driver_name =
"safexcel-authenc-hmac-sha256-cbc-des3_ede",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES3_EDE_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha256_des3_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
+static int safexcel_aead_sha224_des3_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha224_cra_init(tfm);
+ ctx->alg = SAFEXCEL_3DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des3_ede = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES3_EDE_BLOCK_SIZE,
+ .maxauthsize = SHA224_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha224),cbc(des3_ede))",
+ .cra_driver_name =
"safexcel-authenc-hmac-sha224-cbc-des3_ede",
+ .cra_priority
[PATCH 3/3] crypto: inside-secure - Added support for authenc HMAC-SHA2/DES-CBC
This patch adds support for the authenc(hmac(sha224),cbc(des)),
authenc(hmac(sha256),cbc(des)), authenc(hmac(sha384),cbc(des))
and authenc(hmac(sha512),cbc(des)) aead's
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 4 +
drivers/crypto/inside-secure/safexcel.h| 4 +
drivers/crypto/inside-secure/safexcel_cipher.c | 136 +
3 files changed, 144 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 4222ffa..1e05b5f 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1200,6 +1200,10 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_authenc_hmac_sha224_cbc_des3_ede,
&safexcel_alg_authenc_hmac_sha512_cbc_des3_ede,
&safexcel_alg_authenc_hmac_sha384_cbc_des3_ede,
+ &safexcel_alg_authenc_hmac_sha256_cbc_des,
+ &safexcel_alg_authenc_hmac_sha224_cbc_des,
+ &safexcel_alg_authenc_hmac_sha512_cbc_des,
+ &safexcel_alg_authenc_hmac_sha384_cbc_des,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index fd6798f..fc16d5a 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -900,5 +900,9 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha224_cbc_des3_ede;
extern struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha512_cbc_des3_ede;
extern struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha384_cbc_des3_ede;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_des;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_des;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_des;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 0d26bea..71233ff 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2035,6 +2035,142 @@ struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha1_cbc_des = {
},
};
+static int safexcel_aead_sha256_des_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha256_cra_init(tfm);
+ ctx->alg = SAFEXCEL_DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_des = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES_BLOCK_SIZE,
+ .maxauthsize = SHA256_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha256),cbc(des))",
+ .cra_driver_name =
"safexcel-authenc-hmac-sha256-cbc-des",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha256_des_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
+static int safexcel_aead_sha224_des_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha224_cra_init(tfm);
+ ctx->alg = SAFEXCEL_DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES_BLOCK_SIZE,
+ .maxauthsize = SHA224_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha224),cbc(des))",
+ .cra_driver_name =
"safexcel-authenc-hmac-sha224-cbc-des",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYP
[PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC
This patch adds support for the authenc(hmac(sha1),cbc(des)) aead
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 45 ++
3 files changed, 47 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 12cb939..617c70b 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1195,6 +1195,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_hmac_sha3_256,
&safexcel_alg_hmac_sha3_384,
&safexcel_alg_hmac_sha3_512,
+ &safexcel_alg_authenc_hmac_sha1_cbc_des,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 82953b3..b020e27 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -895,5 +895,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_256;
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_384;
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_512;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index bf2b1f9..435f184 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -348,6 +348,7 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm,
const u8 *key,
struct safexcel_crypto_priv *priv = ctx->priv;
struct crypto_authenc_keys keys;
struct crypto_aes_ctx aes;
+ u32 tmp[DES_EXPKEY_WORDS];
u32 flags;
int err = -EINVAL;
@@ -367,6 +368,16 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm,
const u8 *key,
/* Encryption key */
switch (ctx->alg) {
+ case SAFEXCEL_DES:
+ if (keys.enckeylen != DES_KEY_SIZE)
+ goto badkey;
+ err = des_ekey(tmp, key);
+ if (unlikely(!err && (tfm->crt_flags &
+ CRYPTO_TFM_REQ_FORBID_WEAK_KEYS))) {
+ tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
+ goto badkey_expflags;
+ }
+ break;
case SAFEXCEL_3DES:
if (keys.enckeylen != DES3_EDE_KEY_SIZE)
goto badkey;
@@ -1854,6 +1865,40 @@ struct safexcel_alg_template
safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = {
},
};
+static int safexcel_aead_sha1_des_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha1_cra_init(tfm);
+ ctx->alg = SAFEXCEL_DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA1,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES_BLOCK_SIZE,
+ .maxauthsize = SHA1_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha1),cbc(des))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha1-cbc-des",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha1_des_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
static int safexcel_aead_sha1_ctr_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
--
1.8.3.1
[PATCH 0/3] crypto: inside-secure - Added more authenc w/ (3)DES
This patchset adds the remaining authencs with DES or 3DES currently supported with vectors by testmgr. The patchset has been tested with the eip197c_iewxkbc configuration on the Xilinx VCU118 development boardi as well as on the Macchiatobin board, including the testmgr extra tests. Pascal van Leeuwen (3): crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC crypto: inside-secure - Added support for authenc HMAC-SHA2/3DES-CBC crypto: inside-secure - Added support for authenc HMAC-SHA2/DES-CBC drivers/crypto/inside-secure/safexcel.c| 9 + drivers/crypto/inside-secure/safexcel.h| 9 + drivers/crypto/inside-secure/safexcel_cipher.c | 317 + 3 files changed, 335 insertions(+) -- 1.8.3.1
RE: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC
> -Original Message-
> From: Ard Biesheuvel
> Sent: Friday, September 13, 2019 5:27 PM
> To: Pascal van Leeuwen
> Cc: open list:HARDWARE RANDOM NUMBER GENERATOR CORE
> ;
> Antoine Tenart ; Herbert Xu
> ;
> David S. Miller ; Pascal Van Leeuwen
>
> Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for authenc
> HMAC-
> SHA1/DES-CBC
>
> On Fri, 13 Sep 2019 at 16:06, Pascal van Leeuwen wrote:
> >
> > This patch adds support for the authenc(hmac(sha1),cbc(des)) aead
> >
> > Signed-off-by: Pascal van Leeuwen
>
> Please make sure your code is based on cryptodev/master before sending
> it to the list.
>
Looks like with this patchset and the previous (SHA3) patchset I forgot
to add the disclaimer that it applies on top of the previous patchset.
Mea culpa.
So there you go: "Added support for authenc HMAC-SHA1/DES-CBC" applies
on top of "Added (HMAC) SHA3 support", which applies on top of
"Add support for SM4 ciphers".
> --
> Ard.
>
> > ---
> > drivers/crypto/inside-secure/safexcel.c| 1 +
> > drivers/crypto/inside-secure/safexcel.h| 1 +
> > drivers/crypto/inside-secure/safexcel_cipher.c | 45
> > ++
> > 3 files changed, 47 insertions(+)
> >
> > diff --git a/drivers/crypto/inside-secure/safexcel.c
> > b/drivers/crypto/inside-
> secure/safexcel.c
> > index 12cb939..617c70b 100644
> > --- a/drivers/crypto/inside-secure/safexcel.c
> > +++ b/drivers/crypto/inside-secure/safexcel.c
> > @@ -1195,6 +1195,7 @@ static int safexcel_request_ring_irq(void *pdev, int
> > irqid,
> > &safexcel_alg_hmac_sha3_256,
> > &safexcel_alg_hmac_sha3_384,
> > &safexcel_alg_hmac_sha3_512,
> > + &safexcel_alg_authenc_hmac_sha1_cbc_des,
> > };
> >
> > static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
> > diff --git a/drivers/crypto/inside-secure/safexcel.h
> > b/drivers/crypto/inside-
> secure/safexcel.h
> > index 82953b3..b020e27 100644
> > --- a/drivers/crypto/inside-secure/safexcel.h
> > +++ b/drivers/crypto/inside-secure/safexcel.h
> > @@ -895,5 +895,6 @@ int safexcel_hmac_setkey(const char *alg, const u8
> > *key, unsigned
> int keylen,
> > extern struct safexcel_alg_template safexcel_alg_hmac_sha3_256;
> > extern struct safexcel_alg_template safexcel_alg_hmac_sha3_384;
> > extern struct safexcel_alg_template safexcel_alg_hmac_sha3_512;
> > +extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des;
> >
> > #endif
> > diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
> > b/drivers/crypto/inside-
> secure/safexcel_cipher.c
> > index bf2b1f9..435f184 100644
> > --- a/drivers/crypto/inside-secure/safexcel_cipher.c
> > +++ b/drivers/crypto/inside-secure/safexcel_cipher.c
> > @@ -348,6 +348,7 @@ static int safexcel_aead_setkey(struct crypto_aead
> > *ctfm, const u8
> *key,
> > struct safexcel_crypto_priv *priv = ctx->priv;
> > struct crypto_authenc_keys keys;
> > struct crypto_aes_ctx aes;
> > + u32 tmp[DES_EXPKEY_WORDS];
> > u32 flags;
> > int err = -EINVAL;
> >
> > @@ -367,6 +368,16 @@ static int safexcel_aead_setkey(struct crypto_aead
> > *ctfm, const
> u8 *key,
> >
> > /* Encryption key */
> > switch (ctx->alg) {
> > + case SAFEXCEL_DES:
> > + if (keys.enckeylen != DES_KEY_SIZE)
> > + goto badkey;
> > + err = des_ekey(tmp, key);
> > + if (unlikely(!err && (tfm->crt_flags &
> > + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS))) {
> > + tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
> > + goto badkey_expflags;
> > + }
> > + break;
> > case SAFEXCEL_3DES:
> > if (keys.enckeylen != DES3_EDE_KEY_SIZE)
> > goto badkey;
> > @@ -1854,6 +1865,40 @@ struct safexcel_alg_template
> safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = {
> > },
> > };
> >
> > +static int safexcel_aead_sha1_des_cra_init(struct crypto_tfm *tfm)
> > +{
> > + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
> > +
> > + safexcel_aead_sha1_cra_init(tfm);
> > + ctx->alg = SAFEXCEL_DES; /* override default */
> > + return 0;
> > +}
> > +
[PATCHv3 0/3] crypto: inside-secure - Add support for (HMAC) SM3
Extend driver support with sm3 and hmac(sm3) ahash support. Also add GM/T 0042-2015 hmac(sm3) testvectors to the testmgr. The patchset has been tested with the eip197c_iewxkbc configuration on the Xilinx VCU118 development board, including the crypto extra tests. Note that this patchset applies on top of the earlier submitted "Add support for the Chacha20 kcipher and the Chacha20-Poly..." series. changes since v1: - incorporated feedback by Antoine Tenart, see individual patches for details changes since v2: - allow compilation if CONFIG_CRYPTO_SM3 is not set Pascal van Leeuwen (3): crypto: inside-secure - Added support for basic SM3 ahash crypto: inside-secure - Added support for HMAC-SM3 ahash crypto: testmgr - Added testvectors for the hmac(sm3) ahash crypto/testmgr.c | 6 ++ crypto/testmgr.h | 56 +++ drivers/crypto/inside-secure/safexcel.c | 2 + drivers/crypto/inside-secure/safexcel.h | 9 ++ drivers/crypto/inside-secure/safexcel_hash.c | 134 +++ 5 files changed, 207 insertions(+) -- 1.8.3.1
[PATCHv3 2/3] crypto: inside-secure - Added support for HMAC-SM3 ahash
Added support for the hmac(sm3) ahash authentication algorithm
changes since v1:
- added Acked-by tag below, no changes to the source
changes since v2:
- nothing
Acked-by: Antoine Tenart
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_hash.c | 70
3 files changed, 72 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 826d1fb..7d907d5 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1177,6 +1177,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_chachapoly,
&safexcel_alg_chachapoly_esp,
&safexcel_alg_sm3,
+ &safexcel_alg_hmac_sm3,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index e2993b5..1b2d709 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -877,5 +877,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_chachapoly;
extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
extern struct safexcel_alg_template safexcel_alg_sm3;
+extern struct safexcel_alg_template safexcel_alg_hmac_sm3;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 873b774..272e5fd 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -2285,3 +2285,73 @@ struct safexcel_alg_template safexcel_alg_sm3 = {
},
},
};
+
+static int safexcel_hmac_sm3_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sm3",
+ SM3_DIGEST_SIZE);
+}
+
+static int safexcel_hmac_sm3_init(struct ahash_request *areq)
+{
+ struct safexcel_ahash_ctx *ctx =
crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
+ struct safexcel_ahash_req *req = ahash_request_ctx(areq);
+
+ memset(req, 0, sizeof(*req));
+
+ /* Start from ipad precompute */
+ memcpy(req->state, ctx->ipad, SM3_DIGEST_SIZE);
+ /* Already processed the key^ipad part now! */
+ req->len= SM3_BLOCK_SIZE;
+ req->processed = SM3_BLOCK_SIZE;
+
+ ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
+ req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
+ req->state_sz = SM3_DIGEST_SIZE;
+ req->block_sz = SM3_BLOCK_SIZE;
+ req->hmac = true;
+
+ return 0;
+}
+
+static int safexcel_hmac_sm3_digest(struct ahash_request *areq)
+{
+ int ret = safexcel_hmac_sm3_init(areq);
+
+ if (ret)
+ return ret;
+
+ return safexcel_ahash_finup(areq);
+}
+
+struct safexcel_alg_template safexcel_alg_hmac_sm3 = {
+ .type = SAFEXCEL_ALG_TYPE_AHASH,
+ .algo_mask = SAFEXCEL_ALG_SM3,
+ .alg.ahash = {
+ .init = safexcel_hmac_sm3_init,
+ .update = safexcel_ahash_update,
+ .final = safexcel_ahash_final,
+ .finup = safexcel_ahash_finup,
+ .digest = safexcel_hmac_sm3_digest,
+ .setkey = safexcel_hmac_sm3_setkey,
+ .export = safexcel_ahash_export,
+ .import = safexcel_ahash_import,
+ .halg = {
+ .digestsize = SM3_DIGEST_SIZE,
+ .statesize = sizeof(struct safexcel_ahash_export_state),
+ .base = {
+ .cra_name = "hmac(sm3)",
+ .cra_driver_name = "safexcel-hmac-sm3",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = SM3_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct
safexcel_ahash_ctx),
+ .cra_init = safexcel_ahash_cra_init,
+ .cra_exit = safexcel_ahash_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+ },
+};
--
1.8.3.1
[PATCHv3 3/3] crypto: testmgr - Added testvectors for the hmac(sm3) ahash
Added testvectors for the hmac(sm3) ahash authentication algorithm
changes since v1 & v2:
-nothing
Signed-off-by: Pascal van Leeuwen
---
crypto/testmgr.c | 6 ++
crypto/testmgr.h | 56
2 files changed, 62 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 001e62f..3604c9d 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4921,6 +4921,12 @@ static int alg_test_null(const struct alg_test_desc
*desc,
.hash = __VECS(hmac_sha512_tv_template)
}
}, {
+ .alg = "hmac(sm3)",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(hmac_sm3_tv_template)
+ }
+ }, {
.alg = "hmac(streebog256)",
.test = alg_test_hash,
.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 25572c3..1f56293 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -2935,6 +2935,62 @@ struct len_range_sel {
}
};
+/* Example vectors below taken from
+ * GM/T 0042-2015 Appendix D.3
+ */
+static const struct hash_testvec hmac_sm3_tv_template[] = {
+ {
+ .key= "\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18"
+ "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20",
+ .ksize = 32,
+ .plaintext =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .psize = 112,
+ .digest = "\xca\x05\xe1\x44\xed\x05\xd1\x85"
+ "\x78\x40\xd1\xf3\x18\xa4\xa8\x66"
+ "\x9e\x55\x9f\xc8\x39\x1f\x41\x44"
+ "\x85\xbf\xdf\x7b\xb4\x08\x96\x3a",
+ }, {
+ .key= "\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18"
+ "\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
+ "\x21\x22\x23\x24\x25",
+ .ksize = 37,
+ .plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
+ .psize = 50,
+ .digest = "\x22\x0b\xf5\x79\xde\xd5\x55\x39"
+ "\x3f\x01\x59\xf6\x6c\x99\x87\x78"
+ "\x22\xa3\xec\xf6\x10\xd1\x55\x21"
+ "\x54\xb4\x1d\x44\xb9\x4d\xb3\xae",
+ }, {
+ .key= "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+"\x0b\x0b\x0b\x0b\x0b\x0b",
+ .ksize = 32,
+ .plaintext = "Hi There",
+ .psize = 8,
+ .digest = "\xc0\xba\x18\xc6\x8b\x90\xc8\x8b"
+ "\xc0\x7d\xe7\x94\xbf\xc7\xd2\xc8"
+ "\xd1\x9e\xc3\x1e\xd8\x77\x3b\xc2"
+ "\xb3\x90\xc9\x60\x4e\x0b\xe1\x1e",
+ }, {
+ .key= "Jefe",
+ .ksize = 4,
+ .plaintext = "what do ya want for nothing?",
+ .psize = 28,
+ .digest = "\x2e\x87\xf1\xd1\x68\x62\xe6\xd9"
+ "\x64\xb5\x0a\x52\x00\xbf\x2b\x10"
+ "\xb7\x64\xfa\xa9\x68\x0a\x29\x6a"
+ "\x24\x05\xf2\x4b\xec\x39\xf8\x82",
+ },
+};
+
/*
* SHA1 test vectors from from FIPS PUB 180-1
* Long vector from CAVS 5.0
--
1.8.3.1
[PATCHv3 1/3] crypto: inside-secure - Added support for basic SM3 ahash
Added support for the SM3 ahash algorithm
changes since v1:
- moved definition of CONTEXT_CONTROL_CRYPTO_ALG_SM3 (0x7) up above 0xf
changes since v2:
- allow compilation if CONFIG_CRYPTO_SM3 is not set
Acked-by: Antoine Tenart
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 8
drivers/crypto/inside-secure/safexcel_hash.c | 64
3 files changed, 73 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 5886bcd..826d1fb 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1176,6 +1176,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_chacha20,
&safexcel_alg_chachapoly,
&safexcel_alg_chachapoly_esp,
+ &safexcel_alg_sm3,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 282d59e..e2993b5 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -373,6 +373,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC128 (0x1 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC192 (0x2 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC256 (0x3 << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_SM3 (0x7 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_POLY1305(0xf << 23)
#define CONTEXT_CONTROL_INV_FR (0x5 << 24)
#define CONTEXT_CONTROL_INV_TR (0x6 << 24)
@@ -663,6 +664,12 @@ enum safexcel_eip_version {
/* Priority we use for advertising our algorithms */
#define SAFEXCEL_CRA_PRIORITY 300
+/* SM3 digest result for zero length message */
+#define EIP197_SM3_ZEROM_HASH "\x1A\xB2\x1D\x83\x55\xCF\xA1\x7F" \
+ "\x8E\x61\x19\x48\x31\xE8\x1A\x8F" \
+ "\x22\xBE\xC8\xC7\x28\xFE\xFB\x74" \
+ "\x7E\xD0\x35\xEB\x50\x82\xAA\x2B"
+
/* EIP algorithm presence flags */
enum safexcel_eip_algorithms {
SAFEXCEL_ALG_BC0 = BIT(5),
@@ -869,5 +876,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_chacha20;
extern struct safexcel_alg_template safexcel_alg_chachapoly;
extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
+extern struct safexcel_alg_template safexcel_alg_sm3;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
b/drivers/crypto/inside-secure/safexcel_hash.c
index 0224779..873b774 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -10,6 +10,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -776,6 +777,14 @@ static int safexcel_ahash_final(struct ahash_request *areq)
else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA512)
memcpy(areq->result, sha512_zero_message_hash,
SHA512_DIGEST_SIZE);
+ else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SM3) {
+ if (IS_ENABLED(CONFIG_CRYPTO_SM3))
+ memcpy(areq->result, sm3_zero_message_hash,
+ SM3_DIGEST_SIZE);
+ else
+ memcpy(areq->result,
+ EIP197_SM3_ZEROM_HASH, SM3_DIGEST_SIZE);
+ }
return 0;
} else if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM &&
@@ -2221,3 +2230,58 @@ struct safexcel_alg_template safexcel_alg_cmac = {
},
},
};
+
+static int safexcel_sm3_init(struct ahash_request *areq)
+{
+ struct safexcel_ahash_ctx *ctx =
crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
+ struct safexcel_ahash_req *req = ahash_request_ctx(areq);
+
+ memset(req, 0, sizeof(*req));
+
+ ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;
+ req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;
+ req->state_sz = SM3_DIGEST_SIZE;
+ req->block_sz = SM3_BLOCK_SIZE;
+
+ return 0;
+}
+
+static int safexcel_sm3_digest(struct ahash_request *areq)
+{
+ int ret = safexcel_sm3_init(areq);
+
+ if (ret)
+ return ret;
+
+ return safexcel_ahash_finup(areq);
+}
+
+struct safexcel_alg_template safexcel_alg_sm3 = {
+ .type = SAFEXCEL_ALG_TYPE_AHASH,
+ .algo_mask = SAFEXCEL_ALG_SM3,
+ .alg.ahash = {
+ .init = safexcel_sm3_init,
+ .update = safexcel_ahash_update,
+ .final = saf
RE: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC
> -Original Message- > From: Ard Biesheuvel > Sent: Friday, September 13, 2019 6:24 PM > To: Pascal Van Leeuwen > Cc: Pascal van Leeuwen ; open list:HARDWARE RANDOM > NUMBER > GENERATOR CORE ; Antoine Tenart > ; Herbert Xu ; David > S. Miller > > Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for authenc > HMAC- > SHA1/DES-CBC > > On Fri, 13 Sep 2019 at 17:17, Pascal Van Leeuwen > wrote: > > > > > -Original Message- > > > From: Ard Biesheuvel > > > Sent: Friday, September 13, 2019 5:27 PM > > > To: Pascal van Leeuwen > > > Cc: open list:HARDWARE RANDOM NUMBER GENERATOR CORE > > > ; > > > Antoine Tenart ; Herbert Xu > ; > > > David S. Miller ; Pascal Van Leeuwen > > > > Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for > > > authenc HMAC- > > > SHA1/DES-CBC > > > > > > On Fri, 13 Sep 2019 at 16:06, Pascal van Leeuwen > > > wrote: > > > > > > > > This patch adds support for the authenc(hmac(sha1),cbc(des)) aead > > > > > > > > Signed-off-by: Pascal van Leeuwen > > > > > > Please make sure your code is based on cryptodev/master before sending > > > it to the list. > > > > > Looks like with this patchset and the previous (SHA3) patchset I forgot > > to add the disclaimer that it applies on top of the previous patchset. > > Mea culpa. > > > > So there you go: "Added support for authenc HMAC-SHA1/DES-CBC" applies > > on top of "Added (HMAC) SHA3 support", which applies on top of > > "Add support for SM4 ciphers". > > > > Sorry if I wasn't clear, but that was not my point. > > You should really base your code on cryptodev/master since some of the > DES helpers you are using don't exist anymore. > Ah, ok, I'll look into that ... I don't always notice that something changed in cryptodev/master. Which doesn't happen too frequently, so it's easy to miss. One of the downsides of Git compared to "normal" version control systems: you have to manually keep track of master. Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
[PATCHv2 1/3] crypto: inside-secure - Added support for the CHACHA20 skcipher
Added support for the CHACHA20 skcipher algorithm.
Tested on an eip197c-iesb configuration in the Xilinx VCU118 devboard,
passes all testmgr vectors plus the extra fuzzing tests.
changes since v1:
- rebased on top of DES changes done to cryptodev/master
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 3 +
drivers/crypto/inside-secure/safexcel_cipher.c | 83 +-
3 files changed, 85 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index d0f49a5..f958c92 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1173,6 +1173,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_cbcmac,
&safexcel_alg_xcbcmac,
&safexcel_alg_cmac,
+ &safexcel_alg_chacha20,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 6ddc6d1..c7f1a20 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -358,6 +358,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_AES128 (0x5 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES192 (0x6 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES256 (0x7 << 17)
+#define CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20(0x8 << 17)
#define CONTEXT_CONTROL_DIGEST_PRECOMPUTED (0x1 << 21)
#define CONTEXT_CONTROL_DIGEST_XCM (0x2 << 21)
#define CONTEXT_CONTROL_DIGEST_HMAC(0x3 << 21)
@@ -378,6 +379,7 @@ struct safexcel_context_record {
/* control1 */
#define CONTEXT_CONTROL_CRYPTO_MODE_ECB(0 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CBC(1 << 0)
+#define CONTEXT_CONTROL_CHACHA20_MODE_256_32 (2 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_OFB(4 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CFB(5 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD (6 << 0)
@@ -858,5 +860,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_cbcmac;
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
extern struct safexcel_alg_template safexcel_alg_cmac;
+extern struct safexcel_alg_template safexcel_alg_chacha20;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index ef51f8c2..0bafb14 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -5,13 +5,14 @@
* Antoine Tenart
*/
+#include
#include
#include
#include
-
#include
#include
#include
+#include
#include
#include
#include
@@ -33,6 +34,7 @@ enum safexcel_cipher_alg {
SAFEXCEL_DES,
SAFEXCEL_3DES,
SAFEXCEL_AES,
+ SAFEXCEL_CHACHA20,
};
struct safexcel_cipher_ctx {
@@ -81,6 +83,15 @@ static void safexcel_cipher_token(struct safexcel_cipher_ctx
*ctx, u8 *iv,
cdesc->control_data.token[3] = cpu_to_be32(1);
return;
+ } else if (ctx->alg == SAFEXCEL_CHACHA20) {
+ cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
+
+ /* 96 bit nonce part */
+ memcpy(&cdesc->control_data.token[0], &iv[4], 12);
+ /* 32 bit counter */
+ cdesc->control_data.token[3] = *(u32 *)iv;
+
+ return;
} else if (ctx->xcm == EIP197_XCM_MODE_GCM) {
cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
@@ -112,7 +123,7 @@ static void safexcel_cipher_token(struct
safexcel_cipher_ctx *ctx, u8 *iv,
block_sz = DES3_EDE_BLOCK_SIZE;
cdesc->control_data.options |=
EIP197_OPTION_2_TOKEN_IV_CMD;
break;
- case SAFEXCEL_AES:
+ default: /* case SAFEXCEL_AES */
block_sz = AES_BLOCK_SIZE;
cdesc->control_data.options |=
EIP197_OPTION_4_TOKEN_IV_CMD;
break;
@@ -480,6 +491,9 @@ static int safexcel_context_control(struct
safexcel_cipher_ctx *ctx,
ctx->key_len >> ctx->xts);
return -EINVAL;
}
+ } else if (ctx->alg == SAFEXCEL_CHACHA20) {
+ cdesc->control_data.control0 |=
+ CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20;
}
return 0;
@@ -2303,3 +2317,68 @@ struct safexcel_alg_template safexcel_alg_ccm = {
},
},
};
+
+static int safexcel_skc
[PATCHv2 0/3] crypto: inside-secure: Add support for the Chacha20 skcipher and the Chacha20-Poly1305 AEAD suites
Extend driver support with chacha20, rfc7539(chacha20,poly1305) and rfc7539esp(chacha20,poly1305) ciphers. The patchset has been tested with the eip197c_iesb and eip197c_iewxkbc configurations on the Xilinx VCU118 development board, including the crypto extra tests. Note that this patchset applies on top of the earlier submitted "Add support for the CBCMAC" series. changes since v1: - rebased on top of DES library changes done on cryptodev/master - fixed crypto/Kconfig so that generic fallback is compiled as well Pascal van Leeuwen (3): crypto: inside-secure - Added support for the CHACHA20 skcipher crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD crypto: Kconfig - Add CRYPTO_CHACHA20POLY1305 to CRYPTO_DEV_SAFEXCEL drivers/crypto/Kconfig | 3 +- drivers/crypto/inside-secure/safexcel.c| 3 + drivers/crypto/inside-secure/safexcel.h| 11 + drivers/crypto/inside-secure/safexcel_cipher.c | 335 +++-- 4 files changed, 337 insertions(+), 15 deletions(-) -- 1.8.3.1
[PATCHv2 3/3] crypto: Kconfig - Add CRYPTO_CHACHA20POLY1305 to CRYPTO_DEV_SAFEXCEL
Due to the addition of Chacha20-Poly1305 support to the inside-secure driver, it now depends on CRYPTO_CHACHA20POLY1305. Added reference. changes since v1: - added missing dependency to crypto/Kconfig Signed-off-by: Pascal van Leeuwen --- drivers/crypto/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 83271d9..2ed1a2b 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -19,7 +19,7 @@ config CRYPTO_DEV_PADLOCK (so called VIA PadLock ACE, Advanced Cryptography Engine) that provides instructions for very fast cryptographic operations with supported algorithms. - + The instructions are used only when the CPU supports them. Otherwise software encryption is used. @@ -728,6 +728,7 @@ config CRYPTO_DEV_SAFEXCEL select CRYPTO_SHA1 select CRYPTO_SHA256 select CRYPTO_SHA512 + select CRYPTO_CHACHA20POLY1305 help This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic engines designed by Inside Secure. It currently accelerates DES, 3DES and -- 1.8.3.1
[PATCHv2 2/3] crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD
This patch adds support for the Chacha20-Poly1305 cipher suite.
It adds both the basic rfc7539(chacha20,poly1305) as well as the
rfc7539esp(chacha20,poly1305) variant for IPsec ESP acceleration.
changes since v1:
- rebased on top of DES changes done to cryptodev/master
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 2 +
drivers/crypto/inside-secure/safexcel.h| 8 +
drivers/crypto/inside-secure/safexcel_cipher.c | 276 ++---
3 files changed, 262 insertions(+), 24 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index f958c92..b81f0bc 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1174,6 +1174,8 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_xcbcmac,
&safexcel_alg_cmac,
&safexcel_alg_chacha20,
+ &safexcel_alg_chachapoly,
+ &safexcel_alg_chachapoly_esp,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index c7f1a20..282d59e 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -373,6 +373,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC128 (0x1 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC192 (0x2 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC256 (0x3 << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_POLY1305(0xf << 23)
#define CONTEXT_CONTROL_INV_FR (0x5 << 24)
#define CONTEXT_CONTROL_INV_TR (0x6 << 24)
@@ -385,6 +386,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD (6 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XTS(7 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XCM((6 << 0) | BIT(17))
+#define CONTEXT_CONTROL_CHACHA20_MODE_CALC_OTK (12 << 0)
#define CONTEXT_CONTROL_IV0BIT(5)
#define CONTEXT_CONTROL_IV1BIT(6)
#define CONTEXT_CONTROL_IV2BIT(7)
@@ -397,6 +399,10 @@ struct safexcel_context_record {
#define EIP197_XCM_MODE_GCM1
#define EIP197_XCM_MODE_CCM2
+#define EIP197_AEAD_TYPE_IPSEC_ESP 2
+#define EIP197_AEAD_IPSEC_IV_SIZE 8
+#define EIP197_AEAD_IPSEC_NONCE_SIZE 4
+
/* The hash counter given to the engine in the context has a granularity of
* 64 bits.
*/
@@ -861,5 +867,7 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
extern struct safexcel_alg_template safexcel_alg_cmac;
extern struct safexcel_alg_template safexcel_alg_chacha20;
+extern struct safexcel_alg_template safexcel_alg_chachapoly;
+extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 0bafb14..7f14770 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -17,6 +17,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -43,8 +44,8 @@ struct safexcel_cipher_ctx {
u32 mode;
enum safexcel_cipher_alg alg;
- bool aead;
- int xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
+ char aead; /* !=0=AEAD, 2=IPSec ESP AEAD */
+ char xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
__le32 key[16];
u32 nonce;
@@ -57,6 +58,7 @@ struct safexcel_cipher_ctx {
u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
struct crypto_cipher *hkaes;
+ struct crypto_aead *fback;
};
struct safexcel_cipher_req {
@@ -86,10 +88,24 @@ static void safexcel_cipher_token(struct
safexcel_cipher_ctx *ctx, u8 *iv,
} else if (ctx->alg == SAFEXCEL_CHACHA20) {
cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
- /* 96 bit nonce part */
- memcpy(&cdesc->control_data.token[0], &iv[4], 12);
- /* 32 bit counter */
- cdesc->control_data.token[3] = *(u32 *)iv;
+ if (ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
+ /* 32 bit nonce part */
+ cdesc->control_data.token[0] = ctx->nonce;
+ /* 64 bit IV part */
+ memcpy(&cdesc->control_data.token[1], iv, 8);
+ /* 32 bit counter, starting at 0 */
+ cdesc->control_data.token[3] = 0;
+ } else if (ctx->aead) {
+ /* 96 bit nonce part */
+
[PATCHv3 3/3] crypto: Kconfig - Add CRYPTO_CHACHA20POLY1305 to CRYPTO_DEV_SAFEXCEL
Due to the addition of Chacha20-Poly1305 support to the inside-secure driver, it now depends on CRYPTO_CHACHA20POLY1305. Added reference. changes since v1: - added missing dependency to crypto/Kconfig changes since v2: - nothing Signed-off-by: Pascal van Leeuwen --- drivers/crypto/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 83271d9..2ed1a2b 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -19,7 +19,7 @@ config CRYPTO_DEV_PADLOCK (so called VIA PadLock ACE, Advanced Cryptography Engine) that provides instructions for very fast cryptographic operations with supported algorithms. - + The instructions are used only when the CPU supports them. Otherwise software encryption is used. @@ -728,6 +728,7 @@ config CRYPTO_DEV_SAFEXCEL select CRYPTO_SHA1 select CRYPTO_SHA256 select CRYPTO_SHA512 + select CRYPTO_CHACHA20POLY1305 help This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic engines designed by Inside Secure. It currently accelerates DES, 3DES and -- 1.8.3.1
[PATCHv3 1/3] crypto: inside-secure - Added support for the CHACHA20 skcipher
Added support for the CHACHA20 skcipher algorithm.
Tested on an eip197c-iesb configuration in the Xilinx VCU118 devboard,
passes all testmgr vectors plus the extra fuzzing tests.
changes since v1:
- rebased on top of DES library changes done on cryptodev/master
- fixed crypto/Kconfig so that generic fallback is compiled as well
changes since v2:
- made switch entry SAFEXCEL_AES explit and added empty default, as
requested by Antoine Tenart. Also needed to make SM4 patches apply.
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 1 +
drivers/crypto/inside-secure/safexcel.h| 3 +
drivers/crypto/inside-secure/safexcel_cipher.c | 83 +-
3 files changed, 86 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index d0f49a5..f958c92 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1173,6 +1173,7 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_cbcmac,
&safexcel_alg_xcbcmac,
&safexcel_alg_cmac,
+ &safexcel_alg_chacha20,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 6ddc6d1..c7f1a20 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -358,6 +358,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_AES128 (0x5 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES192 (0x6 << 17)
#define CONTEXT_CONTROL_CRYPTO_ALG_AES256 (0x7 << 17)
+#define CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20(0x8 << 17)
#define CONTEXT_CONTROL_DIGEST_PRECOMPUTED (0x1 << 21)
#define CONTEXT_CONTROL_DIGEST_XCM (0x2 << 21)
#define CONTEXT_CONTROL_DIGEST_HMAC(0x3 << 21)
@@ -378,6 +379,7 @@ struct safexcel_context_record {
/* control1 */
#define CONTEXT_CONTROL_CRYPTO_MODE_ECB(0 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CBC(1 << 0)
+#define CONTEXT_CONTROL_CHACHA20_MODE_256_32 (2 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_OFB(4 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CFB(5 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD (6 << 0)
@@ -858,5 +860,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_cbcmac;
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
extern struct safexcel_alg_template safexcel_alg_cmac;
+extern struct safexcel_alg_template safexcel_alg_chacha20;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index ef51f8c2..15d98a9 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -5,13 +5,14 @@
* Antoine Tenart
*/
+#include
#include
#include
#include
-
#include
#include
#include
+#include
#include
#include
#include
@@ -33,6 +34,7 @@ enum safexcel_cipher_alg {
SAFEXCEL_DES,
SAFEXCEL_3DES,
SAFEXCEL_AES,
+ SAFEXCEL_CHACHA20,
};
struct safexcel_cipher_ctx {
@@ -81,6 +83,15 @@ static void safexcel_cipher_token(struct safexcel_cipher_ctx
*ctx, u8 *iv,
cdesc->control_data.token[3] = cpu_to_be32(1);
return;
+ } else if (ctx->alg == SAFEXCEL_CHACHA20) {
+ cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
+
+ /* 96 bit nonce part */
+ memcpy(&cdesc->control_data.token[0], &iv[4], 12);
+ /* 32 bit counter */
+ cdesc->control_data.token[3] = *(u32 *)iv;
+
+ return;
} else if (ctx->xcm == EIP197_XCM_MODE_GCM) {
cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
@@ -116,6 +127,8 @@ static void safexcel_cipher_token(struct
safexcel_cipher_ctx *ctx, u8 *iv,
block_sz = AES_BLOCK_SIZE;
cdesc->control_data.options |=
EIP197_OPTION_4_TOKEN_IV_CMD;
break;
+ default:
+ break;
}
memcpy(cdesc->control_data.token, iv, block_sz);
}
@@ -480,6 +493,9 @@ static int safexcel_context_control(struct
safexcel_cipher_ctx *ctx,
ctx->key_len >> ctx->xts);
return -EINVAL;
}
+ } else if (ctx->alg == SAFEXCEL_CHACHA20) {
+ cdesc->control_data.control0 |=
+ CONTEXT_CONTROL_CRYPTO_ALG_CHACHA20;
}
return 0;
@@ -2303,3 +23
[PATCHv3 0/3] crypto: inside-secure: Add support for the Chacha20 skcipher and the Chacha20-Poly1305 AEAD suites
Extend driver support with chacha20, rfc7539(chacha20,poly1305) and rfc7539esp(chacha20,poly1305) ciphers. The patchset has been tested with the eip197c_iesb and eip197c_iewxkbc configurations on the Xilinx VCU118 development board, including the crypto extra tests. Note that this patchset applies on top of the earlier submitted "Add support for the CBCMAC" series. changes since v1: - rebased on top of DES library changes done on cryptodev/master - fixed crypto/Kconfig so that generic fallback is compiled as well changes since v2: - made switch entry SAFEXCEL_AES explit and added empty default, as requested by Antoine Tenart. Also needed to make SM4 patches apply. Pascal van Leeuwen (3): crypto: inside-secure - Added support for the CHACHA20 skcipher crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD crypto: Kconfig - Add CRYPTO_CHACHA20POLY1305 to CRYPTO_DEV_SAFEXCEL drivers/crypto/Kconfig | 3 +- drivers/crypto/inside-secure/safexcel.c| 3 + drivers/crypto/inside-secure/safexcel.h| 11 + drivers/crypto/inside-secure/safexcel_cipher.c | 335 - 4 files changed, 338 insertions(+), 14 deletions(-) -- 1.8.3.1
[PATCHv3 2/3] crypto: inside-secure - Add support for the Chacha20-Poly1305 AEAD
This patch adds support for the Chacha20-Poly1305 cipher suite.
It adds both the basic rfc7539(chacha20,poly1305) as well as the
rfc7539esp(chacha20,poly1305) variant for IPsec ESP acceleration.
changes since v1:
- rebased on top of DES library changes done on cryptodev/master
- fixed crypto/Kconfig so that generic fallback is compiled as well
changes since v2:
- nothing
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 2 +
drivers/crypto/inside-secure/safexcel.h| 8 +
drivers/crypto/inside-secure/safexcel_cipher.c | 276 ++---
3 files changed, 262 insertions(+), 24 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index f958c92..b81f0bc 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1174,6 +1174,8 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_xcbcmac,
&safexcel_alg_cmac,
&safexcel_alg_chacha20,
+ &safexcel_alg_chachapoly,
+ &safexcel_alg_chachapoly_esp,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index c7f1a20..282d59e 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -373,6 +373,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC128 (0x1 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC192 (0x2 << 23)
#define CONTEXT_CONTROL_CRYPTO_ALG_XCBC256 (0x3 << 23)
+#define CONTEXT_CONTROL_CRYPTO_ALG_POLY1305(0xf << 23)
#define CONTEXT_CONTROL_INV_FR (0x5 << 24)
#define CONTEXT_CONTROL_INV_TR (0x6 << 24)
@@ -385,6 +386,7 @@ struct safexcel_context_record {
#define CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD (6 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XTS(7 << 0)
#define CONTEXT_CONTROL_CRYPTO_MODE_XCM((6 << 0) | BIT(17))
+#define CONTEXT_CONTROL_CHACHA20_MODE_CALC_OTK (12 << 0)
#define CONTEXT_CONTROL_IV0BIT(5)
#define CONTEXT_CONTROL_IV1BIT(6)
#define CONTEXT_CONTROL_IV2BIT(7)
@@ -397,6 +399,10 @@ struct safexcel_context_record {
#define EIP197_XCM_MODE_GCM1
#define EIP197_XCM_MODE_CCM2
+#define EIP197_AEAD_TYPE_IPSEC_ESP 2
+#define EIP197_AEAD_IPSEC_IV_SIZE 8
+#define EIP197_AEAD_IPSEC_NONCE_SIZE 4
+
/* The hash counter given to the engine in the context has a granularity of
* 64 bits.
*/
@@ -861,5 +867,7 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_xcbcmac;
extern struct safexcel_alg_template safexcel_alg_cmac;
extern struct safexcel_alg_template safexcel_alg_chacha20;
+extern struct safexcel_alg_template safexcel_alg_chachapoly;
+extern struct safexcel_alg_template safexcel_alg_chachapoly_esp;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index 15d98a9..3ac4a09 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -17,6 +17,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -43,8 +44,8 @@ struct safexcel_cipher_ctx {
u32 mode;
enum safexcel_cipher_alg alg;
- bool aead;
- int xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
+ char aead; /* !=0=AEAD, 2=IPSec ESP AEAD */
+ char xcm; /* 0=authenc, 1=GCM, 2 reserved for CCM */
__le32 key[16];
u32 nonce;
@@ -57,6 +58,7 @@ struct safexcel_cipher_ctx {
u32 opad[SHA512_DIGEST_SIZE / sizeof(u32)];
struct crypto_cipher *hkaes;
+ struct crypto_aead *fback;
};
struct safexcel_cipher_req {
@@ -86,10 +88,24 @@ static void safexcel_cipher_token(struct
safexcel_cipher_ctx *ctx, u8 *iv,
} else if (ctx->alg == SAFEXCEL_CHACHA20) {
cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
- /* 96 bit nonce part */
- memcpy(&cdesc->control_data.token[0], &iv[4], 12);
- /* 32 bit counter */
- cdesc->control_data.token[3] = *(u32 *)iv;
+ if (ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
+ /* 32 bit nonce part */
+ cdesc->control_data.token[0] = ctx->nonce;
+ /* 64 bit IV part */
+ memcpy(&cdesc->control_data.token[1], iv, 8);
+ /* 32 bit counter, starting at 0 */
+ cdesc->control_data.token[3] = 0;
+
[PATCH] crypto: inside-secure - Add SM4 based authenc AEAD ciphersuites
This patch adds support for the authenc(hmac(sha1),cbc(sm4)),
authenc(hmac(sm3),cbc(sm4)), authenc(hmac(sha1),rfc3686(ctr(sm4))),
and authenc(hmac(sm3),rfc3686(ctr(sm4))) aead ciphersuites.
These are necessary to support IPsec according to the Chinese standard
GM/T 022-1014 - IPsec VPN specification.
Note that there are no testvectors present in testmgr for these
ciphersuites. However, considering all building blocks have already been
verified elsewhere, it is fair to assume the generic implementation to be
correct-by-construction.
The hardware implementation has been fuzzed against this generic
implementation by means of a locally modified testmgr. The intention is
to upstream these testmgr changes but this is pending other testmgr changes
being made by Eric Biggers.
The patch has been tested with the eip197c_iewxkbc configuration on the
Xilinx VCU118 development board, using the abovementioned modified testmgr
This patch applies on top of "Add support for SM4 ciphers" and needs to
be applied before "Add (HMAC) SHA3 support".
Signed-off-by: Pascal van Leeuwen
---
drivers/crypto/inside-secure/safexcel.c| 4 +
drivers/crypto/inside-secure/safexcel.h| 4 +
drivers/crypto/inside-secure/safexcel_cipher.c | 280 +++--
3 files changed, 274 insertions(+), 14 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel.c
b/drivers/crypto/inside-secure/safexcel.c
index 3c140d8..8f7fdd0 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1183,6 +1183,10 @@ static int safexcel_request_ring_irq(void *pdev, int
irqid,
&safexcel_alg_ofb_sm4,
&safexcel_alg_cfb_sm4,
&safexcel_alg_ctr_sm4,
+ &safexcel_alg_authenc_hmac_sha1_cbc_sm4,
+ &safexcel_alg_authenc_hmac_sm3_cbc_sm4,
+ &safexcel_alg_authenc_hmac_sha1_ctr_sm4,
+ &safexcel_alg_authenc_hmac_sm3_ctr_sm4,
};
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h
b/drivers/crypto/inside-secure/safexcel.h
index 62965fb..1d75044 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -884,5 +884,9 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key,
unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_ofb_sm4;
extern struct safexcel_alg_template safexcel_alg_cfb_sm4;
extern struct safexcel_alg_template safexcel_alg_ctr_sm4;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_sm4;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sm3_cbc_sm4;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_ctr_sm4;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sm3_ctr_sm4;
#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c
b/drivers/crypto/inside-secure/safexcel_cipher.c
index a00f84b..616c214 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -349,19 +350,18 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm,
const u8 *key,
struct crypto_aes_ctx aes;
int err = -EINVAL;
- if (crypto_authenc_extractkeys(&keys, key, len) != 0)
+ if (unlikely(crypto_authenc_extractkeys(&keys, key, len)))
goto badkey;
if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD) {
- /* Minimum keysize is minimum AES key size + nonce size */
- if (keys.enckeylen < (AES_MIN_KEY_SIZE +
- CTR_RFC3686_NONCE_SIZE))
+ /* Must have at least space for the nonce here */
+ if (unlikely(keys.enckeylen < CTR_RFC3686_NONCE_SIZE))
goto badkey;
/* last 4 bytes of key are the nonce! */
ctx->nonce = *(u32 *)(keys.enckey + keys.enckeylen -
CTR_RFC3686_NONCE_SIZE);
/* exclude the nonce here */
- keys.enckeylen -= CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD;
+ keys.enckeylen -= CTR_RFC3686_NONCE_SIZE;
}
/* Encryption key */
@@ -376,6 +376,10 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm,
const u8 *key,
if (unlikely(err))
goto badkey;
break;
+ case SAFEXCEL_SM4:
+ if (unlikely(keys.enckeylen != SM4_KEY_SIZE))
+ goto badkey;
+ break;
default:
dev_err(priv->dev, "aead: unsupported cipher algorithm\n");
goto badkey;
@@ -412,6 +416,11 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm,
const u8 *key,
