Hi Linus:
This push fixes the following issues:
- Fix missed wake-up race in padata.
- Use crypto_memneq in ccp.
- Fix version check in ccp.
- Fix fuzz test failure in ccp.
- Fix potential double free in crypto4xx.
- Fix compile warning in stm32.
The following changes since commit f3880a23564e
From: Horia Geantă
Update alginfo struct to keep both virtual and dma key addresses,
so that descriptors have them at hand.
One example where this is needed is in the xcbc(aes) shared descriptors,
which are updated in current patch.
Another example is the upcoming fix for DKP.
Signed-off-by: Hor
From: Horia Geantă
skcipher encryption might fail and in some cases, like (invalid) input
length smaller then block size, updating the IV would lead to a useless
IV copy in case hardware issued an error.
Signed-off-by: Horia Geantă
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caamalg
Commit 1b46c90c8e00 ("crypto: caam - convert top level drivers to libraries")
changed entry and exit points behavior for caamalg,
caamalg_qi, caamalg_qi2, caamhash, caampkc, caamrng.
For example, previously caam_pkc_init() and caam_pkc_exit() were
module entry/exit points. This means that if an er
Update share descriptor for rfc4106 to skip instructions in case
cryptlen is zero. If no instructions are jumped the DECO hangs and a
timeout error is thrown.
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caamalg_desc.c | 46 +-
drivers/crypto/caam/caa
Check assoclen to solve the extra tests that expect -EINVAL to be
returned when the associated data size is not valid.
Validated assoclen for RFC4106 and RFC4543 which expects an assoclen
of 16 or 20.
Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof IP
Header (spi, seq_no, exte
The series solves:
- the failures found with fuzz testing;
- resources clean-up on caampkc/caamrng exit path.
The first 10 patches solve the issues found with
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS enabled.
They modify the drivers to provide a valid error (and not the hardware
error ID) to the user, vi
From: Horia Geantă
Modify drive to provide a valid errno (and not the HW error ID)
to the user, via completion callbacks.
A "valid errno" is currently not explicitly mentioned in the docs,
however the error code is expected to match the one returned by the
generic SW implementation.
Note: in mo
To be consistent with other CAAM modules, caamhash should return 0
instead of -ENODEV in case CAAM has no MDHA.
Based on commit 1b46c90c8e00 ("crypto: caam - convert top level drivers to
libraries")
the value returned by entry point is never checked and
the exit point is always executed.
Signed-
From: Horia Geantă
ERN handler calls the caam/qi frontend "done" callback with a status
of -EIO. This is incorrect, since the callback expects a status value
meaningful for the crypto engine - hence the cryptic messages
like the one below:
platform caam_qi: 15: unknown error source
Fix this by p
Check authsize to solve the extra tests that expect -EINVAL to be
returned when the authentication tag size is not valid.
Validated authsize for GCM, RFC4106 and RFC4543.
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caamalg.c | 13 +
drivers/crypto/caam/caamalg_qi.c |
Check the return value of the hardware registration for caam_rng and free
resources in case of failure.
Fixes: 6e4e603a9 ("crypto: caam - Dynamic memory allocation for caam_rng_ctx
object")
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caamrng.c | 5 -
1 file changed, 4 insertions(+
Check zero-length input, for skcipher algorithm, to solve the extra
tests. This is a valid operation, therefore the API will return no error.
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caamalg.c | 6 ++
drivers/crypto/caam/caamalg_qi.c | 3 +++
drivers/crypto/caam/caamalg_qi2
To know if a registration succeeded added a new struct,
caam_akcipher_alg, that keeps, also, the registration status.
This status is updated in caam_pkc_init and verified in
caam_pkc_exit to unregister an algorithm.
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caampkc.c | 49 +++
From: Horia Geantă
DKP cannot be used with immediate input key if |user key| > |derived key|,
since the resulting descriptor (after DKP execution) would be invalid -
having a few bytes from user key left in descriptor buffer
as incorrect opcodes.
Fix DKP usage both in standalone hmac and in auth
Check key length to solve the extra tests that expect -EINVAL to be
returned when the key size is not valid.
Validated AES keylen for skcipher and ahash.
The check_aes_keylen function is added in a common file, to be used
also for caam/qi and caam/qi2.
Signed-off-by: Iuliana Prodan
---
drivers
On 7/18/19 8:16 AM, Chuhong Yuan wrote:
> Use dma_pool_zalloc instead of using dma_pool_alloc to allocate
> memory and then zeroing it with memset 0.
> This simplifies the code.
>
> Signed-off-by: Chuhong Yuan
Acked-by: Gary R Hook
> ---
> drivers/crypto/ccp/ccp-ops.c | 3 +--
> 1 file chan
On Thu, Jul 18, 2019 at 11:17 PM 'Nick Desaulniers' via Clang Built
Linux wrote:
> On Thu, Jul 18, 2019 at 6:50 AM Arnd Bergmann wrote:
> > diff --git a/crypto/aegis.h b/crypto/aegis.h
> > index 41a3090cda8e..efed7251c49d 100644
> > --- a/crypto/aegis.h
> > +++ b/crypto/aegis.h
> > @@ -34,21 +34,
On Thu, Jul 18, 2019 at 6:50 AM Arnd Bergmann wrote:
>
> Clang sometimes makes very different inlining decisions from gcc.
> In case of the aegis crypto algorithms, it decides to turn the innermost
> primitives (and, xor, ...) into separate functions but inline most of
> the rest.
>
> This results
On Thu, 2019-07-18 at 15:50 +0200, Arnd Bergmann wrote:
> Clang sometimes makes very different inlining decisions from gcc.
> In case of the aegis crypto algorithms, it decides to turn the innermost
> primitives (and, xor, ...) into separate functions but inline most of
> the rest.
> This results
On Thu, Jul 18, 2019 at 10:59:07PM +0800, Herbert Xu wrote:
>
> So I presume the driver does enforce the limit. Please actually
> state that in the commit description for future reference.
Also have you looked at whether other drivers would be affected
by this? It wouldn't be so nice if this cha
The function padata_reorder will use a timer when it cannot progress
while completed jobs are outstanding (pd->reorder_objects > 0). This
is suboptimal as if we do end up using the timer then it would have
introduced a gratuitous delay of one second.
In fact we can easily distinguish between whet
On 7/18/2019 5:45 PM, Iuliana Prodan wrote:
> From: Horia Geantă
>
> skcipher encryption might fail and in some cases, like (invalid) input
> length smaller then block size, updating the IV would lead to panic
> due to copying from a negative offset (req->cryptlen - ivsize).
>
The commit message
On Thu, Jul 18, 2019 at 02:56:35PM +, Iuliana Prodan wrote:
>
> Yes, this is for fuzz testing.
> The generic implementation for rfc4543 considers any assoclen valid,
> which is not correct.
So I presume the driver does enforce the limit. Please actually
state that in the commit description f
On Thu, Jul 18, 2019 at 10:27:30AM -0400, Daniel Jordan wrote:
>
> That's what I expected when I first saw it too, but nr_cpumask_bits is
> returned
> to signal the end of the iteration. The patch always passes 0 for the 'start'
> argument, so when cpumask_next_wrap is called with the last cpu in
On 7/18/2019 5:46 PM, Herbert Xu wrote:
> On Thu, Jul 18, 2019 at 05:43:04PM +0300, Iuliana Prodan wrote:
>> Based on seqiv, IPsec ESP and rfc4543/rfc4106 the assoclen can be 16 or
>> 20 bytes.
>>
>> >From esp4/esp6, assoclen is sizeof IP Header. This includes spi, seq_no
>> and extended seq_no, th
On Thu, Jul 18, 2019 at 10:25:15AM -0400, Daniel Jordan wrote:
>
> Which memory barrier do you mean? I think you're referring to the one that
> atomic_inc might provide? If so, the memory model maintainers can correct me
> here, but my understanding is that RMW atomic ops that don't return values
Moved to a common location the symbols shared by all CAAM drivers (jr,
qi, qi2).
Signed-off-by: Iuliana Prodan
---
This patch depends on series:
https://patchwork.kernel.org/project/linux-crypto/list/?series=147479
drivers/crypto/caam/common_if.c | 7 +++
drivers/crypto/caam/common_if.h | 7
On Thu, Jul 18, 2019 at 05:43:04PM +0300, Iuliana Prodan wrote:
> Based on seqiv, IPsec ESP and rfc4543/rfc4106 the assoclen can be 16 or
> 20 bytes.
>
> >From esp4/esp6, assoclen is sizeof IP Header. This includes spi, seq_no
> and extended seq_no, that is 8 or 12 bytes.
> In seqiv, to asscolen i
Check authsize to solve the extra tests that expect -EINVAL to be
returned when the authentication tag size is not valid.
Validated authsize for GCM, RFC4106 and RFC4543.
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caamalg.c | 13 +
drivers/crypto/caam/caamalg_qi.c |
To know if a registration succeeded added a new struct,
caam_akcipher_alg, that keeps, also, the registration status.
This status is updated in caam_pkc_init and verified in
caam_pkc_exit to unregister an algorithm.
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caampkc.c | 49 +++
Commit 1b46c90c8e00 ("crypto: caam - convert top level drivers to libraries")
changed entry and exit points behavior for caamalg,
caamalg_qi, caamalg_qi2, caamhash, caampkc, caamrng.
For example, previously caam_pkc_init() and caam_pkc_exit() were
module entry/exit points. This means that if an er
From: Horia Geantă
ERN handler calls the caam/qi frontend "done" callback with a status
of -EIO. This is incorrect, since the callback expects a status value
meaningful for the crypto engine - hence the cryptic messages
like the one below:
platform caam_qi: 15: unknown error source
Fix this by p
Check assoclen to solve the extra tests that expect -EINVAL to be
returned when the associated data size is not valid.
Validated assoclen for RFC4106 and RFC4543 which expects an assoclen
of 16 or 20.
Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof IP
Header (spi, seq_no, exte
From: Horia Geantă
Modify drive to provide a valid errno (and not the HW error ID)
to the user, via completion callbacks.
A "valid errno" is currently not explicitly mentioned in the docs,
however the error code is expected to match the one returned by the
generic SW implementation.
Note: in mo
Check zero-length input, for skcipher algorithm, to solve the extra
tests. This is a valid operation, therefore the API will return no error.
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caamalg.c | 6 ++
drivers/crypto/caam/caamalg_qi.c | 3 +++
drivers/crypto/caam/caamalg_qi2
From: Horia Geantă
DKP cannot be used with immediate input key if |user key| > |derived key|,
since the resulting descriptor (after DKP execution) would be invalid -
having a few bytes from user key left in descriptor buffer
as incorrect opcodes.
Fix DKP usage both in standalone hmac and in auth
From: Horia Geantă
Update alginfo struct to keep both virtual and dma key addresses,
so that descriptors have them at hand.
One example where this is needed is in the xcbc(aes) shared descriptors,
which are updated in current patch.
Another example is the upcoming fix for DKP.
Signed-off-by: Hor
To be consistent with other CAAM modules, caamhash should return 0
instead of -ENODEV in case CAAM has no MDHA.
Based on commit 1b46c90c8e00 ("crypto: caam - convert top level drivers to
libraries")
the value returned by entry point is never checked and
the exit point is always executed.
Signed-
Update share descriptor for rfc4106 to skip instructions in case
cryptlen is zero. If no instructions are jumped the DECO hangs and a
timeout error is thrown.
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caamalg_desc.c | 46 +-
drivers/crypto/caam/caa
Check the return value of the hardware registration for caam_rng and free
resources in case of failure.
Fixes: 6e4e603a9 ("crypto: caam - Dynamic memory allocation for caam_rng_ctx
object")
Signed-off-by: Iuliana Prodan
---
drivers/crypto/caam/caamrng.c | 5 -
1 file changed, 4 insertions(+
From: Horia Geantă
skcipher encryption might fail and in some cases, like (invalid) input
length smaller then block size, updating the IV would lead to panic
due to copying from a negative offset (req->cryptlen - ivsize).
Signed-off-by: Horia Geantă
Signed-off-by: Iuliana Prodan
---
drivers/c
Check key length to solve the extra tests that expect -EINVAL to be
returned when the key size is not valid.
Validated AES keylen for skcipher and ahash.
The check_aes_keylen function is added in a common file, to be used
also for caam/qi and caam/qi2.
Signed-off-by: Iuliana Prodan
---
drivers
The series solves:
- the failures found with fuzz testing;
- resources clean-up on caampkc/caamrng exit path.
The first 10 patches solve the issues found with
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS enabled.
They modify the drivers to provide a valid error (and not the hardware
error ID) to the user, vi
Based on seqiv, IPsec ESP and rfc4543/rfc4106 the assoclen can be 16 or
20 bytes.
>From esp4/esp6, assoclen is sizeof IP Header. This includes spi, seq_no
and extended seq_no, that is 8 or 12 bytes.
In seqiv, to asscolen is added the IV size (8 bytes).
Therefore, the assoclen, for rfc4543, should
On Thu, Jul 18, 2019 at 11:31:31AM +0800, Herbert Xu wrote:
> On Wed, Jul 17, 2019 at 02:32:27PM -0400, Daniel Jordan wrote:
> >
> > We'll crash when cpumask_next_wrap returns nr_cpumask_bits and later try to
> > get
> > the corresponding per-cpu queue.
>
> The whole point of cpumask_next_wrap is
On Thu, Jul 18, 2019 at 11:30:08AM +0800, Herbert Xu wrote:
> On Wed, Jul 17, 2019 at 07:21:36PM -0400, Daniel Jordan wrote:
> >
> > > @@ -388,12 +336,12 @@ void padata_do_serial(struct padata_priv *padata)
> > > pqueue = per_cpu_ptr(pd->pqueue, cpu);
> > >
> > > spin_lock(&pqueue->reorder.lo
Clang sometimes makes very different inlining decisions from gcc.
In case of the aegis crypto algorithms, it decides to turn the innermost
primitives (and, xor, ...) into separate functions but inline most of
the rest.
This results in a huge amount of variables spilled on the stack, leading
to rat
Use dma_pool_zalloc instead of using dma_pool_alloc to allocate
memory and then zeroing it with memset 0.
This simplifies the code.
Signed-off-by: Chuhong Yuan
---
drivers/crypto/ccp/ccp-ops.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/crypto/ccp/ccp-ops.c b/dr
While running ipsec processing for traffic through multiple network
interfaces, it is observed that caam driver gets less time to poll
responses from caam block compared to ethernet driver. This is because
ethernet driver has as many napi instances per cpu as the number of
ethernet interfaces in sy
Move existing code to trusted keys subsystem. Also, rename files with
"tpm" as suffix which provides the underlying implementation.
Suggested-by: Jarkko Sakkinen
Signed-off-by: Sumit Garg
---
crypto/asymmetric_keys/asym_tpm.c | 2 +-
include/keys/{trusted.h => trusted_tpm.
Current trusted keys framework is tightly coupled to use TPM device as
an underlying implementation which makes it difficult for implementations
like Trusted Execution Environment (TEE) etc. to provide trusked keys
support in case platform doesn't posses a TPM device.
So this patch tries to add ge
This patch-set is an outcome of discussion here [1].
I have tested this framework with trusted keys support provided via TEE
but I wasn't able to test it with a TPM device as I don't possess one. It
would be really helpful if others could test this patch-set using a TPM
device.
[1] https://www.ma
53 matches
Mail list logo
