The encap shared descriptor was changed to use the new IV convention.
In the process some commands were shifted, making the output length
zero, caam effectively writing garbage in dst.

While here, update the decap descriptor to execute the "write" commands
before the "read"s (as it previously was).
This makes sure the input fifo is drained before becoming full.

Fixes: 46218750 ("crypto: caam - Use new IV convention")
Signed-off-by: NHoria Geant? <horia.geanta@freescale.com>
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch converts rfc4106 to the new calling convention where
the IV is now part of the AD and needs to be skipped.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The new aead_edesc_alloc left out the bit indicating the last
entry on the source SG list.  This patch fixes it.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

I incorrectly removed DESC_MAX_USED_BYTES when enlarging the size
of the shared descriptor buffers, thus making it four times larger
than what is necessary.  This patch restores the division by four
calculation.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch converts the caam GCM implementations to the new AEAD
interface.  This is compile-tested only.

Note that all IV generation for GCM algorithms have been removed.
The reason is that the current generation uses purely random IVs
which is not appropriate for counter-based algorithms where we
first and foremost require uniqueness.

Of course there is no reason why you couldn't implement seqiv or
seqniv within caam since all they do is xor the sequence number
with a salt, but since I can't test this on actual hardware I'll
leave it alone for now.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Currently caam assumes that the SG list contains exactly the number
of bytes required.  This assumption is incorrect.

Up until now this has been harmless.  However with the new AEAD
interface this now breaks as the AD SG list contains more bytes
than just the AD.

This patch fixes this by always clamping the AD SG list by the
specified AD length.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch replaces references to aead_alg with old_aead_alg.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

crt_aead is an internal implementation detail and must not be
used outside of the crypto API itself.  This patch replaces the
unnecessary uses of crt_aead with crypto_aead_ivsize.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The caam driver includes algorithm types that it doesn't even
use, such as struct rng_alg which has recently been moved to an
internal header file and consequently broke the build of caam.

This patch removes these bogus references.
Reported-by: NFengguang Wu <fengguang.wu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

- assoc_nents and src_nents are never zero when all_contig is false
- iv_contig is zero on the else branch
Signed-off-by: NCristian Stoica <cristian.stoica@freescale.com>
Reviewed-by: NRichard Schmitt <richard.schmitt@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Merge DES Cipher Block Chaining mode (CBC) and Triple DES Cipher Block
Chaining mode (CBC) algorithms from ablkcipher to givencrypt.
Signed-off-by: NCatalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for one-shot givencrypt algorithms.
Givencrypt algorithms will generate their IV and encrypt data
within the same shared job descriptors.
Current algorithms merged from ablkcipher to givencrypt are:
 - AES Cipher Block Chaining (CBC)
 - AES Counter Mode (CTR) compliant with RFC3686
Signed-off-by: NCatalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for AES Counter Mode (CTR) compliant with RFC3686 to be
used along with authenc algorithms (md5, sha1, sha224, sha256, sha384,
sha512) as one-shot aead algorithms.
Signed-off-by: NCatalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for Advanced Encryption Standard (AES) in Counter Mode (CTR)
as provided in IPsec implementation standard RFC3686.

ablkcipher shared descriptors now save context registers after job
execution. This is used to load Nonce specific to RFC3686 only at
first execution of shared job descriptor.
Signed-off-by: NCatalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for AES working in Counter Mode
Signed-off-by: NCatalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add AES-GMAC as an IPSec ESP mechanism to provide
data origin authentication, but not confidentiality.
This method is referred as ENCR_NULL_AUTH_AES_GMAC.
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes the assumption that output sequence is not contiguous
when input sequence is not contiguous and in-place encryption is done.
Output sequence does not need to be contiguous with associated data.
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM)
as an IPsec Encapsulating Security Payload (ESP) mechanism
to provide confidentiality and data origin authentication.
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for AES working in Galois Counter Mode.

There is a limitation related to IV size, similar to the one present in
SW implementation (crypto/gcm.c):
The only IV size allowed is 12 bytes. It will be padded by HW to the right
with 0x0000_0001 (up to 16 bytes - AES block size), according to the GCM
specification.
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

AES currently shares descriptor creation functions with DES and 3DES.
DK bit is set in all cases, however it is valid only for
the AES accelerator.
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use dma_mapping_error for every dma_map_single / dma_map_page.
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Acked-by: NKim Phillips <kim.phillips@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

dma_mapping_error checks for an incorrect DMA address:
s/ctx->sh_desc_enc_dma/ctx->sh_desc_dec_dma
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Acked-by: NKim Phillips <kim.phillips@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The layer which registers with the crypto API should check for the presence of
the CAAM device it is going to use.  If the platform's device tree doesn't have
the required CAAM node, the layer should return an error and not register the
algorithms with crypto API layer.
Signed-off-by: NRuchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

At few places in caamhash and caamalg, after allocating a dmable
buffer for sg table , the buffer was being modified.  As per
definition of DMA_FROM_DEVICE ,afer allocation the memory should
be treated as read-only by the driver. This patch shifts the
allocation of dmable buffer for sg table after it is populated
by the  driver, making it read-only as per the DMA API's requirement.
Signed-off-by: NRuchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Re-initialize keys_fit_inline to avoid using its stale encrypt() shared
descriptor value prior to building descriptors for the decrypt() and
givencrypt() cases.
Signed-off-by: NVakul Garg <vakul@freescale.com>
[reworded commit text, enhanced code readability]
Signed-off-by: NKim Phillips <kim.phillips@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The tentacles of this function were firmly attached to various
places in the CAAM code. Just cut them, or this cthulhu function
will sprout them anew.
Signed-off-by: NMarek Vasut <marex@denx.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

(struct caam_ctx) ctx->key_dma needs to be unmapped
when context is cleaned up.
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for the following combinations:
-encryption: null
-authentication: md5, sha* (1, 224, 256, 384, 512)
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Commit 61bb86bb
("crypto: caam - set descriptor sharing type to SERIAL")
changed the descriptor sharing mode from SHARE_WAIT to SHARE_SERIAL.

All descriptor commands that handle the "ok to share" and
"error propagation" settings should also go away, since they have no
meaning for SHARE_SERIAL.
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use the common helper function crypto_authenc_extractkeys() for key
parsing.
Also fix the key buffer overflow condition: use split key pad length
instead of authentication key length.
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

For aead case when source and destination buffers are different,
there is an incorrect assumption that the source length includes the ICV
length. Fix this, since it leads to an oops when using sg_count() to
find the number of nents in the scatterlist:

Unable to handle kernel paging request for data at address 0x00000004
Faulting instruction address: 0xf91f7634
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=8 P4080 DS
Modules linked in: caamalg(+) caam_jr caam
CPU: 1 PID: 1053 Comm: cryptomgr_test Not tainted 3.11.0 #16
task: eeb24ab0 ti: eeafa000 task.ti: eeafa000
NIP: f91f7634 LR: f91f7f24 CTR: f91f7ef0
REGS: eeafbbc0 TRAP: 0300   Not tainted  (3.11.0)
MSR: 00029002 <CE,EE,ME>  CR: 44044044  XER: 00000000
DEAR: 00000004, ESR: 00000000

GPR00: f91f7f24 eeafbc70 eeb24ab0 00000002 ee8e0900 ee8e0800 00000024 c45c4462
GPR08: 00000010 00000000 00000014 0c0e4000 24044044 00000000 00000000 c0691590
GPR16: eeab0000 eeb23000 00000000 00000000 00000000 00000001 00000001 eeafbcc8
GPR24: 000000d1 00000010 ee2d5000 ee49ea10 ee49ea10 ee46f640 ee46f640 c0691590
NIP [f91f7634] aead_edesc_alloc.constprop.14+0x144/0x780 [caamalg]
LR [f91f7f24] aead_encrypt+0x34/0x288 [caamalg]
Call Trace:
[eeafbc70] [a1004000] 0xa1004000 (unreliable)
[eeafbcc0] [f91f7f24] aead_encrypt+0x34/0x288 [caamalg]
[eeafbcf0] [c020d77c] __test_aead+0x3ec/0xe20
[eeafbe20] [c020f35c] test_aead+0x6c/0xe0
[eeafbe40] [c020f420] alg_test_aead+0x50/0xd0
[eeafbe60] [c020e5e4] alg_test+0x114/0x2e0
[eeafbee0] [c020bd1c] cryptomgr_test+0x4c/0x60
[eeafbef0] [c0047058] kthread+0xa8/0xb0
[eeafbf40] [c000eb0c] ret_from_kernel_thread+0x5c/0x64
Instruction dump:
69084321 7d080034 5508d97e 69080001 0f080000 81290024 552807fe 0f080000
3a600001 5529003a 2f8a0000 40dd0028 <80e90004> 3ab50001 8109000c 70e30002
---[ end trace b3c3e23925c7484e ]---

While here, add a tcrypt mode for making it easy to test authenc
(needed for triggering case above).
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

- Earlier interface layers - caamalg, caamhash, caamrng were
  directly using the Controller driver private structure to access
  the Job ring.
- Changed the above to use alloc/free API's provided by Job Ring Drive
Signed-off-by: NRuchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: NGarg Vakul-B16394 <vakul@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The SEC Job Rings are now available as individual devices.
This would enable sharing of job rings between kernel and
user space. Job Rings can now be dynamically bound/unbound
from kernel.

Changes are made in the following layers of CAAM Driver
1. Controller driver
        - Does basic initialization of CAAM Block.
        - Creates platform devices for Job Rings.
(Earlier the initialization of Job ring  was done
 by the controller driver)

2. JobRing Platform driver
        - Manages the platform Job Ring devices created
          by the controller driver
Signed-off-by: NRuchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: NGarg Vakul-B16394 <vakul@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

If the CAAM driver initialization failed (due to various reasons, e.g. RNG4
initialization failed), then the registration of hash/algorithms/rng shouldn't
take place. This patch adds the necessary code to prevent this registration.
Signed-off-by: NAlex Porosanu <alexandru.porosanu@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

CAAM driver contains one macro (xstr) used for printing
the line location in a file where a memdump is done. This patch
replaces the xstr macro with the already existing __stringify
macro that performs the same function.
Signed-off-by: NAlex Porosanu <alexandru.porosanu@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

DESC_JOB_IO_LEN is a generic macro which indicates the space required in
the descriptor for placing SEQIN/OUT commands, job descriptor header,
shared descriptor pointer. Moving it to descriptor construction file
which can be supposedly included by different algo offload files.

Change-Id: Ic8900990d465e9079827b0c7fcacc61766d7efb6
Signed-off-by: NVakul Garg <vakul@freescale.com>
Reviewed-by: NGeanta Neag Horia Ioan-B05471 <horia.geanta@freescale.com>
Reviewed-by: NFleming Andrew-AFLEMING <AFLEMING@freescale.com>
Tested-by: NFleming Andrew-AFLEMING <AFLEMING@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

req->assoc is dma mapped BIDIRECTIONAL and unmapped TO_DEVICE.
Since it is read-only for the device, use TO_DEVICE both for mapping
and unmapping.

Cc: <stable@vger.kernel.org> # 3.9, 3.8
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Following AEAD algo templates are updated for '.type' initialization.
	(a) authenc(hmac(sha224),cbc(aes))
	(b) authenc(hmac(sha384),cbc(aes))
	(c) authenc(hmac(sha224),cbc(des3_ede))
	(d) authenc(hmac(sha384),cbc(des3_ede))
	(e) authenc(hmac(sha224),cbc(des))
	(f) authenc(hmac(sha384),cbc(des))
Signed-off-by: NVakul Garg <vakul@freescale.com>
Reviewed-by: NKim Phillips <kim.phillips@freescale.com>
Signed-off-by: NAndy Fleming <afleming@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This reverts commit 891104ed.

Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.

ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.

Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: NChaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Reviewed-by: NKim Phillips <kim.phillips@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Support for ESNs (extended sequence numbers).
Tested with strongswan by connecting back-to-back P1010RDB with P2020RDB.
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>