In order to pass kernel CRYPTO test, ZIP module parameter
'pf_q_num' needs to be set as greater than 1.
Signed-off-by: NLongfang Liu <liulongfang@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

In order to pass kernel CRYPTO test, SEC module parameter
'pf_q_num' needs to be set as greater than 1.
Signed-off-by: NLongfang Liu <liulongfang@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

In order to pass kernel CRYPTO test, HPRE module parameter
'pf_q_num' needs to be set as greater than 1.
Signed-off-by: NLongfang Liu <liulongfang@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

At present, as HPRE/SEC/ZIP modules' parameter 'pf_q_num' is 1,
kernel CRYPTO test will fail on the algorithms from the modules,
since 'QP' hardware resources are not enough for CRYPTO TFM.
To fix this, the minimum value of 'pf_q_num' should be 2.
Signed-off-by: NLongfang Liu <liulongfang@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Build pci_device_id structure using the PCI_VDEVICE macro.
This removes any references to the ADF_SYSTEM_DEVICE macro.
Suggested-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: NFiona Trahe <fiona.trahe@intel.com>
Reviewed-by: NAndy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replace device ids defined in the QAT drivers with the ones in
include/linux/pci_ids.h.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: NFiona Trahe <fiona.trahe@intel.com>
Reviewed-by: NAndy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The pm_runtime_get_sync() function returns either 0 or 1 on success but
this code treats a return of 1 as a failure.

Fixes: 7694b6ca ("crypto: sa2ul - Add crypto driver")
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

On systems with coherence issues, packet processed could succeed while
it should have failed, e.g. because of an authentication fail.
This is because the driver would read stale status information that had
all error bits initialised to zero = no error.
Since this is potential a security risk, we want to prevent it from being
a possibility at all. So initialize all error bits to error state, so
that reading stale status information will always result in errors.
Signed-off-by: NPascal van Leeuwen <pvanleeuwen@rambus.com>
Acked-by: NAntoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch also fixes the incorrect endianness markings in the
sun4i-ss driver.  It should have no effect in the genereated code.

Instead of using cpu_to_Xe32 followed by a memcpy, this patch
converts the final hash write to use put_unaligned_X instead.
Reported-by: Nkernel test robot <lkp@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

1.Unified alignment styles
2.Remove unnecessary goto branch
3.Remove address printf
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Supplement some comments.
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Some macros which are defined in 'zip.h' are related to the struct
'hisi_zip_sqe' and are only used in 'zip_crypto.c'. So move them from
'zip.h' to 'zip_crypto.c'.
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fix some code for PClint warning:
    Warning - Suspicious Cast
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add print for some error branches.
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Macros 'QPC_COMP', 'QPC_DECOMP' and 'HZIP_CTX_Q_NUM' are relative and
incremental. So, use an enum instead.
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replace 'sprintf' with 'scnprintf' to avoid overrun.
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Update debugfs interface parameters
Signed-off-by: NShukun Tan <tanshukun1@huawei.com>
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

1.Add prefix 'HZIP' for some macros
2.Add prefix 'hisi_zip' for some functions
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

1.Remove the macro 'HZIP_VF_NUM'.
2.Remove 'list' of the struct 'hisi_zip'
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Running export/import for hashes in peculiar order (mostly done by
openssl) can mess up the internal book keeping of the OMAP SHA core.
Fix by forcibly writing the correct DIGCNT back to hardware. This issue
was noticed while transitioning to openssl 1.1 support.

Fixes: 0d373d60 ("crypto: omap-sham - Add OMAP4/AM33XX SHAM Support")
Signed-off-by: NTero Kristo <t-kristo@ti.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Convert the omap-sham driver to use crypto engine for queue handling,
instead of using local implementation.
Signed-off-by: NTero Kristo <t-kristo@ti.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The sa2ul driver uses crypto_authenc_extractkeys and therefore
must select CRYPTO_AUTHENC.

Fixes: 7694b6ca ("crypto: sa2ul - Add crypto driver")
Reported-by: Nkernel test robot <lkp@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: NKeerthy <j-keerthy@ti.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes a couple of sparse endianness warnings in the
ux500 driver.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use pci_name() when creating debugfs entries in order to include PCI
domain in the path.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Pass the error directly from devm_clk_get() to describe the real reason,
instead of fixed ENOENT.  Do not print error messages on deferred probe.
Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org>
Reviewed-by: NKamil Konieczny <k.konieczny@samsung.com>
Acked-by: NKamil Konieczny <k.konieczny@samsung.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add missing and fix existing kerneldoc to silence W=1 warnings:

  drivers/crypto/s5p-sss.c:333: warning: Function parameter or member 'pclk' not described in 's5p_aes_dev'
  drivers/crypto/s5p-sss.c:373: warning: Function parameter or member 'sgl' not described in 's5p_hash_reqctx'
  drivers/crypto/s5p-sss.c:373: warning: Function parameter or member 'buffer' not described in 's5p_hash_reqctx'
  drivers/crypto/s5p-sss.c:1143: warning: Function parameter or member 'new_len' not described in 's5p_hash_prepare_sgs'
  drivers/crypto/s5p-sss.c:1143: warning: Excess function parameter 'nbytes' description in 's5p_hash_prepare_sgs'
Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org>
Reviewed-by: NKamil Konieczny <k.konieczny@samsung.com>
Acked-by: NKamil Konieczny <k.konieczny@samsung.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Because clk_disable_unprepare already checked NULL clock
parameter, so the additional checks are unnecessary, just remove them.
Signed-off-by: NXu Wang <vulab@iscas.ac.cn>
Reviewed-by: NKrzysztof Kozlowski <krzk@kernel.org>
Acked-by: NKamil Konieczny <k.konieczny@samsung.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Xiphera XIP8001B is an FPGA-based True Random Number Generator
Intellectual Property (IP) Core which can be instantiated in
multiple FPGA families. This driver adds Linux support for it through
the hwrng interface.
Signed-off-by: NAtte Tommiska <atte.tommiska@xiphera.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Document the device tree bindings of Xiphera's XIP8001B-trng IP.
Signed-off-by: NAtte Tommiska <atte.tommiska@xiphera.com>
Reviewed-by: NRob Herring <robh@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Xiphera is an FPGA-based cryptographic solutions provider based in
Finland.
Website of the company: https://xiphera.com/Signed-off-by: NAtte Tommiska <atte.tommiska@xiphera.com>
Acked-by: NRob Herring <robh@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Now that crypto/cbc.h is only used by the generic cbc template,
we can merge it back into the CBC code.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Since commit b56f5cbc ("crypto:
arm/aes-neonbs - resolve fallback cipher at runtime") the CBC
encryption path in aes-neonbs is now identical to that obtained
through the cbc template.  This means that it can simply call
the generic cbc template instead of doing its own thing.

This patch removes the custom encryption path and simply invokes
the generic cbc template.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Cryptographic algorithms may have a lifespan that is significantly
shorter than Linux's, and so we need to start phasing out algorithms
that are known to be broken, and are no longer fit for general use.

RC4 (or arc4) is a good example here: there are a few areas where its
use is still somewhat acceptable, e.g., for interoperability with legacy
wifi hardware that can only use WEP or TKIP data encryption, but that
should not imply that, for instance, use of RC4 based EAP-TLS by the WPA
supplicant for negotiating TKIP keys is equally acceptable, or that RC4
should remain available as a general purpose cryptographic transform for
all in-kernel and user space clients.

Now that all in-kernel users that need to retain support have moved to
the arc4 library interface, and the known users of ecb(arc4) via the
socket API (iwd [0] and libell [1][2]) have been updated to switch to a
local implementation, we can take the next step, and mark the ecb(arc4)
skcipher as obsolete, and only provide it if the socket API is enabled in
the first place, as well as provide the option to disable all algorithms
that have been marked as obsolete.

[0] https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=1db8a85a60c64523
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=53482ce421b727c2
[2] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=7f6a137809d42f6bSigned-off-by: NArd Biesheuvel <ardb@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Drop some bogus Kconfig selects that are not entirely accurate, and
unnecessary to begin with, since the same Kconfig options also select
LIB80211 features that already imply the selected functionality (AES
for CCMP, ARC4 and ECB for TKIP)
Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The RC4-HMAC-MD5 KerberosV algorithm is based on RFC 4757 [0], which
was specifically issued for interoperability with Windows 2000, but was
never intended to receive the same level of support. The RFC says

  The IETF Kerberos community supports publishing this specification as
  an informational document in order to describe this widely
  implemented technology.  However, while these encryption types
  provide the operations necessary to implement the base Kerberos
  specification [RFC4120], they do not provide all the required
  operations in the Kerberos cryptography framework [RFC3961].  As a
  result, it is not generally possible to implement potential
  extensions to Kerberos using these encryption types.  The Kerberos
  encryption type negotiation mechanism [RFC4537] provides one approach
  for using such extensions even when a Kerberos infrastructure uses
  long-term RC4 keys.  Because this specification does not implement
  operations required by RFC 3961 and because of security concerns with
  the use of RC4 and MD4 discussed in Section 8, this specification is
  not appropriate for publication on the standards track.

  The RC4-HMAC encryption types are used to ease upgrade of existing
  Windows NT environments, provide strong cryptography (128-bit key
  lengths), and provide exportable (meet United States government
  export restriction requirements) encryption.  This document describes
  the implementation of those encryption types.

Furthermore, this RFC was re-classified as 'historic' by RFC 8429 [1] in
2018, stating that 'none of the encryption types it specifies should be
used'

Note that other outdated algorithms are left in place (some of which are
guarded by CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES), so this should only
adversely affect interoperability with Windows NT/2000 systems that have
not received any updates since 2008 (but are connected to a network
nonetheless)

[0] https://tools.ietf.org/html/rfc4757
[1] https://tools.ietf.org/html/rfc8429Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Acked-by: NJ. Bruce Fields <bfields@redhat.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Switch to the ARC4 library interface, to remove the pointless
dependency on the skcipher API, from which we will hopefully be
able to drop ecb(arc4) skcipher support.
Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Acked-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Switch to the ARC4 library interface, to remove the pointless
dependency on the skcipher API, from which we will hopefully be
able to drop ecb(arc4) skcipher support.
Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Acked-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The RNGB can generate 2^20 words (1 word == 4 byte) of 'random' data
after the seed pool was initialized. The pool needs to be reseeded if
more words are required. The reseeding is done automatically since
commit 3acd9ea9 ("hwrng: imx-rngc - use automatic seeding").

We can't retrieve the TRNG values directly so we need a other way to get
the quality level. We know that the PRNG uses 20.000 entropy samples
from the TRNG to generate 2^20 words (1MiB) and the quality level is
defined as (in bits of entropy per 1024 bits of input). So the quality
level can be calculated by:

   20.000 * 1024
   ------------- = ~ 19.5
        2^20
Signed-off-by: NMarco Felsch <m.felsch@pengutronix.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>