If aead is built as a module along with cryptomgr, it creates a
dependency loop due to the dependency chain aead => crypto_null =>
cryptomgr => aead.

This is due to the presence of the AEAD geniv code.  This code is
not really part of the AEAD API but simply support code for IV
generators such as seqiv.  This patch moves the geniv code into
its own module thus breaking the dependency loop.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The crypto API requires cryptomgr to be present for probing to work
so we need a softdep to ensure that cryptomgr is added to the
initramfs.

This was usually not a problem because until very recently it was
not practical to build crypto API as module but with the recent
work to eliminate direct AES users this is now possible.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The linux-amlogic mailing list need to be in copy of all patch for the amlogic crypto.
Signed-off-by: NCorentin Labbe <clabbe@baylibre.com>
Acked-by: NNeil Armstrong <narmstrong@baylibre.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes two resources leak that occur on error path.
Reported-by: Ncoverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487403 ("RESOURCE_LEAK")
Addresses-Coverity-ID: 1487401 ("Resource leaks")
Fixes: 48fe583f ("crypto: amlogic - Add crypto accelerator for amlogic GXL")
Signed-off-by: NCorentin Labbe <clabbe@baylibre.com>
Reviewed-by: NKees Cook <keescook@chromium.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fixed 2 copy-paste mistakes in the commit mentioned below that caused
authenc w/ (3)DES to consistently fail on Macchiatobin (but strangely
work fine on x86+FPGA??).
Now fully tested on both platforms.

Fixes: 13a1bb93 ("crypto: inside-secure - Fixed warnings...")
Signed-off-by: NPascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When calling debugfs functions, there is no need to ever check the
return value.  The function can work or not, but the code logic should
never do something different based on this.

Cc: Zhou Wang <wangzhou1@hisilicon.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Currently the VF can be enabled only through sysfs interface
after module loaded, but this also needs to be done when the
module loaded in some scenarios.

This patch adds module param vfs_num, adds hisi_zip_sriov_enable()
in probe, and also adjusts the position of probe.
Signed-off-by: NHao Fang <fanghao11@huawei.com>
Signed-off-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fixed mask used for CFSIZE and RFSIZE fields of HIA_OPTIONS register,
these were all 1 bit too wide. Which caused the probing of a standard
EIP97 to actually hang due to assume way too large descriptor FIFO's.
Signed-off-by: NPascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Current polling timeout is 25 us. The hardware is currently configured to
harvest the entropy for 81920 us. This leads to timeouts even during
blocking read (wait=1).

Log snippet:
[    5.727589] [<c040ffcc>] (ks_sa_rng_probe) from [<c04181e8>] (platform_drv_probe+0x58/0xb4)
...
[    5.727805] hwrng: no data available
...
[   13.157016] random: systemd: uninitialized urandom read (16 bytes read)
[   13.157033] systemd[1]: Initializing machine ID from random generator.
...
[   15.848770] random: fast init done
...
[   15.848807] random: crng init done

After the patch:
[    6.223534] random: systemd: uninitialized urandom read (16 bytes read)
[    6.223551] systemd[1]: Initializing machine ID from random generator.
...
[    6.876075] random: fast init done
...
[    6.954200] random: systemd: uninitialized urandom read (16 bytes read)
[    6.955244] random: systemd: uninitialized urandom read (16 bytes read)
...
[    7.121948] random: crng init done
Signed-off-by: NAlexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fix the warning below.
./crypto/tgr192.c:558:43-44: Unneeded semicolon
./crypto/tgr192.c:586:44-45: Unneeded semicolon

Fixes: f63fbd3d ("crypto: tgr192 - Switch to shash")
Signed-off-by: NTian Tao <tiantao6@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

There are spelling mistakes in dev_warn and dev_err messages. Fix these.
Change "recommandation" to "recommendation" and "tryed" to "tried".
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add platform support for the new IP found on sam9x60 SoC. For this
version, if the peripheral clk is above 100MHz, the HALFR bit must be
set. This bit is available only if the IP can generate a random number
every 168 cycles (instead of 84).
Signed-off-by: NCodrin Ciubotariu <codrin.ciubotariu@microchip.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add compatible for new IP found on sam9x60 SoC.
Signed-off-by: NCodrin Ciubotariu <codrin.ciubotariu@microchip.com>
Acked-by: NRob Herring <robh@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The following error is raised when CONFIG_CRYPTO_DEV_ATMEL_AES=y and
CONFIG_CRYPTO_DEV_ATMEL_AUTHENC=m:
drivers/crypto/atmel-aes.o: In function `atmel_aes_authenc_setkey':
atmel-aes.c:(.text+0x9bc): undefined reference to `crypto_authenc_extractkeys'
Makefile:1094: recipe for target 'vmlinux' failed

Fix it by moving the selection of CRYPTO_AUTHENC under
config CRYPTO_DEV_ATMEL_AES.

Fixes: 89a82ef8 ("crypto: atmel-authenc - add support to...")
Signed-off-by: NTudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

safexcel_remove misses disabling priv->reg_clk like what is done when
probe fails.
Add the missed call to fix it.
Signed-off-by: NChuhong Yuan <hslester96@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replace #ifdef CONFIG_NUMA with IS_ENABLED(CONFIG_NUMA) to fix kbuild error.

Fixes: 700f7d0d ("crypto: hisilicon - fix to return...")
Signed-off-by: NZhou Wang <wangzhou1@hisilicon.com>
Reported-by: Nkbuild test robot <lkp@intel.com>
Acked-by: NOlof Johansson <olof@lixom.net>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use kmemdup rather than duplicating its implementation

Generated by: scripts/coccinelle/api/memdup.cocci

Fixes: f08fcced ("crypto: allwinner - Add sun8i-ss cryptographic offloader")
CC: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Nkbuild test robot <lkp@intel.com>
Signed-off-by: NJulia Lawall <julia.lawall@lip6.fr>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Generated by: scripts/coccinelle/misc/semicolon.cocci

Fixes: f08fcced ("crypto: allwinner - Add sun8i-ss cryptographic offloader")
CC: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Nkbuild test robot <lkp@intel.com>
Signed-off-by: NJulia Lawall <julia.lawall@lip6.fr>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes a crash that can happen during probe
when the available dma memory is not enough (this can
happen if the crypto4xx is built as a module).

The descriptor window mapping would end up being free'd
twice, once in crypto4xx_build_pdr() and the second time
in crypto4xx_destroy_sdr().

Fixes: 5d59ad6e ("crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak")
Cc: <stable@vger.kernel.org>
Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Here adds maintainer information for HiSilicon TRNG V2 driver.
Signed-off-by: NZaibo Xu <xuzaibo@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This series adds HiSilicon true random number generator(TRNG)
driver in hw_random subsystem.
Signed-off-by: NZaibo Xu <xuzaibo@huawei.com>
Signed-off-by: NWeili Qian <qianweili@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Currently when the call to crypto_engine_alloc_init fails the error
return path returns an uninitialized value in the variable err. Fix
this by setting err to -ENOMEM.

Addresses-Coverity: ("Uninitialized scalar variable")
Fixes: 48fe583f ("crypto: amlogic - Add crypto accelerator for amlogic GXL")
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Acked-by: NCorentin Labbe <clabbe@baylibre.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use kmemdup rather than duplicating its implementation
Signed-off-by: NYueHaibing <yuehaibing@huawei.com>
Acked-by: NCorentin Labbe <clabbe@baylibre.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes the remaining sparse endianness warnings.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

As it is if CONFIG_CRYPTO_DEV_ATMEL_AUTHENC is set to m it is in
effect disabled.  This patch fixes it by using IS_ENABLED instead
of ifdef.

Fixes: 89a82ef8 ("crypto: atmel-authenc - add support to...")
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: NTudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch restores the CRYPTO_AES dependency. This is
necessary since some of the crypto4xx driver provided
modes need functioning software fallbacks for
AES-CTR/CCM and GCM.

Fixes: da3e7a97 ("crypto: amcc - switch to AES library for GCM key derivation")
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
Acked-by: NArd Biesheuvel <ardb@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Currently find_zip_device() finds zip device which has the min NUMA
distance with current CPU.

This patch modifies find_zip_device to return sub-optimal device when best
device has no qps. This patch sorts all devices by NUMA distance, then
finds the best zip device which has free qp.
Signed-off-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NShukun Tan <tanshukun1@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use sgl API to get sgl dma addr and len, this will help to avoid compile
error in some platforms. So NEED_SG_DMA_LENGTH can be removed here, which
can only be selected by arch code.
Signed-off-by: NZhou Wang <wangzhou1@hisilicon.com>
Suggested-by: NHerbert Xu <herbert@gondor.apana.org.au>
Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Now that the blkcipher algorithm type has been removed in favor of
skcipher, rename the crypto_blkcipher kernel module to crypto_skcipher,
and rename the config options accordingly:

	CONFIG_CRYPTO_BLKCIPHER => CONFIG_CRYPTO_SKCIPHER
	CONFIG_CRYPTO_BLKCIPHER2 => CONFIG_CRYPTO_SKCIPHER2
Signed-off-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Now that all "blkcipher" algorithms have been converted to "skcipher",
remove the blkcipher algorithm type.

The skcipher (symmetric key cipher) algorithm type was introduced a few
years ago to replace both blkcipher and ablkcipher (synchronous and
asynchronous block cipher).  The advantages of skcipher include:

  - A much less confusing name, since none of these algorithm types have
    ever actually been for raw block ciphers, but rather for all
    length-preserving encryption modes including block cipher modes of
    operation, stream ciphers, and other length-preserving modes.

  - It unified blkcipher and ablkcipher into a single algorithm type
    which supports both synchronous and asynchronous implementations.
    Note, blkcipher already operated only on scatterlists, so the fact
    that skcipher does too isn't a regression in functionality.

  - Better type safety by using struct skcipher_alg, struct
    crypto_skcipher, etc. instead of crypto_alg, crypto_tfm, etc.

  - It sometimes simplifies the implementations of algorithms.

Also, the blkcipher API was no longer being tested.
Signed-off-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Now that the crypto_skcipher_type() function has been removed, there's
no reason to call the crypto_type struct for skciphers
"crypto_skcipher_type2".  Rename it to simply "crypto_skcipher_type".
Signed-off-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

crypto_has_ablkcipher() has no users, and it does the same thing as
crypto_has_skcipher() anyway.  So remove it.  This also removes the last
user of crypto_skcipher_type() and crypto_skcipher_mask(), so remove
those too.
Signed-off-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

crypto_has_skcipher() and crypto_has_skcipher2() do the same thing: they
check for the availability of an algorithm of type skcipher, blkcipher,
or ablkcipher, which also meets any non-type constraints the caller
specified.  And they have exactly the same prototype.

Therefore, eliminate the redundancy by removing crypto_has_skcipher()
and renaming crypto_has_skcipher2() to crypto_has_skcipher().
Signed-off-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds documentation for Device-Tree bindings of the
Security System cryptographic offloader driver.
Signed-off-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NMaxime Ripard <mripard@kernel.org>
Reviewed-by: NRob Herring <robh@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The Security System is an hardware cryptographic offloader present
on Allwinner SoCs A80 and A83T.
It is different from the previous sun4i-ss.

This driver supports AES cipher in CBC and ECB mode.
Acked-by: NMaxime Ripard <mripard@kernel.org>
Signed-off-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Test vectors for blake2b with various digest sizes. As the algorithm is
the same up to the digest calculation, the key and input data length is
distributed in a way that tests all combinanions of the two over the
digest sizes.

Based on the suggestion from Eric, the following input sizes are tested
[0, 1, 7, 15, 64, 247, 256], where blake2b blocksize is 128, so the
padded and the non-padded input buffers are tested.

          blake2b-160  blake2b-256  blake2b-384  blake2b-512
         ---------------------------------------------------
len=0   | klen=0       klen=1       klen=32      klen=64
len=1   | klen=32      klen=64      klen=0       klen=1
len=7   | klen=64      klen=0       klen=1       klen=32
len=15  | klen=1       klen=32      klen=64      klen=0
len=64  | klen=0       klen=1       klen=32      klen=64
len=247 | klen=32      klen=64      klen=0       klen=1
len=256 | klen=64      klen=0       klen=1       klen=32

Where key:

- klen=0: empty key
- klen=1: 1 byte value 0x42, 'B'
- klen=32: first 32 bytes of the default key, sequence 00..1f
- klen=64: default key, sequence 00..3f

The unkeyed vectors are ordered before keyed, as this is required by
testmgr.

CC: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The patch brings support of several BLAKE2 variants (2b with various
digest lengths).  The keyed digest is supported, using tfm->setkey call.
The in-tree user will be btrfs (for checksumming), we're going to use
the BLAKE2b-256 variant.

The code is reference implementation taken from the official sources and
modified in terms of kernel coding style (whitespace, comments, uintXX_t
-> uXX types, removed unused prototypes and #ifdefs, removed testing
code, changed secure_zero_memory -> memzero_explicit, used own helpers
for unaligned reads/writes and rotations).

Further changes removed sanity checks of key length or output size,
these values are verified in the crypto API callbacks or hardcoded in
shash_alg and not exposed to users.
Signed-off-by: NDavid Sterba <dsterba@suse.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Since we have a dedicated Allwinner directory for crypto driver, move
the sun4i-ss driver in it.
Acked-by: NMaxime Ripard <mripard@kernel.org>
Signed-off-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The Crypto Engine is an hardware cryptographic offloader present
on all recent Allwinner SoCs H2+, H3, R40, A64, H5, H6

This driver supports AES cipher in CBC/ECB mode.
Acked-by: NMaxime Ripard <mripard@kernel.org>
Signed-off-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Since a second Allwinner crypto driver will be added, it is better to
create a dedicated subdirectory.
Acked-by: NMaxime Ripard <mripard@kernel.org>
Signed-off-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>