Driver of HiSilicon true random number generator(TRNG)
is removed from 'drivers/char/hw_random'.

Both 'Kunpeng 920' and 'Kunpeng 930' chips have TRNG,
however, PRNG is only supported by 'Kunpeng 930'.
So, this driver is moved to 'drivers/crypto/hisilicon/trng/'
in the next to enable the two's TRNG better.
Signed-off-by: NWeili Qian <qianweili@huawei.com>
Reviewed-by: NZaibo Xu <xuzaibo@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes a coulpe of sparse endianness warnings.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes a sparse endianness warning in sha256-spe.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes a number of endianness warnings in the mips/octeon
code.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

 Condition !A || A && B is equivalent to !A || B.

Generated by: scripts/coccinelle/misc/excluded_middle.cocci

Fixes: b76f0ea0 ("coccinelle: misc: add excluded_middle.cocci script")
CC: Denis Efremov <efremov@linux.com>
Reported-by: Nkernel test robot <lkp@intel.com>
Signed-off-by: Nkernel test robot <lkp@intel.com>
Signed-off-by: NJulia Lawall <julia.lawall@inria.fr>
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Partial hash was being copied into the final result buffer without the
entire message block processed. Depending on how the end user processes
this result buffer, errors vary from result buffer corruption to result
buffer poisoing. Fix this issue by ensuring that only the final hash value
is copied into the result buffer.
Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: NThara Gopinath <thara.gopinath@linaro.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support Qualcomm Crypto Engine accelerated encryption and
authentication algorithms on sdm845.
Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: NThara Gopinath <thara.gopinath@linaro.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Wiring the SIMD code into the generic driver has the unfortunate side
effect that the tcrypt testing code cannot distinguish them, and will
therefore not use the latter to fuzz test the former, as it does for
other algorithms.

So let's refactor the code a bit so we can register two implementations:
aegis128-generic and aegis128-simd.
Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Reviewed-by: NOndrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Instead of calculating the tag and returning it to the caller on
decryption, use a SIMD compare and min across vector to perform
the comparison. This is slightly more efficient, and removes the
need on the caller's part to wipe the tag from memory if the
decryption failed.

While at it, switch to unsigned int when passing cryptlen and
assoclen - we don't support input sizes where it matters anyway.
Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Reviewed-by: NOndrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Avoid copying the tail block via a stack buffer if the total size
exceeds a single AEGIS block. In this case, we can use overlapping
loads and stores and NEON permutation instructions instead, which
leads to a modest performance improvement on some cores (< 5%),
and is slightly cleaner. Note that we still need to use a stack
buffer if the entire input is smaller than 16 bytes, given that
we cannot use 16 byte NEON loads and stores safely in this case.
Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Reviewed-by: NOndrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The AEGIS spec mentions explicitly that the security guarantees hold
only if the resulting plaintext and tag of a failed decryption are
withheld. So ensure that we abide by this.

While at it, drop the unused struct aead_request *req parameter from
crypto_aegis128_process_crypt().
Reviewed-by: NOndrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes the following smatch warnings:
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c:412
sun8i_ce_hash_run() warn: possible memory leak of 'result'
Note: "buf" is leaked as well.

Furthermore, in case of ENOMEM, crypto_finalize_hash_request() was not
called which was an error.

Fixes: 56f6d5ae ("crypto: sun8i-ce - support hash algorithms")
Reported-by: Nkernel test robot <lkp@intel.com>
Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NCorentin Labbe <clabbe@baylibre.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

There are a couple of spelling mistakes in two crypto Kconfig files.
Fix these.
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for QAT 4xxx devices.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: NFiona Trahe <fiona.trahe@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add an hook to initialize the vector routing table with the default
values before MSIx is enabled.
The new function set_msix_rttable() is called only if present in the
struct adf_hw_device_data of the device. This is to allow for QAT
devices that do not support that functionality.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: NFiona Trahe <fiona.trahe@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Introduce support for devices that require multiple firmware images.
If a device requires more than a firmware image to operate, load the
image to the appropriate Acceleration Engine (AE).
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: NFiona Trahe <fiona.trahe@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The pm_runtime_enable will increase power disable depth.
Thus a pairing decrement is needed on the error handling
path to keep it balanced according to context.

Fixes: f7b2b5dd ("crypto: omap-aes - add error check for pm_runtime_get_sync")
Signed-off-by: NZhang Qilong <zhangqilong3@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The patch 'irqchip/gic-v3-its: Balance initial LPI affinity across CPUs'
set the IRQ to an uncentain CPU. If an IRQ is bound to the CPU used by the
thread which is sending request, the throughput will be just half.

So allocate a 'work_queue' and set as 'WQ_UNBOUND' to do the back half work
on some different CPUS.
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZaibo Xu <xuzaibo@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch moves the curve25519_selftest into curve25519.h so
we don't get a warning from gcc complaining about a missing
prototype.
Reported-by: Nkernel test robot <lkp@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2,
and <crypto/sha3.h> contains declarations for SHA-3.

This organization is inconsistent, but more importantly SHA-1 is no
longer considered to be cryptographically secure.  So to the extent
possible, SHA-1 shouldn't be grouped together with any of the other SHA
versions, and usage of it should be phased out.

Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and
<crypto/sha2.h>, and make everyone explicitly specify whether they want
the declarations for SHA-1, SHA-2, or both.

This avoids making the SHA-1 declarations visible to files that don't
want anything to do with SHA-1.  It also prepares for potentially moving
sha1.h into a new insecure/ or dangerous/ directory.
Signed-off-by: NEric Biggers <ebiggers@google.com>
Acked-by: NArd Biesheuvel <ardb@kernel.org>
Acked-by: NJason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Clang warns:

drivers/crypto/amcc/crypto4xx_core.c:921:60: warning: operator '?:' has
lower precedence than '|'; '|' will be evaluated first
[-Wbitwise-conditional-parentheses]
                 (crypto_tfm_alg_type(req->tfm) == CRYPTO_ALG_TYPE_AEAD) ?
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
drivers/crypto/amcc/crypto4xx_core.c:921:60: note: place parentheses
around the '|' expression to silence this warning
                 (crypto_tfm_alg_type(req->tfm) == CRYPTO_ALG_TYPE_AEAD) ?
                                                                         ^
                                                                        )
drivers/crypto/amcc/crypto4xx_core.c:921:60: note: place parentheses
around the '?:' expression to evaluate it first
                 (crypto_tfm_alg_type(req->tfm) == CRYPTO_ALG_TYPE_AEAD) ?
                                                                         ^
                 (
1 warning generated.

It looks like this should have been a logical OR so that
PD_CTL_HASH_FINAL gets added to the w bitmask if crypto_tfm_alg_type
is either CRYPTO_ALG_TYPE_AHASH or CRYPTO_ALG_TYPE_AEAD. Change the
operator so that everything works properly.

Fixes: 4b5b7999 ("crypto: crypto4xx - fix stalls under heavy load")
Link: https://github.com/ClangBuiltLinux/linux/issues/1198Signed-off-by: NNathan Chancellor <natechancellor@gmail.com>
Reviewed-by: NChristian Lamparter <chunkeey@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Wang Qing reports that IS_ERR_OR_NULL() should be matched with
PTR_ERR_OR_ZERO(), not PTR_ERR().

As it turns out, the error path always returns an error code,
i.e. NULL is never returned.
Update the code accordingly - s/IS_ERR_OR_NULL/IS_ERR.
Reported-by: NWang Qing <wangqing@vivo.com>
Signed-off-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Instead of copying the calculated authentication tag to memory and
calling crypto_memneq() to verify it, use vector bytewise compare and
min across vector instructions to decide whether the tag is valid. This
is more efficient, and given that the tag is only transiently held in a
NEON register, it is also safer, given that calculated tags for failed
decryptions should be withheld.
Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fix aead auth setting key process error. if use soft shash function, driver
need to use digest size replace of the user input key length.
Signed-off-by: NKai Ye <yekai13@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Based on lessons learnt from optimizing the 32-bit version of this driver,
we can simplify the arm64 version considerably, by reordering the final
two stores when the last block is not a multiple of 64 bytes. This removes
the need to use permutation instructions to calculate the elements that are
clobbered by the final overlapping store, given that the store of the
penultimate block now follows it, and that one carries the correct values
for those elements already.

While at it, simplify the overlapping loads as well, by calculating the
address of the final overlapping load upfront, and switching to this
address for every load that would otherwise extend past the end of the
source buffer.

There is no impact on performance, but the resulting code is substantially
smaller and easier to follow.

Cc: Eric Biggers <ebiggers@google.com>
Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>
Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for the QAT gen4 devices in the firmware loader.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for broadcasting mode in firmware loader to enable the next
generation of QAT devices.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for shared ustore mode support. This is required by the next
generation of QAT devices to share the same fw image across engines.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Introduce new API, qat_uclo_set_cfg_ae_mask(), to allow the load of the
firmware image to a subset of Acceleration Engines (AEs). This is
required by the next generation of QAT devices to be able to load
different firmware images to the device.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add firmware control unit (FCU) CSRs to chip info so the firmware
authentication code is common between all devices.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for CSS3K, which uses RSA3K as image signature algorithm,
to support the next generation of QAT devices.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use ae_mask to decide which Accelerator Engine (AE) to target in AE
related operations, instead of a sequential loop, to skip AEs that are
fused out.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add null pointer check when freeing the memory for firmware.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add misc control CSR to chip info since the CSR offset will be different
in the next generation of QAT devices.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add the wake up event to chip info since this value will be different
in the next generation of QAT devices.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add global clock enable CSR to the chip info since the CSR offset
will be different in the next generation of QAT devices.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add reset CSR offset and mask to chip info since they are different
in new QAT devices. This also simplifies the reset/clrReset functions
by using the reset mask.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add the local memory size to the chip info since the size of this memory
will be different in the next generation of QAT devices.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for local memory lm2 and lm3 which is introduced in the next
generation of QAT devices.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Introduce the next neighbor (NN) capability in chip_info as NN registers
are not supported in certain SKUs of QAT.
Signed-off-by: NJack Xu <jack.xu@intel.com>
Co-developed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>