ZIP debug registers aren't cleared even if its driver is removed,
so add a clearing operation when remove driver.
Signed-off-by: NHao Fang <fanghao11@huawei.com>
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch removes a number of unused variables and marks others
as unused in order to silence compiler warnings about them.

Fixes: a8ea8bdd ("lib/mpi: Extend the MPI library")
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Tested-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch removes a few ineffectual assignments from the function
crypto_poly1305_setdctxkey.
Reported-by: Nkernel test robot <lkp@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Modify the read size to the correct HW random
registers size, 8bit.
The incorrect read size caused and faulty
HW random value.
Signed-off-by: NTomer Maimon <tmaimon77@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Make sure that we call the dma_unmap_sg on the correct scatterlist on
completion with the correct sg_nents.

Use sg_table to managed the DMA mapping and at the same time add the needed
dma_sync calls for the sg_table.
Signed-off-by: NPeter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Newer CAAM versions (Era 9+) support 16B IVs. Since for these devices
the HW limitation is no longer present newer version should process the
requests containing 16B IVs directly in hardware without using a fallback.
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Newer CAAM versions (Era 9+) support 16B IVs. Since for these devices
the HW limitation is no longer present newer version should process the
requests containing 16B IVs directly in hardware without using a fallback.
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Newer CAAM versions (Era 9+) support 16B IVs. Since for these devices
the HW limitation is no longer present newer version should process the
requests containing 16B IVs directly in hardware without using a fallback.
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

XTS should not return succes when dealing with block length equal to zero.
This is different than the rest of the skcipher algorithms.

Fixes: 31bb2f0d ("crypto: caam - check zero-length input")
Cc: <stable@vger.kernel.org> # v5.4+
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

CAAM accelerator only supports XTS-AES-128 and XTS-AES-256 since
it adheres strictly to the standard. All the other key lengths
are accepted and processed through a fallback as long as they pass
the xts_verify_key() checks.

Fixes: 226853ac ("crypto: caam/qi2 - add skcipher algorithms")
Cc: <stable@vger.kernel.org> # v4.20+
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

CAAM accelerator only supports XTS-AES-128 and XTS-AES-256 since
it adheres strictly to the standard. All the other key lengths
are accepted and processed through a fallback as long as they pass
the xts_verify_key() checks.

Fixes: b189817c ("crypto: caam/qi - add ablkcipher and authenc algorithms")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

CAAM accelerator only supports XTS-AES-128 and XTS-AES-256 since
it adheres strictly to the standard. All the other key lengths
are accepted and processed through a fallback as long as they pass
the xts_verify_key() checks.

Fixes: c6415a60 ("crypto: caam - add support for acipher xts(aes)")
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

A hardware limitation exists for CAAM until Era 9 which restricts
the accelerator to IVs with only 8 bytes. When CAAM has a lower era
a fallback is necessary to process 16 bytes IV.

Fixes: 226853ac ("crypto: caam/qi2 - add skcipher algorithms")
Cc: <stable@vger.kernel.org> # v4.20+
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

A hardware limitation exists for CAAM until Era 9 which restricts
the accelerator to IVs with only 8 bytes. When CAAM has a lower era
a fallback is necessary to process 16 bytes IV.

Fixes: b189817c ("crypto: caam/qi - add ablkcipher and authenc algorithms")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

A hardware limitation exists for CAAM until Era 9 which restricts
the accelerator to IVs with only 8 bytes. When CAAM has a lower era
a fallback is necessary to process 16 bytes IV.

Fixes: c6415a60 ("crypto: caam - add support for acipher xts(aes)")
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: NAndrei Botila <andrei.botila@nxp.com>
Reviewed-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Simplify the return expression.
Signed-off-by: NQinglang Miao <miaoqinglang@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Simplify the return expression.
Signed-off-by: NQinglang Miao <miaoqinglang@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fix resource leak in error handling.
Signed-off-by: NPavel Machek (CIP) <pavel@denx.de>
Acked-by: NJohn Allen <john.allen@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Simplify the return expression.
Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Asymmetric digsig supports SM2-with-SM3 algorithm combination,
so that IMA can also verify SM2's signature data.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: NXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Reviewed-by: NMimi Zohar <zohar@linux.ibm.com>
Reviewed-by: NVitaly Chikunov <vt@altlinux.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The digital certificate format based on SM2 crypto algorithm as
specified in GM/T 0015-2012. It was published by State Encryption
Management Bureau, China.

The method of generating Other User Information is defined as
ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA), it also
specified in https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02.

The x509 certificate supports SM2-with-SM3 type certificate
verification.  Because certificate verification requires ZA
in addition to tbs data, ZA also depends on elliptic curve
parameters and public key data, so you need to access tbs in sig
and calculate ZA. Finally calculate the digest of the
signature and complete the verification work. The calculation
process of ZA is declared in specifications GM/T 0009-2012
and GM/T 0003.2-2012.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: NXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Reviewed-by: NGilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The digital certificate format based on SM2 crypto algorithm as
specified in GM/T 0015-2012. It was published by State Encryption
Management Bureau, China.

This patch adds the OID object identifier defined by OSCCA. The
x509 certificate supports SM2-with-SM3 type certificate parsing.
It uses the standard elliptic curve public key, and the sm2
algorithm signs the hash generated by sm3.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: NXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Reviewed-by: NVitaly Chikunov <vt@altlinux.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add testmgr test vectors for SM2 algorithm. These vectors come
from `openssl pkeyutl -sign` and libgcrypt.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: NXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When the 'key' allocation fails, the 'req' will not be released,
which will cause memory leakage on this path. This patch adds a
'free_req' tag used to solve this problem, and two new err values
are added to reflect the real reason of the error.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Some asymmetric algorithms will get different ciphertext after
each encryption, such as SM2, and let testmgr support the testing
of such algorithms.

In struct akcipher_testvec, set c and c_size to be empty, skip
the comparison of the ciphertext, and compare the decrypted
plaintext with m to achieve the test purpose.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: NXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This new module implement the SM2 public key algorithm. It was
published by State Encryption Management Bureau, China.
List of specifications for SM2 elliptic curve public key cryptography:

* GM/T 0003.1-2012
* GM/T 0003.2-2012
* GM/T 0003.3-2012
* GM/T 0003.4-2012
* GM/T 0003.5-2012

IETF: https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
oscca: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml
scctc: http://www.gmbz.org.cn/main/bzlb.htmlSigned-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: NXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The implementation of EC is introduced from libgcrypt as the
basic algorithm of elliptic curve, which can be more perfectly
integrated with MPI implementation.
Some other algorithms will be developed based on mpi ecc, such as SM2.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: NXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Expand the mpi library based on libgcrypt, and the ECC algorithm of
mpi based on libgcrypt requires these functions.
Some other algorithms will be developed based on mpi ecc, such as SM2.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: NXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Both crypto_sm3_update and crypto_sm3_finup have been
exported, exporting crypto_sm3_final, to avoid having to
use crypto_sm3_finup(desc, NULL, 0, dgst) to calculate
the hash in some cases.
Signed-off-by: NTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Tested-by: NXufeng Zhang <yunbo.xufeng@linux.alibaba.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

'qm_init_qp_status' is just a help function to initiate some 'QP' status.
'QP' status should be updated separately.
This patch removes the updating flags in 'QP' status.
Signed-off-by: NWeili Qian <qianweili@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The parameter type of 'pci_set_drvdata' is 'struct hisi_qm',
so here the return type of 'pci_get_drvdata' should be 'struct hisi_qm'
too.
Signed-off-by: NYang Shen <shenyang39@huawei.com>
Signed-off-by: NWeili Qian <qianweili@huawei.com>
Reviewed-by: NZhou Wang <wangzhou1@hisilicon.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Using 'g' not equal to 2 in dh algorithm may cause an error like this:

arm-smmu-v3 arm-smmu-v3.1.auto: event 0x10 received:
dh: Party A: generate public key test failed. err -22
11375.065672] dh alg: dh: test failed on vector 1, err=-22
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000790000000010
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000120800000080
hpre-dh self test failed
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000000000000000
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000000000000000
arm-smmu-v3 arm-smmu-v3.1.auto: event 0x10 received:
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000790000000010
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000120800000083
arm-smmu-v3 arm-smmu-v3.1.auto:  0x00000000000000c0
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000000000000000
arm-smmu-v3 arm-smmu-v3.1.auto: event 0x10 received:
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000790000000010
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000120800000081
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000000000000040
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000000000000000
arm-smmu-v3 arm-smmu-v3.1.auto: event 0x10 received:
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000790000000010
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000120800000082
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000000000000080
arm-smmu-v3 arm-smmu-v3.1.auto:  0x0000000000000000
hisi_hpre 0000:79:00.0: dat_rd_poison_int_set [error status=0x8] found
hisi_hpre 0000:79:00.0: ooo_rdrsp_err_int_set [error status=0xfc00] found
hisi_hpre 0000:79:00.0: Controller resetting...
hisi_hpre 0000:79:00.0: Controller reset complete
{2}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 0
{2}[Hardware Error]: event severity: recoverable
{2}[Hardware Error]: Error 0, type: recoverable
{2}[Hardware Error]: section type: unknown, c8b328a8-9917-4af6-9a13-2e08ab2e7586
{2}[Hardware Error]: section length: 0x4c

as we missed initiating 'msg->in'.

Fixes: c8b4b477("crypto: hisilicon - add HiSilicon HPRE accelerator")
Signed-off-by: NMeng Yu <yumeng18@huawei.com>
Reviewed-by: NZaibo Xu <xuzaibo@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Adjust some coding style to make code aligned.
Signed-off-by: NMeng Yu <yumeng18@huawei.com>
Reviewed-by: NZaibo Xu <xuzaibo@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

1. Remove unused member 'debug_root' in 'struct hpre_debug';
2. The u64 cast is redundant in 'cpu_to_le64'.

Fixes: 84897415("crypto: hisilicon - Add debugfs for HPRE")
Fixes: dadbe4c1("crypto: hisilicon/hpre - update debugfs ...")
Signed-off-by: NMeng Yu <yumeng18@huawei.com>
Reviewed-by: NZaibo Xu <xuzaibo@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

There is a statement that is indented by one whitespace too deeply,
fix this by removing the whitespace.
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Extend the user-space RNG interface:
  1. Add entropy input via ALG_SET_DRBG_ENTROPY setsockopt option;
  2. Add additional data input via sendmsg syscall.

This allows DRBG to be tested with test vectors, for example for the
purpose of CAVP testing, which otherwise isn't possible.

To prevent erroneous use of entropy input, it is hidden under
CRYPTO_USER_API_RNG_CAVP config option and requires CAP_SYS_ADMIN to
succeed.
Signed-off-by: NElena Petrova <lenaptr@google.com>
Acked-by: NStephan Müller <smueller@chronox.de>
Reviewed-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes the warning:
warning: comparison of integer expressions of different signedness: 'int' and 'long unsigned int' [-Wsign-compare]
Signed-off-by: NCorentin Labbe <clabbe@baylibre.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes the warning:
warning: comparison of integer expressions of different signedness: 'int' and 'long unsigned int' [-Wsign-compare]
Signed-off-by: NCorentin Labbe <clabbe@baylibre.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch had support for the TRNG present in the CE.
Note that according to the algorithm ID, 2 version of the TRNG exists,
the first present in H3/H5/R40/A64 and the second present in H6.
This patch adds support for both, but only the second is working
reliabily according to rngtest.
Signed-off-by: NCorentin Labbe <clabbe@baylibre.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch had support for the PRNG present in the CE.
The output was tested with rngtest without any failure.
Signed-off-by: NCorentin Labbe <clabbe@baylibre.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>