1. 04 7月, 2014 1 次提交
    • S
      crypto: drbg - fix memory corruption for AES192 · 8fecaad7
      Stephan Mueller 提交于
      For the CTR DRBG, the drbg_state->scratchpad temp buffer (i.e. the
      memory location immediately before the drbg_state->tfm variable
      is the buffer that the BCC function operates on. BCC operates
      blockwise. Making the temp buffer drbg_statelen(drbg) in size is
      sufficient when the DRBG state length is a multiple of the block
      size. For AES192 this is not the case and the length for temp is
      insufficient (yes, that also means for such ciphers, the final
      output of all BCC rounds are truncated before used to update the
      state of the DRBG!!).
      
      The patch enlarges the temp buffer from drbg_statelen to
      drbg_statelen + drbg_blocklen to have sufficient space.
      Reported-by: NFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: NStephan Mueller <smueller@chronox.de>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      8fecaad7
  2. 03 7月, 2014 6 次提交
    • A
      crypto: ux500 - make interrupt mode plausible · e1f8859e
      Arnd Bergmann 提交于
      The interrupt handler in the ux500 crypto driver has an obviously
      incorrect way to access the data buffer, which for a while has
      caused this build warning:
      
      ../ux500/cryp/cryp_core.c: In function 'cryp_interrupt_handler':
      ../ux500/cryp/cryp_core.c:234:5: warning: passing argument 1 of '__fswab32' makes integer from pointer without a cast [enabled by default]
           writel_relaxed(ctx->indata,
           ^
      In file included from ../include/linux/swab.h:4:0,
                       from ../include/uapi/linux/byteorder/big_endian.h:12,
                       from ../include/linux/byteorder/big_endian.h:4,
                       from ../arch/arm/include/uapi/asm/byteorder.h:19,
                       from ../include/asm-generic/bitops/le.h:5,
                       from ../arch/arm/include/asm/bitops.h:340,
                       from ../include/linux/bitops.h:33,
                       from ../include/linux/kernel.h:10,
                       from ../include/linux/clk.h:16,
                       from ../drivers/crypto/ux500/cryp/cryp_core.c:12:
      ../include/uapi/linux/swab.h:57:119: note: expected '__u32' but argument is of type 'const u8 *'
       static inline __attribute_const__ __u32 __fswab32(__u32 val)
      
      There are at least two, possibly three problems here:
      a) when writing into the FIFO, we copy the pointer rather than the
         actual data we want to give to the hardware
      b) the data pointer is an array of 8-bit values, while the FIFO
         is 32-bit wide, so both the read and write access fail to do
         a proper type conversion
      c) This seems incorrect for big-endian kernels, on which we need to
         byte-swap any register access, but not normally FIFO accesses,
         at least the DMA case doesn't do it either.
      
      This converts the bogus loop to use the same readsl/writesl pair
      that we use for the two other modes (DMA and polling). This is
      more efficient and consistent, and probably correct for endianess.
      
      The bug has existed since the driver was first merged, and was
      probably never detected because nobody tried to use interrupt mode.
      It might make sense to backport this fix to stable kernels, depending
      on how the crypto maintainers feel about that.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Cc: linux-crypto@vger.kernel.org
      Cc: Fabio Baltieri <fabio.baltieri@linaro.org>
      Cc: Linus Walleij <linus.walleij@linaro.org>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: stable@vger.kernel.org
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      e1f8859e
    • L
      crypto: tcrypt - print cra driver name in tcrypt tests output · 263a8df0
      Luca Clementi 提交于
      Print the driver name that is being tested. The driver name can be
      inferred parsing /proc/crypto but having it in the output is
      clearer
      Signed-off-by: NLuca Clementi <luca.clementi@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      263a8df0
    • S
      ARM: DT: qcom: Add Qualcomm crypto driver binding document · 14748d7c
      Stanimir Varbanov 提交于
      Here is Qualcomm crypto driver device tree binding documentation
      to used as a reference example.
      Signed-off-by: NStanimir Varbanov <svarbanov@mm-sol.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      14748d7c
    • S
      crypto: qce - Build Qualcomm crypto driver · c672752d
      Stanimir Varbanov 提交于
      Modify crypto Kconfig and Makefile in order to build the qce
      driver and adds qce Makefile as well.
      Signed-off-by: NStanimir Varbanov <svarbanov@mm-sol.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      c672752d
    • S
      crypto: qce - Qualcomm crypto engine driver · ec8f5d8f
      Stanimir Varbanov 提交于
      The driver is separated by functional parts. The core part
      implements a platform driver probe and remove callbaks.
      The probe enables clocks, checks crypto version, initialize
      and request dma channels, create done tasklet and init
      crypto queue and finally register the algorithms into crypto
      core subsystem.
      
      - DMA and SG helper functions
       implement dmaengine and sg-list helper functions used by
       other parts of the crypto driver.
      
      - ablkcipher algorithms
       implementation of AES, DES and 3DES crypto API callbacks,
       the crypto register alg function, the async request handler
       and its dma done callback function.
      
      - SHA and HMAC transforms
       implementation and registration of ahash crypto type.
       It includes sha1, sha256, hmac(sha1) and hmac(sha256).
      
      - infrastructure to setup the crypto hw
       contains functions used to setup/prepare hardware registers for
       all algorithms supported by the crypto block. It also exports
       few helper functions needed by algorithms:
      	- to check hardware status
      	- to start crypto hardware
      	- to translate data stream to big endian form
      
       Adds register addresses and bit/masks used by the driver
       as well.
      Signed-off-by: NStanimir Varbanov <svarbanov@mm-sol.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      ec8f5d8f
    • J
      crypto: fips - only panic on bad/missing crypto mod signatures · 002c77a4
      Jarod Wilson 提交于
      Per further discussion with NIST, the requirements for FIPS state that
      we only need to panic the system on failed kernel module signature checks
      for crypto subsystem modules. This moves the fips-mode-only module
      signature check out of the generic module loading code, into the crypto
      subsystem, at points where we can catch both algorithm module loads and
      mode module loads. At the same time, make CONFIG_CRYPTO_FIPS dependent on
      CONFIG_MODULE_SIG, as this is entirely necessary for FIPS mode.
      
      v2: remove extraneous blank line, perform checks in static inline
      function, drop no longer necessary fips.h include.
      
      CC: "David S. Miller" <davem@davemloft.net>
      CC: Rusty Russell <rusty@rustcorp.com.au>
      CC: Stephan Mueller <stephan.mueller@atsec.com>
      Signed-off-by: NJarod Wilson <jarod@redhat.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      002c77a4
  3. 26 6月, 2014 5 次提交
  4. 25 6月, 2014 6 次提交
  5. 23 6月, 2014 1 次提交
  6. 21 6月, 2014 1 次提交
  7. 20 6月, 2014 20 次提交
    • C
      crypto: aes - AES CTR x86_64 "by8" AVX optimization · 22cddcc7
      chandramouli narayanan 提交于
      This patch introduces "by8" AES CTR mode AVX optimization inspired by
      Intel Optimized IPSEC Cryptograhpic library. For additional information,
      please see:
      http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=22972
      
      The functions aes_ctr_enc_128_avx_by8(), aes_ctr_enc_192_avx_by8() and
      aes_ctr_enc_256_avx_by8() are adapted from
      Intel Optimized IPSEC Cryptographic library. When both AES and AVX features
      are enabled in a platform, the glue code in AESNI module overrieds the
      existing "by4" CTR mode en/decryption with the "by8"
      AES CTR mode en/decryption.
      
      On a Haswell desktop, with turbo disabled and all cpus running
      at maximum frequency, the "by8" CTR mode optimization
      shows better performance results across data & key sizes
      as measured by tcrypt.
      
      The average performance improvement of the "by8" version over the "by4"
      version is as follows:
      
      For 128 bit key and data sizes >= 256 bytes, there is a 10-16% improvement.
      For 192 bit key and data sizes >= 256 bytes, there is a 20-22% improvement.
      For 256 bit key and data sizes >= 256 bytes, there is a 20-25% improvement.
      
      A typical run of tcrypt with AES CTR mode encryption of the "by4" and "by8"
      optimization shows the following results:
      
      tcrypt with "by4" AES CTR mode encryption optimization on a Haswell Desktop:
      ---------------------------------------------------------------------------
      
      testing speed of __ctr-aes-aesni encryption
      test 0 (128 bit key, 16 byte blocks): 1 operation in 343 cycles (16 bytes)
      test 1 (128 bit key, 64 byte blocks): 1 operation in 336 cycles (64 bytes)
      test 2 (128 bit key, 256 byte blocks): 1 operation in 491 cycles (256 bytes)
      test 3 (128 bit key, 1024 byte blocks): 1 operation in 1130 cycles (1024 bytes)
      test 4 (128 bit key, 8192 byte blocks): 1 operation in 7309 cycles (8192 bytes)
      test 5 (192 bit key, 16 byte blocks): 1 operation in 346 cycles (16 bytes)
      test 6 (192 bit key, 64 byte blocks): 1 operation in 361 cycles (64 bytes)
      test 7 (192 bit key, 256 byte blocks): 1 operation in 543 cycles (256 bytes)
      test 8 (192 bit key, 1024 byte blocks): 1 operation in 1321 cycles (1024 bytes)
      test 9 (192 bit key, 8192 byte blocks): 1 operation in 9649 cycles (8192 bytes)
      test 10 (256 bit key, 16 byte blocks): 1 operation in 369 cycles (16 bytes)
      test 11 (256 bit key, 64 byte blocks): 1 operation in 366 cycles (64 bytes)
      test 12 (256 bit key, 256 byte blocks): 1 operation in 595 cycles (256 bytes)
      test 13 (256 bit key, 1024 byte blocks): 1 operation in 1531 cycles (1024 bytes)
      test 14 (256 bit key, 8192 byte blocks): 1 operation in 10522 cycles (8192 bytes)
      
      testing speed of __ctr-aes-aesni decryption
      test 0 (128 bit key, 16 byte blocks): 1 operation in 336 cycles (16 bytes)
      test 1 (128 bit key, 64 byte blocks): 1 operation in 350 cycles (64 bytes)
      test 2 (128 bit key, 256 byte blocks): 1 operation in 487 cycles (256 bytes)
      test 3 (128 bit key, 1024 byte blocks): 1 operation in 1129 cycles (1024 bytes)
      test 4 (128 bit key, 8192 byte blocks): 1 operation in 7287 cycles (8192 bytes)
      test 5 (192 bit key, 16 byte blocks): 1 operation in 350 cycles (16 bytes)
      test 6 (192 bit key, 64 byte blocks): 1 operation in 359 cycles (64 bytes)
      test 7 (192 bit key, 256 byte blocks): 1 operation in 635 cycles (256 bytes)
      test 8 (192 bit key, 1024 byte blocks): 1 operation in 1324 cycles (1024 bytes)
      test 9 (192 bit key, 8192 byte blocks): 1 operation in 9595 cycles (8192 bytes)
      test 10 (256 bit key, 16 byte blocks): 1 operation in 364 cycles (16 bytes)
      test 11 (256 bit key, 64 byte blocks): 1 operation in 377 cycles (64 bytes)
      test 12 (256 bit key, 256 byte blocks): 1 operation in 604 cycles (256 bytes)
      test 13 (256 bit key, 1024 byte blocks): 1 operation in 1527 cycles (1024 bytes)
      test 14 (256 bit key, 8192 byte blocks): 1 operation in 10549 cycles (8192 bytes)
      
      tcrypt with "by8" AES CTR mode encryption optimization on a Haswell Desktop:
      ---------------------------------------------------------------------------
      
      testing speed of __ctr-aes-aesni encryption
      test 0 (128 bit key, 16 byte blocks): 1 operation in 340 cycles (16 bytes)
      test 1 (128 bit key, 64 byte blocks): 1 operation in 330 cycles (64 bytes)
      test 2 (128 bit key, 256 byte blocks): 1 operation in 450 cycles (256 bytes)
      test 3 (128 bit key, 1024 byte blocks): 1 operation in 1043 cycles (1024 bytes)
      test 4 (128 bit key, 8192 byte blocks): 1 operation in 6597 cycles (8192 bytes)
      test 5 (192 bit key, 16 byte blocks): 1 operation in 339 cycles (16 bytes)
      test 6 (192 bit key, 64 byte blocks): 1 operation in 352 cycles (64 bytes)
      test 7 (192 bit key, 256 byte blocks): 1 operation in 539 cycles (256 bytes)
      test 8 (192 bit key, 1024 byte blocks): 1 operation in 1153 cycles (1024 bytes)
      test 9 (192 bit key, 8192 byte blocks): 1 operation in 8458 cycles (8192 bytes)
      test 10 (256 bit key, 16 byte blocks): 1 operation in 353 cycles (16 bytes)
      test 11 (256 bit key, 64 byte blocks): 1 operation in 360 cycles (64 bytes)
      test 12 (256 bit key, 256 byte blocks): 1 operation in 512 cycles (256 bytes)
      test 13 (256 bit key, 1024 byte blocks): 1 operation in 1277 cycles (1024 bytes)
      test 14 (256 bit key, 8192 byte blocks): 1 operation in 8745 cycles (8192 bytes)
      
      testing speed of __ctr-aes-aesni decryption
      test 0 (128 bit key, 16 byte blocks): 1 operation in 348 cycles (16 bytes)
      test 1 (128 bit key, 64 byte blocks): 1 operation in 335 cycles (64 bytes)
      test 2 (128 bit key, 256 byte blocks): 1 operation in 451 cycles (256 bytes)
      test 3 (128 bit key, 1024 byte blocks): 1 operation in 1030 cycles (1024 bytes)
      test 4 (128 bit key, 8192 byte blocks): 1 operation in 6611 cycles (8192 bytes)
      test 5 (192 bit key, 16 byte blocks): 1 operation in 354 cycles (16 bytes)
      test 6 (192 bit key, 64 byte blocks): 1 operation in 346 cycles (64 bytes)
      test 7 (192 bit key, 256 byte blocks): 1 operation in 488 cycles (256 bytes)
      test 8 (192 bit key, 1024 byte blocks): 1 operation in 1154 cycles (1024 bytes)
      test 9 (192 bit key, 8192 byte blocks): 1 operation in 8390 cycles (8192 bytes)
      test 10 (256 bit key, 16 byte blocks): 1 operation in 357 cycles (16 bytes)
      test 11 (256 bit key, 64 byte blocks): 1 operation in 362 cycles (64 bytes)
      test 12 (256 bit key, 256 byte blocks): 1 operation in 515 cycles (256 bytes)
      test 13 (256 bit key, 1024 byte blocks): 1 operation in 1284 cycles (1024 bytes)
      test 14 (256 bit key, 8192 byte blocks): 1 operation in 8681 cycles (8192 bytes)
      
      crypto: Incorporate feed back to AES CTR mode optimization patch
      
      Specifically, the following:
      a) alignment around main loop in aes_ctrby8_avx_x86_64.S
      b) .rodata around data constants used in the assembely code.
      c) the use of CONFIG_AVX in the glue code.
      d) fix up white space.
      e) informational message for "by8" AES CTR mode optimization
      f) "by8" AES CTR mode optimization can be simply enabled
      if the platform supports both AES and AVX features. The
      optimization works superbly on Sandybridge as well.
      
      Testing on Haswell shows no performance change since the last.
      
      Testing on Sandybridge shows that the "by8" AES CTR mode optimization
      greatly improves performance.
      
      tcrypt log with "by4" AES CTR mode optimization on Sandybridge
      --------------------------------------------------------------
      
      testing speed of __ctr-aes-aesni encryption
      test 0 (128 bit key, 16 byte blocks): 1 operation in 383 cycles (16 bytes)
      test 1 (128 bit key, 64 byte blocks): 1 operation in 408 cycles (64 bytes)
      test 2 (128 bit key, 256 byte blocks): 1 operation in 707 cycles (256 bytes)
      test 3 (128 bit key, 1024 byte blocks): 1 operation in 1864 cycles (1024 bytes)
      test 4 (128 bit key, 8192 byte blocks): 1 operation in 12813 cycles (8192 bytes)
      test 5 (192 bit key, 16 byte blocks): 1 operation in 395 cycles (16 bytes)
      test 6 (192 bit key, 64 byte blocks): 1 operation in 432 cycles (64 bytes)
      test 7 (192 bit key, 256 byte blocks): 1 operation in 780 cycles (256 bytes)
      test 8 (192 bit key, 1024 byte blocks): 1 operation in 2132 cycles (1024 bytes)
      test 9 (192 bit key, 8192 byte blocks): 1 operation in 15765 cycles (8192 bytes)
      test 10 (256 bit key, 16 byte blocks): 1 operation in 416 cycles (16 bytes)
      test 11 (256 bit key, 64 byte blocks): 1 operation in 438 cycles (64 bytes)
      test 12 (256 bit key, 256 byte blocks): 1 operation in 842 cycles (256 bytes)
      test 13 (256 bit key, 1024 byte blocks): 1 operation in 2383 cycles (1024 bytes)
      test 14 (256 bit key, 8192 byte blocks): 1 operation in 16945 cycles (8192 bytes)
      
      testing speed of __ctr-aes-aesni decryption
      test 0 (128 bit key, 16 byte blocks): 1 operation in 389 cycles (16 bytes)
      test 1 (128 bit key, 64 byte blocks): 1 operation in 409 cycles (64 bytes)
      test 2 (128 bit key, 256 byte blocks): 1 operation in 704 cycles (256 bytes)
      test 3 (128 bit key, 1024 byte blocks): 1 operation in 1865 cycles (1024 bytes)
      test 4 (128 bit key, 8192 byte blocks): 1 operation in 12783 cycles (8192 bytes)
      test 5 (192 bit key, 16 byte blocks): 1 operation in 409 cycles (16 bytes)
      test 6 (192 bit key, 64 byte blocks): 1 operation in 434 cycles (64 bytes)
      test 7 (192 bit key, 256 byte blocks): 1 operation in 792 cycles (256 bytes)
      test 8 (192 bit key, 1024 byte blocks): 1 operation in 2151 cycles (1024 bytes)
      test 9 (192 bit key, 8192 byte blocks): 1 operation in 15804 cycles (8192 bytes)
      test 10 (256 bit key, 16 byte blocks): 1 operation in 421 cycles (16 bytes)
      test 11 (256 bit key, 64 byte blocks): 1 operation in 444 cycles (64 bytes)
      test 12 (256 bit key, 256 byte blocks): 1 operation in 840 cycles (256 bytes)
      test 13 (256 bit key, 1024 byte blocks): 1 operation in 2394 cycles (1024 bytes)
      test 14 (256 bit key, 8192 byte blocks): 1 operation in 16928 cycles (8192 bytes)
      
      tcrypt log with "by8" AES CTR mode optimization on Sandybridge
      --------------------------------------------------------------
      
      testing speed of __ctr-aes-aesni encryption
      test 0 (128 bit key, 16 byte blocks): 1 operation in 383 cycles (16 bytes)
      test 1 (128 bit key, 64 byte blocks): 1 operation in 401 cycles (64 bytes)
      test 2 (128 bit key, 256 byte blocks): 1 operation in 522 cycles (256 bytes)
      test 3 (128 bit key, 1024 byte blocks): 1 operation in 1136 cycles (1024 bytes)
      test 4 (128 bit key, 8192 byte blocks): 1 operation in 7046 cycles (8192 bytes)
      test 5 (192 bit key, 16 byte blocks): 1 operation in 394 cycles (16 bytes)
      test 6 (192 bit key, 64 byte blocks): 1 operation in 418 cycles (64 bytes)
      test 7 (192 bit key, 256 byte blocks): 1 operation in 559 cycles (256 bytes)
      test 8 (192 bit key, 1024 byte blocks): 1 operation in 1263 cycles (1024 bytes)
      test 9 (192 bit key, 8192 byte blocks): 1 operation in 9072 cycles (8192 bytes)
      test 10 (256 bit key, 16 byte blocks): 1 operation in 408 cycles (16 bytes)
      test 11 (256 bit key, 64 byte blocks): 1 operation in 428 cycles (64 bytes)
      test 12 (256 bit key, 256 byte blocks): 1 operation in 595 cycles (256 bytes)
      test 13 (256 bit key, 1024 byte blocks): 1 operation in 1385 cycles (1024 bytes)
      test 14 (256 bit key, 8192 byte blocks): 1 operation in 9224 cycles (8192 bytes)
      
      testing speed of __ctr-aes-aesni decryption
      test 0 (128 bit key, 16 byte blocks): 1 operation in 390 cycles (16 bytes)
      test 1 (128 bit key, 64 byte blocks): 1 operation in 402 cycles (64 bytes)
      test 2 (128 bit key, 256 byte blocks): 1 operation in 530 cycles (256 bytes)
      test 3 (128 bit key, 1024 byte blocks): 1 operation in 1135 cycles (1024 bytes)
      test 4 (128 bit key, 8192 byte blocks): 1 operation in 7079 cycles (8192 bytes)
      test 5 (192 bit key, 16 byte blocks): 1 operation in 414 cycles (16 bytes)
      test 6 (192 bit key, 64 byte blocks): 1 operation in 417 cycles (64 bytes)
      test 7 (192 bit key, 256 byte blocks): 1 operation in 572 cycles (256 bytes)
      test 8 (192 bit key, 1024 byte blocks): 1 operation in 1312 cycles (1024 bytes)
      test 9 (192 bit key, 8192 byte blocks): 1 operation in 9073 cycles (8192 bytes)
      test 10 (256 bit key, 16 byte blocks): 1 operation in 415 cycles (16 bytes)
      test 11 (256 bit key, 64 byte blocks): 1 operation in 454 cycles (64 bytes)
      test 12 (256 bit key, 256 byte blocks): 1 operation in 598 cycles (256 bytes)
      test 13 (256 bit key, 1024 byte blocks): 1 operation in 1407 cycles (1024 bytes)
      test 14 (256 bit key, 8192 byte blocks): 1 operation in 9288 cycles (8192 bytes)
      
      crypto: Fix redundant checks
      
      a) Fix the redundant check for cpu_has_aes
      b) Fix the key length check when invoking the CTR mode "by8"
      encryptor/decryptor.
      
      crypto: fix typo in AES ctr mode transform
      Signed-off-by: NChandramouli Narayanan <mouli@linux.intel.com>
      Reviewed-by: NMathias Krause <minipli@googlemail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      22cddcc7
    • J
      crypto: des_3des - add x86-64 assembly implementation · 6574e6c6
      Jussi Kivilinna 提交于
      Patch adds x86_64 assembly implementation of Triple DES EDE cipher algorithm.
      Two assembly implementations are provided. First is regular 'one-block at
      time' encrypt/decrypt function. Second is 'three-blocks at time' function that
      gains performance increase on out-of-order CPUs.
      
      tcrypt test results:
      
      Intel Core i5-4570:
      
      des3_ede-asm vs des3_ede-generic:
      size    ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec
      16B     1.21x   1.22x   1.27x   1.36x   1.25x   1.25x
      64B     1.98x   1.96x   1.23x   2.04x   2.01x   2.00x
      256B    2.34x   2.37x   1.21x   2.40x   2.38x   2.39x
      1024B   2.50x   2.47x   1.22x   2.51x   2.52x   2.51x
      8192B   2.51x   2.53x   1.21x   2.56x   2.54x   2.55x
      Signed-off-by: NJussi Kivilinna <jussi.kivilinna@iki.fi>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      6574e6c6
    • J
    • D
      crypto: caam - remove duplicate FIFOST_CONT_MASK define · be513f44
      Dan Carpenter 提交于
      The FIFOST_CONT_MASK define is cut and pasted twice so we can delete the
      second instance.
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: NKim Phillips <kim.phillips@freescale.com>
      Acked-by: NMarek Vasut <marex@denx.de>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      be513f44
    • G
      crypto: crc32c-pclmul - Shrink K_table to 32-bit words · 473946e6
      George Spelvin 提交于
      There's no need for the K_table to be made of 64-bit words.  For some
      reason, the original authors didn't fully reduce the values modulo the
      CRC32C polynomial, and so had some 33-bit values in there.  They can
      all be reduced to 32 bits.
      
      Doing that cuts the table size in half.  Since the code depends on both
      pclmulq and crc32, SSE 4.1 is obviously present, so we can use pmovzxdq
      to fetch it in the correct format.
      
      This adds (measured on Ivy Bridge) 1 cycle per main loop iteration
      (CRC of up to 3K bytes), less than 0.2%.  The hope is that the reduced
      D-cache footprint will make up the loss in other code.
      
      Two other related fixes:
      * K_table is read-only, so belongs in .rodata, and
      * There's no need for more than 8-byte alignment
      Acked-by: NTim Chen <tim.c.chen@linux.intel.com>
      Signed-off-by: NGeorge Spelvin <linux@horizon.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      473946e6
    • T
      crypto: qat - Update to makefiles · cea4001a
      Tadeusz Struk 提交于
      Update to makefiles etc.
      Don't update the firmware/Makefile yet since there is no FW binary in
      the crypto repo yet. This will be added later.
      
      v3 - removed change to ./firmware/Makefile
      Reviewed-by: NBruce W. Allan <bruce.w.allan@intel.com>
      Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      cea4001a
    • T
      crypto: qat - Intel(R) QAT DH895xcc accelerator · 7afa232e
      Tadeusz Struk 提交于
      This patch adds DH895xCC hardware specific code.
      It hooks to the common infrastructure and provides acceleration for crypto
      algorithms.
      Acked-by: NJohn Griffin <john.griffin@intel.com>
      Reviewed-by: NBruce W. Allan <bruce.w.allan@intel.com>
      Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      7afa232e
    • T
      crypto: qat - Intel(R) QAT accelengine part of fw loader · b3416fb8
      Tadeusz Struk 提交于
      This patch adds acceleration engine handler part the firmware loader.
      Acked-by: NBo Cui <bo.cui@intel.com>
      Reviewed-by: NBruce W. Allan <bruce.w.allan@intel.com>
      Signed-off-by: NKaren Xiang <karen.xiang@intel.com>
      Signed-off-by: NPingchaox Yang <pingchaox.yang@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      b3416fb8
    • T
      crypto: qat - Intel(R) QAT ucode part of fw loader · b4b7e67c
      Tadeusz Struk 提交于
      This patch adds microcode part of the firmware loader.
      
      v4 - splits FW loader part into two smaller patches.
      Acked-by: NBo Cui <bo.cui@intel.com>
      Reviewed-by: NBruce W. Allan <bruce.w.allan@intel.com>
      Signed-off-by: NKaren Xiang <karen.xiang@intel.com>
      Signed-off-by: NPingchaox Yang <pingchaox.yang@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      b4b7e67c
    • T
      crypto: qat - Intel(R) QAT crypto interface · d370cec3
      Tadeusz Struk 提交于
      This patch adds qat crypto interface.
      Acked-by: NJohn Griffin <john.griffin@intel.com>
      Reviewed-by: NBruce W. Allan <bruce.w.allan@intel.com>
      Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      d370cec3
    • T
      crypto: qat - Intel(R) QAT FW interface · 38154e65
      Tadeusz Struk 提交于
      This patch adds FW interface structure definitions.
      Acked-by: NJohn Griffin <john.griffin@intel.com>
      Reviewed-by: NBruce W. Allan <bruce.w.allan@intel.com>
      Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      38154e65
    • T
      crypto: qat - Intel(R) QAT transport code · a672a9dc
      Tadeusz Struk 提交于
      This patch adds a code that implements communication channel between the
      driver and the firmware.
      Acked-by: NJohn Griffin <john.griffin@intel.com>
      Reviewed-by: NBruce W. Allan <bruce.w.allan@intel.com>
      Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      a672a9dc
    • T
      crypto: qat - Intel(R) QAT driver framework · d8cba25d
      Tadeusz Struk 提交于
      This patch adds a common infractructure that will be used by all Intel(R)
      QuickAssist Technology (QAT) devices.
      
      v2 - added ./drivers/crypto/qat/Kconfig and ./drivers/crypto/qat/Makefile
      v4 - splits common part into more, smaller patches
      Acked-by: NJohn Griffin <john.griffin@intel.com>
      Reviewed-by: NBruce W. Allan <bruce.w.allan@intel.com>
      Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      d8cba25d
    • T
      crypto: ccp - Add platform device support for arm64 · c4f4b325
      Tom Lendacky 提交于
      Add support for the CCP on arm64 as a platform device.
      Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      c4f4b325
    • T
      crypto: ccp - CCP device bindings documentation · 1ad348f4
      Tom Lendacky 提交于
      This patch provides the documentation of the device bindings
      for the AMD Cryptographic Coprocessor driver.
      Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      1ad348f4
    • T
      crypto: ccp - Modify PCI support in prep for arm64 support · 3d77565b
      Tom Lendacky 提交于
      Modify the PCI device support in prep for supporting the
      CCP as a platform device for arm64.
      Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      3d77565b
    • S
      crypto: drbg - Add DRBG test code to testmgr · 64d1cdfb
      Stephan Mueller 提交于
      The DRBG test code implements the CAVS test approach.
      
      As discussed for the test vectors, all DRBG types are covered with
      testing. However, not every backend cipher is covered with testing. To
      prevent the testmgr from logging missing testing, the NULL test is
      registered for all backend ciphers not covered with specific test cases.
      
      All currently implemented DRBG types and backend ciphers are defined
      in SP800-90A. Therefore, the fips_allowed flag is set for all.
      Signed-off-by: NStephan Mueller <smueller@chronox.de>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      64d1cdfb
    • S
      crypto: drbg - DRBG testmgr test vectors · 3332ee2a
      Stephan Mueller 提交于
      All types of the DRBG (CTR, HMAC, Hash) are covered with test vectors.
      In addition, all permutations of use cases of the DRBG are covered:
      
              * with and without predition resistance
              * with and without additional information string
              * with and without personalization string
      
      As the DRBG implementation is agnositc of the specific backend cipher,
      only test vectors for one specific backend cipher is used. For example:
      the Hash DRBG uses the same code paths irrespectively of using SHA-256
      or SHA-512. Thus, the test vectors for SHA-256 cover the testing of all
      DRBG code paths of SHA-512.
      Signed-off-by: NStephan Mueller <smueller@chronox.de>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      3332ee2a
    • S
      5bfcf65b
    • S
      crypto: drbg - DRBG kernel configuration options · 419090c6
      Stephan Mueller 提交于
      The different DRBG types of CTR, Hash, HMAC can be enabled or disabled
      at compile time. At least one DRBG type shall be selected.
      
      The default is the HMAC DRBG as its code base is smallest.
      Signed-off-by: NStephan Mueller <smueller@chronox.de>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      419090c6