This patch converts cts over to the skcipher interface.  It also
optimises the implementation to use one CBC operation for all but
the last block, which is then processed separately.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The default null blkcipher is no longer used and can now be removed.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The blkcipher null object is no longer used and can now be removed.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds an skcipher null object alongside the existing
null blkcipher so that IV generators using it can switch over
to skcipher.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch converts chacha20poly1305 to use the new skcipher
interface as opposed to ablkcipher.

It also fixes a buglet where we may end up with an async poly1305
when the user asks for a async algorithm.  This shouldn't be a
problem yet as there aren't any async implementations of poly1305
out there.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch converts gcm to use the new skcipher interface as opposed
to ablkcipher.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch converts ccm to use the new skcipher interface as opposed
to ablkcipher.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch converts rfc3686 to use the new skcipher interface as
opposed to ablkcipher.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch converts authencesn to use the new skcipher interface as
opposed to ablkcipher.

It also fixes a little bug where if a sync version of authencesn
is requested we may still end up using an async ahash.  This should
have no effect as none of the authencesn users can request for a
sync authencesn.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch converts authenc to use the new skcipher interface as
opposed to ablkcipher.

It also fixes a little bug where if a sync version of authenc
is requested we may still end up using an async ahash.  This should
have no effect as none of the authenc users can request for a
sync authenc.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds a chunk size parameter to aead algorithms, just
like the chunk size for skcipher algorithms.

However, unlike skcipher we do not currently export this to AEAD
users.  It is only meant to be used by AEAD implementors for now.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Current the default null skcipher is actually a crypto_blkcipher.
This patch creates a synchronous crypto_skcipher version of the
null cipher which unfortunately has to settle for the name skcipher2.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch allows skcipher algorithms and instances to be created
and registered with the crypto API.  They are accessible through
the top-level skcipher interface, along with ablkcipher/blkcipher
algorithms and instances.

This patch also introduces a new parameter called chunk size
which is meant for ciphers such as CTR and CTS which ostensibly
can handle arbitrary lengths, but still behave like block ciphers
in that you can only process a partial block at the very end.

For these ciphers the block size will continue to be set to 1
as it is now while the chunk size will be set to the underlying
block size.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

 for condition comparison and cleanup multiline comment style

In sha*_ctx_mgr_submit, we currently use the | operator instead of ||
((ctx->partial_block_buffer_length) | (len < SHA1_BLOCK_SIZE))

Switching it to || and remove extraneous paranthesis to
adhere to coding style.

Also cleanup inconsistent multiline comment style.
Signed-off-by: NTim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

There is not need to drop leading zeros from the RSA output
operations results.
Signed-off-by: NSalvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add DH support under kpp api. Drop struct qat_rsa_request and
introduce a more generic struct qat_asym_request and share it
between RSA and DH requests.
Signed-off-by: NSalvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fix double words "the the" in crypto-API.tmpl.
Signed-off-by: NMasanari Iida <standby24x7@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Extend qat driver to use RSA CRT mode when all CRT related components are
present in the private key. Simplify code in qat_rsa_setkey by adding
qat_rsa_clear_ctx.
Signed-off-by: NSalvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Key generated with openssl. It also contains all fields required
for testing CRT mode
Signed-off-by: NSalvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When parsing a private key, store all non-optional fields. These
are required for enabling CRT mode for decrypt and verify
Signed-off-by: NSalvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Different product families will use FLR or SBR.
Virtual Function devices have no reset method.
Signed-off-by: NConor McLoughlin <conor.mcloughlin@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Remove unneeded error handling on the result of a call to
platform_get_resource when the value is passed to
devm_ioremap_resource.

The Coccinelle semantic patch that makes this change is as follows:

// <smpl>
@@
expression pdev,res,n,e,e1;
expression ret != 0;
identifier l;
@@

- res = platform_get_resource(pdev, IORESOURCE_MEM, n);
  ... when != res
- if (res == NULL) { ... \(goto l;\|return ret;\) }
  ... when != res
+ res = platform_get_resource(pdev, IORESOURCE_MEM, n);
  e = devm_ioremap_resource(e1, res);
// </smpl>
Signed-off-by: NAmitoj Kaur Chawla <amitoj1606@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add RSA support to caam driver.

Initial author is Yashpal Dutta <yashpal.dutta@freescale.com>.
Signed-off-by: NTudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Report correct error in case of failure
Signed-off-by: NSalvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Drop all asn1 related code and use the new rsa_helper
functions rsa_parse_[pub|priv]_key for parsing the key
Signed-off-by: NSalvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use the vector polynomial multiply-sum instructions in POWER8 to
speed up crc32c.

This is just over 41x faster than the slice-by-8 method that it
replaces. Measurements on a 4.1 GHz POWER8 show it sustaining
52 GiB/sec.

A simple btrfs write performance test:

    dd if=/dev/zero of=/mnt/tmpfile bs=1M count=4096
    sync

is over 3.7x faster.
Signed-off-by: NAnton Blanchard <anton@samba.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

gcc provides FUNC_START/FUNC_END macros to help with creating
assembly functions. Mirror these in the kernel so we can more easily
share code between userspace and the kernel. FUNC_END is just a
stub since we don't currently annotate the end of kernel functions.

It might make sense to do a wholesale search and replace, but for
now just create a couple of defines.
Signed-off-by: NAnton Blanchard <anton@samba.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

As the software RSA implementation now produces fixed-length
output, we need to eliminate leading zeros in the calling code
instead.

This patch does just that for pkcs1pad signature verification.

Fixes: 9b45b7bb ("crypto: rsa - Generate fixed-length output")
Reported-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds HMAC-SHA3 test modes in tcrypt module
and related test vectors.
Signed-off-by: NRaveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The arm-neon-sha implementations have cra_priority of 150...300, so
increase omap-sham priority to 400 to ensure it is on top of any
software alg.
Signed-off-by: NBin Liu <b-liu@ti.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The multibuffer hash speed test is incorrectly bailing because
of an EINPROGRESS return value.  This patch fixes it by setting
ret to zero if it is equal to -EINPROGRESS.
Reported-by: NMegha Dey <megha.dey@linux.intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

In the vast majority of cases (2^-32 on 32-bit and 2^-64 on 64-bit)
cases, the result from encryption/signing will require no padding.

This patch makes these two operations write their output directly
to the final destination.  Only in the exceedingly rare cases where
fixup is needed to we copy it out and back to add the leading zeroes.

This patch also makes use of the crypto_akcipher_set_crypt API
instead of writing the akcipher request directly.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Rather than repeatedly checking the key size on each operation,
we should be checking it once when the key is set.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

We don't currently support using akcipher in atomic contexts,
so GFP_KERNEL should always be used.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The helper pkcs1pad_sg_set_buf tries to split a buffer that crosses
a page boundary into two SG entries.  This is unnecessary.  This
patch removes that.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The only user of rsa-pkcs1pad always uses the hash so there is
no reason to support the case of not having a hash.

This patch also changes the digest info lookup so that it is
only done once during template instantiation rather than on each
operation.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Currently the mpi SG helpers use sg_virt which is completely
broken.  It happens to work with normal kernel memory but will
fail with anything that is not linearly mapped.

This patch fixes this by using the SG iterator helpers.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Every implementation of RSA that we have naturally generates
output with leading zeroes.  The one and only user of RSA,
pkcs1pad wants to have those leading zeroes in place, in fact
because they are currently absent it has to write those zeroes
itself.

So we shouldn't be stripping leading zeroes in the first place.
In fact this patch makes rsa-generic produce output with fixed
length so that pkcs1pad does not need to do any extra work.

This patch also changes DH to use the new interface.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>