GCM and CBC mode of operation requires Last Cipher Block.
This patch set lcb bit in WR header when required.
Signed-off-by: NHarsh Jain <harsh@chelsio.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Trivial fix to spelling mistake in seq_printf message
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Trivial fix to spelling mistake in pr_err message
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The PKCS#1 RSA implementation is provided with a self test with RSA 2048
and SHA-256. This self test implicitly covers other RSA keys and other
hashes. Also, this self test implies that the pkcs1pad(rsa) is FIPS
140-2 compliant.
Signed-off-by: NStephan Mueller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

I work for MediaTek on maintaining the MediaTek RNG driver
for the existing SoCs and adding support for the following
SoCs.
Signed-off-by: NSean Wang <sean.wang@mediatek.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add runtime PM support.  There will be the benefit on SoCs where the
clock to the RNG used can be shutdown.
Signed-off-by: NSean Wang <sean.wang@mediatek.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Document the bindings used by MediaTek MT7622 SoC hardware random number
generator.
Signed-off-by: NSean Wang <sean.wang@mediatek.com>
Reviewed-by: NMatthias Brugger <matthias.bgg@gmail.com>
Acked-by: NRob Herring <robh@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Otherwise, we enable all sorts of forgeries via timing attack.
Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com>
Suggested-by: NStephan Müller <smueller@chronox.de>
Cc: stable@vger.kernel.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

If 'kzalloc' fails, we return 0 which means success.
return -ENOMEM instead as already done a few lines above.
Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

By adding a struct device *dev to struct engine, we could store the
device used at register time and so use all dev_xxx functions instead of
pr_xxx.
Signed-off-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fix inconsistent format and spelling in hash tests error messages.
Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Trivial fix to spelling mistake in flow_log message
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Reviewed-by: NSteve Lin <steven.lin1@broadcom.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The run-time self-tests fail quite early, as soon as the input block
size is larger than 64 bytes:

  alg: hash: Test 4 failed for sha1-sun4i-ss
  00000000: b9 c9 1e 52 c0 26 d8 39 81 ff f2 3c 99 b1 27 b2
  00000010: 30 d6 c9 85

One thing to notice is the value of the last word, which is the one
expected (it can sometime be the last two words). The datasheet isn't
very clear about when the digest is ready to retrieve and is seems the
bit SS_DATA_END is cleared when the digest was computed *but* that
doesn't mean the digest is ready to retrieve in the registers.

A ndelay(1) is added before reading the computed digest to ensure it is
available in the SS_MD[] registers.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The CRYPTO_ALG_KERN_DRIVER_ONLY flag is set for hardware accelerated
ciphers accessible through a kernel driver only. This is the case for
ciphers exposed by the sun4i-ss driver. This patch sets this flag.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Update the sun4i-ss driver to use the skcipher API instead of the old
ablkcipher one. It's a bit more tricky than s/ablkcipher/skcipher/, but
still nothing special and the driver's logic stays the same.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use the GENMASK helper instead of custom calculations to generate masks,
It also helps the readability.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

A bit is appended at the end of the input buffer for sha1. Simplify the
code assigning it.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When sending the last block of data to the engine, it should be padded
so that the total length of the request can be given to the engine as
the last 2 words of the last 64 bytes block.

Simplify the calculation of this pad offset.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Parts of the bf buffer were dynamically set to 0. Change this to set the
whole buffer to 0 by default to avoid any mistake.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Do not use DMA is the request is 0 length.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replace custom bit shifts and masks with lower/upper_32_bits helpers.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Cosmetic clean up if conditional checks on 0s values.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Cosmetic change to avoid having a full screen a variable definitions. It
also helps to see which variables share the same type.
Signed-off-by: NAntoine Tenart <antoine.tenart@free-electrons.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use more common error logging style.
Signed-off-by: NKarim Eshapa <karim.eshapa@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

- Fixed bugs in example for shash and rng (added missing "*" and " *").
- Corrected pr_info() in calc_hash().
- Added example usage of calc_hash().
- No need for negate PTR_ERR to get error code, as crypto_alloc_rng
  already returns negative values like ERR_PTR(-ENOMEM). Fixed.
Signed-off-by: NKamil Konieczny <k.konieczny@partner.samsung.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

We checked (nbytes < bsize) inside the loops so it's not possible to hit
the "goto done;" here.  This code is cut and paste from other slightly
different loops where we don't have the check inside the loop.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

mix_columns() contains a comment which shows the matrix used by the
MixColumns step of AES, but the last entry in this matrix was incorrect
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Drop .owner field in mtk_crypto_driver, since platform_driver_register()
will set it automatically.
Signed-off-by: NGeliang Tang <geliangtang@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add more algorithm support for the driver.
Add support for ecb(aes), cfb(aes) and ecb(des3_ede).
Signed-off-by: NGeorge Cherian <george.cherian@cavium.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Remove the individual encrypt/decrypt function for easch algorithm.
This is in prepration of adding more crypto algorithms supported by
hardware. While at that simplify create_ctx_hdr/create_input_list
function interfaces.
Signed-off-by: NGeorge Cherian <george.cherian@cavium.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Mailbox interrupt is common and it is not an error interrupt.
So downgrade the print from dev_err to  dev_dbg.
Signed-off-by: NGeorge Cherian <george.cherian@cavium.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This change is to handle sparse warning. Return type of function is a pointer to the structure and
it returns 0. Instead it should return NULL.
Signed-off-by: NPushkar Jambhlekar <pushkar.iit@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Expose some data about the configuration and operation of the CCP
through debugfs entries: device name, capabilities, configuration,
statistics.

Allow the user to reset the counters to zero by writing (any value)
to the 'stats' file. This can be done per queue or per device.

Changes from V1:
 - Correct polarity of test when destroying devices at module unload
Signed-off-by: NGary R Hook <gary.hook@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

An updated patch that also handles the additional key length requirements
for the AEAD algorithms.

The max keysize is not 96.  For SHA384/512 it's 128, and for the AEAD
algorithms it's longer still.  Extend the max keysize for the
AEAD size for AES256 + HMAC(SHA512).

Cc: <stable@vger.kernel.org> # 3.6+
Fixes: 357fb605 ("crypto: talitos - add sha224, sha384 and sha512 to existing AEAD algorithms")
Signed-off-by: NMartin Hicks <mort@bork.org>
Acked-by: NHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch removes the parent clock 'ethif' in bindings, since we don't
need to control the parent of a clock in current clock framework.

Moreover, the clocks are get by name in the driver, thus this change
does not break backwards compatibility.
Signed-off-by: NRyder Lee <ryder.lee@mediatek.com>
Reviewed-by: NMatthias Brugger <matthias.bgg@gmail.com>
Acked-by: NRob Herring <robh@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch removes redundant clock setting for 'clk_ethif', which is
the parent of 'clk_cryp'. Hence, we just need to handle its child.
Signed-off-by: NRyder Lee <ryder.lee@mediatek.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The test considers a party that already has a private-public
key pair and a party that provides a NULL key. The kernel will
generate the private-public key pair for the latter, computes
the shared secret on both ends and verifies if it's the same.

The explicit private-public key pair was copied from
the previous test vector.
Signed-off-by: NTudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for generating ecc private keys.

Generation of ecc private keys is helpful in a user-space to kernel
ecdh offload because the keys are not revealed to user-space. Private
key generation is also helpful to implement forward secrecy.

If the user provides a NULL ecc private key, the kernel will generate it
and further use it for ecdh.

Move ecdh's object files below drbg's. drbg must be present in the kernel
at the time of calling.
Signed-off-by: NTudor Ambarus <tudor.ambarus@microchip.com>
Reviewed-by: NStephan Müller <smueller@chronox.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Register the Symmetric crypto algorithms supported by
CNN55XX driver with crypto subsystem.

The following Symmetric crypto algorithms are supported,
  - aes with cbc, ecb, cfb, xts, ctr and cts modes
  - des3_ede with cbc and ecb modes
Signed-off-by: NSrikanth Jampala <Jampala.Srikanth@cavium.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add debugfs support in CNN55XX Physical Function driver.
Provides hardware counters and firmware information.
Signed-off-by: NSrikanth Jampala <Jampala.Srikanth@cavium.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>