Add support for AES Counter Mode (CTR) compliant with RFC3686 to be
used along with authenc algorithms (md5, sha1, sha224, sha256, sha384,
sha512) as one-shot aead algorithms.
Signed-off-by: NCatalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for Advanced Encryption Standard (AES) in Counter Mode (CTR)
as provided in IPsec implementation standard RFC3686.

ablkcipher shared descriptors now save context registers after job
execution. This is used to load Nonce specific to RFC3686 only at
first execution of shared job descriptor.
Signed-off-by: NCatalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for AES working in Counter Mode
Signed-off-by: NCatalin Vasile <catalin.vasile@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add AES-GMAC as an IPSec ESP mechanism to provide
data origin authentication, but not confidentiality.
This method is referred as ENCR_NULL_AUTH_AES_GMAC.
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The previous limits were estimated locally in a single step
basead on bound values, however it was not correct since
when given certain scatterlist the function nx_build_sg_lists
was consuming more sg entries than allocated causing a
memory corruption and crashes.

e.g.: in the worst case we could have one sg entry for a single byte.

This patch fixes it modifying the logic of the bound limit
moving it to nx_sg_build_lists and set a correct sg_max limit,
adding a trim function to ensure the bound in sg_list. Also fixing
nx_build_sg_list  NULL and untreated return in case of overflow.
Signed-off-by: NLeonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

NX SHA algorithms stores the message digest into tfm what
cause a concurrence issue where hashes may be replaced by others.
This patch cleans up the cases where it's handling unnecessarily shared
variables in nx context and copies the current msg digest to a sctx->state
in order to safetly handle with the hashe's state.

Also fixes and does some clean ups regarding the right sg max limit
and bounds to the sg list avoind a memory crash.
Signed-off-by: NLeonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The previous limits were estimated locally in a single step
basead on bound values, however it was not correct since
when given certain scatterlist the function nx_build_sg_lists
was consuming more sg entries than allocated causing a
memory corruption and crashes.

This patch removes the old logic and replaces it into nx_sg_build_lists
in order to build a correct nx_sg list using the correct sg_max limit
and bounds.
Signed-off-by: NLeonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The previous limits were estimated locally in a single step
basead on bound values, however it was not correct since
when given certain scatterlist the function nx_build_sg_lists
was consuming more sg entries than allocated causing a
memory corruption and crashes.

This patch removes the old logic and replace it into nx_sg_build_lists
in order to build a correct nx_sg list using the correct sg_max limit
and bounds.
Signed-off-by: NLeonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The previous limits were estimated locally in a single step
basead on bound values, however it was not correct since
when given certain scatterlist the function nx_build_sg_lists
was consuming more sg entries than allocated causing a
memory corruption and crashes.

This patch removes the old logic and replaces it into nx_sg_build_lists
in order to build a correct nx_sg list using the correct sg_max limit
and bounds.
Signed-off-by: NLeonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The previous limits were estimated locally in a single step
basead on bound values, however it was not correct since
when given certain scatterlist the function nx_build_sg_lists
was consuming more sg entries than allocated causing a
memory corruption and crashes.

- This patch removes the old logic and replaces it into nx_sg_build_lists
in order to build a correct nx_sg list using the correct sg_max limit
and bounds.

IV vector was not set correctly to zero causing ctr crash in tcrypt tests.

- Fixed setting IV vector  bits to zero.
Signed-off-by: NLeonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The previous limits were estimated locally in a single step
basead on bound values, however it was not correct since
when given certain scatterlist the function nx_build_sg_lists
was consuming more sg entries than allocated causing a
memory corruption and crashes.

This patch removes the old logic and replaces it into nx_sg_build_lists in
order to build a correct nx_sg list using the correct sg_max limit and
bounds.
Signed-off-by: NLeonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The previous limits were estimated locally in a single step
basead on bound values, however it was not correct since
when given certain scatterlist the function nx_build_sg_lists
was consuming more sg entries than allocated causing a
memory corruption and crashes.

This patch removes the old logic and replaces it into nx_sg_build_lists
in order to build a correct nx_sg list using the correct sg_max limit
and bounds.
Signed-off-by: NLeonidas S. Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fixes the assumption that output sequence is not contiguous
when input sequence is not contiguous and in-place encryption is done.
Output sequence does not need to be contiguous with associated data.
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Move PCI BARs definitions to device specific module where it belongs.
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM)
as an IPsec Encapsulating Security Payload (ESP) mechanism
to provide confidentiality and data origin authentication.
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add support for AES working in Galois Counter Mode.

There is a limitation related to IV size, similar to the one present in
SW implementation (crypto/gcm.c):
The only IV size allowed is 12 bytes. It will be padded by HW to the right
with 0x0000_0001 (up to 16 bytes - AES block size), according to the GCM
specification.
Signed-off-by: NTudor Ambarus <tudor.ambarus@freescale.com>
Signed-off-by: NHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: NBruce Allan <bruce.w.allan@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

WARNING:UNNECESSARY_BREAK: break is not useful after a goto or return
#472: FILE: drivers/crypto/qat/qat_common/qat_algs.c:472:
+               goto bad_key;
+               break;
Signed-off-by: NBruce Allan <bruce.w.allan@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Analyzing with coccinelle MODE=report...

Please check for false positives in the output before submitting a patch.
When using "patch" mode, carefully review the patch before submitting it.

drivers/crypto/qat/qat_dh895xcc/adf_isr.c:191:3-8: WARNING: NULL check
before freeing functions like kfree, debugfs_remove,
debugfs_remove_recursive or usb_free_urb is not needed. Maybe consider
reorganizing relevant code to avoid passing NULL values.

drivers/crypto/qat/qat_dh895xcc/adf_isr.c:208:3-8: WARNING: NULL check
before freeing functions like kfree, debugfs_remove,
debugfs_remove_recursive or usb_free_urb is not needed. Maybe consider
reorganizing relevant code to avoid passing NULL values.
Signed-off-by: NBruce Allan <bruce.w.allan@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The mutex table_lock is unlocked in two functions without first being locked.
Fix the functions to properly protect the accel_table with the table_lock.

Also, fix a spelling error in one of the function's header comment.
Signed-off-by: NBruce Allan <bruce.w.allan@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.

The new code can be compiled with both gcc and clang.
Signed-off-by: NBehan Webster <behanw@converseincode.com>
Reviewed-by: NMark Charlebois <charlebm@gmail.com>
Reviewed-by: NJan-Simon Möller <dl9pf@gmx.de>
Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.

The new code can be compiled with both gcc and clang.
Signed-off-by: NBehan Webster <behanw@converseincode.com>
Reviewed-by: NMark Charlebois <charlebm@gmail.com>
Reviewed-by: NJan-Simon Möller <dl9pf@gmx.de>
Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.

The new code can be compiled with both gcc and clang.
Signed-off-by: NBehan Webster <behanw@converseincode.com>
Reviewed-by: NMark Charlebois <charlebm@gmail.com>
Reviewed-by: NJan-Simon Möller <dl9pf@gmx.de>
Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.

The new code can be compiled with both gcc and clang.
Signed-off-by: NBehan Webster <behanw@converseincode.com>
Reviewed-by: NMark Charlebois <charlebm@gmail.com>
Reviewed-by: NJan-Simon Möller <dl9pf@gmx.de>
Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.

The new code can be compiled with both gcc and clang.
Signed-off-by: NJan-Simon Möller <dl9pf@gmx.de>
Signed-off-by: NBehan Webster <behanw@converseincode.com>
Reviewed-by: NMark Charlebois <charlebm@gmail.com>
Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>

Commit 7bced397 ("net_dma: simple removal") removed the long-dead
net_dma code, but unintentionally broke the build for the qualcomm
crypto engine (qce) that had accidentally depended on the inclusion of
<linux/dmaengine.h> through the networking header files that used to
have it.

Add the required dmaengine.h include explicitly to fix the breakage.
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

If the ccp is built as a built-in module, then ccp-crypto (whether
built as a module or a built-in module) will be able to load and
it will register its crypto algorithms.  If the system does not have
a CCP this will result in -ENODEV being returned whenever a command
is attempted to be queued by the registered crypto algorithms.

Add an API, ccp_present(), that checks for the presence of a CCP
on the system.  The ccp-crypto module can use this to determine if it
should register it's crypto alogorithms.

Cc: stable@vger.kernel.org
Reported-by: NScot Doyle <lkml14@scotdoyle.com>
Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
Tested-by: NScot Doyle <lkml14@scotdoyle.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Removed additional bufer for HW state for partial requests, which are not going
to be supported.
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Fix typo. resp_hanlder should be resp_handler
Signed-off-by: NBruce Allan <bruce.w.allan@intel.com>
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Enable interrupts from all 32 bundles.
Signed-off-by: NConor McLoughlin <conor.mcloughlin@intel.com>
Signed-off-by: NTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

CAAM's memory is broken into following address blocks:
Block           Included Registers
0               General Registers
1-4             Job ring registers
6               RTIC registers
7               QI registers
8               DECO and CCB

Size of the above stated blocks varies in various platforms. The block size can be 4K or 64K.
The block size can be dynamically determined by reading CTPR register in CAAM.
This patch initializes the block addresses dynamically based on the value read from this register.
Signed-off-by: NRuchika Gupta <r66431@freescale.com>
Signed-off-by: NNitesh Narayan Lal <b44382@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch fix spelling typo in printk.
Signed-off-by: NMasanari Iida <standby24x7@gmail.com>
Acked-by: NGeert Uytterhoeven <geert@linux-m68k.org>
Acked-by: NRandy Dunlap <rdunlap@infradead.org>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

Clearly this was meant to be an include guard, but the #define was
missing.
Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

As result of deprecation of MSI-X/MSI enablement functions
pci_enable_msix() and pci_enable_msi_block() all drivers
using these two interfaces need to be updated to use the
new pci_enable_msi_range()  or pci_enable_msi_exact()
and pci_enable_msix_range() or pci_enable_msix_exact()
interfaces.

Cc: Tadeusz Struk <tadeusz.struk@intel.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: qat-linux@intel.com
Cc: linux-crypto@vger.kernel.org
Cc: linux-pci@vger.kernel.org
Signed-off-by: NAlexander Gordeev <agordeev@redhat.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

buf_0 and buf_1 in caam_hash_state are not next to each other.
Accessing buf_1 is incorrect from &buf_0 with an offset of only
size_of(buf_0). The same issue is also with buflen_0 and buflen_1

Cc: <stable@vger.kernel.org> # 3.13+
Signed-off-by: NCristian Stoica <cristian.stoica@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replace equivalent (and partially incorrect) scatter-gather functions
with ones from crypto-API.

The replacement is motivated by page-faults in sg_copy_part triggered
by successive calls to crypto_hash_update. The following fault appears
after calling crypto_ahash_update twice, first with 13 and then
with 285 bytes:

Unable to handle kernel paging request for data at address 0x00000008
Faulting instruction address: 0xf9bf9a8c
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=8 CoreNet Generic
Modules linked in: tcrypt(+) caamhash caam_jr caam tls
CPU: 6 PID: 1497 Comm: cryptomgr_test Not tainted
3.12.19-rt30-QorIQ-SDK-V1.6+g9fda9f2 #75
task: e9308530 ti: e700e000 task.ti: e700e000
NIP: f9bf9a8c LR: f9bfcf28 CTR: c0019ea0
REGS: e700fb80 TRAP: 0300   Not tainted
(3.12.19-rt30-QorIQ-SDK-V1.6+g9fda9f2)
MSR: 00029002 <CE,EE,ME>  CR: 44f92024  XER: 20000000
DEAR: 00000008, ESR: 00000000

GPR00: f9bfcf28 e700fc30 e9308530 e70b1e55 00000000 ffffffdd e70b1e54 0bebf888
GPR08: 902c7ef5 c0e771e2 00000002 00000888 c0019ea0 00000000 00000000 c07a4154
GPR16: c08d0000 e91a8f9c 00000001 e98fb400 00000100 e9c83028 e70b1e08 e70b1d48
GPR24: e992ce10 e70b1dc8 f9bfe4f4 e70b1e55 ffffffdd e70b1ce0 00000000 00000000
NIP [f9bf9a8c] sg_copy+0x1c/0x100 [caamhash]
LR [f9bfcf28] ahash_update_no_ctx+0x628/0x660 [caamhash]
Call Trace:
[e700fc30] [f9bf9c50] sg_copy_part+0xe0/0x160 [caamhash] (unreliable)
[e700fc50] [f9bfcf28] ahash_update_no_ctx+0x628/0x660 [caamhash]
[e700fcb0] [f954e19c] crypto_tls_genicv+0x13c/0x300 [tls]
[e700fd10] [f954e65c] crypto_tls_encrypt+0x5c/0x260 [tls]
[e700fd40] [c02250ec] __test_aead.constprop.9+0x2bc/0xb70
[e700fe40] [c02259f0] alg_test_aead+0x50/0xc0
[e700fe60] [c02241e4] alg_test+0x114/0x2e0
[e700fee0] [c022276c] cryptomgr_test+0x4c/0x60
[e700fef0] [c004f658] kthread+0x98/0xa0
[e700ff40] [c000fd04] ret_from_kernel_thread+0x5c/0x64
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

In case of error, the function device_create() returns ERR_PTR()
and never returns NULL. The NULL test in the return value check
should be replaced with IS_ERR().
Signed-off-by: NWei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The sampling of the oscillator can be done in multiple modes for
generating the entropy value. By default, this is set to von
Neumann. This patch changes the sampling to raw data, since it
has been discovered that the generated entropy has a better
'quality'.
Signed-off-by: NAlex Porosanu <alexandru.porosanu@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The entropy delay (the length in system clocks of each
entropy sample) for the RNG4 block of CAAM is dependent
on the frequency of the SoC. By elaborate methods, it
has been determined that a good starting value for all
platforms integrating the CAAM IP is 3200. Using a
higher value has additional benefit of  speeding up
the process of instantiating the RNG, since the entropy
delay will be increased and instantiation of the RNG
state handles will be reattempted by the driver. If the
starting value is low, for certain platforms, this can
lead to a quite lengthy process.
This patch changes the starting value of the length of
the entropy sample to 3200 system clocks.
In addition to this change, the attempted entropy delay
values are now printed on the console upon initialization
of the RNG block.
While here, a safeguard for yielding the processor was
added for ensuring that in very adverse cases,
the CPU isn't hogged by the instantiation loop.
Signed-off-by: NAlex Porosanu <alexandru.porosanu@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The rtfrqmax & rtfrqmin set the bounds of the expected frequency of the
oscillator, when SEC runs at its maximum frequency. For certain platforms
(f.i. T2080), the oscillator is very fast and thus if the SEC runs at
a lower than normal frequency, the ring oscillator is incorrectly detected
as being out of bounds.

This patch effectively disables the maximum frequency check, by setting a
high enough maximum allowable frequency for the oscillator. The reasoning
behind this is that usually a broken oscillator will run too slow
(i.e. not run at all) rather than run too fast.
Signed-off-by: NAlex Porosanu <alexandru.porosanu@freescale.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>