aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* ipq40xx: add support for ASUS RT-ACRH17/RT-AC42UJoshua Roys2022-01-153-0/+2
| | | | | | | | | | | | | | | | | | | | | SOC: IPQ4019 CPU: Quad-core ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d DRAM: 256 MB NAND: 128 MiB Macronix MX30LF1G18AC ETH: Qualcomm Atheros QCA8075 Gigabit Switch (4x LAN, 1x WAN) USB: 1x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC) WLAN1: Qualcomm Atheros QCA4019 2.4GHz 802.11bgn 2x2:2 WLAN2: Qualcomm Atheros QCA9984 5GHz 802.11nac 4x4:4 INPUT: 1x WPS, 1x Reset LEDS: Status, WIFI1, WIFI2, WAN (red & blue), 4x LAN This board is very similar to the RT-ACRH13/RT-AC58U. It must be flashed with an intermediary initramfs image, the jffs2 ubi volume deleted, and then finally a sysupgrade with the final image performed. Signed-off-by: Joshua Roys <roysjosh@gmail.com> (added ALT0) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* hostapd: add op-class to get_status outputDavid Bauer2022-01-141-2/+9
| | | | | | Include the current operation class to hostapd get_status interface. Signed-off-by: David Bauer <mail@david-bauer.net>
* netifd: update to git HEADHans Dedecker2022-01-141-3/+3
| | | | | | 3043206 system: fix compilation with glibc 2.34 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: enable nftable support by defaultPaul Spooren2022-01-141-2/+2
| | | | | | | | | | | | | | OpenWrt plans to move over to firewall4 which uses nftables under the hood. To allow a smooth migration the package `iptables-nft` offer a transparent wrapper to apply iptables rules to nftables. Without the config option for nftables the package isn't installed and therefore can't be tested. This commit enabled it and therefore provides the wrapper. The size of the iptables package increases from 25436 to 26500 Bytes. Signed-off-by: Paul Spooren <mail@aparcar.org>
* netifd: update to git HEADHans Dedecker2022-01-121-3/+3
| | | | | | | | 96902e8 Revert "netifd: add devtype to ubus call" 29e6acf netifd: add devtype to ubus call 7ccbf08 netifd: add devtype to ubus call Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to git HEADDaniel Golle2022-01-121-3/+3
| | | | | | | | | | ca6c35c uxc: usage message cosmetics e083dd4 uxc: fix two minor issues reported by Coverity 35dfbff procd: jail/cgroups: correctly enable "rdma" when requested 3b3ac64 procd: mount /dev with noexec ac2b8b3 procd: clean up /dev/pts mounts Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* firewall: update to latest HEADKevin Darbyshire-Bryant2022-01-101-3/+3
| | | | | | | | | 0f16ea5 options.c: add DSCP code LE Least Effort 24ba465 firewall3: remove redundant syn check df1306a firewall3: fix locking issue 3624c37 firewall3: support table load on access on Linux 5.15+ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ath79: Add support for OpenMesh OM5P-AC v1Sven Eckelmann2022-01-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Device specifications: ====================== * Qualcomm/Atheros QCA9558 ver 1 rev 0 * 720/600/240 MHz (CPU/DDR/AHB) * 128 MB of RAM * 16 MB of SPI NOR flash - 2x 7 MB available; but one of the 7 MB regions is the recovery image * 2T2R 2.4 GHz Wi-Fi (11n) * 2T2R 5 GHz Wi-Fi (11ac) * 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power) * external h/w watchdog (enabled by default)) * TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX) * TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring * 2x ethernet - eth0 + AR8035 ethernet PHY (RGMII) + 10/100/1000 Mbps Ethernet + 802.3af POE + used as LAN interface - eth1 + AR8035 ethernet PHY (SGMII) + 10/100/1000 Mbps Ethernet + 18-24V passive POE (mode B) + used as WAN interface * 12-24V 1A DC * internal antennas Flashing instructions: ====================== Various methods can be used to install the actual image on the flash. Two easy ones are: ap51-flash ---------- The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be used to transfer the image to the u-boot when the device boots up. initramfs from TFTP ------------------- The serial console must be used to access the u-boot shell during bootup. It can then be used to first boot up the initramfs image from a TFTP server (here with the IP 192.168.1.21): setenv serverip 192.168.1.21 setenv ipaddr 192.168.1.1 tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr The actual sysupgrade image can then be transferred (on the LAN port) to the device via scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/ On the device, the sysupgrade must then be started using sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin Signed-off-by: Sven Eckelmann <sven@narfation.org>
* ath79: Add support for OpenMesh OM5P-ANSven Eckelmann2022-01-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Device specifications: ====================== * Qualcomm/Atheros AR9344 rev 2 * 560/450/225 MHz (CPU/DDR/AHB) * 64 MB of RAM * 16 MB of SPI NOR flash - 2x 7 MB available; but one of the 7 MB regions is the recovery image * 1T1R 2.4 GHz Wi-Fi * 2T2R 5 GHz Wi-Fi * 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power) * 1x GPIO-button (reset) * external h/w watchdog (enabled by default) * TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX) * TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring * 2x ethernet - eth0 + AR8035 ethernet PHY + 10/100/1000 Mbps Ethernet + 802.3af POE + used as LAN interface - eth1 + 10/100 Mbps Ethernet + builtin switch port 1 + 18-24V passive POE (mode B) + used as WAN interface * 12-24V 1A DC * internal antennas Flashing instructions: ====================== Various methods can be used to install the actual image on the flash. Two easy ones are: ap51-flash ---------- The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be used to transfer the image to the u-boot when the device boots up. initramfs from TFTP ------------------- The serial console must be used to access the u-boot shell during bootup. It can then be used to first boot up the initramfs image from a TFTP server (here with the IP 192.168.1.21): setenv serverip 192.168.1.21 setenv ipaddr 192.168.1.1 tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr The actual sysupgrade image can then be transferred (on the LAN port) to the device via scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/ On the device, the sysupgrade must then be started using sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin Signed-off-by: Sven Eckelmann <sven@narfation.org>
* opkg: update to git HEAD of 2022-01-09Daniel Golle2022-01-091-3/+3
| | | | | | | | | | db7fb64 libopkg: pkg_hash: prefer to-be-installed packages 2edcfad libopkg: set 'const' attribute for argv This should fix the ImageBuilder problems people are having since we introduced the 'uci-firewall' providers. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* firewall4: bump to git HEADStijn Tintel2022-01-091-3/+3
| | | | | | | | | | | | 9a509d4 ruleset.uc: consolidate ip and ip6 offload 21f311d ruleset.uc: don't trim newline before comment sign f121383 tests: enable flow offloading in tests 550df40 tests: add test for unknown defaults option 47c5a5b tests: add test for deprecated rule option 69a89d6 tests: add test for unknown rule option 07579df fw4.uc: handle interface zone option Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: add kmod-usb-net-lan78xxJosef Schlehofer2022-01-081-0/+17
| | | | | | | | | | | | | | | | | Add kernel module for Microchip LAN78XX based USB 2 & USB 3 10/100/1000 Ethernet adapters. [1] This kernel module is required for the Seeed Studio's Mini Router based on RPI CM4 [2]. [1] <https://cateee.net/lkddb/web-lkddb/USB_LAN78XX.html> [2] <https://www.seeedstudio.com/Dual-GbE-Carrier-Board-with-4GB-RAM-32GB-eMMC-RPi-CM4-Case-p-5029.html> Link: <https://github.com/openwrt/openwrt/pull/4893> Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (added kmod-phy-microchip and kmod-fixed-phy dependencies, rpi3 needs lan78xx but has it built-in) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: provide kmod-fixed-phy as separate kmodChristian Lamparter2022-01-081-2/+17
| | | | | | | | | | Almost all targets have the fixed-phy feature built into the kernel. One big exception is x86. This caused a problem with the upcoming LAN78xx usb driver. Hence this patch breaks out the fixed-phy from of_mdio (which didn't include the .ko) and puts into a separate module. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: add kmod-phy-microchipChristian Lamparter2022-01-081-0/+15
| | | | | | | | phy drivers for Microchip's LAN88xx PHYs. This is needed for the "LAN7801" variant of the upstream lan78xx usb ethernet driver. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* elfutils: Add missing musl-fts dependencyFlorian Fainelli2022-01-071-1/+1
| | | | | | | | libdw depends on libfts.so when building with the musl-libc library, add this missing dependency. Fixes: 6835ea13f0fa ("elfutils: update to 0.186") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* linux-firmware: add new package r8152-firmwareMarty Jones2022-01-082-1/+15
| | | | | | | | | | | | | | Linux upstream commit https://github.com/torvalds/linux/commit/9370f2d05a2a150b0aa719a3070b26d478180df3 add load firmware file through request_firmware,this affect the nanopi r2s and some USB adapters in kernel 5.10 with this error: 'r8152 4-1:1.0: unable to load firmware patch rtl_nic/rtl8153b-2.fw' This patch split the USB NIC firmware files from r8169 firmware, and adds r8152-firmware to r8152 driver. Add kmod-usb-net-cdc-ncm to support RTL8156A and RTL8156B 2.5G ethernet adapters supported since v5.13-rc1. https://github.com/torvalds/linux/commit/195aae321c829dd1945900d75561e6aa79cce208 Signed-off-by: Marty Jones <mj8263788@gmail.com>
* ltq-ifxos: update to 1.7.1Jan Hoffmann2022-01-086-234/+34
| | | | | | Signed-off-by: Jan Hoffmann <jan@3e8.eu> [fix warnings, switch to tag tarball, update patches] Signed-off-by: Andre Heider <a.heider@gmail.com>
* ltq-vdsl: move to the default device name /dev/dsl_cpe_api/0Andre Heider2022-01-083-14/+3
| | | | | | | This makes patching it for ltq-vdsl-app unnecessary and paves the way for VRX518 support. Signed-off-by: Andre Heider <a.heider@gmail.com>
* busybox: update to 1.35.0Hannu Nyman2022-01-0810-208/+314
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update busybox to 1.35.0 * refresh patches Config refresh: Refresh commands, run after busybox is first built once: cd package/utils/busybox/config/ ../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0 cd .. ./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0/.config > Config-defaults.in Manual edits needed after config refresh: * Config-defaults.in: OpenWrt config symbol IPV6 logic applied to BUSYBOX_DEFAULT_FEATURE_IPV6 * Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec) * Config-defaults.in: OpenWrt logic applied to BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917) * config/editors/Config.in: Add USE_GLIBC dependency to BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090) * config/shell/Config.in : change at "Options common to all shells" the symbol SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html Apparently our script does not see the hidden option while prepending config options with "BUSYBOX_CONFIG_" which leads to a missed dependency when the options are later evaluated.) * Edit Config.in files by adding quotes to sourced items in config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f) Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* mbedtls: enable session ticketsGlenn Strauss2022-01-081-18/+0
| | | | | | | | | | session tickets are a feature of TLSv1.2 and require less memory and overhead on the server than does managing a session cache Building mbedtls with support for session tickets will allow the feature to be used with lighttpd-1.4.56 and later. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* elfutils: update to 0.186Sergey V. Lobanov2022-01-087-145/+30
| | | | | | | | | | | | | | | | | | | | | Upstreamed patches (deleted): 0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch - https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=8382833a257b57b0d288be07d2d5e7af6c102869 110-no-cdefs.patch - https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=d390548df1942e98a1d836269a5e41ba52e121f1 Auto-refreshed: 006-Fix-build-on-aarch64-musl.patch 101-no-fts.patch Manually updated and refreshed: 005-build_only_libs.patch 003-libintl-compatibility.patch 100-musl-compat.patch Disabled _obstack_free check (via configure vars) Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* ramips: add support for Linksys EA6350 v4Nick McKinney2022-01-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifications: - SoC: MT7621DAT (880MHz, 2 Cores) - RAM: 128 MB - Flash: 128 MB NAND - Ethernet: 5x 1GiE MT7530 - WiFi: MT7603/MT7613 - USB: 1x USB 3.0 This is another MT7621 device, very similar to other Linksys EA7300 series devices. Installation: Upload the generated factory.bin image via the stock web firmware updater. Reverting to factory firmware: Like other EA7300 devices, this device has an A/B router configuration to prevent bricking. Hard-resetting this device three (3) times will put the device in failsafe (default) mode. At this point, flash the OEM image to itself and reboot. This puts the router back into the 'B' image and allows for a firmware upgrade. Troubleshooting: If the firmware will not boot, first restore the factory as described above. This will then allow the factory.bin update to be applied properly. Signed-off-by: Nick McKinney <nick@ndmckinney.net>
* utils/mdadm: fix build on hosts without /run dirSergey V. Lobanov2022-01-081-1/+1
| | | | | | | CHECK_RUN_DIR=0 must be a part of MAKE_FLAGS, not MAKE_VARS, otherwise it is not possible to compile mdadm on host without /run dir. Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* toolchain: glibc: Update to version 2.34Hauke Mehrtens2022-01-071-4/+1
| | | | | | | | | | | | glibc version 2.34 does not provide versioned shared libraries any more, it only provides shared libraries using the ABI version. Do not try to copy them any more. The functions from libpthread and librt were integrated into the main binary, the libpthread.so and librt.so are only used for backwards compatibility any more. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firewall4: bump to git HEADStijn Tintel2022-01-061-2/+2
| | | | | | main.uc: fix device gathering Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firewall4: fix syntax error in dependency specJo-Philipp Wich2022-01-061-1/+1
| | | | | Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall/firewall4: provide uci-firewallStijn Tintel2022-01-062-2/+4
| | | | | | | | | | | | | | | | Provide uci-firewall via PROVIDES in both firewall and firewall4. This will allow us to change the dependency of luci-app-firewall to uci-firewall, making it possible to use it with either implementation. Move CONFLICTS from firewall4 to firewall, to solve this recursive dependency problem: tmp/.config-package.in:307:error: recursive dependency detected! tmp/.config-package.in:307: symbol PACKAGE_firewall is selected by PACKAGE_firewall4 tmp/.config-package.in:328: symbol PACKAGE_firewall4 depends on PACKAGE_firewall Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: bump to git HEADStijn Tintel2022-01-061-4/+4
| | | | | | | | | | | | | | | | 4ead2a6 treewide: move executables to /sbin 9ebc2f4 fw4.uc: filter duplicates in fw4.set 85b74f3 treewide: support flow offloading be3b4e6 treewide: support hardware flow offloading 38889b7 treewide: support set timeout 31c7550 fw4.uc: do not skip defaults with invalid option 334a127 fw4.uc: introduce DEPRECATED flag 7a0d38f fw4.uc: add _name as deprecated option 5e7ad3b fw4.uc: don't fail on unknown options be5f4e3 fw4.uc: allow use of cidr in ipsets Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: order DEPENDS alphabeticallyStijn Tintel2022-01-061-1/+5
| | | | | | | Add some line breaks while at at, to improve readability. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: drop kmod-ipt-nat from CONFLICTSStijn Tintel2022-01-061-1/+1
| | | | | | | | The limitation of not being able to use iptables and nft nat at the same time exists only in kernels before 4.18. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* ltq-deu: disable arc4 algorithmDaniel Kestrel2022-01-061-4/+4
| | | | | | | ARC4 was used for WEP, which is not secure anymore. Therefor it is disabled in the driver, but the code is not removed for now. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: add aes_gcm algorithmDaniel Kestrel2022-01-061-0/+313
| | | | | | | | | | | | The lantiq AES hardware does not support the gcm algorithm. But it can be implemented in the driver as a combination of the aes_ctr algorithm and the xor plus gfmul operations for the hashing. Due to the wrapping of the several algorithms and the inefficient 16 byte block by 16 byte block invokation in the kernel implementations, this driver is about 3 times faster for the larger block sizes. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: change PKG_RELEASE to AUTORELEASEDaniel Kestrel2022-01-061-1/+1
| | | | | | As per suggestion by adschm, PKG_RELEASE is set to AUTORELEASE. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: remove redundant code for setting the key in aesDaniel Kestrel2022-01-061-120/+4
| | | | | | | | | | After adding xts and cbcmac the aes algorithm source had three sections for setting the aes key to the hardware which are identical. Method aes_set_key_hw was created which is now called from within the spinlock secured control sections in methods ifx_deu_aes, ifx_deu_aes_xts and aes_cbcmac_final_impl and reduces the size of ifxmips_aes.c. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: add shash cbcmac-aes algorithm to the driverDaniel Kestrel2022-01-061-5/+362
| | | | | | | | | | | | | | | | | | | Since commit 53b6783 hostapd is using the kernel api which includes the cbcmac-aes shash algorithm. The kernels implementation is a wrapper around the aes encryption algorithm, which encrypts block (16 bytes) by block. When the ltq-deu driver is present, it uses hardware aes, but every 16 byte encrypt requires setting the key. This is very inefficient and is a huge overhead. Since the cbcmac-aes is simply a hash that uses the cbc aes algorithm starting with an iv set to x'00' with an optional ecb aes encryption of a possible last incomplete block that is padded with the positional bytes of the last cbc encrypted block, this algorithm is now added to the driver. Most of the code is derived from md5-hmac and tailored for aes. Tested with the kernels crypto testmgr including extra tests against the kernels generic ccm module implementation. This patch also fixes the overallocation in the aes_ctx that is caused by using u32 instead of u8 for the aes keys. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: remove driver disablement for kernel 5.4 and aboveDaniel Kestrel2022-01-061-1/+1
| | | | | | | | Remove the dependency on kernel 5.4 from the Makefile to allow the driver to compile with kernel 5.10 or kernel versions higher than 5.4. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: add aes_xts algorithmDaniel Kestrel2022-01-061-0/+324
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The lantiq AES hardware does not support the xts algorithm. Apart from the cipher text stealing (XTS), the AES XTS implementation is just an XOR with the IV, followed by AES ECB, followed by another XOR with the IV and as such can be also implemented by using the lantiq hardware's CBC AES implemention plus one additional XOR with the IV in the driver. The output IV by CBC AES is also not usable and the gfmul operation not supported by lantiq hardware. Both need to be done in the driver too in addition to the IV treatment which is the initial encryption by the other half of the input key and to set the IV to the IV registers for every block. In the generic kernel implementation, the block size for XTS is set to 16 bytes, although the algorithm is designed to process any size of input larger than 16 bytes. But since there is no way to indicate a minimum input length, the block size is used. This leads to certain issues when the skcipher walk functions are used, e.g. processing less than block size bytes is not supported by calling skcipher_walk_done. The walksize is 2 AES blocks because otherwise for splitted input or output data, less than blocksize is to be returned in some cases, which cannot be processed. Another issue was that depending on possible split of input/output data, just 16 bytes are returned while less than 16 bytes were remaining, while cipher text stealing requires 17 bytes or more for processing. For example, if the input is 60 bytes and the walk is 48, then processing 48 bytes leads to a return code of -EINVAL for skcipher_walk_done. Therefor the processed counter is used to figure out, when the actual cipher text stealing for the remaining bytes less than blocksize needs to be applied. Measured with cryptsetup benchmark, this XTS AES implementation is about 19% faster than the kernels XTS implementation that uses the hardware ECB AES (ca. 18.6 MiB/s vs. 15.8 MiB/s decryption 256b key). The implementation was tested with the kernels crypto testmgr against the kernels generic XTS AES implementation including extended tests. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: update initialisations for hmac algorithmsDaniel Kestrel2022-01-062-6/+4
| | | | | | | | | | | | The processing in the hmac algorithms depends on the status fields: count, dbn and started. Not all were initialised in the init method and after finishing the final method. Added missing fields to init method and call init method after finishing final. The memsets have the wrong size in the original driver and did not clear everything and are not necessary. Since no memset is done in the kernels generic implementation, memsets were removed. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: remove compiler warning and shorten locked sectionsDaniel Kestrel2022-01-067-43/+7
| | | | | | | | | | | | Removing hash pointer in _hmac_setkey since its not needed and causes a compiler warning. Make the spinlock control sections shorter and move initializations out of the control sections to free the spinlock faster for allowing other threads to use the hash engine. Minor improvements for indentation and removal of blanks and blank lines in some areas. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: fix temp size exceed in hmac algorithmsDaniel Kestrel2022-01-062-71/+146
| | | | | | | | | | | | | | | | | | | | | | | | | Exceeding the temp array size was not checked and instead storage not allocated by the driver was used/overwritten which in most cases resulted in reboots. This patch implements processing the input to the hash algorithm in tempsize chunks. The _hmac_final methods were changed to _hmac_final_impl adding a parameter that indicates intermediate or final processing. The started variable was added to the context to indicate, if there is an intermediate result in the context. For sha1_hmac the variable to store the intermediate hash was added to the context too. In order to avoid md5_hmac_final_impl being recursively called if the padding of the input and the resulting last transform during the hmac algorighms final processing causes the temp array to overflow and to make sure that there is at least one block in the temp array when the _hmac_final for final processing is called, the check for exceeding the temp array in _hmac_transform was moved before copying the block and incrementing dbn. dbn needs to be at least 1 at final processing time to let the hash engine apply the opad operation. To make the hash engine not apply the hmac algorithms final opad operation, for intermediate processing the dbn in the control register is set to a higher value than number of dbns are actually processed. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: fix setkey errors and static shared temp for hmac algosDaniel Kestrel2022-01-062-52/+137
| | | | | | | | | | | | | | | | | | | The hmac algorithms state, that keys larger than the key size should be hashed with the underlying hash algorithms and then those hashes are to be used as keys. This patch implements this. In order to avoid allocating a descriptor during setkey, a shash_desc pointer is added to the context. Another issue for multithreaded callers is the shared temp array. The temp array is static and as such would be shared among multithreaded callers, which obviously would neither work nor produce correct results. The temp array (4k size) is moved to the context and since the size of the context is limited, it can only be defined as pointer otherwise the initialisation of the hash algorithm fails. The allocations and freeing of both the temp and the desc pointer in the context are done by implementing cra_init and cra_exit functions for the hmac algorithms. Also improved indentation in some areas. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: fix ifxdeu-ctr-rfc3686(aes) not matching generic implDaniel Kestrel2022-01-061-1/+2
| | | | | | | | Error ifxdeu-ctr-rfc3686(aes) (16) doesn't match generic impl (20) occurs when running the cryptomgr extra tests that compare against the linux kernels generic implementation. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: changes for hash multithread callers and md5 endianessDaniel Kestrel2022-01-066-79/+45
| | | | | | | | | | | | | | | | | | | | | | | | | The algorithms sha1, sha1_hmac and md5_hmac all use ENDI=1. The md5 algorithm uses ENDI=0 and the endian_swap methods to reverse the endianess switch by using user CPU time, which is unnecessary overhead. Danube and AR9 devices do not set endianess for SHA1, so is done for MD5. Furthermore the patch replaces endian_swap with le32_to_cpu for md5 and md5 hmac algorithms and removes endian_swap for them. The init functions initialize the algorithm in the hardware. The lock is not used to write to the control register. If another thread calls another hash algo before update or final, the result will be wrong. Therefore move the algorithm init to the lock protected sections in the transform or final methods. Setting the hw key for the hmac algorithms is now done from within the lock protected sections in their final methods. The lock protecting is removed from the _hmac_setkey_hw functions. In final for md5 and sha1 the lock section is removed, because all the work was already done in transform (which is called from final). As such only copying the hash to the output is required. MD5 and MD5_HMAC produce 16 byte hashes (4 DWORDS) only, therefor writing register D5R to the hash output is removed for MD5_HMAC. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: make deu hash lock global and remove md5_hmac_ exportsDaniel Kestrel2022-01-066-48/+23
| | | | | | | | | | | All hash algorithms use the same base IFX_HASH_CON to access the hash unit. Parallel threads should not be able to call different hash algorithms and therefor a global lock is required. Fixed linker warning, that md5_hmac_init, md5_hmac_update and md5_hmac_final are static export symbols. The export symbols are not required, because the functions are exposed using shash_alg structure. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: add aes_ofb and aes_cfb algorithmsDaniel Kestrel2022-01-061-0/+194
| | | | | | | | | The functions ifx_deu_aes_cfg and ifx_deu_aes_ofb have been part of the driver ever since. But the functions and definitions to make the algorithms actually usable were missing. This patch adds the neccessary code for aes_ofb and aes_cfb algorithms. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: fix cryptomgr test errors for aesDaniel Kestrel2022-01-061-45/+44
| | | | | | | | | | | When running cryptomgr tests against the driver, there are several occurences of different errors for even and uneven splitted data in the underlying scatterlists for the ctr and ctr_rfc3686 algorithms which are now fixed. Fixed error in ctr_rfc3686_aes_decrypt function which was introduced with the previous commit by using CRYPTO_DIR_ENCRYPT in the decrypt function. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: fix cryptomgr test errors for desDaniel Kestrel2022-01-062-31/+58
| | | | | | | | | | | | | | | | | | | | | | When running cryptomgr tests against the driver, there are several occurences of different errors for setkey of des and des3-ede algorithms. Those key checks are already implemented in the kernels des implementation, so this is added as dependency and the kernel methods are called. It also required adding the kernels des/des3 context definitions to the des_ctx internal structure to be able to call the kernel methods. Fixed ifxdeu-des... setkey unexpectedly succeeded on test vector x; expected_error=-22. Fixed ifxdeu-des... setkey failed on test vector x; expected_error=0, actual_error=-22. Renamed des_ctx internal structure and des_encrypt/des_decrypt methods because they are already defined in the kernel module. Fixed wrong DES_xxx constant definitions in crypto_alg definition for ifxdeu_des3_ede_alg. Fixed method comment errors. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: convert SHA1 after library impl of SHA1 was removedDaniel Kestrel2022-01-062-9/+9
| | | | | | | | | The <linux/cryptohash.h> was removed with Linux 5.8, because it only contained the library implementation of SHA1, which was folded into <crypto/sha.h>. So switch this driver away from using <linux/cryptohash.h>. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: convert blkcipher to skcipherDaniel Kestrel2022-01-063-464/+413
| | | | | | | | | Convert blkcipher to skcipher for the synchronous versions of AES, DES and ARC4. The Block Cipher API was depracated for a while and was removed with Linux 5.5. So switch this driver to the skcipher API. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
* ltq-deu: set correct control register for AESDaniel Kestrel2022-01-061-1/+1
| | | | | | | | | | | | Some devices initialize AES during boot and AES works out of the box and the correct endianess is set. NDC means (No Danube Compatibility Mode) and the endianess setting has no effect if its set to 0. NDC 0: OFF ENDI bit cannot be written as in Danube To make it work for other devices, the NDC control register needs to be set to 1. Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>