From 16e39624b728264bd4759580f6292bffefcae466 Mon Sep 17 00:00:00 2001 From: Christian Lamparter Date: Sat, 28 Apr 2018 22:08:09 +0200 Subject: apm821xx: backport and reassign crypto4xx patches This patch backports several patches that went upstream into Herbert Xu's cryptodev-2.6 tree: crypto: Use zeroing memory allocator instead of allocator/memset crypto: crypto4xx - performance optimizations crypto: crypto4xx - convert to skcipher crypto: crypto4xx - avoid VLA use crypto: crypto4xx - add aes-ctr support crypto: crypto4xx - properly set IV after de- and encrypt crypto: crypto4xx - extend aead fallback checks crypto: crypto4xx - put temporary dst sg into request ctx The older, outstanding patches from 120-wxyz series have been upstreamed as well and therefore they have been reassigned to fit into the series. Signed-off-by: Christian Lamparter --- ...to4xx-shuffle-iomap-in-front-of-request_i.patch | 71 +++ ...crypto-crypto4xx-support-Revision-B-parts.patch | 150 ++++++ ...-crypto-crypto4xx-fix-missing-irq-devname.patch | 37 ++ ...21-0004-crypto-crypto4xx-kill-MODULE_NAME.patch | 47 ++ ...to4xx-perform-aead-icv-check-in-the-drive.patch | 146 ++++++ ...zeroing-memory-allocator-instead-of-alloc.patch | 39 ++ ...rypto-crypto4xx-performance-optimizations.patch | 159 ++++++ ...0003-crypto-crypto4xx-convert-to-skcipher.patch | 578 +++++++++++++++++++++ .../022-0004-crypto-crypto4xx-avoid-VLA-use.patch | 61 +++ ...0005-crypto-crypto4xx-add-aes-ctr-support.patch | 247 +++++++++ ...to4xx-properly-set-IV-after-de-and-encryp.patch | 71 +++ ...pto-crypto4xx-extend-aead-fallback-checks.patch | 102 ++++ ...to4xx-put-temporary-dst-sg-into-request-c.patch | 157 ++++++ ...to4xx-shuffle-iomap-in-front-of-request_i.patch | 71 --- ...crypto-crypto4xx-support-Revision-B-parts.patch | 150 ------ ...-crypto-crypto4xx-fix-missing-irq-devname.patch | 37 -- ...20-0004-crypto-crypto4xx-kill-MODULE_NAME.patch | 47 -- ...to4xx-perform-aead-icv-check-in-the-drive.patch | 146 ------ ...rypto-crypto4xx-performance-optimizations.patch | 158 ------ 19 files changed, 1865 insertions(+), 609 deletions(-) create mode 100644 target/linux/apm821xx/patches-4.14/021-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch create mode 100644 target/linux/apm821xx/patches-4.14/021-0002-crypto-crypto4xx-support-Revision-B-parts.patch create mode 100644 target/linux/apm821xx/patches-4.14/021-0003-crypto-crypto4xx-fix-missing-irq-devname.patch create mode 100644 target/linux/apm821xx/patches-4.14/021-0004-crypto-crypto4xx-kill-MODULE_NAME.patch create mode 100644 target/linux/apm821xx/patches-4.14/021-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch create mode 100644 target/linux/apm821xx/patches-4.14/022-0001-crypto-Use-zeroing-memory-allocator-instead-of-alloc.patch create mode 100644 target/linux/apm821xx/patches-4.14/022-0002-crypto-crypto4xx-performance-optimizations.patch create mode 100644 target/linux/apm821xx/patches-4.14/022-0003-crypto-crypto4xx-convert-to-skcipher.patch create mode 100644 target/linux/apm821xx/patches-4.14/022-0004-crypto-crypto4xx-avoid-VLA-use.patch create mode 100644 target/linux/apm821xx/patches-4.14/022-0005-crypto-crypto4xx-add-aes-ctr-support.patch create mode 100644 target/linux/apm821xx/patches-4.14/022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch create mode 100644 target/linux/apm821xx/patches-4.14/022-0007-crypto-crypto4xx-extend-aead-fallback-checks.patch create mode 100644 target/linux/apm821xx/patches-4.14/022-0008-crypto-crypto4xx-put-temporary-dst-sg-into-request-c.patch delete mode 100644 target/linux/apm821xx/patches-4.14/120-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch delete mode 100644 target/linux/apm821xx/patches-4.14/120-0002-crypto-crypto4xx-support-Revision-B-parts.patch delete mode 100644 target/linux/apm821xx/patches-4.14/120-0003-crypto-crypto4xx-fix-missing-irq-devname.patch delete mode 100644 target/linux/apm821xx/patches-4.14/120-0004-crypto-crypto4xx-kill-MODULE_NAME.patch delete mode 100644 target/linux/apm821xx/patches-4.14/120-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch delete mode 100644 target/linux/apm821xx/patches-4.14/120-0006-crypto-crypto4xx-performance-optimizations.patch (limited to 'target') diff --git a/target/linux/apm821xx/patches-4.14/021-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch b/target/linux/apm821xx/patches-4.14/021-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch new file mode 100644 index 0000000000..fc8df38867 --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/021-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch @@ -0,0 +1,71 @@ +From 4baa099377d73ea99c7802a9685815b32e8bf119 Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 21 Dec 2017 15:08:18 +0100 +Subject: [PATCH 1/6] crypto: crypto4xx - shuffle iomap in front of request_irq + +It is possible to avoid the ce_base null pointer check in the +drivers' interrupt handler routine "crypto4xx_ce_interrupt_handler()" +by simply doing the iomap in front of the IRQ registration. + +This way, the ce_base will always be valid in the handler and +a branch in an critical path can be avoided. + +Signed-off-by: Christian Lamparter +--- + drivers/crypto/amcc/crypto4xx_core.c | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -1075,9 +1075,6 @@ static irqreturn_t crypto4xx_ce_interrup + struct device *dev = (struct device *)data; + struct crypto4xx_core_device *core_dev = dev_get_drvdata(dev); + +- if (!core_dev->dev->ce_base) +- return 0; +- + writel(PPC4XX_INTERRUPT_CLR, + core_dev->dev->ce_base + CRYPTO4XX_INT_CLR); + tasklet_schedule(&core_dev->tasklet); +@@ -1325,13 +1322,6 @@ static int crypto4xx_probe(struct platfo + tasklet_init(&core_dev->tasklet, crypto4xx_bh_tasklet_cb, + (unsigned long) dev); + +- /* Register for Crypto isr, Crypto Engine IRQ */ +- core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0); +- rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0, +- core_dev->dev->name, dev); +- if (rc) +- goto err_request_irq; +- + core_dev->dev->ce_base = of_iomap(ofdev->dev.of_node, 0); + if (!core_dev->dev->ce_base) { + dev_err(dev, "failed to of_iomap\n"); +@@ -1339,6 +1329,13 @@ static int crypto4xx_probe(struct platfo + goto err_iomap; + } + ++ /* Register for Crypto isr, Crypto Engine IRQ */ ++ core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0); ++ rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0, ++ core_dev->dev->name, dev); ++ if (rc) ++ goto err_request_irq; ++ + /* need to setup pdr, rdr, gdr and sdr before this */ + crypto4xx_hw_init(core_dev->dev); + +@@ -1352,11 +1349,11 @@ static int crypto4xx_probe(struct platfo + return 0; + + err_start_dev: +- iounmap(core_dev->dev->ce_base); +-err_iomap: + free_irq(core_dev->irq, dev); + err_request_irq: + irq_dispose_mapping(core_dev->irq); ++ iounmap(core_dev->dev->ce_base); ++err_iomap: + tasklet_kill(&core_dev->tasklet); + err_build_sdr: + crypto4xx_destroy_sdr(core_dev->dev); diff --git a/target/linux/apm821xx/patches-4.14/021-0002-crypto-crypto4xx-support-Revision-B-parts.patch b/target/linux/apm821xx/patches-4.14/021-0002-crypto-crypto4xx-support-Revision-B-parts.patch new file mode 100644 index 0000000000..1adad96fe1 --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/021-0002-crypto-crypto4xx-support-Revision-B-parts.patch @@ -0,0 +1,150 @@ +From 1e932b627e79aa2c70e2c7278e4ac930303faa3f Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 21 Dec 2017 15:09:18 +0100 +Subject: [PATCH 2/6] crypto: crypto4xx - support Revision B parts + +This patch adds support for the crypto4xx RevB cores +found in the 460EX, 460SX and later cores (like the APM821xx). + +Without this patch, the crypto4xx driver will not be +able to process any offloaded requests and simply hang +indefinitely. + +Signed-off-by: Christian Lamparter +--- + drivers/crypto/amcc/crypto4xx_core.c | 48 +++++++++++++++++++++++++++++---- + drivers/crypto/amcc/crypto4xx_core.h | 1 + + drivers/crypto/amcc/crypto4xx_reg_def.h | 4 ++- + 3 files changed, 47 insertions(+), 6 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -128,7 +128,14 @@ static void crypto4xx_hw_init(struct cry + writel(PPC4XX_INT_DESCR_CNT, dev->ce_base + CRYPTO4XX_INT_DESCR_CNT); + writel(PPC4XX_INT_DESCR_CNT, dev->ce_base + CRYPTO4XX_INT_DESCR_CNT); + writel(PPC4XX_INT_CFG, dev->ce_base + CRYPTO4XX_INT_CFG); +- writel(PPC4XX_PD_DONE_INT, dev->ce_base + CRYPTO4XX_INT_EN); ++ if (dev->is_revb) { ++ writel(PPC4XX_INT_TIMEOUT_CNT_REVB << 10, ++ dev->ce_base + CRYPTO4XX_INT_TIMEOUT_CNT); ++ writel(PPC4XX_PD_DONE_INT | PPC4XX_TMO_ERR_INT, ++ dev->ce_base + CRYPTO4XX_INT_EN); ++ } else { ++ writel(PPC4XX_PD_DONE_INT, dev->ce_base + CRYPTO4XX_INT_EN); ++ } + } + + int crypto4xx_alloc_sa(struct crypto4xx_ctx *ctx, u32 size) +@@ -1070,18 +1077,29 @@ static void crypto4xx_bh_tasklet_cb(unsi + /** + * Top Half of isr. + */ +-static irqreturn_t crypto4xx_ce_interrupt_handler(int irq, void *data) ++static inline irqreturn_t crypto4xx_interrupt_handler(int irq, void *data, ++ u32 clr_val) + { + struct device *dev = (struct device *)data; + struct crypto4xx_core_device *core_dev = dev_get_drvdata(dev); + +- writel(PPC4XX_INTERRUPT_CLR, +- core_dev->dev->ce_base + CRYPTO4XX_INT_CLR); ++ writel(clr_val, core_dev->dev->ce_base + CRYPTO4XX_INT_CLR); + tasklet_schedule(&core_dev->tasklet); + + return IRQ_HANDLED; + } + ++static irqreturn_t crypto4xx_ce_interrupt_handler(int irq, void *data) ++{ ++ return crypto4xx_interrupt_handler(irq, data, PPC4XX_INTERRUPT_CLR); ++} ++ ++static irqreturn_t crypto4xx_ce_interrupt_handler_revb(int irq, void *data) ++{ ++ return crypto4xx_interrupt_handler(irq, data, PPC4XX_INTERRUPT_CLR | ++ PPC4XX_TMO_ERR_INT); ++} ++ + /** + * Supported Crypto Algorithms + */ +@@ -1263,6 +1281,8 @@ static int crypto4xx_probe(struct platfo + struct resource res; + struct device *dev = &ofdev->dev; + struct crypto4xx_core_device *core_dev; ++ u32 pvr; ++ bool is_revb = true; + + rc = of_address_to_resource(ofdev->dev.of_node, 0, &res); + if (rc) +@@ -1279,6 +1299,7 @@ static int crypto4xx_probe(struct platfo + mfdcri(SDR0, PPC405EX_SDR0_SRST) | PPC405EX_CE_RESET); + mtdcri(SDR0, PPC405EX_SDR0_SRST, + mfdcri(SDR0, PPC405EX_SDR0_SRST) & ~PPC405EX_CE_RESET); ++ is_revb = false; + } else if (of_find_compatible_node(NULL, NULL, + "amcc,ppc460sx-crypto")) { + mtdcri(SDR0, PPC460SX_SDR0_SRST, +@@ -1301,7 +1322,22 @@ static int crypto4xx_probe(struct platfo + if (!core_dev->dev) + goto err_alloc_dev; + ++ /* ++ * Older version of 460EX/GT have a hardware bug. ++ * Hence they do not support H/W based security intr coalescing ++ */ ++ pvr = mfspr(SPRN_PVR); ++ if (is_revb && ((pvr >> 4) == 0x130218A)) { ++ u32 min = PVR_MIN(pvr); ++ ++ if (min < 4) { ++ dev_info(dev, "RevA detected - disable interrupt coalescing\n"); ++ is_revb = false; ++ } ++ } ++ + core_dev->dev->core_dev = core_dev; ++ core_dev->dev->is_revb = is_revb; + core_dev->device = dev; + spin_lock_init(&core_dev->lock); + INIT_LIST_HEAD(&core_dev->dev->alg_list); +@@ -1331,7 +1367,9 @@ static int crypto4xx_probe(struct platfo + + /* Register for Crypto isr, Crypto Engine IRQ */ + core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0); +- rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0, ++ rc = request_irq(core_dev->irq, is_revb ? ++ crypto4xx_ce_interrupt_handler_revb : ++ crypto4xx_ce_interrupt_handler, 0, + core_dev->dev->name, dev); + if (rc) + goto err_request_irq; +--- a/drivers/crypto/amcc/crypto4xx_core.h ++++ b/drivers/crypto/amcc/crypto4xx_core.h +@@ -109,6 +109,7 @@ struct crypto4xx_device { + struct list_head alg_list; /* List of algorithm supported + by this device */ + struct ratelimit_state aead_ratelimit; ++ bool is_revb; + }; + + struct crypto4xx_core_device { +--- a/drivers/crypto/amcc/crypto4xx_reg_def.h ++++ b/drivers/crypto/amcc/crypto4xx_reg_def.h +@@ -121,13 +121,15 @@ + #define PPC4XX_PD_SIZE 6 + #define PPC4XX_CTX_DONE_INT 0x2000 + #define PPC4XX_PD_DONE_INT 0x8000 ++#define PPC4XX_TMO_ERR_INT 0x40000 + #define PPC4XX_BYTE_ORDER 0x22222 + #define PPC4XX_INTERRUPT_CLR 0x3ffff + #define PPC4XX_PRNG_CTRL_AUTO_EN 0x3 + #define PPC4XX_DC_3DES_EN 1 + #define PPC4XX_TRNG_EN 0x00020000 +-#define PPC4XX_INT_DESCR_CNT 4 ++#define PPC4XX_INT_DESCR_CNT 7 + #define PPC4XX_INT_TIMEOUT_CNT 0 ++#define PPC4XX_INT_TIMEOUT_CNT_REVB 0x3FF + #define PPC4XX_INT_CFG 1 + /** + * all follow define are ad hoc diff --git a/target/linux/apm821xx/patches-4.14/021-0003-crypto-crypto4xx-fix-missing-irq-devname.patch b/target/linux/apm821xx/patches-4.14/021-0003-crypto-crypto4xx-fix-missing-irq-devname.patch new file mode 100644 index 0000000000..a295fa4616 --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/021-0003-crypto-crypto4xx-fix-missing-irq-devname.patch @@ -0,0 +1,37 @@ +From 00179ef6e3c4e5db6258cd6e273e4063b8437d18 Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 21 Dec 2017 15:10:18 +0100 +Subject: [PATCH 3/6] crypto: crypto4xx - fix missing irq devname + +crypto4xx_device's name variable is not set to anything. +The common devname for request_irq seems to be the module +name. This will fix the seemingly anonymous interrupt +entry in /proc/interrupts for crypto4xx. + +Signed-off-by: Christian Lamparter +--- + drivers/crypto/amcc/crypto4xx_core.c | 2 +- + drivers/crypto/amcc/crypto4xx_core.h | 1 - + 2 files changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -1370,7 +1370,7 @@ static int crypto4xx_probe(struct platfo + rc = request_irq(core_dev->irq, is_revb ? + crypto4xx_ce_interrupt_handler_revb : + crypto4xx_ce_interrupt_handler, 0, +- core_dev->dev->name, dev); ++ KBUILD_MODNAME, dev); + if (rc) + goto err_request_irq; + +--- a/drivers/crypto/amcc/crypto4xx_core.h ++++ b/drivers/crypto/amcc/crypto4xx_core.h +@@ -82,7 +82,6 @@ struct pd_uinfo { + + struct crypto4xx_device { + struct crypto4xx_core_device *core_dev; +- char *name; + void __iomem *ce_base; + void __iomem *trng_base; + diff --git a/target/linux/apm821xx/patches-4.14/021-0004-crypto-crypto4xx-kill-MODULE_NAME.patch b/target/linux/apm821xx/patches-4.14/021-0004-crypto-crypto4xx-kill-MODULE_NAME.patch new file mode 100644 index 0000000000..4ee99f44cf --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/021-0004-crypto-crypto4xx-kill-MODULE_NAME.patch @@ -0,0 +1,47 @@ +From c3621f23fed7d6fff33083ae538004ea59c01d8f Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 21 Dec 2017 15:11:18 +0100 +Subject: [PATCH 4/6] crypto: crypto4xx - kill MODULE_NAME + +KBUILD_MODNAME provides the same value. + +Signed-off-by: Christian Lamparter +--- + drivers/crypto/amcc/crypto4xx_core.c | 2 +- + drivers/crypto/amcc/crypto4xx_core.h | 2 -- + drivers/crypto/amcc/crypto4xx_trng.c | 2 +- + 3 files changed, 2 insertions(+), 4 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -1432,7 +1432,7 @@ MODULE_DEVICE_TABLE(of, crypto4xx_match) + + static struct platform_driver crypto4xx_driver = { + .driver = { +- .name = MODULE_NAME, ++ .name = KBUILD_MODNAME, + .of_match_table = crypto4xx_match, + }, + .probe = crypto4xx_probe, +--- a/drivers/crypto/amcc/crypto4xx_core.h ++++ b/drivers/crypto/amcc/crypto4xx_core.h +@@ -28,8 +28,6 @@ + #include "crypto4xx_reg_def.h" + #include "crypto4xx_sa.h" + +-#define MODULE_NAME "crypto4xx" +- + #define PPC460SX_SDR0_SRST 0x201 + #define PPC405EX_SDR0_SRST 0x200 + #define PPC460EX_SDR0_SRST 0x201 +--- a/drivers/crypto/amcc/crypto4xx_trng.c ++++ b/drivers/crypto/amcc/crypto4xx_trng.c +@@ -92,7 +92,7 @@ void ppc4xx_trng_probe(struct crypto4xx_ + if (!rng) + goto err_out; + +- rng->name = MODULE_NAME; ++ rng->name = KBUILD_MODNAME; + rng->data_present = ppc4xx_trng_data_present; + rng->data_read = ppc4xx_trng_data_read; + rng->priv = (unsigned long) dev; diff --git a/target/linux/apm821xx/patches-4.14/021-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch b/target/linux/apm821xx/patches-4.14/021-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch new file mode 100644 index 0000000000..0dbd924e3c --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/021-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch @@ -0,0 +1,146 @@ +From 5b3856d1d98e6f6a58b70c1c0d7da3fb5f042e9c Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 21 Dec 2017 16:00:01 +0100 +Subject: [PATCH 5/6] crypto: crypto4xx - perform aead icv check in the driver + +The ccm-aes-ppc4xx now fails one of testmgr's expected +failure test cases as such: + +alg: aead: decryption failed on test 10 for ccm-aes-ppc4xx: ret was 0, expected -EBADMSG + +Upon closer inspection, it turned out that the hardware's +crypto flags that would indicate an authentification failure +are not set by the hardware. The original vendor source from +which this was ported does not have any special code or notes +about why this would happen or if there are any WAs. + +Hence, this patch converts the aead_done callback handler to +perform the icv check in the driver. And this fixes the false +negative and the ccm-aes-ppc4xx passes the selftests once again. + +|name : ccm(aes) +|driver : ccm-aes-ppc4xx +|module : crypto4xx +|priority : 300 +|refcnt : 1 +|selftest : passed +|internal : no +|type : aead +|async : yes +|blocksize : 1 +|ivsize : 16 +|maxauthsize : 16 +|geniv : + +Signed-off-by: Christian Lamparter +--- + drivers/crypto/amcc/crypto4xx_alg.c | 6 +--- + drivers/crypto/amcc/crypto4xx_core.c | 54 ++++++++++++++++++------------------ + 2 files changed, 28 insertions(+), 32 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_alg.c ++++ b/drivers/crypto/amcc/crypto4xx_alg.c +@@ -256,10 +256,6 @@ static inline bool crypto4xx_aead_need_f + if (is_ccm && !(req->iv[0] == 1 || req->iv[0] == 3)) + return true; + +- /* CCM - fix CBC MAC mismatch in special case */ +- if (is_ccm && decrypt && !req->assoclen) +- return true; +- + return false; + } + +@@ -330,7 +326,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp + sa = (struct dynamic_sa_ctl *) ctx->sa_in; + sa->sa_contents.w = SA_AES_CCM_CONTENTS | (keylen << 2); + +- set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV, ++ set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV, + SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, + SA_NO_HEADER_PROC, SA_HASH_ALG_CBC_MAC, + SA_CIPHER_ALG_AES, +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -577,15 +577,14 @@ static void crypto4xx_aead_done(struct c + struct pd_uinfo *pd_uinfo, + struct ce_pd *pd) + { +- struct aead_request *aead_req; +- struct crypto4xx_ctx *ctx; ++ struct aead_request *aead_req = container_of(pd_uinfo->async_req, ++ struct aead_request, base); + struct scatterlist *dst = pd_uinfo->dest_va; ++ size_t cp_len = crypto_aead_authsize( ++ crypto_aead_reqtfm(aead_req)); ++ u32 icv[cp_len]; + int err = 0; + +- aead_req = container_of(pd_uinfo->async_req, struct aead_request, +- base); +- ctx = crypto_tfm_ctx(aead_req->base.tfm); +- + if (pd_uinfo->using_sd) { + crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo, + pd->pd_ctl_len.bf.pkt_len, +@@ -597,38 +596,39 @@ static void crypto4xx_aead_done(struct c + + if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) { + /* append icv at the end */ +- size_t cp_len = crypto_aead_authsize( +- crypto_aead_reqtfm(aead_req)); +- u32 icv[cp_len]; +- + crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest, + cp_len); + + scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen, + cp_len, 1); ++ } else { ++ /* check icv at the end */ ++ scatterwalk_map_and_copy(icv, aead_req->src, ++ aead_req->assoclen + aead_req->cryptlen - ++ cp_len, cp_len, 0); ++ ++ crypto4xx_memcpy_from_le32(icv, icv, cp_len); ++ ++ if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len)) ++ err = -EBADMSG; + } + + crypto4xx_ret_sg_desc(dev, pd_uinfo); + + if (pd->pd_ctl.bf.status & 0xff) { +- if (pd->pd_ctl.bf.status & 0x1) { +- /* authentication error */ +- err = -EBADMSG; +- } else { +- if (!__ratelimit(&dev->aead_ratelimit)) { +- if (pd->pd_ctl.bf.status & 2) +- pr_err("pad fail error\n"); +- if (pd->pd_ctl.bf.status & 4) +- pr_err("seqnum fail\n"); +- if (pd->pd_ctl.bf.status & 8) +- pr_err("error _notify\n"); +- pr_err("aead return err status = 0x%02x\n", +- pd->pd_ctl.bf.status & 0xff); +- pr_err("pd pad_ctl = 0x%08x\n", +- pd->pd_ctl.bf.pd_pad_ctl); +- } +- err = -EINVAL; ++ if (!__ratelimit(&dev->aead_ratelimit)) { ++ if (pd->pd_ctl.bf.status & 2) ++ pr_err("pad fail error\n"); ++ if (pd->pd_ctl.bf.status & 4) ++ pr_err("seqnum fail\n"); ++ if (pd->pd_ctl.bf.status & 8) ++ pr_err("error _notify\n"); ++ pr_err("aead return err status = 0x%02x\n", ++ pd->pd_ctl.bf.status & 0xff); ++ pr_err("pd pad_ctl = 0x%08x\n", ++ pd->pd_ctl.bf.pd_pad_ctl); + } ++ err = -EINVAL; + } + + if (pd_uinfo->state & PD_ENTRY_BUSY) diff --git a/target/linux/apm821xx/patches-4.14/022-0001-crypto-Use-zeroing-memory-allocator-instead-of-alloc.patch b/target/linux/apm821xx/patches-4.14/022-0001-crypto-Use-zeroing-memory-allocator-instead-of-alloc.patch new file mode 100644 index 0000000000..57823fad0c --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/022-0001-crypto-Use-zeroing-memory-allocator-instead-of-alloc.patch @@ -0,0 +1,39 @@ +From 75d68369b544acc5d14c18a827654dfff248d09d Mon Sep 17 00:00:00 2001 +From: Himanshu Jha +Date: Sun, 31 Dec 2017 17:54:23 +0530 +Subject: [PATCH 1/8] crypto: Use zeroing memory allocator instead of + allocator/memset + +Use dma_zalloc_coherent for allocating zeroed +memory and remove unnecessary memset function. + +Done using Coccinelle. +Generated-by: scripts/coccinelle/api/alloc/kzalloc-simple.cocci +0-day tested with no failures. + +Signed-off-by: Himanshu Jha +Signed-off-by: Herbert Xu +--- + drivers/crypto/amcc/crypto4xx_core.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -282,14 +282,12 @@ static u32 crypto4xx_put_pd_to_pdr(struc + */ + static u32 crypto4xx_build_gdr(struct crypto4xx_device *dev) + { +- dev->gdr = dma_alloc_coherent(dev->core_dev->device, +- sizeof(struct ce_gd) * PPC4XX_NUM_GD, +- &dev->gdr_pa, GFP_ATOMIC); ++ dev->gdr = dma_zalloc_coherent(dev->core_dev->device, ++ sizeof(struct ce_gd) * PPC4XX_NUM_GD, ++ &dev->gdr_pa, GFP_ATOMIC); + if (!dev->gdr) + return -ENOMEM; + +- memset(dev->gdr, 0, sizeof(struct ce_gd) * PPC4XX_NUM_GD); +- + return 0; + } + diff --git a/target/linux/apm821xx/patches-4.14/022-0002-crypto-crypto4xx-performance-optimizations.patch b/target/linux/apm821xx/patches-4.14/022-0002-crypto-crypto4xx-performance-optimizations.patch new file mode 100644 index 0000000000..f1035be52f --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/022-0002-crypto-crypto4xx-performance-optimizations.patch @@ -0,0 +1,159 @@ +From a8d79d7bfb14f471914017103ee2329a74e5e89d Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 19 Apr 2018 18:41:51 +0200 +Subject: crypto: crypto4xx - performance optimizations + +This patch provides a cheap 2MiB/s+ (~ 6%) performance +improvement over the current code. This is because the +compiler can now optimize several endian swap memcpy. + +Signed-off-by: Christian Lamparter +Signed-off-by: Herbert Xu +--- + drivers/crypto/amcc/crypto4xx_alg.c | 32 +++++++++++++++++++------------- + drivers/crypto/amcc/crypto4xx_core.c | 22 +++++++++++----------- + drivers/crypto/amcc/crypto4xx_core.h | 6 ++++-- + 3 files changed, 34 insertions(+), 26 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_alg.c ++++ b/drivers/crypto/amcc/crypto4xx_alg.c +@@ -74,32 +74,38 @@ static void set_dynamic_sa_command_1(str + sa->sa_command_1.bf.copy_hdr = cp_hdr; + } + +-int crypto4xx_encrypt(struct ablkcipher_request *req) ++static inline int crypto4xx_crypt(struct ablkcipher_request *req, ++ const unsigned int ivlen, bool decrypt) + { + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); +- unsigned int ivlen = crypto_ablkcipher_ivsize( +- crypto_ablkcipher_reqtfm(req)); + __le32 iv[ivlen]; + + if (ivlen) + crypto4xx_memcpy_to_le32(iv, req->info, ivlen); + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, +- req->nbytes, iv, ivlen, ctx->sa_out, ctx->sa_len, 0); ++ req->nbytes, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out, ++ ctx->sa_len, 0); + } + +-int crypto4xx_decrypt(struct ablkcipher_request *req) ++int crypto4xx_encrypt_noiv(struct ablkcipher_request *req) + { +- struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); +- unsigned int ivlen = crypto_ablkcipher_ivsize( +- crypto_ablkcipher_reqtfm(req)); +- __le32 iv[ivlen]; ++ return crypto4xx_crypt(req, 0, false); ++} + +- if (ivlen) +- crypto4xx_memcpy_to_le32(iv, req->info, ivlen); ++int crypto4xx_encrypt_iv(struct ablkcipher_request *req) ++{ ++ return crypto4xx_crypt(req, AES_IV_SIZE, false); ++} + +- return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, +- req->nbytes, iv, ivlen, ctx->sa_in, ctx->sa_len, 0); ++int crypto4xx_decrypt_noiv(struct ablkcipher_request *req) ++{ ++ return crypto4xx_crypt(req, 0, true); ++} ++ ++int crypto4xx_decrypt_iv(struct ablkcipher_request *req) ++{ ++ return crypto4xx_crypt(req, AES_IV_SIZE, true); + } + + /** +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -580,7 +580,7 @@ static void crypto4xx_aead_done(struct c + struct scatterlist *dst = pd_uinfo->dest_va; + size_t cp_len = crypto_aead_authsize( + crypto_aead_reqtfm(aead_req)); +- u32 icv[cp_len]; ++ u32 icv[AES_BLOCK_SIZE]; + int err = 0; + + if (pd_uinfo->using_sd) { +@@ -595,7 +595,7 @@ static void crypto4xx_aead_done(struct c + if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) { + /* append icv at the end */ + crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest, +- cp_len); ++ sizeof(icv)); + + scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen, + cp_len, 1); +@@ -605,7 +605,7 @@ static void crypto4xx_aead_done(struct c + aead_req->assoclen + aead_req->cryptlen - + cp_len, cp_len, 0); + +- crypto4xx_memcpy_from_le32(icv, icv, cp_len); ++ crypto4xx_memcpy_from_le32(icv, icv, sizeof(icv)); + + if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len)) + err = -EBADMSG; +@@ -1122,8 +1122,8 @@ static struct crypto4xx_alg_common crypt + .max_keysize = AES_MAX_KEY_SIZE, + .ivsize = AES_IV_SIZE, + .setkey = crypto4xx_setkey_aes_cbc, +- .encrypt = crypto4xx_encrypt, +- .decrypt = crypto4xx_decrypt, ++ .encrypt = crypto4xx_encrypt_iv, ++ .decrypt = crypto4xx_decrypt_iv, + } + } + }}, +@@ -1146,8 +1146,8 @@ static struct crypto4xx_alg_common crypt + .max_keysize = AES_MAX_KEY_SIZE, + .ivsize = AES_IV_SIZE, + .setkey = crypto4xx_setkey_aes_cfb, +- .encrypt = crypto4xx_encrypt, +- .decrypt = crypto4xx_decrypt, ++ .encrypt = crypto4xx_encrypt_iv, ++ .decrypt = crypto4xx_decrypt_iv, + } + } + } }, +@@ -1195,8 +1195,8 @@ static struct crypto4xx_alg_common crypt + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + .setkey = crypto4xx_setkey_aes_ecb, +- .encrypt = crypto4xx_encrypt, +- .decrypt = crypto4xx_decrypt, ++ .encrypt = crypto4xx_encrypt_noiv, ++ .decrypt = crypto4xx_decrypt_noiv, + } + } + } }, +@@ -1219,8 +1219,8 @@ static struct crypto4xx_alg_common crypt + .max_keysize = AES_MAX_KEY_SIZE, + .ivsize = AES_IV_SIZE, + .setkey = crypto4xx_setkey_aes_ofb, +- .encrypt = crypto4xx_encrypt, +- .decrypt = crypto4xx_decrypt, ++ .encrypt = crypto4xx_encrypt_iv, ++ .decrypt = crypto4xx_decrypt_iv, + } + } + } }, +--- a/drivers/crypto/amcc/crypto4xx_core.h ++++ b/drivers/crypto/amcc/crypto4xx_core.h +@@ -168,8 +168,10 @@ int crypto4xx_setkey_aes_ofb(struct cryp + const u8 *key, unsigned int keylen); + int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher, + const u8 *key, unsigned int keylen); +-int crypto4xx_encrypt(struct ablkcipher_request *req); +-int crypto4xx_decrypt(struct ablkcipher_request *req); ++int crypto4xx_encrypt_iv(struct ablkcipher_request *req); ++int crypto4xx_decrypt_iv(struct ablkcipher_request *req); ++int crypto4xx_encrypt_noiv(struct ablkcipher_request *req); ++int crypto4xx_decrypt_noiv(struct ablkcipher_request *req); + int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req); + int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req); + int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm); diff --git a/target/linux/apm821xx/patches-4.14/022-0003-crypto-crypto4xx-convert-to-skcipher.patch b/target/linux/apm821xx/patches-4.14/022-0003-crypto-crypto4xx-convert-to-skcipher.patch new file mode 100644 index 0000000000..291c4ef465 --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/022-0003-crypto-crypto4xx-convert-to-skcipher.patch @@ -0,0 +1,578 @@ +From ce05ffe10457bda487fa049016a6ba79934bdece Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 19 Apr 2018 18:41:52 +0200 +Subject: [PATCH 3/8] crypto: crypto4xx - convert to skcipher + +The ablkcipher APIs have been effectively deprecated since [1]. +This patch converts the crypto4xx driver to the new skcipher APIs. + +[1] + +Signed-off-by: Christian Lamparter +Signed-off-by: Herbert Xu +--- + drivers/crypto/amcc/crypto4xx_alg.c | 60 ++++--- + drivers/crypto/amcc/crypto4xx_core.c | 255 +++++++++++++-------------- + drivers/crypto/amcc/crypto4xx_core.h | 25 +-- + 3 files changed, 163 insertions(+), 177 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_alg.c ++++ b/drivers/crypto/amcc/crypto4xx_alg.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + #include "crypto4xx_reg_def.h" + #include "crypto4xx_core.h" + #include "crypto4xx_sa.h" +@@ -74,36 +75,37 @@ static void set_dynamic_sa_command_1(str + sa->sa_command_1.bf.copy_hdr = cp_hdr; + } + +-static inline int crypto4xx_crypt(struct ablkcipher_request *req, ++static inline int crypto4xx_crypt(struct skcipher_request *req, + const unsigned int ivlen, bool decrypt) + { +- struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); + __le32 iv[ivlen]; + + if (ivlen) +- crypto4xx_memcpy_to_le32(iv, req->info, ivlen); ++ crypto4xx_memcpy_to_le32(iv, req->iv, ivlen); + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, +- req->nbytes, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out, ++ req->cryptlen, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out, + ctx->sa_len, 0); + } + +-int crypto4xx_encrypt_noiv(struct ablkcipher_request *req) ++int crypto4xx_encrypt_noiv(struct skcipher_request *req) + { + return crypto4xx_crypt(req, 0, false); + } + +-int crypto4xx_encrypt_iv(struct ablkcipher_request *req) ++int crypto4xx_encrypt_iv(struct skcipher_request *req) + { + return crypto4xx_crypt(req, AES_IV_SIZE, false); + } + +-int crypto4xx_decrypt_noiv(struct ablkcipher_request *req) ++int crypto4xx_decrypt_noiv(struct skcipher_request *req) + { + return crypto4xx_crypt(req, 0, true); + } + +-int crypto4xx_decrypt_iv(struct ablkcipher_request *req) ++int crypto4xx_decrypt_iv(struct skcipher_request *req) + { + return crypto4xx_crypt(req, AES_IV_SIZE, true); + } +@@ -111,20 +113,19 @@ int crypto4xx_decrypt_iv(struct ablkciph + /** + * AES Functions + */ +-static int crypto4xx_setkey_aes(struct crypto_ablkcipher *cipher, ++static int crypto4xx_setkey_aes(struct crypto_skcipher *cipher, + const u8 *key, + unsigned int keylen, + unsigned char cm, + u8 fb) + { +- struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); +- struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); ++ struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); + struct dynamic_sa_ctl *sa; + int rc; + + if (keylen != AES_KEYSIZE_256 && + keylen != AES_KEYSIZE_192 && keylen != AES_KEYSIZE_128) { +- crypto_ablkcipher_set_flags(cipher, ++ crypto_skcipher_set_flags(cipher, + CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } +@@ -164,39 +165,38 @@ static int crypto4xx_setkey_aes(struct c + return 0; + } + +-int crypto4xx_setkey_aes_cbc(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_aes_cbc(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen) + { + return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_CBC, + CRYPTO_FEEDBACK_MODE_NO_FB); + } + +-int crypto4xx_setkey_aes_cfb(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen) + { + return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_CFB, + CRYPTO_FEEDBACK_MODE_128BIT_CFB); + } + +-int crypto4xx_setkey_aes_ecb(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_aes_ecb(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen) + { + return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_ECB, + CRYPTO_FEEDBACK_MODE_NO_FB); + } + +-int crypto4xx_setkey_aes_ofb(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_aes_ofb(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen) + { + return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_OFB, + CRYPTO_FEEDBACK_MODE_64BIT_OFB); + } + +-int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_rfc3686(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen) + { +- struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); +- struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); ++ struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); + int rc; + + rc = crypto4xx_setkey_aes(cipher, key, keylen - CTR_RFC3686_NONCE_SIZE, +@@ -210,31 +210,33 @@ int crypto4xx_setkey_rfc3686(struct cryp + return 0; + } + +-int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req) ++int crypto4xx_rfc3686_encrypt(struct skcipher_request *req) + { +- struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); + __le32 iv[AES_IV_SIZE / 4] = { + ctx->iv_nonce, +- cpu_to_le32p((u32 *) req->info), +- cpu_to_le32p((u32 *) (req->info + 4)), ++ cpu_to_le32p((u32 *) req->iv), ++ cpu_to_le32p((u32 *) (req->iv + 4)), + cpu_to_le32(1) }; + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, +- req->nbytes, iv, AES_IV_SIZE, ++ req->cryptlen, iv, AES_IV_SIZE, + ctx->sa_out, ctx->sa_len, 0); + } + +-int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req) ++int crypto4xx_rfc3686_decrypt(struct skcipher_request *req) + { +- struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); + __le32 iv[AES_IV_SIZE / 4] = { + ctx->iv_nonce, +- cpu_to_le32p((u32 *) req->info), +- cpu_to_le32p((u32 *) (req->info + 4)), ++ cpu_to_le32p((u32 *) req->iv), ++ cpu_to_le32p((u32 *) (req->iv + 4)), + cpu_to_le32(1) }; + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, +- req->nbytes, iv, AES_IV_SIZE, ++ req->cryptlen, iv, AES_IV_SIZE, + ctx->sa_out, ctx->sa_len, 0); + } + +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + #include + #include + #include "crypto4xx_reg_def.h" +@@ -526,21 +527,19 @@ static void crypto4xx_ret_sg_desc(struct + } + } + +-static void crypto4xx_ablkcipher_done(struct crypto4xx_device *dev, ++static void crypto4xx_cipher_done(struct crypto4xx_device *dev, + struct pd_uinfo *pd_uinfo, + struct ce_pd *pd) + { +- struct crypto4xx_ctx *ctx; +- struct ablkcipher_request *ablk_req; ++ struct skcipher_request *req; + struct scatterlist *dst; + dma_addr_t addr; + +- ablk_req = ablkcipher_request_cast(pd_uinfo->async_req); +- ctx = crypto_tfm_ctx(ablk_req->base.tfm); ++ req = skcipher_request_cast(pd_uinfo->async_req); + + if (pd_uinfo->using_sd) { +- crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo, ablk_req->nbytes, +- ablk_req->dst); ++ crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo, ++ req->cryptlen, req->dst); + } else { + dst = pd_uinfo->dest_va; + addr = dma_map_page(dev->core_dev->device, sg_page(dst), +@@ -549,8 +548,8 @@ static void crypto4xx_ablkcipher_done(st + crypto4xx_ret_sg_desc(dev, pd_uinfo); + + if (pd_uinfo->state & PD_ENTRY_BUSY) +- ablkcipher_request_complete(ablk_req, -EINPROGRESS); +- ablkcipher_request_complete(ablk_req, 0); ++ skcipher_request_complete(req, -EINPROGRESS); ++ skcipher_request_complete(req, 0); + } + + static void crypto4xx_ahash_done(struct crypto4xx_device *dev, +@@ -641,8 +640,8 @@ static void crypto4xx_pd_done(struct cry + struct pd_uinfo *pd_uinfo = &dev->pdr_uinfo[idx]; + + switch (crypto_tfm_alg_type(pd_uinfo->async_req->tfm)) { +- case CRYPTO_ALG_TYPE_ABLKCIPHER: +- crypto4xx_ablkcipher_done(dev, pd_uinfo, pd); ++ case CRYPTO_ALG_TYPE_SKCIPHER: ++ crypto4xx_cipher_done(dev, pd_uinfo, pd); + break; + case CRYPTO_ALG_TYPE_AEAD: + crypto4xx_aead_done(dev, pd_uinfo, pd); +@@ -936,15 +935,14 @@ static void crypto4xx_ctx_init(struct cr + ctx->sa_len = 0; + } + +-static int crypto4xx_ablk_init(struct crypto_tfm *tfm) ++static int crypto4xx_sk_init(struct crypto_skcipher *sk) + { +- struct crypto_alg *alg = tfm->__crt_alg; ++ struct skcipher_alg *alg = crypto_skcipher_alg(sk); + struct crypto4xx_alg *amcc_alg; +- struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm); ++ struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(sk); + + amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.cipher); + crypto4xx_ctx_init(amcc_alg, ctx); +- tfm->crt_ablkcipher.reqsize = sizeof(struct crypto4xx_ctx); + return 0; + } + +@@ -953,9 +951,11 @@ static void crypto4xx_common_exit(struct + crypto4xx_free_sa(ctx); + } + +-static void crypto4xx_ablk_exit(struct crypto_tfm *tfm) ++static void crypto4xx_sk_exit(struct crypto_skcipher *sk) + { +- crypto4xx_common_exit(crypto_tfm_ctx(tfm)); ++ struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(sk); ++ ++ crypto4xx_common_exit(ctx); + } + + static int crypto4xx_aead_init(struct crypto_aead *tfm) +@@ -1012,7 +1012,7 @@ static int crypto4xx_register_alg(struct + break; + + default: +- rc = crypto_register_alg(&alg->alg.u.cipher); ++ rc = crypto_register_skcipher(&alg->alg.u.cipher); + break; + } + +@@ -1041,7 +1041,7 @@ static void crypto4xx_unregister_alg(str + break; + + default: +- crypto_unregister_alg(&alg->alg.u.cipher); ++ crypto_unregister_skcipher(&alg->alg.u.cipher); + } + kfree(alg); + } +@@ -1103,126 +1103,109 @@ static irqreturn_t crypto4xx_ce_interrup + */ + static struct crypto4xx_alg_common crypto4xx_alg[] = { + /* Crypto AES modes */ +- { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { +- .cra_name = "cbc(aes)", +- .cra_driver_name = "cbc-aes-ppc4xx", +- .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | +- CRYPTO_ALG_ASYNC | +- CRYPTO_ALG_KERN_DRIVER_ONLY, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct crypto4xx_ctx), +- .cra_type = &crypto_ablkcipher_type, +- .cra_init = crypto4xx_ablk_init, +- .cra_exit = crypto4xx_ablk_exit, +- .cra_module = THIS_MODULE, +- .cra_u = { +- .ablkcipher = { +- .min_keysize = AES_MIN_KEY_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE, +- .ivsize = AES_IV_SIZE, +- .setkey = crypto4xx_setkey_aes_cbc, +- .encrypt = crypto4xx_encrypt_iv, +- .decrypt = crypto4xx_decrypt_iv, +- } +- } +- }}, +- { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { +- .cra_name = "cfb(aes)", +- .cra_driver_name = "cfb-aes-ppc4xx", +- .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | +- CRYPTO_ALG_ASYNC | +- CRYPTO_ALG_KERN_DRIVER_ONLY, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct crypto4xx_ctx), +- .cra_type = &crypto_ablkcipher_type, +- .cra_init = crypto4xx_ablk_init, +- .cra_exit = crypto4xx_ablk_exit, +- .cra_module = THIS_MODULE, +- .cra_u = { +- .ablkcipher = { +- .min_keysize = AES_MIN_KEY_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE, +- .ivsize = AES_IV_SIZE, +- .setkey = crypto4xx_setkey_aes_cfb, +- .encrypt = crypto4xx_encrypt_iv, +- .decrypt = crypto4xx_decrypt_iv, +- } +- } ++ { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { ++ .base = { ++ .cra_name = "cbc(aes)", ++ .cra_driver_name = "cbc-aes-ppc4xx", ++ .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, ++ .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | ++ CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_KERN_DRIVER_ONLY, ++ .cra_blocksize = AES_BLOCK_SIZE, ++ .cra_ctxsize = sizeof(struct crypto4xx_ctx), ++ .cra_module = THIS_MODULE, ++ }, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .ivsize = AES_IV_SIZE, ++ .setkey = crypto4xx_setkey_aes_cbc, ++ .encrypt = crypto4xx_encrypt_iv, ++ .decrypt = crypto4xx_decrypt_iv, ++ .init = crypto4xx_sk_init, ++ .exit = crypto4xx_sk_exit, + } }, +- { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { +- .cra_name = "rfc3686(ctr(aes))", +- .cra_driver_name = "rfc3686-ctr-aes-ppc4xx", +- .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | +- CRYPTO_ALG_ASYNC | +- CRYPTO_ALG_KERN_DRIVER_ONLY, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct crypto4xx_ctx), +- .cra_type = &crypto_ablkcipher_type, +- .cra_init = crypto4xx_ablk_init, +- .cra_exit = crypto4xx_ablk_exit, +- .cra_module = THIS_MODULE, +- .cra_u = { +- .ablkcipher = { +- .min_keysize = AES_MIN_KEY_SIZE + +- CTR_RFC3686_NONCE_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE + +- CTR_RFC3686_NONCE_SIZE, +- .ivsize = CTR_RFC3686_IV_SIZE, +- .setkey = crypto4xx_setkey_rfc3686, +- .encrypt = crypto4xx_rfc3686_encrypt, +- .decrypt = crypto4xx_rfc3686_decrypt, +- } +- } ++ { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { ++ .base = { ++ .cra_name = "cfb(aes)", ++ .cra_driver_name = "cfb-aes-ppc4xx", ++ .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, ++ .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | ++ CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_KERN_DRIVER_ONLY, ++ .cra_blocksize = AES_BLOCK_SIZE, ++ .cra_ctxsize = sizeof(struct crypto4xx_ctx), ++ .cra_module = THIS_MODULE, ++ }, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .ivsize = AES_IV_SIZE, ++ .setkey = crypto4xx_setkey_aes_cfb, ++ .encrypt = crypto4xx_encrypt_iv, ++ .decrypt = crypto4xx_decrypt_iv, ++ .init = crypto4xx_sk_init, ++ .exit = crypto4xx_sk_exit, + } }, +- { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { +- .cra_name = "ecb(aes)", +- .cra_driver_name = "ecb-aes-ppc4xx", +- .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | +- CRYPTO_ALG_ASYNC | +- CRYPTO_ALG_KERN_DRIVER_ONLY, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct crypto4xx_ctx), +- .cra_type = &crypto_ablkcipher_type, +- .cra_init = crypto4xx_ablk_init, +- .cra_exit = crypto4xx_ablk_exit, +- .cra_module = THIS_MODULE, +- .cra_u = { +- .ablkcipher = { +- .min_keysize = AES_MIN_KEY_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE, +- .setkey = crypto4xx_setkey_aes_ecb, +- .encrypt = crypto4xx_encrypt_noiv, +- .decrypt = crypto4xx_decrypt_noiv, +- } +- } ++ { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { ++ .base = { ++ .cra_name = "rfc3686(ctr(aes))", ++ .cra_driver_name = "rfc3686-ctr-aes-ppc4xx", ++ .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, ++ .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | ++ CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_KERN_DRIVER_ONLY, ++ .cra_blocksize = AES_BLOCK_SIZE, ++ .cra_ctxsize = sizeof(struct crypto4xx_ctx), ++ .cra_module = THIS_MODULE, ++ }, ++ .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, ++ .ivsize = CTR_RFC3686_IV_SIZE, ++ .setkey = crypto4xx_setkey_rfc3686, ++ .encrypt = crypto4xx_rfc3686_encrypt, ++ .decrypt = crypto4xx_rfc3686_decrypt, ++ .init = crypto4xx_sk_init, ++ .exit = crypto4xx_sk_exit, + } }, +- { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = { +- .cra_name = "ofb(aes)", +- .cra_driver_name = "ofb-aes-ppc4xx", +- .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | +- CRYPTO_ALG_ASYNC | +- CRYPTO_ALG_KERN_DRIVER_ONLY, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct crypto4xx_ctx), +- .cra_type = &crypto_ablkcipher_type, +- .cra_init = crypto4xx_ablk_init, +- .cra_exit = crypto4xx_ablk_exit, +- .cra_module = THIS_MODULE, +- .cra_u = { +- .ablkcipher = { +- .min_keysize = AES_MIN_KEY_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE, +- .ivsize = AES_IV_SIZE, +- .setkey = crypto4xx_setkey_aes_ofb, +- .encrypt = crypto4xx_encrypt_iv, +- .decrypt = crypto4xx_decrypt_iv, +- } +- } ++ { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { ++ .base = { ++ .cra_name = "ecb(aes)", ++ .cra_driver_name = "ecb-aes-ppc4xx", ++ .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, ++ .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | ++ CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_KERN_DRIVER_ONLY, ++ .cra_blocksize = AES_BLOCK_SIZE, ++ .cra_ctxsize = sizeof(struct crypto4xx_ctx), ++ .cra_module = THIS_MODULE, ++ }, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .setkey = crypto4xx_setkey_aes_ecb, ++ .encrypt = crypto4xx_encrypt_noiv, ++ .decrypt = crypto4xx_decrypt_noiv, ++ .init = crypto4xx_sk_init, ++ .exit = crypto4xx_sk_exit, ++ } }, ++ { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { ++ .base = { ++ .cra_name = "ofb(aes)", ++ .cra_driver_name = "ofb-aes-ppc4xx", ++ .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, ++ .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | ++ CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_KERN_DRIVER_ONLY, ++ .cra_blocksize = AES_BLOCK_SIZE, ++ .cra_ctxsize = sizeof(struct crypto4xx_ctx), ++ .cra_module = THIS_MODULE, ++ }, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .ivsize = AES_IV_SIZE, ++ .setkey = crypto4xx_setkey_aes_ofb, ++ .encrypt = crypto4xx_encrypt_iv, ++ .decrypt = crypto4xx_decrypt_iv, ++ .init = crypto4xx_sk_init, ++ .exit = crypto4xx_sk_exit, + } }, + + /* AEAD */ +--- a/drivers/crypto/amcc/crypto4xx_core.h ++++ b/drivers/crypto/amcc/crypto4xx_core.h +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include "crypto4xx_reg_def.h" + #include "crypto4xx_sa.h" + +@@ -134,7 +135,7 @@ struct crypto4xx_ctx { + struct crypto4xx_alg_common { + u32 type; + union { +- struct crypto_alg cipher; ++ struct skcipher_alg cipher; + struct ahash_alg hash; + struct aead_alg aead; + } u; +@@ -158,22 +159,22 @@ int crypto4xx_build_pd(struct crypto_asy + const struct dynamic_sa_ctl *sa, + const unsigned int sa_len, + const unsigned int assoclen); +-int crypto4xx_setkey_aes_cbc(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_aes_cbc(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); +-int crypto4xx_setkey_aes_cfb(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); +-int crypto4xx_setkey_aes_ecb(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_aes_ecb(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); +-int crypto4xx_setkey_aes_ofb(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_aes_ofb(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); +-int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher, ++int crypto4xx_setkey_rfc3686(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); +-int crypto4xx_encrypt_iv(struct ablkcipher_request *req); +-int crypto4xx_decrypt_iv(struct ablkcipher_request *req); +-int crypto4xx_encrypt_noiv(struct ablkcipher_request *req); +-int crypto4xx_decrypt_noiv(struct ablkcipher_request *req); +-int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req); +-int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req); ++int crypto4xx_encrypt_iv(struct skcipher_request *req); ++int crypto4xx_decrypt_iv(struct skcipher_request *req); ++int crypto4xx_encrypt_noiv(struct skcipher_request *req); ++int crypto4xx_decrypt_noiv(struct skcipher_request *req); ++int crypto4xx_rfc3686_encrypt(struct skcipher_request *req); ++int crypto4xx_rfc3686_decrypt(struct skcipher_request *req); + int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm); + int crypto4xx_hash_digest(struct ahash_request *req); + int crypto4xx_hash_final(struct ahash_request *req); diff --git a/target/linux/apm821xx/patches-4.14/022-0004-crypto-crypto4xx-avoid-VLA-use.patch b/target/linux/apm821xx/patches-4.14/022-0004-crypto-crypto4xx-avoid-VLA-use.patch new file mode 100644 index 0000000000..a3e1b8c7df --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/022-0004-crypto-crypto4xx-avoid-VLA-use.patch @@ -0,0 +1,61 @@ +From c4e90650ff0cbf123ec9cfc32026fa0fb2931658 Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 19 Apr 2018 18:41:53 +0200 +Subject: [PATCH 4/8] crypto: crypto4xx - avoid VLA use + +This patch fixes some of the -Wvla warnings. + +crypto4xx_alg.c:83:19: warning: Variable length array is used. +crypto4xx_alg.c:273:56: warning: Variable length array is used. +crypto4xx_alg.c:380:32: warning: Variable length array is used. + +Signed-off-by: Christian Lamparter +Signed-off-by: Herbert Xu +--- + drivers/crypto/amcc/crypto4xx_alg.c | 14 ++++---------- + 1 file changed, 4 insertions(+), 10 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_alg.c ++++ b/drivers/crypto/amcc/crypto4xx_alg.c +@@ -80,7 +80,7 @@ static inline int crypto4xx_crypt(struct + { + struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); +- __le32 iv[ivlen]; ++ __le32 iv[AES_IV_SIZE]; + + if (ivlen) + crypto4xx_memcpy_to_le32(iv, req->iv, ivlen); +@@ -270,13 +270,7 @@ static inline bool crypto4xx_aead_need_f + static int crypto4xx_aead_fallback(struct aead_request *req, + struct crypto4xx_ctx *ctx, bool do_decrypt) + { +- char aead_req_data[sizeof(struct aead_request) + +- crypto_aead_reqsize(ctx->sw_cipher.aead)] +- __aligned(__alignof__(struct aead_request)); +- +- struct aead_request *subreq = (void *) aead_req_data; +- +- memset(subreq, 0, sizeof(aead_req_data)); ++ struct aead_request *subreq = aead_request_ctx(req); + + aead_request_set_tfm(subreq, ctx->sw_cipher.aead); + aead_request_set_callback(subreq, req->base.flags, +@@ -377,7 +371,7 @@ static int crypto4xx_crypt_aes_ccm(struc + struct crypto_aead *aead = crypto_aead_reqtfm(req); + unsigned int len = req->cryptlen; + __le32 iv[16]; +- u32 tmp_sa[ctx->sa_len * 4]; ++ u32 tmp_sa[SA_AES128_CCM_LEN + 4]; + struct dynamic_sa_ctl *sa = (struct dynamic_sa_ctl *)tmp_sa; + + if (crypto4xx_aead_need_fallback(req, true, decrypt)) +@@ -386,7 +380,7 @@ static int crypto4xx_crypt_aes_ccm(struc + if (decrypt) + len -= crypto_aead_authsize(aead); + +- memcpy(tmp_sa, decrypt ? ctx->sa_in : ctx->sa_out, sizeof(tmp_sa)); ++ memcpy(tmp_sa, decrypt ? ctx->sa_in : ctx->sa_out, ctx->sa_len * 4); + sa->sa_command_0.bf.digest_len = crypto_aead_authsize(aead) >> 2; + + if (req->iv[0] == 1) { diff --git a/target/linux/apm821xx/patches-4.14/022-0005-crypto-crypto4xx-add-aes-ctr-support.patch b/target/linux/apm821xx/patches-4.14/022-0005-crypto-crypto4xx-add-aes-ctr-support.patch new file mode 100644 index 0000000000..e93a3d916b --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/022-0005-crypto-crypto4xx-add-aes-ctr-support.patch @@ -0,0 +1,247 @@ +From 98e87e3d933b8e504ea41b8857c038d2cd06cddc Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 19 Apr 2018 18:41:54 +0200 +Subject: [PATCH 5/8] crypto: crypto4xx - add aes-ctr support + +This patch adds support for the aes-ctr skcipher. + +name : ctr(aes) +driver : ctr-aes-ppc4xx +module : crypto4xx +priority : 300 +refcnt : 1 +selftest : passed +internal : no +type : skcipher +async : yes +blocksize : 16 +min keysize : 16 +max keysize : 32 +ivsize : 16 +chunksize : 16 +walksize : 16 + +The hardware uses only the last 32-bits as the counter while the +kernel tests (aes_ctr_enc_tv_template[4] for example) expect that +the whole IV is a counter. To make this work, the driver will +fallback if the counter is going to overlow. + +The aead's crypto4xx_setup_fallback() function is renamed to +crypto4xx_aead_setup_fallback. + +Signed-off-by: Christian Lamparter +Signed-off-by: Herbert Xu +--- + drivers/crypto/amcc/crypto4xx_alg.c | 91 ++++++++++++++++++++++++++-- + drivers/crypto/amcc/crypto4xx_core.c | 37 +++++++++++ + drivers/crypto/amcc/crypto4xx_core.h | 5 ++ + 3 files changed, 127 insertions(+), 6 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_alg.c ++++ b/drivers/crypto/amcc/crypto4xx_alg.c +@@ -240,6 +240,85 @@ int crypto4xx_rfc3686_decrypt(struct skc + ctx->sa_out, ctx->sa_len, 0); + } + ++static int ++crypto4xx_ctr_crypt(struct skcipher_request *req, bool encrypt) ++{ ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); ++ size_t iv_len = crypto_skcipher_ivsize(cipher); ++ unsigned int counter = be32_to_cpup((__be32 *)(req->iv + iv_len - 4)); ++ unsigned int nblks = ALIGN(req->cryptlen, AES_BLOCK_SIZE) / ++ AES_BLOCK_SIZE; ++ ++ /* ++ * The hardware uses only the last 32-bits as the counter while the ++ * kernel tests (aes_ctr_enc_tv_template[4] for example) expect that ++ * the whole IV is a counter. So fallback if the counter is going to ++ * overlow. ++ */ ++ if (counter + nblks < counter) { ++ struct skcipher_request *subreq = skcipher_request_ctx(req); ++ int ret; ++ ++ skcipher_request_set_tfm(subreq, ctx->sw_cipher.cipher); ++ skcipher_request_set_callback(subreq, req->base.flags, ++ NULL, NULL); ++ skcipher_request_set_crypt(subreq, req->src, req->dst, ++ req->cryptlen, req->iv); ++ ret = encrypt ? crypto_skcipher_encrypt(subreq) ++ : crypto_skcipher_decrypt(subreq); ++ skcipher_request_zero(subreq); ++ return ret; ++ } ++ ++ return encrypt ? crypto4xx_encrypt_iv(req) ++ : crypto4xx_decrypt_iv(req); ++} ++ ++static int crypto4xx_sk_setup_fallback(struct crypto4xx_ctx *ctx, ++ struct crypto_skcipher *cipher, ++ const u8 *key, ++ unsigned int keylen) ++{ ++ int rc; ++ ++ crypto_skcipher_clear_flags(ctx->sw_cipher.cipher, ++ CRYPTO_TFM_REQ_MASK); ++ crypto_skcipher_set_flags(ctx->sw_cipher.cipher, ++ crypto_skcipher_get_flags(cipher) & CRYPTO_TFM_REQ_MASK); ++ rc = crypto_skcipher_setkey(ctx->sw_cipher.cipher, key, keylen); ++ crypto_skcipher_clear_flags(cipher, CRYPTO_TFM_RES_MASK); ++ crypto_skcipher_set_flags(cipher, ++ crypto_skcipher_get_flags(ctx->sw_cipher.cipher) & ++ CRYPTO_TFM_RES_MASK); ++ ++ return rc; ++} ++ ++int crypto4xx_setkey_aes_ctr(struct crypto_skcipher *cipher, ++ const u8 *key, unsigned int keylen) ++{ ++ struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); ++ int rc; ++ ++ rc = crypto4xx_sk_setup_fallback(ctx, cipher, key, keylen); ++ if (rc) ++ return rc; ++ ++ return crypto4xx_setkey_aes(cipher, key, keylen, ++ CRYPTO_MODE_CTR, CRYPTO_FEEDBACK_MODE_NO_FB); ++} ++ ++int crypto4xx_encrypt_ctr(struct skcipher_request *req) ++{ ++ return crypto4xx_ctr_crypt(req, true); ++} ++ ++int crypto4xx_decrypt_ctr(struct skcipher_request *req) ++{ ++ return crypto4xx_ctr_crypt(req, false); ++} ++ + static inline bool crypto4xx_aead_need_fallback(struct aead_request *req, + bool is_ccm, bool decrypt) + { +@@ -282,10 +361,10 @@ static int crypto4xx_aead_fallback(struc + crypto_aead_encrypt(subreq); + } + +-static int crypto4xx_setup_fallback(struct crypto4xx_ctx *ctx, +- struct crypto_aead *cipher, +- const u8 *key, +- unsigned int keylen) ++static int crypto4xx_aead_setup_fallback(struct crypto4xx_ctx *ctx, ++ struct crypto_aead *cipher, ++ const u8 *key, ++ unsigned int keylen) + { + int rc; + +@@ -313,7 +392,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp + struct dynamic_sa_ctl *sa; + int rc = 0; + +- rc = crypto4xx_setup_fallback(ctx, cipher, key, keylen); ++ rc = crypto4xx_aead_setup_fallback(ctx, cipher, key, keylen); + if (rc) + return rc; + +@@ -472,7 +551,7 @@ int crypto4xx_setkey_aes_gcm(struct cryp + return -EINVAL; + } + +- rc = crypto4xx_setup_fallback(ctx, cipher, key, keylen); ++ rc = crypto4xx_aead_setup_fallback(ctx, cipher, key, keylen); + if (rc) + return rc; + +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -941,6 +941,19 @@ static int crypto4xx_sk_init(struct cryp + struct crypto4xx_alg *amcc_alg; + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(sk); + ++ if (alg->base.cra_flags & CRYPTO_ALG_NEED_FALLBACK) { ++ ctx->sw_cipher.cipher = ++ crypto_alloc_skcipher(alg->base.cra_name, 0, ++ CRYPTO_ALG_NEED_FALLBACK | ++ CRYPTO_ALG_ASYNC); ++ if (IS_ERR(ctx->sw_cipher.cipher)) ++ return PTR_ERR(ctx->sw_cipher.cipher); ++ ++ crypto_skcipher_set_reqsize(sk, ++ sizeof(struct skcipher_request) + 32 + ++ crypto_skcipher_reqsize(ctx->sw_cipher.cipher)); ++ } ++ + amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.cipher); + crypto4xx_ctx_init(amcc_alg, ctx); + return 0; +@@ -956,6 +969,8 @@ static void crypto4xx_sk_exit(struct cry + struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(sk); + + crypto4xx_common_exit(ctx); ++ if (ctx->sw_cipher.cipher) ++ crypto_free_skcipher(ctx->sw_cipher.cipher); + } + + static int crypto4xx_aead_init(struct crypto_aead *tfm) +@@ -1145,6 +1160,28 @@ static struct crypto4xx_alg_common crypt + .init = crypto4xx_sk_init, + .exit = crypto4xx_sk_exit, + } }, ++ { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { ++ .base = { ++ .cra_name = "ctr(aes)", ++ .cra_driver_name = "ctr-aes-ppc4xx", ++ .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY, ++ .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | ++ CRYPTO_ALG_NEED_FALLBACK | ++ CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_KERN_DRIVER_ONLY, ++ .cra_blocksize = AES_BLOCK_SIZE, ++ .cra_ctxsize = sizeof(struct crypto4xx_ctx), ++ .cra_module = THIS_MODULE, ++ }, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .ivsize = AES_IV_SIZE, ++ .setkey = crypto4xx_setkey_aes_ctr, ++ .encrypt = crypto4xx_encrypt_ctr, ++ .decrypt = crypto4xx_decrypt_ctr, ++ .init = crypto4xx_sk_init, ++ .exit = crypto4xx_sk_exit, ++ } }, + { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = { + .base = { + .cra_name = "rfc3686(ctr(aes))", +--- a/drivers/crypto/amcc/crypto4xx_core.h ++++ b/drivers/crypto/amcc/crypto4xx_core.h +@@ -128,6 +128,7 @@ struct crypto4xx_ctx { + __le32 iv_nonce; + u32 sa_len; + union { ++ struct crypto_skcipher *cipher; + struct crypto_aead *aead; + } sw_cipher; + }; +@@ -163,12 +164,16 @@ int crypto4xx_setkey_aes_cbc(struct cryp + const u8 *key, unsigned int keylen); + int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); ++int crypto4xx_setkey_aes_ctr(struct crypto_skcipher *cipher, ++ const u8 *key, unsigned int keylen); + int crypto4xx_setkey_aes_ecb(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); + int crypto4xx_setkey_aes_ofb(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); + int crypto4xx_setkey_rfc3686(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); ++int crypto4xx_encrypt_ctr(struct skcipher_request *req); ++int crypto4xx_decrypt_ctr(struct skcipher_request *req); + int crypto4xx_encrypt_iv(struct skcipher_request *req); + int crypto4xx_decrypt_iv(struct skcipher_request *req); + int crypto4xx_encrypt_noiv(struct skcipher_request *req); diff --git a/target/linux/apm821xx/patches-4.14/022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch b/target/linux/apm821xx/patches-4.14/022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch new file mode 100644 index 0000000000..1467f368b7 --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch @@ -0,0 +1,71 @@ +From fc340115ffb8235c1bbd200c28855e6373d0dd1a Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 19 Apr 2018 18:41:55 +0200 +Subject: [PATCH 6/8] crypto: crypto4xx - properly set IV after de- and encrypt + +This patch fixes cts(cbc(aes)) test when cbc-aes-ppc4xx is used. +alg: skcipher: Test 1 failed (invalid result) on encryption for cts(cbc-aes-ppc4xx) +00000000: 4b 10 75 fc 2f 14 1b 6a 27 35 37 33 d1 b7 70 05 +00000010: 97 +alg: skcipher: Failed to load transform for cts(cbc(aes)): -2 + +The CTS cipher mode expect the IV (req->iv) of skcipher_request +to contain the last ciphertext block after the {en,de}crypt +operation is complete. + +Fix this issue for the AMCC Crypto4xx hardware engine. +The tcrypt test case for cts(cbc(aes)) is now correctly passed. + +name : cts(cbc(aes)) +driver : cts(cbc-aes-ppc4xx) +module : cts +priority : 300 +refcnt : 1 +selftest : passed +internal : no +type : skcipher +async : yes +blocksize : 16 +min keysize : 16 +max keysize : 32 +ivsize : 16 +chunksize : 16 +walksize : 16 + +Signed-off-by: Christian Lamparter +Signed-off-by: Herbert Xu +--- + drivers/crypto/amcc/crypto4xx_alg.c | 3 ++- + drivers/crypto/amcc/crypto4xx_core.c | 9 +++++++++ + 2 files changed, 11 insertions(+), 1 deletion(-) + +--- a/drivers/crypto/amcc/crypto4xx_alg.c ++++ b/drivers/crypto/amcc/crypto4xx_alg.c +@@ -141,7 +141,8 @@ static int crypto4xx_setkey_aes(struct c + /* Setup SA */ + sa = ctx->sa_in; + +- set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV, ++ set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_CBC ? ++ SA_SAVE_IV : SA_NOT_SAVE_IV), + SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, + SA_NO_HEADER_PROC, SA_HASH_ALG_NULL, + SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO, +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -545,6 +545,15 @@ static void crypto4xx_cipher_done(struct + addr = dma_map_page(dev->core_dev->device, sg_page(dst), + dst->offset, dst->length, DMA_FROM_DEVICE); + } ++ ++ if (pd_uinfo->sa_va->sa_command_0.bf.save_iv == SA_SAVE_IV) { ++ struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); ++ ++ crypto4xx_memcpy_from_le32((u32 *)req->iv, ++ pd_uinfo->sr_va->save_iv, ++ crypto_skcipher_ivsize(skcipher)); ++ } ++ + crypto4xx_ret_sg_desc(dev, pd_uinfo); + + if (pd_uinfo->state & PD_ENTRY_BUSY) diff --git a/target/linux/apm821xx/patches-4.14/022-0007-crypto-crypto4xx-extend-aead-fallback-checks.patch b/target/linux/apm821xx/patches-4.14/022-0007-crypto-crypto4xx-extend-aead-fallback-checks.patch new file mode 100644 index 0000000000..37aefc241c --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/022-0007-crypto-crypto4xx-extend-aead-fallback-checks.patch @@ -0,0 +1,102 @@ +From 584201f1895d915c1aa523bc86afdc126e94beca Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 19 Apr 2018 18:41:56 +0200 +Subject: [PATCH 7/8] crypto: crypto4xx - extend aead fallback checks + +1020 bytes is the limit for associated data. Any more +and it will no longer fit into hash_crypto_offset anymore. + +The hardware will not process aead requests with plaintext +that have less than AES_BLOCK_SIZE bytes. When decrypting +aead requests the authsize has to be taken in account as +well, as it is part of the cryptlen. Otherwise the hardware +will think it has been misconfigured and will return: + +aead return err status = 0x98 + +For rtc4543(gcm(aes)), the hardware has a dedicated GMAC +mode as part of the hash function set. + +Signed-off-by: Christian Lamparter +Signed-off-by: Herbert Xu +--- + drivers/crypto/amcc/crypto4xx_alg.c | 30 +++++++++++++++-------------- + 1 file changed, 16 insertions(+), 14 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_alg.c ++++ b/drivers/crypto/amcc/crypto4xx_alg.c +@@ -321,6 +321,7 @@ int crypto4xx_decrypt_ctr(struct skciphe + } + + static inline bool crypto4xx_aead_need_fallback(struct aead_request *req, ++ unsigned int len, + bool is_ccm, bool decrypt) + { + struct crypto_aead *aead = crypto_aead_reqtfm(req); +@@ -330,14 +331,14 @@ static inline bool crypto4xx_aead_need_f + return true; + + /* +- * hardware does not handle cases where cryptlen +- * is less than a block ++ * hardware does not handle cases where plaintext ++ * is less than a block. + */ +- if (req->cryptlen < AES_BLOCK_SIZE) ++ if (len < AES_BLOCK_SIZE) + return true; + +- /* assoc len needs to be a multiple of 4 */ +- if (req->assoclen & 0x3) ++ /* assoc len needs to be a multiple of 4 and <= 1020 */ ++ if (req->assoclen & 0x3 || req->assoclen > 1020) + return true; + + /* CCM supports only counter field length of 2 and 4 bytes */ +@@ -449,17 +450,17 @@ static int crypto4xx_crypt_aes_ccm(struc + { + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct crypto_aead *aead = crypto_aead_reqtfm(req); +- unsigned int len = req->cryptlen; + __le32 iv[16]; + u32 tmp_sa[SA_AES128_CCM_LEN + 4]; + struct dynamic_sa_ctl *sa = (struct dynamic_sa_ctl *)tmp_sa; +- +- if (crypto4xx_aead_need_fallback(req, true, decrypt)) +- return crypto4xx_aead_fallback(req, ctx, decrypt); ++ unsigned int len = req->cryptlen; + + if (decrypt) + len -= crypto_aead_authsize(aead); + ++ if (crypto4xx_aead_need_fallback(req, len, true, decrypt)) ++ return crypto4xx_aead_fallback(req, ctx, decrypt); ++ + memcpy(tmp_sa, decrypt ? ctx->sa_in : ctx->sa_out, ctx->sa_len * 4); + sa->sa_command_0.bf.digest_len = crypto_aead_authsize(aead) >> 2; + +@@ -605,18 +606,19 @@ static inline int crypto4xx_crypt_aes_gc + bool decrypt) + { + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); +- unsigned int len = req->cryptlen; ++ struct crypto4xx_aead_reqctx *rctx = aead_request_ctx(req); + __le32 iv[4]; ++ unsigned int len = req->cryptlen; ++ ++ if (decrypt) ++ len -= crypto_aead_authsize(crypto_aead_reqtfm(req)); + +- if (crypto4xx_aead_need_fallback(req, false, decrypt)) ++ if (crypto4xx_aead_need_fallback(req, len, false, decrypt)) + return crypto4xx_aead_fallback(req, ctx, decrypt); + + crypto4xx_memcpy_to_le32(iv, req->iv, GCM_AES_IV_SIZE); + iv[3] = cpu_to_le32(1); + +- if (decrypt) +- len -= crypto_aead_authsize(crypto_aead_reqtfm(req)); +- + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + len, iv, sizeof(iv), + decrypt ? ctx->sa_in : ctx->sa_out, diff --git a/target/linux/apm821xx/patches-4.14/022-0008-crypto-crypto4xx-put-temporary-dst-sg-into-request-c.patch b/target/linux/apm821xx/patches-4.14/022-0008-crypto-crypto4xx-put-temporary-dst-sg-into-request-c.patch new file mode 100644 index 0000000000..b83cacc98f --- /dev/null +++ b/target/linux/apm821xx/patches-4.14/022-0008-crypto-crypto4xx-put-temporary-dst-sg-into-request-c.patch @@ -0,0 +1,157 @@ +From 658c9d2b9f374c835d0348d852a3f002196628d0 Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Thu, 19 Apr 2018 18:41:57 +0200 +Subject: [PATCH 8/8] crypto: crypto4xx - put temporary dst sg into request ctx + +This patch fixes a crash that happens when testing rfc4543(gcm(aes)) + +Unable to handle kernel paging request for data at address 0xf59b3420 +Faulting instruction address: 0xc0012994 +Oops: Kernel access of bad area, sig: 11 [#1] +BE PowerPC 44x Platform +Modules linked in: tcrypt(+) crypto4xx [...] +CPU: 0 PID: 0 Comm: swapper Tainted: G O 4.17.0-rc1+ #23 +NIP: c0012994 LR: d3077934 CTR: 06026d49 +REGS: cfff7e30 TRAP: 0300 Tainted: G O (4.17.0-rc1+) +MSR: 00029000 CR: 44744822 XER: 00000000 +DEAR: f59b3420 ESR: 00000000 +NIP [c0012994] __dma_sync+0x58/0x10c +LR [d3077934] crypto4xx_bh_tasklet_cb+0x188/0x3c8 [crypto4xx] + +__dma_sync was fed the temporary _dst that crypto4xx_build_pd() +had in it's function stack. This clearly never worked. +This patch therefore overhauls the code from the original driver +and puts the temporary dst sg list into aead's request context. + +Fixes: a0aae821ba3d3 ("crypto: crypto4xx - prepare for AEAD support") +Signed-off-by: Christian Lamparter +Signed-off-by: Herbert Xu +--- + drivers/crypto/amcc/crypto4xx_alg.c | 15 ++++++++------- + drivers/crypto/amcc/crypto4xx_core.c | 10 +++++----- + drivers/crypto/amcc/crypto4xx_core.h | 7 ++++++- + 3 files changed, 19 insertions(+), 13 deletions(-) + +--- a/drivers/crypto/amcc/crypto4xx_alg.c ++++ b/drivers/crypto/amcc/crypto4xx_alg.c +@@ -87,7 +87,7 @@ static inline int crypto4xx_crypt(struct + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->cryptlen, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out, +- ctx->sa_len, 0); ++ ctx->sa_len, 0, NULL); + } + + int crypto4xx_encrypt_noiv(struct skcipher_request *req) +@@ -223,7 +223,7 @@ int crypto4xx_rfc3686_encrypt(struct skc + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->cryptlen, iv, AES_IV_SIZE, +- ctx->sa_out, ctx->sa_len, 0); ++ ctx->sa_out, ctx->sa_len, 0, NULL); + } + + int crypto4xx_rfc3686_decrypt(struct skcipher_request *req) +@@ -238,7 +238,7 @@ int crypto4xx_rfc3686_decrypt(struct skc + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + req->cryptlen, iv, AES_IV_SIZE, +- ctx->sa_out, ctx->sa_len, 0); ++ ctx->sa_out, ctx->sa_len, 0, NULL); + } + + static int +@@ -449,6 +449,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp + static int crypto4xx_crypt_aes_ccm(struct aead_request *req, bool decrypt) + { + struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); ++ struct crypto4xx_aead_reqctx *rctx = aead_request_ctx(req); + struct crypto_aead *aead = crypto_aead_reqtfm(req); + __le32 iv[16]; + u32 tmp_sa[SA_AES128_CCM_LEN + 4]; +@@ -474,7 +475,7 @@ static int crypto4xx_crypt_aes_ccm(struc + + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + len, iv, sizeof(iv), +- sa, ctx->sa_len, req->assoclen); ++ sa, ctx->sa_len, req->assoclen, rctx->dst); + } + + int crypto4xx_encrypt_aes_ccm(struct aead_request *req) +@@ -622,7 +623,7 @@ static inline int crypto4xx_crypt_aes_gc + return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, + len, iv, sizeof(iv), + decrypt ? ctx->sa_in : ctx->sa_out, +- ctx->sa_len, req->assoclen); ++ ctx->sa_len, req->assoclen, rctx->dst); + } + + int crypto4xx_encrypt_aes_gcm(struct aead_request *req) +@@ -707,7 +708,7 @@ int crypto4xx_hash_update(struct ahash_r + + return crypto4xx_build_pd(&req->base, ctx, req->src, &dst, + req->nbytes, NULL, 0, ctx->sa_in, +- ctx->sa_len, 0); ++ ctx->sa_len, 0, NULL); + } + + int crypto4xx_hash_final(struct ahash_request *req) +@@ -726,7 +727,7 @@ int crypto4xx_hash_digest(struct ahash_r + + return crypto4xx_build_pd(&req->base, ctx, req->src, &dst, + req->nbytes, NULL, 0, ctx->sa_in, +- ctx->sa_len, 0); ++ ctx->sa_len, 0, NULL); + } + + /** +--- a/drivers/crypto/amcc/crypto4xx_core.c ++++ b/drivers/crypto/amcc/crypto4xx_core.c +@@ -695,9 +695,9 @@ int crypto4xx_build_pd(struct crypto_asy + const __le32 *iv, const u32 iv_len, + const struct dynamic_sa_ctl *req_sa, + const unsigned int sa_len, +- const unsigned int assoclen) ++ const unsigned int assoclen, ++ struct scatterlist *_dst) + { +- struct scatterlist _dst[2]; + struct crypto4xx_device *dev = ctx->dev; + struct dynamic_sa_ctl *sa; + struct ce_gd *gd; +@@ -996,9 +996,9 @@ static int crypto4xx_aead_init(struct cr + + amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.aead); + crypto4xx_ctx_init(amcc_alg, ctx); +- crypto_aead_set_reqsize(tfm, sizeof(struct aead_request) + +- max(sizeof(struct crypto4xx_ctx), 32 + +- crypto_aead_reqsize(ctx->sw_cipher.aead))); ++ crypto_aead_set_reqsize(tfm, max(sizeof(struct aead_request) + 32 + ++ crypto_aead_reqsize(ctx->sw_cipher.aead), ++ sizeof(struct crypto4xx_aead_reqctx))); + return 0; + } + +--- a/drivers/crypto/amcc/crypto4xx_core.h ++++ b/drivers/crypto/amcc/crypto4xx_core.h +@@ -133,6 +133,10 @@ struct crypto4xx_ctx { + } sw_cipher; + }; + ++struct crypto4xx_aead_reqctx { ++ struct scatterlist dst[2]; ++}; ++ + struct crypto4xx_alg_common { + u32 type; + union { +@@ -159,7 +163,8 @@ int crypto4xx_build_pd(struct crypto_asy + const __le32 *iv, const u32 iv_len, + const struct dynamic_sa_ctl *sa, + const unsigned int sa_len, +- const unsigned int assoclen); ++ const unsigned int assoclen, ++ struct scatterlist *dst_tmp); + int crypto4xx_setkey_aes_cbc(struct crypto_skcipher *cipher, + const u8 *key, unsigned int keylen); + int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher, diff --git a/target/linux/apm821xx/patches-4.14/120-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch b/target/linux/apm821xx/patches-4.14/120-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch deleted file mode 100644 index fc8df38867..0000000000 --- a/target/linux/apm821xx/patches-4.14/120-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 4baa099377d73ea99c7802a9685815b32e8bf119 Mon Sep 17 00:00:00 2001 -From: Christian Lamparter -Date: Thu, 21 Dec 2017 15:08:18 +0100 -Subject: [PATCH 1/6] crypto: crypto4xx - shuffle iomap in front of request_irq - -It is possible to avoid the ce_base null pointer check in the -drivers' interrupt handler routine "crypto4xx_ce_interrupt_handler()" -by simply doing the iomap in front of the IRQ registration. - -This way, the ce_base will always be valid in the handler and -a branch in an critical path can be avoided. - -Signed-off-by: Christian Lamparter ---- - drivers/crypto/amcc/crypto4xx_core.c | 21 +++++++++------------ - 1 file changed, 9 insertions(+), 12 deletions(-) - ---- a/drivers/crypto/amcc/crypto4xx_core.c -+++ b/drivers/crypto/amcc/crypto4xx_core.c -@@ -1075,9 +1075,6 @@ static irqreturn_t crypto4xx_ce_interrup - struct device *dev = (struct device *)data; - struct crypto4xx_core_device *core_dev = dev_get_drvdata(dev); - -- if (!core_dev->dev->ce_base) -- return 0; -- - writel(PPC4XX_INTERRUPT_CLR, - core_dev->dev->ce_base + CRYPTO4XX_INT_CLR); - tasklet_schedule(&core_dev->tasklet); -@@ -1325,13 +1322,6 @@ static int crypto4xx_probe(struct platfo - tasklet_init(&core_dev->tasklet, crypto4xx_bh_tasklet_cb, - (unsigned long) dev); - -- /* Register for Crypto isr, Crypto Engine IRQ */ -- core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0); -- rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0, -- core_dev->dev->name, dev); -- if (rc) -- goto err_request_irq; -- - core_dev->dev->ce_base = of_iomap(ofdev->dev.of_node, 0); - if (!core_dev->dev->ce_base) { - dev_err(dev, "failed to of_iomap\n"); -@@ -1339,6 +1329,13 @@ static int crypto4xx_probe(struct platfo - goto err_iomap; - } - -+ /* Register for Crypto isr, Crypto Engine IRQ */ -+ core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0); -+ rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0, -+ core_dev->dev->name, dev); -+ if (rc) -+ goto err_request_irq; -+ - /* need to setup pdr, rdr, gdr and sdr before this */ - crypto4xx_hw_init(core_dev->dev); - -@@ -1352,11 +1349,11 @@ static int crypto4xx_probe(struct platfo - return 0; - - err_start_dev: -- iounmap(core_dev->dev->ce_base); --err_iomap: - free_irq(core_dev->irq, dev); - err_request_irq: - irq_dispose_mapping(core_dev->irq); -+ iounmap(core_dev->dev->ce_base); -+err_iomap: - tasklet_kill(&core_dev->tasklet); - err_build_sdr: - crypto4xx_destroy_sdr(core_dev->dev); diff --git a/target/linux/apm821xx/patches-4.14/120-0002-crypto-crypto4xx-support-Revision-B-parts.patch b/target/linux/apm821xx/patches-4.14/120-0002-crypto-crypto4xx-support-Revision-B-parts.patch deleted file mode 100644 index 1adad96fe1..0000000000 --- a/target/linux/apm821xx/patches-4.14/120-0002-crypto-crypto4xx-support-Revision-B-parts.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 1e932b627e79aa2c70e2c7278e4ac930303faa3f Mon Sep 17 00:00:00 2001 -From: Christian Lamparter -Date: Thu, 21 Dec 2017 15:09:18 +0100 -Subject: [PATCH 2/6] crypto: crypto4xx - support Revision B parts - -This patch adds support for the crypto4xx RevB cores -found in the 460EX, 460SX and later cores (like the APM821xx). - -Without this patch, the crypto4xx driver will not be -able to process any offloaded requests and simply hang -indefinitely. - -Signed-off-by: Christian Lamparter ---- - drivers/crypto/amcc/crypto4xx_core.c | 48 +++++++++++++++++++++++++++++---- - drivers/crypto/amcc/crypto4xx_core.h | 1 + - drivers/crypto/amcc/crypto4xx_reg_def.h | 4 ++- - 3 files changed, 47 insertions(+), 6 deletions(-) - ---- a/drivers/crypto/amcc/crypto4xx_core.c -+++ b/drivers/crypto/amcc/crypto4xx_core.c -@@ -128,7 +128,14 @@ static void crypto4xx_hw_init(struct cry - writel(PPC4XX_INT_DESCR_CNT, dev->ce_base + CRYPTO4XX_INT_DESCR_CNT); - writel(PPC4XX_INT_DESCR_CNT, dev->ce_base + CRYPTO4XX_INT_DESCR_CNT); - writel(PPC4XX_INT_CFG, dev->ce_base + CRYPTO4XX_INT_CFG); -- writel(PPC4XX_PD_DONE_INT, dev->ce_base + CRYPTO4XX_INT_EN); -+ if (dev->is_revb) { -+ writel(PPC4XX_INT_TIMEOUT_CNT_REVB << 10, -+ dev->ce_base + CRYPTO4XX_INT_TIMEOUT_CNT); -+ writel(PPC4XX_PD_DONE_INT | PPC4XX_TMO_ERR_INT, -+ dev->ce_base + CRYPTO4XX_INT_EN); -+ } else { -+ writel(PPC4XX_PD_DONE_INT, dev->ce_base + CRYPTO4XX_INT_EN); -+ } - } - - int crypto4xx_alloc_sa(struct crypto4xx_ctx *ctx, u32 size) -@@ -1070,18 +1077,29 @@ static void crypto4xx_bh_tasklet_cb(unsi - /** - * Top Half of isr. - */ --static irqreturn_t crypto4xx_ce_interrupt_handler(int irq, void *data) -+static inline irqreturn_t crypto4xx_interrupt_handler(int irq, void *data, -+ u32 clr_val) - { - struct device *dev = (struct device *)data; - struct crypto4xx_core_device *core_dev = dev_get_drvdata(dev); - -- writel(PPC4XX_INTERRUPT_CLR, -- core_dev->dev->ce_base + CRYPTO4XX_INT_CLR); -+ writel(clr_val, core_dev->dev->ce_base + CRYPTO4XX_INT_CLR); - tasklet_schedule(&core_dev->tasklet); - - return IRQ_HANDLED; - } - -+static irqreturn_t crypto4xx_ce_interrupt_handler(int irq, void *data) -+{ -+ return crypto4xx_interrupt_handler(irq, data, PPC4XX_INTERRUPT_CLR); -+} -+ -+static irqreturn_t crypto4xx_ce_interrupt_handler_revb(int irq, void *data) -+{ -+ return crypto4xx_interrupt_handler(irq, data, PPC4XX_INTERRUPT_CLR | -+ PPC4XX_TMO_ERR_INT); -+} -+ - /** - * Supported Crypto Algorithms - */ -@@ -1263,6 +1281,8 @@ static int crypto4xx_probe(struct platfo - struct resource res; - struct device *dev = &ofdev->dev; - struct crypto4xx_core_device *core_dev; -+ u32 pvr; -+ bool is_revb = true; - - rc = of_address_to_resource(ofdev->dev.of_node, 0, &res); - if (rc) -@@ -1279,6 +1299,7 @@ static int crypto4xx_probe(struct platfo - mfdcri(SDR0, PPC405EX_SDR0_SRST) | PPC405EX_CE_RESET); - mtdcri(SDR0, PPC405EX_SDR0_SRST, - mfdcri(SDR0, PPC405EX_SDR0_SRST) & ~PPC405EX_CE_RESET); -+ is_revb = false; - } else if (of_find_compatible_node(NULL, NULL, - "amcc,ppc460sx-crypto")) { - mtdcri(SDR0, PPC460SX_SDR0_SRST, -@@ -1301,7 +1322,22 @@ static int crypto4xx_probe(struct platfo - if (!core_dev->dev) - goto err_alloc_dev; - -+ /* -+ * Older version of 460EX/GT have a hardware bug. -+ * Hence they do not support H/W based security intr coalescing -+ */ -+ pvr = mfspr(SPRN_PVR); -+ if (is_revb && ((pvr >> 4) == 0x130218A)) { -+ u32 min = PVR_MIN(pvr); -+ -+ if (min < 4) { -+ dev_info(dev, "RevA detected - disable interrupt coalescing\n"); -+ is_revb = false; -+ } -+ } -+ - core_dev->dev->core_dev = core_dev; -+ core_dev->dev->is_revb = is_revb; - core_dev->device = dev; - spin_lock_init(&core_dev->lock); - INIT_LIST_HEAD(&core_dev->dev->alg_list); -@@ -1331,7 +1367,9 @@ static int crypto4xx_probe(struct platfo - - /* Register for Crypto isr, Crypto Engine IRQ */ - core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0); -- rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0, -+ rc = request_irq(core_dev->irq, is_revb ? -+ crypto4xx_ce_interrupt_handler_revb : -+ crypto4xx_ce_interrupt_handler, 0, - core_dev->dev->name, dev); - if (rc) - goto err_request_irq; ---- a/drivers/crypto/amcc/crypto4xx_core.h -+++ b/drivers/crypto/amcc/crypto4xx_core.h -@@ -109,6 +109,7 @@ struct crypto4xx_device { - struct list_head alg_list; /* List of algorithm supported - by this device */ - struct ratelimit_state aead_ratelimit; -+ bool is_revb; - }; - - struct crypto4xx_core_device { ---- a/drivers/crypto/amcc/crypto4xx_reg_def.h -+++ b/drivers/crypto/amcc/crypto4xx_reg_def.h -@@ -121,13 +121,15 @@ - #define PPC4XX_PD_SIZE 6 - #define PPC4XX_CTX_DONE_INT 0x2000 - #define PPC4XX_PD_DONE_INT 0x8000 -+#define PPC4XX_TMO_ERR_INT 0x40000 - #define PPC4XX_BYTE_ORDER 0x22222 - #define PPC4XX_INTERRUPT_CLR 0x3ffff - #define PPC4XX_PRNG_CTRL_AUTO_EN 0x3 - #define PPC4XX_DC_3DES_EN 1 - #define PPC4XX_TRNG_EN 0x00020000 --#define PPC4XX_INT_DESCR_CNT 4 -+#define PPC4XX_INT_DESCR_CNT 7 - #define PPC4XX_INT_TIMEOUT_CNT 0 -+#define PPC4XX_INT_TIMEOUT_CNT_REVB 0x3FF - #define PPC4XX_INT_CFG 1 - /** - * all follow define are ad hoc diff --git a/target/linux/apm821xx/patches-4.14/120-0003-crypto-crypto4xx-fix-missing-irq-devname.patch b/target/linux/apm821xx/patches-4.14/120-0003-crypto-crypto4xx-fix-missing-irq-devname.patch deleted file mode 100644 index a295fa4616..0000000000 --- a/target/linux/apm821xx/patches-4.14/120-0003-crypto-crypto4xx-fix-missing-irq-devname.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 00179ef6e3c4e5db6258cd6e273e4063b8437d18 Mon Sep 17 00:00:00 2001 -From: Christian Lamparter -Date: Thu, 21 Dec 2017 15:10:18 +0100 -Subject: [PATCH 3/6] crypto: crypto4xx - fix missing irq devname - -crypto4xx_device's name variable is not set to anything. -The common devname for request_irq seems to be the module -name. This will fix the seemingly anonymous interrupt -entry in /proc/interrupts for crypto4xx. - -Signed-off-by: Christian Lamparter ---- - drivers/crypto/amcc/crypto4xx_core.c | 2 +- - drivers/crypto/amcc/crypto4xx_core.h | 1 - - 2 files changed, 1 insertion(+), 2 deletions(-) - ---- a/drivers/crypto/amcc/crypto4xx_core.c -+++ b/drivers/crypto/amcc/crypto4xx_core.c -@@ -1370,7 +1370,7 @@ static int crypto4xx_probe(struct platfo - rc = request_irq(core_dev->irq, is_revb ? - crypto4xx_ce_interrupt_handler_revb : - crypto4xx_ce_interrupt_handler, 0, -- core_dev->dev->name, dev); -+ KBUILD_MODNAME, dev); - if (rc) - goto err_request_irq; - ---- a/drivers/crypto/amcc/crypto4xx_core.h -+++ b/drivers/crypto/amcc/crypto4xx_core.h -@@ -82,7 +82,6 @@ struct pd_uinfo { - - struct crypto4xx_device { - struct crypto4xx_core_device *core_dev; -- char *name; - void __iomem *ce_base; - void __iomem *trng_base; - diff --git a/target/linux/apm821xx/patches-4.14/120-0004-crypto-crypto4xx-kill-MODULE_NAME.patch b/target/linux/apm821xx/patches-4.14/120-0004-crypto-crypto4xx-kill-MODULE_NAME.patch deleted file mode 100644 index 4ee99f44cf..0000000000 --- a/target/linux/apm821xx/patches-4.14/120-0004-crypto-crypto4xx-kill-MODULE_NAME.patch +++ /dev/null @@ -1,47 +0,0 @@ -From c3621f23fed7d6fff33083ae538004ea59c01d8f Mon Sep 17 00:00:00 2001 -From: Christian Lamparter -Date: Thu, 21 Dec 2017 15:11:18 +0100 -Subject: [PATCH 4/6] crypto: crypto4xx - kill MODULE_NAME - -KBUILD_MODNAME provides the same value. - -Signed-off-by: Christian Lamparter ---- - drivers/crypto/amcc/crypto4xx_core.c | 2 +- - drivers/crypto/amcc/crypto4xx_core.h | 2 -- - drivers/crypto/amcc/crypto4xx_trng.c | 2 +- - 3 files changed, 2 insertions(+), 4 deletions(-) - ---- a/drivers/crypto/amcc/crypto4xx_core.c -+++ b/drivers/crypto/amcc/crypto4xx_core.c -@@ -1432,7 +1432,7 @@ MODULE_DEVICE_TABLE(of, crypto4xx_match) - - static struct platform_driver crypto4xx_driver = { - .driver = { -- .name = MODULE_NAME, -+ .name = KBUILD_MODNAME, - .of_match_table = crypto4xx_match, - }, - .probe = crypto4xx_probe, ---- a/drivers/crypto/amcc/crypto4xx_core.h -+++ b/drivers/crypto/amcc/crypto4xx_core.h -@@ -28,8 +28,6 @@ - #include "crypto4xx_reg_def.h" - #include "crypto4xx_sa.h" - --#define MODULE_NAME "crypto4xx" -- - #define PPC460SX_SDR0_SRST 0x201 - #define PPC405EX_SDR0_SRST 0x200 - #define PPC460EX_SDR0_SRST 0x201 ---- a/drivers/crypto/amcc/crypto4xx_trng.c -+++ b/drivers/crypto/amcc/crypto4xx_trng.c -@@ -92,7 +92,7 @@ void ppc4xx_trng_probe(struct crypto4xx_ - if (!rng) - goto err_out; - -- rng->name = MODULE_NAME; -+ rng->name = KBUILD_MODNAME; - rng->data_present = ppc4xx_trng_data_present; - rng->data_read = ppc4xx_trng_data_read; - rng->priv = (unsigned long) dev; diff --git a/target/linux/apm821xx/patches-4.14/120-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch b/target/linux/apm821xx/patches-4.14/120-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch deleted file mode 100644 index 0dbd924e3c..0000000000 --- a/target/linux/apm821xx/patches-4.14/120-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 5b3856d1d98e6f6a58b70c1c0d7da3fb5f042e9c Mon Sep 17 00:00:00 2001 -From: Christian Lamparter -Date: Thu, 21 Dec 2017 16:00:01 +0100 -Subject: [PATCH 5/6] crypto: crypto4xx - perform aead icv check in the driver - -The ccm-aes-ppc4xx now fails one of testmgr's expected -failure test cases as such: - -alg: aead: decryption failed on test 10 for ccm-aes-ppc4xx: ret was 0, expected -EBADMSG - -Upon closer inspection, it turned out that the hardware's -crypto flags that would indicate an authentification failure -are not set by the hardware. The original vendor source from -which this was ported does not have any special code or notes -about why this would happen or if there are any WAs. - -Hence, this patch converts the aead_done callback handler to -perform the icv check in the driver. And this fixes the false -negative and the ccm-aes-ppc4xx passes the selftests once again. - -|name : ccm(aes) -|driver : ccm-aes-ppc4xx -|module : crypto4xx -|priority : 300 -|refcnt : 1 -|selftest : passed -|internal : no -|type : aead -|async : yes -|blocksize : 1 -|ivsize : 16 -|maxauthsize : 16 -|geniv : - -Signed-off-by: Christian Lamparter ---- - drivers/crypto/amcc/crypto4xx_alg.c | 6 +--- - drivers/crypto/amcc/crypto4xx_core.c | 54 ++++++++++++++++++------------------ - 2 files changed, 28 insertions(+), 32 deletions(-) - ---- a/drivers/crypto/amcc/crypto4xx_alg.c -+++ b/drivers/crypto/amcc/crypto4xx_alg.c -@@ -256,10 +256,6 @@ static inline bool crypto4xx_aead_need_f - if (is_ccm && !(req->iv[0] == 1 || req->iv[0] == 3)) - return true; - -- /* CCM - fix CBC MAC mismatch in special case */ -- if (is_ccm && decrypt && !req->assoclen) -- return true; -- - return false; - } - -@@ -330,7 +326,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp - sa = (struct dynamic_sa_ctl *) ctx->sa_in; - sa->sa_contents.w = SA_AES_CCM_CONTENTS | (keylen << 2); - -- set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV, -+ set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV, - SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, - SA_NO_HEADER_PROC, SA_HASH_ALG_CBC_MAC, - SA_CIPHER_ALG_AES, ---- a/drivers/crypto/amcc/crypto4xx_core.c -+++ b/drivers/crypto/amcc/crypto4xx_core.c -@@ -577,15 +577,14 @@ static void crypto4xx_aead_done(struct c - struct pd_uinfo *pd_uinfo, - struct ce_pd *pd) - { -- struct aead_request *aead_req; -- struct crypto4xx_ctx *ctx; -+ struct aead_request *aead_req = container_of(pd_uinfo->async_req, -+ struct aead_request, base); - struct scatterlist *dst = pd_uinfo->dest_va; -+ size_t cp_len = crypto_aead_authsize( -+ crypto_aead_reqtfm(aead_req)); -+ u32 icv[cp_len]; - int err = 0; - -- aead_req = container_of(pd_uinfo->async_req, struct aead_request, -- base); -- ctx = crypto_tfm_ctx(aead_req->base.tfm); -- - if (pd_uinfo->using_sd) { - crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo, - pd->pd_ctl_len.bf.pkt_len, -@@ -597,38 +596,39 @@ static void crypto4xx_aead_done(struct c - - if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) { - /* append icv at the end */ -- size_t cp_len = crypto_aead_authsize( -- crypto_aead_reqtfm(aead_req)); -- u32 icv[cp_len]; -- - crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest, - cp_len); - - scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen, - cp_len, 1); -+ } else { -+ /* check icv at the end */ -+ scatterwalk_map_and_copy(icv, aead_req->src, -+ aead_req->assoclen + aead_req->cryptlen - -+ cp_len, cp_len, 0); -+ -+ crypto4xx_memcpy_from_le32(icv, icv, cp_len); -+ -+ if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len)) -+ err = -EBADMSG; - } - - crypto4xx_ret_sg_desc(dev, pd_uinfo); - - if (pd->pd_ctl.bf.status & 0xff) { -- if (pd->pd_ctl.bf.status & 0x1) { -- /* authentication error */ -- err = -EBADMSG; -- } else { -- if (!__ratelimit(&dev->aead_ratelimit)) { -- if (pd->pd_ctl.bf.status & 2) -- pr_err("pad fail error\n"); -- if (pd->pd_ctl.bf.status & 4) -- pr_err("seqnum fail\n"); -- if (pd->pd_ctl.bf.status & 8) -- pr_err("error _notify\n"); -- pr_err("aead return err status = 0x%02x\n", -- pd->pd_ctl.bf.status & 0xff); -- pr_err("pd pad_ctl = 0x%08x\n", -- pd->pd_ctl.bf.pd_pad_ctl); -- } -- err = -EINVAL; -+ if (!__ratelimit(&dev->aead_ratelimit)) { -+ if (pd->pd_ctl.bf.status & 2) -+ pr_err("pad fail error\n"); -+ if (pd->pd_ctl.bf.status & 4) -+ pr_err("seqnum fail\n"); -+ if (pd->pd_ctl.bf.status & 8) -+ pr_err("error _notify\n"); -+ pr_err("aead return err status = 0x%02x\n", -+ pd->pd_ctl.bf.status & 0xff); -+ pr_err("pd pad_ctl = 0x%08x\n", -+ pd->pd_ctl.bf.pd_pad_ctl); - } -+ err = -EINVAL; - } - - if (pd_uinfo->state & PD_ENTRY_BUSY) diff --git a/target/linux/apm821xx/patches-4.14/120-0006-crypto-crypto4xx-performance-optimizations.patch b/target/linux/apm821xx/patches-4.14/120-0006-crypto-crypto4xx-performance-optimizations.patch deleted file mode 100644 index 0475fdaf8f..0000000000 --- a/target/linux/apm821xx/patches-4.14/120-0006-crypto-crypto4xx-performance-optimizations.patch +++ /dev/null @@ -1,158 +0,0 @@ -From 30afcbb01a750a1ef0cee8a0861a347912c2e4fb Mon Sep 17 00:00:00 2001 -From: Christian Lamparter -Date: Thu, 21 Dec 2017 16:00:01 +0100 -Subject: [PATCH 6/6] crypto: crypto4xx - performance optimizations - -This patch provides a cheap 2MiB/s+ (~ 6%) performance -improvement over the current code. This is because the -compiler can now optimize several endian swap memcpy. - -Signed-off-by: Christian Lamparter ---- - drivers/crypto/amcc/crypto4xx_alg.c | 32 +++++++++++++++++++------------- - drivers/crypto/amcc/crypto4xx_core.c | 22 +++++++++++----------- - drivers/crypto/amcc/crypto4xx_core.h | 6 ++++-- - 3 files changed, 34 insertions(+), 26 deletions(-) - ---- a/drivers/crypto/amcc/crypto4xx_alg.c -+++ b/drivers/crypto/amcc/crypto4xx_alg.c -@@ -74,32 +74,38 @@ static void set_dynamic_sa_command_1(str - sa->sa_command_1.bf.copy_hdr = cp_hdr; - } - --int crypto4xx_encrypt(struct ablkcipher_request *req) -+static inline int crypto4xx_crypt(struct ablkcipher_request *req, -+ const unsigned int ivlen, bool decrypt) - { - struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); -- unsigned int ivlen = crypto_ablkcipher_ivsize( -- crypto_ablkcipher_reqtfm(req)); - __le32 iv[ivlen]; - - if (ivlen) - crypto4xx_memcpy_to_le32(iv, req->info, ivlen); - - return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, -- req->nbytes, iv, ivlen, ctx->sa_out, ctx->sa_len, 0); -+ req->nbytes, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out, -+ ctx->sa_len, 0); - } - --int crypto4xx_decrypt(struct ablkcipher_request *req) -+int crypto4xx_encrypt_noiv(struct ablkcipher_request *req) - { -- struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm); -- unsigned int ivlen = crypto_ablkcipher_ivsize( -- crypto_ablkcipher_reqtfm(req)); -- __le32 iv[ivlen]; -+ return crypto4xx_crypt(req, 0, false); -+} - -- if (ivlen) -- crypto4xx_memcpy_to_le32(iv, req->info, ivlen); -+int crypto4xx_encrypt_iv(struct ablkcipher_request *req) -+{ -+ return crypto4xx_crypt(req, AES_IV_SIZE, false); -+} - -- return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst, -- req->nbytes, iv, ivlen, ctx->sa_in, ctx->sa_len, 0); -+int crypto4xx_decrypt_noiv(struct ablkcipher_request *req) -+{ -+ return crypto4xx_crypt(req, 0, true); -+} -+ -+int crypto4xx_decrypt_iv(struct ablkcipher_request *req) -+{ -+ return crypto4xx_crypt(req, AES_IV_SIZE, true); - } - - /** ---- a/drivers/crypto/amcc/crypto4xx_core.c -+++ b/drivers/crypto/amcc/crypto4xx_core.c -@@ -582,7 +582,7 @@ static void crypto4xx_aead_done(struct c - struct scatterlist *dst = pd_uinfo->dest_va; - size_t cp_len = crypto_aead_authsize( - crypto_aead_reqtfm(aead_req)); -- u32 icv[cp_len]; -+ u32 icv[AES_BLOCK_SIZE]; - int err = 0; - - if (pd_uinfo->using_sd) { -@@ -597,7 +597,7 @@ static void crypto4xx_aead_done(struct c - if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) { - /* append icv at the end */ - crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest, -- cp_len); -+ sizeof(icv)); - - scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen, - cp_len, 1); -@@ -607,7 +607,7 @@ static void crypto4xx_aead_done(struct c - aead_req->assoclen + aead_req->cryptlen - - cp_len, cp_len, 0); - -- crypto4xx_memcpy_from_le32(icv, icv, cp_len); -+ crypto4xx_memcpy_from_le32(icv, icv, sizeof(icv)); - - if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len)) - err = -EBADMSG; -@@ -1124,8 +1124,8 @@ static struct crypto4xx_alg_common crypt - .max_keysize = AES_MAX_KEY_SIZE, - .ivsize = AES_IV_SIZE, - .setkey = crypto4xx_setkey_aes_cbc, -- .encrypt = crypto4xx_encrypt, -- .decrypt = crypto4xx_decrypt, -+ .encrypt = crypto4xx_encrypt_iv, -+ .decrypt = crypto4xx_decrypt_iv, - } - } - }}, -@@ -1148,8 +1148,8 @@ static struct crypto4xx_alg_common crypt - .max_keysize = AES_MAX_KEY_SIZE, - .ivsize = AES_IV_SIZE, - .setkey = crypto4xx_setkey_aes_cfb, -- .encrypt = crypto4xx_encrypt, -- .decrypt = crypto4xx_decrypt, -+ .encrypt = crypto4xx_encrypt_iv, -+ .decrypt = crypto4xx_decrypt_iv, - } - } - } }, -@@ -1197,8 +1197,8 @@ static struct crypto4xx_alg_common crypt - .min_keysize = AES_MIN_KEY_SIZE, - .max_keysize = AES_MAX_KEY_SIZE, - .setkey = crypto4xx_setkey_aes_ecb, -- .encrypt = crypto4xx_encrypt, -- .decrypt = crypto4xx_decrypt, -+ .encrypt = crypto4xx_encrypt_noiv, -+ .decrypt = crypto4xx_decrypt_noiv, - } - } - } }, -@@ -1221,8 +1221,8 @@ static struct crypto4xx_alg_common crypt - .max_keysize = AES_MAX_KEY_SIZE, - .ivsize = AES_IV_SIZE, - .setkey = crypto4xx_setkey_aes_ofb, -- .encrypt = crypto4xx_encrypt, -- .decrypt = crypto4xx_decrypt, -+ .encrypt = crypto4xx_encrypt_iv, -+ .decrypt = crypto4xx_decrypt_iv, - } - } - } }, ---- a/drivers/crypto/amcc/crypto4xx_core.h -+++ b/drivers/crypto/amcc/crypto4xx_core.h -@@ -168,8 +168,10 @@ int crypto4xx_setkey_aes_ofb(struct cryp - const u8 *key, unsigned int keylen); - int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher, - const u8 *key, unsigned int keylen); --int crypto4xx_encrypt(struct ablkcipher_request *req); --int crypto4xx_decrypt(struct ablkcipher_request *req); -+int crypto4xx_encrypt_iv(struct ablkcipher_request *req); -+int crypto4xx_decrypt_iv(struct ablkcipher_request *req); -+int crypto4xx_encrypt_noiv(struct ablkcipher_request *req); -+int crypto4xx_decrypt_noiv(struct ablkcipher_request *req); - int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req); - int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req); - int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm); -- cgit v1.2.3