* Re: [v9 PATCH] crypto: caam - add support for RSA algorithm
From: Cristian Stoica @ 2016-07-04 9:06 UTC (permalink / raw)
To: Herbert Xu, Tudor-Dan Ambarus
Cc: linux-crypto@vger.kernel.org, Horia Ioan Geanta Neag
In-Reply-To: <20160704084606.GA31460@gondor.apana.org.au>
Hi Herbert,
I've tried the following builds and both fail:
make mrproper
make defconfig
make drivers/crypto/qat/qat_common/qat_asym_algs.o
....
drivers/crypto/qat/qat_common/qat_asym_algs.c:55:32: fatal error: qat_rsapubkey-asn1.h: No such file or directory
#include "qat_rsapubkey-asn1.h"
make mrproper
make defconfig
make drivers/crypto/caam/caampkc.o
...
drivers/crypto/caam/caampkc.c:17:28: fatal error: rsapubkey-asn1.h: No such file or directory
#include "rsapubkey-asn1.h"
Is there an expectation of building these modules as described above without using make config or make menuconfig to properly set the dependencies?
Thanks for your time,
Cristian S.
^ permalink raw reply
* Re: Why null skcipher to copy AAD data?
From: Herbert Xu @ 2016-07-05 5:03 UTC (permalink / raw)
To: Harsh Jain; +Cc: linux-crypto
In-Reply-To: <CAFXBA==GZRefGrLxjYtNbViPEyasdvbbHwJ4hS+swtVfSR=HQA@mail.gmail.com>
Harsh Jain <harshjain.prof@gmail.com> wrote:
>
> Why we need null skcipher to copy AAD from src to dst buffer. We can
> do the same with some function,who can copy data from src sg list to
> dst sg list.
Well first of all we don't have such a function, and even if
you took the trouble of actually writing one would it really
be that much faster than using the null skcipher?
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* RE: [v9 PATCH] crypto: caam - add support for RSA algorithm
From: Tudor-Dan Ambarus @ 2016-07-04 9:50 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto@vger.kernel.org, Horia Ioan Geanta Neag
In-Reply-To: <20160704084606.GA31460@gondor.apana.org.au>
> Please look at your patch. It's broken, you're including
>
> +#include "rsapubkey-asn1.h"
> +#include "rsaprivkey-asn1.h"
>
> which no longer exist.
Right, the inclusions, together with:
+ccflags-y += -I$(srctree)/crypto
are leftovers. I will submit a v10 patch.
These files (from crypto/) are generated by the asn1 compiler
when building the rsa_generic support. caampkc selects CRYPTO_RSA,
so the compilation should work.
Anyway, this problem disappears when removing the inclusions.
Thanks,
ta
^ permalink raw reply
* [PATCH] Enable slice hang handling for C3X and C6X devices.
From: Conor McLoughlin @ 2016-07-05 9:07 UTC (permalink / raw)
To: linux-crypto; +Cc: Conor McLoughlin
If the QAT device fails to respond to a command, a watchdog
timer triggers an interrupt. This event is reported and the
the interrupt cleared. A separate watchdog register is used
for sym and asym crypto.
Signed-off-by: Conor McLoughlin <conor.mcloughlin@intel.com>
---
drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.c | 8 ++
drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.h | 2 +
drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.c | 16 +++
drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.h | 2 +
drivers/crypto/qat/qat_common/adf_accel_devices.h | 33 ++++++
drivers/crypto/qat/qat_common/adf_cfg_common.h | 1 +
drivers/crypto/qat/qat_common/adf_common_drv.h | 2 +
drivers/crypto/qat/qat_common/adf_init.c | 41 +++++++-
drivers/crypto/qat/qat_common/adf_isr.c | 115 +++++++++++++++++++-
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 6 +
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.h | 2 +
11 files changed, 220 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.c b/drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.c
index 6bc68bc..32e1c6c 100644
--- a/drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.c
+++ b/drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.c
@@ -149,6 +149,11 @@ static u32 get_vintmsk_offset(u32 i)
return ADF_C3XXX_VINTMSK_OFFSET(i);
}
+static u32 get_clock_speed(struct adf_hw_device_data *self)
+{
+ return ADF_C3X_CLK_PER_SEC;
+}
+
static void adf_enable_error_correction(struct adf_accel_dev *accel_dev)
{
struct adf_hw_device_data *hw_device = accel_dev->hw_device;
@@ -217,6 +222,7 @@ void adf_init_hw_data_c3xxx(struct adf_hw_device_data *hw_data)
hw_data->get_misc_bar_id = get_misc_bar_id;
hw_data->get_pf2vf_offset = get_pf2vf_offset;
hw_data->get_vintmsk_offset = get_vintmsk_offset;
+ hw_data->get_clock_speed = get_clock_speed;
hw_data->get_sku = get_sku;
hw_data->fw_name = ADF_C3XXX_FW;
hw_data->fw_mmp_name = ADF_C3XXX_MMP;
@@ -228,6 +234,8 @@ void adf_init_hw_data_c3xxx(struct adf_hw_device_data *hw_data)
hw_data->exit_arb = adf_exit_arb;
hw_data->get_arb_mapping = adf_get_arbiter_mapping;
hw_data->enable_ints = adf_enable_ints;
+ hw_data->set_ssm_wdtimer = adf_set_ssm_wdtimer;
+ hw_data->check_slice_hang = adf_check_slice_hang;
hw_data->enable_vf2pf_comms = adf_pf_enable_vf2pf_comms;
hw_data->reset_device = adf_reset_flr;
hw_data->min_iov_compat_ver = ADF_PFVF_COMPATIBILITY_VERSION;
diff --git a/drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.h b/drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.h
index 2f2681d..36fcfa0 100644
--- a/drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.h
+++ b/drivers/crypto/qat/qat_c3xxx/adf_c3xxx_hw_data.h
@@ -71,6 +71,8 @@
#define ADF_C3XXX_CERRSSMSH(i) (i * 0x4000 + 0x10)
#define ADF_C3XXX_ERRSSMSH_EN BIT(3)
+#define ADF_C3X_CLK_PER_SEC (343 * 1000000)
+
#define ADF_C3XXX_PF2VF_OFFSET(i) (0x3A000 + 0x280 + ((i) * 0x04))
#define ADF_C3XXX_VINTMSK_OFFSET(i) (0x3A000 + 0x200 + ((i) * 0x04))
diff --git a/drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.c b/drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.c
index 618cec3..19081a1 100644
--- a/drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.c
+++ b/drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.c
@@ -159,6 +159,11 @@ static u32 get_vintmsk_offset(u32 i)
return ADF_C62X_VINTMSK_OFFSET(i);
}
+static u32 get_clock_speed(struct adf_hw_device_data *self)
+{
+ return ADF_C6X_CLK_PER_SEC;
+}
+
static void adf_enable_error_correction(struct adf_accel_dev *accel_dev)
{
struct adf_hw_device_data *hw_device = accel_dev->hw_device;
@@ -190,6 +195,8 @@ static void adf_enable_error_correction(struct adf_accel_dev *accel_dev)
static void adf_enable_ints(struct adf_accel_dev *accel_dev)
{
void __iomem *addr;
+ struct adf_hw_device_data *hw_device = accel_dev->hw_device;
+ u32 i;
addr = (&GET_BARS(accel_dev)[ADF_C62X_PMISC_BAR])->virt_addr;
@@ -198,6 +205,12 @@ static void adf_enable_ints(struct adf_accel_dev *accel_dev)
ADF_C62X_SMIA0_MASK);
ADF_CSR_WR(addr, ADF_C62X_SMIAPF1_MASK_OFFSET,
ADF_C62X_SMIA1_MASK);
+
+ /* Enable slice hang interrupt */
+ for (i = 0; i < hw_device->get_num_accels(hw_device); i++) {
+ ADF_CSR_WR(addr, ADF_SHINTMASKSSM(i),
+ ADF_ENABLE_SLICE_HANG);
+ }
}
static int adf_pf_enable_vf2pf_comms(struct adf_accel_dev *accel_dev)
@@ -227,6 +240,7 @@ void adf_init_hw_data_c62x(struct adf_hw_device_data *hw_data)
hw_data->get_misc_bar_id = get_misc_bar_id;
hw_data->get_pf2vf_offset = get_pf2vf_offset;
hw_data->get_vintmsk_offset = get_vintmsk_offset;
+ hw_data->get_clock_speed = get_clock_speed;
hw_data->get_sku = get_sku;
hw_data->fw_name = ADF_C62X_FW;
hw_data->fw_mmp_name = ADF_C62X_MMP;
@@ -238,6 +252,8 @@ void adf_init_hw_data_c62x(struct adf_hw_device_data *hw_data)
hw_data->exit_arb = adf_exit_arb;
hw_data->get_arb_mapping = adf_get_arbiter_mapping;
hw_data->enable_ints = adf_enable_ints;
+ hw_data->set_ssm_wdtimer = adf_set_ssm_wdtimer;
+ hw_data->check_slice_hang = adf_check_slice_hang;
hw_data->enable_vf2pf_comms = adf_pf_enable_vf2pf_comms;
hw_data->reset_device = adf_reset_flr;
hw_data->min_iov_compat_ver = ADF_PFVF_COMPATIBILITY_VERSION;
diff --git a/drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.h b/drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.h
index 17a8a32..3cf5dfb 100644
--- a/drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.h
+++ b/drivers/crypto/qat/qat_c62x/adf_c62x_hw_data.h
@@ -72,6 +72,8 @@
#define ADF_C62X_CERRSSMSH(i) (i * 0x4000 + 0x10)
#define ADF_C62X_ERRSSMSH_EN BIT(3)
+#define ADF_C6X_CLK_PER_SEC (343 * 1000000)
+
#define ADF_C62X_PF2VF_OFFSET(i) (0x3A000 + 0x280 + ((i) * 0x04))
#define ADF_C62X_VINTMSK_OFFSET(i) (0x3A000 + 0x200 + ((i) * 0x04))
diff --git a/drivers/crypto/qat/qat_common/adf_accel_devices.h b/drivers/crypto/qat/qat_common/adf_accel_devices.h
index e882253..971251a 100644
--- a/drivers/crypto/qat/qat_common/adf_accel_devices.h
+++ b/drivers/crypto/qat/qat_common/adf_accel_devices.h
@@ -67,6 +67,36 @@
#define ADF_C3XXXIOV_PCI_DEVICE_ID 0x19e3
#define ADF_ERRSOU3 (0x3A000 + 0x0C)
#define ADF_ERRSOU5 (0x3A000 + 0xD8)
+
+#define ADF_EMSK3_CPM0_MASK BIT(2)
+#define ADF_EMSK3_CPM1_MASK BIT(3)
+#define ADF_EMSK5_CPM2_MASK BIT(16)
+#define ADF_EMSK5_CPM3_MASK BIT(17)
+#define ADF_EMSK5_CPM4_MASK BIT(18)
+
+#define ADF_INTSTATSSM(i) ((i) * 0x4000 + 0x04)
+#define ADF_INTSTATSSM_SHANGERR BIT(13)
+#define ADF_UERRSSMSH(i) ((i) * 0x4000 + 0x18)
+#define ADF_UERRSSMSHAD(i) ((i) * 0x4000 + 0x1C)
+#define ADF_SLICEHANGSTATUS(i) ((i) * 0x4000 + 0x4C)
+#define ADF_SLICE_HANG_AUTH0_MASK BIT(0)
+#define ADF_SLICE_HANG_AUTH1_MASK BIT(1)
+#define ADF_SLICE_HANG_CPHR0_MASK BIT(4)
+#define ADF_SLICE_HANG_CPHR1_MASK BIT(5)
+#define ADF_SLICE_HANG_CMP0_MASK BIT(8)
+#define ADF_SLICE_HANG_CMP1_MASK BIT(9)
+#define ADF_SLICE_HANG_XLT0_MASK BIT(12)
+#define ADF_SLICE_HANG_XLT1_MASK BIT(13)
+#define ADF_SLICE_HANG_MMP0_MASK BIT(16)
+#define ADF_SLICE_HANG_MMP1_MASK BIT(17)
+#define ADF_SLICE_HANG_MMP2_MASK BIT(18)
+#define ADF_SLICE_HANG_MMP3_MASK BIT(19)
+#define ADF_SLICE_HANG_MMP4_MASK BIT(20)
+#define ADF_SSMWDT(i) ((i) * 0x4000 + 0x54)
+#define ADF_SSMWDTPKE(i) ((i) * 0x4000 + 0x58)
+#define ADF_SHINTMASKSSM(i) ((i) * 0x4000 + 0x1018)
+#define ADF_ENABLE_SLICE_HANG 0x000000
+
#define ADF_DEVICE_FUSECTL_OFFSET 0x40
#define ADF_DEVICE_LEGFUSE_OFFSET 0x4C
#define ADF_PCI_MAX_BARS 3
@@ -162,6 +192,7 @@ struct adf_hw_device_data {
uint32_t (*get_num_accels)(struct adf_hw_device_data *self);
uint32_t (*get_pf2vf_offset)(uint32_t i);
uint32_t (*get_vintmsk_offset)(uint32_t i);
+ uint32_t (*get_clock_speed)(struct adf_hw_device_data *self);
enum dev_sku_info (*get_sku)(struct adf_hw_device_data *self);
int (*alloc_irq)(struct adf_accel_dev *accel_dev);
void (*free_irq)(struct adf_accel_dev *accel_dev);
@@ -175,6 +206,8 @@ struct adf_hw_device_data {
const uint32_t **cfg);
void (*disable_iov)(struct adf_accel_dev *accel_dev);
void (*enable_ints)(struct adf_accel_dev *accel_dev);
+ bool (*check_slice_hang)(struct adf_accel_dev *accel_dev);
+ int (*set_ssm_wdtimer)(struct adf_accel_dev *accel_dev);
int (*enable_vf2pf_comms)(struct adf_accel_dev *accel_dev);
void (*reset_device)(struct adf_accel_dev *accel_dev);
const char *fw_name;
diff --git a/drivers/crypto/qat/qat_common/adf_cfg_common.h b/drivers/crypto/qat/qat_common/adf_cfg_common.h
index 8c4f657..1454857 100644
--- a/drivers/crypto/qat/qat_common/adf_cfg_common.h
+++ b/drivers/crypto/qat/qat_common/adf_cfg_common.h
@@ -61,6 +61,7 @@
#define ADF_CFG_AFFINITY_WHATEVER 0xFF
#define MAX_DEVICE_NAME_SIZE 32
#define ADF_MAX_DEVICES (32 * 32)
+#define ADF_SSM_WDT_DEFAULT_VALUE 100
enum adf_cfg_val_type {
ADF_DEC,
diff --git a/drivers/crypto/qat/qat_common/adf_common_drv.h b/drivers/crypto/qat/qat_common/adf_common_drv.h
index 980e074..9585239 100644
--- a/drivers/crypto/qat/qat_common/adf_common_drv.h
+++ b/drivers/crypto/qat/qat_common/adf_common_drv.h
@@ -152,6 +152,8 @@ int adf_send_admin_init(struct adf_accel_dev *accel_dev);
int adf_init_arb(struct adf_accel_dev *accel_dev);
void adf_exit_arb(struct adf_accel_dev *accel_dev);
void adf_update_ring_arb(struct adf_etr_ring_data *ring);
+int adf_set_ssm_wdtimer(struct adf_accel_dev *accel_dev);
+bool adf_check_slice_hang(struct adf_accel_dev *accel_dev);
int adf_dev_get(struct adf_accel_dev *accel_dev);
void adf_dev_put(struct adf_accel_dev *accel_dev);
diff --git a/drivers/crypto/qat/qat_common/adf_init.c b/drivers/crypto/qat/qat_common/adf_init.c
index 888c667..e837325 100644
--- a/drivers/crypto/qat/qat_common/adf_init.c
+++ b/drivers/crypto/qat/qat_common/adf_init.c
@@ -88,6 +88,33 @@ int adf_service_unregister(struct service_hndl *service)
}
/**
+ * adf_set_ssm_wdtimer() - Initialize the slice hang watchdog timer.
+ *
+ * Return: 0 on success, error code otherwise.
+ */
+int adf_set_ssm_wdtimer(struct adf_accel_dev *accel_dev)
+{
+ struct adf_hw_device_data *hw_data = accel_dev->hw_device;
+ u32 timer_val = ADF_SSM_WDT_DEFAULT_VALUE;
+ struct adf_bar *misc_bar = &GET_BARS(accel_dev)[hw_data->
+ get_misc_bar_id(hw_data)];
+ void __iomem *csr = misc_bar->virt_addr;
+ u32 clk_per_sec = hw_data->get_clock_speed(hw_data);
+ u32 i;
+
+ /* Convert msec to CPP clocks */
+ timer_val = timer_val * (clk_per_sec / 1000);
+
+ for (i = 0; i < hw_data->get_num_accels(hw_data); i++) {
+ ADF_CSR_WR(csr, ADF_SSMWDT(i), timer_val);
+ ADF_CSR_WR(csr, ADF_SSMWDTPKE(i), timer_val);
+ }
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(adf_set_ssm_wdtimer);
+
+/**
* adf_dev_init() - Init data structures and services for the given accel device
* @accel_dev: Pointer to acceleration device.
*
@@ -128,8 +155,6 @@ int adf_dev_init(struct adf_accel_dev *accel_dev)
return -EFAULT;
}
- hw_data->enable_ints(accel_dev);
-
if (adf_ae_init(accel_dev)) {
dev_err(&GET_DEV(accel_dev),
"Failed to initialise Acceleration Engine\n");
@@ -150,6 +175,8 @@ int adf_dev_init(struct adf_accel_dev *accel_dev)
}
set_bit(ADF_STATUS_IRQ_ALLOCATED, &accel_dev->status);
+ hw_data->enable_ints(accel_dev);
+
/*
* Subservice initialisation is divided into two stages: init and start.
* This is to facilitate any ordering dependencies between services
@@ -169,6 +196,16 @@ int adf_dev_init(struct adf_accel_dev *accel_dev)
hw_data->enable_error_correction(accel_dev);
hw_data->enable_vf2pf_comms(accel_dev);
+ /*
+ * Set ssm watch dog timer for slice hang detection
+ * Note! Not supported on devices older than C62x
+ */
+ if (hw_data->set_ssm_wdtimer && hw_data->set_ssm_wdtimer(accel_dev)) {
+ dev_err(&GET_DEV(accel_dev),
+ "QAT: Failed to set ssm watch dog timer\n");
+ return -EFAULT;
+ }
+
return 0;
}
EXPORT_SYMBOL_GPL(adf_dev_init);
diff --git a/drivers/crypto/qat/qat_common/adf_isr.c b/drivers/crypto/qat/qat_common/adf_isr.c
index 06d4901..b06e39e 100644
--- a/drivers/crypto/qat/qat_common/adf_isr.c
+++ b/drivers/crypto/qat/qat_common/adf_isr.c
@@ -100,17 +100,111 @@ static irqreturn_t adf_msix_isr_bundle(int irq, void *bank_ptr)
return IRQ_HANDLED;
}
+static void adf_log_slice_hang(struct adf_accel_dev *accel_dev,
+ u8 accel_num, char *unit_name, u8 unit_number)
+{
+ dev_err(&GET_DEV(accel_dev),
+ "CPM #%x Slice Hang Detected unit: %s%d.\n",
+ accel_num, unit_name, unit_number);
+}
+
+static bool adf_handle_slice_hang(struct adf_accel_dev *accel_dev,
+ u8 accel_num, void __iomem *csr)
+{
+ u32 slice_hang = ADF_CSR_RD(csr, ADF_SLICEHANGSTATUS(accel_num));
+
+ if (!slice_hang)
+ return false;
+
+ if (slice_hang & ADF_SLICE_HANG_AUTH0_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "Auth", 0);
+ if (slice_hang & ADF_SLICE_HANG_AUTH1_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "Auth", 1);
+ if (slice_hang & ADF_SLICE_HANG_CPHR0_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "Cipher", 0);
+ if (slice_hang & ADF_SLICE_HANG_CPHR1_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "Cipher", 1);
+ if (slice_hang & ADF_SLICE_HANG_CMP0_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "Comp", 0);
+ if (slice_hang & ADF_SLICE_HANG_CMP1_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "Comp", 1);
+ if (slice_hang & ADF_SLICE_HANG_XLT0_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "Xlator", 0);
+ if (slice_hang & ADF_SLICE_HANG_XLT1_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "Xlator", 1);
+ if (slice_hang & ADF_SLICE_HANG_MMP0_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "MMP", 0);
+ if (slice_hang & ADF_SLICE_HANG_MMP1_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "MMP", 1);
+ if (slice_hang & ADF_SLICE_HANG_MMP2_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "MMP", 2);
+ if (slice_hang & ADF_SLICE_HANG_MMP3_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "MMP", 3);
+ if (slice_hang & ADF_SLICE_HANG_MMP4_MASK)
+ adf_log_slice_hang(accel_dev, accel_num, "MMP", 4);
+
+ /* Clear the associated interrupt - write 1 to clear */
+ ADF_CSR_WR(csr, ADF_SLICEHANGSTATUS(accel_num), slice_hang);
+
+ return true;
+}
+
+/**
+ * adf_check_slice_hang() - Check slice hang status
+ *
+ * Return: true if a slice hange interrupt is serviced..
+ */
+bool adf_check_slice_hang(struct adf_accel_dev *accel_dev)
+{
+ struct adf_hw_device_data *hw_data = accel_dev->hw_device;
+ struct adf_bar *misc_bar =
+ &GET_BARS(accel_dev)[hw_data->get_misc_bar_id(hw_data)];
+ void __iomem *csr = misc_bar->virt_addr;
+ u32 errsou3 = ADF_CSR_RD(csr, ADF_ERRSOU3);
+ u32 errsou5 = ADF_CSR_RD(csr, ADF_ERRSOU5);
+ u32 accel_num;
+ bool handled = false;
+ u32 num_accels = hw_data->get_num_accels(hw_data);
+ u32 errsou[] = {errsou3, errsou3, errsou5, errsou5, errsou5};
+ u32 mask[] = {ADF_EMSK3_CPM0_MASK,
+ ADF_EMSK3_CPM1_MASK,
+ ADF_EMSK5_CPM2_MASK,
+ ADF_EMSK5_CPM3_MASK,
+ ADF_EMSK5_CPM4_MASK};
+
+ for (accel_num = 0; accel_num < num_accels; accel_num++) {
+ if (accel_num >= ARRAY_SIZE(errsou)) {
+ dev_err(&GET_DEV(accel_dev),
+ "Invalid num_accels %d.\n", num_accels);
+ break;
+ }
+
+ if (errsou[accel_num] & mask[accel_num]) {
+ if (ADF_CSR_RD(csr, ADF_INTSTATSSM(accel_num)) &
+ ADF_INTSTATSSM_SHANGERR)
+ handled |= adf_handle_slice_hang(accel_dev,
+ accel_num,
+ csr);
+ }
+ }
+
+ return handled;
+}
+EXPORT_SYMBOL_GPL(adf_check_slice_hang);
+
static irqreturn_t adf_msix_isr_ae(int irq, void *dev_ptr)
{
struct adf_accel_dev *accel_dev = dev_ptr;
+ struct adf_hw_device_data *hw_data = accel_dev->hw_device;
+ struct adf_bar *pmisc =
+ &GET_BARS(accel_dev)[hw_data->get_misc_bar_id(hw_data)];
+ void __iomem *pmisc_bar_addr = pmisc->virt_addr;
+ u32 errsou3;
+ u32 errsou5;
#ifdef CONFIG_PCI_IOV
/* If SR-IOV is enabled (vf_info is non-NULL), check for VF->PF ints */
if (accel_dev->pf.vf_info) {
- struct adf_hw_device_data *hw_data = accel_dev->hw_device;
- struct adf_bar *pmisc =
- &GET_BARS(accel_dev)[hw_data->get_misc_bar_id(hw_data)];
- void __iomem *pmisc_bar_addr = pmisc->virt_addr;
u32 vf_mask;
/* Get the interrupt sources triggered by VFs */
@@ -154,8 +248,17 @@ static irqreturn_t adf_msix_isr_ae(int irq, void *dev_ptr)
}
#endif /* CONFIG_PCI_IOV */
- dev_dbg(&GET_DEV(accel_dev), "qat_dev%d spurious AE interrupt\n",
- accel_dev->accel_id);
+ if (hw_data->check_slice_hang &&
+ hw_data->check_slice_hang(accel_dev))
+ return IRQ_HANDLED;
+
+ errsou3 = ADF_CSR_RD(pmisc_bar_addr, ADF_ERRSOU3);
+ errsou5 = ADF_CSR_RD(pmisc_bar_addr, ADF_ERRSOU5);
+ if (errsou3 | errsou5)
+ adf_print_err_registers(pmisc_bar_addr, accel_dev, hw_data);
+ else
+ dev_dbg(&GET_DEV(accel_dev), "qat_dev%d spurious AE interrupt\n",
+ accel_dev->accel_id);
return IRQ_NONE;
}
diff --git a/drivers/crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c b/drivers/crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c
index 1dfcab3..a18b7ad 100644
--- a/drivers/crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c
+++ b/drivers/crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c
@@ -171,6 +171,11 @@ static uint32_t get_vintmsk_offset(uint32_t i)
return ADF_DH895XCC_VINTMSK_OFFSET(i);
}
+static u32 get_clock_speed(struct adf_hw_device_data *self)
+{
+ return ADF_DH895X_CLK_PER_SEC;
+}
+
static void adf_enable_error_correction(struct adf_accel_dev *accel_dev)
{
struct adf_hw_device_data *hw_device = accel_dev->hw_device;
@@ -239,6 +244,7 @@ void adf_init_hw_data_dh895xcc(struct adf_hw_device_data *hw_data)
hw_data->get_misc_bar_id = get_misc_bar_id;
hw_data->get_pf2vf_offset = get_pf2vf_offset;
hw_data->get_vintmsk_offset = get_vintmsk_offset;
+ hw_data->get_clock_speed = get_clock_speed;
hw_data->get_sram_bar_id = get_sram_bar_id;
hw_data->get_sku = get_sku;
hw_data->fw_name = ADF_DH895XCC_FW;
diff --git a/drivers/crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.h b/drivers/crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.h
index 092f735..58af612 100644
--- a/drivers/crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.h
+++ b/drivers/crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.h
@@ -78,6 +78,8 @@
#define ADF_DH895XCC_CERRSSMSH(i) (i * 0x4000 + 0x10)
#define ADF_DH895XCC_ERRSSMSH_EN BIT(3)
+#define ADF_DH895X_CLK_PER_SEC (467 * 1000000)
+
#define ADF_DH895XCC_PF2VF_OFFSET(i) (0x3A000 + 0x280 + ((i) * 0x04))
#define ADF_DH895XCC_VINTMSK_OFFSET(i) (0x3A000 + 0x200 + ((i) * 0x04))
/* FW names */
--
1.7.4.1
^ permalink raw reply related
* Здравствуйте! Вас интересуют клиентские базы данных? ДА - НЕТ пришлите на email: aburov52@gmail.com Skype: prodawez389 Пришлем подробности!
From: flitkin13 @ 2016-07-04 13:16 UTC (permalink / raw)
Здравствуйте! Вас интересуют клиентские базы данных? ДА - НЕТ пришлите на email: aburov52@gmail.com Skype: prodawez389 Пришлем подробности!
^ permalink raw reply
* RE: [PATCH] Enable slice hang handling for C3X and C6X devices.
From: Mcloughlin, Conor @ 2016-07-05 11:04 UTC (permalink / raw)
To: linux-crypto@vger.kernel.org
In-Reply-To: <1467709627-26551-1-git-send-email-conor.mcloughlin@intel.com>
> -----Original Message-----
> From: Mcloughlin, Conor
> Sent: Tuesday, July 5, 2016 10:07 AM
> To: linux-crypto@vger.kernel.org
> Cc: Mcloughlin, Conor <conor.mcloughlin@intel.com>
> Subject: [PATCH] Enable slice hang handling for C3X and C6X devices.
>
> If the QAT device fails to respond to a command, a watchdog
> timer triggers an interrupt. This event is reported and the
> the interrupt cleared. A separate watchdog register is used
> for sym and asym crypto.
>
> Signed-off-by: Conor McLoughlin <conor.mcloughlin@intel.com>
Please ignore this patch. It depends on other functionality that has not yet been submitted.
--------------------------------------------------------------
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.
^ permalink raw reply
* AEAD: Having separate underlying cipher handle for each request
From: Ondrej Mosnáček @ 2016-07-05 11:44 UTC (permalink / raw)
To: linux-crypto
Hi,
I'm trying to experimentally implement the GCM-SIV AEAD algorithm from
[1] for the Linux crypto API and I've ran into a problem...
Basically, the encryption/decryption process starts by deriving a
so-called "record-encryption key" from the nonce (by encrypting it
using another key) and this key is then used to encrypt the plaintext
in CTR mode and to encrypt the final authentication tag (otherwise it
works similarly to GCM).
Since the API is asynchronous and multiple requests can be executed in
parallel over a single cipher handle (according to [2]), I need to
have a separate underlying cipher handle for each AEAD request.
Now this is a problem, because aead_request has no init/destroy
mechanism where I could allocate/free the cipher handle, which means I
would have to do this inside the encrypt/decrypt function. AFAIK,
allocating with GFP_KERNEL inside encrypt/decrypt functions is
problematic, as they may be called from an atomic context.
Besides, it seems that also the crypto_*_setkey functions are not
guaranteed to be atomic [3], and I will need to call such function
either way... OTOH, the CTR mode/AES driver should not really need to
allocate any memory there, so this may be tolerable...
Does anyone have any ideas how to deal with this?
BTW, for justification of deriving the key from the nonce see section
9 of [1]. I don't really like the design decision, but there seems to
be no better way to achieve the same property...
Thanks,
Ondrej Mosnáček
[1] https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-01
[2] https://www.kernel.org/doc/htmldocs/crypto-API/ch05s03.html
[3] https://www.spinics.net/lists/linux-crypto/msg17733.html
^ permalink raw reply
* Re: [PATCH 2/2] crypto: powerpc: Add POWER8 optimised crc32c
From: Herbert Xu @ 2016-07-05 15:14 UTC (permalink / raw)
To: Anton Blanchard; +Cc: benh, paulus, mpe, davem, linuxppc-dev, linux-crypto
In-Reply-To: <1467325185-21091-2-git-send-email-anton@ozlabs.org>
On Fri, Jul 01, 2016 at 08:19:45AM +1000, Anton Blanchard wrote:
> From: Anton Blanchard <anton@samba.org>
>
> Use the vector polynomial multiply-sum instructions in POWER8 to
> speed up crc32c.
>
> This is just over 41x faster than the slice-by-8 method that it
> replaces. Measurements on a 4.1 GHz POWER8 show it sustaining
> 52 GiB/sec.
>
> A simple btrfs write performance test:
>
> dd if=/dev/zero of=/mnt/tmpfile bs=1M count=4096
> sync
>
> is over 3.7x faster.
>
> Signed-off-by: Anton Blanchard <anton@samba.org>
Both patches applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH v2] crypto: qat - Switch to new rsa_helper functions
From: Herbert Xu @ 2016-07-05 15:14 UTC (permalink / raw)
To: Salvatore Benedetto; +Cc: linux-crypto
In-Reply-To: <1467625768-2266-1-git-send-email-salvatore.benedetto@intel.com>
On Mon, Jul 04, 2016 at 10:49:28AM +0100, Salvatore Benedetto wrote:
> Drop all asn1 related code and use the new rsa_helper
> functions rsa_parse_[pub|priv]_key for parsing the key
>
> Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
> ---
>
> changes from v1:
> - Remove testmgr unrelated changes
> - Rebased on latest cryptodev-2.6
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: testmgr - Set err before proceeding
From: Herbert Xu @ 2016-07-05 15:15 UTC (permalink / raw)
To: Salvatore Benedetto; +Cc: linux-crypto
In-Reply-To: <1467625954-2707-1-git-send-email-salvatore.benedetto@intel.com>
On Mon, Jul 04, 2016 at 10:52:34AM +0100, Salvatore Benedetto wrote:
> Report correct error in case of failure
>
> Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [v10 PATCH] crypto: caam - add support for RSA algorithm
From: Herbert Xu @ 2016-07-05 15:15 UTC (permalink / raw)
To: Tudor Ambarus; +Cc: linux-crypto
In-Reply-To: <1467627128-16114-1-git-send-email-tudor-dan.ambarus@nxp.com>
On Mon, Jul 04, 2016 at 01:12:08PM +0300, Tudor Ambarus wrote:
> Add RSA support to caam driver.
>
> Initial author is Yashpal Dutta <yashpal.dutta@freescale.com>.
>
> Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
> ---
> Changes in v10:
> - remove unused asn1 header files
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: bfin_crc: Simplify use of devm_ioremap_resource
From: Herbert Xu @ 2016-07-05 15:15 UTC (permalink / raw)
To: Amitoj Kaur Chawla; +Cc: davem, linux-crypto, linux-kernel, julia.lawall
In-Reply-To: <20160704130021.GA16839@amitoj-Inspiron-3542>
On Mon, Jul 04, 2016 at 06:30:21PM +0530, Amitoj Kaur Chawla wrote:
> Remove unneeded error handling on the result of a call to
> platform_get_resource when the value is passed to
> devm_ioremap_resource.
>
> The Coccinelle semantic patch that makes this change is as follows:
>
> // <smpl>
> @@
> expression pdev,res,n,e,e1;
> expression ret != 0;
> identifier l;
> @@
>
> - res = platform_get_resource(pdev, IORESOURCE_MEM, n);
> ... when != res
> - if (res == NULL) { ... \(goto l;\|return ret;\) }
> ... when != res
> + res = platform_get_resource(pdev, IORESOURCE_MEM, n);
> e = devm_ioremap_resource(e1, res);
> // </smpl>
>
> Signed-off-by: Amitoj Kaur Chawla <amitoj1606@gmail.com>
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH 0/3] Add RSA CRT mode to qat driver
From: Herbert Xu @ 2016-07-05 15:16 UTC (permalink / raw)
To: Salvatore Benedetto; +Cc: linux-crypto
In-Reply-To: <1467649300-8951-1-git-send-email-salvatore.benedetto@intel.com>
On Mon, Jul 04, 2016 at 05:21:37PM +0100, Salvatore Benedetto wrote:
> Hi Herbert,
>
> this patchset add CRT mode to qat driver.
> First patch extend the parsing of the private key so that all required CRT
> fields are saved. Second patch add a 4K test key. Third patch extend qat
> to use CRT. This latest patch is based on my patch that drop asn1 from qat
> driver.
>
> Salvatore Benedetto (3):
> crypto: rsa - Store rest of the private key components
> crypto: testmgr - Add 4K private key to RSA testvector
> crypto: qat - Add RSA CRT mode
All applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: AEAD: Having separate underlying cipher handle for each request
From: Stephan Mueller @ 2016-07-05 16:11 UTC (permalink / raw)
To: Ondrej Mosnáček; +Cc: linux-crypto
In-Reply-To: <CAAUqJDvY9x+iOkH_vNQS9+qV+ONkbfgprOKFGcRXNe2788JnBA@mail.gmail.com>
Am Dienstag, 5. Juli 2016, 13:44:05 schrieb Ondrej Mosnáček:
Hi Ondrej,
> Hi,
>
> I'm trying to experimentally implement the GCM-SIV AEAD algorithm from
> [1] for the Linux crypto API and I've ran into a problem...
>
> Basically, the encryption/decryption process starts by deriving a
> so-called "record-encryption key" from the nonce (by encrypting it
> using another key) and this key is then used to encrypt the plaintext
> in CTR mode and to encrypt the final authentication tag (otherwise it
> works similarly to GCM).
I have not yet looked into [1], but it sounds like a specific GCM case, just
like RFC4106 formatting.
Did you consider the structure discussion in [4] and add a specific handler
like the rfc4106() handler on top of GCM?
[4] https://www.kernel.org/doc/htmldocs/crypto-API/ch02s07.html
>
> Since the API is asynchronous and multiple requests can be executed in
> parallel over a single cipher handle (according to [2]), I need to
> have a separate underlying cipher handle for each AEAD request.
>
> Now this is a problem, because aead_request has no init/destroy
> mechanism where I could allocate/free the cipher handle, which means I
> would have to do this inside the encrypt/decrypt function. AFAIK,
> allocating with GFP_KERNEL inside encrypt/decrypt functions is
> problematic, as they may be called from an atomic context.
>
> Besides, it seems that also the crypto_*_setkey functions are not
> guaranteed to be atomic [3], and I will need to call such function
> either way... OTOH, the CTR mode/AES driver should not really need to
> allocate any memory there, so this may be tolerable...
>
> Does anyone have any ideas how to deal with this?
>
> BTW, for justification of deriving the key from the nonce see section
> 9 of [1]. I don't really like the design decision, but there seems to
> be no better way to achieve the same property...
>
> Thanks,
> Ondrej Mosnáček
>
> [1] https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-01
> [2] https://www.kernel.org/doc/htmldocs/crypto-API/ch05s03.html
> [3] https://www.spinics.net/lists/linux-crypto/msg17733.html
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Ciao
Stephan
^ permalink raw reply
* Re: [PATCH v8 6/6] crypto: AF_ALG - add support for key_id
From: Tadeusz Struk @ 2016-07-05 20:27 UTC (permalink / raw)
To: Mat Martineau
Cc: dhowells, herbert, smueller, linux-api, marcel, linux-kernel,
keyrings, linux-crypto, dwmw2, davem
In-Reply-To: <alpine.OSX.2.20.1606291104130.37168@mjmartin-mac01.local>
Hi Mat,
On 06/29/2016 11:43 AM, Mat Martineau wrote:
>> + ret = verify_signature(key, &sig);
>> + if (!ret) {
>> + req->dst_len = sizeof(digest);
>
> I think you fixed the BUG_ON() problem but there's still an issue with
> the handling of the digest. Check the use of sig->digest in
> public_key_verify_signature(), it's an input not an output. Right now it
> looks like 20 uninitialized bytes are compared with the computed digest
> within verify_signature, and then the unintialized bytes are copied to
> req->dst here.
>
> With some modifications to public_key_verify_signature you could get the
> digest you need, but I'm not sure if verification with a hardware key
> (like a key in a TPM) can or can not provide the digest needed. Maybe
> this is why the verify_signature hook in struct asymmetric_key_subtype
> is optional.
>
>> + scatterwalk_map_and_copy(digest, req->dst, 0, req->dst_len, 1);
>> + }
So it looks like the only thing that we need to return to the user in
this case is the return code. Do you agree?
Thanks,
--
TS
^ permalink raw reply
* Re: AEAD: Having separate underlying cipher handle for each request
From: Herbert Xu @ 2016-07-06 6:31 UTC (permalink / raw)
To: Ondrej Mosnáček; +Cc: linux-crypto
In-Reply-To: <CAAUqJDvY9x+iOkH_vNQS9+qV+ONkbfgprOKFGcRXNe2788JnBA@mail.gmail.com>
Ondrej Mosnáček <omosnacek@gmail.com> wrote:
> Hi,
>
> I'm trying to experimentally implement the GCM-SIV AEAD algorithm from
> [1] for the Linux crypto API and I've ran into a problem...
>
> Basically, the encryption/decryption process starts by deriving a
> so-called "record-encryption key" from the nonce (by encrypting it
> using another key) and this key is then used to encrypt the plaintext
> in CTR mode and to encrypt the final authentication tag (otherwise it
> works similarly to GCM).
>
> Since the API is asynchronous and multiple requests can be executed in
> parallel over a single cipher handle (according to [2]), I need to
> have a separate underlying cipher handle for each AEAD request.
>
> Now this is a problem, because aead_request has no init/destroy
> mechanism where I could allocate/free the cipher handle, which means I
> would have to do this inside the encrypt/decrypt function. AFAIK,
> allocating with GFP_KERNEL inside encrypt/decrypt functions is
> problematic, as they may be called from an atomic context.
>
> Besides, it seems that also the crypto_*_setkey functions are not
> guaranteed to be atomic [3], and I will need to call such function
> either way... OTOH, the CTR mode/AES driver should not really need to
> allocate any memory there, so this may be tolerable...
>
> Does anyone have any ideas how to deal with this?
Well you're pretty much screwed as far as performance is concerned.
So just postpone all processing to process context and allocate a new
tfm for each request.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: AEAD: Having separate underlying cipher handle for each request
From: Ondrej Mosnáček @ 2016-07-06 13:07 UTC (permalink / raw)
To: Stephan Mueller; +Cc: linux-crypto
In-Reply-To: <12765125.UxRRnhuqVV@tauon.atsec.com>
Hi Stephan,
2016-07-05 18:11 GMT+02:00, Stephan Mueller <smueller@chronox.de>:
> Am Dienstag, 5. Juli 2016, 13:44:05 schrieb Ondrej Mosnáček:
>
> Hi Ondrej,
>
>> Hi,
>>
>> I'm trying to experimentally implement the GCM-SIV AEAD algorithm from
>> [1] for the Linux crypto API and I've ran into a problem...
>>
>> Basically, the encryption/decryption process starts by deriving a
>> so-called "record-encryption key" from the nonce (by encrypting it
>> using another key) and this key is then used to encrypt the plaintext
>> in CTR mode and to encrypt the final authentication tag (otherwise it
>> works similarly to GCM).
>
> I have not yet looked into [1], but it sounds like a specific GCM case, just
>
> like RFC4106 formatting.
>
> Did you consider the structure discussion in [4] and add a specific handler
>
> like the rfc4106() handler on top of GCM?
>
> [4] https://www.kernel.org/doc/htmldocs/crypto-API/ch02s07.html
Yes, if it were possible, I would certainly do it in such way :)
Unfortunately, this wouldn't work, since there are some significant
differences. For example, in GCM the initial counter block for CTR
encryption is derived directly from the nonce, while in GCM-SIV the
authentication tag is used as the ICB (with MSB set to 1).
Actually, it seems the authors tried to be clever and changed the bit
order to big endian (in gf128mul's terms it uses ble ordering instead
of lle), so even GHASH (here called POLYVAL) may need to be
reimplemented :/
Cheers,
Ondrej
>>
>> Since the API is asynchronous and multiple requests can be executed in
>> parallel over a single cipher handle (according to [2]), I need to
>> have a separate underlying cipher handle for each AEAD request.
>>
>> Now this is a problem, because aead_request has no init/destroy
>> mechanism where I could allocate/free the cipher handle, which means I
>> would have to do this inside the encrypt/decrypt function. AFAIK,
>> allocating with GFP_KERNEL inside encrypt/decrypt functions is
>> problematic, as they may be called from an atomic context.
>>
>> Besides, it seems that also the crypto_*_setkey functions are not
>> guaranteed to be atomic [3], and I will need to call such function
>> either way... OTOH, the CTR mode/AES driver should not really need to
>> allocate any memory there, so this may be tolerable...
>>
>> Does anyone have any ideas how to deal with this?
>>
>> BTW, for justification of deriving the key from the nonce see section
>> 9 of [1]. I don't really like the design decision, but there seems to
>> be no better way to achieve the same property...
>>
>> Thanks,
>> Ondrej Mosnáček
>>
>> [1] https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-01
>> [2] https://www.kernel.org/doc/htmldocs/crypto-API/ch05s03.html
>> [3] https://www.spinics.net/lists/linux-crypto/msg17733.html
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-crypto"
>> in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
> Ciao
> Stephan
>
^ permalink raw reply
* Re: AEAD: Having separate underlying cipher handle for each request
From: Ondrej Mosnáček @ 2016-07-06 13:10 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto
In-Reply-To: <20160706063149.GA14106@gondor.apana.org.au>
2016-07-06 8:31 GMT+02:00, Herbert Xu <herbert@gondor.apana.org.au>:
> Well you're pretty much screwed as far as performance is concerned.
> So just postpone all processing to process context and allocate a new
> tfm for each request.
Yeah, I guess that's the only way then...
Thanks,
Ondrej
>
> Cheers,
> --
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
>
^ permalink raw reply
* Re: DH & KDF
From: Mat Martineau @ 2016-07-06 17:27 UTC (permalink / raw)
To: Stephan Mueller; +Cc: David Howells, Mat Martineau, keyrings, linux-crypto
In-Reply-To: <47344115.AvlVGsj60Z@positron.chronox.de>
Stephan -
On Sat, 2 Jul 2016, Stephan Mueller wrote:
> I am currently working on adding the KDF support to the DH key service. The
> plan is to make it consistent with SP800-56A section 5.8.1 and yet open enough
> to allow other use cases with other KDFs.
>
> Is there already a test tool that already exercises the DH logic that I can
> use to test my extension?
There are DH tests in the 'next' branch for keyutils:
https://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/log/?h=next
An additional patch (waiting for review) is also required ("TEST: Use
correct variable when checking for DH functionality"). I'll forward that
to you.
--
Mat Martineau
Intel OTC
^ permalink raw reply
* Re: DH & KDF
From: Stephan Mueller @ 2016-07-06 18:45 UTC (permalink / raw)
To: Mat Martineau; +Cc: David Howells, keyrings, linux-crypto
In-Reply-To: <alpine.OSX.2.20.1607061021430.2149@mjmartin-mac01.local>
Am Mittwoch, 6. Juli 2016, 10:27:10 schrieb Mat Martineau:
Hi Mat,
>
> There are DH tests in the 'next' branch for keyutils:
>
> https://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/log/?h=ne
> xt
>
> An additional patch (waiting for review) is also required ("TEST: Use
> correct variable when checking for DH functionality"). I'll forward that
> to you.
Thank you very much.
Ciao
Stephan
^ permalink raw reply
* Re: [PATCH v8 6/6] crypto: AF_ALG - add support for key_id
From: Mat Martineau @ 2016-07-06 19:38 UTC (permalink / raw)
To: Tadeusz Struk
Cc: Mat Martineau, dhowells, herbert, smueller, linux-api, marcel,
linux-kernel, keyrings, linux-crypto, dwmw2, davem
In-Reply-To: <e011a955-70c1-0419-9e2d-dea75d319da3@intel.com>
On Tue, 5 Jul 2016, Tadeusz Struk wrote:
> Hi Mat,
> On 06/29/2016 11:43 AM, Mat Martineau wrote:
>>> + ret = verify_signature(key, &sig);
>>> + if (!ret) {
>>> + req->dst_len = sizeof(digest);
>>
>> I think you fixed the BUG_ON() problem but there's still an issue with
>> the handling of the digest. Check the use of sig->digest in
>> public_key_verify_signature(), it's an input not an output. Right now it
>> looks like 20 uninitialized bytes are compared with the computed digest
>> within verify_signature, and then the unintialized bytes are copied to
>> req->dst here.
>>
>> With some modifications to public_key_verify_signature you could get the
>> digest you need, but I'm not sure if verification with a hardware key
>> (like a key in a TPM) can or can not provide the digest needed. Maybe
>> this is why the verify_signature hook in struct asymmetric_key_subtype
>> is optional.
>>
>>> + scatterwalk_map_and_copy(digest, req->dst, 0, req->dst_len, 1);
>>> + }
>
> So it looks like the only thing that we need to return to the user in
> this case is the return code. Do you agree?
The way verify_signature is implemented today, the only output is the
return code. For verify, maybe no read is required (just sendmsg() and
check the return code).
But this isn't the extent of the problem: verify_signature needs both the
signature to be verified and the expected hash as inputs. How is the
expected hash provided? Would you include it as a cmsg header?
ALG_OP_VERIFY should have consistent inputs and outputs whether the key
was set with ALG_SET_KEY_ID or ALG_SET_KEY.
--
Mat Martineau
Intel OTC
^ permalink raw reply
* [PATCH] [linux-next] crypto: doc- Fix double words "the the" in crypto-API.tmpl
From: Masanari Iida @ 2016-07-07 12:58 UTC (permalink / raw)
To: herbert, linux-crypto, linux-kernel, davem; +Cc: Masanari Iida
This patch fix double words "the the" in crypto-API.tmpl.
Signed-off-by: Masanari Iida <standby24x7@gmail.com>
---
Documentation/DocBook/crypto-API.tmpl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/DocBook/crypto-API.tmpl b/Documentation/DocBook/crypto-API.tmpl
index d55dc5a39bad..fb2a1526f6ec 100644
--- a/Documentation/DocBook/crypto-API.tmpl
+++ b/Documentation/DocBook/crypto-API.tmpl
@@ -440,8 +440,8 @@
The type flag specifies the type of the cipher algorithm.
The caller usually provides a 0 when the caller wants the
default handling. Otherwise, the caller may provide the
- following selections which match the the aforementioned
- cipher types:
+ following selections which match the aforementioned cipher
+ types:
</para>
<itemizedlist>
--
2.9.0.243.g5c589a7
^ permalink raw reply related
* [PATCH] crypto: qat - Add DH support
From: Salvatore Benedetto @ 2016-07-07 14:27 UTC (permalink / raw)
To: herbert; +Cc: salvatore.benedetto, linux-crypto
Add DH support under kpp api. Drop struct qat_rsa_request and
introduce a more generic struct qat_asym_request and share it
between RSA and DH requests.
Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
---
drivers/crypto/qat/Kconfig | 1 +
drivers/crypto/qat/qat_common/qat_asym_algs.c | 593 ++++++++++++++++++++++----
2 files changed, 522 insertions(+), 72 deletions(-)
diff --git a/drivers/crypto/qat/Kconfig b/drivers/crypto/qat/Kconfig
index 571d04d..ce3cae4 100644
--- a/drivers/crypto/qat/Kconfig
+++ b/drivers/crypto/qat/Kconfig
@@ -4,6 +4,7 @@ config CRYPTO_DEV_QAT
select CRYPTO_AUTHENC
select CRYPTO_BLKCIPHER
select CRYPTO_AKCIPHER
+ select CRYPTO_DH
select CRYPTO_HMAC
select CRYPTO_RSA
select CRYPTO_SHA1
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index eaff02a..3d56fb8 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -49,6 +49,9 @@
#include <crypto/internal/rsa.h>
#include <crypto/internal/akcipher.h>
#include <crypto/akcipher.h>
+#include <crypto/kpp.h>
+#include <crypto/internal/kpp.h>
+#include <crypto/dh.h>
#include <linux/dma-mapping.h>
#include <linux/fips.h>
#include <crypto/scatterwalk.h>
@@ -119,36 +122,454 @@ struct qat_rsa_ctx {
struct qat_crypto_instance *inst;
} __packed __aligned(64);
-struct qat_rsa_request {
- struct qat_rsa_input_params in;
- struct qat_rsa_output_params out;
+struct qat_dh_input_params {
+ union {
+ struct {
+ dma_addr_t b;
+ dma_addr_t xa;
+ dma_addr_t p;
+ } in;
+ struct {
+ dma_addr_t xa;
+ dma_addr_t p;
+ } in_g2;
+ u64 in_tab[8];
+ };
+} __packed __aligned(64);
+
+struct qat_dh_output_params {
+ union {
+ dma_addr_t r;
+ u64 out_tab[8];
+ };
+} __packed __aligned(64);
+
+struct qat_dh_ctx {
+ char *g;
+ char *xa;
+ char *p;
+ dma_addr_t dma_g;
+ dma_addr_t dma_xa;
+ dma_addr_t dma_p;
+ unsigned int p_size;
+ bool g2;
+ struct qat_crypto_instance *inst;
+} __packed __aligned(64);
+
+struct qat_asym_request {
+ union {
+ struct qat_rsa_input_params rsa;
+ struct qat_dh_input_params dh;
+ } in;
+ union {
+ struct qat_rsa_output_params rsa;
+ struct qat_dh_output_params dh;
+ } out;
dma_addr_t phy_in;
dma_addr_t phy_out;
char *src_align;
char *dst_align;
struct icp_qat_fw_pke_request req;
- struct qat_rsa_ctx *ctx;
+ union {
+ struct qat_rsa_ctx *rsa;
+ struct qat_dh_ctx *dh;
+ } ctx;
+ union {
+ struct akcipher_request *rsa;
+ struct kpp_request *dh;
+ } areq;
int err;
+ void (*cb)(struct icp_qat_fw_pke_resp *resp);
} __aligned(64);
+static void qat_dh_cb(struct icp_qat_fw_pke_resp *resp)
+{
+ struct qat_asym_request *req = (void *)(__force long)resp->opaque;
+ struct kpp_request *areq = req->areq.dh;
+ struct device *dev = &GET_DEV(req->ctx.dh->inst->accel_dev);
+ int err = ICP_QAT_FW_PKE_RESP_PKE_STAT_GET(
+ resp->pke_resp_hdr.comn_resp_flags);
+
+ err = (err == ICP_QAT_FW_COMN_STATUS_FLAG_OK) ? 0 : -EINVAL;
+
+ if (areq->src) {
+ if (req->src_align)
+ dma_free_coherent(dev, req->ctx.dh->p_size,
+ req->src_align, req->in.dh.in.b);
+ else
+ dma_unmap_single(dev, req->in.dh.in.b,
+ req->ctx.dh->p_size, DMA_TO_DEVICE);
+ }
+
+ areq->dst_len = req->ctx.dh->p_size;
+ if (req->dst_align) {
+ scatterwalk_map_and_copy(req->dst_align, areq->dst, 0,
+ areq->dst_len, 1);
+
+ dma_free_coherent(dev, req->ctx.dh->p_size, req->dst_align,
+ req->out.dh.r);
+ } else {
+ dma_unmap_single(dev, req->out.dh.r, req->ctx.dh->p_size,
+ DMA_FROM_DEVICE);
+ }
+
+ dma_unmap_single(dev, req->phy_in, sizeof(struct qat_dh_input_params),
+ DMA_TO_DEVICE);
+ dma_unmap_single(dev, req->phy_out,
+ sizeof(struct qat_dh_output_params),
+ DMA_TO_DEVICE);
+
+ kpp_request_complete(areq, err);
+}
+
+#define PKE_DH_1536 0x390c1a49
+#define PKE_DH_G2_1536 0x2e0b1a3e
+#define PKE_DH_2048 0x4d0c1a60
+#define PKE_DH_G2_2048 0x3e0b1a55
+#define PKE_DH_3072 0x510c1a77
+#define PKE_DH_G2_3072 0x3a0b1a6c
+#define PKE_DH_4096 0x690c1a8e
+#define PKE_DH_G2_4096 0x4a0b1a83
+
+static unsigned long qat_dh_fn_id(unsigned int len, bool g2)
+{
+ unsigned int bitslen = len << 3;
+
+ switch (bitslen) {
+ case 1536:
+ return g2 ? PKE_DH_G2_1536 : PKE_DH_1536;
+ case 2048:
+ return g2 ? PKE_DH_G2_2048 : PKE_DH_2048;
+ case 3072:
+ return g2 ? PKE_DH_G2_3072 : PKE_DH_3072;
+ case 4096:
+ return g2 ? PKE_DH_G2_4096 : PKE_DH_4096;
+ default:
+ return 0;
+ };
+}
+
+static inline struct qat_dh_ctx *qat_dh_get_params(struct crypto_kpp *tfm)
+{
+ return kpp_tfm_ctx(tfm);
+}
+
+static int qat_dh_compute_value(struct kpp_request *req)
+{
+ struct crypto_kpp *tfm = crypto_kpp_reqtfm(req);
+ struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm);
+ struct qat_crypto_instance *inst = ctx->inst;
+ struct device *dev = &GET_DEV(inst->accel_dev);
+ struct qat_asym_request *qat_req =
+ PTR_ALIGN(kpp_request_ctx(req), 64);
+ struct icp_qat_fw_pke_request *msg = &qat_req->req;
+ int ret, ctr = 0;
+ int n_input_params = 0;
+
+ if (unlikely(!ctx->xa))
+ return -EINVAL;
+
+ if (req->dst_len < ctx->p_size) {
+ req->dst_len = ctx->p_size;
+ return -EOVERFLOW;
+ }
+ memset(msg, '\0', sizeof(*msg));
+ ICP_QAT_FW_PKE_HDR_VALID_FLAG_SET(msg->pke_hdr,
+ ICP_QAT_FW_COMN_REQ_FLAG_SET);
+
+ msg->pke_hdr.cd_pars.func_id = qat_dh_fn_id(ctx->p_size,
+ !req->src && ctx->g2);
+ if (unlikely(!msg->pke_hdr.cd_pars.func_id))
+ return -EINVAL;
+
+ qat_req->cb = qat_dh_cb;
+ qat_req->ctx.dh = ctx;
+ qat_req->areq.dh = req;
+ msg->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_CPM_FW_PKE;
+ msg->pke_hdr.comn_req_flags =
+ ICP_QAT_FW_COMN_FLAGS_BUILD(QAT_COMN_PTR_TYPE_FLAT,
+ QAT_COMN_CD_FLD_TYPE_64BIT_ADR);
+
+ /*
+ * If no source is provided use g as base
+ */
+ if (req->src) {
+ qat_req->in.dh.in.xa = ctx->dma_xa;
+ qat_req->in.dh.in.p = ctx->dma_p;
+ n_input_params = 3;
+ } else {
+ if (ctx->g2) {
+ qat_req->in.dh.in_g2.xa = ctx->dma_xa;
+ qat_req->in.dh.in_g2.p = ctx->dma_p;
+ n_input_params = 2;
+ } else {
+ qat_req->in.dh.in.b = ctx->dma_g;
+ qat_req->in.dh.in.xa = ctx->dma_xa;
+ qat_req->in.dh.in.p = ctx->dma_p;
+ n_input_params = 3;
+ }
+ }
+
+ ret = -ENOMEM;
+ if (req->src) {
+ /*
+ * src can be of any size in valid range, but HW expects it to
+ * be the same as modulo p so in case it is different we need
+ * to allocate a new buf and copy src data.
+ * In other case we just need to map the user provided buffer.
+ * Also need to make sure that it is in contiguous buffer.
+ */
+ if (sg_is_last(req->src) && req->src_len == ctx->p_size) {
+ qat_req->src_align = NULL;
+ qat_req->in.dh.in.b = dma_map_single(dev,
+ sg_virt(req->src),
+ req->src_len,
+ DMA_TO_DEVICE);
+ if (unlikely(dma_mapping_error(dev,
+ qat_req->in.dh.in.b)))
+ return ret;
+
+ } else {
+ int shift = ctx->p_size - req->src_len;
+
+ qat_req->src_align = dma_zalloc_coherent(dev,
+ ctx->p_size,
+ &qat_req->in.dh.in.b,
+ GFP_KERNEL);
+ if (unlikely(!qat_req->src_align))
+ return ret;
+
+ scatterwalk_map_and_copy(qat_req->src_align + shift,
+ req->src, 0, req->src_len, 0);
+ }
+ }
+ /*
+ * dst can be of any size in valid range, but HW expects it to be the
+ * same as modulo m so in case it is different we need to allocate a
+ * new buf and copy src data.
+ * In other case we just need to map the user provided buffer.
+ * Also need to make sure that it is in contiguous buffer.
+ */
+ if (sg_is_last(req->dst) && req->dst_len == ctx->p_size) {
+ qat_req->dst_align = NULL;
+ qat_req->out.dh.r = dma_map_single(dev, sg_virt(req->dst),
+ req->dst_len,
+ DMA_FROM_DEVICE);
+
+ if (unlikely(dma_mapping_error(dev, qat_req->out.dh.r)))
+ goto unmap_src;
+
+ } else {
+ qat_req->dst_align = dma_zalloc_coherent(dev, ctx->p_size,
+ &qat_req->out.dh.r,
+ GFP_KERNEL);
+ if (unlikely(!qat_req->dst_align))
+ goto unmap_src;
+ }
+
+ qat_req->in.dh.in_tab[n_input_params] = 0;
+ qat_req->out.dh.out_tab[1] = 0;
+ /* Mapping in.in.b or in.in_g2.xa is the same */
+ qat_req->phy_in = dma_map_single(dev, &qat_req->in.dh.in.b,
+ sizeof(struct qat_dh_input_params),
+ DMA_TO_DEVICE);
+ if (unlikely(dma_mapping_error(dev, qat_req->phy_in)))
+ goto unmap_dst;
+
+ qat_req->phy_out = dma_map_single(dev, &qat_req->out.dh.r,
+ sizeof(struct qat_dh_output_params),
+ DMA_TO_DEVICE);
+ if (unlikely(dma_mapping_error(dev, qat_req->phy_out)))
+ goto unmap_in_params;
+
+ msg->pke_mid.src_data_addr = qat_req->phy_in;
+ msg->pke_mid.dest_data_addr = qat_req->phy_out;
+ msg->pke_mid.opaque = (uint64_t)(__force long)qat_req;
+ msg->input_param_count = n_input_params;
+ msg->output_param_count = 1;
+
+ do {
+ ret = adf_send_message(ctx->inst->pke_tx, (uint32_t *)msg);
+ } while (ret == -EBUSY && ctr++ < 100);
+
+ if (!ret)
+ return -EINPROGRESS;
+
+ if (!dma_mapping_error(dev, qat_req->phy_out))
+ dma_unmap_single(dev, qat_req->phy_out,
+ sizeof(struct qat_dh_output_params),
+ DMA_TO_DEVICE);
+unmap_in_params:
+ if (!dma_mapping_error(dev, qat_req->phy_in))
+ dma_unmap_single(dev, qat_req->phy_in,
+ sizeof(struct qat_dh_input_params),
+ DMA_TO_DEVICE);
+unmap_dst:
+ if (qat_req->dst_align)
+ dma_free_coherent(dev, ctx->p_size, qat_req->dst_align,
+ qat_req->out.dh.r);
+ else
+ if (!dma_mapping_error(dev, qat_req->out.dh.r))
+ dma_unmap_single(dev, qat_req->out.dh.r, ctx->p_size,
+ DMA_FROM_DEVICE);
+unmap_src:
+ if (req->src) {
+ if (qat_req->src_align)
+ dma_free_coherent(dev, ctx->p_size, qat_req->src_align,
+ qat_req->in.dh.in.b);
+ else
+ if (!dma_mapping_error(dev, qat_req->in.dh.in.b))
+ dma_unmap_single(dev, qat_req->in.dh.in.b,
+ ctx->p_size,
+ DMA_TO_DEVICE);
+ }
+ return ret;
+}
+
+static int qat_dh_check_params_length(unsigned int p_len)
+{
+ switch (p_len) {
+ case 1536:
+ case 2048:
+ case 3072:
+ case 4096:
+ return 0;
+ }
+ return -EINVAL;
+}
+
+static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
+{
+ struct qat_crypto_instance *inst = ctx->inst;
+ struct device *dev = &GET_DEV(inst->accel_dev);
+
+ if (unlikely(!params->p || !params->g))
+ return -EINVAL;
+
+ if (qat_dh_check_params_length(params->p_size << 3))
+ return -EINVAL;
+
+ ctx->p_size = params->p_size;
+ ctx->p = dma_zalloc_coherent(dev, ctx->p_size, &ctx->dma_p, GFP_KERNEL);
+ if (!ctx->p)
+ return -ENOMEM;
+ memcpy(ctx->p, params->p, ctx->p_size);
+
+ /* If g equals 2 don't copy it */
+ if (params->g_size == 1 && *(char *)params->g == 0x02) {
+ ctx->g2 = true;
+ return 0;
+ }
+
+ ctx->g = dma_zalloc_coherent(dev, ctx->p_size, &ctx->dma_g, GFP_KERNEL);
+ if (!ctx->g) {
+ dma_free_coherent(dev, ctx->p_size, ctx->p, ctx->dma_p);
+ ctx->p = NULL;
+ return -ENOMEM;
+ }
+ memcpy(ctx->g + (ctx->p_size - params->g_size), params->g,
+ params->g_size);
+
+ return 0;
+}
+
+static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
+{
+ if (ctx->g) {
+ dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
+ ctx->g = NULL;
+ }
+ if (ctx->xa) {
+ dma_free_coherent(dev, ctx->p_size, ctx->xa, ctx->dma_xa);
+ ctx->xa = NULL;
+ }
+ if (ctx->p) {
+ dma_free_coherent(dev, ctx->p_size, ctx->p, ctx->dma_p);
+ ctx->p = NULL;
+ }
+ ctx->p_size = 0;
+ ctx->g2 = false;
+}
+
+static int qat_dh_set_secret(struct crypto_kpp *tfm, void *buf,
+ unsigned int len)
+{
+ struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm);
+ struct device *dev = &GET_DEV(ctx->inst->accel_dev);
+ struct dh params;
+ int ret;
+
+ if (crypto_dh_decode_key(buf, len, ¶ms) < 0)
+ return -EINVAL;
+
+ /* Free old secret if any */
+ qat_dh_clear_ctx(dev, ctx);
+
+ ret = qat_dh_set_params(ctx, ¶ms);
+ if (ret < 0)
+ return ret;
+
+ ctx->xa = dma_zalloc_coherent(dev, ctx->p_size, &ctx->dma_xa,
+ GFP_KERNEL);
+ if (!ctx->xa) {
+ qat_dh_clear_ctx(dev, ctx);
+ return -ENOMEM;
+ }
+ memcpy(ctx->xa + (ctx->p_size - params.key_size), params.key,
+ params.key_size);
+
+ return 0;
+}
+
+static int qat_dh_max_size(struct crypto_kpp *tfm)
+{
+ struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm);
+
+ return ctx->p ? ctx->p_size : -EINVAL;
+}
+
+static int qat_dh_init_tfm(struct crypto_kpp *tfm)
+{
+ struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm);
+ struct qat_crypto_instance *inst =
+ qat_crypto_get_instance_node(get_current_node());
+
+ if (!inst)
+ return -EINVAL;
+
+ ctx->p_size = 0;
+ ctx->g2 = false;
+ ctx->inst = inst;
+ return 0;
+}
+
+static void qat_dh_exit_tfm(struct crypto_kpp *tfm)
+{
+ struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm);
+ struct device *dev = &GET_DEV(ctx->inst->accel_dev);
+
+ qat_dh_clear_ctx(dev, ctx);
+ qat_crypto_put_instance(ctx->inst);
+}
+
static void qat_rsa_cb(struct icp_qat_fw_pke_resp *resp)
{
- struct akcipher_request *areq = (void *)(__force long)resp->opaque;
- struct qat_rsa_request *req = PTR_ALIGN(akcipher_request_ctx(areq), 64);
- struct device *dev = &GET_DEV(req->ctx->inst->accel_dev);
+ struct qat_asym_request *req = (void *)(__force long)resp->opaque;
+ struct akcipher_request *areq = req->areq.rsa;
+ struct device *dev = &GET_DEV(req->ctx.rsa->inst->accel_dev);
int err = ICP_QAT_FW_PKE_RESP_PKE_STAT_GET(
resp->pke_resp_hdr.comn_resp_flags);
err = (err == ICP_QAT_FW_COMN_STATUS_FLAG_OK) ? 0 : -EINVAL;
if (req->src_align)
- dma_free_coherent(dev, req->ctx->key_sz, req->src_align,
- req->in.enc.m);
+ dma_free_coherent(dev, req->ctx.rsa->key_sz, req->src_align,
+ req->in.rsa.enc.m);
else
- dma_unmap_single(dev, req->in.enc.m, req->ctx->key_sz,
+ dma_unmap_single(dev, req->in.rsa.enc.m, req->ctx.rsa->key_sz,
DMA_TO_DEVICE);
- areq->dst_len = req->ctx->key_sz;
+ areq->dst_len = req->ctx.rsa->key_sz;
if (req->dst_align) {
char *ptr = req->dst_align;
@@ -157,14 +578,14 @@ static void qat_rsa_cb(struct icp_qat_fw_pke_resp *resp)
ptr++;
}
- if (areq->dst_len != req->ctx->key_sz)
+ if (areq->dst_len != req->ctx.rsa->key_sz)
memmove(req->dst_align, ptr, areq->dst_len);
scatterwalk_map_and_copy(req->dst_align, areq->dst, 0,
areq->dst_len, 1);
- dma_free_coherent(dev, req->ctx->key_sz, req->dst_align,
- req->out.enc.c);
+ dma_free_coherent(dev, req->ctx.rsa->key_sz, req->dst_align,
+ req->out.rsa.enc.c);
} else {
char *ptr = sg_virt(areq->dst);
@@ -176,7 +597,7 @@ static void qat_rsa_cb(struct icp_qat_fw_pke_resp *resp)
if (sg_virt(areq->dst) != ptr && areq->dst_len)
memmove(sg_virt(areq->dst), ptr, areq->dst_len);
- dma_unmap_single(dev, req->out.enc.c, req->ctx->key_sz,
+ dma_unmap_single(dev, req->out.rsa.enc.c, req->ctx.rsa->key_sz,
DMA_FROM_DEVICE);
}
@@ -192,8 +613,9 @@ static void qat_rsa_cb(struct icp_qat_fw_pke_resp *resp)
void qat_alg_asym_callback(void *_resp)
{
struct icp_qat_fw_pke_resp *resp = _resp;
+ struct qat_asym_request *areq = (void *)(__force long)resp->opaque;
- qat_rsa_cb(resp);
+ areq->cb(resp);
}
#define PKE_RSA_EP_512 0x1c161b21
@@ -289,7 +711,7 @@ static int qat_rsa_enc(struct akcipher_request *req)
struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
struct qat_crypto_instance *inst = ctx->inst;
struct device *dev = &GET_DEV(inst->accel_dev);
- struct qat_rsa_request *qat_req =
+ struct qat_asym_request *qat_req =
PTR_ALIGN(akcipher_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
int ret, ctr = 0;
@@ -308,14 +730,16 @@ static int qat_rsa_enc(struct akcipher_request *req)
if (unlikely(!msg->pke_hdr.cd_pars.func_id))
return -EINVAL;
- qat_req->ctx = ctx;
+ qat_req->cb = qat_rsa_cb;
+ qat_req->ctx.rsa = ctx;
+ qat_req->areq.rsa = req;
msg->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_CPM_FW_PKE;
msg->pke_hdr.comn_req_flags =
ICP_QAT_FW_COMN_FLAGS_BUILD(QAT_COMN_PTR_TYPE_FLAT,
QAT_COMN_CD_FLD_TYPE_64BIT_ADR);
- qat_req->in.enc.e = ctx->dma_e;
- qat_req->in.enc.n = ctx->dma_n;
+ qat_req->in.rsa.enc.e = ctx->dma_e;
+ qat_req->in.rsa.enc.n = ctx->dma_n;
ret = -ENOMEM;
/*
@@ -327,16 +751,16 @@ static int qat_rsa_enc(struct akcipher_request *req)
*/
if (sg_is_last(req->src) && req->src_len == ctx->key_sz) {
qat_req->src_align = NULL;
- qat_req->in.enc.m = dma_map_single(dev, sg_virt(req->src),
+ qat_req->in.rsa.enc.m = dma_map_single(dev, sg_virt(req->src),
req->src_len, DMA_TO_DEVICE);
- if (unlikely(dma_mapping_error(dev, qat_req->in.enc.m)))
+ if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.enc.m)))
return ret;
} else {
int shift = ctx->key_sz - req->src_len;
qat_req->src_align = dma_zalloc_coherent(dev, ctx->key_sz,
- &qat_req->in.enc.m,
+ &qat_req->in.rsa.enc.m,
GFP_KERNEL);
if (unlikely(!qat_req->src_align))
return ret;
@@ -346,30 +770,30 @@ static int qat_rsa_enc(struct akcipher_request *req)
}
if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) {
qat_req->dst_align = NULL;
- qat_req->out.enc.c = dma_map_single(dev, sg_virt(req->dst),
- req->dst_len,
- DMA_FROM_DEVICE);
+ qat_req->out.rsa.enc.c = dma_map_single(dev, sg_virt(req->dst),
+ req->dst_len,
+ DMA_FROM_DEVICE);
- if (unlikely(dma_mapping_error(dev, qat_req->out.enc.c)))
+ if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.enc.c)))
goto unmap_src;
} else {
qat_req->dst_align = dma_zalloc_coherent(dev, ctx->key_sz,
- &qat_req->out.enc.c,
+ &qat_req->out.rsa.enc.c,
GFP_KERNEL);
if (unlikely(!qat_req->dst_align))
goto unmap_src;
}
- qat_req->in.in_tab[3] = 0;
- qat_req->out.out_tab[1] = 0;
- qat_req->phy_in = dma_map_single(dev, &qat_req->in.enc.m,
+ qat_req->in.rsa.in_tab[3] = 0;
+ qat_req->out.rsa.out_tab[1] = 0;
+ qat_req->phy_in = dma_map_single(dev, &qat_req->in.rsa.enc.m,
sizeof(struct qat_rsa_input_params),
DMA_TO_DEVICE);
if (unlikely(dma_mapping_error(dev, qat_req->phy_in)))
goto unmap_dst;
- qat_req->phy_out = dma_map_single(dev, &qat_req->out.enc.c,
+ qat_req->phy_out = dma_map_single(dev, &qat_req->out.rsa.enc.c,
sizeof(struct qat_rsa_output_params),
DMA_TO_DEVICE);
if (unlikely(dma_mapping_error(dev, qat_req->phy_out)))
@@ -377,7 +801,7 @@ static int qat_rsa_enc(struct akcipher_request *req)
msg->pke_mid.src_data_addr = qat_req->phy_in;
msg->pke_mid.dest_data_addr = qat_req->phy_out;
- msg->pke_mid.opaque = (uint64_t)(__force long)req;
+ msg->pke_mid.opaque = (uint64_t)(__force long)qat_req;
msg->input_param_count = 3;
msg->output_param_count = 1;
do {
@@ -399,19 +823,19 @@ unmap_in_params:
unmap_dst:
if (qat_req->dst_align)
dma_free_coherent(dev, ctx->key_sz, qat_req->dst_align,
- qat_req->out.enc.c);
+ qat_req->out.rsa.enc.c);
else
- if (!dma_mapping_error(dev, qat_req->out.enc.c))
- dma_unmap_single(dev, qat_req->out.enc.c, ctx->key_sz,
- DMA_FROM_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->out.rsa.enc.c))
+ dma_unmap_single(dev, qat_req->out.rsa.enc.c,
+ ctx->key_sz, DMA_FROM_DEVICE);
unmap_src:
if (qat_req->src_align)
dma_free_coherent(dev, ctx->key_sz, qat_req->src_align,
- qat_req->in.enc.m);
+ qat_req->in.rsa.enc.m);
else
- if (!dma_mapping_error(dev, qat_req->in.enc.m))
- dma_unmap_single(dev, qat_req->in.enc.m, ctx->key_sz,
- DMA_TO_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->in.rsa.enc.m))
+ dma_unmap_single(dev, qat_req->in.rsa.enc.m,
+ ctx->key_sz, DMA_TO_DEVICE);
return ret;
}
@@ -421,7 +845,7 @@ static int qat_rsa_dec(struct akcipher_request *req)
struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
struct qat_crypto_instance *inst = ctx->inst;
struct device *dev = &GET_DEV(inst->accel_dev);
- struct qat_rsa_request *qat_req =
+ struct qat_asym_request *qat_req =
PTR_ALIGN(akcipher_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
int ret, ctr = 0;
@@ -442,21 +866,23 @@ static int qat_rsa_dec(struct akcipher_request *req)
if (unlikely(!msg->pke_hdr.cd_pars.func_id))
return -EINVAL;
- qat_req->ctx = ctx;
+ qat_req->cb = qat_rsa_cb;
+ qat_req->ctx.rsa = ctx;
+ qat_req->areq.rsa = req;
msg->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_CPM_FW_PKE;
msg->pke_hdr.comn_req_flags =
ICP_QAT_FW_COMN_FLAGS_BUILD(QAT_COMN_PTR_TYPE_FLAT,
QAT_COMN_CD_FLD_TYPE_64BIT_ADR);
if (ctx->crt_mode) {
- qat_req->in.dec_crt.p = ctx->dma_p;
- qat_req->in.dec_crt.q = ctx->dma_q;
- qat_req->in.dec_crt.dp = ctx->dma_dp;
- qat_req->in.dec_crt.dq = ctx->dma_dq;
- qat_req->in.dec_crt.qinv = ctx->dma_qinv;
+ qat_req->in.rsa.dec_crt.p = ctx->dma_p;
+ qat_req->in.rsa.dec_crt.q = ctx->dma_q;
+ qat_req->in.rsa.dec_crt.dp = ctx->dma_dp;
+ qat_req->in.rsa.dec_crt.dq = ctx->dma_dq;
+ qat_req->in.rsa.dec_crt.qinv = ctx->dma_qinv;
} else {
- qat_req->in.dec.d = ctx->dma_d;
- qat_req->in.dec.n = ctx->dma_n;
+ qat_req->in.rsa.dec.d = ctx->dma_d;
+ qat_req->in.rsa.dec.n = ctx->dma_n;
}
ret = -ENOMEM;
@@ -469,16 +895,16 @@ static int qat_rsa_dec(struct akcipher_request *req)
*/
if (sg_is_last(req->src) && req->src_len == ctx->key_sz) {
qat_req->src_align = NULL;
- qat_req->in.dec.c = dma_map_single(dev, sg_virt(req->src),
+ qat_req->in.rsa.dec.c = dma_map_single(dev, sg_virt(req->src),
req->dst_len, DMA_TO_DEVICE);
- if (unlikely(dma_mapping_error(dev, qat_req->in.dec.c)))
+ if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.dec.c)))
return ret;
} else {
int shift = ctx->key_sz - req->src_len;
qat_req->src_align = dma_zalloc_coherent(dev, ctx->key_sz,
- &qat_req->in.dec.c,
+ &qat_req->in.rsa.dec.c,
GFP_KERNEL);
if (unlikely(!qat_req->src_align))
return ret;
@@ -488,16 +914,16 @@ static int qat_rsa_dec(struct akcipher_request *req)
}
if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) {
qat_req->dst_align = NULL;
- qat_req->out.dec.m = dma_map_single(dev, sg_virt(req->dst),
+ qat_req->out.rsa.dec.m = dma_map_single(dev, sg_virt(req->dst),
req->dst_len,
DMA_FROM_DEVICE);
- if (unlikely(dma_mapping_error(dev, qat_req->out.dec.m)))
+ if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.dec.m)))
goto unmap_src;
} else {
qat_req->dst_align = dma_zalloc_coherent(dev, ctx->key_sz,
- &qat_req->out.dec.m,
+ &qat_req->out.rsa.dec.m,
GFP_KERNEL);
if (unlikely(!qat_req->dst_align))
goto unmap_src;
@@ -505,17 +931,17 @@ static int qat_rsa_dec(struct akcipher_request *req)
}
if (ctx->crt_mode)
- qat_req->in.in_tab[6] = 0;
+ qat_req->in.rsa.in_tab[6] = 0;
else
- qat_req->in.in_tab[3] = 0;
- qat_req->out.out_tab[1] = 0;
- qat_req->phy_in = dma_map_single(dev, &qat_req->in.dec.c,
+ qat_req->in.rsa.in_tab[3] = 0;
+ qat_req->out.rsa.out_tab[1] = 0;
+ qat_req->phy_in = dma_map_single(dev, &qat_req->in.rsa.dec.c,
sizeof(struct qat_rsa_input_params),
DMA_TO_DEVICE);
if (unlikely(dma_mapping_error(dev, qat_req->phy_in)))
goto unmap_dst;
- qat_req->phy_out = dma_map_single(dev, &qat_req->out.dec.m,
+ qat_req->phy_out = dma_map_single(dev, &qat_req->out.rsa.dec.m,
sizeof(struct qat_rsa_output_params),
DMA_TO_DEVICE);
if (unlikely(dma_mapping_error(dev, qat_req->phy_out)))
@@ -523,7 +949,7 @@ static int qat_rsa_dec(struct akcipher_request *req)
msg->pke_mid.src_data_addr = qat_req->phy_in;
msg->pke_mid.dest_data_addr = qat_req->phy_out;
- msg->pke_mid.opaque = (uint64_t)(__force long)req;
+ msg->pke_mid.opaque = (uint64_t)(__force long)qat_req;
if (ctx->crt_mode)
msg->input_param_count = 6;
else
@@ -549,19 +975,19 @@ unmap_in_params:
unmap_dst:
if (qat_req->dst_align)
dma_free_coherent(dev, ctx->key_sz, qat_req->dst_align,
- qat_req->out.dec.m);
+ qat_req->out.rsa.dec.m);
else
- if (!dma_mapping_error(dev, qat_req->out.dec.m))
- dma_unmap_single(dev, qat_req->out.dec.m, ctx->key_sz,
- DMA_FROM_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->out.rsa.dec.m))
+ dma_unmap_single(dev, qat_req->out.rsa.dec.m,
+ ctx->key_sz, DMA_FROM_DEVICE);
unmap_src:
if (qat_req->src_align)
dma_free_coherent(dev, ctx->key_sz, qat_req->src_align,
- qat_req->in.dec.c);
+ qat_req->in.rsa.dec.c);
else
- if (!dma_mapping_error(dev, qat_req->in.dec.c))
- dma_unmap_single(dev, qat_req->in.dec.c, ctx->key_sz,
- DMA_TO_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->in.rsa.dec.c))
+ dma_unmap_single(dev, qat_req->in.rsa.dec.c,
+ ctx->key_sz, DMA_TO_DEVICE);
return ret;
}
@@ -900,7 +1326,7 @@ static struct akcipher_alg rsa = {
.max_size = qat_rsa_max_size,
.init = qat_rsa_init_tfm,
.exit = qat_rsa_exit_tfm,
- .reqsize = sizeof(struct qat_rsa_request) + 64,
+ .reqsize = sizeof(struct qat_asym_request) + 64,
.base = {
.cra_name = "rsa",
.cra_driver_name = "qat-rsa",
@@ -910,6 +1336,23 @@ static struct akcipher_alg rsa = {
},
};
+static struct kpp_alg dh = {
+ .set_secret = qat_dh_set_secret,
+ .generate_public_key = qat_dh_compute_value,
+ .compute_shared_secret = qat_dh_compute_value,
+ .max_size = qat_dh_max_size,
+ .init = qat_dh_init_tfm,
+ .exit = qat_dh_exit_tfm,
+ .reqsize = sizeof(struct qat_asym_request) + 64,
+ .base = {
+ .cra_name = "dh",
+ .cra_driver_name = "qat-dh",
+ .cra_priority = 1000,
+ .cra_module = THIS_MODULE,
+ .cra_ctxsize = sizeof(struct qat_dh_ctx),
+ },
+};
+
int qat_asym_algs_register(void)
{
int ret = 0;
@@ -918,7 +1361,11 @@ int qat_asym_algs_register(void)
if (++active_devs == 1) {
rsa.base.cra_flags = 0;
ret = crypto_register_akcipher(&rsa);
+ if (ret)
+ goto unlock;
+ ret = crypto_register_kpp(&dh);
}
+unlock:
mutex_unlock(&algs_lock);
return ret;
}
@@ -926,7 +1373,9 @@ int qat_asym_algs_register(void)
void qat_asym_algs_unregister(void)
{
mutex_lock(&algs_lock);
- if (--active_devs == 0)
+ if (--active_devs == 0) {
crypto_unregister_akcipher(&rsa);
+ crypto_unregister_kpp(&dh);
+ }
mutex_unlock(&algs_lock);
}
--
2.7.4
^ permalink raw reply related
* [PATCH] crypto: qat - Stop dropping leading zeros from RSA output
From: Salvatore Benedetto @ 2016-07-07 14:52 UTC (permalink / raw)
To: herbert; +Cc: salvatore.benedetto, linux-crypto
There is not need to drop leading zeros from the RSA output
operations results.
Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
---
drivers/crypto/qat/qat_common/qat_asym_algs.c | 20 --------------------
1 file changed, 20 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index 3d56fb8..0d35dca 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -571,32 +571,12 @@ static void qat_rsa_cb(struct icp_qat_fw_pke_resp *resp)
areq->dst_len = req->ctx.rsa->key_sz;
if (req->dst_align) {
- char *ptr = req->dst_align;
-
- while (!(*ptr) && areq->dst_len) {
- areq->dst_len--;
- ptr++;
- }
-
- if (areq->dst_len != req->ctx.rsa->key_sz)
- memmove(req->dst_align, ptr, areq->dst_len);
-
scatterwalk_map_and_copy(req->dst_align, areq->dst, 0,
areq->dst_len, 1);
dma_free_coherent(dev, req->ctx.rsa->key_sz, req->dst_align,
req->out.rsa.enc.c);
} else {
- char *ptr = sg_virt(areq->dst);
-
- while (!(*ptr) && areq->dst_len) {
- areq->dst_len--;
- ptr++;
- }
-
- if (sg_virt(areq->dst) != ptr && areq->dst_len)
- memmove(sg_virt(areq->dst), ptr, areq->dst_len);
-
dma_unmap_single(dev, req->out.rsa.enc.c, req->ctx.rsa->key_sz,
DMA_FROM_DEVICE);
}
--
2.7.4
^ permalink raw reply related
* Re: [PATCH v8 6/6] crypto: AF_ALG - add support for key_id
From: Tadeusz Struk @ 2016-07-08 15:21 UTC (permalink / raw)
To: Mat Martineau
Cc: dhowells, herbert, smueller, linux-api, marcel, linux-kernel,
keyrings, linux-crypto, dwmw2, davem
In-Reply-To: <alpine.OSX.2.20.1607061211410.2149@mjmartin-mac01.local>
Hi Mat,
On 07/06/2016 12:38 PM, Mat Martineau wrote:
>> So it looks like the only thing that we need to return to the user in
>> this case is the return code. Do you agree?
>
> The way verify_signature is implemented today, the only output is the
> return code. For verify, maybe no read is required (just sendmsg() and
> check the return code).
>
> But this isn't the extent of the problem: verify_signature needs both
> the signature to be verified and the expected hash as inputs. How is the
> expected hash provided? Would you include it as a cmsg header?
> ALG_OP_VERIFY should have consistent inputs and outputs whether the key
> was set with ALG_SET_KEY_ID or ALG_SET_KEY.
The signature of verify_signature() is quite different from the other
new public key handlers, i.e. create_signature(), encrypt_blob(), and
decrypt_blob(). For verify_signature() we need the following parameters:
encrypted src, hash function to use, expected digest.
The expected digest could be optional if we would modify the
verify_signature() to return the decrypted buffer.
I think the best solution for now would be to just return -ENOPROTOOPT
for verify_signature in SET_KEY_ID mode.
All the four operations will be supported in the SET_KEY mode and
all but verify_signature() will be supported in the SET_KEY_ID mode.
This can added later if we will find a way to pass all parameters in a
consistent way. What do you think? If you are ok with that I will send a
new version soon.
Thanks,
--
TS
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox