linux/drivers/crypto/qce, branch v5.6

crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN

2020-01-09T03:30:53Z

The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to make the ->setkey() functions provide more information about errors. However, no one actually checks for this flag, which makes it pointless. Also, many algorithms fail to set this flag when given a bad length key. Reviewing just the generic implementations, this is the case for aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309, rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably many more in arch/*/crypto/ and drivers/crypto/. Some algorithms can even set this flag when the key is the correct length. For example, authenc and authencesn set it when the key payload is malformed in any way (not just a bad length), the atmel-sha and ccree drivers can set it if a memory allocation fails, and the chelsio driver sets it for bad auth tag lengths, not just bad key lengths. So even if someone actually wanted to start checking this flag (which seems unlikely, since it's been unused for a long time), there would be a lot of work needed to get it working correctly. But it would probably be much better to go back to the drawing board and just define different return values, like -EINVAL if the key is invalid for the algorithm vs. -EKEYREJECTED if the key was rejected by a policy like "no weak keys". That would be much simpler, less error-prone, and easier to test. So just remove this flag. Signed-off-by: Eric Biggers Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu

crypto: qce - allow building only hashes/ciphers

2019-12-27T10:18:04Z

Allow the user to choose whether to build support for all algorithms (default), hashes-only, or skciphers-only. The QCE engine does not appear to scale as well as the CPU to handle multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the QCE handles only 2 requests in parallel. Ipsec throughput seems to improve when disabling either family of algorithms, sharing the load with the CPU. Enabling skciphers-only appears to work best. Signed-off-by: Eneas U de Queiroz Signed-off-by: Herbert Xu

crypto: qce - initialize fallback only for AES

2019-12-27T10:18:04Z

Adjust cra_flags to add CRYPTO_NEED_FALLBACK only for AES ciphers, where AES-192 is not handled by the qce hardware, and don't allocate & free the fallback skcipher for other algorithms. Signed-off-by: Eneas U de Queiroz Signed-off-by: Herbert Xu

crypto: qce - update the skcipher IV

2019-12-27T10:18:04Z

Update the IV after the completion of each cipher operation. Signed-off-by: Eneas U de Queiroz Signed-off-by: Herbert Xu

crypto: qce - save a sg table slot for result buf

2019-12-27T10:18:04Z

When ctr-aes-qce is used for gcm-mode, an extra sg entry for the authentication tag is present, causing trouble when the qce driver prepares the dst-results sg table for dma. It computes the number of entries needed with sg_nents_for_len, leaving out the tag entry. Then it creates a sg table with that number plus one, used to store a result buffer. When copying the sg table, there's no limit to the number of entries copied, so the extra slot is filled with the authentication tag sg. When the driver tries to add the result sg, the list is full, and it returns EINVAL. By limiting the number of sg entries copied to the dest table, the slot for the result buffer is guaranteed to be unused. Signed-off-by: Eneas U de Queiroz Signed-off-by: Herbert Xu

crypto: qce - fix xts-aes-qce key sizes

2019-12-27T10:18:04Z

XTS-mode uses two keys, so the keysizes should be doubled in skcipher_def, and halved when checking if it is AES-128/192/256. Signed-off-by: Eneas U de Queiroz Signed-off-by: Herbert Xu

crypto: qce - fix ctr-aes-qce block, chunk sizes

2019-12-27T10:18:04Z

Set blocksize of ctr-aes-qce to 1, so it can operate as a stream cipher, adding the definition for chucksize instead, where the underlying block size belongs. Signed-off-by: Eneas U de Queiroz Signed-off-by: Herbert Xu

crypto: qce/dma - Use dma_request_chan() directly for channel request

2019-11-22T10:48:35Z

dma_request_slave_channel_reason() is: #define dma_request_slave_channel_reason(dev, name) \ dma_request_chan(dev, name) Signed-off-by: Peter Ujfalusi Reviewed-by: Vinod Koul Signed-off-by: Herbert Xu

crypto: qce - switch to skcipher API

2019-11-17T01:02:48Z

Commit 7a7ffe65c8c5 ("crypto: skcipher - Add top-level skcipher interface") dated 20 august 2015 introduced the new skcipher API which is supposed to replace both blkcipher and ablkcipher. While all consumers of the API have been converted long ago, some producers of the ablkcipher remain, forcing us to keep the ablkcipher support routines alive, along with the matching code to expose [a]blkciphers via the skcipher API. So switch this driver to the skcipher API, allowing us to finally drop the ablkcipher code in the near future. Reviewed-by: Stanimir Varbanov Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu

crypto: qce - add CRYPTO_ALG_KERN_DRIVER_ONLY flag

2019-10-04T15:06:20Z

Set the CRYPTO_ALG_KERN_DRIVER_ONLY flag to all algorithms exposed by the qce driver, since they are all hardware accelerated, accessible through a kernel driver only, and not available directly to userspace. Signed-off-by: Eneas U de Queiroz Signed-off-by: Herbert Xu