crypto: drivers - Explicitly include correct DT includes

The DT of_device.h and of_platform.h date back to the separate
of_platform_bus_type before it as merged into the regular platform bus.
As par

crypto: drivers - Explicitly include correct DT includes

The DT of_device.h and of_platform.h date back to the separate
of_platform_bus_type before it as merged into the regular platform bus.
As part of that merge prepping Arm DT support 13 years ago, they
"temporarily" include each other. They also include platform_device.h
and of.h. As a result, there's a pretty much random mix of those include
files used throughout the tree. In order to detangle these headers and
replace the implicit includes with struct declarations, users need to
explicitly include the correct includes.

Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Use devm_platform_get_and_ioremap_resource()

Convert platform_get_resource(), devm_ioremap_resource() to a single
call to devm_platform_get_and_ioremap_resource(), as this is exa

crypto: atmel-aes - Use devm_platform_get_and_ioremap_resource()

Convert platform_get_resource(), devm_ioremap_resource() to a single
call to devm_platform_get_and_ioremap_resource(), as this is exactly
what this function does.

Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Match cfb block size with generic implementation

Change blocksize to match the cfb(aes) generic implementation.

Signed-off-by: Ryan Wanner <Ryan.Wanner@microchip.com>
Signed-off

crypto: atmel-aes - Match cfb block size with generic implementation

Change blocksize to match the cfb(aes) generic implementation.

Signed-off-by: Ryan Wanner <Ryan.Wanner@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Detecting in-place operations two sg lists

Avoiding detecting finely in-place operations with different
scatter lists. Copying the source data for decryption into rctx->lastc
reg

crypto: atmel-aes - Detecting in-place operations two sg lists

Avoiding detecting finely in-place operations with different
scatter lists. Copying the source data for decryption into rctx->lastc
regardless if the operation is in-place or not. This allows in-place
operations with different scatter lists.

This approach takes less resources than parsing both scatter lists to
check if they are equal.

Signed-off-by: Ryan Wanner <Ryan.Wanner@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel - Use request_complete helpers

Use the request_complete helpers instead of calling the completion
function directly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: xts - drop xts_check_key()

xts_check_key() is obsoleted by xts_verify_key(). Over time XTS crypto
drivers adopted the newer xts_verify_key() variant, but xts_check_key()
is still used by a n

crypto: xts - drop xts_check_key()

xts_check_key() is obsoleted by xts_verify_key(). Over time XTS crypto
drivers adopted the newer xts_verify_key() variant, but xts_check_key()
is still used by a number of drivers. Switch drivers to use the newer
xts_verify_key() and make a couple of cleanups. This allows us to drop
xts_check_key() completely and avoid redundancy.

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel - Add capability case for the 0x600 SHA and AES IP versions

In order for the driver to be made aware of the capabilities of the SHA
and AES IP versions 0x600 , such as those present on

crypto: atmel - Add capability case for the 0x600 SHA and AES IP versions

In order for the driver to be made aware of the capabilities of the SHA
and AES IP versions 0x600 , such as those present on the SAM9X60 SoC's,
add a corresponding switch case to the capability method of the respective
drivers. Without this, besides the capabilities not being correctly set,
the self tests may hang since the driver is endlessly waiting for a
completion to be set by a never occurring DMA interrupt handler.

Signed-off-by: Sergiu Moga <sergiu.moga@microchip.com>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Drop if with an always false condition

The remove callback is only called after probe completed successfully.
In this case platform_set_drvdata() was called with a non-NULL argum

crypto: atmel-aes - Drop if with an always false condition

The remove callback is only called after probe completed successfully.
In this case platform_set_drvdata() was called with a non-NULL argument
and so aes_dd is never NULL.

This is a preparation for making platform remove callbacks return void.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel - add support for AES and SHA IPs available on lan966x SoC

This patch adds support for hardware version of AES and SHA IPs
available on lan966x SoC.

Signed-off-by: Kavyasree Kotagiri

crypto: atmel - add support for AES and SHA IPs available on lan966x SoC

This patch adds support for hardware version of AES and SHA IPs
available on lan966x SoC.

Signed-off-by: Kavyasree Kotagiri <kavyasree.kotagiri@microchip.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Tested-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Reestablish the correct tfm context at dequeue

In case there were more requests from different tfms in the crypto
queue, only the context of the last initialized tfm was consider

crypto: atmel-aes - Reestablish the correct tfm context at dequeue

In case there were more requests from different tfms in the crypto
queue, only the context of the last initialized tfm was considered.

Fixes: ec2088b66f7a ("crypto: atmel-aes - Allocate aes dev at tfm init time")
Reported-by: Wolfgang Ocker <weo@reccoware.de>
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Reestablish the correct tfm context at dequeue

[ Upstream commit 6d48de655917a9d782953eba65de4e3db593ddf0 ]

In case there were more requests from different tfms in the crypto
qu

crypto: atmel-aes - Reestablish the correct tfm context at dequeue

[ Upstream commit 6d48de655917a9d782953eba65de4e3db593ddf0 ]

In case there were more requests from different tfms in the crypto
queue, only the context of the last initialized tfm was considered.

Fixes: ec2088b66f7a ("crypto: atmel-aes - Allocate aes dev at tfm init time")
Reported-by: Wolfgang Ocker <weo@reccoware.de>
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>

show more ...

crypto: atmel-aes - use swap()

Use swap() instead of implementing it in order to make code more clean.

Signed-off-by: Salah Triki <salah.triki@gmail.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@m

crypto: atmel-aes - use swap()

Use swap() instead of implementing it in order to make code more clean.

Signed-off-by: Salah Triki <salah.triki@gmail.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Allocate aes dev at tfm init time

Allocate the atmel_aes_dev data at tfm init time, and not for
each crypt request.
There's a single AES IP per SoC, clarify that in the code.

Si

crypto: atmel-aes - Allocate aes dev at tfm init time

Allocate the atmel_aes_dev data at tfm init time, and not for
each crypt request.
There's a single AES IP per SoC, clarify that in the code.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Add fallback to XTS software implementation

XTS is supported just for input lengths with data units of 128-bit blocks.
Add a fallback to software implementation when the last blo

crypto: atmel-aes - Add fallback to XTS software implementation

XTS is supported just for input lengths with data units of 128-bit blocks.
Add a fallback to software implementation when the last block is shorter
than 128 bits.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel - Set OFB's blocksize to 1

Set cra_blocksize to 1 to indicate OFB is a stream cipher.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gon

crypto: atmel - Set OFB's blocksize to 1

Set cra_blocksize to 1 to indicate OFB is a stream cipher.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Add NIST 800-38A's zero length cryptlen constraint

NIST 800-38A requires for the ECB, CBC, CFB, OFB and CTR modes that
the plaintext and ciphertext to have a positive integer len

crypto: atmel-aes - Add NIST 800-38A's zero length cryptlen constraint

NIST 800-38A requires for the ECB, CBC, CFB, OFB and CTR modes that
the plaintext and ciphertext to have a positive integer length.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Add XTS input length constraint

Input length smaller than block size does not make sense for XTS.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbe

crypto: atmel-aes - Add XTS input length constraint

Input length smaller than block size does not make sense for XTS.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Add blocksize constraint for ECB and CBC modes

NIST 800-38A requires for the ECB and CBC modes that the total number
of bits in the plaintext to be a multiple of the block cipher

crypto: atmel-aes - Add blocksize constraint for ECB and CBC modes

NIST 800-38A requires for the ECB and CBC modes that the total number
of bits in the plaintext to be a multiple of the block cipher.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - convert to use be32_add_cpu()

Convert cpu_to_be32(be32_to_cpu(E1) + E2) to use be32_add_cpu().

Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Herbert Xu <herbe

crypto: atmel-aes - convert to use be32_add_cpu()

Convert cpu_to_be32(be32_to_cpu(E1) + E2) to use be32_add_cpu().

Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-{aes,sha,tdes} - Retire crypto_platform_data

These drivers no longer need it as they are only probed via DT.
crypto_platform_data was allocated but unused, so remove it.
This is a foll

crypto: atmel-{aes,sha,tdes} - Retire crypto_platform_data

These drivers no longer need it as they are only probed via DT.
crypto_platform_data was allocated but unused, so remove it.
This is a follow up for:
commit 45a536e3a7e0 ("crypto: atmel-tdes - Retire dma_request_slave_channel_compat()")
commit db28512f48e2 ("crypto: atmel-sha - Retire dma_request_slave_channel_compat()")
commit 62f72cbdcf02 ("crypto: atmel-aes - Retire dma_request_slave_channel_compat()")

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: remove propagation of CRYPTO_TFM_RES_* flags

The CRYPTO_TFM_RES_* flags were apparently meant as a way to make the
->setkey() functions provide more information about errors. But these
flag

crypto: remove propagation of CRYPTO_TFM_RES_* flags

The CRYPTO_TFM_RES_* flags were apparently meant as a way to make the
->setkey() functions provide more information about errors. But these
flags weren't actually being used or tested, and in many cases they
weren't being set correctly anyway. So they've now been removed.

Also, if someone ever actually needs to start better distinguishing
->setkey() errors (which is somewhat unlikely, as this has been unneeded
for a long time), we'd be much better off just defining different return
values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.

So just remove CRYPTO_TFM_RES_MASK and all the unneeded logic that
propagates these flags around.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN

The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.

However, no one a

crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN

The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.

However, no one actually checks for this flag, which makes it pointless.

Also, many algorithms fail to set this flag when given a bad length key.
Reviewing just the generic implementations, this is the case for
aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
many more in arch/*/crypto/ and drivers/crypto/.

Some algorithms can even set this flag when the key is the correct
length. For example, authenc and authencesn set it when the key payload
is malformed in any way (not just a bad length), the atmel-sha and ccree
drivers can set it if a memory allocation fails, and the chelsio driver
sets it for bad auth tag lengths, not just bad key lengths.

So even if someone actually wanted to start checking this flag (which
seems unlikely, since it's been unused for a long time), there would be
a lot of work needed to get it working correctly. But it would probably
be much better to go back to the drawing board and just define different
return values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.

So just remove this flag.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-aes - Fix CTR counter overflow when multiple fragments

The CTR transfer works in fragments of data of maximum 1 MByte because
of the 16 bit CTR counter embedded in the IP. Fix the CTR

crypto: atmel-aes - Fix CTR counter overflow when multiple fragments

The CTR transfer works in fragments of data of maximum 1 MByte because
of the 16 bit CTR counter embedded in the IP. Fix the CTR counter
overflow handling for messages larger than 1 MByte.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: 781a08d9740a ("crypto: atmel-aes - Fix counter overflow in CTR mode")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-{aes,tdes} - Update the IV only when the op succeeds

Do not update the IV in case of errors.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herb

crypto: atmel-{aes,tdes} - Update the IV only when the op succeeds

Do not update the IV in case of errors.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...

crypto: atmel-{sha,tdes} - Print warn message even when deferring

Even when deferring, we would like to know what caused it.
Update dev_warn to dev_err because if the DMA init fails,
the probe is st

crypto: atmel-{sha,tdes} - Print warn message even when deferring

Even when deferring, we would like to know what caused it.
Update dev_warn to dev_err because if the DMA init fails,
the probe is stopped.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

show more ...