- 26 Mar, 2021 13 commits
-
-
Rijo Thomas authored
Multiple threads or clients can submit a command to the TEE ring buffer. This patch helps to synchronize command submission to the ring. One thread shall write a command to a TEE ring buffer entry only if: - Trusted OS has notified that the TEE command for the given entry has been processed and driver has copied the TEE response into client buffer. - The command entry is empty and can be written into. After a command has been written to the TEE ring buffer, the global wptr (mutex protected) shall be incremented for use by next client. If PSP became unresponsive while processing TEE request from a client, then further command submission to queue will be disabled. Fixes: 33960acc (crypto: ccp - add TEE support for Raven Ridge) Reviewed-by:
Devaraj Rangasamy <Devaraj.Rangasamy@amd.com> Signed-off-by:
Rijo Thomas <Rijo-john.Thomas@amd.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Rijo Thomas authored
The PSP TEE device driver polls the command status variable every 5ms to check for command completion. Reduce this time to 1ms so that there is an improvement in driver response time to clients which submit TEE commands. Reviewed-by:
-
Tian Tao authored
This commit fixes the checkpatch warning: WARNING: Use #include <linux/io.h> instead of <asm/io.h> 34: FILE: drivers/char/hw_random/intel-rng.c:34: Signed-off-by:
Tian Tao <tiantao6@hisilicon.com> Signed-off-by:
-
Herbert Xu authored
This pulls in the NIST P384/256/192 x509 changes.
-
Saulo Alessandre authored
Prepare the x509 parser to accept NIST P384 certificates and add the OID for ansip384r1, which is the identifier for NIST P384. Summary of changes: * crypto/asymmetric_keys/x509_cert_parser.c - prepare x509 parser to load NIST P384 * include/linux/oid_registry.h - add OID_ansip384r1 Signed-off-by:
Saulo Alessandre <saulo.alessandre@tse.jus.br> Tested-by:
Stefan Berger <stefanb@linux.ibm.com> Signed-off-by:
-
Stefan Berger authored
Add support for IMA signature verification for EC keys. Since SHA type of hashes can be used by RSA and ECDSA signature schemes we need to look at the key and derive from the key which signature scheme to use. Since this can be applied to all types of keys, we change the selection of the encoding type to be driven by the key's signature scheme rather than by the hash type. Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: linux-integrity@vger.kernel.org Cc: David Howells <dhowells@redhat.com> Cc: keyrings@vger.kernel.org Signed-off-by:
Vitaly Chikunov <vt@altlinux.org> Reviewed-by:
Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Acked-by:
Mimi Zohar <zohar@linux.ibm.com> Signed-off-by:
-
Stefan Berger authored
Add support for parsing of x509 certificates that contain ECDSA keys, such as NIST P256, that have been signed by a CA using any of the current SHA hash algorithms. Cc: David Howells <dhowells@redhat.com> Cc: keyrings@vger.kernel.org Signed-off-by:
-
Stefan Berger authored
Detect whether a key is an sm2 type of key by its OID in the parameters array rather than assuming that everything under OID_id_ecPublicKey is sm2, which is not the case. Cc: David Howells <dhowells@redhat.com> Cc: keyrings@vger.kernel.org Signed-off-by:
-
Saulo Alessandre authored
Register NIST P384 as an akcipher and extend the testmgr with NIST P384-specific test vectors. Summary of changes: * crypto/ecdsa.c - add ecdsa_nist_p384_init_tfm - register and unregister P384 tfm * crypto/testmgr.c - add test vector for P384 on vector of tests * crypto/testmgr.h - add test vector params for P384(sha1, sha224, sha256, sha384 and sha512) Signed-off-by:Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by:
-
Saulo Alessandre authored
Add the math needed for NIST P384 and adapt certain functions' parameters so that the ecc_curve is passed to vli_mmod_fast. This allows to identify the curve by its name prefix and the appropriate function for fast mmod calculation can be used. Summary of changes: * crypto/ecc.c - add vli_mmod_fast_384 - change some routines to pass ecc_curve forward until vli_mmod_fast * crypto/ecc.h - add ECC_CURVE_NIST_P384_DIGITS - change ECC_MAX_DIGITS to P384 size Signed-off-by:
-
Saulo Alessandre authored
Add the parameters for the NIST P384 curve and define a new curve ID for it. Make the curve available in ecc_get_curve. Summary of changes: * crypto/ecc_curve_defs.h - add nist_p384 params * include/crypto/ecdh.h - add ECC_CURVE_NIST_P384 * crypto/ecc.c - change ecc_get_curve to accept nist_p384 Signed-off-by:
-
Stefan Berger authored
Add support for parsing the parameters of a NIST P256 or NIST P192 key. Enable signature verification using these keys. The new module is enabled with CONFIG_ECDSA: Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.) is A NIST cryptographic standard algorithm. Only signature verification is implemented. Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by:
-
Stefan Berger authored
Add OIDs for ECDSA with SHA224/256/384/512. Signed-off-by:
-
- 19 Mar, 2021 10 commits
-
-
Wang Qing authored
platform_get_irq() has already checked and printed the return value, the printing here is nothing special, it is not necessary at all. Signed-off-by:
Wang Qing <wangqing@vivo.com> Signed-off-by:
-
Longfang Liu authored
cleanup static check errors for SEC Signed-off-by:
Longfang Liu <liulongfang@huawei.com> Signed-off-by:
-
Longfang Liu authored
1.delete the original complex method of obtaining the current device and replace it with the initialized device pointer. 2.fixes some coding style Signed-off-by:
-
Longfang Liu authored
When the log is output here, the device has not been initialized yet. Signed-off-by:
-
Tian Tao authored
Use devm_platform_ioremap_resource() to simplify the code. Signed-off-by:
-
Tian Tao authored
Use devm_platform_ioremap_resource() to simplify the code. Signed-off-by:
-
Ard Biesheuvel authored
Drop the local definition of a byte swapping macro and use the common one instead. Signed-off-by:
Ard Biesheuvel <ardb@kernel.org> Reviewed-by:
Nicolas Pitre <nico@fluxnic.net> Reviewed-by:
Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by:
Linus Walleij <linus.walleij@linaro.org> Reviewed-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
-
Ard Biesheuvel authored
The scalar AES implementation has some locally defined macros which reimplement things that are now available in macros defined in assembler.h. So let's switch to those. Signed-off-by:
-
Eric Biggers authored
The new ARM BLAKE2s code doesn't work correctly (fails the self-tests) in big endian kernel builds because it doesn't swap the endianness of the message words when loading them. Fix this. Fixes: 5172d322 ("crypto: arm/blake2s - add ARM scalar optimized BLAKE2s") Signed-off-by:
-
Herbert Xu authored
This patch fixes missing prototype warnings in crypto/aegis128-neon.c. Fixes: a4397635 ("crypto: aegis128 - provide a SIMD...") Reported-by:
kernel test robot <lkp@intel.com> Signed-off-by:
-
- 12 Mar, 2021 17 commits
-
-
Philipp Zabel authored
As of commit bb475230 ("reset: make optional functions really optional"), the reset framework API calls use NULL pointers to describe optional, non-present reset controls. This allows to unconditionally return errors from devm_reset_control_get_optional_exclusive. Signed-off-by:
Philipp Zabel <p.zabel@pengutronix.de> Signed-off-by:
-
Álvaro Fernández Rojas authored
BCM6368 devices need to reset the IPSEC controller in order to generate true random numbers. This is what BCM6368 produces without a reset: root@OpenWrt:/# cat /dev/hwrng | rngtest -c 1000 rngtest 6.10 Copyright (c) 2004 by Henrique de Moraes Holschuh This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. rngtest: starting FIPS tests... rngtest: bits received from input: 20000032 rngtest: FIPS 140-2 successes: 0 rngtest: FIPS 140-2 failures: 1000 rngtest: FIPS 140-2(2001-10-10) Monobit: 2 rngtest: FIPS 140-2(2001-10-10) Poker: 1000 rngtest: FIPS 140-2(2001-10-10) Runs: 1000 rngtest: FIPS 140-2(2001-10-10) Long run: 30 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=37.253; avg=320.827; max=635.783)Mibits/s rngtest: FIPS tests speed: (min=12.141; avg=15.034; max=16.428)Mibits/s rngtest: Program run time: 1336176 microseconds Signed-off-by:
Álvaro Fernández Rojas <noltari@gmail.com> Reviewed-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
Álvaro Fernández Rojas authored
brcm,bcm6368-rng controllers require resetting the IPSEC clock in order to get a functional RNG. Signed-off-by:
Rob Herring <robh@kernel.org> Acked-by:
-
Álvaro Fernández Rojas authored
brcm,bcm6368-rng controllers require enabling the IPSEC clock in order to get a functional RNG. Signed-off-by:
-
Hui Tang authored
DMA_TO_DEVICE synchronisation must be done after the last modification of the memory region by the software and before it is handed off to the device. Signed-off-by:
Hui Tang <tanghui20@huawei.com> Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Hui Tang authored
'dma_mapping_error' return a negative value if 'dma_addr' is equal to 'DMA_MAPPING_ERROR' not zero, so fix initialization of 'dma_addr'. Signed-off-by:
-
Jia-Ju Bai authored
When dma_mapping_error() returns an error, no error return code of sun8i_ce_prng_generate() is assigned. To fix this bug, err is assigned with -EFAULT as error return code. Reported-by:
TOTE Robot <oslab@tsinghua.edu.cn> Signed-off-by:
Jia-Ju Bai <baijiaju1990@gmail.com> Tested-by:
Corentin Labbe <clabbe.montjoie@gmail.com> Acked-by:
-
Meng Yu authored
Enable 'CURVE25519' algorithm in Kunpeng 930. Signed-off-by:
Meng Yu <yumeng18@huawei.com> Reviewed-by:
Zaibo Xu <xuzaibo@huawei.com> Reported-by:
-
Meng Yu authored
1. Add curve 25519 parameters in 'crypto/ecc_curve_defs.h'; 2. Add curve25519 interface 'ecc_get_curve25519_param' in 'include/crypto/ecc_curve.h', to make its parameters be exposed to everyone in kernel tree. Signed-off-by:
-
Meng Yu authored
1. Enable 'ECDH' algorithm in Kunpeng 930; 2. HPRE ECDH Support: ecdh-nist-p192, ecdh-nist-p256. Signed-off-by:
-
Meng Yu authored
Move 'ecc_get_curve' to 'include/crypto/ecc_curve.h', so everyone in kernel tree can easily get ecc curve params; Signed-off-by:
-
Meng Yu authored
1. crypto and crypto/atmel-ecc: Move curve id of ECDH from the key into the algorithm name instead in crypto and atmel-ecc, so ECDH algorithm name change form 'ecdh' to 'ecdh-nist-pxxx', and we cannot use 'curve_id' in 'struct ecdh'; 2. crypto/testmgr and net/bluetooth: Modify 'testmgr.c', 'testmgr.h' and 'net/bluetooth' to adapt the modification. Signed-off-by:
-
Meng Yu authored
Algorithm type is brought in to get hardware HPRE queue to support different algorithms. Signed-off-by:
-
Meng Yu authored
A new generation of accelerator Kunpeng930 has appeared, and the corresponding driver needs to be updated to support some new algorithms of Kunpeng930. To be compatible with Kunpeng920, we add parameter 'struct hisi_qm *qm' to sec_algs_(un)register to identify the chip's version. Signed-off-by:
-
Tom Lendacky authored
If SEV has been disabled (e.g. through BIOS), the driver probe will still issue SEV firmware commands. The SEV INIT firmware command will return an error in this situation, but the error code is a general error code that doesn't highlight the exact reason. Add a check for X86_FEATURE_SEV in sev_dev_init() and emit a meaningful message and skip attempting to initialize the SEV firmware if the feature is not enabled. Since building the SEV code is dependent on X86_64, adding the check won't cause any build problems. Cc: John Allen <john.allen@amd.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by:
Tom Lendacky <thomas.lendacky@amd.com> Reviewed-By:
Brijesh Singh <brijesh.singh@amd.com> Signed-off-by:
-
Ard Biesheuvel authored
Given that crypto_alloc_tfm() may return ERR pointers, and to avoid crashes on obscure error paths where such pointers are presented to crypto_destroy_tfm() (such as [0]), add an ERR_PTR check there before dereferencing the second argument as a struct crypto_tfm pointer. [0] https://lore.kernel.org/linux-crypto/000000000000de949705bc59e0f6@google.com/ Reported-by: syzbot+12cf5fbfdeba210a89dd@syzkaller.appspotmail.com Reviewed-by:
-
Colin Ian King authored
In the case where the dma_iv mapping fails, the return error path leaks the memory allocated to object d. Fix this by adding a new error return label and jumping to this to ensure d is free'd before the return. Addresses-Coverity: ("Resource leak") Fixes: ac2614d7 ("crypto: sun8i-ss - Add support for the PRNG") Signed-off-by:Colin Ian King <colin.king@canonical.com> Acked-by:
-
