1. 23 Jan, 2017 13 commits
    • Ryder Lee's avatar
      crypto: mediatek - add support to GCM mode · d03f7b0d
      Ryder Lee authored
      This patch adds support to the GCM mode.
      Signed-off-by: default avatarRyder Lee <ryder.lee@mediatek.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d03f7b0d
    • Ryder Lee's avatar
      crypto: mediatek - add support to CTR mode · e04a31d7
      Ryder Lee authored
      This patch adds support to the CTR mode.
      Signed-off-by: default avatarRyder Lee <ryder.lee@mediatek.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      e04a31d7
    • Ryder Lee's avatar
      crypto: mediatek - fix typo and indentation · 059b1494
      Ryder Lee authored
      Dummy patch to fix typo and indentation.
      Signed-off-by: default avatarRyder Lee <ryder.lee@mediatek.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      059b1494
    • Ryder Lee's avatar
      crypto: mediatek - regroup functions by usage · 0abc2714
      Ryder Lee authored
      This patch only regroup functions by usage.
      This will help to integrate the GCM support patch later by
      adjusting some shared code section, such as common code which
      will be reused by GCM, AES mode setting, and DMA transfer.
      Signed-off-by: default avatarRyder Lee <ryder.lee@mediatek.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      0abc2714
    • Ryder Lee's avatar
      crypto: mediatek - rework crypto request completion · 87421984
      Ryder Lee authored
      This patch introduces a new callback 'resume' in the struct mtk_aes_rec.
      This callback is run to resume/complete the processing of the crypto
      request when woken up by AES interrupts when DMA completion.
      
      This callback will help implementing the GCM mode support in further
      patches.
      Signed-off-by: default avatarRyder Lee <ryder.lee@mediatek.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      87421984
    • Ryder Lee's avatar
      crypto: mediatek - make crypto request queue management more generic · 382ae57d
      Ryder Lee authored
      This patch changes mtk_aes_handle_queue() to make it more generic.
      The function argument is now a pointer to struct crypto_async_request,
      which is the common base of struct ablkcipher_request and
      struct aead_request.
      
      Also this patch introduces struct mtk_aes_base_ctx which will be the
      common base of all the transformation contexts.
      
      Hence the very same queue will be used to manage both block cipher and
      AEAD requests (such as gcm and authenc implemented in further patches).
      Signed-off-by: default avatarRyder Lee <ryder.lee@mediatek.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      382ae57d
    • Ryder Lee's avatar
      crypto: mediatek - fix incorrect data transfer result · 4432861f
      Ryder Lee authored
      This patch fixes mtk_aes_xmit() data transfer bug.
      
      The original function uses the same loop and ring->pos
      to handle both command and result descriptors. But this
      produces incomplete results when src.sg_len != dst.sg_len.
      
      To solve the problem, we splits the descriptors into different
      loops and uses cmd_pos and res_pos to record them respectively.
      Signed-off-by: default avatarRyder Lee <ryder.lee@mediatek.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4432861f
    • Ryder Lee's avatar
      crypto: mediatek - move HW control data to transformation context · a8739962
      Ryder Lee authored
      This patch moves hardware control block members from
      mtk_*_rec to transformation context and refines related
      definition. This makes operational context to manage its
      own control information easily for each DMA transfer.
      Signed-off-by: default avatarRyder Lee <ryder.lee@mediatek.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      a8739962
    • Denys Vlasenko's avatar
      crypto: x86 - make constants readonly, allow linker to merge them · e183914a
      Denys Vlasenko authored
      A lot of asm-optimized routines in arch/x86/crypto/ keep its
      constants in .data. This is wrong, they should be on .rodata.
      
      Mnay of these constants are the same in different modules.
      For example, 128-bit shuffle mask 0x000102030405060708090A0B0C0D0E0F
      exists in at least half a dozen places.
      
      There is a way to let linker merge them and use just one copy.
      The rules are as follows: mergeable objects of different sizes
      should not share sections. You can't put them all in one .rodata
      section, they will lose "mergeability".
      
      GCC puts its mergeable constants in ".rodata.cstSIZE" sections,
      or ".rodata.cstSIZE.<object_name>" if -fdata-sections is used.
      This patch does the same:
      
      	.section .rodata.cst16.SHUF_MASK, "aM", @progbits, 16
      
      It is important that all data in such section consists of
      16-byte elements, not larger ones, and there are no implicit
      use of one element from another.
      
      When this is not the case, use non-mergeable section:
      
      	.section .rodata[.VAR_NAME], "a", @progbits
      
      This reduces .data by ~15 kbytes:
      
          text    data     bss     dec      hex filename
      11097415 2705840 2630712 16433967  fac32f vmlinux-prev.o
      11112095 2690672 2630712 16433479  fac147 vmlinux.o
      
      Merged objects are visible in System.map:
      
      ffffffff81a28810 r POLY
      ffffffff81a28810 r POLY
      ffffffff81a28820 r TWOONE
      ffffffff81a28820 r TWOONE
      ffffffff81a28830 r PSHUFFLE_BYTE_FLIP_MASK <- merged regardless of
      ffffffff81a28830 r SHUF_MASK   <------------- the name difference
      ffffffff81a28830 r SHUF_MASK
      ffffffff81a28830 r SHUF_MASK
      ..
      ffffffff81a28d00 r K512 <- merged three identical 640-byte tables
      ffffffff81a28d00 r K512
      ffffffff81a28d00 r K512
      
      Use of object names in section name suffixes is not strictly necessary,
      but might help if someday link stage will use garbage collection
      to eliminate unused sections (ld --gc-sections).
      Signed-off-by: default avatarDenys Vlasenko <dvlasenk@redhat.com>
      CC: Herbert Xu <herbert@gondor.apana.org.au>
      CC: Josh Poimboeuf <jpoimboe@redhat.com>
      CC: Xiaodong Liu <xiaodong.liu@intel.com>
      CC: Megha Dey <megha.dey@intel.com>
      CC: linux-crypto@vger.kernel.org
      CC: x86@kernel.org
      CC: linux-kernel@vger.kernel.org
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      e183914a
    • Denys Vlasenko's avatar
      crypto: x86/crc32c - fix %progbits -> @progbits · 587d531b
      Denys Vlasenko authored
      %progbits form is used on ARM (where @ is a comment char).
      
      x86 consistently uses @progbits everywhere else.
      Signed-off-by: default avatarDenys Vlasenko <dvlasenk@redhat.com>
      CC: Herbert Xu <herbert@gondor.apana.org.au>
      CC: Josh Poimboeuf <jpoimboe@redhat.com>
      CC: Xiaodong Liu <xiaodong.liu@intel.com>
      CC: Megha Dey <megha.dey@intel.com>
      CC: George Spelvin <linux@horizon.com>
      CC: linux-crypto@vger.kernel.org
      CC: x86@kernel.org
      CC: linux-kernel@vger.kernel.org
      Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      587d531b
    • Ard Biesheuvel's avatar
      crypto: arm/aes-neonbs - fix issue with v2.22 and older assembler · 13954e78
      Ard Biesheuvel authored
      The GNU assembler for ARM version 2.22 or older fails to infer the
      element size from the vmov instructions, and aborts the build in
      the following way;
      
      .../aes-neonbs-core.S: Assembler messages:
      .../aes-neonbs-core.S:817: Error: bad type for scalar -- `vmov q1h[1],r10'
      .../aes-neonbs-core.S:817: Error: bad type for scalar -- `vmov q1h[0],r9'
      .../aes-neonbs-core.S:817: Error: bad type for scalar -- `vmov q1l[1],r8'
      .../aes-neonbs-core.S:817: Error: bad type for scalar -- `vmov q1l[0],r7'
      .../aes-neonbs-core.S:818: Error: bad type for scalar -- `vmov q2h[1],r10'
      .../aes-neonbs-core.S:818: Error: bad type for scalar -- `vmov q2h[0],r9'
      .../aes-neonbs-core.S:818: Error: bad type for scalar -- `vmov q2l[1],r8'
      .../aes-neonbs-core.S:818: Error: bad type for scalar -- `vmov q2l[0],r7'
      
      Fix this by setting the element size explicitly, by replacing vmov with
      vmov.32.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      13954e78
    • Rabin Vincent's avatar
      crypto: tcrypt - Add debug prints · 76512f2d
      Rabin Vincent authored
      tcrypt is very tight-lipped when it succeeds, but a bit more feedback
      would be useful when developing or debugging crypto drivers, especially
      since even a successful run ends with the module failing to insert. Add
      a couple of debug prints, which can be enabled with dynamic debug:
      
      Before:
      
       # insmod tcrypt.ko mode=10
       insmod: can't insert 'tcrypt.ko': Resource temporarily unavailable
      
      After:
      
       # insmod tcrypt.ko mode=10 dyndbg
       tcrypt: testing ecb(aes)
       tcrypt: testing cbc(aes)
       tcrypt: testing lrw(aes)
       tcrypt: testing xts(aes)
       tcrypt: testing ctr(aes)
       tcrypt: testing rfc3686(ctr(aes))
       tcrypt: all tests passed
       insmod: can't insert 'tcrypt.ko': Resource temporarily unavailable
      Signed-off-by: default avatarRabin Vincent <rabinv@axis.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      76512f2d
    • Nicolas Iooss's avatar
      crypto: img-hash - use dma_data_direction when calling dma_map_sg · 3bfb2e6b
      Nicolas Iooss authored
      The fourth argument of dma_map_sg() and dma_unmap_sg() is an item of
      dma_data_direction enum. Function img_hash_xmit_dma() wrongly used
      DMA_MEM_TO_DEV, which is an item of dma_transfer_direction enum.
      
      Replace DMA_MEM_TO_DEV (which value is 1) with DMA_TO_DEVICE (which
      value is fortunately also 1) when calling dma_map_sg() and
      dma_unmap_sg().
      Signed-off-by: default avatarNicolas Iooss <nicolas.iooss_linux@m4x.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3bfb2e6b
  2. 13 Jan, 2017 9 commits
  3. 12 Jan, 2017 17 commits
  4. 08 Jan, 2017 1 commit