diff options
Diffstat (limited to 'recipes-kernel')
45 files changed, 4297 insertions, 0 deletions
diff --git a/recipes-kernel/asf/asf_git.bb b/recipes-kernel/asf/asf_git.bb new file mode 100644 index 00000000..6e25ecf5 --- /dev/null +++ b/recipes-kernel/asf/asf_git.bb | |||
@@ -0,0 +1,33 @@ | |||
1 | DESCRIPTION = "Non-DPAA software Application Specific Fast-path" | ||
2 | SECTION = "asf" | ||
3 | LICENSE = "GPLv2 & GPLv2+ & BSD" | ||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287" | ||
5 | |||
6 | SRC_URI = "git://git.freescale.com/ppc/sdk/asf.git;branch=master" | ||
7 | SRCREV = "62ba10ab6bab8f8f53934e4bb55b5a552bf3fd6b" | ||
8 | |||
9 | inherit module qoriq_build_64bit_kernel | ||
10 | |||
11 | S = "${WORKDIR}/git/asfmodule" | ||
12 | |||
13 | EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX}" | ||
14 | export KERNEL_PATH = "${STAGING_KERNEL_DIR}" | ||
15 | |||
16 | INHIBIT_PACKAGE_STRIP = "1" | ||
17 | |||
18 | do_configure[depends] += "virtual/kernel:do_shared_workdir" | ||
19 | do_configure_prepend () { | ||
20 | find ${S} -name Makefile -exec \ | ||
21 | sed -i 's,$(KERNEL_PATH)/.config,$(KBUILD_OUTPUT)/.config,' {} \; | ||
22 | } | ||
23 | |||
24 | do_install(){ | ||
25 | install -d ${D}/${libexecdir} | ||
26 | install -d ${D}/lib/modules/${KERNEL_VERSION}/asf | ||
27 | cp -rf ${S}/bin/full ${D}/lib/modules/${KERNEL_VERSION}/asf | ||
28 | cp -rf ${S}/bin/min ${D}/lib/modules/${KERNEL_VERSION}/asf | ||
29 | cp -rf ${S}/../scripts ${D}/${libexecdir}/ | ||
30 | } | ||
31 | |||
32 | FILES_${PN} += "${libexecdir} /lib/modules/${KERNEL_VERSION}/asf" | ||
33 | RDEPENDS_${PN} += "ipsec-tools" | ||
diff --git a/recipes-kernel/auto-resp/ar_git.bb b/recipes-kernel/auto-resp/ar_git.bb new file mode 100644 index 00000000..52d9f57d --- /dev/null +++ b/recipes-kernel/auto-resp/ar_git.bb | |||
@@ -0,0 +1,29 @@ | |||
1 | SUMMARY = "Auto Response Control Module" | ||
2 | LICENSE = "GPLv2 & BSD" | ||
3 | LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287" | ||
4 | |||
5 | inherit module | ||
6 | |||
7 | SRC_URI = "git://git.freescale.com/ppc/sdk/auto-resp.git;branch=sdk-v1.7.x" | ||
8 | SRCREV = "dbede76fb4020a370baa393f7c53af4c0db8f175" | ||
9 | |||
10 | S = "${WORKDIR}/git" | ||
11 | |||
12 | EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX} SYSROOT=${STAGING_DIR_TARGET}" | ||
13 | export KERNEL_PATH | ||
14 | |||
15 | INHIBIT_PACKAGE_STRIP = "1" | ||
16 | |||
17 | do_compile_prepend() { | ||
18 | sed -i -e 's,EXTRA_CFLAGS += -I$(PWD),EXTRA_CFLAGS += -I${S},' ${S}/armodule/source/Makefile | ||
19 | } | ||
20 | |||
21 | do_install(){ | ||
22 | install -d ${D}/lib/modules/${KERNEL_VERSION} | ||
23 | install -d ${D}${bindir} | ||
24 | install -m 644 ${B}/bin/ar.ko ${D}/lib/modules/${KERNEL_VERSION}/ | ||
25 | cp -f ${S}/bin/ar_* ${D}${bindir}/ | ||
26 | } | ||
27 | |||
28 | FILES_${PN} += "${bindir}/" | ||
29 | |||
diff --git a/recipes-kernel/ceetm/ceetm_git.bb b/recipes-kernel/ceetm/ceetm_git.bb new file mode 100644 index 00000000..beaed31e --- /dev/null +++ b/recipes-kernel/ceetm/ceetm_git.bb | |||
@@ -0,0 +1,30 @@ | |||
1 | DESCRIPTION = "CEETM TC QDISC" | ||
2 | LICENSE = "GPLv2 & BSD" | ||
3 | LIC_FILES_CHKSUM = "file://COPYING;md5=b5881ecf398da8a03a3f4c501e29d287" | ||
4 | |||
5 | DEPENDS="virtual/kernel" | ||
6 | |||
7 | inherit module qoriq_build_64bit_kernel | ||
8 | |||
9 | SRC_URI = "git://git.freescale.com/ppc/sdk/ceetm.git;nobranch=1" | ||
10 | SRCREV = "ecf55c9ca0cd42a212653e1f99c19cd611e3a008" | ||
11 | |||
12 | S = "${WORKDIR}/git" | ||
13 | |||
14 | EXTRA_OEMAKE = "CROSS_COMPILE=${TARGET_PREFIX} SYSROOT=${STAGING_DIR_TARGET}" | ||
15 | export KERNEL_PATH = "${STAGING_KERNEL_DIR}" | ||
16 | |||
17 | do_configure[depends] += "virtual/kernel:do_shared_workdir" | ||
18 | do_configure_prepend () { | ||
19 | sed -i 's,$(KERNEL_PATH)/.config,$(KBUILD_OUTPUT)/.config,' ${S}/ceetm_module/Makefile | ||
20 | } | ||
21 | |||
22 | do_install(){ | ||
23 | mkdir -p ${D}/usr/driver/ceetm | ||
24 | mkdir -p ${D}/${libdir}/tc | ||
25 | cp ${S}/bin/ceetm.ko ${D}/usr/driver/ceetm | ||
26 | cp ${S}/bin/q_ceetm.so ${D}/${libdir}/tc/. | ||
27 | } | ||
28 | |||
29 | FILES_${PN} += "/usr/driver/ceetm ${libdir}/tc" | ||
30 | INHIBIT_PACKAGE_STRIP = "1" | ||
diff --git a/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb b/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb new file mode 100644 index 00000000..92ccd717 --- /dev/null +++ b/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb | |||
@@ -0,0 +1,12 @@ | |||
1 | require cryptodev_${PV}.inc | ||
2 | |||
3 | SUMMARY = "A /dev/crypto device driver header file" | ||
4 | |||
5 | do_compile[noexec] = "1" | ||
6 | |||
7 | # Just install cryptodev.h which is the only header file needed to be exported | ||
8 | do_install() { | ||
9 | install -D ${S}/crypto/cryptodev.h ${D}${includedir}/crypto/cryptodev.h | ||
10 | } | ||
11 | |||
12 | ALLOW_EMPTY_${PN} = "1" | ||
diff --git a/recipes-kernel/cryptodev/cryptodev-module_1.7.bb b/recipes-kernel/cryptodev/cryptodev-module_1.7.bb new file mode 100644 index 00000000..e6b1f27c --- /dev/null +++ b/recipes-kernel/cryptodev/cryptodev-module_1.7.bb | |||
@@ -0,0 +1,10 @@ | |||
1 | require cryptodev_${PV}.inc | ||
2 | |||
3 | SUMMARY = "A /dev/crypto device driver kernel module" | ||
4 | |||
5 | inherit module qoriq_build_64bit_kernel | ||
6 | |||
7 | # Header file provided by a separate package | ||
8 | DEPENDS += "cryptodev-linux" | ||
9 | |||
10 | EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' | ||
diff --git a/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb b/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb new file mode 100644 index 00000000..128ccc99 --- /dev/null +++ b/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb | |||
@@ -0,0 +1,17 @@ | |||
1 | require cryptodev_${PV}.inc | ||
2 | |||
3 | SUMMARY = "A test suite for /dev/crypto device driver" | ||
4 | DEPENDS = "openssl" | ||
5 | |||
6 | EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' | ||
7 | |||
8 | do_compile() { | ||
9 | oe_runmake testprogs | ||
10 | } | ||
11 | |||
12 | do_install() { | ||
13 | oe_runmake install_tests | ||
14 | } | ||
15 | |||
16 | FILES_${PN}-dbg += "${bindir}/tests_cryptodev/.debug" | ||
17 | FILES_${PN} = "${bindir}/tests_cryptodev/*" | ||
diff --git a/recipes-kernel/cryptodev/cryptodev_1.7.inc b/recipes-kernel/cryptodev/cryptodev_1.7.inc new file mode 100644 index 00000000..6b65f729 --- /dev/null +++ b/recipes-kernel/cryptodev/cryptodev_1.7.inc | |||
@@ -0,0 +1,47 @@ | |||
1 | HOMEPAGE = "http://cryptodev-linux.org/" | ||
2 | |||
3 | RCONFLICTS_${PN} = "ocf-linux" | ||
4 | RREPLACES_${PN} = "ocf-linux" | ||
5 | |||
6 | LICENSE = "GPLv2" | ||
7 | LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" | ||
8 | |||
9 | SRC_URI = "http://download.gna.org/cryptodev-linux/cryptodev-linux-${PV}.tar.gz" | ||
10 | SRC_URI[md5sum] = "0b63b3481cf2c90386b35f057481d36b" | ||
11 | SRC_URI[sha256sum] = "41880533b53de4d7b3f054e230f576988dafb8eed7bef5ebcf6422bb2e3a3b25" | ||
12 | |||
13 | # Upstream hotfixes and yocto specific patches | ||
14 | SRC_URI_append = " \ | ||
15 | file://0001-fix-compilation-against-linux-3.19.patch \ | ||
16 | file://0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch \ | ||
17 | file://0003-Disable-installing-header-file-provided-by-another-p.patch \ | ||
18 | file://0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch \ | ||
19 | " | ||
20 | # SDK patches | ||
21 | SRC_URI_append = " file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \ | ||
22 | file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \ | ||
23 | file://0003-PKC-support-added-in-cryptodev-module.patch \ | ||
24 | file://0004-Compat-versions-of-PKC-IOCTLs.patch \ | ||
25 | file://0005-Asynchronous-interface-changes-in-cryptodev.patch \ | ||
26 | file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \ | ||
27 | file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \ | ||
28 | file://0008-Add-RSA-Key-generation-offloading.patch \ | ||
29 | file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \ | ||
30 | file://0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch \ | ||
31 | file://0011-add-support-for-TLSv1.1-record-offload.patch \ | ||
32 | file://0012-add-support-for-TLSv1.2-record-offload.patch \ | ||
33 | file://0013-clean-up-code-layout.patch \ | ||
34 | file://0014-remove-redundant-data-copy-for-pkc-operations.patch \ | ||
35 | file://0015-fix-pkc-request-deallocation.patch \ | ||
36 | file://0016-add-basic-detection-of-asym-features.patch \ | ||
37 | file://0017-remove-dead-code.patch \ | ||
38 | file://0018-fix-compat-warnings.patch \ | ||
39 | file://0019-fix-size_t-print-format.patch \ | ||
40 | file://0020-fix-uninitialized-variable-compiler-warning.patch \ | ||
41 | " | ||
42 | |||
43 | # NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc | ||
44 | # if pkc-host does not need customized cryptodev patches anymore | ||
45 | SRC_URI_append = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" | ||
46 | |||
47 | S = "${WORKDIR}/cryptodev-linux-${PV}" | ||
diff --git a/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch new file mode 100644 index 00000000..7d957ec1 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From c653e3a70499c6bb66b57c1788d2d38ca9b8a07e Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Thu, 29 Aug 2013 16:52:30 +0300 | ||
4 | Subject: [PATCH 01/15] add support for composite TLS10(SHA1,AES) algorithm | ||
5 | offload | ||
6 | |||
7 | This adds support for composite algorithm offload as a primitive | ||
8 | crypto (cipher + hmac) operation. | ||
9 | |||
10 | It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm | ||
11 | provided either in software or accelerated by hardware such as | ||
12 | Freescale B*, P* and T* platforms. | ||
13 | |||
14 | Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf | ||
15 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
16 | Reviewed-on: http://git.am.freescale.net:8181/17218 | ||
17 | --- | ||
18 | crypto/cryptodev.h | 1 + | ||
19 | ioctl.c | 5 +++++ | ||
20 | 2 files changed, 6 insertions(+) | ||
21 | |||
22 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
23 | index 7fb9c7d..c0e8cd4 100644 | ||
24 | --- a/crypto/cryptodev.h | ||
25 | +++ b/crypto/cryptodev.h | ||
26 | @@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t { | ||
27 | CRYPTO_SHA2_384, | ||
28 | CRYPTO_SHA2_512, | ||
29 | CRYPTO_SHA2_224_HMAC, | ||
30 | + CRYPTO_TLS10_AES_CBC_HMAC_SHA1, | ||
31 | CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ | ||
32 | }; | ||
33 | |||
34 | diff --git a/ioctl.c b/ioctl.c | ||
35 | index b23f5fd..a3f8379 100644 | ||
36 | --- a/ioctl.c | ||
37 | +++ b/ioctl.c | ||
38 | @@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) | ||
39 | stream = 1; | ||
40 | aead = 1; | ||
41 | break; | ||
42 | + case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: | ||
43 | + alg_name = "tls10(hmac(sha1),cbc(aes))"; | ||
44 | + stream = 0; | ||
45 | + aead = 1; | ||
46 | + break; | ||
47 | case CRYPTO_NULL: | ||
48 | alg_name = "ecb(cipher_null)"; | ||
49 | stream = 1; | ||
50 | -- | ||
51 | 2.3.5 | ||
52 | |||
diff --git a/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch b/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch new file mode 100644 index 00000000..10d6c8b5 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From d30c9c64aca4a7905e1b7eb3e28e1c616191bd34 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Tue, 9 Dec 2014 16:41:25 +0200 | ||
4 | Subject: [PATCH] don't advertise RSA keygen | ||
5 | |||
6 | Disable RSA keygen operations when they are not available. | ||
7 | |||
8 | Currently no testing can be done and this patch should be applied | ||
9 | selectively on platforms that have incomplete support for RSA operations | ||
10 | (for example pkc driver on C293) | ||
11 | |||
12 | Change-Id: Ic8df014623410c3cf4b0b217a246efcea8f2eeef | ||
13 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
14 | --- | ||
15 | ioctl.c | 2 +- | ||
16 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/ioctl.c b/ioctl.c | ||
19 | index 53dbf64..27dc66e 100644 | ||
20 | --- a/ioctl.c | ||
21 | +++ b/ioctl.c | ||
22 | @@ -979,7 +979,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
23 | case CIOCASYMFEAT: | ||
24 | ses = 0; | ||
25 | if (crypto_has_alg("pkc(rsa)", 0, 0)) | ||
26 | - ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY; | ||
27 | + ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP ; | ||
28 | if (crypto_has_alg("pkc(dsa)", 0, 0)) | ||
29 | ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY; | ||
30 | if (crypto_has_alg("pkc(dh)", 0, 0)) | ||
31 | -- | ||
32 | 2.3.5 | ||
33 | |||
diff --git a/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch b/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch new file mode 100644 index 00000000..ab276d2d --- /dev/null +++ b/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From 5054d20d45571cc85339351fde52f872eeb82206 Mon Sep 17 00:00:00 2001 | ||
2 | From: Phil Sutter <phil@nwl.cc> | ||
3 | Date: Tue, 10 Feb 2015 04:57:05 +0100 | ||
4 | Subject: [PATCH 1/4] fix compilation against linux-3.19 | ||
5 | |||
6 | Commit f938612dd97d481b8b5bf960c992ae577f081c17 in linux.git removes | ||
7 | get_unused_fd() macro. This patch changes the calling code to use it's | ||
8 | content 'get_unused_fd_flags(0)' instead. Checking for when | ||
9 | get_unused_fd_flags was introduced shows it's been there since 2.6.23 at | ||
10 | least, so probably no need to make this change conditional on the target | ||
11 | kernel version. | ||
12 | |||
13 | Original patch by Ricardo Ribalda Delgado for Open Embedded, reported by | ||
14 | Oleg Rakhmanov. | ||
15 | |||
16 | Signed-off-by: Phil Sutter <phil@nwl.cc> | ||
17 | --- | ||
18 | ioctl.c | 2 +- | ||
19 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
20 | |||
21 | diff --git a/ioctl.c b/ioctl.c | ||
22 | index 5a55a76..b23f5fd 100644 | ||
23 | --- a/ioctl.c | ||
24 | +++ b/ioctl.c | ||
25 | @@ -546,7 +546,7 @@ static int | ||
26 | clonefd(struct file *filp) | ||
27 | { | ||
28 | int ret; | ||
29 | - ret = get_unused_fd(); | ||
30 | + ret = get_unused_fd_flags(0); | ||
31 | if (ret >= 0) { | ||
32 | get_file(filp); | ||
33 | fd_install(ret, filp); | ||
34 | -- | ||
35 | 2.3.5 | ||
36 | |||
diff --git a/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch b/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch new file mode 100644 index 00000000..f5ab8b4f --- /dev/null +++ b/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 47ff1eb9bb4f872c1d731b93d334ee5865bf3439 Mon Sep 17 00:00:00 2001 | ||
2 | From: Denys Dmytriyenko <denys@ti.com> | ||
3 | Date: Sun, 6 Apr 2014 22:16:30 -0400 | ||
4 | Subject: [PATCH] Fix tests Makefile usage of LDLIBS vs. LDFLAGS | ||
5 | |||
6 | Libraries must come after objects, as link order matters, especially | ||
7 | when using linker flags like -Wl,--as-needed. | ||
8 | |||
9 | Signed-off-by: Denys Dmytriyenko <denys@ti.com> | ||
10 | |||
11 | Upstream-Status: Pending | ||
12 | --- | ||
13 | tests/Makefile | 2 +- | ||
14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/tests/Makefile b/tests/Makefile | ||
17 | index cd202af..67c3c83 100644 | ||
18 | --- a/tests/Makefile | ||
19 | +++ b/tests/Makefile | ||
20 | @@ -39,5 +39,5 @@ testprogs: $(hostprogs) | ||
21 | clean: | ||
22 | rm -f *.o *~ $(hostprogs) | ||
23 | |||
24 | -${comp_progs}: LDFLAGS += -lssl -lcrypto | ||
25 | +${comp_progs}: LDLIBS += -lssl -lcrypto | ||
26 | ${comp_progs}: %: %.o openssl_wrapper.o | ||
27 | -- | ||
28 | 1.9.1 | ||
29 | |||
diff --git a/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch new file mode 100644 index 00000000..08d92313 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch | |||
@@ -0,0 +1,207 @@ | |||
1 | From 71b317347179225693c6d41b740d387ae2c25061 Mon Sep 17 00:00:00 2001 | ||
2 | From: Horia Geanta <horia.geanta@freescale.com> | ||
3 | Date: Wed, 4 Dec 2013 15:43:41 +0200 | ||
4 | Subject: [PATCH 02/15] add support for COMPAT_CIOCAUTHCRYPT ioctl() | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Needed for 64b kernel with 32b user space. | ||
9 | |||
10 | Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1 | ||
11 | Signed-off-by: Horia Geanta <horia.geanta@freescale.com> | ||
12 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
13 | --- | ||
14 | authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
15 | cryptodev_int.h | 40 +++++++++++++++++++++++++++++ | ||
16 | ioctl.c | 16 ++++++++++++ | ||
17 | 3 files changed, 134 insertions(+) | ||
18 | |||
19 | diff --git a/authenc.c b/authenc.c | ||
20 | index 1bd7377..ef0d3db 100644 | ||
21 | --- a/authenc.c | ||
22 | +++ b/authenc.c | ||
23 | @@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp | ||
24 | return 0; | ||
25 | } | ||
26 | |||
27 | +/* compatibility code for 32bit userlands */ | ||
28 | +#ifdef CONFIG_COMPAT | ||
29 | + | ||
30 | +static inline void | ||
31 | +compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat, | ||
32 | + struct crypt_auth_op *caop) | ||
33 | +{ | ||
34 | + caop->ses = compat->ses; | ||
35 | + caop->op = compat->op; | ||
36 | + caop->flags = compat->flags; | ||
37 | + caop->len = compat->len; | ||
38 | + caop->auth_len = compat->auth_len; | ||
39 | + caop->tag_len = compat->tag_len; | ||
40 | + caop->iv_len = compat->iv_len; | ||
41 | + | ||
42 | + caop->auth_src = compat_ptr(compat->auth_src); | ||
43 | + caop->src = compat_ptr(compat->src); | ||
44 | + caop->dst = compat_ptr(compat->dst); | ||
45 | + caop->tag = compat_ptr(compat->tag); | ||
46 | + caop->iv = compat_ptr(compat->iv); | ||
47 | +} | ||
48 | + | ||
49 | +static inline void | ||
50 | +crypt_auth_op_to_compat(struct crypt_auth_op *caop, | ||
51 | + struct compat_crypt_auth_op *compat) | ||
52 | +{ | ||
53 | + compat->ses = caop->ses; | ||
54 | + compat->op = caop->op; | ||
55 | + compat->flags = caop->flags; | ||
56 | + compat->len = caop->len; | ||
57 | + compat->auth_len = caop->auth_len; | ||
58 | + compat->tag_len = caop->tag_len; | ||
59 | + compat->iv_len = caop->iv_len; | ||
60 | + | ||
61 | + compat->auth_src = ptr_to_compat(caop->auth_src); | ||
62 | + compat->src = ptr_to_compat(caop->src); | ||
63 | + compat->dst = ptr_to_compat(caop->dst); | ||
64 | + compat->tag = ptr_to_compat(caop->tag); | ||
65 | + compat->iv = ptr_to_compat(caop->iv); | ||
66 | +} | ||
67 | + | ||
68 | +int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, | ||
69 | + struct fcrypt *fcr, void __user *arg) | ||
70 | +{ | ||
71 | + struct compat_crypt_auth_op compat_caop; | ||
72 | + | ||
73 | + if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) { | ||
74 | + dprintk(1, KERN_ERR, "Error in copying from userspace\n"); | ||
75 | + return -EFAULT; | ||
76 | + } | ||
77 | + | ||
78 | + compat_to_crypt_auth_op(&compat_caop, &kcaop->caop); | ||
79 | + | ||
80 | + return fill_kcaop_from_caop(kcaop, fcr); | ||
81 | +} | ||
82 | + | ||
83 | +int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, | ||
84 | + struct fcrypt *fcr, void __user *arg) | ||
85 | +{ | ||
86 | + int ret; | ||
87 | + struct compat_crypt_auth_op compat_caop; | ||
88 | + | ||
89 | + ret = fill_caop_from_kcaop(kcaop, fcr); | ||
90 | + if (unlikely(ret)) { | ||
91 | + dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n"); | ||
92 | + return ret; | ||
93 | + } | ||
94 | + | ||
95 | + crypt_auth_op_to_compat(&kcaop->caop, &compat_caop); | ||
96 | + | ||
97 | + if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) { | ||
98 | + dprintk(1, KERN_ERR, "Error in copying to userspace\n"); | ||
99 | + return -EFAULT; | ||
100 | + } | ||
101 | + return 0; | ||
102 | +} | ||
103 | + | ||
104 | +#endif /* CONFIG_COMPAT */ | ||
105 | |||
106 | int kcaop_from_user(struct kernel_crypt_auth_op *kcaop, | ||
107 | struct fcrypt *fcr, void __user *arg) | ||
108 | diff --git a/cryptodev_int.h b/cryptodev_int.h | ||
109 | index d7660fa..8e687e7 100644 | ||
110 | --- a/cryptodev_int.h | ||
111 | +++ b/cryptodev_int.h | ||
112 | @@ -73,11 +73,42 @@ struct compat_crypt_op { | ||
113 | compat_uptr_t iv;/* initialization vector for encryption operations */ | ||
114 | }; | ||
115 | |||
116 | + /* input of CIOCAUTHCRYPT */ | ||
117 | +struct compat_crypt_auth_op { | ||
118 | + uint32_t ses; /* session identifier */ | ||
119 | + uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */ | ||
120 | + uint16_t flags; /* see COP_FLAG_AEAD_* */ | ||
121 | + uint32_t len; /* length of source data */ | ||
122 | + uint32_t auth_len; /* length of auth data */ | ||
123 | + compat_uptr_t auth_src; /* authenticated-only data */ | ||
124 | + | ||
125 | + /* The current implementation is more efficient if data are | ||
126 | + * encrypted in-place (src==dst). */ | ||
127 | + compat_uptr_t src; /* data to be encrypted and | ||
128 | + authenticated */ | ||
129 | + compat_uptr_t dst; /* pointer to output data. Must have | ||
130 | + * space for tag. For TLS this should be | ||
131 | + * at least len + tag_size + block_size | ||
132 | + * for padding */ | ||
133 | + | ||
134 | + compat_uptr_t tag; /* where the tag will be copied to. TLS | ||
135 | + * mode doesn't use that as tag is | ||
136 | + * copied to dst. | ||
137 | + * SRTP mode copies tag there. */ | ||
138 | + uint32_t tag_len; /* the length of the tag. Use zero for | ||
139 | + * digest size or max tag. */ | ||
140 | + | ||
141 | + /* initialization vector for encryption operations */ | ||
142 | + compat_uptr_t iv; | ||
143 | + uint32_t iv_len; | ||
144 | +}; | ||
145 | + | ||
146 | /* compat ioctls, defined for the above structs */ | ||
147 | #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) | ||
148 | #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) | ||
149 | #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) | ||
150 | #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) | ||
151 | +#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) | ||
152 | |||
153 | #endif /* CONFIG_COMPAT */ | ||
154 | |||
155 | @@ -108,6 +139,15 @@ struct kernel_crypt_auth_op { | ||
156 | |||
157 | /* auth */ | ||
158 | |||
159 | +#ifdef CONFIG_COMPAT | ||
160 | +int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, | ||
161 | + struct fcrypt *fcr, void __user *arg); | ||
162 | + | ||
163 | +int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, | ||
164 | + struct fcrypt *fcr, void __user *arg); | ||
165 | +#endif /* CONFIG_COMPAT */ | ||
166 | + | ||
167 | + | ||
168 | int kcaop_from_user(struct kernel_crypt_auth_op *kcop, | ||
169 | struct fcrypt *fcr, void __user *arg); | ||
170 | int kcaop_to_user(struct kernel_crypt_auth_op *kcaop, | ||
171 | diff --git a/ioctl.c b/ioctl.c | ||
172 | index a3f8379..5a44807 100644 | ||
173 | --- a/ioctl.c | ||
174 | +++ b/ioctl.c | ||
175 | @@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
176 | struct session_op sop; | ||
177 | struct compat_session_op compat_sop; | ||
178 | struct kernel_crypt_op kcop; | ||
179 | + struct kernel_crypt_auth_op kcaop; | ||
180 | int ret; | ||
181 | |||
182 | if (unlikely(!pcr)) | ||
183 | @@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
184 | return ret; | ||
185 | |||
186 | return compat_kcop_to_user(&kcop, fcr, arg); | ||
187 | + | ||
188 | + case COMPAT_CIOCAUTHCRYPT: | ||
189 | + if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) { | ||
190 | + dprintk(1, KERN_WARNING, "Error copying from user\n"); | ||
191 | + return ret; | ||
192 | + } | ||
193 | + | ||
194 | + ret = crypto_auth_run(fcr, &kcaop); | ||
195 | + if (unlikely(ret)) { | ||
196 | + dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n"); | ||
197 | + return ret; | ||
198 | + } | ||
199 | + | ||
200 | + return compat_kcaop_to_user(&kcaop, fcr, arg); | ||
201 | + | ||
202 | #ifdef ENABLE_ASYNC | ||
203 | case COMPAT_CIOCASYNCCRYPT: | ||
204 | if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg))) | ||
205 | -- | ||
206 | 2.3.5 | ||
207 | |||
diff --git a/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch b/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch new file mode 100644 index 00000000..68c48e0c --- /dev/null +++ b/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From da730106c2558c8e0c8e1b1b1812d32ef9574ab7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Phil Sutter <phil@nwl.cc> | ||
3 | Date: Sat, 11 Apr 2015 12:45:05 +0200 | ||
4 | Subject: [PATCH 2/4] tests/Makefile: fix arg passing to CC in implicit rule | ||
5 | |||
6 | GCC docs suggest passing -lfoo after object files referring to functions | ||
7 | in libfoo. Therefore use LDLIBS to specify libraries, which puts them at | ||
8 | the right place when make calls CC implicitly. | ||
9 | |||
10 | Signed-off-by: Phil Sutter <phil@nwl.cc> | ||
11 | --- | ||
12 | tests/Makefile | 2 +- | ||
13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/tests/Makefile b/tests/Makefile | ||
16 | index c9f04e8..20c52ba 100644 | ||
17 | --- a/tests/Makefile | ||
18 | +++ b/tests/Makefile | ||
19 | @@ -31,5 +31,5 @@ check: $(hostprogs) | ||
20 | clean: | ||
21 | rm -f *.o *~ $(hostprogs) | ||
22 | |||
23 | -${comp_progs}: LDFLAGS += -lssl -lcrypto | ||
24 | +${comp_progs}: LDLIBS += -lssl -lcrypto | ||
25 | ${comp_progs}: %: %.o openssl_wrapper.o | ||
26 | -- | ||
27 | 2.3.5 | ||
28 | |||
diff --git a/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch b/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch new file mode 100644 index 00000000..e384950c --- /dev/null +++ b/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From c618f882c283511dd4f7547113a1117c4785f56f Mon Sep 17 00:00:00 2001 | ||
2 | From: Denys Dmytriyenko <denys@ti.com> | ||
3 | Date: Sun, 6 Apr 2014 19:51:39 -0400 | ||
4 | Subject: [PATCH 3/4] Disable installing header file provided by another | ||
5 | package | ||
6 | |||
7 | Signed-off-by: Denys Dmytriyenko <denys@ti.com> | ||
8 | |||
9 | Upstream-Status: Inappropriate [ OE specific ] | ||
10 | --- | ||
11 | Makefile | 2 -- | ||
12 | 1 file changed, 2 deletions(-) | ||
13 | |||
14 | diff --git a/Makefile b/Makefile | ||
15 | index 31c4b3f..855bb54 100644 | ||
16 | --- a/Makefile | ||
17 | +++ b/Makefile | ||
18 | @@ -31,8 +31,6 @@ install: modules_install | ||
19 | |||
20 | modules_install: | ||
21 | make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install | ||
22 | - @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..." | ||
23 | - @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h | ||
24 | |||
25 | clean: | ||
26 | make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean | ||
27 | -- | ||
28 | 2.3.5 | ||
29 | |||
diff --git a/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch b/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch new file mode 100644 index 00000000..46f24320 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch | |||
@@ -0,0 +1,898 @@ | |||
1 | From fc9ee6ed33c76372de6e3748d2e951fa10f7c47e Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Fri, 7 Mar 2014 06:16:09 +0545 | ||
4 | Subject: [PATCH 03/15] PKC support added in cryptodev module | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | cryptlib.c | 66 +++++++++- | ||
11 | cryptlib.h | 28 ++++ | ||
12 | crypto/cryptodev.h | 15 ++- | ||
13 | cryptodev_int.h | 20 ++- | ||
14 | ioctl.c | 196 +++++++++++++++++++++++++-- | ||
15 | main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
16 | 6 files changed, 685 insertions(+), 18 deletions(-) | ||
17 | |||
18 | diff --git a/cryptlib.c b/cryptlib.c | ||
19 | index 44ce763..6900028 100644 | ||
20 | --- a/cryptlib.c | ||
21 | +++ b/cryptlib.c | ||
22 | @@ -5,6 +5,8 @@ | ||
23 | * Portions Copyright (c) 2010 Michael Weiser | ||
24 | * Portions Copyright (c) 2010 Phil Sutter | ||
25 | * | ||
26 | + * Copyright 2012 Freescale Semiconductor, Inc. | ||
27 | + * | ||
28 | * This file is part of linux cryptodev. | ||
29 | * | ||
30 | * This program is free software; you can redistribute it and/or | ||
31 | @@ -39,11 +41,6 @@ | ||
32 | #include "cryptodev_int.h" | ||
33 | |||
34 | |||
35 | -struct cryptodev_result { | ||
36 | - struct completion completion; | ||
37 | - int err; | ||
38 | -}; | ||
39 | - | ||
40 | static void cryptodev_complete(struct crypto_async_request *req, int err) | ||
41 | { | ||
42 | struct cryptodev_result *res = req->data; | ||
43 | @@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret) | ||
44 | case 0: | ||
45 | break; | ||
46 | case -EINPROGRESS: | ||
47 | - case -EBUSY: | ||
48 | wait_for_completion(&cr->completion); | ||
49 | /* At this point we known for sure the request has finished, | ||
50 | * because wait_for_completion above was not interruptible. | ||
51 | @@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) | ||
52 | return waitfor(hdata->async.result, ret); | ||
53 | } | ||
54 | |||
55 | +int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) | ||
56 | +{ | ||
57 | + int ret = 0; | ||
58 | + struct pkc_request *pkc_req = &pkc->req, *pkc_requested; | ||
59 | + | ||
60 | + switch (pkc_req->type) { | ||
61 | + case RSA_PUB: | ||
62 | + case RSA_PRIV_FORM1: | ||
63 | + case RSA_PRIV_FORM2: | ||
64 | + case RSA_PRIV_FORM3: | ||
65 | + pkc->s = crypto_alloc_pkc("pkc(rsa)", | ||
66 | + CRYPTO_ALG_TYPE_PKC_RSA, 0); | ||
67 | + break; | ||
68 | + case DSA_SIGN: | ||
69 | + case DSA_VERIFY: | ||
70 | + case ECDSA_SIGN: | ||
71 | + case ECDSA_VERIFY: | ||
72 | + pkc->s = crypto_alloc_pkc("pkc(dsa)", | ||
73 | + CRYPTO_ALG_TYPE_PKC_DSA, 0); | ||
74 | + break; | ||
75 | + case DH_COMPUTE_KEY: | ||
76 | + case ECDH_COMPUTE_KEY: | ||
77 | + pkc->s = crypto_alloc_pkc("pkc(dh)", | ||
78 | + CRYPTO_ALG_TYPE_PKC_DH, 0); | ||
79 | + break; | ||
80 | + default: | ||
81 | + return -EINVAL; | ||
82 | + } | ||
83 | + | ||
84 | + if (IS_ERR_OR_NULL(pkc->s)) | ||
85 | + return -EINVAL; | ||
86 | + | ||
87 | + init_completion(&pkc->result.completion); | ||
88 | + pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); | ||
89 | + | ||
90 | + if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { | ||
91 | + ret = -ENOMEM; | ||
92 | + goto error; | ||
93 | + } | ||
94 | + pkc_requested->type = pkc_req->type; | ||
95 | + pkc_requested->curve_type = pkc_req->curve_type; | ||
96 | + memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); | ||
97 | + pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, | ||
98 | + cryptodev_complete_asym, pkc); | ||
99 | + ret = crypto_pkc_op(pkc_requested); | ||
100 | + if (ret != -EINPROGRESS && ret != 0) | ||
101 | + goto error2; | ||
102 | + | ||
103 | + if (pkc->type == SYNCHRONOUS) | ||
104 | + ret = waitfor(&pkc->result, ret); | ||
105 | + | ||
106 | + return ret; | ||
107 | +error2: | ||
108 | + kfree(pkc_requested); | ||
109 | +error: | ||
110 | + crypto_free_pkc(pkc->s); | ||
111 | + return ret; | ||
112 | +} | ||
113 | diff --git a/cryptlib.h b/cryptlib.h | ||
114 | index a0a8a63..56d325a 100644 | ||
115 | --- a/cryptlib.h | ||
116 | +++ b/cryptlib.h | ||
117 | @@ -1,3 +1,6 @@ | ||
118 | +/* | ||
119 | + * Copyright 2012 Freescale Semiconductor, Inc. | ||
120 | + */ | ||
121 | #ifndef CRYPTLIB_H | ||
122 | # define CRYPTLIB_H | ||
123 | |||
124 | @@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata); | ||
125 | int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, | ||
126 | int hmac_mode, void *mackey, size_t mackeylen); | ||
127 | |||
128 | +/* Operation Type */ | ||
129 | +enum offload_type { | ||
130 | + SYNCHRONOUS, | ||
131 | + ASYNCHRONOUS | ||
132 | +}; | ||
133 | + | ||
134 | +struct cryptodev_result { | ||
135 | + struct completion completion; | ||
136 | + int err; | ||
137 | +}; | ||
138 | + | ||
139 | +struct cryptodev_pkc { | ||
140 | + struct list_head list; /* To maintain the Jobs in completed | ||
141 | + cryptodev lists */ | ||
142 | + struct kernel_crypt_kop kop; | ||
143 | + struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ | ||
144 | + struct cryptodev_result result; /* Result to be updated by | ||
145 | + completion handler */ | ||
146 | + struct pkc_request req; /* PKC request structure allocated | ||
147 | + from CryptoAPI */ | ||
148 | + enum offload_type type; /* Synchronous Vs Asynchronous request */ | ||
149 | + void *cookie; /*Additional opaque cookie to be used in future */ | ||
150 | + struct crypt_priv *priv; | ||
151 | +}; | ||
152 | |||
153 | +int cryptodev_pkc_offload(struct cryptodev_pkc *); | ||
154 | #endif | ||
155 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
156 | index c0e8cd4..96675fe 100644 | ||
157 | --- a/crypto/cryptodev.h | ||
158 | +++ b/crypto/cryptodev.h | ||
159 | @@ -1,6 +1,10 @@ | ||
160 | -/* This is a source compatible implementation with the original API of | ||
161 | +/* | ||
162 | + * Copyright 2012 Freescale Semiconductor, Inc. | ||
163 | + * | ||
164 | + * This is a source compatible implementation with the original API of | ||
165 | * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. | ||
166 | - * Placed under public domain */ | ||
167 | + * Placed under public domain | ||
168 | + */ | ||
169 | |||
170 | #ifndef L_CRYPTODEV_H | ||
171 | #define L_CRYPTODEV_H | ||
172 | @@ -245,6 +249,9 @@ struct crypt_kop { | ||
173 | __u16 crk_oparams; | ||
174 | __u32 crk_pad1; | ||
175 | struct crparam crk_param[CRK_MAXPARAM]; | ||
176 | + enum curve_t curve_type; /* 0 == Discrete Log, | ||
177 | + 1 = EC_PRIME, 2 = EC_BINARY */ | ||
178 | + void *cookie; | ||
179 | }; | ||
180 | |||
181 | enum cryptodev_crk_op_t { | ||
182 | @@ -289,5 +296,7 @@ enum cryptodev_crk_op_t { | ||
183 | */ | ||
184 | #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) | ||
185 | #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) | ||
186 | - | ||
187 | +/* additional ioctls for asynchronous operation for asymmetric ciphers*/ | ||
188 | +#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) | ||
189 | +#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) | ||
190 | #endif /* L_CRYPTODEV_H */ | ||
191 | diff --git a/cryptodev_int.h b/cryptodev_int.h | ||
192 | index 8e687e7..fdbcc61 100644 | ||
193 | --- a/cryptodev_int.h | ||
194 | +++ b/cryptodev_int.h | ||
195 | @@ -1,4 +1,6 @@ | ||
196 | -/* cipher stuff */ | ||
197 | +/* cipher stuff | ||
198 | + * Copyright 2012 Freescale Semiconductor, Inc. | ||
199 | + */ | ||
200 | #ifndef CRYPTODEV_INT_H | ||
201 | # define CRYPTODEV_INT_H | ||
202 | |||
203 | @@ -112,6 +114,14 @@ struct compat_crypt_auth_op { | ||
204 | |||
205 | #endif /* CONFIG_COMPAT */ | ||
206 | |||
207 | +/* kernel-internal extension to struct crypt_kop */ | ||
208 | +struct kernel_crypt_kop { | ||
209 | + struct crypt_kop kop; | ||
210 | + | ||
211 | + struct task_struct *task; | ||
212 | + struct mm_struct *mm; | ||
213 | +}; | ||
214 | + | ||
215 | /* kernel-internal extension to struct crypt_op */ | ||
216 | struct kernel_crypt_op { | ||
217 | struct crypt_op cop; | ||
218 | @@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop); | ||
219 | |||
220 | #include <cryptlib.h> | ||
221 | |||
222 | +/* Cryptodev Key operation handler */ | ||
223 | +int crypto_bn_modexp(struct cryptodev_pkc *); | ||
224 | +int crypto_modexp_crt(struct cryptodev_pkc *); | ||
225 | +int crypto_kop_dsasign(struct cryptodev_pkc *); | ||
226 | +int crypto_kop_dsaverify(struct cryptodev_pkc *); | ||
227 | +int crypto_run_asym(struct cryptodev_pkc *); | ||
228 | +void cryptodev_complete_asym(struct crypto_async_request *, int); | ||
229 | + | ||
230 | /* other internal structs */ | ||
231 | struct csession { | ||
232 | struct list_head entry; | ||
233 | diff --git a/ioctl.c b/ioctl.c | ||
234 | index 5a44807..69980e3 100644 | ||
235 | --- a/ioctl.c | ||
236 | +++ b/ioctl.c | ||
237 | @@ -4,6 +4,7 @@ | ||
238 | * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs | ||
239 | * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||
240 | * Copyright (c) 2010 Phil Sutter | ||
241 | + * Copyright 2012 Freescale Semiconductor, Inc. | ||
242 | * | ||
243 | * This file is part of linux cryptodev. | ||
244 | * | ||
245 | @@ -89,8 +90,37 @@ struct crypt_priv { | ||
246 | int itemcount; | ||
247 | struct work_struct cryptask; | ||
248 | wait_queue_head_t user_waiter; | ||
249 | + /* List of pending cryptodev_pkc asym requests */ | ||
250 | + struct list_head asym_completed_list; | ||
251 | + /* For addition/removal of entry in pending list of asymmetric request*/ | ||
252 | + spinlock_t completion_lock; | ||
253 | }; | ||
254 | |||
255 | +/* Asymmetric request Completion handler */ | ||
256 | +void cryptodev_complete_asym(struct crypto_async_request *req, int err) | ||
257 | +{ | ||
258 | + struct cryptodev_pkc *pkc = req->data; | ||
259 | + struct cryptodev_result *res = &pkc->result; | ||
260 | + | ||
261 | + crypto_free_pkc(pkc->s); | ||
262 | + res->err = err; | ||
263 | + if (pkc->type == SYNCHRONOUS) { | ||
264 | + if (err == -EINPROGRESS) | ||
265 | + return; | ||
266 | + complete(&res->completion); | ||
267 | + } else { | ||
268 | + struct crypt_priv *pcr = pkc->priv; | ||
269 | + unsigned long flags; | ||
270 | + spin_lock_irqsave(&pcr->completion_lock, flags); | ||
271 | + list_add_tail(&pkc->list, &pcr->asym_completed_list); | ||
272 | + spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
273 | + /* wake for POLLIN */ | ||
274 | + wake_up_interruptible(&pcr->user_waiter); | ||
275 | + } | ||
276 | + | ||
277 | + kfree(req); | ||
278 | +} | ||
279 | + | ||
280 | #define FILL_SG(sg, ptr, len) \ | ||
281 | do { \ | ||
282 | (sg)->page = virt_to_page(ptr); \ | ||
283 | @@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp) | ||
284 | INIT_LIST_HEAD(&pcr->free.list); | ||
285 | INIT_LIST_HEAD(&pcr->todo.list); | ||
286 | INIT_LIST_HEAD(&pcr->done.list); | ||
287 | - | ||
288 | + INIT_LIST_HEAD(&pcr->asym_completed_list); | ||
289 | + spin_lock_init(&pcr->completion_lock); | ||
290 | INIT_WORK(&pcr->cryptask, cryptask_routine); | ||
291 | |||
292 | init_waitqueue_head(&pcr->user_waiter); | ||
293 | @@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr, | ||
294 | } | ||
295 | #endif | ||
296 | |||
297 | +/* get the first asym cipher completed job from the "done" queue | ||
298 | + * | ||
299 | + * returns: | ||
300 | + * -EBUSY if no completed jobs are ready (yet) | ||
301 | + * the return value otherwise */ | ||
302 | +static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
303 | +{ | ||
304 | + int ret = 0; | ||
305 | + struct kernel_crypt_kop *kop = &pkc->kop; | ||
306 | + struct crypt_kop *ckop = &kop->kop; | ||
307 | + struct pkc_request *pkc_req = &pkc->req; | ||
308 | + | ||
309 | + switch (ckop->crk_op) { | ||
310 | + case CRK_MOD_EXP: | ||
311 | + { | ||
312 | + struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; | ||
313 | + copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, | ||
314 | + rsa_req->g_len); | ||
315 | + } | ||
316 | + break; | ||
317 | + case CRK_MOD_EXP_CRT: | ||
318 | + { | ||
319 | + struct rsa_priv_frm3_req_s *rsa_req = | ||
320 | + &pkc_req->req_u.rsa_priv_f3; | ||
321 | + copy_to_user(ckop->crk_param[6].crp_p, | ||
322 | + rsa_req->f, rsa_req->f_len); | ||
323 | + } | ||
324 | + break; | ||
325 | + case CRK_DSA_SIGN: | ||
326 | + { | ||
327 | + struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; | ||
328 | + | ||
329 | + if (pkc_req->type == ECDSA_SIGN) { | ||
330 | + copy_to_user(ckop->crk_param[6].crp_p, | ||
331 | + dsa_req->c, dsa_req->d_len); | ||
332 | + copy_to_user(ckop->crk_param[7].crp_p, | ||
333 | + dsa_req->d, dsa_req->d_len); | ||
334 | + } else { | ||
335 | + copy_to_user(ckop->crk_param[5].crp_p, | ||
336 | + dsa_req->c, dsa_req->d_len); | ||
337 | + copy_to_user(ckop->crk_param[6].crp_p, | ||
338 | + dsa_req->d, dsa_req->d_len); | ||
339 | + } | ||
340 | + } | ||
341 | + break; | ||
342 | + case CRK_DSA_VERIFY: | ||
343 | + break; | ||
344 | + case CRK_DH_COMPUTE_KEY: | ||
345 | + { | ||
346 | + struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; | ||
347 | + if (pkc_req->type == ECDH_COMPUTE_KEY) | ||
348 | + copy_to_user(ckop->crk_param[4].crp_p, | ||
349 | + dh_req->z, dh_req->z_len); | ||
350 | + else | ||
351 | + copy_to_user(ckop->crk_param[3].crp_p, | ||
352 | + dh_req->z, dh_req->z_len); | ||
353 | + } | ||
354 | + break; | ||
355 | + default: | ||
356 | + ret = -EINVAL; | ||
357 | + } | ||
358 | + kfree(pkc->cookie); | ||
359 | + return ret; | ||
360 | +} | ||
361 | + | ||
362 | +/* this function has to be called from process context */ | ||
363 | +static int fill_kop_from_cop(struct kernel_crypt_kop *kop) | ||
364 | +{ | ||
365 | + kop->task = current; | ||
366 | + kop->mm = current->mm; | ||
367 | + return 0; | ||
368 | +} | ||
369 | + | ||
370 | /* this function has to be called from process context */ | ||
371 | static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) | ||
372 | { | ||
373 | @@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) | ||
374 | |||
375 | if (cop->iv) { | ||
376 | rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); | ||
377 | - if (unlikely(rc)) { | ||
378 | - derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", | ||
379 | - kcop->ivlen, rc, cop->iv); | ||
380 | + if (unlikely(rc)) | ||
381 | return -EFAULT; | ||
382 | - } | ||
383 | } | ||
384 | |||
385 | return 0; | ||
386 | @@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) | ||
387 | return 0; | ||
388 | } | ||
389 | |||
390 | +static int kop_from_user(struct kernel_crypt_kop *kop, | ||
391 | + void __user *arg) | ||
392 | +{ | ||
393 | + if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop)))) | ||
394 | + return -EFAULT; | ||
395 | + | ||
396 | + return fill_kop_from_cop(kop); | ||
397 | +} | ||
398 | + | ||
399 | +static int kop_to_user(struct kernel_crypt_kop *kop, | ||
400 | + void __user *arg) | ||
401 | +{ | ||
402 | + if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { | ||
403 | + dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); | ||
404 | + return -EFAULT; | ||
405 | + } | ||
406 | + return 0; | ||
407 | +} | ||
408 | + | ||
409 | static int kcop_from_user(struct kernel_crypt_op *kcop, | ||
410 | struct fcrypt *fcr, void __user *arg) | ||
411 | { | ||
412 | @@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
413 | |||
414 | switch (cmd) { | ||
415 | case CIOCASYMFEAT: | ||
416 | - return put_user(0, p); | ||
417 | + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | | ||
418 | + CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); | ||
419 | case CRIOGET: | ||
420 | fd = clonefd(filp); | ||
421 | ret = put_user(fd, p); | ||
422 | @@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
423 | if (unlikely(ret)) | ||
424 | return ret; | ||
425 | return copy_to_user(arg, &siop, sizeof(siop)); | ||
426 | + case CIOCKEY: | ||
427 | + { | ||
428 | + struct cryptodev_pkc *pkc = | ||
429 | + kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); | ||
430 | + | ||
431 | + if (!pkc) | ||
432 | + return -ENOMEM; | ||
433 | + | ||
434 | + ret = kop_from_user(&pkc->kop, arg); | ||
435 | + if (unlikely(ret)) { | ||
436 | + kfree(pkc); | ||
437 | + return ret; | ||
438 | + } | ||
439 | + pkc->type = SYNCHRONOUS; | ||
440 | + ret = crypto_run_asym(pkc); | ||
441 | + kfree(pkc); | ||
442 | + } | ||
443 | + return ret; | ||
444 | case CIOCCRYPT: | ||
445 | if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) { | ||
446 | dwarning(1, "Error copying from user"); | ||
447 | @@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
448 | |||
449 | return kcop_to_user(&kcop, fcr, arg); | ||
450 | #endif | ||
451 | + case CIOCASYMASYNCRYPT: | ||
452 | + { | ||
453 | + struct cryptodev_pkc *pkc = | ||
454 | + kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); | ||
455 | + ret = kop_from_user(&pkc->kop, arg); | ||
456 | + | ||
457 | + if (unlikely(ret)) | ||
458 | + return -EINVAL; | ||
459 | + | ||
460 | + /* Store associated FD priv data with asymmetric request */ | ||
461 | + pkc->priv = pcr; | ||
462 | + pkc->type = ASYNCHRONOUS; | ||
463 | + ret = crypto_run_asym(pkc); | ||
464 | + if (ret == -EINPROGRESS) | ||
465 | + ret = 0; | ||
466 | + } | ||
467 | + return ret; | ||
468 | + case CIOCASYMASYNFETCH: | ||
469 | + { | ||
470 | + struct cryptodev_pkc *pkc; | ||
471 | + unsigned long flags; | ||
472 | + | ||
473 | + spin_lock_irqsave(&pcr->completion_lock, flags); | ||
474 | + if (list_empty(&pcr->asym_completed_list)) { | ||
475 | + spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
476 | + return -ENOMEM; | ||
477 | + } | ||
478 | + pkc = list_first_entry(&pcr->asym_completed_list, | ||
479 | + struct cryptodev_pkc, list); | ||
480 | + list_del(&pkc->list); | ||
481 | + spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
482 | + ret = crypto_async_fetch_asym(pkc); | ||
483 | + | ||
484 | + /* Reflect the updated request to user-space */ | ||
485 | + if (!ret) | ||
486 | + kop_to_user(&pkc->kop, arg); | ||
487 | + kfree(pkc); | ||
488 | + } | ||
489 | + return ret; | ||
490 | default: | ||
491 | return -EINVAL; | ||
492 | } | ||
493 | @@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait) | ||
494 | |||
495 | poll_wait(file, &pcr->user_waiter, wait); | ||
496 | |||
497 | - if (!list_empty_careful(&pcr->done.list)) | ||
498 | + if (!list_empty_careful(&pcr->done.list) || | ||
499 | + !list_empty_careful(&pcr->asym_completed_list)) | ||
500 | ret |= POLLIN | POLLRDNORM; | ||
501 | - if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE) | ||
502 | + if (!list_empty_careful(&pcr->free.list) || | ||
503 | + pcr->itemcount < MAX_COP_RINGSIZE) | ||
504 | ret |= POLLOUT | POLLWRNORM; | ||
505 | |||
506 | return ret; | ||
507 | diff --git a/main.c b/main.c | ||
508 | index 57e5c38..0b7951e 100644 | ||
509 | --- a/main.c | ||
510 | +++ b/main.c | ||
511 | @@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop) | ||
512 | return ret; | ||
513 | } | ||
514 | |||
515 | +int crypto_kop_dsasign(struct cryptodev_pkc *pkc) | ||
516 | +{ | ||
517 | + struct kernel_crypt_kop *kop = &pkc->kop; | ||
518 | + struct crypt_kop *cop = &kop->kop; | ||
519 | + struct pkc_request *pkc_req = &pkc->req; | ||
520 | + struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; | ||
521 | + int rc, buf_size; | ||
522 | + uint8_t *buf; | ||
523 | + | ||
524 | + if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || | ||
525 | + !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || | ||
526 | + !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || | ||
527 | + !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 && | ||
528 | + !cop->crk_param[7].crp_nbits)) | ||
529 | + return -EINVAL; | ||
530 | + | ||
531 | + dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
532 | + dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
533 | + dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
534 | + dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
535 | + dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
536 | + dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; | ||
537 | + buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + | ||
538 | + dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len + | ||
539 | + dsa_req->d_len; | ||
540 | + if (cop->crk_iparams == 6) { | ||
541 | + dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; | ||
542 | + buf_size += dsa_req->ab_len; | ||
543 | + pkc_req->type = ECDSA_SIGN; | ||
544 | + pkc_req->curve_type = cop->curve_type; | ||
545 | + } else { | ||
546 | + pkc_req->type = DSA_SIGN; | ||
547 | + } | ||
548 | + | ||
549 | + buf = kzalloc(buf_size, GFP_DMA); | ||
550 | + | ||
551 | + dsa_req->q = buf; | ||
552 | + dsa_req->r = dsa_req->q + dsa_req->q_len; | ||
553 | + dsa_req->g = dsa_req->r + dsa_req->r_len; | ||
554 | + dsa_req->priv_key = dsa_req->g + dsa_req->g_len; | ||
555 | + dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; | ||
556 | + dsa_req->c = dsa_req->m + dsa_req->m_len; | ||
557 | + dsa_req->d = dsa_req->c + dsa_req->d_len; | ||
558 | + copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); | ||
559 | + copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); | ||
560 | + copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); | ||
561 | + copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); | ||
562 | + copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, | ||
563 | + dsa_req->priv_key_len); | ||
564 | + if (cop->crk_iparams == 6) { | ||
565 | + dsa_req->ab = dsa_req->d + dsa_req->d_len; | ||
566 | + copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, | ||
567 | + dsa_req->ab_len); | ||
568 | + } | ||
569 | + rc = cryptodev_pkc_offload(pkc); | ||
570 | + if (pkc->type == SYNCHRONOUS) { | ||
571 | + if (rc) | ||
572 | + goto err; | ||
573 | + if (cop->crk_iparams == 6) { | ||
574 | + copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, | ||
575 | + dsa_req->d_len); | ||
576 | + copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, | ||
577 | + dsa_req->d_len); | ||
578 | + } else { | ||
579 | + copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, | ||
580 | + dsa_req->d_len); | ||
581 | + copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, | ||
582 | + dsa_req->d_len); | ||
583 | + } | ||
584 | + } else { | ||
585 | + if (rc != -EINPROGRESS && rc != 0) | ||
586 | + goto err; | ||
587 | + | ||
588 | + pkc->cookie = buf; | ||
589 | + return rc; | ||
590 | + } | ||
591 | +err: | ||
592 | + kfree(buf); | ||
593 | + return rc; | ||
594 | +} | ||
595 | + | ||
596 | +int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) | ||
597 | +{ | ||
598 | + struct kernel_crypt_kop *kop = &pkc->kop; | ||
599 | + struct crypt_kop *cop = &kop->kop; | ||
600 | + struct pkc_request *pkc_req; | ||
601 | + struct dsa_verify_req_s *dsa_req; | ||
602 | + int rc, buf_size; | ||
603 | + uint8_t *buf; | ||
604 | + | ||
605 | + if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || | ||
606 | + !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || | ||
607 | + !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || | ||
608 | + !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 && | ||
609 | + !cop->crk_param[7].crp_nbits)) | ||
610 | + return -EINVAL; | ||
611 | + | ||
612 | + pkc_req = &pkc->req; | ||
613 | + dsa_req = &pkc_req->req_u.dsa_verify; | ||
614 | + dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
615 | + dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
616 | + dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
617 | + dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
618 | + dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
619 | + dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; | ||
620 | + buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + | ||
621 | + dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len + | ||
622 | + dsa_req->d_len; | ||
623 | + if (cop->crk_iparams == 8) { | ||
624 | + dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; | ||
625 | + buf_size += dsa_req->ab_len; | ||
626 | + pkc_req->type = ECDSA_VERIFY; | ||
627 | + pkc_req->curve_type = cop->curve_type; | ||
628 | + } else { | ||
629 | + pkc_req->type = DSA_VERIFY; | ||
630 | + } | ||
631 | + | ||
632 | + buf = kzalloc(buf_size, GFP_DMA); | ||
633 | + | ||
634 | + dsa_req->q = buf; | ||
635 | + dsa_req->r = dsa_req->q + dsa_req->q_len; | ||
636 | + dsa_req->g = dsa_req->r + dsa_req->r_len; | ||
637 | + dsa_req->pub_key = dsa_req->g + dsa_req->g_len; | ||
638 | + dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; | ||
639 | + dsa_req->c = dsa_req->m + dsa_req->m_len; | ||
640 | + dsa_req->d = dsa_req->c + dsa_req->d_len; | ||
641 | + copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); | ||
642 | + copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); | ||
643 | + copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); | ||
644 | + copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); | ||
645 | + copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, | ||
646 | + dsa_req->pub_key_len); | ||
647 | + if (cop->crk_iparams == 8) { | ||
648 | + dsa_req->ab = dsa_req->d + dsa_req->d_len; | ||
649 | + copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, | ||
650 | + dsa_req->ab_len); | ||
651 | + copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, | ||
652 | + dsa_req->d_len); | ||
653 | + copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, | ||
654 | + dsa_req->d_len); | ||
655 | + } else { | ||
656 | + copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, | ||
657 | + dsa_req->d_len); | ||
658 | + copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, | ||
659 | + dsa_req->d_len); | ||
660 | + } | ||
661 | + rc = cryptodev_pkc_offload(pkc); | ||
662 | + if (pkc->type == SYNCHRONOUS) { | ||
663 | + if (rc) | ||
664 | + goto err; | ||
665 | + } else { | ||
666 | + if (rc != -EINPROGRESS && !rc) | ||
667 | + goto err; | ||
668 | + pkc->cookie = buf; | ||
669 | + return rc; | ||
670 | + } | ||
671 | +err: | ||
672 | + kfree(buf); | ||
673 | + return rc; | ||
674 | +} | ||
675 | + | ||
676 | +int crypto_kop_dh_key(struct cryptodev_pkc *pkc) | ||
677 | +{ | ||
678 | + struct kernel_crypt_kop *kop = &pkc->kop; | ||
679 | + struct crypt_kop *cop = &kop->kop; | ||
680 | + struct pkc_request *pkc_req; | ||
681 | + struct dh_key_req_s *dh_req; | ||
682 | + int buf_size; | ||
683 | + uint8_t *buf; | ||
684 | + int rc = -EINVAL; | ||
685 | + | ||
686 | + pkc_req = &pkc->req; | ||
687 | + dh_req = &pkc_req->req_u.dh_req; | ||
688 | + dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
689 | + dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
690 | + dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
691 | + buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; | ||
692 | + if (cop->crk_iparams == 4) { | ||
693 | + pkc_req->type = ECDH_COMPUTE_KEY; | ||
694 | + dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
695 | + dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
696 | + buf_size += dh_req->ab_len; | ||
697 | + } else { | ||
698 | + dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
699 | + pkc_req->type = DH_COMPUTE_KEY; | ||
700 | + } | ||
701 | + buf_size += dh_req->z_len; | ||
702 | + buf = kzalloc(buf_size, GFP_DMA); | ||
703 | + dh_req->q = buf; | ||
704 | + dh_req->s = dh_req->q + dh_req->q_len; | ||
705 | + dh_req->pub_key = dh_req->s + dh_req->s_len; | ||
706 | + dh_req->z = dh_req->pub_key + dh_req->pub_key_len; | ||
707 | + if (cop->crk_iparams == 4) { | ||
708 | + dh_req->ab = dh_req->z + dh_req->z_len; | ||
709 | + pkc_req->curve_type = cop->curve_type; | ||
710 | + copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, | ||
711 | + dh_req->ab_len); | ||
712 | + } | ||
713 | + copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); | ||
714 | + copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, | ||
715 | + dh_req->pub_key_len); | ||
716 | + copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); | ||
717 | + rc = cryptodev_pkc_offload(pkc); | ||
718 | + if (pkc->type == SYNCHRONOUS) { | ||
719 | + if (rc) | ||
720 | + goto err; | ||
721 | + if (cop->crk_iparams == 4) | ||
722 | + copy_to_user(cop->crk_param[4].crp_p, dh_req->z, | ||
723 | + dh_req->z_len); | ||
724 | + else | ||
725 | + copy_to_user(cop->crk_param[3].crp_p, dh_req->z, | ||
726 | + dh_req->z_len); | ||
727 | + } else { | ||
728 | + if (rc != -EINPROGRESS && rc != 0) | ||
729 | + goto err; | ||
730 | + | ||
731 | + pkc->cookie = buf; | ||
732 | + return rc; | ||
733 | + } | ||
734 | +err: | ||
735 | + kfree(buf); | ||
736 | + return rc; | ||
737 | +} | ||
738 | + | ||
739 | +int crypto_modexp_crt(struct cryptodev_pkc *pkc) | ||
740 | +{ | ||
741 | + struct kernel_crypt_kop *kop = &pkc->kop; | ||
742 | + struct crypt_kop *cop = &kop->kop; | ||
743 | + struct pkc_request *pkc_req; | ||
744 | + struct rsa_priv_frm3_req_s *rsa_req; | ||
745 | + int rc; | ||
746 | + uint8_t *buf; | ||
747 | + | ||
748 | + if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || | ||
749 | + !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || | ||
750 | + !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) | ||
751 | + return -EINVAL; | ||
752 | + | ||
753 | + pkc_req = &pkc->req; | ||
754 | + pkc_req->type = RSA_PRIV_FORM3; | ||
755 | + rsa_req = &pkc_req->req_u.rsa_priv_f3; | ||
756 | + rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
757 | + rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
758 | + rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
759 | + rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
760 | + rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
761 | + rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; | ||
762 | + rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; | ||
763 | + buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + | ||
764 | + rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + | ||
765 | + rsa_req->g_len, GFP_DMA); | ||
766 | + rsa_req->p = buf; | ||
767 | + rsa_req->q = rsa_req->p + rsa_req->p_len; | ||
768 | + rsa_req->g = rsa_req->q + rsa_req->q_len; | ||
769 | + rsa_req->dp = rsa_req->g + rsa_req->g_len; | ||
770 | + rsa_req->dq = rsa_req->dp + rsa_req->dp_len; | ||
771 | + rsa_req->c = rsa_req->dq + rsa_req->dq_len; | ||
772 | + rsa_req->f = rsa_req->c + rsa_req->c_len; | ||
773 | + copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); | ||
774 | + copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); | ||
775 | + copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); | ||
776 | + copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); | ||
777 | + copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); | ||
778 | + copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); | ||
779 | + rc = cryptodev_pkc_offload(pkc); | ||
780 | + | ||
781 | + if (pkc->type == SYNCHRONOUS) { | ||
782 | + if (rc) | ||
783 | + goto err; | ||
784 | + copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, | ||
785 | + rsa_req->f_len); | ||
786 | + } else { | ||
787 | + if (rc != -EINPROGRESS && rc != 0) | ||
788 | + goto err; | ||
789 | + | ||
790 | + pkc->cookie = buf; | ||
791 | + return rc; | ||
792 | + } | ||
793 | +err: | ||
794 | + kfree(buf); | ||
795 | + return rc; | ||
796 | +} | ||
797 | + | ||
798 | +int crypto_bn_modexp(struct cryptodev_pkc *pkc) | ||
799 | +{ | ||
800 | + struct pkc_request *pkc_req; | ||
801 | + struct rsa_pub_req_s *rsa_req; | ||
802 | + int rc; | ||
803 | + struct kernel_crypt_kop *kop = &pkc->kop; | ||
804 | + struct crypt_kop *cop = &kop->kop; | ||
805 | + uint8_t *buf; | ||
806 | + | ||
807 | + if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || | ||
808 | + !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) | ||
809 | + return -EINVAL; | ||
810 | + | ||
811 | + pkc_req = &pkc->req; | ||
812 | + pkc_req->type = RSA_PUB; | ||
813 | + rsa_req = &pkc_req->req_u.rsa_pub_req; | ||
814 | + rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
815 | + rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
816 | + rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
817 | + rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
818 | + buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len | ||
819 | + + rsa_req->g_len, GFP_DMA); | ||
820 | + if (!buf) | ||
821 | + return -ENOMEM; | ||
822 | + | ||
823 | + rsa_req->e = buf; | ||
824 | + rsa_req->f = rsa_req->e + rsa_req->e_len; | ||
825 | + rsa_req->g = rsa_req->f + rsa_req->f_len; | ||
826 | + rsa_req->n = rsa_req->g + rsa_req->g_len; | ||
827 | + copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); | ||
828 | + copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); | ||
829 | + copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); | ||
830 | + rc = cryptodev_pkc_offload(pkc); | ||
831 | + if (pkc->type == SYNCHRONOUS) { | ||
832 | + if (rc) | ||
833 | + goto err; | ||
834 | + | ||
835 | + copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, | ||
836 | + rsa_req->g_len); | ||
837 | + } else { | ||
838 | + if (rc != -EINPROGRESS && rc != 0) | ||
839 | + goto err; | ||
840 | + | ||
841 | + /* This one will be freed later in fetch handler */ | ||
842 | + pkc->cookie = buf; | ||
843 | + return rc; | ||
844 | + } | ||
845 | +err: | ||
846 | + kfree(buf); | ||
847 | + return rc; | ||
848 | +} | ||
849 | + | ||
850 | +int crypto_run_asym(struct cryptodev_pkc *pkc) | ||
851 | +{ | ||
852 | + int ret = -EINVAL; | ||
853 | + struct kernel_crypt_kop *kop = &pkc->kop; | ||
854 | + | ||
855 | + switch (kop->kop.crk_op) { | ||
856 | + case CRK_MOD_EXP: | ||
857 | + if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) | ||
858 | + goto err; | ||
859 | + | ||
860 | + ret = crypto_bn_modexp(pkc); | ||
861 | + break; | ||
862 | + case CRK_MOD_EXP_CRT: | ||
863 | + if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) | ||
864 | + goto err; | ||
865 | + | ||
866 | + ret = crypto_modexp_crt(pkc); | ||
867 | + break; | ||
868 | + case CRK_DSA_SIGN: | ||
869 | + if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || | ||
870 | + kop->kop.crk_oparams != 2) | ||
871 | + goto err; | ||
872 | + | ||
873 | + ret = crypto_kop_dsasign(pkc); | ||
874 | + break; | ||
875 | + case CRK_DSA_VERIFY: | ||
876 | + if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || | ||
877 | + kop->kop.crk_oparams != 0) | ||
878 | + goto err; | ||
879 | + | ||
880 | + ret = crypto_kop_dsaverify(pkc); | ||
881 | + break; | ||
882 | + case CRK_DH_COMPUTE_KEY: | ||
883 | + if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || | ||
884 | + kop->kop.crk_oparams != 1) | ||
885 | + goto err; | ||
886 | + ret = crypto_kop_dh_key(pkc); | ||
887 | + break; | ||
888 | + } | ||
889 | +err: | ||
890 | + return ret; | ||
891 | +} | ||
892 | + | ||
893 | int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) | ||
894 | { | ||
895 | struct csession *ses_ptr; | ||
896 | -- | ||
897 | 2.3.5 | ||
898 | |||
diff --git a/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch b/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch new file mode 100644 index 00000000..25a52a9c --- /dev/null +++ b/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From 188f30f6233d05eb62b58bf6d94a16bcbeeae0ee Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Mon, 27 Apr 2015 15:26:14 +0300 | ||
4 | Subject: [PATCH 4/4] Add the compile and install rules for cryptodev tests | ||
5 | |||
6 | Change-Id: Ica10dc563c77220dcf0e0993515230df8a86c34d | ||
7 | Signed-off-by: Yu Zongchun <b40527@freescale.com> | ||
8 | --- | ||
9 | Makefile | 6 ++++++ | ||
10 | tests/Makefile | 8 ++++++++ | ||
11 | 2 files changed, 14 insertions(+) | ||
12 | |||
13 | diff --git a/Makefile b/Makefile | ||
14 | index 855bb54..5497037 100644 | ||
15 | --- a/Makefile | ||
16 | +++ b/Makefile | ||
17 | @@ -32,6 +32,9 @@ install: modules_install | ||
18 | modules_install: | ||
19 | make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install | ||
20 | |||
21 | +install_tests: | ||
22 | + make -C tests install DESTDIR=$(PREFIX) | ||
23 | + | ||
24 | clean: | ||
25 | make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean | ||
26 | rm -f $(hostprogs) *~ | ||
27 | @@ -40,6 +43,9 @@ clean: | ||
28 | check: | ||
29 | CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check | ||
30 | |||
31 | +testprogs: | ||
32 | + KERNEL_DIR=$(KERNEL_DIR) make -C tests testprogs | ||
33 | + | ||
34 | CPOPTS = | ||
35 | ifneq (${SHOW_TYPES},) | ||
36 | CPOPTS += --show-types | ||
37 | diff --git a/tests/Makefile b/tests/Makefile | ||
38 | index 20c52ba..67c3c83 100644 | ||
39 | --- a/tests/Makefile | ||
40 | +++ b/tests/Makefile | ||
41 | @@ -19,6 +19,12 @@ example-async-hmac-objs := async_hmac.o | ||
42 | example-async-speed-objs := async_speed.o | ||
43 | example-hashcrypt-speed-objs := hashcrypt_speed.c | ||
44 | |||
45 | +install: | ||
46 | + install -d $(DESTDIR)/usr/bin/tests_cryptodev | ||
47 | + for bin in $(hostprogs); do \ | ||
48 | + install -m 755 $${bin} $(DESTDIR)/usr/bin/tests_cryptodev/; \ | ||
49 | + done | ||
50 | + | ||
51 | check: $(hostprogs) | ||
52 | ./cipher | ||
53 | ./hmac | ||
54 | @@ -28,6 +34,8 @@ check: $(hostprogs) | ||
55 | ./cipher-gcm | ||
56 | ./cipher-aead | ||
57 | |||
58 | +testprogs: $(hostprogs) | ||
59 | + | ||
60 | clean: | ||
61 | rm -f *.o *~ $(hostprogs) | ||
62 | |||
63 | -- | ||
64 | 2.3.5 | ||
65 | |||
diff --git a/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch b/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch new file mode 100644 index 00000000..2f35768b --- /dev/null +++ b/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch | |||
@@ -0,0 +1,200 @@ | |||
1 | From b109fbdb64de6be0dc2f0d2ef108cead34652495 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Fri, 7 Mar 2014 06:52:13 +0545 | ||
4 | Subject: [PATCH 04/15] Compat versions of PKC IOCTLs | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | cryptodev_int.h | 20 ++++++++++ | ||
11 | ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
12 | 2 files changed, 140 insertions(+) | ||
13 | |||
14 | diff --git a/cryptodev_int.h b/cryptodev_int.h | ||
15 | index fdbcc61..cf54dac 100644 | ||
16 | --- a/cryptodev_int.h | ||
17 | +++ b/cryptodev_int.h | ||
18 | @@ -75,6 +75,24 @@ struct compat_crypt_op { | ||
19 | compat_uptr_t iv;/* initialization vector for encryption operations */ | ||
20 | }; | ||
21 | |||
22 | +/* input of CIOCKEY */ | ||
23 | +struct compat_crparam { | ||
24 | + compat_uptr_t crp_p; | ||
25 | + uint32_t crp_nbits; | ||
26 | +}; | ||
27 | + | ||
28 | +struct compat_crypt_kop { | ||
29 | + uint32_t crk_op; /* cryptodev_crk_ot_t */ | ||
30 | + uint32_t crk_status; | ||
31 | + uint16_t crk_iparams; | ||
32 | + uint16_t crk_oparams; | ||
33 | + uint32_t crk_pad1; | ||
34 | + struct compat_crparam crk_param[CRK_MAXPARAM]; | ||
35 | + enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, | ||
36 | + 2 = EC_BINARY */ | ||
37 | + compat_uptr_t cookie; | ||
38 | +}; | ||
39 | + | ||
40 | /* input of CIOCAUTHCRYPT */ | ||
41 | struct compat_crypt_auth_op { | ||
42 | uint32_t ses; /* session identifier */ | ||
43 | @@ -111,6 +129,8 @@ struct compat_crypt_auth_op { | ||
44 | #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) | ||
45 | #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) | ||
46 | #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) | ||
47 | +#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) | ||
48 | +#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) | ||
49 | |||
50 | #endif /* CONFIG_COMPAT */ | ||
51 | |||
52 | diff --git a/ioctl.c b/ioctl.c | ||
53 | index 69980e3..9431025 100644 | ||
54 | --- a/ioctl.c | ||
55 | +++ b/ioctl.c | ||
56 | @@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
57 | /* compatibility code for 32bit userlands */ | ||
58 | #ifdef CONFIG_COMPAT | ||
59 | |||
60 | +static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, | ||
61 | + struct crypt_kop *kop) | ||
62 | +{ | ||
63 | + int i; | ||
64 | + kop->crk_op = compat->crk_op; | ||
65 | + kop->crk_status = compat->crk_status; | ||
66 | + kop->crk_iparams = compat->crk_iparams; | ||
67 | + kop->crk_oparams = compat->crk_oparams; | ||
68 | + | ||
69 | + for (i = 0; i < CRK_MAXPARAM; i++) { | ||
70 | + kop->crk_param[i].crp_p = | ||
71 | + compat_ptr(compat->crk_param[i].crp_p); | ||
72 | + kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits; | ||
73 | + } | ||
74 | + | ||
75 | + kop->curve_type = compat->curve_type; | ||
76 | + kop->cookie = compat->cookie; | ||
77 | +} | ||
78 | + | ||
79 | +static int compat_kop_from_user(struct kernel_crypt_kop *kop, | ||
80 | + void __user *arg) | ||
81 | +{ | ||
82 | + struct compat_crypt_kop compat_kop; | ||
83 | + | ||
84 | + if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop)))) | ||
85 | + return -EFAULT; | ||
86 | + | ||
87 | + compat_to_crypt_kop(&compat_kop, &kop->kop); | ||
88 | + return fill_kop_from_cop(kop); | ||
89 | +} | ||
90 | + | ||
91 | +static inline void crypt_kop_to_compat(struct crypt_kop *kop, | ||
92 | + struct compat_crypt_kop *compat) | ||
93 | +{ | ||
94 | + int i; | ||
95 | + | ||
96 | + compat->crk_op = kop->crk_op; | ||
97 | + compat->crk_status = kop->crk_status; | ||
98 | + compat->crk_iparams = kop->crk_iparams; | ||
99 | + compat->crk_oparams = kop->crk_oparams; | ||
100 | + | ||
101 | + for (i = 0; i < CRK_MAXPARAM; i++) { | ||
102 | + compat->crk_param[i].crp_p = | ||
103 | + ptr_to_compat(kop->crk_param[i].crp_p); | ||
104 | + compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; | ||
105 | + } | ||
106 | + compat->cookie = kop->cookie; | ||
107 | + compat->curve_type = kop->curve_type; | ||
108 | +} | ||
109 | + | ||
110 | +static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) | ||
111 | +{ | ||
112 | + struct compat_crypt_kop compat_kop; | ||
113 | + | ||
114 | + crypt_kop_to_compat(&kop->kop, &compat_kop); | ||
115 | + if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { | ||
116 | + dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); | ||
117 | + return -EFAULT; | ||
118 | + } | ||
119 | + return 0; | ||
120 | +} | ||
121 | + | ||
122 | static inline void | ||
123 | compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) | ||
124 | { | ||
125 | @@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
126 | return -EFAULT; | ||
127 | } | ||
128 | return ret; | ||
129 | + case COMPAT_CIOCKEY: | ||
130 | + { | ||
131 | + struct cryptodev_pkc *pkc = | ||
132 | + kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); | ||
133 | + | ||
134 | + if (!pkc) | ||
135 | + return -ENOMEM; | ||
136 | + | ||
137 | + ret = compat_kop_from_user(&pkc->kop, arg); | ||
138 | + | ||
139 | + if (unlikely(ret)) { | ||
140 | + kfree(pkc); | ||
141 | + return ret; | ||
142 | + } | ||
143 | |||
144 | + pkc->type = SYNCHRONOUS; | ||
145 | + ret = crypto_run_asym(pkc); | ||
146 | + kfree(pkc); | ||
147 | + } | ||
148 | + return ret; | ||
149 | case COMPAT_CIOCCRYPT: | ||
150 | ret = compat_kcop_from_user(&kcop, fcr, arg); | ||
151 | if (unlikely(ret)) | ||
152 | @@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
153 | |||
154 | return compat_kcop_to_user(&kcop, fcr, arg); | ||
155 | #endif | ||
156 | + case COMPAT_CIOCASYMASYNCRYPT: | ||
157 | + { | ||
158 | + struct cryptodev_pkc *pkc = | ||
159 | + kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); | ||
160 | + | ||
161 | + ret = compat_kop_from_user(&pkc->kop, arg); | ||
162 | + if (unlikely(ret)) | ||
163 | + return -EINVAL; | ||
164 | + | ||
165 | + /* Store associated FD priv data with asymmetric request */ | ||
166 | + pkc->priv = pcr; | ||
167 | + pkc->type = ASYNCHRONOUS; | ||
168 | + ret = crypto_run_asym(pkc); | ||
169 | + if (ret == -EINPROGRESS) | ||
170 | + ret = 0; | ||
171 | + } | ||
172 | + return ret; | ||
173 | + case COMPAT_CIOCASYMASYNFETCH: | ||
174 | + { | ||
175 | + struct cryptodev_pkc *pkc; | ||
176 | + unsigned long flags; | ||
177 | + | ||
178 | + spin_lock_irqsave(&pcr->completion_lock, flags); | ||
179 | + if (list_empty(&pcr->asym_completed_list)) { | ||
180 | + spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
181 | + return -ENOMEM; | ||
182 | + } | ||
183 | + pkc = list_first_entry(&pcr->asym_completed_list, | ||
184 | + struct cryptodev_pkc, list); | ||
185 | + list_del(&pkc->list); | ||
186 | + spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
187 | + ret = crypto_async_fetch_asym(pkc); | ||
188 | + | ||
189 | + /* Reflect the updated request to user-space */ | ||
190 | + if (!ret) | ||
191 | + compat_kop_to_user(&pkc->kop, arg); | ||
192 | + kfree(pkc); | ||
193 | + } | ||
194 | + return ret; | ||
195 | default: | ||
196 | return -EINVAL; | ||
197 | } | ||
198 | -- | ||
199 | 2.3.5 | ||
200 | |||
diff --git a/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch b/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch new file mode 100644 index 00000000..8827fb0f --- /dev/null +++ b/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch | |||
@@ -0,0 +1,213 @@ | |||
1 | From 7594d5375d998eb25241750b623661ff021697d3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Fri, 7 Mar 2014 07:24:00 +0545 | ||
4 | Subject: [PATCH 05/15] Asynchronous interface changes in cryptodev | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | cryptlib.h | 7 ++++- | ||
11 | crypto/cryptodev.h | 10 ++++++- | ||
12 | cryptodev_int.h | 10 ++++++- | ||
13 | ioctl.c | 76 +++++++++++++++++++++++++++++++++++++----------------- | ||
14 | 4 files changed, 76 insertions(+), 27 deletions(-) | ||
15 | |||
16 | diff --git a/cryptlib.h b/cryptlib.h | ||
17 | index 56d325a..7ffa54c 100644 | ||
18 | --- a/cryptlib.h | ||
19 | +++ b/cryptlib.h | ||
20 | @@ -113,7 +113,12 @@ struct cryptodev_pkc { | ||
21 | struct pkc_request req; /* PKC request structure allocated | ||
22 | from CryptoAPI */ | ||
23 | enum offload_type type; /* Synchronous Vs Asynchronous request */ | ||
24 | - void *cookie; /*Additional opaque cookie to be used in future */ | ||
25 | + /* | ||
26 | + * cookie used for transfering tranparent information from async | ||
27 | + * submission to async fetch. Currently some dynamic allocated | ||
28 | + * buffers are maintained which will be freed later during fetch | ||
29 | + */ | ||
30 | + void *cookie; | ||
31 | struct crypt_priv *priv; | ||
32 | }; | ||
33 | |||
34 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
35 | index 96675fe..4436fbf 100644 | ||
36 | --- a/crypto/cryptodev.h | ||
37 | +++ b/crypto/cryptodev.h | ||
38 | @@ -254,6 +254,14 @@ struct crypt_kop { | ||
39 | void *cookie; | ||
40 | }; | ||
41 | |||
42 | +#define MAX_COOKIES 4 | ||
43 | + | ||
44 | +struct pkc_cookie_list_s { | ||
45 | + int cookie_available; | ||
46 | + void *cookie[MAX_COOKIES]; | ||
47 | + int status[MAX_COOKIES]; | ||
48 | +}; | ||
49 | + | ||
50 | enum cryptodev_crk_op_t { | ||
51 | CRK_MOD_EXP = 0, | ||
52 | CRK_MOD_EXP_CRT = 1, | ||
53 | @@ -298,5 +306,5 @@ enum cryptodev_crk_op_t { | ||
54 | #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) | ||
55 | /* additional ioctls for asynchronous operation for asymmetric ciphers*/ | ||
56 | #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) | ||
57 | -#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) | ||
58 | +#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s) | ||
59 | #endif /* L_CRYPTODEV_H */ | ||
60 | diff --git a/cryptodev_int.h b/cryptodev_int.h | ||
61 | index cf54dac..5347cae 100644 | ||
62 | --- a/cryptodev_int.h | ||
63 | +++ b/cryptodev_int.h | ||
64 | @@ -93,6 +93,12 @@ struct compat_crypt_kop { | ||
65 | compat_uptr_t cookie; | ||
66 | }; | ||
67 | |||
68 | +struct compat_pkc_cookie_list_s { | ||
69 | + int cookie_available; | ||
70 | + compat_uptr_t cookie[MAX_COOKIES]; | ||
71 | + int status[MAX_COOKIES]; | ||
72 | +}; | ||
73 | + | ||
74 | /* input of CIOCAUTHCRYPT */ | ||
75 | struct compat_crypt_auth_op { | ||
76 | uint32_t ses; /* session identifier */ | ||
77 | @@ -126,11 +132,13 @@ struct compat_crypt_auth_op { | ||
78 | /* compat ioctls, defined for the above structs */ | ||
79 | #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) | ||
80 | #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) | ||
81 | +#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) | ||
82 | #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) | ||
83 | #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) | ||
84 | #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) | ||
85 | #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) | ||
86 | -#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) | ||
87 | +#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \ | ||
88 | + struct compat_pkc_cookie_list_s) | ||
89 | |||
90 | #endif /* CONFIG_COMPAT */ | ||
91 | |||
92 | diff --git a/ioctl.c b/ioctl.c | ||
93 | index 9431025..e2f407f 100644 | ||
94 | --- a/ioctl.c | ||
95 | +++ b/ioctl.c | ||
96 | @@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) | ||
97 | crypto_free_pkc(pkc->s); | ||
98 | res->err = err; | ||
99 | if (pkc->type == SYNCHRONOUS) { | ||
100 | - if (err == -EINPROGRESS) | ||
101 | - return; | ||
102 | complete(&res->completion); | ||
103 | } else { | ||
104 | struct crypt_priv *pcr = pkc->priv; | ||
105 | @@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
106 | ret = 0; | ||
107 | } | ||
108 | return ret; | ||
109 | - case CIOCASYMASYNFETCH: | ||
110 | + case CIOCASYMFETCHCOOKIE: | ||
111 | { | ||
112 | struct cryptodev_pkc *pkc; | ||
113 | unsigned long flags; | ||
114 | + int i; | ||
115 | + struct pkc_cookie_list_s cookie_list; | ||
116 | |||
117 | spin_lock_irqsave(&pcr->completion_lock, flags); | ||
118 | - if (list_empty(&pcr->asym_completed_list)) { | ||
119 | - spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
120 | - return -ENOMEM; | ||
121 | + cookie_list.cookie_available = 0; | ||
122 | + for (i = 0; i < MAX_COOKIES; i++) { | ||
123 | + if (!list_empty(&pcr->asym_completed_list)) { | ||
124 | + /* Run a loop in the list for upto elements | ||
125 | + and copy their response back */ | ||
126 | + pkc = | ||
127 | + list_first_entry(&pcr->asym_completed_list, | ||
128 | + struct cryptodev_pkc, list); | ||
129 | + list_del(&pkc->list); | ||
130 | + ret = crypto_async_fetch_asym(pkc); | ||
131 | + if (!ret) { | ||
132 | + cookie_list.cookie_available++; | ||
133 | + cookie_list.cookie[i] = | ||
134 | + pkc->kop.kop.cookie; | ||
135 | + cookie_list.status[i] = pkc->result.err; | ||
136 | + } | ||
137 | + kfree(pkc); | ||
138 | + } else { | ||
139 | + break; | ||
140 | + } | ||
141 | } | ||
142 | - pkc = list_first_entry(&pcr->asym_completed_list, | ||
143 | - struct cryptodev_pkc, list); | ||
144 | - list_del(&pkc->list); | ||
145 | spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
146 | - ret = crypto_async_fetch_asym(pkc); | ||
147 | |||
148 | /* Reflect the updated request to user-space */ | ||
149 | - if (!ret) | ||
150 | - kop_to_user(&pkc->kop, arg); | ||
151 | - kfree(pkc); | ||
152 | + if (cookie_list.cookie_available) | ||
153 | + copy_to_user(arg, &cookie_list, | ||
154 | + sizeof(struct pkc_cookie_list_s)); | ||
155 | } | ||
156 | return ret; | ||
157 | default: | ||
158 | @@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
159 | ret = 0; | ||
160 | } | ||
161 | return ret; | ||
162 | - case COMPAT_CIOCASYMASYNFETCH: | ||
163 | + case COMPAT_CIOCASYMFETCHCOOKIE: | ||
164 | { | ||
165 | struct cryptodev_pkc *pkc; | ||
166 | unsigned long flags; | ||
167 | + int i = 0; | ||
168 | + struct compat_pkc_cookie_list_s cookie_list; | ||
169 | |||
170 | spin_lock_irqsave(&pcr->completion_lock, flags); | ||
171 | - if (list_empty(&pcr->asym_completed_list)) { | ||
172 | - spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
173 | - return -ENOMEM; | ||
174 | + cookie_list.cookie_available = 0; | ||
175 | + | ||
176 | + for (i = 0; i < MAX_COOKIES; i++) { | ||
177 | + if (!list_empty(&pcr->asym_completed_list)) { | ||
178 | + /* Run a loop in the list for upto elements | ||
179 | + and copy their response back */ | ||
180 | + pkc = | ||
181 | + list_first_entry(&pcr->asym_completed_list, | ||
182 | + struct cryptodev_pkc, list); | ||
183 | + list_del(&pkc->list); | ||
184 | + ret = crypto_async_fetch_asym(pkc); | ||
185 | + if (!ret) { | ||
186 | + cookie_list.cookie_available++; | ||
187 | + cookie_list.cookie[i] = | ||
188 | + pkc->kop.kop.cookie; | ||
189 | + } | ||
190 | + kfree(pkc); | ||
191 | + } else { | ||
192 | + break; | ||
193 | + } | ||
194 | } | ||
195 | - pkc = list_first_entry(&pcr->asym_completed_list, | ||
196 | - struct cryptodev_pkc, list); | ||
197 | - list_del(&pkc->list); | ||
198 | spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
199 | - ret = crypto_async_fetch_asym(pkc); | ||
200 | |||
201 | /* Reflect the updated request to user-space */ | ||
202 | - if (!ret) | ||
203 | - compat_kop_to_user(&pkc->kop, arg); | ||
204 | - kfree(pkc); | ||
205 | + if (cookie_list.cookie_available) | ||
206 | + copy_to_user(arg, &cookie_list, | ||
207 | + sizeof(struct compat_pkc_cookie_list_s)); | ||
208 | } | ||
209 | return ret; | ||
210 | default: | ||
211 | -- | ||
212 | 2.3.5 | ||
213 | |||
diff --git a/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch new file mode 100644 index 00000000..89cace37 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch | |||
@@ -0,0 +1,212 @@ | |||
1 | From eccd6277b067cd85094eb057225cc0a983300b9f Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Fri, 7 Mar 2014 07:53:53 +0545 | ||
4 | Subject: [PATCH 06/15] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | cryptlib.c | 2 ++ | ||
11 | crypto/cryptodev.h | 5 +++- | ||
12 | ioctl.c | 29 +++++++++++++++++-- | ||
13 | main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
14 | 4 files changed, 118 insertions(+), 3 deletions(-) | ||
15 | |||
16 | diff --git a/cryptlib.c b/cryptlib.c | ||
17 | index 6900028..47cd568 100644 | ||
18 | --- a/cryptlib.c | ||
19 | +++ b/cryptlib.c | ||
20 | @@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) | ||
21 | case DSA_VERIFY: | ||
22 | case ECDSA_SIGN: | ||
23 | case ECDSA_VERIFY: | ||
24 | + case DLC_KEYGEN: | ||
25 | + case ECC_KEYGEN: | ||
26 | pkc->s = crypto_alloc_pkc("pkc(dsa)", | ||
27 | CRYPTO_ALG_TYPE_PKC_DSA, 0); | ||
28 | break; | ||
29 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
30 | index 4436fbf..275a55c 100644 | ||
31 | --- a/crypto/cryptodev.h | ||
32 | +++ b/crypto/cryptodev.h | ||
33 | @@ -268,6 +268,8 @@ enum cryptodev_crk_op_t { | ||
34 | CRK_DSA_SIGN = 2, | ||
35 | CRK_DSA_VERIFY = 3, | ||
36 | CRK_DH_COMPUTE_KEY = 4, | ||
37 | + CRK_DSA_GENERATE_KEY = 5, | ||
38 | + CRK_DH_GENERATE_KEY = 6, | ||
39 | CRK_ALGORITHM_ALL | ||
40 | }; | ||
41 | |||
42 | @@ -280,7 +282,8 @@ enum cryptodev_crk_op_t { | ||
43 | #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) | ||
44 | #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) | ||
45 | #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) | ||
46 | - | ||
47 | +#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY) | ||
48 | +#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY) | ||
49 | |||
50 | /* ioctl's. Compatible with old linux cryptodev.h | ||
51 | */ | ||
52 | diff --git a/ioctl.c b/ioctl.c | ||
53 | index e2f407f..1f0741a 100644 | ||
54 | --- a/ioctl.c | ||
55 | +++ b/ioctl.c | ||
56 | @@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
57 | dh_req->z, dh_req->z_len); | ||
58 | } | ||
59 | break; | ||
60 | + case CRK_DSA_GENERATE_KEY: | ||
61 | + case CRK_DH_GENERATE_KEY: | ||
62 | + { | ||
63 | + struct keygen_req_s *key_req = &pkc_req->req_u.keygen; | ||
64 | + | ||
65 | + if (pkc_req->type == ECC_KEYGEN) { | ||
66 | + copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, | ||
67 | + key_req->pub_key_len); | ||
68 | + copy_to_user(ckop->crk_param[5].crp_p, | ||
69 | + key_req->priv_key, key_req->priv_key_len); | ||
70 | + } else { | ||
71 | + copy_to_user(ckop->crk_param[3].crp_p, | ||
72 | + key_req->pub_key, key_req->pub_key_len); | ||
73 | + copy_to_user(ckop->crk_param[4].crp_p, | ||
74 | + key_req->priv_key, key_req->priv_key_len); | ||
75 | + } | ||
76 | + } | ||
77 | default: | ||
78 | ret = -EINVAL; | ||
79 | } | ||
80 | @@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
81 | |||
82 | switch (cmd) { | ||
83 | case CIOCASYMFEAT: | ||
84 | - return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | | ||
85 | - CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); | ||
86 | + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | | ||
87 | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | | ||
88 | + CRF_DSA_GENERATE_KEY, p); | ||
89 | case CRIOGET: | ||
90 | fd = clonefd(filp); | ||
91 | ret = put_user(fd, p); | ||
92 | @@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
93 | if (cookie_list.cookie_available) | ||
94 | copy_to_user(arg, &cookie_list, | ||
95 | sizeof(struct pkc_cookie_list_s)); | ||
96 | + else { | ||
97 | + struct pkc_cookie_list_s *user_ck_list = (void *)arg; | ||
98 | + | ||
99 | + put_user(0, &(user_ck_list->cookie_available)); | ||
100 | + } | ||
101 | + ret = cookie_list.cookie_available; | ||
102 | } | ||
103 | + | ||
104 | return ret; | ||
105 | default: | ||
106 | return -EINVAL; | ||
107 | diff --git a/main.c b/main.c | ||
108 | index 0b7951e..c901bc7 100644 | ||
109 | --- a/main.c | ||
110 | +++ b/main.c | ||
111 | @@ -342,6 +342,85 @@ err: | ||
112 | return rc; | ||
113 | } | ||
114 | |||
115 | +int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
116 | +{ | ||
117 | + struct kernel_crypt_kop *kop = &pkc->kop; | ||
118 | + struct crypt_kop *cop = &kop->kop; | ||
119 | + struct pkc_request *pkc_req; | ||
120 | + struct keygen_req_s *key_req; | ||
121 | + int rc, buf_size; | ||
122 | + uint8_t *buf; | ||
123 | + | ||
124 | + if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || | ||
125 | + !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || | ||
126 | + !cop->crk_param[4].crp_nbits) | ||
127 | + return -EINVAL; | ||
128 | + | ||
129 | + pkc_req = &pkc->req; | ||
130 | + key_req = &pkc_req->req_u.keygen; | ||
131 | + key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
132 | + key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
133 | + key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
134 | + if (cop->crk_iparams == 3) { | ||
135 | + key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
136 | + key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
137 | + buf_size = key_req->q_len + key_req->r_len + key_req->g_len + | ||
138 | + key_req->pub_key_len + key_req->priv_key_len; | ||
139 | + pkc_req->type = DLC_KEYGEN; | ||
140 | + } else { | ||
141 | + key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
142 | + key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
143 | + key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8; | ||
144 | + buf_size = key_req->q_len + key_req->r_len + key_req->g_len + | ||
145 | + key_req->pub_key_len + key_req->priv_key_len + | ||
146 | + key_req->ab_len; | ||
147 | + pkc_req->type = ECC_KEYGEN; | ||
148 | + pkc_req->curve_type = cop->curve_type; | ||
149 | + } | ||
150 | + | ||
151 | + buf = kzalloc(buf_size, GFP_DMA); | ||
152 | + if (!buf) | ||
153 | + return -ENOMEM; | ||
154 | + | ||
155 | + key_req->q = buf; | ||
156 | + key_req->r = key_req->q + key_req->q_len; | ||
157 | + key_req->g = key_req->r + key_req->r_len; | ||
158 | + key_req->pub_key = key_req->g + key_req->g_len; | ||
159 | + key_req->priv_key = key_req->pub_key + key_req->pub_key_len; | ||
160 | + copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); | ||
161 | + copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); | ||
162 | + copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); | ||
163 | + if (cop->crk_iparams == 3) { | ||
164 | + copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, | ||
165 | + key_req->pub_key_len); | ||
166 | + copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, | ||
167 | + key_req->priv_key_len); | ||
168 | + } else { | ||
169 | + key_req->ab = key_req->priv_key + key_req->priv_key_len; | ||
170 | + copy_from_user(key_req->ab, cop->crk_param[3].crp_p, | ||
171 | + key_req->ab_len); | ||
172 | + copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, | ||
173 | + key_req->pub_key_len); | ||
174 | + copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, | ||
175 | + key_req->priv_key_len); | ||
176 | + } | ||
177 | + | ||
178 | + rc = cryptodev_pkc_offload(pkc); | ||
179 | + if (pkc->type == SYNCHRONOUS) { | ||
180 | + if (rc) | ||
181 | + goto err; | ||
182 | + } else { | ||
183 | + if (rc != -EINPROGRESS && !rc) | ||
184 | + goto err; | ||
185 | + | ||
186 | + pkc->cookie = buf; | ||
187 | + return rc; | ||
188 | + } | ||
189 | +err: | ||
190 | + kfree(buf); | ||
191 | + return rc; | ||
192 | +} | ||
193 | + | ||
194 | int crypto_kop_dh_key(struct cryptodev_pkc *pkc) | ||
195 | { | ||
196 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
197 | @@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) | ||
198 | goto err; | ||
199 | ret = crypto_kop_dh_key(pkc); | ||
200 | break; | ||
201 | + case CRK_DH_GENERATE_KEY: | ||
202 | + case CRK_DSA_GENERATE_KEY: | ||
203 | + if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) | ||
204 | + goto err; | ||
205 | + ret = crypto_kop_keygen(pkc); | ||
206 | + break; | ||
207 | } | ||
208 | err: | ||
209 | return ret; | ||
210 | -- | ||
211 | 2.3.5 | ||
212 | |||
diff --git a/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch new file mode 100644 index 00000000..a76aca47 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch | |||
@@ -0,0 +1,238 @@ | |||
1 | From 78c01e1882def52c72966c0e86913950ec201af9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Fri, 7 Mar 2014 08:49:15 +0545 | ||
4 | Subject: [PATCH 07/15] RCU stall fixed in PKC asynchronous interface | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | --- | ||
10 | ioctl.c | 23 +++++++++++------------ | ||
11 | main.c | 43 +++++++++++++++++++++++++++---------------- | ||
12 | 2 files changed, 38 insertions(+), 28 deletions(-) | ||
13 | |||
14 | diff --git a/ioctl.c b/ioctl.c | ||
15 | index 1f0741a..e4e16a8 100644 | ||
16 | --- a/ioctl.c | ||
17 | +++ b/ioctl.c | ||
18 | @@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) | ||
19 | complete(&res->completion); | ||
20 | } else { | ||
21 | struct crypt_priv *pcr = pkc->priv; | ||
22 | - unsigned long flags; | ||
23 | - spin_lock_irqsave(&pcr->completion_lock, flags); | ||
24 | + spin_lock_bh(&pcr->completion_lock); | ||
25 | list_add_tail(&pkc->list, &pcr->asym_completed_list); | ||
26 | - spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
27 | + spin_unlock_bh(&pcr->completion_lock); | ||
28 | /* wake for POLLIN */ | ||
29 | wake_up_interruptible(&pcr->user_waiter); | ||
30 | } | ||
31 | @@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
32 | case CIOCASYMFEAT: | ||
33 | return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | | ||
34 | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | | ||
35 | - CRF_DSA_GENERATE_KEY, p); | ||
36 | + CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); | ||
37 | case CRIOGET: | ||
38 | fd = clonefd(filp); | ||
39 | ret = put_user(fd, p); | ||
40 | @@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
41 | case CIOCKEY: | ||
42 | { | ||
43 | struct cryptodev_pkc *pkc = | ||
44 | - kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); | ||
45 | + kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); | ||
46 | |||
47 | if (!pkc) | ||
48 | return -ENOMEM; | ||
49 | @@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
50 | case CIOCASYMASYNCRYPT: | ||
51 | { | ||
52 | struct cryptodev_pkc *pkc = | ||
53 | - kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); | ||
54 | + kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); | ||
55 | ret = kop_from_user(&pkc->kop, arg); | ||
56 | |||
57 | if (unlikely(ret)) | ||
58 | @@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
59 | case CIOCASYMFETCHCOOKIE: | ||
60 | { | ||
61 | struct cryptodev_pkc *pkc; | ||
62 | - unsigned long flags; | ||
63 | int i; | ||
64 | struct pkc_cookie_list_s cookie_list; | ||
65 | |||
66 | - spin_lock_irqsave(&pcr->completion_lock, flags); | ||
67 | cookie_list.cookie_available = 0; | ||
68 | for (i = 0; i < MAX_COOKIES; i++) { | ||
69 | + spin_lock_bh(&pcr->completion_lock); | ||
70 | if (!list_empty(&pcr->asym_completed_list)) { | ||
71 | /* Run a loop in the list for upto elements | ||
72 | and copy their response back */ | ||
73 | @@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
74 | list_first_entry(&pcr->asym_completed_list, | ||
75 | struct cryptodev_pkc, list); | ||
76 | list_del(&pkc->list); | ||
77 | + spin_unlock_bh(&pcr->completion_lock); | ||
78 | ret = crypto_async_fetch_asym(pkc); | ||
79 | if (!ret) { | ||
80 | cookie_list.cookie_available++; | ||
81 | @@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
82 | } | ||
83 | kfree(pkc); | ||
84 | } else { | ||
85 | + spin_unlock_bh(&pcr->completion_lock); | ||
86 | break; | ||
87 | } | ||
88 | } | ||
89 | - spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
90 | |||
91 | /* Reflect the updated request to user-space */ | ||
92 | if (cookie_list.cookie_available) | ||
93 | @@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
94 | case COMPAT_CIOCASYMFETCHCOOKIE: | ||
95 | { | ||
96 | struct cryptodev_pkc *pkc; | ||
97 | - unsigned long flags; | ||
98 | int i = 0; | ||
99 | struct compat_pkc_cookie_list_s cookie_list; | ||
100 | |||
101 | - spin_lock_irqsave(&pcr->completion_lock, flags); | ||
102 | cookie_list.cookie_available = 0; | ||
103 | |||
104 | for (i = 0; i < MAX_COOKIES; i++) { | ||
105 | + spin_lock_bh(&pcr->completion_lock); | ||
106 | if (!list_empty(&pcr->asym_completed_list)) { | ||
107 | /* Run a loop in the list for upto elements | ||
108 | and copy their response back */ | ||
109 | @@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
110 | list_first_entry(&pcr->asym_completed_list, | ||
111 | struct cryptodev_pkc, list); | ||
112 | list_del(&pkc->list); | ||
113 | + spin_unlock_bh(&pcr->completion_lock); | ||
114 | ret = crypto_async_fetch_asym(pkc); | ||
115 | if (!ret) { | ||
116 | cookie_list.cookie_available++; | ||
117 | @@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
118 | } | ||
119 | kfree(pkc); | ||
120 | } else { | ||
121 | + spin_unlock_bh(&pcr->completion_lock); | ||
122 | break; | ||
123 | } | ||
124 | } | ||
125 | - spin_unlock_irqrestore(&pcr->completion_lock, flags); | ||
126 | |||
127 | /* Reflect the updated request to user-space */ | ||
128 | if (cookie_list.cookie_available) | ||
129 | diff --git a/main.c b/main.c | ||
130 | index c901bc7..2747706 100644 | ||
131 | --- a/main.c | ||
132 | +++ b/main.c | ||
133 | @@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) | ||
134 | pkc_req->type = DSA_SIGN; | ||
135 | } | ||
136 | |||
137 | - buf = kzalloc(buf_size, GFP_DMA); | ||
138 | + buf = kmalloc(buf_size, GFP_DMA); | ||
139 | + if (!buf) | ||
140 | + return -ENOMEM; | ||
141 | |||
142 | dsa_req->q = buf; | ||
143 | dsa_req->r = dsa_req->q + dsa_req->q_len; | ||
144 | @@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) | ||
145 | pkc_req->type = DSA_VERIFY; | ||
146 | } | ||
147 | |||
148 | - buf = kzalloc(buf_size, GFP_DMA); | ||
149 | + buf = kmalloc(buf_size, GFP_DMA); | ||
150 | + if (!buf) | ||
151 | + return -ENOMEM; | ||
152 | |||
153 | dsa_req->q = buf; | ||
154 | dsa_req->r = dsa_req->q + dsa_req->q_len; | ||
155 | @@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
156 | pkc_req->curve_type = cop->curve_type; | ||
157 | } | ||
158 | |||
159 | - buf = kzalloc(buf_size, GFP_DMA); | ||
160 | + buf = kmalloc(buf_size, GFP_DMA); | ||
161 | if (!buf) | ||
162 | return -ENOMEM; | ||
163 | |||
164 | @@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
165 | copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); | ||
166 | copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); | ||
167 | copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); | ||
168 | - if (cop->crk_iparams == 3) { | ||
169 | - copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, | ||
170 | - key_req->pub_key_len); | ||
171 | - copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, | ||
172 | - key_req->priv_key_len); | ||
173 | - } else { | ||
174 | + if (cop->crk_iparams == 4) { | ||
175 | key_req->ab = key_req->priv_key + key_req->priv_key_len; | ||
176 | copy_from_user(key_req->ab, cop->crk_param[3].crp_p, | ||
177 | key_req->ab_len); | ||
178 | - copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, | ||
179 | - key_req->pub_key_len); | ||
180 | - copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, | ||
181 | - key_req->priv_key_len); | ||
182 | } | ||
183 | |||
184 | rc = cryptodev_pkc_offload(pkc); | ||
185 | if (pkc->type == SYNCHRONOUS) { | ||
186 | if (rc) | ||
187 | goto err; | ||
188 | + | ||
189 | + if (cop->crk_iparams == 4) { | ||
190 | + copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, | ||
191 | + key_req->pub_key_len); | ||
192 | + copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, | ||
193 | + key_req->priv_key_len); | ||
194 | + } else { | ||
195 | + copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, | ||
196 | + key_req->pub_key_len); | ||
197 | + copy_to_user(cop->crk_param[4].crp_p, | ||
198 | + key_req->priv_key, key_req->priv_key_len); | ||
199 | + } | ||
200 | } else { | ||
201 | if (rc != -EINPROGRESS && !rc) | ||
202 | goto err; | ||
203 | @@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) | ||
204 | pkc_req->type = DH_COMPUTE_KEY; | ||
205 | } | ||
206 | buf_size += dh_req->z_len; | ||
207 | - buf = kzalloc(buf_size, GFP_DMA); | ||
208 | + buf = kmalloc(buf_size, GFP_DMA); | ||
209 | + if (!buf) | ||
210 | + return -ENOMEM; | ||
211 | dh_req->q = buf; | ||
212 | dh_req->s = dh_req->q + dh_req->q_len; | ||
213 | dh_req->pub_key = dh_req->s + dh_req->s_len; | ||
214 | @@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) | ||
215 | rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
216 | rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; | ||
217 | rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; | ||
218 | - buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + | ||
219 | + buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + | ||
220 | rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + | ||
221 | rsa_req->g_len, GFP_DMA); | ||
222 | + if (!buf) | ||
223 | + return -ENOMEM; | ||
224 | rsa_req->p = buf; | ||
225 | rsa_req->q = rsa_req->p + rsa_req->p_len; | ||
226 | rsa_req->g = rsa_req->q + rsa_req->q_len; | ||
227 | @@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) | ||
228 | rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
229 | rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
230 | rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
231 | - buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len | ||
232 | + buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len | ||
233 | + rsa_req->g_len, GFP_DMA); | ||
234 | if (!buf) | ||
235 | return -ENOMEM; | ||
236 | -- | ||
237 | 2.3.5 | ||
238 | |||
diff --git a/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch b/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch new file mode 100644 index 00000000..d251c660 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch | |||
@@ -0,0 +1,170 @@ | |||
1 | From 5127db3483a2e4f6dc13330bea7237931c5f15a0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hou Zhiqiang <B48286@freescale.com> | ||
3 | Date: Wed, 19 Mar 2014 14:02:46 +0800 | ||
4 | Subject: [PATCH 08/15] Add RSA Key generation offloading | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Hou Zhiqiang <B48286@freescale.com> | ||
9 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
10 | --- | ||
11 | cryptlib.c | 1 + | ||
12 | crypto/cryptodev.h | 2 ++ | ||
13 | ioctl.c | 3 +- | ||
14 | main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++- | ||
15 | 4 files changed, 84 insertions(+), 2 deletions(-) | ||
16 | |||
17 | diff --git a/cryptlib.c b/cryptlib.c | ||
18 | index 47cd568..4dd1847 100644 | ||
19 | --- a/cryptlib.c | ||
20 | +++ b/cryptlib.c | ||
21 | @@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) | ||
22 | struct pkc_request *pkc_req = &pkc->req, *pkc_requested; | ||
23 | |||
24 | switch (pkc_req->type) { | ||
25 | + case RSA_KEYGEN: | ||
26 | case RSA_PUB: | ||
27 | case RSA_PRIV_FORM1: | ||
28 | case RSA_PRIV_FORM2: | ||
29 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
30 | index 275a55c..d0cc542 100644 | ||
31 | --- a/crypto/cryptodev.h | ||
32 | +++ b/crypto/cryptodev.h | ||
33 | @@ -270,6 +270,7 @@ enum cryptodev_crk_op_t { | ||
34 | CRK_DH_COMPUTE_KEY = 4, | ||
35 | CRK_DSA_GENERATE_KEY = 5, | ||
36 | CRK_DH_GENERATE_KEY = 6, | ||
37 | + CRK_RSA_GENERATE_KEY = 7, | ||
38 | CRK_ALGORITHM_ALL | ||
39 | }; | ||
40 | |||
41 | @@ -279,6 +280,7 @@ enum cryptodev_crk_op_t { | ||
42 | */ | ||
43 | #define CRF_MOD_EXP (1 << CRK_MOD_EXP) | ||
44 | #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) | ||
45 | +#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY) | ||
46 | #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) | ||
47 | #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) | ||
48 | #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) | ||
49 | diff --git a/ioctl.c b/ioctl.c | ||
50 | index e4e16a8..3762a47 100644 | ||
51 | --- a/ioctl.c | ||
52 | +++ b/ioctl.c | ||
53 | @@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
54 | case CIOCASYMFEAT: | ||
55 | return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | | ||
56 | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | | ||
57 | - CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); | ||
58 | + CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | | ||
59 | + CRF_RSA_GENERATE_KEY, p); | ||
60 | case CRIOGET: | ||
61 | fd = clonefd(filp); | ||
62 | ret = put_user(fd, p); | ||
63 | diff --git a/main.c b/main.c | ||
64 | index 2747706..14dcf40 100644 | ||
65 | --- a/main.c | ||
66 | +++ b/main.c | ||
67 | @@ -346,6 +346,82 @@ err: | ||
68 | return rc; | ||
69 | } | ||
70 | |||
71 | +int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) | ||
72 | +{ | ||
73 | + struct kernel_crypt_kop *kop = &pkc->kop; | ||
74 | + struct crypt_kop *cop = &kop->kop; | ||
75 | + struct pkc_request *pkc_req; | ||
76 | + struct rsa_keygen_req_s *key_req; | ||
77 | + int rc, buf_size; | ||
78 | + uint8_t *buf; | ||
79 | + | ||
80 | + if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || | ||
81 | + !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || | ||
82 | + !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || | ||
83 | + !cop->crk_param[6].crp_nbits) | ||
84 | + return -EINVAL; | ||
85 | + | ||
86 | + pkc_req = &pkc->req; | ||
87 | + pkc_req->type = RSA_KEYGEN; | ||
88 | + key_req = &pkc_req->req_u.rsa_keygen; | ||
89 | + key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
90 | + key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; | ||
91 | + key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; | ||
92 | + key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8; | ||
93 | + key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8; | ||
94 | + key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8; | ||
95 | + key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8; | ||
96 | + key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8; | ||
97 | + | ||
98 | + buf_size = key_req->p_len + key_req->q_len + key_req->n_len + | ||
99 | + key_req->d_len + key_req->dp_len + | ||
100 | + key_req->dq_len + key_req->c_len; | ||
101 | + | ||
102 | + buf = kmalloc(buf_size, GFP_DMA); | ||
103 | + if (!buf) | ||
104 | + return -ENOMEM; | ||
105 | + key_req->p = buf; | ||
106 | + key_req->q = key_req->p + key_req->p_len; | ||
107 | + key_req->n = key_req->q + key_req->q_len; | ||
108 | + key_req->d = key_req->n + key_req->n_len; | ||
109 | + key_req->dp = key_req->d + key_req->d_len; | ||
110 | + key_req->dq = key_req->dp + key_req->dp_len; | ||
111 | + key_req->c = key_req->dq + key_req->dq_len; | ||
112 | + | ||
113 | + rc = cryptodev_pkc_offload(pkc); | ||
114 | + | ||
115 | + if (pkc->type == SYNCHRONOUS) { | ||
116 | + if (rc) | ||
117 | + goto err; | ||
118 | + | ||
119 | + copy_to_user(cop->crk_param[0].crp_p, | ||
120 | + key_req->p, key_req->p_len); | ||
121 | + copy_to_user(cop->crk_param[1].crp_p, | ||
122 | + key_req->q, key_req->q_len); | ||
123 | + copy_to_user(cop->crk_param[2].crp_p, | ||
124 | + key_req->n, key_req->n_len); | ||
125 | + copy_to_user(cop->crk_param[3].crp_p, | ||
126 | + key_req->d, key_req->d_len); | ||
127 | + copy_to_user(cop->crk_param[4].crp_p, | ||
128 | + key_req->dp, key_req->dp_len); | ||
129 | + copy_to_user(cop->crk_param[5].crp_p, | ||
130 | + key_req->dq, key_req->dq_len); | ||
131 | + copy_to_user(cop->crk_param[6].crp_p, | ||
132 | + key_req->c, key_req->c_len); | ||
133 | + } else { | ||
134 | + if (rc != -EINPROGRESS && !rc) { | ||
135 | + printk("%s: Failed\n", __func__); | ||
136 | + goto err; | ||
137 | + } | ||
138 | + pkc->cookie = buf; | ||
139 | + return rc; | ||
140 | + } | ||
141 | +err: | ||
142 | + kfree(buf); | ||
143 | + return rc; | ||
144 | + | ||
145 | +} | ||
146 | + | ||
147 | int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
148 | { | ||
149 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
150 | @@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
151 | buf = kmalloc(buf_size, GFP_DMA); | ||
152 | if (!buf) | ||
153 | return -ENOMEM; | ||
154 | - | ||
155 | key_req->q = buf; | ||
156 | key_req->r = key_req->q + key_req->q_len; | ||
157 | key_req->g = key_req->r + key_req->r_len; | ||
158 | @@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) | ||
159 | goto err; | ||
160 | ret = crypto_kop_keygen(pkc); | ||
161 | break; | ||
162 | + case CRK_RSA_GENERATE_KEY: | ||
163 | + ret = crypto_kop_rsa_keygen(pkc); | ||
164 | + break; | ||
165 | } | ||
166 | err: | ||
167 | return ret; | ||
168 | -- | ||
169 | 2.3.5 | ||
170 | |||
diff --git a/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch new file mode 100644 index 00000000..2213faec --- /dev/null +++ b/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch | |||
@@ -0,0 +1,160 @@ | |||
1 | From 800af48d0c26830943ca2308dd426b5b09811750 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
3 | Date: Thu, 17 Apr 2014 07:08:47 +0545 | ||
4 | Subject: [PATCH 09/15] Fixed compilation error of openssl with fsl cryptodev | ||
5 | |||
6 | Upstream-status: Pending | ||
7 | |||
8 | Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> | ||
9 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
10 | --- | ||
11 | authenc.c | 1 + | ||
12 | cryptlib.c | 9 ++++----- | ||
13 | crypto/cryptodev.h | 9 ++++++++- | ||
14 | cryptodev_int.h | 2 +- | ||
15 | ioctl.c | 8 ++++++-- | ||
16 | main.c | 1 + | ||
17 | 6 files changed, 21 insertions(+), 9 deletions(-) | ||
18 | |||
19 | diff --git a/authenc.c b/authenc.c | ||
20 | index ef0d3db..2aa4d38 100644 | ||
21 | --- a/authenc.c | ||
22 | +++ b/authenc.c | ||
23 | @@ -2,6 +2,7 @@ | ||
24 | * Driver for /dev/crypto device (aka CryptoDev) | ||
25 | * | ||
26 | * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc. | ||
27 | + * Copyright (c) 2014 Freescale Semiconductor, Inc. | ||
28 | * | ||
29 | * Author: Nikos Mavrogiannopoulos | ||
30 | * | ||
31 | diff --git a/cryptlib.c b/cryptlib.c | ||
32 | index 4dd1847..ec6693e 100644 | ||
33 | --- a/cryptlib.c | ||
34 | +++ b/cryptlib.c | ||
35 | @@ -4,8 +4,7 @@ | ||
36 | * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||
37 | * Portions Copyright (c) 2010 Michael Weiser | ||
38 | * Portions Copyright (c) 2010 Phil Sutter | ||
39 | - * | ||
40 | - * Copyright 2012 Freescale Semiconductor, Inc. | ||
41 | + * Copyright 2012-2014 Freescale Semiconductor, Inc. | ||
42 | * | ||
43 | * This file is part of linux cryptodev. | ||
44 | * | ||
45 | @@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, | ||
46 | if (alg->max_keysize > 0 && | ||
47 | unlikely((keylen < alg->min_keysize) || | ||
48 | (keylen > alg->max_keysize))) { | ||
49 | - ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", | ||
50 | + ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", | ||
51 | keylen, alg_name, alg->min_keysize, alg->max_keysize); | ||
52 | ret = -EINVAL; | ||
53 | goto error; | ||
54 | @@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, | ||
55 | } | ||
56 | |||
57 | if (unlikely(ret)) { | ||
58 | - ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); | ||
59 | + ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); | ||
60 | ret = -EINVAL; | ||
61 | goto error; | ||
62 | } | ||
63 | @@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, | ||
64 | if (hmac_mode != 0) { | ||
65 | ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); | ||
66 | if (unlikely(ret)) { | ||
67 | - ddebug(1, "Setting hmac key failed for %s-%zu.", | ||
68 | + ddebug(1, "Setting hmac key failed for %s-%u.", | ||
69 | alg_name, mackeylen*8); | ||
70 | ret = -EINVAL; | ||
71 | goto error; | ||
72 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
73 | index d0cc542..e7edd97 100644 | ||
74 | --- a/crypto/cryptodev.h | ||
75 | +++ b/crypto/cryptodev.h | ||
76 | @@ -234,6 +234,13 @@ struct crypt_auth_op { | ||
77 | #define CRYPTO_ALG_FLAG_RNG_ENABLE 2 | ||
78 | #define CRYPTO_ALG_FLAG_DSA_SHA 4 | ||
79 | |||
80 | +enum ec_curve_t { | ||
81 | + EC_DISCRETE_LOG, | ||
82 | + EC_PRIME, | ||
83 | + EC_BINARY, | ||
84 | + MAX_EC_TYPE | ||
85 | +}; | ||
86 | + | ||
87 | struct crparam { | ||
88 | __u8 *crp_p; | ||
89 | __u32 crp_nbits; | ||
90 | @@ -249,7 +256,7 @@ struct crypt_kop { | ||
91 | __u16 crk_oparams; | ||
92 | __u32 crk_pad1; | ||
93 | struct crparam crk_param[CRK_MAXPARAM]; | ||
94 | - enum curve_t curve_type; /* 0 == Discrete Log, | ||
95 | + enum ec_curve_t curve_type; /* 0 == Discrete Log, | ||
96 | 1 = EC_PRIME, 2 = EC_BINARY */ | ||
97 | void *cookie; | ||
98 | }; | ||
99 | diff --git a/cryptodev_int.h b/cryptodev_int.h | ||
100 | index 5347cae..c83c885 100644 | ||
101 | --- a/cryptodev_int.h | ||
102 | +++ b/cryptodev_int.h | ||
103 | @@ -88,7 +88,7 @@ struct compat_crypt_kop { | ||
104 | uint16_t crk_oparams; | ||
105 | uint32_t crk_pad1; | ||
106 | struct compat_crparam crk_param[CRK_MAXPARAM]; | ||
107 | - enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, | ||
108 | + enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, | ||
109 | 2 = EC_BINARY */ | ||
110 | compat_uptr_t cookie; | ||
111 | }; | ||
112 | diff --git a/ioctl.c b/ioctl.c | ||
113 | index 3762a47..c97320b 100644 | ||
114 | --- a/ioctl.c | ||
115 | +++ b/ioctl.c | ||
116 | @@ -4,7 +4,7 @@ | ||
117 | * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs | ||
118 | * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||
119 | * Copyright (c) 2010 Phil Sutter | ||
120 | - * Copyright 2012 Freescale Semiconductor, Inc. | ||
121 | + * Copyright 2012-2014 Freescale Semiconductor, Inc. | ||
122 | * | ||
123 | * This file is part of linux cryptodev. | ||
124 | * | ||
125 | @@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp) | ||
126 | INIT_LIST_HEAD(&pcr->done.list); | ||
127 | INIT_LIST_HEAD(&pcr->asym_completed_list); | ||
128 | spin_lock_init(&pcr->completion_lock); | ||
129 | + | ||
130 | INIT_WORK(&pcr->cryptask, cryptask_routine); | ||
131 | |||
132 | init_waitqueue_head(&pcr->user_waiter); | ||
133 | @@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) | ||
134 | |||
135 | if (cop->iv) { | ||
136 | rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); | ||
137 | - if (unlikely(rc)) | ||
138 | + if (unlikely(rc)) { | ||
139 | + derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", | ||
140 | + kcop->ivlen, rc, cop->iv); | ||
141 | return -EFAULT; | ||
142 | + } | ||
143 | } | ||
144 | |||
145 | return 0; | ||
146 | diff --git a/main.c b/main.c | ||
147 | index 14dcf40..6365911 100644 | ||
148 | --- a/main.c | ||
149 | +++ b/main.c | ||
150 | @@ -3,6 +3,7 @@ | ||
151 | * | ||
152 | * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs | ||
153 | * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||
154 | + * Copyright (c) 2014 Freescale Semiconductor, Inc. | ||
155 | * | ||
156 | * This file is part of linux cryptodev. | ||
157 | * | ||
158 | -- | ||
159 | 2.3.5 | ||
160 | |||
diff --git a/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch b/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch new file mode 100644 index 00000000..20321595 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch | |||
@@ -0,0 +1,54 @@ | |||
1 | From 55ee0ae703a68db74a492f5910937260502b9602 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 10 Jun 2014 08:27:59 +0300 | ||
4 | Subject: [PATCH 10/15] add support for composite TLS10(SHA1,3DES) algorithm | ||
5 | offload | ||
6 | |||
7 | This adds support for composite algorithm offload in a single crypto | ||
8 | (cipher + hmac) operation. | ||
9 | |||
10 | It requires either software or hardware TLS support in the Linux kernel | ||
11 | and can be used with Freescale B*, P* and T* platforms that have support | ||
12 | for hardware TLS acceleration. | ||
13 | |||
14 | Change-Id: Ibce0ceb4174809c9c96b453cd3202bc5220ff084 | ||
15 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
16 | Reviewed-on: http://git.am.freescale.net:8181/34000 | ||
17 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
18 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
19 | --- | ||
20 | crypto/cryptodev.h | 1 + | ||
21 | ioctl.c | 5 +++++ | ||
22 | 2 files changed, 6 insertions(+) | ||
23 | |||
24 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
25 | index e7edd97..07f40b2 100644 | ||
26 | --- a/crypto/cryptodev.h | ||
27 | +++ b/crypto/cryptodev.h | ||
28 | @@ -55,6 +55,7 @@ enum cryptodev_crypto_op_t { | ||
29 | CRYPTO_SHA2_512, | ||
30 | CRYPTO_SHA2_224_HMAC, | ||
31 | CRYPTO_TLS10_AES_CBC_HMAC_SHA1, | ||
32 | + CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, | ||
33 | CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ | ||
34 | }; | ||
35 | |||
36 | diff --git a/ioctl.c b/ioctl.c | ||
37 | index c97320b..574e913 100644 | ||
38 | --- a/ioctl.c | ||
39 | +++ b/ioctl.c | ||
40 | @@ -191,6 +191,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) | ||
41 | stream = 0; | ||
42 | aead = 1; | ||
43 | break; | ||
44 | + case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: | ||
45 | + alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; | ||
46 | + stream = 0; | ||
47 | + aead = 1; | ||
48 | + break; | ||
49 | case CRYPTO_NULL: | ||
50 | alg_name = "ecb(cipher_null)"; | ||
51 | stream = 1; | ||
52 | -- | ||
53 | 2.3.5 | ||
54 | |||
diff --git a/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch b/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch new file mode 100644 index 00000000..37862b55 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | From 06cca15fd0412ae872c2b2c5d50216e1eb34fc50 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 31 Mar 2015 16:15:47 +0300 | ||
4 | Subject: [PATCH 11/15] add support for TLSv1.1 record offload | ||
5 | |||
6 | This adds support for composite algorithm offload in a single crypto | ||
7 | (cipher + hmac) operation. | ||
8 | |||
9 | Supported cipher suites: | ||
10 | - 3des-ede-cbc-sha | ||
11 | - aes-128-cbc-hmac-sha | ||
12 | - aes-256-cbc-hmac-sha | ||
13 | |||
14 | It requires either software or hardware TLS support in the Linux kernel | ||
15 | and can be used with Freescale B*, P* and T* platforms that have support | ||
16 | for hardware TLS acceleration. | ||
17 | |||
18 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
19 | Change-Id: Ia5f3fa7ec090d5643d71b0f608c68a274ec6b51f | ||
20 | Reviewed-on: http://git.am.freescale.net:8181/33998 | ||
21 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
22 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
23 | --- | ||
24 | crypto/cryptodev.h | 4 +++- | ||
25 | ioctl.c | 14 ++++++++++++-- | ||
26 | 2 files changed, 15 insertions(+), 3 deletions(-) | ||
27 | |||
28 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
29 | index 07f40b2..61e8599 100644 | ||
30 | --- a/crypto/cryptodev.h | ||
31 | +++ b/crypto/cryptodev.h | ||
32 | @@ -54,8 +54,10 @@ enum cryptodev_crypto_op_t { | ||
33 | CRYPTO_SHA2_384, | ||
34 | CRYPTO_SHA2_512, | ||
35 | CRYPTO_SHA2_224_HMAC, | ||
36 | - CRYPTO_TLS10_AES_CBC_HMAC_SHA1, | ||
37 | CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, | ||
38 | + CRYPTO_TLS10_AES_CBC_HMAC_SHA1, | ||
39 | + CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, | ||
40 | + CRYPTO_TLS11_AES_CBC_HMAC_SHA1, | ||
41 | CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ | ||
42 | }; | ||
43 | |||
44 | diff --git a/ioctl.c b/ioctl.c | ||
45 | index 574e913..ba82387 100644 | ||
46 | --- a/ioctl.c | ||
47 | +++ b/ioctl.c | ||
48 | @@ -186,13 +186,23 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) | ||
49 | stream = 1; | ||
50 | aead = 1; | ||
51 | break; | ||
52 | + case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: | ||
53 | + alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; | ||
54 | + stream = 0; | ||
55 | + aead = 1; | ||
56 | + break; | ||
57 | case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: | ||
58 | alg_name = "tls10(hmac(sha1),cbc(aes))"; | ||
59 | stream = 0; | ||
60 | aead = 1; | ||
61 | break; | ||
62 | - case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: | ||
63 | - alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; | ||
64 | + case CRYPTO_TLS11_3DES_CBC_HMAC_SHA1: | ||
65 | + alg_name = "tls11(hmac(sha1),cbc(des3_ede))"; | ||
66 | + stream = 0; | ||
67 | + aead = 1; | ||
68 | + break; | ||
69 | + case CRYPTO_TLS11_AES_CBC_HMAC_SHA1: | ||
70 | + alg_name = "tls11(hmac(sha1),cbc(aes))"; | ||
71 | stream = 0; | ||
72 | aead = 1; | ||
73 | break; | ||
74 | -- | ||
75 | 2.3.5 | ||
76 | |||
diff --git a/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch b/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch new file mode 100644 index 00000000..6aa672a7 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch | |||
@@ -0,0 +1,72 @@ | |||
1 | From 15999e402dd7472cafe51be3fd0ce66433ca924b Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 31 Mar 2015 16:16:28 +0300 | ||
4 | Subject: [PATCH 12/15] add support for TLSv1.2 record offload | ||
5 | |||
6 | This adds support for composite algorithm offload in a single crypto | ||
7 | (cipher + hmac) operation. | ||
8 | |||
9 | Supported cipher suites: | ||
10 | - 3des-ede-cbc-sha | ||
11 | - aes-128-cbc-hmac-sha | ||
12 | - aes-256-cbc-hmac-sha | ||
13 | - aes-128-cbc-hmac-sha256 | ||
14 | - aes-256-cbc-hmac-sha256 | ||
15 | |||
16 | It requires either software or hardware TLS support in the Linux kernel | ||
17 | and can be used with Freescale B*, P* and T* platforms that have support | ||
18 | for hardware TLS acceleration. | ||
19 | |||
20 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
21 | Change-Id: I21f45993505fc3dad09848a13aa20f778a7c2de0 | ||
22 | Reviewed-on: http://git.am.freescale.net:8181/33999 | ||
23 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
24 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
25 | --- | ||
26 | crypto/cryptodev.h | 3 +++ | ||
27 | ioctl.c | 15 +++++++++++++++ | ||
28 | 2 files changed, 18 insertions(+) | ||
29 | |||
30 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
31 | index 61e8599..f6058ca 100644 | ||
32 | --- a/crypto/cryptodev.h | ||
33 | +++ b/crypto/cryptodev.h | ||
34 | @@ -58,6 +58,9 @@ enum cryptodev_crypto_op_t { | ||
35 | CRYPTO_TLS10_AES_CBC_HMAC_SHA1, | ||
36 | CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, | ||
37 | CRYPTO_TLS11_AES_CBC_HMAC_SHA1, | ||
38 | + CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, | ||
39 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA1, | ||
40 | + CRYPTO_TLS12_AES_CBC_HMAC_SHA256, | ||
41 | CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ | ||
42 | }; | ||
43 | |||
44 | diff --git a/ioctl.c b/ioctl.c | ||
45 | index ba82387..fb4c4e3 100644 | ||
46 | --- a/ioctl.c | ||
47 | +++ b/ioctl.c | ||
48 | @@ -206,6 +206,21 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) | ||
49 | stream = 0; | ||
50 | aead = 1; | ||
51 | break; | ||
52 | + case CRYPTO_TLS12_3DES_CBC_HMAC_SHA1: | ||
53 | + alg_name = "tls12(hmac(sha1),cbc(des3_ede))"; | ||
54 | + stream = 0; | ||
55 | + aead = 1; | ||
56 | + break; | ||
57 | + case CRYPTO_TLS12_AES_CBC_HMAC_SHA1: | ||
58 | + alg_name = "tls12(hmac(sha1),cbc(aes))"; | ||
59 | + stream = 0; | ||
60 | + aead = 1; | ||
61 | + break; | ||
62 | + case CRYPTO_TLS12_AES_CBC_HMAC_SHA256: | ||
63 | + alg_name = "tls12(hmac(sha256),cbc(aes))"; | ||
64 | + stream = 0; | ||
65 | + aead = 1; | ||
66 | + break; | ||
67 | case CRYPTO_NULL: | ||
68 | alg_name = "ecb(cipher_null)"; | ||
69 | stream = 1; | ||
70 | -- | ||
71 | 2.3.5 | ||
72 | |||
diff --git a/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch b/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch new file mode 100644 index 00000000..86cf6a2b --- /dev/null +++ b/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch | |||
@@ -0,0 +1,186 @@ | |||
1 | From 39abcb9cea60540528e848d6c66169c36d666861 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Fri, 20 Feb 2015 12:46:58 +0200 | ||
4 | Subject: [PATCH 13/15] clean-up code layout | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
7 | Change-Id: I92c2f4baeed9470a2c3c42b592d878e65918b0af | ||
8 | Reviewed-on: http://git.am.freescale.net:8181/34222 | ||
9 | --- | ||
10 | cryptlib.c | 11 ++++------- | ||
11 | ioctl.c | 55 +++++++++++++++++++++---------------------------------- | ||
12 | main.c | 4 +--- | ||
13 | 3 files changed, 26 insertions(+), 44 deletions(-) | ||
14 | |||
15 | diff --git a/cryptlib.c b/cryptlib.c | ||
16 | index ec6693e..21e691b 100644 | ||
17 | --- a/cryptlib.c | ||
18 | +++ b/cryptlib.c | ||
19 | @@ -434,7 +434,7 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) | ||
20 | return waitfor(hdata->async.result, ret); | ||
21 | } | ||
22 | |||
23 | -int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) | ||
24 | +int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) | ||
25 | { | ||
26 | int ret = 0; | ||
27 | struct pkc_request *pkc_req = &pkc->req, *pkc_requested; | ||
28 | @@ -445,8 +445,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) | ||
29 | case RSA_PRIV_FORM1: | ||
30 | case RSA_PRIV_FORM2: | ||
31 | case RSA_PRIV_FORM3: | ||
32 | - pkc->s = crypto_alloc_pkc("pkc(rsa)", | ||
33 | - CRYPTO_ALG_TYPE_PKC_RSA, 0); | ||
34 | + pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0); | ||
35 | break; | ||
36 | case DSA_SIGN: | ||
37 | case DSA_VERIFY: | ||
38 | @@ -454,13 +453,11 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) | ||
39 | case ECDSA_VERIFY: | ||
40 | case DLC_KEYGEN: | ||
41 | case ECC_KEYGEN: | ||
42 | - pkc->s = crypto_alloc_pkc("pkc(dsa)", | ||
43 | - CRYPTO_ALG_TYPE_PKC_DSA, 0); | ||
44 | + pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0); | ||
45 | break; | ||
46 | case DH_COMPUTE_KEY: | ||
47 | case ECDH_COMPUTE_KEY: | ||
48 | - pkc->s = crypto_alloc_pkc("pkc(dh)", | ||
49 | - CRYPTO_ALG_TYPE_PKC_DH, 0); | ||
50 | + pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0); | ||
51 | break; | ||
52 | default: | ||
53 | return -EINVAL; | ||
54 | diff --git a/ioctl.c b/ioctl.c | ||
55 | index fb4c4e3..ee0486c 100644 | ||
56 | --- a/ioctl.c | ||
57 | +++ b/ioctl.c | ||
58 | @@ -714,16 +714,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
59 | case CRK_MOD_EXP: | ||
60 | { | ||
61 | struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; | ||
62 | - copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, | ||
63 | - rsa_req->g_len); | ||
64 | + copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); | ||
65 | } | ||
66 | break; | ||
67 | case CRK_MOD_EXP_CRT: | ||
68 | { | ||
69 | - struct rsa_priv_frm3_req_s *rsa_req = | ||
70 | - &pkc_req->req_u.rsa_priv_f3; | ||
71 | - copy_to_user(ckop->crk_param[6].crp_p, | ||
72 | - rsa_req->f, rsa_req->f_len); | ||
73 | + struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3; | ||
74 | + copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); | ||
75 | } | ||
76 | break; | ||
77 | case CRK_DSA_SIGN: | ||
78 | @@ -731,15 +728,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
79 | struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; | ||
80 | |||
81 | if (pkc_req->type == ECDSA_SIGN) { | ||
82 | - copy_to_user(ckop->crk_param[6].crp_p, | ||
83 | - dsa_req->c, dsa_req->d_len); | ||
84 | - copy_to_user(ckop->crk_param[7].crp_p, | ||
85 | - dsa_req->d, dsa_req->d_len); | ||
86 | + copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); | ||
87 | + copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); | ||
88 | } else { | ||
89 | - copy_to_user(ckop->crk_param[5].crp_p, | ||
90 | - dsa_req->c, dsa_req->d_len); | ||
91 | - copy_to_user(ckop->crk_param[6].crp_p, | ||
92 | - dsa_req->d, dsa_req->d_len); | ||
93 | + copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len); | ||
94 | + copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); | ||
95 | } | ||
96 | } | ||
97 | break; | ||
98 | @@ -749,11 +742,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
99 | { | ||
100 | struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; | ||
101 | if (pkc_req->type == ECDH_COMPUTE_KEY) | ||
102 | - copy_to_user(ckop->crk_param[4].crp_p, | ||
103 | - dh_req->z, dh_req->z_len); | ||
104 | + copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); | ||
105 | else | ||
106 | - copy_to_user(ckop->crk_param[3].crp_p, | ||
107 | - dh_req->z, dh_req->z_len); | ||
108 | + copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); | ||
109 | } | ||
110 | break; | ||
111 | case CRK_DSA_GENERATE_KEY: | ||
112 | @@ -763,14 +754,14 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
113 | |||
114 | if (pkc_req->type == ECC_KEYGEN) { | ||
115 | copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, | ||
116 | - key_req->pub_key_len); | ||
117 | - copy_to_user(ckop->crk_param[5].crp_p, | ||
118 | - key_req->priv_key, key_req->priv_key_len); | ||
119 | + key_req->pub_key_len); | ||
120 | + copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, | ||
121 | + key_req->priv_key_len); | ||
122 | } else { | ||
123 | - copy_to_user(ckop->crk_param[3].crp_p, | ||
124 | - key_req->pub_key, key_req->pub_key_len); | ||
125 | - copy_to_user(ckop->crk_param[4].crp_p, | ||
126 | - key_req->priv_key, key_req->priv_key_len); | ||
127 | + copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, | ||
128 | + key_req->pub_key_len); | ||
129 | + copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, | ||
130 | + key_req->priv_key_len); | ||
131 | } | ||
132 | } | ||
133 | default: | ||
134 | @@ -1113,16 +1104,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
135 | if (!list_empty(&pcr->asym_completed_list)) { | ||
136 | /* Run a loop in the list for upto elements | ||
137 | and copy their response back */ | ||
138 | - pkc = | ||
139 | - list_first_entry(&pcr->asym_completed_list, | ||
140 | + pkc = list_first_entry(&pcr->asym_completed_list, | ||
141 | struct cryptodev_pkc, list); | ||
142 | list_del(&pkc->list); | ||
143 | spin_unlock_bh(&pcr->completion_lock); | ||
144 | ret = crypto_async_fetch_asym(pkc); | ||
145 | if (!ret) { | ||
146 | cookie_list.cookie_available++; | ||
147 | - cookie_list.cookie[i] = | ||
148 | - pkc->kop.kop.cookie; | ||
149 | + cookie_list.cookie[i] = pkc->kop.kop.cookie; | ||
150 | cookie_list.status[i] = pkc->result.err; | ||
151 | } | ||
152 | kfree(pkc); | ||
153 | @@ -1133,12 +1122,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
154 | } | ||
155 | |||
156 | /* Reflect the updated request to user-space */ | ||
157 | - if (cookie_list.cookie_available) | ||
158 | - copy_to_user(arg, &cookie_list, | ||
159 | - sizeof(struct pkc_cookie_list_s)); | ||
160 | - else { | ||
161 | + if (cookie_list.cookie_available) { | ||
162 | + copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); | ||
163 | + } else { | ||
164 | struct pkc_cookie_list_s *user_ck_list = (void *)arg; | ||
165 | - | ||
166 | put_user(0, &(user_ck_list->cookie_available)); | ||
167 | } | ||
168 | ret = cookie_list.cookie_available; | ||
169 | diff --git a/main.c b/main.c | ||
170 | index 6365911..af66553 100644 | ||
171 | --- a/main.c | ||
172 | +++ b/main.c | ||
173 | @@ -666,9 +666,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) | ||
174 | if (pkc->type == SYNCHRONOUS) { | ||
175 | if (rc) | ||
176 | goto err; | ||
177 | - | ||
178 | - copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, | ||
179 | - rsa_req->g_len); | ||
180 | + copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); | ||
181 | } else { | ||
182 | if (rc != -EINPROGRESS && rc != 0) | ||
183 | goto err; | ||
184 | -- | ||
185 | 2.3.5 | ||
186 | |||
diff --git a/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch b/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch new file mode 100644 index 00000000..b9e9d2bd --- /dev/null +++ b/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch | |||
@@ -0,0 +1,494 @@ | |||
1 | From 34e765977633b5f81845c0183af6d388d8225f00 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Mon, 23 Feb 2015 12:14:07 +0200 | ||
4 | Subject: [PATCH 14/15] remove redundant data copy for pkc operations | ||
5 | |||
6 | This patch removes a copy of a pkc request that was | ||
7 | allocated on the hot-path. The copy was not necessary | ||
8 | and was just slowing things down. | ||
9 | |||
10 | Change-Id: I3ad85f78c188f100ab9fc03a5777bb704a9dcb63 | ||
11 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
12 | Reviewed-on: http://git.am.freescale.net:8181/34223 | ||
13 | --- | ||
14 | cryptlib.c | 49 +++---------------- | ||
15 | cryptlib.h | 3 +- | ||
16 | ioctl.c | 17 +++---- | ||
17 | main.c | 162 +++++++++++++++++++++++++++++++++++++------------------------ | ||
18 | 4 files changed, 113 insertions(+), 118 deletions(-) | ||
19 | |||
20 | diff --git a/cryptlib.c b/cryptlib.c | ||
21 | index 21e691b..5882a30 100644 | ||
22 | --- a/cryptlib.c | ||
23 | +++ b/cryptlib.c | ||
24 | @@ -436,59 +436,22 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) | ||
25 | |||
26 | int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) | ||
27 | { | ||
28 | - int ret = 0; | ||
29 | - struct pkc_request *pkc_req = &pkc->req, *pkc_requested; | ||
30 | - | ||
31 | - switch (pkc_req->type) { | ||
32 | - case RSA_KEYGEN: | ||
33 | - case RSA_PUB: | ||
34 | - case RSA_PRIV_FORM1: | ||
35 | - case RSA_PRIV_FORM2: | ||
36 | - case RSA_PRIV_FORM3: | ||
37 | - pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0); | ||
38 | - break; | ||
39 | - case DSA_SIGN: | ||
40 | - case DSA_VERIFY: | ||
41 | - case ECDSA_SIGN: | ||
42 | - case ECDSA_VERIFY: | ||
43 | - case DLC_KEYGEN: | ||
44 | - case ECC_KEYGEN: | ||
45 | - pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0); | ||
46 | - break; | ||
47 | - case DH_COMPUTE_KEY: | ||
48 | - case ECDH_COMPUTE_KEY: | ||
49 | - pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0); | ||
50 | - break; | ||
51 | - default: | ||
52 | - return -EINVAL; | ||
53 | - } | ||
54 | - | ||
55 | - if (IS_ERR_OR_NULL(pkc->s)) | ||
56 | - return -EINVAL; | ||
57 | + int ret; | ||
58 | |||
59 | init_completion(&pkc->result.completion); | ||
60 | - pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); | ||
61 | - | ||
62 | - if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { | ||
63 | - ret = -ENOMEM; | ||
64 | - goto error; | ||
65 | - } | ||
66 | - pkc_requested->type = pkc_req->type; | ||
67 | - pkc_requested->curve_type = pkc_req->curve_type; | ||
68 | - memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); | ||
69 | - pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, | ||
70 | + pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG, | ||
71 | cryptodev_complete_asym, pkc); | ||
72 | - ret = crypto_pkc_op(pkc_requested); | ||
73 | + ret = crypto_pkc_op(pkc->req); | ||
74 | if (ret != -EINPROGRESS && ret != 0) | ||
75 | - goto error2; | ||
76 | + goto error; | ||
77 | |||
78 | if (pkc->type == SYNCHRONOUS) | ||
79 | ret = waitfor(&pkc->result, ret); | ||
80 | |||
81 | return ret; | ||
82 | -error2: | ||
83 | - kfree(pkc_requested); | ||
84 | + | ||
85 | error: | ||
86 | + kfree(pkc->req); | ||
87 | crypto_free_pkc(pkc->s); | ||
88 | return ret; | ||
89 | } | ||
90 | diff --git a/cryptlib.h b/cryptlib.h | ||
91 | index 7ffa54c..4fac0c8 100644 | ||
92 | --- a/cryptlib.h | ||
93 | +++ b/cryptlib.h | ||
94 | @@ -110,8 +110,7 @@ struct cryptodev_pkc { | ||
95 | struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ | ||
96 | struct cryptodev_result result; /* Result to be updated by | ||
97 | completion handler */ | ||
98 | - struct pkc_request req; /* PKC request structure allocated | ||
99 | - from CryptoAPI */ | ||
100 | + struct pkc_request *req; /* PKC request allocated from CryptoAPI */ | ||
101 | enum offload_type type; /* Synchronous Vs Asynchronous request */ | ||
102 | /* | ||
103 | * cookie used for transfering tranparent information from async | ||
104 | diff --git a/ioctl.c b/ioctl.c | ||
105 | index ee0486c..797b73c 100644 | ||
106 | --- a/ioctl.c | ||
107 | +++ b/ioctl.c | ||
108 | @@ -708,26 +708,25 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
109 | int ret = 0; | ||
110 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
111 | struct crypt_kop *ckop = &kop->kop; | ||
112 | - struct pkc_request *pkc_req = &pkc->req; | ||
113 | |||
114 | switch (ckop->crk_op) { | ||
115 | case CRK_MOD_EXP: | ||
116 | { | ||
117 | - struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; | ||
118 | + struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req; | ||
119 | copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); | ||
120 | } | ||
121 | break; | ||
122 | case CRK_MOD_EXP_CRT: | ||
123 | { | ||
124 | - struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3; | ||
125 | + struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3; | ||
126 | copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); | ||
127 | } | ||
128 | break; | ||
129 | case CRK_DSA_SIGN: | ||
130 | { | ||
131 | - struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; | ||
132 | + struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; | ||
133 | |||
134 | - if (pkc_req->type == ECDSA_SIGN) { | ||
135 | + if (pkc->req->type == ECDSA_SIGN) { | ||
136 | copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); | ||
137 | copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); | ||
138 | } else { | ||
139 | @@ -740,8 +739,8 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
140 | break; | ||
141 | case CRK_DH_COMPUTE_KEY: | ||
142 | { | ||
143 | - struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; | ||
144 | - if (pkc_req->type == ECDH_COMPUTE_KEY) | ||
145 | + struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req; | ||
146 | + if (pkc->req->type == ECDH_COMPUTE_KEY) | ||
147 | copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); | ||
148 | else | ||
149 | copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); | ||
150 | @@ -750,9 +749,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
151 | case CRK_DSA_GENERATE_KEY: | ||
152 | case CRK_DH_GENERATE_KEY: | ||
153 | { | ||
154 | - struct keygen_req_s *key_req = &pkc_req->req_u.keygen; | ||
155 | + struct keygen_req_s *key_req = &pkc->req->req_u.keygen; | ||
156 | |||
157 | - if (pkc_req->type == ECC_KEYGEN) { | ||
158 | + if (pkc->req->type == ECC_KEYGEN) { | ||
159 | copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, | ||
160 | key_req->pub_key_len); | ||
161 | copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, | ||
162 | diff --git a/main.c b/main.c | ||
163 | index af66553..ed1c69a 100644 | ||
164 | --- a/main.c | ||
165 | +++ b/main.c | ||
166 | @@ -186,8 +186,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) | ||
167 | { | ||
168 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
169 | struct crypt_kop *cop = &kop->kop; | ||
170 | - struct pkc_request *pkc_req = &pkc->req; | ||
171 | - struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; | ||
172 | + struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; | ||
173 | int rc, buf_size; | ||
174 | uint8_t *buf; | ||
175 | |||
176 | @@ -210,10 +209,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) | ||
177 | if (cop->crk_iparams == 6) { | ||
178 | dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; | ||
179 | buf_size += dsa_req->ab_len; | ||
180 | - pkc_req->type = ECDSA_SIGN; | ||
181 | - pkc_req->curve_type = cop->curve_type; | ||
182 | - } else { | ||
183 | - pkc_req->type = DSA_SIGN; | ||
184 | + pkc->req->curve_type = cop->curve_type; | ||
185 | } | ||
186 | |||
187 | buf = kmalloc(buf_size, GFP_DMA); | ||
188 | @@ -269,7 +265,6 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) | ||
189 | { | ||
190 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
191 | struct crypt_kop *cop = &kop->kop; | ||
192 | - struct pkc_request *pkc_req; | ||
193 | struct dsa_verify_req_s *dsa_req; | ||
194 | int rc, buf_size; | ||
195 | uint8_t *buf; | ||
196 | @@ -281,8 +276,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) | ||
197 | !cop->crk_param[7].crp_nbits)) | ||
198 | return -EINVAL; | ||
199 | |||
200 | - pkc_req = &pkc->req; | ||
201 | - dsa_req = &pkc_req->req_u.dsa_verify; | ||
202 | + dsa_req = &pkc->req->req_u.dsa_verify; | ||
203 | dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
204 | dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
205 | dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
206 | @@ -295,10 +289,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) | ||
207 | if (cop->crk_iparams == 8) { | ||
208 | dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; | ||
209 | buf_size += dsa_req->ab_len; | ||
210 | - pkc_req->type = ECDSA_VERIFY; | ||
211 | - pkc_req->curve_type = cop->curve_type; | ||
212 | - } else { | ||
213 | - pkc_req->type = DSA_VERIFY; | ||
214 | + pkc->req->curve_type = cop->curve_type; | ||
215 | } | ||
216 | |||
217 | buf = kmalloc(buf_size, GFP_DMA); | ||
218 | @@ -351,7 +342,6 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) | ||
219 | { | ||
220 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
221 | struct crypt_kop *cop = &kop->kop; | ||
222 | - struct pkc_request *pkc_req; | ||
223 | struct rsa_keygen_req_s *key_req; | ||
224 | int rc, buf_size; | ||
225 | uint8_t *buf; | ||
226 | @@ -362,9 +352,7 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) | ||
227 | !cop->crk_param[6].crp_nbits) | ||
228 | return -EINVAL; | ||
229 | |||
230 | - pkc_req = &pkc->req; | ||
231 | - pkc_req->type = RSA_KEYGEN; | ||
232 | - key_req = &pkc_req->req_u.rsa_keygen; | ||
233 | + key_req = &pkc->req->req_u.rsa_keygen; | ||
234 | key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
235 | key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; | ||
236 | key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; | ||
237 | @@ -427,7 +415,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
238 | { | ||
239 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
240 | struct crypt_kop *cop = &kop->kop; | ||
241 | - struct pkc_request *pkc_req; | ||
242 | struct keygen_req_s *key_req; | ||
243 | int rc, buf_size; | ||
244 | uint8_t *buf; | ||
245 | @@ -437,8 +424,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
246 | !cop->crk_param[4].crp_nbits) | ||
247 | return -EINVAL; | ||
248 | |||
249 | - pkc_req = &pkc->req; | ||
250 | - key_req = &pkc_req->req_u.keygen; | ||
251 | + key_req = &pkc->req->req_u.keygen; | ||
252 | key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
253 | key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
254 | key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
255 | @@ -447,7 +433,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
256 | key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
257 | buf_size = key_req->q_len + key_req->r_len + key_req->g_len + | ||
258 | key_req->pub_key_len + key_req->priv_key_len; | ||
259 | - pkc_req->type = DLC_KEYGEN; | ||
260 | } else { | ||
261 | key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
262 | key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
263 | @@ -455,8 +440,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
264 | buf_size = key_req->q_len + key_req->r_len + key_req->g_len + | ||
265 | key_req->pub_key_len + key_req->priv_key_len + | ||
266 | key_req->ab_len; | ||
267 | - pkc_req->type = ECC_KEYGEN; | ||
268 | - pkc_req->curve_type = cop->curve_type; | ||
269 | + pkc->req->curve_type = cop->curve_type; | ||
270 | } | ||
271 | |||
272 | buf = kmalloc(buf_size, GFP_DMA); | ||
273 | @@ -508,26 +492,22 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) | ||
274 | { | ||
275 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
276 | struct crypt_kop *cop = &kop->kop; | ||
277 | - struct pkc_request *pkc_req; | ||
278 | struct dh_key_req_s *dh_req; | ||
279 | int buf_size; | ||
280 | uint8_t *buf; | ||
281 | int rc = -EINVAL; | ||
282 | |||
283 | - pkc_req = &pkc->req; | ||
284 | - dh_req = &pkc_req->req_u.dh_req; | ||
285 | + dh_req = &pkc->req->req_u.dh_req; | ||
286 | dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
287 | dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
288 | dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
289 | buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; | ||
290 | if (cop->crk_iparams == 4) { | ||
291 | - pkc_req->type = ECDH_COMPUTE_KEY; | ||
292 | dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
293 | dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; | ||
294 | buf_size += dh_req->ab_len; | ||
295 | } else { | ||
296 | dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; | ||
297 | - pkc_req->type = DH_COMPUTE_KEY; | ||
298 | } | ||
299 | buf_size += dh_req->z_len; | ||
300 | buf = kmalloc(buf_size, GFP_DMA); | ||
301 | @@ -539,7 +519,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) | ||
302 | dh_req->z = dh_req->pub_key + dh_req->pub_key_len; | ||
303 | if (cop->crk_iparams == 4) { | ||
304 | dh_req->ab = dh_req->z + dh_req->z_len; | ||
305 | - pkc_req->curve_type = cop->curve_type; | ||
306 | + pkc->req->curve_type = cop->curve_type; | ||
307 | copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, | ||
308 | dh_req->ab_len); | ||
309 | } | ||
310 | @@ -573,7 +553,6 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) | ||
311 | { | ||
312 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
313 | struct crypt_kop *cop = &kop->kop; | ||
314 | - struct pkc_request *pkc_req; | ||
315 | struct rsa_priv_frm3_req_s *rsa_req; | ||
316 | int rc; | ||
317 | uint8_t *buf; | ||
318 | @@ -583,9 +562,7 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) | ||
319 | !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) | ||
320 | return -EINVAL; | ||
321 | |||
322 | - pkc_req = &pkc->req; | ||
323 | - pkc_req->type = RSA_PRIV_FORM3; | ||
324 | - rsa_req = &pkc_req->req_u.rsa_priv_f3; | ||
325 | + rsa_req = &pkc->req->req_u.rsa_priv_f3; | ||
326 | rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
327 | rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
328 | rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
329 | @@ -632,7 +609,6 @@ err: | ||
330 | |||
331 | int crypto_bn_modexp(struct cryptodev_pkc *pkc) | ||
332 | { | ||
333 | - struct pkc_request *pkc_req; | ||
334 | struct rsa_pub_req_s *rsa_req; | ||
335 | int rc; | ||
336 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
337 | @@ -643,9 +619,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) | ||
338 | !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) | ||
339 | return -EINVAL; | ||
340 | |||
341 | - pkc_req = &pkc->req; | ||
342 | - pkc_req->type = RSA_PUB; | ||
343 | - rsa_req = &pkc_req->req_u.rsa_pub_req; | ||
344 | + rsa_req = &pkc->req->req_u.rsa_pub_req; | ||
345 | rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
346 | rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; | ||
347 | rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; | ||
348 | @@ -680,56 +654,116 @@ err: | ||
349 | return rc; | ||
350 | } | ||
351 | |||
352 | +static struct { | ||
353 | + char *alg_name; | ||
354 | + u32 type; | ||
355 | + u32 mask; | ||
356 | +} pkc_alg_list[] = { | ||
357 | + {"pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0}, | ||
358 | + {"pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0}, | ||
359 | + {"pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0}, | ||
360 | +}; | ||
361 | + | ||
362 | int crypto_run_asym(struct cryptodev_pkc *pkc) | ||
363 | { | ||
364 | - int ret = -EINVAL; | ||
365 | + int err = -EINVAL; | ||
366 | + int id; | ||
367 | struct kernel_crypt_kop *kop = &pkc->kop; | ||
368 | + enum pkc_req_type pkc_req_type; | ||
369 | + int (*call_next_action)(struct cryptodev_pkc *pkc); | ||
370 | |||
371 | switch (kop->kop.crk_op) { | ||
372 | case CRK_MOD_EXP: | ||
373 | if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) | ||
374 | - goto err; | ||
375 | - | ||
376 | - ret = crypto_bn_modexp(pkc); | ||
377 | + return err; | ||
378 | + pkc_req_type = RSA_PUB; | ||
379 | + id = 0; | ||
380 | + call_next_action = crypto_bn_modexp; | ||
381 | break; | ||
382 | case CRK_MOD_EXP_CRT: | ||
383 | if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) | ||
384 | - goto err; | ||
385 | - | ||
386 | - ret = crypto_modexp_crt(pkc); | ||
387 | + return err; | ||
388 | + pkc_req_type = RSA_PRIV_FORM3; | ||
389 | + id = 0; | ||
390 | + call_next_action = crypto_modexp_crt; | ||
391 | break; | ||
392 | case CRK_DSA_SIGN: | ||
393 | - if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || | ||
394 | - kop->kop.crk_oparams != 2) | ||
395 | - goto err; | ||
396 | - | ||
397 | - ret = crypto_kop_dsasign(pkc); | ||
398 | + if (kop->kop.crk_oparams != 2) | ||
399 | + return err; | ||
400 | + else if (kop->kop.crk_iparams == 5) | ||
401 | + pkc_req_type = DSA_SIGN; | ||
402 | + else if (kop->kop.crk_iparams == 6) | ||
403 | + pkc_req_type = ECDSA_SIGN; | ||
404 | + else | ||
405 | + return err; | ||
406 | + id = 1; | ||
407 | + call_next_action = crypto_kop_dsasign; | ||
408 | break; | ||
409 | case CRK_DSA_VERIFY: | ||
410 | - if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || | ||
411 | - kop->kop.crk_oparams != 0) | ||
412 | - goto err; | ||
413 | - | ||
414 | - ret = crypto_kop_dsaverify(pkc); | ||
415 | + if (kop->kop.crk_oparams != 0) | ||
416 | + return err; | ||
417 | + else if (kop->kop.crk_iparams == 7) | ||
418 | + pkc_req_type = DSA_VERIFY; | ||
419 | + else if (kop->kop.crk_iparams == 8) | ||
420 | + pkc_req_type = ECDSA_VERIFY; | ||
421 | + else | ||
422 | + return err; | ||
423 | + id = 1; | ||
424 | + call_next_action = crypto_kop_dsaverify; | ||
425 | break; | ||
426 | case CRK_DH_COMPUTE_KEY: | ||
427 | - if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || | ||
428 | - kop->kop.crk_oparams != 1) | ||
429 | - goto err; | ||
430 | - ret = crypto_kop_dh_key(pkc); | ||
431 | + if (kop->kop.crk_oparams != 1) | ||
432 | + return err; | ||
433 | + else if (kop->kop.crk_iparams == 3) | ||
434 | + pkc_req_type = DH_COMPUTE_KEY; | ||
435 | + else if (kop->kop.crk_iparams == 4) | ||
436 | + pkc_req_type = ECDH_COMPUTE_KEY; | ||
437 | + else | ||
438 | + return err; | ||
439 | + id = 2; | ||
440 | + call_next_action = crypto_kop_dh_key; | ||
441 | break; | ||
442 | case CRK_DH_GENERATE_KEY: | ||
443 | case CRK_DSA_GENERATE_KEY: | ||
444 | - if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) | ||
445 | - goto err; | ||
446 | - ret = crypto_kop_keygen(pkc); | ||
447 | + if (kop->kop.crk_iparams == 3) | ||
448 | + pkc_req_type = DLC_KEYGEN; | ||
449 | + else if (kop->kop.crk_iparams == 4) | ||
450 | + pkc_req_type = ECC_KEYGEN; | ||
451 | + else | ||
452 | + return err; | ||
453 | + id = 1; | ||
454 | + call_next_action = crypto_kop_keygen; | ||
455 | break; | ||
456 | case CRK_RSA_GENERATE_KEY: | ||
457 | - ret = crypto_kop_rsa_keygen(pkc); | ||
458 | + pkc_req_type = RSA_KEYGEN; | ||
459 | + id = 0; | ||
460 | + call_next_action = crypto_kop_rsa_keygen; | ||
461 | break; | ||
462 | + default: | ||
463 | + return err; | ||
464 | } | ||
465 | -err: | ||
466 | - return ret; | ||
467 | + err = -ENOMEM; | ||
468 | + pkc->s = crypto_alloc_pkc(pkc_alg_list[id].alg_name, | ||
469 | + pkc_alg_list[id].type, | ||
470 | + pkc_alg_list[id].mask); | ||
471 | + if (IS_ERR_OR_NULL(pkc->s)) | ||
472 | + return err; | ||
473 | + | ||
474 | + pkc->req = pkc_request_alloc(pkc->s, GFP_KERNEL); | ||
475 | + if (IS_ERR_OR_NULL(pkc->req)) | ||
476 | + goto out_free_tfm; | ||
477 | + | ||
478 | + /* todo - fix alloc-free on error path */ | ||
479 | + pkc->req->type = pkc_req_type; | ||
480 | + err = call_next_action(pkc); | ||
481 | + if (pkc->type == SYNCHRONOUS) | ||
482 | + kfree(pkc->req); | ||
483 | + | ||
484 | + return err; | ||
485 | + | ||
486 | +out_free_tfm: | ||
487 | + crypto_free_pkc(pkc->s); | ||
488 | + return err; | ||
489 | } | ||
490 | |||
491 | int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) | ||
492 | -- | ||
493 | 2.3.5 | ||
494 | |||
diff --git a/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch b/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch new file mode 100644 index 00000000..949fe121 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From 8361f99c940fbe270fca2112dae3d97c9a5776d6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Mon, 23 Feb 2015 15:28:22 +0200 | ||
4 | Subject: [PATCH 15/15] fix pkc request deallocation | ||
5 | |||
6 | The request to be freed is actually pkc->req, and should be done inside | ||
7 | the fetch ioctl for ASYNC (this patch) and in crypt ioctl for SYNC | ||
8 | operations. | ||
9 | |||
10 | Change-Id: I6f046f2ebeae4cb513a419996ca96b52e37468ed | ||
11 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
12 | Reviewed-on: http://git.am.freescale.net:8181/34224 | ||
13 | --- | ||
14 | ioctl.c | 3 +-- | ||
15 | 1 file changed, 1 insertion(+), 2 deletions(-) | ||
16 | |||
17 | diff --git a/ioctl.c b/ioctl.c | ||
18 | index 797b73c..da3a842 100644 | ||
19 | --- a/ioctl.c | ||
20 | +++ b/ioctl.c | ||
21 | @@ -114,8 +114,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) | ||
22 | /* wake for POLLIN */ | ||
23 | wake_up_interruptible(&pcr->user_waiter); | ||
24 | } | ||
25 | - | ||
26 | - kfree(req); | ||
27 | } | ||
28 | |||
29 | #define FILL_SG(sg, ptr, len) \ | ||
30 | @@ -1113,6 +1111,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
31 | cookie_list.cookie[i] = pkc->kop.kop.cookie; | ||
32 | cookie_list.status[i] = pkc->result.err; | ||
33 | } | ||
34 | + kfree(pkc->req); | ||
35 | kfree(pkc); | ||
36 | } else { | ||
37 | spin_unlock_bh(&pcr->completion_lock); | ||
38 | -- | ||
39 | 2.3.5 | ||
40 | |||
diff --git a/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch b/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch new file mode 100644 index 00000000..cefb6dcc --- /dev/null +++ b/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 586bc4a6cd1014c57364020013062f07a8861e38 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Mon, 20 Apr 2015 13:18:47 +0300 | ||
4 | Subject: [PATCH] add basic detection of asym features | ||
5 | |||
6 | Change-Id: I3b3ba8664bf631a63be1f11e715024509e20f841 | ||
7 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
8 | --- | ||
9 | ioctl.c | 12 ++++++++---- | ||
10 | 1 file changed, 8 insertions(+), 4 deletions(-) | ||
11 | |||
12 | diff --git a/ioctl.c b/ioctl.c | ||
13 | index da3a842..53dbf64 100644 | ||
14 | --- a/ioctl.c | ||
15 | +++ b/ioctl.c | ||
16 | @@ -977,10 +977,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
17 | |||
18 | switch (cmd) { | ||
19 | case CIOCASYMFEAT: | ||
20 | - return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | | ||
21 | - CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | | ||
22 | - CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | | ||
23 | - CRF_RSA_GENERATE_KEY, p); | ||
24 | + ses = 0; | ||
25 | + if (crypto_has_alg("pkc(rsa)", 0, 0)) | ||
26 | + ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY; | ||
27 | + if (crypto_has_alg("pkc(dsa)", 0, 0)) | ||
28 | + ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY; | ||
29 | + if (crypto_has_alg("pkc(dh)", 0, 0)) | ||
30 | + ses |= CRF_DH_COMPUTE_KEY |CRF_DH_GENERATE_KEY; | ||
31 | + return put_user(ses, p); | ||
32 | case CRIOGET: | ||
33 | fd = clonefd(filp); | ||
34 | ret = put_user(fd, p); | ||
35 | -- | ||
36 | 2.3.5 | ||
37 | |||
diff --git a/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch b/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch new file mode 100644 index 00000000..b3c36b3d --- /dev/null +++ b/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch | |||
@@ -0,0 +1,67 @@ | |||
1 | From 0ca641091b4113d73e75d30ef530c88836849308 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Fri, 29 May 2015 15:28:47 +0300 | ||
4 | Subject: [PATCH 17/20] remove dead code | ||
5 | |||
6 | Functions kop_to_user and compat_kop_to_user are never used. Delete them | ||
7 | to avoid compiler warnings. | ||
8 | |||
9 | |||
10 | crypto/../../cryptodev-linux/ioctl.c:841:12: warning: 'kop_to_user' defined but not used [-Wunused-function] | ||
11 | static int kop_to_user(struct kernel_crypt_kop *kop, | ||
12 | ^ | ||
13 | crypto/../../cryptodev-linux/ioctl.c: At top level: | ||
14 | crypto/../../cryptodev-linux/ioctl.c:1195:12: warning: 'compat_kop_to_user' defined but not used [-Wunused-function] | ||
15 | static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) | ||
16 | ^ | ||
17 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
18 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
19 | Change-Id: I6bd8a7eb6144224a20cd400813ab15a7a192dbb1 | ||
20 | Reviewed-on: http://git.am.freescale.net:8181/37440 | ||
21 | --- | ||
22 | ioctl.c | 22 ---------------------- | ||
23 | 1 file changed, 22 deletions(-) | ||
24 | |||
25 | diff --git a/ioctl.c b/ioctl.c | ||
26 | index 53dbf64..39635a4 100644 | ||
27 | --- a/ioctl.c | ||
28 | +++ b/ioctl.c | ||
29 | @@ -838,16 +838,6 @@ static int kop_from_user(struct kernel_crypt_kop *kop, | ||
30 | return fill_kop_from_cop(kop); | ||
31 | } | ||
32 | |||
33 | -static int kop_to_user(struct kernel_crypt_kop *kop, | ||
34 | - void __user *arg) | ||
35 | -{ | ||
36 | - if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { | ||
37 | - dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); | ||
38 | - return -EFAULT; | ||
39 | - } | ||
40 | - return 0; | ||
41 | -} | ||
42 | - | ||
43 | static int kcop_from_user(struct kernel_crypt_op *kcop, | ||
44 | struct fcrypt *fcr, void __user *arg) | ||
45 | { | ||
46 | @@ -1192,18 +1182,6 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop, | ||
47 | compat->curve_type = kop->curve_type; | ||
48 | } | ||
49 | |||
50 | -static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) | ||
51 | -{ | ||
52 | - struct compat_crypt_kop compat_kop; | ||
53 | - | ||
54 | - crypt_kop_to_compat(&kop->kop, &compat_kop); | ||
55 | - if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { | ||
56 | - dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); | ||
57 | - return -EFAULT; | ||
58 | - } | ||
59 | - return 0; | ||
60 | -} | ||
61 | - | ||
62 | static inline void | ||
63 | compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) | ||
64 | { | ||
65 | -- | ||
66 | 2.3.5 | ||
67 | |||
diff --git a/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch b/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch new file mode 100644 index 00000000..bf93f5b1 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | From 596378a22532908487f2c5e4d717c5ae618c4c7d Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 2 Jun 2015 10:44:12 +0300 | ||
4 | Subject: [PATCH 18/20] fix compat warnings | ||
5 | |||
6 | CC [M] crypto/../../cryptodev-linux/ioctl.o | ||
7 | crypto/../../cryptodev-linux/ioctl.c: In function 'compat_to_crypt_kop': | ||
8 | crypto/../../cryptodev-linux/ioctl.c:1161:14: warning: assignment makes pointer from integer without a cast | ||
9 | kop->cookie = compat->cookie; | ||
10 | ^ | ||
11 | crypto/../../cryptodev-linux/ioctl.c: In function 'crypt_kop_to_compat': | ||
12 | crypto/../../cryptodev-linux/ioctl.c:1191:17: warning: assignment makes integer from pointer without a cast | ||
13 | compat->cookie = kop->cookie; | ||
14 | ^ | ||
15 | crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl': | ||
16 | crypto/../../cryptodev-linux/ioctl.c:1430:28: warning: assignment makes integer from pointer without a cast | ||
17 | cookie_list.cookie[i] = | ||
18 | ^ | ||
19 | |||
20 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
21 | Change-Id: Id851408c0c743c01447f3b0ced38fbc1ae94d4db | ||
22 | Reviewed-on: http://git.am.freescale.net:8181/37442 | ||
23 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
24 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
25 | --- | ||
26 | ioctl.c | 8 ++++---- | ||
27 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
28 | |||
29 | diff --git a/ioctl.c b/ioctl.c | ||
30 | index 39635a4..f3ce2f6 100644 | ||
31 | --- a/ioctl.c | ||
32 | +++ b/ioctl.c | ||
33 | @@ -1148,7 +1148,7 @@ static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, | ||
34 | } | ||
35 | |||
36 | kop->curve_type = compat->curve_type; | ||
37 | - kop->cookie = compat->cookie; | ||
38 | + kop->cookie = compat_ptr(compat->cookie); | ||
39 | } | ||
40 | |||
41 | static int compat_kop_from_user(struct kernel_crypt_kop *kop, | ||
42 | @@ -1178,7 +1178,7 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop, | ||
43 | ptr_to_compat(kop->crk_param[i].crp_p); | ||
44 | compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; | ||
45 | } | ||
46 | - compat->cookie = kop->cookie; | ||
47 | + compat->cookie = ptr_to_compat(kop->cookie); | ||
48 | compat->curve_type = kop->curve_type; | ||
49 | } | ||
50 | |||
51 | @@ -1405,8 +1405,8 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
52 | ret = crypto_async_fetch_asym(pkc); | ||
53 | if (!ret) { | ||
54 | cookie_list.cookie_available++; | ||
55 | - cookie_list.cookie[i] = | ||
56 | - pkc->kop.kop.cookie; | ||
57 | + cookie_list.cookie[i] = ptr_to_compat( | ||
58 | + pkc->kop.kop.cookie); | ||
59 | } | ||
60 | kfree(pkc); | ||
61 | } else { | ||
62 | -- | ||
63 | 2.3.5 | ||
64 | |||
diff --git a/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch b/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch new file mode 100644 index 00000000..a71cff49 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | From 1d10f06bef0f07980a08b387850c1daf1d3a8e87 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 2 Jun 2015 12:11:12 +0300 | ||
4 | Subject: [PATCH 19/20] fix size_t print format | ||
5 | |||
6 | CC [M] crypto/../../cryptodev-linux/cryptlib.o | ||
7 | crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_cipher_init': | ||
8 | crypto/../../cryptodev-linux/cryptlib.c:146:5: warning: format '%u' expects argument of type 'unsigned int', but argument 6 has type 'size_t' [-Wformat=] | ||
9 | ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", | ||
10 | ^ | ||
11 | crypto/../../cryptodev-linux/cryptlib.c:173:3: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=] | ||
12 | ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); | ||
13 | ^ | ||
14 | crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_hash_init': | ||
15 | crypto/../../cryptodev-linux/cryptlib.c:340:4: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=] | ||
16 | ddebug(1, "Setting hmac key failed for %s-%u.", | ||
17 | ^ | ||
18 | |||
19 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
20 | Change-Id: I67f2d79f68b4d62b598073c6a918a110523fadfd | ||
21 | Reviewed-on: http://git.am.freescale.net:8181/37443 | ||
22 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
23 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
24 | --- | ||
25 | cryptlib.c | 6 +++--- | ||
26 | 1 file changed, 3 insertions(+), 3 deletions(-) | ||
27 | |||
28 | diff --git a/cryptlib.c b/cryptlib.c | ||
29 | index 5882a30..10f5e1a 100644 | ||
30 | --- a/cryptlib.c | ||
31 | +++ b/cryptlib.c | ||
32 | @@ -143,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, | ||
33 | if (alg->max_keysize > 0 && | ||
34 | unlikely((keylen < alg->min_keysize) || | ||
35 | (keylen > alg->max_keysize))) { | ||
36 | - ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", | ||
37 | + ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", | ||
38 | keylen, alg_name, alg->min_keysize, alg->max_keysize); | ||
39 | ret = -EINVAL; | ||
40 | goto error; | ||
41 | @@ -170,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, | ||
42 | } | ||
43 | |||
44 | if (unlikely(ret)) { | ||
45 | - ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); | ||
46 | + ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); | ||
47 | ret = -EINVAL; | ||
48 | goto error; | ||
49 | } | ||
50 | @@ -337,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, | ||
51 | if (hmac_mode != 0) { | ||
52 | ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); | ||
53 | if (unlikely(ret)) { | ||
54 | - ddebug(1, "Setting hmac key failed for %s-%u.", | ||
55 | + ddebug(1, "Setting hmac key failed for %s-%zu.", | ||
56 | alg_name, mackeylen*8); | ||
57 | ret = -EINVAL; | ||
58 | goto error; | ||
59 | -- | ||
60 | 2.3.5 | ||
61 | |||
diff --git a/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch b/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch new file mode 100644 index 00000000..a97a2d4e --- /dev/null +++ b/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From be9f6a0dc90847dbb00307d23f47b8b3fc3ff130 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Fri, 29 May 2015 15:49:22 +0300 | ||
4 | Subject: [PATCH 20/20] fix uninitialized variable compiler warning | ||
5 | |||
6 | crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl': | ||
7 | crypto/../../cryptodev-linux/ioctl.c:1445:2: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized] | ||
8 | return ret; | ||
9 | ^ | ||
10 | |||
11 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
12 | Change-Id: Id5226fc97a3bb880ca6db86df58957122bbaa428 | ||
13 | Reviewed-on: http://git.am.freescale.net:8181/37441 | ||
14 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
15 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
16 | --- | ||
17 | ioctl.c | 3 ++- | ||
18 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/ioctl.c b/ioctl.c | ||
21 | index f3ce2f6..7cd3c56 100644 | ||
22 | --- a/ioctl.c | ||
23 | +++ b/ioctl.c | ||
24 | @@ -1387,9 +1387,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
25 | case COMPAT_CIOCASYMFETCHCOOKIE: | ||
26 | { | ||
27 | struct cryptodev_pkc *pkc; | ||
28 | - int i = 0; | ||
29 | + int i; | ||
30 | struct compat_pkc_cookie_list_s cookie_list; | ||
31 | |||
32 | + ret = 0; | ||
33 | cookie_list.cookie_available = 0; | ||
34 | |||
35 | for (i = 0; i < MAX_COOKIES; i++) { | ||
36 | -- | ||
37 | 2.3.5 | ||
38 | |||
diff --git a/recipes-kernel/ipc/ipc-modules-multi_git.bb b/recipes-kernel/ipc/ipc-modules-multi_git.bb new file mode 100644 index 00000000..e5dc1151 --- /dev/null +++ b/recipes-kernel/ipc/ipc-modules-multi_git.bb | |||
@@ -0,0 +1,11 @@ | |||
1 | require ipc-modules.inc | ||
2 | |||
3 | EXTRA_OEMAKE ="KERNEL_DIR=${STAGING_KERNEL_DIR} ${SOC}=1 CONFIG_MULTI_RAT=1" | ||
4 | |||
5 | do_install(){ | ||
6 | install -d ${D}/usr/driver/IPC/multi_rat | ||
7 | install -m 755 ${S}/kernel/*.ko ${D}/usr/driver/IPC/multi_rat | ||
8 | } | ||
9 | |||
10 | FILES_${PN} += "/usr/driver/IPC/multi_rat/*.ko" | ||
11 | FILES_${PN}-dbg += "/usr/driver/IPC/multi_rat/.debug" | ||
diff --git a/recipes-kernel/ipc/ipc-modules-single_git.bb b/recipes-kernel/ipc/ipc-modules-single_git.bb new file mode 100644 index 00000000..03817e0e --- /dev/null +++ b/recipes-kernel/ipc/ipc-modules-single_git.bb | |||
@@ -0,0 +1,11 @@ | |||
1 | require ipc-modules.inc | ||
2 | |||
3 | EXTRA_OEMAKE ="KERNEL_DIR=${STAGING_KERNEL_DIR} ${SOC}=1" | ||
4 | |||
5 | do_install(){ | ||
6 | install -d ${D}/usr/driver/IPC/single_rat | ||
7 | install -m 755 ${S}/kernel/*.ko ${D}/usr/driver/IPC/single_rat | ||
8 | } | ||
9 | |||
10 | FILES_${PN} += "/usr/driver/IPC/single_rat/*.ko" | ||
11 | FILES_${PN}-dbg += "/usr/driver/IPC/single_rat/.debug" | ||
diff --git a/recipes-kernel/ipc/ipc-modules.inc b/recipes-kernel/ipc/ipc-modules.inc new file mode 100644 index 00000000..79ba7ef1 --- /dev/null +++ b/recipes-kernel/ipc/ipc-modules.inc | |||
@@ -0,0 +1,26 @@ | |||
1 | SUMMARY = "Linux IPC KERNEL MODULE " | ||
2 | DESCRIPTION = "DSP boot application and ipc test application" | ||
3 | LICENSE = "BSD" | ||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=fa38cd73d71527dc6efb546474f64d10" | ||
5 | |||
6 | require recipes-bsp/ipc/ipc.inc | ||
7 | |||
8 | inherit module qoriq_build_64bit_kernel | ||
9 | |||
10 | S = "${WORKDIR}/git" | ||
11 | |||
12 | do_configure[depends] += "virtual/kernel:do_shared_workdir" | ||
13 | do_configure_prepend() { | ||
14 | sed -i 's,$(KERNEL_DIR)/.config,$(KBUILD_OUTPUT)/.config,' ${S}/kernel/Makefile | ||
15 | } | ||
16 | |||
17 | do_compile_prepend () { | ||
18 | cd ${S}/kernel | ||
19 | case ${MACHINE} in | ||
20 | bsc9132qds|bsc9131rdb) SOC=B913x;; | ||
21 | b4860qds|b4420qds) SOC=B4860;; | ||
22 | esac | ||
23 | } | ||
24 | |||
25 | INHIBIT_PACKAGE_STRIP = "1" | ||
26 | |||
diff --git a/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch b/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch new file mode 100644 index 00000000..7d109edb --- /dev/null +++ b/recipes-kernel/linux/files/modify-defconfig-t1040-nr-cpus.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 8545129540a5862b22aad03badb2a9f93bf29117 Mon Sep 17 00:00:00 2001 | ||
2 | From: Bob Cochran <yocto@mindchasers.com> | ||
3 | Date: Mon, 3 Nov 2014 22:45:35 -0500 | ||
4 | Subject: [meta-fsl-ppc][PATCH] linux-qoriq: Change defconfig for T1040 to | ||
5 | match number of CPUS | ||
6 | |||
7 | Having a number higher than necessary for NR_CPUS wastes memory by | ||
8 | instantiating unnecessary structures in RAM. An example is in the DPAA where | ||
9 | DPAA_ETH_TX_QUEUES is defined based on NR_CPUS and used to create | ||
10 | dozens of extra qman_fq structures. Using the prior value of 24, which was | ||
11 | left over from the T4240 created an additonal 60 frame queue structures alone. | ||
12 | |||
13 | This has been tested on t1040rdb-64b. . | ||
14 | |||
15 | Signed-off-by: Bob Cochran <yocto@mindchasers.com> | ||
16 | --- | ||
17 | arch/powerpc/configs/corenet32_fmanv3l_smp_defconfig | 2 +- | ||
18 | 1 files changed, 1 insertions(+), 1 deletions(-) | ||
19 | |||
20 | diff --git a/arch/powerpc/configs/corenet32_fmanv3l_smp_defconfig b/arch/powerpc/configs/corenet32_fmanv3l_smp_defconfig | ||
21 | index a401e7c..5542248 100644 | ||
22 | --- a/arch/powerpc/configs/corenet32_fmanv3l_smp_defconfig | ||
23 | +++ b/arch/powerpc/configs/corenet32_fmanv3l_smp_defconfig | ||
24 | @@ -1,6 +1,6 @@ | ||
25 | CONFIG_PPC_85xx=y | ||
26 | CONFIG_SMP=y | ||
27 | -CONFIG_NR_CPUS=8 | ||
28 | +CONFIG_NR_CPUS=4 | ||
29 | CONFIG_EXPERIMENTAL=y | ||
30 | CONFIG_SYSVIPC=y | ||
31 | CONFIG_POSIX_MQUEUE=y | ||
32 | -- | ||
33 | 1.7.9.5 | ||
diff --git a/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch b/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch new file mode 100644 index 00000000..ddcb6c5d --- /dev/null +++ b/recipes-kernel/linux/files/net-sctp-CVE-2014-0101.patch | |||
@@ -0,0 +1,145 @@ | |||
1 | From 00c53b02cb01976b35d37670a4b5c5d7a6ad3c62 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Borkmann <dborkman@redhat.com> | ||
3 | Date: Mon, 3 Mar 2014 17:23:04 +0100 | ||
4 | Subject: [PATCH] net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is | ||
5 | AUTH capable | ||
6 | |||
7 | [ Upstream commit ec0223ec48a90cb605244b45f7c62de856403729 ] | ||
8 | |||
9 | RFC4895 introduced AUTH chunks for SCTP; during the SCTP | ||
10 | handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS | ||
11 | being optional though): | ||
12 | |||
13 | ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> | ||
14 | <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- | ||
15 | -------------------- COOKIE-ECHO --------------------> | ||
16 | <-------------------- COOKIE-ACK --------------------- | ||
17 | |||
18 | A special case is when an endpoint requires COOKIE-ECHO | ||
19 | chunks to be authenticated: | ||
20 | |||
21 | ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> | ||
22 | <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- | ||
23 | ------------------ AUTH; COOKIE-ECHO ----------------> | ||
24 | <-------------------- COOKIE-ACK --------------------- | ||
25 | |||
26 | RFC4895, section 6.3. Receiving Authenticated Chunks says: | ||
27 | |||
28 | The receiver MUST use the HMAC algorithm indicated in | ||
29 | the HMAC Identifier field. If this algorithm was not | ||
30 | specified by the receiver in the HMAC-ALGO parameter in | ||
31 | the INIT or INIT-ACK chunk during association setup, the | ||
32 | AUTH chunk and all the chunks after it MUST be discarded | ||
33 | and an ERROR chunk SHOULD be sent with the error cause | ||
34 | defined in Section 4.1. [...] If no endpoint pair shared | ||
35 | key has been configured for that Shared Key Identifier, | ||
36 | all authenticated chunks MUST be silently discarded. [...] | ||
37 | |||
38 | When an endpoint requires COOKIE-ECHO chunks to be | ||
39 | authenticated, some special procedures have to be followed | ||
40 | because the reception of a COOKIE-ECHO chunk might result | ||
41 | in the creation of an SCTP association. If a packet arrives | ||
42 | containing an AUTH chunk as a first chunk, a COOKIE-ECHO | ||
43 | chunk as the second chunk, and possibly more chunks after | ||
44 | them, and the receiver does not have an STCB for that | ||
45 | packet, then authentication is based on the contents of | ||
46 | the COOKIE-ECHO chunk. In this situation, the receiver MUST | ||
47 | authenticate the chunks in the packet by using the RANDOM | ||
48 | parameters, CHUNKS parameters and HMAC_ALGO parameters | ||
49 | obtained from the COOKIE-ECHO chunk, and possibly a local | ||
50 | shared secret as inputs to the authentication procedure | ||
51 | specified in Section 6.3. If authentication fails, then | ||
52 | the packet is discarded. If the authentication is successful, | ||
53 | the COOKIE-ECHO and all the chunks after the COOKIE-ECHO | ||
54 | MUST be processed. If the receiver has an STCB, it MUST | ||
55 | process the AUTH chunk as described above using the STCB | ||
56 | from the existing association to authenticate the | ||
57 | COOKIE-ECHO chunk and all the chunks after it. [...] | ||
58 | |||
59 | Commit bbd0d59809f9 introduced the possibility to receive | ||
60 | and verification of AUTH chunk, including the edge case for | ||
61 | authenticated COOKIE-ECHO. On reception of COOKIE-ECHO, | ||
62 | the function sctp_sf_do_5_1D_ce() handles processing, | ||
63 | unpacks and creates a new association if it passed sanity | ||
64 | checks and also tests for authentication chunks being | ||
65 | present. After a new association has been processed, it | ||
66 | invokes sctp_process_init() on the new association and | ||
67 | walks through the parameter list it received from the INIT | ||
68 | chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO | ||
69 | and SCTP_PARAM_CHUNKS, and copies them into asoc->peer | ||
70 | meta data (peer_random, peer_hmacs, peer_chunks) in case | ||
71 | sysctl -w net.sctp.auth_enable=1 is set. If in INIT's | ||
72 | SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set, | ||
73 | peer_random != NULL and peer_hmacs != NULL the peer is to be | ||
74 | assumed asoc->peer.auth_capable=1, in any other case | ||
75 | asoc->peer.auth_capable=0. | ||
76 | |||
77 | Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is | ||
78 | available, we set up a fake auth chunk and pass that on to | ||
79 | sctp_sf_authenticate(), which at latest in | ||
80 | sctp_auth_calculate_hmac() reliably dereferences a NULL pointer | ||
81 | at position 0..0008 when setting up the crypto key in | ||
82 | crypto_hash_setkey() by using asoc->asoc_shared_key that is | ||
83 | NULL as condition key_id == asoc->active_key_id is true if | ||
84 | the AUTH chunk was injected correctly from remote. This | ||
85 | happens no matter what net.sctp.auth_enable sysctl says. | ||
86 | |||
87 | The fix is to check for net->sctp.auth_enable and for | ||
88 | asoc->peer.auth_capable before doing any operations like | ||
89 | sctp_sf_authenticate() as no key is activated in | ||
90 | sctp_auth_asoc_init_active_key() for each case. | ||
91 | |||
92 | Now as RFC4895 section 6.3 states that if the used HMAC-ALGO | ||
93 | passed from the INIT chunk was not used in the AUTH chunk, we | ||
94 | SHOULD send an error; however in this case it would be better | ||
95 | to just silently discard such a maliciously prepared handshake | ||
96 | as we didn't even receive a parameter at all. Also, as our | ||
97 | endpoint has no shared key configured, section 6.3 says that | ||
98 | MUST silently discard, which we are doing from now onwards. | ||
99 | |||
100 | Before calling sctp_sf_pdiscard(), we need not only to free | ||
101 | the association, but also the chunk->auth_chunk skb, as | ||
102 | commit bbd0d59809f9 created a skb clone in that case. | ||
103 | |||
104 | I have tested this locally by using netfilter's nfqueue and | ||
105 | re-injecting packets into the local stack after maliciously | ||
106 | modifying the INIT chunk (removing RANDOM; HMAC-ALGO param) | ||
107 | and the SCTP packet containing the COOKIE_ECHO (injecting | ||
108 | AUTH chunk before COOKIE_ECHO). Fixed with this patch applied. | ||
109 | |||
110 | This fixes CVE-2014-0101 | ||
111 | Upstream-Status: Backport | ||
112 | |||
113 | Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk") | ||
114 | Signed-off-by: Daniel Borkmann <dborkman@redhat.com> | ||
115 | Cc: Vlad Yasevich <yasevich@gmail.com> | ||
116 | Cc: Neil Horman <nhorman@tuxdriver.com> | ||
117 | Acked-by: Vlad Yasevich <vyasevich@gmail.com> | ||
118 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
119 | Signed-off-by: Jiri Slaby <jslaby@suse.cz> | ||
120 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
121 | --- | ||
122 | net/sctp/sm_statefuns.c | 7 +++++++ | ||
123 | 1 file changed, 7 insertions(+) | ||
124 | |||
125 | diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c | ||
126 | index dfe3f36..56ebe71 100644 | ||
127 | --- a/net/sctp/sm_statefuns.c | ||
128 | +++ b/net/sctp/sm_statefuns.c | ||
129 | @@ -768,6 +768,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net, | ||
130 | return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); | ||
131 | } | ||
132 | |||
133 | + /* Make sure that we and the peer are AUTH capable */ | ||
134 | + if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) { | ||
135 | + kfree_skb(chunk->auth_chunk); | ||
136 | + sctp_association_free(new_asoc); | ||
137 | + return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); | ||
138 | + } | ||
139 | + | ||
140 | /* set-up our fake chunk so that we can process it */ | ||
141 | auth.skb = chunk->auth_chunk; | ||
142 | auth.asoc = chunk->asoc; | ||
143 | -- | ||
144 | 1.9.1 | ||
145 | |||
diff --git a/recipes-kernel/linux/linux-qoriq.inc b/recipes-kernel/linux/linux-qoriq.inc new file mode 100644 index 00000000..a832b46a --- /dev/null +++ b/recipes-kernel/linux/linux-qoriq.inc | |||
@@ -0,0 +1,46 @@ | |||
1 | inherit kernel qoriq_build_64bit_kernel | ||
2 | require recipes-kernel/linux/linux-dtb.inc | ||
3 | |||
4 | DESCRIPTION = "Linux kernel for Freescale platforms" | ||
5 | SECTION = "kernel" | ||
6 | LICENSE = "GPLv2" | ||
7 | LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" | ||
8 | |||
9 | KSRC ?= "" | ||
10 | S = '${@base_conditional("KSRC", "", "${WORKDIR}/git", "${KSRC}", d)}' | ||
11 | |||
12 | DEPENDS_append = " libgcc" | ||
13 | KERNEL_CC_append = " ${TOOLCHAIN_OPTIONS}" | ||
14 | KERNEL_LD_append = " ${TOOLCHAIN_OPTIONS}" | ||
15 | |||
16 | SCMVERSION ?= "y" | ||
17 | DELTA_KERNEL_DEFCONFIG ?= "" | ||
18 | do_configure_prepend() { | ||
19 | # copy desired defconfig so we pick it up for the real kernel_do_configure | ||
20 | cp ${KERNEL_DEFCONFIG} ${B}/.config | ||
21 | |||
22 | # add config fragments | ||
23 | for deltacfg in ${DELTA_KERNEL_DEFCONFIG}; do | ||
24 | if [ -f "${deltacfg}" ]; then | ||
25 | ${S}/scripts/kconfig/merge_config.sh -m .config ${deltacfg} | ||
26 | elif [ -f "${S}/arch/powerpc/configs/${deltacfg}" ]; then | ||
27 | ${S}/scripts/kconfig/merge_config.sh -m .config \ | ||
28 | ${S}/arch/powerpc/configs/${deltacfg} | ||
29 | fi | ||
30 | done | ||
31 | |||
32 | #add git revision to the local version | ||
33 | if [ "${SCMVERSION}" = "y" ]; then | ||
34 | # append sdk version if SDK_VERSION is defined | ||
35 | sdkversion='' | ||
36 | if [ -n "${SDK_VERSION}" ]; then | ||
37 | sdkversion="-${SDK_VERSION}" | ||
38 | fi | ||
39 | head=`git --git-dir=${S}/.git rev-parse --verify --short HEAD 2> /dev/null` | ||
40 | printf "%s%s%s" $sdkversion +g $head > ${B}/.scmversion | ||
41 | fi | ||
42 | } | ||
43 | |||
44 | # make everything compatible for the time being | ||
45 | COMPATIBLE_MACHINE_$MACHINE = "$MACHINE" | ||
46 | |||
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb new file mode 100644 index 00000000..3e0ab954 --- /dev/null +++ b/recipes-kernel/linux/linux-qoriq_3.12.bb | |||
@@ -0,0 +1,7 @@ | |||
1 | require recipes-kernel/linux/linux-qoriq.inc | ||
2 | |||
3 | SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;nobranch=1 \ | ||
4 | file://modify-defconfig-t1040-nr-cpus.patch \ | ||
5 | file://net-sctp-CVE-2014-0101.patch \ | ||
6 | " | ||
7 | SRCREV = "f488de6741d5ba805b9fe813d2ddf32368d3a888" | ||
diff --git a/recipes-kernel/lttng/lttng-modules_%.bbappend b/recipes-kernel/lttng/lttng-modules_%.bbappend new file mode 100644 index 00000000..5ff765d4 --- /dev/null +++ b/recipes-kernel/lttng/lttng-modules_%.bbappend | |||
@@ -0,0 +1,2 @@ | |||
1 | inherit qoriq_build_64bit_kernel | ||
2 | |||
diff --git a/recipes-kernel/pkc-host/pkc-host_git.bb b/recipes-kernel/pkc-host/pkc-host_git.bb new file mode 100644 index 00000000..2609adb7 --- /dev/null +++ b/recipes-kernel/pkc-host/pkc-host_git.bb | |||
@@ -0,0 +1,35 @@ | |||
1 | DESCRIPTION = "pkc host driver" | ||
2 | SECTION = "pkc-host" | ||
3 | LICENSE = "BSD & GPLv2+" | ||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=99803d8e9a595c0bdb45ca710f353813" | ||
5 | |||
6 | inherit module qoriq_build_64bit_kernel | ||
7 | RDEPENDS_${PN} += "cryptodev-module bc" | ||
8 | |||
9 | # Currently pkc-host does not support RSA_KEYGEN, remove this | ||
10 | # if it is fixed. | ||
11 | REQUIRED_DISTRO_FEATURES = "c29x_pkc" | ||
12 | |||
13 | SRC_URI = "git://git.freescale.com/ppc/sdk/pkc-host.git;nobranch=1" | ||
14 | SRCREV = "564f535d596f43eb2901a7ff77bbe529a118c16e" | ||
15 | |||
16 | S = "${WORKDIR}/git" | ||
17 | |||
18 | EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' | ||
19 | |||
20 | do_install() { | ||
21 | oe_runmake INSTALL_MOD_PATH="${D}" modules_install | ||
22 | install -d ${D}/etc/crypto | ||
23 | install -d ${D}/${bindir} | ||
24 | cp ${S}/crypto.cfg ${D}/etc/crypto | ||
25 | cp ${S}/images/pkc-firmware.bin ${D}/etc/crypto | ||
26 | cp ${S}/apps/cli/cli ${D}/${bindir} | ||
27 | cp ${S}/perf/c29x_driver_perf_profile.sh ${D}/${bindir} | ||
28 | } | ||
29 | |||
30 | |||
31 | FILES_${PN} = "${bindir}/cli \ | ||
32 | ${bindir}/c29x_driver_perf_profile.sh \ | ||
33 | /etc/crypto/crypto.cfg \ | ||
34 | /etc/crypto/pkc-firmware.bin \ | ||
35 | " | ||
diff --git a/recipes-kernel/qoriq-debug/qoriq-debug_git.bb b/recipes-kernel/qoriq-debug/qoriq-debug_git.bb new file mode 100644 index 00000000..c08f057f --- /dev/null +++ b/recipes-kernel/qoriq-debug/qoriq-debug_git.bb | |||
@@ -0,0 +1,15 @@ | |||
1 | DESCRIPTION = "QorIQ Debug File System Module" | ||
2 | SECTION = "qoriq-debug" | ||
3 | LICENSE = "GPLv2+" | ||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=e29234dd5d40dc352cc60cc0c93437ba" | ||
5 | |||
6 | inherit module autotools-brokensep qoriq_build_64bit_kernel | ||
7 | |||
8 | SRC_URI = "git://git.freescale.com/ppc/sdk/qoriq-debug.git;nobranch=1" | ||
9 | SRCREV = "20615c1ea332102635f8314cee5787c48c1a4254" | ||
10 | |||
11 | S = "${WORKDIR}/git" | ||
12 | |||
13 | EXTRA_OECONF += "--with-linux=${STAGING_KERNEL_DIR}" | ||
14 | EXTRA_OEMAKE += 'SYSROOT="${D}"' | ||
15 | |||
diff --git a/recipes-kernel/skmm-host/skmm-host_git.bb b/recipes-kernel/skmm-host/skmm-host_git.bb new file mode 100644 index 00000000..e3d6dbee --- /dev/null +++ b/recipes-kernel/skmm-host/skmm-host_git.bb | |||
@@ -0,0 +1,15 @@ | |||
1 | DESCRIPTION = "skmm host driver offload data to PCIe EP and push the data en-decrypted back to application" | ||
2 | SECTION = "c293-skmm-host" | ||
3 | LICENSE = "BSD & GPLv2+" | ||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=99803d8e9a595c0bdb45ca710f353813" | ||
5 | |||
6 | inherit module qoriq_build_64bit_kernel | ||
7 | |||
8 | SRC_URI = "git://git.freescale.com/ppc/sdk/skmm-host.git;nobranch=1" | ||
9 | SRCREV = "a655c571a92f4a5d6ced09869c2f17609ee47361" | ||
10 | |||
11 | S = "${WORKDIR}/git" | ||
12 | |||
13 | EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' | ||
14 | |||
15 | FILES_${PN} += "/etc/skmm/ /usr/bin/" | ||
diff --git a/recipes-kernel/uio-seville/uio-seville_0.1.bb b/recipes-kernel/uio-seville/uio-seville_0.1.bb new file mode 100755 index 00000000..7ca4c8fd --- /dev/null +++ b/recipes-kernel/uio-seville/uio-seville_0.1.bb | |||
@@ -0,0 +1,14 @@ | |||
1 | DESCRIPTION = "UIO driver for T1040 L2 Switch" | ||
2 | LICENSE = "GPLv2" | ||
3 | LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e" | ||
4 | |||
5 | SRC_URI = "git://git.freescale.com/ppc/sdk/l2switch-uio.git;branch=master" | ||
6 | SRCREV = "80de8322d0ab8c28f5dfbe3cde8759a1efbe06c9" | ||
7 | |||
8 | inherit module | ||
9 | |||
10 | S = "${WORKDIR}/git/uio-driver" | ||
11 | |||
12 | COMPATIBLE_MACHINE ?= "(none)" | ||
13 | COMPATIBLE_MACHINE_t1040 = ".*" | ||
14 | COMPATIBLE_MACHINE_t1042 = ".*" | ||