From a0036bb1344415acd7a4363091193d19754fc740 Mon Sep 17 00:00:00 2001 From: Cristian Stoica Date: Fri, 17 Jul 2015 17:29:44 +0800 Subject: cryptodev: update to 1.7 plus FSL patches To avoid build issue when Poky upgrades cryptodev, keep a copy of cryptodev-{linux,modules,tests) recipe in this repository. Based on the upstream, this includes the following FSL patches: 0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch 0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch 0003-PKC-support-added-in-cryptodev-module.patch 0004-Compat-versions-of-PKC-IOCTLs.patch 0005-Asynchronous-interface-changes-in-cryptodev.patch 0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch 0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch 0008-Add-RSA-Key-generation-offloading.patch 0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch 0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch 0011-add-support-for-TLSv1.1-record-offload.patch 0012-add-support-for-TLSv1.2-record-offload.patch 0013-clean-up-code-layout.patch 0014-remove-redundant-data-copy-for-pkc-operations.patch 0015-fix-pkc-request-deallocation.patch 0016-add-basic-detection-of-asym-features.patch 0017-remove-dead-code.patch 0018-fix-compat-warnings.patch 0019-fix-size_t-print-format.patch 0020-fix-uninitialized-variable-compiler-warning.patch Signed-off-by: Cristian Stoica Signed-off-by: Ting Liu Signed-off-by: Otavio Salvador --- .../recipes-kernel/cryptodev/cryptodev-fsl.inc | 17 - ...-for-composite-TLS10-SHA1-AES-algorithm-o.patch | 52 -- .../0001-don-t-advertise-RSA-keygen.patch | 32 - ...dd-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch | 207 ----- ...003-PKC-support-added-in-cryptodev-module.patch | 898 --------------------- .../0004-Compat-versions-of-PKC-IOCTLs.patch | 200 ----- ...ynchronous-interface-changes-in-cryptodev.patch | 213 ----- ...and-DLC_KEYGEN-supported-in-cryptodev-mod.patch | 212 ----- ...stall-fixed-in-PKC-asynchronous-interface.patch | 238 ------ .../0008-Add-RSA-Key-generation-offloading.patch | 170 ---- ...lation-error-of-openssl-with-fsl-cryptode.patch | 160 ---- .../cryptodev/cryptodev-linux_1.7.bb | 12 + .../cryptodev/cryptodev-linux_1.7.bbappend | 2 - .../cryptodev/cryptodev-module_1.7.bb | 10 + .../cryptodev/cryptodev-module_1.7.bbappend | 12 - .../cryptodev/cryptodev-tests_1.7.bb | 17 + .../recipes-kernel/cryptodev/cryptodev_1.7.inc | 47 ++ ...-for-composite-TLS10-SHA1-AES-algorithm-o.patch | 52 ++ .../files/0001-don-t-advertise-RSA-keygen.patch | 33 + .../0001-fix-compilation-against-linux-3.19.patch | 36 + ...ests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch | 29 + ...dd-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch | 207 +++++ ...ile-fix-arg-passing-to-CC-in-implicit-rul.patch | 28 + ...talling-header-file-provided-by-another-p.patch | 29 + ...003-PKC-support-added-in-cryptodev-module.patch | 898 +++++++++++++++++++++ ...pile-and-install-rules-for-cryptodev-test.patch | 65 ++ .../files/0004-Compat-versions-of-PKC-IOCTLs.patch | 200 +++++ ...ynchronous-interface-changes-in-cryptodev.patch | 213 +++++ ...and-DLC_KEYGEN-supported-in-cryptodev-mod.patch | 212 +++++ ...stall-fixed-in-PKC-asynchronous-interface.patch | 238 ++++++ .../0008-Add-RSA-Key-generation-offloading.patch | 170 ++++ ...lation-error-of-openssl-with-fsl-cryptode.patch | 160 ++++ ...-for-composite-TLS10-SHA1-3DES-algorithm-.patch | 54 ++ ...11-add-support-for-TLSv1.1-record-offload.patch | 76 ++ ...12-add-support-for-TLSv1.2-record-offload.patch | 72 ++ .../files/0013-clean-up-code-layout.patch | 186 +++++ ...ve-redundant-data-copy-for-pkc-operations.patch | 494 ++++++++++++ .../files/0015-fix-pkc-request-deallocation.patch | 40 + ...0016-add-basic-detection-of-asym-features.patch | 37 + .../cryptodev/files/0017-remove-dead-code.patch | 67 ++ .../cryptodev/files/0018-fix-compat-warnings.patch | 64 ++ .../files/0019-fix-size_t-print-format.patch | 61 ++ ...x-uninitialized-variable-compiler-warning.patch | 38 + 43 files changed, 3845 insertions(+), 2413 deletions(-) delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bb delete mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev_1.7.inc create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch (limited to 'meta-fsl-ppc/recipes-kernel') diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc deleted file mode 100644 index e32e3502..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc +++ /dev/null @@ -1,17 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/cryptodev-fsl:" - -SRC_URI_qoriq-ppc = "git://github.com/cryptodev-linux/cryptodev-linux.git \ - file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \ - file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \ - file://0003-PKC-support-added-in-cryptodev-module.patch \ - file://0004-Compat-versions-of-PKC-IOCTLs.patch \ - file://0005-Asynchronous-interface-changes-in-cryptodev.patch \ - file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \ - file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \ - file://0008-Add-RSA-Key-generation-offloading.patch \ - file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \ -" -SRCREV_qoriq-ppc = "6aa62a2c320b04f55fdfe0ed015c3d9b48997239" - -S_qoriq-ppc = "${WORKDIR}/git" - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch deleted file mode 100644 index 796e5484..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 715ade8236f40cf811c39f9538dfd60803967fcd Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 29 Aug 2013 16:52:30 +0300 -Subject: [PATCH 1/9] add support for composite TLS10(SHA1,AES) algorithm - offload - -This adds support for composite algorithm offload as a primitive -crypto (cipher + hmac) operation. - -It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm -provided either in software or accelerated by hardware such as -Freescale B*, P* and T* platforms. - -Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/17218 ---- - crypto/cryptodev.h | 1 + - ioctl.c | 5 +++++ - 2 files changed, 6 insertions(+) - -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 7fb9c7d..c0e8cd4 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t { - CRYPTO_SHA2_384, - CRYPTO_SHA2_512, - CRYPTO_SHA2_224_HMAC, -+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, - CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ - }; - -diff --git a/ioctl.c b/ioctl.c -index 5a55a76..f9b9b2e 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) - stream = 1; - aead = 1; - break; -+ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: -+ alg_name = "tls10(hmac(sha1),cbc(aes))"; -+ stream = 0; -+ aead = 1; -+ break; - case CRYPTO_NULL: - alg_name = "ecb(cipher_null)"; - stream = 1; --- -1.8.3.1 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch deleted file mode 100644 index 3d7c6086..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b6e2a3747e3cffdf3cc515b0ce35d6bcdcb051c5 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 9 Dec 2014 16:41:25 +0200 -Subject: [PATCH] don't advertise RSA keygen - -This is supposed to avoid RSA keygen operations when they are not -available. Since no testing can be done, the patch should be applied -selectively (for example when offloading through pkc driver on C293) - -Change-Id: I60765f46fd7a39053d42e075d2ec71b032b2ed8a -Signed-off-by: Cristian Stoica ---- - ioctl.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/ioctl.c b/ioctl.c -index e907167..3239093 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -961,8 +961,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMFEAT: - return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | - CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | -- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | -- CRF_RSA_GENERATE_KEY, p); -+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); --- -2.2.0 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch deleted file mode 100644 index 086a97f8..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch +++ /dev/null @@ -1,207 +0,0 @@ -From 4b766c93e4ee19248dd66bbebb61fb5cc9c8a012 Mon Sep 17 00:00:00 2001 -From: Horia Geanta -Date: Wed, 4 Dec 2013 15:43:41 +0200 -Subject: [PATCH 2/9] add support for COMPAT_CIOCAUTHCRYPT ioctl() - -Upstream-status: Pending - -Needed for 64b kernel with 32b user space. - -Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1 -Signed-off-by: Horia Geanta -Tested-by: Cristian Stoica ---- - authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - cryptodev_int.h | 40 +++++++++++++++++++++++++++++ - ioctl.c | 16 ++++++++++++ - 3 files changed, 134 insertions(+) - -diff --git a/authenc.c b/authenc.c -index 1bd7377..ef0d3db 100644 ---- a/authenc.c -+++ b/authenc.c -@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp - return 0; - } - -+/* compatibility code for 32bit userlands */ -+#ifdef CONFIG_COMPAT -+ -+static inline void -+compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat, -+ struct crypt_auth_op *caop) -+{ -+ caop->ses = compat->ses; -+ caop->op = compat->op; -+ caop->flags = compat->flags; -+ caop->len = compat->len; -+ caop->auth_len = compat->auth_len; -+ caop->tag_len = compat->tag_len; -+ caop->iv_len = compat->iv_len; -+ -+ caop->auth_src = compat_ptr(compat->auth_src); -+ caop->src = compat_ptr(compat->src); -+ caop->dst = compat_ptr(compat->dst); -+ caop->tag = compat_ptr(compat->tag); -+ caop->iv = compat_ptr(compat->iv); -+} -+ -+static inline void -+crypt_auth_op_to_compat(struct crypt_auth_op *caop, -+ struct compat_crypt_auth_op *compat) -+{ -+ compat->ses = caop->ses; -+ compat->op = caop->op; -+ compat->flags = caop->flags; -+ compat->len = caop->len; -+ compat->auth_len = caop->auth_len; -+ compat->tag_len = caop->tag_len; -+ compat->iv_len = caop->iv_len; -+ -+ compat->auth_src = ptr_to_compat(caop->auth_src); -+ compat->src = ptr_to_compat(caop->src); -+ compat->dst = ptr_to_compat(caop->dst); -+ compat->tag = ptr_to_compat(caop->tag); -+ compat->iv = ptr_to_compat(caop->iv); -+} -+ -+int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, -+ struct fcrypt *fcr, void __user *arg) -+{ -+ struct compat_crypt_auth_op compat_caop; -+ -+ if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) { -+ dprintk(1, KERN_ERR, "Error in copying from userspace\n"); -+ return -EFAULT; -+ } -+ -+ compat_to_crypt_auth_op(&compat_caop, &kcaop->caop); -+ -+ return fill_kcaop_from_caop(kcaop, fcr); -+} -+ -+int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, -+ struct fcrypt *fcr, void __user *arg) -+{ -+ int ret; -+ struct compat_crypt_auth_op compat_caop; -+ -+ ret = fill_caop_from_kcaop(kcaop, fcr); -+ if (unlikely(ret)) { -+ dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n"); -+ return ret; -+ } -+ -+ crypt_auth_op_to_compat(&kcaop->caop, &compat_caop); -+ -+ if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) { -+ dprintk(1, KERN_ERR, "Error in copying to userspace\n"); -+ return -EFAULT; -+ } -+ return 0; -+} -+ -+#endif /* CONFIG_COMPAT */ - - int kcaop_from_user(struct kernel_crypt_auth_op *kcaop, - struct fcrypt *fcr, void __user *arg) -diff --git a/cryptodev_int.h b/cryptodev_int.h -index d7660fa..8e687e7 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -73,11 +73,42 @@ struct compat_crypt_op { - compat_uptr_t iv;/* initialization vector for encryption operations */ - }; - -+ /* input of CIOCAUTHCRYPT */ -+struct compat_crypt_auth_op { -+ uint32_t ses; /* session identifier */ -+ uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */ -+ uint16_t flags; /* see COP_FLAG_AEAD_* */ -+ uint32_t len; /* length of source data */ -+ uint32_t auth_len; /* length of auth data */ -+ compat_uptr_t auth_src; /* authenticated-only data */ -+ -+ /* The current implementation is more efficient if data are -+ * encrypted in-place (src==dst). */ -+ compat_uptr_t src; /* data to be encrypted and -+ authenticated */ -+ compat_uptr_t dst; /* pointer to output data. Must have -+ * space for tag. For TLS this should be -+ * at least len + tag_size + block_size -+ * for padding */ -+ -+ compat_uptr_t tag; /* where the tag will be copied to. TLS -+ * mode doesn't use that as tag is -+ * copied to dst. -+ * SRTP mode copies tag there. */ -+ uint32_t tag_len; /* the length of the tag. Use zero for -+ * digest size or max tag. */ -+ -+ /* initialization vector for encryption operations */ -+ compat_uptr_t iv; -+ uint32_t iv_len; -+}; -+ - /* compat ioctls, defined for the above structs */ - #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) - #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) - #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) - #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) -+#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) - - #endif /* CONFIG_COMPAT */ - -@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op { - - /* auth */ - -+#ifdef CONFIG_COMPAT -+int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, -+ struct fcrypt *fcr, void __user *arg); -+ -+int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, -+ struct fcrypt *fcr, void __user *arg); -+#endif /* CONFIG_COMPAT */ -+ -+ - int kcaop_from_user(struct kernel_crypt_auth_op *kcop, - struct fcrypt *fcr, void __user *arg); - int kcaop_to_user(struct kernel_crypt_auth_op *kcaop, -diff --git a/ioctl.c b/ioctl.c -index f9b9b2e..1563c75 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - struct session_op sop; - struct compat_session_op compat_sop; - struct kernel_crypt_op kcop; -+ struct kernel_crypt_auth_op kcaop; - int ret; - - if (unlikely(!pcr)) -@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - return ret; - - return compat_kcop_to_user(&kcop, fcr, arg); -+ -+ case COMPAT_CIOCAUTHCRYPT: -+ if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) { -+ dprintk(1, KERN_WARNING, "Error copying from user\n"); -+ return ret; -+ } -+ -+ ret = crypto_auth_run(fcr, &kcaop); -+ if (unlikely(ret)) { -+ dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n"); -+ return ret; -+ } -+ -+ return compat_kcaop_to_user(&kcaop, fcr, arg); -+ - #ifdef ENABLE_ASYNC - case COMPAT_CIOCASYNCCRYPT: - if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg))) --- -1.8.3.1 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch deleted file mode 100644 index a4f7816b..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch +++ /dev/null @@ -1,898 +0,0 @@ -From 5b57fc2124cef0acc3c7e8de376ebd9aa4f1fdd3 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 06:16:09 +0545 -Subject: [PATCH 3/9] PKC support added in cryptodev module - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - cryptlib.c | 66 +++++++++- - cryptlib.h | 28 ++++ - crypto/cryptodev.h | 15 ++- - cryptodev_int.h | 20 ++- - ioctl.c | 196 +++++++++++++++++++++++++-- - main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 6 files changed, 685 insertions(+), 18 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 44ce763..6900028 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -5,6 +5,8 @@ - * Portions Copyright (c) 2010 Michael Weiser - * Portions Copyright (c) 2010 Phil Sutter - * -+ * Copyright 2012 Freescale Semiconductor, Inc. -+ * - * This file is part of linux cryptodev. - * - * This program is free software; you can redistribute it and/or -@@ -39,11 +41,6 @@ - #include "cryptodev_int.h" - - --struct cryptodev_result { -- struct completion completion; -- int err; --}; -- - static void cryptodev_complete(struct crypto_async_request *req, int err) - { - struct cryptodev_result *res = req->data; -@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret) - case 0: - break; - case -EINPROGRESS: -- case -EBUSY: - wait_for_completion(&cr->completion); - /* At this point we known for sure the request has finished, - * because wait_for_completion above was not interruptible. -@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) - return waitfor(hdata->async.result, ret); - } - -+int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) -+{ -+ int ret = 0; -+ struct pkc_request *pkc_req = &pkc->req, *pkc_requested; -+ -+ switch (pkc_req->type) { -+ case RSA_PUB: -+ case RSA_PRIV_FORM1: -+ case RSA_PRIV_FORM2: -+ case RSA_PRIV_FORM3: -+ pkc->s = crypto_alloc_pkc("pkc(rsa)", -+ CRYPTO_ALG_TYPE_PKC_RSA, 0); -+ break; -+ case DSA_SIGN: -+ case DSA_VERIFY: -+ case ECDSA_SIGN: -+ case ECDSA_VERIFY: -+ pkc->s = crypto_alloc_pkc("pkc(dsa)", -+ CRYPTO_ALG_TYPE_PKC_DSA, 0); -+ break; -+ case DH_COMPUTE_KEY: -+ case ECDH_COMPUTE_KEY: -+ pkc->s = crypto_alloc_pkc("pkc(dh)", -+ CRYPTO_ALG_TYPE_PKC_DH, 0); -+ break; -+ default: -+ return -EINVAL; -+ } -+ -+ if (IS_ERR_OR_NULL(pkc->s)) -+ return -EINVAL; -+ -+ init_completion(&pkc->result.completion); -+ pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); -+ -+ if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { -+ ret = -ENOMEM; -+ goto error; -+ } -+ pkc_requested->type = pkc_req->type; -+ pkc_requested->curve_type = pkc_req->curve_type; -+ memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); -+ pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, -+ cryptodev_complete_asym, pkc); -+ ret = crypto_pkc_op(pkc_requested); -+ if (ret != -EINPROGRESS && ret != 0) -+ goto error2; -+ -+ if (pkc->type == SYNCHRONOUS) -+ ret = waitfor(&pkc->result, ret); -+ -+ return ret; -+error2: -+ kfree(pkc_requested); -+error: -+ crypto_free_pkc(pkc->s); -+ return ret; -+} -diff --git a/cryptlib.h b/cryptlib.h -index a0a8a63..56d325a 100644 ---- a/cryptlib.h -+++ b/cryptlib.h -@@ -1,3 +1,6 @@ -+/* -+ * Copyright 2012 Freescale Semiconductor, Inc. -+ */ - #ifndef CRYPTLIB_H - # define CRYPTLIB_H - -@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata); - int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, - int hmac_mode, void *mackey, size_t mackeylen); - -+/* Operation Type */ -+enum offload_type { -+ SYNCHRONOUS, -+ ASYNCHRONOUS -+}; -+ -+struct cryptodev_result { -+ struct completion completion; -+ int err; -+}; -+ -+struct cryptodev_pkc { -+ struct list_head list; /* To maintain the Jobs in completed -+ cryptodev lists */ -+ struct kernel_crypt_kop kop; -+ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ -+ struct cryptodev_result result; /* Result to be updated by -+ completion handler */ -+ struct pkc_request req; /* PKC request structure allocated -+ from CryptoAPI */ -+ enum offload_type type; /* Synchronous Vs Asynchronous request */ -+ void *cookie; /*Additional opaque cookie to be used in future */ -+ struct crypt_priv *priv; -+}; - -+int cryptodev_pkc_offload(struct cryptodev_pkc *); - #endif -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index c0e8cd4..96675fe 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -1,6 +1,10 @@ --/* This is a source compatible implementation with the original API of -+/* -+ * Copyright 2012 Freescale Semiconductor, Inc. -+ * -+ * This is a source compatible implementation with the original API of - * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. -- * Placed under public domain */ -+ * Placed under public domain -+ */ - - #ifndef L_CRYPTODEV_H - #define L_CRYPTODEV_H -@@ -245,6 +249,9 @@ struct crypt_kop { - __u16 crk_oparams; - __u32 crk_pad1; - struct crparam crk_param[CRK_MAXPARAM]; -+ enum curve_t curve_type; /* 0 == Discrete Log, -+ 1 = EC_PRIME, 2 = EC_BINARY */ -+ void *cookie; - }; - - enum cryptodev_crk_op_t { -@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t { - */ - #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) - #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) -- -+/* additional ioctls for asynchronous operation for asymmetric ciphers*/ -+#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) -+#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) - #endif /* L_CRYPTODEV_H */ -diff --git a/cryptodev_int.h b/cryptodev_int.h -index 8e687e7..fdbcc61 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -1,4 +1,6 @@ --/* cipher stuff */ -+/* cipher stuff -+ * Copyright 2012 Freescale Semiconductor, Inc. -+ */ - #ifndef CRYPTODEV_INT_H - # define CRYPTODEV_INT_H - -@@ -112,6 +114,14 @@ struct compat_crypt_auth_op { - - #endif /* CONFIG_COMPAT */ - -+/* kernel-internal extension to struct crypt_kop */ -+struct kernel_crypt_kop { -+ struct crypt_kop kop; -+ -+ struct task_struct *task; -+ struct mm_struct *mm; -+}; -+ - /* kernel-internal extension to struct crypt_op */ - struct kernel_crypt_op { - struct crypt_op cop; -@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop); - - #include - -+/* Cryptodev Key operation handler */ -+int crypto_bn_modexp(struct cryptodev_pkc *); -+int crypto_modexp_crt(struct cryptodev_pkc *); -+int crypto_kop_dsasign(struct cryptodev_pkc *); -+int crypto_kop_dsaverify(struct cryptodev_pkc *); -+int crypto_run_asym(struct cryptodev_pkc *); -+void cryptodev_complete_asym(struct crypto_async_request *, int); -+ - /* other internal structs */ - struct csession { - struct list_head entry; -diff --git a/ioctl.c b/ioctl.c -index 1563c75..782d7fe 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -4,6 +4,7 @@ - * Copyright (c) 2004 Michal Ludvig , SuSE Labs - * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos - * Copyright (c) 2010 Phil Sutter -+ * Copyright 2012 Freescale Semiconductor, Inc. - * - * This file is part of linux cryptodev. - * -@@ -89,8 +90,37 @@ struct crypt_priv { - int itemcount; - struct work_struct cryptask; - wait_queue_head_t user_waiter; -+ /* List of pending cryptodev_pkc asym requests */ -+ struct list_head asym_completed_list; -+ /* For addition/removal of entry in pending list of asymmetric request*/ -+ spinlock_t completion_lock; - }; - -+/* Asymmetric request Completion handler */ -+void cryptodev_complete_asym(struct crypto_async_request *req, int err) -+{ -+ struct cryptodev_pkc *pkc = req->data; -+ struct cryptodev_result *res = &pkc->result; -+ -+ crypto_free_pkc(pkc->s); -+ res->err = err; -+ if (pkc->type == SYNCHRONOUS) { -+ if (err == -EINPROGRESS) -+ return; -+ complete(&res->completion); -+ } else { -+ struct crypt_priv *pcr = pkc->priv; -+ unsigned long flags; -+ spin_lock_irqsave(&pcr->completion_lock, flags); -+ list_add_tail(&pkc->list, &pcr->asym_completed_list); -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ /* wake for POLLIN */ -+ wake_up_interruptible(&pcr->user_waiter); -+ } -+ -+ kfree(req); -+} -+ - #define FILL_SG(sg, ptr, len) \ - do { \ - (sg)->page = virt_to_page(ptr); \ -@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp) - INIT_LIST_HEAD(&pcr->free.list); - INIT_LIST_HEAD(&pcr->todo.list); - INIT_LIST_HEAD(&pcr->done.list); -- -+ INIT_LIST_HEAD(&pcr->asym_completed_list); -+ spin_lock_init(&pcr->completion_lock); - INIT_WORK(&pcr->cryptask, cryptask_routine); - - init_waitqueue_head(&pcr->user_waiter); -@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr, - } - #endif - -+/* get the first asym cipher completed job from the "done" queue -+ * -+ * returns: -+ * -EBUSY if no completed jobs are ready (yet) -+ * the return value otherwise */ -+static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) -+{ -+ int ret = 0; -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *ckop = &kop->kop; -+ struct pkc_request *pkc_req = &pkc->req; -+ -+ switch (ckop->crk_op) { -+ case CRK_MOD_EXP: -+ { -+ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; -+ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, -+ rsa_req->g_len); -+ } -+ break; -+ case CRK_MOD_EXP_CRT: -+ { -+ struct rsa_priv_frm3_req_s *rsa_req = -+ &pkc_req->req_u.rsa_priv_f3; -+ copy_to_user(ckop->crk_param[6].crp_p, -+ rsa_req->f, rsa_req->f_len); -+ } -+ break; -+ case CRK_DSA_SIGN: -+ { -+ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; -+ -+ if (pkc_req->type == ECDSA_SIGN) { -+ copy_to_user(ckop->crk_param[6].crp_p, -+ dsa_req->c, dsa_req->d_len); -+ copy_to_user(ckop->crk_param[7].crp_p, -+ dsa_req->d, dsa_req->d_len); -+ } else { -+ copy_to_user(ckop->crk_param[5].crp_p, -+ dsa_req->c, dsa_req->d_len); -+ copy_to_user(ckop->crk_param[6].crp_p, -+ dsa_req->d, dsa_req->d_len); -+ } -+ } -+ break; -+ case CRK_DSA_VERIFY: -+ break; -+ case CRK_DH_COMPUTE_KEY: -+ { -+ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; -+ if (pkc_req->type == ECDH_COMPUTE_KEY) -+ copy_to_user(ckop->crk_param[4].crp_p, -+ dh_req->z, dh_req->z_len); -+ else -+ copy_to_user(ckop->crk_param[3].crp_p, -+ dh_req->z, dh_req->z_len); -+ } -+ break; -+ default: -+ ret = -EINVAL; -+ } -+ kfree(pkc->cookie); -+ return ret; -+} -+ -+/* this function has to be called from process context */ -+static int fill_kop_from_cop(struct kernel_crypt_kop *kop) -+{ -+ kop->task = current; -+ kop->mm = current->mm; -+ return 0; -+} -+ - /* this function has to be called from process context */ - static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) - { -@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) - - if (cop->iv) { - rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); -- if (unlikely(rc)) { -- derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", -- kcop->ivlen, rc, cop->iv); -+ if (unlikely(rc)) - return -EFAULT; -- } - } - - return 0; -@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) - return 0; - } - -+static int kop_from_user(struct kernel_crypt_kop *kop, -+ void __user *arg) -+{ -+ if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop)))) -+ return -EFAULT; -+ -+ return fill_kop_from_cop(kop); -+} -+ -+static int kop_to_user(struct kernel_crypt_kop *kop, -+ void __user *arg) -+{ -+ if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { -+ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); -+ return -EFAULT; -+ } -+ return 0; -+} -+ - static int kcop_from_user(struct kernel_crypt_op *kcop, - struct fcrypt *fcr, void __user *arg) - { -@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - - switch (cmd) { - case CIOCASYMFEAT: -- return put_user(0, p); -+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | -+ CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); -@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - if (unlikely(ret)) - return ret; - return copy_to_user(arg, &siop, sizeof(siop)); -+ case CIOCKEY: -+ { -+ struct cryptodev_pkc *pkc = -+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ -+ if (!pkc) -+ return -ENOMEM; -+ -+ ret = kop_from_user(&pkc->kop, arg); -+ if (unlikely(ret)) { -+ kfree(pkc); -+ return ret; -+ } -+ pkc->type = SYNCHRONOUS; -+ ret = crypto_run_asym(pkc); -+ kfree(pkc); -+ } -+ return ret; - case CIOCCRYPT: - if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) { - dwarning(1, "Error copying from user"); -@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - - return kcop_to_user(&kcop, fcr, arg); - #endif -+ case CIOCASYMASYNCRYPT: -+ { -+ struct cryptodev_pkc *pkc = -+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ ret = kop_from_user(&pkc->kop, arg); -+ -+ if (unlikely(ret)) -+ return -EINVAL; -+ -+ /* Store associated FD priv data with asymmetric request */ -+ pkc->priv = pcr; -+ pkc->type = ASYNCHRONOUS; -+ ret = crypto_run_asym(pkc); -+ if (ret == -EINPROGRESS) -+ ret = 0; -+ } -+ return ret; -+ case CIOCASYMASYNFETCH: -+ { -+ struct cryptodev_pkc *pkc; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&pcr->completion_lock, flags); -+ if (list_empty(&pcr->asym_completed_list)) { -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ return -ENOMEM; -+ } -+ pkc = list_first_entry(&pcr->asym_completed_list, -+ struct cryptodev_pkc, list); -+ list_del(&pkc->list); -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ ret = crypto_async_fetch_asym(pkc); -+ -+ /* Reflect the updated request to user-space */ -+ if (!ret) -+ kop_to_user(&pkc->kop, arg); -+ kfree(pkc); -+ } -+ return ret; - default: - return -EINVAL; - } -@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait) - - poll_wait(file, &pcr->user_waiter, wait); - -- if (!list_empty_careful(&pcr->done.list)) -+ if (!list_empty_careful(&pcr->done.list) || -+ !list_empty_careful(&pcr->asym_completed_list)) - ret |= POLLIN | POLLRDNORM; -- if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE) -+ if (!list_empty_careful(&pcr->free.list) || -+ pcr->itemcount < MAX_COP_RINGSIZE) - ret |= POLLOUT | POLLWRNORM; - - return ret; -diff --git a/main.c b/main.c -index 57e5c38..0b7951e 100644 ---- a/main.c -+++ b/main.c -@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop) - return ret; - } - -+int crypto_kop_dsasign(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req = &pkc->req; -+ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; -+ int rc, buf_size; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || -+ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 && -+ !cop->crk_param[7].crp_nbits)) -+ return -EINVAL; -+ -+ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; -+ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + -+ dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len + -+ dsa_req->d_len; -+ if (cop->crk_iparams == 6) { -+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; -+ buf_size += dsa_req->ab_len; -+ pkc_req->type = ECDSA_SIGN; -+ pkc_req->curve_type = cop->curve_type; -+ } else { -+ pkc_req->type = DSA_SIGN; -+ } -+ -+ buf = kzalloc(buf_size, GFP_DMA); -+ -+ dsa_req->q = buf; -+ dsa_req->r = dsa_req->q + dsa_req->q_len; -+ dsa_req->g = dsa_req->r + dsa_req->r_len; -+ dsa_req->priv_key = dsa_req->g + dsa_req->g_len; -+ dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; -+ dsa_req->c = dsa_req->m + dsa_req->m_len; -+ dsa_req->d = dsa_req->c + dsa_req->d_len; -+ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); -+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); -+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); -+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); -+ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, -+ dsa_req->priv_key_len); -+ if (cop->crk_iparams == 6) { -+ dsa_req->ab = dsa_req->d + dsa_req->d_len; -+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, -+ dsa_req->ab_len); -+ } -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ if (cop->crk_iparams == 6) { -+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, -+ dsa_req->d_len); -+ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, -+ dsa_req->d_len); -+ } else { -+ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, -+ dsa_req->d_len); -+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, -+ dsa_req->d_len); -+ } -+ } else { -+ if (rc != -EINPROGRESS && rc != 0) -+ goto err; -+ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct dsa_verify_req_s *dsa_req; -+ int rc, buf_size; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || -+ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 && -+ !cop->crk_param[7].crp_nbits)) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ dsa_req = &pkc_req->req_u.dsa_verify; -+ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; -+ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + -+ dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len + -+ dsa_req->d_len; -+ if (cop->crk_iparams == 8) { -+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; -+ buf_size += dsa_req->ab_len; -+ pkc_req->type = ECDSA_VERIFY; -+ pkc_req->curve_type = cop->curve_type; -+ } else { -+ pkc_req->type = DSA_VERIFY; -+ } -+ -+ buf = kzalloc(buf_size, GFP_DMA); -+ -+ dsa_req->q = buf; -+ dsa_req->r = dsa_req->q + dsa_req->q_len; -+ dsa_req->g = dsa_req->r + dsa_req->r_len; -+ dsa_req->pub_key = dsa_req->g + dsa_req->g_len; -+ dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; -+ dsa_req->c = dsa_req->m + dsa_req->m_len; -+ dsa_req->d = dsa_req->c + dsa_req->d_len; -+ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); -+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); -+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); -+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); -+ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, -+ dsa_req->pub_key_len); -+ if (cop->crk_iparams == 8) { -+ dsa_req->ab = dsa_req->d + dsa_req->d_len; -+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, -+ dsa_req->ab_len); -+ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, -+ dsa_req->d_len); -+ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, -+ dsa_req->d_len); -+ } else { -+ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, -+ dsa_req->d_len); -+ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, -+ dsa_req->d_len); -+ } -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ } else { -+ if (rc != -EINPROGRESS && !rc) -+ goto err; -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_kop_dh_key(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct dh_key_req_s *dh_req; -+ int buf_size; -+ uint8_t *buf; -+ int rc = -EINVAL; -+ -+ pkc_req = &pkc->req; -+ dh_req = &pkc_req->req_u.dh_req; -+ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; -+ if (cop->crk_iparams == 4) { -+ pkc_req->type = ECDH_COMPUTE_KEY; -+ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ buf_size += dh_req->ab_len; -+ } else { -+ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ pkc_req->type = DH_COMPUTE_KEY; -+ } -+ buf_size += dh_req->z_len; -+ buf = kzalloc(buf_size, GFP_DMA); -+ dh_req->q = buf; -+ dh_req->s = dh_req->q + dh_req->q_len; -+ dh_req->pub_key = dh_req->s + dh_req->s_len; -+ dh_req->z = dh_req->pub_key + dh_req->pub_key_len; -+ if (cop->crk_iparams == 4) { -+ dh_req->ab = dh_req->z + dh_req->z_len; -+ pkc_req->curve_type = cop->curve_type; -+ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, -+ dh_req->ab_len); -+ } -+ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); -+ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, -+ dh_req->pub_key_len); -+ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ if (cop->crk_iparams == 4) -+ copy_to_user(cop->crk_param[4].crp_p, dh_req->z, -+ dh_req->z_len); -+ else -+ copy_to_user(cop->crk_param[3].crp_p, dh_req->z, -+ dh_req->z_len); -+ } else { -+ if (rc != -EINPROGRESS && rc != 0) -+ goto err; -+ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_modexp_crt(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct rsa_priv_frm3_req_s *rsa_req; -+ int rc; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ pkc_req->type = RSA_PRIV_FORM3; -+ rsa_req = &pkc_req->req_u.rsa_priv_f3; -+ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; -+ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; -+ buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + -+ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + -+ rsa_req->g_len, GFP_DMA); -+ rsa_req->p = buf; -+ rsa_req->q = rsa_req->p + rsa_req->p_len; -+ rsa_req->g = rsa_req->q + rsa_req->q_len; -+ rsa_req->dp = rsa_req->g + rsa_req->g_len; -+ rsa_req->dq = rsa_req->dp + rsa_req->dp_len; -+ rsa_req->c = rsa_req->dq + rsa_req->dq_len; -+ rsa_req->f = rsa_req->c + rsa_req->c_len; -+ copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); -+ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); -+ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); -+ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); -+ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); -+ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); -+ rc = cryptodev_pkc_offload(pkc); -+ -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, -+ rsa_req->f_len); -+ } else { -+ if (rc != -EINPROGRESS && rc != 0) -+ goto err; -+ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_bn_modexp(struct cryptodev_pkc *pkc) -+{ -+ struct pkc_request *pkc_req; -+ struct rsa_pub_req_s *rsa_req; -+ int rc; -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ pkc_req->type = RSA_PUB; -+ rsa_req = &pkc_req->req_u.rsa_pub_req; -+ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len -+ + rsa_req->g_len, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; -+ -+ rsa_req->e = buf; -+ rsa_req->f = rsa_req->e + rsa_req->e_len; -+ rsa_req->g = rsa_req->f + rsa_req->f_len; -+ rsa_req->n = rsa_req->g + rsa_req->g_len; -+ copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); -+ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); -+ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ -+ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, -+ rsa_req->g_len); -+ } else { -+ if (rc != -EINPROGRESS && rc != 0) -+ goto err; -+ -+ /* This one will be freed later in fetch handler */ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_run_asym(struct cryptodev_pkc *pkc) -+{ -+ int ret = -EINVAL; -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ -+ switch (kop->kop.crk_op) { -+ case CRK_MOD_EXP: -+ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) -+ goto err; -+ -+ ret = crypto_bn_modexp(pkc); -+ break; -+ case CRK_MOD_EXP_CRT: -+ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) -+ goto err; -+ -+ ret = crypto_modexp_crt(pkc); -+ break; -+ case CRK_DSA_SIGN: -+ if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || -+ kop->kop.crk_oparams != 2) -+ goto err; -+ -+ ret = crypto_kop_dsasign(pkc); -+ break; -+ case CRK_DSA_VERIFY: -+ if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || -+ kop->kop.crk_oparams != 0) -+ goto err; -+ -+ ret = crypto_kop_dsaverify(pkc); -+ break; -+ case CRK_DH_COMPUTE_KEY: -+ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || -+ kop->kop.crk_oparams != 1) -+ goto err; -+ ret = crypto_kop_dh_key(pkc); -+ break; -+ } -+err: -+ return ret; -+} -+ - int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) - { - struct csession *ses_ptr; --- -1.8.3.1 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch deleted file mode 100644 index 2eedcc72..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch +++ /dev/null @@ -1,200 +0,0 @@ -From 5435dfd329cd90837ce36c6dadc26166c7906cab Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 06:52:13 +0545 -Subject: [PATCH 4/9] Compat versions of PKC IOCTLs - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - cryptodev_int.h | 20 ++++++++++ - ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 140 insertions(+) - -diff --git a/cryptodev_int.h b/cryptodev_int.h -index fdbcc61..cf54dac 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -75,6 +75,24 @@ struct compat_crypt_op { - compat_uptr_t iv;/* initialization vector for encryption operations */ - }; - -+/* input of CIOCKEY */ -+struct compat_crparam { -+ compat_uptr_t crp_p; -+ uint32_t crp_nbits; -+}; -+ -+struct compat_crypt_kop { -+ uint32_t crk_op; /* cryptodev_crk_ot_t */ -+ uint32_t crk_status; -+ uint16_t crk_iparams; -+ uint16_t crk_oparams; -+ uint32_t crk_pad1; -+ struct compat_crparam crk_param[CRK_MAXPARAM]; -+ enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, -+ 2 = EC_BINARY */ -+ compat_uptr_t cookie; -+}; -+ - /* input of CIOCAUTHCRYPT */ - struct compat_crypt_auth_op { - uint32_t ses; /* session identifier */ -@@ -111,6 +129,8 @@ struct compat_crypt_auth_op { - #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) - #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) - #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) -+#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) -+#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) - - #endif /* CONFIG_COMPAT */ - -diff --git a/ioctl.c b/ioctl.c -index 782d7fe..3baf3e6 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - /* compatibility code for 32bit userlands */ - #ifdef CONFIG_COMPAT - -+static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, -+ struct crypt_kop *kop) -+{ -+ int i; -+ kop->crk_op = compat->crk_op; -+ kop->crk_status = compat->crk_status; -+ kop->crk_iparams = compat->crk_iparams; -+ kop->crk_oparams = compat->crk_oparams; -+ -+ for (i = 0; i < CRK_MAXPARAM; i++) { -+ kop->crk_param[i].crp_p = -+ compat_ptr(compat->crk_param[i].crp_p); -+ kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits; -+ } -+ -+ kop->curve_type = compat->curve_type; -+ kop->cookie = compat->cookie; -+} -+ -+static int compat_kop_from_user(struct kernel_crypt_kop *kop, -+ void __user *arg) -+{ -+ struct compat_crypt_kop compat_kop; -+ -+ if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop)))) -+ return -EFAULT; -+ -+ compat_to_crypt_kop(&compat_kop, &kop->kop); -+ return fill_kop_from_cop(kop); -+} -+ -+static inline void crypt_kop_to_compat(struct crypt_kop *kop, -+ struct compat_crypt_kop *compat) -+{ -+ int i; -+ -+ compat->crk_op = kop->crk_op; -+ compat->crk_status = kop->crk_status; -+ compat->crk_iparams = kop->crk_iparams; -+ compat->crk_oparams = kop->crk_oparams; -+ -+ for (i = 0; i < CRK_MAXPARAM; i++) { -+ compat->crk_param[i].crp_p = -+ ptr_to_compat(kop->crk_param[i].crp_p); -+ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; -+ } -+ compat->cookie = kop->cookie; -+ compat->curve_type = kop->curve_type; -+} -+ -+static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) -+{ -+ struct compat_crypt_kop compat_kop; -+ -+ crypt_kop_to_compat(&kop->kop, &compat_kop); -+ if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { -+ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); -+ return -EFAULT; -+ } -+ return 0; -+} -+ - static inline void - compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) - { -@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - return -EFAULT; - } - return ret; -+ case COMPAT_CIOCKEY: -+ { -+ struct cryptodev_pkc *pkc = -+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ -+ if (!pkc) -+ return -ENOMEM; -+ -+ ret = compat_kop_from_user(&pkc->kop, arg); -+ -+ if (unlikely(ret)) { -+ kfree(pkc); -+ return ret; -+ } - -+ pkc->type = SYNCHRONOUS; -+ ret = crypto_run_asym(pkc); -+ kfree(pkc); -+ } -+ return ret; - case COMPAT_CIOCCRYPT: - ret = compat_kcop_from_user(&kcop, fcr, arg); - if (unlikely(ret)) -@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - - return compat_kcop_to_user(&kcop, fcr, arg); - #endif -+ case COMPAT_CIOCASYMASYNCRYPT: -+ { -+ struct cryptodev_pkc *pkc = -+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ -+ ret = compat_kop_from_user(&pkc->kop, arg); -+ if (unlikely(ret)) -+ return -EINVAL; -+ -+ /* Store associated FD priv data with asymmetric request */ -+ pkc->priv = pcr; -+ pkc->type = ASYNCHRONOUS; -+ ret = crypto_run_asym(pkc); -+ if (ret == -EINPROGRESS) -+ ret = 0; -+ } -+ return ret; -+ case COMPAT_CIOCASYMASYNFETCH: -+ { -+ struct cryptodev_pkc *pkc; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&pcr->completion_lock, flags); -+ if (list_empty(&pcr->asym_completed_list)) { -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ return -ENOMEM; -+ } -+ pkc = list_first_entry(&pcr->asym_completed_list, -+ struct cryptodev_pkc, list); -+ list_del(&pkc->list); -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ ret = crypto_async_fetch_asym(pkc); -+ -+ /* Reflect the updated request to user-space */ -+ if (!ret) -+ compat_kop_to_user(&pkc->kop, arg); -+ kfree(pkc); -+ } -+ return ret; - default: - return -EINVAL; - } --- -1.8.3.1 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch deleted file mode 100644 index 2f88eda3..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch +++ /dev/null @@ -1,213 +0,0 @@ -From ddc4179a454cea79c8385fd6756d20cbf3c6dcb5 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 07:24:00 +0545 -Subject: [PATCH 5/9] Asynchronous interface changes in cryptodev - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - cryptlib.h | 7 ++++- - crypto/cryptodev.h | 10 ++++++- - cryptodev_int.h | 10 ++++++- - ioctl.c | 76 +++++++++++++++++++++++++++++++++++++----------------- - 4 files changed, 76 insertions(+), 27 deletions(-) - -diff --git a/cryptlib.h b/cryptlib.h -index 56d325a..7ffa54c 100644 ---- a/cryptlib.h -+++ b/cryptlib.h -@@ -113,7 +113,12 @@ struct cryptodev_pkc { - struct pkc_request req; /* PKC request structure allocated - from CryptoAPI */ - enum offload_type type; /* Synchronous Vs Asynchronous request */ -- void *cookie; /*Additional opaque cookie to be used in future */ -+ /* -+ * cookie used for transfering tranparent information from async -+ * submission to async fetch. Currently some dynamic allocated -+ * buffers are maintained which will be freed later during fetch -+ */ -+ void *cookie; - struct crypt_priv *priv; - }; - -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 96675fe..4436fbf 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -254,6 +254,14 @@ struct crypt_kop { - void *cookie; - }; - -+#define MAX_COOKIES 4 -+ -+struct pkc_cookie_list_s { -+ int cookie_available; -+ void *cookie[MAX_COOKIES]; -+ int status[MAX_COOKIES]; -+}; -+ - enum cryptodev_crk_op_t { - CRK_MOD_EXP = 0, - CRK_MOD_EXP_CRT = 1, -@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t { - #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) - /* additional ioctls for asynchronous operation for asymmetric ciphers*/ - #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) --#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) -+#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s) - #endif /* L_CRYPTODEV_H */ -diff --git a/cryptodev_int.h b/cryptodev_int.h -index cf54dac..5347cae 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -93,6 +93,12 @@ struct compat_crypt_kop { - compat_uptr_t cookie; - }; - -+struct compat_pkc_cookie_list_s { -+ int cookie_available; -+ compat_uptr_t cookie[MAX_COOKIES]; -+ int status[MAX_COOKIES]; -+}; -+ - /* input of CIOCAUTHCRYPT */ - struct compat_crypt_auth_op { - uint32_t ses; /* session identifier */ -@@ -126,11 +132,13 @@ struct compat_crypt_auth_op { - /* compat ioctls, defined for the above structs */ - #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) - #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) -+#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) - #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) - #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) - #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) - #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) --#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) -+#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \ -+ struct compat_pkc_cookie_list_s) - - #endif /* CONFIG_COMPAT */ - -diff --git a/ioctl.c b/ioctl.c -index 3baf3e6..2eb7f03 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) - crypto_free_pkc(pkc->s); - res->err = err; - if (pkc->type == SYNCHRONOUS) { -- if (err == -EINPROGRESS) -- return; - complete(&res->completion); - } else { - struct crypt_priv *pcr = pkc->priv; -@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - ret = 0; - } - return ret; -- case CIOCASYMASYNFETCH: -+ case CIOCASYMFETCHCOOKIE: - { - struct cryptodev_pkc *pkc; - unsigned long flags; -+ int i; -+ struct pkc_cookie_list_s cookie_list; - - spin_lock_irqsave(&pcr->completion_lock, flags); -- if (list_empty(&pcr->asym_completed_list)) { -- spin_unlock_irqrestore(&pcr->completion_lock, flags); -- return -ENOMEM; -+ cookie_list.cookie_available = 0; -+ for (i = 0; i < MAX_COOKIES; i++) { -+ if (!list_empty(&pcr->asym_completed_list)) { -+ /* Run a loop in the list for upto elements -+ and copy their response back */ -+ pkc = -+ list_first_entry(&pcr->asym_completed_list, -+ struct cryptodev_pkc, list); -+ list_del(&pkc->list); -+ ret = crypto_async_fetch_asym(pkc); -+ if (!ret) { -+ cookie_list.cookie_available++; -+ cookie_list.cookie[i] = -+ pkc->kop.kop.cookie; -+ cookie_list.status[i] = pkc->result.err; -+ } -+ kfree(pkc); -+ } else { -+ break; -+ } - } -- pkc = list_first_entry(&pcr->asym_completed_list, -- struct cryptodev_pkc, list); -- list_del(&pkc->list); - spin_unlock_irqrestore(&pcr->completion_lock, flags); -- ret = crypto_async_fetch_asym(pkc); - - /* Reflect the updated request to user-space */ -- if (!ret) -- kop_to_user(&pkc->kop, arg); -- kfree(pkc); -+ if (cookie_list.cookie_available) -+ copy_to_user(arg, &cookie_list, -+ sizeof(struct pkc_cookie_list_s)); - } - return ret; - default: -@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - ret = 0; - } - return ret; -- case COMPAT_CIOCASYMASYNFETCH: -+ case COMPAT_CIOCASYMFETCHCOOKIE: - { - struct cryptodev_pkc *pkc; - unsigned long flags; -+ int i = 0; -+ struct compat_pkc_cookie_list_s cookie_list; - - spin_lock_irqsave(&pcr->completion_lock, flags); -- if (list_empty(&pcr->asym_completed_list)) { -- spin_unlock_irqrestore(&pcr->completion_lock, flags); -- return -ENOMEM; -+ cookie_list.cookie_available = 0; -+ -+ for (i = 0; i < MAX_COOKIES; i++) { -+ if (!list_empty(&pcr->asym_completed_list)) { -+ /* Run a loop in the list for upto elements -+ and copy their response back */ -+ pkc = -+ list_first_entry(&pcr->asym_completed_list, -+ struct cryptodev_pkc, list); -+ list_del(&pkc->list); -+ ret = crypto_async_fetch_asym(pkc); -+ if (!ret) { -+ cookie_list.cookie_available++; -+ cookie_list.cookie[i] = -+ pkc->kop.kop.cookie; -+ } -+ kfree(pkc); -+ } else { -+ break; -+ } - } -- pkc = list_first_entry(&pcr->asym_completed_list, -- struct cryptodev_pkc, list); -- list_del(&pkc->list); - spin_unlock_irqrestore(&pcr->completion_lock, flags); -- ret = crypto_async_fetch_asym(pkc); - - /* Reflect the updated request to user-space */ -- if (!ret) -- compat_kop_to_user(&pkc->kop, arg); -- kfree(pkc); -+ if (cookie_list.cookie_available) -+ copy_to_user(arg, &cookie_list, -+ sizeof(struct compat_pkc_cookie_list_s)); - } - return ret; - default: --- -1.8.3.1 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch deleted file mode 100644 index e70a057b..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch +++ /dev/null @@ -1,212 +0,0 @@ -From 30fc86a09109f169815befc2cd8bbfcae79fe7e0 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 07:53:53 +0545 -Subject: [PATCH 6/9] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - cryptlib.c | 2 ++ - crypto/cryptodev.h | 5 +++- - ioctl.c | 29 +++++++++++++++++-- - main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 118 insertions(+), 3 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 6900028..47cd568 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) - case DSA_VERIFY: - case ECDSA_SIGN: - case ECDSA_VERIFY: -+ case DLC_KEYGEN: -+ case ECC_KEYGEN: - pkc->s = crypto_alloc_pkc("pkc(dsa)", - CRYPTO_ALG_TYPE_PKC_DSA, 0); - break; -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 4436fbf..275a55c 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t { - CRK_DSA_SIGN = 2, - CRK_DSA_VERIFY = 3, - CRK_DH_COMPUTE_KEY = 4, -+ CRK_DSA_GENERATE_KEY = 5, -+ CRK_DH_GENERATE_KEY = 6, - CRK_ALGORITHM_ALL - }; - -@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t { - #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) - #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) - #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) -- -+#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY) -+#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY) - - /* ioctl's. Compatible with old linux cryptodev.h - */ -diff --git a/ioctl.c b/ioctl.c -index 2eb7f03..c813c8c 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - dh_req->z, dh_req->z_len); - } - break; -+ case CRK_DSA_GENERATE_KEY: -+ case CRK_DH_GENERATE_KEY: -+ { -+ struct keygen_req_s *key_req = &pkc_req->req_u.keygen; -+ -+ if (pkc_req->type == ECC_KEYGEN) { -+ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, -+ key_req->pub_key_len); -+ copy_to_user(ckop->crk_param[5].crp_p, -+ key_req->priv_key, key_req->priv_key_len); -+ } else { -+ copy_to_user(ckop->crk_param[3].crp_p, -+ key_req->pub_key, key_req->pub_key_len); -+ copy_to_user(ckop->crk_param[4].crp_p, -+ key_req->priv_key, key_req->priv_key_len); -+ } -+ } - default: - ret = -EINVAL; - } -@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - - switch (cmd) { - case CIOCASYMFEAT: -- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | -- CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); -+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | -+ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | -+ CRF_DSA_GENERATE_KEY, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); -@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - if (cookie_list.cookie_available) - copy_to_user(arg, &cookie_list, - sizeof(struct pkc_cookie_list_s)); -+ else { -+ struct pkc_cookie_list_s *user_ck_list = (void *)arg; -+ -+ put_user(0, &(user_ck_list->cookie_available)); -+ } -+ ret = cookie_list.cookie_available; - } -+ - return ret; - default: - return -EINVAL; -diff --git a/main.c b/main.c -index 0b7951e..c901bc7 100644 ---- a/main.c -+++ b/main.c -@@ -342,6 +342,85 @@ err: - return rc; - } - -+int crypto_kop_keygen(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct keygen_req_s *key_req; -+ int rc, buf_size; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ key_req = &pkc_req->req_u.keygen; -+ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ if (cop->crk_iparams == 3) { -+ key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + -+ key_req->pub_key_len + key_req->priv_key_len; -+ pkc_req->type = DLC_KEYGEN; -+ } else { -+ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8; -+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + -+ key_req->pub_key_len + key_req->priv_key_len + -+ key_req->ab_len; -+ pkc_req->type = ECC_KEYGEN; -+ pkc_req->curve_type = cop->curve_type; -+ } -+ -+ buf = kzalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; -+ -+ key_req->q = buf; -+ key_req->r = key_req->q + key_req->q_len; -+ key_req->g = key_req->r + key_req->r_len; -+ key_req->pub_key = key_req->g + key_req->g_len; -+ key_req->priv_key = key_req->pub_key + key_req->pub_key_len; -+ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); -+ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); -+ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); -+ if (cop->crk_iparams == 3) { -+ copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, -+ key_req->pub_key_len); -+ copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, -+ key_req->priv_key_len); -+ } else { -+ key_req->ab = key_req->priv_key + key_req->priv_key_len; -+ copy_from_user(key_req->ab, cop->crk_param[3].crp_p, -+ key_req->ab_len); -+ copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, -+ key_req->pub_key_len); -+ copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, -+ key_req->priv_key_len); -+ } -+ -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ } else { -+ if (rc != -EINPROGRESS && !rc) -+ goto err; -+ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ - int crypto_kop_dh_key(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; -@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) - goto err; - ret = crypto_kop_dh_key(pkc); - break; -+ case CRK_DH_GENERATE_KEY: -+ case CRK_DSA_GENERATE_KEY: -+ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) -+ goto err; -+ ret = crypto_kop_keygen(pkc); -+ break; - } - err: - return ret; --- -1.8.3.1 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch deleted file mode 100644 index 93a2248c..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch +++ /dev/null @@ -1,238 +0,0 @@ -From d60b9dbf53d63092fd292c00bb03c250c26703cf Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 08:49:15 +0545 -Subject: [PATCH 7/9] RCU stall fixed in PKC asynchronous interface - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - ioctl.c | 23 +++++++++++------------ - main.c | 43 +++++++++++++++++++++++++++---------------- - 2 files changed, 38 insertions(+), 28 deletions(-) - -diff --git a/ioctl.c b/ioctl.c -index c813c8c..7e4c671 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) - complete(&res->completion); - } else { - struct crypt_priv *pcr = pkc->priv; -- unsigned long flags; -- spin_lock_irqsave(&pcr->completion_lock, flags); -+ spin_lock_bh(&pcr->completion_lock); - list_add_tail(&pkc->list, &pcr->asym_completed_list); -- spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ spin_unlock_bh(&pcr->completion_lock); - /* wake for POLLIN */ - wake_up_interruptible(&pcr->user_waiter); - } -@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMFEAT: - return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | - CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | -- CRF_DSA_GENERATE_KEY, p); -+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); -@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCKEY: - { - struct cryptodev_pkc *pkc = -- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); - - if (!pkc) - return -ENOMEM; -@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMASYNCRYPT: - { - struct cryptodev_pkc *pkc = -- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); - ret = kop_from_user(&pkc->kop, arg); - - if (unlikely(ret)) -@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMFETCHCOOKIE: - { - struct cryptodev_pkc *pkc; -- unsigned long flags; - int i; - struct pkc_cookie_list_s cookie_list; - -- spin_lock_irqsave(&pcr->completion_lock, flags); - cookie_list.cookie_available = 0; - for (i = 0; i < MAX_COOKIES; i++) { -+ spin_lock_bh(&pcr->completion_lock); - if (!list_empty(&pcr->asym_completed_list)) { - /* Run a loop in the list for upto elements - and copy their response back */ -@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - list_first_entry(&pcr->asym_completed_list, - struct cryptodev_pkc, list); - list_del(&pkc->list); -+ spin_unlock_bh(&pcr->completion_lock); - ret = crypto_async_fetch_asym(pkc); - if (!ret) { - cookie_list.cookie_available++; -@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - } - kfree(pkc); - } else { -+ spin_unlock_bh(&pcr->completion_lock); - break; - } - } -- spin_unlock_irqrestore(&pcr->completion_lock, flags); - - /* Reflect the updated request to user-space */ - if (cookie_list.cookie_available) -@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - case COMPAT_CIOCASYMFETCHCOOKIE: - { - struct cryptodev_pkc *pkc; -- unsigned long flags; - int i = 0; - struct compat_pkc_cookie_list_s cookie_list; - -- spin_lock_irqsave(&pcr->completion_lock, flags); - cookie_list.cookie_available = 0; - - for (i = 0; i < MAX_COOKIES; i++) { -+ spin_lock_bh(&pcr->completion_lock); - if (!list_empty(&pcr->asym_completed_list)) { - /* Run a loop in the list for upto elements - and copy their response back */ -@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - list_first_entry(&pcr->asym_completed_list, - struct cryptodev_pkc, list); - list_del(&pkc->list); -+ spin_unlock_bh(&pcr->completion_lock); - ret = crypto_async_fetch_asym(pkc); - if (!ret) { - cookie_list.cookie_available++; -@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - } - kfree(pkc); - } else { -+ spin_unlock_bh(&pcr->completion_lock); - break; - } - } -- spin_unlock_irqrestore(&pcr->completion_lock, flags); - - /* Reflect the updated request to user-space */ - if (cookie_list.cookie_available) -diff --git a/main.c b/main.c -index c901bc7..2747706 100644 ---- a/main.c -+++ b/main.c -@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) - pkc_req->type = DSA_SIGN; - } - -- buf = kzalloc(buf_size, GFP_DMA); -+ buf = kmalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; - - dsa_req->q = buf; - dsa_req->r = dsa_req->q + dsa_req->q_len; -@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) - pkc_req->type = DSA_VERIFY; - } - -- buf = kzalloc(buf_size, GFP_DMA); -+ buf = kmalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; - - dsa_req->q = buf; - dsa_req->r = dsa_req->q + dsa_req->q_len; -@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - pkc_req->curve_type = cop->curve_type; - } - -- buf = kzalloc(buf_size, GFP_DMA); -+ buf = kmalloc(buf_size, GFP_DMA); - if (!buf) - return -ENOMEM; - -@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); - copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); - copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); -- if (cop->crk_iparams == 3) { -- copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, -- key_req->pub_key_len); -- copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, -- key_req->priv_key_len); -- } else { -+ if (cop->crk_iparams == 4) { - key_req->ab = key_req->priv_key + key_req->priv_key_len; - copy_from_user(key_req->ab, cop->crk_param[3].crp_p, - key_req->ab_len); -- copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, -- key_req->pub_key_len); -- copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, -- key_req->priv_key_len); - } - - rc = cryptodev_pkc_offload(pkc); - if (pkc->type == SYNCHRONOUS) { - if (rc) - goto err; -+ -+ if (cop->crk_iparams == 4) { -+ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, -+ key_req->pub_key_len); -+ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, -+ key_req->priv_key_len); -+ } else { -+ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, -+ key_req->pub_key_len); -+ copy_to_user(cop->crk_param[4].crp_p, -+ key_req->priv_key, key_req->priv_key_len); -+ } - } else { - if (rc != -EINPROGRESS && !rc) - goto err; -@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) - pkc_req->type = DH_COMPUTE_KEY; - } - buf_size += dh_req->z_len; -- buf = kzalloc(buf_size, GFP_DMA); -+ buf = kmalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; - dh_req->q = buf; - dh_req->s = dh_req->q + dh_req->q_len; - dh_req->pub_key = dh_req->s + dh_req->s_len; -@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) - rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; - rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; - rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; -- buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + -+ buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + - rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + - rsa_req->g_len, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; - rsa_req->p = buf; - rsa_req->q = rsa_req->p + rsa_req->p_len; - rsa_req->g = rsa_req->q + rsa_req->q_len; -@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) - rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; - rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; - rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; -- buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len -+ buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len - + rsa_req->g_len, GFP_DMA); - if (!buf) - return -ENOMEM; --- -1.8.3.1 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch deleted file mode 100644 index affb2e72..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch +++ /dev/null @@ -1,170 +0,0 @@ -From af5e4289f60c38ab17adab14c82d6204d155f25f Mon Sep 17 00:00:00 2001 -From: Hou Zhiqiang -Date: Wed, 19 Mar 2014 14:02:46 +0800 -Subject: [PATCH 8/9] Add RSA Key generation offloading - -Upstream-status: Pending - -Signed-off-by: Hou Zhiqiang -Tested-by: Cristian Stoica ---- - cryptlib.c | 1 + - crypto/cryptodev.h | 2 ++ - ioctl.c | 3 +- - main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++- - 4 files changed, 84 insertions(+), 2 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 47cd568..4dd1847 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) - struct pkc_request *pkc_req = &pkc->req, *pkc_requested; - - switch (pkc_req->type) { -+ case RSA_KEYGEN: - case RSA_PUB: - case RSA_PRIV_FORM1: - case RSA_PRIV_FORM2: -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 275a55c..d0cc542 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t { - CRK_DH_COMPUTE_KEY = 4, - CRK_DSA_GENERATE_KEY = 5, - CRK_DH_GENERATE_KEY = 6, -+ CRK_RSA_GENERATE_KEY = 7, - CRK_ALGORITHM_ALL - }; - -@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t { - */ - #define CRF_MOD_EXP (1 << CRK_MOD_EXP) - #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) -+#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY) - #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) - #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) - #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) -diff --git a/ioctl.c b/ioctl.c -index 7e4c671..14888d6 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMFEAT: - return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | - CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | -- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); -+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | -+ CRF_RSA_GENERATE_KEY, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); -diff --git a/main.c b/main.c -index 2747706..14dcf40 100644 ---- a/main.c -+++ b/main.c -@@ -346,6 +346,82 @@ err: - return rc; - } - -+int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct rsa_keygen_req_s *key_req; -+ int rc, buf_size; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || -+ !cop->crk_param[6].crp_nbits) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ pkc_req->type = RSA_KEYGEN; -+ key_req = &pkc_req->req_u.rsa_keygen; -+ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; -+ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; -+ key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8; -+ key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8; -+ key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8; -+ key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8; -+ key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8; -+ -+ buf_size = key_req->p_len + key_req->q_len + key_req->n_len + -+ key_req->d_len + key_req->dp_len + -+ key_req->dq_len + key_req->c_len; -+ -+ buf = kmalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; -+ key_req->p = buf; -+ key_req->q = key_req->p + key_req->p_len; -+ key_req->n = key_req->q + key_req->q_len; -+ key_req->d = key_req->n + key_req->n_len; -+ key_req->dp = key_req->d + key_req->d_len; -+ key_req->dq = key_req->dp + key_req->dp_len; -+ key_req->c = key_req->dq + key_req->dq_len; -+ -+ rc = cryptodev_pkc_offload(pkc); -+ -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ -+ copy_to_user(cop->crk_param[0].crp_p, -+ key_req->p, key_req->p_len); -+ copy_to_user(cop->crk_param[1].crp_p, -+ key_req->q, key_req->q_len); -+ copy_to_user(cop->crk_param[2].crp_p, -+ key_req->n, key_req->n_len); -+ copy_to_user(cop->crk_param[3].crp_p, -+ key_req->d, key_req->d_len); -+ copy_to_user(cop->crk_param[4].crp_p, -+ key_req->dp, key_req->dp_len); -+ copy_to_user(cop->crk_param[5].crp_p, -+ key_req->dq, key_req->dq_len); -+ copy_to_user(cop->crk_param[6].crp_p, -+ key_req->c, key_req->c_len); -+ } else { -+ if (rc != -EINPROGRESS && !rc) { -+ printk("%s: Failed\n", __func__); -+ goto err; -+ } -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+ -+} -+ - int crypto_kop_keygen(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; -@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - buf = kmalloc(buf_size, GFP_DMA); - if (!buf) - return -ENOMEM; -- - key_req->q = buf; - key_req->r = key_req->q + key_req->q_len; - key_req->g = key_req->r + key_req->r_len; -@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) - goto err; - ret = crypto_kop_keygen(pkc); - break; -+ case CRK_RSA_GENERATE_KEY: -+ ret = crypto_kop_rsa_keygen(pkc); -+ break; - } - err: - return ret; --- -1.8.3.1 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch deleted file mode 100644 index 32757ca9..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch +++ /dev/null @@ -1,160 +0,0 @@ -From e791b55b03d295ee11476382a7bd93ab131e2e52 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Thu, 17 Apr 2014 07:08:47 +0545 -Subject: [PATCH 9/9] Fixed compilation error of openssl with fsl cryptodev - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - authenc.c | 1 + - cryptlib.c | 9 ++++----- - crypto/cryptodev.h | 9 ++++++++- - cryptodev_int.h | 2 +- - ioctl.c | 8 ++++++-- - main.c | 1 + - 6 files changed, 21 insertions(+), 9 deletions(-) - -diff --git a/authenc.c b/authenc.c -index ef0d3db..2aa4d38 100644 ---- a/authenc.c -+++ b/authenc.c -@@ -2,6 +2,7 @@ - * Driver for /dev/crypto device (aka CryptoDev) - * - * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc. -+ * Copyright (c) 2014 Freescale Semiconductor, Inc. - * - * Author: Nikos Mavrogiannopoulos - * -diff --git a/cryptlib.c b/cryptlib.c -index 4dd1847..ec6693e 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -4,8 +4,7 @@ - * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos - * Portions Copyright (c) 2010 Michael Weiser - * Portions Copyright (c) 2010 Phil Sutter -- * -- * Copyright 2012 Freescale Semiconductor, Inc. -+ * Copyright 2012-2014 Freescale Semiconductor, Inc. - * - * This file is part of linux cryptodev. - * -@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, - if (alg->max_keysize > 0 && - unlikely((keylen < alg->min_keysize) || - (keylen > alg->max_keysize))) { -- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", -+ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", - keylen, alg_name, alg->min_keysize, alg->max_keysize); - ret = -EINVAL; - goto error; -@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, - } - - if (unlikely(ret)) { -- ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); -+ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); - ret = -EINVAL; - goto error; - } -@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, - if (hmac_mode != 0) { - ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); - if (unlikely(ret)) { -- ddebug(1, "Setting hmac key failed for %s-%zu.", -+ ddebug(1, "Setting hmac key failed for %s-%u.", - alg_name, mackeylen*8); - ret = -EINVAL; - goto error; -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index d0cc542..e7edd97 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -234,6 +234,13 @@ struct crypt_auth_op { - #define CRYPTO_ALG_FLAG_RNG_ENABLE 2 - #define CRYPTO_ALG_FLAG_DSA_SHA 4 - -+enum ec_curve_t { -+ EC_DISCRETE_LOG, -+ EC_PRIME, -+ EC_BINARY, -+ MAX_EC_TYPE -+}; -+ - struct crparam { - __u8 *crp_p; - __u32 crp_nbits; -@@ -249,7 +256,7 @@ struct crypt_kop { - __u16 crk_oparams; - __u32 crk_pad1; - struct crparam crk_param[CRK_MAXPARAM]; -- enum curve_t curve_type; /* 0 == Discrete Log, -+ enum ec_curve_t curve_type; /* 0 == Discrete Log, - 1 = EC_PRIME, 2 = EC_BINARY */ - void *cookie; - }; -diff --git a/cryptodev_int.h b/cryptodev_int.h -index 5347cae..c83c885 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -88,7 +88,7 @@ struct compat_crypt_kop { - uint16_t crk_oparams; - uint32_t crk_pad1; - struct compat_crparam crk_param[CRK_MAXPARAM]; -- enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, -+ enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, - 2 = EC_BINARY */ - compat_uptr_t cookie; - }; -diff --git a/ioctl.c b/ioctl.c -index 14888d6..20ab4ca 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -4,7 +4,7 @@ - * Copyright (c) 2004 Michal Ludvig , SuSE Labs - * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos - * Copyright (c) 2010 Phil Sutter -- * Copyright 2012 Freescale Semiconductor, Inc. -+ * Copyright 2012-2014 Freescale Semiconductor, Inc. - * - * This file is part of linux cryptodev. - * -@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp) - INIT_LIST_HEAD(&pcr->done.list); - INIT_LIST_HEAD(&pcr->asym_completed_list); - spin_lock_init(&pcr->completion_lock); -+ - INIT_WORK(&pcr->cryptask, cryptask_routine); - - init_waitqueue_head(&pcr->user_waiter); -@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) - - if (cop->iv) { - rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); -- if (unlikely(rc)) -+ if (unlikely(rc)) { -+ derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", -+ kcop->ivlen, rc, cop->iv); - return -EFAULT; -+ } - } - - return 0; -diff --git a/main.c b/main.c -index 14dcf40..6365911 100644 ---- a/main.c -+++ b/main.c -@@ -3,6 +3,7 @@ - * - * Copyright (c) 2004 Michal Ludvig , SuSE Labs - * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos -+ * Copyright (c) 2014 Freescale Semiconductor, Inc. - * - * This file is part of linux cryptodev. - * --- -2.2.0 - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb new file mode 100644 index 00000000..92ccd717 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bb @@ -0,0 +1,12 @@ +require cryptodev_${PV}.inc + +SUMMARY = "A /dev/crypto device driver header file" + +do_compile[noexec] = "1" + +# Just install cryptodev.h which is the only header file needed to be exported +do_install() { + install -D ${S}/crypto/cryptodev.h ${D}${includedir}/crypto/cryptodev.h +} + +ALLOW_EMPTY_${PN} = "1" diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend deleted file mode 100644 index 3cbbb3dd..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend +++ /dev/null @@ -1,2 +0,0 @@ -require recipes-kernel/cryptodev/cryptodev-fsl.inc - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bb b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bb new file mode 100644 index 00000000..e6b1f27c --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bb @@ -0,0 +1,10 @@ +require cryptodev_${PV}.inc + +SUMMARY = "A /dev/crypto device driver kernel module" + +inherit module qoriq_build_64bit_kernel + +# Header file provided by a separate package +DEPENDS += "cryptodev-linux" + +EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend deleted file mode 100644 index 2bf012c1..00000000 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend +++ /dev/null @@ -1,12 +0,0 @@ -require recipes-kernel/cryptodev/cryptodev-fsl.inc - -inherit qoriq_build_64bit_kernel - -do_install_append_qoriq-ppc () { - rm -fr ${D}/usr -} - -# Currently pkc-host does not support RSA_KEYGEN, remove this -# if it is fixed. -SRC_URI_append_qoriq-ppc = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" - diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb new file mode 100644 index 00000000..128ccc99 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-tests_1.7.bb @@ -0,0 +1,17 @@ +require cryptodev_${PV}.inc + +SUMMARY = "A test suite for /dev/crypto device driver" +DEPENDS = "openssl" + +EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' + +do_compile() { + oe_runmake testprogs +} + +do_install() { + oe_runmake install_tests +} + +FILES_${PN}-dbg += "${bindir}/tests_cryptodev/.debug" +FILES_${PN} = "${bindir}/tests_cryptodev/*" diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev_1.7.inc b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev_1.7.inc new file mode 100644 index 00000000..6b65f729 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev_1.7.inc @@ -0,0 +1,47 @@ +HOMEPAGE = "http://cryptodev-linux.org/" + +RCONFLICTS_${PN} = "ocf-linux" +RREPLACES_${PN} = "ocf-linux" + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +SRC_URI = "http://download.gna.org/cryptodev-linux/cryptodev-linux-${PV}.tar.gz" +SRC_URI[md5sum] = "0b63b3481cf2c90386b35f057481d36b" +SRC_URI[sha256sum] = "41880533b53de4d7b3f054e230f576988dafb8eed7bef5ebcf6422bb2e3a3b25" + +# Upstream hotfixes and yocto specific patches +SRC_URI_append = " \ +file://0001-fix-compilation-against-linux-3.19.patch \ +file://0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch \ +file://0003-Disable-installing-header-file-provided-by-another-p.patch \ +file://0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch \ +" +# SDK patches +SRC_URI_append = " file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \ +file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \ +file://0003-PKC-support-added-in-cryptodev-module.patch \ +file://0004-Compat-versions-of-PKC-IOCTLs.patch \ +file://0005-Asynchronous-interface-changes-in-cryptodev.patch \ +file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \ +file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \ +file://0008-Add-RSA-Key-generation-offloading.patch \ +file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \ +file://0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch \ +file://0011-add-support-for-TLSv1.1-record-offload.patch \ +file://0012-add-support-for-TLSv1.2-record-offload.patch \ +file://0013-clean-up-code-layout.patch \ +file://0014-remove-redundant-data-copy-for-pkc-operations.patch \ +file://0015-fix-pkc-request-deallocation.patch \ +file://0016-add-basic-detection-of-asym-features.patch \ +file://0017-remove-dead-code.patch \ +file://0018-fix-compat-warnings.patch \ +file://0019-fix-size_t-print-format.patch \ +file://0020-fix-uninitialized-variable-compiler-warning.patch \ +" + +# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc +# if pkc-host does not need customized cryptodev patches anymore +SRC_URI_append = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" + +S = "${WORKDIR}/cryptodev-linux-${PV}" diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch new file mode 100644 index 00000000..7d957ec1 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch @@ -0,0 +1,52 @@ +From c653e3a70499c6bb66b57c1788d2d38ca9b8a07e Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 29 Aug 2013 16:52:30 +0300 +Subject: [PATCH 01/15] add support for composite TLS10(SHA1,AES) algorithm + offload + +This adds support for composite algorithm offload as a primitive +crypto (cipher + hmac) operation. + +It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm +provided either in software or accelerated by hardware such as +Freescale B*, P* and T* platforms. + +Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/17218 +--- + crypto/cryptodev.h | 1 + + ioctl.c | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 7fb9c7d..c0e8cd4 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t { + CRYPTO_SHA2_384, + CRYPTO_SHA2_512, + CRYPTO_SHA2_224_HMAC, ++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index b23f5fd..a3f8379 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 1; + aead = 1; + break; ++ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: ++ alg_name = "tls10(hmac(sha1),cbc(aes))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_NULL: + alg_name = "ecb(cipher_null)"; + stream = 1; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch new file mode 100644 index 00000000..10d6c8b5 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch @@ -0,0 +1,33 @@ +From d30c9c64aca4a7905e1b7eb3e28e1c616191bd34 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Tue, 9 Dec 2014 16:41:25 +0200 +Subject: [PATCH] don't advertise RSA keygen + +Disable RSA keygen operations when they are not available. + +Currently no testing can be done and this patch should be applied +selectively on platforms that have incomplete support for RSA operations +(for example pkc driver on C293) + +Change-Id: Ic8df014623410c3cf4b0b217a246efcea8f2eeef +Signed-off-by: Cristian Stoica +--- + ioctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ioctl.c b/ioctl.c +index 53dbf64..27dc66e 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -979,7 +979,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + ses = 0; + if (crypto_has_alg("pkc(rsa)", 0, 0)) +- ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY; ++ ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP ; + if (crypto_has_alg("pkc(dsa)", 0, 0)) + ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY; + if (crypto_has_alg("pkc(dh)", 0, 0)) +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch new file mode 100644 index 00000000..ab276d2d --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch @@ -0,0 +1,36 @@ +From 5054d20d45571cc85339351fde52f872eeb82206 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 10 Feb 2015 04:57:05 +0100 +Subject: [PATCH 1/4] fix compilation against linux-3.19 + +Commit f938612dd97d481b8b5bf960c992ae577f081c17 in linux.git removes +get_unused_fd() macro. This patch changes the calling code to use it's +content 'get_unused_fd_flags(0)' instead. Checking for when +get_unused_fd_flags was introduced shows it's been there since 2.6.23 at +least, so probably no need to make this change conditional on the target +kernel version. + +Original patch by Ricardo Ribalda Delgado for Open Embedded, reported by +Oleg Rakhmanov. + +Signed-off-by: Phil Sutter +--- + ioctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ioctl.c b/ioctl.c +index 5a55a76..b23f5fd 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -546,7 +546,7 @@ static int + clonefd(struct file *filp) + { + int ret; +- ret = get_unused_fd(); ++ ret = get_unused_fd_flags(0); + if (ret >= 0) { + get_file(filp); + fd_install(ret, filp); +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch new file mode 100644 index 00000000..f5ab8b4f --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch @@ -0,0 +1,29 @@ +From 47ff1eb9bb4f872c1d731b93d334ee5865bf3439 Mon Sep 17 00:00:00 2001 +From: Denys Dmytriyenko +Date: Sun, 6 Apr 2014 22:16:30 -0400 +Subject: [PATCH] Fix tests Makefile usage of LDLIBS vs. LDFLAGS + +Libraries must come after objects, as link order matters, especially +when using linker flags like -Wl,--as-needed. + +Signed-off-by: Denys Dmytriyenko + +Upstream-Status: Pending +--- + tests/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/Makefile b/tests/Makefile +index cd202af..67c3c83 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -39,5 +39,5 @@ testprogs: $(hostprogs) + clean: + rm -f *.o *~ $(hostprogs) + +-${comp_progs}: LDFLAGS += -lssl -lcrypto ++${comp_progs}: LDLIBS += -lssl -lcrypto + ${comp_progs}: %: %.o openssl_wrapper.o +-- +1.9.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch new file mode 100644 index 00000000..08d92313 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch @@ -0,0 +1,207 @@ +From 71b317347179225693c6d41b740d387ae2c25061 Mon Sep 17 00:00:00 2001 +From: Horia Geanta +Date: Wed, 4 Dec 2013 15:43:41 +0200 +Subject: [PATCH 02/15] add support for COMPAT_CIOCAUTHCRYPT ioctl() + +Upstream-status: Pending + +Needed for 64b kernel with 32b user space. + +Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1 +Signed-off-by: Horia Geanta +Tested-by: Cristian Stoica +--- + authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + cryptodev_int.h | 40 +++++++++++++++++++++++++++++ + ioctl.c | 16 ++++++++++++ + 3 files changed, 134 insertions(+) + +diff --git a/authenc.c b/authenc.c +index 1bd7377..ef0d3db 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp + return 0; + } + ++/* compatibility code for 32bit userlands */ ++#ifdef CONFIG_COMPAT ++ ++static inline void ++compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat, ++ struct crypt_auth_op *caop) ++{ ++ caop->ses = compat->ses; ++ caop->op = compat->op; ++ caop->flags = compat->flags; ++ caop->len = compat->len; ++ caop->auth_len = compat->auth_len; ++ caop->tag_len = compat->tag_len; ++ caop->iv_len = compat->iv_len; ++ ++ caop->auth_src = compat_ptr(compat->auth_src); ++ caop->src = compat_ptr(compat->src); ++ caop->dst = compat_ptr(compat->dst); ++ caop->tag = compat_ptr(compat->tag); ++ caop->iv = compat_ptr(compat->iv); ++} ++ ++static inline void ++crypt_auth_op_to_compat(struct crypt_auth_op *caop, ++ struct compat_crypt_auth_op *compat) ++{ ++ compat->ses = caop->ses; ++ compat->op = caop->op; ++ compat->flags = caop->flags; ++ compat->len = caop->len; ++ compat->auth_len = caop->auth_len; ++ compat->tag_len = caop->tag_len; ++ compat->iv_len = caop->iv_len; ++ ++ compat->auth_src = ptr_to_compat(caop->auth_src); ++ compat->src = ptr_to_compat(caop->src); ++ compat->dst = ptr_to_compat(caop->dst); ++ compat->tag = ptr_to_compat(caop->tag); ++ compat->iv = ptr_to_compat(caop->iv); ++} ++ ++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg) ++{ ++ struct compat_crypt_auth_op compat_caop; ++ ++ if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) { ++ dprintk(1, KERN_ERR, "Error in copying from userspace\n"); ++ return -EFAULT; ++ } ++ ++ compat_to_crypt_auth_op(&compat_caop, &kcaop->caop); ++ ++ return fill_kcaop_from_caop(kcaop, fcr); ++} ++ ++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg) ++{ ++ int ret; ++ struct compat_crypt_auth_op compat_caop; ++ ++ ret = fill_caop_from_kcaop(kcaop, fcr); ++ if (unlikely(ret)) { ++ dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n"); ++ return ret; ++ } ++ ++ crypt_auth_op_to_compat(&kcaop->caop, &compat_caop); ++ ++ if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) { ++ dprintk(1, KERN_ERR, "Error in copying to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ ++#endif /* CONFIG_COMPAT */ + + int kcaop_from_user(struct kernel_crypt_auth_op *kcaop, + struct fcrypt *fcr, void __user *arg) +diff --git a/cryptodev_int.h b/cryptodev_int.h +index d7660fa..8e687e7 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -73,11 +73,42 @@ struct compat_crypt_op { + compat_uptr_t iv;/* initialization vector for encryption operations */ + }; + ++ /* input of CIOCAUTHCRYPT */ ++struct compat_crypt_auth_op { ++ uint32_t ses; /* session identifier */ ++ uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */ ++ uint16_t flags; /* see COP_FLAG_AEAD_* */ ++ uint32_t len; /* length of source data */ ++ uint32_t auth_len; /* length of auth data */ ++ compat_uptr_t auth_src; /* authenticated-only data */ ++ ++ /* The current implementation is more efficient if data are ++ * encrypted in-place (src==dst). */ ++ compat_uptr_t src; /* data to be encrypted and ++ authenticated */ ++ compat_uptr_t dst; /* pointer to output data. Must have ++ * space for tag. For TLS this should be ++ * at least len + tag_size + block_size ++ * for padding */ ++ ++ compat_uptr_t tag; /* where the tag will be copied to. TLS ++ * mode doesn't use that as tag is ++ * copied to dst. ++ * SRTP mode copies tag there. */ ++ uint32_t tag_len; /* the length of the tag. Use zero for ++ * digest size or max tag. */ ++ ++ /* initialization vector for encryption operations */ ++ compat_uptr_t iv; ++ uint32_t iv_len; ++}; ++ + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) ++#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) + + #endif /* CONFIG_COMPAT */ + +@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op { + + /* auth */ + ++#ifdef CONFIG_COMPAT ++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg); ++ ++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg); ++#endif /* CONFIG_COMPAT */ ++ ++ + int kcaop_from_user(struct kernel_crypt_auth_op *kcop, + struct fcrypt *fcr, void __user *arg); + int kcaop_to_user(struct kernel_crypt_auth_op *kcaop, +diff --git a/ioctl.c b/ioctl.c +index a3f8379..5a44807 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + struct session_op sop; + struct compat_session_op compat_sop; + struct kernel_crypt_op kcop; ++ struct kernel_crypt_auth_op kcaop; + int ret; + + if (unlikely(!pcr)) +@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + return ret; + + return compat_kcop_to_user(&kcop, fcr, arg); ++ ++ case COMPAT_CIOCAUTHCRYPT: ++ if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) { ++ dprintk(1, KERN_WARNING, "Error copying from user\n"); ++ return ret; ++ } ++ ++ ret = crypto_auth_run(fcr, &kcaop); ++ if (unlikely(ret)) { ++ dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n"); ++ return ret; ++ } ++ ++ return compat_kcaop_to_user(&kcaop, fcr, arg); ++ + #ifdef ENABLE_ASYNC + case COMPAT_CIOCASYNCCRYPT: + if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg))) +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch new file mode 100644 index 00000000..68c48e0c --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch @@ -0,0 +1,28 @@ +From da730106c2558c8e0c8e1b1b1812d32ef9574ab7 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Sat, 11 Apr 2015 12:45:05 +0200 +Subject: [PATCH 2/4] tests/Makefile: fix arg passing to CC in implicit rule + +GCC docs suggest passing -lfoo after object files referring to functions +in libfoo. Therefore use LDLIBS to specify libraries, which puts them at +the right place when make calls CC implicitly. + +Signed-off-by: Phil Sutter +--- + tests/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/Makefile b/tests/Makefile +index c9f04e8..20c52ba 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -31,5 +31,5 @@ check: $(hostprogs) + clean: + rm -f *.o *~ $(hostprogs) + +-${comp_progs}: LDFLAGS += -lssl -lcrypto ++${comp_progs}: LDLIBS += -lssl -lcrypto + ${comp_progs}: %: %.o openssl_wrapper.o +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch new file mode 100644 index 00000000..e384950c --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch @@ -0,0 +1,29 @@ +From c618f882c283511dd4f7547113a1117c4785f56f Mon Sep 17 00:00:00 2001 +From: Denys Dmytriyenko +Date: Sun, 6 Apr 2014 19:51:39 -0400 +Subject: [PATCH 3/4] Disable installing header file provided by another + package + +Signed-off-by: Denys Dmytriyenko + +Upstream-Status: Inappropriate [ OE specific ] +--- + Makefile | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 31c4b3f..855bb54 100644 +--- a/Makefile ++++ b/Makefile +@@ -31,8 +31,6 @@ install: modules_install + + modules_install: + make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install +- @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..." +- @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h + + clean: + make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch new file mode 100644 index 00000000..46f24320 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch @@ -0,0 +1,898 @@ +From fc9ee6ed33c76372de6e3748d2e951fa10f7c47e Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 06:16:09 +0545 +Subject: [PATCH 03/15] PKC support added in cryptodev module + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + cryptlib.c | 66 +++++++++- + cryptlib.h | 28 ++++ + crypto/cryptodev.h | 15 ++- + cryptodev_int.h | 20 ++- + ioctl.c | 196 +++++++++++++++++++++++++-- + main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 685 insertions(+), 18 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 44ce763..6900028 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -5,6 +5,8 @@ + * Portions Copyright (c) 2010 Michael Weiser + * Portions Copyright (c) 2010 Phil Sutter + * ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ * + * This file is part of linux cryptodev. + * + * This program is free software; you can redistribute it and/or +@@ -39,11 +41,6 @@ + #include "cryptodev_int.h" + + +-struct cryptodev_result { +- struct completion completion; +- int err; +-}; +- + static void cryptodev_complete(struct crypto_async_request *req, int err) + { + struct cryptodev_result *res = req->data; +@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret) + case 0: + break; + case -EINPROGRESS: +- case -EBUSY: + wait_for_completion(&cr->completion); + /* At this point we known for sure the request has finished, + * because wait_for_completion above was not interruptible. +@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) + return waitfor(hdata->async.result, ret); + } + ++int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) ++{ ++ int ret = 0; ++ struct pkc_request *pkc_req = &pkc->req, *pkc_requested; ++ ++ switch (pkc_req->type) { ++ case RSA_PUB: ++ case RSA_PRIV_FORM1: ++ case RSA_PRIV_FORM2: ++ case RSA_PRIV_FORM3: ++ pkc->s = crypto_alloc_pkc("pkc(rsa)", ++ CRYPTO_ALG_TYPE_PKC_RSA, 0); ++ break; ++ case DSA_SIGN: ++ case DSA_VERIFY: ++ case ECDSA_SIGN: ++ case ECDSA_VERIFY: ++ pkc->s = crypto_alloc_pkc("pkc(dsa)", ++ CRYPTO_ALG_TYPE_PKC_DSA, 0); ++ break; ++ case DH_COMPUTE_KEY: ++ case ECDH_COMPUTE_KEY: ++ pkc->s = crypto_alloc_pkc("pkc(dh)", ++ CRYPTO_ALG_TYPE_PKC_DH, 0); ++ break; ++ default: ++ return -EINVAL; ++ } ++ ++ if (IS_ERR_OR_NULL(pkc->s)) ++ return -EINVAL; ++ ++ init_completion(&pkc->result.completion); ++ pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); ++ ++ if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { ++ ret = -ENOMEM; ++ goto error; ++ } ++ pkc_requested->type = pkc_req->type; ++ pkc_requested->curve_type = pkc_req->curve_type; ++ memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); ++ pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, ++ cryptodev_complete_asym, pkc); ++ ret = crypto_pkc_op(pkc_requested); ++ if (ret != -EINPROGRESS && ret != 0) ++ goto error2; ++ ++ if (pkc->type == SYNCHRONOUS) ++ ret = waitfor(&pkc->result, ret); ++ ++ return ret; ++error2: ++ kfree(pkc_requested); ++error: ++ crypto_free_pkc(pkc->s); ++ return ret; ++} +diff --git a/cryptlib.h b/cryptlib.h +index a0a8a63..56d325a 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -1,3 +1,6 @@ ++/* ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ */ + #ifndef CRYPTLIB_H + # define CRYPTLIB_H + +@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata); + int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + int hmac_mode, void *mackey, size_t mackeylen); + ++/* Operation Type */ ++enum offload_type { ++ SYNCHRONOUS, ++ ASYNCHRONOUS ++}; ++ ++struct cryptodev_result { ++ struct completion completion; ++ int err; ++}; ++ ++struct cryptodev_pkc { ++ struct list_head list; /* To maintain the Jobs in completed ++ cryptodev lists */ ++ struct kernel_crypt_kop kop; ++ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ ++ struct cryptodev_result result; /* Result to be updated by ++ completion handler */ ++ struct pkc_request req; /* PKC request structure allocated ++ from CryptoAPI */ ++ enum offload_type type; /* Synchronous Vs Asynchronous request */ ++ void *cookie; /*Additional opaque cookie to be used in future */ ++ struct crypt_priv *priv; ++}; + ++int cryptodev_pkc_offload(struct cryptodev_pkc *); + #endif +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index c0e8cd4..96675fe 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -1,6 +1,10 @@ +-/* This is a source compatible implementation with the original API of ++/* ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ * ++ * This is a source compatible implementation with the original API of + * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. +- * Placed under public domain */ ++ * Placed under public domain ++ */ + + #ifndef L_CRYPTODEV_H + #define L_CRYPTODEV_H +@@ -245,6 +249,9 @@ struct crypt_kop { + __u16 crk_oparams; + __u32 crk_pad1; + struct crparam crk_param[CRK_MAXPARAM]; ++ enum curve_t curve_type; /* 0 == Discrete Log, ++ 1 = EC_PRIME, 2 = EC_BINARY */ ++ void *cookie; + }; + + enum cryptodev_crk_op_t { +@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t { + */ + #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) + #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) +- ++/* additional ioctls for asynchronous operation for asymmetric ciphers*/ ++#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) ++#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) + #endif /* L_CRYPTODEV_H */ +diff --git a/cryptodev_int.h b/cryptodev_int.h +index 8e687e7..fdbcc61 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -1,4 +1,6 @@ +-/* cipher stuff */ ++/* cipher stuff ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ */ + #ifndef CRYPTODEV_INT_H + # define CRYPTODEV_INT_H + +@@ -112,6 +114,14 @@ struct compat_crypt_auth_op { + + #endif /* CONFIG_COMPAT */ + ++/* kernel-internal extension to struct crypt_kop */ ++struct kernel_crypt_kop { ++ struct crypt_kop kop; ++ ++ struct task_struct *task; ++ struct mm_struct *mm; ++}; ++ + /* kernel-internal extension to struct crypt_op */ + struct kernel_crypt_op { + struct crypt_op cop; +@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop); + + #include + ++/* Cryptodev Key operation handler */ ++int crypto_bn_modexp(struct cryptodev_pkc *); ++int crypto_modexp_crt(struct cryptodev_pkc *); ++int crypto_kop_dsasign(struct cryptodev_pkc *); ++int crypto_kop_dsaverify(struct cryptodev_pkc *); ++int crypto_run_asym(struct cryptodev_pkc *); ++void cryptodev_complete_asym(struct crypto_async_request *, int); ++ + /* other internal structs */ + struct csession { + struct list_head entry; +diff --git a/ioctl.c b/ioctl.c +index 5a44807..69980e3 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -4,6 +4,7 @@ + * Copyright (c) 2004 Michal Ludvig , SuSE Labs + * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos + * Copyright (c) 2010 Phil Sutter ++ * Copyright 2012 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -89,8 +90,37 @@ struct crypt_priv { + int itemcount; + struct work_struct cryptask; + wait_queue_head_t user_waiter; ++ /* List of pending cryptodev_pkc asym requests */ ++ struct list_head asym_completed_list; ++ /* For addition/removal of entry in pending list of asymmetric request*/ ++ spinlock_t completion_lock; + }; + ++/* Asymmetric request Completion handler */ ++void cryptodev_complete_asym(struct crypto_async_request *req, int err) ++{ ++ struct cryptodev_pkc *pkc = req->data; ++ struct cryptodev_result *res = &pkc->result; ++ ++ crypto_free_pkc(pkc->s); ++ res->err = err; ++ if (pkc->type == SYNCHRONOUS) { ++ if (err == -EINPROGRESS) ++ return; ++ complete(&res->completion); ++ } else { ++ struct crypt_priv *pcr = pkc->priv; ++ unsigned long flags; ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ list_add_tail(&pkc->list, &pcr->asym_completed_list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ /* wake for POLLIN */ ++ wake_up_interruptible(&pcr->user_waiter); ++ } ++ ++ kfree(req); ++} ++ + #define FILL_SG(sg, ptr, len) \ + do { \ + (sg)->page = virt_to_page(ptr); \ +@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp) + INIT_LIST_HEAD(&pcr->free.list); + INIT_LIST_HEAD(&pcr->todo.list); + INIT_LIST_HEAD(&pcr->done.list); +- ++ INIT_LIST_HEAD(&pcr->asym_completed_list); ++ spin_lock_init(&pcr->completion_lock); + INIT_WORK(&pcr->cryptask, cryptask_routine); + + init_waitqueue_head(&pcr->user_waiter); +@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr, + } + #endif + ++/* get the first asym cipher completed job from the "done" queue ++ * ++ * returns: ++ * -EBUSY if no completed jobs are ready (yet) ++ * the return value otherwise */ ++static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) ++{ ++ int ret = 0; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *ckop = &kop->kop; ++ struct pkc_request *pkc_req = &pkc->req; ++ ++ switch (ckop->crk_op) { ++ case CRK_MOD_EXP: ++ { ++ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; ++ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, ++ rsa_req->g_len); ++ } ++ break; ++ case CRK_MOD_EXP_CRT: ++ { ++ struct rsa_priv_frm3_req_s *rsa_req = ++ &pkc_req->req_u.rsa_priv_f3; ++ copy_to_user(ckop->crk_param[6].crp_p, ++ rsa_req->f, rsa_req->f_len); ++ } ++ break; ++ case CRK_DSA_SIGN: ++ { ++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ ++ if (pkc_req->type == ECDSA_SIGN) { ++ copy_to_user(ckop->crk_param[6].crp_p, ++ dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[7].crp_p, ++ dsa_req->d, dsa_req->d_len); ++ } else { ++ copy_to_user(ckop->crk_param[5].crp_p, ++ dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[6].crp_p, ++ dsa_req->d, dsa_req->d_len); ++ } ++ } ++ break; ++ case CRK_DSA_VERIFY: ++ break; ++ case CRK_DH_COMPUTE_KEY: ++ { ++ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; ++ if (pkc_req->type == ECDH_COMPUTE_KEY) ++ copy_to_user(ckop->crk_param[4].crp_p, ++ dh_req->z, dh_req->z_len); ++ else ++ copy_to_user(ckop->crk_param[3].crp_p, ++ dh_req->z, dh_req->z_len); ++ } ++ break; ++ default: ++ ret = -EINVAL; ++ } ++ kfree(pkc->cookie); ++ return ret; ++} ++ ++/* this function has to be called from process context */ ++static int fill_kop_from_cop(struct kernel_crypt_kop *kop) ++{ ++ kop->task = current; ++ kop->mm = current->mm; ++ return 0; ++} ++ + /* this function has to be called from process context */ + static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + { +@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + + if (cop->iv) { + rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); +- if (unlikely(rc)) { +- derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", +- kcop->ivlen, rc, cop->iv); ++ if (unlikely(rc)) + return -EFAULT; +- } + } + + return 0; +@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + return 0; + } + ++static int kop_from_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop)))) ++ return -EFAULT; ++ ++ return fill_kop_from_cop(kop); ++} ++ ++static int kop_to_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { ++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static int kcop_from_user(struct kernel_crypt_op *kcop, + struct fcrypt *fcr, void __user *arg) + { +@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(0, p); ++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | ++ CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (unlikely(ret)) + return ret; + return copy_to_user(arg, &siop, sizeof(siop)); ++ case CIOCKEY: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ if (!pkc) ++ return -ENOMEM; ++ ++ ret = kop_from_user(&pkc->kop, arg); ++ if (unlikely(ret)) { ++ kfree(pkc); ++ return ret; ++ } ++ pkc->type = SYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ kfree(pkc); ++ } ++ return ret; + case CIOCCRYPT: + if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) { + dwarning(1, "Error copying from user"); +@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + return kcop_to_user(&kcop, fcr, arg); + #endif ++ case CIOCASYMASYNCRYPT: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ret = kop_from_user(&pkc->kop, arg); ++ ++ if (unlikely(ret)) ++ return -EINVAL; ++ ++ /* Store associated FD priv data with asymmetric request */ ++ pkc->priv = pcr; ++ pkc->type = ASYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ if (ret == -EINPROGRESS) ++ ret = 0; ++ } ++ return ret; ++ case CIOCASYMASYNFETCH: ++ { ++ struct cryptodev_pkc *pkc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ if (list_empty(&pcr->asym_completed_list)) { ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ return -ENOMEM; ++ } ++ pkc = list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ ret = crypto_async_fetch_asym(pkc); ++ ++ /* Reflect the updated request to user-space */ ++ if (!ret) ++ kop_to_user(&pkc->kop, arg); ++ kfree(pkc); ++ } ++ return ret; + default: + return -EINVAL; + } +@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait) + + poll_wait(file, &pcr->user_waiter, wait); + +- if (!list_empty_careful(&pcr->done.list)) ++ if (!list_empty_careful(&pcr->done.list) || ++ !list_empty_careful(&pcr->asym_completed_list)) + ret |= POLLIN | POLLRDNORM; +- if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE) ++ if (!list_empty_careful(&pcr->free.list) || ++ pcr->itemcount < MAX_COP_RINGSIZE) + ret |= POLLOUT | POLLWRNORM; + + return ret; +diff --git a/main.c b/main.c +index 57e5c38..0b7951e 100644 +--- a/main.c ++++ b/main.c +@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop) + return ret; + } + ++int crypto_kop_dsasign(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req = &pkc->req; ++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 && ++ !cop->crk_param[7].crp_nbits)) ++ return -EINVAL; ++ ++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + ++ dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len + ++ dsa_req->d_len; ++ if (cop->crk_iparams == 6) { ++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size += dsa_req->ab_len; ++ pkc_req->type = ECDSA_SIGN; ++ pkc_req->curve_type = cop->curve_type; ++ } else { ++ pkc_req->type = DSA_SIGN; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ ++ dsa_req->q = buf; ++ dsa_req->r = dsa_req->q + dsa_req->q_len; ++ dsa_req->g = dsa_req->r + dsa_req->r_len; ++ dsa_req->priv_key = dsa_req->g + dsa_req->g_len; ++ dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; ++ dsa_req->c = dsa_req->m + dsa_req->m_len; ++ dsa_req->d = dsa_req->c + dsa_req->d_len; ++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); ++ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, ++ dsa_req->priv_key_len); ++ if (cop->crk_iparams == 6) { ++ dsa_req->ab = dsa_req->d + dsa_req->d_len; ++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, ++ dsa_req->ab_len); ++ } ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ if (cop->crk_iparams == 6) { ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, ++ dsa_req->d_len); ++ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, ++ dsa_req->d_len); ++ } else { ++ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, ++ dsa_req->d_len); ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, ++ dsa_req->d_len); ++ } ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct dsa_verify_req_s *dsa_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 && ++ !cop->crk_param[7].crp_nbits)) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ dsa_req = &pkc_req->req_u.dsa_verify; ++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + ++ dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len + ++ dsa_req->d_len; ++ if (cop->crk_iparams == 8) { ++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size += dsa_req->ab_len; ++ pkc_req->type = ECDSA_VERIFY; ++ pkc_req->curve_type = cop->curve_type; ++ } else { ++ pkc_req->type = DSA_VERIFY; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ ++ dsa_req->q = buf; ++ dsa_req->r = dsa_req->q + dsa_req->q_len; ++ dsa_req->g = dsa_req->r + dsa_req->r_len; ++ dsa_req->pub_key = dsa_req->g + dsa_req->g_len; ++ dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; ++ dsa_req->c = dsa_req->m + dsa_req->m_len; ++ dsa_req->d = dsa_req->c + dsa_req->d_len; ++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); ++ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, ++ dsa_req->pub_key_len); ++ if (cop->crk_iparams == 8) { ++ dsa_req->ab = dsa_req->d + dsa_req->d_len; ++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, ++ dsa_req->ab_len); ++ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, ++ dsa_req->d_len); ++ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, ++ dsa_req->d_len); ++ } else { ++ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, ++ dsa_req->d_len); ++ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, ++ dsa_req->d_len); ++ } ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ } else { ++ if (rc != -EINPROGRESS && !rc) ++ goto err; ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_kop_dh_key(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct dh_key_req_s *dh_req; ++ int buf_size; ++ uint8_t *buf; ++ int rc = -EINVAL; ++ ++ pkc_req = &pkc->req; ++ dh_req = &pkc_req->req_u.dh_req; ++ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; ++ if (cop->crk_iparams == 4) { ++ pkc_req->type = ECDH_COMPUTE_KEY; ++ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ buf_size += dh_req->ab_len; ++ } else { ++ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ pkc_req->type = DH_COMPUTE_KEY; ++ } ++ buf_size += dh_req->z_len; ++ buf = kzalloc(buf_size, GFP_DMA); ++ dh_req->q = buf; ++ dh_req->s = dh_req->q + dh_req->q_len; ++ dh_req->pub_key = dh_req->s + dh_req->s_len; ++ dh_req->z = dh_req->pub_key + dh_req->pub_key_len; ++ if (cop->crk_iparams == 4) { ++ dh_req->ab = dh_req->z + dh_req->z_len; ++ pkc_req->curve_type = cop->curve_type; ++ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, ++ dh_req->ab_len); ++ } ++ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); ++ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, ++ dh_req->pub_key_len); ++ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ if (cop->crk_iparams == 4) ++ copy_to_user(cop->crk_param[4].crp_p, dh_req->z, ++ dh_req->z_len); ++ else ++ copy_to_user(cop->crk_param[3].crp_p, dh_req->z, ++ dh_req->z_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_modexp_crt(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct rsa_priv_frm3_req_s *rsa_req; ++ int rc; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_PRIV_FORM3; ++ rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + ++ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + ++ rsa_req->g_len, GFP_DMA); ++ rsa_req->p = buf; ++ rsa_req->q = rsa_req->p + rsa_req->p_len; ++ rsa_req->g = rsa_req->q + rsa_req->q_len; ++ rsa_req->dp = rsa_req->g + rsa_req->g_len; ++ rsa_req->dq = rsa_req->dp + rsa_req->dp_len; ++ rsa_req->c = rsa_req->dq + rsa_req->dq_len; ++ rsa_req->f = rsa_req->c + rsa_req->c_len; ++ copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); ++ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); ++ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); ++ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); ++ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); ++ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); ++ rc = cryptodev_pkc_offload(pkc); ++ ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, ++ rsa_req->f_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_bn_modexp(struct cryptodev_pkc *pkc) ++{ ++ struct pkc_request *pkc_req; ++ struct rsa_pub_req_s *rsa_req; ++ int rc; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_PUB; ++ rsa_req = &pkc_req->req_u.rsa_pub_req; ++ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len ++ + rsa_req->g_len, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ ++ rsa_req->e = buf; ++ rsa_req->f = rsa_req->e + rsa_req->e_len; ++ rsa_req->g = rsa_req->f + rsa_req->f_len; ++ rsa_req->n = rsa_req->g + rsa_req->g_len; ++ copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); ++ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); ++ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ ++ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, ++ rsa_req->g_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ /* This one will be freed later in fetch handler */ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_run_asym(struct cryptodev_pkc *pkc) ++{ ++ int ret = -EINVAL; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ ++ switch (kop->kop.crk_op) { ++ case CRK_MOD_EXP: ++ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) ++ goto err; ++ ++ ret = crypto_bn_modexp(pkc); ++ break; ++ case CRK_MOD_EXP_CRT: ++ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) ++ goto err; ++ ++ ret = crypto_modexp_crt(pkc); ++ break; ++ case CRK_DSA_SIGN: ++ if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || ++ kop->kop.crk_oparams != 2) ++ goto err; ++ ++ ret = crypto_kop_dsasign(pkc); ++ break; ++ case CRK_DSA_VERIFY: ++ if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || ++ kop->kop.crk_oparams != 0) ++ goto err; ++ ++ ret = crypto_kop_dsaverify(pkc); ++ break; ++ case CRK_DH_COMPUTE_KEY: ++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || ++ kop->kop.crk_oparams != 1) ++ goto err; ++ ret = crypto_kop_dh_key(pkc); ++ break; ++ } ++err: ++ return ret; ++} ++ + int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) + { + struct csession *ses_ptr; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch new file mode 100644 index 00000000..25a52a9c --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch @@ -0,0 +1,65 @@ +From 188f30f6233d05eb62b58bf6d94a16bcbeeae0ee Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 27 Apr 2015 15:26:14 +0300 +Subject: [PATCH 4/4] Add the compile and install rules for cryptodev tests + +Change-Id: Ica10dc563c77220dcf0e0993515230df8a86c34d +Signed-off-by: Yu Zongchun +--- + Makefile | 6 ++++++ + tests/Makefile | 8 ++++++++ + 2 files changed, 14 insertions(+) + +diff --git a/Makefile b/Makefile +index 855bb54..5497037 100644 +--- a/Makefile ++++ b/Makefile +@@ -32,6 +32,9 @@ install: modules_install + modules_install: + make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install + ++install_tests: ++ make -C tests install DESTDIR=$(PREFIX) ++ + clean: + make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean + rm -f $(hostprogs) *~ +@@ -40,6 +43,9 @@ clean: + check: + CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check + ++testprogs: ++ KERNEL_DIR=$(KERNEL_DIR) make -C tests testprogs ++ + CPOPTS = + ifneq (${SHOW_TYPES},) + CPOPTS += --show-types +diff --git a/tests/Makefile b/tests/Makefile +index 20c52ba..67c3c83 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -19,6 +19,12 @@ example-async-hmac-objs := async_hmac.o + example-async-speed-objs := async_speed.o + example-hashcrypt-speed-objs := hashcrypt_speed.c + ++install: ++ install -d $(DESTDIR)/usr/bin/tests_cryptodev ++ for bin in $(hostprogs); do \ ++ install -m 755 $${bin} $(DESTDIR)/usr/bin/tests_cryptodev/; \ ++ done ++ + check: $(hostprogs) + ./cipher + ./hmac +@@ -28,6 +34,8 @@ check: $(hostprogs) + ./cipher-gcm + ./cipher-aead + ++testprogs: $(hostprogs) ++ + clean: + rm -f *.o *~ $(hostprogs) + +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch new file mode 100644 index 00000000..2f35768b --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch @@ -0,0 +1,200 @@ +From b109fbdb64de6be0dc2f0d2ef108cead34652495 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 06:52:13 +0545 +Subject: [PATCH 04/15] Compat versions of PKC IOCTLs + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + cryptodev_int.h | 20 ++++++++++ + ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 140 insertions(+) + +diff --git a/cryptodev_int.h b/cryptodev_int.h +index fdbcc61..cf54dac 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -75,6 +75,24 @@ struct compat_crypt_op { + compat_uptr_t iv;/* initialization vector for encryption operations */ + }; + ++/* input of CIOCKEY */ ++struct compat_crparam { ++ compat_uptr_t crp_p; ++ uint32_t crp_nbits; ++}; ++ ++struct compat_crypt_kop { ++ uint32_t crk_op; /* cryptodev_crk_ot_t */ ++ uint32_t crk_status; ++ uint16_t crk_iparams; ++ uint16_t crk_oparams; ++ uint32_t crk_pad1; ++ struct compat_crparam crk_param[CRK_MAXPARAM]; ++ enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, ++ 2 = EC_BINARY */ ++ compat_uptr_t cookie; ++}; ++ + /* input of CIOCAUTHCRYPT */ + struct compat_crypt_auth_op { + uint32_t ses; /* session identifier */ +@@ -111,6 +129,8 @@ struct compat_crypt_auth_op { + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) + #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) ++#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) ++#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) + + #endif /* CONFIG_COMPAT */ + +diff --git a/ioctl.c b/ioctl.c +index 69980e3..9431025 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + /* compatibility code for 32bit userlands */ + #ifdef CONFIG_COMPAT + ++static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, ++ struct crypt_kop *kop) ++{ ++ int i; ++ kop->crk_op = compat->crk_op; ++ kop->crk_status = compat->crk_status; ++ kop->crk_iparams = compat->crk_iparams; ++ kop->crk_oparams = compat->crk_oparams; ++ ++ for (i = 0; i < CRK_MAXPARAM; i++) { ++ kop->crk_param[i].crp_p = ++ compat_ptr(compat->crk_param[i].crp_p); ++ kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits; ++ } ++ ++ kop->curve_type = compat->curve_type; ++ kop->cookie = compat->cookie; ++} ++ ++static int compat_kop_from_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ struct compat_crypt_kop compat_kop; ++ ++ if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop)))) ++ return -EFAULT; ++ ++ compat_to_crypt_kop(&compat_kop, &kop->kop); ++ return fill_kop_from_cop(kop); ++} ++ ++static inline void crypt_kop_to_compat(struct crypt_kop *kop, ++ struct compat_crypt_kop *compat) ++{ ++ int i; ++ ++ compat->crk_op = kop->crk_op; ++ compat->crk_status = kop->crk_status; ++ compat->crk_iparams = kop->crk_iparams; ++ compat->crk_oparams = kop->crk_oparams; ++ ++ for (i = 0; i < CRK_MAXPARAM; i++) { ++ compat->crk_param[i].crp_p = ++ ptr_to_compat(kop->crk_param[i].crp_p); ++ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; ++ } ++ compat->cookie = kop->cookie; ++ compat->curve_type = kop->curve_type; ++} ++ ++static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) ++{ ++ struct compat_crypt_kop compat_kop; ++ ++ crypt_kop_to_compat(&kop->kop, &compat_kop); ++ if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { ++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static inline void + compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) + { +@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + return -EFAULT; + } + return ret; ++ case COMPAT_CIOCKEY: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ if (!pkc) ++ return -ENOMEM; ++ ++ ret = compat_kop_from_user(&pkc->kop, arg); ++ ++ if (unlikely(ret)) { ++ kfree(pkc); ++ return ret; ++ } + ++ pkc->type = SYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ kfree(pkc); ++ } ++ return ret; + case COMPAT_CIOCCRYPT: + ret = compat_kcop_from_user(&kcop, fcr, arg); + if (unlikely(ret)) +@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + + return compat_kcop_to_user(&kcop, fcr, arg); + #endif ++ case COMPAT_CIOCASYMASYNCRYPT: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ ret = compat_kop_from_user(&pkc->kop, arg); ++ if (unlikely(ret)) ++ return -EINVAL; ++ ++ /* Store associated FD priv data with asymmetric request */ ++ pkc->priv = pcr; ++ pkc->type = ASYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ if (ret == -EINPROGRESS) ++ ret = 0; ++ } ++ return ret; ++ case COMPAT_CIOCASYMASYNFETCH: ++ { ++ struct cryptodev_pkc *pkc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ if (list_empty(&pcr->asym_completed_list)) { ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ return -ENOMEM; ++ } ++ pkc = list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ ret = crypto_async_fetch_asym(pkc); ++ ++ /* Reflect the updated request to user-space */ ++ if (!ret) ++ compat_kop_to_user(&pkc->kop, arg); ++ kfree(pkc); ++ } ++ return ret; + default: + return -EINVAL; + } +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch new file mode 100644 index 00000000..8827fb0f --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch @@ -0,0 +1,213 @@ +From 7594d5375d998eb25241750b623661ff021697d3 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 07:24:00 +0545 +Subject: [PATCH 05/15] Asynchronous interface changes in cryptodev + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + cryptlib.h | 7 ++++- + crypto/cryptodev.h | 10 ++++++- + cryptodev_int.h | 10 ++++++- + ioctl.c | 76 +++++++++++++++++++++++++++++++++++++----------------- + 4 files changed, 76 insertions(+), 27 deletions(-) + +diff --git a/cryptlib.h b/cryptlib.h +index 56d325a..7ffa54c 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -113,7 +113,12 @@ struct cryptodev_pkc { + struct pkc_request req; /* PKC request structure allocated + from CryptoAPI */ + enum offload_type type; /* Synchronous Vs Asynchronous request */ +- void *cookie; /*Additional opaque cookie to be used in future */ ++ /* ++ * cookie used for transfering tranparent information from async ++ * submission to async fetch. Currently some dynamic allocated ++ * buffers are maintained which will be freed later during fetch ++ */ ++ void *cookie; + struct crypt_priv *priv; + }; + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 96675fe..4436fbf 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -254,6 +254,14 @@ struct crypt_kop { + void *cookie; + }; + ++#define MAX_COOKIES 4 ++ ++struct pkc_cookie_list_s { ++ int cookie_available; ++ void *cookie[MAX_COOKIES]; ++ int status[MAX_COOKIES]; ++}; ++ + enum cryptodev_crk_op_t { + CRK_MOD_EXP = 0, + CRK_MOD_EXP_CRT = 1, +@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t { + #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) + /* additional ioctls for asynchronous operation for asymmetric ciphers*/ + #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) +-#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) ++#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s) + #endif /* L_CRYPTODEV_H */ +diff --git a/cryptodev_int.h b/cryptodev_int.h +index cf54dac..5347cae 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -93,6 +93,12 @@ struct compat_crypt_kop { + compat_uptr_t cookie; + }; + ++struct compat_pkc_cookie_list_s { ++ int cookie_available; ++ compat_uptr_t cookie[MAX_COOKIES]; ++ int status[MAX_COOKIES]; ++}; ++ + /* input of CIOCAUTHCRYPT */ + struct compat_crypt_auth_op { + uint32_t ses; /* session identifier */ +@@ -126,11 +132,13 @@ struct compat_crypt_auth_op { + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) ++#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) + #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) + #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) +-#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) ++#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \ ++ struct compat_pkc_cookie_list_s) + + #endif /* CONFIG_COMPAT */ + +diff --git a/ioctl.c b/ioctl.c +index 9431025..e2f407f 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + crypto_free_pkc(pkc->s); + res->err = err; + if (pkc->type == SYNCHRONOUS) { +- if (err == -EINPROGRESS) +- return; + complete(&res->completion); + } else { + struct crypt_priv *pcr = pkc->priv; +@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + ret = 0; + } + return ret; +- case CIOCASYMASYNFETCH: ++ case CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; + unsigned long flags; ++ int i; ++ struct pkc_cookie_list_s cookie_list; + + spin_lock_irqsave(&pcr->completion_lock, flags); +- if (list_empty(&pcr->asym_completed_list)) { +- spin_unlock_irqrestore(&pcr->completion_lock, flags); +- return -ENOMEM; ++ cookie_list.cookie_available = 0; ++ for (i = 0; i < MAX_COOKIES; i++) { ++ if (!list_empty(&pcr->asym_completed_list)) { ++ /* Run a loop in the list for upto elements ++ and copy their response back */ ++ pkc = ++ list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ ret = crypto_async_fetch_asym(pkc); ++ if (!ret) { ++ cookie_list.cookie_available++; ++ cookie_list.cookie[i] = ++ pkc->kop.kop.cookie; ++ cookie_list.status[i] = pkc->result.err; ++ } ++ kfree(pkc); ++ } else { ++ break; ++ } + } +- pkc = list_first_entry(&pcr->asym_completed_list, +- struct cryptodev_pkc, list); +- list_del(&pkc->list); + spin_unlock_irqrestore(&pcr->completion_lock, flags); +- ret = crypto_async_fetch_asym(pkc); + + /* Reflect the updated request to user-space */ +- if (!ret) +- kop_to_user(&pkc->kop, arg); +- kfree(pkc); ++ if (cookie_list.cookie_available) ++ copy_to_user(arg, &cookie_list, ++ sizeof(struct pkc_cookie_list_s)); + } + return ret; + default: +@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + ret = 0; + } + return ret; +- case COMPAT_CIOCASYMASYNFETCH: ++ case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; + unsigned long flags; ++ int i = 0; ++ struct compat_pkc_cookie_list_s cookie_list; + + spin_lock_irqsave(&pcr->completion_lock, flags); +- if (list_empty(&pcr->asym_completed_list)) { +- spin_unlock_irqrestore(&pcr->completion_lock, flags); +- return -ENOMEM; ++ cookie_list.cookie_available = 0; ++ ++ for (i = 0; i < MAX_COOKIES; i++) { ++ if (!list_empty(&pcr->asym_completed_list)) { ++ /* Run a loop in the list for upto elements ++ and copy their response back */ ++ pkc = ++ list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ ret = crypto_async_fetch_asym(pkc); ++ if (!ret) { ++ cookie_list.cookie_available++; ++ cookie_list.cookie[i] = ++ pkc->kop.kop.cookie; ++ } ++ kfree(pkc); ++ } else { ++ break; ++ } + } +- pkc = list_first_entry(&pcr->asym_completed_list, +- struct cryptodev_pkc, list); +- list_del(&pkc->list); + spin_unlock_irqrestore(&pcr->completion_lock, flags); +- ret = crypto_async_fetch_asym(pkc); + + /* Reflect the updated request to user-space */ +- if (!ret) +- compat_kop_to_user(&pkc->kop, arg); +- kfree(pkc); ++ if (cookie_list.cookie_available) ++ copy_to_user(arg, &cookie_list, ++ sizeof(struct compat_pkc_cookie_list_s)); + } + return ret; + default: +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch new file mode 100644 index 00000000..89cace37 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch @@ -0,0 +1,212 @@ +From eccd6277b067cd85094eb057225cc0a983300b9f Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 07:53:53 +0545 +Subject: [PATCH 06/15] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + cryptlib.c | 2 ++ + crypto/cryptodev.h | 5 +++- + ioctl.c | 29 +++++++++++++++++-- + main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 118 insertions(+), 3 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 6900028..47cd568 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + case DSA_VERIFY: + case ECDSA_SIGN: + case ECDSA_VERIFY: ++ case DLC_KEYGEN: ++ case ECC_KEYGEN: + pkc->s = crypto_alloc_pkc("pkc(dsa)", + CRYPTO_ALG_TYPE_PKC_DSA, 0); + break; +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 4436fbf..275a55c 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t { + CRK_DSA_SIGN = 2, + CRK_DSA_VERIFY = 3, + CRK_DH_COMPUTE_KEY = 4, ++ CRK_DSA_GENERATE_KEY = 5, ++ CRK_DH_GENERATE_KEY = 6, + CRK_ALGORITHM_ALL + }; + +@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t { + #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) + #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) + #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) +- ++#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY) ++#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY) + + /* ioctl's. Compatible with old linux cryptodev.h + */ +diff --git a/ioctl.c b/ioctl.c +index e2f407f..1f0741a 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + dh_req->z, dh_req->z_len); + } + break; ++ case CRK_DSA_GENERATE_KEY: ++ case CRK_DH_GENERATE_KEY: ++ { ++ struct keygen_req_s *key_req = &pkc_req->req_u.keygen; ++ ++ if (pkc_req->type == ECC_KEYGEN) { ++ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[5].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } else { ++ copy_to_user(ckop->crk_param[3].crp_p, ++ key_req->pub_key, key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[4].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } ++ } + default: + ret = -EINVAL; + } +@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | +- CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); ++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | ++ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | ++ CRF_DSA_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (cookie_list.cookie_available) + copy_to_user(arg, &cookie_list, + sizeof(struct pkc_cookie_list_s)); ++ else { ++ struct pkc_cookie_list_s *user_ck_list = (void *)arg; ++ ++ put_user(0, &(user_ck_list->cookie_available)); ++ } ++ ret = cookie_list.cookie_available; + } ++ + return ret; + default: + return -EINVAL; +diff --git a/main.c b/main.c +index 0b7951e..c901bc7 100644 +--- a/main.c ++++ b/main.c +@@ -342,6 +342,85 @@ err: + return rc; + } + ++int crypto_kop_keygen(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct keygen_req_s *key_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ key_req = &pkc_req->req_u.keygen; ++ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ if (cop->crk_iparams == 3) { ++ key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + ++ key_req->pub_key_len + key_req->priv_key_len; ++ pkc_req->type = DLC_KEYGEN; ++ } else { ++ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + ++ key_req->pub_key_len + key_req->priv_key_len + ++ key_req->ab_len; ++ pkc_req->type = ECC_KEYGEN; ++ pkc_req->curve_type = cop->curve_type; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ ++ key_req->q = buf; ++ key_req->r = key_req->q + key_req->q_len; ++ key_req->g = key_req->r + key_req->r_len; ++ key_req->pub_key = key_req->g + key_req->g_len; ++ key_req->priv_key = key_req->pub_key + key_req->pub_key_len; ++ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); ++ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); ++ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); ++ if (cop->crk_iparams == 3) { ++ copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, ++ key_req->pub_key_len); ++ copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, ++ key_req->priv_key_len); ++ } else { ++ key_req->ab = key_req->priv_key + key_req->priv_key_len; ++ copy_from_user(key_req->ab, cop->crk_param[3].crp_p, ++ key_req->ab_len); ++ copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, ++ key_req->pub_key_len); ++ copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, ++ key_req->priv_key_len); ++ } ++ ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ } else { ++ if (rc != -EINPROGRESS && !rc) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ + int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) + goto err; + ret = crypto_kop_dh_key(pkc); + break; ++ case CRK_DH_GENERATE_KEY: ++ case CRK_DSA_GENERATE_KEY: ++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) ++ goto err; ++ ret = crypto_kop_keygen(pkc); ++ break; + } + err: + return ret; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch new file mode 100644 index 00000000..a76aca47 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch @@ -0,0 +1,238 @@ +From 78c01e1882def52c72966c0e86913950ec201af9 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 08:49:15 +0545 +Subject: [PATCH 07/15] RCU stall fixed in PKC asynchronous interface + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + ioctl.c | 23 +++++++++++------------ + main.c | 43 +++++++++++++++++++++++++++---------------- + 2 files changed, 38 insertions(+), 28 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 1f0741a..e4e16a8 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + complete(&res->completion); + } else { + struct crypt_priv *pcr = pkc->priv; +- unsigned long flags; +- spin_lock_irqsave(&pcr->completion_lock, flags); ++ spin_lock_bh(&pcr->completion_lock); + list_add_tail(&pkc->list, &pcr->asym_completed_list); +- spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ spin_unlock_bh(&pcr->completion_lock); + /* wake for POLLIN */ + wake_up_interruptible(&pcr->user_waiter); + } +@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCKEY: + { + struct cryptodev_pkc *pkc = +- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); + + if (!pkc) + return -ENOMEM; +@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMASYNCRYPT: + { + struct cryptodev_pkc *pkc = +- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); + ret = kop_from_user(&pkc->kop, arg); + + if (unlikely(ret)) +@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- unsigned long flags; + int i; + struct pkc_cookie_list_s cookie_list; + +- spin_lock_irqsave(&pcr->completion_lock, flags); + cookie_list.cookie_available = 0; + for (i = 0; i < MAX_COOKIES; i++) { ++ spin_lock_bh(&pcr->completion_lock); + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); ++ spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + } + kfree(pkc); + } else { ++ spin_unlock_bh(&pcr->completion_lock); + break; + } + } +- spin_unlock_irqrestore(&pcr->completion_lock, flags); + + /* Reflect the updated request to user-space */ + if (cookie_list.cookie_available) +@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- unsigned long flags; + int i = 0; + struct compat_pkc_cookie_list_s cookie_list; + +- spin_lock_irqsave(&pcr->completion_lock, flags); + cookie_list.cookie_available = 0; + + for (i = 0; i < MAX_COOKIES; i++) { ++ spin_lock_bh(&pcr->completion_lock); + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); ++ spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + } + kfree(pkc); + } else { ++ spin_unlock_bh(&pcr->completion_lock); + break; + } + } +- spin_unlock_irqrestore(&pcr->completion_lock, flags); + + /* Reflect the updated request to user-space */ + if (cookie_list.cookie_available) +diff --git a/main.c b/main.c +index c901bc7..2747706 100644 +--- a/main.c ++++ b/main.c +@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) + pkc_req->type = DSA_SIGN; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + + dsa_req->q = buf; + dsa_req->r = dsa_req->q + dsa_req->q_len; +@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + pkc_req->type = DSA_VERIFY; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + + dsa_req->q = buf; + dsa_req->r = dsa_req->q + dsa_req->q_len; +@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + pkc_req->curve_type = cop->curve_type; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); + if (!buf) + return -ENOMEM; + +@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); + copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); + copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); +- if (cop->crk_iparams == 3) { +- copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, +- key_req->pub_key_len); +- copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, +- key_req->priv_key_len); +- } else { ++ if (cop->crk_iparams == 4) { + key_req->ab = key_req->priv_key + key_req->priv_key_len; + copy_from_user(key_req->ab, cop->crk_param[3].crp_p, + key_req->ab_len); +- copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, +- key_req->pub_key_len); +- copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, +- key_req->priv_key_len); + } + + rc = cryptodev_pkc_offload(pkc); + if (pkc->type == SYNCHRONOUS) { + if (rc) + goto err; ++ ++ if (cop->crk_iparams == 4) { ++ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, ++ key_req->priv_key_len); ++ } else { ++ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(cop->crk_param[4].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } + } else { + if (rc != -EINPROGRESS && !rc) + goto err; +@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + pkc_req->type = DH_COMPUTE_KEY; + } + buf_size += dh_req->z_len; +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + dh_req->q = buf; + dh_req->s = dh_req->q + dh_req->q_len; + dh_req->pub_key = dh_req->s + dh_req->s_len; +@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) + rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; + rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; + rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; +- buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + ++ buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + + rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + + rsa_req->g_len, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + rsa_req->p = buf; + rsa_req->q = rsa_req->p + rsa_req->p_len; + rsa_req->g = rsa_req->q + rsa_req->q_len; +@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) + rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; + rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; + rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; +- buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len ++ buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len + + rsa_req->g_len, GFP_DMA); + if (!buf) + return -ENOMEM; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch new file mode 100644 index 00000000..d251c660 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch @@ -0,0 +1,170 @@ +From 5127db3483a2e4f6dc13330bea7237931c5f15a0 Mon Sep 17 00:00:00 2001 +From: Hou Zhiqiang +Date: Wed, 19 Mar 2014 14:02:46 +0800 +Subject: [PATCH 08/15] Add RSA Key generation offloading + +Upstream-status: Pending + +Signed-off-by: Hou Zhiqiang +Tested-by: Cristian Stoica +--- + cryptlib.c | 1 + + crypto/cryptodev.h | 2 ++ + ioctl.c | 3 +- + main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++- + 4 files changed, 84 insertions(+), 2 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 47cd568..4dd1847 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + struct pkc_request *pkc_req = &pkc->req, *pkc_requested; + + switch (pkc_req->type) { ++ case RSA_KEYGEN: + case RSA_PUB: + case RSA_PRIV_FORM1: + case RSA_PRIV_FORM2: +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 275a55c..d0cc542 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t { + CRK_DH_COMPUTE_KEY = 4, + CRK_DSA_GENERATE_KEY = 5, + CRK_DH_GENERATE_KEY = 6, ++ CRK_RSA_GENERATE_KEY = 7, + CRK_ALGORITHM_ALL + }; + +@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t { + */ + #define CRF_MOD_EXP (1 << CRK_MOD_EXP) + #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) ++#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY) + #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) + #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) + #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) +diff --git a/ioctl.c b/ioctl.c +index e4e16a8..3762a47 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | ++ CRF_RSA_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +diff --git a/main.c b/main.c +index 2747706..14dcf40 100644 +--- a/main.c ++++ b/main.c +@@ -346,6 +346,82 @@ err: + return rc; + } + ++int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct rsa_keygen_req_s *key_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_KEYGEN; ++ key_req = &pkc_req->req_u.rsa_keygen; ++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; ++ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; ++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8; ++ key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8; ++ key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8; ++ key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8; ++ key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8; ++ ++ buf_size = key_req->p_len + key_req->q_len + key_req->n_len + ++ key_req->d_len + key_req->dp_len + ++ key_req->dq_len + key_req->c_len; ++ ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ key_req->p = buf; ++ key_req->q = key_req->p + key_req->p_len; ++ key_req->n = key_req->q + key_req->q_len; ++ key_req->d = key_req->n + key_req->n_len; ++ key_req->dp = key_req->d + key_req->d_len; ++ key_req->dq = key_req->dp + key_req->dp_len; ++ key_req->c = key_req->dq + key_req->dq_len; ++ ++ rc = cryptodev_pkc_offload(pkc); ++ ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ ++ copy_to_user(cop->crk_param[0].crp_p, ++ key_req->p, key_req->p_len); ++ copy_to_user(cop->crk_param[1].crp_p, ++ key_req->q, key_req->q_len); ++ copy_to_user(cop->crk_param[2].crp_p, ++ key_req->n, key_req->n_len); ++ copy_to_user(cop->crk_param[3].crp_p, ++ key_req->d, key_req->d_len); ++ copy_to_user(cop->crk_param[4].crp_p, ++ key_req->dp, key_req->dp_len); ++ copy_to_user(cop->crk_param[5].crp_p, ++ key_req->dq, key_req->dq_len); ++ copy_to_user(cop->crk_param[6].crp_p, ++ key_req->c, key_req->c_len); ++ } else { ++ if (rc != -EINPROGRESS && !rc) { ++ printk("%s: Failed\n", __func__); ++ goto err; ++ } ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++ ++} ++ + int crypto_kop_keygen(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + buf = kmalloc(buf_size, GFP_DMA); + if (!buf) + return -ENOMEM; +- + key_req->q = buf; + key_req->r = key_req->q + key_req->q_len; + key_req->g = key_req->r + key_req->r_len; +@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) + goto err; + ret = crypto_kop_keygen(pkc); + break; ++ case CRK_RSA_GENERATE_KEY: ++ ret = crypto_kop_rsa_keygen(pkc); ++ break; + } + err: + return ret; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch new file mode 100644 index 00000000..2213faec --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch @@ -0,0 +1,160 @@ +From 800af48d0c26830943ca2308dd426b5b09811750 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Thu, 17 Apr 2014 07:08:47 +0545 +Subject: [PATCH 09/15] Fixed compilation error of openssl with fsl cryptodev + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +Tested-by: Cristian Stoica +--- + authenc.c | 1 + + cryptlib.c | 9 ++++----- + crypto/cryptodev.h | 9 ++++++++- + cryptodev_int.h | 2 +- + ioctl.c | 8 ++++++-- + main.c | 1 + + 6 files changed, 21 insertions(+), 9 deletions(-) + +diff --git a/authenc.c b/authenc.c +index ef0d3db..2aa4d38 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -2,6 +2,7 @@ + * Driver for /dev/crypto device (aka CryptoDev) + * + * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc. ++ * Copyright (c) 2014 Freescale Semiconductor, Inc. + * + * Author: Nikos Mavrogiannopoulos + * +diff --git a/cryptlib.c b/cryptlib.c +index 4dd1847..ec6693e 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -4,8 +4,7 @@ + * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos + * Portions Copyright (c) 2010 Michael Weiser + * Portions Copyright (c) 2010 Phil Sutter +- * +- * Copyright 2012 Freescale Semiconductor, Inc. ++ * Copyright 2012-2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + if (alg->max_keysize > 0 && + unlikely((keylen < alg->min_keysize) || + (keylen > alg->max_keysize))) { +- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", ++ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", + keylen, alg_name, alg->min_keysize, alg->max_keysize); + ret = -EINVAL; + goto error; +@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + } + + if (unlikely(ret)) { +- ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); ++ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); + ret = -EINVAL; + goto error; + } +@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + if (hmac_mode != 0) { + ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); + if (unlikely(ret)) { +- ddebug(1, "Setting hmac key failed for %s-%zu.", ++ ddebug(1, "Setting hmac key failed for %s-%u.", + alg_name, mackeylen*8); + ret = -EINVAL; + goto error; +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index d0cc542..e7edd97 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -234,6 +234,13 @@ struct crypt_auth_op { + #define CRYPTO_ALG_FLAG_RNG_ENABLE 2 + #define CRYPTO_ALG_FLAG_DSA_SHA 4 + ++enum ec_curve_t { ++ EC_DISCRETE_LOG, ++ EC_PRIME, ++ EC_BINARY, ++ MAX_EC_TYPE ++}; ++ + struct crparam { + __u8 *crp_p; + __u32 crp_nbits; +@@ -249,7 +256,7 @@ struct crypt_kop { + __u16 crk_oparams; + __u32 crk_pad1; + struct crparam crk_param[CRK_MAXPARAM]; +- enum curve_t curve_type; /* 0 == Discrete Log, ++ enum ec_curve_t curve_type; /* 0 == Discrete Log, + 1 = EC_PRIME, 2 = EC_BINARY */ + void *cookie; + }; +diff --git a/cryptodev_int.h b/cryptodev_int.h +index 5347cae..c83c885 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -88,7 +88,7 @@ struct compat_crypt_kop { + uint16_t crk_oparams; + uint32_t crk_pad1; + struct compat_crparam crk_param[CRK_MAXPARAM]; +- enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, ++ enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, + 2 = EC_BINARY */ + compat_uptr_t cookie; + }; +diff --git a/ioctl.c b/ioctl.c +index 3762a47..c97320b 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -4,7 +4,7 @@ + * Copyright (c) 2004 Michal Ludvig , SuSE Labs + * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos + * Copyright (c) 2010 Phil Sutter +- * Copyright 2012 Freescale Semiconductor, Inc. ++ * Copyright 2012-2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp) + INIT_LIST_HEAD(&pcr->done.list); + INIT_LIST_HEAD(&pcr->asym_completed_list); + spin_lock_init(&pcr->completion_lock); ++ + INIT_WORK(&pcr->cryptask, cryptask_routine); + + init_waitqueue_head(&pcr->user_waiter); +@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + + if (cop->iv) { + rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); +- if (unlikely(rc)) ++ if (unlikely(rc)) { ++ derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", ++ kcop->ivlen, rc, cop->iv); + return -EFAULT; ++ } + } + + return 0; +diff --git a/main.c b/main.c +index 14dcf40..6365911 100644 +--- a/main.c ++++ b/main.c +@@ -3,6 +3,7 @@ + * + * Copyright (c) 2004 Michal Ludvig , SuSE Labs + * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos ++ * Copyright (c) 2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch new file mode 100644 index 00000000..20321595 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch @@ -0,0 +1,54 @@ +From 55ee0ae703a68db74a492f5910937260502b9602 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 10 Jun 2014 08:27:59 +0300 +Subject: [PATCH 10/15] add support for composite TLS10(SHA1,3DES) algorithm + offload + +This adds support for composite algorithm offload in a single crypto +(cipher + hmac) operation. + +It requires either software or hardware TLS support in the Linux kernel +and can be used with Freescale B*, P* and T* platforms that have support +for hardware TLS acceleration. + +Change-Id: Ibce0ceb4174809c9c96b453cd3202bc5220ff084 +Signed-off-by: Tudor Ambarus +Reviewed-on: http://git.am.freescale.net:8181/34000 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + crypto/cryptodev.h | 1 + + ioctl.c | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index e7edd97..07f40b2 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -55,6 +55,7 @@ enum cryptodev_crypto_op_t { + CRYPTO_SHA2_512, + CRYPTO_SHA2_224_HMAC, + CRYPTO_TLS10_AES_CBC_HMAC_SHA1, ++ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index c97320b..574e913 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -191,6 +191,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 0; + aead = 1; + break; ++ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: ++ alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_NULL: + alg_name = "ecb(cipher_null)"; + stream = 1; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch new file mode 100644 index 00000000..37862b55 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch @@ -0,0 +1,76 @@ +From 06cca15fd0412ae872c2b2c5d50216e1eb34fc50 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 31 Mar 2015 16:15:47 +0300 +Subject: [PATCH 11/15] add support for TLSv1.1 record offload + +This adds support for composite algorithm offload in a single crypto +(cipher + hmac) operation. + +Supported cipher suites: +- 3des-ede-cbc-sha +- aes-128-cbc-hmac-sha +- aes-256-cbc-hmac-sha + +It requires either software or hardware TLS support in the Linux kernel +and can be used with Freescale B*, P* and T* platforms that have support +for hardware TLS acceleration. + +Signed-off-by: Tudor Ambarus +Change-Id: Ia5f3fa7ec090d5643d71b0f608c68a274ec6b51f +Reviewed-on: http://git.am.freescale.net:8181/33998 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + crypto/cryptodev.h | 4 +++- + ioctl.c | 14 ++++++++++++-- + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 07f40b2..61e8599 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -54,8 +54,10 @@ enum cryptodev_crypto_op_t { + CRYPTO_SHA2_384, + CRYPTO_SHA2_512, + CRYPTO_SHA2_224_HMAC, +- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, + CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, ++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, ++ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, ++ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index 574e913..ba82387 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -186,13 +186,23 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 1; + aead = 1; + break; ++ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: ++ alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: + alg_name = "tls10(hmac(sha1),cbc(aes))"; + stream = 0; + aead = 1; + break; +- case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: +- alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; ++ case CRYPTO_TLS11_3DES_CBC_HMAC_SHA1: ++ alg_name = "tls11(hmac(sha1),cbc(des3_ede))"; ++ stream = 0; ++ aead = 1; ++ break; ++ case CRYPTO_TLS11_AES_CBC_HMAC_SHA1: ++ alg_name = "tls11(hmac(sha1),cbc(aes))"; + stream = 0; + aead = 1; + break; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch new file mode 100644 index 00000000..6aa672a7 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch @@ -0,0 +1,72 @@ +From 15999e402dd7472cafe51be3fd0ce66433ca924b Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 31 Mar 2015 16:16:28 +0300 +Subject: [PATCH 12/15] add support for TLSv1.2 record offload + +This adds support for composite algorithm offload in a single crypto +(cipher + hmac) operation. + +Supported cipher suites: +- 3des-ede-cbc-sha +- aes-128-cbc-hmac-sha +- aes-256-cbc-hmac-sha +- aes-128-cbc-hmac-sha256 +- aes-256-cbc-hmac-sha256 + +It requires either software or hardware TLS support in the Linux kernel +and can be used with Freescale B*, P* and T* platforms that have support +for hardware TLS acceleration. + +Signed-off-by: Tudor Ambarus +Change-Id: I21f45993505fc3dad09848a13aa20f778a7c2de0 +Reviewed-on: http://git.am.freescale.net:8181/33999 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + crypto/cryptodev.h | 3 +++ + ioctl.c | 15 +++++++++++++++ + 2 files changed, 18 insertions(+) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 61e8599..f6058ca 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -58,6 +58,9 @@ enum cryptodev_crypto_op_t { + CRYPTO_TLS10_AES_CBC_HMAC_SHA1, + CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, + CRYPTO_TLS11_AES_CBC_HMAC_SHA1, ++ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, ++ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, ++ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index ba82387..fb4c4e3 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -206,6 +206,21 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 0; + aead = 1; + break; ++ case CRYPTO_TLS12_3DES_CBC_HMAC_SHA1: ++ alg_name = "tls12(hmac(sha1),cbc(des3_ede))"; ++ stream = 0; ++ aead = 1; ++ break; ++ case CRYPTO_TLS12_AES_CBC_HMAC_SHA1: ++ alg_name = "tls12(hmac(sha1),cbc(aes))"; ++ stream = 0; ++ aead = 1; ++ break; ++ case CRYPTO_TLS12_AES_CBC_HMAC_SHA256: ++ alg_name = "tls12(hmac(sha256),cbc(aes))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_NULL: + alg_name = "ecb(cipher_null)"; + stream = 1; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch new file mode 100644 index 00000000..86cf6a2b --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch @@ -0,0 +1,186 @@ +From 39abcb9cea60540528e848d6c66169c36d666861 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Fri, 20 Feb 2015 12:46:58 +0200 +Subject: [PATCH 13/15] clean-up code layout + +Signed-off-by: Cristian Stoica +Change-Id: I92c2f4baeed9470a2c3c42b592d878e65918b0af +Reviewed-on: http://git.am.freescale.net:8181/34222 +--- + cryptlib.c | 11 ++++------- + ioctl.c | 55 +++++++++++++++++++++---------------------------------- + main.c | 4 +--- + 3 files changed, 26 insertions(+), 44 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index ec6693e..21e691b 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -434,7 +434,7 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) + return waitfor(hdata->async.result, ret); + } + +-int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) ++int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + { + int ret = 0; + struct pkc_request *pkc_req = &pkc->req, *pkc_requested; +@@ -445,8 +445,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + case RSA_PRIV_FORM1: + case RSA_PRIV_FORM2: + case RSA_PRIV_FORM3: +- pkc->s = crypto_alloc_pkc("pkc(rsa)", +- CRYPTO_ALG_TYPE_PKC_RSA, 0); ++ pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0); + break; + case DSA_SIGN: + case DSA_VERIFY: +@@ -454,13 +453,11 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + case ECDSA_VERIFY: + case DLC_KEYGEN: + case ECC_KEYGEN: +- pkc->s = crypto_alloc_pkc("pkc(dsa)", +- CRYPTO_ALG_TYPE_PKC_DSA, 0); ++ pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0); + break; + case DH_COMPUTE_KEY: + case ECDH_COMPUTE_KEY: +- pkc->s = crypto_alloc_pkc("pkc(dh)", +- CRYPTO_ALG_TYPE_PKC_DH, 0); ++ pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0); + break; + default: + return -EINVAL; +diff --git a/ioctl.c b/ioctl.c +index fb4c4e3..ee0486c 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -714,16 +714,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + case CRK_MOD_EXP: + { + struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; +- copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, +- rsa_req->g_len); ++ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); + } + break; + case CRK_MOD_EXP_CRT: + { +- struct rsa_priv_frm3_req_s *rsa_req = +- &pkc_req->req_u.rsa_priv_f3; +- copy_to_user(ckop->crk_param[6].crp_p, +- rsa_req->f, rsa_req->f_len); ++ struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); + } + break; + case CRK_DSA_SIGN: +@@ -731,15 +728,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; + + if (pkc_req->type == ECDSA_SIGN) { +- copy_to_user(ckop->crk_param[6].crp_p, +- dsa_req->c, dsa_req->d_len); +- copy_to_user(ckop->crk_param[7].crp_p, +- dsa_req->d, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); + } else { +- copy_to_user(ckop->crk_param[5].crp_p, +- dsa_req->c, dsa_req->d_len); +- copy_to_user(ckop->crk_param[6].crp_p, +- dsa_req->d, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); + } + } + break; +@@ -749,11 +742,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + { + struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; + if (pkc_req->type == ECDH_COMPUTE_KEY) +- copy_to_user(ckop->crk_param[4].crp_p, +- dh_req->z, dh_req->z_len); ++ copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); + else +- copy_to_user(ckop->crk_param[3].crp_p, +- dh_req->z, dh_req->z_len); ++ copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); + } + break; + case CRK_DSA_GENERATE_KEY: +@@ -763,14 +754,14 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + + if (pkc_req->type == ECC_KEYGEN) { + copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, +- key_req->pub_key_len); +- copy_to_user(ckop->crk_param[5].crp_p, +- key_req->priv_key, key_req->priv_key_len); ++ key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, ++ key_req->priv_key_len); + } else { +- copy_to_user(ckop->crk_param[3].crp_p, +- key_req->pub_key, key_req->pub_key_len); +- copy_to_user(ckop->crk_param[4].crp_p, +- key_req->priv_key, key_req->priv_key_len); ++ copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, ++ key_req->priv_key_len); + } + } + default: +@@ -1113,16 +1104,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +- pkc = +- list_first_entry(&pcr->asym_completed_list, ++ pkc = list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); + spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +- cookie_list.cookie[i] = +- pkc->kop.kop.cookie; ++ cookie_list.cookie[i] = pkc->kop.kop.cookie; + cookie_list.status[i] = pkc->result.err; + } + kfree(pkc); +@@ -1133,12 +1122,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + } + + /* Reflect the updated request to user-space */ +- if (cookie_list.cookie_available) +- copy_to_user(arg, &cookie_list, +- sizeof(struct pkc_cookie_list_s)); +- else { ++ if (cookie_list.cookie_available) { ++ copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); ++ } else { + struct pkc_cookie_list_s *user_ck_list = (void *)arg; +- + put_user(0, &(user_ck_list->cookie_available)); + } + ret = cookie_list.cookie_available; +diff --git a/main.c b/main.c +index 6365911..af66553 100644 +--- a/main.c ++++ b/main.c +@@ -666,9 +666,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) + if (pkc->type == SYNCHRONOUS) { + if (rc) + goto err; +- +- copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, +- rsa_req->g_len); ++ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); + } else { + if (rc != -EINPROGRESS && rc != 0) + goto err; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch new file mode 100644 index 00000000..b9e9d2bd --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch @@ -0,0 +1,494 @@ +From 34e765977633b5f81845c0183af6d388d8225f00 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 23 Feb 2015 12:14:07 +0200 +Subject: [PATCH 14/15] remove redundant data copy for pkc operations + +This patch removes a copy of a pkc request that was +allocated on the hot-path. The copy was not necessary +and was just slowing things down. + +Change-Id: I3ad85f78c188f100ab9fc03a5777bb704a9dcb63 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34223 +--- + cryptlib.c | 49 +++---------------- + cryptlib.h | 3 +- + ioctl.c | 17 +++---- + main.c | 162 +++++++++++++++++++++++++++++++++++++------------------------ + 4 files changed, 113 insertions(+), 118 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 21e691b..5882a30 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -436,59 +436,22 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) + + int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + { +- int ret = 0; +- struct pkc_request *pkc_req = &pkc->req, *pkc_requested; +- +- switch (pkc_req->type) { +- case RSA_KEYGEN: +- case RSA_PUB: +- case RSA_PRIV_FORM1: +- case RSA_PRIV_FORM2: +- case RSA_PRIV_FORM3: +- pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0); +- break; +- case DSA_SIGN: +- case DSA_VERIFY: +- case ECDSA_SIGN: +- case ECDSA_VERIFY: +- case DLC_KEYGEN: +- case ECC_KEYGEN: +- pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0); +- break; +- case DH_COMPUTE_KEY: +- case ECDH_COMPUTE_KEY: +- pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0); +- break; +- default: +- return -EINVAL; +- } +- +- if (IS_ERR_OR_NULL(pkc->s)) +- return -EINVAL; ++ int ret; + + init_completion(&pkc->result.completion); +- pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); +- +- if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { +- ret = -ENOMEM; +- goto error; +- } +- pkc_requested->type = pkc_req->type; +- pkc_requested->curve_type = pkc_req->curve_type; +- memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); +- pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, ++ pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG, + cryptodev_complete_asym, pkc); +- ret = crypto_pkc_op(pkc_requested); ++ ret = crypto_pkc_op(pkc->req); + if (ret != -EINPROGRESS && ret != 0) +- goto error2; ++ goto error; + + if (pkc->type == SYNCHRONOUS) + ret = waitfor(&pkc->result, ret); + + return ret; +-error2: +- kfree(pkc_requested); ++ + error: ++ kfree(pkc->req); + crypto_free_pkc(pkc->s); + return ret; + } +diff --git a/cryptlib.h b/cryptlib.h +index 7ffa54c..4fac0c8 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -110,8 +110,7 @@ struct cryptodev_pkc { + struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ + struct cryptodev_result result; /* Result to be updated by + completion handler */ +- struct pkc_request req; /* PKC request structure allocated +- from CryptoAPI */ ++ struct pkc_request *req; /* PKC request allocated from CryptoAPI */ + enum offload_type type; /* Synchronous Vs Asynchronous request */ + /* + * cookie used for transfering tranparent information from async +diff --git a/ioctl.c b/ioctl.c +index ee0486c..797b73c 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -708,26 +708,25 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + int ret = 0; + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *ckop = &kop->kop; +- struct pkc_request *pkc_req = &pkc->req; + + switch (ckop->crk_op) { + case CRK_MOD_EXP: + { +- struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; ++ struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req; + copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); + } + break; + case CRK_MOD_EXP_CRT: + { +- struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3; + copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); + } + break; + case CRK_DSA_SIGN: + { +- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; + +- if (pkc_req->type == ECDSA_SIGN) { ++ if (pkc->req->type == ECDSA_SIGN) { + copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); + copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); + } else { +@@ -740,8 +739,8 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + break; + case CRK_DH_COMPUTE_KEY: + { +- struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; +- if (pkc_req->type == ECDH_COMPUTE_KEY) ++ struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req; ++ if (pkc->req->type == ECDH_COMPUTE_KEY) + copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); + else + copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); +@@ -750,9 +749,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + case CRK_DSA_GENERATE_KEY: + case CRK_DH_GENERATE_KEY: + { +- struct keygen_req_s *key_req = &pkc_req->req_u.keygen; ++ struct keygen_req_s *key_req = &pkc->req->req_u.keygen; + +- if (pkc_req->type == ECC_KEYGEN) { ++ if (pkc->req->type == ECC_KEYGEN) { + copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, + key_req->pub_key_len); + copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, +diff --git a/main.c b/main.c +index af66553..ed1c69a 100644 +--- a/main.c ++++ b/main.c +@@ -186,8 +186,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req = &pkc->req; +- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; + int rc, buf_size; + uint8_t *buf; + +@@ -210,10 +209,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) + if (cop->crk_iparams == 6) { + dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; + buf_size += dsa_req->ab_len; +- pkc_req->type = ECDSA_SIGN; +- pkc_req->curve_type = cop->curve_type; +- } else { +- pkc_req->type = DSA_SIGN; ++ pkc->req->curve_type = cop->curve_type; + } + + buf = kmalloc(buf_size, GFP_DMA); +@@ -269,7 +265,6 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct dsa_verify_req_s *dsa_req; + int rc, buf_size; + uint8_t *buf; +@@ -281,8 +276,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + !cop->crk_param[7].crp_nbits)) + return -EINVAL; + +- pkc_req = &pkc->req; +- dsa_req = &pkc_req->req_u.dsa_verify; ++ dsa_req = &pkc->req->req_u.dsa_verify; + dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; + dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; + dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; +@@ -295,10 +289,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + if (cop->crk_iparams == 8) { + dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; + buf_size += dsa_req->ab_len; +- pkc_req->type = ECDSA_VERIFY; +- pkc_req->curve_type = cop->curve_type; +- } else { +- pkc_req->type = DSA_VERIFY; ++ pkc->req->curve_type = cop->curve_type; + } + + buf = kmalloc(buf_size, GFP_DMA); +@@ -351,7 +342,6 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct rsa_keygen_req_s *key_req; + int rc, buf_size; + uint8_t *buf; +@@ -362,9 +352,7 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) + !cop->crk_param[6].crp_nbits) + return -EINVAL; + +- pkc_req = &pkc->req; +- pkc_req->type = RSA_KEYGEN; +- key_req = &pkc_req->req_u.rsa_keygen; ++ key_req = &pkc->req->req_u.rsa_keygen; + key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; + key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; + key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; +@@ -427,7 +415,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct keygen_req_s *key_req; + int rc, buf_size; + uint8_t *buf; +@@ -437,8 +424,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + !cop->crk_param[4].crp_nbits) + return -EINVAL; + +- pkc_req = &pkc->req; +- key_req = &pkc_req->req_u.keygen; ++ key_req = &pkc->req->req_u.keygen; + key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; + key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; + key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; +@@ -447,7 +433,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; + buf_size = key_req->q_len + key_req->r_len + key_req->g_len + + key_req->pub_key_len + key_req->priv_key_len; +- pkc_req->type = DLC_KEYGEN; + } else { + key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; + key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; +@@ -455,8 +440,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + buf_size = key_req->q_len + key_req->r_len + key_req->g_len + + key_req->pub_key_len + key_req->priv_key_len + + key_req->ab_len; +- pkc_req->type = ECC_KEYGEN; +- pkc_req->curve_type = cop->curve_type; ++ pkc->req->curve_type = cop->curve_type; + } + + buf = kmalloc(buf_size, GFP_DMA); +@@ -508,26 +492,22 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct dh_key_req_s *dh_req; + int buf_size; + uint8_t *buf; + int rc = -EINVAL; + +- pkc_req = &pkc->req; +- dh_req = &pkc_req->req_u.dh_req; ++ dh_req = &pkc->req->req_u.dh_req; + dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; + dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; + dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; + buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; + if (cop->crk_iparams == 4) { +- pkc_req->type = ECDH_COMPUTE_KEY; + dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; + dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; + buf_size += dh_req->ab_len; + } else { + dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; +- pkc_req->type = DH_COMPUTE_KEY; + } + buf_size += dh_req->z_len; + buf = kmalloc(buf_size, GFP_DMA); +@@ -539,7 +519,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + dh_req->z = dh_req->pub_key + dh_req->pub_key_len; + if (cop->crk_iparams == 4) { + dh_req->ab = dh_req->z + dh_req->z_len; +- pkc_req->curve_type = cop->curve_type; ++ pkc->req->curve_type = cop->curve_type; + copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, + dh_req->ab_len); + } +@@ -573,7 +553,6 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct rsa_priv_frm3_req_s *rsa_req; + int rc; + uint8_t *buf; +@@ -583,9 +562,7 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) + !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) + return -EINVAL; + +- pkc_req = &pkc->req; +- pkc_req->type = RSA_PRIV_FORM3; +- rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ rsa_req = &pkc->req->req_u.rsa_priv_f3; + rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; + rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; + rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; +@@ -632,7 +609,6 @@ err: + + int crypto_bn_modexp(struct cryptodev_pkc *pkc) + { +- struct pkc_request *pkc_req; + struct rsa_pub_req_s *rsa_req; + int rc; + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -643,9 +619,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) + !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) + return -EINVAL; + +- pkc_req = &pkc->req; +- pkc_req->type = RSA_PUB; +- rsa_req = &pkc_req->req_u.rsa_pub_req; ++ rsa_req = &pkc->req->req_u.rsa_pub_req; + rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; + rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; + rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; +@@ -680,56 +654,116 @@ err: + return rc; + } + ++static struct { ++ char *alg_name; ++ u32 type; ++ u32 mask; ++} pkc_alg_list[] = { ++ {"pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0}, ++ {"pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0}, ++ {"pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0}, ++}; ++ + int crypto_run_asym(struct cryptodev_pkc *pkc) + { +- int ret = -EINVAL; ++ int err = -EINVAL; ++ int id; + struct kernel_crypt_kop *kop = &pkc->kop; ++ enum pkc_req_type pkc_req_type; ++ int (*call_next_action)(struct cryptodev_pkc *pkc); + + switch (kop->kop.crk_op) { + case CRK_MOD_EXP: + if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) +- goto err; +- +- ret = crypto_bn_modexp(pkc); ++ return err; ++ pkc_req_type = RSA_PUB; ++ id = 0; ++ call_next_action = crypto_bn_modexp; + break; + case CRK_MOD_EXP_CRT: + if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) +- goto err; +- +- ret = crypto_modexp_crt(pkc); ++ return err; ++ pkc_req_type = RSA_PRIV_FORM3; ++ id = 0; ++ call_next_action = crypto_modexp_crt; + break; + case CRK_DSA_SIGN: +- if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || +- kop->kop.crk_oparams != 2) +- goto err; +- +- ret = crypto_kop_dsasign(pkc); ++ if (kop->kop.crk_oparams != 2) ++ return err; ++ else if (kop->kop.crk_iparams == 5) ++ pkc_req_type = DSA_SIGN; ++ else if (kop->kop.crk_iparams == 6) ++ pkc_req_type = ECDSA_SIGN; ++ else ++ return err; ++ id = 1; ++ call_next_action = crypto_kop_dsasign; + break; + case CRK_DSA_VERIFY: +- if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || +- kop->kop.crk_oparams != 0) +- goto err; +- +- ret = crypto_kop_dsaverify(pkc); ++ if (kop->kop.crk_oparams != 0) ++ return err; ++ else if (kop->kop.crk_iparams == 7) ++ pkc_req_type = DSA_VERIFY; ++ else if (kop->kop.crk_iparams == 8) ++ pkc_req_type = ECDSA_VERIFY; ++ else ++ return err; ++ id = 1; ++ call_next_action = crypto_kop_dsaverify; + break; + case CRK_DH_COMPUTE_KEY: +- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || +- kop->kop.crk_oparams != 1) +- goto err; +- ret = crypto_kop_dh_key(pkc); ++ if (kop->kop.crk_oparams != 1) ++ return err; ++ else if (kop->kop.crk_iparams == 3) ++ pkc_req_type = DH_COMPUTE_KEY; ++ else if (kop->kop.crk_iparams == 4) ++ pkc_req_type = ECDH_COMPUTE_KEY; ++ else ++ return err; ++ id = 2; ++ call_next_action = crypto_kop_dh_key; + break; + case CRK_DH_GENERATE_KEY: + case CRK_DSA_GENERATE_KEY: +- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) +- goto err; +- ret = crypto_kop_keygen(pkc); ++ if (kop->kop.crk_iparams == 3) ++ pkc_req_type = DLC_KEYGEN; ++ else if (kop->kop.crk_iparams == 4) ++ pkc_req_type = ECC_KEYGEN; ++ else ++ return err; ++ id = 1; ++ call_next_action = crypto_kop_keygen; + break; + case CRK_RSA_GENERATE_KEY: +- ret = crypto_kop_rsa_keygen(pkc); ++ pkc_req_type = RSA_KEYGEN; ++ id = 0; ++ call_next_action = crypto_kop_rsa_keygen; + break; ++ default: ++ return err; + } +-err: +- return ret; ++ err = -ENOMEM; ++ pkc->s = crypto_alloc_pkc(pkc_alg_list[id].alg_name, ++ pkc_alg_list[id].type, ++ pkc_alg_list[id].mask); ++ if (IS_ERR_OR_NULL(pkc->s)) ++ return err; ++ ++ pkc->req = pkc_request_alloc(pkc->s, GFP_KERNEL); ++ if (IS_ERR_OR_NULL(pkc->req)) ++ goto out_free_tfm; ++ ++ /* todo - fix alloc-free on error path */ ++ pkc->req->type = pkc_req_type; ++ err = call_next_action(pkc); ++ if (pkc->type == SYNCHRONOUS) ++ kfree(pkc->req); ++ ++ return err; ++ ++out_free_tfm: ++ crypto_free_pkc(pkc->s); ++ return err; + } + + int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch new file mode 100644 index 00000000..949fe121 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch @@ -0,0 +1,40 @@ +From 8361f99c940fbe270fca2112dae3d97c9a5776d6 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 23 Feb 2015 15:28:22 +0200 +Subject: [PATCH 15/15] fix pkc request deallocation + +The request to be freed is actually pkc->req, and should be done inside +the fetch ioctl for ASYNC (this patch) and in crypt ioctl for SYNC +operations. + +Change-Id: I6f046f2ebeae4cb513a419996ca96b52e37468ed +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34224 +--- + ioctl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 797b73c..da3a842 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -114,8 +114,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + /* wake for POLLIN */ + wake_up_interruptible(&pcr->user_waiter); + } +- +- kfree(req); + } + + #define FILL_SG(sg, ptr, len) \ +@@ -1113,6 +1111,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + cookie_list.cookie[i] = pkc->kop.kop.cookie; + cookie_list.status[i] = pkc->result.err; + } ++ kfree(pkc->req); + kfree(pkc); + } else { + spin_unlock_bh(&pcr->completion_lock); +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch new file mode 100644 index 00000000..cefb6dcc --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch @@ -0,0 +1,37 @@ +From 586bc4a6cd1014c57364020013062f07a8861e38 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 20 Apr 2015 13:18:47 +0300 +Subject: [PATCH] add basic detection of asym features + +Change-Id: I3b3ba8664bf631a63be1f11e715024509e20f841 +Signed-off-by: Cristian Stoica +--- + ioctl.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index da3a842..53dbf64 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -977,10 +977,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | +- CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | +- CRF_RSA_GENERATE_KEY, p); ++ ses = 0; ++ if (crypto_has_alg("pkc(rsa)", 0, 0)) ++ ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY; ++ if (crypto_has_alg("pkc(dsa)", 0, 0)) ++ ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY; ++ if (crypto_has_alg("pkc(dh)", 0, 0)) ++ ses |= CRF_DH_COMPUTE_KEY |CRF_DH_GENERATE_KEY; ++ return put_user(ses, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch new file mode 100644 index 00000000..b3c36b3d --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch @@ -0,0 +1,67 @@ +From 0ca641091b4113d73e75d30ef530c88836849308 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Fri, 29 May 2015 15:28:47 +0300 +Subject: [PATCH 17/20] remove dead code + +Functions kop_to_user and compat_kop_to_user are never used. Delete them +to avoid compiler warnings. + + +crypto/../../cryptodev-linux/ioctl.c:841:12: warning: 'kop_to_user' defined but not used [-Wunused-function] + static int kop_to_user(struct kernel_crypt_kop *kop, + ^ +crypto/../../cryptodev-linux/ioctl.c: At top level: +crypto/../../cryptodev-linux/ioctl.c:1195:12: warning: 'compat_kop_to_user' defined but not used [-Wunused-function] + static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) + ^ +Signed-off-by: Tudor Ambarus +Signed-off-by: Cristian Stoica +Change-Id: I6bd8a7eb6144224a20cd400813ab15a7a192dbb1 +Reviewed-on: http://git.am.freescale.net:8181/37440 +--- + ioctl.c | 22 ---------------------- + 1 file changed, 22 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 53dbf64..39635a4 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -838,16 +838,6 @@ static int kop_from_user(struct kernel_crypt_kop *kop, + return fill_kop_from_cop(kop); + } + +-static int kop_to_user(struct kernel_crypt_kop *kop, +- void __user *arg) +-{ +- if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { +- dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); +- return -EFAULT; +- } +- return 0; +-} +- + static int kcop_from_user(struct kernel_crypt_op *kcop, + struct fcrypt *fcr, void __user *arg) + { +@@ -1192,18 +1182,6 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop, + compat->curve_type = kop->curve_type; + } + +-static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) +-{ +- struct compat_crypt_kop compat_kop; +- +- crypt_kop_to_compat(&kop->kop, &compat_kop); +- if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { +- dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); +- return -EFAULT; +- } +- return 0; +-} +- + static inline void + compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) + { +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch new file mode 100644 index 00000000..bf93f5b1 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch @@ -0,0 +1,64 @@ +From 596378a22532908487f2c5e4d717c5ae618c4c7d Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 2 Jun 2015 10:44:12 +0300 +Subject: [PATCH 18/20] fix compat warnings + + CC [M] crypto/../../cryptodev-linux/ioctl.o +crypto/../../cryptodev-linux/ioctl.c: In function 'compat_to_crypt_kop': +crypto/../../cryptodev-linux/ioctl.c:1161:14: warning: assignment makes pointer from integer without a cast + kop->cookie = compat->cookie; + ^ +crypto/../../cryptodev-linux/ioctl.c: In function 'crypt_kop_to_compat': +crypto/../../cryptodev-linux/ioctl.c:1191:17: warning: assignment makes integer from pointer without a cast + compat->cookie = kop->cookie; + ^ +crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl': +crypto/../../cryptodev-linux/ioctl.c:1430:28: warning: assignment makes integer from pointer without a cast + cookie_list.cookie[i] = + ^ + +Signed-off-by: Tudor Ambarus +Change-Id: Id851408c0c743c01447f3b0ced38fbc1ae94d4db +Reviewed-on: http://git.am.freescale.net:8181/37442 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + ioctl.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 39635a4..f3ce2f6 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1148,7 +1148,7 @@ static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, + } + + kop->curve_type = compat->curve_type; +- kop->cookie = compat->cookie; ++ kop->cookie = compat_ptr(compat->cookie); + } + + static int compat_kop_from_user(struct kernel_crypt_kop *kop, +@@ -1178,7 +1178,7 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop, + ptr_to_compat(kop->crk_param[i].crp_p); + compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; + } +- compat->cookie = kop->cookie; ++ compat->cookie = ptr_to_compat(kop->cookie); + compat->curve_type = kop->curve_type; + } + +@@ -1405,8 +1405,8 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +- cookie_list.cookie[i] = +- pkc->kop.kop.cookie; ++ cookie_list.cookie[i] = ptr_to_compat( ++ pkc->kop.kop.cookie); + } + kfree(pkc); + } else { +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch new file mode 100644 index 00000000..a71cff49 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch @@ -0,0 +1,61 @@ +From 1d10f06bef0f07980a08b387850c1daf1d3a8e87 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 2 Jun 2015 12:11:12 +0300 +Subject: [PATCH 19/20] fix size_t print format + + CC [M] crypto/../../cryptodev-linux/cryptlib.o +crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_cipher_init': +crypto/../../cryptodev-linux/cryptlib.c:146:5: warning: format '%u' expects argument of type 'unsigned int', but argument 6 has type 'size_t' [-Wformat=] + ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", + ^ +crypto/../../cryptodev-linux/cryptlib.c:173:3: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=] + ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); + ^ +crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_hash_init': +crypto/../../cryptodev-linux/cryptlib.c:340:4: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=] + ddebug(1, "Setting hmac key failed for %s-%u.", + ^ + +Signed-off-by: Tudor Ambarus +Change-Id: I67f2d79f68b4d62b598073c6a918a110523fadfd +Reviewed-on: http://git.am.freescale.net:8181/37443 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + cryptlib.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 5882a30..10f5e1a 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -143,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + if (alg->max_keysize > 0 && + unlikely((keylen < alg->min_keysize) || + (keylen > alg->max_keysize))) { +- ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", ++ ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", + keylen, alg_name, alg->min_keysize, alg->max_keysize); + ret = -EINVAL; + goto error; +@@ -170,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + } + + if (unlikely(ret)) { +- ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); ++ ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); + ret = -EINVAL; + goto error; + } +@@ -337,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + if (hmac_mode != 0) { + ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); + if (unlikely(ret)) { +- ddebug(1, "Setting hmac key failed for %s-%u.", ++ ddebug(1, "Setting hmac key failed for %s-%zu.", + alg_name, mackeylen*8); + ret = -EINVAL; + goto error; +-- +2.3.5 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch new file mode 100644 index 00000000..a97a2d4e --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch @@ -0,0 +1,38 @@ +From be9f6a0dc90847dbb00307d23f47b8b3fc3ff130 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Fri, 29 May 2015 15:49:22 +0300 +Subject: [PATCH 20/20] fix uninitialized variable compiler warning + +crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl': +crypto/../../cryptodev-linux/ioctl.c:1445:2: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized] + return ret; + ^ + +Signed-off-by: Tudor Ambarus +Change-Id: Id5226fc97a3bb880ca6db86df58957122bbaa428 +Reviewed-on: http://git.am.freescale.net:8181/37441 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + ioctl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ioctl.c b/ioctl.c +index f3ce2f6..7cd3c56 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1387,9 +1387,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- int i = 0; ++ int i; + struct compat_pkc_cookie_list_s cookie_list; + ++ ret = 0; + cookie_list.cookie_available = 0; + + for (i = 0; i < MAX_COOKIES; i++) { +-- +2.3.5 + -- cgit v1.2.3-54-g00ecf