summaryrefslogtreecommitdiffstats
path: root/recipes-kernel/cryptodev/sdk_patches
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-kernel/cryptodev/sdk_patches')
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch52
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch207
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0003-PKC-support-added-in-cryptodev-module.patch898
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0004-Compat-versions-of-PKC-IOCTLs.patch200
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0005-Asynchronous-interface-changes-in-cryptodev.patch213
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch212
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch238
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0008-Add-RSA-Key-generation-offloading.patch170
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch160
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch54
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch76
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch72
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0013-clean-up-code-layout.patch186
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0014-remove-redundant-data-copy-for-pkc-operations.patch494
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0015-fix-pkc-request-deallocation.patch40
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0016-add-basic-detection-of-asym-features.patch37
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0017-remove-dead-code.patch67
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0018-fix-compat-warnings.patch64
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0019-fix-size_t-print-format.patch61
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0020-fix-uninitialized-variable-compiler-warning.patch38
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0021-check-return-codes-for-copy-to-from-user-functions.patch398
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0022-fix-double-free-pkc-req-on-error.patch26
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0023-remove-MAY_BACKLOG-flag-from-requests.patch69
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch29
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0025-fix-benchmarks-linking.patch25
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0026-fix-Makefile-to-allow-parallel-make-with-j-option.patch56
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0027-use-Linux-kernel-conventions-for-Makefile-variables.patch47
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0028-for-consistency-use-.-instead-of-.-in-makefiles.patch73
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0029-fix-clean-up-on-error-path-for-crypto_create_session.patch117
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0030-remove-code-duplication-in-cryptodev_hash_init.patch59
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0031-fix-comment-typo.patch26
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0032-avoid-calls-to-kmalloc-on-hotpaths.patch220
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0033-avoid-unnecessary-checks-for-hash-clean-up.patch33
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0034-extend-API-with-CIOCHASH-to-support-direct-hash-oper.patch114
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0035-use-directly-crypto-API-digest-operation-for-CIOCHAS.patch315
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0036-add-compat-for-CIOCHASH-operation.patch120
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0037-rewrite-sha_speed.c-to-reduce-code-duplication.patch190
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0038-extend-sha_speed.c-to-test-CIOCHASH.patch143
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0039-fix-memory-leaks-on-error-path-for-CIOCHASH.patch70
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0040-fix-structure-init-in-sha_speed-test.patch53
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0041-add-separate-target-for-building-tests.patch38
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0042-fix-destination-for-staged-installs.patch55
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0043-add-install-target-for-tests.patch46
43 files changed, 5861 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/sdk_patches/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/sdk_patches/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
new file mode 100644
index 0000000..b8d2a00
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
@@ -0,0 +1,52 @@
1From 25a68839e3aab5acebcbe51f7fbe9d2d26216bc0 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Thu, 29 Aug 2013 16:52:30 +0300
4Subject: [PATCH 01/38] add support for composite TLS10(SHA1,AES) algorithm
5 offload
6
7This adds support for composite algorithm offload as a primitive
8crypto (cipher + hmac) operation.
9
10It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm
11provided either in software or accelerated by hardware such as
12Freescale B*, P* and T* platforms.
13
14Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf
15Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
16Reviewed-on: http://git.am.freescale.net:8181/17218
17---
18 crypto/cryptodev.h | 1 +
19 ioctl.c | 5 +++++
20 2 files changed, 6 insertions(+)
21
22diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
23index 7fb9c7d..c0e8cd4 100644
24--- a/crypto/cryptodev.h
25+++ b/crypto/cryptodev.h
26@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t {
27 CRYPTO_SHA2_384,
28 CRYPTO_SHA2_512,
29 CRYPTO_SHA2_224_HMAC,
30+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
31 CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
32 };
33
34diff --git a/ioctl.c b/ioctl.c
35index b23f5fd..a3f8379 100644
36--- a/ioctl.c
37+++ b/ioctl.c
38@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
39 stream = 1;
40 aead = 1;
41 break;
42+ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
43+ alg_name = "tls10(hmac(sha1),cbc(aes))";
44+ stream = 0;
45+ aead = 1;
46+ break;
47 case CRYPTO_NULL:
48 alg_name = "ecb(cipher_null)";
49 stream = 1;
50--
512.7.0
52
diff --git a/recipes-kernel/cryptodev/sdk_patches/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/recipes-kernel/cryptodev/sdk_patches/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
new file mode 100644
index 0000000..d83da97
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch
@@ -0,0 +1,207 @@
1From d9f27d08708556e22e1b1dc87b0495896879ca66 Mon Sep 17 00:00:00 2001
2From: Horia Geanta <horia.geanta@freescale.com>
3Date: Wed, 4 Dec 2013 15:43:41 +0200
4Subject: [PATCH 02/38] add support for COMPAT_CIOCAUTHCRYPT ioctl()
5
6Upstream-status: Pending
7
8Needed for 64b kernel with 32b user space.
9
10Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1
11Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
12Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
13---
14 authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
15 cryptodev_int.h | 40 +++++++++++++++++++++++++++++
16 ioctl.c | 16 ++++++++++++
17 3 files changed, 134 insertions(+)
18
19diff --git a/authenc.c b/authenc.c
20index 1bd7377..ef0d3db 100644
21--- a/authenc.c
22+++ b/authenc.c
23@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp
24 return 0;
25 }
26
27+/* compatibility code for 32bit userlands */
28+#ifdef CONFIG_COMPAT
29+
30+static inline void
31+compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat,
32+ struct crypt_auth_op *caop)
33+{
34+ caop->ses = compat->ses;
35+ caop->op = compat->op;
36+ caop->flags = compat->flags;
37+ caop->len = compat->len;
38+ caop->auth_len = compat->auth_len;
39+ caop->tag_len = compat->tag_len;
40+ caop->iv_len = compat->iv_len;
41+
42+ caop->auth_src = compat_ptr(compat->auth_src);
43+ caop->src = compat_ptr(compat->src);
44+ caop->dst = compat_ptr(compat->dst);
45+ caop->tag = compat_ptr(compat->tag);
46+ caop->iv = compat_ptr(compat->iv);
47+}
48+
49+static inline void
50+crypt_auth_op_to_compat(struct crypt_auth_op *caop,
51+ struct compat_crypt_auth_op *compat)
52+{
53+ compat->ses = caop->ses;
54+ compat->op = caop->op;
55+ compat->flags = caop->flags;
56+ compat->len = caop->len;
57+ compat->auth_len = caop->auth_len;
58+ compat->tag_len = caop->tag_len;
59+ compat->iv_len = caop->iv_len;
60+
61+ compat->auth_src = ptr_to_compat(caop->auth_src);
62+ compat->src = ptr_to_compat(caop->src);
63+ compat->dst = ptr_to_compat(caop->dst);
64+ compat->tag = ptr_to_compat(caop->tag);
65+ compat->iv = ptr_to_compat(caop->iv);
66+}
67+
68+int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
69+ struct fcrypt *fcr, void __user *arg)
70+{
71+ struct compat_crypt_auth_op compat_caop;
72+
73+ if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) {
74+ dprintk(1, KERN_ERR, "Error in copying from userspace\n");
75+ return -EFAULT;
76+ }
77+
78+ compat_to_crypt_auth_op(&compat_caop, &kcaop->caop);
79+
80+ return fill_kcaop_from_caop(kcaop, fcr);
81+}
82+
83+int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
84+ struct fcrypt *fcr, void __user *arg)
85+{
86+ int ret;
87+ struct compat_crypt_auth_op compat_caop;
88+
89+ ret = fill_caop_from_kcaop(kcaop, fcr);
90+ if (unlikely(ret)) {
91+ dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n");
92+ return ret;
93+ }
94+
95+ crypt_auth_op_to_compat(&kcaop->caop, &compat_caop);
96+
97+ if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) {
98+ dprintk(1, KERN_ERR, "Error in copying to userspace\n");
99+ return -EFAULT;
100+ }
101+ return 0;
102+}
103+
104+#endif /* CONFIG_COMPAT */
105
106 int kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
107 struct fcrypt *fcr, void __user *arg)
108diff --git a/cryptodev_int.h b/cryptodev_int.h
109index d7660fa..8e687e7 100644
110--- a/cryptodev_int.h
111+++ b/cryptodev_int.h
112@@ -73,11 +73,42 @@ struct compat_crypt_op {
113 compat_uptr_t iv;/* initialization vector for encryption operations */
114 };
115
116+ /* input of CIOCAUTHCRYPT */
117+struct compat_crypt_auth_op {
118+ uint32_t ses; /* session identifier */
119+ uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */
120+ uint16_t flags; /* see COP_FLAG_AEAD_* */
121+ uint32_t len; /* length of source data */
122+ uint32_t auth_len; /* length of auth data */
123+ compat_uptr_t auth_src; /* authenticated-only data */
124+
125+ /* The current implementation is more efficient if data are
126+ * encrypted in-place (src==dst). */
127+ compat_uptr_t src; /* data to be encrypted and
128+ authenticated */
129+ compat_uptr_t dst; /* pointer to output data. Must have
130+ * space for tag. For TLS this should be
131+ * at least len + tag_size + block_size
132+ * for padding */
133+
134+ compat_uptr_t tag; /* where the tag will be copied to. TLS
135+ * mode doesn't use that as tag is
136+ * copied to dst.
137+ * SRTP mode copies tag there. */
138+ uint32_t tag_len; /* the length of the tag. Use zero for
139+ * digest size or max tag. */
140+
141+ /* initialization vector for encryption operations */
142+ compat_uptr_t iv;
143+ uint32_t iv_len;
144+};
145+
146 /* compat ioctls, defined for the above structs */
147 #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op)
148 #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op)
149 #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
150 #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
151+#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
152
153 #endif /* CONFIG_COMPAT */
154
155@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op {
156
157 /* auth */
158
159+#ifdef CONFIG_COMPAT
160+int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop,
161+ struct fcrypt *fcr, void __user *arg);
162+
163+int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
164+ struct fcrypt *fcr, void __user *arg);
165+#endif /* CONFIG_COMPAT */
166+
167+
168 int kcaop_from_user(struct kernel_crypt_auth_op *kcop,
169 struct fcrypt *fcr, void __user *arg);
170 int kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
171diff --git a/ioctl.c b/ioctl.c
172index a3f8379..5a44807 100644
173--- a/ioctl.c
174+++ b/ioctl.c
175@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
176 struct session_op sop;
177 struct compat_session_op compat_sop;
178 struct kernel_crypt_op kcop;
179+ struct kernel_crypt_auth_op kcaop;
180 int ret;
181
182 if (unlikely(!pcr))
183@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
184 return ret;
185
186 return compat_kcop_to_user(&kcop, fcr, arg);
187+
188+ case COMPAT_CIOCAUTHCRYPT:
189+ if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) {
190+ dprintk(1, KERN_WARNING, "Error copying from user\n");
191+ return ret;
192+ }
193+
194+ ret = crypto_auth_run(fcr, &kcaop);
195+ if (unlikely(ret)) {
196+ dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n");
197+ return ret;
198+ }
199+
200+ return compat_kcaop_to_user(&kcaop, fcr, arg);
201+
202 #ifdef ENABLE_ASYNC
203 case COMPAT_CIOCASYNCCRYPT:
204 if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg)))
205--
2062.7.0
207
diff --git a/recipes-kernel/cryptodev/sdk_patches/0003-PKC-support-added-in-cryptodev-module.patch b/recipes-kernel/cryptodev/sdk_patches/0003-PKC-support-added-in-cryptodev-module.patch
new file mode 100644
index 0000000..ffa0b45
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0003-PKC-support-added-in-cryptodev-module.patch
@@ -0,0 +1,898 @@
1From 2bda43095b511e0052b3bc27b216ff9909cc03d2 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 06:16:09 +0545
4Subject: [PATCH 03/38] PKC support added in cryptodev module
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 cryptlib.c | 66 +++++++++-
11 cryptlib.h | 28 ++++
12 crypto/cryptodev.h | 15 ++-
13 cryptodev_int.h | 20 ++-
14 ioctl.c | 196 +++++++++++++++++++++++++--
15 main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++
16 6 files changed, 685 insertions(+), 18 deletions(-)
17
18diff --git a/cryptlib.c b/cryptlib.c
19index 44ce763..6900028 100644
20--- a/cryptlib.c
21+++ b/cryptlib.c
22@@ -5,6 +5,8 @@
23 * Portions Copyright (c) 2010 Michael Weiser
24 * Portions Copyright (c) 2010 Phil Sutter
25 *
26+ * Copyright 2012 Freescale Semiconductor, Inc.
27+ *
28 * This file is part of linux cryptodev.
29 *
30 * This program is free software; you can redistribute it and/or
31@@ -39,11 +41,6 @@
32 #include "cryptodev_int.h"
33
34
35-struct cryptodev_result {
36- struct completion completion;
37- int err;
38-};
39-
40 static void cryptodev_complete(struct crypto_async_request *req, int err)
41 {
42 struct cryptodev_result *res = req->data;
43@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret)
44 case 0:
45 break;
46 case -EINPROGRESS:
47- case -EBUSY:
48 wait_for_completion(&cr->completion);
49 /* At this point we known for sure the request has finished,
50 * because wait_for_completion above was not interruptible.
51@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
52 return waitfor(hdata->async.result, ret);
53 }
54
55+int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
56+{
57+ int ret = 0;
58+ struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
59+
60+ switch (pkc_req->type) {
61+ case RSA_PUB:
62+ case RSA_PRIV_FORM1:
63+ case RSA_PRIV_FORM2:
64+ case RSA_PRIV_FORM3:
65+ pkc->s = crypto_alloc_pkc("pkc(rsa)",
66+ CRYPTO_ALG_TYPE_PKC_RSA, 0);
67+ break;
68+ case DSA_SIGN:
69+ case DSA_VERIFY:
70+ case ECDSA_SIGN:
71+ case ECDSA_VERIFY:
72+ pkc->s = crypto_alloc_pkc("pkc(dsa)",
73+ CRYPTO_ALG_TYPE_PKC_DSA, 0);
74+ break;
75+ case DH_COMPUTE_KEY:
76+ case ECDH_COMPUTE_KEY:
77+ pkc->s = crypto_alloc_pkc("pkc(dh)",
78+ CRYPTO_ALG_TYPE_PKC_DH, 0);
79+ break;
80+ default:
81+ return -EINVAL;
82+ }
83+
84+ if (IS_ERR_OR_NULL(pkc->s))
85+ return -EINVAL;
86+
87+ init_completion(&pkc->result.completion);
88+ pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL);
89+
90+ if (unlikely(IS_ERR_OR_NULL(pkc_requested))) {
91+ ret = -ENOMEM;
92+ goto error;
93+ }
94+ pkc_requested->type = pkc_req->type;
95+ pkc_requested->curve_type = pkc_req->curve_type;
96+ memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u));
97+ pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG,
98+ cryptodev_complete_asym, pkc);
99+ ret = crypto_pkc_op(pkc_requested);
100+ if (ret != -EINPROGRESS && ret != 0)
101+ goto error2;
102+
103+ if (pkc->type == SYNCHRONOUS)
104+ ret = waitfor(&pkc->result, ret);
105+
106+ return ret;
107+error2:
108+ kfree(pkc_requested);
109+error:
110+ crypto_free_pkc(pkc->s);
111+ return ret;
112+}
113diff --git a/cryptlib.h b/cryptlib.h
114index a0a8a63..56d325a 100644
115--- a/cryptlib.h
116+++ b/cryptlib.h
117@@ -1,3 +1,6 @@
118+/*
119+ * Copyright 2012 Freescale Semiconductor, Inc.
120+ */
121 #ifndef CRYPTLIB_H
122 # define CRYPTLIB_H
123
124@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata);
125 int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
126 int hmac_mode, void *mackey, size_t mackeylen);
127
128+/* Operation Type */
129+enum offload_type {
130+ SYNCHRONOUS,
131+ ASYNCHRONOUS
132+};
133+
134+struct cryptodev_result {
135+ struct completion completion;
136+ int err;
137+};
138+
139+struct cryptodev_pkc {
140+ struct list_head list; /* To maintain the Jobs in completed
141+ cryptodev lists */
142+ struct kernel_crypt_kop kop;
143+ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */
144+ struct cryptodev_result result; /* Result to be updated by
145+ completion handler */
146+ struct pkc_request req; /* PKC request structure allocated
147+ from CryptoAPI */
148+ enum offload_type type; /* Synchronous Vs Asynchronous request */
149+ void *cookie; /*Additional opaque cookie to be used in future */
150+ struct crypt_priv *priv;
151+};
152
153+int cryptodev_pkc_offload(struct cryptodev_pkc *);
154 #endif
155diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
156index c0e8cd4..96675fe 100644
157--- a/crypto/cryptodev.h
158+++ b/crypto/cryptodev.h
159@@ -1,6 +1,10 @@
160-/* This is a source compatible implementation with the original API of
161+/*
162+ * Copyright 2012 Freescale Semiconductor, Inc.
163+ *
164+ * This is a source compatible implementation with the original API of
165 * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
166- * Placed under public domain */
167+ * Placed under public domain
168+ */
169
170 #ifndef L_CRYPTODEV_H
171 #define L_CRYPTODEV_H
172@@ -245,6 +249,9 @@ struct crypt_kop {
173 __u16 crk_oparams;
174 __u32 crk_pad1;
175 struct crparam crk_param[CRK_MAXPARAM];
176+ enum curve_t curve_type; /* 0 == Discrete Log,
177+ 1 = EC_PRIME, 2 = EC_BINARY */
178+ void *cookie;
179 };
180
181 enum cryptodev_crk_op_t {
182@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t {
183 */
184 #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op)
185 #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
186-
187+/* additional ioctls for asynchronous operation for asymmetric ciphers*/
188+#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop)
189+#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop)
190 #endif /* L_CRYPTODEV_H */
191diff --git a/cryptodev_int.h b/cryptodev_int.h
192index 8e687e7..fdbcc61 100644
193--- a/cryptodev_int.h
194+++ b/cryptodev_int.h
195@@ -1,4 +1,6 @@
196-/* cipher stuff */
197+/* cipher stuff
198+ * Copyright 2012 Freescale Semiconductor, Inc.
199+ */
200 #ifndef CRYPTODEV_INT_H
201 # define CRYPTODEV_INT_H
202
203@@ -112,6 +114,14 @@ struct compat_crypt_auth_op {
204
205 #endif /* CONFIG_COMPAT */
206
207+/* kernel-internal extension to struct crypt_kop */
208+struct kernel_crypt_kop {
209+ struct crypt_kop kop;
210+
211+ struct task_struct *task;
212+ struct mm_struct *mm;
213+};
214+
215 /* kernel-internal extension to struct crypt_op */
216 struct kernel_crypt_op {
217 struct crypt_op cop;
218@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
219
220 #include <cryptlib.h>
221
222+/* Cryptodev Key operation handler */
223+int crypto_bn_modexp(struct cryptodev_pkc *);
224+int crypto_modexp_crt(struct cryptodev_pkc *);
225+int crypto_kop_dsasign(struct cryptodev_pkc *);
226+int crypto_kop_dsaverify(struct cryptodev_pkc *);
227+int crypto_run_asym(struct cryptodev_pkc *);
228+void cryptodev_complete_asym(struct crypto_async_request *, int);
229+
230 /* other internal structs */
231 struct csession {
232 struct list_head entry;
233diff --git a/ioctl.c b/ioctl.c
234index 5a44807..69980e3 100644
235--- a/ioctl.c
236+++ b/ioctl.c
237@@ -4,6 +4,7 @@
238 * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
239 * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
240 * Copyright (c) 2010 Phil Sutter
241+ * Copyright 2012 Freescale Semiconductor, Inc.
242 *
243 * This file is part of linux cryptodev.
244 *
245@@ -89,8 +90,37 @@ struct crypt_priv {
246 int itemcount;
247 struct work_struct cryptask;
248 wait_queue_head_t user_waiter;
249+ /* List of pending cryptodev_pkc asym requests */
250+ struct list_head asym_completed_list;
251+ /* For addition/removal of entry in pending list of asymmetric request*/
252+ spinlock_t completion_lock;
253 };
254
255+/* Asymmetric request Completion handler */
256+void cryptodev_complete_asym(struct crypto_async_request *req, int err)
257+{
258+ struct cryptodev_pkc *pkc = req->data;
259+ struct cryptodev_result *res = &pkc->result;
260+
261+ crypto_free_pkc(pkc->s);
262+ res->err = err;
263+ if (pkc->type == SYNCHRONOUS) {
264+ if (err == -EINPROGRESS)
265+ return;
266+ complete(&res->completion);
267+ } else {
268+ struct crypt_priv *pcr = pkc->priv;
269+ unsigned long flags;
270+ spin_lock_irqsave(&pcr->completion_lock, flags);
271+ list_add_tail(&pkc->list, &pcr->asym_completed_list);
272+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
273+ /* wake for POLLIN */
274+ wake_up_interruptible(&pcr->user_waiter);
275+ }
276+
277+ kfree(req);
278+}
279+
280 #define FILL_SG(sg, ptr, len) \
281 do { \
282 (sg)->page = virt_to_page(ptr); \
283@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp)
284 INIT_LIST_HEAD(&pcr->free.list);
285 INIT_LIST_HEAD(&pcr->todo.list);
286 INIT_LIST_HEAD(&pcr->done.list);
287-
288+ INIT_LIST_HEAD(&pcr->asym_completed_list);
289+ spin_lock_init(&pcr->completion_lock);
290 INIT_WORK(&pcr->cryptask, cryptask_routine);
291
292 init_waitqueue_head(&pcr->user_waiter);
293@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr,
294 }
295 #endif
296
297+/* get the first asym cipher completed job from the "done" queue
298+ *
299+ * returns:
300+ * -EBUSY if no completed jobs are ready (yet)
301+ * the return value otherwise */
302+static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
303+{
304+ int ret = 0;
305+ struct kernel_crypt_kop *kop = &pkc->kop;
306+ struct crypt_kop *ckop = &kop->kop;
307+ struct pkc_request *pkc_req = &pkc->req;
308+
309+ switch (ckop->crk_op) {
310+ case CRK_MOD_EXP:
311+ {
312+ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req;
313+ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g,
314+ rsa_req->g_len);
315+ }
316+ break;
317+ case CRK_MOD_EXP_CRT:
318+ {
319+ struct rsa_priv_frm3_req_s *rsa_req =
320+ &pkc_req->req_u.rsa_priv_f3;
321+ copy_to_user(ckop->crk_param[6].crp_p,
322+ rsa_req->f, rsa_req->f_len);
323+ }
324+ break;
325+ case CRK_DSA_SIGN:
326+ {
327+ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
328+
329+ if (pkc_req->type == ECDSA_SIGN) {
330+ copy_to_user(ckop->crk_param[6].crp_p,
331+ dsa_req->c, dsa_req->d_len);
332+ copy_to_user(ckop->crk_param[7].crp_p,
333+ dsa_req->d, dsa_req->d_len);
334+ } else {
335+ copy_to_user(ckop->crk_param[5].crp_p,
336+ dsa_req->c, dsa_req->d_len);
337+ copy_to_user(ckop->crk_param[6].crp_p,
338+ dsa_req->d, dsa_req->d_len);
339+ }
340+ }
341+ break;
342+ case CRK_DSA_VERIFY:
343+ break;
344+ case CRK_DH_COMPUTE_KEY:
345+ {
346+ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req;
347+ if (pkc_req->type == ECDH_COMPUTE_KEY)
348+ copy_to_user(ckop->crk_param[4].crp_p,
349+ dh_req->z, dh_req->z_len);
350+ else
351+ copy_to_user(ckop->crk_param[3].crp_p,
352+ dh_req->z, dh_req->z_len);
353+ }
354+ break;
355+ default:
356+ ret = -EINVAL;
357+ }
358+ kfree(pkc->cookie);
359+ return ret;
360+}
361+
362+/* this function has to be called from process context */
363+static int fill_kop_from_cop(struct kernel_crypt_kop *kop)
364+{
365+ kop->task = current;
366+ kop->mm = current->mm;
367+ return 0;
368+}
369+
370 /* this function has to be called from process context */
371 static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
372 {
373@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
374
375 if (cop->iv) {
376 rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
377- if (unlikely(rc)) {
378- derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
379- kcop->ivlen, rc, cop->iv);
380+ if (unlikely(rc))
381 return -EFAULT;
382- }
383 }
384
385 return 0;
386@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
387 return 0;
388 }
389
390+static int kop_from_user(struct kernel_crypt_kop *kop,
391+ void __user *arg)
392+{
393+ if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop))))
394+ return -EFAULT;
395+
396+ return fill_kop_from_cop(kop);
397+}
398+
399+static int kop_to_user(struct kernel_crypt_kop *kop,
400+ void __user *arg)
401+{
402+ if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) {
403+ dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
404+ return -EFAULT;
405+ }
406+ return 0;
407+}
408+
409 static int kcop_from_user(struct kernel_crypt_op *kcop,
410 struct fcrypt *fcr, void __user *arg)
411 {
412@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
413
414 switch (cmd) {
415 case CIOCASYMFEAT:
416- return put_user(0, p);
417+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP |
418+ CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
419 case CRIOGET:
420 fd = clonefd(filp);
421 ret = put_user(fd, p);
422@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
423 if (unlikely(ret))
424 return ret;
425 return copy_to_user(arg, &siop, sizeof(siop));
426+ case CIOCKEY:
427+ {
428+ struct cryptodev_pkc *pkc =
429+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
430+
431+ if (!pkc)
432+ return -ENOMEM;
433+
434+ ret = kop_from_user(&pkc->kop, arg);
435+ if (unlikely(ret)) {
436+ kfree(pkc);
437+ return ret;
438+ }
439+ pkc->type = SYNCHRONOUS;
440+ ret = crypto_run_asym(pkc);
441+ kfree(pkc);
442+ }
443+ return ret;
444 case CIOCCRYPT:
445 if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
446 dwarning(1, "Error copying from user");
447@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
448
449 return kcop_to_user(&kcop, fcr, arg);
450 #endif
451+ case CIOCASYMASYNCRYPT:
452+ {
453+ struct cryptodev_pkc *pkc =
454+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
455+ ret = kop_from_user(&pkc->kop, arg);
456+
457+ if (unlikely(ret))
458+ return -EINVAL;
459+
460+ /* Store associated FD priv data with asymmetric request */
461+ pkc->priv = pcr;
462+ pkc->type = ASYNCHRONOUS;
463+ ret = crypto_run_asym(pkc);
464+ if (ret == -EINPROGRESS)
465+ ret = 0;
466+ }
467+ return ret;
468+ case CIOCASYMASYNFETCH:
469+ {
470+ struct cryptodev_pkc *pkc;
471+ unsigned long flags;
472+
473+ spin_lock_irqsave(&pcr->completion_lock, flags);
474+ if (list_empty(&pcr->asym_completed_list)) {
475+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
476+ return -ENOMEM;
477+ }
478+ pkc = list_first_entry(&pcr->asym_completed_list,
479+ struct cryptodev_pkc, list);
480+ list_del(&pkc->list);
481+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
482+ ret = crypto_async_fetch_asym(pkc);
483+
484+ /* Reflect the updated request to user-space */
485+ if (!ret)
486+ kop_to_user(&pkc->kop, arg);
487+ kfree(pkc);
488+ }
489+ return ret;
490 default:
491 return -EINVAL;
492 }
493@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
494
495 poll_wait(file, &pcr->user_waiter, wait);
496
497- if (!list_empty_careful(&pcr->done.list))
498+ if (!list_empty_careful(&pcr->done.list) ||
499+ !list_empty_careful(&pcr->asym_completed_list))
500 ret |= POLLIN | POLLRDNORM;
501- if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE)
502+ if (!list_empty_careful(&pcr->free.list) ||
503+ pcr->itemcount < MAX_COP_RINGSIZE)
504 ret |= POLLOUT | POLLWRNORM;
505
506 return ret;
507diff --git a/main.c b/main.c
508index 57e5c38..0b7951e 100644
509--- a/main.c
510+++ b/main.c
511@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop)
512 return ret;
513 }
514
515+int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
516+{
517+ struct kernel_crypt_kop *kop = &pkc->kop;
518+ struct crypt_kop *cop = &kop->kop;
519+ struct pkc_request *pkc_req = &pkc->req;
520+ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
521+ int rc, buf_size;
522+ uint8_t *buf;
523+
524+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
525+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
526+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
527+ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 &&
528+ !cop->crk_param[7].crp_nbits))
529+ return -EINVAL;
530+
531+ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
532+ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
533+ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
534+ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
535+ dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
536+ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
537+ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
538+ dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len +
539+ dsa_req->d_len;
540+ if (cop->crk_iparams == 6) {
541+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
542+ buf_size += dsa_req->ab_len;
543+ pkc_req->type = ECDSA_SIGN;
544+ pkc_req->curve_type = cop->curve_type;
545+ } else {
546+ pkc_req->type = DSA_SIGN;
547+ }
548+
549+ buf = kzalloc(buf_size, GFP_DMA);
550+
551+ dsa_req->q = buf;
552+ dsa_req->r = dsa_req->q + dsa_req->q_len;
553+ dsa_req->g = dsa_req->r + dsa_req->r_len;
554+ dsa_req->priv_key = dsa_req->g + dsa_req->g_len;
555+ dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len;
556+ dsa_req->c = dsa_req->m + dsa_req->m_len;
557+ dsa_req->d = dsa_req->c + dsa_req->d_len;
558+ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
559+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
560+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
561+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
562+ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p,
563+ dsa_req->priv_key_len);
564+ if (cop->crk_iparams == 6) {
565+ dsa_req->ab = dsa_req->d + dsa_req->d_len;
566+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
567+ dsa_req->ab_len);
568+ }
569+ rc = cryptodev_pkc_offload(pkc);
570+ if (pkc->type == SYNCHRONOUS) {
571+ if (rc)
572+ goto err;
573+ if (cop->crk_iparams == 6) {
574+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c,
575+ dsa_req->d_len);
576+ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d,
577+ dsa_req->d_len);
578+ } else {
579+ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c,
580+ dsa_req->d_len);
581+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d,
582+ dsa_req->d_len);
583+ }
584+ } else {
585+ if (rc != -EINPROGRESS && rc != 0)
586+ goto err;
587+
588+ pkc->cookie = buf;
589+ return rc;
590+ }
591+err:
592+ kfree(buf);
593+ return rc;
594+}
595+
596+int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
597+{
598+ struct kernel_crypt_kop *kop = &pkc->kop;
599+ struct crypt_kop *cop = &kop->kop;
600+ struct pkc_request *pkc_req;
601+ struct dsa_verify_req_s *dsa_req;
602+ int rc, buf_size;
603+ uint8_t *buf;
604+
605+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
606+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
607+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
608+ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 &&
609+ !cop->crk_param[7].crp_nbits))
610+ return -EINVAL;
611+
612+ pkc_req = &pkc->req;
613+ dsa_req = &pkc_req->req_u.dsa_verify;
614+ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
615+ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
616+ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
617+ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
618+ dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
619+ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8;
620+ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len +
621+ dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len +
622+ dsa_req->d_len;
623+ if (cop->crk_iparams == 8) {
624+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
625+ buf_size += dsa_req->ab_len;
626+ pkc_req->type = ECDSA_VERIFY;
627+ pkc_req->curve_type = cop->curve_type;
628+ } else {
629+ pkc_req->type = DSA_VERIFY;
630+ }
631+
632+ buf = kzalloc(buf_size, GFP_DMA);
633+
634+ dsa_req->q = buf;
635+ dsa_req->r = dsa_req->q + dsa_req->q_len;
636+ dsa_req->g = dsa_req->r + dsa_req->r_len;
637+ dsa_req->pub_key = dsa_req->g + dsa_req->g_len;
638+ dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len;
639+ dsa_req->c = dsa_req->m + dsa_req->m_len;
640+ dsa_req->d = dsa_req->c + dsa_req->d_len;
641+ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
642+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
643+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
644+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
645+ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p,
646+ dsa_req->pub_key_len);
647+ if (cop->crk_iparams == 8) {
648+ dsa_req->ab = dsa_req->d + dsa_req->d_len;
649+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
650+ dsa_req->ab_len);
651+ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p,
652+ dsa_req->d_len);
653+ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p,
654+ dsa_req->d_len);
655+ } else {
656+ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p,
657+ dsa_req->d_len);
658+ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p,
659+ dsa_req->d_len);
660+ }
661+ rc = cryptodev_pkc_offload(pkc);
662+ if (pkc->type == SYNCHRONOUS) {
663+ if (rc)
664+ goto err;
665+ } else {
666+ if (rc != -EINPROGRESS && !rc)
667+ goto err;
668+ pkc->cookie = buf;
669+ return rc;
670+ }
671+err:
672+ kfree(buf);
673+ return rc;
674+}
675+
676+int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
677+{
678+ struct kernel_crypt_kop *kop = &pkc->kop;
679+ struct crypt_kop *cop = &kop->kop;
680+ struct pkc_request *pkc_req;
681+ struct dh_key_req_s *dh_req;
682+ int buf_size;
683+ uint8_t *buf;
684+ int rc = -EINVAL;
685+
686+ pkc_req = &pkc->req;
687+ dh_req = &pkc_req->req_u.dh_req;
688+ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
689+ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8;
690+ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8;
691+ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len;
692+ if (cop->crk_iparams == 4) {
693+ pkc_req->type = ECDH_COMPUTE_KEY;
694+ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
695+ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8;
696+ buf_size += dh_req->ab_len;
697+ } else {
698+ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8;
699+ pkc_req->type = DH_COMPUTE_KEY;
700+ }
701+ buf_size += dh_req->z_len;
702+ buf = kzalloc(buf_size, GFP_DMA);
703+ dh_req->q = buf;
704+ dh_req->s = dh_req->q + dh_req->q_len;
705+ dh_req->pub_key = dh_req->s + dh_req->s_len;
706+ dh_req->z = dh_req->pub_key + dh_req->pub_key_len;
707+ if (cop->crk_iparams == 4) {
708+ dh_req->ab = dh_req->z + dh_req->z_len;
709+ pkc_req->curve_type = cop->curve_type;
710+ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
711+ dh_req->ab_len);
712+ }
713+ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len);
714+ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p,
715+ dh_req->pub_key_len);
716+ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
717+ rc = cryptodev_pkc_offload(pkc);
718+ if (pkc->type == SYNCHRONOUS) {
719+ if (rc)
720+ goto err;
721+ if (cop->crk_iparams == 4)
722+ copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
723+ dh_req->z_len);
724+ else
725+ copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
726+ dh_req->z_len);
727+ } else {
728+ if (rc != -EINPROGRESS && rc != 0)
729+ goto err;
730+
731+ pkc->cookie = buf;
732+ return rc;
733+ }
734+err:
735+ kfree(buf);
736+ return rc;
737+}
738+
739+int crypto_modexp_crt(struct cryptodev_pkc *pkc)
740+{
741+ struct kernel_crypt_kop *kop = &pkc->kop;
742+ struct crypt_kop *cop = &kop->kop;
743+ struct pkc_request *pkc_req;
744+ struct rsa_priv_frm3_req_s *rsa_req;
745+ int rc;
746+ uint8_t *buf;
747+
748+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
749+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
750+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits)
751+ return -EINVAL;
752+
753+ pkc_req = &pkc->req;
754+ pkc_req->type = RSA_PRIV_FORM3;
755+ rsa_req = &pkc_req->req_u.rsa_priv_f3;
756+ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8;
757+ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
758+ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
759+ rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8;
760+ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
761+ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
762+ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
763+ buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
764+ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
765+ rsa_req->g_len, GFP_DMA);
766+ rsa_req->p = buf;
767+ rsa_req->q = rsa_req->p + rsa_req->p_len;
768+ rsa_req->g = rsa_req->q + rsa_req->q_len;
769+ rsa_req->dp = rsa_req->g + rsa_req->g_len;
770+ rsa_req->dq = rsa_req->dp + rsa_req->dp_len;
771+ rsa_req->c = rsa_req->dq + rsa_req->dq_len;
772+ rsa_req->f = rsa_req->c + rsa_req->c_len;
773+ copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len);
774+ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len);
775+ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len);
776+ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len);
777+ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len);
778+ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
779+ rc = cryptodev_pkc_offload(pkc);
780+
781+ if (pkc->type == SYNCHRONOUS) {
782+ if (rc)
783+ goto err;
784+ copy_to_user(cop->crk_param[6].crp_p, rsa_req->f,
785+ rsa_req->f_len);
786+ } else {
787+ if (rc != -EINPROGRESS && rc != 0)
788+ goto err;
789+
790+ pkc->cookie = buf;
791+ return rc;
792+ }
793+err:
794+ kfree(buf);
795+ return rc;
796+}
797+
798+int crypto_bn_modexp(struct cryptodev_pkc *pkc)
799+{
800+ struct pkc_request *pkc_req;
801+ struct rsa_pub_req_s *rsa_req;
802+ int rc;
803+ struct kernel_crypt_kop *kop = &pkc->kop;
804+ struct crypt_kop *cop = &kop->kop;
805+ uint8_t *buf;
806+
807+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
808+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits)
809+ return -EINVAL;
810+
811+ pkc_req = &pkc->req;
812+ pkc_req->type = RSA_PUB;
813+ rsa_req = &pkc_req->req_u.rsa_pub_req;
814+ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8;
815+ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
816+ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
817+ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
818+ buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
819+ + rsa_req->g_len, GFP_DMA);
820+ if (!buf)
821+ return -ENOMEM;
822+
823+ rsa_req->e = buf;
824+ rsa_req->f = rsa_req->e + rsa_req->e_len;
825+ rsa_req->g = rsa_req->f + rsa_req->f_len;
826+ rsa_req->n = rsa_req->g + rsa_req->g_len;
827+ copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len);
828+ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len);
829+ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
830+ rc = cryptodev_pkc_offload(pkc);
831+ if (pkc->type == SYNCHRONOUS) {
832+ if (rc)
833+ goto err;
834+
835+ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g,
836+ rsa_req->g_len);
837+ } else {
838+ if (rc != -EINPROGRESS && rc != 0)
839+ goto err;
840+
841+ /* This one will be freed later in fetch handler */
842+ pkc->cookie = buf;
843+ return rc;
844+ }
845+err:
846+ kfree(buf);
847+ return rc;
848+}
849+
850+int crypto_run_asym(struct cryptodev_pkc *pkc)
851+{
852+ int ret = -EINVAL;
853+ struct kernel_crypt_kop *kop = &pkc->kop;
854+
855+ switch (kop->kop.crk_op) {
856+ case CRK_MOD_EXP:
857+ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1)
858+ goto err;
859+
860+ ret = crypto_bn_modexp(pkc);
861+ break;
862+ case CRK_MOD_EXP_CRT:
863+ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1)
864+ goto err;
865+
866+ ret = crypto_modexp_crt(pkc);
867+ break;
868+ case CRK_DSA_SIGN:
869+ if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) ||
870+ kop->kop.crk_oparams != 2)
871+ goto err;
872+
873+ ret = crypto_kop_dsasign(pkc);
874+ break;
875+ case CRK_DSA_VERIFY:
876+ if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) ||
877+ kop->kop.crk_oparams != 0)
878+ goto err;
879+
880+ ret = crypto_kop_dsaverify(pkc);
881+ break;
882+ case CRK_DH_COMPUTE_KEY:
883+ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) ||
884+ kop->kop.crk_oparams != 1)
885+ goto err;
886+ ret = crypto_kop_dh_key(pkc);
887+ break;
888+ }
889+err:
890+ return ret;
891+}
892+
893 int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop)
894 {
895 struct csession *ses_ptr;
896--
8972.7.0
898
diff --git a/recipes-kernel/cryptodev/sdk_patches/0004-Compat-versions-of-PKC-IOCTLs.patch b/recipes-kernel/cryptodev/sdk_patches/0004-Compat-versions-of-PKC-IOCTLs.patch
new file mode 100644
index 0000000..e963f58
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0004-Compat-versions-of-PKC-IOCTLs.patch
@@ -0,0 +1,200 @@
1From e0e5c1bfb21888bf9f87f72ac8cdf7eee951f619 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 06:52:13 +0545
4Subject: [PATCH 04/38] Compat versions of PKC IOCTLs
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 cryptodev_int.h | 20 ++++++++++
11 ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 140 insertions(+)
13
14diff --git a/cryptodev_int.h b/cryptodev_int.h
15index fdbcc61..cf54dac 100644
16--- a/cryptodev_int.h
17+++ b/cryptodev_int.h
18@@ -75,6 +75,24 @@ struct compat_crypt_op {
19 compat_uptr_t iv;/* initialization vector for encryption operations */
20 };
21
22+/* input of CIOCKEY */
23+struct compat_crparam {
24+ compat_uptr_t crp_p;
25+ uint32_t crp_nbits;
26+};
27+
28+struct compat_crypt_kop {
29+ uint32_t crk_op; /* cryptodev_crk_ot_t */
30+ uint32_t crk_status;
31+ uint16_t crk_iparams;
32+ uint16_t crk_oparams;
33+ uint32_t crk_pad1;
34+ struct compat_crparam crk_param[CRK_MAXPARAM];
35+ enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
36+ 2 = EC_BINARY */
37+ compat_uptr_t cookie;
38+};
39+
40 /* input of CIOCAUTHCRYPT */
41 struct compat_crypt_auth_op {
42 uint32_t ses; /* session identifier */
43@@ -111,6 +129,8 @@ struct compat_crypt_auth_op {
44 #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
45 #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
46 #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
47+#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop)
48+#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop)
49
50 #endif /* CONFIG_COMPAT */
51
52diff --git a/ioctl.c b/ioctl.c
53index 69980e3..9431025 100644
54--- a/ioctl.c
55+++ b/ioctl.c
56@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
57 /* compatibility code for 32bit userlands */
58 #ifdef CONFIG_COMPAT
59
60+static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat,
61+ struct crypt_kop *kop)
62+{
63+ int i;
64+ kop->crk_op = compat->crk_op;
65+ kop->crk_status = compat->crk_status;
66+ kop->crk_iparams = compat->crk_iparams;
67+ kop->crk_oparams = compat->crk_oparams;
68+
69+ for (i = 0; i < CRK_MAXPARAM; i++) {
70+ kop->crk_param[i].crp_p =
71+ compat_ptr(compat->crk_param[i].crp_p);
72+ kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits;
73+ }
74+
75+ kop->curve_type = compat->curve_type;
76+ kop->cookie = compat->cookie;
77+}
78+
79+static int compat_kop_from_user(struct kernel_crypt_kop *kop,
80+ void __user *arg)
81+{
82+ struct compat_crypt_kop compat_kop;
83+
84+ if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop))))
85+ return -EFAULT;
86+
87+ compat_to_crypt_kop(&compat_kop, &kop->kop);
88+ return fill_kop_from_cop(kop);
89+}
90+
91+static inline void crypt_kop_to_compat(struct crypt_kop *kop,
92+ struct compat_crypt_kop *compat)
93+{
94+ int i;
95+
96+ compat->crk_op = kop->crk_op;
97+ compat->crk_status = kop->crk_status;
98+ compat->crk_iparams = kop->crk_iparams;
99+ compat->crk_oparams = kop->crk_oparams;
100+
101+ for (i = 0; i < CRK_MAXPARAM; i++) {
102+ compat->crk_param[i].crp_p =
103+ ptr_to_compat(kop->crk_param[i].crp_p);
104+ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
105+ }
106+ compat->cookie = kop->cookie;
107+ compat->curve_type = kop->curve_type;
108+}
109+
110+static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg)
111+{
112+ struct compat_crypt_kop compat_kop;
113+
114+ crypt_kop_to_compat(&kop->kop, &compat_kop);
115+ if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) {
116+ dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
117+ return -EFAULT;
118+ }
119+ return 0;
120+}
121+
122 static inline void
123 compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
124 {
125@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
126 return -EFAULT;
127 }
128 return ret;
129+ case COMPAT_CIOCKEY:
130+ {
131+ struct cryptodev_pkc *pkc =
132+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
133+
134+ if (!pkc)
135+ return -ENOMEM;
136+
137+ ret = compat_kop_from_user(&pkc->kop, arg);
138+
139+ if (unlikely(ret)) {
140+ kfree(pkc);
141+ return ret;
142+ }
143
144+ pkc->type = SYNCHRONOUS;
145+ ret = crypto_run_asym(pkc);
146+ kfree(pkc);
147+ }
148+ return ret;
149 case COMPAT_CIOCCRYPT:
150 ret = compat_kcop_from_user(&kcop, fcr, arg);
151 if (unlikely(ret))
152@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
153
154 return compat_kcop_to_user(&kcop, fcr, arg);
155 #endif
156+ case COMPAT_CIOCASYMASYNCRYPT:
157+ {
158+ struct cryptodev_pkc *pkc =
159+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
160+
161+ ret = compat_kop_from_user(&pkc->kop, arg);
162+ if (unlikely(ret))
163+ return -EINVAL;
164+
165+ /* Store associated FD priv data with asymmetric request */
166+ pkc->priv = pcr;
167+ pkc->type = ASYNCHRONOUS;
168+ ret = crypto_run_asym(pkc);
169+ if (ret == -EINPROGRESS)
170+ ret = 0;
171+ }
172+ return ret;
173+ case COMPAT_CIOCASYMASYNFETCH:
174+ {
175+ struct cryptodev_pkc *pkc;
176+ unsigned long flags;
177+
178+ spin_lock_irqsave(&pcr->completion_lock, flags);
179+ if (list_empty(&pcr->asym_completed_list)) {
180+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
181+ return -ENOMEM;
182+ }
183+ pkc = list_first_entry(&pcr->asym_completed_list,
184+ struct cryptodev_pkc, list);
185+ list_del(&pkc->list);
186+ spin_unlock_irqrestore(&pcr->completion_lock, flags);
187+ ret = crypto_async_fetch_asym(pkc);
188+
189+ /* Reflect the updated request to user-space */
190+ if (!ret)
191+ compat_kop_to_user(&pkc->kop, arg);
192+ kfree(pkc);
193+ }
194+ return ret;
195 default:
196 return -EINVAL;
197 }
198--
1992.7.0
200
diff --git a/recipes-kernel/cryptodev/sdk_patches/0005-Asynchronous-interface-changes-in-cryptodev.patch b/recipes-kernel/cryptodev/sdk_patches/0005-Asynchronous-interface-changes-in-cryptodev.patch
new file mode 100644
index 0000000..5b96e84
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0005-Asynchronous-interface-changes-in-cryptodev.patch
@@ -0,0 +1,213 @@
1From d98f979d76c30058da24e62220f19c5b8c627819 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 07:24:00 +0545
4Subject: [PATCH 05/38] Asynchronous interface changes in cryptodev
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 cryptlib.h | 7 ++++-
11 crypto/cryptodev.h | 10 ++++++-
12 cryptodev_int.h | 10 ++++++-
13 ioctl.c | 76 +++++++++++++++++++++++++++++++++++++-----------------
14 4 files changed, 76 insertions(+), 27 deletions(-)
15
16diff --git a/cryptlib.h b/cryptlib.h
17index 56d325a..7ffa54c 100644
18--- a/cryptlib.h
19+++ b/cryptlib.h
20@@ -113,7 +113,12 @@ struct cryptodev_pkc {
21 struct pkc_request req; /* PKC request structure allocated
22 from CryptoAPI */
23 enum offload_type type; /* Synchronous Vs Asynchronous request */
24- void *cookie; /*Additional opaque cookie to be used in future */
25+ /*
26+ * cookie used for transfering tranparent information from async
27+ * submission to async fetch. Currently some dynamic allocated
28+ * buffers are maintained which will be freed later during fetch
29+ */
30+ void *cookie;
31 struct crypt_priv *priv;
32 };
33
34diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
35index 96675fe..4436fbf 100644
36--- a/crypto/cryptodev.h
37+++ b/crypto/cryptodev.h
38@@ -254,6 +254,14 @@ struct crypt_kop {
39 void *cookie;
40 };
41
42+#define MAX_COOKIES 4
43+
44+struct pkc_cookie_list_s {
45+ int cookie_available;
46+ void *cookie[MAX_COOKIES];
47+ int status[MAX_COOKIES];
48+};
49+
50 enum cryptodev_crk_op_t {
51 CRK_MOD_EXP = 0,
52 CRK_MOD_EXP_CRT = 1,
53@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t {
54 #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
55 /* additional ioctls for asynchronous operation for asymmetric ciphers*/
56 #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop)
57-#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop)
58+#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s)
59 #endif /* L_CRYPTODEV_H */
60diff --git a/cryptodev_int.h b/cryptodev_int.h
61index cf54dac..5347cae 100644
62--- a/cryptodev_int.h
63+++ b/cryptodev_int.h
64@@ -93,6 +93,12 @@ struct compat_crypt_kop {
65 compat_uptr_t cookie;
66 };
67
68+struct compat_pkc_cookie_list_s {
69+ int cookie_available;
70+ compat_uptr_t cookie[MAX_COOKIES];
71+ int status[MAX_COOKIES];
72+};
73+
74 /* input of CIOCAUTHCRYPT */
75 struct compat_crypt_auth_op {
76 uint32_t ses; /* session identifier */
77@@ -126,11 +132,13 @@ struct compat_crypt_auth_op {
78 /* compat ioctls, defined for the above structs */
79 #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op)
80 #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op)
81+#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop)
82 #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
83 #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
84 #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
85 #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop)
86-#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop)
87+#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \
88+ struct compat_pkc_cookie_list_s)
89
90 #endif /* CONFIG_COMPAT */
91
92diff --git a/ioctl.c b/ioctl.c
93index 9431025..e2f407f 100644
94--- a/ioctl.c
95+++ b/ioctl.c
96@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
97 crypto_free_pkc(pkc->s);
98 res->err = err;
99 if (pkc->type == SYNCHRONOUS) {
100- if (err == -EINPROGRESS)
101- return;
102 complete(&res->completion);
103 } else {
104 struct crypt_priv *pcr = pkc->priv;
105@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
106 ret = 0;
107 }
108 return ret;
109- case CIOCASYMASYNFETCH:
110+ case CIOCASYMFETCHCOOKIE:
111 {
112 struct cryptodev_pkc *pkc;
113 unsigned long flags;
114+ int i;
115+ struct pkc_cookie_list_s cookie_list;
116
117 spin_lock_irqsave(&pcr->completion_lock, flags);
118- if (list_empty(&pcr->asym_completed_list)) {
119- spin_unlock_irqrestore(&pcr->completion_lock, flags);
120- return -ENOMEM;
121+ cookie_list.cookie_available = 0;
122+ for (i = 0; i < MAX_COOKIES; i++) {
123+ if (!list_empty(&pcr->asym_completed_list)) {
124+ /* Run a loop in the list for upto elements
125+ and copy their response back */
126+ pkc =
127+ list_first_entry(&pcr->asym_completed_list,
128+ struct cryptodev_pkc, list);
129+ list_del(&pkc->list);
130+ ret = crypto_async_fetch_asym(pkc);
131+ if (!ret) {
132+ cookie_list.cookie_available++;
133+ cookie_list.cookie[i] =
134+ pkc->kop.kop.cookie;
135+ cookie_list.status[i] = pkc->result.err;
136+ }
137+ kfree(pkc);
138+ } else {
139+ break;
140+ }
141 }
142- pkc = list_first_entry(&pcr->asym_completed_list,
143- struct cryptodev_pkc, list);
144- list_del(&pkc->list);
145 spin_unlock_irqrestore(&pcr->completion_lock, flags);
146- ret = crypto_async_fetch_asym(pkc);
147
148 /* Reflect the updated request to user-space */
149- if (!ret)
150- kop_to_user(&pkc->kop, arg);
151- kfree(pkc);
152+ if (cookie_list.cookie_available)
153+ copy_to_user(arg, &cookie_list,
154+ sizeof(struct pkc_cookie_list_s));
155 }
156 return ret;
157 default:
158@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
159 ret = 0;
160 }
161 return ret;
162- case COMPAT_CIOCASYMASYNFETCH:
163+ case COMPAT_CIOCASYMFETCHCOOKIE:
164 {
165 struct cryptodev_pkc *pkc;
166 unsigned long flags;
167+ int i = 0;
168+ struct compat_pkc_cookie_list_s cookie_list;
169
170 spin_lock_irqsave(&pcr->completion_lock, flags);
171- if (list_empty(&pcr->asym_completed_list)) {
172- spin_unlock_irqrestore(&pcr->completion_lock, flags);
173- return -ENOMEM;
174+ cookie_list.cookie_available = 0;
175+
176+ for (i = 0; i < MAX_COOKIES; i++) {
177+ if (!list_empty(&pcr->asym_completed_list)) {
178+ /* Run a loop in the list for upto elements
179+ and copy their response back */
180+ pkc =
181+ list_first_entry(&pcr->asym_completed_list,
182+ struct cryptodev_pkc, list);
183+ list_del(&pkc->list);
184+ ret = crypto_async_fetch_asym(pkc);
185+ if (!ret) {
186+ cookie_list.cookie_available++;
187+ cookie_list.cookie[i] =
188+ pkc->kop.kop.cookie;
189+ }
190+ kfree(pkc);
191+ } else {
192+ break;
193+ }
194 }
195- pkc = list_first_entry(&pcr->asym_completed_list,
196- struct cryptodev_pkc, list);
197- list_del(&pkc->list);
198 spin_unlock_irqrestore(&pcr->completion_lock, flags);
199- ret = crypto_async_fetch_asym(pkc);
200
201 /* Reflect the updated request to user-space */
202- if (!ret)
203- compat_kop_to_user(&pkc->kop, arg);
204- kfree(pkc);
205+ if (cookie_list.cookie_available)
206+ copy_to_user(arg, &cookie_list,
207+ sizeof(struct compat_pkc_cookie_list_s));
208 }
209 return ret;
210 default:
211--
2122.7.0
213
diff --git a/recipes-kernel/cryptodev/sdk_patches/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/recipes-kernel/cryptodev/sdk_patches/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
new file mode 100644
index 0000000..978efd1
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch
@@ -0,0 +1,212 @@
1From b92d23a790d9634d52db3b9a5e1882fde620b073 Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 07:53:53 +0545
4Subject: [PATCH 06/38] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 cryptlib.c | 2 ++
11 crypto/cryptodev.h | 5 +++-
12 ioctl.c | 29 +++++++++++++++++--
13 main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
14 4 files changed, 118 insertions(+), 3 deletions(-)
15
16diff --git a/cryptlib.c b/cryptlib.c
17index 6900028..47cd568 100644
18--- a/cryptlib.c
19+++ b/cryptlib.c
20@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
21 case DSA_VERIFY:
22 case ECDSA_SIGN:
23 case ECDSA_VERIFY:
24+ case DLC_KEYGEN:
25+ case ECC_KEYGEN:
26 pkc->s = crypto_alloc_pkc("pkc(dsa)",
27 CRYPTO_ALG_TYPE_PKC_DSA, 0);
28 break;
29diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
30index 4436fbf..275a55c 100644
31--- a/crypto/cryptodev.h
32+++ b/crypto/cryptodev.h
33@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t {
34 CRK_DSA_SIGN = 2,
35 CRK_DSA_VERIFY = 3,
36 CRK_DH_COMPUTE_KEY = 4,
37+ CRK_DSA_GENERATE_KEY = 5,
38+ CRK_DH_GENERATE_KEY = 6,
39 CRK_ALGORITHM_ALL
40 };
41
42@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t {
43 #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
44 #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
45 #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
46-
47+#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY)
48+#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY)
49
50 /* ioctl's. Compatible with old linux cryptodev.h
51 */
52diff --git a/ioctl.c b/ioctl.c
53index e2f407f..1f0741a 100644
54--- a/ioctl.c
55+++ b/ioctl.c
56@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
57 dh_req->z, dh_req->z_len);
58 }
59 break;
60+ case CRK_DSA_GENERATE_KEY:
61+ case CRK_DH_GENERATE_KEY:
62+ {
63+ struct keygen_req_s *key_req = &pkc_req->req_u.keygen;
64+
65+ if (pkc_req->type == ECC_KEYGEN) {
66+ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
67+ key_req->pub_key_len);
68+ copy_to_user(ckop->crk_param[5].crp_p,
69+ key_req->priv_key, key_req->priv_key_len);
70+ } else {
71+ copy_to_user(ckop->crk_param[3].crp_p,
72+ key_req->pub_key, key_req->pub_key_len);
73+ copy_to_user(ckop->crk_param[4].crp_p,
74+ key_req->priv_key, key_req->priv_key_len);
75+ }
76+ }
77 default:
78 ret = -EINVAL;
79 }
80@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
81
82 switch (cmd) {
83 case CIOCASYMFEAT:
84- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP |
85- CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p);
86+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
87+ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
88+ CRF_DSA_GENERATE_KEY, p);
89 case CRIOGET:
90 fd = clonefd(filp);
91 ret = put_user(fd, p);
92@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
93 if (cookie_list.cookie_available)
94 copy_to_user(arg, &cookie_list,
95 sizeof(struct pkc_cookie_list_s));
96+ else {
97+ struct pkc_cookie_list_s *user_ck_list = (void *)arg;
98+
99+ put_user(0, &(user_ck_list->cookie_available));
100+ }
101+ ret = cookie_list.cookie_available;
102 }
103+
104 return ret;
105 default:
106 return -EINVAL;
107diff --git a/main.c b/main.c
108index 0b7951e..c901bc7 100644
109--- a/main.c
110+++ b/main.c
111@@ -342,6 +342,85 @@ err:
112 return rc;
113 }
114
115+int crypto_kop_keygen(struct cryptodev_pkc *pkc)
116+{
117+ struct kernel_crypt_kop *kop = &pkc->kop;
118+ struct crypt_kop *cop = &kop->kop;
119+ struct pkc_request *pkc_req;
120+ struct keygen_req_s *key_req;
121+ int rc, buf_size;
122+ uint8_t *buf;
123+
124+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
125+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
126+ !cop->crk_param[4].crp_nbits)
127+ return -EINVAL;
128+
129+ pkc_req = &pkc->req;
130+ key_req = &pkc_req->req_u.keygen;
131+ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8;
132+ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8;
133+ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
134+ if (cop->crk_iparams == 3) {
135+ key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8;
136+ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
137+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
138+ key_req->pub_key_len + key_req->priv_key_len;
139+ pkc_req->type = DLC_KEYGEN;
140+ } else {
141+ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
142+ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
143+ key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8;
144+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
145+ key_req->pub_key_len + key_req->priv_key_len +
146+ key_req->ab_len;
147+ pkc_req->type = ECC_KEYGEN;
148+ pkc_req->curve_type = cop->curve_type;
149+ }
150+
151+ buf = kzalloc(buf_size, GFP_DMA);
152+ if (!buf)
153+ return -ENOMEM;
154+
155+ key_req->q = buf;
156+ key_req->r = key_req->q + key_req->q_len;
157+ key_req->g = key_req->r + key_req->r_len;
158+ key_req->pub_key = key_req->g + key_req->g_len;
159+ key_req->priv_key = key_req->pub_key + key_req->pub_key_len;
160+ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
161+ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
162+ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
163+ if (cop->crk_iparams == 3) {
164+ copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
165+ key_req->pub_key_len);
166+ copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
167+ key_req->priv_key_len);
168+ } else {
169+ key_req->ab = key_req->priv_key + key_req->priv_key_len;
170+ copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
171+ key_req->ab_len);
172+ copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
173+ key_req->pub_key_len);
174+ copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
175+ key_req->priv_key_len);
176+ }
177+
178+ rc = cryptodev_pkc_offload(pkc);
179+ if (pkc->type == SYNCHRONOUS) {
180+ if (rc)
181+ goto err;
182+ } else {
183+ if (rc != -EINPROGRESS && !rc)
184+ goto err;
185+
186+ pkc->cookie = buf;
187+ return rc;
188+ }
189+err:
190+ kfree(buf);
191+ return rc;
192+}
193+
194 int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
195 {
196 struct kernel_crypt_kop *kop = &pkc->kop;
197@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
198 goto err;
199 ret = crypto_kop_dh_key(pkc);
200 break;
201+ case CRK_DH_GENERATE_KEY:
202+ case CRK_DSA_GENERATE_KEY:
203+ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4))
204+ goto err;
205+ ret = crypto_kop_keygen(pkc);
206+ break;
207 }
208 err:
209 return ret;
210--
2112.7.0
212
diff --git a/recipes-kernel/cryptodev/sdk_patches/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/recipes-kernel/cryptodev/sdk_patches/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
new file mode 100644
index 0000000..cfaabae
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch
@@ -0,0 +1,238 @@
1From 00a8ac310a33767eac0a07e32597c1a6f467315f Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Fri, 7 Mar 2014 08:49:15 +0545
4Subject: [PATCH 07/38] RCU stall fixed in PKC asynchronous interface
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9---
10 ioctl.c | 23 +++++++++++------------
11 main.c | 43 +++++++++++++++++++++++++++----------------
12 2 files changed, 38 insertions(+), 28 deletions(-)
13
14diff --git a/ioctl.c b/ioctl.c
15index 1f0741a..e4e16a8 100644
16--- a/ioctl.c
17+++ b/ioctl.c
18@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
19 complete(&res->completion);
20 } else {
21 struct crypt_priv *pcr = pkc->priv;
22- unsigned long flags;
23- spin_lock_irqsave(&pcr->completion_lock, flags);
24+ spin_lock_bh(&pcr->completion_lock);
25 list_add_tail(&pkc->list, &pcr->asym_completed_list);
26- spin_unlock_irqrestore(&pcr->completion_lock, flags);
27+ spin_unlock_bh(&pcr->completion_lock);
28 /* wake for POLLIN */
29 wake_up_interruptible(&pcr->user_waiter);
30 }
31@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
32 case CIOCASYMFEAT:
33 return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
34 CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
35- CRF_DSA_GENERATE_KEY, p);
36+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
37 case CRIOGET:
38 fd = clonefd(filp);
39 ret = put_user(fd, p);
40@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
41 case CIOCKEY:
42 {
43 struct cryptodev_pkc *pkc =
44- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
45+ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
46
47 if (!pkc)
48 return -ENOMEM;
49@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
50 case CIOCASYMASYNCRYPT:
51 {
52 struct cryptodev_pkc *pkc =
53- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
54+ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL);
55 ret = kop_from_user(&pkc->kop, arg);
56
57 if (unlikely(ret))
58@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
59 case CIOCASYMFETCHCOOKIE:
60 {
61 struct cryptodev_pkc *pkc;
62- unsigned long flags;
63 int i;
64 struct pkc_cookie_list_s cookie_list;
65
66- spin_lock_irqsave(&pcr->completion_lock, flags);
67 cookie_list.cookie_available = 0;
68 for (i = 0; i < MAX_COOKIES; i++) {
69+ spin_lock_bh(&pcr->completion_lock);
70 if (!list_empty(&pcr->asym_completed_list)) {
71 /* Run a loop in the list for upto elements
72 and copy their response back */
73@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
74 list_first_entry(&pcr->asym_completed_list,
75 struct cryptodev_pkc, list);
76 list_del(&pkc->list);
77+ spin_unlock_bh(&pcr->completion_lock);
78 ret = crypto_async_fetch_asym(pkc);
79 if (!ret) {
80 cookie_list.cookie_available++;
81@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
82 }
83 kfree(pkc);
84 } else {
85+ spin_unlock_bh(&pcr->completion_lock);
86 break;
87 }
88 }
89- spin_unlock_irqrestore(&pcr->completion_lock, flags);
90
91 /* Reflect the updated request to user-space */
92 if (cookie_list.cookie_available)
93@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
94 case COMPAT_CIOCASYMFETCHCOOKIE:
95 {
96 struct cryptodev_pkc *pkc;
97- unsigned long flags;
98 int i = 0;
99 struct compat_pkc_cookie_list_s cookie_list;
100
101- spin_lock_irqsave(&pcr->completion_lock, flags);
102 cookie_list.cookie_available = 0;
103
104 for (i = 0; i < MAX_COOKIES; i++) {
105+ spin_lock_bh(&pcr->completion_lock);
106 if (!list_empty(&pcr->asym_completed_list)) {
107 /* Run a loop in the list for upto elements
108 and copy their response back */
109@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
110 list_first_entry(&pcr->asym_completed_list,
111 struct cryptodev_pkc, list);
112 list_del(&pkc->list);
113+ spin_unlock_bh(&pcr->completion_lock);
114 ret = crypto_async_fetch_asym(pkc);
115 if (!ret) {
116 cookie_list.cookie_available++;
117@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
118 }
119 kfree(pkc);
120 } else {
121+ spin_unlock_bh(&pcr->completion_lock);
122 break;
123 }
124 }
125- spin_unlock_irqrestore(&pcr->completion_lock, flags);
126
127 /* Reflect the updated request to user-space */
128 if (cookie_list.cookie_available)
129diff --git a/main.c b/main.c
130index c901bc7..2747706 100644
131--- a/main.c
132+++ b/main.c
133@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
134 pkc_req->type = DSA_SIGN;
135 }
136
137- buf = kzalloc(buf_size, GFP_DMA);
138+ buf = kmalloc(buf_size, GFP_DMA);
139+ if (!buf)
140+ return -ENOMEM;
141
142 dsa_req->q = buf;
143 dsa_req->r = dsa_req->q + dsa_req->q_len;
144@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
145 pkc_req->type = DSA_VERIFY;
146 }
147
148- buf = kzalloc(buf_size, GFP_DMA);
149+ buf = kmalloc(buf_size, GFP_DMA);
150+ if (!buf)
151+ return -ENOMEM;
152
153 dsa_req->q = buf;
154 dsa_req->r = dsa_req->q + dsa_req->q_len;
155@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
156 pkc_req->curve_type = cop->curve_type;
157 }
158
159- buf = kzalloc(buf_size, GFP_DMA);
160+ buf = kmalloc(buf_size, GFP_DMA);
161 if (!buf)
162 return -ENOMEM;
163
164@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
165 copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
166 copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
167 copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
168- if (cop->crk_iparams == 3) {
169- copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p,
170- key_req->pub_key_len);
171- copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p,
172- key_req->priv_key_len);
173- } else {
174+ if (cop->crk_iparams == 4) {
175 key_req->ab = key_req->priv_key + key_req->priv_key_len;
176 copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
177 key_req->ab_len);
178- copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p,
179- key_req->pub_key_len);
180- copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p,
181- key_req->priv_key_len);
182 }
183
184 rc = cryptodev_pkc_offload(pkc);
185 if (pkc->type == SYNCHRONOUS) {
186 if (rc)
187 goto err;
188+
189+ if (cop->crk_iparams == 4) {
190+ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
191+ key_req->pub_key_len);
192+ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
193+ key_req->priv_key_len);
194+ } else {
195+ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
196+ key_req->pub_key_len);
197+ copy_to_user(cop->crk_param[4].crp_p,
198+ key_req->priv_key, key_req->priv_key_len);
199+ }
200 } else {
201 if (rc != -EINPROGRESS && !rc)
202 goto err;
203@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
204 pkc_req->type = DH_COMPUTE_KEY;
205 }
206 buf_size += dh_req->z_len;
207- buf = kzalloc(buf_size, GFP_DMA);
208+ buf = kmalloc(buf_size, GFP_DMA);
209+ if (!buf)
210+ return -ENOMEM;
211 dh_req->q = buf;
212 dh_req->s = dh_req->q + dh_req->q_len;
213 dh_req->pub_key = dh_req->s + dh_req->s_len;
214@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
215 rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8;
216 rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8;
217 rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8;
218- buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
219+ buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len +
220 rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len +
221 rsa_req->g_len, GFP_DMA);
222+ if (!buf)
223+ return -ENOMEM;
224 rsa_req->p = buf;
225 rsa_req->q = rsa_req->p + rsa_req->p_len;
226 rsa_req->g = rsa_req->q + rsa_req->q_len;
227@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
228 rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
229 rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
230 rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8;
231- buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
232+ buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len
233 + rsa_req->g_len, GFP_DMA);
234 if (!buf)
235 return -ENOMEM;
236--
2372.7.0
238
diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-Add-RSA-Key-generation-offloading.patch b/recipes-kernel/cryptodev/sdk_patches/0008-Add-RSA-Key-generation-offloading.patch
new file mode 100644
index 0000000..ef4ea09
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0008-Add-RSA-Key-generation-offloading.patch
@@ -0,0 +1,170 @@
1From a2cbb5fcc2d6f3734b5ed2826e828d852cfdf8ba Mon Sep 17 00:00:00 2001
2From: Hou Zhiqiang <B48286@freescale.com>
3Date: Wed, 19 Mar 2014 14:02:46 +0800
4Subject: [PATCH 08/38] Add RSA Key generation offloading
5
6Upstream-status: Pending
7
8Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
9Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
10---
11 cryptlib.c | 1 +
12 crypto/cryptodev.h | 2 ++
13 ioctl.c | 3 +-
14 main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
15 4 files changed, 84 insertions(+), 2 deletions(-)
16
17diff --git a/cryptlib.c b/cryptlib.c
18index 47cd568..4dd1847 100644
19--- a/cryptlib.c
20+++ b/cryptlib.c
21@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
22 struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
23
24 switch (pkc_req->type) {
25+ case RSA_KEYGEN:
26 case RSA_PUB:
27 case RSA_PRIV_FORM1:
28 case RSA_PRIV_FORM2:
29diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
30index 275a55c..d0cc542 100644
31--- a/crypto/cryptodev.h
32+++ b/crypto/cryptodev.h
33@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t {
34 CRK_DH_COMPUTE_KEY = 4,
35 CRK_DSA_GENERATE_KEY = 5,
36 CRK_DH_GENERATE_KEY = 6,
37+ CRK_RSA_GENERATE_KEY = 7,
38 CRK_ALGORITHM_ALL
39 };
40
41@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t {
42 */
43 #define CRF_MOD_EXP (1 << CRK_MOD_EXP)
44 #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
45+#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY)
46 #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
47 #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
48 #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
49diff --git a/ioctl.c b/ioctl.c
50index e4e16a8..3762a47 100644
51--- a/ioctl.c
52+++ b/ioctl.c
53@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
54 case CIOCASYMFEAT:
55 return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
56 CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
57- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p);
58+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
59+ CRF_RSA_GENERATE_KEY, p);
60 case CRIOGET:
61 fd = clonefd(filp);
62 ret = put_user(fd, p);
63diff --git a/main.c b/main.c
64index 2747706..14dcf40 100644
65--- a/main.c
66+++ b/main.c
67@@ -346,6 +346,82 @@ err:
68 return rc;
69 }
70
71+int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
72+{
73+ struct kernel_crypt_kop *kop = &pkc->kop;
74+ struct crypt_kop *cop = &kop->kop;
75+ struct pkc_request *pkc_req;
76+ struct rsa_keygen_req_s *key_req;
77+ int rc, buf_size;
78+ uint8_t *buf;
79+
80+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits ||
81+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits ||
82+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits ||
83+ !cop->crk_param[6].crp_nbits)
84+ return -EINVAL;
85+
86+ pkc_req = &pkc->req;
87+ pkc_req->type = RSA_KEYGEN;
88+ key_req = &pkc_req->req_u.rsa_keygen;
89+ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
90+ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8;
91+ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8;
92+ key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8;
93+ key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8;
94+ key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8;
95+ key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8;
96+ key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8;
97+
98+ buf_size = key_req->p_len + key_req->q_len + key_req->n_len +
99+ key_req->d_len + key_req->dp_len +
100+ key_req->dq_len + key_req->c_len;
101+
102+ buf = kmalloc(buf_size, GFP_DMA);
103+ if (!buf)
104+ return -ENOMEM;
105+ key_req->p = buf;
106+ key_req->q = key_req->p + key_req->p_len;
107+ key_req->n = key_req->q + key_req->q_len;
108+ key_req->d = key_req->n + key_req->n_len;
109+ key_req->dp = key_req->d + key_req->d_len;
110+ key_req->dq = key_req->dp + key_req->dp_len;
111+ key_req->c = key_req->dq + key_req->dq_len;
112+
113+ rc = cryptodev_pkc_offload(pkc);
114+
115+ if (pkc->type == SYNCHRONOUS) {
116+ if (rc)
117+ goto err;
118+
119+ copy_to_user(cop->crk_param[0].crp_p,
120+ key_req->p, key_req->p_len);
121+ copy_to_user(cop->crk_param[1].crp_p,
122+ key_req->q, key_req->q_len);
123+ copy_to_user(cop->crk_param[2].crp_p,
124+ key_req->n, key_req->n_len);
125+ copy_to_user(cop->crk_param[3].crp_p,
126+ key_req->d, key_req->d_len);
127+ copy_to_user(cop->crk_param[4].crp_p,
128+ key_req->dp, key_req->dp_len);
129+ copy_to_user(cop->crk_param[5].crp_p,
130+ key_req->dq, key_req->dq_len);
131+ copy_to_user(cop->crk_param[6].crp_p,
132+ key_req->c, key_req->c_len);
133+ } else {
134+ if (rc != -EINPROGRESS && !rc) {
135+ printk("%s: Failed\n", __func__);
136+ goto err;
137+ }
138+ pkc->cookie = buf;
139+ return rc;
140+ }
141+err:
142+ kfree(buf);
143+ return rc;
144+
145+}
146+
147 int crypto_kop_keygen(struct cryptodev_pkc *pkc)
148 {
149 struct kernel_crypt_kop *kop = &pkc->kop;
150@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
151 buf = kmalloc(buf_size, GFP_DMA);
152 if (!buf)
153 return -ENOMEM;
154-
155 key_req->q = buf;
156 key_req->r = key_req->q + key_req->q_len;
157 key_req->g = key_req->r + key_req->r_len;
158@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
159 goto err;
160 ret = crypto_kop_keygen(pkc);
161 break;
162+ case CRK_RSA_GENERATE_KEY:
163+ ret = crypto_kop_rsa_keygen(pkc);
164+ break;
165 }
166 err:
167 return ret;
168--
1692.7.0
170
diff --git a/recipes-kernel/cryptodev/sdk_patches/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/recipes-kernel/cryptodev/sdk_patches/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
new file mode 100644
index 0000000..47fd2e1
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch
@@ -0,0 +1,160 @@
1From 263483d1023f6c1c35b5488b9b79796ee2605e9b Mon Sep 17 00:00:00 2001
2From: Yashpal Dutta <yashpal.dutta@freescale.com>
3Date: Thu, 17 Apr 2014 07:08:47 +0545
4Subject: [PATCH 09/38] Fixed compilation error of openssl with fsl cryptodev
5
6Upstream-status: Pending
7
8Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
9Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
10---
11 authenc.c | 1 +
12 cryptlib.c | 9 ++++-----
13 crypto/cryptodev.h | 9 ++++++++-
14 cryptodev_int.h | 2 +-
15 ioctl.c | 8 ++++++--
16 main.c | 1 +
17 6 files changed, 21 insertions(+), 9 deletions(-)
18
19diff --git a/authenc.c b/authenc.c
20index ef0d3db..2aa4d38 100644
21--- a/authenc.c
22+++ b/authenc.c
23@@ -2,6 +2,7 @@
24 * Driver for /dev/crypto device (aka CryptoDev)
25 *
26 * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc.
27+ * Copyright (c) 2014 Freescale Semiconductor, Inc.
28 *
29 * Author: Nikos Mavrogiannopoulos
30 *
31diff --git a/cryptlib.c b/cryptlib.c
32index 4dd1847..ec6693e 100644
33--- a/cryptlib.c
34+++ b/cryptlib.c
35@@ -4,8 +4,7 @@
36 * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
37 * Portions Copyright (c) 2010 Michael Weiser
38 * Portions Copyright (c) 2010 Phil Sutter
39- *
40- * Copyright 2012 Freescale Semiconductor, Inc.
41+ * Copyright 2012-2014 Freescale Semiconductor, Inc.
42 *
43 * This file is part of linux cryptodev.
44 *
45@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
46 if (alg->max_keysize > 0 &&
47 unlikely((keylen < alg->min_keysize) ||
48 (keylen > alg->max_keysize))) {
49- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
50+ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.",
51 keylen, alg_name, alg->min_keysize, alg->max_keysize);
52 ret = -EINVAL;
53 goto error;
54@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
55 }
56
57 if (unlikely(ret)) {
58- ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8);
59+ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8);
60 ret = -EINVAL;
61 goto error;
62 }
63@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
64 if (hmac_mode != 0) {
65 ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen);
66 if (unlikely(ret)) {
67- ddebug(1, "Setting hmac key failed for %s-%zu.",
68+ ddebug(1, "Setting hmac key failed for %s-%u.",
69 alg_name, mackeylen*8);
70 ret = -EINVAL;
71 goto error;
72diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
73index d0cc542..e7edd97 100644
74--- a/crypto/cryptodev.h
75+++ b/crypto/cryptodev.h
76@@ -234,6 +234,13 @@ struct crypt_auth_op {
77 #define CRYPTO_ALG_FLAG_RNG_ENABLE 2
78 #define CRYPTO_ALG_FLAG_DSA_SHA 4
79
80+enum ec_curve_t {
81+ EC_DISCRETE_LOG,
82+ EC_PRIME,
83+ EC_BINARY,
84+ MAX_EC_TYPE
85+};
86+
87 struct crparam {
88 __u8 *crp_p;
89 __u32 crp_nbits;
90@@ -249,7 +256,7 @@ struct crypt_kop {
91 __u16 crk_oparams;
92 __u32 crk_pad1;
93 struct crparam crk_param[CRK_MAXPARAM];
94- enum curve_t curve_type; /* 0 == Discrete Log,
95+ enum ec_curve_t curve_type; /* 0 == Discrete Log,
96 1 = EC_PRIME, 2 = EC_BINARY */
97 void *cookie;
98 };
99diff --git a/cryptodev_int.h b/cryptodev_int.h
100index 5347cae..c83c885 100644
101--- a/cryptodev_int.h
102+++ b/cryptodev_int.h
103@@ -88,7 +88,7 @@ struct compat_crypt_kop {
104 uint16_t crk_oparams;
105 uint32_t crk_pad1;
106 struct compat_crparam crk_param[CRK_MAXPARAM];
107- enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
108+ enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME,
109 2 = EC_BINARY */
110 compat_uptr_t cookie;
111 };
112diff --git a/ioctl.c b/ioctl.c
113index 3762a47..c97320b 100644
114--- a/ioctl.c
115+++ b/ioctl.c
116@@ -4,7 +4,7 @@
117 * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
118 * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org>
119 * Copyright (c) 2010 Phil Sutter
120- * Copyright 2012 Freescale Semiconductor, Inc.
121+ * Copyright 2012-2014 Freescale Semiconductor, Inc.
122 *
123 * This file is part of linux cryptodev.
124 *
125@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp)
126 INIT_LIST_HEAD(&pcr->done.list);
127 INIT_LIST_HEAD(&pcr->asym_completed_list);
128 spin_lock_init(&pcr->completion_lock);
129+
130 INIT_WORK(&pcr->cryptask, cryptask_routine);
131
132 init_waitqueue_head(&pcr->user_waiter);
133@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr)
134
135 if (cop->iv) {
136 rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen);
137- if (unlikely(rc))
138+ if (unlikely(rc)) {
139+ derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p",
140+ kcop->ivlen, rc, cop->iv);
141 return -EFAULT;
142+ }
143 }
144
145 return 0;
146diff --git a/main.c b/main.c
147index 14dcf40..6365911 100644
148--- a/main.c
149+++ b/main.c
150@@ -3,6 +3,7 @@
151 *
152 * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs
153 * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos <nmav@gnutls.org>
154+ * Copyright (c) 2014 Freescale Semiconductor, Inc.
155 *
156 * This file is part of linux cryptodev.
157 *
158--
1592.7.0
160
diff --git a/recipes-kernel/cryptodev/sdk_patches/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch b/recipes-kernel/cryptodev/sdk_patches/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch
new file mode 100644
index 0000000..352a45d
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch
@@ -0,0 +1,54 @@
1From 269564f4e00fa907388ccfa046b930b3c4eef4dc Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 10 Jun 2014 08:27:59 +0300
4Subject: [PATCH 10/38] add support for composite TLS10(SHA1,3DES) algorithm
5 offload
6
7This adds support for composite algorithm offload in a single crypto
8(cipher + hmac) operation.
9
10It requires either software or hardware TLS support in the Linux kernel
11and can be used with Freescale B*, P* and T* platforms that have support
12for hardware TLS acceleration.
13
14Change-Id: Ibce0ceb4174809c9c96b453cd3202bc5220ff084
15Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
16Reviewed-on: http://git.am.freescale.net:8181/34000
17Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
18Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
19---
20 crypto/cryptodev.h | 1 +
21 ioctl.c | 5 +++++
22 2 files changed, 6 insertions(+)
23
24diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
25index e7edd97..07f40b2 100644
26--- a/crypto/cryptodev.h
27+++ b/crypto/cryptodev.h
28@@ -55,6 +55,7 @@ enum cryptodev_crypto_op_t {
29 CRYPTO_SHA2_512,
30 CRYPTO_SHA2_224_HMAC,
31 CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
32+ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1,
33 CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
34 };
35
36diff --git a/ioctl.c b/ioctl.c
37index c97320b..574e913 100644
38--- a/ioctl.c
39+++ b/ioctl.c
40@@ -191,6 +191,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
41 stream = 0;
42 aead = 1;
43 break;
44+ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
45+ alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
46+ stream = 0;
47+ aead = 1;
48+ break;
49 case CRYPTO_NULL:
50 alg_name = "ecb(cipher_null)";
51 stream = 1;
52--
532.7.0
54
diff --git a/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch
new file mode 100644
index 0000000..34d6ade
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch
@@ -0,0 +1,76 @@
1From 73c20be9ae1ed57d8c428c86471f42d953e79fba Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 31 Mar 2015 16:15:47 +0300
4Subject: [PATCH 11/38] add support for TLSv1.1 record offload
5
6This adds support for composite algorithm offload in a single crypto
7(cipher + hmac) operation.
8
9Supported cipher suites:
10- 3des-ede-cbc-sha
11- aes-128-cbc-hmac-sha
12- aes-256-cbc-hmac-sha
13
14It requires either software or hardware TLS support in the Linux kernel
15and can be used with Freescale B*, P* and T* platforms that have support
16for hardware TLS acceleration.
17
18Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
19Change-Id: Ia5f3fa7ec090d5643d71b0f608c68a274ec6b51f
20Reviewed-on: http://git.am.freescale.net:8181/33998
21Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
22Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
23---
24 crypto/cryptodev.h | 4 +++-
25 ioctl.c | 14 ++++++++++++--
26 2 files changed, 15 insertions(+), 3 deletions(-)
27
28diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
29index 07f40b2..61e8599 100644
30--- a/crypto/cryptodev.h
31+++ b/crypto/cryptodev.h
32@@ -54,8 +54,10 @@ enum cryptodev_crypto_op_t {
33 CRYPTO_SHA2_384,
34 CRYPTO_SHA2_512,
35 CRYPTO_SHA2_224_HMAC,
36- CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
37 CRYPTO_TLS10_3DES_CBC_HMAC_SHA1,
38+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
39+ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1,
40+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1,
41 CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
42 };
43
44diff --git a/ioctl.c b/ioctl.c
45index 574e913..ba82387 100644
46--- a/ioctl.c
47+++ b/ioctl.c
48@@ -186,13 +186,23 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
49 stream = 1;
50 aead = 1;
51 break;
52+ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
53+ alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
54+ stream = 0;
55+ aead = 1;
56+ break;
57 case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
58 alg_name = "tls10(hmac(sha1),cbc(aes))";
59 stream = 0;
60 aead = 1;
61 break;
62- case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1:
63- alg_name = "tls10(hmac(sha1),cbc(des3_ede))";
64+ case CRYPTO_TLS11_3DES_CBC_HMAC_SHA1:
65+ alg_name = "tls11(hmac(sha1),cbc(des3_ede))";
66+ stream = 0;
67+ aead = 1;
68+ break;
69+ case CRYPTO_TLS11_AES_CBC_HMAC_SHA1:
70+ alg_name = "tls11(hmac(sha1),cbc(aes))";
71 stream = 0;
72 aead = 1;
73 break;
74--
752.7.0
76
diff --git a/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch b/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch
new file mode 100644
index 0000000..b7a7268
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,72 @@
1From f1a519d9eed072bd45a45d251603c64f942814fb Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 31 Mar 2015 16:16:28 +0300
4Subject: [PATCH 12/38] add support for TLSv1.2 record offload
5
6This adds support for composite algorithm offload in a single crypto
7(cipher + hmac) operation.
8
9Supported cipher suites:
10- 3des-ede-cbc-sha
11- aes-128-cbc-hmac-sha
12- aes-256-cbc-hmac-sha
13- aes-128-cbc-hmac-sha256
14- aes-256-cbc-hmac-sha256
15
16It requires either software or hardware TLS support in the Linux kernel
17and can be used with Freescale B*, P* and T* platforms that have support
18for hardware TLS acceleration.
19
20Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
21Change-Id: I21f45993505fc3dad09848a13aa20f778a7c2de0
22Reviewed-on: http://git.am.freescale.net:8181/33999
23Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
24Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
25---
26 crypto/cryptodev.h | 3 +++
27 ioctl.c | 15 +++++++++++++++
28 2 files changed, 18 insertions(+)
29
30diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
31index 61e8599..f6058ca 100644
32--- a/crypto/cryptodev.h
33+++ b/crypto/cryptodev.h
34@@ -58,6 +58,9 @@ enum cryptodev_crypto_op_t {
35 CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
36 CRYPTO_TLS11_3DES_CBC_HMAC_SHA1,
37 CRYPTO_TLS11_AES_CBC_HMAC_SHA1,
38+ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1,
39+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1,
40+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256,
41 CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
42 };
43
44diff --git a/ioctl.c b/ioctl.c
45index ba82387..fb4c4e3 100644
46--- a/ioctl.c
47+++ b/ioctl.c
48@@ -206,6 +206,21 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
49 stream = 0;
50 aead = 1;
51 break;
52+ case CRYPTO_TLS12_3DES_CBC_HMAC_SHA1:
53+ alg_name = "tls12(hmac(sha1),cbc(des3_ede))";
54+ stream = 0;
55+ aead = 1;
56+ break;
57+ case CRYPTO_TLS12_AES_CBC_HMAC_SHA1:
58+ alg_name = "tls12(hmac(sha1),cbc(aes))";
59+ stream = 0;
60+ aead = 1;
61+ break;
62+ case CRYPTO_TLS12_AES_CBC_HMAC_SHA256:
63+ alg_name = "tls12(hmac(sha256),cbc(aes))";
64+ stream = 0;
65+ aead = 1;
66+ break;
67 case CRYPTO_NULL:
68 alg_name = "ecb(cipher_null)";
69 stream = 1;
70--
712.7.0
72
diff --git a/recipes-kernel/cryptodev/sdk_patches/0013-clean-up-code-layout.patch b/recipes-kernel/cryptodev/sdk_patches/0013-clean-up-code-layout.patch
new file mode 100644
index 0000000..a6884fa
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0013-clean-up-code-layout.patch
@@ -0,0 +1,186 @@
1From 5a87b9d5f2295ed0fd36a41c8376e01eb0df62b2 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Fri, 20 Feb 2015 12:46:58 +0200
4Subject: [PATCH 13/38] clean-up code layout
5
6Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
7Change-Id: I92c2f4baeed9470a2c3c42b592d878e65918b0af
8Reviewed-on: http://git.am.freescale.net:8181/34222
9---
10 cryptlib.c | 11 ++++-------
11 ioctl.c | 55 +++++++++++++++++++++----------------------------------
12 main.c | 4 +---
13 3 files changed, 26 insertions(+), 44 deletions(-)
14
15diff --git a/cryptlib.c b/cryptlib.c
16index ec6693e..21e691b 100644
17--- a/cryptlib.c
18+++ b/cryptlib.c
19@@ -434,7 +434,7 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
20 return waitfor(hdata->async.result, ret);
21 }
22
23-int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
24+int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
25 {
26 int ret = 0;
27 struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
28@@ -445,8 +445,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
29 case RSA_PRIV_FORM1:
30 case RSA_PRIV_FORM2:
31 case RSA_PRIV_FORM3:
32- pkc->s = crypto_alloc_pkc("pkc(rsa)",
33- CRYPTO_ALG_TYPE_PKC_RSA, 0);
34+ pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0);
35 break;
36 case DSA_SIGN:
37 case DSA_VERIFY:
38@@ -454,13 +453,11 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
39 case ECDSA_VERIFY:
40 case DLC_KEYGEN:
41 case ECC_KEYGEN:
42- pkc->s = crypto_alloc_pkc("pkc(dsa)",
43- CRYPTO_ALG_TYPE_PKC_DSA, 0);
44+ pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0);
45 break;
46 case DH_COMPUTE_KEY:
47 case ECDH_COMPUTE_KEY:
48- pkc->s = crypto_alloc_pkc("pkc(dh)",
49- CRYPTO_ALG_TYPE_PKC_DH, 0);
50+ pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0);
51 break;
52 default:
53 return -EINVAL;
54diff --git a/ioctl.c b/ioctl.c
55index fb4c4e3..ee0486c 100644
56--- a/ioctl.c
57+++ b/ioctl.c
58@@ -714,16 +714,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
59 case CRK_MOD_EXP:
60 {
61 struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req;
62- copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g,
63- rsa_req->g_len);
64+ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
65 }
66 break;
67 case CRK_MOD_EXP_CRT:
68 {
69- struct rsa_priv_frm3_req_s *rsa_req =
70- &pkc_req->req_u.rsa_priv_f3;
71- copy_to_user(ckop->crk_param[6].crp_p,
72- rsa_req->f, rsa_req->f_len);
73+ struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3;
74+ copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
75 }
76 break;
77 case CRK_DSA_SIGN:
78@@ -731,15 +728,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
79 struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
80
81 if (pkc_req->type == ECDSA_SIGN) {
82- copy_to_user(ckop->crk_param[6].crp_p,
83- dsa_req->c, dsa_req->d_len);
84- copy_to_user(ckop->crk_param[7].crp_p,
85- dsa_req->d, dsa_req->d_len);
86+ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len);
87+ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
88 } else {
89- copy_to_user(ckop->crk_param[5].crp_p,
90- dsa_req->c, dsa_req->d_len);
91- copy_to_user(ckop->crk_param[6].crp_p,
92- dsa_req->d, dsa_req->d_len);
93+ copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len);
94+ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
95 }
96 }
97 break;
98@@ -749,11 +742,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
99 {
100 struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req;
101 if (pkc_req->type == ECDH_COMPUTE_KEY)
102- copy_to_user(ckop->crk_param[4].crp_p,
103- dh_req->z, dh_req->z_len);
104+ copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
105 else
106- copy_to_user(ckop->crk_param[3].crp_p,
107- dh_req->z, dh_req->z_len);
108+ copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
109 }
110 break;
111 case CRK_DSA_GENERATE_KEY:
112@@ -763,14 +754,14 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
113
114 if (pkc_req->type == ECC_KEYGEN) {
115 copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
116- key_req->pub_key_len);
117- copy_to_user(ckop->crk_param[5].crp_p,
118- key_req->priv_key, key_req->priv_key_len);
119+ key_req->pub_key_len);
120+ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
121+ key_req->priv_key_len);
122 } else {
123- copy_to_user(ckop->crk_param[3].crp_p,
124- key_req->pub_key, key_req->pub_key_len);
125- copy_to_user(ckop->crk_param[4].crp_p,
126- key_req->priv_key, key_req->priv_key_len);
127+ copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key,
128+ key_req->pub_key_len);
129+ copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key,
130+ key_req->priv_key_len);
131 }
132 }
133 default:
134@@ -1113,16 +1104,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
135 if (!list_empty(&pcr->asym_completed_list)) {
136 /* Run a loop in the list for upto elements
137 and copy their response back */
138- pkc =
139- list_first_entry(&pcr->asym_completed_list,
140+ pkc = list_first_entry(&pcr->asym_completed_list,
141 struct cryptodev_pkc, list);
142 list_del(&pkc->list);
143 spin_unlock_bh(&pcr->completion_lock);
144 ret = crypto_async_fetch_asym(pkc);
145 if (!ret) {
146 cookie_list.cookie_available++;
147- cookie_list.cookie[i] =
148- pkc->kop.kop.cookie;
149+ cookie_list.cookie[i] = pkc->kop.kop.cookie;
150 cookie_list.status[i] = pkc->result.err;
151 }
152 kfree(pkc);
153@@ -1133,12 +1122,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
154 }
155
156 /* Reflect the updated request to user-space */
157- if (cookie_list.cookie_available)
158- copy_to_user(arg, &cookie_list,
159- sizeof(struct pkc_cookie_list_s));
160- else {
161+ if (cookie_list.cookie_available) {
162+ copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s));
163+ } else {
164 struct pkc_cookie_list_s *user_ck_list = (void *)arg;
165-
166 put_user(0, &(user_ck_list->cookie_available));
167 }
168 ret = cookie_list.cookie_available;
169diff --git a/main.c b/main.c
170index 6365911..af66553 100644
171--- a/main.c
172+++ b/main.c
173@@ -666,9 +666,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
174 if (pkc->type == SYNCHRONOUS) {
175 if (rc)
176 goto err;
177-
178- copy_to_user(cop->crk_param[3].crp_p, rsa_req->g,
179- rsa_req->g_len);
180+ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
181 } else {
182 if (rc != -EINPROGRESS && rc != 0)
183 goto err;
184--
1852.7.0
186
diff --git a/recipes-kernel/cryptodev/sdk_patches/0014-remove-redundant-data-copy-for-pkc-operations.patch b/recipes-kernel/cryptodev/sdk_patches/0014-remove-redundant-data-copy-for-pkc-operations.patch
new file mode 100644
index 0000000..58d37fa
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0014-remove-redundant-data-copy-for-pkc-operations.patch
@@ -0,0 +1,494 @@
1From a4d88e5379ddb7d9bceac3141f508b8173d1e902 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 23 Feb 2015 12:14:07 +0200
4Subject: [PATCH 14/38] remove redundant data copy for pkc operations
5
6This patch removes a copy of a pkc request that was
7allocated on the hot-path. The copy was not necessary
8and was just slowing things down.
9
10Change-Id: I3ad85f78c188f100ab9fc03a5777bb704a9dcb63
11Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
12Reviewed-on: http://git.am.freescale.net:8181/34223
13---
14 cryptlib.c | 49 +++----------------
15 cryptlib.h | 3 +-
16 ioctl.c | 17 +++----
17 main.c | 162 +++++++++++++++++++++++++++++++++++++------------------------
18 4 files changed, 113 insertions(+), 118 deletions(-)
19
20diff --git a/cryptlib.c b/cryptlib.c
21index 21e691b..5882a30 100644
22--- a/cryptlib.c
23+++ b/cryptlib.c
24@@ -436,59 +436,22 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
25
26 int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
27 {
28- int ret = 0;
29- struct pkc_request *pkc_req = &pkc->req, *pkc_requested;
30-
31- switch (pkc_req->type) {
32- case RSA_KEYGEN:
33- case RSA_PUB:
34- case RSA_PRIV_FORM1:
35- case RSA_PRIV_FORM2:
36- case RSA_PRIV_FORM3:
37- pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0);
38- break;
39- case DSA_SIGN:
40- case DSA_VERIFY:
41- case ECDSA_SIGN:
42- case ECDSA_VERIFY:
43- case DLC_KEYGEN:
44- case ECC_KEYGEN:
45- pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0);
46- break;
47- case DH_COMPUTE_KEY:
48- case ECDH_COMPUTE_KEY:
49- pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0);
50- break;
51- default:
52- return -EINVAL;
53- }
54-
55- if (IS_ERR_OR_NULL(pkc->s))
56- return -EINVAL;
57+ int ret;
58
59 init_completion(&pkc->result.completion);
60- pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL);
61-
62- if (unlikely(IS_ERR_OR_NULL(pkc_requested))) {
63- ret = -ENOMEM;
64- goto error;
65- }
66- pkc_requested->type = pkc_req->type;
67- pkc_requested->curve_type = pkc_req->curve_type;
68- memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u));
69- pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG,
70+ pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
71 cryptodev_complete_asym, pkc);
72- ret = crypto_pkc_op(pkc_requested);
73+ ret = crypto_pkc_op(pkc->req);
74 if (ret != -EINPROGRESS && ret != 0)
75- goto error2;
76+ goto error;
77
78 if (pkc->type == SYNCHRONOUS)
79 ret = waitfor(&pkc->result, ret);
80
81 return ret;
82-error2:
83- kfree(pkc_requested);
84+
85 error:
86+ kfree(pkc->req);
87 crypto_free_pkc(pkc->s);
88 return ret;
89 }
90diff --git a/cryptlib.h b/cryptlib.h
91index 7ffa54c..4fac0c8 100644
92--- a/cryptlib.h
93+++ b/cryptlib.h
94@@ -110,8 +110,7 @@ struct cryptodev_pkc {
95 struct crypto_pkc *s; /* Transform pointer from CryptoAPI */
96 struct cryptodev_result result; /* Result to be updated by
97 completion handler */
98- struct pkc_request req; /* PKC request structure allocated
99- from CryptoAPI */
100+ struct pkc_request *req; /* PKC request allocated from CryptoAPI */
101 enum offload_type type; /* Synchronous Vs Asynchronous request */
102 /*
103 * cookie used for transfering tranparent information from async
104diff --git a/ioctl.c b/ioctl.c
105index ee0486c..797b73c 100644
106--- a/ioctl.c
107+++ b/ioctl.c
108@@ -708,26 +708,25 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
109 int ret = 0;
110 struct kernel_crypt_kop *kop = &pkc->kop;
111 struct crypt_kop *ckop = &kop->kop;
112- struct pkc_request *pkc_req = &pkc->req;
113
114 switch (ckop->crk_op) {
115 case CRK_MOD_EXP:
116 {
117- struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req;
118+ struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req;
119 copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
120 }
121 break;
122 case CRK_MOD_EXP_CRT:
123 {
124- struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3;
125+ struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3;
126 copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
127 }
128 break;
129 case CRK_DSA_SIGN:
130 {
131- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
132+ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign;
133
134- if (pkc_req->type == ECDSA_SIGN) {
135+ if (pkc->req->type == ECDSA_SIGN) {
136 copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len);
137 copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
138 } else {
139@@ -740,8 +739,8 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
140 break;
141 case CRK_DH_COMPUTE_KEY:
142 {
143- struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req;
144- if (pkc_req->type == ECDH_COMPUTE_KEY)
145+ struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req;
146+ if (pkc->req->type == ECDH_COMPUTE_KEY)
147 copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
148 else
149 copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
150@@ -750,9 +749,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
151 case CRK_DSA_GENERATE_KEY:
152 case CRK_DH_GENERATE_KEY:
153 {
154- struct keygen_req_s *key_req = &pkc_req->req_u.keygen;
155+ struct keygen_req_s *key_req = &pkc->req->req_u.keygen;
156
157- if (pkc_req->type == ECC_KEYGEN) {
158+ if (pkc->req->type == ECC_KEYGEN) {
159 copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
160 key_req->pub_key_len);
161 copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
162diff --git a/main.c b/main.c
163index af66553..ed1c69a 100644
164--- a/main.c
165+++ b/main.c
166@@ -186,8 +186,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
167 {
168 struct kernel_crypt_kop *kop = &pkc->kop;
169 struct crypt_kop *cop = &kop->kop;
170- struct pkc_request *pkc_req = &pkc->req;
171- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign;
172+ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign;
173 int rc, buf_size;
174 uint8_t *buf;
175
176@@ -210,10 +209,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
177 if (cop->crk_iparams == 6) {
178 dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
179 buf_size += dsa_req->ab_len;
180- pkc_req->type = ECDSA_SIGN;
181- pkc_req->curve_type = cop->curve_type;
182- } else {
183- pkc_req->type = DSA_SIGN;
184+ pkc->req->curve_type = cop->curve_type;
185 }
186
187 buf = kmalloc(buf_size, GFP_DMA);
188@@ -269,7 +265,6 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
189 {
190 struct kernel_crypt_kop *kop = &pkc->kop;
191 struct crypt_kop *cop = &kop->kop;
192- struct pkc_request *pkc_req;
193 struct dsa_verify_req_s *dsa_req;
194 int rc, buf_size;
195 uint8_t *buf;
196@@ -281,8 +276,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
197 !cop->crk_param[7].crp_nbits))
198 return -EINVAL;
199
200- pkc_req = &pkc->req;
201- dsa_req = &pkc_req->req_u.dsa_verify;
202+ dsa_req = &pkc->req->req_u.dsa_verify;
203 dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8;
204 dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
205 dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8;
206@@ -295,10 +289,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
207 if (cop->crk_iparams == 8) {
208 dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8;
209 buf_size += dsa_req->ab_len;
210- pkc_req->type = ECDSA_VERIFY;
211- pkc_req->curve_type = cop->curve_type;
212- } else {
213- pkc_req->type = DSA_VERIFY;
214+ pkc->req->curve_type = cop->curve_type;
215 }
216
217 buf = kmalloc(buf_size, GFP_DMA);
218@@ -351,7 +342,6 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
219 {
220 struct kernel_crypt_kop *kop = &pkc->kop;
221 struct crypt_kop *cop = &kop->kop;
222- struct pkc_request *pkc_req;
223 struct rsa_keygen_req_s *key_req;
224 int rc, buf_size;
225 uint8_t *buf;
226@@ -362,9 +352,7 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
227 !cop->crk_param[6].crp_nbits)
228 return -EINVAL;
229
230- pkc_req = &pkc->req;
231- pkc_req->type = RSA_KEYGEN;
232- key_req = &pkc_req->req_u.rsa_keygen;
233+ key_req = &pkc->req->req_u.rsa_keygen;
234 key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
235 key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8;
236 key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8;
237@@ -427,7 +415,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
238 {
239 struct kernel_crypt_kop *kop = &pkc->kop;
240 struct crypt_kop *cop = &kop->kop;
241- struct pkc_request *pkc_req;
242 struct keygen_req_s *key_req;
243 int rc, buf_size;
244 uint8_t *buf;
245@@ -437,8 +424,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
246 !cop->crk_param[4].crp_nbits)
247 return -EINVAL;
248
249- pkc_req = &pkc->req;
250- key_req = &pkc_req->req_u.keygen;
251+ key_req = &pkc->req->req_u.keygen;
252 key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8;
253 key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8;
254 key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
255@@ -447,7 +433,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
256 key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
257 buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
258 key_req->pub_key_len + key_req->priv_key_len;
259- pkc_req->type = DLC_KEYGEN;
260 } else {
261 key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
262 key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8;
263@@ -455,8 +440,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
264 buf_size = key_req->q_len + key_req->r_len + key_req->g_len +
265 key_req->pub_key_len + key_req->priv_key_len +
266 key_req->ab_len;
267- pkc_req->type = ECC_KEYGEN;
268- pkc_req->curve_type = cop->curve_type;
269+ pkc->req->curve_type = cop->curve_type;
270 }
271
272 buf = kmalloc(buf_size, GFP_DMA);
273@@ -508,26 +492,22 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
274 {
275 struct kernel_crypt_kop *kop = &pkc->kop;
276 struct crypt_kop *cop = &kop->kop;
277- struct pkc_request *pkc_req;
278 struct dh_key_req_s *dh_req;
279 int buf_size;
280 uint8_t *buf;
281 int rc = -EINVAL;
282
283- pkc_req = &pkc->req;
284- dh_req = &pkc_req->req_u.dh_req;
285+ dh_req = &pkc->req->req_u.dh_req;
286 dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
287 dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8;
288 dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8;
289 buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len;
290 if (cop->crk_iparams == 4) {
291- pkc_req->type = ECDH_COMPUTE_KEY;
292 dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8;
293 dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8;
294 buf_size += dh_req->ab_len;
295 } else {
296 dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8;
297- pkc_req->type = DH_COMPUTE_KEY;
298 }
299 buf_size += dh_req->z_len;
300 buf = kmalloc(buf_size, GFP_DMA);
301@@ -539,7 +519,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
302 dh_req->z = dh_req->pub_key + dh_req->pub_key_len;
303 if (cop->crk_iparams == 4) {
304 dh_req->ab = dh_req->z + dh_req->z_len;
305- pkc_req->curve_type = cop->curve_type;
306+ pkc->req->curve_type = cop->curve_type;
307 copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
308 dh_req->ab_len);
309 }
310@@ -573,7 +553,6 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
311 {
312 struct kernel_crypt_kop *kop = &pkc->kop;
313 struct crypt_kop *cop = &kop->kop;
314- struct pkc_request *pkc_req;
315 struct rsa_priv_frm3_req_s *rsa_req;
316 int rc;
317 uint8_t *buf;
318@@ -583,9 +562,7 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
319 !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits)
320 return -EINVAL;
321
322- pkc_req = &pkc->req;
323- pkc_req->type = RSA_PRIV_FORM3;
324- rsa_req = &pkc_req->req_u.rsa_priv_f3;
325+ rsa_req = &pkc->req->req_u.rsa_priv_f3;
326 rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8;
327 rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8;
328 rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8;
329@@ -632,7 +609,6 @@ err:
330
331 int crypto_bn_modexp(struct cryptodev_pkc *pkc)
332 {
333- struct pkc_request *pkc_req;
334 struct rsa_pub_req_s *rsa_req;
335 int rc;
336 struct kernel_crypt_kop *kop = &pkc->kop;
337@@ -643,9 +619,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
338 !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits)
339 return -EINVAL;
340
341- pkc_req = &pkc->req;
342- pkc_req->type = RSA_PUB;
343- rsa_req = &pkc_req->req_u.rsa_pub_req;
344+ rsa_req = &pkc->req->req_u.rsa_pub_req;
345 rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8;
346 rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8;
347 rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8;
348@@ -680,56 +654,116 @@ err:
349 return rc;
350 }
351
352+static struct {
353+ char *alg_name;
354+ u32 type;
355+ u32 mask;
356+} pkc_alg_list[] = {
357+ {"pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0},
358+ {"pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0},
359+ {"pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0},
360+};
361+
362 int crypto_run_asym(struct cryptodev_pkc *pkc)
363 {
364- int ret = -EINVAL;
365+ int err = -EINVAL;
366+ int id;
367 struct kernel_crypt_kop *kop = &pkc->kop;
368+ enum pkc_req_type pkc_req_type;
369+ int (*call_next_action)(struct cryptodev_pkc *pkc);
370
371 switch (kop->kop.crk_op) {
372 case CRK_MOD_EXP:
373 if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1)
374- goto err;
375-
376- ret = crypto_bn_modexp(pkc);
377+ return err;
378+ pkc_req_type = RSA_PUB;
379+ id = 0;
380+ call_next_action = crypto_bn_modexp;
381 break;
382 case CRK_MOD_EXP_CRT:
383 if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1)
384- goto err;
385-
386- ret = crypto_modexp_crt(pkc);
387+ return err;
388+ pkc_req_type = RSA_PRIV_FORM3;
389+ id = 0;
390+ call_next_action = crypto_modexp_crt;
391 break;
392 case CRK_DSA_SIGN:
393- if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) ||
394- kop->kop.crk_oparams != 2)
395- goto err;
396-
397- ret = crypto_kop_dsasign(pkc);
398+ if (kop->kop.crk_oparams != 2)
399+ return err;
400+ else if (kop->kop.crk_iparams == 5)
401+ pkc_req_type = DSA_SIGN;
402+ else if (kop->kop.crk_iparams == 6)
403+ pkc_req_type = ECDSA_SIGN;
404+ else
405+ return err;
406+ id = 1;
407+ call_next_action = crypto_kop_dsasign;
408 break;
409 case CRK_DSA_VERIFY:
410- if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) ||
411- kop->kop.crk_oparams != 0)
412- goto err;
413-
414- ret = crypto_kop_dsaverify(pkc);
415+ if (kop->kop.crk_oparams != 0)
416+ return err;
417+ else if (kop->kop.crk_iparams == 7)
418+ pkc_req_type = DSA_VERIFY;
419+ else if (kop->kop.crk_iparams == 8)
420+ pkc_req_type = ECDSA_VERIFY;
421+ else
422+ return err;
423+ id = 1;
424+ call_next_action = crypto_kop_dsaverify;
425 break;
426 case CRK_DH_COMPUTE_KEY:
427- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) ||
428- kop->kop.crk_oparams != 1)
429- goto err;
430- ret = crypto_kop_dh_key(pkc);
431+ if (kop->kop.crk_oparams != 1)
432+ return err;
433+ else if (kop->kop.crk_iparams == 3)
434+ pkc_req_type = DH_COMPUTE_KEY;
435+ else if (kop->kop.crk_iparams == 4)
436+ pkc_req_type = ECDH_COMPUTE_KEY;
437+ else
438+ return err;
439+ id = 2;
440+ call_next_action = crypto_kop_dh_key;
441 break;
442 case CRK_DH_GENERATE_KEY:
443 case CRK_DSA_GENERATE_KEY:
444- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4))
445- goto err;
446- ret = crypto_kop_keygen(pkc);
447+ if (kop->kop.crk_iparams == 3)
448+ pkc_req_type = DLC_KEYGEN;
449+ else if (kop->kop.crk_iparams == 4)
450+ pkc_req_type = ECC_KEYGEN;
451+ else
452+ return err;
453+ id = 1;
454+ call_next_action = crypto_kop_keygen;
455 break;
456 case CRK_RSA_GENERATE_KEY:
457- ret = crypto_kop_rsa_keygen(pkc);
458+ pkc_req_type = RSA_KEYGEN;
459+ id = 0;
460+ call_next_action = crypto_kop_rsa_keygen;
461 break;
462+ default:
463+ return err;
464 }
465-err:
466- return ret;
467+ err = -ENOMEM;
468+ pkc->s = crypto_alloc_pkc(pkc_alg_list[id].alg_name,
469+ pkc_alg_list[id].type,
470+ pkc_alg_list[id].mask);
471+ if (IS_ERR_OR_NULL(pkc->s))
472+ return err;
473+
474+ pkc->req = pkc_request_alloc(pkc->s, GFP_KERNEL);
475+ if (IS_ERR_OR_NULL(pkc->req))
476+ goto out_free_tfm;
477+
478+ /* todo - fix alloc-free on error path */
479+ pkc->req->type = pkc_req_type;
480+ err = call_next_action(pkc);
481+ if (pkc->type == SYNCHRONOUS)
482+ kfree(pkc->req);
483+
484+ return err;
485+
486+out_free_tfm:
487+ crypto_free_pkc(pkc->s);
488+ return err;
489 }
490
491 int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop)
492--
4932.7.0
494
diff --git a/recipes-kernel/cryptodev/sdk_patches/0015-fix-pkc-request-deallocation.patch b/recipes-kernel/cryptodev/sdk_patches/0015-fix-pkc-request-deallocation.patch
new file mode 100644
index 0000000..ef18992
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0015-fix-pkc-request-deallocation.patch
@@ -0,0 +1,40 @@
1From 212e418fa7b70c8ba79446006001c574cb9d42f8 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 23 Feb 2015 15:28:22 +0200
4Subject: [PATCH 15/38] fix pkc request deallocation
5
6The request to be freed is actually pkc->req, and should be done inside
7the fetch ioctl for ASYNC (this patch) and in crypt ioctl for SYNC
8operations.
9
10Change-Id: I6f046f2ebeae4cb513a419996ca96b52e37468ed
11Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
12Reviewed-on: http://git.am.freescale.net:8181/34224
13---
14 ioctl.c | 3 +--
15 1 file changed, 1 insertion(+), 2 deletions(-)
16
17diff --git a/ioctl.c b/ioctl.c
18index 797b73c..da3a842 100644
19--- a/ioctl.c
20+++ b/ioctl.c
21@@ -114,8 +114,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err)
22 /* wake for POLLIN */
23 wake_up_interruptible(&pcr->user_waiter);
24 }
25-
26- kfree(req);
27 }
28
29 #define FILL_SG(sg, ptr, len) \
30@@ -1113,6 +1111,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
31 cookie_list.cookie[i] = pkc->kop.kop.cookie;
32 cookie_list.status[i] = pkc->result.err;
33 }
34+ kfree(pkc->req);
35 kfree(pkc);
36 } else {
37 spin_unlock_bh(&pcr->completion_lock);
38--
392.7.0
40
diff --git a/recipes-kernel/cryptodev/sdk_patches/0016-add-basic-detection-of-asym-features.patch b/recipes-kernel/cryptodev/sdk_patches/0016-add-basic-detection-of-asym-features.patch
new file mode 100644
index 0000000..9301349
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0016-add-basic-detection-of-asym-features.patch
@@ -0,0 +1,37 @@
1From 4ce4081d9abef651473e9d7e089a0748f77db631 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 20 Apr 2015 13:18:47 +0300
4Subject: [PATCH 16/38] add basic detection of asym features
5
6Change-Id: I3b3ba8664bf631a63be1f11e715024509e20f841
7Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
8---
9 ioctl.c | 12 ++++++++----
10 1 file changed, 8 insertions(+), 4 deletions(-)
11
12diff --git a/ioctl.c b/ioctl.c
13index da3a842..53dbf64 100644
14--- a/ioctl.c
15+++ b/ioctl.c
16@@ -977,10 +977,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
17
18 switch (cmd) {
19 case CIOCASYMFEAT:
20- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN |
21- CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY |
22- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY |
23- CRF_RSA_GENERATE_KEY, p);
24+ ses = 0;
25+ if (crypto_has_alg("pkc(rsa)", 0, 0))
26+ ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY;
27+ if (crypto_has_alg("pkc(dsa)", 0, 0))
28+ ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY;
29+ if (crypto_has_alg("pkc(dh)", 0, 0))
30+ ses |= CRF_DH_COMPUTE_KEY |CRF_DH_GENERATE_KEY;
31+ return put_user(ses, p);
32 case CRIOGET:
33 fd = clonefd(filp);
34 ret = put_user(fd, p);
35--
362.7.0
37
diff --git a/recipes-kernel/cryptodev/sdk_patches/0017-remove-dead-code.patch b/recipes-kernel/cryptodev/sdk_patches/0017-remove-dead-code.patch
new file mode 100644
index 0000000..07c389c
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0017-remove-dead-code.patch
@@ -0,0 +1,67 @@
1From 0ca641091b4113d73e75d30ef530c88836849308 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Fri, 29 May 2015 15:28:47 +0300
4Subject: [PATCH 17/38] remove dead code
5
6Functions kop_to_user and compat_kop_to_user are never used. Delete them
7to avoid compiler warnings.
8
9
10crypto/../../cryptodev-linux/ioctl.c:841:12: warning: 'kop_to_user' defined but not used [-Wunused-function]
11 static int kop_to_user(struct kernel_crypt_kop *kop,
12 ^
13crypto/../../cryptodev-linux/ioctl.c: At top level:
14crypto/../../cryptodev-linux/ioctl.c:1195:12: warning: 'compat_kop_to_user' defined but not used [-Wunused-function]
15 static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg)
16 ^
17Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
18Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
19Change-Id: I6bd8a7eb6144224a20cd400813ab15a7a192dbb1
20Reviewed-on: http://git.am.freescale.net:8181/37440
21---
22 ioctl.c | 22 ----------------------
23 1 file changed, 22 deletions(-)
24
25diff --git a/ioctl.c b/ioctl.c
26index 53dbf64..39635a4 100644
27--- a/ioctl.c
28+++ b/ioctl.c
29@@ -838,16 +838,6 @@ static int kop_from_user(struct kernel_crypt_kop *kop,
30 return fill_kop_from_cop(kop);
31 }
32
33-static int kop_to_user(struct kernel_crypt_kop *kop,
34- void __user *arg)
35-{
36- if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) {
37- dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
38- return -EFAULT;
39- }
40- return 0;
41-}
42-
43 static int kcop_from_user(struct kernel_crypt_op *kcop,
44 struct fcrypt *fcr, void __user *arg)
45 {
46@@ -1192,18 +1182,6 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop,
47 compat->curve_type = kop->curve_type;
48 }
49
50-static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg)
51-{
52- struct compat_crypt_kop compat_kop;
53-
54- crypt_kop_to_compat(&kop->kop, &compat_kop);
55- if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) {
56- dprintk(1, KERN_ERR, "Cannot copy to userspace\n");
57- return -EFAULT;
58- }
59- return 0;
60-}
61-
62 static inline void
63 compat_to_session_op(struct compat_session_op *compat, struct session_op *sop)
64 {
65--
662.7.0
67
diff --git a/recipes-kernel/cryptodev/sdk_patches/0018-fix-compat-warnings.patch b/recipes-kernel/cryptodev/sdk_patches/0018-fix-compat-warnings.patch
new file mode 100644
index 0000000..b0fcf0f
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0018-fix-compat-warnings.patch
@@ -0,0 +1,64 @@
1From 596378a22532908487f2c5e4d717c5ae618c4c7d Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 2 Jun 2015 10:44:12 +0300
4Subject: [PATCH 18/38] fix compat warnings
5
6 CC [M] crypto/../../cryptodev-linux/ioctl.o
7crypto/../../cryptodev-linux/ioctl.c: In function 'compat_to_crypt_kop':
8crypto/../../cryptodev-linux/ioctl.c:1161:14: warning: assignment makes pointer from integer without a cast
9 kop->cookie = compat->cookie;
10 ^
11crypto/../../cryptodev-linux/ioctl.c: In function 'crypt_kop_to_compat':
12crypto/../../cryptodev-linux/ioctl.c:1191:17: warning: assignment makes integer from pointer without a cast
13 compat->cookie = kop->cookie;
14 ^
15crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl':
16crypto/../../cryptodev-linux/ioctl.c:1430:28: warning: assignment makes integer from pointer without a cast
17 cookie_list.cookie[i] =
18 ^
19
20Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
21Change-Id: Id851408c0c743c01447f3b0ced38fbc1ae94d4db
22Reviewed-on: http://git.am.freescale.net:8181/37442
23Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
24Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
25---
26 ioctl.c | 8 ++++----
27 1 file changed, 4 insertions(+), 4 deletions(-)
28
29diff --git a/ioctl.c b/ioctl.c
30index 39635a4..f3ce2f6 100644
31--- a/ioctl.c
32+++ b/ioctl.c
33@@ -1148,7 +1148,7 @@ static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat,
34 }
35
36 kop->curve_type = compat->curve_type;
37- kop->cookie = compat->cookie;
38+ kop->cookie = compat_ptr(compat->cookie);
39 }
40
41 static int compat_kop_from_user(struct kernel_crypt_kop *kop,
42@@ -1178,7 +1178,7 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop,
43 ptr_to_compat(kop->crk_param[i].crp_p);
44 compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
45 }
46- compat->cookie = kop->cookie;
47+ compat->cookie = ptr_to_compat(kop->cookie);
48 compat->curve_type = kop->curve_type;
49 }
50
51@@ -1405,8 +1405,8 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
52 ret = crypto_async_fetch_asym(pkc);
53 if (!ret) {
54 cookie_list.cookie_available++;
55- cookie_list.cookie[i] =
56- pkc->kop.kop.cookie;
57+ cookie_list.cookie[i] = ptr_to_compat(
58+ pkc->kop.kop.cookie);
59 }
60 kfree(pkc);
61 } else {
62--
632.7.0
64
diff --git a/recipes-kernel/cryptodev/sdk_patches/0019-fix-size_t-print-format.patch b/recipes-kernel/cryptodev/sdk_patches/0019-fix-size_t-print-format.patch
new file mode 100644
index 0000000..fdf8c5d
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0019-fix-size_t-print-format.patch
@@ -0,0 +1,61 @@
1From 1d10f06bef0f07980a08b387850c1daf1d3a8e87 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 2 Jun 2015 12:11:12 +0300
4Subject: [PATCH 19/38] fix size_t print format
5
6 CC [M] crypto/../../cryptodev-linux/cryptlib.o
7crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_cipher_init':
8crypto/../../cryptodev-linux/cryptlib.c:146:5: warning: format '%u' expects argument of type 'unsigned int', but argument 6 has type 'size_t' [-Wformat=]
9 ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.",
10 ^
11crypto/../../cryptodev-linux/cryptlib.c:173:3: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=]
12 ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8);
13 ^
14crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_hash_init':
15crypto/../../cryptodev-linux/cryptlib.c:340:4: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=]
16 ddebug(1, "Setting hmac key failed for %s-%u.",
17 ^
18
19Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
20Change-Id: I67f2d79f68b4d62b598073c6a918a110523fadfd
21Reviewed-on: http://git.am.freescale.net:8181/37443
22Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
23Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
24---
25 cryptlib.c | 6 +++---
26 1 file changed, 3 insertions(+), 3 deletions(-)
27
28diff --git a/cryptlib.c b/cryptlib.c
29index 5882a30..10f5e1a 100644
30--- a/cryptlib.c
31+++ b/cryptlib.c
32@@ -143,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
33 if (alg->max_keysize > 0 &&
34 unlikely((keylen < alg->min_keysize) ||
35 (keylen > alg->max_keysize))) {
36- ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.",
37+ ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.",
38 keylen, alg_name, alg->min_keysize, alg->max_keysize);
39 ret = -EINVAL;
40 goto error;
41@@ -170,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
42 }
43
44 if (unlikely(ret)) {
45- ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8);
46+ ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8);
47 ret = -EINVAL;
48 goto error;
49 }
50@@ -337,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
51 if (hmac_mode != 0) {
52 ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen);
53 if (unlikely(ret)) {
54- ddebug(1, "Setting hmac key failed for %s-%u.",
55+ ddebug(1, "Setting hmac key failed for %s-%zu.",
56 alg_name, mackeylen*8);
57 ret = -EINVAL;
58 goto error;
59--
602.7.0
61
diff --git a/recipes-kernel/cryptodev/sdk_patches/0020-fix-uninitialized-variable-compiler-warning.patch b/recipes-kernel/cryptodev/sdk_patches/0020-fix-uninitialized-variable-compiler-warning.patch
new file mode 100644
index 0000000..dddd77e
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0020-fix-uninitialized-variable-compiler-warning.patch
@@ -0,0 +1,38 @@
1From be9f6a0dc90847dbb00307d23f47b8b3fc3ff130 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Fri, 29 May 2015 15:49:22 +0300
4Subject: [PATCH 20/38] fix uninitialized variable compiler warning
5
6crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl':
7crypto/../../cryptodev-linux/ioctl.c:1445:2: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized]
8 return ret;
9 ^
10
11Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
12Change-Id: Id5226fc97a3bb880ca6db86df58957122bbaa428
13Reviewed-on: http://git.am.freescale.net:8181/37441
14Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
15Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
16---
17 ioctl.c | 3 ++-
18 1 file changed, 2 insertions(+), 1 deletion(-)
19
20diff --git a/ioctl.c b/ioctl.c
21index f3ce2f6..7cd3c56 100644
22--- a/ioctl.c
23+++ b/ioctl.c
24@@ -1387,9 +1387,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
25 case COMPAT_CIOCASYMFETCHCOOKIE:
26 {
27 struct cryptodev_pkc *pkc;
28- int i = 0;
29+ int i;
30 struct compat_pkc_cookie_list_s cookie_list;
31
32+ ret = 0;
33 cookie_list.cookie_available = 0;
34
35 for (i = 0; i < MAX_COOKIES; i++) {
36--
372.7.0
38
diff --git a/recipes-kernel/cryptodev/sdk_patches/0021-check-return-codes-for-copy-to-from-user-functions.patch b/recipes-kernel/cryptodev/sdk_patches/0021-check-return-codes-for-copy-to-from-user-functions.patch
new file mode 100644
index 0000000..2cace5f
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0021-check-return-codes-for-copy-to-from-user-functions.patch
@@ -0,0 +1,398 @@
1From 4078382cfc69c0f5e582d485fe8cc778f9e458d1 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 21 Sep 2015 16:39:52 +0300
4Subject: [PATCH 21/38] check return codes for copy to/from user functions
5
6- these functions may fail and we should check their return codes.
7- fix an unintended fall-through in CRK_DSA_GENERATE_KEY
8- fix incorrect return code for CIOCASYMFETCHCOOKIE
9
10Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
11---
12 ioctl.c | 42 +++++++--------
13 main.c | 183 ++++++++++++++++++++++++++++++----------------------------------
14 2 files changed, 108 insertions(+), 117 deletions(-)
15
16diff --git a/ioctl.c b/ioctl.c
17index 7cd3c56..8fa3e5c 100644
18--- a/ioctl.c
19+++ b/ioctl.c
20@@ -711,13 +711,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
21 case CRK_MOD_EXP:
22 {
23 struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req;
24- copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
25+ ret = copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
26 }
27 break;
28 case CRK_MOD_EXP_CRT:
29 {
30 struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3;
31- copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
32+ ret = copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
33 }
34 break;
35 case CRK_DSA_SIGN:
36@@ -725,11 +725,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
37 struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign;
38
39 if (pkc->req->type == ECDSA_SIGN) {
40- copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len);
41- copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
42+ ret = copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) ||
43+ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
44 } else {
45- copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len);
46- copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
47+ ret = copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) ||
48+ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
49 }
50 }
51 break;
52@@ -739,9 +739,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
53 {
54 struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req;
55 if (pkc->req->type == ECDH_COMPUTE_KEY)
56- copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
57+ ret = copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
58 else
59- copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
60+ ret = copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
61 }
62 break;
63 case CRK_DSA_GENERATE_KEY:
64@@ -750,16 +750,17 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
65 struct keygen_req_s *key_req = &pkc->req->req_u.keygen;
66
67 if (pkc->req->type == ECC_KEYGEN) {
68- copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
69- key_req->pub_key_len);
70- copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
71+ ret = copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
72+ key_req->pub_key_len) ||
73+ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
74 key_req->priv_key_len);
75 } else {
76- copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key,
77- key_req->pub_key_len);
78- copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key,
79+ ret = copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key,
80+ key_req->pub_key_len) ||
81+ copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key,
82 key_req->priv_key_len);
83 }
84+ break;
85 }
86 default:
87 ret = -EINVAL;
88@@ -1115,14 +1116,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
89
90 /* Reflect the updated request to user-space */
91 if (cookie_list.cookie_available) {
92- copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s));
93+ ret = copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s));
94 } else {
95 struct pkc_cookie_list_s *user_ck_list = (void *)arg;
96- put_user(0, &(user_ck_list->cookie_available));
97+ ret = put_user(0, &(user_ck_list->cookie_available));
98 }
99- ret = cookie_list.cookie_available;
100 }
101-
102 return ret;
103 default:
104 return -EINVAL;
105@@ -1417,9 +1416,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
106 }
107
108 /* Reflect the updated request to user-space */
109- if (cookie_list.cookie_available)
110- copy_to_user(arg, &cookie_list,
111- sizeof(struct compat_pkc_cookie_list_s));
112+ if (cookie_list.cookie_available) {
113+ ret = copy_to_user(arg, &cookie_list,
114+ sizeof(struct compat_pkc_cookie_list_s));
115+ }
116 }
117 return ret;
118 default:
119diff --git a/main.c b/main.c
120index ed1c69a..e5adb93 100644
121--- a/main.c
122+++ b/main.c
123@@ -223,31 +223,29 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
124 dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len;
125 dsa_req->c = dsa_req->m + dsa_req->m_len;
126 dsa_req->d = dsa_req->c + dsa_req->d_len;
127- copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
128- copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
129- copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
130- copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
131- copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p,
132- dsa_req->priv_key_len);
133+ rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) ||
134+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) ||
135+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) ||
136+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) ||
137+ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, dsa_req->priv_key_len);
138 if (cop->crk_iparams == 6) {
139 dsa_req->ab = dsa_req->d + dsa_req->d_len;
140- copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
141+ rc = rc || copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
142 dsa_req->ab_len);
143 }
144+ if (rc)
145+ goto err;
146+
147 rc = cryptodev_pkc_offload(pkc);
148 if (pkc->type == SYNCHRONOUS) {
149- if (rc)
150- goto err;
151 if (cop->crk_iparams == 6) {
152- copy_to_user(cop->crk_param[6].crp_p, dsa_req->c,
153- dsa_req->d_len);
154- copy_to_user(cop->crk_param[7].crp_p, dsa_req->d,
155- dsa_req->d_len);
156+ rc = rc ||
157+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) ||
158+ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
159 } else {
160- copy_to_user(cop->crk_param[5].crp_p, dsa_req->c,
161- dsa_req->d_len);
162- copy_to_user(cop->crk_param[6].crp_p, dsa_req->d,
163- dsa_req->d_len);
164+ rc = rc ||
165+ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) ||
166+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
167 }
168 } else {
169 if (rc != -EINPROGRESS && rc != 0)
170@@ -303,31 +301,28 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
171 dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len;
172 dsa_req->c = dsa_req->m + dsa_req->m_len;
173 dsa_req->d = dsa_req->c + dsa_req->d_len;
174- copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
175- copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
176- copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
177- copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
178- copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p,
179- dsa_req->pub_key_len);
180+ rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) ||
181+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) ||
182+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) ||
183+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) ||
184+ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, dsa_req->pub_key_len);
185 if (cop->crk_iparams == 8) {
186 dsa_req->ab = dsa_req->d + dsa_req->d_len;
187- copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
188- dsa_req->ab_len);
189- copy_from_user(dsa_req->c, cop->crk_param[6].crp_p,
190- dsa_req->d_len);
191- copy_from_user(dsa_req->d, cop->crk_param[7].crp_p,
192- dsa_req->d_len);
193+ rc = rc ||
194+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, dsa_req->ab_len) ||
195+ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, dsa_req->d_len) ||
196+ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, dsa_req->d_len);
197 } else {
198- copy_from_user(dsa_req->c, cop->crk_param[5].crp_p,
199- dsa_req->d_len);
200- copy_from_user(dsa_req->d, cop->crk_param[6].crp_p,
201- dsa_req->d_len);
202+ rc = rc ||
203+ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, dsa_req->d_len) ||
204+ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, dsa_req->d_len);
205 }
206+
207+ if (rc)
208+ goto err;
209+
210 rc = cryptodev_pkc_offload(pkc);
211- if (pkc->type == SYNCHRONOUS) {
212- if (rc)
213- goto err;
214- } else {
215+ if (pkc->type != SYNCHRONOUS) {
216 if (rc != -EINPROGRESS && !rc)
217 goto err;
218 pkc->cookie = buf;
219@@ -380,24 +375,15 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
220 rc = cryptodev_pkc_offload(pkc);
221
222 if (pkc->type == SYNCHRONOUS) {
223- if (rc)
224- goto err;
225-
226- copy_to_user(cop->crk_param[0].crp_p,
227- key_req->p, key_req->p_len);
228- copy_to_user(cop->crk_param[1].crp_p,
229- key_req->q, key_req->q_len);
230- copy_to_user(cop->crk_param[2].crp_p,
231- key_req->n, key_req->n_len);
232- copy_to_user(cop->crk_param[3].crp_p,
233- key_req->d, key_req->d_len);
234- copy_to_user(cop->crk_param[4].crp_p,
235- key_req->dp, key_req->dp_len);
236- copy_to_user(cop->crk_param[5].crp_p,
237- key_req->dq, key_req->dq_len);
238- copy_to_user(cop->crk_param[6].crp_p,
239- key_req->c, key_req->c_len);
240- } else {
241+ rc = rc ||
242+ copy_to_user(cop->crk_param[0].crp_p, key_req->p, key_req->p_len) ||
243+ copy_to_user(cop->crk_param[1].crp_p, key_req->q, key_req->q_len) ||
244+ copy_to_user(cop->crk_param[2].crp_p, key_req->n, key_req->n_len) ||
245+ copy_to_user(cop->crk_param[3].crp_p, key_req->d, key_req->d_len) ||
246+ copy_to_user(cop->crk_param[4].crp_p, key_req->dp, key_req->dp_len) ||
247+ copy_to_user(cop->crk_param[5].crp_p, key_req->dq, key_req->dq_len) ||
248+ copy_to_user(cop->crk_param[6].crp_p, key_req->c, key_req->c_len);
249+ } else {
250 if (rc != -EINPROGRESS && !rc) {
251 printk("%s: Failed\n", __func__);
252 goto err;
253@@ -451,30 +437,33 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
254 key_req->g = key_req->r + key_req->r_len;
255 key_req->pub_key = key_req->g + key_req->g_len;
256 key_req->priv_key = key_req->pub_key + key_req->pub_key_len;
257- copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
258- copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
259- copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
260+ rc = copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len) ||
261+ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len) ||
262+ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
263+
264 if (cop->crk_iparams == 4) {
265 key_req->ab = key_req->priv_key + key_req->priv_key_len;
266- copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
267+ rc = rc || copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
268 key_req->ab_len);
269 }
270
271+ if (rc)
272+ goto err;
273+
274 rc = cryptodev_pkc_offload(pkc);
275 if (pkc->type == SYNCHRONOUS) {
276- if (rc)
277- goto err;
278-
279 if (cop->crk_iparams == 4) {
280- copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
281- key_req->pub_key_len);
282- copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
283+ rc = rc ||
284+ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
285+ key_req->pub_key_len) ||
286+ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
287 key_req->priv_key_len);
288 } else {
289- copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
290- key_req->pub_key_len);
291- copy_to_user(cop->crk_param[4].crp_p,
292- key_req->priv_key, key_req->priv_key_len);
293+ rc = rc ||
294+ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
295+ key_req->pub_key_len) ||
296+ copy_to_user(cop->crk_param[4].crp_p, key_req->priv_key,
297+ key_req->priv_key_len);
298 }
299 } else {
300 if (rc != -EINPROGRESS && !rc)
301@@ -495,7 +484,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
302 struct dh_key_req_s *dh_req;
303 int buf_size;
304 uint8_t *buf;
305- int rc = -EINVAL;
306+ int rc = 0;
307
308 dh_req = &pkc->req->req_u.dh_req;
309 dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
310@@ -520,22 +509,23 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
311 if (cop->crk_iparams == 4) {
312 dh_req->ab = dh_req->z + dh_req->z_len;
313 pkc->req->curve_type = cop->curve_type;
314- copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
315- dh_req->ab_len);
316+ rc = copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, dh_req->ab_len);
317 }
318- copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len);
319- copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p,
320- dh_req->pub_key_len);
321- copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
322+
323+ rc = rc ||
324+ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len) ||
325+ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, dh_req->pub_key_len) ||
326+ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
327+ if (rc)
328+ goto err;
329+
330 rc = cryptodev_pkc_offload(pkc);
331 if (pkc->type == SYNCHRONOUS) {
332- if (rc)
333- goto err;
334 if (cop->crk_iparams == 4)
335- copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
336+ rc = rc || copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
337 dh_req->z_len);
338 else
339- copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
340+ rc = rc || copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
341 dh_req->z_len);
342 } else {
343 if (rc != -EINPROGRESS && rc != 0)
344@@ -582,19 +572,19 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
345 rsa_req->dq = rsa_req->dp + rsa_req->dp_len;
346 rsa_req->c = rsa_req->dq + rsa_req->dq_len;
347 rsa_req->f = rsa_req->c + rsa_req->c_len;
348- copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len);
349- copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len);
350- copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len);
351- copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len);
352- copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len);
353- copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
354+ rc = copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len) ||
355+ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len) ||
356+ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len) ||
357+ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len) ||
358+ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len) ||
359+ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
360+ if (rc)
361+ goto err;
362+
363 rc = cryptodev_pkc_offload(pkc);
364
365 if (pkc->type == SYNCHRONOUS) {
366- if (rc)
367- goto err;
368- copy_to_user(cop->crk_param[6].crp_p, rsa_req->f,
369- rsa_req->f_len);
370+ rc = rc || copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
371 } else {
372 if (rc != -EINPROGRESS && rc != 0)
373 goto err;
374@@ -633,14 +623,15 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
375 rsa_req->f = rsa_req->e + rsa_req->e_len;
376 rsa_req->g = rsa_req->f + rsa_req->f_len;
377 rsa_req->n = rsa_req->g + rsa_req->g_len;
378- copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len);
379- copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len);
380- copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
381+ rc = copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len) ||
382+ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len) ||
383+ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
384+ if (rc)
385+ goto err;
386+
387 rc = cryptodev_pkc_offload(pkc);
388 if (pkc->type == SYNCHRONOUS) {
389- if (rc)
390- goto err;
391- copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
392+ rc = rc || copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
393 } else {
394 if (rc != -EINPROGRESS && rc != 0)
395 goto err;
396--
3972.7.0
398
diff --git a/recipes-kernel/cryptodev/sdk_patches/0022-fix-double-free-pkc-req-on-error.patch b/recipes-kernel/cryptodev/sdk_patches/0022-fix-double-free-pkc-req-on-error.patch
new file mode 100644
index 0000000..7bc177e
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0022-fix-double-free-pkc-req-on-error.patch
@@ -0,0 +1,26 @@
1From 85146b8429ba11bd0be68c24c17dd77b21ec8c25 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 12 Oct 2015 23:03:28 +0300
4Subject: [PATCH 22/38] fix double free pkc->req on error
5
6Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
7---
8 main.c | 2 +-
9 1 file changed, 1 insertion(+), 1 deletion(-)
10
11diff --git a/main.c b/main.c
12index e5adb93..ec11129 100644
13--- a/main.c
14+++ b/main.c
15@@ -747,7 +747,7 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
16 /* todo - fix alloc-free on error path */
17 pkc->req->type = pkc_req_type;
18 err = call_next_action(pkc);
19- if (pkc->type == SYNCHRONOUS)
20+ if (err == 0 && pkc->type == SYNCHRONOUS)
21 kfree(pkc->req);
22
23 return err;
24--
252.7.0
26
diff --git a/recipes-kernel/cryptodev/sdk_patches/0023-remove-MAY_BACKLOG-flag-from-requests.patch b/recipes-kernel/cryptodev/sdk_patches/0023-remove-MAY_BACKLOG-flag-from-requests.patch
new file mode 100644
index 0000000..5674e03
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0023-remove-MAY_BACKLOG-flag-from-requests.patch
@@ -0,0 +1,69 @@
1From 7d0d0deb255f8c59b0cf6d3944ee2e3be4133b4c Mon Sep 17 00:00:00 2001
2From: Alex Porosanu <alexandru.porosanu@freescale.com>
3Date: Mon, 19 Oct 2015 11:53:11 +0300
4Subject: [PATCH 23/38] remove MAY_BACKLOG flag from requests
5
6cryptodev doesn't implement the backlogging mechanism properly,
7since it misses the possibility of sleeping and waiting for
8wake-up when the crypto driver below starts working on the
9submitted backloggable request.
10In case the crypto driver below implements backlogging mechanisms,
11this can lead to side-effects such as working on previously-free'ed
12data.
13This patch removes the MAY_BACKLOG flag from the requests.
14
15Change-Id: Ia3d822b1abfc1a51e2ce3e9682476b2c99d19c5a
16Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
17---
18 cryptlib.c | 14 +++++---------
19 1 file changed, 5 insertions(+), 9 deletions(-)
20
21diff --git a/cryptlib.c b/cryptlib.c
22index 10f5e1a..eba4616 100644
23--- a/cryptlib.c
24+++ b/cryptlib.c
25@@ -194,8 +194,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
26 goto error;
27 }
28
29- ablkcipher_request_set_callback(out->async.request,
30- CRYPTO_TFM_REQ_MAY_BACKLOG,
31+ ablkcipher_request_set_callback(out->async.request, 0,
32 cryptodev_complete, out->async.result);
33 } else {
34 out->async.arequest = aead_request_alloc(out->async.as, GFP_KERNEL);
35@@ -205,8 +204,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
36 goto error;
37 }
38
39- aead_request_set_callback(out->async.arequest,
40- CRYPTO_TFM_REQ_MAY_BACKLOG,
41+ aead_request_set_callback(out->async.arequest, 0,
42 cryptodev_complete, out->async.result);
43 }
44
45@@ -362,9 +360,8 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
46 goto error;
47 }
48
49- ahash_request_set_callback(hdata->async.request,
50- CRYPTO_TFM_REQ_MAY_BACKLOG,
51- cryptodev_complete, hdata->async.result);
52+ ahash_request_set_callback(hdata->async.request, 0,
53+ cryptodev_complete, hdata->async.result);
54
55 ret = crypto_ahash_init(hdata->async.request);
56 if (unlikely(ret)) {
57@@ -439,8 +436,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
58 int ret;
59
60 init_completion(&pkc->result.completion);
61- pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
62- cryptodev_complete_asym, pkc);
63+ pkc_request_set_callback(pkc->req, 0, cryptodev_complete_asym, pkc);
64 ret = crypto_pkc_op(pkc->req);
65 if (ret != -EINPROGRESS && ret != 0)
66 goto error;
67--
682.7.0
69
diff --git a/recipes-kernel/cryptodev/sdk_patches/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch b/recipes-kernel/cryptodev/sdk_patches/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch
new file mode 100644
index 0000000..7277086
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch
@@ -0,0 +1,29 @@
1From 53e4d0fe4a334dae3df32b2053e4ebdfda2e9148 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 27 Oct 2015 15:51:02 +0200
4Subject: [PATCH 24/38] fix COMPAT_CIOCKEY ioctl command number
5
6CIOCKEY and COMPAT_CIOCKEY had different command numbers,
7so that 32-bit applications got EINVAL error on 64-bit kernel.
8
9Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
10---
11 cryptodev_int.h | 2 +-
12 1 file changed, 1 insertion(+), 1 deletion(-)
13
14diff --git a/cryptodev_int.h b/cryptodev_int.h
15index c83c885..cb005d7 100644
16--- a/cryptodev_int.h
17+++ b/cryptodev_int.h
18@@ -132,7 +132,7 @@ struct compat_crypt_auth_op {
19 /* compat ioctls, defined for the above structs */
20 #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op)
21 #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op)
22-#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop)
23+#define COMPAT_CIOCKEY _IOWR('c', 105, struct compat_crypt_kop)
24 #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
25 #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
26 #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
27--
282.7.0
29
diff --git a/recipes-kernel/cryptodev/sdk_patches/0025-fix-benchmarks-linking.patch b/recipes-kernel/cryptodev/sdk_patches/0025-fix-benchmarks-linking.patch
new file mode 100644
index 0000000..608c681
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0025-fix-benchmarks-linking.patch
@@ -0,0 +1,25 @@
1From 978cfcf9253c409520c0f168f8caa249f50a8843 Mon Sep 17 00:00:00 2001
2From: Fridolin Pokorny <fpokorny@redhat.com>
3Date: Fri, 8 Jan 2016 09:38:29 +0100
4Subject: [PATCH 25/38] fix benchmarks linking
5
6---
7 lib/Makefile | 2 +-
8 1 file changed, 1 insertion(+), 1 deletion(-)
9
10diff --git a/lib/Makefile b/lib/Makefile
11index af87795..3bedc34 100644
12--- a/lib/Makefile
13+++ b/lib/Makefile
14@@ -3,7 +3,7 @@ CFLAGS=-g -O2 -Wall
15 all: benchmark
16
17 benchmark: main.c libthreshold.a
18- gcc $(CFLAGS) -DDEBUG -o $@ $^ -lssl libthreshold.a
19+ gcc $(CFLAGS) -DDEBUG -o $@ $^ -lssl -lcrypto libthreshold.a
20
21 .o:
22 gcc $(CCFLAGS) -c $< -o $@
23--
242.7.0
25
diff --git a/recipes-kernel/cryptodev/sdk_patches/0026-fix-Makefile-to-allow-parallel-make-with-j-option.patch b/recipes-kernel/cryptodev/sdk_patches/0026-fix-Makefile-to-allow-parallel-make-with-j-option.patch
new file mode 100644
index 0000000..b8cf4e1
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0026-fix-Makefile-to-allow-parallel-make-with-j-option.patch
@@ -0,0 +1,56 @@
1From d96ae48c87f80af1a202c2d2e837bf477edc0fb7 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 10 Dec 2015 12:42:18 +0200
4Subject: [PATCH 26/38] fix Makefile to allow parallel make with -j option
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Recursive make commands should always use the variable MAKE, not the
10explicit command name ‘make’
11
12Documented in section "5.7.1 How the MAKE Variable Works" of GNU Make manual
13
14Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
15---
16 Makefile | 10 +++++-----
17 1 file changed, 5 insertions(+), 5 deletions(-)
18
19diff --git a/Makefile b/Makefile
20index 9e56e9d..2f50210 100644
21--- a/Makefile
22+++ b/Makefile
23@@ -22,7 +22,7 @@ KERNEL_MAKE_OPTS += CROSS_COMPILE=${CROSS_COMPILE}
24 endif
25
26 build: version.h
27- make ${KERNEL_MAKE_OPTS} modules
28+ $(MAKE) $(KERNEL_MAKE_OPTS) modules
29
30 version.h: Makefile
31 @echo "#define VERSION \"$(VERSION)\"" > version.h
32@@ -30,17 +30,17 @@ version.h: Makefile
33 install: modules_install
34
35 modules_install:
36- make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install
37+ $(MAKE) -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install
38 @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..."
39 @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h
40
41 clean:
42- make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean
43+ $(MAKE) -C $(KERNEL_DIR) SUBDIRS=`pwd` clean
44 rm -f $(hostprogs) *~
45- CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests clean
46+ CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests clean
47
48 check:
49- CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check
50+ CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests check
51
52 CPOPTS =
53 ifneq (${SHOW_TYPES},)
54--
552.7.0
56
diff --git a/recipes-kernel/cryptodev/sdk_patches/0027-use-Linux-kernel-conventions-for-Makefile-variables.patch b/recipes-kernel/cryptodev/sdk_patches/0027-use-Linux-kernel-conventions-for-Makefile-variables.patch
new file mode 100644
index 0000000..ad18da8
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0027-use-Linux-kernel-conventions-for-Makefile-variables.patch
@@ -0,0 +1,47 @@
1From e51bf208fbd3796238ff4d721e8d070f711f8c56 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 10 Dec 2015 12:42:19 +0200
4Subject: [PATCH 27/38] use Linux kernel conventions for Makefile variables
5
6The kernel Makefile specifies to use M=... instead of SUBDIR=... for
7external modules.
8
9PWD variable is already set in a POSIX system and calling `pwd` to find
10it is redundant.
11
12Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
13---
14 Makefile | 6 +++---
15 1 file changed, 3 insertions(+), 3 deletions(-)
16
17diff --git a/Makefile b/Makefile
18index 2f50210..7c7e193 100644
19--- a/Makefile
20+++ b/Makefile
21@@ -13,7 +13,7 @@ cryptodev-objs = ioctl.o main.o cryptlib.o authenc.o zc.o util.o
22
23 obj-m += cryptodev.o
24
25-KERNEL_MAKE_OPTS := -C ${KERNEL_DIR} SUBDIRS=`pwd`
26+KERNEL_MAKE_OPTS := -C $(KERNEL_DIR) M=$(PWD)
27 ifneq (${ARCH},)
28 KERNEL_MAKE_OPTS += ARCH=${ARCH}
29 endif
30@@ -30,12 +30,12 @@ version.h: Makefile
31 install: modules_install
32
33 modules_install:
34- $(MAKE) -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install
35+ $(MAKE) -C $(KERNEL_DIR) M=$(PWD) modules_install
36 @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..."
37 @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h
38
39 clean:
40- $(MAKE) -C $(KERNEL_DIR) SUBDIRS=`pwd` clean
41+ $(MAKE) -C $(KERNEL_DIR) M=$(PWD) clean
42 rm -f $(hostprogs) *~
43 CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests clean
44
45--
462.7.0
47
diff --git a/recipes-kernel/cryptodev/sdk_patches/0028-for-consistency-use-.-instead-of-.-in-makefiles.patch b/recipes-kernel/cryptodev/sdk_patches/0028-for-consistency-use-.-instead-of-.-in-makefiles.patch
new file mode 100644
index 0000000..756ca33
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0028-for-consistency-use-.-instead-of-.-in-makefiles.patch
@@ -0,0 +1,73 @@
1From 22b63631de17507c12355c30e408dbd88350bb3a Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 10 Dec 2015 12:42:20 +0200
4Subject: [PATCH 28/38] for consistency, use $(...) instead of ${...} in
5 makefiles
6
7Both syntax rules are equaly valid and mixing them is permitted but
8looks inconsistent.
9
10See section "6.1 Basics of Variable References" of GNU make manual
11
12Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
13---
14 Makefile | 16 ++++++++--------
15 tests/Makefile | 2 +-
16 2 files changed, 9 insertions(+), 9 deletions(-)
17
18diff --git a/Makefile b/Makefile
19index 7c7e193..7f8df37 100644
20--- a/Makefile
21+++ b/Makefile
22@@ -14,11 +14,11 @@ cryptodev-objs = ioctl.o main.o cryptlib.o authenc.o zc.o util.o
23 obj-m += cryptodev.o
24
25 KERNEL_MAKE_OPTS := -C $(KERNEL_DIR) M=$(PWD)
26-ifneq (${ARCH},)
27-KERNEL_MAKE_OPTS += ARCH=${ARCH}
28+ifneq ($(ARCH),)
29+KERNEL_MAKE_OPTS += ARCH=$(ARCH)
30 endif
31-ifneq (${CROSS_COMPILE},)
32-KERNEL_MAKE_OPTS += CROSS_COMPILE=${CROSS_COMPILE}
33+ifneq ($(CROSS_COMPILE),)
34+KERNEL_MAKE_OPTS += CROSS_COMPILE=$(CROSS_COMPILE)
35 endif
36
37 build: version.h
38@@ -43,15 +43,15 @@ check:
39 CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests check
40
41 CPOPTS =
42-ifneq (${SHOW_TYPES},)
43+ifneq ($(SHOW_TYPES),)
44 CPOPTS += --show-types
45 endif
46-ifneq (${IGNORE_TYPES},)
47-CPOPTS += --ignore ${IGNORE_TYPES}
48+ifneq ($(IGNORE_TYPES),)
49+CPOPTS += --ignore $(IGNORE_TYPES)
50 endif
51
52 checkpatch:
53- $(KERNEL_DIR)/scripts/checkpatch.pl ${CPOPTS} --file *.c *.h
54+ $(KERNEL_DIR)/scripts/checkpatch.pl $(CPOPTS) --file *.c *.h
55
56 VERSIONTAG = refs/tags/cryptodev-linux-$(VERSION)
57 FILEBASE = cryptodev-linux-$(VERSION)
58diff --git a/tests/Makefile b/tests/Makefile
59index 20c52ba..3155da9 100644
60--- a/tests/Makefile
61+++ b/tests/Makefile
62@@ -6,7 +6,7 @@ comp_progs := cipher_comp hash_comp hmac_comp
63
64 hostprogs := cipher cipher-aead hmac speed async_cipher async_hmac \
65 async_speed sha_speed hashcrypt_speed fullspeed cipher-gcm \
66- cipher-aead-srtp ${comp_progs}
67+ cipher-aead-srtp $(comp_progs)
68
69 example-cipher-objs := cipher.o
70 example-cipher-aead-objs := cipher-aead.o
71--
722.7.0
73
diff --git a/recipes-kernel/cryptodev/sdk_patches/0029-fix-clean-up-on-error-path-for-crypto_create_session.patch b/recipes-kernel/cryptodev/sdk_patches/0029-fix-clean-up-on-error-path-for-crypto_create_session.patch
new file mode 100644
index 0000000..67e4a89
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0029-fix-clean-up-on-error-path-for-crypto_create_session.patch
@@ -0,0 +1,117 @@
1From 294abaaa4540ec340ed6046a784c9789c8724420 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 11 Jan 2016 17:45:50 +0200
4Subject: [PATCH 29/38] fix clean-up on error path for crypto_create_session
5
6This patch fixes clean-up on error path for failed allocations of
7ses_new->pages or ses_new->sg. In these cases, allocations made in
8cryptodev_hash_init have not been undone resulting in possible memory
9leaks.
10
11We take advantage of the initializations with zeros of the session
12structure to trim the code to a single clean-up path.
13
14Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
15---
16 ioctl.c | 28 +++++++++++++++-------------
17 1 file changed, 15 insertions(+), 13 deletions(-)
18
19diff --git a/ioctl.c b/ioctl.c
20index b23f5fd..c781f9d 100644
21--- a/ioctl.c
22+++ b/ioctl.c
23@@ -228,7 +228,8 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
24 return -EINVAL;
25 }
26
27- /* Create a session and put it to the list. */
28+ /* Create a session and put it to the list. Zeroing the structure helps
29+ * also with a single exit point in case of errors */
30 ses_new = kzalloc(sizeof(*ses_new), GFP_KERNEL);
31 if (!ses_new)
32 return -ENOMEM;
33@@ -240,19 +241,19 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
34 if (unlikely(ret < 0)) {
35 ddebug(1, "Setting key failed for %s-%zu.",
36 alg_name, (size_t)sop->keylen*8);
37- goto error_cipher;
38+ goto session_error;
39 }
40
41 ret = cryptodev_get_cipher_key(keys.ckey, sop, aead);
42 if (unlikely(ret < 0))
43- goto error_cipher;
44+ goto session_error;
45
46 ret = cryptodev_cipher_init(&ses_new->cdata, alg_name, keys.ckey,
47 keylen, stream, aead);
48 if (ret < 0) {
49 ddebug(1, "Failed to load cipher for %s", alg_name);
50 ret = -EINVAL;
51- goto error_cipher;
52+ goto session_error;
53 }
54 }
55
56@@ -261,13 +262,13 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
57 ddebug(1, "Setting key failed for %s-%zu.",
58 hash_name, (size_t)sop->mackeylen*8);
59 ret = -EINVAL;
60- goto error_hash;
61+ goto session_error;
62 }
63
64 if (sop->mackey && unlikely(copy_from_user(keys.mkey, sop->mackey,
65 sop->mackeylen))) {
66 ret = -EFAULT;
67- goto error_hash;
68+ goto session_error;
69 }
70
71 ret = cryptodev_hash_init(&ses_new->hdata, hash_name, hmac_mode,
72@@ -275,7 +276,7 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
73 if (ret != 0) {
74 ddebug(1, "Failed to load hash for %s", hash_name);
75 ret = -EINVAL;
76- goto error_hash;
77+ goto session_error;
78 }
79 }
80
81@@ -292,7 +293,7 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
82 if (ses_new->sg == NULL || ses_new->pages == NULL) {
83 ddebug(0, "Memory error");
84 ret = -ENOMEM;
85- goto error_hash;
86+ goto session_error;
87 }
88
89 /* put the new session to the list */
90@@ -316,18 +317,19 @@ restart:
91
92 /* Fill in some values for the user. */
93 sop->ses = ses_new->sid;
94-
95 return 0;
96
97-error_hash:
98+ /* We count on ses_new to be initialized with zeroes
99+ * Since hdata and cdata are embedded within ses_new, it follows that
100+ * hdata->init and cdata->init are either zero or one as they have been
101+ * initialized or not */
102+session_error:
103+ cryptodev_hash_deinit(&ses_new->hdata);
104 cryptodev_cipher_deinit(&ses_new->cdata);
105 kfree(ses_new->sg);
106 kfree(ses_new->pages);
107-error_cipher:
108 kfree(ses_new);
109-
110 return ret;
111-
112 }
113
114 /* Everything that needs to be done when remowing a session. */
115--
1162.7.0
117
diff --git a/recipes-kernel/cryptodev/sdk_patches/0030-remove-code-duplication-in-cryptodev_hash_init.patch b/recipes-kernel/cryptodev/sdk_patches/0030-remove-code-duplication-in-cryptodev_hash_init.patch
new file mode 100644
index 0000000..1e3ebf3
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0030-remove-code-duplication-in-cryptodev_hash_init.patch
@@ -0,0 +1,59 @@
1From f4534df637b078fce275763bd8bc2a83bfad25e0 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 11 Jan 2016 18:01:06 +0200
4Subject: [PATCH 30/38] remove code duplication in cryptodev_hash_init
5
6cryptodev_hash_init is concerned mostly with allocating data structures
7for hash operations.
8This patch replaces the call it makes to crypto_ahash_init with
9one to cryptodev_hash_reset to avoid code duplication. This call is made
10now outside of the original function to increase modularity.
11
12Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
13---
14 cryptlib.c | 9 ---------
15 ioctl.c | 5 +++++
16 2 files changed, 5 insertions(+), 9 deletions(-)
17
18diff --git a/cryptlib.c b/cryptlib.c
19index eba4616..4fd29eb 100644
20--- a/cryptlib.c
21+++ b/cryptlib.c
22@@ -362,18 +362,9 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
23
24 ahash_request_set_callback(hdata->async.request, 0,
25 cryptodev_complete, hdata->async.result);
26-
27- ret = crypto_ahash_init(hdata->async.request);
28- if (unlikely(ret)) {
29- derr(0, "error in crypto_hash_init()");
30- goto error_request;
31- }
32-
33 hdata->init = 1;
34 return 0;
35
36-error_request:
37- ahash_request_free(hdata->async.request);
38 error:
39 kfree(hdata->async.result);
40 crypto_free_ahash(hdata->async.s);
41diff --git a/ioctl.c b/ioctl.c
42index b36dd03..a537886 100644
43--- a/ioctl.c
44+++ b/ioctl.c
45@@ -338,6 +338,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
46 ret = -EINVAL;
47 goto session_error;
48 }
49+
50+ ret = cryptodev_hash_reset(&ses_new->hdata);
51+ if (ret != 0) {
52+ goto session_error;
53+ }
54 }
55
56 ses_new->alignmask = max(ses_new->cdata.alignmask,
57--
582.7.0
59
diff --git a/recipes-kernel/cryptodev/sdk_patches/0031-fix-comment-typo.patch b/recipes-kernel/cryptodev/sdk_patches/0031-fix-comment-typo.patch
new file mode 100644
index 0000000..cde9552
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0031-fix-comment-typo.patch
@@ -0,0 +1,26 @@
1From 73a2489ba634503a0cc2bb6e84627ceeda0f059f Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 12 Jan 2016 17:15:56 +0200
4Subject: [PATCH 31/38] fix comment typo
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 ioctl.c | 2 +-
9 1 file changed, 1 insertion(+), 1 deletion(-)
10
11diff --git a/ioctl.c b/ioctl.c
12index a537886..7adde75 100644
13--- a/ioctl.c
14+++ b/ioctl.c
15@@ -397,7 +397,7 @@ session_error:
16 return ret;
17 }
18
19-/* Everything that needs to be done when remowing a session. */
20+/* Everything that needs to be done when removing a session. */
21 static inline void
22 crypto_destroy_session(struct csession *ses_ptr)
23 {
24--
252.7.0
26
diff --git a/recipes-kernel/cryptodev/sdk_patches/0032-avoid-calls-to-kmalloc-on-hotpaths.patch b/recipes-kernel/cryptodev/sdk_patches/0032-avoid-calls-to-kmalloc-on-hotpaths.patch
new file mode 100644
index 0000000..2aa5810
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0032-avoid-calls-to-kmalloc-on-hotpaths.patch
@@ -0,0 +1,220 @@
1From 9b513838035c35fd3706bb824edd17d705641439 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 12 Jan 2016 15:13:15 +0200
4Subject: [PATCH 32/38] avoid calls to kmalloc on hotpaths
5
6We replace a pointer to a small structure with the structure itself to
7avoid unnecessary dynamic allocations at runtime. The embedding
8structure is itself dynamically allocated and we get a slight increase
9in performance from elimination of unnecessary code.
10
11Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
12---
13 cryptlib.c | 42 +++++++++++++-----------------------------
14 cryptlib.h | 14 +++++++-------
15 2 files changed, 20 insertions(+), 36 deletions(-)
16
17diff --git a/cryptlib.c b/cryptlib.c
18index 4fd29eb..5972fc2 100644
19--- a/cryptlib.c
20+++ b/cryptlib.c
21@@ -178,13 +178,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
22 out->stream = stream;
23 out->aead = aead;
24
25- out->async.result = kzalloc(sizeof(*out->async.result), GFP_KERNEL);
26- if (unlikely(!out->async.result)) {
27- ret = -ENOMEM;
28- goto error;
29- }
30-
31- init_completion(&out->async.result->completion);
32+ init_completion(&out->async.result.completion);
33
34 if (aead == 0) {
35 out->async.request = ablkcipher_request_alloc(out->async.s, GFP_KERNEL);
36@@ -195,7 +189,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
37 }
38
39 ablkcipher_request_set_callback(out->async.request, 0,
40- cryptodev_complete, out->async.result);
41+ cryptodev_complete, &out->async.result);
42 } else {
43 out->async.arequest = aead_request_alloc(out->async.as, GFP_KERNEL);
44 if (unlikely(!out->async.arequest)) {
45@@ -205,7 +199,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
46 }
47
48 aead_request_set_callback(out->async.arequest, 0,
49- cryptodev_complete, out->async.result);
50+ cryptodev_complete, &out->async.result);
51 }
52
53 out->init = 1;
54@@ -222,7 +216,6 @@ error:
55 if (out->async.as)
56 crypto_free_aead(out->async.as);
57 }
58- kfree(out->async.result);
59
60 return ret;
61 }
62@@ -242,7 +235,6 @@ void cryptodev_cipher_deinit(struct cipher_data *cdata)
63 crypto_free_aead(cdata->async.as);
64 }
65
66- kfree(cdata->async.result);
67 cdata->init = 0;
68 }
69 }
70@@ -279,7 +271,7 @@ ssize_t cryptodev_cipher_encrypt(struct cipher_data *cdata,
71 {
72 int ret;
73
74- reinit_completion(&cdata->async.result->completion);
75+ reinit_completion(&cdata->async.result.completion);
76
77 if (cdata->aead == 0) {
78 ablkcipher_request_set_crypt(cdata->async.request,
79@@ -293,7 +285,7 @@ ssize_t cryptodev_cipher_encrypt(struct cipher_data *cdata,
80 ret = crypto_aead_encrypt(cdata->async.arequest);
81 }
82
83- return waitfor(cdata->async.result, ret);
84+ return waitfor(&cdata->async.result, ret);
85 }
86
87 ssize_t cryptodev_cipher_decrypt(struct cipher_data *cdata,
88@@ -302,7 +294,7 @@ ssize_t cryptodev_cipher_decrypt(struct cipher_data *cdata,
89 {
90 int ret;
91
92- reinit_completion(&cdata->async.result->completion);
93+ reinit_completion(&cdata->async.result.completion);
94 if (cdata->aead == 0) {
95 ablkcipher_request_set_crypt(cdata->async.request,
96 (struct scatterlist *)src, dst,
97@@ -315,7 +307,7 @@ ssize_t cryptodev_cipher_decrypt(struct cipher_data *cdata,
98 ret = crypto_aead_decrypt(cdata->async.arequest);
99 }
100
101- return waitfor(cdata->async.result, ret);
102+ return waitfor(&cdata->async.result, ret);
103 }
104
105 /* Hash functions */
106@@ -345,13 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
107 hdata->digestsize = crypto_ahash_digestsize(hdata->async.s);
108 hdata->alignmask = crypto_ahash_alignmask(hdata->async.s);
109
110- hdata->async.result = kzalloc(sizeof(*hdata->async.result), GFP_KERNEL);
111- if (unlikely(!hdata->async.result)) {
112- ret = -ENOMEM;
113- goto error;
114- }
115-
116- init_completion(&hdata->async.result->completion);
117+ init_completion(&hdata->async.result.completion);
118
119 hdata->async.request = ahash_request_alloc(hdata->async.s, GFP_KERNEL);
120 if (unlikely(!hdata->async.request)) {
121@@ -361,12 +347,11 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
122 }
123
124 ahash_request_set_callback(hdata->async.request, 0,
125- cryptodev_complete, hdata->async.result);
126+ cryptodev_complete, &hdata->async.result);
127 hdata->init = 1;
128 return 0;
129
130 error:
131- kfree(hdata->async.result);
132 crypto_free_ahash(hdata->async.s);
133 return ret;
134 }
135@@ -376,7 +361,6 @@ void cryptodev_hash_deinit(struct hash_data *hdata)
136 if (hdata->init) {
137 if (hdata->async.request)
138 ahash_request_free(hdata->async.request);
139- kfree(hdata->async.result);
140 if (hdata->async.s)
141 crypto_free_ahash(hdata->async.s);
142 hdata->init = 0;
143@@ -402,24 +386,24 @@ ssize_t cryptodev_hash_update(struct hash_data *hdata,
144 {
145 int ret;
146
147- reinit_completion(&hdata->async.result->completion);
148+ reinit_completion(&hdata->async.result.completion);
149 ahash_request_set_crypt(hdata->async.request, sg, NULL, len);
150
151 ret = crypto_ahash_update(hdata->async.request);
152
153- return waitfor(hdata->async.result, ret);
154+ return waitfor(&hdata->async.result, ret);
155 }
156
157 int cryptodev_hash_final(struct hash_data *hdata, void *output)
158 {
159 int ret;
160
161- reinit_completion(&hdata->async.result->completion);
162+ reinit_completion(&hdata->async.result.completion);
163 ahash_request_set_crypt(hdata->async.request, NULL, output, 0);
164
165 ret = crypto_ahash_final(hdata->async.request);
166
167- return waitfor(hdata->async.result, ret);
168+ return waitfor(&hdata->async.result, ret);
169 }
170
171 int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
172diff --git a/cryptlib.h b/cryptlib.h
173index e1c4e3e..d8e8046 100644
174--- a/cryptlib.h
175+++ b/cryptlib.h
176@@ -6,6 +6,11 @@
177
178 #include <linux/version.h>
179
180+struct cryptodev_result {
181+ struct completion completion;
182+ int err;
183+};
184+
185 struct cipher_data {
186 int init; /* 0 uninitialized */
187 int blocksize;
188@@ -22,7 +27,7 @@ struct cipher_data {
189 struct crypto_aead *as;
190 struct aead_request *arequest;
191
192- struct cryptodev_result *result;
193+ struct cryptodev_result result;
194 uint8_t iv[EALG_MAX_BLOCK_LEN];
195 } async;
196 };
197@@ -85,7 +90,7 @@ struct hash_data {
198 int alignmask;
199 struct {
200 struct crypto_ahash *s;
201- struct cryptodev_result *result;
202+ struct cryptodev_result result;
203 struct ahash_request *request;
204 } async;
205 };
206@@ -104,11 +109,6 @@ enum offload_type {
207 ASYNCHRONOUS
208 };
209
210-struct cryptodev_result {
211- struct completion completion;
212- int err;
213-};
214-
215 struct cryptodev_pkc {
216 struct list_head list; /* To maintain the Jobs in completed
217 cryptodev lists */
218--
2192.7.0
220
diff --git a/recipes-kernel/cryptodev/sdk_patches/0033-avoid-unnecessary-checks-for-hash-clean-up.patch b/recipes-kernel/cryptodev/sdk_patches/0033-avoid-unnecessary-checks-for-hash-clean-up.patch
new file mode 100644
index 0000000..3ce8a5f
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0033-avoid-unnecessary-checks-for-hash-clean-up.patch
@@ -0,0 +1,33 @@
1From 774c6bd169b683ed54ebad164d0ff541e1381a64 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 12 Jan 2016 17:09:33 +0200
4Subject: [PATCH 33/38] avoid unnecessary checks for hash clean-up
5
6hdata->init is set only after all necessary allocations succeed. On
7clean-up is no longer necessary to make the allocation checks.
8
9Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
10---
11 cryptlib.c | 6 ++----
12 1 file changed, 2 insertions(+), 4 deletions(-)
13
14diff --git a/cryptlib.c b/cryptlib.c
15index 5972fc2..5d1a5a9 100644
16--- a/cryptlib.c
17+++ b/cryptlib.c
18@@ -359,10 +359,8 @@ error:
19 void cryptodev_hash_deinit(struct hash_data *hdata)
20 {
21 if (hdata->init) {
22- if (hdata->async.request)
23- ahash_request_free(hdata->async.request);
24- if (hdata->async.s)
25- crypto_free_ahash(hdata->async.s);
26+ ahash_request_free(hdata->async.request);
27+ crypto_free_ahash(hdata->async.s);
28 hdata->init = 0;
29 }
30 }
31--
322.7.0
33
diff --git a/recipes-kernel/cryptodev/sdk_patches/0034-extend-API-with-CIOCHASH-to-support-direct-hash-oper.patch b/recipes-kernel/cryptodev/sdk_patches/0034-extend-API-with-CIOCHASH-to-support-direct-hash-oper.patch
new file mode 100644
index 0000000..3a1f0c0
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0034-extend-API-with-CIOCHASH-to-support-direct-hash-oper.patch
@@ -0,0 +1,114 @@
1From c43fa74b9ed11f0183d25b21486b71fe02d84de7 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 15 Dec 2015 15:31:47 +0200
4Subject: [PATCH 34/38] extend API with CIOCHASH to support direct hash
5 operations
6
7Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
8---
9 crypto/cryptodev.h | 16 ++++++++++++++++
10 ioctl.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
11 2 files changed, 65 insertions(+)
12
13diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
14index f6058ca..c6083f7 100644
15--- a/crypto/cryptodev.h
16+++ b/crypto/cryptodev.h
17@@ -167,6 +167,19 @@ struct crypt_auth_op {
18 __u32 iv_len;
19 };
20
21+/* data container for CIOCHASH operations */
22+struct hash_op_data {
23+ __u32 ses; /* session identifier */
24+ __u32 mac_op; /* cryptodev_crypto_op_t */
25+ __u8 *mackey;
26+ __u32 mackeylen;
27+
28+ __u16 flags; /* see COP_FLAG_* */
29+ __u32 len; /* length of source data */
30+ __u8 *src; /* source data */
31+ __u8 *mac_result;
32+};
33+
34 /* In plain AEAD mode the following are required:
35 * flags : 0
36 * iv : the initialization vector (12 bytes)
37@@ -325,4 +338,7 @@ enum cryptodev_crk_op_t {
38 /* additional ioctls for asynchronous operation for asymmetric ciphers*/
39 #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop)
40 #define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s)
41+
42+#define CIOCHASH _IOWR('c', 114, struct hash_op_data)
43+
44 #endif /* L_CRYPTODEV_H */
45diff --git a/ioctl.c b/ioctl.c
46index 7adde75..3763954 100644
47--- a/ioctl.c
48+++ b/ioctl.c
49@@ -960,6 +960,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
50 void __user *arg = (void __user *)arg_;
51 int __user *p = arg;
52 struct session_op sop;
53+ struct hash_op_data hash_op;
54 struct kernel_crypt_op kcop;
55 struct kernel_crypt_auth_op kcaop;
56 struct crypt_priv *pcr = filp->private_data;
57@@ -1049,6 +1050,54 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
58 }
59
60 return kcop_to_user(&kcop, fcr, arg);
61+ case CIOCHASH:
62+ /* get session */
63+ if (unlikely(copy_from_user(&hash_op, arg, sizeof(struct hash_op_data)))) {
64+ pr_err("copy from user fault\n");
65+ return -EFAULT;
66+ }
67+
68+ sop.cipher = 0;
69+ sop.mac = hash_op.mac_op;
70+ sop.mackey = hash_op.mackey;
71+ sop.mackeylen = hash_op.mackeylen;
72+
73+ /* writes sop.ses as a side-effect */
74+ ret = crypto_create_session(fcr, &sop);
75+ if (unlikely(ret)) {
76+ pr_err("can't get session\n");
77+ return ret;
78+ }
79+
80+ /* do hashing */
81+ kcop.cop.ses = sop.ses;
82+ kcop.cop.flags = hash_op.flags;
83+ kcop.cop.len = hash_op.len;
84+ kcop.cop.src = hash_op.src;
85+ kcop.cop.mac = hash_op.mac_result;
86+ kcop.cop.dst = 0;
87+ kcop.cop.op = 0;
88+ kcop.cop.iv = 0;
89+ kcop.ivlen = 0;
90+ kcop.digestsize = 0; /* will be updated during operation */
91+ kcop.task = current;
92+ kcop.mm = current->mm;
93+
94+ ret = crypto_run(fcr, &kcop);
95+ if (unlikely(ret)) {
96+ dwarning(1, "Error in hash run");
97+ return ret;
98+ }
99+
100+ ret = copy_to_user(kcop.cop.mac, kcop.hash_output, kcop.digestsize);
101+ if (unlikely(ret)) {
102+ dwarning(1, "Error in copy to user");
103+ return ret;
104+ }
105+
106+ /* put session */
107+ ret = crypto_finish_session(fcr, sop.ses);
108+ return 0;
109 case CIOCAUTHCRYPT:
110 if (unlikely(ret = kcaop_from_user(&kcaop, fcr, arg))) {
111 dwarning(1, "Error copying from user");
112--
1132.7.0
114
diff --git a/recipes-kernel/cryptodev/sdk_patches/0035-use-directly-crypto-API-digest-operation-for-CIOCHAS.patch b/recipes-kernel/cryptodev/sdk_patches/0035-use-directly-crypto-API-digest-operation-for-CIOCHAS.patch
new file mode 100644
index 0000000..4745dc9
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0035-use-directly-crypto-API-digest-operation-for-CIOCHAS.patch
@@ -0,0 +1,315 @@
1From f123f38532ae022e818312a9bc04cdb287e9623f Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 17 Dec 2015 10:34:20 +0200
4Subject: [PATCH 35/38] use directly crypto API 'digest' operation for CIOCHASH
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 crypto/cryptodev.h | 2 +-
9 cryptodev_int.h | 10 ++++
10 ioctl.c | 158 ++++++++++++++++++++++++++++++++++++++++++++---------
11 main.c | 39 ++++++++++++-
12 4 files changed, 179 insertions(+), 30 deletions(-)
13
14diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
15index c6083f7..9ade102 100644
16--- a/crypto/cryptodev.h
17+++ b/crypto/cryptodev.h
18@@ -169,7 +169,7 @@ struct crypt_auth_op {
19
20 /* data container for CIOCHASH operations */
21 struct hash_op_data {
22- __u32 ses; /* session identifier */
23+ struct csession *ses; /* session identifier */
24 __u32 mac_op; /* cryptodev_crypto_op_t */
25 __u8 *mackey;
26 __u32 mackeylen;
27diff --git a/cryptodev_int.h b/cryptodev_int.h
28index cb005d7..74c295a 100644
29--- a/cryptodev_int.h
30+++ b/cryptodev_int.h
31@@ -164,6 +164,15 @@ struct kernel_crypt_op {
32 struct mm_struct *mm;
33 };
34
35+struct kernel_hash_op {
36+ struct hash_op_data hash_op;
37+
38+ int digestsize;
39+ uint8_t hash_output[AALG_MAX_RESULT_LEN];
40+ struct task_struct *task;
41+ struct mm_struct *mm;
42+};
43+
44 struct kernel_crypt_auth_op {
45 struct crypt_auth_op caop;
46
47@@ -192,6 +201,7 @@ int kcaop_to_user(struct kernel_crypt_auth_op *kcaop,
48 struct fcrypt *fcr, void __user *arg);
49 int crypto_auth_run(struct fcrypt *fcr, struct kernel_crypt_auth_op *kcaop);
50 int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
51+int hash_run(struct kernel_hash_op *khop);
52
53 #include <cryptlib.h>
54
55diff --git a/ioctl.c b/ioctl.c
56index 3763954..a052614 100644
57--- a/ioctl.c
58+++ b/ioctl.c
59@@ -397,7 +397,128 @@ session_error:
60 return ret;
61 }
62
63-/* Everything that needs to be done when removing a session. */
64+static inline void hash_destroy_session(struct csession *ses_ptr)
65+{
66+ cryptodev_hash_deinit(&ses_ptr->hdata);
67+ kfree(ses_ptr->pages);
68+ kfree(ses_ptr->sg);
69+ kfree(ses_ptr);
70+}
71+
72+static int hash_create_session(struct hash_op_data *hash_op)
73+{
74+ struct csession *ses;
75+ int ret = 0;
76+ const char *hash_name;
77+ int hmac_mode = 1;
78+ uint8_t mkey[CRYPTO_HMAC_MAX_KEY_LEN];
79+
80+ switch (hash_op->mac_op) {
81+ case CRYPTO_MD5_HMAC:
82+ hash_name = "hmac(md5)";
83+ break;
84+ case CRYPTO_RIPEMD160_HMAC:
85+ hash_name = "hmac(rmd160)";
86+ break;
87+ case CRYPTO_SHA1_HMAC:
88+ hash_name = "hmac(sha1)";
89+ break;
90+ case CRYPTO_SHA2_224_HMAC:
91+ hash_name = "hmac(sha224)";
92+ break;
93+ case CRYPTO_SHA2_256_HMAC:
94+ hash_name = "hmac(sha256)";
95+ break;
96+ case CRYPTO_SHA2_384_HMAC:
97+ hash_name = "hmac(sha384)";
98+ break;
99+ case CRYPTO_SHA2_512_HMAC:
100+ hash_name = "hmac(sha512)";
101+ break;
102+ /* non-hmac cases */
103+ case CRYPTO_MD5:
104+ hash_name = "md5";
105+ hmac_mode = 0;
106+ break;
107+ case CRYPTO_RIPEMD160:
108+ hash_name = "rmd160";
109+ hmac_mode = 0;
110+ break;
111+ case CRYPTO_SHA1:
112+ hash_name = "sha1";
113+ hmac_mode = 0;
114+ break;
115+ case CRYPTO_SHA2_224:
116+ hash_name = "sha224";
117+ hmac_mode = 0;
118+ break;
119+ case CRYPTO_SHA2_256:
120+ hash_name = "sha256";
121+ hmac_mode = 0;
122+ break;
123+ case CRYPTO_SHA2_384:
124+ hash_name = "sha384";
125+ hmac_mode = 0;
126+ break;
127+ case CRYPTO_SHA2_512:
128+ hash_name = "sha512";
129+ hmac_mode = 0;
130+ break;
131+ default:
132+ ddebug(1, "bad mac: %d", hash_op->mac_op);
133+ return -EINVAL;
134+ }
135+
136+ ses = kzalloc(sizeof(*ses), GFP_KERNEL);
137+ if (!ses) {
138+ return -ENOMEM;
139+ }
140+
141+ if (unlikely(hash_op->mackeylen > CRYPTO_HMAC_MAX_KEY_LEN)) {
142+ ddebug(1, "Setting key failed for %s-%zu.", hash_name,
143+ (size_t)hash_op->mackeylen * 8);
144+ ret = -EINVAL;
145+ goto error_hash;
146+ }
147+
148+ if (hash_op->mackey &&
149+ unlikely(copy_from_user(mkey, hash_op->mackey, hash_op->mackeylen))) {
150+ ret = -EFAULT;
151+ goto error_hash;
152+ }
153+
154+ ret = cryptodev_hash_init(&ses->hdata, hash_name, hmac_mode,
155+ mkey, hash_op->mackeylen);
156+ if (ret != 0) {
157+ ddebug(1, "Failed to load hash for %s", hash_name);
158+ ret = -EINVAL;
159+ goto error_hash;
160+ }
161+
162+ ses->alignmask = ses->hdata.alignmask;
163+ ddebug(2, "got alignmask %d", ses->alignmask);
164+
165+ ses->array_size = DEFAULT_PREALLOC_PAGES;
166+ ddebug(2, "preallocating for %d user pages", ses->array_size);
167+
168+ ses->pages = kzalloc(ses->array_size * sizeof(struct page *), GFP_KERNEL);
169+ ses->sg = kzalloc(ses->array_size * sizeof(struct scatterlist), GFP_KERNEL);
170+ if (ses->sg == NULL || ses->pages == NULL) {
171+ ddebug(0, "Memory error");
172+ ret = -ENOMEM;
173+ goto error_hash;
174+ }
175+
176+ hash_op->ses = ses;
177+ return 0;
178+
179+error_hash:
180+ hash_destroy_session(ses);
181+ return ret;
182+}
183+
184+
185+/* Everything that needs to be done when remowing a session. */
186 static inline void
187 crypto_destroy_session(struct csession *ses_ptr)
188 {
189@@ -960,7 +1081,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
190 void __user *arg = (void __user *)arg_;
191 int __user *p = arg;
192 struct session_op sop;
193- struct hash_op_data hash_op;
194+ struct kernel_hash_op khop;
195 struct kernel_crypt_op kcop;
196 struct kernel_crypt_auth_op kcaop;
197 struct crypt_priv *pcr = filp->private_data;
198@@ -1051,52 +1172,35 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
199
200 return kcop_to_user(&kcop, fcr, arg);
201 case CIOCHASH:
202- /* get session */
203- if (unlikely(copy_from_user(&hash_op, arg, sizeof(struct hash_op_data)))) {
204+ if (unlikely(copy_from_user(&khop.hash_op, arg, sizeof(struct hash_op_data)))) {
205 pr_err("copy from user fault\n");
206 return -EFAULT;
207 }
208+ khop.task = current;
209+ khop.mm = current->mm;
210
211- sop.cipher = 0;
212- sop.mac = hash_op.mac_op;
213- sop.mackey = hash_op.mackey;
214- sop.mackeylen = hash_op.mackeylen;
215-
216- /* writes sop.ses as a side-effect */
217- ret = crypto_create_session(fcr, &sop);
218+ /* get session */
219+ ret = hash_create_session(&khop.hash_op);
220 if (unlikely(ret)) {
221 pr_err("can't get session\n");
222 return ret;
223 }
224
225 /* do hashing */
226- kcop.cop.ses = sop.ses;
227- kcop.cop.flags = hash_op.flags;
228- kcop.cop.len = hash_op.len;
229- kcop.cop.src = hash_op.src;
230- kcop.cop.mac = hash_op.mac_result;
231- kcop.cop.dst = 0;
232- kcop.cop.op = 0;
233- kcop.cop.iv = 0;
234- kcop.ivlen = 0;
235- kcop.digestsize = 0; /* will be updated during operation */
236- kcop.task = current;
237- kcop.mm = current->mm;
238-
239- ret = crypto_run(fcr, &kcop);
240+ ret = hash_run(&khop);
241 if (unlikely(ret)) {
242 dwarning(1, "Error in hash run");
243 return ret;
244 }
245
246- ret = copy_to_user(kcop.cop.mac, kcop.hash_output, kcop.digestsize);
247+ ret = copy_to_user(khop.hash_op.mac_result, khop.hash_output, khop.digestsize);
248 if (unlikely(ret)) {
249 dwarning(1, "Error in copy to user");
250 return ret;
251 }
252
253 /* put session */
254- ret = crypto_finish_session(fcr, sop.ses);
255+ hash_destroy_session(khop.hash_op.ses);
256 return 0;
257 case CIOCAUTHCRYPT:
258 if (unlikely(ret = kcaop_from_user(&kcaop, fcr, arg))) {
259diff --git a/main.c b/main.c
260index ec11129..095aea5 100644
261--- a/main.c
262+++ b/main.c
263@@ -159,8 +159,6 @@ __crypto_run_std(struct csession *ses_ptr, struct crypt_op *cop)
264 return ret;
265 }
266
267-
268-
269 /* This is the main crypto function - zero-copy edition */
270 static int
271 __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop)
272@@ -841,3 +839,40 @@ out_unlock:
273 crypto_put_session(ses_ptr);
274 return ret;
275 }
276+
277+int hash_run(struct kernel_hash_op *khop)
278+{
279+ struct hash_op_data *hash_op = &khop->hash_op;
280+ struct csession *ses_ptr = hash_op->ses;
281+ struct hash_data *hdata = &ses_ptr->hdata;
282+ int ret;
283+ struct scatterlist *src_sg;
284+ struct scatterlist *dst_sg; /* required by get_userbuf but not used */
285+
286+ if (hash_op->len == 0) {
287+ src_sg = NULL;
288+ } else {
289+ ret = get_userbuf(ses_ptr, hash_op->src, hash_op->len, NULL, 0,
290+ khop->task, khop->mm, &src_sg, &dst_sg);
291+ if (unlikely(ret)) {
292+ derr(1, "Error getting user pages");
293+ return ret;
294+ }
295+ }
296+
297+ ahash_request_set_crypt(hdata->async.request, src_sg, khop->hash_output, hash_op->len);
298+
299+ ret = crypto_ahash_digest(hdata->async.request);
300+ if (ret == -EINPROGRESS || ret == -EBUSY) {
301+ wait_for_completion(&hdata->async.result.completion);
302+ ret = hdata->async.result.err;
303+ if (ret != 0) {
304+ derr(0, "CryptoAPI failure: %d", ret);
305+ }
306+ }
307+
308+ khop->digestsize = ses_ptr->hdata.digestsize;
309+
310+ release_user_pages(ses_ptr);
311+ return ret;
312+}
313--
3142.7.0
315
diff --git a/recipes-kernel/cryptodev/sdk_patches/0036-add-compat-for-CIOCHASH-operation.patch b/recipes-kernel/cryptodev/sdk_patches/0036-add-compat-for-CIOCHASH-operation.patch
new file mode 100644
index 0000000..c206995
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0036-add-compat-for-CIOCHASH-operation.patch
@@ -0,0 +1,120 @@
1From 711529cc7b8743ae8c9c0db4980ac15f7acb8618 Mon Sep 17 00:00:00 2001
2From: Alex Porosanu <alexandru.porosanu@nxp.com>
3Date: Tue, 12 Jan 2016 14:51:00 +0200
4Subject: [PATCH 36/38] add compat for CIOCHASH operation
5
6This patch adds the necessary ioctl for using the CIOCHASH
7operation for different userspace & kernel (i.e. 32b userspace
8and 64b kernel).
9
10Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com>
11---
12 cryptodev_int.h | 14 +++++++++++++-
13 ioctl.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 63 insertions(+), 1 deletion(-)
15
16diff --git a/cryptodev_int.h b/cryptodev_int.h
17index 74c295a..6dcfd69 100644
18--- a/cryptodev_int.h
19+++ b/cryptodev_int.h
20@@ -129,6 +129,18 @@ struct compat_crypt_auth_op {
21 uint32_t iv_len;
22 };
23
24+struct compat_hash_op_data {
25+ compat_uptr_t ses;
26+ uint32_t mac_op; /* cryptodev_crypto_op_t */
27+ compat_uptr_t mackey;
28+ uint32_t mackeylen;
29+
30+ uint16_t flags; /* see COP_FLAG_* */
31+ uint32_t len; /* length of source data */
32+ compat_uptr_t src; /* source data */
33+ compat_uptr_t mac_result;
34+};
35+
36 /* compat ioctls, defined for the above structs */
37 #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op)
38 #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op)
39@@ -139,7 +151,7 @@ struct compat_crypt_auth_op {
40 #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop)
41 #define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \
42 struct compat_pkc_cookie_list_s)
43-
44+#define COMPAT_CIOCHASH _IOWR('c', 114, struct compat_hash_op_data)
45 #endif /* CONFIG_COMPAT */
46
47 /* kernel-internal extension to struct crypt_kop */
48diff --git a/ioctl.c b/ioctl.c
49index a052614..ff3de44 100644
50--- a/ioctl.c
51+++ b/ioctl.c
52@@ -1435,8 +1435,11 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
53 struct fcrypt *fcr;
54 struct session_op sop;
55 struct compat_session_op compat_sop;
56+ struct kernel_hash_op khop;
57 struct kernel_crypt_op kcop;
58 struct kernel_crypt_auth_op kcaop;
59+ struct compat_hash_op_data compat_hash_op_data;
60+
61 int ret;
62
63 if (unlikely(!pcr))
64@@ -1499,6 +1502,53 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
65
66 return compat_kcop_to_user(&kcop, fcr, arg);
67
68+ case COMPAT_CIOCHASH:
69+ /* get session */
70+ if (unlikely(copy_from_user(&compat_hash_op_data, arg,
71+ sizeof(struct compat_hash_op_data)))) {
72+ pr_err("copy from user fault\n");
73+ return -EFAULT;
74+ }
75+
76+ khop.task = current;
77+ khop.mm = current->mm;
78+
79+ khop.hash_op.mac_op = compat_hash_op_data.mac_op;
80+ khop.hash_op.mackey = compat_ptr(compat_hash_op_data.mackey);
81+ khop.hash_op.mackeylen = compat_hash_op_data.mackeylen;
82+ khop.hash_op.flags = compat_hash_op_data.flags;
83+ khop.hash_op.len = compat_hash_op_data.len;
84+ khop.hash_op.src = compat_ptr(compat_hash_op_data.src);
85+ khop.hash_op.mac_result =
86+ compat_ptr(compat_hash_op_data.mac_result);
87+
88+ ret = hash_create_session(&khop.hash_op);
89+ if (unlikely(ret)) {
90+ pr_err("can't get session\n");
91+ return ret;
92+ }
93+
94+ /* do hashing */
95+ ret = hash_run(&khop);
96+ if (unlikely(ret)) {
97+ dwarning(1, "Error in hash run");
98+ return ret;
99+ }
100+
101+ ret = copy_to_user(khop.hash_op.mac_result, khop.hash_output,
102+ khop.digestsize);
103+ if (unlikely(ret)) {
104+ dwarning(1, "Error in copy to user");
105+ return ret;
106+ }
107+
108+ copy_to_user(arg, &compat_hash_op_data,
109+ sizeof(struct compat_hash_op_data));
110+
111+ /* put session */
112+ hash_destroy_session(khop.hash_op.ses);
113+ return 0;
114+
115 case COMPAT_CIOCAUTHCRYPT:
116 if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) {
117 dprintk(1, KERN_WARNING, "Error copying from user\n");
118--
1192.7.0
120
diff --git a/recipes-kernel/cryptodev/sdk_patches/0037-rewrite-sha_speed.c-to-reduce-code-duplication.patch b/recipes-kernel/cryptodev/sdk_patches/0037-rewrite-sha_speed.c-to-reduce-code-duplication.patch
new file mode 100644
index 0000000..eff6ed9
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0037-rewrite-sha_speed.c-to-reduce-code-duplication.patch
@@ -0,0 +1,190 @@
1From 344a0243e31f8fc467253404a548eedbb72b35d0 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Wed, 20 Jan 2016 17:11:49 +0200
4Subject: [PATCH 37/38] rewrite sha_speed.c to reduce code duplication
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 tests/sha_speed.c | 131 ++++++++++++++++++++++++++++++++++--------------------
9 1 file changed, 84 insertions(+), 47 deletions(-)
10
11diff --git a/tests/sha_speed.c b/tests/sha_speed.c
12index e1dc54b..5f694bd 100644
13--- a/tests/sha_speed.c
14+++ b/tests/sha_speed.c
15@@ -28,6 +28,13 @@
16
17 #include <crypto/cryptodev.h>
18
19+/* Sizes of buffers to be hashed */
20+int buffer_lengths[] = {256, 512, 1024, 2048, 4096, 8192, 65536, 0};
21+
22+/* Time in seconds allocated for each tested buffer lengths */
23+#define BUFFER_TEST_TIME 10
24+
25+
26 static double udifftimeval(struct timeval start, struct timeval end)
27 {
28 return (double)(end.tv_usec - start.tv_usec) +
29@@ -97,7 +104,7 @@ int hash_data(struct session_op *sess, int fdc, int chunksize, int alignmask)
30 memset(buffer, val++, chunksize);
31
32 must_finish = 0;
33- alarm(5);
34+ alarm(BUFFER_TEST_TIME);
35
36 gettimeofday(&start, NULL);
37 do {
38@@ -126,73 +133,103 @@ int hash_data(struct session_op *sess, int fdc, int chunksize, int alignmask)
39 return 0;
40 }
41
42-int main(void)
43-{
44- int fd, i, fdc = -1, alignmask = 0;
45- struct session_op sess;
46- char keybuf[32];
47+
48 #ifdef CIOCGSESSINFO
49+int get_alignmask(struct session_op *sess, int fdc)
50+{
51 struct session_info_op siop;
52+
53+ siop.ses = sess->ses;
54+ if (ioctl(fdc, CIOCGSESSINFO, &siop) < 0) {
55+ perror("ioctl(CIOCGSESSINFO)");
56+ /* continue test ignoring CIOCGSESSINFO error */
57+ return 0;
58+ }
59+
60+ printf("using algorithm %s with driver %s\n",
61+ siop.hash_info.cra_name, siop.hash_info.cra_driver_name);
62+
63+ return siop.alignmask;
64+}
65 #endif
66
67- signal(SIGALRM, alarm_handler);
68
69- if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
70- perror("open()");
71- return 1;
72- }
73- if (ioctl(fd, CRIOGET, &fdc)) {
74- perror("ioctl(CRIOGET)");
75- return 1;
76- }
77+int hash_session(struct session_op *sess, int fdc)
78+{
79+ int i;
80+ int err;
81+ int alignmask;
82
83- fprintf(stderr, "Testing SHA1 Hash: \n");
84- memset(&sess, 0, sizeof(sess));
85- sess.mac = CRYPTO_SHA1;
86- if (ioctl(fdc, CIOCGSESSION, &sess)) {
87+ if (ioctl(fdc, CIOCGSESSION, sess)) {
88 perror("ioctl(CIOCGSESSION)");
89 return 1;
90 }
91+
92 #ifdef CIOCGSESSINFO
93- siop.ses = sess.ses;
94- if (ioctl(fdc, CIOCGSESSINFO, &siop)) {
95- perror("ioctl(CIOCGSESSINFO)");
96- return 1;
97- }
98- printf("requested hash CRYPTO_SHA1, got %s with driver %s\n",
99- siop.hash_info.cra_name, siop.hash_info.cra_driver_name);
100- alignmask = siop.alignmask;
101+ alignmask = get_alignmask(sess, fdc);
102+#else
103+ alignmask = 0;
104 #endif
105
106- for (i = 256; i <= (64 * 1024); i *= 4) {
107- if (hash_data(&sess, fdc, i, alignmask))
108- break;
109+ err = 0;
110+ for(i = 0; (err == 0) && (buffer_lengths[i] != 0); i++) {
111+ err = hash_data(sess, fdc, buffer_lengths[i], alignmask);
112 }
113
114- fprintf(stderr, "\nTesting SHA256 Hash: \n");
115- memset(&sess, 0, sizeof(sess));
116- sess.mac = CRYPTO_SHA2_256;
117- if (ioctl(fdc, CIOCGSESSION, &sess)) {
118- perror("ioctl(CIOCGSESSION)");
119+ if (ioctl(fdc, CIOCFSESSION, sess)) {
120+ perror("ioctl(CIOCFSESSION)");
121 return 1;
122 }
123-#ifdef CIOCGSESSINFO
124- siop.ses = sess.ses;
125- if (ioctl(fdc, CIOCGSESSINFO, &siop)) {
126- perror("ioctl(CIOCGSESSINFO)");
127+
128+ return err;
129+}
130+
131+int test_sha1(struct session_op *sess, int fdc)
132+{
133+ fprintf(stderr, "Testing SHA1 Hash: \n");
134+ memset(sess, 0, sizeof(sess));
135+ sess->mac = CRYPTO_SHA1;
136+ return hash_session(sess, fdc);
137+}
138+
139+
140+int test_sha256(struct session_op *sess, int fdc)
141+{
142+ fprintf(stderr, "Testing SHA256 Hash: \n");
143+ memset(sess, 0, sizeof(sess));
144+ sess->mac = CRYPTO_SHA2_256;
145+ return hash_session(sess, fdc);
146+}
147+
148+
149+int main(void)
150+{
151+ int fd;
152+ int fdc;
153+ int err;
154+ int i;
155+ struct session_op sess;
156+
157+ signal(SIGALRM, alarm_handler);
158+
159+ fd = open("/dev/crypto", O_RDWR, 0);
160+ if (fd < 0) {
161+ perror("open()");
162 return 1;
163 }
164- printf("requested hash CRYPTO_SHA2_256, got %s with driver %s\n",
165- siop.hash_info.cra_name, siop.hash_info.cra_driver_name);
166- alignmask = siop.alignmask;
167-#endif
168
169- for (i = 256; i <= (64 * 1024); i *= 4) {
170- if (hash_data(&sess, fdc, i, alignmask))
171- break;
172+ err = ioctl(fd, CRIOGET, &fdc);
173+ if (err != 0) {
174+ perror("ioctl(CRIOGET)");
175+ close(fd);
176+ return 1;
177 }
178
179+ /* run all tests but return an eventual error */
180+ err |= test_sha1(&sess, fdc);
181+ err |= test_sha256(&sess, fdc);
182+
183 close(fdc);
184 close(fd);
185- return 0;
186+ return err;
187 }
188--
1892.7.0
190
diff --git a/recipes-kernel/cryptodev/sdk_patches/0038-extend-sha_speed.c-to-test-CIOCHASH.patch b/recipes-kernel/cryptodev/sdk_patches/0038-extend-sha_speed.c-to-test-CIOCHASH.patch
new file mode 100644
index 0000000..eb8bf19
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0038-extend-sha_speed.c-to-test-CIOCHASH.patch
@@ -0,0 +1,143 @@
1From 65704ea24e80647e8c5f938300f51cb70af50c1c Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 21 Jan 2016 17:30:59 +0200
4Subject: [PATCH 38/38] extend sha_speed.c to test CIOCHASH
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 tests/sha_speed.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
9 1 file changed, 90 insertions(+)
10
11diff --git a/tests/sha_speed.c b/tests/sha_speed.c
12index 5f694bd..d731c66 100644
13--- a/tests/sha_speed.c
14+++ b/tests/sha_speed.c
15@@ -133,6 +133,62 @@ int hash_data(struct session_op *sess, int fdc, int chunksize, int alignmask)
16 return 0;
17 }
18
19+int digest_data(struct session_op *sess, int fdc, int chunksize, int alignmask)
20+{
21+ struct hash_op_data hash_op;
22+ char *buffer;
23+ static int val = 23;
24+ struct timeval start, end;
25+ double total = 0;
26+ double secs, ddata, dspeed;
27+ char metric[16];
28+ uint8_t mac[AALG_MAX_RESULT_LEN];
29+
30+ if (alignmask) {
31+ if (posix_memalign((void **)&buffer, alignmask + 1, chunksize)) {
32+ printf("posix_memalign() failed!\n");
33+ return 1;
34+ }
35+ } else {
36+ if (!(buffer = malloc(chunksize))) {
37+ perror("malloc()");
38+ return 1;
39+ }
40+ }
41+
42+ printf("\tEncrypting in chunks of %d bytes: ", chunksize);
43+ fflush(stdout);
44+
45+ memset(buffer, val++, chunksize);
46+
47+ must_finish = 0;
48+ alarm(BUFFER_TEST_TIME);
49+
50+ gettimeofday(&start, NULL);
51+ do {
52+ memset(&hash_op, 0, sizeof(hash_op));
53+ hash_op.mac_op = sess->mac;
54+ hash_op.len = chunksize;
55+ hash_op.src = (unsigned char *)buffer;
56+ hash_op.mac_result = mac;
57+
58+ if (ioctl(fdc, CIOCHASH, hash_op) != 0) {
59+ perror("ioctl(CIOCHASH)");
60+ return 1;
61+ }
62+ total += chunksize;
63+ } while(must_finish == 0);
64+ gettimeofday(&end, NULL);
65+
66+ secs = udifftimeval(start, end)/ 1000000.0;
67+
68+ value2human(1, total, secs, &ddata, &dspeed, metric);
69+ printf ("done. %.2f %s in %.2f secs: ", ddata, metric, secs);
70+ printf ("%.2f %s/sec\n", dspeed, metric);
71+
72+ free(buffer);
73+ return 0;
74+}
75
76 #ifdef CIOCGSESSINFO
77 int get_alignmask(struct session_op *sess, int fdc)
78@@ -154,6 +210,20 @@ int get_alignmask(struct session_op *sess, int fdc)
79 #endif
80
81
82+int ciochash_session(struct session_op *sess, int fdc)
83+{
84+ int i;
85+ int err = 0;
86+
87+ err = 0;
88+ for(i = 0; (err == 0) && (buffer_lengths[i] != 0); i++) {
89+ err = digest_data(sess, fdc, buffer_lengths[i], 0);
90+ }
91+
92+ return err;
93+}
94+
95+
96 int hash_session(struct session_op *sess, int fdc)
97 {
98 int i;
99@@ -193,6 +263,15 @@ int test_sha1(struct session_op *sess, int fdc)
100 }
101
102
103+int test_sha1_ciochash(struct session_op *sess, int fdc)
104+{
105+ fprintf(stderr, "Testing SHA1 CIOCHASH: \n");
106+ memset(sess, 0, sizeof(sess));
107+ sess->mac = CRYPTO_SHA1;
108+ return ciochash_session(sess, fdc);
109+}
110+
111+
112 int test_sha256(struct session_op *sess, int fdc)
113 {
114 fprintf(stderr, "Testing SHA256 Hash: \n");
115@@ -202,6 +281,15 @@ int test_sha256(struct session_op *sess, int fdc)
116 }
117
118
119+int test_sha256_ciochash(struct session_op *sess, int fdc)
120+{
121+ fprintf(stderr, "Testing SHA256 CIOCHASH: \n");
122+ memset(sess, 0, sizeof(sess));
123+ sess->mac = CRYPTO_SHA2_256;
124+ return ciochash_session(sess, fdc);
125+}
126+
127+
128 int main(void)
129 {
130 int fd;
131@@ -227,7 +315,9 @@ int main(void)
132
133 /* run all tests but return an eventual error */
134 err |= test_sha1(&sess, fdc);
135+ err |= test_sha1_ciochash(&sess, fdc);
136 err |= test_sha256(&sess, fdc);
137+ err |= test_sha256_ciochash(&sess, fdc);
138
139 close(fdc);
140 close(fd);
141--
1422.7.0
143
diff --git a/recipes-kernel/cryptodev/sdk_patches/0039-fix-memory-leaks-on-error-path-for-CIOCHASH.patch b/recipes-kernel/cryptodev/sdk_patches/0039-fix-memory-leaks-on-error-path-for-CIOCHASH.patch
new file mode 100644
index 0000000..fc2f4c8
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0039-fix-memory-leaks-on-error-path-for-CIOCHASH.patch
@@ -0,0 +1,70 @@
1From 3e3996b40fd3a93cbe2e5ddee244280dd7de6c18 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Tue, 9 Feb 2016 21:07:06 +0200
4Subject: [PATCH 39/40] fix memory leaks on error path for CIOCHASH
5
6Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
7---
8 ioctl.c | 20 +++++++++++---------
9 1 file changed, 11 insertions(+), 9 deletions(-)
10
11diff --git a/ioctl.c b/ioctl.c
12index ff3de44..8d81b56 100644
13--- a/ioctl.c
14+++ b/ioctl.c
15@@ -1190,18 +1190,17 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
16 ret = hash_run(&khop);
17 if (unlikely(ret)) {
18 dwarning(1, "Error in hash run");
19- return ret;
20+ goto hash_err;
21 }
22
23 ret = copy_to_user(khop.hash_op.mac_result, khop.hash_output, khop.digestsize);
24 if (unlikely(ret)) {
25 dwarning(1, "Error in copy to user");
26- return ret;
27 }
28
29- /* put session */
30+ hash_err:
31 hash_destroy_session(khop.hash_op.ses);
32- return 0;
33+ return ret;
34 case CIOCAUTHCRYPT:
35 if (unlikely(ret = kcaop_from_user(&kcaop, fcr, arg))) {
36 dwarning(1, "Error copying from user");
37@@ -1532,22 +1531,25 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
38 ret = hash_run(&khop);
39 if (unlikely(ret)) {
40 dwarning(1, "Error in hash run");
41- return ret;
42+ goto hash_err;
43 }
44
45 ret = copy_to_user(khop.hash_op.mac_result, khop.hash_output,
46 khop.digestsize);
47 if (unlikely(ret)) {
48 dwarning(1, "Error in copy to user");
49- return ret;
50+ goto hash_err;
51 }
52
53- copy_to_user(arg, &compat_hash_op_data,
54+ ret = copy_to_user(arg, &compat_hash_op_data,
55 sizeof(struct compat_hash_op_data));
56+ if (unlikely(ret)) {
57+ dwarning(1, "Error in copy to user");
58+ }
59
60- /* put session */
61+ hash_err:
62 hash_destroy_session(khop.hash_op.ses);
63- return 0;
64+ return ret;
65
66 case COMPAT_CIOCAUTHCRYPT:
67 if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) {
68--
692.7.0
70
diff --git a/recipes-kernel/cryptodev/sdk_patches/0040-fix-structure-init-in-sha_speed-test.patch b/recipes-kernel/cryptodev/sdk_patches/0040-fix-structure-init-in-sha_speed-test.patch
new file mode 100644
index 0000000..053d376
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0040-fix-structure-init-in-sha_speed-test.patch
@@ -0,0 +1,53 @@
1From 3eb9ed52743584949ff9b4844e810333c34a3a1f Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Fri, 12 Feb 2016 11:23:41 +0200
4Subject: [PATCH 40/40] fix structure init in sha_speed test
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 tests/sha_speed.c | 8 ++++----
9 1 file changed, 4 insertions(+), 4 deletions(-)
10
11diff --git a/tests/sha_speed.c b/tests/sha_speed.c
12index d731c66..75d0f42 100644
13--- a/tests/sha_speed.c
14+++ b/tests/sha_speed.c
15@@ -257,7 +257,7 @@ int hash_session(struct session_op *sess, int fdc)
16 int test_sha1(struct session_op *sess, int fdc)
17 {
18 fprintf(stderr, "Testing SHA1 Hash: \n");
19- memset(sess, 0, sizeof(sess));
20+ memset(sess, 0, sizeof(struct session_op));
21 sess->mac = CRYPTO_SHA1;
22 return hash_session(sess, fdc);
23 }
24@@ -266,7 +266,7 @@ int test_sha1(struct session_op *sess, int fdc)
25 int test_sha1_ciochash(struct session_op *sess, int fdc)
26 {
27 fprintf(stderr, "Testing SHA1 CIOCHASH: \n");
28- memset(sess, 0, sizeof(sess));
29+ memset(sess, 0, sizeof(struct session_op));
30 sess->mac = CRYPTO_SHA1;
31 return ciochash_session(sess, fdc);
32 }
33@@ -275,7 +275,7 @@ int test_sha1_ciochash(struct session_op *sess, int fdc)
34 int test_sha256(struct session_op *sess, int fdc)
35 {
36 fprintf(stderr, "Testing SHA256 Hash: \n");
37- memset(sess, 0, sizeof(sess));
38+ memset(sess, 0, sizeof(struct session_op));
39 sess->mac = CRYPTO_SHA2_256;
40 return hash_session(sess, fdc);
41 }
42@@ -284,7 +284,7 @@ int test_sha256(struct session_op *sess, int fdc)
43 int test_sha256_ciochash(struct session_op *sess, int fdc)
44 {
45 fprintf(stderr, "Testing SHA256 CIOCHASH: \n");
46- memset(sess, 0, sizeof(sess));
47+ memset(sess, 0, sizeof(struct session_op));
48 sess->mac = CRYPTO_SHA2_256;
49 return ciochash_session(sess, fdc);
50 }
51--
522.7.0
53
diff --git a/recipes-kernel/cryptodev/sdk_patches/0041-add-separate-target-for-building-tests.patch b/recipes-kernel/cryptodev/sdk_patches/0041-add-separate-target-for-building-tests.patch
new file mode 100644
index 0000000..ff73825
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0041-add-separate-target-for-building-tests.patch
@@ -0,0 +1,38 @@
1From 0d58530f5c5970db9787a23aef4227c68f941fcc Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Wed, 10 Feb 2016 16:22:05 +0200
4Subject: [PATCH 41/43] add separate target for building tests
5
6A separate target for build is useful with cross-compilation. In this
7case it makes sense to build the tests without running them on the host
8machine.
9
10The default target is now 'all' and only builds the tests
11
12Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
13---
14 tests/Makefile | 4 ++++
15 1 file changed, 4 insertions(+)
16
17diff --git a/tests/Makefile b/tests/Makefile
18index 3155da9..89f88fe 100644
19--- a/tests/Makefile
20+++ b/tests/Makefile
21@@ -19,6 +19,8 @@ example-async-hmac-objs := async_hmac.o
22 example-async-speed-objs := async_speed.o
23 example-hashcrypt-speed-objs := hashcrypt_speed.c
24
25+all: $(hostprogs)
26+
27 check: $(hostprogs)
28 ./cipher
29 ./hmac
30@@ -33,3 +35,5 @@ clean:
31
32 ${comp_progs}: LDLIBS += -lssl -lcrypto
33 ${comp_progs}: %: %.o openssl_wrapper.o
34+
35+.PHONY: all clean check
36--
372.7.0
38
diff --git a/recipes-kernel/cryptodev/sdk_patches/0042-fix-destination-for-staged-installs.patch b/recipes-kernel/cryptodev/sdk_patches/0042-fix-destination-for-staged-installs.patch
new file mode 100644
index 0000000..c8ae06e
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0042-fix-destination-for-staged-installs.patch
@@ -0,0 +1,55 @@
1From dcb8fe0fcf71feac2a4f57c44a5153bfc404b4c3 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 11 Feb 2016 16:37:23 +0200
4Subject: [PATCH 42/43] fix destination for staged installs
5
6The standard variable for staged installations is DESTDIR and it should
7be set only by the user, outside of Makefile. This is consistent with
8recommendations from both GNU Make and FreeBSD porters-handbook.
9
10 make DESTDIR=/tmp/stage install
11
12$prefix and $PREFIX (in FreeBSD world) are used to specify where the
13files will be installed. It defaults to /usr/local but can be /usr or
14/opt or something else.
15
16Usually one wants to do a stage installation when cross-building or for
17other purposes. The convention is to use DESTDIR.
18Changing $prefix is useful for installers. They can override its value
19when calling make:
20
21 make prefix=/usr install
22
23Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
24---
25 Makefile | 7 ++++---
26 1 file changed, 4 insertions(+), 3 deletions(-)
27
28diff --git a/Makefile b/Makefile
29index 7f8df37..9871a8e 100644
30--- a/Makefile
31+++ b/Makefile
32@@ -7,7 +7,9 @@ CRYPTODEV_CFLAGS ?= #-DENABLE_ASYNC
33 KBUILD_CFLAGS += -I$(src) $(CRYPTODEV_CFLAGS)
34 KERNEL_DIR ?= /lib/modules/$(shell uname -r)/build
35 VERSION = 1.8
36-PREFIX ?=
37+
38+prefix ?= /usr/local
39+includedir = $(prefix)/include
40
41 cryptodev-objs = ioctl.o main.o cryptlib.o authenc.o zc.o util.o
42
43@@ -31,8 +33,7 @@ install: modules_install
44
45 modules_install:
46 $(MAKE) -C $(KERNEL_DIR) M=$(PWD) modules_install
47- @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..."
48- @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h
49+ install -m 644 -D crypto/cryptodev.h $(DESTDIR)/$(includedir)/crypto/cryptodev.h
50
51 clean:
52 $(MAKE) -C $(KERNEL_DIR) M=$(PWD) clean
53--
542.7.0
55
diff --git a/recipes-kernel/cryptodev/sdk_patches/0043-add-install-target-for-tests.patch b/recipes-kernel/cryptodev/sdk_patches/0043-add-install-target-for-tests.patch
new file mode 100644
index 0000000..f3b7022
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0043-add-install-target-for-tests.patch
@@ -0,0 +1,46 @@
1From 44629033d47543d106299b6c8bed9e5c9fed1513 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 11 Feb 2016 16:48:53 +0200
4Subject: [PATCH 43/43] add install target for tests
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 tests/Makefile | 12 +++++++++++-
9 1 file changed, 11 insertions(+), 1 deletion(-)
10
11diff --git a/tests/Makefile b/tests/Makefile
12index 89f88fe..5e3111d 100644
13--- a/tests/Makefile
14+++ b/tests/Makefile
15@@ -19,6 +19,10 @@ example-async-hmac-objs := async_hmac.o
16 example-async-speed-objs := async_speed.o
17 example-hashcrypt-speed-objs := hashcrypt_speed.c
18
19+prefix ?= /usr/local
20+execprefix ?= $(prefix)
21+bindir = $(execprefix)/bin
22+
23 all: $(hostprogs)
24
25 check: $(hostprogs)
26@@ -30,10 +34,16 @@ check: $(hostprogs)
27 ./cipher-gcm
28 ./cipher-aead
29
30+install:
31+ install -d $(DESTDIR)/$(bindir)
32+ for prog in $(hostprogs); do \
33+ install -m 755 $$prog $(DESTDIR)/$(bindir); \
34+ done
35+
36 clean:
37 rm -f *.o *~ $(hostprogs)
38
39 ${comp_progs}: LDLIBS += -lssl -lcrypto
40 ${comp_progs}: %: %.o openssl_wrapper.o
41
42-.PHONY: all clean check
43+.PHONY: all clean check install
44--
452.7.0
46
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-08 06:35:05 +0000