From 41d1478e1294d06f0cce58fe847c0b0f1706b808 Mon Sep 17 00:00:00 2001 From: Cristian Stoica Date: Mon, 25 Jan 2016 11:19:43 +0200 Subject: cryptodev-qoriq: upgrade to 1.8 plus fsl patches upstream commit: 87b56e04b24c6d4be145483477eff7d3153290e9 Also: - move all fsl patches on top of cryptodev-1.8 - add CIOCHASH ioctl - fix incorrect tests initializations - modify yocto patches to match updated Makefiles Signed-off-by: Cristian Stoica --- .../cryptodev/cryptodev-qoriq-linux_1.7.bb | 16 - .../cryptodev/cryptodev-qoriq-linux_1.8.bb | 14 + .../cryptodev/cryptodev-qoriq-module_1.7.bb | 14 - .../cryptodev/cryptodev-qoriq-module_1.8.bb | 19 + .../cryptodev/cryptodev-qoriq-tests_1.7.bb | 21 - .../cryptodev/cryptodev-qoriq-tests_1.8.bb | 24 + recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc | 62 -- recipes-kernel/cryptodev/cryptodev-qoriq_1.8.inc | 76 ++ ...-for-composite-TLS10-SHA1-AES-algorithm-o.patch | 52 -- .../files/0001-don-t-advertise-RSA-keygen.patch | 33 - .../0001-fix-compilation-against-linux-3.19.patch | 36 - ...ests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch | 29 - ...dd-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch | 207 ----- ...ile-fix-arg-passing-to-CC-in-implicit-rul.patch | 28 - ...talling-header-file-provided-by-another-p.patch | 29 - ...003-PKC-support-added-in-cryptodev-module.patch | 898 --------------------- ...pile-and-install-rules-for-cryptodev-test.patch | 65 -- .../files/0004-Compat-versions-of-PKC-IOCTLs.patch | 200 ----- ...ynchronous-interface-changes-in-cryptodev.patch | 213 ----- ...and-DLC_KEYGEN-supported-in-cryptodev-mod.patch | 212 ----- ...stall-fixed-in-PKC-asynchronous-interface.patch | 238 ------ .../0008-Add-RSA-Key-generation-offloading.patch | 170 ---- ...lation-error-of-openssl-with-fsl-cryptode.patch | 160 ---- ...-for-composite-TLS10-SHA1-3DES-algorithm-.patch | 54 -- ...11-add-support-for-TLSv1.1-record-offload.patch | 76 -- ...12-add-support-for-TLSv1.2-record-offload.patch | 72 -- .../files/0013-clean-up-code-layout.patch | 186 ----- ...ve-redundant-data-copy-for-pkc-operations.patch | 494 ------------ .../files/0015-fix-pkc-request-deallocation.patch | 40 - ...0016-add-basic-detection-of-asym-features.patch | 37 - .../cryptodev/files/0017-remove-dead-code.patch | 67 -- .../cryptodev/files/0018-fix-compat-warnings.patch | 64 -- .../files/0019-fix-size_t-print-format.patch | 61 -- ...x-uninitialized-variable-compiler-warning.patch | 38 - ...urn-codes-for-copy-to-from-user-functions.patch | 398 --------- .../0022-fix-double-free-pkc-req-on-error.patch | 26 - ...023-remove-MAY_BACKLOG-flag-from-requests.patch | 69 -- ...4-fix-COMPAT_CIOCKEY-ioctl-command-number.patch | 29 - ...-for-composite-TLS10-SHA1-AES-algorithm-o.patch | 52 ++ ...dd-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch | 207 +++++ ...003-PKC-support-added-in-cryptodev-module.patch | 898 +++++++++++++++++++++ .../0004-Compat-versions-of-PKC-IOCTLs.patch | 200 +++++ ...ynchronous-interface-changes-in-cryptodev.patch | 213 +++++ ...and-DLC_KEYGEN-supported-in-cryptodev-mod.patch | 212 +++++ ...stall-fixed-in-PKC-asynchronous-interface.patch | 238 ++++++ .../0008-Add-RSA-Key-generation-offloading.patch | 170 ++++ ...lation-error-of-openssl-with-fsl-cryptode.patch | 160 ++++ ...-for-composite-TLS10-SHA1-3DES-algorithm-.patch | 54 ++ ...11-add-support-for-TLSv1.1-record-offload.patch | 76 ++ ...12-add-support-for-TLSv1.2-record-offload.patch | 72 ++ .../sdk_patches/0013-clean-up-code-layout.patch | 186 +++++ ...ve-redundant-data-copy-for-pkc-operations.patch | 494 ++++++++++++ .../0015-fix-pkc-request-deallocation.patch | 40 + ...0016-add-basic-detection-of-asym-features.patch | 37 + .../sdk_patches/0017-remove-dead-code.patch | 67 ++ .../sdk_patches/0018-fix-compat-warnings.patch | 64 ++ .../sdk_patches/0019-fix-size_t-print-format.patch | 61 ++ ...x-uninitialized-variable-compiler-warning.patch | 38 + ...urn-codes-for-copy-to-from-user-functions.patch | 398 +++++++++ .../0022-fix-double-free-pkc-req-on-error.patch | 26 + ...023-remove-MAY_BACKLOG-flag-from-requests.patch | 69 ++ ...4-fix-COMPAT_CIOCKEY-ioctl-command-number.patch | 29 + .../sdk_patches/0025-fix-benchmarks-linking.patch | 25 + ...file-to-allow-parallel-make-with-j-option.patch | 56 ++ ...kernel-conventions-for-Makefile-variables.patch | 47 ++ ...nsistency-use-.-instead-of-.-in-makefiles.patch | 73 ++ ...p-on-error-path-for-crypto_create_session.patch | 117 +++ ...e-code-duplication-in-cryptodev_hash_init.patch | 59 ++ .../sdk_patches/0031-fix-comment-typo.patch | 26 + .../0032-avoid-calls-to-kmalloc-on-hotpaths.patch | 220 +++++ ...void-unnecessary-checks-for-hash-clean-up.patch | 33 + ...with-CIOCHASH-to-support-direct-hash-oper.patch | 114 +++ ...y-crypto-API-digest-operation-for-CIOCHAS.patch | 315 ++++++++ .../0036-add-compat-for-CIOCHASH-operation.patch | 120 +++ ...te-sha_speed.c-to-reduce-code-duplication.patch | 190 +++++ .../0038-extend-sha_speed.c-to-test-CIOCHASH.patch | 143 ++++ ...x-memory-leaks-on-error-path-for-CIOCHASH.patch | 70 ++ ...0040-fix-structure-init-in-sha_speed-test.patch | 53 ++ ...41-add-separate-target-for-building-tests.patch | 38 + .../0042-fix-destination-for-staged-installs.patch | 55 ++ .../0043-add-install-target-for-tests.patch | 46 ++ ...pile-and-install-rules-for-cryptodev-test.patch | 50 ++ ...talling-header-file-provided-by-another-p.patch | 29 + 83 files changed, 6073 insertions(+), 4394 deletions(-) delete mode 100644 recipes-kernel/cryptodev/cryptodev-qoriq-linux_1.7.bb create mode 100644 recipes-kernel/cryptodev/cryptodev-qoriq-linux_1.8.bb delete mode 100644 recipes-kernel/cryptodev/cryptodev-qoriq-module_1.7.bb create mode 100644 recipes-kernel/cryptodev/cryptodev-qoriq-module_1.8.bb delete mode 100644 recipes-kernel/cryptodev/cryptodev-qoriq-tests_1.7.bb create mode 100644 recipes-kernel/cryptodev/cryptodev-qoriq-tests_1.8.bb delete mode 100644 recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc create mode 100644 recipes-kernel/cryptodev/cryptodev-qoriq_1.8.inc delete mode 100644 recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch delete mode 100644 recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch delete mode 100644 recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch delete mode 100644 recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch delete mode 100644 recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch delete mode 100644 recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch delete mode 100644 recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch delete mode 100644 recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch delete mode 100644 recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch delete mode 100644 recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch delete mode 100644 recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch delete mode 100644 recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch delete mode 100644 recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch delete mode 100644 recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch delete mode 100644 recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch delete mode 100644 recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch delete mode 100644 recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch delete mode 100644 recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch delete mode 100644 recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch delete mode 100644 recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch delete mode 100644 recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch delete mode 100644 recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch delete mode 100644 recipes-kernel/cryptodev/files/0017-remove-dead-code.patch delete mode 100644 recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch delete mode 100644 recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch delete mode 100644 recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch delete mode 100644 recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch delete mode 100644 recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch delete mode 100644 recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch delete mode 100644 recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0003-PKC-support-added-in-cryptodev-module.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0004-Compat-versions-of-PKC-IOCTLs.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0005-Asynchronous-interface-changes-in-cryptodev.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0008-Add-RSA-Key-generation-offloading.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0013-clean-up-code-layout.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0014-remove-redundant-data-copy-for-pkc-operations.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0015-fix-pkc-request-deallocation.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0016-add-basic-detection-of-asym-features.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0017-remove-dead-code.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0018-fix-compat-warnings.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0019-fix-size_t-print-format.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0020-fix-uninitialized-variable-compiler-warning.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0021-check-return-codes-for-copy-to-from-user-functions.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0022-fix-double-free-pkc-req-on-error.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0023-remove-MAY_BACKLOG-flag-from-requests.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0025-fix-benchmarks-linking.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0026-fix-Makefile-to-allow-parallel-make-with-j-option.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0027-use-Linux-kernel-conventions-for-Makefile-variables.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0028-for-consistency-use-.-instead-of-.-in-makefiles.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0029-fix-clean-up-on-error-path-for-crypto_create_session.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0030-remove-code-duplication-in-cryptodev_hash_init.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0031-fix-comment-typo.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0032-avoid-calls-to-kmalloc-on-hotpaths.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0033-avoid-unnecessary-checks-for-hash-clean-up.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0034-extend-API-with-CIOCHASH-to-support-direct-hash-oper.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0035-use-directly-crypto-API-digest-operation-for-CIOCHAS.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0036-add-compat-for-CIOCHASH-operation.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0037-rewrite-sha_speed.c-to-reduce-code-duplication.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0038-extend-sha_speed.c-to-test-CIOCHASH.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0039-fix-memory-leaks-on-error-path-for-CIOCHASH.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0040-fix-structure-init-in-sha_speed-test.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0041-add-separate-target-for-building-tests.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0042-fix-destination-for-staged-installs.patch create mode 100644 recipes-kernel/cryptodev/sdk_patches/0043-add-install-target-for-tests.patch create mode 100644 recipes-kernel/cryptodev/yocto_patches/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch create mode 100644 recipes-kernel/cryptodev/yocto_patches/0001-Disable-installing-header-file-provided-by-another-p.patch diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq-linux_1.7.bb b/recipes-kernel/cryptodev/cryptodev-qoriq-linux_1.7.bb deleted file mode 100644 index 58db505..0000000 --- a/recipes-kernel/cryptodev/cryptodev-qoriq-linux_1.7.bb +++ /dev/null @@ -1,16 +0,0 @@ -require cryptodev-qoriq_${PV}.inc - -SUMMARY = "A /dev/crypto device driver header file" - -PROVIDES = "cryptodev-linux" - -do_compile[noexec] = "1" - -# Just install cryptodev.h which is the only header file needed to be exported -do_install() { - install -D ${S}/crypto/cryptodev.h ${D}${includedir}/crypto/cryptodev.h -} - -ALLOW_EMPTY_${PN} = "1" - -COMPATIBLE_MACHINE = "(qoriq)" diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq-linux_1.8.bb b/recipes-kernel/cryptodev/cryptodev-qoriq-linux_1.8.bb new file mode 100644 index 0000000..69fb622 --- /dev/null +++ b/recipes-kernel/cryptodev/cryptodev-qoriq-linux_1.8.bb @@ -0,0 +1,14 @@ +require cryptodev-qoriq_${PV}.inc + +SUMMARY = "A /dev/crypto device driver header file" + +PROVIDES += "cryptodev-linux" + +do_compile[noexec] = "1" + +# Just install cryptodev.h which is the only header file needed to be exported +do_install() { + install -D ${S}/crypto/cryptodev.h ${D}${includedir}/crypto/cryptodev.h +} + +ALLOW_EMPTY_${PN} = "1" diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq-module_1.7.bb b/recipes-kernel/cryptodev/cryptodev-qoriq-module_1.7.bb deleted file mode 100644 index 383b482..0000000 --- a/recipes-kernel/cryptodev/cryptodev-qoriq-module_1.7.bb +++ /dev/null @@ -1,14 +0,0 @@ -require cryptodev-qoriq_${PV}.inc - -SUMMARY = "A /dev/crypto device driver kernel module" - -PROVIDES = "cryptodev-module" - -inherit module qoriq_build_64bit_kernel - -# Header file provided by a separate package -DEPENDS += "cryptodev-linux" - -EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' - -COMPATIBLE_MACHINE = "(qoriq)" diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq-module_1.8.bb b/recipes-kernel/cryptodev/cryptodev-qoriq-module_1.8.bb new file mode 100644 index 0000000..e51c452 --- /dev/null +++ b/recipes-kernel/cryptodev/cryptodev-qoriq-module_1.8.bb @@ -0,0 +1,19 @@ +require cryptodev-qoriq_${PV}.inc + +SUMMARY = "A /dev/crypto device driver kernel module" + +inherit module qoriq_build_64bit_kernel + +PROVIDES += "cryptodev-module" + +# Header file provided by a separate package +DEPENDS += "cryptodev-linux" + +SRC_URI_append = " \ +file://0001-Disable-installing-header-file-provided-by-another-p.patch \ +" + +EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" DESTDIR="${D}"' + +RCONFLICTS_${PN} = "ocf-linux" +RREPLACES_${PN} = "ocf-linux" diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq-tests_1.7.bb b/recipes-kernel/cryptodev/cryptodev-qoriq-tests_1.7.bb deleted file mode 100644 index a60ea98..0000000 --- a/recipes-kernel/cryptodev/cryptodev-qoriq-tests_1.7.bb +++ /dev/null @@ -1,21 +0,0 @@ -require cryptodev-qoriq_${PV}.inc - -SUMMARY = "A test suite for /dev/crypto device driver" -DEPENDS = "openssl" - -PROVIDES = "cryptodev-tests" - -EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"' - -do_compile() { - oe_runmake testprogs -} - -do_install() { - oe_runmake install_tests -} - -FILES_${PN}-dbg += "${bindir}/tests_cryptodev/.debug" -FILES_${PN} = "${bindir}/tests_cryptodev/*" - -COMPATIBLE_MACHINE = "(qoriq)" diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq-tests_1.8.bb b/recipes-kernel/cryptodev/cryptodev-qoriq-tests_1.8.bb new file mode 100644 index 0000000..18bc3c5 --- /dev/null +++ b/recipes-kernel/cryptodev/cryptodev-qoriq-tests_1.8.bb @@ -0,0 +1,24 @@ +require cryptodev-qoriq_${PV}.inc + +SUMMARY = "A test suite for /dev/crypto device driver" + +DEPENDS += "openssl" + +PROVIDES += "cryptodev-tests" + +SRC_URI_append = " \ +file://0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch \ +" + +EXTRA_OEMAKE='KERNEL_DIR="${STAGING_EXECPREFIXDIR}" DESTDIR="${D}"' + +do_compile() { + oe_runmake testprogs +} + +do_install() { + oe_runmake install_tests +} + +FILES_${PN}-dbg += "${bindir}/tests_cryptodev/.debug" +FILES_${PN} = "${bindir}/tests_cryptodev/*" diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc b/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc deleted file mode 100644 index e4700db..0000000 --- a/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc +++ /dev/null @@ -1,62 +0,0 @@ -HOMEPAGE = "http://cryptodev-linux.org/" - -RCONFLICTS_${PN} = "ocf-linux" -RREPLACES_${PN} = "ocf-linux" - -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -python() { - pkgs = d.getVar('PACKAGES', True).split() - for p in pkgs: - if 'cryptodev-qoriq' in p: - d.appendVar("RPROVIDES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev')) - d.appendVar("RCONFLICTS_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev')) - d.appendVar("RREPLACES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev')) -} - -SRC_URI = "http://download.gna.org/cryptodev-linux/cryptodev-linux-${PV}.tar.gz" -SRC_URI[md5sum] = "0b63b3481cf2c90386b35f057481d36b" -SRC_URI[sha256sum] = "41880533b53de4d7b3f054e230f576988dafb8eed7bef5ebcf6422bb2e3a3b25" - -# Upstream hotfixes and yocto specific patches -SRC_URI_append = " \ -file://0001-fix-compilation-against-linux-3.19.patch \ -file://0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch \ -file://0003-Disable-installing-header-file-provided-by-another-p.patch \ -file://0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch \ -" -# SDK patches -SRC_URI_append = " file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \ -file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \ -file://0003-PKC-support-added-in-cryptodev-module.patch \ -file://0004-Compat-versions-of-PKC-IOCTLs.patch \ -file://0005-Asynchronous-interface-changes-in-cryptodev.patch \ -file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \ -file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \ -file://0008-Add-RSA-Key-generation-offloading.patch \ -file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \ -file://0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch \ -file://0011-add-support-for-TLSv1.1-record-offload.patch \ -file://0012-add-support-for-TLSv1.2-record-offload.patch \ -file://0013-clean-up-code-layout.patch \ -file://0014-remove-redundant-data-copy-for-pkc-operations.patch \ -file://0015-fix-pkc-request-deallocation.patch \ -file://0016-add-basic-detection-of-asym-features.patch \ -file://0017-remove-dead-code.patch \ -file://0018-fix-compat-warnings.patch \ -file://0019-fix-size_t-print-format.patch \ -file://0020-fix-uninitialized-variable-compiler-warning.patch \ -file://0021-check-return-codes-for-copy-to-from-user-functions.patch \ -file://0022-fix-double-free-pkc-req-on-error.patch \ -file://0023-remove-MAY_BACKLOG-flag-from-requests.patch \ -file://0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch \ -" - -# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc -# if pkc-host does not need customized cryptodev patches anymore -SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" - -S = "${WORKDIR}/cryptodev-linux-${PV}" - -CLEANBROKEN = "1" diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq_1.8.inc b/recipes-kernel/cryptodev/cryptodev-qoriq_1.8.inc new file mode 100644 index 0000000..7e9b4a6 --- /dev/null +++ b/recipes-kernel/cryptodev/cryptodev-qoriq_1.8.inc @@ -0,0 +1,76 @@ +HOMEPAGE = "http://cryptodev-linux.org/" + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +python() { + pkgs = d.getVar('PACKAGES', True).split() + for p in pkgs: + if 'cryptodev-qoriq' in p: + d.appendVar("RPROVIDES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev')) + d.appendVar("RCONFLICTS_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev')) + d.appendVar("RREPLACES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev')) +} + +FILESEXTRAPATHS_prepend := "${THISDIR}/sdk_patches:" +FILESEXTRAPATHS_prepend := "${THISDIR}/yocto_patches:" + +SRC_URI = "http://download.gna.org/cryptodev-linux/cryptodev-linux-${PV}.tar.gz" + +SRC_URI[md5sum] = "02644cc4cd02301e0b503a332eb2f0b5" +SRC_URI[sha256sum] = "67fabde9fb67b286a96c4f45b594b0eccd0f761b495705c18f2ae9461b831376" + +# SDK patches +SRC_URI_append = " file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \ +file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \ +file://0003-PKC-support-added-in-cryptodev-module.patch \ +file://0004-Compat-versions-of-PKC-IOCTLs.patch \ +file://0005-Asynchronous-interface-changes-in-cryptodev.patch \ +file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \ +file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \ +file://0008-Add-RSA-Key-generation-offloading.patch \ +file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \ +file://0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch \ +file://0011-add-support-for-TLSv1.1-record-offload.patch \ +file://0012-add-support-for-TLSv1.2-record-offload.patch \ +file://0013-clean-up-code-layout.patch \ +file://0014-remove-redundant-data-copy-for-pkc-operations.patch \ +file://0015-fix-pkc-request-deallocation.patch \ +file://0016-add-basic-detection-of-asym-features.patch \ +file://0017-remove-dead-code.patch \ +file://0018-fix-compat-warnings.patch \ +file://0019-fix-size_t-print-format.patch \ +file://0020-fix-uninitialized-variable-compiler-warning.patch \ +file://0021-check-return-codes-for-copy-to-from-user-functions.patch \ +file://0022-fix-double-free-pkc-req-on-error.patch \ +file://0023-remove-MAY_BACKLOG-flag-from-requests.patch \ +file://0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch \ +file://0025-fix-benchmarks-linking.patch \ +file://0026-fix-Makefile-to-allow-parallel-make-with-j-option.patch \ +file://0027-use-Linux-kernel-conventions-for-Makefile-variables.patch \ +file://0028-for-consistency-use-.-instead-of-.-in-makefiles.patch \ +file://0029-fix-clean-up-on-error-path-for-crypto_create_session.patch \ +file://0030-remove-code-duplication-in-cryptodev_hash_init.patch \ +file://0031-fix-comment-typo.patch \ +file://0032-avoid-calls-to-kmalloc-on-hotpaths.patch \ +file://0033-avoid-unnecessary-checks-for-hash-clean-up.patch \ +file://0034-extend-API-with-CIOCHASH-to-support-direct-hash-oper.patch \ +file://0035-use-directly-crypto-API-digest-operation-for-CIOCHAS.patch \ +file://0036-add-compat-for-CIOCHASH-operation.patch \ +file://0037-rewrite-sha_speed.c-to-reduce-code-duplication.patch \ +file://0038-extend-sha_speed.c-to-test-CIOCHASH.patch \ +file://0039-fix-memory-leaks-on-error-path-for-CIOCHASH.patch \ +file://0040-fix-structure-init-in-sha_speed-test.patch \ +file://0041-add-separate-target-for-building-tests.patch \ +file://0042-fix-destination-for-staged-installs.patch \ +file://0043-add-install-target-for-tests.patch \ +" + +# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc +# if pkc-host does not need customized cryptodev patches anymore +SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" + +S = "${WORKDIR}/cryptodev-linux-${PV}" + +CLEANBROKEN = "1" +COMPATIBLE_MACHINE = "(qoriq)" diff --git a/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch deleted file mode 100644 index 7d957ec..0000000 --- a/recipes-kernel/cryptodev/files/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch +++ /dev/null @@ -1,52 +0,0 @@ -From c653e3a70499c6bb66b57c1788d2d38ca9b8a07e Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Thu, 29 Aug 2013 16:52:30 +0300 -Subject: [PATCH 01/15] add support for composite TLS10(SHA1,AES) algorithm - offload - -This adds support for composite algorithm offload as a primitive -crypto (cipher + hmac) operation. - -It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm -provided either in software or accelerated by hardware such as -Freescale B*, P* and T* platforms. - -Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/17218 ---- - crypto/cryptodev.h | 1 + - ioctl.c | 5 +++++ - 2 files changed, 6 insertions(+) - -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 7fb9c7d..c0e8cd4 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t { - CRYPTO_SHA2_384, - CRYPTO_SHA2_512, - CRYPTO_SHA2_224_HMAC, -+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, - CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ - }; - -diff --git a/ioctl.c b/ioctl.c -index b23f5fd..a3f8379 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) - stream = 1; - aead = 1; - break; -+ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: -+ alg_name = "tls10(hmac(sha1),cbc(aes))"; -+ stream = 0; -+ aead = 1; -+ break; - case CRYPTO_NULL: - alg_name = "ecb(cipher_null)"; - stream = 1; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch b/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch deleted file mode 100644 index 10d6c8b..0000000 --- a/recipes-kernel/cryptodev/files/0001-don-t-advertise-RSA-keygen.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d30c9c64aca4a7905e1b7eb3e28e1c616191bd34 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Tue, 9 Dec 2014 16:41:25 +0200 -Subject: [PATCH] don't advertise RSA keygen - -Disable RSA keygen operations when they are not available. - -Currently no testing can be done and this patch should be applied -selectively on platforms that have incomplete support for RSA operations -(for example pkc driver on C293) - -Change-Id: Ic8df014623410c3cf4b0b217a246efcea8f2eeef -Signed-off-by: Cristian Stoica ---- - ioctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ioctl.c b/ioctl.c -index 53dbf64..27dc66e 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -979,7 +979,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMFEAT: - ses = 0; - if (crypto_has_alg("pkc(rsa)", 0, 0)) -- ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY; -+ ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP ; - if (crypto_has_alg("pkc(dsa)", 0, 0)) - ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY; - if (crypto_has_alg("pkc(dh)", 0, 0)) --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch b/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch deleted file mode 100644 index ab276d2..0000000 --- a/recipes-kernel/cryptodev/files/0001-fix-compilation-against-linux-3.19.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 5054d20d45571cc85339351fde52f872eeb82206 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Tue, 10 Feb 2015 04:57:05 +0100 -Subject: [PATCH 1/4] fix compilation against linux-3.19 - -Commit f938612dd97d481b8b5bf960c992ae577f081c17 in linux.git removes -get_unused_fd() macro. This patch changes the calling code to use it's -content 'get_unused_fd_flags(0)' instead. Checking for when -get_unused_fd_flags was introduced shows it's been there since 2.6.23 at -least, so probably no need to make this change conditional on the target -kernel version. - -Original patch by Ricardo Ribalda Delgado for Open Embedded, reported by -Oleg Rakhmanov. - -Signed-off-by: Phil Sutter ---- - ioctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ioctl.c b/ioctl.c -index 5a55a76..b23f5fd 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -546,7 +546,7 @@ static int - clonefd(struct file *filp) - { - int ret; -- ret = get_unused_fd(); -+ ret = get_unused_fd_flags(0); - if (ret >= 0) { - get_file(filp); - fd_install(ret, filp); --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch b/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch deleted file mode 100644 index f5ab8b4..0000000 --- a/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 47ff1eb9bb4f872c1d731b93d334ee5865bf3439 Mon Sep 17 00:00:00 2001 -From: Denys Dmytriyenko -Date: Sun, 6 Apr 2014 22:16:30 -0400 -Subject: [PATCH] Fix tests Makefile usage of LDLIBS vs. LDFLAGS - -Libraries must come after objects, as link order matters, especially -when using linker flags like -Wl,--as-needed. - -Signed-off-by: Denys Dmytriyenko - -Upstream-Status: Pending ---- - tests/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/Makefile b/tests/Makefile -index cd202af..67c3c83 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -39,5 +39,5 @@ testprogs: $(hostprogs) - clean: - rm -f *.o *~ $(hostprogs) - --${comp_progs}: LDFLAGS += -lssl -lcrypto -+${comp_progs}: LDLIBS += -lssl -lcrypto - ${comp_progs}: %: %.o openssl_wrapper.o --- -1.9.1 - diff --git a/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch deleted file mode 100644 index 08d9231..0000000 --- a/recipes-kernel/cryptodev/files/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch +++ /dev/null @@ -1,207 +0,0 @@ -From 71b317347179225693c6d41b740d387ae2c25061 Mon Sep 17 00:00:00 2001 -From: Horia Geanta -Date: Wed, 4 Dec 2013 15:43:41 +0200 -Subject: [PATCH 02/15] add support for COMPAT_CIOCAUTHCRYPT ioctl() - -Upstream-status: Pending - -Needed for 64b kernel with 32b user space. - -Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1 -Signed-off-by: Horia Geanta -Tested-by: Cristian Stoica ---- - authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - cryptodev_int.h | 40 +++++++++++++++++++++++++++++ - ioctl.c | 16 ++++++++++++ - 3 files changed, 134 insertions(+) - -diff --git a/authenc.c b/authenc.c -index 1bd7377..ef0d3db 100644 ---- a/authenc.c -+++ b/authenc.c -@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp - return 0; - } - -+/* compatibility code for 32bit userlands */ -+#ifdef CONFIG_COMPAT -+ -+static inline void -+compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat, -+ struct crypt_auth_op *caop) -+{ -+ caop->ses = compat->ses; -+ caop->op = compat->op; -+ caop->flags = compat->flags; -+ caop->len = compat->len; -+ caop->auth_len = compat->auth_len; -+ caop->tag_len = compat->tag_len; -+ caop->iv_len = compat->iv_len; -+ -+ caop->auth_src = compat_ptr(compat->auth_src); -+ caop->src = compat_ptr(compat->src); -+ caop->dst = compat_ptr(compat->dst); -+ caop->tag = compat_ptr(compat->tag); -+ caop->iv = compat_ptr(compat->iv); -+} -+ -+static inline void -+crypt_auth_op_to_compat(struct crypt_auth_op *caop, -+ struct compat_crypt_auth_op *compat) -+{ -+ compat->ses = caop->ses; -+ compat->op = caop->op; -+ compat->flags = caop->flags; -+ compat->len = caop->len; -+ compat->auth_len = caop->auth_len; -+ compat->tag_len = caop->tag_len; -+ compat->iv_len = caop->iv_len; -+ -+ compat->auth_src = ptr_to_compat(caop->auth_src); -+ compat->src = ptr_to_compat(caop->src); -+ compat->dst = ptr_to_compat(caop->dst); -+ compat->tag = ptr_to_compat(caop->tag); -+ compat->iv = ptr_to_compat(caop->iv); -+} -+ -+int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, -+ struct fcrypt *fcr, void __user *arg) -+{ -+ struct compat_crypt_auth_op compat_caop; -+ -+ if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) { -+ dprintk(1, KERN_ERR, "Error in copying from userspace\n"); -+ return -EFAULT; -+ } -+ -+ compat_to_crypt_auth_op(&compat_caop, &kcaop->caop); -+ -+ return fill_kcaop_from_caop(kcaop, fcr); -+} -+ -+int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, -+ struct fcrypt *fcr, void __user *arg) -+{ -+ int ret; -+ struct compat_crypt_auth_op compat_caop; -+ -+ ret = fill_caop_from_kcaop(kcaop, fcr); -+ if (unlikely(ret)) { -+ dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n"); -+ return ret; -+ } -+ -+ crypt_auth_op_to_compat(&kcaop->caop, &compat_caop); -+ -+ if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) { -+ dprintk(1, KERN_ERR, "Error in copying to userspace\n"); -+ return -EFAULT; -+ } -+ return 0; -+} -+ -+#endif /* CONFIG_COMPAT */ - - int kcaop_from_user(struct kernel_crypt_auth_op *kcaop, - struct fcrypt *fcr, void __user *arg) -diff --git a/cryptodev_int.h b/cryptodev_int.h -index d7660fa..8e687e7 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -73,11 +73,42 @@ struct compat_crypt_op { - compat_uptr_t iv;/* initialization vector for encryption operations */ - }; - -+ /* input of CIOCAUTHCRYPT */ -+struct compat_crypt_auth_op { -+ uint32_t ses; /* session identifier */ -+ uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */ -+ uint16_t flags; /* see COP_FLAG_AEAD_* */ -+ uint32_t len; /* length of source data */ -+ uint32_t auth_len; /* length of auth data */ -+ compat_uptr_t auth_src; /* authenticated-only data */ -+ -+ /* The current implementation is more efficient if data are -+ * encrypted in-place (src==dst). */ -+ compat_uptr_t src; /* data to be encrypted and -+ authenticated */ -+ compat_uptr_t dst; /* pointer to output data. Must have -+ * space for tag. For TLS this should be -+ * at least len + tag_size + block_size -+ * for padding */ -+ -+ compat_uptr_t tag; /* where the tag will be copied to. TLS -+ * mode doesn't use that as tag is -+ * copied to dst. -+ * SRTP mode copies tag there. */ -+ uint32_t tag_len; /* the length of the tag. Use zero for -+ * digest size or max tag. */ -+ -+ /* initialization vector for encryption operations */ -+ compat_uptr_t iv; -+ uint32_t iv_len; -+}; -+ - /* compat ioctls, defined for the above structs */ - #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) - #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) - #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) - #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) -+#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) - - #endif /* CONFIG_COMPAT */ - -@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op { - - /* auth */ - -+#ifdef CONFIG_COMPAT -+int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, -+ struct fcrypt *fcr, void __user *arg); -+ -+int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, -+ struct fcrypt *fcr, void __user *arg); -+#endif /* CONFIG_COMPAT */ -+ -+ - int kcaop_from_user(struct kernel_crypt_auth_op *kcop, - struct fcrypt *fcr, void __user *arg); - int kcaop_to_user(struct kernel_crypt_auth_op *kcaop, -diff --git a/ioctl.c b/ioctl.c -index a3f8379..5a44807 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - struct session_op sop; - struct compat_session_op compat_sop; - struct kernel_crypt_op kcop; -+ struct kernel_crypt_auth_op kcaop; - int ret; - - if (unlikely(!pcr)) -@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - return ret; - - return compat_kcop_to_user(&kcop, fcr, arg); -+ -+ case COMPAT_CIOCAUTHCRYPT: -+ if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) { -+ dprintk(1, KERN_WARNING, "Error copying from user\n"); -+ return ret; -+ } -+ -+ ret = crypto_auth_run(fcr, &kcaop); -+ if (unlikely(ret)) { -+ dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n"); -+ return ret; -+ } -+ -+ return compat_kcaop_to_user(&kcaop, fcr, arg); -+ - #ifdef ENABLE_ASYNC - case COMPAT_CIOCASYNCCRYPT: - if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg))) --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch b/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch deleted file mode 100644 index 68c48e0..0000000 --- a/recipes-kernel/cryptodev/files/0002-tests-Makefile-fix-arg-passing-to-CC-in-implicit-rul.patch +++ /dev/null @@ -1,28 +0,0 @@ -From da730106c2558c8e0c8e1b1b1812d32ef9574ab7 Mon Sep 17 00:00:00 2001 -From: Phil Sutter -Date: Sat, 11 Apr 2015 12:45:05 +0200 -Subject: [PATCH 2/4] tests/Makefile: fix arg passing to CC in implicit rule - -GCC docs suggest passing -lfoo after object files referring to functions -in libfoo. Therefore use LDLIBS to specify libraries, which puts them at -the right place when make calls CC implicitly. - -Signed-off-by: Phil Sutter ---- - tests/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/Makefile b/tests/Makefile -index c9f04e8..20c52ba 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -31,5 +31,5 @@ check: $(hostprogs) - clean: - rm -f *.o *~ $(hostprogs) - --${comp_progs}: LDFLAGS += -lssl -lcrypto -+${comp_progs}: LDLIBS += -lssl -lcrypto - ${comp_progs}: %: %.o openssl_wrapper.o --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch b/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch deleted file mode 100644 index e384950..0000000 --- a/recipes-kernel/cryptodev/files/0003-Disable-installing-header-file-provided-by-another-p.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c618f882c283511dd4f7547113a1117c4785f56f Mon Sep 17 00:00:00 2001 -From: Denys Dmytriyenko -Date: Sun, 6 Apr 2014 19:51:39 -0400 -Subject: [PATCH 3/4] Disable installing header file provided by another - package - -Signed-off-by: Denys Dmytriyenko - -Upstream-Status: Inappropriate [ OE specific ] ---- - Makefile | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/Makefile b/Makefile -index 31c4b3f..855bb54 100644 ---- a/Makefile -+++ b/Makefile -@@ -31,8 +31,6 @@ install: modules_install - - modules_install: - make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install -- @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..." -- @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h - - clean: - make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch b/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch deleted file mode 100644 index 46f2432..0000000 --- a/recipes-kernel/cryptodev/files/0003-PKC-support-added-in-cryptodev-module.patch +++ /dev/null @@ -1,898 +0,0 @@ -From fc9ee6ed33c76372de6e3748d2e951fa10f7c47e Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 06:16:09 +0545 -Subject: [PATCH 03/15] PKC support added in cryptodev module - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - cryptlib.c | 66 +++++++++- - cryptlib.h | 28 ++++ - crypto/cryptodev.h | 15 ++- - cryptodev_int.h | 20 ++- - ioctl.c | 196 +++++++++++++++++++++++++-- - main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 6 files changed, 685 insertions(+), 18 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 44ce763..6900028 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -5,6 +5,8 @@ - * Portions Copyright (c) 2010 Michael Weiser - * Portions Copyright (c) 2010 Phil Sutter - * -+ * Copyright 2012 Freescale Semiconductor, Inc. -+ * - * This file is part of linux cryptodev. - * - * This program is free software; you can redistribute it and/or -@@ -39,11 +41,6 @@ - #include "cryptodev_int.h" - - --struct cryptodev_result { -- struct completion completion; -- int err; --}; -- - static void cryptodev_complete(struct crypto_async_request *req, int err) - { - struct cryptodev_result *res = req->data; -@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret) - case 0: - break; - case -EINPROGRESS: -- case -EBUSY: - wait_for_completion(&cr->completion); - /* At this point we known for sure the request has finished, - * because wait_for_completion above was not interruptible. -@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) - return waitfor(hdata->async.result, ret); - } - -+int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) -+{ -+ int ret = 0; -+ struct pkc_request *pkc_req = &pkc->req, *pkc_requested; -+ -+ switch (pkc_req->type) { -+ case RSA_PUB: -+ case RSA_PRIV_FORM1: -+ case RSA_PRIV_FORM2: -+ case RSA_PRIV_FORM3: -+ pkc->s = crypto_alloc_pkc("pkc(rsa)", -+ CRYPTO_ALG_TYPE_PKC_RSA, 0); -+ break; -+ case DSA_SIGN: -+ case DSA_VERIFY: -+ case ECDSA_SIGN: -+ case ECDSA_VERIFY: -+ pkc->s = crypto_alloc_pkc("pkc(dsa)", -+ CRYPTO_ALG_TYPE_PKC_DSA, 0); -+ break; -+ case DH_COMPUTE_KEY: -+ case ECDH_COMPUTE_KEY: -+ pkc->s = crypto_alloc_pkc("pkc(dh)", -+ CRYPTO_ALG_TYPE_PKC_DH, 0); -+ break; -+ default: -+ return -EINVAL; -+ } -+ -+ if (IS_ERR_OR_NULL(pkc->s)) -+ return -EINVAL; -+ -+ init_completion(&pkc->result.completion); -+ pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); -+ -+ if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { -+ ret = -ENOMEM; -+ goto error; -+ } -+ pkc_requested->type = pkc_req->type; -+ pkc_requested->curve_type = pkc_req->curve_type; -+ memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); -+ pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, -+ cryptodev_complete_asym, pkc); -+ ret = crypto_pkc_op(pkc_requested); -+ if (ret != -EINPROGRESS && ret != 0) -+ goto error2; -+ -+ if (pkc->type == SYNCHRONOUS) -+ ret = waitfor(&pkc->result, ret); -+ -+ return ret; -+error2: -+ kfree(pkc_requested); -+error: -+ crypto_free_pkc(pkc->s); -+ return ret; -+} -diff --git a/cryptlib.h b/cryptlib.h -index a0a8a63..56d325a 100644 ---- a/cryptlib.h -+++ b/cryptlib.h -@@ -1,3 +1,6 @@ -+/* -+ * Copyright 2012 Freescale Semiconductor, Inc. -+ */ - #ifndef CRYPTLIB_H - # define CRYPTLIB_H - -@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata); - int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, - int hmac_mode, void *mackey, size_t mackeylen); - -+/* Operation Type */ -+enum offload_type { -+ SYNCHRONOUS, -+ ASYNCHRONOUS -+}; -+ -+struct cryptodev_result { -+ struct completion completion; -+ int err; -+}; -+ -+struct cryptodev_pkc { -+ struct list_head list; /* To maintain the Jobs in completed -+ cryptodev lists */ -+ struct kernel_crypt_kop kop; -+ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ -+ struct cryptodev_result result; /* Result to be updated by -+ completion handler */ -+ struct pkc_request req; /* PKC request structure allocated -+ from CryptoAPI */ -+ enum offload_type type; /* Synchronous Vs Asynchronous request */ -+ void *cookie; /*Additional opaque cookie to be used in future */ -+ struct crypt_priv *priv; -+}; - -+int cryptodev_pkc_offload(struct cryptodev_pkc *); - #endif -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index c0e8cd4..96675fe 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -1,6 +1,10 @@ --/* This is a source compatible implementation with the original API of -+/* -+ * Copyright 2012 Freescale Semiconductor, Inc. -+ * -+ * This is a source compatible implementation with the original API of - * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. -- * Placed under public domain */ -+ * Placed under public domain -+ */ - - #ifndef L_CRYPTODEV_H - #define L_CRYPTODEV_H -@@ -245,6 +249,9 @@ struct crypt_kop { - __u16 crk_oparams; - __u32 crk_pad1; - struct crparam crk_param[CRK_MAXPARAM]; -+ enum curve_t curve_type; /* 0 == Discrete Log, -+ 1 = EC_PRIME, 2 = EC_BINARY */ -+ void *cookie; - }; - - enum cryptodev_crk_op_t { -@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t { - */ - #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) - #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) -- -+/* additional ioctls for asynchronous operation for asymmetric ciphers*/ -+#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) -+#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) - #endif /* L_CRYPTODEV_H */ -diff --git a/cryptodev_int.h b/cryptodev_int.h -index 8e687e7..fdbcc61 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -1,4 +1,6 @@ --/* cipher stuff */ -+/* cipher stuff -+ * Copyright 2012 Freescale Semiconductor, Inc. -+ */ - #ifndef CRYPTODEV_INT_H - # define CRYPTODEV_INT_H - -@@ -112,6 +114,14 @@ struct compat_crypt_auth_op { - - #endif /* CONFIG_COMPAT */ - -+/* kernel-internal extension to struct crypt_kop */ -+struct kernel_crypt_kop { -+ struct crypt_kop kop; -+ -+ struct task_struct *task; -+ struct mm_struct *mm; -+}; -+ - /* kernel-internal extension to struct crypt_op */ - struct kernel_crypt_op { - struct crypt_op cop; -@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop); - - #include - -+/* Cryptodev Key operation handler */ -+int crypto_bn_modexp(struct cryptodev_pkc *); -+int crypto_modexp_crt(struct cryptodev_pkc *); -+int crypto_kop_dsasign(struct cryptodev_pkc *); -+int crypto_kop_dsaverify(struct cryptodev_pkc *); -+int crypto_run_asym(struct cryptodev_pkc *); -+void cryptodev_complete_asym(struct crypto_async_request *, int); -+ - /* other internal structs */ - struct csession { - struct list_head entry; -diff --git a/ioctl.c b/ioctl.c -index 5a44807..69980e3 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -4,6 +4,7 @@ - * Copyright (c) 2004 Michal Ludvig , SuSE Labs - * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos - * Copyright (c) 2010 Phil Sutter -+ * Copyright 2012 Freescale Semiconductor, Inc. - * - * This file is part of linux cryptodev. - * -@@ -89,8 +90,37 @@ struct crypt_priv { - int itemcount; - struct work_struct cryptask; - wait_queue_head_t user_waiter; -+ /* List of pending cryptodev_pkc asym requests */ -+ struct list_head asym_completed_list; -+ /* For addition/removal of entry in pending list of asymmetric request*/ -+ spinlock_t completion_lock; - }; - -+/* Asymmetric request Completion handler */ -+void cryptodev_complete_asym(struct crypto_async_request *req, int err) -+{ -+ struct cryptodev_pkc *pkc = req->data; -+ struct cryptodev_result *res = &pkc->result; -+ -+ crypto_free_pkc(pkc->s); -+ res->err = err; -+ if (pkc->type == SYNCHRONOUS) { -+ if (err == -EINPROGRESS) -+ return; -+ complete(&res->completion); -+ } else { -+ struct crypt_priv *pcr = pkc->priv; -+ unsigned long flags; -+ spin_lock_irqsave(&pcr->completion_lock, flags); -+ list_add_tail(&pkc->list, &pcr->asym_completed_list); -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ /* wake for POLLIN */ -+ wake_up_interruptible(&pcr->user_waiter); -+ } -+ -+ kfree(req); -+} -+ - #define FILL_SG(sg, ptr, len) \ - do { \ - (sg)->page = virt_to_page(ptr); \ -@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp) - INIT_LIST_HEAD(&pcr->free.list); - INIT_LIST_HEAD(&pcr->todo.list); - INIT_LIST_HEAD(&pcr->done.list); -- -+ INIT_LIST_HEAD(&pcr->asym_completed_list); -+ spin_lock_init(&pcr->completion_lock); - INIT_WORK(&pcr->cryptask, cryptask_routine); - - init_waitqueue_head(&pcr->user_waiter); -@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr, - } - #endif - -+/* get the first asym cipher completed job from the "done" queue -+ * -+ * returns: -+ * -EBUSY if no completed jobs are ready (yet) -+ * the return value otherwise */ -+static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) -+{ -+ int ret = 0; -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *ckop = &kop->kop; -+ struct pkc_request *pkc_req = &pkc->req; -+ -+ switch (ckop->crk_op) { -+ case CRK_MOD_EXP: -+ { -+ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; -+ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, -+ rsa_req->g_len); -+ } -+ break; -+ case CRK_MOD_EXP_CRT: -+ { -+ struct rsa_priv_frm3_req_s *rsa_req = -+ &pkc_req->req_u.rsa_priv_f3; -+ copy_to_user(ckop->crk_param[6].crp_p, -+ rsa_req->f, rsa_req->f_len); -+ } -+ break; -+ case CRK_DSA_SIGN: -+ { -+ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; -+ -+ if (pkc_req->type == ECDSA_SIGN) { -+ copy_to_user(ckop->crk_param[6].crp_p, -+ dsa_req->c, dsa_req->d_len); -+ copy_to_user(ckop->crk_param[7].crp_p, -+ dsa_req->d, dsa_req->d_len); -+ } else { -+ copy_to_user(ckop->crk_param[5].crp_p, -+ dsa_req->c, dsa_req->d_len); -+ copy_to_user(ckop->crk_param[6].crp_p, -+ dsa_req->d, dsa_req->d_len); -+ } -+ } -+ break; -+ case CRK_DSA_VERIFY: -+ break; -+ case CRK_DH_COMPUTE_KEY: -+ { -+ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; -+ if (pkc_req->type == ECDH_COMPUTE_KEY) -+ copy_to_user(ckop->crk_param[4].crp_p, -+ dh_req->z, dh_req->z_len); -+ else -+ copy_to_user(ckop->crk_param[3].crp_p, -+ dh_req->z, dh_req->z_len); -+ } -+ break; -+ default: -+ ret = -EINVAL; -+ } -+ kfree(pkc->cookie); -+ return ret; -+} -+ -+/* this function has to be called from process context */ -+static int fill_kop_from_cop(struct kernel_crypt_kop *kop) -+{ -+ kop->task = current; -+ kop->mm = current->mm; -+ return 0; -+} -+ - /* this function has to be called from process context */ - static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) - { -@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) - - if (cop->iv) { - rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); -- if (unlikely(rc)) { -- derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", -- kcop->ivlen, rc, cop->iv); -+ if (unlikely(rc)) - return -EFAULT; -- } - } - - return 0; -@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) - return 0; - } - -+static int kop_from_user(struct kernel_crypt_kop *kop, -+ void __user *arg) -+{ -+ if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop)))) -+ return -EFAULT; -+ -+ return fill_kop_from_cop(kop); -+} -+ -+static int kop_to_user(struct kernel_crypt_kop *kop, -+ void __user *arg) -+{ -+ if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { -+ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); -+ return -EFAULT; -+ } -+ return 0; -+} -+ - static int kcop_from_user(struct kernel_crypt_op *kcop, - struct fcrypt *fcr, void __user *arg) - { -@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - - switch (cmd) { - case CIOCASYMFEAT: -- return put_user(0, p); -+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | -+ CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); -@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - if (unlikely(ret)) - return ret; - return copy_to_user(arg, &siop, sizeof(siop)); -+ case CIOCKEY: -+ { -+ struct cryptodev_pkc *pkc = -+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ -+ if (!pkc) -+ return -ENOMEM; -+ -+ ret = kop_from_user(&pkc->kop, arg); -+ if (unlikely(ret)) { -+ kfree(pkc); -+ return ret; -+ } -+ pkc->type = SYNCHRONOUS; -+ ret = crypto_run_asym(pkc); -+ kfree(pkc); -+ } -+ return ret; - case CIOCCRYPT: - if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) { - dwarning(1, "Error copying from user"); -@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - - return kcop_to_user(&kcop, fcr, arg); - #endif -+ case CIOCASYMASYNCRYPT: -+ { -+ struct cryptodev_pkc *pkc = -+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ ret = kop_from_user(&pkc->kop, arg); -+ -+ if (unlikely(ret)) -+ return -EINVAL; -+ -+ /* Store associated FD priv data with asymmetric request */ -+ pkc->priv = pcr; -+ pkc->type = ASYNCHRONOUS; -+ ret = crypto_run_asym(pkc); -+ if (ret == -EINPROGRESS) -+ ret = 0; -+ } -+ return ret; -+ case CIOCASYMASYNFETCH: -+ { -+ struct cryptodev_pkc *pkc; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&pcr->completion_lock, flags); -+ if (list_empty(&pcr->asym_completed_list)) { -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ return -ENOMEM; -+ } -+ pkc = list_first_entry(&pcr->asym_completed_list, -+ struct cryptodev_pkc, list); -+ list_del(&pkc->list); -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ ret = crypto_async_fetch_asym(pkc); -+ -+ /* Reflect the updated request to user-space */ -+ if (!ret) -+ kop_to_user(&pkc->kop, arg); -+ kfree(pkc); -+ } -+ return ret; - default: - return -EINVAL; - } -@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait) - - poll_wait(file, &pcr->user_waiter, wait); - -- if (!list_empty_careful(&pcr->done.list)) -+ if (!list_empty_careful(&pcr->done.list) || -+ !list_empty_careful(&pcr->asym_completed_list)) - ret |= POLLIN | POLLRDNORM; -- if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE) -+ if (!list_empty_careful(&pcr->free.list) || -+ pcr->itemcount < MAX_COP_RINGSIZE) - ret |= POLLOUT | POLLWRNORM; - - return ret; -diff --git a/main.c b/main.c -index 57e5c38..0b7951e 100644 ---- a/main.c -+++ b/main.c -@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop) - return ret; - } - -+int crypto_kop_dsasign(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req = &pkc->req; -+ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; -+ int rc, buf_size; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || -+ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 && -+ !cop->crk_param[7].crp_nbits)) -+ return -EINVAL; -+ -+ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; -+ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + -+ dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len + -+ dsa_req->d_len; -+ if (cop->crk_iparams == 6) { -+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; -+ buf_size += dsa_req->ab_len; -+ pkc_req->type = ECDSA_SIGN; -+ pkc_req->curve_type = cop->curve_type; -+ } else { -+ pkc_req->type = DSA_SIGN; -+ } -+ -+ buf = kzalloc(buf_size, GFP_DMA); -+ -+ dsa_req->q = buf; -+ dsa_req->r = dsa_req->q + dsa_req->q_len; -+ dsa_req->g = dsa_req->r + dsa_req->r_len; -+ dsa_req->priv_key = dsa_req->g + dsa_req->g_len; -+ dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; -+ dsa_req->c = dsa_req->m + dsa_req->m_len; -+ dsa_req->d = dsa_req->c + dsa_req->d_len; -+ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); -+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); -+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); -+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); -+ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, -+ dsa_req->priv_key_len); -+ if (cop->crk_iparams == 6) { -+ dsa_req->ab = dsa_req->d + dsa_req->d_len; -+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, -+ dsa_req->ab_len); -+ } -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ if (cop->crk_iparams == 6) { -+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, -+ dsa_req->d_len); -+ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, -+ dsa_req->d_len); -+ } else { -+ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, -+ dsa_req->d_len); -+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, -+ dsa_req->d_len); -+ } -+ } else { -+ if (rc != -EINPROGRESS && rc != 0) -+ goto err; -+ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct dsa_verify_req_s *dsa_req; -+ int rc, buf_size; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || -+ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 && -+ !cop->crk_param[7].crp_nbits)) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ dsa_req = &pkc_req->req_u.dsa_verify; -+ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; -+ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + -+ dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len + -+ dsa_req->d_len; -+ if (cop->crk_iparams == 8) { -+ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; -+ buf_size += dsa_req->ab_len; -+ pkc_req->type = ECDSA_VERIFY; -+ pkc_req->curve_type = cop->curve_type; -+ } else { -+ pkc_req->type = DSA_VERIFY; -+ } -+ -+ buf = kzalloc(buf_size, GFP_DMA); -+ -+ dsa_req->q = buf; -+ dsa_req->r = dsa_req->q + dsa_req->q_len; -+ dsa_req->g = dsa_req->r + dsa_req->r_len; -+ dsa_req->pub_key = dsa_req->g + dsa_req->g_len; -+ dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; -+ dsa_req->c = dsa_req->m + dsa_req->m_len; -+ dsa_req->d = dsa_req->c + dsa_req->d_len; -+ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); -+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); -+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); -+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); -+ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, -+ dsa_req->pub_key_len); -+ if (cop->crk_iparams == 8) { -+ dsa_req->ab = dsa_req->d + dsa_req->d_len; -+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, -+ dsa_req->ab_len); -+ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, -+ dsa_req->d_len); -+ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, -+ dsa_req->d_len); -+ } else { -+ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, -+ dsa_req->d_len); -+ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, -+ dsa_req->d_len); -+ } -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ } else { -+ if (rc != -EINPROGRESS && !rc) -+ goto err; -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_kop_dh_key(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct dh_key_req_s *dh_req; -+ int buf_size; -+ uint8_t *buf; -+ int rc = -EINVAL; -+ -+ pkc_req = &pkc->req; -+ dh_req = &pkc_req->req_u.dh_req; -+ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; -+ if (cop->crk_iparams == 4) { -+ pkc_req->type = ECDH_COMPUTE_KEY; -+ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ buf_size += dh_req->ab_len; -+ } else { -+ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ pkc_req->type = DH_COMPUTE_KEY; -+ } -+ buf_size += dh_req->z_len; -+ buf = kzalloc(buf_size, GFP_DMA); -+ dh_req->q = buf; -+ dh_req->s = dh_req->q + dh_req->q_len; -+ dh_req->pub_key = dh_req->s + dh_req->s_len; -+ dh_req->z = dh_req->pub_key + dh_req->pub_key_len; -+ if (cop->crk_iparams == 4) { -+ dh_req->ab = dh_req->z + dh_req->z_len; -+ pkc_req->curve_type = cop->curve_type; -+ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, -+ dh_req->ab_len); -+ } -+ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); -+ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, -+ dh_req->pub_key_len); -+ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ if (cop->crk_iparams == 4) -+ copy_to_user(cop->crk_param[4].crp_p, dh_req->z, -+ dh_req->z_len); -+ else -+ copy_to_user(cop->crk_param[3].crp_p, dh_req->z, -+ dh_req->z_len); -+ } else { -+ if (rc != -EINPROGRESS && rc != 0) -+ goto err; -+ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_modexp_crt(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct rsa_priv_frm3_req_s *rsa_req; -+ int rc; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ pkc_req->type = RSA_PRIV_FORM3; -+ rsa_req = &pkc_req->req_u.rsa_priv_f3; -+ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; -+ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; -+ buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + -+ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + -+ rsa_req->g_len, GFP_DMA); -+ rsa_req->p = buf; -+ rsa_req->q = rsa_req->p + rsa_req->p_len; -+ rsa_req->g = rsa_req->q + rsa_req->q_len; -+ rsa_req->dp = rsa_req->g + rsa_req->g_len; -+ rsa_req->dq = rsa_req->dp + rsa_req->dp_len; -+ rsa_req->c = rsa_req->dq + rsa_req->dq_len; -+ rsa_req->f = rsa_req->c + rsa_req->c_len; -+ copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); -+ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); -+ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); -+ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); -+ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); -+ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); -+ rc = cryptodev_pkc_offload(pkc); -+ -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, -+ rsa_req->f_len); -+ } else { -+ if (rc != -EINPROGRESS && rc != 0) -+ goto err; -+ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_bn_modexp(struct cryptodev_pkc *pkc) -+{ -+ struct pkc_request *pkc_req; -+ struct rsa_pub_req_s *rsa_req; -+ int rc; -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ pkc_req->type = RSA_PUB; -+ rsa_req = &pkc_req->req_u.rsa_pub_req; -+ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len -+ + rsa_req->g_len, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; -+ -+ rsa_req->e = buf; -+ rsa_req->f = rsa_req->e + rsa_req->e_len; -+ rsa_req->g = rsa_req->f + rsa_req->f_len; -+ rsa_req->n = rsa_req->g + rsa_req->g_len; -+ copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); -+ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); -+ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ -+ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, -+ rsa_req->g_len); -+ } else { -+ if (rc != -EINPROGRESS && rc != 0) -+ goto err; -+ -+ /* This one will be freed later in fetch handler */ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ -+int crypto_run_asym(struct cryptodev_pkc *pkc) -+{ -+ int ret = -EINVAL; -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ -+ switch (kop->kop.crk_op) { -+ case CRK_MOD_EXP: -+ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) -+ goto err; -+ -+ ret = crypto_bn_modexp(pkc); -+ break; -+ case CRK_MOD_EXP_CRT: -+ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) -+ goto err; -+ -+ ret = crypto_modexp_crt(pkc); -+ break; -+ case CRK_DSA_SIGN: -+ if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || -+ kop->kop.crk_oparams != 2) -+ goto err; -+ -+ ret = crypto_kop_dsasign(pkc); -+ break; -+ case CRK_DSA_VERIFY: -+ if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || -+ kop->kop.crk_oparams != 0) -+ goto err; -+ -+ ret = crypto_kop_dsaverify(pkc); -+ break; -+ case CRK_DH_COMPUTE_KEY: -+ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || -+ kop->kop.crk_oparams != 1) -+ goto err; -+ ret = crypto_kop_dh_key(pkc); -+ break; -+ } -+err: -+ return ret; -+} -+ - int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) - { - struct csession *ses_ptr; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch b/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch deleted file mode 100644 index 25a52a9..0000000 --- a/recipes-kernel/cryptodev/files/0004-Add-the-compile-and-install-rules-for-cryptodev-test.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 188f30f6233d05eb62b58bf6d94a16bcbeeae0ee Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 27 Apr 2015 15:26:14 +0300 -Subject: [PATCH 4/4] Add the compile and install rules for cryptodev tests - -Change-Id: Ica10dc563c77220dcf0e0993515230df8a86c34d -Signed-off-by: Yu Zongchun ---- - Makefile | 6 ++++++ - tests/Makefile | 8 ++++++++ - 2 files changed, 14 insertions(+) - -diff --git a/Makefile b/Makefile -index 855bb54..5497037 100644 ---- a/Makefile -+++ b/Makefile -@@ -32,6 +32,9 @@ install: modules_install - modules_install: - make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install - -+install_tests: -+ make -C tests install DESTDIR=$(PREFIX) -+ - clean: - make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean - rm -f $(hostprogs) *~ -@@ -40,6 +43,9 @@ clean: - check: - CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check - -+testprogs: -+ KERNEL_DIR=$(KERNEL_DIR) make -C tests testprogs -+ - CPOPTS = - ifneq (${SHOW_TYPES},) - CPOPTS += --show-types -diff --git a/tests/Makefile b/tests/Makefile -index 20c52ba..67c3c83 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -19,6 +19,12 @@ example-async-hmac-objs := async_hmac.o - example-async-speed-objs := async_speed.o - example-hashcrypt-speed-objs := hashcrypt_speed.c - -+install: -+ install -d $(DESTDIR)/usr/bin/tests_cryptodev -+ for bin in $(hostprogs); do \ -+ install -m 755 $${bin} $(DESTDIR)/usr/bin/tests_cryptodev/; \ -+ done -+ - check: $(hostprogs) - ./cipher - ./hmac -@@ -28,6 +34,8 @@ check: $(hostprogs) - ./cipher-gcm - ./cipher-aead - -+testprogs: $(hostprogs) -+ - clean: - rm -f *.o *~ $(hostprogs) - --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch b/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch deleted file mode 100644 index 2f35768..0000000 --- a/recipes-kernel/cryptodev/files/0004-Compat-versions-of-PKC-IOCTLs.patch +++ /dev/null @@ -1,200 +0,0 @@ -From b109fbdb64de6be0dc2f0d2ef108cead34652495 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 06:52:13 +0545 -Subject: [PATCH 04/15] Compat versions of PKC IOCTLs - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - cryptodev_int.h | 20 ++++++++++ - ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 140 insertions(+) - -diff --git a/cryptodev_int.h b/cryptodev_int.h -index fdbcc61..cf54dac 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -75,6 +75,24 @@ struct compat_crypt_op { - compat_uptr_t iv;/* initialization vector for encryption operations */ - }; - -+/* input of CIOCKEY */ -+struct compat_crparam { -+ compat_uptr_t crp_p; -+ uint32_t crp_nbits; -+}; -+ -+struct compat_crypt_kop { -+ uint32_t crk_op; /* cryptodev_crk_ot_t */ -+ uint32_t crk_status; -+ uint16_t crk_iparams; -+ uint16_t crk_oparams; -+ uint32_t crk_pad1; -+ struct compat_crparam crk_param[CRK_MAXPARAM]; -+ enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, -+ 2 = EC_BINARY */ -+ compat_uptr_t cookie; -+}; -+ - /* input of CIOCAUTHCRYPT */ - struct compat_crypt_auth_op { - uint32_t ses; /* session identifier */ -@@ -111,6 +129,8 @@ struct compat_crypt_auth_op { - #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) - #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) - #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) -+#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) -+#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) - - #endif /* CONFIG_COMPAT */ - -diff --git a/ioctl.c b/ioctl.c -index 69980e3..9431025 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - /* compatibility code for 32bit userlands */ - #ifdef CONFIG_COMPAT - -+static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, -+ struct crypt_kop *kop) -+{ -+ int i; -+ kop->crk_op = compat->crk_op; -+ kop->crk_status = compat->crk_status; -+ kop->crk_iparams = compat->crk_iparams; -+ kop->crk_oparams = compat->crk_oparams; -+ -+ for (i = 0; i < CRK_MAXPARAM; i++) { -+ kop->crk_param[i].crp_p = -+ compat_ptr(compat->crk_param[i].crp_p); -+ kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits; -+ } -+ -+ kop->curve_type = compat->curve_type; -+ kop->cookie = compat->cookie; -+} -+ -+static int compat_kop_from_user(struct kernel_crypt_kop *kop, -+ void __user *arg) -+{ -+ struct compat_crypt_kop compat_kop; -+ -+ if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop)))) -+ return -EFAULT; -+ -+ compat_to_crypt_kop(&compat_kop, &kop->kop); -+ return fill_kop_from_cop(kop); -+} -+ -+static inline void crypt_kop_to_compat(struct crypt_kop *kop, -+ struct compat_crypt_kop *compat) -+{ -+ int i; -+ -+ compat->crk_op = kop->crk_op; -+ compat->crk_status = kop->crk_status; -+ compat->crk_iparams = kop->crk_iparams; -+ compat->crk_oparams = kop->crk_oparams; -+ -+ for (i = 0; i < CRK_MAXPARAM; i++) { -+ compat->crk_param[i].crp_p = -+ ptr_to_compat(kop->crk_param[i].crp_p); -+ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; -+ } -+ compat->cookie = kop->cookie; -+ compat->curve_type = kop->curve_type; -+} -+ -+static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) -+{ -+ struct compat_crypt_kop compat_kop; -+ -+ crypt_kop_to_compat(&kop->kop, &compat_kop); -+ if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { -+ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); -+ return -EFAULT; -+ } -+ return 0; -+} -+ - static inline void - compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) - { -@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - return -EFAULT; - } - return ret; -+ case COMPAT_CIOCKEY: -+ { -+ struct cryptodev_pkc *pkc = -+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ -+ if (!pkc) -+ return -ENOMEM; -+ -+ ret = compat_kop_from_user(&pkc->kop, arg); -+ -+ if (unlikely(ret)) { -+ kfree(pkc); -+ return ret; -+ } - -+ pkc->type = SYNCHRONOUS; -+ ret = crypto_run_asym(pkc); -+ kfree(pkc); -+ } -+ return ret; - case COMPAT_CIOCCRYPT: - ret = compat_kcop_from_user(&kcop, fcr, arg); - if (unlikely(ret)) -@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - - return compat_kcop_to_user(&kcop, fcr, arg); - #endif -+ case COMPAT_CIOCASYMASYNCRYPT: -+ { -+ struct cryptodev_pkc *pkc = -+ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ -+ ret = compat_kop_from_user(&pkc->kop, arg); -+ if (unlikely(ret)) -+ return -EINVAL; -+ -+ /* Store associated FD priv data with asymmetric request */ -+ pkc->priv = pcr; -+ pkc->type = ASYNCHRONOUS; -+ ret = crypto_run_asym(pkc); -+ if (ret == -EINPROGRESS) -+ ret = 0; -+ } -+ return ret; -+ case COMPAT_CIOCASYMASYNFETCH: -+ { -+ struct cryptodev_pkc *pkc; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&pcr->completion_lock, flags); -+ if (list_empty(&pcr->asym_completed_list)) { -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ return -ENOMEM; -+ } -+ pkc = list_first_entry(&pcr->asym_completed_list, -+ struct cryptodev_pkc, list); -+ list_del(&pkc->list); -+ spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ ret = crypto_async_fetch_asym(pkc); -+ -+ /* Reflect the updated request to user-space */ -+ if (!ret) -+ compat_kop_to_user(&pkc->kop, arg); -+ kfree(pkc); -+ } -+ return ret; - default: - return -EINVAL; - } --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch b/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch deleted file mode 100644 index 8827fb0..0000000 --- a/recipes-kernel/cryptodev/files/0005-Asynchronous-interface-changes-in-cryptodev.patch +++ /dev/null @@ -1,213 +0,0 @@ -From 7594d5375d998eb25241750b623661ff021697d3 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 07:24:00 +0545 -Subject: [PATCH 05/15] Asynchronous interface changes in cryptodev - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - cryptlib.h | 7 ++++- - crypto/cryptodev.h | 10 ++++++- - cryptodev_int.h | 10 ++++++- - ioctl.c | 76 +++++++++++++++++++++++++++++++++++++----------------- - 4 files changed, 76 insertions(+), 27 deletions(-) - -diff --git a/cryptlib.h b/cryptlib.h -index 56d325a..7ffa54c 100644 ---- a/cryptlib.h -+++ b/cryptlib.h -@@ -113,7 +113,12 @@ struct cryptodev_pkc { - struct pkc_request req; /* PKC request structure allocated - from CryptoAPI */ - enum offload_type type; /* Synchronous Vs Asynchronous request */ -- void *cookie; /*Additional opaque cookie to be used in future */ -+ /* -+ * cookie used for transfering tranparent information from async -+ * submission to async fetch. Currently some dynamic allocated -+ * buffers are maintained which will be freed later during fetch -+ */ -+ void *cookie; - struct crypt_priv *priv; - }; - -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 96675fe..4436fbf 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -254,6 +254,14 @@ struct crypt_kop { - void *cookie; - }; - -+#define MAX_COOKIES 4 -+ -+struct pkc_cookie_list_s { -+ int cookie_available; -+ void *cookie[MAX_COOKIES]; -+ int status[MAX_COOKIES]; -+}; -+ - enum cryptodev_crk_op_t { - CRK_MOD_EXP = 0, - CRK_MOD_EXP_CRT = 1, -@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t { - #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) - /* additional ioctls for asynchronous operation for asymmetric ciphers*/ - #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) --#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) -+#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s) - #endif /* L_CRYPTODEV_H */ -diff --git a/cryptodev_int.h b/cryptodev_int.h -index cf54dac..5347cae 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -93,6 +93,12 @@ struct compat_crypt_kop { - compat_uptr_t cookie; - }; - -+struct compat_pkc_cookie_list_s { -+ int cookie_available; -+ compat_uptr_t cookie[MAX_COOKIES]; -+ int status[MAX_COOKIES]; -+}; -+ - /* input of CIOCAUTHCRYPT */ - struct compat_crypt_auth_op { - uint32_t ses; /* session identifier */ -@@ -126,11 +132,13 @@ struct compat_crypt_auth_op { - /* compat ioctls, defined for the above structs */ - #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) - #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) -+#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) - #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) - #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) - #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) - #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) --#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) -+#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \ -+ struct compat_pkc_cookie_list_s) - - #endif /* CONFIG_COMPAT */ - -diff --git a/ioctl.c b/ioctl.c -index 9431025..e2f407f 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) - crypto_free_pkc(pkc->s); - res->err = err; - if (pkc->type == SYNCHRONOUS) { -- if (err == -EINPROGRESS) -- return; - complete(&res->completion); - } else { - struct crypt_priv *pcr = pkc->priv; -@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - ret = 0; - } - return ret; -- case CIOCASYMASYNFETCH: -+ case CIOCASYMFETCHCOOKIE: - { - struct cryptodev_pkc *pkc; - unsigned long flags; -+ int i; -+ struct pkc_cookie_list_s cookie_list; - - spin_lock_irqsave(&pcr->completion_lock, flags); -- if (list_empty(&pcr->asym_completed_list)) { -- spin_unlock_irqrestore(&pcr->completion_lock, flags); -- return -ENOMEM; -+ cookie_list.cookie_available = 0; -+ for (i = 0; i < MAX_COOKIES; i++) { -+ if (!list_empty(&pcr->asym_completed_list)) { -+ /* Run a loop in the list for upto elements -+ and copy their response back */ -+ pkc = -+ list_first_entry(&pcr->asym_completed_list, -+ struct cryptodev_pkc, list); -+ list_del(&pkc->list); -+ ret = crypto_async_fetch_asym(pkc); -+ if (!ret) { -+ cookie_list.cookie_available++; -+ cookie_list.cookie[i] = -+ pkc->kop.kop.cookie; -+ cookie_list.status[i] = pkc->result.err; -+ } -+ kfree(pkc); -+ } else { -+ break; -+ } - } -- pkc = list_first_entry(&pcr->asym_completed_list, -- struct cryptodev_pkc, list); -- list_del(&pkc->list); - spin_unlock_irqrestore(&pcr->completion_lock, flags); -- ret = crypto_async_fetch_asym(pkc); - - /* Reflect the updated request to user-space */ -- if (!ret) -- kop_to_user(&pkc->kop, arg); -- kfree(pkc); -+ if (cookie_list.cookie_available) -+ copy_to_user(arg, &cookie_list, -+ sizeof(struct pkc_cookie_list_s)); - } - return ret; - default: -@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - ret = 0; - } - return ret; -- case COMPAT_CIOCASYMASYNFETCH: -+ case COMPAT_CIOCASYMFETCHCOOKIE: - { - struct cryptodev_pkc *pkc; - unsigned long flags; -+ int i = 0; -+ struct compat_pkc_cookie_list_s cookie_list; - - spin_lock_irqsave(&pcr->completion_lock, flags); -- if (list_empty(&pcr->asym_completed_list)) { -- spin_unlock_irqrestore(&pcr->completion_lock, flags); -- return -ENOMEM; -+ cookie_list.cookie_available = 0; -+ -+ for (i = 0; i < MAX_COOKIES; i++) { -+ if (!list_empty(&pcr->asym_completed_list)) { -+ /* Run a loop in the list for upto elements -+ and copy their response back */ -+ pkc = -+ list_first_entry(&pcr->asym_completed_list, -+ struct cryptodev_pkc, list); -+ list_del(&pkc->list); -+ ret = crypto_async_fetch_asym(pkc); -+ if (!ret) { -+ cookie_list.cookie_available++; -+ cookie_list.cookie[i] = -+ pkc->kop.kop.cookie; -+ } -+ kfree(pkc); -+ } else { -+ break; -+ } - } -- pkc = list_first_entry(&pcr->asym_completed_list, -- struct cryptodev_pkc, list); -- list_del(&pkc->list); - spin_unlock_irqrestore(&pcr->completion_lock, flags); -- ret = crypto_async_fetch_asym(pkc); - - /* Reflect the updated request to user-space */ -- if (!ret) -- compat_kop_to_user(&pkc->kop, arg); -- kfree(pkc); -+ if (cookie_list.cookie_available) -+ copy_to_user(arg, &cookie_list, -+ sizeof(struct compat_pkc_cookie_list_s)); - } - return ret; - default: --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch deleted file mode 100644 index 89cace3..0000000 --- a/recipes-kernel/cryptodev/files/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch +++ /dev/null @@ -1,212 +0,0 @@ -From eccd6277b067cd85094eb057225cc0a983300b9f Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 07:53:53 +0545 -Subject: [PATCH 06/15] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - cryptlib.c | 2 ++ - crypto/cryptodev.h | 5 +++- - ioctl.c | 29 +++++++++++++++++-- - main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 118 insertions(+), 3 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 6900028..47cd568 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) - case DSA_VERIFY: - case ECDSA_SIGN: - case ECDSA_VERIFY: -+ case DLC_KEYGEN: -+ case ECC_KEYGEN: - pkc->s = crypto_alloc_pkc("pkc(dsa)", - CRYPTO_ALG_TYPE_PKC_DSA, 0); - break; -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 4436fbf..275a55c 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t { - CRK_DSA_SIGN = 2, - CRK_DSA_VERIFY = 3, - CRK_DH_COMPUTE_KEY = 4, -+ CRK_DSA_GENERATE_KEY = 5, -+ CRK_DH_GENERATE_KEY = 6, - CRK_ALGORITHM_ALL - }; - -@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t { - #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) - #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) - #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) -- -+#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY) -+#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY) - - /* ioctl's. Compatible with old linux cryptodev.h - */ -diff --git a/ioctl.c b/ioctl.c -index e2f407f..1f0741a 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - dh_req->z, dh_req->z_len); - } - break; -+ case CRK_DSA_GENERATE_KEY: -+ case CRK_DH_GENERATE_KEY: -+ { -+ struct keygen_req_s *key_req = &pkc_req->req_u.keygen; -+ -+ if (pkc_req->type == ECC_KEYGEN) { -+ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, -+ key_req->pub_key_len); -+ copy_to_user(ckop->crk_param[5].crp_p, -+ key_req->priv_key, key_req->priv_key_len); -+ } else { -+ copy_to_user(ckop->crk_param[3].crp_p, -+ key_req->pub_key, key_req->pub_key_len); -+ copy_to_user(ckop->crk_param[4].crp_p, -+ key_req->priv_key, key_req->priv_key_len); -+ } -+ } - default: - ret = -EINVAL; - } -@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - - switch (cmd) { - case CIOCASYMFEAT: -- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | -- CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); -+ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | -+ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | -+ CRF_DSA_GENERATE_KEY, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); -@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - if (cookie_list.cookie_available) - copy_to_user(arg, &cookie_list, - sizeof(struct pkc_cookie_list_s)); -+ else { -+ struct pkc_cookie_list_s *user_ck_list = (void *)arg; -+ -+ put_user(0, &(user_ck_list->cookie_available)); -+ } -+ ret = cookie_list.cookie_available; - } -+ - return ret; - default: - return -EINVAL; -diff --git a/main.c b/main.c -index 0b7951e..c901bc7 100644 ---- a/main.c -+++ b/main.c -@@ -342,6 +342,85 @@ err: - return rc; - } - -+int crypto_kop_keygen(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct keygen_req_s *key_req; -+ int rc, buf_size; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ key_req = &pkc_req->req_u.keygen; -+ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; -+ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; -+ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ if (cop->crk_iparams == 3) { -+ key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + -+ key_req->pub_key_len + key_req->priv_key_len; -+ pkc_req->type = DLC_KEYGEN; -+ } else { -+ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; -+ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; -+ key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8; -+ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + -+ key_req->pub_key_len + key_req->priv_key_len + -+ key_req->ab_len; -+ pkc_req->type = ECC_KEYGEN; -+ pkc_req->curve_type = cop->curve_type; -+ } -+ -+ buf = kzalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; -+ -+ key_req->q = buf; -+ key_req->r = key_req->q + key_req->q_len; -+ key_req->g = key_req->r + key_req->r_len; -+ key_req->pub_key = key_req->g + key_req->g_len; -+ key_req->priv_key = key_req->pub_key + key_req->pub_key_len; -+ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); -+ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); -+ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); -+ if (cop->crk_iparams == 3) { -+ copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, -+ key_req->pub_key_len); -+ copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, -+ key_req->priv_key_len); -+ } else { -+ key_req->ab = key_req->priv_key + key_req->priv_key_len; -+ copy_from_user(key_req->ab, cop->crk_param[3].crp_p, -+ key_req->ab_len); -+ copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, -+ key_req->pub_key_len); -+ copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, -+ key_req->priv_key_len); -+ } -+ -+ rc = cryptodev_pkc_offload(pkc); -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ } else { -+ if (rc != -EINPROGRESS && !rc) -+ goto err; -+ -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+} -+ - int crypto_kop_dh_key(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; -@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) - goto err; - ret = crypto_kop_dh_key(pkc); - break; -+ case CRK_DH_GENERATE_KEY: -+ case CRK_DSA_GENERATE_KEY: -+ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) -+ goto err; -+ ret = crypto_kop_keygen(pkc); -+ break; - } - err: - return ret; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch deleted file mode 100644 index a76aca4..0000000 --- a/recipes-kernel/cryptodev/files/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch +++ /dev/null @@ -1,238 +0,0 @@ -From 78c01e1882def52c72966c0e86913950ec201af9 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Fri, 7 Mar 2014 08:49:15 +0545 -Subject: [PATCH 07/15] RCU stall fixed in PKC asynchronous interface - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta ---- - ioctl.c | 23 +++++++++++------------ - main.c | 43 +++++++++++++++++++++++++++---------------- - 2 files changed, 38 insertions(+), 28 deletions(-) - -diff --git a/ioctl.c b/ioctl.c -index 1f0741a..e4e16a8 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) - complete(&res->completion); - } else { - struct crypt_priv *pcr = pkc->priv; -- unsigned long flags; -- spin_lock_irqsave(&pcr->completion_lock, flags); -+ spin_lock_bh(&pcr->completion_lock); - list_add_tail(&pkc->list, &pcr->asym_completed_list); -- spin_unlock_irqrestore(&pcr->completion_lock, flags); -+ spin_unlock_bh(&pcr->completion_lock); - /* wake for POLLIN */ - wake_up_interruptible(&pcr->user_waiter); - } -@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMFEAT: - return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | - CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | -- CRF_DSA_GENERATE_KEY, p); -+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); -@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCKEY: - { - struct cryptodev_pkc *pkc = -- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); - - if (!pkc) - return -ENOMEM; -@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMASYNCRYPT: - { - struct cryptodev_pkc *pkc = -- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); -+ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); - ret = kop_from_user(&pkc->kop, arg); - - if (unlikely(ret)) -@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMFETCHCOOKIE: - { - struct cryptodev_pkc *pkc; -- unsigned long flags; - int i; - struct pkc_cookie_list_s cookie_list; - -- spin_lock_irqsave(&pcr->completion_lock, flags); - cookie_list.cookie_available = 0; - for (i = 0; i < MAX_COOKIES; i++) { -+ spin_lock_bh(&pcr->completion_lock); - if (!list_empty(&pcr->asym_completed_list)) { - /* Run a loop in the list for upto elements - and copy their response back */ -@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - list_first_entry(&pcr->asym_completed_list, - struct cryptodev_pkc, list); - list_del(&pkc->list); -+ spin_unlock_bh(&pcr->completion_lock); - ret = crypto_async_fetch_asym(pkc); - if (!ret) { - cookie_list.cookie_available++; -@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - } - kfree(pkc); - } else { -+ spin_unlock_bh(&pcr->completion_lock); - break; - } - } -- spin_unlock_irqrestore(&pcr->completion_lock, flags); - - /* Reflect the updated request to user-space */ - if (cookie_list.cookie_available) -@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - case COMPAT_CIOCASYMFETCHCOOKIE: - { - struct cryptodev_pkc *pkc; -- unsigned long flags; - int i = 0; - struct compat_pkc_cookie_list_s cookie_list; - -- spin_lock_irqsave(&pcr->completion_lock, flags); - cookie_list.cookie_available = 0; - - for (i = 0; i < MAX_COOKIES; i++) { -+ spin_lock_bh(&pcr->completion_lock); - if (!list_empty(&pcr->asym_completed_list)) { - /* Run a loop in the list for upto elements - and copy their response back */ -@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - list_first_entry(&pcr->asym_completed_list, - struct cryptodev_pkc, list); - list_del(&pkc->list); -+ spin_unlock_bh(&pcr->completion_lock); - ret = crypto_async_fetch_asym(pkc); - if (!ret) { - cookie_list.cookie_available++; -@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - } - kfree(pkc); - } else { -+ spin_unlock_bh(&pcr->completion_lock); - break; - } - } -- spin_unlock_irqrestore(&pcr->completion_lock, flags); - - /* Reflect the updated request to user-space */ - if (cookie_list.cookie_available) -diff --git a/main.c b/main.c -index c901bc7..2747706 100644 ---- a/main.c -+++ b/main.c -@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) - pkc_req->type = DSA_SIGN; - } - -- buf = kzalloc(buf_size, GFP_DMA); -+ buf = kmalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; - - dsa_req->q = buf; - dsa_req->r = dsa_req->q + dsa_req->q_len; -@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) - pkc_req->type = DSA_VERIFY; - } - -- buf = kzalloc(buf_size, GFP_DMA); -+ buf = kmalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; - - dsa_req->q = buf; - dsa_req->r = dsa_req->q + dsa_req->q_len; -@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - pkc_req->curve_type = cop->curve_type; - } - -- buf = kzalloc(buf_size, GFP_DMA); -+ buf = kmalloc(buf_size, GFP_DMA); - if (!buf) - return -ENOMEM; - -@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); - copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); - copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); -- if (cop->crk_iparams == 3) { -- copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, -- key_req->pub_key_len); -- copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, -- key_req->priv_key_len); -- } else { -+ if (cop->crk_iparams == 4) { - key_req->ab = key_req->priv_key + key_req->priv_key_len; - copy_from_user(key_req->ab, cop->crk_param[3].crp_p, - key_req->ab_len); -- copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, -- key_req->pub_key_len); -- copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, -- key_req->priv_key_len); - } - - rc = cryptodev_pkc_offload(pkc); - if (pkc->type == SYNCHRONOUS) { - if (rc) - goto err; -+ -+ if (cop->crk_iparams == 4) { -+ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, -+ key_req->pub_key_len); -+ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, -+ key_req->priv_key_len); -+ } else { -+ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, -+ key_req->pub_key_len); -+ copy_to_user(cop->crk_param[4].crp_p, -+ key_req->priv_key, key_req->priv_key_len); -+ } - } else { - if (rc != -EINPROGRESS && !rc) - goto err; -@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) - pkc_req->type = DH_COMPUTE_KEY; - } - buf_size += dh_req->z_len; -- buf = kzalloc(buf_size, GFP_DMA); -+ buf = kmalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; - dh_req->q = buf; - dh_req->s = dh_req->q + dh_req->q_len; - dh_req->pub_key = dh_req->s + dh_req->s_len; -@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) - rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; - rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; - rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; -- buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + -+ buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + - rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + - rsa_req->g_len, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; - rsa_req->p = buf; - rsa_req->q = rsa_req->p + rsa_req->p_len; - rsa_req->g = rsa_req->q + rsa_req->q_len; -@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) - rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; - rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; - rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; -- buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len -+ buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len - + rsa_req->g_len, GFP_DMA); - if (!buf) - return -ENOMEM; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch b/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch deleted file mode 100644 index d251c66..0000000 --- a/recipes-kernel/cryptodev/files/0008-Add-RSA-Key-generation-offloading.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 5127db3483a2e4f6dc13330bea7237931c5f15a0 Mon Sep 17 00:00:00 2001 -From: Hou Zhiqiang -Date: Wed, 19 Mar 2014 14:02:46 +0800 -Subject: [PATCH 08/15] Add RSA Key generation offloading - -Upstream-status: Pending - -Signed-off-by: Hou Zhiqiang -Tested-by: Cristian Stoica ---- - cryptlib.c | 1 + - crypto/cryptodev.h | 2 ++ - ioctl.c | 3 +- - main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++- - 4 files changed, 84 insertions(+), 2 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 47cd568..4dd1847 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) - struct pkc_request *pkc_req = &pkc->req, *pkc_requested; - - switch (pkc_req->type) { -+ case RSA_KEYGEN: - case RSA_PUB: - case RSA_PRIV_FORM1: - case RSA_PRIV_FORM2: -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 275a55c..d0cc542 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t { - CRK_DH_COMPUTE_KEY = 4, - CRK_DSA_GENERATE_KEY = 5, - CRK_DH_GENERATE_KEY = 6, -+ CRK_RSA_GENERATE_KEY = 7, - CRK_ALGORITHM_ALL - }; - -@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t { - */ - #define CRF_MOD_EXP (1 << CRK_MOD_EXP) - #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) -+#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY) - #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) - #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) - #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) -diff --git a/ioctl.c b/ioctl.c -index e4e16a8..3762a47 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - case CIOCASYMFEAT: - return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | - CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | -- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); -+ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | -+ CRF_RSA_GENERATE_KEY, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); -diff --git a/main.c b/main.c -index 2747706..14dcf40 100644 ---- a/main.c -+++ b/main.c -@@ -346,6 +346,82 @@ err: - return rc; - } - -+int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) -+{ -+ struct kernel_crypt_kop *kop = &pkc->kop; -+ struct crypt_kop *cop = &kop->kop; -+ struct pkc_request *pkc_req; -+ struct rsa_keygen_req_s *key_req; -+ int rc, buf_size; -+ uint8_t *buf; -+ -+ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || -+ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || -+ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || -+ !cop->crk_param[6].crp_nbits) -+ return -EINVAL; -+ -+ pkc_req = &pkc->req; -+ pkc_req->type = RSA_KEYGEN; -+ key_req = &pkc_req->req_u.rsa_keygen; -+ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; -+ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; -+ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; -+ key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8; -+ key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8; -+ key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8; -+ key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8; -+ key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8; -+ -+ buf_size = key_req->p_len + key_req->q_len + key_req->n_len + -+ key_req->d_len + key_req->dp_len + -+ key_req->dq_len + key_req->c_len; -+ -+ buf = kmalloc(buf_size, GFP_DMA); -+ if (!buf) -+ return -ENOMEM; -+ key_req->p = buf; -+ key_req->q = key_req->p + key_req->p_len; -+ key_req->n = key_req->q + key_req->q_len; -+ key_req->d = key_req->n + key_req->n_len; -+ key_req->dp = key_req->d + key_req->d_len; -+ key_req->dq = key_req->dp + key_req->dp_len; -+ key_req->c = key_req->dq + key_req->dq_len; -+ -+ rc = cryptodev_pkc_offload(pkc); -+ -+ if (pkc->type == SYNCHRONOUS) { -+ if (rc) -+ goto err; -+ -+ copy_to_user(cop->crk_param[0].crp_p, -+ key_req->p, key_req->p_len); -+ copy_to_user(cop->crk_param[1].crp_p, -+ key_req->q, key_req->q_len); -+ copy_to_user(cop->crk_param[2].crp_p, -+ key_req->n, key_req->n_len); -+ copy_to_user(cop->crk_param[3].crp_p, -+ key_req->d, key_req->d_len); -+ copy_to_user(cop->crk_param[4].crp_p, -+ key_req->dp, key_req->dp_len); -+ copy_to_user(cop->crk_param[5].crp_p, -+ key_req->dq, key_req->dq_len); -+ copy_to_user(cop->crk_param[6].crp_p, -+ key_req->c, key_req->c_len); -+ } else { -+ if (rc != -EINPROGRESS && !rc) { -+ printk("%s: Failed\n", __func__); -+ goto err; -+ } -+ pkc->cookie = buf; -+ return rc; -+ } -+err: -+ kfree(buf); -+ return rc; -+ -+} -+ - int crypto_kop_keygen(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; -@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - buf = kmalloc(buf_size, GFP_DMA); - if (!buf) - return -ENOMEM; -- - key_req->q = buf; - key_req->r = key_req->q + key_req->q_len; - key_req->g = key_req->r + key_req->r_len; -@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) - goto err; - ret = crypto_kop_keygen(pkc); - break; -+ case CRK_RSA_GENERATE_KEY: -+ ret = crypto_kop_rsa_keygen(pkc); -+ break; - } - err: - return ret; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch deleted file mode 100644 index 2213fae..0000000 --- a/recipes-kernel/cryptodev/files/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch +++ /dev/null @@ -1,160 +0,0 @@ -From 800af48d0c26830943ca2308dd426b5b09811750 Mon Sep 17 00:00:00 2001 -From: Yashpal Dutta -Date: Thu, 17 Apr 2014 07:08:47 +0545 -Subject: [PATCH 09/15] Fixed compilation error of openssl with fsl cryptodev - -Upstream-status: Pending - -Signed-off-by: Yashpal Dutta -Tested-by: Cristian Stoica ---- - authenc.c | 1 + - cryptlib.c | 9 ++++----- - crypto/cryptodev.h | 9 ++++++++- - cryptodev_int.h | 2 +- - ioctl.c | 8 ++++++-- - main.c | 1 + - 6 files changed, 21 insertions(+), 9 deletions(-) - -diff --git a/authenc.c b/authenc.c -index ef0d3db..2aa4d38 100644 ---- a/authenc.c -+++ b/authenc.c -@@ -2,6 +2,7 @@ - * Driver for /dev/crypto device (aka CryptoDev) - * - * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc. -+ * Copyright (c) 2014 Freescale Semiconductor, Inc. - * - * Author: Nikos Mavrogiannopoulos - * -diff --git a/cryptlib.c b/cryptlib.c -index 4dd1847..ec6693e 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -4,8 +4,7 @@ - * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos - * Portions Copyright (c) 2010 Michael Weiser - * Portions Copyright (c) 2010 Phil Sutter -- * -- * Copyright 2012 Freescale Semiconductor, Inc. -+ * Copyright 2012-2014 Freescale Semiconductor, Inc. - * - * This file is part of linux cryptodev. - * -@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, - if (alg->max_keysize > 0 && - unlikely((keylen < alg->min_keysize) || - (keylen > alg->max_keysize))) { -- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", -+ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", - keylen, alg_name, alg->min_keysize, alg->max_keysize); - ret = -EINVAL; - goto error; -@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, - } - - if (unlikely(ret)) { -- ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); -+ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); - ret = -EINVAL; - goto error; - } -@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, - if (hmac_mode != 0) { - ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); - if (unlikely(ret)) { -- ddebug(1, "Setting hmac key failed for %s-%zu.", -+ ddebug(1, "Setting hmac key failed for %s-%u.", - alg_name, mackeylen*8); - ret = -EINVAL; - goto error; -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index d0cc542..e7edd97 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -234,6 +234,13 @@ struct crypt_auth_op { - #define CRYPTO_ALG_FLAG_RNG_ENABLE 2 - #define CRYPTO_ALG_FLAG_DSA_SHA 4 - -+enum ec_curve_t { -+ EC_DISCRETE_LOG, -+ EC_PRIME, -+ EC_BINARY, -+ MAX_EC_TYPE -+}; -+ - struct crparam { - __u8 *crp_p; - __u32 crp_nbits; -@@ -249,7 +256,7 @@ struct crypt_kop { - __u16 crk_oparams; - __u32 crk_pad1; - struct crparam crk_param[CRK_MAXPARAM]; -- enum curve_t curve_type; /* 0 == Discrete Log, -+ enum ec_curve_t curve_type; /* 0 == Discrete Log, - 1 = EC_PRIME, 2 = EC_BINARY */ - void *cookie; - }; -diff --git a/cryptodev_int.h b/cryptodev_int.h -index 5347cae..c83c885 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -88,7 +88,7 @@ struct compat_crypt_kop { - uint16_t crk_oparams; - uint32_t crk_pad1; - struct compat_crparam crk_param[CRK_MAXPARAM]; -- enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, -+ enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, - 2 = EC_BINARY */ - compat_uptr_t cookie; - }; -diff --git a/ioctl.c b/ioctl.c -index 3762a47..c97320b 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -4,7 +4,7 @@ - * Copyright (c) 2004 Michal Ludvig , SuSE Labs - * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos - * Copyright (c) 2010 Phil Sutter -- * Copyright 2012 Freescale Semiconductor, Inc. -+ * Copyright 2012-2014 Freescale Semiconductor, Inc. - * - * This file is part of linux cryptodev. - * -@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp) - INIT_LIST_HEAD(&pcr->done.list); - INIT_LIST_HEAD(&pcr->asym_completed_list); - spin_lock_init(&pcr->completion_lock); -+ - INIT_WORK(&pcr->cryptask, cryptask_routine); - - init_waitqueue_head(&pcr->user_waiter); -@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) - - if (cop->iv) { - rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); -- if (unlikely(rc)) -+ if (unlikely(rc)) { -+ derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", -+ kcop->ivlen, rc, cop->iv); - return -EFAULT; -+ } - } - - return 0; -diff --git a/main.c b/main.c -index 14dcf40..6365911 100644 ---- a/main.c -+++ b/main.c -@@ -3,6 +3,7 @@ - * - * Copyright (c) 2004 Michal Ludvig , SuSE Labs - * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos -+ * Copyright (c) 2014 Freescale Semiconductor, Inc. - * - * This file is part of linux cryptodev. - * --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch b/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch deleted file mode 100644 index 2032159..0000000 --- a/recipes-kernel/cryptodev/files/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 55ee0ae703a68db74a492f5910937260502b9602 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Tue, 10 Jun 2014 08:27:59 +0300 -Subject: [PATCH 10/15] add support for composite TLS10(SHA1,3DES) algorithm - offload - -This adds support for composite algorithm offload in a single crypto -(cipher + hmac) operation. - -It requires either software or hardware TLS support in the Linux kernel -and can be used with Freescale B*, P* and T* platforms that have support -for hardware TLS acceleration. - -Change-Id: Ibce0ceb4174809c9c96b453cd3202bc5220ff084 -Signed-off-by: Tudor Ambarus -Reviewed-on: http://git.am.freescale.net:8181/34000 -Reviewed-by: Cristian Stoica -Tested-by: Cristian Stoica ---- - crypto/cryptodev.h | 1 + - ioctl.c | 5 +++++ - 2 files changed, 6 insertions(+) - -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index e7edd97..07f40b2 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -55,6 +55,7 @@ enum cryptodev_crypto_op_t { - CRYPTO_SHA2_512, - CRYPTO_SHA2_224_HMAC, - CRYPTO_TLS10_AES_CBC_HMAC_SHA1, -+ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, - CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ - }; - -diff --git a/ioctl.c b/ioctl.c -index c97320b..574e913 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -191,6 +191,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) - stream = 0; - aead = 1; - break; -+ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: -+ alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; -+ stream = 0; -+ aead = 1; -+ break; - case CRYPTO_NULL: - alg_name = "ecb(cipher_null)"; - stream = 1; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch b/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch deleted file mode 100644 index 37862b5..0000000 --- a/recipes-kernel/cryptodev/files/0011-add-support-for-TLSv1.1-record-offload.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 06cca15fd0412ae872c2b2c5d50216e1eb34fc50 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Tue, 31 Mar 2015 16:15:47 +0300 -Subject: [PATCH 11/15] add support for TLSv1.1 record offload - -This adds support for composite algorithm offload in a single crypto -(cipher + hmac) operation. - -Supported cipher suites: -- 3des-ede-cbc-sha -- aes-128-cbc-hmac-sha -- aes-256-cbc-hmac-sha - -It requires either software or hardware TLS support in the Linux kernel -and can be used with Freescale B*, P* and T* platforms that have support -for hardware TLS acceleration. - -Signed-off-by: Tudor Ambarus -Change-Id: Ia5f3fa7ec090d5643d71b0f608c68a274ec6b51f -Reviewed-on: http://git.am.freescale.net:8181/33998 -Reviewed-by: Cristian Stoica -Tested-by: Cristian Stoica ---- - crypto/cryptodev.h | 4 +++- - ioctl.c | 14 ++++++++++++-- - 2 files changed, 15 insertions(+), 3 deletions(-) - -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 07f40b2..61e8599 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -54,8 +54,10 @@ enum cryptodev_crypto_op_t { - CRYPTO_SHA2_384, - CRYPTO_SHA2_512, - CRYPTO_SHA2_224_HMAC, -- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, - CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, -+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, -+ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, -+ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, - CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ - }; - -diff --git a/ioctl.c b/ioctl.c -index 574e913..ba82387 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -186,13 +186,23 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) - stream = 1; - aead = 1; - break; -+ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: -+ alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; -+ stream = 0; -+ aead = 1; -+ break; - case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: - alg_name = "tls10(hmac(sha1),cbc(aes))"; - stream = 0; - aead = 1; - break; -- case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: -- alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; -+ case CRYPTO_TLS11_3DES_CBC_HMAC_SHA1: -+ alg_name = "tls11(hmac(sha1),cbc(des3_ede))"; -+ stream = 0; -+ aead = 1; -+ break; -+ case CRYPTO_TLS11_AES_CBC_HMAC_SHA1: -+ alg_name = "tls11(hmac(sha1),cbc(aes))"; - stream = 0; - aead = 1; - break; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch b/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch deleted file mode 100644 index 6aa672a..0000000 --- a/recipes-kernel/cryptodev/files/0012-add-support-for-TLSv1.2-record-offload.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 15999e402dd7472cafe51be3fd0ce66433ca924b Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Tue, 31 Mar 2015 16:16:28 +0300 -Subject: [PATCH 12/15] add support for TLSv1.2 record offload - -This adds support for composite algorithm offload in a single crypto -(cipher + hmac) operation. - -Supported cipher suites: -- 3des-ede-cbc-sha -- aes-128-cbc-hmac-sha -- aes-256-cbc-hmac-sha -- aes-128-cbc-hmac-sha256 -- aes-256-cbc-hmac-sha256 - -It requires either software or hardware TLS support in the Linux kernel -and can be used with Freescale B*, P* and T* platforms that have support -for hardware TLS acceleration. - -Signed-off-by: Tudor Ambarus -Change-Id: I21f45993505fc3dad09848a13aa20f778a7c2de0 -Reviewed-on: http://git.am.freescale.net:8181/33999 -Reviewed-by: Cristian Stoica -Tested-by: Cristian Stoica ---- - crypto/cryptodev.h | 3 +++ - ioctl.c | 15 +++++++++++++++ - 2 files changed, 18 insertions(+) - -diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h -index 61e8599..f6058ca 100644 ---- a/crypto/cryptodev.h -+++ b/crypto/cryptodev.h -@@ -58,6 +58,9 @@ enum cryptodev_crypto_op_t { - CRYPTO_TLS10_AES_CBC_HMAC_SHA1, - CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, - CRYPTO_TLS11_AES_CBC_HMAC_SHA1, -+ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, -+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, -+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, - CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ - }; - -diff --git a/ioctl.c b/ioctl.c -index ba82387..fb4c4e3 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -206,6 +206,21 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) - stream = 0; - aead = 1; - break; -+ case CRYPTO_TLS12_3DES_CBC_HMAC_SHA1: -+ alg_name = "tls12(hmac(sha1),cbc(des3_ede))"; -+ stream = 0; -+ aead = 1; -+ break; -+ case CRYPTO_TLS12_AES_CBC_HMAC_SHA1: -+ alg_name = "tls12(hmac(sha1),cbc(aes))"; -+ stream = 0; -+ aead = 1; -+ break; -+ case CRYPTO_TLS12_AES_CBC_HMAC_SHA256: -+ alg_name = "tls12(hmac(sha256),cbc(aes))"; -+ stream = 0; -+ aead = 1; -+ break; - case CRYPTO_NULL: - alg_name = "ecb(cipher_null)"; - stream = 1; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch b/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch deleted file mode 100644 index 86cf6a2..0000000 --- a/recipes-kernel/cryptodev/files/0013-clean-up-code-layout.patch +++ /dev/null @@ -1,186 +0,0 @@ -From 39abcb9cea60540528e848d6c66169c36d666861 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Fri, 20 Feb 2015 12:46:58 +0200 -Subject: [PATCH 13/15] clean-up code layout - -Signed-off-by: Cristian Stoica -Change-Id: I92c2f4baeed9470a2c3c42b592d878e65918b0af -Reviewed-on: http://git.am.freescale.net:8181/34222 ---- - cryptlib.c | 11 ++++------- - ioctl.c | 55 +++++++++++++++++++++---------------------------------- - main.c | 4 +--- - 3 files changed, 26 insertions(+), 44 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index ec6693e..21e691b 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -434,7 +434,7 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) - return waitfor(hdata->async.result, ret); - } - --int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) -+int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) - { - int ret = 0; - struct pkc_request *pkc_req = &pkc->req, *pkc_requested; -@@ -445,8 +445,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) - case RSA_PRIV_FORM1: - case RSA_PRIV_FORM2: - case RSA_PRIV_FORM3: -- pkc->s = crypto_alloc_pkc("pkc(rsa)", -- CRYPTO_ALG_TYPE_PKC_RSA, 0); -+ pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0); - break; - case DSA_SIGN: - case DSA_VERIFY: -@@ -454,13 +453,11 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) - case ECDSA_VERIFY: - case DLC_KEYGEN: - case ECC_KEYGEN: -- pkc->s = crypto_alloc_pkc("pkc(dsa)", -- CRYPTO_ALG_TYPE_PKC_DSA, 0); -+ pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0); - break; - case DH_COMPUTE_KEY: - case ECDH_COMPUTE_KEY: -- pkc->s = crypto_alloc_pkc("pkc(dh)", -- CRYPTO_ALG_TYPE_PKC_DH, 0); -+ pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0); - break; - default: - return -EINVAL; -diff --git a/ioctl.c b/ioctl.c -index fb4c4e3..ee0486c 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -714,16 +714,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - case CRK_MOD_EXP: - { - struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; -- copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, -- rsa_req->g_len); -+ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); - } - break; - case CRK_MOD_EXP_CRT: - { -- struct rsa_priv_frm3_req_s *rsa_req = -- &pkc_req->req_u.rsa_priv_f3; -- copy_to_user(ckop->crk_param[6].crp_p, -- rsa_req->f, rsa_req->f_len); -+ struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3; -+ copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); - } - break; - case CRK_DSA_SIGN: -@@ -731,15 +728,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; - - if (pkc_req->type == ECDSA_SIGN) { -- copy_to_user(ckop->crk_param[6].crp_p, -- dsa_req->c, dsa_req->d_len); -- copy_to_user(ckop->crk_param[7].crp_p, -- dsa_req->d, dsa_req->d_len); -+ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); -+ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); - } else { -- copy_to_user(ckop->crk_param[5].crp_p, -- dsa_req->c, dsa_req->d_len); -- copy_to_user(ckop->crk_param[6].crp_p, -- dsa_req->d, dsa_req->d_len); -+ copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len); -+ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); - } - } - break; -@@ -749,11 +742,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - { - struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; - if (pkc_req->type == ECDH_COMPUTE_KEY) -- copy_to_user(ckop->crk_param[4].crp_p, -- dh_req->z, dh_req->z_len); -+ copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); - else -- copy_to_user(ckop->crk_param[3].crp_p, -- dh_req->z, dh_req->z_len); -+ copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); - } - break; - case CRK_DSA_GENERATE_KEY: -@@ -763,14 +754,14 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - - if (pkc_req->type == ECC_KEYGEN) { - copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, -- key_req->pub_key_len); -- copy_to_user(ckop->crk_param[5].crp_p, -- key_req->priv_key, key_req->priv_key_len); -+ key_req->pub_key_len); -+ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, -+ key_req->priv_key_len); - } else { -- copy_to_user(ckop->crk_param[3].crp_p, -- key_req->pub_key, key_req->pub_key_len); -- copy_to_user(ckop->crk_param[4].crp_p, -- key_req->priv_key, key_req->priv_key_len); -+ copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, -+ key_req->pub_key_len); -+ copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, -+ key_req->priv_key_len); - } - } - default: -@@ -1113,16 +1104,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - if (!list_empty(&pcr->asym_completed_list)) { - /* Run a loop in the list for upto elements - and copy their response back */ -- pkc = -- list_first_entry(&pcr->asym_completed_list, -+ pkc = list_first_entry(&pcr->asym_completed_list, - struct cryptodev_pkc, list); - list_del(&pkc->list); - spin_unlock_bh(&pcr->completion_lock); - ret = crypto_async_fetch_asym(pkc); - if (!ret) { - cookie_list.cookie_available++; -- cookie_list.cookie[i] = -- pkc->kop.kop.cookie; -+ cookie_list.cookie[i] = pkc->kop.kop.cookie; - cookie_list.status[i] = pkc->result.err; - } - kfree(pkc); -@@ -1133,12 +1122,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - } - - /* Reflect the updated request to user-space */ -- if (cookie_list.cookie_available) -- copy_to_user(arg, &cookie_list, -- sizeof(struct pkc_cookie_list_s)); -- else { -+ if (cookie_list.cookie_available) { -+ copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); -+ } else { - struct pkc_cookie_list_s *user_ck_list = (void *)arg; -- - put_user(0, &(user_ck_list->cookie_available)); - } - ret = cookie_list.cookie_available; -diff --git a/main.c b/main.c -index 6365911..af66553 100644 ---- a/main.c -+++ b/main.c -@@ -666,9 +666,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) - if (pkc->type == SYNCHRONOUS) { - if (rc) - goto err; -- -- copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, -- rsa_req->g_len); -+ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); - } else { - if (rc != -EINPROGRESS && rc != 0) - goto err; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch b/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch deleted file mode 100644 index b9e9d2b..0000000 --- a/recipes-kernel/cryptodev/files/0014-remove-redundant-data-copy-for-pkc-operations.patch +++ /dev/null @@ -1,494 +0,0 @@ -From 34e765977633b5f81845c0183af6d388d8225f00 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 23 Feb 2015 12:14:07 +0200 -Subject: [PATCH 14/15] remove redundant data copy for pkc operations - -This patch removes a copy of a pkc request that was -allocated on the hot-path. The copy was not necessary -and was just slowing things down. - -Change-Id: I3ad85f78c188f100ab9fc03a5777bb704a9dcb63 -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34223 ---- - cryptlib.c | 49 +++---------------- - cryptlib.h | 3 +- - ioctl.c | 17 +++---- - main.c | 162 +++++++++++++++++++++++++++++++++++++------------------------ - 4 files changed, 113 insertions(+), 118 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 21e691b..5882a30 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -436,59 +436,22 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) - - int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) - { -- int ret = 0; -- struct pkc_request *pkc_req = &pkc->req, *pkc_requested; -- -- switch (pkc_req->type) { -- case RSA_KEYGEN: -- case RSA_PUB: -- case RSA_PRIV_FORM1: -- case RSA_PRIV_FORM2: -- case RSA_PRIV_FORM3: -- pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0); -- break; -- case DSA_SIGN: -- case DSA_VERIFY: -- case ECDSA_SIGN: -- case ECDSA_VERIFY: -- case DLC_KEYGEN: -- case ECC_KEYGEN: -- pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0); -- break; -- case DH_COMPUTE_KEY: -- case ECDH_COMPUTE_KEY: -- pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0); -- break; -- default: -- return -EINVAL; -- } -- -- if (IS_ERR_OR_NULL(pkc->s)) -- return -EINVAL; -+ int ret; - - init_completion(&pkc->result.completion); -- pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); -- -- if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { -- ret = -ENOMEM; -- goto error; -- } -- pkc_requested->type = pkc_req->type; -- pkc_requested->curve_type = pkc_req->curve_type; -- memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); -- pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, -+ pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG, - cryptodev_complete_asym, pkc); -- ret = crypto_pkc_op(pkc_requested); -+ ret = crypto_pkc_op(pkc->req); - if (ret != -EINPROGRESS && ret != 0) -- goto error2; -+ goto error; - - if (pkc->type == SYNCHRONOUS) - ret = waitfor(&pkc->result, ret); - - return ret; --error2: -- kfree(pkc_requested); -+ - error: -+ kfree(pkc->req); - crypto_free_pkc(pkc->s); - return ret; - } -diff --git a/cryptlib.h b/cryptlib.h -index 7ffa54c..4fac0c8 100644 ---- a/cryptlib.h -+++ b/cryptlib.h -@@ -110,8 +110,7 @@ struct cryptodev_pkc { - struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ - struct cryptodev_result result; /* Result to be updated by - completion handler */ -- struct pkc_request req; /* PKC request structure allocated -- from CryptoAPI */ -+ struct pkc_request *req; /* PKC request allocated from CryptoAPI */ - enum offload_type type; /* Synchronous Vs Asynchronous request */ - /* - * cookie used for transfering tranparent information from async -diff --git a/ioctl.c b/ioctl.c -index ee0486c..797b73c 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -708,26 +708,25 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - int ret = 0; - struct kernel_crypt_kop *kop = &pkc->kop; - struct crypt_kop *ckop = &kop->kop; -- struct pkc_request *pkc_req = &pkc->req; - - switch (ckop->crk_op) { - case CRK_MOD_EXP: - { -- struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; -+ struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req; - copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); - } - break; - case CRK_MOD_EXP_CRT: - { -- struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3; -+ struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3; - copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); - } - break; - case CRK_DSA_SIGN: - { -- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; -+ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; - -- if (pkc_req->type == ECDSA_SIGN) { -+ if (pkc->req->type == ECDSA_SIGN) { - copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); - copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); - } else { -@@ -740,8 +739,8 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - break; - case CRK_DH_COMPUTE_KEY: - { -- struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; -- if (pkc_req->type == ECDH_COMPUTE_KEY) -+ struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req; -+ if (pkc->req->type == ECDH_COMPUTE_KEY) - copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); - else - copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); -@@ -750,9 +749,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - case CRK_DSA_GENERATE_KEY: - case CRK_DH_GENERATE_KEY: - { -- struct keygen_req_s *key_req = &pkc_req->req_u.keygen; -+ struct keygen_req_s *key_req = &pkc->req->req_u.keygen; - -- if (pkc_req->type == ECC_KEYGEN) { -+ if (pkc->req->type == ECC_KEYGEN) { - copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, - key_req->pub_key_len); - copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, -diff --git a/main.c b/main.c -index af66553..ed1c69a 100644 ---- a/main.c -+++ b/main.c -@@ -186,8 +186,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; - struct crypt_kop *cop = &kop->kop; -- struct pkc_request *pkc_req = &pkc->req; -- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; -+ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; - int rc, buf_size; - uint8_t *buf; - -@@ -210,10 +209,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) - if (cop->crk_iparams == 6) { - dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; - buf_size += dsa_req->ab_len; -- pkc_req->type = ECDSA_SIGN; -- pkc_req->curve_type = cop->curve_type; -- } else { -- pkc_req->type = DSA_SIGN; -+ pkc->req->curve_type = cop->curve_type; - } - - buf = kmalloc(buf_size, GFP_DMA); -@@ -269,7 +265,6 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; - struct crypt_kop *cop = &kop->kop; -- struct pkc_request *pkc_req; - struct dsa_verify_req_s *dsa_req; - int rc, buf_size; - uint8_t *buf; -@@ -281,8 +276,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) - !cop->crk_param[7].crp_nbits)) - return -EINVAL; - -- pkc_req = &pkc->req; -- dsa_req = &pkc_req->req_u.dsa_verify; -+ dsa_req = &pkc->req->req_u.dsa_verify; - dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; - dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; - dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; -@@ -295,10 +289,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) - if (cop->crk_iparams == 8) { - dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; - buf_size += dsa_req->ab_len; -- pkc_req->type = ECDSA_VERIFY; -- pkc_req->curve_type = cop->curve_type; -- } else { -- pkc_req->type = DSA_VERIFY; -+ pkc->req->curve_type = cop->curve_type; - } - - buf = kmalloc(buf_size, GFP_DMA); -@@ -351,7 +342,6 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; - struct crypt_kop *cop = &kop->kop; -- struct pkc_request *pkc_req; - struct rsa_keygen_req_s *key_req; - int rc, buf_size; - uint8_t *buf; -@@ -362,9 +352,7 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) - !cop->crk_param[6].crp_nbits) - return -EINVAL; - -- pkc_req = &pkc->req; -- pkc_req->type = RSA_KEYGEN; -- key_req = &pkc_req->req_u.rsa_keygen; -+ key_req = &pkc->req->req_u.rsa_keygen; - key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; - key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; - key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; -@@ -427,7 +415,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; - struct crypt_kop *cop = &kop->kop; -- struct pkc_request *pkc_req; - struct keygen_req_s *key_req; - int rc, buf_size; - uint8_t *buf; -@@ -437,8 +424,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - !cop->crk_param[4].crp_nbits) - return -EINVAL; - -- pkc_req = &pkc->req; -- key_req = &pkc_req->req_u.keygen; -+ key_req = &pkc->req->req_u.keygen; - key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; - key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; - key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; -@@ -447,7 +433,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; - buf_size = key_req->q_len + key_req->r_len + key_req->g_len + - key_req->pub_key_len + key_req->priv_key_len; -- pkc_req->type = DLC_KEYGEN; - } else { - key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; - key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; -@@ -455,8 +440,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - buf_size = key_req->q_len + key_req->r_len + key_req->g_len + - key_req->pub_key_len + key_req->priv_key_len + - key_req->ab_len; -- pkc_req->type = ECC_KEYGEN; -- pkc_req->curve_type = cop->curve_type; -+ pkc->req->curve_type = cop->curve_type; - } - - buf = kmalloc(buf_size, GFP_DMA); -@@ -508,26 +492,22 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; - struct crypt_kop *cop = &kop->kop; -- struct pkc_request *pkc_req; - struct dh_key_req_s *dh_req; - int buf_size; - uint8_t *buf; - int rc = -EINVAL; - -- pkc_req = &pkc->req; -- dh_req = &pkc_req->req_u.dh_req; -+ dh_req = &pkc->req->req_u.dh_req; - dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; - dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; - dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; - buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; - if (cop->crk_iparams == 4) { -- pkc_req->type = ECDH_COMPUTE_KEY; - dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; - dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; - buf_size += dh_req->ab_len; - } else { - dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; -- pkc_req->type = DH_COMPUTE_KEY; - } - buf_size += dh_req->z_len; - buf = kmalloc(buf_size, GFP_DMA); -@@ -539,7 +519,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) - dh_req->z = dh_req->pub_key + dh_req->pub_key_len; - if (cop->crk_iparams == 4) { - dh_req->ab = dh_req->z + dh_req->z_len; -- pkc_req->curve_type = cop->curve_type; -+ pkc->req->curve_type = cop->curve_type; - copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, - dh_req->ab_len); - } -@@ -573,7 +553,6 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) - { - struct kernel_crypt_kop *kop = &pkc->kop; - struct crypt_kop *cop = &kop->kop; -- struct pkc_request *pkc_req; - struct rsa_priv_frm3_req_s *rsa_req; - int rc; - uint8_t *buf; -@@ -583,9 +562,7 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) - !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) - return -EINVAL; - -- pkc_req = &pkc->req; -- pkc_req->type = RSA_PRIV_FORM3; -- rsa_req = &pkc_req->req_u.rsa_priv_f3; -+ rsa_req = &pkc->req->req_u.rsa_priv_f3; - rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; - rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; - rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; -@@ -632,7 +609,6 @@ err: - - int crypto_bn_modexp(struct cryptodev_pkc *pkc) - { -- struct pkc_request *pkc_req; - struct rsa_pub_req_s *rsa_req; - int rc; - struct kernel_crypt_kop *kop = &pkc->kop; -@@ -643,9 +619,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) - !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) - return -EINVAL; - -- pkc_req = &pkc->req; -- pkc_req->type = RSA_PUB; -- rsa_req = &pkc_req->req_u.rsa_pub_req; -+ rsa_req = &pkc->req->req_u.rsa_pub_req; - rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; - rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; - rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; -@@ -680,56 +654,116 @@ err: - return rc; - } - -+static struct { -+ char *alg_name; -+ u32 type; -+ u32 mask; -+} pkc_alg_list[] = { -+ {"pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0}, -+ {"pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0}, -+ {"pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0}, -+}; -+ - int crypto_run_asym(struct cryptodev_pkc *pkc) - { -- int ret = -EINVAL; -+ int err = -EINVAL; -+ int id; - struct kernel_crypt_kop *kop = &pkc->kop; -+ enum pkc_req_type pkc_req_type; -+ int (*call_next_action)(struct cryptodev_pkc *pkc); - - switch (kop->kop.crk_op) { - case CRK_MOD_EXP: - if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) -- goto err; -- -- ret = crypto_bn_modexp(pkc); -+ return err; -+ pkc_req_type = RSA_PUB; -+ id = 0; -+ call_next_action = crypto_bn_modexp; - break; - case CRK_MOD_EXP_CRT: - if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) -- goto err; -- -- ret = crypto_modexp_crt(pkc); -+ return err; -+ pkc_req_type = RSA_PRIV_FORM3; -+ id = 0; -+ call_next_action = crypto_modexp_crt; - break; - case CRK_DSA_SIGN: -- if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || -- kop->kop.crk_oparams != 2) -- goto err; -- -- ret = crypto_kop_dsasign(pkc); -+ if (kop->kop.crk_oparams != 2) -+ return err; -+ else if (kop->kop.crk_iparams == 5) -+ pkc_req_type = DSA_SIGN; -+ else if (kop->kop.crk_iparams == 6) -+ pkc_req_type = ECDSA_SIGN; -+ else -+ return err; -+ id = 1; -+ call_next_action = crypto_kop_dsasign; - break; - case CRK_DSA_VERIFY: -- if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || -- kop->kop.crk_oparams != 0) -- goto err; -- -- ret = crypto_kop_dsaverify(pkc); -+ if (kop->kop.crk_oparams != 0) -+ return err; -+ else if (kop->kop.crk_iparams == 7) -+ pkc_req_type = DSA_VERIFY; -+ else if (kop->kop.crk_iparams == 8) -+ pkc_req_type = ECDSA_VERIFY; -+ else -+ return err; -+ id = 1; -+ call_next_action = crypto_kop_dsaverify; - break; - case CRK_DH_COMPUTE_KEY: -- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || -- kop->kop.crk_oparams != 1) -- goto err; -- ret = crypto_kop_dh_key(pkc); -+ if (kop->kop.crk_oparams != 1) -+ return err; -+ else if (kop->kop.crk_iparams == 3) -+ pkc_req_type = DH_COMPUTE_KEY; -+ else if (kop->kop.crk_iparams == 4) -+ pkc_req_type = ECDH_COMPUTE_KEY; -+ else -+ return err; -+ id = 2; -+ call_next_action = crypto_kop_dh_key; - break; - case CRK_DH_GENERATE_KEY: - case CRK_DSA_GENERATE_KEY: -- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) -- goto err; -- ret = crypto_kop_keygen(pkc); -+ if (kop->kop.crk_iparams == 3) -+ pkc_req_type = DLC_KEYGEN; -+ else if (kop->kop.crk_iparams == 4) -+ pkc_req_type = ECC_KEYGEN; -+ else -+ return err; -+ id = 1; -+ call_next_action = crypto_kop_keygen; - break; - case CRK_RSA_GENERATE_KEY: -- ret = crypto_kop_rsa_keygen(pkc); -+ pkc_req_type = RSA_KEYGEN; -+ id = 0; -+ call_next_action = crypto_kop_rsa_keygen; - break; -+ default: -+ return err; - } --err: -- return ret; -+ err = -ENOMEM; -+ pkc->s = crypto_alloc_pkc(pkc_alg_list[id].alg_name, -+ pkc_alg_list[id].type, -+ pkc_alg_list[id].mask); -+ if (IS_ERR_OR_NULL(pkc->s)) -+ return err; -+ -+ pkc->req = pkc_request_alloc(pkc->s, GFP_KERNEL); -+ if (IS_ERR_OR_NULL(pkc->req)) -+ goto out_free_tfm; -+ -+ /* todo - fix alloc-free on error path */ -+ pkc->req->type = pkc_req_type; -+ err = call_next_action(pkc); -+ if (pkc->type == SYNCHRONOUS) -+ kfree(pkc->req); -+ -+ return err; -+ -+out_free_tfm: -+ crypto_free_pkc(pkc->s); -+ return err; - } - - int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch b/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch deleted file mode 100644 index 949fe12..0000000 --- a/recipes-kernel/cryptodev/files/0015-fix-pkc-request-deallocation.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8361f99c940fbe270fca2112dae3d97c9a5776d6 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 23 Feb 2015 15:28:22 +0200 -Subject: [PATCH 15/15] fix pkc request deallocation - -The request to be freed is actually pkc->req, and should be done inside -the fetch ioctl for ASYNC (this patch) and in crypt ioctl for SYNC -operations. - -Change-Id: I6f046f2ebeae4cb513a419996ca96b52e37468ed -Signed-off-by: Cristian Stoica -Reviewed-on: http://git.am.freescale.net:8181/34224 ---- - ioctl.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/ioctl.c b/ioctl.c -index 797b73c..da3a842 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -114,8 +114,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) - /* wake for POLLIN */ - wake_up_interruptible(&pcr->user_waiter); - } -- -- kfree(req); - } - - #define FILL_SG(sg, ptr, len) \ -@@ -1113,6 +1111,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - cookie_list.cookie[i] = pkc->kop.kop.cookie; - cookie_list.status[i] = pkc->result.err; - } -+ kfree(pkc->req); - kfree(pkc); - } else { - spin_unlock_bh(&pcr->completion_lock); --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch b/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch deleted file mode 100644 index cefb6dc..0000000 --- a/recipes-kernel/cryptodev/files/0016-add-basic-detection-of-asym-features.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 586bc4a6cd1014c57364020013062f07a8861e38 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 20 Apr 2015 13:18:47 +0300 -Subject: [PATCH] add basic detection of asym features - -Change-Id: I3b3ba8664bf631a63be1f11e715024509e20f841 -Signed-off-by: Cristian Stoica ---- - ioctl.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/ioctl.c b/ioctl.c -index da3a842..53dbf64 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -977,10 +977,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - - switch (cmd) { - case CIOCASYMFEAT: -- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | -- CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | -- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | -- CRF_RSA_GENERATE_KEY, p); -+ ses = 0; -+ if (crypto_has_alg("pkc(rsa)", 0, 0)) -+ ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY; -+ if (crypto_has_alg("pkc(dsa)", 0, 0)) -+ ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY; -+ if (crypto_has_alg("pkc(dh)", 0, 0)) -+ ses |= CRF_DH_COMPUTE_KEY |CRF_DH_GENERATE_KEY; -+ return put_user(ses, p); - case CRIOGET: - fd = clonefd(filp); - ret = put_user(fd, p); --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch b/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch deleted file mode 100644 index b3c36b3..0000000 --- a/recipes-kernel/cryptodev/files/0017-remove-dead-code.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 0ca641091b4113d73e75d30ef530c88836849308 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Fri, 29 May 2015 15:28:47 +0300 -Subject: [PATCH 17/20] remove dead code - -Functions kop_to_user and compat_kop_to_user are never used. Delete them -to avoid compiler warnings. - - -crypto/../../cryptodev-linux/ioctl.c:841:12: warning: 'kop_to_user' defined but not used [-Wunused-function] - static int kop_to_user(struct kernel_crypt_kop *kop, - ^ -crypto/../../cryptodev-linux/ioctl.c: At top level: -crypto/../../cryptodev-linux/ioctl.c:1195:12: warning: 'compat_kop_to_user' defined but not used [-Wunused-function] - static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) - ^ -Signed-off-by: Tudor Ambarus -Signed-off-by: Cristian Stoica -Change-Id: I6bd8a7eb6144224a20cd400813ab15a7a192dbb1 -Reviewed-on: http://git.am.freescale.net:8181/37440 ---- - ioctl.c | 22 ---------------------- - 1 file changed, 22 deletions(-) - -diff --git a/ioctl.c b/ioctl.c -index 53dbf64..39635a4 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -838,16 +838,6 @@ static int kop_from_user(struct kernel_crypt_kop *kop, - return fill_kop_from_cop(kop); - } - --static int kop_to_user(struct kernel_crypt_kop *kop, -- void __user *arg) --{ -- if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { -- dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); -- return -EFAULT; -- } -- return 0; --} -- - static int kcop_from_user(struct kernel_crypt_op *kcop, - struct fcrypt *fcr, void __user *arg) - { -@@ -1192,18 +1182,6 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop, - compat->curve_type = kop->curve_type; - } - --static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) --{ -- struct compat_crypt_kop compat_kop; -- -- crypt_kop_to_compat(&kop->kop, &compat_kop); -- if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { -- dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); -- return -EFAULT; -- } -- return 0; --} -- - static inline void - compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) - { --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch b/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch deleted file mode 100644 index bf93f5b..0000000 --- a/recipes-kernel/cryptodev/files/0018-fix-compat-warnings.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 596378a22532908487f2c5e4d717c5ae618c4c7d Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Tue, 2 Jun 2015 10:44:12 +0300 -Subject: [PATCH 18/20] fix compat warnings - - CC [M] crypto/../../cryptodev-linux/ioctl.o -crypto/../../cryptodev-linux/ioctl.c: In function 'compat_to_crypt_kop': -crypto/../../cryptodev-linux/ioctl.c:1161:14: warning: assignment makes pointer from integer without a cast - kop->cookie = compat->cookie; - ^ -crypto/../../cryptodev-linux/ioctl.c: In function 'crypt_kop_to_compat': -crypto/../../cryptodev-linux/ioctl.c:1191:17: warning: assignment makes integer from pointer without a cast - compat->cookie = kop->cookie; - ^ -crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl': -crypto/../../cryptodev-linux/ioctl.c:1430:28: warning: assignment makes integer from pointer without a cast - cookie_list.cookie[i] = - ^ - -Signed-off-by: Tudor Ambarus -Change-Id: Id851408c0c743c01447f3b0ced38fbc1ae94d4db -Reviewed-on: http://git.am.freescale.net:8181/37442 -Reviewed-by: Cristian Stoica -Tested-by: Cristian Stoica ---- - ioctl.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/ioctl.c b/ioctl.c -index 39635a4..f3ce2f6 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -1148,7 +1148,7 @@ static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, - } - - kop->curve_type = compat->curve_type; -- kop->cookie = compat->cookie; -+ kop->cookie = compat_ptr(compat->cookie); - } - - static int compat_kop_from_user(struct kernel_crypt_kop *kop, -@@ -1178,7 +1178,7 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop, - ptr_to_compat(kop->crk_param[i].crp_p); - compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; - } -- compat->cookie = kop->cookie; -+ compat->cookie = ptr_to_compat(kop->cookie); - compat->curve_type = kop->curve_type; - } - -@@ -1405,8 +1405,8 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - ret = crypto_async_fetch_asym(pkc); - if (!ret) { - cookie_list.cookie_available++; -- cookie_list.cookie[i] = -- pkc->kop.kop.cookie; -+ cookie_list.cookie[i] = ptr_to_compat( -+ pkc->kop.kop.cookie); - } - kfree(pkc); - } else { --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch b/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch deleted file mode 100644 index a71cff4..0000000 --- a/recipes-kernel/cryptodev/files/0019-fix-size_t-print-format.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 1d10f06bef0f07980a08b387850c1daf1d3a8e87 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Tue, 2 Jun 2015 12:11:12 +0300 -Subject: [PATCH 19/20] fix size_t print format - - CC [M] crypto/../../cryptodev-linux/cryptlib.o -crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_cipher_init': -crypto/../../cryptodev-linux/cryptlib.c:146:5: warning: format '%u' expects argument of type 'unsigned int', but argument 6 has type 'size_t' [-Wformat=] - ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", - ^ -crypto/../../cryptodev-linux/cryptlib.c:173:3: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=] - ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); - ^ -crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_hash_init': -crypto/../../cryptodev-linux/cryptlib.c:340:4: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=] - ddebug(1, "Setting hmac key failed for %s-%u.", - ^ - -Signed-off-by: Tudor Ambarus -Change-Id: I67f2d79f68b4d62b598073c6a918a110523fadfd -Reviewed-on: http://git.am.freescale.net:8181/37443 -Reviewed-by: Cristian Stoica -Tested-by: Cristian Stoica ---- - cryptlib.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 5882a30..10f5e1a 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -143,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, - if (alg->max_keysize > 0 && - unlikely((keylen < alg->min_keysize) || - (keylen > alg->max_keysize))) { -- ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", -+ ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", - keylen, alg_name, alg->min_keysize, alg->max_keysize); - ret = -EINVAL; - goto error; -@@ -170,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, - } - - if (unlikely(ret)) { -- ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); -+ ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); - ret = -EINVAL; - goto error; - } -@@ -337,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, - if (hmac_mode != 0) { - ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); - if (unlikely(ret)) { -- ddebug(1, "Setting hmac key failed for %s-%u.", -+ ddebug(1, "Setting hmac key failed for %s-%zu.", - alg_name, mackeylen*8); - ret = -EINVAL; - goto error; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch b/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch deleted file mode 100644 index a97a2d4..0000000 --- a/recipes-kernel/cryptodev/files/0020-fix-uninitialized-variable-compiler-warning.patch +++ /dev/null @@ -1,38 +0,0 @@ -From be9f6a0dc90847dbb00307d23f47b8b3fc3ff130 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Fri, 29 May 2015 15:49:22 +0300 -Subject: [PATCH 20/20] fix uninitialized variable compiler warning - -crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl': -crypto/../../cryptodev-linux/ioctl.c:1445:2: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized] - return ret; - ^ - -Signed-off-by: Tudor Ambarus -Change-Id: Id5226fc97a3bb880ca6db86df58957122bbaa428 -Reviewed-on: http://git.am.freescale.net:8181/37441 -Reviewed-by: Cristian Stoica -Tested-by: Cristian Stoica ---- - ioctl.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ioctl.c b/ioctl.c -index f3ce2f6..7cd3c56 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -1387,9 +1387,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - case COMPAT_CIOCASYMFETCHCOOKIE: - { - struct cryptodev_pkc *pkc; -- int i = 0; -+ int i; - struct compat_pkc_cookie_list_s cookie_list; - -+ ret = 0; - cookie_list.cookie_available = 0; - - for (i = 0; i < MAX_COOKIES; i++) { --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch b/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch deleted file mode 100644 index 558d045..0000000 --- a/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch +++ /dev/null @@ -1,398 +0,0 @@ -From 4078382cfc69c0f5e582d485fe8cc778f9e458d1 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 21 Sep 2015 16:39:52 +0300 -Subject: [PATCH 21/23] check return codes for copy to/from user functions - -- these functions may fail and we should check their return codes. -- fix an unintended fall-through in CRK_DSA_GENERATE_KEY -- fix incorrect return code for CIOCASYMFETCHCOOKIE - -Signed-off-by: Cristian Stoica ---- - ioctl.c | 42 +++++++-------- - main.c | 183 ++++++++++++++++++++++++++++++---------------------------------- - 2 files changed, 108 insertions(+), 117 deletions(-) - -diff --git a/ioctl.c b/ioctl.c -index 7cd3c56..8fa3e5c 100644 ---- a/ioctl.c -+++ b/ioctl.c -@@ -711,13 +711,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - case CRK_MOD_EXP: - { - struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req; -- copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); -+ ret = copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); - } - break; - case CRK_MOD_EXP_CRT: - { - struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3; -- copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); -+ ret = copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); - } - break; - case CRK_DSA_SIGN: -@@ -725,11 +725,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; - - if (pkc->req->type == ECDSA_SIGN) { -- copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); -- copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); -+ ret = copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) || -+ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); - } else { -- copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len); -- copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); -+ ret = copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) || -+ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); - } - } - break; -@@ -739,9 +739,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - { - struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req; - if (pkc->req->type == ECDH_COMPUTE_KEY) -- copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); -+ ret = copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); - else -- copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); -+ ret = copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); - } - break; - case CRK_DSA_GENERATE_KEY: -@@ -750,16 +750,17 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) - struct keygen_req_s *key_req = &pkc->req->req_u.keygen; - - if (pkc->req->type == ECC_KEYGEN) { -- copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, -- key_req->pub_key_len); -- copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, -+ ret = copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, -+ key_req->pub_key_len) || -+ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, - key_req->priv_key_len); - } else { -- copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, -- key_req->pub_key_len); -- copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, -+ ret = copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, -+ key_req->pub_key_len) || -+ copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, - key_req->priv_key_len); - } -+ break; - } - default: - ret = -EINVAL; -@@ -1115,14 +1116,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) - - /* Reflect the updated request to user-space */ - if (cookie_list.cookie_available) { -- copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); -+ ret = copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); - } else { - struct pkc_cookie_list_s *user_ck_list = (void *)arg; -- put_user(0, &(user_ck_list->cookie_available)); -+ ret = put_user(0, &(user_ck_list->cookie_available)); - } -- ret = cookie_list.cookie_available; - } -- - return ret; - default: - return -EINVAL; -@@ -1417,9 +1416,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) - } - - /* Reflect the updated request to user-space */ -- if (cookie_list.cookie_available) -- copy_to_user(arg, &cookie_list, -- sizeof(struct compat_pkc_cookie_list_s)); -+ if (cookie_list.cookie_available) { -+ ret = copy_to_user(arg, &cookie_list, -+ sizeof(struct compat_pkc_cookie_list_s)); -+ } - } - return ret; - default: -diff --git a/main.c b/main.c -index ed1c69a..e5adb93 100644 ---- a/main.c -+++ b/main.c -@@ -223,31 +223,29 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) - dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; - dsa_req->c = dsa_req->m + dsa_req->m_len; - dsa_req->d = dsa_req->c + dsa_req->d_len; -- copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); -- copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); -- copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); -- copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); -- copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, -- dsa_req->priv_key_len); -+ rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) || -+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) || -+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) || -+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) || -+ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, dsa_req->priv_key_len); - if (cop->crk_iparams == 6) { - dsa_req->ab = dsa_req->d + dsa_req->d_len; -- copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, -+ rc = rc || copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, - dsa_req->ab_len); - } -+ if (rc) -+ goto err; -+ - rc = cryptodev_pkc_offload(pkc); - if (pkc->type == SYNCHRONOUS) { -- if (rc) -- goto err; - if (cop->crk_iparams == 6) { -- copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, -- dsa_req->d_len); -- copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, -- dsa_req->d_len); -+ rc = rc || -+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) || -+ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); - } else { -- copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, -- dsa_req->d_len); -- copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, -- dsa_req->d_len); -+ rc = rc || -+ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) || -+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); - } - } else { - if (rc != -EINPROGRESS && rc != 0) -@@ -303,31 +301,28 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) - dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; - dsa_req->c = dsa_req->m + dsa_req->m_len; - dsa_req->d = dsa_req->c + dsa_req->d_len; -- copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); -- copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); -- copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); -- copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); -- copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, -- dsa_req->pub_key_len); -+ rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) || -+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) || -+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) || -+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) || -+ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, dsa_req->pub_key_len); - if (cop->crk_iparams == 8) { - dsa_req->ab = dsa_req->d + dsa_req->d_len; -- copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, -- dsa_req->ab_len); -- copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, -- dsa_req->d_len); -- copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, -- dsa_req->d_len); -+ rc = rc || -+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, dsa_req->ab_len) || -+ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, dsa_req->d_len) || -+ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, dsa_req->d_len); - } else { -- copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, -- dsa_req->d_len); -- copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, -- dsa_req->d_len); -+ rc = rc || -+ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, dsa_req->d_len) || -+ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, dsa_req->d_len); - } -+ -+ if (rc) -+ goto err; -+ - rc = cryptodev_pkc_offload(pkc); -- if (pkc->type == SYNCHRONOUS) { -- if (rc) -- goto err; -- } else { -+ if (pkc->type != SYNCHRONOUS) { - if (rc != -EINPROGRESS && !rc) - goto err; - pkc->cookie = buf; -@@ -380,24 +375,15 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) - rc = cryptodev_pkc_offload(pkc); - - if (pkc->type == SYNCHRONOUS) { -- if (rc) -- goto err; -- -- copy_to_user(cop->crk_param[0].crp_p, -- key_req->p, key_req->p_len); -- copy_to_user(cop->crk_param[1].crp_p, -- key_req->q, key_req->q_len); -- copy_to_user(cop->crk_param[2].crp_p, -- key_req->n, key_req->n_len); -- copy_to_user(cop->crk_param[3].crp_p, -- key_req->d, key_req->d_len); -- copy_to_user(cop->crk_param[4].crp_p, -- key_req->dp, key_req->dp_len); -- copy_to_user(cop->crk_param[5].crp_p, -- key_req->dq, key_req->dq_len); -- copy_to_user(cop->crk_param[6].crp_p, -- key_req->c, key_req->c_len); -- } else { -+ rc = rc || -+ copy_to_user(cop->crk_param[0].crp_p, key_req->p, key_req->p_len) || -+ copy_to_user(cop->crk_param[1].crp_p, key_req->q, key_req->q_len) || -+ copy_to_user(cop->crk_param[2].crp_p, key_req->n, key_req->n_len) || -+ copy_to_user(cop->crk_param[3].crp_p, key_req->d, key_req->d_len) || -+ copy_to_user(cop->crk_param[4].crp_p, key_req->dp, key_req->dp_len) || -+ copy_to_user(cop->crk_param[5].crp_p, key_req->dq, key_req->dq_len) || -+ copy_to_user(cop->crk_param[6].crp_p, key_req->c, key_req->c_len); -+ } else { - if (rc != -EINPROGRESS && !rc) { - printk("%s: Failed\n", __func__); - goto err; -@@ -451,30 +437,33 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) - key_req->g = key_req->r + key_req->r_len; - key_req->pub_key = key_req->g + key_req->g_len; - key_req->priv_key = key_req->pub_key + key_req->pub_key_len; -- copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); -- copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); -- copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); -+ rc = copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len) || -+ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len) || -+ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); -+ - if (cop->crk_iparams == 4) { - key_req->ab = key_req->priv_key + key_req->priv_key_len; -- copy_from_user(key_req->ab, cop->crk_param[3].crp_p, -+ rc = rc || copy_from_user(key_req->ab, cop->crk_param[3].crp_p, - key_req->ab_len); - } - -+ if (rc) -+ goto err; -+ - rc = cryptodev_pkc_offload(pkc); - if (pkc->type == SYNCHRONOUS) { -- if (rc) -- goto err; -- - if (cop->crk_iparams == 4) { -- copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, -- key_req->pub_key_len); -- copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, -+ rc = rc || -+ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, -+ key_req->pub_key_len) || -+ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, - key_req->priv_key_len); - } else { -- copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, -- key_req->pub_key_len); -- copy_to_user(cop->crk_param[4].crp_p, -- key_req->priv_key, key_req->priv_key_len); -+ rc = rc || -+ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, -+ key_req->pub_key_len) || -+ copy_to_user(cop->crk_param[4].crp_p, key_req->priv_key, -+ key_req->priv_key_len); - } - } else { - if (rc != -EINPROGRESS && !rc) -@@ -495,7 +484,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) - struct dh_key_req_s *dh_req; - int buf_size; - uint8_t *buf; -- int rc = -EINVAL; -+ int rc = 0; - - dh_req = &pkc->req->req_u.dh_req; - dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; -@@ -520,22 +509,23 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) - if (cop->crk_iparams == 4) { - dh_req->ab = dh_req->z + dh_req->z_len; - pkc->req->curve_type = cop->curve_type; -- copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, -- dh_req->ab_len); -+ rc = copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, dh_req->ab_len); - } -- copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); -- copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, -- dh_req->pub_key_len); -- copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); -+ -+ rc = rc || -+ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len) || -+ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, dh_req->pub_key_len) || -+ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); -+ if (rc) -+ goto err; -+ - rc = cryptodev_pkc_offload(pkc); - if (pkc->type == SYNCHRONOUS) { -- if (rc) -- goto err; - if (cop->crk_iparams == 4) -- copy_to_user(cop->crk_param[4].crp_p, dh_req->z, -+ rc = rc || copy_to_user(cop->crk_param[4].crp_p, dh_req->z, - dh_req->z_len); - else -- copy_to_user(cop->crk_param[3].crp_p, dh_req->z, -+ rc = rc || copy_to_user(cop->crk_param[3].crp_p, dh_req->z, - dh_req->z_len); - } else { - if (rc != -EINPROGRESS && rc != 0) -@@ -582,19 +572,19 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) - rsa_req->dq = rsa_req->dp + rsa_req->dp_len; - rsa_req->c = rsa_req->dq + rsa_req->dq_len; - rsa_req->f = rsa_req->c + rsa_req->c_len; -- copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); -- copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); -- copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); -- copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); -- copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); -- copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); -+ rc = copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len) || -+ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len) || -+ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len) || -+ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len) || -+ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len) || -+ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); -+ if (rc) -+ goto err; -+ - rc = cryptodev_pkc_offload(pkc); - - if (pkc->type == SYNCHRONOUS) { -- if (rc) -- goto err; -- copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, -- rsa_req->f_len); -+ rc = rc || copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); - } else { - if (rc != -EINPROGRESS && rc != 0) - goto err; -@@ -633,14 +623,15 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) - rsa_req->f = rsa_req->e + rsa_req->e_len; - rsa_req->g = rsa_req->f + rsa_req->f_len; - rsa_req->n = rsa_req->g + rsa_req->g_len; -- copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); -- copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); -- copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); -+ rc = copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len) || -+ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len) || -+ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); -+ if (rc) -+ goto err; -+ - rc = cryptodev_pkc_offload(pkc); - if (pkc->type == SYNCHRONOUS) { -- if (rc) -- goto err; -- copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); -+ rc = rc || copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); - } else { - if (rc != -EINPROGRESS && rc != 0) - goto err; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch b/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch deleted file mode 100644 index 6e747e0..0000000 --- a/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 85146b8429ba11bd0be68c24c17dd77b21ec8c25 Mon Sep 17 00:00:00 2001 -From: Cristian Stoica -Date: Mon, 12 Oct 2015 23:03:28 +0300 -Subject: [PATCH 22/23] fix double free pkc->req on error - -Signed-off-by: Cristian Stoica ---- - main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/main.c b/main.c -index e5adb93..ec11129 100644 ---- a/main.c -+++ b/main.c -@@ -747,7 +747,7 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) - /* todo - fix alloc-free on error path */ - pkc->req->type = pkc_req_type; - err = call_next_action(pkc); -- if (pkc->type == SYNCHRONOUS) -+ if (err == 0 && pkc->type == SYNCHRONOUS) - kfree(pkc->req); - - return err; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch b/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch deleted file mode 100644 index 32c3ddd..0000000 --- a/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 7d0d0deb255f8c59b0cf6d3944ee2e3be4133b4c Mon Sep 17 00:00:00 2001 -From: Alex Porosanu -Date: Mon, 19 Oct 2015 11:53:11 +0300 -Subject: [PATCH 23/23] remove MAY_BACKLOG flag from requests - -cryptodev doesn't implement the backlogging mechanism properly, -since it misses the possibility of sleeping and waiting for -wake-up when the crypto driver below starts working on the -submitted backloggable request. -In case the crypto driver below implements backlogging mechanisms, -this can lead to side-effects such as working on previously-free'ed -data. -This patch removes the MAY_BACKLOG flag from the requests. - -Change-Id: Ia3d822b1abfc1a51e2ce3e9682476b2c99d19c5a -Signed-off-by: Alex Porosanu ---- - cryptlib.c | 14 +++++--------- - 1 file changed, 5 insertions(+), 9 deletions(-) - -diff --git a/cryptlib.c b/cryptlib.c -index 10f5e1a..eba4616 100644 ---- a/cryptlib.c -+++ b/cryptlib.c -@@ -194,8 +194,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, - goto error; - } - -- ablkcipher_request_set_callback(out->async.request, -- CRYPTO_TFM_REQ_MAY_BACKLOG, -+ ablkcipher_request_set_callback(out->async.request, 0, - cryptodev_complete, out->async.result); - } else { - out->async.arequest = aead_request_alloc(out->async.as, GFP_KERNEL); -@@ -205,8 +204,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, - goto error; - } - -- aead_request_set_callback(out->async.arequest, -- CRYPTO_TFM_REQ_MAY_BACKLOG, -+ aead_request_set_callback(out->async.arequest, 0, - cryptodev_complete, out->async.result); - } - -@@ -362,9 +360,8 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, - goto error; - } - -- ahash_request_set_callback(hdata->async.request, -- CRYPTO_TFM_REQ_MAY_BACKLOG, -- cryptodev_complete, hdata->async.result); -+ ahash_request_set_callback(hdata->async.request, 0, -+ cryptodev_complete, hdata->async.result); - - ret = crypto_ahash_init(hdata->async.request); - if (unlikely(ret)) { -@@ -439,8 +436,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) - int ret; - - init_completion(&pkc->result.completion); -- pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG, -- cryptodev_complete_asym, pkc); -+ pkc_request_set_callback(pkc->req, 0, cryptodev_complete_asym, pkc); - ret = crypto_pkc_op(pkc->req); - if (ret != -EINPROGRESS && ret != 0) - goto error; --- -2.3.5 - diff --git a/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch b/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch deleted file mode 100644 index 8d0bd8b..0000000 --- a/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 53e4d0fe4a334dae3df32b2053e4ebdfda2e9148 Mon Sep 17 00:00:00 2001 -From: Tudor Ambarus -Date: Tue, 27 Oct 2015 15:51:02 +0200 -Subject: [PATCH] fix COMPAT_CIOCKEY ioctl command number - -CIOCKEY and COMPAT_CIOCKEY had different command numbers, -so that 32-bit applications got EINVAL error on 64-bit kernel. - -Signed-off-by: Tudor Ambarus ---- - cryptodev_int.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cryptodev_int.h b/cryptodev_int.h -index c83c885..cb005d7 100644 ---- a/cryptodev_int.h -+++ b/cryptodev_int.h -@@ -132,7 +132,7 @@ struct compat_crypt_auth_op { - /* compat ioctls, defined for the above structs */ - #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) - #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) --#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) -+#define COMPAT_CIOCKEY _IOWR('c', 105, struct compat_crypt_kop) - #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) - #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) - #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) --- -2.3.3 - diff --git a/recipes-kernel/cryptodev/sdk_patches/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/sdk_patches/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch new file mode 100644 index 0000000..b8d2a00 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch @@ -0,0 +1,52 @@ +From 25a68839e3aab5acebcbe51f7fbe9d2d26216bc0 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 29 Aug 2013 16:52:30 +0300 +Subject: [PATCH 01/38] add support for composite TLS10(SHA1,AES) algorithm + offload + +This adds support for composite algorithm offload as a primitive +crypto (cipher + hmac) operation. + +It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm +provided either in software or accelerated by hardware such as +Freescale B*, P* and T* platforms. + +Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/17218 +--- + crypto/cryptodev.h | 1 + + ioctl.c | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 7fb9c7d..c0e8cd4 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t { + CRYPTO_SHA2_384, + CRYPTO_SHA2_512, + CRYPTO_SHA2_224_HMAC, ++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index b23f5fd..a3f8379 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 1; + aead = 1; + break; ++ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: ++ alg_name = "tls10(hmac(sha1),cbc(aes))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_NULL: + alg_name = "ecb(cipher_null)"; + stream = 1; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/recipes-kernel/cryptodev/sdk_patches/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch new file mode 100644 index 0000000..d83da97 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch @@ -0,0 +1,207 @@ +From d9f27d08708556e22e1b1dc87b0495896879ca66 Mon Sep 17 00:00:00 2001 +From: Horia Geanta +Date: Wed, 4 Dec 2013 15:43:41 +0200 +Subject: [PATCH 02/38] add support for COMPAT_CIOCAUTHCRYPT ioctl() + +Upstream-status: Pending + +Needed for 64b kernel with 32b user space. + +Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1 +Signed-off-by: Horia Geanta +Tested-by: Cristian Stoica +--- + authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + cryptodev_int.h | 40 +++++++++++++++++++++++++++++ + ioctl.c | 16 ++++++++++++ + 3 files changed, 134 insertions(+) + +diff --git a/authenc.c b/authenc.c +index 1bd7377..ef0d3db 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp + return 0; + } + ++/* compatibility code for 32bit userlands */ ++#ifdef CONFIG_COMPAT ++ ++static inline void ++compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat, ++ struct crypt_auth_op *caop) ++{ ++ caop->ses = compat->ses; ++ caop->op = compat->op; ++ caop->flags = compat->flags; ++ caop->len = compat->len; ++ caop->auth_len = compat->auth_len; ++ caop->tag_len = compat->tag_len; ++ caop->iv_len = compat->iv_len; ++ ++ caop->auth_src = compat_ptr(compat->auth_src); ++ caop->src = compat_ptr(compat->src); ++ caop->dst = compat_ptr(compat->dst); ++ caop->tag = compat_ptr(compat->tag); ++ caop->iv = compat_ptr(compat->iv); ++} ++ ++static inline void ++crypt_auth_op_to_compat(struct crypt_auth_op *caop, ++ struct compat_crypt_auth_op *compat) ++{ ++ compat->ses = caop->ses; ++ compat->op = caop->op; ++ compat->flags = caop->flags; ++ compat->len = caop->len; ++ compat->auth_len = caop->auth_len; ++ compat->tag_len = caop->tag_len; ++ compat->iv_len = caop->iv_len; ++ ++ compat->auth_src = ptr_to_compat(caop->auth_src); ++ compat->src = ptr_to_compat(caop->src); ++ compat->dst = ptr_to_compat(caop->dst); ++ compat->tag = ptr_to_compat(caop->tag); ++ compat->iv = ptr_to_compat(caop->iv); ++} ++ ++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg) ++{ ++ struct compat_crypt_auth_op compat_caop; ++ ++ if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) { ++ dprintk(1, KERN_ERR, "Error in copying from userspace\n"); ++ return -EFAULT; ++ } ++ ++ compat_to_crypt_auth_op(&compat_caop, &kcaop->caop); ++ ++ return fill_kcaop_from_caop(kcaop, fcr); ++} ++ ++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg) ++{ ++ int ret; ++ struct compat_crypt_auth_op compat_caop; ++ ++ ret = fill_caop_from_kcaop(kcaop, fcr); ++ if (unlikely(ret)) { ++ dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n"); ++ return ret; ++ } ++ ++ crypt_auth_op_to_compat(&kcaop->caop, &compat_caop); ++ ++ if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) { ++ dprintk(1, KERN_ERR, "Error in copying to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ ++#endif /* CONFIG_COMPAT */ + + int kcaop_from_user(struct kernel_crypt_auth_op *kcaop, + struct fcrypt *fcr, void __user *arg) +diff --git a/cryptodev_int.h b/cryptodev_int.h +index d7660fa..8e687e7 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -73,11 +73,42 @@ struct compat_crypt_op { + compat_uptr_t iv;/* initialization vector for encryption operations */ + }; + ++ /* input of CIOCAUTHCRYPT */ ++struct compat_crypt_auth_op { ++ uint32_t ses; /* session identifier */ ++ uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */ ++ uint16_t flags; /* see COP_FLAG_AEAD_* */ ++ uint32_t len; /* length of source data */ ++ uint32_t auth_len; /* length of auth data */ ++ compat_uptr_t auth_src; /* authenticated-only data */ ++ ++ /* The current implementation is more efficient if data are ++ * encrypted in-place (src==dst). */ ++ compat_uptr_t src; /* data to be encrypted and ++ authenticated */ ++ compat_uptr_t dst; /* pointer to output data. Must have ++ * space for tag. For TLS this should be ++ * at least len + tag_size + block_size ++ * for padding */ ++ ++ compat_uptr_t tag; /* where the tag will be copied to. TLS ++ * mode doesn't use that as tag is ++ * copied to dst. ++ * SRTP mode copies tag there. */ ++ uint32_t tag_len; /* the length of the tag. Use zero for ++ * digest size or max tag. */ ++ ++ /* initialization vector for encryption operations */ ++ compat_uptr_t iv; ++ uint32_t iv_len; ++}; ++ + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) ++#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) + + #endif /* CONFIG_COMPAT */ + +@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op { + + /* auth */ + ++#ifdef CONFIG_COMPAT ++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg); ++ ++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg); ++#endif /* CONFIG_COMPAT */ ++ ++ + int kcaop_from_user(struct kernel_crypt_auth_op *kcop, + struct fcrypt *fcr, void __user *arg); + int kcaop_to_user(struct kernel_crypt_auth_op *kcaop, +diff --git a/ioctl.c b/ioctl.c +index a3f8379..5a44807 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + struct session_op sop; + struct compat_session_op compat_sop; + struct kernel_crypt_op kcop; ++ struct kernel_crypt_auth_op kcaop; + int ret; + + if (unlikely(!pcr)) +@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + return ret; + + return compat_kcop_to_user(&kcop, fcr, arg); ++ ++ case COMPAT_CIOCAUTHCRYPT: ++ if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) { ++ dprintk(1, KERN_WARNING, "Error copying from user\n"); ++ return ret; ++ } ++ ++ ret = crypto_auth_run(fcr, &kcaop); ++ if (unlikely(ret)) { ++ dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n"); ++ return ret; ++ } ++ ++ return compat_kcaop_to_user(&kcaop, fcr, arg); ++ + #ifdef ENABLE_ASYNC + case COMPAT_CIOCASYNCCRYPT: + if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg))) +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0003-PKC-support-added-in-cryptodev-module.patch b/recipes-kernel/cryptodev/sdk_patches/0003-PKC-support-added-in-cryptodev-module.patch new file mode 100644 index 0000000..ffa0b45 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0003-PKC-support-added-in-cryptodev-module.patch @@ -0,0 +1,898 @@ +From 2bda43095b511e0052b3bc27b216ff9909cc03d2 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 06:16:09 +0545 +Subject: [PATCH 03/38] PKC support added in cryptodev module + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + cryptlib.c | 66 +++++++++- + cryptlib.h | 28 ++++ + crypto/cryptodev.h | 15 ++- + cryptodev_int.h | 20 ++- + ioctl.c | 196 +++++++++++++++++++++++++-- + main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 685 insertions(+), 18 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 44ce763..6900028 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -5,6 +5,8 @@ + * Portions Copyright (c) 2010 Michael Weiser + * Portions Copyright (c) 2010 Phil Sutter + * ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ * + * This file is part of linux cryptodev. + * + * This program is free software; you can redistribute it and/or +@@ -39,11 +41,6 @@ + #include "cryptodev_int.h" + + +-struct cryptodev_result { +- struct completion completion; +- int err; +-}; +- + static void cryptodev_complete(struct crypto_async_request *req, int err) + { + struct cryptodev_result *res = req->data; +@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret) + case 0: + break; + case -EINPROGRESS: +- case -EBUSY: + wait_for_completion(&cr->completion); + /* At this point we known for sure the request has finished, + * because wait_for_completion above was not interruptible. +@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) + return waitfor(hdata->async.result, ret); + } + ++int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) ++{ ++ int ret = 0; ++ struct pkc_request *pkc_req = &pkc->req, *pkc_requested; ++ ++ switch (pkc_req->type) { ++ case RSA_PUB: ++ case RSA_PRIV_FORM1: ++ case RSA_PRIV_FORM2: ++ case RSA_PRIV_FORM3: ++ pkc->s = crypto_alloc_pkc("pkc(rsa)", ++ CRYPTO_ALG_TYPE_PKC_RSA, 0); ++ break; ++ case DSA_SIGN: ++ case DSA_VERIFY: ++ case ECDSA_SIGN: ++ case ECDSA_VERIFY: ++ pkc->s = crypto_alloc_pkc("pkc(dsa)", ++ CRYPTO_ALG_TYPE_PKC_DSA, 0); ++ break; ++ case DH_COMPUTE_KEY: ++ case ECDH_COMPUTE_KEY: ++ pkc->s = crypto_alloc_pkc("pkc(dh)", ++ CRYPTO_ALG_TYPE_PKC_DH, 0); ++ break; ++ default: ++ return -EINVAL; ++ } ++ ++ if (IS_ERR_OR_NULL(pkc->s)) ++ return -EINVAL; ++ ++ init_completion(&pkc->result.completion); ++ pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); ++ ++ if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { ++ ret = -ENOMEM; ++ goto error; ++ } ++ pkc_requested->type = pkc_req->type; ++ pkc_requested->curve_type = pkc_req->curve_type; ++ memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); ++ pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, ++ cryptodev_complete_asym, pkc); ++ ret = crypto_pkc_op(pkc_requested); ++ if (ret != -EINPROGRESS && ret != 0) ++ goto error2; ++ ++ if (pkc->type == SYNCHRONOUS) ++ ret = waitfor(&pkc->result, ret); ++ ++ return ret; ++error2: ++ kfree(pkc_requested); ++error: ++ crypto_free_pkc(pkc->s); ++ return ret; ++} +diff --git a/cryptlib.h b/cryptlib.h +index a0a8a63..56d325a 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -1,3 +1,6 @@ ++/* ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ */ + #ifndef CRYPTLIB_H + # define CRYPTLIB_H + +@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata); + int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + int hmac_mode, void *mackey, size_t mackeylen); + ++/* Operation Type */ ++enum offload_type { ++ SYNCHRONOUS, ++ ASYNCHRONOUS ++}; ++ ++struct cryptodev_result { ++ struct completion completion; ++ int err; ++}; ++ ++struct cryptodev_pkc { ++ struct list_head list; /* To maintain the Jobs in completed ++ cryptodev lists */ ++ struct kernel_crypt_kop kop; ++ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ ++ struct cryptodev_result result; /* Result to be updated by ++ completion handler */ ++ struct pkc_request req; /* PKC request structure allocated ++ from CryptoAPI */ ++ enum offload_type type; /* Synchronous Vs Asynchronous request */ ++ void *cookie; /*Additional opaque cookie to be used in future */ ++ struct crypt_priv *priv; ++}; + ++int cryptodev_pkc_offload(struct cryptodev_pkc *); + #endif +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index c0e8cd4..96675fe 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -1,6 +1,10 @@ +-/* This is a source compatible implementation with the original API of ++/* ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ * ++ * This is a source compatible implementation with the original API of + * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. +- * Placed under public domain */ ++ * Placed under public domain ++ */ + + #ifndef L_CRYPTODEV_H + #define L_CRYPTODEV_H +@@ -245,6 +249,9 @@ struct crypt_kop { + __u16 crk_oparams; + __u32 crk_pad1; + struct crparam crk_param[CRK_MAXPARAM]; ++ enum curve_t curve_type; /* 0 == Discrete Log, ++ 1 = EC_PRIME, 2 = EC_BINARY */ ++ void *cookie; + }; + + enum cryptodev_crk_op_t { +@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t { + */ + #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) + #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) +- ++/* additional ioctls for asynchronous operation for asymmetric ciphers*/ ++#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) ++#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) + #endif /* L_CRYPTODEV_H */ +diff --git a/cryptodev_int.h b/cryptodev_int.h +index 8e687e7..fdbcc61 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -1,4 +1,6 @@ +-/* cipher stuff */ ++/* cipher stuff ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ */ + #ifndef CRYPTODEV_INT_H + # define CRYPTODEV_INT_H + +@@ -112,6 +114,14 @@ struct compat_crypt_auth_op { + + #endif /* CONFIG_COMPAT */ + ++/* kernel-internal extension to struct crypt_kop */ ++struct kernel_crypt_kop { ++ struct crypt_kop kop; ++ ++ struct task_struct *task; ++ struct mm_struct *mm; ++}; ++ + /* kernel-internal extension to struct crypt_op */ + struct kernel_crypt_op { + struct crypt_op cop; +@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop); + + #include + ++/* Cryptodev Key operation handler */ ++int crypto_bn_modexp(struct cryptodev_pkc *); ++int crypto_modexp_crt(struct cryptodev_pkc *); ++int crypto_kop_dsasign(struct cryptodev_pkc *); ++int crypto_kop_dsaverify(struct cryptodev_pkc *); ++int crypto_run_asym(struct cryptodev_pkc *); ++void cryptodev_complete_asym(struct crypto_async_request *, int); ++ + /* other internal structs */ + struct csession { + struct list_head entry; +diff --git a/ioctl.c b/ioctl.c +index 5a44807..69980e3 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -4,6 +4,7 @@ + * Copyright (c) 2004 Michal Ludvig , SuSE Labs + * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos + * Copyright (c) 2010 Phil Sutter ++ * Copyright 2012 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -89,8 +90,37 @@ struct crypt_priv { + int itemcount; + struct work_struct cryptask; + wait_queue_head_t user_waiter; ++ /* List of pending cryptodev_pkc asym requests */ ++ struct list_head asym_completed_list; ++ /* For addition/removal of entry in pending list of asymmetric request*/ ++ spinlock_t completion_lock; + }; + ++/* Asymmetric request Completion handler */ ++void cryptodev_complete_asym(struct crypto_async_request *req, int err) ++{ ++ struct cryptodev_pkc *pkc = req->data; ++ struct cryptodev_result *res = &pkc->result; ++ ++ crypto_free_pkc(pkc->s); ++ res->err = err; ++ if (pkc->type == SYNCHRONOUS) { ++ if (err == -EINPROGRESS) ++ return; ++ complete(&res->completion); ++ } else { ++ struct crypt_priv *pcr = pkc->priv; ++ unsigned long flags; ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ list_add_tail(&pkc->list, &pcr->asym_completed_list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ /* wake for POLLIN */ ++ wake_up_interruptible(&pcr->user_waiter); ++ } ++ ++ kfree(req); ++} ++ + #define FILL_SG(sg, ptr, len) \ + do { \ + (sg)->page = virt_to_page(ptr); \ +@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp) + INIT_LIST_HEAD(&pcr->free.list); + INIT_LIST_HEAD(&pcr->todo.list); + INIT_LIST_HEAD(&pcr->done.list); +- ++ INIT_LIST_HEAD(&pcr->asym_completed_list); ++ spin_lock_init(&pcr->completion_lock); + INIT_WORK(&pcr->cryptask, cryptask_routine); + + init_waitqueue_head(&pcr->user_waiter); +@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr, + } + #endif + ++/* get the first asym cipher completed job from the "done" queue ++ * ++ * returns: ++ * -EBUSY if no completed jobs are ready (yet) ++ * the return value otherwise */ ++static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) ++{ ++ int ret = 0; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *ckop = &kop->kop; ++ struct pkc_request *pkc_req = &pkc->req; ++ ++ switch (ckop->crk_op) { ++ case CRK_MOD_EXP: ++ { ++ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; ++ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, ++ rsa_req->g_len); ++ } ++ break; ++ case CRK_MOD_EXP_CRT: ++ { ++ struct rsa_priv_frm3_req_s *rsa_req = ++ &pkc_req->req_u.rsa_priv_f3; ++ copy_to_user(ckop->crk_param[6].crp_p, ++ rsa_req->f, rsa_req->f_len); ++ } ++ break; ++ case CRK_DSA_SIGN: ++ { ++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ ++ if (pkc_req->type == ECDSA_SIGN) { ++ copy_to_user(ckop->crk_param[6].crp_p, ++ dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[7].crp_p, ++ dsa_req->d, dsa_req->d_len); ++ } else { ++ copy_to_user(ckop->crk_param[5].crp_p, ++ dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[6].crp_p, ++ dsa_req->d, dsa_req->d_len); ++ } ++ } ++ break; ++ case CRK_DSA_VERIFY: ++ break; ++ case CRK_DH_COMPUTE_KEY: ++ { ++ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; ++ if (pkc_req->type == ECDH_COMPUTE_KEY) ++ copy_to_user(ckop->crk_param[4].crp_p, ++ dh_req->z, dh_req->z_len); ++ else ++ copy_to_user(ckop->crk_param[3].crp_p, ++ dh_req->z, dh_req->z_len); ++ } ++ break; ++ default: ++ ret = -EINVAL; ++ } ++ kfree(pkc->cookie); ++ return ret; ++} ++ ++/* this function has to be called from process context */ ++static int fill_kop_from_cop(struct kernel_crypt_kop *kop) ++{ ++ kop->task = current; ++ kop->mm = current->mm; ++ return 0; ++} ++ + /* this function has to be called from process context */ + static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + { +@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + + if (cop->iv) { + rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); +- if (unlikely(rc)) { +- derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", +- kcop->ivlen, rc, cop->iv); ++ if (unlikely(rc)) + return -EFAULT; +- } + } + + return 0; +@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + return 0; + } + ++static int kop_from_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop)))) ++ return -EFAULT; ++ ++ return fill_kop_from_cop(kop); ++} ++ ++static int kop_to_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { ++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static int kcop_from_user(struct kernel_crypt_op *kcop, + struct fcrypt *fcr, void __user *arg) + { +@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(0, p); ++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | ++ CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (unlikely(ret)) + return ret; + return copy_to_user(arg, &siop, sizeof(siop)); ++ case CIOCKEY: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ if (!pkc) ++ return -ENOMEM; ++ ++ ret = kop_from_user(&pkc->kop, arg); ++ if (unlikely(ret)) { ++ kfree(pkc); ++ return ret; ++ } ++ pkc->type = SYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ kfree(pkc); ++ } ++ return ret; + case CIOCCRYPT: + if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) { + dwarning(1, "Error copying from user"); +@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + return kcop_to_user(&kcop, fcr, arg); + #endif ++ case CIOCASYMASYNCRYPT: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ret = kop_from_user(&pkc->kop, arg); ++ ++ if (unlikely(ret)) ++ return -EINVAL; ++ ++ /* Store associated FD priv data with asymmetric request */ ++ pkc->priv = pcr; ++ pkc->type = ASYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ if (ret == -EINPROGRESS) ++ ret = 0; ++ } ++ return ret; ++ case CIOCASYMASYNFETCH: ++ { ++ struct cryptodev_pkc *pkc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ if (list_empty(&pcr->asym_completed_list)) { ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ return -ENOMEM; ++ } ++ pkc = list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ ret = crypto_async_fetch_asym(pkc); ++ ++ /* Reflect the updated request to user-space */ ++ if (!ret) ++ kop_to_user(&pkc->kop, arg); ++ kfree(pkc); ++ } ++ return ret; + default: + return -EINVAL; + } +@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait) + + poll_wait(file, &pcr->user_waiter, wait); + +- if (!list_empty_careful(&pcr->done.list)) ++ if (!list_empty_careful(&pcr->done.list) || ++ !list_empty_careful(&pcr->asym_completed_list)) + ret |= POLLIN | POLLRDNORM; +- if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE) ++ if (!list_empty_careful(&pcr->free.list) || ++ pcr->itemcount < MAX_COP_RINGSIZE) + ret |= POLLOUT | POLLWRNORM; + + return ret; +diff --git a/main.c b/main.c +index 57e5c38..0b7951e 100644 +--- a/main.c ++++ b/main.c +@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop) + return ret; + } + ++int crypto_kop_dsasign(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req = &pkc->req; ++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 && ++ !cop->crk_param[7].crp_nbits)) ++ return -EINVAL; ++ ++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + ++ dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len + ++ dsa_req->d_len; ++ if (cop->crk_iparams == 6) { ++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size += dsa_req->ab_len; ++ pkc_req->type = ECDSA_SIGN; ++ pkc_req->curve_type = cop->curve_type; ++ } else { ++ pkc_req->type = DSA_SIGN; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ ++ dsa_req->q = buf; ++ dsa_req->r = dsa_req->q + dsa_req->q_len; ++ dsa_req->g = dsa_req->r + dsa_req->r_len; ++ dsa_req->priv_key = dsa_req->g + dsa_req->g_len; ++ dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; ++ dsa_req->c = dsa_req->m + dsa_req->m_len; ++ dsa_req->d = dsa_req->c + dsa_req->d_len; ++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); ++ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, ++ dsa_req->priv_key_len); ++ if (cop->crk_iparams == 6) { ++ dsa_req->ab = dsa_req->d + dsa_req->d_len; ++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, ++ dsa_req->ab_len); ++ } ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ if (cop->crk_iparams == 6) { ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, ++ dsa_req->d_len); ++ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, ++ dsa_req->d_len); ++ } else { ++ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, ++ dsa_req->d_len); ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, ++ dsa_req->d_len); ++ } ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct dsa_verify_req_s *dsa_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 && ++ !cop->crk_param[7].crp_nbits)) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ dsa_req = &pkc_req->req_u.dsa_verify; ++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + ++ dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len + ++ dsa_req->d_len; ++ if (cop->crk_iparams == 8) { ++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size += dsa_req->ab_len; ++ pkc_req->type = ECDSA_VERIFY; ++ pkc_req->curve_type = cop->curve_type; ++ } else { ++ pkc_req->type = DSA_VERIFY; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ ++ dsa_req->q = buf; ++ dsa_req->r = dsa_req->q + dsa_req->q_len; ++ dsa_req->g = dsa_req->r + dsa_req->r_len; ++ dsa_req->pub_key = dsa_req->g + dsa_req->g_len; ++ dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; ++ dsa_req->c = dsa_req->m + dsa_req->m_len; ++ dsa_req->d = dsa_req->c + dsa_req->d_len; ++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); ++ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, ++ dsa_req->pub_key_len); ++ if (cop->crk_iparams == 8) { ++ dsa_req->ab = dsa_req->d + dsa_req->d_len; ++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, ++ dsa_req->ab_len); ++ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, ++ dsa_req->d_len); ++ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, ++ dsa_req->d_len); ++ } else { ++ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, ++ dsa_req->d_len); ++ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, ++ dsa_req->d_len); ++ } ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ } else { ++ if (rc != -EINPROGRESS && !rc) ++ goto err; ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_kop_dh_key(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct dh_key_req_s *dh_req; ++ int buf_size; ++ uint8_t *buf; ++ int rc = -EINVAL; ++ ++ pkc_req = &pkc->req; ++ dh_req = &pkc_req->req_u.dh_req; ++ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; ++ if (cop->crk_iparams == 4) { ++ pkc_req->type = ECDH_COMPUTE_KEY; ++ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ buf_size += dh_req->ab_len; ++ } else { ++ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ pkc_req->type = DH_COMPUTE_KEY; ++ } ++ buf_size += dh_req->z_len; ++ buf = kzalloc(buf_size, GFP_DMA); ++ dh_req->q = buf; ++ dh_req->s = dh_req->q + dh_req->q_len; ++ dh_req->pub_key = dh_req->s + dh_req->s_len; ++ dh_req->z = dh_req->pub_key + dh_req->pub_key_len; ++ if (cop->crk_iparams == 4) { ++ dh_req->ab = dh_req->z + dh_req->z_len; ++ pkc_req->curve_type = cop->curve_type; ++ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, ++ dh_req->ab_len); ++ } ++ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); ++ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, ++ dh_req->pub_key_len); ++ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ if (cop->crk_iparams == 4) ++ copy_to_user(cop->crk_param[4].crp_p, dh_req->z, ++ dh_req->z_len); ++ else ++ copy_to_user(cop->crk_param[3].crp_p, dh_req->z, ++ dh_req->z_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_modexp_crt(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct rsa_priv_frm3_req_s *rsa_req; ++ int rc; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_PRIV_FORM3; ++ rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + ++ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + ++ rsa_req->g_len, GFP_DMA); ++ rsa_req->p = buf; ++ rsa_req->q = rsa_req->p + rsa_req->p_len; ++ rsa_req->g = rsa_req->q + rsa_req->q_len; ++ rsa_req->dp = rsa_req->g + rsa_req->g_len; ++ rsa_req->dq = rsa_req->dp + rsa_req->dp_len; ++ rsa_req->c = rsa_req->dq + rsa_req->dq_len; ++ rsa_req->f = rsa_req->c + rsa_req->c_len; ++ copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); ++ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); ++ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); ++ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); ++ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); ++ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); ++ rc = cryptodev_pkc_offload(pkc); ++ ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, ++ rsa_req->f_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_bn_modexp(struct cryptodev_pkc *pkc) ++{ ++ struct pkc_request *pkc_req; ++ struct rsa_pub_req_s *rsa_req; ++ int rc; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_PUB; ++ rsa_req = &pkc_req->req_u.rsa_pub_req; ++ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len ++ + rsa_req->g_len, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ ++ rsa_req->e = buf; ++ rsa_req->f = rsa_req->e + rsa_req->e_len; ++ rsa_req->g = rsa_req->f + rsa_req->f_len; ++ rsa_req->n = rsa_req->g + rsa_req->g_len; ++ copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); ++ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); ++ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ ++ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, ++ rsa_req->g_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ /* This one will be freed later in fetch handler */ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_run_asym(struct cryptodev_pkc *pkc) ++{ ++ int ret = -EINVAL; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ ++ switch (kop->kop.crk_op) { ++ case CRK_MOD_EXP: ++ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) ++ goto err; ++ ++ ret = crypto_bn_modexp(pkc); ++ break; ++ case CRK_MOD_EXP_CRT: ++ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) ++ goto err; ++ ++ ret = crypto_modexp_crt(pkc); ++ break; ++ case CRK_DSA_SIGN: ++ if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || ++ kop->kop.crk_oparams != 2) ++ goto err; ++ ++ ret = crypto_kop_dsasign(pkc); ++ break; ++ case CRK_DSA_VERIFY: ++ if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || ++ kop->kop.crk_oparams != 0) ++ goto err; ++ ++ ret = crypto_kop_dsaverify(pkc); ++ break; ++ case CRK_DH_COMPUTE_KEY: ++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || ++ kop->kop.crk_oparams != 1) ++ goto err; ++ ret = crypto_kop_dh_key(pkc); ++ break; ++ } ++err: ++ return ret; ++} ++ + int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) + { + struct csession *ses_ptr; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0004-Compat-versions-of-PKC-IOCTLs.patch b/recipes-kernel/cryptodev/sdk_patches/0004-Compat-versions-of-PKC-IOCTLs.patch new file mode 100644 index 0000000..e963f58 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0004-Compat-versions-of-PKC-IOCTLs.patch @@ -0,0 +1,200 @@ +From e0e5c1bfb21888bf9f87f72ac8cdf7eee951f619 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 06:52:13 +0545 +Subject: [PATCH 04/38] Compat versions of PKC IOCTLs + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + cryptodev_int.h | 20 ++++++++++ + ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 140 insertions(+) + +diff --git a/cryptodev_int.h b/cryptodev_int.h +index fdbcc61..cf54dac 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -75,6 +75,24 @@ struct compat_crypt_op { + compat_uptr_t iv;/* initialization vector for encryption operations */ + }; + ++/* input of CIOCKEY */ ++struct compat_crparam { ++ compat_uptr_t crp_p; ++ uint32_t crp_nbits; ++}; ++ ++struct compat_crypt_kop { ++ uint32_t crk_op; /* cryptodev_crk_ot_t */ ++ uint32_t crk_status; ++ uint16_t crk_iparams; ++ uint16_t crk_oparams; ++ uint32_t crk_pad1; ++ struct compat_crparam crk_param[CRK_MAXPARAM]; ++ enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, ++ 2 = EC_BINARY */ ++ compat_uptr_t cookie; ++}; ++ + /* input of CIOCAUTHCRYPT */ + struct compat_crypt_auth_op { + uint32_t ses; /* session identifier */ +@@ -111,6 +129,8 @@ struct compat_crypt_auth_op { + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) + #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) ++#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) ++#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) + + #endif /* CONFIG_COMPAT */ + +diff --git a/ioctl.c b/ioctl.c +index 69980e3..9431025 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + /* compatibility code for 32bit userlands */ + #ifdef CONFIG_COMPAT + ++static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, ++ struct crypt_kop *kop) ++{ ++ int i; ++ kop->crk_op = compat->crk_op; ++ kop->crk_status = compat->crk_status; ++ kop->crk_iparams = compat->crk_iparams; ++ kop->crk_oparams = compat->crk_oparams; ++ ++ for (i = 0; i < CRK_MAXPARAM; i++) { ++ kop->crk_param[i].crp_p = ++ compat_ptr(compat->crk_param[i].crp_p); ++ kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits; ++ } ++ ++ kop->curve_type = compat->curve_type; ++ kop->cookie = compat->cookie; ++} ++ ++static int compat_kop_from_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ struct compat_crypt_kop compat_kop; ++ ++ if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop)))) ++ return -EFAULT; ++ ++ compat_to_crypt_kop(&compat_kop, &kop->kop); ++ return fill_kop_from_cop(kop); ++} ++ ++static inline void crypt_kop_to_compat(struct crypt_kop *kop, ++ struct compat_crypt_kop *compat) ++{ ++ int i; ++ ++ compat->crk_op = kop->crk_op; ++ compat->crk_status = kop->crk_status; ++ compat->crk_iparams = kop->crk_iparams; ++ compat->crk_oparams = kop->crk_oparams; ++ ++ for (i = 0; i < CRK_MAXPARAM; i++) { ++ compat->crk_param[i].crp_p = ++ ptr_to_compat(kop->crk_param[i].crp_p); ++ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; ++ } ++ compat->cookie = kop->cookie; ++ compat->curve_type = kop->curve_type; ++} ++ ++static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) ++{ ++ struct compat_crypt_kop compat_kop; ++ ++ crypt_kop_to_compat(&kop->kop, &compat_kop); ++ if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { ++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static inline void + compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) + { +@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + return -EFAULT; + } + return ret; ++ case COMPAT_CIOCKEY: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ if (!pkc) ++ return -ENOMEM; ++ ++ ret = compat_kop_from_user(&pkc->kop, arg); ++ ++ if (unlikely(ret)) { ++ kfree(pkc); ++ return ret; ++ } + ++ pkc->type = SYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ kfree(pkc); ++ } ++ return ret; + case COMPAT_CIOCCRYPT: + ret = compat_kcop_from_user(&kcop, fcr, arg); + if (unlikely(ret)) +@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + + return compat_kcop_to_user(&kcop, fcr, arg); + #endif ++ case COMPAT_CIOCASYMASYNCRYPT: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ ret = compat_kop_from_user(&pkc->kop, arg); ++ if (unlikely(ret)) ++ return -EINVAL; ++ ++ /* Store associated FD priv data with asymmetric request */ ++ pkc->priv = pcr; ++ pkc->type = ASYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ if (ret == -EINPROGRESS) ++ ret = 0; ++ } ++ return ret; ++ case COMPAT_CIOCASYMASYNFETCH: ++ { ++ struct cryptodev_pkc *pkc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ if (list_empty(&pcr->asym_completed_list)) { ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ return -ENOMEM; ++ } ++ pkc = list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ ret = crypto_async_fetch_asym(pkc); ++ ++ /* Reflect the updated request to user-space */ ++ if (!ret) ++ compat_kop_to_user(&pkc->kop, arg); ++ kfree(pkc); ++ } ++ return ret; + default: + return -EINVAL; + } +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0005-Asynchronous-interface-changes-in-cryptodev.patch b/recipes-kernel/cryptodev/sdk_patches/0005-Asynchronous-interface-changes-in-cryptodev.patch new file mode 100644 index 0000000..5b96e84 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0005-Asynchronous-interface-changes-in-cryptodev.patch @@ -0,0 +1,213 @@ +From d98f979d76c30058da24e62220f19c5b8c627819 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 07:24:00 +0545 +Subject: [PATCH 05/38] Asynchronous interface changes in cryptodev + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + cryptlib.h | 7 ++++- + crypto/cryptodev.h | 10 ++++++- + cryptodev_int.h | 10 ++++++- + ioctl.c | 76 +++++++++++++++++++++++++++++++++++++----------------- + 4 files changed, 76 insertions(+), 27 deletions(-) + +diff --git a/cryptlib.h b/cryptlib.h +index 56d325a..7ffa54c 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -113,7 +113,12 @@ struct cryptodev_pkc { + struct pkc_request req; /* PKC request structure allocated + from CryptoAPI */ + enum offload_type type; /* Synchronous Vs Asynchronous request */ +- void *cookie; /*Additional opaque cookie to be used in future */ ++ /* ++ * cookie used for transfering tranparent information from async ++ * submission to async fetch. Currently some dynamic allocated ++ * buffers are maintained which will be freed later during fetch ++ */ ++ void *cookie; + struct crypt_priv *priv; + }; + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 96675fe..4436fbf 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -254,6 +254,14 @@ struct crypt_kop { + void *cookie; + }; + ++#define MAX_COOKIES 4 ++ ++struct pkc_cookie_list_s { ++ int cookie_available; ++ void *cookie[MAX_COOKIES]; ++ int status[MAX_COOKIES]; ++}; ++ + enum cryptodev_crk_op_t { + CRK_MOD_EXP = 0, + CRK_MOD_EXP_CRT = 1, +@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t { + #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) + /* additional ioctls for asynchronous operation for asymmetric ciphers*/ + #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) +-#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) ++#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s) + #endif /* L_CRYPTODEV_H */ +diff --git a/cryptodev_int.h b/cryptodev_int.h +index cf54dac..5347cae 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -93,6 +93,12 @@ struct compat_crypt_kop { + compat_uptr_t cookie; + }; + ++struct compat_pkc_cookie_list_s { ++ int cookie_available; ++ compat_uptr_t cookie[MAX_COOKIES]; ++ int status[MAX_COOKIES]; ++}; ++ + /* input of CIOCAUTHCRYPT */ + struct compat_crypt_auth_op { + uint32_t ses; /* session identifier */ +@@ -126,11 +132,13 @@ struct compat_crypt_auth_op { + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) ++#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) + #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) + #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) +-#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) ++#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \ ++ struct compat_pkc_cookie_list_s) + + #endif /* CONFIG_COMPAT */ + +diff --git a/ioctl.c b/ioctl.c +index 9431025..e2f407f 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + crypto_free_pkc(pkc->s); + res->err = err; + if (pkc->type == SYNCHRONOUS) { +- if (err == -EINPROGRESS) +- return; + complete(&res->completion); + } else { + struct crypt_priv *pcr = pkc->priv; +@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + ret = 0; + } + return ret; +- case CIOCASYMASYNFETCH: ++ case CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; + unsigned long flags; ++ int i; ++ struct pkc_cookie_list_s cookie_list; + + spin_lock_irqsave(&pcr->completion_lock, flags); +- if (list_empty(&pcr->asym_completed_list)) { +- spin_unlock_irqrestore(&pcr->completion_lock, flags); +- return -ENOMEM; ++ cookie_list.cookie_available = 0; ++ for (i = 0; i < MAX_COOKIES; i++) { ++ if (!list_empty(&pcr->asym_completed_list)) { ++ /* Run a loop in the list for upto elements ++ and copy their response back */ ++ pkc = ++ list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ ret = crypto_async_fetch_asym(pkc); ++ if (!ret) { ++ cookie_list.cookie_available++; ++ cookie_list.cookie[i] = ++ pkc->kop.kop.cookie; ++ cookie_list.status[i] = pkc->result.err; ++ } ++ kfree(pkc); ++ } else { ++ break; ++ } + } +- pkc = list_first_entry(&pcr->asym_completed_list, +- struct cryptodev_pkc, list); +- list_del(&pkc->list); + spin_unlock_irqrestore(&pcr->completion_lock, flags); +- ret = crypto_async_fetch_asym(pkc); + + /* Reflect the updated request to user-space */ +- if (!ret) +- kop_to_user(&pkc->kop, arg); +- kfree(pkc); ++ if (cookie_list.cookie_available) ++ copy_to_user(arg, &cookie_list, ++ sizeof(struct pkc_cookie_list_s)); + } + return ret; + default: +@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + ret = 0; + } + return ret; +- case COMPAT_CIOCASYMASYNFETCH: ++ case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; + unsigned long flags; ++ int i = 0; ++ struct compat_pkc_cookie_list_s cookie_list; + + spin_lock_irqsave(&pcr->completion_lock, flags); +- if (list_empty(&pcr->asym_completed_list)) { +- spin_unlock_irqrestore(&pcr->completion_lock, flags); +- return -ENOMEM; ++ cookie_list.cookie_available = 0; ++ ++ for (i = 0; i < MAX_COOKIES; i++) { ++ if (!list_empty(&pcr->asym_completed_list)) { ++ /* Run a loop in the list for upto elements ++ and copy their response back */ ++ pkc = ++ list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ ret = crypto_async_fetch_asym(pkc); ++ if (!ret) { ++ cookie_list.cookie_available++; ++ cookie_list.cookie[i] = ++ pkc->kop.kop.cookie; ++ } ++ kfree(pkc); ++ } else { ++ break; ++ } + } +- pkc = list_first_entry(&pcr->asym_completed_list, +- struct cryptodev_pkc, list); +- list_del(&pkc->list); + spin_unlock_irqrestore(&pcr->completion_lock, flags); +- ret = crypto_async_fetch_asym(pkc); + + /* Reflect the updated request to user-space */ +- if (!ret) +- compat_kop_to_user(&pkc->kop, arg); +- kfree(pkc); ++ if (cookie_list.cookie_available) ++ copy_to_user(arg, &cookie_list, ++ sizeof(struct compat_pkc_cookie_list_s)); + } + return ret; + default: +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/recipes-kernel/cryptodev/sdk_patches/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch new file mode 100644 index 0000000..978efd1 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch @@ -0,0 +1,212 @@ +From b92d23a790d9634d52db3b9a5e1882fde620b073 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 07:53:53 +0545 +Subject: [PATCH 06/38] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + cryptlib.c | 2 ++ + crypto/cryptodev.h | 5 +++- + ioctl.c | 29 +++++++++++++++++-- + main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 118 insertions(+), 3 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 6900028..47cd568 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + case DSA_VERIFY: + case ECDSA_SIGN: + case ECDSA_VERIFY: ++ case DLC_KEYGEN: ++ case ECC_KEYGEN: + pkc->s = crypto_alloc_pkc("pkc(dsa)", + CRYPTO_ALG_TYPE_PKC_DSA, 0); + break; +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 4436fbf..275a55c 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t { + CRK_DSA_SIGN = 2, + CRK_DSA_VERIFY = 3, + CRK_DH_COMPUTE_KEY = 4, ++ CRK_DSA_GENERATE_KEY = 5, ++ CRK_DH_GENERATE_KEY = 6, + CRK_ALGORITHM_ALL + }; + +@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t { + #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) + #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) + #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) +- ++#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY) ++#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY) + + /* ioctl's. Compatible with old linux cryptodev.h + */ +diff --git a/ioctl.c b/ioctl.c +index e2f407f..1f0741a 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + dh_req->z, dh_req->z_len); + } + break; ++ case CRK_DSA_GENERATE_KEY: ++ case CRK_DH_GENERATE_KEY: ++ { ++ struct keygen_req_s *key_req = &pkc_req->req_u.keygen; ++ ++ if (pkc_req->type == ECC_KEYGEN) { ++ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[5].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } else { ++ copy_to_user(ckop->crk_param[3].crp_p, ++ key_req->pub_key, key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[4].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } ++ } + default: + ret = -EINVAL; + } +@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | +- CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); ++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | ++ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | ++ CRF_DSA_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (cookie_list.cookie_available) + copy_to_user(arg, &cookie_list, + sizeof(struct pkc_cookie_list_s)); ++ else { ++ struct pkc_cookie_list_s *user_ck_list = (void *)arg; ++ ++ put_user(0, &(user_ck_list->cookie_available)); ++ } ++ ret = cookie_list.cookie_available; + } ++ + return ret; + default: + return -EINVAL; +diff --git a/main.c b/main.c +index 0b7951e..c901bc7 100644 +--- a/main.c ++++ b/main.c +@@ -342,6 +342,85 @@ err: + return rc; + } + ++int crypto_kop_keygen(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct keygen_req_s *key_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ key_req = &pkc_req->req_u.keygen; ++ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ if (cop->crk_iparams == 3) { ++ key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + ++ key_req->pub_key_len + key_req->priv_key_len; ++ pkc_req->type = DLC_KEYGEN; ++ } else { ++ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + ++ key_req->pub_key_len + key_req->priv_key_len + ++ key_req->ab_len; ++ pkc_req->type = ECC_KEYGEN; ++ pkc_req->curve_type = cop->curve_type; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ ++ key_req->q = buf; ++ key_req->r = key_req->q + key_req->q_len; ++ key_req->g = key_req->r + key_req->r_len; ++ key_req->pub_key = key_req->g + key_req->g_len; ++ key_req->priv_key = key_req->pub_key + key_req->pub_key_len; ++ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); ++ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); ++ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); ++ if (cop->crk_iparams == 3) { ++ copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, ++ key_req->pub_key_len); ++ copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, ++ key_req->priv_key_len); ++ } else { ++ key_req->ab = key_req->priv_key + key_req->priv_key_len; ++ copy_from_user(key_req->ab, cop->crk_param[3].crp_p, ++ key_req->ab_len); ++ copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, ++ key_req->pub_key_len); ++ copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, ++ key_req->priv_key_len); ++ } ++ ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ } else { ++ if (rc != -EINPROGRESS && !rc) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ + int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) + goto err; + ret = crypto_kop_dh_key(pkc); + break; ++ case CRK_DH_GENERATE_KEY: ++ case CRK_DSA_GENERATE_KEY: ++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) ++ goto err; ++ ret = crypto_kop_keygen(pkc); ++ break; + } + err: + return ret; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/recipes-kernel/cryptodev/sdk_patches/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch new file mode 100644 index 0000000..cfaabae --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch @@ -0,0 +1,238 @@ +From 00a8ac310a33767eac0a07e32597c1a6f467315f Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Fri, 7 Mar 2014 08:49:15 +0545 +Subject: [PATCH 07/38] RCU stall fixed in PKC asynchronous interface + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +--- + ioctl.c | 23 +++++++++++------------ + main.c | 43 +++++++++++++++++++++++++++---------------- + 2 files changed, 38 insertions(+), 28 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 1f0741a..e4e16a8 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + complete(&res->completion); + } else { + struct crypt_priv *pcr = pkc->priv; +- unsigned long flags; +- spin_lock_irqsave(&pcr->completion_lock, flags); ++ spin_lock_bh(&pcr->completion_lock); + list_add_tail(&pkc->list, &pcr->asym_completed_list); +- spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ spin_unlock_bh(&pcr->completion_lock); + /* wake for POLLIN */ + wake_up_interruptible(&pcr->user_waiter); + } +@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCKEY: + { + struct cryptodev_pkc *pkc = +- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); + + if (!pkc) + return -ENOMEM; +@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMASYNCRYPT: + { + struct cryptodev_pkc *pkc = +- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); + ret = kop_from_user(&pkc->kop, arg); + + if (unlikely(ret)) +@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- unsigned long flags; + int i; + struct pkc_cookie_list_s cookie_list; + +- spin_lock_irqsave(&pcr->completion_lock, flags); + cookie_list.cookie_available = 0; + for (i = 0; i < MAX_COOKIES; i++) { ++ spin_lock_bh(&pcr->completion_lock); + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); ++ spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + } + kfree(pkc); + } else { ++ spin_unlock_bh(&pcr->completion_lock); + break; + } + } +- spin_unlock_irqrestore(&pcr->completion_lock, flags); + + /* Reflect the updated request to user-space */ + if (cookie_list.cookie_available) +@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- unsigned long flags; + int i = 0; + struct compat_pkc_cookie_list_s cookie_list; + +- spin_lock_irqsave(&pcr->completion_lock, flags); + cookie_list.cookie_available = 0; + + for (i = 0; i < MAX_COOKIES; i++) { ++ spin_lock_bh(&pcr->completion_lock); + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); ++ spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + } + kfree(pkc); + } else { ++ spin_unlock_bh(&pcr->completion_lock); + break; + } + } +- spin_unlock_irqrestore(&pcr->completion_lock, flags); + + /* Reflect the updated request to user-space */ + if (cookie_list.cookie_available) +diff --git a/main.c b/main.c +index c901bc7..2747706 100644 +--- a/main.c ++++ b/main.c +@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) + pkc_req->type = DSA_SIGN; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + + dsa_req->q = buf; + dsa_req->r = dsa_req->q + dsa_req->q_len; +@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + pkc_req->type = DSA_VERIFY; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + + dsa_req->q = buf; + dsa_req->r = dsa_req->q + dsa_req->q_len; +@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + pkc_req->curve_type = cop->curve_type; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); + if (!buf) + return -ENOMEM; + +@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); + copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); + copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); +- if (cop->crk_iparams == 3) { +- copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, +- key_req->pub_key_len); +- copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, +- key_req->priv_key_len); +- } else { ++ if (cop->crk_iparams == 4) { + key_req->ab = key_req->priv_key + key_req->priv_key_len; + copy_from_user(key_req->ab, cop->crk_param[3].crp_p, + key_req->ab_len); +- copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, +- key_req->pub_key_len); +- copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, +- key_req->priv_key_len); + } + + rc = cryptodev_pkc_offload(pkc); + if (pkc->type == SYNCHRONOUS) { + if (rc) + goto err; ++ ++ if (cop->crk_iparams == 4) { ++ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, ++ key_req->priv_key_len); ++ } else { ++ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(cop->crk_param[4].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } + } else { + if (rc != -EINPROGRESS && !rc) + goto err; +@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + pkc_req->type = DH_COMPUTE_KEY; + } + buf_size += dh_req->z_len; +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + dh_req->q = buf; + dh_req->s = dh_req->q + dh_req->q_len; + dh_req->pub_key = dh_req->s + dh_req->s_len; +@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) + rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; + rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; + rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; +- buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + ++ buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + + rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + + rsa_req->g_len, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + rsa_req->p = buf; + rsa_req->q = rsa_req->p + rsa_req->p_len; + rsa_req->g = rsa_req->q + rsa_req->q_len; +@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) + rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; + rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; + rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; +- buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len ++ buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len + + rsa_req->g_len, GFP_DMA); + if (!buf) + return -ENOMEM; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-Add-RSA-Key-generation-offloading.patch b/recipes-kernel/cryptodev/sdk_patches/0008-Add-RSA-Key-generation-offloading.patch new file mode 100644 index 0000000..ef4ea09 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0008-Add-RSA-Key-generation-offloading.patch @@ -0,0 +1,170 @@ +From a2cbb5fcc2d6f3734b5ed2826e828d852cfdf8ba Mon Sep 17 00:00:00 2001 +From: Hou Zhiqiang +Date: Wed, 19 Mar 2014 14:02:46 +0800 +Subject: [PATCH 08/38] Add RSA Key generation offloading + +Upstream-status: Pending + +Signed-off-by: Hou Zhiqiang +Tested-by: Cristian Stoica +--- + cryptlib.c | 1 + + crypto/cryptodev.h | 2 ++ + ioctl.c | 3 +- + main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++- + 4 files changed, 84 insertions(+), 2 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 47cd568..4dd1847 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + struct pkc_request *pkc_req = &pkc->req, *pkc_requested; + + switch (pkc_req->type) { ++ case RSA_KEYGEN: + case RSA_PUB: + case RSA_PRIV_FORM1: + case RSA_PRIV_FORM2: +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 275a55c..d0cc542 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t { + CRK_DH_COMPUTE_KEY = 4, + CRK_DSA_GENERATE_KEY = 5, + CRK_DH_GENERATE_KEY = 6, ++ CRK_RSA_GENERATE_KEY = 7, + CRK_ALGORITHM_ALL + }; + +@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t { + */ + #define CRF_MOD_EXP (1 << CRK_MOD_EXP) + #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) ++#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY) + #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) + #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) + #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) +diff --git a/ioctl.c b/ioctl.c +index e4e16a8..3762a47 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | ++ CRF_RSA_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +diff --git a/main.c b/main.c +index 2747706..14dcf40 100644 +--- a/main.c ++++ b/main.c +@@ -346,6 +346,82 @@ err: + return rc; + } + ++int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct rsa_keygen_req_s *key_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_KEYGEN; ++ key_req = &pkc_req->req_u.rsa_keygen; ++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; ++ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; ++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8; ++ key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8; ++ key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8; ++ key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8; ++ key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8; ++ ++ buf_size = key_req->p_len + key_req->q_len + key_req->n_len + ++ key_req->d_len + key_req->dp_len + ++ key_req->dq_len + key_req->c_len; ++ ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ key_req->p = buf; ++ key_req->q = key_req->p + key_req->p_len; ++ key_req->n = key_req->q + key_req->q_len; ++ key_req->d = key_req->n + key_req->n_len; ++ key_req->dp = key_req->d + key_req->d_len; ++ key_req->dq = key_req->dp + key_req->dp_len; ++ key_req->c = key_req->dq + key_req->dq_len; ++ ++ rc = cryptodev_pkc_offload(pkc); ++ ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ ++ copy_to_user(cop->crk_param[0].crp_p, ++ key_req->p, key_req->p_len); ++ copy_to_user(cop->crk_param[1].crp_p, ++ key_req->q, key_req->q_len); ++ copy_to_user(cop->crk_param[2].crp_p, ++ key_req->n, key_req->n_len); ++ copy_to_user(cop->crk_param[3].crp_p, ++ key_req->d, key_req->d_len); ++ copy_to_user(cop->crk_param[4].crp_p, ++ key_req->dp, key_req->dp_len); ++ copy_to_user(cop->crk_param[5].crp_p, ++ key_req->dq, key_req->dq_len); ++ copy_to_user(cop->crk_param[6].crp_p, ++ key_req->c, key_req->c_len); ++ } else { ++ if (rc != -EINPROGRESS && !rc) { ++ printk("%s: Failed\n", __func__); ++ goto err; ++ } ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++ ++} ++ + int crypto_kop_keygen(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + buf = kmalloc(buf_size, GFP_DMA); + if (!buf) + return -ENOMEM; +- + key_req->q = buf; + key_req->r = key_req->q + key_req->q_len; + key_req->g = key_req->r + key_req->r_len; +@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) + goto err; + ret = crypto_kop_keygen(pkc); + break; ++ case CRK_RSA_GENERATE_KEY: ++ ret = crypto_kop_rsa_keygen(pkc); ++ break; + } + err: + return ret; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/recipes-kernel/cryptodev/sdk_patches/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch new file mode 100644 index 0000000..47fd2e1 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch @@ -0,0 +1,160 @@ +From 263483d1023f6c1c35b5488b9b79796ee2605e9b Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta +Date: Thu, 17 Apr 2014 07:08:47 +0545 +Subject: [PATCH 09/38] Fixed compilation error of openssl with fsl cryptodev + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta +Tested-by: Cristian Stoica +--- + authenc.c | 1 + + cryptlib.c | 9 ++++----- + crypto/cryptodev.h | 9 ++++++++- + cryptodev_int.h | 2 +- + ioctl.c | 8 ++++++-- + main.c | 1 + + 6 files changed, 21 insertions(+), 9 deletions(-) + +diff --git a/authenc.c b/authenc.c +index ef0d3db..2aa4d38 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -2,6 +2,7 @@ + * Driver for /dev/crypto device (aka CryptoDev) + * + * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc. ++ * Copyright (c) 2014 Freescale Semiconductor, Inc. + * + * Author: Nikos Mavrogiannopoulos + * +diff --git a/cryptlib.c b/cryptlib.c +index 4dd1847..ec6693e 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -4,8 +4,7 @@ + * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos + * Portions Copyright (c) 2010 Michael Weiser + * Portions Copyright (c) 2010 Phil Sutter +- * +- * Copyright 2012 Freescale Semiconductor, Inc. ++ * Copyright 2012-2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + if (alg->max_keysize > 0 && + unlikely((keylen < alg->min_keysize) || + (keylen > alg->max_keysize))) { +- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", ++ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", + keylen, alg_name, alg->min_keysize, alg->max_keysize); + ret = -EINVAL; + goto error; +@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + } + + if (unlikely(ret)) { +- ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); ++ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); + ret = -EINVAL; + goto error; + } +@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + if (hmac_mode != 0) { + ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); + if (unlikely(ret)) { +- ddebug(1, "Setting hmac key failed for %s-%zu.", ++ ddebug(1, "Setting hmac key failed for %s-%u.", + alg_name, mackeylen*8); + ret = -EINVAL; + goto error; +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index d0cc542..e7edd97 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -234,6 +234,13 @@ struct crypt_auth_op { + #define CRYPTO_ALG_FLAG_RNG_ENABLE 2 + #define CRYPTO_ALG_FLAG_DSA_SHA 4 + ++enum ec_curve_t { ++ EC_DISCRETE_LOG, ++ EC_PRIME, ++ EC_BINARY, ++ MAX_EC_TYPE ++}; ++ + struct crparam { + __u8 *crp_p; + __u32 crp_nbits; +@@ -249,7 +256,7 @@ struct crypt_kop { + __u16 crk_oparams; + __u32 crk_pad1; + struct crparam crk_param[CRK_MAXPARAM]; +- enum curve_t curve_type; /* 0 == Discrete Log, ++ enum ec_curve_t curve_type; /* 0 == Discrete Log, + 1 = EC_PRIME, 2 = EC_BINARY */ + void *cookie; + }; +diff --git a/cryptodev_int.h b/cryptodev_int.h +index 5347cae..c83c885 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -88,7 +88,7 @@ struct compat_crypt_kop { + uint16_t crk_oparams; + uint32_t crk_pad1; + struct compat_crparam crk_param[CRK_MAXPARAM]; +- enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, ++ enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, + 2 = EC_BINARY */ + compat_uptr_t cookie; + }; +diff --git a/ioctl.c b/ioctl.c +index 3762a47..c97320b 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -4,7 +4,7 @@ + * Copyright (c) 2004 Michal Ludvig , SuSE Labs + * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos + * Copyright (c) 2010 Phil Sutter +- * Copyright 2012 Freescale Semiconductor, Inc. ++ * Copyright 2012-2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp) + INIT_LIST_HEAD(&pcr->done.list); + INIT_LIST_HEAD(&pcr->asym_completed_list); + spin_lock_init(&pcr->completion_lock); ++ + INIT_WORK(&pcr->cryptask, cryptask_routine); + + init_waitqueue_head(&pcr->user_waiter); +@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + + if (cop->iv) { + rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); +- if (unlikely(rc)) ++ if (unlikely(rc)) { ++ derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", ++ kcop->ivlen, rc, cop->iv); + return -EFAULT; ++ } + } + + return 0; +diff --git a/main.c b/main.c +index 14dcf40..6365911 100644 +--- a/main.c ++++ b/main.c +@@ -3,6 +3,7 @@ + * + * Copyright (c) 2004 Michal Ludvig , SuSE Labs + * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos ++ * Copyright (c) 2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch b/recipes-kernel/cryptodev/sdk_patches/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch new file mode 100644 index 0000000..352a45d --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0010-add-support-for-composite-TLS10-SHA1-3DES-algorithm-.patch @@ -0,0 +1,54 @@ +From 269564f4e00fa907388ccfa046b930b3c4eef4dc Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 10 Jun 2014 08:27:59 +0300 +Subject: [PATCH 10/38] add support for composite TLS10(SHA1,3DES) algorithm + offload + +This adds support for composite algorithm offload in a single crypto +(cipher + hmac) operation. + +It requires either software or hardware TLS support in the Linux kernel +and can be used with Freescale B*, P* and T* platforms that have support +for hardware TLS acceleration. + +Change-Id: Ibce0ceb4174809c9c96b453cd3202bc5220ff084 +Signed-off-by: Tudor Ambarus +Reviewed-on: http://git.am.freescale.net:8181/34000 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + crypto/cryptodev.h | 1 + + ioctl.c | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index e7edd97..07f40b2 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -55,6 +55,7 @@ enum cryptodev_crypto_op_t { + CRYPTO_SHA2_512, + CRYPTO_SHA2_224_HMAC, + CRYPTO_TLS10_AES_CBC_HMAC_SHA1, ++ CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index c97320b..574e913 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -191,6 +191,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 0; + aead = 1; + break; ++ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: ++ alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_NULL: + alg_name = "ecb(cipher_null)"; + stream = 1; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch new file mode 100644 index 0000000..34d6ade --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch @@ -0,0 +1,76 @@ +From 73c20be9ae1ed57d8c428c86471f42d953e79fba Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 31 Mar 2015 16:15:47 +0300 +Subject: [PATCH 11/38] add support for TLSv1.1 record offload + +This adds support for composite algorithm offload in a single crypto +(cipher + hmac) operation. + +Supported cipher suites: +- 3des-ede-cbc-sha +- aes-128-cbc-hmac-sha +- aes-256-cbc-hmac-sha + +It requires either software or hardware TLS support in the Linux kernel +and can be used with Freescale B*, P* and T* platforms that have support +for hardware TLS acceleration. + +Signed-off-by: Tudor Ambarus +Change-Id: Ia5f3fa7ec090d5643d71b0f608c68a274ec6b51f +Reviewed-on: http://git.am.freescale.net:8181/33998 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + crypto/cryptodev.h | 4 +++- + ioctl.c | 14 ++++++++++++-- + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 07f40b2..61e8599 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -54,8 +54,10 @@ enum cryptodev_crypto_op_t { + CRYPTO_SHA2_384, + CRYPTO_SHA2_512, + CRYPTO_SHA2_224_HMAC, +- CRYPTO_TLS10_AES_CBC_HMAC_SHA1, + CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, ++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, ++ CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, ++ CRYPTO_TLS11_AES_CBC_HMAC_SHA1, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index 574e913..ba82387 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -186,13 +186,23 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 1; + aead = 1; + break; ++ case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: ++ alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: + alg_name = "tls10(hmac(sha1),cbc(aes))"; + stream = 0; + aead = 1; + break; +- case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: +- alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; ++ case CRYPTO_TLS11_3DES_CBC_HMAC_SHA1: ++ alg_name = "tls11(hmac(sha1),cbc(des3_ede))"; ++ stream = 0; ++ aead = 1; ++ break; ++ case CRYPTO_TLS11_AES_CBC_HMAC_SHA1: ++ alg_name = "tls11(hmac(sha1),cbc(aes))"; + stream = 0; + aead = 1; + break; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch b/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch new file mode 100644 index 0000000..b7a7268 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch @@ -0,0 +1,72 @@ +From f1a519d9eed072bd45a45d251603c64f942814fb Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 31 Mar 2015 16:16:28 +0300 +Subject: [PATCH 12/38] add support for TLSv1.2 record offload + +This adds support for composite algorithm offload in a single crypto +(cipher + hmac) operation. + +Supported cipher suites: +- 3des-ede-cbc-sha +- aes-128-cbc-hmac-sha +- aes-256-cbc-hmac-sha +- aes-128-cbc-hmac-sha256 +- aes-256-cbc-hmac-sha256 + +It requires either software or hardware TLS support in the Linux kernel +and can be used with Freescale B*, P* and T* platforms that have support +for hardware TLS acceleration. + +Signed-off-by: Tudor Ambarus +Change-Id: I21f45993505fc3dad09848a13aa20f778a7c2de0 +Reviewed-on: http://git.am.freescale.net:8181/33999 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + crypto/cryptodev.h | 3 +++ + ioctl.c | 15 +++++++++++++++ + 2 files changed, 18 insertions(+) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 61e8599..f6058ca 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -58,6 +58,9 @@ enum cryptodev_crypto_op_t { + CRYPTO_TLS10_AES_CBC_HMAC_SHA1, + CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, + CRYPTO_TLS11_AES_CBC_HMAC_SHA1, ++ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1, ++ CRYPTO_TLS12_AES_CBC_HMAC_SHA1, ++ CRYPTO_TLS12_AES_CBC_HMAC_SHA256, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index ba82387..fb4c4e3 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -206,6 +206,21 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 0; + aead = 1; + break; ++ case CRYPTO_TLS12_3DES_CBC_HMAC_SHA1: ++ alg_name = "tls12(hmac(sha1),cbc(des3_ede))"; ++ stream = 0; ++ aead = 1; ++ break; ++ case CRYPTO_TLS12_AES_CBC_HMAC_SHA1: ++ alg_name = "tls12(hmac(sha1),cbc(aes))"; ++ stream = 0; ++ aead = 1; ++ break; ++ case CRYPTO_TLS12_AES_CBC_HMAC_SHA256: ++ alg_name = "tls12(hmac(sha256),cbc(aes))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_NULL: + alg_name = "ecb(cipher_null)"; + stream = 1; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0013-clean-up-code-layout.patch b/recipes-kernel/cryptodev/sdk_patches/0013-clean-up-code-layout.patch new file mode 100644 index 0000000..a6884fa --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0013-clean-up-code-layout.patch @@ -0,0 +1,186 @@ +From 5a87b9d5f2295ed0fd36a41c8376e01eb0df62b2 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Fri, 20 Feb 2015 12:46:58 +0200 +Subject: [PATCH 13/38] clean-up code layout + +Signed-off-by: Cristian Stoica +Change-Id: I92c2f4baeed9470a2c3c42b592d878e65918b0af +Reviewed-on: http://git.am.freescale.net:8181/34222 +--- + cryptlib.c | 11 ++++------- + ioctl.c | 55 +++++++++++++++++++++---------------------------------- + main.c | 4 +--- + 3 files changed, 26 insertions(+), 44 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index ec6693e..21e691b 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -434,7 +434,7 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) + return waitfor(hdata->async.result, ret); + } + +-int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) ++int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + { + int ret = 0; + struct pkc_request *pkc_req = &pkc->req, *pkc_requested; +@@ -445,8 +445,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + case RSA_PRIV_FORM1: + case RSA_PRIV_FORM2: + case RSA_PRIV_FORM3: +- pkc->s = crypto_alloc_pkc("pkc(rsa)", +- CRYPTO_ALG_TYPE_PKC_RSA, 0); ++ pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0); + break; + case DSA_SIGN: + case DSA_VERIFY: +@@ -454,13 +453,11 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + case ECDSA_VERIFY: + case DLC_KEYGEN: + case ECC_KEYGEN: +- pkc->s = crypto_alloc_pkc("pkc(dsa)", +- CRYPTO_ALG_TYPE_PKC_DSA, 0); ++ pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0); + break; + case DH_COMPUTE_KEY: + case ECDH_COMPUTE_KEY: +- pkc->s = crypto_alloc_pkc("pkc(dh)", +- CRYPTO_ALG_TYPE_PKC_DH, 0); ++ pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0); + break; + default: + return -EINVAL; +diff --git a/ioctl.c b/ioctl.c +index fb4c4e3..ee0486c 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -714,16 +714,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + case CRK_MOD_EXP: + { + struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; +- copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, +- rsa_req->g_len); ++ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); + } + break; + case CRK_MOD_EXP_CRT: + { +- struct rsa_priv_frm3_req_s *rsa_req = +- &pkc_req->req_u.rsa_priv_f3; +- copy_to_user(ckop->crk_param[6].crp_p, +- rsa_req->f, rsa_req->f_len); ++ struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); + } + break; + case CRK_DSA_SIGN: +@@ -731,15 +728,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; + + if (pkc_req->type == ECDSA_SIGN) { +- copy_to_user(ckop->crk_param[6].crp_p, +- dsa_req->c, dsa_req->d_len); +- copy_to_user(ckop->crk_param[7].crp_p, +- dsa_req->d, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); + } else { +- copy_to_user(ckop->crk_param[5].crp_p, +- dsa_req->c, dsa_req->d_len); +- copy_to_user(ckop->crk_param[6].crp_p, +- dsa_req->d, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); + } + } + break; +@@ -749,11 +742,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + { + struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; + if (pkc_req->type == ECDH_COMPUTE_KEY) +- copy_to_user(ckop->crk_param[4].crp_p, +- dh_req->z, dh_req->z_len); ++ copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); + else +- copy_to_user(ckop->crk_param[3].crp_p, +- dh_req->z, dh_req->z_len); ++ copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); + } + break; + case CRK_DSA_GENERATE_KEY: +@@ -763,14 +754,14 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + + if (pkc_req->type == ECC_KEYGEN) { + copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, +- key_req->pub_key_len); +- copy_to_user(ckop->crk_param[5].crp_p, +- key_req->priv_key, key_req->priv_key_len); ++ key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, ++ key_req->priv_key_len); + } else { +- copy_to_user(ckop->crk_param[3].crp_p, +- key_req->pub_key, key_req->pub_key_len); +- copy_to_user(ckop->crk_param[4].crp_p, +- key_req->priv_key, key_req->priv_key_len); ++ copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, ++ key_req->priv_key_len); + } + } + default: +@@ -1113,16 +1104,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +- pkc = +- list_first_entry(&pcr->asym_completed_list, ++ pkc = list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); + spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +- cookie_list.cookie[i] = +- pkc->kop.kop.cookie; ++ cookie_list.cookie[i] = pkc->kop.kop.cookie; + cookie_list.status[i] = pkc->result.err; + } + kfree(pkc); +@@ -1133,12 +1122,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + } + + /* Reflect the updated request to user-space */ +- if (cookie_list.cookie_available) +- copy_to_user(arg, &cookie_list, +- sizeof(struct pkc_cookie_list_s)); +- else { ++ if (cookie_list.cookie_available) { ++ copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); ++ } else { + struct pkc_cookie_list_s *user_ck_list = (void *)arg; +- + put_user(0, &(user_ck_list->cookie_available)); + } + ret = cookie_list.cookie_available; +diff --git a/main.c b/main.c +index 6365911..af66553 100644 +--- a/main.c ++++ b/main.c +@@ -666,9 +666,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) + if (pkc->type == SYNCHRONOUS) { + if (rc) + goto err; +- +- copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, +- rsa_req->g_len); ++ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); + } else { + if (rc != -EINPROGRESS && rc != 0) + goto err; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0014-remove-redundant-data-copy-for-pkc-operations.patch b/recipes-kernel/cryptodev/sdk_patches/0014-remove-redundant-data-copy-for-pkc-operations.patch new file mode 100644 index 0000000..58d37fa --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0014-remove-redundant-data-copy-for-pkc-operations.patch @@ -0,0 +1,494 @@ +From a4d88e5379ddb7d9bceac3141f508b8173d1e902 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 23 Feb 2015 12:14:07 +0200 +Subject: [PATCH 14/38] remove redundant data copy for pkc operations + +This patch removes a copy of a pkc request that was +allocated on the hot-path. The copy was not necessary +and was just slowing things down. + +Change-Id: I3ad85f78c188f100ab9fc03a5777bb704a9dcb63 +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34223 +--- + cryptlib.c | 49 +++---------------- + cryptlib.h | 3 +- + ioctl.c | 17 +++---- + main.c | 162 +++++++++++++++++++++++++++++++++++++------------------------ + 4 files changed, 113 insertions(+), 118 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 21e691b..5882a30 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -436,59 +436,22 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) + + int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + { +- int ret = 0; +- struct pkc_request *pkc_req = &pkc->req, *pkc_requested; +- +- switch (pkc_req->type) { +- case RSA_KEYGEN: +- case RSA_PUB: +- case RSA_PRIV_FORM1: +- case RSA_PRIV_FORM2: +- case RSA_PRIV_FORM3: +- pkc->s = crypto_alloc_pkc("pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0); +- break; +- case DSA_SIGN: +- case DSA_VERIFY: +- case ECDSA_SIGN: +- case ECDSA_VERIFY: +- case DLC_KEYGEN: +- case ECC_KEYGEN: +- pkc->s = crypto_alloc_pkc("pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0); +- break; +- case DH_COMPUTE_KEY: +- case ECDH_COMPUTE_KEY: +- pkc->s = crypto_alloc_pkc("pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0); +- break; +- default: +- return -EINVAL; +- } +- +- if (IS_ERR_OR_NULL(pkc->s)) +- return -EINVAL; ++ int ret; + + init_completion(&pkc->result.completion); +- pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); +- +- if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { +- ret = -ENOMEM; +- goto error; +- } +- pkc_requested->type = pkc_req->type; +- pkc_requested->curve_type = pkc_req->curve_type; +- memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); +- pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, ++ pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG, + cryptodev_complete_asym, pkc); +- ret = crypto_pkc_op(pkc_requested); ++ ret = crypto_pkc_op(pkc->req); + if (ret != -EINPROGRESS && ret != 0) +- goto error2; ++ goto error; + + if (pkc->type == SYNCHRONOUS) + ret = waitfor(&pkc->result, ret); + + return ret; +-error2: +- kfree(pkc_requested); ++ + error: ++ kfree(pkc->req); + crypto_free_pkc(pkc->s); + return ret; + } +diff --git a/cryptlib.h b/cryptlib.h +index 7ffa54c..4fac0c8 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -110,8 +110,7 @@ struct cryptodev_pkc { + struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ + struct cryptodev_result result; /* Result to be updated by + completion handler */ +- struct pkc_request req; /* PKC request structure allocated +- from CryptoAPI */ ++ struct pkc_request *req; /* PKC request allocated from CryptoAPI */ + enum offload_type type; /* Synchronous Vs Asynchronous request */ + /* + * cookie used for transfering tranparent information from async +diff --git a/ioctl.c b/ioctl.c +index ee0486c..797b73c 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -708,26 +708,25 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + int ret = 0; + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *ckop = &kop->kop; +- struct pkc_request *pkc_req = &pkc->req; + + switch (ckop->crk_op) { + case CRK_MOD_EXP: + { +- struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; ++ struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req; + copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); + } + break; + case CRK_MOD_EXP_CRT: + { +- struct rsa_priv_frm3_req_s *rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3; + copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); + } + break; + case CRK_DSA_SIGN: + { +- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; + +- if (pkc_req->type == ECDSA_SIGN) { ++ if (pkc->req->type == ECDSA_SIGN) { + copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); + copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); + } else { +@@ -740,8 +739,8 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + break; + case CRK_DH_COMPUTE_KEY: + { +- struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; +- if (pkc_req->type == ECDH_COMPUTE_KEY) ++ struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req; ++ if (pkc->req->type == ECDH_COMPUTE_KEY) + copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); + else + copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); +@@ -750,9 +749,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + case CRK_DSA_GENERATE_KEY: + case CRK_DH_GENERATE_KEY: + { +- struct keygen_req_s *key_req = &pkc_req->req_u.keygen; ++ struct keygen_req_s *key_req = &pkc->req->req_u.keygen; + +- if (pkc_req->type == ECC_KEYGEN) { ++ if (pkc->req->type == ECC_KEYGEN) { + copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, + key_req->pub_key_len); + copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, +diff --git a/main.c b/main.c +index af66553..ed1c69a 100644 +--- a/main.c ++++ b/main.c +@@ -186,8 +186,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req = &pkc->req; +- struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; + int rc, buf_size; + uint8_t *buf; + +@@ -210,10 +209,7 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) + if (cop->crk_iparams == 6) { + dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; + buf_size += dsa_req->ab_len; +- pkc_req->type = ECDSA_SIGN; +- pkc_req->curve_type = cop->curve_type; +- } else { +- pkc_req->type = DSA_SIGN; ++ pkc->req->curve_type = cop->curve_type; + } + + buf = kmalloc(buf_size, GFP_DMA); +@@ -269,7 +265,6 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct dsa_verify_req_s *dsa_req; + int rc, buf_size; + uint8_t *buf; +@@ -281,8 +276,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + !cop->crk_param[7].crp_nbits)) + return -EINVAL; + +- pkc_req = &pkc->req; +- dsa_req = &pkc_req->req_u.dsa_verify; ++ dsa_req = &pkc->req->req_u.dsa_verify; + dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; + dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; + dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; +@@ -295,10 +289,7 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + if (cop->crk_iparams == 8) { + dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; + buf_size += dsa_req->ab_len; +- pkc_req->type = ECDSA_VERIFY; +- pkc_req->curve_type = cop->curve_type; +- } else { +- pkc_req->type = DSA_VERIFY; ++ pkc->req->curve_type = cop->curve_type; + } + + buf = kmalloc(buf_size, GFP_DMA); +@@ -351,7 +342,6 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct rsa_keygen_req_s *key_req; + int rc, buf_size; + uint8_t *buf; +@@ -362,9 +352,7 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) + !cop->crk_param[6].crp_nbits) + return -EINVAL; + +- pkc_req = &pkc->req; +- pkc_req->type = RSA_KEYGEN; +- key_req = &pkc_req->req_u.rsa_keygen; ++ key_req = &pkc->req->req_u.rsa_keygen; + key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; + key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; + key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; +@@ -427,7 +415,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct keygen_req_s *key_req; + int rc, buf_size; + uint8_t *buf; +@@ -437,8 +424,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + !cop->crk_param[4].crp_nbits) + return -EINVAL; + +- pkc_req = &pkc->req; +- key_req = &pkc_req->req_u.keygen; ++ key_req = &pkc->req->req_u.keygen; + key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; + key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; + key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; +@@ -447,7 +433,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; + buf_size = key_req->q_len + key_req->r_len + key_req->g_len + + key_req->pub_key_len + key_req->priv_key_len; +- pkc_req->type = DLC_KEYGEN; + } else { + key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; + key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; +@@ -455,8 +440,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + buf_size = key_req->q_len + key_req->r_len + key_req->g_len + + key_req->pub_key_len + key_req->priv_key_len + + key_req->ab_len; +- pkc_req->type = ECC_KEYGEN; +- pkc_req->curve_type = cop->curve_type; ++ pkc->req->curve_type = cop->curve_type; + } + + buf = kmalloc(buf_size, GFP_DMA); +@@ -508,26 +492,22 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct dh_key_req_s *dh_req; + int buf_size; + uint8_t *buf; + int rc = -EINVAL; + +- pkc_req = &pkc->req; +- dh_req = &pkc_req->req_u.dh_req; ++ dh_req = &pkc->req->req_u.dh_req; + dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; + dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; + dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; + buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; + if (cop->crk_iparams == 4) { +- pkc_req->type = ECDH_COMPUTE_KEY; + dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; + dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; + buf_size += dh_req->ab_len; + } else { + dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; +- pkc_req->type = DH_COMPUTE_KEY; + } + buf_size += dh_req->z_len; + buf = kmalloc(buf_size, GFP_DMA); +@@ -539,7 +519,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + dh_req->z = dh_req->pub_key + dh_req->pub_key_len; + if (cop->crk_iparams == 4) { + dh_req->ab = dh_req->z + dh_req->z_len; +- pkc_req->curve_type = cop->curve_type; ++ pkc->req->curve_type = cop->curve_type; + copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, + dh_req->ab_len); + } +@@ -573,7 +553,6 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; + struct crypt_kop *cop = &kop->kop; +- struct pkc_request *pkc_req; + struct rsa_priv_frm3_req_s *rsa_req; + int rc; + uint8_t *buf; +@@ -583,9 +562,7 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) + !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) + return -EINVAL; + +- pkc_req = &pkc->req; +- pkc_req->type = RSA_PRIV_FORM3; +- rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ rsa_req = &pkc->req->req_u.rsa_priv_f3; + rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; + rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; + rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; +@@ -632,7 +609,6 @@ err: + + int crypto_bn_modexp(struct cryptodev_pkc *pkc) + { +- struct pkc_request *pkc_req; + struct rsa_pub_req_s *rsa_req; + int rc; + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -643,9 +619,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) + !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) + return -EINVAL; + +- pkc_req = &pkc->req; +- pkc_req->type = RSA_PUB; +- rsa_req = &pkc_req->req_u.rsa_pub_req; ++ rsa_req = &pkc->req->req_u.rsa_pub_req; + rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; + rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; + rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; +@@ -680,56 +654,116 @@ err: + return rc; + } + ++static struct { ++ char *alg_name; ++ u32 type; ++ u32 mask; ++} pkc_alg_list[] = { ++ {"pkc(rsa)", CRYPTO_ALG_TYPE_PKC_RSA, 0}, ++ {"pkc(dsa)", CRYPTO_ALG_TYPE_PKC_DSA, 0}, ++ {"pkc(dh)", CRYPTO_ALG_TYPE_PKC_DH, 0}, ++}; ++ + int crypto_run_asym(struct cryptodev_pkc *pkc) + { +- int ret = -EINVAL; ++ int err = -EINVAL; ++ int id; + struct kernel_crypt_kop *kop = &pkc->kop; ++ enum pkc_req_type pkc_req_type; ++ int (*call_next_action)(struct cryptodev_pkc *pkc); + + switch (kop->kop.crk_op) { + case CRK_MOD_EXP: + if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) +- goto err; +- +- ret = crypto_bn_modexp(pkc); ++ return err; ++ pkc_req_type = RSA_PUB; ++ id = 0; ++ call_next_action = crypto_bn_modexp; + break; + case CRK_MOD_EXP_CRT: + if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) +- goto err; +- +- ret = crypto_modexp_crt(pkc); ++ return err; ++ pkc_req_type = RSA_PRIV_FORM3; ++ id = 0; ++ call_next_action = crypto_modexp_crt; + break; + case CRK_DSA_SIGN: +- if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || +- kop->kop.crk_oparams != 2) +- goto err; +- +- ret = crypto_kop_dsasign(pkc); ++ if (kop->kop.crk_oparams != 2) ++ return err; ++ else if (kop->kop.crk_iparams == 5) ++ pkc_req_type = DSA_SIGN; ++ else if (kop->kop.crk_iparams == 6) ++ pkc_req_type = ECDSA_SIGN; ++ else ++ return err; ++ id = 1; ++ call_next_action = crypto_kop_dsasign; + break; + case CRK_DSA_VERIFY: +- if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || +- kop->kop.crk_oparams != 0) +- goto err; +- +- ret = crypto_kop_dsaverify(pkc); ++ if (kop->kop.crk_oparams != 0) ++ return err; ++ else if (kop->kop.crk_iparams == 7) ++ pkc_req_type = DSA_VERIFY; ++ else if (kop->kop.crk_iparams == 8) ++ pkc_req_type = ECDSA_VERIFY; ++ else ++ return err; ++ id = 1; ++ call_next_action = crypto_kop_dsaverify; + break; + case CRK_DH_COMPUTE_KEY: +- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || +- kop->kop.crk_oparams != 1) +- goto err; +- ret = crypto_kop_dh_key(pkc); ++ if (kop->kop.crk_oparams != 1) ++ return err; ++ else if (kop->kop.crk_iparams == 3) ++ pkc_req_type = DH_COMPUTE_KEY; ++ else if (kop->kop.crk_iparams == 4) ++ pkc_req_type = ECDH_COMPUTE_KEY; ++ else ++ return err; ++ id = 2; ++ call_next_action = crypto_kop_dh_key; + break; + case CRK_DH_GENERATE_KEY: + case CRK_DSA_GENERATE_KEY: +- if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) +- goto err; +- ret = crypto_kop_keygen(pkc); ++ if (kop->kop.crk_iparams == 3) ++ pkc_req_type = DLC_KEYGEN; ++ else if (kop->kop.crk_iparams == 4) ++ pkc_req_type = ECC_KEYGEN; ++ else ++ return err; ++ id = 1; ++ call_next_action = crypto_kop_keygen; + break; + case CRK_RSA_GENERATE_KEY: +- ret = crypto_kop_rsa_keygen(pkc); ++ pkc_req_type = RSA_KEYGEN; ++ id = 0; ++ call_next_action = crypto_kop_rsa_keygen; + break; ++ default: ++ return err; + } +-err: +- return ret; ++ err = -ENOMEM; ++ pkc->s = crypto_alloc_pkc(pkc_alg_list[id].alg_name, ++ pkc_alg_list[id].type, ++ pkc_alg_list[id].mask); ++ if (IS_ERR_OR_NULL(pkc->s)) ++ return err; ++ ++ pkc->req = pkc_request_alloc(pkc->s, GFP_KERNEL); ++ if (IS_ERR_OR_NULL(pkc->req)) ++ goto out_free_tfm; ++ ++ /* todo - fix alloc-free on error path */ ++ pkc->req->type = pkc_req_type; ++ err = call_next_action(pkc); ++ if (pkc->type == SYNCHRONOUS) ++ kfree(pkc->req); ++ ++ return err; ++ ++out_free_tfm: ++ crypto_free_pkc(pkc->s); ++ return err; + } + + int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0015-fix-pkc-request-deallocation.patch b/recipes-kernel/cryptodev/sdk_patches/0015-fix-pkc-request-deallocation.patch new file mode 100644 index 0000000..ef18992 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0015-fix-pkc-request-deallocation.patch @@ -0,0 +1,40 @@ +From 212e418fa7b70c8ba79446006001c574cb9d42f8 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 23 Feb 2015 15:28:22 +0200 +Subject: [PATCH 15/38] fix pkc request deallocation + +The request to be freed is actually pkc->req, and should be done inside +the fetch ioctl for ASYNC (this patch) and in crypt ioctl for SYNC +operations. + +Change-Id: I6f046f2ebeae4cb513a419996ca96b52e37468ed +Signed-off-by: Cristian Stoica +Reviewed-on: http://git.am.freescale.net:8181/34224 +--- + ioctl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 797b73c..da3a842 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -114,8 +114,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + /* wake for POLLIN */ + wake_up_interruptible(&pcr->user_waiter); + } +- +- kfree(req); + } + + #define FILL_SG(sg, ptr, len) \ +@@ -1113,6 +1111,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + cookie_list.cookie[i] = pkc->kop.kop.cookie; + cookie_list.status[i] = pkc->result.err; + } ++ kfree(pkc->req); + kfree(pkc); + } else { + spin_unlock_bh(&pcr->completion_lock); +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0016-add-basic-detection-of-asym-features.patch b/recipes-kernel/cryptodev/sdk_patches/0016-add-basic-detection-of-asym-features.patch new file mode 100644 index 0000000..9301349 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0016-add-basic-detection-of-asym-features.patch @@ -0,0 +1,37 @@ +From 4ce4081d9abef651473e9d7e089a0748f77db631 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 20 Apr 2015 13:18:47 +0300 +Subject: [PATCH 16/38] add basic detection of asym features + +Change-Id: I3b3ba8664bf631a63be1f11e715024509e20f841 +Signed-off-by: Cristian Stoica +--- + ioctl.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index da3a842..53dbf64 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -977,10 +977,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | +- CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | +- CRF_RSA_GENERATE_KEY, p); ++ ses = 0; ++ if (crypto_has_alg("pkc(rsa)", 0, 0)) ++ ses = CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_RSA_GENERATE_KEY; ++ if (crypto_has_alg("pkc(dsa)", 0, 0)) ++ ses |= CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DSA_GENERATE_KEY; ++ if (crypto_has_alg("pkc(dh)", 0, 0)) ++ ses |= CRF_DH_COMPUTE_KEY |CRF_DH_GENERATE_KEY; ++ return put_user(ses, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0017-remove-dead-code.patch b/recipes-kernel/cryptodev/sdk_patches/0017-remove-dead-code.patch new file mode 100644 index 0000000..07c389c --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0017-remove-dead-code.patch @@ -0,0 +1,67 @@ +From 0ca641091b4113d73e75d30ef530c88836849308 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Fri, 29 May 2015 15:28:47 +0300 +Subject: [PATCH 17/38] remove dead code + +Functions kop_to_user and compat_kop_to_user are never used. Delete them +to avoid compiler warnings. + + +crypto/../../cryptodev-linux/ioctl.c:841:12: warning: 'kop_to_user' defined but not used [-Wunused-function] + static int kop_to_user(struct kernel_crypt_kop *kop, + ^ +crypto/../../cryptodev-linux/ioctl.c: At top level: +crypto/../../cryptodev-linux/ioctl.c:1195:12: warning: 'compat_kop_to_user' defined but not used [-Wunused-function] + static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) + ^ +Signed-off-by: Tudor Ambarus +Signed-off-by: Cristian Stoica +Change-Id: I6bd8a7eb6144224a20cd400813ab15a7a192dbb1 +Reviewed-on: http://git.am.freescale.net:8181/37440 +--- + ioctl.c | 22 ---------------------- + 1 file changed, 22 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 53dbf64..39635a4 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -838,16 +838,6 @@ static int kop_from_user(struct kernel_crypt_kop *kop, + return fill_kop_from_cop(kop); + } + +-static int kop_to_user(struct kernel_crypt_kop *kop, +- void __user *arg) +-{ +- if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { +- dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); +- return -EFAULT; +- } +- return 0; +-} +- + static int kcop_from_user(struct kernel_crypt_op *kcop, + struct fcrypt *fcr, void __user *arg) + { +@@ -1192,18 +1182,6 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop, + compat->curve_type = kop->curve_type; + } + +-static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) +-{ +- struct compat_crypt_kop compat_kop; +- +- crypt_kop_to_compat(&kop->kop, &compat_kop); +- if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { +- dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); +- return -EFAULT; +- } +- return 0; +-} +- + static inline void + compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) + { +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0018-fix-compat-warnings.patch b/recipes-kernel/cryptodev/sdk_patches/0018-fix-compat-warnings.patch new file mode 100644 index 0000000..b0fcf0f --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0018-fix-compat-warnings.patch @@ -0,0 +1,64 @@ +From 596378a22532908487f2c5e4d717c5ae618c4c7d Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 2 Jun 2015 10:44:12 +0300 +Subject: [PATCH 18/38] fix compat warnings + + CC [M] crypto/../../cryptodev-linux/ioctl.o +crypto/../../cryptodev-linux/ioctl.c: In function 'compat_to_crypt_kop': +crypto/../../cryptodev-linux/ioctl.c:1161:14: warning: assignment makes pointer from integer without a cast + kop->cookie = compat->cookie; + ^ +crypto/../../cryptodev-linux/ioctl.c: In function 'crypt_kop_to_compat': +crypto/../../cryptodev-linux/ioctl.c:1191:17: warning: assignment makes integer from pointer without a cast + compat->cookie = kop->cookie; + ^ +crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl': +crypto/../../cryptodev-linux/ioctl.c:1430:28: warning: assignment makes integer from pointer without a cast + cookie_list.cookie[i] = + ^ + +Signed-off-by: Tudor Ambarus +Change-Id: Id851408c0c743c01447f3b0ced38fbc1ae94d4db +Reviewed-on: http://git.am.freescale.net:8181/37442 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + ioctl.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 39635a4..f3ce2f6 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1148,7 +1148,7 @@ static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, + } + + kop->curve_type = compat->curve_type; +- kop->cookie = compat->cookie; ++ kop->cookie = compat_ptr(compat->cookie); + } + + static int compat_kop_from_user(struct kernel_crypt_kop *kop, +@@ -1178,7 +1178,7 @@ static inline void crypt_kop_to_compat(struct crypt_kop *kop, + ptr_to_compat(kop->crk_param[i].crp_p); + compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; + } +- compat->cookie = kop->cookie; ++ compat->cookie = ptr_to_compat(kop->cookie); + compat->curve_type = kop->curve_type; + } + +@@ -1405,8 +1405,8 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +- cookie_list.cookie[i] = +- pkc->kop.kop.cookie; ++ cookie_list.cookie[i] = ptr_to_compat( ++ pkc->kop.kop.cookie); + } + kfree(pkc); + } else { +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0019-fix-size_t-print-format.patch b/recipes-kernel/cryptodev/sdk_patches/0019-fix-size_t-print-format.patch new file mode 100644 index 0000000..fdf8c5d --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0019-fix-size_t-print-format.patch @@ -0,0 +1,61 @@ +From 1d10f06bef0f07980a08b387850c1daf1d3a8e87 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 2 Jun 2015 12:11:12 +0300 +Subject: [PATCH 19/38] fix size_t print format + + CC [M] crypto/../../cryptodev-linux/cryptlib.o +crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_cipher_init': +crypto/../../cryptodev-linux/cryptlib.c:146:5: warning: format '%u' expects argument of type 'unsigned int', but argument 6 has type 'size_t' [-Wformat=] + ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", + ^ +crypto/../../cryptodev-linux/cryptlib.c:173:3: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=] + ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); + ^ +crypto/../../cryptodev-linux/cryptlib.c: In function 'cryptodev_hash_init': +crypto/../../cryptodev-linux/cryptlib.c:340:4: warning: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'size_t' [-Wformat=] + ddebug(1, "Setting hmac key failed for %s-%u.", + ^ + +Signed-off-by: Tudor Ambarus +Change-Id: I67f2d79f68b4d62b598073c6a918a110523fadfd +Reviewed-on: http://git.am.freescale.net:8181/37443 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + cryptlib.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 5882a30..10f5e1a 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -143,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + if (alg->max_keysize > 0 && + unlikely((keylen < alg->min_keysize) || + (keylen > alg->max_keysize))) { +- ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", ++ ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", + keylen, alg_name, alg->min_keysize, alg->max_keysize); + ret = -EINVAL; + goto error; +@@ -170,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + } + + if (unlikely(ret)) { +- ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); ++ ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); + ret = -EINVAL; + goto error; + } +@@ -337,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + if (hmac_mode != 0) { + ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); + if (unlikely(ret)) { +- ddebug(1, "Setting hmac key failed for %s-%u.", ++ ddebug(1, "Setting hmac key failed for %s-%zu.", + alg_name, mackeylen*8); + ret = -EINVAL; + goto error; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0020-fix-uninitialized-variable-compiler-warning.patch b/recipes-kernel/cryptodev/sdk_patches/0020-fix-uninitialized-variable-compiler-warning.patch new file mode 100644 index 0000000..dddd77e --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0020-fix-uninitialized-variable-compiler-warning.patch @@ -0,0 +1,38 @@ +From be9f6a0dc90847dbb00307d23f47b8b3fc3ff130 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Fri, 29 May 2015 15:49:22 +0300 +Subject: [PATCH 20/38] fix uninitialized variable compiler warning + +crypto/../../cryptodev-linux/ioctl.c: In function 'cryptodev_compat_ioctl': +crypto/../../cryptodev-linux/ioctl.c:1445:2: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized] + return ret; + ^ + +Signed-off-by: Tudor Ambarus +Change-Id: Id5226fc97a3bb880ca6db86df58957122bbaa428 +Reviewed-on: http://git.am.freescale.net:8181/37441 +Reviewed-by: Cristian Stoica +Tested-by: Cristian Stoica +--- + ioctl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ioctl.c b/ioctl.c +index f3ce2f6..7cd3c56 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1387,9 +1387,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- int i = 0; ++ int i; + struct compat_pkc_cookie_list_s cookie_list; + ++ ret = 0; + cookie_list.cookie_available = 0; + + for (i = 0; i < MAX_COOKIES; i++) { +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0021-check-return-codes-for-copy-to-from-user-functions.patch b/recipes-kernel/cryptodev/sdk_patches/0021-check-return-codes-for-copy-to-from-user-functions.patch new file mode 100644 index 0000000..2cace5f --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0021-check-return-codes-for-copy-to-from-user-functions.patch @@ -0,0 +1,398 @@ +From 4078382cfc69c0f5e582d485fe8cc778f9e458d1 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 21 Sep 2015 16:39:52 +0300 +Subject: [PATCH 21/38] check return codes for copy to/from user functions + +- these functions may fail and we should check their return codes. +- fix an unintended fall-through in CRK_DSA_GENERATE_KEY +- fix incorrect return code for CIOCASYMFETCHCOOKIE + +Signed-off-by: Cristian Stoica +--- + ioctl.c | 42 +++++++-------- + main.c | 183 ++++++++++++++++++++++++++++++---------------------------------- + 2 files changed, 108 insertions(+), 117 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index 7cd3c56..8fa3e5c 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -711,13 +711,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + case CRK_MOD_EXP: + { + struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req; +- copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); ++ ret = copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); + } + break; + case CRK_MOD_EXP_CRT: + { + struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3; +- copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); ++ ret = copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); + } + break; + case CRK_DSA_SIGN: +@@ -725,11 +725,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; + + if (pkc->req->type == ECDSA_SIGN) { +- copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); +- copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); ++ ret = copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) || ++ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); + } else { +- copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len); +- copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); ++ ret = copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) || ++ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); + } + } + break; +@@ -739,9 +739,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + { + struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req; + if (pkc->req->type == ECDH_COMPUTE_KEY) +- copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); ++ ret = copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); + else +- copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); ++ ret = copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); + } + break; + case CRK_DSA_GENERATE_KEY: +@@ -750,16 +750,17 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + struct keygen_req_s *key_req = &pkc->req->req_u.keygen; + + if (pkc->req->type == ECC_KEYGEN) { +- copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, +- key_req->pub_key_len); +- copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, ++ ret = copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len) || ++ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, + key_req->priv_key_len); + } else { +- copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, +- key_req->pub_key_len); +- copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, ++ ret = copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, ++ key_req->pub_key_len) || ++ copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, + key_req->priv_key_len); + } ++ break; + } + default: + ret = -EINVAL; +@@ -1115,14 +1116,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + /* Reflect the updated request to user-space */ + if (cookie_list.cookie_available) { +- copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); ++ ret = copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); + } else { + struct pkc_cookie_list_s *user_ck_list = (void *)arg; +- put_user(0, &(user_ck_list->cookie_available)); ++ ret = put_user(0, &(user_ck_list->cookie_available)); + } +- ret = cookie_list.cookie_available; + } +- + return ret; + default: + return -EINVAL; +@@ -1417,9 +1416,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + } + + /* Reflect the updated request to user-space */ +- if (cookie_list.cookie_available) +- copy_to_user(arg, &cookie_list, +- sizeof(struct compat_pkc_cookie_list_s)); ++ if (cookie_list.cookie_available) { ++ ret = copy_to_user(arg, &cookie_list, ++ sizeof(struct compat_pkc_cookie_list_s)); ++ } + } + return ret; + default: +diff --git a/main.c b/main.c +index ed1c69a..e5adb93 100644 +--- a/main.c ++++ b/main.c +@@ -223,31 +223,29 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) + dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; + dsa_req->c = dsa_req->m + dsa_req->m_len; + dsa_req->d = dsa_req->c + dsa_req->d_len; +- copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); +- copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); +- copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); +- copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); +- copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, +- dsa_req->priv_key_len); ++ rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) || ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) || ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) || ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) || ++ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, dsa_req->priv_key_len); + if (cop->crk_iparams == 6) { + dsa_req->ab = dsa_req->d + dsa_req->d_len; +- copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, ++ rc = rc || copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, + dsa_req->ab_len); + } ++ if (rc) ++ goto err; ++ + rc = cryptodev_pkc_offload(pkc); + if (pkc->type == SYNCHRONOUS) { +- if (rc) +- goto err; + if (cop->crk_iparams == 6) { +- copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, +- dsa_req->d_len); +- copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, +- dsa_req->d_len); ++ rc = rc || ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) || ++ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); + } else { +- copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, +- dsa_req->d_len); +- copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, +- dsa_req->d_len); ++ rc = rc || ++ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) || ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); + } + } else { + if (rc != -EINPROGRESS && rc != 0) +@@ -303,31 +301,28 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; + dsa_req->c = dsa_req->m + dsa_req->m_len; + dsa_req->d = dsa_req->c + dsa_req->d_len; +- copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); +- copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); +- copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); +- copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); +- copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, +- dsa_req->pub_key_len); ++ rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) || ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) || ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) || ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) || ++ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, dsa_req->pub_key_len); + if (cop->crk_iparams == 8) { + dsa_req->ab = dsa_req->d + dsa_req->d_len; +- copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, +- dsa_req->ab_len); +- copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, +- dsa_req->d_len); +- copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, +- dsa_req->d_len); ++ rc = rc || ++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, dsa_req->ab_len) || ++ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, dsa_req->d_len) || ++ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, dsa_req->d_len); + } else { +- copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, +- dsa_req->d_len); +- copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, +- dsa_req->d_len); ++ rc = rc || ++ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, dsa_req->d_len) || ++ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, dsa_req->d_len); + } ++ ++ if (rc) ++ goto err; ++ + rc = cryptodev_pkc_offload(pkc); +- if (pkc->type == SYNCHRONOUS) { +- if (rc) +- goto err; +- } else { ++ if (pkc->type != SYNCHRONOUS) { + if (rc != -EINPROGRESS && !rc) + goto err; + pkc->cookie = buf; +@@ -380,24 +375,15 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) + rc = cryptodev_pkc_offload(pkc); + + if (pkc->type == SYNCHRONOUS) { +- if (rc) +- goto err; +- +- copy_to_user(cop->crk_param[0].crp_p, +- key_req->p, key_req->p_len); +- copy_to_user(cop->crk_param[1].crp_p, +- key_req->q, key_req->q_len); +- copy_to_user(cop->crk_param[2].crp_p, +- key_req->n, key_req->n_len); +- copy_to_user(cop->crk_param[3].crp_p, +- key_req->d, key_req->d_len); +- copy_to_user(cop->crk_param[4].crp_p, +- key_req->dp, key_req->dp_len); +- copy_to_user(cop->crk_param[5].crp_p, +- key_req->dq, key_req->dq_len); +- copy_to_user(cop->crk_param[6].crp_p, +- key_req->c, key_req->c_len); +- } else { ++ rc = rc || ++ copy_to_user(cop->crk_param[0].crp_p, key_req->p, key_req->p_len) || ++ copy_to_user(cop->crk_param[1].crp_p, key_req->q, key_req->q_len) || ++ copy_to_user(cop->crk_param[2].crp_p, key_req->n, key_req->n_len) || ++ copy_to_user(cop->crk_param[3].crp_p, key_req->d, key_req->d_len) || ++ copy_to_user(cop->crk_param[4].crp_p, key_req->dp, key_req->dp_len) || ++ copy_to_user(cop->crk_param[5].crp_p, key_req->dq, key_req->dq_len) || ++ copy_to_user(cop->crk_param[6].crp_p, key_req->c, key_req->c_len); ++ } else { + if (rc != -EINPROGRESS && !rc) { + printk("%s: Failed\n", __func__); + goto err; +@@ -451,30 +437,33 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + key_req->g = key_req->r + key_req->r_len; + key_req->pub_key = key_req->g + key_req->g_len; + key_req->priv_key = key_req->pub_key + key_req->pub_key_len; +- copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); +- copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); +- copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); ++ rc = copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len) || ++ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len) || ++ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); ++ + if (cop->crk_iparams == 4) { + key_req->ab = key_req->priv_key + key_req->priv_key_len; +- copy_from_user(key_req->ab, cop->crk_param[3].crp_p, ++ rc = rc || copy_from_user(key_req->ab, cop->crk_param[3].crp_p, + key_req->ab_len); + } + ++ if (rc) ++ goto err; ++ + rc = cryptodev_pkc_offload(pkc); + if (pkc->type == SYNCHRONOUS) { +- if (rc) +- goto err; +- + if (cop->crk_iparams == 4) { +- copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, +- key_req->pub_key_len); +- copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, ++ rc = rc || ++ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len) || ++ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, + key_req->priv_key_len); + } else { +- copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, +- key_req->pub_key_len); +- copy_to_user(cop->crk_param[4].crp_p, +- key_req->priv_key, key_req->priv_key_len); ++ rc = rc || ++ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, ++ key_req->pub_key_len) || ++ copy_to_user(cop->crk_param[4].crp_p, key_req->priv_key, ++ key_req->priv_key_len); + } + } else { + if (rc != -EINPROGRESS && !rc) +@@ -495,7 +484,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + struct dh_key_req_s *dh_req; + int buf_size; + uint8_t *buf; +- int rc = -EINVAL; ++ int rc = 0; + + dh_req = &pkc->req->req_u.dh_req; + dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; +@@ -520,22 +509,23 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + if (cop->crk_iparams == 4) { + dh_req->ab = dh_req->z + dh_req->z_len; + pkc->req->curve_type = cop->curve_type; +- copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, +- dh_req->ab_len); ++ rc = copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, dh_req->ab_len); + } +- copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); +- copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, +- dh_req->pub_key_len); +- copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); ++ ++ rc = rc || ++ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len) || ++ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, dh_req->pub_key_len) || ++ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); ++ if (rc) ++ goto err; ++ + rc = cryptodev_pkc_offload(pkc); + if (pkc->type == SYNCHRONOUS) { +- if (rc) +- goto err; + if (cop->crk_iparams == 4) +- copy_to_user(cop->crk_param[4].crp_p, dh_req->z, ++ rc = rc || copy_to_user(cop->crk_param[4].crp_p, dh_req->z, + dh_req->z_len); + else +- copy_to_user(cop->crk_param[3].crp_p, dh_req->z, ++ rc = rc || copy_to_user(cop->crk_param[3].crp_p, dh_req->z, + dh_req->z_len); + } else { + if (rc != -EINPROGRESS && rc != 0) +@@ -582,19 +572,19 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) + rsa_req->dq = rsa_req->dp + rsa_req->dp_len; + rsa_req->c = rsa_req->dq + rsa_req->dq_len; + rsa_req->f = rsa_req->c + rsa_req->c_len; +- copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); +- copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); +- copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); +- copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); +- copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); +- copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); ++ rc = copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len) || ++ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len) || ++ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len) || ++ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len) || ++ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len) || ++ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); ++ if (rc) ++ goto err; ++ + rc = cryptodev_pkc_offload(pkc); + + if (pkc->type == SYNCHRONOUS) { +- if (rc) +- goto err; +- copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, +- rsa_req->f_len); ++ rc = rc || copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); + } else { + if (rc != -EINPROGRESS && rc != 0) + goto err; +@@ -633,14 +623,15 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) + rsa_req->f = rsa_req->e + rsa_req->e_len; + rsa_req->g = rsa_req->f + rsa_req->f_len; + rsa_req->n = rsa_req->g + rsa_req->g_len; +- copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); +- copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); +- copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); ++ rc = copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len) || ++ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len) || ++ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); ++ if (rc) ++ goto err; ++ + rc = cryptodev_pkc_offload(pkc); + if (pkc->type == SYNCHRONOUS) { +- if (rc) +- goto err; +- copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); ++ rc = rc || copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); + } else { + if (rc != -EINPROGRESS && rc != 0) + goto err; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0022-fix-double-free-pkc-req-on-error.patch b/recipes-kernel/cryptodev/sdk_patches/0022-fix-double-free-pkc-req-on-error.patch new file mode 100644 index 0000000..7bc177e --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0022-fix-double-free-pkc-req-on-error.patch @@ -0,0 +1,26 @@ +From 85146b8429ba11bd0be68c24c17dd77b21ec8c25 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 12 Oct 2015 23:03:28 +0300 +Subject: [PATCH 22/38] fix double free pkc->req on error + +Signed-off-by: Cristian Stoica +--- + main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/main.c b/main.c +index e5adb93..ec11129 100644 +--- a/main.c ++++ b/main.c +@@ -747,7 +747,7 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) + /* todo - fix alloc-free on error path */ + pkc->req->type = pkc_req_type; + err = call_next_action(pkc); +- if (pkc->type == SYNCHRONOUS) ++ if (err == 0 && pkc->type == SYNCHRONOUS) + kfree(pkc->req); + + return err; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0023-remove-MAY_BACKLOG-flag-from-requests.patch b/recipes-kernel/cryptodev/sdk_patches/0023-remove-MAY_BACKLOG-flag-from-requests.patch new file mode 100644 index 0000000..5674e03 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0023-remove-MAY_BACKLOG-flag-from-requests.patch @@ -0,0 +1,69 @@ +From 7d0d0deb255f8c59b0cf6d3944ee2e3be4133b4c Mon Sep 17 00:00:00 2001 +From: Alex Porosanu +Date: Mon, 19 Oct 2015 11:53:11 +0300 +Subject: [PATCH 23/38] remove MAY_BACKLOG flag from requests + +cryptodev doesn't implement the backlogging mechanism properly, +since it misses the possibility of sleeping and waiting for +wake-up when the crypto driver below starts working on the +submitted backloggable request. +In case the crypto driver below implements backlogging mechanisms, +this can lead to side-effects such as working on previously-free'ed +data. +This patch removes the MAY_BACKLOG flag from the requests. + +Change-Id: Ia3d822b1abfc1a51e2ce3e9682476b2c99d19c5a +Signed-off-by: Alex Porosanu +--- + cryptlib.c | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 10f5e1a..eba4616 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -194,8 +194,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + goto error; + } + +- ablkcipher_request_set_callback(out->async.request, +- CRYPTO_TFM_REQ_MAY_BACKLOG, ++ ablkcipher_request_set_callback(out->async.request, 0, + cryptodev_complete, out->async.result); + } else { + out->async.arequest = aead_request_alloc(out->async.as, GFP_KERNEL); +@@ -205,8 +204,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + goto error; + } + +- aead_request_set_callback(out->async.arequest, +- CRYPTO_TFM_REQ_MAY_BACKLOG, ++ aead_request_set_callback(out->async.arequest, 0, + cryptodev_complete, out->async.result); + } + +@@ -362,9 +360,8 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + goto error; + } + +- ahash_request_set_callback(hdata->async.request, +- CRYPTO_TFM_REQ_MAY_BACKLOG, +- cryptodev_complete, hdata->async.result); ++ ahash_request_set_callback(hdata->async.request, 0, ++ cryptodev_complete, hdata->async.result); + + ret = crypto_ahash_init(hdata->async.request); + if (unlikely(ret)) { +@@ -439,8 +436,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + int ret; + + init_completion(&pkc->result.completion); +- pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG, +- cryptodev_complete_asym, pkc); ++ pkc_request_set_callback(pkc->req, 0, cryptodev_complete_asym, pkc); + ret = crypto_pkc_op(pkc->req); + if (ret != -EINPROGRESS && ret != 0) + goto error; +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch b/recipes-kernel/cryptodev/sdk_patches/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch new file mode 100644 index 0000000..7277086 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch @@ -0,0 +1,29 @@ +From 53e4d0fe4a334dae3df32b2053e4ebdfda2e9148 Mon Sep 17 00:00:00 2001 +From: Tudor Ambarus +Date: Tue, 27 Oct 2015 15:51:02 +0200 +Subject: [PATCH 24/38] fix COMPAT_CIOCKEY ioctl command number + +CIOCKEY and COMPAT_CIOCKEY had different command numbers, +so that 32-bit applications got EINVAL error on 64-bit kernel. + +Signed-off-by: Tudor Ambarus +--- + cryptodev_int.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cryptodev_int.h b/cryptodev_int.h +index c83c885..cb005d7 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -132,7 +132,7 @@ struct compat_crypt_auth_op { + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) +-#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) ++#define COMPAT_CIOCKEY _IOWR('c', 105, struct compat_crypt_kop) + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) + #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0025-fix-benchmarks-linking.patch b/recipes-kernel/cryptodev/sdk_patches/0025-fix-benchmarks-linking.patch new file mode 100644 index 0000000..608c681 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0025-fix-benchmarks-linking.patch @@ -0,0 +1,25 @@ +From 978cfcf9253c409520c0f168f8caa249f50a8843 Mon Sep 17 00:00:00 2001 +From: Fridolin Pokorny +Date: Fri, 8 Jan 2016 09:38:29 +0100 +Subject: [PATCH 25/38] fix benchmarks linking + +--- + lib/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Makefile b/lib/Makefile +index af87795..3bedc34 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -3,7 +3,7 @@ CFLAGS=-g -O2 -Wall + all: benchmark + + benchmark: main.c libthreshold.a +- gcc $(CFLAGS) -DDEBUG -o $@ $^ -lssl libthreshold.a ++ gcc $(CFLAGS) -DDEBUG -o $@ $^ -lssl -lcrypto libthreshold.a + + .o: + gcc $(CCFLAGS) -c $< -o $@ +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0026-fix-Makefile-to-allow-parallel-make-with-j-option.patch b/recipes-kernel/cryptodev/sdk_patches/0026-fix-Makefile-to-allow-parallel-make-with-j-option.patch new file mode 100644 index 0000000..b8cf4e1 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0026-fix-Makefile-to-allow-parallel-make-with-j-option.patch @@ -0,0 +1,56 @@ +From d96ae48c87f80af1a202c2d2e837bf477edc0fb7 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 10 Dec 2015 12:42:18 +0200 +Subject: [PATCH 26/38] fix Makefile to allow parallel make with -j option +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Recursive make commands should always use the variable MAKE, not the +explicit command name ‘make’ + +Documented in section "5.7.1 How the MAKE Variable Works" of GNU Make manual + +Signed-off-by: Cristian Stoica +--- + Makefile | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/Makefile b/Makefile +index 9e56e9d..2f50210 100644 +--- a/Makefile ++++ b/Makefile +@@ -22,7 +22,7 @@ KERNEL_MAKE_OPTS += CROSS_COMPILE=${CROSS_COMPILE} + endif + + build: version.h +- make ${KERNEL_MAKE_OPTS} modules ++ $(MAKE) $(KERNEL_MAKE_OPTS) modules + + version.h: Makefile + @echo "#define VERSION \"$(VERSION)\"" > version.h +@@ -30,17 +30,17 @@ version.h: Makefile + install: modules_install + + modules_install: +- make -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install ++ $(MAKE) -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install + @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..." + @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h + + clean: +- make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean ++ $(MAKE) -C $(KERNEL_DIR) SUBDIRS=`pwd` clean + rm -f $(hostprogs) *~ +- CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests clean ++ CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests clean + + check: +- CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check ++ CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests check + + CPOPTS = + ifneq (${SHOW_TYPES},) +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0027-use-Linux-kernel-conventions-for-Makefile-variables.patch b/recipes-kernel/cryptodev/sdk_patches/0027-use-Linux-kernel-conventions-for-Makefile-variables.patch new file mode 100644 index 0000000..ad18da8 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0027-use-Linux-kernel-conventions-for-Makefile-variables.patch @@ -0,0 +1,47 @@ +From e51bf208fbd3796238ff4d721e8d070f711f8c56 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 10 Dec 2015 12:42:19 +0200 +Subject: [PATCH 27/38] use Linux kernel conventions for Makefile variables + +The kernel Makefile specifies to use M=... instead of SUBDIR=... for +external modules. + +PWD variable is already set in a POSIX system and calling `pwd` to find +it is redundant. + +Signed-off-by: Cristian Stoica +--- + Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index 2f50210..7c7e193 100644 +--- a/Makefile ++++ b/Makefile +@@ -13,7 +13,7 @@ cryptodev-objs = ioctl.o main.o cryptlib.o authenc.o zc.o util.o + + obj-m += cryptodev.o + +-KERNEL_MAKE_OPTS := -C ${KERNEL_DIR} SUBDIRS=`pwd` ++KERNEL_MAKE_OPTS := -C $(KERNEL_DIR) M=$(PWD) + ifneq (${ARCH},) + KERNEL_MAKE_OPTS += ARCH=${ARCH} + endif +@@ -30,12 +30,12 @@ version.h: Makefile + install: modules_install + + modules_install: +- $(MAKE) -C $(KERNEL_DIR) SUBDIRS=`pwd` modules_install ++ $(MAKE) -C $(KERNEL_DIR) M=$(PWD) modules_install + @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..." + @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h + + clean: +- $(MAKE) -C $(KERNEL_DIR) SUBDIRS=`pwd` clean ++ $(MAKE) -C $(KERNEL_DIR) M=$(PWD) clean + rm -f $(hostprogs) *~ + CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests clean + +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0028-for-consistency-use-.-instead-of-.-in-makefiles.patch b/recipes-kernel/cryptodev/sdk_patches/0028-for-consistency-use-.-instead-of-.-in-makefiles.patch new file mode 100644 index 0000000..756ca33 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0028-for-consistency-use-.-instead-of-.-in-makefiles.patch @@ -0,0 +1,73 @@ +From 22b63631de17507c12355c30e408dbd88350bb3a Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 10 Dec 2015 12:42:20 +0200 +Subject: [PATCH 28/38] for consistency, use $(...) instead of ${...} in + makefiles + +Both syntax rules are equaly valid and mixing them is permitted but +looks inconsistent. + +See section "6.1 Basics of Variable References" of GNU make manual + +Signed-off-by: Cristian Stoica +--- + Makefile | 16 ++++++++-------- + tests/Makefile | 2 +- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/Makefile b/Makefile +index 7c7e193..7f8df37 100644 +--- a/Makefile ++++ b/Makefile +@@ -14,11 +14,11 @@ cryptodev-objs = ioctl.o main.o cryptlib.o authenc.o zc.o util.o + obj-m += cryptodev.o + + KERNEL_MAKE_OPTS := -C $(KERNEL_DIR) M=$(PWD) +-ifneq (${ARCH},) +-KERNEL_MAKE_OPTS += ARCH=${ARCH} ++ifneq ($(ARCH),) ++KERNEL_MAKE_OPTS += ARCH=$(ARCH) + endif +-ifneq (${CROSS_COMPILE},) +-KERNEL_MAKE_OPTS += CROSS_COMPILE=${CROSS_COMPILE} ++ifneq ($(CROSS_COMPILE),) ++KERNEL_MAKE_OPTS += CROSS_COMPILE=$(CROSS_COMPILE) + endif + + build: version.h +@@ -43,15 +43,15 @@ check: + CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests check + + CPOPTS = +-ifneq (${SHOW_TYPES},) ++ifneq ($(SHOW_TYPES),) + CPOPTS += --show-types + endif +-ifneq (${IGNORE_TYPES},) +-CPOPTS += --ignore ${IGNORE_TYPES} ++ifneq ($(IGNORE_TYPES),) ++CPOPTS += --ignore $(IGNORE_TYPES) + endif + + checkpatch: +- $(KERNEL_DIR)/scripts/checkpatch.pl ${CPOPTS} --file *.c *.h ++ $(KERNEL_DIR)/scripts/checkpatch.pl $(CPOPTS) --file *.c *.h + + VERSIONTAG = refs/tags/cryptodev-linux-$(VERSION) + FILEBASE = cryptodev-linux-$(VERSION) +diff --git a/tests/Makefile b/tests/Makefile +index 20c52ba..3155da9 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -6,7 +6,7 @@ comp_progs := cipher_comp hash_comp hmac_comp + + hostprogs := cipher cipher-aead hmac speed async_cipher async_hmac \ + async_speed sha_speed hashcrypt_speed fullspeed cipher-gcm \ +- cipher-aead-srtp ${comp_progs} ++ cipher-aead-srtp $(comp_progs) + + example-cipher-objs := cipher.o + example-cipher-aead-objs := cipher-aead.o +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0029-fix-clean-up-on-error-path-for-crypto_create_session.patch b/recipes-kernel/cryptodev/sdk_patches/0029-fix-clean-up-on-error-path-for-crypto_create_session.patch new file mode 100644 index 0000000..67e4a89 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0029-fix-clean-up-on-error-path-for-crypto_create_session.patch @@ -0,0 +1,117 @@ +From 294abaaa4540ec340ed6046a784c9789c8724420 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 11 Jan 2016 17:45:50 +0200 +Subject: [PATCH 29/38] fix clean-up on error path for crypto_create_session + +This patch fixes clean-up on error path for failed allocations of +ses_new->pages or ses_new->sg. In these cases, allocations made in +cryptodev_hash_init have not been undone resulting in possible memory +leaks. + +We take advantage of the initializations with zeros of the session +structure to trim the code to a single clean-up path. + +Signed-off-by: Cristian Stoica +--- + ioctl.c | 28 +++++++++++++++------------- + 1 file changed, 15 insertions(+), 13 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index b23f5fd..c781f9d 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -228,7 +228,8 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + return -EINVAL; + } + +- /* Create a session and put it to the list. */ ++ /* Create a session and put it to the list. Zeroing the structure helps ++ * also with a single exit point in case of errors */ + ses_new = kzalloc(sizeof(*ses_new), GFP_KERNEL); + if (!ses_new) + return -ENOMEM; +@@ -240,19 +241,19 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + if (unlikely(ret < 0)) { + ddebug(1, "Setting key failed for %s-%zu.", + alg_name, (size_t)sop->keylen*8); +- goto error_cipher; ++ goto session_error; + } + + ret = cryptodev_get_cipher_key(keys.ckey, sop, aead); + if (unlikely(ret < 0)) +- goto error_cipher; ++ goto session_error; + + ret = cryptodev_cipher_init(&ses_new->cdata, alg_name, keys.ckey, + keylen, stream, aead); + if (ret < 0) { + ddebug(1, "Failed to load cipher for %s", alg_name); + ret = -EINVAL; +- goto error_cipher; ++ goto session_error; + } + } + +@@ -261,13 +262,13 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + ddebug(1, "Setting key failed for %s-%zu.", + hash_name, (size_t)sop->mackeylen*8); + ret = -EINVAL; +- goto error_hash; ++ goto session_error; + } + + if (sop->mackey && unlikely(copy_from_user(keys.mkey, sop->mackey, + sop->mackeylen))) { + ret = -EFAULT; +- goto error_hash; ++ goto session_error; + } + + ret = cryptodev_hash_init(&ses_new->hdata, hash_name, hmac_mode, +@@ -275,7 +276,7 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + if (ret != 0) { + ddebug(1, "Failed to load hash for %s", hash_name); + ret = -EINVAL; +- goto error_hash; ++ goto session_error; + } + } + +@@ -292,7 +293,7 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + if (ses_new->sg == NULL || ses_new->pages == NULL) { + ddebug(0, "Memory error"); + ret = -ENOMEM; +- goto error_hash; ++ goto session_error; + } + + /* put the new session to the list */ +@@ -316,18 +317,19 @@ restart: + + /* Fill in some values for the user. */ + sop->ses = ses_new->sid; +- + return 0; + +-error_hash: ++ /* We count on ses_new to be initialized with zeroes ++ * Since hdata and cdata are embedded within ses_new, it follows that ++ * hdata->init and cdata->init are either zero or one as they have been ++ * initialized or not */ ++session_error: ++ cryptodev_hash_deinit(&ses_new->hdata); + cryptodev_cipher_deinit(&ses_new->cdata); + kfree(ses_new->sg); + kfree(ses_new->pages); +-error_cipher: + kfree(ses_new); +- + return ret; +- + } + + /* Everything that needs to be done when remowing a session. */ +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0030-remove-code-duplication-in-cryptodev_hash_init.patch b/recipes-kernel/cryptodev/sdk_patches/0030-remove-code-duplication-in-cryptodev_hash_init.patch new file mode 100644 index 0000000..1e3ebf3 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0030-remove-code-duplication-in-cryptodev_hash_init.patch @@ -0,0 +1,59 @@ +From f4534df637b078fce275763bd8bc2a83bfad25e0 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 11 Jan 2016 18:01:06 +0200 +Subject: [PATCH 30/38] remove code duplication in cryptodev_hash_init + +cryptodev_hash_init is concerned mostly with allocating data structures +for hash operations. +This patch replaces the call it makes to crypto_ahash_init with +one to cryptodev_hash_reset to avoid code duplication. This call is made +now outside of the original function to increase modularity. + +Signed-off-by: Cristian Stoica +--- + cryptlib.c | 9 --------- + ioctl.c | 5 +++++ + 2 files changed, 5 insertions(+), 9 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index eba4616..4fd29eb 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -362,18 +362,9 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + + ahash_request_set_callback(hdata->async.request, 0, + cryptodev_complete, hdata->async.result); +- +- ret = crypto_ahash_init(hdata->async.request); +- if (unlikely(ret)) { +- derr(0, "error in crypto_hash_init()"); +- goto error_request; +- } +- + hdata->init = 1; + return 0; + +-error_request: +- ahash_request_free(hdata->async.request); + error: + kfree(hdata->async.result); + crypto_free_ahash(hdata->async.s); +diff --git a/ioctl.c b/ioctl.c +index b36dd03..a537886 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -338,6 +338,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + ret = -EINVAL; + goto session_error; + } ++ ++ ret = cryptodev_hash_reset(&ses_new->hdata); ++ if (ret != 0) { ++ goto session_error; ++ } + } + + ses_new->alignmask = max(ses_new->cdata.alignmask, +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0031-fix-comment-typo.patch b/recipes-kernel/cryptodev/sdk_patches/0031-fix-comment-typo.patch new file mode 100644 index 0000000..cde9552 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0031-fix-comment-typo.patch @@ -0,0 +1,26 @@ +From 73a2489ba634503a0cc2bb6e84627ceeda0f059f Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Tue, 12 Jan 2016 17:15:56 +0200 +Subject: [PATCH 31/38] fix comment typo + +Signed-off-by: Cristian Stoica +--- + ioctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ioctl.c b/ioctl.c +index a537886..7adde75 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -397,7 +397,7 @@ session_error: + return ret; + } + +-/* Everything that needs to be done when remowing a session. */ ++/* Everything that needs to be done when removing a session. */ + static inline void + crypto_destroy_session(struct csession *ses_ptr) + { +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0032-avoid-calls-to-kmalloc-on-hotpaths.patch b/recipes-kernel/cryptodev/sdk_patches/0032-avoid-calls-to-kmalloc-on-hotpaths.patch new file mode 100644 index 0000000..2aa5810 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0032-avoid-calls-to-kmalloc-on-hotpaths.patch @@ -0,0 +1,220 @@ +From 9b513838035c35fd3706bb824edd17d705641439 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Tue, 12 Jan 2016 15:13:15 +0200 +Subject: [PATCH 32/38] avoid calls to kmalloc on hotpaths + +We replace a pointer to a small structure with the structure itself to +avoid unnecessary dynamic allocations at runtime. The embedding +structure is itself dynamically allocated and we get a slight increase +in performance from elimination of unnecessary code. + +Signed-off-by: Cristian Stoica +--- + cryptlib.c | 42 +++++++++++++----------------------------- + cryptlib.h | 14 +++++++------- + 2 files changed, 20 insertions(+), 36 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 4fd29eb..5972fc2 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -178,13 +178,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + out->stream = stream; + out->aead = aead; + +- out->async.result = kzalloc(sizeof(*out->async.result), GFP_KERNEL); +- if (unlikely(!out->async.result)) { +- ret = -ENOMEM; +- goto error; +- } +- +- init_completion(&out->async.result->completion); ++ init_completion(&out->async.result.completion); + + if (aead == 0) { + out->async.request = ablkcipher_request_alloc(out->async.s, GFP_KERNEL); +@@ -195,7 +189,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + } + + ablkcipher_request_set_callback(out->async.request, 0, +- cryptodev_complete, out->async.result); ++ cryptodev_complete, &out->async.result); + } else { + out->async.arequest = aead_request_alloc(out->async.as, GFP_KERNEL); + if (unlikely(!out->async.arequest)) { +@@ -205,7 +199,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + } + + aead_request_set_callback(out->async.arequest, 0, +- cryptodev_complete, out->async.result); ++ cryptodev_complete, &out->async.result); + } + + out->init = 1; +@@ -222,7 +216,6 @@ error: + if (out->async.as) + crypto_free_aead(out->async.as); + } +- kfree(out->async.result); + + return ret; + } +@@ -242,7 +235,6 @@ void cryptodev_cipher_deinit(struct cipher_data *cdata) + crypto_free_aead(cdata->async.as); + } + +- kfree(cdata->async.result); + cdata->init = 0; + } + } +@@ -279,7 +271,7 @@ ssize_t cryptodev_cipher_encrypt(struct cipher_data *cdata, + { + int ret; + +- reinit_completion(&cdata->async.result->completion); ++ reinit_completion(&cdata->async.result.completion); + + if (cdata->aead == 0) { + ablkcipher_request_set_crypt(cdata->async.request, +@@ -293,7 +285,7 @@ ssize_t cryptodev_cipher_encrypt(struct cipher_data *cdata, + ret = crypto_aead_encrypt(cdata->async.arequest); + } + +- return waitfor(cdata->async.result, ret); ++ return waitfor(&cdata->async.result, ret); + } + + ssize_t cryptodev_cipher_decrypt(struct cipher_data *cdata, +@@ -302,7 +294,7 @@ ssize_t cryptodev_cipher_decrypt(struct cipher_data *cdata, + { + int ret; + +- reinit_completion(&cdata->async.result->completion); ++ reinit_completion(&cdata->async.result.completion); + if (cdata->aead == 0) { + ablkcipher_request_set_crypt(cdata->async.request, + (struct scatterlist *)src, dst, +@@ -315,7 +307,7 @@ ssize_t cryptodev_cipher_decrypt(struct cipher_data *cdata, + ret = crypto_aead_decrypt(cdata->async.arequest); + } + +- return waitfor(cdata->async.result, ret); ++ return waitfor(&cdata->async.result, ret); + } + + /* Hash functions */ +@@ -345,13 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + hdata->digestsize = crypto_ahash_digestsize(hdata->async.s); + hdata->alignmask = crypto_ahash_alignmask(hdata->async.s); + +- hdata->async.result = kzalloc(sizeof(*hdata->async.result), GFP_KERNEL); +- if (unlikely(!hdata->async.result)) { +- ret = -ENOMEM; +- goto error; +- } +- +- init_completion(&hdata->async.result->completion); ++ init_completion(&hdata->async.result.completion); + + hdata->async.request = ahash_request_alloc(hdata->async.s, GFP_KERNEL); + if (unlikely(!hdata->async.request)) { +@@ -361,12 +347,11 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + } + + ahash_request_set_callback(hdata->async.request, 0, +- cryptodev_complete, hdata->async.result); ++ cryptodev_complete, &hdata->async.result); + hdata->init = 1; + return 0; + + error: +- kfree(hdata->async.result); + crypto_free_ahash(hdata->async.s); + return ret; + } +@@ -376,7 +361,6 @@ void cryptodev_hash_deinit(struct hash_data *hdata) + if (hdata->init) { + if (hdata->async.request) + ahash_request_free(hdata->async.request); +- kfree(hdata->async.result); + if (hdata->async.s) + crypto_free_ahash(hdata->async.s); + hdata->init = 0; +@@ -402,24 +386,24 @@ ssize_t cryptodev_hash_update(struct hash_data *hdata, + { + int ret; + +- reinit_completion(&hdata->async.result->completion); ++ reinit_completion(&hdata->async.result.completion); + ahash_request_set_crypt(hdata->async.request, sg, NULL, len); + + ret = crypto_ahash_update(hdata->async.request); + +- return waitfor(hdata->async.result, ret); ++ return waitfor(&hdata->async.result, ret); + } + + int cryptodev_hash_final(struct hash_data *hdata, void *output) + { + int ret; + +- reinit_completion(&hdata->async.result->completion); ++ reinit_completion(&hdata->async.result.completion); + ahash_request_set_crypt(hdata->async.request, NULL, output, 0); + + ret = crypto_ahash_final(hdata->async.request); + +- return waitfor(hdata->async.result, ret); ++ return waitfor(&hdata->async.result, ret); + } + + int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) +diff --git a/cryptlib.h b/cryptlib.h +index e1c4e3e..d8e8046 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -6,6 +6,11 @@ + + #include + ++struct cryptodev_result { ++ struct completion completion; ++ int err; ++}; ++ + struct cipher_data { + int init; /* 0 uninitialized */ + int blocksize; +@@ -22,7 +27,7 @@ struct cipher_data { + struct crypto_aead *as; + struct aead_request *arequest; + +- struct cryptodev_result *result; ++ struct cryptodev_result result; + uint8_t iv[EALG_MAX_BLOCK_LEN]; + } async; + }; +@@ -85,7 +90,7 @@ struct hash_data { + int alignmask; + struct { + struct crypto_ahash *s; +- struct cryptodev_result *result; ++ struct cryptodev_result result; + struct ahash_request *request; + } async; + }; +@@ -104,11 +109,6 @@ enum offload_type { + ASYNCHRONOUS + }; + +-struct cryptodev_result { +- struct completion completion; +- int err; +-}; +- + struct cryptodev_pkc { + struct list_head list; /* To maintain the Jobs in completed + cryptodev lists */ +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0033-avoid-unnecessary-checks-for-hash-clean-up.patch b/recipes-kernel/cryptodev/sdk_patches/0033-avoid-unnecessary-checks-for-hash-clean-up.patch new file mode 100644 index 0000000..3ce8a5f --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0033-avoid-unnecessary-checks-for-hash-clean-up.patch @@ -0,0 +1,33 @@ +From 774c6bd169b683ed54ebad164d0ff541e1381a64 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Tue, 12 Jan 2016 17:09:33 +0200 +Subject: [PATCH 33/38] avoid unnecessary checks for hash clean-up + +hdata->init is set only after all necessary allocations succeed. On +clean-up is no longer necessary to make the allocation checks. + +Signed-off-by: Cristian Stoica +--- + cryptlib.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 5972fc2..5d1a5a9 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -359,10 +359,8 @@ error: + void cryptodev_hash_deinit(struct hash_data *hdata) + { + if (hdata->init) { +- if (hdata->async.request) +- ahash_request_free(hdata->async.request); +- if (hdata->async.s) +- crypto_free_ahash(hdata->async.s); ++ ahash_request_free(hdata->async.request); ++ crypto_free_ahash(hdata->async.s); + hdata->init = 0; + } + } +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0034-extend-API-with-CIOCHASH-to-support-direct-hash-oper.patch b/recipes-kernel/cryptodev/sdk_patches/0034-extend-API-with-CIOCHASH-to-support-direct-hash-oper.patch new file mode 100644 index 0000000..3a1f0c0 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0034-extend-API-with-CIOCHASH-to-support-direct-hash-oper.patch @@ -0,0 +1,114 @@ +From c43fa74b9ed11f0183d25b21486b71fe02d84de7 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Tue, 15 Dec 2015 15:31:47 +0200 +Subject: [PATCH 34/38] extend API with CIOCHASH to support direct hash + operations + +Signed-off-by: Cristian Stoica +--- + crypto/cryptodev.h | 16 ++++++++++++++++ + ioctl.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 65 insertions(+) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index f6058ca..c6083f7 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -167,6 +167,19 @@ struct crypt_auth_op { + __u32 iv_len; + }; + ++/* data container for CIOCHASH operations */ ++struct hash_op_data { ++ __u32 ses; /* session identifier */ ++ __u32 mac_op; /* cryptodev_crypto_op_t */ ++ __u8 *mackey; ++ __u32 mackeylen; ++ ++ __u16 flags; /* see COP_FLAG_* */ ++ __u32 len; /* length of source data */ ++ __u8 *src; /* source data */ ++ __u8 *mac_result; ++}; ++ + /* In plain AEAD mode the following are required: + * flags : 0 + * iv : the initialization vector (12 bytes) +@@ -325,4 +338,7 @@ enum cryptodev_crk_op_t { + /* additional ioctls for asynchronous operation for asymmetric ciphers*/ + #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) + #define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s) ++ ++#define CIOCHASH _IOWR('c', 114, struct hash_op_data) ++ + #endif /* L_CRYPTODEV_H */ +diff --git a/ioctl.c b/ioctl.c +index 7adde75..3763954 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -960,6 +960,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + void __user *arg = (void __user *)arg_; + int __user *p = arg; + struct session_op sop; ++ struct hash_op_data hash_op; + struct kernel_crypt_op kcop; + struct kernel_crypt_auth_op kcaop; + struct crypt_priv *pcr = filp->private_data; +@@ -1049,6 +1050,54 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + } + + return kcop_to_user(&kcop, fcr, arg); ++ case CIOCHASH: ++ /* get session */ ++ if (unlikely(copy_from_user(&hash_op, arg, sizeof(struct hash_op_data)))) { ++ pr_err("copy from user fault\n"); ++ return -EFAULT; ++ } ++ ++ sop.cipher = 0; ++ sop.mac = hash_op.mac_op; ++ sop.mackey = hash_op.mackey; ++ sop.mackeylen = hash_op.mackeylen; ++ ++ /* writes sop.ses as a side-effect */ ++ ret = crypto_create_session(fcr, &sop); ++ if (unlikely(ret)) { ++ pr_err("can't get session\n"); ++ return ret; ++ } ++ ++ /* do hashing */ ++ kcop.cop.ses = sop.ses; ++ kcop.cop.flags = hash_op.flags; ++ kcop.cop.len = hash_op.len; ++ kcop.cop.src = hash_op.src; ++ kcop.cop.mac = hash_op.mac_result; ++ kcop.cop.dst = 0; ++ kcop.cop.op = 0; ++ kcop.cop.iv = 0; ++ kcop.ivlen = 0; ++ kcop.digestsize = 0; /* will be updated during operation */ ++ kcop.task = current; ++ kcop.mm = current->mm; ++ ++ ret = crypto_run(fcr, &kcop); ++ if (unlikely(ret)) { ++ dwarning(1, "Error in hash run"); ++ return ret; ++ } ++ ++ ret = copy_to_user(kcop.cop.mac, kcop.hash_output, kcop.digestsize); ++ if (unlikely(ret)) { ++ dwarning(1, "Error in copy to user"); ++ return ret; ++ } ++ ++ /* put session */ ++ ret = crypto_finish_session(fcr, sop.ses); ++ return 0; + case CIOCAUTHCRYPT: + if (unlikely(ret = kcaop_from_user(&kcaop, fcr, arg))) { + dwarning(1, "Error copying from user"); +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0035-use-directly-crypto-API-digest-operation-for-CIOCHAS.patch b/recipes-kernel/cryptodev/sdk_patches/0035-use-directly-crypto-API-digest-operation-for-CIOCHAS.patch new file mode 100644 index 0000000..4745dc9 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0035-use-directly-crypto-API-digest-operation-for-CIOCHAS.patch @@ -0,0 +1,315 @@ +From f123f38532ae022e818312a9bc04cdb287e9623f Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 17 Dec 2015 10:34:20 +0200 +Subject: [PATCH 35/38] use directly crypto API 'digest' operation for CIOCHASH + +Signed-off-by: Cristian Stoica +--- + crypto/cryptodev.h | 2 +- + cryptodev_int.h | 10 ++++ + ioctl.c | 158 ++++++++++++++++++++++++++++++++++++++++++++--------- + main.c | 39 ++++++++++++- + 4 files changed, 179 insertions(+), 30 deletions(-) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index c6083f7..9ade102 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -169,7 +169,7 @@ struct crypt_auth_op { + + /* data container for CIOCHASH operations */ + struct hash_op_data { +- __u32 ses; /* session identifier */ ++ struct csession *ses; /* session identifier */ + __u32 mac_op; /* cryptodev_crypto_op_t */ + __u8 *mackey; + __u32 mackeylen; +diff --git a/cryptodev_int.h b/cryptodev_int.h +index cb005d7..74c295a 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -164,6 +164,15 @@ struct kernel_crypt_op { + struct mm_struct *mm; + }; + ++struct kernel_hash_op { ++ struct hash_op_data hash_op; ++ ++ int digestsize; ++ uint8_t hash_output[AALG_MAX_RESULT_LEN]; ++ struct task_struct *task; ++ struct mm_struct *mm; ++}; ++ + struct kernel_crypt_auth_op { + struct crypt_auth_op caop; + +@@ -192,6 +201,7 @@ int kcaop_to_user(struct kernel_crypt_auth_op *kcaop, + struct fcrypt *fcr, void __user *arg); + int crypto_auth_run(struct fcrypt *fcr, struct kernel_crypt_auth_op *kcaop); + int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop); ++int hash_run(struct kernel_hash_op *khop); + + #include + +diff --git a/ioctl.c b/ioctl.c +index 3763954..a052614 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -397,7 +397,128 @@ session_error: + return ret; + } + +-/* Everything that needs to be done when removing a session. */ ++static inline void hash_destroy_session(struct csession *ses_ptr) ++{ ++ cryptodev_hash_deinit(&ses_ptr->hdata); ++ kfree(ses_ptr->pages); ++ kfree(ses_ptr->sg); ++ kfree(ses_ptr); ++} ++ ++static int hash_create_session(struct hash_op_data *hash_op) ++{ ++ struct csession *ses; ++ int ret = 0; ++ const char *hash_name; ++ int hmac_mode = 1; ++ uint8_t mkey[CRYPTO_HMAC_MAX_KEY_LEN]; ++ ++ switch (hash_op->mac_op) { ++ case CRYPTO_MD5_HMAC: ++ hash_name = "hmac(md5)"; ++ break; ++ case CRYPTO_RIPEMD160_HMAC: ++ hash_name = "hmac(rmd160)"; ++ break; ++ case CRYPTO_SHA1_HMAC: ++ hash_name = "hmac(sha1)"; ++ break; ++ case CRYPTO_SHA2_224_HMAC: ++ hash_name = "hmac(sha224)"; ++ break; ++ case CRYPTO_SHA2_256_HMAC: ++ hash_name = "hmac(sha256)"; ++ break; ++ case CRYPTO_SHA2_384_HMAC: ++ hash_name = "hmac(sha384)"; ++ break; ++ case CRYPTO_SHA2_512_HMAC: ++ hash_name = "hmac(sha512)"; ++ break; ++ /* non-hmac cases */ ++ case CRYPTO_MD5: ++ hash_name = "md5"; ++ hmac_mode = 0; ++ break; ++ case CRYPTO_RIPEMD160: ++ hash_name = "rmd160"; ++ hmac_mode = 0; ++ break; ++ case CRYPTO_SHA1: ++ hash_name = "sha1"; ++ hmac_mode = 0; ++ break; ++ case CRYPTO_SHA2_224: ++ hash_name = "sha224"; ++ hmac_mode = 0; ++ break; ++ case CRYPTO_SHA2_256: ++ hash_name = "sha256"; ++ hmac_mode = 0; ++ break; ++ case CRYPTO_SHA2_384: ++ hash_name = "sha384"; ++ hmac_mode = 0; ++ break; ++ case CRYPTO_SHA2_512: ++ hash_name = "sha512"; ++ hmac_mode = 0; ++ break; ++ default: ++ ddebug(1, "bad mac: %d", hash_op->mac_op); ++ return -EINVAL; ++ } ++ ++ ses = kzalloc(sizeof(*ses), GFP_KERNEL); ++ if (!ses) { ++ return -ENOMEM; ++ } ++ ++ if (unlikely(hash_op->mackeylen > CRYPTO_HMAC_MAX_KEY_LEN)) { ++ ddebug(1, "Setting key failed for %s-%zu.", hash_name, ++ (size_t)hash_op->mackeylen * 8); ++ ret = -EINVAL; ++ goto error_hash; ++ } ++ ++ if (hash_op->mackey && ++ unlikely(copy_from_user(mkey, hash_op->mackey, hash_op->mackeylen))) { ++ ret = -EFAULT; ++ goto error_hash; ++ } ++ ++ ret = cryptodev_hash_init(&ses->hdata, hash_name, hmac_mode, ++ mkey, hash_op->mackeylen); ++ if (ret != 0) { ++ ddebug(1, "Failed to load hash for %s", hash_name); ++ ret = -EINVAL; ++ goto error_hash; ++ } ++ ++ ses->alignmask = ses->hdata.alignmask; ++ ddebug(2, "got alignmask %d", ses->alignmask); ++ ++ ses->array_size = DEFAULT_PREALLOC_PAGES; ++ ddebug(2, "preallocating for %d user pages", ses->array_size); ++ ++ ses->pages = kzalloc(ses->array_size * sizeof(struct page *), GFP_KERNEL); ++ ses->sg = kzalloc(ses->array_size * sizeof(struct scatterlist), GFP_KERNEL); ++ if (ses->sg == NULL || ses->pages == NULL) { ++ ddebug(0, "Memory error"); ++ ret = -ENOMEM; ++ goto error_hash; ++ } ++ ++ hash_op->ses = ses; ++ return 0; ++ ++error_hash: ++ hash_destroy_session(ses); ++ return ret; ++} ++ ++ ++/* Everything that needs to be done when remowing a session. */ + static inline void + crypto_destroy_session(struct csession *ses_ptr) + { +@@ -960,7 +1081,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + void __user *arg = (void __user *)arg_; + int __user *p = arg; + struct session_op sop; +- struct hash_op_data hash_op; ++ struct kernel_hash_op khop; + struct kernel_crypt_op kcop; + struct kernel_crypt_auth_op kcaop; + struct crypt_priv *pcr = filp->private_data; +@@ -1051,52 +1172,35 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + return kcop_to_user(&kcop, fcr, arg); + case CIOCHASH: +- /* get session */ +- if (unlikely(copy_from_user(&hash_op, arg, sizeof(struct hash_op_data)))) { ++ if (unlikely(copy_from_user(&khop.hash_op, arg, sizeof(struct hash_op_data)))) { + pr_err("copy from user fault\n"); + return -EFAULT; + } ++ khop.task = current; ++ khop.mm = current->mm; + +- sop.cipher = 0; +- sop.mac = hash_op.mac_op; +- sop.mackey = hash_op.mackey; +- sop.mackeylen = hash_op.mackeylen; +- +- /* writes sop.ses as a side-effect */ +- ret = crypto_create_session(fcr, &sop); ++ /* get session */ ++ ret = hash_create_session(&khop.hash_op); + if (unlikely(ret)) { + pr_err("can't get session\n"); + return ret; + } + + /* do hashing */ +- kcop.cop.ses = sop.ses; +- kcop.cop.flags = hash_op.flags; +- kcop.cop.len = hash_op.len; +- kcop.cop.src = hash_op.src; +- kcop.cop.mac = hash_op.mac_result; +- kcop.cop.dst = 0; +- kcop.cop.op = 0; +- kcop.cop.iv = 0; +- kcop.ivlen = 0; +- kcop.digestsize = 0; /* will be updated during operation */ +- kcop.task = current; +- kcop.mm = current->mm; +- +- ret = crypto_run(fcr, &kcop); ++ ret = hash_run(&khop); + if (unlikely(ret)) { + dwarning(1, "Error in hash run"); + return ret; + } + +- ret = copy_to_user(kcop.cop.mac, kcop.hash_output, kcop.digestsize); ++ ret = copy_to_user(khop.hash_op.mac_result, khop.hash_output, khop.digestsize); + if (unlikely(ret)) { + dwarning(1, "Error in copy to user"); + return ret; + } + + /* put session */ +- ret = crypto_finish_session(fcr, sop.ses); ++ hash_destroy_session(khop.hash_op.ses); + return 0; + case CIOCAUTHCRYPT: + if (unlikely(ret = kcaop_from_user(&kcaop, fcr, arg))) { +diff --git a/main.c b/main.c +index ec11129..095aea5 100644 +--- a/main.c ++++ b/main.c +@@ -159,8 +159,6 @@ __crypto_run_std(struct csession *ses_ptr, struct crypt_op *cop) + return ret; + } + +- +- + /* This is the main crypto function - zero-copy edition */ + static int + __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop) +@@ -841,3 +839,40 @@ out_unlock: + crypto_put_session(ses_ptr); + return ret; + } ++ ++int hash_run(struct kernel_hash_op *khop) ++{ ++ struct hash_op_data *hash_op = &khop->hash_op; ++ struct csession *ses_ptr = hash_op->ses; ++ struct hash_data *hdata = &ses_ptr->hdata; ++ int ret; ++ struct scatterlist *src_sg; ++ struct scatterlist *dst_sg; /* required by get_userbuf but not used */ ++ ++ if (hash_op->len == 0) { ++ src_sg = NULL; ++ } else { ++ ret = get_userbuf(ses_ptr, hash_op->src, hash_op->len, NULL, 0, ++ khop->task, khop->mm, &src_sg, &dst_sg); ++ if (unlikely(ret)) { ++ derr(1, "Error getting user pages"); ++ return ret; ++ } ++ } ++ ++ ahash_request_set_crypt(hdata->async.request, src_sg, khop->hash_output, hash_op->len); ++ ++ ret = crypto_ahash_digest(hdata->async.request); ++ if (ret == -EINPROGRESS || ret == -EBUSY) { ++ wait_for_completion(&hdata->async.result.completion); ++ ret = hdata->async.result.err; ++ if (ret != 0) { ++ derr(0, "CryptoAPI failure: %d", ret); ++ } ++ } ++ ++ khop->digestsize = ses_ptr->hdata.digestsize; ++ ++ release_user_pages(ses_ptr); ++ return ret; ++} +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0036-add-compat-for-CIOCHASH-operation.patch b/recipes-kernel/cryptodev/sdk_patches/0036-add-compat-for-CIOCHASH-operation.patch new file mode 100644 index 0000000..c206995 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0036-add-compat-for-CIOCHASH-operation.patch @@ -0,0 +1,120 @@ +From 711529cc7b8743ae8c9c0db4980ac15f7acb8618 Mon Sep 17 00:00:00 2001 +From: Alex Porosanu +Date: Tue, 12 Jan 2016 14:51:00 +0200 +Subject: [PATCH 36/38] add compat for CIOCHASH operation + +This patch adds the necessary ioctl for using the CIOCHASH +operation for different userspace & kernel (i.e. 32b userspace +and 64b kernel). + +Signed-off-by: Alex Porosanu +--- + cryptodev_int.h | 14 +++++++++++++- + ioctl.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 63 insertions(+), 1 deletion(-) + +diff --git a/cryptodev_int.h b/cryptodev_int.h +index 74c295a..6dcfd69 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -129,6 +129,18 @@ struct compat_crypt_auth_op { + uint32_t iv_len; + }; + ++struct compat_hash_op_data { ++ compat_uptr_t ses; ++ uint32_t mac_op; /* cryptodev_crypto_op_t */ ++ compat_uptr_t mackey; ++ uint32_t mackeylen; ++ ++ uint16_t flags; /* see COP_FLAG_* */ ++ uint32_t len; /* length of source data */ ++ compat_uptr_t src; /* source data */ ++ compat_uptr_t mac_result; ++}; ++ + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) +@@ -139,7 +151,7 @@ struct compat_crypt_auth_op { + #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) + #define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \ + struct compat_pkc_cookie_list_s) +- ++#define COMPAT_CIOCHASH _IOWR('c', 114, struct compat_hash_op_data) + #endif /* CONFIG_COMPAT */ + + /* kernel-internal extension to struct crypt_kop */ +diff --git a/ioctl.c b/ioctl.c +index a052614..ff3de44 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1435,8 +1435,11 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + struct fcrypt *fcr; + struct session_op sop; + struct compat_session_op compat_sop; ++ struct kernel_hash_op khop; + struct kernel_crypt_op kcop; + struct kernel_crypt_auth_op kcaop; ++ struct compat_hash_op_data compat_hash_op_data; ++ + int ret; + + if (unlikely(!pcr)) +@@ -1499,6 +1502,53 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + + return compat_kcop_to_user(&kcop, fcr, arg); + ++ case COMPAT_CIOCHASH: ++ /* get session */ ++ if (unlikely(copy_from_user(&compat_hash_op_data, arg, ++ sizeof(struct compat_hash_op_data)))) { ++ pr_err("copy from user fault\n"); ++ return -EFAULT; ++ } ++ ++ khop.task = current; ++ khop.mm = current->mm; ++ ++ khop.hash_op.mac_op = compat_hash_op_data.mac_op; ++ khop.hash_op.mackey = compat_ptr(compat_hash_op_data.mackey); ++ khop.hash_op.mackeylen = compat_hash_op_data.mackeylen; ++ khop.hash_op.flags = compat_hash_op_data.flags; ++ khop.hash_op.len = compat_hash_op_data.len; ++ khop.hash_op.src = compat_ptr(compat_hash_op_data.src); ++ khop.hash_op.mac_result = ++ compat_ptr(compat_hash_op_data.mac_result); ++ ++ ret = hash_create_session(&khop.hash_op); ++ if (unlikely(ret)) { ++ pr_err("can't get session\n"); ++ return ret; ++ } ++ ++ /* do hashing */ ++ ret = hash_run(&khop); ++ if (unlikely(ret)) { ++ dwarning(1, "Error in hash run"); ++ return ret; ++ } ++ ++ ret = copy_to_user(khop.hash_op.mac_result, khop.hash_output, ++ khop.digestsize); ++ if (unlikely(ret)) { ++ dwarning(1, "Error in copy to user"); ++ return ret; ++ } ++ ++ copy_to_user(arg, &compat_hash_op_data, ++ sizeof(struct compat_hash_op_data)); ++ ++ /* put session */ ++ hash_destroy_session(khop.hash_op.ses); ++ return 0; ++ + case COMPAT_CIOCAUTHCRYPT: + if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) { + dprintk(1, KERN_WARNING, "Error copying from user\n"); +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0037-rewrite-sha_speed.c-to-reduce-code-duplication.patch b/recipes-kernel/cryptodev/sdk_patches/0037-rewrite-sha_speed.c-to-reduce-code-duplication.patch new file mode 100644 index 0000000..eff6ed9 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0037-rewrite-sha_speed.c-to-reduce-code-duplication.patch @@ -0,0 +1,190 @@ +From 344a0243e31f8fc467253404a548eedbb72b35d0 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Wed, 20 Jan 2016 17:11:49 +0200 +Subject: [PATCH 37/38] rewrite sha_speed.c to reduce code duplication + +Signed-off-by: Cristian Stoica +--- + tests/sha_speed.c | 131 ++++++++++++++++++++++++++++++++++-------------------- + 1 file changed, 84 insertions(+), 47 deletions(-) + +diff --git a/tests/sha_speed.c b/tests/sha_speed.c +index e1dc54b..5f694bd 100644 +--- a/tests/sha_speed.c ++++ b/tests/sha_speed.c +@@ -28,6 +28,13 @@ + + #include + ++/* Sizes of buffers to be hashed */ ++int buffer_lengths[] = {256, 512, 1024, 2048, 4096, 8192, 65536, 0}; ++ ++/* Time in seconds allocated for each tested buffer lengths */ ++#define BUFFER_TEST_TIME 10 ++ ++ + static double udifftimeval(struct timeval start, struct timeval end) + { + return (double)(end.tv_usec - start.tv_usec) + +@@ -97,7 +104,7 @@ int hash_data(struct session_op *sess, int fdc, int chunksize, int alignmask) + memset(buffer, val++, chunksize); + + must_finish = 0; +- alarm(5); ++ alarm(BUFFER_TEST_TIME); + + gettimeofday(&start, NULL); + do { +@@ -126,73 +133,103 @@ int hash_data(struct session_op *sess, int fdc, int chunksize, int alignmask) + return 0; + } + +-int main(void) +-{ +- int fd, i, fdc = -1, alignmask = 0; +- struct session_op sess; +- char keybuf[32]; ++ + #ifdef CIOCGSESSINFO ++int get_alignmask(struct session_op *sess, int fdc) ++{ + struct session_info_op siop; ++ ++ siop.ses = sess->ses; ++ if (ioctl(fdc, CIOCGSESSINFO, &siop) < 0) { ++ perror("ioctl(CIOCGSESSINFO)"); ++ /* continue test ignoring CIOCGSESSINFO error */ ++ return 0; ++ } ++ ++ printf("using algorithm %s with driver %s\n", ++ siop.hash_info.cra_name, siop.hash_info.cra_driver_name); ++ ++ return siop.alignmask; ++} + #endif + +- signal(SIGALRM, alarm_handler); + +- if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) { +- perror("open()"); +- return 1; +- } +- if (ioctl(fd, CRIOGET, &fdc)) { +- perror("ioctl(CRIOGET)"); +- return 1; +- } ++int hash_session(struct session_op *sess, int fdc) ++{ ++ int i; ++ int err; ++ int alignmask; + +- fprintf(stderr, "Testing SHA1 Hash: \n"); +- memset(&sess, 0, sizeof(sess)); +- sess.mac = CRYPTO_SHA1; +- if (ioctl(fdc, CIOCGSESSION, &sess)) { ++ if (ioctl(fdc, CIOCGSESSION, sess)) { + perror("ioctl(CIOCGSESSION)"); + return 1; + } ++ + #ifdef CIOCGSESSINFO +- siop.ses = sess.ses; +- if (ioctl(fdc, CIOCGSESSINFO, &siop)) { +- perror("ioctl(CIOCGSESSINFO)"); +- return 1; +- } +- printf("requested hash CRYPTO_SHA1, got %s with driver %s\n", +- siop.hash_info.cra_name, siop.hash_info.cra_driver_name); +- alignmask = siop.alignmask; ++ alignmask = get_alignmask(sess, fdc); ++#else ++ alignmask = 0; + #endif + +- for (i = 256; i <= (64 * 1024); i *= 4) { +- if (hash_data(&sess, fdc, i, alignmask)) +- break; ++ err = 0; ++ for(i = 0; (err == 0) && (buffer_lengths[i] != 0); i++) { ++ err = hash_data(sess, fdc, buffer_lengths[i], alignmask); + } + +- fprintf(stderr, "\nTesting SHA256 Hash: \n"); +- memset(&sess, 0, sizeof(sess)); +- sess.mac = CRYPTO_SHA2_256; +- if (ioctl(fdc, CIOCGSESSION, &sess)) { +- perror("ioctl(CIOCGSESSION)"); ++ if (ioctl(fdc, CIOCFSESSION, sess)) { ++ perror("ioctl(CIOCFSESSION)"); + return 1; + } +-#ifdef CIOCGSESSINFO +- siop.ses = sess.ses; +- if (ioctl(fdc, CIOCGSESSINFO, &siop)) { +- perror("ioctl(CIOCGSESSINFO)"); ++ ++ return err; ++} ++ ++int test_sha1(struct session_op *sess, int fdc) ++{ ++ fprintf(stderr, "Testing SHA1 Hash: \n"); ++ memset(sess, 0, sizeof(sess)); ++ sess->mac = CRYPTO_SHA1; ++ return hash_session(sess, fdc); ++} ++ ++ ++int test_sha256(struct session_op *sess, int fdc) ++{ ++ fprintf(stderr, "Testing SHA256 Hash: \n"); ++ memset(sess, 0, sizeof(sess)); ++ sess->mac = CRYPTO_SHA2_256; ++ return hash_session(sess, fdc); ++} ++ ++ ++int main(void) ++{ ++ int fd; ++ int fdc; ++ int err; ++ int i; ++ struct session_op sess; ++ ++ signal(SIGALRM, alarm_handler); ++ ++ fd = open("/dev/crypto", O_RDWR, 0); ++ if (fd < 0) { ++ perror("open()"); + return 1; + } +- printf("requested hash CRYPTO_SHA2_256, got %s with driver %s\n", +- siop.hash_info.cra_name, siop.hash_info.cra_driver_name); +- alignmask = siop.alignmask; +-#endif + +- for (i = 256; i <= (64 * 1024); i *= 4) { +- if (hash_data(&sess, fdc, i, alignmask)) +- break; ++ err = ioctl(fd, CRIOGET, &fdc); ++ if (err != 0) { ++ perror("ioctl(CRIOGET)"); ++ close(fd); ++ return 1; + } + ++ /* run all tests but return an eventual error */ ++ err |= test_sha1(&sess, fdc); ++ err |= test_sha256(&sess, fdc); ++ + close(fdc); + close(fd); +- return 0; ++ return err; + } +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0038-extend-sha_speed.c-to-test-CIOCHASH.patch b/recipes-kernel/cryptodev/sdk_patches/0038-extend-sha_speed.c-to-test-CIOCHASH.patch new file mode 100644 index 0000000..eb8bf19 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0038-extend-sha_speed.c-to-test-CIOCHASH.patch @@ -0,0 +1,143 @@ +From 65704ea24e80647e8c5f938300f51cb70af50c1c Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 21 Jan 2016 17:30:59 +0200 +Subject: [PATCH 38/38] extend sha_speed.c to test CIOCHASH + +Signed-off-by: Cristian Stoica +--- + tests/sha_speed.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 90 insertions(+) + +diff --git a/tests/sha_speed.c b/tests/sha_speed.c +index 5f694bd..d731c66 100644 +--- a/tests/sha_speed.c ++++ b/tests/sha_speed.c +@@ -133,6 +133,62 @@ int hash_data(struct session_op *sess, int fdc, int chunksize, int alignmask) + return 0; + } + ++int digest_data(struct session_op *sess, int fdc, int chunksize, int alignmask) ++{ ++ struct hash_op_data hash_op; ++ char *buffer; ++ static int val = 23; ++ struct timeval start, end; ++ double total = 0; ++ double secs, ddata, dspeed; ++ char metric[16]; ++ uint8_t mac[AALG_MAX_RESULT_LEN]; ++ ++ if (alignmask) { ++ if (posix_memalign((void **)&buffer, alignmask + 1, chunksize)) { ++ printf("posix_memalign() failed!\n"); ++ return 1; ++ } ++ } else { ++ if (!(buffer = malloc(chunksize))) { ++ perror("malloc()"); ++ return 1; ++ } ++ } ++ ++ printf("\tEncrypting in chunks of %d bytes: ", chunksize); ++ fflush(stdout); ++ ++ memset(buffer, val++, chunksize); ++ ++ must_finish = 0; ++ alarm(BUFFER_TEST_TIME); ++ ++ gettimeofday(&start, NULL); ++ do { ++ memset(&hash_op, 0, sizeof(hash_op)); ++ hash_op.mac_op = sess->mac; ++ hash_op.len = chunksize; ++ hash_op.src = (unsigned char *)buffer; ++ hash_op.mac_result = mac; ++ ++ if (ioctl(fdc, CIOCHASH, hash_op) != 0) { ++ perror("ioctl(CIOCHASH)"); ++ return 1; ++ } ++ total += chunksize; ++ } while(must_finish == 0); ++ gettimeofday(&end, NULL); ++ ++ secs = udifftimeval(start, end)/ 1000000.0; ++ ++ value2human(1, total, secs, &ddata, &dspeed, metric); ++ printf ("done. %.2f %s in %.2f secs: ", ddata, metric, secs); ++ printf ("%.2f %s/sec\n", dspeed, metric); ++ ++ free(buffer); ++ return 0; ++} + + #ifdef CIOCGSESSINFO + int get_alignmask(struct session_op *sess, int fdc) +@@ -154,6 +210,20 @@ int get_alignmask(struct session_op *sess, int fdc) + #endif + + ++int ciochash_session(struct session_op *sess, int fdc) ++{ ++ int i; ++ int err = 0; ++ ++ err = 0; ++ for(i = 0; (err == 0) && (buffer_lengths[i] != 0); i++) { ++ err = digest_data(sess, fdc, buffer_lengths[i], 0); ++ } ++ ++ return err; ++} ++ ++ + int hash_session(struct session_op *sess, int fdc) + { + int i; +@@ -193,6 +263,15 @@ int test_sha1(struct session_op *sess, int fdc) + } + + ++int test_sha1_ciochash(struct session_op *sess, int fdc) ++{ ++ fprintf(stderr, "Testing SHA1 CIOCHASH: \n"); ++ memset(sess, 0, sizeof(sess)); ++ sess->mac = CRYPTO_SHA1; ++ return ciochash_session(sess, fdc); ++} ++ ++ + int test_sha256(struct session_op *sess, int fdc) + { + fprintf(stderr, "Testing SHA256 Hash: \n"); +@@ -202,6 +281,15 @@ int test_sha256(struct session_op *sess, int fdc) + } + + ++int test_sha256_ciochash(struct session_op *sess, int fdc) ++{ ++ fprintf(stderr, "Testing SHA256 CIOCHASH: \n"); ++ memset(sess, 0, sizeof(sess)); ++ sess->mac = CRYPTO_SHA2_256; ++ return ciochash_session(sess, fdc); ++} ++ ++ + int main(void) + { + int fd; +@@ -227,7 +315,9 @@ int main(void) + + /* run all tests but return an eventual error */ + err |= test_sha1(&sess, fdc); ++ err |= test_sha1_ciochash(&sess, fdc); + err |= test_sha256(&sess, fdc); ++ err |= test_sha256_ciochash(&sess, fdc); + + close(fdc); + close(fd); +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0039-fix-memory-leaks-on-error-path-for-CIOCHASH.patch b/recipes-kernel/cryptodev/sdk_patches/0039-fix-memory-leaks-on-error-path-for-CIOCHASH.patch new file mode 100644 index 0000000..fc2f4c8 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0039-fix-memory-leaks-on-error-path-for-CIOCHASH.patch @@ -0,0 +1,70 @@ +From 3e3996b40fd3a93cbe2e5ddee244280dd7de6c18 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Tue, 9 Feb 2016 21:07:06 +0200 +Subject: [PATCH 39/40] fix memory leaks on error path for CIOCHASH + +Signed-off-by: Cristian Stoica +--- + ioctl.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index ff3de44..8d81b56 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1190,18 +1190,17 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + ret = hash_run(&khop); + if (unlikely(ret)) { + dwarning(1, "Error in hash run"); +- return ret; ++ goto hash_err; + } + + ret = copy_to_user(khop.hash_op.mac_result, khop.hash_output, khop.digestsize); + if (unlikely(ret)) { + dwarning(1, "Error in copy to user"); +- return ret; + } + +- /* put session */ ++ hash_err: + hash_destroy_session(khop.hash_op.ses); +- return 0; ++ return ret; + case CIOCAUTHCRYPT: + if (unlikely(ret = kcaop_from_user(&kcaop, fcr, arg))) { + dwarning(1, "Error copying from user"); +@@ -1532,22 +1531,25 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + ret = hash_run(&khop); + if (unlikely(ret)) { + dwarning(1, "Error in hash run"); +- return ret; ++ goto hash_err; + } + + ret = copy_to_user(khop.hash_op.mac_result, khop.hash_output, + khop.digestsize); + if (unlikely(ret)) { + dwarning(1, "Error in copy to user"); +- return ret; ++ goto hash_err; + } + +- copy_to_user(arg, &compat_hash_op_data, ++ ret = copy_to_user(arg, &compat_hash_op_data, + sizeof(struct compat_hash_op_data)); ++ if (unlikely(ret)) { ++ dwarning(1, "Error in copy to user"); ++ } + +- /* put session */ ++ hash_err: + hash_destroy_session(khop.hash_op.ses); +- return 0; ++ return ret; + + case COMPAT_CIOCAUTHCRYPT: + if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) { +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0040-fix-structure-init-in-sha_speed-test.patch b/recipes-kernel/cryptodev/sdk_patches/0040-fix-structure-init-in-sha_speed-test.patch new file mode 100644 index 0000000..053d376 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0040-fix-structure-init-in-sha_speed-test.patch @@ -0,0 +1,53 @@ +From 3eb9ed52743584949ff9b4844e810333c34a3a1f Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Fri, 12 Feb 2016 11:23:41 +0200 +Subject: [PATCH 40/40] fix structure init in sha_speed test + +Signed-off-by: Cristian Stoica +--- + tests/sha_speed.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tests/sha_speed.c b/tests/sha_speed.c +index d731c66..75d0f42 100644 +--- a/tests/sha_speed.c ++++ b/tests/sha_speed.c +@@ -257,7 +257,7 @@ int hash_session(struct session_op *sess, int fdc) + int test_sha1(struct session_op *sess, int fdc) + { + fprintf(stderr, "Testing SHA1 Hash: \n"); +- memset(sess, 0, sizeof(sess)); ++ memset(sess, 0, sizeof(struct session_op)); + sess->mac = CRYPTO_SHA1; + return hash_session(sess, fdc); + } +@@ -266,7 +266,7 @@ int test_sha1(struct session_op *sess, int fdc) + int test_sha1_ciochash(struct session_op *sess, int fdc) + { + fprintf(stderr, "Testing SHA1 CIOCHASH: \n"); +- memset(sess, 0, sizeof(sess)); ++ memset(sess, 0, sizeof(struct session_op)); + sess->mac = CRYPTO_SHA1; + return ciochash_session(sess, fdc); + } +@@ -275,7 +275,7 @@ int test_sha1_ciochash(struct session_op *sess, int fdc) + int test_sha256(struct session_op *sess, int fdc) + { + fprintf(stderr, "Testing SHA256 Hash: \n"); +- memset(sess, 0, sizeof(sess)); ++ memset(sess, 0, sizeof(struct session_op)); + sess->mac = CRYPTO_SHA2_256; + return hash_session(sess, fdc); + } +@@ -284,7 +284,7 @@ int test_sha256(struct session_op *sess, int fdc) + int test_sha256_ciochash(struct session_op *sess, int fdc) + { + fprintf(stderr, "Testing SHA256 CIOCHASH: \n"); +- memset(sess, 0, sizeof(sess)); ++ memset(sess, 0, sizeof(struct session_op)); + sess->mac = CRYPTO_SHA2_256; + return ciochash_session(sess, fdc); + } +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0041-add-separate-target-for-building-tests.patch b/recipes-kernel/cryptodev/sdk_patches/0041-add-separate-target-for-building-tests.patch new file mode 100644 index 0000000..ff73825 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0041-add-separate-target-for-building-tests.patch @@ -0,0 +1,38 @@ +From 0d58530f5c5970db9787a23aef4227c68f941fcc Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Wed, 10 Feb 2016 16:22:05 +0200 +Subject: [PATCH 41/43] add separate target for building tests + +A separate target for build is useful with cross-compilation. In this +case it makes sense to build the tests without running them on the host +machine. + +The default target is now 'all' and only builds the tests + +Signed-off-by: Cristian Stoica +--- + tests/Makefile | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/tests/Makefile b/tests/Makefile +index 3155da9..89f88fe 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -19,6 +19,8 @@ example-async-hmac-objs := async_hmac.o + example-async-speed-objs := async_speed.o + example-hashcrypt-speed-objs := hashcrypt_speed.c + ++all: $(hostprogs) ++ + check: $(hostprogs) + ./cipher + ./hmac +@@ -33,3 +35,5 @@ clean: + + ${comp_progs}: LDLIBS += -lssl -lcrypto + ${comp_progs}: %: %.o openssl_wrapper.o ++ ++.PHONY: all clean check +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0042-fix-destination-for-staged-installs.patch b/recipes-kernel/cryptodev/sdk_patches/0042-fix-destination-for-staged-installs.patch new file mode 100644 index 0000000..c8ae06e --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0042-fix-destination-for-staged-installs.patch @@ -0,0 +1,55 @@ +From dcb8fe0fcf71feac2a4f57c44a5153bfc404b4c3 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 11 Feb 2016 16:37:23 +0200 +Subject: [PATCH 42/43] fix destination for staged installs + +The standard variable for staged installations is DESTDIR and it should +be set only by the user, outside of Makefile. This is consistent with +recommendations from both GNU Make and FreeBSD porters-handbook. + + make DESTDIR=/tmp/stage install + +$prefix and $PREFIX (in FreeBSD world) are used to specify where the +files will be installed. It defaults to /usr/local but can be /usr or +/opt or something else. + +Usually one wants to do a stage installation when cross-building or for +other purposes. The convention is to use DESTDIR. +Changing $prefix is useful for installers. They can override its value +when calling make: + + make prefix=/usr install + +Signed-off-by: Cristian Stoica +--- + Makefile | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index 7f8df37..9871a8e 100644 +--- a/Makefile ++++ b/Makefile +@@ -7,7 +7,9 @@ CRYPTODEV_CFLAGS ?= #-DENABLE_ASYNC + KBUILD_CFLAGS += -I$(src) $(CRYPTODEV_CFLAGS) + KERNEL_DIR ?= /lib/modules/$(shell uname -r)/build + VERSION = 1.8 +-PREFIX ?= ++ ++prefix ?= /usr/local ++includedir = $(prefix)/include + + cryptodev-objs = ioctl.o main.o cryptlib.o authenc.o zc.o util.o + +@@ -31,8 +33,7 @@ install: modules_install + + modules_install: + $(MAKE) -C $(KERNEL_DIR) M=$(PWD) modules_install +- @echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..." +- @install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h ++ install -m 644 -D crypto/cryptodev.h $(DESTDIR)/$(includedir)/crypto/cryptodev.h + + clean: + $(MAKE) -C $(KERNEL_DIR) M=$(PWD) clean +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/sdk_patches/0043-add-install-target-for-tests.patch b/recipes-kernel/cryptodev/sdk_patches/0043-add-install-target-for-tests.patch new file mode 100644 index 0000000..f3b7022 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0043-add-install-target-for-tests.patch @@ -0,0 +1,46 @@ +From 44629033d47543d106299b6c8bed9e5c9fed1513 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Thu, 11 Feb 2016 16:48:53 +0200 +Subject: [PATCH 43/43] add install target for tests + +Signed-off-by: Cristian Stoica +--- + tests/Makefile | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/tests/Makefile b/tests/Makefile +index 89f88fe..5e3111d 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -19,6 +19,10 @@ example-async-hmac-objs := async_hmac.o + example-async-speed-objs := async_speed.o + example-hashcrypt-speed-objs := hashcrypt_speed.c + ++prefix ?= /usr/local ++execprefix ?= $(prefix) ++bindir = $(execprefix)/bin ++ + all: $(hostprogs) + + check: $(hostprogs) +@@ -30,10 +34,16 @@ check: $(hostprogs) + ./cipher-gcm + ./cipher-aead + ++install: ++ install -d $(DESTDIR)/$(bindir) ++ for prog in $(hostprogs); do \ ++ install -m 755 $$prog $(DESTDIR)/$(bindir); \ ++ done ++ + clean: + rm -f *.o *~ $(hostprogs) + + ${comp_progs}: LDLIBS += -lssl -lcrypto + ${comp_progs}: %: %.o openssl_wrapper.o + +-.PHONY: all clean check ++.PHONY: all clean check install +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/yocto_patches/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch b/recipes-kernel/cryptodev/yocto_patches/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch new file mode 100644 index 0000000..1e7f584 --- /dev/null +++ b/recipes-kernel/cryptodev/yocto_patches/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch @@ -0,0 +1,50 @@ +From 03257bf2aff37b78496ccc1b58a87e7baaea042a Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 22 Feb 2016 12:17:52 +0200 +Subject: [PATCH 2/2] Add the compile and install rules for cryptodev tests + +(original patch Signed-off-by: Yu Zongchun ) +Signed-off-by: Cristian Stoica + +Upstream-Status: Inappropriate [ OE specific ] +--- + Makefile | 6 ++++++ + tests/Makefile | 4 ++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 06202bd..a598b12 100644 +--- a/Makefile ++++ b/Makefile +@@ -42,6 +42,12 @@ clean: + check: + CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests check + ++testprogs: ++ KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests all ++ ++install_tests: ++ $(MAKE) -C tests install ++ + CPOPTS = + ifneq ($(SHOW_TYPES),) + CPOPTS += --show-types +diff --git a/tests/Makefile b/tests/Makefile +index 5e3111d..cda971c 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -35,9 +35,9 @@ check: $(hostprogs) + ./cipher-aead + + install: +- install -d $(DESTDIR)/$(bindir) ++ install -d $(DESTDIR)/$(bindir)/tests_cryptodev + for prog in $(hostprogs); do \ +- install -m 755 $$prog $(DESTDIR)/$(bindir); \ ++ install -m 755 $$prog $(DESTDIR)/$(bindir)/tests_cryptodev/; \ + done + + clean: +-- +2.7.0 + diff --git a/recipes-kernel/cryptodev/yocto_patches/0001-Disable-installing-header-file-provided-by-another-p.patch b/recipes-kernel/cryptodev/yocto_patches/0001-Disable-installing-header-file-provided-by-another-p.patch new file mode 100644 index 0000000..6d8db4e --- /dev/null +++ b/recipes-kernel/cryptodev/yocto_patches/0001-Disable-installing-header-file-provided-by-another-p.patch @@ -0,0 +1,29 @@ +From eedfa57953d2d6255d53cb098c3f81cbde9187f7 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Mon, 22 Feb 2016 11:47:27 +0200 +Subject: [PATCH 1/2] Disable installing header file provided by another + package + +(original patch Signed-off-by: Denys Dmytriyenko ) +Signed-off-by: Cristian Stoica + +Upstream-Status: Inappropriate [ OE specific ] +--- + Makefile | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 9871a8e..06202bd 100644 +--- a/Makefile ++++ b/Makefile +@@ -33,7 +33,6 @@ install: modules_install + + modules_install: + $(MAKE) -C $(KERNEL_DIR) M=$(PWD) modules_install +- install -m 644 -D crypto/cryptodev.h $(DESTDIR)/$(includedir)/crypto/cryptodev.h + + clean: + $(MAKE) -C $(KERNEL_DIR) M=$(PWD) clean +-- +2.7.0 + -- cgit v1.2.3-54-g00ecf