linux-stable.git/drivers/crypto/mediatek, branch linux-5.6.y Linux kernel stable tree crypto: remove propagation of CRYPTO_TFM_RES_* flags 2020-01-09T03:30:53+00:00 Eric Biggers ebiggers@google.com 2019-12-31T03:19:38+00:00 af5034e8e4a5838fc77e476c1a91822e449d5869 The CRYPTO_TFM_RES_* flags were apparently meant as a way to make the ->setkey() functions provide more information about errors. But these flags weren't actually being used or tested, and in many cases they weren't being set correctly anyway. So they've now been removed. Also, if someone ever actually needs to start better distinguishing ->setkey() errors (which is somewhat unlikely, as this has been unneeded for a long time), we'd be much better off just defining different return values, like -EINVAL if the key is invalid for the algorithm vs. -EKEYREJECTED if the key was rejected by a policy like "no weak keys". That would be much simpler, less error-prone, and easier to test. So just remove CRYPTO_TFM_RES_MASK and all the unneeded logic that propagates these flags around. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The CRYPTO_TFM_RES_* flags were apparently meant as a way to make the
->setkey() functions provide more information about errors.  But these
flags weren't actually being used or tested, and in many cases they
weren't being set correctly anyway.  So they've now been removed.

Also, if someone ever actually needs to start better distinguishing
->setkey() errors (which is somewhat unlikely, as this has been unneeded
for a long time), we'd be much better off just defining different return
values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.

So just remove CRYPTO_TFM_RES_MASK and all the unneeded logic that
propagates these flags around.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09T03:30:53+00:00 Eric Biggers ebiggers@google.com 2019-12-31T03:19:36+00:00 674f368a952c48ede71784935a799a5205b92b6c The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to make the ->setkey() functions provide more information about errors. However, no one actually checks for this flag, which makes it pointless. Also, many algorithms fail to set this flag when given a bad length key. Reviewing just the generic implementations, this is the case for aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309, rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably many more in arch/*/crypto/ and drivers/crypto/. Some algorithms can even set this flag when the key is the correct length. For example, authenc and authencesn set it when the key payload is malformed in any way (not just a bad length), the atmel-sha and ccree drivers can set it if a memory allocation fails, and the chelsio driver sets it for bad auth tag lengths, not just bad key lengths. So even if someone actually wanted to start checking this flag (which seems unlikely, since it's been unused for a long time), there would be a lot of work needed to get it working correctly. But it would probably be much better to go back to the drawing board and just define different return values, like -EINVAL if the key is invalid for the algorithm vs. -EKEYREJECTED if the key was rejected by a policy like "no weak keys". That would be much simpler, less error-prone, and easier to test. So just remove this flag. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.

However, no one actually checks for this flag, which makes it pointless.

Also, many algorithms fail to set this flag when given a bad length key.
Reviewing just the generic implementations, this is the case for
aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
rfc7539, rfc7539esp, salsa20, seqiv, and xcbc.  But there are probably
many more in arch/*/crypto/ and drivers/crypto/.

Some algorithms can even set this flag when the key is the correct
length.  For example, authenc and authencesn set it when the key payload
is malformed in any way (not just a bad length), the atmel-sha and ccree
drivers can set it if a memory allocation fails, and the chelsio driver
sets it for bad auth tag lengths, not just bad key lengths.

So even if someone actually wanted to start checking this flag (which
seems unlikely, since it's been unused for a long time), there would be
a lot of work needed to get it working correctly.  But it would probably
be much better to go back to the drawing board and just define different
return values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.

So just remove this flag.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: mediatek - switch to skcipher API 2019-11-17T01:02:47+00:00 Ard Biesheuvel ardb@kernel.org 2019-11-09T17:09:42+00:00 c2609391f95b140eaa21442581c6675ba10388d9 Commit 7a7ffe65c8c5 ("crypto: skcipher - Add top-level skcipher interface") dated 20 august 2015 introduced the new skcipher API which is supposed to replace both blkcipher and ablkcipher. While all consumers of the API have been converted long ago, some producers of the ablkcipher remain, forcing us to keep the ablkcipher support routines alive, along with the matching code to expose [a]blkciphers via the skcipher API. So switch this driver to the skcipher API, allowing us to finally drop the ablkcipher code in the near future. Cc: Matthias Brugger <matthias.bgg@gmail.com> Cc: linux-mediatek@lists.infradead.org Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Commit 7a7ffe65c8c5 ("crypto: skcipher - Add top-level skcipher interface")
dated 20 august 2015 introduced the new skcipher API which is supposed to
replace both blkcipher and ablkcipher. While all consumers of the API have
been converted long ago, some producers of the ablkcipher remain, forcing
us to keep the ablkcipher support routines alive, along with the matching
code to expose [a]blkciphers via the skcipher API.

So switch this driver to the skcipher API, allowing us to finally drop the
ablkcipher code in the near future.

Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: linux-mediatek@lists.infradead.org
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: mediatek - remove redundant bitwise-or 2019-11-01T05:38:31+00:00 Colin Ian King colin.king@canonical.com 2019-10-23T11:48:24+00:00 a52485165d85b008d8ebb03884350b11039580e1 Bitwise-or'ing 0xffffffff with the u32 variable ctr is the same result as assigning the value to ctr. Remove the redundant bitwise-or and just use an assignment. Addresses-Coverity: ("Suspicious &= or |= constant expression") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Bitwise-or'ing 0xffffffff with the u32 variable ctr is the same result
as assigning the value to ctr.  Remove the redundant bitwise-or and
just use an assignment.

Addresses-Coverity: ("Suspicious &= or |= constant expression")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: mediatek - fix incorrect crypto key setting 2019-09-05T04:36:54+00:00 Vic Wu vic.wu@mediatek.com 2019-08-28T06:37:16+00:00 a3d7c50c416c378c91272e6b2905f91fde682319 Record crypto key to context during setkey and set the key to transform state buffer in encrypt/decrypt process. Signed-off-by: Vic Wu <vic.wu@mediatek.com> Tested-by: John Crispin <john@phrozen.og> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Record crypto key to context during setkey and set the key to
transform state buffer in encrypt/decrypt process.

Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Tested-by: John Crispin <john@phrozen.og>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: mediatek - add support to OFB/CFB mode 2019-09-05T04:36:54+00:00 Ryder Lee ryder.lee@mediatek.com 2019-08-28T06:37:15+00:00 069ec891823a5211c48c68c9b9f1571d9647606d This patch adds support to OFB/CFB mode. Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Vic Wu <vic.wu@mediatek.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch adds support to OFB/CFB mode.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: mediatek - only treat EBUSY as transient if backlog 2019-09-05T04:36:54+00:00 Ryder Lee ryder.lee@mediatek.com 2019-08-28T06:37:14+00:00 f271ea9fe1de6455a6855ef320c6946a7f7bf6e7 The driver was treating -EBUSY as indication of queueing to backlog without checking that backlog is enabled for the request. Fix it by checking request flags. Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Vic Wu <vic.wu@mediatek.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The driver was treating -EBUSY as indication of queueing to backlog
without checking that backlog is enabled for the request.

Fix it by checking request flags.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: mediatek - fix uninitialized value of gctx->textlen 2019-09-05T04:36:54+00:00 Ryder Lee ryder.lee@mediatek.com 2019-08-28T06:37:13+00:00 e049ff5af04b18bfb4105787be198d58c841fc99 Add a pre-computed text length to avoid uninitialized value in the check. Fixes: e47270665b5f ("crypto: mediatek - Add empty messages check in GCM mode") Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Vic Wu <vic.wu@mediatek.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Add a pre-computed text length to avoid uninitialized value in the check.

Fixes: e47270665b5f ("crypto: mediatek - Add empty messages check in GCM mode")
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: mediatek - move mtk_aes_find_dev() to the right place 2019-09-05T04:36:54+00:00 Ryder Lee ryder.lee@mediatek.com 2019-08-28T06:37:12+00:00 4797f6cab5096aa4e97cee2d0044dcf8e6bcd7b8 Move mtk_aes_find_dev() to right functions as nobody uses the 'cryp' under current flows. We can also avoid duplicate checks here and there in this way. Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Vic Wu <vic.wu@mediatek.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Move mtk_aes_find_dev() to right functions as nobody uses the
'cryp' under current flows.

We can also avoid duplicate checks here and there in this way.

Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Vic Wu <vic.wu@mediatek.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: mediatek - use devm_platform_ioremap_resource() to simplify code 2019-08-09T05:12:00+00:00 YueHaibing yuehaibing@huawei.com 2019-08-02T13:28:03+00:00 b26120fdb9326052cc0bffe6a52c19a7145d3851 Use devm_platform_ioremap_resource() to simplify the code a bit. This is detected by coccinelle. Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Use devm_platform_ioremap_resource() to simplify the code a bit.
This is detected by coccinelle.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>