apm821xx: backport and reassign crypto4xx patches
authorChristian Lamparter <chunkeey@gmail.com>
Sat, 28 Apr 2018 20:08:09 +0000 (22:08 +0200)
committerJohn Crispin <john@phrozen.org>
Thu, 24 May 2018 15:24:30 +0000 (17:24 +0200)
This patch backports several patches that went upstream into
Herbert Xu's cryptodev-2.6 tree:

crypto: Use zeroing memory allocator instead of allocator/memset
crypto: crypto4xx - performance optimizations
crypto: crypto4xx - convert to skcipher
crypto: crypto4xx - avoid VLA use
crypto: crypto4xx - add aes-ctr support
crypto: crypto4xx - properly set IV after de- and encrypt
crypto: crypto4xx - extend aead fallback checks
crypto: crypto4xx - put temporary dst sg into request ctx

The older, outstanding patches from 120-wxyz series have been
upstreamed as well and therefore they have been reassigned to
fit into the series.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 16e39624b728264bd4759580f6292bffefcae466)

19 files changed:
target/linux/apm821xx/patches-4.14/021-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/021-0002-crypto-crypto4xx-support-Revision-B-parts.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/021-0003-crypto-crypto4xx-fix-missing-irq-devname.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/021-0004-crypto-crypto4xx-kill-MODULE_NAME.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/021-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/022-0001-crypto-Use-zeroing-memory-allocator-instead-of-alloc.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/022-0002-crypto-crypto4xx-performance-optimizations.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/022-0003-crypto-crypto4xx-convert-to-skcipher.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/022-0004-crypto-crypto4xx-avoid-VLA-use.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/022-0005-crypto-crypto4xx-add-aes-ctr-support.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/022-0007-crypto-crypto4xx-extend-aead-fallback-checks.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/022-0008-crypto-crypto4xx-put-temporary-dst-sg-into-request-c.patch [new file with mode: 0644]
target/linux/apm821xx/patches-4.14/120-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch [deleted file]
target/linux/apm821xx/patches-4.14/120-0002-crypto-crypto4xx-support-Revision-B-parts.patch [deleted file]
target/linux/apm821xx/patches-4.14/120-0003-crypto-crypto4xx-fix-missing-irq-devname.patch [deleted file]
target/linux/apm821xx/patches-4.14/120-0004-crypto-crypto4xx-kill-MODULE_NAME.patch [deleted file]
target/linux/apm821xx/patches-4.14/120-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch [deleted file]
target/linux/apm821xx/patches-4.14/120-0006-crypto-crypto4xx-performance-optimizations.patch [deleted file]

diff --git a/target/linux/apm821xx/patches-4.14/021-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch b/target/linux/apm821xx/patches-4.14/021-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch
new file mode 100644 (file)
index 0000000..fc8df38
--- /dev/null
@@ -0,0 +1,71 @@
+From 4baa099377d73ea99c7802a9685815b32e8bf119 Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 21 Dec 2017 15:08:18 +0100
+Subject: [PATCH 1/6] crypto: crypto4xx - shuffle iomap in front of request_irq
+
+It is possible to avoid the ce_base null pointer check in the
+drivers' interrupt handler routine "crypto4xx_ce_interrupt_handler()"
+by simply doing the iomap in front of the IRQ registration.
+
+This way, the ce_base will always be valid in the handler and
+a branch in an critical path can be avoided.
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 21 +++++++++------------
+ 1 file changed, 9 insertions(+), 12 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -1075,9 +1075,6 @@ static irqreturn_t crypto4xx_ce_interrup
+       struct device *dev = (struct device *)data;
+       struct crypto4xx_core_device *core_dev = dev_get_drvdata(dev);
+-      if (!core_dev->dev->ce_base)
+-              return 0;
+-
+       writel(PPC4XX_INTERRUPT_CLR,
+              core_dev->dev->ce_base + CRYPTO4XX_INT_CLR);
+       tasklet_schedule(&core_dev->tasklet);
+@@ -1325,13 +1322,6 @@ static int crypto4xx_probe(struct platfo
+       tasklet_init(&core_dev->tasklet, crypto4xx_bh_tasklet_cb,
+                    (unsigned long) dev);
+-      /* Register for Crypto isr, Crypto Engine IRQ */
+-      core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0);
+-      rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0,
+-                       core_dev->dev->name, dev);
+-      if (rc)
+-              goto err_request_irq;
+-
+       core_dev->dev->ce_base = of_iomap(ofdev->dev.of_node, 0);
+       if (!core_dev->dev->ce_base) {
+               dev_err(dev, "failed to of_iomap\n");
+@@ -1339,6 +1329,13 @@ static int crypto4xx_probe(struct platfo
+               goto err_iomap;
+       }
++      /* Register for Crypto isr, Crypto Engine IRQ */
++      core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0);
++      rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0,
++                       core_dev->dev->name, dev);
++      if (rc)
++              goto err_request_irq;
++
+       /* need to setup pdr, rdr, gdr and sdr before this */
+       crypto4xx_hw_init(core_dev->dev);
+@@ -1352,11 +1349,11 @@ static int crypto4xx_probe(struct platfo
+       return 0;
+ err_start_dev:
+-      iounmap(core_dev->dev->ce_base);
+-err_iomap:
+       free_irq(core_dev->irq, dev);
+ err_request_irq:
+       irq_dispose_mapping(core_dev->irq);
++      iounmap(core_dev->dev->ce_base);
++err_iomap:
+       tasklet_kill(&core_dev->tasklet);
+ err_build_sdr:
+       crypto4xx_destroy_sdr(core_dev->dev);
diff --git a/target/linux/apm821xx/patches-4.14/021-0002-crypto-crypto4xx-support-Revision-B-parts.patch b/target/linux/apm821xx/patches-4.14/021-0002-crypto-crypto4xx-support-Revision-B-parts.patch
new file mode 100644 (file)
index 0000000..1adad96
--- /dev/null
@@ -0,0 +1,150 @@
+From 1e932b627e79aa2c70e2c7278e4ac930303faa3f Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 21 Dec 2017 15:09:18 +0100
+Subject: [PATCH 2/6] crypto: crypto4xx - support Revision B parts
+
+This patch adds support for the crypto4xx RevB cores
+found in the 460EX, 460SX and later cores (like the APM821xx).
+
+Without this patch, the crypto4xx driver will not be
+able to process any offloaded requests and simply hang
+indefinitely.
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+---
+ drivers/crypto/amcc/crypto4xx_core.c    | 48 +++++++++++++++++++++++++++++----
+ drivers/crypto/amcc/crypto4xx_core.h    |  1 +
+ drivers/crypto/amcc/crypto4xx_reg_def.h |  4 ++-
+ 3 files changed, 47 insertions(+), 6 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -128,7 +128,14 @@ static void crypto4xx_hw_init(struct cry
+       writel(PPC4XX_INT_DESCR_CNT, dev->ce_base + CRYPTO4XX_INT_DESCR_CNT);
+       writel(PPC4XX_INT_DESCR_CNT, dev->ce_base + CRYPTO4XX_INT_DESCR_CNT);
+       writel(PPC4XX_INT_CFG, dev->ce_base + CRYPTO4XX_INT_CFG);
+-      writel(PPC4XX_PD_DONE_INT, dev->ce_base + CRYPTO4XX_INT_EN);
++      if (dev->is_revb) {
++              writel(PPC4XX_INT_TIMEOUT_CNT_REVB << 10,
++                     dev->ce_base + CRYPTO4XX_INT_TIMEOUT_CNT);
++              writel(PPC4XX_PD_DONE_INT | PPC4XX_TMO_ERR_INT,
++                     dev->ce_base + CRYPTO4XX_INT_EN);
++      } else {
++              writel(PPC4XX_PD_DONE_INT, dev->ce_base + CRYPTO4XX_INT_EN);
++      }
+ }
+ int crypto4xx_alloc_sa(struct crypto4xx_ctx *ctx, u32 size)
+@@ -1070,18 +1077,29 @@ static void crypto4xx_bh_tasklet_cb(unsi
+ /**
+  * Top Half of isr.
+  */
+-static irqreturn_t crypto4xx_ce_interrupt_handler(int irq, void *data)
++static inline irqreturn_t crypto4xx_interrupt_handler(int irq, void *data,
++                                                    u32 clr_val)
+ {
+       struct device *dev = (struct device *)data;
+       struct crypto4xx_core_device *core_dev = dev_get_drvdata(dev);
+-      writel(PPC4XX_INTERRUPT_CLR,
+-             core_dev->dev->ce_base + CRYPTO4XX_INT_CLR);
++      writel(clr_val, core_dev->dev->ce_base + CRYPTO4XX_INT_CLR);
+       tasklet_schedule(&core_dev->tasklet);
+       return IRQ_HANDLED;
+ }
++static irqreturn_t crypto4xx_ce_interrupt_handler(int irq, void *data)
++{
++      return crypto4xx_interrupt_handler(irq, data, PPC4XX_INTERRUPT_CLR);
++}
++
++static irqreturn_t crypto4xx_ce_interrupt_handler_revb(int irq, void *data)
++{
++      return crypto4xx_interrupt_handler(irq, data, PPC4XX_INTERRUPT_CLR |
++              PPC4XX_TMO_ERR_INT);
++}
++
+ /**
+  * Supported Crypto Algorithms
+  */
+@@ -1263,6 +1281,8 @@ static int crypto4xx_probe(struct platfo
+       struct resource res;
+       struct device *dev = &ofdev->dev;
+       struct crypto4xx_core_device *core_dev;
++      u32 pvr;
++      bool is_revb = true;
+       rc = of_address_to_resource(ofdev->dev.of_node, 0, &res);
+       if (rc)
+@@ -1279,6 +1299,7 @@ static int crypto4xx_probe(struct platfo
+                      mfdcri(SDR0, PPC405EX_SDR0_SRST) | PPC405EX_CE_RESET);
+               mtdcri(SDR0, PPC405EX_SDR0_SRST,
+                      mfdcri(SDR0, PPC405EX_SDR0_SRST) & ~PPC405EX_CE_RESET);
++              is_revb = false;
+       } else if (of_find_compatible_node(NULL, NULL,
+                       "amcc,ppc460sx-crypto")) {
+               mtdcri(SDR0, PPC460SX_SDR0_SRST,
+@@ -1301,7 +1322,22 @@ static int crypto4xx_probe(struct platfo
+       if (!core_dev->dev)
+               goto err_alloc_dev;
++      /*
++       * Older version of 460EX/GT have a hardware bug.
++       * Hence they do not support H/W based security intr coalescing
++       */
++      pvr = mfspr(SPRN_PVR);
++      if (is_revb && ((pvr >> 4) == 0x130218A)) {
++              u32 min = PVR_MIN(pvr);
++
++              if (min < 4) {
++                      dev_info(dev, "RevA detected - disable interrupt coalescing\n");
++                      is_revb = false;
++              }
++      }
++
+       core_dev->dev->core_dev = core_dev;
++      core_dev->dev->is_revb = is_revb;
+       core_dev->device = dev;
+       spin_lock_init(&core_dev->lock);
+       INIT_LIST_HEAD(&core_dev->dev->alg_list);
+@@ -1331,7 +1367,9 @@ static int crypto4xx_probe(struct platfo
+       /* Register for Crypto isr, Crypto Engine IRQ */
+       core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0);
+-      rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0,
++      rc = request_irq(core_dev->irq, is_revb ?
++                       crypto4xx_ce_interrupt_handler_revb :
++                       crypto4xx_ce_interrupt_handler, 0,
+                        core_dev->dev->name, dev);
+       if (rc)
+               goto err_request_irq;
+--- a/drivers/crypto/amcc/crypto4xx_core.h
++++ b/drivers/crypto/amcc/crypto4xx_core.h
+@@ -109,6 +109,7 @@ struct crypto4xx_device {
+       struct list_head alg_list;      /* List of algorithm supported
+                                       by this device */
+       struct ratelimit_state aead_ratelimit;
++      bool is_revb;
+ };
+ struct crypto4xx_core_device {
+--- a/drivers/crypto/amcc/crypto4xx_reg_def.h
++++ b/drivers/crypto/amcc/crypto4xx_reg_def.h
+@@ -121,13 +121,15 @@
+ #define PPC4XX_PD_SIZE                                6
+ #define PPC4XX_CTX_DONE_INT                   0x2000
+ #define PPC4XX_PD_DONE_INT                    0x8000
++#define PPC4XX_TMO_ERR_INT                    0x40000
+ #define PPC4XX_BYTE_ORDER                     0x22222
+ #define PPC4XX_INTERRUPT_CLR                  0x3ffff
+ #define PPC4XX_PRNG_CTRL_AUTO_EN              0x3
+ #define PPC4XX_DC_3DES_EN                     1
+ #define PPC4XX_TRNG_EN                                0x00020000
+-#define PPC4XX_INT_DESCR_CNT                  4
++#define PPC4XX_INT_DESCR_CNT                  7
+ #define PPC4XX_INT_TIMEOUT_CNT                        0
++#define PPC4XX_INT_TIMEOUT_CNT_REVB           0x3FF
+ #define PPC4XX_INT_CFG                                1
+ /**
+  * all follow define are ad hoc
diff --git a/target/linux/apm821xx/patches-4.14/021-0003-crypto-crypto4xx-fix-missing-irq-devname.patch b/target/linux/apm821xx/patches-4.14/021-0003-crypto-crypto4xx-fix-missing-irq-devname.patch
new file mode 100644 (file)
index 0000000..a295fa4
--- /dev/null
@@ -0,0 +1,37 @@
+From 00179ef6e3c4e5db6258cd6e273e4063b8437d18 Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 21 Dec 2017 15:10:18 +0100
+Subject: [PATCH 3/6] crypto: crypto4xx - fix missing irq devname
+
+crypto4xx_device's name variable is not set to anything.
+The common devname for request_irq seems to be the module
+name. This will fix the seemingly anonymous interrupt
+entry in /proc/interrupts for crypto4xx.
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 2 +-
+ drivers/crypto/amcc/crypto4xx_core.h | 1 -
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -1370,7 +1370,7 @@ static int crypto4xx_probe(struct platfo
+       rc = request_irq(core_dev->irq, is_revb ?
+                        crypto4xx_ce_interrupt_handler_revb :
+                        crypto4xx_ce_interrupt_handler, 0,
+-                       core_dev->dev->name, dev);
++                       KBUILD_MODNAME, dev);
+       if (rc)
+               goto err_request_irq;
+--- a/drivers/crypto/amcc/crypto4xx_core.h
++++ b/drivers/crypto/amcc/crypto4xx_core.h
+@@ -82,7 +82,6 @@ struct pd_uinfo {
+ struct crypto4xx_device {
+       struct crypto4xx_core_device *core_dev;
+-      char *name;
+       void __iomem *ce_base;
+       void __iomem *trng_base;
diff --git a/target/linux/apm821xx/patches-4.14/021-0004-crypto-crypto4xx-kill-MODULE_NAME.patch b/target/linux/apm821xx/patches-4.14/021-0004-crypto-crypto4xx-kill-MODULE_NAME.patch
new file mode 100644 (file)
index 0000000..4ee99f4
--- /dev/null
@@ -0,0 +1,47 @@
+From c3621f23fed7d6fff33083ae538004ea59c01d8f Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 21 Dec 2017 15:11:18 +0100
+Subject: [PATCH 4/6] crypto: crypto4xx - kill MODULE_NAME
+
+KBUILD_MODNAME provides the same value.
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 2 +-
+ drivers/crypto/amcc/crypto4xx_core.h | 2 --
+ drivers/crypto/amcc/crypto4xx_trng.c | 2 +-
+ 3 files changed, 2 insertions(+), 4 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -1432,7 +1432,7 @@ MODULE_DEVICE_TABLE(of, crypto4xx_match)
+ static struct platform_driver crypto4xx_driver = {
+       .driver = {
+-              .name = MODULE_NAME,
++              .name = KBUILD_MODNAME,
+               .of_match_table = crypto4xx_match,
+       },
+       .probe          = crypto4xx_probe,
+--- a/drivers/crypto/amcc/crypto4xx_core.h
++++ b/drivers/crypto/amcc/crypto4xx_core.h
+@@ -28,8 +28,6 @@
+ #include "crypto4xx_reg_def.h"
+ #include "crypto4xx_sa.h"
+-#define MODULE_NAME "crypto4xx"
+-
+ #define PPC460SX_SDR0_SRST                      0x201
+ #define PPC405EX_SDR0_SRST                      0x200
+ #define PPC460EX_SDR0_SRST                      0x201
+--- a/drivers/crypto/amcc/crypto4xx_trng.c
++++ b/drivers/crypto/amcc/crypto4xx_trng.c
+@@ -92,7 +92,7 @@ void ppc4xx_trng_probe(struct crypto4xx_
+       if (!rng)
+               goto err_out;
+-      rng->name = MODULE_NAME;
++      rng->name = KBUILD_MODNAME;
+       rng->data_present = ppc4xx_trng_data_present;
+       rng->data_read = ppc4xx_trng_data_read;
+       rng->priv = (unsigned long) dev;
diff --git a/target/linux/apm821xx/patches-4.14/021-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch b/target/linux/apm821xx/patches-4.14/021-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch
new file mode 100644 (file)
index 0000000..0dbd924
--- /dev/null
@@ -0,0 +1,146 @@
+From 5b3856d1d98e6f6a58b70c1c0d7da3fb5f042e9c Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 21 Dec 2017 16:00:01 +0100
+Subject: [PATCH 5/6] crypto: crypto4xx - perform aead icv check in the driver
+
+The ccm-aes-ppc4xx now fails one of testmgr's expected
+failure test cases as such:
+
+alg: aead: decryption failed on test 10 for ccm-aes-ppc4xx: ret was 0, expected -EBADMSG
+
+Upon closer inspection, it turned out that the hardware's
+crypto flags that would indicate an authentification failure
+are not set by the hardware. The original vendor source from
+which this was ported does not have any special code or notes
+about why this would happen or if there are any WAs.
+
+Hence, this patch converts the aead_done callback handler to
+perform the icv check in the driver. And this fixes the false
+negative and the ccm-aes-ppc4xx passes the selftests once again.
+
+|name         : ccm(aes)
+|driver       : ccm-aes-ppc4xx
+|module       : crypto4xx
+|priority     : 300
+|refcnt       : 1
+|selftest     : passed
+|internal     : no
+|type         : aead
+|async        : yes
+|blocksize    : 1
+|ivsize       : 16
+|maxauthsize  : 16
+|geniv        : <none>
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c  |  6 +---
+ drivers/crypto/amcc/crypto4xx_core.c | 54 ++++++++++++++++++------------------
+ 2 files changed, 28 insertions(+), 32 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -256,10 +256,6 @@ static inline bool crypto4xx_aead_need_f
+       if (is_ccm && !(req->iv[0] == 1 || req->iv[0] == 3))
+               return true;
+-      /* CCM - fix CBC MAC mismatch in special case */
+-      if (is_ccm && decrypt && !req->assoclen)
+-              return true;
+-
+       return false;
+ }
+@@ -330,7 +326,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp
+       sa = (struct dynamic_sa_ctl *) ctx->sa_in;
+       sa->sa_contents.w = SA_AES_CCM_CONTENTS | (keylen << 2);
+-      set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV,
++      set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV,
+                                SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE,
+                                SA_NO_HEADER_PROC, SA_HASH_ALG_CBC_MAC,
+                                SA_CIPHER_ALG_AES,
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -577,15 +577,14 @@ static void crypto4xx_aead_done(struct c
+                               struct pd_uinfo *pd_uinfo,
+                               struct ce_pd *pd)
+ {
+-      struct aead_request *aead_req;
+-      struct crypto4xx_ctx *ctx;
++      struct aead_request *aead_req = container_of(pd_uinfo->async_req,
++              struct aead_request, base);
+       struct scatterlist *dst = pd_uinfo->dest_va;
++      size_t cp_len = crypto_aead_authsize(
++              crypto_aead_reqtfm(aead_req));
++      u32 icv[cp_len];
+       int err = 0;
+-      aead_req = container_of(pd_uinfo->async_req, struct aead_request,
+-                              base);
+-      ctx  = crypto_tfm_ctx(aead_req->base.tfm);
+-
+       if (pd_uinfo->using_sd) {
+               crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo,
+                                         pd->pd_ctl_len.bf.pkt_len,
+@@ -597,38 +596,39 @@ static void crypto4xx_aead_done(struct c
+       if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) {
+               /* append icv at the end */
+-              size_t cp_len = crypto_aead_authsize(
+-                      crypto_aead_reqtfm(aead_req));
+-              u32 icv[cp_len];
+-
+               crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest,
+                                          cp_len);
+               scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen,
+                                        cp_len, 1);
++      } else {
++              /* check icv at the end */
++              scatterwalk_map_and_copy(icv, aead_req->src,
++                      aead_req->assoclen + aead_req->cryptlen -
++                      cp_len, cp_len, 0);
++
++              crypto4xx_memcpy_from_le32(icv, icv, cp_len);
++
++              if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len))
++                      err = -EBADMSG;
+       }
+       crypto4xx_ret_sg_desc(dev, pd_uinfo);
+       if (pd->pd_ctl.bf.status & 0xff) {
+-              if (pd->pd_ctl.bf.status & 0x1) {
+-                      /* authentication error */
+-                      err = -EBADMSG;
+-              } else {
+-                      if (!__ratelimit(&dev->aead_ratelimit)) {
+-                              if (pd->pd_ctl.bf.status & 2)
+-                                      pr_err("pad fail error\n");
+-                              if (pd->pd_ctl.bf.status & 4)
+-                                      pr_err("seqnum fail\n");
+-                              if (pd->pd_ctl.bf.status & 8)
+-                                      pr_err("error _notify\n");
+-                              pr_err("aead return err status = 0x%02x\n",
+-                                      pd->pd_ctl.bf.status & 0xff);
+-                              pr_err("pd pad_ctl = 0x%08x\n",
+-                                      pd->pd_ctl.bf.pd_pad_ctl);
+-                      }
+-                      err = -EINVAL;
++              if (!__ratelimit(&dev->aead_ratelimit)) {
++                      if (pd->pd_ctl.bf.status & 2)
++                              pr_err("pad fail error\n");
++                      if (pd->pd_ctl.bf.status & 4)
++                              pr_err("seqnum fail\n");
++                      if (pd->pd_ctl.bf.status & 8)
++                              pr_err("error _notify\n");
++                      pr_err("aead return err status = 0x%02x\n",
++                              pd->pd_ctl.bf.status & 0xff);
++                      pr_err("pd pad_ctl = 0x%08x\n",
++                              pd->pd_ctl.bf.pd_pad_ctl);
+               }
++              err = -EINVAL;
+       }
+       if (pd_uinfo->state & PD_ENTRY_BUSY)
diff --git a/target/linux/apm821xx/patches-4.14/022-0001-crypto-Use-zeroing-memory-allocator-instead-of-alloc.patch b/target/linux/apm821xx/patches-4.14/022-0001-crypto-Use-zeroing-memory-allocator-instead-of-alloc.patch
new file mode 100644 (file)
index 0000000..57823fa
--- /dev/null
@@ -0,0 +1,39 @@
+From 75d68369b544acc5d14c18a827654dfff248d09d Mon Sep 17 00:00:00 2001
+From: Himanshu Jha <himanshujha199640@gmail.com>
+Date: Sun, 31 Dec 2017 17:54:23 +0530
+Subject: [PATCH 1/8] crypto: Use zeroing memory allocator instead of
+ allocator/memset
+
+Use dma_zalloc_coherent for allocating zeroed
+memory and remove unnecessary memset function.
+
+Done using Coccinelle.
+Generated-by: scripts/coccinelle/api/alloc/kzalloc-simple.cocci
+0-day tested with no failures.
+
+Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -282,14 +282,12 @@ static u32 crypto4xx_put_pd_to_pdr(struc
+  */
+ static u32 crypto4xx_build_gdr(struct crypto4xx_device *dev)
+ {
+-      dev->gdr = dma_alloc_coherent(dev->core_dev->device,
+-                                    sizeof(struct ce_gd) * PPC4XX_NUM_GD,
+-                                    &dev->gdr_pa, GFP_ATOMIC);
++      dev->gdr = dma_zalloc_coherent(dev->core_dev->device,
++                                     sizeof(struct ce_gd) * PPC4XX_NUM_GD,
++                                     &dev->gdr_pa, GFP_ATOMIC);
+       if (!dev->gdr)
+               return -ENOMEM;
+-      memset(dev->gdr, 0, sizeof(struct ce_gd) * PPC4XX_NUM_GD);
+-
+       return 0;
+ }
diff --git a/target/linux/apm821xx/patches-4.14/022-0002-crypto-crypto4xx-performance-optimizations.patch b/target/linux/apm821xx/patches-4.14/022-0002-crypto-crypto4xx-performance-optimizations.patch
new file mode 100644 (file)
index 0000000..f1035be
--- /dev/null
@@ -0,0 +1,159 @@
+From a8d79d7bfb14f471914017103ee2329a74e5e89d Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 19 Apr 2018 18:41:51 +0200
+Subject: crypto: crypto4xx - performance optimizations
+
+This patch provides a cheap 2MiB/s+ (~ 6%) performance
+improvement over the current code. This is because the
+compiler can now optimize several endian swap memcpy.
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c  | 32 +++++++++++++++++++-------------
+ drivers/crypto/amcc/crypto4xx_core.c | 22 +++++++++++-----------
+ drivers/crypto/amcc/crypto4xx_core.h |  6 ++++--
+ 3 files changed, 34 insertions(+), 26 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -74,32 +74,38 @@ static void set_dynamic_sa_command_1(str
+       sa->sa_command_1.bf.copy_hdr = cp_hdr;
+ }
+-int crypto4xx_encrypt(struct ablkcipher_request *req)
++static inline int crypto4xx_crypt(struct ablkcipher_request *req,
++                                const unsigned int ivlen, bool decrypt)
+ {
+       struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+-      unsigned int ivlen = crypto_ablkcipher_ivsize(
+-              crypto_ablkcipher_reqtfm(req));
+       __le32 iv[ivlen];
+       if (ivlen)
+               crypto4xx_memcpy_to_le32(iv, req->info, ivlen);
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+-              req->nbytes, iv, ivlen, ctx->sa_out, ctx->sa_len, 0);
++              req->nbytes, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out,
++              ctx->sa_len, 0);
+ }
+-int crypto4xx_decrypt(struct ablkcipher_request *req)
++int crypto4xx_encrypt_noiv(struct ablkcipher_request *req)
+ {
+-      struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+-      unsigned int ivlen = crypto_ablkcipher_ivsize(
+-              crypto_ablkcipher_reqtfm(req));
+-      __le32 iv[ivlen];
++      return crypto4xx_crypt(req, 0, false);
++}
+-      if (ivlen)
+-              crypto4xx_memcpy_to_le32(iv, req->info, ivlen);
++int crypto4xx_encrypt_iv(struct ablkcipher_request *req)
++{
++      return crypto4xx_crypt(req, AES_IV_SIZE, false);
++}
+-      return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+-              req->nbytes, iv, ivlen, ctx->sa_in, ctx->sa_len, 0);
++int crypto4xx_decrypt_noiv(struct ablkcipher_request *req)
++{
++      return crypto4xx_crypt(req, 0, true);
++}
++
++int crypto4xx_decrypt_iv(struct ablkcipher_request *req)
++{
++      return crypto4xx_crypt(req, AES_IV_SIZE, true);
+ }
+ /**
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -580,7 +580,7 @@ static void crypto4xx_aead_done(struct c
+       struct scatterlist *dst = pd_uinfo->dest_va;
+       size_t cp_len = crypto_aead_authsize(
+               crypto_aead_reqtfm(aead_req));
+-      u32 icv[cp_len];
++      u32 icv[AES_BLOCK_SIZE];
+       int err = 0;
+       if (pd_uinfo->using_sd) {
+@@ -595,7 +595,7 @@ static void crypto4xx_aead_done(struct c
+       if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) {
+               /* append icv at the end */
+               crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest,
+-                                         cp_len);
++                                         sizeof(icv));
+               scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen,
+                                        cp_len, 1);
+@@ -605,7 +605,7 @@ static void crypto4xx_aead_done(struct c
+                       aead_req->assoclen + aead_req->cryptlen -
+                       cp_len, cp_len, 0);
+-              crypto4xx_memcpy_from_le32(icv, icv, cp_len);
++              crypto4xx_memcpy_from_le32(icv, icv, sizeof(icv));
+               if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len))
+                       err = -EBADMSG;
+@@ -1122,8 +1122,8 @@ static struct crypto4xx_alg_common crypt
+                               .max_keysize    = AES_MAX_KEY_SIZE,
+                               .ivsize         = AES_IV_SIZE,
+                               .setkey         = crypto4xx_setkey_aes_cbc,
+-                              .encrypt        = crypto4xx_encrypt,
+-                              .decrypt        = crypto4xx_decrypt,
++                              .encrypt        = crypto4xx_encrypt_iv,
++                              .decrypt        = crypto4xx_decrypt_iv,
+                       }
+               }
+       }},
+@@ -1146,8 +1146,8 @@ static struct crypto4xx_alg_common crypt
+                               .max_keysize    = AES_MAX_KEY_SIZE,
+                               .ivsize         = AES_IV_SIZE,
+                               .setkey         = crypto4xx_setkey_aes_cfb,
+-                              .encrypt        = crypto4xx_encrypt,
+-                              .decrypt        = crypto4xx_decrypt,
++                              .encrypt        = crypto4xx_encrypt_iv,
++                              .decrypt        = crypto4xx_decrypt_iv,
+                       }
+               }
+       } },
+@@ -1195,8 +1195,8 @@ static struct crypto4xx_alg_common crypt
+                               .min_keysize    = AES_MIN_KEY_SIZE,
+                               .max_keysize    = AES_MAX_KEY_SIZE,
+                               .setkey         = crypto4xx_setkey_aes_ecb,
+-                              .encrypt        = crypto4xx_encrypt,
+-                              .decrypt        = crypto4xx_decrypt,
++                              .encrypt        = crypto4xx_encrypt_noiv,
++                              .decrypt        = crypto4xx_decrypt_noiv,
+                       }
+               }
+       } },
+@@ -1219,8 +1219,8 @@ static struct crypto4xx_alg_common crypt
+                               .max_keysize    = AES_MAX_KEY_SIZE,
+                               .ivsize         = AES_IV_SIZE,
+                               .setkey         = crypto4xx_setkey_aes_ofb,
+-                              .encrypt        = crypto4xx_encrypt,
+-                              .decrypt        = crypto4xx_decrypt,
++                              .encrypt        = crypto4xx_encrypt_iv,
++                              .decrypt        = crypto4xx_decrypt_iv,
+                       }
+               }
+       } },
+--- a/drivers/crypto/amcc/crypto4xx_core.h
++++ b/drivers/crypto/amcc/crypto4xx_core.h
+@@ -168,8 +168,10 @@ int crypto4xx_setkey_aes_ofb(struct cryp
+                            const u8 *key, unsigned int keylen);
+ int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher,
+                            const u8 *key, unsigned int keylen);
+-int crypto4xx_encrypt(struct ablkcipher_request *req);
+-int crypto4xx_decrypt(struct ablkcipher_request *req);
++int crypto4xx_encrypt_iv(struct ablkcipher_request *req);
++int crypto4xx_decrypt_iv(struct ablkcipher_request *req);
++int crypto4xx_encrypt_noiv(struct ablkcipher_request *req);
++int crypto4xx_decrypt_noiv(struct ablkcipher_request *req);
+ int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req);
+ int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req);
+ int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm);
diff --git a/target/linux/apm821xx/patches-4.14/022-0003-crypto-crypto4xx-convert-to-skcipher.patch b/target/linux/apm821xx/patches-4.14/022-0003-crypto-crypto4xx-convert-to-skcipher.patch
new file mode 100644 (file)
index 0000000..291c4ef
--- /dev/null
@@ -0,0 +1,578 @@
+From ce05ffe10457bda487fa049016a6ba79934bdece Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 19 Apr 2018 18:41:52 +0200
+Subject: [PATCH 3/8] crypto: crypto4xx - convert to skcipher
+
+The ablkcipher APIs have been effectively deprecated since [1].
+This patch converts the crypto4xx driver to the new skcipher APIs.
+
+[1] <https://www.spinics.net/lists/linux-crypto/msg18133.html>
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c  |  60 ++++---
+ drivers/crypto/amcc/crypto4xx_core.c | 255 +++++++++++++--------------
+ drivers/crypto/amcc/crypto4xx_core.h |  25 +--
+ 3 files changed, 163 insertions(+), 177 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -31,6 +31,7 @@
+ #include <crypto/gcm.h>
+ #include <crypto/sha.h>
+ #include <crypto/ctr.h>
++#include <crypto/skcipher.h>
+ #include "crypto4xx_reg_def.h"
+ #include "crypto4xx_core.h"
+ #include "crypto4xx_sa.h"
+@@ -74,36 +75,37 @@ static void set_dynamic_sa_command_1(str
+       sa->sa_command_1.bf.copy_hdr = cp_hdr;
+ }
+-static inline int crypto4xx_crypt(struct ablkcipher_request *req,
++static inline int crypto4xx_crypt(struct skcipher_request *req,
+                                 const unsigned int ivlen, bool decrypt)
+ {
+-      struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
++      struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
++      struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
+       __le32 iv[ivlen];
+       if (ivlen)
+-              crypto4xx_memcpy_to_le32(iv, req->info, ivlen);
++              crypto4xx_memcpy_to_le32(iv, req->iv, ivlen);
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+-              req->nbytes, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out,
++              req->cryptlen, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out,
+               ctx->sa_len, 0);
+ }
+-int crypto4xx_encrypt_noiv(struct ablkcipher_request *req)
++int crypto4xx_encrypt_noiv(struct skcipher_request *req)
+ {
+       return crypto4xx_crypt(req, 0, false);
+ }
+-int crypto4xx_encrypt_iv(struct ablkcipher_request *req)
++int crypto4xx_encrypt_iv(struct skcipher_request *req)
+ {
+       return crypto4xx_crypt(req, AES_IV_SIZE, false);
+ }
+-int crypto4xx_decrypt_noiv(struct ablkcipher_request *req)
++int crypto4xx_decrypt_noiv(struct skcipher_request *req)
+ {
+       return crypto4xx_crypt(req, 0, true);
+ }
+-int crypto4xx_decrypt_iv(struct ablkcipher_request *req)
++int crypto4xx_decrypt_iv(struct skcipher_request *req)
+ {
+       return crypto4xx_crypt(req, AES_IV_SIZE, true);
+ }
+@@ -111,20 +113,19 @@ int crypto4xx_decrypt_iv(struct ablkciph
+ /**
+  * AES Functions
+  */
+-static int crypto4xx_setkey_aes(struct crypto_ablkcipher *cipher,
++static int crypto4xx_setkey_aes(struct crypto_skcipher *cipher,
+                               const u8 *key,
+                               unsigned int keylen,
+                               unsigned char cm,
+                               u8 fb)
+ {
+-      struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher);
+-      struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm);
++      struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
+       struct dynamic_sa_ctl *sa;
+       int    rc;
+       if (keylen != AES_KEYSIZE_256 &&
+               keylen != AES_KEYSIZE_192 && keylen != AES_KEYSIZE_128) {
+-              crypto_ablkcipher_set_flags(cipher,
++              crypto_skcipher_set_flags(cipher,
+                               CRYPTO_TFM_RES_BAD_KEY_LEN);
+               return -EINVAL;
+       }
+@@ -164,39 +165,38 @@ static int crypto4xx_setkey_aes(struct c
+       return 0;
+ }
+-int crypto4xx_setkey_aes_cbc(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_aes_cbc(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen)
+ {
+       return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_CBC,
+                                   CRYPTO_FEEDBACK_MODE_NO_FB);
+ }
+-int crypto4xx_setkey_aes_cfb(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen)
+ {
+       return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_CFB,
+                                   CRYPTO_FEEDBACK_MODE_128BIT_CFB);
+ }
+-int crypto4xx_setkey_aes_ecb(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_aes_ecb(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen)
+ {
+       return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_ECB,
+                                   CRYPTO_FEEDBACK_MODE_NO_FB);
+ }
+-int crypto4xx_setkey_aes_ofb(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_aes_ofb(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen)
+ {
+       return crypto4xx_setkey_aes(cipher, key, keylen, CRYPTO_MODE_OFB,
+                                   CRYPTO_FEEDBACK_MODE_64BIT_OFB);
+ }
+-int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_rfc3686(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen)
+ {
+-      struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher);
+-      struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm);
++      struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
+       int rc;
+       rc = crypto4xx_setkey_aes(cipher, key, keylen - CTR_RFC3686_NONCE_SIZE,
+@@ -210,31 +210,33 @@ int crypto4xx_setkey_rfc3686(struct cryp
+       return 0;
+ }
+-int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req)
++int crypto4xx_rfc3686_encrypt(struct skcipher_request *req)
+ {
+-      struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
++      struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
++      struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
+       __le32 iv[AES_IV_SIZE / 4] = {
+               ctx->iv_nonce,
+-              cpu_to_le32p((u32 *) req->info),
+-              cpu_to_le32p((u32 *) (req->info + 4)),
++              cpu_to_le32p((u32 *) req->iv),
++              cpu_to_le32p((u32 *) (req->iv + 4)),
+               cpu_to_le32(1) };
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+-                                req->nbytes, iv, AES_IV_SIZE,
++                                req->cryptlen, iv, AES_IV_SIZE,
+                                 ctx->sa_out, ctx->sa_len, 0);
+ }
+-int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req)
++int crypto4xx_rfc3686_decrypt(struct skcipher_request *req)
+ {
+-      struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
++      struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
++      struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
+       __le32 iv[AES_IV_SIZE / 4] = {
+               ctx->iv_nonce,
+-              cpu_to_le32p((u32 *) req->info),
+-              cpu_to_le32p((u32 *) (req->info + 4)),
++              cpu_to_le32p((u32 *) req->iv),
++              cpu_to_le32p((u32 *) (req->iv + 4)),
+               cpu_to_le32(1) };
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+-                                req->nbytes, iv, AES_IV_SIZE,
++                                req->cryptlen, iv, AES_IV_SIZE,
+                                 ctx->sa_out, ctx->sa_len, 0);
+ }
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -41,6 +41,7 @@
+ #include <crypto/gcm.h>
+ #include <crypto/sha.h>
+ #include <crypto/scatterwalk.h>
++#include <crypto/skcipher.h>
+ #include <crypto/internal/aead.h>
+ #include <crypto/internal/skcipher.h>
+ #include "crypto4xx_reg_def.h"
+@@ -526,21 +527,19 @@ static void crypto4xx_ret_sg_desc(struct
+       }
+ }
+-static void crypto4xx_ablkcipher_done(struct crypto4xx_device *dev,
++static void crypto4xx_cipher_done(struct crypto4xx_device *dev,
+                                    struct pd_uinfo *pd_uinfo,
+                                    struct ce_pd *pd)
+ {
+-      struct crypto4xx_ctx *ctx;
+-      struct ablkcipher_request *ablk_req;
++      struct skcipher_request *req;
+       struct scatterlist *dst;
+       dma_addr_t addr;
+-      ablk_req = ablkcipher_request_cast(pd_uinfo->async_req);
+-      ctx  = crypto_tfm_ctx(ablk_req->base.tfm);
++      req = skcipher_request_cast(pd_uinfo->async_req);
+       if (pd_uinfo->using_sd) {
+-              crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo, ablk_req->nbytes,
+-                                        ablk_req->dst);
++              crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo,
++                                        req->cryptlen, req->dst);
+       } else {
+               dst = pd_uinfo->dest_va;
+               addr = dma_map_page(dev->core_dev->device, sg_page(dst),
+@@ -549,8 +548,8 @@ static void crypto4xx_ablkcipher_done(st
+       crypto4xx_ret_sg_desc(dev, pd_uinfo);
+       if (pd_uinfo->state & PD_ENTRY_BUSY)
+-              ablkcipher_request_complete(ablk_req, -EINPROGRESS);
+-      ablkcipher_request_complete(ablk_req, 0);
++              skcipher_request_complete(req, -EINPROGRESS);
++      skcipher_request_complete(req, 0);
+ }
+ static void crypto4xx_ahash_done(struct crypto4xx_device *dev,
+@@ -641,8 +640,8 @@ static void crypto4xx_pd_done(struct cry
+       struct pd_uinfo *pd_uinfo = &dev->pdr_uinfo[idx];
+       switch (crypto_tfm_alg_type(pd_uinfo->async_req->tfm)) {
+-      case CRYPTO_ALG_TYPE_ABLKCIPHER:
+-              crypto4xx_ablkcipher_done(dev, pd_uinfo, pd);
++      case CRYPTO_ALG_TYPE_SKCIPHER:
++              crypto4xx_cipher_done(dev, pd_uinfo, pd);
+               break;
+       case CRYPTO_ALG_TYPE_AEAD:
+               crypto4xx_aead_done(dev, pd_uinfo, pd);
+@@ -936,15 +935,14 @@ static void crypto4xx_ctx_init(struct cr
+       ctx->sa_len = 0;
+ }
+-static int crypto4xx_ablk_init(struct crypto_tfm *tfm)
++static int crypto4xx_sk_init(struct crypto_skcipher *sk)
+ {
+-      struct crypto_alg *alg = tfm->__crt_alg;
++      struct skcipher_alg *alg = crypto_skcipher_alg(sk);
+       struct crypto4xx_alg *amcc_alg;
+-      struct crypto4xx_ctx *ctx = crypto_tfm_ctx(tfm);
++      struct crypto4xx_ctx *ctx =  crypto_skcipher_ctx(sk);
+       amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.cipher);
+       crypto4xx_ctx_init(amcc_alg, ctx);
+-      tfm->crt_ablkcipher.reqsize = sizeof(struct crypto4xx_ctx);
+       return 0;
+ }
+@@ -953,9 +951,11 @@ static void crypto4xx_common_exit(struct
+       crypto4xx_free_sa(ctx);
+ }
+-static void crypto4xx_ablk_exit(struct crypto_tfm *tfm)
++static void crypto4xx_sk_exit(struct crypto_skcipher *sk)
+ {
+-      crypto4xx_common_exit(crypto_tfm_ctx(tfm));
++      struct crypto4xx_ctx *ctx =  crypto_skcipher_ctx(sk);
++
++      crypto4xx_common_exit(ctx);
+ }
+ static int crypto4xx_aead_init(struct crypto_aead *tfm)
+@@ -1012,7 +1012,7 @@ static int crypto4xx_register_alg(struct
+                       break;
+               default:
+-                      rc = crypto_register_alg(&alg->alg.u.cipher);
++                      rc = crypto_register_skcipher(&alg->alg.u.cipher);
+                       break;
+               }
+@@ -1041,7 +1041,7 @@ static void crypto4xx_unregister_alg(str
+                       break;
+               default:
+-                      crypto_unregister_alg(&alg->alg.u.cipher);
++                      crypto_unregister_skcipher(&alg->alg.u.cipher);
+               }
+               kfree(alg);
+       }
+@@ -1103,126 +1103,109 @@ static irqreturn_t crypto4xx_ce_interrup
+  */
+ static struct crypto4xx_alg_common crypto4xx_alg[] = {
+       /* Crypto AES modes */
+-      { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = {
+-              .cra_name       = "cbc(aes)",
+-              .cra_driver_name = "cbc-aes-ppc4xx",
+-              .cra_priority   = CRYPTO4XX_CRYPTO_PRIORITY,
+-              .cra_flags      = CRYPTO_ALG_TYPE_ABLKCIPHER |
+-                                CRYPTO_ALG_ASYNC |
+-                                CRYPTO_ALG_KERN_DRIVER_ONLY,
+-              .cra_blocksize  = AES_BLOCK_SIZE,
+-              .cra_ctxsize    = sizeof(struct crypto4xx_ctx),
+-              .cra_type       = &crypto_ablkcipher_type,
+-              .cra_init       = crypto4xx_ablk_init,
+-              .cra_exit       = crypto4xx_ablk_exit,
+-              .cra_module     = THIS_MODULE,
+-              .cra_u          = {
+-                      .ablkcipher = {
+-                              .min_keysize    = AES_MIN_KEY_SIZE,
+-                              .max_keysize    = AES_MAX_KEY_SIZE,
+-                              .ivsize         = AES_IV_SIZE,
+-                              .setkey         = crypto4xx_setkey_aes_cbc,
+-                              .encrypt        = crypto4xx_encrypt_iv,
+-                              .decrypt        = crypto4xx_decrypt_iv,
+-                      }
+-              }
+-      }},
+-      { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = {
+-              .cra_name       = "cfb(aes)",
+-              .cra_driver_name = "cfb-aes-ppc4xx",
+-              .cra_priority   = CRYPTO4XX_CRYPTO_PRIORITY,
+-              .cra_flags      = CRYPTO_ALG_TYPE_ABLKCIPHER |
+-                                CRYPTO_ALG_ASYNC |
+-                                CRYPTO_ALG_KERN_DRIVER_ONLY,
+-              .cra_blocksize  = AES_BLOCK_SIZE,
+-              .cra_ctxsize    = sizeof(struct crypto4xx_ctx),
+-              .cra_type       = &crypto_ablkcipher_type,
+-              .cra_init       = crypto4xx_ablk_init,
+-              .cra_exit       = crypto4xx_ablk_exit,
+-              .cra_module     = THIS_MODULE,
+-              .cra_u          = {
+-                      .ablkcipher = {
+-                              .min_keysize    = AES_MIN_KEY_SIZE,
+-                              .max_keysize    = AES_MAX_KEY_SIZE,
+-                              .ivsize         = AES_IV_SIZE,
+-                              .setkey         = crypto4xx_setkey_aes_cfb,
+-                              .encrypt        = crypto4xx_encrypt_iv,
+-                              .decrypt        = crypto4xx_decrypt_iv,
+-                      }
+-              }
++      { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = {
++              .base = {
++                      .cra_name = "cbc(aes)",
++                      .cra_driver_name = "cbc-aes-ppc4xx",
++                      .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
++                      .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
++                              CRYPTO_ALG_ASYNC |
++                              CRYPTO_ALG_KERN_DRIVER_ONLY,
++                      .cra_blocksize = AES_BLOCK_SIZE,
++                      .cra_ctxsize = sizeof(struct crypto4xx_ctx),
++                      .cra_module = THIS_MODULE,
++              },
++              .min_keysize = AES_MIN_KEY_SIZE,
++              .max_keysize = AES_MAX_KEY_SIZE,
++              .ivsize = AES_IV_SIZE,
++              .setkey = crypto4xx_setkey_aes_cbc,
++              .encrypt = crypto4xx_encrypt_iv,
++              .decrypt = crypto4xx_decrypt_iv,
++              .init = crypto4xx_sk_init,
++              .exit = crypto4xx_sk_exit,
+       } },
+-      { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = {
+-              .cra_name       = "rfc3686(ctr(aes))",
+-              .cra_driver_name = "rfc3686-ctr-aes-ppc4xx",
+-              .cra_priority   = CRYPTO4XX_CRYPTO_PRIORITY,
+-              .cra_flags      = CRYPTO_ALG_TYPE_ABLKCIPHER |
+-                                CRYPTO_ALG_ASYNC |
+-                                CRYPTO_ALG_KERN_DRIVER_ONLY,
+-              .cra_blocksize  = AES_BLOCK_SIZE,
+-              .cra_ctxsize    = sizeof(struct crypto4xx_ctx),
+-              .cra_type       = &crypto_ablkcipher_type,
+-              .cra_init       = crypto4xx_ablk_init,
+-              .cra_exit       = crypto4xx_ablk_exit,
+-              .cra_module     = THIS_MODULE,
+-              .cra_u          = {
+-                      .ablkcipher = {
+-                              .min_keysize    = AES_MIN_KEY_SIZE +
+-                                                CTR_RFC3686_NONCE_SIZE,
+-                              .max_keysize    = AES_MAX_KEY_SIZE +
+-                                                CTR_RFC3686_NONCE_SIZE,
+-                              .ivsize         = CTR_RFC3686_IV_SIZE,
+-                              .setkey         = crypto4xx_setkey_rfc3686,
+-                              .encrypt        = crypto4xx_rfc3686_encrypt,
+-                              .decrypt        = crypto4xx_rfc3686_decrypt,
+-                      }
+-              }
++      { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = {
++              .base = {
++                      .cra_name = "cfb(aes)",
++                      .cra_driver_name = "cfb-aes-ppc4xx",
++                      .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
++                      .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
++                              CRYPTO_ALG_ASYNC |
++                              CRYPTO_ALG_KERN_DRIVER_ONLY,
++                      .cra_blocksize = AES_BLOCK_SIZE,
++                      .cra_ctxsize = sizeof(struct crypto4xx_ctx),
++                      .cra_module = THIS_MODULE,
++              },
++              .min_keysize = AES_MIN_KEY_SIZE,
++              .max_keysize = AES_MAX_KEY_SIZE,
++              .ivsize = AES_IV_SIZE,
++              .setkey = crypto4xx_setkey_aes_cfb,
++              .encrypt = crypto4xx_encrypt_iv,
++              .decrypt = crypto4xx_decrypt_iv,
++              .init = crypto4xx_sk_init,
++              .exit = crypto4xx_sk_exit,
+       } },
+-      { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = {
+-              .cra_name       = "ecb(aes)",
+-              .cra_driver_name = "ecb-aes-ppc4xx",
+-              .cra_priority   = CRYPTO4XX_CRYPTO_PRIORITY,
+-              .cra_flags      = CRYPTO_ALG_TYPE_ABLKCIPHER |
+-                                CRYPTO_ALG_ASYNC |
+-                                CRYPTO_ALG_KERN_DRIVER_ONLY,
+-              .cra_blocksize  = AES_BLOCK_SIZE,
+-              .cra_ctxsize    = sizeof(struct crypto4xx_ctx),
+-              .cra_type       = &crypto_ablkcipher_type,
+-              .cra_init       = crypto4xx_ablk_init,
+-              .cra_exit       = crypto4xx_ablk_exit,
+-              .cra_module     = THIS_MODULE,
+-              .cra_u          = {
+-                      .ablkcipher = {
+-                              .min_keysize    = AES_MIN_KEY_SIZE,
+-                              .max_keysize    = AES_MAX_KEY_SIZE,
+-                              .setkey         = crypto4xx_setkey_aes_ecb,
+-                              .encrypt        = crypto4xx_encrypt_noiv,
+-                              .decrypt        = crypto4xx_decrypt_noiv,
+-                      }
+-              }
++      { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = {
++              .base = {
++                      .cra_name = "rfc3686(ctr(aes))",
++                      .cra_driver_name = "rfc3686-ctr-aes-ppc4xx",
++                      .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
++                      .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
++                              CRYPTO_ALG_ASYNC |
++                              CRYPTO_ALG_KERN_DRIVER_ONLY,
++                      .cra_blocksize = AES_BLOCK_SIZE,
++                      .cra_ctxsize = sizeof(struct crypto4xx_ctx),
++                      .cra_module = THIS_MODULE,
++              },
++              .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
++              .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE,
++              .ivsize = CTR_RFC3686_IV_SIZE,
++              .setkey = crypto4xx_setkey_rfc3686,
++              .encrypt = crypto4xx_rfc3686_encrypt,
++              .decrypt = crypto4xx_rfc3686_decrypt,
++              .init = crypto4xx_sk_init,
++              .exit = crypto4xx_sk_exit,
+       } },
+-      { .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .u.cipher = {
+-              .cra_name       = "ofb(aes)",
+-              .cra_driver_name = "ofb-aes-ppc4xx",
+-              .cra_priority   = CRYPTO4XX_CRYPTO_PRIORITY,
+-              .cra_flags      = CRYPTO_ALG_TYPE_ABLKCIPHER |
+-                                CRYPTO_ALG_ASYNC |
+-                                CRYPTO_ALG_KERN_DRIVER_ONLY,
+-              .cra_blocksize  = AES_BLOCK_SIZE,
+-              .cra_ctxsize    = sizeof(struct crypto4xx_ctx),
+-              .cra_type       = &crypto_ablkcipher_type,
+-              .cra_init       = crypto4xx_ablk_init,
+-              .cra_exit       = crypto4xx_ablk_exit,
+-              .cra_module     = THIS_MODULE,
+-              .cra_u          = {
+-                      .ablkcipher = {
+-                              .min_keysize    = AES_MIN_KEY_SIZE,
+-                              .max_keysize    = AES_MAX_KEY_SIZE,
+-                              .ivsize         = AES_IV_SIZE,
+-                              .setkey         = crypto4xx_setkey_aes_ofb,
+-                              .encrypt        = crypto4xx_encrypt_iv,
+-                              .decrypt        = crypto4xx_decrypt_iv,
+-                      }
+-              }
++      { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = {
++              .base = {
++                      .cra_name = "ecb(aes)",
++                      .cra_driver_name = "ecb-aes-ppc4xx",
++                      .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
++                      .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
++                              CRYPTO_ALG_ASYNC |
++                              CRYPTO_ALG_KERN_DRIVER_ONLY,
++                      .cra_blocksize = AES_BLOCK_SIZE,
++                      .cra_ctxsize = sizeof(struct crypto4xx_ctx),
++                      .cra_module = THIS_MODULE,
++              },
++              .min_keysize = AES_MIN_KEY_SIZE,
++              .max_keysize = AES_MAX_KEY_SIZE,
++              .setkey = crypto4xx_setkey_aes_ecb,
++              .encrypt = crypto4xx_encrypt_noiv,
++              .decrypt = crypto4xx_decrypt_noiv,
++              .init = crypto4xx_sk_init,
++              .exit = crypto4xx_sk_exit,
++      } },
++      { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = {
++              .base = {
++                      .cra_name = "ofb(aes)",
++                      .cra_driver_name = "ofb-aes-ppc4xx",
++                      .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
++                      .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
++                              CRYPTO_ALG_ASYNC |
++                              CRYPTO_ALG_KERN_DRIVER_ONLY,
++                      .cra_blocksize = AES_BLOCK_SIZE,
++                      .cra_ctxsize = sizeof(struct crypto4xx_ctx),
++                      .cra_module = THIS_MODULE,
++              },
++              .min_keysize = AES_MIN_KEY_SIZE,
++              .max_keysize = AES_MAX_KEY_SIZE,
++              .ivsize = AES_IV_SIZE,
++              .setkey = crypto4xx_setkey_aes_ofb,
++              .encrypt = crypto4xx_encrypt_iv,
++              .decrypt = crypto4xx_decrypt_iv,
++              .init = crypto4xx_sk_init,
++              .exit = crypto4xx_sk_exit,
+       } },
+       /* AEAD */
+--- a/drivers/crypto/amcc/crypto4xx_core.h
++++ b/drivers/crypto/amcc/crypto4xx_core.h
+@@ -25,6 +25,7 @@
+ #include <linux/ratelimit.h>
+ #include <crypto/internal/hash.h>
+ #include <crypto/internal/aead.h>
++#include <crypto/internal/skcipher.h>
+ #include "crypto4xx_reg_def.h"
+ #include "crypto4xx_sa.h"
+@@ -134,7 +135,7 @@ struct crypto4xx_ctx {
+ struct crypto4xx_alg_common {
+       u32 type;
+       union {
+-              struct crypto_alg cipher;
++              struct skcipher_alg cipher;
+               struct ahash_alg hash;
+               struct aead_alg aead;
+       } u;
+@@ -158,22 +159,22 @@ int crypto4xx_build_pd(struct crypto_asy
+                      const struct dynamic_sa_ctl *sa,
+                      const unsigned int sa_len,
+                      const unsigned int assoclen);
+-int crypto4xx_setkey_aes_cbc(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_aes_cbc(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
+-int crypto4xx_setkey_aes_cfb(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
+-int crypto4xx_setkey_aes_ecb(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_aes_ecb(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
+-int crypto4xx_setkey_aes_ofb(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_aes_ofb(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
+-int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher,
++int crypto4xx_setkey_rfc3686(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
+-int crypto4xx_encrypt_iv(struct ablkcipher_request *req);
+-int crypto4xx_decrypt_iv(struct ablkcipher_request *req);
+-int crypto4xx_encrypt_noiv(struct ablkcipher_request *req);
+-int crypto4xx_decrypt_noiv(struct ablkcipher_request *req);
+-int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req);
+-int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req);
++int crypto4xx_encrypt_iv(struct skcipher_request *req);
++int crypto4xx_decrypt_iv(struct skcipher_request *req);
++int crypto4xx_encrypt_noiv(struct skcipher_request *req);
++int crypto4xx_decrypt_noiv(struct skcipher_request *req);
++int crypto4xx_rfc3686_encrypt(struct skcipher_request *req);
++int crypto4xx_rfc3686_decrypt(struct skcipher_request *req);
+ int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm);
+ int crypto4xx_hash_digest(struct ahash_request *req);
+ int crypto4xx_hash_final(struct ahash_request *req);
diff --git a/target/linux/apm821xx/patches-4.14/022-0004-crypto-crypto4xx-avoid-VLA-use.patch b/target/linux/apm821xx/patches-4.14/022-0004-crypto-crypto4xx-avoid-VLA-use.patch
new file mode 100644 (file)
index 0000000..a3e1b8c
--- /dev/null
@@ -0,0 +1,61 @@
+From c4e90650ff0cbf123ec9cfc32026fa0fb2931658 Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 19 Apr 2018 18:41:53 +0200
+Subject: [PATCH 4/8] crypto: crypto4xx - avoid VLA use
+
+This patch fixes some of the -Wvla warnings.
+
+crypto4xx_alg.c:83:19: warning: Variable length array is used.
+crypto4xx_alg.c:273:56: warning: Variable length array is used.
+crypto4xx_alg.c:380:32: warning: Variable length array is used.
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -80,7 +80,7 @@ static inline int crypto4xx_crypt(struct
+ {
+       struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
+       struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
+-      __le32 iv[ivlen];
++      __le32 iv[AES_IV_SIZE];
+       if (ivlen)
+               crypto4xx_memcpy_to_le32(iv, req->iv, ivlen);
+@@ -270,13 +270,7 @@ static inline bool crypto4xx_aead_need_f
+ static int crypto4xx_aead_fallback(struct aead_request *req,
+       struct crypto4xx_ctx *ctx, bool do_decrypt)
+ {
+-      char aead_req_data[sizeof(struct aead_request) +
+-                         crypto_aead_reqsize(ctx->sw_cipher.aead)]
+-              __aligned(__alignof__(struct aead_request));
+-
+-      struct aead_request *subreq = (void *) aead_req_data;
+-
+-      memset(subreq, 0, sizeof(aead_req_data));
++      struct aead_request *subreq = aead_request_ctx(req);
+       aead_request_set_tfm(subreq, ctx->sw_cipher.aead);
+       aead_request_set_callback(subreq, req->base.flags,
+@@ -377,7 +371,7 @@ static int crypto4xx_crypt_aes_ccm(struc
+       struct crypto_aead *aead = crypto_aead_reqtfm(req);
+       unsigned int len = req->cryptlen;
+       __le32 iv[16];
+-      u32 tmp_sa[ctx->sa_len * 4];
++      u32 tmp_sa[SA_AES128_CCM_LEN + 4];
+       struct dynamic_sa_ctl *sa = (struct dynamic_sa_ctl *)tmp_sa;
+       if (crypto4xx_aead_need_fallback(req, true, decrypt))
+@@ -386,7 +380,7 @@ static int crypto4xx_crypt_aes_ccm(struc
+       if (decrypt)
+               len -= crypto_aead_authsize(aead);
+-      memcpy(tmp_sa, decrypt ? ctx->sa_in : ctx->sa_out, sizeof(tmp_sa));
++      memcpy(tmp_sa, decrypt ? ctx->sa_in : ctx->sa_out, ctx->sa_len * 4);
+       sa->sa_command_0.bf.digest_len = crypto_aead_authsize(aead) >> 2;
+       if (req->iv[0] == 1) {
diff --git a/target/linux/apm821xx/patches-4.14/022-0005-crypto-crypto4xx-add-aes-ctr-support.patch b/target/linux/apm821xx/patches-4.14/022-0005-crypto-crypto4xx-add-aes-ctr-support.patch
new file mode 100644 (file)
index 0000000..e93a3d9
--- /dev/null
@@ -0,0 +1,247 @@
+From 98e87e3d933b8e504ea41b8857c038d2cd06cddc Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 19 Apr 2018 18:41:54 +0200
+Subject: [PATCH 5/8] crypto: crypto4xx - add aes-ctr support
+
+This patch adds support for the aes-ctr skcipher.
+
+name         : ctr(aes)
+driver       : ctr-aes-ppc4xx
+module       : crypto4xx
+priority     : 300
+refcnt       : 1
+selftest     : passed
+internal     : no
+type         : skcipher
+async        : yes
+blocksize    : 16
+min keysize  : 16
+max keysize  : 32
+ivsize       : 16
+chunksize    : 16
+walksize     : 16
+
+The hardware uses only the last 32-bits as the counter while the
+kernel tests (aes_ctr_enc_tv_template[4] for example) expect that
+the whole IV is a counter. To make this work, the driver will
+fallback if the counter is going to overlow.
+
+The aead's crypto4xx_setup_fallback() function is renamed to
+crypto4xx_aead_setup_fallback.
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c  | 91 ++++++++++++++++++++++++++--
+ drivers/crypto/amcc/crypto4xx_core.c | 37 +++++++++++
+ drivers/crypto/amcc/crypto4xx_core.h |  5 ++
+ 3 files changed, 127 insertions(+), 6 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -240,6 +240,85 @@ int crypto4xx_rfc3686_decrypt(struct skc
+                                 ctx->sa_out, ctx->sa_len, 0);
+ }
++static int
++crypto4xx_ctr_crypt(struct skcipher_request *req, bool encrypt)
++{
++      struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
++      struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
++      size_t iv_len = crypto_skcipher_ivsize(cipher);
++      unsigned int counter = be32_to_cpup((__be32 *)(req->iv + iv_len - 4));
++      unsigned int nblks = ALIGN(req->cryptlen, AES_BLOCK_SIZE) /
++                      AES_BLOCK_SIZE;
++
++      /*
++       * The hardware uses only the last 32-bits as the counter while the
++       * kernel tests (aes_ctr_enc_tv_template[4] for example) expect that
++       * the whole IV is a counter.  So fallback if the counter is going to
++       * overlow.
++       */
++      if (counter + nblks < counter) {
++              struct skcipher_request *subreq = skcipher_request_ctx(req);
++              int ret;
++
++              skcipher_request_set_tfm(subreq, ctx->sw_cipher.cipher);
++              skcipher_request_set_callback(subreq, req->base.flags,
++                      NULL, NULL);
++              skcipher_request_set_crypt(subreq, req->src, req->dst,
++                      req->cryptlen, req->iv);
++              ret = encrypt ? crypto_skcipher_encrypt(subreq)
++                      : crypto_skcipher_decrypt(subreq);
++              skcipher_request_zero(subreq);
++              return ret;
++      }
++
++      return encrypt ? crypto4xx_encrypt_iv(req)
++                     : crypto4xx_decrypt_iv(req);
++}
++
++static int crypto4xx_sk_setup_fallback(struct crypto4xx_ctx *ctx,
++                                     struct crypto_skcipher *cipher,
++                                     const u8 *key,
++                                     unsigned int keylen)
++{
++      int rc;
++
++      crypto_skcipher_clear_flags(ctx->sw_cipher.cipher,
++                                  CRYPTO_TFM_REQ_MASK);
++      crypto_skcipher_set_flags(ctx->sw_cipher.cipher,
++              crypto_skcipher_get_flags(cipher) & CRYPTO_TFM_REQ_MASK);
++      rc = crypto_skcipher_setkey(ctx->sw_cipher.cipher, key, keylen);
++      crypto_skcipher_clear_flags(cipher, CRYPTO_TFM_RES_MASK);
++      crypto_skcipher_set_flags(cipher,
++              crypto_skcipher_get_flags(ctx->sw_cipher.cipher) &
++                      CRYPTO_TFM_RES_MASK);
++
++      return rc;
++}
++
++int crypto4xx_setkey_aes_ctr(struct crypto_skcipher *cipher,
++                           const u8 *key, unsigned int keylen)
++{
++      struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
++      int rc;
++
++      rc = crypto4xx_sk_setup_fallback(ctx, cipher, key, keylen);
++      if (rc)
++              return rc;
++
++      return crypto4xx_setkey_aes(cipher, key, keylen,
++              CRYPTO_MODE_CTR, CRYPTO_FEEDBACK_MODE_NO_FB);
++}
++
++int crypto4xx_encrypt_ctr(struct skcipher_request *req)
++{
++      return crypto4xx_ctr_crypt(req, true);
++}
++
++int crypto4xx_decrypt_ctr(struct skcipher_request *req)
++{
++      return crypto4xx_ctr_crypt(req, false);
++}
++
+ static inline bool crypto4xx_aead_need_fallback(struct aead_request *req,
+                                               bool is_ccm, bool decrypt)
+ {
+@@ -282,10 +361,10 @@ static int crypto4xx_aead_fallback(struc
+                           crypto_aead_encrypt(subreq);
+ }
+-static int crypto4xx_setup_fallback(struct crypto4xx_ctx *ctx,
+-                                  struct crypto_aead *cipher,
+-                                  const u8 *key,
+-                                  unsigned int keylen)
++static int crypto4xx_aead_setup_fallback(struct crypto4xx_ctx *ctx,
++                                       struct crypto_aead *cipher,
++                                       const u8 *key,
++                                       unsigned int keylen)
+ {
+       int rc;
+@@ -313,7 +392,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp
+       struct dynamic_sa_ctl *sa;
+       int rc = 0;
+-      rc = crypto4xx_setup_fallback(ctx, cipher, key, keylen);
++      rc = crypto4xx_aead_setup_fallback(ctx, cipher, key, keylen);
+       if (rc)
+               return rc;
+@@ -472,7 +551,7 @@ int crypto4xx_setkey_aes_gcm(struct cryp
+               return -EINVAL;
+       }
+-      rc = crypto4xx_setup_fallback(ctx, cipher, key, keylen);
++      rc = crypto4xx_aead_setup_fallback(ctx, cipher, key, keylen);
+       if (rc)
+               return rc;
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -941,6 +941,19 @@ static int crypto4xx_sk_init(struct cryp
+       struct crypto4xx_alg *amcc_alg;
+       struct crypto4xx_ctx *ctx =  crypto_skcipher_ctx(sk);
++      if (alg->base.cra_flags & CRYPTO_ALG_NEED_FALLBACK) {
++              ctx->sw_cipher.cipher =
++                      crypto_alloc_skcipher(alg->base.cra_name, 0,
++                                            CRYPTO_ALG_NEED_FALLBACK |
++                                            CRYPTO_ALG_ASYNC);
++              if (IS_ERR(ctx->sw_cipher.cipher))
++                      return PTR_ERR(ctx->sw_cipher.cipher);
++
++              crypto_skcipher_set_reqsize(sk,
++                      sizeof(struct skcipher_request) + 32 +
++                      crypto_skcipher_reqsize(ctx->sw_cipher.cipher));
++      }
++
+       amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.cipher);
+       crypto4xx_ctx_init(amcc_alg, ctx);
+       return 0;
+@@ -956,6 +969,8 @@ static void crypto4xx_sk_exit(struct cry
+       struct crypto4xx_ctx *ctx =  crypto_skcipher_ctx(sk);
+       crypto4xx_common_exit(ctx);
++      if (ctx->sw_cipher.cipher)
++              crypto_free_skcipher(ctx->sw_cipher.cipher);
+ }
+ static int crypto4xx_aead_init(struct crypto_aead *tfm)
+@@ -1145,6 +1160,28 @@ static struct crypto4xx_alg_common crypt
+               .init = crypto4xx_sk_init,
+               .exit = crypto4xx_sk_exit,
+       } },
++      { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = {
++              .base = {
++                      .cra_name = "ctr(aes)",
++                      .cra_driver_name = "ctr-aes-ppc4xx",
++                      .cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
++                      .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
++                              CRYPTO_ALG_NEED_FALLBACK |
++                              CRYPTO_ALG_ASYNC |
++                              CRYPTO_ALG_KERN_DRIVER_ONLY,
++                      .cra_blocksize = AES_BLOCK_SIZE,
++                      .cra_ctxsize = sizeof(struct crypto4xx_ctx),
++                      .cra_module = THIS_MODULE,
++              },
++              .min_keysize = AES_MIN_KEY_SIZE,
++              .max_keysize = AES_MAX_KEY_SIZE,
++              .ivsize = AES_IV_SIZE,
++              .setkey = crypto4xx_setkey_aes_ctr,
++              .encrypt = crypto4xx_encrypt_ctr,
++              .decrypt = crypto4xx_decrypt_ctr,
++              .init = crypto4xx_sk_init,
++              .exit = crypto4xx_sk_exit,
++      } },
+       { .type = CRYPTO_ALG_TYPE_SKCIPHER, .u.cipher = {
+               .base = {
+                       .cra_name = "rfc3686(ctr(aes))",
+--- a/drivers/crypto/amcc/crypto4xx_core.h
++++ b/drivers/crypto/amcc/crypto4xx_core.h
+@@ -128,6 +128,7 @@ struct crypto4xx_ctx {
+       __le32 iv_nonce;
+       u32 sa_len;
+       union {
++              struct crypto_skcipher *cipher;
+               struct crypto_aead *aead;
+       } sw_cipher;
+ };
+@@ -163,12 +164,16 @@ int crypto4xx_setkey_aes_cbc(struct cryp
+                            const u8 *key, unsigned int keylen);
+ int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
++int crypto4xx_setkey_aes_ctr(struct crypto_skcipher *cipher,
++                           const u8 *key, unsigned int keylen);
+ int crypto4xx_setkey_aes_ecb(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
+ int crypto4xx_setkey_aes_ofb(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
+ int crypto4xx_setkey_rfc3686(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
++int crypto4xx_encrypt_ctr(struct skcipher_request *req);
++int crypto4xx_decrypt_ctr(struct skcipher_request *req);
+ int crypto4xx_encrypt_iv(struct skcipher_request *req);
+ int crypto4xx_decrypt_iv(struct skcipher_request *req);
+ int crypto4xx_encrypt_noiv(struct skcipher_request *req);
diff --git a/target/linux/apm821xx/patches-4.14/022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch b/target/linux/apm821xx/patches-4.14/022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch
new file mode 100644 (file)
index 0000000..1467f36
--- /dev/null
@@ -0,0 +1,71 @@
+From fc340115ffb8235c1bbd200c28855e6373d0dd1a Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 19 Apr 2018 18:41:55 +0200
+Subject: [PATCH 6/8] crypto: crypto4xx - properly set IV after de- and encrypt
+
+This patch fixes cts(cbc(aes)) test when cbc-aes-ppc4xx is used.
+alg: skcipher: Test 1 failed (invalid result) on encryption for cts(cbc-aes-ppc4xx)
+00000000: 4b 10 75 fc 2f 14 1b 6a 27 35 37 33 d1 b7 70 05
+00000010: 97
+alg: skcipher: Failed to load transform for cts(cbc(aes)): -2
+
+The CTS cipher mode expect the IV (req->iv) of skcipher_request
+to contain the last ciphertext block after the {en,de}crypt
+operation is complete.
+
+Fix this issue for the AMCC Crypto4xx hardware engine.
+The tcrypt test case for cts(cbc(aes)) is now correctly passed.
+
+name         : cts(cbc(aes))
+driver       : cts(cbc-aes-ppc4xx)
+module       : cts
+priority     : 300
+refcnt       : 1
+selftest     : passed
+internal     : no
+type         : skcipher
+async        : yes
+blocksize    : 16
+min keysize  : 16
+max keysize  : 32
+ivsize       : 16
+chunksize    : 16
+walksize     : 16
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c  | 3 ++-
+ drivers/crypto/amcc/crypto4xx_core.c | 9 +++++++++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -141,7 +141,8 @@ static int crypto4xx_setkey_aes(struct c
+       /* Setup SA */
+       sa = ctx->sa_in;
+-      set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV,
++      set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_CBC ?
++                               SA_SAVE_IV : SA_NOT_SAVE_IV),
+                                SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE,
+                                SA_NO_HEADER_PROC, SA_HASH_ALG_NULL,
+                                SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO,
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -545,6 +545,15 @@ static void crypto4xx_cipher_done(struct
+               addr = dma_map_page(dev->core_dev->device, sg_page(dst),
+                                   dst->offset, dst->length, DMA_FROM_DEVICE);
+       }
++
++      if (pd_uinfo->sa_va->sa_command_0.bf.save_iv == SA_SAVE_IV) {
++              struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
++
++              crypto4xx_memcpy_from_le32((u32 *)req->iv,
++                      pd_uinfo->sr_va->save_iv,
++                      crypto_skcipher_ivsize(skcipher));
++      }
++
+       crypto4xx_ret_sg_desc(dev, pd_uinfo);
+       if (pd_uinfo->state & PD_ENTRY_BUSY)
diff --git a/target/linux/apm821xx/patches-4.14/022-0007-crypto-crypto4xx-extend-aead-fallback-checks.patch b/target/linux/apm821xx/patches-4.14/022-0007-crypto-crypto4xx-extend-aead-fallback-checks.patch
new file mode 100644 (file)
index 0000000..37aefc2
--- /dev/null
@@ -0,0 +1,102 @@
+From 584201f1895d915c1aa523bc86afdc126e94beca Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 19 Apr 2018 18:41:56 +0200
+Subject: [PATCH 7/8] crypto: crypto4xx - extend aead fallback checks
+
+1020 bytes is the limit for associated data. Any more
+and it will no longer fit into hash_crypto_offset anymore.
+
+The hardware will not process aead requests with plaintext
+that have less than AES_BLOCK_SIZE bytes. When decrypting
+aead requests the authsize has to be taken in account as
+well, as it is part of the cryptlen. Otherwise the hardware
+will think it has been misconfigured and will return:
+
+aead return err status = 0x98
+
+For rtc4543(gcm(aes)), the hardware has a dedicated GMAC
+mode as part of the hash function set.
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c | 30 +++++++++++++++--------------
+ 1 file changed, 16 insertions(+), 14 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -321,6 +321,7 @@ int crypto4xx_decrypt_ctr(struct skciphe
+ }
+ static inline bool crypto4xx_aead_need_fallback(struct aead_request *req,
++                                              unsigned int len,
+                                               bool is_ccm, bool decrypt)
+ {
+       struct crypto_aead *aead = crypto_aead_reqtfm(req);
+@@ -330,14 +331,14 @@ static inline bool crypto4xx_aead_need_f
+               return true;
+       /*
+-       * hardware does not handle cases where cryptlen
+-       * is less than a block
++       * hardware does not handle cases where plaintext
++       * is less than a block.
+        */
+-      if (req->cryptlen < AES_BLOCK_SIZE)
++      if (len < AES_BLOCK_SIZE)
+               return true;
+-      /* assoc len needs to be a multiple of 4 */
+-      if (req->assoclen & 0x3)
++      /* assoc len needs to be a multiple of 4 and <= 1020 */
++      if (req->assoclen & 0x3 || req->assoclen > 1020)
+               return true;
+       /* CCM supports only counter field length of 2 and 4 bytes */
+@@ -449,17 +450,17 @@ static int crypto4xx_crypt_aes_ccm(struc
+ {
+       struct crypto4xx_ctx *ctx  = crypto_tfm_ctx(req->base.tfm);
+       struct crypto_aead *aead = crypto_aead_reqtfm(req);
+-      unsigned int len = req->cryptlen;
+       __le32 iv[16];
+       u32 tmp_sa[SA_AES128_CCM_LEN + 4];
+       struct dynamic_sa_ctl *sa = (struct dynamic_sa_ctl *)tmp_sa;
+-
+-      if (crypto4xx_aead_need_fallback(req, true, decrypt))
+-              return crypto4xx_aead_fallback(req, ctx, decrypt);
++      unsigned int len = req->cryptlen;
+       if (decrypt)
+               len -= crypto_aead_authsize(aead);
++      if (crypto4xx_aead_need_fallback(req, len, true, decrypt))
++              return crypto4xx_aead_fallback(req, ctx, decrypt);
++
+       memcpy(tmp_sa, decrypt ? ctx->sa_in : ctx->sa_out, ctx->sa_len * 4);
+       sa->sa_command_0.bf.digest_len = crypto_aead_authsize(aead) >> 2;
+@@ -605,18 +606,19 @@ static inline int crypto4xx_crypt_aes_gc
+                                         bool decrypt)
+ {
+       struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+-      unsigned int len = req->cryptlen;
++      struct crypto4xx_aead_reqctx *rctx = aead_request_ctx(req);
+       __le32 iv[4];
++      unsigned int len = req->cryptlen;
++
++      if (decrypt)
++              len -= crypto_aead_authsize(crypto_aead_reqtfm(req));
+-      if (crypto4xx_aead_need_fallback(req, false, decrypt))
++      if (crypto4xx_aead_need_fallback(req, len, false, decrypt))
+               return crypto4xx_aead_fallback(req, ctx, decrypt);
+       crypto4xx_memcpy_to_le32(iv, req->iv, GCM_AES_IV_SIZE);
+       iv[3] = cpu_to_le32(1);
+-      if (decrypt)
+-              len -= crypto_aead_authsize(crypto_aead_reqtfm(req));
+-
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+                                 len, iv, sizeof(iv),
+                                 decrypt ? ctx->sa_in : ctx->sa_out,
diff --git a/target/linux/apm821xx/patches-4.14/022-0008-crypto-crypto4xx-put-temporary-dst-sg-into-request-c.patch b/target/linux/apm821xx/patches-4.14/022-0008-crypto-crypto4xx-put-temporary-dst-sg-into-request-c.patch
new file mode 100644 (file)
index 0000000..b83cacc
--- /dev/null
@@ -0,0 +1,157 @@
+From 658c9d2b9f374c835d0348d852a3f002196628d0 Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Thu, 19 Apr 2018 18:41:57 +0200
+Subject: [PATCH 8/8] crypto: crypto4xx - put temporary dst sg into request ctx
+
+This patch fixes a crash that happens when testing rfc4543(gcm(aes))
+
+Unable to handle kernel paging request for data at address 0xf59b3420
+Faulting instruction address: 0xc0012994
+Oops: Kernel access of bad area, sig: 11 [#1]
+BE PowerPC 44x Platform
+Modules linked in: tcrypt(+) crypto4xx [...]
+CPU: 0 PID: 0 Comm: swapper Tainted: G           O      4.17.0-rc1+ #23
+NIP:  c0012994 LR: d3077934 CTR: 06026d49
+REGS: cfff7e30 TRAP: 0300   Tainted: G           O       (4.17.0-rc1+)
+MSR:  00029000 <CE,EE,ME>  CR: 44744822  XER: 00000000
+DEAR: f59b3420 ESR: 00000000
+NIP [c0012994] __dma_sync+0x58/0x10c
+LR [d3077934] crypto4xx_bh_tasklet_cb+0x188/0x3c8 [crypto4xx]
+
+__dma_sync was fed the temporary _dst that crypto4xx_build_pd()
+had in it's function stack. This clearly never worked.
+This patch therefore overhauls the code from the original driver
+and puts the temporary dst sg list into aead's request context.
+
+Fixes: a0aae821ba3d3 ("crypto: crypto4xx - prepare for AEAD support")
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c  | 15 ++++++++-------
+ drivers/crypto/amcc/crypto4xx_core.c | 10 +++++-----
+ drivers/crypto/amcc/crypto4xx_core.h |  7 ++++++-
+ 3 files changed, 19 insertions(+), 13 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -87,7 +87,7 @@ static inline int crypto4xx_crypt(struct
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+               req->cryptlen, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out,
+-              ctx->sa_len, 0);
++              ctx->sa_len, 0, NULL);
+ }
+ int crypto4xx_encrypt_noiv(struct skcipher_request *req)
+@@ -223,7 +223,7 @@ int crypto4xx_rfc3686_encrypt(struct skc
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+                                 req->cryptlen, iv, AES_IV_SIZE,
+-                                ctx->sa_out, ctx->sa_len, 0);
++                                ctx->sa_out, ctx->sa_len, 0, NULL);
+ }
+ int crypto4xx_rfc3686_decrypt(struct skcipher_request *req)
+@@ -238,7 +238,7 @@ int crypto4xx_rfc3686_decrypt(struct skc
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+                                 req->cryptlen, iv, AES_IV_SIZE,
+-                                ctx->sa_out, ctx->sa_len, 0);
++                                ctx->sa_out, ctx->sa_len, 0, NULL);
+ }
+ static int
+@@ -449,6 +449,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp
+ static int crypto4xx_crypt_aes_ccm(struct aead_request *req, bool decrypt)
+ {
+       struct crypto4xx_ctx *ctx  = crypto_tfm_ctx(req->base.tfm);
++      struct crypto4xx_aead_reqctx *rctx = aead_request_ctx(req);
+       struct crypto_aead *aead = crypto_aead_reqtfm(req);
+       __le32 iv[16];
+       u32 tmp_sa[SA_AES128_CCM_LEN + 4];
+@@ -474,7 +475,7 @@ static int crypto4xx_crypt_aes_ccm(struc
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+                                 len, iv, sizeof(iv),
+-                                sa, ctx->sa_len, req->assoclen);
++                                sa, ctx->sa_len, req->assoclen, rctx->dst);
+ }
+ int crypto4xx_encrypt_aes_ccm(struct aead_request *req)
+@@ -622,7 +623,7 @@ static inline int crypto4xx_crypt_aes_gc
+       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
+                                 len, iv, sizeof(iv),
+                                 decrypt ? ctx->sa_in : ctx->sa_out,
+-                                ctx->sa_len, req->assoclen);
++                                ctx->sa_len, req->assoclen, rctx->dst);
+ }
+ int crypto4xx_encrypt_aes_gcm(struct aead_request *req)
+@@ -707,7 +708,7 @@ int crypto4xx_hash_update(struct ahash_r
+       return crypto4xx_build_pd(&req->base, ctx, req->src, &dst,
+                                 req->nbytes, NULL, 0, ctx->sa_in,
+-                                ctx->sa_len, 0);
++                                ctx->sa_len, 0, NULL);
+ }
+ int crypto4xx_hash_final(struct ahash_request *req)
+@@ -726,7 +727,7 @@ int crypto4xx_hash_digest(struct ahash_r
+       return crypto4xx_build_pd(&req->base, ctx, req->src, &dst,
+                                 req->nbytes, NULL, 0, ctx->sa_in,
+-                                ctx->sa_len, 0);
++                                ctx->sa_len, 0, NULL);
+ }
+ /**
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -695,9 +695,9 @@ int crypto4xx_build_pd(struct crypto_asy
+                      const __le32 *iv, const u32 iv_len,
+                      const struct dynamic_sa_ctl *req_sa,
+                      const unsigned int sa_len,
+-                     const unsigned int assoclen)
++                     const unsigned int assoclen,
++                     struct scatterlist *_dst)
+ {
+-      struct scatterlist _dst[2];
+       struct crypto4xx_device *dev = ctx->dev;
+       struct dynamic_sa_ctl *sa;
+       struct ce_gd *gd;
+@@ -996,9 +996,9 @@ static int crypto4xx_aead_init(struct cr
+       amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.aead);
+       crypto4xx_ctx_init(amcc_alg, ctx);
+-      crypto_aead_set_reqsize(tfm, sizeof(struct aead_request) +
+-                              max(sizeof(struct crypto4xx_ctx), 32 +
+-                              crypto_aead_reqsize(ctx->sw_cipher.aead)));
++      crypto_aead_set_reqsize(tfm, max(sizeof(struct aead_request) + 32 +
++                              crypto_aead_reqsize(ctx->sw_cipher.aead),
++                              sizeof(struct crypto4xx_aead_reqctx)));
+       return 0;
+ }
+--- a/drivers/crypto/amcc/crypto4xx_core.h
++++ b/drivers/crypto/amcc/crypto4xx_core.h
+@@ -133,6 +133,10 @@ struct crypto4xx_ctx {
+       } sw_cipher;
+ };
++struct crypto4xx_aead_reqctx {
++      struct scatterlist dst[2];
++};
++
+ struct crypto4xx_alg_common {
+       u32 type;
+       union {
+@@ -159,7 +163,8 @@ int crypto4xx_build_pd(struct crypto_asy
+                      const __le32 *iv, const u32 iv_len,
+                      const struct dynamic_sa_ctl *sa,
+                      const unsigned int sa_len,
+-                     const unsigned int assoclen);
++                     const unsigned int assoclen,
++                     struct scatterlist *dst_tmp);
+ int crypto4xx_setkey_aes_cbc(struct crypto_skcipher *cipher,
+                            const u8 *key, unsigned int keylen);
+ int crypto4xx_setkey_aes_cfb(struct crypto_skcipher *cipher,
diff --git a/target/linux/apm821xx/patches-4.14/120-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch b/target/linux/apm821xx/patches-4.14/120-0001-crypto-crypto4xx-shuffle-iomap-in-front-of-request_i.patch
deleted file mode 100644 (file)
index fc8df38..0000000
+++ /dev/null
@@ -1,71 +0,0 @@
-From 4baa099377d73ea99c7802a9685815b32e8bf119 Mon Sep 17 00:00:00 2001
-From: Christian Lamparter <chunkeey@gmail.com>
-Date: Thu, 21 Dec 2017 15:08:18 +0100
-Subject: [PATCH 1/6] crypto: crypto4xx - shuffle iomap in front of request_irq
-
-It is possible to avoid the ce_base null pointer check in the
-drivers' interrupt handler routine "crypto4xx_ce_interrupt_handler()"
-by simply doing the iomap in front of the IRQ registration.
-
-This way, the ce_base will always be valid in the handler and
-a branch in an critical path can be avoided.
-
-Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
----
- drivers/crypto/amcc/crypto4xx_core.c | 21 +++++++++------------
- 1 file changed, 9 insertions(+), 12 deletions(-)
-
---- a/drivers/crypto/amcc/crypto4xx_core.c
-+++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -1075,9 +1075,6 @@ static irqreturn_t crypto4xx_ce_interrup
-       struct device *dev = (struct device *)data;
-       struct crypto4xx_core_device *core_dev = dev_get_drvdata(dev);
--      if (!core_dev->dev->ce_base)
--              return 0;
--
-       writel(PPC4XX_INTERRUPT_CLR,
-              core_dev->dev->ce_base + CRYPTO4XX_INT_CLR);
-       tasklet_schedule(&core_dev->tasklet);
-@@ -1325,13 +1322,6 @@ static int crypto4xx_probe(struct platfo
-       tasklet_init(&core_dev->tasklet, crypto4xx_bh_tasklet_cb,
-                    (unsigned long) dev);
--      /* Register for Crypto isr, Crypto Engine IRQ */
--      core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0);
--      rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0,
--                       core_dev->dev->name, dev);
--      if (rc)
--              goto err_request_irq;
--
-       core_dev->dev->ce_base = of_iomap(ofdev->dev.of_node, 0);
-       if (!core_dev->dev->ce_base) {
-               dev_err(dev, "failed to of_iomap\n");
-@@ -1339,6 +1329,13 @@ static int crypto4xx_probe(struct platfo
-               goto err_iomap;
-       }
-+      /* Register for Crypto isr, Crypto Engine IRQ */
-+      core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0);
-+      rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0,
-+                       core_dev->dev->name, dev);
-+      if (rc)
-+              goto err_request_irq;
-+
-       /* need to setup pdr, rdr, gdr and sdr before this */
-       crypto4xx_hw_init(core_dev->dev);
-@@ -1352,11 +1349,11 @@ static int crypto4xx_probe(struct platfo
-       return 0;
- err_start_dev:
--      iounmap(core_dev->dev->ce_base);
--err_iomap:
-       free_irq(core_dev->irq, dev);
- err_request_irq:
-       irq_dispose_mapping(core_dev->irq);
-+      iounmap(core_dev->dev->ce_base);
-+err_iomap:
-       tasklet_kill(&core_dev->tasklet);
- err_build_sdr:
-       crypto4xx_destroy_sdr(core_dev->dev);
diff --git a/target/linux/apm821xx/patches-4.14/120-0002-crypto-crypto4xx-support-Revision-B-parts.patch b/target/linux/apm821xx/patches-4.14/120-0002-crypto-crypto4xx-support-Revision-B-parts.patch
deleted file mode 100644 (file)
index 1adad96..0000000
+++ /dev/null
@@ -1,150 +0,0 @@
-From 1e932b627e79aa2c70e2c7278e4ac930303faa3f Mon Sep 17 00:00:00 2001
-From: Christian Lamparter <chunkeey@gmail.com>
-Date: Thu, 21 Dec 2017 15:09:18 +0100
-Subject: [PATCH 2/6] crypto: crypto4xx - support Revision B parts
-
-This patch adds support for the crypto4xx RevB cores
-found in the 460EX, 460SX and later cores (like the APM821xx).
-
-Without this patch, the crypto4xx driver will not be
-able to process any offloaded requests and simply hang
-indefinitely.
-
-Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
----
- drivers/crypto/amcc/crypto4xx_core.c    | 48 +++++++++++++++++++++++++++++----
- drivers/crypto/amcc/crypto4xx_core.h    |  1 +
- drivers/crypto/amcc/crypto4xx_reg_def.h |  4 ++-
- 3 files changed, 47 insertions(+), 6 deletions(-)
-
---- a/drivers/crypto/amcc/crypto4xx_core.c
-+++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -128,7 +128,14 @@ static void crypto4xx_hw_init(struct cry
-       writel(PPC4XX_INT_DESCR_CNT, dev->ce_base + CRYPTO4XX_INT_DESCR_CNT);
-       writel(PPC4XX_INT_DESCR_CNT, dev->ce_base + CRYPTO4XX_INT_DESCR_CNT);
-       writel(PPC4XX_INT_CFG, dev->ce_base + CRYPTO4XX_INT_CFG);
--      writel(PPC4XX_PD_DONE_INT, dev->ce_base + CRYPTO4XX_INT_EN);
-+      if (dev->is_revb) {
-+              writel(PPC4XX_INT_TIMEOUT_CNT_REVB << 10,
-+                     dev->ce_base + CRYPTO4XX_INT_TIMEOUT_CNT);
-+              writel(PPC4XX_PD_DONE_INT | PPC4XX_TMO_ERR_INT,
-+                     dev->ce_base + CRYPTO4XX_INT_EN);
-+      } else {
-+              writel(PPC4XX_PD_DONE_INT, dev->ce_base + CRYPTO4XX_INT_EN);
-+      }
- }
- int crypto4xx_alloc_sa(struct crypto4xx_ctx *ctx, u32 size)
-@@ -1070,18 +1077,29 @@ static void crypto4xx_bh_tasklet_cb(unsi
- /**
-  * Top Half of isr.
-  */
--static irqreturn_t crypto4xx_ce_interrupt_handler(int irq, void *data)
-+static inline irqreturn_t crypto4xx_interrupt_handler(int irq, void *data,
-+                                                    u32 clr_val)
- {
-       struct device *dev = (struct device *)data;
-       struct crypto4xx_core_device *core_dev = dev_get_drvdata(dev);
--      writel(PPC4XX_INTERRUPT_CLR,
--             core_dev->dev->ce_base + CRYPTO4XX_INT_CLR);
-+      writel(clr_val, core_dev->dev->ce_base + CRYPTO4XX_INT_CLR);
-       tasklet_schedule(&core_dev->tasklet);
-       return IRQ_HANDLED;
- }
-+static irqreturn_t crypto4xx_ce_interrupt_handler(int irq, void *data)
-+{
-+      return crypto4xx_interrupt_handler(irq, data, PPC4XX_INTERRUPT_CLR);
-+}
-+
-+static irqreturn_t crypto4xx_ce_interrupt_handler_revb(int irq, void *data)
-+{
-+      return crypto4xx_interrupt_handler(irq, data, PPC4XX_INTERRUPT_CLR |
-+              PPC4XX_TMO_ERR_INT);
-+}
-+
- /**
-  * Supported Crypto Algorithms
-  */
-@@ -1263,6 +1281,8 @@ static int crypto4xx_probe(struct platfo
-       struct resource res;
-       struct device *dev = &ofdev->dev;
-       struct crypto4xx_core_device *core_dev;
-+      u32 pvr;
-+      bool is_revb = true;
-       rc = of_address_to_resource(ofdev->dev.of_node, 0, &res);
-       if (rc)
-@@ -1279,6 +1299,7 @@ static int crypto4xx_probe(struct platfo
-                      mfdcri(SDR0, PPC405EX_SDR0_SRST) | PPC405EX_CE_RESET);
-               mtdcri(SDR0, PPC405EX_SDR0_SRST,
-                      mfdcri(SDR0, PPC405EX_SDR0_SRST) & ~PPC405EX_CE_RESET);
-+              is_revb = false;
-       } else if (of_find_compatible_node(NULL, NULL,
-                       "amcc,ppc460sx-crypto")) {
-               mtdcri(SDR0, PPC460SX_SDR0_SRST,
-@@ -1301,7 +1322,22 @@ static int crypto4xx_probe(struct platfo
-       if (!core_dev->dev)
-               goto err_alloc_dev;
-+      /*
-+       * Older version of 460EX/GT have a hardware bug.
-+       * Hence they do not support H/W based security intr coalescing
-+       */
-+      pvr = mfspr(SPRN_PVR);
-+      if (is_revb && ((pvr >> 4) == 0x130218A)) {
-+              u32 min = PVR_MIN(pvr);
-+
-+              if (min < 4) {
-+                      dev_info(dev, "RevA detected - disable interrupt coalescing\n");
-+                      is_revb = false;
-+              }
-+      }
-+
-       core_dev->dev->core_dev = core_dev;
-+      core_dev->dev->is_revb = is_revb;
-       core_dev->device = dev;
-       spin_lock_init(&core_dev->lock);
-       INIT_LIST_HEAD(&core_dev->dev->alg_list);
-@@ -1331,7 +1367,9 @@ static int crypto4xx_probe(struct platfo
-       /* Register for Crypto isr, Crypto Engine IRQ */
-       core_dev->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0);
--      rc = request_irq(core_dev->irq, crypto4xx_ce_interrupt_handler, 0,
-+      rc = request_irq(core_dev->irq, is_revb ?
-+                       crypto4xx_ce_interrupt_handler_revb :
-+                       crypto4xx_ce_interrupt_handler, 0,
-                        core_dev->dev->name, dev);
-       if (rc)
-               goto err_request_irq;
---- a/drivers/crypto/amcc/crypto4xx_core.h
-+++ b/drivers/crypto/amcc/crypto4xx_core.h
-@@ -109,6 +109,7 @@ struct crypto4xx_device {
-       struct list_head alg_list;      /* List of algorithm supported
-                                       by this device */
-       struct ratelimit_state aead_ratelimit;
-+      bool is_revb;
- };
- struct crypto4xx_core_device {
---- a/drivers/crypto/amcc/crypto4xx_reg_def.h
-+++ b/drivers/crypto/amcc/crypto4xx_reg_def.h
-@@ -121,13 +121,15 @@
- #define PPC4XX_PD_SIZE                                6
- #define PPC4XX_CTX_DONE_INT                   0x2000
- #define PPC4XX_PD_DONE_INT                    0x8000
-+#define PPC4XX_TMO_ERR_INT                    0x40000
- #define PPC4XX_BYTE_ORDER                     0x22222
- #define PPC4XX_INTERRUPT_CLR                  0x3ffff
- #define PPC4XX_PRNG_CTRL_AUTO_EN              0x3
- #define PPC4XX_DC_3DES_EN                     1
- #define PPC4XX_TRNG_EN                                0x00020000
--#define PPC4XX_INT_DESCR_CNT                  4
-+#define PPC4XX_INT_DESCR_CNT                  7
- #define PPC4XX_INT_TIMEOUT_CNT                        0
-+#define PPC4XX_INT_TIMEOUT_CNT_REVB           0x3FF
- #define PPC4XX_INT_CFG                                1
- /**
-  * all follow define are ad hoc
diff --git a/target/linux/apm821xx/patches-4.14/120-0003-crypto-crypto4xx-fix-missing-irq-devname.patch b/target/linux/apm821xx/patches-4.14/120-0003-crypto-crypto4xx-fix-missing-irq-devname.patch
deleted file mode 100644 (file)
index a295fa4..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-From 00179ef6e3c4e5db6258cd6e273e4063b8437d18 Mon Sep 17 00:00:00 2001
-From: Christian Lamparter <chunkeey@gmail.com>
-Date: Thu, 21 Dec 2017 15:10:18 +0100
-Subject: [PATCH 3/6] crypto: crypto4xx - fix missing irq devname
-
-crypto4xx_device's name variable is not set to anything.
-The common devname for request_irq seems to be the module
-name. This will fix the seemingly anonymous interrupt
-entry in /proc/interrupts for crypto4xx.
-
-Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
----
- drivers/crypto/amcc/crypto4xx_core.c | 2 +-
- drivers/crypto/amcc/crypto4xx_core.h | 1 -
- 2 files changed, 1 insertion(+), 2 deletions(-)
-
---- a/drivers/crypto/amcc/crypto4xx_core.c
-+++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -1370,7 +1370,7 @@ static int crypto4xx_probe(struct platfo
-       rc = request_irq(core_dev->irq, is_revb ?
-                        crypto4xx_ce_interrupt_handler_revb :
-                        crypto4xx_ce_interrupt_handler, 0,
--                       core_dev->dev->name, dev);
-+                       KBUILD_MODNAME, dev);
-       if (rc)
-               goto err_request_irq;
---- a/drivers/crypto/amcc/crypto4xx_core.h
-+++ b/drivers/crypto/amcc/crypto4xx_core.h
-@@ -82,7 +82,6 @@ struct pd_uinfo {
- struct crypto4xx_device {
-       struct crypto4xx_core_device *core_dev;
--      char *name;
-       void __iomem *ce_base;
-       void __iomem *trng_base;
diff --git a/target/linux/apm821xx/patches-4.14/120-0004-crypto-crypto4xx-kill-MODULE_NAME.patch b/target/linux/apm821xx/patches-4.14/120-0004-crypto-crypto4xx-kill-MODULE_NAME.patch
deleted file mode 100644 (file)
index 4ee99f4..0000000
+++ /dev/null
@@ -1,47 +0,0 @@
-From c3621f23fed7d6fff33083ae538004ea59c01d8f Mon Sep 17 00:00:00 2001
-From: Christian Lamparter <chunkeey@gmail.com>
-Date: Thu, 21 Dec 2017 15:11:18 +0100
-Subject: [PATCH 4/6] crypto: crypto4xx - kill MODULE_NAME
-
-KBUILD_MODNAME provides the same value.
-
-Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
----
- drivers/crypto/amcc/crypto4xx_core.c | 2 +-
- drivers/crypto/amcc/crypto4xx_core.h | 2 --
- drivers/crypto/amcc/crypto4xx_trng.c | 2 +-
- 3 files changed, 2 insertions(+), 4 deletions(-)
-
---- a/drivers/crypto/amcc/crypto4xx_core.c
-+++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -1432,7 +1432,7 @@ MODULE_DEVICE_TABLE(of, crypto4xx_match)
- static struct platform_driver crypto4xx_driver = {
-       .driver = {
--              .name = MODULE_NAME,
-+              .name = KBUILD_MODNAME,
-               .of_match_table = crypto4xx_match,
-       },
-       .probe          = crypto4xx_probe,
---- a/drivers/crypto/amcc/crypto4xx_core.h
-+++ b/drivers/crypto/amcc/crypto4xx_core.h
-@@ -28,8 +28,6 @@
- #include "crypto4xx_reg_def.h"
- #include "crypto4xx_sa.h"
--#define MODULE_NAME "crypto4xx"
--
- #define PPC460SX_SDR0_SRST                      0x201
- #define PPC405EX_SDR0_SRST                      0x200
- #define PPC460EX_SDR0_SRST                      0x201
---- a/drivers/crypto/amcc/crypto4xx_trng.c
-+++ b/drivers/crypto/amcc/crypto4xx_trng.c
-@@ -92,7 +92,7 @@ void ppc4xx_trng_probe(struct crypto4xx_
-       if (!rng)
-               goto err_out;
--      rng->name = MODULE_NAME;
-+      rng->name = KBUILD_MODNAME;
-       rng->data_present = ppc4xx_trng_data_present;
-       rng->data_read = ppc4xx_trng_data_read;
-       rng->priv = (unsigned long) dev;
diff --git a/target/linux/apm821xx/patches-4.14/120-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch b/target/linux/apm821xx/patches-4.14/120-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch
deleted file mode 100644 (file)
index 0dbd924..0000000
+++ /dev/null
@@ -1,146 +0,0 @@
-From 5b3856d1d98e6f6a58b70c1c0d7da3fb5f042e9c Mon Sep 17 00:00:00 2001
-From: Christian Lamparter <chunkeey@gmail.com>
-Date: Thu, 21 Dec 2017 16:00:01 +0100
-Subject: [PATCH 5/6] crypto: crypto4xx - perform aead icv check in the driver
-
-The ccm-aes-ppc4xx now fails one of testmgr's expected
-failure test cases as such:
-
-alg: aead: decryption failed on test 10 for ccm-aes-ppc4xx: ret was 0, expected -EBADMSG
-
-Upon closer inspection, it turned out that the hardware's
-crypto flags that would indicate an authentification failure
-are not set by the hardware. The original vendor source from
-which this was ported does not have any special code or notes
-about why this would happen or if there are any WAs.
-
-Hence, this patch converts the aead_done callback handler to
-perform the icv check in the driver. And this fixes the false
-negative and the ccm-aes-ppc4xx passes the selftests once again.
-
-|name         : ccm(aes)
-|driver       : ccm-aes-ppc4xx
-|module       : crypto4xx
-|priority     : 300
-|refcnt       : 1
-|selftest     : passed
-|internal     : no
-|type         : aead
-|async        : yes
-|blocksize    : 1
-|ivsize       : 16
-|maxauthsize  : 16
-|geniv        : <none>
-
-Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
----
- drivers/crypto/amcc/crypto4xx_alg.c  |  6 +---
- drivers/crypto/amcc/crypto4xx_core.c | 54 ++++++++++++++++++------------------
- 2 files changed, 28 insertions(+), 32 deletions(-)
-
---- a/drivers/crypto/amcc/crypto4xx_alg.c
-+++ b/drivers/crypto/amcc/crypto4xx_alg.c
-@@ -256,10 +256,6 @@ static inline bool crypto4xx_aead_need_f
-       if (is_ccm && !(req->iv[0] == 1 || req->iv[0] == 3))
-               return true;
--      /* CCM - fix CBC MAC mismatch in special case */
--      if (is_ccm && decrypt && !req->assoclen)
--              return true;
--
-       return false;
- }
-@@ -330,7 +326,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp
-       sa = (struct dynamic_sa_ctl *) ctx->sa_in;
-       sa->sa_contents.w = SA_AES_CCM_CONTENTS | (keylen << 2);
--      set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV,
-+      set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV,
-                                SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE,
-                                SA_NO_HEADER_PROC, SA_HASH_ALG_CBC_MAC,
-                                SA_CIPHER_ALG_AES,
---- a/drivers/crypto/amcc/crypto4xx_core.c
-+++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -577,15 +577,14 @@ static void crypto4xx_aead_done(struct c
-                               struct pd_uinfo *pd_uinfo,
-                               struct ce_pd *pd)
- {
--      struct aead_request *aead_req;
--      struct crypto4xx_ctx *ctx;
-+      struct aead_request *aead_req = container_of(pd_uinfo->async_req,
-+              struct aead_request, base);
-       struct scatterlist *dst = pd_uinfo->dest_va;
-+      size_t cp_len = crypto_aead_authsize(
-+              crypto_aead_reqtfm(aead_req));
-+      u32 icv[cp_len];
-       int err = 0;
--      aead_req = container_of(pd_uinfo->async_req, struct aead_request,
--                              base);
--      ctx  = crypto_tfm_ctx(aead_req->base.tfm);
--
-       if (pd_uinfo->using_sd) {
-               crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo,
-                                         pd->pd_ctl_len.bf.pkt_len,
-@@ -597,38 +596,39 @@ static void crypto4xx_aead_done(struct c
-       if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) {
-               /* append icv at the end */
--              size_t cp_len = crypto_aead_authsize(
--                      crypto_aead_reqtfm(aead_req));
--              u32 icv[cp_len];
--
-               crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest,
-                                          cp_len);
-               scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen,
-                                        cp_len, 1);
-+      } else {
-+              /* check icv at the end */
-+              scatterwalk_map_and_copy(icv, aead_req->src,
-+                      aead_req->assoclen + aead_req->cryptlen -
-+                      cp_len, cp_len, 0);
-+
-+              crypto4xx_memcpy_from_le32(icv, icv, cp_len);
-+
-+              if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len))
-+                      err = -EBADMSG;
-       }
-       crypto4xx_ret_sg_desc(dev, pd_uinfo);
-       if (pd->pd_ctl.bf.status & 0xff) {
--              if (pd->pd_ctl.bf.status & 0x1) {
--                      /* authentication error */
--                      err = -EBADMSG;
--              } else {
--                      if (!__ratelimit(&dev->aead_ratelimit)) {
--                              if (pd->pd_ctl.bf.status & 2)
--                                      pr_err("pad fail error\n");
--                              if (pd->pd_ctl.bf.status & 4)
--                                      pr_err("seqnum fail\n");
--                              if (pd->pd_ctl.bf.status & 8)
--                                      pr_err("error _notify\n");
--                              pr_err("aead return err status = 0x%02x\n",
--                                      pd->pd_ctl.bf.status & 0xff);
--                              pr_err("pd pad_ctl = 0x%08x\n",
--                                      pd->pd_ctl.bf.pd_pad_ctl);
--                      }
--                      err = -EINVAL;
-+              if (!__ratelimit(&dev->aead_ratelimit)) {
-+                      if (pd->pd_ctl.bf.status & 2)
-+                              pr_err("pad fail error\n");
-+                      if (pd->pd_ctl.bf.status & 4)
-+                              pr_err("seqnum fail\n");
-+                      if (pd->pd_ctl.bf.status & 8)
-+                              pr_err("error _notify\n");
-+                      pr_err("aead return err status = 0x%02x\n",
-+                              pd->pd_ctl.bf.status & 0xff);
-+                      pr_err("pd pad_ctl = 0x%08x\n",
-+                              pd->pd_ctl.bf.pd_pad_ctl);
-               }
-+              err = -EINVAL;
-       }
-       if (pd_uinfo->state & PD_ENTRY_BUSY)
diff --git a/target/linux/apm821xx/patches-4.14/120-0006-crypto-crypto4xx-performance-optimizations.patch b/target/linux/apm821xx/patches-4.14/120-0006-crypto-crypto4xx-performance-optimizations.patch
deleted file mode 100644 (file)
index 0475fda..0000000
+++ /dev/null
@@ -1,158 +0,0 @@
-From 30afcbb01a750a1ef0cee8a0861a347912c2e4fb Mon Sep 17 00:00:00 2001
-From: Christian Lamparter <chunkeey@gmail.com>
-Date: Thu, 21 Dec 2017 16:00:01 +0100
-Subject: [PATCH 6/6] crypto: crypto4xx - performance optimizations
-
-This patch provides a cheap 2MiB/s+ (~ 6%) performance
-improvement over the current code. This is because the
-compiler can now optimize several endian swap memcpy.
-
-Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
----
- drivers/crypto/amcc/crypto4xx_alg.c  | 32 +++++++++++++++++++-------------
- drivers/crypto/amcc/crypto4xx_core.c | 22 +++++++++++-----------
- drivers/crypto/amcc/crypto4xx_core.h |  6 ++++--
- 3 files changed, 34 insertions(+), 26 deletions(-)
-
---- a/drivers/crypto/amcc/crypto4xx_alg.c
-+++ b/drivers/crypto/amcc/crypto4xx_alg.c
-@@ -74,32 +74,38 @@ static void set_dynamic_sa_command_1(str
-       sa->sa_command_1.bf.copy_hdr = cp_hdr;
- }
--int crypto4xx_encrypt(struct ablkcipher_request *req)
-+static inline int crypto4xx_crypt(struct ablkcipher_request *req,
-+                                const unsigned int ivlen, bool decrypt)
- {
-       struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
--      unsigned int ivlen = crypto_ablkcipher_ivsize(
--              crypto_ablkcipher_reqtfm(req));
-       __le32 iv[ivlen];
-       if (ivlen)
-               crypto4xx_memcpy_to_le32(iv, req->info, ivlen);
-       return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
--              req->nbytes, iv, ivlen, ctx->sa_out, ctx->sa_len, 0);
-+              req->nbytes, iv, ivlen, decrypt ? ctx->sa_in : ctx->sa_out,
-+              ctx->sa_len, 0);
- }
--int crypto4xx_decrypt(struct ablkcipher_request *req)
-+int crypto4xx_encrypt_noiv(struct ablkcipher_request *req)
- {
--      struct crypto4xx_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
--      unsigned int ivlen = crypto_ablkcipher_ivsize(
--              crypto_ablkcipher_reqtfm(req));
--      __le32 iv[ivlen];
-+      return crypto4xx_crypt(req, 0, false);
-+}
--      if (ivlen)
--              crypto4xx_memcpy_to_le32(iv, req->info, ivlen);
-+int crypto4xx_encrypt_iv(struct ablkcipher_request *req)
-+{
-+      return crypto4xx_crypt(req, AES_IV_SIZE, false);
-+}
--      return crypto4xx_build_pd(&req->base, ctx, req->src, req->dst,
--              req->nbytes, iv, ivlen, ctx->sa_in, ctx->sa_len, 0);
-+int crypto4xx_decrypt_noiv(struct ablkcipher_request *req)
-+{
-+      return crypto4xx_crypt(req, 0, true);
-+}
-+
-+int crypto4xx_decrypt_iv(struct ablkcipher_request *req)
-+{
-+      return crypto4xx_crypt(req, AES_IV_SIZE, true);
- }
- /**
---- a/drivers/crypto/amcc/crypto4xx_core.c
-+++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -582,7 +582,7 @@ static void crypto4xx_aead_done(struct c
-       struct scatterlist *dst = pd_uinfo->dest_va;
-       size_t cp_len = crypto_aead_authsize(
-               crypto_aead_reqtfm(aead_req));
--      u32 icv[cp_len];
-+      u32 icv[AES_BLOCK_SIZE];
-       int err = 0;
-       if (pd_uinfo->using_sd) {
-@@ -597,7 +597,7 @@ static void crypto4xx_aead_done(struct c
-       if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) {
-               /* append icv at the end */
-               crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest,
--                                         cp_len);
-+                                         sizeof(icv));
-               scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen,
-                                        cp_len, 1);
-@@ -607,7 +607,7 @@ static void crypto4xx_aead_done(struct c
-                       aead_req->assoclen + aead_req->cryptlen -
-                       cp_len, cp_len, 0);
--              crypto4xx_memcpy_from_le32(icv, icv, cp_len);
-+              crypto4xx_memcpy_from_le32(icv, icv, sizeof(icv));
-               if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len))
-                       err = -EBADMSG;
-@@ -1124,8 +1124,8 @@ static struct crypto4xx_alg_common crypt
-                               .max_keysize    = AES_MAX_KEY_SIZE,
-                               .ivsize         = AES_IV_SIZE,
-                               .setkey         = crypto4xx_setkey_aes_cbc,
--                              .encrypt        = crypto4xx_encrypt,
--                              .decrypt        = crypto4xx_decrypt,
-+                              .encrypt        = crypto4xx_encrypt_iv,
-+                              .decrypt        = crypto4xx_decrypt_iv,
-                       }
-               }
-       }},
-@@ -1148,8 +1148,8 @@ static struct crypto4xx_alg_common crypt
-                               .max_keysize    = AES_MAX_KEY_SIZE,
-                               .ivsize         = AES_IV_SIZE,
-                               .setkey         = crypto4xx_setkey_aes_cfb,
--                              .encrypt        = crypto4xx_encrypt,
--                              .decrypt        = crypto4xx_decrypt,
-+                              .encrypt        = crypto4xx_encrypt_iv,
-+                              .decrypt        = crypto4xx_decrypt_iv,
-                       }
-               }
-       } },
-@@ -1197,8 +1197,8 @@ static struct crypto4xx_alg_common crypt
-                               .min_keysize    = AES_MIN_KEY_SIZE,
-                               .max_keysize    = AES_MAX_KEY_SIZE,
-                               .setkey         = crypto4xx_setkey_aes_ecb,
--                              .encrypt        = crypto4xx_encrypt,
--                              .decrypt        = crypto4xx_decrypt,
-+                              .encrypt        = crypto4xx_encrypt_noiv,
-+                              .decrypt        = crypto4xx_decrypt_noiv,
-                       }
-               }
-       } },
-@@ -1221,8 +1221,8 @@ static struct crypto4xx_alg_common crypt
-                               .max_keysize    = AES_MAX_KEY_SIZE,
-                               .ivsize         = AES_IV_SIZE,
-                               .setkey         = crypto4xx_setkey_aes_ofb,
--                              .encrypt        = crypto4xx_encrypt,
--                              .decrypt        = crypto4xx_decrypt,
-+                              .encrypt        = crypto4xx_encrypt_iv,
-+                              .decrypt        = crypto4xx_decrypt_iv,
-                       }
-               }
-       } },
---- a/drivers/crypto/amcc/crypto4xx_core.h
-+++ b/drivers/crypto/amcc/crypto4xx_core.h
-@@ -168,8 +168,10 @@ int crypto4xx_setkey_aes_ofb(struct cryp
-                            const u8 *key, unsigned int keylen);
- int crypto4xx_setkey_rfc3686(struct crypto_ablkcipher *cipher,
-                            const u8 *key, unsigned int keylen);
--int crypto4xx_encrypt(struct ablkcipher_request *req);
--int crypto4xx_decrypt(struct ablkcipher_request *req);
-+int crypto4xx_encrypt_iv(struct ablkcipher_request *req);
-+int crypto4xx_decrypt_iv(struct ablkcipher_request *req);
-+int crypto4xx_encrypt_noiv(struct ablkcipher_request *req);
-+int crypto4xx_decrypt_noiv(struct ablkcipher_request *req);
- int crypto4xx_rfc3686_encrypt(struct ablkcipher_request *req);
- int crypto4xx_rfc3686_decrypt(struct ablkcipher_request *req);
- int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm);