diff options
Diffstat (limited to 'meta-fsl-ppc/recipes-kernel/cryptodev')
13 files changed, 2413 insertions, 0 deletions
diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc new file mode 100644 index 00000000..e32e3502 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl.inc @@ -0,0 +1,17 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/cryptodev-fsl:" + +SRC_URI_qoriq-ppc = "git://github.com/cryptodev-linux/cryptodev-linux.git \ + file://0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \ + file://0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch \ + file://0003-PKC-support-added-in-cryptodev-module.patch \ + file://0004-Compat-versions-of-PKC-IOCTLs.patch \ + file://0005-Asynchronous-interface-changes-in-cryptodev.patch \ + file://0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch \ + file://0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch \ + file://0008-Add-RSA-Key-generation-offloading.patch \ + file://0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch \ +" +SRCREV_qoriq-ppc = "6aa62a2c320b04f55fdfe0ed015c3d9b48997239" + +S_qoriq-ppc = "${WORKDIR}/git" + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch new file mode 100644 index 00000000..796e5484 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch @@ -0,0 +1,52 @@ +From 715ade8236f40cf811c39f9538dfd60803967fcd Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@freescale.com> +Date: Thu, 29 Aug 2013 16:52:30 +0300 +Subject: [PATCH 1/9] add support for composite TLS10(SHA1,AES) algorithm + offload + +This adds support for composite algorithm offload as a primitive +crypto (cipher + hmac) operation. + +It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm +provided either in software or accelerated by hardware such as +Freescale B*, P* and T* platforms. + +Change-Id: Ia1c605da3860e91e681295dfc8df7c09eb4006cf +Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> +Reviewed-on: http://git.am.freescale.net:8181/17218 +--- + crypto/cryptodev.h | 1 + + ioctl.c | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 7fb9c7d..c0e8cd4 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t { + CRYPTO_SHA2_384, + CRYPTO_SHA2_512, + CRYPTO_SHA2_224_HMAC, ++ CRYPTO_TLS10_AES_CBC_HMAC_SHA1, + CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ + }; + +diff --git a/ioctl.c b/ioctl.c +index 5a55a76..f9b9b2e 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) + stream = 1; + aead = 1; + break; ++ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: ++ alg_name = "tls10(hmac(sha1),cbc(aes))"; ++ stream = 0; ++ aead = 1; ++ break; + case CRYPTO_NULL: + alg_name = "ecb(cipher_null)"; + stream = 1; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch new file mode 100644 index 00000000..3d7c6086 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch @@ -0,0 +1,32 @@ +From b6e2a3747e3cffdf3cc515b0ce35d6bcdcb051c5 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica <cristian.stoica@freescale.com> +Date: Tue, 9 Dec 2014 16:41:25 +0200 +Subject: [PATCH] don't advertise RSA keygen + +This is supposed to avoid RSA keygen operations when they are not +available. Since no testing can be done, the patch should be applied +selectively (for example when offloading through pkc driver on C293) + +Change-Id: I60765f46fd7a39053d42e075d2ec71b032b2ed8a +Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + ioctl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index e907167..3239093 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -961,8 +961,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | +- CRF_RSA_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +-- +2.2.0 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch new file mode 100644 index 00000000..086a97f8 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0002-add-support-for-COMPAT_CIOCAUTHCRYPT-ioctl.patch @@ -0,0 +1,207 @@ +From 4b766c93e4ee19248dd66bbebb61fb5cc9c8a012 Mon Sep 17 00:00:00 2001 +From: Horia Geanta <horia.geanta@freescale.com> +Date: Wed, 4 Dec 2013 15:43:41 +0200 +Subject: [PATCH 2/9] add support for COMPAT_CIOCAUTHCRYPT ioctl() + +Upstream-status: Pending + +Needed for 64b kernel with 32b user space. + +Change-Id: I44a999a4164e7ae7122dee6ed0716b2f25cadbc1 +Signed-off-by: Horia Geanta <horia.geanta@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + authenc.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + cryptodev_int.h | 40 +++++++++++++++++++++++++++++ + ioctl.c | 16 ++++++++++++ + 3 files changed, 134 insertions(+) + +diff --git a/authenc.c b/authenc.c +index 1bd7377..ef0d3db 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -272,6 +272,84 @@ static int fill_caop_from_kcaop(struct kernel_crypt_auth_op *kcaop, struct fcryp + return 0; + } + ++/* compatibility code for 32bit userlands */ ++#ifdef CONFIG_COMPAT ++ ++static inline void ++compat_to_crypt_auth_op(struct compat_crypt_auth_op *compat, ++ struct crypt_auth_op *caop) ++{ ++ caop->ses = compat->ses; ++ caop->op = compat->op; ++ caop->flags = compat->flags; ++ caop->len = compat->len; ++ caop->auth_len = compat->auth_len; ++ caop->tag_len = compat->tag_len; ++ caop->iv_len = compat->iv_len; ++ ++ caop->auth_src = compat_ptr(compat->auth_src); ++ caop->src = compat_ptr(compat->src); ++ caop->dst = compat_ptr(compat->dst); ++ caop->tag = compat_ptr(compat->tag); ++ caop->iv = compat_ptr(compat->iv); ++} ++ ++static inline void ++crypt_auth_op_to_compat(struct crypt_auth_op *caop, ++ struct compat_crypt_auth_op *compat) ++{ ++ compat->ses = caop->ses; ++ compat->op = caop->op; ++ compat->flags = caop->flags; ++ compat->len = caop->len; ++ compat->auth_len = caop->auth_len; ++ compat->tag_len = caop->tag_len; ++ compat->iv_len = caop->iv_len; ++ ++ compat->auth_src = ptr_to_compat(caop->auth_src); ++ compat->src = ptr_to_compat(caop->src); ++ compat->dst = ptr_to_compat(caop->dst); ++ compat->tag = ptr_to_compat(caop->tag); ++ compat->iv = ptr_to_compat(caop->iv); ++} ++ ++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg) ++{ ++ struct compat_crypt_auth_op compat_caop; ++ ++ if (unlikely(copy_from_user(&compat_caop, arg, sizeof(compat_caop)))) { ++ dprintk(1, KERN_ERR, "Error in copying from userspace\n"); ++ return -EFAULT; ++ } ++ ++ compat_to_crypt_auth_op(&compat_caop, &kcaop->caop); ++ ++ return fill_kcaop_from_caop(kcaop, fcr); ++} ++ ++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg) ++{ ++ int ret; ++ struct compat_crypt_auth_op compat_caop; ++ ++ ret = fill_caop_from_kcaop(kcaop, fcr); ++ if (unlikely(ret)) { ++ dprintk(1, KERN_ERR, "fill_caop_from_kcaop\n"); ++ return ret; ++ } ++ ++ crypt_auth_op_to_compat(&kcaop->caop, &compat_caop); ++ ++ if (unlikely(copy_to_user(arg, &compat_caop, sizeof(compat_caop)))) { ++ dprintk(1, KERN_ERR, "Error in copying to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ ++#endif /* CONFIG_COMPAT */ + + int kcaop_from_user(struct kernel_crypt_auth_op *kcaop, + struct fcrypt *fcr, void __user *arg) +diff --git a/cryptodev_int.h b/cryptodev_int.h +index d7660fa..8e687e7 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -73,11 +73,42 @@ struct compat_crypt_op { + compat_uptr_t iv;/* initialization vector for encryption operations */ + }; + ++ /* input of CIOCAUTHCRYPT */ ++struct compat_crypt_auth_op { ++ uint32_t ses; /* session identifier */ ++ uint16_t op; /* COP_ENCRYPT or COP_DECRYPT */ ++ uint16_t flags; /* see COP_FLAG_AEAD_* */ ++ uint32_t len; /* length of source data */ ++ uint32_t auth_len; /* length of auth data */ ++ compat_uptr_t auth_src; /* authenticated-only data */ ++ ++ /* The current implementation is more efficient if data are ++ * encrypted in-place (src==dst). */ ++ compat_uptr_t src; /* data to be encrypted and ++ authenticated */ ++ compat_uptr_t dst; /* pointer to output data. Must have ++ * space for tag. For TLS this should be ++ * at least len + tag_size + block_size ++ * for padding */ ++ ++ compat_uptr_t tag; /* where the tag will be copied to. TLS ++ * mode doesn't use that as tag is ++ * copied to dst. ++ * SRTP mode copies tag there. */ ++ uint32_t tag_len; /* the length of the tag. Use zero for ++ * digest size or max tag. */ ++ ++ /* initialization vector for encryption operations */ ++ compat_uptr_t iv; ++ uint32_t iv_len; ++}; ++ + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) ++#define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) + + #endif /* CONFIG_COMPAT */ + +@@ -108,6 +139,15 @@ struct kernel_crypt_auth_op { + + /* auth */ + ++#ifdef CONFIG_COMPAT ++int compat_kcaop_from_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg); ++ ++int compat_kcaop_to_user(struct kernel_crypt_auth_op *kcaop, ++ struct fcrypt *fcr, void __user *arg); ++#endif /* CONFIG_COMPAT */ ++ ++ + int kcaop_from_user(struct kernel_crypt_auth_op *kcop, + struct fcrypt *fcr, void __user *arg); + int kcaop_to_user(struct kernel_crypt_auth_op *kcaop, +diff --git a/ioctl.c b/ioctl.c +index f9b9b2e..1563c75 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -998,6 +998,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + struct session_op sop; + struct compat_session_op compat_sop; + struct kernel_crypt_op kcop; ++ struct kernel_crypt_auth_op kcaop; + int ret; + + if (unlikely(!pcr)) +@@ -1040,6 +1041,21 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + return ret; + + return compat_kcop_to_user(&kcop, fcr, arg); ++ ++ case COMPAT_CIOCAUTHCRYPT: ++ if (unlikely(ret = compat_kcaop_from_user(&kcaop, fcr, arg))) { ++ dprintk(1, KERN_WARNING, "Error copying from user\n"); ++ return ret; ++ } ++ ++ ret = crypto_auth_run(fcr, &kcaop); ++ if (unlikely(ret)) { ++ dprintk(1, KERN_WARNING, "Error in crypto_auth_run\n"); ++ return ret; ++ } ++ ++ return compat_kcaop_to_user(&kcaop, fcr, arg); ++ + #ifdef ENABLE_ASYNC + case COMPAT_CIOCASYNCCRYPT: + if (unlikely(ret = compat_kcop_from_user(&kcop, fcr, arg))) +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch new file mode 100644 index 00000000..a4f7816b --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0003-PKC-support-added-in-cryptodev-module.patch @@ -0,0 +1,898 @@ +From 5b57fc2124cef0acc3c7e8de376ebd9aa4f1fdd3 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 06:16:09 +0545 +Subject: [PATCH 3/9] PKC support added in cryptodev module + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + cryptlib.c | 66 +++++++++- + cryptlib.h | 28 ++++ + crypto/cryptodev.h | 15 ++- + cryptodev_int.h | 20 ++- + ioctl.c | 196 +++++++++++++++++++++++++-- + main.c | 378 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 685 insertions(+), 18 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 44ce763..6900028 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -5,6 +5,8 @@ + * Portions Copyright (c) 2010 Michael Weiser + * Portions Copyright (c) 2010 Phil Sutter + * ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ * + * This file is part of linux cryptodev. + * + * This program is free software; you can redistribute it and/or +@@ -39,11 +41,6 @@ + #include "cryptodev_int.h" + + +-struct cryptodev_result { +- struct completion completion; +- int err; +-}; +- + static void cryptodev_complete(struct crypto_async_request *req, int err) + { + struct cryptodev_result *res = req->data; +@@ -259,7 +256,6 @@ static inline int waitfor(struct cryptodev_result *cr, ssize_t ret) + case 0: + break; + case -EINPROGRESS: +- case -EBUSY: + wait_for_completion(&cr->completion); + /* At this point we known for sure the request has finished, + * because wait_for_completion above was not interruptible. +@@ -439,3 +435,61 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output) + return waitfor(hdata->async.result, ret); + } + ++int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) ++{ ++ int ret = 0; ++ struct pkc_request *pkc_req = &pkc->req, *pkc_requested; ++ ++ switch (pkc_req->type) { ++ case RSA_PUB: ++ case RSA_PRIV_FORM1: ++ case RSA_PRIV_FORM2: ++ case RSA_PRIV_FORM3: ++ pkc->s = crypto_alloc_pkc("pkc(rsa)", ++ CRYPTO_ALG_TYPE_PKC_RSA, 0); ++ break; ++ case DSA_SIGN: ++ case DSA_VERIFY: ++ case ECDSA_SIGN: ++ case ECDSA_VERIFY: ++ pkc->s = crypto_alloc_pkc("pkc(dsa)", ++ CRYPTO_ALG_TYPE_PKC_DSA, 0); ++ break; ++ case DH_COMPUTE_KEY: ++ case ECDH_COMPUTE_KEY: ++ pkc->s = crypto_alloc_pkc("pkc(dh)", ++ CRYPTO_ALG_TYPE_PKC_DH, 0); ++ break; ++ default: ++ return -EINVAL; ++ } ++ ++ if (IS_ERR_OR_NULL(pkc->s)) ++ return -EINVAL; ++ ++ init_completion(&pkc->result.completion); ++ pkc_requested = pkc_request_alloc(pkc->s, GFP_KERNEL); ++ ++ if (unlikely(IS_ERR_OR_NULL(pkc_requested))) { ++ ret = -ENOMEM; ++ goto error; ++ } ++ pkc_requested->type = pkc_req->type; ++ pkc_requested->curve_type = pkc_req->curve_type; ++ memcpy(&pkc_requested->req_u, &pkc_req->req_u, sizeof(pkc_req->req_u)); ++ pkc_request_set_callback(pkc_requested, CRYPTO_TFM_REQ_MAY_BACKLOG, ++ cryptodev_complete_asym, pkc); ++ ret = crypto_pkc_op(pkc_requested); ++ if (ret != -EINPROGRESS && ret != 0) ++ goto error2; ++ ++ if (pkc->type == SYNCHRONOUS) ++ ret = waitfor(&pkc->result, ret); ++ ++ return ret; ++error2: ++ kfree(pkc_requested); ++error: ++ crypto_free_pkc(pkc->s); ++ return ret; ++} +diff --git a/cryptlib.h b/cryptlib.h +index a0a8a63..56d325a 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -1,3 +1,6 @@ ++/* ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ */ + #ifndef CRYPTLIB_H + # define CRYPTLIB_H + +@@ -89,5 +92,30 @@ void cryptodev_hash_deinit(struct hash_data *hdata); + int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + int hmac_mode, void *mackey, size_t mackeylen); + ++/* Operation Type */ ++enum offload_type { ++ SYNCHRONOUS, ++ ASYNCHRONOUS ++}; ++ ++struct cryptodev_result { ++ struct completion completion; ++ int err; ++}; ++ ++struct cryptodev_pkc { ++ struct list_head list; /* To maintain the Jobs in completed ++ cryptodev lists */ ++ struct kernel_crypt_kop kop; ++ struct crypto_pkc *s; /* Transform pointer from CryptoAPI */ ++ struct cryptodev_result result; /* Result to be updated by ++ completion handler */ ++ struct pkc_request req; /* PKC request structure allocated ++ from CryptoAPI */ ++ enum offload_type type; /* Synchronous Vs Asynchronous request */ ++ void *cookie; /*Additional opaque cookie to be used in future */ ++ struct crypt_priv *priv; ++}; + ++int cryptodev_pkc_offload(struct cryptodev_pkc *); + #endif +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index c0e8cd4..96675fe 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -1,6 +1,10 @@ +-/* This is a source compatible implementation with the original API of ++/* ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ * ++ * This is a source compatible implementation with the original API of + * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. +- * Placed under public domain */ ++ * Placed under public domain ++ */ + + #ifndef L_CRYPTODEV_H + #define L_CRYPTODEV_H +@@ -245,6 +249,9 @@ struct crypt_kop { + __u16 crk_oparams; + __u32 crk_pad1; + struct crparam crk_param[CRK_MAXPARAM]; ++ enum curve_t curve_type; /* 0 == Discrete Log, ++ 1 = EC_PRIME, 2 = EC_BINARY */ ++ void *cookie; + }; + + enum cryptodev_crk_op_t { +@@ -289,5 +296,7 @@ enum cryptodev_crk_op_t { + */ + #define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) + #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) +- ++/* additional ioctls for asynchronous operation for asymmetric ciphers*/ ++#define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) ++#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) + #endif /* L_CRYPTODEV_H */ +diff --git a/cryptodev_int.h b/cryptodev_int.h +index 8e687e7..fdbcc61 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -1,4 +1,6 @@ +-/* cipher stuff */ ++/* cipher stuff ++ * Copyright 2012 Freescale Semiconductor, Inc. ++ */ + #ifndef CRYPTODEV_INT_H + # define CRYPTODEV_INT_H + +@@ -112,6 +114,14 @@ struct compat_crypt_auth_op { + + #endif /* CONFIG_COMPAT */ + ++/* kernel-internal extension to struct crypt_kop */ ++struct kernel_crypt_kop { ++ struct crypt_kop kop; ++ ++ struct task_struct *task; ++ struct mm_struct *mm; ++}; ++ + /* kernel-internal extension to struct crypt_op */ + struct kernel_crypt_op { + struct crypt_op cop; +@@ -157,6 +167,14 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop); + + #include <cryptlib.h> + ++/* Cryptodev Key operation handler */ ++int crypto_bn_modexp(struct cryptodev_pkc *); ++int crypto_modexp_crt(struct cryptodev_pkc *); ++int crypto_kop_dsasign(struct cryptodev_pkc *); ++int crypto_kop_dsaverify(struct cryptodev_pkc *); ++int crypto_run_asym(struct cryptodev_pkc *); ++void cryptodev_complete_asym(struct crypto_async_request *, int); ++ + /* other internal structs */ + struct csession { + struct list_head entry; +diff --git a/ioctl.c b/ioctl.c +index 1563c75..782d7fe 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -4,6 +4,7 @@ + * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs + * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> + * Copyright (c) 2010 Phil Sutter ++ * Copyright 2012 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -89,8 +90,37 @@ struct crypt_priv { + int itemcount; + struct work_struct cryptask; + wait_queue_head_t user_waiter; ++ /* List of pending cryptodev_pkc asym requests */ ++ struct list_head asym_completed_list; ++ /* For addition/removal of entry in pending list of asymmetric request*/ ++ spinlock_t completion_lock; + }; + ++/* Asymmetric request Completion handler */ ++void cryptodev_complete_asym(struct crypto_async_request *req, int err) ++{ ++ struct cryptodev_pkc *pkc = req->data; ++ struct cryptodev_result *res = &pkc->result; ++ ++ crypto_free_pkc(pkc->s); ++ res->err = err; ++ if (pkc->type == SYNCHRONOUS) { ++ if (err == -EINPROGRESS) ++ return; ++ complete(&res->completion); ++ } else { ++ struct crypt_priv *pcr = pkc->priv; ++ unsigned long flags; ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ list_add_tail(&pkc->list, &pcr->asym_completed_list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ /* wake for POLLIN */ ++ wake_up_interruptible(&pcr->user_waiter); ++ } ++ ++ kfree(req); ++} ++ + #define FILL_SG(sg, ptr, len) \ + do { \ + (sg)->page = virt_to_page(ptr); \ +@@ -472,7 +502,8 @@ cryptodev_open(struct inode *inode, struct file *filp) + INIT_LIST_HEAD(&pcr->free.list); + INIT_LIST_HEAD(&pcr->todo.list); + INIT_LIST_HEAD(&pcr->done.list); +- ++ INIT_LIST_HEAD(&pcr->asym_completed_list); ++ spin_lock_init(&pcr->completion_lock); + INIT_WORK(&pcr->cryptask, cryptask_routine); + + init_waitqueue_head(&pcr->user_waiter); +@@ -639,6 +670,79 @@ static int crypto_async_fetch(struct crypt_priv *pcr, + } + #endif + ++/* get the first asym cipher completed job from the "done" queue ++ * ++ * returns: ++ * -EBUSY if no completed jobs are ready (yet) ++ * the return value otherwise */ ++static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) ++{ ++ int ret = 0; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *ckop = &kop->kop; ++ struct pkc_request *pkc_req = &pkc->req; ++ ++ switch (ckop->crk_op) { ++ case CRK_MOD_EXP: ++ { ++ struct rsa_pub_req_s *rsa_req = &pkc_req->req_u.rsa_pub_req; ++ copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, ++ rsa_req->g_len); ++ } ++ break; ++ case CRK_MOD_EXP_CRT: ++ { ++ struct rsa_priv_frm3_req_s *rsa_req = ++ &pkc_req->req_u.rsa_priv_f3; ++ copy_to_user(ckop->crk_param[6].crp_p, ++ rsa_req->f, rsa_req->f_len); ++ } ++ break; ++ case CRK_DSA_SIGN: ++ { ++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ ++ if (pkc_req->type == ECDSA_SIGN) { ++ copy_to_user(ckop->crk_param[6].crp_p, ++ dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[7].crp_p, ++ dsa_req->d, dsa_req->d_len); ++ } else { ++ copy_to_user(ckop->crk_param[5].crp_p, ++ dsa_req->c, dsa_req->d_len); ++ copy_to_user(ckop->crk_param[6].crp_p, ++ dsa_req->d, dsa_req->d_len); ++ } ++ } ++ break; ++ case CRK_DSA_VERIFY: ++ break; ++ case CRK_DH_COMPUTE_KEY: ++ { ++ struct dh_key_req_s *dh_req = &pkc_req->req_u.dh_req; ++ if (pkc_req->type == ECDH_COMPUTE_KEY) ++ copy_to_user(ckop->crk_param[4].crp_p, ++ dh_req->z, dh_req->z_len); ++ else ++ copy_to_user(ckop->crk_param[3].crp_p, ++ dh_req->z, dh_req->z_len); ++ } ++ break; ++ default: ++ ret = -EINVAL; ++ } ++ kfree(pkc->cookie); ++ return ret; ++} ++ ++/* this function has to be called from process context */ ++static int fill_kop_from_cop(struct kernel_crypt_kop *kop) ++{ ++ kop->task = current; ++ kop->mm = current->mm; ++ return 0; ++} ++ + /* this function has to be called from process context */ + static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + { +@@ -662,11 +766,8 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + + if (cop->iv) { + rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); +- if (unlikely(rc)) { +- derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", +- kcop->ivlen, rc, cop->iv); ++ if (unlikely(rc)) + return -EFAULT; +- } + } + + return 0; +@@ -692,6 +793,25 @@ static int fill_cop_from_kcop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + return 0; + } + ++static int kop_from_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ if (unlikely(copy_from_user(&kop->kop, arg, sizeof(kop->kop)))) ++ return -EFAULT; ++ ++ return fill_kop_from_cop(kop); ++} ++ ++static int kop_to_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ if (unlikely(copy_to_user(arg, &kop->kop, sizeof(kop->kop)))) { ++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static int kcop_from_user(struct kernel_crypt_op *kcop, + struct fcrypt *fcr, void __user *arg) + { +@@ -821,7 +941,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(0, p); ++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | ++ CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -857,6 +978,24 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (unlikely(ret)) + return ret; + return copy_to_user(arg, &siop, sizeof(siop)); ++ case CIOCKEY: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ if (!pkc) ++ return -ENOMEM; ++ ++ ret = kop_from_user(&pkc->kop, arg); ++ if (unlikely(ret)) { ++ kfree(pkc); ++ return ret; ++ } ++ pkc->type = SYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ kfree(pkc); ++ } ++ return ret; + case CIOCCRYPT: + if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) { + dwarning(1, "Error copying from user"); +@@ -895,6 +1034,45 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + return kcop_to_user(&kcop, fcr, arg); + #endif ++ case CIOCASYMASYNCRYPT: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ret = kop_from_user(&pkc->kop, arg); ++ ++ if (unlikely(ret)) ++ return -EINVAL; ++ ++ /* Store associated FD priv data with asymmetric request */ ++ pkc->priv = pcr; ++ pkc->type = ASYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ if (ret == -EINPROGRESS) ++ ret = 0; ++ } ++ return ret; ++ case CIOCASYMASYNFETCH: ++ { ++ struct cryptodev_pkc *pkc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ if (list_empty(&pcr->asym_completed_list)) { ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ return -ENOMEM; ++ } ++ pkc = list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ ret = crypto_async_fetch_asym(pkc); ++ ++ /* Reflect the updated request to user-space */ ++ if (!ret) ++ kop_to_user(&pkc->kop, arg); ++ kfree(pkc); ++ } ++ return ret; + default: + return -EINVAL; + } +@@ -1083,9 +1261,11 @@ static unsigned int cryptodev_poll(struct file *file, poll_table *wait) + + poll_wait(file, &pcr->user_waiter, wait); + +- if (!list_empty_careful(&pcr->done.list)) ++ if (!list_empty_careful(&pcr->done.list) || ++ !list_empty_careful(&pcr->asym_completed_list)) + ret |= POLLIN | POLLRDNORM; +- if (!list_empty_careful(&pcr->free.list) || pcr->itemcount < MAX_COP_RINGSIZE) ++ if (!list_empty_careful(&pcr->free.list) || ++ pcr->itemcount < MAX_COP_RINGSIZE) + ret |= POLLOUT | POLLWRNORM; + + return ret; +diff --git a/main.c b/main.c +index 57e5c38..0b7951e 100644 +--- a/main.c ++++ b/main.c +@@ -181,6 +181,384 @@ __crypto_run_zc(struct csession *ses_ptr, struct kernel_crypt_op *kcop) + return ret; + } + ++int crypto_kop_dsasign(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req = &pkc->req; ++ struct dsa_sign_req_s *dsa_req = &pkc_req->req_u.dsa_sign; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 6 && ++ !cop->crk_param[7].crp_nbits)) ++ return -EINVAL; ++ ++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dsa_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + ++ dsa_req->g_len + dsa_req->priv_key_len + dsa_req->d_len + ++ dsa_req->d_len; ++ if (cop->crk_iparams == 6) { ++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size += dsa_req->ab_len; ++ pkc_req->type = ECDSA_SIGN; ++ pkc_req->curve_type = cop->curve_type; ++ } else { ++ pkc_req->type = DSA_SIGN; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ ++ dsa_req->q = buf; ++ dsa_req->r = dsa_req->q + dsa_req->q_len; ++ dsa_req->g = dsa_req->r + dsa_req->r_len; ++ dsa_req->priv_key = dsa_req->g + dsa_req->g_len; ++ dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; ++ dsa_req->c = dsa_req->m + dsa_req->m_len; ++ dsa_req->d = dsa_req->c + dsa_req->d_len; ++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); ++ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, ++ dsa_req->priv_key_len); ++ if (cop->crk_iparams == 6) { ++ dsa_req->ab = dsa_req->d + dsa_req->d_len; ++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, ++ dsa_req->ab_len); ++ } ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ if (cop->crk_iparams == 6) { ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, ++ dsa_req->d_len); ++ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, ++ dsa_req->d_len); ++ } else { ++ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, ++ dsa_req->d_len); ++ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, ++ dsa_req->d_len); ++ } ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct dsa_verify_req_s *dsa_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits || (cop->crk_iparams == 8 && ++ !cop->crk_param[7].crp_nbits)) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ dsa_req = &pkc_req->req_u.dsa_verify; ++ dsa_req->m_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dsa_req->r_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ dsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dsa_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ dsa_req->d_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf_size = dsa_req->m_len + dsa_req->q_len + dsa_req->r_len + ++ dsa_req->g_len + dsa_req->pub_key_len + dsa_req->d_len + ++ dsa_req->d_len; ++ if (cop->crk_iparams == 8) { ++ dsa_req->ab_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size += dsa_req->ab_len; ++ pkc_req->type = ECDSA_VERIFY; ++ pkc_req->curve_type = cop->curve_type; ++ } else { ++ pkc_req->type = DSA_VERIFY; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ ++ dsa_req->q = buf; ++ dsa_req->r = dsa_req->q + dsa_req->q_len; ++ dsa_req->g = dsa_req->r + dsa_req->r_len; ++ dsa_req->pub_key = dsa_req->g + dsa_req->g_len; ++ dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; ++ dsa_req->c = dsa_req->m + dsa_req->m_len; ++ dsa_req->d = dsa_req->c + dsa_req->d_len; ++ copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); ++ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); ++ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); ++ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); ++ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, ++ dsa_req->pub_key_len); ++ if (cop->crk_iparams == 8) { ++ dsa_req->ab = dsa_req->d + dsa_req->d_len; ++ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, ++ dsa_req->ab_len); ++ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, ++ dsa_req->d_len); ++ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, ++ dsa_req->d_len); ++ } else { ++ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, ++ dsa_req->d_len); ++ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, ++ dsa_req->d_len); ++ } ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ } else { ++ if (rc != -EINPROGRESS && !rc) ++ goto err; ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_kop_dh_key(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct dh_key_req_s *dh_req; ++ int buf_size; ++ uint8_t *buf; ++ int rc = -EINVAL; ++ ++ pkc_req = &pkc->req; ++ dh_req = &pkc_req->req_u.dh_req; ++ dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ dh_req->pub_key_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ dh_req->q_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ buf_size = dh_req->q_len + dh_req->pub_key_len + dh_req->s_len; ++ if (cop->crk_iparams == 4) { ++ pkc_req->type = ECDH_COMPUTE_KEY; ++ dh_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ dh_req->z_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ buf_size += dh_req->ab_len; ++ } else { ++ dh_req->z_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ pkc_req->type = DH_COMPUTE_KEY; ++ } ++ buf_size += dh_req->z_len; ++ buf = kzalloc(buf_size, GFP_DMA); ++ dh_req->q = buf; ++ dh_req->s = dh_req->q + dh_req->q_len; ++ dh_req->pub_key = dh_req->s + dh_req->s_len; ++ dh_req->z = dh_req->pub_key + dh_req->pub_key_len; ++ if (cop->crk_iparams == 4) { ++ dh_req->ab = dh_req->z + dh_req->z_len; ++ pkc_req->curve_type = cop->curve_type; ++ copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, ++ dh_req->ab_len); ++ } ++ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); ++ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, ++ dh_req->pub_key_len); ++ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ if (cop->crk_iparams == 4) ++ copy_to_user(cop->crk_param[4].crp_p, dh_req->z, ++ dh_req->z_len); ++ else ++ copy_to_user(cop->crk_param[3].crp_p, dh_req->z, ++ dh_req->z_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_modexp_crt(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct rsa_priv_frm3_req_s *rsa_req; ++ int rc; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_PRIV_FORM3; ++ rsa_req = &pkc_req->req_u.rsa_priv_f3; ++ rsa_req->p_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ rsa_req->q_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ rsa_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ rsa_req->dp_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; ++ buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + ++ rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + ++ rsa_req->g_len, GFP_DMA); ++ rsa_req->p = buf; ++ rsa_req->q = rsa_req->p + rsa_req->p_len; ++ rsa_req->g = rsa_req->q + rsa_req->q_len; ++ rsa_req->dp = rsa_req->g + rsa_req->g_len; ++ rsa_req->dq = rsa_req->dp + rsa_req->dp_len; ++ rsa_req->c = rsa_req->dq + rsa_req->dq_len; ++ rsa_req->f = rsa_req->c + rsa_req->c_len; ++ copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); ++ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); ++ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); ++ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); ++ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); ++ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); ++ rc = cryptodev_pkc_offload(pkc); ++ ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, ++ rsa_req->f_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_bn_modexp(struct cryptodev_pkc *pkc) ++{ ++ struct pkc_request *pkc_req; ++ struct rsa_pub_req_s *rsa_req; ++ int rc; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_PUB; ++ rsa_req = &pkc_req->req_u.rsa_pub_req; ++ rsa_req->f_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len ++ + rsa_req->g_len, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ ++ rsa_req->e = buf; ++ rsa_req->f = rsa_req->e + rsa_req->e_len; ++ rsa_req->g = rsa_req->f + rsa_req->f_len; ++ rsa_req->n = rsa_req->g + rsa_req->g_len; ++ copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); ++ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); ++ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ ++ copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, ++ rsa_req->g_len); ++ } else { ++ if (rc != -EINPROGRESS && rc != 0) ++ goto err; ++ ++ /* This one will be freed later in fetch handler */ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ ++int crypto_run_asym(struct cryptodev_pkc *pkc) ++{ ++ int ret = -EINVAL; ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ ++ switch (kop->kop.crk_op) { ++ case CRK_MOD_EXP: ++ if (kop->kop.crk_iparams != 3 && kop->kop.crk_oparams != 1) ++ goto err; ++ ++ ret = crypto_bn_modexp(pkc); ++ break; ++ case CRK_MOD_EXP_CRT: ++ if (kop->kop.crk_iparams != 6 && kop->kop.crk_oparams != 1) ++ goto err; ++ ++ ret = crypto_modexp_crt(pkc); ++ break; ++ case CRK_DSA_SIGN: ++ if ((kop->kop.crk_iparams != 5 && kop->kop.crk_iparams != 6) || ++ kop->kop.crk_oparams != 2) ++ goto err; ++ ++ ret = crypto_kop_dsasign(pkc); ++ break; ++ case CRK_DSA_VERIFY: ++ if ((kop->kop.crk_iparams != 7 && kop->kop.crk_iparams != 8) || ++ kop->kop.crk_oparams != 0) ++ goto err; ++ ++ ret = crypto_kop_dsaverify(pkc); ++ break; ++ case CRK_DH_COMPUTE_KEY: ++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4) || ++ kop->kop.crk_oparams != 1) ++ goto err; ++ ret = crypto_kop_dh_key(pkc); ++ break; ++ } ++err: ++ return ret; ++} ++ + int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop) + { + struct csession *ses_ptr; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch new file mode 100644 index 00000000..2eedcc72 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0004-Compat-versions-of-PKC-IOCTLs.patch @@ -0,0 +1,200 @@ +From 5435dfd329cd90837ce36c6dadc26166c7906cab Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 06:52:13 +0545 +Subject: [PATCH 4/9] Compat versions of PKC IOCTLs + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + cryptodev_int.h | 20 ++++++++++ + ioctl.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 140 insertions(+) + +diff --git a/cryptodev_int.h b/cryptodev_int.h +index fdbcc61..cf54dac 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -75,6 +75,24 @@ struct compat_crypt_op { + compat_uptr_t iv;/* initialization vector for encryption operations */ + }; + ++/* input of CIOCKEY */ ++struct compat_crparam { ++ compat_uptr_t crp_p; ++ uint32_t crp_nbits; ++}; ++ ++struct compat_crypt_kop { ++ uint32_t crk_op; /* cryptodev_crk_ot_t */ ++ uint32_t crk_status; ++ uint16_t crk_iparams; ++ uint16_t crk_oparams; ++ uint32_t crk_pad1; ++ struct compat_crparam crk_param[CRK_MAXPARAM]; ++ enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, ++ 2 = EC_BINARY */ ++ compat_uptr_t cookie; ++}; ++ + /* input of CIOCAUTHCRYPT */ + struct compat_crypt_auth_op { + uint32_t ses; /* session identifier */ +@@ -111,6 +129,8 @@ struct compat_crypt_auth_op { + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) + #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) ++#define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) ++#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) + + #endif /* CONFIG_COMPAT */ + +diff --git a/ioctl.c b/ioctl.c +index 782d7fe..3baf3e6 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -1081,6 +1081,68 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + /* compatibility code for 32bit userlands */ + #ifdef CONFIG_COMPAT + ++static inline void compat_to_crypt_kop(struct compat_crypt_kop *compat, ++ struct crypt_kop *kop) ++{ ++ int i; ++ kop->crk_op = compat->crk_op; ++ kop->crk_status = compat->crk_status; ++ kop->crk_iparams = compat->crk_iparams; ++ kop->crk_oparams = compat->crk_oparams; ++ ++ for (i = 0; i < CRK_MAXPARAM; i++) { ++ kop->crk_param[i].crp_p = ++ compat_ptr(compat->crk_param[i].crp_p); ++ kop->crk_param[i].crp_nbits = compat->crk_param[i].crp_nbits; ++ } ++ ++ kop->curve_type = compat->curve_type; ++ kop->cookie = compat->cookie; ++} ++ ++static int compat_kop_from_user(struct kernel_crypt_kop *kop, ++ void __user *arg) ++{ ++ struct compat_crypt_kop compat_kop; ++ ++ if (unlikely(copy_from_user(&compat_kop, arg, sizeof(compat_kop)))) ++ return -EFAULT; ++ ++ compat_to_crypt_kop(&compat_kop, &kop->kop); ++ return fill_kop_from_cop(kop); ++} ++ ++static inline void crypt_kop_to_compat(struct crypt_kop *kop, ++ struct compat_crypt_kop *compat) ++{ ++ int i; ++ ++ compat->crk_op = kop->crk_op; ++ compat->crk_status = kop->crk_status; ++ compat->crk_iparams = kop->crk_iparams; ++ compat->crk_oparams = kop->crk_oparams; ++ ++ for (i = 0; i < CRK_MAXPARAM; i++) { ++ compat->crk_param[i].crp_p = ++ ptr_to_compat(kop->crk_param[i].crp_p); ++ compat->crk_param[i].crp_nbits = kop->crk_param[i].crp_nbits; ++ } ++ compat->cookie = kop->cookie; ++ compat->curve_type = kop->curve_type; ++} ++ ++static int compat_kop_to_user(struct kernel_crypt_kop *kop, void __user *arg) ++{ ++ struct compat_crypt_kop compat_kop; ++ ++ crypt_kop_to_compat(&kop->kop, &compat_kop); ++ if (unlikely(copy_to_user(arg, &compat_kop, sizeof(compat_kop)))) { ++ dprintk(1, KERN_ERR, "Cannot copy to userspace\n"); ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static inline void + compat_to_session_op(struct compat_session_op *compat, struct session_op *sop) + { +@@ -1208,7 +1270,26 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + return -EFAULT; + } + return ret; ++ case COMPAT_CIOCKEY: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ if (!pkc) ++ return -ENOMEM; ++ ++ ret = compat_kop_from_user(&pkc->kop, arg); ++ ++ if (unlikely(ret)) { ++ kfree(pkc); ++ return ret; ++ } + ++ pkc->type = SYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ kfree(pkc); ++ } ++ return ret; + case COMPAT_CIOCCRYPT: + ret = compat_kcop_from_user(&kcop, fcr, arg); + if (unlikely(ret)) +@@ -1247,6 +1328,45 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + + return compat_kcop_to_user(&kcop, fcr, arg); + #endif ++ case COMPAT_CIOCASYMASYNCRYPT: ++ { ++ struct cryptodev_pkc *pkc = ++ kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ ++ ret = compat_kop_from_user(&pkc->kop, arg); ++ if (unlikely(ret)) ++ return -EINVAL; ++ ++ /* Store associated FD priv data with asymmetric request */ ++ pkc->priv = pcr; ++ pkc->type = ASYNCHRONOUS; ++ ret = crypto_run_asym(pkc); ++ if (ret == -EINPROGRESS) ++ ret = 0; ++ } ++ return ret; ++ case COMPAT_CIOCASYMASYNFETCH: ++ { ++ struct cryptodev_pkc *pkc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&pcr->completion_lock, flags); ++ if (list_empty(&pcr->asym_completed_list)) { ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ return -ENOMEM; ++ } ++ pkc = list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ ret = crypto_async_fetch_asym(pkc); ++ ++ /* Reflect the updated request to user-space */ ++ if (!ret) ++ compat_kop_to_user(&pkc->kop, arg); ++ kfree(pkc); ++ } ++ return ret; + default: + return -EINVAL; + } +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch new file mode 100644 index 00000000..2f88eda3 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0005-Asynchronous-interface-changes-in-cryptodev.patch @@ -0,0 +1,213 @@ +From ddc4179a454cea79c8385fd6756d20cbf3c6dcb5 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 07:24:00 +0545 +Subject: [PATCH 5/9] Asynchronous interface changes in cryptodev + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + cryptlib.h | 7 ++++- + crypto/cryptodev.h | 10 ++++++- + cryptodev_int.h | 10 ++++++- + ioctl.c | 76 +++++++++++++++++++++++++++++++++++++----------------- + 4 files changed, 76 insertions(+), 27 deletions(-) + +diff --git a/cryptlib.h b/cryptlib.h +index 56d325a..7ffa54c 100644 +--- a/cryptlib.h ++++ b/cryptlib.h +@@ -113,7 +113,12 @@ struct cryptodev_pkc { + struct pkc_request req; /* PKC request structure allocated + from CryptoAPI */ + enum offload_type type; /* Synchronous Vs Asynchronous request */ +- void *cookie; /*Additional opaque cookie to be used in future */ ++ /* ++ * cookie used for transfering tranparent information from async ++ * submission to async fetch. Currently some dynamic allocated ++ * buffers are maintained which will be freed later during fetch ++ */ ++ void *cookie; + struct crypt_priv *priv; + }; + +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 96675fe..4436fbf 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -254,6 +254,14 @@ struct crypt_kop { + void *cookie; + }; + ++#define MAX_COOKIES 4 ++ ++struct pkc_cookie_list_s { ++ int cookie_available; ++ void *cookie[MAX_COOKIES]; ++ int status[MAX_COOKIES]; ++}; ++ + enum cryptodev_crk_op_t { + CRK_MOD_EXP = 0, + CRK_MOD_EXP_CRT = 1, +@@ -298,5 +306,5 @@ enum cryptodev_crk_op_t { + #define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) + /* additional ioctls for asynchronous operation for asymmetric ciphers*/ + #define CIOCASYMASYNCRYPT _IOW('c', 112, struct crypt_kop) +-#define CIOCASYMASYNFETCH _IOR('c', 113, struct crypt_kop) ++#define CIOCASYMFETCHCOOKIE _IOR('c', 113, struct pkc_cookie_list_s) + #endif /* L_CRYPTODEV_H */ +diff --git a/cryptodev_int.h b/cryptodev_int.h +index cf54dac..5347cae 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -93,6 +93,12 @@ struct compat_crypt_kop { + compat_uptr_t cookie; + }; + ++struct compat_pkc_cookie_list_s { ++ int cookie_available; ++ compat_uptr_t cookie[MAX_COOKIES]; ++ int status[MAX_COOKIES]; ++}; ++ + /* input of CIOCAUTHCRYPT */ + struct compat_crypt_auth_op { + uint32_t ses; /* session identifier */ +@@ -126,11 +132,13 @@ struct compat_crypt_auth_op { + /* compat ioctls, defined for the above structs */ + #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) + #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) ++#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) + #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) + #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) + #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) + #define COMPAT_CIOCASYMASYNCRYPT _IOW('c', 110, struct compat_crypt_kop) +-#define COMPAT_CIOCASYMASYNFETCH _IOR('c', 111, struct compat_crypt_kop) ++#define COMPAT_CIOCASYMFETCHCOOKIE _IOR('c', 111, \ ++ struct compat_pkc_cookie_list_s) + + #endif /* CONFIG_COMPAT */ + +diff --git a/ioctl.c b/ioctl.c +index 3baf3e6..2eb7f03 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -105,8 +105,6 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + crypto_free_pkc(pkc->s); + res->err = err; + if (pkc->type == SYNCHRONOUS) { +- if (err == -EINPROGRESS) +- return; + complete(&res->completion); + } else { + struct crypt_priv *pcr = pkc->priv; +@@ -1051,26 +1049,41 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + ret = 0; + } + return ret; +- case CIOCASYMASYNFETCH: ++ case CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; + unsigned long flags; ++ int i; ++ struct pkc_cookie_list_s cookie_list; + + spin_lock_irqsave(&pcr->completion_lock, flags); +- if (list_empty(&pcr->asym_completed_list)) { +- spin_unlock_irqrestore(&pcr->completion_lock, flags); +- return -ENOMEM; ++ cookie_list.cookie_available = 0; ++ for (i = 0; i < MAX_COOKIES; i++) { ++ if (!list_empty(&pcr->asym_completed_list)) { ++ /* Run a loop in the list for upto elements ++ and copy their response back */ ++ pkc = ++ list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ ret = crypto_async_fetch_asym(pkc); ++ if (!ret) { ++ cookie_list.cookie_available++; ++ cookie_list.cookie[i] = ++ pkc->kop.kop.cookie; ++ cookie_list.status[i] = pkc->result.err; ++ } ++ kfree(pkc); ++ } else { ++ break; ++ } + } +- pkc = list_first_entry(&pcr->asym_completed_list, +- struct cryptodev_pkc, list); +- list_del(&pkc->list); + spin_unlock_irqrestore(&pcr->completion_lock, flags); +- ret = crypto_async_fetch_asym(pkc); + + /* Reflect the updated request to user-space */ +- if (!ret) +- kop_to_user(&pkc->kop, arg); +- kfree(pkc); ++ if (cookie_list.cookie_available) ++ copy_to_user(arg, &cookie_list, ++ sizeof(struct pkc_cookie_list_s)); + } + return ret; + default: +@@ -1345,26 +1358,41 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + ret = 0; + } + return ret; +- case COMPAT_CIOCASYMASYNFETCH: ++ case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; + unsigned long flags; ++ int i = 0; ++ struct compat_pkc_cookie_list_s cookie_list; + + spin_lock_irqsave(&pcr->completion_lock, flags); +- if (list_empty(&pcr->asym_completed_list)) { +- spin_unlock_irqrestore(&pcr->completion_lock, flags); +- return -ENOMEM; ++ cookie_list.cookie_available = 0; ++ ++ for (i = 0; i < MAX_COOKIES; i++) { ++ if (!list_empty(&pcr->asym_completed_list)) { ++ /* Run a loop in the list for upto elements ++ and copy their response back */ ++ pkc = ++ list_first_entry(&pcr->asym_completed_list, ++ struct cryptodev_pkc, list); ++ list_del(&pkc->list); ++ ret = crypto_async_fetch_asym(pkc); ++ if (!ret) { ++ cookie_list.cookie_available++; ++ cookie_list.cookie[i] = ++ pkc->kop.kop.cookie; ++ } ++ kfree(pkc); ++ } else { ++ break; ++ } + } +- pkc = list_first_entry(&pcr->asym_completed_list, +- struct cryptodev_pkc, list); +- list_del(&pkc->list); + spin_unlock_irqrestore(&pcr->completion_lock, flags); +- ret = crypto_async_fetch_asym(pkc); + + /* Reflect the updated request to user-space */ +- if (!ret) +- compat_kop_to_user(&pkc->kop, arg); +- kfree(pkc); ++ if (cookie_list.cookie_available) ++ copy_to_user(arg, &cookie_list, ++ sizeof(struct compat_pkc_cookie_list_s)); + } + return ret; + default: +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch new file mode 100644 index 00000000..e70a057b --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0006-ECC_KEYGEN-and-DLC_KEYGEN-supported-in-cryptodev-mod.patch @@ -0,0 +1,212 @@ +From 30fc86a09109f169815befc2cd8bbfcae79fe7e0 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 07:53:53 +0545 +Subject: [PATCH 6/9] ECC_KEYGEN and DLC_KEYGEN supported in cryptodev module + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + cryptlib.c | 2 ++ + crypto/cryptodev.h | 5 +++- + ioctl.c | 29 +++++++++++++++++-- + main.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 118 insertions(+), 3 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 6900028..47cd568 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -452,6 +452,8 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + case DSA_VERIFY: + case ECDSA_SIGN: + case ECDSA_VERIFY: ++ case DLC_KEYGEN: ++ case ECC_KEYGEN: + pkc->s = crypto_alloc_pkc("pkc(dsa)", + CRYPTO_ALG_TYPE_PKC_DSA, 0); + break; +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 4436fbf..275a55c 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -268,6 +268,8 @@ enum cryptodev_crk_op_t { + CRK_DSA_SIGN = 2, + CRK_DSA_VERIFY = 3, + CRK_DH_COMPUTE_KEY = 4, ++ CRK_DSA_GENERATE_KEY = 5, ++ CRK_DH_GENERATE_KEY = 6, + CRK_ALGORITHM_ALL + }; + +@@ -280,7 +282,8 @@ enum cryptodev_crk_op_t { + #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) + #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) + #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) +- ++#define CRF_DSA_GENERATE_KEY (1 << CRK_DSA_GENERATE_KEY) ++#define CRF_DH_GENERATE_KEY (1 << CRK_DH_GENERATE_KEY) + + /* ioctl's. Compatible with old linux cryptodev.h + */ +diff --git a/ioctl.c b/ioctl.c +index 2eb7f03..c813c8c 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -726,6 +726,23 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) + dh_req->z, dh_req->z_len); + } + break; ++ case CRK_DSA_GENERATE_KEY: ++ case CRK_DH_GENERATE_KEY: ++ { ++ struct keygen_req_s *key_req = &pkc_req->req_u.keygen; ++ ++ if (pkc_req->type == ECC_KEYGEN) { ++ copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[5].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } else { ++ copy_to_user(ckop->crk_param[3].crp_p, ++ key_req->pub_key, key_req->pub_key_len); ++ copy_to_user(ckop->crk_param[4].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } ++ } + default: + ret = -EINVAL; + } +@@ -939,8 +956,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + + switch (cmd) { + case CIOCASYMFEAT: +- return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | +- CRF_DSA_SIGN | CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY, p); ++ return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | ++ CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | ++ CRF_DSA_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -1084,7 +1102,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + if (cookie_list.cookie_available) + copy_to_user(arg, &cookie_list, + sizeof(struct pkc_cookie_list_s)); ++ else { ++ struct pkc_cookie_list_s *user_ck_list = (void *)arg; ++ ++ put_user(0, &(user_ck_list->cookie_available)); ++ } ++ ret = cookie_list.cookie_available; + } ++ + return ret; + default: + return -EINVAL; +diff --git a/main.c b/main.c +index 0b7951e..c901bc7 100644 +--- a/main.c ++++ b/main.c +@@ -342,6 +342,85 @@ err: + return rc; + } + ++int crypto_kop_keygen(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct keygen_req_s *key_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ key_req = &pkc_req->req_u.keygen; ++ key_req->q_len = (cop->crk_param[0].crp_nbits + 7)/8; ++ key_req->r_len = (cop->crk_param[1].crp_nbits + 7)/8; ++ key_req->g_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ if (cop->crk_iparams == 3) { ++ key_req->pub_key_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ key_req->priv_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + ++ key_req->pub_key_len + key_req->priv_key_len; ++ pkc_req->type = DLC_KEYGEN; ++ } else { ++ key_req->ab_len = (cop->crk_param[3].crp_nbits + 7)/8; ++ key_req->pub_key_len = (cop->crk_param[4].crp_nbits + 7)/8; ++ key_req->priv_key_len = (cop->crk_param[5].crp_nbits + 7)/8; ++ buf_size = key_req->q_len + key_req->r_len + key_req->g_len + ++ key_req->pub_key_len + key_req->priv_key_len + ++ key_req->ab_len; ++ pkc_req->type = ECC_KEYGEN; ++ pkc_req->curve_type = cop->curve_type; ++ } ++ ++ buf = kzalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ ++ key_req->q = buf; ++ key_req->r = key_req->q + key_req->q_len; ++ key_req->g = key_req->r + key_req->r_len; ++ key_req->pub_key = key_req->g + key_req->g_len; ++ key_req->priv_key = key_req->pub_key + key_req->pub_key_len; ++ copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); ++ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); ++ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); ++ if (cop->crk_iparams == 3) { ++ copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, ++ key_req->pub_key_len); ++ copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, ++ key_req->priv_key_len); ++ } else { ++ key_req->ab = key_req->priv_key + key_req->priv_key_len; ++ copy_from_user(key_req->ab, cop->crk_param[3].crp_p, ++ key_req->ab_len); ++ copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, ++ key_req->pub_key_len); ++ copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, ++ key_req->priv_key_len); ++ } ++ ++ rc = cryptodev_pkc_offload(pkc); ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ } else { ++ if (rc != -EINPROGRESS && !rc) ++ goto err; ++ ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++} ++ + int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -554,6 +633,12 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) + goto err; + ret = crypto_kop_dh_key(pkc); + break; ++ case CRK_DH_GENERATE_KEY: ++ case CRK_DSA_GENERATE_KEY: ++ if ((kop->kop.crk_iparams != 3 && kop->kop.crk_iparams != 4)) ++ goto err; ++ ret = crypto_kop_keygen(pkc); ++ break; + } + err: + return ret; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch new file mode 100644 index 00000000..93a2248c --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0007-RCU-stall-fixed-in-PKC-asynchronous-interface.patch @@ -0,0 +1,238 @@ +From d60b9dbf53d63092fd292c00bb03c250c26703cf Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Fri, 7 Mar 2014 08:49:15 +0545 +Subject: [PATCH 7/9] RCU stall fixed in PKC asynchronous interface + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +--- + ioctl.c | 23 +++++++++++------------ + main.c | 43 +++++++++++++++++++++++++++---------------- + 2 files changed, 38 insertions(+), 28 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index c813c8c..7e4c671 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -108,10 +108,9 @@ void cryptodev_complete_asym(struct crypto_async_request *req, int err) + complete(&res->completion); + } else { + struct crypt_priv *pcr = pkc->priv; +- unsigned long flags; +- spin_lock_irqsave(&pcr->completion_lock, flags); ++ spin_lock_bh(&pcr->completion_lock); + list_add_tail(&pkc->list, &pcr->asym_completed_list); +- spin_unlock_irqrestore(&pcr->completion_lock, flags); ++ spin_unlock_bh(&pcr->completion_lock); + /* wake for POLLIN */ + wake_up_interruptible(&pcr->user_waiter); + } +@@ -958,7 +957,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +@@ -997,7 +996,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCKEY: + { + struct cryptodev_pkc *pkc = +- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); + + if (!pkc) + return -ENOMEM; +@@ -1053,7 +1052,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMASYNCRYPT: + { + struct cryptodev_pkc *pkc = +- kzalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); ++ kmalloc(sizeof(struct cryptodev_pkc), GFP_KERNEL); + ret = kop_from_user(&pkc->kop, arg); + + if (unlikely(ret)) +@@ -1070,13 +1069,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- unsigned long flags; + int i; + struct pkc_cookie_list_s cookie_list; + +- spin_lock_irqsave(&pcr->completion_lock, flags); + cookie_list.cookie_available = 0; + for (i = 0; i < MAX_COOKIES; i++) { ++ spin_lock_bh(&pcr->completion_lock); + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +@@ -1084,6 +1082,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); ++ spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +@@ -1093,10 +1092,10 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + } + kfree(pkc); + } else { ++ spin_unlock_bh(&pcr->completion_lock); + break; + } + } +- spin_unlock_irqrestore(&pcr->completion_lock, flags); + + /* Reflect the updated request to user-space */ + if (cookie_list.cookie_available) +@@ -1386,14 +1385,13 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + case COMPAT_CIOCASYMFETCHCOOKIE: + { + struct cryptodev_pkc *pkc; +- unsigned long flags; + int i = 0; + struct compat_pkc_cookie_list_s cookie_list; + +- spin_lock_irqsave(&pcr->completion_lock, flags); + cookie_list.cookie_available = 0; + + for (i = 0; i < MAX_COOKIES; i++) { ++ spin_lock_bh(&pcr->completion_lock); + if (!list_empty(&pcr->asym_completed_list)) { + /* Run a loop in the list for upto elements + and copy their response back */ +@@ -1401,6 +1399,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + list_first_entry(&pcr->asym_completed_list, + struct cryptodev_pkc, list); + list_del(&pkc->list); ++ spin_unlock_bh(&pcr->completion_lock); + ret = crypto_async_fetch_asym(pkc); + if (!ret) { + cookie_list.cookie_available++; +@@ -1409,10 +1408,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) + } + kfree(pkc); + } else { ++ spin_unlock_bh(&pcr->completion_lock); + break; + } + } +- spin_unlock_irqrestore(&pcr->completion_lock, flags); + + /* Reflect the updated request to user-space */ + if (cookie_list.cookie_available) +diff --git a/main.c b/main.c +index c901bc7..2747706 100644 +--- a/main.c ++++ b/main.c +@@ -215,7 +215,9 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) + pkc_req->type = DSA_SIGN; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + + dsa_req->q = buf; + dsa_req->r = dsa_req->q + dsa_req->q_len; +@@ -298,7 +300,9 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) + pkc_req->type = DSA_VERIFY; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + + dsa_req->q = buf; + dsa_req->r = dsa_req->q + dsa_req->q_len; +@@ -378,7 +382,7 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + pkc_req->curve_type = cop->curve_type; + } + +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); + if (!buf) + return -ENOMEM; + +@@ -390,25 +394,28 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); + copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); + copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); +- if (cop->crk_iparams == 3) { +- copy_from_user(key_req->pub_key, cop->crk_param[3].crp_p, +- key_req->pub_key_len); +- copy_from_user(key_req->priv_key, cop->crk_param[4].crp_p, +- key_req->priv_key_len); +- } else { ++ if (cop->crk_iparams == 4) { + key_req->ab = key_req->priv_key + key_req->priv_key_len; + copy_from_user(key_req->ab, cop->crk_param[3].crp_p, + key_req->ab_len); +- copy_from_user(key_req->pub_key, cop->crk_param[4].crp_p, +- key_req->pub_key_len); +- copy_from_user(key_req->priv_key, cop->crk_param[5].crp_p, +- key_req->priv_key_len); + } + + rc = cryptodev_pkc_offload(pkc); + if (pkc->type == SYNCHRONOUS) { + if (rc) + goto err; ++ ++ if (cop->crk_iparams == 4) { ++ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, ++ key_req->priv_key_len); ++ } else { ++ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, ++ key_req->pub_key_len); ++ copy_to_user(cop->crk_param[4].crp_p, ++ key_req->priv_key, key_req->priv_key_len); ++ } + } else { + if (rc != -EINPROGRESS && !rc) + goto err; +@@ -447,7 +454,9 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) + pkc_req->type = DH_COMPUTE_KEY; + } + buf_size += dh_req->z_len; +- buf = kzalloc(buf_size, GFP_DMA); ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + dh_req->q = buf; + dh_req->s = dh_req->q + dh_req->q_len; + dh_req->pub_key = dh_req->s + dh_req->s_len; +@@ -508,9 +517,11 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) + rsa_req->dq_len = (cop->crk_param[4].crp_nbits + 7)/8; + rsa_req->c_len = (cop->crk_param[5].crp_nbits + 7)/8; + rsa_req->f_len = (cop->crk_param[6].crp_nbits + 7)/8; +- buf = kzalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + ++ buf = kmalloc(rsa_req->p_len + rsa_req->q_len + rsa_req->f_len + + rsa_req->dp_len + rsa_req->dp_len + rsa_req->c_len + + rsa_req->g_len, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; + rsa_req->p = buf; + rsa_req->q = rsa_req->p + rsa_req->p_len; + rsa_req->g = rsa_req->q + rsa_req->q_len; +@@ -563,7 +574,7 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) + rsa_req->e_len = (cop->crk_param[1].crp_nbits + 7)/8; + rsa_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; + rsa_req->g_len = (cop->crk_param[3].crp_nbits + 7)/8; +- buf = kzalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len ++ buf = kmalloc(rsa_req->f_len + rsa_req->e_len + rsa_req->n_len + + rsa_req->g_len, GFP_DMA); + if (!buf) + return -ENOMEM; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch new file mode 100644 index 00000000..affb2e72 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0008-Add-RSA-Key-generation-offloading.patch @@ -0,0 +1,170 @@ +From af5e4289f60c38ab17adab14c82d6204d155f25f Mon Sep 17 00:00:00 2001 +From: Hou Zhiqiang <B48286@freescale.com> +Date: Wed, 19 Mar 2014 14:02:46 +0800 +Subject: [PATCH 8/9] Add RSA Key generation offloading + +Upstream-status: Pending + +Signed-off-by: Hou Zhiqiang <B48286@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + cryptlib.c | 1 + + crypto/cryptodev.h | 2 ++ + ioctl.c | 3 +- + main.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++- + 4 files changed, 84 insertions(+), 2 deletions(-) + +diff --git a/cryptlib.c b/cryptlib.c +index 47cd568..4dd1847 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -441,6 +441,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) + struct pkc_request *pkc_req = &pkc->req, *pkc_requested; + + switch (pkc_req->type) { ++ case RSA_KEYGEN: + case RSA_PUB: + case RSA_PRIV_FORM1: + case RSA_PRIV_FORM2: +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index 275a55c..d0cc542 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -270,6 +270,7 @@ enum cryptodev_crk_op_t { + CRK_DH_COMPUTE_KEY = 4, + CRK_DSA_GENERATE_KEY = 5, + CRK_DH_GENERATE_KEY = 6, ++ CRK_RSA_GENERATE_KEY = 7, + CRK_ALGORITHM_ALL + }; + +@@ -279,6 +280,7 @@ enum cryptodev_crk_op_t { + */ + #define CRF_MOD_EXP (1 << CRK_MOD_EXP) + #define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) ++#define CRF_RSA_GENERATE_KEY (1 << CRK_RSA_GENERATE_KEY) + #define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) + #define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) + #define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) +diff --git a/ioctl.c b/ioctl.c +index 7e4c671..14888d6 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -957,7 +957,8 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | ++ CRF_RSA_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +diff --git a/main.c b/main.c +index 2747706..14dcf40 100644 +--- a/main.c ++++ b/main.c +@@ -346,6 +346,82 @@ err: + return rc; + } + ++int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) ++{ ++ struct kernel_crypt_kop *kop = &pkc->kop; ++ struct crypt_kop *cop = &kop->kop; ++ struct pkc_request *pkc_req; ++ struct rsa_keygen_req_s *key_req; ++ int rc, buf_size; ++ uint8_t *buf; ++ ++ if (!cop->crk_param[0].crp_nbits || !cop->crk_param[1].crp_nbits || ++ !cop->crk_param[2].crp_nbits || !cop->crk_param[3].crp_nbits || ++ !cop->crk_param[4].crp_nbits || !cop->crk_param[5].crp_nbits || ++ !cop->crk_param[6].crp_nbits) ++ return -EINVAL; ++ ++ pkc_req = &pkc->req; ++ pkc_req->type = RSA_KEYGEN; ++ key_req = &pkc_req->req_u.rsa_keygen; ++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7)/8; ++ key_req->p_len = (cop->crk_param[0].crp_nbits + 7) / 8; ++ key_req->q_len = (cop->crk_param[1].crp_nbits + 7) / 8; ++ key_req->n_len = (cop->crk_param[2].crp_nbits + 7) / 8; ++ key_req->d_len = (cop->crk_param[3].crp_nbits + 7) / 8; ++ key_req->dp_len = (cop->crk_param[4].crp_nbits + 7) / 8; ++ key_req->dq_len = (cop->crk_param[5].crp_nbits + 7) / 8; ++ key_req->c_len = (cop->crk_param[6].crp_nbits + 7) / 8; ++ ++ buf_size = key_req->p_len + key_req->q_len + key_req->n_len + ++ key_req->d_len + key_req->dp_len + ++ key_req->dq_len + key_req->c_len; ++ ++ buf = kmalloc(buf_size, GFP_DMA); ++ if (!buf) ++ return -ENOMEM; ++ key_req->p = buf; ++ key_req->q = key_req->p + key_req->p_len; ++ key_req->n = key_req->q + key_req->q_len; ++ key_req->d = key_req->n + key_req->n_len; ++ key_req->dp = key_req->d + key_req->d_len; ++ key_req->dq = key_req->dp + key_req->dp_len; ++ key_req->c = key_req->dq + key_req->dq_len; ++ ++ rc = cryptodev_pkc_offload(pkc); ++ ++ if (pkc->type == SYNCHRONOUS) { ++ if (rc) ++ goto err; ++ ++ copy_to_user(cop->crk_param[0].crp_p, ++ key_req->p, key_req->p_len); ++ copy_to_user(cop->crk_param[1].crp_p, ++ key_req->q, key_req->q_len); ++ copy_to_user(cop->crk_param[2].crp_p, ++ key_req->n, key_req->n_len); ++ copy_to_user(cop->crk_param[3].crp_p, ++ key_req->d, key_req->d_len); ++ copy_to_user(cop->crk_param[4].crp_p, ++ key_req->dp, key_req->dp_len); ++ copy_to_user(cop->crk_param[5].crp_p, ++ key_req->dq, key_req->dq_len); ++ copy_to_user(cop->crk_param[6].crp_p, ++ key_req->c, key_req->c_len); ++ } else { ++ if (rc != -EINPROGRESS && !rc) { ++ printk("%s: Failed\n", __func__); ++ goto err; ++ } ++ pkc->cookie = buf; ++ return rc; ++ } ++err: ++ kfree(buf); ++ return rc; ++ ++} ++ + int crypto_kop_keygen(struct cryptodev_pkc *pkc) + { + struct kernel_crypt_kop *kop = &pkc->kop; +@@ -385,7 +461,6 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) + buf = kmalloc(buf_size, GFP_DMA); + if (!buf) + return -ENOMEM; +- + key_req->q = buf; + key_req->r = key_req->q + key_req->q_len; + key_req->g = key_req->r + key_req->r_len; +@@ -650,6 +725,9 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) + goto err; + ret = crypto_kop_keygen(pkc); + break; ++ case CRK_RSA_GENERATE_KEY: ++ ret = crypto_kop_rsa_keygen(pkc); ++ break; + } + err: + return ret; +-- +1.8.3.1 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch new file mode 100644 index 00000000..32757ca9 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0009-Fixed-compilation-error-of-openssl-with-fsl-cryptode.patch @@ -0,0 +1,160 @@ +From e791b55b03d295ee11476382a7bd93ab131e2e52 Mon Sep 17 00:00:00 2001 +From: Yashpal Dutta <yashpal.dutta@freescale.com> +Date: Thu, 17 Apr 2014 07:08:47 +0545 +Subject: [PATCH 9/9] Fixed compilation error of openssl with fsl cryptodev + +Upstream-status: Pending + +Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com> +Tested-by: Cristian Stoica <cristian.stoica@freescale.com> +--- + authenc.c | 1 + + cryptlib.c | 9 ++++----- + crypto/cryptodev.h | 9 ++++++++- + cryptodev_int.h | 2 +- + ioctl.c | 8 ++++++-- + main.c | 1 + + 6 files changed, 21 insertions(+), 9 deletions(-) + +diff --git a/authenc.c b/authenc.c +index ef0d3db..2aa4d38 100644 +--- a/authenc.c ++++ b/authenc.c +@@ -2,6 +2,7 @@ + * Driver for /dev/crypto device (aka CryptoDev) + * + * Copyright (c) 2011, 2012 OpenSSL Software Foundation, Inc. ++ * Copyright (c) 2014 Freescale Semiconductor, Inc. + * + * Author: Nikos Mavrogiannopoulos + * +diff --git a/cryptlib.c b/cryptlib.c +index 4dd1847..ec6693e 100644 +--- a/cryptlib.c ++++ b/cryptlib.c +@@ -4,8 +4,7 @@ + * Copyright (c) 2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> + * Portions Copyright (c) 2010 Michael Weiser + * Portions Copyright (c) 2010 Phil Sutter +- * +- * Copyright 2012 Freescale Semiconductor, Inc. ++ * Copyright 2012-2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -144,7 +143,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + if (alg->max_keysize > 0 && + unlikely((keylen < alg->min_keysize) || + (keylen > alg->max_keysize))) { +- ddebug(1, "Wrong keylen '%zu' for algorithm '%s'. Use %u to %u.", ++ ddebug(1, "Wrong keylen '%u' for algorithm '%s'. Use %u to %u.", + keylen, alg_name, alg->min_keysize, alg->max_keysize); + ret = -EINVAL; + goto error; +@@ -171,7 +170,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, + } + + if (unlikely(ret)) { +- ddebug(1, "Setting key failed for %s-%zu.", alg_name, keylen*8); ++ ddebug(1, "Setting key failed for %s-%u.", alg_name, keylen*8); + ret = -EINVAL; + goto error; + } +@@ -338,7 +337,7 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, + if (hmac_mode != 0) { + ret = crypto_ahash_setkey(hdata->async.s, mackey, mackeylen); + if (unlikely(ret)) { +- ddebug(1, "Setting hmac key failed for %s-%zu.", ++ ddebug(1, "Setting hmac key failed for %s-%u.", + alg_name, mackeylen*8); + ret = -EINVAL; + goto error; +diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h +index d0cc542..e7edd97 100644 +--- a/crypto/cryptodev.h ++++ b/crypto/cryptodev.h +@@ -234,6 +234,13 @@ struct crypt_auth_op { + #define CRYPTO_ALG_FLAG_RNG_ENABLE 2 + #define CRYPTO_ALG_FLAG_DSA_SHA 4 + ++enum ec_curve_t { ++ EC_DISCRETE_LOG, ++ EC_PRIME, ++ EC_BINARY, ++ MAX_EC_TYPE ++}; ++ + struct crparam { + __u8 *crp_p; + __u32 crp_nbits; +@@ -249,7 +256,7 @@ struct crypt_kop { + __u16 crk_oparams; + __u32 crk_pad1; + struct crparam crk_param[CRK_MAXPARAM]; +- enum curve_t curve_type; /* 0 == Discrete Log, ++ enum ec_curve_t curve_type; /* 0 == Discrete Log, + 1 = EC_PRIME, 2 = EC_BINARY */ + void *cookie; + }; +diff --git a/cryptodev_int.h b/cryptodev_int.h +index 5347cae..c83c885 100644 +--- a/cryptodev_int.h ++++ b/cryptodev_int.h +@@ -88,7 +88,7 @@ struct compat_crypt_kop { + uint16_t crk_oparams; + uint32_t crk_pad1; + struct compat_crparam crk_param[CRK_MAXPARAM]; +- enum curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, ++ enum ec_curve_t curve_type; /* 0 == Discrete Log, 1 = EC_PRIME, + 2 = EC_BINARY */ + compat_uptr_t cookie; + }; +diff --git a/ioctl.c b/ioctl.c +index 14888d6..20ab4ca 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -4,7 +4,7 @@ + * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs + * Copyright (c) 2009,2010,2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> + * Copyright (c) 2010 Phil Sutter +- * Copyright 2012 Freescale Semiconductor, Inc. ++ * Copyright 2012-2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +@@ -501,6 +501,7 @@ cryptodev_open(struct inode *inode, struct file *filp) + INIT_LIST_HEAD(&pcr->done.list); + INIT_LIST_HEAD(&pcr->asym_completed_list); + spin_lock_init(&pcr->completion_lock); ++ + INIT_WORK(&pcr->cryptask, cryptask_routine); + + init_waitqueue_head(&pcr->user_waiter); +@@ -780,8 +781,11 @@ static int fill_kcop_from_cop(struct kernel_crypt_op *kcop, struct fcrypt *fcr) + + if (cop->iv) { + rc = copy_from_user(kcop->iv, cop->iv, kcop->ivlen); +- if (unlikely(rc)) ++ if (unlikely(rc)) { ++ derr(1, "error copying IV (%d bytes), copy_from_user returned %d for address %p", ++ kcop->ivlen, rc, cop->iv); + return -EFAULT; ++ } + } + + return 0; +diff --git a/main.c b/main.c +index 14dcf40..6365911 100644 +--- a/main.c ++++ b/main.c +@@ -3,6 +3,7 @@ + * + * Copyright (c) 2004 Michal Ludvig <mludvig@logix.net.nz>, SuSE Labs + * Copyright (c) 2009-2013 Nikos Mavrogiannopoulos <nmav@gnutls.org> ++ * Copyright (c) 2014 Freescale Semiconductor, Inc. + * + * This file is part of linux cryptodev. + * +-- +2.2.0 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend new file mode 100644 index 00000000..3cbbb3dd --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-linux_1.7.bbappend @@ -0,0 +1,2 @@ +require recipes-kernel/cryptodev/cryptodev-fsl.inc + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend new file mode 100644 index 00000000..2bf012c1 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.7.bbappend @@ -0,0 +1,12 @@ +require recipes-kernel/cryptodev/cryptodev-fsl.inc + +inherit qoriq_build_64bit_kernel + +do_install_append_qoriq-ppc () { + rm -fr ${D}/usr +} + +# Currently pkc-host does not support RSA_KEYGEN, remove this +# if it is fixed. +SRC_URI_append_qoriq-ppc = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" + |