lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1574029845-22796-12-git-send-email-iuliana.prodan@nxp.com>
Date:   Mon, 18 Nov 2019 00:30:44 +0200
From:   Iuliana Prodan <iuliana.prodan@....com>
To:     Herbert Xu <herbert@...dor.apana.org.au>,
        Horia Geanta <horia.geanta@....com>,
        Aymen Sghaier <aymen.sghaier@....com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Tom Lendacky <thomas.lendacky@....com>,
        Gary Hook <gary.hook@....com>, linux-crypto@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-imx <linux-imx@....com>,
        Iuliana Prodan <iuliana.prodan@....com>
Subject: [PATCH 11/12] crypto: caam - add crypto_engine support for RSA algorithms

Add crypto_engine support for RSA algorithms, to make use of
the engine queue.
The requests, with backlog flag, will be listed into crypto-engine
queue and processed by CAAM when free. In case the queue is empty,
the request is directly sent to CAAM.

Signed-off-by: Iuliana Prodan <iuliana.prodan@....com>
---
 drivers/crypto/caam/caampkc.c | 124 ++++++++++++++++++++++++++++++------------
 drivers/crypto/caam/caampkc.h |   8 +++
 drivers/crypto/caam/jr.c      |   3 +
 3 files changed, 101 insertions(+), 34 deletions(-)

diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
index bb0e4b9..8ffce06 100644
--- a/drivers/crypto/caam/caampkc.c
+++ b/drivers/crypto/caam/caampkc.c
@@ -118,19 +118,28 @@ static void rsa_pub_done(struct device *dev, u32 *desc, u32 err, void *context)
 {
 	struct caam_jr_request_entry *jrentry = context;
 	struct akcipher_request *req = akcipher_request_cast(jrentry->base);
+	struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
+	struct caam_drv_private_jr *jrp = dev_get_drvdata(dev);
 	struct rsa_edesc *edesc;
 	int ecode = 0;
 
 	if (err)
 		ecode = caam_jr_strstatus(dev, err);
 
-	edesc = container_of(desc, struct rsa_edesc, hw_desc[0]);
+	edesc = req_ctx->edesc;
 
 	rsa_pub_unmap(dev, edesc, req);
 	rsa_io_unmap(dev, edesc, req);
 	kfree(edesc);
 
-	akcipher_request_complete(req, ecode);
+	/*
+	 * If no backlog flag, the completion of the request is done
+	 * by CAAM, not crypto engine.
+	 */
+	if (!jrentry->bklog)
+		akcipher_request_complete(req, ecode);
+	else
+		crypto_finalize_akcipher_request(jrp->engine, req, ecode);
 }
 
 static void rsa_priv_f_done(struct device *dev, u32 *desc, u32 err,
@@ -139,15 +148,17 @@ static void rsa_priv_f_done(struct device *dev, u32 *desc, u32 err,
 	struct caam_jr_request_entry *jrentry = context;
 	struct akcipher_request *req = akcipher_request_cast(jrentry->base);
 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
+	struct caam_drv_private_jr *jrp = dev_get_drvdata(dev);
 	struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
 	struct caam_rsa_key *key = &ctx->key;
+	struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
 	struct rsa_edesc *edesc;
 	int ecode = 0;
 
 	if (err)
 		ecode = caam_jr_strstatus(dev, err);
 
-	edesc = container_of(desc, struct rsa_edesc, hw_desc[0]);
+	edesc = req_ctx->edesc;
 
 	switch (key->priv_form) {
 	case FORM1:
@@ -163,7 +174,14 @@ static void rsa_priv_f_done(struct device *dev, u32 *desc, u32 err,
 	rsa_io_unmap(dev, edesc, req);
 	kfree(edesc);
 
-	akcipher_request_complete(req, ecode);
+	/*
+	 * If no backlog flag, the completion of the request is done
+	 * by CAAM, not crypto engine.
+	 */
+	if (!jrentry->bklog)
+		akcipher_request_complete(req, ecode);
+	else
+		crypto_finalize_akcipher_request(jrp->engine, req, ecode);
 }
 
 /**
@@ -311,14 +329,16 @@ static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req,
 	edesc->src_nents = src_nents;
 	edesc->dst_nents = dst_nents;
 
+	edesc->jrentry.base = &req->base;
+
+	req_ctx->edesc = edesc;
+
 	if (!sec4_sg_bytes)
 		return edesc;
 
 	edesc->mapped_src_nents = mapped_src_nents;
 	edesc->mapped_dst_nents = mapped_dst_nents;
 
-	edesc->jrentry.base = &req->base;
-
 	edesc->sec4_sg_dma = dma_map_single(dev, edesc->sec4_sg,
 					    sec4_sg_bytes, DMA_TO_DEVICE);
 	if (dma_mapping_error(dev, edesc->sec4_sg_dma)) {
@@ -343,6 +363,34 @@ static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req,
 	return ERR_PTR(-ENOMEM);
 }
 
+static int akcipher_do_one_req(struct crypto_engine *engine, void *areq)
+{
+	int ret;
+	struct akcipher_request *req = akcipher_request_cast(areq);
+	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
+	struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
+	struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+	struct caam_jr_request_entry *jrentry;
+	struct device *jrdev = ctx->dev;
+	u32 *desc = req_ctx->edesc->hw_desc;
+
+	jrentry = &req_ctx->edesc->jrentry;
+	jrentry->bklog = true;
+
+	ret = caam_jr_enqueue_no_bklog(jrdev, desc, req_ctx->akcipher_op_done,
+				       jrentry);
+
+	if (ret != -EINPROGRESS) {
+		rsa_pub_unmap(jrdev, req_ctx->edesc, req);
+		rsa_io_unmap(jrdev, req_ctx->edesc, req);
+		kfree(req_ctx->edesc);
+	} else {
+		ret = 0;
+	}
+
+	return ret;
+}
+
 static int set_rsa_pub_pdb(struct akcipher_request *req,
 			   struct rsa_edesc *edesc)
 {
@@ -610,10 +658,11 @@ static int caam_rsa_enc(struct akcipher_request *req)
 {
 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 	struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+	struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
 	struct caam_rsa_key *key = &ctx->key;
 	struct device *jrdev = ctx->dev;
 	struct rsa_edesc *edesc;
-	struct caam_jr_request_entry *jrentry;
+	u32 *desc;
 	int ret;
 
 	if (unlikely(!key->n || !key->e))
@@ -635,14 +684,14 @@ static int caam_rsa_enc(struct akcipher_request *req)
 	if (ret)
 		goto init_fail;
 
-	/* Initialize Job Descriptor */
-	init_rsa_pub_desc(edesc->hw_desc, &edesc->pdb.pub);
+	desc = edesc->hw_desc;
 
-	jrentry = &edesc->jrentry;
-	jrentry->base = &req->base;
+	/* Initialize Job Descriptor */
+	init_rsa_pub_desc(desc, &edesc->pdb.pub);
 
-	ret = caam_jr_enqueue(jrdev, edesc->hw_desc, rsa_pub_done, jrentry);
-	if (ret == -EINPROGRESS)
+	req_ctx->akcipher_op_done = rsa_pub_done;
+	ret = caam_jr_enqueue(jrdev, desc, rsa_pub_done, &edesc->jrentry);
+	if (ret == -EINPROGRESS || ret == -EBUSY)
 		return ret;
 
 	rsa_pub_unmap(jrdev, edesc, req);
@@ -657,9 +706,10 @@ static int caam_rsa_dec_priv_f1(struct akcipher_request *req)
 {
 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 	struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+	struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
 	struct device *jrdev = ctx->dev;
 	struct rsa_edesc *edesc;
-	struct caam_jr_request_entry *jrentry;
+	u32 *desc;
 	int ret;
 
 	/* Allocate extended descriptor */
@@ -672,14 +722,14 @@ static int caam_rsa_dec_priv_f1(struct akcipher_request *req)
 	if (ret)
 		goto init_fail;
 
-	/* Initialize Job Descriptor */
-	init_rsa_priv_f1_desc(edesc->hw_desc, &edesc->pdb.priv_f1);
+	desc = edesc->hw_desc;
 
-	jrentry = &edesc->jrentry;
-	jrentry->base = &req->base;
+	/* Initialize Job Descriptor */
+	init_rsa_priv_f1_desc(desc, &edesc->pdb.priv_f1);
 
-	ret = caam_jr_enqueue(jrdev, edesc->hw_desc, rsa_priv_f_done, jrentry);
-	if (ret == -EINPROGRESS)
+	req_ctx->akcipher_op_done = rsa_priv_f_done;
+	ret = caam_jr_enqueue(jrdev, desc, rsa_priv_f_done, &edesc->jrentry);
+	if (ret == -EINPROGRESS || ret == -EBUSY)
 		return ret;
 
 	rsa_priv_f1_unmap(jrdev, edesc, req);
@@ -694,9 +744,10 @@ static int caam_rsa_dec_priv_f2(struct akcipher_request *req)
 {
 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 	struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+	struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
 	struct device *jrdev = ctx->dev;
 	struct rsa_edesc *edesc;
-	struct caam_jr_request_entry *jrentry;
+	u32 *desc;
 	int ret;
 
 	/* Allocate extended descriptor */
@@ -709,14 +760,14 @@ static int caam_rsa_dec_priv_f2(struct akcipher_request *req)
 	if (ret)
 		goto init_fail;
 
-	/* Initialize Job Descriptor */
-	init_rsa_priv_f2_desc(edesc->hw_desc, &edesc->pdb.priv_f2);
+	desc = edesc->hw_desc;
 
-	jrentry = &edesc->jrentry;
-	jrentry->base = &req->base;
+	/* Initialize Job Descriptor */
+	init_rsa_priv_f2_desc(desc, &edesc->pdb.priv_f2);
 
-	ret = caam_jr_enqueue(jrdev, edesc->hw_desc, rsa_priv_f_done, jrentry);
-	if (ret == -EINPROGRESS)
+	req_ctx->akcipher_op_done = rsa_priv_f_done;
+	ret = caam_jr_enqueue(jrdev, desc, rsa_priv_f_done, &edesc->jrentry);
+	if (ret == -EINPROGRESS || ret == -EBUSY)
 		return ret;
 
 	rsa_priv_f2_unmap(jrdev, edesc, req);
@@ -731,9 +782,10 @@ static int caam_rsa_dec_priv_f3(struct akcipher_request *req)
 {
 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 	struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+	struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
 	struct device *jrdev = ctx->dev;
 	struct rsa_edesc *edesc;
-	struct caam_jr_request_entry *jrentry;
+	u32 *desc;
 	int ret;
 
 	/* Allocate extended descriptor */
@@ -746,14 +798,14 @@ static int caam_rsa_dec_priv_f3(struct akcipher_request *req)
 	if (ret)
 		goto init_fail;
 
-	/* Initialize Job Descriptor */
-	init_rsa_priv_f3_desc(edesc->hw_desc, &edesc->pdb.priv_f3);
+	desc = edesc->hw_desc;
 
-	jrentry = &edesc->jrentry;
-	jrentry->base = &req->base;
+	/* Initialize Job Descriptor */
+	init_rsa_priv_f3_desc(desc, &edesc->pdb.priv_f3);
 
-	ret = caam_jr_enqueue(jrdev, edesc->hw_desc, rsa_priv_f_done, jrentry);
-	if (ret == -EINPROGRESS)
+	req_ctx->akcipher_op_done = rsa_priv_f_done;
+	ret = caam_jr_enqueue(jrdev, desc, rsa_priv_f_done, &edesc->jrentry);
+	if (ret == -EINPROGRESS || ret == -EBUSY)
 		return ret;
 
 	rsa_priv_f3_unmap(jrdev, edesc, req);
@@ -1049,6 +1101,10 @@ static int caam_rsa_init_tfm(struct crypto_akcipher *tfm)
 		return -ENOMEM;
 	}
 
+	ctx->enginectx.op.do_one_request = akcipher_do_one_req;
+
+	akcipher_set_reqsize(tfm, sizeof(struct caam_rsa_req_ctx));
+
 	return 0;
 }
 
diff --git a/drivers/crypto/caam/caampkc.h b/drivers/crypto/caam/caampkc.h
index fe46d73..d31b040 100644
--- a/drivers/crypto/caam/caampkc.h
+++ b/drivers/crypto/caam/caampkc.h
@@ -13,6 +13,7 @@
 #include "compat.h"
 #include "intern.h"
 #include "pdb.h"
+#include <crypto/engine.h>
 
 /**
  * caam_priv_key_form - CAAM RSA private key representation
@@ -88,11 +89,13 @@ struct caam_rsa_key {
 
 /**
  * caam_rsa_ctx - per session context.
+ * @enginectx   : crypto engine context
  * @key         : RSA key in DMA zone
  * @dev         : device structure
  * @padding_dma : dma address of padding, for adding it to the input
  */
 struct caam_rsa_ctx {
+	struct crypto_engine_ctx enginectx;
 	struct caam_rsa_key key;
 	struct device *dev;
 	dma_addr_t padding_dma;
@@ -104,11 +107,16 @@ struct caam_rsa_ctx {
  * @src           : input scatterlist (stripped of leading zeros)
  * @fixup_src     : input scatterlist (that might be stripped of leading zeros)
  * @fixup_src_len : length of the fixup_src input scatterlist
+ * @edesc         : s/w-extended rsa descriptor
+ * @akcipher_op_done : callback used when operation is done
  */
 struct caam_rsa_req_ctx {
 	struct scatterlist src[2];
 	struct scatterlist *fixup_src;
 	unsigned int fixup_src_len;
+	struct rsa_edesc *edesc;
+	void (*akcipher_op_done)(struct device *jrdev, u32 *desc, u32 err,
+				 void *context);
 };
 
 /**
diff --git a/drivers/crypto/caam/jr.c b/drivers/crypto/caam/jr.c
index 7e6632d..579b1ba 100644
--- a/drivers/crypto/caam/jr.c
+++ b/drivers/crypto/caam/jr.c
@@ -437,6 +437,9 @@ static int transfer_request_to_engine(struct crypto_engine *engine,
 	case CRYPTO_ALG_TYPE_AEAD:
 		return crypto_transfer_aead_request_to_engine(engine,
 							      aead_request_cast(req));
+	case CRYPTO_ALG_TYPE_AKCIPHER:
+		return crypto_transfer_akcipher_request_to_engine(engine,
+								  akcipher_request_cast(req));
 	default:
 		return -EINVAL;
 	}
-- 
2.1.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ