2019-09-13 16:34:40

by Pascal van Leeuwen

[permalink] [raw]
Subject: [PATCH 0/3] crypto: inside-secure - Added more authenc w/ (3)DES

This patchset adds the remaining authencs with DES or 3DES currently
supported with vectors by testmgr.

The patchset has been tested with the eip197c_iewxkbc configuration on the
Xilinx VCU118 development boardi as well as on the Macchiatobin board,
including the testmgr extra tests.

Pascal van Leeuwen (3):
crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC
crypto: inside-secure - Added support for authenc HMAC-SHA2/3DES-CBC
crypto: inside-secure - Added support for authenc HMAC-SHA2/DES-CBC

drivers/crypto/inside-secure/safexcel.c | 9 +
drivers/crypto/inside-secure/safexcel.h | 9 +
drivers/crypto/inside-secure/safexcel_cipher.c | 317 +++++++++++++++++++++++++
3 files changed, 335 insertions(+)

--
1.8.3.1


2019-09-13 16:34:40

by Pascal van Leeuwen

[permalink] [raw]
Subject: [PATCH 2/3] crypto: inside-secure - Added support for authenc HMAC-SHA2/3DES-CBC

This patch adds support for the authenc(hmac(sha224),cbc(des3_ede)),
authenc(hmac(sha256),cbc(des3_ede)), authenc(hmac(sha384),cbc(des3_ede))
and authenc(hmac(sha512),cbc(des3_ede)) aead's

Signed-off-by: Pascal van Leeuwen <[email protected]>
---
drivers/crypto/inside-secure/safexcel.c | 4 +
drivers/crypto/inside-secure/safexcel.h | 4 +
drivers/crypto/inside-secure/safexcel_cipher.c | 136 +++++++++++++++++++++++++
3 files changed, 144 insertions(+)

diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
index 617c70b..4222ffa 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1196,6 +1196,10 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
&safexcel_alg_hmac_sha3_384,
&safexcel_alg_hmac_sha3_512,
&safexcel_alg_authenc_hmac_sha1_cbc_des,
+ &safexcel_alg_authenc_hmac_sha256_cbc_des3_ede,
+ &safexcel_alg_authenc_hmac_sha224_cbc_des3_ede,
+ &safexcel_alg_authenc_hmac_sha512_cbc_des3_ede,
+ &safexcel_alg_authenc_hmac_sha384_cbc_des3_ede,
};

static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
index b020e27..fd6798f 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -896,5 +896,9 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_384;
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_512;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_des3_ede;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des3_ede;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_des3_ede;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_des3_ede;

#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index 435f184..0d26bea 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -1865,6 +1865,142 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = {
},
};

+static int safexcel_aead_sha256_des3_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha256_cra_init(tfm);
+ ctx->alg = SAFEXCEL_3DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_des3_ede = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES3_EDE_BLOCK_SIZE,
+ .maxauthsize = SHA256_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha256),cbc(des3_ede))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha256-cbc-des3_ede",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+ CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES3_EDE_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha256_des3_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
+static int safexcel_aead_sha224_des3_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha224_cra_init(tfm);
+ ctx->alg = SAFEXCEL_3DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des3_ede = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES3_EDE_BLOCK_SIZE,
+ .maxauthsize = SHA224_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha224),cbc(des3_ede))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha224-cbc-des3_ede",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+ CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES3_EDE_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha224_des3_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
+static int safexcel_aead_sha512_des3_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha512_cra_init(tfm);
+ ctx->alg = SAFEXCEL_3DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_des3_ede = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_512,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES3_EDE_BLOCK_SIZE,
+ .maxauthsize = SHA512_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha512),cbc(des3_ede))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha512-cbc-des3_ede",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+ CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES3_EDE_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha512_des3_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
+static int safexcel_aead_sha384_des3_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha384_cra_init(tfm);
+ ctx->alg = SAFEXCEL_3DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_des3_ede = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_512,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES3_EDE_BLOCK_SIZE,
+ .maxauthsize = SHA384_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha384),cbc(des3_ede))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha384-cbc-des3_ede",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+ CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES3_EDE_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha384_des3_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
static int safexcel_aead_sha1_des_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
--
1.8.3.1

2019-09-13 16:35:39

by Pascal van Leeuwen

[permalink] [raw]
Subject: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC

This patch adds support for the authenc(hmac(sha1),cbc(des)) aead

Signed-off-by: Pascal van Leeuwen <[email protected]>
---
drivers/crypto/inside-secure/safexcel.c | 1 +
drivers/crypto/inside-secure/safexcel.h | 1 +
drivers/crypto/inside-secure/safexcel_cipher.c | 45 ++++++++++++++++++++++++++
3 files changed, 47 insertions(+)

diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
index 12cb939..617c70b 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1195,6 +1195,7 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
&safexcel_alg_hmac_sha3_256,
&safexcel_alg_hmac_sha3_384,
&safexcel_alg_hmac_sha3_512,
+ &safexcel_alg_authenc_hmac_sha1_cbc_des,
};

static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
index 82953b3..b020e27 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -895,5 +895,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_256;
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_384;
extern struct safexcel_alg_template safexcel_alg_hmac_sha3_512;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des;

#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index bf2b1f9..435f184 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -348,6 +348,7 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key,
struct safexcel_crypto_priv *priv = ctx->priv;
struct crypto_authenc_keys keys;
struct crypto_aes_ctx aes;
+ u32 tmp[DES_EXPKEY_WORDS];
u32 flags;
int err = -EINVAL;

@@ -367,6 +368,16 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key,

/* Encryption key */
switch (ctx->alg) {
+ case SAFEXCEL_DES:
+ if (keys.enckeylen != DES_KEY_SIZE)
+ goto badkey;
+ err = des_ekey(tmp, key);
+ if (unlikely(!err && (tfm->crt_flags &
+ CRYPTO_TFM_REQ_FORBID_WEAK_KEYS))) {
+ tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
+ goto badkey_expflags;
+ }
+ break;
case SAFEXCEL_3DES:
if (keys.enckeylen != DES3_EDE_KEY_SIZE)
goto badkey;
@@ -1854,6 +1865,40 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = {
},
};

+static int safexcel_aead_sha1_des_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha1_cra_init(tfm);
+ ctx->alg = SAFEXCEL_DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA1,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES_BLOCK_SIZE,
+ .maxauthsize = SHA1_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha1),cbc(des))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha1-cbc-des",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+ CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha1_des_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
static int safexcel_aead_sha1_ctr_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
--
1.8.3.1

2019-09-13 16:35:40

by Pascal van Leeuwen

[permalink] [raw]
Subject: [PATCH 3/3] crypto: inside-secure - Added support for authenc HMAC-SHA2/DES-CBC

This patch adds support for the authenc(hmac(sha224),cbc(des)),
authenc(hmac(sha256),cbc(des)), authenc(hmac(sha384),cbc(des))
and authenc(hmac(sha512),cbc(des)) aead's

Signed-off-by: Pascal van Leeuwen <[email protected]>
---
drivers/crypto/inside-secure/safexcel.c | 4 +
drivers/crypto/inside-secure/safexcel.h | 4 +
drivers/crypto/inside-secure/safexcel_cipher.c | 136 +++++++++++++++++++++++++
3 files changed, 144 insertions(+)

diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
index 4222ffa..1e05b5f 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1200,6 +1200,10 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
&safexcel_alg_authenc_hmac_sha224_cbc_des3_ede,
&safexcel_alg_authenc_hmac_sha512_cbc_des3_ede,
&safexcel_alg_authenc_hmac_sha384_cbc_des3_ede,
+ &safexcel_alg_authenc_hmac_sha256_cbc_des,
+ &safexcel_alg_authenc_hmac_sha224_cbc_des,
+ &safexcel_alg_authenc_hmac_sha512_cbc_des,
+ &safexcel_alg_authenc_hmac_sha384_cbc_des,
};

static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
index fd6798f..fc16d5a 100644
--- a/drivers/crypto/inside-secure/safexcel.h
+++ b/drivers/crypto/inside-secure/safexcel.h
@@ -900,5 +900,9 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des3_ede;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_des3_ede;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_des3_ede;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_des;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_des;
+extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_des;

#endif
diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index 0d26bea..71233ff 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -2035,6 +2035,142 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des = {
},
};

+static int safexcel_aead_sha256_des_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha256_cra_init(tfm);
+ ctx->alg = SAFEXCEL_DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_des = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES_BLOCK_SIZE,
+ .maxauthsize = SHA256_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha256),cbc(des))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha256-cbc-des",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+ CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha256_des_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
+static int safexcel_aead_sha224_des_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha224_cra_init(tfm);
+ ctx->alg = SAFEXCEL_DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_cbc_des = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_256,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES_BLOCK_SIZE,
+ .maxauthsize = SHA224_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha224),cbc(des))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha224-cbc-des",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+ CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha224_des_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
+static int safexcel_aead_sha512_des_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha512_cra_init(tfm);
+ ctx->alg = SAFEXCEL_DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_des = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_512,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES_BLOCK_SIZE,
+ .maxauthsize = SHA512_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha512),cbc(des))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha512-cbc-des",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+ CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha512_des_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
+static int safexcel_aead_sha384_des_cra_init(struct crypto_tfm *tfm)
+{
+ struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ safexcel_aead_sha384_cra_init(tfm);
+ ctx->alg = SAFEXCEL_DES; /* override default */
+ return 0;
+}
+
+struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_des = {
+ .type = SAFEXCEL_ALG_TYPE_AEAD,
+ .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA2_512,
+ .alg.aead = {
+ .setkey = safexcel_aead_setkey,
+ .encrypt = safexcel_aead_encrypt,
+ .decrypt = safexcel_aead_decrypt,
+ .ivsize = DES_BLOCK_SIZE,
+ .maxauthsize = SHA384_DIGEST_SIZE,
+ .base = {
+ .cra_name = "authenc(hmac(sha384),cbc(des))",
+ .cra_driver_name = "safexcel-authenc-hmac-sha384-cbc-des",
+ .cra_priority = SAFEXCEL_CRA_PRIORITY,
+ .cra_flags = CRYPTO_ALG_ASYNC |
+ CRYPTO_ALG_KERN_DRIVER_ONLY,
+ .cra_blocksize = DES_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
+ .cra_alignmask = 0,
+ .cra_init = safexcel_aead_sha384_des_cra_init,
+ .cra_exit = safexcel_aead_cra_exit,
+ .cra_module = THIS_MODULE,
+ },
+ },
+};
+
static int safexcel_aead_sha1_ctr_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
--
1.8.3.1

2019-09-13 16:41:25

by Ard Biesheuvel

[permalink] [raw]
Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC

On Fri, 13 Sep 2019 at 16:06, Pascal van Leeuwen <[email protected]> wrote:
>
> This patch adds support for the authenc(hmac(sha1),cbc(des)) aead
>
> Signed-off-by: Pascal van Leeuwen <[email protected]>

Please make sure your code is based on cryptodev/master before sending
it to the list.

--
Ard.

> ---
> drivers/crypto/inside-secure/safexcel.c | 1 +
> drivers/crypto/inside-secure/safexcel.h | 1 +
> drivers/crypto/inside-secure/safexcel_cipher.c | 45 ++++++++++++++++++++++++++
> 3 files changed, 47 insertions(+)
>
> diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
> index 12cb939..617c70b 100644
> --- a/drivers/crypto/inside-secure/safexcel.c
> +++ b/drivers/crypto/inside-secure/safexcel.c
> @@ -1195,6 +1195,7 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
> &safexcel_alg_hmac_sha3_256,
> &safexcel_alg_hmac_sha3_384,
> &safexcel_alg_hmac_sha3_512,
> + &safexcel_alg_authenc_hmac_sha1_cbc_des,
> };
>
> static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
> diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h
> index 82953b3..b020e27 100644
> --- a/drivers/crypto/inside-secure/safexcel.h
> +++ b/drivers/crypto/inside-secure/safexcel.h
> @@ -895,5 +895,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned int keylen,
> extern struct safexcel_alg_template safexcel_alg_hmac_sha3_256;
> extern struct safexcel_alg_template safexcel_alg_hmac_sha3_384;
> extern struct safexcel_alg_template safexcel_alg_hmac_sha3_512;
> +extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des;
>
> #endif
> diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
> index bf2b1f9..435f184 100644
> --- a/drivers/crypto/inside-secure/safexcel_cipher.c
> +++ b/drivers/crypto/inside-secure/safexcel_cipher.c
> @@ -348,6 +348,7 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key,
> struct safexcel_crypto_priv *priv = ctx->priv;
> struct crypto_authenc_keys keys;
> struct crypto_aes_ctx aes;
> + u32 tmp[DES_EXPKEY_WORDS];
> u32 flags;
> int err = -EINVAL;
>
> @@ -367,6 +368,16 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key,
>
> /* Encryption key */
> switch (ctx->alg) {
> + case SAFEXCEL_DES:
> + if (keys.enckeylen != DES_KEY_SIZE)
> + goto badkey;
> + err = des_ekey(tmp, key);
> + if (unlikely(!err && (tfm->crt_flags &
> + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS))) {
> + tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
> + goto badkey_expflags;
> + }
> + break;
> case SAFEXCEL_3DES:
> if (keys.enckeylen != DES3_EDE_KEY_SIZE)
> goto badkey;
> @@ -1854,6 +1865,40 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = {
> },
> };
>
> +static int safexcel_aead_sha1_des_cra_init(struct crypto_tfm *tfm)
> +{
> + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
> +
> + safexcel_aead_sha1_cra_init(tfm);
> + ctx->alg = SAFEXCEL_DES; /* override default */
> + return 0;
> +}
> +
> +struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des = {
> + .type = SAFEXCEL_ALG_TYPE_AEAD,
> + .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA1,
> + .alg.aead = {
> + .setkey = safexcel_aead_setkey,
> + .encrypt = safexcel_aead_encrypt,
> + .decrypt = safexcel_aead_decrypt,
> + .ivsize = DES_BLOCK_SIZE,
> + .maxauthsize = SHA1_DIGEST_SIZE,
> + .base = {
> + .cra_name = "authenc(hmac(sha1),cbc(des))",
> + .cra_driver_name = "safexcel-authenc-hmac-sha1-cbc-des",
> + .cra_priority = SAFEXCEL_CRA_PRIORITY,
> + .cra_flags = CRYPTO_ALG_ASYNC |
> + CRYPTO_ALG_KERN_DRIVER_ONLY,
> + .cra_blocksize = DES_BLOCK_SIZE,
> + .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
> + .cra_alignmask = 0,
> + .cra_init = safexcel_aead_sha1_des_cra_init,
> + .cra_exit = safexcel_aead_cra_exit,
> + .cra_module = THIS_MODULE,
> + },
> + },
> +};
> +
> static int safexcel_aead_sha1_ctr_cra_init(struct crypto_tfm *tfm)
> {
> struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
> --
> 1.8.3.1
>

2019-09-13 16:51:07

by Pascal Van Leeuwen

[permalink] [raw]
Subject: RE: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC

> -----Original Message-----
> From: Ard Biesheuvel <[email protected]>
> Sent: Friday, September 13, 2019 5:27 PM
> To: Pascal van Leeuwen <[email protected]>
> Cc: open list:HARDWARE RANDOM NUMBER GENERATOR CORE <[email protected]>;
> Antoine Tenart <[email protected]>; Herbert Xu <[email protected]>;
> David S. Miller <[email protected]>; Pascal Van Leeuwen <[email protected]>
> Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-
> SHA1/DES-CBC
>
> On Fri, 13 Sep 2019 at 16:06, Pascal van Leeuwen <[email protected]> wrote:
> >
> > This patch adds support for the authenc(hmac(sha1),cbc(des)) aead
> >
> > Signed-off-by: Pascal van Leeuwen <[email protected]>
>
> Please make sure your code is based on cryptodev/master before sending
> it to the list.
>
Looks like with this patchset and the previous (SHA3) patchset I forgot
to add the disclaimer that it applies on top of the previous patchset.
Mea culpa.

So there you go: "Added support for authenc HMAC-SHA1/DES-CBC" applies
on top of "Added (HMAC) SHA3 support", which applies on top of
"Add support for SM4 ciphers".

> --
> Ard.
>
> > ---
> > drivers/crypto/inside-secure/safexcel.c | 1 +
> > drivers/crypto/inside-secure/safexcel.h | 1 +
> > drivers/crypto/inside-secure/safexcel_cipher.c | 45 ++++++++++++++++++++++++++
> > 3 files changed, 47 insertions(+)
> >
> > diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-
> secure/safexcel.c
> > index 12cb939..617c70b 100644
> > --- a/drivers/crypto/inside-secure/safexcel.c
> > +++ b/drivers/crypto/inside-secure/safexcel.c
> > @@ -1195,6 +1195,7 @@ static int safexcel_request_ring_irq(void *pdev, int irqid,
> > &safexcel_alg_hmac_sha3_256,
> > &safexcel_alg_hmac_sha3_384,
> > &safexcel_alg_hmac_sha3_512,
> > + &safexcel_alg_authenc_hmac_sha1_cbc_des,
> > };
> >
> > static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
> > diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-
> secure/safexcel.h
> > index 82953b3..b020e27 100644
> > --- a/drivers/crypto/inside-secure/safexcel.h
> > +++ b/drivers/crypto/inside-secure/safexcel.h
> > @@ -895,5 +895,6 @@ int safexcel_hmac_setkey(const char *alg, const u8 *key, unsigned
> int keylen,
> > extern struct safexcel_alg_template safexcel_alg_hmac_sha3_256;
> > extern struct safexcel_alg_template safexcel_alg_hmac_sha3_384;
> > extern struct safexcel_alg_template safexcel_alg_hmac_sha3_512;
> > +extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des;
> >
> > #endif
> > diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-
> secure/safexcel_cipher.c
> > index bf2b1f9..435f184 100644
> > --- a/drivers/crypto/inside-secure/safexcel_cipher.c
> > +++ b/drivers/crypto/inside-secure/safexcel_cipher.c
> > @@ -348,6 +348,7 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8
> *key,
> > struct safexcel_crypto_priv *priv = ctx->priv;
> > struct crypto_authenc_keys keys;
> > struct crypto_aes_ctx aes;
> > + u32 tmp[DES_EXPKEY_WORDS];
> > u32 flags;
> > int err = -EINVAL;
> >
> > @@ -367,6 +368,16 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const
> u8 *key,
> >
> > /* Encryption key */
> > switch (ctx->alg) {
> > + case SAFEXCEL_DES:
> > + if (keys.enckeylen != DES_KEY_SIZE)
> > + goto badkey;
> > + err = des_ekey(tmp, key);
> > + if (unlikely(!err && (tfm->crt_flags &
> > + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS))) {
> > + tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
> > + goto badkey_expflags;
> > + }
> > + break;
> > case SAFEXCEL_3DES:
> > if (keys.enckeylen != DES3_EDE_KEY_SIZE)
> > goto badkey;
> > @@ -1854,6 +1865,40 @@ struct safexcel_alg_template
> safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = {
> > },
> > };
> >
> > +static int safexcel_aead_sha1_des_cra_init(struct crypto_tfm *tfm)
> > +{
> > + struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
> > +
> > + safexcel_aead_sha1_cra_init(tfm);
> > + ctx->alg = SAFEXCEL_DES; /* override default */
> > + return 0;
> > +}
> > +
> > +struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des = {
> > + .type = SAFEXCEL_ALG_TYPE_AEAD,
> > + .algo_mask = SAFEXCEL_ALG_DES | SAFEXCEL_ALG_SHA1,
> > + .alg.aead = {
> > + .setkey = safexcel_aead_setkey,
> > + .encrypt = safexcel_aead_encrypt,
> > + .decrypt = safexcel_aead_decrypt,
> > + .ivsize = DES_BLOCK_SIZE,
> > + .maxauthsize = SHA1_DIGEST_SIZE,
> > + .base = {
> > + .cra_name = "authenc(hmac(sha1),cbc(des))",
> > + .cra_driver_name = "safexcel-authenc-hmac-sha1-cbc-des",
> > + .cra_priority = SAFEXCEL_CRA_PRIORITY,
> > + .cra_flags = CRYPTO_ALG_ASYNC |
> > + CRYPTO_ALG_KERN_DRIVER_ONLY,
> > + .cra_blocksize = DES_BLOCK_SIZE,
> > + .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
> > + .cra_alignmask = 0,
> > + .cra_init = safexcel_aead_sha1_des_cra_init,
> > + .cra_exit = safexcel_aead_cra_exit,
> > + .cra_module = THIS_MODULE,
> > + },
> > + },
> > +};
> > +
> > static int safexcel_aead_sha1_ctr_cra_init(struct crypto_tfm *tfm)
> > {
> > struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
> > --
> > 1.8.3.1
> >

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
http://www.insidesecure.com

2019-09-13 16:51:24

by Ard Biesheuvel

[permalink] [raw]
Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC

On Fri, 13 Sep 2019 at 17:17, Pascal Van Leeuwen
<[email protected]> wrote:
>
> > -----Original Message-----
> > From: Ard Biesheuvel <[email protected]>
> > Sent: Friday, September 13, 2019 5:27 PM
> > To: Pascal van Leeuwen <[email protected]>
> > Cc: open list:HARDWARE RANDOM NUMBER GENERATOR CORE <[email protected]>;
> > Antoine Tenart <[email protected]>; Herbert Xu <[email protected]>;
> > David S. Miller <[email protected]>; Pascal Van Leeuwen <[email protected]>
> > Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-
> > SHA1/DES-CBC
> >
> > On Fri, 13 Sep 2019 at 16:06, Pascal van Leeuwen <[email protected]> wrote:
> > >
> > > This patch adds support for the authenc(hmac(sha1),cbc(des)) aead
> > >
> > > Signed-off-by: Pascal van Leeuwen <[email protected]>
> >
> > Please make sure your code is based on cryptodev/master before sending
> > it to the list.
> >
> Looks like with this patchset and the previous (SHA3) patchset I forgot
> to add the disclaimer that it applies on top of the previous patchset.
> Mea culpa.
>
> So there you go: "Added support for authenc HMAC-SHA1/DES-CBC" applies
> on top of "Added (HMAC) SHA3 support", which applies on top of
> "Add support for SM4 ciphers".
>

Sorry if I wasn't clear, but that was not my point.

You should really base your code on cryptodev/master since some of the
DES helpers you are using don't exist anymore.

2019-09-13 16:52:26

by Pascal Van Leeuwen

[permalink] [raw]
Subject: RE: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-SHA1/DES-CBC

> -----Original Message-----
> From: Ard Biesheuvel <[email protected]>
> Sent: Friday, September 13, 2019 6:24 PM
> To: Pascal Van Leeuwen <[email protected]>
> Cc: Pascal van Leeuwen <[email protected]>; open list:HARDWARE RANDOM NUMBER
> GENERATOR CORE <[email protected]>; Antoine Tenart
> <[email protected]>; Herbert Xu <[email protected]>; David S. Miller
> <[email protected]>
> Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-
> SHA1/DES-CBC
>
> On Fri, 13 Sep 2019 at 17:17, Pascal Van Leeuwen
> <[email protected]> wrote:
> >
> > > -----Original Message-----
> > > From: Ard Biesheuvel <[email protected]>
> > > Sent: Friday, September 13, 2019 5:27 PM
> > > To: Pascal van Leeuwen <[email protected]>
> > > Cc: open list:HARDWARE RANDOM NUMBER GENERATOR CORE <[email protected]>;
> > > Antoine Tenart <[email protected]>; Herbert Xu
> <[email protected]>;
> > > David S. Miller <[email protected]>; Pascal Van Leeuwen
> <[email protected]>
> > > Subject: Re: [PATCH 1/3] crypto: inside-secure - Added support for authenc HMAC-
> > > SHA1/DES-CBC
> > >
> > > On Fri, 13 Sep 2019 at 16:06, Pascal van Leeuwen <[email protected]> wrote:
> > > >
> > > > This patch adds support for the authenc(hmac(sha1),cbc(des)) aead
> > > >
> > > > Signed-off-by: Pascal van Leeuwen <[email protected]>
> > >
> > > Please make sure your code is based on cryptodev/master before sending
> > > it to the list.
> > >
> > Looks like with this patchset and the previous (SHA3) patchset I forgot
> > to add the disclaimer that it applies on top of the previous patchset.
> > Mea culpa.
> >
> > So there you go: "Added support for authenc HMAC-SHA1/DES-CBC" applies
> > on top of "Added (HMAC) SHA3 support", which applies on top of
> > "Add support for SM4 ciphers".
> >
>
> Sorry if I wasn't clear, but that was not my point.
>
> You should really base your code on cryptodev/master since some of the
> DES helpers you are using don't exist anymore.
>
Ah, ok, I'll look into that ... I don't always notice that something
changed in cryptodev/master. Which doesn't happen too frequently, so
it's easy to miss. One of the downsides of Git compared to "normal"
version control systems: you have to manually keep track of master.

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
http://www.insidesecure.com