summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChunrong Guo <chunrong.guo@nxp.com>2017-11-15 13:26:09 +0800
committerOtavio Salvador <otavio@ossystems.com.br>2017-11-16 11:09:27 -0200
commitd709b2e285633fad2818baf53f3f1ddd35cf8527 (patch)
treecfdf0d78b6fb59e7b090936161d40e7311978096
parent2da03a6ba76d78b075579d569e608ace0334ba39 (diff)
downloadmeta-freescale-d709b2e285633fad2818baf53f3f1ddd35cf8527.tar.gz
cryptodev: update recipes
*Update URL to fetch qoriq-open-source github *Update to f365c69d785 This includes the following changes: f365c69 - add support for composite TLS10(SHA1,AES) algorithm offload ec25290 - check session flags early to avoid incorrect failure modes 6213ae5 - add support for RSA public and private key operations 3245b0f - move structure definition to cryptodev_int.h 00a6861 - remove unnecessary header inclusion 1d7c848 - fix type of returned value a705360 - convert to new AEAD interface in kernels v4.2+ c2bf0e4 - refactoring: relocate code to simplify later patches 20dcf07 - refactoring: split big function to simplify maintainance 87d959d - Release version 1.9 6818263 - Fix ablkcipher algorithms usage in v4.8+ kernels 26e167f - zc: Use the power of #elif 2b29be8 - adjust to API changes in kernel >=4.10 2dbbb23 - do more strict code checking to avoid maintenance issues 88223e4 - avoid implicit conversion between signed and unsigned char 8db6905 - use buf_align macro to reduce code duplication b6d0e0f - rename header file to clarify purpose 1fd6062 - fix warnings of "implicit declaration of function" in async_speed ff3c8ab - remove not used local variables 25a1276 - fix incorrect return code in case of error from openssl_cioccrypt e7ef4ea - Merge pull request #17 from michaelweiser/gup_flags 99c6d21 - fix ignored SIGALRM signals on some platforms 71975fa - setting KERNEL_DIR is not necessary to build tests a96ff97 - fix issues with install target *Cryptodev-linux git includes all sdk patches so remove sdk patches folder Signed-off-by: Chunrong Guo <chunrong.guo@nxp.com> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Diffstat
-rw-r--r--recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc22
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch244
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch58
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch96
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch29
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch26
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch51
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch440
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch54
-rw-r--r--recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch50
10 files changed, 3 insertions, 1067 deletions
diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
index 24cc87c91..3e6fcf7c9 100644
--- a/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
+++ b/recipes-kernel/cryptodev/cryptodev-qoriq_1.9.inc
@@ -12,31 +12,15 @@ python() {
12 d.appendVar("RREPLACES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev')) 12 d.appendVar("RREPLACES_%s" % p, p.replace('cryptodev-qoriq', 'cryptodev'))
13} 13}
14 14
15FILESEXTRAPATHS_prepend := "${THISDIR}/sdk_patches:"
16FILESEXTRAPATHS_prepend := "${THISDIR}/yocto_patches:" 15FILESEXTRAPATHS_prepend := "${THISDIR}/yocto_patches:"
17 16
18SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz" 17SRC_URI = "git://github.com/qoriq-open-source/cryptodev-linux.git;nobranch=1"
19 18SRCREV = "f365c69d7852d6579952825c9f90a27129f92d22"
20SRC_URI[md5sum] = "cb4e0ed9e5937716c7c8a7be84895b6d"
21SRC_URI[sha256sum] = "9f4c0b49b30e267d776f79455d09c70cc9c12c86eee400a0d0a0cd1d8e467950"
22
23# SDK patches
24SRC_URI_append = " file://0001-refactoring-split-big-function-to-simplify-maintaina.patch \
25 file://0002-refactoring-relocate-code-to-simplify-later-patches.patch \
26 file://0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch \
27 file://0004-fix-type-of-returned-value.patch \
28 file://0005-remove-unnecessary-header-inclusion.patch \
29 file://0006-move-structure-definition-to-cryptodev_int.h.patch \
30 file://0007-add-support-for-RSA-public-and-private-key-operation.patch \
31 file://0008-check-session-flags-early-to-avoid-incorrect-failure.patch \
32 file://0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch \
33"
34#SRC_URI_append = " file://0003-update-the-install-path-for-cryptodev-tests.patch"
35 19
36# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc 20# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc
37# if pkc-host does not need customized cryptodev patches anymore 21# if pkc-host does not need customized cryptodev patches anymore
38#SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" 22#SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}"
39 23
40S = "${WORKDIR}/cryptodev-linux-${PV}" 24S = "${WORKDIR}/git"
41 25
42CLEANBROKEN = "1" 26CLEANBROKEN = "1"
diff --git a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch b/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
deleted file mode 100644
index 57ac8e1ea..000000000
--- a/recipes-kernel/cryptodev/sdk_patches/0001-refactoring-split-big-function-to-simplify-maintaina.patch
+++ /dev/null
@@ -1,244 +0,0 @@
1From 20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 4 May 2017 15:06:20 +0300
4Subject: [PATCH 1/9] refactoring: split big function to simplify maintainance
5
6The setup of auth_buf in tls and aead is now duplicated but this
7is temporary and allows necessary corrections for the aead case
8with v4.2+ kernels.
9
10Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
11---
12 authenc.c | 197 ++++++++++++++++++++++++++++++++++++++++----------------------
13 1 file changed, 126 insertions(+), 71 deletions(-)
14
15diff --git a/authenc.c b/authenc.c
16index 1bd7377..28eb0f9 100644
17--- a/authenc.c
18+++ b/authenc.c
19@@ -609,96 +609,151 @@ auth_n_crypt(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop,
20 return 0;
21 }
22
23-/* This is the main crypto function - zero-copy edition */
24-static int
25-__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
26+static int crypto_auth_zc_srtp(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
27 {
28- struct scatterlist *dst_sg, *auth_sg, *src_sg;
29+ struct scatterlist *dst_sg, *auth_sg;
30 struct crypt_auth_op *caop = &kcaop->caop;
31- int ret = 0;
32+ int ret;
33
34- if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
35- if (unlikely(ses_ptr->cdata.init != 0 &&
36- (ses_ptr->cdata.stream == 0 ||
37- ses_ptr->cdata.aead != 0))) {
38- derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
39- return -EINVAL;
40- }
41+ if (unlikely(ses_ptr->cdata.init != 0 &&
42+ (ses_ptr->cdata.stream == 0 || ses_ptr->cdata.aead != 0))) {
43+ derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
44+ return -EINVAL;
45+ }
46
47- ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
48- if (unlikely(ret)) {
49- derr(1, "get_userbuf_srtp(): Error getting user pages.");
50- return ret;
51- }
52+ ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
53+ if (unlikely(ret)) {
54+ derr(1, "get_userbuf_srtp(): Error getting user pages.");
55+ return ret;
56+ }
57
58- ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
59- dst_sg, caop->len);
60+ ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
61+ dst_sg, caop->len);
62
63- release_user_pages(ses_ptr);
64- } else { /* TLS and normal cases. Here auth data are usually small
65- * so we just copy them to a free page, instead of trying
66- * to map them.
67- */
68- unsigned char *auth_buf = NULL;
69- struct scatterlist tmp;
70+ release_user_pages(ses_ptr);
71
72- if (unlikely(caop->auth_len > PAGE_SIZE)) {
73- derr(1, "auth data len is excessive.");
74- return -EINVAL;
75- }
76+ return ret;
77+}
78
79- auth_buf = (char *)__get_free_page(GFP_KERNEL);
80- if (unlikely(!auth_buf)) {
81- derr(1, "unable to get a free page.");
82- return -ENOMEM;
83- }
84+static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
85+{
86+ struct crypt_auth_op *caop = &kcaop->caop;
87+ struct scatterlist *dst_sg, *auth_sg;
88+ unsigned char *auth_buf = NULL;
89+ struct scatterlist tmp;
90+ int ret;
91
92- if (caop->auth_src && caop->auth_len > 0) {
93- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
94- derr(1, "unable to copy auth data from userspace.");
95- ret = -EFAULT;
96- goto free_auth_buf;
97- }
98+ if (unlikely(ses_ptr->cdata.aead != 0)) {
99+ return -EINVAL;
100+ }
101+
102+ if (unlikely(caop->auth_len > PAGE_SIZE)) {
103+ derr(1, "auth data len is excessive.");
104+ return -EINVAL;
105+ }
106+
107+ auth_buf = (char *)__get_free_page(GFP_KERNEL);
108+ if (unlikely(!auth_buf)) {
109+ derr(1, "unable to get a free page.");
110+ return -ENOMEM;
111+ }
112
113- sg_init_one(&tmp, auth_buf, caop->auth_len);
114- auth_sg = &tmp;
115- } else {
116- auth_sg = NULL;
117+ if (caop->auth_src && caop->auth_len > 0) {
118+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
119+ derr(1, "unable to copy auth data from userspace.");
120+ ret = -EFAULT;
121+ goto free_auth_buf;
122 }
123
124- if (caop->flags & COP_FLAG_AEAD_TLS_TYPE && ses_ptr->cdata.aead == 0) {
125- ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
126- if (unlikely(ret)) {
127- derr(1, "get_userbuf_tls(): Error getting user pages.");
128- goto free_auth_buf;
129- }
130+ sg_init_one(&tmp, auth_buf, caop->auth_len);
131+ auth_sg = &tmp;
132+ } else {
133+ auth_sg = NULL;
134+ }
135
136- ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
137- dst_sg, caop->len);
138- } else {
139- if (unlikely(ses_ptr->cdata.init == 0 ||
140- (ses_ptr->cdata.stream == 0 &&
141- ses_ptr->cdata.aead == 0))) {
142- derr(0, "Only stream and AEAD ciphers are allowed for authenc");
143- ret = -EINVAL;
144- goto free_auth_buf;
145- }
146+ ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
147+ if (unlikely(ret)) {
148+ derr(1, "get_userbuf_tls(): Error getting user pages.");
149+ goto free_auth_buf;
150+ }
151
152- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
153- kcaop->task, kcaop->mm, &src_sg, &dst_sg);
154- if (unlikely(ret)) {
155- derr(1, "get_userbuf(): Error getting user pages.");
156- goto free_auth_buf;
157- }
158+ ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
159+ dst_sg, caop->len);
160+ release_user_pages(ses_ptr);
161+
162+free_auth_buf:
163+ free_page((unsigned long)auth_buf);
164+ return ret;
165+}
166+
167+static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
168+{
169+ struct scatterlist *dst_sg, *auth_sg, *src_sg;
170+ struct crypt_auth_op *caop = &kcaop->caop;
171+ unsigned char *auth_buf = NULL;
172+ struct scatterlist tmp;
173+ int ret;
174
175- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
176- src_sg, dst_sg, caop->len);
177+ if (unlikely(ses_ptr->cdata.init == 0 ||
178+ (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
179+ derr(0, "Only stream and AEAD ciphers are allowed for authenc");
180+ return -EINVAL;
181+ }
182+
183+ if (unlikely(caop->auth_len > PAGE_SIZE)) {
184+ derr(1, "auth data len is excessive.");
185+ return -EINVAL;
186+ }
187+
188+ auth_buf = (char *)__get_free_page(GFP_KERNEL);
189+ if (unlikely(!auth_buf)) {
190+ derr(1, "unable to get a free page.");
191+ return -ENOMEM;
192+ }
193+
194+ if (caop->auth_src && caop->auth_len > 0) {
195+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
196+ derr(1, "unable to copy auth data from userspace.");
197+ ret = -EFAULT;
198+ goto free_auth_buf;
199 }
200
201- release_user_pages(ses_ptr);
202+ sg_init_one(&tmp, auth_buf, caop->auth_len);
203+ auth_sg = &tmp;
204+ } else {
205+ auth_sg = NULL;
206+ }
207+
208+ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
209+ kcaop->task, kcaop->mm, &src_sg, &dst_sg);
210+ if (unlikely(ret)) {
211+ derr(1, "get_userbuf(): Error getting user pages.");
212+ goto free_auth_buf;
213+ }
214+
215+ ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
216+ src_sg, dst_sg, caop->len);
217+
218+ release_user_pages(ses_ptr);
219
220 free_auth_buf:
221- free_page((unsigned long)auth_buf);
222+ free_page((unsigned long)auth_buf);
223+
224+ return ret;
225+}
226+
227+static int
228+__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
229+{
230+ struct crypt_auth_op *caop = &kcaop->caop;
231+ int ret;
232+
233+ if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
234+ ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
235+ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
236+ ret = crypto_auth_zc_tls(ses_ptr, kcaop);
237+ } else {
238+ ret = crypto_auth_zc_aead(ses_ptr, kcaop);
239 }
240
241 return ret;
242--
2432.7.4
244
diff --git a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch b/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
deleted file mode 100644
index b948c914d..000000000
--- a/recipes-kernel/cryptodev/sdk_patches/0002-refactoring-relocate-code-to-simplify-later-patches.patch
+++ /dev/null
@@ -1,58 +0,0 @@
1From c2bf0e42b1d9fda60cde4a3a682784d349ef1c0b Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 4 May 2017 15:06:21 +0300
4Subject: [PATCH 2/9] refactoring: relocate code to simplify later patches
5
6This code move will simplify the conversion to new AEAD interface in
7next patches
8
9Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
10---
11 authenc.c | 17 +++++++++--------
12 1 file changed, 9 insertions(+), 8 deletions(-)
13
14diff --git a/authenc.c b/authenc.c
15index 28eb0f9..95727b4 100644
16--- a/authenc.c
17+++ b/authenc.c
18@@ -711,11 +711,18 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
19 return -ENOMEM;
20 }
21
22+ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
23+ kcaop->task, kcaop->mm, &src_sg, &dst_sg);
24+ if (unlikely(ret)) {
25+ derr(1, "get_userbuf(): Error getting user pages.");
26+ goto free_auth_buf;
27+ }
28+
29 if (caop->auth_src && caop->auth_len > 0) {
30 if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
31 derr(1, "unable to copy auth data from userspace.");
32 ret = -EFAULT;
33- goto free_auth_buf;
34+ goto free_pages;
35 }
36
37 sg_init_one(&tmp, auth_buf, caop->auth_len);
38@@ -724,16 +731,10 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
39 auth_sg = NULL;
40 }
41
42- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
43- kcaop->task, kcaop->mm, &src_sg, &dst_sg);
44- if (unlikely(ret)) {
45- derr(1, "get_userbuf(): Error getting user pages.");
46- goto free_auth_buf;
47- }
48-
49 ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
50 src_sg, dst_sg, caop->len);
51
52+free_pages:
53 release_user_pages(ses_ptr);
54
55 free_auth_buf:
56--
572.7.4
58
diff --git a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch b/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
deleted file mode 100644
index ab3c7a81d..000000000
--- a/recipes-kernel/cryptodev/sdk_patches/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
+++ /dev/null
@@ -1,96 +0,0 @@
1From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Thu, 4 May 2017 15:06:22 +0300
4Subject: [PATCH 3/9] convert to new AEAD interface in kernels v4.2+
5
6The crypto API for AEAD ciphers changed in recent kernels so that
7associated data is now part of both source and destination scatter
8gathers. The source, destination and associated data buffers need
9to be stiched accordingly for the operations to succeed:
10
11src_sg: auth_buf + src_buf
12dst_sg: auth_buf + (dst_buf + tag space)
13
14This patch fixes a kernel crash observed with cipher-gcm test.
15
16See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a
17 crypto: ccm - Convert to new AEAD interface
18
19Reported-by: Phil Sutter <phil@nwl.cc>
20Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
21---
22 authenc.c | 40 ++++++++++++++++++++++++++++++++++++++--
23 1 file changed, 38 insertions(+), 2 deletions(-)
24
25diff --git a/authenc.c b/authenc.c
26index 95727b4..692951f 100644
27--- a/authenc.c
28+++ b/authenc.c
29@@ -688,12 +688,20 @@ free_auth_buf:
30
31 static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
32 {
33- struct scatterlist *dst_sg, *auth_sg, *src_sg;
34+ struct scatterlist *dst_sg;
35+ struct scatterlist *src_sg;
36 struct crypt_auth_op *caop = &kcaop->caop;
37 unsigned char *auth_buf = NULL;
38- struct scatterlist tmp;
39 int ret;
40
41+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
42+ struct scatterlist tmp;
43+ struct scatterlist *auth_sg;
44+#else
45+ struct scatterlist auth1[2];
46+ struct scatterlist auth2[2];
47+#endif
48+
49 if (unlikely(ses_ptr->cdata.init == 0 ||
50 (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
51 derr(0, "Only stream and AEAD ciphers are allowed for authenc");
52@@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
53 goto free_auth_buf;
54 }
55
56+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
57 if (caop->auth_src && caop->auth_len > 0) {
58 if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
59 derr(1, "unable to copy auth data from userspace.");
60@@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
61
62 ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
63 src_sg, dst_sg, caop->len);
64+#else
65+ if (caop->auth_src && caop->auth_len > 0) {
66+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
67+ derr(1, "unable to copy auth data from userspace.");
68+ ret = -EFAULT;
69+ goto free_pages;
70+ }
71+
72+ sg_init_table(auth1, 2);
73+ sg_set_buf(auth1, auth_buf, caop->auth_len);
74+ sg_chain(auth1, 2, src_sg);
75+
76+ if (src_sg == dst_sg) {
77+ src_sg = auth1;
78+ dst_sg = auth1;
79+ } else {
80+ sg_init_table(auth2, 2);
81+ sg_set_buf(auth2, auth_buf, caop->auth_len);
82+ sg_chain(auth2, 2, dst_sg);
83+ src_sg = auth1;
84+ dst_sg = auth2;
85+ }
86+ }
87+
88+ ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len,
89+ src_sg, dst_sg, caop->len);
90+#endif
91
92 free_pages:
93 release_user_pages(ses_ptr);
94--
952.7.4
96
diff --git a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch b/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
deleted file mode 100644
index faad6cc55..000000000
--- a/recipes-kernel/cryptodev/sdk_patches/0004-fix-type-of-returned-value.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From 1d7c84838445981a06812869f8906bdef52e69eb Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Mon, 15 Feb 2016 18:27:35 +0200
4Subject: [PATCH 4/9] fix type of returned value
5
6The function is declared as unsigned int so we return an
7unsigned int as well
8
9Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
10---
11 ioctl.c | 2 +-
12 1 file changed, 1 insertion(+), 1 deletion(-)
13
14diff --git a/ioctl.c b/ioctl.c
15index 0385203..db7207a 100644
16--- a/ioctl.c
17+++ b/ioctl.c
18@@ -1065,7 +1065,7 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
19 static unsigned int cryptodev_poll(struct file *file, poll_table *wait)
20 {
21 struct crypt_priv *pcr = file->private_data;
22- int ret = 0;
23+ unsigned int ret = 0;
24
25 poll_wait(file, &pcr->user_waiter, wait);
26
27--
282.7.4
29
diff --git a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch b/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
deleted file mode 100644
index f9c8f3a0f..000000000
--- a/recipes-kernel/cryptodev/sdk_patches/0005-remove-unnecessary-header-inclusion.patch
+++ /dev/null
@@ -1,26 +0,0 @@
1From 00a686189f7e05d70a7184cd6218f7424ab21b0d Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 23 May 2017 15:28:58 +0300
4Subject: [PATCH 5/9] remove unnecessary header inclusion
5
6Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
7---
8 zc.h | 2 --
9 1 file changed, 2 deletions(-)
10
11diff --git a/zc.h b/zc.h
12index 6f975d6..666c4a5 100644
13--- a/zc.h
14+++ b/zc.h
15@@ -1,8 +1,6 @@
16 #ifndef ZC_H
17 # define ZC_H
18
19-#include "cryptodev_int.h"
20-
21 /* For zero copy */
22 int __get_userbuf(uint8_t __user *addr, uint32_t len, int write,
23 unsigned int pgcount, struct page **pg, struct scatterlist *sg,
24--
252.7.4
26
diff --git a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch b/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
deleted file mode 100644
index 9a7ef3dc8..000000000
--- a/recipes-kernel/cryptodev/sdk_patches/0006-move-structure-definition-to-cryptodev_int.h.patch
+++ /dev/null
@@ -1,51 +0,0 @@
1From 3245b0f9ed2085f6167068409fb344166093808c Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 23 May 2017 15:50:40 +0300
4Subject: [PATCH 6/9] move structure definition to cryptodev_int.h
5
6This is necessary for the rsa patch and makes this data structure
7visible to kernel_crypt_pkop structure which will be defined in
8cryptodev_int.h as well.
9
10Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
11---
12 cryptlib.h | 6 ------
13 cryptodev_int.h | 5 +++++
14 2 files changed, 5 insertions(+), 6 deletions(-)
15
16diff --git a/cryptlib.h b/cryptlib.h
17index 8e8aa71..48fe9bd 100644
18--- a/cryptlib.h
19+++ b/cryptlib.h
20@@ -2,12 +2,6 @@
21 # define CRYPTLIB_H
22
23 #include <linux/version.h>
24-
25-struct cryptodev_result {
26- struct completion completion;
27- int err;
28-};
29-
30 #include "cipherapi.h"
31
32 struct cipher_data {
33diff --git a/cryptodev_int.h b/cryptodev_int.h
34index d7660fa..c1879fd 100644
35--- a/cryptodev_int.h
36+++ b/cryptodev_int.h
37@@ -35,6 +35,11 @@
38 #define ddebug(level, format, a...) dprintk(level, KERN_DEBUG, format, ##a)
39
40
41+struct cryptodev_result {
42+ struct completion completion;
43+ int err;
44+};
45+
46 extern int cryptodev_verbosity;
47
48 struct fcrypt {
49--
502.7.4
51
diff --git a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch b/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
deleted file mode 100644
index 803b90ad2..000000000
--- a/recipes-kernel/cryptodev/sdk_patches/0007-add-support-for-RSA-public-and-private-key-operation.patch
+++ /dev/null
@@ -1,440 +0,0 @@
1From 6213ae5228a2ff0bb3521474ae37effda95a5d46 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Fri, 12 May 2017 17:04:40 +0300
4Subject: [PATCH 7/9] add support for RSA public and private key operations
5
6Only form 1 support is added with this patch. To maintain
7compatibility with OpenBSD we need to reverse bignum buffers before
8giving them to the kernel. This adds an artificial performance
9penalty that can be resolved only with a CIOCKEY extension in
10cryptodev API.
11
12As of Linux kernel 4.12 it is not possible to give to the kernel
13directly a pointer to a RSA key structure and must resort to a BER
14encoding scheme.
15
16Support for private keys in form 3 (CRT) must wait for updates and
17fixes in Linux kernel crypto API.
18
19Known issue:
20Kernels <= v4.7 strip leading zeros from the result and we get padding
21errors from Openssl: RSA_EAY_PUBLIC_DECRYPT: padding check failed
22(Fixed with kernel commit "crypto: rsa - Generate fixed-length output"
239b45b7bba3d22de52e09df63c50f390a193a3f53)
24
25Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
26---
27 cryptlib.c | 234 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
28 cryptlib.h | 4 +-
29 cryptodev_int.h | 17 ++++
30 ioctl.c | 17 +++-
31 main.c | 42 ++++++++++
32 5 files changed, 312 insertions(+), 2 deletions(-)
33
34diff --git a/cryptlib.c b/cryptlib.c
35index 2c6028e..1c044a4 100644
36--- a/cryptlib.c
37+++ b/cryptlib.c
38@@ -37,6 +37,10 @@
39 #include <crypto/authenc.h>
40 #include "cryptodev_int.h"
41 #include "cipherapi.h"
42+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
43+#include <linux/asn1_ber_bytecode.h>
44+#include <crypto/akcipher.h>
45+#endif
46
47 extern const struct crypto_type crypto_givcipher_type;
48
49@@ -435,3 +439,233 @@ int cryptodev_hash_final(struct hash_data *hdata, void *output)
50 return waitfor(&hdata->async.result, ret);
51 }
52
53+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
54+/* This function is necessary because the bignums in Linux kernel are MSB first
55+ * (big endian) as opposed to LSB first as OpenBSD crypto layer uses */
56+void reverse_buf(uint8_t *buf, size_t sz)
57+{
58+ int i;
59+ uint8_t *end;
60+ uint8_t tmp;
61+
62+ end = buf + sz;
63+
64+ for (i = 0; i < sz/2; i++) {
65+ end--;
66+
67+ tmp = *buf;
68+ *buf = *end;
69+ *end = tmp;
70+
71+ buf++;
72+ }
73+}
74+
75+int ber_wr_tag(uint8_t **ber_ptr, uint8_t tag)
76+{
77+ **ber_ptr = tag;
78+ *ber_ptr += 1;
79+
80+ return 0;
81+}
82+
83+int ber_wr_len(uint8_t **ber_ptr, size_t len, size_t sz)
84+{
85+ if (len < 127) {
86+ **ber_ptr = len;
87+ *ber_ptr += 1;
88+ } else {
89+ size_t sz_save = sz;
90+
91+ sz--;
92+ **ber_ptr = 0x80 | sz;
93+
94+ while (sz > 0) {
95+ *(*ber_ptr + sz) = len & 0xff;
96+ len >>= 8;
97+ sz--;
98+ }
99+ *ber_ptr += sz_save;
100+ }
101+
102+ return 0;
103+}
104+
105+int ber_wr_int(uint8_t **ber_ptr, uint8_t *crp_p, size_t sz)
106+{
107+ int ret;
108+
109+ ret = copy_from_user(*ber_ptr, crp_p, sz);
110+ reverse_buf(*ber_ptr, sz);
111+
112+ *ber_ptr += sz;
113+
114+ return ret;
115+}
116+
117+/* calculate the size of the length field itself in BER encoding */
118+size_t ber_enc_len(size_t len)
119+{
120+ size_t sz;
121+
122+ sz = 1;
123+ if (len > 127) { /* long encoding */
124+ while (len != 0) {
125+ len >>= 8;
126+ sz++;
127+ }
128+ }
129+
130+ return sz;
131+}
132+
133+void *cryptodev_alloc_rsa_pub_key(struct kernel_crypt_pkop *pkop,
134+ uint32_t *key_len)
135+{
136+ struct crypt_kop *cop = &pkop->pkop;
137+ uint8_t *ber_key;
138+ uint8_t *ber_ptr;
139+ uint32_t ber_key_len;
140+ size_t s_sz;
141+ size_t e_sz;
142+ size_t n_sz;
143+ size_t s_enc_len;
144+ size_t e_enc_len;
145+ size_t n_enc_len;
146+ int err;
147+
148+ /* BER public key format:
149+ * SEQUENCE TAG 1 byte
150+ * SEQUENCE LENGTH s_enc_len bytes
151+ * INTEGER TAG 1 byte
152+ * INTEGER LENGTH n_enc_len bytes
153+ * INTEGER (n modulus) n_sz bytes
154+ * INTEGER TAG 1 byte
155+ * INTEGER LENGTH e_enc_len bytes
156+ * INTEGER (e exponent) e_sz bytes
157+ */
158+
159+ e_sz = (cop->crk_param[1].crp_nbits + 7)/8;
160+ n_sz = (cop->crk_param[2].crp_nbits + 7)/8;
161+
162+ e_enc_len = ber_enc_len(e_sz);
163+ n_enc_len = ber_enc_len(n_sz);
164+
165+ /*
166+ * Sequence length is the size of all the fields following the sequence
167+ * tag, added together. The two added bytes account for the two INT
168+ * tags in the Public Key sequence
169+ */
170+ s_sz = e_sz + e_enc_len + n_sz + n_enc_len + 2;
171+ s_enc_len = ber_enc_len(s_sz);
172+
173+ /* The added byte accounts for the SEQ tag at the start of the key */
174+ ber_key_len = s_sz + s_enc_len + 1;
175+
176+ /* Linux asn1_ber_decoder doesn't like keys that are too large */
177+ if (ber_key_len > 65535) {
178+ return NULL;
179+ }
180+
181+ ber_key = kmalloc(ber_key_len, GFP_DMA);
182+ if (!ber_key) {
183+ return NULL;
184+ }
185+
186+ ber_ptr = ber_key;
187+
188+ err = ber_wr_tag(&ber_ptr, _tag(UNIV, CONS, SEQ)) ||
189+ ber_wr_len(&ber_ptr, s_sz, s_enc_len) ||
190+ ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT)) ||
191+ ber_wr_len(&ber_ptr, n_sz, n_enc_len) ||
192+ ber_wr_int(&ber_ptr, cop->crk_param[2].crp_p, n_sz) ||
193+ ber_wr_tag(&ber_ptr, _tag(UNIV, PRIM, INT)) ||
194+ ber_wr_len(&ber_ptr, e_sz, e_enc_len) ||
195+ ber_wr_int(&ber_ptr, cop->crk_param[1].crp_p, e_sz);
196+ if (err != 0) {
197+ goto free_key;
198+ }
199+
200+ *key_len = ber_key_len;
201+ return ber_key;
202+
203+free_key:
204+ kfree(ber_key);
205+ return NULL;
206+}
207+
208+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop)
209+{
210+ struct crypt_kop *cop = &pkop->pkop;
211+ uint8_t *ber_key;
212+ uint32_t ber_key_len;
213+ size_t m_sz;
214+ size_t c_sz;
215+ size_t c_sz_max;
216+ uint8_t *m_buf;
217+ uint8_t *c_buf;
218+ struct scatterlist src;
219+ struct scatterlist dst;
220+ int err;
221+
222+ ber_key = cryptodev_alloc_rsa_pub_key(pkop, &ber_key_len);
223+ if (!ber_key) {
224+ return -ENOMEM;
225+ }
226+
227+ err = crypto_akcipher_set_pub_key(pkop->s, ber_key, ber_key_len);
228+ if (err != 0) {
229+ goto free_key;
230+ }
231+
232+ m_sz = (cop->crk_param[0].crp_nbits + 7)/8;
233+ c_sz = (cop->crk_param[3].crp_nbits + 7)/8;
234+
235+ m_buf = kmalloc(m_sz, GFP_DMA);
236+ if (!m_buf) {
237+ err = -ENOMEM;
238+ goto free_key;
239+ }
240+
241+ err = copy_from_user(m_buf, cop->crk_param[0].crp_p, m_sz);
242+ if (err != 0) {
243+ goto free_m_buf;
244+ }
245+ reverse_buf(m_buf, m_sz);
246+
247+ c_sz_max = crypto_akcipher_maxsize(pkop->s);
248+ if (c_sz > c_sz_max) {
249+ err = -EINVAL;
250+ goto free_m_buf;
251+ }
252+
253+ c_buf = kzalloc(c_sz_max, GFP_KERNEL);
254+ if (!c_buf) {
255+ goto free_m_buf;
256+ }
257+
258+ sg_init_one(&src, m_buf, m_sz);
259+ sg_init_one(&dst, c_buf, c_sz);
260+
261+ init_completion(&pkop->result.completion);
262+ akcipher_request_set_callback(pkop->req, 0,
263+ cryptodev_complete, &pkop->result);
264+ akcipher_request_set_crypt(pkop->req, &src, &dst, m_sz, c_sz);
265+
266+ err = crypto_akcipher_encrypt(pkop->req);
267+ err = waitfor(&pkop->result, err);
268+
269+ if (err == 0) {
270+ reverse_buf(c_buf, c_sz);
271+ err = copy_to_user(cop->crk_param[3].crp_p, c_buf, c_sz);
272+ }
273+
274+ kfree(c_buf);
275+free_m_buf:
276+ kfree(m_buf);
277+free_key:
278+ kfree(ber_key);
279+
280+ return err;
281+}
282+#endif
283diff --git a/cryptlib.h b/cryptlib.h
284index 48fe9bd..f909c34 100644
285--- a/cryptlib.h
286+++ b/cryptlib.h
287@@ -95,6 +95,8 @@ int cryptodev_hash_reset(struct hash_data *hdata);
288 void cryptodev_hash_deinit(struct hash_data *hdata);
289 int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
290 int hmac_mode, void *mackey, size_t mackeylen);
291-
292+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
293+int crypto_bn_modexp(struct kernel_crypt_pkop *pkop);
294+#endif
295
296 #endif
297diff --git a/cryptodev_int.h b/cryptodev_int.h
298index c1879fd..7860c39 100644
299--- a/cryptodev_int.h
300+++ b/cryptodev_int.h
301@@ -19,6 +19,10 @@
302 #include <linux/scatterlist.h>
303 #include <crypto/cryptodev.h>
304 #include <crypto/aead.h>
305+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
306+#include <crypto/internal/rsa.h>
307+#endif
308+
309
310 #define PFX "cryptodev: "
311 #define dprintk(level, severity, format, a...) \
312@@ -111,6 +115,18 @@ struct kernel_crypt_auth_op {
313 struct mm_struct *mm;
314 };
315
316+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
317+struct kernel_crypt_pkop {
318+ struct crypt_kop pkop;
319+
320+ struct crypto_akcipher *s; /* Transform pointer from CryptoAPI */
321+ struct akcipher_request *req; /* PKC request allocated from CryptoAPI */
322+ struct cryptodev_result result; /* updated by completion handler */
323+};
324+
325+int crypto_run_asym(struct kernel_crypt_pkop *pkop);
326+#endif
327+
328 /* auth */
329
330 int kcaop_from_user(struct kernel_crypt_auth_op *kcop,
331@@ -122,6 +138,7 @@ int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop);
332
333 #include <cryptlib.h>
334
335+
336 /* other internal structs */
337 struct csession {
338 struct list_head entry;
339diff --git a/ioctl.c b/ioctl.c
340index db7207a..8b0df4e 100644
341--- a/ioctl.c
342+++ b/ioctl.c
343@@ -810,6 +810,9 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
344 struct session_op sop;
345 struct kernel_crypt_op kcop;
346 struct kernel_crypt_auth_op kcaop;
347+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
348+ struct kernel_crypt_pkop pkop;
349+#endif
350 struct crypt_priv *pcr = filp->private_data;
351 struct fcrypt *fcr;
352 struct session_info_op siop;
353@@ -823,7 +826,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
354
355 switch (cmd) {
356 case CIOCASYMFEAT:
357- return put_user(0, p);
358+ ses = 0;
359+ if (crypto_has_alg("rsa", 0, 0)) {
360+ ses = CRF_MOD_EXP;
361+ }
362+ return put_user(ses, p);
363 case CRIOGET:
364 fd = clonefd(filp);
365 ret = put_user(fd, p);
366@@ -859,6 +866,14 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
367 if (unlikely(ret))
368 return ret;
369 return copy_to_user(arg, &siop, sizeof(siop));
370+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
371+ case CIOCKEY:
372+ ret = copy_from_user(&pkop.pkop, arg, sizeof(struct crypt_kop));
373+ if (ret == 0) {
374+ ret = crypto_run_asym(&pkop);
375+ }
376+ return ret;
377+#endif
378 case CIOCCRYPT:
379 if (unlikely(ret = kcop_from_user(&kcop, fcr, arg))) {
380 dwarning(1, "Error copying from user");
381diff --git a/main.c b/main.c
382index 57e5c38..2bfe6f0 100644
383--- a/main.c
384+++ b/main.c
385@@ -48,6 +48,9 @@
386 #include "zc.h"
387 #include "cryptlib.h"
388 #include "version.h"
389+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
390+#include <crypto/akcipher.h>
391+#endif
392
393 /* This file contains the traditional operations of encryption
394 * and hashing of /dev/crypto.
395@@ -265,3 +268,42 @@ out_unlock:
396 crypto_put_session(ses_ptr);
397 return ret;
398 }
399+
400+#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 3, 0))
401+int crypto_run_asym(struct kernel_crypt_pkop *pkop)
402+{
403+ int err;
404+
405+ pkop->s = crypto_alloc_akcipher("rsa", 0, 0);
406+ if (IS_ERR(pkop->s)) {
407+ return PTR_ERR(pkop->s);
408+ }
409+
410+ pkop->req = akcipher_request_alloc(pkop->s, GFP_KERNEL);
411+ if (pkop->req == NULL) {
412+ err = -ENOMEM;
413+ goto out_free_tfm;
414+ }
415+
416+ switch (pkop->pkop.crk_op) {
417+ case CRK_MOD_EXP: /* RSA_PUB or PRIV form 1 */
418+ if (pkop->pkop.crk_iparams != 3 && pkop->pkop.crk_oparams != 1) {
419+ err = -EINVAL;
420+ goto out_free_req;
421+ }
422+ err = crypto_bn_modexp(pkop);
423+ break;
424+ default:
425+ err = -EINVAL;
426+ break;
427+ }
428+
429+out_free_req:
430+ kfree(pkop->req);
431+
432+out_free_tfm:
433+ crypto_free_akcipher(pkop->s);
434+
435+ return err;
436+}
437+#endif
438--
4392.7.4
440
diff --git a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch b/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
deleted file mode 100644
index 1fce5580a..000000000
--- a/recipes-kernel/cryptodev/sdk_patches/0008-check-session-flags-early-to-avoid-incorrect-failure.patch
+++ /dev/null
@@ -1,54 +0,0 @@
1From ec2529027a6565fdede79e7bda4a0232757acf70 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Wed, 14 Jun 2017 11:23:18 +0300
4Subject: [PATCH 8/9] check session flags early to avoid incorrect failure
5 modes
6
7This verification of aead flag was incorrectly removed in
8"refactoring: split big function to simplify maintainance"
920dcf071bc3076ee7db9d603cfbe6a06e86c7d5f
10resulting in an incorrect dispatching of functions.
11
12Add back this check and at the same time remove the second check from
13the called function which now becomes redundant.
14Add another guard check for aead modes and reject not supported combinations.
15
16Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
17---
18 authenc.c | 11 +++++------
19 1 file changed, 5 insertions(+), 6 deletions(-)
20
21diff --git a/authenc.c b/authenc.c
22index 692951f..fc32f43 100644
23--- a/authenc.c
24+++ b/authenc.c
25@@ -643,10 +643,6 @@ static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth
26 struct scatterlist tmp;
27 int ret;
28
29- if (unlikely(ses_ptr->cdata.aead != 0)) {
30- return -EINVAL;
31- }
32-
33 if (unlikely(caop->auth_len > PAGE_SIZE)) {
34 derr(1, "auth data len is excessive.");
35 return -EINVAL;
36@@ -787,10 +783,13 @@ __crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcao
37
38 if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
39 ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
40- } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
41+ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE &&
42+ ses_ptr->cdata.aead == 0) {
43 ret = crypto_auth_zc_tls(ses_ptr, kcaop);
44- } else {
45+ } else if (ses_ptr->cdata.aead) {
46 ret = crypto_auth_zc_aead(ses_ptr, kcaop);
47+ } else {
48+ ret = -EINVAL;
49 }
50
51 return ret;
52--
532.7.4
54
diff --git a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch b/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
deleted file mode 100644
index 795abdf00..000000000
--- a/recipes-kernel/cryptodev/sdk_patches/0009-add-support-for-composite-TLS10-SHA1-AES-algorithm-o.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1From f365c69d7852d6579952825c9f90a27129f92d22 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@nxp.com>
3Date: Tue, 13 Jun 2017 11:13:33 +0300
4Subject: [PATCH 9/9] add support for composite TLS10(SHA1,AES) algorithm
5 offload
6
7This adds support for composite algorithm offload as a primitive
8crypto (cipher + hmac) operation.
9
10It requires kernel support for tls10(hmac(sha1),cbc(aes)) algorithm
11provided either in software or accelerated by hardware such as
12Freescale B*, P* and T* platforms.
13
14Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
15---
16 crypto/cryptodev.h | 1 +
17 ioctl.c | 5 +++++
18 2 files changed, 6 insertions(+)
19
20diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
21index 7fb9c7d..c0e8cd4 100644
22--- a/crypto/cryptodev.h
23+++ b/crypto/cryptodev.h
24@@ -50,6 +50,7 @@ enum cryptodev_crypto_op_t {
25 CRYPTO_SHA2_384,
26 CRYPTO_SHA2_512,
27 CRYPTO_SHA2_224_HMAC,
28+ CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
29 CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
30 };
31
32diff --git a/ioctl.c b/ioctl.c
33index 8b0df4e..998f51a 100644
34--- a/ioctl.c
35+++ b/ioctl.c
36@@ -159,6 +159,11 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
37 stream = 1;
38 aead = 1;
39 break;
40+ case CRYPTO_TLS10_AES_CBC_HMAC_SHA1:
41+ alg_name = "tls10(hmac(sha1),cbc(aes))";
42+ stream = 0;
43+ aead = 1;
44+ break;
45 case CRYPTO_NULL:
46 alg_name = "ecb(cipher_null)";
47 stream = 1;
48--
492.7.4
50
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-24 20:56:38 +0000