kernel/drivers/crypto/caam/desc_constr.h, branch linux-rolling-stable

crypto: caam - Add support of paes algorithm

2025-10-20T04:10:28Z

PAES algorithm uses protected key for encryption/decryption operations. Signed-off-by: Gaurav Jain Signed-off-by: Meenakshi Aggarwal Signed-off-by: Herbert Xu

crypto: caam - Avoid GCC memset bug warning

2023-01-06T09:15:46Z

Certain versions of gcc don't like the memcpy with a NULL dst (which only happens with a zero length). This only happens when debugging is enabled so add an if clause to work around these warnings. A similar warning used to be generated by sparse but that was fixed years ago. Link: https://lore.kernel.org/lkml/202210290446.qBayTfzl-lkp@intel.com Reported-by: kernel test robot Reported-by: Kees Cook Reported-by: Uwe Kleine-König Tested-by: Uwe Kleine-König Signed-off-by: Herbert Xu

crypto: caam - select DMA address size at runtime

2019-08-30T08:05:30Z

i.MX8 mScale SoC still use 32-bit addresses in its CAAM implmentation, so we can't rely on sizeof(dma_addr_t) to detemine CAAM pointer size. Convert the code to query CTPR and MCFGR for that during driver probing. Signed-off-by: Andrey Smirnov Cc: Chris Spencer Cc: Cory Tusar Cc: Chris Healy Cc: Lucas Stach Cc: Horia Geantă Cc: Aymen Sghaier Cc: Leonard Crestez Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Herbert Xu

crypto: caam - make CAAM_PTR_SZ dynamic

2019-08-30T08:05:30Z

In order to be able to configure CAAM pointer size at run-time, which needed to support i.MX8MQ, which is 64-bit SoC with 32-bit pointer size, convert CAAM_PTR_SZ to refer to a global variable of the same name ("caam_ptr_sz") and adjust the rest of the code accordingly. No functional change intended. Signed-off-by: Andrey Smirnov Cc: Chris Spencer Cc: Cory Tusar Cc: Chris Healy Cc: Lucas Stach Cc: Horia Geantă Cc: Aymen Sghaier Cc: Leonard Crestez Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Herbert Xu

crypto: caam - share definition for MAX_SDLEN

2019-08-30T08:05:29Z

Both qi.h and cammalg_qi2.h seem to define identical versions of MAX_SDLEN. Move it to desc_constr.h to avoid duplication. Signed-off-by: Andrey Smirnov Cc: Chris Spencer Cc: Cory Tusar Cc: Chris Healy Cc: Lucas Stach Cc: Horia Geantă Cc: Aymen Sghaier Cc: Leonard Crestez Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Herbert Xu

crypto: caam - fix MDHA key derivation for certain user key lengths

2019-08-09T05:11:49Z

Fuzz testing uncovered an issue when |user key| > |derived key|. Derived key generation has to be fixed in two cases: 1. Era >= 6 (DKP is available) DKP cannot be used with immediate input key if |user key| > |derived key|, since the resulting descriptor (after DKP execution) would be invalid - having a few bytes from user key left in descriptor buffer as incorrect opcodes. Fix DKP usage both in standalone hmac and in authenc algorithms. For authenc the logic is simplified, by always storing both virtual and dma key addresses. 2. Era < 6 The same case (|user key| > |derived key|) fails when DKP is not available. Make sure gen_split_key() dma maps max(|user key|, |derived key|), since this is an in-place (bidirectional) operation. Signed-off-by: Horia Geantă Reviewed-by: Iuliana Prodan Signed-off-by: Herbert Xu

crypto: caam - keep both virtual and dma key addresses

2019-08-09T05:11:49Z

Update alginfo struct to keep both virtual and dma key addresses, so that descriptors have them at hand. One example where this is needed is in the xcbc(aes) shared descriptors, which are updated in current patch. Another example is the upcoming fix for DKP. Signed-off-by: Horia Geantă Reviewed-by: Iuliana Prodan Signed-off-by: Herbert Xu

crypto: caam - fix S/G table passing page boundary

2019-05-23T06:01:03Z

According to CAAM RM: -crypto engine reads 4 S/G entries (64 bytes) at a time, even if the S/G table has fewer entries -it's the responsibility of the user / programmer to make sure this HW behaviour has no side effect The drivers do not take care of this currently, leading to IOMMU faults when the S/G table ends close to a page boundary - since only one page is DMA mapped, while CAAM's DMA engine accesses two pages. Fix this by rounding up the number of allocated S/G table entries to a multiple of 4. Note that in case of two *contiguous* S/G tables, only the last table might needs extra entries. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu

crypto: caam/jr - add support for Chacha20 + Poly1305

2018-11-16T06:11:03Z

Add support for Chacha20 + Poly1305 combined AEAD: -generic (rfc7539) -IPsec (rfc7634 - known as rfc7539esp in the kernel) Signed-off-by: Cristian Stoica Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu

crypto: caam - add Derived Key Protocol (DKP) support

2017-12-28T06:56:48Z

Offload split key generation in CAAM engine, using DKP. DKP is supported starting with Era 6. Note that the way assoclen is transmitted from the job descriptor to the shared descriptor changes - DPOVRD register is used instead of MATH3 (where available), since DKP protocol thrashes the MATH registers. The replacement of MDHA split key generation with DKP has the side effect of the crypto engine writing the authentication key, and thus the DMA mapping direction for the buffer holding the key has to change from DMA_TO_DEVICE to DMA_BIDIRECTIONAL. There are two cases: -key is inlined in descriptor - descriptor buffer mapping changes -key is referenced - key buffer mapping changes Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu