diff --git a/qca-nss-cfi/Makefile b/qca-nss-cfi/Makefile index c9e30db..effecf9 100644 --- a/qca-nss-cfi/Makefile +++ b/qca-nss-cfi/Makefile @@ -5,9 +5,9 @@ PKG_RELEASE:=3 PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/nss-cfi.git PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2022-12-15 -PKG_SOURCE_VERSION:=5cd07ce -PKG_MIRROR_HASH:=852129b4bc2a14e05c8a27e9c8904f9b7647a8aeeeaa764fd3747b5b5e441a0b +PKG_SOURCE_DATE:=2025-04-04 +PKG_SOURCE_VERSION:=ff11dae +PKG_MIRROR_HASH:=050a9c7f4177099bd60168b68ddc9eff5d62b62992858c89d514b428da93cba2 QSDK_VERSION:=12.5 PKG_VERSION:=$(QSDK_VERSION).$(subst -,.,$(PKG_SOURCE_DATE))~$(PKG_SOURCE_VERSION) diff --git a/qca-nss-cfi/patches/0001-cryptoapi-v2.0-fix-SHA1-header-include.patch b/qca-nss-cfi/patches/0001-cryptoapi-v2.0-fix-SHA1-header-include.patch deleted file mode 100644 index 12df90f..0000000 --- a/qca-nss-cfi/patches/0001-cryptoapi-v2.0-fix-SHA1-header-include.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 1569ac3b6bbcae9c3f4898e0d34aec8f88297ee6 Mon Sep 17 00:00:00 2001 -From: Robert Marko -Date: Sun, 22 Jan 2023 21:45:23 +0100 -Subject: [PATCH 1/5] cryptoapi: v2.0: fix SHA1 header include - -SHA1 header has been merged to the generic SHA one, -and with that the cryptohash.h was dropped. - -So, fix include in kernels 5.8 and newer. - -Signed-off-by: Robert Marko ---- - cryptoapi/v2.0/nss_cryptoapi.c | 5 +++++ - cryptoapi/v2.0/nss_cryptoapi_aead.c | 5 +++++ - cryptoapi/v2.0/nss_cryptoapi_ahash.c | 5 +++++ - 3 files changed, 15 insertions(+) - ---- a/cryptoapi/v2.0/nss_cryptoapi.c -+++ b/cryptoapi/v2.0/nss_cryptoapi.c -@@ -39,7 +39,12 @@ - - #include - #include -+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) - #include -+#else -+#include -+#include -+#endif - #include - #include - #include ---- a/cryptoapi/v2.0/nss_cryptoapi_aead.c -+++ b/cryptoapi/v2.0/nss_cryptoapi_aead.c -@@ -39,7 +39,12 @@ - - #include - #include -+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) - #include -+#else -+#include -+#include -+#endif - #include - #include - #include ---- a/cryptoapi/v2.0/nss_cryptoapi_ahash.c -+++ b/cryptoapi/v2.0/nss_cryptoapi_ahash.c -@@ -38,7 +38,12 @@ - - #include - #include -+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) - #include -+#else -+#include -+#include -+#endif - #include - #include - #include diff --git a/qca-nss-cfi/patches/0002-cryptoapi-v2.0-make-ablkcipher-optional.patch b/qca-nss-cfi/patches/0002-cryptoapi-v2.0-make-ablkcipher-optional.patch deleted file mode 100644 index e9702eb..0000000 --- a/qca-nss-cfi/patches/0002-cryptoapi-v2.0-make-ablkcipher-optional.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 26cca5006bddb0da57398452616e07ee7b11edb1 Mon Sep 17 00:00:00 2001 -From: Robert Marko -Date: Sun, 22 Jan 2023 22:01:34 +0100 -Subject: [PATCH 2/5] cryptoapi: v2.0: make ablkcipher optional - -albkcipher has been removed from the kernel in v5.5, so until it has been -converted to skcipher, lets make it optional to at least have hashes -working. - -Signed-off-by: Robert Marko ---- - cryptoapi/v2.0/Makefile | 3 +++ - cryptoapi/v2.0/nss_cryptoapi.c | 10 ++++++++++ - cryptoapi/v2.0/nss_cryptoapi_private.h | 2 ++ - 3 files changed, 15 insertions(+) - ---- a/cryptoapi/v2.0/Makefile -+++ b/cryptoapi/v2.0/Makefile -@@ -5,7 +5,10 @@ NSS_CRYPTOAPI_MOD_NAME=qca-nss-cfi-crypt - obj-m += $(NSS_CRYPTOAPI_MOD_NAME).o - $(NSS_CRYPTOAPI_MOD_NAME)-objs = nss_cryptoapi.o - $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_aead.o -+ifneq "$(NSS_CRYPTOAPI_ABLK)" "n" - $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ablk.o -+ccflags-y += -DNSS_CRYPTOAPI_ABLK -+endif - $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ahash.o - - obj ?= . ---- a/cryptoapi/v2.0/nss_cryptoapi.c -+++ b/cryptoapi/v2.0/nss_cryptoapi.c -@@ -1367,6 +1367,7 @@ struct aead_alg cryptoapi_aead_algs[] = - /* - * ABLK cipher algorithms - */ -+#if defined(NSS_CRYPTOAPI_ABLK) - static struct crypto_alg cryptoapi_ablkcipher_algs[] = { - { - .cra_name = "cbc(aes)", -@@ -1466,6 +1467,7 @@ static struct crypto_alg cryptoapi_ablkc - }, - } - }; -+#endif - - /* - * AHASH algorithms -@@ -2189,7 +2191,9 @@ void nss_cryptoapi_add_ctx2debugfs(struc - */ - void nss_cryptoapi_attach_user(void *app_data, struct nss_crypto_user *user) - { -+#if defined(NSS_CRYPTOAPI_ABLK) - struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; -+#endif - struct aead_alg *aead = cryptoapi_aead_algs; - struct ahash_alg *ahash = cryptoapi_ahash_algs; - struct nss_cryptoapi *sc = app_data; -@@ -2212,6 +2216,7 @@ void nss_cryptoapi_attach_user(void *app - g_cryptoapi.user = user; - } - -+#if defined(NSS_CRYPTOAPI_ABLK) - for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { - info = nss_cryptoapi_cra_name_lookup(ablk->cra_name); - if(!info || !nss_crypto_algo_is_supp(info->algo)) -@@ -2222,6 +2227,7 @@ void nss_cryptoapi_attach_user(void *app - ablk->cra_flags = 0; - } - } -+#endif - - for (i = 0; enable_aead && (i < ARRAY_SIZE(cryptoapi_aead_algs)); i++, aead++) { - info = nss_cryptoapi_cra_name_lookup(aead->base.cra_name); -@@ -2257,7 +2263,9 @@ void nss_cryptoapi_attach_user(void *app - */ - void nss_cryptoapi_detach_user(void *app_data, struct nss_crypto_user *user) - { -+#if defined(NSS_CRYPTOAPI_ABLK) - struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; -+#endif - struct aead_alg *aead = cryptoapi_aead_algs; - struct ahash_alg *ahash = cryptoapi_ahash_algs; - struct nss_cryptoapi *sc = app_data; -@@ -2270,6 +2278,7 @@ void nss_cryptoapi_detach_user(void *app - */ - atomic_set(&g_cryptoapi.registered, 0); - -+#if defined(NSS_CRYPTOAPI_ABLK) - for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { - if (!ablk->cra_flags) - continue; -@@ -2277,6 +2286,7 @@ void nss_cryptoapi_detach_user(void *app - crypto_unregister_alg(ablk); - nss_cfi_info("%px: ABLK unregister succeeded, algo: %s\n", sc, ablk->cra_name); - } -+#endif - - for (i = 0; enable_aead && (i < ARRAY_SIZE(cryptoapi_aead_algs)); i++, aead++) { - if (!aead->base.cra_flags) ---- a/cryptoapi/v2.0/nss_cryptoapi_private.h -+++ b/cryptoapi/v2.0/nss_cryptoapi_private.h -@@ -250,12 +250,14 @@ extern void nss_cryptoapi_aead_tx_proc(s - /* - * ABLKCIPHER - */ -+#if defined(NSS_CRYPTOAPI_ABLK) - extern int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm); - extern void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm); - extern int nss_cryptoapi_ablk_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int len); - extern int nss_cryptoapi_ablk_encrypt(struct ablkcipher_request *req); - extern int nss_cryptoapi_ablk_decrypt(struct ablkcipher_request *req); - extern void nss_cryptoapi_copy_iv(struct nss_cryptoapi_ctx *ctx, struct scatterlist *sg, uint8_t *iv, uint8_t iv_len); -+#endif - - /* - * AHASH diff --git a/qca-nss-cfi/patches/0003-cryptoapi-v2.0-remove-setting-crypto_ahash_type-for-.patch b/qca-nss-cfi/patches/0003-cryptoapi-v2.0-remove-setting-crypto_ahash_type-for-.patch deleted file mode 100644 index ad11b8b..0000000 --- a/qca-nss-cfi/patches/0003-cryptoapi-v2.0-remove-setting-crypto_ahash_type-for-.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 797b5166783cda0886038ffb22f5386b9363a961 Mon Sep 17 00:00:00 2001 -From: Robert Marko -Date: Sun, 22 Jan 2023 22:08:27 +0100 -Subject: [PATCH 3/5] cryptoapi: v2.0: remove setting crypto_ahash_type for - newer kernels - -Upstream has stopped exporting crypto_ahash_type and removed setting it -on ahash algos since v4.19 as its easily identifiable by the struct type -and its being set in the core directly, so lets do the same. - -Signed-off-by: Robert Marko ---- - cryptoapi/v2.0/nss_cryptoapi.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - ---- a/cryptoapi/v2.0/nss_cryptoapi.c -+++ b/cryptoapi/v2.0/nss_cryptoapi.c -@@ -1495,7 +1495,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = MD5_HMAC_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1521,7 +1523,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA1_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1547,7 +1551,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA224_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1573,7 +1579,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA256_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1599,7 +1607,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA384_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1625,7 +1635,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA512_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1655,7 +1667,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = MD5_HMAC_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1681,7 +1695,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA1_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1707,7 +1723,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA224_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1733,7 +1751,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA256_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1759,7 +1779,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA384_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, -@@ -1785,7 +1807,9 @@ static struct ahash_alg cryptoapi_ahash_ - .cra_blocksize = SHA512_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), - .cra_alignmask = 0, -+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .cra_type = &crypto_ahash_type, -+#endif - .cra_module = THIS_MODULE, - .cra_init = nss_cryptoapi_ahash_cra_init, - .cra_exit = nss_cryptoapi_ahash_cra_exit, diff --git a/qca-nss-cfi/patches/0005-cryptoapi-v2.0-remove-dropped-flags.patch b/qca-nss-cfi/patches/0005-cryptoapi-v2.0-remove-dropped-flags.patch deleted file mode 100644 index 645633a..0000000 --- a/qca-nss-cfi/patches/0005-cryptoapi-v2.0-remove-dropped-flags.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 62bbb188e1a72d28916e1eca31f4cb9fbbf51cd1 Mon Sep 17 00:00:00 2001 -From: Robert Marko -Date: Sun, 22 Jan 2023 22:11:06 +0100 -Subject: [PATCH 5/5] cryptoapi: v2.0: remove dropped flags - -Upstream has dropped these flags as there was no use for them, so lets do -the same. - -Signed-off-by: Robert Marko ---- - cryptoapi/v2.0/nss_cryptoapi_aead.c | 6 ------ - cryptoapi/v2.0/nss_cryptoapi_ahash.c | 4 ---- - 2 files changed, 10 deletions(-) - ---- a/cryptoapi/v2.0/nss_cryptoapi_aead.c -+++ b/cryptoapi/v2.0/nss_cryptoapi_aead.c -@@ -207,7 +207,6 @@ int nss_cryptoapi_aead_setkey_noauth(str - ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keylen, 0); - if (!ctx->info) { - nss_cfi_err("%px: Unable to find algorithm with keylen\n", ctx); -- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); - return -ENOENT; - } - -@@ -239,7 +238,6 @@ int nss_cryptoapi_aead_setkey_noauth(str - status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); - if (status < 0) { - nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); -- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_FLAGS); - return status; - } - -@@ -271,14 +269,12 @@ int nss_cryptoapi_aead_setkey(struct cry - */ - if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) { - nss_cfi_err("%px: Unable to extract keys\n", ctx); -- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); - return -EIO; - } - - ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keys.enckeylen, crypto_aead_maxauthsize(aead)); - if (!ctx->info) { - nss_cfi_err("%px: Unable to find algorithm with keylen\n", ctx); -- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); - return -ENOENT; - } - -@@ -299,7 +295,6 @@ int nss_cryptoapi_aead_setkey(struct cry - */ - if (keys.authkeylen > ctx->info->auth_blocksize) { - nss_cfi_err("%px: Auth keylen(%d) exceeds supported\n", ctx, keys.authkeylen); -- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); - return -EINVAL; - } - -@@ -342,7 +337,6 @@ int nss_cryptoapi_aead_setkey(struct cry - status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); - if (status < 0) { - nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); -- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_FLAGS); - return status; - } - ---- a/cryptoapi/v2.0/nss_cryptoapi_ahash.c -+++ b/cryptoapi/v2.0/nss_cryptoapi_ahash.c -@@ -192,7 +192,6 @@ int nss_cryptoapi_ahash_setkey(struct cr - - ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), 0, crypto_ahash_digestsize(ahash)); - if (!ctx->info) { -- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN); - return -EINVAL; - } - -@@ -215,7 +214,6 @@ int nss_cryptoapi_ahash_setkey(struct cr - status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); - if (status < 0) { - nss_cfi_warn("%px: Unable to allocate crypto session(%d)\n", ctx, status); -- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_FLAGS); - return status; - } - -@@ -299,7 +297,6 @@ int nss_cryptoapi_ahash_init(struct ahas - */ - ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), 0, 0); - if (!ctx->info) { -- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN); - return -EINVAL; - } - -@@ -314,7 +311,6 @@ int nss_cryptoapi_ahash_init(struct ahas - status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); - if (status < 0) { - nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); -- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_FLAGS); - return status; - } - diff --git a/qca-nss-cfi/patches/0006-cryptoapi-v2.0-convert-to-skcipher.patch b/qca-nss-cfi/patches/0006-cryptoapi-v2.0-convert-to-skcipher.patch deleted file mode 100644 index f85e3d8..0000000 --- a/qca-nss-cfi/patches/0006-cryptoapi-v2.0-convert-to-skcipher.patch +++ /dev/null @@ -1,1199 +0,0 @@ -From 1b30927548c2498c76b815b87f604f9a1de40a48 Mon Sep 17 00:00:00 2001 -From: Robert Marko -Date: Sun, 22 Jan 2023 23:31:09 +0100 -Subject: [PATCH] cryptoapi: v2.0: convert to skcipher - -Finally convert the driver from ablkcipher that was dropped in v5.5 to -skcipher. - -Signed-off-by: Robert Marko ---- - cryptoapi/v2.0/Makefile | 6 +- - cryptoapi/v2.0/nss_cryptoapi.c | 200 ++++++++---------- - cryptoapi/v2.0/nss_cryptoapi_private.h | 14 +- - ...ptoapi_ablk.c => nss_cryptoapi_skcipher.c} | 116 +++++----- - 4 files changed, 145 insertions(+), 191 deletions(-) - rename cryptoapi/v2.0/{nss_cryptoapi_ablk.c => nss_cryptoapi_skcipher.c} (74%) - ---- a/cryptoapi/v2.0/Makefile -+++ b/cryptoapi/v2.0/Makefile -@@ -5,9 +5,9 @@ NSS_CRYPTOAPI_MOD_NAME=qca-nss-cfi-crypt - obj-m += $(NSS_CRYPTOAPI_MOD_NAME).o - $(NSS_CRYPTOAPI_MOD_NAME)-objs = nss_cryptoapi.o - $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_aead.o --ifneq "$(NSS_CRYPTOAPI_ABLK)" "n" --$(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ablk.o --ccflags-y += -DNSS_CRYPTOAPI_ABLK -+ifneq "$(NSS_CRYPTOAPI_SKCIPHER)" "n" -+$(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_skcipher.o -+ccflags-y += -DNSS_CRYPTOAPI_SKCIPHER - endif - $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ahash.o - ---- a/cryptoapi/v2.0/nss_cryptoapi.c -+++ b/cryptoapi/v2.0/nss_cryptoapi.c -@@ -1367,104 +1367,78 @@ struct aead_alg cryptoapi_aead_algs[] = - /* - * ABLK cipher algorithms - */ --#if defined(NSS_CRYPTOAPI_ABLK) --static struct crypto_alg cryptoapi_ablkcipher_algs[] = { -+#if defined(NSS_CRYPTOAPI_SKCIPHER) -+static struct skcipher_alg cryptoapi_skcipher_algs[] = { - { -- .cra_name = "cbc(aes)", -- .cra_driver_name = "nss-cbc-aes", -- .cra_priority = 10000, -- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, -- .cra_blocksize = AES_BLOCK_SIZE, -- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), -- .cra_alignmask = 0, -- .cra_type = &crypto_ablkcipher_type, -- .cra_module = THIS_MODULE, -- .cra_init = nss_cryptoapi_ablkcipher_init, -- .cra_exit = nss_cryptoapi_ablkcipher_exit, -- .cra_u = { -- .ablkcipher = { -- .ivsize = AES_BLOCK_SIZE, -- .min_keysize = AES_MIN_KEY_SIZE, -- .max_keysize = AES_MAX_KEY_SIZE, -- .setkey = nss_cryptoapi_ablk_setkey, -- .encrypt = nss_cryptoapi_ablk_encrypt, -- .decrypt = nss_cryptoapi_ablk_decrypt, -- }, -- }, -- }, -- { -- .cra_name = "rfc3686(ctr(aes))", -- .cra_driver_name = "nss-rfc3686-ctr-aes", -- .cra_priority = 30000, -- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, -- .cra_blocksize = AES_BLOCK_SIZE, -- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), -- .cra_alignmask = 0, -- .cra_type = &crypto_ablkcipher_type, -- .cra_module = THIS_MODULE, -- .cra_init = nss_cryptoapi_ablkcipher_init, -- .cra_exit = nss_cryptoapi_ablkcipher_exit, -- .cra_u = { -- .ablkcipher = { -- .ivsize = CTR_RFC3686_IV_SIZE, --/* -- * geniv deprecated from kernel version 5.0 and above -- */ --#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0)) -- .geniv = "seqiv", --#endif -- .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, -- .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, -- .setkey = nss_cryptoapi_ablk_setkey, -- .encrypt = nss_cryptoapi_ablk_encrypt, -- .decrypt = nss_cryptoapi_ablk_decrypt, -- }, -- }, -- }, -- { -- .cra_name = "ecb(aes)", -- .cra_driver_name = "nss-ecb-aes", -- .cra_priority = 10000, -- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, -- .cra_blocksize = AES_BLOCK_SIZE, -- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), -- .cra_alignmask = 0, -- .cra_type = &crypto_ablkcipher_type, -- .cra_module = THIS_MODULE, -- .cra_init = nss_cryptoapi_ablkcipher_init, -- .cra_exit = nss_cryptoapi_ablkcipher_exit, -- .cra_u = { -- .ablkcipher = { -- .min_keysize = AES_MIN_KEY_SIZE, -- .max_keysize = AES_MAX_KEY_SIZE, -- .setkey = nss_cryptoapi_ablk_setkey, -- .encrypt = nss_cryptoapi_ablk_encrypt, -- .decrypt = nss_cryptoapi_ablk_decrypt, -- }, -- }, -- }, -- { -- .cra_name = "cbc(des3_ede)", -- .cra_driver_name = "nss-cbc-des-ede", -- .cra_priority = 10000, -- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, -- .cra_blocksize = DES3_EDE_BLOCK_SIZE, -- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), -- .cra_alignmask = 0, -- .cra_type = &crypto_ablkcipher_type, -- .cra_module = THIS_MODULE, -- .cra_init = nss_cryptoapi_ablkcipher_init, -- .cra_exit = nss_cryptoapi_ablkcipher_exit, -- .cra_u = { -- .ablkcipher = { -- .ivsize = DES3_EDE_BLOCK_SIZE, -- .min_keysize = DES3_EDE_KEY_SIZE, -- .max_keysize = DES3_EDE_KEY_SIZE, -- .setkey = nss_cryptoapi_ablk_setkey, -- .encrypt = nss_cryptoapi_ablk_encrypt, -- .decrypt = nss_cryptoapi_ablk_decrypt, -- }, -- }, -+ .base.cra_name = "cbc(aes)", -+ .base.cra_driver_name = "nss-cbc-aes", -+ .base.cra_priority = 10000, -+ .base.cra_flags = CRYPTO_ALG_ASYNC, -+ .base.cra_blocksize = AES_BLOCK_SIZE, -+ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), -+ .base.cra_alignmask = 0, -+ .base.cra_module = THIS_MODULE, -+ .init = nss_cryptoapi_skcipher_init, -+ .exit = nss_cryptoapi_skcipher_exit, -+ .ivsize = AES_BLOCK_SIZE, -+ .min_keysize = AES_MIN_KEY_SIZE, -+ .max_keysize = AES_MAX_KEY_SIZE, -+ .setkey = nss_cryptoapi_skcipher_setkey, -+ .encrypt = nss_cryptoapi_skcipher_encrypt, -+ .decrypt = nss_cryptoapi_skcipher_decrypt, -+ }, -+ { -+ .base.cra_name = "rfc3686(ctr(aes))", -+ .base.cra_driver_name = "nss-rfc3686-ctr-aes", -+ .base.cra_priority = 30000, -+ .base.cra_flags = CRYPTO_ALG_ASYNC, -+ .base.cra_blocksize = AES_BLOCK_SIZE, -+ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), -+ .base.cra_alignmask = 0, -+ .base.cra_module = THIS_MODULE, -+ .init = nss_cryptoapi_skcipher_init, -+ .exit = nss_cryptoapi_skcipher_exit, -+ .ivsize = CTR_RFC3686_IV_SIZE, -+ .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, -+ .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, -+ .setkey = nss_cryptoapi_skcipher_setkey, -+ .encrypt = nss_cryptoapi_skcipher_encrypt, -+ .decrypt = nss_cryptoapi_skcipher_decrypt, -+ }, -+ { -+ .base.cra_name = "ecb(aes)", -+ .base.cra_driver_name = "nss-ecb-aes", -+ .base.cra_priority = 10000, -+ .base.cra_flags = CRYPTO_ALG_ASYNC, -+ .base.cra_blocksize = AES_BLOCK_SIZE, -+ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), -+ .base.cra_alignmask = 0, -+ .base.cra_module = THIS_MODULE, -+ .init = nss_cryptoapi_skcipher_init, -+ .exit = nss_cryptoapi_skcipher_exit, -+ .min_keysize = AES_MIN_KEY_SIZE, -+ .max_keysize = AES_MAX_KEY_SIZE, -+ .setkey = nss_cryptoapi_skcipher_setkey, -+ .encrypt = nss_cryptoapi_skcipher_encrypt, -+ .decrypt = nss_cryptoapi_skcipher_decrypt, -+ }, -+ { -+ .base.cra_name = "cbc(des3_ede)", -+ .base.cra_driver_name = "nss-cbc-des-ede", -+ .base.cra_priority = 10000, -+ .base.cra_flags = CRYPTO_ALG_ASYNC, -+ .base.cra_blocksize = DES3_EDE_BLOCK_SIZE, -+ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), -+ .base.cra_alignmask = 0, -+ .base.cra_module = THIS_MODULE, -+ .init = nss_cryptoapi_skcipher_init, -+ .exit = nss_cryptoapi_skcipher_exit, -+ .ivsize = DES3_EDE_BLOCK_SIZE, -+ .min_keysize = DES3_EDE_KEY_SIZE, -+ .max_keysize = DES3_EDE_KEY_SIZE, -+ .setkey = nss_cryptoapi_skcipher_setkey, -+ .encrypt = nss_cryptoapi_skcipher_encrypt, -+ .decrypt = nss_cryptoapi_skcipher_decrypt, - } - }; - #endif -@@ -2215,8 +2189,8 @@ void nss_cryptoapi_add_ctx2debugfs(struc - */ - void nss_cryptoapi_attach_user(void *app_data, struct nss_crypto_user *user) - { --#if defined(NSS_CRYPTOAPI_ABLK) -- struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; -+#if defined(NSS_CRYPTOAPI_SKCIPHER) -+ struct skcipher_alg *ablk = cryptoapi_skcipher_algs; - #endif - struct aead_alg *aead = cryptoapi_aead_algs; - struct ahash_alg *ahash = cryptoapi_ahash_algs; -@@ -2240,15 +2214,15 @@ void nss_cryptoapi_attach_user(void *app - g_cryptoapi.user = user; - } - --#if defined(NSS_CRYPTOAPI_ABLK) -- for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { -- info = nss_cryptoapi_cra_name_lookup(ablk->cra_name); -+#if defined(NSS_CRYPTOAPI_SKCIPHER) -+ for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_skcipher_algs)); i++, ablk++) { -+ info = nss_cryptoapi_cra_name_lookup(ablk->base.cra_name); - if(!info || !nss_crypto_algo_is_supp(info->algo)) - continue; - -- if (crypto_register_alg(ablk)) { -- nss_cfi_err("%px: ABLK registration failed(%s)\n", sc, ablk->cra_name); -- ablk->cra_flags = 0; -+ if (crypto_register_skcipher(ablk)) { -+ nss_cfi_err("%px: skcipher registration failed(%s)\n", sc, ablk->base.cra_name); -+ ablk->base.cra_flags = 0; - } - } - #endif -@@ -2287,8 +2261,8 @@ void nss_cryptoapi_attach_user(void *app - */ - void nss_cryptoapi_detach_user(void *app_data, struct nss_crypto_user *user) - { --#if defined(NSS_CRYPTOAPI_ABLK) -- struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; -+#if defined(NSS_CRYPTOAPI_SKCIPHER) -+ struct skcipher_alg *ablk = cryptoapi_skcipher_algs; - #endif - struct aead_alg *aead = cryptoapi_aead_algs; - struct ahash_alg *ahash = cryptoapi_ahash_algs; -@@ -2302,13 +2276,13 @@ void nss_cryptoapi_detach_user(void *app - */ - atomic_set(&g_cryptoapi.registered, 0); - --#if defined(NSS_CRYPTOAPI_ABLK) -- for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { -- if (!ablk->cra_flags) -+#if defined(NSS_CRYPTOAPI_SKCIPHER) -+ for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_skcipher_algs)); i++, ablk++) { -+ if (!ablk->base.cra_flags) - continue; - -- crypto_unregister_alg(ablk); -- nss_cfi_info("%px: ABLK unregister succeeded, algo: %s\n", sc, ablk->cra_name); -+ crypto_unregister_skcipher(ablk); -+ nss_cfi_info("%px: skcipher unregister succeeded, algo: %s\n", sc, ablk->base.cra_name); - } - #endif - ---- a/cryptoapi/v2.0/nss_cryptoapi_private.h -+++ b/cryptoapi/v2.0/nss_cryptoapi_private.h -@@ -248,14 +248,14 @@ extern void nss_cryptoapi_aead_tx_proc(s - struct nss_cryptoapi_info *info, bool encrypt); - - /* -- * ABLKCIPHER -+ * SKCIPHER - */ --#if defined(NSS_CRYPTOAPI_ABLK) --extern int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm); --extern void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm); --extern int nss_cryptoapi_ablk_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int len); --extern int nss_cryptoapi_ablk_encrypt(struct ablkcipher_request *req); --extern int nss_cryptoapi_ablk_decrypt(struct ablkcipher_request *req); -+#if defined(NSS_CRYPTOAPI_SKCIPHER) -+extern int nss_cryptoapi_skcipher_init(struct crypto_skcipher *tfm); -+extern void nss_cryptoapi_skcipher_exit(struct crypto_skcipher *tfm); -+extern int nss_cryptoapi_skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int len); -+extern int nss_cryptoapi_skcipher_encrypt(struct skcipher_request *req); -+extern int nss_cryptoapi_skcipher_decrypt(struct skcipher_request *req); - extern void nss_cryptoapi_copy_iv(struct nss_cryptoapi_ctx *ctx, struct scatterlist *sg, uint8_t *iv, uint8_t iv_len); - #endif - ---- a/cryptoapi/v2.0/nss_cryptoapi_ablk.c -+++ /dev/null -@@ -1,458 +0,0 @@ --/* Copyright (c) 2015-2020 The Linux Foundation. All rights reserved. -- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. -- * -- * Permission to use, copy, modify, and/or distribute this software for any -- * purpose with or without fee is hereby granted, provided that the above -- * copyright notice and this permission notice appear in all copies. -- * -- * -- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -- * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT -- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -- * PERFORMANCE OF THIS SOFTWARE. -- * -- * -- */ -- --/** -- * nss_cryptoapi_ablk.c -- * Interface to communicate Native Linux crypto framework specific data -- * to Crypto core specific data -- */ -- --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include -- --#include --#include --#include --#include --#include --#include --#include --#include --#include -- --#include --#include --#include --#include --#include --#include --#include --#include "nss_cryptoapi_private.h" -- --extern struct nss_cryptoapi g_cryptoapi; -- --/* -- * nss_cryptoapi_skcipher_ctx2session() -- * Cryptoapi function to get the session ID for an skcipher -- */ --int nss_cryptoapi_skcipher_ctx2session(struct crypto_skcipher *sk, uint32_t *sid) --{ -- struct crypto_tfm *tfm = crypto_skcipher_tfm(sk); -- struct crypto_ablkcipher **actx, *ablk; -- struct ablkcipher_tfm *ablk_tfm; -- struct nss_cryptoapi_ctx *ctx; -- -- if (strncmp("nss-", crypto_tfm_alg_driver_name(tfm), 4)) -- return -EINVAL; -- -- /* Get the ablkcipher from the skcipher */ -- actx = crypto_skcipher_ctx(sk); -- if (!actx || !(*actx)) -- return -EINVAL; -- -- /* -- * The ablkcipher now obtained is a wrapper around the actual -- * ablkcipher that is created when the skcipher is created. -- * Hence we derive the required ablkcipher through ablkcipher_tfm. -- */ -- ablk_tfm = crypto_ablkcipher_crt(*actx); -- if (!ablk_tfm) -- return -EINVAL; -- -- ablk = ablk_tfm->base; -- if (!ablk) -- return -EINVAL; -- -- /* Get the nss_cryptoapi context stored in the ablkcipher */ -- ctx = crypto_ablkcipher_ctx(ablk); -- -- BUG_ON(!ctx); -- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -- -- *sid = ctx->sid; -- return 0; --} --EXPORT_SYMBOL(nss_cryptoapi_skcipher_ctx2session); -- --/* -- * nss_cryptoapi_ablkcipher_init() -- * Cryptoapi ablkcipher init function. -- */ --int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm) --{ -- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); -- -- BUG_ON(!ctx); -- NSS_CRYPTOAPI_SET_MAGIC(ctx); -- -- memset(ctx, 0, sizeof(struct nss_cryptoapi_ctx)); -- -- ctx->user = g_cryptoapi.user; -- ctx->stats.init++; -- ctx->sid = NSS_CRYPTO_SESSION_MAX; -- init_completion(&ctx->complete); -- -- return 0; --} -- --/* -- * nss_cryptoapi_ablkcipher_exit() -- * Cryptoapi ablkcipher exit function. -- */ --void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm) --{ -- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); -- int ret; -- -- BUG_ON(!ctx); -- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -- -- ctx->stats.exit++; -- -- /* -- * When fallback_req is set, it means that fallback tfm was used -- * we didn't create any sessions. -- */ -- if (ctx->fallback_req) { -- ctx->stats.failed_fallback++; -- return; -- } -- -- if (!atomic_read(&ctx->active)) { -- ctx->stats.failed_exit++; -- return; -- } -- -- /* -- * Mark cryptoapi context as inactive -- */ -- atomic_set(&ctx->active, 0); -- -- if (!atomic_sub_and_test(1, &ctx->refcnt)) { -- /* -- * We need to wait for any outstanding packet using this ctx. -- * Once the last packet get processed, reference count will become -- * 0 this ctx. We will wait for the reference to go down to 0. -- */ -- ret = wait_for_completion_timeout(&ctx->complete, NSS_CRYPTOAPI_REQ_TIMEOUT_TICKS); -- WARN_ON(!ret); -- } -- -- if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { -- nss_crypto_session_free(ctx->user, ctx->sid); -- debugfs_remove_recursive(ctx->dentry); -- ctx->sid = NSS_CRYPTO_SESSION_MAX; -- } -- -- NSS_CRYPTOAPI_CLEAR_MAGIC(ctx); --} -- --/* -- * nss_cryptoapi_ablk_setkey() -- * Cryptoapi setkey routine for aes. -- */ --int nss_cryptoapi_ablk_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int keylen) --{ -- struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); -- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); -- struct nss_crypto_session_data data = {0}; -- int status; -- -- /* -- * Validate magic number - init should be called before setkey -- */ -- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -- -- ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keylen, 0); -- if (!ctx->info) { -- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); -- return -EINVAL; -- } -- -- ctx->iv_size = crypto_ablkcipher_ivsize(cipher); -- -- if (ctx->info->cipher_mode == NSS_CRYPTOAPI_CIPHER_MODE_CTR_RFC3686) { -- keylen = keylen - CTR_RFC3686_NONCE_SIZE; -- memcpy(ctx->ctx_iv, key + keylen, CTR_RFC3686_NONCE_SIZE); -- ctx->ctx_iv[3] = ntohl(0x1); -- ctx->iv_size += CTR_RFC3686_NONCE_SIZE + sizeof(uint32_t); -- } -- -- /* -- * Fill NSS crypto session data -- */ -- data.algo = ctx->info->algo; -- data.cipher_key = key; -- -- if (data.algo >= NSS_CRYPTO_CMN_ALGO_MAX) -- return -ERANGE; -- -- if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { -- nss_crypto_session_free(ctx->user, ctx->sid); -- debugfs_remove_recursive(ctx->dentry); -- ctx->sid = NSS_CRYPTO_SESSION_MAX; -- } -- -- status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); -- if (status < 0) { -- nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); -- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_FLAGS); -- return status; -- } -- -- nss_cryptoapi_add_ctx2debugfs(ctx); -- atomic_set(&ctx->active, 1); -- atomic_set(&ctx->refcnt, 1); -- return 0; --} -- --/* -- * nss_cryptoapi_ablkcipher_done() -- * Cipher operation completion callback function -- */ --void nss_cryptoapi_ablkcipher_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) --{ -- struct ablkcipher_request *req = app_data; -- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(req->base.tfm); -- int error; -- -- BUG_ON(!ch); -- -- /* -- * Check cryptoapi context magic number. -- */ -- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -- -- /* -- * For skcipher decryption case, the last block of encrypted data is used as -- * an IV for the next data -- */ -- if (ch->op == NSS_CRYPTO_OP_DIR_ENC) { -- nss_cryptoapi_copy_iv(ctx, req->dst, req->info, ch->iv_len); -- } -- -- /* -- * Free crypto hdr -- */ -- nss_crypto_hdr_free(ctx->user, ch); -- -- nss_cfi_dbg("data dump after transformation\n"); -- nss_cfi_dbg_data(sg_virt(req->dst), req->nbytes, ' '); -- -- /* -- * Check if there is any error reported by hardware -- */ -- error = nss_cryptoapi_status2error(ctx, status); -- ctx->stats.completed++; -- -- /* -- * Decrement cryptoapi reference -- */ -- nss_cryptoapi_ref_dec(ctx); -- req->base.complete(&req->base, error); --} -- --/* -- * nss_cryptoapi_ablk_encrypt() -- * Crytoapi encrypt for AES and 3DES algorithms. -- */ --int nss_cryptoapi_ablk_encrypt(struct ablkcipher_request *req) --{ -- struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_ENC}; -- struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); -- struct nss_cryptoapi_ctx *ctx = crypto_ablkcipher_ctx(cipher); -- struct crypto_tfm *tfm = req->base.tfm; -- struct scatterlist *cur; -- int tot_len = 0; -- int i; -- -- /* -- * Check cryptoapi context magic number. -- */ -- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -- -- /* -- * Check if cryptoapi context is active or not -- */ -- if (!atomic_read(&ctx->active)) -- return -EINVAL; -- -- if (sg_nents(req->src) != sg_nents(req->dst)) { -- ctx->stats.failed_req++; -- return -EINVAL; -- } -- -- /* -- * Block size not aligned. -- * AES-CTR requires only a one-byte block size alignment. -- */ -- if (!IS_ALIGNED(req->nbytes, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { -- ctx->stats.failed_align++; -- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); -- return -EFAULT; -- } -- -- /* -- * Fill the request information structure -- */ -- info.iv = req->info; -- info.src.nsegs = sg_nents(req->src); -- info.dst.nsegs = sg_nents(req->dst); -- info.op_dir = NSS_CRYPTO_OP_DIR_ENC; -- info.cb = nss_cryptoapi_ablkcipher_done; -- info.iv_size = ctx->iv_size; -- info.src.first_sg = req->src; -- info.dst.first_sg = req->dst; -- info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); -- -- /* out and in length will be same as ablk does only encrypt/decryt operation */ -- info.total_in_len = info.total_out_len = req->nbytes; -- info.in_place = (req->src == req->dst) ? true : false; -- -- /* -- * The exact length of data that needs to be ciphered for an ABLK -- * request is stored in req->nbytes. Hence we may have to reduce -- * the DMA length to what is specified in req->nbytes and later -- * restore the length of scatterlist back to its original value. -- */ -- for_each_sg(req->src, cur, info.src.nsegs, i) { -- if (!cur) -- break; -- -- tot_len += cur->length; -- if (!sg_next(cur)) -- break; -- } -- -- /* -- * We only support (2^16 - 1) length. -- */ -- if (tot_len > U16_MAX) { -- ctx->stats.failed_len++; -- return -EFBIG; -- } -- -- info.src.last_sg = cur; -- info.ahash_skip = tot_len - req->nbytes; -- -- if (!atomic_inc_not_zero(&ctx->refcnt)) -- return -ENOENT; -- -- return nss_cryptoapi_transform(ctx, &info, (void *)req, false); --} -- --/* -- * nss_cryptoapi_ablk_decrypt() -- * Crytoapi decrypt for AES and 3DES CBC algorithms. -- */ --int nss_cryptoapi_ablk_decrypt(struct ablkcipher_request *req) --{ -- struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_DEC}; -- struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); -- struct nss_cryptoapi_ctx *ctx = crypto_ablkcipher_ctx(cipher); -- struct crypto_tfm *tfm = req->base.tfm; -- struct scatterlist *cur; -- int tot_len = 0; -- int i; -- -- /* -- * Check cryptoapi context magic number. -- */ -- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -- -- /* -- * Check if cryptoapi context is active or not -- */ -- if (!atomic_read(&ctx->active)) -- return -EINVAL; -- -- if (sg_nents(req->src) != sg_nents(req->dst)) { -- ctx->stats.failed_req++; -- return -EINVAL; -- } -- -- /* -- * Block size not aligned -- */ -- if (!IS_ALIGNED(req->nbytes, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { -- ctx->stats.failed_align++; -- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); -- return -EFAULT; -- } -- -- /* -- * Fill the request information structure -- * Note: For CTR mode, IV size will be set to AES_BLOCK_SIZE. -- * This is because linux gives iv size as 8 while we need to alloc 16 bytes -- * in crypto hdr to accomodate -- * - 4 bytes of nonce -- * - 8 bytes of IV -- * - 4 bytes of initial counter -- */ -- info.iv = req->info; -- info.src.nsegs = sg_nents(req->src); -- info.dst.nsegs = sg_nents(req->dst); -- info.iv_size = ctx->iv_size; -- info.op_dir = NSS_CRYPTO_OP_DIR_DEC; -- info.cb = nss_cryptoapi_ablkcipher_done; -- info.src.first_sg = req->src; -- info.dst.first_sg = req->dst; -- info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); -- -- /* out and in length will be same as ablk does only encrypt/decryt operation */ -- info.total_in_len = info.total_out_len = req->nbytes; -- info.in_place = (req->src == req->dst) ? true : false; -- -- /* -- * The exact length of data that needs to be ciphered for an ABLK -- * request is stored in req->nbytes. Hence we may have to reduce -- * the DMA length to what is specified in req->nbytes and later -- * restore the length of scatterlist back to its original value. -- */ -- for_each_sg(req->src, cur, info.src.nsegs, i) { -- tot_len += cur->length; -- if (!sg_next(cur)) -- break; -- } -- -- /* -- * We only support (2^16 - 1) length. -- */ -- if (tot_len > U16_MAX) { -- ctx->stats.failed_len++; -- return -EFBIG; -- } -- -- info.ahash_skip = tot_len - req->nbytes; -- info.src.last_sg = cur; -- -- if (!atomic_inc_not_zero(&ctx->refcnt)) -- return -ENOENT; -- -- return nss_cryptoapi_transform(ctx, &info, (void *)req, false); --} ---- /dev/null -+++ b/cryptoapi/v2.0/nss_cryptoapi_skcipher.c -@@ -0,0 +1,438 @@ -+/* Copyright (c) 2015-2020 The Linux Foundation. All rights reserved. -+ * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. -+ * -+ * Permission to use, copy, modify, and/or distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -+ * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT -+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -+ * PERFORMANCE OF THIS SOFTWARE. -+ * -+ * -+ */ -+ -+/** -+ * nss_cryptoapi_ablk.c -+ * Interface to communicate Native Linux crypto framework specific data -+ * to Crypto core specific data -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) -+#include -+#else -+#include -+#include -+#endif -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "nss_cryptoapi_private.h" -+ -+extern struct nss_cryptoapi g_cryptoapi; -+ -+/* -+ * nss_cryptoapi_skcipher_ctx2session() -+ * Cryptoapi function to get the session ID for an skcipher -+ */ -+int nss_cryptoapi_skcipher_ctx2session(struct crypto_skcipher *sk, uint32_t *sid) -+{ -+ struct crypto_tfm *tfm = crypto_skcipher_tfm(sk); -+ struct nss_cryptoapi_ctx *ctx; -+ -+ if (strncmp("nss-", crypto_tfm_alg_driver_name(tfm), 4)) -+ return -EINVAL; -+ -+ /* Get the nss_cryptoapi context stored in skcipher */ -+ ctx = crypto_skcipher_ctx(sk); -+ BUG_ON(!ctx); -+ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -+ -+ *sid = ctx->sid; -+ return 0; -+} -+EXPORT_SYMBOL(nss_cryptoapi_skcipher_ctx2session); -+ -+/* -+ * nss_cryptoapi_skcipher_init() -+ * Cryptoapi skcipher init function. -+ */ -+int nss_cryptoapi_skcipher_init(struct crypto_skcipher *tfm) -+{ -+ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(tfm); -+ -+ BUG_ON(!ctx); -+ NSS_CRYPTOAPI_SET_MAGIC(ctx); -+ -+ memset(ctx, 0, sizeof(struct nss_cryptoapi_ctx)); -+ -+ ctx->user = g_cryptoapi.user; -+ ctx->stats.init++; -+ ctx->sid = NSS_CRYPTO_SESSION_MAX; -+ init_completion(&ctx->complete); -+ -+ return 0; -+} -+ -+/* -+ * nss_cryptoapi_skcipher_exit() -+ * Cryptoapi skcipher exit function. -+ */ -+void nss_cryptoapi_skcipher_exit(struct crypto_skcipher *tfm) -+{ -+ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(tfm); -+ int ret; -+ -+ BUG_ON(!ctx); -+ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -+ -+ ctx->stats.exit++; -+ -+ /* -+ * When fallback_req is set, it means that fallback tfm was used -+ * we didn't create any sessions. -+ */ -+ if (ctx->fallback_req) { -+ ctx->stats.failed_fallback++; -+ return; -+ } -+ -+ if (!atomic_read(&ctx->active)) { -+ ctx->stats.failed_exit++; -+ return; -+ } -+ -+ /* -+ * Mark cryptoapi context as inactive -+ */ -+ atomic_set(&ctx->active, 0); -+ -+ if (!atomic_sub_and_test(1, &ctx->refcnt)) { -+ /* -+ * We need to wait for any outstanding packet using this ctx. -+ * Once the last packet get processed, reference count will become -+ * 0 this ctx. We will wait for the reference to go down to 0. -+ */ -+ ret = wait_for_completion_timeout(&ctx->complete, NSS_CRYPTOAPI_REQ_TIMEOUT_TICKS); -+ WARN_ON(!ret); -+ } -+ -+ if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { -+ nss_crypto_session_free(ctx->user, ctx->sid); -+ debugfs_remove_recursive(ctx->dentry); -+ ctx->sid = NSS_CRYPTO_SESSION_MAX; -+ } -+ -+ NSS_CRYPTOAPI_CLEAR_MAGIC(ctx); -+} -+ -+/* -+ * nss_cryptoapi_skcipher_setkey() -+ * Cryptoapi setkey routine for aes. -+ */ -+int nss_cryptoapi_skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) -+{ -+ struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); -+ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); -+ struct nss_crypto_session_data data = {0}; -+ int status; -+ -+ /* -+ * Validate magic number - init should be called before setkey -+ */ -+ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -+ -+ ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keylen, 0); -+ if (!ctx->info) { -+ return -EINVAL; -+ } -+ -+ ctx->iv_size = crypto_skcipher_ivsize(cipher); -+ -+ if (ctx->info->cipher_mode == NSS_CRYPTOAPI_CIPHER_MODE_CTR_RFC3686) { -+ keylen = keylen - CTR_RFC3686_NONCE_SIZE; -+ memcpy(ctx->ctx_iv, key + keylen, CTR_RFC3686_NONCE_SIZE); -+ ctx->ctx_iv[3] = ntohl(0x1); -+ ctx->iv_size += CTR_RFC3686_NONCE_SIZE + sizeof(uint32_t); -+ } -+ -+ /* -+ * Fill NSS crypto session data -+ */ -+ data.algo = ctx->info->algo; -+ data.cipher_key = key; -+ -+ if (data.algo >= NSS_CRYPTO_CMN_ALGO_MAX) -+ return -ERANGE; -+ -+ if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { -+ nss_crypto_session_free(ctx->user, ctx->sid); -+ debugfs_remove_recursive(ctx->dentry); -+ ctx->sid = NSS_CRYPTO_SESSION_MAX; -+ } -+ -+ status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); -+ if (status < 0) { -+ nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); -+ return status; -+ } -+ -+ nss_cryptoapi_add_ctx2debugfs(ctx); -+ atomic_set(&ctx->active, 1); -+ atomic_set(&ctx->refcnt, 1); -+ return 0; -+} -+ -+/* -+ * nss_cryptoapi_skcipher_done() -+ * Cipher operation completion callback function -+ */ -+void nss_cryptoapi_skcipher_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) -+{ -+ struct skcipher_request *req = app_data; -+ struct nss_cryptoapi_ctx *ctx = skcipher_request_ctx(req); -+ int error; -+ -+ BUG_ON(!ch); -+ -+ /* -+ * Check cryptoapi context magic number. -+ */ -+ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -+ -+ /* -+ * For skcipher decryption case, the last block of encrypted data is used as -+ * an IV for the next data -+ */ -+ if (ch->op == NSS_CRYPTO_OP_DIR_ENC) { -+ nss_cryptoapi_copy_iv(ctx, req->dst, req->iv, ch->iv_len); -+ } -+ -+ /* -+ * Free crypto hdr -+ */ -+ nss_crypto_hdr_free(ctx->user, ch); -+ -+ nss_cfi_dbg("data dump after transformation\n"); -+ nss_cfi_dbg_data(sg_virt(req->dst), req->cryptlen, ' '); -+ -+ /* -+ * Check if there is any error reported by hardware -+ */ -+ error = nss_cryptoapi_status2error(ctx, status); -+ ctx->stats.completed++; -+ -+ /* -+ * Decrement cryptoapi reference -+ */ -+ nss_cryptoapi_ref_dec(ctx); -+ req->base.complete(&req->base, error); -+} -+ -+/* -+ * nss_cryptoapi_skcipher_encrypt() -+ * Crytoapi encrypt for AES and 3DES algorithms. -+ */ -+int nss_cryptoapi_skcipher_encrypt(struct skcipher_request *req) -+{ -+ struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_ENC}; -+ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); -+ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); -+ struct crypto_tfm *tfm = req->base.tfm; -+ struct scatterlist *cur; -+ int tot_len = 0; -+ int i; -+ -+ /* -+ * Check cryptoapi context magic number. -+ */ -+ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -+ -+ /* -+ * Check if cryptoapi context is active or not -+ */ -+ if (!atomic_read(&ctx->active)) -+ return -EINVAL; -+ -+ if (sg_nents(req->src) != sg_nents(req->dst)) { -+ ctx->stats.failed_req++; -+ return -EINVAL; -+ } -+ -+ /* -+ * Block size not aligned. -+ * AES-CTR requires only a one-byte block size alignment. -+ */ -+ if (!IS_ALIGNED(req->cryptlen, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { -+ ctx->stats.failed_align++; -+ return -EFAULT; -+ } -+ -+ /* -+ * Fill the request information structure -+ */ -+ info.iv = req->iv; -+ info.src.nsegs = sg_nents(req->src); -+ info.dst.nsegs = sg_nents(req->dst); -+ info.op_dir = NSS_CRYPTO_OP_DIR_ENC; -+ info.cb = nss_cryptoapi_skcipher_done; -+ info.iv_size = ctx->iv_size; -+ info.src.first_sg = req->src; -+ info.dst.first_sg = req->dst; -+ info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); -+ -+ /* out and in length will be same as ablk does only encrypt/decryt operation */ -+ info.total_in_len = info.total_out_len = req->cryptlen; -+ info.in_place = (req->src == req->dst) ? true : false; -+ -+ /* -+ * The exact length of data that needs to be ciphered for an ABLK -+ * request is stored in req->cryptlen. Hence we may have to reduce -+ * the DMA length to what is specified in req->cryptlen and later -+ * restore the length of scatterlist back to its original value. -+ */ -+ for_each_sg(req->src, cur, info.src.nsegs, i) { -+ if (!cur) -+ break; -+ -+ tot_len += cur->length; -+ if (!sg_next(cur)) -+ break; -+ } -+ -+ /* -+ * We only support (2^16 - 1) length. -+ */ -+ if (tot_len > U16_MAX) { -+ ctx->stats.failed_len++; -+ return -EFBIG; -+ } -+ -+ info.src.last_sg = cur; -+ info.ahash_skip = tot_len - req->cryptlen; -+ -+ if (!atomic_inc_not_zero(&ctx->refcnt)) -+ return -ENOENT; -+ -+ return nss_cryptoapi_transform(ctx, &info, (void *)req, false); -+} -+ -+/* -+ * nss_cryptoapi_skcipher_decrypt() -+ * Crytoapi decrypt for AES and 3DES CBC algorithms. -+ */ -+int nss_cryptoapi_skcipher_decrypt(struct skcipher_request *req) -+{ -+ struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_DEC}; -+ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); -+ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); -+ struct crypto_tfm *tfm = req->base.tfm; -+ struct scatterlist *cur; -+ int tot_len = 0; -+ int i; -+ -+ /* -+ * Check cryptoapi context magic number. -+ */ -+ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); -+ -+ /* -+ * Check if cryptoapi context is active or not -+ */ -+ if (!atomic_read(&ctx->active)) -+ return -EINVAL; -+ -+ if (sg_nents(req->src) != sg_nents(req->dst)) { -+ ctx->stats.failed_req++; -+ return -EINVAL; -+ } -+ -+ /* -+ * Block size not aligned -+ */ -+ if (!IS_ALIGNED(req->cryptlen, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { -+ ctx->stats.failed_align++; -+ return -EFAULT; -+ } -+ -+ /* -+ * Fill the request information structure -+ * Note: For CTR mode, IV size will be set to AES_BLOCK_SIZE. -+ * This is because linux gives iv size as 8 while we need to alloc 16 bytes -+ * in crypto hdr to accomodate -+ * - 4 bytes of nonce -+ * - 8 bytes of IV -+ * - 4 bytes of initial counter -+ */ -+ info.iv = req->iv; -+ info.src.nsegs = sg_nents(req->src); -+ info.dst.nsegs = sg_nents(req->dst); -+ info.iv_size = ctx->iv_size; -+ info.op_dir = NSS_CRYPTO_OP_DIR_DEC; -+ info.cb = nss_cryptoapi_skcipher_done; -+ info.src.first_sg = req->src; -+ info.dst.first_sg = req->dst; -+ info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); -+ -+ /* out and in length will be same as ablk does only encrypt/decryt operation */ -+ info.total_in_len = info.total_out_len = req->cryptlen; -+ info.in_place = (req->src == req->dst) ? true : false; -+ -+ /* -+ * The exact length of data that needs to be ciphered for an ABLK -+ * request is stored in req->cryptlen. Hence we may have to reduce -+ * the DMA length to what is specified in req->cryptlen and later -+ * restore the length of scatterlist back to its original value. -+ */ -+ for_each_sg(req->src, cur, info.src.nsegs, i) { -+ tot_len += cur->length; -+ if (!sg_next(cur)) -+ break; -+ } -+ -+ /* -+ * We only support (2^16 - 1) length. -+ */ -+ if (tot_len > U16_MAX) { -+ ctx->stats.failed_len++; -+ return -EFBIG; -+ } -+ -+ info.ahash_skip = tot_len - req->cryptlen; -+ info.src.last_sg = cur; -+ -+ if (!atomic_inc_not_zero(&ctx->refcnt)) -+ return -ENOENT; -+ -+ return nss_cryptoapi_transform(ctx, &info, (void *)req, false); -+} diff --git a/qca-nss-cfi/patches/0007-cryptoapi-v2.0-fix-crash.patch b/qca-nss-cfi/patches/0007-cryptoapi-v2.0-fix-crash.patch index c155c00..719c21e 100644 --- a/qca-nss-cfi/patches/0007-cryptoapi-v2.0-fix-crash.patch +++ b/qca-nss-cfi/patches/0007-cryptoapi-v2.0-fix-crash.patch @@ -11,33 +11,10 @@ ctx->user = g_cryptoapi.user; ctx->stats.init++; ---- a/cryptoapi/v2.0/nss_cryptoapi_ahash.c -+++ b/cryptoapi/v2.0/nss_cryptoapi_ahash.c -@@ -231,8 +231,10 @@ int nss_cryptoapi_ahash_setkey(struct cr - void nss_cryptoapi_ahash_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) - { - struct ahash_request *req = app_data; -- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(req->base.tfm); -+ struct crypto_ahash *ahash = crypto_ahash_reqtfm(req); -+ struct nss_cryptoapi_ctx *ctx = crypto_ahash_ctx(ahash); - struct nss_cryptoapi_req_ctx *rctx = ahash_request_ctx(req); -+ - uint8_t *hw_hmac; - int error; - -@@ -268,7 +270,7 @@ void nss_cryptoapi_ahash_done(void *app_ - * Decrement cryptoapi reference - */ - nss_cryptoapi_ref_dec(ctx); -- req->base.complete(&req->base, error); -+ ahash_request_complete(req, error); - } - - /* --- a/cryptoapi/v2.0/nss_cryptoapi_skcipher.c +++ b/cryptoapi/v2.0/nss_cryptoapi_skcipher.c -@@ -92,9 +92,9 @@ int nss_cryptoapi_skcipher_init(struct c - struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(tfm); +@@ -74,9 +74,9 @@ int nss_cryptoapi_skcipher_init(struct c + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(base); BUG_ON(!ctx); - NSS_CRYPTOAPI_SET_MAGIC(ctx); @@ -47,26 +24,3 @@ ctx->user = g_cryptoapi.user; ctx->stats.init++; -@@ -220,11 +220,11 @@ int nss_cryptoapi_skcipher_setkey(struct - void nss_cryptoapi_skcipher_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) - { - struct skcipher_request *req = app_data; -- struct nss_cryptoapi_ctx *ctx = skcipher_request_ctx(req); -+ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); -+ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); - int error; - - BUG_ON(!ch); -- - /* - * Check cryptoapi context magic number. - */ -@@ -256,7 +256,7 @@ void nss_cryptoapi_skcipher_done(void *a - * Decrement cryptoapi reference - */ - nss_cryptoapi_ref_dec(ctx); -- req->base.complete(&req->base, error); -+ skcipher_request_complete(req, error); - } - - /* diff --git a/qca-nss-cfi/patches/0008-cryptoapi-v2.0-fix-dupe-driver.patch b/qca-nss-cfi/patches/0008-cryptoapi-v2.0-fix-dupe-driver.patch deleted file mode 100644 index 1edb048..0000000 --- a/qca-nss-cfi/patches/0008-cryptoapi-v2.0-fix-dupe-driver.patch +++ /dev/null @@ -1,126 +0,0 @@ ---- a/cryptoapi/v2.0/nss_cryptoapi.c -+++ b/cryptoapi/v2.0/nss_cryptoapi.c -@@ -896,7 +896,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "echainiv(authenc(hmac(sha1),cbc(aes)))", -- .cra_driver_name = "nss-hmac-sha1-cbc-aes", -+ .cra_driver_name = "nss-hmac-sha1-cbc-aes-echainiv", - .cra_priority = 10000, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = AES_BLOCK_SIZE, -@@ -961,7 +961,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "echainiv(authenc(hmac(sha256),cbc(aes)))", -- .cra_driver_name = "nss-hmac-sha256-cbc-aes", -+ .cra_driver_name = "nss-hmac-sha256-cbc-aes-echainiv", - .cra_priority = 10000, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = AES_BLOCK_SIZE, -@@ -1070,7 +1070,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "echainiv(authenc(hmac(sha384),cbc(aes)))", -- .cra_driver_name = "nss-hmac-sha384-cbc-aes", -+ .cra_driver_name = "nss-hmac-sha384-cbc-aes-echainiv", - .cra_priority = 10000, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = AES_BLOCK_SIZE, -@@ -1093,7 +1093,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "echainiv(authenc(hmac(sha512),cbc(aes)))", -- .cra_driver_name = "nss-hmac-sha512-cbc-aes", -+ .cra_driver_name = "nss-hmac-sha512-cbc-aes-echainiv", - .cra_priority = 10000, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = AES_BLOCK_SIZE, -@@ -1116,7 +1116,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "echainiv(authenc(hmac(sha1),cbc(des3_ede)))", -- .cra_driver_name = "nss-hmac-sha1-cbc-3des", -+ .cra_driver_name = "nss-hmac-sha1-cbc-3des-echainiv", - .cra_priority = 300, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = DES3_EDE_BLOCK_SIZE, -@@ -1139,7 +1139,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "echainiv(authenc(hmac(sha256),cbc(des3_ede)))", -- .cra_driver_name = "nss-hmac-sha256-cbc-3des", -+ .cra_driver_name = "nss-hmac-sha256-cbc-3des-echainiv", - .cra_priority = 300, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = DES3_EDE_BLOCK_SIZE, -@@ -1160,7 +1160,7 @@ struct aead_alg cryptoapi_aead_algs[] = - { - .base = { - .cra_name = "authenc(hmac(sha1),cbc(aes))", -- .cra_driver_name = "nss-hmac-sha1-cbc-aes", -+ .cra_driver_name = "nss-hmac-sha1-cbc-aes-auth", - .cra_priority = 10000, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = AES_BLOCK_SIZE, -@@ -1183,7 +1183,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "authenc(hmac(sha256),cbc(aes))", -- .cra_driver_name = "nss-hmac-sha256-cbc-aes", -+ .cra_driver_name = "nss-hmac-sha256-cbc-aes-auth", - .cra_priority = 10000, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = AES_BLOCK_SIZE, -@@ -1206,7 +1206,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "authenc(hmac(sha384),cbc(aes))", -- .cra_driver_name = "nss-hmac-sha384-cbc-aes", -+ .cra_driver_name = "nss-hmac-sha384-cbc-aes-auth", - .cra_priority = 10000, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = AES_BLOCK_SIZE, -@@ -1298,7 +1298,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "rfc4106(gcm(aes))", -- .cra_driver_name = "nss-rfc4106-gcm", -+ .cra_driver_name = "nss-rfc4106-gcm-aes128", - .cra_priority = 10000, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = AES_BLOCK_SIZE, -@@ -1321,7 +1321,7 @@ struct aead_alg cryptoapi_aead_algs[] = - */ - .base = { - .cra_name = "seqiv(rfc4106(gcm(aes)))", -- .cra_driver_name = "nss-rfc4106-gcm", -+ .cra_driver_name = "nss-seqiv-rfc4106-gcm", - .cra_priority = 10000, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = AES_BLOCK_SIZE, -@@ -2166,6 +2166,7 @@ static const struct file_operations ctx_ - void nss_cryptoapi_add_ctx2debugfs(struct nss_cryptoapi_ctx *ctx) - { - char buf[NSS_CRYPTOAPI_DEBUGFS_MAX_NAME] = {0}; -+ struct dentry *existing; - - if (!g_cryptoapi.root) { - nss_cfi_err("%px: DebugFS root directory missing(%px)\n", &g_cryptoapi, ctx); -@@ -2173,6 +2174,16 @@ void nss_cryptoapi_add_ctx2debugfs(struc - } - - snprintf(buf, sizeof(buf), "ctx%d", ctx->sid); -+ -+ /* Check if the directory already exists */ -+ existing = debugfs_lookup(buf, g_cryptoapi.root); -+ if (existing) { -+ /* Directory already exists, store it and return */ -+ ctx->dentry = existing; -+ nss_cfi_info("%px: Context debugfs entry already exists for ctx%d\n", ctx, ctx->sid); -+ return; -+ } -+ - ctx->dentry = debugfs_create_dir(buf, g_cryptoapi.root); - if (!ctx->dentry) { - nss_cfi_err("%px: Unable to create context debugfs entry", ctx); diff --git a/qca-nss-cfi/patches/0009-cryptoapi-v2.0-support-kernel-6.12.patch b/qca-nss-cfi/patches/0009-cryptoapi-v2.0-support-kernel-6.12.patch index 33f7537..ba97ceb 100644 --- a/qca-nss-cfi/patches/0009-cryptoapi-v2.0-support-kernel-6.12.patch +++ b/qca-nss-cfi/patches/0009-cryptoapi-v2.0-support-kernel-6.12.patch @@ -1,16 +1,16 @@ --- a/cryptoapi/v2.0/nss_cryptoapi.c +++ b/cryptoapi/v2.0/nss_cryptoapi.c -@@ -37,6 +37,9 @@ - #include +@@ -38,6 +38,9 @@ #include + #include +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)) +#include +#endif #include #include - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) -@@ -1792,6 +1795,12 @@ static struct ahash_alg cryptoapi_ahash_ + #if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 6, 0)) +@@ -1849,6 +1852,12 @@ static struct ahash_alg cryptoapi_ahash_ }, }; @@ -23,7 +23,7 @@ /* * nss_cryptoapi_copy_reverse() * Reverse copy -@@ -1889,7 +1898,7 @@ struct nss_cryptoapi_algo_info *nss_cryp +@@ -1946,7 +1955,7 @@ struct nss_cryptoapi_algo_info *nss_cryp * nss_cryptoapi_cra_name_lookup() * Lookup the associated algorithm in NSS for the given transformation by name */ @@ -32,7 +32,7 @@ { struct nss_cryptoapi_algo_info *info = g_algo_info; int i; -@@ -2060,7 +2069,7 @@ skip_iv: +@@ -2117,7 +2126,7 @@ skip_iv: * nss_cryptoapi_ctx_stats_read() * CryptoAPI context statistics read function */ @@ -41,7 +41,7 @@ { struct nss_cryptoapi_ctx *ctx = fp->private_data; struct nss_cryptoapi_stats *stats = &ctx->stats; -@@ -2112,7 +2121,7 @@ ssize_t nss_cryptoapi_ctx_stats_read(str +@@ -2169,7 +2178,7 @@ ssize_t nss_cryptoapi_ctx_stats_read(str * nss_cryptoapi_ctx_info_read() * CryptoAPI context info read function */ @@ -50,25 +50,25 @@ { struct nss_cryptoapi_ctx *ctx = fp->private_data; ssize_t max_buf_len; -@@ -2198,7 +2207,7 @@ void nss_cryptoapi_add_ctx2debugfs(struc +@@ -2244,7 +2253,7 @@ void nss_cryptoapi_add_ctx2debugfs(struc * nss_cryptoapi_attach_user() * register crypto core with the cryptoapi CFI */ -void nss_cryptoapi_attach_user(void *app_data, struct nss_crypto_user *user) +static void nss_cryptoapi_attach_user(void *app_data, struct nss_crypto_user *user) { - #if defined(NSS_CRYPTOAPI_SKCIPHER) - struct skcipher_alg *ablk = cryptoapi_skcipher_algs; -@@ -2270,7 +2279,7 @@ void nss_cryptoapi_attach_user(void *app + struct skcipher_alg *skcipher = cryptoapi_skcipher_algs; + struct aead_alg *aead = cryptoapi_aead_algs; +@@ -2312,7 +2321,7 @@ void nss_cryptoapi_attach_user(void *app * nss_cryptoapi_detach_user() * Unregister crypto core with cryptoapi CFI layer */ -void nss_cryptoapi_detach_user(void *app_data, struct nss_crypto_user *user) +static void nss_cryptoapi_detach_user(void *app_data, struct nss_crypto_user *user) { - #if defined(NSS_CRYPTOAPI_SKCIPHER) - struct skcipher_alg *ablk = cryptoapi_skcipher_algs; -@@ -2340,7 +2349,7 @@ EXPORT_SYMBOL(nss_cryptoapi_is_registere + struct skcipher_alg *skcipher = cryptoapi_skcipher_algs; + struct aead_alg *aead = cryptoapi_aead_algs; +@@ -2378,7 +2387,7 @@ EXPORT_SYMBOL(nss_cryptoapi_is_registere * nss_cryptoapi_init() * Initializing crypto core layer */ @@ -77,7 +77,7 @@ { nss_cfi_info("module loaded %s\n", NSS_CFI_BUILD_ID); -@@ -2370,7 +2379,7 @@ int nss_cryptoapi_init(void) +@@ -2408,7 +2417,7 @@ int nss_cryptoapi_init(void) * nss_cryptoapi_exit() * De-Initialize cryptoapi CFI layer */ @@ -88,7 +88,7 @@ nss_crypto_unregister_user(g_cryptoapi.user); --- a/cryptoapi/v2.0/nss_cryptoapi_aead.c +++ b/cryptoapi/v2.0/nss_cryptoapi_aead.c -@@ -367,7 +367,7 @@ int nss_cryptoapi_aead_setauthsize(struc +@@ -386,7 +386,7 @@ int nss_cryptoapi_aead_setauthsize(struc * nss_cryptoapi_aead_done() * Cipher/Auth encrypt request completion callback function */ @@ -112,7 +112,7 @@ /* * nss_cryptoapi_ahash_ctx2session() * Cryptoapi function to get the session ID for an AHASH -@@ -228,7 +234,7 @@ int nss_cryptoapi_ahash_setkey(struct cr +@@ -234,7 +240,7 @@ int nss_cryptoapi_ahash_setkey(struct cr * nss_cryptoapi_ahash_done() * Hash request completion callback function */ @@ -120,15 +120,15 @@ +static void nss_cryptoapi_ahash_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) { struct ahash_request *req = app_data; - struct crypto_ahash *ahash = crypto_ahash_reqtfm(req); + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(req->base.tfm); --- a/cryptoapi/v2.0/nss_cryptoapi_skcipher.c +++ b/cryptoapi/v2.0/nss_cryptoapi_skcipher.c -@@ -217,7 +217,7 @@ int nss_cryptoapi_skcipher_setkey(struct +@@ -201,7 +201,7 @@ int nss_cryptoapi_skcipher_setkey(struct * nss_cryptoapi_skcipher_done() - * Cipher operation completion callback function + * Cipher operation completion callback function */ -void nss_cryptoapi_skcipher_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) +static void nss_cryptoapi_skcipher_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) { struct skcipher_request *req = app_data; - struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(req->base.tfm);