kernel/linux.git/drivers/crypto/tegra, branch v6.12.80Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.802025-04-25T08:47:39+00:00crypto: tegra - Fix IV usage for AES ECB2025-04-25T08:47:39+00:00Akhil Rakhilrajeev@nvidia.com2025-03-26T14:51:10+00:00urn:sha1:bbad32b836634bc8fac5fac7054af910756493c9
[ Upstream commit 1ddaff40c08abb926be5ba713c5efc412d0836c5 ]
Modifying the crypto_request turns out to be not the right way to handle
the stale value issue with the IV. Though the IV is not used for AES ECB,
it eventually get used in algorithms like LRW in the next step after
AES ECB encryption/decryption. Setting req->iv to NULL breaks the
implementation of such algorithms. Hence modify only the local reqctx
to check for IV.
Fixes: bde558220866 ("crypto: tegra - Set IV to NULL explicitly for AES ECB")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Do not use fixed size buffers2025-04-25T08:47:39+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:02+00:00urn:sha1:9ebc2053b89a5a5401860c25a70635d3391a1172
[ Upstream commit 1cb328da4e8f34350c61a2b6548766c79b4bb64c ]
Allocate the buffer based on the request instead of a fixed buffer
length. In operations which may require larger buffer size, a fixed
buffer may fail.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 1ddaff40c08a ("crypto: tegra - Fix IV usage for AES ECB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - remove redundant error check on ret2025-04-25T08:47:39+00:00Colin Ian Kingcolin.i.king@gmail.com2024-10-15T13:11:22+00:00urn:sha1:28ec10e58d8bb6a02b77ac3fd48074f1362963ee
[ Upstream commit 7b90df78184de90fe5afcc45393c8ad83b5b18a1 ]
Currently there is an unnecessary error check on ret without a proceeding
assignment to ret that needs checking. The check is redundant and can be
removed.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Acked-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 1ddaff40c08a ("crypto: tegra - Fix IV usage for AES ECB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Set IV to NULL explicitly for AES ECB2025-04-10T12:39:18+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:08+00:00urn:sha1:4a7e28e3523f2cb9a25a1a3dbafed04dbcafa464
[ Upstream commit bde558220866e74f19450e16d9a2472b488dfedf ]
It may happen that the variable req->iv may have stale values or
zero sized buffer by default and may end up getting used during
encryption/decryption. This inturn may corrupt the results or break the
operation. Set the req->iv variable to NULL explicitly for algorithms
like AES-ECB where IV is not used.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Fix CMAC intermediate result handling2025-04-10T12:39:18+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:07+00:00urn:sha1:13a2312c53528865288ac1e7badf1d3360b40c45
[ Upstream commit ce390d6c2675d2e24d798169a1a0e3cdbc076907 ]
Saving and restoring of the intermediate results are needed if there is
context switch caused by another ongoing request on the same engine.
This is therefore not only to support import/export functionality.
Hence, save and restore the intermediate result for every non-first task.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Use HMAC fallback when keyslots are full2025-04-10T12:39:17+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:10+00:00urn:sha1:46ea02988bb9d171bb2135dd0bb7ceeaef585424
[ Upstream commit f80a2e2e77bedd0aa645a60f89b4f581c70accda ]
The intermediate results for HMAC is stored in the allocated keyslot by
the hardware. Dynamic allocation of keyslot during an operation is hence
not possible. As the number of keyslots are limited in the hardware,
fallback to the HMAC software implementation if keyslots are not available
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - check return value for hash do_one_req2025-04-10T12:39:17+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:04+00:00urn:sha1:3e0d61cf588f1412d8516954c4a93f01c517ac38
[ Upstream commit dcf8b7e49b86738296c77fb58c123dd2d74a22a7 ]
Initialize and check the return value in hash *do_one_req() functions
and exit the function if there is an error. This fixes the
'uninitialized variable' warnings reported by testbots.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202412071747.flPux4oB-lkp@intel.com/
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Use separate buffer for setkey2025-04-10T12:39:17+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:01+00:00urn:sha1:5d9147db00d3590ba9d2a8ff947da0c5a899590d
[ Upstream commit bcfc8fc53f3acb3213fb9d28675244aa4ce208e0 ]
The buffer which sends the commands to host1x was shared for all tasks
in the engine. This causes a problem with the setkey() function as it
gets called asynchronous to the crypto engine queue. Modifying the same
cmdbuf in setkey() will corrupt the ongoing host1x task and in turn
break the encryption/decryption operation. Hence use a separate cmdbuf
for setkey().
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - do not transfer req when tegra init fails2025-02-08T08:57:28+00:00Chen Ridongchenridong@huawei.com2024-11-11T01:28:27+00:00urn:sha1:1dbc270f9df7f0ae1e591323431869059cee1b7d
[ Upstream commit 15589bda46830695a3261518bb7627afac61f519 ]
The tegra_cmac_init or tegra_sha_init function may return an error when
memory is exhausted. It should not transfer the request when they return
an error.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Acked-by: Akhil R <akhilrajeev@nvidia.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Remove an incorrect iommu_fwspec_free() call in tegra_se_remove()2024-05-31T09:34:56+00:00Christophe JAILLETchristophe.jaillet@wanadoo.fr2024-05-25T15:14:35+00:00urn:sha1:8d7c52cb4184d3dc26dde62b4f5acd48de0768ae
The only iommu function call in this driver is a
tegra_dev_iommu_get_stream_id() which does not allocate anything and does
not take any reference.
So there is no point in calling iommu_fwspec_free() in the remove function.
Remove this incorrect function call.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Tested-by: Akhil R <akhilrajeev@nvidia.com>
Acked-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>