vse: sha: implement new sha_update API

- Initialize lock per device node and take lock at the start of processing of each ioctl command. This is needed because there is only one set of IOVA buffers allocated during init per device node. Without lock it leads to race conditions when more than one app uses the same device node. - Release tfm after each API call for both sha and hmac-sha - Validate rng buffer size provided by user - Support buf size up to HW supported limit for GCM-Dec req if tag verify is supported by HW. Jira ESSS-1517 Bug 4881474 Change-Id: I338558656ac00b91750e74990bb47c5a35f31e08 Signed-off-by: Nagaraj P N <nagarajp@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3233377 Reviewed-by: Leo Chiu <lchiu@nvidia.com> GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com> Reviewed-by: Sandeep Trasi <strasi@nvidia.com>
2025-12-22 17:25:35 +03:00 · 2024-10-16 21:24:21 +05:30
parent 80c3e3003f
commit 74e8b62f72
4 changed files with 698 additions and 1259 deletions
--- a/drivers/crypto/tegra-hv-vse-safety.c
+++ b/drivers/crypto/tegra-hv-vse-safety.c
--- a/drivers/crypto/tegra-hv-vse.h
+++ b/drivers/crypto/tegra-hv-vse.h
@@ -166,13 +166,16 @@ struct tegra_virtual_se_sha_context {
 	/* Security Engine device */
 	struct tegra_virtual_se_dev *se_dev;
 	/* SHA operation mode */
-	u32 op_mode;
+	uint32_t mode;
+	u32 blk_size;
 	unsigned int digest_size;
-	u8 mode;
+	uint8_t *intermediate_digest;
+	unsigned int intermediate_digest_size;
+	u64 total_count;		/* Total bytes in all the requests */
+	bool is_first;
 	/*Crypto dev instance*/
 	uint32_t node_id;
 	const struct tegra_vse_dma_buf *plaintext;
-	const struct tegra_vse_dma_buf *residual_plaintext;
 	const struct tegra_vse_dma_buf *hash_result;
 };

@@ -185,6 +188,8 @@ struct tegra_virtual_se_hmac_sha_context {
 	unsigned int digest_size;
 	/* Total bytes in all the requests */
 	u64 total_count;
+	/* Represents first block */
+	bool is_first;
 	bool is_key_slot_allocated;
 	/* Keyslot for HMAC-SHA request */
 	u8 aes_keyslot[KEYSLOT_SIZE_BYTES];
@@ -199,15 +204,7 @@ struct tegra_virtual_se_hmac_sha_context {
 struct tegra_virtual_se_req_context {
 	/* Security Engine device */
 	struct tegra_virtual_se_dev *se_dev;
-	unsigned int digest_size;
-	unsigned int intermediate_digest_size;
-	u8 mode;			/* SHA operation mode */
-	u64 total_count;		/* Total bytes in all the requests */
-	u32 residual_bytes;		/* Residual byte count */
-	u32 blk_size;			/* SHA block size */
-	bool is_first;			/* Represents first block */
 	bool req_context_initialized;	/* Mark initialization status */
-	bool force_align;		/* Enforce buffer alignment */
 	/*Crypto dev instance*/
 	uint32_t node_id;
 };
--- a/drivers/crypto/tegra-nvvse-cryptodev.c
+++ b/drivers/crypto/tegra-nvvse-cryptodev.c
--- a/include/uapi/misc/tegra-nvvse-cryptodev.h
+++ b/include/uapi/misc/tegra-nvvse-cryptodev.h
@@ -121,44 +121,31 @@ enum tegra_nvvse_cmac_type {
 };

 /**
-  * \brief Holds SHA Init Header Params
-  */
-struct tegra_nvvse_sha_init_ctl {
-	enum tegra_nvvse_sha_type	sha_type;
-	uint32_t			digest_size;
-	uint64_t			total_msg_size;
-};
-#define NVVSE_IOCTL_CMDID_INIT_SHA _IOW(TEGRA_NVVSE_IOC_MAGIC, TEGRA_NVVSE_CMDID_INIT_SHA, \
-						struct tegra_nvvse_sha_init_ctl)
-
-/**
-  * \brief Holds SHA Update Header Params
-  */
+ * \brief Holds SHA Update Header Params
+ */
 struct tegra_nvvse_sha_update_ctl {
+	/** Holds the SHA request type */
+	enum tegra_nvvse_sha_type sha_type;
+	/** Specifies first request */
+	uint8_t is_first;
+	/** Specifies last request */
+	uint8_t is_last;
+	/** Specifies if only init is to be performed */
+	uint8_t init_only;
+	/** Specifies if context is to be reinitialized */
+	uint8_t do_reset;
 	/** Holds the pointer of the input buffer */
-	char		*in_buff;
+	uint8_t *in_buff;
 	/** Holds the size of the input buffer */
-	uint32_t	input_buffer_size;
-	/** Indicates the last chunk of the input message. 1 means last buffer
-	  * else not the last buffer
-	  */
-	uint8_t		last_buffer;
+	uint32_t input_buffer_size;
+	/** Holds the pointer of the digest buffer */
+	uint8_t	*digest_buffer;
+	/** Holds the size of the digest buffer */
+	uint32_t digest_size;
 };
 #define NVVSE_IOCTL_CMDID_UPDATE_SHA _IOW(TEGRA_NVVSE_IOC_MAGIC, TEGRA_NVVSE_CMDID_UPDATE_SHA, \
 						struct tegra_nvvse_sha_update_ctl)

-/**
-  * \brief Holds SHA Final Header Params
-  */
-struct tegra_nvvse_sha_final_ctl {
-	/** Holds the pointer of the digest buffer */
-	uint8_t		*digest_buffer;
-	/** Holds the size of the digest buffer */
-	uint32_t	digest_size;
-};
-#define NVVSE_IOCTL_CMDID_FINAL_SHA _IOWR(TEGRA_NVVSE_IOC_MAGIC, TEGRA_NVVSE_CMDID_FINAL_SHA, \
-						struct tegra_nvvse_sha_final_ctl)
-
 struct tegra_nvvse_hmac_sha_sv_ctl {
 	/** [in] Holds the enum which indicates SHA mode */
 	enum  tegra_nvvse_sha_type hmac_sha_mode;