In Linux v6.6, the crypto_engine_ctx structure was removed and the
crypto_engine_ops was moved from this structure to the crypto_alg
structure. The Tegra Security Engine driver was updated accordingly to
populate the crypto_engine_ops in the appropriate structure depending
on whether the crypto_engine_ctx structure is present or not.
Currently conftest is using the presence of the crypto_engine_ctx
structure to decide where to populate the crypto_engine_ops. While
this works, it is possible that a kernel older than v6.6 also includes
a backport of commit e5e7eb023f24 ("crypto: engine - Move
crypto_engine_ops from request into crypto_alg") that moves the ops
to the crypto_alg structure. Although backporting this commit alone
should not cause any problems, it is better to detect if this commit
is present rather than relying on the presence of crypto_engine_ctx
structure.
To detect the presence of commit e5e7eb023f24 we can simply detect if
one of the functions added and exported by this commit is present.
For example, the function crypto_engine_register_aead() was added and
exported by this commit. Therefore, update conftest to detect if
commit e5e7eb023f24 is present and then update the Tegra Security
Engine accordingly.
Bug 5564561
Change-Id: I3f7688e6e954a158094a9a2fdf73354f765ed680
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3499816
(cherry picked from commit c1631d32f8d80cd31f54e7297c542f308a281d25)
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3494992
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: Hiteshkumar Patel <hiteshkumarg@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: Brad Griffis <bgriffis@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Brad Griffis <bgriffis@nvidia.com>
It may happen that the variable req->iv may have stale values or
zero sized buffer by default and may end up getting used during
encryption/decryption. This in turn may corrupt the results or break
the operation. Ensure not use IV for algorithms like AES ECB where IV
is not expected.
Bug 4883011
Change-Id: I309ad26f99fe54005ff71b270b3b115dc62ac168
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3319062
Reviewed-by: svcacv <svcacv@nvidia.com>
Tested-by: Brad Griffis <bgriffis@nvidia.com>
Reviewed-by: Brad Griffis <bgriffis@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
The HW supports only storing 15 keys at a time. This limits the number
of tfms that can work without failutes. Reserve keyslots to solve this
and use the reserved ones during the encryption/decryption operation.
This allow users to have the capability of hardware protected keys
and faster operations if there are limited number of tfms while not
halting the operation if there are more tfms.
Bug 4883011
Change-Id: I220f1e8205dde1f078be6ed4cb09b699b6d5dfa2
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3263283
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Brad Griffis <bgriffis@nvidia.com>
Allocate the buffer based on the request instead of a fixed buffer
length. In operations which may require larger buffer size, a fixed
buffer may fail. Similar patch was added for AES algorithms. Fix the
same for HASH algorithms as well.
Bug 4908156
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Change-Id: Idd2c1ceae1a85434a5a51154a17dce8c927bb66c
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3234055
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Laxman Dewangan <ldewangan@nvidia.com>
The compiler option -Wmissing-prototypes is being enabled globally in
the upstream Linux kernel and this causes build failures for various
drivers. The build failures occur because either the driver is missing
an include file which has the prototype or because the function is not
declared statically when it should be (ie. there are no external users).
Fix the various build failures and enable -Wmissing-prototypes to
prevent any new instances from occurring. Note that the only driver that
is not fixed at the moment is rtl8822ce due to large number of failures
and so build this with '-Wno-missing-prototypes' for now, which is not
different to how it was being compiled prior to this change.
Bug 4404965
Change-Id: Ie5572d23659e0346fa035d645d9043b0a6da5fdc
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3027488
(cherry picked from commit d5391a25ab)
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3034644
Reviewed-by: Laxman Dewangan <ldewangan@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
Add the updated Tegra SE driver with the below improvements.
- Remove dependency with nvhost apis and use upstream Host1x APIs.
- Implement software fallbacks for keys/plaintexts unsupported by
hardware.
- Support only T234 and later. Prior chips will use tegra-se-nvhost
driver.
Bug 4221414
Bug 3579794
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Change-Id: I398a5b7cc3f752b44d01d6d1c81f813f862e4cd9
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2977810
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
- This CL partially reverts the changes done in CL - 2891721
- Current implementation checks if multiple process/threads/apps
try to access same dev node when it is already open by another
process/thread/app, and throws an error if condition is true causing
new process/threads/apps to fail as in bug mentioned below
- This change allows multiple process/threads/apps to access the same
dev node.
bug 4126726
jira ESSS-759
Change-Id: Ibe18449014e69148ae2feebd854b6c5d278f5bc4
Signed-off-by: Advaya Andhare <aandhare@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2946094
(cherry picked from commit 615a1aba49e2662d767a23e47fed329627f6f91e)
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2956815
Reviewed-by: svcacv <svcacv@nvidia.com>
Reviewed-by: Nagaraj P N <nagarajp@nvidia.com>
Reviewed-by: Manish Bhardwaj <mbhardwaj@nvidia.com>
Reviewed-by: Vipin Kumar <vipink@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
Use '-Werror' and '-Wframe-larger-than' to replace
'-Werror=frame-larger-than' since clang compiler can't
ecognize the combination.
Build failure:
error: unknown warning option '-Werror=frame-larger-than=2560'; did you
mean '-Werror=frame-larger-than='? [-Werror,-Wunknown-warning-option]
Bug 4187941
Change-Id: I4d05a8dc96820517e1047b982a24ed97bb21327f
Signed-off-by: Jian-Min Liu <jianminl@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2938229
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Building the nvvse-cryptodev driver generates the following warning ...
drivers/crypto/tegra-nvvse-cryptodev.c:2118:1: error: the frame size of
2224 bytes is larger than 2048 bytes [-Werror=fra
me-larger-than=]
2118 | }
| ^
For now allow the frame size to be 2560 bytes to resolve the warning
while a proper fix is implemented.
Bug 4190030
Change-Id: Id361aebc9f3d83181afc820d8d9cf2ef90e33d55
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2934696
Reviewed-by: svcacv <svcacv@nvidia.com>
Reviewed-by: Manish Bhardwaj <mbhardwaj@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
local variables size is more then recommended values leading
to compilation warning. So usign this patch we are fixing
below compilation warnigs:-
nvidia-oot/drivers/crypto/tegra-nvvse-cryptodev.c:
In function ‘tnvvse_crypto_dev_ioctl’:
nvidia-oot/drivers/crypto/tegra-nvvse-cryptodev.c:2103:1:
warning: the frame size of 2224 bytes is larger than 2048 bytes
[-Wframe-larger-than=]
Bug 4064812
Change-Id: Ie5f0489c9733451f9a132e146790a18d3dd4d6f9
Signed-off-by: Manish Bhardwaj <mbhardwaj@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2887287
Reviewed-by: Ashutosh Patel <ashutoshp@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com>
Reviewed-by: Sandeep Trasi <strasi@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
crypto: hvvse: UserNonce enable for CBC/CTR
- Using SE server for CBC mode
- Updating counter for CTR mode
- Copying IV to userspace from kernelspace only for non userNonce
Jira ESSS-467
crypto: Support Multipart CBC/CTR
- Updated update_counter function
- Added support for mulitpart CBC/CTR
Jira ESSS-525
Signed-off-by: Advaya Andhare <aandhare@nvidia.com>
Change-Id: I3a85f510d28a6bd26b4b6b5b216c2659ec4052c6
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2874482
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Commit 255e48eb1768 ("crypto: api - Use data directly in completion
function") updates the typedef crypto_completion_t such that a pointer
to the data is directly passed to the completion function instead of a
structure of type crypto_async_request. This breaks building the Tegra
NVVSE Cryptodev driver for Linux v6.3 and so update the driver
accordingly to fix the build.
Bug 4014315
Change-Id: I6e9ed50f5c226548efa5f52d094243f466ad399d
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2867127
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
