mbox series

[v8,0/3] crypto: Add EIP-93 crypto engine support

Message ID 20241210204853.18765-1-ansuelsmth@gmail.com
Headers show
Series crypto: Add EIP-93 crypto engine support | expand

Message

Christian Marangi Dec. 10, 2024, 8:48 p.m. UTC 
This small series add support for the Inside Secure EIP-93.
This is a predecessor of the current supported EIP197. It doesn't
require a firmware but instead it's embedded in the SoC.

First patch extend guard for spinlock_bh.

The other actually implement Documentation and Driver.

The Driver pass all the normal selft test for the supported
algo and also pass the EXTRA test with fuzz_iterations set to 10000.

Changes v8:
- Rework export and update to not sleep on exporting state
  (consume pending packet in update and return -EINPROGRESS)
Changes v7:
- Fix copypaste error in __eip93_hash_init
- Rework import/export to actually export the partial hash
  (we actually unmap DMA on export)
- Rename no_finalize variable to better partial_hash
- Rename 3rd commit title and drop Mediatek from title.
- Add Cover Letter
- Add Reviewed-by to DT commit
(cumulative changes from old series that had changelog in each patch)
Changes v6:
- Add SoC specific compatible
- Add now supported entry for compatible with no user
Changes v5:
- Add Ack tag to guard patch
- Comment out compatible with no current user
- Fix smatch warning (reported by Dan Carpenter)
Changes v4:
- Out of RFC
- Add missing bitfield.h
- Drop useless header
Changes v3:
- Mute warning from Clang about C23
- Fix not inizialized err
- Drop unused variable
- Add SoC compatible with generic one
Changes v2:
- Rename all variables from mtk to eip93
- Move to inside-secure directory
- Check DMA map errors
- Use guard API for spinlock
- Minor improvements to code
- Add guard patch
- Change to better compatible
- Add description for EIP93 models

Christian Marangi (3):
  spinlock: extend guard with spinlock_bh variants
  dt-bindings: crypto: Add Inside Secure SafeXcel EIP-93 crypto engine
  crypto: Add Inside Secure SafeXcel EIP-93 crypto engine support

 .../crypto/inside-secure,safexcel-eip93.yaml  |  67 ++
 MAINTAINERS                                   |   7 +
 drivers/crypto/Kconfig                        |   1 +
 drivers/crypto/Makefile                       |   1 +
 drivers/crypto/inside-secure/eip93/Kconfig    |  20 +
 drivers/crypto/inside-secure/eip93/Makefile   |   5 +
 .../crypto/inside-secure/eip93/eip93-aead.c   | 710 +++++++++++++
 .../crypto/inside-secure/eip93/eip93-aead.h   |  38 +
 .../crypto/inside-secure/eip93/eip93-aes.h    |  16 +
 .../crypto/inside-secure/eip93/eip93-cipher.c | 413 ++++++++
 .../crypto/inside-secure/eip93/eip93-cipher.h |  60 ++
 .../crypto/inside-secure/eip93/eip93-common.c | 822 +++++++++++++++
 .../crypto/inside-secure/eip93/eip93-common.h |  23 +
 .../crypto/inside-secure/eip93/eip93-des.h    |  16 +
 .../crypto/inside-secure/eip93/eip93-hash.c   | 987 ++++++++++++++++++
 .../crypto/inside-secure/eip93/eip93-hash.h   |  77 ++
 .../crypto/inside-secure/eip93/eip93-main.c   | 502 +++++++++
 .../crypto/inside-secure/eip93/eip93-main.h   | 152 +++
 .../crypto/inside-secure/eip93/eip93-regs.h   | 335 ++++++
 include/linux/spinlock.h                      |  13 +
 20 files changed, 4265 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/crypto/inside-secure,safexcel-eip93.yaml
 create mode 100644 drivers/crypto/inside-secure/eip93/Kconfig
 create mode 100644 drivers/crypto/inside-secure/eip93/Makefile
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-aead.c
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-aead.h
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-aes.h
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-cipher.c
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-cipher.h
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-common.c
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-common.h
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-des.h
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-hash.c
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-hash.h
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-main.c
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-main.h
 create mode 100644 drivers/crypto/inside-secure/eip93/eip93-regs.h

Comments

Herbert Xu Dec. 11, 2024, 9:39 a.m. UTC | #1 
On Tue, Dec 10, 2024 at 09:48:33PM +0100, Christian Marangi wrote:
>
> +static int eip93_hash_export(struct ahash_request *req, void *out)
> +{
> +	struct eip93_hash_reqctx *rctx = ahash_request_ctx(req);
> +	struct eip93_hash_export_state *state = out;
> +
> +	/* Save the first block in state data */
> +	if (rctx->len) {
> +		struct mkt_hash_block *block;
> +
> +		block = list_first_entry(&rctx->blocks,
> +					 struct mkt_hash_block,
> +					 list);
> +
> +		memcpy(state->data, block->data,
> +		       SHA256_BLOCK_SIZE - rctx->left_last);
> +	}
> +
> +	eip93_hash_export_sa_state(req, state);
> +
> +	eip93_hash_free_data_blocks(req);
> +	eip93_hash_free_sa_state(req);
> +	eip93_hash_free_sa_record(req);

The export function should be idempotent so it shouldn't be freeing
anything.

In fact this indicates a bigger problem with how DMA is being used
in the driver.  You shouldn't be leaving DMA memory mapped after
the init (or update) function completes.  It is perfectly legal
for a user to call init and then abandon the request by freeing it
directly without ever calling final.  In that case you will be
leaking the DMA mappings.

So make sure that DMA is mapped only when needed, and freed before
you call the user callback.

The import/export functions should only be touching kernel memory,
not DMA.

Cheers,
Christian Marangi Dec. 11, 2024, 11:40 a.m. UTC | #2 
On Wed, Dec 11, 2024 at 05:39:27PM +0800, Herbert Xu wrote:
> On Tue, Dec 10, 2024 at 09:48:33PM +0100, Christian Marangi wrote:
> >
> > +static int eip93_hash_export(struct ahash_request *req, void *out)
> > +{
> > +	struct eip93_hash_reqctx *rctx = ahash_request_ctx(req);
> > +	struct eip93_hash_export_state *state = out;
> > +
> > +	/* Save the first block in state data */
> > +	if (rctx->len) {
> > +		struct mkt_hash_block *block;
> > +
> > +		block = list_first_entry(&rctx->blocks,
> > +					 struct mkt_hash_block,
> > +					 list);
> > +
> > +		memcpy(state->data, block->data,
> > +		       SHA256_BLOCK_SIZE - rctx->left_last);
> > +	}
> > +
> > +	eip93_hash_export_sa_state(req, state);
> > +
> > +	eip93_hash_free_data_blocks(req);
> > +	eip93_hash_free_sa_state(req);
> > +	eip93_hash_free_sa_record(req);
> 
> The export function should be idempotent so it shouldn't be freeing
> anything.
> 
> In fact this indicates a bigger problem with how DMA is being used
> in the driver.  You shouldn't be leaving DMA memory mapped after
> the init (or update) function completes.  It is perfectly legal
> for a user to call init and then abandon the request by freeing it
> directly without ever calling final.  In that case you will be
> leaking the DMA mappings.
> 
> So make sure that DMA is mapped only when needed, and freed before
> you call the user callback.
> 
> The import/export functions should only be touching kernel memory,
> not DMA.
> 

Just to make sure, this is only limited to DMA or it's also problematic
to the block list? Aka NO FREE should be done in export or NO DMA FREE
should be done in export?