diff --git a/package/qca-nss/qca-nss-cfi/Makefile b/package/qca-nss/qca-nss-cfi/Makefile new file mode 100644 index 0000000000..aae8eb0a8b --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/Makefile @@ -0,0 +1,90 @@ +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=qca-nss-cfi +PKG_RELEASE:=1 + +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/nss-cfi.git +PKG_SOURCE_PROTO:=git +PKG_MIRROR_HASH:=skip +PKG_SOURCE_VERSION:=5cd07ce299ee3ce62dbe4f6783ad36361e57583b +PKG_VERSION:=1 + +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +ifeq ($(CONFIG_TARGET_ipq),y) +subtarget:=$(SUBTARGET) +else +subtarget:=$(CONFIG_TARGET_BOARD) +endif + +# v1.0 is for Akronite +# v2.0 is for Hawkeye/Cypress/Maple +ifneq (, $(findstring $(subtarget), "ipq807x" "ipq807x_64" "ipq60xx" "ipq60xx_64")) + CFI_OCF_DIR:=ocf/v2.0 + CFI_CRYPTOAPI_DIR:=cryptoapi/v2.0 +else + CFI_CRYPTOAPI_DIR:=cryptoapi/v1.1 + # CFI_OCF_DIR:=ocf/v1.0 + # CFI_IPSEC_DIR:=ipsec/v1.0 +endif + +define KernelPackage/qca-nss-cfi-cryptoapi + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + DEPENDS:=@TARGET_ipq806x||TARGET_ipq_ipq806x||TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_64||TARGET_ipq807x||TARGET_ipq807x_64||TARGET_ipq_ipq60xx||TARGET_ipq_ipq60xx_64 \ + +kmod-qca-nss-crypto +kmod-crypto-authenc + TITLE:=Kernel driver for NSS cfi + FILES:=$(PKG_BUILD_DIR)/$(CFI_CRYPTOAPI_DIR)/qca-nss-cfi-cryptoapi.ko + AUTOLOAD:=$(call AutoLoad,59,qca-nss-cfi-cryptoapi) +endef + +define Build/InstallDev/qca-nss-cfi + $(INSTALL_DIR) $(1)/usr/include/qca-nss-cfi + $(CP) $(PKG_BUILD_DIR)/$(CFI_CRYPTOAPI_DIR)/../exports/* $(1)/usr/include/qca-nss-cfi + $(CP) $(PKG_BUILD_DIR)/include/* $(1)/usr/include/qca-nss-cfi +endef + +define Build/InstallDev + $(call Build/InstallDev/qca-nss-cfi,$(1)) +endef + +define KernelPackage/qca-nss-cfi/Description +This package contains a NSS cfi driver for QCA chipset +endef + +EXTRA_CFLAGS+= \ + -DCONFIG_NSS_DEBUG_LEVEL=4 \ + -I$(STAGING_DIR)/usr/include/qca-nss-crypto \ + -I$(STAGING_DIR)/usr/include/crypto \ + -I$(STAGING_DIR)/usr/include/qca-nss-drv + +ifneq (, $(findstring $(subtarget), "ipq807x" "ipq807x_64" "ipq60xx" "ipq60xx_64")) +EXTRA_CFLAGS+= -I$(STAGING_DIR)/usr/include/qca-nss-clients +endif + +# Build individual packages if selected +ifneq ($(CONFIG_PACKAGE_kmod-qca-nss-cfi-cryptoapi),) +MAKE_OPTS+= \ + cryptoapi=y \ + NSS_CRYPTOAPI_ABLK=n \ + NSS_CRYPTOAPI_SKCIPHER=y +endif + +define Build/Compile + $(KERNEL_MAKE) $(strip $(MAKE_OPTS)) \ + M="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ + CC="$(TARGET_CC)" \ + CFI_CRYPTOAPI_DIR=$(CFI_CRYPTOAPI_DIR) \ + CFI_OCF_DIR=$(CFI_OCF_DIR) \ + CFI_IPSEC_DIR=$(CFI_IPSEC_DIR) \ + SoC=$(subtarget) \ + modules +endef + +$(eval $(call KernelPackage,qca-nss-cfi-cryptoapi)) +# $(eval $(call KernelPackage,qca-nss-cfi-ocf)) diff --git a/package/qca-nss/qca-nss-cfi/patches/0001-cryptoapi-v2.0-fix-SHA1-header-include.patch b/package/qca-nss/qca-nss-cfi/patches/0001-cryptoapi-v2.0-fix-SHA1-header-include.patch new file mode 100644 index 0000000000..12df90fdcf --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0001-cryptoapi-v2.0-fix-SHA1-header-include.patch @@ -0,0 +1,62 @@ +From 1569ac3b6bbcae9c3f4898e0d34aec8f88297ee6 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 21:45:23 +0100 +Subject: [PATCH 1/5] cryptoapi: v2.0: fix SHA1 header include + +SHA1 header has been merged to the generic SHA one, +and with that the cryptohash.h was dropped. + +So, fix include in kernels 5.8 and newer. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/nss_cryptoapi.c | 5 +++++ + cryptoapi/v2.0/nss_cryptoapi_aead.c | 5 +++++ + cryptoapi/v2.0/nss_cryptoapi_ahash.c | 5 +++++ + 3 files changed, 15 insertions(+) + +--- a/cryptoapi/v2.0/nss_cryptoapi.c ++++ b/cryptoapi/v2.0/nss_cryptoapi.c +@@ -39,7 +39,12 @@ + + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/cryptoapi/v2.0/nss_cryptoapi_aead.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_aead.c +@@ -39,7 +39,12 @@ + + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/cryptoapi/v2.0/nss_cryptoapi_ahash.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_ahash.c +@@ -38,7 +38,12 @@ + + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include diff --git a/package/qca-nss/qca-nss-cfi/patches/0002-cryptoapi-v2.0-make-ablkcipher-optional.patch b/package/qca-nss/qca-nss-cfi/patches/0002-cryptoapi-v2.0-make-ablkcipher-optional.patch new file mode 100644 index 0000000000..e9702eb33a --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0002-cryptoapi-v2.0-make-ablkcipher-optional.patch @@ -0,0 +1,116 @@ +From 26cca5006bddb0da57398452616e07ee7b11edb1 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 22:01:34 +0100 +Subject: [PATCH 2/5] cryptoapi: v2.0: make ablkcipher optional + +albkcipher has been removed from the kernel in v5.5, so until it has been +converted to skcipher, lets make it optional to at least have hashes +working. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/Makefile | 3 +++ + cryptoapi/v2.0/nss_cryptoapi.c | 10 ++++++++++ + cryptoapi/v2.0/nss_cryptoapi_private.h | 2 ++ + 3 files changed, 15 insertions(+) + +--- a/cryptoapi/v2.0/Makefile ++++ b/cryptoapi/v2.0/Makefile +@@ -5,7 +5,10 @@ NSS_CRYPTOAPI_MOD_NAME=qca-nss-cfi-crypt + obj-m += $(NSS_CRYPTOAPI_MOD_NAME).o + $(NSS_CRYPTOAPI_MOD_NAME)-objs = nss_cryptoapi.o + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_aead.o ++ifneq "$(NSS_CRYPTOAPI_ABLK)" "n" + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ablk.o ++ccflags-y += -DNSS_CRYPTOAPI_ABLK ++endif + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ahash.o + + obj ?= . +--- a/cryptoapi/v2.0/nss_cryptoapi.c ++++ b/cryptoapi/v2.0/nss_cryptoapi.c +@@ -1367,6 +1367,7 @@ struct aead_alg cryptoapi_aead_algs[] = + /* + * ABLK cipher algorithms + */ ++#if defined(NSS_CRYPTOAPI_ABLK) + static struct crypto_alg cryptoapi_ablkcipher_algs[] = { + { + .cra_name = "cbc(aes)", +@@ -1466,6 +1467,7 @@ static struct crypto_alg cryptoapi_ablkc + }, + } + }; ++#endif + + /* + * AHASH algorithms +@@ -2189,7 +2191,9 @@ void nss_cryptoapi_add_ctx2debugfs(struc + */ + void nss_cryptoapi_attach_user(void *app_data, struct nss_crypto_user *user) + { ++#if defined(NSS_CRYPTOAPI_ABLK) + struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; ++#endif + struct aead_alg *aead = cryptoapi_aead_algs; + struct ahash_alg *ahash = cryptoapi_ahash_algs; + struct nss_cryptoapi *sc = app_data; +@@ -2212,6 +2216,7 @@ void nss_cryptoapi_attach_user(void *app + g_cryptoapi.user = user; + } + ++#if defined(NSS_CRYPTOAPI_ABLK) + for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { + info = nss_cryptoapi_cra_name_lookup(ablk->cra_name); + if(!info || !nss_crypto_algo_is_supp(info->algo)) +@@ -2222,6 +2227,7 @@ void nss_cryptoapi_attach_user(void *app + ablk->cra_flags = 0; + } + } ++#endif + + for (i = 0; enable_aead && (i < ARRAY_SIZE(cryptoapi_aead_algs)); i++, aead++) { + info = nss_cryptoapi_cra_name_lookup(aead->base.cra_name); +@@ -2257,7 +2263,9 @@ void nss_cryptoapi_attach_user(void *app + */ + void nss_cryptoapi_detach_user(void *app_data, struct nss_crypto_user *user) + { ++#if defined(NSS_CRYPTOAPI_ABLK) + struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; ++#endif + struct aead_alg *aead = cryptoapi_aead_algs; + struct ahash_alg *ahash = cryptoapi_ahash_algs; + struct nss_cryptoapi *sc = app_data; +@@ -2270,6 +2278,7 @@ void nss_cryptoapi_detach_user(void *app + */ + atomic_set(&g_cryptoapi.registered, 0); + ++#if defined(NSS_CRYPTOAPI_ABLK) + for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { + if (!ablk->cra_flags) + continue; +@@ -2277,6 +2286,7 @@ void nss_cryptoapi_detach_user(void *app + crypto_unregister_alg(ablk); + nss_cfi_info("%px: ABLK unregister succeeded, algo: %s\n", sc, ablk->cra_name); + } ++#endif + + for (i = 0; enable_aead && (i < ARRAY_SIZE(cryptoapi_aead_algs)); i++, aead++) { + if (!aead->base.cra_flags) +--- a/cryptoapi/v2.0/nss_cryptoapi_private.h ++++ b/cryptoapi/v2.0/nss_cryptoapi_private.h +@@ -250,12 +250,14 @@ extern void nss_cryptoapi_aead_tx_proc(s + /* + * ABLKCIPHER + */ ++#if defined(NSS_CRYPTOAPI_ABLK) + extern int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm); + extern void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm); + extern int nss_cryptoapi_ablk_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int len); + extern int nss_cryptoapi_ablk_encrypt(struct ablkcipher_request *req); + extern int nss_cryptoapi_ablk_decrypt(struct ablkcipher_request *req); + extern void nss_cryptoapi_copy_iv(struct nss_cryptoapi_ctx *ctx, struct scatterlist *sg, uint8_t *iv, uint8_t iv_len); ++#endif + + /* + * AHASH diff --git a/package/qca-nss/qca-nss-cfi/patches/0003-cryptoapi-v2.0-remove-setting-crypto_ahash_type-for-.patch b/package/qca-nss/qca-nss-cfi/patches/0003-cryptoapi-v2.0-remove-setting-crypto_ahash_type-for-.patch new file mode 100644 index 0000000000..ad11b8b357 --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0003-cryptoapi-v2.0-remove-setting-crypto_ahash_type-for-.patch @@ -0,0 +1,137 @@ +From 797b5166783cda0886038ffb22f5386b9363a961 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 22:08:27 +0100 +Subject: [PATCH 3/5] cryptoapi: v2.0: remove setting crypto_ahash_type for + newer kernels + +Upstream has stopped exporting crypto_ahash_type and removed setting it +on ahash algos since v4.19 as its easily identifiable by the struct type +and its being set in the core directly, so lets do the same. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/nss_cryptoapi.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +--- a/cryptoapi/v2.0/nss_cryptoapi.c ++++ b/cryptoapi/v2.0/nss_cryptoapi.c +@@ -1495,7 +1495,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = MD5_HMAC_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1521,7 +1523,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA1_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1547,7 +1551,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA224_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1573,7 +1579,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA256_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1599,7 +1607,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1625,7 +1635,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1655,7 +1667,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = MD5_HMAC_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1681,7 +1695,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA1_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1707,7 +1723,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA224_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1733,7 +1751,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA256_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1759,7 +1779,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, +@@ -1785,7 +1807,9 @@ static struct ahash_alg cryptoapi_ahash_ + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) + .cra_type = &crypto_ahash_type, ++#endif + .cra_module = THIS_MODULE, + .cra_init = nss_cryptoapi_ahash_cra_init, + .cra_exit = nss_cryptoapi_ahash_cra_exit, diff --git a/package/qca-nss/qca-nss-cfi/patches/0004-cryptoapi-v2.0-aead-add-downstream-crypto_tfm_alg_fl.patch b/package/qca-nss/qca-nss-cfi/patches/0004-cryptoapi-v2.0-aead-add-downstream-crypto_tfm_alg_fl.patch new file mode 100644 index 0000000000..a872321fb3 --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0004-cryptoapi-v2.0-aead-add-downstream-crypto_tfm_alg_fl.patch @@ -0,0 +1,28 @@ +From 8db77add1a794bdee8eef0a351e40bf1cdf6dfa9 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 22:09:51 +0100 +Subject: [PATCH 4/5] cryptoapi: v2.0: aead: add downstream + crypto_tfm_alg_flags + +crypto_tfm_alg_flags newer made it upstream, but as a temporary stopgap +until a better solution is figured out lets add it. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/nss_cryptoapi_aead.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/cryptoapi/v2.0/nss_cryptoapi_aead.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_aead.c +@@ -61,6 +61,11 @@ + #include + #include "nss_cryptoapi_private.h" + ++static inline u32 crypto_tfm_alg_flags(struct crypto_tfm *tfm) ++{ ++ return tfm->__crt_alg->cra_flags & ~CRYPTO_ALG_TYPE_MASK; ++} ++ + /* + * nss_cryptoapi_aead_ctx2session() + * Cryptoapi function to get the session ID for an AEAD diff --git a/package/qca-nss/qca-nss-cfi/patches/0005-cryptoapi-v2.0-remove-dropped-flags.patch b/package/qca-nss/qca-nss-cfi/patches/0005-cryptoapi-v2.0-remove-dropped-flags.patch new file mode 100644 index 0000000000..645633abc5 --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0005-cryptoapi-v2.0-remove-dropped-flags.patch @@ -0,0 +1,97 @@ +From 62bbb188e1a72d28916e1eca31f4cb9fbbf51cd1 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 22:11:06 +0100 +Subject: [PATCH 5/5] cryptoapi: v2.0: remove dropped flags + +Upstream has dropped these flags as there was no use for them, so lets do +the same. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/nss_cryptoapi_aead.c | 6 ------ + cryptoapi/v2.0/nss_cryptoapi_ahash.c | 4 ---- + 2 files changed, 10 deletions(-) + +--- a/cryptoapi/v2.0/nss_cryptoapi_aead.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_aead.c +@@ -207,7 +207,6 @@ int nss_cryptoapi_aead_setkey_noauth(str + ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keylen, 0); + if (!ctx->info) { + nss_cfi_err("%px: Unable to find algorithm with keylen\n", ctx); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -ENOENT; + } + +@@ -239,7 +238,6 @@ int nss_cryptoapi_aead_setkey_noauth(str + status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); + if (status < 0) { + nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_FLAGS); + return status; + } + +@@ -271,14 +269,12 @@ int nss_cryptoapi_aead_setkey(struct cry + */ + if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) { + nss_cfi_err("%px: Unable to extract keys\n", ctx); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EIO; + } + + ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keys.enckeylen, crypto_aead_maxauthsize(aead)); + if (!ctx->info) { + nss_cfi_err("%px: Unable to find algorithm with keylen\n", ctx); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -ENOENT; + } + +@@ -299,7 +295,6 @@ int nss_cryptoapi_aead_setkey(struct cry + */ + if (keys.authkeylen > ctx->info->auth_blocksize) { + nss_cfi_err("%px: Auth keylen(%d) exceeds supported\n", ctx, keys.authkeylen); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + +@@ -342,7 +337,6 @@ int nss_cryptoapi_aead_setkey(struct cry + status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); + if (status < 0) { + nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_FLAGS); + return status; + } + +--- a/cryptoapi/v2.0/nss_cryptoapi_ahash.c ++++ b/cryptoapi/v2.0/nss_cryptoapi_ahash.c +@@ -192,7 +192,6 @@ int nss_cryptoapi_ahash_setkey(struct cr + + ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), 0, crypto_ahash_digestsize(ahash)); + if (!ctx->info) { +- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + +@@ -215,7 +214,6 @@ int nss_cryptoapi_ahash_setkey(struct cr + status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); + if (status < 0) { + nss_cfi_warn("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_FLAGS); + return status; + } + +@@ -299,7 +297,6 @@ int nss_cryptoapi_ahash_init(struct ahas + */ + ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), 0, 0); + if (!ctx->info) { +- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + +@@ -314,7 +311,6 @@ int nss_cryptoapi_ahash_init(struct ahas + status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); + if (status < 0) { + nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_ahash_set_flags(ahash, CRYPTO_TFM_RES_BAD_FLAGS); + return status; + } + diff --git a/package/qca-nss/qca-nss-cfi/patches/0006-cryptoapi-v2.0-convert-to-skcipher.patch b/package/qca-nss/qca-nss-cfi/patches/0006-cryptoapi-v2.0-convert-to-skcipher.patch new file mode 100644 index 0000000000..f85e3d892c --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0006-cryptoapi-v2.0-convert-to-skcipher.patch @@ -0,0 +1,1199 @@ +From 1b30927548c2498c76b815b87f604f9a1de40a48 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 22 Jan 2023 23:31:09 +0100 +Subject: [PATCH] cryptoapi: v2.0: convert to skcipher + +Finally convert the driver from ablkcipher that was dropped in v5.5 to +skcipher. + +Signed-off-by: Robert Marko +--- + cryptoapi/v2.0/Makefile | 6 +- + cryptoapi/v2.0/nss_cryptoapi.c | 200 ++++++++---------- + cryptoapi/v2.0/nss_cryptoapi_private.h | 14 +- + ...ptoapi_ablk.c => nss_cryptoapi_skcipher.c} | 116 +++++----- + 4 files changed, 145 insertions(+), 191 deletions(-) + rename cryptoapi/v2.0/{nss_cryptoapi_ablk.c => nss_cryptoapi_skcipher.c} (74%) + +--- a/cryptoapi/v2.0/Makefile ++++ b/cryptoapi/v2.0/Makefile +@@ -5,9 +5,9 @@ NSS_CRYPTOAPI_MOD_NAME=qca-nss-cfi-crypt + obj-m += $(NSS_CRYPTOAPI_MOD_NAME).o + $(NSS_CRYPTOAPI_MOD_NAME)-objs = nss_cryptoapi.o + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_aead.o +-ifneq "$(NSS_CRYPTOAPI_ABLK)" "n" +-$(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ablk.o +-ccflags-y += -DNSS_CRYPTOAPI_ABLK ++ifneq "$(NSS_CRYPTOAPI_SKCIPHER)" "n" ++$(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_skcipher.o ++ccflags-y += -DNSS_CRYPTOAPI_SKCIPHER + endif + $(NSS_CRYPTOAPI_MOD_NAME)-objs += nss_cryptoapi_ahash.o + +--- a/cryptoapi/v2.0/nss_cryptoapi.c ++++ b/cryptoapi/v2.0/nss_cryptoapi.c +@@ -1367,104 +1367,78 @@ struct aead_alg cryptoapi_aead_algs[] = + /* + * ABLK cipher algorithms + */ +-#if defined(NSS_CRYPTOAPI_ABLK) +-static struct crypto_alg cryptoapi_ablkcipher_algs[] = { ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++static struct skcipher_alg cryptoapi_skcipher_algs[] = { + { +- .cra_name = "cbc(aes)", +- .cra_driver_name = "nss-cbc-aes", +- .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .ivsize = AES_BLOCK_SIZE, +- .min_keysize = AES_MIN_KEY_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE, +- .setkey = nss_cryptoapi_ablk_setkey, +- .encrypt = nss_cryptoapi_ablk_encrypt, +- .decrypt = nss_cryptoapi_ablk_decrypt, +- }, +- }, +- }, +- { +- .cra_name = "rfc3686(ctr(aes))", +- .cra_driver_name = "nss-rfc3686-ctr-aes", +- .cra_priority = 30000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .ivsize = CTR_RFC3686_IV_SIZE, +-/* +- * geniv deprecated from kernel version 5.0 and above +- */ +-#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0)) +- .geniv = "seqiv", +-#endif +- .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, +- .setkey = nss_cryptoapi_ablk_setkey, +- .encrypt = nss_cryptoapi_ablk_encrypt, +- .decrypt = nss_cryptoapi_ablk_decrypt, +- }, +- }, +- }, +- { +- .cra_name = "ecb(aes)", +- .cra_driver_name = "nss-ecb-aes", +- .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .min_keysize = AES_MIN_KEY_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE, +- .setkey = nss_cryptoapi_ablk_setkey, +- .encrypt = nss_cryptoapi_ablk_encrypt, +- .decrypt = nss_cryptoapi_ablk_decrypt, +- }, +- }, +- }, +- { +- .cra_name = "cbc(des3_ede)", +- .cra_driver_name = "nss-cbc-des-ede", +- .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, +- .cra_blocksize = DES3_EDE_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .ivsize = DES3_EDE_BLOCK_SIZE, +- .min_keysize = DES3_EDE_KEY_SIZE, +- .max_keysize = DES3_EDE_KEY_SIZE, +- .setkey = nss_cryptoapi_ablk_setkey, +- .encrypt = nss_cryptoapi_ablk_encrypt, +- .decrypt = nss_cryptoapi_ablk_decrypt, +- }, +- }, ++ .base.cra_name = "cbc(aes)", ++ .base.cra_driver_name = "nss-cbc-aes", ++ .base.cra_priority = 10000, ++ .base.cra_flags = CRYPTO_ALG_ASYNC, ++ .base.cra_blocksize = AES_BLOCK_SIZE, ++ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .base.cra_alignmask = 0, ++ .base.cra_module = THIS_MODULE, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .ivsize = AES_BLOCK_SIZE, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .setkey = nss_cryptoapi_skcipher_setkey, ++ .encrypt = nss_cryptoapi_skcipher_encrypt, ++ .decrypt = nss_cryptoapi_skcipher_decrypt, ++ }, ++ { ++ .base.cra_name = "rfc3686(ctr(aes))", ++ .base.cra_driver_name = "nss-rfc3686-ctr-aes", ++ .base.cra_priority = 30000, ++ .base.cra_flags = CRYPTO_ALG_ASYNC, ++ .base.cra_blocksize = AES_BLOCK_SIZE, ++ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .base.cra_alignmask = 0, ++ .base.cra_module = THIS_MODULE, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .ivsize = CTR_RFC3686_IV_SIZE, ++ .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, ++ .setkey = nss_cryptoapi_skcipher_setkey, ++ .encrypt = nss_cryptoapi_skcipher_encrypt, ++ .decrypt = nss_cryptoapi_skcipher_decrypt, ++ }, ++ { ++ .base.cra_name = "ecb(aes)", ++ .base.cra_driver_name = "nss-ecb-aes", ++ .base.cra_priority = 10000, ++ .base.cra_flags = CRYPTO_ALG_ASYNC, ++ .base.cra_blocksize = AES_BLOCK_SIZE, ++ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .base.cra_alignmask = 0, ++ .base.cra_module = THIS_MODULE, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .setkey = nss_cryptoapi_skcipher_setkey, ++ .encrypt = nss_cryptoapi_skcipher_encrypt, ++ .decrypt = nss_cryptoapi_skcipher_decrypt, ++ }, ++ { ++ .base.cra_name = "cbc(des3_ede)", ++ .base.cra_driver_name = "nss-cbc-des-ede", ++ .base.cra_priority = 10000, ++ .base.cra_flags = CRYPTO_ALG_ASYNC, ++ .base.cra_blocksize = DES3_EDE_BLOCK_SIZE, ++ .base.cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .base.cra_alignmask = 0, ++ .base.cra_module = THIS_MODULE, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .ivsize = DES3_EDE_BLOCK_SIZE, ++ .min_keysize = DES3_EDE_KEY_SIZE, ++ .max_keysize = DES3_EDE_KEY_SIZE, ++ .setkey = nss_cryptoapi_skcipher_setkey, ++ .encrypt = nss_cryptoapi_skcipher_encrypt, ++ .decrypt = nss_cryptoapi_skcipher_decrypt, + } + }; + #endif +@@ -2215,8 +2189,8 @@ void nss_cryptoapi_add_ctx2debugfs(struc + */ + void nss_cryptoapi_attach_user(void *app_data, struct nss_crypto_user *user) + { +-#if defined(NSS_CRYPTOAPI_ABLK) +- struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++ struct skcipher_alg *ablk = cryptoapi_skcipher_algs; + #endif + struct aead_alg *aead = cryptoapi_aead_algs; + struct ahash_alg *ahash = cryptoapi_ahash_algs; +@@ -2240,15 +2214,15 @@ void nss_cryptoapi_attach_user(void *app + g_cryptoapi.user = user; + } + +-#if defined(NSS_CRYPTOAPI_ABLK) +- for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { +- info = nss_cryptoapi_cra_name_lookup(ablk->cra_name); ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++ for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_skcipher_algs)); i++, ablk++) { ++ info = nss_cryptoapi_cra_name_lookup(ablk->base.cra_name); + if(!info || !nss_crypto_algo_is_supp(info->algo)) + continue; + +- if (crypto_register_alg(ablk)) { +- nss_cfi_err("%px: ABLK registration failed(%s)\n", sc, ablk->cra_name); +- ablk->cra_flags = 0; ++ if (crypto_register_skcipher(ablk)) { ++ nss_cfi_err("%px: skcipher registration failed(%s)\n", sc, ablk->base.cra_name); ++ ablk->base.cra_flags = 0; + } + } + #endif +@@ -2287,8 +2261,8 @@ void nss_cryptoapi_attach_user(void *app + */ + void nss_cryptoapi_detach_user(void *app_data, struct nss_crypto_user *user) + { +-#if defined(NSS_CRYPTOAPI_ABLK) +- struct crypto_alg *ablk = cryptoapi_ablkcipher_algs; ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++ struct skcipher_alg *ablk = cryptoapi_skcipher_algs; + #endif + struct aead_alg *aead = cryptoapi_aead_algs; + struct ahash_alg *ahash = cryptoapi_ahash_algs; +@@ -2302,13 +2276,13 @@ void nss_cryptoapi_detach_user(void *app + */ + atomic_set(&g_cryptoapi.registered, 0); + +-#if defined(NSS_CRYPTOAPI_ABLK) +- for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_ablkcipher_algs)); i++, ablk++) { +- if (!ablk->cra_flags) ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++ for (i = 0; enable_ablk && (i < ARRAY_SIZE(cryptoapi_skcipher_algs)); i++, ablk++) { ++ if (!ablk->base.cra_flags) + continue; + +- crypto_unregister_alg(ablk); +- nss_cfi_info("%px: ABLK unregister succeeded, algo: %s\n", sc, ablk->cra_name); ++ crypto_unregister_skcipher(ablk); ++ nss_cfi_info("%px: skcipher unregister succeeded, algo: %s\n", sc, ablk->base.cra_name); + } + #endif + +--- a/cryptoapi/v2.0/nss_cryptoapi_private.h ++++ b/cryptoapi/v2.0/nss_cryptoapi_private.h +@@ -248,14 +248,14 @@ extern void nss_cryptoapi_aead_tx_proc(s + struct nss_cryptoapi_info *info, bool encrypt); + + /* +- * ABLKCIPHER ++ * SKCIPHER + */ +-#if defined(NSS_CRYPTOAPI_ABLK) +-extern int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm); +-extern void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm); +-extern int nss_cryptoapi_ablk_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int len); +-extern int nss_cryptoapi_ablk_encrypt(struct ablkcipher_request *req); +-extern int nss_cryptoapi_ablk_decrypt(struct ablkcipher_request *req); ++#if defined(NSS_CRYPTOAPI_SKCIPHER) ++extern int nss_cryptoapi_skcipher_init(struct crypto_skcipher *tfm); ++extern void nss_cryptoapi_skcipher_exit(struct crypto_skcipher *tfm); ++extern int nss_cryptoapi_skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int len); ++extern int nss_cryptoapi_skcipher_encrypt(struct skcipher_request *req); ++extern int nss_cryptoapi_skcipher_decrypt(struct skcipher_request *req); + extern void nss_cryptoapi_copy_iv(struct nss_cryptoapi_ctx *ctx, struct scatterlist *sg, uint8_t *iv, uint8_t iv_len); + #endif + +--- a/cryptoapi/v2.0/nss_cryptoapi_ablk.c ++++ /dev/null +@@ -1,458 +0,0 @@ +-/* Copyright (c) 2015-2020 The Linux Foundation. All rights reserved. +- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. +- * +- * Permission to use, copy, modify, and/or distribute this software for any +- * purpose with or without fee is hereby granted, provided that the above +- * copyright notice and this permission notice appear in all copies. +- * +- * +- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +- * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT +- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +- * PERFORMANCE OF THIS SOFTWARE. +- * +- * +- */ +- +-/** +- * nss_cryptoapi_ablk.c +- * Interface to communicate Native Linux crypto framework specific data +- * to Crypto core specific data +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include "nss_cryptoapi_private.h" +- +-extern struct nss_cryptoapi g_cryptoapi; +- +-/* +- * nss_cryptoapi_skcipher_ctx2session() +- * Cryptoapi function to get the session ID for an skcipher +- */ +-int nss_cryptoapi_skcipher_ctx2session(struct crypto_skcipher *sk, uint32_t *sid) +-{ +- struct crypto_tfm *tfm = crypto_skcipher_tfm(sk); +- struct crypto_ablkcipher **actx, *ablk; +- struct ablkcipher_tfm *ablk_tfm; +- struct nss_cryptoapi_ctx *ctx; +- +- if (strncmp("nss-", crypto_tfm_alg_driver_name(tfm), 4)) +- return -EINVAL; +- +- /* Get the ablkcipher from the skcipher */ +- actx = crypto_skcipher_ctx(sk); +- if (!actx || !(*actx)) +- return -EINVAL; +- +- /* +- * The ablkcipher now obtained is a wrapper around the actual +- * ablkcipher that is created when the skcipher is created. +- * Hence we derive the required ablkcipher through ablkcipher_tfm. +- */ +- ablk_tfm = crypto_ablkcipher_crt(*actx); +- if (!ablk_tfm) +- return -EINVAL; +- +- ablk = ablk_tfm->base; +- if (!ablk) +- return -EINVAL; +- +- /* Get the nss_cryptoapi context stored in the ablkcipher */ +- ctx = crypto_ablkcipher_ctx(ablk); +- +- BUG_ON(!ctx); +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- *sid = ctx->sid; +- return 0; +-} +-EXPORT_SYMBOL(nss_cryptoapi_skcipher_ctx2session); +- +-/* +- * nss_cryptoapi_ablkcipher_init() +- * Cryptoapi ablkcipher init function. +- */ +-int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm) +-{ +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); +- +- BUG_ON(!ctx); +- NSS_CRYPTOAPI_SET_MAGIC(ctx); +- +- memset(ctx, 0, sizeof(struct nss_cryptoapi_ctx)); +- +- ctx->user = g_cryptoapi.user; +- ctx->stats.init++; +- ctx->sid = NSS_CRYPTO_SESSION_MAX; +- init_completion(&ctx->complete); +- +- return 0; +-} +- +-/* +- * nss_cryptoapi_ablkcipher_exit() +- * Cryptoapi ablkcipher exit function. +- */ +-void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm) +-{ +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); +- int ret; +- +- BUG_ON(!ctx); +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- ctx->stats.exit++; +- +- /* +- * When fallback_req is set, it means that fallback tfm was used +- * we didn't create any sessions. +- */ +- if (ctx->fallback_req) { +- ctx->stats.failed_fallback++; +- return; +- } +- +- if (!atomic_read(&ctx->active)) { +- ctx->stats.failed_exit++; +- return; +- } +- +- /* +- * Mark cryptoapi context as inactive +- */ +- atomic_set(&ctx->active, 0); +- +- if (!atomic_sub_and_test(1, &ctx->refcnt)) { +- /* +- * We need to wait for any outstanding packet using this ctx. +- * Once the last packet get processed, reference count will become +- * 0 this ctx. We will wait for the reference to go down to 0. +- */ +- ret = wait_for_completion_timeout(&ctx->complete, NSS_CRYPTOAPI_REQ_TIMEOUT_TICKS); +- WARN_ON(!ret); +- } +- +- if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { +- nss_crypto_session_free(ctx->user, ctx->sid); +- debugfs_remove_recursive(ctx->dentry); +- ctx->sid = NSS_CRYPTO_SESSION_MAX; +- } +- +- NSS_CRYPTOAPI_CLEAR_MAGIC(ctx); +-} +- +-/* +- * nss_cryptoapi_ablk_setkey() +- * Cryptoapi setkey routine for aes. +- */ +-int nss_cryptoapi_ablk_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int keylen) +-{ +- struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); +- struct nss_crypto_session_data data = {0}; +- int status; +- +- /* +- * Validate magic number - init should be called before setkey +- */ +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keylen, 0); +- if (!ctx->info) { +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); +- return -EINVAL; +- } +- +- ctx->iv_size = crypto_ablkcipher_ivsize(cipher); +- +- if (ctx->info->cipher_mode == NSS_CRYPTOAPI_CIPHER_MODE_CTR_RFC3686) { +- keylen = keylen - CTR_RFC3686_NONCE_SIZE; +- memcpy(ctx->ctx_iv, key + keylen, CTR_RFC3686_NONCE_SIZE); +- ctx->ctx_iv[3] = ntohl(0x1); +- ctx->iv_size += CTR_RFC3686_NONCE_SIZE + sizeof(uint32_t); +- } +- +- /* +- * Fill NSS crypto session data +- */ +- data.algo = ctx->info->algo; +- data.cipher_key = key; +- +- if (data.algo >= NSS_CRYPTO_CMN_ALGO_MAX) +- return -ERANGE; +- +- if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { +- nss_crypto_session_free(ctx->user, ctx->sid); +- debugfs_remove_recursive(ctx->dentry); +- ctx->sid = NSS_CRYPTO_SESSION_MAX; +- } +- +- status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); +- if (status < 0) { +- nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_FLAGS); +- return status; +- } +- +- nss_cryptoapi_add_ctx2debugfs(ctx); +- atomic_set(&ctx->active, 1); +- atomic_set(&ctx->refcnt, 1); +- return 0; +-} +- +-/* +- * nss_cryptoapi_ablkcipher_done() +- * Cipher operation completion callback function +- */ +-void nss_cryptoapi_ablkcipher_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) +-{ +- struct ablkcipher_request *req = app_data; +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(req->base.tfm); +- int error; +- +- BUG_ON(!ch); +- +- /* +- * Check cryptoapi context magic number. +- */ +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- /* +- * For skcipher decryption case, the last block of encrypted data is used as +- * an IV for the next data +- */ +- if (ch->op == NSS_CRYPTO_OP_DIR_ENC) { +- nss_cryptoapi_copy_iv(ctx, req->dst, req->info, ch->iv_len); +- } +- +- /* +- * Free crypto hdr +- */ +- nss_crypto_hdr_free(ctx->user, ch); +- +- nss_cfi_dbg("data dump after transformation\n"); +- nss_cfi_dbg_data(sg_virt(req->dst), req->nbytes, ' '); +- +- /* +- * Check if there is any error reported by hardware +- */ +- error = nss_cryptoapi_status2error(ctx, status); +- ctx->stats.completed++; +- +- /* +- * Decrement cryptoapi reference +- */ +- nss_cryptoapi_ref_dec(ctx); +- req->base.complete(&req->base, error); +-} +- +-/* +- * nss_cryptoapi_ablk_encrypt() +- * Crytoapi encrypt for AES and 3DES algorithms. +- */ +-int nss_cryptoapi_ablk_encrypt(struct ablkcipher_request *req) +-{ +- struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_ENC}; +- struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); +- struct nss_cryptoapi_ctx *ctx = crypto_ablkcipher_ctx(cipher); +- struct crypto_tfm *tfm = req->base.tfm; +- struct scatterlist *cur; +- int tot_len = 0; +- int i; +- +- /* +- * Check cryptoapi context magic number. +- */ +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- /* +- * Check if cryptoapi context is active or not +- */ +- if (!atomic_read(&ctx->active)) +- return -EINVAL; +- +- if (sg_nents(req->src) != sg_nents(req->dst)) { +- ctx->stats.failed_req++; +- return -EINVAL; +- } +- +- /* +- * Block size not aligned. +- * AES-CTR requires only a one-byte block size alignment. +- */ +- if (!IS_ALIGNED(req->nbytes, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { +- ctx->stats.failed_align++; +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); +- return -EFAULT; +- } +- +- /* +- * Fill the request information structure +- */ +- info.iv = req->info; +- info.src.nsegs = sg_nents(req->src); +- info.dst.nsegs = sg_nents(req->dst); +- info.op_dir = NSS_CRYPTO_OP_DIR_ENC; +- info.cb = nss_cryptoapi_ablkcipher_done; +- info.iv_size = ctx->iv_size; +- info.src.first_sg = req->src; +- info.dst.first_sg = req->dst; +- info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); +- +- /* out and in length will be same as ablk does only encrypt/decryt operation */ +- info.total_in_len = info.total_out_len = req->nbytes; +- info.in_place = (req->src == req->dst) ? true : false; +- +- /* +- * The exact length of data that needs to be ciphered for an ABLK +- * request is stored in req->nbytes. Hence we may have to reduce +- * the DMA length to what is specified in req->nbytes and later +- * restore the length of scatterlist back to its original value. +- */ +- for_each_sg(req->src, cur, info.src.nsegs, i) { +- if (!cur) +- break; +- +- tot_len += cur->length; +- if (!sg_next(cur)) +- break; +- } +- +- /* +- * We only support (2^16 - 1) length. +- */ +- if (tot_len > U16_MAX) { +- ctx->stats.failed_len++; +- return -EFBIG; +- } +- +- info.src.last_sg = cur; +- info.ahash_skip = tot_len - req->nbytes; +- +- if (!atomic_inc_not_zero(&ctx->refcnt)) +- return -ENOENT; +- +- return nss_cryptoapi_transform(ctx, &info, (void *)req, false); +-} +- +-/* +- * nss_cryptoapi_ablk_decrypt() +- * Crytoapi decrypt for AES and 3DES CBC algorithms. +- */ +-int nss_cryptoapi_ablk_decrypt(struct ablkcipher_request *req) +-{ +- struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_DEC}; +- struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); +- struct nss_cryptoapi_ctx *ctx = crypto_ablkcipher_ctx(cipher); +- struct crypto_tfm *tfm = req->base.tfm; +- struct scatterlist *cur; +- int tot_len = 0; +- int i; +- +- /* +- * Check cryptoapi context magic number. +- */ +- NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); +- +- /* +- * Check if cryptoapi context is active or not +- */ +- if (!atomic_read(&ctx->active)) +- return -EINVAL; +- +- if (sg_nents(req->src) != sg_nents(req->dst)) { +- ctx->stats.failed_req++; +- return -EINVAL; +- } +- +- /* +- * Block size not aligned +- */ +- if (!IS_ALIGNED(req->nbytes, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { +- ctx->stats.failed_align++; +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); +- return -EFAULT; +- } +- +- /* +- * Fill the request information structure +- * Note: For CTR mode, IV size will be set to AES_BLOCK_SIZE. +- * This is because linux gives iv size as 8 while we need to alloc 16 bytes +- * in crypto hdr to accomodate +- * - 4 bytes of nonce +- * - 8 bytes of IV +- * - 4 bytes of initial counter +- */ +- info.iv = req->info; +- info.src.nsegs = sg_nents(req->src); +- info.dst.nsegs = sg_nents(req->dst); +- info.iv_size = ctx->iv_size; +- info.op_dir = NSS_CRYPTO_OP_DIR_DEC; +- info.cb = nss_cryptoapi_ablkcipher_done; +- info.src.first_sg = req->src; +- info.dst.first_sg = req->dst; +- info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); +- +- /* out and in length will be same as ablk does only encrypt/decryt operation */ +- info.total_in_len = info.total_out_len = req->nbytes; +- info.in_place = (req->src == req->dst) ? true : false; +- +- /* +- * The exact length of data that needs to be ciphered for an ABLK +- * request is stored in req->nbytes. Hence we may have to reduce +- * the DMA length to what is specified in req->nbytes and later +- * restore the length of scatterlist back to its original value. +- */ +- for_each_sg(req->src, cur, info.src.nsegs, i) { +- tot_len += cur->length; +- if (!sg_next(cur)) +- break; +- } +- +- /* +- * We only support (2^16 - 1) length. +- */ +- if (tot_len > U16_MAX) { +- ctx->stats.failed_len++; +- return -EFBIG; +- } +- +- info.ahash_skip = tot_len - req->nbytes; +- info.src.last_sg = cur; +- +- if (!atomic_inc_not_zero(&ctx->refcnt)) +- return -ENOENT; +- +- return nss_cryptoapi_transform(ctx, &info, (void *)req, false); +-} +--- /dev/null ++++ b/cryptoapi/v2.0/nss_cryptoapi_skcipher.c +@@ -0,0 +1,438 @@ ++/* Copyright (c) 2015-2020 The Linux Foundation. All rights reserved. ++ * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. ++ * ++ * Permission to use, copy, modify, and/or distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY ++ * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT ++ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM ++ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE ++ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ++ * PERFORMANCE OF THIS SOFTWARE. ++ * ++ * ++ */ ++ ++/** ++ * nss_cryptoapi_ablk.c ++ * Interface to communicate Native Linux crypto framework specific data ++ * to Crypto core specific data ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) ++#include ++#else ++#include ++#include ++#endif ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "nss_cryptoapi_private.h" ++ ++extern struct nss_cryptoapi g_cryptoapi; ++ ++/* ++ * nss_cryptoapi_skcipher_ctx2session() ++ * Cryptoapi function to get the session ID for an skcipher ++ */ ++int nss_cryptoapi_skcipher_ctx2session(struct crypto_skcipher *sk, uint32_t *sid) ++{ ++ struct crypto_tfm *tfm = crypto_skcipher_tfm(sk); ++ struct nss_cryptoapi_ctx *ctx; ++ ++ if (strncmp("nss-", crypto_tfm_alg_driver_name(tfm), 4)) ++ return -EINVAL; ++ ++ /* Get the nss_cryptoapi context stored in skcipher */ ++ ctx = crypto_skcipher_ctx(sk); ++ BUG_ON(!ctx); ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ *sid = ctx->sid; ++ return 0; ++} ++EXPORT_SYMBOL(nss_cryptoapi_skcipher_ctx2session); ++ ++/* ++ * nss_cryptoapi_skcipher_init() ++ * Cryptoapi skcipher init function. ++ */ ++int nss_cryptoapi_skcipher_init(struct crypto_skcipher *tfm) ++{ ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(tfm); ++ ++ BUG_ON(!ctx); ++ NSS_CRYPTOAPI_SET_MAGIC(ctx); ++ ++ memset(ctx, 0, sizeof(struct nss_cryptoapi_ctx)); ++ ++ ctx->user = g_cryptoapi.user; ++ ctx->stats.init++; ++ ctx->sid = NSS_CRYPTO_SESSION_MAX; ++ init_completion(&ctx->complete); ++ ++ return 0; ++} ++ ++/* ++ * nss_cryptoapi_skcipher_exit() ++ * Cryptoapi skcipher exit function. ++ */ ++void nss_cryptoapi_skcipher_exit(struct crypto_skcipher *tfm) ++{ ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(tfm); ++ int ret; ++ ++ BUG_ON(!ctx); ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ ctx->stats.exit++; ++ ++ /* ++ * When fallback_req is set, it means that fallback tfm was used ++ * we didn't create any sessions. ++ */ ++ if (ctx->fallback_req) { ++ ctx->stats.failed_fallback++; ++ return; ++ } ++ ++ if (!atomic_read(&ctx->active)) { ++ ctx->stats.failed_exit++; ++ return; ++ } ++ ++ /* ++ * Mark cryptoapi context as inactive ++ */ ++ atomic_set(&ctx->active, 0); ++ ++ if (!atomic_sub_and_test(1, &ctx->refcnt)) { ++ /* ++ * We need to wait for any outstanding packet using this ctx. ++ * Once the last packet get processed, reference count will become ++ * 0 this ctx. We will wait for the reference to go down to 0. ++ */ ++ ret = wait_for_completion_timeout(&ctx->complete, NSS_CRYPTOAPI_REQ_TIMEOUT_TICKS); ++ WARN_ON(!ret); ++ } ++ ++ if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { ++ nss_crypto_session_free(ctx->user, ctx->sid); ++ debugfs_remove_recursive(ctx->dentry); ++ ctx->sid = NSS_CRYPTO_SESSION_MAX; ++ } ++ ++ NSS_CRYPTOAPI_CLEAR_MAGIC(ctx); ++} ++ ++/* ++ * nss_cryptoapi_skcipher_setkey() ++ * Cryptoapi setkey routine for aes. ++ */ ++int nss_cryptoapi_skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) ++{ ++ struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); ++ struct nss_crypto_session_data data = {0}; ++ int status; ++ ++ /* ++ * Validate magic number - init should be called before setkey ++ */ ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ ctx->info = nss_cryptoapi_cra_name2info(crypto_tfm_alg_name(tfm), keylen, 0); ++ if (!ctx->info) { ++ return -EINVAL; ++ } ++ ++ ctx->iv_size = crypto_skcipher_ivsize(cipher); ++ ++ if (ctx->info->cipher_mode == NSS_CRYPTOAPI_CIPHER_MODE_CTR_RFC3686) { ++ keylen = keylen - CTR_RFC3686_NONCE_SIZE; ++ memcpy(ctx->ctx_iv, key + keylen, CTR_RFC3686_NONCE_SIZE); ++ ctx->ctx_iv[3] = ntohl(0x1); ++ ctx->iv_size += CTR_RFC3686_NONCE_SIZE + sizeof(uint32_t); ++ } ++ ++ /* ++ * Fill NSS crypto session data ++ */ ++ data.algo = ctx->info->algo; ++ data.cipher_key = key; ++ ++ if (data.algo >= NSS_CRYPTO_CMN_ALGO_MAX) ++ return -ERANGE; ++ ++ if (ctx->sid != NSS_CRYPTO_SESSION_MAX) { ++ nss_crypto_session_free(ctx->user, ctx->sid); ++ debugfs_remove_recursive(ctx->dentry); ++ ctx->sid = NSS_CRYPTO_SESSION_MAX; ++ } ++ ++ status = nss_crypto_session_alloc(ctx->user, &data, &ctx->sid); ++ if (status < 0) { ++ nss_cfi_err("%px: Unable to allocate crypto session(%d)\n", ctx, status); ++ return status; ++ } ++ ++ nss_cryptoapi_add_ctx2debugfs(ctx); ++ atomic_set(&ctx->active, 1); ++ atomic_set(&ctx->refcnt, 1); ++ return 0; ++} ++ ++/* ++ * nss_cryptoapi_skcipher_done() ++ * Cipher operation completion callback function ++ */ ++void nss_cryptoapi_skcipher_done(void *app_data, struct nss_crypto_hdr *ch, uint8_t status) ++{ ++ struct skcipher_request *req = app_data; ++ struct nss_cryptoapi_ctx *ctx = skcipher_request_ctx(req); ++ int error; ++ ++ BUG_ON(!ch); ++ ++ /* ++ * Check cryptoapi context magic number. ++ */ ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ /* ++ * For skcipher decryption case, the last block of encrypted data is used as ++ * an IV for the next data ++ */ ++ if (ch->op == NSS_CRYPTO_OP_DIR_ENC) { ++ nss_cryptoapi_copy_iv(ctx, req->dst, req->iv, ch->iv_len); ++ } ++ ++ /* ++ * Free crypto hdr ++ */ ++ nss_crypto_hdr_free(ctx->user, ch); ++ ++ nss_cfi_dbg("data dump after transformation\n"); ++ nss_cfi_dbg_data(sg_virt(req->dst), req->cryptlen, ' '); ++ ++ /* ++ * Check if there is any error reported by hardware ++ */ ++ error = nss_cryptoapi_status2error(ctx, status); ++ ctx->stats.completed++; ++ ++ /* ++ * Decrement cryptoapi reference ++ */ ++ nss_cryptoapi_ref_dec(ctx); ++ req->base.complete(&req->base, error); ++} ++ ++/* ++ * nss_cryptoapi_skcipher_encrypt() ++ * Crytoapi encrypt for AES and 3DES algorithms. ++ */ ++int nss_cryptoapi_skcipher_encrypt(struct skcipher_request *req) ++{ ++ struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_ENC}; ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); ++ struct crypto_tfm *tfm = req->base.tfm; ++ struct scatterlist *cur; ++ int tot_len = 0; ++ int i; ++ ++ /* ++ * Check cryptoapi context magic number. ++ */ ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ /* ++ * Check if cryptoapi context is active or not ++ */ ++ if (!atomic_read(&ctx->active)) ++ return -EINVAL; ++ ++ if (sg_nents(req->src) != sg_nents(req->dst)) { ++ ctx->stats.failed_req++; ++ return -EINVAL; ++ } ++ ++ /* ++ * Block size not aligned. ++ * AES-CTR requires only a one-byte block size alignment. ++ */ ++ if (!IS_ALIGNED(req->cryptlen, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { ++ ctx->stats.failed_align++; ++ return -EFAULT; ++ } ++ ++ /* ++ * Fill the request information structure ++ */ ++ info.iv = req->iv; ++ info.src.nsegs = sg_nents(req->src); ++ info.dst.nsegs = sg_nents(req->dst); ++ info.op_dir = NSS_CRYPTO_OP_DIR_ENC; ++ info.cb = nss_cryptoapi_skcipher_done; ++ info.iv_size = ctx->iv_size; ++ info.src.first_sg = req->src; ++ info.dst.first_sg = req->dst; ++ info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); ++ ++ /* out and in length will be same as ablk does only encrypt/decryt operation */ ++ info.total_in_len = info.total_out_len = req->cryptlen; ++ info.in_place = (req->src == req->dst) ? true : false; ++ ++ /* ++ * The exact length of data that needs to be ciphered for an ABLK ++ * request is stored in req->cryptlen. Hence we may have to reduce ++ * the DMA length to what is specified in req->cryptlen and later ++ * restore the length of scatterlist back to its original value. ++ */ ++ for_each_sg(req->src, cur, info.src.nsegs, i) { ++ if (!cur) ++ break; ++ ++ tot_len += cur->length; ++ if (!sg_next(cur)) ++ break; ++ } ++ ++ /* ++ * We only support (2^16 - 1) length. ++ */ ++ if (tot_len > U16_MAX) { ++ ctx->stats.failed_len++; ++ return -EFBIG; ++ } ++ ++ info.src.last_sg = cur; ++ info.ahash_skip = tot_len - req->cryptlen; ++ ++ if (!atomic_inc_not_zero(&ctx->refcnt)) ++ return -ENOENT; ++ ++ return nss_cryptoapi_transform(ctx, &info, (void *)req, false); ++} ++ ++/* ++ * nss_cryptoapi_skcipher_decrypt() ++ * Crytoapi decrypt for AES and 3DES CBC algorithms. ++ */ ++int nss_cryptoapi_skcipher_decrypt(struct skcipher_request *req) ++{ ++ struct nss_cryptoapi_info info = {.op_dir = NSS_CRYPTO_OP_DIR_DEC}; ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); ++ struct crypto_tfm *tfm = req->base.tfm; ++ struct scatterlist *cur; ++ int tot_len = 0; ++ int i; ++ ++ /* ++ * Check cryptoapi context magic number. ++ */ ++ NSS_CRYPTOAPI_VERIFY_MAGIC(ctx); ++ ++ /* ++ * Check if cryptoapi context is active or not ++ */ ++ if (!atomic_read(&ctx->active)) ++ return -EINVAL; ++ ++ if (sg_nents(req->src) != sg_nents(req->dst)) { ++ ctx->stats.failed_req++; ++ return -EINVAL; ++ } ++ ++ /* ++ * Block size not aligned ++ */ ++ if (!IS_ALIGNED(req->cryptlen, crypto_tfm_alg_blocksize(tfm)) && ctx->info->blk_align) { ++ ctx->stats.failed_align++; ++ return -EFAULT; ++ } ++ ++ /* ++ * Fill the request information structure ++ * Note: For CTR mode, IV size will be set to AES_BLOCK_SIZE. ++ * This is because linux gives iv size as 8 while we need to alloc 16 bytes ++ * in crypto hdr to accomodate ++ * - 4 bytes of nonce ++ * - 8 bytes of IV ++ * - 4 bytes of initial counter ++ */ ++ info.iv = req->iv; ++ info.src.nsegs = sg_nents(req->src); ++ info.dst.nsegs = sg_nents(req->dst); ++ info.iv_size = ctx->iv_size; ++ info.op_dir = NSS_CRYPTO_OP_DIR_DEC; ++ info.cb = nss_cryptoapi_skcipher_done; ++ info.src.first_sg = req->src; ++ info.dst.first_sg = req->dst; ++ info.dst.last_sg = sg_last(req->dst, info.dst.nsegs); ++ ++ /* out and in length will be same as ablk does only encrypt/decryt operation */ ++ info.total_in_len = info.total_out_len = req->cryptlen; ++ info.in_place = (req->src == req->dst) ? true : false; ++ ++ /* ++ * The exact length of data that needs to be ciphered for an ABLK ++ * request is stored in req->cryptlen. Hence we may have to reduce ++ * the DMA length to what is specified in req->cryptlen and later ++ * restore the length of scatterlist back to its original value. ++ */ ++ for_each_sg(req->src, cur, info.src.nsegs, i) { ++ tot_len += cur->length; ++ if (!sg_next(cur)) ++ break; ++ } ++ ++ /* ++ * We only support (2^16 - 1) length. ++ */ ++ if (tot_len > U16_MAX) { ++ ctx->stats.failed_len++; ++ return -EFBIG; ++ } ++ ++ info.ahash_skip = tot_len - req->cryptlen; ++ info.src.last_sg = cur; ++ ++ if (!atomic_inc_not_zero(&ctx->refcnt)) ++ return -ENOENT; ++ ++ return nss_cryptoapi_transform(ctx, &info, (void *)req, false); ++} diff --git a/package/qca-nss/qca-nss-cfi/patches/0007-compile-only-cryptoapi.patch b/package/qca-nss/qca-nss-cfi/patches/0007-compile-only-cryptoapi.patch new file mode 100644 index 0000000000..15e09721ea --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0007-compile-only-cryptoapi.patch @@ -0,0 +1,32 @@ +From a8a573c5ce83bdddca9a60c62161638a5fd906d4 Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Sat, 13 Jun 2020 12:57:14 +0200 +Subject: [PATCH 1/3] compile only cryptoapi + +--- + Makefile | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -4,14 +4,12 @@ + + export BUILD_ID = \"Build Id: $(shell date +'%m/%d/%y, %H:%M:%S')\" + +-ifneq (,$(filter $(ocf), y)) +-obj-m += $(CFI_OCF_DIR)/ +-endif ++# ifneq (,$(filter $(ocf), y)) ++# obj-m += $(CFI_OCF_DIR)/ ++# endif + +-ifneq (,$(filter $(cryptoapi), y)) + obj-m += $(CFI_CRYPTOAPI_DIR)/ +-endif + +-ifeq ($(SoC),$(filter $(SoC),ipq806x)) +-obj-m += $(CFI_IPSEC_DIR)/ +-endif ++# ifeq ($(SoC),$(filter $(SoC),ipq806x)) ++# obj-m += $(CFI_IPSEC_DIR)/ ++# endif diff --git a/package/qca-nss/qca-nss-cfi/patches/0008-cryptoapi-v1.1-support-5.4.patch b/package/qca-nss/qca-nss-cfi/patches/0008-cryptoapi-v1.1-support-5.4.patch new file mode 100644 index 0000000000..20f820cd35 --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0008-cryptoapi-v1.1-support-5.4.patch @@ -0,0 +1,69 @@ +From 202f57bae49947a04301ac8ac9bdc00f28f09355 Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Sat, 13 Jun 2020 12:58:26 +0200 +Subject: [PATCH 2/3] wip: support 5.4 + +--- + cryptoapi/v1.1/nss_cryptoapi.c | 1 - + cryptoapi/v1.1/nss_cryptoapi_ablk.c | 12 ++++++------ + cryptoapi/v1.1/nss_cryptoapi_aead.c | 2 +- + 3 files changed, 7 insertions(+), 8 deletions(-) + +--- a/cryptoapi/v1.1/nss_cryptoapi.c ++++ b/cryptoapi/v1.1/nss_cryptoapi.c +@@ -231,7 +231,6 @@ static struct crypto_alg cryptoapi_ablkc + .cra_u = { + .ablkcipher = { + .ivsize = CTR_RFC3686_IV_SIZE, +- .geniv = "seqiv", + .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, + .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, + .setkey = nss_cryptoapi_ablk_aes_setkey, +--- a/cryptoapi/v1.1/nss_cryptoapi_ablk.c ++++ b/cryptoapi/v1.1/nss_cryptoapi_ablk.c +@@ -108,7 +108,7 @@ EXPORT_SYMBOL(nss_cryptoapi_skcipher_ctx + int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm) + { + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); +- struct crypto_ablkcipher *sw_tfm; ++ struct crypto_cipher *sw_tfm; + + nss_cfi_assert(ctx); + +@@ -122,20 +122,20 @@ int nss_cryptoapi_ablkcipher_init(struct + + nss_cryptoapi_set_magic(ctx); + +- if (!(crypto_tfm_alg_flags(tfm) & CRYPTO_ALG_NEED_FALLBACK)) ++ if (!(crypto_tfm_alg_type(tfm) & CRYPTO_ALG_NEED_FALLBACK)) + return 0; + + /* Alloc fallback transform for future use */ +- sw_tfm = crypto_alloc_ablkcipher(crypto_tfm_alg_name(tfm), 0, CRYPTO_ALG_ASYNC | +- CRYPTO_ALG_NEED_FALLBACK); ++ sw_tfm = crypto_alloc_cipher(crypto_tfm_alg_name(tfm), 0, CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_NEED_FALLBACK); + if (IS_ERR(sw_tfm)) { + nss_cfi_err("unable to alloc software crypto for %s\n", crypto_tfm_alg_name(tfm)); + return -EINVAL; + } + + /* set this tfm reqsize same to fallback tfm */ +- tfm->crt_ablkcipher.reqsize = crypto_ablkcipher_reqsize(sw_tfm); +- ctx->sw_tfm = crypto_ablkcipher_tfm(sw_tfm); ++ tfm->crt_ablkcipher.reqsize = sizeof(struct nss_cryptoapi_ctx); ++ ctx->sw_tfm = crypto_cipher_tfm(sw_tfm); + + return 0; + } +--- a/cryptoapi/v1.1/nss_cryptoapi_aead.c ++++ b/cryptoapi/v1.1/nss_cryptoapi_aead.c +@@ -103,7 +103,7 @@ int nss_cryptoapi_aead_init(struct crypt + + nss_cryptoapi_set_magic(ctx); + +- if (!(crypto_tfm_alg_flags(tfm) & CRYPTO_ALG_NEED_FALLBACK)) ++ if (!(crypto_tfm_alg_type(tfm) & CRYPTO_ALG_NEED_FALLBACK)) + return 0; + + /* Alloc fallback transform for future use */ diff --git a/package/qca-nss/qca-nss-cfi/patches/0009-cryptoapi-v1.1-convert-to-skcipher.patch b/package/qca-nss/qca-nss-cfi/patches/0009-cryptoapi-v1.1-convert-to-skcipher.patch new file mode 100644 index 0000000000..fe04167cfc --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0009-cryptoapi-v1.1-convert-to-skcipher.patch @@ -0,0 +1,696 @@ +From e3a53a6d11b2c1770545a2820a58c117799bcb70 Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Tue, 16 Jun 2020 18:12:34 +0200 +Subject: [PATCH 3/3] Convert ablkcipher to skcipher + +--- + cryptoapi/v1.1/nss_cryptoapi.c | 149 +++++++++++-------------- + cryptoapi/v1.1/nss_cryptoapi_ablk.c | 136 +++++++++++----------- + cryptoapi/v1.1/nss_cryptoapi_debugfs.c | 1 + + cryptoapi/v1.1/nss_cryptoapi_private.h | 16 +-- + 4 files changed, 145 insertions(+), 157 deletions(-) + +--- a/cryptoapi/v1.1/nss_cryptoapi.c ++++ b/cryptoapi/v1.1/nss_cryptoapi.c +@@ -66,7 +66,7 @@ struct aead_alg cryptoapi_aead_algs[] = + .cra_name = "echainiv(authenc(hmac(sha1),cbc(aes)))", + .cra_driver_name = "nss-hmac-sha1-cbc-aes", + .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_NEED_FALLBACK, ++ .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, +@@ -87,7 +87,7 @@ struct aead_alg cryptoapi_aead_algs[] = + .cra_name = "seqiv(authenc(hmac(sha1),rfc3686(ctr(aes))))", + .cra_driver_name = "nss-hmac-sha1-rfc3686-ctr-aes", + .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_NEED_FALLBACK, ++ .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, +@@ -108,7 +108,7 @@ struct aead_alg cryptoapi_aead_algs[] = + .cra_name = "echainiv(authenc(hmac(sha1),cbc(des3_ede)))", + .cra_driver_name = "nss-hmac-sha1-cbc-3des", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG, ++ .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = DES3_EDE_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, +@@ -129,7 +129,7 @@ struct aead_alg cryptoapi_aead_algs[] = + .cra_name = "echainiv(authenc(hmac(sha256),cbc(aes)))", + .cra_driver_name = "nss-hmac-sha256-cbc-aes", + .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_NEED_FALLBACK, ++ .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, +@@ -150,7 +150,7 @@ struct aead_alg cryptoapi_aead_algs[] = + .cra_name = "seqiv(authenc(hmac(sha256),rfc3686(ctr(aes))))", + .cra_driver_name = "nss-hmac-sha256-rfc3686-ctr-aes", + .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_NEED_FALLBACK, ++ .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, +@@ -171,7 +171,7 @@ struct aead_alg cryptoapi_aead_algs[] = + .cra_name = "echainiv(authenc(hmac(sha256),cbc(des3_ede)))", + .cra_driver_name = "nss-hmac-sha256-cbc-3des", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG, ++ .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = DES3_EDE_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), + .cra_alignmask = 0, +@@ -192,75 +192,66 @@ struct aead_alg cryptoapi_aead_algs[] = + /* + * ABLK cipher algorithms + */ +-static struct crypto_alg cryptoapi_ablkcipher_algs[] = { ++static struct skcipher_alg cryptoapi_skcipher_algs[] = { + { +- .cra_name = "cbc(aes)", +- .cra_driver_name = "nss-cbc-aes", +- .cra_priority = 10000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .ivsize = AES_BLOCK_SIZE, +- .min_keysize = AES_MIN_KEY_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE, +- .setkey = nss_cryptoapi_ablk_aes_setkey, +- .encrypt = nss_cryptoapi_ablk_aes_encrypt, +- .decrypt = nss_cryptoapi_ablk_aes_decrypt, +- }, ++ .base = { ++ .cra_name = "cbc(aes)", ++ .cra_driver_name = "nss-cbc-aes", ++ .cra_priority = 10000, ++ .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_KERN_DRIVER_ONLY, ++ .cra_blocksize = AES_BLOCK_SIZE, ++ .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .cra_alignmask = 0, ++ .cra_module = THIS_MODULE, + }, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .ivsize = AES_BLOCK_SIZE, ++ .min_keysize = AES_MIN_KEY_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE, ++ .setkey = nss_cryptoapi_ablk_aes_setkey, ++ .encrypt = nss_cryptoapi_ablk_aes_encrypt, ++ .decrypt = nss_cryptoapi_ablk_aes_decrypt, + }, + { +- .cra_name = "rfc3686(ctr(aes))", +- .cra_driver_name = "nss-rfc3686-ctr-aes", +- .cra_priority = 30000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, +- .cra_blocksize = AES_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .ivsize = CTR_RFC3686_IV_SIZE, +- .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, +- .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, +- .setkey = nss_cryptoapi_ablk_aes_setkey, +- .encrypt = nss_cryptoapi_ablk_aes_encrypt, +- .decrypt = nss_cryptoapi_ablk_aes_decrypt, +- }, ++ .base = { ++ .cra_name = "rfc3686(ctr(aes))", ++ .cra_driver_name = "nss-rfc3686-ctr-aes", ++ .cra_priority = 30000, ++ .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_KERN_DRIVER_ONLY, ++ .cra_blocksize = AES_BLOCK_SIZE, ++ .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .cra_alignmask = 0, ++ .cra_module = THIS_MODULE, + }, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .ivsize = CTR_RFC3686_IV_SIZE, ++ .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, ++ .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, ++ .setkey = nss_cryptoapi_ablk_aes_setkey, ++ .encrypt = nss_cryptoapi_ablk_aes_encrypt, ++ .decrypt = nss_cryptoapi_ablk_aes_decrypt, + }, + { +- .cra_name = "cbc(des3_ede)", +- .cra_driver_name = "nss-cbc-3des", +- .cra_priority = 1000, +- .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_ASYNC, +- .cra_blocksize = DES3_EDE_BLOCK_SIZE, +- .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), +- .cra_alignmask = 0, +- .cra_type = &crypto_ablkcipher_type, +- .cra_module = THIS_MODULE, +- .cra_init = nss_cryptoapi_ablkcipher_init, +- .cra_exit = nss_cryptoapi_ablkcipher_exit, +- .cra_u = { +- .ablkcipher = { +- .ivsize = DES3_EDE_BLOCK_SIZE, +- .min_keysize = DES3_EDE_KEY_SIZE, +- .max_keysize = DES3_EDE_KEY_SIZE, +- .setkey = nss_cryptoapi_3des_cbc_setkey, +- .encrypt = nss_cryptoapi_3des_cbc_encrypt, +- .decrypt = nss_cryptoapi_3des_cbc_decrypt, +- }, ++ .base = { ++ .cra_name = "cbc(des3_ede)", ++ .cra_driver_name = "nss-cbc-3des", ++ .cra_priority = 1000, ++ .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_NOSUPP_SG | CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY, ++ .cra_blocksize = DES3_EDE_BLOCK_SIZE, ++ .cra_ctxsize = sizeof(struct nss_cryptoapi_ctx), ++ .cra_alignmask = 0, ++ .cra_module = THIS_MODULE, + }, ++ .init = nss_cryptoapi_skcipher_init, ++ .exit = nss_cryptoapi_skcipher_exit, ++ .ivsize = DES3_EDE_BLOCK_SIZE, ++ .min_keysize = DES3_EDE_KEY_SIZE, ++ .max_keysize = DES3_EDE_KEY_SIZE, ++ .setkey = nss_cryptoapi_3des_cbc_setkey, ++ .encrypt = nss_cryptoapi_3des_cbc_encrypt, ++ .decrypt = nss_cryptoapi_3des_cbc_decrypt, + }, + }; + +@@ -277,14 +268,14 @@ static nss_crypto_user_ctx_t nss_cryptoa + + sc->crypto = crypto; + +- for (i = 0; i < ARRAY_SIZE(cryptoapi_ablkcipher_algs); i++) { +- rc = crypto_register_alg(&cryptoapi_ablkcipher_algs[i]); ++ for (i = 0; i < ARRAY_SIZE(cryptoapi_skcipher_algs); i++) { ++ rc = crypto_register_skcipher(&cryptoapi_skcipher_algs[i]); + if (rc) { +- nss_cfi_trace("Ablk registration failed, algo: %s\n", cryptoapi_ablkcipher_algs[i].cra_name); +- cryptoapi_ablkcipher_algs[i].cra_flags = 0; ++ nss_cfi_trace("Ablk registration failed, algo: %s\n", cryptoapi_skcipher_algs[i].base.cra_name); ++ cryptoapi_skcipher_algs[i].base.cra_flags = 0; + continue; + } +- nss_cfi_info("Ablk registration succeeded, algo: %s\n", cryptoapi_ablkcipher_algs[i].cra_name); ++ nss_cfi_info("Ablk registration succeeded, algo: %s\n", cryptoapi_skcipher_algs[i].base.cra_name); + } + + for (i = 0; i < ARRAY_SIZE(cryptoapi_aead_algs); i++) { +@@ -317,7 +308,7 @@ static nss_crypto_user_ctx_t nss_cryptoa + static void nss_cryptoapi_unregister(nss_crypto_user_ctx_t cfi) + { + struct nss_cryptoapi *sc = &gbl_ctx; +- int i, ret = 0; ++ int i; + + nss_cfi_info("unregister nss_cryptoapi\n"); + +@@ -326,16 +317,12 @@ static void nss_cryptoapi_unregister(nss + */ + atomic_set(&gbl_ctx.registered, 0); + +- for (i = 0; i < ARRAY_SIZE(cryptoapi_ablkcipher_algs); i++) { +- if (!cryptoapi_ablkcipher_algs[i].cra_flags) { +- continue; +- } +- ret = crypto_unregister_alg(&cryptoapi_ablkcipher_algs[i]); +- if (ret) { +- nss_cfi_err("Ablk unregister failed, algo: %s\n", cryptoapi_ablkcipher_algs[i].cra_name); ++ for (i = 0; i < ARRAY_SIZE(cryptoapi_skcipher_algs); i++) { ++ if (!cryptoapi_skcipher_algs[i].base.cra_flags) { + continue; + } +- nss_cfi_info("Ablk unregister succeeded, algo: %s\n", cryptoapi_ablkcipher_algs[i].cra_name); ++ crypto_unregister_skcipher(&cryptoapi_skcipher_algs[i]); ++ nss_cfi_info("Ablk unregister succeeded, algo: %s\n", cryptoapi_skcipher_algs[i].base.cra_name); + } + + for (i = 0; i < ARRAY_SIZE(cryptoapi_aead_algs); i++) { +--- a/cryptoapi/v1.1/nss_cryptoapi_ablk.c ++++ b/cryptoapi/v1.1/nss_cryptoapi_ablk.c +@@ -102,12 +102,12 @@ int nss_cryptoapi_skcipher_ctx2session(s + EXPORT_SYMBOL(nss_cryptoapi_skcipher_ctx2session); + + /* +- * nss_cryptoapi_ablkcipher_init() +- * Cryptoapi ablkcipher init function. ++ * nss_cryptoapi_skcipher_init() ++ * Cryptoapi skcipher init function. + */ +-int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm) ++int nss_cryptoapi_skcipher_init(struct crypto_skcipher *tfm) + { +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(tfm); + struct crypto_cipher *sw_tfm; + + nss_cfi_assert(ctx); +@@ -122,31 +122,31 @@ int nss_cryptoapi_ablkcipher_init(struct + + nss_cryptoapi_set_magic(ctx); + +- if (!(crypto_tfm_alg_type(tfm) & CRYPTO_ALG_NEED_FALLBACK)) ++ if (!(crypto_tfm_alg_type(&tfm->base) & CRYPTO_ALG_NEED_FALLBACK)) + return 0; + + /* Alloc fallback transform for future use */ +- sw_tfm = crypto_alloc_cipher(crypto_tfm_alg_name(tfm), 0, CRYPTO_ALG_ASYNC | ++ sw_tfm = crypto_alloc_cipher(crypto_tfm_alg_name(&tfm->base), 0, CRYPTO_ALG_ASYNC | + CRYPTO_ALG_NEED_FALLBACK); + if (IS_ERR(sw_tfm)) { +- nss_cfi_err("unable to alloc software crypto for %s\n", crypto_tfm_alg_name(tfm)); ++ nss_cfi_err("unable to alloc software crypto for %s\n", crypto_tfm_alg_name(&tfm->base)); + return -EINVAL; + } + + /* set this tfm reqsize same to fallback tfm */ +- tfm->crt_ablkcipher.reqsize = sizeof(struct nss_cryptoapi_ctx); ++ crypto_skcipher_set_reqsize(tfm, sizeof(struct nss_cryptoapi_ctx)); + ctx->sw_tfm = crypto_cipher_tfm(sw_tfm); + + return 0; + } + + /* +- * nss_cryptoapi_ablkcipher_exit() +- * Cryptoapi ablkcipher exit function. ++ * nss_cryptoapi_skcipher_exit() ++ * Cryptoapi skcipher exit function. + */ +-void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm) ++void nss_cryptoapi_skcipher_exit(struct crypto_skcipher *tfm) + { +- struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(tfm); + struct nss_cryptoapi *sc = &gbl_ctx; + nss_crypto_status_t status; + +@@ -158,7 +158,7 @@ void nss_cryptoapi_ablkcipher_exit(struc + } + + if (ctx->sw_tfm) { +- crypto_free_ablkcipher(__crypto_ablkcipher_cast(ctx->sw_tfm)); ++ crypto_free_skcipher(__crypto_skcipher_cast(ctx->sw_tfm)); + ctx->sw_tfm = NULL; + } + +@@ -183,9 +183,9 @@ void nss_cryptoapi_ablkcipher_exit(struc + * nss_cryptoapi_ablk_aes_setkey() + * Cryptoapi setkey routine for aes. + */ +-int nss_cryptoapi_ablk_aes_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int keylen) ++int nss_cryptoapi_ablk_aes_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) + { +- struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); ++ struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip; +@@ -255,10 +255,10 @@ int nss_cryptoapi_ablk_aes_setkey(struct + + /* set flag to fallback tfm */ + crypto_tfm_clear_flags(ctx->sw_tfm, CRYPTO_TFM_REQ_MASK); +- crypto_tfm_set_flags(ctx->sw_tfm, crypto_ablkcipher_get_flags(cipher) & CRYPTO_TFM_REQ_MASK); ++ crypto_tfm_set_flags(ctx->sw_tfm, crypto_skcipher_get_flags(cipher) & CRYPTO_TFM_REQ_MASK); + + /* Set key to the fallback tfm */ +- ret = crypto_ablkcipher_setkey(__crypto_ablkcipher_cast(ctx->sw_tfm), key, keylen); ++ ret = crypto_skcipher_setkey(__crypto_skcipher_cast(ctx->sw_tfm), key, keylen); + if (ret) { + nss_cfi_err("Failed to set key to the sw crypto"); + +@@ -266,7 +266,7 @@ int nss_cryptoapi_ablk_aes_setkey(struct + * Set back the fallback tfm flag to the original flag one after + * doing setkey + */ +- crypto_ablkcipher_set_flags(cipher, crypto_tfm_get_flags(ctx->sw_tfm)); ++ crypto_skcipher_set_flags(cipher, crypto_tfm_get_flags(ctx->sw_tfm)); + } + return ret; + default: +@@ -289,23 +289,23 @@ int nss_cryptoapi_ablk_aes_setkey(struct + return 0; + + fail: +- crypto_ablkcipher_set_flags(cipher, flag); ++ crypto_skcipher_set_flags(cipher, flag); + return -EINVAL; + } + + /* +- * nss_cryptoapi_ablkcipher_done() ++ * nss_cryptoapi_skcipher_done() + * Cipher operation completion callback function + */ +-void nss_cryptoapi_ablkcipher_done(struct nss_crypto_buf *buf) ++void nss_cryptoapi_skcipher_done(struct nss_crypto_buf *buf) + { + struct nss_cryptoapi_ctx *ctx; +- struct ablkcipher_request *req; ++ struct skcipher_request *req; + int err = 0; + + nss_cfi_assert(buf); + +- req = (struct ablkcipher_request *)nss_crypto_get_cb_ctx(buf); ++ req = (struct skcipher_request *)nss_crypto_get_cb_ctx(buf); + + /* + * check cryptoapi context magic number. +@@ -319,7 +319,7 @@ void nss_cryptoapi_ablkcipher_done(struc + nss_crypto_buf_free(gbl_ctx.crypto, buf); + + nss_cfi_dbg("after transformation\n"); +- nss_cfi_dbg_data(sg_virt(req->dst), req->nbytes, ' '); ++ nss_cfi_dbg_data(sg_virt(req->dst), req->cryptlen, ' '); + + /* + * Passing always pass in case of encrypt. +@@ -337,7 +337,7 @@ void nss_cryptoapi_ablkcipher_done(struc + * Cryptoapi: obtain sg to virtual address mapping. + * Check for multiple sg in src and dst + */ +-int nss_cryptoapi_ablk_checkaddr(struct ablkcipher_request *req) ++int nss_cryptoapi_ablk_checkaddr(struct skcipher_request *req) + { + /* + * Currently only single sg is supported +@@ -356,7 +356,7 @@ int nss_cryptoapi_ablk_checkaddr(struct + /* + * If the size of data is more than 65K reject transformation + */ +- if (req->nbytes > NSS_CRYPTOAPI_MAX_DATA_LEN) { ++ if (req->cryptlen > NSS_CRYPTOAPI_MAX_DATA_LEN) { + nss_cfi_err("Buffer length exceeded limit\n"); + return -EINVAL; + } +@@ -368,10 +368,10 @@ int nss_cryptoapi_ablk_checkaddr(struct + * nss_cryptoapi_ablk_transform() + * Crytoapi common routine for encryption and decryption operations. + */ +-struct nss_crypto_buf *nss_cryptoapi_ablk_transform(struct ablkcipher_request *req, struct nss_cryptoapi_ablk_info *info) ++struct nss_crypto_buf *nss_cryptoapi_ablk_transform(struct skcipher_request *req, struct nss_cryptoapi_ablk_info *info) + { +- struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); +- struct nss_cryptoapi_ctx *ctx = crypto_ablkcipher_ctx(cipher); ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); + struct nss_crypto_buf *buf; + struct nss_cryptoapi *sc = &gbl_ctx; + nss_crypto_status_t status; +@@ -382,7 +382,7 @@ struct nss_crypto_buf *nss_cryptoapi_abl + nss_cfi_assert(ctx); + + nss_cfi_dbg("src_vaddr: 0x%px, dst_vaddr: 0x%px, iv: 0x%px\n", +- sg_virt(req->src), sg_virt(req->dst), req->info); ++ sg_virt(req->src), sg_virt(req->dst), req->iv); + + info->params->cipher_skip = 0; + info->params->auth_skip = 0; +@@ -419,19 +419,19 @@ struct nss_crypto_buf *nss_cryptoapi_abl + /* + * Get IV location and memcpy the IV + */ +- iv_size = crypto_ablkcipher_ivsize(cipher); ++ iv_size = crypto_skcipher_ivsize(cipher); + iv_addr = nss_crypto_get_ivaddr(buf); + + switch (ctx->cip_alg) { + case NSS_CRYPTO_CIPHER_AES_CBC: + case NSS_CRYPTO_CIPHER_DES: +- memcpy(iv_addr, req->info, iv_size); ++ memcpy(iv_addr, req->iv, iv_size); + break; + + case NSS_CRYPTO_CIPHER_AES_CTR: + ((uint32_t *)iv_addr)[0] = ctx->ctx_iv[0]; +- ((uint32_t *)iv_addr)[1] = ((uint32_t *)req->info)[0]; +- ((uint32_t *)iv_addr)[2] = ((uint32_t *)req->info)[1]; ++ ((uint32_t *)iv_addr)[1] = ((uint32_t *)req->iv)[0]; ++ ((uint32_t *)iv_addr)[2] = ((uint32_t *)req->iv)[1]; + ((uint32_t *)iv_addr)[3] = ctx->ctx_iv[3]; + break; + +@@ -446,7 +446,7 @@ struct nss_crypto_buf *nss_cryptoapi_abl + /* + * Fill Cipher and Auth len + */ +- cipher_len = req->nbytes; ++ cipher_len = req->cryptlen; + auth_len = 0; + + nss_crypto_set_data(buf, sg_virt(req->src), sg_virt(req->dst), cipher_len); +@@ -463,12 +463,12 @@ struct nss_crypto_buf *nss_cryptoapi_abl + } + + /* +- * nss_cryptoapi_ablkcipher_fallback() +- * Cryptoapi fallback for ablkcipher algorithm. ++ * nss_cryptoapi_skcipher_fallback() ++ * Cryptoapi fallback for skcipher algorithm. + */ +-int nss_cryptoapi_ablkcipher_fallback(struct nss_cryptoapi_ctx *ctx, struct ablkcipher_request *req, int type) ++int nss_cryptoapi_skcipher_fallback(struct nss_cryptoapi_ctx *ctx, struct skcipher_request *req, int type) + { +- struct crypto_ablkcipher *orig_tfm = crypto_ablkcipher_reqtfm(req); ++ struct crypto_skcipher *orig_tfm = crypto_skcipher_reqtfm(req); + int err; + + if (!ctx->sw_tfm) { +@@ -476,16 +476,16 @@ int nss_cryptoapi_ablkcipher_fallback(st + } + + /* Set new fallback tfm to the request */ +- ablkcipher_request_set_tfm(req, __crypto_ablkcipher_cast(ctx->sw_tfm)); ++ skcipher_request_set_tfm(req, __crypto_skcipher_cast(ctx->sw_tfm)); + + ctx->queued++; + + switch (type) { + case NSS_CRYPTOAPI_ENCRYPT: +- err = crypto_ablkcipher_encrypt(req); ++ err = crypto_skcipher_encrypt(req); + break; + case NSS_CRYPTOAPI_DECRYPT: +- err = crypto_ablkcipher_decrypt(req); ++ err = crypto_skcipher_decrypt(req); + break; + default: + err = -EINVAL; +@@ -495,7 +495,7 @@ int nss_cryptoapi_ablkcipher_fallback(st + ctx->completed++; + + /* Set original tfm to the request */ +- ablkcipher_request_set_tfm(req, orig_tfm); ++ skcipher_request_set_tfm(req, orig_tfm); + + return err; + } +@@ -504,13 +504,13 @@ int nss_cryptoapi_ablkcipher_fallback(st + * nss_cryptoapi_ablk_aes_encrypt() + * Crytoapi encrypt for aes(aes-cbc/rfc3686-aes-ctr) algorithms. + */ +-int nss_cryptoapi_ablk_aes_encrypt(struct ablkcipher_request *req) ++int nss_cryptoapi_ablk_aes_encrypt(struct skcipher_request *req) + { + struct nss_crypto_params params = { .req_type = NSS_CRYPTO_REQ_TYPE_ENCRYPT }; +- struct nss_cryptoapi_ablk_info info = {.cb_fn = nss_cryptoapi_ablkcipher_done, ++ struct nss_cryptoapi_ablk_info info = {.cb_fn = nss_cryptoapi_skcipher_done, + .params = ¶ms}; +- struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); +- struct nss_cryptoapi_ctx *ctx = crypto_ablkcipher_ctx(cipher); ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_buf *buf; + +@@ -520,7 +520,7 @@ int nss_cryptoapi_ablk_aes_encrypt(struc + nss_cryptoapi_verify_magic(ctx); + + if (ctx->fallback_req) +- return nss_cryptoapi_ablkcipher_fallback(ctx, req, NSS_CRYPTOAPI_ENCRYPT); ++ return nss_cryptoapi_skcipher_fallback(ctx, req, NSS_CRYPTOAPI_ENCRYPT); + + /* + * Check if previous call to setkey couldn't allocate session with core crypto. +@@ -539,9 +539,9 @@ int nss_cryptoapi_ablk_aes_encrypt(struc + * According to RFC3686, AES-CTR algo need not be padded if the + * plaintext or ciphertext is unaligned to block size boundary. + */ +- if (nss_cryptoapi_check_unalign(req->nbytes, AES_BLOCK_SIZE) && (ctx->cip_alg != NSS_CRYPTO_CIPHER_AES_CTR)) { ++ if (nss_cryptoapi_check_unalign(req->cryptlen, AES_BLOCK_SIZE) && (ctx->cip_alg != NSS_CRYPTO_CIPHER_AES_CTR)) { + nss_cfi_err("Invalid cipher len - Not aligned to algo blocksize\n"); +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); ++ crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); + return -EINVAL; + } + +@@ -571,13 +571,13 @@ int nss_cryptoapi_ablk_aes_encrypt(struc + * nss_cryptoapi_ablk_aes_decrypt() + * Crytoapi decrypt for aes(aes-cbc/rfc3686-aes-ctr) algorithms. + */ +-int nss_cryptoapi_ablk_aes_decrypt(struct ablkcipher_request *req) ++int nss_cryptoapi_ablk_aes_decrypt(struct skcipher_request *req) + { + struct nss_crypto_params params = { .req_type = NSS_CRYPTO_REQ_TYPE_DECRYPT }; +- struct nss_cryptoapi_ablk_info info = {.cb_fn = nss_cryptoapi_ablkcipher_done, ++ struct nss_cryptoapi_ablk_info info = {.cb_fn = nss_cryptoapi_skcipher_done, + .params = ¶ms}; +- struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); +- struct nss_cryptoapi_ctx *ctx = crypto_ablkcipher_ctx(cipher); ++ struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); ++ struct nss_cryptoapi_ctx *ctx = crypto_skcipher_ctx(cipher); + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_buf *buf; + +@@ -587,7 +587,7 @@ int nss_cryptoapi_ablk_aes_decrypt(struc + nss_cryptoapi_verify_magic(ctx); + + if (ctx->fallback_req) +- return nss_cryptoapi_ablkcipher_fallback(ctx, req, NSS_CRYPTOAPI_DECRYPT); ++ return nss_cryptoapi_skcipher_fallback(ctx, req, NSS_CRYPTOAPI_DECRYPT); + + /* + * Check if previous call to setkey couldn't allocate session with core crypto. +@@ -606,9 +606,9 @@ int nss_cryptoapi_ablk_aes_decrypt(struc + * According to RFC3686, AES-CTR algo need not be padded if the + * plaintext or ciphertext is unaligned to block size boundary. + */ +- if (nss_cryptoapi_check_unalign(req->nbytes, AES_BLOCK_SIZE) && (ctx->cip_alg != NSS_CRYPTO_CIPHER_AES_CTR)) { ++ if (nss_cryptoapi_check_unalign(req->cryptlen, AES_BLOCK_SIZE) && (ctx->cip_alg != NSS_CRYPTO_CIPHER_AES_CTR)) { + nss_cfi_err("Invalid cipher len - Not aligned to algo blocksize\n"); +- crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); ++ crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); + return -EINVAL; + } + +@@ -638,9 +638,9 @@ int nss_cryptoapi_ablk_aes_decrypt(struc + * nss_cryptoapi_3des_cbc_setkey() + * Cryptoapi DES3 CBC setkey function. + */ +-int nss_cryptoapi_3des_cbc_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int keylen) ++int nss_cryptoapi_3des_cbc_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int keylen) + { +- struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); ++ struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher); + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip = { .algo = NSS_CRYPTO_CIPHER_DES }; +@@ -693,7 +693,7 @@ int nss_cryptoapi_3des_cbc_setkey(struct + return 0; + + fail: +- crypto_ablkcipher_set_flags(cipher, flag); ++ crypto_skcipher_set_flags(cipher, flag); + return -EINVAL; + } + +@@ -701,7 +701,7 @@ fail: + * nss_cryptoapi_3des_cbc_encrypt() + * Cryptoapi DES3 CBC encrypt function. + */ +-int nss_cryptoapi_3des_cbc_encrypt(struct ablkcipher_request *req) ++int nss_cryptoapi_3des_cbc_encrypt(struct skcipher_request *req) + { + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(req->base.tfm); +@@ -727,14 +727,14 @@ int nss_cryptoapi_3des_cbc_encrypt(struc + return -EINVAL; + } + +- if (nss_cryptoapi_check_unalign(req->nbytes, DES3_EDE_BLOCK_SIZE)) { ++ if (nss_cryptoapi_check_unalign(req->cryptlen, DES3_EDE_BLOCK_SIZE)) { + nss_cfi_err("Invalid cipher len - Not aligned to algo blocksize\n"); +- crypto_ablkcipher_set_flags(crypto_ablkcipher_reqtfm(req), CRYPTO_TFM_RES_BAD_BLOCK_LEN); ++ crypto_skcipher_set_flags(crypto_skcipher_reqtfm(req), CRYPTO_TFM_RES_BAD_BLOCK_LEN); + return -EINVAL; + } + + info.params = ¶ms; +- info.cb_fn = nss_cryptoapi_ablkcipher_done; ++ info.cb_fn = nss_cryptoapi_skcipher_done; + + buf = nss_cryptoapi_ablk_transform(req, &info); + if (!buf) { +@@ -762,7 +762,7 @@ int nss_cryptoapi_3des_cbc_encrypt(struc + * nss_cryptoapi_3des_cbc_decrypt() + * Cryptoapi DES3 CBC decrypt function. + */ +-int nss_cryptoapi_3des_cbc_decrypt(struct ablkcipher_request *req) ++int nss_cryptoapi_3des_cbc_decrypt(struct skcipher_request *req) + { + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(req->base.tfm); +@@ -788,14 +788,14 @@ int nss_cryptoapi_3des_cbc_decrypt(struc + return -EINVAL; + } + +- if (nss_cryptoapi_check_unalign(req->nbytes, DES3_EDE_BLOCK_SIZE)) { ++ if (nss_cryptoapi_check_unalign(req->cryptlen, DES3_EDE_BLOCK_SIZE)) { + nss_cfi_err("Invalid cipher len - Not aligned to algo blocksize\n"); +- crypto_ablkcipher_set_flags(crypto_ablkcipher_reqtfm(req), CRYPTO_TFM_RES_BAD_BLOCK_LEN); ++ crypto_skcipher_set_flags(crypto_skcipher_reqtfm(req), CRYPTO_TFM_RES_BAD_BLOCK_LEN); + return -EINVAL; + } + + info.params = ¶ms; +- info.cb_fn = nss_cryptoapi_ablkcipher_done; ++ info.cb_fn = nss_cryptoapi_skcipher_done; + + buf = nss_cryptoapi_ablk_transform(req, &info); + if (!buf) { +--- a/cryptoapi/v1.1/nss_cryptoapi_debugfs.c ++++ b/cryptoapi/v1.1/nss_cryptoapi_debugfs.c +@@ -55,6 +55,7 @@ + */ + void nss_cryptoapi_debugfs_add_stats(struct dentry *parent, struct nss_cryptoapi_ctx *session_ctx) + { ++ pr_info("add stats"); + debugfs_create_u64("queued", S_IRUGO, parent, &session_ctx->queued); + debugfs_create_u64("completed", S_IRUGO, parent, &session_ctx->completed); + debugfs_create_u64("queue_failed", S_IRUGO, parent, &session_ctx->queue_failed); +--- a/cryptoapi/v1.1/nss_cryptoapi_private.h ++++ b/cryptoapi/v1.1/nss_cryptoapi_private.h +@@ -141,16 +141,16 @@ int nss_cryptoapi_sha256_3des_encrypt(st + int nss_cryptoapi_sha256_3des_decrypt(struct aead_request *req); + + /* ABLKCIPHER */ +-int nss_cryptoapi_ablkcipher_init(struct crypto_tfm *tfm); +-void nss_cryptoapi_ablkcipher_exit(struct crypto_tfm *tfm); +-int nss_cryptoapi_ablk_aes_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int len); +-int nss_cryptoapi_3des_cbc_setkey(struct crypto_ablkcipher *cipher, const u8 *key, unsigned int len); ++int nss_cryptoapi_skcipher_init(struct crypto_skcipher *tfm); ++void nss_cryptoapi_skcipher_exit(struct crypto_skcipher *tfm); ++int nss_cryptoapi_ablk_aes_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int len); ++int nss_cryptoapi_3des_cbc_setkey(struct crypto_skcipher *cipher, const u8 *key, unsigned int len); + +-int nss_cryptoapi_ablk_aes_encrypt(struct ablkcipher_request *req); +-int nss_cryptoapi_ablk_aes_decrypt(struct ablkcipher_request *req); ++int nss_cryptoapi_ablk_aes_encrypt(struct skcipher_request *req); ++int nss_cryptoapi_ablk_aes_decrypt(struct skcipher_request *req); + +-int nss_cryptoapi_3des_cbc_encrypt(struct ablkcipher_request *req); +-int nss_cryptoapi_3des_cbc_decrypt(struct ablkcipher_request *req); ++int nss_cryptoapi_3des_cbc_encrypt(struct skcipher_request *req); ++int nss_cryptoapi_3des_cbc_decrypt(struct skcipher_request *req); + + #endif /* __NSS_CRYPTOAPI_PRIVATE_H */ + diff --git a/package/qca-nss/qca-nss-cfi/patches/0010-cryptoapi-v1.1-fix-SHA1-header-include.patch b/package/qca-nss/qca-nss-cfi/patches/0010-cryptoapi-v1.1-fix-SHA1-header-include.patch new file mode 100644 index 0000000000..6011ada549 --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0010-cryptoapi-v1.1-fix-SHA1-header-include.patch @@ -0,0 +1,286 @@ +--- a/cryptoapi/v1.1/nss_cryptoapi.c ++++ b/cryptoapi/v1.1/nss_cryptoapi.c +@@ -38,7 +38,12 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/cryptoapi/v1.1/nss_cryptoapi_ablk.c ++++ b/cryptoapi/v1.1/nss_cryptoapi_ablk.c +@@ -36,7 +36,12 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +@@ -65,8 +70,8 @@ struct nss_cryptoapi_ablk_info { + int nss_cryptoapi_skcipher_ctx2session(struct crypto_skcipher *sk, uint32_t *sid) + { + struct crypto_tfm *tfm = crypto_skcipher_tfm(sk); +- struct crypto_ablkcipher **actx, *ablk; +- struct ablkcipher_tfm *ablk_tfm; ++ struct crypto_skcipher **actx; ++ struct crypto_tfm *ablk_tfm; + struct nss_cryptoapi_ctx *ctx; + + if (strncmp("nss-", crypto_tfm_alg_driver_name(tfm), 4)) +@@ -82,16 +87,16 @@ int nss_cryptoapi_skcipher_ctx2session(s + * ablkcipher that is created when the skcipher is created. + * Hence we derive the required ablkcipher through ablkcipher_tfm. + */ +- ablk_tfm = crypto_ablkcipher_crt(*actx); ++ ablk_tfm = crypto_skcipher_tfm(*actx); + if (!ablk_tfm) + return -EINVAL; + +- ablk = ablk_tfm->base; ++ /* ablk = ablk_tfm->base; + if (!ablk) +- return -EINVAL; ++ return -EINVAL; */ + + /* Get the nss_cryptoapi context stored in the ablkcipher */ +- ctx = crypto_ablkcipher_ctx(ablk); ++ ctx = crypto_skcipher_ctx(sk); + + nss_cfi_assert(ctx); + nss_cryptoapi_verify_magic(ctx); +@@ -189,7 +194,7 @@ int nss_cryptoapi_ablk_aes_setkey(struct + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + int ret; + +@@ -278,7 +283,7 @@ int nss_cryptoapi_ablk_aes_setkey(struct + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -289,7 +294,7 @@ int nss_cryptoapi_ablk_aes_setkey(struct + return 0; + + fail: +- crypto_skcipher_set_flags(cipher, flag); ++// // crypto_skcipher_set_flags(cipher, flag); + return -EINVAL; + } + +@@ -541,7 +546,7 @@ int nss_cryptoapi_ablk_aes_encrypt(struc + */ + if (nss_cryptoapi_check_unalign(req->cryptlen, AES_BLOCK_SIZE) && (ctx->cip_alg != NSS_CRYPTO_CIPHER_AES_CTR)) { + nss_cfi_err("Invalid cipher len - Not aligned to algo blocksize\n"); +- crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); ++ // crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); + return -EINVAL; + } + +@@ -608,7 +613,6 @@ int nss_cryptoapi_ablk_aes_decrypt(struc + */ + if (nss_cryptoapi_check_unalign(req->cryptlen, AES_BLOCK_SIZE) && (ctx->cip_alg != NSS_CRYPTO_CIPHER_AES_CTR)) { + nss_cfi_err("Invalid cipher len - Not aligned to algo blocksize\n"); +- crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_BLOCK_LEN); + return -EINVAL; + } + +@@ -645,7 +649,7 @@ int nss_cryptoapi_3des_cbc_setkey(struct + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip = { .algo = NSS_CRYPTO_CIPHER_DES }; + struct nss_crypto_key *cip_ptr = &cip; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + + /* +@@ -680,7 +684,7 @@ int nss_cryptoapi_3des_cbc_setkey(struct + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -693,7 +697,7 @@ int nss_cryptoapi_3des_cbc_setkey(struct + return 0; + + fail: +- crypto_skcipher_set_flags(cipher, flag); ++// crypto_skcipher_set_flags(cipher, flag); + return -EINVAL; + } + +@@ -729,7 +733,7 @@ int nss_cryptoapi_3des_cbc_encrypt(struc + + if (nss_cryptoapi_check_unalign(req->cryptlen, DES3_EDE_BLOCK_SIZE)) { + nss_cfi_err("Invalid cipher len - Not aligned to algo blocksize\n"); +- crypto_skcipher_set_flags(crypto_skcipher_reqtfm(req), CRYPTO_TFM_RES_BAD_BLOCK_LEN); ++ // crypto_skcipher_set_flags(crypto_skcipher_reqtfm(req), CRYPTO_TFM_RES_BAD_BLOCK_LEN); + return -EINVAL; + } + +@@ -790,7 +794,7 @@ int nss_cryptoapi_3des_cbc_decrypt(struc + + if (nss_cryptoapi_check_unalign(req->cryptlen, DES3_EDE_BLOCK_SIZE)) { + nss_cfi_err("Invalid cipher len - Not aligned to algo blocksize\n"); +- crypto_skcipher_set_flags(crypto_skcipher_reqtfm(req), CRYPTO_TFM_RES_BAD_BLOCK_LEN); ++ // crypto_skcipher_set_flags(crypto_skcipher_reqtfm(req), CRYPTO_TFM_RES_BAD_BLOCK_LEN); + return -EINVAL; + } + +--- a/cryptoapi/v1.1/nss_cryptoapi_aead.c ++++ b/cryptoapi/v1.1/nss_cryptoapi_aead.c +@@ -38,7 +38,12 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +@@ -216,7 +221,7 @@ int nss_cryptoapi_aead_aes_setkey(struct + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip; + struct nss_crypto_key auth; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + bool ctr_mode = false; + bool cbc_mode = false; +@@ -335,7 +340,7 @@ int nss_cryptoapi_aead_aes_setkey(struct + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -346,7 +351,7 @@ int nss_cryptoapi_aead_aes_setkey(struct + return 0; + + fail: +- crypto_aead_set_flags(aead, flag); ++// crypto_aead_set_flags(aead, flag); + return -EINVAL; + } + +@@ -361,7 +366,7 @@ int nss_cryptoapi_sha1_3des_setkey(struc + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip = { .algo = NSS_CRYPTO_CIPHER_DES }; + struct nss_crypto_key auth = { .algo = NSS_CRYPTO_AUTH_SHA1_HMAC }; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + + /* +@@ -410,7 +415,7 @@ int nss_cryptoapi_sha1_3des_setkey(struc + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -424,7 +429,7 @@ int nss_cryptoapi_sha1_3des_setkey(struc + return 0; + + fail: +- crypto_aead_set_flags(aead, flag); ++// crypto_aead_set_flags(aead, flag); + return -EINVAL; + } + +@@ -439,7 +444,7 @@ int nss_cryptoapi_sha256_3des_setkey(str + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip = { .algo = NSS_CRYPTO_CIPHER_DES }; + struct nss_crypto_key auth = { .algo = NSS_CRYPTO_AUTH_SHA256_HMAC }; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + + /* +@@ -488,7 +493,7 @@ int nss_cryptoapi_sha256_3des_setkey(str + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -502,7 +507,7 @@ int nss_cryptoapi_sha256_3des_setkey(str + return 0; + + fail: +- crypto_aead_set_flags(aead, flag); ++// crypto_aead_set_flags(aead, flag); + return -EINVAL; + } + +@@ -722,7 +727,7 @@ struct nss_crypto_buf *nss_cryptoapi_aea + */ + if ((info->cip_len & (crypto_aead_blocksize(aead) - 1)) && (ctx->cip_alg != NSS_CRYPTO_CIPHER_AES_CTR)) { + nss_cfi_dbg("Invalid cipher len - Not aligned to algo blocksize\n"); +- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_BLOCK_LEN); ++ // crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_BLOCK_LEN); + return NULL; + } + +--- a/cryptoapi/v1.1/nss_cryptoapi_debugfs.c ++++ b/cryptoapi/v1.1/nss_cryptoapi_debugfs.c +@@ -37,7 +37,12 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/ocf/v2.0/nss_cfi_ocf.c ++++ b/ocf/v2.0/nss_cfi_ocf.c +@@ -41,7 +41,12 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + diff --git a/package/qca-nss/qca-nss-cfi/patches/0011-cryptoapi-v1.0-fix-SHA1-header-include.patch b/package/qca-nss/qca-nss-cfi/patches/0011-cryptoapi-v1.0-fix-SHA1-header-include.patch new file mode 100644 index 0000000000..d8e7d0248c --- /dev/null +++ b/package/qca-nss/qca-nss-cfi/patches/0011-cryptoapi-v1.0-fix-SHA1-header-include.patch @@ -0,0 +1,237 @@ +--- a/cryptoapi/v1.0/nss_cryptoapi.c ++++ b/cryptoapi/v1.0/nss_cryptoapi.c +@@ -38,7 +38,12 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/cryptoapi/v1.0/nss_cryptoapi_ablk.c ++++ b/cryptoapi/v1.0/nss_cryptoapi_ablk.c +@@ -37,7 +37,12 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +@@ -175,7 +180,7 @@ int nss_cryptoapi_ablk_aes_setkey(struct + struct nss_cryptoapi_ctx *ctx = crypto_tfm_ctx(tfm); + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + bool ctr_mode = false; + bool cbc_mode = false; +@@ -277,7 +282,7 @@ int nss_cryptoapi_ablk_aes_setkey(struct + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -290,7 +295,7 @@ int nss_cryptoapi_ablk_aes_setkey(struct + return 0; + + fail: +- crypto_ablkcipher_set_flags(cipher, flag); ++// crypto_ablkcipher_set_flags(cipher, flag); + return -EINVAL; + } + +@@ -645,7 +650,7 @@ int nss_cryptoapi_3des_cbc_setkey(struct + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip = { .algo = NSS_CRYPTO_CIPHER_DES }; + struct nss_crypto_key *cip_ptr = &cip; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + + /* +@@ -680,7 +685,7 @@ int nss_cryptoapi_3des_cbc_setkey(struct + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -693,7 +698,7 @@ int nss_cryptoapi_3des_cbc_setkey(struct + return 0; + + fail: +- crypto_ablkcipher_set_flags(cipher, flag); ++// crypto_ablkcipher_set_flags(cipher, flag); + return -EINVAL; + } + +--- a/cryptoapi/v1.0/nss_cryptoapi_aead.c ++++ b/cryptoapi/v1.0/nss_cryptoapi_aead.c +@@ -38,7 +38,12 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +@@ -225,7 +230,7 @@ int nss_cryptoapi_aead_aes_setkey(struct + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip; + struct nss_crypto_key auth; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + bool ctr_mode = false; + bool cbc_mode = false; +@@ -346,7 +351,7 @@ int nss_cryptoapi_aead_aes_setkey(struct + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -363,7 +368,7 @@ int nss_cryptoapi_aead_aes_setkey(struct + return 0; + + fail: +- crypto_aead_set_flags(aead, flag); ++// crypto_aead_set_flags(aead, flag); + return -EINVAL; + } + +@@ -378,7 +383,7 @@ int nss_cryptoapi_sha1_3des_setkey(struc + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip = { .algo = NSS_CRYPTO_CIPHER_DES }; + struct nss_crypto_key auth = { .algo = NSS_CRYPTO_AUTH_SHA1_HMAC }; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + + /* +@@ -427,7 +432,7 @@ int nss_cryptoapi_sha1_3des_setkey(struc + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -446,7 +451,7 @@ int nss_cryptoapi_sha1_3des_setkey(struc + return 0; + + fail: +- crypto_aead_set_flags(aead, flag); ++// crypto_aead_set_flags(aead, flag); + return -EINVAL; + } + +@@ -461,7 +466,7 @@ int nss_cryptoapi_sha256_3des_setkey(str + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key cip = { .algo = NSS_CRYPTO_CIPHER_DES }; + struct nss_crypto_key auth = { .algo = NSS_CRYPTO_AUTH_SHA256_HMAC }; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + + /* +@@ -510,7 +515,7 @@ int nss_cryptoapi_sha256_3des_setkey(str + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -529,7 +534,7 @@ int nss_cryptoapi_sha256_3des_setkey(str + return 0; + + fail: +- crypto_aead_set_flags(aead, flag); ++// crypto_aead_set_flags(aead, flag); + return -EINVAL; + } + +--- a/cryptoapi/v1.0/nss_cryptoapi_ahash.c ++++ b/cryptoapi/v1.0/nss_cryptoapi_ahash.c +@@ -35,7 +35,12 @@ + #include + + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +@@ -151,7 +156,7 @@ int nss_cryptoapi_ahash_setkey(struct cr + struct nss_cryptoapi *sc = &gbl_ctx; + struct nss_crypto_key auth; + struct nss_crypto_key cipher = { .algo = NSS_CRYPTO_CIPHER_AES_CBC }; +- uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; ++// uint32_t flag = CRYPTO_TFM_RES_BAD_KEY_LEN; + nss_crypto_status_t status; + uint32_t algo_keylen; + +@@ -203,7 +208,7 @@ int nss_cryptoapi_ahash_setkey(struct cr + if (status != NSS_CRYPTO_STATUS_OK) { + nss_cfi_err("nss_crypto_session_alloc failed - status: %d\n", status); + ctx->sid = NSS_CRYPTO_MAX_IDXS; +- flag = CRYPTO_TFM_RES_BAD_FLAGS; ++// flag = CRYPTO_TFM_RES_BAD_FLAGS; + goto fail; + } + +@@ -222,7 +227,7 @@ fail: + * fails for a context, a new setkey should occur in a different + * context while the old one gets freed. + */ +- crypto_ahash_set_flags(ahash, flag); ++// crypto_ahash_set_flags(ahash, flag); + return -EINVAL; + } + +--- a/cryptoapi/v1.0/nss_cryptoapi_debugfs.c ++++ b/cryptoapi/v1.0/nss_cryptoapi_debugfs.c +@@ -38,7 +38,12 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include diff --git a/package/qca-nss/qca-nss-crypto/Makefile b/package/qca-nss/qca-nss-crypto/Makefile new file mode 100644 index 0000000000..0c51d5b2b7 --- /dev/null +++ b/package/qca-nss/qca-nss-crypto/Makefile @@ -0,0 +1,77 @@ +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=qca-nss-crypto +PKG_RELEASE:=1 + +PKG_SOURCE_URL:=https://git.codelinaro.org/clo/qsdk/oss/lklm/nss-crypto.git +PKG_SOURCE_PROTO:=git +PKG_SOURCE_VERSION:=3c5a574ce99d7f0b9f892002020f1bf9bfc57a81 +PKG_MIRROR_HASH:=skip +PKG_VERSION:=1 + +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +ifeq ($(CONFIG_TARGET_ipq),y) +subtarget:=$(SUBTARGET) +else +subtarget:=$(CONFIG_TARGET_BOARD) +endif + +# v1.0 is for Akronite +# v2.0 is for Hawkeye/Cypress/Maple +ifneq (, $(findstring $(subtarget), "ipq807x" "ipq807x_64" "ipq60xx" "ipq60xx_64" "ipq50xx" "ipq50xx_64")) +NSS_CRYPTO_DIR:=v2.0 +else +NSS_CRYPTO_DIR:=v1.0 +endif + +define KernelPackage/qca-nss-crypto/Default + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Devices + DEPENDS:=@TARGET_ipq806x||TARGET_ipq_ipq806x||TARGET_ipq_ipq807x||TARGET_ipq_ipq807x_64||TARGET_ipq807x||TARGET_ipq807x_64||TARGET_ipq_ipq50xx||TARGET_ipq_ipq50xx_64||TARGET_ipq_ipq60xx||TARGET_ipq_ipq60xx_64 \ + +@NSS_DRV_CRYPTO_ENABLE +kmod-qca-nss-drv +endef + +define KernelPackage/qca-nss-crypto + $(call KernelPackage/qca-nss-crypto/Default) + TITLE:=Kernel driver for NSS crypto driver + FILES:=$(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/src/qca-nss-crypto.ko \ + $(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/tool/qca-nss-crypto-tool.ko + AUTOLOAD:=$(call AutoLoad,52,qca-nss-crypto) +endef + +define KernelPackage/qca-nss-crypto/Description +This package contains a NSS crypto driver for QCA chipset +endef + +define Build/InstallDev/qca-nss-crypto + $(INSTALL_DIR) $(1)/usr/include/qca-nss-crypto + $(CP) $(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/include/* $(1)/usr/include/qca-nss-crypto +endef + +define Build/InstallDev + $(call Build/InstallDev/qca-nss-crypto,$(1)) +endef + +EXTRA_CFLAGS+= \ + -DCONFIG_NSS_DEBUG_LEVEL=4 \ + -I$(STAGING_DIR)/usr/include/qca-nss-crypto \ + -I$(STAGING_DIR)/usr/include/qca-nss-drv \ + -I$(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/include \ + -I$(PKG_BUILD_DIR)/$(NSS_CRYPTO_DIR)/src + +define Build/Compile + $(KERNEL_MAKE) \ + CC="$(TARGET_CC)" \ + M="$(PKG_BUILD_DIR)" \ + EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ + NSS_CRYPTO_DIR=$(NSS_CRYPTO_DIR) \ + SoC="$(subtarget)" \ + modules +endef + +$(eval $(call KernelPackage,qca-nss-crypto)) diff --git a/package/qca-nss/qca-nss-crypto/patches/0000-kernel-5.4-support.patch b/package/qca-nss/qca-nss-crypto/patches/0000-kernel-5.4-support.patch new file mode 100644 index 0000000000..b9ef6191eb --- /dev/null +++ b/package/qca-nss/qca-nss-crypto/patches/0000-kernel-5.4-support.patch @@ -0,0 +1,42 @@ +--- a/v1.0/tool/nss_crypto_bench.c ++++ b/v1.0/tool/nss_crypto_bench.c +@@ -75,8 +75,8 @@ static DECLARE_WAIT_QUEUE_HEAD(tx_comp); + static DECLARE_WAIT_QUEUE_HEAD(tx_start); + static struct task_struct *tx_thread = NULL; + +-static struct timeval init_time; +-static struct timeval comp_time; ++static struct timespec64 init_time; ++static struct timespec64 comp_time; + static spinlock_t op_lock; + static nss_crypto_handle_t crypto_hdl; + +@@ -782,7 +782,7 @@ static int crypto_bench_tx(void *arg) + crypto_bench_debug("#"); + + /* get start time */ +- do_gettimeofday(&init_time); ++ ktime_get_real_ts64(&init_time); + + /** + * Request submission +@@ -812,8 +812,8 @@ static int crypto_bench_tx(void *arg) + * Calculate time and output the Mbps + */ + +- init_usecs = (init_time.tv_sec * 1000 * 1000) + init_time.tv_usec; +- comp_usecs = (comp_time.tv_sec * 1000 * 1000) + comp_time.tv_usec; ++ init_usecs = (init_time.tv_sec * 1000 * 1000) + (init_time.tv_nsec / NSEC_PER_USEC); ++ comp_usecs = (comp_time.tv_sec * 1000 * 1000) + (comp_time.tv_nsec / NSEC_PER_USEC); + delta_usecs = comp_usecs - init_usecs; + + reqs_completed = param.num_reqs - atomic_read(&tx_reqs); +@@ -870,7 +870,7 @@ static void crypto_bench_done(struct nss + nss_crypto_buf_free(crypto_hdl, buf); + + if (atomic_dec_and_test(&tx_reqs)) { +- do_gettimeofday(&comp_time); ++ ktime_get_real_ts64(&comp_time); + + wake_up_interruptible(&tx_comp); + param.num_loops--; diff --git a/package/qca-nss/qca-nss-crypto/patches/0001-nss-crypto-fix-SHA1-header-include.patch b/package/qca-nss/qca-nss-crypto/patches/0001-nss-crypto-fix-SHA1-header-include.patch new file mode 100644 index 0000000000..c9849a2e8d --- /dev/null +++ b/package/qca-nss/qca-nss-crypto/patches/0001-nss-crypto-fix-SHA1-header-include.patch @@ -0,0 +1,27 @@ +From 0c6c593783f2d64a429ad38523661a915aa462fc Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 13 Mar 2022 13:44:47 +0100 +Subject: [PATCH 1/3] nss-crypto: fix SHA1 header include + +SHA1 header has been merged to the generic SHA one, +and with that the cryptohash.h was dropped. + +So, fix include in kernels 5.8 and newer. + +Signed-off-by: Robert Marko +--- + v2.0/src/nss_crypto_hlos.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/v2.0/src/nss_crypto_hlos.h ++++ b/v2.0/src/nss_crypto_hlos.h +@@ -55,7 +55,9 @@ + #include + #include + #include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0) + #include ++#endif + #include + #include + #include diff --git a/package/qca-nss/qca-nss-crypto/patches/0002-nss-crypto-replace-ioremap_nocache-with-ioremap.patch b/package/qca-nss/qca-nss-crypto/patches/0002-nss-crypto-replace-ioremap_nocache-with-ioremap.patch new file mode 100644 index 0000000000..19454c457b --- /dev/null +++ b/package/qca-nss/qca-nss-crypto/patches/0002-nss-crypto-replace-ioremap_nocache-with-ioremap.patch @@ -0,0 +1,94 @@ +From 8baa8e747247403c6f814ea5dc3e463c70e0415f Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Tue, 8 Jun 2021 22:14:34 +0200 +Subject: [PATCH 2/3] nss-crypto: replace ioremap_nocache() with ioremap + +ioremap_nocache() was dropped in kernel 5.5 as regular +ioremap() was exactly the same. + +So, simply replace all of the ioremap_nocache() calls +with ioremap(). + +Signed-off-by: Robert Marko +--- + v1.0/src/nss_crypto_dtsi.c | 4 ++-- + v1.0/src/nss_crypto_platform.c | 4 ++-- + v2.0/src/hal/ipq50xx/nss_crypto_ce5.c | 4 ++-- + v2.0/src/hal/ipq60xx/nss_crypto_eip197.c | 2 +- + v2.0/src/hal/ipq807x/nss_crypto_eip197.c | 2 +- + 5 files changed, 8 insertions(+), 8 deletions(-) + +--- a/v1.0/src/nss_crypto_dtsi.c ++++ b/v1.0/src/nss_crypto_dtsi.c +@@ -311,11 +311,11 @@ static int nss_crypto_probe(struct platf + e_ctrl->dev = &pdev->dev; + + e_ctrl->cmd_base = crypto_res.start; +- e_ctrl->crypto_base = ioremap_nocache(e_ctrl->cmd_base, resource_size(&crypto_res)); ++ e_ctrl->crypto_base = ioremap(e_ctrl->cmd_base, resource_size(&crypto_res)); + nss_crypto_assert(e_ctrl->crypto_base); + + e_ctrl->bam_pbase = bam_res.start; +- e_ctrl->bam_base = ioremap_nocache(e_ctrl->bam_pbase, resource_size(&bam_res)); ++ e_ctrl->bam_base = ioremap(e_ctrl->bam_pbase, resource_size(&bam_res)); + nss_crypto_assert(e_ctrl->bam_base); + + e_ctrl->bam_ee = bam_ee; +--- a/v1.0/src/nss_crypto_platform.c ++++ b/v1.0/src/nss_crypto_platform.c +@@ -134,11 +134,11 @@ static int nss_crypto_probe(struct platf + e_ctrl->bam_ee = res->bam_ee; + + e_ctrl->cmd_base = res->crypto_pbase; +- e_ctrl->crypto_base = ioremap_nocache(res->crypto_pbase, res->crypto_pbase_sz); ++ e_ctrl->crypto_base = ioremap(res->crypto_pbase, res->crypto_pbase_sz); + nss_crypto_assert(e_ctrl->crypto_base); + + e_ctrl->bam_pbase = res->bam_pbase; +- e_ctrl->bam_base = ioremap_nocache(res->bam_pbase, res->bam_pbase_sz); ++ e_ctrl->bam_base = ioremap(res->bam_pbase, res->bam_pbase_sz); + nss_crypto_assert(e_ctrl->bam_base); + + /* +--- a/v2.0/src/hal/ipq50xx/nss_crypto_ce5.c ++++ b/v2.0/src/hal/ipq50xx/nss_crypto_ce5.c +@@ -288,7 +288,7 @@ int nss_crypto_ce5_engine_init(struct pl + * remap the I/O addresses for crypto + */ + eng->crypto_paddr = crypto_res->start; +- eng->crypto_vaddr = ioremap_nocache(crypto_res->start, resource_size(crypto_res)); ++ eng->crypto_vaddr = ioremap(crypto_res->start, resource_size(crypto_res)); + if (!eng->crypto_vaddr) { + nss_crypto_warn("%px: unable to remap crypto_addr(0x%px)\n", node, (void *)eng->crypto_paddr); + nss_crypto_engine_free(eng); +@@ -299,7 +299,7 @@ int nss_crypto_ce5_engine_init(struct pl + * remap the I/O addresses for bam + */ + eng->dma_paddr = bam_res->start; +- eng->dma_vaddr = ioremap_nocache(bam_res->start, resource_size(bam_res)); ++ eng->dma_vaddr = ioremap(bam_res->start, resource_size(bam_res)); + if (!eng->dma_vaddr) { + iounmap(eng->crypto_vaddr); + nss_crypto_warn("%px: unable to remap dma_addr(0x%px)\n", node, (void *)eng->dma_paddr); +--- a/v2.0/src/hal/ipq60xx/nss_crypto_eip197.c ++++ b/v2.0/src/hal/ipq60xx/nss_crypto_eip197.c +@@ -490,7 +490,7 @@ int nss_crypto_eip197_engine_init(struct + * remap the I/O addresses + */ + paddr = res->start + offset; +- vaddr = ioremap_nocache(paddr, resource_size(res)); ++ vaddr = ioremap(paddr, resource_size(res)); + if (!vaddr) { + nss_crypto_warn("%px: unable to remap crypto_addr(0x%px)\n", node, (void *)paddr); + return -EIO; +--- a/v2.0/src/hal/ipq807x/nss_crypto_eip197.c ++++ b/v2.0/src/hal/ipq807x/nss_crypto_eip197.c +@@ -490,7 +490,7 @@ int nss_crypto_eip197_engine_init(struct + * remap the I/O addresses + */ + paddr = res->start + offset; +- vaddr = ioremap_nocache(paddr, resource_size(res)); ++ vaddr = ioremap(paddr, resource_size(res)); + if (!vaddr) { + nss_crypto_warn("%px: unable to remap crypto_addr(0x%px)\n", node, (void *)paddr); + return -EIO; diff --git a/package/qca-nss/qca-nss-crypto/patches/0003-nss-crypto-fix-SHA-header-include-in-5.15.patch b/package/qca-nss/qca-nss-crypto/patches/0003-nss-crypto-fix-SHA-header-include-in-5.15.patch new file mode 100644 index 0000000000..61df791fdd --- /dev/null +++ b/package/qca-nss/qca-nss-crypto/patches/0003-nss-crypto-fix-SHA-header-include-in-5.15.patch @@ -0,0 +1,44 @@ +From 96da3ca01ac172e5d858209b3d3d9aefad04423c Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 13 Mar 2022 13:47:24 +0100 +Subject: [PATCH 3/3] nss-crypto: fix SHA header include in 5.15 + +SHA header was split into SHA-1 and SHA-2 headers in kernel 5.11, so +fix the include for newer kernels. + +Signed-off-by: Robert Marko +--- + v2.0/src/nss_crypto_ctrl.c | 6 ++++++ + v2.0/src/nss_crypto_hlos.h | 4 ++++ + 2 files changed, 10 insertions(+) + +--- a/v2.0/src/nss_crypto_ctrl.c ++++ b/v2.0/src/nss_crypto_ctrl.c +@@ -38,7 +38,13 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#include ++#endif + #include + #include + #include +--- a/v2.0/src/nss_crypto_hlos.h ++++ b/v2.0/src/nss_crypto_hlos.h +@@ -58,7 +58,11 @@ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0) + #include + #endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) + #include ++#else ++#include ++#endif + #include + #include + #include diff --git a/package/qca-nss/qca-nss-crypto/patches/0004-fix-conversion.patch b/package/qca-nss/qca-nss-crypto/patches/0004-fix-conversion.patch new file mode 100644 index 0000000000..f26c29d8fc --- /dev/null +++ b/package/qca-nss/qca-nss-crypto/patches/0004-fix-conversion.patch @@ -0,0 +1,11 @@ +--- a/v1.0/src/nss_crypto_ctrl.c ++++ b/v1.0/src/nss_crypto_ctrl.c +@@ -1223,7 +1223,7 @@ enum nss_crypto_max_ivlen nss_crypto_get + + idx = &ctrl->idx_info[session_idx]; + if (nss_crypto_chk_idx_isfree(idx)) +- return NSS_CRYPTO_MAX_BLKLEN_NULL; ++ return NSS_CRYPTO_MAX_IVLEN_NULL; + + return idx->iv_len; + } diff --git a/package/qca-nss/qca-nss-drv/Config.in b/package/qca-nss/qca-nss-drv/Config.in index d3858f2766..537962407b 100644 --- a/package/qca-nss/qca-nss-drv/Config.in +++ b/package/qca-nss/qca-nss-drv/Config.in @@ -19,10 +19,10 @@ comment "Build Options" # bool # default n # prompt "Enable CLMAP" -#config NSS_DRV_CRYPTO_ENABLE -# bool -# default n -# prompt "Enable CRYPTO" +config NSS_DRV_CRYPTO_ENABLE + bool + default n + prompt "Enable CRYPTO" #config NSS_DRV_DTLS_ENABLE # bool # default n