diff options
author | Gilad Ben-Yossef | 2017-04-23 11:26:14 +0200 |
---|---|---|
committer | Greg Kroah-Hartman | 2017-04-28 12:17:54 +0200 |
commit | 1660998033e1f180768b58b0f037da9292d1adda (patch) | |
tree | cd6030cc9f4fef51b5e747954a970f0ac263ab67 /drivers/staging/ccree/ssi_hash.c | |
parent | staging: ccree: add AEAD support (diff) | |
download | kernel-qcow2-linux-1660998033e1f180768b58b0f037da9292d1adda.tar.gz kernel-qcow2-linux-1660998033e1f180768b58b0f037da9292d1adda.tar.xz kernel-qcow2-linux-1660998033e1f180768b58b0f037da9292d1adda.zip |
staging: ccree: add FIPS support
Add FIPS mode support to CryptoCell driver
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging/ccree/ssi_hash.c')
-rw-r--r-- | drivers/staging/ccree/ssi_hash.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c index d0e89d2f8be2..ab191de39fb2 100644 --- a/drivers/staging/ccree/ssi_hash.c +++ b/drivers/staging/ccree/ssi_hash.c @@ -30,6 +30,7 @@ #include "ssi_sysfs.h" #include "ssi_hash.h" #include "ssi_sram_mgr.h" +#include "ssi_fips_local.h" #define SSI_MAX_AHASH_SEQ_LEN 12 #define SSI_MAX_HASH_OPAD_TMP_KEYS_SIZE MAX(SSI_MAX_HASH_BLCK_SIZE, 3 * AES_BLOCK_SIZE) @@ -467,6 +468,8 @@ static int ssi_hash_digest(struct ahash_req_ctx *state, SSI_LOG_DEBUG("===== %s-digest (%d) ====\n", is_hmac?"hmac":"hash", nbytes); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); + if (unlikely(ssi_hash_map_request(dev, state, ctx) != 0)) { SSI_LOG_ERR("map_ahash_source() failed\n"); return -ENOMEM; @@ -623,6 +626,7 @@ static int ssi_hash_update(struct ahash_req_ctx *state, SSI_LOG_DEBUG("===== %s-update (%d) ====\n", ctx->is_hmac ? "hmac":"hash", nbytes); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); if (nbytes == 0) { /* no real updates required */ return 0; @@ -719,6 +723,8 @@ static int ssi_hash_finup(struct ahash_req_ctx *state, SSI_LOG_DEBUG("===== %s-finup (%d) ====\n", is_hmac?"hmac":"hash", nbytes); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); + if (unlikely(ssi_buffer_mgr_map_hash_request_final(ctx->drvdata, state, src , nbytes, 1) != 0)) { SSI_LOG_ERR("map_ahash_request_final() failed\n"); return -ENOMEM; @@ -848,6 +854,8 @@ static int ssi_hash_final(struct ahash_req_ctx *state, SSI_LOG_DEBUG("===== %s-final (%d) ====\n", is_hmac?"hmac":"hash", nbytes); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); + if (unlikely(ssi_buffer_mgr_map_hash_request_final(ctx->drvdata, state, src, nbytes, 0) != 0)) { SSI_LOG_ERR("map_ahash_request_final() failed\n"); return -ENOMEM; @@ -975,6 +983,7 @@ static int ssi_hash_init(struct ahash_req_ctx *state, struct ssi_hash_ctx *ctx) struct device *dev = &ctx->drvdata->plat_dev->dev; state->xcbc_count = 0; + CHECK_AND_RETURN_UPON_FIPS_ERROR(); ssi_hash_map_request(dev, state, ctx); return 0; @@ -983,12 +992,14 @@ static int ssi_hash_init(struct ahash_req_ctx *state, struct ssi_hash_ctx *ctx) #ifdef EXPORT_FIXED static int ssi_hash_export(struct ssi_hash_ctx *ctx, void *out) { + CHECK_AND_RETURN_UPON_FIPS_ERROR(); memcpy(out, ctx, sizeof(struct ssi_hash_ctx)); return 0; } static int ssi_hash_import(struct ssi_hash_ctx *ctx, const void *in) { + CHECK_AND_RETURN_UPON_FIPS_ERROR(); memcpy(ctx, in, sizeof(struct ssi_hash_ctx)); return 0; } @@ -1010,6 +1021,7 @@ static int ssi_hash_setkey(void *hash, SSI_LOG_DEBUG("ssi_hash_setkey: start keylen: %d", keylen); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); if (synchronize) { ctx = crypto_shash_ctx(((struct crypto_shash *)hash)); blocksize = crypto_tfm_alg_blocksize(&((struct crypto_shash *)hash)->base); @@ -1218,6 +1230,7 @@ static int ssi_xcbc_setkey(struct crypto_ahash *ahash, HwDesc_s desc[SSI_MAX_AHASH_SEQ_LEN]; SSI_LOG_DEBUG("===== setkey (%d) ====\n", keylen); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); switch (keylen) { case AES_KEYSIZE_128: @@ -1303,6 +1316,7 @@ static int ssi_cmac_setkey(struct crypto_ahash *ahash, struct ssi_hash_ctx *ctx = crypto_ahash_ctx(ahash); DECL_CYCLE_COUNT_RESOURCES; SSI_LOG_DEBUG("===== setkey (%d) ====\n", keylen); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); ctx->is_hmac = true; @@ -1418,6 +1432,7 @@ static int ssi_shash_cra_init(struct crypto_tfm *tfm) struct ssi_hash_alg *ssi_alg = container_of(shash_alg, struct ssi_hash_alg, shash_alg); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); ctx->hash_mode = ssi_alg->hash_mode; ctx->hw_mode = ssi_alg->hw_mode; ctx->inter_digestsize = ssi_alg->inter_digestsize; @@ -1437,6 +1452,7 @@ static int ssi_ahash_cra_init(struct crypto_tfm *tfm) container_of(ahash_alg, struct ssi_hash_alg, ahash_alg); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), sizeof(struct ahash_req_ctx)); @@ -1468,6 +1484,7 @@ static int ssi_mac_update(struct ahash_request *req) int rc; uint32_t idx = 0; + CHECK_AND_RETURN_UPON_FIPS_ERROR(); if (req->nbytes == 0) { /* no real updates required */ return 0; @@ -1535,6 +1552,7 @@ static int ssi_mac_final(struct ahash_request *req) state->buff0_cnt; + CHECK_AND_RETURN_UPON_FIPS_ERROR(); if (ctx->hw_mode == DRV_CIPHER_XCBC_MAC) { keySize = CC_AES_128_BIT_KEY_SIZE; keyLen = CC_AES_128_BIT_KEY_SIZE; @@ -1645,7 +1663,7 @@ static int ssi_mac_finup(struct ahash_request *req) uint32_t digestsize = crypto_ahash_digestsize(tfm); SSI_LOG_DEBUG("===== finup xcbc(%d) ====\n", req->nbytes); - + CHECK_AND_RETURN_UPON_FIPS_ERROR(); if (state->xcbc_count > 0 && req->nbytes == 0) { SSI_LOG_DEBUG("No data to update. Call to fdx_mac_final \n"); return ssi_mac_final(req); @@ -1718,6 +1736,7 @@ static int ssi_mac_digest(struct ahash_request *req) int rc; SSI_LOG_DEBUG("===== -digest mac (%d) ====\n", req->nbytes); + CHECK_AND_RETURN_UPON_FIPS_ERROR(); if (unlikely(ssi_hash_map_request(dev, state, ctx) != 0)) { SSI_LOG_ERR("map_ahash_source() failed\n"); |