Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: hisilicon/hpre - Remove unused curve25519 kpp support

Curve25519 is used only via the library API, not the crypto_kpp API. In
preparation for removing the unused crypto_kpp API for Curve25519,
remove the unused "hpre-curve25519" kpp algorithm.

Cc: Longfang Liu <liulongfang@huawei.com>
Cc: Zhiqi Song <songzhiqi1@huawei.com>
Link: https://lore.kernel.org/r/20250906213523.84915-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

+4 -400
-1
drivers/crypto/hisilicon/Kconfig
··· 69 69 select CRYPTO_DEV_HISI_QM 70 70 select CRYPTO_DH 71 71 select CRYPTO_RSA 72 - select CRYPTO_CURVE25519 73 72 select CRYPTO_ECDH 74 73 help 75 74 Support for HiSilicon HPRE(High Performance RSA Engine)
+4 -399
drivers/crypto/hisilicon/hpre/hpre_crypto.c
··· 1 1 // SPDX-License-Identifier: GPL-2.0 2 2 /* Copyright (c) 2019 HiSilicon Limited. */ 3 3 #include <crypto/akcipher.h> 4 - #include <crypto/curve25519.h> 5 4 #include <crypto/dh.h> 6 5 #include <crypto/ecc_curve.h> 7 6 #include <crypto/ecdh.h> ··· 105 106 dma_addr_t dma_g; 106 107 }; 107 108 108 - struct hpre_curve25519_ctx { 109 - /* low address: p->a->k */ 110 - unsigned char *p; 111 - dma_addr_t dma_p; 112 - 113 - /* gx coordinate */ 114 - unsigned char *g; 115 - dma_addr_t dma_g; 116 - }; 117 - 118 109 struct hpre_ctx { 119 110 struct hisi_qp *qp; 120 111 struct device *dev; ··· 118 129 struct hpre_rsa_ctx rsa; 119 130 struct hpre_dh_ctx dh; 120 131 struct hpre_ecdh_ctx ecdh; 121 - struct hpre_curve25519_ctx curve25519; 122 132 }; 123 133 /* for ecc algorithms */ 124 134 unsigned int curve_id; ··· 134 146 struct akcipher_request *rsa; 135 147 struct kpp_request *dh; 136 148 struct kpp_request *ecdh; 137 - struct kpp_request *curve25519; 138 149 } areq; 139 150 int err; 140 151 int req_id; ··· 1201 1214 } 1202 1215 } 1203 1216 1204 - static void hpre_ecc_clear_ctx(struct hpre_ctx *ctx, bool is_clear_all, 1205 - bool is_ecdh) 1217 + static void hpre_ecc_clear_ctx(struct hpre_ctx *ctx, bool is_clear_all) 1206 1218 { 1207 1219 struct device *dev = ctx->dev; 1208 1220 unsigned int sz = ctx->key_sz; ··· 1210 1224 if (is_clear_all) 1211 1225 hisi_qm_stop_qp(ctx->qp); 1212 1226 1213 - if (is_ecdh && ctx->ecdh.p) { 1227 + if (ctx->ecdh.p) { 1214 1228 /* ecdh: p->a->k->b */ 1215 1229 memzero_explicit(ctx->ecdh.p + shift, sz); 1216 1230 dma_free_coherent(dev, sz << 3, ctx->ecdh.p, ctx->ecdh.dma_p); 1217 1231 ctx->ecdh.p = NULL; 1218 - } else if (!is_ecdh && ctx->curve25519.p) { 1219 - /* curve25519: p->a->k */ 1220 - memzero_explicit(ctx->curve25519.p + shift, sz); 1221 - dma_free_coherent(dev, sz << 2, ctx->curve25519.p, 1222 - ctx->curve25519.dma_p); 1223 - ctx->curve25519.p = NULL; 1224 1232 } 1225 1233 1226 1234 hpre_ctx_clear(ctx, is_clear_all); ··· 1412 1432 return -EINVAL; 1413 1433 } 1414 1434 1415 - hpre_ecc_clear_ctx(ctx, false, true); 1435 + hpre_ecc_clear_ctx(ctx, false); 1416 1436 1417 1437 ret = hpre_ecdh_set_param(ctx, &params); 1418 1438 if (ret < 0) { ··· 1663 1683 { 1664 1684 struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); 1665 1685 1666 - hpre_ecc_clear_ctx(ctx, true, true); 1667 - } 1668 - 1669 - static void hpre_curve25519_fill_curve(struct hpre_ctx *ctx, const void *buf, 1670 - unsigned int len) 1671 - { 1672 - u8 secret[CURVE25519_KEY_SIZE] = { 0 }; 1673 - unsigned int sz = ctx->key_sz; 1674 - const struct ecc_curve *curve; 1675 - unsigned int shift = sz << 1; 1676 - void *p; 1677 - 1678 - /* 1679 - * The key from 'buf' is in little-endian, we should preprocess it as 1680 - * the description in rfc7748: "k[0] &= 248, k[31] &= 127, k[31] |= 64", 1681 - * then convert it to big endian. Only in this way, the result can be 1682 - * the same as the software curve-25519 that exists in crypto. 1683 - */ 1684 - memcpy(secret, buf, len); 1685 - curve25519_clamp_secret(secret); 1686 - hpre_key_to_big_end(secret, CURVE25519_KEY_SIZE); 1687 - 1688 - p = ctx->curve25519.p + sz - len; 1689 - 1690 - curve = ecc_get_curve25519(); 1691 - 1692 - /* fill curve parameters */ 1693 - fill_curve_param(p, curve->p, len, curve->g.ndigits); 1694 - fill_curve_param(p + sz, curve->a, len, curve->g.ndigits); 1695 - memcpy(p + shift, secret, len); 1696 - fill_curve_param(p + shift + sz, curve->g.x, len, curve->g.ndigits); 1697 - memzero_explicit(secret, CURVE25519_KEY_SIZE); 1698 - } 1699 - 1700 - static int hpre_curve25519_set_param(struct hpre_ctx *ctx, const void *buf, 1701 - unsigned int len) 1702 - { 1703 - struct device *dev = ctx->dev; 1704 - unsigned int sz = ctx->key_sz; 1705 - unsigned int shift = sz << 1; 1706 - 1707 - /* p->a->k->gx */ 1708 - if (!ctx->curve25519.p) { 1709 - ctx->curve25519.p = dma_alloc_coherent(dev, sz << 2, 1710 - &ctx->curve25519.dma_p, 1711 - GFP_KERNEL); 1712 - if (!ctx->curve25519.p) 1713 - return -ENOMEM; 1714 - } 1715 - 1716 - ctx->curve25519.g = ctx->curve25519.p + shift + sz; 1717 - ctx->curve25519.dma_g = ctx->curve25519.dma_p + shift + sz; 1718 - 1719 - hpre_curve25519_fill_curve(ctx, buf, len); 1720 - 1721 - return 0; 1722 - } 1723 - 1724 - static int hpre_curve25519_set_secret(struct crypto_kpp *tfm, const void *buf, 1725 - unsigned int len) 1726 - { 1727 - struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); 1728 - struct device *dev = ctx->dev; 1729 - int ret = -EINVAL; 1730 - 1731 - if (len != CURVE25519_KEY_SIZE || 1732 - !crypto_memneq(buf, curve25519_null_point, CURVE25519_KEY_SIZE)) { 1733 - dev_err(dev, "key is null or key len is not 32bytes!\n"); 1734 - return ret; 1735 - } 1736 - 1737 - /* Free old secret if any */ 1738 - hpre_ecc_clear_ctx(ctx, false, false); 1739 - 1740 - ctx->key_sz = CURVE25519_KEY_SIZE; 1741 - ret = hpre_curve25519_set_param(ctx, buf, CURVE25519_KEY_SIZE); 1742 - if (ret) { 1743 - dev_err(dev, "failed to set curve25519 param, ret = %d!\n", ret); 1744 - hpre_ecc_clear_ctx(ctx, false, false); 1745 - return ret; 1746 - } 1747 - 1748 - return 0; 1749 - } 1750 - 1751 - static void hpre_curve25519_hw_data_clr_all(struct hpre_ctx *ctx, 1752 - struct hpre_asym_request *req, 1753 - struct scatterlist *dst, 1754 - struct scatterlist *src) 1755 - { 1756 - struct device *dev = ctx->dev; 1757 - struct hpre_sqe *sqe = &req->req; 1758 - dma_addr_t dma; 1759 - 1760 - dma = le64_to_cpu(sqe->in); 1761 - if (unlikely(dma_mapping_error(dev, dma))) 1762 - return; 1763 - 1764 - if (src && req->src) 1765 - dma_free_coherent(dev, ctx->key_sz, req->src, dma); 1766 - 1767 - dma = le64_to_cpu(sqe->out); 1768 - if (unlikely(dma_mapping_error(dev, dma))) 1769 - return; 1770 - 1771 - if (req->dst) 1772 - dma_free_coherent(dev, ctx->key_sz, req->dst, dma); 1773 - if (dst) 1774 - dma_unmap_single(dev, dma, ctx->key_sz, DMA_FROM_DEVICE); 1775 - } 1776 - 1777 - static void hpre_curve25519_cb(struct hpre_ctx *ctx, void *resp) 1778 - { 1779 - struct hpre_dfx *dfx = ctx->hpre->debug.dfx; 1780 - struct hpre_asym_request *req = NULL; 1781 - struct kpp_request *areq; 1782 - u64 overtime_thrhld; 1783 - int ret; 1784 - 1785 - ret = hpre_alg_res_post_hf(ctx, resp, (void **)&req); 1786 - areq = req->areq.curve25519; 1787 - areq->dst_len = ctx->key_sz; 1788 - 1789 - overtime_thrhld = atomic64_read(&dfx[HPRE_OVERTIME_THRHLD].value); 1790 - if (overtime_thrhld && hpre_is_bd_timeout(req, overtime_thrhld)) 1791 - atomic64_inc(&dfx[HPRE_OVER_THRHLD_CNT].value); 1792 - 1793 - /* Do unmap before data processing */ 1794 - hpre_curve25519_hw_data_clr_all(ctx, req, areq->dst, areq->src); 1795 - 1796 - hpre_key_to_big_end(sg_virt(areq->dst), CURVE25519_KEY_SIZE); 1797 - 1798 - kpp_request_complete(areq, ret); 1799 - 1800 - atomic64_inc(&dfx[HPRE_RECV_CNT].value); 1801 - } 1802 - 1803 - static int hpre_curve25519_msg_request_set(struct hpre_ctx *ctx, 1804 - struct kpp_request *req) 1805 - { 1806 - struct hpre_asym_request *h_req; 1807 - struct hpre_sqe *msg; 1808 - int req_id; 1809 - void *tmp; 1810 - 1811 - if (unlikely(req->dst_len < ctx->key_sz)) { 1812 - req->dst_len = ctx->key_sz; 1813 - return -EINVAL; 1814 - } 1815 - 1816 - tmp = kpp_request_ctx(req); 1817 - h_req = PTR_ALIGN(tmp, hpre_align_sz()); 1818 - h_req->cb = hpre_curve25519_cb; 1819 - h_req->areq.curve25519 = req; 1820 - msg = &h_req->req; 1821 - memset(msg, 0, sizeof(*msg)); 1822 - msg->in = cpu_to_le64(DMA_MAPPING_ERROR); 1823 - msg->out = cpu_to_le64(DMA_MAPPING_ERROR); 1824 - msg->key = cpu_to_le64(ctx->curve25519.dma_p); 1825 - 1826 - msg->dw0 |= cpu_to_le32(0x1U << HPRE_SQE_DONE_SHIFT); 1827 - msg->task_len1 = (ctx->key_sz >> HPRE_BITS_2_BYTES_SHIFT) - 1; 1828 - h_req->ctx = ctx; 1829 - 1830 - req_id = hpre_add_req_to_ctx(h_req); 1831 - if (req_id < 0) 1832 - return -EBUSY; 1833 - 1834 - msg->tag = cpu_to_le16((u16)req_id); 1835 - return 0; 1836 - } 1837 - 1838 - static void hpre_curve25519_src_modulo_p(u8 *ptr) 1839 - { 1840 - int i; 1841 - 1842 - for (i = 0; i < CURVE25519_KEY_SIZE - 1; i++) 1843 - ptr[i] = 0; 1844 - 1845 - /* The modulus is ptr's last byte minus '0xed'(last byte of p) */ 1846 - ptr[i] -= 0xed; 1847 - } 1848 - 1849 - static int hpre_curve25519_src_init(struct hpre_asym_request *hpre_req, 1850 - struct scatterlist *data, unsigned int len) 1851 - { 1852 - struct hpre_sqe *msg = &hpre_req->req; 1853 - struct hpre_ctx *ctx = hpre_req->ctx; 1854 - struct device *dev = ctx->dev; 1855 - u8 p[CURVE25519_KEY_SIZE] = { 0 }; 1856 - const struct ecc_curve *curve; 1857 - dma_addr_t dma = 0; 1858 - u8 *ptr; 1859 - 1860 - if (len != CURVE25519_KEY_SIZE) { 1861 - dev_err(dev, "sourc_data len is not 32bytes, len = %u!\n", len); 1862 - return -EINVAL; 1863 - } 1864 - 1865 - ptr = dma_alloc_coherent(dev, ctx->key_sz, &dma, GFP_KERNEL); 1866 - if (unlikely(!ptr)) 1867 - return -ENOMEM; 1868 - 1869 - scatterwalk_map_and_copy(ptr, data, 0, len, 0); 1870 - 1871 - if (!crypto_memneq(ptr, curve25519_null_point, CURVE25519_KEY_SIZE)) { 1872 - dev_err(dev, "gx is null!\n"); 1873 - goto err; 1874 - } 1875 - 1876 - /* 1877 - * Src_data(gx) is in little-endian order, MSB in the final byte should 1878 - * be masked as described in RFC7748, then transform it to big-endian 1879 - * form, then hisi_hpre can use the data. 1880 - */ 1881 - ptr[31] &= 0x7f; 1882 - hpre_key_to_big_end(ptr, CURVE25519_KEY_SIZE); 1883 - 1884 - curve = ecc_get_curve25519(); 1885 - 1886 - fill_curve_param(p, curve->p, CURVE25519_KEY_SIZE, curve->g.ndigits); 1887 - 1888 - /* 1889 - * When src_data equals (2^255 - 19) ~ (2^255 - 1), it is out of p, 1890 - * we get its modulus to p, and then use it. 1891 - */ 1892 - if (memcmp(ptr, p, ctx->key_sz) == 0) { 1893 - dev_err(dev, "gx is p!\n"); 1894 - goto err; 1895 - } else if (memcmp(ptr, p, ctx->key_sz) > 0) { 1896 - hpre_curve25519_src_modulo_p(ptr); 1897 - } 1898 - 1899 - hpre_req->src = ptr; 1900 - msg->in = cpu_to_le64(dma); 1901 - return 0; 1902 - 1903 - err: 1904 - dma_free_coherent(dev, ctx->key_sz, ptr, dma); 1905 - return -EINVAL; 1906 - } 1907 - 1908 - static int hpre_curve25519_dst_init(struct hpre_asym_request *hpre_req, 1909 - struct scatterlist *data, unsigned int len) 1910 - { 1911 - struct hpre_sqe *msg = &hpre_req->req; 1912 - struct hpre_ctx *ctx = hpre_req->ctx; 1913 - struct device *dev = ctx->dev; 1914 - dma_addr_t dma; 1915 - 1916 - if (!data || !sg_is_last(data) || len != ctx->key_sz) { 1917 - dev_err(dev, "data or data length is illegal!\n"); 1918 - return -EINVAL; 1919 - } 1920 - 1921 - hpre_req->dst = NULL; 1922 - dma = dma_map_single(dev, sg_virt(data), len, DMA_FROM_DEVICE); 1923 - if (unlikely(dma_mapping_error(dev, dma))) { 1924 - dev_err(dev, "dma map data err!\n"); 1925 - return -ENOMEM; 1926 - } 1927 - 1928 - msg->out = cpu_to_le64(dma); 1929 - return 0; 1930 - } 1931 - 1932 - static int hpre_curve25519_compute_value(struct kpp_request *req) 1933 - { 1934 - struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 1935 - struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); 1936 - struct device *dev = ctx->dev; 1937 - void *tmp = kpp_request_ctx(req); 1938 - struct hpre_asym_request *hpre_req = PTR_ALIGN(tmp, hpre_align_sz()); 1939 - struct hpre_sqe *msg = &hpre_req->req; 1940 - int ret; 1941 - 1942 - ret = hpre_curve25519_msg_request_set(ctx, req); 1943 - if (unlikely(ret)) { 1944 - dev_err(dev, "failed to set curve25519 request, ret = %d!\n", ret); 1945 - return ret; 1946 - } 1947 - 1948 - if (req->src) { 1949 - ret = hpre_curve25519_src_init(hpre_req, req->src, req->src_len); 1950 - if (unlikely(ret)) { 1951 - dev_err(dev, "failed to init src data, ret = %d!\n", 1952 - ret); 1953 - goto clear_all; 1954 - } 1955 - } else { 1956 - msg->in = cpu_to_le64(ctx->curve25519.dma_g); 1957 - } 1958 - 1959 - ret = hpre_curve25519_dst_init(hpre_req, req->dst, req->dst_len); 1960 - if (unlikely(ret)) { 1961 - dev_err(dev, "failed to init dst data, ret = %d!\n", ret); 1962 - goto clear_all; 1963 - } 1964 - 1965 - msg->dw0 = cpu_to_le32(le32_to_cpu(msg->dw0) | HPRE_ALG_CURVE25519_MUL); 1966 - ret = hpre_send(ctx, msg); 1967 - if (likely(!ret)) 1968 - return -EINPROGRESS; 1969 - 1970 - clear_all: 1971 - hpre_rm_req_from_ctx(hpre_req); 1972 - hpre_curve25519_hw_data_clr_all(ctx, hpre_req, req->dst, req->src); 1973 - return ret; 1974 - } 1975 - 1976 - static unsigned int hpre_curve25519_max_size(struct crypto_kpp *tfm) 1977 - { 1978 - struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); 1979 - 1980 - return ctx->key_sz; 1981 - } 1982 - 1983 - static int hpre_curve25519_init_tfm(struct crypto_kpp *tfm) 1984 - { 1985 - struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); 1986 - 1987 - kpp_set_reqsize(tfm, sizeof(struct hpre_asym_request) + hpre_align_pd()); 1988 - 1989 - return hpre_ctx_init(ctx, HPRE_V3_ECC_ALG_TYPE); 1990 - } 1991 - 1992 - static void hpre_curve25519_exit_tfm(struct crypto_kpp *tfm) 1993 - { 1994 - struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); 1995 - 1996 - hpre_ecc_clear_ctx(ctx, true, false); 1686 + hpre_ecc_clear_ctx(ctx, true); 1997 1687 } 1998 1688 1999 1689 static struct akcipher_alg rsa = { ··· 1743 2093 .cra_module = THIS_MODULE, 1744 2094 }, 1745 2095 } 1746 - }; 1747 - 1748 - static struct kpp_alg curve25519_alg = { 1749 - .set_secret = hpre_curve25519_set_secret, 1750 - .generate_public_key = hpre_curve25519_compute_value, 1751 - .compute_shared_secret = hpre_curve25519_compute_value, 1752 - .max_size = hpre_curve25519_max_size, 1753 - .init = hpre_curve25519_init_tfm, 1754 - .exit = hpre_curve25519_exit_tfm, 1755 - .base = { 1756 - .cra_ctxsize = sizeof(struct hpre_ctx), 1757 - .cra_priority = HPRE_CRYPTO_ALG_PRI, 1758 - .cra_name = "curve25519", 1759 - .cra_driver_name = "hpre-curve25519", 1760 - .cra_module = THIS_MODULE, 1761 - }, 1762 2096 }; 1763 2097 1764 2098 static int hpre_register_rsa(struct hisi_qm *qm) ··· 1826 2192 crypto_unregister_kpp(&ecdh_curves[i]); 1827 2193 } 1828 2194 1829 - static int hpre_register_x25519(struct hisi_qm *qm) 1830 - { 1831 - int ret; 1832 - 1833 - if (!hpre_check_alg_support(qm, HPRE_DRV_X25519_MASK_CAP)) 1834 - return 0; 1835 - 1836 - ret = crypto_register_kpp(&curve25519_alg); 1837 - if (ret) 1838 - dev_err(&qm->pdev->dev, "failed to register x25519 (%d)!\n", ret); 1839 - 1840 - return ret; 1841 - } 1842 - 1843 - static void hpre_unregister_x25519(struct hisi_qm *qm) 1844 - { 1845 - if (!hpre_check_alg_support(qm, HPRE_DRV_X25519_MASK_CAP)) 1846 - return; 1847 - 1848 - crypto_unregister_kpp(&curve25519_alg); 1849 - } 1850 - 1851 2195 int hpre_algs_register(struct hisi_qm *qm) 1852 2196 { 1853 2197 int ret = 0; ··· 1848 2236 if (ret) 1849 2237 goto unreg_dh; 1850 2238 1851 - ret = hpre_register_x25519(qm); 1852 - if (ret) 1853 - goto unreg_ecdh; 1854 - 1855 2239 hpre_available_devs++; 1856 2240 mutex_unlock(&hpre_algs_lock); 1857 2241 1858 2242 return ret; 1859 2243 1860 - unreg_ecdh: 1861 - hpre_unregister_ecdh(qm); 1862 2244 unreg_dh: 1863 2245 hpre_unregister_dh(qm); 1864 2246 unreg_rsa: ··· 1868 2262 if (--hpre_available_devs) 1869 2263 goto unlock; 1870 2264 1871 - hpre_unregister_x25519(qm); 1872 2265 hpre_unregister_ecdh(qm); 1873 2266 hpre_unregister_dh(qm); 1874 2267 hpre_unregister_rsa(qm);