Merge tag 'v5.20-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

What:		/sys/bus/pci/devices/<BDF>/qat/state

Date:		June 2022

KernelVersion:	5.20

Contact:	qat-linux@intel.com

Description:	(RW) Reports the current state of the QAT device. Write to

		the file to start or stop the device.

		The values are:

		* up: the device is up and running

		* down: the device is down

		It is possible to transition the device from up to down only

		if the device is up and vice versa.

		This attribute is only available for qat_4xxx devices.

What:		/sys/bus/pci/devices/<BDF>/qat/cfg_services

Date:		June 2022

KernelVersion:	5.20

Contact:	qat-linux@intel.com

Description:	(RW) Reports the current configuration of the QAT device.

		Write to the file to change the configured services.

		The values are:

		* sym;asym: the device is configured for running crypto

		  services

		* dc: the device is configured for running compression services

		It is possible to set the configuration only if the device

		is in the `down` state (see /sys/bus/pci/devices/<BDF>/qat/state)

		The following example shows how to change the configuration of

		a device configured for running crypto services in order to

		run data compression::

			# cat /sys/bus/pci/devices/<BDF>/qat/state

			up

			# cat /sys/bus/pci/devices/<BDF>/qat/cfg_services

			sym;asym

			# echo down > /sys/bus/pci/devices/<BDF>/qat/state

			# echo dc > /sys/bus/pci/devices/<BDF>/qat/cfg_services

			# echo up > /sys/bus/pci/devices/<BDF>/qat/state

			# cat /sys/bus/pci/devices/<BDF>/qat/cfg_services

			dc

		This attribute is only available for qat_4xxx devices.

- AES-256-XTS for contents and AES-256-CTS-CBC for filenames

- AES-128-CBC for contents and AES-128-CTS-CBC for filenames

- Adiantum for both contents and filenames

- AES-256-XTS for contents and AES-256-HCTR2 for filenames (v2 policies only)

If unsure, you should use the (AES-256-XTS, AES-256-CTS-CBC) pair.

implementations of ChaCha and NHPoly1305 should be enabled, e.g.

CONFIG_CRYPTO_CHACHA20_NEON and CONFIG_CRYPTO_NHPOLY1305_NEON for ARM.

AES-256-HCTR2 is another true wide-block encryption mode that is intended for

use on CPUs with dedicated crypto instructions.  AES-256-HCTR2 has the property

that a bitflip in the plaintext changes the entire ciphertext.  This property

makes it desirable for filename encryption since initialization vectors are

reused within a directory.  For more details on AES-256-HCTR2, see the paper

"Length-preserving encryption with HCTR2"

(https://eprint.iacr.org/2021/1441.pdf).  To use AES-256-HCTR2,

CONFIG_CRYPTO_HCTR2 must be enabled.  Also, fast implementations of XCTR and

POLYVAL should be enabled, e.g. CRYPTO_POLYVAL_ARM64_CE and

CRYPTO_AES_ARM64_CE_BLK for ARM64.

New encryption modes can be added relatively easily, without changes

to individual filesystems.  However, authenticated encryption (AE)

modes are not currently supported because of the difficulty of dealing

inode number (for `IV_INO_LBLK_64 policies`_) included in the IVs.

Thus, IV reuse is limited to within a single directory.

With CTS-CBC, the IV reuse means that when the plaintext filenames

share a common prefix at least as long as the cipher block size (16

bytes for AES), the corresponding encrypted filenames will also share

a common prefix.  This is undesirable.  Adiantum does not have this

weakness, as it is a wide-block encryption mode.

With CTS-CBC, the IV reuse means that when the plaintext filenames share a

common prefix at least as long as the cipher block size (16 bytes for AES), the

corresponding encrypted filenames will also share a common prefix.  This is

undesirable.  Adiantum and HCTR2 do not have this weakness, as they are

wide-block encryption modes.

All supported filenames encryption modes accept any plaintext length

>= 16 bytes; cipher block alignment is not required.  However,

F:	Documentation/admin-guide/perf/hns3-pmu.rst

F:	drivers/perf/hisilicon/hns3_pmu.c

HISILICON QM AND ZIP Controller DRIVER

HISILICON QM DRIVER

M:	Weili Qian <qianweili@huawei.com>

M:	Zhou Wang <wangzhou1@hisilicon.com>

L:	linux-crypto@vger.kernel.org

S:	Maintained

F:	Documentation/ABI/testing/debugfs-hisi-zip

F:	drivers/crypto/hisilicon/Kconfig

F:	drivers/crypto/hisilicon/Makefile

F:	drivers/crypto/hisilicon/qm.c

F:	drivers/crypto/hisilicon/sgl.c

F:	drivers/crypto/hisilicon/zip/

F:	include/linux/hisi_acc_qm.h

HISILICON ZIP Controller DRIVER

M:	Yang Shen <shenyang39@huawei.com>

M:	Zhou Wang <wangzhou1@hisilicon.com>

L:	linux-crypto@vger.kernel.org

S:	Maintained

F:	Documentation/ABI/testing/debugfs-hisi-zip

F:	drivers/crypto/hisilicon/zip/

HISILICON ROCE DRIVER

M:	Wenpeng Liang <liangwenpeng@huawei.com>

M:	Weihang Li <liweihang@huawei.com>

	  using optimized ARM assembler and NEON, when available.

config CRYPTO_BLAKE2S_ARM

	tristate "BLAKE2s digest algorithm (ARM)"

	bool "BLAKE2s digest algorithm (ARM)"

	select CRYPTO_ARCH_HAVE_LIB_BLAKE2S

	help

	  BLAKE2s digest algorithm optimized with ARM scalar instructions.  This

obj-$(CONFIG_CRYPTO_SHA1_ARM_NEON) += sha1-arm-neon.o

obj-$(CONFIG_CRYPTO_SHA256_ARM) += sha256-arm.o

obj-$(CONFIG_CRYPTO_SHA512_ARM) += sha512-arm.o

obj-$(CONFIG_CRYPTO_BLAKE2S_ARM) += blake2s-arm.o

obj-$(if $(CONFIG_CRYPTO_BLAKE2S_ARM),y) += libblake2s-arm.o

obj-$(CONFIG_CRYPTO_BLAKE2S_ARM) += libblake2s-arm.o

obj-$(CONFIG_CRYPTO_BLAKE2B_NEON) += blake2b-neon.o

obj-$(CONFIG_CRYPTO_CHACHA20_NEON) += chacha-neon.o

obj-$(CONFIG_CRYPTO_POLY1305_ARM) += poly1305-arm.o

sha256-arm-y	:= sha256-core.o sha256_glue.o $(sha256-arm-neon-y)

sha512-arm-neon-$(CONFIG_KERNEL_MODE_NEON) := sha512-neon-glue.o

sha512-arm-y	:= sha512-core.o sha512-glue.o $(sha512-arm-neon-y)

blake2s-arm-y   := blake2s-shash.o

libblake2s-arm-y:= blake2s-core.o blake2s-glue.o

blake2b-neon-y  := blake2b-neon-core.o blake2b-neon-glue.o

sha1-arm-ce-y	:= sha1-ce-core.o sha1-ce-glue.o