14 Jul, 2009
3 commits
-
This patch changes hmac to the new shash interface.
Signed-off-by: Herbert Xu
-
This patch converts the padlock-sha implementation to shash.
In doing so the existing mechanism of storing the data until
final is no longer viable as we do not have a way of allocating
data in crypto_shash_init and then reliably freeing it.This is just as well because a better way of handling the problem
is to hash everything but the last chunk using normal sha code
and then provide the intermediate result to the padlock device.This is good enough because the primary application of padlock-sha
is IPsec and there the data is laid out in the form of an hmac
header followed by the rest of the packet. In essence we can
provide all the data to the padlock as the hmac header only needs
to be hashed once.Signed-off-by: Herbert Xu
-
This patch changes descsize to a run-time attribute so that
implementations can change it in their init functions.Signed-off-by: Herbert Xu
12 Jul, 2009
2 commits
-
This patch changes the kfree call to kzfree for async requests.
As the request may contain sensitive data it needs to be zeroed
before it can be reallocated by others.Signed-off-by: Herbert Xu
-
This patch moves the run-time null setkey check to shash_prepare_alg
just like we did for finup/digest.Signed-off-by: Herbert Xu
11 Jul, 2009
8 commits
-
This patch changes padlock sha fallback to shash instead of hash.
Signed-off-by: Herbert Xu
-
This patch adds export/import support to sha256-s390. The exported
type is defined by struct sha256_state, which is basically the entire
descriptor state of sha256_generic.Signed-off-by: Herbert Xu
-
This patch adds export/import support to sha1-s390. The exported
type is defined by struct sha1_state, which is basically the entire
descriptor state of sha1_generic.Signed-off-by: Herbert Xu
-
This patch adds export/import support to sha256_generic. The exported
type is defined by struct sha256_state, which is basically the entire
descriptor state of sha256_generic.Signed-off-by: Herbert Xu
-
This patch replaces the two 32-bit counter code in sha256_generic
with the simpler 64-bit counter code from sha1.Signed-off-by: Herbert Xu
-
This patch adds export/import support to sha1_generic. The exported
type is defined by struct sha1_state, which is basically the entire
descriptor state of sha1_generic.Signed-off-by: Herbert Xu
-
This patch moves the run-time null finup/digest checks to the
shash_prepare_alg function which is run at registration time.Signed-off-by: Herbert Xu
-
This patch replaces the full descriptor export with an export of
the partial hash state. This allows the use of a consistent export
format across all implementations of a given algorithm.This is useful because a number of cases require the use of the
partial hash state, e.g., PadLock can use the SHA1 hash state
to get around the fact that it can only hash contiguous data
chunks.Signed-off-by: Herbert Xu
09 Jul, 2009
2 commits
-
This patch allows crypto_drop_spawn to be called on spawns that
have not been initialised or have failed initialisation. This
fixes potential crashes during initialisation without adding
special case code.Signed-off-by: Herbert Xu
-
This patch adds the helper shash_instance_ctx which is the shash
analogue of crypto_instance_ctx.Signed-off-by: Herbert Xu
08 Jul, 2009
10 commits
-
This patch fixes crypto_shash_import to propagate the value returned
by reinit.Signed-off-by: Herbert Xu
-
This patch simplifies the default digest function by using finup.
Signed-off-by: Herbert Xu
-
This patch adds __crypto_shash_cast which turns a crypto_tfm
into crypto_shash. It's analogous to the other __crypto_*_cast
functions.It hasn't been needed until now since no existing shash algorithms
have had an init function.Signed-off-by: Herbert Xu
-
This patch adds crypto_shash_ctx_aligned which will be needed
by hmac after its conversion to shash.Signed-off-by: Herbert Xu
-
This patch adds shash_register_instance so that shash instances
can be registered without bypassing the shash checks applied to
normal algorithms.Signed-off-by: Herbert Xu
-
This patch adds the helper shash_attr_alg2 which locates a shash
algorithm based on the information in the given attribute.Signed-off-by: Herbert Xu
-
This patch adds the helper crypto_attr_alg2 which is similar to
crypto_attr_alg but takes an extra frontend argument. This is
intended to be used by new style algorithm types such as shash.Signed-off-by: Herbert Xu
-
This patch adds the functions needed to create and use shash
spawns, i.e., to use shash algorithms in a template.Signed-off-by: Herbert Xu
-
This patch modifies the spawn infrastructure to support new style
algorithms like shash. In particular, this means storing the
frontend type in the spawn and using crypto_create_tfm to allocate
the tfm.Signed-off-by: Herbert Xu
-
This patch adds shash_instance and the associated alloc/free
functions. This is meant to be an instance that with a shash
algorithm under it. Note that the instance itself doesn't have
to be shash.Signed-off-by: Herbert Xu
07 Jul, 2009
2 commits
-
This patch adds a new argument to crypto_alloc_instance which
sets aside some space before the instance for use by algorithms
such as shash that place type-specific data before crypto_alg.For compatibility the function has been renamed so that existing
users aren't affected.Signed-off-by: Herbert Xu
-
This patch introduces the template->create function intended
to replace the existing alloc function. The intention is for
create to handle the registration directly, whereas currently
the caller of alloc has to handle the registration.This allows type-specific code to be run prior to registration.
Signed-off-by: Herbert Xu
03 Jul, 2009
2 commits
-
As reported by Eric Sesterhenn the re-allocation of the cipher in reset leads
to:
|BUG: sleeping function called from invalid context at kernel/rwsem.c:21
|in_atomic(): 1, irqs_disabled(): 0, pid: 4926, name: modprobe
|INFO: lockdep is turned off.
|Pid: 4926, comm: modprobe Tainted: G M 2.6.31-rc1-22297-g5298976 #24
|Call Trace:
| [] __might_sleep+0xf9/0x101
| [] down_read+0x16/0x68
| [] crypto_alg_lookup+0x16/0x34
| [] crypto_larval_lookup+0x30/0xf9
| [] crypto_alg_mod_lookup+0x1d/0x62
| [] crypto_alloc_base+0x1e/0x64
| [] reset_prng_context+0xab/0x13f
| [] ? __spin_lock_init+0x27/0x51
| [] cprng_init+0x2a/0x42
| [] __crypto_alloc_tfm+0xfa/0x128
| [] crypto_alloc_base+0x33/0x64
| [] alg_test_cprng+0x30/0x1f4
| [] alg_test+0x12f/0x19f
| [] ? __alloc_pages_nodemask+0x14d/0x481
| [] do_test+0xf9d/0x163f [tcrypt]
| [] do_test+0x3a1/0x163f [tcrypt]
| [] tcrypt_mod_init+0x35/0x7c [tcrypt]
| [] _stext+0x54/0x12c
| [] ? tcrypt_mod_init+0x0/0x7c [tcrypt]
| [] ? up_read+0x16/0x2b
| [] ? __blocking_notifier_call_chain+0x40/0x4c
| [] sys_init_module+0xa9/0x1bf
| [] sysenter_do_call+0x12/0x32because a spin lock is held and crypto_alloc_base() may sleep.
There is no reason to re-allocate the cipher, the state is resetted in
->setkey(). This patches makes the cipher allocation a one time thing and
moves it to init.Reported-by: Eric Sesterhenn
Signed-off-by: Sebastian Andrzej Siewior
Acked-by: Neil Horman
Signed-off-by: Herbert Xu -
The current code uses a mix of sping_lock() & spin_lock_irqsave(). This can
lead to deadlock with the correct timming & cprng_get_random() + cprng_reset()
sequence.
I've converted them to bottom half locks since all three user grab just a BH
lock so this runs probably in softirq :)Signed-off-by: Sebastian Andrzej Siewior
Acked-by: Neil Horman
Signed-off-by: Herbert Xu
02 Jul, 2009
1 commit
-
This patch adds the support for testing specific implementations.
This should only be used in very specific situations. Right now
this means specific implementations of random number generators.Signed-off-by: Herbert Xu
25 Jun, 2009
3 commits
-
As it stands we use chainiv for sync algorithms and eseqiv for
async algorithms. However, when there is more than one CPU
chainiv forces all processing to be serialised which is usually
not what you want. Also, the added overhead of eseqiv isn't that
great.Therefore this patch changes the default sync geniv on SMP machines
to eseqiv. For the odd situation where the overhead is unacceptable
then chainiv is still available as an option.Note that on UP machines chainiv is still preferred over eseqiv
for sync algorithms.Signed-off-by: Herbert Xu
-
When a sync givcipher algorithm is requested, if an async version
of the same algorithm already exists, then we will loop forever
without ever constructing the sync version based on a blkcipher.This is because we did not include the requested type/mask when
getting a larval for the geniv algorithm that is to be constructed.Signed-off-by: Herbert Xu
-
Signed-off-by: Joe Perches
Acked-by: Matt Mackall
Signed-off-by: Herbert Xu
24 Jun, 2009
2 commits
-
Until hash test vectors grow longer than 256 bytes, the only
purpose of the check is to generate a gcc warning.Signed-off-by: Herbert Xu
-
When the aes-intel module is loaded on a system that does not have the
AES instructions, it printsIntel AES-NI instructions are not detected.
at level KERN_ERR. Since aes-intel is aliased to "aes" it will be tried
whenever anything uses AES and spam the console. This doesn't match
existing practice for how to handle "no hardware" when initializing a
module, so downgrade the message to KERN_INFO.Signed-off-by: Roland Dreier
Signed-off-by: Herbert Xu
21 Jun, 2009
1 commit
-
The ANSI CPRNG has no dependence on FIPS support. FIPS support however,
requires the use of the CPRNG. Adjust that depedency relationship in Kconfig.Signed-off-by: Neil Horman
Signed-off-by: Herbert Xu
19 Jun, 2009
3 commits
-
We should return 0/-ENOENT instead of 1/0 when testing by name.
Signed-off-by: Herbert Xu
-
The RNG should work with FIPS disabled.
Signed-off-by: Herbert Xu
-
This adds the 'alg' module parameter to be able to test an
algorithm by name. If the algorithm type is not ad-hoc
clear for a algorithm (e.g. pcrypt, cryptd) it is possilbe
to set the algorithm type with the 'type' module parameter.Signed-off-by: Steffen Klassert
Signed-off-by: Herbert Xu
18 Jun, 2009
1 commit
-
Just started running fips cavs test vectors through an s390x system
for giggles, and discovered that I missed patching s390's arch-specific
des3 implementation w/an earlier des3 patch to permit weak keys.This change adds the same flag tweaks as
ad79cdd77fc1466e45cf923890f66bcfe7c43f12 (crypto: des3_ede - permit
weak keys unless REQ_WEAK_KEY set) for s390's des3 implementation,
yields expected test results now.Signed-off-by: Jarod Wilson
Signed-off-by: Herbert Xu
