20 Dec, 2019
1 commit
-
Some of the algorithm unregistration functions return -ENOENT when asked
to unregister a non-registered algorithm, while others always return 0
or always return void. But no users check the return value, except for
two of the bulk unregistration functions which print a message on error
but still always return 0 to their caller, and crypto_del_alg() which
calls crypto_unregister_instance() which always returns 0.Since unregistering a non-registered algorithm is always a kernel bug
but there isn't anything callers should do to handle this situation at
runtime, let's simplify things by making all the unregistration
functions return void, and moving the error message into
crypto_unregister_alg() and upgrading it to a WARN().Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
11 Dec, 2019
1 commit
-
arc4 is no longer considered secure, so it shouldn't be used, even as
just an example. Mention serpent and chacha20 instead.Signed-off-by: Eric Biggers
Acked-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
17 Nov, 2019
1 commit
-
Now that all users of the deprecated ablkcipher interface have been
moved to the skcipher interface, ablkcipher is no longer used and
can be removed.Reviewed-by: Eric Biggers
Signed-off-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
01 Nov, 2019
2 commits
-
Now that all "blkcipher" algorithms have been converted to "skcipher",
remove the blkcipher algorithm type.The skcipher (symmetric key cipher) algorithm type was introduced a few
years ago to replace both blkcipher and ablkcipher (synchronous and
asynchronous block cipher). The advantages of skcipher include:- A much less confusing name, since none of these algorithm types have
ever actually been for raw block ciphers, but rather for all
length-preserving encryption modes including block cipher modes of
operation, stream ciphers, and other length-preserving modes.- It unified blkcipher and ablkcipher into a single algorithm type
which supports both synchronous and asynchronous implementations.
Note, blkcipher already operated only on scatterlists, so the fact
that skcipher does too isn't a regression in functionality.- Better type safety by using struct skcipher_alg, struct
crypto_skcipher, etc. instead of crypto_alg, crypto_tfm, etc.- It sometimes simplifies the implementations of algorithms.
Also, the blkcipher API was no longer being tested.
Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu -
crypto_has_ablkcipher() has no users, and it does the same thing as
crypto_has_skcipher() anyway. So remove it. This also removes the last
user of crypto_skcipher_type() and crypto_skcipher_mask(), so remove
those too.Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
19 Sep, 2019
1 commit
-
Pull crypto updates from Herbert Xu:
"API:
- Add the ability to abort a skcipher walk.Algorithms:
- Fix XTS to actually do the stealing.
- Add library helpers for AES and DES for single-block users.
- Add library helpers for SHA256.
- Add new DES key verification helper.
- Add surrounding bits for ESSIV generator.
- Add accelerations for aegis128.
- Add test vectors for lzo-rle.Drivers:
- Add i.MX8MQ support to caam.
- Add gcm/ccm/cfb/ofb aes support in inside-secure.
- Add ofb/cfb aes support in media-tek.
- Add HiSilicon ZIP accelerator support.Others:
- Fix potential race condition in padata.
- Use unbound workqueues in padata"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (311 commits)
crypto: caam - Cast to long first before pointer conversion
crypto: ccree - enable CTS support in AES-XTS
crypto: inside-secure - Probe transform record cache RAM sizes
crypto: inside-secure - Base RD fetchcount on actual RD FIFO size
crypto: inside-secure - Base CD fetchcount on actual CD FIFO size
crypto: inside-secure - Enable extended algorithms on newer HW
crypto: inside-secure: Corrected configuration of EIP96_TOKEN_CTRL
crypto: inside-secure - Add EIP97/EIP197 and endianness detection
padata: remove cpu_index from the parallel_queue
padata: unbind parallel jobs from specific CPUs
padata: use separate workqueues for parallel and serial work
padata, pcrypt: take CPU hotplug lock internally in padata_alloc_possible
crypto: pcrypt - remove padata cpumask notifier
padata: make padata_do_parallel find alternate callback CPU
workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs
workqueue: unconfine alloc/apply/free_workqueue_attrs()
padata: allocate workqueue internally
arm64: dts: imx8mq: Add CAAM node
random: Use wait_event_freezable() in add_hwgenerator_randomness()
crypto: ux500 - Fix COMPILE_TEST warnings
...
15 Aug, 2019
1 commit
-
This fixes the following Sphinx warning:
Documentation/crypto/crypto_engine.rst:2:
WARNING: Explicit markup ends without a blank line; unexpected unindent.Signed-off-by: Jonathan Neuschäfer
Signed-off-by: Herbert Xu
17 Jul, 2019
1 commit
-
Now that the latex_documents are handled automatically, we can
remove those extra conf.py files.Signed-off-by: Mauro Carvalho Chehab
03 Jul, 2019
2 commits
-
Tidy up the formatting/grammar in crypto_engine.rst. Use bulleted lists
where appropriate.Signed-off-by: Gary R Hook
Signed-off-by: Herbert Xu -
Fill in missing parameter descriptions for the compression algorithm,
then pick them up to document for the compression_alg structure.Signed-off-by: Gary R Hook
Signed-off-by: Herbert Xu
13 Jun, 2019
1 commit
-
Rewrite the skcipher API example, changing it to encrypt a buffer with
AES-256-XTS. This addresses various problems with the previous example:- It requests a specific driver "cbc-aes-aesni", which is unusual.
Normally users ask for "cbc(aes)", not a specific driver.- It encrypts only a single AES block. For the reader, that doesn't
clearly distinguish the "skcipher" API from the "cipher" API.- Showing how to encrypt something with bare CBC is arguably a poor
choice of example, as it doesn't follow modern crypto trends. Now,
usually authenticated encryption is recommended, in which case the
user would use the AEAD API, not skcipher. Disk encryption is still a
legitimate use for skcipher, but for that usually XTS is recommended.- Many other bugs and poor coding practices, such as not setting
CRYPTO_TFM_REQ_MAY_SLEEP, unnecessarily allocating a heap buffer for
the IV, unnecessary NULL checks, using a pointless wrapper struct, and
forgetting to set an error code in one case.Signed-off-by: Eric Biggers
Acked-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
30 May, 2019
1 commit
-
Remove the unnecessary constant CRYPTO_ALG_TYPE_DIGEST, which has the
same value as CRYPTO_ALG_TYPE_HASH.Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
25 Apr, 2019
1 commit
-
The flags field in 'struct shash_desc' never actually does anything.
The only ostensibly supported flag is CRYPTO_TFM_REQ_MAY_SLEEP.
However, no shash algorithm ever sleeps, making this flag a no-op.With this being the case, inevitably some users who can't sleep wrongly
pass MAY_SLEEP. These would all need to be fixed if any shash algorithm
actually started sleeping. For example, the shash_ahash_*() functions,
which wrap a shash algorithm with the ahash API, pass through MAY_SLEEP
from the ahash API to the shash API. However, the shash functions are
called under kmap_atomic(), so actually they're assumed to never sleep.Even if it turns out that some users do need preemption points while
hashing large buffers, we could easily provide a helper function
crypto_shash_update_large() which divides the data into smaller chunks
and calls crypto_shash_update() and cond_resched() for each chunk. It's
not necessary to have a flag in 'struct shash_desc', nor is it necessary
to make individual shash algorithms aware of this at all.Therefore, remove shash_desc::flags, and document that the
crypto_shash_*() functions can be called from any context.Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
23 Dec, 2018
1 commit
-
Remove dead code related to internal IV generators, which are no longer
used since they've been replaced with the "seqiv" and "echainiv"
templates. The removed code includes:- The "givcipher" (GIVCIPHER) algorithm type. No algorithms are
registered with this type anymore, so it's unneeded.- The "const char *geniv" member of aead_alg, ablkcipher_alg, and
blkcipher_alg. A few algorithms still set this, but it isn't used
anymore except to show via /proc/crypto and CRYPTO_MSG_GETALG.
Just hardcode "" or "" in those cases.- The 'skcipher_givcrypt_request' structure, which is never used.
Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
26 Oct, 2018
2 commits
-
Implement PKCS#8 RSA Private Key format [RFC 5208] parser for the
asymmetric key type. For the moment, this will only support unencrypted
DER blobs. PEM and decryption can be added later.PKCS#8 keys can be loaded like this:
openssl pkcs8 -in private_key.pem -topk8 -nocrypt -outform DER | \
keyctl padd asymmetric foo @sSigned-off-by: David Howells
Tested-by: Marcel Holtmann
Reviewed-by: Marcel Holtmann
Reviewed-by: Denis Kenzior
Tested-by: Denis Kenzior
Signed-off-by: James Morris -
Provide the missing asymmetric key subops for new key type ops. This
include query, encrypt, decrypt and create signature. Verify signature
already exists. Also provided are accessor functions for this:int query_asymmetric_key(const struct key *key,
struct kernel_pkey_query *info);int encrypt_blob(struct kernel_pkey_params *params,
const void *data, void *enc);
int decrypt_blob(struct kernel_pkey_params *params,
const void *enc, void *data);
int create_signature(struct kernel_pkey_params *params,
const void *data, void *enc);The public_key_signature struct gains an encoding field to carry the
encoding for verify_signature().Signed-off-by: David Howells
Tested-by: Marcel Holtmann
Reviewed-by: Marcel Holtmann
Reviewed-by: Denis Kenzior
Tested-by: Denis Kenzior
Signed-off-by: James Morris
09 Jul, 2018
1 commit
-
Some crypto API users allocating a tfm with crypto_alloc_$FOO() are also
specifying the type flags for $FOO, e.g. crypto_alloc_shash() with
CRYPTO_ALG_TYPE_SHASH. But, that's redundant since the crypto API will
override any specified type flag/mask with the correct ones.So, remove the unneeded flags.
This patch shouldn't change any actual behavior.
Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
15 Jun, 2018
1 commit
-
./Documentation/crypto/crypto_engine.rst:13: WARNING: Unexpected indentation.
./Documentation/crypto/crypto_engine.rst:15: WARNING: Block quote ends without a blank line; unexpected unindent.Signed-off-by: Mauro Carvalho Chehab
Acked-by: Jonathan Corbet
08 May, 2018
1 commit
-
A number of new docs were added, but they're currently not on
the index.rst from the session they're supposed to be, causing
Sphinx warnings.Add them.
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet
31 Mar, 2018
1 commit
-
Add a note that it is perfectly legal to "abandon" a request object:
- call .init() and then (as many times) .update()
- _not_ call any of .final(), .finup() or .export() at any point in
futureLink: https://lkml.kernel.org/r/20180222114741.GA27631@gondor.apana.org.au
Signed-off-by: Horia Geantă
Signed-off-by: Herbert Xu
15 Feb, 2018
1 commit
-
Signed-off-by: Corentin Labbe
Signed-off-by: Herbert Xu
03 Nov, 2017
1 commit
-
The code sample is waiting for an async. crypto op completion.
Adapt sample to use the new generic infrastructure to do the same.This also fixes a possible data coruption bug created by the
use of wait_for_completion_interruptible() without dealing
correctly with an interrupt aborting the wait prior to the
async op finishing.Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu
14 Jul, 2017
1 commit
-
Provide more specific examples of keyring restrictions as applied to
X.509 signature chain verification.Signed-off-by: Mat Martineau
Signed-off-by: David Howells
Signed-off-by: James Morris
06 Jul, 2017
1 commit
-
Pull crypto updates from Herbert Xu:
"Algorithms:
- add private key generation to ecdhDrivers:
- add generic gcm(aes) to aesni-intel
- add SafeXcel EIP197 crypto engine driver
- add ecb(aes), cfb(aes) and ecb(des3_ede) to cavium
- add support for CNN55XX adapters in cavium
- add ctr mode to chcr
- add support for gcm(aes) to omap"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (140 commits)
crypto: testmgr - Reenable sha1/aes in FIPS mode
crypto: ccp - Release locks before returning
crypto: cavium/nitrox - dma_mapping_error() returns bool
crypto: doc - fix typo in docs
Documentation/bindings: Document the SafeXel cryptographic engine driver
crypto: caam - fix gfp allocation flags (part II)
crypto: caam - fix gfp allocation flags (part I)
crypto: drbg - Fixes panic in wait_for_completion call
crypto: caam - make of_device_ids const.
crypto: vmx - remove unnecessary check
crypto: n2 - make of_device_ids const
crypto: inside-secure - use the base_end pointer in ring rollback
crypto: inside-secure - increase the batch size
crypto: inside-secure - only dequeue when needed
crypto: inside-secure - get the backlog before dequeueing the request
crypto: inside-secure - stop requeueing failed requests
crypto: inside-secure - use one queue per hw ring
crypto: inside-secure - update the context and request later
crypto: inside-secure - align the cipher and hash send functions
crypto: inside-secure - optimize DSE bufferability control
...
22 Jun, 2017
1 commit
-
Signed-off-by: Benjamin Peterson
Signed-off-by: Herbert Xu
19 Jun, 2017
1 commit
-
- Fixed bugs in example for shash and rng (added missing "*" and " *").
- Corrected pr_info() in calc_hash().
- Added example usage of calc_hash().
- No need for negate PTR_ERR to get error code, as crypto_alloc_rng
already returns negative values like ERR_PTR(-ENOMEM). Fixed.Signed-off-by: Kamil Konieczny
Signed-off-by: Herbert Xu
19 May, 2017
2 commits
-
Mauro says:
This patch series convert the remaining DocBooks to ReST.
The first version was originally
send as 3 patch series:[PATCH 00/36] Convert DocBook documents to ReST
[PATCH 0/5] Convert more books to ReST
[PATCH 00/13] Get rid of DocBookThe lsm book was added as if it were a text file under
Documentation. The plan is to merge it with another file
under Documentation/security, after both this series and
a security Documentation patch series gets merged.It also adjusts some Sphinx-pedantic errors/warnings on
some kernel-doc markups.I also added some patches here to add PDF output for all
existing ReST books. -
This creates a new section in the security development index for kernel
keys, and adjusts for ReST markup.Cc: David Howells
Signed-off-by: Kees Cook
Signed-off-by: Jonathan Corbet
16 May, 2017
1 commit
-
The crypto API book was added without the bits required to
generate PDF output. Add them.Signed-off-by: Mauro Carvalho Chehab
03 May, 2017
1 commit
-
Pull security subsystem updates from James Morris:
"Highlights:IMA:
- provide ">" and " of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
tpm: Fix reference count to main device
tpm_tis: convert to using locality callbacks
tpm: fix handling of the TPM 2.0 event logs
tpm_crb: remove a cruft constant
keys: select CONFIG_CRYPTO when selecting DH / KDF
apparmor: Make path_max parameter readonly
apparmor: fix parameters so that the permission test is bypassed at boot
apparmor: fix invalid reference to index variable of iterator line 836
apparmor: use SHASH_DESC_ON_STACK
security/apparmor/lsm.c: set debug messages
apparmor: fix boolreturn.cocci warnings
Smack: Use GFP_KERNEL for smk_netlbl_mls().
smack: fix double free in smack_parse_opts_str()
KEYS: add SP800-56A KDF support for DH
KEYS: Keyring asymmetric key restrict method with chaining
KEYS: Restrict asymmetric key linkage using a specific keychain
KEYS: Add a lookup_restriction function for the asymmetric key type
KEYS: Add KEYCTL_RESTRICT_KEYRING
KEYS: Consistent ordering for __key_link_begin and restrict check
KEYS: Add an optional lookup_restriction hook to key_type
...
05 Apr, 2017
3 commits
-
Add a restrict_link_by_key_or_keyring_chain link restriction that
searches for signing keys in the destination keyring in addition to the
signing key or keyring designated when the destination keyring was
created. Userspace enables this behavior by including the "chain" option
in the keyring restriction:keyctl(KEYCTL_RESTRICT_KEYRING, keyring, "asymmetric",
"key_or_keyring::chain");Signed-off-by: Mat Martineau
-
Adds restrict_link_by_signature_keyring(), which uses the restrict_key
member of the provided destination_keyring data structure as the
key or keyring to search for signing keys.Signed-off-by: Mat Martineau
-
Look up asymmetric keyring restriction information using the key-type
lookup_restrict hook.Signed-off-by: Mat Martineau
16 Mar, 2017
1 commit
-
Add missing " " in api-samples.rst
Signed-off-by: Fabien Dessenne
Signed-off-by: Herbert Xu
15 Feb, 2017
1 commit
-
Fix a single letter typo in api-skcipher.rst.
Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu
03 Feb, 2017
1 commit
-
The documentation states that crypto_ahash_reqsize() provides the size
of the state structure used by crypto_ahash_export(). But it's actually
crypto_ahash_statesize() which provides this size.Signed-off-by: Rabin Vincent
Signed-off-by: Herbert Xu
18 Dec, 2016
1 commit
-
Pull more documentation updates from Jonathan Corbet:
"This converts the crypto DocBook to Sphinx"* tag 'docs-4.10-2' of git://git.lwn.net/linux:
crypto: doc - optimize compilation
crypto: doc - clarify AEAD memory structure
crypto: doc - remove crypto_alloc_ablkcipher
crypto: doc - add KPP documentation
crypto: doc - fix separation of cipher / req API
crypto: doc - fix source comments for Sphinx
crypto: doc - remove crypto API DocBook
crypto: doc - convert crypto API documentation to Sphinx
14 Dec, 2016
3 commits
-
The :functions: definition allows the specification of multiple
function references which prevents parsing the header file multiple
times.Reported-by: Jani Nikula
Signed-off-by: Stephan Mueller
Signed-off-by: Jonathan Corbet -
Remove the documentation reference to crypto_alloc_ablkcipher as the API
function call was removed.Signed-off-by: Stephan Mueller
Signed-off-by: Jonathan Corbet -
Add the KPP API documentation to the kernel crypto API Sphinx
documentation. This addition includes the documentation of the
ECDH and DH helpers which are needed to create the approrpiate input
data for the crypto_kpp_set_secret function.Signed-off-by: Stephan Mueller
Signed-off-by: Jonathan Corbet