18 Dec, 2016
1 commit
-
Pull more documentation updates from Jonathan Corbet:
"This converts the crypto DocBook to Sphinx"* tag 'docs-4.10-2' of git://git.lwn.net/linux:
crypto: doc - optimize compilation
crypto: doc - clarify AEAD memory structure
crypto: doc - remove crypto_alloc_ablkcipher
crypto: doc - add KPP documentation
crypto: doc - fix separation of cipher / req API
crypto: doc - fix source comments for Sphinx
crypto: doc - remove crypto API DocBook
crypto: doc - convert crypto API documentation to Sphinx
14 Dec, 2016
3 commits
-
The previous description have been misleading and partially incorrect.
Reported-by: Harsh Jain
Signed-off-by: Stephan Mueller
Signed-off-by: Jonathan Corbet -
Add the KPP API documentation to the kernel crypto API Sphinx
documentation. This addition includes the documentation of the
ECDH and DH helpers which are needed to create the approrpiate input
data for the crypto_kpp_set_secret function.Signed-off-by: Stephan Mueller
Signed-off-by: Jonathan Corbet -
Update comments to avoid any complaints from Sphinx during compilation.
Signed-off-by: Stephan Mueller
Signed-off-by: Jonathan Corbet
01 Dec, 2016
1 commit
-
The AEAD decrypt interface includes the authentication tag in
req->cryptlen. Therefore we need to exlucde that when doing
a walk over it.This patch adds separate walker functions for AEAD encryption
and decryption.Signed-off-by: Herbert Xu
Reviewed-by: Ard Biesheuvel
30 Nov, 2016
2 commits
-
Merge the crypto tree to pull in chelsio chcr fix.
-
When using SGs, only heap memory (memory that is valid as per
virt_addr_valid) is allowed to be referenced. The CTR DRBG used to
reference the caller-provided memory directly in an SG. In case the
caller provided stack memory pointers, the SG mapping is not considered
to be valid. In some cases, this would even cause a paging fault.The change adds a new scratch buffer that is used unconditionally to
catch the cases where the caller-provided buffer is not suitable for
use in an SG. The crypto operation of the CTR DRBG produces its output
with that scratch buffer and finally copies the content of the
scratch buffer to the caller's buffer.The scratch buffer is allocated during allocation time of the CTR DRBG
as its access is protected with the DRBG mutex.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
28 Nov, 2016
5 commits
-
This patch moves the core CBC implementation into a header file
so that it can be reused by drivers implementing CBC.Signed-off-by: Herbert Xu
-
This patch adds the simd skcipher helper which is meant to be
a replacement for ablk helper. It replaces the underlying blkcipher
interface with skcipher, and also presents the top-level algorithm
as an skcipher.Signed-off-by: Herbert Xu
-
This patch adds skcipher support to cryptd alongside ablkcipher.
Signed-off-by: Herbert Xu
-
This patch converts xts over to the skcipher interface. It also
optimises the implementation to be based on ECB instead of the
underlying cipher. For compatibility the existing naming scheme
of xts(aes) is maintained as opposed to the more obvious one of
xts(ecb(aes)).Signed-off-by: Herbert Xu
-
This patch adds the skcipher walk interface which replaces both
blkcipher walk and ablkcipher walk. Just like blkcipher walk it
can also be used for AEAD algorithms.Signed-off-by: Herbert Xu
17 Nov, 2016
1 commit
-
GF(2^128) multiplication tables are typically used for secret
information, so it's a good idea to zero them on free.Signed-off-by: Alex Cope
Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
13 Nov, 2016
1 commit
-
This code is unlikely to be useful in the future because transforms
don't know how often keys will be changed, new algorithms are unlikely
to use lle representation, and tables should be replaced with
carryless multiplication instructions when available.Signed-off-by: Alex Cope
Signed-off-by: Herbert Xu
01 Nov, 2016
2 commits
-
Since commit 3a01d0ee2b99 ("crypto: skcipher - Remove top-level
givcipher interface"), crypto_spawn_skcipher2() and
crypto_spawn_skcipher() are equivalent. So switch callers of
crypto_spawn_skcipher2() to crypto_spawn_skcipher() and remove it.Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu -
Since commit 3a01d0ee2b99 ("crypto: skcipher - Remove top-level
givcipher interface"), crypto_grab_skcipher2() and
crypto_grab_skcipher() are equivalent. So switch callers of
crypto_grab_skcipher2() to crypto_grab_skcipher() and remove it.Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
25 Oct, 2016
3 commits
-
Add a synchronous back-end (scomp) to acomp. This allows to easily
expose the already present compression algorithms in LKCF via acomp.Signed-off-by: Giovanni Cabiddu
Signed-off-by: Herbert Xu -
Add acomp, an asynchronous compression api that uses scatterlist
buffers.Signed-off-by: Giovanni Cabiddu
Signed-off-by: Herbert Xu -
Use the new API to create and destroy the crypto engine kthread
worker. The API hides some implementation details.In particular, kthread_create_worker() allocates and initializes
struct kthread_worker. It runs the kthread the right way
and stores task_struct into the worker structure.kthread_destroy_worker() flushes all pending works, stops
the kthread and frees the structure.This patch does not change the existing behavior except for
dynamically allocating struct kthread_worker and storing
only the pointer of this structure.It is compile tested only because I did not find an easy
way how to run the code. Well, it should be pretty safe
given the nature of the change.Signed-off-by: Petr Mladek
Signed-off-by: Herbert Xu
21 Oct, 2016
1 commit
-
The definition of crypto_lookup_skcipher() was already removed in
commit 3a01d0ee2b99 ("crypto: skcipher - Remove top-level givcipher
interface"). So the declaration should be removed too.Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
10 Oct, 2016
1 commit
-
Merge the crypto tree to pull in vmx ghash fix.
02 Oct, 2016
1 commit
-
Move common values and types used by ghash-generic to a new header file
so drivers can directly use ghash-generic as a fallback implementation.Fixes: cc333cd68dfa ("crypto: vmx - Adding GHASH routines for VMX module")
Cc: stable@vger.kernel.org
Signed-off-by: Marcelo Cerri
Signed-off-by: Herbert Xu
07 Sep, 2016
2 commits
-
The current crypto engine allow only ablkcipher_request to be enqueued.
Thus denying any use of it for hardware that also handle hash algo.This patch modify the API for allowing to enqueue ciphers and hash.
Since omap-aes/omap-des are the only users, this patch also convert them
to the new cryptoengine API.Signed-off-by: Corentin Labbe
Signed-off-by: Herbert Xu -
This patch move the whole crypto engine API to its own header
crypto/engine.h.Signed-off-by: Corentin Labbe
Signed-off-by: Herbert Xu
28 Jul, 2016
1 commit
-
Pull random driver updates from Ted Ts'o:
"A number of improvements for the /dev/random driver; the most
important is the use of a ChaCha20-based CRNG for /dev/urandom, which
is faster, more efficient, and easier to make scalable for
silly/abusive userspace programs that want to read from /dev/urandom
in a tight loop on NUMA systems.This set of patches also improves entropy gathering on VM's running on
Microsoft Azure, and will take advantage of a hw random number
generator (if present) to initialize the /dev/urandom pool"(It turns out that the random tree hadn't been in linux-next this time
around, because it had been dropped earlier as being too quiet. Oh
well).* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
random: strengthen input validation for RNDADDTOENTCNT
random: add backtracking protection to the CRNG
random: make /dev/urandom scalable for silly userspace programs
random: replace non-blocking pool with a Chacha20-based CRNG
random: properly align get_random_int_hash
random: add interrupt callback to VMBus IRQ handler
random: print a warning for the first ten uninitialized random users
random: initialize the non-blocking pool via add_hwgenerator_randomness()
19 Jul, 2016
1 commit
-
This patch adds a missing comment for the base parameter in struct
skcipher_alg.Reported-by: kbuild test robot
Signed-off-by: Herbert Xu
18 Jul, 2016
10 commits
-
This patch inlines the functions scatterwalk_start, scatterwalk_map
and scatterwalk_done as they're all tiny and mostly used by the block
cipher walker.Signed-off-by: Herbert Xu
-
When hard preemption is enabled there is no need to explicitly
call crypto_yield. This patch eliminates it if that is the case.Signed-off-by: Herbert Xu
-
This patch removes the now unused scatterwalk_bytes_sglen. Anyone
using this out-of-tree should switch over to sg_nents_for_len.Signed-off-by: Herbert Xu
-
This patch removes the old crypto_grab_skcipher helper and replaces
it with crypto_grab_skcipher2.As this is the final entry point into givcipher this patch also
removes all traces of the top-level givcipher interface, including
all implicit IV generators such as chainiv.The bottom-level givcipher interface remains until the drivers
using it are converted.Signed-off-by: Herbert Xu
-
The default null blkcipher is no longer used and can now be removed.
Signed-off-by: Herbert Xu
-
The blkcipher null object is no longer used and can now be removed.
Signed-off-by: Herbert Xu
-
This patch adds an skcipher null object alongside the existing
null blkcipher so that IV generators using it can switch over
to skcipher.Signed-off-by: Herbert Xu
-
This patch adds a chunk size parameter to aead algorithms, just
like the chunk size for skcipher algorithms.However, unlike skcipher we do not currently export this to AEAD
users. It is only meant to be used by AEAD implementors for now.Signed-off-by: Herbert Xu
-
Current the default null skcipher is actually a crypto_blkcipher.
This patch creates a synchronous crypto_skcipher version of the
null cipher which unfortunately has to settle for the name skcipher2.Signed-off-by: Herbert Xu
-
This patch allows skcipher algorithms and instances to be created
and registered with the crypto API. They are accessible through
the top-level skcipher interface, along with ablkcipher/blkcipher
algorithms and instances.This patch also introduces a new parameter called chunk size
which is meant for ciphers such as CTR and CTS which ostensibly
can handle arbitrary lengths, but still behave like block ciphers
in that you can only process a partial block at the very end.For these ciphers the block size will continue to be set to 1
as it is now while the chunk size will be set to the underlying
block size.Signed-off-by: Herbert Xu
05 Jul, 2016
1 commit
-
When parsing a private key, store all non-optional fields. These
are required for enabling CRT mode for decrypt and verifySigned-off-by: Salvatore Benedetto
Signed-off-by: Herbert Xu
03 Jul, 2016
1 commit
-
The CRNG is faster, and we don't pretend to track entropy usage in the
CRNG any more.Signed-off-by: Theodore Ts'o
01 Jul, 2016
1 commit
-
This patch adds the helper crypto_inst_setname because the current
helper crypto_alloc_instance2 is no longer useful given that we
now look up the algorithm after we allocate the instance object.Signed-off-by: Herbert Xu
23 Jun, 2016
1 commit
-
* Implement ECDH under kpp API
* Provide ECC software support for curve P-192 and
P-256.
* Add kpp test for ECDH with data generated by OpenSSLSigned-off-by: Salvatore Benedetto
Signed-off-by: Herbert Xu