29 Aug, 2008
4 commits
-
This patch moves the newly created alg_test infrastructure into
cryptomgr. This shall allow us to use it for testing at algorithm
registrations.Signed-off-by: Herbert Xu
-
This patch creates a new interface algorithm testing. A test can
be requested for a particular implementation of an algorithm. This
is achieved by taking both the name of the algorithm and that of
the implementation.The all-inclusive test has also been rewritten to no longer require
a duplicate listing of all algorithms with tests. In that process
a number of missing tests have also been discovered and rectified.Signed-off-by: Herbert Xu
-
The info printed is a complete waste of space when there is no error
since it doesn't tell us anything that we don't already know. If there
is an error, we can also be more verbose.In case that there is an error, this patch also aborts the test and
returns the error to the caller. In future this will be used to
algorithms at registration time.Signed-off-by: Herbert Xu
-
If tcrypt is to be used as a run-time integrity test, it needs to be
more resilient in a hostile environment. For a start allocating 32K
of physically contiguous memory is definitely out.This patch teaches it to use separate pages instead.
Signed-off-by: Herbert Xu
13 Aug, 2008
1 commit
-
My changeset 4b22f0ddb6564210c9ded7ba25b2a1007733e784
crypto: tcrpyt - Remove unnecessary kmap/kunmap calls
introduced a typo that broke AEAD chunk testing. In particular,
axbuf should really be xbuf.There is also an issue with testing the last segment when encrypting.
The additional part produced by AEAD wasn't tested. Similarly, on
decryption the additional part of the AEAD input is mistaken for
corruption.Signed-off-by: Herbert Xu
10 Jul, 2008
8 commits
-
All new crypto interfaces should go into individual files as much
as possible in order to ensure that crypto.h does not collapse under
its own weight.This patch moves the ahash code into crypto/hash.h and crypto/internal/hash.h
respectively.Signed-off-by: Herbert Xu
-
Noticed by Neil Horman: we are doing unnecessary kmap/kunmap calls
on kmalloced memory. This patch removes them. For the purposes of
testing SG construction, the underlying crypto code already does plenty
of kmap/kunmap calls anyway.Signed-off-by: Herbert Xu
-
Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2
compliance mandates that any supported mode of operation must include a self
test. This satisfies that requirement for cbc(des3_ede). The included test
vector was generated by me using openssl. Key/IV was generated with the
following command:openssl enc -des_ede_cbc -P
input and output values were generated by repeating the string "Too many
secrets" a few times over, truncating it to 128 bytes, and encrypting it with
openssl using the aformentioned key. Tested successfully by myselfSigned-off-by: Neil Horman
Acked-by: Adrian-Ken Rueegsegger
Signed-off-by: Herbert Xu -
This patch changes tcrypt to use the new asynchronous hash interface
for testing hash algorithm correctness. The speed tests will continue
to use the existing interface for now.Signed-off-by: Loc Ho
Signed-off-by: Herbert Xu -
This patch adds test vectors for RIPEMD-256 and
RIPEMD-320 hash algorithms.The test vectors are taken from
Signed-off-by: Adrian-Ken Rueegsegger
Signed-off-by: Herbert Xu -
Check whether the destination buffer is written to beyond the last
byte contained in the scatterlist.Also change IDX1 of the cross-page access offsets to a multiple of 4.
This triggers a corruption in the HIFN driver and doesn't seem to
negatively impact other testcases.Signed-off-by: Patrick McHardy
Signed-off-by: Herbert Xu -
Change logs should be kept in source control systems, not the source.
This patch removes the change log from tcrpyt to stop people from
extending it any more.Signed-off-by: Herbert Xu
-
This patch adds test vectors for RIPEMD-128 and
RIPEMD-160 hash algorithms and digests (HMAC).The test vectors are taken from ISO:IEC 10118-3 (2004)
and RFC2286.Signed-off-by: Adrian-Ken Rueegsegger
Signed-off-by: Herbert Xu
08 Jul, 2008
1 commit
-
Coverity CID: 2306 & 2307 RESOURCE_LEAK
In the second for loop in test_cipher(), data is allocated space with
kzalloc() and is only ever freed in an error case.
Looking at this loop, data is written to this memory but nothing seems
to read from it.
So here is a patch removing the allocation, I think this is the right
fix.Only compile tested.
Signed-off-by: Darren Jenkins
Signed-off-by: Herbert Xu
21 Apr, 2008
5 commits
-
On Thu, Mar 27, 2008 at 03:40:36PM +0100, Bodo Eggert wrote:
> Kamalesh Babulal wrote:
>
> > This patch cleanups the crypto code, replaces the init() and fini()
> > with the _init/_fini
>
> This part ist OK.
>
> > or init/fini_ (if the
> > _init/_fini exist)
>
> Having init_foo and foo_init won't be a good thing, will it? I'd start
> confusing them.
>
> What about foo_modinit instead?Thanks for the suggestion, the init() is replaced with
_mod_init ()
and fini () is replaced with _mod_fini.
Signed-off-by: Kamalesh Babulal
Signed-off-by: Herbert Xu -
Implement CTS wrapper for CBC mode required for support of AES
encryption support for Kerberos (rfc3962).Signed-off-by: Kevin Coffman
Signed-off-by: Herbert Xu -
The test routines (test_{cipher,hash,aead}) are makeing a copy
of the test template and are processing the encryption process
in place. This patch changes the creation of the copy so it will
work even if the source address of the input data isn't an array
inside of the template but a pointer.Signed-off-by: Sebastian Siewior
Signed-off-by: Herbert Xu -
The speed templates as it look always the same. The key size
is repeated for each block size and we test always the same
block size. The addition of one inner loop makes it possible
to get rid of the struct and it is possible to use a tiny
u8 array :)Signed-off-by: Sebastian Siewior
Signed-off-by: Herbert Xu -
Some crypto ciphers which are impleneted support similar key sizes
(16,24 & 32 byte). They can be grouped together and use a common
templatte instead of their own which contains the same data.Signed-off-by: Sebastian Siewior
Signed-off-by: Herbert Xu
11 Jan, 2008
17 commits
-
Currently the gcm(aes) tests have to be taken together with all other
algorithms. This patch makes it available by itself at number 106.Signed-off-by: Herbert Xu
-
The axbuf buffer is used by test_aead and therefore should be zeroed
there instead of in test_hash.Signed-off-by: Herbert Xu
-
This patch adds 7 test vectors to tcrypt for CCM.
The test vectors are from rfc 3610.
There are about 10 more test vectors in RFC 3610
and 4 or 5 more in NIST. I can add these as time permits.I also needed to set authsize. CCM has a prerequisite of
authsize.Signed-off-by: Joy Latten
Signed-off-by: Herbert Xu -
As discussed previously, this patch moves the basic CTR functionality
into a chainable algorithm called ctr. The IPsec-specific variant of
it is now placed on top with the name rfc3686.So ctr(aes) gives a chainable cipher with IV size 16 while the IPsec
variant will be called rfc3686(ctr(aes)). This patch also adjusts
gcm accordingly.Signed-off-by: Herbert Xu
-
This patch adds a simple speed test for salsa20.
Usage: modprobe tcrypt mode=206Signed-of-by: Tan Swee Heng
Signed-off-by: Herbert Xu -
Add LZO compression algorithm support
Signed-off-by: Zoltan Sogor
Signed-off-by: Herbert Xu -
Add common compression tester function
Modify deflate test case to use the common compressor test functionSigned-off-by: Zoltan Sogor
Signed-off-by: Herbert Xu -
The crypto_aead convention for ICVs is to include it directly in the
output. If we decided to change this in future then we would make
the ICV (if the algorithm has an explicit one) available in the
request itself.For now no algorithm needs this so this patch changes gcm to conform
to this convention. It also adjusts the tcrypt aead tests to take
this into account.Signed-off-by: Herbert Xu
-
Currently the gcm(aes) tests have to be taken together with all other
ciphers. This patch makes it available by itself at number 35.Signed-off-by: Herbert Xu
-
These utilities implemented in lib/hexdump.c are more handy, please use this.
Signed-off-by: Denis Cheng
Signed-off-by: Herbert Xu -
Currently the number of entries in a cipher test vector template is
limited by TVMEMSIZE/sizeof(struct cipher_testvec). This patch
circumvents the problem by pointing cipher_tv to each entry in the
template, rather than the template itself.Signed-off-by: Tan Swee Heng
Signed-off-by: Herbert Xu -
Add GCM/GMAC support to cryptoapi.
GCM (Galois/Counter Mode) is an AEAD mode of operations for any block cipher
with a block size of 16. The typical example is AES-GCM.Signed-off-by: Mikko Herranen
Reviewed-by: Mika Kukkonen
Signed-off-by: Herbert Xu -
Add AEAD support to tcrypt, needed by GCM.
Signed-off-by: Mikko Herranen
Reviewed-by: Mika Kukkonen
Signed-off-by: Herbert Xu -
This patch implements the Salsa20 stream cipher using the blkcipher interface.
The core cipher code comes from Daniel Bernstein's submission to eSTREAM:
http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/full/ref/The test vectors comes from:
http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/full/It has been tested successfully with "modprobe tcrypt mode=34" on an
UML instance.Signed-off-by: Tan Swee Heng
Signed-off-by: Herbert Xu -
Resubmitting this patch which extends sha256_generic.c to support SHA-224 as
described in FIPS 180-2 and RFC 3874. HMAC-SHA-224 as described in RFC4231
is then supported through the hmac interface.Patch includes test vectors for SHA-224 and HMAC-SHA-224.
SHA-224 chould be chosen as a hash algorithm when 112 bits of security
strength is required.Patch generated against the 2.6.24-rc1 kernel and tested against
2.6.24-rc1-git14 which includes fix for scatter gather implementation for HMAC.Signed-off-by: Jonathan Lynch
Signed-off-by: Herbert Xu -
This patch adds countersize to CTR mode.
The template is now ctr(algo,noncesize,ivsize,countersize).For example, ctr(aes,4,8,4) indicates the counterblock
will be composed of a salt/nonce that is 4 bytes, an iv
that is 8 bytes and the counter is 4 bytes.When noncesize + ivsize < blocksize, CTR initializes the
last block - ivsize - noncesize portion of the block to
zero. Otherwise the counter block is composed of the IV
(and nonce if necessary).If noncesize + ivsize == blocksize, then this indicates that
user is passing in entire counterblock. Thus countersize
indicates the amount of bytes in counterblock to use as
the counter for incrementing. CTR will increment counter
portion by 1, and begin encryption with that value.Note that CTR assumes the counter portion of the block that
will be incremented is stored in big endian.Signed-off-by: Joy Latten
Signed-off-by: Herbert Xu -
This patch implements CTR mode for IPsec.
It is based off of RFC 3686.Please note:
1. CTR turns a block cipher into a stream cipher.
Encryption is done in blocks, however the last block
may be a partial block.A "counter block" is encrypted, creating a keystream
that is xor'ed with the plaintext. The counter portion
of the counter block is incremented after each block
of plaintext is encrypted.
Decryption is performed in same manner.2. The CTR counterblock is composed of,
nonce + IV + counterThe size of the counterblock is equivalent to the
blocksize of the cipher.
sizeof(nonce) + sizeof(IV) + sizeof(counter) = blocksizeThe CTR template requires the name of the cipher
algorithm, the sizeof the nonce, and the sizeof the iv.
ctr(cipher,sizeof_nonce,sizeof_iv)So for example,
ctr(aes,4,8)
specifies the counterblock will be composed of 4 bytes
from a nonce, 8 bytes from the iv, and 4 bytes for counter
since aes has a blocksize of 16 bytes.3. The counter portion of the counter block is stored
in big endian for conformance to rfc 3686.Signed-off-by: Joy Latten
Signed-off-by: Herbert Xu
27 Oct, 2007
1 commit
-
This patch moves the sg_init_table out of the timing loops for hash
algorithms so that it doesn't impact on the speed test results.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
26 Oct, 2007
1 commit
-
Use sg_init_one() and sg_init_table() as needed.
Signed-off-by: David S. Miller
23 Oct, 2007
1 commit
-
Signed-off-by: Jens Axboe
11 Oct, 2007
1 commit
-
XTS currently considered to be the successor of the LRW mode by the IEEE1619
workgroup. LRW was discarded, because it was not secure if the encyption key
itself is encrypted with LRW.XTS does not have this problem. The implementation is pretty straightforward,
a new function was added to gf128mul to handle GF(128) elements in ble format.
Four testvectors from the specification
http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
were added, and they verify on my system.Signed-off-by: Rik Snel
Signed-off-by: Herbert Xu
