11 Oct, 2007
4 commits
-
This patch changes the return type of crypto_*_reqsize from int to
unsigned int which matches what the underlying type is (and should
be).Signed-off-by: Herbert Xu
-
Since not everyone needs a queue pointer and those who need it can
always get it from the context anyway the queue pointer in the
common alg object is redundant.Signed-off-by: Herbert Xu
-
This patch adds support for having multiple parameters to
a template, separated by a comma. It also adds support
for integer parameters in addition to the current algorithm
parameter type.This will be used by the authenc template which will have
four parameters: the authentication algorithm, the encryption
algorithm, the authentication size and the encryption key
length.Signed-off-by: Herbert Xu
-
This patch adds crypto_aead which is the interface for AEAD
(Authenticated Encryption with Associated Data) algorithms.AEAD algorithms perform authentication and encryption in one
step. Traditionally users (such as IPsec) would use two
different crypto algorithms to perform these. With AEAD
this comes down to one algorithm and one operation.Of course if traditional algorithms were used we'd still
be doing two operations underneath. However, real AEAD
algorithms may allow the underlying operations to be
optimised as well.Signed-off-by: Herbert Xu
11 Jul, 2007
1 commit
-
This removes all the unused block cipher fields from cipher_tfm.
Signed-off-by: Herbert Xu
02 May, 2007
4 commits
-
This patch adds ablkcipher_request_set_tfm for those users that need
to manage the memory for ablkcipher requests directly.Signed-off-by: Herbert Xu
-
This patch adds the mid-level interface for asynchronous block ciphers.
It also includes a generic queueing mechanism that can be used by other
asynchronous crypto operations in future.Signed-off-by: Herbert Xu
-
This patch passes the type/mask along when constructing instances of
templates. This is in preparation for templates that may support
multiple types of instances depending on what is requested. For example,
the planned software async crypto driver will use this construct.For the moment this allows us to check whether the instance constructed
is of the correct type and avoid returning success if the type does not
match.Signed-off-by: Herbert Xu
-
This patch adds the frontend interface for asynchronous block ciphers.
In addition to the usual block cipher parameters, there is a callback
function pointer and a data pointer. The callback will be invoked only
if the encrypt/decrypt handlers return -EINPROGRESS. In other words,
if the return value of zero the completion handler (or the equivalent
code) needs to be invoked by the caller.The request structure is allocated and freed by the caller. Its size
is determined by calling crypto_ablkcipher_reqsize(). The helpers
ablkcipher_request_alloc/ablkcipher_request_free can be used to manage
the memory for a request.Signed-off-by: Herbert Xu
07 Feb, 2007
2 commits
-
Now that all cipher/compression users have switched over to the new
allocation scheme, we can get rid of the compatility defines and use
proper structs for them.Signed-off-by: Herbert Xu
-
This patch removes the old cipher interface and related code.
Signed-off-by: Herbert Xu
07 Dec, 2006
1 commit
-
This patch removes the following no longer used functions:
- api.c: crypto_alg_available()
- digest.c: crypto_digest_init()
- digest.c: crypto_digest_update()
- digest.c: crypto_digest_final()
- digest.c: crypto_digest_digest()Signed-off-by: Adrian Bunk
Signed-off-by: Herbert Xu
20 Nov, 2006
1 commit
-
This patch has removed one too many semicolon in crypto.h.
Signed-off-by: Yoichi Yuasa
Signed-off-by: Herbert Xu
21 Sep, 2006
20 commits
-
This patch marks the crypto_digest_* functions and crypto_alg_available
as deprecated. They've been replaced by crypto_hash_* and crypto_has_*
respectively.Signed-off-by: Herbert Xu
-
This patch converts padlock-sha to use crypto_hash for its fallback.
It also changes the fallback selection to use selection by type instead
of name. This is done through the new CRYPTO_ALG_NEED_FALLBACK bit,
which is set if and only if an algorithm needs a fallback of the same
type.Signed-off-by: Herbert Xu
-
This patch converts all users to use the new crypto_comp type and the
crypto_has_* functions.Signed-off-by: Herbert Xu
-
This patch adds the crypto_comp type to complete the compile-time checking
conversion. The functions crypto_has_alg and crypto_has_cipher, etc. are
also added to replace crypto_alg_available.Signed-off-by: Herbert Xu
-
This patch removes the old HMAC implementation now that nobody uses it
anymore.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The existing digest user interface is inadequate for support asynchronous
operations. For one it doesn't return a value to indicate success or
failure, nor does it take a per-operation descriptor which is essential
for the issuing of requests while other requests are still outstanding.This patch is the first in a series of steps to remodel the interface
for asynchronous operations.For the ease of transition the new interface will be known as "hash"
while the old one will remain as "digest".This patch also changes sg_next to allow chaining.
Signed-off-by: Herbert Xu
-
Mark the parts of the cipher interface that have been replaced by
block ciphers as deprecated. Thanks to Andrew Morton for suggesting
doing this before removing them completely.Signed-off-by: Herbert Xu
-
This patch adds the new type of block ciphers. Unlike current cipher
algorithms which operate on a single block at a time, block ciphers
operate on an arbitrarily long linear area of data. As it is block-based,
it will skip any data remaining at the end which cannot form a block.The block cipher has one major difference when compared to the existing
block cipher implementation. The sg walking is now performed by the
algorithm rather than the cipher mid-layer. This is needed for drivers
that directly support sg lists. It also improves performance for all
algorithms as it reduces the total number of indirect calls by one.In future the existing cipher algorithm will be converted to only have
a single-block interface. This will be done after all existing users
have switched over to the new block cipher type.Signed-off-by: Herbert Xu
-
This patch adds two new operations for the simple cipher that encrypts or
decrypts a single block at a time. This will be the main interface after
the existing block operations have moved over to the new block ciphers.It also adds the crypto_cipher type which is currently only used on the
new operations but will be extended to setkey as well once existing users
have been converted to use block ciphers where applicable.Signed-off-by: Herbert Xu
-
This patch adds the crypto_type structure which will be used for all new
crypto algorithm types, beginning with block ciphers.The primary purpose of this abstraction is to allow different crypto_type
objects for crypto algorithms of the same type, in particular, there will
be a different crypto_type objects for asynchronous algorithms.Signed-off-by: Herbert Xu
-
Up until now all crypto transforms have been of the same type, struct
crypto_tfm, regardless of whether they are ciphers, digests, or other
types. As a result of that, we check the types at run-time before
each crypto operation.This is rather cumbersome. We could instead use different C types for
each crypto type to ensure that the correct types are used at compile
time. That is, we would have crypto_cipher/crypto_digest instead of
just crypto_tfm. The appropriate type would then be required for the
actual operations such as crypto_digest_digest.Now that we have the type/mask fields when looking up algorithms, it
is easy to request for an algorithm of the precise type that the user
wants. However, crypto_alloc_tfm currently does not expose these new
attributes.This patch introduces the function crypto_alloc_base which will carry
these new parameters. It will be renamed to crypto_alloc_tfm once
all existing users have been converted.Signed-off-by: Herbert Xu
-
This patch adds the asynchronous flag and changes all existing users to
only look up algorithms that are synchronous.Signed-off-by: Herbert Xu
-
This patch makes IV operations on ECB fail through nocrypt_iv rather than
calling BUG(). This is needed to generalise CBC/ECB using the template
mechanism.Signed-off-by: Herbert Xu
-
Now that the tfm is passed directly to setkey instead of the ctx, we no
longer need to pass the &tfm->crt_flags pointer.This patch also gets rid of a few unnecessary checks on the key length
for ciphers as the cipher layer guarantees that the key length is within
the bounds specified by the algorithm.Rather than testing dia_setkey every time, this patch does it only once
during crypto_alloc_tfm. The redundant check from crypto_digest_setkey
is also removed.Signed-off-by: Herbert Xu
-
Add missing accessors for cra_driver_name and cra_priority.
Signed-off-by: Michal Ludvig
Signed-off-by: Herbert Xu -
Spawns lock a specific crypto algorithm in place. They can then be used
with crypto_spawn_tfm to allocate a tfm for that algorithm. When the base
algorithm of a spawn is deregistered, all its spawns will be automatically
removed.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The cryptomgr module is a simple manager of crypto algorithm instances.
It ensures that parameterised algorithms of the type tmpl(alg) (e.g.,
cbc(aes)) are always created.This is meant to satisfy the needs for most users. For more complex
cases such as deeper combinations or multiple parameters, a netlink
module will be created which allows arbitrary expressions to be parsed
in user-space.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch adds a notifier chain for algorithm/template registration events.
This will be used to register compound algorithms such as cbc(aes). In
future this will also be passed onto user-space through netlink.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Up until now we've relied on module reference counting to ensure that the
crypto_alg structures don't disappear from under us. This was good enough
as long as each crypto_alg came from exactly one module.However, with parameterised crypto algorithms a crypto_alg object may need
two or more modules to operate. This means that we need to count the
references to the crypto_alg object directly.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Previously the __aligned__ attribute was added to the crypto_tfm context
member to ensure it is alinged correctly on architectures such as arm.
Unfortunately kmalloc does not use the same minimum alignment rules as
gcc so this is useless.This patch changes it to use kmalloc's minimum alignment.
Signed-off-by: Herbert Xu
26 Jun, 2006
3 commits
-
We do need to change these names now and even more so in future with
instantiated algorithms. So let's stop lying to the compiler and get
rid of the const modifiers.Signed-off-by: Herbert Xu
-
This patch adds the hooks cra_init/cra_exit which are called during a tfm's
construction and destruction respectively. This will be used by the instances
to allocate child tfm's.For now this lets us get rid of the coa_init/coa_exit functions which are
used for exactly that purpose (unlike the dia_init function which is called
for each transaction).In fact the coa_exit path is currently buggy as it may get called twice
when an error is encountered during initialisation.Signed-off-by: Herbert Xu
-
Up until now algorithms have been happy to get a context pointer since
they know everything that's in the tfm already (e.g., alignment, block
size).However, once we have parameterised algorithms, such information will
be specific to each tfm. So the algorithm API needs to be changed to
pass the tfm structure instead of the context pointer.This patch is basically a text substitution. The only tricky bit is
the assembly routines that need to get the context pointer offset
through asm-offsets.h.Signed-off-by: Herbert Xu
26 Apr, 2006
1 commit
-
Signed-off-by: David Woodhouse
21 Mar, 2006
1 commit
-
Since tfm contexts can contain arbitrary types we should provide at least
natural alignment (__attribute__ ((__aligned__))) for them. In particular,
this is needed on the Xscale which is a 32-bit architecture with a u64 type
that requires 64-bit alignment. This problem was reported by Ronen Shitrit.The crypto_tfm structure's size was 44 bytes on 32-bit architectures and
80 bytes on 64-bit architectures. So adding this requirement only means
that we have to add an extra 4 bytes on 32-bit architectures.On i386 the natural alignment is 16 bytes which also benefits the VIA
Padlock as it no longer has to manually align its context structure to
128 bits.Signed-off-by: Herbert Xu
10 Jan, 2006
1 commit
-
This is the first step on the road towards asynchronous support in
the Crypto API. It adds support for having multiple crypto_alg objects
for the same algorithm registered in the system.For example, each device driver would register a crypto_alg object
for each algorithm that it supports. While at the same time the
user may load software implementations of those same algorithms.Users of the Crypto API may then select a specific implementation
by name, or choose any implementation for a given algorithm with
the highest priority.The priority field is a 32-bit signed integer. In future it will be
possible to modify it from user-space.This also provides a solution to the problem of selecting amongst
various AES implementations, that is, aes vs. aes-i586 vs. aes-padlock.Signed-off-by: Herbert Xu
02 Sep, 2005
1 commit
-
The crypto layer currently uses in_atomic() to determine whether it is
allowed to sleep. This is incorrect since spin locks don't always cause
in_atomic() to return true.Instead of that, this patch returns to an earlier idea of a per-tfm flag
which determines whether sleeping is allowed. Unlike the earlier version,
the default is to not allow sleeping. This ensures that no existing code
can break.As usual, this flag may either be set through crypto_alloc_tfm(), or
just before a specific crypto operation.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller