18 Feb, 2008

1 commit

  • This patch fixes the following build error caused by commit
    3631c650c495d61b1dabf32eb26b46873636e918:

    ...
    LD .tmp_vmlinux1
    crypto/built-in.o: In function `skcipher_null_crypt':
    crypto_null.c:(.text+0x3d14): undefined reference to `blkcipher_walk_virt'
    crypto_null.c:(.text+0x3d14): relocation truncated to fit: R_MIPS_26 against `blkcipher_walk_virt'
    crypto/built-in.o: In function `$L32':
    crypto_null.c:(.text+0x3d54): undefined reference to `blkcipher_walk_done'
    crypto_null.c:(.text+0x3d54): relocation truncated to fit: R_MIPS_26 against `blkcipher_walk_done'
    crypto/built-in.o:(.data+0x2e8): undefined reference to `crypto_blkcipher_type'
    make[1]: *** [.tmp_vmlinux1] Error 1

    Signed-off-by: Adrian Bunk
    Signed-off-by: Herbert Xu

    Adrian Bunk
     

15 Feb, 2008

1 commit


08 Feb, 2008

1 commit


07 Feb, 2008

6 commits

  • The source and destination addresses are included to allow channel
    selection based on address alignment.

    Signed-off-by: Dan Williams
    Reviewed-by: Haavard Skinnemoen

    Dan Williams
     
  • Pass a full set of flags to drivers' per-operation 'prep' routines.
    Currently the only flag passed is DMA_PREP_INTERRUPT. The expectation is
    that arch-specific async_tx_find_channel() implementations can exploit this
    capability to find the best channel for an operation.

    Signed-off-by: Dan Williams
    Acked-by: Shannon Nelson
    Reviewed-by: Haavard Skinnemoen

    Dan Williams
     
  • The tx_set_src and tx_set_dest methods were originally implemented to allow
    an array of addresses to be passed down from async_xor to the dmaengine
    driver while minimizing stack overhead. Removing these methods allows
    drivers to have all transaction parameters available at 'prep' time, saves
    two function pointers in struct dma_async_tx_descriptor, and reduces the
    number of indirect branches..

    A consequence of moving this data to the 'prep' routine is that
    multi-source routines like async_xor need temporary storage to convert an
    array of linear addresses into an array of dma addresses. In order to keep
    the same stack footprint of the previous implementation the input array is
    reused as storage for the dma addresses. This requires that
    sizeof(dma_addr_t) be less than or equal to sizeof(void *). As a
    consequence CONFIG_DMADEVICES now depends on !CONFIG_HIGHMEM64G. It also
    requires that drivers be able to make descriptor resources available when
    the 'prep' routine is polled.

    Signed-off-by: Dan Williams
    Acked-by: Shannon Nelson

    Dan Williams
     
  • Remove the unused ASYNC_TX_ASSUME_COHERENT flag. Async_tx is
    meant to hide the difference between asynchronous hardware and synchronous
    software operations, this flag requires clients to understand cache
    coherency consequences of the async path.

    Signed-off-by: Dan Williams
    Reviewed-by: Haavard Skinnemoen

    Dan Williams
     
  • single list_head variable initialized with LIST_HEAD_INIT could almost
    always can be replaced with LIST_HEAD declaration, this shrinks the code
    and looks better.

    Signed-off-by: Denis Cheng
    Signed-off-by: Dan Williams

    Denis Cheng
     
  • do_async_xor must be compiled away on !HAS_DMA archs.

    Signed-off-by: Dan Williams
    Acked-by: Cornelia Huck

    Dan Williams
     

26 Jan, 2008

1 commit

  • * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (125 commits)
    [CRYPTO] twofish: Merge common glue code
    [CRYPTO] hifn_795x: Fixup container_of() usage
    [CRYPTO] cast6: inline bloat--
    [CRYPTO] api: Set default CRYPTO_MINALIGN to unsigned long long
    [CRYPTO] tcrypt: Make xcbc available as a standalone test
    [CRYPTO] xcbc: Remove bogus hash/cipher test
    [CRYPTO] xcbc: Fix algorithm leak when block size check fails
    [CRYPTO] tcrypt: Zero axbuf in the right function
    [CRYPTO] padlock: Only reset the key once for each CBC and ECB operation
    [CRYPTO] api: Include sched.h for cond_resched in scatterwalk.h
    [CRYPTO] salsa20-asm: Remove unnecessary dependency on CRYPTO_SALSA20
    [CRYPTO] tcrypt: Add select of AEAD
    [CRYPTO] salsa20: Add x86-64 assembly version
    [CRYPTO] salsa20_i586: Salsa20 stream cipher algorithm (i586 version)
    [CRYPTO] gcm: Introduce rfc4106
    [CRYPTO] api: Show async type
    [CRYPTO] chainiv: Avoid lock spinning where possible
    [CRYPTO] seqiv: Add select AEAD in Kconfig
    [CRYPTO] scatterwalk: Handle zero nbytes in scatterwalk_map_and_copy
    [CRYPTO] null: Allow setkey on digest_null
    ...

    Linus Torvalds
     

11 Jan, 2008

30 commits

  • Bloat-o-meter shows rather high readings for cast6...

    crypto/cast6.c:
    cast6_setkey | -1310
    cast6_encrypt | -4567
    cast6_decrypt | -4561
    3 functions changed, 10438 bytes removed, diff: -10438

    crypto/cast6.c:
    W | +659
    Q | +308
    QBAR | +316
    3 functions changed, 1283 bytes added, diff: +1283

    crypto/cast6.o:
    6 functions changed, 1283 bytes added, 10438 bytes removed, diff: -9155

    Signed-off-by: Ilpo Järvinen
    Signed-off-by: Herbert Xu

    Ilpo Järvinen
     
  • Currently the gcm(aes) tests have to be taken together with all other
    algorithms. This patch makes it available by itself at number 106.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • When setting the digest size xcbc tests to see if the underlying algorithm
    is a hash. This is silly because we don't allow it to be a hash and we've
    specifically requested for a cipher.

    This patch removes the bogus test.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • When the underlying algorithm has a block size other than 16 we abort
    without freeing it. In fact, we try to return the algorithm itself
    as an error!

    This patch plugs the leak and makes it return -EINVAL instead.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • The axbuf buffer is used by test_aead and therefore should be zeroed
    there instead of in test_hash.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • Signed-off-by: Tan Swee Heng
    Signed-off-by: Herbert Xu

    Tan Swee Heng
     
  • ERROR: "crypto_aead_setauthsize" [crypto/tcrypt.ko] undefined!
    ERROR: "crypto_alloc_aead" [crypto/tcrypt.ko] undefined!

    Signed-off-by: Sebastian Siewior
    Signed-off-by: Herbert Xu

    Sebastian Siewior
     
  • This is the x86-64 version of the Salsa20 stream cipher algorithm. The
    original assembly code came from
    . It has been
    reformatted for clarity.

    Signed-off-by: Tan Swee Heng
    Signed-off-by: Herbert Xu

    Tan Swee Heng
     
  • This patch contains the salsa20-i586 implementation. The original
    assembly code came from
    . I have reformatted
    it (added indents) so that it matches the other algorithms in
    arch/x86/crypto.

    Signed-off-by: Tan Swee Heng
    Signed-off-by: Herbert Xu

    Tan Swee Heng
     
  • This patch introduces the rfc4106 wrapper for GCM just as we have an
    rfc4309 wrapper for CCM. The purpose of the wrapper is to include part
    of the IV in the key so that it can be negotiated by IPsec.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch adds an async field to /proc/crypto for ablkcipher and aead
    algorithms.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch makes chainiv avoid spinning by postponing requests on lock
    contention if the user allows the use of asynchronous algorithms. If
    a synchronous algorithm is requested then we behave as before.

    This should improve IPsec performance on SMP when two CPUs attempt to
    transmit over the same SA. Currently one of them will spin doing nothing
    waiting for the other CPU to finish its encryption. This patch makes it
    postpone the request and get on with other work.

    If only one CPU is transmitting for a given SA, then we will process
    the request synchronously as before.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • Now that seqiv supports AEAD algorithms it needs to select the AEAD option.

    Thanks to Erez Zadok for pointing out the problem.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • It's better to return silently than crash and burn when someone feeds us
    a zero length. In particular the null digest algorithm when used as part
    of authenc will do that to us.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • We need to allow setkey on digest_null if it is to be used directly by
    authenc instead of through hmac.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch adds a null blkcipher algorithm called ecb(cipher_null) for
    backwards compatibility. Previously the null algorithm when used by
    IPsec copied the data byte by byte. This new algorithm optimises that
    to a straight memcpy which lets us better measure inherent overheads in
    our IPsec code.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch adds 7 test vectors to tcrypt for CCM.
    The test vectors are from rfc 3610.
    There are about 10 more test vectors in RFC 3610
    and 4 or 5 more in NIST. I can add these as time permits.

    I also needed to set authsize. CCM has a prerequisite of
    authsize.

    Signed-off-by: Joy Latten
    Signed-off-by: Herbert Xu

    Joy Latten
     
  • This patch adds Counter with CBC-MAC (CCM) support.
    RFC 3610 and NIST Special Publication 800-38C were referenced.

    Signed-off-by: Joy Latten
    Signed-off-by: Herbert Xu

    Joy Latten
     
  • This patch makes crypto_alloc_aead always return algorithms that is
    capable of generating their own IVs through givencrypt and givdecrypt.
    All existing AEAD algorithms already do. New ones must either supply
    their own or specify a generic IV generator with the geniv field.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch adds support for using seqiv with AEAD algorithms. This is
    useful for those AEAD algorithms that performs authentication before
    encryption because the IV generated by the underlying encryption algorithm
    won't be available for authentication.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch creates the infrastructure to help the construction of IV
    generator templates that wrap around AEAD algorithms by adding an IV
    generator to them. This is useful for AEAD algorithms with no built-in
    IV generator or to replace their built-in generator.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • Some algorithms always require manual IV construction. For instance,
    the generic CCM algorithm requires the first byte of the IV to be manually
    constructed. Such algorithms are always used by other algorithms equipped
    with their own IV generators and do not need IV generation per se.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch implements the givencrypt function for authenc. It simply
    calls the givencrypt operation on the underlying cipher instead of encrypt.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch adds the underlying givcrypt operations for aead and associated
    support elements. The rationale is identical to that of the skcipher
    givcrypt operations, i.e., sometimes only the algorithm knows how the
    IV should be generated.

    A new request type aead_givcrypt_request is added which contains an
    embedded aead_request structure with two new elements to support this
    operation. The new elements are seq and giv. The seq field should
    contain a strictly increasing 64-bit integer which may be used by
    certain IV generators as an input value. The giv field will be used
    to store the generated IV. It does not need to obey the alignment
    requirements of the algorithm because it's not used during the operation.

    The existing iv field must still be available as it will be used to store
    intermediate IVs and the output IV if chaining is desired.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This generator generates an IV based on a sequence number by xoring it
    with a salt. This algorithm is mainly useful for CTR and similar modes.

    This patch also sets it as the default IV generator for ctr.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch converts the gcm algorithm over to crypto_grab_skcipher
    which is a prerequisite for IV generation.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch adds the gcm_base template which takes a block cipher
    parameter instead of cipher. This allows the user to specify a
    specific CTR implementation.

    This also fixes a leak of the cipher algorithm that was previously
    looked up but never freed.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch converts the authenc algorithm over to crypto_grab_skcipher
    which is a prerequisite for IV generation.

    This patch also changes authenc to set its ASYNC status depending on
    the ASYNC status of the underlying skcipher.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This patch makes crypto_alloc_ablkcipher/crypto_grab_skcipher always
    return algorithms that are capable of generating their own IVs through
    givencrypt and givdecrypt. Each algorithm may specify its default IV
    generator through the geniv field.

    For algorithms that do not set the geniv field, the blkcipher layer will
    pick a default. Currently it's chainiv for synchronous algorithms and
    eseqiv for asynchronous algorithms. Note that if these wrappers do not
    work on an algorithm then that algorithm must specify its own geniv or
    it can't be used at all.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • This generator generates an IV based on a sequence number by xoring it
    with a salt and then encrypting it with the same key as used to encrypt
    the plain text. This algorithm requires that the block size be equal
    to the IV size. It is mainly useful for CBC.

    It has one noteworthy property that for IPsec the IV happens to lie
    just before the plain text so the IV generation simply increases the
    number of encrypted blocks by one. Therefore the cost of this generator
    is entirely dependent on the speed of the underlying cipher.

    Signed-off-by: Herbert Xu

    Herbert Xu