28 Feb, 2016
4 commits
-
RFC 3686 CTR in various authenc methods.
rfc3686(ctr(aes)) is already marked fips compliant,
so these should be fine.Signed-off-by: Marcus Meissner
Acked-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Signed-off-by: Yang Pingchao
Signed-off-by: Herbert Xu -
The limbs are integers in the host endianness, so we can't simply
iterate over the individual bytes. The current code happens to work on
little-endian, because the order of the limbs in the MPI array is the
same as the order of the bytes in each limb, but it breaks on
big-endian.Fixes: 0f74fbf77d45 ("MPI: Fix mpi_read_buffer")
Signed-off-by: Michal Marek
Signed-off-by: Herbert Xu -
Add md5 sha1 sha256 support for crypto engine in rk3288.
Signed-off-by: Zain Wang
Signed-off-by: Herbert Xu
17 Feb, 2016
13 commits
-
Commit 28856a9e52c7 missed the addition of the crypto/xts.h include file
for different architecture-specific AES implementations.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The crypto API received the skcipher API which is intended to replace
the ablkcipher and blkcipher API. This patch adds the skcipher API
documentation to the DocBook, updates the code sample (including
removing the blkcipher example) replaces the references to ablkcipher
and blkcipher with skcipher.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The associated data handling with the kernel crypto API has been
updated. This needs to be reflected in the documentation.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Add new crypto API call crypto_rng_generate to DocBook.
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Reference the new akcipher API calls in the kernel crypto API DocBook.
Also, fix the comments in the akcipher.h file: double dashes do not look
good in the DocBook; fix a typo.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
caam_jr_shutdown() is only used in this file, so it can be
made static.This avoids the following sparse warning:
drivers/crypto/caam/jr.c:68:5: warning: symbol 'caam_jr_shutdown' was not declared. Should it be static?
Signed-off-by: Fabio Estevam
Signed-off-by: Herbert Xu -
Fix a leak on error path in qat asym
Reported-by: Salvatore Benedetto
Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu -
The patch centralizes the XTS key check logic into the service function
xts_check_key which is invoked from the different XTS implementations.
With this, the XTS implementations in ARM, ARM64, PPC and S390 have now
a sanity check for the XTS keys similar to the other arches.In addition, this service function received a check to ensure that the
key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the
check is not present in the standards defining XTS, it is only enforced
in FIPS mode of the kernel.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Add support for the hardware true random number generator
peripheral found on PIC32.Signed-off-by: Joshua Henderson
Signed-off-by: Purna Chandra Mandal
Reviewed-by: Daniel Thompson
Signed-off-by: Herbert Xu -
Document the devicetree bindings for the random number generator found
on Microchip PIC32 class devices.Signed-off-by: Joshua Henderson
Acked-by: Rob Herring
Signed-off-by: Herbert Xu -
When (!ctx->bufcnt && !(ctx->flags & SHA_FLAGS_PAD)), the former source
code used to set the SHA_FLAGS_BUSY without checking whether this flag was
already set. If so, the hardware is already processing another hash
request so the processing of the req argument of atmel_sha_final() should
be delayed by queueing this request, the same way as done for the
(ctx->bufcnt != 0) case.Signed-off-by: Cyrille Pitchen
Signed-off-by: Herbert Xu -
Using only the digest, digcnt[], bufcnt and buffer[] fields of the
struct atmel_sha_reqctx was not enough to import/export the request state,
so now we use the whole structure.Signed-off-by: Cyrille Pitchen
Signed-off-by: Herbert Xu -
(2nd try that adds missing , to build.)
Signed-off-by: Marcus Meissner
Signed-off-by: Herbert Xu
09 Feb, 2016
1 commit
-
This needs to go through the security tree so I'm reverting the
patches for now.Signed-off-by: Herbert Xu
06 Feb, 2016
19 commits
-
Some more authenc() wrapped algorithms are FIPS compliant, tag
them as such.Signed-off-by: Marcus Meissner
Acked-by: Stephan Mueller
Signed-off-by: Herbert Xu -
__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the
actual length of the initialisation vector can be shorter.
The length of the IV is already calculated earlier in the
function. Let's just reuses that. Also the IV length is currently
calculated several time for no reason. Let's fix that too.
This fix an out-of-bound error detected by KASan.Signed-off-by: Jerome Marchand
Signed-off-by: Herbert Xu -
Currently the sahara driver fails to probe:
sahara: probe of 63ff8000.crypto failed with error -22
This happens since commit 8996eafdcbad ("crypto: ahash - ensure statesize
is non-zero"), which requires statesize to be filled.Pass the statesize members for sha1 and sha256, so we can probe
the driver successfully again.Signed-off-by: Fabio Estevam
Signed-off-by: Herbert Xu -
Based on commit 434b421241f2d0 ("crypto: caam - avoid needlessly saving and
restoring caam_hash_ctx") from Russell King.When exporting and importing the hash state, we will only export and
import into hashes which share the same struct crypto_ahash pointer.
(See hash_accept->af_alg_accept->hash_accept_parent.)This means that saving the sahara_ctx structure on export, and
restoring it on import is a waste of resources. So, remove this code.Signed-off-by: Fabio Estevam
Signed-off-by: Herbert Xu -
As pointed out by Herbert Xu we should not include the mutex in the
exported state, so let's just get rid of it.Signed-off-by: Fabio Estevam
Signed-off-by: Herbert Xu -
Modify __test_hash() so that hash import/export can be tested
from within the kernel. The test is unconditionally done when
a struct hash_testvec has its .np > 1.v3: make the test unconditional
v2: Leverage template[i].np as suggested by Tim ChenSigned-off-by: Rui Wang
Signed-off-by: Herbert Xu -
After digsig_asymmetric.c is converted the MPIs can be now
safely removed from the public_key_signature structure.Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu -
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu -
This patch converts the module verification code to the new akcipher API.
Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu -
Use a local variable for the exported and imported state so that
alignment is not an issue. On export, set a local variable from the
request context and then memcpy the contents of the local variable to
the export memory area. On import, memcpy the import memory area into
a local variable and then use the local variable to set the request
context.Cc: # 3.14.x-
Signed-off-by: Tom Lendacky
Signed-off-by: Herbert Xu -
On Monday, February 1, 2016 4:18 PM, Herbert Xu wrote:
>
> On Wed, Jan 27, 2016 at 05:08:35PM +0800, Rui Wang wrote:
>>
>> +static int sha1_mb_async_import(struct ahash_request *req, const void
>> +*in) {
>> + struct ahash_request *mcryptd_req = ahash_request_ctx(req);
>> + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
>> + struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
>> + struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
>> + struct crypto_shash *child = mcryptd_ahash_child(mcryptd_tfm);
>> + struct mcryptd_hash_request_ctx *rctx;
>> + struct shash_desc *desc;
>> + int err;
>> +
>> + memcpy(mcryptd_req, req, sizeof(*req));
>> + ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
>> + rctx = ahash_request_ctx(mcryptd_req);
>> + desc = &rctx->desc;
>> + desc->tfm = child;
>> + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
>> +
>> + err = crypto_shash_init(desc);
>> + if (err)
>> + return err;
>
> What is this desc for?Hi Herbert,
Yeah I just realized that the call to crypto_shash_init() isn't necessary
here. What it does is overwritten by crypto_ahash_import(). But this desc
still needs to be initialized here because it's newly allocated by
ahash_request_alloc(). We eventually calls the shash version of import()
which needs desc as an argument. The real context to be imported is then
derived from shash_desc_ctx(desc).desc is a sub-field of struct mcryptd_hash_request_ctx, which is again a
sub-field of the bigger blob allocated by ahash_request_alloc(). The entire
blob's size is set in sha1_mb_async_init_tfm(). So a better version is as
follows:(just removed the call to crypto_shash_init())
>From 4bcb73adbef99aada94c49f352063619aa24d43d Mon Sep 17 00:00:00 2001
From: Rui Wang
Date: Mon, 14 Dec 2015 17:22:13 +0800
Subject: [PATCH v2 1/4] crypto x86/sha1_mb: Fix load failuremodprobe sha1_mb fails with the following message:
modprobe: ERROR: could not insert 'sha1_mb': No such device
It is because it needs to set its statesize and implement its
import() and export() interface.v2: remove redundant call to crypto_shash_init()
Signed-off-by: Rui Wang
Signed-off-by: Herbert Xu -
Move the helper function to common header for everybody to use.
changes in v2:
- move the helper to crypto/internal/aead.h
instead of crypto/aead.hSigned-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu -
The driver for the sunxi-ss crypto engine is not entirely 64-bit safe,
compilation on arm64 spits some warnings.
The proper fix was deemed to involved [1], so since 64-bit SoCs won't
have this IP block we just disable this driver for 64-bit.[1]: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-January/399988.html
(and the reply)Signed-off-by: Andre Przywara
Acked-by: Corentin LABBE
Signed-off-by: Herbert Xu -
This patch removes all traces of the crypto_hash interface, now
that everyone has switched over to shash or ahash.Signed-off-by: Herbert Xu
-
This patch replaces uses of the long obsolete hash interface with
ahash.Signed-off-by: Herbert Xu
Acked-by: Greg Kroah-Hartman -
This patch adds helpers to retrieve the alg name and driver name
of crypto_shash and crypto_ahash objects.Signed-off-by: Herbert Xu
-
The helper crypto_skcipher_driver_name was returning the alg
name and not the driver name.Signed-off-by: Herbert Xu
-
This patch replaces the crypto_hash example in api-intro.txt with
crypto_ahash.Signed-off-by: Herbert Xu
-
This patch removes the last user of the obsolete crypto_hash
interface, tcrypt, by simply switching it over to ahash. In
fact it already has all the code there so it's just a matter
of calling the ahash speed test code with the right mask.Signed-off-by: Herbert Xu
01 Feb, 2016
3 commits
-
We're clearing the wrong memory. The memory corruption is likely
harmless because we weren't going to use that stack memory again but not
zeroing is a potential information leak.Fixes: e28facde3c39 ('crypto: keywrap - add key wrapping block chaining mode')
Signed-off-by: Dan Carpenter
Acked-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Since the exported information can be exposed to user-space, instead of
exporting the entire request context only export the minimum information
needed.Cc: # 3.14.x-
Signed-off-by: Tom Lendacky
Signed-off-by: Herbert Xu -
Integrate with the newly added crypto engine to make the crypto hardware
engine underutilized as each block needs to be processed before the crypto
hardware can start working on the next block.The requests from dm-crypt will be listed into engine queue and processed
by engine automatically, so remove the 'queue' and 'queue_task' things in
omap aes driver.Signed-off-by: Baolin Wang
Signed-off-by: Herbert Xu
