16 Dec, 2012

1 commit

  • Pull crypto update from Herbert Xu:

    - Added aesni/avx/x86_64 implementations for camellia.

    - Optimised AVX code for cast5/serpent/twofish/cast6.

    - Fixed vmac bug with unaligned input.

    - Allow compression algorithms in FIPS mode.

    - Optimised crc32c implementation for Intel.

    - Misc fixes.

    * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (32 commits)
    crypto: caam - Updated SEC-4.0 device tree binding for ERA information.
    crypto: testmgr - remove superfluous initializers for xts(aes)
    crypto: testmgr - allow compression algs in fips mode
    crypto: testmgr - add larger crc32c test vector to test FPU path in crc32c_intel
    crypto: testmgr - clean alg_test_null entries in alg_test_descs[]
    crypto: testmgr - remove fips_allowed flag from camellia-aesni null-tests
    crypto: cast5/cast6 - move lookup tables to shared module
    padata: use __this_cpu_read per-cpu helper
    crypto: s5p-sss - Fix compilation error
    crypto: picoxcell - Add terminating entry for platform_device_id table
    crypto: omap-aes - select BLKCIPHER2
    crypto: camellia - add AES-NI/AVX/x86_64 assembler implementation of camellia cipher
    crypto: camellia-x86_64 - share common functions and move structures and function definitions to header file
    crypto: tcrypt - add async speed test for camellia cipher
    crypto: tegra-aes - fix error-valued pointer dereference
    crypto: tegra - fix missing unlock on error case
    crypto: cast5/avx - avoid using temporary stack buffers
    crypto: serpent/avx - avoid using temporary stack buffers
    crypto: twofish/avx - avoid using temporary stack buffers
    crypto: cast6/avx - avoid using temporary stack buffers
    ...

    Linus Torvalds
     

06 Dec, 2012

6 commits


09 Nov, 2012

2 commits

  • This patch adds AES-NI/AVX/x86_64 assembler implementation of Camellia block
    cipher. Implementation process data in sixteen block chunks, which are
    byte-sliced and AES SubBytes is reused for Camellia s-box with help of pre-
    and post-filtering.

    Patch has been tested with tcrypt and automated filesystem tests.

    tcrypt test results:

    Intel Core i5-2450M:

    camellia-aesni-avx vs camellia-asm-x86_64-2way:
    128bit key: (lrw:256bit) (xts:256bit)
    size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec lrw-enc lrw-dec xts-enc xts-dec
    16B 0.98x 0.96x 0.99x 0.96x 0.96x 0.95x 0.95x 0.94x 0.97x 0.98x
    64B 0.99x 0.98x 1.00x 0.98x 0.98x 0.99x 0.98x 0.93x 0.99x 0.98x
    256B 2.28x 2.28x 1.01x 2.29x 2.25x 2.24x 1.96x 1.97x 1.91x 1.90x
    1024B 2.57x 2.56x 1.00x 2.57x 2.51x 2.53x 2.19x 2.17x 2.19x 2.22x
    8192B 2.49x 2.49x 1.00x 2.53x 2.48x 2.49x 2.17x 2.17x 2.22x 2.22x

    256bit key: (lrw:384bit) (xts:512bit)
    size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec lrw-enc lrw-dec xts-enc xts-dec
    16B 0.97x 0.98x 0.99x 0.97x 0.97x 0.96x 0.97x 0.98x 0.98x 0.99x
    64B 1.00x 1.00x 1.01x 0.99x 0.98x 0.99x 0.99x 0.99x 0.99x 0.99x
    256B 2.37x 2.37x 1.01x 2.39x 2.35x 2.33x 2.10x 2.11x 1.99x 2.02x
    1024B 2.58x 2.60x 1.00x 2.58x 2.56x 2.56x 2.28x 2.29x 2.28x 2.29x
    8192B 2.50x 2.52x 1.00x 2.56x 2.51x 2.51x 2.24x 2.25x 2.26x 2.29x

    Signed-off-by: Jussi Kivilinna
    Acked-by: David S. Miller
    Signed-off-by: Herbert Xu

    Jussi Kivilinna
     
  • Signed-off-by: Jussi Kivilinna
    Acked-by: David S. Miller
    Signed-off-by: Herbert Xu

    Jussi Kivilinna
     

24 Oct, 2012

7 commits


15 Oct, 2012

4 commits

  • VMAC implementation, as it is, does not work with blocks that
    are not multiples of 128-bytes. Furthermore, this is a problem
    when using the implementation on scatterlists, even
    when the complete plain text is 128-byte multiple, as the pieces
    that get passed to vmac_update can be pretty much any size.

    I also added test cases for unaligned blocks.

    Signed-off-by: Salman Qazi
    Signed-off-by: Herbert Xu

    Salman Qazi
     
  • This patch adds a test case in tcrypt to perform speed test for
    crc32c checksum calculation.

    Signed-off-by: Tim Chen
    Signed-off-by: Herbert Xu

    Tim Chen
     
  • This patch adds the crc_pcl function that calculates CRC32C checksum using the
    PCLMULQDQ instruction on processors that support this feature. This will
    provide speedup over using CRC32 instruction only.
    The usage of PCLMULQDQ necessitate the invocation of kernel_fpu_begin and
    kernel_fpu_end and incur some overhead. So the new crc_pcl function is only
    invoked for buffer size of 512 bytes or more. Larger sized
    buffers will expect to see greater speedup. This feature is best used coupled
    with eager_fpu which reduces the kernel_fpu_begin/end overhead. For
    buffer size of 1K the speedup is around 1.6x and for buffer size greater than
    4K, the speedup is around 3x compared to original implementation in crc32c-intel
    module. Test was performed on Sandy Bridge based platform with constant frequency
    set for cpu.

    A white paper detailing the algorithm can be found here:
    http://download.intel.com/design/intarch/papers/323405.pdf

    Signed-off-by: Tim Chen
    Signed-off-by: Herbert Xu

    Tim Chen
     
  • Pull module signing support from Rusty Russell:
    "module signing is the highlight, but it's an all-over David Howells frenzy..."

    Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG.

    * 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)
    X.509: Fix indefinite length element skip error handling
    X.509: Convert some printk calls to pr_devel
    asymmetric keys: fix printk format warning
    MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
    MODSIGN: Make mrproper should remove generated files.
    MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
    MODSIGN: Use the same digest for the autogen key sig as for the module sig
    MODSIGN: Sign modules during the build process
    MODSIGN: Provide a script for generating a key ID from an X.509 cert
    MODSIGN: Implement module signature checking
    MODSIGN: Provide module signing public keys to the kernel
    MODSIGN: Automatically generate module signing keys if missing
    MODSIGN: Provide Kconfig options
    MODSIGN: Provide gitignore and make clean rules for extra files
    MODSIGN: Add FIPS policy
    module: signature checking hook
    X.509: Add a crypto key parser for binary (DER) X.509 certificates
    MPILIB: Provide a function to read raw data into an MPI
    X.509: Add an ASN.1 decoder
    X.509: Add simple ASN.1 grammar compiler
    ...

    Linus Torvalds
     

14 Oct, 2012

1 commit

  • Pull md updates from NeilBrown:
    - "discard" support, some dm-raid improvements and other assorted bits
    and pieces.

    * tag 'md-3.7' of git://neil.brown.name/md: (29 commits)
    md: refine reporting of resync/reshape delays.
    md/raid5: be careful not to resize_stripes too big.
    md: make sure manual changes to recovery checkpoint are saved.
    md/raid10: use correct limit variable
    md: writing to sync_action should clear the read-auto state.
    Subject: [PATCH] md:change resync_mismatches to atomic64_t to avoid races
    md/raid5: make sure to_read and to_write never go negative.
    md: When RAID5 is dirty, force reconstruct-write instead of read-modify-write.
    md/raid5: protect debug message against NULL derefernce.
    md/raid5: add some missing locking in handle_failed_stripe.
    MD: raid5 avoid unnecessary zero page for trim
    MD: raid5 trim support
    md/bitmap:Don't use IS_ERR to judge alloc_page().
    md/raid1: Don't release reference to device while handling read error.
    raid: replace list_for_each_continue_rcu with new interface
    add further __init annotations to crypto/xor.c
    DM RAID: Fix for "sync" directive ineffectiveness
    DM RAID: Fix comparison of index and quantity for "rebuild" parameter
    DM RAID: Add rebuild capability for RAID10
    DM RAID: Move 'rebuild' checking code to its own function
    ...

    Linus Torvalds
     

11 Oct, 2012

1 commit


10 Oct, 2012

3 commits

  • Some debugging printk() calls should've been converted to pr_devel() calls.
    Do that now.

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells
     
  • Fix printk format warning in x509_cert_parser.c:

    crypto/asymmetric_keys/x509_cert_parser.c: In function 'x509_note_OID':
    crypto/asymmetric_keys/x509_cert_parser.c:113:3: warning: format '%zu' expects type 'size_t', but argument 2 has type 'long unsigned int'

    Builds cleanly on i386 and x86_64.

    Signed-off-by: Randy Dunlap
    Cc: David Howells
    Cc: Herbert Xu
    Cc: linux-crypto@vger.kernel.org
    Signed-off-by: Rusty Russell

    Randy Dunlap
     
  • The current choice of lifetime for the autogenerated X.509 of 100 years,
    putting the validTo date in 2112, causes problems on 32-bit systems where a
    32-bit time_t wraps in 2106. 64-bit x86_64 systems seem to be unaffected.

    This can result in something like:

    Loading module verification certificates
    X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired
    MODSIGN: Problem loading in-kernel X.509 certificate (-127)

    Or:

    X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 is not yet valid
    MODSIGN: Problem loading in-kernel X.509 certificate (-129)

    Instead of turning the dates into time_t values and comparing, turn the system
    clock and the ASN.1 dates into tm structs and compare those piecemeal instead.

    Reported-by: Rusty Russell
    Signed-off-by: David Howells
    Acked-by: Josh Boyer
    Signed-off-by: Rusty Russell

    David Howells
     

08 Oct, 2012

7 commits

  • Add a crypto key parser for binary (DER) encoded X.509 certificates. The
    certificate is parsed and, if possible, the signature is verified.

    An X.509 key can be added like this:

    # keyctl padd crypto bar @s
    Signed-off-by: Rusty Russell

    David Howells
     
  • gpg can produce a signature file where length of signature is less than the
    modulus size because the amount of space an MPI takes up is kept as low as
    possible by discarding leading zeros. This regularly happens for several
    modules during the build.

    Fix it by relaxing check in RSA verification code.

    Thanks to Tomas Mraz and Miloslav Trmac for help.

    Signed-off-by: Milan Broz
    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells
     
  • Implement RSA public key cryptography [PKCS#1 / RFC3447]. At this time, only
    the signature verification algorithm is supported. This uses the asymmetric
    public key subtype to hold its key data.

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells
     
  • Provide signature verification using an asymmetric-type key to indicate the
    public key to be used.

    The API is a single function that can be found in crypto/public_key.h:

    int verify_signature(const struct key *key,
    const struct public_key_signature *sig)

    The first argument is the appropriate key to be used and the second argument
    is the parsed signature data:

    struct public_key_signature {
    u8 *digest;
    u16 digest_size;
    enum pkey_hash_algo pkey_hash_algo : 8;
    union {
    MPI mpi[2];
    struct {
    MPI s; /* m^d mod n */
    } rsa;
    struct {
    MPI r;
    MPI s;
    } dsa;
    };
    };

    This should be filled in prior to calling the function. The hash algorithm
    should already have been called and the hash finalised and the output should
    be in a buffer pointed to by the 'digest' member.

    Any extra data to be added to the hash by the hash format (eg. PGP) should
    have been added by the caller prior to finalising the hash.

    It is assumed that the signature is made up of a number of MPI values. If an
    algorithm becomes available for which this is not the case, the above structure
    will have to change.

    It is also assumed that it will have been checked that the signature algorithm
    matches the key algorithm.

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells
     
  • Add a subtype for supporting asymmetric public-key encryption algorithms such
    as DSA (FIPS-186) and RSA (PKCS#1 / RFC1337).

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells
     
  • The instantiation data passed to the asymmetric key type are expected to be
    formatted in some way, and there are several possible standard ways to format
    the data.

    The two obvious standards are OpenPGP keys and X.509 certificates. The latter
    is especially useful when dealing with UEFI, and the former might be useful
    when dealing with, say, eCryptfs.

    Further, it might be desirable to provide formatted blobs that indicate
    hardware is to be accessed to retrieve the keys or that the keys live
    unretrievably in a hardware store, but that the keys can be used by means of
    the hardware.

    From userspace, the keys can be loaded using the keyctl command, for example,
    an X.509 binary certificate:

    keyctl padd asymmetric foo @s
    Signed-off-by: Rusty Russell

    David Howells
     
  • Create a key type that can be used to represent an asymmetric key type for use
    in appropriate cryptographic operations, such as encryption, decryption,
    signature generation and signature verification.

    The key type is "asymmetric" and can provide access to a variety of
    cryptographic algorithms.

    Possibly, this would be better as "public_key" - but that has the disadvantage
    that "public key" is an overloaded term.

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells
     

05 Oct, 2012

1 commit

  • Pull crypto update from Herbert Xu:
    - Optimised AES/SHA1 for ARM.
    - IPsec ESN support in talitos and caam.
    - x86_64/avx implementation of cast5/cast6.
    - Add/use multi-algorithm registration helpers where possible.
    - Added IBM Power7+ in-Nest support.
    - Misc fixes.

    Fix up trivial conflicts in crypto/Kconfig due to the sparc64 crypto
    config options being added next to the new ARM ones.

    [ Side note: cut-and-paste duplicate help texts make those conflicts
    harder to read than necessary, thanks to git being smart about
    minimizing conflicts and maximizing the common parts... ]

    * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (71 commits)
    crypto: x86/glue_helper - fix storing of new IV in CBC encryption
    crypto: cast5/avx - fix storing of new IV in CBC encryption
    crypto: tcrypt - add missing tests for camellia and ghash
    crypto: testmgr - make test_aead also test 'dst != src' code paths
    crypto: testmgr - make test_skcipher also test 'dst != src' code paths
    crypto: testmgr - add test vectors for CTR mode IV increasement
    crypto: testmgr - add test vectors for partial ctr(cast5) and ctr(cast6)
    crypto: testmgr - allow non-multi page and multi page skcipher tests from same test template
    crypto: caam - increase TRNG clocks per sample
    crypto, tcrypt: remove local_bh_disable/enable() around local_irq_disable/enable()
    crypto: tegra-aes - fix error return code
    crypto: crypto4xx - fix error return code
    crypto: hifn_795x - fix error return code
    crypto: ux500 - fix error return code
    crypto: caam - fix error IDs for SEC v5.x RNG4
    hwrng: mxc-rnga - Access data via structure
    hwrng: mxc-rnga - Adapt clocks to new i.mx clock framework
    crypto: caam - add IPsec ESN support
    crypto: 842 - remove .cra_list initialization
    Revert "[CRYPTO] cast6: inline bloat--"
    ...

    Linus Torvalds
     

03 Oct, 2012

3 commits

  • Asking for this option on x86 seems a bit pointless.

    Signed-off-by: Dave Jones
    Signed-off-by: David S. Miller

    Dave Jones
     
  • Pull networking changes from David Miller:

    1) GRE now works over ipv6, from Dmitry Kozlov.

    2) Make SCTP more network namespace aware, from Eric Biederman.

    3) TEAM driver now works with non-ethernet devices, from Jiri Pirko.

    4) Make openvswitch network namespace aware, from Pravin B Shelar.

    5) IPV6 NAT implementation, from Patrick McHardy.

    6) Server side support for TCP Fast Open, from Jerry Chu and others.

    7) Packet BPF filter supports MOD and XOR, from Eric Dumazet and Daniel
    Borkmann.

    8) Increate the loopback default MTU to 64K, from Eric Dumazet.

    9) Use a per-task rather than per-socket page fragment allocator for
    outgoing networking traffic. This benefits processes that have very
    many mostly idle sockets, which is quite common.

    From Eric Dumazet.

    10) Use up to 32K for page fragment allocations, with fallbacks to
    smaller sizes when higher order page allocations fail. Benefits are
    a) less segments for driver to process b) less calls to page
    allocator c) less waste of space.

    From Eric Dumazet.

    11) Allow GRO to be used on GRE tunnels, from Eric Dumazet.

    12) VXLAN device driver, one way to handle VLAN issues such as the
    limitation of 4096 VLAN IDs yet still have some level of isolation.
    From Stephen Hemminger.

    13) As usual there is a large boatload of driver changes, with the scale
    perhaps tilted towards the wireless side this time around.

    Fix up various fairly trivial conflicts, mostly caused by the user
    namespace changes.

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1012 commits)
    hyperv: Add buffer for extended info after the RNDIS response message.
    hyperv: Report actual status in receive completion packet
    hyperv: Remove extra allocated space for recv_pkt_list elements
    hyperv: Fix page buffer handling in rndis_filter_send_request()
    hyperv: Fix the missing return value in rndis_filter_set_packet_filter()
    hyperv: Fix the max_xfer_size in RNDIS initialization
    vxlan: put UDP socket in correct namespace
    vxlan: Depend on CONFIG_INET
    sfc: Fix the reported priorities of different filter types
    sfc: Remove EFX_FILTER_FLAG_RX_OVERRIDE_IP
    sfc: Fix loopback self-test with separate_tx_channels=1
    sfc: Fix MCDI structure field lookup
    sfc: Add parentheses around use of bitfield macro arguments
    sfc: Fix null function pointer in efx_sriov_channel_type
    vxlan: virtual extensible lan
    igmp: export symbol ip_mc_leave_group
    netlink: add attributes to fdb interface
    tg3: unconditionally select HWMON support when tg3 is enabled.
    Revert "net: ti cpsw ethernet: allow reading phy interface mode from DT"
    gre: fix sparse warning
    ...

    Linus Torvalds
     
  • Pull sparc updates from David Miller:
    "Largely this is simply adding support for the Niagara 4 cpu.

    Major areas are perf events (chip now supports 4 counters and can
    monitor any event on each counter), crypto (opcodes are availble for
    sha1, sha256, sha512, md5, crc32c, AES, DES, CAMELLIA, and Kasumi
    although the last is unsupported since we lack a generic crypto layer
    Kasumi implementation), and an optimized memcpy.

    Finally some cleanups by Peter Senna Tschudin."

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next: (47 commits)
    sparc64: Fix trailing whitespace in NG4 memcpy.
    sparc64: Fix comment type in NG4 copy from user.
    sparc64: Add SPARC-T4 optimized memcpy.
    drivers/sbus/char: removes unnecessary semicolon
    arch/sparc/kernel/pci_sun4v.c: removes unnecessary semicolon
    sparc64: Fix function argument comment in camellia_sparc64_key_expand asm.
    sparc64: Fix IV handling bug in des_sparc64_cbc_decrypt
    sparc64: Add auto-loading mechanism to crypto-opcode drivers.
    sparc64: Add missing pr_fmt define to crypto opcode drivers.
    sparc64: Adjust crypto priorities.
    sparc64: Use cpu_pgsz_mask for linear kernel mapping config.
    sparc64: Probe cpu page size support more portably.
    sparc64: Support 2GB and 16GB page sizes for kernel linear mappings.
    sparc64: Fix bugs in unrolled 256-bit loops.
    sparc64: Avoid code duplication in crypto assembler.
    sparc64: Unroll CTR crypt loops in AES driver.
    sparc64: Unroll ECB decryption loops in AES driver.
    sparc64: Unroll ECB encryption loops in AES driver.
    sparc64: Add ctr mode support to AES driver.
    sparc64: Move AES driver over to a methods based implementation.
    ...

    Linus Torvalds
     

27 Sep, 2012

4 commits