18 Apr, 2019
1 commit
-
Commit 110492183c4b ("crypto: compress - remove unused pcomp interface")
removed pcomp interface but missed cleaning up tcrypt.Signed-off-by: Horia Geantă
Signed-off-by: Franck LENORMAND
(cherry picked from commit da31759cfa104069e9ee5b7c95dafdd27f25e9db)
Signed-off-by: Vipul Kumar
10 Jan, 2019
1 commit
-
commit 7da66670775d201f633577f5b15a4bbeebaaa2b0 upstream.
Add AES128/192/256-CFB testvectors from NIST SP800-38A.
Signed-off-by: Dmitry Eremin-Solenikov
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Eremin-Solenikov
Signed-off-by: Herbert Xu
Signed-off-by: Greg Kroah-Hartman
14 Nov, 2018
1 commit
-
commit 331351f89c36bf7d03561a28b6f64fa10a9f6f3a upstream.
ghash is a keyed hash algorithm, thus setkey needs to be called.
Otherwise the following error occurs:
$ modprobe tcrypt mode=318 sec=1
testing speed of async ghash-generic (ghash-generic)
tcrypt: test 0 ( 16 byte blocks, 16 bytes per update, 1 updates):
tcrypt: hashing failed ret=-126Cc: # 4.6+
Fixes: 0660511c0bee ("crypto: tcrypt - Use ahash")
Tested-by: Franck Lenormand
Signed-off-by: Horia Geantă
Acked-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
Signed-off-by: Greg Kroah-Hartman
03 Aug, 2018
1 commit
-
Avoid RCU stalls in the case of non-preemptible kernel and lengthy
speed tests by rescheduling when advancing from one block size
to another.Signed-off-by: Horia Geantă
Signed-off-by: Herbert Xu
01 Jul, 2018
1 commit
-
Remove the original version of the VMAC template that had the nonce
hardcoded to 0 and produced a digest with the wrong endianness. I'm
unsure whether this had users or not (there are no explicit in-kernel
references to it), but given that the hardcoded nonce made it wildly
insecure unless a unique key was used for each message, let's try
removing it and see if anyone complains.Leave the new "vmac64" template that requires the nonce to be explicitly
specified as the first 16 bytes of data and uses the correct endianness
for the digest.Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
27 May, 2018
1 commit
-
The Blackfin CRC driver was removed by commit 9678a8dc53c1 ("crypto:
bfin_crc - remove blackfin CRC driver"), but it was forgotten to remove
the corresponding "hmac(crc32)" test vectors. I see no point in keeping
them since nothing else appears to implement or use "hmac(crc32)", which
isn't an algorithm that makes sense anyway because HMAC is meant to be
used with a cryptographically secure hash function, which CRC's are not.Thus, remove the unneeded test vectors.
Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
05 May, 2018
1 commit
-
In the quest to remove all stack VLA usage from the kernel[1], this
allocates the return code buffers before starting jiffie timers, rather
than using stack space for the array. Additionally cleans up some exit
paths and make sure that the num_mb module_param() is used only once
per execution to avoid possible races in the value changing.[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Signed-off-by: Kees Cook
Signed-off-by: Herbert Xu
16 Mar, 2018
1 commit
-
Add testmgr tests for the newly introduced SM4 ECB symmetric cipher.
Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu
12 Jan, 2018
2 commits
-
There seems to be a cut-n-paste bug with the name of the buffer being
free'd, xoutbuf should be used instead of axbuf.Detected by CoverityScan, CID#1463420 ("Copy-paste error")
Fixes: 427988d981c4 ("crypto: tcrypt - add multibuf aead speed test")
Signed-off-by: Colin Ian King
Signed-off-by: Herbert Xu -
Trivial fix to spelling mistakes in pr_err error message text.
Signed-off-by: Colin Ian King
Signed-off-by: Herbert Xu
28 Dec, 2017
6 commits
-
The performance of some aead tfm providers is affected by
the amount of parallelism possible with the processing.Introduce an async aead concurrent multiple buffer
processing speed test to be able to test performance of such
tfm providers.Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu -
The performance of some skcipher tfm providers is affected by
the amount of parallelism possible with the processing.Introduce an async skcipher concurrent multiple buffer
processing speed test to be able to test performance of such
tfm providers.Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu -
The multi buffer concurrent requests ahash speed test only
supported the cycles mode. Add support for the so called
jiffies mode that test performance of bytes/sec.We only add support for digest mode at the moment.
Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu -
For multiple buffers speed tests, the number of buffers, or
requests, used actually sets the level of parallelism a tfm
provider may utilize to hide latency. The existing number
(of 8) is good for some software based providers but not
enough for many HW providers with deep FIFOs.Add a module parameter that allows setting the number of
multiple buffers/requests used, leaving the default at 8.Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu -
The AEAD speed test pretended to support decryption, however that support
was broken as decryption requires a valid auth field which the test did
not provide.Fix this by running the encryption path once with inout/output sgls
switched to calculate the auth field prior to performing decryption
speed tests.Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu -
The multi buffer ahash speed test was allocating multiple
buffers for use with the multiple outstanding requests
it was starting but never actually using them (except
to free them), instead using a different single statically
allocated buffer for all requests.Fix this by actually using the allocated buffers for the test.
It is noted that it may seem tempting to instead remove the
allocation and free of the multiple buffers and leave things as
they are since this is a hash test where the input is read
only. However, after consideration I believe that multiple
buffers better reflect real life scenario with regard
to data cache and TLB behaviours etc.Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu
29 Nov, 2017
2 commits
-
Results better code readability.
Signed-off-by: Tudor Ambarus
Reviewed-by: Horia Geantă
Signed-off-by: Herbert Xu -
In case buffer length is a multiple of PAGE_SIZE,
the S/G table is incorrectly generated.
Fix this by handling buflen = k * PAGE_SIZE separately.Signed-off-by: Robert Baronescu
Signed-off-by: Herbert Xu
03 Nov, 2017
3 commits
-
tcrypt starts several async crypto ops and waits for their completions.
Move it over to generic code doing the same.Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu -
Fix the way the length of the buffers used for
encryption / decryption are computed.
For e.g. in case of encryption, input buffer does not contain
an authentication tag.Signed-off-by: Robert Baronescu
Signed-off-by: Herbert Xu -
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.Cc: Herbert Xu
Cc: "David S. Miller"
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva
Signed-off-by: Herbert Xu
22 Sep, 2017
2 commits
-
Fix checkpatch.pl warnings:
WARNING: void function return statements are not generally useful
FILE: crypto/rmd128.c:218:
FILE: crypto/rmd160.c:261:
FILE: crypto/rmd256.c:233:
FILE: crypto/rmd320.c:280:
FILE: crypto/tcrypt.c:385:
FILE: drivers/crypto/ixp4xx_crypto.c:538:
FILE: drivers/crypto/marvell/cesa.c:81:
FILE: drivers/crypto/ux500/cryp/cryp_core.c:1755:Signed-off-by: Geliang Tang
Signed-off-by: Herbert Xu -
Add testmgr and tcrypt tests and vectors for SM3 secure hash.
Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Herbert Xu
03 Aug, 2017
1 commit
-
Remove xts(aes) speed tests with 2 x 192-bit keys, since implementations
adhering strictly to IEEE 1619-2007 standard cannot cope with key sizes
other than 2 x 128, 2 x 256 bits - i.e. AES-XTS-{128,256}:
[...]
tcrypt: test 5 (384 bit key, 16 byte blocks):
caam_jr 8020000.jr: key size mismatch
tcrypt: setkey() failed flags=200000
[...]Signed-off-by: Horia Geantă
Signed-off-by: Herbert Xu
18 May, 2017
1 commit
-
The tcrypt AEAD cycles speed tests disables irqs during the test, which is
broken at the very least since commit
'1425d2d17f7309c6 ("crypto: tcrypt - Fix AEAD speed tests")'
adds a wait for completion as part of the test and probably since
switching to the new AEAD API.While the result of taking a cycle count diff may not mean much on SMP
systems if the task migrates, it's good enough for tcrypt being the quick
& dirty dev tool it is. It's also what all the other (i.e. hash) cycle
speed tests do.Signed-off-by: Gilad Ben-Yossef
Reported-by: Ofir Drang
Reviewed-by: Horia Geantă
Signed-off-by: Herbert Xu
23 Jan, 2017
1 commit
-
tcrypt is very tight-lipped when it succeeds, but a bit more feedback
would be useful when developing or debugging crypto drivers, especially
since even a successful run ends with the module failing to insert. Add
a couple of debug prints, which can be enabled with dynamic debug:Before:
# insmod tcrypt.ko mode=10
insmod: can't insert 'tcrypt.ko': Resource temporarily unavailableAfter:
# insmod tcrypt.ko mode=10 dyndbg
tcrypt: testing ecb(aes)
tcrypt: testing cbc(aes)
tcrypt: testing lrw(aes)
tcrypt: testing xts(aes)
tcrypt: testing ctr(aes)
tcrypt: testing rfc3686(ctr(aes))
tcrypt: all tests passed
insmod: can't insert 'tcrypt.ko': Resource temporarily unavailableSigned-off-by: Rabin Vincent
Signed-off-by: Herbert Xu
01 Jul, 2016
4 commits
-
This patch adds HMAC-SHA3 test modes in tcrypt module
and related test vectors.Signed-off-by: Raveendra Padasalagi
Signed-off-by: Herbert Xu -
The multibuffer hash speed test is incorrectly bailing because
of an EINPROGRESS return value. This patch fixes it by setting
ret to zero if it is equal to -EINPROGRESS.Reported-by: Megha Dey
Signed-off-by: Herbert Xu -
This patch adds speed tests for cts(cbc(aes)).
Signed-off-by: Herbert Xu
-
This patch converts tcrypt to use the new skcipher interface as
opposed to ablkcipher/blkcipher.Signed-off-by: Herbert Xu
29 Jun, 2016
1 commit
-
This patch resolves a number of issues with the mb speed test
function:* The tfm is never freed.
* Memory is allocated even when we're not using mb.
* When an error occurs we don't wait for completion for other requests.
* When an error occurs during allocation we may leak memory.
* The test function ignores plen but still runs for plen != blen.
* The backlog flag is incorrectly used (may crash).This patch tries to resolve all these issues as well as making
the code consistent with the existing hash speed testing function.Signed-off-by: Herbert Xu
Tested-by: Krzysztof Kozlowski
28 Jun, 2016
3 commits
-
For the timescales we are working against there is no need to
go beyond unsigned long.Signed-off-by: Herbert Xu
-
The recently added test_mb_ahash_speed() has clearly serious coding
style issues. Try to fix some of them:
1. Don't mix pr_err() and printk();
2. Don't wrap strings;
3. Properly align goto statement in if() block;
4. Align wrapped arguments on new line;
5. Don't wrap functions on first argument;Signed-off-by: Krzysztof Kozlowski
Signed-off-by: Herbert Xu -
Add a new mode to calculate the speed of the sha512_mb algorithm
Signed-off-by: Megha Dey
Reviewed-by: Fenghua Yu
Reviewed-by: Tim Chen
Signed-off-by: Herbert Xu
27 Jun, 2016
1 commit
-
The existing test suite to calculate the speed of the SHA algorithms
assumes serial (single buffer)) computation of data. With the SHA
multibuffer algorithms, we work on 8 lanes of data in parallel. Hence,
the need to introduce a new test suite to calculate the speed for these
algorithms.Signed-off-by: Megha Dey
Signed-off-by: Herbert Xu
20 Jun, 2016
1 commit
-
Added support for SHA-3 algorithm test's
in tcrypt module and related test vectors.Signed-off-by: Raveendra Padasalagi
Signed-off-by: Herbert Xu
06 Feb, 2016
1 commit
-
This patch removes the last user of the obsolete crypto_hash
interface, tcrypt, by simply switching it over to ahash. In
fact it already has all the code there so it's just a matter
of calling the ahash speed test code with the right mask.Signed-off-by: Herbert Xu
23 Nov, 2015
1 commit
-
The key sizes used by AES in GCM mode should be 128, 192 or 256 bits (16,
24 or 32 bytes).
There is no additional 4byte nonce as for RFC 4106.Signed-off-by: Cyrille Pitchen
Signed-off-by: Herbert Xu
21 Sep, 2015
1 commit
-
The output buffer in test_ahash_speed will point to an address located
within the tcrypt module image.
This causes problems when trying to DMA map the buffer.
For e.g. on ARM-based LS1021A, a page fault occurs within the
DMA API when trying to access the struct page returned by
virt_to_page(output):insmod tcrypt.ko mode=403
testing speed of async sha1 (sha1-caam)
test 0 ( 16 byte blocks, 16 bytes per update, 1 updates):
Unable to handle kernel paging request at virtual address f07e9080
pgd = e58d0e00
[f07e9080] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: 206 [#1] SMP THUMB2
Modules linked in: tcrypt(+)
CPU: 1 PID: 1119 Comm: insmod Not tainted 4.2.0-rc1-256134-gbf433416e675 #1
Hardware name: Freescale LS1021A
task: ea063900 ti: e5a34000 task.ti: e5a34000
PC is at dma_cache_maint_page+0x38/0xd0
LR is at __dma_page_cpu_to_dev+0x15/0x64
pc : [] lr : [] psr: 000f0033
sp : e5a35ca0 ip : 8063df00 fp : f07e9080
r10: 00000cd0 r9 : 8063df00 r8 : 805a2f04
r7 : 0017f804 r6 : 00000002 r5 : ee7f9000 r4 : 00000014
r3 : 80612d40 r2 : 01ff0080 r1 : 00000380 r0 : ee7f9000
Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA Thumb Segment user
Control: 70c5387d Table: e58d0e00 DAC: 9b7ede70
Process insmod (pid: 1119, stack limit = 0xe5a34210)
Stack: (0xe5a35ca0 to 0xe5a36000)
[...]
[] (dma_cache_maint_page) from [] (__dma_page_cpu_to_dev+0x15/0x64)
[] (__dma_page_cpu_to_dev) from [] (arm_dma_map_page+0x1f/0x44)
[] (arm_dma_map_page) from [] (ahash_digest+0x35f/0x510)
[] (ahash_digest) from [] (test_ahash_speed.constprop.6+0x24a/0x4e4 [tcrypt])
[] (test_ahash_speed.constprop.6 [tcrypt]) from [] (do_test+0x1898/0x2058 [tcrypt])
[] (do_test [tcrypt]) from [] (tcrypt_mod_init+0x2e/0x63 [tcrypt])
[] (tcrypt_mod_init [tcrypt]) from [] (do_one_initcall+0xb3/0x134)
[] (do_one_initcall) from [] (do_init_module+0x3b/0x13c)
[] (do_init_module) from [] (load_module+0x97b/0x9dc)
[] (load_module) from [] (SyS_finit_module+0x35/0x3e)
[] (SyS_finit_module) from [] (ret_fast_syscall+0x1/0x4c)
Code: 1aba 0152 eb00 0b02 (5882) 0f92addr2line -f -i -e vmlinux 800155a0
page_zonenum
include/linux/mm.h:728
page_zone
include/linux/mm.h:881
dma_cache_maint_page
arch/arm/mm/dma-mapping.c:822Signed-off-by: Horia Geant?
Signed-off-by: Herbert Xu
17 Aug, 2015
1 commit
-
This patch removes the CRYPTO_ALG_AEAD_NEW flag now that everyone
has been converted.Signed-off-by: Herbert Xu