21 Sep, 2006
28 commits
-
This patch makes IV operations on ECB fail through nocrypt_iv rather than
calling BUG(). This is needed to generalise CBC/ECB using the template
mechanism.Signed-off-by: Herbert Xu
-
Now that crc32c has been fixed to conform with standard digest semantics,
we can use test_hash for it. I've turned the last test into a chunky
test.Signed-off-by: Herbert Xu
-
When the final result location is unaligned, we store the digest in a
temporary buffer before copying it to the final location. Currently
that buffer sits on the stack. This patch moves it to an area in the
tfm, just like the CBC IV buffer.Signed-off-by: Herbert Xu
-
Now that the tfm is passed directly to setkey instead of the ctx, we no
longer need to pass the &tfm->crt_flags pointer.This patch also gets rid of a few unnecessary checks on the key length
for ciphers as the cipher layer guarantees that the key length is within
the bounds specified by the algorithm.Rather than testing dia_setkey every time, this patch does it only once
during crypto_alloc_tfm. The redundant check from crypto_digest_setkey
is also removed.Signed-off-by: Herbert Xu
-
The convention for setkey is that once it is set it should not change,
in particular, init must not wipe out the key set by it. In fact, init
should always be used after setkey before any digestion is performed.The only user of crc32c that sets the key is tcrypt. This patch adds
the necessary init calls there.Signed-off-by: Herbert Xu
-
TFMs are local variables. No need to declare them
static. After all one is enough.Signed-off-by: Michal Ludvig
Signed-off-by: Herbert Xu -
Compile a helper module padlock.ko that will try
to autoload all configured padlock algorithms.This also provides backward compatibility with
the ancient times before padlock.ko was renamed
to padlock-aes.koSigned-off-by: Michal Ludvig
Signed-off-by: Herbert Xu -
This patch makes two needlessly global functions static.
Signed-off-by: Adrian Bunk
Signed-off-by: Herbert Xu -
Support for SHA1 / SHA256 algorithms in VIA C7 processors.
Signed-off-by: Michal Ludvig
Signed-off-by: Herbert Xu -
PADLOCK_CRA_PRIORITY is shared between padlock-aes and padlock-sha
so it should be in the header.On the other hand "struct cword" is only used in padlock-aes.c
so it's unnecessary to have it in padlock.hSigned-off-by: Michal Ludvig
Signed-off-by: Herbert Xu -
Whenever we rename modules we should add an alias to ensure that existing
users can still locate the new module.This patch also gets rid of the now unused module function prototypes from
padlock.h.Signed-off-by: Herbert Xu
-
Merge padlock-generic.c into padlock-aes.c and compile
AES as a standalone module. We won't make a monolithic
padlock.ko with all supported algorithms, instead we'll
compile each driver into its own module.Signed-off-by: Michal Ludvig
Signed-off-by: Herbert Xu -
Add missing accessors for cra_driver_name and cra_priority.
Signed-off-by: Michal Ludvig
Signed-off-by: Herbert Xu -
Crypto modules should be loadable by their .cra_driver_name, so
we should make MODULE_ALIAS()es with these names. This patch adds
aliases for SHA1 and SHA256 only as that's what we need for
PadLock-SHA driver.Signed-off-by: Michal Ludvig
Signed-off-by: Herbert Xu -
Spawns lock a specific crypto algorithm in place. They can then be used
with crypto_spawn_tfm to allocate a tfm for that algorithm. When the base
algorithm of a spawn is deregistered, all its spawns will be automatically
removed.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch also adds the infrastructure to pick an algorithm based on
their type. For example, this allows you to select the encryption
algorithm "aes", instead of any algorithm registered under the name
"aes". For now this is only accessible internally. Eventually it
will be made available through crypto_alloc_tfm.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The cryptomgr module is a simple manager of crypto algorithm instances.
It ensures that parameterised algorithms of the type tmpl(alg) (e.g.,
cbc(aes)) are always created.This is meant to satisfy the needs for most users. For more complex
cases such as deeper combinations or multiple parameters, a netlink
module will be created which allows arbitrary expressions to be parsed
in user-space.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
This patch adds a notifier chain for algorithm/template registration events.
This will be used to register compound algorithms such as cbc(aes). In
future this will also be passed onto user-space through netlink.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
A crypto_template generates a crypto_alg object when given a set of
parameters. this patch adds the basic data structure fo templates
and code to handle their registration/deregistration.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The crypto API is made up of the part facing users such as IPsec and the
low-level part which is used by cryptographic entities such as algorithms.
This patch splits out the latter so that the two APIs are more clearly
delineated. As a bonus the low-level API can now be modularised if all
algorithms are built as modules.Signed-off-by: Herbert Xu
-
The header file linux/crypto.h is only needed by a few files so including
it in net/xfrm.h (which is included by half of the networking stack) is a
waste. This patch moves it out of net/xfrm.h and into the specific header
files that actually need it.Signed-off-by: Herbert Xu
-
Up until now we've relied on module reference counting to ensure that the
crypto_alg structures don't disappear from under us. This was good enough
as long as each crypto_alg came from exactly one module.However, with parameterised crypto algorithms a crypto_alg object may need
two or more modules to operate. This means that we need to count the
references to the crypto_alg object directly.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The functions crypto_alg_get and crypto_alg_put operates on the crypto
modules rather than the algorithms. Therefore it makes sense to call
them crypto_mod_get and crypto_alg_put respectively.This is needed because we need to have real algorithm reference counters
for parameterised algorithms as they can be unregistered from below by
when their parameter algorithms are themselves unregistered.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The patch passed the trycpt tests and automated filesystem tests.
This rewrite resulted in some nice perfomance increase over my last patch.Short summary of the tcrypt benchmarks:
Twofish Assembler vs. Twofish C (256bit 8kb block CBC)
encrypt: -27% Cycles
decrypt: -23% CyclesTwofish Assembler vs. AES Assembler (128bit 8kb block CBC)
encrypt: +18% Cycles
decrypt: +15% CyclesTwofish Assembler vs. AES Assembler (256bit 8kb block CBC)
encrypt: -9% Cycles
decrypt: -8% CyclesFull Output:
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-c-x86_64.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-asm-x86_64.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-aes-asm-x86_64.txtHere is another bonnie++ benchmark with encrypted filesystems. Most runs maxed
out the hd. It should give some idea what the module can do for encrypted filesystem
performance even though you can't see the full numbers.http://homepages.tu-darmstadt.de/~fritschi/twofish/output_20060610_130806_x86_64.html
Signed-off-by: Joachim Fritschi
Signed-off-by: Herbert Xu -
The patch passed the trycpt tests and automated filesystem tests.
This rewrite resulted in some nice perfomance increase over my last patch.Short summary of the tcrypt benchmarks:
Twofish Assembler vs. Twofish C (256bit 8kb block CBC)
encrypt: -33% Cycles
decrypt: -45% CyclesTwofish Assembler vs. AES Assembler (128bit 8kb block CBC)
encrypt: +3% Cycles
decrypt: -22% CyclesTwofish Assembler vs. AES Assembler (256bit 8kb block CBC)
encrypt: -20% Cycles
decrypt: -36% CyclesFull Output:
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-asm-i586.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-c-i586.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-aes-asm-i586.txtHere is another bonnie++ benchmark with encrypted filesystems. All runs with
the twofish assembler modules max out the drivespeed. It should give some
idea what the module can do for encrypted filesystem performance even though
you can't see the full numbers.http://homepages.tu-darmstadt.de/~fritschi/twofish/output_20060611_205432_x86.html
Signed-off-by: Joachim Fritschi
Signed-off-by: Herbert Xu -
This patch adds a proper driver name and priority to the generic c
implemtation to allow coexistance of c and assembler modules.Signed-off-by: Joachim Fritschi
Signed-off-by: Herbert Xu -
This patch splits up the twofish crypto routine into a common part ( key
setup ) which will be uses by all twofish crypto modules ( generic-c , i586
assembler and x86_64 assembler ) and generic-c part. It also creates a new
header file which will be used by all 3 modules.This eliminates all code duplication.
Correctness was verified with the tcrypt module and automated test scripts.
Signed-off-by: Joachim Fritschi
Signed-off-by: Herbert Xu -
Previously the __aligned__ attribute was added to the crypto_tfm context
member to ensure it is alinged correctly on architectures such as arm.
Unfortunately kmalloc does not use the same minimum alignment rules as
gcc so this is useless.This patch changes it to use kmalloc's minimum alignment.
Signed-off-by: Herbert Xu
20 Sep, 2006
6 commits
-
Ahoy, all land-lubbers, test me out right smartly!
Signed-off-by: Linus Torvalds
-
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[IPV4] fib_trie: missing ntohl() when calling fib_semantic_match()
[NETFILTER]: xt_quota: add missing module aliases
[ATM]: [he] don't hold the device lock when upcalling -
fib_trie.c::check_leaf() passes host-endian where fib_semantic_match()
expects (and stores into) net-endian.Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Add missing aliases for ipt_quota and ip6t_quota to make autoload
work.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This can create a deadlock/lock ordering problem with other layers
that want to use the transmit (or other) path of the card at that
time.Signed-off-by: Chas Williams
Signed-off-by: David S. Miller -
* 'fixes' of git://git.linux-nfs.org/pub/linux/nfs-2.6:
NFS: Fix nfs_page use after free issues in fs/nfs/write.c
NFSv4: Fix incorrect semaphore release in _nfs4_do_open()
NFS: Fix Oopsable condition in nfs_readpage_sync()
19 Sep, 2006
6 commits
-
Signed-off-by: Trond Myklebust
-
Signed-off-by: Trond Myklebust
-
Signed-off-by: Trond Myklebust
-
This reverts commits 11012d419cfc0e0f78ca356aca03674217910124 and
40dd2d20f220eda1cd0da8ea3f0f9db8971ba237, which allowed us to use the
MMIO accesses for PCI config cycles even without the area being marked
reserved in the e820 memory tables.Those changes were needed for EFI-environment Intel macs, but broke some
newer Intel 965 boards, so for now it's better to revert to our old
2.6.17 behaviour and at least avoid introducing any new breakage.Andi Kleen has a set of patches that work with both EFI and the broken
Intel 965 boards, which will be applied once they get wider testing.Cc: Arjan van de Ven
Cc: Edgar Hucek
Cc: Andi Kleen
Signed-off-by: Linus Torvalds -
* git://git.infradead.org/mtd-2.6:
[MTD] Use SEEK_{SET,CUR,END} instead of hardcoded values in mtdchar lseek()
MTD: Fix bug in fixup_convert_atmel_pri
[JFFS2][SUMMARY] Fix a summary collecting bug.
[PATCH] [MTD] DEVICES: Fill more device IDs in the structure of m25p80
MTD: Add lock/unlock operations for Atmel AT49BV6416
MTD: Convert Atmel PRI information to AMD format
fs/jffs2/xattr.c: remove dead code
[PATCH] [MTD] Maps: Add dependency on alternate probe methods to physmap
[PATCH] MTD: Add Macronix MX29F040 to JEDEC
[MTD] Fixes of performance and stability issues in CFI driver.
block2mtd.c: Make kernel boot command line arguments work (try 4)
[MTD NAND] Fix lookup error in nand_get_flash_type()
remove #error on !PCI from pmc551.c
MTD: [NAND] Fix the sharpsl driver after breakage from a core conversion
[MTD] NAND: OOB buffer offset fixups
make fs/jffs2/nodelist.c:jffs2_obsolete_node_frag() static
[PATCH] [MTD] NAND: fix dead URL in Kconfig -
Fix a performance degradation introduced in 2.6.17. (30% degradation
running dbench with 16 threads)Commit 21730eed11de42f22afcbd43f450a1872a0b5ea1, which claims to make
EXT2_DEBUG work again, moves the taking of the kernel lock out of
debug-only code in ext2_count_free_inodes and ext2_count_free_blocks and
into ext2_statfs.The same problem was fixed in ext3 by removing the lock completely (commit
5b11687924e40790deb0d5f959247ade82196665)Signed-off-by: Dave Kleikamp
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
