Eric Lee / smarc-fsl-linux-kernel

09 Jul, 2020

1 commit

  • 3d2df8454   crypto: arm/ghash - use variably sized key struct ... Browse Code »

    Of the two versions of GHASH that the ARM driver implements, only one
    performs aggregation, and so the other one has no use for the powers
    of H to be precomputed, or space to be allocated for them in the key
    struct. So make the context size dependent on which version is being
    selected, and while at it, use a static key to carry this decision,
    and get rid of the function pointer.

    Signed-off-by: Ard Biesheuvel
    Signed-off-by: Herbert Xu

    Ard Biesheuvel
     

09 Jan, 2020

2 commits

  • af5034e8e   crypto: remove propagation of CRYPTO_TFM_RES_* flags ... Browse Code »

    The CRYPTO_TFM_RES_* flags were apparently meant as a way to make the
    ->setkey() functions provide more information about errors. But these
    flags weren't actually being used or tested, and in many cases they
    weren't being set correctly anyway. So they've now been removed.

    Also, if someone ever actually needs to start better distinguishing
    ->setkey() errors (which is somewhat unlikely, as this has been unneeded
    for a long time), we'd be much better off just defining different return
    values, like -EINVAL if the key is invalid for the algorithm vs.
    -EKEYREJECTED if the key was rejected by a policy like "no weak keys".
    That would be much simpler, less error-prone, and easier to test.

    So just remove CRYPTO_TFM_RES_MASK and all the unneeded logic that
    propagates these flags around.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • 674f368a9   crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN ... Browse Code »

    The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
    make the ->setkey() functions provide more information about errors.

    However, no one actually checks for this flag, which makes it pointless.

    Also, many algorithms fail to set this flag when given a bad length key.
    Reviewing just the generic implementations, this is the case for
    aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
    rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
    many more in arch/*/crypto/ and drivers/crypto/.

    Some algorithms can even set this flag when the key is the correct
    length. For example, authenc and authencesn set it when the key payload
    is malformed in any way (not just a bad length), the atmel-sha and ccree
    drivers can set it if a memory allocation fails, and the chelsio driver
    sets it for bad auth tag lengths, not just bad key lengths.

    So even if someone actually wanted to start checking this flag (which
    seems unlikely, since it's been unused for a long time), there would be
    a lot of work needed to get it working correctly. But it would probably
    be much better to go back to the drawing board and just define different
    return values, like -EINVAL if the key is invalid for the algorithm vs.
    -EKEYREJECTED if the key was rejected by a policy like "no weak keys".
    That would be much simpler, less error-prone, and easier to test.

    So just remove this flag.

    Signed-off-by: Eric Biggers
    Reviewed-by: Horia Geantă
    Signed-off-by: Herbert Xu

    Eric Biggers
     

27 Jul, 2019

1 commit

  • 8dfa20fcf   crypto: ghash - add comment and improve help text ... Browse Code »

    To help avoid confusion, add a comment to ghash-generic.c which explains
    the convention that the kernel's implementation of GHASH uses.

    Also update the Kconfig help text and module descriptions to call GHASH
    a "hash function" rather than a "message digest", since the latter
    normally means a real cryptographic hash function, which GHASH is not.

    Cc: Pascal Van Leeuwen
    Signed-off-by: Eric Biggers
    Reviewed-by: Ard Biesheuvel
    Acked-by: Pascal Van Leeuwen
    Signed-off-by: Herbert Xu

    Eric Biggers
     

26 Jul, 2019

1 commit

  • 0a5dff988   crypto: arm/ghash - provide a synchronous version ... Browse Code »

    GHASH is used by the GCM mode, which is often used in contexts where
    only synchronous ciphers are permitted. So provide a synchronous version
    of GHASH based on the existing code. This requires a non-SIMD fallback
    to deal with invocations occurring from a context where SIMD instructions
    may not be used.

    Signed-off-by: Ard Biesheuvel
    Signed-off-by: Herbert Xu

    Ard Biesheuvel
     

19 Jun, 2019

1 commit

  • d2912cb15   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 ... Browse Code »

    Based on 2 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license version 2 as
    published by the free software foundation

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license version 2 as
    published by the free software foundation #

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-only

    has been chosen to replace the boilerplate/reference in 4122 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Enrico Weigelt
    Reviewed-by: Kate Stewart
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

25 Apr, 2019

1 commit

  • 877b5691f   crypto: shash - remove shash_desc::flags ... Browse Code »

    The flags field in 'struct shash_desc' never actually does anything.
    The only ostensibly supported flag is CRYPTO_TFM_REQ_MAY_SLEEP.
    However, no shash algorithm ever sleeps, making this flag a no-op.

    With this being the case, inevitably some users who can't sleep wrongly
    pass MAY_SLEEP. These would all need to be fixed if any shash algorithm
    actually started sleeping. For example, the shash_ahash_*() functions,
    which wrap a shash algorithm with the ahash API, pass through MAY_SLEEP
    from the ahash API to the shash API. However, the shash functions are
    called under kmap_atomic(), so actually they're assumed to never sleep.

    Even if it turns out that some users do need preemption points while
    hashing large buffers, we could easily provide a helper function
    crypto_shash_update_large() which divides the data into smaller chunks
    and calls crypto_shash_update() and cond_resched() for each chunk. It's
    not necessary to have a flag in 'struct shash_desc', nor is it necessary
    to make individual shash algorithms aware of this at all.

    Therefore, remove shash_desc::flags, and document that the
    crypto_shash_*() functions can be called from any context.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

22 Mar, 2019

1 commit

04 Sep, 2018

1 commit

  • 00227e3a1   crypto: arm/ghash-ce - implement support for 4-way aggregation ... Browse Code »

    Speed up the GHASH algorithm based on 64-bit polynomial multiplication
    by adding support for 4-way aggregation. This improves throughput by
    ~85% on Cortex-A53, from 1.7 cycles per byte to 0.9 cycles per byte.

    When combined with AES into GCM, throughput improves by ~25%, from
    3.8 cycles per byte to 3.0 cycles per byte.

    Signed-off-by: Ard Biesheuvel
    Signed-off-by: Herbert Xu

    Ard Biesheuvel
     

09 Jul, 2018

3 commits

  • c87a405e3   crypto: ahash - remove useless setting of cra_type ... Browse Code »

    Some ahash algorithms set .cra_type = &crypto_ahash_type. But this is
    redundant with the C structure type ('struct ahash_alg'), and
    crypto_register_ahash() already sets the .cra_type automatically.
    Apparently the useless assignment has just been copy+pasted around.

    So, remove the useless assignment from all the ahash algorithms.

    This patch shouldn't change any actual behavior.

    Signed-off-by: Eric Biggers
    Acked-by: Gilad Ben-Yossef
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • 6a38f6224   crypto: ahash - remove useless setting of type flags ... Browse Code »

    Many ahash algorithms set .cra_flags = CRYPTO_ALG_TYPE_AHASH. But this
    is redundant with the C structure type ('struct ahash_alg'), and
    crypto_register_ahash() already sets the type flag automatically,
    clearing any type flag that was already there. Apparently the useless
    assignment has just been copy+pasted around.

    So, remove the useless assignment from all the ahash algorithms.

    This patch shouldn't change any actual behavior.

    Signed-off-by: Eric Biggers
    Acked-by: Gilad Ben-Yossef
    Signed-off-by: Herbert Xu

    Eric Biggers
     
  • e50944e21   crypto: shash - remove useless setting of type flags ... Browse Code »

    Many shash algorithms set .cra_flags = CRYPTO_ALG_TYPE_SHASH. But this
    is redundant with the C structure type ('struct shash_alg'), and
    crypto_register_shash() already sets the type flag automatically,
    clearing any type flag that was already there. Apparently the useless
    assignment has just been copy+pasted around.

    So, remove the useless assignment from all the shash algorithms.

    This patch shouldn't change any actual behavior.

    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Eric Biggers
     

04 Aug, 2017

1 commit

  • 3759ee057   crypto: arm/ghash - add NEON accelerated fallback for vmull.p64 ... Browse Code »

    Implement a NEON fallback for systems that do support NEON but have
    no support for the optional 64x64->128 polynomial multiplication
    instruction that is part of the ARMv8 Crypto Extensions. It is based
    on the paper "Fast Software Polynomial Multiplication on ARM Processors
    Using the NEON Engine" by Danilo Camara, Conrado Gouvea, Julio Lopez and
    Ricardo Dahab (https://hal.inria.fr/hal-01506572)

    On a 32-bit guest executing under KVM on a Cortex-A57, the new code is
    not only 4x faster than the generic table based GHASH driver, it is also
    time invariant. (Note that the existing vmull.p64 code is 16x faster on
    this core).

    Signed-off-by: Ard Biesheuvel
    Signed-off-by: Herbert Xu

    Ard Biesheuvel
     

01 Jun, 2017

1 commit

07 Sep, 2016

2 commits

  • 71f89917f   crypto: arm/ghash - change internal cra_name to "__ghash" ... Browse Code »

    The fact that the internal synchrous hash implementation is called
    "ghash" like the publicly visible one is causing the testmgr code
    to misidentify it as an algorithm that requires testing at boottime.
    So rename it to "__ghash" to prevent this.

    Signed-off-by: Ard Biesheuvel
    Signed-off-by: Herbert Xu

    Ard Biesheuvel
     
  • ed4767d61   crypto: arm/ghash-ce - add missing async import/export ... Browse Code »

    Since commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero"),
    all ahash drivers are required to implement import()/export(), and must have
    a non-zero statesize. Fix this for the ARM Crypto Extensions GHASH
    implementation.

    Fixes: 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
    Signed-off-by: Ard Biesheuvel
    Signed-off-by: Herbert Xu

    Ard Biesheuvel
     

23 Jun, 2016

1 commit

  • 820573ebd   crypto: ghash-ce - Fix cryptd reordering ... Browse Code »
    28

    This patch fixes an old bug where requests can be reordered because
    some are processed by cryptd while others are processed directly
    in softirq context.

    The fix is to always postpone to cryptd if there are currently
    requests outstanding from the same tfm.

    This patch also removes the redundant use of cryptd in the async
    init function as init never touches the FPU.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

31 Mar, 2015

1 commit

12 Mar, 2015

1 commit