14 Mar, 2008
1 commit
-
Signed-off-by: Dan Williams
08 Mar, 2008
1 commit
-
The previous patch to move chainiv and eseqiv into blkcipher created
a section mismatch for the chainiv exit function which was also called
from __init. This patch removes the __exit marking on it.Signed-off-by: Herbert Xu
06 Mar, 2008
2 commits
-
When using aes-xcbc-mac for authentication in IPsec,
the kernel crashes. It seems this algorithm doesn't
account for the space IPsec may make in scatterlist for authtag.
Thus when crypto_xcbc_digest_update2() gets called,
nbytes may be less than sg[i].length.
Since nbytes is an unsigned number, it wraps
at the end of the loop allowing us to go back
into loop and causing crash in memcpy.I used update function in digest.c to model this fix.
Please let me know if it looks ok.Signed-off-by: Joy Latten
Signed-off-by: Herbert Xu -
The XTS blockmode uses a copy of the IV which is saved on the stack
and may or may not be properly aligned. If it is not, it will break
hardware cipher like the geode or padlock.
This patch encrypts the IV in place so we don't have to worry about
alignment.Signed-off-by: Sebastian Siewior
Tested-by: Stefan Hellermann
Signed-off-by: Herbert Xu
05 Mar, 2008
1 commit
-
Every file should include the headers containing the externs for its
global code (in this case for struct crypto_{init,exit}_digest_ops()).Signed-off-by: Adrian Bunk
Signed-off-by: Herbert Xu
23 Feb, 2008
2 commits
-
The authenc algorithm requires BLKCIPHER to be present.
Signed-off-by: Herbert Xu
-
For compatibility with dm-crypt initramfs setups it is useful to merge
chainiv/seqiv into the crypto_blkcipher module. Since they're required
by most algorithms anyway this is an acceptable trade-off.Signed-off-by: Herbert Xu
18 Feb, 2008
1 commit
-
This patch fixes the following build error caused by commit
3631c650c495d61b1dabf32eb26b46873636e918:...
LD .tmp_vmlinux1
crypto/built-in.o: In function `skcipher_null_crypt':
crypto_null.c:(.text+0x3d14): undefined reference to `blkcipher_walk_virt'
crypto_null.c:(.text+0x3d14): relocation truncated to fit: R_MIPS_26 against `blkcipher_walk_virt'
crypto/built-in.o: In function `$L32':
crypto_null.c:(.text+0x3d54): undefined reference to `blkcipher_walk_done'
crypto_null.c:(.text+0x3d54): relocation truncated to fit: R_MIPS_26 against `blkcipher_walk_done'
crypto/built-in.o:(.data+0x2e8): undefined reference to `crypto_blkcipher_type'
make[1]: *** [.tmp_vmlinux1] Error 1Signed-off-by: Adrian Bunk
Signed-off-by: Herbert Xu
15 Feb, 2008
1 commit
-
Building latest git fails with the following error:
ERROR: "crypto_alloc_ablkcipher" [crypto/tcrypt.ko] undefined!
This appears to happen because CONFIG_CRYPTO_TEST is set while
CONFIG_CRYPTO_BLKCIPHER is not.
The following patch fixes the problem for me.Signed-off-by: Frederik Deweerdt
Signed-off-by: Herbert Xu
08 Feb, 2008
1 commit
-
Convert instances of ERR_PTR(PTR_ERR(p)) to ERR_CAST(p) using:
perl -spi -e 's/ERR_PTR[(]PTR_ERR[(](.*)[)][)]/ERR_CAST(\1)/' `grep -rl 'ERR_PTR[(]*PTR_ERR' fs crypto net security`
Signed-off-by: David Howells
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
07 Feb, 2008
6 commits
-
The source and destination addresses are included to allow channel
selection based on address alignment.Signed-off-by: Dan Williams
Reviewed-by: Haavard Skinnemoen -
Pass a full set of flags to drivers' per-operation 'prep' routines.
Currently the only flag passed is DMA_PREP_INTERRUPT. The expectation is
that arch-specific async_tx_find_channel() implementations can exploit this
capability to find the best channel for an operation.Signed-off-by: Dan Williams
Acked-by: Shannon Nelson
Reviewed-by: Haavard Skinnemoen -
The tx_set_src and tx_set_dest methods were originally implemented to allow
an array of addresses to be passed down from async_xor to the dmaengine
driver while minimizing stack overhead. Removing these methods allows
drivers to have all transaction parameters available at 'prep' time, saves
two function pointers in struct dma_async_tx_descriptor, and reduces the
number of indirect branches..A consequence of moving this data to the 'prep' routine is that
multi-source routines like async_xor need temporary storage to convert an
array of linear addresses into an array of dma addresses. In order to keep
the same stack footprint of the previous implementation the input array is
reused as storage for the dma addresses. This requires that
sizeof(dma_addr_t) be less than or equal to sizeof(void *). As a
consequence CONFIG_DMADEVICES now depends on !CONFIG_HIGHMEM64G. It also
requires that drivers be able to make descriptor resources available when
the 'prep' routine is polled.Signed-off-by: Dan Williams
Acked-by: Shannon Nelson -
Remove the unused ASYNC_TX_ASSUME_COHERENT flag. Async_tx is
meant to hide the difference between asynchronous hardware and synchronous
software operations, this flag requires clients to understand cache
coherency consequences of the async path.Signed-off-by: Dan Williams
Reviewed-by: Haavard Skinnemoen -
single list_head variable initialized with LIST_HEAD_INIT could almost
always can be replaced with LIST_HEAD declaration, this shrinks the code
and looks better.Signed-off-by: Denis Cheng
Signed-off-by: Dan Williams -
do_async_xor must be compiled away on !HAS_DMA archs.
Signed-off-by: Dan Williams
Acked-by: Cornelia Huck
26 Jan, 2008
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (125 commits)
[CRYPTO] twofish: Merge common glue code
[CRYPTO] hifn_795x: Fixup container_of() usage
[CRYPTO] cast6: inline bloat--
[CRYPTO] api: Set default CRYPTO_MINALIGN to unsigned long long
[CRYPTO] tcrypt: Make xcbc available as a standalone test
[CRYPTO] xcbc: Remove bogus hash/cipher test
[CRYPTO] xcbc: Fix algorithm leak when block size check fails
[CRYPTO] tcrypt: Zero axbuf in the right function
[CRYPTO] padlock: Only reset the key once for each CBC and ECB operation
[CRYPTO] api: Include sched.h for cond_resched in scatterwalk.h
[CRYPTO] salsa20-asm: Remove unnecessary dependency on CRYPTO_SALSA20
[CRYPTO] tcrypt: Add select of AEAD
[CRYPTO] salsa20: Add x86-64 assembly version
[CRYPTO] salsa20_i586: Salsa20 stream cipher algorithm (i586 version)
[CRYPTO] gcm: Introduce rfc4106
[CRYPTO] api: Show async type
[CRYPTO] chainiv: Avoid lock spinning where possible
[CRYPTO] seqiv: Add select AEAD in Kconfig
[CRYPTO] scatterwalk: Handle zero nbytes in scatterwalk_map_and_copy
[CRYPTO] null: Allow setkey on digest_null
...
11 Jan, 2008
23 commits
-
Bloat-o-meter shows rather high readings for cast6...
crypto/cast6.c:
cast6_setkey | -1310
cast6_encrypt | -4567
cast6_decrypt | -4561
3 functions changed, 10438 bytes removed, diff: -10438crypto/cast6.c:
W | +659
Q | +308
QBAR | +316
3 functions changed, 1283 bytes added, diff: +1283crypto/cast6.o:
6 functions changed, 1283 bytes added, 10438 bytes removed, diff: -9155Signed-off-by: Ilpo Järvinen
Signed-off-by: Herbert Xu -
Currently the gcm(aes) tests have to be taken together with all other
algorithms. This patch makes it available by itself at number 106.Signed-off-by: Herbert Xu
-
When setting the digest size xcbc tests to see if the underlying algorithm
is a hash. This is silly because we don't allow it to be a hash and we've
specifically requested for a cipher.This patch removes the bogus test.
Signed-off-by: Herbert Xu
-
When the underlying algorithm has a block size other than 16 we abort
without freeing it. In fact, we try to return the algorithm itself
as an error!This patch plugs the leak and makes it return -EINVAL instead.
Signed-off-by: Herbert Xu
-
The axbuf buffer is used by test_aead and therefore should be zeroed
there instead of in test_hash.Signed-off-by: Herbert Xu
-
Signed-off-by: Tan Swee Heng
Signed-off-by: Herbert Xu -
ERROR: "crypto_aead_setauthsize" [crypto/tcrypt.ko] undefined!
ERROR: "crypto_alloc_aead" [crypto/tcrypt.ko] undefined!Signed-off-by: Sebastian Siewior
Signed-off-by: Herbert Xu -
This is the x86-64 version of the Salsa20 stream cipher algorithm. The
original assembly code came from
. It has been
reformatted for clarity.Signed-off-by: Tan Swee Heng
Signed-off-by: Herbert Xu -
This patch contains the salsa20-i586 implementation. The original
assembly code came from
. I have reformatted
it (added indents) so that it matches the other algorithms in
arch/x86/crypto.Signed-off-by: Tan Swee Heng
Signed-off-by: Herbert Xu -
This patch introduces the rfc4106 wrapper for GCM just as we have an
rfc4309 wrapper for CCM. The purpose of the wrapper is to include part
of the IV in the key so that it can be negotiated by IPsec.Signed-off-by: Herbert Xu
-
This patch adds an async field to /proc/crypto for ablkcipher and aead
algorithms.Signed-off-by: Herbert Xu
-
This patch makes chainiv avoid spinning by postponing requests on lock
contention if the user allows the use of asynchronous algorithms. If
a synchronous algorithm is requested then we behave as before.This should improve IPsec performance on SMP when two CPUs attempt to
transmit over the same SA. Currently one of them will spin doing nothing
waiting for the other CPU to finish its encryption. This patch makes it
postpone the request and get on with other work.If only one CPU is transmitting for a given SA, then we will process
the request synchronously as before.Signed-off-by: Herbert Xu
-
Now that seqiv supports AEAD algorithms it needs to select the AEAD option.
Thanks to Erez Zadok for pointing out the problem.
Signed-off-by: Herbert Xu
-
It's better to return silently than crash and burn when someone feeds us
a zero length. In particular the null digest algorithm when used as part
of authenc will do that to us.Signed-off-by: Herbert Xu
-
We need to allow setkey on digest_null if it is to be used directly by
authenc instead of through hmac.Signed-off-by: Herbert Xu
-
This patch adds a null blkcipher algorithm called ecb(cipher_null) for
backwards compatibility. Previously the null algorithm when used by
IPsec copied the data byte by byte. This new algorithm optimises that
to a straight memcpy which lets us better measure inherent overheads in
our IPsec code.Signed-off-by: Herbert Xu
-
This patch adds 7 test vectors to tcrypt for CCM.
The test vectors are from rfc 3610.
There are about 10 more test vectors in RFC 3610
and 4 or 5 more in NIST. I can add these as time permits.I also needed to set authsize. CCM has a prerequisite of
authsize.Signed-off-by: Joy Latten
Signed-off-by: Herbert Xu -
This patch adds Counter with CBC-MAC (CCM) support.
RFC 3610 and NIST Special Publication 800-38C were referenced.Signed-off-by: Joy Latten
Signed-off-by: Herbert Xu -
This patch makes crypto_alloc_aead always return algorithms that is
capable of generating their own IVs through givencrypt and givdecrypt.
All existing AEAD algorithms already do. New ones must either supply
their own or specify a generic IV generator with the geniv field.Signed-off-by: Herbert Xu
-
This patch adds support for using seqiv with AEAD algorithms. This is
useful for those AEAD algorithms that performs authentication before
encryption because the IV generated by the underlying encryption algorithm
won't be available for authentication.Signed-off-by: Herbert Xu
-
This patch creates the infrastructure to help the construction of IV
generator templates that wrap around AEAD algorithms by adding an IV
generator to them. This is useful for AEAD algorithms with no built-in
IV generator or to replace their built-in generator.Signed-off-by: Herbert Xu
-
Some algorithms always require manual IV construction. For instance,
the generic CCM algorithm requires the first byte of the IV to be manually
constructed. Such algorithms are always used by other algorithms equipped
with their own IV generators and do not need IV generation per se.Signed-off-by: Herbert Xu
-
This patch implements the givencrypt function for authenc. It simply
calls the givencrypt operation on the underlying cipher instead of encrypt.Signed-off-by: Herbert Xu
