12 Feb, 2019
2 commits
-
Commit 110492183c4b ("crypto: compress - remove unused pcomp interface")
removed pcomp interface but missed cleaning up tcrypt.Signed-off-by: Horia Geantă
Signed-off-by: Franck LENORMAND -
The kernel implementation of crc32 (crc32_generic.c)
accepts a key to set a seed. It is incompatible with the
kernel implementation of the crypto template hmac which
does not support keyed algorithms.So it is not possible to load the algorithm hmac(crc32)
so remove it from tcrypt.Signed-off-by: Franck LENORMAND
14 Nov, 2018
1 commit
-
commit 331351f89c36bf7d03561a28b6f64fa10a9f6f3a upstream.
ghash is a keyed hash algorithm, thus setkey needs to be called.
Otherwise the following error occurs:
$ modprobe tcrypt mode=318 sec=1
testing speed of async ghash-generic (ghash-generic)
tcrypt: test 0 ( 16 byte blocks, 16 bytes per update, 1 updates):
tcrypt: hashing failed ret=-126Cc: # 4.6+
Fixes: 0660511c0bee ("crypto: tcrypt - Use ahash")
Tested-by: Franck Lenormand
Signed-off-by: Horia Geantă
Acked-by: Ard Biesheuvel
Signed-off-by: Herbert Xu
Signed-off-by: Greg Kroah-Hartman
13 Feb, 2018
1 commit
-
commit 5c6ac1d4f8fbdbed65dbeb8cf149d736409d16a1 upstream.
In case buffer length is a multiple of PAGE_SIZE,
the S/G table is incorrectly generated.
Fix this by handling buflen = k * PAGE_SIZE separately.Signed-off-by: Robert Baronescu
Signed-off-by: Herbert Xu
Signed-off-by: Horia Geantă
Signed-off-by: Greg Kroah-Hartman
20 Dec, 2017
1 commit
-
[ Upstream commit 7aacbfcb331ceff3ac43096d563a1f93ed46e35e ]
Fix the way the length of the buffers used for
encryption / decryption are computed.
For e.g. in case of encryption, input buffer does not contain
an authentication tag.Signed-off-by: Robert Baronescu
Signed-off-by: Herbert Xu
Signed-off-by: Sasha Levin
Signed-off-by: Greg Kroah-Hartman
03 Aug, 2017
1 commit
-
Remove xts(aes) speed tests with 2 x 192-bit keys, since implementations
adhering strictly to IEEE 1619-2007 standard cannot cope with key sizes
other than 2 x 128, 2 x 256 bits - i.e. AES-XTS-{128,256}:
[...]
tcrypt: test 5 (384 bit key, 16 byte blocks):
caam_jr 8020000.jr: key size mismatch
tcrypt: setkey() failed flags=200000
[...]Signed-off-by: Horia Geantă
Signed-off-by: Herbert Xu
18 May, 2017
1 commit
-
The tcrypt AEAD cycles speed tests disables irqs during the test, which is
broken at the very least since commit
'1425d2d17f7309c6 ("crypto: tcrypt - Fix AEAD speed tests")'
adds a wait for completion as part of the test and probably since
switching to the new AEAD API.While the result of taking a cycle count diff may not mean much on SMP
systems if the task migrates, it's good enough for tcrypt being the quick
& dirty dev tool it is. It's also what all the other (i.e. hash) cycle
speed tests do.Signed-off-by: Gilad Ben-Yossef
Reported-by: Ofir Drang
Reviewed-by: Horia Geantă
Signed-off-by: Herbert Xu
23 Jan, 2017
1 commit
-
tcrypt is very tight-lipped when it succeeds, but a bit more feedback
would be useful when developing or debugging crypto drivers, especially
since even a successful run ends with the module failing to insert. Add
a couple of debug prints, which can be enabled with dynamic debug:Before:
# insmod tcrypt.ko mode=10
insmod: can't insert 'tcrypt.ko': Resource temporarily unavailableAfter:
# insmod tcrypt.ko mode=10 dyndbg
tcrypt: testing ecb(aes)
tcrypt: testing cbc(aes)
tcrypt: testing lrw(aes)
tcrypt: testing xts(aes)
tcrypt: testing ctr(aes)
tcrypt: testing rfc3686(ctr(aes))
tcrypt: all tests passed
insmod: can't insert 'tcrypt.ko': Resource temporarily unavailableSigned-off-by: Rabin Vincent
Signed-off-by: Herbert Xu
01 Jul, 2016
4 commits
-
This patch adds HMAC-SHA3 test modes in tcrypt module
and related test vectors.Signed-off-by: Raveendra Padasalagi
Signed-off-by: Herbert Xu -
The multibuffer hash speed test is incorrectly bailing because
of an EINPROGRESS return value. This patch fixes it by setting
ret to zero if it is equal to -EINPROGRESS.Reported-by: Megha Dey
Signed-off-by: Herbert Xu -
This patch adds speed tests for cts(cbc(aes)).
Signed-off-by: Herbert Xu
-
This patch converts tcrypt to use the new skcipher interface as
opposed to ablkcipher/blkcipher.Signed-off-by: Herbert Xu
29 Jun, 2016
1 commit
-
This patch resolves a number of issues with the mb speed test
function:* The tfm is never freed.
* Memory is allocated even when we're not using mb.
* When an error occurs we don't wait for completion for other requests.
* When an error occurs during allocation we may leak memory.
* The test function ignores plen but still runs for plen != blen.
* The backlog flag is incorrectly used (may crash).This patch tries to resolve all these issues as well as making
the code consistent with the existing hash speed testing function.Signed-off-by: Herbert Xu
Tested-by: Krzysztof Kozlowski
28 Jun, 2016
3 commits
-
For the timescales we are working against there is no need to
go beyond unsigned long.Signed-off-by: Herbert Xu
-
The recently added test_mb_ahash_speed() has clearly serious coding
style issues. Try to fix some of them:
1. Don't mix pr_err() and printk();
2. Don't wrap strings;
3. Properly align goto statement in if() block;
4. Align wrapped arguments on new line;
5. Don't wrap functions on first argument;Signed-off-by: Krzysztof Kozlowski
Signed-off-by: Herbert Xu -
Add a new mode to calculate the speed of the sha512_mb algorithm
Signed-off-by: Megha Dey
Reviewed-by: Fenghua Yu
Reviewed-by: Tim Chen
Signed-off-by: Herbert Xu
27 Jun, 2016
1 commit
-
The existing test suite to calculate the speed of the SHA algorithms
assumes serial (single buffer)) computation of data. With the SHA
multibuffer algorithms, we work on 8 lanes of data in parallel. Hence,
the need to introduce a new test suite to calculate the speed for these
algorithms.Signed-off-by: Megha Dey
Signed-off-by: Herbert Xu
20 Jun, 2016
1 commit
-
Added support for SHA-3 algorithm test's
in tcrypt module and related test vectors.Signed-off-by: Raveendra Padasalagi
Signed-off-by: Herbert Xu
06 Feb, 2016
1 commit
-
This patch removes the last user of the obsolete crypto_hash
interface, tcrypt, by simply switching it over to ahash. In
fact it already has all the code there so it's just a matter
of calling the ahash speed test code with the right mask.Signed-off-by: Herbert Xu
23 Nov, 2015
1 commit
-
The key sizes used by AES in GCM mode should be 128, 192 or 256 bits (16,
24 or 32 bytes).
There is no additional 4byte nonce as for RFC 4106.Signed-off-by: Cyrille Pitchen
Signed-off-by: Herbert Xu
21 Sep, 2015
1 commit
-
The output buffer in test_ahash_speed will point to an address located
within the tcrypt module image.
This causes problems when trying to DMA map the buffer.
For e.g. on ARM-based LS1021A, a page fault occurs within the
DMA API when trying to access the struct page returned by
virt_to_page(output):insmod tcrypt.ko mode=403
testing speed of async sha1 (sha1-caam)
test 0 ( 16 byte blocks, 16 bytes per update, 1 updates):
Unable to handle kernel paging request at virtual address f07e9080
pgd = e58d0e00
[f07e9080] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: 206 [#1] SMP THUMB2
Modules linked in: tcrypt(+)
CPU: 1 PID: 1119 Comm: insmod Not tainted 4.2.0-rc1-256134-gbf433416e675 #1
Hardware name: Freescale LS1021A
task: ea063900 ti: e5a34000 task.ti: e5a34000
PC is at dma_cache_maint_page+0x38/0xd0
LR is at __dma_page_cpu_to_dev+0x15/0x64
pc : [] lr : [] psr: 000f0033
sp : e5a35ca0 ip : 8063df00 fp : f07e9080
r10: 00000cd0 r9 : 8063df00 r8 : 805a2f04
r7 : 0017f804 r6 : 00000002 r5 : ee7f9000 r4 : 00000014
r3 : 80612d40 r2 : 01ff0080 r1 : 00000380 r0 : ee7f9000
Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA Thumb Segment user
Control: 70c5387d Table: e58d0e00 DAC: 9b7ede70
Process insmod (pid: 1119, stack limit = 0xe5a34210)
Stack: (0xe5a35ca0 to 0xe5a36000)
[...]
[] (dma_cache_maint_page) from [] (__dma_page_cpu_to_dev+0x15/0x64)
[] (__dma_page_cpu_to_dev) from [] (arm_dma_map_page+0x1f/0x44)
[] (arm_dma_map_page) from [] (ahash_digest+0x35f/0x510)
[] (ahash_digest) from [] (test_ahash_speed.constprop.6+0x24a/0x4e4 [tcrypt])
[] (test_ahash_speed.constprop.6 [tcrypt]) from [] (do_test+0x1898/0x2058 [tcrypt])
[] (do_test [tcrypt]) from [] (tcrypt_mod_init+0x2e/0x63 [tcrypt])
[] (tcrypt_mod_init [tcrypt]) from [] (do_one_initcall+0xb3/0x134)
[] (do_one_initcall) from [] (do_init_module+0x3b/0x13c)
[] (do_init_module) from [] (load_module+0x97b/0x9dc)
[] (load_module) from [] (SyS_finit_module+0x35/0x3e)
[] (SyS_finit_module) from [] (ret_fast_syscall+0x1/0x4c)
Code: 1aba 0152 eb00 0b02 (5882) 0f92addr2line -f -i -e vmlinux 800155a0
page_zonenum
include/linux/mm.h:728
page_zone
include/linux/mm.h:881
dma_cache_maint_page
arch/arm/mm/dma-mapping.c:822Signed-off-by: Horia Geant?
Signed-off-by: Herbert Xu
17 Aug, 2015
1 commit
-
This patch removes the CRYPTO_ALG_AEAD_NEW flag now that everyone
has been converted.Signed-off-by: Herbert Xu
17 Jul, 2015
1 commit
-
Adds individual ChaCha20 and Poly1305 and a combined rfc7539esp AEAD speed
test using mode numbers 214, 321 and 213. For Poly1305 we add a specific
speed template, as it expects the key prepended to the input data.Signed-off-by: Martin Willi
Signed-off-by: Herbert Xu
14 Jul, 2015
1 commit
-
This patch allows the AEAD speed tests to cope with the new seqiv
calling convention as well as the old one.Signed-off-by: Herbert Xu
08 Jul, 2015
1 commit
-
The AEAD speed tests doesn't do a wait_for_completition,
if the return value is EINPROGRESS or EBUSY.
Fixing it here.
Also add a test case for gcm(aes).Signed-off-by: Lokesh Vutla
Signed-off-by: Herbert Xu
18 Jun, 2015
2 commits
-
The AEAD speed test SG list setup did not correctly mark the AD,
potentially causing a crash.Signed-off-by: Herbert Xu
-
This patch adds a speed test for rfc4309(ccm(aes)) as mode 212.
Signed-off-by: Herbert Xu
28 May, 2015
1 commit
-
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.Signed-off-by: Herbert Xu
23 Apr, 2015
3 commits
-
All users of AEAD should include crypto/aead.h instead of
include/linux/crypto.h.Signed-off-by: Herbert Xu
Acked-by: David S. Miller -
All users of fips_enabled should include linux/fips.h directly
instead of getting it through internal.h which is reserved for
internal crypto API implementors.Signed-off-by: Herbert Xu
-
The function crypto_ahash_init can also be asynchronous just
like update and final. So all callers must be able to handle
an async return.Signed-off-by: Herbert Xu
11 Mar, 2015
1 commit
-
Commit 5be4d4c94b1f ("crypto: replace scatterwalk_sg_next with sg_next")
did not consider the fact that scatterwalk_sg_next() was looking at
sg entry length, while sg_next() looks at the "chained" sg bit.This should have no effect in theory. However in practice, there are
cases where the sg table is initialized to a number of entries and
some of them are not properly configured. While scatterwalk_sg_next()
would have returned NULL (since sg length = 0 and sg page_link = 0),
sg_next() happily returns the next unconfigured sg entry.insmod tcrypt.ko mode=500 sec=1
testing speed of async cbc(aes) (cbc-aes-talitos) encryption
test 0 (128 bit key, 16 byte blocks):
Unable to handle kernel paging request for data at address 0x00000000
Faulting instruction address: 0xc00d79e4
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=8 P1022 DS
Modules linked in: tcrypt(+) talitos
CPU: 0 PID: 2670 Comm: insmod Not tainted 4.0.0-rc1-QorIQ-SDK-V1.6+g904f1ca82209 #1
task: e8de3200 ti: e70bc000 task.ti: e70bc000
NIP: c00d79e4 LR: f92d223c CTR: c00d79c8
REGS: e70bda00 TRAP: 0300 Not tainted (4.0.0-rc1-QorIQ-SDK-V1.6+g904f1ca82209)
MSR: 00029000 CR: 84428f22 XER: 00000000
DEAR: 00000000 ESR: 00000000
GPR00: f92d223c e70bdab0 e8de3200 00000000 e70bdbb8 00000001 00000000 00000000
GPR08: 00000000 00000000 c08b0380 27282010 c00d79c8 1003a634 00000000 e70bdf1c
GPR16: e70bdef0 00000020 00000000 c08c0000 00000010 00000000 e70bdbb8 00000010
GPR24: e976d3a8 00000010 00000000 e70bdbd8 e8961010 00000001 c086e560 00000000
NIP [c00d79e4] page_address+0x1c/0x110
LR [f92d223c] talitos_map_sg+0x130/0x184 [talitos]
Call Trace:
[e70bdab0] [00000010] 0x10 (unreliable)
[e70bdad0] [f92d223c] talitos_map_sg+0x130/0x184 [talitos]
[e70bdb00] [f92d30d8] common_nonsnoop.constprop.13+0xc0/0x304 [talitos]
[e70bdb30] [f933fd90] test_acipher_speed+0x434/0x7dc [tcrypt]
[e70bdcc0] [f934318c] do_test+0x2478/0x306c [tcrypt]
[e70bdd80] [f11fe058] tcrypt_mod_init+0x58/0x100 [tcrypt]
[e70bdda0] [c0002354] do_one_initcall+0x90/0x1f4
[e70bde10] [c061fe00] do_init_module+0x60/0x1ac
[e70bde30] [c00a79f0] load_module+0x185c/0x1f88
[e70bdee0] [c00a82b0] SyS_finit_module+0x7c/0x98
[e70bdf40] [c000e8b0] ret_from_syscall+0x0/0x3cSigned-off-by: Herbert Xu
04 Feb, 2015
2 commits
-
See also: 9bac019dad8098a77cce555d929f678e22111783
Signed-off-by: Cristian Stoica
Signed-off-by: Herbert Xu -
- This fixes the intent of the code to limit the last scatterlist to
either a full PAGE or a fraction of it, depending on the number of
pages needed by buflen and the available space advertised by XBUFLEN.The original code always sets the last scatterlist to a fraction of a
PAGE because the first 'if' is never executed.- Rearrange the second part of the code to remove the conditional from
the loopSigned-off-by: Cristian Stoica
Signed-off-by: Herbert Xu
13 Jan, 2015
1 commit
-
tcrypt/testmgr uses wait_for_completion_interruptible() everywhere when
it waits for a request to be completed. If it's interrupted, then the
test is aborted and the request is freed.However, if any of these calls actually do get interrupted, the result
will likely be a kernel crash, when the driver handles the now-freed
request. Use wait_for_completion() instead.Signed-off-by: Rabin Vincent
Signed-off-by: Herbert Xu
05 Dec, 2014
1 commit
-
This patch allows the testing of arbitrary hash functions specified
by the alg module parameter by using them in mode 300 (for sync hash)
and mode 400 (for async hash).For example, you could do
modprobe tcrypt mode=300 alg='vmac(aes)'Signed-off-by: Herbert Xu
01 Aug, 2014
1 commit
-
Change formal parameters to not clash with global names to
eliminate many W=2 warnings.Signed-off-by: Mark Rustad
Signed-off-by: Jeff Kirsher
Signed-off-by: Herbert Xu
03 Jul, 2014
1 commit
-
Print the driver name that is being tested. The driver name can be
inferred parsing /proc/crypto but having it in the output is
clearerSigned-off-by: Luca Clementi
Signed-off-by: Herbert Xu
20 Jun, 2014
1 commit
-
Signed-off-by: Jussi Kivilinna
Signed-off-by: Herbert Xu
22 May, 2014
1 commit
-
Test vectors were taken from existing test for
CBC(DES3_EDE). Associated data has been added to test vectors.
HMAC computed with Crypto++ has been used. Following algos have
been covered.(a) "authenc(hmac(sha1),cbc(des))"
(b) "authenc(hmac(sha1),cbc(des3_ede))"
(c) "authenc(hmac(sha224),cbc(des))"
(d) "authenc(hmac(sha224),cbc(des3_ede))"
(e) "authenc(hmac(sha256),cbc(des))"
(f) "authenc(hmac(sha256),cbc(des3_ede))"
(g) "authenc(hmac(sha384),cbc(des))"
(h) "authenc(hmac(sha384),cbc(des3_ede))"
(i) "authenc(hmac(sha512),cbc(des))"
(j) "authenc(hmac(sha512),cbc(des3_ede))"Signed-off-by: Vakul Garg
[NiteshNarayanLal@freescale.com: added hooks for the missing algorithms test and tested the patch]
Signed-off-by: Nitesh Lal
Signed-off-by: Herbert Xu