summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* crypto: chacha20poly1305 - Use skcipherHerbert Xu2016-07-181-43/+46
| | | | | | | | | | | | This patch converts chacha20poly1305 to use the new skcipher interface as opposed to ablkcipher. It also fixes a buglet where we may end up with an async poly1305 when the user asks for a async algorithm. This shouldn't be a problem yet as there aren't any async implementations of poly1305 out there. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: gcm - Use skcipherHerbert Xu2016-07-181-53/+58
| | | | | | | This patch converts gcm to use the new skcipher interface as opposed to ablkcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: ccm - Use skcipherHerbert Xu2016-07-181-35/+37
| | | | | | | This patch converts ccm to use the new skcipher interface as opposed to ablkcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: ctr - Use skcipher in rfc3686Herbert Xu2016-07-181-89/+94
| | | | | | | This patch converts rfc3686 to use the new skcipher interface as opposed to ablkcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: authencesn - Use skcipherHerbert Xu2016-07-181-50/+54
| | | | | | | | | | | | This patch converts authencesn to use the new skcipher interface as opposed to ablkcipher. It also fixes a little bug where if a sync version of authencesn is requested we may still end up using an async ahash. This should have no effect as none of the authencesn users can request for a sync authencesn. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: authenc - Use skcipherHerbert Xu2016-07-181-51/+56
| | | | | | | | | | | | This patch converts authenc to use the new skcipher interface as opposed to ablkcipher. It also fixes a little bug where if a sync version of authenc is requested we may still end up using an async ahash. This should have no effect as none of the authenc users can request for a sync authenc. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Add chunk sizeHerbert Xu2016-07-183-6/+33
| | | | | | | | | | This patch adds a chunk size parameter to aead algorithms, just like the chunk size for skcipher algorithms. However, unlike skcipher we do not currently export this to AEAD users. It is only meant to be used by AEAD implementors for now. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: null - Add new default null skcipherHerbert Xu2016-07-182-0/+40
| | | | | | | | Current the default null skcipher is actually a crypto_blkcipher. This patch creates a synchronous crypto_skcipher version of the null cipher which unfortunately has to settle for the name skcipher2. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: skcipher - Add low-level skcipher interfaceHerbert Xu2016-07-184-7/+407
| | | | | | | | | | | | | | | | | | This patch allows skcipher algorithms and instances to be created and registered with the crypto API. They are accessible through the top-level skcipher interface, along with ablkcipher/blkcipher algorithms and instances. This patch also introduces a new parameter called chunk size which is meant for ciphers such as CTR and CTS which ostensibly can handle arbitrary lengths, but still behave like block ciphers in that you can only process a partial block at the very end. For these ciphers the block size will continue to be set to 1 as it is now while the chunk size will be set to the underlying block size. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: sha-mb - Cleanup code to use || instead of |Tim Chen2016-07-123-9/+15
| | | | | | | | | | | | | | | for condition comparison and cleanup multiline comment style In sha*_ctx_mgr_submit, we currently use the | operator instead of || ((ctx->partial_block_buffer_length) | (len < SHA1_BLOCK_SIZE)) Switching it to || and remove extraneous paranthesis to adhere to coding style. Also cleanup inconsistent multiline comment style. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qat - Stop dropping leading zeros from RSA outputSalvatore Benedetto2016-07-111-20/+0
| | | | | | | | There is not need to drop leading zeros from the RSA output operations results. Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qat - Add DH supportSalvatore Benedetto2016-07-112-72/+522
| | | | | | | | | Add DH support under kpp api. Drop struct qat_rsa_request and introduce a more generic struct qat_asym_request and share it between RSA and DH requests. Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: doc - Fix double words "the the" in crypto-API.tmplMasanari Iida2016-07-111-2/+2
| | | | | | | This patch fix double words "the the" in crypto-API.tmpl. Signed-off-by: Masanari Iida <standby24x7@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qat - Add RSA CRT modeSalvatore Benedetto2016-07-051-25/+209
| | | | | | | | | Extend qat driver to use RSA CRT mode when all CRT related components are present in the private key. Simplify code in qat_rsa_setkey by adding qat_rsa_clear_ctx. Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - Add 4K private key to RSA testvectorSalvatore Benedetto2016-07-051-1/+199
| | | | | | | | Key generated with openssl. It also contains all fields required for testing CRT mode Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: rsa - Store rest of the private key componentsSalvatore Benedetto2016-07-053-5/+100
| | | | | | | | When parsing a private key, store all non-optional fields. These are required for enabling CRT mode for decrypt and verify Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qat - Use alternative reset methods depending on the specific deviceConor McLoughlin2016-07-056-9/+43
| | | | | | | | Different product families will use FLR or SBR. Virtual Function devices have no reset method. Signed-off-by: Conor McLoughlin <conor.mcloughlin@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: bfin_crc - Simplify use of devm_ioremap_resourceAmitoj Kaur Chawla2016-07-051-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | Remove unneeded error handling on the result of a call to platform_get_resource when the value is passed to devm_ioremap_resource. The Coccinelle semantic patch that makes this change is as follows: // <smpl> @@ expression pdev,res,n,e,e1; expression ret != 0; identifier l; @@ - res = platform_get_resource(pdev, IORESOURCE_MEM, n); ... when != res - if (res == NULL) { ... \(goto l;\|return ret;\) } ... when != res + res = platform_get_resource(pdev, IORESOURCE_MEM, n); e = devm_ioremap_resource(e1, res); // </smpl> Signed-off-by: Amitoj Kaur Chawla <amitoj1606@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: caam - add support for RSA algorithmTudor Ambarus2016-07-059-1/+789
| | | | | | | | | Add RSA support to caam driver. Initial author is Yashpal Dutta <yashpal.dutta@freescale.com>. Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - Set err before proceedingSalvatore Benedetto2016-07-051-0/+1
| | | | | | | Report correct error in case of failure Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qat - Switch to new rsa_helper functionsSalvatore Benedetto2016-07-055-55/+21
| | | | | | | | Drop all asn1 related code and use the new rsa_helper functions rsa_parse_[pub|priv]_key for parsing the key Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: powerpc - Add POWER8 optimised crc32cAnton Blanchard2016-07-055-0/+1745
| | | | | | | | | | | | | | | | | | | Use the vector polynomial multiply-sum instructions in POWER8 to speed up crc32c. This is just over 41x faster than the slice-by-8 method that it replaces. Measurements on a 4.1 GHz POWER8 show it sustaining 52 GiB/sec. A simple btrfs write performance test: dd if=/dev/zero of=/mnt/tmpfile bs=1M count=4096 sync is over 3.7x faster. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* powerpc: define FUNC_START/FUNC_ENDAnton Blanchard2016-07-051-0/+3
| | | | | | | | | | | | | gcc provides FUNC_START/FUNC_END macros to help with creating assembly functions. Mirror these in the kernel so we can more easily share code between userspace and the kernel. FUNC_END is just a stub since we don't currently annotate the end of kernel functions. It might make sense to do a wholesale search and replace, but for now just create a couple of defines. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: rsa-pkcs1pad - Fix regression from leading zerosHerbert Xu2016-07-031-16/+22
| | | | | | | | | | | | As the software RSA implementation now produces fixed-length output, we need to eliminate leading zeros in the calling code instead. This patch does just that for pkcs1pad signature verification. Fixes: 9b45b7bba3d2 ("crypto: rsa - Generate fixed-length output") Reported-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: sha3 - Add HMAC-SHA3 test modes and test vectorsraveendra padasalagi2016-07-013-0/+444
| | | | | | | | This patch adds HMAC-SHA3 test modes in tcrypt module and related test vectors. Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: omap-sham - increase cra_proirity to 400Bin Liu2016-07-011-12/+12
| | | | | | | | | The arm-neon-sha implementations have cra_priority of 150...300, so increase omap-sham priority to 400 to ensure it is on top of any software alg. Signed-off-by: Bin Liu <b-liu@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: tcrypt - Do not bail on EINPROGRESS in multibuffer hash testHerbert Xu2016-07-011-1/+3
| | | | | | | | | The multibuffer hash speed test is incorrectly bailing because of an EINPROGRESS return value. This patch fixes it by setting ret to zero if it is equal to -EINPROGRESS. Reported-by: Megha Dey <megha.dey@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: rsa-pkcs1pad - Avoid copying output when possibleHerbert Xu2016-07-011-67/+45
| | | | | | | | | | | | | | In the vast majority of cases (2^-32 on 32-bit and 2^-64 on 64-bit) cases, the result from encryption/signing will require no padding. This patch makes these two operations write their output directly to the final destination. Only in the exceedingly rare cases where fixup is needed to we copy it out and back to add the leading zeroes. This patch also makes use of the crypto_akcipher_set_crypt API instead of writing the akcipher request directly. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: rsa-pkcs1pad - Move key size check to setkeyHerbert Xu2016-07-011-30/+26
| | | | | | | Rather than repeatedly checking the key size on each operation, we should be checking it once when the key is set. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: rsa-pkcs1pad - Always use GFP_KERNELHerbert Xu2016-07-011-16/+6
| | | | | | | We don't currently support using akcipher in atomic contexts, so GFP_KERNEL should always be used. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: rsa-pkcs1pad - Remove bogus page splittingHerbert Xu2016-07-011-14/+5
| | | | | | | | The helper pkcs1pad_sg_set_buf tries to split a buffer that crosses a page boundary into two SG entries. This is unnecessary. This patch removes that. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: rsa-pkcs1pad - Require hash to be presentHerbert Xu2016-07-011-53/+30
| | | | | | | | | | | The only user of rsa-pkcs1pad always uses the hash so there is no reason to support the case of not having a hash. This patch also changes the digest info lookup so that it is only done once during template instantiation rather than on each operation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* lib/mpi: Do not do sg_virtHerbert Xu2016-07-011-36/+50
| | | | | | | | | | Currently the mpi SG helpers use sg_virt which is completely broken. It happens to work with normal kernel memory but will fail with anything that is not linearly mapped. This patch fixes this by using the SG iterator helpers. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: rsa - Generate fixed-length outputHerbert Xu2016-07-014-35/+32
| | | | | | | | | | | | | | | | Every implementation of RSA that we have naturally generates output with leading zeroes. The one and only user of RSA, pkcs1pad wants to have those leading zeroes in place, in fact because they are currently absent it has to write those zeroes itself. So we shouldn't be stripping leading zeroes in the first place. In fact this patch makes rsa-generic produce output with fixed length so that pkcs1pad does not need to do any extra work. This patch also changes DH to use the new interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - Allow leading zeros in RSAHerbert Xu2016-07-011-27/+24
| | | | | | | | | | | This patch allows RSA implementations to produce output with leading zeroes. testmgr will skip leading zeroes when comparing the output. This patch also tries to make the RSA test function generic enough to potentially handle other akcipher algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: tcrypt - Add speed test for ctsHerbert Xu2016-07-011-0/+8
| | | | | | This patch adds speed tests for cts(cbc(aes)). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: api - Add crypto_inst_setnameHerbert Xu2016-07-012-7/+19
| | | | | | | | This patch adds the helper crypto_inst_setname because the current helper crypto_alloc_instance2 is no longer useful given that we now look up the algorithm after we allocate the instance object. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: s390/aes - Use skcipher for fallbackHerbert Xu2016-07-011-53/+60
| | | | | | This patch replaces use of the obsolete blkcipher with skcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: sahara - Use skcipher for fallbackHerbert Xu2016-07-011-62/+50
| | | | | | | | This patch replaces use of the obsolete ablkcipher with skcipher. It also removes shash_fallback which is totally unused. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: qce - Use skcipher for fallbackHerbert Xu2016-07-012-12/+17
| | | | | | This patch replaces use of the obsolete ablkcipher with skcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: picoxcell - Use skcipher for fallbackHerbert Xu2016-07-011-29/+31
| | | | | | This patch replaces use of the obsolete ablkcipher with skcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: mxs-dcp - Use skcipher for fallbackHerbert Xu2016-07-011-26/+21
| | | | | | This patch replaces use of the obsolete ablkcipher with skcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: ccp - Use skcipher for fallbackHerbert Xu2016-07-012-25/+21
| | | | | | This patch replaces use of the obsolete ablkcipher with skcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aesni - Use crypto_cipher to derive rfc4106 subkeyHerbert Xu2016-07-011-65/+11
| | | | | | | | | | | | | Currently aesni uses an async ctr(aes) to derive the rfc4106 subkey, which was presumably copied over from the generic rfc4106 code. Over there it's done that way because we already have a ctr(aes) spawn. But it is simply overkill for aesni since we have to go get a ctr(aes) from scratch anyway. This patch simplifies the subkey derivation by using a straight aes cipher instead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: tcrypt - Use skcipherHerbert Xu2016-07-011-197/+44
| | | | | | | This patch converts tcrypt to use the new skcipher interface as opposed to ablkcipher/blkcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: ahash - Add padding in crypto_ahash_extsizeHerbert Xu2016-07-011-3/+3
| | | | | | | | The function crypto_ahash_extsize did not include padding when computing the tfm context size. This patch fixes this by using the generic crypto_alg_extsize helper. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: authenc - Consider ahash ASYNC bitHerbert Xu2016-07-012-4/+8
| | | | | | | | | | | | | | | | As it is, if you get an async ahash with a sync skcipher you'll end up with a sync authenc, which is wrong. This patch fixes it by considering the ASYNC bit from ahash as well. It also fixes a little bug where if a sync version of authenc is requested we may still end up using an async ahash. Neither of them should have any effect as none of the authenc users can request for a sync authenc. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: authenc - Remove redundant sg_init_table call.Harsh Jain2016-06-291-6/+1
| | | | | | | Remove redundant sg_init_table call. scatterwalk_ffwd doing the same. Signed-off-by: Harsh Jain <harshjain.prof@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: tcrypt - Fix memory leaks/crashes in multibuffer hash speed testHerbert Xu2016-06-291-58/+71
| | | | | | | | | | | | | | | | | | This patch resolves a number of issues with the mb speed test function: * The tfm is never freed. * Memory is allocated even when we're not using mb. * When an error occurs we don't wait for completion for other requests. * When an error occurs during allocation we may leak memory. * The test function ignores plen but still runs for plen != blen. * The backlog flag is incorrectly used (may crash). This patch tries to resolve all these issues as well as making the code consistent with the existing hash speed testing function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Tested-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
* crypto: tcrypt - Use unsigned long for mb ahash cycle counterHerbert Xu2016-06-281-5/+5
| | | | | | | For the timescales we are working against there is no need to go beyond unsigned long. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>