summaryrefslogtreecommitdiffstats
path: root/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* crypto: seqiv - Stop using cryptoffHerbert Xu2015-05-251-67/+158
| | | | | | | | | | | | | | | | | | | | | The cryptoff parameter was added to facilitate the skipping of IVs that sit between the AD and the plain/cipher text. However, it was never implemented correctly as and we do not handle users such as IPsec setting cryptoff. It is simply ignored. Implementing correctly is in fact more trouble than what it's worth. This patch removes the uses of cryptoff by moving the AD forward to fill the gap left by the IV. The AD is moved back after the underlying AEAD processing is finished. This is in fact beter than the cryptoff solution because it allows algorithms that use seqniv (i.e., GCM and CCM) to hash the whole packet as a single piece, while cryptoff meant that there was guaranteed to be a gap. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Stop using cryptoffHerbert Xu2015-05-251-12/+23
| | | | | | | | | | | | | | | | The cryptoff parameter was added to facilitate the skipping of IVs that sit between the AD and the plain/cipher text. However, it was never implemented correctly as and we do not handle users such as IPsec setting cryptoff. It is simply ignored. Implementing correctly is in fact more trouble than what it's worth. This patch removes the uses of cryptoff and simply falls back to using the old AEAD interface as it's only needed for old AEAD implementations. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Do not set cra_type for new style instancesHerbert Xu2015-05-251-3/+1
| | | | | | | | | The function aead_geniv_alloc currently sets cra_type even for new style instances. This is unnecessary and may hide bugs such as when our caller uses crypto_register_instance instead of the correct aead_register_instance. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Use aead_register_instanceHerbert Xu2015-05-251-19/+23
| | | | | | | | | | | | New style AEAD instances must use aead_register_instance. This worked by chance because aead_geniv_alloc is still setting things the old way. This patch converts the template over to the create model where we are responsible for instance registration so that we can call the correct function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: seqiv - Use aead_register_instanceHerbert Xu2015-05-251-56/+79
| | | | | | | | | | | | New style AEAD instances must use aead_register_instance. This worked by chance because aead_geniv_alloc is still setting things the old way. This patch converts the template over to the create model where we are responsible for instance registration so that we can call the correct function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Use tmpl->createHerbert Xu2015-05-251-0/+8
| | | | | | | Newer templates use tmpl->create and have a NULL tmpl->alloc. So we must use tmpl->create if it is set. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: skcipher - Use tmpl->createHerbert Xu2015-05-251-0/+8
| | | | | | | Newer templates use tmpl->create and have a NULL tmpl->alloc. So we must use tmpl->create if it is set. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - echainiv_read_iv() can be staticWu Fengguang2015-05-251-2/+2
| | | | | Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: pcrypt - Make tfm_count an atomic_tHerbert Xu2015-05-251-4/+4
| | | | | | | The variable tfm_count is accessed by multiple threads without locking. This patch converts it to an atomic_t. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Add crypto_aead_alg_ivsize/maxauthsizeHerbert Xu2015-05-251-12/+3
| | | | | | | | | | | AEAD algorithm implementors need to figure out a given algorithm's IV size and maximum authentication size. During the transition this is difficult to do as an algorithm could be new style or old style. This patch creates two helpers to make this easier. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - Added one larger ghash testvector (400 bytes) to the testmgr.Harald Freudenberger2015-05-251-1/+58
| | | | | Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Add encrypted chain IV generatorHerbert Xu2015-05-223-0/+542
| | | | | | | | | | | | | | This patch adds a new AEAD IV generator echainiv. It is intended to replace the existing skcipher IV generator eseqiv. If the underlying AEAD algorithm is using the old AEAD interface, then echainiv will simply use its IV generator. Otherwise, echainiv will encrypt a counter just like eseqiv but it'll first xor it against a previously stored IV similar to chainiv. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: seqiv - Add seqnivHerbert Xu2015-05-221-1/+70
| | | | | | | | | | | | This patch adds a new IV generator seqniv which is identical to seqiv except that it skips the IV when authenticating. This is intended to be used by algorithms such as rfc4106 that does the IV authentication implicitly. Note that the code used for seqniv is in fact identical to the compatibility case for seqiv. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: seqiv - Add support for new AEAD interfaceHerbert Xu2015-05-223-47/+440
| | | | | | | | | | | | | | | | | | | | This patch converts the seqiv IV generator to work with the new AEAD interface where IV generators are just normal AEAD algorithms. Full backwards compatibility is paramount at this point since no users have yet switched over to the new interface. Nor can they switch to the new interface until IV generation is fully supported by it. So this means we are adding two versions of seqiv alongside the existing one. The first one is the one that will be used when the underlying AEAD algorithm has switched over to the new AEAD interface. The second one handles the current case where the underlying AEAD algorithm still uses the old interface. Both versions export themselves through the new AEAD interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: scatterwalk - Check for same address in map_and_copyHerbert Xu2015-05-221-10/+6
| | | | | | | | | | | | | This patch adds a check for in scatterwalk_map_and_copy to avoid copying from the same address to the same address. This is going to be used for IV copying in AEAD IV generators. There is no provision for partial overlaps. This patch also uses the new scatterwalk_ffwd instead of doing it by hand in scatterwalk_map_and_copy. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: gcm - Use default null skcipherHerbert Xu2015-05-221-17/+6
| | | | | | | This patch makes gcm use the default null skcipher instead of allocating a new one for each tfm. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: null - Add default null skcipherHerbert Xu2015-05-221-0/+39
| | | | | | | This patch adds a default null skcipher for users such as gcm to perform copies on SG lists. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Add support for new AEAD implementationsHerbert Xu2015-05-221-15/+137
| | | | | | | | | | This patch adds the basic structure of the new AEAD type. Unlike the current version, there is no longer any concept of geniv. IV generation will still be carried out by wrappers but they will be normal AEAD algorithms that simply take the IPsec sequence number as the IV. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Rename aead_alg to old_aead_algHerbert Xu2015-05-221-12/+13
| | | | | | | | | | | This patch is the first step in the introduction of a new AEAD alg type. Unlike normal conversions this patch only renames the existing aead_alg structure because there are external references to it. Those references will be removed after this patch. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Add new interface with single SG listHerbert Xu2015-05-221-2/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | The primary user of AEAD, IPsec includes the IV in the AD in most cases, except where it is implicitly authenticated by the underlying algorithm. The way it is currently implemented is a hack because we pass the data in piecemeal and the underlying algorithms try to stitch them back up into one piece. This is why this patch is adding a new interface that allows a single SG list to be passed in that contains everything so the algorithm implementors do not have to stitch. The new interface accepts a single source SG list and a single destination SG list. Both must be laid out as follows: AD, skipped data, plain/cipher text, ICV The ICV is not present from the source during encryption and from the destination during decryption. For the top-level IPsec AEAD algorithm the plain/cipher text will contain the generated (or received) IV. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: scatterwalk - Add scatterwalk_ffwd helperHerbert Xu2015-05-221-0/+22
| | | | | | | | | This patch adds the scatterwalk_ffwd helper which can create an SG list that starts in the middle of an existing SG list. The new list may either be part of the existing list or be a chain that latches onto part of the existing list. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: pcrypt - Use crypto_grab_aeadHerbert Xu2015-05-221-36/+35
| | | | | | | | | | | | As AEAD has switched over to using frontend types, the function crypto_init_spawn must not be used since it does not specify a frontend type. Otherwise it leads to a crash when the spawn is used. This patch fixes it by switching over to crypto_grab_aead instead. Fixes: 5d1d65f8bea6 ("crypto: aead - Convert top level interface to new style") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: cryptd - Use crypto_grab_aeadHerbert Xu2015-05-221-23/+37
| | | | | | | | | | | | As AEAD has switched over to using frontend types, the function crypto_init_spawn must not be used since it does not specify a frontend type. Otherwise it leads to a crash when the spawn is used. This patch fixes it by switching over to crypto_grab_aead instead. Fixes: 5d1d65f8bea6 ("crypto: aead - Convert top level interface to new style") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: md5 - use md5 IV MD5_HX instead of their raw valueLABBE Corentin2015-05-181-4/+4
| | | | | | | Since MD5 IV are now available in crypto/md5.h, use them. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Convert top level interface to new styleHerbert Xu2015-05-131-113/+48
| | | | | | | | | | | | | | | This patch converts the top-level aead interface to the new style. All user-level AEAD interface code have been moved into crypto/aead.h. The allocation/free functions have switched over to the new way of allocating tfms. This patch also removes the double indrection on setkey so the indirection now exists only at the alg level. Apart from these there are no user-visible changes. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: seqiv - Use crypto_aead_set_reqsize helperHerbert Xu2015-05-131-1/+2
| | | | | | | This patch uses the crypto_aead_set_reqsize helper to avoid directly touching the internals of aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: pcrypt - Use crypto_aead_set_reqsize helperHerbert Xu2015-05-131-3/+4
| | | | | | | This patch uses the crypto_aead_set_reqsize helper to avoid directly touching the internals of aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: gcm - Use crypto_aead_set_reqsize helperHerbert Xu2015-05-131-11/+11
| | | | | | | This patch uses the crypto_aead_set_reqsize helper to avoid directly touching the internals of aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: cryptd - Use crypto_aead_set_reqsize helperHerbert Xu2015-05-131-1/+2
| | | | | | | This patch uses the crypto_aead_set_reqsize helper to avoid directly touching the internals of aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: ccm - Use crypto_aead_set_reqsize helperHerbert Xu2015-05-131-7/+7
| | | | | | | This patch uses the crypto_aead_set_reqsize helper to avoid directly touching the internals of aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: authencesn - Use crypto_aead_set_reqsize helperHerbert Xu2015-05-131-7/+8
| | | | | | | This patch uses the crypto_aead_set_reqsize helper to avoid directly touching the internals of aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: authenc - Use crypto_aead_set_reqsize helperHerbert Xu2015-05-131-7/+8
| | | | | | | This patch uses the crypto_aead_set_reqsize helper to avoid directly touching the internals of aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: blkcipher - Include crypto/aead.hHerbert Xu2015-05-131-0/+1
| | | | | | | All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: authencesn - Include internal/aead.hHerbert Xu2015-05-131-1/+1
| | | | | | | All AEAD implementations must include internal/aead.h in order to access required helpers. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: authenc - Include internal/aead.hHerbert Xu2015-05-131-1/+1
| | | | | | | All AEAD implementations must include internal/aead.h in order to access required helpers. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: api - Add crypto_grab_spawn primitiveHerbert Xu2015-05-131-0/+16
| | | | | | | | | | | | | | This patch adds a new primitive crypto_grab_spawn which is meant to replace crypto_init_spawn and crypto_init_spawn2. Under the new scheme the user no longer has to worry about reference counting the alg object before it is subsumed by the spawn. It is pretty much an exact copy of crypto_grab_aead. Prior to calling this function spawn->frontend and spawn->inst must have been set. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: 842 - change 842 alg to use softwareDan Streetman2015-05-112-141/+40
| | | | | | | | | | | | | | | | | | | | | | Change the crypto 842 compression alg to use the software 842 compression and decompression library. Add the crypto driver_name as "842-generic". Remove the fallback to LZO compression. Previously, this crypto compression alg attemped 842 compression using PowerPC hardware, and fell back to LZO compression and decompression if the 842 PowerPC hardware was unavailable or failed. This should not fall back to any other compression method, however; users of this crypto compression alg can fallback if desired, and transparent fallback tricks callers into thinking they are getting 842 compression when they actually get LZO compression - the failure of the 842 hardware should not be transparent to the caller. The crypto compression alg for a hardware device also should not be located in crypto/ so this is now a software-only implementation that uses the 842 software compression/decompression library. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - add test cases for CRC32Ard Biesheuvel2015-05-112-0/+443
| | | | | | | | | | This adds a couple of test cases for CRC32 (not CRC32c) to ensure that the generic and arch specific implementations are in sync. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Steve Capper <steve.capper@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - Wrap the LHS in expressions of the form !x == yDavid Howells2015-05-011-3/+3
| | | | | | | | | | | | | | | | In the test manager, there are a number of if-statements with expressions of the form !x == y that incur warnings with gcc-5 of the following form: ../crypto/testmgr.c: In function '__test_aead': ../crypto/testmgr.c:523:12: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] if (!ret == template[i].fail) { ^ By converting the 'fail' member of struct aead_testvec and struct cipher_testvec to a bool, we can get rid of the warnings. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: pcomp - Constify (de)compression parametersDavid Howells2015-05-012-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | In testmgr, struct pcomp_testvec takes a non-const 'params' field, which is pointed to a const deflate_comp_params or deflate_decomp_params object. With gcc-5 this incurs the following warnings: In file included from ../crypto/testmgr.c:44:0: ../crypto/testmgr.h:28736:13: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] .params = &deflate_comp_params, ^ ../crypto/testmgr.h:28748:13: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] .params = &deflate_comp_params, ^ ../crypto/testmgr.h:28776:13: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] .params = &deflate_decomp_params, ^ ../crypto/testmgr.h:28800:13: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] .params = &deflate_decomp_params, ^ Fix this by making the parameters pointer const and constifying the things that use it. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Fix corner case in crypto_lookup_aeadHerbert Xu2015-04-261-1/+1
| | | | | | | | | | When the user explicitly states that they don't care whether the algorithm has been tested (type = CRYPTO_ALG_TESTED and mask = 0), there is a corner case where we may erroneously return ENOENT. This patch fixes it by correcting the logic in the test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: skcipher - Fix corner case in crypto_lookup_skcipherHerbert Xu2015-04-261-1/+1
| | | | | | | | | | When the user explicitly states that they don't care whether the algorithm has been tested (type = CRYPTO_ALG_TESTED and mask = 0), there is a corner case where we may erroneously return ENOENT. This patch fixes it by correcting the logic in the test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: api - Fix build error when modules are disabledHerbert Xu2015-04-261-1/+1
| | | | | | | | | | | | The commit 59afdc7b32143528524455039e7557a46b60e4c8 ("crypto: api - Move module sig ifdef into accessor function") broke the build when modules are completely disabled because we directly dereference module->name. This patch fixes this by using the accessor function module_name. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - Include crypto/aead.hHerbert Xu2015-04-231-0/+1
| | | | | | | | All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
* crypto: tcrypt - Include crypto/aead.hHerbert Xu2015-04-231-0/+1
| | | | | | | | All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
* crypto: algif_aead - Include crypto/aead.hHerbert Xu2015-04-231-0/+1
| | | | | | | | All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
* crypto: api - Remove linux/fips.h from internal.hHerbert Xu2015-04-231-1/+0
| | | | | | | | Now that all fips_enabled users are including linux/fips.h directly instead of getting it through internal.h, we can remove the fips.h inclusions from internal.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: testmgr - Include linux/fips.h for fips_enabledHerbert Xu2015-04-231-0/+1
| | | | | | | All users of fips_enabled should include linux/fips.h directly instead of getting it through internal.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: tcrypt - Include linux/fips.h for fips_enabledHerbert Xu2015-04-231-1/+1
| | | | | | | | All users of fips_enabled should include linux/fips.h directly instead of getting it through internal.h which is reserved for internal crypto API implementors. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: fips - Move fips_enabled sysctl into fips.cHerbert Xu2015-04-232-41/+48
| | | | | | | | | | | | There is currently a large ifdef FIPS code section in proc.c. Ostensibly it's there because the fips_enabled sysctl sits under /proc/sys/crypto. However, no other crypto sysctls exist. In fact, the whole ethos of the crypto API is against such user interfaces so this patch moves all the FIPS sysctl code over to fips.c. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>