Commit graph

152399 commits

Author SHA1 Message Date
Herbert Xu
2bf2901669 crypto: api - Do not displace newly registered algorithms
We have a mechanism where newly registered algorithms of a higher
priority can displace existing instances that use a different
implementation of the same algorithm with a lower priority.

Unfortunately the same mechanism can cause a newly registered
algorithm to displace itself if it depends on an existing version
of the same algorithm.

This patch fixes this by keeping all algorithms that the newly
reigstered algorithm depends on, thus protecting them from being
removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-31 15:56:54 +10:00
Steffen Klassert
a367b17f34 crypto: ansi_cprng - Fix module initialization
Return the value we got from crypto_register_alg() instead of
returning 0 in any case.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-29 17:36:25 +10:00
Steffen Klassert
36f87a4a29 crypto: xcbc - Fix alignment calculation of xcbc_tfm_ctx
The alignment calculation of xcbc_tfm_ctx uses alg->cra_alignmask
and not alg->cra_alignmask + 1 as it should. This led to frequent
crashes during the selftest of xcbc(aes-asm) on x86_64
machines. This patch fixes this. Also we use the alignmask
of xcbc and not the alignmask of the underlying algorithm
for the alignmnent calculation in xcbc_create now.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-20 17:58:04 +10:00
Neil Horman
4e4ed83be6 crypto: fips - Depend on ansi_cprng
What about something like this?  It defaults the CPRNG to m and makes FIPS
dependent on the CPRNG.  That way you get a module build by default, but you can
change it to y manually during config and still satisfy the dependency, and if
you select N it disables FIPS as well.  I rather like that better than making
FIPS a tristate.  I just tested it out here and it seems to work well.  Let me
know what you think

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-20 17:54:16 +10:00
Herbert Xu
63b5ac286d crypto: blkcipher - Do not use eseqiv on stream ciphers
Recently we switched to using eseqiv on SMP machines in preference
over chainiv.  However, eseqiv does not support stream ciphers so
they should still default to chainiv.

This patch applies the same check as done by eseqiv to weed out
the stream ciphers.  In particular, all algorithms where the IV
size is not equal to the block size will now default to chainiv.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-14 22:58:18 +10:00
Herbert Xu
aef27136b8 crypto: ctr - Use chainiv on raw counter mode
Raw counter mode only works with chainiv, which is no longer
the default IV generator on SMP machines.  This broke raw counter
mode as it can no longer instantiate as a givcipher.

This patch fixes it by always picking chainiv on raw counter
mode.  This is based on the diagnosis and a patch by Huang
Ying.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-13 23:10:39 +10:00
Herbert Xu
73fec12094 Revert crypto: fips - Select CPRNG
This reverts commit 215ccd6f55.

It causes CPRNG and everything selected by it to be built-in
whenever FIPS is enabled.  The problem is that it is selecting
a tristate from a bool, which is usually not what is intended.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-13 22:41:25 +10:00
Christian Kujau
a8ccc393dd crypto: rng - Fix typo
Correct a typo in crypto/rng.c

Signed-off-by: Christian Kujau <lists@nerdbynature.de>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-13 11:53:56 +10:00
Kim Phillips
81eb024c7e crypto: talitos - add support for 36 bit addressing
Enabling extended addressing in the h/w requires we always assign the
extended address component (eptr) of the talitos h/w pointer.  This is
for e500 based platforms with large memories.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-13 11:51:51 +10:00
Kim Phillips
4b99262881 crypto: talitos - align locks on cache lines
align channel access locks onto separate cache lines (for performance
reasons).  This is done by placing per-channel variables into their own
private struct, and using the cacheline_aligned attribute within that
struct.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-13 11:50:38 +10:00
Kim Phillips
e41256f139 crypto: talitos - simplify hmac data size calculation
don't do request->src vs. assoc pointer math - it's the same as adding
assoclen and ivsize (just with more effort).

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-13 11:49:06 +10:00
Sebastian Andrzej Siewior
85a7f0ac53 crypto: mv_cesa - Add support for Orion5X crypto engine
This adds support for Marvell's Cryptographic Engines and Security
Accelerator (CESA) which can be found on a few SoC.
Tested with dm-crypt.

Acked-by: Nicolas Pitre <nico@marvell.com>
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-10 12:50:03 +10:00
Huang Ying
ace1366369 crypto: cryptd - Add support to access underlaying shash
cryptd_alloc_ahash() will allocate a cryptd-ed ahash for specified
algorithm name. The new allocated one is guaranteed to be cryptd-ed
ahash, so the shash underlying can be gotten via cryptd_ahash_child().

Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-06 15:35:20 +10:00
Huang Ying
9382d97af5 crypto: gcm - Use GHASH digest algorithm
Remove the dedicated GHASH implementation in GCM, and uses the GHASH
digest algorithm instead. This will make GCM uses hardware accelerated
GHASH implementation automatically if available.

ahash instead of shash interface is used, because some hardware
accelerated GHASH implementation needs asynchronous interface.

Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-06 15:34:26 +10:00
Huang Ying
2cdc6899a8 crypto: ghash - Add GHASH digest algorithm for GCM
GHASH is implemented as a shash algorithm. The actual implementation
is copied from gcm.c. This makes it possible to add
architecture/hardware accelerated GHASH implementation.

Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-06 15:32:38 +10:00
Steffen Klassert
cbdcf80d8b crypto: authenc - Convert to ahash
This patch converts authenc to the new ahash interface.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-08-05 19:35:34 +10:00
Herbert Xu
ab30046567 crypto: api - Fix aligned ctx helper
The aligned ctx helper was using a bogus alignment value thas was
one off the correct value.  Fortunately the current users do not
require anything beyond the natural alignment of the platform so
this hasn't caused a problem.

This patch fixes that and also removes the unnecessary minimum
check since if the alignment is less than the natural alignment
then the subsequent ALIGN operation should be a noop.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-24 15:26:15 +08:00
Herbert Xu
0b767b4df3 crypto: hmac - Prehash ipad/opad
This patch uses crypto_shash_export/crypto_shash_import to prehash
ipad/opad to speed up hmac.  This is partly based on a similar patch
by Steffen Klassert.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-24 15:18:41 +08:00
Phil Carmody
7b4ffcf953 crypto: aes - Undefined behaviour in crypto_aes_expand_key
It's undefined behaviour in C to write outside the bounds of an array.
The key expansion routine takes a shortcut of creating 8 words at a
time, but this creates 4 additional words which don't fit in the array.

As everyone is hopefully now aware, GCC is at liberty to make any
assumptions and optimisations it likes in situations where it can
detect that UB has occured, up to and including nasal demons, and
as the indices being accessed in the array are trivially calculable,
it's rash to invite gcc to do take any liberties at all.

Signed-off-by: Phil Carmody <ext-phil.2.carmody@nokia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-24 13:59:17 +08:00
Steffen Klassert
0044f3eda9 crypto: shash - Test for the algorithms import function before exporting it
crypto_init_shash_ops_async() tests for setkey and not for import
before exporting the algorithms import function to ahash.
This patch fixes this.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-24 13:57:13 +08:00
Steffen Klassert
5befbd5a7e crypto: ahash - Use GFP_KERNEL on allocation if the request can sleep
ahash_op_unaligned() and ahash_def_finup() allocate memory atomically,
regardless whether the request can sleep or not. This patch changes
this to use GFP_KERNEL if the request can sleep.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-24 13:56:31 +08:00
Herbert Xu
f592682f9f crypto: shash - Require all algorithms to support export/import
This patch provides a default export/import function for all
shash algorithms.  It simply copies the descriptor context as
is done by sha1_generic.

This in essence means that all existing shash algorithms now
support export/import.  This is something that will be depended
upon in implementations such as hmac.  Therefore all new shash
and ahash implementations must support export/import.

For those that cannot obtain a partial result, padlock-sha's
fallback model should be used so that a partial result is always
available.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-22 14:38:13 +08:00
Herbert Xu
9fadfd1adf crypto: sha512-s390 - Add export/import support
This patch adds export/import support to sha512-s390 (which includes
sha384-s390).  The exported type is defined by struct sha512_state,
which is basically the entire descriptor state of sha512_generic.

Since sha512-s390 only supports a 64-bit byte count the import
function will reject anything that exceeds that.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-22 14:38:13 +08:00
Herbert Xu
13887ed688 crypto: sha512_generic - Use 64-bit counters
This patch replaces the 32-bit counters in sha512_generic with
64-bit counters.  It also switches the bit count to the simpler
byte count.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-22 14:38:13 +08:00
Herbert Xu
1f38ad8389 crypto: sha512 - Export struct sha512_state
This patch renames struct sha512_ctx and exports it as struct
sha512_state so that other sha512 implementations can use it
as the reference structure for exporting their state.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-22 14:38:12 +08:00
Herbert Xu
ac95301f27 crypto: xcbc - Fix shash conversion
Although xcbc was converted to shash, it didn't obey the new
requirement that all hash state must be stored in the descriptor
rather than the transform.

This patch fixes this issue and also optimises away the rekeying
by precomputing K2 and K3 within setkey.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-22 14:38:10 +08:00
Herbert Xu
b588ef6e69 crypto: xcbc - Use crypto_xor
This patch replaces the local xor function with the generic
crypto_xor function.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-22 14:38:10 +08:00
Herbert Xu
6fba00d176 crypto: cryptd - Add finup/export/import for hash
This patch adds the finup/export/import functions to the cryptd
ahash implementation.  We simply invoke the underlying shash
operations.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-22 11:10:22 +08:00
Sachin Sant
2a549c364a crypto: s390 - Fix sha build failure
Use struct s390_sha_ctx instead of sha1/sha256_state struct to fix
s390 crypto build break.

Signed-off-by: Sachin Sant <sachinp@in.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-16 19:58:42 +08:00
Herbert Xu
e9b25f16cd crypto: padlock - Fix hashing of partial blocks
When we encounter partial blocks in finup, we'll invoke the xsha
instruction with a bogus count that is not a multiple of the block
size.  This patch fixes it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-16 10:33:27 +08:00
Herbert Xu
cbc86b9161 crypto: shash - Fix async finup handling of null digest
When shash_ahash_finup encounters a null request, we end up not
calling the underlying final function.  This patch fixes that.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-15 21:26:41 +08:00
Herbert Xu
fa64966473 crypto: shash - Fix digest size offset
When an shash algorithm is exported as ahash, ahash will access
its digest size through hash_alg_common.  That's why the shash
layout needs to match hash_alg_common.  This wasn't the case
because the alignment weren't identical.

This patch fixes the problem.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-15 21:16:05 +08:00
Herbert Xu
a70c522520 crypto: ahash - Fix setkey crash
When the alignment check was made unconditional for ahash we
may end up crashing on shash algorithms because we're always
calling alg->setkey instead of tfm->setkey.

This patch fixes it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-15 20:39:05 +08:00
Herbert Xu
faae890883 crypto: padlock - Fix compile error on i386
The previous change to allow hashing from states other than the
initial broke compilation on i386 because the inline assembly
tried to squeeze a u64 into a 32-bit register.  As we've already
checked for 32-bit overflows we can simply truncate it to u32,
or unsigned long so that we don't truncate at all on x86-64.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-15 18:37:48 +08:00
Herbert Xu
b5ebd44eb7 crypto: xcbc - Fix incorrect error value when creating instance
If shash_alloc_instance() fails, we return the wrong error value.
This patch fixes it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-15 16:53:33 +08:00
Herbert Xu
3b3fc322d9 crypto: hmac - Fix incorrect error value when creating instance
If shash_alloc_instance() fails, we return the wrong error value.
This patch fixes it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-15 16:52:55 +08:00
Steffen Klassert
05ed8758fa crypto: cryptd - Fix uninitialized return value
If cryptd_alloc_instance() fails, the return value is uninitialized.
This patch fixes this by setting the return value.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-15 16:51:04 +08:00
Herbert Xu
305f9db22d crypto: crypto4xx - Disable SHA implementation
The crypto4xx SHA implementation keeps the hash state in the tfm
data structure.  This breaks a fundamental requirement of ahash
implementations that they must be reentrant.

This patch disables the broken implementation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-15 15:11:08 +08:00
Herbert Xu
66f6ce5e52 crypto: ahash - Add unaligned handling and default operations
This patch exports the finup operation where available and adds
a default finup operation for ahash.  The operations final, finup
and digest also will now deal with unaligned result pointers by
copying it.  Finally export/import operations are will now be
exported too.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-15 12:40:40 +08:00
Herbert Xu
093900c2b9 crypto: ahash - Use GFP_KERNEL in unaligned setkey
We currently use GFP_ATOMIC in the unaligned setkey function
to allocate the temporary aligned buffer.  Since setkey must
be called in a sleepable context, we can use GFP_KERNEL instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 21:48:35 +08:00
Herbert Xu
0e2d3a1263 crypto: shash - Fix alignment in unaligned operations
When we encounter an unaligned pointer we are supposed to copy
it to a temporary aligned location.  However the temporary buffer
isn't aligned properly.  This patch fixes that.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 21:43:56 +08:00
Herbert Xu
8c32c516eb crypto: hash - Zap unaligned buffers
Some unaligned buffers on the stack weren't zapped properly which
may cause secret data to be leaked.  This patch fixes them by doing
a zero memset.

It is also possible for us to place random kernel stack contents
in the digest buffer if a digest operation fails.  This is fixed
by only copying if the operation succeeded.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 21:35:36 +08:00
Herbert Xu
500b3e3c3d crypto: ahash - Remove old_ahash_alg
Now that all ahash implementations have been converted to the new
ahash type, we can remove old_ahash_alg and its associated support.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 20:29:57 +08:00
Herbert Xu
4dc10c0142 crypto: crypto4xx - Switch to new style ahash
This patch changes crypto4xx to use the new style ahash type.
In particular, we now use ahash_alg to define ahash algorithms
instead of crypto_alg.

This is achieved by introducing a union that encapsulates the
new type and the existing crypto_alg structure.  They're told
apart through a u32 field containing the type value.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 20:21:46 +08:00
Herbert Xu
0b535adfb1 crypto: cryptd - Switch to new style ahash
This patch changes cryptd to use the new style ahash type.  In
particular, the instance is enlarged to encapsulate the new
ahash_alg structure.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 19:11:32 +08:00
Herbert Xu
9cd899a32f crypto: cryptd - Switch to template create API
This patch changes cryptd to use the template->create function
instead of alloc in anticipation for the switch to new style
ahash algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 18:45:45 +08:00
Herbert Xu
52861c7cd7 crypto: hash - Add helpers to free spawns
This patch adds the helpers crypto_drop_ahash and crypto_drop_shash
so that these spawns can be dropped without ugly casts.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 18:30:24 +08:00
Herbert Xu
7be380f720 crypto: tcrypt - Add mask parameter
This patch adds a mask parameter to complement the existing type
parameter.  This is useful when instantiating algorithms that
require a mask other than the default, e.g., ahash algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 16:06:54 +08:00
Herbert Xu
01c2dece43 crypto: ahash - Add instance/spawn support
This patch adds support for creating ahash instances and using
ahash as spawns.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 15:54:09 +08:00
Herbert Xu
88056ec346 crypto: ahash - Convert to new style algorithms
This patch converts crypto_ahash to the new style.  The old ahash
algorithm type is retained until the existing ahash implementations
are also converted.  All ahash users will automatically get the
new crypto_ahash type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-07-14 15:54:07 +08:00