Commit graph

180 commits

Author SHA1 Message Date
Dmitry Eremin-Solenikov
d8e4b24ffb crypto: testmgr - add AES-CFB tests
commit 7da66670775d201f633577f5b15a4bbeebaaa2b0 upstream.

Add AES128/192/256-CFB testvectors from NIST SP800-38A.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-09 17:38:44 +01:00
Horia Geantă
94c7bb6598 crypto: tcrypt - fix ghash-generic speed test
commit 331351f89c36bf7d03561a28b6f64fa10a9f6f3a upstream.

ghash is a keyed hash algorithm, thus setkey needs to be called.
Otherwise the following error occurs:
$ modprobe tcrypt mode=318 sec=1
testing speed of async ghash-generic (ghash-generic)
tcrypt: test  0 (   16 byte blocks,   16 bytes per update,   1 updates):
tcrypt: hashing failed ret=-126

Cc: <stable@vger.kernel.org> # 4.6+
Fixes: 0660511c0b ("crypto: tcrypt - Use ahash")
Tested-by: Franck Lenormand <franck.lenormand@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-13 11:08:45 -08:00
Horia Geantă
2af632996b crypto: tcrypt - reschedule during speed tests
Avoid RCU stalls in the case of non-preemptible kernel and lengthy
speed tests by rescheduling when advancing from one block size
to another.

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-08-03 18:06:02 +08:00
Eric Biggers
0917b87312 crypto: vmac - remove insecure version with hardcoded nonce
Remove the original version of the VMAC template that had the nonce
hardcoded to 0 and produced a digest with the wrong endianness.  I'm
unsure whether this had users or not (there are no explicit in-kernel
references to it), but given that the hardcoded nonce made it wildly
insecure unless a unique key was used for each message, let's try
removing it and see if anyone complains.

Leave the new "vmac64" template that requires the nonce to be explicitly
specified as the first 16 bytes of data and uses the correct endianness
for the digest.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-07-01 21:00:44 +08:00
Eric Biggers
a179a2bf05 crypto: testmgr - remove bfin_crc "hmac(crc32)" test vectors
The Blackfin CRC driver was removed by commit 9678a8dc53 ("crypto:
bfin_crc - remove blackfin CRC driver"), but it was forgotten to remove
the corresponding "hmac(crc32)" test vectors.  I see no point in keeping
them since nothing else appears to implement or use "hmac(crc32)", which
isn't an algorithm that makes sense anyway because HMAC is meant to be
used with a cryptographically secure hash function, which CRC's are not.

Thus, remove the unneeded test vectors.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-27 00:12:10 +08:00
Kees Cook
4e234eed58 crypto: tcrypt - Remove VLA usage
In the quest to remove all stack VLA usage from the kernel[1], this
allocates the return code buffers before starting jiffie timers, rather
than using stack space for the array. Additionally cleans up some exit
paths and make sure that the num_mb module_param() is used only once
per execution to avoid possible races in the value changing.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-05 14:52:53 +08:00
Gilad Ben-Yossef
cd83a8a7c3 crypto: testmgr - introduce SM4 tests
Add testmgr tests for the newly introduced SM4 ECB symmetric cipher.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-03-16 23:35:50 +08:00
Colin Ian King
c6ba4f3e68 crypto: tcrypt - free xoutbuf instead of axbuf
There seems to be a cut-n-paste bug with the name of the buffer being
free'd, xoutbuf should be used instead of axbuf.

Detected by CoverityScan, CID#1463420 ("Copy-paste error")

Fixes: 427988d981 ("crypto: tcrypt - add multibuf aead speed test")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-01-12 23:03:07 +11:00
Colin Ian King
38dbe2d190 crypto: tcrypt - fix spelling mistake: "bufufer"-> "buffer"
Trivial fix to spelling mistakes in pr_err error message text.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-01-12 23:03:06 +11:00
Gilad Ben-Yossef
427988d981 crypto: tcrypt - add multibuf aead speed test
The performance of some aead tfm providers is affected by
the amount of parallelism possible with the processing.

Introduce an async aead concurrent multiple buffer
processing speed test to be able to test performance of such
tfm providers.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-12-28 17:56:42 +11:00
Gilad Ben-Yossef
e161c5930c crypto: tcrypt - add multibuf skcipher speed test
The performance of some skcipher tfm providers is affected by
the amount of parallelism possible with the processing.

Introduce an async skcipher concurrent multiple buffer
processing speed test to be able to test performance of such
tfm providers.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-12-28 17:56:41 +11:00
Gilad Ben-Yossef
b34a0f67ba crypto: tcrypt - add multi buf ahash jiffies test
The multi buffer concurrent requests ahash speed test only
supported the cycles mode. Add support for the so called
jiffies mode that test performance of bytes/sec.

We only add support for digest mode at the moment.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-12-28 17:56:41 +11:00
Gilad Ben-Yossef
8fcdc86856 crypto: tcrypt - allow setting num of bufs
For multiple buffers speed tests, the number of buffers, or
requests, used actually sets the level of parallelism a tfm
provider may utilize to hide latency. The existing number
(of 8) is good for some software based providers but not
enough for many HW providers with deep FIFOs.

Add a module parameter that allows setting the number of
multiple buffers/requests used, leaving the default at 8.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-12-28 17:56:40 +11:00
Gilad Ben-Yossef
4431bd4953 crypto: tcrypt - fix AEAD decryption speed test
The AEAD speed test pretended to support decryption, however that support
was broken as decryption requires a valid auth field which the test did
not provide.

Fix this by running the encryption path once with inout/output sgls
switched to calculate the auth field prior to performing decryption
speed tests.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-12-28 17:56:39 +11:00
Gilad Ben-Yossef
7c3f132389 crypto: tcrypt - use multi buf for ahash mb test
The multi buffer ahash speed test was allocating multiple
buffers for use with the multiple outstanding requests
it was starting but never actually using them (except
to free them), instead using a different single statically
allocated buffer for all requests.

Fix this by actually using the allocated buffers for the test.

It is noted that it may seem tempting to instead remove the
allocation and free of the multiple buffers and leave things as
they are since this is a hash test where the input is read
only. However, after consideration I believe that multiple
buffers better reflect real life scenario with regard
to data cache and TLB behaviours etc.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-12-28 17:56:39 +11:00
Tudor-Dan Ambarus
5601e014fe crypto: tcrypt - set assoc in sg_init_aead()
Results better code readability.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-11-29 17:33:26 +11:00
Robert Baronescu
5c6ac1d4f8 crypto: tcrypt - fix S/G table for test_aead_speed()
In case buffer length is a multiple of PAGE_SIZE,
the S/G table is incorrectly generated.
Fix this by handling buflen = k * PAGE_SIZE separately.

Signed-off-by: Robert Baronescu <robert.baronescu@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-11-29 16:43:40 +11:00
Gilad Ben-Yossef
646710419a crypto: tcrypt - move to generic async completion
tcrypt starts several async crypto ops and  waits for their completions.
Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-11-03 22:11:22 +08:00
Robert Baronescu
7aacbfcb33 crypto: tcrypt - fix buffer lengths in test_aead_speed()
Fix the way the length of the buffers used for
encryption / decryption are computed.
For e.g. in case of encryption, input buffer does not contain
an authentication tag.

Signed-off-by: Robert Baronescu <robert.baronescu@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-11-03 21:50:47 +08:00
Gustavo A. R. Silva
59517226a3 crypto: tcrypt - mark expected switch fall-throughs in do_test()
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.

Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-11-03 21:50:46 +08:00
Geliang Tang
52872f5288 crypto: drop unnecessary return statements
Fix checkpatch.pl warnings:

WARNING: void function return statements are not generally useful
FILE: crypto/rmd128.c:218:
FILE: crypto/rmd160.c:261:
FILE: crypto/rmd256.c:233:
FILE: crypto/rmd320.c:280:
FILE: crypto/tcrypt.c:385:
FILE: drivers/crypto/ixp4xx_crypto.c:538:
FILE: drivers/crypto/marvell/cesa.c:81:
FILE: drivers/crypto/ux500/cryp/cryp_core.c:1755:

Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-09-22 17:43:28 +08:00
Gilad Ben-Yossef
b7e2753040 crypto: sm3 - add SM3 test vectors
Add testmgr and tcrypt tests and vectors for SM3 secure hash.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-09-22 17:43:08 +08:00
Horia Geantă
b66ad0b7aa crypto: tcrypt - remove AES-XTS-192 speed tests
Remove xts(aes) speed tests with 2 x 192-bit keys, since implementations
adhering strictly to IEEE 1619-2007 standard cannot cope with key sizes
other than 2 x 128, 2 x 256 bits - i.e. AES-XTS-{128,256}:
[...]
tcrypt: test 5 (384 bit key, 16 byte blocks):
caam_jr 8020000.jr: key size mismatch
tcrypt: setkey() failed flags=200000
[...]

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-08-03 13:47:20 +08:00
Gilad Ben-Yossef
981a2e3e45 crypto: tcrypt - don't disable irqs and wait
The tcrypt AEAD cycles speed tests disables irqs during the test, which is
broken at the very least since commit
'1425d2d17f7309c6 ("crypto: tcrypt - Fix AEAD speed tests")'
adds a wait for completion as part of the test and probably since
switching to the new AEAD API.

While the result of taking a cycle count diff may not mean much on SMP
systems if the task migrates, it's good enough for tcrypt being the quick
& dirty dev tool it is. It's also what all the other (i.e. hash) cycle
speed tests do.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Reported-by: Ofir Drang <ofir.drang@arm.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-05-18 13:19:48 +08:00
Rabin Vincent
76512f2d8c crypto: tcrypt - Add debug prints
tcrypt is very tight-lipped when it succeeds, but a bit more feedback
would be useful when developing or debugging crypto drivers, especially
since even a successful run ends with the module failing to insert. Add
a couple of debug prints, which can be enabled with dynamic debug:

Before:

 # insmod tcrypt.ko mode=10
 insmod: can't insert 'tcrypt.ko': Resource temporarily unavailable

After:

 # insmod tcrypt.ko mode=10 dyndbg
 tcrypt: testing ecb(aes)
 tcrypt: testing cbc(aes)
 tcrypt: testing lrw(aes)
 tcrypt: testing xts(aes)
 tcrypt: testing ctr(aes)
 tcrypt: testing rfc3686(ctr(aes))
 tcrypt: all tests passed
 insmod: can't insert 'tcrypt.ko': Resource temporarily unavailable

Signed-off-by: Rabin Vincent <rabinv@axis.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-01-23 22:50:24 +08:00
raveendra padasalagi
98eca72fa0 crypto: sha3 - Add HMAC-SHA3 test modes and test vectors
This patch adds HMAC-SHA3 test modes in tcrypt module
and related test vectors.

Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-07-01 23:45:24 +08:00
Herbert Xu
d13cd11fbc crypto: tcrypt - Do not bail on EINPROGRESS in multibuffer hash test
The multibuffer hash speed test is incorrectly bailing because
of an EINPROGRESS return value.  This patch fixes it by setting
ret to zero if it is equal to -EINPROGRESS.

Reported-by: Megha Dey <megha.dey@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-07-01 23:45:21 +08:00
Herbert Xu
1503a24f53 crypto: tcrypt - Add speed test for cts
This patch adds speed tests for cts(cbc(aes)).

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-07-01 23:45:11 +08:00
Herbert Xu
7166e589da crypto: tcrypt - Use skcipher
This patch converts tcrypt to use the new skcipher interface as
opposed to ablkcipher/blkcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-07-01 23:45:04 +08:00
Herbert Xu
72259deb3a crypto: tcrypt - Fix memory leaks/crashes in multibuffer hash speed test
This patch resolves a number of issues with the mb speed test
function:

* The tfm is never freed.
* Memory is allocated even when we're not using mb.
* When an error occurs we don't wait for completion for other requests.
* When an error occurs during allocation we may leak memory.
* The test function ignores plen but still runs for plen != blen.
* The backlog flag is incorrectly used (may crash).

This patch tries to resolve all these issues as well as making
the code consistent with the existing hash speed testing function.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
2016-06-29 18:12:42 +08:00
Herbert Xu
f8de55b625 crypto: tcrypt - Use unsigned long for mb ahash cycle counter
For the timescales we are working against there is no need to
go beyond unsigned long.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-28 16:43:40 +08:00
Krzysztof Kozlowski
f83f5b12ee crypto: tcrypt - Fix mixing printk/pr_err and obvious indentation issues
The recently added test_mb_ahash_speed() has clearly serious coding
style issues. Try to fix some of them:
1. Don't mix pr_err() and printk();
2. Don't wrap strings;
3. Properly align goto statement in if() block;
4. Align wrapped arguments on new line;
5. Don't wrap functions on first argument;

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-28 16:06:41 +08:00
Megha Dey
14009c4bde crypto: tcrypt - Add new mode for sha512_mb
Add a new mode to calculate the speed of the sha512_mb algorithm

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Reviewed-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-28 16:06:41 +08:00
Megha Dey
087bcd225c crypto: tcrypt - Add speed tests for SHA multibuffer algorithms
The existing test suite to calculate the speed of the SHA algorithms
assumes serial (single buffer)) computation of data. With the SHA
multibuffer algorithms, we work on 8 lanes of data in parallel. Hence,
the need to introduce a new test suite to calculate the speed for these
algorithms.

Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-27 16:57:46 +08:00
raveendra padasalagi
79cc6ab894 crypto: sha3 - Add SHA-3 Test's in tcrypt
Added support for SHA-3 algorithm test's
in tcrypt module and related test vectors.

Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-20 19:25:02 +08:00
Herbert Xu
0660511c0b crypto: tcrypt - Use ahash
This patch removes the last user of the obsolete crypto_hash
interface, tcrypt, by simply switching it over to ahash.  In
fact it already has all the code there so it's just a matter
of calling the ahash speed test code with the right mask.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06 15:33:08 +08:00
Cyrille Pitchen
f18611da86 crypto: tcrypt - fix keysize argument of test_aead_speed for gcm(aes)
The key sizes used by AES in GCM mode should be 128, 192 or 256 bits (16,
24 or 32 bytes).
There is no additional 4byte nonce as for RFC 4106.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-23 20:55:52 +08:00
Horia Geant?
f074f7b103 crypto: tcrypt - avoid mapping from module image addresses
The output buffer in test_ahash_speed will point to an address located
within the tcrypt module image.
This causes problems when trying to DMA map the buffer.
For e.g. on ARM-based LS1021A, a page fault occurs within the
DMA API when trying to access the struct page returned by
virt_to_page(output):

insmod tcrypt.ko mode=403

testing speed of async sha1 (sha1-caam)
test  0 (   16 byte blocks,   16 bytes per update,   1 updates):
Unable to handle kernel paging request at virtual address f07e9080
pgd = e58d0e00
[f07e9080] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: 206 [#1] SMP THUMB2
Modules linked in: tcrypt(+)
CPU: 1 PID: 1119 Comm: insmod Not tainted 4.2.0-rc1-256134-gbf433416e675 #1
Hardware name: Freescale LS1021A
task: ea063900 ti: e5a34000 task.ti: e5a34000
PC is at dma_cache_maint_page+0x38/0xd0
LR is at __dma_page_cpu_to_dev+0x15/0x64
pc : [<800155a0>]    lr : [<8001564d>]    psr: 000f0033
sp : e5a35ca0  ip : 8063df00  fp : f07e9080
r10: 00000cd0  r9 : 8063df00  r8 : 805a2f04
r7 : 0017f804  r6 : 00000002  r5 : ee7f9000  r4 : 00000014
r3 : 80612d40  r2 : 01ff0080  r1 : 00000380  r0 : ee7f9000
Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA Thumb  Segment user
Control: 70c5387d  Table: e58d0e00  DAC: 9b7ede70
Process insmod (pid: 1119, stack limit = 0xe5a34210)
Stack: (0xe5a35ca0 to 0xe5a36000)
[...]
[<800155a0>] (dma_cache_maint_page) from [<8001564d>] (__dma_page_cpu_to_dev+0x15/0x64)
[<8001564d>] (__dma_page_cpu_to_dev) from [<800156eb>] (arm_dma_map_page+0x1f/0x44)
[<800156eb>] (arm_dma_map_page) from [<802935e3>] (ahash_digest+0x35f/0x510)
[<802935e3>] (ahash_digest) from [<7f800d03>] (test_ahash_speed.constprop.6+0x24a/0x4e4 [tcrypt])
[<7f800d03>] (test_ahash_speed.constprop.6 [tcrypt]) from [<7f802fd5>] (do_test+0x1898/0x2058 [tcrypt])
[<7f802fd5>] (do_test [tcrypt]) from [<7f80802f>] (tcrypt_mod_init+0x2e/0x63 [tcrypt])
[<7f80802f>] (tcrypt_mod_init [tcrypt]) from [<80009517>] (do_one_initcall+0xb3/0x134)
[<80009517>] (do_one_initcall) from [<80351ec7>] (do_init_module+0x3b/0x13c)
[<80351ec7>] (do_init_module) from [<8005cc3f>] (load_module+0x97b/0x9dc)
[<8005cc3f>] (load_module) from [<8005cd8d>] (SyS_finit_module+0x35/0x3e)
[<8005cd8d>] (SyS_finit_module) from [<8000d101>] (ret_fast_syscall+0x1/0x4c)
Code: 1aba 0152 eb00 0b02 (5882) 0f92

addr2line -f -i -e vmlinux 800155a0
page_zonenum
include/linux/mm.h:728
page_zone
include/linux/mm.h:881
dma_cache_maint_page
arch/arm/mm/dma-mapping.c:822

Signed-off-by: Horia Geant? <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-09-21 22:00:36 +08:00
Herbert Xu
5e4b8c1fcc crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag
This patch removes the CRYPTO_ALG_AEAD_NEW flag now that everyone
has been converted.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-08-17 16:53:53 +08:00
Martin Willi
2dce063a31 crypto: tcrypt - Add ChaCha20/Poly1305 speed tests
Adds individual ChaCha20 and Poly1305 and a combined rfc7539esp AEAD speed
test using mode numbers 214, 321 and 213. For Poly1305 we add a specific
speed template, as it expects the key prepended to the input data.

Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-07-17 21:20:20 +08:00
Herbert Xu
34a1c740ea crypto: tcrypt - Add support for new IV convention
This patch allows the AEAD speed tests to cope with the new seqiv
calling convention as well as the old one.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-07-14 14:56:46 +08:00
Vutla, Lokesh
1425d2d17f crypto: tcrypt - Fix AEAD speed tests
The AEAD speed tests doesn't do a wait_for_completition,
if the return value is EINPROGRESS or EBUSY.
Fixing it here.
Also add a test case for gcm(aes).

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-07-08 15:18:47 +08:00
Herbert Xu
31267270a3 crypto: tcrypt - Fixed AEAD speed test setup
The AEAD speed test SG list setup did not correctly mark the AD,
potentially causing a crash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-18 14:45:33 +08:00
Herbert Xu
4e4aab63d7 crypto: tcrypt - Add rfc4309(ccm(aes)) speed test
This patch adds a speed test for rfc4309(ccm(aes)) as mode 212.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-18 14:45:32 +08:00
Herbert Xu
a3f2185a29 crypto: tcrypt - Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:21 +08:00
Herbert Xu
1ce5a04d9f crypto: tcrypt - Include crypto/aead.h
All users of AEAD should include crypto/aead.h instead of
include/linux/crypto.h.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David S. Miller <davem@davemloft.net>
2015-04-23 14:18:11 +08:00
Herbert Xu
daf0944cfb crypto: tcrypt - Include linux/fips.h for fips_enabled
All users of fips_enabled should include linux/fips.h directly
instead of getting it through internal.h which is reserved for
internal crypto API implementors.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23 14:18:09 +08:00
Herbert Xu
43a9607d86 crypto: tcrypt - Handle async return from crypto_ahash_init
The function crypto_ahash_init can also be asynchronous just
like update and final.  So all callers must be able to handle
an async return.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23 14:18:05 +08:00
Horia Geant?
007ee8dec6 crypto: tcrypt - fix uninit sg entries in test_acipher_speed
Commit 5be4d4c94b ("crypto: replace scatterwalk_sg_next with sg_next")
did not consider the fact that scatterwalk_sg_next() was looking at
sg entry length, while sg_next() looks at the "chained" sg bit.

This should have no effect in theory. However in practice, there are
cases where the sg table is initialized to a number of entries and
some of them are not properly configured. While scatterwalk_sg_next()
would have returned NULL (since sg length = 0 and sg page_link = 0),
sg_next() happily returns the next unconfigured sg entry.

insmod tcrypt.ko mode=500 sec=1

testing speed of async cbc(aes) (cbc-aes-talitos) encryption
test 0 (128 bit key, 16 byte blocks):
Unable to handle kernel paging request for data at address 0x00000000
Faulting instruction address: 0xc00d79e4
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=8 P1022 DS
Modules linked in: tcrypt(+) talitos
CPU: 0 PID: 2670 Comm: insmod Not tainted 4.0.0-rc1-QorIQ-SDK-V1.6+g904f1ca82209 #1
task: e8de3200 ti: e70bc000 task.ti: e70bc000
NIP: c00d79e4 LR: f92d223c CTR: c00d79c8
REGS: e70bda00 TRAP: 0300   Not tainted  (4.0.0-rc1-QorIQ-SDK-V1.6+g904f1ca82209)
MSR: 00029000 <CE,EE,ME>  CR: 84428f22  XER: 00000000
DEAR: 00000000 ESR: 00000000
GPR00: f92d223c e70bdab0 e8de3200 00000000 e70bdbb8 00000001 00000000 00000000
GPR08: 00000000 00000000 c08b0380 27282010 c00d79c8 1003a634 00000000 e70bdf1c
GPR16: e70bdef0 00000020 00000000 c08c0000 00000010 00000000 e70bdbb8 00000010
GPR24: e976d3a8 00000010 00000000 e70bdbd8 e8961010 00000001 c086e560 00000000
NIP [c00d79e4] page_address+0x1c/0x110
LR [f92d223c] talitos_map_sg+0x130/0x184 [talitos]
Call Trace:
[e70bdab0] [00000010] 0x10 (unreliable)
[e70bdad0] [f92d223c] talitos_map_sg+0x130/0x184 [talitos]
[e70bdb00] [f92d30d8] common_nonsnoop.constprop.13+0xc0/0x304 [talitos]
[e70bdb30] [f933fd90] test_acipher_speed+0x434/0x7dc [tcrypt]
[e70bdcc0] [f934318c] do_test+0x2478/0x306c [tcrypt]
[e70bdd80] [f11fe058] tcrypt_mod_init+0x58/0x100 [tcrypt]
[e70bdda0] [c0002354] do_one_initcall+0x90/0x1f4
[e70bde10] [c061fe00] do_init_module+0x60/0x1ac
[e70bde30] [c00a79f0] load_module+0x185c/0x1f88
[e70bdee0] [c00a82b0] SyS_finit_module+0x7c/0x98
[e70bdf40] [c000e8b0] ret_from_syscall+0x0/0x3c

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-03-12 01:11:05 +11:00
Cristian Stoica
96692a7305 crypto: tcrypt - do not allocate iv on stack for aead speed tests
See also: 9bac019dad

Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-02-04 20:59:42 +11:00