Commit Graph

514319 Commits

Author SHA1 Message Date
Herbert Xu b7c89d9e2f crypto: aesni - Convert rfc4106 to new AEAD interface
This patch converts the low-level __gcm-aes-aesni algorithm to
the new AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:51:24 +08:00
Dan Streetman 3e648cbeb3 crypto: nx - prevent nx 842 load if no hw driver
Change the nx-842 common driver to wait for loading of both platform
drivers, and fail loading if the platform driver pointer is not set.
Add an independent platform driver pointer, that the platform drivers
set if they find they are able to load (i.e. if they find their platform
devicetree node(s)).

The problem is currently, the main nx-842 driver will stay loaded even
if there is no platform driver and thus no possible way it can do any
compression or decompression.  This allows the crypto 842-nx driver
to load even if it won't actually work.  For crypto compression users
(e.g. zswap) that expect an available crypto compression driver to
actually work, this is bad.  This patch fixes that, so the 842-nx crypto
compression driver won't load if it doesn't have the driver and hardware
available to perform the compression.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:51:23 +08:00
Herbert Xu f614e546f5 crypto: cryptd - Convert to new AEAD interface
This patch converts cryptd to the new AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:37 +08:00
Herbert Xu af05b3009b crypto: aesni - Convert top-level rfc4106 algorithm to new interface
This patch converts rfc4106-gcm-aesni to the new AEAD interface.
The low-level interface remains as is for now because we can't
touch it until cryptd itself is upgraded.

In the conversion I've also removed the duplicate copy of the
context in the top-level algorithm.  Now all processing is carried
out in the low-level __driver-gcm-aes-aesni algorithm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:36 +08:00
Herbert Xu 92b9876bdd crypto: cryptd - Add setkey/setauthsize functions for AEAD
This patch adds setkey and setauthsize for cryptd AEAD.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:35 +08:00
Herbert Xu 0496f56065 crypto: pcrypt - Add support for new AEAD interface
This patch converts pcrypt over to the new AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:35 +08:00
Herbert Xu caab94612a crypto: aead - Add multiple algorithm registration interface
This patch adds the helpers that allow the registration and removal
of multiple algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:35 +08:00
Herbert Xu 43615369ab crypto: aead - Ignore return value from crypto_unregister_alg
No new code should be using the return value of crypto_unregister_alg
as it will become void soon.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:34 +08:00
Herbert Xu c2110f2834 crypto: api - Include alignment in crypto_alg_extsize
This patch ensures that the tfm context always has enough extra
memory to ensure that it is aligned according to cra_alignment.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:34 +08:00
Herbert Xu 5c98d62059 crypto: aead - Add aead_alg_instance
Now that type-safe init/exit functions exist, they often need
to access the underlying aead_instance.  So this patch adds the
helper aead_alg_instance to access aead_instance from a crypto_aead
object.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:33 +08:00
Herbert Xu 5eb8ec6dc8 crypto: aead - Add type-safe init/exit functions
As it stands the only non-type safe functions left in the new
AEAD interface are the cra_init/cra_exit functions.  It means
exposing the ugly __crypto_aead_cast to every AEAD implementor.

This patch adds type-safe init/exit functions to AEAD.  Existing
algorithms are unaffected while new implementations can simply
fill in these two instead of cra_init/cra_exit.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:33 +08:00
Stephan Mueller addfda2fc2 crypto: doc - cover new AEAD interface
The patch updates the DocBook to cover the new AEAD interface
implementation.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:32 +08:00
Herbert Xu b64a2d9552 Revert "crypto: algif_aead - Disable AEAD user-space for now"
This reverts commit f858c7bcca as
the algif_aead interface has been switched over to the new AEAD
interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-03 10:48:31 +08:00
Stephan Mueller cf58fcb1be crypto: jitterentropy - remove timekeeping_valid_for_hres
The patch removes the use of timekeeping_valid_for_hres which is now
marked as internal for the time keeping subsystem. The jitterentropy
does not really require this verification as a coarse timer (when
random_get_entropy is absent) is discovered by the initialization test
of jent_entropy_init, which would cause the jitter rng to not load in
that case.

Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:21 +08:00
Herbert Xu 19fa77522e crypto: algif_aead - Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.

Note that the user-space interface now requires both input and
output to be of the same length, and both must include space for
the AD as well as the authentication tag.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:21 +08:00
Herbert Xu a3f2185a29 crypto: tcrypt - Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:21 +08:00
Herbert Xu 957e0fe629 mac80211: Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.

Tested-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:20 +08:00
Herbert Xu 25528fdae4 mac802154: Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:20 +08:00
Herbert Xu 000ae7b269 esp6: Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.  The
IV generation is also now carried out through normal AEAD methods.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:20 +08:00
Herbert Xu 7021b2e1cd esp4: Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.  The
IV generation is also now carried out through normal AEAD methods.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:20 +08:00
Herbert Xu 69b0137f61 ipsec: Add IV generator information to xfrm_state
This patch adds IV generator information to xfrm_state.  This
is currently obtained from our own list of algorithm descriptions.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:20 +08:00
Herbert Xu 165ecc6373 xfrm: Add IV generator information to xfrm_algo_desc
This patch adds IV generator information for each AEAD and block
cipher to xfrm_algo_desc.  This will be used to access the new
AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:19 +08:00
Herbert Xu 8a525fcd46 crypto: testmgr - Switch to new AEAD interface
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:19 +08:00
Herbert Xu 056c04ba8b crypto: seqiv - Fix module unload/reload crash
On module unload we weren't unregistering the seqniv template,
thus leading to a crash the next time someone walks the template
list.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:19 +08:00
Herbert Xu ccdb8a0384 crypto: seqiv - Fix IV size in context size calculation
This patch fixes a bug in the context size calculation where we
were still referring to the old cra_aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:19 +08:00
Herbert Xu 661cfd0e5e crypto: seqiv - Use common IV generation code
This patch makes use of the new common IV generation code.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:18 +08:00
Herbert Xu d0ad1b246d crypto: seqiv - Copy AD along with plain/cipher text
As the AD does not necessarily exist in the destination buffer
it must be copied along with the plain/cipher text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:18 +08:00
Herbert Xu 9d03aee125 crypto: echainiv - Fix IV size in context size calculation
This patch fixes a bug in the context size calculation where we
were still referring to the old cra_aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:18 +08:00
Herbert Xu d97de47ca1 crypto: echainiv - Use common IV generation code
This patch makes use of the new common IV generation code.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:18 +08:00
Herbert Xu 838c9d561a crypto: echainiv - Copy AD along with plain text
As the AD does not necessarily exist in the destination buffer
it must be copied along with the plain text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:18 +08:00
Herbert Xu 6350449fbf crypto: aead - Add common IV generation code
This patch adds some common IV generation code currently duplicated
by seqiv and echainiv.  For example, the setkey and setauthsize
functions are completely identical.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:17 +08:00
Herbert Xu b455eb80f1 crypto: aead - Preserve in-place processing in old_crypt
This patch tries to preserve in-place processing in old_crypt as
various algorithms are optimised for in-place processing where
src == dst.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:17 +08:00
Herbert Xu fdaef75f66 crypto: scatterwalk - Add missing sg_init_table to scatterwalk_ffwd
We need to call sg_init_table as otherwise the first entry may
inadvertently become the last.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:17 +08:00
Herbert Xu 693b549d39 crypto: aead - Document behaviour of AD in destination buffer
This patch defines the behaviour of AD in the new interface more
clearly.  In particular, it specifies that if the user must copy
the AD to the destination manually when src != dst if they wish
to guarantee that the destination buffer contains a copy of the
AD.

The reason for this is that otherwise every AEAD implementation
would have to perform such a copy when src != dst.  In reality
most users do in-place processing where src == dst so this is
not an issue.

This patch also kills some remaining references to cryptoff.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28 11:23:16 +08:00
Herbert Xu 6d7e3d8995 Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Merge the crypto tree for 4.1 to pull in the changeset that disables
algif_aead.
2015-05-28 11:16:41 +08:00
Tom Lendacky d725332208 crypto: ccp - Remove unused structure field
Remove the length field from the ccp_sg_workarea since it is unused.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-27 17:51:54 +08:00
Tom Lendacky d921620e03 crypto: ccp - Remove manual check and set of dma_mask pointer
The underlying device support will set the device dma_mask pointer
if DMA is set up properly for the device.  Remove the check for and
assignment of dma_mask when it is null. Instead, just error out if
the dma_set_mask_and_coherent function fails because dma_mask is null.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-27 17:51:54 +08:00
Stephan Mueller bb5530e408 crypto: jitterentropy - add jitterentropy RNG
The CPU Jitter RNG provides a source of good entropy by
collecting CPU executing time jitter. The entropy in the CPU
execution time jitter is magnified by the CPU Jitter Random
Number Generator. The CPU Jitter Random Number Generator uses
the CPU execution timing jitter to generate a bit stream
which complies with different statistical measurements that
determine the bit stream is random.

The CPU Jitter Random Number Generator delivers entropy which
follows information theoretical requirements. Based on these
studies and the implementation, the caller can assume that
one bit of data extracted from the CPU Jitter Random Number
Generator holds one bit of entropy.

The CPU Jitter Random Number Generator provides a decentralized
source of entropy, i.e. every caller can operate on a private
state of the entropy pool.

The RNG does not have any dependencies on any other service
in the kernel. The RNG only needs a high-resolution time
stamp.

Further design details, the cryptographic assessment and
large array of test results are documented at
http://www.chronox.de/jent.html.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-27 17:51:54 +08:00
Stephan Mueller b8ec5ba42c crypto: drbg - use Jitter RNG to obtain seed
During initialization, the DRBG now tries to allocate a handle of the
Jitter RNG. If such a Jitter RNG is available during seeding, the DRBG
pulls the required entropy/nonce string from get_random_bytes and
concatenates it with a string of equal size from the Jitter RNG. That
combined string is now the seed for the DRBG.

Written differently, the initial seed of the DRBG is now:

get_random_bytes(entropy/nonce) || jitterentropy (entropy/nonce)

If the Jitter RNG is not available, the DRBG only seeds from
get_random_bytes.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-27 17:51:53 +08:00
Stephan Mueller 4c7879907e crypto: drbg - add async seeding operation
The async seeding operation is triggered during initalization right
after the first non-blocking seeding is completed. As required by the
asynchronous operation of random.c, a callback function is provided that
is triggered by random.c once entropy is available. That callback
function performs the actual seeding of the DRBG.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-27 17:51:53 +08:00
Stephan Mueller 3d6a5f75d1 crypto: drbg - prepare for async seeding
In order to prepare for the addition of the asynchronous seeding call,
the invocation of seeding the DRBG is moved out into a helper function.

In addition, a block of memory is allocated during initialization time
that will be used as a scratchpad for obtaining entropy. That scratchpad
is used for the initial seeding operation as well as by the
asynchronous seeding call. The memory must be zeroized every time the
DRBG seeding call succeeds to avoid entropy data lingering in memory.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-27 17:51:53 +08:00
Stephan Mueller 16b369a91d random: Blocking API for accessing nonblocking_pool
The added API calls provide a synchronous function call
get_blocking_random_bytes where the caller is blocked until
the nonblocking_pool is initialized.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-27 17:51:53 +08:00
Herbert Xu 1d9de44e26 random: Wake up all getrandom(2) callers when pool is ready
If more than one application invokes getrandom(2) before the pool
is ready, then all bar one will be stuck forever because we use
wake_up_interruptible which wakes up a single task.

This patch replaces it with wake_up_all.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-27 17:51:45 +08:00
Herbert Xu f858c7bcca crypto: algif_aead - Disable AEAD user-space for now
The newly added AEAD user-space isn't quite ready for prime time
just yet.  In particular it is conflicting with the AEAD single
SG list interface change so this patch disables it now.

Once the SG list stuff is completely done we can then renable
this interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-26 15:51:45 +08:00
Herbert Xu 374d4ad18a crypto: aead - Remove unused cryptoff parameter
This patch removes the cryptoff parameter now that all users
set it to zero.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25 18:41:32 +08:00
Herbert Xu dd04446e48 crypto: seqiv - Stop using cryptoff
The cryptoff parameter was added to facilitate the skipping of
IVs that sit between the AD and the plain/cipher text.  However,
it was never implemented correctly as and we do not handle users
such as IPsec setting cryptoff.  It is simply ignored.

Implementing correctly is in fact more trouble than what it's
worth.

This patch removes the uses of cryptoff by moving the AD forward
to fill the gap left by the IV.  The AD is moved back after the
underlying AEAD processing is finished.

This is in fact beter than the cryptoff solution because it allows
algorithms that use seqniv (i.e., GCM and CCM) to hash the whole
packet as a single piece, while cryptoff meant that there was
guaranteed to be a gap.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25 18:41:31 +08:00
Herbert Xu 823655c99b crypto: echainiv - Stop using cryptoff
The cryptoff parameter was added to facilitate the skipping of
IVs that sit between the AD and the plain/cipher text.  However,
it was never implemented correctly as and we do not handle users
such as IPsec setting cryptoff.  It is simply ignored.

Implementing correctly is in fact more trouble than what it's
worth.

This patch removes the uses of cryptoff and simply falls back
to using the old AEAD interface as it's only needed for old AEAD
implementations.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25 18:41:31 +08:00
Herbert Xu d1ee1f02b7 crypto: aead - Do not set cra_type for new style instances
The function aead_geniv_alloc currently sets cra_type even for
new style instances.  This is unnecessary and may hide bugs such
as when our caller uses crypto_register_instance instead of the
correct aead_register_instance.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25 18:41:31 +08:00
Herbert Xu 1e419c7970 crypto: echainiv - Use aead_register_instance
New style AEAD instances must use aead_register_instance.  This
worked by chance because aead_geniv_alloc is still setting things
the old way.

This patch converts the template over to the create model where
we are responsible for instance registration so that we can call
the correct function.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25 18:41:30 +08:00
Herbert Xu 0677157b2b crypto: seqiv - Use aead_register_instance
New style AEAD instances must use aead_register_instance.  This
worked by chance because aead_geniv_alloc is still setting things
the old way.

This patch converts the template over to the create model where
we are responsible for instance registration so that we can call
the correct function.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25 18:41:30 +08:00