1. 28 May, 2015 13 commits
  2. 27 May, 2015 8 commits
    • Tom Lendacky's avatar
      crypto: ccp - Remove unused structure field · d7253322
      Tom Lendacky authored
      Remove the length field from the ccp_sg_workarea since it is unused.
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d7253322
    • Tom Lendacky's avatar
      crypto: ccp - Remove manual check and set of dma_mask pointer · d921620e
      Tom Lendacky authored
      The underlying device support will set the device dma_mask pointer
      if DMA is set up properly for the device.  Remove the check for and
      assignment of dma_mask when it is null. Instead, just error out if
      the dma_set_mask_and_coherent function fails because dma_mask is null.
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d921620e
    • Stephan Mueller's avatar
      crypto: jitterentropy - add jitterentropy RNG · bb5530e4
      Stephan Mueller authored
      The CPU Jitter RNG provides a source of good entropy by
      collecting CPU executing time jitter. The entropy in the CPU
      execution time jitter is magnified by the CPU Jitter Random
      Number Generator. The CPU Jitter Random Number Generator uses
      the CPU execution timing jitter to generate a bit stream
      which complies with different statistical measurements that
      determine the bit stream is random.
      
      The CPU Jitter Random Number Generator delivers entropy which
      follows information theoretical requirements. Based on these
      studies and the implementation, the caller can assume that
      one bit of data extracted from the CPU Jitter Random Number
      Generator holds one bit of entropy.
      
      The CPU Jitter Random Number Generator provides a decentralized
      source of entropy, i.e. every caller can operate on a private
      state of the entropy pool.
      
      The RNG does not have any dependencies on any other service
      in the kernel. The RNG only needs a high-resolution time
      stamp.
      
      Further design details, the cryptographic assessment and
      large array of test results are documented at
      http://www.chronox.de/jent.html.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      bb5530e4
    • Stephan Mueller's avatar
      crypto: drbg - use Jitter RNG to obtain seed · b8ec5ba4
      Stephan Mueller authored
      During initialization, the DRBG now tries to allocate a handle of the
      Jitter RNG. If such a Jitter RNG is available during seeding, the DRBG
      pulls the required entropy/nonce string from get_random_bytes and
      concatenates it with a string of equal size from the Jitter RNG. That
      combined string is now the seed for the DRBG.
      
      Written differently, the initial seed of the DRBG is now:
      
      get_random_bytes(entropy/nonce) || jitterentropy (entropy/nonce)
      
      If the Jitter RNG is not available, the DRBG only seeds from
      get_random_bytes.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b8ec5ba4
    • Stephan Mueller's avatar
      crypto: drbg - add async seeding operation · 4c787990
      Stephan Mueller authored
      The async seeding operation is triggered during initalization right
      after the first non-blocking seeding is completed. As required by the
      asynchronous operation of random.c, a callback function is provided that
      is triggered by random.c once entropy is available. That callback
      function performs the actual seeding of the DRBG.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4c787990
    • Stephan Mueller's avatar
      crypto: drbg - prepare for async seeding · 3d6a5f75
      Stephan Mueller authored
      In order to prepare for the addition of the asynchronous seeding call,
      the invocation of seeding the DRBG is moved out into a helper function.
      
      In addition, a block of memory is allocated during initialization time
      that will be used as a scratchpad for obtaining entropy. That scratchpad
      is used for the initial seeding operation as well as by the
      asynchronous seeding call. The memory must be zeroized every time the
      DRBG seeding call succeeds to avoid entropy data lingering in memory.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3d6a5f75
    • Stephan Mueller's avatar
      random: Blocking API for accessing nonblocking_pool · 16b369a9
      Stephan Mueller authored
      The added API calls provide a synchronous function call
      get_blocking_random_bytes where the caller is blocked until
      the nonblocking_pool is initialized.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      16b369a9
    • Herbert Xu's avatar
      random: Wake up all getrandom(2) callers when pool is ready · 1d9de44e
      Herbert Xu authored
      If more than one application invokes getrandom(2) before the pool
      is ready, then all bar one will be stuck forever because we use
      wake_up_interruptible which wakes up a single task.
      
      This patch replaces it with wake_up_all.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      1d9de44e
  3. 26 May, 2015 1 commit
  4. 25 May, 2015 13 commits
  5. 22 May, 2015 5 commits
    • Herbert Xu's avatar
      crypto: echainiv - Add encrypted chain IV generator · a10f554f
      Herbert Xu authored
      This patch adds a new AEAD IV generator echainiv.  It is intended
      to replace the existing skcipher IV generator eseqiv.
      
      If the underlying AEAD algorithm is using the old AEAD interface,
      then echainiv will simply use its IV generator.
      
      Otherwise, echainiv will encrypt a counter just like eseqiv but
      it'll first xor it against a previously stored IV similar to
      chainiv.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      a10f554f
    • Herbert Xu's avatar
      crypto: seqiv - Add seqniv · 3c08fee7
      Herbert Xu authored
      This patch adds a new IV generator seqniv which is identical to
      seqiv except that it skips the IV when authenticating.  This is
      intended to be used by algorithms such as rfc4106 that does the
      IV authentication implicitly.
      
      Note that the code used for seqniv is in fact identical to the
      compatibility case for seqiv.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3c08fee7
    • Herbert Xu's avatar
      crypto: seqiv - Add support for new AEAD interface · 856e3f40
      Herbert Xu authored
      This patch converts the seqiv IV generator to work with the new
      AEAD interface where IV generators are just normal AEAD algorithms.
      
      Full backwards compatibility is paramount at this point since
      no users have yet switched over to the new interface.  Nor can
      they switch to the new interface until IV generation is fully
      supported by it.
      
      So this means we are adding two versions of seqiv alongside the
      existing one.  The first one is the one that will be used when
      the underlying AEAD algorithm has switched over to the new AEAD
      interface.  The second one handles the current case where the
      underlying AEAD algorithm still uses the old interface.
      
      Both versions export themselves through the new AEAD interface.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      856e3f40
    • Herbert Xu's avatar
      crypto: scatterwalk - Check for same address in map_and_copy · 74412fd5
      Herbert Xu authored
      This patch adds a check for in scatterwalk_map_and_copy to avoid
      copying from the same address to the same address.  This is going
      to be used for IV copying in AEAD IV generators.
      
      There is no provision for partial overlaps.
      
      This patch also uses the new scatterwalk_ffwd instead of doing
      it by hand in scatterwalk_map_and_copy.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      74412fd5
    • Herbert Xu's avatar
      crypto: gcm - Use default null skcipher · 17db8546
      Herbert Xu authored
      This patch makes gcm use the default null skcipher instead of
      allocating a new one for each tfm.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      17db8546