- 26 May, 2018 3 commits
-
-
Antoine Tenart authored
This patch reworks the Inside Secure cipher functions, to remove all skcipher specific information and structure from all functions generic enough to be shared between skcipher and aead algorithms. This is a cosmetic only patch. Signed-off-by:
Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Antoine Tenart authored
This patch removes the use of VLAs to allocate requests on the stack, by removing both SKCIPHER_REQUEST_ON_STACK and AHASH_REQUEST_ON_STACK. As we still need to allocate requests on the stack to ease the creation of invalidation requests a new, non-VLA, definition is used: EIP197_REQUEST_ON_STACK. Signed-off-by:
-
Atul Gupta authored
removed redundant check and made TLS PDU and header recv handling common as received from HW. Ensure that only tls header is read in cpl_rx_tls_cmp read-ahead and skb is freed when entire data is processed. Signed-off-by:
Atul Gupta <atul.gupta@chelsio.com> Signed-off-by:
Harsh Jain <harsh@chelsio.com> Signed-off-by:
-
- 18 May, 2018 11 commits
-
-
Ondrej Mosnacek authored
This patch adds optimized implementations of MORUS-640 and MORUS-1280, utilizing the SSE2 and AVX2 x86 extensions. For MORUS-1280 (which operates on 256-bit blocks) we provide both AVX2 and SSE2 implementation. Although SSE2 MORUS-1280 is slower than AVX2 MORUS-1280, it is comparable in speed to the SSE2 MORUS-640. Signed-off-by:
Ondrej Mosnacek <omosnacek@gmail.com> Signed-off-by:
-
Ondrej Mosnacek authored
This patch adds a common glue code for optimized implementations of MORUS AEAD algorithms. Signed-off-by:
-
Ondrej Mosnacek authored
This patch adds test vectors for MORUS-640 and MORUS-1280. The test vectors were generated using the reference implementation from SUPERCOP (see code comments for more details). Signed-off-by:
-
Ondrej Mosnacek authored
This patch adds the generic implementation of the MORUS family of AEAD algorithms (MORUS-640 and MORUS-1280). The original authors of MORUS are Hongjun Wu and Tao Huang. At the time of writing, MORUS is one of the finalists in CAESAR, an open competition intended to select a portfolio of alternatives to the problematic AES-GCM: https://competitions.cr.yp.to/caesar-submissions.html https://competitions.cr.yp.to/round3/morusv2.pdfSigned-off-by:
-
Ondrej Mosnacek authored
This patch adds optimized implementations of AEGIS-128, AEGIS-128L, and AEGIS-256, utilizing the AES-NI and SSE2 x86 extensions. Signed-off-by:
-
Ondrej Mosnacek authored
This patch adds test vectors for the AEGIS family of AEAD algorithms (AEGIS-128, AEGIS-128L, and AEGIS-256). The test vectors were generated using the reference implementation from SUPERCOP (see code comments for more details). Signed-off-by:
-
Ondrej Mosnacek authored
This patch adds the generic implementation of the AEGIS family of AEAD algorithms (AEGIS-128, AEGIS-128L, and AEGIS-256). The original authors of AEGIS are Hongjun Wu and Bart Preneel. At the time of writing, AEGIS is one of the finalists in CAESAR, an open competition intended to select a portfolio of alternatives to the problematic AES-GCM: https://competitions.cr.yp.to/caesar-submissions.html https://competitions.cr.yp.to/round3/aegisv11.pdfSigned-off-by:
-
Gilad Ben-Yossef authored
Due to a snafu "paes" testmgr tests were not ordered lexicographically, which led to boot time warnings. Reorder the tests as needed. Fixes: a794d8d8 ("crypto: ccree - enable support for hardware keys") Reported-by:
Abdul Haleem <abdhalee@linux.vnet.ibm.com> Signed-off-by:
Gilad Ben-Yossef <gilad@benyossef.com> Tested-by:
Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by:
-
Atul Gupta authored
-Tx request and data is copied to HW Q in 64B desc, check for end of queue and adjust the current position to start from beginning before passing the additional request info. -key context copy should check key length only -Few reverse christmas tree correction Signed-off-by:
-
Colin Ian King authored
Trivial fix to spelling mistake in CSB_ERR error message text Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Colin Ian King authored
Trivial fix to spelling mistake in dev_err error message Signed-off-by:
-
- 11 May, 2018 12 commits
-
-
Michael Ellerman authored
In p8_aes_xts_init() we do a printk(KERN_INFO ...) to report the fallback implementation we're using. However with a slow console this can significantly affect the speed of crypto operations. So remove it. Fixes: c07f5d3d ("crypto: vmx - Adding support for XTS") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by:
Michael Ellerman <mpe@ellerman.id.au> Signed-off-by:
-
Michael Ellerman authored
In the vmx AES init routines we do a printk(KERN_INFO ...) to report the fallback implementation we're using. However with a slow console this can significantly affect the speed of crypto operations. Using 'cryptsetup benchmark' the removal of the printk() leads to a ~5x speedup for aes-cbc decryption. So remove them. Fixes: 8676590a ("crypto: vmx - Adding AES routines for VMX module") Fixes: 8c755ace ("crypto: vmx - Adding CBC routines for VMX module") Fixes: 4f7f60d3 ("crypto: vmx - Adding CTR routines for VMX module") Fixes: cc333cd6 ("crypto: vmx - Adding GHASH routines for VMX module") Cc: stable@vger.kernel.org # v4.1+ Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by conditionally yielding the NEON after every block of input. Signed-off-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by conditionally yielding the NEON after every block of input. Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by yielding the NEON after every block of input. Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by yielding the NEON after every block of input. Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by yielding the NEON after every block of input. Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by yielding the NEON after every block of input. Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by yielding the NEON after every block of input. Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by yielding the NEON after every block of input. Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by yielding the NEON after every block of input. Signed-off-by:
-
Ard Biesheuvel authored
Avoid excessive scheduling delays under a preemptible kernel by yielding the NEON after every block of input. Signed-off-by:
-
- 05 May, 2018 9 commits
-
-
Colin Ian King authored
Trivial fix to spelling mistake in module description text Signed-off-by:
-
Horia Geantă authored
Fix a typo where size of RSA prime factor q is using the size of prime factor p. Cc: <stable@vger.kernel.org> # 4.13+ Fixes: 52e26d77 ("crypto: caam - add support for RSA key form 2") Fixes: 4a651b12 ("crypto: caam - add support for RSA key form 3") Reported-by:
David Binderman <dcb314@hotmail.com> Signed-off-by:
Horia Geantă <horia.geanta@nxp.com> Signed-off-by:
-
Kees Cook authored
In the quest to remove all stack VLA usage from the kernel[1], this allocates the return code buffers before starting jiffie timers, rather than using stack space for the array. Additionally cleans up some exit paths and make sure that the num_mb module_param() is used only once per execution to avoid possible races in the value changing. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.comSigned-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
-
Ard Biesheuvel authored
Add support for the SM4 symmetric cipher implemented using the special SM4 instructions introduced in ARM architecture revision 8.2. Signed-off-by:
-
Ard Biesheuvel authored
In preparation of adding support for the SIMD based arm64 implementation of arm64, which requires a fallback to non-SIMD code when invoked in certain contexts, expose the generic SM4 encrypt and decrypt routines to other drivers. Signed-off-by:
-
lionel.debieve@st.com authored
When suspend is called after pm_runtime_suspend, same callback is used and access to rng register is freezing system. By calling the pm_runtime_force_suspend, it first checks that runtime has been already done. Signed-off-by:
Lionel Debieve <lionel.debieve@st.com> Signed-off-by:
-
lionel.debieve@st.com authored
Define default state for stm32_rng driver. It will be default selected with multi_v7_defconfig Signed-off-by:
-
Gilad Ben-Yossef authored
Fix incorrect use of %pad as a printk format string for none dma_addr_t variable. Discovered via smatch. Signed-off-by:
-
Gilad Ben-Yossef authored
Enable CryptoCell support for hardware keys. Hardware keys are regular AES keys loaded into CryptoCell internal memory via firmware, often from secure boot ROM or hardware fuses at boot time. As such, they can be used for enc/dec purposes like any other key but cannot (read: extremely hard to) be extracted since since they are not available anywhere in RAM during runtime. The mechanism has some similarities to s390 secure keys although the keys are not wrapped or sealed, but simply loaded offline. The interface was therefore modeled based on the s390 secure keys support. Signed-off-by:
-
- 28 Apr, 2018 5 commits
-
-
Christian Lamparter authored
This patch fixes a crash that happens when testing rfc4543(gcm(aes)) Unable to handle kernel paging request for data at address 0xf59b3420 Faulting instruction address: 0xc0012994 Oops: Kernel access of bad area, sig: 11 [#1] BE PowerPC 44x Platform Modules linked in: tcrypt(+) crypto4xx [...] CPU: 0 PID: 0 Comm: swapper Tainted: G O 4.17.0-rc1+ #23 NIP: c0012994 LR: d3077934 CTR: 06026d49 REGS: cfff7e30 TRAP: 0300 Tainted: G O (4.17.0-rc1+) MSR: 00029000 <CE,EE,ME> CR: 44744822 XER: 00000000 DEAR: f59b3420 ESR: 00000000 NIP [c0012994] __dma_sync+0x58/0x10c LR [d3077934] crypto4xx_bh_tasklet_cb+0x188/0x3c8 [crypto4xx] __dma_sync was fed the temporary _dst that crypto4xx_build_pd() had in it's function stack. This clearly never worked. This patch therefore overhauls the code from the original driver and puts the temporary dst sg list into aead's request context. Fixes: a0aae821 ("crypto: crypto4xx - prepare for AEAD support") Signed-off-by:
Christian Lamparter <chunkeey@gmail.com> Signed-off-by:
-
Christian Lamparter authored
1020 bytes is the limit for associated data. Any more and it will no longer fit into hash_crypto_offset anymore. The hardware will not process aead requests with plaintext that have less than AES_BLOCK_SIZE bytes. When decrypting aead requests the authsize has to be taken in account as well, as it is part of the cryptlen. Otherwise the hardware will think it has been misconfigured and will return: aead return err status = 0x98 For rtc4543(gcm(aes)), the hardware has a dedicated GMAC mode as part of the hash function set. Signed-off-by:
-
Christian Lamparter authored
This patch fixes cts(cbc(aes)) test when cbc-aes-ppc4xx is used. alg: skcipher: Test 1 failed (invalid result) on encryption for cts(cbc-aes-ppc4xx) 00000000: 4b 10 75 fc 2f 14 1b 6a 27 35 37 33 d1 b7 70 05 00000010: 97 alg: skcipher: Failed to load transform for cts(cbc(aes)): -2 The CTS cipher mode expect the IV (req->iv) of skcipher_request to contain the last ciphertext block after the {en,de}crypt operation is complete. Fix this issue for the AMCC Crypto4xx hardware engine. The tcrypt test case for cts(cbc(aes)) is now correctly passed. name : cts(cbc(aes)) driver : cts(cbc-aes-ppc4xx) module : cts priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 Signed-off-by: -
Christian Lamparter authored
This patch adds support for the aes-ctr skcipher. name : ctr(aes) driver : ctr-aes-ppc4xx module : crypto4xx priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 The hardware uses only the last 32-bits as the counter while the kernel tests (aes_ctr_enc_tv_template[4] for example) expect that the whole IV is a counter. To make this work, the driver will fallback if the counter is going to overlow. The aead's crypto4xx_setup_fallback() function is renamed to crypto4xx_aead_setup_fallback. Signed-off-by:
-
Christian Lamparter authored
This patch fixes some of the -Wvla warnings. crypto4xx_alg.c:83:19: warning: Variable length array is used. crypto4xx_alg.c:273:56: warning: Variable length array is used. crypto4xx_alg.c:380:32: warning: Variable length array is used. Signed-off-by:
-
