summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-05-13crypto: api - Add crypto_grab_spawn primitiveHerbert Xu
This patch adds a new primitive crypto_grab_spawn which is meant to replace crypto_init_spawn and crypto_init_spawn2. Under the new scheme the user no longer has to worry about reference counting the alg object before it is subsumed by the spawn. It is pretty much an exact copy of crypto_grab_aead. Prior to calling this function spawn->frontend and spawn->inst must have been set. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: arm/aes - streamline AES-192 code pathArd Biesheuvel
This trims off a couple of instructions of the total size of the core AES transform by reordering the final branch in the AES-192 code path with the rounds that are performed regardless of whether the branch is taken or not. Other than the slight size reduction, this has no performance benefit. Fix up a comment regarding the prototype of this function while we're at it. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: arm/sha512 - accelerated SHA-512 using ARM generic ASM and NEONArd Biesheuvel
This replaces the SHA-512 NEON module with the faster and more versatile implementation from the OpenSSL project. It consists of both a NEON and a generic ASM version of the core SHA-512 transform, where the NEON version reverts to the ASM version when invoked in non-process context. This patch is based on the OpenSSL upstream version b1a5d1c65208 of sha512-armv4.pl, which can be found here: https://git.openssl.org/gitweb/?p=openssl.git;h=b1a5d1c65208 Performance relative to the generic implementation (measured using tcrypt.ko mode=306 sec=1 running on a Cortex-A57 under KVM): input size block size asm neon old neon 16 16 1.39 2.54 2.21 64 16 1.32 2.33 2.09 64 64 1.38 2.53 2.19 256 16 1.31 2.28 2.06 256 64 1.38 2.54 2.25 256 256 1.40 2.77 2.39 1024 16 1.29 2.22 2.01 1024 256 1.40 2.82 2.45 1024 1024 1.41 2.93 2.53 2048 16 1.33 2.21 2.00 2048 256 1.40 2.84 2.46 2048 1024 1.41 2.96 2.55 2048 2048 1.41 2.98 2.56 4096 16 1.34 2.20 1.99 4096 256 1.40 2.84 2.46 4096 1024 1.41 2.97 2.56 4096 4096 1.41 3.01 2.58 8192 16 1.34 2.19 1.99 8192 256 1.40 2.85 2.47 8192 1024 1.41 2.98 2.56 8192 4096 1.41 2.71 2.59 8192 8192 1.51 3.51 2.69 Acked-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: qat - add driver versionAllan, Bruce W
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: nx - add hardware 842 crypto comp algDan Streetman
Add crypto compression alg for 842 hardware compression and decompression, using the alg name "842" and driver_name "842-nx". This uses only the PowerPC coprocessor hardware for 842 compression. It also uses the hardware for decompression, but if the hardware fails it will fall back to the 842 software decompression library, so that decompression never fails (for valid 842 compressed buffers). A header must be used in most cases, due to the hardware's restrictions on the buffers being specifically aligned and sized. Due to the header this driver adds, compressed buffers it creates cannot be directly passed to the 842 software library for decompression. However, compressed buffers created by the software 842 library can be passed to this driver for hardware 842 decompression (with the exception of buffers containing the "short data" template, as lib/842/842.h explains). Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: nx - simplify pSeries nx842 driverDan Streetman
Simplify the pSeries NX-842 driver: do not expect incoming buffers to be exactly page-sized; do not break up input buffers to compress smaller blocks; do not use any internal headers in the compressed data blocks; remove the software decompression implementation; implement the pSeries nx842_constraints. This changes the pSeries NX-842 driver to perform constraints-based compression so that it only needs to compress one entire input block at a time. This removes the need for it to split input data blocks into multiple compressed data sections in the output buffer, and removes the need for any extra header info in the compressed data; all that is moved (in a later patch) into the main crypto 842 driver. Additionally, the 842 software decompression implementation is no longer needed here, as the crypto 842 driver will use the generic software 842 decompression function as a fallback if any hardware 842 driver fails. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: nx - add PowerNV platform NX-842 driverDan Streetman
Add driver for NX-842 hardware on the PowerNV platform. This allows the use of the 842 compression hardware coprocessor on the PowerNV platform. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: nx - add nx842 constraintsDan Streetman
Add "constraints" for the NX-842 driver. The constraints are used to indicate what the current NX-842 platform driver is capable of. The constraints tell the NX-842 user what alignment, min and max length, and length multiple each provided buffers should conform to. These are required because the 842 hardware requires buffers to meet specific constraints that vary based on platform - for example, the pSeries max length is much lower than the PowerNV max length. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: nx - add NX-842 platform frontend driverDan Streetman
Add NX-842 frontend that allows using either the pSeries platform or PowerNV platform driver (to be added by later patch) for the NX-842 hardware. Update the MAINTAINERS file to include the new filenames. Update Kconfig files to clarify titles and descriptions, and correct dependencies. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: nx - rename nx-842.c to nx-842-pseries.cDan Streetman
Move the entire NX-842 driver for the pSeries platform from the file nx-842.c to nx-842-pseries.c. This is required by later patches that add NX-842 support for the PowerNV platform. This patch does not alter the content of the pSeries NX-842 driver at all, it only changes the filename. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: 842 - change 842 alg to use softwareDan Streetman
Change the crypto 842 compression alg to use the software 842 compression and decompression library. Add the crypto driver_name as "842-generic". Remove the fallback to LZO compression. Previously, this crypto compression alg attemped 842 compression using PowerPC hardware, and fell back to LZO compression and decompression if the 842 PowerPC hardware was unavailable or failed. This should not fall back to any other compression method, however; users of this crypto compression alg can fallback if desired, and transparent fallback tricks callers into thinking they are getting 842 compression when they actually get LZO compression - the failure of the 842 hardware should not be transparent to the caller. The crypto compression alg for a hardware device also should not be located in crypto/ so this is now a software-only implementation that uses the 842 software compression/decompression library. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11lib: add software 842 compression/decompressionDan Streetman
Add 842-format software compression and decompression functions. Update the MAINTAINERS 842 section to include the new files. The 842 compression function can compress any input data into the 842 compression format. The 842 decompression function can decompress any standard-format 842 compressed data - specifically, either a compressed data buffer created by the 842 software compression function, or a compressed data buffer created by the 842 hardware compressor (located in PowerPC coprocessors). The 842 compressed data format is explained in the header comments. This is used in a later patch to provide a full software 842 compression and decompression crypto interface. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11powerpc: Add ICSWX instructionDan Streetman
Add the asm ICSWX and ICSWEPX opcodes. Add definitions for the Coprocessor Request structures needed to use the icswx calls to coprocessors. Add icswx() function to perform the ICSWX asm using the provided Coprocessor Command Word value and Coprocessor Request Block structure. This is required for communication with the NX-842 coprocessor on a PowerNV system. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11powerpc: export of_get_ibm_chip_id functionDan Streetman
Export the of_get_ibm_chip_id() function. This will be used by the PowerNV NX-842 driver. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: testmgr - add test cases for CRC32Ard Biesheuvel
This adds a couple of test cases for CRC32 (not CRC32c) to ensure that the generic and arch specific implementations are in sync. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Steve Capper <steve.capper@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-01crypto: testmgr - Wrap the LHS in expressions of the form !x == yDavid Howells
In the test manager, there are a number of if-statements with expressions of the form !x == y that incur warnings with gcc-5 of the following form: ../crypto/testmgr.c: In function '__test_aead': ../crypto/testmgr.c:523:12: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] if (!ret == template[i].fail) { ^ By converting the 'fail' member of struct aead_testvec and struct cipher_testvec to a bool, we can get rid of the warnings. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-01crypto: pcomp - Constify (de)compression parametersDavid Howells
In testmgr, struct pcomp_testvec takes a non-const 'params' field, which is pointed to a const deflate_comp_params or deflate_decomp_params object. With gcc-5 this incurs the following warnings: In file included from ../crypto/testmgr.c:44:0: ../crypto/testmgr.h:28736:13: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] .params = &deflate_comp_params, ^ ../crypto/testmgr.h:28748:13: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] .params = &deflate_comp_params, ^ ../crypto/testmgr.h:28776:13: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] .params = &deflate_decomp_params, ^ ../crypto/testmgr.h:28800:13: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-array-qualifiers] .params = &deflate_decomp_params, ^ Fix this by making the parameters pointer const and constifying the things that use it. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-28crypto: qat - do not duplicate string containing firmware nameAllan, Bruce W
Use ADF_DH895XCC_FW instead of duplicating the string "qat_895xcc.bin" when referring to the DH895xCC firmware. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-26crypto: nx - Fixing SHA update bugLeonidas Da Silva Barbosa
Bug happens when a data size less than SHA block size is passed. Since first attempt will be saved in buffer, second round attempt get into two step to calculate op.inlen and op.outlen. The issue resides in this step. A wrong value of op.inlen and outlen was being calculated. This patch fix this eliminate the nx_sha_build_sg_list, that is useless in SHA's algorithm context. Instead we call nx_build_sg_list directly and pass a previous calculated max_sg_len to it. Signed-off-by: Leonidas S. Barbosa <leosilva@linux.vnet.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-26crypto: nx - Fixing NX data alignment with nx_sg listLeonidas Da Silva Barbosa
In NX we need to pass always a 16 multiple size nx_sg_list to co processor. Trim function handle with this assuring all nx_sg_lists are 16 multiple size, although data was not being considerated when crop was done. It was causing an unalignment between size of the list and data, corrupting csbcpb fields returning a -23 H_ST_PARM error, or invalid operation. This patch fix this recalculating how much data should be put back in to_process variable what assures the size of sg_list will be correct with size of the data. Signed-off-by: Leonidas S. Barbosa <leosilva@linux.vnet.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-26crypto: sha1-mb - Remove pointless castfiro yang
Since kzalloc() returns a void pointer, we don't need to cast the return value in arch/x86/crypto/sha-mb/sha1_mb.c::sha1_mb_mod_init(). Signed-off-by: Firo Yang <firogm@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-26crypto: aead - Fix corner case in crypto_lookup_aeadHerbert Xu
When the user explicitly states that they don't care whether the algorithm has been tested (type = CRYPTO_ALG_TESTED and mask = 0), there is a corner case where we may erroneously return ENOENT. This patch fixes it by correcting the logic in the test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-26crypto: skcipher - Fix corner case in crypto_lookup_skcipherHerbert Xu
When the user explicitly states that they don't care whether the algorithm has been tested (type = CRYPTO_ALG_TESTED and mask = 0), there is a corner case where we may erroneously return ENOENT. This patch fixes it by correcting the logic in the test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-26crypto: api - Fix build error when modules are disabledHerbert Xu
The commit 59afdc7b32143528524455039e7557a46b60e4c8 ("crypto: api - Move module sig ifdef into accessor function") broke the build when modules are completely disabled because we directly dereference module->name. This patch fixes this by using the accessor function module_name. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23mac802154: Include crypto/aead.hHerbert Xu
All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. This patch also removes a bogus inclusion of algapi.h which should only be used by algorithm/driver implementors and not crypto users. Instead linux/crypto.h is added which is necessary because mac802154 also uses blkcipher in addition to aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
2015-04-23mac80211: Include crypto/aead.hHerbert Xu
All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
2015-04-23crypto: testmgr - Include crypto/aead.hHerbert Xu
All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
2015-04-23crypto: tcrypt - Include crypto/aead.hHerbert Xu
All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
2015-04-23crypto: algif_aead - Include crypto/aead.hHerbert Xu
All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
2015-04-23crypto: arm64/aes-ce-ccm - Include crypto/internal/aead.hHerbert Xu
All implementers of AEAD should include crypto/internal/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
2015-04-23crypto: api - Remove linux/fips.h from internal.hHerbert Xu
Now that all fips_enabled users are including linux/fips.h directly instead of getting it through internal.h, we can remove the fips.h inclusions from internal.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23crypto: testmgr - Include linux/fips.h for fips_enabledHerbert Xu
All users of fips_enabled should include linux/fips.h directly instead of getting it through internal.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23crypto: tcrypt - Include linux/fips.h for fips_enabledHerbert Xu
All users of fips_enabled should include linux/fips.h directly instead of getting it through internal.h which is reserved for internal crypto API implementors. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23crypto: fips - Move fips_enabled sysctl into fips.cHerbert Xu
There is currently a large ifdef FIPS code section in proc.c. Ostensibly it's there because the fips_enabled sysctl sits under /proc/sys/crypto. However, no other crypto sysctls exist. In fact, the whole ethos of the crypto API is against such user interfaces so this patch moves all the FIPS sysctl code over to fips.c. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23crypto: fips - Remove bogus inclusion of internal.hHerbert Xu
The header file internal.h is only meant for internal crypto API implementors such as rng.c. So fips has no business in including it. This patch removes that inclusions and instead adds inclusions of the actual features used by fips. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23crypto: api - Include linux/fips.hHerbert Xu
All users of fips_enabled should include linux/fips.h directly instead of getting it through internal.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23crypto: caam - Remove bogus references to crypto API internalsHerbert Xu
The caam driver includes algorithm types that it doesn't even use, such as struct rng_alg which has recently been moved to an internal header file and consequently broke the build of caam. This patch removes these bogus references. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23crypto: drbg - Remove FIPS ifdef from drbg_healthcheck_sanityHerbert Xu
This patch removes the unnecessary CRYPTO_FIPS ifdef from drbg_healthcheck_sanity so that the code always gets checked by the compiler. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Stephan Mueller <smueller@chronox.de>
2015-04-23crypto: api - Move module sig ifdef into accessor functionHerbert Xu
Currently we're hiding mod->sig_ok under an ifdef in open code. This patch adds a module_sig_ok accessor function and removes that ifdef. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Rusty Russell <rusty@rustcorp.com.au>
2015-04-23crypto: tcrypt - Handle async return from crypto_ahash_initHerbert Xu
The function crypto_ahash_init can also be asynchronous just like update and final. So all callers must be able to handle an async return. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-22crypto: rng - Zero seed in crypto_rng_resetHerbert Xu
If we allocate a seed on behalf ot the user in crypto_rng_reset, we must ensure that it is zeroed afterwards or the RNG may be compromised. Reported-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-22crypto: algif_rng - Remove obsolete const-removal castHerbert Xu
Now that crypto_rng_reset takes a const argument, we no longer need to cast away the const qualifier. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-22crypto: rng - Remove old low-level rng interfaceHerbert Xu
Now that all rng implementations have switched over to the new interface, we can remove the old low-level interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-22crypto: krng - Convert to new rng interfaceHerbert Xu
This patch ocnverts the KRNG implementation to the new low-level rng interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-22crypto: ansi_cprng - Convert to new rng interfaceHerbert Xu
This patch ocnverts the ANSI CPRNG implementation to the new low-level rng interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Neil Horman <nhorman@tuxdriver.com>
2015-04-22crypto: ansi_cprng - Remove bogus inclusion of internal.hHerbert Xu
The file internal.h is only meant to be used by internel API implementation and not algorithm implementations. In fact it isn't even needed here so this patch removes it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Neil Horman <nhorman@tuxdriver.com>
2015-04-22crypto: drbg - Convert to new rng interfaceHerbert Xu
This patch converts the DRBG implementation to the new low-level rng interface. This allows us to get rid of struct drbg_gen by using the new RNG API instead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Stephan Mueller <smueller@chronox.de>
2015-04-22crypto: rng - Add multiple algorithm registration interfaceHerbert Xu
This patch adds the helpers that allow the registration and removal of multiple RNG algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-22crypto: rng - Add crypto_rng_set_entropyHerbert Xu
This patch adds the function crypto_rng_set_entropy. It is only meant to be used by testmgr when testing RNG implementations by providing fixed entropy data in order to verify test vectors. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-22crypto: rng - Convert low-level crypto_rng to new styleHerbert Xu
This patch converts the low-level crypto_rng interface to the "new" style. This allows existing implementations to be converted over one- by-one. Once that is complete we can then remove the old rng interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>