This update includes the following changes:

API:
 
 - Replace crypto_get_default_rng with crypto_stdrng_get_bytes.
 - Remove simd skcipher support.
 - Allow algorithm types to be disabled when CRYPTO_SELFTESTS is off.
 
 Algorithms:
 
 - Remove CPU-based des/3des acceleration.
 - Add test vectors for authenc(hmac(md5),cbc(aes)).
 - Add test vectors for authenc(hmac(md5),cbc(des)).
 - Add test vectors for authenc(hmac(md5),rfc3686(ctr(aes))).
 - Add test vectors for authenc(hmac(sha1),rfc3686(ctr(aes))).
 - Add test vectors for authenc(hmac(sha224),rfc3686(ctr(aes))).
 - Add test vectors for authenc(hmac(sha256),rfc3686(ctr(aes))).
 - Add test vectors for authenc(hmac(sha384),rfc3686(ctr(aes))).
 - Add test vectors for authenc(hmac(sha512),rfc3686(ctr(aes))).
 - Replace spin lock with mutex in jitterentropy.
 
 Drivers:
 
 - Add authenc algorithms to safexcel.
 - Add support for zstd in qat.
 - Add wireless mode support for QAT GEN6.
 - Add anti-rollback support for QAT GEN6.
 - Add support for ctr(aes), gcm(aes), and ccm(aes) in dthev2.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmne7qgACgkQxycdCkmx
 i6cm0w/9HNFzIWuZWh4Q8k1d/SX32/2p40EMvlw9QFO8wt0gsMtbk6NN5G3sIfhL
 36+rT8Vo5yg9MahTqAspXKjP+QTev5D7/nsDa/FzOSA1JxyvBbgV7X33k8EZjcgT
 +ffuh0WbaWlutYw07o2h4cNPz1Yp4M0hp2IdzvY0Y3q9D05eiwis1SQzUVPmTs6K
 I6OP+4JjJbqubOgJxsltEoeCH9ZP0fObRWmAiVm6rwk9uX4CY32nzi3QOttXQ0su
 4F/useoRwWQ1t7FTy8/fcVtFpL/G8hAFSQ4un5ODhDWL7taV5sZPXQBwXUuoVQM6
 aNjZlaju/MB7gnAOrBvSsniohAAqRUNR8O7P8QW6mDrFmDhUZ3ZILmCKW+VwF5SG
 a4fV94XgBVOnKIqD01cc++8mb6keX/88KJW79AEWLeJ9YZ9BuyFphr9OEBFAIHqx
 xG+iEg4uoVxwC52//oGt/yZaZKK3C1y/Zey5bOjfErKq3ATXGIvawaAzdvB9mh6Q
 iAnl71JpR4mrs++fAyUCKM+dfvdmQYDq6HJayMdg+IHAIeIvyMnPjsGigdVJvE65
 RpBKW4aclfiYaDwX9Jf703mHR1uuKGP1GKpz8U+JXN4Ax2JPg0maC1N3wFkDypYO
 HUNKgEk/173f1HTjU0JjbqvqJh+rKQ3ZbHpLxZrYtnSMukDwRO0=
 =KoAB
 -----END PGP SIGNATURE-----

Merge tag 'v7.1-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto update from Herbert Xu:
 "API:
   - Replace crypto_get_default_rng with crypto_stdrng_get_bytes
   - Remove simd skcipher support
   - Allow algorithm types to be disabled when CRYPTO_SELFTESTS is off

  Algorithms:
   - Remove CPU-based des/3des acceleration
   - Add test vectors for authenc(hmac(md5),cbc({aes,des})) and
     authenc(hmac({md5,sha1,sha224,sha256,sha384,sha512}),rfc3686(ctr(aes)))
   - Replace spin lock with mutex in jitterentropy

  Drivers:
   - Add authenc algorithms to safexcel
   - Add support for zstd in qat
   - Add wireless mode support for QAT GEN6
   - Add anti-rollback support for QAT GEN6
   - Add support for ctr(aes), gcm(aes), and ccm(aes) in dthev2"

* tag 'v7.1-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (129 commits)
  crypto: af_alg - use sock_kmemdup in alg_setkey_by_key_serial
  crypto: vmx - remove CRYPTO_DEV_VMX from Kconfig
  crypto: omap - convert reqctx buffer to fixed-size array
  crypto: atmel-sha204a - add Thorsten Blum as maintainer
  crypto: atmel-ecc - add Thorsten Blum as maintainer
  crypto: qat - fix IRQ cleanup on 6xxx probe failure
  crypto: geniv - Remove unused spinlock from struct aead_geniv_ctx
  crypto: qce - simplify qce_xts_swapiv()
  crypto: hisilicon - Fix dma_unmap_single() direction
  crypto: talitos - rename first/last to first_desc/last_desc
  crypto: talitos - fix SEC1 32k ahash request limitation
  crypto: jitterentropy - replace long-held spinlock with mutex
  crypto: hisilicon - remove unused and non-public APIs for qm and sec
  crypto: hisilicon/qm - drop redundant variable initialization
  crypto: hisilicon/qm - remove else after return
  crypto: hisilicon/qm - add const qualifier to info_name in struct qm_cmd_dump_item
  crypto: hisilicon - fix the format string type error
  crypto: ccree - fix a memory leak in cc_mac_digest()
  crypto: qat - add support for zstd
  crypto: qat - use swab32 macro
  ...
This commit is contained in:
Linus Torvalds 2026-04-15 15:22:26 -07:00
commit aec2f682d4
166 changed files with 5481 additions and 4114 deletions

View file

@ -25,7 +25,7 @@ menu "Crypto core or helper"
config CRYPTO_FIPS
bool "FIPS 200 compliance"
depends on CRYPTO_DRBG && CRYPTO_SELFTESTS
depends on CRYPTO_DRBG=y && CRYPTO_SELFTESTS
depends on (MODULE_SIG || !MODULES)
help
This option enables the fips boot option which is
@ -109,10 +109,6 @@ config CRYPTO_RNG2
tristate
select CRYPTO_ALGAPI2
config CRYPTO_RNG_DEFAULT
tristate
select CRYPTO_DRBG_MENU
config CRYPTO_AKCIPHER2
tristate
select CRYPTO_ALGAPI2
@ -151,19 +147,20 @@ config CRYPTO_MANAGER
config CRYPTO_MANAGER2
def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
select CRYPTO_ACOMP2
select CRYPTO_AEAD2
select CRYPTO_AKCIPHER2
select CRYPTO_SIG2
select CRYPTO_HASH2
select CRYPTO_KPP2
select CRYPTO_RNG2
select CRYPTO_SKCIPHER2
select CRYPTO_ACOMP2 if CRYPTO_SELFTESTS
select CRYPTO_AEAD2 if CRYPTO_SELFTESTS
select CRYPTO_AKCIPHER2 if CRYPTO_SELFTESTS
select CRYPTO_SIG2 if CRYPTO_SELFTESTS
select CRYPTO_HASH2 if CRYPTO_SELFTESTS
select CRYPTO_KPP2 if CRYPTO_SELFTESTS
select CRYPTO_RNG2 if CRYPTO_SELFTESTS
select CRYPTO_SKCIPHER2 if CRYPTO_SELFTESTS
config CRYPTO_USER
tristate "Userspace cryptographic algorithm configuration"
depends on NET
select CRYPTO_MANAGER
select CRYPTO_RNG
help
Userspace configuration for cryptographic instantiations such as
cbc(aes).
@ -218,6 +215,7 @@ config CRYPTO_PCRYPT
config CRYPTO_CRYPTD
tristate "Software async crypto daemon"
select CRYPTO_AEAD
select CRYPTO_SKCIPHER
select CRYPTO_HASH
select CRYPTO_MANAGER
@ -251,7 +249,10 @@ config CRYPTO_KRB5ENC
config CRYPTO_BENCHMARK
tristate "Crypto benchmarking module"
depends on m || EXPERT
select CRYPTO_AEAD
select CRYPTO_HASH
select CRYPTO_MANAGER
select CRYPTO_SKCIPHER
help
Quick & dirty crypto benchmarking module.
@ -261,10 +262,16 @@ config CRYPTO_BENCHMARK
config CRYPTO_SIMD
tristate
select CRYPTO_AEAD
select CRYPTO_CRYPTD
config CRYPTO_ENGINE
tristate
select CRYPTO_AEAD
select CRYPTO_AKCIPHER
select CRYPTO_HASH
select CRYPTO_KPP
select CRYPTO_SKCIPHER
endmenu
@ -290,7 +297,6 @@ config CRYPTO_DH
config CRYPTO_DH_RFC7919_GROUPS
bool "RFC 7919 FFDHE groups"
depends on CRYPTO_DH
select CRYPTO_RNG_DEFAULT
help
FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
defined in RFC7919.
@ -302,7 +308,6 @@ config CRYPTO_DH_RFC7919_GROUPS
config CRYPTO_ECC
tristate
select CRYPTO_RNG_DEFAULT
config CRYPTO_ECDH
tristate "ECDH (Elliptic Curve Diffie-Hellman)"
@ -800,7 +805,6 @@ config CRYPTO_GENIV
tristate
select CRYPTO_AEAD
select CRYPTO_MANAGER
select CRYPTO_RNG_DEFAULT
config CRYPTO_SEQIV
tristate "Sequence Number IV Generator"

View file

@ -324,15 +324,13 @@ static int alg_setkey_by_key_serial(struct alg_sock *ask, sockptr_t optval,
return PTR_ERR(ret);
}
key_data = sock_kmalloc(&ask->sk, key_datalen, GFP_KERNEL);
key_data = sock_kmemdup(&ask->sk, ret, key_datalen, GFP_KERNEL);
if (!key_data) {
up_read(&key->sem);
key_put(key);
return -ENOMEM;
}
memcpy(key_data, ret, key_datalen);
up_read(&key->sem);
key_put(key);

View file

@ -646,7 +646,8 @@ static int cryptd_hash_import(struct ahash_request *req, const void *in)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
struct shash_desc *desc = cryptd_shash_desc(req);
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
struct shash_desc *desc = &rctx->desc;
desc->tfm = ctx->child;
@ -952,115 +953,6 @@ static struct crypto_template cryptd_tmpl = {
.module = THIS_MODULE,
};
struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
struct cryptd_skcipher_ctx *ctx;
struct crypto_skcipher *tfm;
if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME,
"cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
return ERR_PTR(-EINVAL);
tfm = crypto_alloc_skcipher(cryptd_alg_name, type, mask);
if (IS_ERR(tfm))
return ERR_CAST(tfm);
if (tfm->base.__crt_alg->cra_module != THIS_MODULE) {
crypto_free_skcipher(tfm);
return ERR_PTR(-EINVAL);
}
ctx = crypto_skcipher_ctx(tfm);
refcount_set(&ctx->refcnt, 1);
return container_of(tfm, struct cryptd_skcipher, base);
}
EXPORT_SYMBOL_GPL(cryptd_alloc_skcipher);
struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
return ctx->child;
}
EXPORT_SYMBOL_GPL(cryptd_skcipher_child);
bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
return refcount_read(&ctx->refcnt) - 1;
}
EXPORT_SYMBOL_GPL(cryptd_skcipher_queued);
void cryptd_free_skcipher(struct cryptd_skcipher *tfm)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_skcipher(&tfm->base);
}
EXPORT_SYMBOL_GPL(cryptd_free_skcipher);
struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
struct cryptd_hash_ctx *ctx;
struct crypto_ahash *tfm;
if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME,
"cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
return ERR_PTR(-EINVAL);
tfm = crypto_alloc_ahash(cryptd_alg_name, type, mask);
if (IS_ERR(tfm))
return ERR_CAST(tfm);
if (tfm->base.__crt_alg->cra_module != THIS_MODULE) {
crypto_free_ahash(tfm);
return ERR_PTR(-EINVAL);
}
ctx = crypto_ahash_ctx(tfm);
refcount_set(&ctx->refcnt, 1);
return __cryptd_ahash_cast(tfm);
}
EXPORT_SYMBOL_GPL(cryptd_alloc_ahash);
struct crypto_shash *cryptd_ahash_child(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
return ctx->child;
}
EXPORT_SYMBOL_GPL(cryptd_ahash_child);
struct shash_desc *cryptd_shash_desc(struct ahash_request *req)
{
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
return &rctx->desc;
}
EXPORT_SYMBOL_GPL(cryptd_shash_desc);
bool cryptd_ahash_queued(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
return refcount_read(&ctx->refcnt) - 1;
}
EXPORT_SYMBOL_GPL(cryptd_ahash_queued);
void cryptd_free_ahash(struct cryptd_ahash *tfm)
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_ahash(&tfm->base);
}
EXPORT_SYMBOL_GPL(cryptd_free_ahash);
struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
u32 type, u32 mask)
{

View file

@ -388,13 +388,7 @@ static void *dh_safe_prime_gen_privkey(const struct dh_safe_prime *safe_prime,
* 5.6.1.1.3, step 3 (and implicitly step 4): obtain N + 64
* random bits and interpret them as a big endian integer.
*/
err = -EFAULT;
if (crypto_get_default_rng())
goto out_err;
err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)key,
oversampling_size);
crypto_put_default_rng();
err = crypto_stdrng_get_bytes(key, oversampling_size);
if (err)
goto out_err;

View file

@ -1780,7 +1780,7 @@ static inline int __init drbg_healthcheck_sanity(void)
max_addtllen = drbg_max_addtl(drbg);
max_request_bytes = drbg_max_request_bytes(drbg);
drbg_string_fill(&addtl, buf, max_addtllen + 1);
/* overflow addtllen with additonal info string */
/* overflow addtllen with additional info string */
len = drbg_generate(drbg, buf, OUTBUFLEN, &addtl);
BUG_ON(0 < len);
/* overflow max_bits */

View file

@ -1533,16 +1533,11 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
* The maximum security strength identified by NIST SP800-57pt1r4 for
* ECC is 256 (N >= 512).
*
* This condition is met by the default RNG because it selects a favored
* DRBG with a security strength of 256.
* This condition is met by stdrng because it selects a favored DRBG
* with a security strength of 256.
*/
if (crypto_get_default_rng())
return -EFAULT;
/* Step 3: obtain N returned_bits from the DRBG. */
err = crypto_rng_get_bytes(crypto_default_rng,
(u8 *)private_key, nbytes);
crypto_put_default_rng();
err = crypto_stdrng_get_bytes(private_key, nbytes);
if (err)
return err;

View file

@ -112,15 +112,7 @@ int aead_init_geniv(struct crypto_aead *aead)
struct crypto_aead *child;
int err;
spin_lock_init(&ctx->lock);
err = crypto_get_default_rng();
if (err)
goto out;
err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt,
crypto_aead_ivsize(aead));
crypto_put_default_rng();
err = crypto_stdrng_get_bytes(ctx->salt, crypto_aead_ivsize(aead));
if (err)
goto out;

View file

@ -41,6 +41,7 @@
#include <linux/fips.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/mutex.h>
#include <linux/slab.h>
#include <linux/time.h>
#include <crypto/internal/rng.h>
@ -172,7 +173,7 @@ void jent_read_random_block(struct sha3_ctx *hash_state, char *dst,
***************************************************************************/
struct jitterentropy {
spinlock_t jent_lock;
struct mutex jent_lock;
struct rand_data *entropy_collector;
struct sha3_ctx hash_state;
};
@ -181,14 +182,14 @@ static void jent_kcapi_cleanup(struct crypto_tfm *tfm)
{
struct jitterentropy *rng = crypto_tfm_ctx(tfm);
spin_lock(&rng->jent_lock);
mutex_lock(&rng->jent_lock);
memzero_explicit(&rng->hash_state, sizeof(rng->hash_state));
if (rng->entropy_collector)
jent_entropy_collector_free(rng->entropy_collector);
rng->entropy_collector = NULL;
spin_unlock(&rng->jent_lock);
mutex_unlock(&rng->jent_lock);
}
static int jent_kcapi_init(struct crypto_tfm *tfm)
@ -196,7 +197,7 @@ static int jent_kcapi_init(struct crypto_tfm *tfm)
struct jitterentropy *rng = crypto_tfm_ctx(tfm);
int ret = 0;
spin_lock_init(&rng->jent_lock);
mutex_init(&rng->jent_lock);
/* Use SHA3-256 as conditioner */
sha3_256_init(&rng->hash_state);
@ -208,7 +209,6 @@ static int jent_kcapi_init(struct crypto_tfm *tfm)
goto err;
}
spin_lock_init(&rng->jent_lock);
return 0;
err:
@ -223,7 +223,7 @@ static int jent_kcapi_random(struct crypto_rng *tfm,
struct jitterentropy *rng = crypto_rng_ctx(tfm);
int ret = 0;
spin_lock(&rng->jent_lock);
mutex_lock(&rng->jent_lock);
ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);
@ -249,7 +249,7 @@ static int jent_kcapi_random(struct crypto_rng *tfm,
ret = -EINVAL;
}
spin_unlock(&rng->jent_lock);
mutex_unlock(&rng->jent_lock);
return ret;
}

View file

@ -154,7 +154,7 @@ static int krb5enc_dispatch_encrypt(struct aead_request *req,
dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
skcipher_request_set_tfm(skreq, enc);
skcipher_request_set_callback(skreq, aead_request_flags(req),
skcipher_request_set_callback(skreq, flags,
krb5enc_encrypt_done, req);
skcipher_request_set_crypt(skreq, src, dst, req->cryptlen, req->iv);
@ -192,7 +192,8 @@ static void krb5enc_encrypt_ahash_done(void *data, int err)
krb5enc_insert_checksum(req, ahreq->result);
err = krb5enc_dispatch_encrypt(req, 0);
err = krb5enc_dispatch_encrypt(req,
aead_request_flags(req) & ~CRYPTO_TFM_REQ_MAY_SLEEP);
if (err != -EINPROGRESS)
aead_request_complete(req, err);
}

View file

@ -134,7 +134,7 @@ static int lrw_next_index(u32 *counter)
/*
* We compute the tweak masks twice (both before and after the ECB encryption or
* decryption) to avoid having to allocate a temporary buffer and/or make
* mutliple calls to the 'ecb(..)' instance, which usually would be slower than
* multiple calls to the 'ecb(..)' instance, which usually would be slower than
* just doing the lrw_next_index() calls again.
*/
static int lrw_xor_tweak(struct skcipher_request *req, bool second_pass)

View file

@ -24,8 +24,7 @@
#include "internal.h"
static DEFINE_MUTEX(crypto_default_rng_lock);
struct crypto_rng *crypto_default_rng;
EXPORT_SYMBOL_GPL(crypto_default_rng);
static struct crypto_rng *crypto_default_rng;
static int crypto_default_rng_refcnt;
int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
@ -106,7 +105,7 @@ struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask)
}
EXPORT_SYMBOL_GPL(crypto_alloc_rng);
int crypto_get_default_rng(void)
static int crypto_get_default_rng(void)
{
struct crypto_rng *rng;
int err;
@ -135,15 +134,27 @@ unlock:
return err;
}
EXPORT_SYMBOL_GPL(crypto_get_default_rng);
void crypto_put_default_rng(void)
static void crypto_put_default_rng(void)
{
mutex_lock(&crypto_default_rng_lock);
crypto_default_rng_refcnt--;
mutex_unlock(&crypto_default_rng_lock);
}
EXPORT_SYMBOL_GPL(crypto_put_default_rng);
int __crypto_stdrng_get_bytes(void *buf, unsigned int len)
{
int err;
err = crypto_get_default_rng();
if (err)
return err;
err = crypto_rng_get_bytes(crypto_default_rng, buf, len);
crypto_put_default_rng();
return err;
}
EXPORT_SYMBOL_GPL(__crypto_stdrng_get_bytes);
#if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
int crypto_del_default_rng(void)

View file

@ -13,11 +13,11 @@
/*
* Shared crypto SIMD helpers. These functions dynamically create and register
* an skcipher or AEAD algorithm that wraps another, internal algorithm. The
* wrapper ensures that the internal algorithm is only executed in a context
* where SIMD instructions are usable, i.e. where may_use_simd() returns true.
* If SIMD is already usable, the wrapper directly calls the internal algorithm.
* Otherwise it defers execution to a workqueue via cryptd.
* an AEAD algorithm that wraps another, internal algorithm. The wrapper
* ensures that the internal algorithm is only executed in a context where SIMD
* instructions are usable, i.e. where may_use_simd() returns true. If SIMD is
* already usable, the wrapper directly calls the internal algorithm. Otherwise
* it defers execution to a workqueue via cryptd.
*
* This is an alternative to the internal algorithm implementing a fallback for
* the !may_use_simd() case itself.
@ -30,232 +30,11 @@
#include <crypto/cryptd.h>
#include <crypto/internal/aead.h>
#include <crypto/internal/simd.h>
#include <crypto/internal/skcipher.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/preempt.h>
#include <asm/simd.h>
/* skcipher support */
struct simd_skcipher_alg {
const char *ialg_name;
struct skcipher_alg alg;
};
struct simd_skcipher_ctx {
struct cryptd_skcipher *cryptd_tfm;
};
static int simd_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
unsigned int key_len)
{
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
struct crypto_skcipher *child = &ctx->cryptd_tfm->base;
crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
crypto_skcipher_set_flags(child, crypto_skcipher_get_flags(tfm) &
CRYPTO_TFM_REQ_MASK);
return crypto_skcipher_setkey(child, key, key_len);
}
static int simd_skcipher_encrypt(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
struct skcipher_request *subreq;
struct crypto_skcipher *child;
subreq = skcipher_request_ctx(req);
*subreq = *req;
if (!crypto_simd_usable() ||
(in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm)))
child = &ctx->cryptd_tfm->base;
else
child = cryptd_skcipher_child(ctx->cryptd_tfm);
skcipher_request_set_tfm(subreq, child);
return crypto_skcipher_encrypt(subreq);
}
static int simd_skcipher_decrypt(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
struct skcipher_request *subreq;
struct crypto_skcipher *child;
subreq = skcipher_request_ctx(req);
*subreq = *req;
if (!crypto_simd_usable() ||
(in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm)))
child = &ctx->cryptd_tfm->base;
else
child = cryptd_skcipher_child(ctx->cryptd_tfm);
skcipher_request_set_tfm(subreq, child);
return crypto_skcipher_decrypt(subreq);
}
static void simd_skcipher_exit(struct crypto_skcipher *tfm)
{
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
cryptd_free_skcipher(ctx->cryptd_tfm);
}
static int simd_skcipher_init(struct crypto_skcipher *tfm)
{
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
struct cryptd_skcipher *cryptd_tfm;
struct simd_skcipher_alg *salg;
struct skcipher_alg *alg;
unsigned reqsize;
alg = crypto_skcipher_alg(tfm);
salg = container_of(alg, struct simd_skcipher_alg, alg);
cryptd_tfm = cryptd_alloc_skcipher(salg->ialg_name,
CRYPTO_ALG_INTERNAL,
CRYPTO_ALG_INTERNAL);
if (IS_ERR(cryptd_tfm))
return PTR_ERR(cryptd_tfm);
ctx->cryptd_tfm = cryptd_tfm;
reqsize = crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm));
reqsize = max(reqsize, crypto_skcipher_reqsize(&cryptd_tfm->base));
reqsize += sizeof(struct skcipher_request);
crypto_skcipher_set_reqsize(tfm, reqsize);
return 0;
}
struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
const char *algname,
const char *drvname,
const char *basename)
{
struct simd_skcipher_alg *salg;
struct skcipher_alg *alg;
int err;
salg = kzalloc_obj(*salg);
if (!salg) {
salg = ERR_PTR(-ENOMEM);
goto out;
}
salg->ialg_name = basename;
alg = &salg->alg;
err = -ENAMETOOLONG;
if (snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", algname) >=
CRYPTO_MAX_ALG_NAME)
goto out_free_salg;
if (snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
drvname) >= CRYPTO_MAX_ALG_NAME)
goto out_free_salg;
alg->base.cra_flags = CRYPTO_ALG_ASYNC |
(ialg->base.cra_flags & CRYPTO_ALG_INHERITED_FLAGS);
alg->base.cra_priority = ialg->base.cra_priority;
alg->base.cra_blocksize = ialg->base.cra_blocksize;
alg->base.cra_alignmask = ialg->base.cra_alignmask;
alg->base.cra_module = ialg->base.cra_module;
alg->base.cra_ctxsize = sizeof(struct simd_skcipher_ctx);
alg->ivsize = ialg->ivsize;
alg->chunksize = ialg->chunksize;
alg->min_keysize = ialg->min_keysize;
alg->max_keysize = ialg->max_keysize;
alg->init = simd_skcipher_init;
alg->exit = simd_skcipher_exit;
alg->setkey = simd_skcipher_setkey;
alg->encrypt = simd_skcipher_encrypt;
alg->decrypt = simd_skcipher_decrypt;
err = crypto_register_skcipher(alg);
if (err)
goto out_free_salg;
out:
return salg;
out_free_salg:
kfree(salg);
salg = ERR_PTR(err);
goto out;
}
EXPORT_SYMBOL_GPL(simd_skcipher_create_compat);
void simd_skcipher_free(struct simd_skcipher_alg *salg)
{
crypto_unregister_skcipher(&salg->alg);
kfree(salg);
}
EXPORT_SYMBOL_GPL(simd_skcipher_free);
int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
struct simd_skcipher_alg **simd_algs)
{
int err;
int i;
const char *algname;
const char *drvname;
const char *basename;
struct simd_skcipher_alg *simd;
err = crypto_register_skciphers(algs, count);
if (err)
return err;
for (i = 0; i < count; i++) {
WARN_ON(strncmp(algs[i].base.cra_name, "__", 2));
WARN_ON(strncmp(algs[i].base.cra_driver_name, "__", 2));
algname = algs[i].base.cra_name + 2;
drvname = algs[i].base.cra_driver_name + 2;
basename = algs[i].base.cra_driver_name;
simd = simd_skcipher_create_compat(algs + i, algname, drvname, basename);
err = PTR_ERR(simd);
if (IS_ERR(simd))
goto err_unregister;
simd_algs[i] = simd;
}
return 0;
err_unregister:
simd_unregister_skciphers(algs, count, simd_algs);
return err;
}
EXPORT_SYMBOL_GPL(simd_register_skciphers_compat);
void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
struct simd_skcipher_alg **simd_algs)
{
int i;
crypto_unregister_skciphers(algs, count);
for (i = 0; i < count; i++) {
if (simd_algs[i]) {
simd_skcipher_free(simd_algs[i]);
simd_algs[i] = NULL;
}
}
}
EXPORT_SYMBOL_GPL(simd_unregister_skciphers);
/* AEAD support */
struct simd_aead_alg {
const char *ialg_name;
struct aead_alg alg;
@ -437,13 +216,17 @@ int simd_register_aeads_compat(struct aead_alg *algs, int count,
const char *basename;
struct simd_aead_alg *simd;
for (i = 0; i < count; i++) {
if (WARN_ON(strncmp(algs[i].base.cra_name, "__", 2) ||
strncmp(algs[i].base.cra_driver_name, "__", 2)))
return -EINVAL;
}
err = crypto_register_aeads(algs, count);
if (err)
return err;
for (i = 0; i < count; i++) {
WARN_ON(strncmp(algs[i].base.cra_name, "__", 2));
WARN_ON(strncmp(algs[i].base.cra_driver_name, "__", 2));
algname = algs[i].base.cra_name + 2;
drvname = algs[i].base.cra_driver_name + 2;
basename = algs[i].base.cra_driver_name;

View file

@ -911,8 +911,14 @@ static void test_ahash_speed_common(const char *algo, unsigned int secs,
break;
}
if (klen)
crypto_ahash_setkey(tfm, tvmem[0], klen);
if (klen) {
ret = crypto_ahash_setkey(tfm, tvmem[0], klen);
if (ret) {
pr_err("setkey() failed flags=%x: %d\n",
crypto_ahash_get_flags(tfm), ret);
break;
}
}
pr_info("test%3u "
"(%5u byte blocks,%5u bytes per update,%4u updates): ",
@ -2795,6 +2801,11 @@ static int __init tcrypt_mod_init(void)
goto err_free_tv;
}
if (!num_mb) {
pr_warn("num_mb must be at least 1; forcing to 1\n");
num_mb = 1;
}
err = do_test(alg, type, mask, mode, num_mb);
if (err) {
@ -2804,7 +2815,7 @@ static int __init tcrypt_mod_init(void)
pr_debug("all tests passed\n");
}
/* We intentionaly return -EAGAIN to prevent keeping the module,
/* We intentionally return -EAGAIN to prevent keeping the module,
* unless we're running in fips mode. It does all its work from
* init() and doesn't offer any runtime functionality, but in
* the fips case, checking for a successful load is helpful.

View file

@ -2,7 +2,7 @@
/*
* Cryptographic API.
*
* TEA, XTEA, and XETA crypto alogrithms
* TEA, XTEA, and XETA crypto algorithms
*
* The TEA and Xtended TEA algorithms were developed by David Wheeler
* and Roger Needham at the Computer Laboratory of Cambridge University.

View file

@ -4079,6 +4079,20 @@ static const struct alg_test_desc alg_test_descs[] = {
.suite = {
.aead = __VECS(aegis128_tv_template)
}
}, {
.alg = "authenc(hmac(md5),cbc(aes))",
.generic_driver = "authenc(hmac-md5-lib,cbc(aes-lib))",
.test = alg_test_aead,
.suite = {
.aead = __VECS(hmac_md5_aes_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(md5),cbc(des))",
.generic_driver = "authenc(hmac-md5-lib,cbc(des-generic))",
.test = alg_test_aead,
.suite = {
.aead = __VECS(hmac_md5_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(md5),cbc(des3_ede))",
.generic_driver = "authenc(hmac-md5-lib,cbc(des3_ede-generic))",
@ -4093,6 +4107,13 @@ static const struct alg_test_desc alg_test_descs[] = {
.suite = {
.aead = __VECS(hmac_md5_ecb_cipher_null_tv_template)
}
}, {
.alg = "authenc(hmac(md5),rfc3686(ctr(aes)))",
.generic_driver = "authenc(hmac-md5-lib,rfc3686(ctr(aes-lib)))",
.test = alg_test_aead,
.suite = {
.aead = __VECS(hmac_md5_aes_ctr_rfc3686_tv_temp)
}
}, {
.alg = "authenc(hmac(sha1),cbc(aes))",
.generic_driver = "authenc(hmac-sha1-lib,cbc(aes-lib))",
@ -4128,12 +4149,17 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}, {
.alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
.test = alg_test_null,
.generic_driver = "authenc(hmac-sha1-lib,rfc3686(ctr(aes-lib)))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
.aead = __VECS(hmac_sha1_aes_ctr_rfc3686_tv_temp)
}
}, {
.alg = "authenc(hmac(sha224),cbc(aes))",
.generic_driver = "authenc(hmac-sha224-lib,cbc(aes-lib))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
.aead = __VECS(hmac_sha224_aes_cbc_tv_temp)
}
@ -4153,8 +4179,12 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}, {
.alg = "authenc(hmac(sha224),rfc3686(ctr(aes)))",
.test = alg_test_null,
.generic_driver = "authenc(hmac-sha224-lib,rfc3686(ctr(aes-lib)))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
.aead = __VECS(hmac_sha224_aes_ctr_rfc3686_tv_temp)
}
}, {
.alg = "authenc(hmac(sha256),cbc(aes))",
.generic_driver = "authenc(hmac-sha256-lib,cbc(aes-lib))",
@ -4190,12 +4220,17 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}, {
.alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
.test = alg_test_null,
.generic_driver = "authenc(hmac-sha256-lib,rfc3686(ctr(aes-lib)))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
.aead = __VECS(hmac_sha256_aes_ctr_rfc3686_tv_temp)
}
}, {
.alg = "authenc(hmac(sha384),cbc(aes))",
.generic_driver = "authenc(hmac-sha384-lib,cbc(aes-lib))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
.aead = __VECS(hmac_sha384_aes_cbc_tv_temp)
}
@ -4226,8 +4261,12 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}, {
.alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
.test = alg_test_null,
.generic_driver = "authenc(hmac-sha384-lib,rfc3686(ctr(aes-lib)))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
.aead = __VECS(hmac_sha384_aes_ctr_rfc3686_tv_temp)
}
}, {
.alg = "authenc(hmac(sha512),cbc(aes))",
.generic_driver = "authenc(hmac-sha512-lib,cbc(aes-lib))",
@ -4256,8 +4295,12 @@ static const struct alg_test_desc alg_test_descs[] = {
.fips_allowed = 1,
}, {
.alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
.test = alg_test_null,
.generic_driver = "authenc(hmac-sha512-lib,rfc3686(ctr(aes-lib)))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
.aead = __VECS(hmac_sha512_aes_ctr_rfc3686_tv_temp)
}
}, {
.alg = "blake2b-160",
.generic_driver = "blake2b-160-lib",

File diff suppressed because it is too large Load diff

View file

@ -76,7 +76,7 @@ static int xts_setkey(struct crypto_skcipher *parent, const u8 *key,
/*
* We compute the tweak masks twice (both before and after the ECB encryption or
* decryption) to avoid having to allocate a temporary buffer and/or make
* mutliple calls to the 'ecb(..)' instance, which usually would be slower than
* multiple calls to the 'ecb(..)' instance, which usually would be slower than
* just doing the gf128mul_x_ble() calls again.
*/
static int xts_xor_tweak(struct skcipher_request *req, bool second_pass,