This update includes the following changes:
API:
- Replace crypto_get_default_rng with crypto_stdrng_get_bytes.
- Remove simd skcipher support.
- Allow algorithm types to be disabled when CRYPTO_SELFTESTS is off.
Algorithms:
- Remove CPU-based des/3des acceleration.
- Add test vectors for authenc(hmac(md5),cbc(aes)).
- Add test vectors for authenc(hmac(md5),cbc(des)).
- Add test vectors for authenc(hmac(md5),rfc3686(ctr(aes))).
- Add test vectors for authenc(hmac(sha1),rfc3686(ctr(aes))).
- Add test vectors for authenc(hmac(sha224),rfc3686(ctr(aes))).
- Add test vectors for authenc(hmac(sha256),rfc3686(ctr(aes))).
- Add test vectors for authenc(hmac(sha384),rfc3686(ctr(aes))).
- Add test vectors for authenc(hmac(sha512),rfc3686(ctr(aes))).
- Replace spin lock with mutex in jitterentropy.
Drivers:
- Add authenc algorithms to safexcel.
- Add support for zstd in qat.
- Add wireless mode support for QAT GEN6.
- Add anti-rollback support for QAT GEN6.
- Add support for ctr(aes), gcm(aes), and ccm(aes) in dthev2.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmne7qgACgkQxycdCkmx
i6cm0w/9HNFzIWuZWh4Q8k1d/SX32/2p40EMvlw9QFO8wt0gsMtbk6NN5G3sIfhL
36+rT8Vo5yg9MahTqAspXKjP+QTev5D7/nsDa/FzOSA1JxyvBbgV7X33k8EZjcgT
+ffuh0WbaWlutYw07o2h4cNPz1Yp4M0hp2IdzvY0Y3q9D05eiwis1SQzUVPmTs6K
I6OP+4JjJbqubOgJxsltEoeCH9ZP0fObRWmAiVm6rwk9uX4CY32nzi3QOttXQ0su
4F/useoRwWQ1t7FTy8/fcVtFpL/G8hAFSQ4un5ODhDWL7taV5sZPXQBwXUuoVQM6
aNjZlaju/MB7gnAOrBvSsniohAAqRUNR8O7P8QW6mDrFmDhUZ3ZILmCKW+VwF5SG
a4fV94XgBVOnKIqD01cc++8mb6keX/88KJW79AEWLeJ9YZ9BuyFphr9OEBFAIHqx
xG+iEg4uoVxwC52//oGt/yZaZKK3C1y/Zey5bOjfErKq3ATXGIvawaAzdvB9mh6Q
iAnl71JpR4mrs++fAyUCKM+dfvdmQYDq6HJayMdg+IHAIeIvyMnPjsGigdVJvE65
RpBKW4aclfiYaDwX9Jf703mHR1uuKGP1GKpz8U+JXN4Ax2JPg0maC1N3wFkDypYO
HUNKgEk/173f1HTjU0JjbqvqJh+rKQ3ZbHpLxZrYtnSMukDwRO0=
=KoAB
-----END PGP SIGNATURE-----
Merge tag 'v7.1-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto update from Herbert Xu:
"API:
- Replace crypto_get_default_rng with crypto_stdrng_get_bytes
- Remove simd skcipher support
- Allow algorithm types to be disabled when CRYPTO_SELFTESTS is off
Algorithms:
- Remove CPU-based des/3des acceleration
- Add test vectors for authenc(hmac(md5),cbc({aes,des})) and
authenc(hmac({md5,sha1,sha224,sha256,sha384,sha512}),rfc3686(ctr(aes)))
- Replace spin lock with mutex in jitterentropy
Drivers:
- Add authenc algorithms to safexcel
- Add support for zstd in qat
- Add wireless mode support for QAT GEN6
- Add anti-rollback support for QAT GEN6
- Add support for ctr(aes), gcm(aes), and ccm(aes) in dthev2"
* tag 'v7.1-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (129 commits)
crypto: af_alg - use sock_kmemdup in alg_setkey_by_key_serial
crypto: vmx - remove CRYPTO_DEV_VMX from Kconfig
crypto: omap - convert reqctx buffer to fixed-size array
crypto: atmel-sha204a - add Thorsten Blum as maintainer
crypto: atmel-ecc - add Thorsten Blum as maintainer
crypto: qat - fix IRQ cleanup on 6xxx probe failure
crypto: geniv - Remove unused spinlock from struct aead_geniv_ctx
crypto: qce - simplify qce_xts_swapiv()
crypto: hisilicon - Fix dma_unmap_single() direction
crypto: talitos - rename first/last to first_desc/last_desc
crypto: talitos - fix SEC1 32k ahash request limitation
crypto: jitterentropy - replace long-held spinlock with mutex
crypto: hisilicon - remove unused and non-public APIs for qm and sec
crypto: hisilicon/qm - drop redundant variable initialization
crypto: hisilicon/qm - remove else after return
crypto: hisilicon/qm - add const qualifier to info_name in struct qm_cmd_dump_item
crypto: hisilicon - fix the format string type error
crypto: ccree - fix a memory leak in cc_mac_digest()
crypto: qat - add support for zstd
crypto: qat - use swab32 macro
...
This commit is contained in:
commit
aec2f682d4
166 changed files with 5481 additions and 4114 deletions
|
|
@ -25,7 +25,7 @@ menu "Crypto core or helper"
|
|||
|
||||
config CRYPTO_FIPS
|
||||
bool "FIPS 200 compliance"
|
||||
depends on CRYPTO_DRBG && CRYPTO_SELFTESTS
|
||||
depends on CRYPTO_DRBG=y && CRYPTO_SELFTESTS
|
||||
depends on (MODULE_SIG || !MODULES)
|
||||
help
|
||||
This option enables the fips boot option which is
|
||||
|
|
@ -109,10 +109,6 @@ config CRYPTO_RNG2
|
|||
tristate
|
||||
select CRYPTO_ALGAPI2
|
||||
|
||||
config CRYPTO_RNG_DEFAULT
|
||||
tristate
|
||||
select CRYPTO_DRBG_MENU
|
||||
|
||||
config CRYPTO_AKCIPHER2
|
||||
tristate
|
||||
select CRYPTO_ALGAPI2
|
||||
|
|
@ -151,19 +147,20 @@ config CRYPTO_MANAGER
|
|||
|
||||
config CRYPTO_MANAGER2
|
||||
def_tristate CRYPTO_MANAGER || (CRYPTO_MANAGER!=n && CRYPTO_ALGAPI=y)
|
||||
select CRYPTO_ACOMP2
|
||||
select CRYPTO_AEAD2
|
||||
select CRYPTO_AKCIPHER2
|
||||
select CRYPTO_SIG2
|
||||
select CRYPTO_HASH2
|
||||
select CRYPTO_KPP2
|
||||
select CRYPTO_RNG2
|
||||
select CRYPTO_SKCIPHER2
|
||||
select CRYPTO_ACOMP2 if CRYPTO_SELFTESTS
|
||||
select CRYPTO_AEAD2 if CRYPTO_SELFTESTS
|
||||
select CRYPTO_AKCIPHER2 if CRYPTO_SELFTESTS
|
||||
select CRYPTO_SIG2 if CRYPTO_SELFTESTS
|
||||
select CRYPTO_HASH2 if CRYPTO_SELFTESTS
|
||||
select CRYPTO_KPP2 if CRYPTO_SELFTESTS
|
||||
select CRYPTO_RNG2 if CRYPTO_SELFTESTS
|
||||
select CRYPTO_SKCIPHER2 if CRYPTO_SELFTESTS
|
||||
|
||||
config CRYPTO_USER
|
||||
tristate "Userspace cryptographic algorithm configuration"
|
||||
depends on NET
|
||||
select CRYPTO_MANAGER
|
||||
select CRYPTO_RNG
|
||||
help
|
||||
Userspace configuration for cryptographic instantiations such as
|
||||
cbc(aes).
|
||||
|
|
@ -218,6 +215,7 @@ config CRYPTO_PCRYPT
|
|||
|
||||
config CRYPTO_CRYPTD
|
||||
tristate "Software async crypto daemon"
|
||||
select CRYPTO_AEAD
|
||||
select CRYPTO_SKCIPHER
|
||||
select CRYPTO_HASH
|
||||
select CRYPTO_MANAGER
|
||||
|
|
@ -251,7 +249,10 @@ config CRYPTO_KRB5ENC
|
|||
config CRYPTO_BENCHMARK
|
||||
tristate "Crypto benchmarking module"
|
||||
depends on m || EXPERT
|
||||
select CRYPTO_AEAD
|
||||
select CRYPTO_HASH
|
||||
select CRYPTO_MANAGER
|
||||
select CRYPTO_SKCIPHER
|
||||
help
|
||||
Quick & dirty crypto benchmarking module.
|
||||
|
||||
|
|
@ -261,10 +262,16 @@ config CRYPTO_BENCHMARK
|
|||
|
||||
config CRYPTO_SIMD
|
||||
tristate
|
||||
select CRYPTO_AEAD
|
||||
select CRYPTO_CRYPTD
|
||||
|
||||
config CRYPTO_ENGINE
|
||||
tristate
|
||||
select CRYPTO_AEAD
|
||||
select CRYPTO_AKCIPHER
|
||||
select CRYPTO_HASH
|
||||
select CRYPTO_KPP
|
||||
select CRYPTO_SKCIPHER
|
||||
|
||||
endmenu
|
||||
|
||||
|
|
@ -290,7 +297,6 @@ config CRYPTO_DH
|
|||
config CRYPTO_DH_RFC7919_GROUPS
|
||||
bool "RFC 7919 FFDHE groups"
|
||||
depends on CRYPTO_DH
|
||||
select CRYPTO_RNG_DEFAULT
|
||||
help
|
||||
FFDHE (Finite-Field-based Diffie-Hellman Ephemeral) groups
|
||||
defined in RFC7919.
|
||||
|
|
@ -302,7 +308,6 @@ config CRYPTO_DH_RFC7919_GROUPS
|
|||
|
||||
config CRYPTO_ECC
|
||||
tristate
|
||||
select CRYPTO_RNG_DEFAULT
|
||||
|
||||
config CRYPTO_ECDH
|
||||
tristate "ECDH (Elliptic Curve Diffie-Hellman)"
|
||||
|
|
@ -800,7 +805,6 @@ config CRYPTO_GENIV
|
|||
tristate
|
||||
select CRYPTO_AEAD
|
||||
select CRYPTO_MANAGER
|
||||
select CRYPTO_RNG_DEFAULT
|
||||
|
||||
config CRYPTO_SEQIV
|
||||
tristate "Sequence Number IV Generator"
|
||||
|
|
|
|||
|
|
@ -324,15 +324,13 @@ static int alg_setkey_by_key_serial(struct alg_sock *ask, sockptr_t optval,
|
|||
return PTR_ERR(ret);
|
||||
}
|
||||
|
||||
key_data = sock_kmalloc(&ask->sk, key_datalen, GFP_KERNEL);
|
||||
key_data = sock_kmemdup(&ask->sk, ret, key_datalen, GFP_KERNEL);
|
||||
if (!key_data) {
|
||||
up_read(&key->sem);
|
||||
key_put(key);
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
memcpy(key_data, ret, key_datalen);
|
||||
|
||||
up_read(&key->sem);
|
||||
key_put(key);
|
||||
|
||||
|
|
|
|||
112
crypto/cryptd.c
112
crypto/cryptd.c
|
|
@ -646,7 +646,8 @@ static int cryptd_hash_import(struct ahash_request *req, const void *in)
|
|||
{
|
||||
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
|
||||
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
|
||||
struct shash_desc *desc = cryptd_shash_desc(req);
|
||||
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
|
||||
struct shash_desc *desc = &rctx->desc;
|
||||
|
||||
desc->tfm = ctx->child;
|
||||
|
||||
|
|
@ -952,115 +953,6 @@ static struct crypto_template cryptd_tmpl = {
|
|||
.module = THIS_MODULE,
|
||||
};
|
||||
|
||||
struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
|
||||
u32 type, u32 mask)
|
||||
{
|
||||
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
|
||||
struct cryptd_skcipher_ctx *ctx;
|
||||
struct crypto_skcipher *tfm;
|
||||
|
||||
if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME,
|
||||
"cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
|
||||
return ERR_PTR(-EINVAL);
|
||||
|
||||
tfm = crypto_alloc_skcipher(cryptd_alg_name, type, mask);
|
||||
if (IS_ERR(tfm))
|
||||
return ERR_CAST(tfm);
|
||||
|
||||
if (tfm->base.__crt_alg->cra_module != THIS_MODULE) {
|
||||
crypto_free_skcipher(tfm);
|
||||
return ERR_PTR(-EINVAL);
|
||||
}
|
||||
|
||||
ctx = crypto_skcipher_ctx(tfm);
|
||||
refcount_set(&ctx->refcnt, 1);
|
||||
|
||||
return container_of(tfm, struct cryptd_skcipher, base);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cryptd_alloc_skcipher);
|
||||
|
||||
struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm)
|
||||
{
|
||||
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
|
||||
|
||||
return ctx->child;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cryptd_skcipher_child);
|
||||
|
||||
bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm)
|
||||
{
|
||||
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
|
||||
|
||||
return refcount_read(&ctx->refcnt) - 1;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cryptd_skcipher_queued);
|
||||
|
||||
void cryptd_free_skcipher(struct cryptd_skcipher *tfm)
|
||||
{
|
||||
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
|
||||
|
||||
if (refcount_dec_and_test(&ctx->refcnt))
|
||||
crypto_free_skcipher(&tfm->base);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cryptd_free_skcipher);
|
||||
|
||||
struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
|
||||
u32 type, u32 mask)
|
||||
{
|
||||
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
|
||||
struct cryptd_hash_ctx *ctx;
|
||||
struct crypto_ahash *tfm;
|
||||
|
||||
if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME,
|
||||
"cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
|
||||
return ERR_PTR(-EINVAL);
|
||||
tfm = crypto_alloc_ahash(cryptd_alg_name, type, mask);
|
||||
if (IS_ERR(tfm))
|
||||
return ERR_CAST(tfm);
|
||||
if (tfm->base.__crt_alg->cra_module != THIS_MODULE) {
|
||||
crypto_free_ahash(tfm);
|
||||
return ERR_PTR(-EINVAL);
|
||||
}
|
||||
|
||||
ctx = crypto_ahash_ctx(tfm);
|
||||
refcount_set(&ctx->refcnt, 1);
|
||||
|
||||
return __cryptd_ahash_cast(tfm);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cryptd_alloc_ahash);
|
||||
|
||||
struct crypto_shash *cryptd_ahash_child(struct cryptd_ahash *tfm)
|
||||
{
|
||||
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
|
||||
|
||||
return ctx->child;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cryptd_ahash_child);
|
||||
|
||||
struct shash_desc *cryptd_shash_desc(struct ahash_request *req)
|
||||
{
|
||||
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
|
||||
return &rctx->desc;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cryptd_shash_desc);
|
||||
|
||||
bool cryptd_ahash_queued(struct cryptd_ahash *tfm)
|
||||
{
|
||||
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
|
||||
|
||||
return refcount_read(&ctx->refcnt) - 1;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cryptd_ahash_queued);
|
||||
|
||||
void cryptd_free_ahash(struct cryptd_ahash *tfm)
|
||||
{
|
||||
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
|
||||
|
||||
if (refcount_dec_and_test(&ctx->refcnt))
|
||||
crypto_free_ahash(&tfm->base);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cryptd_free_ahash);
|
||||
|
||||
struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
|
||||
u32 type, u32 mask)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -388,13 +388,7 @@ static void *dh_safe_prime_gen_privkey(const struct dh_safe_prime *safe_prime,
|
|||
* 5.6.1.1.3, step 3 (and implicitly step 4): obtain N + 64
|
||||
* random bits and interpret them as a big endian integer.
|
||||
*/
|
||||
err = -EFAULT;
|
||||
if (crypto_get_default_rng())
|
||||
goto out_err;
|
||||
|
||||
err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)key,
|
||||
oversampling_size);
|
||||
crypto_put_default_rng();
|
||||
err = crypto_stdrng_get_bytes(key, oversampling_size);
|
||||
if (err)
|
||||
goto out_err;
|
||||
|
||||
|
|
|
|||
|
|
@ -1780,7 +1780,7 @@ static inline int __init drbg_healthcheck_sanity(void)
|
|||
max_addtllen = drbg_max_addtl(drbg);
|
||||
max_request_bytes = drbg_max_request_bytes(drbg);
|
||||
drbg_string_fill(&addtl, buf, max_addtllen + 1);
|
||||
/* overflow addtllen with additonal info string */
|
||||
/* overflow addtllen with additional info string */
|
||||
len = drbg_generate(drbg, buf, OUTBUFLEN, &addtl);
|
||||
BUG_ON(0 < len);
|
||||
/* overflow max_bits */
|
||||
|
|
|
|||
11
crypto/ecc.c
11
crypto/ecc.c
|
|
@ -1533,16 +1533,11 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
|
|||
* The maximum security strength identified by NIST SP800-57pt1r4 for
|
||||
* ECC is 256 (N >= 512).
|
||||
*
|
||||
* This condition is met by the default RNG because it selects a favored
|
||||
* DRBG with a security strength of 256.
|
||||
* This condition is met by stdrng because it selects a favored DRBG
|
||||
* with a security strength of 256.
|
||||
*/
|
||||
if (crypto_get_default_rng())
|
||||
return -EFAULT;
|
||||
|
||||
/* Step 3: obtain N returned_bits from the DRBG. */
|
||||
err = crypto_rng_get_bytes(crypto_default_rng,
|
||||
(u8 *)private_key, nbytes);
|
||||
crypto_put_default_rng();
|
||||
err = crypto_stdrng_get_bytes(private_key, nbytes);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
|
|
|
|||
|
|
@ -112,15 +112,7 @@ int aead_init_geniv(struct crypto_aead *aead)
|
|||
struct crypto_aead *child;
|
||||
int err;
|
||||
|
||||
spin_lock_init(&ctx->lock);
|
||||
|
||||
err = crypto_get_default_rng();
|
||||
if (err)
|
||||
goto out;
|
||||
|
||||
err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt,
|
||||
crypto_aead_ivsize(aead));
|
||||
crypto_put_default_rng();
|
||||
err = crypto_stdrng_get_bytes(ctx->salt, crypto_aead_ivsize(aead));
|
||||
if (err)
|
||||
goto out;
|
||||
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@
|
|||
#include <linux/fips.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/mutex.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/time.h>
|
||||
#include <crypto/internal/rng.h>
|
||||
|
|
@ -172,7 +173,7 @@ void jent_read_random_block(struct sha3_ctx *hash_state, char *dst,
|
|||
***************************************************************************/
|
||||
|
||||
struct jitterentropy {
|
||||
spinlock_t jent_lock;
|
||||
struct mutex jent_lock;
|
||||
struct rand_data *entropy_collector;
|
||||
struct sha3_ctx hash_state;
|
||||
};
|
||||
|
|
@ -181,14 +182,14 @@ static void jent_kcapi_cleanup(struct crypto_tfm *tfm)
|
|||
{
|
||||
struct jitterentropy *rng = crypto_tfm_ctx(tfm);
|
||||
|
||||
spin_lock(&rng->jent_lock);
|
||||
mutex_lock(&rng->jent_lock);
|
||||
|
||||
memzero_explicit(&rng->hash_state, sizeof(rng->hash_state));
|
||||
|
||||
if (rng->entropy_collector)
|
||||
jent_entropy_collector_free(rng->entropy_collector);
|
||||
rng->entropy_collector = NULL;
|
||||
spin_unlock(&rng->jent_lock);
|
||||
mutex_unlock(&rng->jent_lock);
|
||||
}
|
||||
|
||||
static int jent_kcapi_init(struct crypto_tfm *tfm)
|
||||
|
|
@ -196,7 +197,7 @@ static int jent_kcapi_init(struct crypto_tfm *tfm)
|
|||
struct jitterentropy *rng = crypto_tfm_ctx(tfm);
|
||||
int ret = 0;
|
||||
|
||||
spin_lock_init(&rng->jent_lock);
|
||||
mutex_init(&rng->jent_lock);
|
||||
|
||||
/* Use SHA3-256 as conditioner */
|
||||
sha3_256_init(&rng->hash_state);
|
||||
|
|
@ -208,7 +209,6 @@ static int jent_kcapi_init(struct crypto_tfm *tfm)
|
|||
goto err;
|
||||
}
|
||||
|
||||
spin_lock_init(&rng->jent_lock);
|
||||
return 0;
|
||||
|
||||
err:
|
||||
|
|
@ -223,7 +223,7 @@ static int jent_kcapi_random(struct crypto_rng *tfm,
|
|||
struct jitterentropy *rng = crypto_rng_ctx(tfm);
|
||||
int ret = 0;
|
||||
|
||||
spin_lock(&rng->jent_lock);
|
||||
mutex_lock(&rng->jent_lock);
|
||||
|
||||
ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);
|
||||
|
||||
|
|
@ -249,7 +249,7 @@ static int jent_kcapi_random(struct crypto_rng *tfm,
|
|||
ret = -EINVAL;
|
||||
}
|
||||
|
||||
spin_unlock(&rng->jent_lock);
|
||||
mutex_unlock(&rng->jent_lock);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -154,7 +154,7 @@ static int krb5enc_dispatch_encrypt(struct aead_request *req,
|
|||
dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
|
||||
|
||||
skcipher_request_set_tfm(skreq, enc);
|
||||
skcipher_request_set_callback(skreq, aead_request_flags(req),
|
||||
skcipher_request_set_callback(skreq, flags,
|
||||
krb5enc_encrypt_done, req);
|
||||
skcipher_request_set_crypt(skreq, src, dst, req->cryptlen, req->iv);
|
||||
|
||||
|
|
@ -192,7 +192,8 @@ static void krb5enc_encrypt_ahash_done(void *data, int err)
|
|||
|
||||
krb5enc_insert_checksum(req, ahreq->result);
|
||||
|
||||
err = krb5enc_dispatch_encrypt(req, 0);
|
||||
err = krb5enc_dispatch_encrypt(req,
|
||||
aead_request_flags(req) & ~CRYPTO_TFM_REQ_MAY_SLEEP);
|
||||
if (err != -EINPROGRESS)
|
||||
aead_request_complete(req, err);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ static int lrw_next_index(u32 *counter)
|
|||
/*
|
||||
* We compute the tweak masks twice (both before and after the ECB encryption or
|
||||
* decryption) to avoid having to allocate a temporary buffer and/or make
|
||||
* mutliple calls to the 'ecb(..)' instance, which usually would be slower than
|
||||
* multiple calls to the 'ecb(..)' instance, which usually would be slower than
|
||||
* just doing the lrw_next_index() calls again.
|
||||
*/
|
||||
static int lrw_xor_tweak(struct skcipher_request *req, bool second_pass)
|
||||
|
|
|
|||
23
crypto/rng.c
23
crypto/rng.c
|
|
@ -24,8 +24,7 @@
|
|||
#include "internal.h"
|
||||
|
||||
static DEFINE_MUTEX(crypto_default_rng_lock);
|
||||
struct crypto_rng *crypto_default_rng;
|
||||
EXPORT_SYMBOL_GPL(crypto_default_rng);
|
||||
static struct crypto_rng *crypto_default_rng;
|
||||
static int crypto_default_rng_refcnt;
|
||||
|
||||
int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
|
||||
|
|
@ -106,7 +105,7 @@ struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask)
|
|||
}
|
||||
EXPORT_SYMBOL_GPL(crypto_alloc_rng);
|
||||
|
||||
int crypto_get_default_rng(void)
|
||||
static int crypto_get_default_rng(void)
|
||||
{
|
||||
struct crypto_rng *rng;
|
||||
int err;
|
||||
|
|
@ -135,15 +134,27 @@ unlock:
|
|||
|
||||
return err;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(crypto_get_default_rng);
|
||||
|
||||
void crypto_put_default_rng(void)
|
||||
static void crypto_put_default_rng(void)
|
||||
{
|
||||
mutex_lock(&crypto_default_rng_lock);
|
||||
crypto_default_rng_refcnt--;
|
||||
mutex_unlock(&crypto_default_rng_lock);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(crypto_put_default_rng);
|
||||
|
||||
int __crypto_stdrng_get_bytes(void *buf, unsigned int len)
|
||||
{
|
||||
int err;
|
||||
|
||||
err = crypto_get_default_rng();
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
err = crypto_rng_get_bytes(crypto_default_rng, buf, len);
|
||||
crypto_put_default_rng();
|
||||
return err;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(__crypto_stdrng_get_bytes);
|
||||
|
||||
#if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
|
||||
int crypto_del_default_rng(void)
|
||||
|
|
|
|||
239
crypto/simd.c
239
crypto/simd.c
|
|
@ -13,11 +13,11 @@
|
|||
|
||||
/*
|
||||
* Shared crypto SIMD helpers. These functions dynamically create and register
|
||||
* an skcipher or AEAD algorithm that wraps another, internal algorithm. The
|
||||
* wrapper ensures that the internal algorithm is only executed in a context
|
||||
* where SIMD instructions are usable, i.e. where may_use_simd() returns true.
|
||||
* If SIMD is already usable, the wrapper directly calls the internal algorithm.
|
||||
* Otherwise it defers execution to a workqueue via cryptd.
|
||||
* an AEAD algorithm that wraps another, internal algorithm. The wrapper
|
||||
* ensures that the internal algorithm is only executed in a context where SIMD
|
||||
* instructions are usable, i.e. where may_use_simd() returns true. If SIMD is
|
||||
* already usable, the wrapper directly calls the internal algorithm. Otherwise
|
||||
* it defers execution to a workqueue via cryptd.
|
||||
*
|
||||
* This is an alternative to the internal algorithm implementing a fallback for
|
||||
* the !may_use_simd() case itself.
|
||||
|
|
@ -30,232 +30,11 @@
|
|||
#include <crypto/cryptd.h>
|
||||
#include <crypto/internal/aead.h>
|
||||
#include <crypto/internal/simd.h>
|
||||
#include <crypto/internal/skcipher.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/preempt.h>
|
||||
#include <asm/simd.h>
|
||||
|
||||
/* skcipher support */
|
||||
|
||||
struct simd_skcipher_alg {
|
||||
const char *ialg_name;
|
||||
struct skcipher_alg alg;
|
||||
};
|
||||
|
||||
struct simd_skcipher_ctx {
|
||||
struct cryptd_skcipher *cryptd_tfm;
|
||||
};
|
||||
|
||||
static int simd_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
||||
unsigned int key_len)
|
||||
{
|
||||
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
|
||||
struct crypto_skcipher *child = &ctx->cryptd_tfm->base;
|
||||
|
||||
crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
|
||||
crypto_skcipher_set_flags(child, crypto_skcipher_get_flags(tfm) &
|
||||
CRYPTO_TFM_REQ_MASK);
|
||||
return crypto_skcipher_setkey(child, key, key_len);
|
||||
}
|
||||
|
||||
static int simd_skcipher_encrypt(struct skcipher_request *req)
|
||||
{
|
||||
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
||||
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
|
||||
struct skcipher_request *subreq;
|
||||
struct crypto_skcipher *child;
|
||||
|
||||
subreq = skcipher_request_ctx(req);
|
||||
*subreq = *req;
|
||||
|
||||
if (!crypto_simd_usable() ||
|
||||
(in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm)))
|
||||
child = &ctx->cryptd_tfm->base;
|
||||
else
|
||||
child = cryptd_skcipher_child(ctx->cryptd_tfm);
|
||||
|
||||
skcipher_request_set_tfm(subreq, child);
|
||||
|
||||
return crypto_skcipher_encrypt(subreq);
|
||||
}
|
||||
|
||||
static int simd_skcipher_decrypt(struct skcipher_request *req)
|
||||
{
|
||||
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
||||
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
|
||||
struct skcipher_request *subreq;
|
||||
struct crypto_skcipher *child;
|
||||
|
||||
subreq = skcipher_request_ctx(req);
|
||||
*subreq = *req;
|
||||
|
||||
if (!crypto_simd_usable() ||
|
||||
(in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm)))
|
||||
child = &ctx->cryptd_tfm->base;
|
||||
else
|
||||
child = cryptd_skcipher_child(ctx->cryptd_tfm);
|
||||
|
||||
skcipher_request_set_tfm(subreq, child);
|
||||
|
||||
return crypto_skcipher_decrypt(subreq);
|
||||
}
|
||||
|
||||
static void simd_skcipher_exit(struct crypto_skcipher *tfm)
|
||||
{
|
||||
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
|
||||
|
||||
cryptd_free_skcipher(ctx->cryptd_tfm);
|
||||
}
|
||||
|
||||
static int simd_skcipher_init(struct crypto_skcipher *tfm)
|
||||
{
|
||||
struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
|
||||
struct cryptd_skcipher *cryptd_tfm;
|
||||
struct simd_skcipher_alg *salg;
|
||||
struct skcipher_alg *alg;
|
||||
unsigned reqsize;
|
||||
|
||||
alg = crypto_skcipher_alg(tfm);
|
||||
salg = container_of(alg, struct simd_skcipher_alg, alg);
|
||||
|
||||
cryptd_tfm = cryptd_alloc_skcipher(salg->ialg_name,
|
||||
CRYPTO_ALG_INTERNAL,
|
||||
CRYPTO_ALG_INTERNAL);
|
||||
if (IS_ERR(cryptd_tfm))
|
||||
return PTR_ERR(cryptd_tfm);
|
||||
|
||||
ctx->cryptd_tfm = cryptd_tfm;
|
||||
|
||||
reqsize = crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm));
|
||||
reqsize = max(reqsize, crypto_skcipher_reqsize(&cryptd_tfm->base));
|
||||
reqsize += sizeof(struct skcipher_request);
|
||||
|
||||
crypto_skcipher_set_reqsize(tfm, reqsize);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
|
||||
const char *algname,
|
||||
const char *drvname,
|
||||
const char *basename)
|
||||
{
|
||||
struct simd_skcipher_alg *salg;
|
||||
struct skcipher_alg *alg;
|
||||
int err;
|
||||
|
||||
salg = kzalloc_obj(*salg);
|
||||
if (!salg) {
|
||||
salg = ERR_PTR(-ENOMEM);
|
||||
goto out;
|
||||
}
|
||||
|
||||
salg->ialg_name = basename;
|
||||
alg = &salg->alg;
|
||||
|
||||
err = -ENAMETOOLONG;
|
||||
if (snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", algname) >=
|
||||
CRYPTO_MAX_ALG_NAME)
|
||||
goto out_free_salg;
|
||||
|
||||
if (snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
|
||||
drvname) >= CRYPTO_MAX_ALG_NAME)
|
||||
goto out_free_salg;
|
||||
|
||||
alg->base.cra_flags = CRYPTO_ALG_ASYNC |
|
||||
(ialg->base.cra_flags & CRYPTO_ALG_INHERITED_FLAGS);
|
||||
alg->base.cra_priority = ialg->base.cra_priority;
|
||||
alg->base.cra_blocksize = ialg->base.cra_blocksize;
|
||||
alg->base.cra_alignmask = ialg->base.cra_alignmask;
|
||||
alg->base.cra_module = ialg->base.cra_module;
|
||||
alg->base.cra_ctxsize = sizeof(struct simd_skcipher_ctx);
|
||||
|
||||
alg->ivsize = ialg->ivsize;
|
||||
alg->chunksize = ialg->chunksize;
|
||||
alg->min_keysize = ialg->min_keysize;
|
||||
alg->max_keysize = ialg->max_keysize;
|
||||
|
||||
alg->init = simd_skcipher_init;
|
||||
alg->exit = simd_skcipher_exit;
|
||||
|
||||
alg->setkey = simd_skcipher_setkey;
|
||||
alg->encrypt = simd_skcipher_encrypt;
|
||||
alg->decrypt = simd_skcipher_decrypt;
|
||||
|
||||
err = crypto_register_skcipher(alg);
|
||||
if (err)
|
||||
goto out_free_salg;
|
||||
|
||||
out:
|
||||
return salg;
|
||||
|
||||
out_free_salg:
|
||||
kfree(salg);
|
||||
salg = ERR_PTR(err);
|
||||
goto out;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(simd_skcipher_create_compat);
|
||||
|
||||
void simd_skcipher_free(struct simd_skcipher_alg *salg)
|
||||
{
|
||||
crypto_unregister_skcipher(&salg->alg);
|
||||
kfree(salg);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(simd_skcipher_free);
|
||||
|
||||
int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
|
||||
struct simd_skcipher_alg **simd_algs)
|
||||
{
|
||||
int err;
|
||||
int i;
|
||||
const char *algname;
|
||||
const char *drvname;
|
||||
const char *basename;
|
||||
struct simd_skcipher_alg *simd;
|
||||
|
||||
err = crypto_register_skciphers(algs, count);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
WARN_ON(strncmp(algs[i].base.cra_name, "__", 2));
|
||||
WARN_ON(strncmp(algs[i].base.cra_driver_name, "__", 2));
|
||||
algname = algs[i].base.cra_name + 2;
|
||||
drvname = algs[i].base.cra_driver_name + 2;
|
||||
basename = algs[i].base.cra_driver_name;
|
||||
simd = simd_skcipher_create_compat(algs + i, algname, drvname, basename);
|
||||
err = PTR_ERR(simd);
|
||||
if (IS_ERR(simd))
|
||||
goto err_unregister;
|
||||
simd_algs[i] = simd;
|
||||
}
|
||||
return 0;
|
||||
|
||||
err_unregister:
|
||||
simd_unregister_skciphers(algs, count, simd_algs);
|
||||
return err;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(simd_register_skciphers_compat);
|
||||
|
||||
void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
|
||||
struct simd_skcipher_alg **simd_algs)
|
||||
{
|
||||
int i;
|
||||
|
||||
crypto_unregister_skciphers(algs, count);
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
if (simd_algs[i]) {
|
||||
simd_skcipher_free(simd_algs[i]);
|
||||
simd_algs[i] = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(simd_unregister_skciphers);
|
||||
|
||||
/* AEAD support */
|
||||
|
||||
struct simd_aead_alg {
|
||||
const char *ialg_name;
|
||||
struct aead_alg alg;
|
||||
|
|
@ -437,13 +216,17 @@ int simd_register_aeads_compat(struct aead_alg *algs, int count,
|
|||
const char *basename;
|
||||
struct simd_aead_alg *simd;
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
if (WARN_ON(strncmp(algs[i].base.cra_name, "__", 2) ||
|
||||
strncmp(algs[i].base.cra_driver_name, "__", 2)))
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
err = crypto_register_aeads(algs, count);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
WARN_ON(strncmp(algs[i].base.cra_name, "__", 2));
|
||||
WARN_ON(strncmp(algs[i].base.cra_driver_name, "__", 2));
|
||||
algname = algs[i].base.cra_name + 2;
|
||||
drvname = algs[i].base.cra_driver_name + 2;
|
||||
basename = algs[i].base.cra_driver_name;
|
||||
|
|
|
|||
|
|
@ -911,8 +911,14 @@ static void test_ahash_speed_common(const char *algo, unsigned int secs,
|
|||
break;
|
||||
}
|
||||
|
||||
if (klen)
|
||||
crypto_ahash_setkey(tfm, tvmem[0], klen);
|
||||
if (klen) {
|
||||
ret = crypto_ahash_setkey(tfm, tvmem[0], klen);
|
||||
if (ret) {
|
||||
pr_err("setkey() failed flags=%x: %d\n",
|
||||
crypto_ahash_get_flags(tfm), ret);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
pr_info("test%3u "
|
||||
"(%5u byte blocks,%5u bytes per update,%4u updates): ",
|
||||
|
|
@ -2795,6 +2801,11 @@ static int __init tcrypt_mod_init(void)
|
|||
goto err_free_tv;
|
||||
}
|
||||
|
||||
if (!num_mb) {
|
||||
pr_warn("num_mb must be at least 1; forcing to 1\n");
|
||||
num_mb = 1;
|
||||
}
|
||||
|
||||
err = do_test(alg, type, mask, mode, num_mb);
|
||||
|
||||
if (err) {
|
||||
|
|
@ -2804,7 +2815,7 @@ static int __init tcrypt_mod_init(void)
|
|||
pr_debug("all tests passed\n");
|
||||
}
|
||||
|
||||
/* We intentionaly return -EAGAIN to prevent keeping the module,
|
||||
/* We intentionally return -EAGAIN to prevent keeping the module,
|
||||
* unless we're running in fips mode. It does all its work from
|
||||
* init() and doesn't offer any runtime functionality, but in
|
||||
* the fips case, checking for a successful load is helpful.
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
/*
|
||||
* Cryptographic API.
|
||||
*
|
||||
* TEA, XTEA, and XETA crypto alogrithms
|
||||
* TEA, XTEA, and XETA crypto algorithms
|
||||
*
|
||||
* The TEA and Xtended TEA algorithms were developed by David Wheeler
|
||||
* and Roger Needham at the Computer Laboratory of Cambridge University.
|
||||
|
|
|
|||
|
|
@ -4079,6 +4079,20 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
.suite = {
|
||||
.aead = __VECS(aegis128_tv_template)
|
||||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(md5),cbc(aes))",
|
||||
.generic_driver = "authenc(hmac-md5-lib,cbc(aes-lib))",
|
||||
.test = alg_test_aead,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_md5_aes_cbc_tv_temp)
|
||||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(md5),cbc(des))",
|
||||
.generic_driver = "authenc(hmac-md5-lib,cbc(des-generic))",
|
||||
.test = alg_test_aead,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_md5_des_cbc_tv_temp)
|
||||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(md5),cbc(des3_ede))",
|
||||
.generic_driver = "authenc(hmac-md5-lib,cbc(des3_ede-generic))",
|
||||
|
|
@ -4093,6 +4107,13 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
.suite = {
|
||||
.aead = __VECS(hmac_md5_ecb_cipher_null_tv_template)
|
||||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(md5),rfc3686(ctr(aes)))",
|
||||
.generic_driver = "authenc(hmac-md5-lib,rfc3686(ctr(aes-lib)))",
|
||||
.test = alg_test_aead,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_md5_aes_ctr_rfc3686_tv_temp)
|
||||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha1),cbc(aes))",
|
||||
.generic_driver = "authenc(hmac-sha1-lib,cbc(aes-lib))",
|
||||
|
|
@ -4128,12 +4149,17 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
|
||||
.test = alg_test_null,
|
||||
.generic_driver = "authenc(hmac-sha1-lib,rfc3686(ctr(aes-lib)))",
|
||||
.test = alg_test_aead,
|
||||
.fips_allowed = 1,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_sha1_aes_ctr_rfc3686_tv_temp)
|
||||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha224),cbc(aes))",
|
||||
.generic_driver = "authenc(hmac-sha224-lib,cbc(aes-lib))",
|
||||
.test = alg_test_aead,
|
||||
.fips_allowed = 1,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_sha224_aes_cbc_tv_temp)
|
||||
}
|
||||
|
|
@ -4153,8 +4179,12 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha224),rfc3686(ctr(aes)))",
|
||||
.test = alg_test_null,
|
||||
.generic_driver = "authenc(hmac-sha224-lib,rfc3686(ctr(aes-lib)))",
|
||||
.test = alg_test_aead,
|
||||
.fips_allowed = 1,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_sha224_aes_ctr_rfc3686_tv_temp)
|
||||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha256),cbc(aes))",
|
||||
.generic_driver = "authenc(hmac-sha256-lib,cbc(aes-lib))",
|
||||
|
|
@ -4190,12 +4220,17 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
|
||||
.test = alg_test_null,
|
||||
.generic_driver = "authenc(hmac-sha256-lib,rfc3686(ctr(aes-lib)))",
|
||||
.test = alg_test_aead,
|
||||
.fips_allowed = 1,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_sha256_aes_ctr_rfc3686_tv_temp)
|
||||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha384),cbc(aes))",
|
||||
.generic_driver = "authenc(hmac-sha384-lib,cbc(aes-lib))",
|
||||
.test = alg_test_aead,
|
||||
.fips_allowed = 1,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_sha384_aes_cbc_tv_temp)
|
||||
}
|
||||
|
|
@ -4226,8 +4261,12 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
|
||||
.test = alg_test_null,
|
||||
.generic_driver = "authenc(hmac-sha384-lib,rfc3686(ctr(aes-lib)))",
|
||||
.test = alg_test_aead,
|
||||
.fips_allowed = 1,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_sha384_aes_ctr_rfc3686_tv_temp)
|
||||
}
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha512),cbc(aes))",
|
||||
.generic_driver = "authenc(hmac-sha512-lib,cbc(aes-lib))",
|
||||
|
|
@ -4256,8 +4295,12 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
.fips_allowed = 1,
|
||||
}, {
|
||||
.alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
|
||||
.test = alg_test_null,
|
||||
.generic_driver = "authenc(hmac-sha512-lib,rfc3686(ctr(aes-lib)))",
|
||||
.test = alg_test_aead,
|
||||
.fips_allowed = 1,
|
||||
.suite = {
|
||||
.aead = __VECS(hmac_sha512_aes_ctr_rfc3686_tv_temp)
|
||||
}
|
||||
}, {
|
||||
.alg = "blake2b-160",
|
||||
.generic_driver = "blake2b-160-lib",
|
||||
|
|
|
|||
1764
crypto/testmgr.h
1764
crypto/testmgr.h
File diff suppressed because it is too large
Load diff
|
|
@ -76,7 +76,7 @@ static int xts_setkey(struct crypto_skcipher *parent, const u8 *key,
|
|||
/*
|
||||
* We compute the tweak masks twice (both before and after the ECB encryption or
|
||||
* decryption) to avoid having to allocate a temporary buffer and/or make
|
||||
* mutliple calls to the 'ecb(..)' instance, which usually would be slower than
|
||||
* multiple calls to the 'ecb(..)' instance, which usually would be slower than
|
||||
* just doing the gf128mul_x_ble() calls again.
|
||||
*/
|
||||
static int xts_xor_tweak(struct skcipher_request *req, bool second_pass,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue