- 04 May, 2011 1 commit
-
-
Puneet Saxena authored
the fix add testcase for testing aes ofb mode. Signed-off-by:
Puneet Saxena <puneets@nvidia.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
- 22 Mar, 2011 1 commit
-
-
Jim Keniston authored
Instead of always creating a huge (268K) deflate_workspace with the maximum compression parameters (windowBits=15, memLevel=8), allow the caller to obtain a smaller workspace by specifying smaller parameter values. For example, when capturing oops and panic reports to a medium with limited capacity, such as NVRAM, compression may be the only way to capture the whole report. In this case, a small workspace (24K works fine) is a win, whether you allocate the workspace when you need it (i.e., during an oops or panic) or at boot time. I've verified that this patch works with all accepted values of windowBits (positive and negative), memLevel, and compression level. Signed-off-by:
Jim Keniston <jkenisto@us.ibm.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: David Miller <davem@davemloft.net> Cc: Chris Mason <chris.mason@oracle.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
- 13 Mar, 2011 1 commit
-
-
Steffen Klassert authored
ESP with separate encryption/authentication algorithms needs a special treatment for the associated data. This patch add a new algorithm that handles esp with extended sequence numbers. Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com> Acked-by:
David S. Miller <davem@davemloft.net>
-
- 04 Mar, 2011 1 commit
-
-
David Sterba authored
Commit da7f033d (”crypto: cryptomgr - Add test infrastructure”) added a const to variable which is later used as target buffer of memcpy. crypto/tcrypt.c:217:12: warning: passing 'const char (*)[128]' to parameter of type 'void *' discards qualifiers memset(&iv, 0xff, iv_len); crypto/tcrypt.c:test_cipher_speed() - unsigned char *key, iv[128]; + const char *key, iv[128]; ... memset(&iv, 0xff, iv_len); Signed-off-by:
David Sterba <dsterba@suse.cz> Signed-off-by:
-
- 16 Feb, 2011 1 commit
-
-
Herbert Xu authored
In light of the recent discovery of the bug with partial block processing on s390, we need best test coverage for that. This patch adds a test vector for SHA1 that should catch such problems. Signed-off-by:
-
- 28 Jan, 2011 3 commits
-
-
Jarod Wilson authored
A self-test failure in fips mode means a panic. Well, gcm(aes) self-tests currently fail in fips mode, as gcm is dependent on ghash, which semi-recently got self-test vectors added, but wasn't marked as a fips_allowed algorithm. Because of gcm's dependence on what is now seen as a non-fips_allowed algorithm, its self-tests refuse to run. Previously, ghash got a pass in fips mode, due to the lack of any test vectors at all, and thus gcm self-tests were able to run. After this patch, a 'modprobe tcrypt mode=35' no longer panics in fips mode, and successful self-test of gcm(aes) is reported. Signed-off-by:
Jarod Wilson <jarod@redhat.com> Signed-off-by:
-
Jarod Wilson authored
We (Red Hat) are intending to include dm-crypt functionality, using xts(aes) for disk encryption, as part of an upcoming FIPS-140-2 certification effort, and xts(aes) *is* on the list of possible mode/cipher combinations that can be certified. To make that possible, we need to mark xts(aes) as fips_allowed in the crypto subsystem. A 'modprobe tcrypt mode=10' in fips mode shows xts(aes) self-tests passing successfully after this change. Signed-off-by:
-
Davidlohr Bueso authored
Signed-off-by:
Davidlohr Bueso <dave@gnu.org> Acked-by:
-
- 04 Jan, 2011 2 commits
-
-
Tejun Heo authored
kcrypto_wq and pcrypt->wq's are used to run ciphers and may consume considerable amount of CPU cycles. Mark both as CPU_INTENSIVE so that they don't block other work items. As the workqueues are primarily used to burn CPU cycles, concurrency levels shouldn't matter much and are left at 1. A higher value may be beneficial and needs investigation. Signed-off-by:
Tejun Heo <tj@kernel.org> Signed-off-by:
-
Adrian-Ken Rueegsegger authored
Signed-off-by:
Adrian-Ken Rueegsegger <ken@codelabs.ch> Signed-off-by:
-
- 28 Dec, 2010 1 commit
-
-
Herbert Xu authored
This feature no longer needs the experimental tag. Reported-by:
Toralf Förster <toralf.foerster@gmx.de> Signed-off-by:
-
- 21 Dec, 2010 1 commit
-
-
Randy Dunlap authored
Change data type to fix warning: crypto/af_alg.c:35: warning: initialization from incompatible pointer type Signed-off-by:
Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by:
-
- 08 Dec, 2010 1 commit
-
-
Miloslav Trmač authored
Signed-off-by:
Miloslav Trmač <mitr@redhat.com> Signed-off-by:
-
- 02 Dec, 2010 1 commit
-
-
Steffen Klassert authored
Use scatterwalk_crypto_chain in favor of locally defined chaining functions. Signed-off-by:
-
- 30 Nov, 2010 2 commits
-
-
Herbert Xu authored
As it is if user-space passes through a receive buffer that's not aligned to to the cipher block size, we'll end up encrypting or decrypting a partial block which causes a spurious EINVAL to be returned. This patch fixes this by moving the partial block test after the af_alg_make_sg call. Signed-off-by: -
Herbert Xu authored
When sk_sndbuf is not a multiple of PAGE_SIZE, the limit tests in sendmsg fail as the limit variable becomes negative and we're using an unsigned comparison. The same thing can happen if sk_sndbuf is lowered after a sendmsg call. This patch fixes this by always taking the signed maximum of limit and 0 before we perform the comparison. It also rounds the value of sk_sndbuf down to a multiple of PAGE_SIZE so that we don't end up allocating a page only to use a small number of bytes in it because we're bound by sk_sndbuf. Signed-off-by:
-
- 29 Nov, 2010 1 commit
-
-
Herbert Xu authored
Add missing dependency on NET since we require sockets for our interface. Should really be a select but kconfig doesn't like that: net/Kconfig:6:error: found recursive dependency: NET -> NETWORK_FILESYSTEMS -> AFS_FS -> AF_RXRPC -> CRYPTO -> CRYPTO_USER_API_HASH -> CRYPTO_USER_API -> NET Reported-by:
Zimny Lech <napohybelskurwysynom2010@gmail.com> Signed-off-by:
-
- 28 Nov, 2010 1 commit
-
-
Herbert Xu authored
The error returned from af_alg_make_sg is currently lost and we always pass on -EINVAL. This patch pases on the underlying error. Signed-off-by:
-
- 27 Nov, 2010 3 commits
-
-
Mathias Krause authored
The AES-NI instructions are also available in legacy mode so the 32-bit architecture may profit from those, too. To illustrate the performance gain here's a short summary of a dm-crypt speed test on a Core i7 M620 running at 2.67GHz comparing both assembler implementations: x86: i568 aes-ni delta ECB, 256 bit: 93.8 MB/s 123.3 MB/s +31.4% CBC, 256 bit: 84.8 MB/s 262.3 MB/s +209.3% LRW, 256 bit: 108.6 MB/s 222.1 MB/s +104.5% XTS, 256 bit: 105.0 MB/s 205.5 MB/s +95.7% Additionally, due to some minor optimizations, the 64-bit version also got a minor performance gain as seen below: x86-64: old impl. new impl. delta ECB, 256 bit: 121.1 MB/s 123.0 MB/s +1.5% CBC, 256 bit: 285.3 MB/s 290.8 MB/s +1.9% LRW, 256 bit: 263.7 MB/s 265.3 MB/s +0.6% XTS, 256 bit: 251.1 MB/s 255.3 MB/s +1.7% Signed-off-by:
Mathias Krause <minipli@googlemail.com> Reviewed-by:
Huang Ying <ying.huang@intel.com> Signed-off-by:
-
Tracey Dent authored
Changed Makefile to use <modules>-y instead of <modules>-objs. Signed-off-by:
Tracey Dent <tdent48227@gmail.com> Signed-off-by:
-
Joe Perches authored
Signed-off-by:
Joe Perches <joe@perches.com> Signed-off-by:
-
- 26 Nov, 2010 1 commit
-
-
Herbert Xu authored
This patch adds the af_alg plugin for symmetric key ciphers, corresponding to the ablkcipher kernel operation type. Keys can optionally be set through the setsockopt interface. Once a sendmsg call occurs without MSG_MORE no further writes may be made to the socket until all previous data has been read. IVs and and whether encryption/decryption is performed can be set through the setsockopt interface or as a control message to sendmsg. The interface is completely synchronous, all operations are carried out in recvmsg(2) and will complete prior to the system call returning. The splice(2) interface support reading the user-space data directly without copying (except that the Crypto API itself may copy the data if alignment is off). The recvmsg(2) interface supports directly writing to user-space without additional copying, i.e., the kernel crypto interface will receive the user-space address as its output SG list. Thakns to Miloslav Trmac for reviewing this and contributing fixes and improvements. Signed-off-by:
-
- 19 Nov, 2010 2 commits
-
-
Herbert Xu authored
This patch adds the af_alg plugin for hash, corresponding to the ahash kernel operation type. Keys can optionally be set through the setsockopt interface. Each sendmsg call will finalise the hash unless sent with a MSG_MORE flag. Partial hash states can be cloned using accept(2). The interface is completely synchronous, all operations will complete prior to the system call returning. Both sendmsg(2) and splice(2) support reading the user-space data directly without copying (except that the Crypto API itself may copy the data if alignment is off). For now only the splice(2) interface supports performing digest instead of init/update/final. In future the sendmsg(2) interface will also be modified to use digest/finup where possible so that hardware that cannot return a partial hash state can still benefit from this interface. Thakns to Miloslav Trmac for reviewing this and contributing fixes and improvements. Signed-off-by:
Martin Willi <martin@strongswan.org>
-
Herbert Xu authored
This patch creates the backbone of the user-space interface for the Crypto API, through a new socket family AF_ALG. Each session corresponds to one or more connections obtained from that socket. The number depends on the number of inputs/outputs of that particular type of operation. For most types there will be a s ingle connection/file descriptor that is used for both input and output. AEAD is one of the few that require two inputs. Each algorithm type will provide its own implementation that plugs into af_alg. They're keyed using a string such as "skcipher" or "hash". IOW this patch only contains the boring bits that is required to hold everything together. Thakns to Miloslav Trmac for reviewing this and contributing fixes and improvements. Signed-off-by:
-
- 13 Nov, 2010 2 commits
-
-
Adrian Hoban authored
Updated RFC4106 AES-GCM testing. Some test vectors were taken from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ gcm/gcm-test-vectors.tar.gz Signed-off-by:
Adrian Hoban <adrian.hoban@intel.com> Signed-off-by:
Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by:
Gabriele Paoloni <gabriele.paoloni@intel.com> Signed-off-by:
Aidan O'Mahony <aidan.o.mahony@intel.com> Signed-off-by:
-
Nicolas Kaiser authored
I noticed that by factoring out common rounds from the branches of the if-statements in the encryption and decryption functions, the executable file size goes down significantly, for crypto/cast5.ko from 26688 bytes to 24336 bytes (amd64). On my test system, I saw a slight speedup. This is the first time I'm doing such a benchmark - I found a similar one on the crypto mailing list, and I hope I did it right? Before: # cryptsetup create dm-test /dev/hda2 -c cast5-cbc-plain -s 128 Passsatz eingeben: # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50 52428800 Bytes (52 MB) kopiert, 2,43484 s, 21,5 MB/s # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50 52428800 Bytes (52 MB) kopiert, 2,4089 s, 21,8 MB/s # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50 52428800 Bytes (52 MB) kopiert, 2,41091 s, 21,7 MB/s After: # cryptsetup create dm-test /dev/hda2 -c cast5-cbc-plain -s 128 Passsatz eingeben: # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50 52428800 Bytes (52 MB) kopiert, 2,38128 s, 22,0 MB/s # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50 52428800 Bytes (52 MB) kopiert, 2,29486 s, 22,8 MB/s # dd if=/dev/zero of=/dev/mapper/dm-test bs=1M count=50 52428800 Bytes (52 MB) kopiert, 2,37162 s, 22,1 MB/s Signed-off-by:
Nicolas Kaiser <nikai@nikai.net> Signed-off-by:
-
- 12 Nov, 2010 1 commit
-
-
Steffen Klassert authored
kobject_put is called from padata_free for the padata kobject. The kobject's release function frees the padata instance, so don't call kobject_put for the padata kobject from pcrypt. Reported-and-tested-by:
-
- 04 Nov, 2010 1 commit
-
-
Herbert Xu authored
The function shash_async_import did not initialise the descriptor correctly prior to calling the underlying shash import function. This patch adds the required initialisation. Reported-by:
-
- 26 Oct, 2010 1 commit
-
-
Peter Zijlstra authored
Ensure kmap_atomic() usage is strictly nested Signed-off-by:
Peter Zijlstra <a.p.zijlstra@chello.nl> Reviewed-by:
Rik van Riel <riel@redhat.com> Acked-by:
Chris Metcalf <cmetcalf@tilera.com> Cc: David Howells <dhowells@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: David Miller <davem@davemloft.net> Cc: Paul Mackerras <paulus@samba.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by:
-
- 07 Oct, 2010 2 commits
-
-
Dan Williams authored
The prompt for "Self test for hardware accelerated raid6 recovery" does not belong in the top level configuration menu. All the options in crypto/async_tx/Kconfig are selected and do not depend on CRYPTO. Kconfig.debug seems like a reasonable fit. Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by:Dan Williams <dan.j.williams@intel.com>
-
David Howells authored
Rename the PC2() symbol in the generic DES crypto module to be prefixed with DES_ to avoid collision with arch code (Blackfin in this case). Signed-off-by:
David Howells <dhowells@redhat.com> Signed-off-by:
Mike Frysinger <vapier@gentoo.org>
-
- 20 Sep, 2010 1 commit
-
-
Adrian Hoban authored
This patch adds AEAD support into the cryptd framework. Having AEAD support in cryptd enables crypto drivers that use the AEAD interface type (such as the patch for AEAD based RFC4106 AES-GCM implementation using Intel New Instructions) to leverage cryptd for asynchronous processing. Signed-off-by:
-
- 11 Sep, 2010 1 commit
-
-
Justin P. Mattock authored
Below is a patch to update the broken web addresses, in crypto/* that I could locate. Some are just simple typos that needed to be fixed, and some had a change in location altogether.. let me know if any of them need to be changed and such. Signed-off-by:
Justin P. Mattock <justinmattock@gmail.com> Signed-off-by:
-
- 03 Sep, 2010 1 commit
-
-
Chuck Ebbert authored
Signed-off-by:
Chuck Ebbert <cebbert@redhat.com> Signed-off-by:
-
- 05 Aug, 2010 3 commits
-
-
Herbert Xu authored
On Thu, Aug 05, 2010 at 07:01:21PM -0700, Linus Torvalds wrote: > On Thu, Aug 5, 2010 at 6:40 PM, Herbert Xu <herbert@gondor.hengli.com.au> wrote: > > > > -config CRYPTO_MANAGER_TESTS > > - bool "Run algolithms' self-tests" > > - default y > > - depends on CRYPTO_MANAGER2 > > +config CRYPTO_MANAGER_DISABLE_TESTS > > + bool "Disable run-time self tests" > > + depends on CRYPTO_MANAGER2 && EMBEDDED > > Why do you still want to force-enable those tests? I was going to > complain about the "default y" anyway, now I'm _really_ complaining, > because you've now made it impossible to disable those tests. Why? As requested, this patch sets the default to y and removes the EMBEDDED dependency. Signed-off-by: -
Herbert Xu authored
This patch fixes a serious bug in the test disabling patch where it can cause an spurious load of the cryptomgr module even when it's compiled in. It also negates the test disabling option so that its absence causes tests to be enabled. The Kconfig option is also now behind EMBEDDED. Signed-off-by: -
Szilveszter Ördög authored
If a scatterwalk chain contains an entry with an unaligned offset then hash_walk_next() will cut off the next step at the next alignment point. However, if the entry ends before the next alignment point then we a loop, which leads to a kernel oops. Fix this by checking whether the next aligment point is before the end of the current entry. Signed-off-by:
Szilveszter Ördög <slipszi@gmail.com> Acked-by:
-
- 31 Jul, 2010 3 commits
-
-
Steffen Klassert authored
The padata cpumask change notifier passes a padata_cpumask to the notifier chain. So we use this cpumask instead of asking padata for the cpumask. Signed-off-by:
-
Steffen Klassert authored
In the crypto-layer an instance refers usually to a crypto instance. The struct pcrypt_instance is not related to a crypto instance. It rather contains the padata informations, so we rename it to padata_pcrypt. The functions that handle this struct are renamed accordingly. Signed-off-by:
-
Steffen Klassert authored
We rename padata_alloc to padata_alloc_possible because this function allocates a padata_instance and uses the cpu_possible mask for parallel and serial workers. Also we rename __padata_alloc to padata_alloc to avoid to export underlined functions. Underlined functions are considered to be private to padata. Users are updated accordingly. Signed-off-by:
-
