- 20 Oct, 2015 9 commits
-
-
Russell King authored
The endianness of the bit length used in the final stage depends on the endianness of the algorithm - md5 hashes need it to be in little endian format, whereas SHA hashes need it in big endian format. Use the previously added algorithm endianness flag to control this. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Russell King authored
Rather than determining whether we're using a MD5 hash by looking at the digest size, switch to a cleaner solution using a per-request flag initialised by the method type. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Russell King authored
Currently, we read/write the state in CPU endian, but on the final request, we convert its endian according to the requested algorithm. (md5 is little endian, SHA are big endian.) Always keep creq->state in CPU native endian format, and perform the necessary conversion when copying the hash to the result. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Russell King authored
There's an easier way to get at the hash transform - rather than using crypto_ahash_tfm(ahash), we can get it directly from req->base.tfm. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
This patch adds the missing helper crypto_ahash_blocksize which returns the block size of an ahash algorithm. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
The patch fixes the analysis of the input data which contains an off by one. The issue is visible when the SGL contains one byte per SG entry. The code for checking for zero bytes does not operate on the data byte. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tadeusz Struk authored
qat_crypto_get_instance_node function needs to handle situation when the first dev in the list is not started. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Daniel Thompson authored
Currently this driver calls pm_runtime_get_sync() rampantly but never puts anything back. This makes it impossible for the device to autosuspend properly; it will remain fully active after the first use. Fix in the obvious way. Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> Cc: Kukjin Kim <kgene@kernel.org> Cc: Krzysztof Kozlowski <k.kozlowski@samsung.com> Tested-by: Krzysztof Kozlowski <k.kozlowski@samsung.com> Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
LABBE Corentin authored
The define SHA1_DIGEST_LENGTH is not used anywhere, so remove it. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 15 Oct, 2015 8 commits
-
-
LABBE Corentin authored
Some array of const char are not set as const. This patch fix that. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
LABBE Corentin authored
Some array of const char are not set as const. This patch fix that. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
LABBE Corentin authored
SHA_MAX_STATE_SIZE is just the number of u32 word for SHA512. So replace the raw value "16" by their meaning (SHA512_DIGEST_SIZE / 4) Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
The testmanager code for symmetric ciphers is extended to allow verification of the IV after a cipher operation. In addition, test vectors for kw(aes) for encryption and decryption are added. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
Hook keywrap source code into Kconfig and Makefile Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Stephan Mueller authored
This patch implements the AES key wrapping as specified in NIST SP800-38F and RFC3394. The implementation covers key wrapping without padding. IV handling: The caller does not provide an IV for encryption, but must obtain the IV after encryption which would serve as the first semblock in the ciphertext structure defined by SP800-38F. Conversely, for decryption, the caller must provide the first semiblock of the data as the IV and the following blocks as ciphertext. The key wrapping is an authenticated decryption operation. The caller will receive EBADMSG during decryption if the authentication failed. Albeit the standards define the key wrapping for AES only, the template can be used with any other block cipher that has a block size of 16 bytes. During initialization of the template, that condition is checked. Any cipher not having a block size of 16 bytes will cause the initialization to fail. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Boris BREZILLON authored
The crypto drivers are supposed to update the IV passed to the crypto request before calling the completion callback. Test for the IV value before considering the test as successful. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Daniel Thompson authored
Commit c6a97c42 ("hwrng: stm32 - add support for STM32 HW RNG") was inadequately tested (actually it was tested quite hard so incompetent would be a better description that inadequate) and does not compile on platforms with CONFIG_PM set. Fix this. Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 14 Oct, 2015 16 commits
-
-
Sowmini Varadhan authored
On sparc, we see unaligned access messages on each modprobe[-r]: Kernel unaligned access at TPC[6ad9b4] pkcs7_verify [..] Kernel unaligned access at TPC[6a5484] crypto_shash_finup [..] Kernel unaligned access at TPC[6a5390] crypto_shash_update [..] Kernel unaligned access at TPC[10150308] sha1_sparc64_update [..] Kernel unaligned access at TPC[101501ac] __sha1_sparc64_update [..] These ware triggered by mod_verify_sig() invocations of pkcs_verify(), and are are being caused by an unaligned desc at (sha1, digest_size is 0x14) desc = digest + digest_size; To fix this, pkcs7_verify needs to make sure that desc is pointing at an aligned value past the digest_size, and kzalloc appropriately, taking alignment values into consideration. Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
LABBE Corentin authored
Using the devm_xxx() managed function to stripdown the error and remove code. In the same time, we replace request_mem_region/ioremap by the unified devm_ioremap_resource() function. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
LABBE Corentin authored
Using the devm_xxx() managed function to stripdown the error and remove code. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Arnd Bergmann authored
The mxs-dcp driver relies on the stmp_reset_block() helper function, which is provided by CONFIG_STMP_DEVICE. This symbol is always set on MXS, but the driver can now also be built for MXC (i.MX6), which results in a built error if no other driver selects STMP_DEVICE: drivers/built-in.o: In function `mxs_dcp_probe': vf610-ocotp.c:(.text+0x3df302): undefined reference to `stmp_reset_block' This adds the 'select', like all other stmp drivers have it. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: a2712e6c ("crypto: mxs-dcp - Allow MXS_DCP to be used on MX6SL") Acked-by: Marek Vasut <marex@denx.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Daniel Thompson authored
New bindings and driver have been created for STM32 series parts. This patch integrates this changes. Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> Acked-by: Maxime Coquelin <mcoquelin.stm32@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Daniel Thompson authored
Add support for STMicroelectronics STM32 random number generator. The config value defaults to N, reflecting the fact that STM32 is a very low resource microcontroller platform and unlikely to be targeted by any "grown up" defconfigs. Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Daniel Thompson authored
This adds documentation of device tree bindings for the STM32 hardware random number generator. Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> Acked-by: Maxime Coquelin <mcoquelin.stm32@gmail.com> Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Russell King authored
As all the import functions and export functions are virtually identical, factor out their common parts into a generic mv_cesa_ahash_import() and mv_cesa_ahash_export() respectively. This performs the actual import or export, and we pass the data pointers and length into these functions. We have to switch a % const operation to do_div() in the common import function to avoid provoking gcc to use the expensive 64-bit by 64-bit modulus operation. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Russell King authored
Attempting to use the sha1 digest for openssh via openssl reveals that the result from the hash is wrong: this happens when we export the state from one socket and import it into another via calling accept(). The reason for this is because the operation is reset to "initial block" state, whereas we may be past the first fragment of data to be hashed. Arrange for the operation code to avoid the initialisation of the state, thereby preserving the imported state. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Russell King authored
When a AF_ALG fd is accepted a second time (hence hash_accept() is used), hash_accept_parent() allocates a new private context using sock_kmalloc(). This context is uninitialised. After use of the new fd, we eventually end up with the kernel complaining: marvell-cesa f1090000.crypto: dma_pool_free cesa_padding, c0627770/0 (bad dma) where c0627770 is a random address. Poisoning the memory allocated by the above sock_kmalloc() produces kernel oopses within the marvell hash code, particularly the interrupt handling. The following simplfied call sequence occurs: hash_accept() crypto_ahash_export() marvell hash export function af_alg_accept() hash_accept_parent() <== allocates uninitialised struct hash_ctx crypto_ahash_import() marvell hash import function hash_ctx contains the struct mv_cesa_ahash_req in its req.__ctx member, and, as the marvell hash import function only partially initialises this structure, we end up with a lot of members which are left with whatever data was in memory prior to sock_kmalloc(). Add zero-initialisation of this structure. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Acked-by: Boris Brezillon <boris.brezillon@free-electronc.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Russell King authored
Several of the algorithms in marvell/hash.c have a statesize of zero. When an AF_ALG accept() on an already-accepted file descriptor to calls into hash_accept(), this causes: char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req))]; to be zero-sized, but we still pass this to: err = crypto_ahash_export(req, state); which proceeds to write to 'state' as if it was a "struct md5_state", "struct sha1_state" etc. Add the necessary initialisers for the .statesize member. Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Thomas Petazzoni authored
A new crypto driver for Marvell ARM platforms was added in drivers/crypto/marvell/ as part of commit f63601fd ("crypto: marvell/cesa - add a new driver for Marvell's CESA"). This commit adds the relevant developers to the list of maintainers. Cc: Boris Brezillon <boris.brezillon@free-electrons.com> Cc: Arnaud Ebalard <arno@natisbad.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Russell King <linux@arm.linux.org.uk> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com> Acked-by: Arnaud Ebalard <arno@natisbad.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Haren Myneni authored
This patch adds CRC generation and validation support for nx-842. Add CRC flag so that nx842 coprocessor includes CRC during compression and validates during decompression. Also changes in 842 SW compression to append CRC value at the end of template and checks during decompression. Signed-off-by: Haren Myneni <haren@us.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Alexander Kuleshov authored
The clocksource does not provide clocksource_register() function since f8935983 commit (clocksource: Mostly kill clocksource_register()), so let's remove unnecessary information about this function from a comment. Signed-off-by: Alexander Kuleshov <kuleshovmail@gmail.com> Suggested-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tadeusz Struk authored
Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tadeusz Struk authored
Add mpi_read_raw_from_sgl and mpi_write_to_sgl helpers. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
- 08 Oct, 2015 7 commits
-
-
Lee Jones authored
The original representation of FIFO size in the driver coupled with the ambiguity in the documentation meant that it was easy to confuse readers. This lead to a false positive BUG-find and subsequently time wastage debugging this phantom issue. Hopefully this patch can prevent future readers from falling into the same trap. Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Lee Jones authored
Samples are documented to be available every 0.667us, so in theory the 8 sample deep FIFO should take 5.336us to fill. However, during thorough testing, it became apparent that filling the FIFO actually takes closer to 12us. Also take into consideration that udelay() can behave oddly i.e. not delay for as long as requested. Suggested-by: Russell King <rmk+kernel@arm.linux.org.uk>: "IIRC, Linus recommends a x2 factor on delays, especially timeouts generated by these functions. Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Lee Jones authored
DT nodes should not append their addresses with '0x'. Suggested-by: Stephen Boyd <sboyd@codeaurora.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
LABBE Corentin authored
clk_prepare_enable() can fail so add a check for this and return the error code if it fails. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Catalin Vasile authored
Add support for AES working in XEX-based Tweaked-codebook mode with ciphertext Stealing (XTS) sector index - HW limitation: CAAM device supports sector index of only 8 bytes to be used for sector index inside IV, instead of whole 16 bytes received on request. This represents 2 ^ 64 = 16,777,216 Tera of possible values for sector index. Signed-off-by: Cristian Hristea <cristi.hristea@gmail.com> Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Signed-off-by: Catalin Vasile <catalin.vasile@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
LABBE Corentin authored
The qce driver use two dma_map_sg path according to SG are chained or not. Since dma_map_sg can handle both case, clean the code with all references to sg chained. Thus removing qce_mapsg, qce_unmapsg and qce_countsg functions. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-
Tom Lendacky authored
The convention is to use the name of the module in the driver structures that are used for registering the device. The CCP module is currently using a descriptive name. Replace the descriptive name with module name. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-