1. 03 Jun, 2015 5 commits
  2. 28 May, 2015 22 commits
  3. 27 May, 2015 8 commits
    • Tom Lendacky's avatar
      crypto: ccp - Remove unused structure field · d7253322
      Tom Lendacky authored
      Remove the length field from the ccp_sg_workarea since it is unused.
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d7253322
    • Tom Lendacky's avatar
      crypto: ccp - Remove manual check and set of dma_mask pointer · d921620e
      Tom Lendacky authored
      The underlying device support will set the device dma_mask pointer
      if DMA is set up properly for the device.  Remove the check for and
      assignment of dma_mask when it is null. Instead, just error out if
      the dma_set_mask_and_coherent function fails because dma_mask is null.
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d921620e
    • Stephan Mueller's avatar
      crypto: jitterentropy - add jitterentropy RNG · bb5530e4
      Stephan Mueller authored
      The CPU Jitter RNG provides a source of good entropy by
      collecting CPU executing time jitter. The entropy in the CPU
      execution time jitter is magnified by the CPU Jitter Random
      Number Generator. The CPU Jitter Random Number Generator uses
      the CPU execution timing jitter to generate a bit stream
      which complies with different statistical measurements that
      determine the bit stream is random.
      
      The CPU Jitter Random Number Generator delivers entropy which
      follows information theoretical requirements. Based on these
      studies and the implementation, the caller can assume that
      one bit of data extracted from the CPU Jitter Random Number
      Generator holds one bit of entropy.
      
      The CPU Jitter Random Number Generator provides a decentralized
      source of entropy, i.e. every caller can operate on a private
      state of the entropy pool.
      
      The RNG does not have any dependencies on any other service
      in the kernel. The RNG only needs a high-resolution time
      stamp.
      
      Further design details, the cryptographic assessment and
      large array of test results are documented at
      http://www.chronox.de/jent.html.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      bb5530e4
    • Stephan Mueller's avatar
      crypto: drbg - use Jitter RNG to obtain seed · b8ec5ba4
      Stephan Mueller authored
      During initialization, the DRBG now tries to allocate a handle of the
      Jitter RNG. If such a Jitter RNG is available during seeding, the DRBG
      pulls the required entropy/nonce string from get_random_bytes and
      concatenates it with a string of equal size from the Jitter RNG. That
      combined string is now the seed for the DRBG.
      
      Written differently, the initial seed of the DRBG is now:
      
      get_random_bytes(entropy/nonce) || jitterentropy (entropy/nonce)
      
      If the Jitter RNG is not available, the DRBG only seeds from
      get_random_bytes.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b8ec5ba4
    • Stephan Mueller's avatar
      crypto: drbg - add async seeding operation · 4c787990
      Stephan Mueller authored
      The async seeding operation is triggered during initalization right
      after the first non-blocking seeding is completed. As required by the
      asynchronous operation of random.c, a callback function is provided that
      is triggered by random.c once entropy is available. That callback
      function performs the actual seeding of the DRBG.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4c787990
    • Stephan Mueller's avatar
      crypto: drbg - prepare for async seeding · 3d6a5f75
      Stephan Mueller authored
      In order to prepare for the addition of the asynchronous seeding call,
      the invocation of seeding the DRBG is moved out into a helper function.
      
      In addition, a block of memory is allocated during initialization time
      that will be used as a scratchpad for obtaining entropy. That scratchpad
      is used for the initial seeding operation as well as by the
      asynchronous seeding call. The memory must be zeroized every time the
      DRBG seeding call succeeds to avoid entropy data lingering in memory.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3d6a5f75
    • Stephan Mueller's avatar
      random: Blocking API for accessing nonblocking_pool · 16b369a9
      Stephan Mueller authored
      The added API calls provide a synchronous function call
      get_blocking_random_bytes where the caller is blocked until
      the nonblocking_pool is initialized.
      
      CC: Andreas Steffen <andreas.steffen@strongswan.org>
      CC: Theodore Ts'o <tytso@mit.edu>
      CC: Sandy Harris <sandyinchina@gmail.com>
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      16b369a9
    • Herbert Xu's avatar
      random: Wake up all getrandom(2) callers when pool is ready · 1d9de44e
      Herbert Xu authored
      If more than one application invokes getrandom(2) before the pool
      is ready, then all bar one will be stuck forever because we use
      wake_up_interruptible which wakes up a single task.
      
      This patch replaces it with wake_up_all.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      1d9de44e
  4. 26 May, 2015 1 commit
  5. 25 May, 2015 4 commits
    • Herbert Xu's avatar
      crypto: aead - Remove unused cryptoff parameter · 374d4ad1
      Herbert Xu authored
      This patch removes the cryptoff parameter now that all users
      set it to zero.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      374d4ad1
    • Herbert Xu's avatar
      crypto: seqiv - Stop using cryptoff · dd04446e
      Herbert Xu authored
      The cryptoff parameter was added to facilitate the skipping of
      IVs that sit between the AD and the plain/cipher text.  However,
      it was never implemented correctly as and we do not handle users
      such as IPsec setting cryptoff.  It is simply ignored.
      
      Implementing correctly is in fact more trouble than what it's
      worth.
      
      This patch removes the uses of cryptoff by moving the AD forward
      to fill the gap left by the IV.  The AD is moved back after the
      underlying AEAD processing is finished.
      
      This is in fact beter than the cryptoff solution because it allows
      algorithms that use seqniv (i.e., GCM and CCM) to hash the whole
      packet as a single piece, while cryptoff meant that there was
      guaranteed to be a gap.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      dd04446e
    • Herbert Xu's avatar
      crypto: echainiv - Stop using cryptoff · 823655c9
      Herbert Xu authored
      The cryptoff parameter was added to facilitate the skipping of
      IVs that sit between the AD and the plain/cipher text.  However,
      it was never implemented correctly as and we do not handle users
      such as IPsec setting cryptoff.  It is simply ignored.
      
      Implementing correctly is in fact more trouble than what it's
      worth.
      
      This patch removes the uses of cryptoff and simply falls back
      to using the old AEAD interface as it's only needed for old AEAD
      implementations.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      823655c9
    • Herbert Xu's avatar
      crypto: aead - Do not set cra_type for new style instances · d1ee1f02
      Herbert Xu authored
      The function aead_geniv_alloc currently sets cra_type even for
      new style instances.  This is unnecessary and may hide bugs such
      as when our caller uses crypto_register_instance instead of the
      correct aead_register_instance.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d1ee1f02