1. 10 Apr, 2015 6 commits
    • Ard Biesheuvel's avatar
      crypto: sha1-generic - move to generic glue implementation · 7c71f0f7
      Ard Biesheuvel authored
      This updated the generic SHA-1 implementation to use the generic
      shared SHA-1 glue code.
      
      It also implements a .finup hook crypto_sha1_finup() and exports
      it to other modules. The import and export() functions and the
      .statesize member are dropped, since the default implementation
      is perfectly suitable for this module.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      7c71f0f7
    • Ard Biesheuvel's avatar
      crypto: sha512 - implement base layer for SHA-512 · b84a2a0b
      Ard Biesheuvel authored
      To reduce the number of copies of boilerplate code throughout
      the tree, this patch implements generic glue for the SHA-512
      algorithm. This allows a specific arch or hardware implementation
      to only implement the special handling that it needs.
      
      The users need to supply an implementation of
      
        void (sha512_block_fn)(struct sha512_state *sst, u8 const *src, int blocks)
      
      and pass it to the SHA-512 base functions. For easy casting between the
      prototype above and existing block functions that take a 'u64 state[]'
      as their first argument, the 'state' member of struct sha512_state is
      moved to the base of the struct.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b84a2a0b
    • Ard Biesheuvel's avatar
      crypto: sha256 - implement base layer for SHA-256 · 11b8d5ef
      Ard Biesheuvel authored
      To reduce the number of copies of boilerplate code throughout
      the tree, this patch implements generic glue for the SHA-256
      algorithm. This allows a specific arch or hardware implementation
      to only implement the special handling that it needs.
      
      The users need to supply an implementation of
      
        void (sha256_block_fn)(struct sha256_state *sst, u8 const *src, int blocks)
      
      and pass it to the SHA-256 base functions. For easy casting between the
      prototype above and existing block functions that take a 'u32 state[]'
      as their first argument, the 'state' member of struct sha256_state is
      moved to the base of the struct.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      11b8d5ef
    • Ard Biesheuvel's avatar
      crypto: sha1 - implement base layer for SHA-1 · c4d5b9ff
      Ard Biesheuvel authored
      To reduce the number of copies of boilerplate code throughout
      the tree, this patch implements generic glue for the SHA-1
      algorithm. This allows a specific arch or hardware implementation
      to only implement the special handling that it needs.
      
      The users need to supply an implementation of
      
        void (sha1_block_fn)(struct sha1_state *sst, u8 const *src, int blocks)
      
      and pass it to the SHA-1 base functions. For easy casting between the
      prototype above and existing block functions that take a 'u32 state[]'
      as their first argument, the 'state' member of struct sha1_state is
      moved to the base of the struct.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      c4d5b9ff
    • Stephan Mueller's avatar
      crypto: api - remove instance when test failed · 9c521a20
      Stephan Mueller authored
      A cipher instance is added to the list of instances unconditionally
      regardless of whether the associated test failed. However, a failed
      test implies that during another lookup, the cipher instance will
      be added to the list again as it will not be found by the lookup
      code.
      
      That means that the list can be filled up with instances whose tests
      failed.
      
      Note: tests only fail in reality in FIPS mode when a cipher is not
      marked as fips_allowed=1. This can be seen with cmac(des3_ede) that does
      not have a fips_allowed=1. When allocating the cipher, the allocation
      fails with -ENOENT due to the missing fips_allowed=1 flag (which
      causes the testmgr to return EINVAL). Yet, the instance of
      cmac(des3_ede) is shown in /proc/crypto. Allocating the cipher again
      fails again, but a 2nd instance is listed in /proc/crypto.
      
      The patch simply de-registers the instance when the testing failed.
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      9c521a20
    • Herbert Xu's avatar
      crypto: api - Move alg ref count init to crypto_check_alg · e9b8e5be
      Herbert Xu authored
      We currently initialise the crypto_alg ref count in the function
      __crypto_register_alg.  As one of the callers of that function
      crypto_register_instance needs to obtain a ref count before it
      calls __crypto_register_alg, we need to move the initialisation
      out of there.
      
      Since both callers of __crypto_register_alg call crypto_check_alg,
      this is the logical place to perform the initialisation.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: default avatarStephan Mueller <smueller@chronox.de>
      e9b8e5be
  2. 08 Apr, 2015 13 commits
  3. 07 Apr, 2015 3 commits
  4. 03 Apr, 2015 4 commits
    • Sami Tolvanen's avatar
      crypto: arm/sha256 - Add optimized SHA-256/224 · f2f770d7
      Sami Tolvanen authored
      Add Andy Polyakov's optimized assembly and NEON implementations for
      SHA-256/224.
      
      The sha256-armv4.pl script for generating the assembly code is from
      OpenSSL commit 51f8d095562f36cdaa6893597b5c609e943b0565.
      
      Compared to sha256-generic these implementations have the following
      tcrypt speed improvements on Motorola Nexus 6 (Snapdragon 805):
      
        bs    b/u      sha256-neon  sha256-asm
        16    16       x1.32        x1.19
        64    16       x1.27        x1.15
        64    64       x1.36        x1.20
        256   16       x1.22        x1.11
        256   64       x1.36        x1.19
        256   256      x1.59        x1.23
        1024  16       x1.21        x1.10
        1024  256      x1.65        x1.23
        1024  1024     x1.76        x1.25
        2048  16       x1.21        x1.10
        2048  256      x1.66        x1.23
        2048  1024     x1.78        x1.25
        2048  2048     x1.79        x1.25
        4096  16       x1.20        x1.09
        4096  256      x1.66        x1.23
        4096  1024     x1.79        x1.26
        4096  4096     x1.82        x1.26
        8192  16       x1.20        x1.09
        8192  256      x1.67        x1.23
        8192  1024     x1.80        x1.26
        8192  4096     x1.85        x1.28
        8192  8192     x1.85        x1.27
      
      Where bs refers to block size and b/u to bytes per update.
      Signed-off-by: default avatarSami Tolvanen <samitolvanen@google.com>
      Cc: Andy Polyakov <appro@openssl.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      f2f770d7
    • Herbert Xu's avatar
      crypto: api - Change crypto_unregister_instance argument type · 87b16756
      Herbert Xu authored
      This patch makes crypto_unregister_instance take a crypto_instance
      instead of a crypto_alg.  This allows us to remove a duplicate
      CRYPTO_ALG_INSTANCE check in crypto_unregister_instance.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      87b16756
    • Herbert Xu's avatar
      crypto: api - Fix races in crypto_unregister_instance · 1f723710
      Herbert Xu authored
      There are multiple problems in crypto_unregister_instance:
      
      1) The cra_refcnt BUG_ON check is racy and can cause crashes.
      2) The cra_refcnt check shouldn't exist at all.
      3) There is no reference on tmpl to protect the tmpl->free call.
      
      This patch rewrites the function using crypto_remove_spawn which
      now morphs into crypto_remove_instance.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      1f723710
    • Vutla, Lokesh's avatar
      crypto: omap-sham - Add the offset of sg page to vaddr · 13cf394c
      Vutla, Lokesh authored
      kmap_atomic() gives only the page address of the input page.
      Driver should take care of adding the offset of the scatterlist
      within the page to the returned page address.
      omap-sham driver is not adding the offset to page and directly operates
      on the return vale of kmap_atomic(), because of which the following
      error comes when running crypto tests:
      
      00000000: d9 a1 1b 7c aa 90 3b aa 11 ab cb 25 00 b8 ac bf
      [    2.338169] 00000010: c1 39 cd ff 48 d0 a8 e2 2b fa 33 a1
      [    2.344008] alg: hash: Chunking test 1 failed for omap-sha256
      
      So adding the scatterlist offset to vaddr.
      Signed-off-by: default avatarLokesh Vutla <lokeshvutla@ti.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      13cf394c
  5. 01 Apr, 2015 9 commits
  6. 31 Mar, 2015 5 commits