[PATCH 0/4] crypto: Key Derivation Function (SP800-108)

[Stephan Mueller]

Hi,

this patch set implements all three key derivation functions defined in
SP800-108.

The implementation is provided as a template for random number generators,
since a KDF can be considered a form of deterministic RNG where the key
material is used as a seed.

With the KDF implemented as a template, all types of keyed hashes can be
utilized, including HMAC and CMAC. The testmgr tests are derived from
publicly available test vectors from NIST.

The KDF are all tested with a complete round of CAVS testing on 32 and 64 bit.

The patch set introduces an extension to the kernel crypto API in the first
patch by adding a template handling for random number generators based on the
same logic as for keyed hashes.

Stephan Mueller (4):
  crypto: add template handling for RNGs
  crypto: kdf - add known answer tests
  crypto: kdf - SP800-108 Key Derivation Function
  crypto: kdf - enable compilation

 crypto/Kconfig   |   7 +
 crypto/Makefile  |   1 +
 crypto/kdf.c | 514 +++
 crypto/rng.c |  31 
 crypto/testmgr.c | 167 +
 crypto/testmgr.h | 111 +++
 include/crypto/rng.h |  39 
 7 files changed, 870 insertions(+)
 create mode 100644 crypto/kdf.c

-- 
2.5.0


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/4] crypto: kdf - add known answer tests

[Stephan Mueller]

Add known answer tests to the testmgr for the KDF (SP800-108) cipher.

Signed-off-by: Stephan Mueller 
---
 crypto/testmgr.c | 167 +++
 crypto/testmgr.h | 111 
 2 files changed, 278 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ae8c57fd..f6401e7 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -118,6 +118,11 @@ struct drbg_test_suite {
unsigned int count;
 };
 
+struct kdf_test_suite {
+   struct kdf_testvec *vecs;
+   unsigned int count;
+};
+
 struct akcipher_test_suite {
struct akcipher_testvec *vecs;
unsigned int count;
@@ -137,6 +142,7 @@ struct alg_test_desc {
struct hash_test_suite hash;
struct cprng_test_suite cprng;
struct drbg_test_suite drbg;
+   struct kdf_test_suite kdf;
struct akcipher_test_suite akcipher;
} suite;
 };
@@ -1846,6 +1852,65 @@ static int alg_test_drbg(const struct alg_test_desc 
*desc, const char *driver,
 
 }
 
+static int kdf_cavs_test(struct kdf_testvec *test,
+const char *driver, u32 type, u32 mask)
+{
+   int ret = -EAGAIN;
+   struct crypto_rng *drng;
+   unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
+
+   if (!buf)
+   return -ENOMEM;
+
+   drng = crypto_alloc_rng(driver, type | CRYPTO_ALG_INTERNAL, mask);
+   if (IS_ERR(drng)) {
+   printk(KERN_ERR "alg: kdf: could not allocate cipher handle "
+  "for %s\n", driver);
+   kzfree(buf);
+   return -ENOMEM;
+   }
+
+   ret = crypto_rng_reset(drng, test->K1, test->K1len);
+   if (ret) {
+   printk(KERN_ERR "alg: kdf: could not set key derivation key\n");
+   goto err;
+   }
+
+   ret = crypto_rng_generate(drng, test->context, test->contextlen,
+ buf, test->expectedlen);
+   if (ret) {
+   printk(KERN_ERR "alg: kdf: could not obtain key data\n");
+   goto err;
+   }
+
+   ret = memcmp(test->expected, buf, test->expectedlen);
+
+err:
+   crypto_free_rng(drng);
+   kzfree(buf);
+   return ret;
+}
+
+static int alg_test_kdf(const struct alg_test_desc *desc, const char *driver,
+   u32 type, u32 mask)
+{
+   int err = 0;
+   unsigned int i = 0;
+   struct kdf_testvec *template = desc->suite.kdf.vecs;
+   unsigned int tcount = desc->suite.kdf.count;
+
+   for (i = 0; i < tcount; i++) {
+   err = kdf_cavs_test([i], driver, type, mask);
+   if (err) {
+   printk(KERN_ERR "alg: kdf: Test %d failed for %s\n",
+  i, driver);
+   err = -EINVAL;
+   break;
+   }
+   }
+   return err;
+}
+
 static int do_test_rsa(struct crypto_akcipher *tfm,
   struct akcipher_testvec *vecs)
 {
@@ -3287,6 +3352,108 @@ static const struct alg_test_desc alg_test_descs[] = {
.fips_allowed = 1,
.test = alg_test_null,
}, {
+   .alg = "kdf_ctr(cmac(aes))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {
+   .alg = "kdf_ctr(cmac(des3_ede))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {
+   .alg = "kdf_ctr(hmac(sha1))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {
+   .alg = "kdf_ctr(hmac(sha224))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {
+   .alg = "kdf_ctr(hmac(sha256))",
+   .test = alg_test_kdf,
+   .fips_allowed = 1,
+   .suite = {
+   .kdf = {
+   .vecs = kdf_ctr_hmac_sha256_tv_template,
+   .count = 
ARRAY_SIZE(kdf_ctr_hmac_sha256_tv_template)
+   }
+   }
+   }, {
+   .alg = "kdf_ctr(hmac(sha384))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {
+   .alg = "kdf_ctr(hmac(sha512))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {
+   .alg = "kdf_dpi(cmac(aes))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {
+   .alg = "kdf_dpi(cmac(des3_ede))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {
+   .alg = "kdf_dpi(hmac(sha1))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {
+   .alg = "kdf_dpi(hmac(sha224))",
+   .test = alg_test_null,
+   .fips_allowed = 1,
+   }, {

Re: [PATCH v2 3/3] crypto: mxs-dcp - provide statesize and import/export()

[Herbert Xu]

On Wed, Jan 13, 2016 at 03:52:04PM -0200, Fabio Estevam wrote:
> From: Fabio Estevam 
> 
> Currently the mxs-dcp driver fails to probe:
> 
> mxs-dcp 80028000.dcp: Failed to register sha1 hash!
> mxs-dcp: probe of 80028000.dcp failed with error -22
> 
> This happens since commit 8996eafdcbad ("crypto: ahash - ensure statesize
> is non-zero"), which requires statesize to be filled.
> 
> Other than filling statesize, we also need to provide the import/export
> functions.
> 
> Based on the implementation of the sahara and caam drivers.
> 
> Signed-off-by: Fabio Estevam 

This driver is hopelessly broken as its request context doesn't
contain the hash state at all.  Unless someone can fix that we
should probably just remove the hash implementations altogether.

Cheers,,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/2] crypto: s5p-sss - Fix minor coding style violations

[Herbert Xu]

On Mon, Jan 11, 2016 at 08:45:50PM +0900, Krzysztof Kozlowski wrote:
> Improve a little bit code readability and use dev_info/err for printing
> messages.
> 
> Signed-off-by: Krzysztof Kozlowski 

Both applied.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1] crypto: ccp - Add hash state import and export support

[Herbert Xu]

On Tue, Jan 12, 2016 at 11:17:38AM -0600, Tom Lendacky wrote:
> Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
> added a check to prevent ahash algorithms from successfully registering
> if the import and export functions were not implemented. This prevents
> an oops in the hash_accept function of algif_hash. This commit causes
> the ccp-crypto module SHA support and AES CMAC support from successfully
> registering and causing the ccp-crypto module load to fail because the
> ahash import and export functions are not implemented.
> 
> Update the CCP Crypto API support to provide import and export support
> for ahash algorithms.
> 
> Cc:  # 3.14.x-
> Signed-off-by: Tom Lendacky 

Applied.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] crypto: qat - Pack cfg ctl structs

[Herbert Xu]

On Mon, Jan 11, 2016 at 03:23:47PM +, Ahsan Atta wrote:
>   -This is required to support 32bit adf_ctl
>utility on a 64bit driver
> 
> Signed-off-by: Ahsan Atta 

Applied.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] crypto: qat - remove redundant function call

[Herbert Xu]

On Wed, Jan 06, 2016 at 05:56:20PM +0800, Yang Pingchao wrote:
> adf_dev_restore(accel_dev) was called in adf_dev_shutdown,no
> need to call it in adf_device_reset_worker after adf_dev_shutdown
> was called.
> 
> Signed-off-by: Yang Pingchao 

Applied.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] crypto: qat - change name for c6xx dev type

[Herbert Xu]

On Tue, Jan 05, 2016 at 11:14:55AM -0800, Tadeusz Struk wrote:
> change name for c6x dev type to more generic.
> 
> Signed-off-by: Tadeusz Struk 

Applied.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: crypto: algif_hash: creating 0 sized array in hash_accept

[Herbert Xu]

On Mon, Jan 25, 2016 at 07:14:20AM -0500, Sasha Levin wrote:
> Hi all,
> 
> While fuzzing with trinity inside a KVM tools guest running the latest -next 
> kernel
> I've hit:
> 
> [  828.386074] UBSAN: Undefined behaviour in crypto/algif_hash.c:185:7
> [  828.386811] variable length array bound value 0 <= 0
> [  828.387606] CPU: 1 PID: 17792 Comm: trinity-c313 Not tainted 
> 4.4.0-next-20160122-sasha-00019-gd2a2eb4-dirty #2819
> [  828.388957]  110038e06f65 87690421 8801c7037ba8 
> a34474f1
> [  828.394655]  41b58ab3 af84c518 a3447426 
> 8801c7037b70
> [  828.394684]  87690421 b329b1e0 8801c7037c38 
> 
> [  828.394708] Call Trace:
> [  828.394868] dump_stack (lib/dump_stack.c:52)
> [  828.395040] ? _atomic_dec_and_lock (lib/dump_stack.c:27)
> [  828.395079] ubsan_epilogue (lib/ubsan.c:165)
> [  828.395101] __ubsan_handle_vla_bound_not_positive (lib/ubsan.c:364)
> [  828.395118] ? __ubsan_handle_out_of_bounds (lib/ubsan.c:352)
> [  828.395179] ? sock_alloc_file (net/socket.c:388)
> [  828.395194] ? sock_splice_read (net/socket.c:356)
> [  828.395217] ? check_preemption_disabled (lib/smp_processor_id.c:52)
> [  828.395244] hash_accept (crypto/algif_hash.c:185 (discriminator 1))
> [  828.395264] SYSC_accept4 (net/socket.c:1476)
> [  828.395282] ? sockfd_lookup_light (net/socket.c:1427)
> [  828.395319] ? _raw_spin_unlock_bh (kernel/locking/spinlock.c:208)
> [  828.395339] ? release_sock (net/core/sock.c:2446)
> [  828.395645] ? hash_accept_parent_nokey (crypto/algif_hash.c:380)
> [  828.396457] ? map_id_down (kernel/user_namespace.c:201)
> [  828.396484] ? SyS_futex (kernel/futex.c:3099)
> [  828.396502] ? do_futex (kernel/futex.c:3099)
> [  828.396519] ? SyS_socket (net/socket.c:1213)
> [  828.396536] ? move_addr_to_kernel (net/socket.c:1213)
> [  828.396552] SyS_accept (net/socket.c:1506)
> [  828.396569] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:186)
> [  828.396596] ? vm_mmap_pgoff (mm/util.c:325)
> 
> Which is this code snippet:
> 
> static int hash_accept(struct socket *sock, struct socket *newsock, int flags)
> {
> struct sock *sk = sock->sk;
> struct alg_sock *ask = alg_sk(sk);
> struct hash_ctx *ctx = ask->private;
> struct ahash_request *req = >req;
> char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req))];
> 
> 
> Where crypto_ahash_statesize(crypto_ahash_reqtfm(req)) == 0.

This should not be possible because we forbid any algorithm with
a zero statesize from being registered.  Please tell us what
algorithm you were using that led to this crash.

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/2] n2rng: Attach on T5/M5, T7/M7 SPARC CPUs

[Herbert Xu]

On Fri, Jan 15, 2016 at 03:22:53PM -0500, David Miller wrote:
> From: Anatoly Pugachev 
> Date: Thu, 14 Jan 2016 00:43:18 +0300
> 
> > This patch adds support for recent oracle hardware (T5/M5, T7/M7 SPARC 
> > CPUs),
> > so n2_rng driver would work on them.
> > 
> > 1. n2rng: Attach on T5/M5, T7/M7 SPARC CPUs
> > 2. n2rng: documentation, add DT bindings, vendor prefixes
> > 
> > PS: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809815#32
> > 
> > Signed-off-by: Anatoly Pugachev 
> 
> This series looks fine:
> 
> Acked-by: David S. Miller 
> 
> Herbert, please take this via your crypto tree.

I'd love to but unfortunately the pathces are white-space damaged
and all the tabs have turned into spaces.

Anatoly, could you please repost with a mailer that does not eat
tabs for lunch?

Thanks!
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/4] hw_random: bcm63xx-rng: remove unused variables

[Herbert Xu]

On Sun, Jan 17, 2016 at 10:03:54AM +0100, Álvaro Fernández Rojas wrote:
> These variables where left as unused in commit 6229c16060fe
> ("hwrng: bcm63xx - make use of devm_hwrng_register")
> 
> Fixes the following warning:
> drivers/char/hw_random/bcm63xx-rng.c: In function 'bcm63xx_rng_probe':
> drivers/char/hw_random/bcm63xx-rng.c:85:16: warning: unused variable 'rng'
> [-Wunused-variable]
>   struct hwrng *rng;
> ^
> drivers/char/hw_random/bcm63xx-rng.c:82:14: warning: unused variable 'clk'
> [-Wunused-variable]
>   struct clk *clk;
> 
> Signed-off-by: Álvaro Fernández Rojas 

All applied.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] crypto: drbg - remove FIPS 140-2 continuous test

[Herbert Xu]

On Fri, Jan 22, 2016 at 09:52:28AM +0100, Stephan Mueller wrote:
> Hi,
> 
> the following patch is fully CAVS tested on 64 bit and 32 bit.
> 
> Note, this change cannot be made for random.c or ansi_cprng.c, unfortunately.
> 
> ---8<---
> The newly released FIPS 140-2 IG 9.8 specifies that for SP800-90A
> compliant DRBGs, the FIPS 140-2 continuous random number generator test
> is not required any more.
> 
> This patch removes the test and all associated data structures.
> 
> Signed-off-by: Stephan Mueller 

Applied.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/5] crypto: atmel-sha: fix registration issue and other bugs

[Herbert Xu]

On Fri, Jan 15, 2016 at 03:49:30PM +0100, Cyrille Pitchen wrote:
> Hi all,
> 
> This series of patches fixes many issues such as the algo registration failure
> or the broken support of context switches.
> 
> This series was applied to linux-next and tested on a sama5d2 xplained
> ultra board. We now pass the tcrypt tests in the following modes:
> -  2: sha1
> -  6: sha256
> - 11: sha384
> - 12: sha512
> - 33: sha224
> 
> The context switch fix was tested with a userspace program using the cryptodev
> module. This single thread program computes the SHA256 hashes of many files
> by splitting then into fixed size chunks. The chunks of each file are
> processed by calling 'update' operations using a round robin algorithm.
> 
> However, the .import() / .export() implementation was NOT tested!
> Nonetheless the last patch is needed to fix the registration issue, otherwise
> atmel_sha_probe() would still fail.

Patch 1-4 applied.  Please fix the alignment issue with patch 5.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] Reduced reqsize in qat_algs

[Herbert Xu]

On Tue, Jan 19, 2016 at 05:34:04PM +, Giovanni Cabiddu wrote:
> From: Cabiddu, Giovanni 
> 
> req_alloc functions already take into account the request data structure
> when allocating memory.
> 
> Signed-off-by: Giovanni Cabiddu 
> Signed-off-by: Tadeusz Struk 

Applied.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/5] crypto: atmel-sha: fix registration issue and other bugs

[Cyrille Pitchen]

Hi Herbert,

Le 25/01/2016 15:48, Herbert Xu a écrit :
> On Fri, Jan 15, 2016 at 03:49:30PM +0100, Cyrille Pitchen wrote:
>> Hi all,
>>
>> This series of patches fixes many issues such as the algo registration 
>> failure
>> or the broken support of context switches.
>>
>> This series was applied to linux-next and tested on a sama5d2 xplained
>> ultra board. We now pass the tcrypt tests in the following modes:
>> -  2: sha1
>> -  6: sha256
>> - 11: sha384
>> - 12: sha512
>> - 33: sha224
>>
>> The context switch fix was tested with a userspace program using the 
>> cryptodev
>> module. This single thread program computes the SHA256 hashes of many files
>> by splitting then into fixed size chunks. The chunks of each file are
>> processed by calling 'update' operations using a round robin algorithm.
>>
>> However, the .import() / .export() implementation was NOT tested!
>> Nonetheless the last patch is needed to fix the registration issue, otherwise
>> atmel_sha_probe() would still fail.
> 
> Patch 1-4 applied.  Please fix the alignment issue with patch 5.
> 

OK, I will fix it soon!


Best regards,

Cyrille
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

re: [PATCH] eCryptfs: Clean up crypto initialization

[Dan Carpenter]

Hello Michael Halcrow,

The patch e5d9cbde6ce0: "[PATCH] eCryptfs: Clean up crypto
initialization" from Oct 30, 2006, leads to the following static
checker warning:

fs/ecryptfs/crypto.c:1625 ecryptfs_process_key_cipher()
error: get_random_bytes() 'dummy_key' too small (64 vs 4294967295)

fs/ecryptfs/crypto.c
  1593  static int
  1594  ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
  1595  char *cipher_name, size_t *key_size)
  1596  {
  1597  char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
  1598  char *full_alg_name = NULL;
  1599  int rc;
  1600  
  1601  *key_tfm = NULL;
  1602  if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
  1603  rc = -EINVAL;
  1604  printk(KERN_ERR "Requested key size is [%zd] bytes; 
maximum "
  1605"allowable is [%d]\n", *key_size, 
ECRYPTFS_MAX_KEY_BYTES);
  1606  goto out;
  1607  }
  1608  rc = ecryptfs_crypto_api_algify_cipher_name(_alg_name, 
cipher_name,
  1609  "ecb");
  1610  if (rc)
  1611  goto out;
  1612  *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, 
CRYPTO_ALG_ASYNC);
  1613  if (IS_ERR(*key_tfm)) {
  1614  rc = PTR_ERR(*key_tfm);
  1615  printk(KERN_ERR "Unable to allocate crypto cipher with 
name "
  1616 "[%s]; rc = [%d]\n", full_alg_name, rc);
  1617  goto out;
  1618  }
  1619  crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
  1620  if (*key_size == 0) {
  1621  struct blkcipher_alg *alg = 
crypto_blkcipher_alg(*key_tfm);
  1622  
  1623  *key_size = alg->max_keysize;

My concern here is that arc4 has a max_keysize of ARC4_MAX_KEY_SIZE (256).

  1624  }
  1625  get_random_bytes(dummy_key, *key_size);

Potentially leading to memory corruption here.  This is static analysis
work so I may be wrong.

  1626  rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size);
  1627  if (rc) {
  1628  printk(KERN_ERR "Error attempting to set key of size 
[%zd] for "
  1629 "cipher [%s]; rc = [%d]\n", *key_size, 
full_alg_name,
  1630 rc);
  1631  rc = -EINVAL;
  1632  goto out;
  1633  }
  1634  out:
  1635  kfree(full_alg_name);
  1636  return rc;
  1637  }

regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] crypto: chacha20_4block_xor_ssse3: Align stack pointer to 64 bytes

[Herbert Xu]

On Fri, Jan 22, 2016 at 08:55:24AM +0100, Martin Willi wrote:
> Hi Eli,
> 
> > This aligns the stack pointer in chacha20_4block_xor_ssse3 to 64 bytes.
> > Fixes general protection faults and potential kernel panics.
> 
> I assumed 16-byte alignment according to the System V AMD64 ABI, but
> this is obviously not true with -mpreferred-stack-boundary=3. The AVX2
> version seems to be ok, so is Poly1305.
> 
> Acked-by: Martin Willi 

Patch applied.  Thanks!
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2 1/3] crypto: sahara - avoid needlessly saving and restoring sahara_ctx

[Herbert Xu]

On Wed, Jan 13, 2016 at 03:52:02PM -0200, Fabio Estevam wrote:
> From: Fabio Estevam 
> 
> Based on commit 434b421241f2d0 ("crypto: caam - avoid needlessly saving and
> restoring caam_hash_ctx") from Russell King.
> 
> When exporting and importing the hash state, we will only export and
> import into hashes which share the same struct crypto_ahash pointer.
> (See hash_accept->af_alg_accept->hash_accept_parent.)
> 
> This means that saving the sahara_ctx structure on export, and
> restoring it on import is a waste of resources.  So, remove this code.
> 
> Signed-off-by: Fabio Estevam 

Very good.  Not only is it a waste, it's a gaping security hole
because modifying the tfm from import will corrupt it.

But this is not enough, you're still copying things like the mutex
which should not be copied but instead should be reinitialised in
import.

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2 1/2] crypto: caam - make write transactions bufferable on PPC platforms

[Herbert Xu]

On Tue, Jan 12, 2016 at 05:59:29PM +0200, Horia Geantă wrote:
> Previous change (see "Fixes" tag) to the MCFGR register
> clears AWCACHE[0] ("bufferable" AXI3 attribute) (which is "1" at POR).
> 
> This makes all writes non-bufferable, causing a ~ 5% performance drop
> for PPC-based platforms.
> 
> Rework previous change such that MCFGR[AWCACHE]=4'b0011
> (bufferable + cacheable) for all platforms.
> Note: For ARM-based platforms, AWCACHE[0] is ignored
> by the interconnect IP.
> 
> Cc:  # 4.3+
> Fixes: f10967495144 ("crypto: caam - fix snooping for write transactions")
> Signed-off-by: Horia Geantă 

Patch applied.  Thanks!
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 16/26] libceph: Use skcipher

[Ilya Dryomov]

On Sun, Jan 24, 2016 at 2:18 PM, Herbert Xu  wrote:
> This patch replaces uses of blkcipher with skcipher.
>
> Signed-off-by: Herbert Xu 
> ---
>
>  net/ceph/crypto.c |   97 
> +++---
>  1 file changed, 56 insertions(+), 41 deletions(-)

Could you get rid of ivsize instead of assigning to it - see the
attached diff?

Otherwise:

Acked-by: Ilya Dryomov 

Thanks,

Ilya
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 42e8649c6e79..db2847ac5f12 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -4,7 +4,8 @@
 #include 
 #include 
 #include 
-#include 
+#include 
+#include 
 #include 
 
 #include 
@@ -79,9 +80,9 @@ int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, 
const char *inkey)
return 0;
 }
 
-static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void)
+static struct crypto_skcipher *ceph_crypto_alloc_cipher(void)
 {
-   return crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
+   return crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
 }
 
 static const u8 *aes_iv = (u8 *)CEPH_AES_IV;
@@ -162,11 +163,10 @@ static int ceph_aes_encrypt(const void *key, int key_len,
 {
struct scatterlist sg_in[2], prealloc_sg;
struct sg_table sg_out;
-   struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
-   struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+   struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+   SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
-   void *iv;
-   int ivsize;
+   char iv[AES_BLOCK_SIZE];
size_t zero_padding = (0x10 - (src_len & 0x0f));
char pad[16];
 
@@ -184,10 +184,13 @@ static int ceph_aes_encrypt(const void *key, int key_len,
if (ret)
goto out_tfm;
 
-   crypto_blkcipher_setkey((void *)tfm, key, key_len);
-   iv = crypto_blkcipher_crt(tfm)->iv;
-   ivsize = crypto_blkcipher_ivsize(tfm);
-   memcpy(iv, aes_iv, ivsize);
+   crypto_skcipher_setkey((void *)tfm, key, key_len);
+   memcpy(iv, aes_iv, AES_BLOCK_SIZE);
+
+   skcipher_request_set_tfm(req, tfm);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   skcipher_request_set_crypt(req, sg_in, sg_out.sgl,
+  src_len + zero_padding, iv);
 
/*
print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
@@ -197,8 +200,8 @@ static int ceph_aes_encrypt(const void *key, int key_len,
print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
pad, zero_padding, 1);
*/
-   ret = crypto_blkcipher_encrypt(, sg_out.sgl, sg_in,
-src_len + zero_padding);
+   ret = crypto_skcipher_encrypt(req);
+   skcipher_request_zero(req);
if (ret < 0) {
pr_err("ceph_aes_crypt failed %d\n", ret);
goto out_sg;
@@ -211,7 +214,7 @@ static int ceph_aes_encrypt(const void *key, int key_len,
 out_sg:
teardown_sgtable(_out);
 out_tfm:
-   crypto_free_blkcipher(tfm);
+   crypto_free_skcipher(tfm);
return ret;
 }
 
@@ -222,11 +225,10 @@ static int ceph_aes_encrypt2(const void *key, int 
key_len, void *dst,
 {
struct scatterlist sg_in[3], prealloc_sg;
struct sg_table sg_out;
-   struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
-   struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+   struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+   SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
-   void *iv;
-   int ivsize;
+   char iv[AES_BLOCK_SIZE];
size_t zero_padding = (0x10 - ((src1_len + src2_len) & 0x0f));
char pad[16];
 
@@ -245,10 +247,13 @@ static int ceph_aes_encrypt2(const void *key, int 
key_len, void *dst,
if (ret)
goto out_tfm;
 
-   crypto_blkcipher_setkey((void *)tfm, key, key_len);
-   iv = crypto_blkcipher_crt(tfm)->iv;
-   ivsize = crypto_blkcipher_ivsize(tfm);
-   memcpy(iv, aes_iv, ivsize);
+   crypto_skcipher_setkey((void *)tfm, key, key_len);
+   memcpy(iv, aes_iv, AES_BLOCK_SIZE);
+
+   skcipher_request_set_tfm(req, tfm);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   skcipher_request_set_crypt(req, sg_in, sg_out.sgl,
+  src1_len + src2_len + zero_padding, iv);
 
/*
print_hex_dump(KERN_ERR, "enc  key: ", DUMP_PREFIX_NONE, 16, 1,
@@ -260,8 +265,8 @@ static int ceph_aes_encrypt2(const void *key, int key_len, 
void *dst,
print_hex_dump(KERN_ERR, "enc  pad: ", DUMP_PREFIX_NONE, 16, 1,
pad, zero_padding, 1);
*/
-   ret = crypto_blkcipher_encrypt(, sg_out.sgl, sg_in,
-src1_len + src2_len + zero_padding);
+   ret = 

Re: [dm-devel] [PATCH 22/26] iscsi_tcp: Use ahash

[Mike Christie]

On 01/24/2016 07:19 AM, Herbert Xu wrote:
> This patch replaces uses of the long obsolete hash interface with
> ahash.
> 
> Signed-off-by: Herbert Xu 
> ---
> 
>  drivers/scsi/iscsi_tcp.c|   54 
> ++--
>  drivers/scsi/iscsi_tcp.h|4 +--
>  drivers/scsi/libiscsi_tcp.c |   29 +--
>  include/scsi/libiscsi_tcp.h |   13 +-
>  4 files changed, 58 insertions(+), 42 deletions(-)
> 

iSCSI parts look ok.

Reviewed-by: Mike Christie 

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] crypto: hash - select CRYPTO_HASH where needed

[Arnd Bergmann]

The ghash and poly1305 hash implementations can be enabled when
CONFIG_CRYPTO_HASH is turned off, causing a link error:

crypto/built-in.o: In function `ghash_mod_init':
(.init.text+0xd0): undefined reference to `crypto_register_shash'
crypto/built-in.o: In function `ghash_mod_exit':
(.exit.text+0xb4): undefined reference to `crypto_unregister_shash'
crypto/built-in.o: In function `poly1305_mod_init':
(.init.text+0xb4): undefined reference to `crypto_register_shash'
crypto/built-in.o: In function `poly1305_mod_exit':
(.exit.text+0x98): undefined reference to `crypto_unregister_shash'

This adds an explicit 'select', like all other hashes have it.

Signed-off-by: Arnd Bergmann 
---
 crypto/Kconfig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 99109b93604a..2d76676a1253 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -472,11 +472,13 @@ config CRYPTO_CRCT10DIF_PCLMUL
 config CRYPTO_GHASH
tristate "GHASH digest algorithm"
select CRYPTO_GF128MUL
+   select CRYPTO_HASH
help
  GHASH is message digest algorithm for GCM (Galois/Counter Mode).
 
 config CRYPTO_POLY1305
tristate "Poly1305 authenticator algorithm"
+   select CRYPTO_HASH
help
  Poly1305 authenticator algorithm, RFC7539.
 
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 0/2] n2rng: Attach on T5/M5, T7/M7 SPARC CPUs

[Anatoly Pugachev]

On Mon, Jan 25, 2016 at 10:41:01PM +0800, Herbert Xu wrote:
> On Fri, Jan 15, 2016 at 03:22:53PM -0500, David Miller wrote:
> > From: Anatoly Pugachev 
> > Date: Thu, 14 Jan 2016 00:43:18 +0300
> > 
> > > This patch adds support for recent oracle hardware (T5/M5, T7/M7 SPARC 
> > > CPUs),
> > > so n2_rng driver would work on them.
> > > 
> > > 1. n2rng: Attach on T5/M5, T7/M7 SPARC CPUs
> > > 2. n2rng: documentation, add DT bindings, vendor prefixes
> > > 
> > > PS: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809815#32
> > > 
> > > Signed-off-by: Anatoly Pugachev 
> > 
> > This series looks fine:
> > 
> > Acked-by: David S. Miller 
> > 
> > Herbert, please take this via your crypto tree.
> 
> I'd love to but unfortunately the pathces are white-space damaged
> and all the tabs have turned into spaces.
> 
> Anatoly, could you please repost with a mailer that does not eat
> tabs for lunch?

Herbert,

I've no idea what has changed tabs to spaces. Resubmitted again, should be in
proper format now...

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/2] crypto: jitterentropy - always select CRYPTO_RNG

[Arnd Bergmann]

When building the jitterentropy driver by itself, we get a link error
when CRYPTO_RNG is not enabled as well:

crypto/built-in.o: In function `jent_mod_init':
jitterentropy-kcapi.c:(.init.text+0x98): undefined reference to 
`crypto_register_rng'
crypto/built-in.o: In function `jent_mod_exit':
jitterentropy-kcapi.c:(.exit.text+0x60): undefined reference to 
`crypto_unregister_rng'

This moves the 'select CRYPTO_RNG' from CRYPTO_DRBG to CRYPTO_JITTERENTROPY
to ensure the API is always there when it's used, not just when DRBG is
also enabled.

Signed-off-by: Arnd Bergmann 
---
 crypto/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 7240821137fd..99109b93604a 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1586,13 +1586,13 @@ config CRYPTO_DRBG_CTR
 config CRYPTO_DRBG
tristate
default CRYPTO_DRBG_MENU
-   select CRYPTO_RNG
select CRYPTO_JITTERENTROPY
 
 endif  # if CRYPTO_DRBG_MENU
 
 config CRYPTO_JITTERENTROPY
tristate "Jitterentropy Non-Deterministic Random Number Generator"
+   select CRYPTO_RNG
help
  The Jitterentropy RNG is a noise that is intended
  to provide seed to another RNG. The RNG does not
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/2] n2rng: Attach on T5/M5, T7/M7 SPARC CPUs

[Anatoly Pugachev]

n2rng: Attach on T5/M5, T7/M7 SPARC CPUs

Signed-off-by: Anatoly Pugachev 
---
 drivers/char/hw_random/n2-drv.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/drivers/char/hw_random/n2-drv.c b/drivers/char/hw_random/n2-drv.c
index 843d6f6..8bee43a 100644
--- a/drivers/char/hw_random/n2-drv.c
+++ b/drivers/char/hw_random/n2-drv.c
@@ -743,6 +743,16 @@ static const struct of_device_id n2rng_match[] = {
.compatible = "SUNW,kt-rng",
.data   = (void *) 1,
},
+   {
+   .name   = "random-number-generator",
+   .compatible = "ORCL,m4-rng",
+   .data   = (void *) 1,
+   },
+   {
+   .name   = "random-number-generator",
+   .compatible = "ORCL,m7-rng",
+   .data   = (void *) 1,
+   },
{},
 };
 MODULE_DEVICE_TABLE(of, n2rng_match);
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/2] n2rng: documentation, add DT bindings, vendor prefixes

[Anatoly Pugachev]

n2rng: documentation, add DT bindings, vendor prefixes

Signed-off-by: Anatoly Pugachev 
---
 .../devicetree/bindings/sparc_sun_oracle_rng.txt   | 30 ++
 .../devicetree/bindings/vendor-prefixes.txt|  2 ++
 2 files changed, 32 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/sparc_sun_oracle_rng.txt

diff --git a/Documentation/devicetree/bindings/sparc_sun_oracle_rng.txt 
b/Documentation/devicetree/bindings/sparc_sun_oracle_rng.txt
new file mode 100644
index 000..b0b2111
--- /dev/null
+++ b/Documentation/devicetree/bindings/sparc_sun_oracle_rng.txt
@@ -0,0 +1,30 @@
+HWRNG support for the n2_rng driver
+
+Required properties:
+- reg  : base address to sample from
+- compatible   : should contain one of the following
+   RNG versions:
+   - 'SUNW,n2-rng' for Niagara 2 Platform (SUN UltraSPARC T2 CPU)
+   - 'SUNW,vf-rng' for Victoria Falls Platform (SUN UltraSPARC T2 Plus CPU)
+   - 'SUNW,kt-rng' for Rainbow/Yosemite Falls Platform (SUN SPARC T3/T4), 
(UltraSPARC KT/Niagara 3 - development names)
+   more recent systems (after Oracle acquisition of SUN)
+   - 'ORCL,m4-rng' for SPARC T5/M5
+   - 'ORCL,m7-rng' for SPARC T7/M7
+
+Examples:
+/* linux LDOM on SPARC T5-2 */
+Node 0xf029a4f4
+   .node:  f029a4f4
+   rng-#units:  0002
+   compatible: 'ORCL,m4-rng'
+   reg:  000e
+   name: 'random-number-generator'
+
+/* solaris on SPARC M7-8 */
+Node 0xf028c08c
+   rng-#units:  0003
+   compatible: 'ORCL,m7-rng'
+   reg:  000e
+   name:  'random-number-generator'
+
+PS: see as well prtconfs.git by DaveM
diff --git a/Documentation/devicetree/bindings/vendor-prefixes.txt 
b/Documentation/devicetree/bindings/vendor-prefixes.txt
index 72e2c5a..e00029d 100644
--- a/Documentation/devicetree/bindings/vendor-prefixes.txt
+++ b/Documentation/devicetree/bindings/vendor-prefixes.txt
@@ -170,6 +170,7 @@ opencores   OpenCores.org
 option Option NV
 ortustech  Ortus Technology Co., Ltd.
 ovti   OmniVision Technologies
+ORCL   Oracle Corporation
 panasonic  Panasonic Corporation
 parade Parade Technologies Inc.
 pericomPericom Technology Inc.
@@ -227,6 +228,7 @@ startek Startek
 steST-Ericsson
 stericsson ST-Ericsson
 synology   Synology, Inc.
+SUNW   Sun Microsystems, Inc
 tbsTBS Technologies
 tclToby Churchill Ltd.
 technologicTechnologic Systems
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/4] crypto: sunxi - don't print uninitialized data

[Arnd Bergmann]

gcc correctly warns that the printk output contains a variable that
is not initialized in some cases:

drivers/crypto/sunxi-ss/sun4i-ss-cipher.c: In function 'sun4i_ss_cipher_poll':
drivers/crypto/sunxi-ss/sun4i-ss-cipher.c:254:76: warning: 'todo' may be used 
uninitialized in this function [-Wmaybe-uninitialized]
drivers/crypto/sunxi-ss/sun4i-ss-cipher.c:144:15: note: 'todo' was declared here

This adds an explicit initialization to zero in the exact case where it
was missing, to avoid leaking stack data to the console and to shut up
that warning.

Signed-off-by: Arnd Bergmann 
---
 drivers/crypto/sunxi-ss/sun4i-ss-cipher.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c 
b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
index a19ee127edca..db52ae16c147 100644
--- a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
+++ b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
@@ -246,6 +246,8 @@ static int sun4i_ss_cipher_poll(struct ablkcipher_request 
*areq)
sg_miter_next();
oi = 0;
}
+   } else {
+   todo = 0;
}
 
spaces = readl(ss->base + SS_FCSR);
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] n2rng: Attach on T5/M5, T7/M7 SPARC CPUs

[David Miller]

From: Anatoly Pugachev 
Date: Mon, 25 Jan 2016 19:09:39 +0300

> n2rng: Attach on T5/M5, T7/M7 SPARC CPUs
> 
> Signed-off-by: Anatoly Pugachev 

Acked-by: David S. Miller 
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/2] n2rng: documentation, add DT bindings, vendor prefixes

[David Miller]

From: Anatoly Pugachev 
Date: Mon, 25 Jan 2016 19:09:21 +0300

> n2rng: documentation, add DT bindings, vendor prefixes
> 
> Signed-off-by: Anatoly Pugachev 

Acked-by: David S. Miller 
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v3 0/4] crypto: add algif_akcipher user space API

[Stephan Mueller]

Am Freitag, 18. Dezember 2015, 00:49:57 schrieb Stephan Mueller:

Hi Herbert,

[...]

> Changes v3:
>  * fix hack in alg_setkey and alg_setsockopt by avoding branches for
>  setkey and setpubkey as pointed out by Marcel Holtmann
>  * removal of patch for fixing SGL handling as this is already included

I have ported the code to 4.5. Shall I wait for comments from you for the 
current code or shall I post v4 for the current cryptodev tree?


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

GCM: cra_name == cra_driver_name

[Stephan Mueller]

Hi Herbert,

with the current cryptodev tree, when I call a compound AEAD cipher with 
cra_driver_name for the first time, this cra_driver_name gets registered also 
as cra_name. Note, using other compound ciphers (like HMAC or symmetric 
ciphers), I do not see that error.

With that registering, I am not able to resolve the cipher with usual common 
cra_name.

Note, when I initialized an AEAD cipher with a cra_name, then all works as it 
used to be.

For example:

name : seqiv(rfc4106(gcm_base(ctr(aes-generic),ghash-generic)))
driver   : seqiv(rfc4106(gcm_base(ctr(aes-generic),ghash-generic)))
module   : seqiv
priority : 100
refcnt   : 1
selftest : passed
internal : no
type : aead
async: yes
blocksize: 1
ivsize   : 8
maxauthsize  : 16
geniv: 

name : rfc4106(gcm_base(ctr(aes-generic),ghash-generic))
driver   : rfc4106(gcm_base(ctr(aes-generic),ghash-generic))
module   : gcm
priority : 100
refcnt   : 1
selftest : passed
internal : no
type : aead
async: yes
blocksize: 1
ivsize   : 8
maxauthsize  : 16
geniv: 

name : ccm_base(ctr(aes-generic),aes-generic)
driver   : ccm_base(ctr(aes-generic),aes-generic)
module   : ccm
priority : 100
refcnt   : 1
selftest : passed
internal : no
type : aead
async: yes
blocksize: 1
ivsize   : 16
maxauthsize  : 16
geniv: 

name : gcm_base(ctr(aes-generic),ghash-generic)
driver   : gcm_base(ctr(aes-generic),ghash-generic)
module   : gcm
priority : 100
refcnt   : 1
selftest : passed
internal : no
type : aead
async: yes
blocksize: 1
ivsize   : 12
maxauthsize  : 16
geniv: 

name : seqiv(rfc4106(gcm_base(ctr(aes-aesni),ghash-clmulni)))
driver   : seqiv(rfc4106(gcm_base(ctr(aes-aesni),ghash-clmulni)))
module   : seqiv
priority : 350
refcnt   : 1
selftest : passed
internal : no
type : aead
async: yes
blocksize: 1
ivsize   : 8
maxauthsize  : 16
geniv: 

name : rfc4106(gcm_base(ctr(aes-aesni),ghash-clmulni))
driver   : rfc4106(gcm_base(ctr(aes-aesni),ghash-clmulni))
module   : gcm
priority : 350
refcnt   : 1
selftest : passed
internal : no
type : aead
async: yes
blocksize: 1
ivsize   : 8
maxauthsize  : 16
geniv: 

name : gcm_base(ctr(aes-aesni),ghash-clmulni)
driver   : gcm_base(ctr(aes-aesni),ghash-clmulni)
module   : gcm
priority : 350
refcnt   : 1
selftest : passed
internal : no
type : aead
async: yes
blocksize: 1
ivsize   : 12
maxauthsize  : 16
geniv: 

name : ccm_base(ctr-aes-aesni,aes-aesni)
driver   : ccm_base(ctr-aes-aesni,aes-aesni)
module   : ccm
priority : 350
refcnt   : 1
selftest : passed
internal : no
type : aead
async: yes
blocksize: 1
ivsize   : 16
maxauthsize  : 16
geniv: 

name : gcm_base(ctr-aes-aesni,ghash-clmulni)
driver   : gcm_base(ctr-aes-aesni,ghash-clmulni)
module   : gcm
priority : 400
refcnt   : 1
selftest : passed
internal : no
type : aead
async: yes
blocksize: 1
ivsize   : 12
maxauthsize  : 16
geniv: 





Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2] n2rng: Attach on T5/M5, T7/M7 SPARC CPUs

[Anatoly Pugachev]

n2rng: Attach on T5/M5, T7/M7 SPARC CPUs

(space to tab fixes after variable names)

Signed-off-by: Anatoly Pugachev 
---
 drivers/char/hw_random/n2-drv.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/drivers/char/hw_random/n2-drv.c b/drivers/char/hw_random/n2-drv.c
index 843d6f6..3b06c1d6 100644
--- a/drivers/char/hw_random/n2-drv.c
+++ b/drivers/char/hw_random/n2-drv.c
@@ -743,6 +743,16 @@ static const struct of_device_id n2rng_match[] = {
.compatible = "SUNW,kt-rng",
.data   = (void *) 1,
},
+   {
+   .name   = "random-number-generator",
+   .compatible = "ORCL,m4-rng",
+   .data   = (void *) 1,
+   },
+   {
+   .name   = "random-number-generator",
+   .compatible = "ORCL,m7-rng",
+   .data   = (void *) 1,
+   },
{},
 };
 MODULE_DEVICE_TABLE(of, n2rng_match);
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

AF_ALG: hash returns -ENOKEY

[Stephan Mueller]

Hi Herbert,

during testing of the current cryptodev-2.6 key, the AF_ALG hash does not seem 
to work as it used to.

Regardless whether I use the vmsplice or the sendmsg call, I get -ENOKEY using 
a normal hash.

When you use by libkcapi/test/ [1] test application with the following 
command, I always get the error:

./kcapi -x 3 -c sha256 -p 38f86d

Expected result is 
cc42f645c5aa76ac3154b023359b665375fc3ae42f025fe961fb0f65205ad70e

[1] http://www.chronox.de/libkcapi.html

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 05/22] hw_random: Fix dependencies for !HAS_IOMEM archs

[Richard Weinberger]

Not every arch has io memory.
So, unbreak the build by fixing the dependencies.

Signed-off-by: Richard Weinberger 
---
 drivers/char/hw_random/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig
index dbf2271..ff00331 100644
--- a/drivers/char/hw_random/Kconfig
+++ b/drivers/char/hw_random/Kconfig
@@ -372,6 +372,7 @@ config HW_RANDOM_XGENE
 config HW_RANDOM_STM32
tristate "STMicroelectronics STM32 random number generator"
depends on HW_RANDOM && (ARCH_STM32 || COMPILE_TEST)
+   depends on HAS_IOMEM
help
  This driver provides kernel-side support for the Random Number
  Generator hardware found on STM32 microcontrollers.
-- 
1.8.4.5

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] crypto : sha1-mb : Add missing args_digest offset

[Megha Dey]

From: Megha Dey 

The _args_digest is defined as _args+_digest, both of which are the first
members of 2 separate structures, effectively yielding _args_digest to have
a value of zero. Thus, no errors have spawned yet due to this. To ensure
sanity, adding the missing _args_digest offset to the sha1_mb_mgr_submit.S.

Signed-off-by: Megha Dey 
---
 arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S 
b/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S
index 2ab9560..c420d89 100644
--- a/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S
+++ b/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S
@@ -197,7 +197,7 @@ len_is_0:
vpinsrd  $1, _args_digest+1*32(state , idx, 4), %xmm0, %xmm0
vpinsrd  $2, _args_digest+2*32(state , idx, 4), %xmm0, %xmm0
vpinsrd  $3, _args_digest+3*32(state , idx, 4), %xmm0, %xmm0
-   movl4*32(state, idx, 4), DWORD_tmp
+   movl _args_digest+4*32(state, idx, 4), DWORD_tmp
 
vmovdqu  %xmm0, _result_digest(job_rax)
movlDWORD_tmp, _result_digest+1*16(job_rax)
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html