Re: linux-next: manual merge of the crypto tree with the mac80211-next tree

2018-10-11 Thread Herbert Xu
On Thu, Oct 11, 2018 at 12:08:57PM +0200, Johannes Berg wrote:
>
> Herbert, maybe you can drop the patch from the crypto tree since my
> change also removes the VLA usage?

Sorry but it's too late now.

Cheers,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH V2] Fix a sleep-in-atomic bug in shash_setkey_unaligned

2017-10-05 Thread Herbert Xu
On Thu, Oct 05, 2017 at 06:16:20PM +0800, Herbert Xu wrote:
>
> That was my point.  Functions like sctp_pack_cookie shouldn't be
> setting the key in the first place.  The setkey should happen at
> the point when the key is generated.  That's sctp_endpoint_init
> which AFAICS only gets called in GFP_KERNEL context.
> 
> Or is there a code-path where sctp_endpoint_init is called in
> softirq context?

OK, there are indeed code paths where the key is derived in softirq
context.  Notably sctp_auth_calculate_hmac.

So I think this patch is the correct fix and I will push it upstream
as well as back to stable.

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH V2] Fix a sleep-in-atomic bug in shash_setkey_unaligned

2017-10-05 Thread Herbert Xu
On Wed, Oct 04, 2017 at 09:37:58PM -0700, David Miller wrote:
>
> > I'm not talking about the code-path in question.  I'm talking
> > about the function which generates the secret key in the first
> > place.  AFAICS that's only called in GFP_KERNEL context.  What
> > am I missing?
> 
> The setkey happens in functions like sctp_pack_cookie() and
> sctp_unpack_cookie(), which seems to run from software interrupts.

That was my point.  Functions like sctp_pack_cookie shouldn't be
setting the key in the first place.  The setkey should happen at
the point when the key is generated.  That's sctp_endpoint_init
which AFAICS only gets called in GFP_KERNEL context.

Or is there a code-path where sctp_endpoint_init is called in
softirq context?

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH V2] Fix a sleep-in-atomic bug in shash_setkey_unaligned

2017-10-04 Thread Herbert Xu
On Tue, Oct 03, 2017 at 07:45:06PM -0300, Marcelo Ricardo Leitner wrote:
>
> > Usually if you're invoking setkey from a non-sleeping code-path
> > you're probably doing something wrong.
> 
> Usually but not always. There are 3 calls to that function on SCTP
> code:
> - pack a cookie, which is sent on an INIT_ACK packet to the client
> - unpack the cookie above, after it is sent back by the client on a
>   COOKIE_ECHO packet
> - send a chunk authenticated by a hash

I'm not talking about the code-path in question.  I'm talking
about the function which generates the secret key in the first
place.  AFAICS that's only called in GFP_KERNEL context.  What
am I missing?

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH V2] Fix a sleep-in-atomic bug in shash_setkey_unaligned

2017-10-02 Thread Herbert Xu
On Mon, Oct 02, 2017 at 09:18:24PM -0700, Andy Lutomirski wrote:
> > On Oct 2, 2017, at 7:25 PM, Jia-Ju Bai <baijiaju1...@163.com> wrote:
> >
> > The SCTP program may sleep under a spinlock, and the function call path is:
> > sctp_generate_t3_rtx_event (acquire the spinlock)
> >  sctp_do_sm
> >sctp_side_effects
> >  sctp_cmd_interpreter
> >sctp_make_init_ack
> >  sctp_pack_cookie
> >crypto_shash_setkey
> >  shash_setkey_unaligned
> >kmalloc(GFP_KERNEL)
> 
> I'm going to go out on a limb here: why on Earth is out crypto API so
> full of indirection that we allocate memory at all here?

The crypto API operates on a one key per-tfm basis.  So normally
tfm allocation and key setting is done once only and not done on
the data path.

I have looked at the SCTP code and it appears to fit this paradigm.
That is, we should be able to allocate the tfm and set the key when
the key is actually generated via get_random_bytes, rather than every
time the key is used which is not only a waste but as you see runs
into API issues.

Usually if you're invoking setkey from a non-sleeping code-path
you're probably doing something wrong.

As someone else noted recently, there is no single forum for
reviewing code that uses the crypto API so buggy code like this
is not surprising.

> We're synchronously computing a hash of a small amount of data using
> either HMAC-SHA1 or HMAC-SHA256 (determined at runtime) if I read it
> right.  There's a sane way to do this that doesn't need kmalloc,
> alloca, or fancy indirection.  And then there's crypto_shash_xyz().

There are some legitimate cases where you want to use a different
key for every hashing operation.  But so far these are uses have
been very few so there has been no need to provide an API for them.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH] mac80211: aead api to reduce redundancy

2017-09-25 Thread Herbert Xu
On Mon, Sep 25, 2017 at 07:22:26AM +0200, Johannes Berg wrote:
> 
> The code moves to crypto/ though, and I'm not even sure I can vouch for
> the Makefile choice there.

Thanks, I missed that.  I don't think this belongs in crypto.
This proposed helper is only useful for wireless so it should
stay there.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH] mac80211: aead api to reduce redundancy

2017-09-24 Thread Herbert Xu
On Sun, Sep 24, 2017 at 07:42:46PM +0200, Johannes Berg wrote:
>
> Unrelated to this, I'm not sure whose tree this should go through -
> probably Herbert's (or DaveM's with his ACK? not sure if there's a
> crypto tree?) or so?

Since you're just rearranging code invoking the crypto API, rather
than touching actual crypto API code, I think you should handle it
as you do with any other wireless patch.

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH 2/2] crypto/algapi - make crypto_xor() take separate dst and src arguments

2017-07-18 Thread Herbert Xu
On Mon, Jul 10, 2017 at 02:45:48PM +0100, Ard Biesheuvel wrote:
> There are quite a number of occurrences in the kernel of the pattern
> 
> if (dst != src)
> memcpy(dst, src, walk.total % AES_BLOCK_SIZE);
> crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE);
> 
> or
> 
> crypto_xor(keystream, src, nbytes);
> memcpy(dst, keystream, nbytes);

What keeping crypto_xor as it is and adding a new entry point for
the 4-argument case?

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH] mac80211: Allocate a sync skcipher explicitly for FILS AEAD

2017-02-06 Thread Herbert Xu
On Mon, Feb 06, 2017 at 07:54:37AM +0100, Johannes Berg wrote:
> Hi,
> 
> > The skcipher could have been of the async variant which may return
> > from skcipher_encrypt() with -EINPROGRESS after having queued the
> > request.
> > The FILS AEAD implementation here does not have code for dealing with
> > that possibility, so allocate a sync cipher explicitly to avoid
> > potential issues with hardware accelerators.
> 
> > -   tfm2 = crypto_alloc_skcipher("ctr(aes)", 0, 0);
> > +   tfm2 = crypto_alloc_skcipher("ctr(aes)", 0,
> > CRYPTO_ALG_ASYNC);
> 
> I'll apply this, after having found some code elsewhere that does
> something similar, but I'll note that this is super confusing, since
> the only documentation mentioning this flag says:
> 
> The mask flag restricts the type of cipher. The only allowed flag is
> CRYPTO_ALG_ASYNC to restrict the cipher lookup function to
> asynchronous ciphers. Usually, a caller provides a 0 for the mask flag.

The type and mask are used as follows when checking an algorithm:

alg->type & mask == type & mask

So to request a synchronous algorithm (that is, one with the
CRYPTO_ALG_ASYNC bit set to zero), you would set type to 0 and
mask to CRYPTO_ALG_ASYNC.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH] crypto: ccm - avoid scatterlist for MAC encryption

2016-10-18 Thread Herbert Xu
On Mon, Oct 17, 2016 at 06:21:14PM +0100, Ard Biesheuvel wrote:
>
> Annoyingly, all this complication with scatterlists etc is for doing
> asynchronous crypto via DMA capable crypto accelerators, and the
> networking code (ipsec as well as mac80211, afaik) only allow
> synchronous in the first place, given that they execute in softirq
> context.

I'm still thinking about the issue (in particular, whether we
should continue to rely on the request context being SG-capable
or allow it to be on the stack for AEAD).

But IPsec definitely supports async crypto.  In fact it was the
very first user of async crypto.

mac80211 on the other hand is currently sync-only.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [v3 PATCH 1/2] rhashtable: Add rhlist interface

2016-09-19 Thread Herbert Xu
On Mon, Sep 19, 2016 at 11:16:21PM +0200, Thomas Graf wrote:
>
> Nice, I like how this simplifies users! Is this suitable for
> ILA as well?

Does it have duplicate objects and use inelastic_security? If so
then yes it should switch over to rhlist.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


[v3 PATCH 1/2] rhashtable: Add rhlist interface

2016-09-19 Thread Herbert Xu
The insecure_elasticity setting is an ugly wart brought out by
users who need to insert duplicate objects (that is, distinct
objects with identical keys) into the same table.

In fact, those users have a much bigger problem.  Once those
duplicate objects are inserted, they don't have an interface to
find them (unless you count the walker interface which walks
over the entire table).

Some users have resorted to doing a manual walk over the hash
table which is of course broken because they don't handle the
potential existence of multiple hash tables.  The result is that
they will break sporadically when they encounter a hash table
resize/rehash.

This patch provides a way out for those users, at the expense
of an extra pointer per object.  Essentially each object is now
a list of objects carrying the same key.  The hash table will
only see the lists so nothing changes as far as rhashtable is
concerned.

To use this new interface, you need to insert a struct rhlist_head
into your objects instead of struct rhash_head.  While the hash
table is unchanged, for type-safety you'll need to use struct
rhltable instead of struct rhashtable.  All the existing interfaces
have been duplicated for rhlist, including the hash table walker.

One missing feature is nulls marking because AFAIK the only potential
user of it does not need duplicate objects.  Should anyone need
this it shouldn't be too hard to add.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 include/linux/rhashtable.h |  491 ++---
 lib/rhashtable.c   |  258 ++-
 2 files changed, 583 insertions(+), 166 deletions(-)

diff --git a/include/linux/rhashtable.h b/include/linux/rhashtable.h
index fd82584..5c132d3 100644
--- a/include/linux/rhashtable.h
+++ b/include/linux/rhashtable.h
@@ -1,7 +1,7 @@
 /*
  * Resizable, Scalable, Concurrent Hash Table
  *
- * Copyright (c) 2015 Herbert Xu <herb...@gondor.apana.org.au>
+ * Copyright (c) 2015-2016 Herbert Xu <herb...@gondor.apana.org.au>
  * Copyright (c) 2014-2015 Thomas Graf <tg...@suug.ch>
  * Copyright (c) 2008-2014 Patrick McHardy <ka...@trash.net>
  *
@@ -53,6 +53,11 @@ struct rhash_head {
struct rhash_head __rcu *next;
 };
 
+struct rhlist_head {
+   struct rhash_head   rhead;
+   struct rhlist_head __rcu*next;
+};
+
 /**
  * struct bucket_table - Table of hash buckets
  * @size: Number of hash buckets
@@ -137,6 +142,7 @@ struct rhashtable_params {
  * @key_len: Key length for hashfn
  * @elasticity: Maximum chain length before rehash
  * @p: Configuration parameters
+ * @rhlist: True if this is an rhltable
  * @run_work: Deferred worker to expand/shrink asynchronously
  * @mutex: Mutex to protect current/future table swapping
  * @lock: Spin lock to protect walker list
@@ -147,12 +153,21 @@ struct rhashtable {
unsigned intkey_len;
unsigned intelasticity;
struct rhashtable_paramsp;
+   boolrhlist;
struct work_struct  run_work;
struct mutexmutex;
spinlock_t  lock;
 };
 
 /**
+ * struct rhltable - Hash table with duplicate objects in a list
+ * @ht: Underlying rhtable
+ */
+struct rhltable {
+   struct rhashtable ht;
+};
+
+/**
  * struct rhashtable_walker - Hash table walker
  * @list: List entry on list of walkers
  * @tbl: The table that we were walking over
@@ -163,9 +178,10 @@ struct rhashtable_walker {
 };
 
 /**
- * struct rhashtable_iter - Hash table iterator, fits into netlink cb
+ * struct rhashtable_iter - Hash table iterator
  * @ht: Table to iterate through
  * @p: Current pointer
+ * @list: Current hash list pointer
  * @walker: Associated rhashtable walker
  * @slot: Current slot
  * @skip: Number of entries to skip in slot
@@ -173,6 +189,7 @@ struct rhashtable_walker {
 struct rhashtable_iter {
struct rhashtable *ht;
struct rhash_head *p;
+   struct rhlist_head *list;
struct rhashtable_walker walker;
unsigned int slot;
unsigned int skip;
@@ -339,13 +356,11 @@ static inline int lockdep_rht_bucket_is_held(const struct 
bucket_table *tbl,
 
 int rhashtable_init(struct rhashtable *ht,
const struct rhashtable_params *params);
+int rhltable_init(struct rhltable *hlt,
+ const struct rhashtable_params *params);
 
-struct bucket_table *rhashtable_insert_slow(struct rhashtable *ht,
-   const void *key,
-   struct rhash_head *obj,
-   struct bucket_table *old_tbl,
-   void **data);
-int rhashtable_insert_rehash(struct rhashtable *ht, struct bucket_table *tbl);
+void *rhashtable_insert_slow(struct rhashtable *ht, const void *key,
+

[v3 PATCH 2/2] mac80211: Use rhltable instead of rhashtable

2016-09-19 Thread Herbert Xu
mac80211 currently uses rhashtable with insecure_elasticity set
to true.  The latter is because of duplicate objects.  What's
more, mac80211 walks the rhashtable chains by hand which is broken
as rhashtable may contain multiple tables due to resizing or
rehashing.

This patch fixes it by converting it to the newly added rhltable
interface which is designed for use with duplicate objects.

With rhltable a lookup returns a list of objects instead of a
single one.  This is then fed into the existing for_each_sta_info
macro.

This patch also deletes the sta_addr_hash function since rhashtable
defaults to jhash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 net/mac80211/ieee80211_i.h |2 -
 net/mac80211/rx.c  |7 +-
 net/mac80211/sta_info.c|   52 ++---
 net/mac80211/sta_info.h|   19 ++--
 net/mac80211/status.c  |7 +-
 5 files changed, 33 insertions(+), 54 deletions(-)

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index f56d342..1a52cd4 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1208,7 +1208,7 @@ struct ieee80211_local {
spinlock_t tim_lock;
unsigned long num_sta;
struct list_head sta_list;
-   struct rhashtable sta_hash;
+   struct rhltable sta_hash;
struct timer_list sta_cleanup;
int sta_generation;
 
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 9dce3b1..5e26dc6 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3940,7 +3940,7 @@ static void __ieee80211_rx_handle_packet(struct 
ieee80211_hw *hw,
__le16 fc;
struct ieee80211_rx_data rx;
struct ieee80211_sub_if_data *prev;
-   struct rhash_head *tmp;
+   struct rhlist_head *tmp;
int err = 0;
 
fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
@@ -3983,13 +3983,10 @@ static void __ieee80211_rx_handle_packet(struct 
ieee80211_hw *hw,
goto out;
} else if (ieee80211_is_data(fc)) {
struct sta_info *sta, *prev_sta;
-   const struct bucket_table *tbl;
 
prev_sta = NULL;
 
-   tbl = rht_dereference_rcu(local->sta_hash.tbl, 
>sta_hash);
-
-   for_each_sta_info(local, tbl, hdr->addr2, sta, tmp) {
+   for_each_sta_info(local, hdr->addr2, sta, tmp) {
if (!prev_sta) {
prev_sta = sta;
continue;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 19f14c9..198d0bd 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -67,12 +67,10 @@
 
 static const struct rhashtable_params sta_rht_params = {
.nelem_hint = 3, /* start small */
-   .insecure_elasticity = true, /* Disable chain-length checks. */
.automatic_shrinking = true,
.head_offset = offsetof(struct sta_info, hash_node),
.key_offset = offsetof(struct sta_info, addr),
.key_len = ETH_ALEN,
-   .hashfn = sta_addr_hash,
.max_size = CONFIG_MAC80211_STA_HASH_MAX_SIZE,
 };
 
@@ -80,8 +78,8 @@ static const struct rhashtable_params sta_rht_params = {
 static int sta_info_hash_del(struct ieee80211_local *local,
 struct sta_info *sta)
 {
-   return rhashtable_remove_fast(>sta_hash, >hash_node,
- sta_rht_params);
+   return rhltable_remove(>sta_hash, >hash_node,
+  sta_rht_params);
 }
 
 static void __cleanup_single_sta(struct sta_info *sta)
@@ -157,19 +155,22 @@ static void cleanup_single_sta(struct sta_info *sta)
sta_info_free(local, sta);
 }
 
+struct rhlist_head *sta_info_hash_lookup(struct ieee80211_local *local,
+const u8 *addr)
+{
+   return rhltable_lookup(>sta_hash, addr, sta_rht_params);
+}
+
 /* protected by RCU */
 struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
  const u8 *addr)
 {
struct ieee80211_local *local = sdata->local;
+   struct rhlist_head *tmp;
struct sta_info *sta;
-   struct rhash_head *tmp;
-   const struct bucket_table *tbl;
 
rcu_read_lock();
-   tbl = rht_dereference_rcu(local->sta_hash.tbl, >sta_hash);
-
-   for_each_sta_info(local, tbl, addr, sta, tmp) {
+   for_each_sta_info(local, addr, sta, tmp) {
if (sta->sdata == sdata) {
rcu_read_unlock();
/* this is safe as the caller must already hold
@@ -190,14 +191,11 @@ struct sta_info *sta_info_get_bss(struct 
ieee80211_sub_if_data *sdata,
  const u8 *addr)
 {
struct ieee80211_local *local = sdata->local;
+   struct rhlist_head *tmp;
struct sta_info *sta;
-   struct r

[v3 PATCH 0/2] rhashtable: rhashtable with duplicate objects

2016-09-19 Thread Herbert Xu
v3 fixes a bug in the remove path that causes the element count
to decrease when it shouldn't, leading to a gigantic hash table
when it underflows.

v2 contains a reworked insertion slowpath to ensure that the
spinlock for the table we're inserting into is taken.

This series contains two patches.  The first adds the rhlist
interface and the second converts mac80211 to use it.  If this
works out I'll then proceed to convert the other insecure_elasticity
users over to this.

I've tested the rhlist code with test_rhashtable but I haven't
tested the mac80211 conversion.  So please give it a go and see
if it still works.

Thanks!
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [v2 PATCH 0/2] rhashtable: rhashtable with duplicate objects

2016-09-19 Thread Herbert Xu
On Mon, Sep 19, 2016 at 12:10:27PM +0200, Johannes Berg wrote:
> Btw, for debug I put
> 
> BUG_ON(atomic_read(>nelems) < 0);
> 
> after the atomic_dec() in __rhashtable_remove_fast_one(). That makes
> the kernel crash instantly on the buggy code, and I just have to run a
> single test ("wpas_ctrl_interface_add_many") to get there.

Aha I see the problem now.  The nelems logic on remove is broken.
I'll send out a v3.

Thanks!
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [v2 PATCH 0/2] rhashtable: rhashtable with duplicate objects

2016-09-19 Thread Herbert Xu
On Mon, Sep 19, 2016 at 11:27:24AM +0200, Johannes Berg wrote:
> 
> I have a feeling there's a bug with ht->nelems, since the crash is
> always in the grow worker, but I haven't quite put my finger on it yet.

Can you show me a stack trace?

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [v2 PATCH 0/2] rhashtable: rhashtable with duplicate objects

2016-09-19 Thread Herbert Xu
On Mon, Sep 19, 2016 at 11:15:30AM +0200, Johannes Berg wrote:
> On Mon, 2016-09-19 at 16:40 +0800, Herbert Xu wrote:
> 
> > I've tested the rhlist code with test_rhashtable but I haven't
> > tested the mac80211 conversion.  So please give it a go and see
> > if it still works.
> 
> This is still running out of memory on my test suite.
> 
> Somehow I don't see kmemleak kicking in, so I'll have to find the bug
> manually :)

What does your test suite actually do? Is it something that I
can run without special hardware?

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


[v2 PATCH 1/2] rhashtable: Add rhlist interface

2016-09-19 Thread Herbert Xu
The insecure_elasticity setting is an ugly wart brought out by
users who need to insert duplicate objects (that is, distinct
objects with identical keys) into the same table.

In fact, those users have a much bigger problem.  Once those
duplicate objects are inserted, they don't have an interface to
find them (unless you count the walker interface which walks
over the entire table).

Some users have resorted to doing a manual walk over the hash
table which is of course broken because they don't handle the
potential existence of multiple hash tables.  The result is that
they will break sporadically when they encounter a hash table
resize/rehash.

This patch provides a way out for those users, at the expense
of an extra pointer per object.  Essentially each object is now
a list of objects carrying the same key.  The hash table will
only see the lists so nothing changes as far as rhashtable is
concerned.

To use this new interface, you need to insert a struct rhlist_head
into your objects instead of struct rhash_head.  While the hash
table is unchanged, for type-safety you'll need to use struct
rhltable instead of struct rhashtable.  All the existing interfaces
have been duplicated for rhlist, including the hash table walker.

One missing feature is nulls marking because AFAIK the only potential
user of it does not need duplicate objects.  Should anyone need
this it shouldn't be too hard to add.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 include/linux/rhashtable.h |  490 ++---
 lib/rhashtable.c   |  258 ++-
 2 files changed, 582 insertions(+), 166 deletions(-)

diff --git a/include/linux/rhashtable.h b/include/linux/rhashtable.h
index fd82584..dc7bea6 100644
--- a/include/linux/rhashtable.h
+++ b/include/linux/rhashtable.h
@@ -1,7 +1,7 @@
 /*
  * Resizable, Scalable, Concurrent Hash Table
  *
- * Copyright (c) 2015 Herbert Xu <herb...@gondor.apana.org.au>
+ * Copyright (c) 2015-2016 Herbert Xu <herb...@gondor.apana.org.au>
  * Copyright (c) 2014-2015 Thomas Graf <tg...@suug.ch>
  * Copyright (c) 2008-2014 Patrick McHardy <ka...@trash.net>
  *
@@ -53,6 +53,11 @@ struct rhash_head {
struct rhash_head __rcu *next;
 };
 
+struct rhlist_head {
+   struct rhash_head   rhead;
+   struct rhlist_head __rcu*next;
+};
+
 /**
  * struct bucket_table - Table of hash buckets
  * @size: Number of hash buckets
@@ -137,6 +142,7 @@ struct rhashtable_params {
  * @key_len: Key length for hashfn
  * @elasticity: Maximum chain length before rehash
  * @p: Configuration parameters
+ * @rhlist: True if this is an rhltable
  * @run_work: Deferred worker to expand/shrink asynchronously
  * @mutex: Mutex to protect current/future table swapping
  * @lock: Spin lock to protect walker list
@@ -147,12 +153,21 @@ struct rhashtable {
unsigned intkey_len;
unsigned intelasticity;
struct rhashtable_paramsp;
+   boolrhlist;
struct work_struct  run_work;
struct mutexmutex;
spinlock_t  lock;
 };
 
 /**
+ * struct rhltable - Hash table with duplicate objects in a list
+ * @ht: Underlying rhtable
+ */
+struct rhltable {
+   struct rhashtable ht;
+};
+
+/**
  * struct rhashtable_walker - Hash table walker
  * @list: List entry on list of walkers
  * @tbl: The table that we were walking over
@@ -163,9 +178,10 @@ struct rhashtable_walker {
 };
 
 /**
- * struct rhashtable_iter - Hash table iterator, fits into netlink cb
+ * struct rhashtable_iter - Hash table iterator
  * @ht: Table to iterate through
  * @p: Current pointer
+ * @list: Current hash list pointer
  * @walker: Associated rhashtable walker
  * @slot: Current slot
  * @skip: Number of entries to skip in slot
@@ -173,6 +189,7 @@ struct rhashtable_walker {
 struct rhashtable_iter {
struct rhashtable *ht;
struct rhash_head *p;
+   struct rhlist_head *list;
struct rhashtable_walker walker;
unsigned int slot;
unsigned int skip;
@@ -339,13 +356,11 @@ static inline int lockdep_rht_bucket_is_held(const struct 
bucket_table *tbl,
 
 int rhashtable_init(struct rhashtable *ht,
const struct rhashtable_params *params);
+int rhltable_init(struct rhltable *hlt,
+ const struct rhashtable_params *params);
 
-struct bucket_table *rhashtable_insert_slow(struct rhashtable *ht,
-   const void *key,
-   struct rhash_head *obj,
-   struct bucket_table *old_tbl,
-   void **data);
-int rhashtable_insert_rehash(struct rhashtable *ht, struct bucket_table *tbl);
+void *rhashtable_insert_slow(struct rhashtable *ht, const void *key,
+

[v2 PATCH 0/2] rhashtable: rhashtable with duplicate objects

2016-09-19 Thread Herbert Xu
v2 contains a reworked insertion slowpath to ensure that the
spinlock for the table we're inserting into is taken.

This series contains one two patches.  The first adds the rhlist
interface and the second converts mac80211 to use it.  If this works
out I'll then proceed to convert the other insecure_elasticity
users over to this.

I've tested the rhlist code with test_rhashtable but I haven't
tested the mac80211 conversion.  So please give it a go and see
if it still works.

Thanks!
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


[v2 PATCH 2/2] mac80211: Use rhltable instead of rhashtable

2016-09-19 Thread Herbert Xu
mac80211 currently uses rhashtable with insecure_elasticity set
to true.  The latter is because of duplicate objects.  What's
more, mac80211 walks the rhashtable chains by hand which is broken
as rhashtable may contain multiple tables due to resizing or
rehashing.

This patch fixes it by converting it to the newly added rhltable
interface which is designed for use with duplicate objects.

With rhltable a lookup returns a list of objects instead of a
single one.  This is then fed into the existing for_each_sta_info
macro.

This patch also deletes the sta_addr_hash function since rhashtable
defaults to jhash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 net/mac80211/ieee80211_i.h |2 -
 net/mac80211/rx.c  |7 +-
 net/mac80211/sta_info.c|   52 ++---
 net/mac80211/sta_info.h|   19 ++--
 net/mac80211/status.c  |7 +-
 5 files changed, 33 insertions(+), 54 deletions(-)

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index f56d342..1a52cd4 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1208,7 +1208,7 @@ struct ieee80211_local {
spinlock_t tim_lock;
unsigned long num_sta;
struct list_head sta_list;
-   struct rhashtable sta_hash;
+   struct rhltable sta_hash;
struct timer_list sta_cleanup;
int sta_generation;
 
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 9dce3b1..5e26dc6 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3940,7 +3940,7 @@ static void __ieee80211_rx_handle_packet(struct 
ieee80211_hw *hw,
__le16 fc;
struct ieee80211_rx_data rx;
struct ieee80211_sub_if_data *prev;
-   struct rhash_head *tmp;
+   struct rhlist_head *tmp;
int err = 0;
 
fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
@@ -3983,13 +3983,10 @@ static void __ieee80211_rx_handle_packet(struct 
ieee80211_hw *hw,
goto out;
} else if (ieee80211_is_data(fc)) {
struct sta_info *sta, *prev_sta;
-   const struct bucket_table *tbl;
 
prev_sta = NULL;
 
-   tbl = rht_dereference_rcu(local->sta_hash.tbl, 
>sta_hash);
-
-   for_each_sta_info(local, tbl, hdr->addr2, sta, tmp) {
+   for_each_sta_info(local, hdr->addr2, sta, tmp) {
if (!prev_sta) {
prev_sta = sta;
continue;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 19f14c9..198d0bd 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -67,12 +67,10 @@
 
 static const struct rhashtable_params sta_rht_params = {
.nelem_hint = 3, /* start small */
-   .insecure_elasticity = true, /* Disable chain-length checks. */
.automatic_shrinking = true,
.head_offset = offsetof(struct sta_info, hash_node),
.key_offset = offsetof(struct sta_info, addr),
.key_len = ETH_ALEN,
-   .hashfn = sta_addr_hash,
.max_size = CONFIG_MAC80211_STA_HASH_MAX_SIZE,
 };
 
@@ -80,8 +78,8 @@ static const struct rhashtable_params sta_rht_params = {
 static int sta_info_hash_del(struct ieee80211_local *local,
 struct sta_info *sta)
 {
-   return rhashtable_remove_fast(>sta_hash, >hash_node,
- sta_rht_params);
+   return rhltable_remove(>sta_hash, >hash_node,
+  sta_rht_params);
 }
 
 static void __cleanup_single_sta(struct sta_info *sta)
@@ -157,19 +155,22 @@ static void cleanup_single_sta(struct sta_info *sta)
sta_info_free(local, sta);
 }
 
+struct rhlist_head *sta_info_hash_lookup(struct ieee80211_local *local,
+const u8 *addr)
+{
+   return rhltable_lookup(>sta_hash, addr, sta_rht_params);
+}
+
 /* protected by RCU */
 struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
  const u8 *addr)
 {
struct ieee80211_local *local = sdata->local;
+   struct rhlist_head *tmp;
struct sta_info *sta;
-   struct rhash_head *tmp;
-   const struct bucket_table *tbl;
 
rcu_read_lock();
-   tbl = rht_dereference_rcu(local->sta_hash.tbl, >sta_hash);
-
-   for_each_sta_info(local, tbl, addr, sta, tmp) {
+   for_each_sta_info(local, addr, sta, tmp) {
if (sta->sdata == sdata) {
rcu_read_unlock();
/* this is safe as the caller must already hold
@@ -190,14 +191,11 @@ struct sta_info *sta_info_get_bss(struct 
ieee80211_sub_if_data *sdata,
  const u8 *addr)
 {
struct ieee80211_local *local = sdata->local;
+   struct rhlist_head *tmp;
struct sta_info *sta;
-   struct r

Re: [PATCH 0/2] rhashtable: rhashtable with duplicate objects

2016-09-19 Thread Herbert Xu
On Mon, Sep 19, 2016 at 10:25:18AM +0200, Johannes Berg wrote:
> 
> > Yes, it's passing all the wpa_supplicant tests, so
> > 
> > Acked-by: Johannes Berg <johan...@sipsolutions.net>
> > 
> 
> I take that back. I think it's leaking memory - my tests never used to
> run out of memory, but now they eventually do.
> 
> I'll try to figure out more.

Interesting.  The kernel test robot found a bug in the insertion
slowpath where we end up inserting without taking the inner spinlock
in case of a nested table.  Not sure whether that's the same issue
as you're seeing but I'll do a v2 posting.

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


[PATCH 2/2] mac80211: Use rhltable instead of rhashtable

2016-09-18 Thread Herbert Xu
mac80211 currently uses rhashtable with insecure_elasticity set
to true.  The latter is because of duplicate objects.  What's
more, mac80211 walks the rhashtable chains by hand which is broken
as rhashtable may contain multiple tables due to resizing or
rehashing.

This patch fixes it by converting it to the newly added rhltable
interface which is designed for use with duplicate objects.

With rhltable a lookup returns a list of objects instead of a
single one.  This is then fed into the existing for_each_sta_info
macro.

This patch also deletes the sta_addr_hash function since rhashtable
defaults to jhash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 net/mac80211/ieee80211_i.h |2 -
 net/mac80211/rx.c  |7 +-
 net/mac80211/sta_info.c|   52 ++---
 net/mac80211/sta_info.h|   19 ++--
 net/mac80211/status.c  |7 +-
 5 files changed, 33 insertions(+), 54 deletions(-)

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index f56d342..1a52cd4 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1208,7 +1208,7 @@ struct ieee80211_local {
spinlock_t tim_lock;
unsigned long num_sta;
struct list_head sta_list;
-   struct rhashtable sta_hash;
+   struct rhltable sta_hash;
struct timer_list sta_cleanup;
int sta_generation;
 
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 9dce3b1..5e26dc6 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3940,7 +3940,7 @@ static void __ieee80211_rx_handle_packet(struct 
ieee80211_hw *hw,
__le16 fc;
struct ieee80211_rx_data rx;
struct ieee80211_sub_if_data *prev;
-   struct rhash_head *tmp;
+   struct rhlist_head *tmp;
int err = 0;
 
fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
@@ -3983,13 +3983,10 @@ static void __ieee80211_rx_handle_packet(struct 
ieee80211_hw *hw,
goto out;
} else if (ieee80211_is_data(fc)) {
struct sta_info *sta, *prev_sta;
-   const struct bucket_table *tbl;
 
prev_sta = NULL;
 
-   tbl = rht_dereference_rcu(local->sta_hash.tbl, 
>sta_hash);
-
-   for_each_sta_info(local, tbl, hdr->addr2, sta, tmp) {
+   for_each_sta_info(local, hdr->addr2, sta, tmp) {
if (!prev_sta) {
prev_sta = sta;
continue;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 19f14c9..198d0bd 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -67,12 +67,10 @@
 
 static const struct rhashtable_params sta_rht_params = {
.nelem_hint = 3, /* start small */
-   .insecure_elasticity = true, /* Disable chain-length checks. */
.automatic_shrinking = true,
.head_offset = offsetof(struct sta_info, hash_node),
.key_offset = offsetof(struct sta_info, addr),
.key_len = ETH_ALEN,
-   .hashfn = sta_addr_hash,
.max_size = CONFIG_MAC80211_STA_HASH_MAX_SIZE,
 };
 
@@ -80,8 +78,8 @@ static const struct rhashtable_params sta_rht_params = {
 static int sta_info_hash_del(struct ieee80211_local *local,
 struct sta_info *sta)
 {
-   return rhashtable_remove_fast(>sta_hash, >hash_node,
- sta_rht_params);
+   return rhltable_remove(>sta_hash, >hash_node,
+  sta_rht_params);
 }
 
 static void __cleanup_single_sta(struct sta_info *sta)
@@ -157,19 +155,22 @@ static void cleanup_single_sta(struct sta_info *sta)
sta_info_free(local, sta);
 }
 
+struct rhlist_head *sta_info_hash_lookup(struct ieee80211_local *local,
+const u8 *addr)
+{
+   return rhltable_lookup(>sta_hash, addr, sta_rht_params);
+}
+
 /* protected by RCU */
 struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
  const u8 *addr)
 {
struct ieee80211_local *local = sdata->local;
+   struct rhlist_head *tmp;
struct sta_info *sta;
-   struct rhash_head *tmp;
-   const struct bucket_table *tbl;
 
rcu_read_lock();
-   tbl = rht_dereference_rcu(local->sta_hash.tbl, >sta_hash);
-
-   for_each_sta_info(local, tbl, addr, sta, tmp) {
+   for_each_sta_info(local, addr, sta, tmp) {
if (sta->sdata == sdata) {
rcu_read_unlock();
/* this is safe as the caller must already hold
@@ -190,14 +191,11 @@ struct sta_info *sta_info_get_bss(struct 
ieee80211_sub_if_data *sdata,
  const u8 *addr)
 {
struct ieee80211_local *local = sdata->local;
+   struct rhlist_head *tmp;
struct sta_info *sta;
-   struct r

[PATCH 1/2] rhashtable: Add rhlist interface

2016-09-18 Thread Herbert Xu
The insecure_elasticity setting is an ugly wart brought out by
users who need to insert duplicate objects (that is, distinct
objects with identical keys) into the same table.

In fact, those users have a much bigger problem.  Once those
duplicate objects are inserted, they don't have an interface to
find them (unless you count the walker interface which walks
over the entire table).

Some users have resorted to doing a manual walk over the hash
table which is of course broken because they don't handle the
potential existence of multiple hash tables.  The result is that
they will break sporadically when they encounter a hash table
resize/rehash.

This patch provides a way out for those users, at the expense
of an extra pointer per object.  Essentially each object is now
a list of objects carrying the same key.  The hash table will
only see the lists so nothing changes as far as rhashtable is
concerned.

To use this new interface, you need to insert a struct rhlist_head
into your objects instead of struct rhash_head.  While the hash
table is unchanged, for type-safety you'll need to use struct
rhltable instead of struct rhashtable.  All the existing interfaces
have been duplicated for rhlist, including the hash table walker.

One missing feature is nulls marking because AFAIK the only potential
user of it does not need duplicate objects.  Should anyone need
this it shouldn't be too hard to add.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 include/linux/rhashtable.h |  490 ++---
 lib/rhashtable.c   |  231 -
 2 files changed, 560 insertions(+), 161 deletions(-)

diff --git a/include/linux/rhashtable.h b/include/linux/rhashtable.h
index fd82584..dc7bea6 100644
--- a/include/linux/rhashtable.h
+++ b/include/linux/rhashtable.h
@@ -1,7 +1,7 @@
 /*
  * Resizable, Scalable, Concurrent Hash Table
  *
- * Copyright (c) 2015 Herbert Xu <herb...@gondor.apana.org.au>
+ * Copyright (c) 2015-2016 Herbert Xu <herb...@gondor.apana.org.au>
  * Copyright (c) 2014-2015 Thomas Graf <tg...@suug.ch>
  * Copyright (c) 2008-2014 Patrick McHardy <ka...@trash.net>
  *
@@ -53,6 +53,11 @@ struct rhash_head {
struct rhash_head __rcu *next;
 };
 
+struct rhlist_head {
+   struct rhash_head   rhead;
+   struct rhlist_head __rcu*next;
+};
+
 /**
  * struct bucket_table - Table of hash buckets
  * @size: Number of hash buckets
@@ -137,6 +142,7 @@ struct rhashtable_params {
  * @key_len: Key length for hashfn
  * @elasticity: Maximum chain length before rehash
  * @p: Configuration parameters
+ * @rhlist: True if this is an rhltable
  * @run_work: Deferred worker to expand/shrink asynchronously
  * @mutex: Mutex to protect current/future table swapping
  * @lock: Spin lock to protect walker list
@@ -147,12 +153,21 @@ struct rhashtable {
unsigned intkey_len;
unsigned intelasticity;
struct rhashtable_paramsp;
+   boolrhlist;
struct work_struct  run_work;
struct mutexmutex;
spinlock_t  lock;
 };
 
 /**
+ * struct rhltable - Hash table with duplicate objects in a list
+ * @ht: Underlying rhtable
+ */
+struct rhltable {
+   struct rhashtable ht;
+};
+
+/**
  * struct rhashtable_walker - Hash table walker
  * @list: List entry on list of walkers
  * @tbl: The table that we were walking over
@@ -163,9 +178,10 @@ struct rhashtable_walker {
 };
 
 /**
- * struct rhashtable_iter - Hash table iterator, fits into netlink cb
+ * struct rhashtable_iter - Hash table iterator
  * @ht: Table to iterate through
  * @p: Current pointer
+ * @list: Current hash list pointer
  * @walker: Associated rhashtable walker
  * @slot: Current slot
  * @skip: Number of entries to skip in slot
@@ -173,6 +189,7 @@ struct rhashtable_walker {
 struct rhashtable_iter {
struct rhashtable *ht;
struct rhash_head *p;
+   struct rhlist_head *list;
struct rhashtable_walker walker;
unsigned int slot;
unsigned int skip;
@@ -339,13 +356,11 @@ static inline int lockdep_rht_bucket_is_held(const struct 
bucket_table *tbl,
 
 int rhashtable_init(struct rhashtable *ht,
const struct rhashtable_params *params);
+int rhltable_init(struct rhltable *hlt,
+ const struct rhashtable_params *params);
 
-struct bucket_table *rhashtable_insert_slow(struct rhashtable *ht,
-   const void *key,
-   struct rhash_head *obj,
-   struct bucket_table *old_tbl,
-   void **data);
-int rhashtable_insert_rehash(struct rhashtable *ht, struct bucket_table *tbl);
+void *rhashtable_insert_slow(struct rhashtable *ht, const void *key,
+

[PATCH 0/2] rhashtable: rhashtable with duplicate objects

2016-09-18 Thread Herbert Xu
On Fri, Aug 05, 2016 at 12:50:33PM +0200, Johannes Berg wrote:
> > My plan is to build support for this directly into rhashtable.
> > So I'm adding a struct rhlist_head that would be used in place
> > of rhash_head for these cases and it'll carry an extra pointer
> > for the list of identical entries.
> > 
> > I will then add an additional layer of insert/lookup interfaces
> > for rhlist_head.
> 
> Oh, ok.

OK, it's finally ready now.

This series contains one two patches.  The first adds the rhlist
interface and the second converts mac80211 to use it.  If this works
out I'll then proceed to convert the other insecure_elasticity
users over to this.

I've tested the rhlist code with test_rhashtable but I haven't
tested the mac80211 conversion.  So please give it a go and see
if it still works.

Thanks!
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


Re: [PATCH 2/2] ath9k: disable RNG by default

2016-08-09 Thread Herbert Xu
On Tue, Aug 09, 2016 at 11:56:08AM +0200, Stephan Mueller wrote:
> Am Dienstag, 9. August 2016, 17:46:56 CEST schrieb Herbert Xu:
> 
> Hi Herbert,
> > 
> > You're supposed to tweak the quality of the input.  In any case,
> 
> How is that tweak supposed to happen? The rngd does not allow changing the 
> amount of read data relative to the assumed entropy.

Hmm, I guess it depends on your distro.  Some do.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: [PATCH 2/2] ath9k: disable RNG by default

2016-08-09 Thread Herbert Xu
On Tue, Aug 09, 2016 at 11:37:39AM +0200, Stephan Mueller wrote:
> Am Dienstag, 9. August 2016, 17:17:55 CEST schrieb Herbert Xu:
> 
> Hi Herbert,
> 
> > On Tue, Aug 09, 2016 at 11:02:58AM +0200, Stephan Mueller wrote:
> > > But shouldn't the default of the rngd then be adjusted a bit?
> > 
> > Please elaborate.
> 
> in rngd_linux.c:random_add_entropy(void *buf, size_t size):
> 
> entropy.ent_count = size * 8;
> entropy.size = size;
> memcpy(entropy.data, buf, size);
> 
> if (ioctl(random_fd, RNDADDENTROPY, ) != 0) {
> 
> ...
> 
> 
> in rngd.c:do_loop():
> 
> retval = iter->xread(buf, sizeof buf, iter);
> ...
> rc = update_kernel_random(random_step,
>  buf, iter->fipsctx);
> 
> where update_kernel_random simply invokes random_add_entropy in chunks.
> 
> Hence, the rngd reads some bytes from /dev/hwrand and injects it into /dev/
> random with an entropy estimate that is equal to the read bytes.
> 
> With less than perfect noise sources, entropy.ent_count should be much 
> smaller.

You're supposed to tweak the quality of the input.  In any case,
this is not affected by whether we whiten the result.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: [PATCH 2/2] ath9k: disable RNG by default

2016-08-09 Thread Herbert Xu
On Tue, Aug 09, 2016 at 11:02:58AM +0200, Stephan Mueller wrote:
> 
> But shouldn't the default of the rngd then be adjusted a bit?

Please elaborate.

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: [PATCH 2/2] ath9k: disable RNG by default

2016-08-09 Thread Herbert Xu
On Tue, Aug 09, 2016 at 10:07:29AM +0200, Stephan Mueller wrote:
> 
> Herbert, Matt, should such noise sources be added to the HW random framework? 
> The thing is that the in-kernel HW random to input_pool link per default uses 
> a more conservative entropy estimate than the user space rngd. I would think 
> that the in-kernel link would appropriate for that rng. But the user space 
> rngd tool with its default behavior is not really suited here.

Yes hwrng would be the best fit, with a quality of zero to be safe.

Contrary to the quoted thread, there is no need to whiten the output
/dev/hw_random.  It was always meant to go through some intermediate
processing such as rngd before it is used.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: Buggy rhashtable walking

2016-08-08 Thread Herbert Xu
On Fri, Aug 05, 2016 at 04:46:43AM -0700, Ben Greear wrote:
>
> It would not be fun to have to revert to the old way of hashing
> stations in mac80211...
> 
> I'll be happy to test the patches when you have them ready.

Thanks for the offer.  Unfortunately it'll be a few days before
I'm ready because I need to work through some crypto patches first.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: Buggy rhashtable walking

2016-08-05 Thread Herbert Xu
On Fri, Aug 05, 2016 at 08:16:53AM +0200, Johannes Berg wrote:
> 
> Hm. Would you rather allocate a separate head entry for the hashtable,
> or chain the entries?

My plan is to build support for this directly into rhashtable.
So I'm adding a struct rhlist_head that would be used in place
of rhash_head for these cases and it'll carry an extra pointer
for the list of identical entries.

I will then add an additional layer of insert/lookup interfaces
for rhlist_head.

So bottom-line is that if you have no identical entries that you
only incur an extra 8 bytes per-object.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: Buggy rhashtable walking

2016-08-04 Thread Herbert Xu
On Thu, Aug 04, 2016 at 03:18:46PM +0800, Herbert Xu wrote:
> 
> So the question is can wireless handle seeing an entry multiple
> times? In particular, __ieee80211_rx_handle_packet would appear
> to process the same packet multiple times if this were to happen.

It's worse than I thought.  In fact it's not walking the table
at all, rather it's doing a hash lookup by hand!

This cannot possibly work given that rhashtable makes use of
multiple hash tables.

In fact this also demonstrates why putting multiple identical
objects into the same table is crap.  Because there is no sane
way of returning all objects corresponding to a single key, given
that they may be spread over multiple tables.

So I'm going to fix this by consolidating identical objects into
a single rhashtable entry which also lets us get rid of the
insecure_elasticity setting.

So the next time someone comes along and wants to add multiple
objects with the same key to one table, please just say no.

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Buggy rhashtable walking

2016-08-04 Thread Herbert Xu
Hi:

While working on rhashtable I noticed that wireless is walking
rhashtables by hand using rht_for_each_*.  You must not do that
as an rhashtable can entail multiple hash tables when resizing.
If you walk it by hand then you may end up missing entries.

The correct way to do it is to use the rhashtable walk interface.
However, even this comes with the caveat that a given entry may
show up multiple times.  So if you cannot handle that then you
must construct your own data structure outside of rhashtable, like
we do in IPsec.

So the question is can wireless handle seeing an entry multiple
times? In particular, __ieee80211_rx_handle_packet would appear
to process the same packet multiple times if this were to happen.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: Question on rhashtable in worst-case scenario.

2016-04-01 Thread Herbert Xu
On Fri, Apr 01, 2016 at 11:34:10PM +0200, Johannes Berg wrote:
>
> I was thinking about that one - it's not obvious to me from the code
> how this "explicitly checking for dups" would be done or let's say how
> rhashtable differentiates. But since it seems to work for Ben until
> hitting a certain number of identical keys, surely that's just me not
> understanding the code rather than anything else :)

It's really simple, rhashtable_insert_fast does not check for dups
while rhashtable_lookup_insert_* do.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: Question on rhashtable in worst-case scenario.

2016-03-31 Thread Herbert Xu
On Thu, Mar 31, 2016 at 05:29:59PM +0200, Johannes Berg wrote:
> 
> Does removing this completely disable the "-EEXIST" error? I can't say
> I fully understand the elasticity stuff in __rhashtable_insert_fast().

What EEXIST error are you talking about? The only one that can be
returned on insertion is if you're explicitly checking for dups
which clearly can't be the case for you.

If you're talking about the EEXIST error due to a rehash then it is
completely hidden from you by rhashtable_insert_rehash.

If you actually meant EBUSY then yes this should prevent it from
occurring, unless your chain-length exceeds 2^32.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: Question on rhashtable in worst-case scenario.

2016-03-31 Thread Herbert Xu
On Thu, Mar 31, 2016 at 09:46:45AM +0200, Johannes Berg wrote:
>
> In this case, I think perhaps you can just patch your local system with
> the many interfaces connecting to the same AP to add the parameter
> Herbert suggested (.insecure_elasticity = true in sta_rht_params). This
> is, after all, very much a case that "normal" operation doesn't even
> get close to.

I think you should just turn it on everywhere for mac80211.  Chain
length checks simply don't make sense when you allow duplicate
keys in the hash table.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: Question on rhashtable in worst-case scenario.

2016-03-30 Thread Herbert Xu
On Wed, Mar 30, 2016 at 11:14:12AM +0200, Johannes Berg wrote:
> On Tue, 2016-03-29 at 09:16 -0700, Ben Greear wrote:
> > Looks like rhashtable has too much policy in it to properly deal with
> > cases where there are too many hash collisions, so I am going to work
> > on reverting it's use in mac80211.
> 
> I'm not really all that happy with that approach - can't we fix the
> rhashtable? It's a pretty rare corner case that many keys really are
> identical and no kind of hash algorithm, but it seems much better to
> still deal with it than to remove the rhashtable usage and go back to
> hand-rolling something.

Well to start with you should assess whether you really want to
hash multiple objects with the same key.  In particular, can an
adversary generate a large number of such objects?

If your conclusion is that yes you really want to do this, then
we have the parameter insecure_elasticity that you can use to
disable the rehashing based on chain length.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: [PATCH 16/26] libceph: Use skcipher

2016-01-26 Thread Herbert Xu
On Tue, Jan 26, 2016 at 12:29:57PM +0100, Ilya Dryomov wrote:
>
> LGTM.  You want to take it through crypto?

That's probably the easiest route since I'd like to take the first
patch through cryptodev.

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: [PATCH 16/26] libceph: Use skcipher

2016-01-26 Thread Herbert Xu
On Mon, Jan 25, 2016 at 05:18:47PM +0100, Ilya Dryomov wrote:
> 
> Could you get rid of ivsize instead of assigning to it - see the
> attached diff?

How about an incremental patch like this? Thanks!

---8<---
From: Ilya Dryomov <idryo...@gmail.com>
Subject: libceph: Remove unnecessary ivsize variables

This patch removes the unnecessary ivsize variabls as they always
have the value of AES_BLOCK_SIZE.

Signed-off-by: Ilya Dryomov <idryo...@gmail.com>

diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index fb9cb2b..db2847a 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -166,8 +166,7 @@ static int ceph_aes_encrypt(const void *key, int key_len,
struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
-   int ivsize = AES_BLOCK_SIZE;
-   char iv[ivsize];
+   char iv[AES_BLOCK_SIZE];
size_t zero_padding = (0x10 - (src_len & 0x0f));
char pad[16];
 
@@ -186,7 +185,7 @@ static int ceph_aes_encrypt(const void *key, int key_len,
goto out_tfm;
 
crypto_skcipher_setkey((void *)tfm, key, key_len);
-   memcpy(iv, aes_iv, ivsize);
+   memcpy(iv, aes_iv, AES_BLOCK_SIZE);
 
skcipher_request_set_tfm(req, tfm);
skcipher_request_set_callback(req, 0, NULL, NULL);
@@ -229,8 +228,7 @@ static int ceph_aes_encrypt2(const void *key, int key_len, 
void *dst,
struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
-   int ivsize = AES_BLOCK_SIZE;
-   char iv[ivsize];
+   char iv[AES_BLOCK_SIZE];
size_t zero_padding = (0x10 - ((src1_len + src2_len) & 0x0f));
char pad[16];
 
@@ -250,7 +248,7 @@ static int ceph_aes_encrypt2(const void *key, int key_len, 
void *dst,
goto out_tfm;
 
crypto_skcipher_setkey((void *)tfm, key, key_len);
-   memcpy(iv, aes_iv, ivsize);
+   memcpy(iv, aes_iv, AES_BLOCK_SIZE);
 
skcipher_request_set_tfm(req, tfm);
skcipher_request_set_callback(req, 0, NULL, NULL);
@@ -294,8 +292,7 @@ static int ceph_aes_decrypt(const void *key, int key_len,
struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
SKCIPHER_REQUEST_ON_STACK(req, tfm);
char pad[16];
-   int ivsize = AES_BLOCK_SIZE;
-   char iv[16];
+   char iv[AES_BLOCK_SIZE];
int ret;
int last_byte;
 
@@ -310,7 +307,7 @@ static int ceph_aes_decrypt(const void *key, int key_len,
goto out_tfm;
 
crypto_skcipher_setkey((void *)tfm, key, key_len);
-   memcpy(iv, aes_iv, ivsize);
+   memcpy(iv, aes_iv, AES_BLOCK_SIZE);
 
skcipher_request_set_tfm(req, tfm);
skcipher_request_set_callback(req, 0, NULL, NULL);
@@ -363,8 +360,7 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
SKCIPHER_REQUEST_ON_STACK(req, tfm);
char pad[16];
-   int ivsize = AES_BLOCK_SIZE;
-   char iv[ivsize];
+   char iv[AES_BLOCK_SIZE];
int ret;
int last_byte;
 
@@ -380,7 +376,7 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
goto out_tfm;
 
crypto_skcipher_setkey((void *)tfm, key, key_len);
-   memcpy(iv, aes_iv, ivsize);
+   memcpy(iv, aes_iv, AES_BLOCK_SIZE);
 
skcipher_request_set_tfm(req, tfm);
skcipher_request_set_callback(req, 0, NULL, NULL);

-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[v2 PATCH 9/26] eCryptfs: Use skcipher and shash

2016-01-24 Thread Herbert Xu
On Sun, Jan 24, 2016 at 07:10:50PM +0100, Julia Lawall wrote:
> Maybe the goto on line 1726 needs a preceding mutex_unlock?

Good catch! Thanks.

---8<---
This patch replaces uses of ablkcipher and blkcipher with skcipher,
and the long obsolete hash interface with shash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>

diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 80d6901..11255cb 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -23,6 +23,8 @@
  * 02111-1307, USA.
  */
 
+#include 
+#include 
 #include 
 #include 
 #include 
@@ -30,7 +32,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -74,6 +75,19 @@ void ecryptfs_from_hex(char *dst, char *src, int dst_size)
}
 }
 
+static int ecryptfs_hash_digest(struct crypto_shash *tfm,
+   char *src, int len, char *dst)
+{
+   SHASH_DESC_ON_STACK(desc, tfm);
+   int err;
+
+   desc->tfm = tfm;
+   desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+   err = crypto_shash_digest(desc, src, len, dst);
+   shash_desc_zero(desc);
+   return err;
+}
+
 /**
  * ecryptfs_calculate_md5 - calculates the md5 of @src
  * @dst: Pointer to 16 bytes of allocated memory
@@ -88,45 +102,26 @@ static int ecryptfs_calculate_md5(char *dst,
  struct ecryptfs_crypt_stat *crypt_stat,
  char *src, int len)
 {
-   struct scatterlist sg;
-   struct hash_desc desc = {
-   .tfm = crypt_stat->hash_tfm,
-   .flags = CRYPTO_TFM_REQ_MAY_SLEEP
-   };
+   struct crypto_shash *tfm;
int rc = 0;
 
mutex_lock(_stat->cs_hash_tfm_mutex);
-   sg_init_one(, (u8 *)src, len);
-   if (!desc.tfm) {
-   desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0,
-CRYPTO_ALG_ASYNC);
-   if (IS_ERR(desc.tfm)) {
-   rc = PTR_ERR(desc.tfm);
+   tfm = crypt_stat->hash_tfm;
+   if (!tfm) {
+   tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0);
+   if (IS_ERR(tfm)) {
+   rc = PTR_ERR(tfm);
ecryptfs_printk(KERN_ERR, "Error attempting to "
"allocate crypto context; rc = [%d]\n",
rc);
goto out;
}
-   crypt_stat->hash_tfm = desc.tfm;
-   }
-   rc = crypto_hash_init();
-   if (rc) {
-   printk(KERN_ERR
-  "%s: Error initializing crypto hash; rc = [%d]\n",
-  __func__, rc);
-   goto out;
+   crypt_stat->hash_tfm = tfm;
}
-   rc = crypto_hash_update(, , len);
+   rc = ecryptfs_hash_digest(tfm, src, len, dst);
if (rc) {
printk(KERN_ERR
-  "%s: Error updating crypto hash; rc = [%d]\n",
-  __func__, rc);
-   goto out;
-   }
-   rc = crypto_hash_final(, dst);
-   if (rc) {
-   printk(KERN_ERR
-  "%s: Error finalizing crypto hash; rc = [%d]\n",
+  "%s: Error computing crypto hash; rc = [%d]\n",
   __func__, rc);
goto out;
}
@@ -234,10 +229,8 @@ void ecryptfs_destroy_crypt_stat(struct 
ecryptfs_crypt_stat *crypt_stat)
 {
struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
 
-   if (crypt_stat->tfm)
-   crypto_free_ablkcipher(crypt_stat->tfm);
-   if (crypt_stat->hash_tfm)
-   crypto_free_hash(crypt_stat->hash_tfm);
+   crypto_free_skcipher(crypt_stat->tfm);
+   crypto_free_shash(crypt_stat->hash_tfm);
list_for_each_entry_safe(key_sig, key_sig_tmp,
 _stat->keysig_list, crypt_stat_list) {
list_del(_sig->crypt_stat_list);
@@ -342,7 +335,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat 
*crypt_stat,
 struct scatterlist *src_sg, int size,
 unsigned char *iv, int op)
 {
-   struct ablkcipher_request *req = NULL;
+   struct skcipher_request *req = NULL;
struct extent_crypt_result ecr;
int rc = 0;
 
@@ -358,20 +351,20 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat 
*crypt_stat,
init_completion();
 
mutex_lock(_stat->cs_tfm_mutex);
-   req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
+   req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
if (!req) {
mutex_unlock(_stat->cs_tfm_mutex);
rc = -ENOMEM;
goto out;
}
 
-   ablkcipher_request_set_callb

[PATCH 26/26] tcp: Use ahash

2016-01-24 Thread Herbert Xu
This patch replaces uses of the long obsolete hash interface with
ahash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 include/net/tcp.h   |6 +-
 net/ipv4/tcp.c  |   41 ++---
 net/ipv4/tcp_fastopen.c |1 +
 net/ipv4/tcp_ipv4.c |   23 +--
 net/ipv6/tcp_ipv6.c |   23 +--
 5 files changed, 54 insertions(+), 40 deletions(-)

diff --git a/include/net/tcp.h b/include/net/tcp.h
index 8ea1997..2a5b3b8 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -27,7 +27,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -1325,9 +1324,6 @@ static inline void tcp_clear_all_retrans_hints(struct 
tcp_sock *tp)
tp->retransmit_skb_hint = NULL;
 }
 
-/* MD5 Signature */
-struct crypto_hash;
-
 union tcp_md5_addr {
struct in_addr  a4;
 #if IS_ENABLED(CONFIG_IPV6)
@@ -1376,7 +1372,7 @@ union tcp_md5sum_block {
 
 /* - pool: digest algorithm, hash description and scratch buffer */
 struct tcp_md5sig_pool {
-   struct hash_descmd5_desc;
+   struct ahash_request*md5_req;
union tcp_md5sum_block  md5_blk;
 };
 
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index fd17eec..91ffef3 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -247,6 +247,7 @@
 
 #define pr_fmt(fmt) "TCP: " fmt
 
+#include 
 #include 
 #include 
 #include 
@@ -266,7 +267,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 
@@ -2939,17 +2939,26 @@ static bool tcp_md5sig_pool_populated = false;
 
 static void __tcp_alloc_md5sig_pool(void)
 {
+   struct crypto_ahash *hash;
int cpu;
 
+   hash = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC);
+   if (IS_ERR_OR_NULL(hash))
+   return;
+
for_each_possible_cpu(cpu) {
-   if (!per_cpu(tcp_md5sig_pool, cpu).md5_desc.tfm) {
-   struct crypto_hash *hash;
+   struct ahash_request *req;
 
-   hash = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
-   if (IS_ERR_OR_NULL(hash))
-   return;
-   per_cpu(tcp_md5sig_pool, cpu).md5_desc.tfm = hash;
-   }
+   if (per_cpu(tcp_md5sig_pool, cpu).md5_req)
+   continue;
+
+   req = ahash_request_alloc(hash, GFP_KERNEL);
+   if (!req)
+   return;
+
+   ahash_request_set_callback(req, 0, NULL, NULL);
+
+   per_cpu(tcp_md5sig_pool, cpu).md5_req = req;
}
/* before setting tcp_md5sig_pool_populated, we must commit all writes
 * to memory. See smp_rmb() in tcp_get_md5sig_pool()
@@ -2999,7 +3008,6 @@ int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
 {
struct scatterlist sg;
struct tcphdr hdr;
-   int err;
 
/* We are not allowed to change tcphdr, make a local copy */
memcpy(, th, sizeof(hdr));
@@ -3007,8 +3015,8 @@ int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
 
/* options aren't included in the hash */
sg_init_one(, , sizeof(hdr));
-   err = crypto_hash_update(>md5_desc, , sizeof(hdr));
-   return err;
+   ahash_request_set_crypt(hp->md5_req, , NULL, sizeof(hdr));
+   return crypto_ahash_update(hp->md5_req);
 }
 EXPORT_SYMBOL(tcp_md5_hash_header);
 
@@ -3017,7 +3025,7 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
 {
struct scatterlist sg;
const struct tcphdr *tp = tcp_hdr(skb);
-   struct hash_desc *desc = >md5_desc;
+   struct ahash_request *req = hp->md5_req;
unsigned int i;
const unsigned int head_data_len = skb_headlen(skb) > header_len ?
   skb_headlen(skb) - header_len : 0;
@@ -3027,7 +3035,8 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
sg_init_table(, 1);
 
sg_set_buf(, ((u8 *) tp) + header_len, head_data_len);
-   if (crypto_hash_update(desc, , head_data_len))
+   ahash_request_set_crypt(req, , NULL, head_data_len);
+   if (crypto_ahash_update(req))
return 1;
 
for (i = 0; i < shi->nr_frags; ++i) {
@@ -3037,7 +3046,8 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
 
sg_set_page(, page, skb_frag_size(f),
offset_in_page(offset));
-   if (crypto_hash_update(desc, , skb_frag_size(f)))
+   ahash_request_set_crypt(req, , NULL, skb_frag_size(f));
+   if (crypto_ahash_update(req))
return 1;
}
 
@@ -3054,7 +3064,8 @@ int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, const 
struct tcp_md5sig_key *ke
struct scatterlist sg;
 
sg_init_one(, key->key, key->keylen);
-   return crypto_hash_update(>md5_desc, , key->keylen);
+ 

[PATCH 5/26] orinoco: Use ahash

2016-01-24 Thread Herbert Xu
This patch replaces uses the long obsolete hash interface with ahash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/net/wireless/intersil/orinoco/mic.c |   29 ++--
 drivers/net/wireless/intersil/orinoco/mic.h |4 +--
 drivers/net/wireless/intersil/orinoco/orinoco.h |4 +--
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/drivers/net/wireless/intersil/orinoco/mic.c 
b/drivers/net/wireless/intersil/orinoco/mic.c
index fce4a84..bc7397d 100644
--- a/drivers/net/wireless/intersil/orinoco/mic.c
+++ b/drivers/net/wireless/intersil/orinoco/mic.c
@@ -6,7 +6,7 @@
 #include 
 #include 
 #include 
-#include 
+#include 
 
 #include "orinoco.h"
 #include "mic.h"
@@ -16,7 +16,8 @@
 //
 int orinoco_mic_init(struct orinoco_private *priv)
 {
-   priv->tx_tfm_mic = crypto_alloc_hash("michael_mic", 0, 0);
+   priv->tx_tfm_mic = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_mic)) {
printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
   "crypto API michael_mic\n");
@@ -24,7 +25,8 @@ int orinoco_mic_init(struct orinoco_private *priv)
return -ENOMEM;
}
 
-   priv->rx_tfm_mic = crypto_alloc_hash("michael_mic", 0, 0);
+   priv->rx_tfm_mic = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_mic)) {
printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
   "crypto API michael_mic\n");
@@ -38,18 +40,19 @@ int orinoco_mic_init(struct orinoco_private *priv)
 void orinoco_mic_free(struct orinoco_private *priv)
 {
if (priv->tx_tfm_mic)
-   crypto_free_hash(priv->tx_tfm_mic);
+   crypto_free_ahash(priv->tx_tfm_mic);
if (priv->rx_tfm_mic)
-   crypto_free_hash(priv->rx_tfm_mic);
+   crypto_free_ahash(priv->rx_tfm_mic);
 }
 
-int orinoco_mic(struct crypto_hash *tfm_michael, u8 *key,
+int orinoco_mic(struct crypto_ahash *tfm_michael, u8 *key,
u8 *da, u8 *sa, u8 priority,
u8 *data, size_t data_len, u8 *mic)
 {
-   struct hash_desc desc;
+   AHASH_REQUEST_ON_STACK(req, tfm_michael);
struct scatterlist sg[2];
u8 hdr[ETH_HLEN + 2]; /* size of header + padding */
+   int err;
 
if (tfm_michael == NULL) {
printk(KERN_WARNING "orinoco_mic: tfm_michael == NULL\n");
@@ -69,11 +72,13 @@ int orinoco_mic(struct crypto_hash *tfm_michael, u8 *key,
sg_set_buf([0], hdr, sizeof(hdr));
sg_set_buf([1], data, data_len);
 
-   if (crypto_hash_setkey(tfm_michael, key, MIC_KEYLEN))
+   if (crypto_ahash_setkey(tfm_michael, key, MIC_KEYLEN))
return -1;
 
-   desc.tfm = tfm_michael;
-   desc.flags = 0;
-   return crypto_hash_digest(, sg, data_len + sizeof(hdr),
- mic);
+   ahash_request_set_tfm(req, tfm_michael);
+   ahash_request_set_callback(req, 0, NULL, NULL);
+   ahash_request_set_crypt(req, sg, mic, data_len + sizeof(hdr));
+   err = crypto_ahash_digest(req);
+   ahash_request_zero(req);
+   return err;
 }
diff --git a/drivers/net/wireless/intersil/orinoco/mic.h 
b/drivers/net/wireless/intersil/orinoco/mic.h
index 04d05bc..ce731d0 100644
--- a/drivers/net/wireless/intersil/orinoco/mic.h
+++ b/drivers/net/wireless/intersil/orinoco/mic.h
@@ -11,11 +11,11 @@
 
 /* Forward declarations */
 struct orinoco_private;
-struct crypto_hash;
+struct crypto_ahash;
 
 int orinoco_mic_init(struct orinoco_private *priv);
 void orinoco_mic_free(struct orinoco_private *priv);
-int orinoco_mic(struct crypto_hash *tfm_michael, u8 *key,
+int orinoco_mic(struct crypto_ahash *tfm_michael, u8 *key,
u8 *da, u8 *sa, u8 priority,
u8 *data, size_t data_len, u8 *mic);
 
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco.h 
b/drivers/net/wireless/intersil/orinoco/orinoco.h
index eebd2be..2f0c84b 100644
--- a/drivers/net/wireless/intersil/orinoco/orinoco.h
+++ b/drivers/net/wireless/intersil/orinoco/orinoco.h
@@ -152,8 +152,8 @@ struct orinoco_private {
u8 *wpa_ie;
int wpa_ie_len;
 
-   struct crypto_hash *rx_tfm_mic;
-   struct crypto_hash *tx_tfm_mic;
+   struct crypto_ahash *rx_tfm_mic;
+   struct crypto_ahash *tx_tfm_mic;
 
unsigned int wpa_enabled:1;
unsigned int tkip_cm_active:1;
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[PATCH 6/26] staging: rtl8192u: Use skcipher and ahash

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher, and the long
obsolete hash interface with ahash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c |   92 +++---
 drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_wep.c  |   46 ---
 2 files changed, 81 insertions(+), 57 deletions(-)

diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c 
b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c
index 908bc2e..6fa96d5 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c
@@ -21,7 +21,8 @@
 
 #include "ieee80211.h"
 
-#include 
+#include 
+#include 
#include 
 #include 
 
@@ -52,10 +53,10 @@ struct ieee80211_tkip_data {
 
int key_idx;
 
-   struct crypto_blkcipher *rx_tfm_arc4;
-   struct crypto_hash *rx_tfm_michael;
-   struct crypto_blkcipher *tx_tfm_arc4;
-   struct crypto_hash *tx_tfm_michael;
+   struct crypto_skcipher *rx_tfm_arc4;
+   struct crypto_ahash *rx_tfm_michael;
+   struct crypto_skcipher *tx_tfm_arc4;
+   struct crypto_ahash *tx_tfm_michael;
 
/* scratch buffers for virt_to_page() (crypto API) */
u8 rx_hdr[16], tx_hdr[16];
@@ -70,7 +71,7 @@ static void *ieee80211_tkip_init(int key_idx)
goto fail;
priv->key_idx = key_idx;
 
-   priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
+   priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_arc4)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
@@ -79,7 +80,7 @@ static void *ieee80211_tkip_init(int key_idx)
goto fail;
}
 
-   priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
+   priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_michael)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
@@ -88,7 +89,7 @@ static void *ieee80211_tkip_init(int key_idx)
goto fail;
}
 
-   priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
+   priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_arc4)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
@@ -97,7 +98,7 @@ static void *ieee80211_tkip_init(int key_idx)
goto fail;
}
 
-   priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
+   priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_michael)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
@@ -110,14 +111,10 @@ static void *ieee80211_tkip_init(int key_idx)
 
 fail:
if (priv) {
-   if (priv->tx_tfm_michael)
-   crypto_free_hash(priv->tx_tfm_michael);
-   if (priv->tx_tfm_arc4)
-   crypto_free_blkcipher(priv->tx_tfm_arc4);
-   if (priv->rx_tfm_michael)
-   crypto_free_hash(priv->rx_tfm_michael);
-   if (priv->rx_tfm_arc4)
-   crypto_free_blkcipher(priv->rx_tfm_arc4);
+   crypto_free_ahash(priv->tx_tfm_michael);
+   crypto_free_skcipher(priv->tx_tfm_arc4);
+   crypto_free_ahash(priv->rx_tfm_michael);
+   crypto_free_skcipher(priv->rx_tfm_arc4);
kfree(priv);
}
 
@@ -130,14 +127,10 @@ static void ieee80211_tkip_deinit(void *priv)
struct ieee80211_tkip_data *_priv = priv;
 
if (_priv) {
-   if (_priv->tx_tfm_michael)
-   crypto_free_hash(_priv->tx_tfm_michael);
-   if (_priv->tx_tfm_arc4)
-   crypto_free_blkcipher(_priv->tx_tfm_arc4);
-   if (_priv->rx_tfm_michael)
-   crypto_free_hash(_priv->rx_tfm_michael);
-   if (_priv->rx_tfm_arc4)
-   crypto_free_blkcipher(_priv->rx_tfm_arc4);
+   crypto_free_ahash(_priv->tx_tfm_michael);
+   crypto_free_skcipher(_priv->tx_tfm_arc4);
+   crypto_free_ahash(_priv->rx_tfm_michael);
+   crypto_free_skcipher(_priv->rx_tfm_arc4);
}
kfree(priv);
 }
@@ -312,7 +305,6 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb, int 
hdr_len, void *priv)
u8 *pos;
struct rtl_80211_hdr_4addr *hdr;
cb_desc *tcb_desc = (cb

[PATCH 4/26] dm crypt: Use skcipher and ahash

2016-01-24 Thread Herbert Xu
This patch replaces uses of ablkcipher with skcipher, and the long
obsolete hash interface with ahash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/md/dm-crypt.c |   93 +-
 1 file changed, 48 insertions(+), 45 deletions(-)

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 3147c8d..06a4e3c 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -28,6 +28,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -44,7 +45,7 @@ struct convert_context {
struct bvec_iter iter_out;
sector_t cc_sector;
atomic_t cc_pending;
-   struct ablkcipher_request *req;
+   struct skcipher_request *req;
 };
 
 /*
@@ -86,7 +87,7 @@ struct crypt_iv_operations {
 };
 
 struct iv_essiv_private {
-   struct crypto_hash *hash_tfm;
+   struct crypto_ahash *hash_tfm;
u8 *salt;
 };
 
@@ -153,13 +154,13 @@ struct crypt_config {
 
/* ESSIV: struct crypto_cipher *essiv_tfm */
void *iv_private;
-   struct crypto_ablkcipher **tfms;
+   struct crypto_skcipher **tfms;
unsigned tfms_count;
 
/*
 * Layout of each crypto request:
 *
-*   struct ablkcipher_request
+*   struct skcipher_request
 *  context
 *  padding
 *   struct dm_crypt_request
@@ -189,7 +190,7 @@ static u8 *iv_of_dmreq(struct crypt_config *cc, struct 
dm_crypt_request *dmreq);
 /*
  * Use this to access cipher attributes that are the same for each CPU.
  */
-static struct crypto_ablkcipher *any_tfm(struct crypt_config *cc)
+static struct crypto_skcipher *any_tfm(struct crypt_config *cc)
 {
return cc->tfms[0];
 }
@@ -263,23 +264,25 @@ static int crypt_iv_plain64_gen(struct crypt_config *cc, 
u8 *iv,
 static int crypt_iv_essiv_init(struct crypt_config *cc)
 {
struct iv_essiv_private *essiv = >iv_gen_private.essiv;
-   struct hash_desc desc;
+   AHASH_REQUEST_ON_STACK(req, essiv->hash_tfm);
struct scatterlist sg;
struct crypto_cipher *essiv_tfm;
int err;
 
sg_init_one(, cc->key, cc->key_size);
-   desc.tfm = essiv->hash_tfm;
-   desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+   ahash_request_set_tfm(req, essiv->hash_tfm);
+   ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
+   ahash_request_set_crypt(req, , essiv->salt, cc->key_size);
 
-   err = crypto_hash_digest(, , cc->key_size, essiv->salt);
+   err = crypto_ahash_digest(req);
+   ahash_request_zero(req);
if (err)
return err;
 
essiv_tfm = cc->iv_private;
 
err = crypto_cipher_setkey(essiv_tfm, essiv->salt,
-   crypto_hash_digestsize(essiv->hash_tfm));
+   crypto_ahash_digestsize(essiv->hash_tfm));
if (err)
return err;
 
@@ -290,7 +293,7 @@ static int crypt_iv_essiv_init(struct crypt_config *cc)
 static int crypt_iv_essiv_wipe(struct crypt_config *cc)
 {
struct iv_essiv_private *essiv = >iv_gen_private.essiv;
-   unsigned salt_size = crypto_hash_digestsize(essiv->hash_tfm);
+   unsigned salt_size = crypto_ahash_digestsize(essiv->hash_tfm);
struct crypto_cipher *essiv_tfm;
int r, err = 0;
 
@@ -320,7 +323,7 @@ static struct crypto_cipher *setup_essiv_cpu(struct 
crypt_config *cc,
}
 
if (crypto_cipher_blocksize(essiv_tfm) !=
-   crypto_ablkcipher_ivsize(any_tfm(cc))) {
+   crypto_skcipher_ivsize(any_tfm(cc))) {
ti->error = "Block size of ESSIV cipher does "
"not match IV size of block cipher";
crypto_free_cipher(essiv_tfm);
@@ -342,7 +345,7 @@ static void crypt_iv_essiv_dtr(struct crypt_config *cc)
struct crypto_cipher *essiv_tfm;
struct iv_essiv_private *essiv = >iv_gen_private.essiv;
 
-   crypto_free_hash(essiv->hash_tfm);
+   crypto_free_ahash(essiv->hash_tfm);
essiv->hash_tfm = NULL;
 
kzfree(essiv->salt);
@@ -360,7 +363,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, 
struct dm_target *ti,
  const char *opts)
 {
struct crypto_cipher *essiv_tfm = NULL;
-   struct crypto_hash *hash_tfm = NULL;
+   struct crypto_ahash *hash_tfm = NULL;
u8 *salt = NULL;
int err;
 
@@ -370,14 +373,14 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, 
struct dm_target *ti,
}
 
/* Allocate hash algorithm */
-   hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC);
+   hash_tfm = crypto_alloc_ahash(opts, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(hash_tfm)) {
ti->error = "Error initializing ESSIV hash";
err = PTR_ERR(hash_tfm);
got

[PATCH 2/26] ppp_mppe: Use skcipher and ahash

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher, and the long
obsolete hash interface with ahash.  This is a bug-for-bug conversion
and no attempt has been made to fix bugs such as the ignored return
values of the crypto operations.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/net/ppp/ppp_mppe.c |   99 ++---
 1 file changed, 58 insertions(+), 41 deletions(-)

diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c
index 05005c6..f60f766 100644
--- a/drivers/net/ppp/ppp_mppe.c
+++ b/drivers/net/ppp/ppp_mppe.c
@@ -42,6 +42,8 @@
  *deprecated in 2.6
  */
 
+#include 
+#include 
 #include 
 #include 
 #include 
@@ -49,7 +51,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -94,8 +95,8 @@ static inline void sha_pad_init(struct sha_pad *shapad)
  * State for an MPPE (de)compressor.
  */
 struct ppp_mppe_state {
-   struct crypto_blkcipher *arc4;
-   struct crypto_hash *sha1;
+   struct crypto_skcipher *arc4;
+   struct crypto_ahash *sha1;
unsigned char *sha1_digest;
unsigned char master_key[MPPE_MAX_KEY_LEN];
unsigned char session_key[MPPE_MAX_KEY_LEN];
@@ -135,7 +136,7 @@ struct ppp_mppe_state {
  */
 static void get_new_key_from_sha(struct ppp_mppe_state * state)
 {
-   struct hash_desc desc;
+   AHASH_REQUEST_ON_STACK(req, state->sha1);
struct scatterlist sg[4];
unsigned int nbytes;
 
@@ -148,10 +149,12 @@ static void get_new_key_from_sha(struct ppp_mppe_state * 
state)
nbytes += setup_sg([3], sha_pad->sha_pad2,
   sizeof(sha_pad->sha_pad2));
 
-   desc.tfm = state->sha1;
-   desc.flags = 0;
+   ahash_request_set_tfm(req, state->sha1);
+   ahash_request_set_callback(req, 0, NULL, NULL);
+   ahash_request_set_crypt(req, sg, state->sha1_digest, nbytes);
 
-   crypto_hash_digest(, sg, nbytes, state->sha1_digest);
+   crypto_ahash_digest(req);
+   ahash_request_zero(req);
 }
 
 /*
@@ -161,20 +164,23 @@ static void get_new_key_from_sha(struct ppp_mppe_state * 
state)
 static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
 {
struct scatterlist sg_in[1], sg_out[1];
-   struct blkcipher_desc desc = { .tfm = state->arc4 };
+   SKCIPHER_REQUEST_ON_STACK(req, state->arc4);
+
+   skcipher_request_set_tfm(req, state->arc4);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
 
get_new_key_from_sha(state);
if (!initial_key) {
-   crypto_blkcipher_setkey(state->arc4, state->sha1_digest,
-   state->keylen);
+   crypto_skcipher_setkey(state->arc4, state->sha1_digest,
+  state->keylen);
sg_init_table(sg_in, 1);
sg_init_table(sg_out, 1);
setup_sg(sg_in, state->sha1_digest, state->keylen);
setup_sg(sg_out, state->session_key, state->keylen);
-   if (crypto_blkcipher_encrypt(, sg_out, sg_in,
-state->keylen) != 0) {
+   skcipher_request_set_crypt(req, sg_in, sg_out, state->keylen,
+  NULL);
+   if (crypto_skcipher_encrypt(req))
printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
-   }
} else {
memcpy(state->session_key, state->sha1_digest, state->keylen);
}
@@ -184,7 +190,8 @@ static void mppe_rekey(struct ppp_mppe_state * state, int 
initial_key)
state->session_key[1] = 0x26;
state->session_key[2] = 0x9e;
}
-   crypto_blkcipher_setkey(state->arc4, state->session_key, state->keylen);
+   crypto_skcipher_setkey(state->arc4, state->session_key, state->keylen);
+   skcipher_request_zero(req);
 }
 
 /*
@@ -204,19 +211,19 @@ static void *mppe_alloc(unsigned char *options, int 
optlen)
goto out;
 
 
-   state->arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
+   state->arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(state->arc4)) {
state->arc4 = NULL;
goto out_free;
}
 
-   state->sha1 = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
+   state->sha1 = crypto_alloc_ahash("sha1", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(state->sha1)) {
state->sha1 = NULL;
goto out_free;
}
 
-   digestsize = crypto_hash_digestsize(state->sha1);
+   digestsize = crypto_ahash_digestsize(state->sha1);
if (digestsize < MPPE_MAX_KEY_LEN)
goto out_free;
 
@@ -237,15

[PATCH 3/26] staging: rtl8192e: Replace uses of obsolete blkcipher and hash

2016-01-24 Thread Herbert Xu
The interfaces blkcipher and hash are obsolete.  This patch replaces
them with skcipher and ahash respectively.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/staging/rtl8192e/rtllib_crypt_tkip.c |   99 ++-
 drivers/staging/rtl8192e/rtllib_crypt_wep.c  |   48 +++--
 2 files changed, 82 insertions(+), 65 deletions(-)

diff --git a/drivers/staging/rtl8192e/rtllib_crypt_tkip.c 
b/drivers/staging/rtl8192e/rtllib_crypt_tkip.c
index 2096d78..8eac7cd 100644
--- a/drivers/staging/rtl8192e/rtllib_crypt_tkip.c
+++ b/drivers/staging/rtl8192e/rtllib_crypt_tkip.c
@@ -9,6 +9,8 @@
  * more details.
  */
 
+#include 
+#include 
 #include 
 #include 
 #include 
@@ -18,7 +20,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -48,10 +49,10 @@ struct rtllib_tkip_data {
u32 dot11RSNAStatsTKIPLocalMICFailures;
 
int key_idx;
-   struct crypto_blkcipher *rx_tfm_arc4;
-   struct crypto_hash *rx_tfm_michael;
-   struct crypto_blkcipher *tx_tfm_arc4;
-   struct crypto_hash *tx_tfm_michael;
+   struct crypto_skcipher *rx_tfm_arc4;
+   struct crypto_ahash *rx_tfm_michael;
+   struct crypto_skcipher *tx_tfm_arc4;
+   struct crypto_ahash *tx_tfm_michael;
/* scratch buffers for virt_to_page() (crypto API) */
u8 rx_hdr[16];
u8 tx_hdr[16];
@@ -65,32 +66,32 @@ static void *rtllib_tkip_init(int key_idx)
if (priv == NULL)
goto fail;
priv->key_idx = key_idx;
-   priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
-   CRYPTO_ALG_ASYNC);
+   priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_arc4)) {
pr_debug("Could not allocate crypto API arc4\n");
priv->tx_tfm_arc4 = NULL;
goto fail;
}
 
-   priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
-   CRYPTO_ALG_ASYNC);
+   priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_michael)) {
pr_debug("Could not allocate crypto API michael_mic\n");
priv->tx_tfm_michael = NULL;
goto fail;
}
 
-   priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
-   CRYPTO_ALG_ASYNC);
+   priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_arc4)) {
pr_debug("Could not allocate crypto API arc4\n");
priv->rx_tfm_arc4 = NULL;
goto fail;
}
 
-   priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
-   CRYPTO_ALG_ASYNC);
+   priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_michael)) {
pr_debug("Could not allocate crypto API michael_mic\n");
priv->rx_tfm_michael = NULL;
@@ -100,14 +101,10 @@ static void *rtllib_tkip_init(int key_idx)
 
 fail:
if (priv) {
-   if (priv->tx_tfm_michael)
-   crypto_free_hash(priv->tx_tfm_michael);
-   if (priv->tx_tfm_arc4)
-   crypto_free_blkcipher(priv->tx_tfm_arc4);
-   if (priv->rx_tfm_michael)
-   crypto_free_hash(priv->rx_tfm_michael);
-   if (priv->rx_tfm_arc4)
-   crypto_free_blkcipher(priv->rx_tfm_arc4);
+   crypto_free_ahash(priv->tx_tfm_michael);
+   crypto_free_skcipher(priv->tx_tfm_arc4);
+   crypto_free_ahash(priv->rx_tfm_michael);
+   crypto_free_skcipher(priv->rx_tfm_arc4);
kfree(priv);
}
 
@@ -120,14 +117,10 @@ static void rtllib_tkip_deinit(void *priv)
struct rtllib_tkip_data *_priv = priv;
 
if (_priv) {
-   if (_priv->tx_tfm_michael)
-   crypto_free_hash(_priv->tx_tfm_michael);
-   if (_priv->tx_tfm_arc4)
-   crypto_free_blkcipher(_priv->tx_tfm_arc4);
-   if (_priv->rx_tfm_michael)
-   crypto_free_hash(_priv->rx_tfm_michael);
-   if (_priv->rx_tfm_arc4)
-   crypto_free_blkcipher(_priv->rx_tfm_arc4);
+   crypto_free_ahash(_priv->tx_tfm_michael);
+   crypto_free_skcipher(_priv->tx_tfm_arc4);
+   cry

[PATCH 9/26] eCryptfs: Use skcipher and shash

2016-01-24 Thread Herbert Xu
This patch replaces uses of ablkcipher and blkcipher with skcipher,
and the long obsolete hash interface with shash.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 fs/ecryptfs/crypto.c  |  107 +---
 fs/ecryptfs/ecryptfs_kernel.h |   12 +-
 fs/ecryptfs/inode.c   |1 
 fs/ecryptfs/keystore.c|  217 --
 fs/ecryptfs/main.c|1 
 fs/ecryptfs/mmap.c|1 
 fs/ecryptfs/super.c   |1 
 7 files changed, 179 insertions(+), 161 deletions(-)

diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 80d6901..11255cb 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -23,6 +23,8 @@
  * 02111-1307, USA.
  */
 
+#include 
+#include 
 #include 
 #include 
 #include 
@@ -30,7 +32,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -74,6 +75,19 @@ void ecryptfs_from_hex(char *dst, char *src, int dst_size)
}
 }
 
+static int ecryptfs_hash_digest(struct crypto_shash *tfm,
+   char *src, int len, char *dst)
+{
+   SHASH_DESC_ON_STACK(desc, tfm);
+   int err;
+
+   desc->tfm = tfm;
+   desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+   err = crypto_shash_digest(desc, src, len, dst);
+   shash_desc_zero(desc);
+   return err;
+}
+
 /**
  * ecryptfs_calculate_md5 - calculates the md5 of @src
  * @dst: Pointer to 16 bytes of allocated memory
@@ -88,45 +102,26 @@ static int ecryptfs_calculate_md5(char *dst,
  struct ecryptfs_crypt_stat *crypt_stat,
  char *src, int len)
 {
-   struct scatterlist sg;
-   struct hash_desc desc = {
-   .tfm = crypt_stat->hash_tfm,
-   .flags = CRYPTO_TFM_REQ_MAY_SLEEP
-   };
+   struct crypto_shash *tfm;
int rc = 0;
 
mutex_lock(_stat->cs_hash_tfm_mutex);
-   sg_init_one(, (u8 *)src, len);
-   if (!desc.tfm) {
-   desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0,
-CRYPTO_ALG_ASYNC);
-   if (IS_ERR(desc.tfm)) {
-   rc = PTR_ERR(desc.tfm);
+   tfm = crypt_stat->hash_tfm;
+   if (!tfm) {
+   tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0);
+   if (IS_ERR(tfm)) {
+   rc = PTR_ERR(tfm);
ecryptfs_printk(KERN_ERR, "Error attempting to "
"allocate crypto context; rc = [%d]\n",
rc);
goto out;
}
-   crypt_stat->hash_tfm = desc.tfm;
-   }
-   rc = crypto_hash_init();
-   if (rc) {
-   printk(KERN_ERR
-  "%s: Error initializing crypto hash; rc = [%d]\n",
-  __func__, rc);
-   goto out;
+   crypt_stat->hash_tfm = tfm;
}
-   rc = crypto_hash_update(, , len);
+   rc = ecryptfs_hash_digest(tfm, src, len, dst);
if (rc) {
printk(KERN_ERR
-  "%s: Error updating crypto hash; rc = [%d]\n",
-  __func__, rc);
-   goto out;
-   }
-   rc = crypto_hash_final(, dst);
-   if (rc) {
-   printk(KERN_ERR
-  "%s: Error finalizing crypto hash; rc = [%d]\n",
+  "%s: Error computing crypto hash; rc = [%d]\n",
   __func__, rc);
goto out;
}
@@ -234,10 +229,8 @@ void ecryptfs_destroy_crypt_stat(struct 
ecryptfs_crypt_stat *crypt_stat)
 {
struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
 
-   if (crypt_stat->tfm)
-   crypto_free_ablkcipher(crypt_stat->tfm);
-   if (crypt_stat->hash_tfm)
-   crypto_free_hash(crypt_stat->hash_tfm);
+   crypto_free_skcipher(crypt_stat->tfm);
+   crypto_free_shash(crypt_stat->hash_tfm);
list_for_each_entry_safe(key_sig, key_sig_tmp,
 _stat->keysig_list, crypt_stat_list) {
list_del(_sig->crypt_stat_list);
@@ -342,7 +335,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat 
*crypt_stat,
 struct scatterlist *src_sg, int size,
 unsigned char *iv, int op)
 {
-   struct ablkcipher_request *req = NULL;
+   struct skcipher_request *req = NULL;
struct extent_crypt_result ecr;
int rc = 0;
 
@@ -358,20 +351,20 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat 
*crypt_stat,
init_completion();
 
mutex_lock(_stat->cs_tfm_mutex);
-   req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
+   req = skcipher_request_alloc(crypt_stat

[PATCH 12/26] sunrpc: Use skcipher and ahash/shash

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher and the long
obsolete hash interface with either shash (for non-SG users) and
ahash.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 include/linux/sunrpc/gss_krb5.h   |   32 +--
 net/sunrpc/auth_gss/gss_krb5_crypto.c |  350 --
 net/sunrpc/auth_gss/gss_krb5_keys.c   |   12 -
 net/sunrpc/auth_gss/gss_krb5_mech.c   |   89 
 net/sunrpc/auth_gss/gss_krb5_seqnum.c |   22 +-
 net/sunrpc/auth_gss/gss_krb5_wrap.c   |   24 +-
 6 files changed, 306 insertions(+), 223 deletions(-)

diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index df02a41..7df625d 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -36,7 +36,7 @@
  *
  */
 
-#include 
+#include 
 #include 
 #include 
 #include 
@@ -71,10 +71,10 @@ struct gss_krb5_enctype {
const u32   keyed_cksum;/* is it a keyed cksum? */
const u32   keybytes;   /* raw key len, in bytes */
const u32   keylength;  /* final key len, in bytes */
-   u32 (*encrypt) (struct crypto_blkcipher *tfm,
+   u32 (*encrypt) (struct crypto_skcipher *tfm,
void *iv, void *in, void *out,
int length);/* encryption function */
-   u32 (*decrypt) (struct crypto_blkcipher *tfm,
+   u32 (*decrypt) (struct crypto_skcipher *tfm,
void *iv, void *in, void *out,
int length);/* decryption function */
u32 (*mk_key) (const struct gss_krb5_enctype *gk5e,
@@ -98,12 +98,12 @@ struct krb5_ctx {
u32 enctype;
u32 flags;
const struct gss_krb5_enctype *gk5e; /* enctype-specific info */
-   struct crypto_blkcipher *enc;
-   struct crypto_blkcipher *seq;
-   struct crypto_blkcipher *acceptor_enc;
-   struct crypto_blkcipher *initiator_enc;
-   struct crypto_blkcipher *acceptor_enc_aux;
-   struct crypto_blkcipher *initiator_enc_aux;
+   struct crypto_skcipher  *enc;
+   struct crypto_skcipher  *seq;
+   struct crypto_skcipher *acceptor_enc;
+   struct crypto_skcipher *initiator_enc;
+   struct crypto_skcipher *acceptor_enc_aux;
+   struct crypto_skcipher *initiator_enc_aux;
u8  Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */
u8  cksum[GSS_KRB5_MAX_KEYLEN];
s32 endtime;
@@ -262,24 +262,24 @@ gss_unwrap_kerberos(struct gss_ctx *ctx_id, int offset,
 
 
 u32
-krb5_encrypt(struct crypto_blkcipher *key,
+krb5_encrypt(struct crypto_skcipher *key,
 void *iv, void *in, void *out, int length);
 
 u32
-krb5_decrypt(struct crypto_blkcipher *key,
+krb5_decrypt(struct crypto_skcipher *key,
 void *iv, void *in, void *out, int length); 
 
 int
-gss_encrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *outbuf,
+gss_encrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *outbuf,
int offset, struct page **pages);
 
 int
-gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf,
+gss_decrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *inbuf,
int offset);
 
 s32
 krb5_make_seq_num(struct krb5_ctx *kctx,
-   struct crypto_blkcipher *key,
+   struct crypto_skcipher *key,
int direction,
u32 seqnum, unsigned char *cksum, unsigned char *buf);
 
@@ -320,12 +320,12 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset,
 
 int
 krb5_rc4_setup_seq_key(struct krb5_ctx *kctx,
-  struct crypto_blkcipher *cipher,
+  struct crypto_skcipher *cipher,
   unsigned char *cksum);
 
 int
 krb5_rc4_setup_enc_key(struct krb5_ctx *kctx,
-  struct crypto_blkcipher *cipher,
+  struct crypto_skcipher *cipher,
   s32 seqnum);
 void
 gss_krb5_make_confounder(char *p, u32 conflen);
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c 
b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index fee3c15..d94a8e1 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,11 +34,12 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
+#include 
+#include 
 #include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -51,7 +52,7 @@
 
 u32
 krb5_encrypt(
-   struct crypto_blkcipher *tfm,
+   struct crypto_skcipher *tfm,
void * iv,
void * in,
void * out,
@@ -60,24 +61,28 @@ krb5_encrypt(
u32 ret = -EINVAL;
struct scatterlist sg[1];
u8 local_iv[GSS_KRB5_MAX_BLOCKSIZE] = {0};
-   struct blkcipher_desc desc = { .tfm = tfm, .info = local_iv };
+   SKCIPHER_REQUEST_ON_STA

[PATCH 7/26] wusb: Use skcipher

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/usb/wusbcore/crypto.c |   30 --
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/drivers/usb/wusbcore/crypto.c b/drivers/usb/wusbcore/crypto.c
index 50ce80d..8ed8e34 100644
--- a/drivers/usb/wusbcore/crypto.c
+++ b/drivers/usb/wusbcore/crypto.c
@@ -45,6 +45,7 @@
  * funneled through AES are...16 bytes in size!
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -195,21 +196,22 @@ static void bytewise_xor(void *_bo, const void *_bi1, 
const void *_bi2,
  * NOTE: blen is not aligned to a block size, we'll pad zeros, that's
  *   what sg[4] is for. Maybe there is a smarter way to do this.
  */
-static int wusb_ccm_mac(struct crypto_blkcipher *tfm_cbc,
+static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc,
struct crypto_cipher *tfm_aes, void *mic,
const struct aes_ccm_nonce *n,
const struct aes_ccm_label *a, const void *b,
size_t blen)
 {
int result = 0;
-   struct blkcipher_desc desc;
+   SKCIPHER_REQUEST_ON_STACK(req, tfm_cbc);
struct aes_ccm_b0 b0;
struct aes_ccm_b1 b1;
struct aes_ccm_a ax;
struct scatterlist sg[4], sg_dst;
-   void *iv, *dst_buf;
-   size_t ivsize, dst_size;
+   void *dst_buf;
+   size_t dst_size;
const u8 bzero[16] = { 0 };
+   u8 iv[crypto_skcipher_ivsize(tfm_cbc)];
size_t zero_padding;
 
/*
@@ -232,9 +234,7 @@ static int wusb_ccm_mac(struct crypto_blkcipher *tfm_cbc,
goto error_dst_buf;
}
 
-   iv = crypto_blkcipher_crt(tfm_cbc)->iv;
-   ivsize = crypto_blkcipher_ivsize(tfm_cbc);
-   memset(iv, 0, ivsize);
+   memset(iv, 0, sizeof(iv));
 
/* Setup B0 */
b0.flags = 0x59;/* Format B0 */
@@ -259,9 +259,11 @@ static int wusb_ccm_mac(struct crypto_blkcipher *tfm_cbc,
sg_set_buf([3], bzero, zero_padding);
sg_init_one(_dst, dst_buf, dst_size);
 
-   desc.tfm = tfm_cbc;
-   desc.flags = 0;
-   result = crypto_blkcipher_encrypt(, _dst, sg, dst_size);
+   skcipher_request_set_tfm(req, tfm_cbc);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   skcipher_request_set_crypt(req, sg, _dst, dst_size, iv);
+   result = crypto_skcipher_encrypt(req);
+   skcipher_request_zero(req);
if (result < 0) {
printk(KERN_ERR "E: can't compute CBC-MAC tag (MIC): %d\n",
   result);
@@ -301,18 +303,18 @@ ssize_t wusb_prf(void *out, size_t out_size,
 {
ssize_t result, bytes = 0, bitr;
struct aes_ccm_nonce n = *_n;
-   struct crypto_blkcipher *tfm_cbc;
+   struct crypto_skcipher *tfm_cbc;
struct crypto_cipher *tfm_aes;
u64 sfn = 0;
__le64 sfn_le;
 
-   tfm_cbc = crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
+   tfm_cbc = crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm_cbc)) {
result = PTR_ERR(tfm_cbc);
printk(KERN_ERR "E: can't load CBC(AES): %d\n", (int)result);
goto error_alloc_cbc;
}
-   result = crypto_blkcipher_setkey(tfm_cbc, key, 16);
+   result = crypto_skcipher_setkey(tfm_cbc, key, 16);
if (result < 0) {
printk(KERN_ERR "E: can't set CBC key: %d\n", (int)result);
goto error_setkey_cbc;
@@ -345,7 +347,7 @@ error_setkey_aes:
crypto_free_cipher(tfm_aes);
 error_alloc_aes:
 error_setkey_cbc:
-   crypto_free_blkcipher(tfm_cbc);
+   crypto_free_skcipher(tfm_cbc);
 error_alloc_cbc:
return result;
 }
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[PATCH 17/26] mac802154: Use skcipher

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 net/mac802154/llsec.c |   41 +++--
 net/mac802154/llsec.h |3 +--
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index a13d02b..6a3e1c2 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -17,9 +17,9 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
+#include 
 
 #include "ieee802154_i.h"
 #include "llsec.h"
@@ -144,18 +144,18 @@ llsec_key_alloc(const struct ieee802154_llsec_key 
*template)
goto err_tfm;
}
 
-   key->tfm0 = crypto_alloc_blkcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);
+   key->tfm0 = crypto_alloc_skcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(key->tfm0))
goto err_tfm;
 
-   if (crypto_blkcipher_setkey(key->tfm0, template->key,
-   IEEE802154_LLSEC_KEY_SIZE))
+   if (crypto_skcipher_setkey(key->tfm0, template->key,
+  IEEE802154_LLSEC_KEY_SIZE))
goto err_tfm0;
 
return key;
 
 err_tfm0:
-   crypto_free_blkcipher(key->tfm0);
+   crypto_free_skcipher(key->tfm0);
 err_tfm:
for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
if (key->tfm[i])
@@ -175,7 +175,7 @@ static void llsec_key_release(struct kref *ref)
for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
crypto_free_aead(key->tfm[i]);
 
-   crypto_free_blkcipher(key->tfm0);
+   crypto_free_skcipher(key->tfm0);
kzfree(key);
 }
 
@@ -620,15 +620,17 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct 
mac802154_llsec *sec,
 {
u8 iv[16];
struct scatterlist src;
-   struct blkcipher_desc req = {
-   .tfm = key->tfm0,
-   .info = iv,
-   .flags = 0,
-   };
+   SKCIPHER_REQUEST_ON_STACK(req, key->tfm0);
+   int err;
 
llsec_geniv(iv, sec->params.hwaddr, >sec);
sg_init_one(, skb->data, skb->len);
-   return crypto_blkcipher_encrypt_iv(, , , skb->len);
+   skcipher_request_set_tfm(req, key->tfm0);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   skcipher_request_set_crypt(req, , , skb->len, iv);
+   err = crypto_skcipher_encrypt(req);
+   skcipher_request_zero(req);
+   return err;
 }
 
 static struct crypto_aead*
@@ -830,11 +832,8 @@ llsec_do_decrypt_unauth(struct sk_buff *skb, const struct 
mac802154_llsec *sec,
unsigned char *data;
int datalen;
struct scatterlist src;
-   struct blkcipher_desc req = {
-   .tfm = key->tfm0,
-   .info = iv,
-   .flags = 0,
-   };
+   SKCIPHER_REQUEST_ON_STACK(req, key->tfm0);
+   int err;
 
llsec_geniv(iv, dev_addr, >sec);
data = skb_mac_header(skb) + skb->mac_len;
@@ -842,7 +841,13 @@ llsec_do_decrypt_unauth(struct sk_buff *skb, const struct 
mac802154_llsec *sec,
 
sg_init_one(, data, datalen);
 
-   return crypto_blkcipher_decrypt_iv(, , , datalen);
+   skcipher_request_set_tfm(req, key->tfm0);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   skcipher_request_set_crypt(req, , , datalen, iv);
+
+   err = crypto_skcipher_decrypt(req);
+   skcipher_request_zero(req);
+   return err;
 }
 
 static int
diff --git a/net/mac802154/llsec.h b/net/mac802154/llsec.h
index 950578e..6f3b658 100644
--- a/net/mac802154/llsec.h
+++ b/net/mac802154/llsec.h
@@ -19,7 +19,6 @@
 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -30,7 +29,7 @@ struct mac802154_llsec_key {
 
/* one tfm for each authsize (4/8/16) */
struct crypto_aead *tfm[3];
-   struct crypto_blkcipher *tfm0;
+   struct crypto_skcipher *tfm0;
 
struct kref ref;
 };
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[PATCH 15/26] Bluetooth: Use skcipher and hash

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher and the long
obsolete hash interface with shash.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 net/bluetooth/smp.c |  135 
 1 file changed, 63 insertions(+), 72 deletions(-)

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index ffed8a1..78ad7d6 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -21,9 +21,10 @@
 */
 
 #include 
-#include 
 #include 
 #include 
+#include 
+#include 
 
 #include 
 #include 
@@ -87,8 +88,8 @@ struct smp_dev {
u8  min_key_size;
u8  max_key_size;
 
-   struct crypto_blkcipher *tfm_aes;
-   struct crypto_hash  *tfm_cmac;
+   struct crypto_skcipher  *tfm_aes;
+   struct crypto_shash *tfm_cmac;
 };
 
 struct smp_chan {
@@ -126,8 +127,8 @@ struct smp_chan {
u8  dhkey[32];
u8  mackey[16];
 
-   struct crypto_blkcipher *tfm_aes;
-   struct crypto_hash  *tfm_cmac;
+   struct crypto_skcipher  *tfm_aes;
+   struct crypto_shash *tfm_cmac;
 };
 
 /* These debug key values are defined in the SMP section of the core
@@ -165,12 +166,11 @@ static inline void swap_buf(const u8 *src, u8 *dst, 
size_t len)
  * AES-CMAC, f4, f5, f6, g2 and h6.
  */
 
-static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
+static int aes_cmac(struct crypto_shash *tfm, const u8 k[16], const u8 *m,
size_t len, u8 mac[16])
 {
uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
-   struct hash_desc desc;
-   struct scatterlist sg;
+   SHASH_DESC_ON_STACK(desc, tfm);
int err;
 
if (len > CMAC_MSG_MAX)
@@ -181,10 +181,8 @@ static int aes_cmac(struct crypto_hash *tfm, const u8 
k[16], const u8 *m,
return -EINVAL;
}
 
-   desc.tfm = tfm;
-   desc.flags = 0;
-
-   crypto_hash_init();
+   desc->tfm = tfm;
+   desc->flags = 0;
 
/* Swap key and message from LSB to MSB */
swap_buf(k, tmp, 16);
@@ -193,23 +191,16 @@ static int aes_cmac(struct crypto_hash *tfm, const u8 
k[16], const u8 *m,
SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
SMP_DBG("key %16phN", k);
 
-   err = crypto_hash_setkey(tfm, tmp, 16);
+   err = crypto_shash_setkey(tfm, tmp, 16);
if (err) {
BT_ERR("cipher setkey failed: %d", err);
return err;
}
 
-   sg_init_one(, msg_msb, len);
-
-   err = crypto_hash_update(, , len);
+   err = crypto_shash_digest(desc, msg_msb, len, mac_msb);
+   shash_desc_zero(desc);
if (err) {
-   BT_ERR("Hash update error %d", err);
-   return err;
-   }
-
-   err = crypto_hash_final(, mac_msb);
-   if (err) {
-   BT_ERR("Hash final error %d", err);
+   BT_ERR("Hash computation error %d", err);
return err;
}
 
@@ -220,8 +211,8 @@ static int aes_cmac(struct crypto_hash *tfm, const u8 
k[16], const u8 *m,
return 0;
 }
 
-static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
- const u8 x[16], u8 z, u8 res[16])
+static int smp_f4(struct crypto_shash *tfm_cmac, const u8 u[32],
+ const u8 v[32], const u8 x[16], u8 z, u8 res[16])
 {
u8 m[65];
int err;
@@ -243,7 +234,7 @@ static int smp_f4(struct crypto_hash *tfm_cmac, const u8 
u[32], const u8 v[32],
return err;
 }
 
-static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
+static int smp_f5(struct crypto_shash *tfm_cmac, const u8 w[32],
  const u8 n1[16], const u8 n2[16], const u8 a1[7],
  const u8 a2[7], u8 mackey[16], u8 ltk[16])
 {
@@ -296,7 +287,7 @@ static int smp_f5(struct crypto_hash *tfm_cmac, const u8 
w[32],
return 0;
 }
 
-static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
+static int smp_f6(struct crypto_shash *tfm_cmac, const u8 w[16],
  const u8 n1[16], const u8 n2[16], const u8 r[16],
  const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
  u8 res[16])
@@ -324,7 +315,7 @@ static int smp_f6(struct crypto_hash *tfm_cmac, const u8 
w[16],
return err;
 }
 
-static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
+static int smp_g2(struct crypto_shash *tfm_cmac, const u8 u[32], const u8 
v[32],
  const u8 x[16], const u8 y[16], u32 *val)
 {
u8 m[80], tmp[16];
@@ -350,7 +341,7 @@ static int smp_g2(struct crypto_hash *tfm_cmac, const u8 
u[32], const u8 v[32],
return 0;
 }
 
-static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
+static int smp_h6(struct crypto_shash *tfm_cmac, const u8 w[16],
  const u8 key_i

[PATCH 25/26] sctp: Use shash

2016-01-24 Thread Herbert Xu
This patch replaces uses of the long obsolete hash interface with
shash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 include/net/sctp/auth.h|4 +--
 include/net/sctp/structs.h |6 ++---
 net/sctp/auth.c|   36 ---
 net/sctp/endpointola.c |1 
 net/sctp/sm_make_chunk.c   |   51 +
 net/sctp/socket.c  |8 +++
 6 files changed, 57 insertions(+), 49 deletions(-)

diff --git a/include/net/sctp/auth.h b/include/net/sctp/auth.h
index f2d58aa..9b9fb12 100644
--- a/include/net/sctp/auth.h
+++ b/include/net/sctp/auth.h
@@ -31,12 +31,12 @@
 #define __sctp_auth_h__
 
 #include 
-#include 
 
 struct sctp_endpoint;
 struct sctp_association;
 struct sctp_authkey;
 struct sctp_hmacalgo;
+struct crypto_shash;
 
 /*
  * Define a generic struct that will hold all the info
@@ -90,7 +90,7 @@ int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
struct sctp_association *asoc,
gfp_t gfp);
 int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp);
-void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[]);
+void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[]);
 struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id);
 struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc);
 void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 20e7212..6b1e383 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -82,7 +82,7 @@ struct sctp_bind_addr;
 struct sctp_ulpq;
 struct sctp_ep_common;
 struct sctp_ssnmap;
-struct crypto_hash;
+struct crypto_shash;
 
 
 #include 
@@ -166,7 +166,7 @@ struct sctp_sock {
struct sctp_pf *pf;
 
/* Access to HMAC transform. */
-   struct crypto_hash *hmac;
+   struct crypto_shash *hmac;
char *sctp_hmac_alg;
 
/* What is our base endpointer? */
@@ -1235,7 +1235,7 @@ struct sctp_endpoint {
/* SCTP AUTH: array of the HMACs that will be allocated
 * we need this per association so that we don't serialize
 */
-   struct crypto_hash **auth_hmacs;
+   struct crypto_shash **auth_hmacs;
 
/* SCTP-AUTH: hmacs for the endpoint encoded into parameter */
 struct sctp_hmac_algo_param *auth_hmacs_list;
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 1543e39..912eb16 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -27,9 +27,9 @@
  *   Vlad Yasevich <vladislav.yasev...@hp.com>
  */
 
+#include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -448,7 +448,7 @@ struct sctp_shared_key *sctp_auth_get_shkey(
  */
 int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
 {
-   struct crypto_hash *tfm = NULL;
+   struct crypto_shash *tfm = NULL;
__u16   id;
 
/* If AUTH extension is disabled, we are done */
@@ -462,9 +462,8 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t 
gfp)
return 0;
 
/* Allocated the array of pointers to transorms */
-   ep->auth_hmacs = kzalloc(
-   sizeof(struct crypto_hash *) * SCTP_AUTH_NUM_HMACS,
-   gfp);
+   ep->auth_hmacs = kzalloc(sizeof(struct crypto_shash *) *
+SCTP_AUTH_NUM_HMACS, gfp);
if (!ep->auth_hmacs)
return -ENOMEM;
 
@@ -483,8 +482,7 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t 
gfp)
continue;
 
/* Allocate the ID */
-   tfm = crypto_alloc_hash(sctp_hmac_list[id].hmac_name, 0,
-   CRYPTO_ALG_ASYNC);
+   tfm = crypto_alloc_shash(sctp_hmac_list[id].hmac_name, 0, 0);
if (IS_ERR(tfm))
goto out_err;
 
@@ -500,7 +498,7 @@ out_err:
 }
 
 /* Destroy the hmac tfm array */
-void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[])
+void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[])
 {
int i;
 
@@ -508,8 +506,7 @@ void sctp_auth_destroy_hmacs(struct crypto_hash 
*auth_hmacs[])
return;
 
for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) {
-   if (auth_hmacs[i])
-   crypto_free_hash(auth_hmacs[i]);
+   crypto_free_shash(auth_hmacs[i]);
}
kfree(auth_hmacs);
 }
@@ -709,8 +706,7 @@ void sctp_auth_calculate_hmac(const struct sctp_association 
*asoc,
  struct sctp_auth_chunk *auth,
  gfp_t gfp)
 {
-   struct scatterlist sg;
-   struct hash_desc desc;
+   struct crypto_shash *tfm;
struct sctp_auth_bytes *asoc_key;
__u16 key_id, hmac_id;
__u8 *digest;
@@ -742,16 +738,22 @@ void sctp_auth_cal

[PATCH 22/26] iscsi_tcp: Use ahash

2016-01-24 Thread Herbert Xu
This patch replaces uses of the long obsolete hash interface with
ahash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/scsi/iscsi_tcp.c|   54 ++--
 drivers/scsi/iscsi_tcp.h|4 +--
 drivers/scsi/libiscsi_tcp.c |   29 +--
 include/scsi/libiscsi_tcp.h |   13 +-
 4 files changed, 58 insertions(+), 42 deletions(-)

diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
index 0b8af18..2e4c82f 100644
--- a/drivers/scsi/iscsi_tcp.c
+++ b/drivers/scsi/iscsi_tcp.c
@@ -26,12 +26,12 @@
  * Zhenyu Wang
  */
 
+#include 
 #include 
 #include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -428,7 +428,7 @@ static void iscsi_sw_tcp_send_hdr_prep(struct iscsi_conn 
*conn, void *hdr,
 * sufficient room.
 */
if (conn->hdrdgst_en) {
-   iscsi_tcp_dgst_header(_sw_conn->tx_hash, hdr, hdrlen,
+   iscsi_tcp_dgst_header(tcp_sw_conn->tx_hash, hdr, hdrlen,
  hdr + hdrlen);
hdrlen += ISCSI_DIGEST_SIZE;
}
@@ -454,7 +454,7 @@ iscsi_sw_tcp_send_data_prep(struct iscsi_conn *conn, struct 
scatterlist *sg,
 {
struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
-   struct hash_desc *tx_hash = NULL;
+   struct ahash_request *tx_hash = NULL;
unsigned int hdr_spec_len;
 
ISCSI_SW_TCP_DBG(conn, "offset=%d, datalen=%d %s\n", offset, len,
@@ -467,7 +467,7 @@ iscsi_sw_tcp_send_data_prep(struct iscsi_conn *conn, struct 
scatterlist *sg,
WARN_ON(iscsi_padded(len) != iscsi_padded(hdr_spec_len));
 
if (conn->datadgst_en)
-   tx_hash = _sw_conn->tx_hash;
+   tx_hash = tcp_sw_conn->tx_hash;
 
return iscsi_segment_seek_sg(_sw_conn->out.data_segment,
 sg, count, offset, len,
@@ -480,7 +480,7 @@ iscsi_sw_tcp_send_linear_data_prep(struct iscsi_conn *conn, 
void *data,
 {
struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
-   struct hash_desc *tx_hash = NULL;
+   struct ahash_request *tx_hash = NULL;
unsigned int hdr_spec_len;
 
ISCSI_SW_TCP_DBG(conn, "datalen=%zd %s\n", len, conn->datadgst_en ?
@@ -492,7 +492,7 @@ iscsi_sw_tcp_send_linear_data_prep(struct iscsi_conn *conn, 
void *data,
WARN_ON(iscsi_padded(len) != iscsi_padded(hdr_spec_len));
 
if (conn->datadgst_en)
-   tx_hash = _sw_conn->tx_hash;
+   tx_hash = tcp_sw_conn->tx_hash;
 
iscsi_segment_init_linear(_sw_conn->out.data_segment,
data, len, NULL, tx_hash);
@@ -543,6 +543,7 @@ iscsi_sw_tcp_conn_create(struct iscsi_cls_session 
*cls_session,
struct iscsi_cls_conn *cls_conn;
struct iscsi_tcp_conn *tcp_conn;
struct iscsi_sw_tcp_conn *tcp_sw_conn;
+   struct crypto_ahash *tfm;
 
cls_conn = iscsi_tcp_conn_setup(cls_session, sizeof(*tcp_sw_conn),
conn_idx);
@@ -552,23 +553,28 @@ iscsi_sw_tcp_conn_create(struct iscsi_cls_session 
*cls_session,
tcp_conn = conn->dd_data;
tcp_sw_conn = tcp_conn->dd_data;
 
-   tcp_sw_conn->tx_hash.tfm = crypto_alloc_hash("crc32c", 0,
-CRYPTO_ALG_ASYNC);
-   tcp_sw_conn->tx_hash.flags = 0;
-   if (IS_ERR(tcp_sw_conn->tx_hash.tfm))
+   tfm = crypto_alloc_ahash("crc32c", 0, CRYPTO_ALG_ASYNC);
+   if (IS_ERR(tfm))
goto free_conn;
 
-   tcp_sw_conn->rx_hash.tfm = crypto_alloc_hash("crc32c", 0,
-CRYPTO_ALG_ASYNC);
-   tcp_sw_conn->rx_hash.flags = 0;
-   if (IS_ERR(tcp_sw_conn->rx_hash.tfm))
-   goto free_tx_tfm;
-   tcp_conn->rx_hash = _sw_conn->rx_hash;
+   tcp_sw_conn->tx_hash = ahash_request_alloc(tfm, GFP_KERNEL);
+   if (!tcp_sw_conn->tx_hash)
+   goto free_tfm;
+   ahash_request_set_callback(tcp_sw_conn->tx_hash, 0, NULL, NULL);
+
+   tcp_sw_conn->rx_hash = ahash_request_alloc(tfm, GFP_KERNEL);
+   if (!tcp_sw_conn->rx_hash)
+   goto free_tx_hash;
+   ahash_request_set_callback(tcp_sw_conn->rx_hash, 0, NULL, NULL);
+
+   tcp_conn->rx_hash = tcp_sw_conn->rx_hash;
 
return cls_conn;
 
-free_tx_tfm:
-   crypto_free_hash(tcp_sw_conn->tx_hash.tfm);
+free_tx_hash:
+   ahash_request_free(tcp_sw_conn->tx_hash);
+free_tfm:
+   crypto_free_ahash(tfm);
 free_conn:
iscsi_conn_printk(KERN_ERR, conn,
  "Could not create connection due to crc32c "
@

[PATCH 8/26] cifs: Use skcipher

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 fs/cifs/cifsencrypt.c |   32 +---
 fs/cifs/smbencrypt.c  |   26 +++---
 2 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index afa09fc..d411654 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -33,6 +33,7 @@
 #include 
 #include 
 #include 
+#include 
 
 static int
 cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server)
@@ -789,38 +790,46 @@ int
 calc_seckey(struct cifs_ses *ses)
 {
int rc;
-   struct crypto_blkcipher *tfm_arc4;
+   struct crypto_skcipher *tfm_arc4;
struct scatterlist sgin, sgout;
-   struct blkcipher_desc desc;
+   struct skcipher_request *req;
unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
 
get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
 
-   tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
+   tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm_arc4)) {
rc = PTR_ERR(tfm_arc4);
cifs_dbg(VFS, "could not allocate crypto API arc4\n");
return rc;
}
 
-   desc.tfm = tfm_arc4;
-
-   rc = crypto_blkcipher_setkey(tfm_arc4, ses->auth_key.response,
+   rc = crypto_skcipher_setkey(tfm_arc4, ses->auth_key.response,
CIFS_SESS_KEY_SIZE);
if (rc) {
cifs_dbg(VFS, "%s: Could not set response as a key\n",
 __func__);
-   return rc;
+   goto out_free_cipher;
+   }
+
+   req = skcipher_request_alloc(tfm_arc4, GFP_KERNEL);
+   if (!req) {
+   rc = -ENOMEM;
+   cifs_dbg(VFS, "could not allocate crypto API arc4 request\n");
+   goto out_free_cipher;
}
 
sg_init_one(, sec_key, CIFS_SESS_KEY_SIZE);
sg_init_one(, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
 
-   rc = crypto_blkcipher_encrypt(, , , CIFS_CPHTXT_SIZE);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   skcipher_request_set_crypt(req, , , CIFS_CPHTXT_SIZE, NULL);
+
+   rc = crypto_skcipher_encrypt(req);
+   skcipher_request_free(req);
if (rc) {
cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc);
-   crypto_free_blkcipher(tfm_arc4);
-   return rc;
+   goto out_free_cipher;
}
 
/* make secondary_key/nonce as session key */
@@ -828,7 +837,8 @@ calc_seckey(struct cifs_ses *ses)
/* and make len as that of session key only */
ses->auth_key.len = CIFS_SESS_KEY_SIZE;
 
-   crypto_free_blkcipher(tfm_arc4);
+out_free_cipher:
+   crypto_free_skcipher(tfm_arc4);
 
return rc;
 }
diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
index a4232ec..699b786 100644
--- a/fs/cifs/smbencrypt.c
+++ b/fs/cifs/smbencrypt.c
@@ -23,6 +23,7 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
+#include 
 #include 
 #include 
 #include 
@@ -70,31 +71,42 @@ smbhash(unsigned char *out, const unsigned char *in, 
unsigned char *key)
 {
int rc;
unsigned char key2[8];
-   struct crypto_blkcipher *tfm_des;
+   struct crypto_skcipher *tfm_des;
struct scatterlist sgin, sgout;
-   struct blkcipher_desc desc;
+   struct skcipher_request *req;
 
str_to_key(key, key2);
 
-   tfm_des = crypto_alloc_blkcipher("ecb(des)", 0, CRYPTO_ALG_ASYNC);
+   tfm_des = crypto_alloc_skcipher("ecb(des)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm_des)) {
rc = PTR_ERR(tfm_des);
cifs_dbg(VFS, "could not allocate des crypto API\n");
goto smbhash_err;
}
 
-   desc.tfm = tfm_des;
+   req = skcipher_request_alloc(tfm_des, GFP_KERNEL);
+   if (!req) {
+   rc = -ENOMEM;
+   cifs_dbg(VFS, "could not allocate des crypto API\n");
+   goto smbhash_free_skcipher;
+   }
 
-   crypto_blkcipher_setkey(tfm_des, key2, 8);
+   crypto_skcipher_setkey(tfm_des, key2, 8);
 
sg_init_one(, in, 8);
sg_init_one(, out, 8);
 
-   rc = crypto_blkcipher_encrypt(, , , 8);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   skcipher_request_set_crypt(req, , , 8, NULL);
+
+   rc = crypto_skcipher_encrypt(req);
if (rc)
cifs_dbg(VFS, "could not encrypt crypt key rc: %d\n", rc);
 
-   crypto_free_blkcipher(tfm_des);
+   skcipher_request_free(req);
+
+smbhash_free_skcipher:
+   crypto_free_skcipher(tfm_des);
 smbhash_err:
return rc;
 }
--
To unsubscribe from this 

[PATCH 24/26] nfsd: Use shash

2016-01-24 Thread Herbert Xu
This patch replaces uses of the long obsolete hash interface with
shash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 fs/nfsd/nfs4recover.c |   28 +---
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 79f0307..a79c150 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -32,10 +32,10 @@
 *
 */
 
+#include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -104,29 +104,35 @@ static int
 nfs4_make_rec_clidname(char *dname, const struct xdr_netobj *clname)
 {
struct xdr_netobj cksum;
-   struct hash_desc desc;
-   struct scatterlist sg;
+   struct crypto_shash *tfm;
int status;
 
dprintk("NFSD: nfs4_make_rec_clidname for %.*s\n",
clname->len, clname->data);
-   desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
-   desc.tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
-   if (IS_ERR(desc.tfm)) {
-   status = PTR_ERR(desc.tfm);
+   tfm = crypto_alloc_shash("md5", 0, 0);
+   if (IS_ERR(tfm)) {
+   status = PTR_ERR(tfm);
goto out_no_tfm;
}
 
-   cksum.len = crypto_hash_digestsize(desc.tfm);
+   cksum.len = crypto_shash_digestsize(tfm);
cksum.data = kmalloc(cksum.len, GFP_KERNEL);
if (cksum.data == NULL) {
status = -ENOMEM;
goto out;
}
 
-   sg_init_one(, clname->data, clname->len);
+   {
+   SHASH_DESC_ON_STACK(desc, tfm);
+
+   desc->tfm = tfm;
+   desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+
+   status = crypto_shash_digest(desc, clname->data, clname->len,
+cksum.data);
+   shash_desc_zero(desc);
+   }
 
-   status = crypto_hash_digest(, , sg.length, cksum.data);
if (status)
goto out;
 
@@ -135,7 +141,7 @@ nfs4_make_rec_clidname(char *dname, const struct xdr_netobj 
*clname)
status = 0;
 out:
kfree(cksum.data);
-   crypto_free_hash(desc.tfm);
+   crypto_free_shash(tfm);
 out_no_tfm:
return status;
 }
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[PATCH 10/26] ext4: Use skcipher

2016-01-24 Thread Herbert Xu
This patch replaces uses of ablkcipher with skcipher.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 fs/ext4/crypto.c   |   24 +++-
 fs/ext4/crypto_fname.c |   32 +++-
 fs/ext4/crypto_key.c   |   42 --
 fs/ext4/ext4_crypto.h  |2 +-
 4 files changed, 47 insertions(+), 53 deletions(-)

diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
index 1a08350..a052c2a 100644
--- a/fs/ext4/crypto.c
+++ b/fs/ext4/crypto.c
@@ -18,11 +18,9 @@
  * Special Publication 800-38E and IEEE P1619/D16.
  */
 
-#include 
-#include 
+#include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -261,21 +259,21 @@ static int ext4_page_crypto(struct inode *inode,
 
 {
u8 xts_tweak[EXT4_XTS_TWEAK_SIZE];
-   struct ablkcipher_request *req = NULL;
+   struct skcipher_request *req = NULL;
DECLARE_EXT4_COMPLETION_RESULT(ecr);
struct scatterlist dst, src;
struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
-   struct crypto_ablkcipher *tfm = ci->ci_ctfm;
+   struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0;
 
-   req = ablkcipher_request_alloc(tfm, GFP_NOFS);
+   req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req) {
printk_ratelimited(KERN_ERR
   "%s: crypto_request_alloc() failed\n",
   __func__);
return -ENOMEM;
}
-   ablkcipher_request_set_callback(
+   skcipher_request_set_callback(
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
ext4_crypt_complete, );
 
@@ -288,21 +286,21 @@ static int ext4_page_crypto(struct inode *inode,
sg_set_page(, dest_page, PAGE_CACHE_SIZE, 0);
sg_init_table(, 1);
sg_set_page(, src_page, PAGE_CACHE_SIZE, 0);
-   ablkcipher_request_set_crypt(req, , , PAGE_CACHE_SIZE,
-xts_tweak);
+   skcipher_request_set_crypt(req, , , PAGE_CACHE_SIZE,
+  xts_tweak);
if (rw == EXT4_DECRYPT)
-   res = crypto_ablkcipher_decrypt(req);
+   res = crypto_skcipher_decrypt(req);
else
-   res = crypto_ablkcipher_encrypt(req);
+   res = crypto_skcipher_encrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) {
wait_for_completion();
res = ecr.res;
}
-   ablkcipher_request_free(req);
+   skcipher_request_free(req);
if (res) {
printk_ratelimited(
KERN_ERR
-   "%s: crypto_ablkcipher_encrypt() returned %d\n",
+   "%s: crypto_skcipher_encrypt() returned %d\n",
__func__, res);
return res;
}
diff --git a/fs/ext4/crypto_fname.c b/fs/ext4/crypto_fname.c
index 2fbef8a..1a2f360 100644
--- a/fs/ext4/crypto_fname.c
+++ b/fs/ext4/crypto_fname.c
@@ -11,11 +11,9 @@
  *
  */
 
-#include 
-#include 
+#include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -65,10 +63,10 @@ static int ext4_fname_encrypt(struct inode *inode,
  struct ext4_str *oname)
 {
u32 ciphertext_len;
-   struct ablkcipher_request *req = NULL;
+   struct skcipher_request *req = NULL;
DECLARE_EXT4_COMPLETION_RESULT(ecr);
struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
-   struct crypto_ablkcipher *tfm = ci->ci_ctfm;
+   struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0;
char iv[EXT4_CRYPTO_BLOCK_SIZE];
struct scatterlist src_sg, dst_sg;
@@ -95,14 +93,14 @@ static int ext4_fname_encrypt(struct inode *inode,
}
 
/* Allocate request */
-   req = ablkcipher_request_alloc(tfm, GFP_NOFS);
+   req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req) {
printk_ratelimited(
KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
kfree(alloc_buf);
return -ENOMEM;
}
-   ablkcipher_request_set_callback(req,
+   skcipher_request_set_callback(req,
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
ext4_dir_crypt_complete, );
 
@@ -117,14 +115,14 @@ static int ext4_fname_encrypt(struct inode *inode,
/* Create encryption request */
sg_init_one(_sg, workbuf, ciphertext_len);
sg_init_one(_sg, oname->name, ciphertext_len);
-   ablkcipher_request_set_crypt(req, _sg, _sg, ciphertext_len, iv);
-   res = crypto_ablkcipher_encrypt(req);
+   skcipher_request_set_crypt(req, _sg, _sg, ciphertext_len, iv);
+   res = crypto_skcipher_encrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) {
 

[PATCH 1/26] block: cryptoloop - Use new skcipher interface

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with the new skcipher
interface.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/block/cryptoloop.c |   48 +++--
 1 file changed, 25 insertions(+), 23 deletions(-)

diff --git a/drivers/block/cryptoloop.c b/drivers/block/cryptoloop.c
index 99e773c..3d31761 100644
--- a/drivers/block/cryptoloop.c
+++ b/drivers/block/cryptoloop.c
@@ -21,9 +21,9 @@
 
 #include 
 
+#include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -46,7 +46,7 @@ cryptoloop_init(struct loop_device *lo, const struct 
loop_info64 *info)
char *cipher;
char *mode;
char *cmsp = cms;   /* c-m string pointer */
-   struct crypto_blkcipher *tfm;
+   struct crypto_skcipher *tfm;
 
/* encryption breaks for non sector aligned offsets */
 
@@ -82,12 +82,12 @@ cryptoloop_init(struct loop_device *lo, const struct 
loop_info64 *info)
*cmsp++ = ')';
*cmsp = 0;
 
-   tfm = crypto_alloc_blkcipher(cms, 0, CRYPTO_ALG_ASYNC);
+   tfm = crypto_alloc_skcipher(cms, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm))
return PTR_ERR(tfm);
 
-   err = crypto_blkcipher_setkey(tfm, info->lo_encrypt_key,
- info->lo_encrypt_key_size);
+   err = crypto_skcipher_setkey(tfm, info->lo_encrypt_key,
+info->lo_encrypt_key_size);

if (err != 0)
goto out_free_tfm;
@@ -96,17 +96,14 @@ cryptoloop_init(struct loop_device *lo, const struct 
loop_info64 *info)
return 0;
 
  out_free_tfm:
-   crypto_free_blkcipher(tfm);
+   crypto_free_skcipher(tfm);
 
  out:
return err;
 }
 
 
-typedef int (*encdec_cbc_t)(struct blkcipher_desc *desc,
-   struct scatterlist *sg_out,
-   struct scatterlist *sg_in,
-   unsigned int nsg);
+typedef int (*encdec_cbc_t)(struct skcipher_request *req);
 
 static int
 cryptoloop_transfer(struct loop_device *lo, int cmd,
@@ -114,11 +111,8 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
struct page *loop_page, unsigned loop_off,
int size, sector_t IV)
 {
-   struct crypto_blkcipher *tfm = lo->key_data;
-   struct blkcipher_desc desc = {
-   .tfm = tfm,
-   .flags = CRYPTO_TFM_REQ_MAY_SLEEP,
-   };
+   struct crypto_skcipher *tfm = lo->key_data;
+   SKCIPHER_REQUEST_ON_STACK(req, tfm);
struct scatterlist sg_out;
struct scatterlist sg_in;
 
@@ -127,6 +121,10 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
unsigned in_offs, out_offs;
int err;
 
+   skcipher_request_set_tfm(req, tfm);
+   skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
+ NULL, NULL);
+
sg_init_table(_out, 1);
sg_init_table(_in, 1);
 
@@ -135,13 +133,13 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
in_offs = raw_off;
out_page = loop_page;
out_offs = loop_off;
-   encdecfunc = crypto_blkcipher_crt(tfm)->decrypt;
+   encdecfunc = crypto_skcipher_decrypt;
} else {
in_page = loop_page;
in_offs = loop_off;
out_page = raw_page;
out_offs = raw_off;
-   encdecfunc = crypto_blkcipher_crt(tfm)->encrypt;
+   encdecfunc = crypto_skcipher_encrypt;
}
 
while (size > 0) {
@@ -152,10 +150,10 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
sg_set_page(_in, in_page, sz, in_offs);
sg_set_page(_out, out_page, sz, out_offs);
 
-   desc.info = iv;
-   err = encdecfunc(, _out, _in, sz);
+   skcipher_request_set_crypt(req, _in, _out, sz, iv);
+   err = encdecfunc(req);
if (err)
-   return err;
+   goto out;
 
IV++;
size -= sz;
@@ -163,7 +161,11 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
out_offs += sz;
}
 
-   return 0;
+   err = 0;
+
+out:
+   skcipher_request_zero(req);
+   return err;
 }
 
 static int
@@ -175,9 +177,9 @@ cryptoloop_ioctl(struct loop_device *lo, int cmd, unsigned 
long arg)
 static int
 cryptoloop_release(struct loop_device *lo)
 {
-   struct crypto_blkcipher *tfm = lo->key_data;
+   struct crypto_skcipher *tfm = lo->key_data;
if (tfm != NULL) {
-   crypto_free_blkcipher(tfm);
+   crypto_free_skcipher(tfm);
lo->key_data = NULL;
return 0;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to ma

[PATCH 19/26] ipsec: Use skcipher and ahash when probing algorithms

2016-01-24 Thread Herbert Xu
This patch removes the last reference to hash and ablkcipher from
IPsec and replaces them with ahash and skcipher respectively.  For
skcipher there is currently no difference at all, while for ahash
the current code is actually buggy and would prevent asynchronous
algorithms from being discovered.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 net/xfrm/xfrm_algo.c |7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index f07224d..250e567 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -9,6 +9,8 @@
  * any later version.
  */
 
+#include 
+#include 
 #include 
 #include 
 #include 
@@ -782,14 +784,13 @@ void xfrm_probe_algs(void)
BUG_ON(in_softirq());
 
for (i = 0; i < aalg_entries(); i++) {
-   status = crypto_has_hash(aalg_list[i].name, 0,
-CRYPTO_ALG_ASYNC);
+   status = crypto_has_ahash(aalg_list[i].name, 0, 0);
if (aalg_list[i].available != status)
aalg_list[i].available = status;
}
 
for (i = 0; i < ealg_entries(); i++) {
-   status = crypto_has_ablkcipher(ealg_list[i].name, 0, 0);
+   status = crypto_has_skcipher(ealg_list[i].name, 0, 0);
if (ealg_list[i].available != status)
ealg_list[i].available = status;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[PATCH 18/26] rxrpc: Use skcipher

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 net/rxrpc/ar-internal.h |2 
 net/rxrpc/ar-key.c  |   12 +--
 net/rxrpc/rxkad.c   |  172 +---
 3 files changed, 114 insertions(+), 72 deletions(-)

diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 2934a73..71598f5 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -252,7 +252,7 @@ struct rxrpc_connection {
struct rxrpc_security   *security;  /* applied security module */
struct key  *key;   /* security for this connection 
(client) */
struct key  *server_key;/* security for this service */
-   struct crypto_blkcipher *cipher;/* encryption handle */
+   struct crypto_skcipher  *cipher;/* encryption handle */
struct rxrpc_crypt  csum_iv;/* packet checksum base */
unsigned long   events;
 #define RXRPC_CONN_CHALLENGE   0   /* send challenge packet */
diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c
index 3f65716..3fb492e 100644
--- a/net/rxrpc/ar-key.c
+++ b/net/rxrpc/ar-key.c
@@ -12,11 +12,11 @@
  * "a...@cambridge.redhat.com>
  */
 
+#include 
 #include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -824,7 +824,7 @@ static void rxrpc_free_preparse(struct 
key_preparsed_payload *prep)
  */
 static int rxrpc_preparse_s(struct key_preparsed_payload *prep)
 {
-   struct crypto_blkcipher *ci;
+   struct crypto_skcipher *ci;
 
_enter("%zu", prep->datalen);
 
@@ -833,13 +833,13 @@ static int rxrpc_preparse_s(struct key_preparsed_payload 
*prep)
 
memcpy(>payload.data[2], prep->data, 8);
 
-   ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
+   ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(ci)) {
_leave(" = %ld", PTR_ERR(ci));
return PTR_ERR(ci);
}
 
-   if (crypto_blkcipher_setkey(ci, prep->data, 8) < 0)
+   if (crypto_skcipher_setkey(ci, prep->data, 8) < 0)
BUG();
 
prep->payload.data[0] = ci;
@@ -853,7 +853,7 @@ static int rxrpc_preparse_s(struct key_preparsed_payload 
*prep)
 static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep)
 {
if (prep->payload.data[0])
-   crypto_free_blkcipher(prep->payload.data[0]);
+   crypto_free_skcipher(prep->payload.data[0]);
 }
 
 /*
@@ -870,7 +870,7 @@ static void rxrpc_destroy(struct key *key)
 static void rxrpc_destroy_s(struct key *key)
 {
if (key->payload.data[0]) {
-   crypto_free_blkcipher(key->payload.data[0]);
+   crypto_free_skcipher(key->payload.data[0]);
key->payload.data[0] = NULL;
}
 }
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index d7a9ab5..0d96b48 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -9,11 +9,11 @@
  * 2 of the License, or (at your option) any later version.
  */
 
+#include 
 #include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -53,7 +53,7 @@ MODULE_LICENSE("GPL");
  * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
  * packets
  */
-static struct crypto_blkcipher *rxkad_ci;
+static struct crypto_skcipher *rxkad_ci;
 static DEFINE_MUTEX(rxkad_ci_mutex);
 
 /*
@@ -61,7 +61,7 @@ static DEFINE_MUTEX(rxkad_ci_mutex);
  */
 static int rxkad_init_connection_security(struct rxrpc_connection *conn)
 {
-   struct crypto_blkcipher *ci;
+   struct crypto_skcipher *ci;
struct rxrpc_key_token *token;
int ret;
 
@@ -70,15 +70,15 @@ static int rxkad_init_connection_security(struct 
rxrpc_connection *conn)
token = conn->key->payload.data[0];
conn->security_ix = token->security_index;
 
-   ci = crypto_alloc_blkcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
+   ci = crypto_alloc_skcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(ci)) {
_debug("no cipher");
ret = PTR_ERR(ci);
goto error;
}
 
-   if (crypto_blkcipher_setkey(ci, token->kad->session_key,
-   sizeof(token->kad->session_key)) < 0)
+   if (crypto_skcipher_setkey(ci, token->kad->session_key,
+  sizeof(token->kad->session_key)) < 0)
BUG();
 
switch (conn->security_level) {
@@ -113,7 +113,7 @@ error:
 static void rxkad_prime_packet_security(struct rxrpc_connection *conn)
 {
struct rxrpc_key_token *token;
-   struct blkcipher_desc desc;
+   SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
 

[PATCH 13/26] lib80211: Use skcipher and ahash

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher and the long
obsolete hash interface with ahash.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 net/wireless/lib80211_crypt_tkip.c |   99 -
 net/wireless/lib80211_crypt_wep.c  |   46 ++---
 2 files changed, 81 insertions(+), 64 deletions(-)

diff --git a/net/wireless/lib80211_crypt_tkip.c 
b/net/wireless/lib80211_crypt_tkip.c
index 3cd8195..71447cf 100644
--- a/net/wireless/lib80211_crypt_tkip.c
+++ b/net/wireless/lib80211_crypt_tkip.c
@@ -29,7 +29,8 @@
 #include 
 #include 
 
-#include 
+#include 
+#include 
 #include 
 
 #include 
@@ -63,10 +64,10 @@ struct lib80211_tkip_data {
 
int key_idx;
 
-   struct crypto_blkcipher *rx_tfm_arc4;
-   struct crypto_hash *rx_tfm_michael;
-   struct crypto_blkcipher *tx_tfm_arc4;
-   struct crypto_hash *tx_tfm_michael;
+   struct crypto_skcipher *rx_tfm_arc4;
+   struct crypto_ahash *rx_tfm_michael;
+   struct crypto_skcipher *tx_tfm_arc4;
+   struct crypto_ahash *tx_tfm_michael;
 
/* scratch buffers for virt_to_page() (crypto API) */
u8 rx_hdr[16], tx_hdr[16];
@@ -98,29 +99,29 @@ static void *lib80211_tkip_init(int key_idx)
 
priv->key_idx = key_idx;
 
-   priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
-   CRYPTO_ALG_ASYNC);
+   priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_arc4)) {
priv->tx_tfm_arc4 = NULL;
goto fail;
}
 
-   priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
-CRYPTO_ALG_ASYNC);
+   priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_michael)) {
priv->tx_tfm_michael = NULL;
goto fail;
}
 
-   priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
-   CRYPTO_ALG_ASYNC);
+   priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_arc4)) {
priv->rx_tfm_arc4 = NULL;
goto fail;
}
 
-   priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
-CRYPTO_ALG_ASYNC);
+   priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_michael)) {
priv->rx_tfm_michael = NULL;
goto fail;
@@ -130,14 +131,10 @@ static void *lib80211_tkip_init(int key_idx)
 
   fail:
if (priv) {
-   if (priv->tx_tfm_michael)
-   crypto_free_hash(priv->tx_tfm_michael);
-   if (priv->tx_tfm_arc4)
-   crypto_free_blkcipher(priv->tx_tfm_arc4);
-   if (priv->rx_tfm_michael)
-   crypto_free_hash(priv->rx_tfm_michael);
-   if (priv->rx_tfm_arc4)
-   crypto_free_blkcipher(priv->rx_tfm_arc4);
+   crypto_free_ahash(priv->tx_tfm_michael);
+   crypto_free_skcipher(priv->tx_tfm_arc4);
+   crypto_free_ahash(priv->rx_tfm_michael);
+   crypto_free_skcipher(priv->rx_tfm_arc4);
kfree(priv);
}
 
@@ -148,14 +145,10 @@ static void lib80211_tkip_deinit(void *priv)
 {
struct lib80211_tkip_data *_priv = priv;
if (_priv) {
-   if (_priv->tx_tfm_michael)
-   crypto_free_hash(_priv->tx_tfm_michael);
-   if (_priv->tx_tfm_arc4)
-   crypto_free_blkcipher(_priv->tx_tfm_arc4);
-   if (_priv->rx_tfm_michael)
-   crypto_free_hash(_priv->rx_tfm_michael);
-   if (_priv->rx_tfm_arc4)
-   crypto_free_blkcipher(_priv->rx_tfm_arc4);
+   crypto_free_ahash(_priv->tx_tfm_michael);
+   crypto_free_skcipher(_priv->tx_tfm_arc4);
+   crypto_free_ahash(_priv->rx_tfm_michael);
+   crypto_free_skcipher(_priv->rx_tfm_arc4);
}
kfree(priv);
 }
@@ -353,11 +346,12 @@ static int lib80211_tkip_hdr(struct sk_buff *skb, int 
hdr_len,
 static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
 {
struct lib80211_tkip_data *tkey = priv;
-   struct blkcipher_desc desc = { .tfm = tkey->tx_t

[PATCH 23/26] iscsi-target: Use shash and ahash

2016-01-24 Thread Herbert Xu
This patch replaces uses of the long obsolete hash interface with
either shash (for non-SG users) or ahash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/target/iscsi/iscsi_target.c   |   86 ++
 drivers/target/iscsi/iscsi_target_auth.c  |   98 +++---
 drivers/target/iscsi/iscsi_target_login.c |   45 -
 include/target/iscsi/iscsi_target_core.h  |4 -
 4 files changed, 113 insertions(+), 120 deletions(-)

diff --git a/drivers/target/iscsi/iscsi_target.c 
b/drivers/target/iscsi/iscsi_target.c
index 72204fb..866f3ad 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -16,9 +16,9 @@
  * GNU General Public License for more details.
  
**/
 
+#include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -1190,7 +1190,7 @@ iscsit_handle_scsi_cmd(struct iscsi_conn *conn, struct 
iscsi_cmd *cmd,
 }
 
 static u32 iscsit_do_crypto_hash_sg(
-   struct hash_desc *hash,
+   struct ahash_request *hash,
struct iscsi_cmd *cmd,
u32 data_offset,
u32 data_length,
@@ -1201,7 +1201,7 @@ static u32 iscsit_do_crypto_hash_sg(
struct scatterlist *sg;
unsigned int page_off;
 
-   crypto_hash_init(hash);
+   crypto_ahash_init(hash);
 
sg = cmd->first_data_sg;
page_off = cmd->first_data_sg_off;
@@ -1209,7 +1209,8 @@ static u32 iscsit_do_crypto_hash_sg(
while (data_length) {
u32 cur_len = min_t(u32, data_length, (sg->length - page_off));
 
-   crypto_hash_update(hash, sg, cur_len);
+   ahash_request_set_crypt(hash, sg, NULL, cur_len);
+   crypto_ahash_update(hash);
 
data_length -= cur_len;
page_off = 0;
@@ -1221,33 +1222,34 @@ static u32 iscsit_do_crypto_hash_sg(
struct scatterlist pad_sg;
 
sg_init_one(_sg, pad_bytes, padding);
-   crypto_hash_update(hash, _sg, padding);
+   ahash_request_set_crypt(hash, _sg, (u8 *)_crc,
+   padding);
+   crypto_ahash_finup(hash);
+   } else {
+   ahash_request_set_crypt(hash, NULL, (u8 *)_crc, 0);
+   crypto_ahash_final(hash);
}
-   crypto_hash_final(hash, (u8 *) _crc);
 
return data_crc;
 }
 
 static void iscsit_do_crypto_hash_buf(
-   struct hash_desc *hash,
+   struct ahash_request *hash,
const void *buf,
u32 payload_length,
u32 padding,
u8 *pad_bytes,
u8 *data_crc)
 {
-   struct scatterlist sg;
+   struct scatterlist sg[2];
 
-   crypto_hash_init(hash);
+   sg_init_table(sg, ARRAY_SIZE(sg));
+   sg_set_buf(sg, buf, payload_length);
+   sg_set_buf(sg + 1, pad_bytes, padding);
 
-   sg_init_one(, buf, payload_length);
-   crypto_hash_update(hash, , payload_length);
+   ahash_request_set_crypt(hash, sg, data_crc, payload_length + padding);
 
-   if (padding) {
-   sg_init_one(, pad_bytes, padding);
-   crypto_hash_update(hash, , padding);
-   }
-   crypto_hash_final(hash, data_crc);
+   crypto_ahash_digest(hash);
 }
 
 int
@@ -1422,7 +1424,7 @@ iscsit_get_dataout(struct iscsi_conn *conn, struct 
iscsi_cmd *cmd,
if (conn->conn_ops->DataDigest) {
u32 data_crc;
 
-   data_crc = iscsit_do_crypto_hash_sg(>conn_rx_hash, cmd,
+   data_crc = iscsit_do_crypto_hash_sg(conn->conn_rx_hash, cmd,
be32_to_cpu(hdr->offset),
payload_length, padding,
cmd->pad_bytes);
@@ -1682,7 +1684,7 @@ static int iscsit_handle_nop_out(struct iscsi_conn *conn, 
struct iscsi_cmd *cmd,
}
 
if (conn->conn_ops->DataDigest) {
-   iscsit_do_crypto_hash_buf(>conn_rx_hash,
+   iscsit_do_crypto_hash_buf(conn->conn_rx_hash,
ping_data, payload_length,
padding, cmd->pad_bytes,
(u8 *)_crc);
@@ -2101,7 +2103,7 @@ iscsit_handle_text_cmd(struct iscsi_conn *conn, struct 
iscsi_cmd *cmd,
goto reject;
 
if (conn->conn_ops->DataDigest) {
-   iscsit_do_crypto_hash_buf(>conn_rx_hash,
+   iscsit_do_crypto_hash_buf(conn->conn_rx_hash,
text_in, payload_length,
padding, (u8 *)_bytes,
(u8 *)_crc);
@@ -2440,7 +2442,7 @@ static int iscsit_h

[PATCH 16/26] libceph: Use skcipher

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 net/ceph/crypto.c |   97 +++---
 1 file changed, 56 insertions(+), 41 deletions(-)

diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 42e8649..fb9cb2b 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -4,7 +4,8 @@
 #include 
 #include 
 #include 
-#include 
+#include 
+#include 
 #include 
 
 #include 
@@ -79,9 +80,9 @@ int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, 
const char *inkey)
return 0;
 }
 
-static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void)
+static struct crypto_skcipher *ceph_crypto_alloc_cipher(void)
 {
-   return crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
+   return crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
 }
 
 static const u8 *aes_iv = (u8 *)CEPH_AES_IV;
@@ -162,11 +163,11 @@ static int ceph_aes_encrypt(const void *key, int key_len,
 {
struct scatterlist sg_in[2], prealloc_sg;
struct sg_table sg_out;
-   struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
-   struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+   struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+   SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
-   void *iv;
-   int ivsize;
+   int ivsize = AES_BLOCK_SIZE;
+   char iv[ivsize];
size_t zero_padding = (0x10 - (src_len & 0x0f));
char pad[16];
 
@@ -184,11 +185,14 @@ static int ceph_aes_encrypt(const void *key, int key_len,
if (ret)
goto out_tfm;
 
-   crypto_blkcipher_setkey((void *)tfm, key, key_len);
-   iv = crypto_blkcipher_crt(tfm)->iv;
-   ivsize = crypto_blkcipher_ivsize(tfm);
+   crypto_skcipher_setkey((void *)tfm, key, key_len);
memcpy(iv, aes_iv, ivsize);
 
+   skcipher_request_set_tfm(req, tfm);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   skcipher_request_set_crypt(req, sg_in, sg_out.sgl,
+  src_len + zero_padding, iv);
+
/*
print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
   key, key_len, 1);
@@ -197,8 +201,8 @@ static int ceph_aes_encrypt(const void *key, int key_len,
print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
pad, zero_padding, 1);
*/
-   ret = crypto_blkcipher_encrypt(, sg_out.sgl, sg_in,
-src_len + zero_padding);
+   ret = crypto_skcipher_encrypt(req);
+   skcipher_request_zero(req);
if (ret < 0) {
pr_err("ceph_aes_crypt failed %d\n", ret);
goto out_sg;
@@ -211,7 +215,7 @@ static int ceph_aes_encrypt(const void *key, int key_len,
 out_sg:
teardown_sgtable(_out);
 out_tfm:
-   crypto_free_blkcipher(tfm);
+   crypto_free_skcipher(tfm);
return ret;
 }
 
@@ -222,11 +226,11 @@ static int ceph_aes_encrypt2(const void *key, int 
key_len, void *dst,
 {
struct scatterlist sg_in[3], prealloc_sg;
struct sg_table sg_out;
-   struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
-   struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+   struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+   SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
-   void *iv;
-   int ivsize;
+   int ivsize = AES_BLOCK_SIZE;
+   char iv[ivsize];
size_t zero_padding = (0x10 - ((src1_len + src2_len) & 0x0f));
char pad[16];
 
@@ -245,11 +249,14 @@ static int ceph_aes_encrypt2(const void *key, int 
key_len, void *dst,
if (ret)
goto out_tfm;
 
-   crypto_blkcipher_setkey((void *)tfm, key, key_len);
-   iv = crypto_blkcipher_crt(tfm)->iv;
-   ivsize = crypto_blkcipher_ivsize(tfm);
+   crypto_skcipher_setkey((void *)tfm, key, key_len);
memcpy(iv, aes_iv, ivsize);
 
+   skcipher_request_set_tfm(req, tfm);
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   skcipher_request_set_crypt(req, sg_in, sg_out.sgl,
+  src1_len + src2_len + zero_padding, iv);
+
/*
print_hex_dump(KERN_ERR, "enc  key: ", DUMP_PREFIX_NONE, 16, 1,
   key, key_len, 1);
@@ -260,8 +267,8 @@ static int ceph_aes_encrypt2(const void *key, int key_len, 
void *dst,
print_hex_dump(KERN_ERR, "enc  pad: ", DUMP_PREFIX_NONE, 16, 1,
pad, zero_padding, 1);
*/
-   ret = crypto_blkcipher_encrypt(, sg_out.sgl, sg_in,
-src1_len + src2_len + zero_padding);
+   ret = crypto_skcipher_encrypt(req);
+   skcipher_request_zero(req);
if (ret < 0) {
pr_err("ceph_aes_crypt2 fa

[PATCH 20/26] drbd: Use shash and ahash

2016-01-24 Thread Herbert Xu
This patch replaces uses of the long obsolete hash interface with
either shash (for non-SG users) or ahash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/block/drbd/drbd_int.h  |   16 +-
 drivers/block/drbd/drbd_main.c |   16 +-
 drivers/block/drbd/drbd_nl.c   |   59 +++--
 drivers/block/drbd/drbd_receiver.c |   56 ---
 drivers/block/drbd/drbd_worker.c   |   43 +++---
 5 files changed, 103 insertions(+), 87 deletions(-)

diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
index e66d453..686d955 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -26,13 +26,13 @@
 #ifndef _DRBD_INT_H
 #define _DRBD_INT_H
 
+#include 
 #include 
 #include 
 #include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -737,11 +737,11 @@ struct drbd_connection {
 
struct list_head transfer_log;  /* all requests not yet fully processed 
*/
 
-   struct crypto_hash *cram_hmac_tfm;
-   struct crypto_hash *integrity_tfm;  /* checksums we compute, updates 
protected by connection->data->mutex */
-   struct crypto_hash *peer_integrity_tfm;  /* checksums we verify, only 
accessed from receiver thread  */
-   struct crypto_hash *csums_tfm;
-   struct crypto_hash *verify_tfm;
+   struct crypto_shash *cram_hmac_tfm;
+   struct crypto_ahash *integrity_tfm;  /* checksums we compute, updates 
protected by connection->data->mutex */
+   struct crypto_ahash *peer_integrity_tfm;  /* checksums we verify, only 
accessed from receiver thread  */
+   struct crypto_ahash *csums_tfm;
+   struct crypto_ahash *verify_tfm;
void *int_dig_in;
void *int_dig_vv;
 
@@ -1511,8 +1511,8 @@ static inline void ov_out_of_sync_print(struct 
drbd_device *device)
 }
 
 
-extern void drbd_csum_bio(struct crypto_hash *, struct bio *, void *);
-extern void drbd_csum_ee(struct crypto_hash *, struct drbd_peer_request *, 
void *);
+extern void drbd_csum_bio(struct crypto_ahash *, struct bio *, void *);
+extern void drbd_csum_ee(struct crypto_ahash *, struct drbd_peer_request *, 
void *);
 /* worker callbacks */
 extern int w_e_end_data_req(struct drbd_work *, int);
 extern int w_e_end_rsdata_req(struct drbd_work *, int);
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
index 74d97f4..69ee808 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -1339,7 +1339,7 @@ void drbd_send_ack_dp(struct drbd_peer_device 
*peer_device, enum drbd_packet cmd
  struct p_data *dp, int data_size)
 {
if (peer_device->connection->peer_integrity_tfm)
-   data_size -= 
crypto_hash_digestsize(peer_device->connection->peer_integrity_tfm);
+   data_size -= 
crypto_ahash_digestsize(peer_device->connection->peer_integrity_tfm);
_drbd_send_ack(peer_device, cmd, dp->sector, cpu_to_be32(data_size),
   dp->block_id);
 }
@@ -1628,7 +1628,7 @@ int drbd_send_dblock(struct drbd_peer_device 
*peer_device, struct drbd_request *
sock = _device->connection->data;
p = drbd_prepare_command(peer_device, sock);
digest_size = peer_device->connection->integrity_tfm ?
- 
crypto_hash_digestsize(peer_device->connection->integrity_tfm) : 0;
+ 
crypto_ahash_digestsize(peer_device->connection->integrity_tfm) : 0;
 
if (!p)
return -EIO;
@@ -1717,7 +1717,7 @@ int drbd_send_block(struct drbd_peer_device *peer_device, 
enum drbd_packet cmd,
p = drbd_prepare_command(peer_device, sock);
 
digest_size = peer_device->connection->integrity_tfm ?
- 
crypto_hash_digestsize(peer_device->connection->integrity_tfm) : 0;
+ 
crypto_ahash_digestsize(peer_device->connection->integrity_tfm) : 0;
 
if (!p)
return -EIO;
@@ -2506,11 +2506,11 @@ void conn_free_crypto(struct drbd_connection 
*connection)
 {
drbd_free_sock(connection);
 
-   crypto_free_hash(connection->csums_tfm);
-   crypto_free_hash(connection->verify_tfm);
-   crypto_free_hash(connection->cram_hmac_tfm);
-   crypto_free_hash(connection->integrity_tfm);
-   crypto_free_hash(connection->peer_integrity_tfm);
+   crypto_free_ahash(connection->csums_tfm);
+   crypto_free_ahash(connection->verify_tfm);
+   crypto_free_shash(connection->cram_hmac_tfm);
+   crypto_free_ahash(connection->integrity_tfm);
+   crypto_free_ahash(connection->peer_integrity_tfm);
kfree(connection->int_dig_in);
kfree(connection->int_dig_vv);
 
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
index e80cbef..578f635 10064

[PATCH 0/26] crypto: Use skcipher and ahash/shash where possible

2016-01-24 Thread Herbert Xu
Hi:

The crypto hash interface has been obsolete for many years and
this series converts all remaining users to shash and ahash as
appropriate.  Despite the name ahash can be used synchronously
and is the preferred interface for those dealing with SGs.

The blkcipher and ablkcipher interfaces are also being phased out
and is being replaced with the merged skcipher interface which
is essentially the same as ablkcipher but without the implicit
IV generators.  This series converts all users of blkcipher and
ablkcipher over to skcipher.

If you have any objections please shout.  Otherwise I would like
to take these patches through the cryptodev tree so we can proceed
with phasing out the obsolete interfaces.

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[PATCH 21/26] nfc: s3fwrn5: Use shash

2016-01-24 Thread Herbert Xu
This patch replaces uses of the long obsolete hash interface with
shash.

Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 drivers/nfc/s3fwrn5/firmware.c |   36 +++-
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/drivers/nfc/s3fwrn5/firmware.c b/drivers/nfc/s3fwrn5/firmware.c
index 64a9025..5f97da1 100644
--- a/drivers/nfc/s3fwrn5/firmware.c
+++ b/drivers/nfc/s3fwrn5/firmware.c
@@ -19,7 +19,7 @@
 
 #include 
 #include 
-#include 
+#include 
 #include 
 
 #include "s3fwrn5.h"
@@ -429,8 +429,7 @@ int s3fwrn5_fw_download(struct s3fwrn5_fw_info *fw_info)
 {
struct s3fwrn5_fw_image *fw = _info->fw;
u8 hash_data[SHA1_DIGEST_SIZE];
-   struct scatterlist sg;
-   struct hash_desc desc;
+   struct crypto_shash *tfm;
u32 image_size, off;
int ret;
 
@@ -438,12 +437,31 @@ int s3fwrn5_fw_download(struct s3fwrn5_fw_info *fw_info)
 
/* Compute SHA of firmware data */
 
-   sg_init_one(, fw->image, image_size);
-   desc.tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
-   crypto_hash_init();
-   crypto_hash_update(, , image_size);
-   crypto_hash_final(, hash_data);
-   crypto_free_hash(desc.tfm);
+   tfm = crypto_alloc_shash("sha1", 0, 0);
+   if (IS_ERR(tfm)) {
+   ret = PTR_ERR(tfm);
+   dev_err(_info->ndev->nfc_dev->dev,
+   "Cannot allocate shash (code=%d)\n", ret);
+   goto out;
+   }
+
+   {
+   SHASH_DESC_ON_STACK(desc, tfm);
+
+   desc->tfm = tfm;
+   desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+
+   ret = crypto_shash_digest(desc, fw->image, image_size,
+ hash_data);
+   shash_desc_zero(desc);
+   }
+
+   crypto_free_shash(tfm);
+   if (ret) {
+   dev_err(_info->ndev->nfc_dev->dev,
+   "Cannot compute hash (code=%d)\n", ret);
+   goto out;
+   }
 
/* Firmware update process */
 
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[PATCH 14/26] KEYS: Use skcipher

2016-01-24 Thread Herbert Xu
This patch replaces uses of blkcipher with skcipher.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 security/keys/encrypted-keys/encrypted.c |   82 ++-
 1 file changed, 50 insertions(+), 32 deletions(-)

diff --git a/security/keys/encrypted-keys/encrypted.c 
b/security/keys/encrypted-keys/encrypted.c
index 696ccfa..5adbfc3 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -28,11 +28,10 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
-#include 
+#include 
 
 #include "encrypted.h"
 #include "ecryptfs_format.h"
@@ -85,17 +84,17 @@ static const match_table_t key_tokens = {
 
 static int aes_get_sizes(void)
 {
-   struct crypto_blkcipher *tfm;
+   struct crypto_skcipher *tfm;
 
-   tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
+   tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm)) {
pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",
   PTR_ERR(tfm));
return PTR_ERR(tfm);
}
-   ivsize = crypto_blkcipher_ivsize(tfm);
-   blksize = crypto_blkcipher_blocksize(tfm);
-   crypto_free_blkcipher(tfm);
+   ivsize = crypto_skcipher_ivsize(tfm);
+   blksize = crypto_skcipher_blocksize(tfm);
+   crypto_free_skcipher(tfm);
return 0;
 }
 
@@ -401,28 +400,37 @@ static int get_derived_key(u8 *derived_key, enum 
derived_key_type key_type,
return ret;
 }
 
-static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,
-  unsigned int key_len, const u8 *iv,
-  unsigned int ivsize)
+static struct skcipher_request *init_skcipher_req(const u8 *key,
+ unsigned int key_len)
 {
+   struct skcipher_request *req;
+   struct crypto_skcipher *tfm;
int ret;
 
-   desc->tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
-   if (IS_ERR(desc->tfm)) {
+   tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
+   if (IS_ERR(tfm)) {
pr_err("encrypted_key: failed to load %s transform (%ld)\n",
-  blkcipher_alg, PTR_ERR(desc->tfm));
-   return PTR_ERR(desc->tfm);
+  blkcipher_alg, PTR_ERR(tfm));
+   return ERR_CAST(tfm);
}
-   desc->flags = 0;
 
-   ret = crypto_blkcipher_setkey(desc->tfm, key, key_len);
+   ret = crypto_skcipher_setkey(tfm, key, key_len);
if (ret < 0) {
pr_err("encrypted_key: failed to setkey (%d)\n", ret);
-   crypto_free_blkcipher(desc->tfm);
-   return ret;
+   crypto_free_skcipher(tfm);
+   return ERR_PTR(ret);
}
-   crypto_blkcipher_set_iv(desc->tfm, iv, ivsize);
-   return 0;
+
+   req = skcipher_request_alloc(tfm, GFP_KERNEL);
+   if (!req) {
+   pr_err("encrypted_key: failed to allocate request for %s\n",
+  blkcipher_alg);
+   crypto_free_skcipher(tfm);
+   return ERR_PTR(-ENOMEM);
+   }
+
+   skcipher_request_set_callback(req, 0, NULL, NULL);
+   return req;
 }
 
 static struct key *request_master_key(struct encrypted_key_payload *epayload,
@@ -467,7 +475,8 @@ static int derived_key_encrypt(struct encrypted_key_payload 
*epayload,
 {
struct scatterlist sg_in[2];
struct scatterlist sg_out[1];
-   struct blkcipher_desc desc;
+   struct crypto_skcipher *tfm;
+   struct skcipher_request *req;
unsigned int encrypted_datalen;
unsigned int padlen;
char pad[16];
@@ -476,9 +485,9 @@ static int derived_key_encrypt(struct encrypted_key_payload 
*epayload,
encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);
padlen = encrypted_datalen - epayload->decrypted_datalen;
 
-   ret = init_blkcipher_desc(, derived_key, derived_keylen,
- epayload->iv, ivsize);
-   if (ret < 0)
+   req = init_skcipher_req(derived_key, derived_keylen);
+   ret = PTR_ERR(req);
+   if (IS_ERR(req))
goto out;
dump_decrypted_data(epayload);
 
@@ -491,8 +500,12 @@ static int derived_key_encrypt(struct 
encrypted_key_payload *epayload,
sg_init_table(sg_out, 1);
sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
 
-   ret = crypto_blkcipher_encrypt(, sg_out, sg_in, encrypted_datalen);
-   crypto_free_blkcipher(desc.tfm);
+   skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
+  epayload->iv);
+   ret = crypto_skcipher_encrypt(req);
+   tfm = crypto_s

[PATCH 11/26] f2fs: Use skcipher

2016-01-24 Thread Herbert Xu
This patch replaces uses of ablkcipher with skcipher.
   
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
---

 fs/f2fs/crypto.c   |   24 +++-
 fs/f2fs/crypto_fname.c |   32 +++-
 fs/f2fs/crypto_key.c   |   40 ++--
 fs/f2fs/f2fs_crypto.h  |2 +-
 4 files changed, 45 insertions(+), 53 deletions(-)

diff --git a/fs/f2fs/crypto.c b/fs/f2fs/crypto.c
index 4a62ef1..95c5cf0 100644
--- a/fs/f2fs/crypto.c
+++ b/fs/f2fs/crypto.c
@@ -23,11 +23,9 @@
  * The usage of AES-XTS should conform to recommendations in NIST
  * Special Publication 800-38E and IEEE P1619/D16.
  */
-#include 
-#include 
+#include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -328,21 +326,21 @@ static int f2fs_page_crypto(struct f2fs_crypto_ctx *ctx,
struct page *dest_page)
 {
u8 xts_tweak[F2FS_XTS_TWEAK_SIZE];
-   struct ablkcipher_request *req = NULL;
+   struct skcipher_request *req = NULL;
DECLARE_F2FS_COMPLETION_RESULT(ecr);
struct scatterlist dst, src;
struct f2fs_crypt_info *ci = F2FS_I(inode)->i_crypt_info;
-   struct crypto_ablkcipher *tfm = ci->ci_ctfm;
+   struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0;
 
-   req = ablkcipher_request_alloc(tfm, GFP_NOFS);
+   req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req) {
printk_ratelimited(KERN_ERR
"%s: crypto_request_alloc() failed\n",
__func__);
return -ENOMEM;
}
-   ablkcipher_request_set_callback(
+   skcipher_request_set_callback(
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
f2fs_crypt_complete, );
 
@@ -355,21 +353,21 @@ static int f2fs_page_crypto(struct f2fs_crypto_ctx *ctx,
sg_set_page(, dest_page, PAGE_CACHE_SIZE, 0);
sg_init_table(, 1);
sg_set_page(, src_page, PAGE_CACHE_SIZE, 0);
-   ablkcipher_request_set_crypt(req, , , PAGE_CACHE_SIZE,
-   xts_tweak);
+   skcipher_request_set_crypt(req, , , PAGE_CACHE_SIZE,
+  xts_tweak);
if (rw == F2FS_DECRYPT)
-   res = crypto_ablkcipher_decrypt(req);
+   res = crypto_skcipher_decrypt(req);
else
-   res = crypto_ablkcipher_encrypt(req);
+   res = crypto_skcipher_encrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) {
BUG_ON(req->base.data != );
wait_for_completion();
res = ecr.res;
}
-   ablkcipher_request_free(req);
+   skcipher_request_free(req);
if (res) {
printk_ratelimited(KERN_ERR
-   "%s: crypto_ablkcipher_encrypt() returned %d\n",
+   "%s: crypto_skcipher_encrypt() returned %d\n",
__func__, res);
return res;
}
diff --git a/fs/f2fs/crypto_fname.c b/fs/f2fs/crypto_fname.c
index ab377d4..16aec66 100644
--- a/fs/f2fs/crypto_fname.c
+++ b/fs/f2fs/crypto_fname.c
@@ -15,11 +15,9 @@
  *
  * This has not yet undergone a rigorous security audit.
  */
-#include 
-#include 
+#include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -70,10 +68,10 @@ static int f2fs_fname_encrypt(struct inode *inode,
const struct qstr *iname, struct f2fs_str *oname)
 {
u32 ciphertext_len;
-   struct ablkcipher_request *req = NULL;
+   struct skcipher_request *req = NULL;
DECLARE_F2FS_COMPLETION_RESULT(ecr);
struct f2fs_crypt_info *ci = F2FS_I(inode)->i_crypt_info;
-   struct crypto_ablkcipher *tfm = ci->ci_ctfm;
+   struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0;
char iv[F2FS_CRYPTO_BLOCK_SIZE];
struct scatterlist src_sg, dst_sg;
@@ -99,14 +97,14 @@ static int f2fs_fname_encrypt(struct inode *inode,
}
 
/* Allocate request */
-   req = ablkcipher_request_alloc(tfm, GFP_NOFS);
+   req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req) {
printk_ratelimited(KERN_ERR
"%s: crypto_request_alloc() failed\n", __func__);
kfree(alloc_buf);
return -ENOMEM;
}
-   ablkcipher_request_set_callback(req,
+   skcipher_request_set_callback(req,
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
f2fs_dir_crypt_complete, );
 
@@ -121,15 +119,15 @@ static int f2fs_fname_encrypt(struct inode *inode,
/* Create encryption request */
sg_init_one(_sg, workbuf, ciphertext_len);
sg_init_one(_sg, oname->name, ciphertext_len);
-   ablkcipher_request_set_crypt(req, _sg,

Re: [PATCH 1/26] block: cryptoloop - Use new skcipher interface

2016-01-24 Thread Herbert Xu
On Sun, Jan 24, 2016 at 09:37:33PM +0800, kbuild test robot wrote:
> 
> [auto build test ERROR on net/master]
> [also build test ERROR on v4.4 next-20160122]
> [if your patch is applied to the wrong git tree, please drop us a note to 
> help improving the system]

These patches depend on the two helpers that I posted yesterday
so unfortunately we'll be getting quite a few build errors from
the bot.

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html