Signed-off-by: Miloslav Trmač
---
crypto/af_alg.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index cabed0e..bd9e53c 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -242,6 +242,7 @@ int af_alg_accept(struct sock *sk, struct
Signed-off-by: Miloslav Trmač
---
net/core/sock.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/core/sock.c b/net/core/sock.c
index 3eed542..634d5bc 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -157,7 +157,7 @@ static const char *const
Signed-off-by: Miloslav Trmač
---
include/linux/Kbuild |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/include/linux/Kbuild b/include/linux/Kbuild
index 9aa9bca..60db44c 100644
--- a/include/linux/Kbuild
+++ b/include/linux/Kbuild
@@ -81,6 +81,7 @@ header-y
---
include/linux/Kbuild |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/include/linux/Kbuild b/include/linux/Kbuild
index 9aa9bca..60db44c 100644
--- a/include/linux/Kbuild
+++ b/include/linux/Kbuild
@@ -81,6 +81,7 @@ header-y += hysdn_if.h
header-y += i2o-dev.h
header-
---
net/core/sock.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/core/sock.c b/net/core/sock.c
index 3eed542..634d5bc 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -157,7 +157,7 @@ static const char *const af_family_key_strings[AF_MAX+1] = {
"sk_lock
Signed-off-by: Miloslav Trmač
---
crypto/af_alg.c | 30 ++
1 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 490ae43..fc1b0f7 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -14,6 +14,7 @@
#include
Signed-off-by: Miloslav Trmač
---
crypto/af_alg.c | 14 ++
crypto/algif_hash.c | 27 +++
crypto/algif_skcipher.c | 20 ++--
include/crypto/if_alg.h |6 ++
4 files changed, 61 insertions(+), 6 deletions(-)
diff --git
Ideally we should be able to use i_ino of the inode associated with the
socket, but i_ino can have duplicate values if the static counter inside
new_inode() wraps around.
Signed-off-by: Miloslav Trmač
---
crypto/af_alg.c | 66 +-
crypto
Signed-off-by: Miloslav Trmač
---
crypto/algif_hash.c |6 ++
crypto/algif_skcipher.c |6 ++
include/crypto/if_alg.h |1 +
3 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index f08a42c..3a61e9d 100644
--- a/crypto
exit,always -F crypto_op!=0).
Changes since the previous version:
* Use audit_aux_data instead of a separate linked list
* Don't overwrite initial values of "err" by 0 in algif_skcipher.c
Mirek
Miloslav Trmač (5):
Add general crypto auditing infrastructure
Add unique IDs to
to_op!=0").
Signed-off-by: Miloslav Trmač
---
include/linux/audit.h | 22 +++
kernel/auditfilter.c |2 +
kernel/auditsc.c | 97 +
3 files changed, 121 insertions(+), 0 deletions(-)
diff --git a/include/linux/audit.h b/inc
Signed-off-by: Miloslav Trmač
---
crypto/af_alg.c | 14 ++
crypto/algif_hash.c | 27 +++
crypto/algif_skcipher.c | 15 +++
include/crypto/if_alg.h |6 ++
4 files changed, 58 insertions(+), 4 deletions(-)
diff --git a
Signed-off-by: Miloslav Trmač
---
crypto/algif_hash.c |6 ++
crypto/algif_skcipher.c |6 ++
include/crypto/if_alg.h |1 +
3 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index f08a42c..3a61e9d 100644
--- a/crypto
to_op!=0").
Signed-off-by: Miloslav Trmač
---
include/linux/audit.h | 22 +++
kernel/auditfilter.c |2 +
kernel/auditsc.c | 100 +
3 files changed, 124 insertions(+), 0 deletions(-)
diff --git a/include/linux/audit.h b/inc
Signed-off-by: Miloslav Trmač
---
crypto/af_alg.c | 30 ++
1 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 490ae43..fc1b0f7 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -14,6 +14,7 @@
#include
Ideally we should be able to use i_ino of the inode associated with the
socket, but i_ino can have duplicate values if the static counter inside
new_inode() wraps around.
Signed-off-by: Miloslav Trmač
---
crypto/af_alg.c | 66 +-
crypto
Not a good patch to start with, but the header file dependencies do not
allow otherwise.
(Reviewing this in detail is probably premature, we are considering
replacing the implementation by something based on libgcrypt, which is
more actively maintained and has been probably more thorouhgly examine
Pointers to this table are used to identify algorithms throughout the
code.
---
crypto/userspace/Makefile |2 +-
crypto/userspace/ncr-sessions.c | 150 +++
2 files changed, 151 insertions(+), 1 deletions(-)
create mode 100644 crypto/userspace/ncr-ses
Posted separately for review on linux-audit
---
include/linux/audit.h | 38 ++
kernel/auditfilter.c |2 +
kernel/auditsc.c | 136 +
3 files changed, 176 insertions(+), 0 deletions(-)
diff --git a/include/linux/audit.h b/incl
Add basic Diffie-Hellman implementation, because it is not provided by
libtomcrypt.
Finally, add an algorithm-independent pubkey interface that encapsulates
the separate pubkey algorithm implementations.
---
crypto/userspace/Makefile |2 +-
crypto/userspace/ncr-dh.c | 282 +++
This includes:
- ncr_key_init
- ncr_key_deinit
- ncr_key_export (as plaintext)
- ncr_key_import
- ncr_key_generate
- ncr_key_generate_pair
- ncr_key_derive
- ncr_key_get_info
and supporting infrastructure.
---
crypto/userspace/Makefile |2 +-
crypto/userspace/ncr-key.c | 689
---
crypto/userspace/cryptodev_main.c | 87 +
1 files changed, 87 insertions(+), 0 deletions(-)
diff --git a/crypto/userspace/cryptodev_main.c
b/crypto/userspace/cryptodev_main.c
index c6419f4..a6712db 100644
--- a/crypto/userspace/cryptodev_main.c
+++ b/cry
This includes:
- ncr_key_wrap
- ncr_key_unwrap
- ncr_key_storage_wrap
- ncr_key_storage_unwrap
---
crypto/userspace/Makefile |5 +-
crypto/userspace/ncr-key-storage.c | 136 +++
crypto/userspace/ncr-key-wrap.c| 763
crypto/userspace/ncr.c
This includes:
- ncr_session_init
- ncr_session_update
- ncr_session_final
- ncr_session_once
The ncr_session_*_from_nla() functions are separate from the main
session code because they belong into ncr.c along with other code that
deals directly with user-space data structures and handles
CONFIG_C
Add ioctl and compat_ioctl handling. This is the only file that
directly accesses structured data from userspace (other files may access
unformated data such as cipher input or multiple-precision integers).
Also add the last operation, ncr_master_key_set.
---
crypto/userspace/ncr.c | 405 ++
---
crypto/userspace/cryptodev_main.c | 130 +
1 files changed, 130 insertions(+), 0 deletions(-)
diff --git a/crypto/userspace/cryptodev_main.c
b/crypto/userspace/cryptodev_main.c
index a6712db..6ba9bd6 100644
--- a/crypto/userspace/cryptodev_main.c
+++ b/cr
Same as the previous patch - the header file dependencies do not allow
otherwise.
(Reviewing this in detail is probably premature, we are considering
replacing the implementation by something based on libgcrypt, which is
more actively maintained and has been probably more thorouhgly examined
for v
* Red Hat Author: Miloslav Trmač
+ *
+ */
+
+#include
+#include
+#include
+#include "ncr-int.h"
+#include "utils.h"
+
+#ifdef CONFIG_COMPAT
+/* max() is too clever for compile-time constants */
+#define CONST_MAX(A, B) ((A) > (B) ? (A) : (B))
+
+#d
This encapsulates allocation/deallocation of all necessary objects,
dealing with the asynchronous nature of ablkcipher/ahash.
Long term, I'm not quite sure this layer makes sense; For now, it
provides a truly simple API for internal callers in libtomcrypt, at
least.
---
crypto/userspace/Makefile
Right now only key objects, not crypto sessions, are limited.
---
crypto/userspace/Makefile |2 +-
crypto/userspace/ncr-limits.c | 247 +
2 files changed, 248 insertions(+), 1 deletions(-)
create mode 100644 crypto/userspace/ncr-limits.c
diff --gi
That's it, .c files will finally follow in the next patch.
---
crypto/userspace/cryptodev_int.h | 82 +
crypto/userspace/ncr-dh.h| 25
crypto/userspace/ncr-int.h | 245 ++
crypto/userspace/ncr-pk.h| 55 +
4 f
---
crypto/Kconfig|5 +
crypto/Makefile |2 ++
crypto/userspace/Makefile |1 +
3 files changed, 8 insertions(+), 0 deletions(-)
create mode 100644 crypto/userspace/Makefile
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 81c185a..022768a 100644
--- a/cryp
This patch introduces the new user-space API, .
Quick overview:
* open("/dev/crypto") to get a FD, which acts as a namespace for key and
session identifiers.
* ioctl(NCRIO_KEY_INIT) to allocate a key object; then generate the key
material inside the kernel, load a plaintext key, unwrap a key
Hello,
following is a patchset providing an user-space interface to the kernel crypto
API. It is based on the older, BSD-compatible, implementation, but the
user-space interface is different.
Major changes since the previous post:
* "struct nlattr"-based extensible attributes used for extensibili
This patch introduces the new user-space API, .
Quick overview:
* open("/dev/crypto") to get a FD, which acts as a namespace for key and
session identifiers.
* ioctl(NCRIO_KEY_INIT) to allocate a key object; then generate the key
material inside the kernel, load a plaintext key, unwrap a key
This is used throughout the code. Included for completeness, undergoing
separate review on linux-audit.
---
include/linux/audit.h | 38 +
kernel/auditfilter.c |2
kernel/auditsc.c | 136 ++
3 files changed, 176 insertions(+
Hello,
following is a patchset providing an user-space interface to the kernel crypto
API. It is based on the older, BSD-compatible, implementation, but the
user-space interface is different.
These are the major differences compared to the BSD-like interface:
* The API supports key storage and m
37 matches
Mail list logo