linux/arch/x86/include/asm/crypto, branch masterMirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
https://git.shady.money/linux/atom?h=master2021-01-14T06:10:30Zcrypto: x86 - use local headers for x86 specific shared declarations2021-01-14T06:10:30ZArd Biesheuvelardb@kernel.org2021-01-05T16:48:09Zurn:sha1:a04ea6f7ffa27d5825b56cb1591ad0992910992c
The Camellia, Serpent and Twofish related header files only contain
declarations that are shared between different implementations of the
respective algorithms residing under arch/x86/crypto, and none of their
contents should be used elsewhere. So move the header files into the
same location, and use local #includes instead.
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: x86 - remove glue helper module2021-01-14T06:10:29ZArd Biesheuvelardb@kernel.org2021-01-05T16:48:08Zurn:sha1:64ca771cd6bf48bd01f630ad1440ab151d1d19d5
All dependencies on the x86 glue helper module have been replaced by
local instantiations of the new ECB/CBC preprocessor helper macros, so
the glue helper module can be retired.
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: x86/glue-helper - drop CTR helper routines2021-01-14T06:10:28ZArd Biesheuvelardb@kernel.org2021-01-05T16:47:59Zurn:sha1:89b7ba5c8b9b20df043bc7b1d60065589f4103c3
The glue helper's CTR routines are no longer used, so drop them.
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: x86/twofish - drop CTR mode implementation2021-01-14T06:10:28ZArd Biesheuvelardb@kernel.org2021-01-05T16:47:58Zurn:sha1:f43dcaf2c97eae986378f12c46b27fe21f8a885b
Twofish in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: x86/camellia - drop CTR mode implementation2021-01-14T06:10:28ZArd Biesheuvelardb@kernel.org2021-01-05T16:47:54Zurn:sha1:a1f91ecf812ac333ee2897f3eb2d8f4f6b4ce942
Camellia in CTR mode is never used by the kernel directly, and is highly
unlikely to be relied upon by dm-crypt or algif_skcipher. So let's drop
the accelerated CTR mode implementation, and instead, rely on the CTR
template and the bare cipher.
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: x86/glue-helper - drop XTS helper routines2021-01-14T06:10:27ZArd Biesheuvelardb@kernel.org2021-01-05T16:47:53Zurn:sha1:31d49c448ab8556ce8d340eb28da2484e5b5629c
The glue helper's XTS routines are no longer used, so drop them.
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: x86/serpent- switch to XTS template2021-01-14T06:10:27ZArd Biesheuvelardb@kernel.org2021-01-05T16:47:51Zurn:sha1:9ec0af8aa6038163e7cd01dea3b8e085712d19fc
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Serpent in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: x86/camellia - switch to XTS template2021-01-14T06:10:27ZArd Biesheuvelardb@kernel.org2021-01-05T16:47:49Zurn:sha1:55a7e88f016873ef1717295d8460416b1ccd05a5
Now that the XTS template can wrap accelerated ECB modes, it can be
used to implement Camellia in XTS mode as well, which turns out to
be at least as fast, and sometimes even faster.
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN2020-01-09T03:30:53ZEric Biggersebiggers@google.com2019-12-31T03:19:36Zurn:sha1:674f368a952c48ede71784935a799a5205b92b6c
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.
However, no one actually checks for this flag, which makes it pointless.
Also, many algorithms fail to set this flag when given a bad length key.
Reviewing just the generic implementations, this is the case for
aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
many more in arch/*/crypto/ and drivers/crypto/.
Some algorithms can even set this flag when the key is the correct
length. For example, authenc and authencesn set it when the key payload
is malformed in any way (not just a bad length), the atmel-sha and ccree
drivers can set it if a memory allocation fails, and the chelsio driver
sets it for bad auth tag lengths, not just bad key lengths.
So even if someone actually wanted to start checking this flag (which
seems unlikely, since it's been unused for a long time), there would be
a lot of work needed to get it working correctly. But it would probably
be much better to go back to the drawing board and just define different
return values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.
So just remove this flag.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: x86 - Regularize glue function prototypes2019-12-11T08:36:54ZKees Cookkeescook@chromium.org2019-11-27T06:08:02Zurn:sha1:9c1e8836edbbaf3656bc07437b59c04be034ac4e
The crypto glue performed function prototype casting via macros to make
indirect calls to assembly routines. Instead of performing casts at the
call sites (which trips Control Flow Integrity prototype checking), switch
each prototype to a common standard set of arguments which allows the
removal of the existing macros. In order to keep pointer math unchanged,
internal casting between u128 pointers and u8 pointers is added.
Co-developed-by: João Moreira <joao.moreira@intel.com>
Signed-off-by: João Moreira <joao.moreira@intel.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>