From 13c935bb09948aef0202574ee12bb089459eb43b Mon Sep 17 00:00:00 2001 From: Salvatore Mesoraca Date: Mon, 9 Apr 2018 15:54:46 +0200 Subject: crypto: api - laying defines and checks for statically allocated buffers In preparation for the removal of VLAs[1] from crypto code. We create 2 new compile-time constants: all ciphers implemented in Linux have a block size less than or equal to 16 bytes and the most demanding hw require 16 bytes alignment for the block buffer. We also enforce these limits in crypto_check_alg when a new cipher is registered. [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Salvatore Mesoraca Signed-off-by: Herbert Xu --- include/crypto/algapi.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include') diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index 1aba888241dd..bd5e8ccf1687 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -17,6 +17,14 @@ #include #include +/* + * Maximum values for blocksize and alignmask, used to allocate + * static buffers that are big enough for any combination of + * ciphers and architectures. + */ +#define MAX_CIPHER_BLOCKSIZE 16 +#define MAX_CIPHER_ALIGNMASK 15 + struct crypto_aead; struct crypto_instance; struct module; -- cgit v1.2.3 From 8da02bf1a216224e6f63b48d883b5aee07f82ba9 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Wed, 25 Apr 2018 14:20:45 +0200 Subject: crypto: sm4 - export encrypt/decrypt routines to other drivers In preparation of adding support for the SIMD based arm64 implementation of arm64, which requires a fallback to non-SIMD code when invoked in certain contexts, expose the generic SM4 encrypt and decrypt routines to other drivers. Signed-off-by: Ard Biesheuvel Acked-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- include/crypto/sm4.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/crypto/sm4.h b/include/crypto/sm4.h index b64e64d20b28..7afd730d16ff 100644 --- a/include/crypto/sm4.h +++ b/include/crypto/sm4.h @@ -25,4 +25,7 @@ int crypto_sm4_set_key(struct crypto_tfm *tfm, const u8 *in_key, int crypto_sm4_expand_key(struct crypto_sm4_ctx *ctx, const u8 *in_key, unsigned int key_len); +void crypto_sm4_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in); +void crypto_sm4_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in); + #endif -- cgit v1.2.3 From 396be41f16fd05af6c914eeb2c96e0cc2dadf28c Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Fri, 11 May 2018 14:19:09 +0200 Subject: crypto: morus - Add generic MORUS AEAD implementations This patch adds the generic implementation of the MORUS family of AEAD algorithms (MORUS-640 and MORUS-1280). The original authors of MORUS are Hongjun Wu and Tao Huang. At the time of writing, MORUS is one of the finalists in CAESAR, an open competition intended to select a portfolio of alternatives to the problematic AES-GCM: https://competitions.cr.yp.to/caesar-submissions.html https://competitions.cr.yp.to/round3/morusv2.pdf Signed-off-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- include/crypto/morus_common.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 include/crypto/morus_common.h (limited to 'include') diff --git a/include/crypto/morus_common.h b/include/crypto/morus_common.h new file mode 100644 index 000000000000..39f28c749951 --- /dev/null +++ b/include/crypto/morus_common.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * The MORUS Authenticated-Encryption Algorithm + * Common definitions + * + * Copyright (c) 2016-2018 Ondrej Mosnacek + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#ifndef _CRYPTO_MORUS_COMMON_H +#define _CRYPTO_MORUS_COMMON_H + +#define MORUS_BLOCK_WORDS 4 +#define MORUS_STATE_BLOCKS 5 +#define MORUS_NONCE_SIZE 16 +#define MORUS_MAX_AUTH_SIZE 16 + +#endif /* _CRYPTO_MORUS_COMMON_H */ -- cgit v1.2.3 From 56e8e57fc3a707bf4f23f88c4822e6cbc9a950dc Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Fri, 11 May 2018 14:19:11 +0200 Subject: crypto: morus - Add common SIMD glue code for MORUS This patch adds a common glue code for optimized implementations of MORUS AEAD algorithms. Signed-off-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- include/crypto/morus1280_glue.h | 137 ++++++++++++++++++++++++++++++++++++++++ include/crypto/morus640_glue.h | 137 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 274 insertions(+) create mode 100644 include/crypto/morus1280_glue.h create mode 100644 include/crypto/morus640_glue.h (limited to 'include') diff --git a/include/crypto/morus1280_glue.h b/include/crypto/morus1280_glue.h new file mode 100644 index 000000000000..b26dd70efd9a --- /dev/null +++ b/include/crypto/morus1280_glue.h @@ -0,0 +1,137 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * The MORUS-1280 Authenticated-Encryption Algorithm + * Common glue skeleton -- header file + * + * Copyright (c) 2016-2018 Ondrej Mosnacek + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#ifndef _CRYPTO_MORUS1280_GLUE_H +#define _CRYPTO_MORUS1280_GLUE_H + +#include +#include +#include +#include +#include + +#define MORUS1280_WORD_SIZE 8 +#define MORUS1280_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS1280_WORD_SIZE) + +struct morus1280_block { + u8 bytes[MORUS1280_BLOCK_SIZE]; +}; + +struct morus1280_glue_ops { + void (*init)(void *state, const void *key, const void *iv); + void (*ad)(void *state, const void *data, unsigned int length); + void (*enc)(void *state, const void *src, void *dst, unsigned int length); + void (*dec)(void *state, const void *src, void *dst, unsigned int length); + void (*enc_tail)(void *state, const void *src, void *dst, unsigned int length); + void (*dec_tail)(void *state, const void *src, void *dst, unsigned int length); + void (*final)(void *state, void *tag_xor, u64 assoclen, u64 cryptlen); +}; + +struct morus1280_ctx { + const struct morus1280_glue_ops *ops; + struct morus1280_block key; +}; + +void crypto_morus1280_glue_init_ops(struct crypto_aead *aead, + const struct morus1280_glue_ops *ops); +int crypto_morus1280_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen); +int crypto_morus1280_glue_setauthsize(struct crypto_aead *tfm, + unsigned int authsize); +int crypto_morus1280_glue_encrypt(struct aead_request *req); +int crypto_morus1280_glue_decrypt(struct aead_request *req); + +int cryptd_morus1280_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen); +int cryptd_morus1280_glue_setauthsize(struct crypto_aead *aead, + unsigned int authsize); +int cryptd_morus1280_glue_encrypt(struct aead_request *req); +int cryptd_morus1280_glue_decrypt(struct aead_request *req); +int cryptd_morus1280_glue_init_tfm(struct crypto_aead *aead); +void cryptd_morus1280_glue_exit_tfm(struct crypto_aead *aead); + +#define MORUS1280_DECLARE_ALGS(id, driver_name, priority) \ + static const struct morus1280_glue_ops crypto_morus1280_##id##_ops = {\ + .init = crypto_morus1280_##id##_init, \ + .ad = crypto_morus1280_##id##_ad, \ + .enc = crypto_morus1280_##id##_enc, \ + .enc_tail = crypto_morus1280_##id##_enc_tail, \ + .dec = crypto_morus1280_##id##_dec, \ + .dec_tail = crypto_morus1280_##id##_dec_tail, \ + .final = crypto_morus1280_##id##_final, \ + }; \ + \ + static int crypto_morus1280_##id##_init_tfm(struct crypto_aead *tfm) \ + { \ + crypto_morus1280_glue_init_ops(tfm, &crypto_morus1280_##id##_ops); \ + return 0; \ + } \ + \ + static void crypto_morus1280_##id##_exit_tfm(struct crypto_aead *tfm) \ + { \ + } \ + \ + struct aead_alg crypto_morus1280_##id##_algs[] = {\ + { \ + .setkey = crypto_morus1280_glue_setkey, \ + .setauthsize = crypto_morus1280_glue_setauthsize, \ + .encrypt = crypto_morus1280_glue_encrypt, \ + .decrypt = crypto_morus1280_glue_decrypt, \ + .init = crypto_morus1280_##id##_init_tfm, \ + .exit = crypto_morus1280_##id##_exit_tfm, \ + \ + .ivsize = MORUS_NONCE_SIZE, \ + .maxauthsize = MORUS_MAX_AUTH_SIZE, \ + .chunksize = MORUS1280_BLOCK_SIZE, \ + \ + .base = { \ + .cra_flags = CRYPTO_ALG_INTERNAL, \ + .cra_blocksize = 1, \ + .cra_ctxsize = sizeof(struct morus1280_ctx), \ + .cra_alignmask = 0, \ + \ + .cra_name = "__morus1280", \ + .cra_driver_name = "__"driver_name, \ + \ + .cra_module = THIS_MODULE, \ + } \ + }, { \ + .setkey = cryptd_morus1280_glue_setkey, \ + .setauthsize = cryptd_morus1280_glue_setauthsize, \ + .encrypt = cryptd_morus1280_glue_encrypt, \ + .decrypt = cryptd_morus1280_glue_decrypt, \ + .init = cryptd_morus1280_glue_init_tfm, \ + .exit = cryptd_morus1280_glue_exit_tfm, \ + \ + .ivsize = MORUS_NONCE_SIZE, \ + .maxauthsize = MORUS_MAX_AUTH_SIZE, \ + .chunksize = MORUS1280_BLOCK_SIZE, \ + \ + .base = { \ + .cra_flags = CRYPTO_ALG_ASYNC, \ + .cra_blocksize = 1, \ + .cra_ctxsize = sizeof(struct crypto_aead *), \ + .cra_alignmask = 0, \ + \ + .cra_priority = priority, \ + \ + .cra_name = "morus1280", \ + .cra_driver_name = driver_name, \ + \ + .cra_module = THIS_MODULE, \ + } \ + } \ + } + +#endif /* _CRYPTO_MORUS1280_GLUE_H */ diff --git a/include/crypto/morus640_glue.h b/include/crypto/morus640_glue.h new file mode 100644 index 000000000000..90c8db07e740 --- /dev/null +++ b/include/crypto/morus640_glue.h @@ -0,0 +1,137 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * The MORUS-640 Authenticated-Encryption Algorithm + * Common glue skeleton -- header file + * + * Copyright (c) 2016-2018 Ondrej Mosnacek + * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +#ifndef _CRYPTO_MORUS640_GLUE_H +#define _CRYPTO_MORUS640_GLUE_H + +#include +#include +#include +#include +#include + +#define MORUS640_WORD_SIZE 4 +#define MORUS640_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS640_WORD_SIZE) + +struct morus640_block { + u8 bytes[MORUS640_BLOCK_SIZE]; +}; + +struct morus640_glue_ops { + void (*init)(void *state, const void *key, const void *iv); + void (*ad)(void *state, const void *data, unsigned int length); + void (*enc)(void *state, const void *src, void *dst, unsigned int length); + void (*dec)(void *state, const void *src, void *dst, unsigned int length); + void (*enc_tail)(void *state, const void *src, void *dst, unsigned int length); + void (*dec_tail)(void *state, const void *src, void *dst, unsigned int length); + void (*final)(void *state, void *tag_xor, u64 assoclen, u64 cryptlen); +}; + +struct morus640_ctx { + const struct morus640_glue_ops *ops; + struct morus640_block key; +}; + +void crypto_morus640_glue_init_ops(struct crypto_aead *aead, + const struct morus640_glue_ops *ops); +int crypto_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen); +int crypto_morus640_glue_setauthsize(struct crypto_aead *tfm, + unsigned int authsize); +int crypto_morus640_glue_encrypt(struct aead_request *req); +int crypto_morus640_glue_decrypt(struct aead_request *req); + +int cryptd_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen); +int cryptd_morus640_glue_setauthsize(struct crypto_aead *aead, + unsigned int authsize); +int cryptd_morus640_glue_encrypt(struct aead_request *req); +int cryptd_morus640_glue_decrypt(struct aead_request *req); +int cryptd_morus640_glue_init_tfm(struct crypto_aead *aead); +void cryptd_morus640_glue_exit_tfm(struct crypto_aead *aead); + +#define MORUS640_DECLARE_ALGS(id, driver_name, priority) \ + static const struct morus640_glue_ops crypto_morus640_##id##_ops = {\ + .init = crypto_morus640_##id##_init, \ + .ad = crypto_morus640_##id##_ad, \ + .enc = crypto_morus640_##id##_enc, \ + .enc_tail = crypto_morus640_##id##_enc_tail, \ + .dec = crypto_morus640_##id##_dec, \ + .dec_tail = crypto_morus640_##id##_dec_tail, \ + .final = crypto_morus640_##id##_final, \ + }; \ + \ + static int crypto_morus640_##id##_init_tfm(struct crypto_aead *tfm) \ + { \ + crypto_morus640_glue_init_ops(tfm, &crypto_morus640_##id##_ops); \ + return 0; \ + } \ + \ + static void crypto_morus640_##id##_exit_tfm(struct crypto_aead *tfm) \ + { \ + } \ + \ + struct aead_alg crypto_morus640_##id##_algs[] = {\ + { \ + .setkey = crypto_morus640_glue_setkey, \ + .setauthsize = crypto_morus640_glue_setauthsize, \ + .encrypt = crypto_morus640_glue_encrypt, \ + .decrypt = crypto_morus640_glue_decrypt, \ + .init = crypto_morus640_##id##_init_tfm, \ + .exit = crypto_morus640_##id##_exit_tfm, \ + \ + .ivsize = MORUS_NONCE_SIZE, \ + .maxauthsize = MORUS_MAX_AUTH_SIZE, \ + .chunksize = MORUS640_BLOCK_SIZE, \ + \ + .base = { \ + .cra_flags = CRYPTO_ALG_INTERNAL, \ + .cra_blocksize = 1, \ + .cra_ctxsize = sizeof(struct morus640_ctx), \ + .cra_alignmask = 0, \ + \ + .cra_name = "__morus640", \ + .cra_driver_name = "__"driver_name, \ + \ + .cra_module = THIS_MODULE, \ + } \ + }, { \ + .setkey = cryptd_morus640_glue_setkey, \ + .setauthsize = cryptd_morus640_glue_setauthsize, \ + .encrypt = cryptd_morus640_glue_encrypt, \ + .decrypt = cryptd_morus640_glue_decrypt, \ + .init = cryptd_morus640_glue_init_tfm, \ + .exit = cryptd_morus640_glue_exit_tfm, \ + \ + .ivsize = MORUS_NONCE_SIZE, \ + .maxauthsize = MORUS_MAX_AUTH_SIZE, \ + .chunksize = MORUS640_BLOCK_SIZE, \ + \ + .base = { \ + .cra_flags = CRYPTO_ALG_ASYNC, \ + .cra_blocksize = 1, \ + .cra_ctxsize = sizeof(struct crypto_aead *), \ + .cra_alignmask = 0, \ + \ + .cra_priority = priority, \ + \ + .cra_name = "morus640", \ + .cra_driver_name = driver_name, \ + \ + .cra_module = THIS_MODULE, \ + } \ + } \ + } + +#endif /* _CRYPTO_MORUS640_GLUE_H */ -- cgit v1.2.3 From edd303ff0e9ebc39118e633916278b5ca8558c30 Mon Sep 17 00:00:00 2001 From: Janakarajan Natarajan Date: Fri, 25 May 2018 15:23:29 -0500 Subject: crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command The DOWNLOAD_FIRMWARE command, added as of SEV API v0.15, allows the OS to install SEV firmware newer than the currently active SEV firmware. For the new SEV firmware to be applied it must: * Pass the validation test performed by the existing firmware. * Be of the same build or a newer build compared to the existing firmware. For more information please refer to "Section 5.11 DOWNLOAD_FIRMWARE" of https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf Signed-off-by: Janakarajan Natarajan Signed-off-by: Herbert Xu --- include/linux/psp-sev.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'include') diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 93addfa34061..1d2496246072 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -54,6 +54,7 @@ enum sev_cmd { SEV_CMD_PDH_CERT_EXPORT = 0x008, SEV_CMD_PDH_GEN = 0x009, SEV_CMD_DF_FLUSH = 0x00A, + SEV_CMD_DOWNLOAD_FIRMWARE = 0x00B, /* Guest commands */ SEV_CMD_DECOMMISSION = 0x020, @@ -129,6 +130,17 @@ struct sev_data_pek_cert_import { u32 oca_cert_len; /* In */ } __packed; +/** + * struct sev_data_download_firmware - DOWNLOAD_FIRMWARE command parameters + * + * @address: physical address of firmware image + * @len: len of the firmware image + */ +struct sev_data_download_firmware { + u64 address; /* In */ + u32 len; /* In */ +} __packed; + /** * struct sev_data_pdh_cert_export - PDH_CERT_EXPORT command parameters * -- cgit v1.2.3 From 0b3a830bb407dce79468a26f382260131b50b3c5 Mon Sep 17 00:00:00 2001 From: Janakarajan Natarajan Date: Fri, 25 May 2018 15:23:30 -0500 Subject: crypto: ccp - Add GET_ID SEV command The GET_ID command, added as of SEV API v0.16, allows the SEV firmware to be queried about a unique CPU ID. This unique ID can then be used to obtain the public certificate containing the Chip Endorsement Key (CEK) public key signed by the AMD SEV Signing Key (ASK). For more information please refer to "Section 5.12 GET_ID" of https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf Signed-off-by: Janakarajan Natarajan Signed-off-by: Herbert Xu --- include/linux/psp-sev.h | 11 +++++++++++ include/uapi/linux/psp-sev.h | 12 ++++++++++++ 2 files changed, 23 insertions(+) (limited to 'include') diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 1d2496246072..827c601841c4 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -55,6 +55,7 @@ enum sev_cmd { SEV_CMD_PDH_GEN = 0x009, SEV_CMD_DF_FLUSH = 0x00A, SEV_CMD_DOWNLOAD_FIRMWARE = 0x00B, + SEV_CMD_GET_ID = 0x00C, /* Guest commands */ SEV_CMD_DECOMMISSION = 0x020, @@ -141,6 +142,16 @@ struct sev_data_download_firmware { u32 len; /* In */ } __packed; +/** + * struct sev_data_get_id - GET_ID command parameters + * + * @address: physical address of region to place unique CPU ID(s) + * @len: len of the region + */ +struct sev_data_get_id { + u64 address; /* In */ + u32 len; /* In/Out */ +} __packed; /** * struct sev_data_pdh_cert_export - PDH_CERT_EXPORT command parameters * diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 9008f31c7eb6..ac8c60bcc83b 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -30,6 +30,7 @@ enum { SEV_PDH_GEN, SEV_PDH_CERT_EXPORT, SEV_PEK_CERT_IMPORT, + SEV_GET_ID, SEV_MAX, }; @@ -123,6 +124,17 @@ struct sev_user_data_pdh_cert_export { __u32 cert_chain_len; /* In/Out */ } __packed; +/** + * struct sev_user_data_get_id - GET_ID command parameters + * + * @socket1: Buffer to pass unique ID of first socket + * @socket2: Buffer to pass unique ID of second socket + */ +struct sev_user_data_get_id { + __u8 socket1[64]; /* Out */ + __u8 socket2[64]; /* Out */ +} __packed; + /** * struct sev_issue_cmd - SEV ioctl parameters * -- cgit v1.2.3 From 015a03704df11c552501e0b52cc264b5c57a9a41 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 26 May 2018 00:08:59 -0700 Subject: crypto: salsa20 - Revert "crypto: salsa20 - export generic helpers" This reverts commit eb772f37ae8163a89e28a435f6a18742ae06653b, as now the x86 Salsa20 implementation has been removed and the generic helpers are no longer needed outside of salsa20_generic.c. We could keep this just in case someone else wants to add a new optimized Salsa20 implementation. But given that we have ChaCha20 now too, I think it's unlikely. And this can always be reverted back. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- include/crypto/salsa20.h | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 include/crypto/salsa20.h (limited to 'include') diff --git a/include/crypto/salsa20.h b/include/crypto/salsa20.h deleted file mode 100644 index 19ed48aefc86..000000000000 --- a/include/crypto/salsa20.h +++ /dev/null @@ -1,27 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* - * Common values for the Salsa20 algorithm - */ - -#ifndef _CRYPTO_SALSA20_H -#define _CRYPTO_SALSA20_H - -#include - -#define SALSA20_IV_SIZE 8 -#define SALSA20_MIN_KEY_SIZE 16 -#define SALSA20_MAX_KEY_SIZE 32 -#define SALSA20_BLOCK_SIZE 64 - -struct crypto_skcipher; - -struct salsa20_ctx { - u32 initial_state[16]; -}; - -void crypto_salsa20_init(u32 *state, const struct salsa20_ctx *ctx, - const u8 *iv); -int crypto_salsa20_setkey(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keysize); - -#endif /* _CRYPTO_SALSA20_H */ -- cgit v1.2.3