summaryrefslogtreecommitdiffstats
path: root/crypto/echainiv.c
Commit message (Collapse)AuthorAgeFilesLines
* crypto: geniv - remove unneeded arguments from aead_geniv_alloc()Eric Biggers2020-07-161-1/+1
| | | | | | | | The type and mask arguments to aead_geniv_alloc() are always 0, so remove them. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: geniv - convert to new way of freeing instancesEric Biggers2020-01-091-16/+4
| | | | | | | | | | | | | | | | | Convert the "seqiv" template to the new way of freeing instances where a ->free() method is installed to the instance struct itself. Also remove the unused implementation of the old way of freeing instances from the "echainiv" template, since it's already using the new way too. In doing this, also simplify the code by making the helper function aead_geniv_alloc() install the ->free() method, instead of making seqiv and echainiv do this themselves. This is analogous to how skcipher_alloc_instance_simple() works. This will allow removing support for the old way of freeing instances. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152Thomas Gleixner2019-05-301-6/+1
| | | | | | | | | | | | | | | | | | | | | Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 3029 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* crypto: run initcalls for generic implementations earlierEric Biggers2019-04-181-1/+1
| | | | | | | | | | | | | | | | | | | | Use subsys_initcall for registration of all templates and generic algorithm implementations, rather than module_init. Then change cryptomgr to use arch_initcall, to place it before the subsys_initcalls. This is needed so that when both a generic and optimized implementation of an algorithm are built into the kernel (not loadable modules), the generic implementation is registered before the optimized one. Otherwise, the self-tests for the optimized implementation are unable to allocate the generic implementation for the new comparison fuzz tests. Note that on arm, a side effect of this change is that self-tests for generic implementations may run before the unaligned access handler has been installed. So, unaligned accesses will crash the kernel. This is arguably a good thing as it makes it easier to detect that type of bug. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: null - Remove VLA usage of skcipherKees Cook2018-09-281-2/+2
| | | | | | | | | | | | In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Remove unused alg/spawn variableCorentin Labbe2017-12-221-5/+0
| | | | | | | | This patch remove two unused variable and some dead "code" using it. Fixes: 66008d4230f6 ("crypto: echainiv - Remove AEAD compatibility code") Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Replace chaining with multiplicationHerbert Xu2016-09-131-91/+24
| | | | | | | | | | | | | | The current implementation uses a global per-cpu array to store data which are used to derive the next IV. This is insecure as the attacker may change the stored data. This patch removes all traces of chaining and replaces it with multiplication of the salt and the sequence number. Fixes: a10f554fa7e0 ("crypto: echainiv - Add encrypted chain IV...") Cc: stable@vger.kernel.org Reported-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Use skcipherHerbert Xu2016-07-181-6/+10
| | | | | | This patch replaces use of the obsolete blkcipher with skcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Use generic geniv init/exit helpersHerbert Xu2015-08-171-63/+7
| | | | | | | This patch replaces the echainiv init/exit handlers with the generic geniv helpers. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Remove AEAD compatibility codeHerbert Xu2015-08-171-4/+0
| | | | | | | | Now that we no longer have any legacy AEAD implementations the compatibility code path can no longer be triggered. This patch removes it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Fix encryption conventionHerbert Xu2015-07-141-13/+11
| | | | | | | | | | | | | | | | This patch fixes a bug where we were incorrectly including the IV in the AD during encryption. The IV must remain in the plain text for it to be encrypted. During decryption there is no need to copy the IV to dst because it's now part of the AD. This patch removes an unncessary check on authsize which would be performed by the underlying decrypt call. Finally this patch makes use of the type-safe init/exit functions. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Only hold RNG during initialisationHerbert Xu2015-06-221-22/+6
| | | | | | | This patch changes the RNG allocation so that we only hold a reference to the RNG during initialisation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Move IV seeding into init functionHerbert Xu2015-06-041-24/+6
| | | | | | | | | | We currently do the IV seeding on the first givencrypt call in order to conserve entropy. However, this does not work with DRBG which cannot be called from interrupt context. In fact, with DRBG we don't need to conserve entropy anyway. So this patch moves the seeding into the init function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Fix IV size in context size calculationHerbert Xu2015-05-281-1/+1
| | | | | | | This patch fixes a bug in the context size calculation where we were still referring to the old cra_aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Use common IV generation codeHerbert Xu2015-05-281-212/+18
| | | | | | This patch makes use of the new common IV generation code. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Copy AD along with plain textHerbert Xu2015-05-281-8/+2
| | | | | | | As the AD does not necessarily exist in the destination buffer it must be copied along with the plain text. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aead - Remove unused cryptoff parameterHerbert Xu2015-05-251-2/+2
| | | | | | | This patch removes the cryptoff parameter now that all users set it to zero. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Stop using cryptoffHerbert Xu2015-05-251-12/+23
| | | | | | | | | | | | | | | | The cryptoff parameter was added to facilitate the skipping of IVs that sit between the AD and the plain/cipher text. However, it was never implemented correctly as and we do not handle users such as IPsec setting cryptoff. It is simply ignored. Implementing correctly is in fact more trouble than what it's worth. This patch removes the uses of cryptoff and simply falls back to using the old AEAD interface as it's only needed for old AEAD implementations. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Use aead_register_instanceHerbert Xu2015-05-251-19/+23
| | | | | | | | | | | | New style AEAD instances must use aead_register_instance. This worked by chance because aead_geniv_alloc is still setting things the old way. This patch converts the template over to the create model where we are responsible for instance registration so that we can call the correct function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - echainiv_read_iv() can be staticWu Fengguang2015-05-251-2/+2
| | | | | Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: echainiv - Add encrypted chain IV generatorHerbert Xu2015-05-221-0/+531
This patch adds a new AEAD IV generator echainiv. It is intended to replace the existing skcipher IV generator eseqiv. If the underlying AEAD algorithm is using the old AEAD interface, then echainiv will simply use its IV generator. Otherwise, echainiv will encrypt a counter just like eseqiv but it'll first xor it against a previously stored IV similar to chainiv. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>