summaryrefslogtreecommitdiffstats
path: root/crypto/echainiv.c
AgeCommit message (Collapse)AuthorFilesLines
2019-05-30treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152Thomas Gleixner1-6/+1
Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 3029 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-18crypto: run initcalls for generic implementations earlierEric Biggers1-1/+1
Use subsys_initcall for registration of all templates and generic algorithm implementations, rather than module_init. Then change cryptomgr to use arch_initcall, to place it before the subsys_initcalls. This is needed so that when both a generic and optimized implementation of an algorithm are built into the kernel (not loadable modules), the generic implementation is registered before the optimized one. Otherwise, the self-tests for the optimized implementation are unable to allocate the generic implementation for the new comparison fuzz tests. Note that on arm, a side effect of this change is that self-tests for generic implementations may run before the unaligned access handler has been installed. So, unaligned accesses will crash the kernel. This is arguably a good thing as it makes it easier to detect that type of bug. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-09-28crypto: null - Remove VLA usage of skcipherKees Cook1-2/+2
In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-12-22crypto: echainiv - Remove unused alg/spawn variableCorentin Labbe1-5/+0
This patch remove two unused variable and some dead "code" using it. Fixes: 66008d4230f6 ("crypto: echainiv - Remove AEAD compatibility code") Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-09-13crypto: echainiv - Replace chaining with multiplicationHerbert Xu1-91/+24
The current implementation uses a global per-cpu array to store data which are used to derive the next IV. This is insecure as the attacker may change the stored data. This patch removes all traces of chaining and replaces it with multiplication of the salt and the sequence number. Fixes: a10f554fa7e0 ("crypto: echainiv - Add encrypted chain IV...") Cc: stable@vger.kernel.org Reported-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-07-18crypto: echainiv - Use skcipherHerbert Xu1-6/+10
This patch replaces use of the obsolete blkcipher with skcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-08-17crypto: echainiv - Use generic geniv init/exit helpersHerbert Xu1-63/+7
This patch replaces the echainiv init/exit handlers with the generic geniv helpers. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-08-17crypto: echainiv - Remove AEAD compatibility codeHerbert Xu1-4/+0
Now that we no longer have any legacy AEAD implementations the compatibility code path can no longer be triggered. This patch removes it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-07-14crypto: echainiv - Fix encryption conventionHerbert Xu1-13/+11
This patch fixes a bug where we were incorrectly including the IV in the AD during encryption. The IV must remain in the plain text for it to be encrypted. During decryption there is no need to copy the IV to dst because it's now part of the AD. This patch removes an unncessary check on authsize which would be performed by the underlying decrypt call. Finally this patch makes use of the type-safe init/exit functions. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-22crypto: echainiv - Only hold RNG during initialisationHerbert Xu1-22/+6
This patch changes the RNG allocation so that we only hold a reference to the RNG during initialisation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-04crypto: echainiv - Move IV seeding into init functionHerbert Xu1-24/+6
We currently do the IV seeding on the first givencrypt call in order to conserve entropy. However, this does not work with DRBG which cannot be called from interrupt context. In fact, with DRBG we don't need to conserve entropy anyway. So this patch moves the seeding into the init function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28crypto: echainiv - Fix IV size in context size calculationHerbert Xu1-1/+1
This patch fixes a bug in the context size calculation where we were still referring to the old cra_aead. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28crypto: echainiv - Use common IV generation codeHerbert Xu1-212/+18
This patch makes use of the new common IV generation code. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28crypto: echainiv - Copy AD along with plain textHerbert Xu1-8/+2
As the AD does not necessarily exist in the destination buffer it must be copied along with the plain text. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25crypto: aead - Remove unused cryptoff parameterHerbert Xu1-2/+2
This patch removes the cryptoff parameter now that all users set it to zero. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25crypto: echainiv - Stop using cryptoffHerbert Xu1-12/+23
The cryptoff parameter was added to facilitate the skipping of IVs that sit between the AD and the plain/cipher text. However, it was never implemented correctly as and we do not handle users such as IPsec setting cryptoff. It is simply ignored. Implementing correctly is in fact more trouble than what it's worth. This patch removes the uses of cryptoff and simply falls back to using the old AEAD interface as it's only needed for old AEAD implementations. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25crypto: echainiv - Use aead_register_instanceHerbert Xu1-19/+23
New style AEAD instances must use aead_register_instance. This worked by chance because aead_geniv_alloc is still setting things the old way. This patch converts the template over to the create model where we are responsible for instance registration so that we can call the correct function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-25crypto: echainiv - echainiv_read_iv() can be staticWu Fengguang1-2/+2
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-22crypto: echainiv - Add encrypted chain IV generatorHerbert Xu1-0/+531
This patch adds a new AEAD IV generator echainiv. It is intended to replace the existing skcipher IV generator eseqiv. If the underlying AEAD algorithm is using the old AEAD interface, then echainiv will simply use its IV generator. Otherwise, echainiv will encrypt a counter just like eseqiv but it'll first xor it against a previously stored IV similar to chainiv. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>