Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu: "API: - Add 1472-byte test to tcrypt for IPsec - Reintroduced crypto stats interface with numerous changes - Support incremental algorithm dumps Algorithms: - Add xchacha12/20 - Add nhpoly1305 - Add adiantum - Add streebog hash - Mark cts(cbc(aes)) as FIPS allowed Drivers: - Improve performance of arm64/chacha20 - Improve performance of x86/chacha20 - Add NEON-accelerated nhpoly1305 - Add SSE2 accelerated nhpoly1305 - Add AVX2 accelerated nhpoly1305 - Add support for 192/256-bit keys in gcmaes AVX - Add SG support in gcmaes AVX - ESN for inline IPsec tx in chcr - Add support for CryptoCell 703 in ccree - Add support for CryptoCell 713 in ccree - Add SM4 support in ccree - Add SM3 support in ccree - Add support for chacha20 in caam/qi2 - Add support for chacha20 + poly1305 in caam/jr - Add support for chacha20 + poly1305 in caam/qi2 - Add AEAD cipher support in cavium/nitrox" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (130 commits) crypto: skcipher - remove remnants of internal IV generators crypto: cavium/nitrox - Fix build with !CONFIG_DEBUG_FS crypto: salsa20-generic - don't unnecessarily use atomic walk crypto: skcipher - add might_sleep() to skcipher_walk_virt() crypto: x86/chacha - avoid sleeping under kernel_fpu_begin() crypto: cavium/nitrox - Added AEAD cipher support crypto: mxc-scc - fix build warnings on ARM64 crypto: api - document missing stats member crypto: user - remove unused dump functions crypto: chelsio - Fix wrong error counter increments crypto: chelsio - Reset counters on cxgb4 Detach crypto: chelsio - Handle PCI shutdown event crypto: chelsio - cleanup:send addr as value in function argument crypto: chelsio - Use same value for both channel in single WR crypto: chelsio - Swap location of AAD and IV sent in WR crypto: chelsio - remove set but not used variable 'kctx_len' crypto: ux500 - Use proper enum in hash_set_dma_transfer crypto: ux500 - Use proper enum in cryp_set_dma_transfer crypto: aesni - Add scatter/gather avx stubs, and use them in C crypto: aesni - Introduce partial block macro ..
This commit is contained in:
Linus Torvalds
@@ -1,10 +1,7 @@
|
||||
/**
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (c) 2010-2012 Broadcom. All rights reserved.
|
||||
* Copyright (c) 2013 Lubomir Rintel
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License ("GPL")
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*/
|
||||
|
||||
#include <linux/hw_random.h>
|
||||
|
||||
@@ -265,7 +265,7 @@
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/completion.h>
|
||||
#include <linux/uuid.h>
|
||||
#include <crypto/chacha20.h>
|
||||
#include <crypto/chacha.h>
|
||||
|
||||
#include <asm/processor.h>
|
||||
#include <linux/uaccess.h>
|
||||
@@ -431,11 +431,10 @@ static int crng_init = 0;
|
||||
#define crng_ready() (likely(crng_init > 1))
|
||||
static int crng_init_cnt = 0;
|
||||
static unsigned long crng_global_init_time = 0;
|
||||
#define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
|
||||
static void _extract_crng(struct crng_state *crng,
|
||||
__u8 out[CHACHA20_BLOCK_SIZE]);
|
||||
#define CRNG_INIT_CNT_THRESH (2*CHACHA_KEY_SIZE)
|
||||
static void _extract_crng(struct crng_state *crng, __u8 out[CHACHA_BLOCK_SIZE]);
|
||||
static void _crng_backtrack_protect(struct crng_state *crng,
|
||||
__u8 tmp[CHACHA20_BLOCK_SIZE], int used);
|
||||
__u8 tmp[CHACHA_BLOCK_SIZE], int used);
|
||||
static void process_random_ready_list(void);
|
||||
static void _get_random_bytes(void *buf, int nbytes);
|
||||
|
||||
@@ -863,7 +862,7 @@ static int crng_fast_load(const char *cp, size_t len)
|
||||
}
|
||||
p = (unsigned char *) &primary_crng.state[4];
|
||||
while (len > 0 && crng_init_cnt < CRNG_INIT_CNT_THRESH) {
|
||||
p[crng_init_cnt % CHACHA20_KEY_SIZE] ^= *cp;
|
||||
p[crng_init_cnt % CHACHA_KEY_SIZE] ^= *cp;
|
||||
cp++; crng_init_cnt++; len--;
|
||||
}
|
||||
spin_unlock_irqrestore(&primary_crng.lock, flags);
|
||||
@@ -895,7 +894,7 @@ static int crng_slow_load(const char *cp, size_t len)
|
||||
unsigned long flags;
|
||||
static unsigned char lfsr = 1;
|
||||
unsigned char tmp;
|
||||
unsigned i, max = CHACHA20_KEY_SIZE;
|
||||
unsigned i, max = CHACHA_KEY_SIZE;
|
||||
const char * src_buf = cp;
|
||||
char * dest_buf = (char *) &primary_crng.state[4];
|
||||
|
||||
@@ -913,8 +912,8 @@ static int crng_slow_load(const char *cp, size_t len)
|
||||
lfsr >>= 1;
|
||||
if (tmp & 1)
|
||||
lfsr ^= 0xE1;
|
||||
tmp = dest_buf[i % CHACHA20_KEY_SIZE];
|
||||
dest_buf[i % CHACHA20_KEY_SIZE] ^= src_buf[i % len] ^ lfsr;
|
||||
tmp = dest_buf[i % CHACHA_KEY_SIZE];
|
||||
dest_buf[i % CHACHA_KEY_SIZE] ^= src_buf[i % len] ^ lfsr;
|
||||
lfsr += (tmp << 3) | (tmp >> 5);
|
||||
}
|
||||
spin_unlock_irqrestore(&primary_crng.lock, flags);
|
||||
@@ -926,7 +925,7 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
|
||||
unsigned long flags;
|
||||
int i, num;
|
||||
union {
|
||||
__u8 block[CHACHA20_BLOCK_SIZE];
|
||||
__u8 block[CHACHA_BLOCK_SIZE];
|
||||
__u32 key[8];
|
||||
} buf;
|
||||
|
||||
@@ -937,7 +936,7 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
|
||||
} else {
|
||||
_extract_crng(&primary_crng, buf.block);
|
||||
_crng_backtrack_protect(&primary_crng, buf.block,
|
||||
CHACHA20_KEY_SIZE);
|
||||
CHACHA_KEY_SIZE);
|
||||
}
|
||||
spin_lock_irqsave(&crng->lock, flags);
|
||||
for (i = 0; i < 8; i++) {
|
||||
@@ -973,7 +972,7 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
|
||||
}
|
||||
|
||||
static void _extract_crng(struct crng_state *crng,
|
||||
__u8 out[CHACHA20_BLOCK_SIZE])
|
||||
__u8 out[CHACHA_BLOCK_SIZE])
|
||||
{
|
||||
unsigned long v, flags;
|
||||
|
||||
@@ -990,7 +989,7 @@ static void _extract_crng(struct crng_state *crng,
|
||||
spin_unlock_irqrestore(&crng->lock, flags);
|
||||
}
|
||||
|
||||
static void extract_crng(__u8 out[CHACHA20_BLOCK_SIZE])
|
||||
static void extract_crng(__u8 out[CHACHA_BLOCK_SIZE])
|
||||
{
|
||||
struct crng_state *crng = NULL;
|
||||
|
||||
@@ -1008,14 +1007,14 @@ static void extract_crng(__u8 out[CHACHA20_BLOCK_SIZE])
|
||||
* enough) to mutate the CRNG key to provide backtracking protection.
|
||||
*/
|
||||
static void _crng_backtrack_protect(struct crng_state *crng,
|
||||
__u8 tmp[CHACHA20_BLOCK_SIZE], int used)
|
||||
__u8 tmp[CHACHA_BLOCK_SIZE], int used)
|
||||
{
|
||||
unsigned long flags;
|
||||
__u32 *s, *d;
|
||||
int i;
|
||||
|
||||
used = round_up(used, sizeof(__u32));
|
||||
if (used + CHACHA20_KEY_SIZE > CHACHA20_BLOCK_SIZE) {
|
||||
if (used + CHACHA_KEY_SIZE > CHACHA_BLOCK_SIZE) {
|
||||
extract_crng(tmp);
|
||||
used = 0;
|
||||
}
|
||||
@@ -1027,7 +1026,7 @@ static void _crng_backtrack_protect(struct crng_state *crng,
|
||||
spin_unlock_irqrestore(&crng->lock, flags);
|
||||
}
|
||||
|
||||
static void crng_backtrack_protect(__u8 tmp[CHACHA20_BLOCK_SIZE], int used)
|
||||
static void crng_backtrack_protect(__u8 tmp[CHACHA_BLOCK_SIZE], int used)
|
||||
{
|
||||
struct crng_state *crng = NULL;
|
||||
|
||||
@@ -1042,8 +1041,8 @@ static void crng_backtrack_protect(__u8 tmp[CHACHA20_BLOCK_SIZE], int used)
|
||||
|
||||
static ssize_t extract_crng_user(void __user *buf, size_t nbytes)
|
||||
{
|
||||
ssize_t ret = 0, i = CHACHA20_BLOCK_SIZE;
|
||||
__u8 tmp[CHACHA20_BLOCK_SIZE] __aligned(4);
|
||||
ssize_t ret = 0, i = CHACHA_BLOCK_SIZE;
|
||||
__u8 tmp[CHACHA_BLOCK_SIZE] __aligned(4);
|
||||
int large_request = (nbytes > 256);
|
||||
|
||||
while (nbytes) {
|
||||
@@ -1057,7 +1056,7 @@ static ssize_t extract_crng_user(void __user *buf, size_t nbytes)
|
||||
}
|
||||
|
||||
extract_crng(tmp);
|
||||
i = min_t(int, nbytes, CHACHA20_BLOCK_SIZE);
|
||||
i = min_t(int, nbytes, CHACHA_BLOCK_SIZE);
|
||||
if (copy_to_user(buf, tmp, i)) {
|
||||
ret = -EFAULT;
|
||||
break;
|
||||
@@ -1622,14 +1621,14 @@ static void _warn_unseeded_randomness(const char *func_name, void *caller,
|
||||
*/
|
||||
static void _get_random_bytes(void *buf, int nbytes)
|
||||
{
|
||||
__u8 tmp[CHACHA20_BLOCK_SIZE] __aligned(4);
|
||||
__u8 tmp[CHACHA_BLOCK_SIZE] __aligned(4);
|
||||
|
||||
trace_get_random_bytes(nbytes, _RET_IP_);
|
||||
|
||||
while (nbytes >= CHACHA20_BLOCK_SIZE) {
|
||||
while (nbytes >= CHACHA_BLOCK_SIZE) {
|
||||
extract_crng(buf);
|
||||
buf += CHACHA20_BLOCK_SIZE;
|
||||
nbytes -= CHACHA20_BLOCK_SIZE;
|
||||
buf += CHACHA_BLOCK_SIZE;
|
||||
nbytes -= CHACHA_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
if (nbytes > 0) {
|
||||
@@ -1637,7 +1636,7 @@ static void _get_random_bytes(void *buf, int nbytes)
|
||||
memcpy(buf, tmp, nbytes);
|
||||
crng_backtrack_protect(tmp, nbytes);
|
||||
} else
|
||||
crng_backtrack_protect(tmp, CHACHA20_BLOCK_SIZE);
|
||||
crng_backtrack_protect(tmp, CHACHA_BLOCK_SIZE);
|
||||
memzero_explicit(tmp, sizeof(tmp));
|
||||
}
|
||||
|
||||
@@ -2208,8 +2207,8 @@ struct ctl_table random_table[] = {
|
||||
|
||||
struct batched_entropy {
|
||||
union {
|
||||
u64 entropy_u64[CHACHA20_BLOCK_SIZE / sizeof(u64)];
|
||||
u32 entropy_u32[CHACHA20_BLOCK_SIZE / sizeof(u32)];
|
||||
u64 entropy_u64[CHACHA_BLOCK_SIZE / sizeof(u64)];
|
||||
u32 entropy_u32[CHACHA_BLOCK_SIZE / sizeof(u32)];
|
||||
};
|
||||
unsigned int position;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user