Re: sha512: make it work, undo percpu message schedule
On 01/11/2012 01:00 AM, Alexey Dobriyan wrote: commit f9e2bca6c22d75a289a349f869701214d63b5060 aka crypto: sha512 - Move message schedule W[80] to static percpu area created global message schedule area. [snip] I personally don't understand this changelog entry: The message schedule W (u64[80]) is too big for the stack. Hash context is dynamically allocated. My original patch did the same thing as yours and put the message schedule on the stack in sha512_transform. Herbert argued [1], that it was too big and suggested to store it in a static per-cpu area. [1] - http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg02527.html -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: ripemd - Set module author and update email address.
Signed-off-by: Adrian-Ken Rueegsegger k...@codelabs.ch --- crypto/rmd128.c |3 ++- crypto/rmd160.c |3 ++- crypto/rmd256.c |3 ++- crypto/rmd320.c |3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/crypto/rmd128.c b/crypto/rmd128.c index 1ceb673..8a0f68b 100644 --- a/crypto/rmd128.c +++ b/crypto/rmd128.c @@ -5,7 +5,7 @@ * * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC * - * Copyright (c) 2008 Adrian-Ken Rueegsegger rueegsegger (at) swiss-it.ch + * Copyright (c) 2008 Adrian-Ken Rueegsegger k...@codelabs.ch * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free @@ -325,4 +325,5 @@ module_init(rmd128_mod_init); module_exit(rmd128_mod_fini); MODULE_LICENSE(GPL); +MODULE_AUTHOR(Adrian-Ken Rueegsegger k...@codelabs.ch); MODULE_DESCRIPTION(RIPEMD-128 Message Digest); diff --git a/crypto/rmd160.c b/crypto/rmd160.c index 472261f..525d7bb 100644 --- a/crypto/rmd160.c +++ b/crypto/rmd160.c @@ -5,7 +5,7 @@ * * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC * - * Copyright (c) 2008 Adrian-Ken Rueegsegger rueegsegger (at) swiss-it.ch + * Copyright (c) 2008 Adrian-Ken Rueegsegger k...@codelabs.ch * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free @@ -369,4 +369,5 @@ module_init(rmd160_mod_init); module_exit(rmd160_mod_fini); MODULE_LICENSE(GPL); +MODULE_AUTHOR(Adrian-Ken Rueegsegger k...@codelabs.ch); MODULE_DESCRIPTION(RIPEMD-160 Message Digest); diff --git a/crypto/rmd256.c b/crypto/rmd256.c index 72eafa8..69293d9 100644 --- a/crypto/rmd256.c +++ b/crypto/rmd256.c @@ -5,7 +5,7 @@ * * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC * - * Copyright (c) 2008 Adrian-Ken Rueegsegger rueegsegger (at) swiss-it.ch + * Copyright (c) 2008 Adrian-Ken Rueegsegger k...@codelabs.ch * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free @@ -344,4 +344,5 @@ module_init(rmd256_mod_init); module_exit(rmd256_mod_fini); MODULE_LICENSE(GPL); +MODULE_AUTHOR(Adrian-Ken Rueegsegger k...@codelabs.ch); MODULE_DESCRIPTION(RIPEMD-256 Message Digest); diff --git a/crypto/rmd320.c b/crypto/rmd320.c index 86becab..09f97df 100644 --- a/crypto/rmd320.c +++ b/crypto/rmd320.c @@ -5,7 +5,7 @@ * * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC * - * Copyright (c) 2008 Adrian-Ken Rueegsegger rueegsegger (at) swiss-it.ch + * Copyright (c) 2008 Adrian-Ken Rueegsegger k...@codelabs.ch * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free @@ -393,4 +393,5 @@ module_init(rmd320_mod_init); module_exit(rmd320_mod_fini); MODULE_LICENSE(GPL); +MODULE_AUTHOR(Adrian-Ken Rueegsegger k...@codelabs.ch); MODULE_DESCRIPTION(RIPEMD-320 Message Digest); -- 1.6.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BUG] SLOB breaks Crypto
Matt Mackall schrieb: On Mon, 2010-05-17 at 23:50 +0200, Adrian-Ken Rueegsegger wrote: Geert Uytterhoeven wrote: On Fri, Mar 19, 2010 at 02:33, Herbert Xu herb...@gondor.apana.org.au wrote: On Thu, Mar 18, 2010 at 10:24:41PM +0100, michael-...@fami-braun.de wrote: Pekka Enberg schrieb: Even with CONFIG_DEBUG_SLAB enabled or with CONFIG_SLUB and CONFIG_SLUB_DEBUG_ON? no, these options have not been / are not enabled. Can you please try it with those options enabled? That will tell us if there is some latent bug in the crypto layer that only shows up right away under SLOB. After seeing a posting from Nemoto-san on the linux-mips list (should show up soon on http://www.linux-mips.org/archives/linux-mips/2010-05/threads.html), I'm wondering if these defaults are the culprit; mm/slab.c:#define ARCH_KMALLOC_MINALIGN __alignof__(unsigned long long) mm/slob.c:#define ARCH_KMALLOC_MINALIGN __alignof__(unsigned long) mm/slub.c:#define ARCH_KMALLOC_MINALIGN __alignof__(unsigned long long) Seems the target here is x86, which has no DMA or other alignment constraints. Just a quick note: I changed this line in mm/slob.c to (unsigned long long) and was able to load tcrypt without the kernel oopsing or panic'ing. When running all test via modprobe tcrypt Hmmm, sounds like something in crypto has a bogus alignment/padding expectation. Surprised it wasn't caught by SLAB redzoning though. Perhaps we can 'bisect' the test suite to narrow it down to a particular test. Alternately, we can tweak SLAB to offset buffers by two bytes and see what breaks. As noted in my other mail [1] it seems like the HMAC tests trigger these errors. Regards, Adrian [1] - http://lkml.org/lkml/2010/5/14/199 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BUG] SLOB breaks Crypto
Herbert Xu wrote: On Tue, May 18, 2010 at 10:17:35AM +0200, Adrian-Ken Rueegsegger wrote: As noted in my other mail [1] it seems like the HMAC tests trigger these errors. Thanks for all the detective work! I think the problem is this changeset: commit 6eb7228421c01ba48a6a88a7a5b3e71cfb70d4a9 Author: Herbert Xu herb...@gondor.apana.org.au Date: Tue Jan 8 17:16:44 2008 +1100 [CRYPTO] api: Set default CRYPTO_MINALIGN to unsigned long long Thanks to David Miller for pointing out that the SLAB (or SLOB/SLUB) cache uses the alignment of unsigned long long if the architecture kmalloc/slab alignment macros are not defined. This patch changes the CRYPTO_MINALIGN so that it uses the same default value. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 0aba104..5e02d1b 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -90,13 +90,11 @@ #define CRYPTO_MINALIGN ARCH_KMALLOC_MINALIGN #elif defined(ARCH_SLAB_MINALIGN) #define CRYPTO_MINALIGN ARCH_SLAB_MINALIGN +#else +#define CRYPTO_MINALIGN __alignof__(unsigned long long) #endif -#ifdef CRYPTO_MINALIGN #define CRYPTO_MINALIGN_ATTR __attribute__ ((__aligned__(CRYPTO_MINALIGN))) -#else -#define CRYPTO_MINALIGN_ATTR -#endif struct scatterlist; struct crypto_ablkcipher; So evidently the assumption made in this change does not work on SLOB since it only guarantees __alignof__(unsigned long). I think the simplest fix is to revert this changeset. When doing the revert it is necessary to either have ARCH_KMALLOC_MINALIGN defined or explicitly define CRYPTO_MINALIGN in the case where it is not. Otherwise shash compilation fails because it needs CRYPTO_MINALIGN. Regards, Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BUG] SLOB breaks Crypto
Hi, Herbert Xu wrote: On Thu, Mar 18, 2010 at 10:24:41PM +0100, michael-...@fami-braun.de wrote: Pekka Enberg schrieb: Even with CONFIG_DEBUG_SLAB enabled or with CONFIG_SLUB and CONFIG_SLUB_DEBUG_ON? no, these options have not been / are not enabled. Can you please try it with those options enabled? That will tell us if there is some latent bug in the crypto layer that only shows up right away under SLOB. I was able reproduced the issue with the current crypto-2.6 tree 180ce7e... The issue does not show up with CONFIG_DEBUG_SLAB nor CONFIG_SLUB and CONFIG_SLUB_DEBUG_ON. It seems the issues is really related to hmac. Loading tcrypt with modes not using hmac seem to run fine. During my tests the system freezes eventually when doing multiple modprobes of tcrypt like this: modprobe tcrypt mode=100 I get multiple OOPses with a subsequent panic looking like this: [ 409.631551] BUG: unable to handle kernel NULL pointer dereference at 0090 [ 409.631645] IP: [f883a278] hmac_setkey+0x38/0x140 [hmac] [ 409.631705] *pde = [ 409.631757] Oops: [#1] PREEMPT DEBUG_PAGEALLOC [ 409.631857] last sysfs file: /sys/class/power_supply/AC/online [ 409.631891] Modules linked in: tcrypt(+) hmac netconsole loop ide_cd_mod cdrom ide_pci_generic ehci_hcd uhci_hcd piix usbcore [last unloaded: scsi_wait_scan] [ 409.632019] [ 409.632019] Pid: 5184, comm: modprobe Not tainted 2.6.33-g180ce7e #5 /Latitude D600 [ 409.632019] EIP: 0060:[f883a278] EFLAGS: 00010282 CPU: 0 [ 409.632019] EIP is at hmac_setkey+0x38/0x140 [hmac] [ 409.632019] EAX: e0254734 EBX: e025476c ECX: 0090 EDX: e0254820 [ 409.632019] ESI: 0040 EDI: e02547c4 EBP: e1dc3cb4 ESP: e1dc3c94 [ 409.632019] DS: 007b ES: 007b FS: GS: 0033 SS: 0068 [ 409.632019] Process modprobe (pid: 5184, ti=e1dc2000 task=e538b000 task.ti=e1dc2000) [ 409.632019] Stack: [ 409.632019] e0254668 e0254820 0010 c043a348 0010 e538b87c c043a348 [ 409.632019] 0 e1dc3cd8 c020f3d6 0010 e0254734 e538b87c c04945b4 e1e47000 [ 409.632019] 0 c043a348 e1dc3ce0 c020f3fb e1dc3d00 c020eb4b 0010 ebe26380 0008 [ 409.632019] Call Trace: [ 409.632019] [c020f3d6] ? crypto_shash_setkey+0x96/0xa0 [ 409.632019] [c020f3fb] ? shash_async_setkey+0xb/0x10 [ 409.632019] [c020eb4b] ? crypto_ahash_setkey+0x8b/0x90 [ 409.632019] [c0211056] ? test_hash+0x176/0x620 [ 409.632019] [c012a754] ? _local_bh_enable+0x24/0x80 [ 409.632019] [c0108441] ? native_sched_clock+0x21/0x80 [ 409.632019] [c0186fce] ? slob_page_alloc+0x20e/0x240 [ 409.632019] [c018758d] ? slob_alloc+0x10d/0x1f0 [ 409.632019] [c0187791] ? __kmalloc_node+0xa1/0xc0 [ 409.632019] [c02095e1] ? crypto_create_tfm+0x41/0xc0 [ 409.632019] [c020a77a] ? crypto_spawn_tfm2+0x3a/0x60 [ 409.632019] [f883a4f6] ? hmac_init_tfm+0x26/0x5c [hmac] [ 409.632019] [c0209620] ? crypto_create_tfm+0x80/0xc0 [ 409.632019] [c0211535] ? alg_test_hash+0x35/0x70 [ 409.632019] [c021320f] ? alg_find_test+0x3f/0x70 [ 409.632019] [c0213299] ? alg_test+0x59/0x180 [ 409.632019] [f8865a55] ? do_test+0xec5/0x14ec [tcrypt] [ 409.632019] [f886a0c1] ? tcrypt_mod_init+0xc1/0xce [tcrypt] [ 409.632019] [f886a000] ? tcrypt_mod_init+0x0/0xce [tcrypt] [ 409.632019] [c0101023] ? do_one_initcall+0x23/0x170 [ 409.632019] [c013f7fa] ? blocking_notifier_call_chain+0x1a/0x20 [ 409.632019] [c0151a02] ? sys_init_module+0xb2/0x220 [ 409.632019] [c017c974] ? sys_mmap_pgoff+0xe4/0xf0 [ 409.632019] [c0102ad0] ? sysenter_do_call+0x12/0x26 [ 409.632019] Code: 55 ec 8b 50 34 8d 4a d4 8b 72 14 8b 59 24 89 5d f0 8b 52 1c 8b 49 28 8d 10 38 f7 d2 21 d3 8d 3c 0b 8d 54 0f 07 83 e2 f8 8b 0a 8b 11 83 c2 0f 83 e2 f8 83 c2 10 29 d4 8d 54 24 13 83 e2 f0 89 [ 409.632019] EIP: [f883a278] hmac_setkey+0x38/0x140 [hmac] SS:ESP 0068:e1dc3c94 [ 409.632019] CR2: 0090 [ 474.594010] BUG: soft lockup - CPU#0 stuck for 61s! [modprobe:5184] [ 474.594010] Modules linked in: tcrypt(+) hmac netconsole loop ide_cd_mod cdrom ide_pci_generic ehci_hcd uhci_hcd piix usbcore [last unloaded: scsi_wait_scan] [ 474.594010] Modules linked in: tcrypt(+) hmac netconsole loop ide_cd_mod cdrom ide_pci_generic ehci_hcd uhci_hcd piix usbcore [last unloaded: scsi_wait_scan] [ 474.594010] [ 474.594010] Pid: 5184, comm: modprobe Tainted: G D 2.6.33-g180ce7e #5 /Latitude D600 [ 474.594010] EIP: 0060:[c01180f0] EFLAGS: 0246 CPU: 0 [ 474.594010] EIP is at __bad_area_nosemaphore+0x20/0x180 [ 474.594010] EAX: e538b000 EBX: ECX: EDX: [ 474.594010] ESI: e1dc39f0 EDI: EBP: e1dc39a8 ESP: e1dc38f8 [ 474.594010] DS: 007b ES: 007b FS: GS: 0033 SS: 0068 [ 474.594010] Process modprobe (pid: 5184, ti=e1dc2000 task=e538b000 task.ti=e1dc2000) [ 474.594010] Stack: [ 474.594010] c0104c8e e1dc3920 e1dc3920 e1dc3920 c0105e5f [ 474.594010] 0 e538b000 c048dde0 e1dc3934 c0157bbd 193c c048dde0 e1dc394c [ 474.594010] 0 c0104784 e1dc3980 e1dc3980
Re: [PATCH] crypto/arc4: convert this stream cipher into a block cipher
Hi, Sebastian Andrzej Siewior schrieb: the state has been moved from ctx into iv. That way encrypt()/decrypt() can deliver the same result for a given IV. This patch makes the cipher work with dm-crypt not that it is a good thing. However, the performance may have improved :) The name is still ecb(aes) but since this is provided by the blkcipher itself, Just to avoid any confusion you meant ecb(arc4) not ecb(aes) here right? -Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: Fix dead links.
Signed-off-by: Adrian-Ken Rueegsegger k...@codelabs.ch --- crypto/gf128mul.c |2 +- crypto/sha256_generic.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/gf128mul.c b/crypto/gf128mul.c index ecbeaa1..a90d260 100644 --- a/crypto/gf128mul.c +++ b/crypto/gf128mul.c @@ -4,7 +4,7 @@ * Copyright (c) 2006, Rik Snel rs...@cube.dyndns.org * * Based on Dr Brian Gladman's (GPL'd) work published at - * http://fp.gladman.plus.com/cryptography_technology/index.htm + * http://gladman.plushost.co.uk/oldsite/cryptography_technology/index.php * See the original copyright notice below. * * This program is free software; you can redistribute it and/or modify it diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c index caa3542..6349d83 100644 --- a/crypto/sha256_generic.c +++ b/crypto/sha256_generic.c @@ -2,7 +2,7 @@ * Cryptographic API. * * SHA-256, as specified in - * http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf + * http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf * * SHA-256 code by Jean-Luc Cooke jlco...@certainkey.com. * -- 1.5.4.3 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: shash - fix module refcount
Module reference counting for shash is incorrect: when a new shash transformation is created the refcount is not increased as it should. Signed-off-by: Adrian-Ken Rueegsegger rueegseg...@swiss-it.ch --- crypto/shash.c |7 ++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/crypto/shash.c b/crypto/shash.c index c9df367..d5a2b61 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -388,10 +388,15 @@ static int crypto_init_shash_ops_compat(struct crypto_tfm *tfm) struct shash_desc *desc = crypto_tfm_ctx(tfm); struct crypto_shash *shash; + if (!crypto_mod_get(calg)) + return -EAGAIN; + shash = __crypto_shash_cast(crypto_create_tfm( calg, crypto_shash_type)); - if (IS_ERR(shash)) + if (IS_ERR(shash)) { + crypto_mod_put(calg); return PTR_ERR(shash); + } desc-tfm = shash; tfm-exit = crypto_exit_shash_ops_compat; -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/2 v4] crypto: sha512 - Switch to shash
This patch changes sha512 and sha384 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/Kconfig |2 +- crypto/sha512_generic.c | 112 +-- 2 files changed, 60 insertions(+), 54 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 6593b5a..017a044 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -341,7 +341,7 @@ config CRYPTO_SHA256 config CRYPTO_SHA512 tristate SHA384 and SHA512 digest algorithms - select CRYPTO_ALGAPI + select CRYPTO_HASH help SHA512 secure hash standard (DFIPS 180-2). diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c index cb85516..3bea38d 100644 --- a/crypto/sha512_generic.c +++ b/crypto/sha512_generic.c @@ -10,7 +10,7 @@ * later version. * */ - +#include crypto/internal/hash.h #include linux/kernel.h #include linux/module.h #include linux/mm.h @@ -138,10 +138,10 @@ sha512_transform(u64 *state, const u8 *input) put_cpu_var(msg_schedule); } -static void -sha512_init(struct crypto_tfm *tfm) +static int +sha512_init(struct shash_desc *desc) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); sctx-state[0] = SHA512_H0; sctx-state[1] = SHA512_H1; sctx-state[2] = SHA512_H2; @@ -151,12 +151,14 @@ sha512_init(struct crypto_tfm *tfm) sctx-state[6] = SHA512_H6; sctx-state[7] = SHA512_H7; sctx-count[0] = sctx-count[1] = sctx-count[2] = sctx-count[3] = 0; + + return 0; } -static void -sha384_init(struct crypto_tfm *tfm) +static int +sha384_init(struct shash_desc *desc) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); sctx-state[0] = SHA384_H0; sctx-state[1] = SHA384_H1; sctx-state[2] = SHA384_H2; @@ -166,12 +168,14 @@ sha384_init(struct crypto_tfm *tfm) sctx-state[6] = SHA384_H6; sctx-state[7] = SHA384_H7; sctx-count[0] = sctx-count[1] = sctx-count[2] = sctx-count[3] = 0; + + return 0; } -static void -sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) +static int +sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); unsigned int i, index, part_len; @@ -203,12 +207,14 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) /* Buffer remaining input */ memcpy(sctx-buf[index], data[i], len - i); + + return 0; } -static void -sha512_final(struct crypto_tfm *tfm, u8 *hash) +static int +sha512_final(struct shash_desc *desc, u8 *hash) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); static u8 padding[128] = { 0x80, }; __be64 *dst = (__be64 *)hash; __be32 bits[4]; @@ -224,10 +230,10 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash) /* Pad out to 112 mod 128. */ index = (sctx-count[0] 3) 0x7f; pad_len = (index 112) ? (112 - index) : ((128+112) - index); - sha512_update(tfm, padding, pad_len); + sha512_update(desc, padding, pad_len); /* Append length (before padding) */ - sha512_update(tfm, (const u8 *)bits, sizeof(bits)); + sha512_update(desc, (const u8 *)bits, sizeof(bits)); /* Store state in digest */ for (i = 0; i 8; i++) @@ -235,66 +241,66 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash) /* Zeroize sensitive information. */ memset(sctx, 0, sizeof(struct sha512_ctx)); + + return 0; } -static void sha384_final(struct crypto_tfm *tfm, u8 *hash) +static int sha384_final(struct shash_desc *desc, u8 *hash) { -u8 D[64]; + u8 D[64]; - sha512_final(tfm, D); + sha512_final(desc, D); -memcpy(hash, D, 48); -memset(D, 0, 64); + memcpy(hash, D, 48); + memset(D, 0, 64); + + return 0; } -static struct crypto_alg sha512 = { -.cra_name = sha512, -.cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = SHA512_BLOCK_SIZE, -.cra_ctxsize= sizeof(struct sha512_ctx), -.cra_module = THIS_MODULE, - .cra_alignmask = 3, -.cra_list = LIST_HEAD_INIT(sha512.cra_list), -.cra_u = { .digest = { -.dia_digestsize = SHA512_DIGEST_SIZE, -.dia_init = sha512_init, -.dia_update = sha512_update, -.dia_final = sha512_final } -} +static struct shash_alg sha512 = { + .digestsize = SHA512_DIGEST_SIZE, + .init = sha512_init, + .update = sha512_update
Re: [PATCH 4/4][RFC] crypto: michael_mic - Switch to shash
Herbert Xu wrote: On Thu, Dec 04, 2008 at 01:18:12AM +0100, Adrian-Ken Rueegsegger wrote: struct michael_mic_ctx { +u32 l, r; +}; + +struct michael_mic_desc_ctx { u8 pending[4]; size_t pending_len; u32 l, r; }; Any reason why you left them in the desc context? As I explained in the other mail, the values l and r are not readonly. Therefor I believe they need to be copied from the tfm context to the descriptor upon transformation. Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/4 v2] Switch remaining algorithms to shash
This series contains the fixed up patches to convert the remaining hash algorithms to use the new shash interface. The first patch is left unchanged and removes the message schedule W from struct sha512_ctx. The last three patches now contain the needed Kconfig dependencies. Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/4 v2] crypto: sha512 - Remove W (message schedule) from struct sha512_ctx
The message schedule W[80] is calculated anew when sha512_transform is executed. Therefore it is local to that function and does not need to be defined in struct sha512_ctx. Note: the sha256 algorithm already does it this way. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/sha512_generic.c | 13 + 1 files changed, 5 insertions(+), 8 deletions(-) diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c index bc36861..e0b0303 100644 --- a/crypto/sha512_generic.c +++ b/crypto/sha512_generic.c @@ -25,7 +25,6 @@ struct sha512_ctx { u64 state[8]; u32 count[4]; u8 buf[128]; - u64 W[80]; }; static inline u64 Ch(u64 x, u64 y, u64 z) @@ -89,10 +88,10 @@ static inline void BLEND_OP(int I, u64 *W) } static void -sha512_transform(u64 *state, u64 *W, const u8 *input) +sha512_transform(u64 *state, const u8 *input) { u64 a, b, c, d, e, f, g, h, t1, t2; - + u64 W[80]; int i; /* load the input */ @@ -132,6 +131,7 @@ sha512_transform(u64 *state, u64 *W, const u8 *input) /* erase our data */ a = b = c = d = e = f = g = h = t1 = t2 = 0; + memset(W, 0, 80 * sizeof(u64)); } static void @@ -187,10 +187,10 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) /* Transform as many times as possible. */ if (len = part_len) { memcpy(sctx-buf[index], data, part_len); - sha512_transform(sctx-state, sctx-W, sctx-buf); + sha512_transform(sctx-state, sctx-buf); for (i = part_len; i + 127 len; i+=128) - sha512_transform(sctx-state, sctx-W, data[i]); + sha512_transform(sctx-state, data[i]); index = 0; } else { @@ -199,9 +199,6 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) /* Buffer remaining input */ memcpy(sctx-buf[index], data[i], len - i); - - /* erase our data */ - memset(sctx-W, 0, sizeof(sctx-W)); } static void -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 4/4 v2] crypto: michael_mic - Switch to shash
This patch changes michael_mic to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/Kconfig |2 +- crypto/michael_mic.c | 72 - 2 files changed, 42 insertions(+), 32 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index e2b903d..9003f11 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -259,7 +259,7 @@ config CRYPTO_MD5 config CRYPTO_MICHAEL_MIC tristate Michael MIC keyed digest algorithm - select CRYPTO_ALGAPI + select CRYPTO_HASH help Michael MIC is used for message integrity protection in TKIP (IEEE 802.11i). This algorithm is required for TKIP, but it diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c index 9e917b8..079b761 100644 --- a/crypto/michael_mic.c +++ b/crypto/michael_mic.c @@ -9,23 +9,25 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ - +#include crypto/internal/hash.h #include asm/byteorder.h #include linux/init.h #include linux/module.h #include linux/string.h -#include linux/crypto.h #include linux/types.h struct michael_mic_ctx { + u32 l, r; +}; + +struct michael_mic_desc_ctx { u8 pending[4]; size_t pending_len; u32 l, r; }; - static inline u32 xswap(u32 val) { return ((val 0x00ff00ff) 8) | ((val 0xff00ff00) 8); @@ -45,17 +47,22 @@ do {\ } while (0) -static void michael_init(struct crypto_tfm *tfm) +static int michael_init(struct shash_desc *desc) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc); + struct michael_mic_ctx *ctx = crypto_shash_ctx(desc-tfm); mctx-pending_len = 0; + mctx-l = ctx-l; + mctx-r = ctx-r; + + return 0; } -static void michael_update(struct crypto_tfm *tfm, const u8 *data, +static int michael_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc); const __le32 *src; if (mctx-pending_len) { @@ -68,7 +75,7 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data, len -= flen; if (mctx-pending_len 4) - return; + return 0; src = (const __le32 *)mctx-pending; mctx-l ^= le32_to_cpup(src); @@ -88,12 +95,14 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data, mctx-pending_len = len; memcpy(mctx-pending, src, len); } + + return 0; } -static void michael_final(struct crypto_tfm *tfm, u8 *out) +static int michael_final(struct shash_desc *desc, u8 *out) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc); u8 *data = mctx-pending; __le32 *dst = (__le32 *)out; @@ -119,17 +128,20 @@ static void michael_final(struct crypto_tfm *tfm, u8 *out) dst[0] = cpu_to_le32(mctx-l); dst[1] = cpu_to_le32(mctx-r); + + return 0; } -static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, +static int michael_setkey(struct crypto_shash *tfm, const u8 *key, unsigned int keylen) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_ctx *mctx = crypto_shash_ctx(tfm); + const __le32 *data = (const __le32 *)key; if (keylen != 8) { - tfm-crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; + crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); return -EINVAL; } @@ -138,33 +150,31 @@ static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, return 0; } - -static struct crypto_alg michael_mic_alg = { - .cra_name = michael_mic, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = 8, - .cra_ctxsize= sizeof(struct michael_mic_ctx), - .cra_module = THIS_MODULE, - .cra_alignmask = 3, - .cra_list = LIST_HEAD_INIT(michael_mic_alg.cra_list), - .cra_u = { .digest = { - .dia_digestsize = 8, - .dia_init = michael_init, - .dia_update = michael_update, - .dia_final = michael_final, - .dia_setkey = michael_setkey } } +static struct shash_alg alg = { + .digestsize = 8, + .setkey = michael_setkey, + .init = michael_init, + .update = michael_update, + .final = michael_final, + .descsize = sizeof(struct michael_mic_desc_ctx
Re: [PATCH 1/4 v2] crypto: sha512 - Remove W (message schedule) from struct sha512_ctx
Herbert Xu wrote: On Thu, Dec 04, 2008 at 10:32:07AM +0100, Adrian-Ken Rueegsegger wrote: static void -sha512_transform(u64 *state, u64 *W, const u8 *input) +sha512_transform(u64 *state, const u8 *input) { u64 a, b, c, d, e, f, g, h, t1, t2; - +u64 W[80]; This is too big for the stack. So we need to put it somewhere else. A static per-cpu area is one choice. Yes, sorry about that. I didn't properly read your previous mail. I will redo the sha512 patches. Thanks for the review, Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/4 v3] Switch remaining algorithms to shash
This series contains the fixed up patches to convert the remaining hash algorithms to use shash. The first patch now moves the message schedule W from struct sha512_ctx to a static percpu area. The sha512 patch is adjusted to accomodate the changes from patch 1 while the last two patches remain unchanged since v2. Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/4 v3] crypto: sha512 - Move message schedule W[80] to static percpu area
The message schedule W (u64[80]) is too big for the stack. In order for this algorithm to be used with shash it is moved to a static percpu area. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/sha512_generic.c | 17 + 1 files changed, 9 insertions(+), 8 deletions(-) diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c index bc36861..660c5c3 100644 --- a/crypto/sha512_generic.c +++ b/crypto/sha512_generic.c @@ -18,16 +18,17 @@ #include linux/crypto.h #include linux/types.h #include crypto/sha.h - +#include linux/percpu.h #include asm/byteorder.h struct sha512_ctx { u64 state[8]; u32 count[4]; u8 buf[128]; - u64 W[80]; }; +static DEFINE_PER_CPU(u64[80], msg_schedule); + static inline u64 Ch(u64 x, u64 y, u64 z) { return z ^ (x (y ^ z)); @@ -89,11 +90,12 @@ static inline void BLEND_OP(int I, u64 *W) } static void -sha512_transform(u64 *state, u64 *W, const u8 *input) +sha512_transform(u64 *state, const u8 *input) { u64 a, b, c, d, e, f, g, h, t1, t2; int i; + u64 *W = __get_cpu_var(msg_schedule); /* load the input */ for (i = 0; i 16; i++) @@ -132,6 +134,8 @@ sha512_transform(u64 *state, u64 *W, const u8 *input) /* erase our data */ a = b = c = d = e = f = g = h = t1 = t2 = 0; + memset(W, 0, sizeof(__get_cpu_var(msg_schedule))); + put_cpu_var(msg_schedule); } static void @@ -187,10 +191,10 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) /* Transform as many times as possible. */ if (len = part_len) { memcpy(sctx-buf[index], data, part_len); - sha512_transform(sctx-state, sctx-W, sctx-buf); + sha512_transform(sctx-state, sctx-buf); for (i = part_len; i + 127 len; i+=128) - sha512_transform(sctx-state, sctx-W, data[i]); + sha512_transform(sctx-state, data[i]); index = 0; } else { @@ -199,9 +203,6 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) /* Buffer remaining input */ memcpy(sctx-buf[index], data[i], len - i); - - /* erase our data */ - memset(sctx-W, 0, sizeof(sctx-W)); } static void -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/4 v3] crypto: sha512 - Switch to shash
This patch changes sha512 and sha384 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/sha512_generic.c | 112 +-- 1 files changed, 59 insertions(+), 53 deletions(-) diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c index 660c5c3..ec9cef3 100644 --- a/crypto/sha512_generic.c +++ b/crypto/sha512_generic.c @@ -10,7 +10,7 @@ * later version. * */ - +#include crypto/internal/hash.h #include linux/kernel.h #include linux/module.h #include linux/mm.h @@ -138,10 +138,10 @@ sha512_transform(u64 *state, const u8 *input) put_cpu_var(msg_schedule); } -static void -sha512_init(struct crypto_tfm *tfm) +static int +sha512_init(struct shash_desc *desc) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); sctx-state[0] = SHA512_H0; sctx-state[1] = SHA512_H1; sctx-state[2] = SHA512_H2; @@ -151,12 +151,14 @@ sha512_init(struct crypto_tfm *tfm) sctx-state[6] = SHA512_H6; sctx-state[7] = SHA512_H7; sctx-count[0] = sctx-count[1] = sctx-count[2] = sctx-count[3] = 0; + + return 0; } -static void -sha384_init(struct crypto_tfm *tfm) +static int +sha384_init(struct shash_desc *desc) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); sctx-state[0] = SHA384_H0; sctx-state[1] = SHA384_H1; sctx-state[2] = SHA384_H2; @@ -166,12 +168,14 @@ sha384_init(struct crypto_tfm *tfm) sctx-state[6] = SHA384_H6; sctx-state[7] = SHA384_H7; sctx-count[0] = sctx-count[1] = sctx-count[2] = sctx-count[3] = 0; + + return 0; } -static void -sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) +static int +sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); unsigned int i, index, part_len; @@ -203,12 +207,14 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) /* Buffer remaining input */ memcpy(sctx-buf[index], data[i], len - i); + + return 0; } -static void -sha512_final(struct crypto_tfm *tfm, u8 *hash) +static int +sha512_final(struct shash_desc *desc, u8 *hash) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); static u8 padding[128] = { 0x80, }; __be64 *dst = (__be64 *)hash; __be32 bits[4]; @@ -224,10 +230,10 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash) /* Pad out to 112 mod 128. */ index = (sctx-count[0] 3) 0x7f; pad_len = (index 112) ? (112 - index) : ((128+112) - index); - sha512_update(tfm, padding, pad_len); + sha512_update(desc, padding, pad_len); /* Append length (before padding) */ - sha512_update(tfm, (const u8 *)bits, sizeof(bits)); + sha512_update(desc, (const u8 *)bits, sizeof(bits)); /* Store state in digest */ for (i = 0; i 8; i++) @@ -235,66 +241,66 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash) /* Zeroize sensitive information. */ memset(sctx, 0, sizeof(struct sha512_ctx)); + + return 0; } -static void sha384_final(struct crypto_tfm *tfm, u8 *hash) +static int sha384_final(struct shash_desc *desc, u8 *hash) { -u8 D[64]; + u8 D[64]; - sha512_final(tfm, D); + sha512_final(desc, D); -memcpy(hash, D, 48); -memset(D, 0, 64); + memcpy(hash, D, 48); + memset(D, 0, 64); + + return 0; } -static struct crypto_alg sha512 = { -.cra_name = sha512, -.cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = SHA512_BLOCK_SIZE, -.cra_ctxsize= sizeof(struct sha512_ctx), -.cra_module = THIS_MODULE, - .cra_alignmask = 3, -.cra_list = LIST_HEAD_INIT(sha512.cra_list), -.cra_u = { .digest = { -.dia_digestsize = SHA512_DIGEST_SIZE, -.dia_init = sha512_init, -.dia_update = sha512_update, -.dia_final = sha512_final } -} +static struct shash_alg sha512 = { + .digestsize = SHA512_DIGEST_SIZE, + .init = sha512_init, + .update = sha512_update, + .final = sha512_final, + .descsize = sizeof(struct sha512_ctx), + .base = { + .cra_name = sha512, + .cra_flags = CRYPTO_ALG_TYPE_SHASH, + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } }; -static struct
[PATCH 3/4 v3] crypto: wp512 - Switch to shash
This patch changes wp512, wp384 and wp256 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/Kconfig |2 +- crypto/wp512.c | 121 ++-- 2 files changed, 66 insertions(+), 57 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index c8fb468..0583a26 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -366,7 +366,7 @@ config CRYPTO_TGR192 config CRYPTO_WP512 tristate Whirlpool digest algorithms - select CRYPTO_ALGAPI + select CRYPTO_HASH help Whirlpool hash algorithm 512, 384 and 256-bit hashes diff --git a/crypto/wp512.c b/crypto/wp512.c index bff2856..7234272 100644 --- a/crypto/wp512.c +++ b/crypto/wp512.c @@ -19,11 +19,11 @@ * (at your option) any later version. * */ +#include crypto/internal/hash.h #include linux/init.h #include linux/module.h #include linux/mm.h #include asm/byteorder.h -#include linux/crypto.h #include linux/types.h #define WP512_DIGEST_SIZE 64 @@ -980,8 +980,8 @@ static void wp512_process_buffer(struct wp512_ctx *wctx) { } -static void wp512_init(struct crypto_tfm *tfm) { - struct wp512_ctx *wctx = crypto_tfm_ctx(tfm); +static int wp512_init(struct shash_desc *desc) { + struct wp512_ctx *wctx = shash_desc_ctx(desc); int i; memset(wctx-bitLength, 0, 32); @@ -990,12 +990,14 @@ static void wp512_init(struct crypto_tfm *tfm) { for (i = 0; i 8; i++) { wctx-hash[i] = 0L; } + + return 0; } -static void wp512_update(struct crypto_tfm *tfm, const u8 *source, +static int wp512_update(struct shash_desc *desc, const u8 *source, unsigned int len) { - struct wp512_ctx *wctx = crypto_tfm_ctx(tfm); + struct wp512_ctx *wctx = shash_desc_ctx(desc); int sourcePos= 0; unsigned int bits_len = len * 8; // convert to number of bits int sourceGap= (8 - ((int)bits_len 7)) 7; @@ -1051,11 +1053,12 @@ static void wp512_update(struct crypto_tfm *tfm, const u8 *source, wctx-bufferBits = bufferBits; wctx-bufferPos= bufferPos; + return 0; } -static void wp512_final(struct crypto_tfm *tfm, u8 *out) +static int wp512_final(struct shash_desc *desc, u8 *out) { - struct wp512_ctx *wctx = crypto_tfm_ctx(tfm); + struct wp512_ctx *wctx = shash_desc_ctx(desc); int i; u8 *buffer = wctx-buffer; u8 *bitLength = wctx-bitLength; @@ -1084,89 +1087,95 @@ static void wp512_final(struct crypto_tfm *tfm, u8 *out) digest[i] = cpu_to_be64(wctx-hash[i]); wctx-bufferBits = bufferBits; wctx-bufferPos= bufferPos; + + return 0; } -static void wp384_final(struct crypto_tfm *tfm, u8 *out) +static int wp384_final(struct shash_desc *desc, u8 *out) { u8 D[64]; - wp512_final(tfm, D); + wp512_final(desc, D); memcpy (out, D, WP384_DIGEST_SIZE); memset (D, 0, WP512_DIGEST_SIZE); + + return 0; } -static void wp256_final(struct crypto_tfm *tfm, u8 *out) +static int wp256_final(struct shash_desc *desc, u8 *out) { u8 D[64]; - wp512_final(tfm, D); + wp512_final(desc, D); memcpy (out, D, WP256_DIGEST_SIZE); memset (D, 0, WP512_DIGEST_SIZE); + + return 0; } -static struct crypto_alg wp512 = { - .cra_name = wp512, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = WP512_BLOCK_SIZE, - .cra_ctxsize= sizeof(struct wp512_ctx), - .cra_module = THIS_MODULE, - .cra_list = LIST_HEAD_INIT(wp512.cra_list), - .cra_u = { .digest = { - .dia_digestsize = WP512_DIGEST_SIZE, - .dia_init = wp512_init, - .dia_update = wp512_update, - .dia_final = wp512_final } } +static struct shash_alg wp512 = { + .digestsize = WP512_DIGEST_SIZE, + .init = wp512_init, + .update = wp512_update, + .final = wp512_final, + .descsize = sizeof(struct wp512_ctx), + .base = { + .cra_name = wp512, + .cra_flags = CRYPTO_ALG_TYPE_SHASH, + .cra_blocksize = WP512_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } }; -static struct crypto_alg wp384 = { - .cra_name = wp384, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = WP512_BLOCK_SIZE, - .cra_ctxsize= sizeof(struct wp512_ctx), - .cra_module = THIS_MODULE, - .cra_list = LIST_HEAD_INIT(wp384.cra_list), - .cra_u = { .digest = { - .dia_digestsize = WP384_DIGEST_SIZE, - .dia_init
[PATCH 4/4 v3] crypto: michael_mic - Switch to shash
This patch changes michael_mic to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/Kconfig |2 +- crypto/michael_mic.c | 72 - 2 files changed, 42 insertions(+), 32 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 0583a26..6593b5a 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -260,7 +260,7 @@ config CRYPTO_MD5 config CRYPTO_MICHAEL_MIC tristate Michael MIC keyed digest algorithm - select CRYPTO_ALGAPI + select CRYPTO_HASH help Michael MIC is used for message integrity protection in TKIP (IEEE 802.11i). This algorithm is required for TKIP, but it diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c index 9e917b8..079b761 100644 --- a/crypto/michael_mic.c +++ b/crypto/michael_mic.c @@ -9,23 +9,25 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ - +#include crypto/internal/hash.h #include asm/byteorder.h #include linux/init.h #include linux/module.h #include linux/string.h -#include linux/crypto.h #include linux/types.h struct michael_mic_ctx { + u32 l, r; +}; + +struct michael_mic_desc_ctx { u8 pending[4]; size_t pending_len; u32 l, r; }; - static inline u32 xswap(u32 val) { return ((val 0x00ff00ff) 8) | ((val 0xff00ff00) 8); @@ -45,17 +47,22 @@ do {\ } while (0) -static void michael_init(struct crypto_tfm *tfm) +static int michael_init(struct shash_desc *desc) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc); + struct michael_mic_ctx *ctx = crypto_shash_ctx(desc-tfm); mctx-pending_len = 0; + mctx-l = ctx-l; + mctx-r = ctx-r; + + return 0; } -static void michael_update(struct crypto_tfm *tfm, const u8 *data, +static int michael_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc); const __le32 *src; if (mctx-pending_len) { @@ -68,7 +75,7 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data, len -= flen; if (mctx-pending_len 4) - return; + return 0; src = (const __le32 *)mctx-pending; mctx-l ^= le32_to_cpup(src); @@ -88,12 +95,14 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data, mctx-pending_len = len; memcpy(mctx-pending, src, len); } + + return 0; } -static void michael_final(struct crypto_tfm *tfm, u8 *out) +static int michael_final(struct shash_desc *desc, u8 *out) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc); u8 *data = mctx-pending; __le32 *dst = (__le32 *)out; @@ -119,17 +128,20 @@ static void michael_final(struct crypto_tfm *tfm, u8 *out) dst[0] = cpu_to_le32(mctx-l); dst[1] = cpu_to_le32(mctx-r); + + return 0; } -static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, +static int michael_setkey(struct crypto_shash *tfm, const u8 *key, unsigned int keylen) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_ctx *mctx = crypto_shash_ctx(tfm); + const __le32 *data = (const __le32 *)key; if (keylen != 8) { - tfm-crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; + crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); return -EINVAL; } @@ -138,33 +150,31 @@ static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, return 0; } - -static struct crypto_alg michael_mic_alg = { - .cra_name = michael_mic, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = 8, - .cra_ctxsize= sizeof(struct michael_mic_ctx), - .cra_module = THIS_MODULE, - .cra_alignmask = 3, - .cra_list = LIST_HEAD_INIT(michael_mic_alg.cra_list), - .cra_u = { .digest = { - .dia_digestsize = 8, - .dia_init = michael_init, - .dia_update = michael_update, - .dia_final = michael_final, - .dia_setkey = michael_setkey } } +static struct shash_alg alg = { + .digestsize = 8, + .setkey = michael_setkey, + .init = michael_init, + .update = michael_update, + .final = michael_final, + .descsize = sizeof(struct michael_mic_desc_ctx
[PATCH 0/1] Resend correct sha512 shash patch
I am resending patch 2 of the series since I accidentially submitted the sha512 shash patch which does not contain the needed Kconfig changes. My apologies for the mixup, Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: sha512 - Switch to shash
This patch changes sha512 and sha384 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/Kconfig |2 +- crypto/sha512_generic.c | 112 +-- 2 files changed, 60 insertions(+), 54 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index c8fb468..6d2c5bf 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -341,7 +341,7 @@ config CRYPTO_SHA256 config CRYPTO_SHA512 tristate SHA384 and SHA512 digest algorithms - select CRYPTO_ALGAPI + select CRYPTO_HASH help SHA512 secure hash standard (DFIPS 180-2). diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c index 660c5c3..ec9cef3 100644 --- a/crypto/sha512_generic.c +++ b/crypto/sha512_generic.c @@ -10,7 +10,7 @@ * later version. * */ - +#include crypto/internal/hash.h #include linux/kernel.h #include linux/module.h #include linux/mm.h @@ -138,10 +138,10 @@ sha512_transform(u64 *state, const u8 *input) put_cpu_var(msg_schedule); } -static void -sha512_init(struct crypto_tfm *tfm) +static int +sha512_init(struct shash_desc *desc) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); sctx-state[0] = SHA512_H0; sctx-state[1] = SHA512_H1; sctx-state[2] = SHA512_H2; @@ -151,12 +151,14 @@ sha512_init(struct crypto_tfm *tfm) sctx-state[6] = SHA512_H6; sctx-state[7] = SHA512_H7; sctx-count[0] = sctx-count[1] = sctx-count[2] = sctx-count[3] = 0; + + return 0; } -static void -sha384_init(struct crypto_tfm *tfm) +static int +sha384_init(struct shash_desc *desc) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); sctx-state[0] = SHA384_H0; sctx-state[1] = SHA384_H1; sctx-state[2] = SHA384_H2; @@ -166,12 +168,14 @@ sha384_init(struct crypto_tfm *tfm) sctx-state[6] = SHA384_H6; sctx-state[7] = SHA384_H7; sctx-count[0] = sctx-count[1] = sctx-count[2] = sctx-count[3] = 0; + + return 0; } -static void -sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) +static int +sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); unsigned int i, index, part_len; @@ -203,12 +207,14 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) /* Buffer remaining input */ memcpy(sctx-buf[index], data[i], len - i); + + return 0; } -static void -sha512_final(struct crypto_tfm *tfm, u8 *hash) +static int +sha512_final(struct shash_desc *desc, u8 *hash) { - struct sha512_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha512_ctx *sctx = shash_desc_ctx(desc); static u8 padding[128] = { 0x80, }; __be64 *dst = (__be64 *)hash; __be32 bits[4]; @@ -224,10 +230,10 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash) /* Pad out to 112 mod 128. */ index = (sctx-count[0] 3) 0x7f; pad_len = (index 112) ? (112 - index) : ((128+112) - index); - sha512_update(tfm, padding, pad_len); + sha512_update(desc, padding, pad_len); /* Append length (before padding) */ - sha512_update(tfm, (const u8 *)bits, sizeof(bits)); + sha512_update(desc, (const u8 *)bits, sizeof(bits)); /* Store state in digest */ for (i = 0; i 8; i++) @@ -235,66 +241,66 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash) /* Zeroize sensitive information. */ memset(sctx, 0, sizeof(struct sha512_ctx)); + + return 0; } -static void sha384_final(struct crypto_tfm *tfm, u8 *hash) +static int sha384_final(struct shash_desc *desc, u8 *hash) { -u8 D[64]; + u8 D[64]; - sha512_final(tfm, D); + sha512_final(desc, D); -memcpy(hash, D, 48); -memset(D, 0, 64); + memcpy(hash, D, 48); + memset(D, 0, 64); + + return 0; } -static struct crypto_alg sha512 = { -.cra_name = sha512, -.cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = SHA512_BLOCK_SIZE, -.cra_ctxsize= sizeof(struct sha512_ctx), -.cra_module = THIS_MODULE, - .cra_alignmask = 3, -.cra_list = LIST_HEAD_INIT(sha512.cra_list), -.cra_u = { .digest = { -.dia_digestsize = SHA512_DIGEST_SIZE, -.dia_init = sha512_init, -.dia_update = sha512_update, -.dia_final = sha512_final } -} +static struct shash_alg sha512 = { + .digestsize = SHA512_DIGEST_SIZE, + .init = sha512_init, + .update = sha512_update
[PATCH 1/4] crypto: sha512 - Remove W (message schedule) from struct sha512_ctx
The message schedule W[80] is calculated anew when sha512_transform is executed. Therefore it is local to that function and does not need to be defined in struct sha512_ctx. Note: the sha256 algorithm already does it this way. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/sha512_generic.c | 13 + 1 files changed, 5 insertions(+), 8 deletions(-) diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c index bc36861..e0b0303 100644 --- a/crypto/sha512_generic.c +++ b/crypto/sha512_generic.c @@ -25,7 +25,6 @@ struct sha512_ctx { u64 state[8]; u32 count[4]; u8 buf[128]; - u64 W[80]; }; static inline u64 Ch(u64 x, u64 y, u64 z) @@ -89,10 +88,10 @@ static inline void BLEND_OP(int I, u64 *W) } static void -sha512_transform(u64 *state, u64 *W, const u8 *input) +sha512_transform(u64 *state, const u8 *input) { u64 a, b, c, d, e, f, g, h, t1, t2; - + u64 W[80]; int i; /* load the input */ @@ -132,6 +131,7 @@ sha512_transform(u64 *state, u64 *W, const u8 *input) /* erase our data */ a = b = c = d = e = f = g = h = t1 = t2 = 0; + memset(W, 0, 80 * sizeof(u64)); } static void @@ -187,10 +187,10 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) /* Transform as many times as possible. */ if (len = part_len) { memcpy(sctx-buf[index], data, part_len); - sha512_transform(sctx-state, sctx-W, sctx-buf); + sha512_transform(sctx-state, sctx-buf); for (i = part_len; i + 127 len; i+=128) - sha512_transform(sctx-state, sctx-W, data[i]); + sha512_transform(sctx-state, data[i]); index = 0; } else { @@ -199,9 +199,6 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) /* Buffer remaining input */ memcpy(sctx-buf[index], data[i], len - i); - - /* erase our data */ - memset(sctx-W, 0, sizeof(sctx-W)); } static void -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3/4] crypto: wp512 - Switch to shash
This patch changes wp512, wp384 and wp256 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/wp512.c | 121 ++-- 1 files changed, 65 insertions(+), 56 deletions(-) diff --git a/crypto/wp512.c b/crypto/wp512.c index bff2856..7234272 100644 --- a/crypto/wp512.c +++ b/crypto/wp512.c @@ -19,11 +19,11 @@ * (at your option) any later version. * */ +#include crypto/internal/hash.h #include linux/init.h #include linux/module.h #include linux/mm.h #include asm/byteorder.h -#include linux/crypto.h #include linux/types.h #define WP512_DIGEST_SIZE 64 @@ -980,8 +980,8 @@ static void wp512_process_buffer(struct wp512_ctx *wctx) { } -static void wp512_init(struct crypto_tfm *tfm) { - struct wp512_ctx *wctx = crypto_tfm_ctx(tfm); +static int wp512_init(struct shash_desc *desc) { + struct wp512_ctx *wctx = shash_desc_ctx(desc); int i; memset(wctx-bitLength, 0, 32); @@ -990,12 +990,14 @@ static void wp512_init(struct crypto_tfm *tfm) { for (i = 0; i 8; i++) { wctx-hash[i] = 0L; } + + return 0; } -static void wp512_update(struct crypto_tfm *tfm, const u8 *source, +static int wp512_update(struct shash_desc *desc, const u8 *source, unsigned int len) { - struct wp512_ctx *wctx = crypto_tfm_ctx(tfm); + struct wp512_ctx *wctx = shash_desc_ctx(desc); int sourcePos= 0; unsigned int bits_len = len * 8; // convert to number of bits int sourceGap= (8 - ((int)bits_len 7)) 7; @@ -1051,11 +1053,12 @@ static void wp512_update(struct crypto_tfm *tfm, const u8 *source, wctx-bufferBits = bufferBits; wctx-bufferPos= bufferPos; + return 0; } -static void wp512_final(struct crypto_tfm *tfm, u8 *out) +static int wp512_final(struct shash_desc *desc, u8 *out) { - struct wp512_ctx *wctx = crypto_tfm_ctx(tfm); + struct wp512_ctx *wctx = shash_desc_ctx(desc); int i; u8 *buffer = wctx-buffer; u8 *bitLength = wctx-bitLength; @@ -1084,89 +1087,95 @@ static void wp512_final(struct crypto_tfm *tfm, u8 *out) digest[i] = cpu_to_be64(wctx-hash[i]); wctx-bufferBits = bufferBits; wctx-bufferPos= bufferPos; + + return 0; } -static void wp384_final(struct crypto_tfm *tfm, u8 *out) +static int wp384_final(struct shash_desc *desc, u8 *out) { u8 D[64]; - wp512_final(tfm, D); + wp512_final(desc, D); memcpy (out, D, WP384_DIGEST_SIZE); memset (D, 0, WP512_DIGEST_SIZE); + + return 0; } -static void wp256_final(struct crypto_tfm *tfm, u8 *out) +static int wp256_final(struct shash_desc *desc, u8 *out) { u8 D[64]; - wp512_final(tfm, D); + wp512_final(desc, D); memcpy (out, D, WP256_DIGEST_SIZE); memset (D, 0, WP512_DIGEST_SIZE); + + return 0; } -static struct crypto_alg wp512 = { - .cra_name = wp512, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = WP512_BLOCK_SIZE, - .cra_ctxsize= sizeof(struct wp512_ctx), - .cra_module = THIS_MODULE, - .cra_list = LIST_HEAD_INIT(wp512.cra_list), - .cra_u = { .digest = { - .dia_digestsize = WP512_DIGEST_SIZE, - .dia_init = wp512_init, - .dia_update = wp512_update, - .dia_final = wp512_final } } +static struct shash_alg wp512 = { + .digestsize = WP512_DIGEST_SIZE, + .init = wp512_init, + .update = wp512_update, + .final = wp512_final, + .descsize = sizeof(struct wp512_ctx), + .base = { + .cra_name = wp512, + .cra_flags = CRYPTO_ALG_TYPE_SHASH, + .cra_blocksize = WP512_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } }; -static struct crypto_alg wp384 = { - .cra_name = wp384, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = WP512_BLOCK_SIZE, - .cra_ctxsize= sizeof(struct wp512_ctx), - .cra_module = THIS_MODULE, - .cra_list = LIST_HEAD_INIT(wp384.cra_list), - .cra_u = { .digest = { - .dia_digestsize = WP384_DIGEST_SIZE, - .dia_init = wp512_init, - .dia_update = wp512_update, - .dia_final = wp384_final } } +static struct shash_alg wp384 = { + .digestsize = WP384_DIGEST_SIZE, + .init = wp512_init, + .update = wp512_update, + .final = wp384_final, + .descsize = sizeof(struct
[PATCH 4/4][RFC] crypto: michael_mic - Switch to shash
This patch changes michael_mic to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/michael_mic.c | 72 - 1 files changed, 41 insertions(+), 31 deletions(-) diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c index 9e917b8..079b761 100644 --- a/crypto/michael_mic.c +++ b/crypto/michael_mic.c @@ -9,23 +9,25 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ - +#include crypto/internal/hash.h #include asm/byteorder.h #include linux/init.h #include linux/module.h #include linux/string.h -#include linux/crypto.h #include linux/types.h struct michael_mic_ctx { + u32 l, r; +}; + +struct michael_mic_desc_ctx { u8 pending[4]; size_t pending_len; u32 l, r; }; - static inline u32 xswap(u32 val) { return ((val 0x00ff00ff) 8) | ((val 0xff00ff00) 8); @@ -45,17 +47,22 @@ do {\ } while (0) -static void michael_init(struct crypto_tfm *tfm) +static int michael_init(struct shash_desc *desc) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc); + struct michael_mic_ctx *ctx = crypto_shash_ctx(desc-tfm); mctx-pending_len = 0; + mctx-l = ctx-l; + mctx-r = ctx-r; + + return 0; } -static void michael_update(struct crypto_tfm *tfm, const u8 *data, +static int michael_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc); const __le32 *src; if (mctx-pending_len) { @@ -68,7 +75,7 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data, len -= flen; if (mctx-pending_len 4) - return; + return 0; src = (const __le32 *)mctx-pending; mctx-l ^= le32_to_cpup(src); @@ -88,12 +95,14 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data, mctx-pending_len = len; memcpy(mctx-pending, src, len); } + + return 0; } -static void michael_final(struct crypto_tfm *tfm, u8 *out) +static int michael_final(struct shash_desc *desc, u8 *out) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc); u8 *data = mctx-pending; __le32 *dst = (__le32 *)out; @@ -119,17 +128,20 @@ static void michael_final(struct crypto_tfm *tfm, u8 *out) dst[0] = cpu_to_le32(mctx-l); dst[1] = cpu_to_le32(mctx-r); + + return 0; } -static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, +static int michael_setkey(struct crypto_shash *tfm, const u8 *key, unsigned int keylen) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_ctx *mctx = crypto_shash_ctx(tfm); + const __le32 *data = (const __le32 *)key; if (keylen != 8) { - tfm-crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; + crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); return -EINVAL; } @@ -138,33 +150,31 @@ static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, return 0; } - -static struct crypto_alg michael_mic_alg = { - .cra_name = michael_mic, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = 8, - .cra_ctxsize= sizeof(struct michael_mic_ctx), - .cra_module = THIS_MODULE, - .cra_alignmask = 3, - .cra_list = LIST_HEAD_INIT(michael_mic_alg.cra_list), - .cra_u = { .digest = { - .dia_digestsize = 8, - .dia_init = michael_init, - .dia_update = michael_update, - .dia_final = michael_final, - .dia_setkey = michael_setkey } } +static struct shash_alg alg = { + .digestsize = 8, + .setkey = michael_setkey, + .init = michael_init, + .update = michael_update, + .final = michael_final, + .descsize = sizeof(struct michael_mic_desc_ctx), + .base = { + .cra_name = michael_mic, + .cra_blocksize = 8, + .cra_alignmask = 3, + .cra_ctxsize= sizeof(struct michael_mic_ctx), + .cra_module = THIS_MODULE, + } }; - static int __init michael_mic_init(void) { - return crypto_register_alg(michael_mic_alg); + return
Re: [PATCH 0/4] Switch remaining algorithms to shash
Hello Herbert, Herbert Xu wrote: On Thu, Dec 04, 2008 at 01:18:08AM +0100, Adrian-Ken Rueegsegger wrote: The first patch removes the message schedule W from struct sha512_ctx since it gets calculated anew on each execution of sha512_transform. This reduces the size of sha512_ctx considerably and will allow it to be registered as a shash algorithm (it will pass the size check in crypto_register_shash (crypto/shash.c:490)). Herbert, could you explain why descsize must be smaller (or equal) than PAGE_SIZE / 8? This is so that people can put it on the stack safely. So moving things out of the context and onto the stack because it's too big is a no-no :) Thanks for the explanation. Perhaps store in a static percpu area? The next two patches switch sha512 and wp512 to the new shash interface. BTW, in order to add missing Kconfig dependencies on HASH I've just rebased my tree and updated all the shash conversion patches. So please resend them with the Kconfig bits added. Will do. I will resubmit the patches later today. The fourth patch is another try to convert michael_mic. The key values l and r are duplicated in the descriptor part since they are used and changed during the actual transformation. I would be gratefull for comments on this patch since I am not sure it's the proper way to do it. Since they're read-only they should be obtained from the tfm context when needed, just like crc32c. If I read the code correctly l and r are not read-only, e.g. in michael_update there are multiple assignments to mctx-l and mctx-r. That's the reason why I left them in the desc context. Thank you for your comments, Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/5] crypto: md4 - Switch to shash
This patch changes md4 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/md4.c | 52 +--- 1 files changed, 29 insertions(+), 23 deletions(-) diff --git a/crypto/md4.c b/crypto/md4.c index a143c4a..7fca1f5 100644 --- a/crypto/md4.c +++ b/crypto/md4.c @@ -20,8 +20,8 @@ * (at your option) any later version. * */ +#include crypto/internal/hash.h #include linux/init.h -#include linux/crypto.h #include linux/kernel.h #include linux/string.h #include linux/types.h @@ -58,7 +58,7 @@ static inline u32 H(u32 x, u32 y, u32 z) { return x ^ y ^ z; } - + #define ROUND1(a,b,c,d,k,s) (a = lshift(a + F(b,c,d) + k, s)) #define ROUND2(a,b,c,d,k,s) (a = lshift(a + G(b,c,d) + k + (u32)0x5A827999,s)) #define ROUND3(a,b,c,d,k,s) (a = lshift(a + H(b,c,d) + k + (u32)0x6ED9EBA1,s)) @@ -152,20 +152,22 @@ static inline void md4_transform_helper(struct md4_ctx *ctx) md4_transform(ctx-hash, ctx-block); } -static void md4_init(struct crypto_tfm *tfm) +static int md4_init(struct shash_desc *desc) { - struct md4_ctx *mctx = crypto_tfm_ctx(tfm); + struct md4_ctx *mctx = shash_desc_ctx(desc); mctx-hash[0] = 0x67452301; mctx-hash[1] = 0xefcdab89; mctx-hash[2] = 0x98badcfe; mctx-hash[3] = 0x10325476; mctx-byte_count = 0; + + return 0; } -static void md4_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) +static int md4_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct md4_ctx *mctx = crypto_tfm_ctx(tfm); + struct md4_ctx *mctx = shash_desc_ctx(desc); const u32 avail = sizeof(mctx-block) - (mctx-byte_count 0x3f); mctx-byte_count += len; @@ -173,7 +175,7 @@ static void md4_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) if (avail len) { memcpy((char *)mctx-block + (sizeof(mctx-block) - avail), data, len); - return; + return 0; } memcpy((char *)mctx-block + (sizeof(mctx-block) - avail), @@ -191,11 +193,13 @@ static void md4_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) } memcpy(mctx-block, data, len); + + return 0; } -static void md4_final(struct crypto_tfm *tfm, u8 *out) +static int md4_final(struct shash_desc *desc, u8 *out) { - struct md4_ctx *mctx = crypto_tfm_ctx(tfm); + struct md4_ctx *mctx = shash_desc_ctx(desc); const unsigned int offset = mctx-byte_count 0x3f; char *p = (char *)mctx-block + offset; int padding = 56 - (offset + 1); @@ -217,30 +221,32 @@ static void md4_final(struct crypto_tfm *tfm, u8 *out) cpu_to_le32_array(mctx-hash, ARRAY_SIZE(mctx-hash)); memcpy(out, mctx-hash, sizeof(mctx-hash)); memset(mctx, 0, sizeof(*mctx)); + + return 0; } -static struct crypto_alg alg = { - .cra_name = md4, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = MD4_HMAC_BLOCK_SIZE, - .cra_ctxsize= sizeof(struct md4_ctx), - .cra_module = THIS_MODULE, - .cra_list = LIST_HEAD_INIT(alg.cra_list), - .cra_u = { .digest = { - .dia_digestsize = MD4_DIGEST_SIZE, - .dia_init = md4_init, - .dia_update = md4_update, - .dia_final = md4_final } } +static struct shash_alg alg = { + .digestsize = MD4_DIGEST_SIZE, + .init = md4_init, + .update = md4_update, + .final = md4_final, + .descsize = sizeof(struct md4_ctx), + .base = { + .cra_name = md4, + .cra_flags = CRYPTO_ALG_TYPE_SHASH, + .cra_blocksize = MD4_HMAC_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } }; static int __init md4_mod_init(void) { - return crypto_register_alg(alg); + return crypto_register_shash(alg); } static void __exit md4_mod_fini(void) { - crypto_unregister_alg(alg); + crypto_unregister_shash(alg); } module_init(md4_mod_init); -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/5] crypto: md5 - Switch to shash
This patch changes md5 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/md5.c | 50 -- 1 files changed, 28 insertions(+), 22 deletions(-) diff --git a/crypto/md5.c b/crypto/md5.c index 39268f3..83eb529 100644 --- a/crypto/md5.c +++ b/crypto/md5.c @@ -15,10 +15,10 @@ * any later version. * */ +#include crypto/internal/hash.h #include linux/init.h #include linux/module.h #include linux/string.h -#include linux/crypto.h #include linux/types.h #include asm/byteorder.h @@ -147,20 +147,22 @@ static inline void md5_transform_helper(struct md5_ctx *ctx) md5_transform(ctx-hash, ctx-block); } -static void md5_init(struct crypto_tfm *tfm) +static int md5_init(struct shash_desc *desc) { - struct md5_ctx *mctx = crypto_tfm_ctx(tfm); + struct md5_ctx *mctx = shash_desc_ctx(desc); mctx-hash[0] = 0x67452301; mctx-hash[1] = 0xefcdab89; mctx-hash[2] = 0x98badcfe; mctx-hash[3] = 0x10325476; mctx-byte_count = 0; + + return 0; } -static void md5_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) +static int md5_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct md5_ctx *mctx = crypto_tfm_ctx(tfm); + struct md5_ctx *mctx = shash_desc_ctx(desc); const u32 avail = sizeof(mctx-block) - (mctx-byte_count 0x3f); mctx-byte_count += len; @@ -168,7 +170,7 @@ static void md5_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) if (avail len) { memcpy((char *)mctx-block + (sizeof(mctx-block) - avail), data, len); - return; + return 0; } memcpy((char *)mctx-block + (sizeof(mctx-block) - avail), @@ -186,11 +188,13 @@ static void md5_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) } memcpy(mctx-block, data, len); + + return 0; } -static void md5_final(struct crypto_tfm *tfm, u8 *out) +static int md5_final(struct shash_desc *desc, u8 *out) { - struct md5_ctx *mctx = crypto_tfm_ctx(tfm); + struct md5_ctx *mctx = shash_desc_ctx(desc); const unsigned int offset = mctx-byte_count 0x3f; char *p = (char *)mctx-block + offset; int padding = 56 - (offset + 1); @@ -212,30 +216,32 @@ static void md5_final(struct crypto_tfm *tfm, u8 *out) cpu_to_le32_array(mctx-hash, sizeof(mctx-hash) / sizeof(u32)); memcpy(out, mctx-hash, sizeof(mctx-hash)); memset(mctx, 0, sizeof(*mctx)); + + return 0; } -static struct crypto_alg alg = { - .cra_name = md5, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = MD5_HMAC_BLOCK_SIZE, - .cra_ctxsize= sizeof(struct md5_ctx), - .cra_module = THIS_MODULE, - .cra_list = LIST_HEAD_INIT(alg.cra_list), - .cra_u = { .digest = { - .dia_digestsize = MD5_DIGEST_SIZE, - .dia_init = md5_init, - .dia_update = md5_update, - .dia_final = md5_final } } +static struct shash_alg alg = { + .digestsize = MD5_DIGEST_SIZE, + .init = md5_init, + .update = md5_update, + .final = md5_final, + .descsize = sizeof(struct md5_ctx), + .base = { + .cra_name = md5, + .cra_flags = CRYPTO_ALG_TYPE_SHASH, + .cra_blocksize = MD5_HMAC_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } }; static int __init md5_mod_init(void) { - return crypto_register_alg(alg); + return crypto_register_shash(alg); } static void __exit md5_mod_fini(void) { - crypto_unregister_alg(alg); + crypto_unregister_shash(alg); } module_init(md5_mod_init); -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3/5] crypto: sha256 - Switch to shash
This patch changes sha256 and sha224 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/sha256_generic.c | 104 +- 1 files changed, 56 insertions(+), 48 deletions(-) diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c index 5a8dd47..caa3542 100644 --- a/crypto/sha256_generic.c +++ b/crypto/sha256_generic.c @@ -17,10 +17,10 @@ * any later version. * */ +#include crypto/internal/hash.h #include linux/init.h #include linux/module.h #include linux/mm.h -#include linux/crypto.h #include linux/types.h #include crypto/sha.h #include asm/byteorder.h @@ -69,7 +69,7 @@ static void sha256_transform(u32 *state, const u8 *input) /* now blend */ for (i = 16; i 64; i++) BLEND_OP(i, W); - + /* load the state into our registers */ a=state[0]; b=state[1]; c=state[2]; d=state[3]; e=state[4]; f=state[5]; g=state[6]; h=state[7]; @@ -220,9 +220,9 @@ static void sha256_transform(u32 *state, const u8 *input) } -static void sha224_init(struct crypto_tfm *tfm) +static int sha224_init(struct shash_desc *desc) { - struct sha256_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha256_ctx *sctx = shash_desc_ctx(desc); sctx-state[0] = SHA224_H0; sctx-state[1] = SHA224_H1; sctx-state[2] = SHA224_H2; @@ -233,11 +233,13 @@ static void sha224_init(struct crypto_tfm *tfm) sctx-state[7] = SHA224_H7; sctx-count[0] = 0; sctx-count[1] = 0; + + return 0; } -static void sha256_init(struct crypto_tfm *tfm) +static int sha256_init(struct shash_desc *desc) { - struct sha256_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha256_ctx *sctx = shash_desc_ctx(desc); sctx-state[0] = SHA256_H0; sctx-state[1] = SHA256_H1; sctx-state[2] = SHA256_H2; @@ -247,12 +249,14 @@ static void sha256_init(struct crypto_tfm *tfm) sctx-state[6] = SHA256_H6; sctx-state[7] = SHA256_H7; sctx-count[0] = sctx-count[1] = 0; + + return 0; } -static void sha256_update(struct crypto_tfm *tfm, const u8 *data, +static int sha256_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct sha256_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha256_ctx *sctx = shash_desc_ctx(desc); unsigned int i, index, part_len; /* Compute number of bytes mod 128 */ @@ -277,14 +281,16 @@ static void sha256_update(struct crypto_tfm *tfm, const u8 *data, } else { i = 0; } - + /* Buffer remaining input */ memcpy(sctx-buf[index], data[i], len-i); + + return 0; } -static void sha256_final(struct crypto_tfm *tfm, u8 *out) +static int sha256_final(struct shash_desc *desc, u8 *out) { - struct sha256_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha256_ctx *sctx = shash_desc_ctx(desc); __be32 *dst = (__be32 *)out; __be32 bits[2]; unsigned int index, pad_len; @@ -298,10 +304,10 @@ static void sha256_final(struct crypto_tfm *tfm, u8 *out) /* Pad out to 56 mod 64. */ index = (sctx-count[0] 3) 0x3f; pad_len = (index 56) ? (56 - index) : ((64+56) - index); - sha256_update(tfm, padding, pad_len); + sha256_update(desc, padding, pad_len); /* Append length (before padding) */ - sha256_update(tfm, (const u8 *)bits, sizeof(bits)); + sha256_update(desc, (const u8 *)bits, sizeof(bits)); /* Store state in digest */ for (i = 0; i 8; i++) @@ -309,71 +315,73 @@ static void sha256_final(struct crypto_tfm *tfm, u8 *out) /* Zeroize sensitive information. */ memset(sctx, 0, sizeof(*sctx)); + + return 0; } -static void sha224_final(struct crypto_tfm *tfm, u8 *hash) +static int sha224_final(struct shash_desc *desc, u8 *hash) { u8 D[SHA256_DIGEST_SIZE]; - sha256_final(tfm, D); + sha256_final(desc, D); memcpy(hash, D, SHA224_DIGEST_SIZE); memset(D, 0, SHA256_DIGEST_SIZE); + + return 0; } -static struct crypto_alg sha256 = { - .cra_name = sha256, - .cra_driver_name= sha256-generic, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = SHA256_BLOCK_SIZE, - .cra_ctxsize= sizeof(struct sha256_ctx), - .cra_module = THIS_MODULE, - .cra_alignmask = 3, - .cra_list = LIST_HEAD_INIT(sha256.cra_list), - .cra_u = { .digest = { - .dia_digestsize = SHA256_DIGEST_SIZE, - .dia_init = sha256_init, - .dia_update = sha256_update, - .dia_final = sha256_final } } +static struct shash_alg sha256 = { + .digestsize = SHA256_DIGEST_SIZE, + .init = sha256_init, + .update
[PATCH 4/5] crypto: tgr192 - Switch to shash
This patch changes tgr192, tgr160 and tgr128 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/tgr192.c | 135 +-- 1 files changed, 71 insertions(+), 64 deletions(-) diff --git a/crypto/tgr192.c b/crypto/tgr192.c index a92414f..cbca4f2 100644 --- a/crypto/tgr192.c +++ b/crypto/tgr192.c @@ -21,11 +21,11 @@ * (at your option) any later version. * */ +#include crypto/internal/hash.h #include linux/init.h #include linux/module.h #include linux/mm.h #include asm/byteorder.h -#include linux/crypto.h #include linux/types.h #define TGR192_DIGEST_SIZE 24 @@ -495,24 +495,26 @@ static void tgr192_transform(struct tgr192_ctx *tctx, const u8 * data) tctx-c = c; } -static void tgr192_init(struct crypto_tfm *tfm) +static int tgr192_init(struct shash_desc *desc) { - struct tgr192_ctx *tctx = crypto_tfm_ctx(tfm); + struct tgr192_ctx *tctx = shash_desc_ctx(desc); tctx-a = 0x0123456789abcdefULL; tctx-b = 0xfedcba9876543210ULL; tctx-c = 0xf096a5b4c3b2e187ULL; tctx-nblocks = 0; tctx-count = 0; + + return 0; } /* Update the message digest with the contents * of INBUF with length INLEN. */ -static void tgr192_update(struct crypto_tfm *tfm, const u8 *inbuf, +static int tgr192_update(struct shash_desc *desc, const u8 *inbuf, unsigned int len) { - struct tgr192_ctx *tctx = crypto_tfm_ctx(tfm); + struct tgr192_ctx *tctx = shash_desc_ctx(desc); if (tctx-count == 64) {/* flush the buffer */ tgr192_transform(tctx, tctx-hash); @@ -520,15 +522,15 @@ static void tgr192_update(struct crypto_tfm *tfm, const u8 *inbuf, tctx-nblocks++; } if (!inbuf) { - return; + return 0; } if (tctx-count) { for (; len tctx-count 64; len--) { tctx-hash[tctx-count++] = *inbuf++; } - tgr192_update(tfm, NULL, 0); + tgr192_update(desc, NULL, 0); if (!len) { - return; + return 0; } } @@ -543,20 +545,22 @@ static void tgr192_update(struct crypto_tfm *tfm, const u8 *inbuf, for (; len tctx-count 64; len--) { tctx-hash[tctx-count++] = *inbuf++; } + + return 0; } /* The routine terminates the computation */ -static void tgr192_final(struct crypto_tfm *tfm, u8 * out) +static int tgr192_final(struct shash_desc *desc, u8 * out) { - struct tgr192_ctx *tctx = crypto_tfm_ctx(tfm); + struct tgr192_ctx *tctx = shash_desc_ctx(desc); __be64 *dst = (__be64 *)out; __be64 *be64p; __le32 *le32p; u32 t, msb, lsb; - tgr192_update(tfm, NULL, 0); /* flush */ ; + tgr192_update(desc, NULL, 0); /* flush */ ; msb = 0; t = tctx-nblocks; @@ -584,7 +588,7 @@ static void tgr192_final(struct crypto_tfm *tfm, u8 * out) while (tctx-count 64) { tctx-hash[tctx-count++] = 0; } - tgr192_update(tfm, NULL, 0); /* flush */ ; + tgr192_update(desc, NULL, 0); /* flush */ ; memset(tctx-hash, 0, 56);/* fill next block with zeroes */ } /* append the 64 bit count */ @@ -598,91 +602,94 @@ static void tgr192_final(struct crypto_tfm *tfm, u8 * out) dst[0] = be64p[0] = cpu_to_be64(tctx-a); dst[1] = be64p[1] = cpu_to_be64(tctx-b); dst[2] = be64p[2] = cpu_to_be64(tctx-c); + + return 0; } -static void tgr160_final(struct crypto_tfm *tfm, u8 * out) +static int tgr160_final(struct shash_desc *desc, u8 * out) { u8 D[64]; - tgr192_final(tfm, D); + tgr192_final(desc, D); memcpy(out, D, TGR160_DIGEST_SIZE); memset(D, 0, TGR192_DIGEST_SIZE); + + return 0; } -static void tgr128_final(struct crypto_tfm *tfm, u8 * out) +static int tgr128_final(struct shash_desc *desc, u8 * out) { u8 D[64]; - tgr192_final(tfm, D); + tgr192_final(desc, D); memcpy(out, D, TGR128_DIGEST_SIZE); memset(D, 0, TGR192_DIGEST_SIZE); + + return 0; } -static struct crypto_alg tgr192 = { - .cra_name = tgr192, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = TGR192_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct tgr192_ctx), - .cra_module = THIS_MODULE, - .cra_alignmask = 7, - .cra_list = LIST_HEAD_INIT(tgr192.cra_list), - .cra_u = {.digest = { -.dia_digestsize = TGR192_DIGEST_SIZE, -.dia_init = tgr192_init, -.dia_update = tgr192_update, -.dia_final = tgr192_final}} +static struct shash_alg tgr192
[PATCH 5/5] crypto: michael_mic - Switch to shash
This patch changes michael_mic to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/michael_mic.c | 63 ++--- 1 files changed, 33 insertions(+), 30 deletions(-) diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c index 9e917b8..88ba103 100644 --- a/crypto/michael_mic.c +++ b/crypto/michael_mic.c @@ -9,12 +9,11 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ - +#include crypto/internal/hash.h #include asm/byteorder.h #include linux/init.h #include linux/module.h #include linux/string.h -#include linux/crypto.h #include linux/types.h @@ -45,17 +44,19 @@ do {\ } while (0) -static void michael_init(struct crypto_tfm *tfm) +static int michael_init(struct shash_desc *desc) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_ctx *mctx = shash_desc_ctx(desc); mctx-pending_len = 0; + + return 0; } -static void michael_update(struct crypto_tfm *tfm, const u8 *data, +static int michael_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_ctx *mctx = shash_desc_ctx(desc); const __le32 *src; if (mctx-pending_len) { @@ -68,7 +69,7 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data, len -= flen; if (mctx-pending_len 4) - return; + return 0; src = (const __le32 *)mctx-pending; mctx-l ^= le32_to_cpup(src); @@ -88,12 +89,14 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data, mctx-pending_len = len; memcpy(mctx-pending, src, len); } + + return 0; } -static void michael_final(struct crypto_tfm *tfm, u8 *out) +static int michael_final(struct shash_desc *desc, u8 *out) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_ctx *mctx = shash_desc_ctx(desc); u8 *data = mctx-pending; __le32 *dst = (__le32 *)out; @@ -119,17 +122,19 @@ static void michael_final(struct crypto_tfm *tfm, u8 *out) dst[0] = cpu_to_le32(mctx-l); dst[1] = cpu_to_le32(mctx-r); + + return 0; } -static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, +static int michael_setkey(struct crypto_shash *tfm, const u8 *key, unsigned int keylen) { - struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm); + struct michael_mic_ctx *mctx = crypto_shash_ctx(tfm); const __le32 *data = (const __le32 *)key; if (keylen != 8) { - tfm-crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; + crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); return -EINVAL; } @@ -138,33 +143,31 @@ static int michael_setkey(struct crypto_tfm *tfm, const u8 *key, return 0; } - -static struct crypto_alg michael_mic_alg = { - .cra_name = michael_mic, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = 8, - .cra_ctxsize= sizeof(struct michael_mic_ctx), - .cra_module = THIS_MODULE, - .cra_alignmask = 3, - .cra_list = LIST_HEAD_INIT(michael_mic_alg.cra_list), - .cra_u = { .digest = { - .dia_digestsize = 8, - .dia_init = michael_init, - .dia_update = michael_update, - .dia_final = michael_final, - .dia_setkey = michael_setkey } } +static struct shash_alg alg = { + .digestsize = 8, + .setkey = michael_setkey, + .init = michael_init, + .update = michael_update, + .final = michael_final, + .descsize = sizeof(struct michael_mic_ctx), + .base = { + .cra_name = michael_mic, + .cra_blocksize = 8, + .cra_alignmask = 3, + .cra_ctxsize= sizeof(struct michael_mic_ctx), + .cra_module = THIS_MODULE, + } }; - static int __init michael_mic_init(void) { - return crypto_register_alg(michael_mic_alg); + return crypto_register_shash(alg); } static void __exit michael_mic_exit(void) { - crypto_unregister_alg(michael_mic_alg); + crypto_unregister_shash(alg); } -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto: sha1 - Switch to shash
This patch changes sha1 to the new shash interface. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/sha1_generic.c | 56 +++- 1 files changed, 31 insertions(+), 25 deletions(-) diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c index c7c6899..9efef20 100644 --- a/crypto/sha1_generic.c +++ b/crypto/sha1_generic.c @@ -16,10 +16,10 @@ * any later version. * */ +#include crypto/internal/hash.h #include linux/init.h #include linux/module.h #include linux/mm.h -#include linux/crypto.h #include linux/cryptohash.h #include linux/types.h #include crypto/sha.h @@ -31,9 +31,10 @@ struct sha1_ctx { u8 buffer[64]; }; -static void sha1_init(struct crypto_tfm *tfm) +static int sha1_init(struct shash_desc *desc) { - struct sha1_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha1_ctx *sctx = shash_desc_ctx(desc); + static const struct sha1_ctx initstate = { 0, { SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4 }, @@ -41,12 +42,14 @@ static void sha1_init(struct crypto_tfm *tfm) }; *sctx = initstate; + + return 0; } -static void sha1_update(struct crypto_tfm *tfm, const u8 *data, +static int sha1_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct sha1_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha1_ctx *sctx = shash_desc_ctx(desc); unsigned int partial, done; const u8 *src; @@ -74,13 +77,15 @@ static void sha1_update(struct crypto_tfm *tfm, const u8 *data, partial = 0; } memcpy(sctx-buffer + partial, src, len - done); + + return 0; } /* Add padding and return the message digest. */ -static void sha1_final(struct crypto_tfm *tfm, u8 *out) +static int sha1_final(struct shash_desc *desc, u8 *out) { - struct sha1_ctx *sctx = crypto_tfm_ctx(tfm); + struct sha1_ctx *sctx = shash_desc_ctx(desc); __be32 *dst = (__be32 *)out; u32 i, index, padlen; __be64 bits; @@ -91,10 +96,10 @@ static void sha1_final(struct crypto_tfm *tfm, u8 *out) /* Pad out to 56 mod 64 */ index = sctx-count 0x3f; padlen = (index 56) ? (56 - index) : ((64+56) - index); - sha1_update(tfm, padding, padlen); + sha1_update(desc, padding, padlen); /* Append length */ - sha1_update(tfm, (const u8 *)bits, sizeof(bits)); + sha1_update(desc, (const u8 *)bits, sizeof(bits)); /* Store state in digest */ for (i = 0; i 5; i++) @@ -102,32 +107,33 @@ static void sha1_final(struct crypto_tfm *tfm, u8 *out) /* Wipe context */ memset(sctx, 0, sizeof *sctx); + + return 0; } -static struct crypto_alg alg = { - .cra_name = sha1, - .cra_driver_name= sha1-generic, - .cra_flags = CRYPTO_ALG_TYPE_DIGEST, - .cra_blocksize = SHA1_BLOCK_SIZE, - .cra_ctxsize= sizeof(struct sha1_ctx), - .cra_module = THIS_MODULE, - .cra_alignmask = 3, - .cra_list = LIST_HEAD_INIT(alg.cra_list), - .cra_u = { .digest = { - .dia_digestsize = SHA1_DIGEST_SIZE, - .dia_init = sha1_init, - .dia_update = sha1_update, - .dia_final = sha1_final } } +static struct shash_alg alg = { + .digestsize = SHA1_DIGEST_SIZE, + .init = sha1_init, + .update = sha1_update, + .final = sha1_final, + .descsize = sizeof(struct sha1_ctx), + .base = { + .cra_name = sha1, + .cra_driver_name= sha1-generic, + .cra_flags = CRYPTO_ALG_TYPE_SHASH, + .cra_blocksize = SHA1_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } }; static int __init sha1_generic_mod_init(void) { - return crypto_register_alg(alg); + return crypto_register_shash(alg); } static void __exit sha1_generic_mod_fini(void) { - crypto_unregister_alg(alg); + crypto_unregister_shash(alg); } module_init(sha1_generic_mod_init); -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] libcrc32c: Fix crc32c undefined compilation error
The latest shash changes leave crc32c undefined: [...] Building modules, stage 2. MODPOST 1381 modules ERROR: crc32c [net/sctp/sctp.ko] undefined! ERROR: crc32c [net/ipv4/netfilter/nf_nat_proto_sctp.ko] undefined! Adding EXPORT_SYMBOL(crc32c) to lib/libcrc32c.c fixes the compile error. This patch has been compile-tested only. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- lib/libcrc32c.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c index 38b17ab..244f548 100644 --- a/lib/libcrc32c.c +++ b/lib/libcrc32c.c @@ -57,6 +57,8 @@ u32 crc32c(u32 crc, const void *address, unsigned int length) return *(u32 *)desc.ctx; } +EXPORT_SYMBOL(crc32c); + static int __init libcrc32c_mod_init(void) { tfm = crypto_alloc_shash(crc32c, 0, 0); -- 1.5.4.3 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH] [XFRM] xfrm_algo: correct usage of RIPEMD-160
Sebastian Siewior wrote: * Adrian-Ken Rueegsegger | 2008-06-01 19:16:18 [+0200]: This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn allows hmac(rmd160) to be used as authentication mechanism in IPsec ESP and AH (see RFC 2857). Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- net/xfrm/xfrm_algo.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index ac765dd..23a2cc0 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c @@ -200,8 +200,8 @@ static struct xfrm_algo_desc aalg_list[] = { } }, { -.name = hmac(ripemd160), -.compat = ripemd160, +.name = hmac(rmd160), +.compat = rmd160, On the other hand you could rename the algorithm itself couldn't you? Yes, that would be the other way to do it. Is there a preference or specific reason for renaming the hash algorithm than changing the reference to the algorithm? Thanks, Adrian Sebastian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [RFC PATCH] [XFRM] xfrm_algo: correct usage of RIPEMD-160
Herbert Xu wrote: On Mon, Jun 02, 2008 at 09:02:08AM +0200, Adrian-Ken Rueegsegger wrote: Yes, that would be the other way to do it. Is there a preference or specific reason for renaming the hash algorithm than changing the reference to the algorithm? I think the rmd name is fine. The existing entry in IPsec has never worked (since we didn't have the implementation) so it isn't an issue. Ok thanks for the clarification. I will resubmit the patch to the addresses you specified. I assume linux-crypto should also be cc'd? Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH] [XFRM] xfrm_algo: correct usage of RIPEMD-160
This patch makes HMAC-RIPEMD-160 usable with IPsec/XFRM. The RIPEMD-160 implementation is currently in the cryptodev-2.6 tree. Since I have no IPsec test setup the patch has not (yet) been tested with IPsec and is thus marked as RFC. I will put together a test environment which will take some time. In the meantime it would be great if somebody who already has a working IPsec environment could test this patch. Thanks, Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH] [XFRM] xfrm_algo: correct usage of RIPEMD-160
This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn allows hmac(rmd160) to be used as authentication mechanism in IPsec ESP and AH (see RFC 2857). Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- net/xfrm/xfrm_algo.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index ac765dd..23a2cc0 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c @@ -200,8 +200,8 @@ static struct xfrm_algo_desc aalg_list[] = { } }, { - .name = hmac(ripemd160), - .compat = ripemd160, + .name = hmac(rmd160), + .compat = rmd160, .uinfo = { .auth = { -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode
Neil Horman wrote: On Mon, Jun 02, 2008 at 10:48:48PM +1000, Herbert Xu wrote: On Mon, Jun 02, 2008 at 08:45:42AM -0400, Neil Horman wrote: Copy that. I think I found the problem, anyway. The verdict is that Adrian was right, and I'm klutz. I mixed up the output vector from a successful and a failed test during development. I'll repost shortly. Sorry for the trouble! No worries. Ok, corrected the broken output vector and retested _several_ times. Also added to test case 4 as requested. Sorry again for the trouble Thanks a lot for clearing this up! I don't know if this is appropriate but in any case: Acked-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] Adrian Patch to add checking of DES3 test vectors using CBC mode. FIPS-140-2 compliance mandates that any supported mode of operation must include a self test. This satisfies that requirement for cbc(des3_ede). The included test vector was generated by me using openssl. Key/IV was generated with the following command: openssl enc -des_ede_cbc -P input and output values were generated by repeating the string Too many secrets a few times over, truncating it to 128 bytes, and encrypting it with openssl using the aformentioned key. Tested successfully by myself Signed-off-by: Neil Horman [EMAIL PROTECTED] tcrypt.c | 16 ++ tcrypt.h | 93 --- 2 files changed, 106 insertions(+), 3 deletions(-) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 6beabc5..30cd541 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -1180,6 +1180,14 @@ static void do_test(void) test_cipher(ecb(des3_ede), DECRYPT, des3_ede_dec_tv_template, DES3_EDE_DEC_TEST_VECTORS); + test_cipher(cbc(des3_ede), ENCRYPT, + des3_ede_cbc_enc_tv_template, + DES3_EDE_CBC_ENC_TEST_VECTORS); + + test_cipher(cbc(des3_ede), DECRYPT, + des3_ede_cbc_dec_tv_template, + DES3_EDE_CBC_DEC_TEST_VECTORS); + test_hash(md4, md4_tv_template, MD4_TEST_VECTORS); test_hash(sha224, sha224_tv_template, SHA224_TEST_VECTORS); @@ -1390,6 +1398,14 @@ static void do_test(void) DES3_EDE_ENC_TEST_VECTORS); test_cipher(ecb(des3_ede), DECRYPT, des3_ede_dec_tv_template, DES3_EDE_DEC_TEST_VECTORS); + + test_cipher(cbc(des3_ede), ENCRYPT, + des3_ede_cbc_enc_tv_template, + DES3_EDE_CBC_ENC_TEST_VECTORS); + + test_cipher(cbc(des3_ede), DECRYPT, + des3_ede_cbc_dec_tv_template, + DES3_EDE_CBC_DEC_TEST_VECTORS); break; case 5: diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h index 47bc0ec..aaff76f 100644 --- a/crypto/tcrypt.h +++ b/crypto/tcrypt.h @@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = { #define DES_CBC_DEC_TEST_VECTORS 4 #define DES3_EDE_ENC_TEST_VECTORS3 #define DES3_EDE_DEC_TEST_VECTORS3 +#define DES3_EDE_CBC_ENC_TEST_VECTORS1 +#define DES3_EDE_CBC_DEC_TEST_VECTORS1 static struct cipher_testvec des_enc_tv_template[] = { { /* From Applied Cryptography */ @@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = { }, }; -/* - * We really need some more test vectors, especially for DES3 CBC. - */ static struct cipher_testvec des3_ede_enc_tv_template[] = { { /* These are from openssl */ .key= \x01\x23\x45\x67\x89\xab\xcd\xef @@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] = { }, }; +static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = { + { /* Generated from openssl */ + .key= \xE9\xC0\xFF\x2E\x76\x0B\x64\x24 + \x44\x4D\x99\x5A\x12\xD6\x40\xC0 + \xEA\xC2\x84\xE8\x14\x95\xDB\xE8, + .klen = 24, + .iv = \x7D\x33\x88\x93\x0F\x93\xB2\x42, + .input = \x6f\x54\x20\x6f\x61\x4d\x79\x6e + \x53\x20\x63\x65\x65\x72\x73\x74 + \x54\x20\x6f\x6f\x4d\x20\x6e\x61 + \x20\x79\x65\x53\x72\x63\x74\x65 + \x20\x73\x6f\x54\x20\x6f\x61\x4d + \x79\x6e\x53\x20\x63\x65\x65\x72 + \x73\x74\x54\x20\x6f\x6f\x4d\x20 + \x6e\x61\x20\x79\x65\x53\x72\x63 + \x74\x65\x20\x73\x6f\x54\x20\x6f + \x61\x4d\x79\x6e\x53\x20\x63\x65 + \x65\x72\x73\x74\x54\x20\x6f\x6f + \x4d\x20\x6e\x61\x20\x79\x65\x53
Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode
Adrian-Ken Rueegsegger wrote: Neil Horman wrote: On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote: On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken Rüegsegger wrote: I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable? If you could post a patch with those that would be very much appreciated. Thanks! I am putting together a patch using the test vectors found at [3] and the ones I gathered from ANSI X9.52 and ISO/IEC FDIS 10116:2005. Strange enough the ANSI and ISO test vectors pass while the ones from NIST do not yield the expected results. I have not yet identified the specific differences between the various test vector sets. It is not clearly stated if/which padding was employed so that might be the reason... The reason for getting different results with test vectors from [3] is, that one must repeatedly apply the encryption/decryption 1 times eventhough it's not clearly specified in that document itself. The Monte Carlo test that has to be used to get the results is described in [2] (section 3.2, page 24). Adrian For future reference, do you have a link where NIST standard test vectors can be obtained? A good place to start is [1]. More specifically for TDES: [2] and [3]. Note that the tests described in [2] will not work with the current DES3 implementation since the employed keys will be identified as weak keys and the setkey operation would fail. By the way: when explicitly trying to set a weak key for DES3 I got the following warning: setkey() failed flags=0 Shouldn't the flags be set to CRYPTO_TFM_RES_BAD_KEY_SCHED at that point (see crypto/des_generic.c, line 873)? Thanks, Adrian __ [1] - http://csrc.nist.gov/groups/STM/cavp/standards.html [2] - http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf [3] - http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode
Neil Horman wrote: On Sun, Jun 01, 2008 at 03:44:23AM +0200, Adrian-Ken Rueegsegger wrote: Neil Horman wrote: On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote: On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken Rüegsegger wrote: I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable? If you could post a patch with those that would be very much appreciated. Thanks! I am putting together a patch using the test vectors found at [3] and the ones I gathered from ANSI X9.52 and ISO/IEC FDIS 10116:2005. Strange enough the ANSI and ISO test vectors pass while the ones from NIST do not yield the expected results. I have not yet identified the specific differences between the various test vector sets. It is not clearly stated if/which padding was employed so that might be the reason... I thought that TDES input/output vectors had to be an even multiple of the key length. As such if the vectors aren't an even multiple, doesn't padding have to be employed? It's actually multiple of the cipher's block length, which all plain-/ciphertext values of the test vectors are. I some cases keys are also padded if one only supplies 2 keys and not 3 (192 bits in total). Since I used the test vectors with three distinct 64 bit keys I was wrong with my thinking that padding could be an issue. As you mentioned in the other mail, I will see if something with my setup is off. Adrian For future reference, do you have a link where NIST standard test vectors can be obtained? A good place to start is [1]. More specifically for TDES: [2] and [3]. Note that the tests described in [2] will not work with the current DES3 implementation since the employed keys will be identified as weak keys and the setkey operation would fail. By the way: when explicitly trying to set a weak key for DES3 I got the following warning: setkey() failed flags=0 Shouldn't the flags be set to CRYPTO_TFM_RES_BAD_KEY_SCHED at that point (see crypto/des_generic.c, line 873)? I ran into this too when I wrote my vector. I'm not sure why this is happening, as it appears the *flags-crt_flags | FLAGS statements should set these. I'm looking into why Neil Thanks, Adrian __ [1] - http://csrc.nist.gov/groups/STM/cavp/standards.html [2] - http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf [3] - http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH] [XFRM] xfrm_algo: correct usage of RIPEMD-160
This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn allows hmac(rmd160) to be used as authentication mechanism in IPsec ESP and AH (see RFC 2857). Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- net/xfrm/xfrm_algo.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c index ac765dd..23a2cc0 100644 --- a/net/xfrm/xfrm_algo.c +++ b/net/xfrm/xfrm_algo.c @@ -200,8 +200,8 @@ static struct xfrm_algo_desc aalg_list[] = { } }, { - .name = hmac(ripemd160), - .compat = ripemd160, + .name = hmac(rmd160), + .compat = rmd160, .uinfo = { .auth = { -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH] [XFRM] xfrm_algo: correct usage of RIPEMD-160
This patch makes HMAC-RIPEMD-160 usable with IPsec/XFRM. Since I have no IPsec test setup the patch has not (yet) been tested with IPsec and is thus marked as RFC. I will put together a test environment which will take some time. In the meantime it would be great if somebody who already has a working IPsec environment could test this patch. -Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode
Neil Horman wrote: On Sun, Jun 01, 2008 at 06:09:46PM +0200, Adrian-Ken Rueegsegger wrote: Neil Horman wrote: On Sun, Jun 01, 2008 at 03:10:14AM +0200, Adrian-Ken Rueegsegger wrote: Neil Horman wrote: [snip] These tests both seem to fail on my machine. Did you verify that the tests pass succesfully? -Adrian Yes, of course I did. I clearly indicated that I did in my commit message above. I just verified on a separate system as well. You had mentioned that some of the standard NIST vectors that you obtained were failing on your system as well, is something perhaps misconfigured in your kernel build? Mind you I can't imagine what that would be, and if it were just my vectors that were failing for you I could imagine I missed something that would work in my testing but fail in yours, but if standard vectors are failing it seems something else might be wrong Sorry, I did not mean to come off so hostile. I merely wanted to find out if I was the only one with failing test results. I will investigate, why this fails on my machine. I know you didn't. I apologize as well. I can't imagine why they would be failing. I verified them in the tcrypt self tests again, as well as under openssl in userspace, and both passed correctly. I've still have no idea what causes the failure. I do recall there being a case in the setkey path that returned an error without setting flags. I hit that writing my vectors. I'll see if I can find it again. I just did a clean build on a different machine with the current HEAD (ac3f925c2bb1b08a41713394d78098857d3f40a7) of the cryptodev-2.6-tree. The two tests fail on that box too. :( I will see if I can spot something suspicious by comparing the two configs. Could somebody else run the tests and report back the results? Here's a shot in the dark: was there a mixup during the patch submission? Maybe you submitted a different version of the patch than intended? Adrian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode
Neil Horman wrote: On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote: On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken Rüegsegger wrote: I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable? If you could post a patch with those that would be very much appreciated. Thanks! I am putting together a patch using the test vectors found at [3] and the ones I gathered from ANSI X9.52 and ISO/IEC FDIS 10116:2005. Strange enough the ANSI and ISO test vectors pass while the ones from NIST do not yield the expected results. I have not yet identified the specific differences between the various test vector sets. It is not clearly stated if/which padding was employed so that might be the reason... For future reference, do you have a link where NIST standard test vectors can be obtained? A good place to start is [1]. More specifically for TDES: [2] and [3]. Note that the tests described in [2] will not work with the current DES3 implementation since the employed keys will be identified as weak keys and the setkey operation would fail. By the way: when explicitly trying to set a weak key for DES3 I got the following warning: setkey() failed flags=0 Shouldn't the flags be set to CRYPTO_TFM_RES_BAD_KEY_SCHED at that point (see crypto/des_generic.c, line 873)? Thanks, Adrian __ [1] - http://csrc.nist.gov/groups/STM/cavp/standards.html [2] - http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf [3] - http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/3] [CRYPTO] ripemd: Fix endian issues
These patches fix the endian issues reported by Sebastian Siewior for the three remaining RIPEMD modules rmd160, rmd256 and rmd320. crypto/rmd160.c | 37 + crypto/rmd256.c | 37 + crypto/rmd320.c | 37 + 3 files changed, 27 insertions(+), 84 deletions(-) -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/3] [CRYPTO] rmd256: Fix endian problems
This patch fixes endian issues making rmd256 work properly on big-endian machines. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/rmd256.c | 37 + 1 files changed, 9 insertions(+), 28 deletions(-) diff --git a/crypto/rmd256.c b/crypto/rmd256.c index 060ee81..88f2203 100644 --- a/crypto/rmd256.c +++ b/crypto/rmd256.c @@ -44,7 +44,7 @@ struct rmd256_ctx { #define F4(x, y, z) (y ^ (z (x ^ y)))/* z ? x : y */ #define ROUND(a, b, c, d, f, k, x, s) { \ - (a) += f((b), (c), (d)) + (x) + (k); \ + (a) += f((b), (c), (d)) + le32_to_cpu(x) + (k); \ (a) = rol32((a), (s)); \ } @@ -233,28 +233,6 @@ static void rmd256_transform(u32 *state, u32 const *in) return; } -static inline void le32_to_cpu_array(u32 *buf, unsigned int words) -{ - while (words--) { - le32_to_cpus(buf); - buf++; - } -} - -static inline void cpu_to_le32_array(u32 *buf, unsigned int words) -{ - while (words--) { - cpu_to_le32s(buf); - buf++; - } -} - -static inline void rmd256_transform_helper(struct rmd256_ctx *ctx) -{ - le32_to_cpu_array(ctx-buffer, sizeof(ctx-buffer) / sizeof(u32)); - rmd256_transform(ctx-state, ctx-buffer); -} - static void rmd256_init(struct crypto_tfm *tfm) { struct rmd256_ctx *rctx = crypto_tfm_ctx(tfm); @@ -291,13 +269,13 @@ static void rmd256_update(struct crypto_tfm *tfm, const u8 *data, memcpy((char *)rctx-buffer + (sizeof(rctx-buffer) - avail), data, avail); - rmd256_transform_helper(rctx); + rmd256_transform(rctx-state, rctx-buffer); data += avail; len -= avail; while (len = sizeof(rctx-buffer)) { memcpy(rctx-buffer, data, sizeof(rctx-buffer)); - rmd256_transform_helper(rctx); + rmd256_transform(rctx-state, rctx-buffer); data += sizeof(rctx-buffer); len -= sizeof(rctx-buffer); } @@ -309,10 +287,12 @@ static void rmd256_update(struct crypto_tfm *tfm, const u8 *data, static void rmd256_final(struct crypto_tfm *tfm, u8 *out) { struct rmd256_ctx *rctx = crypto_tfm_ctx(tfm); - u32 index, padlen; + u32 i, index, padlen; u64 bits; + u32 *dst = (u32 *)out; static const u8 padding[64] = { 0x80, }; - bits = rctx-byte_count 3; + + bits = cpu_to_le64(rctx-byte_count 3); /* Pad out to 56 mod 64 */ index = rctx-byte_count 0x3f; @@ -323,7 +303,8 @@ static void rmd256_final(struct crypto_tfm *tfm, u8 *out) rmd256_update(tfm, (const u8 *)bits, sizeof(bits)); /* Store state in digest */ - memcpy(out, rctx-state, sizeof(rctx-state)); + for (i = 0; i 8; i++) + dst[i] = cpu_to_le32(rctx-state[i]); /* Wipe context */ memset(rctx, 0, sizeof(*rctx)); -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3/3] [CRYPTO] rmd320: Fix endian problems
This patch fixes endian issues making rmd320 work properly on big-endian machines. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/rmd320.c | 37 + 1 files changed, 9 insertions(+), 28 deletions(-) diff --git a/crypto/rmd320.c b/crypto/rmd320.c index b39c054..5b172f8 100644 --- a/crypto/rmd320.c +++ b/crypto/rmd320.c @@ -47,7 +47,7 @@ struct rmd320_ctx { #define F5(x, y, z) (x ^ (y | ~z)) #define ROUND(a, b, c, d, e, f, k, x, s) { \ - (a) += f((b), (c), (d)) + (x) + (k); \ + (a) += f((b), (c), (d)) + le32_to_cpu(x) + (k); \ (a) = rol32((a), (s)) + (e); \ (c) = rol32((c), 10); \ } @@ -280,28 +280,6 @@ static void rmd320_transform(u32 *state, u32 const *in) return; } -static inline void le32_to_cpu_array(u32 *buf, unsigned int words) -{ - while (words--) { - le32_to_cpus(buf); - buf++; - } -} - -static inline void cpu_to_le32_array(u32 *buf, unsigned int words) -{ - while (words--) { - cpu_to_le32s(buf); - buf++; - } -} - -static inline void rmd320_transform_helper(struct rmd320_ctx *ctx) -{ - le32_to_cpu_array(ctx-buffer, sizeof(ctx-buffer) / sizeof(u32)); - rmd320_transform(ctx-state, ctx-buffer); -} - static void rmd320_init(struct crypto_tfm *tfm) { struct rmd320_ctx *rctx = crypto_tfm_ctx(tfm); @@ -340,13 +318,13 @@ static void rmd320_update(struct crypto_tfm *tfm, const u8 *data, memcpy((char *)rctx-buffer + (sizeof(rctx-buffer) - avail), data, avail); - rmd320_transform_helper(rctx); + rmd320_transform(rctx-state, rctx-buffer); data += avail; len -= avail; while (len = sizeof(rctx-buffer)) { memcpy(rctx-buffer, data, sizeof(rctx-buffer)); - rmd320_transform_helper(rctx); + rmd320_transform(rctx-state, rctx-buffer); data += sizeof(rctx-buffer); len -= sizeof(rctx-buffer); } @@ -358,10 +336,12 @@ static void rmd320_update(struct crypto_tfm *tfm, const u8 *data, static void rmd320_final(struct crypto_tfm *tfm, u8 *out) { struct rmd320_ctx *rctx = crypto_tfm_ctx(tfm); - u32 index, padlen; + u32 i, index, padlen; u64 bits; + u32 *dst = (u32 *)out; static const u8 padding[64] = { 0x80, }; - bits = rctx-byte_count 3; + + bits = cpu_to_le64(rctx-byte_count 3); /* Pad out to 56 mod 64 */ index = rctx-byte_count 0x3f; @@ -372,7 +352,8 @@ static void rmd320_final(struct crypto_tfm *tfm, u8 *out) rmd320_update(tfm, (const u8 *)bits, sizeof(bits)); /* Store state in digest */ - memcpy(out, rctx-state, sizeof(rctx-state)); + for (i = 0; i 10; i++) + dst[i] = cpu_to_le32(rctx-state[i]); /* Wipe context */ memset(rctx, 0, sizeof(*rctx)); -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] [CRYPTO] rmd128: Fix endian problems
This patch is based on Sebastian Siewior's patch and fixes endian issues making rmd128 work properly on big-endian machines. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- I put the le32_to_cpu call in the ROUND-define so code-size is smaller compared to Sebastians patch. I also removed the three now obsolete functions (le32_to_cpu_array, cpu_to_le32_array and rmd_transform_helper), which makes the code smaller. The other changes make rmd128_final more sha1-like. I will fix the other RIPEMD modules once consensus is reached on how to fix the endian issues for rmd128. Sebastian, would you be so kind to test this patch on PowerPC? crypto/rmd128.c | 37 + 1 files changed, 9 insertions(+), 28 deletions(-) diff --git a/crypto/rmd128.c b/crypto/rmd128.c index 146a167..6125a4d 100644 --- a/crypto/rmd128.c +++ b/crypto/rmd128.c @@ -43,7 +43,7 @@ struct rmd128_ctx { #define F4(x, y, z) (y ^ (z (x ^ y)))/* z ? x : y */ #define ROUND(a, b, c, d, f, k, x, s) { \ - (a) += f((b), (c), (d)) + (x) + (k); \ + (a) += f((b), (c), (d)) + le32_to_cpu(x) + (k); \ (a) = rol32((a), (s)); \ } @@ -217,28 +217,6 @@ static void rmd128_transform(u32 *state, u32 const *in) return; } -static inline void le32_to_cpu_array(u32 *buf, unsigned int words) -{ - while (words--) { - le32_to_cpus(buf); - buf++; - } -} - -static inline void cpu_to_le32_array(u32 *buf, unsigned int words) -{ - while (words--) { - cpu_to_le32s(buf); - buf++; - } -} - -static inline void rmd128_transform_helper(struct rmd128_ctx *ctx) -{ - le32_to_cpu_array(ctx-buffer, sizeof(ctx-buffer) / sizeof(u32)); - rmd128_transform(ctx-state, ctx-buffer); -} - static void rmd128_init(struct crypto_tfm *tfm) { struct rmd128_ctx *rctx = crypto_tfm_ctx(tfm); @@ -271,13 +249,13 @@ static void rmd128_update(struct crypto_tfm *tfm, const u8 *data, memcpy((char *)rctx-buffer + (sizeof(rctx-buffer) - avail), data, avail); - rmd128_transform_helper(rctx); + rmd128_transform(rctx-state, rctx-buffer); data += avail; len -= avail; while (len = sizeof(rctx-buffer)) { memcpy(rctx-buffer, data, sizeof(rctx-buffer)); - rmd128_transform_helper(rctx); + rmd128_transform(rctx-state, rctx-buffer); data += sizeof(rctx-buffer); len -= sizeof(rctx-buffer); } @@ -289,10 +267,12 @@ static void rmd128_update(struct crypto_tfm *tfm, const u8 *data, static void rmd128_final(struct crypto_tfm *tfm, u8 *out) { struct rmd128_ctx *rctx = crypto_tfm_ctx(tfm); - u32 index, padlen; + u32 i, index, padlen; u64 bits; + u32 *dst = (u32 *)out; static const u8 padding[64] = { 0x80, }; - bits = rctx-byte_count 3; + + bits = cpu_to_le64(rctx-byte_count 3); /* Pad out to 56 mod 64 */ index = rctx-byte_count 0x3f; @@ -303,7 +283,8 @@ static void rmd128_final(struct crypto_tfm *tfm, u8 *out) rmd128_update(tfm, (const u8 *)bits, sizeof(bits)); /* Store state in digest */ - memcpy(out, rctx-state, sizeof(rctx-state)); + for (i = 0; i 4; i++) + dst[i] = cpu_to_le32(rctx-state[i]); /* Wipe context */ memset(rctx, 0, sizeof(*rctx)); -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RESEND][PATCH 0/4][CRYPTO] add support for extended RIPEMD hash algorithms
Resending because of missing sign-off. These patches add RIPEMD-256/320 support to the cryptoapi. The first patch extracts all common values of the RIPEMD algorithms to the proper header file. The second patch contains the actual implementation of the extended hash algorithms RIPEMD-256 and RIPEMD-320. They are described by Antoon Bosselaers (ESAT-COSIC) at: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html#extenions The third patch adds test vectors for both hash functions to tcrypt. There are no standardized HMAC test vectors. The test vectors for the hash functions are taken from http://homes.esat.kuleuven.be/~bosselae/ripemd160.html#extenions The fourth patch contains the Kconfig entries for both algorithms. -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RESEND][PATCH 1/4][CRYPTO] RIPEMD: put all common RIPEMD values in header file.
This patch puts all common RIPEMD values in the appropriate header file. Initial values and constants are the same for all variants of RIPEMD. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/rmd128.c | 16 crypto/rmd160.c | 20 ++-- include/crypto/ripemd.h | 17 + 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/crypto/rmd128.c b/crypto/rmd128.c index 8f5e3c8..146a167 100644 --- a/crypto/rmd128.c +++ b/crypto/rmd128.c @@ -28,14 +28,14 @@ struct rmd128_ctx { u32 buffer[16]; }; -#define K1 0xUL -#define K2 0x5a827999UL -#define K3 0x6ed9eba1UL -#define K4 0x8f1bbcdcUL -#define KK1 0x50a28be6UL -#define KK2 0x5c4dd124UL -#define KK3 0x6d703ef3UL -#define KK4 0xUL +#define K1 RMD_K1 +#define K2 RMD_K2 +#define K3 RMD_K3 +#define K4 RMD_K4 +#define KK1 RMD_K6 +#define KK2 RMD_K7 +#define KK3 RMD_K8 +#define KK4 RMD_K1 #define F1(x, y, z) (x ^ y ^ z)/* XOR */ #define F2(x, y, z) (z ^ (x (y ^ z)))/* x ? y : z */ diff --git a/crypto/rmd160.c b/crypto/rmd160.c index 5860433..4248aaa 100644 --- a/crypto/rmd160.c +++ b/crypto/rmd160.c @@ -28,16 +28,16 @@ struct rmd160_ctx { u32 buffer[16]; }; -#define K1 0xUL -#define K2 0x5a827999UL -#define K3 0x6ed9eba1UL -#define K4 0x8f1bbcdcUL -#define K5 0xa953fd4eUL -#define KK1 0x50a28be6UL -#define KK2 0x5c4dd124UL -#define KK3 0x6d703ef3UL -#define KK4 0x7a6d76e9UL -#define KK5 0xUL +#define K1 RMD_K1 +#define K2 RMD_K2 +#define K3 RMD_K3 +#define K4 RMD_K4 +#define K5 RMD_K5 +#define KK1 RMD_K6 +#define KK2 RMD_K7 +#define KK3 RMD_K8 +#define KK4 RMD_K9 +#define KK5 RMD_K1 #define F1(x, y, z) (x ^ y ^ z)/* XOR */ #define F2(x, y, z) (z ^ (x (y ^ z)))/* x ? y : z */ diff --git a/include/crypto/ripemd.h b/include/crypto/ripemd.h index 2858e22..c57a2d4 100644 --- a/include/crypto/ripemd.h +++ b/include/crypto/ripemd.h @@ -17,10 +17,27 @@ #define RMD320_DIGEST_SIZE 40 #define RMD320_BLOCK_SIZE 64 +/* initial values */ #define RMD_H0 0x67452301UL #define RMD_H1 0xefcdab89UL #define RMD_H2 0x98badcfeUL #define RMD_H3 0x10325476UL #define RMD_H4 0xc3d2e1f0UL +#define RMD_H5 0x76543210UL +#define RMD_H6 0xfedcba98UL +#define RMD_H7 0x89abcdefUL +#define RMD_H8 0x01234567UL +#define RMD_H9 0x3c2d1e0fUL + +/* constants */ +#define RMD_K1 0xUL +#define RMD_K2 0x5a827999UL +#define RMD_K3 0x6ed9eba1UL +#define RMD_K4 0x8f1bbcdcUL +#define RMD_K5 0xa953fd4eUL +#define RMD_K6 0x50a28be6UL +#define RMD_K7 0x5c4dd124UL +#define RMD_K8 0x6d703ef3UL +#define RMD_K9 0x7a6d76e9UL #endif -- 1.5.4.3 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RESEND][PATCH 4/4][CRYPTO] RIPEMD: Add Kconfig entries for extended RIPEMD hash algorithms
This patch adds Kconfig entries for RIPEMD-256 and RIPEMD-320. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/Kconfig | 25 + 1 files changed, 25 insertions(+), 0 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index cfc521a..5963a95 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -264,6 +264,31 @@ config CRYPTO_RMD160 to be used as a secure replacement for the 128-bit hash functions MD4, MD5 and it's predecessor RIPEMD (not to be confused with RIPEMD-128). +It's speed is comparable to SHA1 and there are no known attacks against +RIPEMD-160. + +Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. +See http://home.esat.kuleuven.be/~bosselae/ripemd160.html + +config CRYPTO_RMD256 + tristate RIPEMD-256 digest algorithm + select CRYPTO_ALGAPI + help +RIPEMD-256 is an optional extension of RIPEMD-128 with a 256 bit hash. +It is intended for applications that require longer hash-results, without +needing a larger security level (than RIPEMD-128). + +Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. +See http://home.esat.kuleuven.be/~bosselae/ripemd160.html + +config CRYPTO_RMD320 + tristate RIPEMD-320 digest algorithm + select CRYPTO_ALGAPI + help +RIPEMD-320 is an optional extension of RIPEMD-160 with a 320 bit hash. +It is intended for applications that require longer hash-results, without +needing a larger security level (than RIPEMD-160). + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. See http://home.esat.kuleuven.be/~bosselae/ripemd160.html -- 1.5.4.3 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[RESEND][PATCH 3/4][CRYPTO] tcrypt: Add test vectors for RIPEMD-256 and RIPEMD-320.
This patch adds test vectors for RIPEMD-256 and RIPEMD-320 hash algorithms. The test vectors are taken from http://homes.esat.kuleuven.be/~bosselae/ripemd160.html Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/tcrypt.c | 21 - crypto/tcrypt.h | 136 +++ 2 files changed, 155 insertions(+), 2 deletions(-) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 70f9ba7..257832b 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -76,7 +76,8 @@ static char *check[] = { blowfish, twofish, serpent, sha384, sha512, md4, aes, cast6, arc4, michael_mic, deflate, crc32c, tea, xtea, khazad, wp512, wp384, wp256, tnepres, xeta, fcrypt, - camellia, seed, salsa20, rmd128, rmd160, lzo, cts, NULL + camellia, seed, salsa20, rmd128, rmd160, rmd256, rmd320, + lzo, cts, NULL }; static void hexdump(unsigned char *buf, unsigned int len) @@ -1551,7 +1552,7 @@ static void do_test(void) case 29: test_hash(tgr128, tgr128_tv_template, TGR128_TEST_VECTORS); break; - + case 30: test_cipher(ecb(xeta), ENCRYPT, xeta_enc_tv_template, XETA_ENC_TEST_VECTORS); @@ -1624,6 +1625,14 @@ static void do_test(void) test_hash(rmd160, rmd160_tv_template, RMD160_TEST_VECTORS); break; + case 41: + test_hash(rmd256, rmd256_tv_template, RMD256_TEST_VECTORS); + break; + + case 42: + test_hash(rmd320, rmd320_tv_template, RMD320_TEST_VECTORS); + break; + case 100: test_hash(hmac(md5), hmac_md5_tv_template, HMAC_MD5_TEST_VECTORS); @@ -1815,6 +1824,14 @@ static void do_test(void) test_hash_speed(rmd160, sec, generic_hash_speed_template); if (mode 300 mode 400) break; + case 316: + test_hash_speed(rmd256, sec, generic_hash_speed_template); + if (mode 300 mode 400) break; + + case 317: + test_hash_speed(rmd320, sec, generic_hash_speed_template); + if (mode 300 mode 400) break; + case 399: break; diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h index af91f0c..20bd5fe 100644 --- a/crypto/tcrypt.h +++ b/crypto/tcrypt.h @@ -294,6 +294,142 @@ static struct hash_testvec rmd160_tv_template[] = { }; /* + * RIPEMD-256 test vectors + */ +#define RMD256_TEST_VECTORS 8 + +static struct hash_testvec rmd256_tv_template[] = { + { + .digest = \x02\xba\x4c\x4e\x5f\x8e\xcd\x18 + \x77\xfc\x52\xd6\x4d\x30\xe3\x7a + \x2d\x97\x74\xfb\x1e\x5d\x02\x63 + \x80\xae\x01\x68\xe3\xc5\x52\x2d, + }, { + .plaintext = a, + .psize = 1, + .digest = \xf9\x33\x3e\x45\xd8\x57\xf5\xd9 + \x0a\x91\xba\xb7\x0a\x1e\xba\x0c + \xfb\x1b\xe4\xb0\x78\x3c\x9a\xcf + \xcd\x88\x3a\x91\x34\x69\x29\x25, + }, { + .plaintext = abc, + .psize = 3, + .digest = \xaf\xbd\x6e\x22\x8b\x9d\x8c\xbb + \xce\xf5\xca\x2d\x03\xe6\xdb\xa1 + \x0a\xc0\xbc\x7d\xcb\xe4\x68\x0e + \x1e\x42\xd2\xe9\x75\x45\x9b\x65, + }, { + .plaintext = message digest, + .psize = 14, + .digest = \x87\xe9\x71\x75\x9a\x1c\xe4\x7a + \x51\x4d\x5c\x91\x4c\x39\x2c\x90 + \x18\xc7\xc4\x6b\xc1\x44\x65\x55 + \x4a\xfc\xdf\x54\xa5\x07\x0c\x0e, + }, { + .plaintext = abcdefghijklmnopqrstuvwxyz, + .psize = 26, + .digest = \x64\x9d\x30\x34\x75\x1e\xa2\x16 + \x77\x6b\xf9\xa1\x8a\xcc\x81\xbc + \x78\x96\x11\x8a\x51\x97\x96\x87 + \x82\xdd\x1f\xd9\x7d\x8d\x51\x33, + }, { + .plaintext = ABCDEFGHIJKLMNOPQRSTUVWXYZabcde +fghijklmnopqrstuvwxyz0123456789, + .psize = 62, + .digest = \x57\x40\xa4\x08\xac\x16\xb7\x20 + \xb8\x44\x24\xae\x93\x1c\xbb\x1f + \xe3\x63\xd1\xd0\xbf\x40\x17\xf1 + \xa8\x9f\x7e\xa6\xde\x77\xa0\xb8, + }, { + .plaintext = 1234567890123456789012345678901234567890 +1234567890123456789012345678901234567890, + .psize = 80, + .digest = \x06\xfd\xcc\x7a\x40\x95\x48\xaa + \xf9\x13\x68\xc0\x6a\x62\x75\xb5 + \x53\xe3\xf0\x99\xbf\x0e\xa4\xed + \xfd\x67\x78\xdf\x89\xa8\x90\xdd
[RESEND][PATCH 2/4][CRYPTO] RIPEMD: Add support for RIPEMD-256 and RIPEMD-320.
This patch adds support for the extended RIPEMD hash algorithms RIPEMD-256 and RIPEMD-320. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/Makefile |2 + crypto/rmd256.c | 362 crypto/rmd320.c | 411 +++ 3 files changed, 775 insertions(+), 0 deletions(-) create mode 100644 crypto/rmd256.c create mode 100644 crypto/rmd320.c diff --git a/crypto/Makefile b/crypto/Makefile index 1efb556..807656b 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -29,6 +29,8 @@ obj-$(CONFIG_CRYPTO_MD4) += md4.o obj-$(CONFIG_CRYPTO_MD5) += md5.o obj-$(CONFIG_CRYPTO_RMD128) += rmd128.o obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o +obj-$(CONFIG_CRYPTO_RMD256) += rmd256.o +obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o diff --git a/crypto/rmd256.c b/crypto/rmd256.c new file mode 100644 index 000..7386c68 --- /dev/null +++ b/crypto/rmd256.c @@ -0,0 +1,362 @@ +/* + * Cryptographic API. + * + * RIPEMD-256 - RACE Integrity Primitives Evaluation Message Digest. + * + * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC + * + * Copyright (c) 2008 Adrian-Ken Rueegsegger rueegsegger (at) swiss-it.ch + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#include linux/init.h +#include linux/module.h +#include linux/mm.h +#include linux/crypto.h +#include linux/cryptohash.h +#include linux/types.h +#include crypto/ripemd.h +#include asm/byteorder.h + +struct rmd256_ctx { + u64 byte_count; + u32 state[8]; + u32 buffer[16]; +}; + +#define K1 RMD_K1 +#define K2 RMD_K2 +#define K3 RMD_K3 +#define K4 RMD_K4 +#define KK1 RMD_K6 +#define KK2 RMD_K7 +#define KK3 RMD_K8 +#define KK4 RMD_K1 + +#define F1(x, y, z) (x ^ y ^ z)/* XOR */ +#define F2(x, y, z) (z ^ (x (y ^ z)))/* x ? y : z */ +#define F3(x, y, z) ((x | ~y) ^ z) +#define F4(x, y, z) (y ^ (z (x ^ y)))/* z ? x : y */ + +#define ROUND(a, b, c, d, f, k, x, s) { \ + (a) += f((b), (c), (d)) + (x) + (k); \ + (a) = rol32((a), (s)); \ +} + +static void rmd256_transform(u32 *state, u32 const *in) +{ + u32 aa, bb, cc, dd, aaa, bbb, ccc, ddd, tmp; + + /* Initialize left lane */ + aa = state[0]; + bb = state[1]; + cc = state[2]; + dd = state[3]; + + /* Initialize right lane */ + aaa = state[4]; + bbb = state[5]; + ccc = state[6]; + ddd = state[7]; + + /* round 1: left lane */ + ROUND(aa, bb, cc, dd, F1, K1, in[0], 11); + ROUND(dd, aa, bb, cc, F1, K1, in[1], 14); + ROUND(cc, dd, aa, bb, F1, K1, in[2], 15); + ROUND(bb, cc, dd, aa, F1, K1, in[3], 12); + ROUND(aa, bb, cc, dd, F1, K1, in[4], 5); + ROUND(dd, aa, bb, cc, F1, K1, in[5], 8); + ROUND(cc, dd, aa, bb, F1, K1, in[6], 7); + ROUND(bb, cc, dd, aa, F1, K1, in[7], 9); + ROUND(aa, bb, cc, dd, F1, K1, in[8], 11); + ROUND(dd, aa, bb, cc, F1, K1, in[9], 13); + ROUND(cc, dd, aa, bb, F1, K1, in[10], 14); + ROUND(bb, cc, dd, aa, F1, K1, in[11], 15); + ROUND(aa, bb, cc, dd, F1, K1, in[12], 6); + ROUND(dd, aa, bb, cc, F1, K1, in[13], 7); + ROUND(cc, dd, aa, bb, F1, K1, in[14], 9); + ROUND(bb, cc, dd, aa, F1, K1, in[15], 8); + + /* round 1: right lane */ + ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[5], 8); + ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[14], 9); + ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[7], 9); + ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[0], 11); + ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[9], 13); + ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[2], 15); + ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[11], 15); + ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[4], 5); + ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[13], 7); + ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[6], 7); + ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[15], 8); + ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[8], 11); + ROUND(aaa, bbb, ccc, ddd, F4, KK1, in[1], 14); + ROUND(ddd, aaa, bbb, ccc, F4, KK1, in[10], 14); + ROUND(ccc, ddd, aaa, bbb, F4, KK1, in[3], 12); + ROUND(bbb, ccc, ddd, aaa, F4, KK1, in[12], 6); + + /* Swap contents of a registers */ + tmp = aa; aa = aaa; aaa = tmp; + + /* round 2: left lane */ + ROUND(aa, bb, cc, dd, F2, K2, in[7], 7); + ROUND(dd, aa, bb, cc, F2, K2, in[4], 6); + ROUND(cc, dd, aa, bb, F2, K2, in[13], 8); + ROUND(bb, cc, dd, aa, F2, K2, in[1], 13); + ROUND(aa, bb, cc, dd, F2, K2, in[10], 11
[PATCH 0/5][CRYPTO] add support for extended RIPEMD hash algorithms
These patches add RIPEMD-256/320 support to the cryptoapi and fix the makefile entry for rmd128.o The first patch contains a fix for to crypto/Makefile so rmd128.o is dependent on CONFIG_CRYPTO_RMD128. The second patch extracts all common values of the RIPEMD algorithms to the proper header file. The third patch contains the actual implementation of the extended hash algorithms RIPEMD-256 and RIPEMD-320. They are described by Antoon Bosselaers (ESAT-COSIC) at: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html#extenions The fourth patch adds test vectors for both hash functions to tcrypt. There are no standardized HMAC test vectors. The test vectors for the hash functions are taken from http://homes.esat.kuleuven.be/~bosselae/ripemd160.html#extenions The fifth patch contains the Kconfig entries for both algorithms. -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/5][CRYPTO] RIPEMD: fix Makefile entry for rmd128.o
This patch fixes module building for rmd128.o. --- crypto/Makefile |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index c21b455..1efb556 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -27,7 +27,7 @@ obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o obj-$(CONFIG_CRYPTO_MD4) += md4.o obj-$(CONFIG_CRYPTO_MD5) += md5.o -obj-$(CONFIG_CRYPTO_RMD160) += rmd128.o +obj-$(CONFIG_CRYPTO_RMD128) += rmd128.o obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/5][CRYPTO] RIPEMD: put all common RIPEMD values in header file
This patch puts all common RIPEMD values in the appropriate header file. Initial values and constants are the same for all variants of RIPEMD. --- crypto/rmd128.c | 16 crypto/rmd160.c | 20 ++-- include/crypto/ripemd.h | 17 + 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/crypto/rmd128.c b/crypto/rmd128.c index 8f5e3c8..146a167 100644 --- a/crypto/rmd128.c +++ b/crypto/rmd128.c @@ -28,14 +28,14 @@ struct rmd128_ctx { u32 buffer[16]; }; -#define K1 0xUL -#define K2 0x5a827999UL -#define K3 0x6ed9eba1UL -#define K4 0x8f1bbcdcUL -#define KK1 0x50a28be6UL -#define KK2 0x5c4dd124UL -#define KK3 0x6d703ef3UL -#define KK4 0xUL +#define K1 RMD_K1 +#define K2 RMD_K2 +#define K3 RMD_K3 +#define K4 RMD_K4 +#define KK1 RMD_K6 +#define KK2 RMD_K7 +#define KK3 RMD_K8 +#define KK4 RMD_K1 #define F1(x, y, z) (x ^ y ^ z)/* XOR */ #define F2(x, y, z) (z ^ (x (y ^ z)))/* x ? y : z */ diff --git a/crypto/rmd160.c b/crypto/rmd160.c index 5860433..4248aaa 100644 --- a/crypto/rmd160.c +++ b/crypto/rmd160.c @@ -28,16 +28,16 @@ struct rmd160_ctx { u32 buffer[16]; }; -#define K1 0xUL -#define K2 0x5a827999UL -#define K3 0x6ed9eba1UL -#define K4 0x8f1bbcdcUL -#define K5 0xa953fd4eUL -#define KK1 0x50a28be6UL -#define KK2 0x5c4dd124UL -#define KK3 0x6d703ef3UL -#define KK4 0x7a6d76e9UL -#define KK5 0xUL +#define K1 RMD_K1 +#define K2 RMD_K2 +#define K3 RMD_K3 +#define K4 RMD_K4 +#define K5 RMD_K5 +#define KK1 RMD_K6 +#define KK2 RMD_K7 +#define KK3 RMD_K8 +#define KK4 RMD_K9 +#define KK5 RMD_K1 #define F1(x, y, z) (x ^ y ^ z)/* XOR */ #define F2(x, y, z) (z ^ (x (y ^ z)))/* x ? y : z */ diff --git a/include/crypto/ripemd.h b/include/crypto/ripemd.h index 2858e22..c57a2d4 100644 --- a/include/crypto/ripemd.h +++ b/include/crypto/ripemd.h @@ -17,10 +17,27 @@ #define RMD320_DIGEST_SIZE 40 #define RMD320_BLOCK_SIZE 64 +/* initial values */ #define RMD_H0 0x67452301UL #define RMD_H1 0xefcdab89UL #define RMD_H2 0x98badcfeUL #define RMD_H3 0x10325476UL #define RMD_H4 0xc3d2e1f0UL +#define RMD_H5 0x76543210UL +#define RMD_H6 0xfedcba98UL +#define RMD_H7 0x89abcdefUL +#define RMD_H8 0x01234567UL +#define RMD_H9 0x3c2d1e0fUL + +/* constants */ +#define RMD_K1 0xUL +#define RMD_K2 0x5a827999UL +#define RMD_K3 0x6ed9eba1UL +#define RMD_K4 0x8f1bbcdcUL +#define RMD_K5 0xa953fd4eUL +#define RMD_K6 0x50a28be6UL +#define RMD_K7 0x5c4dd124UL +#define RMD_K8 0x6d703ef3UL +#define RMD_K9 0x7a6d76e9UL #endif -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 5/5][CRYPTO] RIPEMD: Add Kconfig entries for extended RIPEMD hash algorithms
This patch adds Kconfig entries for RIPEMD-256 and RIPEMD-320. --- crypto/Kconfig | 25 + 1 files changed, 25 insertions(+), 0 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index cfc521a..5963a95 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -264,6 +264,31 @@ config CRYPTO_RMD160 to be used as a secure replacement for the 128-bit hash functions MD4, MD5 and it's predecessor RIPEMD (not to be confused with RIPEMD-128). +It's speed is comparable to SHA1 and there are no known attacks against +RIPEMD-160. + +Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. +See http://home.esat.kuleuven.be/~bosselae/ripemd160.html + +config CRYPTO_RMD256 + tristate RIPEMD-256 digest algorithm + select CRYPTO_ALGAPI + help +RIPEMD-256 is an optional extension of RIPEMD-128 with a 256 bit hash. +It is intended for applications that require longer hash-results, without +needing a larger security level (than RIPEMD-128). + +Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. +See http://home.esat.kuleuven.be/~bosselae/ripemd160.html + +config CRYPTO_RMD320 + tristate RIPEMD-320 digest algorithm + select CRYPTO_ALGAPI + help +RIPEMD-320 is an optional extension of RIPEMD-160 with a 320 bit hash. +It is intended for applications that require longer hash-results, without +needing a larger security level (than RIPEMD-160). + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. See http://home.esat.kuleuven.be/~bosselae/ripemd160.html -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/3][CRYPTO] RIPEMD: add support for RIPEMD hash algorithms.
This patch adds support for RIPEMD-128 and RIPEMD-160 hash algorithms. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/Makefile |2 + crypto/rmd128.c | 343 + crypto/rmd160.c | 387 +++ include/crypto/ripemd.h | 26 +++ 4 files changed, 758 insertions(+), 0 deletions(-) create mode 100644 crypto/rmd128.c create mode 100644 crypto/rmd160.c create mode 100644 include/crypto/ripemd.h diff --git a/crypto/Makefile b/crypto/Makefile index ca02441..c21b455 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -27,6 +27,8 @@ obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o obj-$(CONFIG_CRYPTO_MD4) += md4.o obj-$(CONFIG_CRYPTO_MD5) += md5.o +obj-$(CONFIG_CRYPTO_RMD160) += rmd128.o +obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o diff --git a/crypto/rmd128.c b/crypto/rmd128.c new file mode 100644 index 000..8f5e3c8 --- /dev/null +++ b/crypto/rmd128.c @@ -0,0 +1,343 @@ +/* + * Cryptographic API. + * + * RIPEMD-128 - RACE Integrity Primitives Evaluation Message Digest. + * + * Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC + * + * Copyright (c) 2008 Adrian-Ken Rueegsegger rueegsegger (at) swiss-it.ch + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#include linux/init.h +#include linux/module.h +#include linux/mm.h +#include linux/crypto.h +#include linux/cryptohash.h +#include linux/types.h +#include crypto/ripemd.h +#include asm/byteorder.h + +struct rmd128_ctx { + u64 byte_count; + u32 state[4]; + u32 buffer[16]; +}; + +#define K1 0xUL +#define K2 0x5a827999UL +#define K3 0x6ed9eba1UL +#define K4 0x8f1bbcdcUL +#define KK1 0x50a28be6UL +#define KK2 0x5c4dd124UL +#define KK3 0x6d703ef3UL +#define KK4 0xUL + +#define F1(x, y, z) (x ^ y ^ z)/* XOR */ +#define F2(x, y, z) (z ^ (x (y ^ z)))/* x ? y : z */ +#define F3(x, y, z) ((x | ~y) ^ z) +#define F4(x, y, z) (y ^ (z (x ^ y)))/* z ? x : y */ + +#define ROUND(a, b, c, d, f, k, x, s) { \ + (a) += f((b), (c), (d)) + (x) + (k); \ + (a) = rol32((a), (s)); \ +} + +static void rmd128_transform(u32 *state, u32 const *in) +{ + u32 aa, bb, cc, dd, aaa, bbb, ccc, ddd; + + /* Initialize left lane */ + aa = state[0]; + bb = state[1]; + cc = state[2]; + dd = state[3]; + + /* Initialize right lane */ + aaa = state[0]; + bbb = state[1]; + ccc = state[2]; + ddd = state[3]; + + /* round 1: left lane */ + ROUND(aa, bb, cc, dd, F1, K1, in[0], 11); + ROUND(dd, aa, bb, cc, F1, K1, in[1], 14); + ROUND(cc, dd, aa, bb, F1, K1, in[2], 15); + ROUND(bb, cc, dd, aa, F1, K1, in[3], 12); + ROUND(aa, bb, cc, dd, F1, K1, in[4], 5); + ROUND(dd, aa, bb, cc, F1, K1, in[5], 8); + ROUND(cc, dd, aa, bb, F1, K1, in[6], 7); + ROUND(bb, cc, dd, aa, F1, K1, in[7], 9); + ROUND(aa, bb, cc, dd, F1, K1, in[8], 11); + ROUND(dd, aa, bb, cc, F1, K1, in[9], 13); + ROUND(cc, dd, aa, bb, F1, K1, in[10], 14); + ROUND(bb, cc, dd, aa, F1, K1, in[11], 15); + ROUND(aa, bb, cc, dd, F1, K1, in[12], 6); + ROUND(dd, aa, bb, cc, F1, K1, in[13], 7); + ROUND(cc, dd, aa, bb, F1, K1, in[14], 9); + ROUND(bb, cc, dd, aa, F1, K1, in[15], 8); + + /* round 2: left lane */ + ROUND(aa, bb, cc, dd, F2, K2, in[7], 7); + ROUND(dd, aa, bb, cc, F2, K2, in[4], 6); + ROUND(cc, dd, aa, bb, F2, K2, in[13], 8); + ROUND(bb, cc, dd, aa, F2, K2, in[1], 13); + ROUND(aa, bb, cc, dd, F2, K2, in[10], 11); + ROUND(dd, aa, bb, cc, F2, K2, in[6], 9); + ROUND(cc, dd, aa, bb, F2, K2, in[15], 7); + ROUND(bb, cc, dd, aa, F2, K2, in[3], 15); + ROUND(aa, bb, cc, dd, F2, K2, in[12], 7); + ROUND(dd, aa, bb, cc, F2, K2, in[0], 12); + ROUND(cc, dd, aa, bb, F2, K2, in[9], 15); + ROUND(bb, cc, dd, aa, F2, K2, in[5], 9); + ROUND(aa, bb, cc, dd, F2, K2, in[2], 11); + ROUND(dd, aa, bb, cc, F2, K2, in[14], 7); + ROUND(cc, dd, aa, bb, F2, K2, in[11], 13); + ROUND(bb, cc, dd, aa, F2, K2, in[8], 12); + + /* round 3: left lane */ + ROUND(aa, bb, cc, dd, F3, K3, in[3], 11); + ROUND(dd, aa, bb, cc, F3, K3, in[10], 13); + ROUND(cc, dd, aa, bb, F3, K3, in[14], 6); + ROUND(bb, cc, dd, aa, F3, K3, in[4], 7); + ROUND(aa, bb, cc, dd, F3, K3, in[9], 14); + ROUND(dd, aa, bb, cc, F3, K3, in[15], 9); + ROUND
[PATCH 3/3][CRYPTO] RIPEMD: add Kconfig entries for RIPEMD hash algorithms.
This patch adds Kconfig entries for RIPEMD-128 and RIPEMD-160. Signed-off-by: Adrian-Ken Rueegsegger [EMAIL PROTECTED] --- crypto/Kconfig | 26 ++ 1 files changed, 26 insertions(+), 0 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 864456c..cfc521a 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -241,6 +241,32 @@ config CRYPTO_MICHAEL_MIC should not be used for other purposes because of the weakness of the algorithm. +config CRYPTO_RMD128 + tristate RIPEMD-128 digest algorithm + select CRYPTO_ALGAPI + help +RIPEMD-128 (ISO/IEC 10118-3:2004). + +RIPEMD-128 is a 128-bit cryptographic hash function. It should only +to be used as a secure replacement for RIPEMD. For other use cases +RIPEMD-160 should be used. + +Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. +See http://home.esat.kuleuven.be/~bosselae/ripemd160.html + +config CRYPTO_RMD160 + tristate RIPEMD-160 digest algorithm + select CRYPTO_ALGAPI + help +RIPEMD-160 (ISO/IEC 10118-3:2004). + +RIPEMD-160 is a 160-bit cryptographic hash function. It is intended +to be used as a secure replacement for the 128-bit hash functions +MD4, MD5 and it's predecessor RIPEMD (not to be confused with RIPEMD-128). + +Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. +See http://home.esat.kuleuven.be/~bosselae/ripemd160.html + config CRYPTO_SHA1 tristate SHA1 digest algorithm select CRYPTO_ALGAPI -- 1.5.2.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/3][CRYPTO] RIPEMD: add support for RIPEMD hash algorithms.
These patches add RIPEMD-128/160 support to the cryptoapi. The first patch contains the actual implementation of the hash algorithms. It is based on the sample implementation by Antoon Bosselaers (ESAT-COSIC) found at: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html The second patch adds test vectors for both hash functions and their respective digests (HMAC) to tcrypt. The test vectors for the hash functions are taken from ISO/IEC 10118-3:2004 and the ones for HMAC from RFC2286. The third patch contains the Kconfig entries for both algorithms. -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html