On 11/11/2014 05:16 AM, Stephan Mueller wrote:
...
That is a good idea.
Herbert: I can prepare a patch that uses memzero_explicit. However, your
current tree does not yet implement that function as it was added to Linus'
tree after you pulled from it.
Yep, Ted took it [1] on top of the random
Hi Stephan,
On 11/11/2014 05:37 AM, Stephan Mueller wrote:
Zeroize the buffer holding the message digest calculated for the
consumer before the buffer is released by the hash AF_ALG interface
handler.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/algif_hash.c | 2 ++
1 file
Merge DES Cipher Block Chaining mode (CBC) and Triple DES Cipher Block
Chaining mode (CBC) algorithms from ablkcipher to givencrypt.
Signed-off-by: Catalin Vasile catalin.vas...@freescale.com
---
drivers/crypto/caam/caamalg.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff
Hi Vladimir, thanks for the review!
-Original Message-
From: Vladimir Zapolskiy [mailto:vladimir_zapols...@mentor.com]
Sent: 10 November 2014 15:10
To: James Hartley; herb...@gondor.apana.org.au; da...@davemloft.net;
grant.lik...@linaro.org; robh...@kernel.org;
On Mon, Nov 10, 2014 at 12:16:51PM -0600, Tom Lendacky wrote:
Hi Herbert,
Is the PCOMPRESS algorithm supposed to support asynchronous
implementations? In other words, are callers expected to handle the
-EINPROGRESS or -EAGAIN return codes that can be returned by an
asynchronous
Hi James,
On 11.11.2014 16:59, James Hartley wrote:
Hi Vladimir, thanks for the review!
-Original Message-
From: Vladimir Zapolskiy [mailto:vladimir_zapols...@mentor.com]
Sent: 10 November 2014 15:10
To: James Hartley; herb...@gondor.apana.org.au; da...@davemloft.net;
Hi Vladimir
-Original Message-
From: linux-crypto-ow...@vger.kernel.org [mailto:linux-crypto-
ow...@vger.kernel.org] On Behalf Of Vladimir Zapolskiy
Sent: 11 November 2014 15:12
To: James Hartley; grant.lik...@linaro.org; robh...@kernel.org;
a...@linux-foundation.org
Cc:
Hi, Herbert:
I've figured out a new patch for this issue reported by me previously,
the basic idea is adding a cryptd_flush_queue function fixing it by
being called from softirq to flush all previous queued elements before
processing a new one, and it works very well so far per my test,
On Tue, Nov 11, 2014 at 08:04:03PM +0200, Nicolae Rosia wrote:
On Fri, May 30, 2014 at 4:41 PM, Herbert Xu herb...@gondor.apana.org.au
wrote:
[...]
This is because the user is supposed to back off once they get
EBUSY, until they're notified once the backlog entry is popped
off (but not
The API function calls exported by the kernel crypto API for AEAD
ciphers to be used by consumers are documented.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/linux/crypto.h | 251 +
1 file changed, 251 insertions(+)
diff --git
Add the crypto API documentation into the DocBook Makefile to allow it
being compiled
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
Documentation/DocBook/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/DocBook/Makefile
The hash data structures needed to be filled in by cipher developers are
documented.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/crypto/hash.h | 95 +++
1 file changed, 95 insertions(+)
diff --git a/include/crypto/hash.h
The API function calls exported by the kernel crypto API for AHASHes
to be used by consumers are documented.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/crypto/hash.h | 228 ++
1 file changed, 228 insertions(+)
diff --git
The API function calls exported by the kernel crypto API for SHASHes
to be used by consumers are documented.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/crypto/hash.h | 164 ++
1 file changed, 164 insertions(+)
diff --git
Hi,
The following patch set adds documentation files under Documentation/crypto/
covering the high-level description of the API. In addition, it contains
source code comments added to the header files of the kernel crypto API
documenting the API functions.
The documentation is provided in a
The design of the kernel crypto API as well as hints to program with
the kernel crypto API are given.
The documentation contains:
* design aspects of crypto API
* develper specific hints
* references to the API function description
* source code examples
CC: Marek Vasut ma...@denx.de
The data structure of struct crypto_alg together with various other
data structures needed by cipher developers is documented wit all
parameters that can be set by a developer of a transformation. All
parameters that are internal to the crypto API are marked as such.
Signed-off-by: Stephan
The API function calls exported by the kernel crypto API for RNGs to
be used by consumers are documented.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/crypto/rng.h | 80
1 file changed, 80 insertions(+)
diff --git
The userspace interface of the kernel crypto API is documented with
* a general explanation
* a discussion of the memory in-place operation
* the description of the message digest API
* the description of the symmetric cipher API
The documentation refers to libkcapi as a working example on
The API function calls exported by the kernel crypto API for
signle block ciphers to be used by consumers are documented.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/linux/crypto.h | 89 ++
1 file changed, 89 insertions(+)
diff
The API function calls exported by the kernel crypto API for
asynchronous block ciphers to be used by consumers are documented.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/linux/crypto.h | 206 +
1 file changed, 206 insertions(+)
The API function calls exported by the kernel crypto API for
synchronous block ciphers to be used by consumers are documented.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
include/linux/crypto.h | 188 +
1 file changed, 188 insertions(+)
So far, the encryption/decryption are asynchronously processed in
softirq and cryptd which would result in a implicit order of data,
therefore leads IPSec stack also out of order while encapsulating
or decapsulating packets.
Consider the following scenario:
DECRYPTION INBOUND
The current AF_ALG implementation requires that a userspace interface
implementation must provide a callback for setkey. Such a call is not
appliable to random number generators.
To prepare AF_ALG for the addition of a random number generator user
space interface, this function callback
AEAD requires the following data in addition to normal symmetric
ciphers:
* Associated authentication data of arbitrary length
* Authentication tag for decryption
* Length of authentication tag for encryption
The authentication tag data is communicated as part of the
Hi,
This patch set adds AEAD and RNG support to the AF_ALG interface
exported by the kernel crypto API. By extending AF_ALG with AEAD and RNG
support, all cipher types the kernel crypto API allows access to are
now accessible from userspace.
The RNG support is stand-alone.
The AEAD
The data structure holding the state of an ongoing symmetric cipher
operation is extended by the data variables needed for AEAD.
The request data structures are encapsulated by a union as the symmetric
cipher implementation is either exclusively used for normal symmetric
ciphers or for AEAD
The AF_ALG interface allows normal cipher (hash, encrypt, decrypt).
However, it does not allow user space to obtain the following generic
information about the currently active cipher:
* block size of the cipher
* IV size of the cipher
* for AEAD, the maximum
This patch adds the random number generator support for AF_ALG.
A random number generator's purpose is to generate data without
requiring the caller to provide any data. Therefore, the AF_ALG
interface handler for RNGs only implements a callback handler for
recvmsg.
The following parameters
This patch adds the AEAD support for AF_ALG.
The AEAD implementation uses the entire memory handling and
infrastructure of the existing skcipher implementation.
To use AEAD, the user space consumer has to use the salg_type named
aead. The AEAD extension only uses the bind callback as the key
To avoid excessive branches and cluttering the code, all kernel crypto
API calls are extracted into separate inline functions. These functions
invoke either the ablkcipher or the aead crypto API function calls, as
necessary.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
Enable compilation of the RNG AF_ALG support and provide a Kconfig
option to compile the RNG AF_ALG support.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/Kconfig | 9 +
crypto/Makefile | 1 +
2 files changed, 10 insertions(+)
diff --git a/crypto/Kconfig
32 matches
Mail list logo