Re: Limited usefulness of RSA set key function

Am Sonntag, 2. August 2015, 21:16:47 schrieb Marcel Holtmann: Hi Marcel, Hi Tadeusz, I have been working with the AF_ALG patches for akcipher lately and I find the RSA set key function way too limited. Especially the fact that it uses a format that I can not find a single reference / standard

Re: Proposal for adding setpubkey callback to akcipher_alg

Am Montag, 3. August 2015, 00:03:03 schrieb Marcel Holtmann: Hi Marcel, Hi Stephan, I think we need to split the akcipher_alg setkey callback into a setkey and setpubkey. diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h index 69d163e39101..ca93952b6d19 100644

Re: [PATCH] crypto: doc - make URL into hyperlink

Am Donnerstag, 6. August 2015, 14:49:00 schrieb Brian Norris: Hi Brian, The HTML output works a little nicer that way. Signed-off-by: Brian Norris computersforpe...@gmail.com Thank you. Ciao Stephan -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a

Re: [PATCH 1/2] crypto: KEYS: convert public key to the akcipher API

Am Mittwoch, 12. August 2015, 20:54:39 schrieb Tadeusz Struk: Hi Tadeusz, @@ -41,7 +41,7 @@ struct pkcs7_parse_context { static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo) { if (sinfo) { - mpi_free(sinfo-sig.mpi[0]); + kfree(sinfo-sig.s);

Re: [PATCH 2/3] crypto: algif_akcipher user space interface

Am Mittwoch, 22. Juli 2015, 09:01:15 schrieb Tadeusz Struk: Hi Tadeusz, On 07/21/2015 03:13 PM, Stephan Mueller wrote: +static ssize_t akcipher_sendpage(struct socket *sock, struct page *page, +int offset, size_t size, int flags) +{ + struct sock *sk = sock

DocBook update: skip the akcipher for now?

Hi Herbert, Tadeusz, I am just developing patches to the kernel crypto API DocBook. Thanks to Tadeusz, the API calls are nicely documented. There are only a very minor tidbits I want to add. What is missing is the link from the DocBook to the akcipher API. I would like to prepare the patch,

Re: [PATCH 0/3] AF_ALG interface for akcipher

Am Mittwoch, 22. Juli 2015, 09:32:41 schrieb Herbert Xu: Hi Herbert, I think we should finish the conversion of the only in-kernel user of RSA before we add the user-space interface. Otherwise this unnecessarily ties our hands to the current API. Agreed. After my question around the SGL

[PATCH 2/3] crypto: algif_akcipher user space interface

of the modulus. The buffer size has an absolute limit of PAGE_SIZE to catch errors in an underlying asym cipher implementation. CC: Tadeusz Struk tadeusz.st...@intel.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- crypto/algif_akcipher.c | 480

[PATCH 0/3] AF_ALG interface for akcipher

]. The test code uses the same vectors as the testmgr.h file for testing the generic RSA implementation. [1] http://www.chronox.de/libkcapi.html Stephan Mueller (3): crypto: af_alg - add sig gen / verify API crypto: algif_akcipher user space interface crypto: algif_akcipher - enable compilation

[PATCH 1/3] crypto: af_alg - add sig gen / verify API

...@intel.com Signed-off-by: Stephan Mueller smuel...@chronox.de --- include/uapi/linux/if_alg.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/uapi/linux/if_alg.h b/include/uapi/linux/if_alg.h index f2acd2f..d81dcca 100644 --- a/include/uapi/linux/if_alg.h +++ b/include/uapi/linux/if_alg.h

Re: [PATCH 2/3] crypto: algif_akcipher user space interface

Am Mittwoch, 22. Juli 2015, 15:04:37 schrieb Tadeusz Struk: Hi Tadeusz, On 07/22/2015 11:55 AM, Stephan Mueller wrote: I concur with you. But we have only two options: - either use SGLs which the current akcipher API does not do - or do a memcpy of the sendpage data

Re: [PATCH] jent: use safe format string parameters

keesc...@chromium.org Thanks. Acked-by: Stephan Mueller smuel...@chronox.de --- crypto/jitterentropy-kcapi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c index b32d834144cd..ceea83d13168 100644 --- a/crypto

Re: [PATCH 0/14] crypto: aead - Phase oute seqniv

Am Montag, 13. Juli 2015, 17:13:49 schrieb Herbert Xu: Hi Herbert, On Mon, Jul 13, 2015 at 11:09:34AM +0200, Stephan Mueller wrote: That code now works with rfc4106(gcm(aes)). But using that code now fails with the regular GCM implementation as well as CCM. The regular GCM implementation

Re: [PATCH 0/14] crypto: aead - Phase oute seqniv

Am Samstag, 11. Juli 2015, 10:39:18 schrieb Herbert Xu: Hi Herbert, Weird. The C version does the very same check: static int crypto_rfc4106_decrypt(struct aead_request *req) { if (req-assoclen != 16 req-assoclen != 20) return -EINVAL; I rechecked my test code: I

Re: kernel tainted while exporting shash context using af_alg interface

Am Sonntag, 25. Oktober 2015, 11:56:27 schrieb Harsh Jain: Hi Harsh, >Hi, > > >When trying to calculate HMAC(SHA1) with openssl using af-alg engine >kernel crashes.Find below the command used and kernel. I have added >some debug print in logs. > >Command used : ./openssl dgst -engine af_alg

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Dienstag, 27. Oktober 2015, 18:19:01 schrieb David Woodhouse: Hi David, > >That's largely orthogonal to the point Marcel was making. > >The point is that akcipher is limited to using keys for which we have >the private key material available directly in software. We cannot Agreed. >expose

Re: kernel tainted while exporting shash context using af_alg interface

pts. > > >Regards >Harsh Jain > >On Wed, Oct 28, 2015 at 6:25 AM, Stephan Mueller <smuel...@chronox.de> wrote: >> Am Mittwoch, 28. Oktober 2015, 01:09:58 schrieb Stephan Mueller: >> >> Hi Harsh, >> >>> However, any error in user space should no

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Mittwoch, 28. Oktober 2015, 08:15:16 schrieb David Woodhouse: Hi David, > >Absolutely. The interface needs to support *both*. > >I've spent a lot of time chasing through userspace stacks, fixing >broken assumptions that we will *always* have the actual key material >in a file — and making

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Mittwoch, 28. Oktober 2015, 08:43:16 schrieb David Woodhouse: Hi David, > > Albeit that all sounds like the crown jewel, how do you propose that shall > > happen? > > > > Assume that you have a web server that has a pub and priv key in its > > current configuration -- I guess that is the

Re: kernel tainted while exporting shash context using af_alg interface

Am Mittwoch, 28. Oktober 2015, 01:09:58 schrieb Stephan Mueller: Hi Harsh, > > > However, any error in user space should not crash the kernel. So, a fix > should be done. But I think your code is not correct as it solidifies a > broken user space code. After thinking a bit agai

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Mittwoch, 28. Oktober 2015, 09:37:02 schrieb David Woodhouse: Hi David, > On Wed, 2015-10-28 at 00:47 +0100, Stephan Mueller wrote: > > Ohh, I see. So, you are saying that there should not be a setpub/privkey > > for the akcipher AF_ALG interface?! > > > > If som

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Mittwoch, 28. Oktober 2015, 09:46:51 schrieb Marcel Holtmann: Hi Marcel, > So if a server has public/private key pair, then the first thing that should > the server do is load this key pair into the kernel and retrieve a key > serial for it. And then use this key id to derive the session key.

Re: kernel tainted while exporting shash context using af_alg interface

Am Montag, 26. Oktober 2015, 14:51:01 schrieb Harsh Jain: Hi Harsh, > Hi Stephan, > > I tried 1 more patch. This time result is correct. Find attached patch > file. Is there any side effect of this patch. The strace is enlightening. The user space code does an accept on an already accepted FD

Re: [PATCH 5/5] crypto: AES CBC multi-buffer glue code

Am Mittwoch, 28. Oktober 2015, 14:19:29 schrieb Tim Chen: Hi Tim, >+ >+ /* check for dependent cpu features */ >+ if (!cpu_has_aes) { >+ pr_err("aes_cbc_mb_mod_init: no aes support\n"); >+ err = -ENODEV; >+ goto err1; >+ } In your post 0/5,

Re: [PATCH 4/4] crypto: RSA padding algorithm

Am Mittwoch, 11. November 2015, 01:58:45 schrieb Andrew Zaborowski: Hi Andrew, >This patch adds PKCS#1 v1.5 standard RSA padding as a separate template. >This way an RSA cipher with padding can be obtained by instantiating >"pkcs1pad(rsa)". The reason for adding this is that RSA is almost

Re: [RESEND PATCH 1/4] Crypto: Crypto driver support aes/des/des3 for rk3288

Am Freitag, 30. Oktober 2015, 16:22:46 schrieb Zain Wang: Hi Zain, >Crypto driver support cbc/ecb two chainmode, and aes/des/des3 three cipher >mode. The names registered are: >ecb(aes) cbc(aes) ecb(des) cbc(des) ecb(des3_ede) cbc(des3_ede) >You can alloc tags above in your case. > >And

Re: [PATCH v2 3/5] crypto: AF_ALG -- add setpubkey setsockopt call

Am Freitag, 30. Oktober 2015, 17:16:47 schrieb Marcel Holtmann: Hi Marcel, >Hi Stephan, > >> For supporting asymmetric ciphers, user space must be able to set the >> public key. The patch adds a new setsockopt call for setting the public >> key. >> >> S

Re: [PATCH v2] crypto: algif_hash - Only export and import on sockets with data

Am Sonntag, 1. November 2015, 17:11:19 schrieb Herbert Xu: Hi Herbert, > On Sat, Oct 31, 2015 at 12:45:47AM +0100, Stephan Mueller wrote: > > Testing complete: patch solves the oops and allows to successfully perform > > HMAC even when having subsequent accepts and operating on t

Re: [PATCH v2] crypto: algif_hash - Only export and import on sockets with data

Am Sonntag, 1. November 2015, 17:11:19 schrieb Herbert Xu: Hi Herbert, > On Sat, Oct 31, 2015 at 12:45:47AM +0100, Stephan Mueller wrote: > > Testing complete: patch solves the oops and allows to successfully perform > > HMAC even when having subsequent accepts and operating on t

Re: crypto: algif_hash - Only export and import on sockets with data

Am Freitag, 30. Oktober 2015, 20:16:51 schrieb Herbert Xu: Hi Herbert, > > setkey should be needed as the subsequent accept will all be based > on the same parent fd, meaning that they will all use a single tfm. > > Please try the following patch. Testing complete: patch solves the oops and

Re: kernel tainted while exporting shash context using af_alg interface

ted to patch is >do I need to set "ctx->more" =1 after initialisation. > >Correct me If I am wrong. > > >Thanks for your support. > > >regards >Harsh Jain > >On Wed, Oct 28, 2015 at 4:53 PM, Stephan Mueller <smuel...@chronox.de> wrote: >> Am Mi

[PATCH] Documentation: crypto - add akcipher API

Reference the new akcipher API calls in the kernel crypto API DocBook. Also, fix the comments in the akcipher.h file: double dashes do not look good in the DocBook and fix a typo. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- Documentation/DocBook/crypto-API.tmp

[PATCH v2 5/5] crypto: algif_akcipher - enable compilation

Add the Makefile and Kconfig updates to allow algif_akcipher to be compiled. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/Kconfig | 9 + crypto/Makefile | 1 + 2 files changed, 10 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index fc93444..a

[PATCH v2 4/5] crypto: AF_ALG -- add asymmetric cipher interface

This patch adds the user space interface for asymmetric ciphers. The interface allows the use of sendmsg as well as vmsplice to provide data. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/algif_akcipher.c | 542 1 file c

[PATCH v2 2/5] crypto: AF_ALG -- add sign/verify API

Add the flags for handling signature generation and signature verification. Also, the patch adds the interface for setting a public key. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- include/uapi/linux/if_alg.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/uapi

[PATCH v2 0/5] crypto: add algif_akcipher user space API

updated SGL-based akcipher API * allow mix-n-match of sendmsg and vmsplice calls [1] http://www.chronox.de/libkcapi.html Stephan Mueller (5): MPI: fix off by one in mpi_read_raw_from_sgl crypto: AF_ALG -- add sign/verify API crypto: AF_ALG -- add setpubkey setsockopt call crypto: AF_ALG

[PATCH v2 3/5] crypto: AF_ALG -- add setpubkey setsockopt call

For supporting asymmetric ciphers, user space must be able to set the public key. The patch adds a new setsockopt call for setting the public key. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/af_alg.c | 14 +++--- include/crypto/if_alg.h | 1 + 2 files c

[PATCH v2 1/5] MPI: fix off by one in mpi_read_raw_from_sgl

The patch fixes the analysis of the input data which contains an off by one. The issue is visible when the SGL contains one byte per SG entry. The code for checking for zero bytes does not operate on the data byte. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- lib/mpi/mpicoder

Re: [PATCH v2 0/5] crypto: add algif_akcipher user space API

Am Montag, 19. Oktober 2015, 09:32:30 schrieb Herbert Xu: Hi Herbert, > On Sun, Oct 18, 2015 at 12:44:00PM +0200, Stephan Mueller wrote: > > Hi, > > > > This patch set adds the AF_ALG user space API to externalize the > > asymmetric cipher API recently add

Re: [PATCH v4 3/3] crypto: keywrap - add testmgr support

Am Donnerstag, 15. Oktober 2015, 15:17:12 schrieb Herbert Xu: Hi Herbert, > On Thu, Oct 15, 2015 at 09:13:55AM +0200, Stephan Mueller wrote: > > Note, I had to convert akcipher to skcipher -- thus, I guess you want to > > take the newer patch and once you get back to Boris' orig

Re: [PATCH v4 3/3] crypto: keywrap - add testmgr support

Am Donnerstag, 15. Oktober 2015, 15:11:50 schrieb Herbert Xu: Hi Herbert, > On Thu, Oct 15, 2015 at 09:07:40AM +0200, Stephan Mueller wrote: > > The testmanager code for symmetric ciphers is extended to allow > > verification of the IV after a cipher operation. > > > >

[PATCH v4 1/3] crypto: add key wrapping block chaining mode

the initialization to fail. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/keywrap.c | 419 +++ 1 file changed, 419 insertions(+) create mode 100644 crypto/keywrap.c diff --git a/crypto/keywrap.c b/crypto/keywrap.c new file mode 100644

[PATCH v4 3/3] crypto: keywrap - add testmgr support

The testmanager code for symmetric ciphers is extended to allow verification of the IV after a cipher operation. In addition, test vectors for kw(aes) for encryption and decryption are added. Signed-off-by: Boris Brezillon <boris.brezil...@free-electrons.com> Signed-off-by: Stephan M

[PATCH v4 2/3] crypto: keywrap - enable compilation

Hook keywrap source code into Kconfig and Makefile Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/Kconfig | 7 +++ crypto/Makefile | 1 + 2 files changed, 8 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index fc93444..7240821 100644 --- a/crypto/Kconfig

[PATCH v4 0/3] SP800-38F / RFC3394 key wrapping

t for user provided IV to initialize encrypt or for performing the verify step during decrypt. Stephan Mueller (3): crypto: add key wrapping block chaining mode crypto: keywrap - enable compilation crypto: keywrap - add testmgr support crypto/Kconfig | 7 + crypto/Makefile | 1 + crypto

Re: [PATCH v3 3/3] crypto: keywrap - add testmgr support

Am Donnerstag, 15. Oktober 2015, 08:58:33 schrieb Herbert Xu: Hi Herbert, > On Wed, Oct 14, 2015 at 08:44:53PM +0200, Stephan Mueller wrote: > > Did you apply the depending patch referenced in the beginning? > > > > https://lkml.org/lkml/2015/6/16/342 > > > >

Re: [PATCH 5/8] crypto: akcipher: fix typos in include/crypto/akcipher.h

Am Dienstag, 20. Oktober 2015, 09:34:01 schrieb LABBE Corentin: Hi LABBE, >Fix numerous spelling error in include/crypto/akcipher.h > >Signed-off-by: LABBE Corentin >--- > include/crypto/akcipher.h | 14 +++--- > 1 file changed, 7 insertions(+), 7 deletions(-)

akcipher: continuous memory for input/output

Hi Herbert, Tadeusz, I looked a bit further into the akcipher code to see how we can add an AF_ALG there. What currently wonders me is the akcipher_request_set_crypt function: the memory for input/output buffers is *no* scatter list but a plain buffer. I think I can understand that for raw

Re: akcipher: continuous memory for input/output

Am Mittwoch, 8. Juli 2015, 23:29:32 schrieb Herbert Xu: Hi Herbert, On Wed, Jul 08, 2015 at 05:27:15PM +0200, Stephan Mueller wrote: But according to Tadeusz it may be viable to register hybrid asym ciphers with the akcipher API. If there is a full blown hybrid asym cipher we have to handle

Re: [PATCH 12/14] crypto: nx - Use new IV convention

Am Donnerstag, 9. Juli 2015, 14:56:15 schrieb Herbert Xu: Hi Herbert, On Thu, Jul 09, 2015 at 08:19:45AM +0200, Stephan Mueller wrote: Am Donnerstag, 9. Juli 2015, 07:17:31 schrieb Herbert Xu: Hi Herbert, This patch converts rfc4106 to the new calling convention where the IV is now part

Re: [PATCH 12/14] crypto: nx - Use new IV convention

Am Donnerstag, 9. Juli 2015, 07:17:31 schrieb Herbert Xu: Hi Herbert, This patch converts rfc4106 to the new calling convention where the IV is now part of the AD and needs to be skipped. This patch also makes use of type-safe AEAD functions where possible. Signed-off-by: Herbert Xu

Re: [PATCH 9/14] crypto: tcrypt - Add support for new IV convention

Am Donnerstag, 9. Juli 2015, 07:17:26 schrieb Herbert Xu: Hi Herbert, This patch allows the AEAD speed tests to cope with the new seqiv calling convention as well as the old one. Signed-off-by: Herbert Xu herb...@gondor.apana.org.au Using your crypto-2.6 tree, this patch fails to apply (and

Re: [PATCH 0/14] crypto: aead - Phase oute seqniv

Am Donnerstag, 9. Juli 2015, 12:19:53 schrieb Stephan Mueller: Hi, Am Donnerstag, 9. Juli 2015, 07:13:30 schrieb Herbert Xu: Hi Herbert, Hi: This series attempts to phase out the recently introduced seqniv generator. The reason is that the logic of seqniv should not be implemented

Re: [PATCH 0/14] crypto: aead - Phase oute seqniv

Am Donnerstag, 9. Juli 2015, 07:13:30 schrieb Herbert Xu: Hi Herbert, Hi: This series attempts to phase out the recently introduced seqniv generator. The reason is that the logic of seqniv should not be implemented at the IV generator layer. Having the IV skipping logic in seqniv means that

Re: [PATCH 0/14] crypto: aead - Phase oute seqniv

Am Freitag, 10. Juli 2015, 21:39:22 schrieb Herbert Xu: Hi Herbert, On Thu, Jul 09, 2015 at 01:38:07PM +0200, Stephan Mueller wrote: Actually, I found a problem that I have overlooked initally: rfc4106-gcm-aesni causes a problem. For encryption/decryption with the same tests for other rfc4106

Re: [PATCH 0/14] crypto: aead - Phase oute seqniv

Am Freitag, 10. Juli 2015, 21:38:02 schrieb Herbert Xu: Hi Herbert, On Thu, Jul 09, 2015 at 12:19:53PM +0200, Stephan Mueller wrote: All GCM implementations available on recent Intel systems successfully tested (i.e NX and CAAM not tested). Just to clarify: from a caller's perspective

Re: [PATCH 1/4] lib/mpi: only require buffers as big as needed for the integer

Am Freitag, 13. November 2015, 12:01:32 schrieb Andrew Zaborowski: Hi Andrew, >Since mpi_write_to_sgl and mpi_read_buffer explicitly left-align the >integers being written it makes no sense to require a buffer big enough for >the number + the leading zero bytes which are not written. The error

Re: [PATCH] crypto: Fix ASN.1 key handling for RSA akcipher

Am Freitag, 28. August 2015, 07:28:58 schrieb Marcel Holtmann: Hi Marcel, The RSA algorithm provides two ASN.1 key types. One for RSA Private Key and another for RSA Public Key. Use these two already defined ASN.1 definitions instead of inventing a new one. Signed-off-by: Marcel Holtmann

akcipher API: plans

Hi Herbert, Tadeusz, in various emails, I think I have seen several concerns or change requests regarding the akcipher API. As all of those apply to the AF_ALG interface for akcipher too (which I try to get straight), I would like to ask for potential plans of the discussed areas if there are

USB HID devices not linked to RNG

Hi, While analyzing the entropy sources for the random number generator in drivers/char/random.c, I saw that a USB mouse and a USB keyboard does trigger the add_input_randomness function to be triggered. Is that intended? -- Ciao Stephan -- To unsubscribe from this list: send the line

Re: USB HID devices not linked to RNG

Am Montag, 7. September 2015, 02:10:16 schrieb Stephan Mueller: Hi Stephan, > Hi, > > While analyzing the entropy sources for the random number generator in > drivers/char/random.c, I saw that a USB mouse and a USB keyboard does > trigger the add_input_randomness function to b

Re: [RFC PATCH] crypto: RSA padding transform

Am Sonntag, 6. September 2015, 16:33:26 schrieb Andrzej Zaborowski: Hi Andrzej, >>> + for (pos = 2; pos < child_req->dst_len; pos++) >>> + if (dst[pos] == 0x00) >>> + break; >> >> What happens if the padding has a 0x00 in its pseudo random data? > >The pseudo

Re: [RFC PATCH] crypto: RSA padding transform

Am Montag, 7. September 2015, 07:11:24 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/06/2015 01:34 AM, Stephan Mueller wrote: >>> +static int pkcs1pad_setkey(struct crypto_akcipher *tfm, const void *key, >>> >>> > + unsigned int keylen) >> >>

Re: [RFC PATCH] crypto: RSA padding transform

Am Montag, 7. September 2015, 16:42:42 schrieb Andrzej Zaborowski: Hi Andrzej, > >Specifically I use 1 + prandom_u32_max(255) which should give me >numbers > 0 although it can't be perfectly uniform. Oh, now I see. Thanks for the clarification. And yes, per definition the values cannot be

Re: [RFC PATCH] crypto: RSA padding transform

Am Montag, 7. September 2015, 07:31:56 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/06/2015 07:33 AM, Andrzej Zaborowski wrote: >> Probably yes, I also read about the decision to use iov buffers, this >> will have a bigger effect on code. > >The more I think about the sgl support the more it looks

Re: [PATCH 1/2] crypto: testmgr: test IV value after a cipher operation

Am Dienstag, 16. Juni 2015, 11:46:46 schrieb Boris Brezillon: Hi Herbert, >The crypto drivers are supposed to update the IV passed to the crypto >request before calling the completion callback. >Test for the IV value before considering the test as successful. May I ask whether there is anything

testmgr: templates not tested

Hi Herbert, while playing with the testmgr in FIPS mode, I see that ciphers with a template are not tested even though test vectors exist. For example, when allocating cbc(aes-generic) I see records of aes-generic (aes) being tested, but I do not see a record of cbc(aes). Is it intended that

Re: testmgr: templates not tested

Am Donnerstag, 3. September 2015, 15:45:39 schrieb Herbert Xu: Hi Herbert, > It's the same bug as gcm. cbc should use the underlying cra_name > in its cra_name. I see. But then it seems to be a pervasive bug as xts suffers from the same issue too. Would you please be so kind and give me a

Re: [RFC PATCH] crypto: RSA padding transform

Am Sonntag, 6. September 2015, 01:00:29 schrieb Andrew Zaborowski: Hi Andrew, Tadeusz, > This patch adds PKCS#1 v1.5 standard RSA padding as a separate template. > This way an RSA cipher with padding can be obtained by instantiating > "pkcs1pad(rsa-generic)". The reason for adding this is that

Re: USB HID devices not linked to RNG

Am Montag, 7. September 2015, 15:07:47 schrieb Mike Mestnik: Hi Mike, >This is just an off the wall guess. Wouldn't such entropy already be >collected at a lower level, like raw usb traffic? The RNG collects data from interrupts (that also covers normal PS/2 mice and keyboards), block devices

Re: USB HID devices not linked to RNG

Am Dienstag, 8. September 2015, 22:40:07 schrieb Dmitry Torokhov: Hi Dmitry, > >All input devices add randomness, however I think for mouse >add_input_randomness() will drop majority of events since they are >likely have the same value (well, depends on which direction you are >moving the

Re: [PATCH 4/8] crypto: akcipher - Changes to asymmetric key API

Am Mittwoch, 9. September 2015, 09:15:20 schrieb Tadeusz Struk: Hi Tadeusz, >Setkey function has been split into set_priv_key and set_pub_key. >Akcipher requests takes sgl for src and dst instead of void *. >Users of the API need to be disabled so that the build works fine >after this patch.

Re: [PATCH 3/4] crypto: [sha] glue code for Intel SHA extensions optimized SHA1 & SHA256

Am Donnerstag, 10. September 2015, 15:27:20 schrieb Tim Chen: Hi Tim, >This patch adds the glue code to detect and utilize the Intel SHA >extensions optimized SHA1 and SHA256 update transforms when available. > >This code has been tested on Broxton for functionality. A general comment on this

Re: [PATCH 3/4] crypto: [sha] glue code for Intel SHA extensions optimized SHA1 & SHA256

Am Donnerstag, 10. September 2015, 17:04:31 schrieb Tim Chen: Hi Tim, > >Is there a scenario you can think of >when a lower performing sha1 transform needs to >be exposed as a separate driver? My immediate concern is testing: it is hard to test the individual implementations. > >Otherwise the

Re: [PATCH 3/4] crypto: [sha] glue code for Intel SHA extensions optimized SHA1 & SHA256

Am Freitag, 11. September 2015, 11:49:32 schrieb Tim Chen: Hi Tim, >On Fri, 2015-09-11 at 19:02 +0200, Stephan Mueller wrote: >> Am Donnerstag, 10. September 2015, 17:04:31 schrieb Tim Chen: >> >> Hi Tim, >> >> >Is there a scenario you can think of >&g

Re: [PATCH 4/8] crypto: akcipher - Changes to asymmetric key API

Am Mittwoch, 9. September 2015, 20:53:23 schrieb Andrzej Zaborowski: Hi Andrzej, > >Also a question regarding .get_len: for RSA with padding the minimum >dest buffer length depends on the input. What is that call supposed >to return in that case? I would guess that the destination buffer

Re: [PATCH 5/8] lib/scatterlist: Add sg_len helper

Am Mittwoch, 9. September 2015, 09:51:40 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/09/2015 09:49 AM, Stephan Mueller wrote: >>>> >> But, shouldn't there be an overflow check? Maybe not here, but in the >>>> >> cases >>>> >> where the

Re: [PATCH 5/8] lib/scatterlist: Add sg_len helper

Am Mittwoch, 9. September 2015, 10:02:17 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/09/2015 09:56 AM, Stephan Mueller wrote: >>>> But in the rsa.c enc/dec/verify/sign functions, there should be such >>>> check, >>>> >>>> >> I would gue

Re: [PATCH 6/8] crypto: rsa - update accoring to akcipher API changes

Am Mittwoch, 9. September 2015, 09:15:32 schrieb Tadeusz Struk: Hi Tadeusz, >Rsa updates to reflect the API changes. > >Signed-off-by: Tadeusz Struk >--- > crypto/Makefile | 12 ++- > crypto/rsa.c | 188

Re: [PATCH 5/8] lib/scatterlist: Add sg_len helper

Am Mittwoch, 9. September 2015, 09:31:00 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/09/2015 09:27 AM, Stephan Mueller wrote: >>> +int sg_len(struct scatterlist *sg) >> >> unsigned int? > >No, because it can return -EINVAL if you call it before you set th

Re: [PATCH 5/8] lib/scatterlist: Add sg_len helper

Am Mittwoch, 9. September 2015, 10:16:16 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/09/2015 10:05 AM, Stephan Mueller wrote: >>> Yes, sorry, you are right. sg_len() will only return positive numbers or >>> >>> >zero. rsa.c checks it in all four operations: >&

Re: [PATCH 5/8] lib/scatterlist: Add sg_len helper

Am Mittwoch, 9. September 2015, 09:46:36 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/09/2015 09:39 AM, Stephan Mueller wrote: >>> No, because it can return -EINVAL if you call it before you set the key. >> >> I see. >> >> But, shouldn't there

Re: [PATCH 5/8] lib/scatterlist: Add sg_len helper

Am Mittwoch, 9. September 2015, 09:31:00 schrieb Tadeusz Struk: Hi Tadeusz, >On 09/09/2015 09:27 AM, Stephan Mueller wrote: >>> +int sg_len(struct scatterlist *sg) >> >> unsigned int? > >No, because it can return -EINVAL if you call it before you set the key. J

Re: [PATCH 1/1] Disable fips-allowed for non-FIPS authenc ciphers

Am Donnerstag, 24. September 2015, 17:02:03 schrieb John Haxby: Hi John, >Tests that contain non-FIPS ciphers and hashes cannot themselves be >.fips-allowed because they will necessarily fail. > >Signed-off-by: John Haxby This is a good finding. In fact, all authenc()

Re: [PATCH v2 1/2] lib/scatterlist: Add sg_len helper

Am Montag, 21. September 2015, 16:44:14 schrieb Tadeusz Struk: Hi Tadeusz, >Add sg_len function which returns the total number of bytes in sg. > >Signed-off-by: Tadeusz Struk >--- > include/linux/scatterlist.h |1 + > lib/scatterlist.c | 18

[PATCH v3 0/3] SP800-38F / RFC3394 key wrapping

ze encrypt or for performing the verify step during decrypt. Stephan Mueller (3): crypto: add key wrapping block chaining mode crypto: keywrap - enable compilation crypto: keywrap - add testmgr support crypto/Kconfig | 7 + crypto/Makefile | 1 + crypto/keywr

[PATCH v3 2/3] crypto: keywrap - enable compilation

Hook keywrap source code into Kconfig and Makefile Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/Kconfig | 7 +++ crypto/Makefile | 1 + 2 files changed, 8 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index fc93444..7240821 100644 --- a/crypto/Kconfig

[PATCH v3 3/3] crypto: keywrap - add testmgr support

The testmanager code for symmetric ciphers is extended to allow verification of the IV after a cipher operation. In addition, test vectors for kw(aes) for encryption and decryption are added. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/testmgr.c | 16

[PATCH v3 1/3] crypto: add key wrapping block chaining mode

the initialization to fail. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/keywrap.c | 419 +++ 1 file changed, 419 insertions(+) create mode 100644 crypto/keywrap.c diff --git a/crypto/keywrap.c b/crypto/keywrap.c new file mode 100644

Re: [PATCHv2 1/1] Disable fips-allowed for authenc() and des() ciphers

Am Donnerstag, 24. September 2015, 18:24:35 schrieb John Haxby: Hi John, >No authenc() ciphers are FIPS approved, nor is ecb(des). >After the end of 2015, ansi_cprng will also be non-approved. > >Signed-off-by: John Haxby <john.ha...@oracle.com> Acked-by: Stephan Mueller &l

Re: [RFC PATCH] Crypto: rockchip/crypto - add hash support for crypto engine in rk3288

Am Samstag, 5. Dezember 2015, 14:30:25 schrieb Zain Wang: Hi Zain, >Add md5 sha1 sha256 support for crypto engine in rk3288. >This patch can't support multiple updatings because of limited of IC, >as result, it can't support import and export too. > >Signed-off-by: Zain Wang

Re: GPF in gf128mul_64k_bbe

Am Donnerstag, 17. Dezember 2015, 14:00:23 schrieb Dmitry Vyukov: Hi Dmitry, >Hello, > >The following program causes GPF in gf128mul_64k_bbe: thank you very much for the bug reports. I will have a look into them. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe

[PATCH v3 1/4] crypto: AF_ALG -- add sign/verify API

Add the flags for handling signature generation and signature verification. Also, the patch adds the interface for setting a public key. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- include/uapi/linux/if_alg.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/uapi

[PATCH v3 3/4] crypto: AF_ALG -- add asymmetric cipher interface

This patch adds the user space interface for asymmetric ciphers. The interface allows the use of sendmsg as well as vmsplice to provide data. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/algif_akcipher.c | 542 1 file c

[PATCH v3 4/4] crypto: algif_akcipher - enable compilation

Add the Makefile and Kconfig updates to allow algif_akcipher to be compiled. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/Kconfig | 9 + crypto/Makefile | 1 + 2 files changed, 10 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index 7240821..c

[PATCH v3 2/4] crypto: AF_ALG -- add setpubkey setsockopt call

For supporting asymmetric ciphers, user space must be able to set the public key. The patch adds a new setsockopt call for setting the public key. Signed-off-by: Stephan Mueller <smuel...@chronox.de> --- crypto/af_alg.c | 18 +- include/crypto/if_alg.h | 1 + 2

Re: WARNING in crypto_wait_for_test

Am Montag, 14. Dezember 2015, 20:52:19 schrieb Herbert Xu: Hi Herbert, >On Thu, Dec 10, 2015 at 03:14:24AM +0100, Stephan Mueller wrote: >> Herbert, alg_bind currently blacklists one bit in the mask and type bit >> array. Shouldn't we instead white-list the allowed bits? >

Re: WARNING in crypto_wait_for_test

Am Dienstag, 8. Dezember 2015, 12:12:27 schrieb Dmitry Vyukov: Hi Dmitry, >Hello, > >The following program triggers a WARNING in crypto_wait_for_test: > >// autogenerated by syzkaller (http://github.com/google/syzkaller) >#include >#include >#include > >int main() >{ >long r0 =

Re: [PATCH] crypto: Make CRYPTO_CBC select CRYPTO_ECHAINIV

Am Montag, 4. Januar 2016, 19:56:59 schrieb Thomas Egerer: Hi Thomas, > Similar to CTR mode selecting CRYPTO_SEQIV, CBC mode requires echainiv > and has to select CRYPTO_ECHAINIV in order to work properly. This solves > the issues caused by a misconfiguration as described in [1]. > > [1]

Re: [PATCH v2] crypto: af_alg - Disallow bind/setkey/... after accept(2)

Am Freitag, 1. Januar 2016, 21:12:40 schrieb Stephan Mueller: Hi Herbert, > Am Mittwoch, 30. Dezember 2015, 11:47:53 schrieb Herbert Xu: > > Hi Herbert, > > > On Tue, Dec 29, 2015 at 07:36:14PM +0100, Dmitry Vyukov wrote: > > > He

<    2   3   4   5   6   7   8   9   10   11   >