Re: [PATCH 0/2] Automatically load the vmx_crypto module if supported
On Wed, 2016-07-13 at 15:47 +1000, alast...@au1.ibm.com wrote: > From: Alastair D'Silva> > This series allows the vmx_crypto module to be detected and > automatically > loaded via UDEV if the CPU supports the vector crypto feature. > > Alastair D'Silva (2): > powerpc: Add module autoloading based on CPU features > crypto: vmx - Convert to CPU feature based module autoloading > > arch/powerpc/Kconfig | 1 + > arch/powerpc/include/asm/cpufeature.h | 70 > +++ > drivers/crypto/vmx/Kconfig| 2 +- > drivers/crypto/vmx/vmx.c | 6 +-- > 4 files changed, 74 insertions(+), 5 deletions(-) > create mode 100644 arch/powerpc/include/asm/cpufeature.h Please ignore the following: [PATCH 1/2] Allow drivers to be autoloaded. [PATCH 2/2] Automatically load the vmx_crypto module if supported. -- Alastair D'Silva Open Source Developer Linux Technology Centre, IBM Australia mob: 0423 762 819 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/2] crypto: vmx - Convert to CPU feature based module autoloading
From: Alastair D'SilvaThis patch utilises the GENERIC_CPU_AUTOPROBE infrastructure to automatically load the vmx_crypto module if the CPU supports it. Signed-off-by: Alastair D'Silva --- drivers/crypto/vmx/Kconfig | 2 +- drivers/crypto/vmx/vmx.c | 6 ++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/vmx/Kconfig b/drivers/crypto/vmx/Kconfig index 89d8208..a83ead1 100644 --- a/drivers/crypto/vmx/Kconfig +++ b/drivers/crypto/vmx/Kconfig @@ -1,7 +1,7 @@ config CRYPTO_DEV_VMX_ENCRYPT tristate "Encryption acceleration support on P8 CPU" depends on CRYPTO_DEV_VMX - default y + default m help Support for VMX cryptographic acceleration instructions on Power8 CPU. This module supports acceleration for AES and GHASH in hardware. If you diff --git a/drivers/crypto/vmx/vmx.c b/drivers/crypto/vmx/vmx.c index e163d57..5a40f2f 100644 --- a/drivers/crypto/vmx/vmx.c +++ b/drivers/crypto/vmx/vmx.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -43,9 +44,6 @@ int __init p8_init(void) int ret = 0; struct crypto_alg **alg_it; - if (!(cur_cpu_spec->cpu_user_features2 & PPC_FEATURE2_VEC_CRYPTO)) - return -ENODEV; - for (alg_it = algs; *alg_it; alg_it++) { ret = crypto_register_alg(*alg_it); printk(KERN_INFO "crypto_register_alg '%s' = %d\n", @@ -78,7 +76,7 @@ void __exit p8_exit(void) crypto_unregister_shash(_ghash_alg); } -module_init(p8_init); +module_cpu_feature_match(PPC_MODULE_FEATURE_VEC_CRYPTO, p8_init); module_exit(p8_exit); MODULE_AUTHOR("Marcelo Cerri "); -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/2] Automatically load the vmx_crypto module if supported.
From: Alastair D'SilvaThis patch utilises the GENERIC_CPU_AUTOPROBE infrastructure to automatically load the vmx_crypto module if the CPU supports it. Signed-off-by: Alastair D'Silva --- drivers/crypto/vmx/Kconfig | 2 +- drivers/crypto/vmx/vmx.c | 6 ++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/vmx/Kconfig b/drivers/crypto/vmx/Kconfig index 89d8208..a83ead1 100644 --- a/drivers/crypto/vmx/Kconfig +++ b/drivers/crypto/vmx/Kconfig @@ -1,7 +1,7 @@ config CRYPTO_DEV_VMX_ENCRYPT tristate "Encryption acceleration support on P8 CPU" depends on CRYPTO_DEV_VMX - default y + default m help Support for VMX cryptographic acceleration instructions on Power8 CPU. This module supports acceleration for AES and GHASH in hardware. If you diff --git a/drivers/crypto/vmx/vmx.c b/drivers/crypto/vmx/vmx.c index e163d57..5a40f2f 100644 --- a/drivers/crypto/vmx/vmx.c +++ b/drivers/crypto/vmx/vmx.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -43,9 +44,6 @@ int __init p8_init(void) int ret = 0; struct crypto_alg **alg_it; - if (!(cur_cpu_spec->cpu_user_features2 & PPC_FEATURE2_VEC_CRYPTO)) - return -ENODEV; - for (alg_it = algs; *alg_it; alg_it++) { ret = crypto_register_alg(*alg_it); printk(KERN_INFO "crypto_register_alg '%s' = %d\n", @@ -78,7 +76,7 @@ void __exit p8_exit(void) crypto_unregister_shash(_ghash_alg); } -module_init(p8_init); +module_cpu_feature_match(PPC_MODULE_FEATURE_VEC_CRYPTO, p8_init); module_exit(p8_exit); MODULE_AUTHOR("Marcelo Cerri "); -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/2] Automatically load the vmx_crypto module if supported
From: Alastair D'SilvaThis series allows the vmx_crypto module to be detected and automatically loaded via UDEV if the CPU supports the vector crypto feature. Alastair D'Silva (2): powerpc: Add module autoloading based on CPU features crypto: vmx - Convert to CPU feature based module autoloading arch/powerpc/Kconfig | 1 + arch/powerpc/include/asm/cpufeature.h | 70 +++ drivers/crypto/vmx/Kconfig| 2 +- drivers/crypto/vmx/vmx.c | 6 +-- 4 files changed, 74 insertions(+), 5 deletions(-) create mode 100644 arch/powerpc/include/asm/cpufeature.h -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/2] powerpc: Add module autoloading based on CPU features
From: Alastair D'SilvaThis patch provides the necessary infrastructure to allow drivers to be automatically loaded via UDEV. It implements the minimum required to be able to use module_cpu_feature_match to trigger the GENERIC_CPU_AUTOPROBE mechanisms. The features exposed are a mirror of the cpu_user_features (converted to an offset from a mask). This decision was made to ensure that the behavior between features for module loading and userspace are consistent. Signed-off-by: Alastair D'Silva --- arch/powerpc/Kconfig | 1 + arch/powerpc/include/asm/cpufeature.h | 70 +++ 2 files changed, 71 insertions(+) create mode 100644 arch/powerpc/include/asm/cpufeature.h diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 0a9d439..a6e49db 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -164,6 +164,7 @@ config PPC select ARCH_HAS_UBSAN_SANITIZE_ALL select ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT select HAVE_LIVEPATCH if HAVE_DYNAMIC_FTRACE_WITH_REGS + select GENERIC_CPU_AUTOPROBE config GENERIC_CSUM def_bool CPU_LITTLE_ENDIAN diff --git a/arch/powerpc/include/asm/cpufeature.h b/arch/powerpc/include/asm/cpufeature.h new file mode 100644 index 000..df31627 --- /dev/null +++ b/arch/powerpc/include/asm/cpufeature.h @@ -0,0 +1,70 @@ +/* CPU feature definitions for module loading, used by + * module_cpu_feature_match(), see asm/cputable.h for powerpc CPU features + * + * Copyright 2016 Alastair D'Silva, IBM Corporation. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __ASM_CPUFEATURE_H +#define __ASM_POWERPC_CPUFEATURE_H + +#include + +/* Keep these in step with powerpc/include/asm/cputable.h */ +#define MAX_CPU_FEATURES (2 * 32) + +#define PPC_MODULE_FEATURE_32 (ilog2(PPC_FEATURE_32)) +#define PPC_MODULE_FEATURE_64 (ilog2(PPC_FEATURE_64)) +#define PPC_MODULE_FEATURE_601_INSTR (ilog2(PPC_FEATURE_601_INSTR)) +#define PPC_MODULE_FEATURE_HAS_ALTIVEC (ilog2(PPC_FEATURE_HAS_ALTIVEC)) +#define PPC_MODULE_FEATURE_HAS_FPU (ilog2(PPC_FEATURE_HAS_FPU)) +#define PPC_MODULE_FEATURE_HAS_MMU (ilog2(PPC_FEATURE_HAS_MMU)) +#define PPC_MODULE_FEATURE_HAS_4xxMAC (ilog2(PPC_FEATURE_HAS_4xxMAC)) +#define PPC_MODULE_FEATURE_UNIFIED_CACHE ilog2(PPC_FEATURE_UNIFIED_CACHE)) +#define PPC_MODULE_FEATURE_HAS_SPE (ilog2(PPC_FEATURE_HAS_SPE)) +#define PPC_MODULE_FEATURE_HAS_EFP_SINGLE (ilog2(PPC_FEATURE_HAS_EFP_SINGLE)) +#define PPC_MODULE_FEATURE_HAS_EFP_DOUBLE (ilog2(PPC_FEATURE_HAS_EFP_DOUBLE)) +#define PPC_MODULE_FEATURE_NO_TB (ilog2(PPC_FEATURE_NO_TB)) +#define PPC_MODULE_FEATURE_POWER4 (ilog2(PPC_FEATURE_POWER4)) +#define PPC_MODULE_FEATURE_POWER5 (ilog2(PPC_FEATURE_POWER5)) +#define PPC_MODULE_FEATURE_POWER5_PLUS (ilog2(PPC_FEATURE_POWER5_PLUS)) +#define PPC_MODULE_FEATURE_CELL (ilog2(PPC_FEATURE_CELL)) +#define PPC_MODULE_FEATURE_BOOKE (ilog2(PPC_FEATURE_BOOKE)) +#define PPC_MODULE_FEATURE_SMT (ilog2(PPC_FEATURE_SMT)) +#define PPC_MODULE_FEATURE_ICACHE_SNOOP (ilog2(PPC_FEATURE_ICACHE_SNOOP)) +#define PPC_MODULE_FEATURE_ARCH_2_05 (ilog2(PPC_FEATURE_ARCH_2_05)) +#define PPC_MODULE_FEATURE_PA6T (ilog2(PPC_FEATURE_PA6T)) +#define PPC_MODULE_FEATURE_HAS_DFP (ilog2(PPC_FEATURE_HAS_DFP)) +#define PPC_MODULE_FEATURE_POWER6_EXT (ilog2(PPC_FEATURE_POWER6_EXT)) +#define PPC_MODULE_FEATURE_ARCH_2_06 (ilog2(PPC_FEATURE_ARCH_2_06)) +#define PPC_MODULE_FEATURE_HAS_VSX (ilog2(PPC_FEATURE_HAS_VSX)) +#define PPC_MODULE_FEATURE_PSERIES_PERFMON_COMPAT (ilog2(PPC_FEATURE_PSERIES_PERFMON_COMPAT)) +#define PPC_MODULE_FEATURE_TRUE_LE (ilog2(PPC_FEATURE_TRUE_LE)) +#define PPC_MODULE_FEATURE_PPC_LE (ilog2(PPC_FEATURE_PPC_LE)) + +#define PPC_MODULE_FEATURE_ARCH_2_07 (32 + ilog2(PPC_FEATURE2_ARCH_2_07)) +#define PPC_MODULE_FEATURE_HTM (32 + ilog2(PPC_FEATURE2_HTM)) +#define PPC_MODULE_FEATURE_DSCR(32 + ilog2(PPC_FEATURE2_DSCR)) +#define PPC_MODULE_FEATURE_EBB (32 + ilog2(PPC_FEATURE2_EBB)) +#define PPC_MODULE_FEATURE_ISEL(32 + ilog2(PPC_FEATURE2_ISEL)) +#define
[PATCH 1/2] Allow drivers to be autoloaded.
From: Alastair D'SilvaThis patch provides the necessary infrastructure to allow drivers to be automatically loaded via UDEV. It implements the minimum required to be able to use module_cpu_feature_match to trigger the GENERIC_CPU_AUTOPROBE mechanisms. The features exposed are a mirror of the cpu_user_features (converted to an offset from a mask). This decision was made to ensure that the behavior between features for module loading and userspace are consistent. Signed-off-by: Alastair D'Silva --- arch/powerpc/Kconfig | 1 + arch/powerpc/include/asm/cpufeature.h | 68 +++ 2 files changed, 69 insertions(+) create mode 100644 arch/powerpc/include/asm/cpufeature.h diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 0a9d439..a6e49db 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -164,6 +164,7 @@ config PPC select ARCH_HAS_UBSAN_SANITIZE_ALL select ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT select HAVE_LIVEPATCH if HAVE_DYNAMIC_FTRACE_WITH_REGS + select GENERIC_CPU_AUTOPROBE config GENERIC_CSUM def_bool CPU_LITTLE_ENDIAN diff --git a/arch/powerpc/include/asm/cpufeature.h b/arch/powerpc/include/asm/cpufeature.h new file mode 100644 index 000..6d52527 --- /dev/null +++ b/arch/powerpc/include/asm/cpufeature.h @@ -0,0 +1,68 @@ +/* + * Copyright 2016 Alastair D'Silva, IBM Corporation. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#ifndef __ASM_CPUFEATURE_H +#define __ASM_CPUFEATURE_H + +#include + +/* Keep these in step with powerpc/include/asm/cputable.h */ +#define MAX_CPU_FEATURES (2 * 32) + +#define PPC_MODULE_FEATURE_32 (ilog2(PPC_FEATURE_32)) +#define PPC_MODULE_FEATURE_64 (ilog2(PPC_FEATURE_64)) +#define PPC_MODULE_FEATURE_601_INSTR (ilog2(PPC_FEATURE_601_INSTR)) +#define PPC_MODULE_FEATURE_HAS_ALTIVEC (ilog2(PPC_FEATURE_HAS_ALTIVEC)) +#define PPC_MODULE_FEATURE_HAS_FPU (ilog2(PPC_FEATURE_HAS_FPU)) +#define PPC_MODULE_FEATURE_HAS_MMU (ilog2(PPC_FEATURE_HAS_MMU)) +#define PPC_MODULE_FEATURE_HAS_4xxMAC (ilog2(PPC_FEATURE_HAS_4xxMAC)) +#define PPC_MODULE_FEATURE_UNIFIED_CACHE ilog2(PPC_FEATURE_UNIFIED_CACHE)) +#define PPC_MODULE_FEATURE_HAS_SPE (ilog2(PPC_FEATURE_HAS_SPE)) +#define PPC_MODULE_FEATURE_HAS_EFP_SINGLE (ilog2(PPC_FEATURE_HAS_EFP_SINGLE)) +#define PPC_MODULE_FEATURE_HAS_EFP_DOUBLE (ilog2(PPC_FEATURE_HAS_EFP_DOUBLE)) +#define PPC_MODULE_FEATURE_NO_TB (ilog2(PPC_FEATURE_NO_TB)) +#define PPC_MODULE_FEATURE_POWER4 (ilog2(PPC_FEATURE_POWER4)) +#define PPC_MODULE_FEATURE_POWER5 (ilog2(PPC_FEATURE_POWER5)) +#define PPC_MODULE_FEATURE_POWER5_PLUS (ilog2(PPC_FEATURE_POWER5_PLUS)) +#define PPC_MODULE_FEATURE_CELL (ilog2(PPC_FEATURE_CELL)) +#define PPC_MODULE_FEATURE_BOOKE (ilog2(PPC_FEATURE_BOOKE)) +#define PPC_MODULE_FEATURE_SMT (ilog2(PPC_FEATURE_SMT)) +#define PPC_MODULE_FEATURE_ICACHE_SNOOP (ilog2(PPC_FEATURE_ICACHE_SNOOP)) +#define PPC_MODULE_FEATURE_ARCH_2_05 (ilog2(PPC_FEATURE_ARCH_2_05)) +#define PPC_MODULE_FEATURE_PA6T (ilog2(PPC_FEATURE_PA6T)) +#define PPC_MODULE_FEATURE_HAS_DFP (ilog2(PPC_FEATURE_HAS_DFP)) +#define PPC_MODULE_FEATURE_POWER6_EXT (ilog2(PPC_FEATURE_POWER6_EXT)) +#define PPC_MODULE_FEATURE_ARCH_2_06 (ilog2(PPC_FEATURE_ARCH_2_06)) +#define PPC_MODULE_FEATURE_HAS_VSX (ilog2(PPC_FEATURE_HAS_VSX)) +#define PPC_MODULE_FEATURE_PSERIES_PERFMON_COMPAT (ilog2(PPC_FEATURE_PSERIES_PERFMON_COMPAT)) +#define PPC_MODULE_FEATURE_TRUE_LE (ilog2(PPC_FEATURE_TRUE_LE)) +#define PPC_MODULE_FEATURE_PPC_LE (ilog2(PPC_FEATURE_PPC_LE)) + +#define PPC_MODULE_FEATURE_ARCH_2_07 (32 + ilog2(PPC_FEATURE2_ARCH_2_07)) +#define PPC_MODULE_FEATURE_HTM (32 + ilog2(PPC_FEATURE2_HTM)) +#define PPC_MODULE_FEATURE_DSCR(32 + ilog2(PPC_FEATURE2_DSCR)) +#define PPC_MODULE_FEATURE_EBB (32 + ilog2(PPC_FEATURE2_EBB)) +#define PPC_MODULE_FEATURE_ISEL(32 + ilog2(PPC_FEATURE2_ISEL)) +#define PPC_MODULE_FEATURE_TAR (32 + ilog2(PPC_FEATURE2_TAR)) +#define PPC_MODULE_FEATURE_VEC_CRYPTO (32 +
Re: [PATCH 1/2] crypto: vmx - Adding asm subroutines for XTS
Stephen Rothwellwrites: > On Mon, 11 Jul 2016 16:07:39 -0300 Paulo Flabiano Smorigo > wrote: >> >> diff --git a/drivers/crypto/vmx/aesp8-ppc.pl >> b/drivers/crypto/vmx/aesp8-ppc.pl >> index 2280539..813ffcc 100644 >> --- a/drivers/crypto/vmx/aesp8-ppc.pl >> +++ b/drivers/crypto/vmx/aesp8-ppc.pl >> @@ -1,4 +1,11 @@ >> -#!/usr/bin/env perl >> +#! /usr/bin/env perl >> +# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. >> +# >> +# Licensed under the OpenSSL license (the "License"). You may not use >> +# this file except in compliance with the License. You can obtain a copy >> +# in the file LICENSE in the source distribution or at >> +# https://www.openssl.org/source/license.html > > So, I assume that this license is compatible with the GPLv2? https://people.gnome.org/~markmc/openssl-and-the-gpl.html has an explanation and points to: https://www.openssl.org/docs/faq.html#LEGAL2 which makes it anything but clearer. it appears the answer is "probably not, unless you have an explicit exemption in your license" -- Stewart Smith OPAL Architect, IBM. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH 1/2] crypto: vmx - Adding asm subroutines for XTS
From: Paulo Flabiano Smorigo > Sent: 11 July 2016 20:08 > > This patch add XTS subroutines using VMX-crypto driver. > > It gives a boost of 20 times using XTS. > > These code has been adopted from OpenSSL project in collaboration > with the original author (Andy Polyakov). Yep, typical openssl code. 1000+ lines of uncommented impenetrable assembler. There is 0 chance of anyone ever checking this does what it should. David N�r��yb�X��ǧv�^�){.n�+{�r����ܨ}���Ơz�:+v���zZ+��+zf���h���~i���z��w���?�&�)ߢf
[PATCH v3 3/4] crypto: kdf - SP800-108 Key Derivation Function
The SP800-108 compliant Key Derivation Function is implemented as a random number generator considering that it behaves like a deterministic RNG. All three KDF types specified in SP800-108 are implemented. The code comments provide details about how to invoke the different KDF types. Signed-off-by: Stephan Mueller--- crypto/kdf.c | 514 +++ 1 file changed, 514 insertions(+) create mode 100644 crypto/kdf.c diff --git a/crypto/kdf.c b/crypto/kdf.c new file mode 100644 index 000..b39bddf --- /dev/null +++ b/crypto/kdf.c @@ -0,0 +1,514 @@ +/* + * Copyright (C) 2015, Stephan Mueller + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, and the entire permission notice in its entirety, + *including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + *products derived from this software without specific prior + *written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU General Public License, in which case the provisions of the GPL2 + * are required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF + * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT + * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + */ + +/* + * For performing a KDF operation, the following input is required + * from the caller: + * + * * Keying material to be used to derive the new keys from + * (denoted as Ko in SP800-108) + * * Label -- a free form binary string + * * Context -- a free form binary string + * + * The KDF is implemented as a random number generator. + * + * The Ko keying material is to be provided with the initialization of the KDF + * "random number generator", i.e. with the crypto_rng_reset function. + * + * The Label and Context concatenated string is provided when obtaining random + * numbers, i.e. with the crypto_rng_generate function. The caller must format + * the free-form Label || Context input as deemed necessary for the given + * purpose. Note, SP800-108 mandates that the Label and Context are separated + * by a 0x00 byte, i.e. the caller shall provide the input as + * Label || 0x00 || Context when trying to be compliant to SP800-108. For + * the feedback KDF, an IV is required as documented below. + * + * Example without proper error handling: + * char *keying_material = "\x00\x11\x22\x33\x44\x55\x66\x77"; + * char *label_context = "\xde\xad\xbe\xef\x00\xde\xad\xbe\xef"; + * kdf = crypto_alloc_rng(name, 0, 0); + * crypto_rng_reset(kdf, keying_material, 8); + * crypto_rng_generate(kdf, label_context, 9, outbuf, outbuflen); + * + * NOTE: Technically you can use one buffer for holding the label_context and + * the outbuf in the example above. Howerver, multiple rounds of the + * KDF are to be expected with the input must always be the same. + * The first round would replace the input in case of one buffer, and the + * KDF would calculate a cryptographically strong result which, however, + * is not portable to other KDF implementations! Thus, always use + * different buffers for the label_context and the outbuf. A safe + * in-place operation can only be done when only one round of the KDF + * is executed (i.e. the size of the requested buffer is equal to the + * digestsize of the used MAC). + */ + +#include +#include +#include +#include + +struct crypto_kdf_ctx { + struct shash_desc shash; + char ctx[]; +}; + +/* convert 32 bit integer into its string representation */ +static inline void crypto_kw_cpu_to_be32(u32 val, u8 *buf) +{ + __be32 *a = (__be32 *)buf; + + *a = cpu_to_be32(val); +} + +/* + *
[PATCH v3 0/4] crypto: Key Derivation Function (SP800-108)
Hi, this patch set implements all three key derivation functions defined in SP800-108. The implementation is provided as a template for random number generators, since a KDF can be considered a form of deterministic RNG where the key material is used as a seed. With the KDF implemented as a template, all types of keyed hashes can be utilized, including HMAC and CMAC. The testmgr tests are derived from publicly available test vectors from NIST. The KDF are all tested with a complete round of CAVS testing on 32 and 64 bit. The patch set introduces an extension to the kernel crypto API in the first patch by adding a template handling for random number generators based on the same logic as for keyed hashes. Changes v3: * port testmgr patch to current cryptodev-2.6 tree * add non-keyed KDF references to testmgr.c Changes v2: * port to 4.7-rc1 Stephan Mueller (4): crypto: add template handling for RNGs crypto: kdf - add known answer tests crypto: kdf - SP800-108 Key Derivation Function crypto: kdf - enable compilation crypto/Kconfig | 7 + crypto/Makefile | 1 + crypto/kdf.c | 514 +++ crypto/rng.c | 31 crypto/testmgr.c | 226 ++ crypto/testmgr.h | 110 +++ include/crypto/rng.h | 39 7 files changed, 928 insertions(+) create mode 100644 crypto/kdf.c -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 2/4] crypto: kdf - add known answer tests
Add known answer tests to the testmgr for the KDF (SP800-108) cipher. Signed-off-by: Stephan Mueller--- crypto/testmgr.c | 226 +++ crypto/testmgr.h | 110 +++ 2 files changed, 336 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 8ea0d3f..a513d71 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -116,6 +116,11 @@ struct drbg_test_suite { unsigned int count; }; +struct kdf_test_suite { + struct kdf_testvec *vecs; + unsigned int count; +}; + struct akcipher_test_suite { struct akcipher_testvec *vecs; unsigned int count; @@ -139,6 +144,7 @@ struct alg_test_desc { struct hash_test_suite hash; struct cprng_test_suite cprng; struct drbg_test_suite drbg; + struct kdf_test_suite kdf; struct akcipher_test_suite akcipher; struct kpp_test_suite kpp; } suite; @@ -1758,6 +1764,64 @@ outbuf: return ret; } +static int kdf_cavs_test(struct kdf_testvec *test, +const char *driver, u32 type, u32 mask) +{ + int ret = -EAGAIN; + struct crypto_rng *drng; + unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL); + + if (!buf) + return -ENOMEM; + + drng = crypto_alloc_rng(driver, type | CRYPTO_ALG_INTERNAL, mask); + if (IS_ERR(drng)) { + printk(KERN_ERR "alg: kdf: could not allocate cipher handle " + "for %s\n", driver); + kzfree(buf); + return -ENOMEM; + } + + ret = crypto_rng_reset(drng, test->K1, test->K1len); + if (ret) { + printk(KERN_ERR "alg: kdf: could not set key derivation key\n"); + goto err; + } + + ret = crypto_rng_generate(drng, test->context, test->contextlen, + buf, test->expectedlen); + if (ret) { + printk(KERN_ERR "alg: kdf: could not obtain key data\n"); + goto err; + } + + ret = memcmp(test->expected, buf, test->expectedlen); + +err: + crypto_free_rng(drng); + kzfree(buf); + return ret; +} + +static int alg_test_kdf(const struct alg_test_desc *desc, const char *driver, + u32 type, u32 mask) +{ + int err = 0; + unsigned int i = 0; + struct kdf_testvec *template = desc->suite.kdf.vecs; + unsigned int tcount = desc->suite.kdf.count; + + for (i = 0; i < tcount; i++) { + err = kdf_cavs_test([i], driver, type, mask); + if (err) { + printk(KERN_ERR "alg: kdf: Test %d failed for %s\n", + i, driver); + err = -EINVAL; + break; + } + } + return err; +} static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) @@ -3464,6 +3528,168 @@ static const struct alg_test_desc alg_test_descs[] = { .fips_allowed = 1, .test = alg_test_null, }, { + .alg = "kdf_ctr(cmac(aes))", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "kdf_ctr(cmac(des3_ede))", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "kdf_ctr(hmac(sha1))", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "kdf_ctr(hmac(sha224))", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "kdf_ctr(hmac(sha256))", + .test = alg_test_kdf, + .fips_allowed = 1, + .suite = { + .kdf = { + .vecs = kdf_ctr_hmac_sha256_tv_template, + .count = ARRAY_SIZE(kdf_ctr_hmac_sha256_tv_template) + } + } + }, { + .alg = "kdf_ctr(hmac(sha384))", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "kdf_ctr(hmac(sha512))", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "kdf_ctr(sha1)", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "kdf_ctr(sha224)", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "kdf_ctr(sha256)", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg = "kdf_ctr(sha384)", + .test = alg_test_null, + .fips_allowed = 1, + }, { + .alg =
[PATCH v3 1/4] crypto: add template handling for RNGs
This patch adds the ability to register templates for RNGs. RNGs are "meta" mechanisms using raw cipher primitives. Thus, RNGs can now be implemented as templates to allow the complete flexibility the kernel crypto API provides. Signed-off-by: Stephan Mueller--- crypto/rng.c | 31 +++ include/crypto/rng.h | 39 +++ 2 files changed, 70 insertions(+) diff --git a/crypto/rng.c b/crypto/rng.c index b81cffb..92cc02a 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -232,5 +232,36 @@ void crypto_unregister_rngs(struct rng_alg *algs, int count) } EXPORT_SYMBOL_GPL(crypto_unregister_rngs); +void rng_free_instance(struct crypto_instance *inst) +{ + crypto_drop_spawn(crypto_instance_ctx(inst)); + kfree(rng_instance(inst)); +} +EXPORT_SYMBOL_GPL(rng_free_instance); + +static int rng_prepare_alg(struct rng_alg *alg) +{ + struct crypto_alg *base = >base; + + base->cra_type = _rng_type; + base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; + base->cra_flags |= CRYPTO_ALG_TYPE_RNG; + + return 0; +} + +int rng_register_instance(struct crypto_template *tmpl, + struct rng_instance *inst) +{ + int err; + + err = rng_prepare_alg(>alg); + if (err) + return err; + + return crypto_register_instance(tmpl, rng_crypto_instance(inst)); +} +EXPORT_SYMBOL_GPL(rng_register_instance); + MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("Random Number Generator"); diff --git a/include/crypto/rng.h b/include/crypto/rng.h index b95ede3..b8a6ea3 100644 --- a/include/crypto/rng.h +++ b/include/crypto/rng.h @@ -15,6 +15,7 @@ #define _CRYPTO_RNG_H #include +#include struct crypto_rng; @@ -197,4 +198,42 @@ static inline int crypto_rng_seedsize(struct crypto_rng *tfm) return crypto_rng_alg(tfm)->seedsize; } +struct rng_instance { + struct rng_alg alg; +}; + +static inline struct rng_instance *rng_alloc_instance( + const char *name, struct crypto_alg *alg) +{ + return crypto_alloc_instance2(name, alg, + sizeof(struct rng_alg) - sizeof(*alg)); +} + +static inline struct crypto_instance *rng_crypto_instance( + struct rng_instance *inst) +{ + return container_of(>alg.base, struct crypto_instance, alg); +} + +static inline void *rng_instance_ctx(struct rng_instance *inst) +{ + return crypto_instance_ctx(rng_crypto_instance(inst)); +} + +static inline struct rng_alg *__crypto_rng_alg(struct crypto_alg *alg) +{ + return container_of(alg, struct rng_alg, base); +} + +static inline struct rng_instance *rng_instance( + struct crypto_instance *inst) +{ + return container_of(__crypto_rng_alg(>alg), + struct rng_instance, alg); +} + +int rng_register_instance(struct crypto_template *tmpl, + struct rng_instance *inst); +void rng_free_instance(struct crypto_instance *inst); + #endif -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v3 4/4] crypto: kdf - enable compilation
Include KDF into Kconfig and Makefile for compilation. Signed-off-by: Stephan Mueller--- crypto/Kconfig | 7 +++ crypto/Makefile | 1 + 2 files changed, 8 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index 62fcbb9..7779af8 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -372,6 +372,13 @@ config CRYPTO_KEYWRAP Support for key wrapping (NIST SP800-38F / RFC3394) without padding. +config CRYPTO_KDF + tristate "Key Derivation Function (SP800-108)" + select CRYPTO_RNG + help + Support for KDF compliant to SP800-108. All three types of + KDF specified in SP800-108 are implemented. + comment "Hash modes" config CRYPTO_CMAC diff --git a/crypto/Makefile b/crypto/Makefile index df1bcfb..d3733a4 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -82,6 +82,7 @@ obj-$(CONFIG_CRYPTO_LRW) += lrw.o obj-$(CONFIG_CRYPTO_XTS) += xts.o obj-$(CONFIG_CRYPTO_CTR) += ctr.o obj-$(CONFIG_CRYPTO_KEYWRAP) += keywrap.o +obj-$(CONFIG_CRYPTO_KDF) += kdf.o obj-$(CONFIG_CRYPTO_GCM) += gcm.o obj-$(CONFIG_CRYPTO_CCM) += ccm.o obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] DH support: add KDF handling support
Hi Mat, David, During the development of this patch, I saw that the test framework seems to be broken: when I change the expected values by one bit, the test framework will still mark the received result as PASS even though the returned data does not match the expected data. ---8< Add the interface logic to support DH with KDF handling support. The dh_compute code now allows the following options: - no KDF support / output of raw DH shared secret: dh_compute - KDF support without "other information" string: dh_compute - KDF support with "other information string: dh_compute The test to verify the code is based on a test vector used for the CAVS testing of SP800-56A. Signed-off-by: Stephan Mueller--- keyctl.c | 14 +- keyutils.c | 48 ++ keyutils.h | 13 + tests/keyctl/dh_compute/valid/runtest.sh | 83 4 files changed, 156 insertions(+), 2 deletions(-) diff --git a/keyctl.c b/keyctl.c index edb03de..32478b3 100644 --- a/keyctl.c +++ b/keyctl.c @@ -1638,14 +1638,24 @@ static void act_keyctl_dh_compute(int argc, char *argv[]) char *p; int ret, sep, col; - if (argc != 4) + if (argc != 4 && argc != 6 && argc != 7) format(); private = get_key_id(argv[1]); prime = get_key_id(argv[2]); base = get_key_id(argv[3]); - ret = keyctl_dh_compute_alloc(private, prime, base, ); + if (argc == 4) + ret = keyctl_dh_compute_alloc(private, prime, base, ); + else if (argc == 6) + ret = keyctl_dh_compute_kdf(private, prime, base, argv[4], + argv[5], NULL, ); + else if (argc == 7) + ret = keyctl_dh_compute_kdf(private, prime, base, argv[4], + argv[5], argv[6], ); + else + error("dh_compute: unknown number of arguments"); + if (ret < 0) error("keyctl_dh_compute_alloc"); diff --git a/keyutils.c b/keyutils.c index 2a69304..ffdd622 100644 --- a/keyutils.c +++ b/keyutils.c @@ -386,6 +386,54 @@ int keyctl_dh_compute_alloc(key_serial_t private, key_serial_t prime, } /* + * fetch DH computation results processed by a KDF into an + * allocated buffer + * - resulting buffer has an extra NUL added to the end + * - returns count (not including extraneous NUL) + */ +int keyctl_dh_compute_kdf(key_serial_t private, key_serial_t prime, + key_serial_t base, char *len, char *kdfname, + char *otherinfo, void **_buffer) +{ + char *buf; + unsigned long buflen; + int ret; + struct keyctl_dh_params params = { .private = private, + .prime = prime, + .base = base }; + struct keyctl_kdf_params kdfparams; + + buflen = strtoul(len, NULL, 10); + if (buflen > KEYCTL_KDF_MAX_OUTPUTLEN) + return -1; + + buf = malloc(buflen + 1); + if (!buf) + return -1; + + if (otherinfo) { + kdfparams.kdfname = kdfname; + kdfparams.kdfnamelen = strlen(kdfname); + kdfparams.otherinfo = otherinfo; + kdfparams.otherinfolen = strlen(otherinfo); + } else { + kdfparams.kdfname = kdfname; + kdfparams.kdfnamelen = strlen(kdfname); + kdfparams.otherinfo = NULL; + kdfparams.otherinfolen = 0; + } + ret = keyctl(KEYCTL_DH_COMPUTE, , buf, buflen, ); + if (ret < 0) { + free(buf); + return -1; + } + + buf[ret] = 0; + *_buffer = buf; + return ret; +} + +/* * Depth-first recursively apply a function over a keyring tree */ static int recursive_key_scan_aux(key_serial_t parent, key_serial_t key, diff --git a/keyutils.h b/keyutils.h index b321aa8..5026270 100644 --- a/keyutils.h +++ b/keyutils.h @@ -108,6 +108,16 @@ struct keyctl_dh_params { key_serial_t base; }; +struct keyctl_kdf_params { +#define KEYCTL_KDF_MAX_OUTPUTLEN1024/* max length of KDF output */ +#define KEYCTL_KDF_MAX_STRING_LEN 64 /* maximum length of strings */ + char *kdfname; + uint32_t kdfnamelen; + char *otherinfo; + uint32_t otherinfolen; + uint32_t flags; +}; + /* * syscall wrappers */ @@ -172,6 +182,9 @@ extern int keyctl_read_alloc(key_serial_t id, void **_buffer); extern int keyctl_get_security_alloc(key_serial_t id, char **_buffer); extern int keyctl_dh_compute_alloc(key_serial_t private, key_serial_t prime, key_serial_t base, void **_buffer); +int keyctl_dh_compute_kdf(key_serial_t private, key_serial_t prime, +
Re: [PATCH 3/3] crypto: Added Chelsio Menu to the Kconfig file
On Tue, Jul 12, 2016 at 03:30:41AM +0800, kbuild test robot wrote: > Hi, > > [auto build test WARNING on net-next/master] > [also build test WARNING on v4.7-rc7 next-20160711] > [if your patch is applied to the wrong git tree, please drop us a note to > help improve the system] Yeshaswi, please fix these warnings/errors even though they're compile-only. Thanks, -- Email: Herbert XuHome Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/3] chcr: Support for Chelsio's Crypto Hardware
On Mon, Jul 11, 2016 at 11:28:07AM -0700, Yeshaswi M R Gowda wrote: > > + u_ctx = ULD_CTX(ctx); > + if (cxgb4_is_crypto_q_full(u_ctx->lldi.ports[0], ctx->tx_channel_id)) > + return -EBUSY; You cannot just return -EBUSY. If the request has the MAY_BACKLOG bit set, it must be queued regardless, but you should return -EBUSY in order to throttle the user and then call the completion function with -EINPROGRESS once the queue can accept more requests from the user. Cheers, -- Email: Herbert XuHome Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 5/6] crypto: img-hash - Add support for export and import
Will Thomaswrote: > > @@ -714,9 +740,12 @@ static struct ahash_alg img_algs[] = { >.update = img_hash_update, >.final = img_hash_final, >.finup = img_hash_finup, > + .export = img_hash_export, > + .import = img_hash_import, >.digest = img_hash_digest, >.halg = { >.digestsize = MD5_DIGEST_SIZE, > + .statesize = sizeof(struct md5_state), This is wrong. The fallback state size is not guaranteed to be the same as the generic MD5. I suppose the easiest fix is to explicitly request for md5-generic/sha1-generic/etc. when you allocate the fallback. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/6] crypto: img-hash - Fix hash request context
Will Thomaswrote: > Move 0 length buffer to end of structure to stop overwriting > fallback request data. This doesn't cause a bug itself as the > buffer is never used alongside the fallback but should be > changed. > > Signed-off-by: Will Thomas > Reviewed-by: James Hartley This points out another bug, the fallback can have its own ctx following the request. So the set_reqsize call needs to be adjusted to take that into account. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/6] crypto: img-hash - Fix null pointer exception
Will Thomaswrote: > Sporadic null pointer exceptions came from here. Fix them. > > Signed-off-by: Will Thomas > Reviewed-by: James Hartley > --- > drivers/crypto/img-hash.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/crypto/img-hash.c b/drivers/crypto/img-hash.c > index 68e8aa9..a5f270b 100644 > --- a/drivers/crypto/img-hash.c > +++ b/drivers/crypto/img-hash.c > @@ -361,7 +361,7 @@ static void img_hash_dma_task(unsigned long d) >size_t nbytes, bleft, wsend, len, tbc; >struct scatterlist tsg; > > - if (!ctx->sg) > + if (!ctx || !ctx->sg) >return; This makes no sense. ctx comes from ahash_request_ctx which can never be NULL. Perhaps you meant !hdev->req? Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html