On Wed, Jun 29, 2016 at 10:45:56AM -0700, Megha Dey wrote:
> I tested the latest cryptodev tree on my haswell machine and this is
> what I see:
> [ 40.402834] modprobe tcrypt mode=422
> [ 40.403105] testing speed of multibuffer sha1 (sha1_mb)
> [ 40.403108] test 0 ( 16 byte blocks, 16
Tadeusz,
On Thu, 23 Jun 2016, Tadeusz Struk wrote:
This patch adds support for asymmetric key type to AF_ALG.
It will work as follows: A new PF_ALG socket options are
added on top of existing ALG_SET_KEY and ALG_SET_PUBKEY, namely
ALG_SET_KEY_ID and ALG_SET_PUBKEY_ID for setting public and
I tested the latest cryptodev tree on my haswell machine and this is
what I see:
[ 40.402834] modprobe tcrypt mode=422
[ 40.403105] testing speed of multibuffer sha1 (sha1_mb)
[ 40.403108] test 0 ( 16 byte blocks, 16 bytes per update, 1
updates): 32271 cycles/operation, 252
On 06/29/16 07:42, Dan Carpenter wrote:
> || and | behave basically the same here but || is intended. It causes a
> static checker warning to mix up bitwise and logical operations.
>
> Signed-off-by: Dan Carpenter
>
> diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c
From: Zhaoxiu Zeng
Signed-off-by: Zhaoxiu Zeng
---
drivers/crypto/sahara.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c
index c3f3d89..5c44a15 100644
---
Some software alg has cra_priority as higher as 300, so increase
omap-sham priority to 400 to ensure it is on top of any software alg.
Signed-off-by: Bin Liu
---
drivers/crypto/omap-sham.c | 24
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git
On Wed, Jun 29, 2016 at 05:41:30PM +0300, Dan Carpenter wrote:
> The "goto out;" line isn't indented far enough.
>
> Signed-off-by: Dan Carpenter
Sorry, but this has already been fixed :)
--
Email: Herbert Xu
Home Page:
The "goto out;" line isn't indented far enough.
Signed-off-by: Dan Carpenter
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 6ef7815..117f19e 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -629,7 +629,7 @@ static void test_mb_ahash_speed(const char *algo,
|| and | behave basically the same here but || was intended. It causes
a static checker warning when we mix up logical and bitwise operations.
Signed-off-by: Dan Carpenter
diff --git a/arch/x86/crypto/sha1-mb/sha1_mb.c
b/arch/x86/crypto/sha1-mb/sha1_mb.c
index
|| and | behave basically the same here but || is intended. It causes a
static checker warning to mix up bitwise and logical operations.
Signed-off-by: Dan Carpenter
diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c
b/arch/x86/crypto/sha256-mb/sha256_mb.c
index
>> Also not mentioned in the documentation is that some algorithms *do*
>> have different implementations depending on key size. SHA-2 is the
>> classic example.
> What do you mean by that? SHA has no keying at all.
In this case, the analagous property is hash size. Sorry, I thought
that was
Every implementation of RSA that we have naturally generates
output with leading zeroes. The one and only user of RSA,
pkcs1pad wants to have those leading zeroes in place, in fact
because they are currently absent it has to write those zeroes
itself.
So we shouldn't be stripping leading zeroes
Rather than repeatedly checking the key size on each operation,
we should be checking it once when the key is set.
Signed-off-by: Herbert Xu
---
crypto/rsa-pkcs1pad.c | 56 +++---
1 file changed, 26 insertions(+), 30
This patch allows RSA implementations to produce output with
leading zeroes. testmgr will skip leading zeroes when comparing
the output.
This patch also tries to make the RSA test function generic enough
to potentially handle other akcipher algorithms.
Signed-off-by: Herbert Xu
We don't currently support using akcipher in atomic contexts,
so GFP_KERNEL should always be used.
Signed-off-by: Herbert Xu
---
crypto/rsa-pkcs1pad.c | 22 ++
1 file changed, 6 insertions(+), 16 deletions(-)
diff --git
The only user of rsa-pkcs1pad always uses the hash so there is
no reason to support the case of not having a hash.
This patch also changes the digest info lookup so that it is
only done once during template instantiation rather than on each
operation.
Signed-off-by: Herbert Xu
Currently the mpi SG helpers use sg_virt which is completely
broken. It happens to work with normal kernel memory but will
fail with anything that is not linearly mapped.
This patch fixes this by using the SG iterator helpers.
Signed-off-by: Herbert Xu
---
The helper pkcs1pad_sg_set_buf tries to split a buffer that crosses
a page boundary into two SG entries. This is unnecessary. This
patch removes that.
Signed-off-by: Herbert Xu
---
crypto/rsa-pkcs1pad.c | 19 +--
1 file changed, 5 insertions(+),
In the vast majority of cases (2^-32 on 32-bit and 2^-64 on 64-bit)
cases, the result from encryption/signing will require no padding.
This patch makes these two operations write their output directly
to the final destination. Only in the exceedingly rare cases where
fixup is needed to we copy
Hi:
This was prompted by the caam RSA submission where a lot of work
was done just to strip the RSA output of leading zeroes. This is
in fact completely pointless because the only user of RSA in the
kernel then promptly puts them back.
This patch series resolves this madness by simply leaving
On Wed, Jun 29, 2016 at 11:23:06AM +, Benedetto, Salvatore wrote:
> Hi Herbert,
>
> >
> > This patch also changes DH to use the new interface.
> >
> > Signed-off-by: Herbert Xu
> > ---
> >
> > crypto/rsa.c|8 +++
> > include/linux/mpi.h |2
Hi Herbert,
>
> This patch also changes DH to use the new interface.
>
> Signed-off-by: Herbert Xu
> ---
>
> crypto/rsa.c|8 +++
> include/linux/mpi.h |2 -
> lib/mpi/mpicoder.c | 55 ---
> -
>
The helper pkcs1pad_sg_set_buf tries to split a buffer that crosses
a page boundary into two SG entries. This is unnecessary. This
patch removes that.
Signed-off-by: Herbert Xu
---
crypto/rsa-pkcs1pad.c | 19 +--
1 file changed, 5 insertions(+),
Rather than repeatedly checking the key size on each operation,
we should be checking it once when the key is set.
Signed-off-by: Herbert Xu
---
crypto/rsa-pkcs1pad.c | 56 +++---
1 file changed, 26 insertions(+), 30
Every implementation of RSA that we have naturally generates
output with leading zeroes. The one and only user of RSA,
pkcs1pad wants to have those leading zeroes in place, in fact
because they are currently absent it has to write those zeroes
itself.
So we shouldn't be stripping leading zeroes
This patch allows RSA implementations to produce output with
leading zeroes. testmgr will skip leading zeroes when comparing
the output.
This patch also tries to make the RSA test function generic enough
to potentially handle other akcipher algorithms.
Signed-off-by: Herbert Xu
Currently the mpi SG helpers use sg_virt which is completely
broken. It happens to work with normal kernel memory but will
fail with anything that is not linearly mapped.
This patch fixes this by using the SG iterator helpers.
Signed-off-by: Herbert Xu
---
In the vast majority of cases (2^-32 on 32-bit and 2^-64 on 64-bit)
cases, the result from encryption/signing will require no padding.
This patch makes these two operations write their output directly
to the final destination. Only in the exceedingly rare cases where
fixup is needed to we copy
The only user of rsa-pkcs1pad always uses the hash so there is
no reason to support the case of not having a hash.
This patch also changes the digest info lookup so that it is
only done once during template instantiation rather than on each
operation.
Signed-off-by: Herbert Xu
Hi:
This was prompted by the caam RSA submission where a lot of work
was done just to strip the RSA output of leading zeroes. This is
in fact completely pointless because the only user of RSA in the
kernel then promptly puts them back.
This patch series resolves this madness by simply leaving
On Wed, Jun 29, 2016 at 12:24:43AM +0530, Harsh Jain wrote:
> Remove redundant sg_init_table call. scatterwalk_ffwd doing the same.
>
> Signed-off-by: Harsh Jain
Patch applied. Thanks.
--
Email: Herbert Xu
Home Page:
This patch adds the helper crypto_inst_setname because the current
helper crypto_alloc_instance2 is no longer useful given that we
now look up the algorithm after we allocate the instance object.
Signed-off-by: Herbert Xu
---
crypto/algapi.c | 24
This patch converts cts over to the skcipher interface. It also
optimises the implementation to use one CBC operation for all but
the last block, which is then processed separately.
Signed-off-by: Herbert Xu
---
crypto/cts.c | 494
This patch replaces use of the obsolete ablkcipher with skcipher.
It also removes shash_fallback which is totally unused.
Signed-off-by: Herbert Xu
---
drivers/crypto/sahara.c | 112 +---
1 file changed, 50
This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
arch/s390/crypto/aes_s390.c | 113 +++-
1 file changed, 60 insertions(+), 53 deletions(-)
diff --git
This patch converts tcrypt to use the new skcipher interface as
opposed to ablkcipher/blkcipher.
Signed-off-by: Herbert Xu
---
crypto/tcrypt.c | 241 ++--
1 file changed, 44 insertions(+), 197 deletions(-)
diff
This patch adds skcipher support to cryptd alongside ablkcipher.
Signed-off-by: Herbert Xu
---
crypto/cryptd.c | 279 +++-
include/crypto/cryptd.h | 13 ++
2 files changed, 290 insertions(+), 2 deletions(-)
This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
crypto/seqiv.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/crypto/seqiv.c b/crypto/seqiv.c
index 15a749a..a859b3a 100644
---
The default null blkcipher is no longer used and can now be removed.
Signed-off-by: Herbert Xu
---
crypto/crypto_null.c | 49 ++---
include/crypto/null.h | 14 +++---
2 files changed, 17 insertions(+), 46
This patch converts chacha20poly1305 to use the new skcipher
interface as opposed to ablkcipher.
It also fixes a buglet where we may end up with an async poly1305
when the user asks for a async algorithm. This shouldn't be a
problem yet as there aren't any async implementations of poly1305
out
This patch converts authencesn to use the new skcipher interface as
opposed to ablkcipher.
It also fixes a little bug where if a sync version of authencesn
is requested we may still end up using an async ahash. This should
have no effect as none of the authencesn users can request for a
sync
This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
security/keys/big_key.c | 30 ++
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/security/keys/big_key.c
This patch converts authenc to use the new skcipher interface as
opposed to ablkcipher.
It also fixes a little bug where if a sync version of authenc
is requested we may still end up using an async ahash. This should
have no effect as none of the authenc users can request for a
sync authenc.
This patch replaces use of the obsolete ablkcipher with skcipher.
Signed-off-by: Herbert Xu
---
drivers/crypto/picoxcell_crypto.c | 60 +++---
1 file changed, 31 insertions(+), 29 deletions(-)
diff --git
Currently aesni uses an async ctr(aes) to derive the rfc4106
subkey, which was presumably copied over from the generic rfc4106
code. Over there it's done that way because we already have a
ctr(aes) spawn. But it is simply overkill for aesni since we
have to go get a ctr(aes) from scratch anyway.
This patch converts rfc3686 to use the new skcipher interface as
opposed to ablkcipher.
Signed-off-by: Herbert Xu
---
crypto/ctr.c | 182 ++-
1 file changed, 93 insertions(+), 89 deletions(-)
diff --git
This patch replaces use of the obsolete ablkcipher with skcipher.
Signed-off-by: Herbert Xu
---
drivers/crypto/mxs-dcp.c | 47 +--
1 file changed, 21 insertions(+), 26 deletions(-)
diff --git a/drivers/crypto/mxs-dcp.c
This patch converts ccm to use the new skcipher interface as opposed
to ablkcipher.
Signed-off-by: Herbert Xu
---
crypto/ccm.c | 70 +--
1 file changed, 35 insertions(+), 35 deletions(-)
diff --git
The blkcipher null object is no longer used and can now be removed.
Signed-off-by: Herbert Xu
---
crypto/aead.c |8
include/crypto/internal/geniv.h |1 -
2 files changed, 9 deletions(-)
diff --git a/crypto/aead.c b/crypto/aead.c
This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
crypto/echainiv.c | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/crypto/echainiv.c b/crypto/echainiv.c
index b96a8456..1b01fe9
This patch adds an skcipher null object alongside the existing
null blkcipher so that IV generators using it can switch over
to skcipher.
Signed-off-by: Herbert Xu
---
crypto/aead.c | 10 +-
include/crypto/internal/geniv.h |1 +
2
This patch replaces use of the obsolete ablkcipher with skcipher.
Signed-off-by: Herbert Xu
---
drivers/crypto/qce/ablkcipher.c | 27 ---
drivers/crypto/qce/cipher.h |2 +-
2 files changed, 17 insertions(+), 12 deletions(-)
diff
This patch converts gcm to use the new skcipher interface as opposed
to ablkcipher.
Signed-off-by: Herbert Xu
---
crypto/gcm.c | 108 ++-
1 file changed, 55 insertions(+), 53 deletions(-)
diff --git
This patch replaces use of the obsolete ablkcipher with skcipher.
Signed-off-by: Herbert Xu
---
drivers/crypto/ccp/ccp-crypto-aes-xts.c | 43 ++--
drivers/crypto/ccp/ccp-crypto.h |3 --
2 files changed, 21 insertions(+), 25
This patch adds speed tests for cts(cbc(aes)).
Signed-off-by: Herbert Xu
---
crypto/tcrypt.c |8
1 file changed, 8 insertions(+)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 9ca822c..2e29221 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
Current the default null skcipher is actually a crypto_blkcipher.
This patch creates a synchronous crypto_skcipher version of the
null cipher which unfortunately has to settle for the name skcipher2.
Signed-off-by: Herbert Xu
---
crypto/crypto_null.c | 38
As it is, if you get an async ahash with a sync skcipher you'll
end up with a sync authenc, which is wrong.
This patch fixes it by considering the ASYNC bit from ahash as
well.
It also fixes a little bug where if a sync version of authenc
is requested we may still end up using an async ahash.
This patch allows skcipher algorithms and instances to be created
and registered with the crypto API. They are accessible through
the top-level skcipher interface, along with ablkcipher/blkcipher
algorithms and instances.
Signed-off-by: Herbert Xu
---
The function crypto_ahash_extsize did not include padding when
computing the tfm context size. This patch fixes this by using
the generic crypto_alg_extsize helper.
Signed-off-by: Herbert Xu
---
crypto/ahash.c |6 +++---
1 file changed, 3 insertions(+), 3
Hi:
This path series begins the task of converting blkcipher/ablkcipher
implementations over to the unified skcipher interface. The first
step is to convert non-cipher users such as aead to use skcipher.
Then we proceed to convert the top-level skcipher algorithms such
as rfc3686 and cts.
Currently the mpi SG helpers use sg_virt which is completely
broken. It happens to work with normal kernel memory but will
fail with anything that is not linearly mapped.
This patch fixes this by using the SG iterator helpers.
Signed-off-by: Herbert Xu
---
In the vast majority of cases (2^-32 on 32-bit and 2^-64 on 64-bit)
cases, the result from encryption/signing will require no padding.
This patch makes these two operations write their output directly
to the final destination. Only in the exceedingly rare cases where
fixup is needed to we copy
We don't currently support using akcipher in atomic contexts,
so GFP_KERNEL should always be used.
Signed-off-by: Herbert Xu
---
crypto/rsa-pkcs1pad.c | 22 ++
1 file changed, 6 insertions(+), 16 deletions(-)
diff --git
The helper pkcs1pad_sg_set_buf tries to split a buffer that crosses
a page boundary into two SG entries. This is unnecessary. This
patch removes that.
Signed-off-by: Herbert Xu
---
crypto/rsa-pkcs1pad.c | 19 +--
1 file changed, 5 insertions(+),
Rather than repeatedly checking the key size on each operation,
we should be checking it once when the key is set.
Signed-off-by: Herbert Xu
---
crypto/rsa-pkcs1pad.c | 56 +++---
1 file changed, 26 insertions(+), 30
Every implementation of RSA that we have naturally generates
output with leading zeroes. The one and only user of RSA,
pkcs1pad wants to have those leading zeroes in place, in fact
because they are currently absent it has to write those zeroes
itself.
So we shouldn't be stripping leading zeroes
Hi:
This was prompted by the caam RSA submission where a lot of work
was done just to strip the RSA output of leading zeroes. This is
in fact completely pointless because the only user of RSA in the
kernel then promptly puts them back.
This patch series resolves this madness by simply leaving
On 06/29/2016 10:19 AM, Herbert Xu wrote:
> On Wed, Jun 29, 2016 at 10:16:10AM +0200, Krzysztof Kozlowski wrote:
>>
>> Seems to work fine except:
>> 1. The updates are always 1.
>
> Yes the test function only does digest so it's always one update.
>
>> 2. For bigger blocks it reports always 1 or
On Wed, Jun 29, 2016 at 10:16:10AM +0200, Krzysztof Kozlowski wrote:
>
> Seems to work fine except:
> 1. The updates are always 1.
Yes the test function only does digest so it's always one update.
> 2. For bigger blocks it reports always 1 or 3 cycles per byte:
Yes the average cycles per-byte
On 06/28/2016 02:33 PM, Herbert Xu wrote:
> On Tue, Jun 28, 2016 at 12:15:43PM +0200, Krzysztof Kozlowski wrote:
>> Oops:
>
> Thanks, there was a typo where it said k instead of j in the second
> loop.
>
> ---8<---
> This patch resolves a number of issues with the mb speed test
> function:
>
>
70 matches
Mail list logo