diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/aead.h | 6 | ||||
| -rw-r--r-- | include/crypto/akcipher.h | 28 | ||||
| -rw-r--r-- | include/crypto/algapi.h | 92 | ||||
| -rw-r--r-- | include/crypto/compress.h | 145 | ||||
| -rw-r--r-- | include/crypto/drbg.h | 4 | ||||
| -rw-r--r-- | include/crypto/hash.h | 45 | ||||
| -rw-r--r-- | include/crypto/internal/aead.h | 6 | ||||
| -rw-r--r-- | include/crypto/internal/compress.h | 28 | ||||
| -rw-r--r-- | include/crypto/internal/hash.h | 3 | ||||
| -rw-r--r-- | include/crypto/skcipher.h | 24 | ||||
| -rw-r--r-- | include/crypto/xts.h | 27 | ||||
| -rw-r--r-- | include/linux/ccp.h | 17 | ||||
| -rw-r--r-- | include/linux/crypto.h | 252 | ||||
| -rw-r--r-- | include/linux/sunrpc/gss_krb5.h | 32 | ||||
| -rw-r--r-- | include/net/sctp/auth.h | 4 | ||||
| -rw-r--r-- | include/net/sctp/structs.h | 6 | ||||
| -rw-r--r-- | include/net/tcp.h | 6 | ||||
| -rw-r--r-- | include/scsi/libiscsi_tcp.h | 13 | ||||
| -rw-r--r-- | include/target/iscsi/iscsi_target_core.h | 4 |
19 files changed, 238 insertions, 504 deletions
diff --git a/include/crypto/aead.h b/include/crypto/aead.h index 84d13b11ad7b..957bb8763219 100644 --- a/include/crypto/aead.h +++ b/include/crypto/aead.h @@ -31,10 +31,10 @@ * * For example: authenc(hmac(sha256), cbc(aes)) * - * The example code provided for the asynchronous block cipher operation - * applies here as well. Naturally all *ablkcipher* symbols must be exchanged + * The example code provided for the symmetric key cipher operation + * applies here as well. Naturally all *skcipher* symbols must be exchanged * the *aead* pendants discussed in the following. In addition, for the AEAD - * operation, the aead_request_set_assoc function must be used to set the + * operation, the aead_request_set_ad function must be used to set the * pointer to the associated data memory location before performing the * encryption or decryption operation. In case of an encryption, the associated * data memory is filled during the encryption operation. For decryption, the diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h index 354de15cea6b..c37cc59e9bf2 100644 --- a/include/crypto/akcipher.h +++ b/include/crypto/akcipher.h @@ -114,7 +114,7 @@ struct akcipher_alg { */ /** - * crypto_alloc_akcipher() -- allocate AKCIPHER tfm handle + * crypto_alloc_akcipher() - allocate AKCIPHER tfm handle * @alg_name: is the cra_name / name or cra_driver_name / driver name of the * public key algorithm e.g. "rsa" * @type: specifies the type of the algorithm @@ -171,7 +171,7 @@ static inline struct crypto_akcipher *crypto_akcipher_reqtfm( } /** - * crypto_free_akcipher() -- free AKCIPHER tfm handle + * crypto_free_akcipher() - free AKCIPHER tfm handle * * @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher() */ @@ -181,7 +181,7 @@ static inline void crypto_free_akcipher(struct crypto_akcipher *tfm) } /** - * akcipher_request_alloc() -- allocates public key request + * akcipher_request_alloc() - allocates public key request * * @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher() * @gfp: allocation flags @@ -201,7 +201,7 @@ static inline struct akcipher_request *akcipher_request_alloc( } /** - * akcipher_request_free() -- zeroize and free public key request + * akcipher_request_free() - zeroize and free public key request * * @req: request to free */ @@ -211,14 +211,14 @@ static inline void akcipher_request_free(struct akcipher_request *req) } /** - * akcipher_request_set_callback() -- Sets an asynchronous callback. + * akcipher_request_set_callback() - Sets an asynchronous callback. * * Callback will be called when an asynchronous operation on a given * request is finished. * * @req: request that the callback will be set for * @flgs: specify for instance if the operation may backlog - * @cmlp: callback which will be called + * @cmpl: callback which will be called * @data: private data used by the caller */ static inline void akcipher_request_set_callback(struct akcipher_request *req, @@ -232,7 +232,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req, } /** - * akcipher_request_set_crypt() -- Sets request parameters + * akcipher_request_set_crypt() - Sets request parameters * * Sets parameters required by crypto operation * @@ -255,7 +255,7 @@ static inline void akcipher_request_set_crypt(struct akcipher_request *req, } /** - * crypto_akcipher_maxsize() -- Get len for output buffer + * crypto_akcipher_maxsize() - Get len for output buffer * * Function returns the dest buffer size required for a given key * @@ -271,7 +271,7 @@ static inline int crypto_akcipher_maxsize(struct crypto_akcipher *tfm) } /** - * crypto_akcipher_encrypt() -- Invoke public key encrypt operation + * crypto_akcipher_encrypt() - Invoke public key encrypt operation * * Function invokes the specific public key encrypt operation for a given * public key algorithm @@ -289,7 +289,7 @@ static inline int crypto_akcipher_encrypt(struct akcipher_request *req) } /** - * crypto_akcipher_decrypt() -- Invoke public key decrypt operation + * crypto_akcipher_decrypt() - Invoke public key decrypt operation * * Function invokes the specific public key decrypt operation for a given * public key algorithm @@ -307,7 +307,7 @@ static inline int crypto_akcipher_decrypt(struct akcipher_request *req) } /** - * crypto_akcipher_sign() -- Invoke public key sign operation + * crypto_akcipher_sign() - Invoke public key sign operation * * Function invokes the specific public key sign operation for a given * public key algorithm @@ -325,7 +325,7 @@ static inline int crypto_akcipher_sign(struct akcipher_request *req) } /** - * crypto_akcipher_verify() -- Invoke public key verify operation + * crypto_akcipher_verify() - Invoke public key verify operation * * Function invokes the specific public key verify operation for a given * public key algorithm @@ -343,7 +343,7 @@ static inline int crypto_akcipher_verify(struct akcipher_request *req) } /** - * crypto_akcipher_set_pub_key() -- Invoke set public key operation + * crypto_akcipher_set_pub_key() - Invoke set public key operation * * Function invokes the algorithm specific set key function, which knows * how to decode and interpret the encoded key @@ -364,7 +364,7 @@ static inline int crypto_akcipher_set_pub_key(struct crypto_akcipher *tfm, } /** - * crypto_akcipher_set_priv_key() -- Invoke set private key operation + * crypto_akcipher_set_priv_key() - Invoke set private key operation * * Function invokes the algorithm specific set key function, which knows * how to decode and interpret the encoded key diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index c9fe145f7dd3..eeafd21afb44 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -15,6 +15,7 @@ #include <linux/crypto.h> #include <linux/list.h> #include <linux/kernel.h> +#include <linux/kthread.h> #include <linux/skbuff.h> struct crypto_aead; @@ -128,6 +129,75 @@ struct ablkcipher_walk { unsigned int blocksize; }; +#define ENGINE_NAME_LEN 30 +/* + * struct crypto_engine - crypto hardware engine + * @name: the engine name + * @idling: the engine is entering idle state + * @busy: request pump is busy + * @running: the engine is on working + * @cur_req_prepared: current request is prepared + * @list: link with the global crypto engine list + * @queue_lock: spinlock to syncronise access to request queue + * @queue: the crypto queue of the engine + * @rt: whether this queue is set to run as a realtime task + * @prepare_crypt_hardware: a request will soon arrive from the queue + * so the subsystem requests the driver to prepare the hardware + * by issuing this call + * @unprepare_crypt_hardware: there are currently no more requests on the + * queue so the subsystem notifies the driver that it may relax the + * hardware by issuing this call + * @prepare_request: do some prepare if need before handle the current request + * @unprepare_request: undo any work done by prepare_message() + * @crypt_one_request: do encryption for current request + * @kworker: thread struct for request pump + * @kworker_task: pointer to task for request pump kworker thread + * @pump_requests: work struct for scheduling work to the request pump + * @priv_data: the engine private data + * @cur_req: the current request which is on processing + */ +struct crypto_engine { + char name[ENGINE_NAME_LEN]; + bool idling; + bool busy; + bool running; + bool cur_req_prepared; + + struct list_head list; + spinlock_t queue_lock; + struct crypto_queue queue; + + bool rt; + + int (*prepare_crypt_hardware)(struct crypto_engine *engine); + int (*unprepare_crypt_hardware)(struct crypto_engine *engine); + + int (*prepare_request)(struct crypto_engine *engine, + struct ablkcipher_request *req); + int (*unprepare_request)(struct crypto_engine *engine, + struct ablkcipher_request *req); + int (*crypt_one_request)(struct crypto_engine *engine, + struct ablkcipher_request *req); + + struct kthread_worker kworker; + struct task_struct *kworker_task; + struct kthread_work pump_requests; + + void *priv_data; + struct ablkcipher_request *cur_req; +}; + +int crypto_transfer_request(struct crypto_engine *engine, + struct ablkcipher_request *req, bool need_pump); +int crypto_transfer_request_to_engine(struct crypto_engine *engine, + struct ablkcipher_request *req); +void crypto_finalize_request(struct crypto_engine *engine, + struct ablkcipher_request *req, int err); +int crypto_engine_start(struct crypto_engine *engine); +int crypto_engine_stop(struct crypto_engine *engine); +struct crypto_engine *crypto_engine_alloc_init(struct device *dev, bool rt); +int crypto_engine_exit(struct crypto_engine *engine); + extern const struct crypto_type crypto_ablkcipher_type; extern const struct crypto_type crypto_blkcipher_type; @@ -184,6 +254,10 @@ int crypto_enqueue_request(struct crypto_queue *queue, struct crypto_async_request *request); struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue); int crypto_tfm_in_queue(struct crypto_queue *queue, struct crypto_tfm *tfm); +static inline unsigned int crypto_queue_len(struct crypto_queue *queue) +{ + return queue->qlen; +} /* These functions require the input/output to be aligned as u32. */ void crypto_inc(u8 *a, unsigned int size); @@ -275,24 +349,6 @@ static inline struct cipher_alg *crypto_cipher_alg(struct crypto_cipher *tfm) return &crypto_cipher_tfm(tfm)->__crt_alg->cra_cipher; } -static inline struct crypto_hash *crypto_spawn_hash(struct crypto_spawn *spawn) -{ - u32 type = CRYPTO_ALG_TYPE_HASH; - u32 mask = CRYPTO_ALG_TYPE_HASH_MASK; - - return __crypto_hash_cast(crypto_spawn_tfm(spawn, type, mask)); -} - -static inline void *crypto_hash_ctx(struct crypto_hash *tfm) -{ - return crypto_tfm_ctx(&tfm->base); -} - -static inline void *crypto_hash_ctx_aligned(struct crypto_hash *tfm) -{ - return crypto_tfm_ctx_aligned(&tfm->base); -} - static inline void blkcipher_walk_init(struct blkcipher_walk *walk, struct scatterlist *dst, struct scatterlist *src, diff --git a/include/crypto/compress.h b/include/crypto/compress.h deleted file mode 100644 index 5b67af834d83..000000000000 --- a/include/crypto/compress.h +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Compress: Compression algorithms under the cryptographic API. - * - * Copyright 2008 Sony Corporation - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. - * If not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef _CRYPTO_COMPRESS_H -#define _CRYPTO_COMPRESS_H - -#include <linux/crypto.h> - - -struct comp_request { - const void *next_in; /* next input byte */ - void *next_out; /* next output byte */ - unsigned int avail_in; /* bytes available at next_in */ - unsigned int avail_out; /* bytes available at next_out */ -}; - -enum zlib_comp_params { - ZLIB_COMP_LEVEL = 1, /* e.g. Z_DEFAULT_COMPRESSION */ - ZLIB_COMP_METHOD, /* e.g. Z_DEFLATED */ - ZLIB_COMP_WINDOWBITS, /* e.g. MAX_WBITS */ - ZLIB_COMP_MEMLEVEL, /* e.g. DEF_MEM_LEVEL */ - ZLIB_COMP_STRATEGY, /* e.g. Z_DEFAULT_STRATEGY */ - __ZLIB_COMP_MAX, -}; - -#define ZLIB_COMP_MAX (__ZLIB_COMP_MAX - 1) - - -enum zlib_decomp_params { - ZLIB_DECOMP_WINDOWBITS = 1, /* e.g. DEF_WBITS */ - __ZLIB_DECOMP_MAX, -}; - -#define ZLIB_DECOMP_MAX (__ZLIB_DECOMP_MAX - 1) - - -struct crypto_pcomp { - struct crypto_tfm base; -}; - -struct pcomp_alg { - int (*compress_setup)(struct crypto_pcomp *tfm, const void *params, - unsigned int len); - int (*compress_init)(struct crypto_pcomp *tfm); - int (*compress_update)(struct crypto_pcomp *tfm, - struct comp_request *req); - int (*compress_final)(struct crypto_pcomp *tfm, - struct comp_request *req); - int (*decompress_setup)(struct crypto_pcomp *tfm, const void *params, - unsigned int len); - int (*decompress_init)(struct crypto_pcomp *tfm); - int (*decompress_update)(struct crypto_pcomp *tfm, - struct comp_request *req); - int (*decompress_final)(struct crypto_pcomp *tfm, - struct comp_request *req); - - struct crypto_alg base; -}; - -extern struct crypto_pcomp *crypto_alloc_pcomp(const char *alg_name, u32 type, - u32 mask); - -static inline struct crypto_tfm *crypto_pcomp_tfm(struct crypto_pcomp *tfm) -{ - return &tfm->base; -} - -static inline void crypto_free_pcomp(struct crypto_pcomp *tfm) -{ - crypto_destroy_tfm(tfm, crypto_pcomp_tfm(tfm)); -} - -static inline struct pcomp_alg *__crypto_pcomp_alg(struct crypto_alg *alg) -{ - return container_of(alg, struct pcomp_alg, base); -} - -static inline struct pcomp_alg *crypto_pcomp_alg(struct crypto_pcomp *tfm) -{ - return __crypto_pcomp_alg(crypto_pcomp_tfm(tfm)->__crt_alg); -} - -static inline int crypto_compress_setup(struct crypto_pcomp *tfm, - const void *params, unsigned int len) -{ - return crypto_pcomp_alg(tfm)->compress_setup(tfm, params, len); -} - -static inline int crypto_compress_init(struct crypto_pcomp *tfm) -{ - return crypto_pcomp_alg(tfm)->compress_init(tfm); -} - -static inline int crypto_compress_update(struct crypto_pcomp *tfm, - struct comp_request *req) -{ - return crypto_pcomp_alg(tfm)->compress_update(tfm, req); -} - -static inline int crypto_compress_final(struct crypto_pcomp *tfm, - struct comp_request *req) -{ - return crypto_pcomp_alg(tfm)->compress_final(tfm, req); -} - -static inline int crypto_decompress_setup(struct crypto_pcomp *tfm, - const void *params, unsigned int len) -{ - return crypto_pcomp_alg(tfm)->decompress_setup(tfm, params, len); -} - -static inline int crypto_decompress_init(struct crypto_pcomp *tfm) -{ - return crypto_pcomp_alg(tfm)->decompress_init(tfm); -} - -static inline int crypto_decompress_update(struct crypto_pcomp *tfm, - struct comp_request *req) -{ - return crypto_pcomp_alg(tfm)->decompress_update(tfm, req); -} - -static inline int crypto_decompress_final(struct crypto_pcomp *tfm, - struct comp_request *req) -{ - return crypto_pcomp_alg(tfm)->decompress_final(tfm, req); -} - -#endif /* _CRYPTO_COMPRESS_H */ diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h index 9756c70899d8..d961b2b16f55 100644 --- a/include/crypto/drbg.h +++ b/include/crypto/drbg.h @@ -117,10 +117,6 @@ struct drbg_state { void *priv_data; /* Cipher handle */ bool seeded; /* DRBG fully seeded? */ bool pr; /* Prediction resistance enabled? */ -#ifdef CONFIG_CRYPTO_FIPS - bool fips_primed; /* Continuous test primed? */ - unsigned char *prev; /* FIPS 140-2 continuous test value */ -#endif struct work_struct seed_work; /* asynchronous seeding support */ struct crypto_rng *jent; const struct drbg_state_ops *d_ops; diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 6361892ea737..1969f1416658 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -14,6 +14,7 @@ #define _CRYPTO_HASH_H #include <linux/crypto.h> +#include <linux/string.h> struct crypto_ahash; @@ -259,6 +260,28 @@ static inline void crypto_free_ahash(struct crypto_ahash *tfm) crypto_destroy_tfm(tfm, crypto_ahash_tfm(tfm)); } +/** + * crypto_has_ahash() - Search for the availability of an ahash. + * @alg_name: is the cra_name / name or cra_driver_name / driver name of the + * ahash + * @type: specifies the type of the ahash + * @mask: specifies the mask for the ahash + * + * Return: true when the ahash is known to the kernel crypto API; false + * otherwise + */ +int crypto_has_ahash(const char *alg_name, u32 type, u32 mask); + +static inline const char *crypto_ahash_alg_name(struct crypto_ahash *tfm) +{ + return crypto_tfm_alg_name(crypto_ahash_tfm(tfm)); +} + +static inline const char *crypto_ahash_driver_name(struct crypto_ahash *tfm) +{ + return crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm)); +} + static inline unsigned int crypto_ahash_alignmask( struct crypto_ahash *tfm) { @@ -550,6 +573,12 @@ static inline void ahash_request_free(struct ahash_request *req) kzfree(req); } +static inline void ahash_request_zero(struct ahash_request *req) +{ + memzero_explicit(req, sizeof(*req) + + crypto_ahash_reqsize(crypto_ahash_reqtfm(req))); +} + static inline struct ahash_request *ahash_request_cast( struct crypto_async_request *req) { @@ -657,6 +686,16 @@ static inline void crypto_free_shash(struct crypto_shash *tfm) crypto_destroy_tfm(tfm, crypto_shash_tfm(tfm)); } +static inline const char *crypto_shash_alg_name(struct crypto_shash *tfm) +{ + return crypto_tfm_alg_name(crypto_shash_tfm(tfm)); +} + +static inline const char *crypto_shash_driver_name(struct crypto_shash *tfm) +{ + return crypto_tfm_alg_driver_name(crypto_shash_tfm(tfm)); +} + static inline unsigned int crypto_shash_alignmask( struct crypto_shash *tfm) { @@ -872,4 +911,10 @@ int crypto_shash_final(struct shash_desc *desc, u8 *out); int crypto_shash_finup(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out); +static inline void shash_desc_zero(struct shash_desc *desc) +{ + memzero_explicit(desc, + sizeof(*desc) + crypto_shash_descsize(desc->tfm)); +} + #endif /* _CRYPTO_HASH_H */ diff --git a/include/crypto/internal/aead.h b/include/crypto/internal/aead.h index 5554cdd8d6c1..da3864991d4c 100644 --- a/include/crypto/internal/aead.h +++ b/include/crypto/internal/aead.h @@ -80,6 +80,12 @@ static inline u32 aead_request_flags(struct aead_request *req) return req->base.flags; } +static inline struct aead_request *aead_request_cast( + struct crypto_async_request *req) +{ + return container_of(req, struct aead_request, base); +} + static inline void crypto_set_aead_spawn( struct crypto_aead_spawn *spawn, struct crypto_instance *inst) { diff --git a/include/crypto/internal/compress.h b/include/crypto/internal/compress.h deleted file mode 100644 index 178a888d1d93..000000000000 --- a/include/crypto/internal/compress.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Compress: Compression algorithms under the cryptographic API. - * - * Copyright 2008 Sony Corporation - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. - * If not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef _CRYPTO_INTERNAL_COMPRESS_H -#define _CRYPTO_INTERNAL_COMPRESS_H - -#include <crypto/compress.h> - -extern int crypto_register_pcomp(struct pcomp_alg *alg); -extern int crypto_unregister_pcomp(struct pcomp_alg *alg); - -#endif /* _CRYPTO_INTERNAL_COMPRESS_H */ diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h index 3b4af1d7c7e9..49dae16f8929 100644 --- a/include/crypto/internal/hash.h +++ b/include/crypto/internal/hash.h @@ -57,9 +57,6 @@ int crypto_hash_walk_first(struct ahash_request *req, struct crypto_hash_walk *walk); int crypto_ahash_walk_first(struct ahash_request *req, struct crypto_hash_walk *walk); -int crypto_hash_walk_first_compat(struct hash_desc *hdesc, - struct crypto_hash_walk *walk, - struct scatterlist *sg, unsigned int len); static inline int crypto_ahash_walk_done(struct crypto_hash_walk *walk, int err) diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index fd8742a40ff3..905490c1da89 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -60,8 +60,7 @@ struct crypto_skcipher { unsigned int ivsize; unsigned int reqsize; - - bool has_setkey; + unsigned int keysize; struct crypto_tfm base; }; @@ -232,6 +231,12 @@ static inline int crypto_has_skcipher(const char *alg_name, u32 type, crypto_skcipher_mask(mask)); } +static inline const char *crypto_skcipher_driver_name( + struct crypto_skcipher *tfm) +{ + return crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); +} + /** * crypto_skcipher_ivsize() - obtain IV size * @tfm: cipher handle @@ -309,7 +314,13 @@ static inline int crypto_skcipher_setkey(struct crypto_skcipher *tfm, static inline bool crypto_skcipher_has_setkey(struct crypto_skcipher *tfm) { - return tfm->has_setkey; + return tfm->keysize; +} + +static inline unsigned int crypto_skcipher_default_keysize( + struct crypto_skcipher *tfm) +{ + return tfm->keysize; } /** @@ -440,6 +451,13 @@ static inline void skcipher_request_free(struct skcipher_request *req) kzfree(req); } +static inline void skcipher_request_zero(struct skcipher_request *req) +{ + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + + memzero_explicit(req, sizeof(*req) + crypto_skcipher_reqsize(tfm)); +} + /** * skcipher_request_set_callback() - set asynchronous callback function * @req: request handle diff --git a/include/crypto/xts.h b/include/crypto/xts.h index 72c09eb56437..ede6b97b24cc 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -2,6 +2,9 @@ #define _CRYPTO_XTS_H #include <crypto/b128ops.h> +#include <linux/crypto.h> +#include <crypto/algapi.h> +#include <linux/fips.h> struct scatterlist; struct blkcipher_desc; @@ -24,4 +27,28 @@ int xts_crypt(struct blkcipher_desc *desc, struct scatterlist *dst, struct scatterlist *src, unsigned int nbytes, struct xts_crypt_req *req); +static inline int xts_check_key(struct crypto_tfm *tfm, + const u8 *key, unsigned int keylen) +{ + u32 *flags = &tfm->crt_flags; + + /* + * key consists of keys of equal size concatenated, therefore + * the length must be even. + */ + if (keylen % 2) { + *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; + return -EINVAL; + } + + /* ensure that the AES and tweak key are not identical */ + if (fips_enabled && + !crypto_memneq(key, key + (keylen / 2), keylen / 2)) { + *flags |= CRYPTO_TFM_RES_WEAK_KEY; + return -EINVAL; + } + + return 0; +} + #endif /* _CRYPTO_XTS_H */ diff --git a/include/linux/ccp.h b/include/linux/ccp.h index 7f437036baa4..915af3095b39 100644 --- a/include/linux/ccp.h +++ b/include/linux/ccp.h @@ -33,6 +33,18 @@ struct ccp_cmd; */ int ccp_present(void); +#define CCP_VSIZE 16 +#define CCP_VMASK ((unsigned int)((1 << CCP_VSIZE) - 1)) +#define CCP_VERSION(v, r) ((unsigned int)((v << CCP_VSIZE) \ + | (r & CCP_VMASK))) + +/** + * ccp_version - get the version of the CCP + * + * Returns a positive version number, or zero if no CCP + */ +unsigned int ccp_version(void); + /** * ccp_enqueue_cmd - queue an operation for processing by the CCP * @@ -65,6 +77,11 @@ static inline int ccp_present(void) return -ENODEV; } +static inline unsigned int ccp_version(void) +{ + return 0; +} + static inline int ccp_enqueue_cmd(struct ccp_cmd *cmd) { return -ENODEV; diff --git a/include/linux/crypto.h b/include/linux/crypto.h index e71cb70a1ac2..99c94899ad0f 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -54,7 +54,6 @@ #define CRYPTO_ALG_TYPE_AHASH 0x0000000a #define CRYPTO_ALG_TYPE_RNG 0x0000000c #define CRYPTO_ALG_TYPE_AKCIPHER 0x0000000d -#define CRYPTO_ALG_TYPE_PCOMPRESS 0x0000000f #define CRYPTO_ALG_TYPE_HASH_MASK 0x0000000e #define CRYPTO_ALG_TYPE_AHASH_MASK 0x0000000c @@ -137,7 +136,6 @@ struct scatterlist; struct crypto_ablkcipher; struct crypto_async_request; struct crypto_blkcipher; -struct crypto_hash; struct crypto_tfm; struct crypto_type; struct skcipher_givcrypt_request; @@ -187,11 +185,6 @@ struct cipher_desc { void *info; }; -struct hash_desc { - struct crypto_hash *tfm; - u32 flags; -}; - /** * DOC: Block Cipher Algorithm Definitions * @@ -519,18 +512,6 @@ struct cipher_tfm { void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); }; -struct hash_tfm { - int (*init)(struct hash_desc *desc); - int (*update)(struct hash_desc *desc, - struct scatterlist *sg, unsigned int nsg); - int (*final)(struct hash_desc *desc, u8 *out); - int (*digest)(struct hash_desc *desc, struct scatterlist *sg, - unsigned int nsg, u8 *out); - int (*setkey)(struct crypto_hash *tfm, const u8 *key, - unsigned int keylen); - unsigned int digestsize; -}; - struct compress_tfm { int (*cot_compress)(struct crypto_tfm *tfm, const u8 *src, unsigned int slen, @@ -543,7 +524,6 @@ struct compress_tfm { #define crt_ablkcipher crt_u.ablkcipher #define crt_blkcipher crt_u.blkcipher #define crt_cipher crt_u.cipher -#define crt_hash crt_u.hash #define crt_compress crt_u.compress struct crypto_tfm { @@ -554,7 +534,6 @@ struct crypto_tfm { struct ablkcipher_tfm ablkcipher; struct blkcipher_tfm blkcipher; struct cipher_tfm cipher; - struct hash_tfm hash; struct compress_tfm compress; } crt_u; @@ -581,10 +560,6 @@ struct crypto_comp { struct crypto_tfm base; }; -struct crypto_hash { - struct crypto_tfm base; -}; - enum { CRYPTOA_UNSPEC, CRYPTOA_ALG, @@ -1577,233 +1552,6 @@ static inline void crypto_cipher_decrypt_one(struct crypto_cipher *tfm, dst, src); } -/** - * DOC: Synchronous Message Digest API - * - * The synchronous message digest API is used with the ciphers of type - * CRYPTO_ALG_TYPE_HASH (listed as type "hash" in /proc/crypto) - */ - -static inline struct crypto_hash *__crypto_hash_cast(struct crypto_tfm *tfm) -{ - return (struct crypto_hash *)tfm; -} - -static inline struct crypto_hash *crypto_hash_cast(struct crypto_tfm *tfm) -{ - BUG_ON((crypto_tfm_alg_type(tfm) ^ CRYPTO_ALG_TYPE_HASH) & - CRYPTO_ALG_TYPE_HASH_MASK); - return __crypto_hash_cast(tfm); -} - -/** - * crypto_alloc_hash() - allocate synchronous message digest handle - * @alg_name: is the cra_name / name or cra_driver_name / driver name of the - * message digest cipher - * @type: specifies the type of the cipher - * @mask: specifies the mask for the cipher - * - * Allocate a cipher handle for a message digest. The returned struct - * crypto_hash is the cipher handle that is required for any subsequent - * API invocation for that message digest. - * - * Return: allocated cipher handle in case of success; IS_ERR() is true in case - * of an error, PTR_ERR() returns the error code. - */ -static inline struct crypto_hash *crypto_alloc_hash(const char *alg_name, - u32 type, u32 mask) -{ - type &= ~CRYPTO_ALG_TYPE_MASK; - mask &= ~CRYPTO_ALG_TYPE_MASK; - type |= CRYPTO_ALG_TYPE_HASH; - mask |= CRYPTO_ALG_TYPE_HASH_MASK; - - return __crypto_hash_cast(crypto_alloc_base(alg_name, type, mask)); -} - -static inline struct crypto_tfm *crypto_hash_tfm(struct crypto_hash *tfm) -{ - return &tfm->base; -} - -/** - * crypto_free_hash() - zeroize and free message digest handle - * @tfm: cipher handle to be freed - */ -static inline void crypto_free_hash(struct crypto_hash *tfm) -{ - crypto_free_tfm(crypto_hash_tfm(tfm)); -} - -/** - * crypto_has_hash() - Search for the availability of a message digest - * @alg_name: is the cra_name / name or cra_driver_name / driver name of the - * message digest cipher - * @type: specifies the type of the cipher - * @mask: specifies the mask for the cipher - * - * Return: true when the message digest cipher is known to the kernel crypto - * API; false otherwise - */ -static inline int crypto_has_hash(const char *alg_name, u32 type, u32 mask) -{ - type &= ~CRYPTO_ALG_TYPE_MASK; - mask &= ~CRYPTO_ALG_TYPE_MASK; - type |= CRYPTO_ALG_TYPE_HASH; - mask |= CRYPTO_ALG_TYPE_HASH_MASK; - - return crypto_has_alg(alg_name, type, mask); -} - -static inline struct hash_tfm *crypto_hash_crt(struct crypto_hash *tfm) -{ - return &crypto_hash_tfm(tfm)->crt_hash; -} - -/** - * crypto_hash_blocksize() - obtain block size for message digest - * @tfm: cipher handle - * - * The block size for the message digest cipher referenced with the cipher - * handle is returned. - * - * Return: block size of cipher - */ -static inline unsigned int crypto_hash_blocksize(struct crypto_hash *tfm) -{ - return crypto_tfm_alg_blocksize(crypto_hash_tfm(tfm)); -} - -static inline unsigned int crypto_hash_alignmask(struct crypto_hash *tfm) -{ - return crypto_tfm_alg_alignmask(crypto_hash_tfm(tfm)); -} - -/** - * crypto_hash_digestsize() - obtain message digest size - * @tfm: cipher handle - * - * The size for the message digest created by the message digest cipher - * referenced with the cipher handle is returned. - * - * Return: message digest size - */ -static inline unsigned int crypto_hash_digestsize(struct crypto_hash *tfm) -{ - return crypto_hash_crt(tfm)->digestsize; -} - -static inline u32 crypto_hash_get_flags(struct crypto_hash *tfm) -{ - return crypto_tfm_get_flags(crypto_hash_tfm(tfm)); -} - -static inline void crypto_hash_set_flags(struct crypto_hash *tfm, u32 flags) -{ - crypto_tfm_set_flags(crypto_hash_tfm(tfm), flags); -} - -static inline void crypto_hash_clear_flags(struct crypto_hash *tfm, u32 flags) -{ - crypto_tfm_clear_flags(crypto_hash_tfm(tfm), flags); -} - -/** - * crypto_hash_init() - (re)initialize message digest handle - * @desc: cipher request handle that to be filled by caller -- - * desc.tfm is filled with the hash cipher handle; - * desc.flags is filled with either CRYPTO_TFM_REQ_MAY_SLEEP or 0. - * - * The call (re-)initializes the message digest referenced by the hash cipher - * request handle. Any potentially existing state created by previous - * operations is discarded. - * - * Return: 0 if the message digest initialization was successful; < 0 if an - * error occurred - */ -static inline int crypto_hash_init(struct hash_desc *desc) -{ - return crypto_hash_crt(desc->tfm)->init(desc); -} - -/** - * crypto_hash_update() - add data to message digest for processing - * @desc: cipher request handle - * @sg: scatter / gather list pointing to the data to be added to the message - * digest - * @nbytes: number of bytes to be processed from @sg - * - * Updates the message digest state of the cipher handle pointed to by the - * hash cipher request handle with the input data pointed to by the - * scatter/gather list. - * - * Return: 0 if the message digest update was successful; < 0 if an error - * occurred - */ -static inline int crypto_hash_update(struct hash_desc *desc, - struct scatterlist *sg, - unsigned int nbytes) -{ - return crypto_hash_crt(desc->tfm)->update(desc, sg, nbytes); -} - -/** - * crypto_hash_final() - calculate message digest - * @desc: cipher request handle - * @out: message digest output buffer -- The caller must ensure that the out - * buffer has a sufficient size (e.g. by using the crypto_hash_digestsize - * function). - * - * Finalize the message digest operation and create the message digest - * based on all data added to the cipher handle. The message digest is placed - * into the output buffer. - * - * Return: 0 if the message digest creation was successful; < 0 if an error - * occurred - */ -static inline int crypto_hash_final(struct hash_desc *desc, u8 *out) -{ - return crypto_hash_crt(desc->tfm)->final(desc, out); -} - -/** - * crypto_hash_digest() - calculate message digest for a buffer - * @desc: see crypto_hash_final() - * @sg: see crypto_hash_update() - * @nbytes: see crypto_hash_update() - * @out: see crypto_hash_final() - * - * This function is a "short-hand" for the function calls of crypto_hash_init, - * crypto_hash_update and crypto_hash_final. The parameters have the same - * meaning as discussed for those separate three functions. - * - * Return: 0 if the message digest creation was successful; < 0 if an error - * occurred - */ -static inline int crypto_hash_digest(struct hash_desc *desc, - struct scatterlist *sg, - unsigned int nbytes, u8 *out) -{ - return crypto_hash_crt(desc->tfm)->digest(desc, sg, nbytes, out); -} - -/** - * crypto_hash_setkey() - set key for message digest - * @hash: cipher handle - * @key: buffer holding the key - * @keylen: length of the key in bytes - * - * The caller provided key is set for the message digest cipher. The cipher - * handle must point to a keyed hash in order for this function to succeed. - * - * Return: 0 if the setting of the key was successful; < 0 if an error occurred - */ -static inline int crypto_hash_setkey(struct crypto_hash *hash, - const u8 *key, unsigned int keylen) -{ - return crypto_hash_crt(hash)->setkey(hash, key, keylen); -} - static inline struct crypto_comp *__crypto_comp_cast(struct crypto_tfm *tfm) { return (struct crypto_comp *)tfm; diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h index df02a4188487..7df625d41e35 100644 --- a/include/linux/sunrpc/gss_krb5.h +++ b/include/linux/sunrpc/gss_krb5.h @@ -36,7 +36,7 @@ * */ -#include <linux/crypto.h> +#include <crypto/skcipher.h> #include <linux/sunrpc/auth_gss.h> #include <linux/sunrpc/gss_err.h> #include <linux/sunrpc/gss_asn1.h> @@ -71,10 +71,10 @@ struct gss_krb5_enctype { const u32 keyed_cksum; /* is it a keyed cksum? */ const u32 keybytes; /* raw key len, in bytes */ const u32 keylength; /* final key len, in bytes */ - u32 (*encrypt) (struct crypto_blkcipher *tfm, + u32 (*encrypt) (struct crypto_skcipher *tfm, void *iv, void *in, void *out, int length); /* encryption function */ - u32 (*decrypt) (struct crypto_blkcipher *tfm, + u32 (*decrypt) (struct crypto_skcipher *tfm, void *iv, void *in, void *out, int length); /* decryption function */ u32 (*mk_key) (const struct gss_krb5_enctype *gk5e, @@ -98,12 +98,12 @@ struct krb5_ctx { u32 enctype; u32 flags; const struct gss_krb5_enctype *gk5e; /* enctype-specific info */ - struct crypto_blkcipher *enc; - struct crypto_blkcipher *seq; - struct crypto_blkcipher *acceptor_enc; - struct crypto_blkcipher *initiator_enc; - struct crypto_blkcipher *acceptor_enc_aux; - struct crypto_blkcipher *initiator_enc_aux; + struct crypto_skcipher *enc; + struct crypto_skcipher *seq; + struct crypto_skcipher *acceptor_enc; + struct crypto_skcipher *initiator_enc; + struct crypto_skcipher *acceptor_enc_aux; + struct crypto_skcipher *initiator_enc_aux; u8 Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */ u8 cksum[GSS_KRB5_MAX_KEYLEN]; s32 endtime; @@ -262,24 +262,24 @@ gss_unwrap_kerberos(struct gss_ctx *ctx_id, int offset, u32 -krb5_encrypt(struct crypto_blkcipher *key, +krb5_encrypt(struct crypto_skcipher *key, void *iv, void *in, void *out, int length); u32 -krb5_decrypt(struct crypto_blkcipher *key, +krb5_decrypt(struct crypto_skcipher *key, void *iv, void *in, void *out, int length); int -gss_encrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *outbuf, +gss_encrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *outbuf, int offset, struct page **pages); int -gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf, +gss_decrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *inbuf, int offset); s32 krb5_make_seq_num(struct krb5_ctx *kctx, - struct crypto_blkcipher *key, + struct crypto_skcipher *key, int direction, u32 seqnum, unsigned char *cksum, unsigned char *buf); @@ -320,12 +320,12 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, int krb5_rc4_setup_seq_key(struct krb5_ctx *kctx, - struct crypto_blkcipher *cipher, + struct crypto_skcipher *cipher, unsigned char *cksum); int krb5_rc4_setup_enc_key(struct krb5_ctx *kctx, - struct crypto_blkcipher *cipher, + struct crypto_skcipher *cipher, s32 seqnum); void gss_krb5_make_confounder(char *p, u32 conflen); diff --git a/include/net/sctp/auth.h b/include/net/sctp/auth.h index f2d58aa37a6f..9b9fb122b31f 100644 --- a/include/net/sctp/auth.h +++ b/include/net/sctp/auth.h @@ -31,12 +31,12 @@ #define __sctp_auth_h__ #include <linux/list.h> -#include <linux/crypto.h> struct sctp_endpoint; struct sctp_association; struct sctp_authkey; struct sctp_hmacalgo; +struct crypto_shash; /* * Define a generic struct that will hold all the info @@ -90,7 +90,7 @@ int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep, struct sctp_association *asoc, gfp_t gfp); int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp); -void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[]); +void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[]); struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id); struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc); void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc, diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 205630bb5010..5a57409da37b 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -82,7 +82,7 @@ struct sctp_bind_addr; struct sctp_ulpq; struct sctp_ep_common; struct sctp_ssnmap; -struct crypto_hash; +struct crypto_shash; #include <net/sctp/tsnmap.h> @@ -166,7 +166,7 @@ struct sctp_sock { struct sctp_pf *pf; /* Access to HMAC transform. */ - struct crypto_hash *hmac; + struct crypto_shash *hmac; char *sctp_hmac_alg; /* What is our base endpointer? */ @@ -1234,7 +1234,7 @@ struct sctp_endpoint { /* SCTP AUTH: array of the HMACs that will be allocated * we need this per association so that we don't serialize */ - struct crypto_hash **auth_hmacs; + struct crypto_shash **auth_hmacs; /* SCTP-AUTH: hmacs for the endpoint encoded into parameter */ struct sctp_hmac_algo_param *auth_hmacs_list; diff --git a/include/net/tcp.h b/include/net/tcp.h index ae6468f5c9f3..b04bc989ad6c 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -27,7 +27,6 @@ #include <linux/cache.h> #include <linux/percpu.h> #include <linux/skbuff.h> -#include <linux/crypto.h> #include <linux/cryptohash.h> #include <linux/kref.h> #include <linux/ktime.h> @@ -1325,9 +1324,6 @@ static inline void tcp_clear_all_retrans_hints(struct tcp_sock *tp) tp->retransmit_skb_hint = NULL; } -/* MD5 Signature */ -struct crypto_hash; - union tcp_md5_addr { struct in_addr a4; #if IS_ENABLED(CONFIG_IPV6) @@ -1376,7 +1372,7 @@ union tcp_md5sum_block { /* - pool: digest algorithm, hash description and scratch buffer */ struct tcp_md5sig_pool { - struct hash_desc md5_desc; + struct ahash_request *md5_req; union tcp_md5sum_block md5_blk; }; diff --git a/include/scsi/libiscsi_tcp.h b/include/scsi/libiscsi_tcp.h index 2a7aa75dd009..30520d5ee3d1 100644 --- a/include/scsi/libiscsi_tcp.h +++ b/include/scsi/libiscsi_tcp.h @@ -26,7 +26,7 @@ struct iscsi_tcp_conn; struct iscsi_segment; struct sk_buff; -struct hash_desc; +struct ahash_request; typedef int iscsi_segment_done_fn_t(struct iscsi_tcp_conn *, struct iscsi_segment *); @@ -38,7 +38,7 @@ struct iscsi_segment { unsigned int total_size; unsigned int total_copied; - struct hash_desc *hash; + struct ahash_request *hash; unsigned char padbuf[ISCSI_PAD_LEN]; unsigned char recv_digest[ISCSI_DIGEST_SIZE]; unsigned char digest[ISCSI_DIGEST_SIZE]; @@ -73,7 +73,7 @@ struct iscsi_tcp_conn { /* control data */ struct iscsi_tcp_recv in; /* TCP receive context */ /* CRC32C (Rx) LLD should set this is they do not offload */ - struct hash_desc *rx_hash; + struct ahash_request *rx_hash; }; struct iscsi_tcp_task { @@ -111,15 +111,16 @@ extern void iscsi_tcp_segment_unmap(struct iscsi_segment *segment); extern void iscsi_segment_init_linear(struct iscsi_segment *segment, void *data, size_t size, iscsi_segment_done_fn_t *done, - struct hash_desc *hash); + struct ahash_request *hash); extern int iscsi_segment_seek_sg(struct iscsi_segment *segment, struct scatterlist *sg_list, unsigned int sg_count, unsigned int offset, size_t size, - iscsi_segment_done_fn_t *done, struct hash_desc *hash); + iscsi_segment_done_fn_t *done, + struct ahash_request *hash); /* digest helpers */ -extern void iscsi_tcp_dgst_header(struct hash_desc *hash, const void *hdr, +extern void iscsi_tcp_dgst_header(struct ahash_request *hash, const void *hdr, size_t hdrlen, unsigned char digest[ISCSI_DIGEST_SIZE]); extern struct iscsi_cls_conn * diff --git a/include/target/iscsi/iscsi_target_core.h b/include/target/iscsi/iscsi_target_core.h index 373d3342002b..c3371fa548cb 100644 --- a/include/target/iscsi/iscsi_target_core.h +++ b/include/target/iscsi/iscsi_target_core.h @@ -570,8 +570,8 @@ struct iscsi_conn { spinlock_t response_queue_lock; spinlock_t state_lock; /* libcrypto RX and TX contexts for crc32c */ - struct hash_desc conn_rx_hash; - struct hash_desc conn_tx_hash; + struct ahash_request *conn_rx_hash; + struct ahash_request *conn_tx_hash; /* Used for scheduling TX and RX connection kthreads */ cpumask_var_t conn_cpumask; unsigned int conn_rx_reset_cpumask:1; |