diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-07-05 12:22:23 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-07-05 12:22:23 -0700 |
commit | 8ad06e56dcbc1984ef0ff8f6e3c19982c5809f73 (patch) | |
tree | 74bc746a4f18eeddfc085b76c776ddcf2c798cfa /crypto | |
parent | 59005b0c59a164101b0273e4bda212c809dc2246 (diff) | |
parent | 035f901eac4d2d0fd40f3055026355d55d46949f (diff) |
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu:
"Algorithms:
- add private key generation to ecdh
Drivers:
- add generic gcm(aes) to aesni-intel
- add SafeXcel EIP197 crypto engine driver
- add ecb(aes), cfb(aes) and ecb(des3_ede) to cavium
- add support for CNN55XX adapters in cavium
- add ctr mode to chcr
- add support for gcm(aes) to omap"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (140 commits)
crypto: testmgr - Reenable sha1/aes in FIPS mode
crypto: ccp - Release locks before returning
crypto: cavium/nitrox - dma_mapping_error() returns bool
crypto: doc - fix typo in docs
Documentation/bindings: Document the SafeXel cryptographic engine driver
crypto: caam - fix gfp allocation flags (part II)
crypto: caam - fix gfp allocation flags (part I)
crypto: drbg - Fixes panic in wait_for_completion call
crypto: caam - make of_device_ids const.
crypto: vmx - remove unnecessary check
crypto: n2 - make of_device_ids const
crypto: inside-secure - use the base_end pointer in ring rollback
crypto: inside-secure - increase the batch size
crypto: inside-secure - only dequeue when needed
crypto: inside-secure - get the backlog before dequeueing the request
crypto: inside-secure - stop requeueing failed requests
crypto: inside-secure - use one queue per hw ring
crypto: inside-secure - update the context and request later
crypto: inside-secure - align the cipher and hash send functions
crypto: inside-secure - optimize DSE bufferability control
...
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/Kconfig | 1 | ||||
-rw-r--r-- | crypto/Makefile | 9 | ||||
-rw-r--r-- | crypto/aes_ti.c | 2 | ||||
-rw-r--r-- | crypto/algapi.c | 2 | ||||
-rw-r--r-- | crypto/crypto_engine.c | 23 | ||||
-rw-r--r-- | crypto/dh.c | 9 | ||||
-rw-r--r-- | crypto/dh_helper.c | 4 | ||||
-rw-r--r-- | crypto/drbg.c | 1 | ||||
-rw-r--r-- | crypto/ecc.c | 88 | ||||
-rw-r--r-- | crypto/ecc.h | 41 | ||||
-rw-r--r-- | crypto/ecdh.c | 29 | ||||
-rw-r--r-- | crypto/ecdh_helper.c | 4 | ||||
-rw-r--r-- | crypto/hmac.c | 5 | ||||
-rw-r--r-- | crypto/rng.c | 5 | ||||
-rw-r--r-- | crypto/rsa-pkcs1pad.c | 12 | ||||
-rw-r--r-- | crypto/rsa.c | 4 | ||||
-rw-r--r-- | crypto/tcrypt.c | 4 | ||||
-rw-r--r-- | crypto/testmgr.c | 128 | ||||
-rw-r--r-- | crypto/testmgr.h | 143 |
19 files changed, 397 insertions, 117 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index aac4bc90a138..caa770e535a2 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -130,6 +130,7 @@ config CRYPTO_DH config CRYPTO_ECDH tristate "ECDH algorithm" select CRYTPO_KPP + select CRYPTO_RNG_DEFAULT help Generic implementation of the ECDH algorithm diff --git a/crypto/Makefile b/crypto/Makefile index 8a44057240d5..d41f0331b085 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -33,10 +33,6 @@ obj-$(CONFIG_CRYPTO_KPP2) += kpp.o dh_generic-y := dh.o dh_generic-y += dh_helper.o obj-$(CONFIG_CRYPTO_DH) += dh_generic.o -ecdh_generic-y := ecc.o -ecdh_generic-y += ecdh.o -ecdh_generic-y += ecdh_helper.o -obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h @@ -138,6 +134,11 @@ obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o obj-$(CONFIG_CRYPTO_USER_API_RNG) += algif_rng.o obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o +ecdh_generic-y := ecc.o +ecdh_generic-y += ecdh.o +ecdh_generic-y += ecdh_helper.o +obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o + # # generic algorithms and the async_tx api # diff --git a/crypto/aes_ti.c b/crypto/aes_ti.c index 92644fd1ac19..03023b2290e8 100644 --- a/crypto/aes_ti.c +++ b/crypto/aes_ti.c @@ -114,7 +114,7 @@ static u32 mix_columns(u32 x) * | 0x2 0x3 0x1 0x1 | | x[0] | * | 0x1 0x2 0x3 0x1 | | x[1] | * | 0x1 0x1 0x2 0x3 | x | x[2] | - * | 0x3 0x1 0x1 0x3 | | x[3] | + * | 0x3 0x1 0x1 0x2 | | x[3] | */ u32 y = mul_by_x(x) ^ ror32(x, 16); diff --git a/crypto/algapi.c b/crypto/algapi.c index 9eed4ef9c971..e4cc7615a139 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -260,7 +260,7 @@ void crypto_alg_tested(const char *name, int err) goto found; } - printk(KERN_ERR "alg: Unexpected test result for %s: %d\n", name, err); + pr_err("alg: Unexpected test result for %s: %d\n", name, err); goto unlock; found: diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c index 727bd5c3569e..61e7c4e02fd2 100644 --- a/crypto/crypto_engine.c +++ b/crypto/crypto_engine.c @@ -70,7 +70,7 @@ static void crypto_pump_requests(struct crypto_engine *engine, if (engine->unprepare_crypt_hardware && engine->unprepare_crypt_hardware(engine)) - pr_err("failed to unprepare crypt hardware\n"); + dev_err(engine->dev, "failed to unprepare crypt hardware\n"); spin_lock_irqsave(&engine->queue_lock, flags); engine->idling = false; @@ -99,7 +99,7 @@ static void crypto_pump_requests(struct crypto_engine *engine, if (!was_busy && engine->prepare_crypt_hardware) { ret = engine->prepare_crypt_hardware(engine); if (ret) { - pr_err("failed to prepare crypt hardware\n"); + dev_err(engine->dev, "failed to prepare crypt hardware\n"); goto req_err; } } @@ -110,14 +110,15 @@ static void crypto_pump_requests(struct crypto_engine *engine, if (engine->prepare_hash_request) { ret = engine->prepare_hash_request(engine, hreq); if (ret) { - pr_err("failed to prepare request: %d\n", ret); + dev_err(engine->dev, "failed to prepare request: %d\n", + ret); goto req_err; } engine->cur_req_prepared = true; } ret = engine->hash_one_request(engine, hreq); if (ret) { - pr_err("failed to hash one request from queue\n"); + dev_err(engine->dev, "failed to hash one request from queue\n"); goto req_err; } return; @@ -126,19 +127,20 @@ static void crypto_pump_requests(struct crypto_engine *engine, if (engine->prepare_cipher_request) { ret = engine->prepare_cipher_request(engine, breq); if (ret) { - pr_err("failed to prepare request: %d\n", ret); + dev_err(engine->dev, "failed to prepare request: %d\n", + ret); goto req_err; } engine->cur_req_prepared = true; } ret = engine->cipher_one_request(engine, breq); if (ret) { - pr_err("failed to cipher one request from queue\n"); + dev_err(engine->dev, "failed to cipher one request from queue\n"); goto req_err; } return; default: - pr_err("failed to prepare request of unknown type\n"); + dev_err(engine->dev, "failed to prepare request of unknown type\n"); return; } @@ -275,7 +277,7 @@ void crypto_finalize_cipher_request(struct crypto_engine *engine, engine->unprepare_cipher_request) { ret = engine->unprepare_cipher_request(engine, req); if (ret) - pr_err("failed to unprepare request\n"); + dev_err(engine->dev, "failed to unprepare request\n"); } spin_lock_irqsave(&engine->queue_lock, flags); engine->cur_req = NULL; @@ -312,7 +314,7 @@ void crypto_finalize_hash_request(struct crypto_engine *engine, engine->unprepare_hash_request) { ret = engine->unprepare_hash_request(engine, req); if (ret) - pr_err("failed to unprepare request\n"); + dev_err(engine->dev, "failed to unprepare request\n"); } spin_lock_irqsave(&engine->queue_lock, flags); engine->cur_req = NULL; @@ -384,7 +386,7 @@ int crypto_engine_stop(struct crypto_engine *engine) spin_unlock_irqrestore(&engine->queue_lock, flags); if (ret) - pr_warn("could not stop engine\n"); + dev_warn(engine->dev, "could not stop engine\n"); return ret; } @@ -411,6 +413,7 @@ struct crypto_engine *crypto_engine_alloc_init(struct device *dev, bool rt) if (!engine) return NULL; + engine->dev = dev; engine->rt = rt; engine->running = false; engine->busy = false; diff --git a/crypto/dh.c b/crypto/dh.c index 87e3542cf1b8..b1032a5c1bfa 100644 --- a/crypto/dh.c +++ b/crypto/dh.c @@ -4,9 +4,9 @@ * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com> * * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public Licence + * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version - * 2 of the Licence, or (at your option) any later version. + * 2 of the License, or (at your option) any later version. */ #include <linux/module.h> @@ -85,6 +85,9 @@ static int dh_set_secret(struct crypto_kpp *tfm, const void *buf, struct dh_ctx *ctx = dh_get_ctx(tfm); struct dh params; + /* Free the old MPI key if any */ + dh_free_ctx(ctx); + if (crypto_dh_decode_key(buf, len, ¶ms) < 0) return -EINVAL; @@ -144,7 +147,7 @@ err_free_val: return ret; } -static int dh_max_size(struct crypto_kpp *tfm) +static unsigned int dh_max_size(struct crypto_kpp *tfm) { struct dh_ctx *ctx = dh_get_ctx(tfm); diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c index 02db76b20d00..8ba8a3f82620 100644 --- a/crypto/dh_helper.c +++ b/crypto/dh_helper.c @@ -3,9 +3,9 @@ * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com> * * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public Licence + * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version - * 2 of the Licence, or (at your option) any later version. + * 2 of the License, or (at your option) any later version. */ #include <linux/kernel.h> #include <linux/export.h> diff --git a/crypto/drbg.c b/crypto/drbg.c index cdb27ac4b226..633a88e93ab0 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1691,6 +1691,7 @@ static int drbg_init_sym_kernel(struct drbg_state *drbg) return PTR_ERR(sk_tfm); } drbg->ctr_handle = sk_tfm; + init_completion(&drbg->ctr_completion); req = skcipher_request_alloc(sk_tfm, GFP_KERNEL); if (!req) { diff --git a/crypto/ecc.c b/crypto/ecc.c index 414c78a9c214..633a9bcdc574 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -29,6 +29,7 @@ #include <linux/swab.h> #include <linux/fips.h> #include <crypto/ecdh.h> +#include <crypto/rng.h> #include "ecc.h" #include "ecc_curve_defs.h" @@ -904,7 +905,7 @@ static inline void ecc_swap_digits(const u64 *in, u64 *out, } int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, - const u8 *private_key, unsigned int private_key_len) + const u64 *private_key, unsigned int private_key_len) { int nbytes; const struct ecc_curve *curve = ecc_get_curve(curve_id); @@ -917,24 +918,77 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, if (private_key_len != nbytes) return -EINVAL; - if (vli_is_zero((const u64 *)&private_key[0], ndigits)) + if (vli_is_zero(private_key, ndigits)) return -EINVAL; /* Make sure the private key is in the range [1, n-1]. */ - if (vli_cmp(curve->n, (const u64 *)&private_key[0], ndigits) != 1) + if (vli_cmp(curve->n, private_key, ndigits) != 1) return -EINVAL; return 0; } -int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits, - const u8 *private_key, unsigned int private_key_len, - u8 *public_key, unsigned int public_key_len) +/* + * ECC private keys are generated using the method of extra random bits, + * equivalent to that described in FIPS 186-4, Appendix B.4.1. + * + * d = (c mod(n–1)) + 1 where c is a string of random bits, 64 bits longer + * than requested + * 0 <= c mod(n-1) <= n-2 and implies that + * 1 <= d <= n-1 + * + * This method generates a private key uniformly distributed in the range + * [1, n-1]. + */ +int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey) +{ + const struct ecc_curve *curve = ecc_get_curve(curve_id); + u64 priv[ndigits]; + unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; + unsigned int nbits = vli_num_bits(curve->n, ndigits); + int err; + + /* Check that N is included in Table 1 of FIPS 186-4, section 6.1.1 */ + if (nbits < 160) + return -EINVAL; + + /* + * FIPS 186-4 recommends that the private key should be obtained from a + * RBG with a security strength equal to or greater than the security + * strength associated with N. + * + * The maximum security strength identified by NIST SP800-57pt1r4 for + * ECC is 256 (N >= 512). + * + * This condition is met by the default RNG because it selects a favored + * DRBG with a security strength of 256. + */ + if (crypto_get_default_rng()) + err = -EFAULT; + + err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes); + crypto_put_default_rng(); + if (err) + return err; + + if (vli_is_zero(priv, ndigits)) + return -EINVAL; + + /* Make sure the private key is in the range [1, n-1]. */ + if (vli_cmp(curve->n, priv, ndigits) != 1) + return -EINVAL; + + ecc_swap_digits(priv, privkey, ndigits); + + return 0; +} + +int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits, + const u64 *private_key, u64 *public_key) { int ret = 0; struct ecc_point *pk; u64 priv[ndigits]; - unsigned int nbytes; const struct ecc_curve *curve = ecc_get_curve(curve_id); if (!private_key || !curve) { @@ -942,7 +996,7 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits, goto out; } - ecc_swap_digits((const u64 *)private_key, priv, ndigits); + ecc_swap_digits(private_key, priv, ndigits); pk = ecc_alloc_point(ndigits); if (!pk) { @@ -956,9 +1010,8 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits, goto err_free_point; } - nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; - ecc_swap_digits(pk->x, (u64 *)public_key, ndigits); - ecc_swap_digits(pk->y, (u64 *)&public_key[nbytes], ndigits); + ecc_swap_digits(pk->x, public_key, ndigits); + ecc_swap_digits(pk->y, &public_key[ndigits], ndigits); err_free_point: ecc_free_point(pk); @@ -967,9 +1020,8 @@ out: } int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, - const u8 *private_key, unsigned int private_key_len, - const u8 *public_key, unsigned int public_key_len, - u8 *secret, unsigned int secret_len) + const u64 *private_key, const u64 *public_key, + u64 *secret) { int ret = 0; struct ecc_point *product, *pk; @@ -999,13 +1051,13 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, goto err_alloc_product; } - ecc_swap_digits((const u64 *)public_key, pk->x, ndigits); - ecc_swap_digits((const u64 *)&public_key[nbytes], pk->y, ndigits); - ecc_swap_digits((const u64 *)private_key, priv, ndigits); + ecc_swap_digits(public_key, pk->x, ndigits); + ecc_swap_digits(&public_key[ndigits], pk->y, ndigits); + ecc_swap_digits(private_key, priv, ndigits); ecc_point_mult(product, pk, priv, rand_z, curve->p, ndigits); - ecc_swap_digits(product->x, (u64 *)secret, ndigits); + ecc_swap_digits(product->x, secret, ndigits); if (ecc_point_is_zero(product)) ret = -EFAULT; diff --git a/crypto/ecc.h b/crypto/ecc.h index 663d598c7406..e4fd4492c765 100644 --- a/crypto/ecc.h +++ b/crypto/ecc.h @@ -34,41 +34,51 @@ * ecc_is_key_valid() - Validate a given ECDH private key * * @curve_id: id representing the curve to use - * @ndigits: curve number of digits + * @ndigits: curve's number of digits * @private_key: private key to be used for the given curve - * @private_key_len: private key len + * @private_key_len: private key length * * Returns 0 if the key is acceptable, a negative value otherwise */ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, - const u8 *private_key, unsigned int private_key_len); + const u64 *private_key, unsigned int private_key_len); + +/** + * ecc_gen_privkey() - Generates an ECC private key. + * The private key is a random integer in the range 0 < random < n, where n is a + * prime that is the order of the cyclic subgroup generated by the distinguished + * point G. + * @curve_id: id representing the curve to use + * @ndigits: curve number of digits + * @private_key: buffer for storing the generated private key + * + * Returns 0 if the private key was generated successfully, a negative value + * if an error occurred. + */ +int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey); /** - * ecdh_make_pub_key() - Compute an ECC public key + * ecc_make_pub_key() - Compute an ECC public key * * @curve_id: id representing the curve to use + * @ndigits: curve's number of digits * @private_key: pregenerated private key for the given curve - * @private_key_len: length of private_key - * @public_key: buffer for storing the public key generated - * @public_key_len: length of the public_key buffer + * @public_key: buffer for storing the generated public key * * Returns 0 if the public key was generated successfully, a negative value * if an error occurred. */ -int ecdh_make_pub_key(const unsigned int curve_id, unsigned int ndigits, - const u8 *private_key, unsigned int private_key_len, - u8 *public_key, unsigned int public_key_len); +int ecc_make_pub_key(const unsigned int curve_id, unsigned int ndigits, + const u64 *private_key, u64 *public_key); /** * crypto_ecdh_shared_secret() - Compute a shared secret * * @curve_id: id representing the curve to use + * @ndigits: curve's number of digits * @private_key: private key of part A - * @private_key_len: length of private_key * @public_key: public key of counterpart B - * @public_key_len: length of public_key * @secret: buffer for storing the calculated shared secret - * @secret_len: length of the secret buffer * * Note: It is recommended that you hash the result of crypto_ecdh_shared_secret * before using it for symmetric encryption or HMAC. @@ -77,7 +87,6 @@ int ecdh_make_pub_key(const unsigned int curve_id, unsigned int ndigits, * if an error occurred. */ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, - const u8 *private_key, unsigned int private_key_len, - const u8 *public_key, unsigned int public_key_len, - u8 *secret, unsigned int secret_len); + const u64 *private_key, const u64 *public_key, + u64 *secret); #endif diff --git a/crypto/ecdh.c b/crypto/ecdh.c index 63ca33771e4e..61c7708905d0 100644 --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -4,9 +4,9 @@ * Authors: Salvator Benedetto <salvatore.benedetto@intel.com> * * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public Licence + * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version - * 2 of the Licence, or (at your option) any later version. + * 2 of the License, or (at your option) any later version. */ #include <linux/module.h> @@ -55,8 +55,12 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, ctx->curve_id = params.curve_id; ctx->ndigits = ndigits; + if (!params.key || !params.key_size) + return ecc_gen_privkey(ctx->curve_id, ctx->ndigits, + ctx->private_key); + if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, - (const u8 *)params.key, params.key_size) < 0) + (const u64 *)params.key, params.key_size) < 0) return -EINVAL; memcpy(ctx->private_key, params.key, params.key_size); @@ -81,16 +85,14 @@ static int ecdh_compute_value(struct kpp_request *req) return -EINVAL; ret = crypto_ecdh_shared_secret(ctx->curve_id, ctx->ndigits, - (const u8 *)ctx->private_key, nbytes, - (const u8 *)ctx->public_key, 2 * nbytes, - (u8 *)ctx->shared_secret, nbytes); + ctx->private_key, + ctx->public_key, + ctx->shared_secret); buf = ctx->shared_secret; } else { - ret = ecdh_make_pub_key(ctx->curve_id, ctx->ndigits, - (const u8 *)ctx->private_key, nbytes, - (u8 *)ctx->public_key, - sizeof(ctx->public_key)); + ret = ecc_make_pub_key(ctx->curve_id, ctx->ndigits, + ctx->private_key, ctx->public_key); buf = ctx->public_key; /* Public part is a point thus it has both coordinates */ nbytes *= 2; @@ -106,13 +108,12 @@ static int ecdh_compute_value(struct kpp_request *req) return ret; } -static int ecdh_max_size(struct crypto_kpp *tfm) +static unsigned int ecdh_max_size(struct crypto_kpp *tfm) { struct ecdh_ctx *ctx = ecdh_get_ctx(tfm); - int nbytes = ctx->ndigits << ECC_DIGITS_TO_BYTES_SHIFT; - /* Public key is made of two coordinates */ - return 2 * nbytes; + /* Public key is made of two coordinates, add one to the left shift */ + return ctx->ndigits << (ECC_DIGITS_TO_BYTES_SHIFT + 1); } static void no_exit_tfm(struct crypto_kpp *tfm) diff --git a/crypto/ecdh_helper.c b/crypto/ecdh_helper.c index 3cd8a2414e60..f05bea5fd257 100644 --- a/crypto/ecdh_helper.c +++ b/crypto/ecdh_helper.c @@ -3,9 +3,9 @@ * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com> * * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public Licence + * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version - * 2 of the Licence, or (at your option) any later version. + * 2 of the License, or (at your option) any later version. */ #include <linux/kernel.h> #include <linux/export.h> diff --git a/crypto/hmac.c b/crypto/hmac.c index 72e38c098bb3..92871dc2a63e 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -16,6 +16,7 @@ * */ +#include <crypto/hmac.h> #include <crypto/internal/hash.h> #include <crypto/scatterwalk.h> #include <linux/err.h> @@ -74,8 +75,8 @@ static int hmac_setkey(struct crypto_shash *parent, memcpy(opad, ipad, bs); for (i = 0; i < bs; i++) { - ipad[i] ^= 0x36; - opad[i] ^= 0x5c; + ipad[i] ^= HMAC_IPAD_VALUE; + opad[i] ^= HMAC_OPAD_VALUE; } return crypto_shash_init(shash) ?: diff --git a/crypto/rng.c b/crypto/rng.c index f46dac5288b9..5e8469244960 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -33,11 +33,6 @@ struct crypto_rng *crypto_default_rng; EXPORT_SYMBOL_GPL(crypto_default_rng); static int crypto_default_rng_refcnt; -static inline struct crypto_rng *__crypto_rng_cast(struct crypto_tfm *tfm) -{ - return container_of(tfm, struct crypto_rng, base); -} - int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen) { u8 *buf = NULL; diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index 8baab4307f7b..407c64bdcdd9 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -120,9 +120,6 @@ static int pkcs1pad_set_pub_key(struct crypto_akcipher *tfm, const void *key, /* Find out new modulus size from rsa implementation */ err = crypto_akcipher_maxsize(ctx->child); - if (err < 0) - return err; - if (err > PAGE_SIZE) return -ENOTSUPP; @@ -144,9 +141,6 @@ static int pkcs1pad_set_priv_key(struct crypto_akcipher *tfm, const void *key, /* Find out new modulus size from rsa implementation */ err = crypto_akcipher_maxsize(ctx->child); - if (err < 0) - return err; - if (err > PAGE_SIZE) return -ENOTSUPP; @@ -154,7 +148,7 @@ static int pkcs1pad_set_priv_key(struct crypto_akcipher *tfm, const void *key, return 0; } -static int pkcs1pad_get_max_size(struct crypto_akcipher *tfm) +static unsigned int pkcs1pad_get_max_size(struct crypto_akcipher *tfm) { struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm); @@ -164,7 +158,7 @@ static int pkcs1pad_get_max_size(struct crypto_akcipher *tfm) * decrypt/verify. */ - return ctx->key_size ?: -EINVAL; + return ctx->key_size; } static void pkcs1pad_sg_set_buf(struct scatterlist *sg, void *buf, size_t len, @@ -496,7 +490,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err) goto done; pos++; - if (memcmp(out_buf + pos, digest_info->data, digest_info->size)) + if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size)) goto done; pos += digest_info->size; diff --git a/crypto/rsa.c b/crypto/rsa.c index 4c280b6a3ea9..b067f3a93880 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -337,11 +337,11 @@ err: return -ENOMEM; } -static int rsa_max_size(struct crypto_akcipher *tfm) +static unsigned int rsa_max_size(struct crypto_akcipher *tfm) { struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); - return pkey->n ? mpi_get_size(pkey->n) : -EINVAL; + return mpi_get_size(pkey->n); } static void rsa_exit_tfm(struct crypto_akcipher *tfm) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 9a11f3c2bf98..0dd6a432d6ca 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -138,8 +138,6 @@ static int test_aead_cycles(struct aead_request *req, int enc, int blen) int ret = 0; int i; - local_irq_disable(); - /* Warm-up run. */ for (i = 0; i < 4; i++) { if (enc) @@ -169,8 +167,6 @@ static int test_aead_cycles(struct aead_request *req, int enc, int blen) } out: - local_irq_enable(); - if (ret == 0) printk("1 operation in %lu cycles (%d bytes)\n", (cycles + 4) / 8, blen); diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 6f5f3ed8376c..7125ba3880af 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -218,14 +218,14 @@ static int ahash_partial_update(struct ahash_request **preq, crypto_ahash_reqtfm(req)); state = kmalloc(statesize + sizeof(guard), GFP_KERNEL); if (!state) { - pr_err("alt: hash: Failed to alloc state for %s\n", algo); + pr_err("alg: hash: Failed to alloc state for %s\n", algo); goto out_nostate; } memcpy(state + statesize, guard, sizeof(guard)); ret = crypto_ahash_export(req, state); WARN_ON(memcmp(state + statesize, guard, sizeof(guard))); if (ret) { - pr_err("alt: hash: Failed to export() for %s\n", algo); + pr_err("alg: hash: Failed to export() for %s\n", algo); goto out; } ahash_request_free(req); @@ -344,19 +344,19 @@ static int __test_hash(struct crypto_ahash *tfm, } else { ret = wait_async_op(&tresult, crypto_ahash_init(req)); if (ret) { - pr_err("alt: hash: init failed on test %d " + pr_err("alg: hash: init failed on test %d " "for %s: ret=%d\n", j, algo, -ret); goto out; } ret = wait_async_op(&tresult, crypto_ahash_update(req)); if (ret) { - pr_err("alt: hash: update failed on test %d " + pr_err("alg: hash: update failed on test %d " "for %s: ret=%d\n", j, algo, -ret); goto out; } ret = wait_async_op(&tresult, crypto_ahash_final(req)); if (ret) { - pr_err("alt: hash: final failed on test %d " + pr_err("alg: hash: final failed on test %d " "for %s: ret=%d\n", j, algo, -ret); goto out; } @@ -488,13 +488,13 @@ static int __test_hash(struct crypto_ahash *tfm, ahash_request_set_crypt(req, sg, result, template[i].tap[0]); ret = wait_async_op(&tresult, crypto_ahash_init(req)); if (ret) { - pr_err("alt: hash: init failed on test %d for %s: ret=%d\n", + pr_err("alg: hash: init failed on test %d for %s: ret=%d\n", j, algo, -ret); goto out; } ret = wait_async_op(&tresult, crypto_ahash_update(req)); if (ret) { - pr_err("alt: hash: update failed on test %d for %s: ret=%d\n", + pr_err("alg: hash: update failed on test %d for %s: ret=%d\n", j, algo, -ret); goto out; } @@ -505,7 +505,7 @@ static int __test_hash(struct crypto_ahash *tfm, hash_buff, k, temp, &sg[0], algo, result, &tresult); if (ret) { - pr_err("hash: partial update failed on test %d for %s: ret=%d\n", + pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n", j, algo, -ret); goto out_noreq; } @@ -513,7 +513,7 @@ static int __test_hash(struct crypto_ahash *tfm, } ret = wait_async_op(&tresult, crypto_ahash_final(req)); if (ret) { - pr_err("alt: hash: final failed on test %d for %s: ret=%d\n", + pr_err("alg: hash: final failed on test %d for %s: ret=%d\n", j, algo, -ret); goto out; } @@ -1997,6 +1997,9 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, struct kpp_request *req; void *input_buf = NULL; void *output_buf = NULL; + void *a_public = NULL; + void *a_ss = NULL; + void *shared_secret = NULL; struct tcrypt_result result; unsigned int out_len_max; int err = -ENOMEM; @@ -2026,20 +2029,31 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, tcrypt_complete, &result); - /* Compute public key */ + /* Compute party A's public key */ err = wait_async_op(&result, crypto_kpp_generate_public_key(req)); if (err) { - pr_err("alg: %s: generate public key test failed. err %d\n", + pr_err("alg: %s: Party A: generate public key test failed. err %d\n", alg, err); goto free_output; } - /* Verify calculated public key */ - if (memcmp(vec->expected_a_public, sg_virt(req->dst), - vec->expected_a_public_size)) { - pr_err("alg: %s: generate public key test failed. Invalid output\n", - alg); - err = -EINVAL; - goto free_output; + + if (vec->genkey) { + /* Save party A's public key */ + a_public = kzalloc(out_len_max, GFP_KERNEL); + if (!a_public) { + err = -ENOMEM; + goto free_output; + } + memcpy(a_public, sg_virt(req->dst), out_len_max); + } else { + /* Verify calculated public key */ + if (memcmp(vec->expected_a_public, sg_virt(req->dst), + vec->expected_a_public_size)) { + pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n", + alg); + err = -EINVAL; + goto free_output; + } } /* Calculate shared secret key by using counter part (b) public key. */ @@ -2058,15 +2072,53 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, tcrypt_complete, &result); err = wait_async_op(&result, crypto_kpp_compute_shared_secret(req)); if (err) { - pr_err("alg: %s: compute shard secret test failed. err %d\n", + pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n", alg, err); goto free_all; } + + if (vec->genkey) { + /* Save the shared secret obtained by party A */ + a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL); + if (!a_ss) { + err = -ENOMEM; |