This patch replaces the 32-bit counters in sha512_generic with
64-bit counters.  It also switches the bit count to the simpler
byte count.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch renames struct sha512_ctx and exports it as struct
sha512_state so that other sha512 implementations can use it
as the reference structure for exporting their state.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When an shash algorithm is exported as ahash, ahash will access
its digest size through hash_alg_common.  That's why the shash
layout needs to match hash_alg_common.  This wasn't the case
because the alignment weren't identical.

This patch fixes the problem.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch exports the finup operation where available and adds
a default finup operation for ahash.  The operations final, finup
and digest also will now deal with unaligned result pointers by
copying it.  Finally export/import operations are will now be
exported too.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Now that all ahash implementations have been converted to the new
ahash type, we can remove old_ahash_alg and its associated support.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch changes crypto4xx to use the new style ahash type.
In particular, we now use ahash_alg to define ahash algorithms
instead of crypto_alg.

This is achieved by introducing a union that encapsulates the
new type and the existing crypto_alg structure.  They're told
apart through a u32 field containing the type value.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch changes cryptd to use the template->create function
instead of alloc in anticipation for the switch to new style
ahash algorithms.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helpers crypto_drop_ahash and crypto_drop_shash
so that these spawns can be dropped without ugly casts.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds support for creating ahash instances and using
ahash as spawns.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch converts crypto_ahash to the new style.  The old ahash
algorithm type is retained until the existing ahash implementations
are also converted.  All ahash users will automatically get the
new crypto_ahash type.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

As the extsize and init_tfm functions belong to the frontend the
frontend argument is superfluous.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helper crypto_ahash_set_reqsize so that
implementations do not directly access the crypto_ahash structure.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch exports the async functions so that they can be reused
by cryptd when it switches over to using shash.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch changes descsize to a run-time attribute so that
implementations can change it in their init functions.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch changes the kfree call to kzfree for async requests.
As the request may contain sensitive data it needs to be zeroed
before it can be reallocated by others.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds export/import support to sha256_generic.  The exported
type is defined by struct sha256_state, which is basically the entire
descriptor state of sha256_generic.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds export/import support to sha1_generic.  The exported
type is defined by struct sha1_state, which is basically the entire
descriptor state of sha1_generic.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch replaces the full descriptor export with an export of
the partial hash state.  This allows the use of a consistent export
format across all implementations of a given algorithm.

This is useful because a number of cases require the use of the
partial hash state, e.g., PadLock can use the SHA1 hash state
to get around the fact that it can only hash contiguous data
chunks.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helper shash_instance_ctx which is the shash
analogue of crypto_instance_ctx.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds __crypto_shash_cast which turns a crypto_tfm
into crypto_shash.  It's analogous to the other __crypto_*_cast
functions.

It hasn't been needed until now since no existing shash algorithms
have had an init function.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds crypto_shash_ctx_aligned which will be needed
by hmac after its conversion to shash.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds shash_register_instance so that shash instances
can be registered without bypassing the shash checks applied to
normal algorithms.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helper shash_attr_alg2 which locates a shash
algorithm based on the information in the given attribute.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the helper crypto_attr_alg2 which is similar to
crypto_attr_alg but takes an extra frontend argument.  This is
intended to be used by new style algorithm types such as shash.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds the functions needed to create and use shash
spawns, i.e., to use shash algorithms in a template.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch modifies the spawn infrastructure to support new style
algorithms like shash.  In particular, this means storing the
frontend type in the spawn and using crypto_create_tfm to allocate
the tfm.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds shash_instance and the associated alloc/free
functions.  This is meant to be an instance that with a shash
algorithm under it.  Note that the instance itself doesn't have
to be shash.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch adds a new argument to crypto_alloc_instance which
sets aside some space before the instance for use by algorithms
such as shash that place type-specific data before crypto_alg.

For compatibility the function has been renamed so that existing
users aren't affected.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch introduces the template->create function intended
to replace the existing alloc function.  The intention is for
create to handle the registration directly, whereas currently
the caller of alloc has to handle the registration.

This allows type-specific code to be run prior to registration.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: NGeert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The current "comp" crypto interface supports one-shot (de)compression only,
i.e. the whole data buffer to be (de)compressed must be passed at once, and
the whole (de)compressed data buffer will be received at once.
In several use-cases (e.g. compressed file systems that store files in big
compressed blocks), this workflow is not suitable.
Furthermore, the "comp" type doesn't provide for the configuration of
(de)compression parameters, and always allocates workspace memory for both
compression and decompression, which may waste memory.

To solve this, add a "pcomp" partial (de)compression interface that provides
the following operations:
  - crypto_compress_{init,update,final}() for compression,
  - crypto_decompress_{init,update,final}() for decompression,
  - crypto_{,de}compress_setup(), to configure (de)compression parameters
    (incl. allocating workspace memory).

The (de)compression methods take a struct comp_request, which was mimicked
after the z_stream object in zlib, and contains buffer pointer and length
pairs for input and output.

The setup methods take an opaque parameter pointer and length pair. Parameters
are supposed to be encoded using netlink attributes, whose meanings depend on
the actual (name of the) (de)compression algorithm.
Signed-off-by: NGeert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Use dedicated workqueue for crypto subsystem

A dedicated workqueue named kcrypto_wq is created to be used by crypto
subsystem. The system shared keventd_wq is not suitable for
encryption/decryption, because of potential starvation problem.
Signed-off-by: NHuang Ying <ying.huang@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This function is needed by algorithms that don't know their own
block size, e.g., in s390 where the code is common between multiple
versions of SHA.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

cryptd_alloc_ablkcipher() will allocate a cryptd-ed ablkcipher for
specified algorithm name. The new allocated one is guaranteed to be
cryptd-ed ablkcipher, so the blkcipher underlying can be gotten via
cryptd_ablkcipher_child().
Signed-off-by: NHuang Ying <ying.huang@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The Intel AES-NI AES acceleration instructions need key_enc, key_dec
in struct crypto_aes_ctx to be 16 byte aligned, it make this easier to
move key_length to be the last one.
Signed-off-by: NHuang Ying <ying.huang@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

We were freeing an offset into the slab object instead of the
start.  This patch fixes it by calling crypto_destroy_tfm which
allows the correct address to be given.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The tables used by the various AES algorithms are currently
computed at run-time.  This has created an init ordering problem
because some AES algorithms may be registered before the tables
have been initialised.

This patch gets around this whole thing by precomputing the tables.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This patch allows shash algorithms to be used through the old hash
interface.  This is a transitional measure so we can convert the
underlying algorithms to shash before converting the users across.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

It is often useful to save the partial state of a hash function
so that it can be used as a base for two or more computations.

The most prominent example is HMAC where all hashes start from
a base determined by the key.  Having an import/export interface
means that we only have to compute that base once rather than
for each message.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The shash interface replaces the current synchronous hash interface.
It improves over hash in two ways.  Firstly shash is reentrant,
meaning that the same tfm may be used by two threads simultaneously
as all hashing state is stored in a local descriptor.

The other enhancement is that shash no longer takes scatter list
entries.  This is because shash is specifically designed for
synchronous algorithms and as such scatter lists are unnecessary.

All existing hash users will be converted to shash once the
algorithms have been completely converted.

There is also a new finup function that combines update with final.
This will be extended to ahash once the algorithm conversion is
done.

This is also the first time that an algorithm type has their own
registration function.  Existing algorithm types will be converted
to this way in due course.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>