1. 29 1月, 2021 5 次提交
  2. 14 1月, 2021 16 次提交
  3. 08 1月, 2021 1 次提交
  4. 03 1月, 2021 8 次提交
    • E
      crypto: blake2b - update file comment · 0cdc438e
      Eric Biggers 提交于
      The file comment for blake2b_generic.c makes it sound like it's the
      reference implementation of BLAKE2b with only minor changes.  But it's
      actually been changed a lot.  Update the comment to make this clearer.
      Reviewed-by: NDavid Sterba <dsterba@suse.com>
      Acked-by: NArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      0cdc438e
    • E
      crypto: blake2b - sync with blake2s implementation · 28dcca4c
      Eric Biggers 提交于
      Sync the BLAKE2b code with the BLAKE2s code as much as possible:
      
      - Move a lot of code into new headers <crypto/blake2b.h> and
        <crypto/internal/blake2b.h>, and adjust it to be like the
        corresponding BLAKE2s code, i.e. like <crypto/blake2s.h> and
        <crypto/internal/blake2s.h>.
      
      - Rename constants, e.g. BLAKE2B_*_DIGEST_SIZE => BLAKE2B_*_HASH_SIZE.
      
      - Use a macro BLAKE2B_ALG() to define the shash_alg structs.
      
      - Export blake2b_compress_generic() for use as a fallback.
      
      This makes it much easier to add optimized implementations of BLAKE2b,
      as optimized implementations can use the helper functions
      crypto_blake2b_{setkey,init,update,final}() and
      blake2b_compress_generic().  The ARM implementation will use these.
      
      But this change is also helpful because it eliminates unnecessary
      differences between the BLAKE2b and BLAKE2s code, so that the same
      improvements can easily be made to both.  (The two algorithms are
      basically identical, except for the word size and constants.)  It also
      makes it straightforward to add a library API for BLAKE2b in the future
      if/when it's needed.
      
      This change does make the BLAKE2b code slightly more complicated than it
      needs to be, as it doesn't actually provide a library API yet.  For
      example, __blake2b_update() doesn't really need to exist yet; it could
      just be inlined into crypto_blake2b_update().  But I believe this is
      outweighed by the benefits of keeping the code in sync.
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Acked-by: NArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      28dcca4c
    • E
      crypto: blake2s - share the "shash" API boilerplate code · 8c4a93a1
      Eric Biggers 提交于
      Add helper functions for shash implementations of BLAKE2s to
      include/crypto/internal/blake2s.h, taking advantage of
      __blake2s_update() and __blake2s_final() that were added by the previous
      patch to share more code between the library and shash implementations.
      
      crypto_blake2s_setkey() and crypto_blake2s_init() are usable as
      shash_alg::setkey and shash_alg::init directly, while
      crypto_blake2s_update() and crypto_blake2s_final() take an extra
      'blake2s_compress_t' function pointer parameter.  This allows the
      implementation of the compression function to be overridden, which is
      the only part that optimized implementations really care about.
      
      The new functions are inline functions (similar to those in sha1_base.h,
      sha256_base.h, and sm3_base.h) because this avoids needing to add a new
      module blake2s_helpers.ko, they aren't *too* long, and this avoids
      indirect calls which are expensive these days.  Note that they can't go
      in blake2s_generic.ko, as that would require selecting CRYPTO_BLAKE2S
      from CRYPTO_BLAKE2S_X86, which would cause a recursive dependency.
      
      Finally, use these new helper functions in the x86 implementation of
      BLAKE2s.  (This part should be a separate patch, but unfortunately the
      x86 implementation used the exact same function names like
      "crypto_blake2s_update()", so it had to be updated at the same time.)
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Acked-by: NArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      8c4a93a1
    • E
      crypto: blake2s - remove unneeded includes · df412e7e
      Eric Biggers 提交于
      It doesn't make sense for the generic implementation of BLAKE2s to
      include <crypto/internal/simd.h> and <linux/jump_label.h>, as these are
      things that would only be useful in an architecture-specific
      implementation.  Remove these unnecessary includes.
      Acked-by: NArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      df412e7e
    • E
      crypto: blake2s - define shash_alg structs using macros · 0d396058
      Eric Biggers 提交于
      The shash_alg structs for the four variants of BLAKE2s are identical
      except for the algorithm name, driver name, and digest size.  So, avoid
      code duplication by using a macro to define these structs.
      Acked-by: NArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      0d396058
    • A
      crypto: remove cipher routines from public crypto API · 0eb76ba2
      Ard Biesheuvel 提交于
      The cipher routines in the crypto API are mostly intended for templates
      implementing skcipher modes generically in software, and shouldn't be
      used outside of the crypto subsystem. So move the prototypes and all
      related definitions to a new header file under include/crypto/internal.
      Also, let's use the new module namespace feature to move the symbol
      exports into a new namespace CRYPTO_INTERNAL.
      Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
      Acked-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      0eb76ba2
    • A
      crypto: tcrypt - avoid signed overflow in byte count · 303fd3e1
      Ard Biesheuvel 提交于
      The signed long type used for printing the number of bytes processed in
      tcrypt benchmarks limits the range to -/+ 2 GiB, which is not sufficient
      to cover the performance of common accelerated ciphers such as AES-NI
      when benchmarked with sec=1. So switch to u64 instead.
      
      While at it, fix up a missing printk->pr_cont conversion in the AEAD
      benchmark.
      Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      303fd3e1
    • A
      crypto: ecdh - avoid buffer overflow in ecdh_set_secret() · 0aa171e9
      Ard Biesheuvel 提交于
      Pavel reports that commit 17858b14 ("crypto: ecdh - avoid unaligned
      accesses in ecdh_set_secret()") fixes one problem but introduces another:
      the unconditional memcpy() introduced by that commit may overflow the
      target buffer if the source data is invalid, which could be the result of
      intentional tampering.
      
      So check params.key_size explicitly against the size of the target buffer
      before validating the key further.
      
      Fixes: 17858b14 ("crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()")
      Reported-by: NPavel Machek <pavel@denx.de>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      0aa171e9
  5. 04 12月, 2020 3 次提交
  6. 27 11月, 2020 7 次提交