- 29 Jan, 2015 2 commits
-
-
Kees Cook authored
commit 4943ba16 upstream. This adds the module loading prefix "crypto-" to the template lookup as well. For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly includes the "crypto-" prefix at every level, correctly rejecting "vfat": net-pf-38 algif-hash crypto-vfat(blowfish) crypto-vfat(blowfish)-all crypto-vfat Reported-by:
Mathias Krause <minipli@googlemail.com> Signed-off-by:
Kees Cook <keescook@chromium.org> Acked-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
Jiri Slaby <jslaby@suse.cz>
-
Kees Cook authored
commit 5d26a105 upstream. This prefixes all crypto module loading with "crypto-" so we never run the risk of exposing module auto-loading to userspace via a crypto API, as demonstrated by Mathias Krause: https://lkml.org/lkml/2013/3/4/70 Signed-off-by:
-
- 25 Apr, 2013 2 commits
-
-
Jussi Kivilinna authored
If the gcm cipher used by rfc4543 does not complete request immediately, the authentication tag is not copied to destination buffer. Patch adds correct async logic for this case. Signed-off-by:
Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by:
-
Jussi Kivilinna authored
The GMAC code assumes that dst==src, which causes problems when trying to add rfc4543(gcm(aes)) test vectors. So fix this code to work when source and destination buffer are different. Signed-off-by:
-
- 02 Apr, 2013 1 commit
-
-
Jussi Kivilinna authored
rfc4543(gcm(*)) code for GMAC assumes that assoc scatterlist always contains only one segment and only makes use of this first segment. However ipsec passes assoc with three segments when using 'extended sequence number' thus in this case rfc4543(gcm(*)) fails to function correctly. Patch fixes this issue. Reported-by:
Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com> Tested-by:
-
- 04 Feb, 2013 1 commit
-
-
Julia Lawall authored
Replace PTR_ERR followed by ERR_PTR by ERR_CAST, to be more concise. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/ ) // <smpl> @@ expression err,x; @@ - err = PTR_ERR(x); if (IS_ERR(x)) - return ERR_PTR(err); + return ERR_CAST(x); // </smpl> Signed-off-by:
Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by:
-
- 02 Dec, 2010 1 commit
-
-
Steffen Klassert authored
Use scatterwalk_crypto_chain in favor of locally defined chaining functions. Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by:
-
- 17 Jan, 2010 1 commit
-
-
Tobias Brunner authored
This patch adds the RFC4543 (GMAC) wrapper for GCM similar to the existing RFC4106 wrapper. The main differences between GCM and GMAC are the contents of the AAD and that the plaintext is empty for the latter. Signed-off-by:
Tobias Brunner <tobias@strongswan.org> Signed-off-by:
-
- 16 Nov, 2009 1 commit
-
-
Huang Ying authored
The flow of the complete function (xxx_done) in gcm.c is as follow: void complete(struct crypto_async_request *areq, int err) { struct aead_request *req = areq->data; if (!err) { err = async_next_step(); if (err == -EINPROGRESS || err == -EBUSY) return; } complete_for_next_step(areq, err); } But *areq may be destroyed in async_next_step(), this makes complete_for_next_step() can not work properly. To fix this, one of following methods is used for each complete function. - Add a __complete() for each complete(), which accept struct aead_request *req instead of areq, so avoid using areq after it is destroyed. - Expand complete_for_next_step(). The fixing method is based on the idea of Herbert Xu. Signed-off-by:Huang Ying <ying.huang@intel.com> Signed-off-by:
-
- 06 Aug, 2009 1 commit
-
-
Huang Ying authored
Remove the dedicated GHASH implementation in GCM, and uses the GHASH digest algorithm instead. This will make GCM uses hardware accelerated GHASH implementation automatically if available. ahash instead of shash interface is used, because some hardware accelerated GHASH implementation needs asynchronous interface. Signed-off-by:
-
- 10 Jan, 2008 13 commits
-
-
Herbert Xu authored
This patch introduces the rfc4106 wrapper for GCM just as we have an rfc4309 wrapper for CCM. The purpose of the wrapper is to include part of the IV in the key so that it can be negotiated by IPsec. Signed-off-by: -
Herbert Xu authored
This patch converts the gcm algorithm over to crypto_grab_skcipher which is a prerequisite for IV generation. Signed-off-by: -
Herbert Xu authored
This patch adds the gcm_base template which takes a block cipher parameter instead of cipher. This allows the user to specify a specific CTR implementation. This also fixes a leak of the cipher algorithm that was previously looked up but never freed. Signed-off-by: -
Herbert Xu authored
This patch adds the necessary changes for GCM to be used with async ciphers. This would allow it to be used with hardware devices that support CTR. Signed-off-by: -
Herbert Xu authored
As discussed previously, this patch moves the basic CTR functionality into a chainable algorithm called ctr. The IPsec-specific variant of it is now placed on top with the name rfc3686. So ctr(aes) gives a chainable cipher with IV size 16 while the IPsec variant will be called rfc3686(ctr(aes)). This patch also adjusts gcm accordingly. Signed-off-by: -
Herbert Xu authored
This patch fixes the request context alignment so that it is actually aligned to the value required by the algorithm. Signed-off-by: -
Herbert Xu authored
The abreq structure is currently allocated on the stack. This is broken if the underlying algorithm is asynchronous. This patch changes it so that it's taken from the private context instead which has been enlarged accordingly. Signed-off-by: -
Herbert Xu authored
Unfortunately the generic chaining hasn't been ported to all architectures yet, and notably not s390. So this patch restores the chainging that we've been using previously which does work everywhere. Signed-off-by: -
Herbert Xu authored
The scatterwalk infrastructure is used by algorithms so it needs to move out of crypto for future users that may live in drivers/crypto or asm/*/crypto. Signed-off-by: -
Herbert Xu authored
This patch changes gcm/authenc to return EBADMSG instead of EINVAL for ICV mismatches. This convention has already been adopted by IPsec. Signed-off-by: -
Herbert Xu authored
The crypto_aead convention for ICVs is to include it directly in the output. If we decided to change this in future then we would make the ICV (if the algorithm has an explicit one) available in the request itself. For now no algorithm needs this so this patch changes gcm to conform to this convention. It also adjusts the tcrypt aead tests to take this into account. Signed-off-by: -
Herbert Xu authored
As it is authsize is an algorithm paramter which cannot be changed at run-time. This is inconvenient because hardware that implements such algorithms would have to register each authsize that they support separately. Since authsize is a property common to all AEAD algorithms, we can add a function setauthsize that sets it at run-time, just like setkey. This patch does exactly that and also changes authenc so that authsize is no longer a parameter of its template. Signed-off-by: -
Mikko Herranen authored
Add GCM/GMAC support to cryptoapi. GCM (Galois/Counter Mode) is an AEAD mode of operations for any block cipher with a block size of 16. The typical example is AES-GCM. Signed-off-by:
Mikko Herranen <mh1@iki.fi> Reviewed-by:
Mika Kukkonen <mika.kukkonen@nsn.com> Signed-off-by:
-
