1. 18 Apr, 2019 1 commit
    • Eric Biggers's avatar
      crypto: run initcalls for generic implementations earlier · c4741b23
      Eric Biggers authored
      
      Use subsys_initcall for registration of all templates and generic
      algorithm implementations, rather than module_init.  Then change
      cryptomgr to use arch_initcall, to place it before the subsys_initcalls.
      
      This is needed so that when both a generic and optimized implementation
      of an algorithm are built into the kernel (not loadable modules), the
      generic implementation is registered before the optimized one.
      Otherwise, the self-tests for the optimized implementation are unable to
      allocate the generic implementation for the new comparison fuzz tests.
      
      Note that on arm, a side effect of this change is that self-tests for
      generic implementations may run before the unaligned access handler has
      been installed.  So, unaligned accesses will crash the kernel.  This is
      arguably a good thing as it makes it easier to detect that type of bug.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      c4741b23
  2. 11 Jan, 2019 1 commit
  3. 29 Nov, 2017 1 commit
  4. 12 Oct, 2017 1 commit
  5. 01 Feb, 2016 1 commit
  6. 15 Oct, 2015 1 commit
    • Stephan Mueller's avatar
      crypto: keywrap - add key wrapping block chaining mode · e28facde
      Stephan Mueller authored
      
      This patch implements the AES key wrapping as specified in
      NIST SP800-38F and RFC3394.
      
      The implementation covers key wrapping without padding.
      
      IV handling: The caller does not provide an IV for encryption,
      but must obtain the IV after encryption which would serve as the first
      semblock in the ciphertext structure defined by SP800-38F. Conversely,
      for decryption, the caller must provide the first semiblock of the data
      as the IV and the following blocks as ciphertext.
      
      The key wrapping is an authenticated decryption operation. The caller
      will receive EBADMSG during decryption if the authentication failed.
      
      Albeit the standards define the key wrapping for AES only, the template
      can be used with any other block cipher that has a block size of 16
      bytes. During initialization of the template, that condition is checked.
      Any cipher not having a block size of 16 bytes will cause the
      initialization to fail.
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      e28facde