Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/crypto/aegis128.c?h=master 2019-08-15T11:52:15Z 2019-08-15T11:52:15Z Ard Biesheuvel ard.biesheuvel@linaro.org 2019-08-11T22:59:10Z urn:sha1:cf3d41adcc3595e7ccfbc9359a5daf39ee07aa8b Add some plumbing to allow the AEGIS128 code to be built with SIMD routines for acceleration. Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-08-02T03:31:35Z Herbert Xu herbert@gondor.apana.org.au 2019-08-02T03:31:35Z urn:sha1:c9f1fd4f2f74f322d5bdc4ec2c6a38ab7462967b This reverts commit ecc8bc81f2fb3976737ef312f824ba6053aa3590 ("crypto: aegis128 - provide a SIMD implementation based on NEON intrinsics") and commit 7cdc0ddbf74a19cecb2f0e9efa2cae9d3c665189 ("crypto: aegis128 - add support for SIMD acceleration"). They cause compile errors on platforms other than ARM because the mechanism to selectively compile the SIMD code is broken. Repoted-by: Heiko Carstens <heiko.carstens@de.ibm.com> Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-07-26T05:03:58Z Ard Biesheuvel ard.biesheuvel@linaro.org 2019-07-03T08:55:10Z urn:sha1:7cdc0ddbf74a19cecb2f0e9efa2cae9d3c665189 Add some plumbing to allow the AEGIS128 code to be built with SIMD routines for acceleration. Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-07-26T05:03:57Z Ard Biesheuvel ard.biesheuvel@linaro.org 2019-07-03T08:55:08Z urn:sha1:368b1bdc0a5983c8c908ce2001229e2291eac583 TFM init/exit routines are optional, so no need to provide empty ones. Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-04-18T14:15:03Z Eric Biggers ebiggers@google.com 2019-04-12T04:57:42Z urn:sha1:c4741b23059794bd99beef0f700103b0d983b3fd Use subsys_initcall for registration of all templates and generic algorithm implementations, rather than module_init. Then change cryptomgr to use arch_initcall, to place it before the subsys_initcalls. This is needed so that when both a generic and optimized implementation of an algorithm are built into the kernel (not loadable modules), the generic implementation is registered before the optimized one. Otherwise, the self-tests for the optimized implementation are unable to allocate the generic implementation for the new comparison fuzz tests. Note that on arm, a side effect of this change is that self-tests for generic implementations may run before the unaligned access handler has been installed. So, unaligned accesses will crash the kernel. This is arguably a good thing as it makes it easier to detect that type of bug. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-02-08T07:30:08Z Eric Biggers ebiggers@google.com 2019-02-01T07:51:36Z urn:sha1:0f533e67d26f228ea5dfdacc8a4bdeb487af5208 The generic AEGIS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. The issue is that they assume that if the skcipher_walk API gives 'nbytes' not aligned to the walksize (a.k.a. walk.stride), then it is the end of the data. In fact, this can happen before the end. Fix them. Fixes: f606a88e5823 ("crypto: aegis - Add generic AEGIS AEAD implementations") Cc: <stable@vger.kernel.org> # v4.18+ Cc: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-01-25T10:41:51Z Thomas Gleixner tglx@linutronix.de 2019-01-17T23:14:20Z urn:sha1:bb4ce8258373669f6411ace748289825f1abe41a The license boiler plate text is not ideal for machine parsing. The kernel uses SPDX license identifiers for that purpose, which replace the boiler plate text. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Ondrej Mosnacek <omosnacek@gmail.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Acked-by: Ondrej Mosnacek <omosnacek@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-07-08T16:30:26Z Eric Biggers ebiggers@google.com 2018-06-30T22:16:14Z urn:sha1:3f4a537a26a68600ed1439222fb5e5c3aa513c7a Some aead algorithms set .cra_flags = CRYPTO_ALG_TYPE_AEAD. But this is redundant with the C structure type ('struct aead_alg'), and crypto_register_aead() already sets the type flag automatically, clearing any type flag that was already there. Apparently the useless assignment has just been copy+pasted around. So, remove the useless assignment from all the aead algorithms. This patch shouldn't change any actual behavior. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-05-18T16:13:58Z Ondrej Mosnacek omosnacek@gmail.com 2018-05-11T12:12:49Z urn:sha1:f606a88e58230c30f5d56a53eff8da6fdbf1e4ee This patch adds the generic implementation of the AEGIS family of AEAD algorithms (AEGIS-128, AEGIS-128L, and AEGIS-256). The original authors of AEGIS are Hongjun Wu and Bart Preneel. At the time of writing, AEGIS is one of the finalists in CAESAR, an open competition intended to select a portfolio of alternatives to the problematic AES-GCM: https://competitions.cr.yp.to/caesar-submissions.html https://competitions.cr.yp.to/round3/aegisv11.pdf Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>