Browse Source
API: - Add virtual-address based lskcipher interface. - Optimise ahash/shash performance in light of costly indirect calls. - Remove ahash alignmask attribute. Algorithms: - Improve AES/XTS performance of 6-way unrolling for ppc. - Remove some uses of obsolete algorithms (md4, md5, sha1). - Add FIPS 202 SHA-3 support in pkcs1pad. - Add fast path for single-page messages in adiantum. - Remove zlib-deflate. Drivers: - Add support for S4 in meson RNG driver. - Add STM32MP13x support in stm32. - Add hwrng interface support in qcom-rng. - Add support for deflate algorithm in hisilicon/zip. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmVB3vgACgkQxycdCkmx i6dsOBAAykbnX8BpnpnOXYywE9ZWrl98rAk51MK0N9olZNfg78zRPIv7fFxFdC20 SDJrDSNPmn0Qvaa5e0EfoAdklsm0k2GkXL/BwPKMKWUsyIoJVYI3WrBMnjBy9xMp yfME+h0bKoXJCZKnYkIUSGUejmUPSyRlEylrXoFlH/VWYwAaii/x9zwreQoF+0LR KI24A1q8AYs6Dw9HSfndaAub9GOzrqKYs6fSaMG+77Y4UC5aoi5J9Bp2G3uVyHay x/0bZtIxKXS9wn+LeG/3GspX23x/I5VwBOdAoMigrYmAIaIg5qgyMszudltTAs4R zF1Kh7WsnM5+vpnBSeigzo+/GGOU3QTz8y3tBTg+3ZR7GWGOwQLiizhOYqCyOfAH pIm6c++sZw/OOHiL69Nt4HeLKzGNYYWk3s4X/B/6cqoouPfOsfBaQobZNx9zfy7q ZNEvSVBjrFX/L6wDSotny1LTWLUNjHbmLaMV5uQZ/SQKEtv19fp2Dl7SsLkHH+3v ldOAwfoJR6QcSwz3Ez02TUAvQhtP172Hnxi7u44eiZu2aUboLhCFr7aEU6kVdBCx 1rIRVHD1oqlOEDRwPRXzhF3I8R4QDORJIxZ6UUhg7yueuI+XCGDsBNC+LqBrBmSR IbdjqmSDUBhJyM5yMnt1VFYhqKQ/ZzwZ3JQviwW76Es9pwEIolM= =IZmR -----END PGP SIGNATURE----- Merge tag 'v6.7-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto updates from Herbert Xu: "API: - Add virtual-address based lskcipher interface - Optimise ahash/shash performance in light of costly indirect calls - Remove ahash alignmask attribute Algorithms: - Improve AES/XTS performance of 6-way unrolling for ppc - Remove some uses of obsolete algorithms (md4, md5, sha1) - Add FIPS 202 SHA-3 support in pkcs1pad - Add fast path for single-page messages in adiantum - Remove zlib-deflate Drivers: - Add support for S4 in meson RNG driver - Add STM32MP13x support in stm32 - Add hwrng interface support in qcom-rng - Add support for deflate algorithm in hisilicon/zip" * tag 'v6.7-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (283 commits) crypto: adiantum - flush destination page before unmapping crypto: testmgr - move pkcs1pad(rsa,sha3-*) to correct place Documentation/module-signing.txt: bring up to date module: enable automatic module signing with FIPS 202 SHA-3 crypto: asymmetric_keys - allow FIPS 202 SHA-3 signatures crypto: rsa-pkcs1pad - Add FIPS 202 SHA-3 support crypto: FIPS 202 SHA-3 register in hash info for IMA x509: Add OIDs for FIPS 202 SHA-3 hash and signatures crypto: ahash - optimize performance when wrapping shash crypto: ahash - check for shash type instead of not ahash type crypto: hash - move "ahash wrapping shash" functions to ahash.c crypto: talitos - stop using crypto_ahash::init crypto: chelsio - stop using crypto_ahash::init crypto: ahash - improve file comment crypto: ahash - remove struct ahash_request_priv crypto: ahash - remove crypto_ahash_alignmask crypto: gcm - stop using alignmask of ahash crypto: chacha20poly1305 - stop using alignmask of ahash crypto: ccm - stop using alignmask of ahash net: ipv6: stop checking crypto_ahash_alignmask ...master
Linus Torvalds
6 months ago
275 changed files with 10670 additions and 3331 deletions
@ -0,0 +1,41 @@
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_ras/errors_correctable |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: (RO) Reports the number of correctable errors detected by the device. |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
||||
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_ras/errors_nonfatal |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: (RO) Reports the number of non fatal errors detected by the device. |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
||||
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_ras/errors_fatal |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: (RO) Reports the number of fatal errors detected by the device. |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
||||
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_ras/reset_error_counters |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: (WO) Write to resets all error counters of a device. |
||||
|
||||
The following example reports how to reset the counters:: |
||||
|
||||
# echo 1 > /sys/bus/pci/devices/<BDF>/qat_ras/reset_error_counters |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_ras/errors_correctable |
||||
0 |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_ras/errors_nonfatal |
||||
0 |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_ras/errors_fatal |
||||
0 |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
@ -0,0 +1,226 @@
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: |
||||
(WO) This attribute is used to perform an operation on an SLA. |
||||
The supported operations are: add, update, rm, rm_all, and get. |
||||
|
||||
Input values must be filled through the associated attribute in |
||||
this group before a write to this file. |
||||
If the operation completes successfully, the associated |
||||
attributes will be updated. |
||||
The associated attributes are: cir, pir, srv, rp, and id. |
||||
|
||||
Supported operations: |
||||
|
||||
* add: Creates a new SLA with the provided inputs from user. |
||||
* Inputs: cir, pir, srv, and rp |
||||
* Output: id |
||||
|
||||
* get: Returns the configuration of the specified SLA in id attribute |
||||
* Inputs: id |
||||
* Outputs: cir, pir, srv, and rp |
||||
|
||||
* update: Updates the SLA with new values set in the following attributes |
||||
* Inputs: id, cir, and pir |
||||
|
||||
* rm: Removes the specified SLA in the id attribute. |
||||
* Inputs: id |
||||
|
||||
* rm_all: Removes all the configured SLAs. |
||||
* Inputs: None |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
||||
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_rl/rp |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: |
||||
(RW) When read, reports the current assigned ring pairs for the |
||||
queried SLA. |
||||
When wrote to, configures the ring pairs associated to a new SLA. |
||||
|
||||
The value is a 64-bit bit mask and is written/displayed in hex. |
||||
Each bit of this mask represents a single ring pair i.e., |
||||
bit 1 == ring pair id 0; bit 3 == ring pair id 2. |
||||
|
||||
Selected ring pairs must to be assigned to a single service, |
||||
i.e. the one provided with the srv attribute. The service |
||||
assigned to a certain ring pair can be checked by querying |
||||
the attribute qat/rp2srv. |
||||
|
||||
The maximum number of ring pairs is 4 per SLA. |
||||
|
||||
Applicability in sla_op: |
||||
|
||||
* WRITE: add operation |
||||
* READ: get operation |
||||
|
||||
Example usage:: |
||||
|
||||
## Read |
||||
# echo 4 > /sys/bus/pci/devices/<BDF>/qat_rl/id |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_rl/rp |
||||
0x5 |
||||
|
||||
## Write |
||||
# echo 0x5 > /sys/bus/pci/devices/<BDF>/qat_rl/rp |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
||||
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_rl/id |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: |
||||
(RW) If written to, the value is used to retrieve a particular |
||||
SLA and operate on it. |
||||
This is valid only for the following operations: update, rm, |
||||
and get. |
||||
A read of this attribute is only guaranteed to have correct data |
||||
after creation of an SLA. |
||||
|
||||
Applicability in sla_op: |
||||
|
||||
* WRITE: rm and update operations |
||||
* READ: add and get operations |
||||
|
||||
Example usage:: |
||||
|
||||
## Read |
||||
## Set attributes e.g. cir, pir, srv, etc |
||||
# echo "add" > /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_rl/id |
||||
4 |
||||
|
||||
## Write |
||||
# echo 7 > /sys/bus/pci/devices/<BDF>/qat_rl/id |
||||
# echo "get" > /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_rl/rp |
||||
0x5 ## ring pair ID 0 and ring pair ID 2 |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
||||
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_rl/cir |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: |
||||
(RW) Committed information rate (CIR). Rate guaranteed to be |
||||
achieved by a particular SLA. The value is expressed in |
||||
permille scale, i.e. 1000 refers to the maximum device |
||||
throughput for a selected service. |
||||
|
||||
After sending a "get" to sla_op, this will be populated with the |
||||
CIR for that queried SLA. |
||||
Write to this file before sending an "add/update" sla_op, to set |
||||
the SLA to the specified value. |
||||
|
||||
Applicability in sla_op: |
||||
|
||||
* WRITE: add and update operations |
||||
* READ: get operation |
||||
|
||||
Example usage:: |
||||
|
||||
## Write |
||||
# echo 500 > /sys/bus/pci/devices/<BDF>/qat_rl/cir |
||||
# echo "add" /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
|
||||
## Read |
||||
# echo 4 > /sys/bus/pci/devices/<BDF>/qat_rl/id |
||||
# echo "get" > /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_rl/cir |
||||
500 |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
||||
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_rl/pir |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: |
||||
(RW) Peak information rate (PIR). The maximum rate that can be |
||||
achieved by that particular SLA. An SLA can reach a value |
||||
between CIR and PIR when the device is not fully utilized by |
||||
requests from other users (assigned to different SLAs). |
||||
|
||||
After sending a "get" to sla_op, this will be populated with the |
||||
PIR for that queried SLA. |
||||
Write to this file before sending an "add/update" sla_op, to set |
||||
the SLA to the specified value. |
||||
|
||||
Applicability in sla_op: |
||||
|
||||
* WRITE: add and update operations |
||||
* READ: get operation |
||||
|
||||
Example usage:: |
||||
|
||||
## Write |
||||
# echo 750 > /sys/bus/pci/devices/<BDF>/qat_rl/pir |
||||
# echo "add" > /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
|
||||
## Read |
||||
# echo 4 > /sys/bus/pci/devices/<BDF>/qat_rl/id |
||||
# echo "get" > /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_rl/pir |
||||
750 |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
||||
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_rl/srv |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: |
||||
(RW) Service (SRV). Represents the service (sym, asym, dc) |
||||
associated to an SLA. |
||||
Can be written to or queried to set/show the SRV type for an SLA. |
||||
The SRV attribute is used to specify the SRV type before adding |
||||
an SLA. After an SLA is configured, reports the service |
||||
associated to that SLA. |
||||
|
||||
Applicability in sla_op: |
||||
|
||||
* WRITE: add and update operations |
||||
* READ: get operation |
||||
|
||||
Example usage:: |
||||
|
||||
## Write |
||||
# echo "dc" > /sys/bus/pci/devices/<BDF>/qat_rl/srv |
||||
# echo "add" > /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_rl/id |
||||
4 |
||||
|
||||
## Read |
||||
# echo 4 > /sys/bus/pci/devices/<BDF>/qat_rl/id |
||||
# echo "get" > /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_rl/srv |
||||
dc |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
||||
|
||||
What: /sys/bus/pci/devices/<BDF>/qat_rl/cap_rem |
||||
Date: January 2024 |
||||
KernelVersion: 6.7 |
||||
Contact: qat-linux@intel.com |
||||
Description: |
||||
(RW) This file will return the remaining capability for a |
||||
particular service/sla. This is the remaining value that a new |
||||
SLA can be set to or a current SLA can be increased with. |
||||
|
||||
Example usage:: |
||||
|
||||
# echo "asym" > /sys/bus/pci/devices/<BDF>/qat_rl/cap_rem |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_rl/cap_rem |
||||
250 |
||||
# echo 250 > /sys/bus/pci/devices/<BDF>/qat_rl/cir |
||||
# echo "add" > /sys/bus/pci/devices/<BDF>/qat_rl/sla_op |
||||
# cat /sys/bus/pci/devices/<BDF>/qat_rl/cap_rem |
||||
0 |
||||
|
||||
This attribute is only available for qat_4xxx devices. |
@ -0,0 +1,634 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-or-later
|
||||
/*
|
||||
* Linear symmetric key cipher operations. |
||||
* |
||||
* Generic encrypt/decrypt wrapper for ciphers. |
||||
* |
||||
* Copyright (c) 2023 Herbert Xu <herbert@gondor.apana.org.au> |
||||
*/ |
||||
|
||||
#include <linux/cryptouser.h> |
||||
#include <linux/err.h> |
||||
#include <linux/export.h> |
||||
#include <linux/kernel.h> |
||||
#include <linux/seq_file.h> |
||||
#include <linux/slab.h> |
||||
#include <linux/string.h> |
||||
#include <net/netlink.h> |
||||
#include "skcipher.h" |
||||
|
||||
static inline struct crypto_lskcipher *__crypto_lskcipher_cast( |
||||
struct crypto_tfm *tfm) |
||||
{ |
||||
return container_of(tfm, struct crypto_lskcipher, base); |
||||
} |
||||
|
||||
static inline struct lskcipher_alg *__crypto_lskcipher_alg( |
||||
struct crypto_alg *alg) |
||||
{ |
||||
return container_of(alg, struct lskcipher_alg, co.base); |
||||
} |
||||
|
||||
static inline struct crypto_istat_cipher *lskcipher_get_stat( |
||||
struct lskcipher_alg *alg) |
||||
{ |
||||
return skcipher_get_stat_common(&alg->co); |
||||
} |
||||
|
||||
static inline int crypto_lskcipher_errstat(struct lskcipher_alg *alg, int err) |
||||
{ |
||||
struct crypto_istat_cipher *istat = lskcipher_get_stat(alg); |
||||
|
||||
if (!IS_ENABLED(CONFIG_CRYPTO_STATS)) |
||||
return err; |
||||
|
||||
if (err) |
||||
atomic64_inc(&istat->err_cnt); |
||||
|
||||
return err; |
||||
} |
||||
|
||||
static int lskcipher_setkey_unaligned(struct crypto_lskcipher *tfm, |
||||
const u8 *key, unsigned int keylen) |
||||
{ |
||||
unsigned long alignmask = crypto_lskcipher_alignmask(tfm); |
||||
struct lskcipher_alg *cipher = crypto_lskcipher_alg(tfm); |
||||
u8 *buffer, *alignbuffer; |
||||
unsigned long absize; |
||||
int ret; |
||||
|
||||
absize = keylen + alignmask; |
||||
buffer = kmalloc(absize, GFP_ATOMIC); |
||||
if (!buffer) |
||||
return -ENOMEM; |
||||
|
||||
alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); |
||||
memcpy(alignbuffer, key, keylen); |
||||
ret = cipher->setkey(tfm, alignbuffer, keylen); |
||||
kfree_sensitive(buffer); |
||||
return ret; |
||||
} |
||||
|
||||
int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm, const u8 *key, |
||||
unsigned int keylen) |
||||
{ |
||||
unsigned long alignmask = crypto_lskcipher_alignmask(tfm); |
||||
struct lskcipher_alg *cipher = crypto_lskcipher_alg(tfm); |
||||
|
||||
if (keylen < cipher->co.min_keysize || keylen > cipher->co.max_keysize) |
||||
return -EINVAL; |
||||
|
||||
if ((unsigned long)key & alignmask) |
||||
return lskcipher_setkey_unaligned(tfm, key, keylen); |
||||
else |
||||
return cipher->setkey(tfm, key, keylen); |
||||
} |
||||
EXPORT_SYMBOL_GPL(crypto_lskcipher_setkey); |
||||
|
||||
static int crypto_lskcipher_crypt_unaligned( |
||||
struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, unsigned len, |
||||
u8 *iv, int (*crypt)(struct crypto_lskcipher *tfm, const u8 *src, |
||||
u8 *dst, unsigned len, u8 *iv, bool final)) |
||||
{ |
||||
unsigned ivsize = crypto_lskcipher_ivsize(tfm); |
||||
unsigned bs = crypto_lskcipher_blocksize(tfm); |
||||
unsigned cs = crypto_lskcipher_chunksize(tfm); |
||||
int err; |
||||
u8 *tiv; |
||||
u8 *p; |
||||
|
||||
BUILD_BUG_ON(MAX_CIPHER_BLOCKSIZE > PAGE_SIZE || |
||||
MAX_CIPHER_ALIGNMASK >= PAGE_SIZE); |
||||
|
||||
tiv = kmalloc(PAGE_SIZE, GFP_ATOMIC); |
||||
if (!tiv) |
||||
return -ENOMEM; |
||||
|
||||
memcpy(tiv, iv, ivsize); |
||||
|
||||
p = kmalloc(PAGE_SIZE, GFP_ATOMIC); |
||||
err = -ENOMEM; |
||||
if (!p) |
||||
goto out; |
||||
|
||||
while (len >= bs) { |
||||
unsigned chunk = min((unsigned)PAGE_SIZE, len); |
||||
int err; |
||||
|
||||
if (chunk > cs) |
||||
chunk &= ~(cs - 1); |
||||
|
||||
memcpy(p, src, chunk); |
||||
err = crypt(tfm, p, p, chunk, tiv, true); |
||||
if (err) |
||||
goto out; |
||||
|
||||
memcpy(dst, p, chunk); |
||||
src += chunk; |
||||
dst += chunk; |
||||
len -= chunk; |
||||
} |
||||
|
||||
err = len ? -EINVAL : 0; |
||||
|
||||
out: |
||||
memcpy(iv, tiv, ivsize); |
||||
kfree_sensitive(p); |
||||
kfree_sensitive(tiv); |
||||
return err; |
||||
} |
||||
|
||||
static int crypto_lskcipher_crypt(struct crypto_lskcipher *tfm, const u8 *src, |
||||
u8 *dst, unsigned len, u8 *iv, |
||||
int (*crypt)(struct crypto_lskcipher *tfm, |
||||
const u8 *src, u8 *dst, |
||||
unsigned len, u8 *iv, |
||||
bool final)) |
||||
{ |
||||
unsigned long alignmask = crypto_lskcipher_alignmask(tfm); |
||||
struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm); |
||||
int ret; |
||||
|
||||
if (((unsigned long)src | (unsigned long)dst | (unsigned long)iv) & |
||||
alignmask) { |
||||
ret = crypto_lskcipher_crypt_unaligned(tfm, src, dst, len, iv, |
||||
crypt); |
||||
goto out; |
||||
} |
||||
|
||||
ret = crypt(tfm, src, dst, len, iv, true); |
||||
|
||||
out: |
||||
return crypto_lskcipher_errstat(alg, ret); |
||||
} |
||||
|
||||
int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src, |
||||
u8 *dst, unsigned len, u8 *iv) |
||||
{ |
||||
struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm); |
||||
|
||||
if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { |
||||
struct crypto_istat_cipher *istat = lskcipher_get_stat(alg); |
||||
|
||||
atomic64_inc(&istat->encrypt_cnt); |
||||
atomic64_add(len, &istat->encrypt_tlen); |
||||
} |
||||
|
||||
return crypto_lskcipher_crypt(tfm, src, dst, len, iv, alg->encrypt); |
||||
} |
||||
EXPORT_SYMBOL_GPL(crypto_lskcipher_encrypt); |
||||
|
||||
int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src, |
||||
u8 *dst, unsigned len, u8 *iv) |
||||
{ |
||||
struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm); |
||||
|
||||
if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { |
||||
struct crypto_istat_cipher *istat = lskcipher_get_stat(alg); |
||||
|
||||
atomic64_inc(&istat->decrypt_cnt); |
||||
atomic64_add(len, &istat->decrypt_tlen); |
||||
} |
||||
|
||||
return crypto_lskcipher_crypt(tfm, src, dst, len, iv, alg->decrypt); |
||||
} |
||||
EXPORT_SYMBOL_GPL(crypto_lskcipher_decrypt); |
||||
|
||||
static int crypto_lskcipher_crypt_sg(struct skcipher_request *req, |
||||
int (*crypt)(struct crypto_lskcipher *tfm, |
||||
const u8 *src, u8 *dst, |
||||
unsigned len, u8 *iv, |
||||
bool final)) |
||||
{ |
||||
struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); |
||||
struct crypto_lskcipher **ctx = crypto_skcipher_ctx(skcipher); |
||||
struct crypto_lskcipher *tfm = *ctx; |
||||
struct skcipher_walk walk; |
||||
int err; |
||||
|
||||
err = skcipher_walk_virt(&walk, req, false); |
||||
|
||||
while (walk.nbytes) { |
||||
err = crypt(tfm, walk.src.virt.addr, walk.dst.virt.addr, |
||||
walk.nbytes, walk.iv, walk.nbytes == walk.total); |
||||
err = skcipher_walk_done(&walk, err); |
||||
} |
||||
|
||||
return err; |
||||
} |
||||
|
||||
int crypto_lskcipher_encrypt_sg(struct skcipher_request *req) |
||||
{ |
||||
struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); |
||||
struct crypto_lskcipher **ctx = crypto_skcipher_ctx(skcipher); |
||||
struct lskcipher_alg *alg = crypto_lskcipher_alg(*ctx); |
||||
|
||||
return crypto_lskcipher_crypt_sg(req, alg->encrypt); |
||||
} |
||||
|
||||
int crypto_lskcipher_decrypt_sg(struct skcipher_request *req) |
||||
{ |
||||
struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); |
||||
struct crypto_lskcipher **ctx = crypto_skcipher_ctx(skcipher); |
||||
struct lskcipher_alg *alg = crypto_lskcipher_alg(*ctx); |
||||
|
||||
return crypto_lskcipher_crypt_sg(req, alg->decrypt); |
||||
} |
||||
|
||||
static void crypto_lskcipher_exit_tfm(struct crypto_tfm *tfm) |
||||
{ |
||||
struct crypto_lskcipher *skcipher = __crypto_lskcipher_cast(tfm); |
||||
struct lskcipher_alg *alg = crypto_lskcipher_alg(skcipher); |
||||
|
||||
alg->exit(skcipher); |
||||
} |
||||
|
||||
static int crypto_lskcipher_init_tfm(struct crypto_tfm *tfm) |
||||
{ |
||||
struct crypto_lskcipher *skcipher = __crypto_lskcipher_cast(tfm); |
||||
struct lskcipher_alg *alg = crypto_lskcipher_alg(skcipher); |
||||
|
||||
if (alg->exit) |
||||
skcipher->base.exit = crypto_lskcipher_exit_tfm; |
||||
|
||||
if (alg->init) |
||||
return alg->init(skcipher); |
||||
|
||||
return 0; |
||||
} |
||||
|
||||
static void crypto_lskcipher_free_instance(struct crypto_instance *inst) |
||||
{ |
||||
struct lskcipher_instance *skcipher = |
||||
container_of(inst, struct lskcipher_instance, s.base); |
||||
|
||||
skcipher->free(skcipher); |
||||
} |
||||
|
||||
static void __maybe_unused crypto_lskcipher_show( |
||||
struct seq_file *m, struct crypto_alg *alg) |
||||
{ |
||||
struct lskcipher_alg *skcipher = __crypto_lskcipher_alg(alg); |
||||
|
||||
seq_printf(m, "type : lskcipher\n"); |
||||
seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); |
||||
seq_printf(m, "min keysize : %u\n", skcipher->co.min_keysize); |
||||
seq_printf(m, "max keysize : %u\n", skcipher->co.max_keysize); |
||||
seq_printf(m, "ivsize : %u\n", skcipher->co.ivsize); |
||||
seq_printf(m, "chunksize : %u\n", skcipher->co.chunksize); |
||||
} |
||||
|
||||
static int __maybe_unused crypto_lskcipher_report( |
||||
struct sk_buff *skb, struct crypto_alg *alg) |
||||
{ |
||||
struct lskcipher_alg *skcipher = __crypto_lskcipher_alg(alg); |
||||
struct crypto_report_blkcipher rblkcipher; |
||||
|
||||
memset(&rblkcipher, 0, sizeof(rblkcipher)); |
||||
|
||||
strscpy(rblkcipher.type, "lskcipher", sizeof(rblkcipher.type)); |
||||
strscpy(rblkcipher.geniv, "<none>", sizeof(rblkcipher.geniv)); |
||||
|
||||
rblkcipher.blocksize = alg->cra_blocksize; |
||||
rblkcipher.min_keysize = skcipher->co.min_keysize; |
||||
rblkcipher.max_keysize = skcipher->co.max_keysize; |
||||
rblkcipher.ivsize = skcipher->co.ivsize; |
||||
|
||||
return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, |
||||
sizeof(rblkcipher), &rblkcipher); |
||||
} |
||||
|
||||
static int __maybe_unused crypto_lskcipher_report_stat( |
||||
struct sk_buff *skb, struct crypto_alg *alg) |
||||
{ |
||||
struct lskcipher_alg *skcipher = __crypto_lskcipher_alg(alg); |
||||
struct crypto_istat_cipher *istat; |
||||
struct crypto_stat_cipher rcipher; |
||||
|
||||
istat = lskcipher_get_stat(skcipher); |
||||
|
||||
memset(&rcipher, 0, sizeof(rcipher)); |
||||
|
||||
strscpy(rcipher.type, "cipher", sizeof(rcipher.type)); |
||||
|
||||
rcipher.stat_encrypt_cnt = atomic64_read(&istat->encrypt_cnt); |
||||
rcipher.stat_encrypt_tlen = atomic64_read(&istat->encrypt_tlen); |
||||
rcipher.stat_decrypt_cnt = atomic64_read(&istat->decrypt_cnt); |
||||
rcipher.stat_decrypt_tlen = atomic64_read(&istat->decrypt_tlen); |
||||
rcipher.stat_err_cnt = atomic64_read(&istat->err_cnt); |
||||
|
||||
return nla_put(skb, CRYPTOCFGA_STAT_CIPHER, sizeof(rcipher), &rcipher); |
||||
} |
||||
|
||||
static const struct crypto_type crypto_lskcipher_type = { |
||||
.extsize = crypto_alg_extsize, |
||||
.init_tfm = crypto_lskcipher_init_tfm, |
||||
.free = crypto_lskcipher_free_instance, |
||||
#ifdef CONFIG_PROC_FS |
||||
.show = crypto_lskcipher_show, |
||||
#endif |
||||
#if IS_ENABLED(CONFIG_CRYPTO_USER) |
||||
.report = crypto_lskcipher_report, |
||||
#endif |
||||
#ifdef CONFIG_CRYPTO_STATS |
||||
.report_stat = crypto_lskcipher_report_stat, |
||||
#endif |
||||
.maskclear = ~CRYPTO_ALG_TYPE_MASK, |
||||
.maskset = CRYPTO_ALG_TYPE_MASK, |
||||
.type = CRYPTO_ALG_TYPE_LSKCIPHER, |
||||
.tfmsize = offsetof(struct crypto_lskcipher, base), |
||||
}; |
||||
|
||||
static void crypto_lskcipher_exit_tfm_sg(struct crypto_tfm *tfm) |
||||
{ |
||||
struct crypto_lskcipher **ctx = crypto_tfm_ctx(tfm); |
||||
|
||||
crypto_free_lskcipher(*ctx); |
||||
} |
||||
|
||||
int crypto_init_lskcipher_ops_sg(struct crypto_tfm *tfm) |
||||
{ |
||||
struct crypto_lskcipher **ctx = crypto_tfm_ctx(tfm); |
||||
struct crypto_alg *calg = tfm->__crt_alg; |
||||
struct crypto_lskcipher *skcipher; |
||||
|
||||
if (!crypto_mod_get(calg)) |
||||
return -EAGAIN; |
||||
|
||||
skcipher = crypto_create_tfm(calg, &crypto_lskcipher_type); |
||||
if (IS_ERR(skcipher)) { |
||||
crypto_mod_put(calg); |
||||
return PTR_ERR(skcipher); |
||||
} |
||||
|
||||
*ctx = skcipher; |
||||
tfm->exit = crypto_lskcipher_exit_tfm_sg; |
||||
|
||||
return 0; |
||||
} |
||||
|
||||
int crypto_grab_lskcipher(struct crypto_lskcipher_spawn *spawn, |
||||
struct crypto_instance *inst, |
||||
const char *name, u32 type, u32 mask) |
||||
{ |
||||
spawn->base.frontend = &crypto_lskcipher_type; |
||||
return crypto_grab_spawn(&spawn->base, inst, name, type, mask); |
||||
} |
||||
EXPORT_SYMBOL_GPL(crypto_grab_lskcipher); |
||||
|
||||
struct crypto_lskcipher *crypto_alloc_lskcipher(const char *alg_name, |
||||
u32 type, u32 mask) |
||||
{ |
||||
return crypto_alloc_tfm(alg_name, &crypto_lskcipher_type, type, mask); |
||||
} |
||||
EXPORT_SYMBOL_GPL(crypto_alloc_lskcipher); |
||||
|
||||
static int lskcipher_prepare_alg(struct lskcipher_alg *alg) |
||||
{ |
||||
struct crypto_alg *base = &alg->co.base; |
||||
int err; |
||||
|
||||
err = skcipher_prepare_alg_common(&alg->co); |
||||
if (err) |
||||
return err; |
||||
|
||||
if (alg->co.chunksize & (alg->co.chunksize - 1)) |
||||
return -EINVAL; |
||||
|
||||
base->cra_type = &crypto_lskcipher_type; |
||||
base->cra_flags |= CRYPTO_ALG_TYPE_LSKCIPHER; |
||||
|
||||
return 0; |
||||
} |
||||
|
||||
int crypto_register_lskcipher(struct lskcipher_alg *alg) |
||||
{ |
||||
struct crypto_alg *base = &alg->co.base; |
||||
int err; |
||||
|
||||
err = lskcipher_prepare_alg(alg); |
||||
if (err) |
||||
return err; |
||||
|
||||
return crypto_register_alg(base); |
||||
} |
||||
EXPORT_SYMBOL_GPL(crypto_register_lskcipher); |
||||
|
||||
void crypto_unregister_lskcipher(struct lskcipher_alg *alg) |
||||
{ |
||||
crypto_unregister_alg(&alg->co.base); |
||||
} |
||||
EXPORT_SYMBOL_GPL(crypto_unregister_lskcipher); |
||||
|
||||
int crypto_register_lskciphers(struct lskcipher_alg *algs, int count) |
||||
{ |
||||
int i, ret; |
||||
|
||||
for (i = 0; i < count; i++) { |
||||
ret = crypto_register_lskcipher(&algs[i]); |
||||
if (ret) |
||||
goto err; |
||||
} |
||||
|
||||
return 0; |
||||
|
||||
err: |
||||
for (--i; i >= 0; --i) |
||||
crypto_unregister_lskcipher(&algs[i]); |
||||
|
||||
return ret; |
||||
} |
||||
EXPORT_SYMBOL_GPL(crypto_register_lskciphers); |
||||
|
||||
void crypto_unregister_lskciphers(struct lskcipher_alg *algs, int count) |
||||
{ |
||||
int i; |
||||
|
||||
for (i = count - 1; i >= 0; --i) |
||||
crypto_unregister_lskcipher(&algs[i]); |
||||
} |
||||
EXPORT_SYMBOL_GPL(crypto_unregister_lskciphers); |
||||
|
||||
int lskcipher_register_instance(struct crypto_template *tmpl, |
||||
struct lskcipher_instance *inst) |
||||
{ |
||||
int err; |
||||
|
||||
if (WARN_ON(!inst->free)) |
||||
return -EINVAL; |
||||
|
||||
err = lskcipher_prepare_alg(&inst->alg); |
||||
if (err) |
||||
return err; |
||||
|
||||
return crypto_register_instance(tmpl, lskcipher_crypto_instance(inst)); |
||||
} |
||||
EXPORT_SYMBOL_GPL(lskcipher_register_instance); |
||||
|
||||
static int lskcipher_setkey_simple(struct crypto_lskcipher *tfm, const u8 *key, |
||||
unsigned int keylen) |
||||
{ |
||||
struct crypto_lskcipher *cipher = lskcipher_cipher_simple(tfm); |
||||
|
||||
crypto_lskcipher_clear_flags(cipher, CRYPTO_TFM_REQ_MASK); |
||||
crypto_lskcipher_set_flags(cipher, crypto_lskcipher_get_flags(tfm) & |
||||
CRYPTO_TFM_REQ_MASK); |
||||
return crypto_lskcipher_setkey(cipher, key, keylen); |
||||
} |
||||
|
||||
static int lskcipher_init_tfm_simple(struct crypto_lskcipher *tfm) |
||||
{ |
||||
struct lskcipher_instance *inst = lskcipher_alg_instance(tfm); |
||||
struct crypto_lskcipher **ctx = crypto_lskcipher_ctx(tfm); |
||||
struct crypto_lskcipher_spawn *spawn; |
||||
struct crypto_lskcipher *cipher; |
||||
|
||||
spawn = lskcipher_instance_ctx(inst); |
||||
cipher = crypto_spawn_lskcipher(spawn); |
||||
if (IS_ERR(cipher)) |
||||
return PTR_ERR(cipher); |
||||
|
||||
*ctx = cipher; |
||||
return 0; |
||||
} |
||||
|
||||
static void lskcipher_exit_tfm_simple(struct crypto_lskcipher *tfm) |
||||
{ |
||||
struct crypto_lskcipher **ctx = crypto_lskcipher_ctx(tfm); |
||||
|
||||
crypto_free_lskcipher(*ctx); |
||||
} |
||||
|
||||
static void lskcipher_free_instance_simple(struct lskcipher_instance *inst) |
||||
{ |
||||
crypto_drop_lskcipher(lskcipher_instance_ctx(inst)); |
||||
kfree(inst); |
||||
} |
||||
|
||||
/**
|
||||
* lskcipher_alloc_instance_simple - allocate instance of simple block cipher |
||||
* |
||||
* Allocate an lskcipher_instance for a simple block cipher mode of operation, |
||||
* e.g. cbc or ecb. The instance context will have just a single crypto_spawn, |
||||
* that for the underlying cipher. The {min,max}_keysize, ivsize, blocksize, |
||||
* alignmask, and priority are set from the underlying cipher but can be |
||||
* overridden if needed. The tfm context defaults to |
||||
* struct crypto_lskcipher *, and default ->setkey(), ->init(), and |
||||
* ->exit() methods are installed. |
||||
* |
||||
* @tmpl: the template being instantiated |
||||
* @tb: the template parameters |
||||
* |
||||
* Return: a pointer to the new instance, or an ERR_PTR(). The caller still |
||||
* needs to register the instance. |
||||
*/ |
||||
struct lskcipher_instance *lskcipher_alloc_instance_simple( |
||||
struct crypto_template *tmpl, struct rtattr **tb) |
||||
{ |
||||
u32 mask; |
||||
struct lskcipher_instance *inst; |
||||
struct crypto_lskcipher_spawn *spawn; |
||||
char ecb_name[CRYPTO_MAX_ALG_NAME]; |
||||
struct lskcipher_alg *cipher_alg; |
||||
const char *cipher_name; |
||||
int err; |
||||
|
||||
err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_LSKCIPHER, &mask); |
||||
if (err) |
||||
return ERR_PTR(err); |
||||
|
||||
cipher_name = crypto_attr_alg_name(tb[1]); |
||||
if (IS_ERR(cipher_name)) |
||||
return ERR_CAST(cipher_name); |
||||
|
||||
inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); |
||||
if (!inst) |
||||
return ERR_PTR(-ENOMEM); |
||||
|
||||
spawn = lskcipher_instance_ctx(inst); |
||||
err = crypto_grab_lskcipher(spawn, |
||||
lskcipher_crypto_instance(inst), |
||||
cipher_name, 0, mask); |
||||
|
||||
ecb_name[0] = 0; |
||||
if (err == -ENOENT && !!memcmp(tmpl->name, "ecb", 4)) { |
||||
err = -ENAMETOOLONG; |
||||
if (snprintf(ecb_name, CRYPTO_MAX_ALG_NAME, "ecb(%s)", |
||||
cipher_name) >= CRYPTO_MAX_ALG_NAME) |
||||
goto err_free_inst; |
||||
|
||||
err = crypto_grab_lskcipher(spawn, |
||||
lskcipher_crypto_instance(inst), |
||||
ecb_name, 0, mask); |
||||
} |
||||
|
||||
if (err) |
||||
goto err_free_inst; |
||||
|
||||
cipher_alg = crypto_lskcipher_spawn_alg(spawn); |
||||
|
||||
err = crypto_inst_setname(lskcipher_crypto_instance(inst), tmpl->name, |
||||
&cipher_alg->co.base); |
||||
if (err) |
||||
goto err_free_inst; |
||||
|
||||
if (ecb_name[0]) { |
||||
int len; |
||||
|
||||
err = -EINVAL; |
||||
len = strscpy(ecb_name, &cipher_alg->co.base.cra_name[4], |
||||
sizeof(ecb_name)); |
||||
if (len < 2) |
||||
goto err_free_inst; |
||||
|
||||
if (ecb_name[len - 1] != ')') |
||||
goto err_free_inst; |
||||
|
||||
ecb_name[len - 1] = 0; |
||||
|
||||
err = -ENAMETOOLONG; |
||||
if (snprintf(inst->alg.co.base.cra_name, CRYPTO_MAX_ALG_NAME, |
||||
"%s(%s)", tmpl->name, ecb_name) >= |
||||
CRYPTO_MAX_ALG_NAME) |
||||
goto err_free_inst; |
||||
|
||||
if (strcmp(ecb_name, cipher_name) && |
||||
snprintf(inst->alg.co.base.cra_driver_name, |
||||
CRYPTO_MAX_ALG_NAME, |
||||
"%s(%s)", tmpl->name, cipher_name) >= |
||||
CRYPTO_MAX_ALG_NAME) |
||||
goto err_free_inst; |
||||
} else { |
||||
/* Don't allow nesting. */ |
||||
err = -ELOOP; |
||||
if ((cipher_alg->co.base.cra_flags & CRYPTO_ALG_INSTANCE)) |
||||
goto err_free_inst; |
||||
} |
||||
|
||||
err = -EINVAL; |
||||
if (cipher_alg->co.ivsize) |
||||
goto err_free_inst; |
||||
|
||||
inst->free = lskcipher_free_instance_simple; |
||||
|
||||
/* Default algorithm properties, can be overridden */ |
||||
inst->alg.co.base.cra_blocksize = cipher_alg->co.base.cra_blocksize; |
||||
inst->alg.co.base.cra_alignmask = cipher_alg->co.base.cra_alignmask; |
||||
inst->alg.co.base.cra_priority = cipher_alg->co.base.cra_priority; |
||||
inst->alg.co.min_keysize = cipher_alg->co.min_keysize; |
||||
inst->alg.co.max_keysize = cipher_alg->co.max_keysize; |
||||
inst->alg.co.ivsize = cipher_alg->co.base.cra_blocksize; |
||||
|
||||
/* Use struct crypto_lskcipher * by default, can be overridden */ |
||||
inst->alg.co.base.cra_ctxsize = sizeof(struct crypto_lskcipher *); |
||||
inst->alg.setkey = lskcipher_setkey_simple; |
||||
inst->alg.init = lskcipher_init_tfm_simple; |
||||
inst->alg.exit = lskcipher_exit_tfm_simple; |
||||
|
||||
return inst; |
||||
|
||||
err_free_inst: |
||||
lskcipher_free_instance_simple(inst); |
||||
return ERR_PTR(err); |
||||
} |
||||
EXPORT_SYMBOL_GPL(lskcipher_alloc_instance_simple); |
@ -0,0 +1,28 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0-or-later */ |
||||
/*
|
||||
* Cryptographic API. |
||||
* |
||||
* Copyright (c) 2023 Herbert Xu <herbert@gondor.apana.org.au> |
||||
*/ |
||||
#ifndef _LOCAL_CRYPTO_SKCIPHER_H |
||||
#define _LOCAL_CRYPTO_SKCIPHER_H |
||||
|
||||
#include <crypto/internal/skcipher.h> |
||||
#include "internal.h" |
||||
|
||||
static inline struct crypto_istat_cipher *skcipher_get_stat_common( |
||||
struct skcipher_alg_common *alg) |
||||
{ |
||||
#ifdef CONFIG_CRYPTO_STATS |
||||
return &alg->stat; |
||||
#else |
||||
return NULL; |
||||
#endif |
||||
} |
||||
|
||||
int crypto_lskcipher_encrypt_sg(struct skcipher_request *req); |
||||
int crypto_lskcipher_decrypt_sg(struct skcipher_request *req); |
||||
int crypto_init_lskcipher_ops_sg(struct crypto_tfm *tfm); |
||||
int skcipher_prepare_alg_common(struct skcipher_alg_common *alg); |
||||
|
||||
#endif /* _LOCAL_CRYPTO_SKCIPHER_H */ |
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue