History log of /include/linux/crypto.h
Revision Date Author Comments
187f1882b5b0748b3c4c22274663fdb372ac0452 24-Nov-2011 Paul Gortmaker <paul.gortmaker@windriver.com> BUG: headers with BUG/BUG_ON etc. need linux/bug.h

If a header file is making use of BUG, BUG_ON, BUILD_BUG_ON, or any
other BUG variant in a static inline (i.e. not in a #define) then
that header really should be including <linux/bug.h> and not just
expecting it to be implicitly present.

We can make this change risk-free, since if the files using these
headers didn't have exposure to linux/bug.h already, they would have
been causing compile failures/warnings.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
4b004346feab6b431f3e1f89ef692e3a4186fdfd 18-Jan-2012 Mark Brown <broonie@opensource.wolfsonmicro.com> crypto: Add bulk algorithm registration interface

Hardware crypto engines frequently need to register a selection of
different algorithms with the core. Simplify their code slightly,
especially the error handling, by providing functions to register a
number of algorithms in a single call.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
d912bb7677f46d78a3cde8a4afd45a3fca4b34e9 01-Nov-2011 Nikos Mavrogiannopoulos <nmav@gnutls.org> crypto: Add CRYPTO_ALG_KERN_DRIVER_ONLY flag

The added CRYPTO_ALG_KERN_DRIVER_ONLY indicates whether a cipher
is only available via a kernel driver. If the cipher implementation
might be available by using an instruction set or by porting the
kernel code, then it must not be set.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7c926402a7e8c9b279968fd94efec8700ba3859e 26-May-2011 Paul Gortmaker <paul.gortmaker@windriver.com> crypto.h: remove unused crypto_tfm_alg_modname() inline

The <linux/crypto.h> (which is in turn in common headers
like tcp.h) wants to use module_name() in an inline fcn.
But having all of <linux/module.h> along for the ride is
overkill and slows down compiles by a measureable amount,
since it in turn includes lots of headers.

Since the inline is never used anywhere in the kernel[1],
we can just remove it, and then also remove the module.h
include as well.

In all the many crypto modules, there were some relying on
crypto.h including module.h -- for them we now explicitly
call out module.h for inclusion.

[1] git grep shows some staging drivers also define the same
static inline, but they also never ever use it.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
64a947b1337b93061da7c7af1f6ce6b2431b70ae 27-Sep-2011 Steffen Klassert <steffen.klassert@secunet.com> crypto: Add a flag to identify crypto instances

The upcomming crypto user configuration api needs to identify
crypto instances. This patch adds a flag that is set if the
algorithm is an instance that is build from templates.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
60063497a95e716c9a689af3be2687d261f115b4 27-Jul-2011 Arun Sharma <asharma@fb.com> atomic: use <linux/atomic.h>

This allows us to move duplicated code in <asm/atomic.h>
(atomic_inc_not_zero() for now) to <linux/atomic.h>

Signed-off-by: Arun Sharma <asharma@fb.com>
Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: David Miller <davem@davemloft.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ec49fdbd354cb133340e25ff84d88284bb17e99a 19-May-2010 David Woodhouse <dwmw2@infradead.org> crypto: Use ARCH_KMALLOC_MINALIGN for CRYPTO_MINALIGN now that it's exposed

Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
8ffd1be6779c86ebc2a1013f43fdcee8bdbba2b7 18-Oct-2009 Benjamin Gilbert <bgilbert@cs.cmu.edu> crypto: hash - Remove cra_u.{digest,hash}

Remove unused digest_alg and hash_alg structs from crypto_alg union and
kill their definitions. This also ensures that old-style digest/hash
algorithms maintained out of tree will break at build time rather than
oopsing at runtime.

Signed-off-by: Benjamin Gilbert <bgilbert@cs.cmu.edu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
500b3e3c3dc8e4845b77ae81e5b7b085ab183ce6 14-Jul-2009 Herbert Xu <herbert@gondor.apana.org.au> crypto: ahash - Remove old_ahash_alg

Now that all ahash implementations have been converted to the new
ahash type, we can remove old_ahash_alg and its associated support.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
88056ec346ccf41f63dbc7080b24b5fd19d1358d 13-Jul-2009 Herbert Xu <herbert@gondor.apana.org.au> crypto: ahash - Convert to new style algorithms

This patch converts crypto_ahash to the new style. The old ahash
algorithm type is retained until the existing ahash implementations
are also converted. All ahash users will automatically get the
new crypto_ahash type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
aef73cfcb913eae3d0deeb60eb385f75039db40b 11-Jul-2009 Herbert Xu <herbert@gondor.apana.org.au> crypto: async - Use kzfree for requests

This patch changes the kfree call to kzfree for async requests.
As the request may contain sensitive data it needs to be zeroed
before it can be reallocated by others.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
a1d2f09544065b60598b8167d94a6371bff3e892 04-Mar-2009 Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> crypto: compress - Add pcomp interface

The current "comp" crypto interface supports one-shot (de)compression only,
i.e. the whole data buffer to be (de)compressed must be passed at once, and
the whole (de)compressed data buffer will be received at once.
In several use-cases (e.g. compressed file systems that store files in big
compressed blocks), this workflow is not suitable.
Furthermore, the "comp" type doesn't provide for the configuration of
(de)compression parameters, and always allocates workspace memory for both
compression and decompression, which may waste memory.

To solve this, add a "pcomp" partial (de)compression interface that provides
the following operations:
- crypto_compress_{init,update,final}() for compression,
- crypto_decompress_{init,update,final}() for decompression,
- crypto_{,de}compress_setup(), to configure (de)compression parameters
(incl. allocating workspace memory).

The (de)compression methods take a struct comp_request, which was mimicked
after the z_stream object in zlib, and contains buffer pointer and length
pairs for input and output.

The setup methods take an opaque parameter pointer and length pair. Parameters
are supposed to be encoded using netlink attributes, whose meanings depend on
the actual (name of the) (de)compression algorithm.

Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3f683d6175748ef9daf4698d9ef5a488dd037063 18-Feb-2009 Herbert Xu <herbert@gondor.apana.org.au> crypto: api - Fix crypto_alloc_tfm/create_create_tfm return convention

This is based on a report and patch by Geert Uytterhoeven.

The functions crypto_alloc_tfm and create_create_tfm return a
pointer that needs to be adjusted by the caller when successful
and otherwise an error value. This means that the caller has
to check for the error and only perform the adjustment if the
pointer returned is valid.

Since all callers want to make the adjustment and we know how
to adjust it ourselves, it's much easier to just return adjusted
pointer directly.

The only caveat is that we have to return a void * instead of
struct crypto_tfm *. However, this isn't that bad because both
of these functions are for internal use only (by types code like
shash.c, not even algorithms code).

This patch also moves crypto_alloc_tfm into crypto/internal.h
(crypto_create_tfm is already there) to reflect this.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7b2cd92adc5430b0c1adeb120971852b4ea1ab08 05-Feb-2009 Herbert Xu <herbert@gondor.apana.org.au> crypto: api - Fix zeroing on free

Geert Uytterhoeven pointed out that we're not zeroing all the
memory when freeing a transform. This patch fixes it by calling
ksize to ensure that we zero everything in sight.

Reported-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5f7082ed4f482f05db01d84dbf58190492ebf0ad 31-Aug-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: hash - Export shash through hash

This patch allows shash algorithms to be used through the old hash
interface. This is a transitional measure so we can convert the
underlying algorithms to shash before converting the users across.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
dec8b78606ebd5f309c38f2fb10196ce996dd18d 02-Nov-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: hash - Add import/export interface

It is often useful to save the partial state of a hash function
so that it can be used as a base for two or more computations.

The most prominent example is HMAC where all hashes start from
a base determined by the key. Having an import/export interface
means that we only have to compute that base once rather than
for each message.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3b2f6df08258e2875f42bd630eece7e7241a053b 31-Aug-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: hash - Export shash through ahash

This patch allows shash algorithms to be used through the ahash
interface. This is required before we can convert digest algorithms
over to shash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7b5a080b3c46f0cac71c0d0262634c6517d4ee4f 31-Aug-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: hash - Add shash interface

The shash interface replaces the current synchronous hash interface.
It improves over hash in two ways. Firstly shash is reentrant,
meaning that the same tfm may be used by two threads simultaneously
as all hashing state is stored in a local descriptor.

The other enhancement is that shash no longer takes scatter list
entries. This is because shash is specifically designed for
synchronous algorithms and as such scatter lists are unnecessary.

All existing hash users will be converted to shash once the
algorithms have been completely converted.

There is also a new finup function that combines update with final.
This will be extended to ahash once the algorithm conversion is
done.

This is also the first time that an algorithm type has their own
registration function. Existing algorithm types will be converted
to this way in due course.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7b0bac64cd5b74d6f1147524c26216de13a501fd 20-Sep-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: api - Rebirth of crypto_alloc_tfm

This patch reintroduces a completely revamped crypto_alloc_tfm.
The biggest change is that we now take two crypto_type objects
when allocating a tfm, a frontend and a backend. In fact this
simply formalises what we've been doing behind the API's back.

For example, as it stands crypto_alloc_ahash may use an
actual ahash algorithm or a crypto_hash algorithm. Putting
this in the API allows us to do this much more cleanly.

The existing types will be converted across gradually.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4a7794860ba2b56693b1d89fd485fd08cdc763e3 14-Sep-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: api - Move type exit function into crypto_tfm

The type exit function needs to undo any allocations done by the type
init function. However, the type init function may differ depending
on the upper-level type of the transform (e.g., a crypto_blkcipher
instantiated as a crypto_ablkcipher).

So we need to move the exit function out of the lower-level
structure and into crypto_tfm itself.

As it stands this is a no-op since nobody uses exit functions at
all. However, all cases where a lower-level type is instantiated
as a different upper-level type (such as blkcipher as ablkcipher)
will be converted such that they allocate the underlying transform
and use that instead of casting (e.g., crypto_ablkcipher casted
into crypto_blkcipher). That will need to use a different exit
function depending on the upper-level type.

This patch also allows the type init/exit functions to call (or not)
cra_init/cra_exit instead of always calling them from the top level.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
17f0f4a47df9aea9ee26c939f8057c35e0be1847 14-Aug-2008 Neil Horman <nhorman@tuxdriver.com> crypto: rng - RNG interface and implementation

This patch adds a random number generator interface as well as a
cryptographic pseudo-random number generator based on AES. It is
meant to be used in cases where a deterministic CPRNG is required.

One of the first applications will be as an input in the IPsec IV
generation process.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
73d3864a4823abda19ebc4387b6ddcbf416e3a77 03-Aug-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: api - Use test infrastructure

This patch makes use of the new testing infrastructure by requiring
algorithms to pass a run-time test before they're made available to
users.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
da7f033ddc9fdebb3223b0bf88a2a2ab5b797608 31-Jul-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: cryptomgr - Add test infrastructure

This patch moves the newly created alg_test infrastructure into
cryptomgr. This shall allow us to use it for testing at algorithm
registrations.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
18e33e6d5cc0495826f5245777cd267732815e01 10-Jul-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: hash - Move ahash functions into crypto/hash.h

All new crypto interfaces should go into individual files as much
as possible in order to ensure that crypto.h does not collapse under
its own weight.

This patch moves the ahash code into crypto/hash.h and crypto/internal/hash.h
respectively.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
166247f46a9c866e6f7f7d2212be875fb82212a1 07-Jul-2008 Herbert Xu <herbert@gondor.apana.org.au> crypto: hash - Removed vestigial ahash fields

The base field in ahash_tfm appears to have been cut-n-pasted from
ablkcipher. It isn't needed here at all. Similarly, the info field
in ahash_request also appears to have originated from its cipher
counter-part and is vestigial.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
004a403c2e954734090a69aedc7f4f822bdcc142 14-May-2008 Loc Ho <lho@amcc.com> [CRYPTO] hash: Add asynchronous hash support

This patch adds asynchronous hash and digest support.

Signed-off-by: Loc Ho <lho@amcc.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
c3715cb90f722b1cf5f6f073be02cc8a49659b90 30-Mar-2008 Sebastian Siewior <sebastian@breakpoint.cc> [CRYPTO] api: Make the crypto subsystem fully modular

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6eb7228421c01ba48a6a88a7a5b3e71cfb70d4a9 08-Jan-2008 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Set default CRYPTO_MINALIGN to unsigned long long

Thanks to David Miller for pointing out that the SLAB (or SLOB/SLUB)
cache uses the alignment of unsigned long long if the architecture
kmalloc/slab alignment macros are not defined.

This patch changes the CRYPTO_MINALIGN so that it uses the same default
value.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
d29ce988aeb459203c74f14747f4f77e1829ef78 12-Dec-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] aead: Create default givcipher instances

This patch makes crypto_alloc_aead always return algorithms that is
capable of generating their own IVs through givencrypt and givdecrypt.
All existing AEAD algorithms already do. New ones must either supply
their own or specify a generic IV generator with the geniv field.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5b6d2d7fdf806f2b5a9352416f9e670911fc4748 12-Dec-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] aead: Add aead_geniv_alloc/aead_geniv_free

This patch creates the infrastructure to help the construction of IV
generator templates that wrap around AEAD algorithms by adding an IV
generator to them. This is useful for AEAD algorithms with no built-in
IV generator or to replace their built-in generator.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
743edf57272fd420348e148bf94f9e48ed6abb70 10-Dec-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] aead: Add givcrypt operations

This patch adds the underlying givcrypt operations for aead and associated
support elements. The rationale is identical to that of the skcipher
givcrypt operations, i.e., sometimes only the algorithm knows how the
IV should be generated.

A new request type aead_givcrypt_request is added which contains an
embedded aead_request structure with two new elements to support this
operation. The new elements are seq and giv. The seq field should
contain a strictly increasing 64-bit integer which may be used by
certain IV generators as an input value. The giv field will be used
to store the generated IV. It does not need to obey the alignment
requirements of the algorithm because it's not used during the operation.

The existing iv field must still be available as it will be used to store
intermediate IVs and the output IV if chaining is desired.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
b9c55aa475599183d0eab6833ea23e70c52dd24b 03-Dec-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] skcipher: Create default givcipher instances

This patch makes crypto_alloc_ablkcipher/crypto_grab_skcipher always
return algorithms that are capable of generating their own IVs through
givencrypt and givdecrypt. Each algorithm may specify its default IV
generator through the geniv field.

For algorithms that do not set the geniv field, the blkcipher layer will
pick a default. Currently it's chainiv for synchronous algorithms and
eseqiv for asynchronous algorithms. Note that if these wrappers do not
work on an algorithm then that algorithm must specify its own geniv or
it can't be used at all.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
ecfc43292f68566c144afca966b46b371c26d56c 05-Dec-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] skcipher: Add skcipher_geniv_alloc/skcipher_geniv_free

This patch creates the infrastructure to help the construction of givcipher
templates that wrap around existing blkcipher/ablkcipher algorithms by adding
an IV generator to them.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
23508e11ab3bb405dca66bf4d77e488bf2b07b0c 27-Nov-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] skcipher: Added geniv field

This patch introduces the geniv field which indicates the default IV
generator for each algorithm. It should point to a string that is not
freed as long as the algorithm is registered.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
61da88e2b800eed2b03834a73c46cc89ad48716d 17-Dec-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] skcipher: Add givcrypt operations and givcipher type

Different block cipher modes have different requirements for intialisation
vectors. For example, CBC can use a simple randomly generated IV while
modes such as CTR must use an IV generation mechanisms that give a stronger
guarantee on the lack of collisions. Furthermore, disk encryption modes
have their own IV generation algorithms.

Up until now IV generation has been left to the users of the symmetric
key cipher API. This is inconvenient as the number of block cipher modes
increase because the user needs to be aware of which mode is supposed to
be paired with which IV generation algorithm.

Therefore it makes sense to integrate the IV generation into the crypto
API. This patch takes the first step in that direction by creating two
new ablkcipher operations, givencrypt and givdecrypt that generates an
IV before performing the actual encryption or decryption.

The operations are currently not exposed to the user. That will be done
once the underlying functionality has actually been implemented.

It also creates the underlying givcipher type. Algorithms that directly
generate IVs would use it instead of ablkcipher. All other algorithms
(including all existing ones) would generate a givcipher algorithm upon
registration. This givcipher algorithm will be constructed from the geniv
string that's stored in every algorithm. That string will locate a template
which is instantiated by the blkcipher/ablkcipher algorithm in question to
give a givcipher algorithm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
378f4f51f9fdd8df80ea875320e2bf1d7c6e6e77 17-Dec-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] skcipher: Add crypto_grab_skcipher interface

Note: From now on the collective of ablkcipher/blkcipher/givcipher will
be known as skcipher, i.e., symmetric key cipher. The name blkcipher has
always been much of a misnomer since it supports stream ciphers too.

This patch adds the function crypto_grab_skcipher as a new way of getting
an ablkcipher spawn. The problem is that previously we did this in two
steps, first getting the algorithm and then calling crypto_init_spawn.

This meant that each spawn user had to be aware of what type and mask to
use for these two steps. This is difficult and also presents a problem
when the type/mask changes as they're about to be for IV generators.

The new interface does both steps together just like crypto_alloc_ablkcipher.

As a side-effect this also allows us to be stronger on type enforcement
for spawns. For now this is only done for ablkcipher but it's trivial
to extend for other types.

This patch also moves the type/mask logic for skcipher into the helpers
crypto_skcipher_type and crypto_skcipher_mask.

Finally this patch introduces the function crypto_require_sync to determine
whether the user is specifically requesting a sync algorithm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
551a09a7a954f720067f207657bbbd26a3fe156a 01-Dec-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Sanitise mask when allocating ablkcipher/hash

When allocating ablkcipher/hash objects, we use a mask that's wider than
the usual type mask. This patch sanitises the mask supplied by the user
so we don't end up using a narrower mask which may lead to unintended
results.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7ba683a6deba70251756aa5a021cdaa5c875a7a2 02-Dec-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] aead: Make authsize a run-time parameter

As it is authsize is an algorithm paramter which cannot be changed at
run-time. This is inconvenient because hardware that implements such
algorithms would have to register each authsize that they support
separately.

Since authsize is a property common to all AEAD algorithms, we can add
a function setauthsize that sets it at run-time, just like setkey.

This patch does exactly that and also changes authenc so that authsize
is no longer a parameter of its template.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
332f8840f7095d294f9bb066b175a100bcde214c 15-Nov-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] ablkcipher: Add distinct ABLKCIPHER type

Up until now we have ablkcipher algorithms have been identified as
type BLKCIPHER with the ASYNC bit set. This is suboptimal because
ablkcipher refers to two things. On the one hand it refers to the
top-level ablkcipher interface with requests. On the other hand it
refers to and algorithm type underneath.

As it is you cannot request a synchronous block cipher algorithm
with the ablkcipher interface on top. This is a problem because
we want to be able to eventually phase out the blkcipher top-level
interface.

This patch fixes this by making ABLKCIPHER its own type, just as
we have distinct types for HASH and DIGEST. The type it associated
with the algorithm implementation only.

Which top-level interface is used for synchronous block ciphers is
then determined by the mask that's used. If it's a specific mask
then the old blkcipher interface is given, otherwise we go with the
new ablkcipher interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
18735dd8d2d37031b97f9e9e106acbaed01eb896 19-Oct-2007 John Anthony Kazos Jr <jakj@j-a-k-j.com> crypto: convert crypto.h to UTF-8

Convert the encoding of <include/linux/crypto.h> from ISO-8859-1 to UTF-8.

Signed-off-by: John Anthony Kazos Jr. <jakj@j-a-k-j.com>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
b16c3a2e2c0307f5370b2b5e18bcbe1437b5f3d8 29-Aug-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Fixed crypto_*_reqsize return type

This patch changes the return type of crypto_*_reqsize from int to
unsigned int which matches what the underlying type is (and should
be).

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2de98e75449fc1c43d2fbb857668ae62d4f5eece 26-Aug-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] ablkcipher: Remove queue pointer from common alg object

Since not everyone needs a queue pointer and those who need it can
always get it from the context anyway the queue pointer in the
common alg object is redundant.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
39e1ee011f42dbbcb0210c73ea728ae54cf63b06 29-Aug-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Add support for multiple template parameters

This patch adds support for having multiple parameters to
a template, separated by a comma. It also adds support
for integer parameters in addition to the current algorithm
parameter type.

This will be used by the authenc template which will have
four parameters: the authentication algorithm, the encryption
algorithm, the authentication size and the encryption key
length.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1ae978208e2ee9ba1b01d309164bc5e590cd242d 30-Aug-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Add aead crypto type

This patch adds crypto_aead which is the interface for AEAD
(Authenticated Encryption with Associated Data) algorithms.

AEAD algorithms perform authentication and encryption in one
step. Traditionally users (such as IPsec) would use two
different crypto algorithms to perform these. With AEAD
this comes down to one algorithm and one operation.

Of course if traditional algorithms were used we'd still
be doing two operations underneath. However, real AEAD
algorithms may allow the underlying operations to be
optimised as well.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
e69ff734e15eb7f61621f8764ce0a2181823a737 08-Jun-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] cipher: Remove obsolete fields from cipher_tfm

This removes all the unused block cipher fields from cipher_tfm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
e196d6259141eda47aeafd88514aae652bfbfc7f 14-Apr-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Add ablkcipher_request_set_tfm

This patch adds ablkcipher_request_set_tfm for those users that need
to manage the memory for ablkcipher requests directly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
b5b7f08869340aa8cfa23303f7d195f161479592 16-Apr-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Add async blkcipher type

This patch adds the mid-level interface for asynchronous block ciphers.
It also includes a generic queueing mechanism that can be used by other
asynchronous crypto operations in future.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
ebc610e5bc76df073221e64e86c3f7533a09ea40 01-Jan-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] templates: Pass type/mask when creating instances

This patch passes the type/mask along when constructing instances of
templates. This is in preparation for templates that may support
multiple types of instances depending on what is requested. For example,
the planned software async crypto driver will use this construct.

For the moment this allows us to check whether the instance constructed
is of the correct type and avoid returning success if the type does not
match.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
32e3983fe590ac4cd70c7728eb330d43cef031a7 24-Mar-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Add async block cipher interface

This patch adds the frontend interface for asynchronous block ciphers.
In addition to the usual block cipher parameters, there is a callback
function pointer and a data pointer. The callback will be invoked only
if the encrypt/decrypt handlers return -EINPROGRESS. In other words,
if the return value of zero the completion handler (or the equivalent
code) needs to be invoked by the caller.

The request structure is allocated and freed by the caller. Its size
is determined by calling crypto_ablkcipher_reqsize(). The helpers
ablkcipher_request_alloc/ablkcipher_request_free can be used to manage
the memory for a request.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
78a1fe4f242cbe6b4578e072b75e171b92745afa 24-Dec-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Use structs for cipher/compression

Now that all cipher/compression users have switched over to the new
allocation scheme, we can get rid of the compatility defines and use
proper structs for them.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
f1ddcaf3393b7a3871809b97fae90fac841a1f39 27-Jan-2007 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Remove deprecated interface

This patch removes the old cipher interface and related code.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
cc44215eaaa5e4032946b962353526ae6c370c0e 22-Nov-2006 Adrian Bunk <bunk@stusta.de> [CRYPTO] api: Remove unused functions

This patch removes the following no longer used functions:
- api.c: crypto_alg_available()
- digest.c: crypto_digest_init()
- digest.c: crypto_digest_update()
- digest.c: crypto_digest_final()
- digest.c: crypto_digest_digest()

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
610a5b742e9df4e59047f22d13d8bd83cafce388 17-Nov-2006 Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp> [CRYPTO] api: Remove one too many semicolon

This patch has removed one too many semicolon in crypto.h.

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3ad819c61f5f8347f39cdcbe652b3c60ec615888 26-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Deprecate crypto_digest_* and crypto_alg_available

This patch marks the crypto_digest_* functions and crypto_alg_available
as deprecated. They've been replaced by crypto_hash_* and crypto_has_*
respectively.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6010439f47e6b308c031dad7d99686030ef942dd 26-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] padlock: Convert padlock-sha to use crypto_hash

This patch converts padlock-sha to use crypto_hash for its fallback.
It also changes the fallback selection to use selection by type instead
of name. This is done through the new CRYPTO_ALG_NEED_FALLBACK bit,
which is set if and only if an algorithm needs a fallback of the same
type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
e4d5b79c661c7cfca9d8d5afd040a295f128d3cb 26-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] users: Use crypto_comp and crypto_has_*

This patch converts all users to use the new crypto_comp type and the
crypto_has_* functions.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
fce32d70ba834129b164c40c2d4260e5a7a7d850 26-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Add crypto_comp and crypto_has_*

This patch adds the crypto_comp type to complete the compile-time checking
conversion. The functions crypto_has_alg and crypto_has_cipher, etc. are
also added to replace crypto_alg_available.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8425165dfed27945e8509c141cea245d1739e372 20-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] digest: Remove old HMAC implementation

This patch removes the old HMAC implementation now that nobody uses it
anymore.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
055bcee3102dc35f019b69df9c2618e9d6dd1c09 19-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] digest: Added user API for new hash type

The existing digest user interface is inadequate for support asynchronous
operations. For one it doesn't return a value to indicate success or
failure, nor does it take a per-operation descriptor which is essential
for the issuing of requests while other requests are still outstanding.

This patch is the first in a series of steps to remodel the interface
for asynchronous operations.

For the ease of transition the new interface will be known as "hash"
while the old one will remain as "digest".

This patch also changes sg_next to allow chaining.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7226bc877a22244e8003924031435a4bffd52654 21-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Mark parts of cipher interface as deprecated

Mark the parts of the cipher interface that have been replaced by
block ciphers as deprecated. Thanks to Andrew Morton for suggesting
doing this before removing them completely.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5cde0af2a9825dd1edaca233bd9590566579ef21 21-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] cipher: Added block cipher type

This patch adds the new type of block ciphers. Unlike current cipher
algorithms which operate on a single block at a time, block ciphers
operate on an arbitrarily long linear area of data. As it is block-based,
it will skip any data remaining at the end which cannot form a block.

The block cipher has one major difference when compared to the existing
block cipher implementation. The sg walking is now performed by the
algorithm rather than the cipher mid-layer. This is needed for drivers
that directly support sg lists. It also improves performance for all
algorithms as it reduces the total number of indirect calls by one.

In future the existing cipher algorithm will be converted to only have
a single-block interface. This will be done after all existing users
have switched over to the new block cipher type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
f28776a369b12f9a03a822a8e1090ed670a41f4f 13-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] cipher: Added encrypt_one/decrypt_one

This patch adds two new operations for the simple cipher that encrypts or
decrypts a single block at a time. This will be the main interface after
the existing block operations have moved over to the new block ciphers.

It also adds the crypto_cipher type which is currently only used on the
new operations but will be extended to setkey as well once existing users
have been converted to use block ciphers where applicable.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
e853c3cfa8cc24869ecd2526e589bcb176bc12e9 21-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Added crypto_type support

This patch adds the crypto_type structure which will be used for all new
crypto algorithm types, beginning with block ciphers.

The primary purpose of this abstraction is to allow different crypto_type
objects for crypto algorithms of the same type, in particular, there will
be a different crypto_type objects for asynchronous algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6d7d684d635ac5a345f075015f2c84169c111c6a 30-Jul-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Added crypto_alloc_base

Up until now all crypto transforms have been of the same type, struct
crypto_tfm, regardless of whether they are ciphers, digests, or other
types. As a result of that, we check the types at run-time before
each crypto operation.

This is rather cumbersome. We could instead use different C types for
each crypto type to ensure that the correct types are used at compile
time. That is, we would have crypto_cipher/crypto_digest instead of
just crypto_tfm. The appropriate type would then be required for the
actual operations such as crypto_digest_digest.

Now that we have the type/mask fields when looking up algorithms, it
is easy to request for an algorithm of the precise type that the user
wants. However, crypto_alloc_tfm currently does not expose these new
attributes.

This patch introduces the function crypto_alloc_base which will carry
these new parameters. It will be renamed to crypto_alloc_tfm once
all existing users have been converted.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
f3f632d61ae9af85d436706ee8e33af1a7fb9c28 06-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Added asynchronous flag

This patch adds the asynchronous flag and changes all existing users to
only look up algorithms that are synchronous.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
df89820ebd5bbf4f3c6b5f8ee7d9e983107f6a91 14-Jul-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] cipher: Removed special IV checks for ECB

This patch makes IV operations on ECB fail through nocrypt_iv rather than
calling BUG(). This is needed to generalise CBC/ECB using the template
mechanism.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
560c06ae1ab7c677002ea3b6ac83521bf12ee07d 13-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Get rid of flags argument to setkey

Now that the tfm is passed directly to setkey instead of the ctx, we no
longer need to pass the &tfm->crt_flags pointer.

This patch also gets rid of a few unnecessary checks on the key length
for ciphers as the cipher layer guarantees that the key length is within
the bounds specified by the algorithm.

Rather than testing dia_setkey every time, this patch does it only once
during crypto_alloc_tfm. The redundant check from crypto_digest_setkey
is also removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
b14cdd6704c96474ba5c74b5959487beaa5ee1cd 09-Jul-2006 Michal Ludvig <michal@logix.cz> [CRYPTO] api: Add missing accessors for new crypto_alg fields

Add missing accessors for cra_driver_name and cra_priority.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6bfd48096ff8ecabf955958b51ddfa7988eb0a14 21-Sep-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Added spawns

Spawns lock a specific crypto algorithm in place. They can then be used
with crypto_spawn_tfm to allocate a tfm for that algorithm. When the base
algorithm of a spawn is deregistered, all its spawns will be automatically
removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2b8c19dbdc692e81243a328725a02efb77b144a5 21-Sep-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Add cryptomgr

The cryptomgr module is a simple manager of crypto algorithm instances.
It ensures that parameterised algorithms of the type tmpl(alg) (e.g.,
cbc(aes)) are always created.

This is meant to satisfy the needs for most users. For more complex
cases such as deeper combinations or multiple parameters, a netlink
module will be created which allows arbitrary expressions to be parsed
in user-space.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2825982d9d66ebba4b532a07391dfbb357f71c5f 06-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Added event notification

This patch adds a notifier chain for algorithm/template registration events.
This will be used to register compound algorithms such as cbc(aes). In
future this will also be passed onto user-space through netlink.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
6521f30273fbec65146a0f16de74b7b402b0f7b0 06-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Add crypto_alg reference counting

Up until now we've relied on module reference counting to ensure that the
crypto_alg structures don't disappear from under us. This was good enough
as long as each crypto_alg came from exactly one module.

However, with parameterised crypto algorithms a crypto_alg object may need
two or more modules to operate. This means that we need to count the
references to the crypto_alg object directly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
799111020c66c41aef621a3b53ad112543754124 21-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Fixed crypto_tfm context alignment

Previously the __aligned__ attribute was added to the crypto_tfm context
member to ensure it is alinged correctly on architectures such as arm.
Unfortunately kmalloc does not use the same minimum alignment rules as
gcc so this is useless.

This patch changes it to use kmalloc's minimum alignment.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
d913ea0d6b6a48dd6eed8fc5e299b8b10e049186 21-May-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Removed const from cra_name/cra_driver_name

We do need to change these names now and even more so in future with
instantiated algorithms. So let's stop lying to the compiler and get
rid of the const modifiers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
c7fc05992afcf1d63d6d5fb6142c8d39094dbca9 24-May-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Added cra_init/cra_exit

This patch adds the hooks cra_init/cra_exit which are called during a tfm's
construction and destruction respectively. This will be used by the instances
to allocate child tfm's.

For now this lets us get rid of the coa_init/coa_exit functions which are
used for exactly that purpose (unlike the dia_init function which is called
for each transaction).

In fact the coa_exit path is currently buggy as it may get called twice
when an error is encountered during initialisation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
6c2bb98bc33ae33c7a33a133a4cd5a06395fece5 16-May-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] all: Pass tfm instead of ctx to algorithms

Up until now algorithms have been happy to get a context pointer since
they know everything that's in the tfm already (e.g., alignment, block
size).

However, once we have parameterised algorithms, such information will
be specific to each tfm. So the algorithm API needs to be changed to
pass the tfm structure instead of the context pointer.

This patch is basically a text substitution. The only tricky bit is
the assembly routines that need to get the context pointer offset
through asm-offsets.h.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
62c4f0a2d5a188f73a94f2cb8ea0dba3e7cf0a7f 26-Apr-2006 David Woodhouse <dwmw2@infradead.org> Don't include linux/config.h from anywhere else in include/

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
f10b7897ee29649fa7f0ccdc8d859ccd6ce7dbfd 25-Jan-2006 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] api: Align tfm context as wide as possible

Since tfm contexts can contain arbitrary types we should provide at least
natural alignment (__attribute__ ((__aligned__))) for them. In particular,
this is needed on the Xscale which is a 32-bit architecture with a u64 type
that requires 64-bit alignment. This problem was reported by Ronen Shitrit.

The crypto_tfm structure's size was 44 bytes on 32-bit architectures and
80 bytes on 64-bit architectures. So adding this requirement only means
that we have to add an extra 4 bytes on 32-bit architectures.

On i386 the natural alignment is 16 bytes which also benefits the VIA
Padlock as it no longer has to manually align its context structure to
128 bits.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
5cb1454b862ab3040b78364d58330262fea1ddba 05-Nov-2005 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] Allow multiple implementations of the same algorithm

This is the first step on the road towards asynchronous support in
the Crypto API. It adds support for having multiple crypto_alg objects
for the same algorithm registered in the system.

For example, each device driver would register a crypto_alg object
for each algorithm that it supports. While at the same time the
user may load software implementations of those same algorithms.

Users of the Crypto API may then select a specific implementation
by name, or choose any implementation for a given algorithm with
the highest priority.

The priority field is a 32-bit signed integer. In future it will be
possible to modify it from user-space.

This also provides a solution to the problem of selecting amongst
various AES implementations, that is, aes vs. aes-i586 vs. aes-padlock.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
64baf3cfea974d2b9e671ccfdbc03e030ea5ebc6 02-Sep-2005 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO]: Added CRYPTO_TFM_REQ_MAY_SLEEP flag

The crypto layer currently uses in_atomic() to determine whether it is
allowed to sleep. This is incorrect since spin locks don't always cause
in_atomic() to return true.

Instead of that, this patch returns to an earlier idea of a per-tfm flag
which determines whether sleeping is allowed. Unlike the earlier version,
the default is to not allow sleeping. This ensures that no existing code
can break.

As usual, this flag may either be set through crypto_alloc_tfm(), or
just before a specific crypto operation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
fbdae9f3e7fb57c07cb0d973f113eb25da2e8ff2 06-Jul-2005 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] Ensure cit_iv is aligned correctly

This patch ensures that cit_iv is aligned according to cra_alignmask
by allocating it as part of the tfm structure. As a side effect the
crypto layer will also guarantee that the tfm ctx area has enough space
to be aligned by cra_alignmask. This allows us to remove the extra
space reservation from the Padlock driver.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
95477377995aefa2ec1654a9a3777bd57ea99146 06-Jul-2005 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] Add alignmask for low-level cipher implementations

The VIA Padlock device requires the input and output buffers to
be aligned on 16-byte boundaries. This patch adds the alignmask
attribute for low-level cipher implementations to indicate their
alignment requirements.

The mid-level crypt() function will copy the input/output buffers
if they are not aligned correctly before they are passed to the
low-level implementation.

Strictly speaking, some of the software implementations require
the buffers to be aligned on 4-byte boundaries as they do 32-bit
loads. However, it is not clear whether it is better to copy
the buffers or pay the penalty for unaligned loads/stores.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
40725181b74be6b0e3bdc8c05bd1e0b9873ec5cc 06-Jul-2005 Herbert Xu <herbert@gondor.apana.org.au> [CRYPTO] Add support for low-level multi-block operations

This patch adds hooks for cipher algorithms to implement multi-block
ECB/CBC operations directly. This is expected to provide significant
performance boots to the VIA Padlock.

It could also be used for improving software implementations such as
AES where operating on multiple blocks at a time may enable certain
optimisations.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 17-Apr-2005 Linus Torvalds <torvalds@ppc970.osdl.org> Linux-2.6.12-rc2

Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.

Let it rip!