user/sven/linux.git/include/crypto, branch v4.20.12 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.20.12 2018-10-26T08:30:46Z KEYS: asym_tpm: extract key size & public key [ver #2] 2018-10-26T08:30:46Z Denis Kenzior denkenz@gmail.com 2018-10-09T16:48:10Z urn:sha1:f8c54e1ac4b82933dfcf88c37892da8ae35ccbe4 The parsed BER/DER blob obtained from user space contains a TPM_Key structure. This structure has some information about the key as well as the public key portion. This patch extracts this information for future use. Signed-off-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: James Morris <james.morris@microsoft.com> KEYS: asym_tpm: add skeleton for asym_tpm [ver #2] 2018-10-26T08:30:46Z Denis Kenzior denkenz@gmail.com 2018-10-09T16:48:02Z urn:sha1:903be6bb84c544551150a6f5aab9fda1ed9a6895 This patch adds the basic skeleton for the asym_tpm asymmetric key subtype. Signed-off-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: James Morris <james.morris@microsoft.com> KEYS: Allow the public_key struct to hold a private key [ver #2] 2018-10-26T08:30:46Z David Howells dhowells@redhat.com 2018-10-09T16:47:31Z urn:sha1:f7c4e06e066c3df282e6e3d4e7d8c498be9e1e46 Put a flag in the public_key struct to indicate if the structure is holding a private key. The private key must be held ASN.1 encoded in the format specified in RFC 3447 A.1.2. This is the form required by crypto/rsa.c. The software encryption subtype's verification and query functions then need to select the appropriate crypto function to set the key. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Denis Kenzior <denkenz@gmail.com> Tested-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: James Morris <james.morris@microsoft.com> KEYS: Provide missing asymmetric key subops for new key type ops [ver #2] 2018-10-26T08:30:46Z David Howells dhowells@redhat.com 2018-10-09T16:47:07Z urn:sha1:5a30771832aab228e0863e414f9182f86797429e Provide the missing asymmetric key subops for new key type ops. This include query, encrypt, decrypt and create signature. Verify signature already exists. Also provided are accessor functions for this: int query_asymmetric_key(const struct key *key, struct kernel_pkey_query *info); int encrypt_blob(struct kernel_pkey_params *params, const void *data, void *enc); int decrypt_blob(struct kernel_pkey_params *params, const void *enc, void *data); int create_signature(struct kernel_pkey_params *params, const void *data, void *enc); The public_key_signature struct gains an encoding field to carry the encoding for verify_signature(). Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Denis Kenzior <denkenz@gmail.com> Tested-by: Denis Kenzior <denkenz@gmail.com> Signed-off-by: James Morris <james.morris@microsoft.com> crypto/morus(640,1280) - make crypto_...-algs static 2018-10-05T02:22:48Z valdis.kletnieks@vt.edu valdis.kletnieks@vt.edu 2018-09-26T22:49:38Z urn:sha1:90a8c78b8b5e2c8537a170ee675127f02ca94532 sparse complains thusly: CHECK arch/x86/crypto/morus640-sse2-glue.c arch/x86/crypto/morus640-sse2-glue.c:38:1: warning: symbol 'crypto_morus640_sse2_algs' was not declared. Should it be static? CHECK arch/x86/crypto/morus1280-sse2-glue.c arch/x86/crypto/morus1280-sse2-glue.c:38:1: warning: symbol 'crypto_morus1280_sse2_algs' was not declared. Should it be static? CHECK arch/x86/crypto/morus1280-avx2-glue.c arch/x86/crypto/morus1280-avx2-glue.c:38:1: warning: symbol 'crypto_morus1280_avx2_algs' was not declared. Should it be static? and sparse is correct - these don't need to be global and polluting the namespace. Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu> Acked-by: Ondrej Mosnacek <omosnacek@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: user - Implement a generic crypto statistics 2018-09-28T04:46:25Z Corentin Labbe clabbe@baylibre.com 2018-09-19T10:10:54Z urn:sha1:cac5818c25d0423bda73e2b6997404ed0a7ed9e3 This patch implement a generic way to get statistics about all crypto usages. Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: skcipher - Remove SKCIPHER_REQUEST_ON_STACK() 2018-09-28T04:46:09Z Kees Cook keescook@chromium.org 2018-09-19T02:11:00Z urn:sha1:a9cbfe4c784436368790f0c59674f99ba97ae21e Now that all the users of the VLA-generating SKCIPHER_REQUEST_ON_STACK() macro have been moved to SYNC_SKCIPHER_REQUEST_ON_STACK(), we can remove the former. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: null - Remove VLA usage of skcipher 2018-09-28T04:46:08Z Kees Cook keescook@chromium.org 2018-09-19T02:10:51Z urn:sha1:8d605398425843c7ce3c0e9a0434d832d3bd54cc In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: skcipher - Introduce crypto_sync_skcipher 2018-09-28T04:46:06Z Kees Cook keescook@chromium.org 2018-09-19T02:10:38Z urn:sha1:b350bee5ea0f4db75d4c6191a2e95db16f40c278 In preparation for removal of VLAs due to skcipher requests on the stack via SKCIPHER_REQUEST_ON_STACK() usage, this introduces the infrastructure for the "sync skcipher" tfm, which is for handling the on-stack cases of skcipher, which are always non-ASYNC and have a known limited request size. The crypto API additions: struct crypto_sync_skcipher (wrapper for struct crypto_skcipher) crypto_alloc_sync_skcipher() crypto_free_sync_skcipher() crypto_sync_skcipher_setkey() crypto_sync_skcipher_get_flags() crypto_sync_skcipher_set_flags() crypto_sync_skcipher_clear_flags() crypto_sync_skcipher_blocksize() crypto_sync_skcipher_ivsize() crypto_sync_skcipher_reqtfm() skcipher_request_set_sync_tfm() SYNC_SKCIPHER_REQUEST_ON_STACK() (with tfm type check) Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: chacha20 - Fix chacha20_block() keystream alignment (again) 2018-09-21T05:24:50Z Eric Biggers ebiggers@google.com 2018-09-12T03:05:10Z urn:sha1:a5e9f557098e54af44ade5d501379be18435bfbf In commit 9f480faec58c ("crypto: chacha20 - Fix keystream alignment for chacha20_block()"), I had missed that chacha20_block() can be called directly on the buffer passed to get_random_bytes(), which can have any alignment. So, while my commit didn't break anything, it didn't fully solve the alignment problems. Revert my solution and just update chacha20_block() to use put_unaligned_le32(), so the output buffer need not be aligned. This is simpler, and on many CPUs it's the same speed. But, I kept the 'tmp' buffers in extract_crng_user() and _get_random_bytes() 4-byte aligned, since that alignment is actually needed for _crng_backtrack_protect() too. Reported-by: Stephan Müller <smueller@chronox.de> Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>