On Wed, Jun 22, 2016 at 08:29:37PM +0200, Mathias Krause wrote:
> Commit 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG")
> accidentally removed the minimum size check for CRYPTO_MSG_GETALG
> netlink messages. This allows userland to send a truncated
> CRYPTO_MSG_GETALG message as short as a n
On Wed, Jun 22, 2016 at 05:49:12PM +0100, Salvatore Benedetto wrote:
> Hi Herb,
>
> the following patchset introduces a new API for abstracting key-agreement
> protocols such as DH and ECDH. It provides the primitives required for
> implementing
> the protocol, thus the name KPP (Key-agreement Pr
On Wed, Jun 22, 2016 at 01:23:39PM +0200, Romain Perier wrote:
> Hello,
>
> Le 22/06/2016 12:33, Herbert Xu a écrit :
> >Romain Perier wrote:
> >>Add a BUG_ON() call when the driver tries to launch a crypto request
> >>while the engine is still processing the previous one. This replaces
> >>a sil
On Tue, Jun 21, 2016 at 06:21:46PM -0700, Megha Dey wrote:
> From: Megha Dey
>
> Herbert wants the sha1-mb algorithm to have an async implementation:
> https://lkml.org/lkml/2016/4/5/286.
> Currently, sha1-mb uses an async interface for the outer algorithm
> and a sync interface for the inner alg
On Wed, Jun 22, 2016 at 04:53:50PM +0100, Giovanni Cabiddu wrote:
> On Mon, Jun 13, 2016 at 04:56:12PM +0800, Herbert Xu wrote:
> > The backup path is also very unlikely to work because we'll be
> > hitting this with 64K sizes and this just won't work with a 4K
> > page size.
> Is scatterwalk_map_a
Provide five new operations in the key_type struct that can be used to
provide access to asymmetric key operations. These will be implemented for
the asymmetric key type in a later patch and may refer to a key retained in
RAM by the kernel or a key retained in crypto hardware.
int (*asym_que
Here's a set of patches that provides keyctl access for asymmetric keys,
including a query function, and functions to do encryption, decryption,
signature creation and signature verification.
I've added a PKCS#8 asymmetric key parser so that you can load an RSA private
key into the kernel. Curre
Implement the encrypt, decrypt and sign operations for the software
asymmetric key subtype. This mostly involves offloading the call to the
crypto layer.
Note that the decrypt and sign operations require a private key to be
supplied. Encrypt (and also verify) will work with either a public or a
Implement PKCS#8 RSA Private Key format [RFC 5208] parser for the
asymmetric key type. For the moment, this will only support unencrypted
DER blobs. PEM and decryption can be added later.
PKCS#8 keys can be loaded like this:
openssl pkcs8 -in private_key.pem -topk8 -nocrypt -outform DER
Put a flag in the public_key struct to indicate if the structure is holding
a private key. The private key must be held ASN.1 encoded in the format
specified in RFC 3447 A.1.2. This is the form required by crypto/rsa.c.
The software encryption subtype's verification and query functions then
need
Provide five keyctl functions that permit userspace to make use of the new
key type ops for accessing and driving asymmetric keys.
(*) Query an asymmetric key.
long keyctl(KEYCTL_PKEY_QUERY,
key_serial_t key, unsigned long reserved,
struct keyctl_p
Here's a set of patches that provides keyctl access for asymmetric keys,
including a query function, and functions to do encryption, decryption,
signature creation and signature verification.
I've added a PKCS#8 asymmetric key parser so that you can load an RSA private
key into the kernel. Curre
Provide the missing asymmetric key subops for new key type ops. This
include query, encrypt, decrypt and create signature. Verify signature
already exists. Also provided are accessor functions for this:
int query_asymmetric_key(const struct key *key,
str
Provide a query function for the software public key implementation. This
permits information about such a key to be obtained using
query_asymmetric_key() or KEYCTL_PKEY_QUERY.
Signed-off-by: David Howells
---
crypto/asymmetric_keys/public_key.c | 96 ++-
1 fi
Make the X.509 and PKCS7 parsers fill in the signature encoding type field
recently added to the public_key_signature struct.
Signed-off-by: David Howells
---
crypto/asymmetric_keys/pkcs7_parser.c |1 +
crypto/asymmetric_keys/x509_cert_parser.c | 21 +
2 files chan
Am Donnerstag, 23. Juni 2016, 18:43:57 schrieb Herbert Xu:
Hi Herbert,
> On Wed, Jun 22, 2016 at 08:29:37PM +0200, Mathias Krause wrote:
> > Commit 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG")
> > accidentally removed the minimum size check for CRYPTO_MSG_GETALG
> > netlink messages. Thi
Hi Stephan,
>>
This brings me to another proposal for read buffer sizing: AF_ALG akcipher
can guarantee that partial reads (where the read buffer is shorter than
the output of the crypto op) will work using the same semantics as
SOCK_DGRAM/SOCK_SEQPACKET. With those sockets, as much data as will
Hi Herbert,
On 06/22/2016 03:14 AM, Herbert Xu wrote:
> This was prompted by the caam RSA submission where a lot of work
> was done just to strip the RSA output of leading zeroes. This is
> in fact completely pointless because the only user of RSA in the
> kernel then promptly puts them back.
>
>
David,
On Thu, 23 Jun 2016, David Howells wrote:
Provide a query function for the software public key implementation. This
permits information about such a key to be obtained using
query_asymmetric_key() or KEYCTL_PKEY_QUERY.
Signed-off-by: David Howells
---
crypto/asymmetric_keys/public_k
tree:
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
head: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2
commit: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 [79/79] crypto: ecdh - Add
ECDH software support
config: i386-allyesconfig (attached as .config)
compiler: gcc
On Wed, Jun 22, 2016 at 11:41 PM, Herbert Xu
wrote:
> On Thu, Jun 23, 2016 at 11:48:25AM +0800, Herbert Xu wrote:
>>
>> No we never had such an API in the kernel. However, I see that
>> rxkad does some pretty silly things and we should be able to avoid
>> using the stack in pretty much all cases.
From: Stephan Mueller
Add the flags for handling signature generation and signature
verification.
Also, the patch adds the interface for setting a public key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
include/uapi/linux/if_alg.h |3 +++
1 file changed, 3 insertions(
First four patches are a resend algif_akcipher from
Stephan Mueller, with minor changes after rebase on top of 4.7-rc1.
The next three patches add support for keys stored in system
keyring subsystem.
First patch adds algif_akcipher nokey hadlers.
Second patch adds generic sign, verify, encrypt,
From: Stephan Mueller
Add the Makefile and Kconfig updates to allow algif_akcipher to be
compiled.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/Kconfig |9 +
crypto/Makefile |1 +
2 files changed, 10 insertions(+)
diff --git a/crypto/Kconfig b/crypt
This patch adds support for asymmetric key type to AF_ALG.
It will work as follows: A new PF_ALG socket options are
added on top of existing ALG_SET_KEY and ALG_SET_PUBKEY, namely
ALG_SET_KEY_ID and ALG_SET_PUBKEY_ID for setting public and
private keys respectively. When these new options will be u
From: Stephan Mueller
This patch adds the user space interface for asymmetric ciphers. The
interface allows the use of sendmsg as well as vmsplice to provide data.
This version has been rebased on top of 4.7 and a few chackpatch issues
have been fixed. This version also removes the constrain on
From: Stephan Mueller
For supporting asymmetric ciphers, user space must be able to set the
public key. The patch adds a new setsockopt call for setting the public
key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 18 +-
include/c
Similar to algif_skcipher and algif_hash, algif_akcipher needs
to prevent user space from using the interface in an improper way.
This patch adds nokey ops handlers, which do just that.
Signed-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 159 +-
On Thu, Jun 23, 2016 at 04:46:26PM +0200, Stephan Mueller wrote:
>
> Please revert my patch eed1e1afd8d542d9644534c1b712599b5d680007 as requested
> by Matthias.
It's already done. Thanks.
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/
Hi,
[auto build test ERROR on cryptodev/master]
[also build test ERROR on v4.7-rc4 next-20160623]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Tadeusz-Struk/crypto-algif-add-akcipher/20160624
From: Megha Dey
In this patch series, we introduce the multi-buffer crypto algorithm on
x86_64 and apply it to SHA256 hash computation. The multi-buffer technique
takes advantage of the 8 data lanes in the AVX2 registers and allows
computation to be performed on data from multiple jobs in parall
From: Megha Dey
The existing test suite to calculate the speed of the SHA algorithms
assumes serial (single buffer)) computation of data. With the SHA
multibuffer algorithms, we work on 8 lanes of data in parallel. Hence,
the need to introduce a new test suite to calculate the speed for these
alg
This patch introduces the routines used to submit and flush buffers
belonging to SHA256 crypto jobs to the SHA256 multibuffer algorithm. It
is implemented mostly in assembly optimized with AVX2 instructions.
Signed-off-by: Megha Dey
Reviewed-by: Fenghua Yu
Reviewed-by: Tim Chen
---
.../crypto/
This patch introduces the data structures and prototypes of
functions needed for computing SHA256 hash using multi-buffer.
Included are the structures of the multi-buffer SHA256 job,
job scheduler in C and x86 assembly.
Signed-off-by: Megha Dey
Reviewed-by: Fenghua Yu
Reviewed-by: Tim Chen
---
From: Megha Dey
Until now, there was only support for the SHA1 multibuffer algorithm.
Hence, there was just one sha-mb folder. Now, with the introduction of
the SHA256 multi-buffer algorithm , it is logical to name the existing
folder as sha1-mb.
Signed-off-by: Megha Dey
Reviewed-by: Fenghua Yu
This patch introduces the assembly routines to do SHA256 computation
on buffers belonging to several jobs at once. The assembly routines
are optimized with AVX2 instructions that have 8 data lanes and using
AVX2 registers.
Signed-off-by: Megha Dey
Reviewed-by: Fenghua Yu
Reviewed-by: Tim Chen
Add the config CRYPTO_SHA256_MB which will enable the computation using the
SHA256 multi-buffer algorithm.
Signed-off-by: Megha Dey
Reviewed-by: Fenghua Yu
Reviewed-by: Tim Chen
---
crypto/Kconfig | 16
1 file changed, 16 insertions(+)
diff --git a/crypto/Kconfig b/crypto/Kco
This patch introduces the multi-buffer job manager which is responsible for
submitting scatter-gather buffers from several SHA256 jobs to the
multi-buffer algorithm. It also contains the flush routine to that's
called by the crypto daemon to complete the job when no new jobs arrive
before the deadl
On Fri, Jun 24, 2016 at 03:47:04AM +0800, kbuild test robot wrote:
> tree:
> https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
> master
> head: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2
> commit: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 [79/79] crypto: ecdh - Add
> ECD
Am Donnerstag, 23. Juni 2016, 15:55:26 schrieb Tadeusz Struk:
Hi Tadeusz,
> First four patches are a resend algif_akcipher from
> Stephan Mueller, with minor changes after rebase on top of 4.7-rc1.
The first four patches:
Acked-by: Stephan Mueller
Ciao
Stephan
--
To unsubscribe from this lis
On Fri, Jun 24, 2016 at 07:06:49AM +0100, Salvatore Benedetto wrote:
>
> can you squash the following patch?
No, please prune anything that we don't use from ecc.c.
Thanks,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.t
On Fri, Jun 24, 2016 at 02:10:12PM +0800, Herbert Xu wrote:
> On Fri, Jun 24, 2016 at 07:06:49AM +0100, Salvatore Benedetto wrote:
> >
> > can you squash the following patch?
>
> No, please prune anything that we don't use from ecc.c.
I take that back. I see it's actually coming from bluetooth.
On Fri, Jun 24, 2016 at 02:10:12PM +0800, Herbert Xu wrote:
> On Fri, Jun 24, 2016 at 07:06:49AM +0100, Salvatore Benedetto wrote:
> >
> > can you squash the following patch?
>
> No, please prune anything that we don't use from ecc.c.
We do use the symbol in question, and I'm pretty sure we use
a
On Fri, Jun 24, 2016 at 07:23:42AM +0100, Salvatore Benedetto wrote:
>
> We do use the symbol in question, and I'm pretty sure we use
> all of crypto/ecc.c. I was going to send a patch where
> I remove the net/bluetooth/ecc.c
I see. In that case either rename the symbols in net/bluetooth/ecc.c
si
On Fri, Jun 24, 2016 at 07:23:16AM +0100, Herbert Xu wrote:
> On Fri, Jun 24, 2016 at 02:10:12PM +0800, Herbert Xu wrote:
> > On Fri, Jun 24, 2016 at 07:06:49AM +0100, Salvatore Benedetto wrote:
> > >
> > > can you squash the following patch?
> >
> > No, please prune anything that we don't use fro
On Fri, Jun 24, 2016 at 07:36:44AM +0100, Salvatore Benedetto wrote:
>
>
> The patch was based on the current tree. I just pulled.
> There is not point in moving to lib because bluetooth is
> about to be converted to kpp.
> That patch I believe will go up the bluetooth tree, so
> my suggestion is
46 matches
Mail list logo
