kernel/drivers/crypto/ccp/ccp-crypto.h, branch linux-rolling-stable

crypto: sha - split sha.h into sha1.h and sha2.h

2020-11-20T03:45:33Z

Currently contains declarations for both SHA-1 and SHA-2, and contains declarations for SHA-3. This organization is inconsistent, but more importantly SHA-1 is no longer considered to be cryptographically secure. So to the extent possible, SHA-1 shouldn't be grouped together with any of the other SHA versions, and usage of it should be phased out. Therefore, split into two headers and , and make everyone explicitly specify whether they want the declarations for SHA-1, SHA-2, or both. This avoids making the SHA-1 declarations visible to files that don't want anything to do with SHA-1. It also prepares for potentially moving sha1.h into a new insecure/ or dangerous/ directory. Signed-off-by: Eric Biggers Acked-by: Ard Biesheuvel Acked-by: Jason A. Donenfeld Signed-off-by: Herbert Xu

crypto: ccp - permit asynchronous skcipher as fallback

2020-07-16T11:49:03Z

Even though the ccp driver implements an asynchronous version of xts(aes), the fallback it allocates is required to be synchronous. Given that SIMD based software implementations are usually asynchronous as well, even though they rarely complete asynchronously (this typically only happens in cases where the request was made from softirq context, while SIMD was already in use in the task context that it interrupted), these implementations are disregarded, and either the generic C version or another table based version implemented in assembler is selected instead. Since falling back to synchronous AES is not only a performance issue, but potentially a security issue as well (due to the fact that table based AES is not time invariant), let's fix this, by allocating an ordinary skcipher as the fallback, and invoke it with the completion routine that was given to the outer request. Signed-off-by: Ard Biesheuvel Acked-by: John Allen Signed-off-by: Herbert Xu

crypto: ccp - switch from ablkcipher to skcipher

2019-11-17T01:02:45Z

Commit 7a7ffe65c8c5 ("crypto: skcipher - Add top-level skcipher interface") dated 20 august 2015 introduced the new skcipher API which is supposed to replace both blkcipher and ablkcipher. While all consumers of the API have been converted long ago, some producers of the ablkcipher remain, forcing us to keep the ablkcipher support routines alive, along with the matching code to expose [a]blkciphers via the skcipher API. So switch this driver to the skcipher API, allowing us to finally drop the ablkcipher code in the near future. Reviewed-by: Gary R Hook Tested-by: Gary R Hook Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu

crypto: ccp - Remove unnecessary linux/pci.h include

2019-08-09T05:12:30Z

Remove unused includes of linux/pci.h. Signed-off-by: Bjorn Helgaas Acked-by: Gary R Hook Signed-off-by: Herbert Xu

crypto: ccp - Include the module name in system log messages

2019-07-26T12:08:06Z

Redefine pr_fmt so that the module name is prefixed to every log message produced by the ccp-crypto module Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu

crypto: ccp - move to AES library for CMAC key derivation

2019-07-26T04:58:13Z

Use the AES library instead of the cipher interface to perform the single block of AES processing involved in updating the key of the cmac(aes) hash. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500

2019-06-19T15:09:55Z

Based on 2 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation # extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 4122 file(s). Signed-off-by: Thomas Gleixner Reviewed-by: Enrico Weigelt Reviewed-by: Kate Stewart Reviewed-by: Allison Randal Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de Signed-off-by: Greg Kroah-Hartman

crypto: ccp - Remove VLA usage of skcipher

2018-09-28T04:46:08Z

In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: Tom Lendacky Cc: Gary Hook Signed-off-by: Kees Cook Signed-off-by: Herbert Xu

crypto: ccp - Add XTS-AES-256 support for CCP version 5

2017-08-04T01:27:44Z

Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu

csrypto: ccp - Expand RSA support for a v5 ccp

2017-07-28T09:58:06Z

A version 5 CCP can handle an RSA modulus up to 16k bits. Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu