diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-07-26 13:40:17 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-07-26 13:40:17 -0700 |
commit | bbce2ad2d711c12d93145a7bbdf086e73f414bcd (patch) | |
tree | 35432a39f68f4c5df44ed38037cbf05adadb923e /security | |
parent | 0f776dc377f6c87f4e4d4a5f63602f33fb93b31e (diff) | |
parent | 0f95e2ffc58f5d32a90eb1051d17aeebc21cf91d (diff) | |
download | op-kernel-dev-bbce2ad2d711c12d93145a7bbdf086e73f414bcd.zip op-kernel-dev-bbce2ad2d711c12d93145a7bbdf086e73f414bcd.tar.gz |
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu:
"Here is the crypto update for 4.8:
API:
- first part of skcipher low-level conversions
- add KPP (Key-agreement Protocol Primitives) interface.
Algorithms:
- fix IPsec/cryptd reordering issues that affects aesni
- RSA no longer does explicit leading zero removal
- add SHA3
- add DH
- add ECDH
- improve DRBG performance by not doing CTR by hand
Drivers:
- add x86 AVX2 multibuffer SHA256/512
- add POWER8 optimised crc32c
- add xts support to vmx
- add DH support to qat
- add RSA support to caam
- add Layerscape support to caam
- add SEC1 AEAD support to talitos
- improve performance by chaining requests in marvell/cesa
- add support for Araneus Alea I USB RNG
- add support for Broadcom BCM5301 RNG
- add support for Amlogic Meson RNG
- add support Broadcom NSP SoC RNG"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (180 commits)
crypto: vmx - Fix aes_p8_xts_decrypt build failure
crypto: vmx - Ignore generated files
crypto: vmx - Adding support for XTS
crypto: vmx - Adding asm subroutines for XTS
crypto: skcipher - add comment for skcipher_alg->base
crypto: testmgr - Print akcipher algorithm name
crypto: marvell - Fix wrong flag used for GFP in mv_cesa_dma_add_iv_op
crypto: nx - off by one bug in nx_of_update_msc()
crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct
crypto: scatterwalk - Inline start/map/done
crypto: scatterwalk - Remove unnecessary BUG in scatterwalk_start
crypto: scatterwalk - Remove unnecessary advance in scatterwalk_pagedone
crypto: scatterwalk - Fix test in scatterwalk_done
crypto: api - Optimise away crypto_yield when hard preemption is on
crypto: scatterwalk - add no-copy support to copychunks
crypto: scatterwalk - Remove scatterwalk_bytes_sglen
crypto: omap - Stop using crypto scatterwalk_bytes_sglen
crypto: skcipher - Remove top-level givcipher interface
crypto: user - Remove crypto_lookup_skcipher call
crypto: cts - Convert to skcipher
...
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/big_key.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 9e443fc..c0b3030 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c @@ -18,6 +18,7 @@ #include <keys/user-type.h> #include <keys/big_key-type.h> #include <crypto/rng.h> +#include <crypto/skcipher.h> /* * Layout of key payload words. @@ -74,7 +75,7 @@ static const char big_key_alg_name[] = "ecb(aes)"; * Crypto algorithms for big_key data encryption */ static struct crypto_rng *big_key_rng; -static struct crypto_blkcipher *big_key_blkcipher; +static struct crypto_skcipher *big_key_skcipher; /* * Generate random key to encrypt big_key data @@ -91,22 +92,26 @@ static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key) { int ret = -EINVAL; struct scatterlist sgio; - struct blkcipher_desc desc; + SKCIPHER_REQUEST_ON_STACK(req, big_key_skcipher); - if (crypto_blkcipher_setkey(big_key_blkcipher, key, ENC_KEY_SIZE)) { + if (crypto_skcipher_setkey(big_key_skcipher, key, ENC_KEY_SIZE)) { ret = -EAGAIN; goto error; } - desc.flags = 0; - desc.tfm = big_key_blkcipher; + skcipher_request_set_tfm(req, big_key_skcipher); + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, + NULL, NULL); sg_init_one(&sgio, data, datalen); + skcipher_request_set_crypt(req, &sgio, &sgio, datalen, NULL); if (op == BIG_KEY_ENC) - ret = crypto_blkcipher_encrypt(&desc, &sgio, &sgio, datalen); + ret = crypto_skcipher_encrypt(req); else - ret = crypto_blkcipher_decrypt(&desc, &sgio, &sgio, datalen); + ret = crypto_skcipher_decrypt(req); + + skcipher_request_zero(req); error: return ret; @@ -140,7 +145,7 @@ int big_key_preparse(struct key_preparsed_payload *prep) * * File content is stored encrypted with randomly generated key. */ - size_t enclen = ALIGN(datalen, crypto_blkcipher_blocksize(big_key_blkcipher)); + size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher)); /* prepare aligned data to encrypt */ data = kmalloc(enclen, GFP_KERNEL); @@ -288,7 +293,7 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen) struct file *file; u8 *data; u8 *enckey = (u8 *)key->payload.data[big_key_data]; - size_t enclen = ALIGN(datalen, crypto_blkcipher_blocksize(big_key_blkcipher)); + size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher)); data = kmalloc(enclen, GFP_KERNEL); if (!data) @@ -359,9 +364,10 @@ static int __init big_key_crypto_init(void) goto error; /* init block cipher */ - big_key_blkcipher = crypto_alloc_blkcipher(big_key_alg_name, 0, 0); - if (IS_ERR(big_key_blkcipher)) { - big_key_blkcipher = NULL; + big_key_skcipher = crypto_alloc_skcipher(big_key_alg_name, + 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(big_key_skcipher)) { + big_key_skcipher = NULL; ret = -EFAULT; goto error; } |