From 2062c5b6da758ca2bb64b698d7f9c5c45a06fcf9 Mon Sep 17 00:00:00 2001 From: Dan Streetman Date: Thu, 7 May 2015 13:49:15 -0400 Subject: crypto: 842 - change 842 alg to use software Change the crypto 842 compression alg to use the software 842 compression and decompression library. Add the crypto driver_name as "842-generic". Remove the fallback to LZO compression. Previously, this crypto compression alg attemped 842 compression using PowerPC hardware, and fell back to LZO compression and decompression if the 842 PowerPC hardware was unavailable or failed. This should not fall back to any other compression method, however; users of this crypto compression alg can fallback if desired, and transparent fallback tricks callers into thinking they are getting 842 compression when they actually get LZO compression - the failure of the 842 hardware should not be transparent to the caller. The crypto compression alg for a hardware device also should not be located in crypto/ so this is now a software-only implementation that uses the 842 software compression/decompression library. Signed-off-by: Dan Streetman Signed-off-by: Herbert Xu --- crypto/Kconfig | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 8aaf298..eba55b4 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1412,10 +1412,9 @@ config CRYPTO_LZO config CRYPTO_842 tristate "842 compression algorithm" - depends on CRYPTO_DEV_NX_COMPRESS - # 842 uses lzo if the hardware becomes unavailable - select LZO_COMPRESS - select LZO_DECOMPRESS + select CRYPTO_ALGAPI + select 842_COMPRESS + select 842_DECOMPRESS help This is the 842 algorithm. -- cgit v1.1 From 856e3f4092cfd9ea6d6564e73f5bce5a0ac3cae3 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 21 May 2015 15:11:13 +0800 Subject: crypto: seqiv - Add support for new AEAD interface This patch converts the seqiv IV generator to work with the new AEAD interface where IV generators are just normal AEAD algorithms. Full backwards compatibility is paramount at this point since no users have yet switched over to the new interface. Nor can they switch to the new interface until IV generation is fully supported by it. So this means we are adding two versions of seqiv alongside the existing one. The first one is the one that will be used when the underlying AEAD algorithm has switched over to the new AEAD interface. The second one handles the current case where the underlying AEAD algorithm still uses the old interface. Both versions export themselves through the new AEAD interface. Signed-off-by: Herbert Xu --- crypto/Kconfig | 1 + 1 file changed, 1 insertion(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index eba55b4..657bb82 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -221,6 +221,7 @@ config CRYPTO_SEQIV tristate "Sequence Number IV Generator" select CRYPTO_AEAD select CRYPTO_BLKCIPHER + select CRYPTO_NULL select CRYPTO_RNG help This IV generator generates an IV based on a sequence number by -- cgit v1.1 From a10f554fa7e09ad236cfa0bdabaf6549c0b073a4 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 21 May 2015 15:11:15 +0800 Subject: crypto: echainiv - Add encrypted chain IV generator This patch adds a new AEAD IV generator echainiv. It is intended to replace the existing skcipher IV generator eseqiv. If the underlying AEAD algorithm is using the old AEAD interface, then echainiv will simply use its IV generator. Otherwise, echainiv will encrypt a counter just like eseqiv but it'll first xor it against a previously stored IV similar to chainiv. Signed-off-by: Herbert Xu --- crypto/Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 657bb82..b7088d1 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -227,6 +227,16 @@ config CRYPTO_SEQIV This IV generator generates an IV based on a sequence number by xoring it with a salt. This algorithm is mainly useful for CTR +config CRYPTO_ECHAINIV + tristate "Encrypted Chain IV Generator" + select CRYPTO_AEAD + select CRYPTO_NULL + select CRYPTO_RNG + help + This IV generator generates an IV based on the encryption of + a sequence number xored with a salt. This is the default + algorithm for CBC. + comment "Block modes" config CRYPTO_CBC -- cgit v1.1 From f858c7bcca8c20761a20593439fe998b4b67e86b Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 26 May 2015 15:32:42 +0800 Subject: crypto: algif_aead - Disable AEAD user-space for now The newly added AEAD user-space isn't quite ready for prime time just yet. In particular it is conflicting with the AEAD single SG list interface change so this patch disables it now. Once the SG list stuff is completely done we can then renable this interface. Signed-off-by: Herbert Xu --- crypto/Kconfig | 9 --------- 1 file changed, 9 deletions(-) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 8aaf298..362905e 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1512,15 +1512,6 @@ config CRYPTO_USER_API_RNG This option enables the user-spaces interface for random number generator algorithms. -config CRYPTO_USER_API_AEAD - tristate "User-space interface for AEAD cipher algorithms" - depends on NET - select CRYPTO_AEAD - select CRYPTO_USER_API - help - This option enables the user-spaces interface for AEAD - cipher algorithms. - config CRYPTO_HASH_INFO bool -- cgit v1.1 From bb5530e4082446aac3a3d69780cd4dbfa4520013 Mon Sep 17 00:00:00 2001 From: Stephan Mueller Date: Mon, 25 May 2015 15:10:20 +0200 Subject: crypto: jitterentropy - add jitterentropy RNG The CPU Jitter RNG provides a source of good entropy by collecting CPU executing time jitter. The entropy in the CPU execution time jitter is magnified by the CPU Jitter Random Number Generator. The CPU Jitter Random Number Generator uses the CPU execution timing jitter to generate a bit stream which complies with different statistical measurements that determine the bit stream is random. The CPU Jitter Random Number Generator delivers entropy which follows information theoretical requirements. Based on these studies and the implementation, the caller can assume that one bit of data extracted from the CPU Jitter Random Number Generator holds one bit of entropy. The CPU Jitter Random Number Generator provides a decentralized source of entropy, i.e. every caller can operate on a private state of the entropy pool. The RNG does not have any dependencies on any other service in the kernel. The RNG only needs a high-resolution time stamp. Further design details, the cryptographic assessment and large array of test results are documented at http://www.chronox.de/jent.html. CC: Andreas Steffen CC: Theodore Ts'o CC: Sandy Harris Signed-off-by: Stephan Mueller Signed-off-by: Herbert Xu --- crypto/Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index b7088d1..af011a9 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1489,9 +1489,19 @@ config CRYPTO_DRBG tristate default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR) select CRYPTO_RNG + select CRYPTO_JITTERENTROPY endif # if CRYPTO_DRBG_MENU +config CRYPTO_JITTERENTROPY + tristate "Jitterentropy Non-Deterministic Random Number Generator" + help + The Jitterentropy RNG is a noise that is intended + to provide seed to another RNG. The RNG does not + perform any cryptographic whitening of the generated + random numbers. This Jitterentropy RNG registers with + the kernel crypto API and can be used by any caller. + config CRYPTO_USER_API tristate -- cgit v1.1 From b64a2d95527092ed6d83fd6754ad2e94423d33b8 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 28 May 2015 11:30:35 +0800 Subject: Revert "crypto: algif_aead - Disable AEAD user-space for now" This reverts commit f858c7bcca8c20761a20593439fe998b4b67e86b as the algif_aead interface has been switched over to the new AEAD interface. Signed-off-by: Herbert Xu --- crypto/Kconfig | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 0ff4cd4..af011a9 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1532,6 +1532,15 @@ config CRYPTO_USER_API_RNG This option enables the user-spaces interface for random number generator algorithms. +config CRYPTO_USER_API_AEAD + tristate "User-space interface for AEAD cipher algorithms" + depends on NET + select CRYPTO_AEAD + select CRYPTO_USER_API + help + This option enables the user-spaces interface for AEAD + cipher algorithms. + config CRYPTO_HASH_INFO bool -- cgit v1.1 From c08d0e647305c3f8f640010a56c9e4bafb9488d3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 1 Jun 2015 13:43:56 +0200 Subject: crypto: chacha20 - Add a generic ChaCha20 stream cipher implementation ChaCha20 is a high speed 256-bit key size stream cipher algorithm designed by Daniel J. Bernstein. It is further specified in RFC7539 for use in IETF protocols as a building block for the ChaCha20-Poly1305 AEAD. This is a portable C implementation without any architecture specific optimizations. It uses a 16-byte IV, which includes the 12-byte ChaCha20 nonce prepended by the initial block counter. Some algorithms require an explicit counter value, for example the mentioned AEAD construction. Signed-off-by: Martin Willi Acked-by: Steffen Klassert Signed-off-by: Herbert Xu --- crypto/Kconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index af011a9..bf657be 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1156,6 +1156,19 @@ config CRYPTO_SALSA20_X86_64 The Salsa20 stream cipher algorithm is designed by Daniel J. Bernstein . See +config CRYPTO_CHACHA20 + tristate "ChaCha20 cipher algorithm" + select CRYPTO_BLKCIPHER + help + ChaCha20 cipher algorithm, RFC7539. + + ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J. + Bernstein and further specified in RFC7539 for use in IETF protocols. + This is the portable C implementation of ChaCha20. + + See also: + + config CRYPTO_SEED tristate "SEED cipher algorithm" select CRYPTO_ALGAPI -- cgit v1.1 From f979e014c50ce3f7467f133898dbea2243247a91 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 1 Jun 2015 13:43:58 +0200 Subject: crypto: poly1305 - Add a generic Poly1305 authenticator implementation Poly1305 is a fast message authenticator designed by Daniel J. Bernstein. It is further defined in RFC7539 as a building block for the ChaCha20-Poly1305 AEAD for use in IETF protocols. This is a portable C implementation of the algorithm without architecture specific optimizations, based on public domain code by Daniel J. Bernstein and Andrew Moon. Signed-off-by: Martin Willi Acked-by: Steffen Klassert Signed-off-by: Herbert Xu --- crypto/Kconfig | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index bf657be..9c00454 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -426,6 +426,15 @@ config CRYPTO_GHASH help GHASH is message digest algorithm for GCM (Galois/Counter Mode). +config CRYPTO_POLY1305 + tristate "Poly1305 authenticator algorithm" + help + Poly1305 authenticator algorithm, RFC7539. + + Poly1305 is an authenticator algorithm designed by Daniel J. Bernstein. + It is used for the ChaCha20-Poly1305 AEAD, specified in RFC7539 for use + in IETF protocols. This is the portable C implementation of Poly1305. + config CRYPTO_MD4 tristate "MD4 digest algorithm" select CRYPTO_HASH -- cgit v1.1 From 71ebc4d1b27d345342bdcb32a29c8cc3da8c6654 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 1 Jun 2015 13:44:00 +0200 Subject: crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539 This AEAD uses a chacha20 ablkcipher and a poly1305 ahash to construct the ChaCha20-Poly1305 AEAD as defined in RFC7539. It supports both synchronous and asynchronous operations, even if we currently have no async chacha20 or poly1305 drivers. Signed-off-by: Martin Willi Acked-by: Steffen Klassert Signed-off-by: Herbert Xu --- crypto/Kconfig | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 9c00454..1bc7e0b 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -217,6 +217,18 @@ config CRYPTO_GCM Support for Galois/Counter Mode (GCM) and Galois Message Authentication Code (GMAC). Required for IPSec. +config CRYPTO_CHACHA20POLY1305 + tristate "ChaCha20-Poly1305 AEAD support" + select CRYPTO_CHACHA20 + select CRYPTO_POLY1305 + select CRYPTO_AEAD + help + ChaCha20-Poly1305 AEAD support, RFC7539. + + Support for the AEAD wrapper using the ChaCha20 stream cipher combined + with the Poly1305 authenticator. It is defined in RFC7539 for use in + IETF protocols. + config CRYPTO_SEQIV tristate "Sequence Number IV Generator" select CRYPTO_AEAD -- cgit v1.1 From 3491244c62988176cb8029c67aba0cfdf5d7793c Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 3 Jun 2015 14:49:29 +0800 Subject: crypto: echainiv - Set Kconfig default to m As this is required by many IPsec algorithms, let's set the default to m. Signed-off-by: Herbert Xu --- crypto/Kconfig | 1 + 1 file changed, 1 insertion(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 1bc7e0b..91018d9 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -244,6 +244,7 @@ config CRYPTO_ECHAINIV select CRYPTO_AEAD select CRYPTO_NULL select CRYPTO_RNG + default m help This IV generator generates an IV based on the encryption of a sequence number xored with a salt. This is the default -- cgit v1.1 From 401e4238f35c7a21d32bc27370d4d045f7019c20 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 3 Jun 2015 14:49:31 +0800 Subject: crypto: rng - Make DRBG the default RNG This patch creates a new invisible Kconfig option CRYPTO_RNG_DEFAULT that simply selects the DRBG. This new option is then selected by the IV generators. Signed-off-by: Herbert Xu --- crypto/Kconfig | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 91018d9..cb7806f 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -78,6 +78,10 @@ config CRYPTO_RNG2 tristate select CRYPTO_ALGAPI2 +config CRYPTO_RNG_DEFAULT + tristate + select CRYPTO_DRBG_MENU + config CRYPTO_PCOMP tristate select CRYPTO_PCOMP2 @@ -234,7 +238,7 @@ config CRYPTO_SEQIV select CRYPTO_AEAD select CRYPTO_BLKCIPHER select CRYPTO_NULL - select CRYPTO_RNG + select CRYPTO_RNG_DEFAULT help This IV generator generates an IV based on a sequence number by xoring it with a salt. This algorithm is mainly useful for CTR @@ -243,7 +247,7 @@ config CRYPTO_ECHAINIV tristate "Encrypted Chain IV Generator" select CRYPTO_AEAD select CRYPTO_NULL - select CRYPTO_RNG + select CRYPTO_RNG_DEFAULT default m help This IV generator generates an IV based on the encryption of @@ -1484,7 +1488,6 @@ comment "Random Number Generation" config CRYPTO_ANSI_CPRNG tristate "Pseudo Random Number Generation for Cryptographic modules" - default m select CRYPTO_AES select CRYPTO_RNG help @@ -1502,11 +1505,9 @@ menuconfig CRYPTO_DRBG_MENU if CRYPTO_DRBG_MENU config CRYPTO_DRBG_HMAC - bool "Enable HMAC DRBG" + bool default y select CRYPTO_HMAC - help - Enable the HMAC DRBG variant as defined in NIST SP800-90A. config CRYPTO_DRBG_HASH bool "Enable Hash DRBG" @@ -1522,7 +1523,7 @@ config CRYPTO_DRBG_CTR config CRYPTO_DRBG tristate - default CRYPTO_DRBG_MENU if (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_HASH || CRYPTO_DRBG_CTR) + default CRYPTO_DRBG_MENU select CRYPTO_RNG select CRYPTO_JITTERENTROPY -- cgit v1.1 From 826775bbf38fb7fbc8896482d341dc38cf84c811 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 11 Jun 2015 08:55:10 +0800 Subject: crypto: drbg - Add select on sha256 The hash-based DRBG variants all use sha256 so we need to add a select on it. Signed-off-by: Herbert Xu --- crypto/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index cb7806f..f6fc054 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1508,10 +1508,11 @@ config CRYPTO_DRBG_HMAC bool default y select CRYPTO_HMAC + select CRYPTO_SHA256 config CRYPTO_DRBG_HASH bool "Enable Hash DRBG" - select CRYPTO_HASH + select CRYPTO_SHA256 help Enable the Hash DRBG variant as defined in NIST SP800-90A. -- cgit v1.1 From 3c339ab83fc09d9d91fb7e8b4a60e8ddc91de417 Mon Sep 17 00:00:00 2001 From: Tadeusz Struk Date: Tue, 16 Jun 2015 10:30:55 -0700 Subject: crypto: akcipher - add PKE API Add Public Key Encryption API. Signed-off-by: Tadeusz Struk Made CRYPTO_AKCIPHER invisible like other type config options. Signed-off-by: Herbert Xu --- crypto/Kconfig | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index f6fc054..eb0aca4 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -91,6 +91,15 @@ config CRYPTO_PCOMP2 tristate select CRYPTO_ALGAPI2 +config CRYPTO_AKCIPHER2 + tristate + select CRYPTO_ALGAPI2 + +config CRYPTO_AKCIPHER + tristate + select CRYPTO_AKCIPHER2 + select CRYPTO_ALGAPI + config CRYPTO_MANAGER tristate "Cryptographic algorithm manager" select CRYPTO_MANAGER2 -- cgit v1.1 From cfc2bb32b31371d6bffc6bf2da3548f20ad48c83 Mon Sep 17 00:00:00 2001 From: Tadeusz Struk Date: Tue, 16 Jun 2015 10:31:01 -0700 Subject: crypto: rsa - add a new rsa generic implementation Add a new rsa generic SW implementation. This implements only cryptographic primitives. Signed-off-by: Tadeusz Struk Added select on ASN1. Signed-off-by: Herbert Xu --- crypto/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index eb0aca4..d6b2a8b 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -100,6 +100,14 @@ config CRYPTO_AKCIPHER select CRYPTO_AKCIPHER2 select CRYPTO_ALGAPI +config CRYPTO_RSA + tristate "RSA algorithm" + select AKCIPHER + select MPILIB + select ASN1 + help + Generic implementation of the RSA public key algorithm. + config CRYPTO_MANAGER tristate "Cryptographic algorithm manager" select CRYPTO_MANAGER2 -- cgit v1.1 From 946cc46372dcf8e34f21a6d06826c2aa1822b642 Mon Sep 17 00:00:00 2001 From: Tadeusz Struk Date: Tue, 16 Jun 2015 10:31:06 -0700 Subject: crypto: testmgr - add tests vectors for RSA New test vectors for RSA algorithm. Signed-off-by: Tadeusz Struk Signed-off-by: Herbert Xu --- crypto/Kconfig | 1 + 1 file changed, 1 insertion(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index d6b2a8b..6c79ef0 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -121,6 +121,7 @@ config CRYPTO_MANAGER2 select CRYPTO_HASH2 select CRYPTO_BLKCIPHER2 select CRYPTO_PCOMP2 + select CRYPTO_AKCIPHER2 config CRYPTO_USER tristate "Userspace cryptographic algorithm configuration" -- cgit v1.1 From 425e0172a558a68cd44e3ea9d00936b928bc65f4 Mon Sep 17 00:00:00 2001 From: Tadeusz Struk Date: Fri, 19 Jun 2015 10:27:39 -0700 Subject: crypto: rsa - fix invalid select for AKCIPHER Should be CRYPTO_AKCIPHER instead of AKCIPHER Reported-by: Andreas Ruprecht Signed-off-by: Tadeusz Struk Signed-off-by: Herbert Xu --- crypto/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 6c79ef0..b4cfc57 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -102,7 +102,7 @@ config CRYPTO_AKCIPHER config CRYPTO_RSA tristate "RSA algorithm" - select AKCIPHER + select CRYPTO_AKCIPHER select MPILIB select ASN1 help -- cgit v1.1