Skip to content

Commit

Permalink
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git…
Browse files Browse the repository at this point in the history
…/herbert/crypto-2.6

Pull crypto updates from Herbert Xu:
 "API:
   - Allow DRBG testing through user-space af_alg
   - Add tcrypt speed testing support for keyed hashes
   - Add type-safe init/exit hooks for ahash

  Algorithms:
   - Mark arc4 as obsolete and pending for future removal
   - Mark anubis, khazad, sead and tea as obsolete
   - Improve boot-time xor benchmark
   - Add OSCCA SM2 asymmetric cipher algorithm and use it for integrity

  Drivers:
   - Fixes and enhancement for XTS in caam
   - Add support for XIP8001B hwrng in xiphera-trng
   - Add RNG and hash support in sun8i-ce/sun8i-ss
   - Allow imx-rngc to be used by kernel entropy pool
   - Use crypto engine in omap-sham
   - Add support for Ingenic X1830 with ingenic"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (205 commits)
  X.509: Fix modular build of public_key_sm2
  crypto: xor - Remove unused variable count in do_xor_speed
  X.509: fix error return value on the failed path
  crypto: bcm - Verify GCM/CCM key length in setkey
  crypto: qat - drop input parameter from adf_enable_aer()
  crypto: qat - fix function parameters descriptions
  crypto: atmel-tdes - use semicolons rather than commas to separate statements
  crypto: drivers - use semicolons rather than commas to separate statements
  hwrng: mxc-rnga - use semicolons rather than commas to separate statements
  hwrng: iproc-rng200 - use semicolons rather than commas to separate statements
  hwrng: stm32 - use semicolons rather than commas to separate statements
  crypto: xor - use ktime for template benchmarking
  crypto: xor - defer load time benchmark to a later time
  crypto: hisilicon/zip - fix the uninitalized 'curr_qm_qp_num'
  crypto: hisilicon/zip - fix the return value when device is busy
  crypto: hisilicon/zip - fix zero length input in GZIP decompress
  crypto: hisilicon/zip - fix the uncleared debug registers
  lib/mpi: Fix unused variable warnings
  crypto: x86/poly1305 - Remove assignments with no effect
  hwrng: npcm - modify readl to readb
  ...
  • Loading branch information
torvalds committed Oct 13, 2020
2 parents 865c50e + 3093e7c commit 39a5101
Show file tree
Hide file tree
Showing 229 changed files with 9,465 additions and 3,102 deletions.
20 changes: 17 additions & 3 deletions Documentation/crypto/userspace-if.rst
Original file line number Diff line number Diff line change
Expand Up @@ -296,15 +296,16 @@ follows:

struct sockaddr_alg sa = {
.salg_family = AF_ALG,
.salg_type = "rng", /* this selects the symmetric cipher */
.salg_name = "drbg_nopr_sha256" /* this is the cipher name */
.salg_type = "rng", /* this selects the random number generator */
.salg_name = "drbg_nopr_sha256" /* this is the RNG name */
};


Depending on the RNG type, the RNG must be seeded. The seed is provided
using the setsockopt interface to set the key. For example, the
ansi_cprng requires a seed. The DRBGs do not require a seed, but may be
seeded.
seeded. The seed is also known as a *Personalization String* in NIST SP 800-90A
standard.

Using the read()/recvmsg() system calls, random numbers can be obtained.
The kernel generates at most 128 bytes in one call. If user space
Expand All @@ -314,6 +315,16 @@ WARNING: The user space caller may invoke the initially mentioned accept
system call multiple times. In this case, the returned file descriptors
have the same state.

Following CAVP testing interfaces are enabled when kernel is built with
CRYPTO_USER_API_RNG_CAVP option:

- the concatenation of *Entropy* and *Nonce* can be provided to the RNG via
ALG_SET_DRBG_ENTROPY setsockopt interface. Setting the entropy requires
CAP_SYS_ADMIN permission.

- *Additional Data* can be provided using the send()/sendmsg() system calls,
but only after the entropy has been set.

Zero-Copy Interface
-------------------

Expand Down Expand Up @@ -377,6 +388,9 @@ mentioned optname:
provided ciphertext is assumed to contain an authentication tag of
the given size (see section about AEAD memory layout below).

- ALG_SET_DRBG_ENTROPY -- Setting the entropy of the random number generator.
This option is applicable to RNG cipher type only.

User space API example
----------------------

Expand Down
43 changes: 43 additions & 0 deletions Documentation/devicetree/bindings/rng/ingenic,trng.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
%YAML 1.2
---
$id: http://devicetree.org/schemas/rng/ingenic,trng.yaml#
$schema: http://devicetree.org/meta-schemas/core.yaml#

title: Bindings for DTRNG in Ingenic SoCs

maintainers:
- 周琰杰 (Zhou Yanjie) <[email protected]>

description:
The True Random Number Generator in Ingenic SoCs.

properties:
compatible:
enum:
- ingenic,x1830-dtrng

reg:
maxItems: 1

clocks:
maxItems: 1

required:
- compatible
- reg
- clocks

additionalProperties: false

examples:
- |
#include <dt-bindings/clock/x1830-cgu.h>
dtrng: trng@10072000 {
compatible = "ingenic,x1830-dtrng";
reg = <0x10072000 0xc>;
clocks = <&cgu X1830_CLK_DTRNG>;
};
...
33 changes: 33 additions & 0 deletions Documentation/devicetree/bindings/rng/xiphera,xip8001b-trng.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
%YAML 1.2
---
$id: http://devicetree.org/schemas/rng/xiphera,xip8001b-trng.yaml#
$schema: http://devicetree.org/meta-schemas/core.yaml#

title: Xiphera XIP8001B-trng bindings

maintainers:
- Atte Tommiska <[email protected]>

description: |
Xiphera FPGA-based true random number generator intellectual property core.
properties:
compatible:
const: xiphera,xip8001b-trng

reg:
maxItems: 1

required:
- compatible
- reg

additionalProperties: false

examples:
- |
rng@43c00000 {
compatible = "xiphera,xip8001b-trng";
reg = <0x43c00000 0x10000>;
};
2 changes: 2 additions & 0 deletions Documentation/devicetree/bindings/vendor-prefixes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1174,6 +1174,8 @@ patternProperties:
description: Shenzhen Xingbangda Display Technology Co., Ltd
"^xinpeng,.*":
description: Shenzhen Xinpeng Technology Co., Ltd
"^xiphera,.*":
description: Xiphera Ltd.
"^xlnx,.*":
description: Xilinx
"^xnano,.*":
Expand Down
2 changes: 2 additions & 0 deletions MAINTAINERS
Original file line number Diff line number Diff line change
Expand Up @@ -13068,7 +13068,9 @@ F: lib/packing.c

PADATA PARALLEL EXECUTION MECHANISM
M: Steffen Klassert <[email protected]>
M: Daniel Jordan <[email protected]>
L: [email protected]
L: [email protected]
S: Maintained
F: Documentation/core-api/padata.rst
F: include/linux/padata.h
Expand Down
54 changes: 25 additions & 29 deletions arch/arm/crypto/aes-neonbs-core.S
Original file line number Diff line number Diff line change
Expand Up @@ -77,11 +77,6 @@
vldr \out\()h, \sym + 8
.endm

.macro __adr, reg, lbl
adr \reg, \lbl
THUMB( orr \reg, \reg, #1 )
.endm

.macro in_bs_ch, b0, b1, b2, b3, b4, b5, b6, b7
veor \b2, \b2, \b1
veor \b5, \b5, \b6
Expand Down Expand Up @@ -629,11 +624,11 @@ ENDPROC(aesbs_decrypt8)
push {r4-r6, lr}
ldr r5, [sp, #16] // number of blocks

99: __adr ip, 0f
99: adr ip, 0f
and lr, r5, #7
cmp r5, #8
sub ip, ip, lr, lsl #2
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

vld1.8 {q0}, [r1]!
vld1.8 {q1}, [r1]!
Expand All @@ -648,11 +643,11 @@ ENDPROC(aesbs_decrypt8)
mov rounds, r3
bl \do8

__adr ip, 1f
adr ip, 1f
and lr, r5, #7
cmp r5, #8
sub ip, ip, lr, lsl #2
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

vst1.8 {\o0}, [r0]!
vst1.8 {\o1}, [r0]!
Expand Down Expand Up @@ -689,12 +684,12 @@ ENTRY(aesbs_cbc_decrypt)
push {r4-r6, lr}
ldm ip, {r5-r6} // load args 4-5

99: __adr ip, 0f
99: adr ip, 0f
and lr, r5, #7
cmp r5, #8
sub ip, ip, lr, lsl #2
mov lr, r1
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

vld1.8 {q0}, [lr]!
vld1.8 {q1}, [lr]!
Expand All @@ -718,11 +713,11 @@ ENTRY(aesbs_cbc_decrypt)
vmov q14, q8
vmov q15, q8

__adr ip, 1f
adr ip, 1f
and lr, r5, #7
cmp r5, #8
sub ip, ip, lr, lsl #2
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

vld1.8 {q9}, [r1]!
vld1.8 {q10}, [r1]!
Expand All @@ -733,9 +728,9 @@ ENTRY(aesbs_cbc_decrypt)
vld1.8 {q15}, [r1]!
W(nop)

1: __adr ip, 2f
1: adr ip, 2f
sub ip, ip, lr, lsl #3
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

veor q0, q0, q8
vst1.8 {q0}, [r0]!
Expand Down Expand Up @@ -804,13 +799,13 @@ ENTRY(aesbs_ctr_encrypt)
vmov q6, q0
vmov q7, q0

__adr ip, 0f
adr ip, 0f
sub lr, r5, #1
and lr, lr, #7
cmp r5, #8
sub ip, ip, lr, lsl #5
sub ip, ip, lr, lsl #2
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

next_ctr q1
next_ctr q2
Expand All @@ -824,13 +819,13 @@ ENTRY(aesbs_ctr_encrypt)
mov rounds, r3
bl aesbs_encrypt8

__adr ip, 1f
adr ip, 1f
and lr, r5, #7
cmp r5, #8
movgt r4, #0
ldrle r4, [sp, #40] // load final in the last round
sub ip, ip, lr, lsl #2
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

vld1.8 {q8}, [r1]!
vld1.8 {q9}, [r1]!
Expand All @@ -843,10 +838,10 @@ ENTRY(aesbs_ctr_encrypt)
1: bne 2f
vld1.8 {q15}, [r1]!

2: __adr ip, 3f
2: adr ip, 3f
cmp r5, #8
sub ip, ip, lr, lsl #3
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

veor q0, q0, q8
vst1.8 {q0}, [r0]!
Expand Down Expand Up @@ -900,12 +895,12 @@ __xts_prepare8:
vshr.u64 d30, d31, #7
vmov q12, q14

__adr ip, 0f
adr ip, 0f
and r4, r6, #7
cmp r6, #8
sub ip, ip, r4, lsl #5
mov r4, sp
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

vld1.8 {q0}, [r1]!
next_tweak q12, q14, q15, q13
Expand Down Expand Up @@ -961,8 +956,7 @@ ENDPROC(__xts_prepare8)
push {r4-r8, lr}
mov r5, sp // preserve sp
ldrd r6, r7, [sp, #24] // get blocks and iv args
ldr r8, [sp, #32] // reorder final tweak?
rsb r8, r8, #1
rsb r8, ip, #1
sub ip, sp, #128 // make room for 8x tweak
bic ip, ip, #0xf // align sp to 16 bytes
mov sp, ip
Expand All @@ -973,12 +967,12 @@ ENDPROC(__xts_prepare8)
mov rounds, r3
bl \do8

__adr ip, 0f
adr ip, 0f
and lr, r6, #7
cmp r6, #8
sub ip, ip, lr, lsl #2
mov r4, sp
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

vld1.8 {q8}, [r4, :128]!
vld1.8 {q9}, [r4, :128]!
Expand All @@ -989,9 +983,9 @@ ENDPROC(__xts_prepare8)
vld1.8 {q14}, [r4, :128]!
vld1.8 {q15}, [r4, :128]

0: __adr ip, 1f
0: adr ip, 1f
sub ip, ip, lr, lsl #3
bxlt ip // computed goto if blocks < 8
movlt pc, ip // computed goto if blocks < 8

veor \o0, \o0, q8
vst1.8 {\o0}, [r0]!
Expand All @@ -1018,9 +1012,11 @@ ENDPROC(__xts_prepare8)
.endm

ENTRY(aesbs_xts_encrypt)
mov ip, #0 // never reorder final tweak
__xts_crypt aesbs_encrypt8, q0, q1, q4, q6, q3, q7, q2, q5
ENDPROC(aesbs_xts_encrypt)

ENTRY(aesbs_xts_decrypt)
ldr ip, [sp, #8] // reorder final tweak?
__xts_crypt aesbs_decrypt8, q0, q1, q6, q4, q2, q7, q3, q5
ENDPROC(aesbs_xts_decrypt)
Loading

0 comments on commit 39a5101

Please sign in to comment.