Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 59ecc260 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 

Pull crypto updates from Herbert Xu:
 "Here is the crypto update for 3.15:
   - Added 3DES driver for OMAP4/AM43xx
   - Added AVX2 acceleration for SHA
   - Added hash-only AEAD algorithms in caam
   - Removed tegra driver as it is not functioning and the hardware is
     too slow
   - Allow blkcipher walks over AEAD (needed for ARM)
   - Fixed unprotected FPU/SSE access in ghash-clmulni-intel
   - Fixed highmem crash in omap-sham
   - Add (zero entropy) randomness when initialising hardware RNGs
   - Fixed unaligned ahash comletion functions
   - Added soft module depedency for crc32c for initrds that use crc32c"

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (60 commits)
  crypto: ghash-clmulni-intel - use C implementation for setkey()
  crypto: x86/sha1 - reduce size of the AVX2 asm implementation
  crypto: x86/sha1 - fix stack alignment of AVX2 variant
  crypto: x86/sha1 - re-enable the AVX variant
  crypto: sha - SHA1 transform x86_64 AVX2
  crypto: crypto_wq - Fix late crypto work queue initialization
  crypto: caam - add missing key_dma unmap
  crypto: caam - add support for aead null encryption
  crypto: testmgr - add aead null encryption test vectors
  crypto: export NULL algorithms defines
  crypto: caam - remove error propagation handling
  crypto: hash - Simplify the ahash_finup implementation
  crypto: hash - Pull out the functions to save/restore request
  crypto: hash - Fix the pointer voodoo in unaligned ahash
  crypto: caam - Fix first parameter to caam_init_rng
  crypto: omap-sham - Map SG pages if they are HIGHMEM before accessing
  crypto: caam - Dynamic memory allocation for caam_rng_ctx object
  crypto: allow blkcipher walks over AEAD data
  crypto: remove direct blkcipher_walk dependency on transform
  hwrng: add randomness to system from rng sources
  ...
parents bea80318 8ceee728

arch/x86/crypto/Makefile

+3 −0
Original line number Diff line number Diff line
@@ -79,6 +79,9 @@ aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o fpu.o 
aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o

ghash-clmulni-intel-y := ghash-clmulni-intel_asm.o ghash-clmulni-intel_glue.o

sha1-ssse3-y := sha1_ssse3_asm.o sha1_ssse3_glue.o

ifeq ($(avx2_supported),yes)

sha1-ssse3-y += sha1_avx2_x86_64_asm.o

endif

crc32c-intel-y := crc32c-intel_glue.o

crc32c-intel-$(CONFIG_64BIT) += crc32c-pcl-intel-asm_64.o

crc32-pclmul-y := crc32-pclmul_asm.o crc32-pclmul_glue.o

arch/x86/crypto/blowfish_glue.c

+0 −3
Original line number Diff line number Diff line
@@ -223,9 +223,6 @@ static unsigned int __cbc_decrypt(struct blkcipher_desc *desc, 
			src -= 1;

			dst -= 1;

		} while (nbytes >= bsize * 4);



		if (nbytes < bsize)

			goto done;

	}



	/* Handle leftovers */

arch/x86/crypto/cast5_avx_glue.c

+0 −3
Original line number Diff line number Diff line
@@ -203,9 +203,6 @@ static unsigned int __cbc_decrypt(struct blkcipher_desc *desc, 
			src -= 1;

			dst -= 1;

		} while (nbytes >= bsize * CAST5_PARALLEL_BLOCKS);



		if (nbytes < bsize)

			goto done;

	}



	/* Handle leftovers */

arch/x86/crypto/ghash-clmulni-intel_asm.S

+0 −29
Original line number Diff line number Diff line
@@ -24,10 +24,6 @@ 
.align 16

.Lbswap_mask:

	.octa 0x000102030405060708090a0b0c0d0e0f

.Lpoly:

	.octa 0xc2000000000000000000000000000001

.Ltwo_one:

	.octa 0x00000001000000000000000000000001



#define DATA	%xmm0

#define SHASH	%xmm1
@@ -134,28 +130,3 @@ ENTRY(clmul_ghash_update) 
.Lupdate_just_ret:

	ret

ENDPROC(clmul_ghash_update)
 


/*

 * void clmul_ghash_setkey(be128 *shash, const u8 *key);

 *

 * Calculate hash_key << 1 mod poly

 */

ENTRY(clmul_ghash_setkey)

	movaps .Lbswap_mask, BSWAP

	movups (%rsi), %xmm0

	PSHUFB_XMM BSWAP %xmm0

	movaps %xmm0, %xmm1

	psllq $1, %xmm0

	psrlq $63, %xmm1

	movaps %xmm1, %xmm2

	pslldq $8, %xmm1

	psrldq $8, %xmm2

	por %xmm1, %xmm0

	# reduction

	pshufd $0b00100100, %xmm2, %xmm1

	pcmpeqd .Ltwo_one, %xmm1

	pand .Lpoly, %xmm1

	pxor %xmm1, %xmm0

	movups %xmm0, (%rdi)

	ret

ENDPROC(clmul_ghash_setkey)

arch/x86/crypto/ghash-clmulni-intel_glue.c

+11 −3
Original line number Diff line number Diff line
@@ -30,8 +30,6 @@ void clmul_ghash_mul(char *dst, const be128 *shash); 
void clmul_ghash_update(char *dst, const char *src, unsigned int srclen,

			const be128 *shash);



void clmul_ghash_setkey(be128 *shash, const u8 *key);



struct ghash_async_ctx {

	struct cryptd_ahash *cryptd_tfm;

};
@@ -58,13 +56,23 @@ static int ghash_setkey(struct crypto_shash *tfm, 
			const u8 *key, unsigned int keylen)

{

	struct ghash_ctx *ctx = crypto_shash_ctx(tfm);

	be128 *x = (be128 *)key;

	u64 a, b;



	if (keylen != GHASH_BLOCK_SIZE) {

		crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);

		return -EINVAL;

	}



	clmul_ghash_setkey(&ctx->shash, key);

	/* perform multiplication by 'x' in GF(2^128) */

	a = be64_to_cpu(x->a);

	b = be64_to_cpu(x->b);



	ctx->shash.a = (__be64)((b << 1) | (a >> 63));

	ctx->shash.b = (__be64)((a << 1) | (b >> 63));



	if (a >> 63)

		ctx->shash.b ^= cpu_to_be64(0xc2);



	return 0;

}