mirror of
https://github.com/torvalds/linux.git
synced 2026-05-12 16:18:45 +02:00
370c388319
- Migrate more hash algorithms from the traditional crypto subsystem
to lib/crypto/.
Like the algorithms migrated earlier (e.g. SHA-*), this simplifies
the implementations, improves performance, enables further
simplifications in calling code, and solves various other issues:
- AES CBC-based MACs (AES-CMAC, AES-XCBC-MAC, and AES-CBC-MAC)
- Support these algorithms in lib/crypto/ using the AES
library and the existing arm64 assembly code
- Reimplement the traditional crypto API's "cmac(aes)",
"xcbc(aes)", and "cbcmac(aes)" on top of the library
- Convert mac80211 to use the AES-CMAC library. Note: several
other subsystems can use it too and will be converted later
- Drop the broken, nonstandard, and likely unused support for
"xcbc(aes)" with key lengths other than 128 bits
- Enable optimizations by default
- GHASH
- Migrate the standalone GHASH code into lib/crypto/
- Integrate the GHASH code more closely with the very similar
POLYVAL code, and improve the generic GHASH implementation
to resist cache-timing attacks and use much less memory
- Reimplement the AES-GCM library and the "gcm" crypto_aead
template on top of the GHASH library. Remove "ghash" from
the crypto_shash API, as it's no longer needed
- Enable optimizations by default
- SM3
- Migrate the kernel's existing SM3 code into lib/crypto/, and
reimplement the traditional crypto API's "sm3" on top of it
- I don't recommend using SM3, but this cleanup is worthwhile
to organize the code the same way as other algorithms
- Testing improvements
- Add a KUnit test suite for each of the new library APIs
- Migrate the existing ChaCha20Poly1305 test to KUnit
- Make the KUnit all_tests.config enable all crypto library tests
- Move the test kconfig options to the Runtime Testing menu
- Other updates to arch-optimized crypto code
- Optimize SHA-256 for Zhaoxin CPUs using the Padlock Hash Engine
- Remove some MD5 implementations that are no longer worth keeping
- Drop big endian and voluntary preemption support from the arm64
code, as those configurations are no longer supported on arm64
- Make jitterentropy and samples/tsm-mr use the crypto library APIs
Note: the overall diffstat is neutral, but when the test code is
excluded it is significantly negative:
Tests: 13 files changed, 1982 insertions(+), 888 deletions(-)
Non-test: 141 files changed, 2897 insertions(+), 3987 deletions(-)
All: 154 files changed, 4879 insertions(+), 4875 deletions(-)
-----BEGIN PGP SIGNATURE-----
iIoEABYIADIWIQSacvsUNc7UX4ntmEPzXCl4vpKOKwUCadWPyxQcZWJpZ2dlcnNA
a2VybmVsLm9yZwAKCRDzXCl4vpKOK8QCAQD0i98miI1mu01RKuEwrBzmn7L/2sUH
ReYV/dFDtnN0GwD+KMCiNAM2XTVLRKq5t3OxPHpKZ4y+gZwRowAJeFA02Q8=
=5rip
-----END PGP SIGNATURE-----
Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux
Pull crypto library updates from Eric Biggers:
- Migrate more hash algorithms from the traditional crypto subsystem to
lib/crypto/
Like the algorithms migrated earlier (e.g. SHA-*), this simplifies
the implementations, improves performance, enables further
simplifications in calling code, and solves various other issues:
- AES CBC-based MACs (AES-CMAC, AES-XCBC-MAC, and AES-CBC-MAC)
- Support these algorithms in lib/crypto/ using the AES library
and the existing arm64 assembly code
- Reimplement the traditional crypto API's "cmac(aes)",
"xcbc(aes)", and "cbcmac(aes)" on top of the library
- Convert mac80211 to use the AES-CMAC library. Note: several
other subsystems can use it too and will be converted later
- Drop the broken, nonstandard, and likely unused support for
"xcbc(aes)" with key lengths other than 128 bits
- Enable optimizations by default
- GHASH
- Migrate the standalone GHASH code into lib/crypto/
- Integrate the GHASH code more closely with the very similar
POLYVAL code, and improve the generic GHASH implementation to
resist cache-timing attacks and use much less memory
- Reimplement the AES-GCM library and the "gcm" crypto_aead
template on top of the GHASH library. Remove "ghash" from the
crypto_shash API, as it's no longer needed
- Enable optimizations by default
- SM3
- Migrate the kernel's existing SM3 code into lib/crypto/, and
reimplement the traditional crypto API's "sm3" on top of it
- I don't recommend using SM3, but this cleanup is worthwhile
to organize the code the same way as other algorithms
- Testing improvements:
- Add a KUnit test suite for each of the new library APIs
- Migrate the existing ChaCha20Poly1305 test to KUnit
- Make the KUnit all_tests.config enable all crypto library tests
- Move the test kconfig options to the Runtime Testing menu
- Other updates to arch-optimized crypto code:
- Optimize SHA-256 for Zhaoxin CPUs using the Padlock Hash Engine
- Remove some MD5 implementations that are no longer worth keeping
- Drop big endian and voluntary preemption support from the arm64
code, as those configurations are no longer supported on arm64
- Make jitterentropy and samples/tsm-mr use the crypto library APIs
* tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux: (66 commits)
lib/crypto: arm64: Assume a little-endian kernel
arm64: fpsimd: Remove obsolete cond_yield macro
lib/crypto: arm64/sha3: Remove obsolete chunking logic
lib/crypto: arm64/sha512: Remove obsolete chunking logic
lib/crypto: arm64/sha256: Remove obsolete chunking logic
lib/crypto: arm64/sha1: Remove obsolete chunking logic
lib/crypto: arm64/poly1305: Remove obsolete chunking logic
lib/crypto: arm64/gf128hash: Remove obsolete chunking logic
lib/crypto: arm64/chacha: Remove obsolete chunking logic
lib/crypto: arm64/aes: Remove obsolete chunking logic
lib/crypto: Include <crypto/utils.h> instead of <crypto/algapi.h>
lib/crypto: aesgcm: Don't disable IRQs during AES block encryption
lib/crypto: aescfb: Don't disable IRQs during AES block encryption
lib/crypto: tests: Migrate ChaCha20Poly1305 self-test to KUnit
lib/crypto: sparc: Drop optimized MD5 code
lib/crypto: mips: Drop optimized MD5 code
lib: Move crypto library tests to Runtime Testing menu
crypto: sm3 - Remove 'struct sm3_state'
crypto: sm3 - Remove the original "sm3_block_generic()"
crypto: sm3 - Remove sm3_base.h
...
|
||
|---|---|---|
| .. | ||
| asymmetric_keys | ||
| async_tx | ||
| krb5 | ||
| 842.c | ||
| acompress.c | ||
| adiantum.c | ||
| aead.c | ||
| aegis-neon.h | ||
| aegis.h | ||
| aegis128-core.c | ||
| aegis128-neon-inner.c | ||
| aegis128-neon.c | ||
| aes.c | ||
| af_alg.c | ||
| ahash.c | ||
| akcipher.c | ||
| algapi.c | ||
| algboss.c | ||
| algif_aead.c | ||
| algif_hash.c | ||
| algif_rng.c | ||
| algif_skcipher.c | ||
| anubis.c | ||
| api.c | ||
| arc4.c | ||
| aria_generic.c | ||
| authenc.c | ||
| authencesn.c | ||
| blake2b.c | ||
| blowfish_common.c | ||
| blowfish_generic.c | ||
| bpf_crypto_skcipher.c | ||
| camellia_generic.c | ||
| cast_common.c | ||
| cast5_generic.c | ||
| cast6_generic.c | ||
| cbc.c | ||
| ccm.c | ||
| chacha.c | ||
| chacha20poly1305.c | ||
| cipher.c | ||
| cmac.c | ||
| compress.h | ||
| crc32.c | ||
| crc32c.c | ||
| cryptd.c | ||
| crypto_engine.c | ||
| crypto_null.c | ||
| crypto_user.c | ||
| ctr.c | ||
| cts.c | ||
| deflate.c | ||
| des_generic.c | ||
| df_sp80090a.c | ||
| dh_helper.c | ||
| dh.c | ||
| drbg.c | ||
| ecb.c | ||
| ecc_curve_defs.h | ||
| ecc.c | ||
| ecdh_helper.c | ||
| ecdh.c | ||
| ecdsa-p1363.c | ||
| ecdsa-x962.c | ||
| ecdsa.c | ||
| ecdsasignature.asn1 | ||
| echainiv.c | ||
| ecrdsa_defs.h | ||
| ecrdsa_params.asn1 | ||
| ecrdsa_pub_key.asn1 | ||
| ecrdsa.c | ||
| essiv.c | ||
| fcrypt.c | ||
| fips.c | ||
| gcm.c | ||
| geniv.c | ||
| hash.h | ||
| hctr2.c | ||
| hmac.c | ||
| internal.h | ||
| jitterentropy-kcapi.c | ||
| jitterentropy-testing.c | ||
| jitterentropy.c | ||
| jitterentropy.h | ||
| Kconfig | ||
| kdf_sp800108.c | ||
| khazad.c | ||
| kpp.c | ||
| krb5enc.c | ||
| lrw.c | ||
| lskcipher.c | ||
| lz4.c | ||
| lz4hc.c | ||
| lzo-rle.c | ||
| lzo.c | ||
| Makefile | ||
| md4.c | ||
| md5.c | ||
| michael_mic.c | ||
| mldsa.c | ||
| pcbc.c | ||
| pcrypt.c | ||
| proc.c | ||
| ripemd.h | ||
| rmd160.c | ||
| rng.c | ||
| rsa_helper.c | ||
| rsa-pkcs1pad.c | ||
| rsa.c | ||
| rsaprivkey.asn1 | ||
| rsapubkey.asn1 | ||
| rsassa-pkcs1.c | ||
| scatterwalk.c | ||
| scompress.c | ||
| seed.c | ||
| seqiv.c | ||
| serpent_generic.c | ||
| sha1.c | ||
| sha3.c | ||
| sha256.c | ||
| sha512.c | ||
| shash.c | ||
| sig.c | ||
| simd.c | ||
| skcipher.c | ||
| skcipher.h | ||
| sm3.c | ||
| sm4_generic.c | ||
| sm4.c | ||
| streebog_generic.c | ||
| tcrypt.c | ||
| tcrypt.h | ||
| tea.c | ||
| testmgr.c | ||
| testmgr.h | ||
| twofish_common.c | ||
| twofish_generic.c | ||
| wp512.c | ||
| xcbc.c | ||
| xctr.c | ||
| xor.c | ||
| xts.c | ||
| xxhash_generic.c | ||
| zstd.c | ||