1. 06 Dec, 2012 1 commit
  2. 07 Oct, 2012 1 commit
    • David Howells's avatar
      KEYS: Implement asymmetric key type · 964f3b3b
      David Howells authored
      Create a key type that can be used to represent an asymmetric key type for use
      in appropriate cryptographic operations, such as encryption, decryption,
      signature generation and signature verification.
      
      The key type is "asymmetric" and can provide access to a variety of
      cryptographic algorithms.
      
      Possibly, this would be better as "public_key" - but that has the disadvantage
      that "public key" is an overloaded term.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      964f3b3b
  3. 01 Aug, 2012 3 commits
  4. 14 Mar, 2012 2 commits
  5. 30 Nov, 2011 1 commit
  6. 08 Nov, 2011 1 commit
  7. 21 Oct, 2011 1 commit
  8. 22 Sep, 2011 2 commits
  9. 13 Mar, 2011 1 commit
  10. 27 Nov, 2010 1 commit
  11. 26 Nov, 2010 1 commit
    • Herbert Xu's avatar
      crypto: algif_skcipher - User-space interface for skcipher operations · 8ff59090
      Herbert Xu authored
      This patch adds the af_alg plugin for symmetric key ciphers,
      corresponding to the ablkcipher kernel operation type.
      
      Keys can optionally be set through the setsockopt interface.
      
      Once a sendmsg call occurs without MSG_MORE no further writes
      may be made to the socket until all previous data has been read.
      
      IVs and and whether encryption/decryption is performed can be
      set through the setsockopt interface or as a control message
      to sendmsg.
      
      The interface is completely synchronous, all operations are
      carried out in recvmsg(2) and will complete prior to the system
      call returning.
      
      The splice(2) interface support reading the user-space data directly
      without copying (except that the Crypto API itself may copy the data
      if alignment is off).
      
      The recvmsg(2) interface supports directly writing to user-space
      without additional copying, i.e., the kernel crypto interface will
      receive the user-space address as its output SG list.
      
      Thakns to Miloslav Trmac for reviewing this and contributing
      fixes and improvements.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      8ff59090
  12. 19 Nov, 2010 2 commits
    • Herbert Xu's avatar
      crypto: algif_hash - User-space interface for hash operations · fe869cdb
      Herbert Xu authored
      This patch adds the af_alg plugin for hash, corresponding to
      the ahash kernel operation type.
      
      Keys can optionally be set through the setsockopt interface.
      
      Each sendmsg call will finalise the hash unless sent with a MSG_MORE
      flag.
      
      Partial hash states can be cloned using accept(2).
      
      The interface is completely synchronous, all operations will
      complete prior to the system call returning.
      
      Both sendmsg(2) and splice(2) support reading the user-space
      data directly without copying (except that the Crypto API itself
      may copy the data if alignment is off).
      
      For now only the splice(2) interface supports performing digest
      instead of init/update/final.  In future the sendmsg(2) interface
      will also be modified to use digest/finup where possible so that
      hardware that cannot return a partial hash state can still benefit
      from this interface.
      
      Thakns to Miloslav Trmac for reviewing this and contributing
      fixes and improvements.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Tested-by: default avatarMartin Willi <martin@strongswan.org>
      fe869cdb
    • Herbert Xu's avatar
      crypto: af_alg - User-space interface for Crypto API · 03c8efc1
      Herbert Xu authored
      This patch creates the backbone of the user-space interface for
      the Crypto API, through a new socket family AF_ALG.
      
      Each session corresponds to one or more connections obtained from
      that socket.  The number depends on the number of inputs/outputs
      of that particular type of operation.  For most types there will
      be a s ingle connection/file descriptor that is used for both input
      and output.  AEAD is one of the few that require two inputs.
      
      Each algorithm type will provide its own implementation that plugs
      into af_alg.  They're keyed using a string such as "skcipher" or
      "hash".
      
      IOW this patch only contains the boring bits that is required
      to hold everything together.
      
      Thakns to Miloslav Trmac for reviewing this and contributing
      fixes and improvements.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Tested-by: default avatarMartin Willi <martin@strongswan.org>
      03c8efc1
  13. 03 Jun, 2010 2 commits
  14. 06 Jan, 2010 1 commit
  15. 02 Sep, 2009 1 commit
  16. 05 Aug, 2009 1 commit
  17. 13 Jul, 2009 1 commit
  18. 04 Mar, 2009 2 commits
    • Geert Uytterhoeven's avatar
      crypto: zlib - New zlib crypto module, using pcomp · bf68e65e
      Geert Uytterhoeven authored
      Signed-off-by: default avatarGeert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
      Cc: James Morris <jmorris@namei.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      bf68e65e
    • Geert Uytterhoeven's avatar
      crypto: compress - Add pcomp interface · a1d2f095
      Geert Uytterhoeven authored
      The current "comp" crypto interface supports one-shot (de)compression only,
      i.e. the whole data buffer to be (de)compressed must be passed at once, and
      the whole (de)compressed data buffer will be received at once.
      In several use-cases (e.g. compressed file systems that store files in big
      compressed blocks), this workflow is not suitable.
      Furthermore, the "comp" type doesn't provide for the configuration of
      (de)compression parameters, and always allocates workspace memory for both
      compression and decompression, which may waste memory.
      
      To solve this, add a "pcomp" partial (de)compression interface that provides
      the following operations:
        - crypto_compress_{init,update,final}() for compression,
        - crypto_decompress_{init,update,final}() for decompression,
        - crypto_{,de}compress_setup(), to configure (de)compression parameters
          (incl. allocating workspace memory).
      
      The (de)compression methods take a struct comp_request, which was mimicked
      after the z_stream object in zlib, and contains buffer pointer and length
      pairs for input and output.
      
      The setup methods take an opaque parameter pointer and length pair. Parameters
      are supposed to be encoded using netlink attributes, whose meanings depend on
      the actual (name of the) (de)compression algorithm.
      Signed-off-by: default avatarGeert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      a1d2f095
  19. 18 Feb, 2009 1 commit
  20. 24 Dec, 2008 1 commit
    • Herbert Xu's avatar
      crypto: hash - Add shash interface · 7b5a080b
      Herbert Xu authored
      The shash interface replaces the current synchronous hash interface.
      It improves over hash in two ways.  Firstly shash is reentrant,
      meaning that the same tfm may be used by two threads simultaneously
      as all hashing state is stored in a local descriptor.
      
      The other enhancement is that shash no longer takes scatter list
      entries.  This is because shash is specifically designed for
      synchronous algorithms and as such scatter lists are unnecessary.
      
      All existing hash users will be converted to shash once the
      algorithms have been completely converted.
      
      There is also a new finup function that combines update with final.
      This will be extended to ahash once the algorithm conversion is
      done.
      
      This is also the first time that an algorithm type has their own
      registration function.  Existing algorithm types will be converted
      to this way in due course.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      7b5a080b
  21. 10 Dec, 2008 1 commit
  22. 28 Aug, 2008 4 commits
  23. 15 Jul, 2008 1 commit
  24. 10 Jul, 2008 4 commits
  25. 20 Apr, 2008 3 commits