<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/crypto/talitos.c, branch v3.10</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Revert "crypto: talitos - add IPsec ESN support"</title>
<updated>2013-03-21T09:36:02+00:00</updated>
<author>
<name>Horia Geanta</name>
<email>horia.geanta@freescale.com</email>
</author>
<published>2013-03-20T14:31:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=991155bacb91c988c45586525771758ddadd44ce'/>
<id>991155bacb91c988c45586525771758ddadd44ce</id>
<content type='text'>
This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d.

Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.

ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.

Cc: &lt;stable@vger.kernel.org&gt; # 3.8, 3.7
Reported-by: Chaoxing Lin &lt;Chaoxing.Lin@ultra-3eti.com&gt;
Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Reviewed-by: Kim Phillips &lt;kim.phillips@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d.

Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.

ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.

Cc: &lt;stable@vger.kernel.org&gt; # 3.8, 3.7
Reported-by: Chaoxing Lin &lt;Chaoxing.Lin@ultra-3eti.com&gt;
Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Reviewed-by: Kim Phillips &lt;kim.phillips@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - convert to use be16_add_cpu()</title>
<updated>2012-10-15T14:18:26+00:00</updated>
<author>
<name>Wei Yongjun</name>
<email>yongjun_wei@trendmicro.com.cn</email>
</author>
<published>2012-09-28T04:52:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=7291a932c6e27d9768e374e9d648086636daf61c'/>
<id>7291a932c6e27d9768e374e9d648086636daf61c</id>
<content type='text'>
Convert cpu_to_be16(be16_to_cpu(E1) + E2) to use be16_add_cpu().

dpatch engine is used to auto generate this patch.
(https://github.com/weiyj/dpatch)

Signed-off-by: Wei Yongjun &lt;yongjun_wei@trendmicro.com.cn&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Convert cpu_to_be16(be16_to_cpu(E1) + E2) to use be16_add_cpu().

dpatch engine is used to auto generate this patch.
(https://github.com/weiyj/dpatch)

Signed-off-by: Wei Yongjun &lt;yongjun_wei@trendmicro.com.cn&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - add IPsec ESN support</title>
<updated>2012-08-28T15:56:30+00:00</updated>
<author>
<name>Horia Geanta</name>
<email>horia.geanta@freescale.com</email>
</author>
<published>2012-08-08T15:46:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e763eb699be723fb41af818118068c6b3afdaf8d'/>
<id>e763eb699be723fb41af818118068c6b3afdaf8d</id>
<content type='text'>
Support for ESNs (extended sequence numbers).
Tested with strongswan on a P2020RDB back-to-back setup.
Extracted from /etc/ipsec.conf:
esp=aes-sha1-esn-modp4096!

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Support for ESNs (extended sequence numbers).
Tested with strongswan on a P2020RDB back-to-back setup.
Extracted from /etc/ipsec.conf:
esp=aes-sha1-esn-modp4096!

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - support for assoc data provided as scatterlist</title>
<updated>2012-08-28T15:56:27+00:00</updated>
<author>
<name>Horia Geanta</name>
<email>horia.geanta@freescale.com</email>
</author>
<published>2012-08-02T14:16:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=79fd31d355f7e315025a330adc2183fb5ae8f22d'/>
<id>79fd31d355f7e315025a330adc2183fb5ae8f22d</id>
<content type='text'>
Generate a link table in case assoc data is a scatterlist.
While at it, add support for handling non-contiguous assoc data and iv.

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Generate a link table in case assoc data is a scatterlist.
While at it, add support for handling non-contiguous assoc data and iv.

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - change type and name for [src|dst]_is_chained</title>
<updated>2012-08-28T15:56:26+00:00</updated>
<author>
<name>Horia Geanta</name>
<email>horia.geanta@freescale.com</email>
</author>
<published>2012-08-02T14:16:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=2a1cfe46b17f6dd43fcd8eb2b5e5deaa2a94e4bb'/>
<id>2a1cfe46b17f6dd43fcd8eb2b5e5deaa2a94e4bb</id>
<content type='text'>
It's more natural to think of these vars as bool rather than int.

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
It's more natural to think of these vars as bool rather than int.

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - prune unneeded descriptor allocation param</title>
<updated>2012-08-28T15:56:26+00:00</updated>
<author>
<name>Horia Geanta</name>
<email>horia.geanta@freescale.com</email>
</author>
<published>2012-08-02T14:16:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=602499a34247a890fd018c364c9bb6f9b931c1db'/>
<id>602499a34247a890fd018c364c9bb6f9b931c1db</id>
<content type='text'>
talitos_edesc_alloc does not need hash_result param.
Checking whether dst scatterlist is NULL or not is all that is required.

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
talitos_edesc_alloc does not need hash_result param.
Checking whether dst scatterlist is NULL or not is all that is required.

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - fix icv management on outbound direction</title>
<updated>2012-08-28T15:56:26+00:00</updated>
<author>
<name>Horia Geanta</name>
<email>horia.geanta@freescale.com</email>
</author>
<published>2012-08-02T14:16:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=60542505b0bccbc5e2e518c9dd6bee9a30546061'/>
<id>60542505b0bccbc5e2e518c9dd6bee9a30546061</id>
<content type='text'>
For IPsec encryption, in the case when:
-the input buffer is fragmented (edesc-&gt;src_nents &gt; 0)
-the output buffer is not fragmented (edesc-&gt;dst_nents = 0)
the ICV is not output in the link table, but after the encrypted payload.

Copying the ICV must be avoided in this case; consequently the condition
edesc-&gt;dma_len &gt; 0 must be more specific, i.e. must depend on the type
of the output buffer - fragmented or not.

Testing was performed by modifying testmgr to support src != dst,
since currently native kernel IPsec does in-place encryption
(src == dst).

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
For IPsec encryption, in the case when:
-the input buffer is fragmented (edesc-&gt;src_nents &gt; 0)
-the output buffer is not fragmented (edesc-&gt;dst_nents = 0)
the ICV is not output in the link table, but after the encrypted payload.

Copying the ICV must be avoided in this case; consequently the condition
edesc-&gt;dma_len &gt; 0 must be more specific, i.e. must depend on the type
of the output buffer - fragmented or not.

Testing was performed by modifying testmgr to support src != dst,
since currently native kernel IPsec does in-place encryption
(src == dst).

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - consolidate common cra_* assignments</title>
<updated>2012-08-28T15:53:53+00:00</updated>
<author>
<name>Kim Phillips</name>
<email>kim.phillips@freescale.com</email>
</author>
<published>2012-08-09T01:33:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b286e00304f9c1d27b93753536ac5246a287dd55'/>
<id>b286e00304f9c1d27b93753536ac5246a287dd55</id>
<content type='text'>
the entry points and geniv definitions for all aead,
ablkcipher, and hash algorithms are all common; move them to a
single assignment in talitos_alg_alloc().

This assumes it's ok to assign a setkey() on non-hmac algs.

Signed-off-by: Kim Phillips &lt;kim.phillips@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
the entry points and geniv definitions for all aead,
ablkcipher, and hash algorithms are all common; move them to a
single assignment in talitos_alg_alloc().

This assumes it's ok to assign a setkey() on non-hmac algs.

Signed-off-by: Kim Phillips &lt;kim.phillips@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - consolidate cra_type assignments</title>
<updated>2012-08-28T15:53:53+00:00</updated>
<author>
<name>Kim Phillips</name>
<email>kim.phillips@freescale.com</email>
</author>
<published>2012-08-09T01:32:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d4cd3283f67d08a18f83fbe7a26a10fe4b474b48'/>
<id>d4cd3283f67d08a18f83fbe7a26a10fe4b474b48</id>
<content type='text'>
lighten driver_algs[] by moving them to talitos_alg_alloc().

Signed-off-by: Kim Phillips &lt;kim.phillips@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
lighten driver_algs[] by moving them to talitos_alg_alloc().

Signed-off-by: Kim Phillips &lt;kim.phillips@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: talitos - add sha224, sha384 and sha512 to existing AEAD algorithms</title>
<updated>2012-07-11T03:08:29+00:00</updated>
<author>
<name>Horia Geanta</name>
<email>horia.geanta@freescale.com</email>
</author>
<published>2012-07-03T16:16:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=357fb60502ede168fa1b76b996298e0045e24b59'/>
<id>357fb60502ede168fa1b76b996298e0045e24b59</id>
<content type='text'>
With this, now all combinations of
CBC: AES, 3DES-EDE
with
HMAC: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
are supported.

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
With this, now all combinations of
CBC: AES, 3DES-EDE
with
HMAC: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
are supported.

Signed-off-by: Horia Geanta &lt;horia.geanta@freescale.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
</feed>
