LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: David Howells <dhowells@redhat.com>
To: torvalds@osdl.org, akpm@osdl.org, herbert.xu@redhat.com
Cc: linux-kernel@vger.kernel.org, davej@redhat.com,
arjan@infradead.org, linux-crypto@vger.kernel.org,
dhowells@redhat.com
Subject: [PATCH 2/6] MODSIGN: In-kernel crypto extensions
Date: Wed, 14 Feb 2007 19:09:49 +0000 [thread overview]
Message-ID: <20070214190949.6438.28537.stgit@warthog.cambridge.redhat.com> (raw)
In-Reply-To: <20070214190938.6438.15091.stgit@warthog.cambridge.redhat.com>
Two extensions are added:
(1) Support for SHA1 digestion of in-kernel buffers directly without the use
of scatter-gather lists.
(2) Allocation of crypto algorithm instances without resort to fallback module
loading.
SHA1 is used by module signature checking, and so must not itself require
loading as a module when the module signature checking is enabled.
Signed-Off-By: David Howells <dhowells@redhat.com>
---
crypto/api.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
crypto/digest.c | 9 +++++++++
include/linux/crypto.h | 11 +++++++++++
3 files changed, 65 insertions(+), 1 deletions(-)
diff --git a/crypto/api.c b/crypto/api.c
index 55af8bb..3138d7c 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -341,6 +341,45 @@ out:
EXPORT_SYMBOL_GPL(__crypto_alloc_tfm);
/*
+ * crypto_alloc_tfm2 - Find or load crypto module
+ * @name: Name of algorithm
+ * @flags: Flags to control algorithm instance
+ * @nomodload: True to suppress resort to module loading
+ *
+ * Attempt to find or load a crypto algorithm module and create an
+ * instance of it.
+ */
+struct crypto_tfm *crypto_alloc_tfm2(const char *name, u32 flags,
+ int nomodload)
+{
+ struct crypto_tfm *tfm = NULL;
+ int err;
+
+ do {
+ struct crypto_alg *alg;
+
+ if (!nomodload)
+ alg = crypto_alg_mod_lookup(name, 0, CRYPTO_ALG_ASYNC);
+ else
+ alg = crypto_alg_lookup(name, 0, CRYPTO_ALG_ASYNC);
+
+ err = PTR_ERR(alg);
+ if (IS_ERR(alg))
+ continue;
+
+ tfm = __crypto_alloc_tfm(alg, flags, 0);
+ err = 0;
+ if (IS_ERR(tfm)) {
+ crypto_mod_put(alg);
+ err = PTR_ERR(tfm);
+ tfm = NULL;
+ }
+ } while (err == -EAGAIN && !signal_pending(current));
+
+ return tfm;
+}
+
+/*
* crypto_alloc_base - Locate algorithm and allocate transform
* @alg_name: Name of algorithm
* @type: Type of algorithm
@@ -392,7 +431,12 @@ err:
return ERR_PTR(err);
}
EXPORT_SYMBOL_GPL(crypto_alloc_base);
-
+
+struct crypto_tfm *crypto_alloc_tfm(const char *name, u32 flags)
+{
+ return crypto_alloc_tfm2(name, flags, 0);
+}
+
/*
* crypto_free_tfm - Free crypto transform
* @tfm: Transform to free
diff --git a/crypto/digest.c b/crypto/digest.c
index 1bf7414..d03a4e1 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -91,6 +91,14 @@ static int update(struct hash_desc *desc,
return update2(desc, sg, nbytes);
}
+static void update_kernel(struct hash_desc *desc,
+ const void *data, size_t count)
+{
+ struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm);
+ tfm->__crt_alg->cra_digest.dia_update(tfm, data, count);
+ crypto_yield(desc->flags);
+}
+
static int final(struct hash_desc *desc, u8 *out)
{
struct crypto_tfm *tfm = crypto_hash_tfm(desc->tfm);
@@ -146,6 +154,7 @@ int crypto_init_digest_ops(struct crypto_tfm *tfm)
ops->init = init;
ops->update = update;
+ ops->update_kernel = update_kernel;
ops->final = final;
ops->digest = digest;
ops->setkey = dalg->dia_setkey ? setkey : nosetkey;
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 779aa78..d960ec1 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -273,6 +273,8 @@ struct hash_tfm {
int (*init)(struct hash_desc *desc);
int (*update)(struct hash_desc *desc,
struct scatterlist *sg, unsigned int nsg);
+ void (*update_kernel)(struct hash_desc *desc,
+ const void *data, size_t count);
int (*final)(struct hash_desc *desc, u8 *out);
int (*digest)(struct hash_desc *desc, struct scatterlist *sg,
unsigned int nsg, u8 *out);
@@ -341,6 +343,8 @@ struct crypto_attr_alg {
*/
struct crypto_tfm *crypto_alloc_tfm(const char *alg_name, u32 tfm_flags);
+struct crypto_tfm *crypto_alloc_tfm2(const char *alg_name, u32 tfm_flags,
+ int nomodload);
struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask);
void crypto_free_tfm(struct crypto_tfm *tfm);
@@ -739,6 +743,13 @@ static inline int crypto_hash_update(struct hash_desc *desc,
return crypto_hash_crt(desc->tfm)->update(desc, sg, nbytes);
}
+static inline void crypto_hash_update_kernel(struct hash_desc *desc,
+ const void *data,
+ size_t count)
+{
+ return crypto_hash_crt(desc->tfm)->update_kernel(desc, data, count);
+}
+
static inline int crypto_hash_final(struct hash_desc *desc, u8 *out)
{
return crypto_hash_crt(desc->tfm)->final(desc, out);
next prev parent reply other threads:[~2007-02-14 19:10 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-14 19:09 [PATCH 0/6] MODSIGN: Kernel module signing David Howells
2007-02-14 19:09 ` David Howells [this message]
2007-02-14 19:09 ` [PATCH 3/6] MODSIGN: Add indications of module ELF types David Howells
2007-02-14 19:09 ` [PATCH 4/6] MODSIGN: Module ELF verifier David Howells
2007-02-14 19:10 ` [PATCH 5/6] MODSIGN: Module signature checker and key manager David Howells
2007-02-14 19:10 ` [PATCH 6/6] MODSIGN: Apply signature checking to modules on module load David Howells
2007-02-14 19:26 ` [PATCH 0/6] MODSIGN: Kernel module signing Linus Torvalds
2007-02-14 19:40 ` David Howells
2007-02-14 21:32 ` Michael Halcrow
2007-02-14 21:59 ` David Howells
2007-02-14 22:21 ` Michael Halcrow
2007-02-15 21:31 ` Indan Zupancic
2007-02-15 3:41 ` Andrew Morton
2007-02-15 4:13 ` Dave Jones
2007-02-15 5:35 ` Andreas Gruenbacher
2007-02-15 5:45 ` Dave Jones
2007-02-15 6:14 ` Andreas Gruenbacher
2007-02-15 6:22 ` Dave Jones
2007-02-15 20:34 ` Valdis.Kletnieks
2007-02-15 22:12 ` Andreas Gruenbacher
2007-02-16 0:15 ` Olaf Kirch
2007-02-15 22:10 ` Pavel Machek
2007-02-15 20:55 ` Valdis.Kletnieks
2007-02-15 21:32 ` Adrian Bunk
2007-02-15 22:12 ` Valdis.Kletnieks
2007-02-15 14:35 ` Roman Zippel
2007-02-15 17:32 ` David Howells
2007-02-15 18:33 ` Roman Zippel
2007-02-15 20:01 ` David Lang
2007-02-15 21:01 ` Roman Zippel
2007-02-15 21:03 ` Adrian Bunk
2007-02-15 22:13 ` Pavel Machek
2007-02-16 20:21 ` Dave Jones
2007-02-16 20:27 ` Arjan van de Ven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070214190949.6438.28537.stgit@warthog.cambridge.redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=davej@redhat.com \
--cc=herbert.xu@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
--subject='Re: [PATCH 2/6] MODSIGN: In-kernel crypto extensions' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).