mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
synced 2026-04-05 00:08:32 -04:00
Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux
Pull crypto library updates from Eric Biggers:
- Add support for verifying ML-DSA signatures.
ML-DSA (Module-Lattice-Based Digital Signature Algorithm) is a
recently-standardized post-quantum (quantum-resistant) signature
algorithm. It was known as Dilithium pre-standardization.
The first use case in the kernel will be module signing. But there
are also other users of RSA and ECDSA signatures in the kernel that
might want to upgrade to ML-DSA eventually.
- Improve the AES library:
- Make the AES key expansion and single block encryption and
decryption functions use the architecture-optimized AES code.
Enable these optimizations by default.
- Support preparing an AES key for encryption-only, using about
half as much memory as a bidirectional key.
- Replace the existing two generic implementations of AES with a
single one.
- Simplify how Adiantum message hashing is implemented. Remove the
"nhpoly1305" crypto_shash in favor of direct lib/crypto/ support for
NH hashing, and enable optimizations by default.
* tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux: (53 commits)
lib/crypto: mldsa: Clarify the documentation for mldsa_verify() slightly
lib/crypto: aes: Drop 'volatile' from aes_sbox and aes_inv_sbox
lib/crypto: aes: Remove old AES en/decryption functions
lib/crypto: aesgcm: Use new AES library API
lib/crypto: aescfb: Use new AES library API
crypto: omap - Use new AES library API
crypto: inside-secure - Use new AES library API
crypto: drbg - Use new AES library API
crypto: crypto4xx - Use new AES library API
crypto: chelsio - Use new AES library API
crypto: ccp - Use new AES library API
crypto: x86/aes-gcm - Use new AES library API
crypto: arm64/ghash - Use new AES library API
crypto: arm/ghash - Use new AES library API
staging: rtl8723bs: core: Use new AES library API
net: phy: mscc: macsec: Use new AES library API
chelsio: Use new AES library API
Bluetooth: SMP: Use new AES library API
crypto: x86/aes - Remove the superseded AES-NI crypto_cipher
lib/crypto: x86/aes: Add AES-NI optimization
...
This commit is contained in:
Linus Torvalds
@@ -126,7 +126,7 @@ struct tpm2_auth {
|
||||
u8 session_key[SHA256_DIGEST_SIZE];
|
||||
u8 passphrase[SHA256_DIGEST_SIZE];
|
||||
int passphrase_len;
|
||||
struct crypto_aes_ctx aes_ctx;
|
||||
struct aes_enckey aes_key;
|
||||
/* saved session attributes: */
|
||||
u8 attrs;
|
||||
__be32 ordinal;
|
||||
@@ -677,8 +677,8 @@ int tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf)
|
||||
auth->scratch);
|
||||
|
||||
len = tpm_buf_read_u16(buf, &offset_p);
|
||||
aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES);
|
||||
aescfb_encrypt(&auth->aes_ctx, &buf->data[offset_p],
|
||||
aes_prepareenckey(&auth->aes_key, auth->scratch, AES_KEY_BYTES);
|
||||
aescfb_encrypt(&auth->aes_key, &buf->data[offset_p],
|
||||
&buf->data[offset_p], len,
|
||||
auth->scratch + AES_KEY_BYTES);
|
||||
/* reset p to beginning of parameters for HMAC */
|
||||
@@ -858,8 +858,8 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf,
|
||||
auth->scratch);
|
||||
|
||||
len = tpm_buf_read_u16(buf, &offset_p);
|
||||
aes_expandkey(&auth->aes_ctx, auth->scratch, AES_KEY_BYTES);
|
||||
aescfb_decrypt(&auth->aes_ctx, &buf->data[offset_p],
|
||||
aes_prepareenckey(&auth->aes_key, auth->scratch, AES_KEY_BYTES);
|
||||
aescfb_decrypt(&auth->aes_key, &buf->data[offset_p],
|
||||
&buf->data[offset_p], len,
|
||||
auth->scratch + AES_KEY_BYTES);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user