drbg 194 crypto/drbg.c static int drbg_uninstantiate(struct drbg_state *drbg); drbg 241 crypto/drbg.c static int drbg_fips_continuous_test(struct drbg_state *drbg, drbg 244 crypto/drbg.c unsigned short entropylen = drbg_sec_strength(drbg->core->flags); drbg 251 crypto/drbg.c if (list_empty(&drbg->test_data.list)) drbg 257 crypto/drbg.c if (!drbg->fips_primed) { drbg 259 crypto/drbg.c memcpy(drbg->prev, entropy, entropylen); drbg 260 crypto/drbg.c drbg->fips_primed = true; drbg 264 crypto/drbg.c ret = memcmp(drbg->prev, entropy, entropylen); drbg 267 crypto/drbg.c memcpy(drbg->prev, entropy, entropylen); drbg 306 crypto/drbg.c static void drbg_kcapi_symsetkey(struct drbg_state *drbg, drbg 308 crypto/drbg.c static int drbg_kcapi_sym(struct drbg_state *drbg, unsigned char *outval, drbg 310 crypto/drbg.c static int drbg_init_sym_kernel(struct drbg_state *drbg); drbg 311 crypto/drbg.c static int drbg_fini_sym_kernel(struct drbg_state *drbg); drbg 312 crypto/drbg.c static int drbg_kcapi_sym_ctr(struct drbg_state *drbg, drbg 318 crypto/drbg.c static int drbg_ctr_bcc(struct drbg_state *drbg, drbg 327 crypto/drbg.c drbg_string_fill(&data, out, drbg_blocklen(drbg)); drbg 330 crypto/drbg.c drbg_kcapi_symsetkey(drbg, key); drbg 337 crypto/drbg.c if (drbg_blocklen(drbg) == cnt) { drbg 339 crypto/drbg.c ret = drbg_kcapi_sym(drbg, out, &data); drbg 351 crypto/drbg.c ret = drbg_kcapi_sym(drbg, out, &data); drbg 396 crypto/drbg.c static int drbg_ctr_df(struct drbg_state *drbg, drbg 405 crypto/drbg.c unsigned char *pad = df_data + drbg_statelen(drbg); drbg 406 crypto/drbg.c unsigned char *iv = pad + drbg_blocklen(drbg); drbg 407 crypto/drbg.c unsigned char *temp = iv + drbg_blocklen(drbg); drbg 423 crypto/drbg.c memset(pad, 0, drbg_blocklen(drbg)); drbg 424 crypto/drbg.c memset(iv, 0, drbg_blocklen(drbg)); drbg 441 crypto/drbg.c padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg)); drbg 444 crypto/drbg.c padlen = drbg_blocklen(drbg) - padlen; drbg 454 crypto/drbg.c drbg_string_fill(&S1, iv, drbg_blocklen(drbg)); drbg 463 crypto/drbg.c while (templen < (drbg_keylen(drbg) + (drbg_blocklen(drbg)))) { drbg 471 crypto/drbg.c ret = drbg_ctr_bcc(drbg, temp + templen, K, &bcc_list); drbg 476 crypto/drbg.c templen += drbg_blocklen(drbg); drbg 480 crypto/drbg.c X = temp + (drbg_keylen(drbg)); drbg 481 crypto/drbg.c drbg_string_fill(&cipherin, X, drbg_blocklen(drbg)); drbg 486 crypto/drbg.c drbg_kcapi_symsetkey(drbg, temp); drbg 494 crypto/drbg.c ret = drbg_kcapi_sym(drbg, X, &cipherin); drbg 497 crypto/drbg.c blocklen = (drbg_blocklen(drbg) < drbg 499 crypto/drbg.c drbg_blocklen(drbg) : drbg 509 crypto/drbg.c memset(iv, 0, drbg_blocklen(drbg)); drbg 510 crypto/drbg.c memset(temp, 0, drbg_statelen(drbg) + drbg_blocklen(drbg)); drbg 511 crypto/drbg.c memset(pad, 0, drbg_blocklen(drbg)); drbg 530 crypto/drbg.c static int drbg_ctr_update(struct drbg_state *drbg, struct list_head *seed, drbg 535 crypto/drbg.c unsigned char *temp = drbg->scratchpad; drbg 536 crypto/drbg.c unsigned char *df_data = drbg->scratchpad + drbg_statelen(drbg) + drbg 537 crypto/drbg.c drbg_blocklen(drbg); drbg 540 crypto/drbg.c memset(df_data, 0, drbg_statelen(drbg)); drbg 550 crypto/drbg.c crypto_inc(drbg->V, drbg_blocklen(drbg)); drbg 552 crypto/drbg.c ret = crypto_skcipher_setkey(drbg->ctr_handle, drbg->C, drbg 553 crypto/drbg.c drbg_keylen(drbg)); drbg 560 crypto/drbg.c ret = drbg_ctr_df(drbg, df_data, drbg_statelen(drbg), seed); drbg 565 crypto/drbg.c ret = drbg_kcapi_sym_ctr(drbg, df_data, drbg_statelen(drbg), drbg 566 crypto/drbg.c temp, drbg_statelen(drbg)); drbg 571 crypto/drbg.c ret = crypto_skcipher_setkey(drbg->ctr_handle, temp, drbg 572 crypto/drbg.c drbg_keylen(drbg)); drbg 576 crypto/drbg.c memcpy(drbg->V, temp + drbg_keylen(drbg), drbg_blocklen(drbg)); drbg 578 crypto/drbg.c crypto_inc(drbg->V, drbg_blocklen(drbg)); drbg 582 crypto/drbg.c memset(temp, 0, drbg_statelen(drbg) + drbg_blocklen(drbg)); drbg 584 crypto/drbg.c memset(df_data, 0, drbg_statelen(drbg)); drbg 593 crypto/drbg.c static int drbg_ctr_generate(struct drbg_state *drbg, drbg 602 crypto/drbg.c ret = drbg_ctr_update(drbg, addtl, 2); drbg 608 crypto/drbg.c ret = drbg_kcapi_sym_ctr(drbg, NULL, 0, buf, len); drbg 613 crypto/drbg.c ret = drbg_ctr_update(drbg, NULL, 3); drbg 633 crypto/drbg.c static int drbg_kcapi_hash(struct drbg_state *drbg, unsigned char *outval, drbg 635 crypto/drbg.c static void drbg_kcapi_hmacsetkey(struct drbg_state *drbg, drbg 637 crypto/drbg.c static int drbg_init_hash_kernel(struct drbg_state *drbg); drbg 638 crypto/drbg.c static int drbg_fini_hash_kernel(struct drbg_state *drbg); drbg 653 crypto/drbg.c static int drbg_hmac_update(struct drbg_state *drbg, struct list_head *seed, drbg 664 crypto/drbg.c memset(drbg->V, 1, drbg_statelen(drbg)); drbg 665 crypto/drbg.c drbg_kcapi_hmacsetkey(drbg, drbg->C); drbg 668 crypto/drbg.c drbg_string_fill(&seed1, drbg->V, drbg_statelen(drbg)); drbg 677 crypto/drbg.c drbg_string_fill(&vdata, drbg->V, drbg_statelen(drbg)); drbg 686 crypto/drbg.c ret = drbg_kcapi_hash(drbg, drbg->C, &seedlist); drbg 689 crypto/drbg.c drbg_kcapi_hmacsetkey(drbg, drbg->C); drbg 692 crypto/drbg.c ret = drbg_kcapi_hash(drbg, drbg->V, &vdatalist); drbg 705 crypto/drbg.c static int drbg_hmac_generate(struct drbg_state *drbg, drbg 717 crypto/drbg.c ret = drbg_hmac_update(drbg, addtl, 1); drbg 722 crypto/drbg.c drbg_string_fill(&data, drbg->V, drbg_statelen(drbg)); drbg 727 crypto/drbg.c ret = drbg_kcapi_hash(drbg, drbg->V, &datalist); drbg 730 crypto/drbg.c outlen = (drbg_blocklen(drbg) < (buflen - len)) ? drbg 731 crypto/drbg.c drbg_blocklen(drbg) : (buflen - len); drbg 734 crypto/drbg.c memcpy(buf + len, drbg->V, outlen); drbg 740 crypto/drbg.c ret = drbg_hmac_update(drbg, addtl, 1); drbg 742 crypto/drbg.c ret = drbg_hmac_update(drbg, NULL, 1); drbg 820 crypto/drbg.c static int drbg_hash_df(struct drbg_state *drbg, drbg 827 crypto/drbg.c unsigned char *tmp = drbg->scratchpad + drbg_statelen(drbg); drbg 842 crypto/drbg.c ret = drbg_kcapi_hash(drbg, tmp, entropylist); drbg 847 crypto/drbg.c blocklen = (drbg_blocklen(drbg) < (outlen - len)) ? drbg 848 crypto/drbg.c drbg_blocklen(drbg) : (outlen - len); drbg 854 crypto/drbg.c memset(tmp, 0, drbg_blocklen(drbg)); drbg 859 crypto/drbg.c static int drbg_hash_update(struct drbg_state *drbg, struct list_head *seed, drbg 866 crypto/drbg.c unsigned char *V = drbg->scratchpad; drbg 874 crypto/drbg.c memcpy(V, drbg->V, drbg_statelen(drbg)); drbg 877 crypto/drbg.c drbg_string_fill(&data2, V, drbg_statelen(drbg)); drbg 883 crypto/drbg.c ret = drbg_hash_df(drbg, drbg->V, drbg_statelen(drbg), &datalist); drbg 891 crypto/drbg.c drbg_string_fill(&data2, drbg->V, drbg_statelen(drbg)); drbg 894 crypto/drbg.c ret = drbg_hash_df(drbg, drbg->C, drbg_statelen(drbg), &datalist2); drbg 897 crypto/drbg.c memset(drbg->scratchpad, 0, drbg_statelen(drbg)); drbg 902 crypto/drbg.c static int drbg_hash_process_addtl(struct drbg_state *drbg, drbg 916 crypto/drbg.c drbg_string_fill(&data2, drbg->V, drbg_statelen(drbg)); drbg 920 crypto/drbg.c ret = drbg_kcapi_hash(drbg, drbg->scratchpad, &datalist); drbg 925 crypto/drbg.c drbg_add_buf(drbg->V, drbg_statelen(drbg), drbg 926 crypto/drbg.c drbg->scratchpad, drbg_blocklen(drbg)); drbg 929 crypto/drbg.c memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); drbg 934 crypto/drbg.c static int drbg_hash_hashgen(struct drbg_state *drbg, drbg 940 crypto/drbg.c unsigned char *src = drbg->scratchpad; drbg 941 crypto/drbg.c unsigned char *dst = drbg->scratchpad + drbg_statelen(drbg); drbg 946 crypto/drbg.c memcpy(src, drbg->V, drbg_statelen(drbg)); drbg 948 crypto/drbg.c drbg_string_fill(&data, src, drbg_statelen(drbg)); drbg 953 crypto/drbg.c ret = drbg_kcapi_hash(drbg, dst, &datalist); drbg 958 crypto/drbg.c outlen = (drbg_blocklen(drbg) < (buflen - len)) ? drbg 959 crypto/drbg.c drbg_blocklen(drbg) : (buflen - len); drbg 965 crypto/drbg.c crypto_inc(src, drbg_statelen(drbg)); drbg 969 crypto/drbg.c memset(drbg->scratchpad, 0, drbg 970 crypto/drbg.c (drbg_statelen(drbg) + drbg_blocklen(drbg))); drbg 975 crypto/drbg.c static int drbg_hash_generate(struct drbg_state *drbg, drbg 990 crypto/drbg.c ret = drbg_hash_process_addtl(drbg, addtl); drbg 994 crypto/drbg.c len = drbg_hash_hashgen(drbg, buf, buflen); drbg 1000 crypto/drbg.c drbg_string_fill(&data2, drbg->V, drbg_statelen(drbg)); drbg 1002 crypto/drbg.c ret = drbg_kcapi_hash(drbg, drbg->scratchpad, &datalist); drbg 1009 crypto/drbg.c drbg_add_buf(drbg->V, drbg_statelen(drbg), drbg 1010 crypto/drbg.c drbg->scratchpad, drbg_blocklen(drbg)); drbg 1011 crypto/drbg.c drbg_add_buf(drbg->V, drbg_statelen(drbg), drbg 1012 crypto/drbg.c drbg->C, drbg_statelen(drbg)); drbg 1013 crypto/drbg.c u.req_int = cpu_to_be64(drbg->reseed_ctr); drbg 1014 crypto/drbg.c drbg_add_buf(drbg->V, drbg_statelen(drbg), u.req, 8); drbg 1017 crypto/drbg.c memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); drbg 1037 crypto/drbg.c static inline int __drbg_seed(struct drbg_state *drbg, struct list_head *seed, drbg 1040 crypto/drbg.c int ret = drbg->d_ops->update(drbg, seed, reseed); drbg 1045 crypto/drbg.c drbg->seeded = true; drbg 1047 crypto/drbg.c drbg->reseed_ctr = 1; drbg 1052 crypto/drbg.c static inline int drbg_get_random_bytes(struct drbg_state *drbg, drbg 1060 crypto/drbg.c ret = drbg_fips_continuous_test(drbg, entropy); drbg 1072 crypto/drbg.c struct drbg_state *drbg = container_of(work, struct drbg_state, drbg 1074 crypto/drbg.c unsigned int entropylen = drbg_sec_strength(drbg->core->flags); drbg 1084 crypto/drbg.c mutex_lock(&drbg->drbg_mutex); drbg 1086 crypto/drbg.c ret = drbg_get_random_bytes(drbg, entropy, entropylen); drbg 1091 crypto/drbg.c crypto_free_rng(drbg->jent); drbg 1092 crypto/drbg.c drbg->jent = NULL; drbg 1097 crypto/drbg.c drbg->seeded = false; drbg 1099 crypto/drbg.c __drbg_seed(drbg, &seedlist, true); drbg 1101 crypto/drbg.c if (drbg->seeded) drbg 1102 crypto/drbg.c drbg->reseed_threshold = drbg_max_requests(drbg); drbg 1105 crypto/drbg.c mutex_unlock(&drbg->drbg_mutex); drbg 1121 crypto/drbg.c static int drbg_seed(struct drbg_state *drbg, struct drbg_string *pers, drbg 1126 crypto/drbg.c unsigned int entropylen = drbg_sec_strength(drbg->core->flags); drbg 1131 crypto/drbg.c if (pers && pers->len > (drbg_max_addtl(drbg))) { drbg 1137 crypto/drbg.c if (list_empty(&drbg->test_data.list)) { drbg 1138 crypto/drbg.c drbg_string_fill(&data1, drbg->test_data.buf, drbg 1139 crypto/drbg.c drbg->test_data.len); drbg 1156 crypto/drbg.c ret = drbg_get_random_bytes(drbg, entropy, entropylen); drbg 1160 crypto/drbg.c if (!drbg->jent) { drbg 1166 crypto/drbg.c ret = crypto_rng_get_bytes(drbg->jent, drbg 1192 crypto/drbg.c memset(drbg->V, 0, drbg_statelen(drbg)); drbg 1193 crypto/drbg.c memset(drbg->C, 0, drbg_statelen(drbg)); drbg 1196 crypto/drbg.c ret = __drbg_seed(drbg, &seedlist, reseed); drbg 1205 crypto/drbg.c static inline void drbg_dealloc_state(struct drbg_state *drbg) drbg 1207 crypto/drbg.c if (!drbg) drbg 1209 crypto/drbg.c kzfree(drbg->Vbuf); drbg 1210 crypto/drbg.c drbg->Vbuf = NULL; drbg 1211 crypto/drbg.c drbg->V = NULL; drbg 1212 crypto/drbg.c kzfree(drbg->Cbuf); drbg 1213 crypto/drbg.c drbg->Cbuf = NULL; drbg 1214 crypto/drbg.c drbg->C = NULL; drbg 1215 crypto/drbg.c kzfree(drbg->scratchpadbuf); drbg 1216 crypto/drbg.c drbg->scratchpadbuf = NULL; drbg 1217 crypto/drbg.c drbg->reseed_ctr = 0; drbg 1218 crypto/drbg.c drbg->d_ops = NULL; drbg 1219 crypto/drbg.c drbg->core = NULL; drbg 1221 crypto/drbg.c kzfree(drbg->prev); drbg 1222 crypto/drbg.c drbg->prev = NULL; drbg 1223 crypto/drbg.c drbg->fips_primed = false; drbg 1231 crypto/drbg.c static inline int drbg_alloc_state(struct drbg_state *drbg) drbg 1236 crypto/drbg.c switch (drbg->core->flags & DRBG_TYPE_MASK) { drbg 1239 crypto/drbg.c drbg->d_ops = &drbg_hmac_ops; drbg 1244 crypto/drbg.c drbg->d_ops = &drbg_hash_ops; drbg 1249 crypto/drbg.c drbg->d_ops = &drbg_ctr_ops; drbg 1257 crypto/drbg.c ret = drbg->d_ops->crypto_init(drbg); drbg 1261 crypto/drbg.c drbg->Vbuf = kmalloc(drbg_statelen(drbg) + ret, GFP_KERNEL); drbg 1262 crypto/drbg.c if (!drbg->Vbuf) { drbg 1266 crypto/drbg.c drbg->V = PTR_ALIGN(drbg->Vbuf, ret + 1); drbg 1267 crypto/drbg.c drbg->Cbuf = kmalloc(drbg_statelen(drbg) + ret, GFP_KERNEL); drbg 1268 crypto/drbg.c if (!drbg->Cbuf) { drbg 1272 crypto/drbg.c drbg->C = PTR_ALIGN(drbg->Cbuf, ret + 1); drbg 1274 crypto/drbg.c if (drbg->core->flags & DRBG_HMAC) drbg 1276 crypto/drbg.c else if (drbg->core->flags & DRBG_CTR) drbg 1277 crypto/drbg.c sb_size = drbg_statelen(drbg) + drbg_blocklen(drbg) + /* temp */ drbg 1278 crypto/drbg.c drbg_statelen(drbg) + /* df_data */ drbg 1279 crypto/drbg.c drbg_blocklen(drbg) + /* pad */ drbg 1280 crypto/drbg.c drbg_blocklen(drbg) + /* iv */ drbg 1281 crypto/drbg.c drbg_statelen(drbg) + drbg_blocklen(drbg); /* temp */ drbg 1283 crypto/drbg.c sb_size = drbg_statelen(drbg) + drbg_blocklen(drbg); drbg 1286 crypto/drbg.c drbg->scratchpadbuf = kzalloc(sb_size + ret, GFP_KERNEL); drbg 1287 crypto/drbg.c if (!drbg->scratchpadbuf) { drbg 1291 crypto/drbg.c drbg->scratchpad = PTR_ALIGN(drbg->scratchpadbuf, ret + 1); drbg 1295 crypto/drbg.c drbg->prev = kzalloc(drbg_sec_strength(drbg->core->flags), drbg 1297 crypto/drbg.c if (!drbg->prev) { drbg 1301 crypto/drbg.c drbg->fips_primed = false; drbg 1307 crypto/drbg.c drbg->d_ops->crypto_fini(drbg); drbg 1309 crypto/drbg.c drbg_dealloc_state(drbg); drbg 1333 crypto/drbg.c static int drbg_generate(struct drbg_state *drbg, drbg 1340 crypto/drbg.c if (!drbg->core) { drbg 1355 crypto/drbg.c if (buflen > (drbg_max_request_bytes(drbg))) { drbg 1364 crypto/drbg.c if (addtl && addtl->len > (drbg_max_addtl(drbg))) { drbg 1375 crypto/drbg.c if (drbg->reseed_threshold < drbg->reseed_ctr) drbg 1376 crypto/drbg.c drbg->seeded = false; drbg 1378 crypto/drbg.c if (drbg->pr || !drbg->seeded) { drbg 1381 crypto/drbg.c drbg->pr ? "true" : "false", drbg 1382 crypto/drbg.c drbg->seeded ? "seeded" : "unseeded"); drbg 1384 crypto/drbg.c len = drbg_seed(drbg, addtl, true); drbg 1394 crypto/drbg.c len = drbg->d_ops->generate(drbg, buf, buflen, &addtllist); drbg 1397 crypto/drbg.c drbg->reseed_ctr++; drbg 1417 crypto/drbg.c if (drbg->reseed_ctr && !(drbg->reseed_ctr % 4096)) { drbg 1420 crypto/drbg.c if (drbg->core->flags & DRBG_HMAC) drbg 1423 crypto/drbg.c else if (drbg->core->flags & DRBG_CTR) drbg 1435 crypto/drbg.c drbg_uninstantiate(drbg); drbg 1460 crypto/drbg.c static int drbg_generate_long(struct drbg_state *drbg, drbg 1469 crypto/drbg.c slice = ((buflen - len) / drbg_max_request_bytes(drbg)); drbg 1470 crypto/drbg.c chunk = slice ? drbg_max_request_bytes(drbg) : (buflen - len); drbg 1471 crypto/drbg.c mutex_lock(&drbg->drbg_mutex); drbg 1472 crypto/drbg.c err = drbg_generate(drbg, buf + len, chunk, addtl); drbg 1473 crypto/drbg.c mutex_unlock(&drbg->drbg_mutex); drbg 1483 crypto/drbg.c struct drbg_state *drbg = container_of(rdy, struct drbg_state, drbg 1486 crypto/drbg.c schedule_work(&drbg->seed_work); drbg 1489 crypto/drbg.c static int drbg_prepare_hrng(struct drbg_state *drbg) drbg 1494 crypto/drbg.c if (list_empty(&drbg->test_data.list)) drbg 1497 crypto/drbg.c INIT_WORK(&drbg->seed_work, drbg_async_seed); drbg 1499 crypto/drbg.c drbg->random_ready.owner = THIS_MODULE; drbg 1500 crypto/drbg.c drbg->random_ready.func = drbg_schedule_async_seed; drbg 1502 crypto/drbg.c err = add_random_ready_callback(&drbg->random_ready); drbg 1513 crypto/drbg.c drbg->random_ready.func = NULL; drbg 1517 crypto/drbg.c drbg->jent = crypto_alloc_rng("jitterentropy_rng", 0, 0); drbg 1523 crypto/drbg.c drbg->reseed_threshold = 50; drbg 1545 crypto/drbg.c static int drbg_instantiate(struct drbg_state *drbg, struct drbg_string *pers, drbg 1553 crypto/drbg.c mutex_lock(&drbg->drbg_mutex); drbg 1565 crypto/drbg.c if (!drbg->core) { drbg 1566 crypto/drbg.c drbg->core = &drbg_cores[coreref]; drbg 1567 crypto/drbg.c drbg->pr = pr; drbg 1568 crypto/drbg.c drbg->seeded = false; drbg 1569 crypto/drbg.c drbg->reseed_threshold = drbg_max_requests(drbg); drbg 1571 crypto/drbg.c ret = drbg_alloc_state(drbg); drbg 1575 crypto/drbg.c ret = drbg_prepare_hrng(drbg); drbg 1579 crypto/drbg.c if (IS_ERR(drbg->jent)) { drbg 1580 crypto/drbg.c ret = PTR_ERR(drbg->jent); drbg 1581 crypto/drbg.c drbg->jent = NULL; drbg 1590 crypto/drbg.c ret = drbg_seed(drbg, pers, reseed); drbg 1595 crypto/drbg.c mutex_unlock(&drbg->drbg_mutex); drbg 1599 crypto/drbg.c mutex_unlock(&drbg->drbg_mutex); drbg 1603 crypto/drbg.c mutex_unlock(&drbg->drbg_mutex); drbg 1604 crypto/drbg.c drbg_uninstantiate(drbg); drbg 1617 crypto/drbg.c static int drbg_uninstantiate(struct drbg_state *drbg) drbg 1619 crypto/drbg.c if (drbg->random_ready.func) { drbg 1620 crypto/drbg.c del_random_ready_callback(&drbg->random_ready); drbg 1621 crypto/drbg.c cancel_work_sync(&drbg->seed_work); drbg 1622 crypto/drbg.c crypto_free_rng(drbg->jent); drbg 1623 crypto/drbg.c drbg->jent = NULL; drbg 1626 crypto/drbg.c if (drbg->d_ops) drbg 1627 crypto/drbg.c drbg->d_ops->crypto_fini(drbg); drbg 1628 crypto/drbg.c drbg_dealloc_state(drbg); drbg 1643 crypto/drbg.c struct drbg_state *drbg = crypto_rng_ctx(tfm); drbg 1645 crypto/drbg.c mutex_lock(&drbg->drbg_mutex); drbg 1646 crypto/drbg.c drbg_string_fill(&drbg->test_data, data, len); drbg 1647 crypto/drbg.c mutex_unlock(&drbg->drbg_mutex); drbg 1660 crypto/drbg.c static int drbg_init_hash_kernel(struct drbg_state *drbg) drbg 1665 crypto/drbg.c tfm = crypto_alloc_shash(drbg->core->backend_cra_name, 0, 0); drbg 1668 crypto/drbg.c drbg->core->backend_cra_name); drbg 1671 crypto/drbg.c BUG_ON(drbg_blocklen(drbg) != crypto_shash_digestsize(tfm)); drbg 1680 crypto/drbg.c drbg->priv_data = sdesc; drbg 1685 crypto/drbg.c static int drbg_fini_hash_kernel(struct drbg_state *drbg) drbg 1687 crypto/drbg.c struct sdesc *sdesc = (struct sdesc *)drbg->priv_data; drbg 1692 crypto/drbg.c drbg->priv_data = NULL; drbg 1696 crypto/drbg.c static void drbg_kcapi_hmacsetkey(struct drbg_state *drbg, drbg 1699 crypto/drbg.c struct sdesc *sdesc = (struct sdesc *)drbg->priv_data; drbg 1701 crypto/drbg.c crypto_shash_setkey(sdesc->shash.tfm, key, drbg_statelen(drbg)); drbg 1704 crypto/drbg.c static int drbg_kcapi_hash(struct drbg_state *drbg, unsigned char *outval, drbg 1707 crypto/drbg.c struct sdesc *sdesc = (struct sdesc *)drbg->priv_data; drbg 1718 crypto/drbg.c static int drbg_fini_sym_kernel(struct drbg_state *drbg) drbg 1721 crypto/drbg.c (struct crypto_cipher *)drbg->priv_data; drbg 1724 crypto/drbg.c drbg->priv_data = NULL; drbg 1726 crypto/drbg.c if (drbg->ctr_handle) drbg 1727 crypto/drbg.c crypto_free_skcipher(drbg->ctr_handle); drbg 1728 crypto/drbg.c drbg->ctr_handle = NULL; drbg 1730 crypto/drbg.c if (drbg->ctr_req) drbg 1731 crypto/drbg.c skcipher_request_free(drbg->ctr_req); drbg 1732 crypto/drbg.c drbg->ctr_req = NULL; drbg 1734 crypto/drbg.c kfree(drbg->outscratchpadbuf); drbg 1735 crypto/drbg.c drbg->outscratchpadbuf = NULL; drbg 1740 crypto/drbg.c static int drbg_init_sym_kernel(struct drbg_state *drbg) drbg 1748 crypto/drbg.c tfm = crypto_alloc_cipher(drbg->core->backend_cra_name, 0, 0); drbg 1751 crypto/drbg.c drbg->core->backend_cra_name); drbg 1754 crypto/drbg.c BUG_ON(drbg_blocklen(drbg) != crypto_cipher_blocksize(tfm)); drbg 1755 crypto/drbg.c drbg->priv_data = tfm; drbg 1758 crypto/drbg.c drbg->core->backend_cra_name) >= CRYPTO_MAX_ALG_NAME) { drbg 1759 crypto/drbg.c drbg_fini_sym_kernel(drbg); drbg 1766 crypto/drbg.c drbg_fini_sym_kernel(drbg); drbg 1769 crypto/drbg.c drbg->ctr_handle = sk_tfm; drbg 1770 crypto/drbg.c crypto_init_wait(&drbg->ctr_wait); drbg 1775 crypto/drbg.c drbg_fini_sym_kernel(drbg); drbg 1778 crypto/drbg.c drbg->ctr_req = req; drbg 1781 crypto/drbg.c crypto_req_done, &drbg->ctr_wait); drbg 1784 crypto/drbg.c drbg->outscratchpadbuf = kmalloc(DRBG_OUTSCRATCHLEN + alignmask, drbg 1786 crypto/drbg.c if (!drbg->outscratchpadbuf) { drbg 1787 crypto/drbg.c drbg_fini_sym_kernel(drbg); drbg 1790 crypto/drbg.c drbg->outscratchpad = (u8 *)PTR_ALIGN(drbg->outscratchpadbuf, drbg 1793 crypto/drbg.c sg_init_table(&drbg->sg_in, 1); drbg 1794 crypto/drbg.c sg_init_one(&drbg->sg_out, drbg->outscratchpad, DRBG_OUTSCRATCHLEN); drbg 1799 crypto/drbg.c static void drbg_kcapi_symsetkey(struct drbg_state *drbg, drbg 1803 crypto/drbg.c (struct crypto_cipher *)drbg->priv_data; drbg 1805 crypto/drbg.c crypto_cipher_setkey(tfm, key, (drbg_keylen(drbg))); drbg 1808 crypto/drbg.c static int drbg_kcapi_sym(struct drbg_state *drbg, unsigned char *outval, drbg 1812 crypto/drbg.c (struct crypto_cipher *)drbg->priv_data; drbg 1815 crypto/drbg.c BUG_ON(in->len < drbg_blocklen(drbg)); drbg 1820 crypto/drbg.c static int drbg_kcapi_sym_ctr(struct drbg_state *drbg, drbg 1824 crypto/drbg.c struct scatterlist *sg_in = &drbg->sg_in, *sg_out = &drbg->sg_out; drbg 1834 crypto/drbg.c memset(drbg->outscratchpad, 0, scratchpad_use); drbg 1835 crypto/drbg.c sg_set_buf(sg_in, drbg->outscratchpad, scratchpad_use); drbg 1842 crypto/drbg.c skcipher_request_set_crypt(drbg->ctr_req, sg_in, sg_out, drbg 1843 crypto/drbg.c cryptlen, drbg->V); drbg 1844 crypto/drbg.c ret = crypto_wait_req(crypto_skcipher_encrypt(drbg->ctr_req), drbg 1845 crypto/drbg.c &drbg->ctr_wait); drbg 1849 crypto/drbg.c crypto_init_wait(&drbg->ctr_wait); drbg 1851 crypto/drbg.c memcpy(outbuf, drbg->outscratchpad, cryptlen); drbg 1852 crypto/drbg.c memzero_explicit(drbg->outscratchpad, cryptlen); drbg 1910 crypto/drbg.c struct drbg_state *drbg = crypto_tfm_ctx(tfm); drbg 1912 crypto/drbg.c mutex_init(&drbg->drbg_mutex); drbg 1935 crypto/drbg.c struct drbg_state *drbg = crypto_rng_ctx(tfm); drbg 1945 crypto/drbg.c return drbg_generate_long(drbg, dst, dlen, addtl); drbg 1954 crypto/drbg.c struct drbg_state *drbg = crypto_rng_ctx(tfm); drbg 1968 crypto/drbg.c return drbg_instantiate(drbg, seed_string, coreref, pr); drbg 1990 crypto/drbg.c struct drbg_state *drbg = NULL; drbg 2010 crypto/drbg.c drbg = kzalloc(sizeof(struct drbg_state), GFP_KERNEL); drbg 2011 crypto/drbg.c if (!drbg) drbg 2014 crypto/drbg.c mutex_init(&drbg->drbg_mutex); drbg 2015 crypto/drbg.c drbg->core = &drbg_cores[coreref]; drbg 2016 crypto/drbg.c drbg->reseed_threshold = drbg_max_requests(drbg); drbg 2026 crypto/drbg.c max_addtllen = drbg_max_addtl(drbg); drbg 2027 crypto/drbg.c max_request_bytes = drbg_max_request_bytes(drbg); drbg 2030 crypto/drbg.c len = drbg_generate(drbg, buf, OUTBUFLEN, &addtl); drbg 2033 crypto/drbg.c len = drbg_generate(drbg, buf, (max_request_bytes + 1), NULL); drbg 2037 crypto/drbg.c ret = drbg_seed(drbg, &addtl, false); drbg 2045 crypto/drbg.c kfree(drbg); drbg 137 crypto/testmgr.c struct drbg_test_suite drbg; drbg 3454 crypto/testmgr.c const struct drbg_testvec *template = desc->suite.drbg.vecs; drbg 3455 crypto/testmgr.c unsigned int tcount = desc->suite.drbg.count; drbg 4299 crypto/testmgr.c .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template) drbg 4306 crypto/testmgr.c .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template) drbg 4313 crypto/testmgr.c .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template) drbg 4328 crypto/testmgr.c .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template) drbg 4348 crypto/testmgr.c .drbg = __VECS(drbg_nopr_sha256_tv_template) drbg 4364 crypto/testmgr.c .drbg = __VECS(drbg_pr_ctr_aes128_tv_template) drbg 4384 crypto/testmgr.c .drbg = __VECS(drbg_pr_hmac_sha256_tv_template) drbg 4404 crypto/testmgr.c .drbg = __VECS(drbg_pr_sha256_tv_template) drbg 94 include/crypto/drbg.h int (*update)(struct drbg_state *drbg, struct list_head *seed, drbg 96 include/crypto/drbg.h int (*generate)(struct drbg_state *drbg, drbg 99 include/crypto/drbg.h int (*crypto_init)(struct drbg_state *drbg); drbg 100 include/crypto/drbg.h int (*crypto_fini)(struct drbg_state *drbg); drbg 142 include/crypto/drbg.h static inline __u8 drbg_statelen(struct drbg_state *drbg) drbg 144 include/crypto/drbg.h if (drbg && drbg->core) drbg 145 include/crypto/drbg.h return drbg->core->statelen; drbg 149 include/crypto/drbg.h static inline __u8 drbg_blocklen(struct drbg_state *drbg) drbg 151 include/crypto/drbg.h if (drbg && drbg->core) drbg 152 include/crypto/drbg.h return drbg->core->blocklen_bytes; drbg 156 include/crypto/drbg.h static inline __u8 drbg_keylen(struct drbg_state *drbg) drbg 158 include/crypto/drbg.h if (drbg && drbg->core) drbg 159 include/crypto/drbg.h return (drbg->core->statelen - drbg->core->blocklen_bytes); drbg 163 include/crypto/drbg.h static inline size_t drbg_max_request_bytes(struct drbg_state *drbg) drbg 169 include/crypto/drbg.h static inline size_t drbg_max_addtl(struct drbg_state *drbg) drbg 184 include/crypto/drbg.h static inline size_t drbg_max_requests(struct drbg_state *drbg)