From 4fca5dd3ea38648c938dcd257a5a043f43ff9936 Mon Sep 17 00:00:00 2001 From: Pablo Greco Date: Jul 16 2022 20:06:03 +0000 Subject: Update to 5.4.206 --- diff --git a/.kernel.metadata b/.kernel.metadata index 17f7981..3d4b91f 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,2 +1,2 @@ 98ae49ad49397d5a4dcb3ff9a082223edf7c5bbd SOURCES/linux-5.4.tar.xz -7f56a49facbc56db9f7e80215e8a81f92ea66f50 SOURCES/patch-5.4.199.xz +f8d0458c9e40813ba222032ac8bdca526580c20f SOURCES/patch-5.4.206.xz diff --git a/SOURCES/wireguard.patch b/SOURCES/wireguard.patch index 935a549..5aa9faa 100644 --- a/SOURCES/wireguard.patch +++ b/SOURCES/wireguard.patch @@ -1,7 +1,7 @@ -From c329740870d6368a4500569245aac8cbb2c11992 Mon Sep 17 00:00:00 2001 +From 47b25efa8d8485bb80f35895a5c06133a602f175 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:07 +0100 -Subject: [PATCH 001/159] crypto: lib - tidy up lib/crypto Kconfig and Makefile +Subject: [PATCH 001/157] crypto: lib - tidy up lib/crypto Kconfig and Makefile commit 746b2e024c67aa605ac12d135cd7085a49cf9dc4 upstream. @@ -14,8 +14,8 @@ Signed-off-by: Jason A. Donenfeld --- crypto/Kconfig | 13 +------------ lib/crypto/Kconfig | 15 +++++++++++++++ - lib/crypto/Makefile | 16 ++++++++-------- - 3 files changed, 24 insertions(+), 20 deletions(-) + lib/crypto/Makefile | 22 +++++++++++----------- + 3 files changed, 27 insertions(+), 23 deletions(-) create mode 100644 lib/crypto/Kconfig diff --git a/crypto/Kconfig b/crypto/Kconfig @@ -92,10 +92,10 @@ index 000000000000..261430051595 +config CRYPTO_LIB_SHA256 + tristate diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile -index cbe0b6a6450d..63de4cb3fcf8 100644 +index 9d7feabacd1d..7b12d4b46158 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile -@@ -1,13 +1,13 @@ +@@ -1,19 +1,19 @@ # SPDX-License-Identifier: GPL-2.0 -obj-$(CONFIG_CRYPTO_LIB_AES) += libaes.o @@ -117,14 +117,23 @@ index cbe0b6a6450d..63de4cb3fcf8 100644 -libsha256-y := sha256.o +obj-$(CONFIG_CRYPTO_LIB_SHA256) += libsha256.o +libsha256-y := sha256.o + +-obj-y += libblake2s.o +-libblake2s-y += blake2s.o blake2s-generic.o ++obj-y += libblake2s.o ++libblake2s-y += blake2s.o blake2s-generic.o + ifneq ($(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS),y) +-libblake2s-y += blake2s-selftest.o ++libblake2s-y += blake2s-selftest.o + endif -- 2.18.4 -From 8f87ec71e690fcb44fb5a8680c4b258763070107 Mon Sep 17 00:00:00 2001 +From 63608ea731e714a509c6bed8d2b46763af6bd0fb Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:08 +0100 -Subject: [PATCH 002/159] crypto: chacha - move existing library code into +Subject: [PATCH 002/157] crypto: chacha - move existing library code into lib/crypto commit 5fb8ef25803ef33e2eb60b626435828b937bed75 upstream. @@ -315,7 +324,7 @@ index 085d8d219987..ebae6d9d9b32 100644 /* Build the real IV */ diff --git a/include/crypto/chacha.h b/include/crypto/chacha.h -index d1e723c6a37d..5c662f8fecac 100644 +index 542f896115f4..fa3b7f47b267 100644 --- a/include/crypto/chacha.h +++ b/include/crypto/chacha.h @@ -15,9 +15,8 @@ @@ -329,7 +338,7 @@ index d1e723c6a37d..5c662f8fecac 100644 /* 32-bit stream position, then 96-bit nonce (RFC7539 convention) */ #define CHACHA_IV_SIZE 16 -@@ -29,26 +28,70 @@ +@@ -29,27 +28,71 @@ /* 192-bit nonce, then 64-bit stream position */ #define XCHACHA_IV_SIZE 32 @@ -344,10 +353,8 @@ index d1e723c6a37d..5c662f8fecac 100644 { - chacha_block(state, stream, 20); + chacha_block_generic(state, stream, 20); - } --void hchacha_block(const u32 *in, u32 *out, int nrounds); - --void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv); ++} ++ +void hchacha_block_arch(const u32 *state, u32 *out, int nrounds); +void hchacha_block_generic(const u32 *state, u32 *out, int nrounds); + @@ -358,11 +365,7 @@ index d1e723c6a37d..5c662f8fecac 100644 + else + hchacha_block_generic(state, out, nrounds); +} - --int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key, -- unsigned int keysize); --int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key, -- unsigned int keysize); ++ +void chacha_init_arch(u32 *state, const u32 *key, const u8 *iv); +static inline void chacha_init_generic(u32 *state, const u32 *key, const u8 *iv) +{ @@ -383,22 +386,26 @@ index d1e723c6a37d..5c662f8fecac 100644 + state[14] = get_unaligned_le32(iv + 8); + state[15] = get_unaligned_le32(iv + 12); +} - --int crypto_chacha_crypt(struct skcipher_request *req); --int crypto_xchacha_crypt(struct skcipher_request *req); ++ +static inline void chacha_init(u32 *state, const u32 *key, const u8 *iv) +{ + if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA)) + chacha_init_arch(state, key, iv); + else + chacha_init_generic(state, key, iv); -+} -+ + } +-void hchacha_block(const u32 *in, u32 *out, int nrounds); + +-void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv); +void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src, + unsigned int bytes, int nrounds); +void chacha_crypt_generic(u32 *state, u8 *dst, const u8 *src, + unsigned int bytes, int nrounds); -+ + +-int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key, +- unsigned int keysize); +-int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key, +- unsigned int keysize); +static inline void chacha_crypt(u32 *state, u8 *dst, const u8 *src, + unsigned int bytes, int nrounds) +{ @@ -407,14 +414,17 @@ index d1e723c6a37d..5c662f8fecac 100644 + else + chacha_crypt_generic(state, dst, src, bytes, nrounds); +} -+ + +-int crypto_chacha_crypt(struct skcipher_request *req); +-int crypto_xchacha_crypt(struct skcipher_request *req); +static inline void chacha20_crypt(u32 *state, u8 *dst, const u8 *src, + unsigned int bytes) +{ + chacha_crypt(state, dst, src, bytes, 20); +} - #endif /* _CRYPTO_CHACHA_H */ + enum chacha_constants { /* expand 32-byte k */ + CHACHA_CONSTANT_EXPA = 0x61707865U, diff --git a/include/crypto/internal/chacha.h b/include/crypto/internal/chacha.h new file mode 100644 index 000000000000..c0e40b245431 @@ -526,7 +536,7 @@ index 261430051595..6a11931ae105 100644 tristate diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile -index 63de4cb3fcf8..0ce40604e104 100644 +index 7b12d4b46158..730700cdd5a5 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -1,5 +1,9 @@ @@ -648,10 +658,10 @@ index 000000000000..dabc3accae05 2.18.4 -From 192c1dafc6eaa7fefaba21219ea74dd4f1fc4569 Mon Sep 17 00:00:00 2001 +From e26ad65e01d68816d6d75a9f95ec0957f763ac6c Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:09 +0100 -Subject: [PATCH 003/159] crypto: x86/chacha - depend on generic chacha library +Subject: [PATCH 003/157] crypto: x86/chacha - depend on generic chacha library instead of crypto driver commit 28e8d89b1ce8d2e7badfb5f69971dd635acb8863 upstream. @@ -849,10 +859,10 @@ index 34a74bdc2d65..ef7b0110ee75 100644 2.18.4 -From 450280056a84477ae360ddd4c56363c01226eb52 Mon Sep 17 00:00:00 2001 +From 910eb3cc6e7ab7b92dc3322c6900cc10922dbe52 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:10 +0100 -Subject: [PATCH 004/159] crypto: x86/chacha - expose SIMD ChaCha routine as +Subject: [PATCH 004/157] crypto: x86/chacha - expose SIMD ChaCha routine as library function commit 84e03fa39fbe95a5567d43bff458c6d3b3a23ad1 upstream. @@ -1045,7 +1055,7 @@ index ef7b0110ee75..1c470ea34e47 100644 SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20, XChaCha20, and XChaCha12 stream ciphers. diff --git a/include/crypto/chacha.h b/include/crypto/chacha.h -index 5c662f8fecac..2676f4fbd4c1 100644 +index fa3b7f47b267..d4bfc9cb770e 100644 --- a/include/crypto/chacha.h +++ b/include/crypto/chacha.h @@ -25,6 +25,12 @@ @@ -1065,10 +1075,10 @@ index 5c662f8fecac..2676f4fbd4c1 100644 2.18.4 -From 0d1f256b28a88305e1119ffe1c9a752cfa229e7a Mon Sep 17 00:00:00 2001 +From 82cf3241863176cd5338124172b5c1d8e0127a84 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:11 +0100 -Subject: [PATCH 005/159] crypto: arm64/chacha - depend on generic chacha +Subject: [PATCH 005/157] crypto: arm64/chacha - depend on generic chacha library instead of crypto driver commit c77da4867cbb7841177275dbb250f5c09679fae4 upstream. @@ -1202,10 +1212,10 @@ index d4cc61bfe79d..cae2cb92eca8 100644 2.18.4 -From f8694089a814ad1129f058fb2e5a1249cf6cfe40 Mon Sep 17 00:00:00 2001 +From 6302eefd8c9c12640989c49d2736edfd353d2c0b Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:12 +0100 -Subject: [PATCH 006/159] crypto: arm64/chacha - expose arm64 ChaCha routine as +Subject: [PATCH 006/157] crypto: arm64/chacha - expose arm64 ChaCha routine as library function commit b3aad5bad26a01a4bd8c49a5c5f52aec665f3b7c upstream. @@ -1348,10 +1358,10 @@ index cae2cb92eca8..46cd4297761c 100644 2.18.4 -From b2f9605321ba825bce4b6df06e41dc94d44cccb9 Mon Sep 17 00:00:00 2001 +From 45601c241d1f22ce8fb94608c293a8e18bc87711 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:13 +0100 -Subject: [PATCH 007/159] crypto: arm/chacha - import Eric Biggers's scalar +Subject: [PATCH 007/157] crypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code commit 29621d099f9c642b22a69dc8e7e20c108473a392 upstream. @@ -1835,10 +1845,10 @@ index 000000000000..2140319b64a0 2.18.4 -From eaeeb3e6cbdc6ab989dcc434fd49e56ac61269fe Mon Sep 17 00:00:00 2001 +From 66c4eae71cffbdc9d84028b9617f779259dc05e6 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:14 +0100 -Subject: [PATCH 008/159] crypto: arm/chacha - remove dependency on generic +Subject: [PATCH 008/157] crypto: arm/chacha - remove dependency on generic ChaCha driver commit b36d8c09e710c71f6a9690b6586fea2d1c9e1e27 upstream. @@ -1864,10 +1874,10 @@ Signed-off-by: Jason A. Donenfeld delete mode 100644 arch/arm/crypto/chacha-neon-glue.c diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig -index 043b0b18bf7e..cee414afeabc 100644 +index f747caea10ff..825efbf963ce 100644 --- a/arch/arm/crypto/Kconfig +++ b/arch/arm/crypto/Kconfig -@@ -127,10 +127,8 @@ config CRYPTO_CRC32_ARM_CE +@@ -129,10 +129,8 @@ config CRYPTO_CRC32_ARM_CE select CRYPTO_HASH config CRYPTO_CHACHA20_NEON @@ -1880,10 +1890,10 @@ index 043b0b18bf7e..cee414afeabc 100644 config CRYPTO_NHPOLY1305_NEON tristate "NEON accelerated NHPoly1305 hash function (for Adiantum)" diff --git a/arch/arm/crypto/Makefile b/arch/arm/crypto/Makefile -index 4180f3a13512..6b97dffcf90f 100644 +index c0d36771a693..0e550badf8ed 100644 --- a/arch/arm/crypto/Makefile +++ b/arch/arm/crypto/Makefile -@@ -53,7 +53,8 @@ aes-arm-ce-y := aes-ce-core.o aes-ce-glue.o +@@ -33,7 +33,8 @@ aes-arm-ce-y := aes-ce-core.o aes-ce-glue.o ghash-arm-ce-y := ghash-ce-core.o ghash-ce-glue.o crct10dif-arm-ce-y := crct10dif-ce-core.o crct10dif-ce-glue.o crc32-arm-ce-y:= crc32-ce-core.o crc32-ce-glue.o @@ -2544,10 +2554,10 @@ index 46cd4297761c..b08029d7bde6 100644 2.18.4 -From 4f1cf78f58cdc036f45a6158dde4bcc184477a20 Mon Sep 17 00:00:00 2001 +From 237c477712f6351e578a831aab6baf993f09ce6c Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:15 +0100 -Subject: [PATCH 009/159] crypto: arm/chacha - expose ARM ChaCha routine as +Subject: [PATCH 009/157] crypto: arm/chacha - expose ARM ChaCha routine as library function commit a44a3430d71bad4ee56788a59fff099b291ea54c upstream. @@ -2570,10 +2580,10 @@ Signed-off-by: Jason A. Donenfeld 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig -index cee414afeabc..b25ffec04417 100644 +index 825efbf963ce..3bbccac10e47 100644 --- a/arch/arm/crypto/Kconfig +++ b/arch/arm/crypto/Kconfig -@@ -129,6 +129,7 @@ config CRYPTO_CRC32_ARM_CE +@@ -131,6 +131,7 @@ config CRYPTO_CRC32_ARM_CE config CRYPTO_CHACHA20_NEON tristate "NEON and scalar accelerated ChaCha stream cipher algorithms" select CRYPTO_BLKCIPHER @@ -2660,10 +2670,10 @@ index eb40efb3eb34..3f0c057aa050 100644 2.18.4 -From 19464eb9b98367bd5b40b4dea923b0cee1c23f42 Mon Sep 17 00:00:00 2001 +From d73849fbdb27043d9ffea77bb368c5421ebdd9cc Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:16 +0100 -Subject: [PATCH 010/159] crypto: mips/chacha - import 32r2 ChaCha code from +Subject: [PATCH 010/157] crypto: mips/chacha - import 32r2 ChaCha code from Zinc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -3119,10 +3129,10 @@ index 000000000000..a81e02db95e7 2.18.4 -From 18352712220a407f250d8dccb59a29635fba2d68 Mon Sep 17 00:00:00 2001 +From 1d90821eb5ca171dbd004f528068a07060c269ef Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:17 +0100 -Subject: [PATCH 011/159] crypto: mips/chacha - wire up accelerated 32r2 code +Subject: [PATCH 011/157] crypto: mips/chacha - wire up accelerated 32r2 code from Zinc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -3694,10 +3704,10 @@ index 1c470ea34e47..9650afc2107c 100644 2.18.4 -From bdb8776daad1a1f02886648cb13e6877c147e4b6 Mon Sep 17 00:00:00 2001 +From 26d657fdaf16d4bd06cef08cddab2dca11f07aba Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:18 +0100 -Subject: [PATCH 012/159] crypto: chacha - unexport chacha_generic routines +Subject: [PATCH 012/157] crypto: chacha - unexport chacha_generic routines commit 22cf705360707ced15f9fe5423938f313c7df536 upstream. @@ -3817,10 +3827,10 @@ index c0e40b245431..aa5d4a16aac5 100644 2.18.4 -From 154e78db9a8ae7afe3d1f425a04e62283effa371 Mon Sep 17 00:00:00 2001 +From 35f00e31789629264dd81ae2495c2f60cd6dd2bf Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:19 +0100 -Subject: [PATCH 013/159] crypto: poly1305 - move core routines into a separate +Subject: [PATCH 013/157] crypto: poly1305 - move core routines into a separate library commit 48ea8c6ebc96bc0990e12ee1c43d0832c23576bb upstream. @@ -4313,10 +4323,10 @@ index 6a11931ae105..c4882d29879e 100644 config CRYPTO_LIB_SHA256 tristate diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile -index 0ce40604e104..b58ab6843a9d 100644 +index 730700cdd5a5..a26bc6eb3cf3 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile -@@ -13,5 +13,8 @@ libarc4-y := arc4.o +@@ -13,6 +13,9 @@ libarc4-y := arc4.o obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o libdes-y := des.o @@ -4325,6 +4335,7 @@ index 0ce40604e104..b58ab6843a9d 100644 + obj-$(CONFIG_CRYPTO_LIB_SHA256) += libsha256.o libsha256-y := sha256.o + diff --git a/lib/crypto/poly1305.c b/lib/crypto/poly1305.c new file mode 100644 index 000000000000..f019a57dbc1b @@ -4493,10 +4504,10 @@ index 000000000000..f019a57dbc1b 2.18.4 -From 20036ce2d9b9fc274a45f1f101351efb19d7baab Mon Sep 17 00:00:00 2001 +From 65a250733d9f417aa4b07fa34d3567e206eb0361 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:20 +0100 -Subject: [PATCH 014/159] crypto: x86/poly1305 - unify Poly1305 state struct +Subject: [PATCH 014/157] crypto: x86/poly1305 - unify Poly1305 state struct with generic code commit ad8f5b88383ea685f2b8df2a12ee3e08089a1287 upstream. @@ -4756,10 +4767,10 @@ index f5a4319c2a1f..36b5886cb50c 100644 2.18.4 -From d679cb50f494e75b09dee603a5ffdcab5f38c4d6 Mon Sep 17 00:00:00 2001 +From 736a79f0abda715d48ee554a616b4333fd8cf62a Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:21 +0100 -Subject: [PATCH 015/159] crypto: poly1305 - expose init/update/final library +Subject: [PATCH 015/157] crypto: poly1305 - expose init/update/final library interface commit a1d93064094cc5e24d64e35cf093e7191d0c9344 upstream. @@ -4993,10 +5004,10 @@ index f019a57dbc1b..32ec293c65ae 100644 2.18.4 -From d8a7272ce27d33e9a29ac6acee62b66d5f6d1a6f Mon Sep 17 00:00:00 2001 +From d1c1933f7f7e1e84165014c09e12da33a5e42263 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:22 +0100 -Subject: [PATCH 016/159] crypto: x86/poly1305 - depend on generic library not +Subject: [PATCH 016/157] crypto: x86/poly1305 - depend on generic library not generic shash commit 1b2c6a5120489d41c8ea3b8dacd0b4586289b158 upstream. @@ -5222,10 +5233,10 @@ index 04fa269e5534..479b0cab2a1a 100644 2.18.4 -From 7c0c8044b5af6d4b79a679d33e4d6648faca54b5 Mon Sep 17 00:00:00 2001 +From b0eb1b3efc6686087869acb696d7b57067681454 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:23 +0100 -Subject: [PATCH 017/159] crypto: x86/poly1305 - expose existing driver as +Subject: [PATCH 017/157] crypto: x86/poly1305 - expose existing driver as poly1305 library commit f0e89bcfbb894e5844cd1bbf6b3cf7c63cb0f5ac upstream. @@ -5396,10 +5407,10 @@ index a731ea36bd5c..181754615f73 100644 2.18.4 -From d4b43e7e9058d333e30348cdfbff6f2cf41c214b Mon Sep 17 00:00:00 2001 +From f3594ba06652816a55614f215c82e07e179f4042 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:24 +0100 -Subject: [PATCH 018/159] crypto: arm64/poly1305 - incorporate +Subject: [PATCH 018/157] crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation commit f569ca16475155013525686d0f73bc379c67e635 upstream. @@ -7498,10 +7509,10 @@ index 181754615f73..9923445e8225 100644 2.18.4 -From 12b2eb128e7cdc0b1b69e8905e85d55eaa6de039 Mon Sep 17 00:00:00 2001 +From c0ae38fbf844be2cf99f559f98ef3e9d10664b92 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:25 +0100 -Subject: [PATCH 019/159] crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS +Subject: [PATCH 019/157] crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation commit a6b803b3ddc793d6db0c16f12fc12d30d20fa9cc upstream. @@ -7533,10 +7544,10 @@ Signed-off-by: Jason A. Donenfeld create mode 100644 arch/arm/crypto/poly1305-glue.c diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig -index b25ffec04417..2e8a9289bded 100644 +index 3bbccac10e47..7d419f1072d4 100644 --- a/arch/arm/crypto/Kconfig +++ b/arch/arm/crypto/Kconfig -@@ -131,6 +131,11 @@ config CRYPTO_CHACHA20_NEON +@@ -133,6 +133,11 @@ config CRYPTO_CHACHA20_NEON select CRYPTO_BLKCIPHER select CRYPTO_ARCH_HAVE_LIB_CHACHA @@ -7549,7 +7560,7 @@ index b25ffec04417..2e8a9289bded 100644 tristate "NEON accelerated NHPoly1305 hash function (for Adiantum)" depends on KERNEL_MODE_NEON diff --git a/arch/arm/crypto/Makefile b/arch/arm/crypto/Makefile -index 6b97dffcf90f..4f6a8a81dabc 100644 +index 0e550badf8ed..d568d699b3b7 100644 --- a/arch/arm/crypto/Makefile +++ b/arch/arm/crypto/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_CRYPTO_SHA1_ARM_NEON) += sha1-arm-neon.o @@ -7559,8 +7570,8 @@ index 6b97dffcf90f..4f6a8a81dabc 100644 +obj-$(CONFIG_CRYPTO_POLY1305_ARM) += poly1305-arm.o obj-$(CONFIG_CRYPTO_NHPOLY1305_NEON) += nhpoly1305-neon.o - ce-obj-$(CONFIG_CRYPTO_AES_ARM_CE) += aes-arm-ce.o -@@ -55,12 +56,16 @@ crct10dif-arm-ce-y := crct10dif-ce-core.o crct10dif-ce-glue.o + obj-$(CONFIG_CRYPTO_AES_ARM_CE) += aes-arm-ce.o +@@ -35,12 +36,16 @@ crct10dif-arm-ce-y := crct10dif-ce-core.o crct10dif-ce-glue.o crc32-arm-ce-y:= crc32-ce-core.o crc32-ce-glue.o chacha-neon-y := chacha-scalar-core.o chacha-glue.o chacha-neon-$(CONFIG_KERNEL_MODE_NEON) += chacha-neon-core.o @@ -7577,7 +7588,7 @@ index 6b97dffcf90f..4f6a8a81dabc 100644 $(src)/sha256-core.S_shipped: $(src)/sha256-armv4.pl $(call cmd,perl) -@@ -68,4 +73,9 @@ $(src)/sha512-core.S_shipped: $(src)/sha512-armv4.pl +@@ -48,4 +53,9 @@ $(src)/sha512-core.S_shipped: $(src)/sha512-armv4.pl $(call cmd,perl) endif @@ -10293,10 +10304,10 @@ index 9923445e8225..9bd15b227e78 100644 2.18.4 -From a1a2039cae99b793e41a338e5bfe59fed7ca4531 Mon Sep 17 00:00:00 2001 +From 08dc11e3b4803725e11b5ea23d4a3d751a02aa4c Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:26 +0100 -Subject: [PATCH 020/159] crypto: mips/poly1305 - incorporate +Subject: [PATCH 020/157] crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -11872,2289 +11883,10 @@ index 9bd15b227e78..d15ec5382986 100644 2.18.4 -From bfcc0cb94f35be4f272cdd60f7e13a3a78f910db Mon Sep 17 00:00:00 2001 -From: "Jason A. Donenfeld" -Date: Fri, 8 Nov 2019 13:22:28 +0100 -Subject: [PATCH 021/159] crypto: blake2s - generic C library implementation - and selftest - -commit 66d7fb94e4ffe5acc589e0b2b4710aecc1f07a28 upstream. - -The C implementation was originally based on Samuel Neves' public -domain reference implementation but has since been heavily modified -for the kernel. We're able to do compile-time optimizations by moving -some scaffolding around the final function into the header file. - -Information: https://blake2.net/ - -Signed-off-by: Jason A. Donenfeld -Signed-off-by: Samuel Neves -Co-developed-by: Samuel Neves -[ardb: - move from lib/zinc to lib/crypto - - remove simd handling - - rewrote selftest for better coverage - - use fixed digest length for blake2s_hmac() and rename to - blake2s256_hmac() ] -Signed-off-by: Ard Biesheuvel -Signed-off-by: Herbert Xu -Signed-off-by: Jason A. Donenfeld ---- - include/crypto/blake2s.h | 106 +++++ - include/crypto/internal/blake2s.h | 19 + - lib/crypto/Kconfig | 25 ++ - lib/crypto/Makefile | 10 + - lib/crypto/blake2s-generic.c | 111 ++++++ - lib/crypto/blake2s-selftest.c | 622 ++++++++++++++++++++++++++++++ - lib/crypto/blake2s.c | 126 ++++++ - 7 files changed, 1019 insertions(+) - create mode 100644 include/crypto/blake2s.h - create mode 100644 include/crypto/internal/blake2s.h - create mode 100644 lib/crypto/blake2s-generic.c - create mode 100644 lib/crypto/blake2s-selftest.c - create mode 100644 lib/crypto/blake2s.c - -diff --git a/include/crypto/blake2s.h b/include/crypto/blake2s.h -new file mode 100644 -index 000000000000..b471deac28ff ---- /dev/null -+++ b/include/crypto/blake2s.h -@@ -0,0 +1,106 @@ -+/* SPDX-License-Identifier: GPL-2.0 OR MIT */ -+/* -+ * Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. -+ */ -+ -+#ifndef BLAKE2S_H -+#define BLAKE2S_H -+ -+#include -+#include -+#include -+ -+#include -+ -+enum blake2s_lengths { -+ BLAKE2S_BLOCK_SIZE = 64, -+ BLAKE2S_HASH_SIZE = 32, -+ BLAKE2S_KEY_SIZE = 32, -+ -+ BLAKE2S_128_HASH_SIZE = 16, -+ BLAKE2S_160_HASH_SIZE = 20, -+ BLAKE2S_224_HASH_SIZE = 28, -+ BLAKE2S_256_HASH_SIZE = 32, -+}; -+ -+struct blake2s_state { -+ u32 h[8]; -+ u32 t[2]; -+ u32 f[2]; -+ u8 buf[BLAKE2S_BLOCK_SIZE]; -+ unsigned int buflen; -+ unsigned int outlen; -+}; -+ -+enum blake2s_iv { -+ BLAKE2S_IV0 = 0x6A09E667UL, -+ BLAKE2S_IV1 = 0xBB67AE85UL, -+ BLAKE2S_IV2 = 0x3C6EF372UL, -+ BLAKE2S_IV3 = 0xA54FF53AUL, -+ BLAKE2S_IV4 = 0x510E527FUL, -+ BLAKE2S_IV5 = 0x9B05688CUL, -+ BLAKE2S_IV6 = 0x1F83D9ABUL, -+ BLAKE2S_IV7 = 0x5BE0CD19UL, -+}; -+ -+void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen); -+void blake2s_final(struct blake2s_state *state, u8 *out); -+ -+static inline void blake2s_init_param(struct blake2s_state *state, -+ const u32 param) -+{ -+ *state = (struct blake2s_state){{ -+ BLAKE2S_IV0 ^ param, -+ BLAKE2S_IV1, -+ BLAKE2S_IV2, -+ BLAKE2S_IV3, -+ BLAKE2S_IV4, -+ BLAKE2S_IV5, -+ BLAKE2S_IV6, -+ BLAKE2S_IV7, -+ }}; -+} -+ -+static inline void blake2s_init(struct blake2s_state *state, -+ const size_t outlen) -+{ -+ blake2s_init_param(state, 0x01010000 | outlen); -+ state->outlen = outlen; -+} -+ -+static inline void blake2s_init_key(struct blake2s_state *state, -+ const size_t outlen, const void *key, -+ const size_t keylen) -+{ -+ WARN_ON(IS_ENABLED(DEBUG) && (!outlen || outlen > BLAKE2S_HASH_SIZE || -+ !key || !keylen || keylen > BLAKE2S_KEY_SIZE)); -+ -+ blake2s_init_param(state, 0x01010000 | keylen << 8 | outlen); -+ memcpy(state->buf, key, keylen); -+ state->buflen = BLAKE2S_BLOCK_SIZE; -+ state->outlen = outlen; -+} -+ -+static inline void blake2s(u8 *out, const u8 *in, const u8 *key, -+ const size_t outlen, const size_t inlen, -+ const size_t keylen) -+{ -+ struct blake2s_state state; -+ -+ WARN_ON(IS_ENABLED(DEBUG) && ((!in && inlen > 0) || !out || !outlen || -+ outlen > BLAKE2S_HASH_SIZE || keylen > BLAKE2S_KEY_SIZE || -+ (!key && keylen))); -+ -+ if (keylen) -+ blake2s_init_key(&state, outlen, key, keylen); -+ else -+ blake2s_init(&state, outlen); -+ -+ blake2s_update(&state, in, inlen); -+ blake2s_final(&state, out); -+} -+ -+void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, -+ const size_t keylen); -+ -+#endif /* BLAKE2S_H */ -diff --git a/include/crypto/internal/blake2s.h b/include/crypto/internal/blake2s.h -new file mode 100644 -index 000000000000..941693effc7d ---- /dev/null -+++ b/include/crypto/internal/blake2s.h -@@ -0,0 +1,19 @@ -+/* SPDX-License-Identifier: GPL-2.0 OR MIT */ -+ -+#ifndef BLAKE2S_INTERNAL_H -+#define BLAKE2S_INTERNAL_H -+ -+#include -+ -+void blake2s_compress_generic(struct blake2s_state *state,const u8 *block, -+ size_t nblocks, const u32 inc); -+ -+void blake2s_compress_arch(struct blake2s_state *state,const u8 *block, -+ size_t nblocks, const u32 inc); -+ -+static inline void blake2s_set_lastblock(struct blake2s_state *state) -+{ -+ state->f[0] = -1; -+} -+ -+#endif /* BLAKE2S_INTERNAL_H */ -diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig -index d15ec5382986..7ad98b624e55 100644 ---- a/lib/crypto/Kconfig -+++ b/lib/crypto/Kconfig -@@ -8,6 +8,31 @@ config CRYPTO_LIB_AES - config CRYPTO_LIB_ARC4 - tristate - -+config CRYPTO_ARCH_HAVE_LIB_BLAKE2S -+ tristate -+ help -+ Declares whether the architecture provides an arch-specific -+ accelerated implementation of the Blake2s library interface, -+ either builtin or as a module. -+ -+config CRYPTO_LIB_BLAKE2S_GENERIC -+ tristate -+ help -+ This symbol can be depended upon by arch implementations of the -+ Blake2s library interface that require the generic code as a -+ fallback, e.g., for SIMD implementations. If no arch specific -+ implementation is enabled, this implementation serves the users -+ of CRYPTO_LIB_BLAKE2S. -+ -+config CRYPTO_LIB_BLAKE2S -+ tristate "BLAKE2s hash function library" -+ depends on CRYPTO_ARCH_HAVE_LIB_BLAKE2S || !CRYPTO_ARCH_HAVE_LIB_BLAKE2S -+ select CRYPTO_LIB_BLAKE2S_GENERIC if CRYPTO_ARCH_HAVE_LIB_BLAKE2S=n -+ help -+ Enable the Blake2s library interface. This interface may be fulfilled -+ by either the generic implementation or an arch-specific one, if one -+ is available and enabled. -+ - config CRYPTO_ARCH_HAVE_LIB_CHACHA - tristate - help -diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile -index b58ab6843a9d..8ca66b5f9807 100644 ---- a/lib/crypto/Makefile -+++ b/lib/crypto/Makefile -@@ -10,6 +10,12 @@ libaes-y := aes.o - obj-$(CONFIG_CRYPTO_LIB_ARC4) += libarc4.o - libarc4-y := arc4.o - -+obj-$(CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC) += libblake2s-generic.o -+libblake2s-generic-y += blake2s-generic.o -+ -+obj-$(CONFIG_CRYPTO_LIB_BLAKE2S) += libblake2s.o -+libblake2s-y += blake2s.o -+ - obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o - libdes-y := des.o - -@@ -18,3 +24,7 @@ libpoly1305-y := poly1305.o - - obj-$(CONFIG_CRYPTO_LIB_SHA256) += libsha256.o - libsha256-y := sha256.o -+ -+ifneq ($(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS),y) -+libblake2s-y += blake2s-selftest.o -+endif -diff --git a/lib/crypto/blake2s-generic.c b/lib/crypto/blake2s-generic.c -new file mode 100644 -index 000000000000..04ff8df24513 ---- /dev/null -+++ b/lib/crypto/blake2s-generic.c -@@ -0,0 +1,111 @@ -+// SPDX-License-Identifier: GPL-2.0 OR MIT -+/* -+ * Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. -+ * -+ * This is an implementation of the BLAKE2s hash and PRF functions. -+ * -+ * Information: https://blake2.net/ -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+static const u8 blake2s_sigma[10][16] = { -+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, -+ { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, -+ { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, -+ { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, -+ { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, -+ { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, -+ { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, -+ { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, -+ { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, -+ { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, -+}; -+ -+static inline void blake2s_increment_counter(struct blake2s_state *state, -+ const u32 inc) -+{ -+ state->t[0] += inc; -+ state->t[1] += (state->t[0] < inc); -+} -+ -+void blake2s_compress_generic(struct blake2s_state *state,const u8 *block, -+ size_t nblocks, const u32 inc) -+{ -+ u32 m[16]; -+ u32 v[16]; -+ int i; -+ -+ WARN_ON(IS_ENABLED(DEBUG) && -+ (nblocks > 1 && inc != BLAKE2S_BLOCK_SIZE)); -+ -+ while (nblocks > 0) { -+ blake2s_increment_counter(state, inc); -+ memcpy(m, block, BLAKE2S_BLOCK_SIZE); -+ le32_to_cpu_array(m, ARRAY_SIZE(m)); -+ memcpy(v, state->h, 32); -+ v[ 8] = BLAKE2S_IV0; -+ v[ 9] = BLAKE2S_IV1; -+ v[10] = BLAKE2S_IV2; -+ v[11] = BLAKE2S_IV3; -+ v[12] = BLAKE2S_IV4 ^ state->t[0]; -+ v[13] = BLAKE2S_IV5 ^ state->t[1]; -+ v[14] = BLAKE2S_IV6 ^ state->f[0]; -+ v[15] = BLAKE2S_IV7 ^ state->f[1]; -+ -+#define G(r, i, a, b, c, d) do { \ -+ a += b + m[blake2s_sigma[r][2 * i + 0]]; \ -+ d = ror32(d ^ a, 16); \ -+ c += d; \ -+ b = ror32(b ^ c, 12); \ -+ a += b + m[blake2s_sigma[r][2 * i + 1]]; \ -+ d = ror32(d ^ a, 8); \ -+ c += d; \ -+ b = ror32(b ^ c, 7); \ -+} while (0) -+ -+#define ROUND(r) do { \ -+ G(r, 0, v[0], v[ 4], v[ 8], v[12]); \ -+ G(r, 1, v[1], v[ 5], v[ 9], v[13]); \ -+ G(r, 2, v[2], v[ 6], v[10], v[14]); \ -+ G(r, 3, v[3], v[ 7], v[11], v[15]); \ -+ G(r, 4, v[0], v[ 5], v[10], v[15]); \ -+ G(r, 5, v[1], v[ 6], v[11], v[12]); \ -+ G(r, 6, v[2], v[ 7], v[ 8], v[13]); \ -+ G(r, 7, v[3], v[ 4], v[ 9], v[14]); \ -+} while (0) -+ ROUND(0); -+ ROUND(1); -+ ROUND(2); -+ ROUND(3); -+ ROUND(4); -+ ROUND(5); -+ ROUND(6); -+ ROUND(7); -+ ROUND(8); -+ ROUND(9); -+ -+#undef G -+#undef ROUND -+ -+ for (i = 0; i < 8; ++i) -+ state->h[i] ^= v[i] ^ v[i + 8]; -+ -+ block += BLAKE2S_BLOCK_SIZE; -+ --nblocks; -+ } -+} -+ -+EXPORT_SYMBOL(blake2s_compress_generic); -+ -+MODULE_LICENSE("GPL v2"); -+MODULE_DESCRIPTION("BLAKE2s hash function"); -+MODULE_AUTHOR("Jason A. Donenfeld "); -diff --git a/lib/crypto/blake2s-selftest.c b/lib/crypto/blake2s-selftest.c -new file mode 100644 -index 000000000000..79ef404a990d ---- /dev/null -+++ b/lib/crypto/blake2s-selftest.c -@@ -0,0 +1,622 @@ -+// SPDX-License-Identifier: GPL-2.0 OR MIT -+/* -+ * Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. -+ */ -+ -+#include -+#include -+ -+/* -+ * blake2s_testvecs[] generated with the program below (using libb2-dev and -+ * libssl-dev [OpenSSL]) -+ * -+ * #include -+ * #include -+ * #include -+ * -+ * #include -+ * #include -+ * -+ * #define BLAKE2S_TESTVEC_COUNT 256 -+ * -+ * static void print_vec(const uint8_t vec[], int len) -+ * { -+ * int i; -+ * -+ * printf(" { "); -+ * for (i = 0; i < len; i++) { -+ * if (i && (i % 12) == 0) -+ * printf("\n "); -+ * printf("0x%02x, ", vec[i]); -+ * } -+ * printf("},\n"); -+ * } -+ * -+ * int main(void) -+ * { -+ * uint8_t key[BLAKE2S_KEYBYTES]; -+ * uint8_t buf[BLAKE2S_TESTVEC_COUNT]; -+ * uint8_t hash[BLAKE2S_OUTBYTES]; -+ * int i, j; -+ * -+ * key[0] = key[1] = 1; -+ * for (i = 2; i < BLAKE2S_KEYBYTES; ++i) -+ * key[i] = key[i - 2] + key[i - 1]; -+ * -+ * for (i = 0; i < BLAKE2S_TESTVEC_COUNT; ++i) -+ * buf[i] = (uint8_t)i; -+ * -+ * printf("static const u8 blake2s_testvecs[][BLAKE2S_HASH_SIZE] __initconst = {\n"); -+ * -+ * for (i = 0; i < BLAKE2S_TESTVEC_COUNT; ++i) { -+ * int outlen = 1 + i % BLAKE2S_OUTBYTES; -+ * int keylen = (13 * i) % (BLAKE2S_KEYBYTES + 1); -+ * -+ * blake2s(hash, buf, key + BLAKE2S_KEYBYTES - keylen, outlen, i, -+ * keylen); -+ * print_vec(hash, outlen); -+ * } -+ * printf("};\n\n"); -+ * -+ * printf("static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = {\n"); -+ * -+ * HMAC(EVP_blake2s256(), key, sizeof(key), buf, sizeof(buf), hash, NULL); -+ * print_vec(hash, BLAKE2S_OUTBYTES); -+ * -+ * HMAC(EVP_blake2s256(), buf, sizeof(buf), key, sizeof(key), hash, NULL); -+ * print_vec(hash, BLAKE2S_OUTBYTES); -+ * -+ * printf("};\n"); -+ * -+ * return 0; -+ *} -+ */ -+static const u8 blake2s_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { -+ { 0xa1, }, -+ { 0x7c, 0x89, }, -+ { 0x74, 0x0e, 0xd4, }, -+ { 0x47, 0x0c, 0x21, 0x15, }, -+ { 0x18, 0xd6, 0x9c, 0xa6, 0xc4, }, -+ { 0x13, 0x5d, 0x16, 0x63, 0x2e, 0xf9, }, -+ { 0x2c, 0xb5, 0x04, 0xb7, 0x99, 0xe2, 0x73, }, -+ { 0x9a, 0x0f, 0xd2, 0x39, 0xd6, 0x68, 0x1b, 0x92, }, -+ { 0xc8, 0xde, 0x7a, 0xea, 0x2f, 0xf4, 0xd2, 0xe3, 0x2b, }, -+ { 0x5b, 0xf9, 0x43, 0x52, 0x0c, 0x12, 0xba, 0xb5, 0x93, 0x9f, }, -+ { 0xc6, 0x2c, 0x4e, 0x80, 0xfc, 0x32, 0x5b, 0x33, 0xb8, 0xb8, 0x0a, }, -+ { 0xa7, 0x5c, 0xfd, 0x3a, 0xcc, 0xbf, 0x90, 0xca, 0xb7, 0x97, 0xde, 0xd8, }, -+ { 0x66, 0xca, 0x3c, 0xc4, 0x19, 0xef, 0x92, 0x66, 0x3f, 0x21, 0x8f, 0xda, -+ 0xb7, }, -+ { 0xba, 0xe5, 0xbb, 0x30, 0x25, 0x94, 0x6d, 0xc3, 0x89, 0x09, 0xc4, 0x25, -+ 0x52, 0x3e, }, -+ { 0xa2, 0xef, 0x0e, 0x52, 0x0b, 0x5f, 0xa2, 0x01, 0x6d, 0x0a, 0x25, 0xbc, -+ 0x57, 0xe2, 0x27, }, -+ { 0x4f, 0xe0, 0xf9, 0x52, 0x12, 0xda, 0x84, 0xb7, 0xab, 0xae, 0xb0, 0xa6, -+ 0x47, 0x2a, 0xc7, 0xf5, }, -+ { 0x56, 0xe7, 0xa8, 0x1c, 0x4c, 0xca, 0xed, 0x90, 0x31, 0xec, 0x87, 0x43, -+ 0xe7, 0x72, 0x08, 0xec, 0xbe, }, -+ { 0x7e, 0xdf, 0x80, 0x1c, 0x93, 0x33, 0xfd, 0x53, 0x44, 0xba, 0xfd, 0x96, -+ 0xe1, 0xbb, 0xb5, 0x65, 0xa5, 0x00, }, -+ { 0xec, 0x6b, 0xed, 0xf7, 0x7b, 0x62, 0x1d, 0x7d, 0xf4, 0x82, 0xf3, 0x1e, -+ 0x18, 0xff, 0x2b, 0xc4, 0x06, 0x20, 0x2a, }, -+ { 0x74, 0x98, 0xd7, 0x68, 0x63, 0xed, 0x87, 0xe4, 0x5d, 0x8d, 0x9e, 0x1d, -+ 0xfd, 0x2a, 0xbb, 0x86, 0xac, 0xe9, 0x2a, 0x89, }, -+ { 0x89, 0xc3, 0x88, 0xce, 0x2b, 0x33, 0x1e, 0x10, 0xd1, 0x37, 0x20, 0x86, -+ 0x28, 0x43, 0x70, 0xd9, 0xfb, 0x96, 0xd9, 0xb5, 0xd3, }, -+ { 0xcb, 0x56, 0x74, 0x41, 0x8d, 0x80, 0x01, 0x9a, 0x6b, 0x38, 0xe1, 0x41, -+ 0xad, 0x9c, 0x62, 0x74, 0xce, 0x35, 0xd5, 0x6c, 0x89, 0x6e, }, -+ { 0x79, 0xaf, 0x94, 0x59, 0x99, 0x26, 0xe1, 0xc9, 0x34, 0xfe, 0x7c, 0x22, -+ 0xf7, 0x43, 0xd7, 0x65, 0xd4, 0x48, 0x18, 0xac, 0x3d, 0xfd, 0x93, }, -+ { 0x85, 0x0d, 0xff, 0xb8, 0x3e, 0x87, 0x41, 0xb0, 0x95, 0xd3, 0x3d, 0x00, -+ 0x47, 0x55, 0x9e, 0xd2, 0x69, 0xea, 0xbf, 0xe9, 0x7a, 0x2d, 0x61, 0x45, }, -+ { 0x03, 0xe0, 0x85, 0xec, 0x54, 0xb5, 0x16, 0x53, 0xa8, 0xc4, 0x71, 0xe9, -+ 0x6a, 0xe7, 0xcb, 0xc4, 0x15, 0x02, 0xfc, 0x34, 0xa4, 0xa4, 0x28, 0x13, -+ 0xd1, }, -+ { 0xe3, 0x34, 0x4b, 0xe1, 0xd0, 0x4b, 0x55, 0x61, 0x8f, 0xc0, 0x24, 0x05, -+ 0xe6, 0xe0, 0x3d, 0x70, 0x24, 0x4d, 0xda, 0xb8, 0x91, 0x05, 0x29, 0x07, -+ 0x01, 0x3e, }, -+ { 0x61, 0xff, 0x01, 0x72, 0xb1, 0x4d, 0xf6, 0xfe, 0xd1, 0xd1, 0x08, 0x74, -+ 0xe6, 0x91, 0x44, 0xeb, 0x61, 0xda, 0x40, 0xaf, 0xfc, 0x8c, 0x91, 0x6b, -+ 0xec, 0x13, 0xed, }, -+ { 0xd4, 0x40, 0xd2, 0xa0, 0x7f, 0xc1, 0x58, 0x0c, 0x85, 0xa0, 0x86, 0xc7, -+ 0x86, 0xb9, 0x61, 0xc9, 0xea, 0x19, 0x86, 0x1f, 0xab, 0x07, 0xce, 0x37, -+ 0x72, 0x67, 0x09, 0xfc, }, -+ { 0x9e, 0xf8, 0x18, 0x67, 0x93, 0x10, 0x9b, 0x39, 0x75, 0xe8, 0x8b, 0x38, -+ 0x82, 0x7d, 0xb8, 0xb7, 0xa5, 0xaf, 0xe6, 0x6a, 0x22, 0x5e, 0x1f, 0x9c, -+ 0x95, 0x29, 0x19, 0xf2, 0x4b, }, -+ { 0xc8, 0x62, 0x25, 0xf5, 0x98, 0xc9, 0xea, 0xe5, 0x29, 0x3a, 0xd3, 0x22, -+ 0xeb, 0xeb, 0x07, 0x7c, 0x15, 0x07, 0xee, 0x15, 0x61, 0xbb, 0x05, 0x30, -+ 0x99, 0x7f, 0x11, 0xf6, 0x0a, 0x1d, }, -+ { 0x68, 0x70, 0xf7, 0x90, 0xa1, 0x8b, 0x1f, 0x0f, 0xbb, 0xce, 0xd2, 0x0e, -+ 0x33, 0x1f, 0x7f, 0xa9, 0x78, 0xa8, 0xa6, 0x81, 0x66, 0xab, 0x8d, 0xcd, -+ 0x58, 0x55, 0x3a, 0x0b, 0x7a, 0xdb, 0xb5, }, -+ { 0xdd, 0x35, 0xd2, 0xb4, 0xf6, 0xc7, 0xea, 0xab, 0x64, 0x24, 0x4e, 0xfe, -+ 0xe5, 0x3d, 0x4e, 0x95, 0x8b, 0x6d, 0x6c, 0xbc, 0xb0, 0xf8, 0x88, 0x61, -+ 0x09, 0xb7, 0x78, 0xa3, 0x31, 0xfe, 0xd9, 0x2f, }, -+ { 0x0a, }, -+ { 0x6e, 0xd4, }, -+ { 0x64, 0xe9, 0xd1, }, -+ { 0x30, 0xdd, 0x71, 0xef, }, -+ { 0x11, 0xb5, 0x0c, 0x87, 0xc9, }, -+ { 0x06, 0x1c, 0x6d, 0x04, 0x82, 0xd0, }, -+ { 0x5c, 0x42, 0x0b, 0xee, 0xc5, 0x9c, 0xb2, }, -+ { 0xe8, 0x29, 0xd6, 0xb4, 0x5d, 0xf7, 0x2b, 0x93, }, -+ { 0x18, 0xca, 0x27, 0x72, 0x43, 0x39, 0x16, 0xbc, 0x6a, }, -+ { 0x39, 0x8f, 0xfd, 0x64, 0xf5, 0x57, 0x23, 0xb0, 0x45, 0xf8, }, -+ { 0xbb, 0x3a, 0x78, 0x6b, 0x02, 0x1d, 0x0b, 0x16, 0xe3, 0xb2, 0x9a, }, -+ { 0xb8, 0xb4, 0x0b, 0xe5, 0xd4, 0x1d, 0x0d, 0x85, 0x49, 0x91, 0x35, 0xfa, }, -+ { 0x6d, 0x48, 0x2a, 0x0c, 0x42, 0x08, 0xbd, 0xa9, 0x78, 0x6f, 0x18, 0xaf, -+ 0xe2, }, -+ { 0x10, 0x45, 0xd4, 0x58, 0x88, 0xec, 0x4e, 0x1e, 0xf6, 0x14, 0x92, 0x64, -+ 0x7e, 0xb0, }, -+ { 0x8b, 0x0b, 0x95, 0xee, 0x92, 0xc6, 0x3b, 0x91, 0xf1, 0x1e, 0xeb, 0x51, -+ 0x98, 0x0a, 0x8d, }, -+ { 0xa3, 0x50, 0x4d, 0xa5, 0x1d, 0x03, 0x68, 0xe9, 0x57, 0x78, 0xd6, 0x04, -+ 0xf1, 0xc3, 0x94, 0xd8, }, -+ { 0xb8, 0x66, 0x6e, 0xdd, 0x46, 0x15, 0xae, 0x3d, 0x83, 0x7e, 0xcf, 0xe7, -+ 0x2c, 0xe8, 0x8f, 0xc7, 0x34, }, -+ { 0x2e, 0xc0, 0x1f, 0x29, 0xea, 0xf6, 0xb9, 0xe2, 0xc2, 0x93, 0xeb, 0x41, -+ 0x0d, 0xf0, 0x0a, 0x13, 0x0e, 0xa2, }, -+ { 0x71, 0xb8, 0x33, 0xa9, 0x1b, 0xac, 0xf1, 0xb5, 0x42, 0x8f, 0x5e, 0x81, -+ 0x34, 0x43, 0xb7, 0xa4, 0x18, 0x5c, 0x47, }, -+ { 0xda, 0x45, 0xb8, 0x2e, 0x82, 0x1e, 0xc0, 0x59, 0x77, 0x9d, 0xfa, 0xb4, -+ 0x1c, 0x5e, 0xa0, 0x2b, 0x33, 0x96, 0x5a, 0x58, }, -+ { 0xe3, 0x09, 0x05, 0xa9, 0xeb, 0x48, 0x13, 0xad, 0x71, 0x88, 0x81, 0x9a, -+ 0x3e, 0x2c, 0xe1, 0x23, 0x99, 0x13, 0x35, 0x9f, 0xb5, }, -+ { 0xb7, 0x86, 0x2d, 0x16, 0xe1, 0x04, 0x00, 0x47, 0x47, 0x61, 0x31, 0xfb, -+ 0x14, 0xac, 0xd8, 0xe9, 0xe3, 0x49, 0xbd, 0xf7, 0x9c, 0x3f, }, -+ { 0x7f, 0xd9, 0x95, 0xa8, 0xa7, 0xa0, 0xcc, 0xba, 0xef, 0xb1, 0x0a, 0xa9, -+ 0x21, 0x62, 0x08, 0x0f, 0x1b, 0xff, 0x7b, 0x9d, 0xae, 0xb2, 0x95, }, -+ { 0x85, 0x99, 0xea, 0x33, 0xe0, 0x56, 0xff, 0x13, 0xc6, 0x61, 0x8c, 0xf9, -+ 0x57, 0x05, 0x03, 0x11, 0xf9, 0xfb, 0x3a, 0xf7, 0xce, 0xbb, 0x52, 0x30, }, -+ { 0xb2, 0x72, 0x9c, 0xf8, 0x77, 0x4e, 0x8f, 0x6b, 0x01, 0x6c, 0xff, 0x4e, -+ 0x4f, 0x02, 0xd2, 0xbc, 0xeb, 0x51, 0x28, 0x99, 0x50, 0xab, 0xc4, 0x42, -+ 0xe3, }, -+ { 0x8b, 0x0a, 0xb5, 0x90, 0x8f, 0xf5, 0x7b, 0xdd, 0xba, 0x47, 0x37, 0xc9, -+ 0x2a, 0xd5, 0x4b, 0x25, 0x08, 0x8b, 0x02, 0x17, 0xa7, 0x9e, 0x6b, 0x6e, -+ 0xe3, 0x90, }, -+ { 0x90, 0xdd, 0xf7, 0x75, 0xa7, 0xa3, 0x99, 0x5e, 0x5b, 0x7d, 0x75, 0xc3, -+ 0x39, 0x6b, 0xa0, 0xe2, 0x44, 0x53, 0xb1, 0x9e, 0xc8, 0xf1, 0x77, 0x10, -+ 0x58, 0x06, 0x9a, }, -+ { 0x99, 0x52, 0xf0, 0x49, 0xa8, 0x8c, 0xec, 0xa6, 0x97, 0x32, 0x13, 0xb5, -+ 0xf7, 0xa3, 0x8e, 0xfb, 0x4b, 0x59, 0x31, 0x3d, 0x01, 0x59, 0x98, 0x5d, -+ 0x53, 0x03, 0x1a, 0x39, }, -+ { 0x9f, 0xe0, 0xc2, 0xe5, 0x5d, 0x93, 0xd6, 0x9b, 0x47, 0x8f, 0x9b, 0xe0, -+ 0x26, 0x35, 0x84, 0x20, 0x1d, 0xc5, 0x53, 0x10, 0x0f, 0x22, 0xb9, 0xb5, -+ 0xd4, 0x36, 0xb1, 0xac, 0x73, }, -+ { 0x30, 0x32, 0x20, 0x3b, 0x10, 0x28, 0xec, 0x1f, 0x4f, 0x9b, 0x47, 0x59, -+ 0xeb, 0x7b, 0xee, 0x45, 0xfb, 0x0c, 0x49, 0xd8, 0x3d, 0x69, 0xbd, 0x90, -+ 0x2c, 0xf0, 0x9e, 0x8d, 0xbf, 0xd5, }, -+ { 0x2a, 0x37, 0x73, 0x7f, 0xf9, 0x96, 0x19, 0xaa, 0x25, 0xd8, 0x13, 0x28, -+ 0x01, 0x29, 0x89, 0xdf, 0x6e, 0x0c, 0x9b, 0x43, 0x44, 0x51, 0xe9, 0x75, -+ 0x26, 0x0c, 0xb7, 0x87, 0x66, 0x0b, 0x5f, }, -+ { 0x23, 0xdf, 0x96, 0x68, 0x91, 0x86, 0xd0, 0x93, 0x55, 0x33, 0x24, 0xf6, -+ 0xba, 0x08, 0x75, 0x5b, 0x59, 0x11, 0x69, 0xb8, 0xb9, 0xe5, 0x2c, 0x77, -+ 0x02, 0xf6, 0x47, 0xee, 0x81, 0xdd, 0xb9, 0x06, }, -+ { 0x9d, }, -+ { 0x9d, 0x7d, }, -+ { 0xfd, 0xc3, 0xda, }, -+ { 0xe8, 0x82, 0xcd, 0x21, }, -+ { 0xc3, 0x1d, 0x42, 0x4c, 0x74, }, -+ { 0xe9, 0xda, 0xf1, 0xa2, 0xe5, 0x7c, }, -+ { 0x52, 0xb8, 0x6f, 0x81, 0x5c, 0x3a, 0x4c, }, -+ { 0x5b, 0x39, 0x26, 0xfc, 0x92, 0x5e, 0xe0, 0x49, }, -+ { 0x59, 0xe4, 0x7c, 0x93, 0x1c, 0xf9, 0x28, 0x93, 0xde, }, -+ { 0xde, 0xdf, 0xb2, 0x43, 0x61, 0x0b, 0x86, 0x16, 0x4c, 0x2e, }, -+ { 0x14, 0x8f, 0x75, 0x51, 0xaf, 0xb9, 0xee, 0x51, 0x5a, 0xae, 0x23, }, -+ { 0x43, 0x5f, 0x50, 0xd5, 0x70, 0xb0, 0x5b, 0x87, 0xf5, 0xd9, 0xb3, 0x6d, }, -+ { 0x66, 0x0a, 0x64, 0x93, 0x79, 0x71, 0x94, 0x40, 0xb7, 0x68, 0x2d, 0xd3, -+ 0x63, }, -+ { 0x15, 0x00, 0xc4, 0x0c, 0x7d, 0x1b, 0x10, 0xa9, 0x73, 0x1b, 0x90, 0x6f, -+ 0xe6, 0xa9, }, -+ { 0x34, 0x75, 0xf3, 0x86, 0x8f, 0x56, 0xcf, 0x2a, 0x0a, 0xf2, 0x62, 0x0a, -+ 0xf6, 0x0e, 0x20, }, -+ { 0xb1, 0xde, 0xc9, 0xf5, 0xdb, 0xf3, 0x2f, 0x4c, 0xd6, 0x41, 0x7d, 0x39, -+ 0x18, 0x3e, 0xc7, 0xc3, }, -+ { 0xc5, 0x89, 0xb2, 0xf8, 0xb8, 0xc0, 0xa3, 0xb9, 0x3b, 0x10, 0x6d, 0x7c, -+ 0x92, 0xfc, 0x7f, 0x34, 0x41, }, -+ { 0xc4, 0xd8, 0xef, 0xba, 0xef, 0xd2, 0xaa, 0xc5, 0x6c, 0x8e, 0x3e, 0xbb, -+ 0x12, 0xfc, 0x0f, 0x72, 0xbf, 0x0f, }, -+ { 0xdd, 0x91, 0xd1, 0x15, 0x9e, 0x7d, 0xf8, 0xc1, 0xb9, 0x14, 0x63, 0x96, -+ 0xb5, 0xcb, 0x83, 0x1d, 0x35, 0x1c, 0xec, }, -+ { 0xa9, 0xf8, 0x52, 0xc9, 0x67, 0x76, 0x2b, 0xad, 0xfb, 0xd8, 0x3a, 0xa6, -+ 0x74, 0x02, 0xae, 0xb8, 0x25, 0x2c, 0x63, 0x49, }, -+ { 0x77, 0x1f, 0x66, 0x70, 0xfd, 0x50, 0x29, 0xaa, 0xeb, 0xdc, 0xee, 0xba, -+ 0x75, 0x98, 0xdc, 0x93, 0x12, 0x3f, 0xdc, 0x7c, 0x38, }, -+ { 0xe2, 0xe1, 0x89, 0x5c, 0x37, 0x38, 0x6a, 0xa3, 0x40, 0xac, 0x3f, 0xb0, -+ 0xca, 0xfc, 0xa7, 0xf3, 0xea, 0xf9, 0x0f, 0x5d, 0x8e, 0x39, }, -+ { 0x0f, 0x67, 0xc8, 0x38, 0x01, 0xb1, 0xb7, 0xb8, 0xa2, 0xe7, 0x0a, 0x6d, -+ 0xd2, 0x63, 0x69, 0x9e, 0xcc, 0xf0, 0xf2, 0xbe, 0x9b, 0x98, 0xdd, }, -+ { 0x13, 0xe1, 0x36, 0x30, 0xfe, 0xc6, 0x01, 0x8a, 0xa1, 0x63, 0x96, 0x59, -+ 0xc2, 0xa9, 0x68, 0x3f, 0x58, 0xd4, 0x19, 0x0c, 0x40, 0xf3, 0xde, 0x02, }, -+ { 0xa3, 0x9e, 0xce, 0xda, 0x42, 0xee, 0x8c, 0x6c, 0x5a, 0x7d, 0xdc, 0x89, -+ 0x02, 0x77, 0xdd, 0xe7, 0x95, 0xbb, 0xff, 0x0d, 0xa4, 0xb5, 0x38, 0x1e, -+ 0xaf, }, -+ { 0x9a, 0xf6, 0xb5, 0x9a, 0x4f, 0xa9, 0x4f, 0x2c, 0x35, 0x3c, 0x24, 0xdc, -+ 0x97, 0x6f, 0xd9, 0xa1, 0x7d, 0x1a, 0x85, 0x0b, 0xf5, 0xda, 0x2e, 0xe7, -+ 0xb1, 0x1d, }, -+ { 0x84, 0x1e, 0x8e, 0x3d, 0x45, 0xa5, 0xf2, 0x27, 0xf3, 0x31, 0xfe, 0xb9, -+ 0xfb, 0xc5, 0x45, 0x99, 0x99, 0xdd, 0x93, 0x43, 0x02, 0xee, 0x58, 0xaf, -+ 0xee, 0x6a, 0xbe, }, -+ { 0x07, 0x2f, 0xc0, 0xa2, 0x04, 0xc4, 0xab, 0x7c, 0x26, 0xbb, 0xa8, 0xd8, -+ 0xe3, 0x1c, 0x75, 0x15, 0x64, 0x5d, 0x02, 0x6a, 0xf0, 0x86, 0xe9, 0xcd, -+ 0x5c, 0xef, 0xa3, 0x25, }, -+ { 0x2f, 0x3b, 0x1f, 0xb5, 0x91, 0x8f, 0x86, 0xe0, 0xdc, 0x31, 0x48, 0xb6, -+ 0xa1, 0x8c, 0xfd, 0x75, 0xbb, 0x7d, 0x3d, 0xc1, 0xf0, 0x10, 0x9a, 0xd8, -+ 0x4b, 0x0e, 0xe3, 0x94, 0x9f, }, -+ { 0x29, 0xbb, 0x8f, 0x6c, 0xd1, 0xf2, 0xb6, 0xaf, 0xe5, 0xe3, 0x2d, 0xdc, -+ 0x6f, 0xa4, 0x53, 0x88, 0xd8, 0xcf, 0x4d, 0x45, 0x42, 0x62, 0xdb, 0xdf, -+ 0xf8, 0x45, 0xc2, 0x13, 0xec, 0x35, }, -+ { 0x06, 0x3c, 0xe3, 0x2c, 0x15, 0xc6, 0x43, 0x03, 0x81, 0xfb, 0x08, 0x76, -+ 0x33, 0xcb, 0x02, 0xc1, 0xba, 0x33, 0xe5, 0xe0, 0xd1, 0x92, 0xa8, 0x46, -+ 0x28, 0x3f, 0x3e, 0x9d, 0x2c, 0x44, 0x54, }, -+ { 0xea, 0xbb, 0x96, 0xf8, 0xd1, 0x8b, 0x04, 0x11, 0x40, 0x78, 0x42, 0x02, -+ 0x19, 0xd1, 0xbc, 0x65, 0x92, 0xd3, 0xc3, 0xd6, 0xd9, 0x19, 0xe7, 0xc3, -+ 0x40, 0x97, 0xbd, 0xd4, 0xed, 0xfa, 0x5e, 0x28, }, -+ { 0x02, }, -+ { 0x52, 0xa8, }, -+ { 0x38, 0x25, 0x0d, }, -+ { 0xe3, 0x04, 0xd4, 0x92, }, -+ { 0x97, 0xdb, 0xf7, 0x81, 0xca, }, -+ { 0x8a, 0x56, 0x9d, 0x62, 0x56, 0xcc, }, -+ { 0xa1, 0x8e, 0x3c, 0x72, 0x8f, 0x63, 0x03, }, -+ { 0xf7, 0xf3, 0x39, 0x09, 0x0a, 0xa1, 0xbb, 0x23, }, -+ { 0x6b, 0x03, 0xc0, 0xe9, 0xd9, 0x83, 0x05, 0x22, 0x01, }, -+ { 0x1b, 0x4b, 0xf5, 0xd6, 0x4f, 0x05, 0x75, 0x91, 0x4c, 0x7f, }, -+ { 0x4c, 0x8c, 0x25, 0x20, 0x21, 0xcb, 0xc2, 0x4b, 0x3a, 0x5b, 0x8d, }, -+ { 0x56, 0xe2, 0x77, 0xa0, 0xb6, 0x9f, 0x81, 0xec, 0x83, 0x75, 0xc4, 0xf9, }, -+ { 0x71, 0x70, 0x0f, 0xad, 0x4d, 0x35, 0x81, 0x9d, 0x88, 0x69, 0xf9, 0xaa, -+ 0xd3, }, -+ { 0x50, 0x6e, 0x86, 0x6e, 0x43, 0xc0, 0xc2, 0x44, 0xc2, 0xe2, 0xa0, 0x1c, -+ 0xb7, 0x9a, }, -+ { 0xe4, 0x7e, 0x72, 0xc6, 0x12, 0x8e, 0x7c, 0xfc, 0xbd, 0xe2, 0x08, 0x31, -+ 0x3d, 0x47, 0x3d, }, -+ { 0x08, 0x97, 0x5b, 0x80, 0xae, 0xc4, 0x1d, 0x50, 0x77, 0xdf, 0x1f, 0xd0, -+ 0x24, 0xf0, 0x17, 0xc0, }, -+ { 0x01, 0xb6, 0x29, 0xf4, 0xaf, 0x78, 0x5f, 0xb6, 0x91, 0xdd, 0x76, 0x76, -+ 0xd2, 0xfd, 0x0c, 0x47, 0x40, }, -+ { 0xa1, 0xd8, 0x09, 0x97, 0x7a, 0xa6, 0xc8, 0x94, 0xf6, 0x91, 0x7b, 0xae, -+ 0x2b, 0x9f, 0x0d, 0x83, 0x48, 0xf7, }, -+ { 0x12, 0xd5, 0x53, 0x7d, 0x9a, 0xb0, 0xbe, 0xd9, 0xed, 0xe9, 0x9e, 0xee, -+ 0x61, 0x5b, 0x42, 0xf2, 0xc0, 0x73, 0xc0, }, -+ { 0xd5, 0x77, 0xd6, 0x5c, 0x6e, 0xa5, 0x69, 0x2b, 0x3b, 0x8c, 0xd6, 0x7d, -+ 0x1d, 0xbe, 0x2c, 0xa1, 0x02, 0x21, 0xcd, 0x29, }, -+ { 0xa4, 0x98, 0x80, 0xca, 0x22, 0xcf, 0x6a, 0xab, 0x5e, 0x40, 0x0d, 0x61, -+ 0x08, 0x21, 0xef, 0xc0, 0x6c, 0x52, 0xb4, 0xb0, 0x53, }, -+ { 0xbf, 0xaf, 0x8f, 0x3b, 0x7a, 0x97, 0x33, 0xe5, 0xca, 0x07, 0x37, 0xfd, -+ 0x15, 0xdf, 0xce, 0x26, 0x2a, 0xb1, 0xa7, 0x0b, 0xb3, 0xac, }, -+ { 0x16, 0x22, 0xe1, 0xbc, 0x99, 0x4e, 0x01, 0xf0, 0xfa, 0xff, 0x8f, 0xa5, -+ 0x0c, 0x61, 0xb0, 0xad, 0xcc, 0xb1, 0xe1, 0x21, 0x46, 0xfa, 0x2e, }, -+ { 0x11, 0x5b, 0x0b, 0x2b, 0xe6, 0x14, 0xc1, 0xd5, 0x4d, 0x71, 0x5e, 0x17, -+ 0xea, 0x23, 0xdd, 0x6c, 0xbd, 0x1d, 0xbe, 0x12, 0x1b, 0xee, 0x4c, 0x1a, }, -+ { 0x40, 0x88, 0x22, 0xf3, 0x20, 0x6c, 0xed, 0xe1, 0x36, 0x34, 0x62, 0x2c, -+ 0x98, 0x83, 0x52, 0xe2, 0x25, 0xee, 0xe9, 0xf5, 0xe1, 0x17, 0xf0, 0x5c, -+ 0xae, }, -+ { 0xc3, 0x76, 0x37, 0xde, 0x95, 0x8c, 0xca, 0x2b, 0x0c, 0x23, 0xe7, 0xb5, -+ 0x38, 0x70, 0x61, 0xcc, 0xff, 0xd3, 0x95, 0x7b, 0xf3, 0xff, 0x1f, 0x9d, -+ 0x59, 0x00, }, -+ { 0x0c, 0x19, 0x52, 0x05, 0x22, 0x53, 0xcb, 0x48, 0xd7, 0x10, 0x0e, 0x7e, -+ 0x14, 0x69, 0xb5, 0xa2, 0x92, 0x43, 0xa3, 0x9e, 0x4b, 0x8f, 0x51, 0x2c, -+ 0x5a, 0x2c, 0x3b, }, -+ { 0xe1, 0x9d, 0x70, 0x70, 0x28, 0xec, 0x86, 0x40, 0x55, 0x33, 0x56, 0xda, -+ 0x88, 0xca, 0xee, 0xc8, 0x6a, 0x20, 0xb1, 0xe5, 0x3d, 0x57, 0xf8, 0x3c, -+ 0x10, 0x07, 0x2a, 0xc4, }, -+ { 0x0b, 0xae, 0xf1, 0xc4, 0x79, 0xee, 0x1b, 0x3d, 0x27, 0x35, 0x8d, 0x14, -+ 0xd6, 0xae, 0x4e, 0x3c, 0xe9, 0x53, 0x50, 0xb5, 0xcc, 0x0c, 0xf7, 0xdf, -+ 0xee, 0xa1, 0x74, 0xd6, 0x71, }, -+ { 0xe6, 0xa4, 0xf4, 0x99, 0x98, 0xb9, 0x80, 0xea, 0x96, 0x7f, 0x4f, 0x33, -+ 0xcf, 0x74, 0x25, 0x6f, 0x17, 0x6c, 0xbf, 0xf5, 0x5c, 0x38, 0xd0, 0xff, -+ 0x96, 0xcb, 0x13, 0xf9, 0xdf, 0xfd, }, -+ { 0xbe, 0x92, 0xeb, 0xba, 0x44, 0x2c, 0x24, 0x74, 0xd4, 0x03, 0x27, 0x3c, -+ 0x5d, 0x5b, 0x03, 0x30, 0x87, 0x63, 0x69, 0xe0, 0xb8, 0x94, 0xf4, 0x44, -+ 0x7e, 0xad, 0xcd, 0x20, 0x12, 0x16, 0x79, }, -+ { 0x30, 0xf1, 0xc4, 0x8e, 0x05, 0x90, 0x2a, 0x97, 0x63, 0x94, 0x46, 0xff, -+ 0xce, 0xd8, 0x67, 0xa7, 0xac, 0x33, 0x8c, 0x95, 0xb7, 0xcd, 0xa3, 0x23, -+ 0x98, 0x9d, 0x76, 0x6c, 0x9d, 0xa8, 0xd6, 0x8a, }, -+ { 0xbe, }, -+ { 0x17, 0x6c, }, -+ { 0x1a, 0x42, 0x4f, }, -+ { 0xba, 0xaf, 0xb7, 0x65, }, -+ { 0xc2, 0x63, 0x43, 0x6a, 0xea, }, -+ { 0xe4, 0x4d, 0xad, 0xf2, 0x0b, 0x02, }, -+ { 0x04, 0xc7, 0xc4, 0x7f, 0xa9, 0x2b, 0xce, }, -+ { 0x66, 0xf6, 0x67, 0xcb, 0x03, 0x53, 0xc8, 0xf1, }, -+ { 0x56, 0xa3, 0x60, 0x78, 0xc9, 0x5f, 0x70, 0x1b, 0x5e, }, -+ { 0x99, 0xff, 0x81, 0x7c, 0x13, 0x3c, 0x29, 0x79, 0x4b, 0x65, }, -+ { 0x51, 0x10, 0x50, 0x93, 0x01, 0x93, 0xb7, 0x01, 0xc9, 0x18, 0xb7, }, -+ { 0x8e, 0x3c, 0x42, 0x1e, 0x5e, 0x7d, 0xc1, 0x50, 0x70, 0x1f, 0x00, 0x98, }, -+ { 0x5f, 0xd9, 0x9b, 0xc8, 0xd7, 0xb2, 0x72, 0x62, 0x1a, 0x1e, 0xba, 0x92, -+ 0xe9, }, -+ { 0x70, 0x2b, 0xba, 0xfe, 0xad, 0x5d, 0x96, 0x3f, 0x27, 0xc2, 0x41, 0x6d, -+ 0xc4, 0xb3, }, -+ { 0xae, 0xe0, 0xd5, 0xd4, 0xc7, 0xae, 0x15, 0x5e, 0xdc, 0xdd, 0x33, 0x60, -+ 0xd7, 0xd3, 0x5e, }, -+ { 0x79, 0x8e, 0xbc, 0x9e, 0x20, 0xb9, 0x19, 0x4b, 0x63, 0x80, 0xf3, 0x16, -+ 0xaf, 0x39, 0xbd, 0x92, }, -+ { 0xc2, 0x0e, 0x85, 0xa0, 0x0b, 0x9a, 0xb0, 0xec, 0xde, 0x38, 0xd3, 0x10, -+ 0xd9, 0xa7, 0x66, 0x27, 0xcf, }, -+ { 0x0e, 0x3b, 0x75, 0x80, 0x67, 0x14, 0x0c, 0x02, 0x90, 0xd6, 0xb3, 0x02, -+ 0x81, 0xf6, 0xa6, 0x87, 0xce, 0x58, }, -+ { 0x79, 0xb5, 0xe9, 0x5d, 0x52, 0x4d, 0xf7, 0x59, 0xf4, 0x2e, 0x27, 0xdd, -+ 0xb3, 0xed, 0x57, 0x5b, 0x82, 0xea, 0x6f, }, -+ { 0xa2, 0x97, 0xf5, 0x80, 0x02, 0x3d, 0xde, 0xa3, 0xf9, 0xf6, 0xab, 0xe3, -+ 0x57, 0x63, 0x7b, 0x9b, 0x10, 0x42, 0x6f, 0xf2, }, -+ { 0x12, 0x7a, 0xfc, 0xb7, 0x67, 0x06, 0x0c, 0x78, 0x1a, 0xfe, 0x88, 0x4f, -+ 0xc6, 0xac, 0x52, 0x96, 0x64, 0x28, 0x97, 0x84, 0x06, }, -+ { 0xc5, 0x04, 0x44, 0x6b, 0xb2, 0xa5, 0xa4, 0x66, 0xe1, 0x76, 0xa2, 0x51, -+ 0xf9, 0x59, 0x69, 0x97, 0x56, 0x0b, 0xbf, 0x50, 0xb3, 0x34, }, -+ { 0x21, 0x32, 0x6b, 0x42, 0xb5, 0xed, 0x71, 0x8d, 0xf7, 0x5a, 0x35, 0xe3, -+ 0x90, 0xe2, 0xee, 0xaa, 0x89, 0xf6, 0xc9, 0x9c, 0x4d, 0x73, 0xf4, }, -+ { 0x4c, 0xa6, 0x09, 0xf4, 0x48, 0xe7, 0x46, 0xbc, 0x49, 0xfc, 0xe5, 0xda, -+ 0xd1, 0x87, 0x13, 0x17, 0x4c, 0x59, 0x71, 0x26, 0x5b, 0x2c, 0x42, 0xb7, }, -+ { 0x13, 0x63, 0xf3, 0x40, 0x02, 0xe5, 0xa3, 0x3a, 0x5e, 0x8e, 0xf8, 0xb6, -+ 0x8a, 0x49, 0x60, 0x76, 0x34, 0x72, 0x94, 0x73, 0xf6, 0xd9, 0x21, 0x6a, -+ 0x26, }, -+ { 0xdf, 0x75, 0x16, 0x10, 0x1b, 0x5e, 0x81, 0xc3, 0xc8, 0xde, 0x34, 0x24, -+ 0xb0, 0x98, 0xeb, 0x1b, 0x8f, 0xa1, 0x9b, 0x05, 0xee, 0xa5, 0xe9, 0x35, -+ 0xf4, 0x1d, }, -+ { 0xcd, 0x21, 0x93, 0x6e, 0x5b, 0xa0, 0x26, 0x2b, 0x21, 0x0e, 0xa0, 0xb9, -+ 0x1c, 0xb5, 0xbb, 0xb8, 0xf8, 0x1e, 0xff, 0x5c, 0xa8, 0xf9, 0x39, 0x46, -+ 0x4e, 0x29, 0x26, }, -+ { 0x73, 0x7f, 0x0e, 0x3b, 0x0b, 0x5c, 0xf9, 0x60, 0xaa, 0x88, 0xa1, 0x09, -+ 0xb1, 0x5d, 0x38, 0x7b, 0x86, 0x8f, 0x13, 0x7a, 0x8d, 0x72, 0x7a, 0x98, -+ 0x1a, 0x5b, 0xff, 0xc9, }, -+ { 0xd3, 0x3c, 0x61, 0x71, 0x44, 0x7e, 0x31, 0x74, 0x98, 0x9d, 0x9a, 0xd2, -+ 0x27, 0xf3, 0x46, 0x43, 0x42, 0x51, 0xd0, 0x5f, 0xe9, 0x1c, 0x5c, 0x69, -+ 0xbf, 0xf6, 0xbe, 0x3c, 0x40, }, -+ { 0x31, 0x99, 0x31, 0x9f, 0xaa, 0x43, 0x2e, 0x77, 0x3e, 0x74, 0x26, 0x31, -+ 0x5e, 0x61, 0xf1, 0x87, 0xe2, 0xeb, 0x9b, 0xcd, 0xd0, 0x3a, 0xee, 0x20, -+ 0x7e, 0x10, 0x0a, 0x0b, 0x7e, 0xfa, }, -+ { 0xa4, 0x27, 0x80, 0x67, 0x81, 0x2a, 0xa7, 0x62, 0xf7, 0x6e, 0xda, 0xd4, -+ 0x5c, 0x39, 0x74, 0xad, 0x7e, 0xbe, 0xad, 0xa5, 0x84, 0x7f, 0xa9, 0x30, -+ 0x5d, 0xdb, 0xe2, 0x05, 0x43, 0xf7, 0x1b, }, -+ { 0x0b, 0x37, 0xd8, 0x02, 0xe1, 0x83, 0xd6, 0x80, 0xf2, 0x35, 0xc2, 0xb0, -+ 0x37, 0xef, 0xef, 0x5e, 0x43, 0x93, 0xf0, 0x49, 0x45, 0x0a, 0xef, 0xb5, -+ 0x76, 0x70, 0x12, 0x44, 0xc4, 0xdb, 0xf5, 0x7a, }, -+ { 0x1f, }, -+ { 0x82, 0x60, }, -+ { 0xcc, 0xe3, 0x08, }, -+ { 0x56, 0x17, 0xe4, 0x59, }, -+ { 0xe2, 0xd7, 0x9e, 0xc4, 0x4c, }, -+ { 0xb2, 0xad, 0xd3, 0x78, 0x58, 0x5a, }, -+ { 0xce, 0x43, 0xb4, 0x02, 0x96, 0xab, 0x3c, }, -+ { 0xe6, 0x05, 0x1a, 0x73, 0x22, 0x32, 0xbb, 0x77, }, -+ { 0x23, 0xe7, 0xda, 0xfe, 0x2c, 0xef, 0x8c, 0x22, 0xec, }, -+ { 0xe9, 0x8e, 0x55, 0x38, 0xd1, 0xd7, 0x35, 0x23, 0x98, 0xc7, }, -+ { 0xb5, 0x81, 0x1a, 0xe5, 0xb5, 0xa5, 0xd9, 0x4d, 0xca, 0x41, 0xe7, }, -+ { 0x41, 0x16, 0x16, 0x95, 0x8d, 0x9e, 0x0c, 0xea, 0x8c, 0x71, 0x9a, 0xc1, }, -+ { 0x7c, 0x33, 0xc0, 0xa4, 0x00, 0x62, 0xea, 0x60, 0x67, 0xe4, 0x20, 0xbc, -+ 0x5b, }, -+ { 0xdb, 0xb1, 0xdc, 0xfd, 0x08, 0xc0, 0xde, 0x82, 0xd1, 0xde, 0x38, 0xc0, -+ 0x90, 0x48, }, -+ { 0x37, 0x18, 0x2e, 0x0d, 0x61, 0xaa, 0x61, 0xd7, 0x86, 0x20, 0x16, 0x60, -+ 0x04, 0xd9, 0xd5, }, -+ { 0xb0, 0xcf, 0x2c, 0x4c, 0x5e, 0x5b, 0x4f, 0x2a, 0x23, 0x25, 0x58, 0x47, -+ 0xe5, 0x31, 0x06, 0x70, }, -+ { 0x91, 0xa0, 0xa3, 0x86, 0x4e, 0xe0, 0x72, 0x38, 0x06, 0x67, 0x59, 0x5c, -+ 0x70, 0x25, 0xdb, 0x33, 0x27, }, -+ { 0x44, 0x58, 0x66, 0xb8, 0x58, 0xc7, 0x13, 0xed, 0x4c, 0xc0, 0xf4, 0x9a, -+ 0x1e, 0x67, 0x75, 0x33, 0xb6, 0xb8, }, -+ { 0x7f, 0x98, 0x4a, 0x8e, 0x50, 0xa2, 0x5c, 0xcd, 0x59, 0xde, 0x72, 0xb3, -+ 0x9d, 0xc3, 0x09, 0x8a, 0xab, 0x56, 0xf1, }, -+ { 0x80, 0x96, 0x49, 0x1a, 0x59, 0xa2, 0xc5, 0xd5, 0xa7, 0x20, 0x8a, 0xb7, -+ 0x27, 0x62, 0x84, 0x43, 0xc6, 0xe1, 0x1b, 0x5d, }, -+ { 0x6b, 0xb7, 0x2b, 0x26, 0x62, 0x14, 0x70, 0x19, 0x3d, 0x4d, 0xac, 0xac, -+ 0x63, 0x58, 0x5e, 0x94, 0xb5, 0xb7, 0xe8, 0xe8, 0xa2, }, -+ { 0x20, 0xa8, 0xc0, 0xfd, 0x63, 0x3d, 0x6e, 0x98, 0xcf, 0x0c, 0x49, 0x98, -+ 0xe4, 0x5a, 0xfe, 0x8c, 0xaa, 0x70, 0x82, 0x1c, 0x7b, 0x74, }, -+ { 0xc8, 0xe8, 0xdd, 0xdf, 0x69, 0x30, 0x01, 0xc2, 0x0f, 0x7e, 0x2f, 0x11, -+ 0xcc, 0x3e, 0x17, 0xa5, 0x69, 0x40, 0x3f, 0x0e, 0x79, 0x7f, 0xcf, }, -+ { 0xdb, 0x61, 0xc0, 0xe2, 0x2e, 0x49, 0x07, 0x31, 0x1d, 0x91, 0x42, 0x8a, -+ 0xfc, 0x5e, 0xd3, 0xf8, 0x56, 0x1f, 0x2b, 0x73, 0xfd, 0x9f, 0xb2, 0x8e, }, -+ { 0x0c, 0x89, 0x55, 0x0c, 0x1f, 0x59, 0x2c, 0x9d, 0x1b, 0x29, 0x1d, 0x41, -+ 0x1d, 0xe6, 0x47, 0x8f, 0x8c, 0x2b, 0xea, 0x8f, 0xf0, 0xff, 0x21, 0x70, -+ 0x88, }, -+ { 0x12, 0x18, 0x95, 0xa6, 0x59, 0xb1, 0x31, 0x24, 0x45, 0x67, 0x55, 0xa4, -+ 0x1a, 0x2d, 0x48, 0x67, 0x1b, 0x43, 0x88, 0x2d, 0x8e, 0xa0, 0x70, 0xb3, -+ 0xc6, 0xbb, }, -+ { 0xe7, 0xb1, 0x1d, 0xb2, 0x76, 0x4d, 0x68, 0x68, 0x68, 0x23, 0x02, 0x55, -+ 0x3a, 0xe2, 0xe5, 0xd5, 0x4b, 0x43, 0xf9, 0x34, 0x77, 0x5c, 0xa1, 0xf5, -+ 0x55, 0xfd, 0x4f, }, -+ { 0x8c, 0x87, 0x5a, 0x08, 0x3a, 0x73, 0xad, 0x61, 0xe1, 0xe7, 0x99, 0x7e, -+ 0xf0, 0x5d, 0xe9, 0x5d, 0x16, 0x43, 0x80, 0x2f, 0xd0, 0x66, 0x34, 0xe2, -+ 0x42, 0x64, 0x3b, 0x1a, }, -+ { 0x39, 0xc1, 0x99, 0xcf, 0x22, 0xbf, 0x16, 0x8f, 0x9f, 0x80, 0x7f, 0x95, -+ 0x0a, 0x05, 0x67, 0x27, 0xe7, 0x15, 0xdf, 0x9d, 0xb2, 0xfe, 0x1c, 0xb5, -+ 0x1d, 0x60, 0x8f, 0x8a, 0x1d, }, -+ { 0x9b, 0x6e, 0x08, 0x09, 0x06, 0x73, 0xab, 0x68, 0x02, 0x62, 0x1a, 0xe4, -+ 0xd4, 0xdf, 0xc7, 0x02, 0x4c, 0x6a, 0x5f, 0xfd, 0x23, 0xac, 0xae, 0x6d, -+ 0x43, 0xa4, 0x7a, 0x50, 0x60, 0x3c, }, -+ { 0x1d, 0xb4, 0xc6, 0xe1, 0xb1, 0x4b, 0xe3, 0xf2, 0xe2, 0x1a, 0x73, 0x1b, -+ 0xa0, 0x92, 0xa7, 0xf5, 0xff, 0x8f, 0x8b, 0x5d, 0xdf, 0xa8, 0x04, 0xb3, -+ 0xb0, 0xf7, 0xcc, 0x12, 0xfa, 0x35, 0x46, }, -+ { 0x49, 0x45, 0x97, 0x11, 0x0f, 0x1c, 0x60, 0x8e, 0xe8, 0x47, 0x30, 0xcf, -+ 0x60, 0xa8, 0x71, 0xc5, 0x1b, 0xe9, 0x39, 0x4d, 0x49, 0xb6, 0x12, 0x1f, -+ 0x24, 0xab, 0x37, 0xff, 0x83, 0xc2, 0xe1, 0x3a, }, -+ { 0x60, }, -+ { 0x24, 0x26, }, -+ { 0x47, 0xeb, 0xc9, }, -+ { 0x4a, 0xd0, 0xbc, 0xf0, }, -+ { 0x8e, 0x2b, 0xc9, 0x85, 0x3c, }, -+ { 0xa2, 0x07, 0x15, 0xb8, 0x12, 0x74, }, -+ { 0x0f, 0xdb, 0x5b, 0x33, 0x69, 0xfe, 0x4b, }, -+ { 0xa2, 0x86, 0x54, 0xf4, 0xfd, 0xb2, 0xd4, 0xe6, }, -+ { 0xbb, 0x84, 0x78, 0x49, 0x27, 0x8e, 0x61, 0xda, 0x60, }, -+ { 0x04, 0xc3, 0xcd, 0xaa, 0x8f, 0xa7, 0x03, 0xc9, 0xf9, 0xb6, }, -+ { 0xf8, 0x27, 0x1d, 0x61, 0xdc, 0x21, 0x42, 0xdd, 0xad, 0x92, 0x40, }, -+ { 0x12, 0x87, 0xdf, 0xc2, 0x41, 0x45, 0x5a, 0x36, 0x48, 0x5b, 0x51, 0x2b, }, -+ { 0xbb, 0x37, 0x5d, 0x1f, 0xf1, 0x68, 0x7a, 0xc4, 0xa5, 0xd2, 0xa4, 0x91, -+ 0x8d, }, -+ { 0x5b, 0x27, 0xd1, 0x04, 0x54, 0x52, 0x9f, 0xa3, 0x47, 0x86, 0x33, 0x33, -+ 0xbf, 0xa0, }, -+ { 0xcf, 0x04, 0xea, 0xf8, 0x03, 0x2a, 0x43, 0xff, 0xa6, 0x68, 0x21, 0x4c, -+ 0xd5, 0x4b, 0xed, }, -+ { 0xaf, 0xb8, 0xbc, 0x63, 0x0f, 0x18, 0x4d, 0xe2, 0x7a, 0xdd, 0x46, 0x44, -+ 0xc8, 0x24, 0x0a, 0xb7, }, -+ { 0x3e, 0xdc, 0x36, 0xe4, 0x89, 0xb1, 0xfa, 0xc6, 0x40, 0x93, 0x2e, 0x75, -+ 0xb2, 0x15, 0xd1, 0xb1, 0x10, }, -+ { 0x6c, 0xd8, 0x20, 0x3b, 0x82, 0x79, 0xf9, 0xc8, 0xbc, 0x9d, 0xe0, 0x35, -+ 0xbe, 0x1b, 0x49, 0x1a, 0xbc, 0x3a, }, -+ { 0x78, 0x65, 0x2c, 0xbe, 0x35, 0x67, 0xdc, 0x78, 0xd4, 0x41, 0xf6, 0xc9, -+ 0xde, 0xde, 0x1f, 0x18, 0x13, 0x31, 0x11, }, -+ { 0x8a, 0x7f, 0xb1, 0x33, 0x8f, 0x0c, 0x3c, 0x0a, 0x06, 0x61, 0xf0, 0x47, -+ 0x29, 0x1b, 0x29, 0xbc, 0x1c, 0x47, 0xef, 0x7a, }, -+ { 0x65, 0x91, 0xf1, 0xe6, 0xb3, 0x96, 0xd3, 0x8c, 0xc2, 0x4a, 0x59, 0x35, -+ 0x72, 0x8e, 0x0b, 0x9a, 0x87, 0xca, 0x34, 0x7b, 0x63, }, -+ { 0x5f, 0x08, 0x87, 0x80, 0x56, 0x25, 0x89, 0x77, 0x61, 0x8c, 0x64, 0xa1, -+ 0x59, 0x6d, 0x59, 0x62, 0xe8, 0x4a, 0xc8, 0x58, 0x99, 0xd1, }, -+ { 0x23, 0x87, 0x1d, 0xed, 0x6f, 0xf2, 0x91, 0x90, 0xe2, 0xfe, 0x43, 0x21, -+ 0xaf, 0x97, 0xc6, 0xbc, 0xd7, 0x15, 0xc7, 0x2d, 0x08, 0x77, 0x91, }, -+ { 0x90, 0x47, 0x9a, 0x9e, 0x3a, 0xdf, 0xf3, 0xc9, 0x4c, 0x1e, 0xa7, 0xd4, -+ 0x6a, 0x32, 0x90, 0xfe, 0xb7, 0xb6, 0x7b, 0xfa, 0x96, 0x61, 0xfb, 0xa4, }, -+ { 0xb1, 0x67, 0x60, 0x45, 0xb0, 0x96, 0xc5, 0x15, 0x9f, 0x4d, 0x26, 0xd7, -+ 0x9d, 0xf1, 0xf5, 0x6d, 0x21, 0x00, 0x94, 0x31, 0x64, 0x94, 0xd3, 0xa7, -+ 0xd3, }, -+ { 0x02, 0x3e, 0xaf, 0xf3, 0x79, 0x73, 0xa5, 0xf5, 0xcc, 0x7a, 0x7f, 0xfb, -+ 0x79, 0x2b, 0x85, 0x8c, 0x88, 0x72, 0x06, 0xbe, 0xfe, 0xaf, 0xc1, 0x16, -+ 0xa6, 0xd6, }, -+ { 0x2a, 0xb0, 0x1a, 0xe5, 0xaa, 0x6e, 0xb3, 0xae, 0x53, 0x85, 0x33, 0x80, -+ 0x75, 0xae, 0x30, 0xe6, 0xb8, 0x72, 0x42, 0xf6, 0x25, 0x4f, 0x38, 0x88, -+ 0x55, 0xd1, 0xa9, }, -+ { 0x90, 0xd8, 0x0c, 0xc0, 0x93, 0x4b, 0x4f, 0x9e, 0x65, 0x6c, 0xa1, 0x54, -+ 0xa6, 0xf6, 0x6e, 0xca, 0xd2, 0xbb, 0x7e, 0x6a, 0x1c, 0xd3, 0xce, 0x46, -+ 0xef, 0xb0, 0x00, 0x8d, }, -+ { 0xed, 0x9c, 0x49, 0xcd, 0xc2, 0xde, 0x38, 0x0e, 0xe9, 0x98, 0x6c, 0xc8, -+ 0x90, 0x9e, 0x3c, 0xd4, 0xd3, 0xeb, 0x88, 0x32, 0xc7, 0x28, 0xe3, 0x94, -+ 0x1c, 0x9f, 0x8b, 0xf3, 0xcb, }, -+ { 0xac, 0xe7, 0x92, 0x16, 0xb4, 0x14, 0xa0, 0xe4, 0x04, 0x79, 0xa2, 0xf4, -+ 0x31, 0xe6, 0x0c, 0x26, 0xdc, 0xbf, 0x2f, 0x69, 0x1b, 0x55, 0x94, 0x67, -+ 0xda, 0x0c, 0xd7, 0x32, 0x1f, 0xef, }, -+ { 0x68, 0x63, 0x85, 0x57, 0x95, 0x9e, 0x42, 0x27, 0x41, 0x43, 0x42, 0x02, -+ 0xa5, 0x78, 0xa7, 0xc6, 0x43, 0xc1, 0x6a, 0xba, 0x70, 0x80, 0xcd, 0x04, -+ 0xb6, 0x78, 0x76, 0x29, 0xf3, 0xe8, 0xa0, }, -+ { 0xe6, 0xac, 0x8d, 0x9d, 0xf0, 0xc0, 0xf7, 0xf7, 0xe3, 0x3e, 0x4e, 0x28, -+ 0x0f, 0x59, 0xb2, 0x67, 0x9e, 0x84, 0x34, 0x42, 0x96, 0x30, 0x2b, 0xca, -+ 0x49, 0xb6, 0xc5, 0x9a, 0x84, 0x59, 0xa7, 0x81, }, -+ { 0x7e, }, -+ { 0x1e, 0x21, }, -+ { 0x26, 0xd3, 0xdd, }, -+ { 0x2c, 0xd4, 0xb3, 0x3d, }, -+ { 0x86, 0x7b, 0x76, 0x3c, 0xf0, }, -+ { 0x12, 0xc3, 0x70, 0x1d, 0x55, 0x18, }, -+ { 0x96, 0xc2, 0xbd, 0x61, 0x55, 0xf4, 0x24, }, -+ { 0x20, 0x51, 0xf7, 0x86, 0x58, 0x8f, 0x07, 0x2a, }, -+ { 0x93, 0x15, 0xa8, 0x1d, 0xda, 0x97, 0xee, 0x0e, 0x6c, }, -+ { 0x39, 0x93, 0xdf, 0xd5, 0x0e, 0xca, 0xdc, 0x7a, 0x92, 0xce, }, -+ { 0x60, 0xd5, 0xfd, 0xf5, 0x1b, 0x26, 0x82, 0x26, 0x73, 0x02, 0xbc, }, -+ { 0x98, 0xf2, 0x34, 0xe1, 0xf5, 0xfb, 0x00, 0xac, 0x10, 0x4a, 0x38, 0x9f, }, -+ { 0xda, 0x3a, 0x92, 0x8a, 0xd0, 0xcd, 0x12, 0xcd, 0x15, 0xbb, 0xab, 0x77, -+ 0x66, }, -+ { 0xa2, 0x92, 0x1a, 0xe5, 0xca, 0x0c, 0x30, 0x75, 0xeb, 0xaf, 0x00, 0x31, -+ 0x55, 0x66, }, -+ { 0x06, 0xea, 0xfd, 0x3e, 0x86, 0x38, 0x62, 0x4e, 0xa9, 0x12, 0xa4, 0x12, -+ 0x43, 0xbf, 0xa1, }, -+ { 0xe4, 0x71, 0x7b, 0x94, 0xdb, 0xa0, 0xd2, 0xff, 0x9b, 0xeb, 0xad, 0x8e, -+ 0x95, 0x8a, 0xc5, 0xed, }, -+ { 0x25, 0x5a, 0x77, 0x71, 0x41, 0x0e, 0x7a, 0xe9, 0xed, 0x0c, 0x10, 0xef, -+ 0xf6, 0x2b, 0x3a, 0xba, 0x60, }, -+ { 0xee, 0xe2, 0xa3, 0x67, 0x64, 0x1d, 0xc6, 0x04, 0xc4, 0xe1, 0x68, 0xd2, -+ 0x6e, 0xd2, 0x91, 0x75, 0x53, 0x07, }, -+ { 0xe0, 0xf6, 0x4d, 0x8f, 0x68, 0xfc, 0x06, 0x7e, 0x18, 0x79, 0x7f, 0x2b, -+ 0x6d, 0xef, 0x46, 0x7f, 0xab, 0xb2, 0xad, }, -+ { 0x3d, 0x35, 0x88, 0x9f, 0x2e, 0xcf, 0x96, 0x45, 0x07, 0x60, 0x71, 0x94, -+ 0x00, 0x8d, 0xbf, 0xf4, 0xef, 0x46, 0x2e, 0x3c, }, -+ { 0x43, 0xcf, 0x98, 0xf7, 0x2d, 0xf4, 0x17, 0xe7, 0x8c, 0x05, 0x2d, 0x9b, -+ 0x24, 0xfb, 0x4d, 0xea, 0x4a, 0xec, 0x01, 0x25, 0x29, }, -+ { 0x8e, 0x73, 0x9a, 0x78, 0x11, 0xfe, 0x48, 0xa0, 0x3b, 0x1a, 0x26, 0xdf, -+ 0x25, 0xe9, 0x59, 0x1c, 0x70, 0x07, 0x9f, 0xdc, 0xa0, 0xa6, }, -+ { 0xe8, 0x47, 0x71, 0xc7, 0x3e, 0xdf, 0xb5, 0x13, 0xb9, 0x85, 0x13, 0xa8, -+ 0x54, 0x47, 0x6e, 0x59, 0x96, 0x09, 0x13, 0x5f, 0x82, 0x16, 0x0b, }, -+ { 0xfb, 0xc0, 0x8c, 0x03, 0x21, 0xb3, 0xc4, 0xb5, 0x43, 0x32, 0x6c, 0xea, -+ 0x7f, 0xa8, 0x43, 0x91, 0xe8, 0x4e, 0x3f, 0xbf, 0x45, 0x58, 0x6a, 0xa3, }, -+ { 0x55, 0xf8, 0xf3, 0x00, 0x76, 0x09, 0xef, 0x69, 0x5d, 0xd2, 0x8a, 0xf2, -+ 0x65, 0xc3, 0xcb, 0x9b, 0x43, 0xfd, 0xb1, 0x7e, 0x7f, 0xa1, 0x94, 0xb0, -+ 0xd7, }, -+ { 0xaa, 0x13, 0xc1, 0x51, 0x40, 0x6d, 0x8d, 0x4c, 0x0a, 0x95, 0x64, 0x7b, -+ 0xd1, 0x96, 0xb6, 0x56, 0xb4, 0x5b, 0xcf, 0xd6, 0xd9, 0x15, 0x97, 0xdd, -+ 0xb6, 0xef, }, -+ { 0xaf, 0xb7, 0x36, 0xb0, 0x04, 0xdb, 0xd7, 0x9c, 0x9a, 0x44, 0xc4, 0xf6, -+ 0x1f, 0x12, 0x21, 0x2d, 0x59, 0x30, 0x54, 0xab, 0x27, 0x61, 0xa3, 0x57, -+ 0xef, 0xf8, 0x53, }, -+ { 0x97, 0x34, 0x45, 0x3e, 0xce, 0x7c, 0x35, 0xa2, 0xda, 0x9f, 0x4b, 0x46, -+ 0x6c, 0x11, 0x67, 0xff, 0x2f, 0x76, 0x58, 0x15, 0x71, 0xfa, 0x44, 0x89, -+ 0x89, 0xfd, 0xf7, 0x99, }, -+ { 0x1f, 0xb1, 0x62, 0xeb, 0x83, 0xc5, 0x9c, 0x89, 0xf9, 0x2c, 0xd2, 0x03, -+ 0x61, 0xbc, 0xbb, 0xa5, 0x74, 0x0e, 0x9b, 0x7e, 0x82, 0x3e, 0x70, 0x0a, -+ 0xa9, 0x8f, 0x2b, 0x59, 0xfb, }, -+ { 0xf8, 0xca, 0x5e, 0x3a, 0x4f, 0x9e, 0x10, 0x69, 0x10, 0xd5, 0x4c, 0xeb, -+ 0x1a, 0x0f, 0x3c, 0x6a, 0x98, 0xf5, 0xb0, 0x97, 0x5b, 0x37, 0x2f, 0x0d, -+ 0xbd, 0x42, 0x4b, 0x69, 0xa1, 0x82, }, -+ { 0x12, 0x8c, 0x6d, 0x52, 0x08, 0xef, 0x74, 0xb2, 0xe6, 0xaa, 0xd3, 0xb0, -+ 0x26, 0xb0, 0xd9, 0x94, 0xb6, 0x11, 0x45, 0x0e, 0x36, 0x71, 0x14, 0x2d, -+ 0x41, 0x8c, 0x21, 0x53, 0x31, 0xe9, 0x68, }, -+ { 0xee, 0xea, 0x0d, 0x89, 0x47, 0x7e, 0x72, 0xd1, 0xd8, 0xce, 0x58, 0x4c, -+ 0x94, 0x1f, 0x0d, 0x51, 0x08, 0xa3, 0xb6, 0x3d, 0xe7, 0x82, 0x46, 0x92, -+ 0xd6, 0x98, 0x6b, 0x07, 0x10, 0x65, 0x52, 0x65, }, -+}; -+ -+static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { -+ { 0xce, 0xe1, 0x57, 0x69, 0x82, 0xdc, 0xbf, 0x43, 0xad, 0x56, 0x4c, 0x70, -+ 0xed, 0x68, 0x16, 0x96, 0xcf, 0xa4, 0x73, 0xe8, 0xe8, 0xfc, 0x32, 0x79, -+ 0x08, 0x0a, 0x75, 0x82, 0xda, 0x3f, 0x05, 0x11, }, -+ { 0x77, 0x2f, 0x0c, 0x71, 0x41, 0xf4, 0x4b, 0x2b, 0xb3, 0xc6, 0xb6, 0xf9, -+ 0x60, 0xde, 0xe4, 0x52, 0x38, 0x66, 0xe8, 0xbf, 0x9b, 0x96, 0xc4, 0x9f, -+ 0x60, 0xd9, 0x24, 0x37, 0x99, 0xd6, 0xec, 0x31, }, -+}; -+ -+bool __init blake2s_selftest(void) -+{ -+ u8 key[BLAKE2S_KEY_SIZE]; -+ u8 buf[ARRAY_SIZE(blake2s_testvecs)]; -+ u8 hash[BLAKE2S_HASH_SIZE]; -+ struct blake2s_state state; -+ bool success = true; -+ int i, l; -+ -+ key[0] = key[1] = 1; -+ for (i = 2; i < sizeof(key); ++i) -+ key[i] = key[i - 2] + key[i - 1]; -+ -+ for (i = 0; i < sizeof(buf); ++i) -+ buf[i] = (u8)i; -+ -+ for (i = l = 0; i < ARRAY_SIZE(blake2s_testvecs); l = (l + 37) % ++i) { -+ int outlen = 1 + i % BLAKE2S_HASH_SIZE; -+ int keylen = (13 * i) % (BLAKE2S_KEY_SIZE + 1); -+ -+ blake2s(hash, buf, key + BLAKE2S_KEY_SIZE - keylen, outlen, i, -+ keylen); -+ if (memcmp(hash, blake2s_testvecs[i], outlen)) { -+ pr_err("blake2s self-test %d: FAIL\n", i + 1); -+ success = false; -+ } -+ -+ if (!keylen) -+ blake2s_init(&state, outlen); -+ else -+ blake2s_init_key(&state, outlen, -+ key + BLAKE2S_KEY_SIZE - keylen, -+ keylen); -+ -+ blake2s_update(&state, buf, l); -+ blake2s_update(&state, buf + l, i - l); -+ blake2s_final(&state, hash); -+ if (memcmp(hash, blake2s_testvecs[i], outlen)) { -+ pr_err("blake2s init/update/final self-test %d: FAIL\n", -+ i + 1); -+ success = false; -+ } -+ } -+ -+ if (success) { -+ blake2s256_hmac(hash, buf, key, sizeof(buf), sizeof(key)); -+ success &= !memcmp(hash, blake2s_hmac_testvecs[0], BLAKE2S_HASH_SIZE); -+ -+ blake2s256_hmac(hash, key, buf, sizeof(key), sizeof(buf)); -+ success &= !memcmp(hash, blake2s_hmac_testvecs[1], BLAKE2S_HASH_SIZE); -+ -+ if (!success) -+ pr_err("blake2s256_hmac self-test: FAIL\n"); -+ } -+ -+ return success; -+} -diff --git a/lib/crypto/blake2s.c b/lib/crypto/blake2s.c -new file mode 100644 -index 000000000000..41025a30c524 ---- /dev/null -+++ b/lib/crypto/blake2s.c -@@ -0,0 +1,126 @@ -+// SPDX-License-Identifier: GPL-2.0 OR MIT -+/* -+ * Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. -+ * -+ * This is an implementation of the BLAKE2s hash and PRF functions. -+ * -+ * Information: https://blake2.net/ -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+bool blake2s_selftest(void); -+ -+void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen) -+{ -+ const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen; -+ -+ if (unlikely(!inlen)) -+ return; -+ if (inlen > fill) { -+ memcpy(state->buf + state->buflen, in, fill); -+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S)) -+ blake2s_compress_arch(state, state->buf, 1, -+ BLAKE2S_BLOCK_SIZE); -+ else -+ blake2s_compress_generic(state, state->buf, 1, -+ BLAKE2S_BLOCK_SIZE); -+ state->buflen = 0; -+ in += fill; -+ inlen -= fill; -+ } -+ if (inlen > BLAKE2S_BLOCK_SIZE) { -+ const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_SIZE); -+ /* Hash one less (full) block than strictly possible */ -+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S)) -+ blake2s_compress_arch(state, in, nblocks - 1, -+ BLAKE2S_BLOCK_SIZE); -+ else -+ blake2s_compress_generic(state, in, nblocks - 1, -+ BLAKE2S_BLOCK_SIZE); -+ in += BLAKE2S_BLOCK_SIZE * (nblocks - 1); -+ inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1); -+ } -+ memcpy(state->buf + state->buflen, in, inlen); -+ state->buflen += inlen; -+} -+EXPORT_SYMBOL(blake2s_update); -+ -+void blake2s_final(struct blake2s_state *state, u8 *out) -+{ -+ WARN_ON(IS_ENABLED(DEBUG) && !out); -+ blake2s_set_lastblock(state); -+ memset(state->buf + state->buflen, 0, -+ BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */ -+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S)) -+ blake2s_compress_arch(state, state->buf, 1, state->buflen); -+ else -+ blake2s_compress_generic(state, state->buf, 1, state->buflen); -+ cpu_to_le32_array(state->h, ARRAY_SIZE(state->h)); -+ memcpy(out, state->h, state->outlen); -+ memzero_explicit(state, sizeof(*state)); -+} -+EXPORT_SYMBOL(blake2s_final); -+ -+void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, -+ const size_t keylen) -+{ -+ struct blake2s_state state; -+ u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; -+ u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); -+ int i; -+ -+ if (keylen > BLAKE2S_BLOCK_SIZE) { -+ blake2s_init(&state, BLAKE2S_HASH_SIZE); -+ blake2s_update(&state, key, keylen); -+ blake2s_final(&state, x_key); -+ } else -+ memcpy(x_key, key, keylen); -+ -+ for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) -+ x_key[i] ^= 0x36; -+ -+ blake2s_init(&state, BLAKE2S_HASH_SIZE); -+ blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); -+ blake2s_update(&state, in, inlen); -+ blake2s_final(&state, i_hash); -+ -+ for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) -+ x_key[i] ^= 0x5c ^ 0x36; -+ -+ blake2s_init(&state, BLAKE2S_HASH_SIZE); -+ blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); -+ blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); -+ blake2s_final(&state, i_hash); -+ -+ memcpy(out, i_hash, BLAKE2S_HASH_SIZE); -+ memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); -+ memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); -+} -+EXPORT_SYMBOL(blake2s256_hmac); -+ -+static int __init mod_init(void) -+{ -+ if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && -+ WARN_ON(!blake2s_selftest())) -+ return -ENODEV; -+ return 0; -+} -+ -+static void __exit mod_exit(void) -+{ -+} -+ -+module_init(mod_init); -+module_exit(mod_exit); -+MODULE_LICENSE("GPL v2"); -+MODULE_DESCRIPTION("BLAKE2s hash function"); -+MODULE_AUTHOR("Jason A. Donenfeld "); --- -2.18.4 - - -From 49d4f57dd045ae474eba3504c803ab93d2932ff5 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Fri, 8 Nov 2019 13:22:29 +0100 -Subject: [PATCH 022/159] crypto: testmgr - add test cases for Blake2s - -commit 17e1df67023a5c9ccaeb5de8bf5b88f63127ecf7 upstream. - -As suggested by Eric for the Blake2b implementation contributed by -David, introduce a set of test vectors for Blake2s covering different -digest and key sizes. - - blake2s-128 blake2s-160 blake2s-224 blake2s-256 - --------------------------------------------------- -len=0 | klen=0 klen=1 klen=16 klen=32 -len=1 | klen=16 klen=32 klen=0 klen=1 -len=7 | klen=32 klen=0 klen=1 klen=16 -len=15 | klen=1 klen=16 klen=32 klen=0 -len=64 | klen=0 klen=1 klen=16 klen=32 -len=247 | klen=16 klen=32 klen=0 klen=1 -len=256 | klen=32 klen=0 klen=1 klen=16 - -Cc: David Sterba -Cc: Eric Biggers -Signed-off-by: Ard Biesheuvel -Signed-off-by: Herbert Xu -Signed-off-by: Jason A. Donenfeld ---- - crypto/testmgr.c | 24 +++++ - crypto/testmgr.h | 251 +++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 275 insertions(+) - -diff --git a/crypto/testmgr.c b/crypto/testmgr.c -index 7473c5bc06b1..711390861f71 100644 ---- a/crypto/testmgr.c -+++ b/crypto/testmgr.c -@@ -4034,6 +4034,30 @@ static const struct alg_test_desc alg_test_descs[] = { - .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))", - .test = alg_test_null, - .fips_allowed = 1, -+ }, { -+ .alg = "blake2s-128", -+ .test = alg_test_hash, -+ .suite = { -+ .hash = __VECS(blakes2s_128_tv_template) -+ } -+ }, { -+ .alg = "blake2s-160", -+ .test = alg_test_hash, -+ .suite = { -+ .hash = __VECS(blakes2s_160_tv_template) -+ } -+ }, { -+ .alg = "blake2s-224", -+ .test = alg_test_hash, -+ .suite = { -+ .hash = __VECS(blakes2s_224_tv_template) -+ } -+ }, { -+ .alg = "blake2s-256", -+ .test = alg_test_hash, -+ .suite = { -+ .hash = __VECS(blakes2s_256_tv_template) -+ } - }, { - .alg = "cbc(aes)", - .test = alg_test_skcipher, -diff --git a/crypto/testmgr.h b/crypto/testmgr.h -index ef7d21f39d4a..102fcad54966 100644 ---- a/crypto/testmgr.h -+++ b/crypto/testmgr.h -@@ -31567,4 +31567,255 @@ static const struct aead_testvec essiv_hmac_sha256_aes_cbc_tv_temp[] = { - }, - }; - -+static const char blake2_ordered_sequence[] = -+ "\x00\x01\x02\x03\x04\x05\x06\x07" -+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" -+ "\x10\x11\x12\x13\x14\x15\x16\x17" -+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" -+ "\x20\x21\x22\x23\x24\x25\x26\x27" -+ "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" -+ "\x30\x31\x32\x33\x34\x35\x36\x37" -+ "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" -+ "\x40\x41\x42\x43\x44\x45\x46\x47" -+ "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" -+ "\x50\x51\x52\x53\x54\x55\x56\x57" -+ "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" -+ "\x60\x61\x62\x63\x64\x65\x66\x67" -+ "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" -+ "\x70\x71\x72\x73\x74\x75\x76\x77" -+ "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" -+ "\x80\x81\x82\x83\x84\x85\x86\x87" -+ "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" -+ "\x90\x91\x92\x93\x94\x95\x96\x97" -+ "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" -+ "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" -+ "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" -+ "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" -+ "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" -+ "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" -+ "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" -+ "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" -+ "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" -+ "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" -+ "\xe8\xe9\xea\xeb\xec\xed\xee\xef" -+ "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" -+ "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"; -+ -+static const struct hash_testvec blakes2s_128_tv_template[] = {{ -+ .digest = (u8[]){ 0x64, 0x55, 0x0d, 0x6f, 0xfe, 0x2c, 0x0a, 0x01, -+ 0xa1, 0x4a, 0xba, 0x1e, 0xad, 0xe0, 0x20, 0x0c, }, -+}, { -+ .plaintext = blake2_ordered_sequence, -+ .psize = 64, -+ .digest = (u8[]){ 0xdc, 0x66, 0xca, 0x8f, 0x03, 0x86, 0x58, 0x01, -+ 0xb0, 0xff, 0xe0, 0x6e, 0xd8, 0xa1, 0xa9, 0x0e, }, -+}, { -+ .ksize = 16, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 1, -+ .digest = (u8[]){ 0x88, 0x1e, 0x42, 0xe7, 0xbb, 0x35, 0x80, 0x82, -+ 0x63, 0x7c, 0x0a, 0x0f, 0xd7, 0xec, 0x6c, 0x2f, }, -+}, { -+ .ksize = 32, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 7, -+ .digest = (u8[]){ 0xcf, 0x9e, 0x07, 0x2a, 0xd5, 0x22, 0xf2, 0xcd, -+ 0xa2, 0xd8, 0x25, 0x21, 0x80, 0x86, 0x73, 0x1c, }, -+}, { -+ .ksize = 1, -+ .key = "B", -+ .plaintext = blake2_ordered_sequence, -+ .psize = 15, -+ .digest = (u8[]){ 0xf6, 0x33, 0x5a, 0x2c, 0x22, 0xa0, 0x64, 0xb2, -+ 0xb6, 0x3f, 0xeb, 0xbc, 0xd1, 0xc3, 0xe5, 0xb2, }, -+}, { -+ .ksize = 16, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 247, -+ .digest = (u8[]){ 0x72, 0x66, 0x49, 0x60, 0xf9, 0x4a, 0xea, 0xbe, -+ 0x1f, 0xf4, 0x60, 0xce, 0xb7, 0x81, 0xcb, 0x09, }, -+}, { -+ .ksize = 32, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 256, -+ .digest = (u8[]){ 0xd5, 0xa4, 0x0e, 0xc3, 0x16, 0xc7, 0x51, 0xa6, -+ 0x3c, 0xd0, 0xd9, 0x11, 0x57, 0xfa, 0x1e, 0xbb, }, -+}}; -+ -+static const struct hash_testvec blakes2s_160_tv_template[] = {{ -+ .plaintext = blake2_ordered_sequence, -+ .psize = 7, -+ .digest = (u8[]){ 0xb4, 0xf2, 0x03, 0x49, 0x37, 0xed, 0xb1, 0x3e, -+ 0x5b, 0x2a, 0xca, 0x64, 0x82, 0x74, 0xf6, 0x62, -+ 0xe3, 0xf2, 0x84, 0xff, }, -+}, { -+ .plaintext = blake2_ordered_sequence, -+ .psize = 256, -+ .digest = (u8[]){ 0xaa, 0x56, 0x9b, 0xdc, 0x98, 0x17, 0x75, 0xf2, -+ 0xb3, 0x68, 0x83, 0xb7, 0x9b, 0x8d, 0x48, 0xb1, -+ 0x9b, 0x2d, 0x35, 0x05, }, -+}, { -+ .ksize = 1, -+ .key = "B", -+ .digest = (u8[]){ 0x50, 0x16, 0xe7, 0x0c, 0x01, 0xd0, 0xd3, 0xc3, -+ 0xf4, 0x3e, 0xb1, 0x6e, 0x97, 0xa9, 0x4e, 0xd1, -+ 0x79, 0x65, 0x32, 0x93, }, -+}, { -+ .ksize = 32, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 1, -+ .digest = (u8[]){ 0x1c, 0x2b, 0xcd, 0x9a, 0x68, 0xca, 0x8c, 0x71, -+ 0x90, 0x29, 0x6c, 0x54, 0xfa, 0x56, 0x4a, 0xef, -+ 0xa2, 0x3a, 0x56, 0x9c, }, -+}, { -+ .ksize = 16, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 15, -+ .digest = (u8[]){ 0x36, 0xc3, 0x5f, 0x9a, 0xdc, 0x7e, 0xbf, 0x19, -+ 0x68, 0xaa, 0xca, 0xd8, 0x81, 0xbf, 0x09, 0x34, -+ 0x83, 0x39, 0x0f, 0x30, }, -+}, { -+ .ksize = 1, -+ .key = "B", -+ .plaintext = blake2_ordered_sequence, -+ .psize = 64, -+ .digest = (u8[]){ 0x86, 0x80, 0x78, 0xa4, 0x14, 0xec, 0x03, 0xe5, -+ 0xb6, 0x9a, 0x52, 0x0e, 0x42, 0xee, 0x39, 0x9d, -+ 0xac, 0xa6, 0x81, 0x63, }, -+}, { -+ .ksize = 32, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 247, -+ .digest = (u8[]){ 0x2d, 0xd8, 0xd2, 0x53, 0x66, 0xfa, 0xa9, 0x01, -+ 0x1c, 0x9c, 0xaf, 0xa3, 0xe2, 0x9d, 0x9b, 0x10, -+ 0x0a, 0xf6, 0x73, 0xe8, }, -+}}; -+ -+static const struct hash_testvec blakes2s_224_tv_template[] = {{ -+ .plaintext = blake2_ordered_sequence, -+ .psize = 1, -+ .digest = (u8[]){ 0x61, 0xb9, 0x4e, 0xc9, 0x46, 0x22, 0xa3, 0x91, -+ 0xd2, 0xae, 0x42, 0xe6, 0x45, 0x6c, 0x90, 0x12, -+ 0xd5, 0x80, 0x07, 0x97, 0xb8, 0x86, 0x5a, 0xfc, -+ 0x48, 0x21, 0x97, 0xbb, }, -+}, { -+ .plaintext = blake2_ordered_sequence, -+ .psize = 247, -+ .digest = (u8[]){ 0x9e, 0xda, 0xc7, 0x20, 0x2c, 0xd8, 0x48, 0x2e, -+ 0x31, 0x94, 0xab, 0x46, 0x6d, 0x94, 0xd8, 0xb4, -+ 0x69, 0xcd, 0xae, 0x19, 0x6d, 0x9e, 0x41, 0xcc, -+ 0x2b, 0xa4, 0xd5, 0xf6, }, -+}, { -+ .ksize = 16, -+ .key = blake2_ordered_sequence, -+ .digest = (u8[]){ 0x32, 0xc0, 0xac, 0xf4, 0x3b, 0xd3, 0x07, 0x9f, -+ 0xbe, 0xfb, 0xfa, 0x4d, 0x6b, 0x4e, 0x56, 0xb3, -+ 0xaa, 0xd3, 0x27, 0xf6, 0x14, 0xbf, 0xb9, 0x32, -+ 0xa7, 0x19, 0xfc, 0xb8, }, -+}, { -+ .ksize = 1, -+ .key = "B", -+ .plaintext = blake2_ordered_sequence, -+ .psize = 7, -+ .digest = (u8[]){ 0x73, 0xad, 0x5e, 0x6d, 0xb9, 0x02, 0x8e, 0x76, -+ 0xf2, 0x66, 0x42, 0x4b, 0x4c, 0xfa, 0x1f, 0xe6, -+ 0x2e, 0x56, 0x40, 0xe5, 0xa2, 0xb0, 0x3c, 0xe8, -+ 0x7b, 0x45, 0xfe, 0x05, }, -+}, { -+ .ksize = 32, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 15, -+ .digest = (u8[]){ 0x16, 0x60, 0xfb, 0x92, 0x54, 0xb3, 0x6e, 0x36, -+ 0x81, 0xf4, 0x16, 0x41, 0xc3, 0x3d, 0xd3, 0x43, -+ 0x84, 0xed, 0x10, 0x6f, 0x65, 0x80, 0x7a, 0x3e, -+ 0x25, 0xab, 0xc5, 0x02, }, -+}, { -+ .ksize = 16, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 64, -+ .digest = (u8[]){ 0xca, 0xaa, 0x39, 0x67, 0x9c, 0xf7, 0x6b, 0xc7, -+ 0xb6, 0x82, 0xca, 0x0e, 0x65, 0x36, 0x5b, 0x7c, -+ 0x24, 0x00, 0xfa, 0x5f, 0xda, 0x06, 0x91, 0x93, -+ 0x6a, 0x31, 0x83, 0xb5, }, -+}, { -+ .ksize = 1, -+ .key = "B", -+ .plaintext = blake2_ordered_sequence, -+ .psize = 256, -+ .digest = (u8[]){ 0x90, 0x02, 0x26, 0xb5, 0x06, 0x9c, 0x36, 0x86, -+ 0x94, 0x91, 0x90, 0x1e, 0x7d, 0x2a, 0x71, 0xb2, -+ 0x48, 0xb5, 0xe8, 0x16, 0xfd, 0x64, 0x33, 0x45, -+ 0xb3, 0xd7, 0xec, 0xcc, }, -+}}; -+ -+static const struct hash_testvec blakes2s_256_tv_template[] = {{ -+ .plaintext = blake2_ordered_sequence, -+ .psize = 15, -+ .digest = (u8[]){ 0xd9, 0x7c, 0x82, 0x8d, 0x81, 0x82, 0xa7, 0x21, -+ 0x80, 0xa0, 0x6a, 0x78, 0x26, 0x83, 0x30, 0x67, -+ 0x3f, 0x7c, 0x4e, 0x06, 0x35, 0x94, 0x7c, 0x04, -+ 0xc0, 0x23, 0x23, 0xfd, 0x45, 0xc0, 0xa5, 0x2d, }, -+}, { -+ .ksize = 32, -+ .key = blake2_ordered_sequence, -+ .digest = (u8[]){ 0x48, 0xa8, 0x99, 0x7d, 0xa4, 0x07, 0x87, 0x6b, -+ 0x3d, 0x79, 0xc0, 0xd9, 0x23, 0x25, 0xad, 0x3b, -+ 0x89, 0xcb, 0xb7, 0x54, 0xd8, 0x6a, 0xb7, 0x1a, -+ 0xee, 0x04, 0x7a, 0xd3, 0x45, 0xfd, 0x2c, 0x49, }, -+}, { -+ .ksize = 1, -+ .key = "B", -+ .plaintext = blake2_ordered_sequence, -+ .psize = 1, -+ .digest = (u8[]){ 0x22, 0x27, 0xae, 0xaa, 0x6e, 0x81, 0x56, 0x03, -+ 0xa7, 0xe3, 0xa1, 0x18, 0xa5, 0x9a, 0x2c, 0x18, -+ 0xf4, 0x63, 0xbc, 0x16, 0x70, 0xf1, 0xe7, 0x4b, -+ 0x00, 0x6d, 0x66, 0x16, 0xae, 0x9e, 0x74, 0x4e, }, -+}, { -+ .ksize = 16, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 7, -+ .digest = (u8[]){ 0x58, 0x5d, 0xa8, 0x60, 0x1c, 0xa4, 0xd8, 0x03, -+ 0x86, 0x86, 0x84, 0x64, 0xd7, 0xa0, 0x8e, 0x15, -+ 0x2f, 0x05, 0xa2, 0x1b, 0xbc, 0xef, 0x7a, 0x34, -+ 0xb3, 0xc5, 0xbc, 0x4b, 0xf0, 0x32, 0xeb, 0x12, }, -+}, { -+ .ksize = 32, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 64, -+ .digest = (u8[]){ 0x89, 0x75, 0xb0, 0x57, 0x7f, 0xd3, 0x55, 0x66, -+ 0xd7, 0x50, 0xb3, 0x62, 0xb0, 0x89, 0x7a, 0x26, -+ 0xc3, 0x99, 0x13, 0x6d, 0xf0, 0x7b, 0xab, 0xab, -+ 0xbd, 0xe6, 0x20, 0x3f, 0xf2, 0x95, 0x4e, 0xd4, }, -+}, { -+ .ksize = 1, -+ .key = "B", -+ .plaintext = blake2_ordered_sequence, -+ .psize = 247, -+ .digest = (u8[]){ 0x2e, 0x74, 0x1c, 0x1d, 0x03, 0xf4, 0x9d, 0x84, -+ 0x6f, 0xfc, 0x86, 0x32, 0x92, 0x49, 0x7e, 0x66, -+ 0xd7, 0xc3, 0x10, 0x88, 0xfe, 0x28, 0xb3, 0xe0, -+ 0xbf, 0x50, 0x75, 0xad, 0x8e, 0xa4, 0xe6, 0xb2, }, -+}, { -+ .ksize = 16, -+ .key = blake2_ordered_sequence, -+ .plaintext = blake2_ordered_sequence, -+ .psize = 256, -+ .digest = (u8[]){ 0xb9, 0xd2, 0x81, 0x0e, 0x3a, 0xb1, 0x62, 0x9b, -+ 0xad, 0x44, 0x05, 0xf4, 0x92, 0x2e, 0x99, 0xc1, -+ 0x4a, 0x47, 0xbb, 0x5b, 0x6f, 0xb2, 0x96, 0xed, -+ 0xd5, 0x06, 0xb5, 0x3a, 0x7c, 0x7a, 0x65, 0x1d, }, -+}}; -+ - #endif /* _CRYPTO_TESTMGR_H */ --- -2.18.4 - - -From 46d17c24ecf3b6c97f39eb25e33f4ce0620f47e8 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Fri, 8 Nov 2019 13:22:30 +0100 -Subject: [PATCH 023/159] crypto: blake2s - implement generic shash driver - -commit 7f9b0880925f1f9d7d59504ea0892d2ae9cfc233 upstream. - -Wire up our newly added Blake2s implementation via the shash API. - -Signed-off-by: Ard Biesheuvel -Signed-off-by: Herbert Xu -Signed-off-by: Jason A. Donenfeld ---- - crypto/Kconfig | 18 ++++ - crypto/Makefile | 1 + - crypto/blake2s_generic.c | 171 ++++++++++++++++++++++++++++++ - include/crypto/internal/blake2s.h | 5 + - 4 files changed, 195 insertions(+) - create mode 100644 crypto/blake2s_generic.c - -diff --git a/crypto/Kconfig b/crypto/Kconfig -index cd1497e64d9d..e60c08264820 100644 ---- a/crypto/Kconfig -+++ b/crypto/Kconfig -@@ -639,6 +639,24 @@ config CRYPTO_XXHASH - xxHash non-cryptographic hash algorithm. Extremely fast, working at - speeds close to RAM limits. - -+config CRYPTO_BLAKE2S -+ tristate "BLAKE2s digest algorithm" -+ select CRYPTO_LIB_BLAKE2S_GENERIC -+ select CRYPTO_HASH -+ help -+ Implementation of cryptographic hash function BLAKE2s -+ optimized for 8-32bit platforms and can produce digests of any size -+ between 1 to 32. The keyed hash is also implemented. -+ -+ This module provides the following algorithms: -+ -+ - blake2s-128 -+ - blake2s-160 -+ - blake2s-224 -+ - blake2s-256 -+ -+ See https://blake2.net for further information. -+ - config CRYPTO_CRCT10DIF - tristate "CRCT10DIF algorithm" - select CRYPTO_HASH -diff --git a/crypto/Makefile b/crypto/Makefile -index aa740c8492b9..fd27edea7c8e 100644 ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -74,6 +74,7 @@ obj-$(CONFIG_CRYPTO_STREEBOG) += streebog_generic.o - obj-$(CONFIG_CRYPTO_WP512) += wp512.o - CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149 - obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o -+obj-$(CONFIG_CRYPTO_BLAKE2S) += blake2s_generic.o - obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o - obj-$(CONFIG_CRYPTO_ECB) += ecb.o - obj-$(CONFIG_CRYPTO_CBC) += cbc.o -diff --git a/crypto/blake2s_generic.c b/crypto/blake2s_generic.c -new file mode 100644 -index 000000000000..ed0c74640470 ---- /dev/null -+++ b/crypto/blake2s_generic.c -@@ -0,0 +1,171 @@ -+// SPDX-License-Identifier: GPL-2.0 OR MIT -+/* -+ * Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. -+ */ -+ -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+ -+static int crypto_blake2s_setkey(struct crypto_shash *tfm, const u8 *key, -+ unsigned int keylen) -+{ -+ struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(tfm); -+ -+ if (keylen == 0 || keylen > BLAKE2S_KEY_SIZE) { -+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); -+ return -EINVAL; -+ } -+ -+ memcpy(tctx->key, key, keylen); -+ tctx->keylen = keylen; -+ -+ return 0; -+} -+ -+static int crypto_blake2s_init(struct shash_desc *desc) -+{ -+ struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); -+ struct blake2s_state *state = shash_desc_ctx(desc); -+ const int outlen = crypto_shash_digestsize(desc->tfm); -+ -+ if (tctx->keylen) -+ blake2s_init_key(state, outlen, tctx->key, tctx->keylen); -+ else -+ blake2s_init(state, outlen); -+ -+ return 0; -+} -+ -+static int crypto_blake2s_update(struct shash_desc *desc, const u8 *in, -+ unsigned int inlen) -+{ -+ struct blake2s_state *state = shash_desc_ctx(desc); -+ const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen; -+ -+ if (unlikely(!inlen)) -+ return 0; -+ if (inlen > fill) { -+ memcpy(state->buf + state->buflen, in, fill); -+ blake2s_compress_generic(state, state->buf, 1, BLAKE2S_BLOCK_SIZE); -+ state->buflen = 0; -+ in += fill; -+ inlen -= fill; -+ } -+ if (inlen > BLAKE2S_BLOCK_SIZE) { -+ const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_SIZE); -+ /* Hash one less (full) block than strictly possible */ -+ blake2s_compress_generic(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE); -+ in += BLAKE2S_BLOCK_SIZE * (nblocks - 1); -+ inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1); -+ } -+ memcpy(state->buf + state->buflen, in, inlen); -+ state->buflen += inlen; -+ -+ return 0; -+} -+ -+static int crypto_blake2s_final(struct shash_desc *desc, u8 *out) -+{ -+ struct blake2s_state *state = shash_desc_ctx(desc); -+ -+ blake2s_set_lastblock(state); -+ memset(state->buf + state->buflen, 0, -+ BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */ -+ blake2s_compress_generic(state, state->buf, 1, state->buflen); -+ cpu_to_le32_array(state->h, ARRAY_SIZE(state->h)); -+ memcpy(out, state->h, state->outlen); -+ memzero_explicit(state, sizeof(*state)); -+ -+ return 0; -+} -+ -+static struct shash_alg blake2s_algs[] = {{ -+ .base.cra_name = "blake2s-128", -+ .base.cra_driver_name = "blake2s-128-generic", -+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, -+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx), -+ .base.cra_priority = 200, -+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE, -+ .base.cra_module = THIS_MODULE, -+ -+ .digestsize = BLAKE2S_128_HASH_SIZE, -+ .setkey = crypto_blake2s_setkey, -+ .init = crypto_blake2s_init, -+ .update = crypto_blake2s_update, -+ .final = crypto_blake2s_final, -+ .descsize = sizeof(struct blake2s_state), -+}, { -+ .base.cra_name = "blake2s-160", -+ .base.cra_driver_name = "blake2s-160-generic", -+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, -+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx), -+ .base.cra_priority = 200, -+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE, -+ .base.cra_module = THIS_MODULE, -+ -+ .digestsize = BLAKE2S_160_HASH_SIZE, -+ .setkey = crypto_blake2s_setkey, -+ .init = crypto_blake2s_init, -+ .update = crypto_blake2s_update, -+ .final = crypto_blake2s_final, -+ .descsize = sizeof(struct blake2s_state), -+}, { -+ .base.cra_name = "blake2s-224", -+ .base.cra_driver_name = "blake2s-224-generic", -+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, -+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx), -+ .base.cra_priority = 200, -+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE, -+ .base.cra_module = THIS_MODULE, -+ -+ .digestsize = BLAKE2S_224_HASH_SIZE, -+ .setkey = crypto_blake2s_setkey, -+ .init = crypto_blake2s_init, -+ .update = crypto_blake2s_update, -+ .final = crypto_blake2s_final, -+ .descsize = sizeof(struct blake2s_state), -+}, { -+ .base.cra_name = "blake2s-256", -+ .base.cra_driver_name = "blake2s-256-generic", -+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, -+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx), -+ .base.cra_priority = 200, -+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE, -+ .base.cra_module = THIS_MODULE, -+ -+ .digestsize = BLAKE2S_256_HASH_SIZE, -+ .setkey = crypto_blake2s_setkey, -+ .init = crypto_blake2s_init, -+ .update = crypto_blake2s_update, -+ .final = crypto_blake2s_final, -+ .descsize = sizeof(struct blake2s_state), -+}}; -+ -+static int __init blake2s_mod_init(void) -+{ -+ return crypto_register_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs)); -+} -+ -+static void __exit blake2s_mod_exit(void) -+{ -+ crypto_unregister_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs)); -+} -+ -+subsys_initcall(blake2s_mod_init); -+module_exit(blake2s_mod_exit); -+ -+MODULE_ALIAS_CRYPTO("blake2s-128"); -+MODULE_ALIAS_CRYPTO("blake2s-128-generic"); -+MODULE_ALIAS_CRYPTO("blake2s-160"); -+MODULE_ALIAS_CRYPTO("blake2s-160-generic"); -+MODULE_ALIAS_CRYPTO("blake2s-224"); -+MODULE_ALIAS_CRYPTO("blake2s-224-generic"); -+MODULE_ALIAS_CRYPTO("blake2s-256"); -+MODULE_ALIAS_CRYPTO("blake2s-256-generic"); -+MODULE_LICENSE("GPL v2"); -diff --git a/include/crypto/internal/blake2s.h b/include/crypto/internal/blake2s.h -index 941693effc7d..74ff77032e52 100644 ---- a/include/crypto/internal/blake2s.h -+++ b/include/crypto/internal/blake2s.h -@@ -5,6 +5,11 @@ - - #include - -+struct blake2s_tfm_ctx { -+ u8 key[BLAKE2S_KEY_SIZE]; -+ unsigned int keylen; -+}; -+ - void blake2s_compress_generic(struct blake2s_state *state,const u8 *block, - size_t nblocks, const u32 inc); - --- -2.18.4 - - -From 1e3f2470242925b270fd1b4e1cc22dec5d57d9d9 Mon Sep 17 00:00:00 2001 -From: "Jason A. Donenfeld" -Date: Fri, 8 Nov 2019 13:22:31 +0100 -Subject: [PATCH 024/159] crypto: blake2s - x86_64 SIMD implementation - -commit ed0356eda153f6a95649e11feb7b07083caf9e20 upstream. - -These implementations from Samuel Neves support AVX and AVX-512VL. -Originally this used AVX-512F, but Skylake thermal throttling made -AVX-512VL more attractive and possible to do with negligable difference. - -Signed-off-by: Jason A. Donenfeld -Signed-off-by: Samuel Neves -Co-developed-by: Samuel Neves -[ardb: move to arch/x86/crypto, wire into lib/crypto framework] -Signed-off-by: Ard Biesheuvel -Signed-off-by: Herbert Xu -Signed-off-by: Jason A. Donenfeld ---- - arch/x86/crypto/Makefile | 2 + - arch/x86/crypto/blake2s-core.S | 258 +++++++++++++++++++++++++++++++++ - arch/x86/crypto/blake2s-glue.c | 233 +++++++++++++++++++++++++++++ - crypto/Kconfig | 6 + - 4 files changed, 499 insertions(+) - create mode 100644 arch/x86/crypto/blake2s-core.S - create mode 100644 arch/x86/crypto/blake2s-glue.c - -diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile -index 759b1a927826..922c8ecfa00f 100644 ---- a/arch/x86/crypto/Makefile -+++ b/arch/x86/crypto/Makefile -@@ -48,6 +48,7 @@ ifeq ($(avx_supported),yes) - obj-$(CONFIG_CRYPTO_CAST6_AVX_X86_64) += cast6-avx-x86_64.o - obj-$(CONFIG_CRYPTO_TWOFISH_AVX_X86_64) += twofish-avx-x86_64.o - obj-$(CONFIG_CRYPTO_SERPENT_AVX_X86_64) += serpent-avx-x86_64.o -+ obj-$(CONFIG_CRYPTO_BLAKE2S_X86) += blake2s-x86_64.o - endif - - # These modules require assembler to support AVX2. -@@ -70,6 +71,7 @@ serpent-sse2-x86_64-y := serpent-sse2-x86_64-asm_64.o serpent_sse2_glue.o - aegis128-aesni-y := aegis128-aesni-asm.o aegis128-aesni-glue.o - - nhpoly1305-sse2-y := nh-sse2-x86_64.o nhpoly1305-sse2-glue.o -+blake2s-x86_64-y := blake2s-core.o blake2s-glue.o - - ifeq ($(avx_supported),yes) - camellia-aesni-avx-x86_64-y := camellia-aesni-avx-asm_64.o \ -diff --git a/arch/x86/crypto/blake2s-core.S b/arch/x86/crypto/blake2s-core.S -new file mode 100644 -index 000000000000..8591938eee26 ---- /dev/null -+++ b/arch/x86/crypto/blake2s-core.S -@@ -0,0 +1,258 @@ -+/* SPDX-License-Identifier: GPL-2.0 OR MIT */ -+/* -+ * Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. -+ * Copyright (C) 2017-2019 Samuel Neves . All Rights Reserved. -+ */ -+ -+#include -+ -+.section .rodata.cst32.BLAKE2S_IV, "aM", @progbits, 32 -+.align 32 -+IV: .octa 0xA54FF53A3C6EF372BB67AE856A09E667 -+ .octa 0x5BE0CD191F83D9AB9B05688C510E527F -+.section .rodata.cst16.ROT16, "aM", @progbits, 16 -+.align 16 -+ROT16: .octa 0x0D0C0F0E09080B0A0504070601000302 -+.section .rodata.cst16.ROR328, "aM", @progbits, 16 -+.align 16 -+ROR328: .octa 0x0C0F0E0D080B0A090407060500030201 -+.section .rodata.cst64.BLAKE2S_SIGMA, "aM", @progbits, 160 -+.align 64 -+SIGMA: -+.byte 0, 2, 4, 6, 1, 3, 5, 7, 14, 8, 10, 12, 15, 9, 11, 13 -+.byte 14, 4, 9, 13, 10, 8, 15, 6, 5, 1, 0, 11, 3, 12, 2, 7 -+.byte 11, 12, 5, 15, 8, 0, 2, 13, 9, 10, 3, 7, 4, 14, 6, 1 -+.byte 7, 3, 13, 11, 9, 1, 12, 14, 15, 2, 5, 4, 8, 6, 10, 0 -+.byte 9, 5, 2, 10, 0, 7, 4, 15, 3, 14, 11, 6, 13, 1, 12, 8 -+.byte 2, 6, 0, 8, 12, 10, 11, 3, 1, 4, 7, 15, 9, 13, 5, 14 -+.byte 12, 1, 14, 4, 5, 15, 13, 10, 8, 0, 6, 9, 11, 7, 3, 2 -+.byte 13, 7, 12, 3, 11, 14, 1, 9, 2, 5, 15, 8, 10, 0, 4, 6 -+.byte 6, 14, 11, 0, 15, 9, 3, 8, 10, 12, 13, 1, 5, 2, 7, 4 -+.byte 10, 8, 7, 1, 2, 4, 6, 5, 13, 15, 9, 3, 0, 11, 14, 12 -+#ifdef CONFIG_AS_AVX512 -+.section .rodata.cst64.BLAKE2S_SIGMA2, "aM", @progbits, 640 -+.align 64 -+SIGMA2: -+.long 0, 2, 4, 6, 1, 3, 5, 7, 14, 8, 10, 12, 15, 9, 11, 13 -+.long 8, 2, 13, 15, 10, 9, 12, 3, 6, 4, 0, 14, 5, 11, 1, 7 -+.long 11, 13, 8, 6, 5, 10, 14, 3, 2, 4, 12, 15, 1, 0, 7, 9 -+.long 11, 10, 7, 0, 8, 15, 1, 13, 3, 6, 2, 12, 4, 14, 9, 5 -+.long 4, 10, 9, 14, 15, 0, 11, 8, 1, 7, 3, 13, 2, 5, 6, 12 -+.long 2, 11, 4, 15, 14, 3, 10, 8, 13, 6, 5, 7, 0, 12, 1, 9 -+.long 4, 8, 15, 9, 14, 11, 13, 5, 3, 2, 1, 12, 6, 10, 7, 0 -+.long 6, 13, 0, 14, 12, 2, 1, 11, 15, 4, 5, 8, 7, 9, 3, 10 -+.long 15, 5, 4, 13, 10, 7, 3, 11, 12, 2, 0, 6, 9, 8, 1, 14 -+.long 8, 7, 14, 11, 13, 15, 0, 12, 10, 4, 5, 6, 3, 2, 1, 9 -+#endif /* CONFIG_AS_AVX512 */ -+ -+.text -+#ifdef CONFIG_AS_SSSE3 -+ENTRY(blake2s_compress_ssse3) -+ testq %rdx,%rdx -+ je .Lendofloop -+ movdqu (%rdi),%xmm0 -+ movdqu 0x10(%rdi),%xmm1 -+ movdqa ROT16(%rip),%xmm12 -+ movdqa ROR328(%rip),%xmm13 -+ movdqu 0x20(%rdi),%xmm14 -+ movq %rcx,%xmm15 -+ leaq SIGMA+0xa0(%rip),%r8 -+ jmp .Lbeginofloop -+ .align 32 -+.Lbeginofloop: -+ movdqa %xmm0,%xmm10 -+ movdqa %xmm1,%xmm11 -+ paddq %xmm15,%xmm14 -+ movdqa IV(%rip),%xmm2 -+ movdqa %xmm14,%xmm3 -+ pxor IV+0x10(%rip),%xmm3 -+ leaq SIGMA(%rip),%rcx -+.Lroundloop: -+ movzbl (%rcx),%eax -+ movd (%rsi,%rax,4),%xmm4 -+ movzbl 0x1(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm5 -+ movzbl 0x2(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm6 -+ movzbl 0x3(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm7 -+ punpckldq %xmm5,%xmm4 -+ punpckldq %xmm7,%xmm6 -+ punpcklqdq %xmm6,%xmm4 -+ paddd %xmm4,%xmm0 -+ paddd %xmm1,%xmm0 -+ pxor %xmm0,%xmm3 -+ pshufb %xmm12,%xmm3 -+ paddd %xmm3,%xmm2 -+ pxor %xmm2,%xmm1 -+ movdqa %xmm1,%xmm8 -+ psrld $0xc,%xmm1 -+ pslld $0x14,%xmm8 -+ por %xmm8,%xmm1 -+ movzbl 0x4(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm5 -+ movzbl 0x5(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm6 -+ movzbl 0x6(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm7 -+ movzbl 0x7(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm4 -+ punpckldq %xmm6,%xmm5 -+ punpckldq %xmm4,%xmm7 -+ punpcklqdq %xmm7,%xmm5 -+ paddd %xmm5,%xmm0 -+ paddd %xmm1,%xmm0 -+ pxor %xmm0,%xmm3 -+ pshufb %xmm13,%xmm3 -+ paddd %xmm3,%xmm2 -+ pxor %xmm2,%xmm1 -+ movdqa %xmm1,%xmm8 -+ psrld $0x7,%xmm1 -+ pslld $0x19,%xmm8 -+ por %xmm8,%xmm1 -+ pshufd $0x93,%xmm0,%xmm0 -+ pshufd $0x4e,%xmm3,%xmm3 -+ pshufd $0x39,%xmm2,%xmm2 -+ movzbl 0x8(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm6 -+ movzbl 0x9(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm7 -+ movzbl 0xa(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm4 -+ movzbl 0xb(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm5 -+ punpckldq %xmm7,%xmm6 -+ punpckldq %xmm5,%xmm4 -+ punpcklqdq %xmm4,%xmm6 -+ paddd %xmm6,%xmm0 -+ paddd %xmm1,%xmm0 -+ pxor %xmm0,%xmm3 -+ pshufb %xmm12,%xmm3 -+ paddd %xmm3,%xmm2 -+ pxor %xmm2,%xmm1 -+ movdqa %xmm1,%xmm8 -+ psrld $0xc,%xmm1 -+ pslld $0x14,%xmm8 -+ por %xmm8,%xmm1 -+ movzbl 0xc(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm7 -+ movzbl 0xd(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm4 -+ movzbl 0xe(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm5 -+ movzbl 0xf(%rcx),%eax -+ movd (%rsi,%rax,4),%xmm6 -+ punpckldq %xmm4,%xmm7 -+ punpckldq %xmm6,%xmm5 -+ punpcklqdq %xmm5,%xmm7 -+ paddd %xmm7,%xmm0 -+ paddd %xmm1,%xmm0 -+ pxor %xmm0,%xmm3 -+ pshufb %xmm13,%xmm3 -+ paddd %xmm3,%xmm2 -+ pxor %xmm2,%xmm1 -+ movdqa %xmm1,%xmm8 -+ psrld $0x7,%xmm1 -+ pslld $0x19,%xmm8 -+ por %xmm8,%xmm1 -+ pshufd $0x39,%xmm0,%xmm0 -+ pshufd $0x4e,%xmm3,%xmm3 -+ pshufd $0x93,%xmm2,%xmm2 -+ addq $0x10,%rcx -+ cmpq %r8,%rcx -+ jnz .Lroundloop -+ pxor %xmm2,%xmm0 -+ pxor %xmm3,%xmm1 -+ pxor %xmm10,%xmm0 -+ pxor %xmm11,%xmm1 -+ addq $0x40,%rsi -+ decq %rdx -+ jnz .Lbeginofloop -+ movdqu %xmm0,(%rdi) -+ movdqu %xmm1,0x10(%rdi) -+ movdqu %xmm14,0x20(%rdi) -+.Lendofloop: -+ ret -+ENDPROC(blake2s_compress_ssse3) -+#endif /* CONFIG_AS_SSSE3 */ -+ -+#ifdef CONFIG_AS_AVX512 -+ENTRY(blake2s_compress_avx512) -+ vmovdqu (%rdi),%xmm0 -+ vmovdqu 0x10(%rdi),%xmm1 -+ vmovdqu 0x20(%rdi),%xmm4 -+ vmovq %rcx,%xmm5 -+ vmovdqa IV(%rip),%xmm14 -+ vmovdqa IV+16(%rip),%xmm15 -+ jmp .Lblake2s_compress_avx512_mainloop -+.align 32 -+.Lblake2s_compress_avx512_mainloop: -+ vmovdqa %xmm0,%xmm10 -+ vmovdqa %xmm1,%xmm11 -+ vpaddq %xmm5,%xmm4,%xmm4 -+ vmovdqa %xmm14,%xmm2 -+ vpxor %xmm15,%xmm4,%xmm3 -+ vmovdqu (%rsi),%ymm6 -+ vmovdqu 0x20(%rsi),%ymm7 -+ addq $0x40,%rsi -+ leaq SIGMA2(%rip),%rax -+ movb $0xa,%cl -+.Lblake2s_compress_avx512_roundloop: -+ addq $0x40,%rax -+ vmovdqa -0x40(%rax),%ymm8 -+ vmovdqa -0x20(%rax),%ymm9 -+ vpermi2d %ymm7,%ymm6,%ymm8 -+ vpermi2d %ymm7,%ymm6,%ymm9 -+ vmovdqa %ymm8,%ymm6 -+ vmovdqa %ymm9,%ymm7 -+ vpaddd %xmm8,%xmm0,%xmm0 -+ vpaddd %xmm1,%xmm0,%xmm0 -+ vpxor %xmm0,%xmm3,%xmm3 -+ vprord $0x10,%xmm3,%xmm3 -+ vpaddd %xmm3,%xmm2,%xmm2 -+ vpxor %xmm2,%xmm1,%xmm1 -+ vprord $0xc,%xmm1,%xmm1 -+ vextracti128 $0x1,%ymm8,%xmm8 -+ vpaddd %xmm8,%xmm0,%xmm0 -+ vpaddd %xmm1,%xmm0,%xmm0 -+ vpxor %xmm0,%xmm3,%xmm3 -+ vprord $0x8,%xmm3,%xmm3 -+ vpaddd %xmm3,%xmm2,%xmm2 -+ vpxor %xmm2,%xmm1,%xmm1 -+ vprord $0x7,%xmm1,%xmm1 -+ vpshufd $0x93,%xmm0,%xmm0 -+ vpshufd $0x4e,%xmm3,%xmm3 -+ vpshufd $0x39,%xmm2,%xmm2 -+ vpaddd %xmm9,%xmm0,%xmm0 -+ vpaddd %xmm1,%xmm0,%xmm0 -+ vpxor %xmm0,%xmm3,%xmm3 -+ vprord $0x10,%xmm3,%xmm3 -+ vpaddd %xmm3,%xmm2,%xmm2 -+ vpxor %xmm2,%xmm1,%xmm1 -+ vprord $0xc,%xmm1,%xmm1 -+ vextracti128 $0x1,%ymm9,%xmm9 -+ vpaddd %xmm9,%xmm0,%xmm0 -+ vpaddd %xmm1,%xmm0,%xmm0 -+ vpxor %xmm0,%xmm3,%xmm3 -+ vprord $0x8,%xmm3,%xmm3 -+ vpaddd %xmm3,%xmm2,%xmm2 -+ vpxor %xmm2,%xmm1,%xmm1 -+ vprord $0x7,%xmm1,%xmm1 -+ vpshufd $0x39,%xmm0,%xmm0 -+ vpshufd $0x4e,%xmm3,%xmm3 -+ vpshufd $0x93,%xmm2,%xmm2 -+ decb %cl -+ jne .Lblake2s_compress_avx512_roundloop -+ vpxor %xmm10,%xmm0,%xmm0 -+ vpxor %xmm11,%xmm1,%xmm1 -+ vpxor %xmm2,%xmm0,%xmm0 -+ vpxor %xmm3,%xmm1,%xmm1 -+ decq %rdx -+ jne .Lblake2s_compress_avx512_mainloop -+ vmovdqu %xmm0,(%rdi) -+ vmovdqu %xmm1,0x10(%rdi) -+ vmovdqu %xmm4,0x20(%rdi) -+ vzeroupper -+ retq -+ENDPROC(blake2s_compress_avx512) -+#endif /* CONFIG_AS_AVX512 */ -diff --git a/arch/x86/crypto/blake2s-glue.c b/arch/x86/crypto/blake2s-glue.c -new file mode 100644 -index 000000000000..4a37ba7cdbe5 ---- /dev/null -+++ b/arch/x86/crypto/blake2s-glue.c -@@ -0,0 +1,233 @@ -+// SPDX-License-Identifier: GPL-2.0 OR MIT -+/* -+ * Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. -+ */ -+ -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+ -+asmlinkage void blake2s_compress_ssse3(struct blake2s_state *state, -+ const u8 *block, const size_t nblocks, -+ const u32 inc); -+asmlinkage void blake2s_compress_avx512(struct blake2s_state *state, -+ const u8 *block, const size_t nblocks, -+ const u32 inc); -+ -+static __ro_after_init DEFINE_STATIC_KEY_FALSE(blake2s_use_ssse3); -+static __ro_after_init DEFINE_STATIC_KEY_FALSE(blake2s_use_avx512); -+ -+void blake2s_compress_arch(struct blake2s_state *state, -+ const u8 *block, size_t nblocks, -+ const u32 inc) -+{ -+ /* SIMD disables preemption, so relax after processing each page. */ -+ BUILD_BUG_ON(PAGE_SIZE / BLAKE2S_BLOCK_SIZE < 8); -+ -+ if (!static_branch_likely(&blake2s_use_ssse3) || !crypto_simd_usable()) { -+ blake2s_compress_generic(state, block, nblocks, inc); -+ return; -+ } -+ -+ for (;;) { -+ const size_t blocks = min_t(size_t, nblocks, -+ PAGE_SIZE / BLAKE2S_BLOCK_SIZE); -+ -+ kernel_fpu_begin(); -+ if (IS_ENABLED(CONFIG_AS_AVX512) && -+ static_branch_likely(&blake2s_use_avx512)) -+ blake2s_compress_avx512(state, block, blocks, inc); -+ else -+ blake2s_compress_ssse3(state, block, blocks, inc); -+ kernel_fpu_end(); -+ -+ nblocks -= blocks; -+ if (!nblocks) -+ break; -+ block += blocks * BLAKE2S_BLOCK_SIZE; -+ } -+} -+EXPORT_SYMBOL(blake2s_compress_arch); -+ -+static int crypto_blake2s_setkey(struct crypto_shash *tfm, const u8 *key, -+ unsigned int keylen) -+{ -+ struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(tfm); -+ -+ if (keylen == 0 || keylen > BLAKE2S_KEY_SIZE) { -+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); -+ return -EINVAL; -+ } -+ -+ memcpy(tctx->key, key, keylen); -+ tctx->keylen = keylen; -+ -+ return 0; -+} -+ -+static int crypto_blake2s_init(struct shash_desc *desc) -+{ -+ struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); -+ struct blake2s_state *state = shash_desc_ctx(desc); -+ const int outlen = crypto_shash_digestsize(desc->tfm); -+ -+ if (tctx->keylen) -+ blake2s_init_key(state, outlen, tctx->key, tctx->keylen); -+ else -+ blake2s_init(state, outlen); -+ -+ return 0; -+} -+ -+static int crypto_blake2s_update(struct shash_desc *desc, const u8 *in, -+ unsigned int inlen) -+{ -+ struct blake2s_state *state = shash_desc_ctx(desc); -+ const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen; -+ -+ if (unlikely(!inlen)) -+ return 0; -+ if (inlen > fill) { -+ memcpy(state->buf + state->buflen, in, fill); -+ blake2s_compress_arch(state, state->buf, 1, BLAKE2S_BLOCK_SIZE); -+ state->buflen = 0; -+ in += fill; -+ inlen -= fill; -+ } -+ if (inlen > BLAKE2S_BLOCK_SIZE) { -+ const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_SIZE); -+ /* Hash one less (full) block than strictly possible */ -+ blake2s_compress_arch(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE); -+ in += BLAKE2S_BLOCK_SIZE * (nblocks - 1); -+ inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1); -+ } -+ memcpy(state->buf + state->buflen, in, inlen); -+ state->buflen += inlen; -+ -+ return 0; -+} -+ -+static int crypto_blake2s_final(struct shash_desc *desc, u8 *out) -+{ -+ struct blake2s_state *state = shash_desc_ctx(desc); -+ -+ blake2s_set_lastblock(state); -+ memset(state->buf + state->buflen, 0, -+ BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */ -+ blake2s_compress_arch(state, state->buf, 1, state->buflen); -+ cpu_to_le32_array(state->h, ARRAY_SIZE(state->h)); -+ memcpy(out, state->h, state->outlen); -+ memzero_explicit(state, sizeof(*state)); -+ -+ return 0; -+} -+ -+static struct shash_alg blake2s_algs[] = {{ -+ .base.cra_name = "blake2s-128", -+ .base.cra_driver_name = "blake2s-128-x86", -+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, -+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx), -+ .base.cra_priority = 200, -+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE, -+ .base.cra_module = THIS_MODULE, -+ -+ .digestsize = BLAKE2S_128_HASH_SIZE, -+ .setkey = crypto_blake2s_setkey, -+ .init = crypto_blake2s_init, -+ .update = crypto_blake2s_update, -+ .final = crypto_blake2s_final, -+ .descsize = sizeof(struct blake2s_state), -+}, { -+ .base.cra_name = "blake2s-160", -+ .base.cra_driver_name = "blake2s-160-x86", -+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, -+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx), -+ .base.cra_priority = 200, -+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE, -+ .base.cra_module = THIS_MODULE, -+ -+ .digestsize = BLAKE2S_160_HASH_SIZE, -+ .setkey = crypto_blake2s_setkey, -+ .init = crypto_blake2s_init, -+ .update = crypto_blake2s_update, -+ .final = crypto_blake2s_final, -+ .descsize = sizeof(struct blake2s_state), -+}, { -+ .base.cra_name = "blake2s-224", -+ .base.cra_driver_name = "blake2s-224-x86", -+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, -+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx), -+ .base.cra_priority = 200, -+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE, -+ .base.cra_module = THIS_MODULE, -+ -+ .digestsize = BLAKE2S_224_HASH_SIZE, -+ .setkey = crypto_blake2s_setkey, -+ .init = crypto_blake2s_init, -+ .update = crypto_blake2s_update, -+ .final = crypto_blake2s_final, -+ .descsize = sizeof(struct blake2s_state), -+}, { -+ .base.cra_name = "blake2s-256", -+ .base.cra_driver_name = "blake2s-256-x86", -+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, -+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx), -+ .base.cra_priority = 200, -+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE, -+ .base.cra_module = THIS_MODULE, -+ -+ .digestsize = BLAKE2S_256_HASH_SIZE, -+ .setkey = crypto_blake2s_setkey, -+ .init = crypto_blake2s_init, -+ .update = crypto_blake2s_update, -+ .final = crypto_blake2s_final, -+ .descsize = sizeof(struct blake2s_state), -+}}; -+ -+static int __init blake2s_mod_init(void) -+{ -+ if (!boot_cpu_has(X86_FEATURE_SSSE3)) -+ return 0; -+ -+ static_branch_enable(&blake2s_use_ssse3); -+ -+ if (IS_ENABLED(CONFIG_AS_AVX512) && -+ boot_cpu_has(X86_FEATURE_AVX) && -+ boot_cpu_has(X86_FEATURE_AVX2) && -+ boot_cpu_has(X86_FEATURE_AVX512F) && -+ boot_cpu_has(X86_FEATURE_AVX512VL) && -+ cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM | -+ XFEATURE_MASK_AVX512, NULL)) -+ static_branch_enable(&blake2s_use_avx512); -+ -+ return crypto_register_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs)); -+} -+ -+static void __exit blake2s_mod_exit(void) -+{ -+ if (boot_cpu_has(X86_FEATURE_SSSE3)) -+ crypto_unregister_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs)); -+} -+ -+module_init(blake2s_mod_init); -+module_exit(blake2s_mod_exit); -+ -+MODULE_ALIAS_CRYPTO("blake2s-128"); -+MODULE_ALIAS_CRYPTO("blake2s-128-x86"); -+MODULE_ALIAS_CRYPTO("blake2s-160"); -+MODULE_ALIAS_CRYPTO("blake2s-160-x86"); -+MODULE_ALIAS_CRYPTO("blake2s-224"); -+MODULE_ALIAS_CRYPTO("blake2s-224-x86"); -+MODULE_ALIAS_CRYPTO("blake2s-256"); -+MODULE_ALIAS_CRYPTO("blake2s-256-x86"); -+MODULE_LICENSE("GPL v2"); -diff --git a/crypto/Kconfig b/crypto/Kconfig -index e60c08264820..73427ae80857 100644 ---- a/crypto/Kconfig -+++ b/crypto/Kconfig -@@ -657,6 +657,12 @@ config CRYPTO_BLAKE2S - - See https://blake2.net for further information. - -+config CRYPTO_BLAKE2S_X86 -+ tristate "BLAKE2s digest algorithm (x86 accelerated version)" -+ depends on X86 && 64BIT -+ select CRYPTO_LIB_BLAKE2S_GENERIC -+ select CRYPTO_ARCH_HAVE_LIB_BLAKE2S -+ - config CRYPTO_CRCT10DIF - tristate "CRCT10DIF algorithm" - select CRYPTO_HASH --- -2.18.4 - - -From 5d45a6dc28e8621317b1f3394347b42591c9e61a Mon Sep 17 00:00:00 2001 +From 94e8427c0cd9be8d665ae5d5a0b9a7d2cfd0cffd Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:32 +0100 -Subject: [PATCH 025/159] crypto: curve25519 - generic C library +Subject: [PATCH 021/157] crypto: curve25519 - generic C library implementations commit 0ed42a6f431e930b2e8fae21955406e09fe75d70 upstream. @@ -14271,10 +12003,10 @@ index 000000000000..4e6dc840b159 + +#endif /* CURVE25519_H */ diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig -index 7ad98b624e55..b1d830dc1c9e 100644 +index d15ec5382986..37c1b5ba0505 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig -@@ -59,6 +59,31 @@ config CRYPTO_LIB_CHACHA +@@ -34,6 +34,31 @@ config CRYPTO_LIB_CHACHA by either the generic implementation or an arch-specific one, if one is available and enabled. @@ -14307,12 +12039,12 @@ index 7ad98b624e55..b1d830dc1c9e 100644 tristate diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile -index 8ca66b5f9807..273c55d5e147 100644 +index a26bc6eb3cf3..5c228e47f593 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile -@@ -16,6 +16,11 @@ libblake2s-generic-y += blake2s-generic.o - obj-$(CONFIG_CRYPTO_LIB_BLAKE2S) += libblake2s.o - libblake2s-y += blake2s.o +@@ -10,6 +10,11 @@ libaes-y := aes.o + obj-$(CONFIG_CRYPTO_LIB_ARC4) += libarc4.o + libarc4-y := arc4.o +obj-$(CONFIG_CRYPTO_LIB_CURVE25519_GENERIC) += libcurve25519.o +libcurve25519-y := curve25519-fiat32.o @@ -16021,10 +13753,10 @@ index 000000000000..0106bebe6900 2.18.4 -From 95add630b14661c73f5e5995855e652d302d391e Mon Sep 17 00:00:00 2001 +From b5994d65bd04553a35635f0d35768b3bfaacd8c8 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:33 +0100 -Subject: [PATCH 026/159] crypto: curve25519 - add kpp selftest +Subject: [PATCH 022/157] crypto: curve25519 - add kpp selftest commit f613457a7af085728297bef71233c37faf3c01b1 upstream. @@ -16041,10 +13773,10 @@ Signed-off-by: Jason A. Donenfeld 2 files changed, 1231 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c -index 711390861f71..57ab993b9ad2 100644 +index 7473c5bc06b1..48705f2b2a7b 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c -@@ -4295,6 +4295,12 @@ static const struct alg_test_desc alg_test_descs[] = { +@@ -4271,6 +4271,12 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "cts(cbc(paes))", .test = alg_test_null, .fips_allowed = 1, @@ -16058,7 +13790,7 @@ index 711390861f71..57ab993b9ad2 100644 .alg = "deflate", .test = alg_test_comp, diff --git a/crypto/testmgr.h b/crypto/testmgr.h -index 102fcad54966..5d132ae996b4 100644 +index ef7d21f39d4a..66c1920e50df 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -1030,6 +1030,1231 @@ static const struct kpp_testvec dh_tv_template[] = { @@ -17297,10 +15029,10 @@ index 102fcad54966..5d132ae996b4 100644 2.18.4 -From e71d4daaebdb50bfafbe962c136691360b24d2bb Mon Sep 17 00:00:00 2001 +From 8d4dff3cece52e2c975c82e59dc0bc93034b8cae Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:34 +0100 -Subject: [PATCH 027/159] crypto: curve25519 - implement generic KPP driver +Subject: [PATCH 023/157] crypto: curve25519 - implement generic KPP driver commit ee772cb641135739c1530647391d5a04c39db192 upstream. @@ -17317,7 +15049,7 @@ Signed-off-by: Jason A. Donenfeld create mode 100644 crypto/curve25519-generic.c diff --git a/crypto/Kconfig b/crypto/Kconfig -index 73427ae80857..e96b33e83061 100644 +index cd1497e64d9d..22ca95980c57 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -264,6 +264,11 @@ config CRYPTO_ECRDSA @@ -17333,10 +15065,10 @@ index 73427ae80857..e96b33e83061 100644 config CRYPTO_CCM diff --git a/crypto/Makefile b/crypto/Makefile -index fd27edea7c8e..4e7a0a8f7e35 100644 +index aa740c8492b9..efa3d045392a 100644 --- a/crypto/Makefile +++ b/crypto/Makefile -@@ -167,6 +167,7 @@ obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o +@@ -166,6 +166,7 @@ obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o obj-$(CONFIG_CRYPTO_OFB) += ofb.o obj-$(CONFIG_CRYPTO_ECC) += ecc.o obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o @@ -17444,10 +15176,10 @@ index 000000000000..bd88fd571393 2.18.4 -From c608cf32815812ce6f5eead5ee22abaedcdcb6b0 Mon Sep 17 00:00:00 2001 +From e78176cb1880b2ef1558d2b3eb05494f71be9486 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:35 +0100 -Subject: [PATCH 028/159] crypto: lib/curve25519 - work around Clang stack +Subject: [PATCH 024/157] crypto: lib/curve25519 - work around Clang stack spilling issue commit 660bb8e1f833ea63185fe80fde847e3e42f18e3b upstream. @@ -17525,10 +15257,10 @@ index 1c455207341d..2fde0ec33dbd 100644 2.18.4 -From c3013b4aba7c669d6f131a23a63d115551f7fbcb Mon Sep 17 00:00:00 2001 +From 9d5fd7aced165669be9a82664f2aae6e7c237338 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:36 +0100 -Subject: [PATCH 029/159] crypto: curve25519 - x86_64 library and KPP +Subject: [PATCH 025/157] crypto: curve25519 - x86_64 library and KPP implementations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -17560,7 +15292,7 @@ Signed-off-by: Jason A. Donenfeld create mode 100644 arch/x86/crypto/curve25519-x86_64.c diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile -index 922c8ecfa00f..958440eae27e 100644 +index 759b1a927826..c5efa238fc21 100644 --- a/arch/x86/crypto/Makefile +++ b/arch/x86/crypto/Makefile @@ -39,6 +39,7 @@ obj-$(CONFIG_CRYPTO_AEGIS128_AESNI_SSE2) += aegis128-aesni.o @@ -20053,7 +17785,7 @@ index 000000000000..a52a3fb15727 +MODULE_ALIAS_CRYPTO("curve25519-x86"); +MODULE_LICENSE("GPL v2"); diff --git a/crypto/Kconfig b/crypto/Kconfig -index e96b33e83061..22b8a3517037 100644 +index 22ca95980c57..5bf4537cab23 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -269,6 +269,12 @@ config CRYPTO_CURVE25519 @@ -20073,10 +17805,10 @@ index e96b33e83061..22b8a3517037 100644 2.18.4 -From 59e0eeb67ee83bc1081d63939f6ca686de985c8c Mon Sep 17 00:00:00 2001 +From 59b7654e0f95eb4e1e988a343551a8bfeb054667 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:37 +0100 -Subject: [PATCH 030/159] crypto: arm/curve25519 - import Bernstein and +Subject: [PATCH 026/157] crypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation commit f0fb006b604f98e2309a30f34ef455ac734f7c1c upstream. @@ -22215,10 +19947,10 @@ index 000000000000..f33b85fef382 2.18.4 -From c060bc5474a402c02d4031958501afce982d96f6 Mon Sep 17 00:00:00 2001 +From 4f0755a2b9406f0b6289525bc583f2615312dc13 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:38 +0100 -Subject: [PATCH 031/159] crypto: arm/curve25519 - wire up NEON implementation +Subject: [PATCH 027/157] crypto: arm/curve25519 - wire up NEON implementation commit d8f1308a025fc7e00414194ed742d5f05a21e13c upstream. @@ -22266,10 +19998,10 @@ Signed-off-by: Jason A. Donenfeld create mode 100644 arch/arm/crypto/curve25519-glue.c diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig -index 2e8a9289bded..61fa7e4aa8f9 100644 +index 7d419f1072d4..62dcc497d077 100644 --- a/arch/arm/crypto/Kconfig +++ b/arch/arm/crypto/Kconfig -@@ -141,4 +141,10 @@ config CRYPTO_NHPOLY1305_NEON +@@ -143,4 +143,10 @@ config CRYPTO_NHPOLY1305_NEON depends on KERNEL_MODE_NEON select CRYPTO_NHPOLY1305 @@ -22281,7 +20013,7 @@ index 2e8a9289bded..61fa7e4aa8f9 100644 + endif diff --git a/arch/arm/crypto/Makefile b/arch/arm/crypto/Makefile -index 4f6a8a81dabc..7700385cec9f 100644 +index d568d699b3b7..b745c17d356f 100644 --- a/arch/arm/crypto/Makefile +++ b/arch/arm/crypto/Makefile @@ -12,6 +12,7 @@ obj-$(CONFIG_CRYPTO_SHA512_ARM) += sha512-arm.o @@ -22290,9 +20022,9 @@ index 4f6a8a81dabc..7700385cec9f 100644 obj-$(CONFIG_CRYPTO_NHPOLY1305_NEON) += nhpoly1305-neon.o +obj-$(CONFIG_CRYPTO_CURVE25519_NEON) += curve25519-neon.o - ce-obj-$(CONFIG_CRYPTO_AES_ARM_CE) += aes-arm-ce.o - ce-obj-$(CONFIG_CRYPTO_SHA1_ARM_CE) += sha1-arm-ce.o -@@ -58,6 +59,7 @@ chacha-neon-y := chacha-scalar-core.o chacha-glue.o + obj-$(CONFIG_CRYPTO_AES_ARM_CE) += aes-arm-ce.o + obj-$(CONFIG_CRYPTO_SHA1_ARM_CE) += sha1-arm-ce.o +@@ -38,6 +39,7 @@ chacha-neon-y := chacha-scalar-core.o chacha-glue.o chacha-neon-$(CONFIG_KERNEL_MODE_NEON) += chacha-neon-core.o poly1305-arm-y := poly1305-core.o poly1305-glue.o nhpoly1305-neon-y := nh-neon-core.o nhpoly1305-neon-glue.o @@ -23286,10 +21018,10 @@ index 000000000000..2e9e12d2f642 2.18.4 -From def8144c55db7d41e7bf8aef9a2d219e12c9d027 Mon Sep 17 00:00:00 2001 +From 67ff55b2a15859dd9fcdd3829a09b4be48eb5e5f Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:39 +0100 -Subject: [PATCH 032/159] crypto: chacha20poly1305 - import construction and +Subject: [PATCH 028/157] crypto: chacha20poly1305 - import construction and selftest from Zinc commit ed20078b7e3331e82828be357147af6a3282e4ce upstream. @@ -23361,10 +21093,10 @@ index 000000000000..ad3b1de58df8 + +#endif /* __CHACHA20POLY1305_H */ diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig -index b1d830dc1c9e..0b2c4fce26d9 100644 +index 37c1b5ba0505..fe6b36e9a336 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig -@@ -119,5 +119,12 @@ config CRYPTO_LIB_POLY1305 +@@ -94,5 +94,12 @@ config CRYPTO_LIB_POLY1305 by either the generic implementation or an arch-specific one, if one is available and enabled. @@ -23378,12 +21110,12 @@ index b1d830dc1c9e..0b2c4fce26d9 100644 config CRYPTO_LIB_SHA256 tristate diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile -index 273c55d5e147..34a701ab8b92 100644 +index 5c228e47f593..301e25d693e5 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile -@@ -16,6 +16,9 @@ libblake2s-generic-y += blake2s-generic.o - obj-$(CONFIG_CRYPTO_LIB_BLAKE2S) += libblake2s.o - libblake2s-y += blake2s.o +@@ -10,6 +10,9 @@ libaes-y := aes.o + obj-$(CONFIG_CRYPTO_LIB_ARC4) += libarc4.o + libarc4-y := arc4.o +obj-$(CONFIG_CRYPTO_LIB_CHACHA20POLY1305) += libchacha20poly1305.o +libchacha20poly1305-y += chacha20poly1305.o @@ -23391,8 +21123,8 @@ index 273c55d5e147..34a701ab8b92 100644 obj-$(CONFIG_CRYPTO_LIB_CURVE25519_GENERIC) += libcurve25519.o libcurve25519-y := curve25519-fiat32.o libcurve25519-$(CONFIG_ARCH_SUPPORTS_INT128) := curve25519-hacl64.o -@@ -32,4 +35,5 @@ libsha256-y := sha256.o - +@@ -28,4 +31,5 @@ obj-y += libblake2s.o + libblake2s-y += blake2s.o blake2s-generic.o ifneq ($(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS),y) libblake2s-y += blake2s-selftest.o +libchacha20poly1305-y += chacha20poly1305-selftest.o @@ -30980,10 +28712,10 @@ index 000000000000..c12ddbe9eb92 2.18.4 -From 9866660a7d46e7783d7f2b7fa80305f79a533bc8 Mon Sep 17 00:00:00 2001 +From d4f107d9d4d980662bda005e95c886ce2d32617b Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:40 +0100 -Subject: [PATCH 033/159] crypto: lib/chacha20poly1305 - reimplement +Subject: [PATCH 029/157] crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine commit d95312a3ccc0cd544d374be2fc45aeaa803e5fd9 upstream. @@ -31285,10 +29017,10 @@ index c12ddbe9eb92..821e5cc9b14e 100644 2.18.4 -From b134454dd42562a9e47d2f9cd68ca168385b5e16 Mon Sep 17 00:00:00 2001 +From 54dca6aa6773b119aa13d09e9dacdd99aeb6f1ea Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 17 Nov 2019 23:21:29 -0800 -Subject: [PATCH 034/159] crypto: chacha_generic - remove unnecessary setkey() +Subject: [PATCH 030/157] crypto: chacha_generic - remove unnecessary setkey() functions commit 2043323a799a660bc84bbee404cf7a2617ec6157 upstream. @@ -31359,10 +29091,10 @@ index c1b147318393..8beea79ab117 100644 2.18.4 -From 84a2cf1c7e8d95cb069bed3256deb0964513256e Mon Sep 17 00:00:00 2001 +From e5b004bc65c9bec4423eb5238e6cac222da4426e Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 17 Nov 2019 23:21:58 -0800 -Subject: [PATCH 035/159] crypto: x86/chacha - only unregister algorithms if +Subject: [PATCH 031/157] crypto: x86/chacha - only unregister algorithms if registered commit b62755aed3a3f5ca9edd2718339ccea3b6bbbe57 upstream. @@ -31397,10 +29129,10 @@ index b391e13a9e41..a94e30b6f941 100644 2.18.4 -From ea831d20f1b44603bd282753db2e9140ef594013 Mon Sep 17 00:00:00 2001 +From 3366eb9191fd5eb2301f0930995863be6ce15527 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 17 Nov 2019 23:22:16 -0800 -Subject: [PATCH 036/159] crypto: lib/chacha20poly1305 - use chacha20_crypt() +Subject: [PATCH 032/157] crypto: lib/chacha20poly1305 - use chacha20_crypt() commit 413808b71e6204b0cc1eeaa77960f7c3cd381d33 upstream. @@ -31486,10 +29218,10 @@ index 821e5cc9b14e..6d83cafebc69 100644 2.18.4 -From 5f2b07c7c082f83f682e3c2725730a868750422c Mon Sep 17 00:00:00 2001 +From 4d580570f81e6aee2a75167f39bf6c93f976a752 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 25 Nov 2019 11:31:12 +0100 -Subject: [PATCH 037/159] crypto: arch - conditionalize crypto api in arch glue +Subject: [PATCH 033/157] crypto: arch - conditionalize crypto api in arch glue for lib code commit 8394bfec51e0e565556101bcc4e2fe7551104cd8 upstream. @@ -31512,11 +29244,10 @@ Signed-off-by: Jason A. Donenfeld arch/arm64/crypto/poly1305-glue.c | 5 +++-- arch/mips/crypto/chacha-glue.c | 6 ++++-- arch/mips/crypto/poly1305-glue.c | 6 ++++-- - arch/x86/crypto/blake2s-glue.c | 6 ++++-- arch/x86/crypto/chacha_glue.c | 5 +++-- arch/x86/crypto/curve25519-x86_64.c | 7 ++++--- arch/x86/crypto/poly1305_glue.c | 5 +++-- - 11 files changed, 53 insertions(+), 32 deletions(-) + 10 files changed, 49 insertions(+), 30 deletions(-) diff --git a/arch/arm/crypto/chacha-glue.c b/arch/arm/crypto/chacha-glue.c index 3f0c057aa050..7bdf8823066d 100644 @@ -31700,27 +29431,6 @@ index b759b6ccc361..b37d29cf5d0a 100644 } module_init(mips_poly1305_mod_init); -diff --git a/arch/x86/crypto/blake2s-glue.c b/arch/x86/crypto/blake2s-glue.c -index 4a37ba7cdbe5..1d9ff8a45e1f 100644 ---- a/arch/x86/crypto/blake2s-glue.c -+++ b/arch/x86/crypto/blake2s-glue.c -@@ -210,12 +210,14 @@ static int __init blake2s_mod_init(void) - XFEATURE_MASK_AVX512, NULL)) - static_branch_enable(&blake2s_use_avx512); - -- return crypto_register_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs)); -+ return IS_REACHABLE(CONFIG_CRYPTO_HASH) ? -+ crypto_register_shashes(blake2s_algs, -+ ARRAY_SIZE(blake2s_algs)) : 0; - } - - static void __exit blake2s_mod_exit(void) - { -- if (boot_cpu_has(X86_FEATURE_SSSE3)) -+ if (IS_REACHABLE(CONFIG_CRYPTO_HASH) && boot_cpu_has(X86_FEATURE_SSSE3)) - crypto_unregister_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs)); - } - diff --git a/arch/x86/crypto/chacha_glue.c b/arch/x86/crypto/chacha_glue.c index a94e30b6f941..1bebe11b9ec9 100644 --- a/arch/x86/crypto/chacha_glue.c @@ -31787,10 +29497,10 @@ index 370cd88068ec..0cc4537e6617 100644 2.18.4 -From ae4179841d650010bede59a2e6c7a1d875d02bf3 Mon Sep 17 00:00:00 2001 +From 0b61941c407c137ec1b6a166a21099e923415780 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Valdis=20Kl=C4=93tnieks?= Date: Thu, 5 Dec 2019 20:58:36 -0500 -Subject: [PATCH 038/159] crypto: chacha - fix warning message in header file +Subject: [PATCH 034/157] crypto: chacha - fix warning message in header file commit 579d705cd64e44f3fcda1a6cfd5f37468a5ddf63 upstream. @@ -31828,10 +29538,10 @@ index aa5d4a16aac5..b085dc1ac151 100644 2.18.4 -From 2931c1b7610aab7fd92bbfbb18fbd205b0524a78 Mon Sep 17 00:00:00 2001 +From 141d6b2c92e17fb94f1da500982f8345ef5d9f76 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 11 Dec 2019 10:26:39 +0100 -Subject: [PATCH 039/159] crypto: arm/curve25519 - add arch-specific key +Subject: [PATCH 035/157] crypto: arm/curve25519 - add arch-specific key generation function commit 84faa307249b341f6ad8de3e1869d77a65e26669 upstream. @@ -31872,10 +29582,10 @@ index f3f42cf3b893..776ae07e0469 100644 2.18.4 -From f663fd20573c464fb6a1485023b533ac6a909738 Mon Sep 17 00:00:00 2001 +From 84bdddf25c340764bde8d8024ad364c8eee2301e Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 16 Dec 2019 19:53:26 +0100 -Subject: [PATCH 040/159] crypto: lib/curve25519 - re-add selftests +Subject: [PATCH 036/157] crypto: lib/curve25519 - re-add selftests commit aa127963f1cab2b93c74c9b128a84610203fb674 upstream. @@ -31895,10 +29605,10 @@ Signed-off-by: Jason A. Donenfeld create mode 100644 lib/crypto/curve25519-selftest.c diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile -index 34a701ab8b92..f97f9b941110 100644 +index 301e25d693e5..15c5d3b4a249 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile -@@ -36,4 +36,5 @@ libsha256-y := sha256.o +@@ -32,4 +32,5 @@ libblake2s-y += blake2s.o blake2s-generic.o ifneq ($(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS),y) libblake2s-y += blake2s-selftest.o libchacha20poly1305-y += chacha20poly1305-selftest.o @@ -33270,10 +30980,10 @@ index 0106bebe6900..c03ccdb99434 100644 2.18.4 -From 4446f15e710a4b5570fcae38794729693ebae464 Mon Sep 17 00:00:00 2001 +From 400c9d28db60f47835dae533359b3662254d0f09 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 5 Jan 2020 22:40:46 -0500 -Subject: [PATCH 041/159] crypto: poly1305 - add new 32 and 64-bit generic +Subject: [PATCH 037/157] crypto: poly1305 - add new 32 and 64-bit generic versions commit 1c08a104360f3e18f4ee6346c21cc3923efb952e upstream. @@ -33832,10 +31542,10 @@ index 74c6e1cd73ee..f1f67fc749cf 100644 void poly1305_init_arch(struct poly1305_desc_ctx *desc, const u8 *key); diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile -index f97f9b941110..6ecaf83a5a9a 100644 +index 15c5d3b4a249..31586d08960d 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile -@@ -28,7 +28,9 @@ obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o +@@ -22,7 +22,9 @@ obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o libdes-y := des.o obj-$(CONFIG_CRYPTO_LIB_POLY1305_GENERIC) += libpoly1305.o @@ -34465,10 +32175,10 @@ index 32ec293c65ae..9d2d14df0fee 100644 2.18.4 -From 4d454e62b2f4325cf5a8303338f4595853637460 Mon Sep 17 00:00:00 2001 +From e04084b205175ac3589f084377a8fe3af9ca978e Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 5 Jan 2020 22:40:47 -0500 -Subject: [PATCH 042/159] crypto: x86/poly1305 - import unmodified cryptogams +Subject: [PATCH 038/157] crypto: x86/poly1305 - import unmodified cryptogams implementation commit 0896ca2a0cb6127e8a129f1f2a680d49b6b0f65c upstream. @@ -38655,10 +36365,10 @@ index 000000000000..342ad7f18aa7 2.18.4 -From 110b2b19301e68012eafbc2a390bda81d5fa82ac Mon Sep 17 00:00:00 2001 +From 0749af66da4a39b38466bd73f9c09f8969036429 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 5 Jan 2020 22:40:48 -0500 -Subject: [PATCH 043/159] crypto: x86/poly1305 - wire up faster implementations +Subject: [PATCH 039/157] crypto: x86/poly1305 - wire up faster implementations for kernel commit d7d7b853566254648df59f7ea27ea05952a6cfa8 upstream. @@ -38789,13 +36499,13 @@ index 000000000000..c406ea6571fa @@ -0,0 +1 @@ +poly1305-x86_64.S diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile -index 958440eae27e..b69e00bf20b8 100644 +index c5efa238fc21..3c99edea0121 100644 --- a/arch/x86/crypto/Makefile +++ b/arch/x86/crypto/Makefile -@@ -73,6 +73,10 @@ aegis128-aesni-y := aegis128-aesni-asm.o aegis128-aesni-glue.o +@@ -71,6 +71,10 @@ serpent-sse2-x86_64-y := serpent-sse2-x86_64-asm_64.o serpent_sse2_glue.o + aegis128-aesni-y := aegis128-aesni-asm.o aegis128-aesni-glue.o nhpoly1305-sse2-y := nh-sse2-x86_64.o nhpoly1305-sse2-glue.o - blake2s-x86_64-y := blake2s-core.o blake2s-glue.o +poly1305-x86_64-y := poly1305-x86_64-cryptogams.o poly1305_glue.o +ifneq ($(CONFIG_CRYPTO_POLY1305_X86_64),) +targets += poly1305-x86_64-cryptogams.S @@ -38803,7 +36513,7 @@ index 958440eae27e..b69e00bf20b8 100644 ifeq ($(avx_supported),yes) camellia-aesni-avx-x86_64-y := camellia-aesni-avx-asm_64.o \ -@@ -101,10 +105,8 @@ aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o +@@ -99,10 +103,8 @@ aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o aes_ctrby8_avx-x86_64.o ghash-clmulni-intel-y := ghash-clmulni-intel_asm.o ghash-clmulni-intel_glue.o sha1-ssse3-y := sha1_ssse3_asm.o sha1_ssse3_glue.o @@ -38814,7 +36524,7 @@ index 958440eae27e..b69e00bf20b8 100644 endif ifeq ($(sha1_ni_supported),yes) sha1-ssse3-y += sha1_ni_asm.o -@@ -118,3 +120,8 @@ sha256-ssse3-y += sha256_ni_asm.o +@@ -116,3 +118,8 @@ sha256-ssse3-y += sha256_ni_asm.o endif sha512-ssse3-y := sha512-ssse3-asm.o sha512-avx-asm.o sha512-avx2-asm.o sha512_ssse3_glue.o crct10dif-pclmul-y := crct10dif-pcl-asm_64.o crct10dif-pclmul_glue.o @@ -41576,10 +39286,10 @@ index edb7113e36f3..657363588e0c 100644 MODULE_ALIAS_CRYPTO("poly1305"); MODULE_ALIAS_CRYPTO("poly1305-simd"); diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig -index 0b2c4fce26d9..14c032de276e 100644 +index fe6b36e9a336..ba816599dc06 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig -@@ -90,7 +90,7 @@ config CRYPTO_LIB_DES +@@ -65,7 +65,7 @@ config CRYPTO_LIB_DES config CRYPTO_LIB_POLY1305_RSIZE int default 2 if MIPS @@ -41592,10 +39302,10 @@ index 0b2c4fce26d9..14c032de276e 100644 2.18.4 -From a1fb308fbe34dad4b5d3a5ae8f415cd757e1cc3b Mon Sep 17 00:00:00 2001 +From 12b3f0f13a0b8539e553d2ed896967875bc7c7a5 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 5 Jan 2020 22:40:49 -0500 -Subject: [PATCH 044/159] crypto: {arm,arm64,mips}/poly1305 - remove redundant +Subject: [PATCH 040/157] crypto: {arm,arm64,mips}/poly1305 - remove redundant non-reduction from emit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -41773,10 +39483,10 @@ index b37d29cf5d0a..fc881b46d911 100644 2.18.4 -From 682197a1f53842575f7b6c0a4bb3b5faf35eac98 Mon Sep 17 00:00:00 2001 +From 8db1bcc5baa0fb2de00c5296cfaf777aa269b18d Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 8 Jan 2020 12:37:35 +0800 -Subject: [PATCH 045/159] crypto: curve25519 - Fix selftest build error +Subject: [PATCH 041/157] crypto: curve25519 - Fix selftest build error commit a8bdf2c42ee4d1ee42af1f3601f85de94e70a421 upstream. @@ -41815,10 +39525,10 @@ Signed-off-by: Jason A. Donenfeld create mode 100644 lib/crypto/curve25519-generic.c diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile -index 6ecaf83a5a9a..3a435629d9ce 100644 +index 31586d08960d..68e1d203184b 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile -@@ -19,9 +19,12 @@ libblake2s-y += blake2s.o +@@ -13,9 +13,12 @@ libarc4-y := arc4.o obj-$(CONFIG_CRYPTO_LIB_CHACHA20POLY1305) += libchacha20poly1305.o libchacha20poly1305-y += chacha20poly1305.o @@ -41886,10 +39596,10 @@ index c03ccdb99434..288a62cd29b2 100644 2.18.4 -From ce946d5059158f2a9f769ed5e13397289fe4b2f4 Mon Sep 17 00:00:00 2001 +From a1bec4a57a3a96125310b164f38696ed3fc93cd0 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 16 Jan 2020 18:23:55 +0100 -Subject: [PATCH 046/159] crypto: x86/poly1305 - fix .gitignore typo +Subject: [PATCH 042/157] crypto: x86/poly1305 - fix .gitignore typo commit 1f6868995326cc82102049e349d8dbd116bdb656 upstream. @@ -41915,10 +39625,10 @@ index c406ea6571fa..30be0400a439 100644 2.18.4 -From 2aae18265664be8a9d272f37cf7353813974f655 Mon Sep 17 00:00:00 2001 +From bb4ff3c340a89baa39b18b45b92cc70261f1b9a4 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 16 Jan 2020 21:26:34 +0100 -Subject: [PATCH 047/159] crypto: chacha20poly1305 - add back missing test +Subject: [PATCH 043/157] crypto: chacha20poly1305 - add back missing test vectors and test chunking commit 72c7943792c9e7788ddd182337bcf8f650cf56f5 upstream. @@ -43779,10 +41489,10 @@ index 465de46dbdef..c391a91364e9 100644 2.18.4 -From 08af1ef21d803e5070910ce4f3eb08a9e4a5630f Mon Sep 17 00:00:00 2001 +From 924f2ce76a61dd65011e48e736bd81a728422478 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 17 Jan 2020 11:42:22 +0100 -Subject: [PATCH 048/159] crypto: x86/poly1305 - emit does base conversion +Subject: [PATCH 044/157] crypto: x86/poly1305 - emit does base conversion itself commit f9e7fe32a792726186301423ff63a465d63386e1 upstream. @@ -43822,10 +41532,10 @@ index 657363588e0c..79bb58737d52 100644 2.18.4 -From 4a7030dfa84560c2ee7982dbaa21e2805bb45f1f Mon Sep 17 00:00:00 2001 +From bf90da3e02047d8d33b440af2ab9820feae037fe Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 17 Jan 2020 17:43:18 +0100 -Subject: [PATCH 049/159] crypto: arm/chacha - fix build failured when kernel +Subject: [PATCH 045/157] crypto: arm/chacha - fix build failured when kernel mode NEON is disabled commit 0bc81767c5bd9d005fae1099fb39eb3688370cb1 upstream. @@ -43886,10 +41596,10 @@ index 7bdf8823066d..893692ed12b7 100644 2.18.4 -From 815a657a2b5adec7bf18f44fad8514cae8408d1f Mon Sep 17 00:00:00 2001 +From dba3a21fc4785c286063a712f19127b2b172c5b2 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 17 Jan 2020 12:01:36 +0100 -Subject: [PATCH 050/159] crypto: Kconfig - allow tests to be disabled when +Subject: [PATCH 046/157] crypto: Kconfig - allow tests to be disabled when manager is disabled commit 2343d1529aff8b552589f622c23932035ed7a05d upstream. @@ -43907,7 +41617,7 @@ Signed-off-by: Jason A. Donenfeld 1 file changed, 4 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig -index 22b8a3517037..626032b9f085 100644 +index 5bf4537cab23..d655647f4c75 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -136,8 +136,6 @@ config CRYPTO_USER @@ -43932,10 +41642,10 @@ index 22b8a3517037..626032b9f085 100644 2.18.4 -From 836cc3a49e28ed21c2afd2370286abc60744710f Mon Sep 17 00:00:00 2001 +From 3db72f7774c9d49144323bb79e43cb428f7cf12f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 6 Feb 2020 12:42:01 +0100 -Subject: [PATCH 051/159] crypto: chacha20poly1305 - prevent integer overflow +Subject: [PATCH 047/157] crypto: chacha20poly1305 - prevent integer overflow on large input commit c9cc0517bba9f0213f1e55172feceb99e5512daf upstream. @@ -43978,10 +41688,10 @@ index 6d83cafebc69..ad0699ce702f 100644 2.18.4 -From 8fa25b7033a01fa36426fc8e8b5ae528b826b665 Mon Sep 17 00:00:00 2001 +From ee68cb24a236b8d2530647167209d684db98cd1f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 1 Mar 2020 22:52:35 +0800 -Subject: [PATCH 052/159] crypto: x86/curve25519 - support assemblers with no +Subject: [PATCH 048/157] crypto: x86/curve25519 - support assemblers with no adx support commit 1579f1bc3b753d17a44de3457d5c6f4a5b14c752 upstream. @@ -44020,7 +41730,7 @@ index 69f0cb01c666..d2c4047b9ec1 100644 KBUILD_LDFLAGS := -m elf_$(UTS_MACHINE) diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile -index b69e00bf20b8..8c2e9eadee8a 100644 +index 3c99edea0121..9843fa8cbecf 100644 --- a/arch/x86/crypto/Makefile +++ b/arch/x86/crypto/Makefile @@ -11,6 +11,7 @@ avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\ @@ -44072,10 +41782,10 @@ index 4e6dc840b159..9ecb3c1f0f15 100644 2.18.4 -From 6ee7c8d2c8c622802d96dc1748a0dccb7cf30df7 Mon Sep 17 00:00:00 2001 +From 698a304c5b7856b2442e6eaabd6b57775a608bd3 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 18 Mar 2020 20:27:32 -0600 -Subject: [PATCH 053/159] crypto: arm64/chacha - correctly walk through blocks +Subject: [PATCH 049/157] crypto: arm64/chacha - correctly walk through blocks commit c8cfcb78c65877313cda7bcbace624d3dbd1f3b3 upstream. @@ -44148,10 +41858,10 @@ index c391a91364e9..fa43deda2660 100644 2.18.4 -From 9dd3755f24a8d1481852024a28e40abe3163afb3 Mon Sep 17 00:00:00 2001 +From 3976a3ecebfa2682609dc6d4f9d39a151be2e966 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 20 Jan 2020 18:18:15 +0100 -Subject: [PATCH 054/159] crypto: x86/curve25519 - replace with formally +Subject: [PATCH 050/157] crypto: x86/curve25519 - replace with formally verified implementation commit 07b586fe06625b0b610dc3d3a969c51913d143d4 upstream. @@ -47905,10 +45615,10 @@ index eec7d2d24239..e4e58b8e9afe 100644 2.18.4 -From 503bf3c875a3ab42584908328b0dce9d18dae152 Mon Sep 17 00:00:00 2001 +From e97d0091e8a08e54ff7685f9a4b2b7e5c2ac9d41 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 1 Mar 2020 16:06:56 +0800 -Subject: [PATCH 055/159] crypto: x86/curve25519 - leave r12 as spare register +Subject: [PATCH 051/157] crypto: x86/curve25519 - leave r12 as spare register commit dc7fc3a53ae158263196b1892b672aedf67796c5 upstream. @@ -48287,10 +45997,10 @@ index e4e58b8e9afe..8a17621f7d3a 100644 2.18.4 -From 8505834c780a5a689228c7af361d1bbfc833bdfa Mon Sep 17 00:00:00 2001 +From f507c3bdf0896a4b01578fbdf597f4838e36725f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 19 Mar 2020 11:56:17 -0600 -Subject: [PATCH 056/159] crypto: arm[64]/poly1305 - add artifact to .gitignore +Subject: [PATCH 052/157] crypto: arm[64]/poly1305 - add artifact to .gitignore files commit 6e4e00d8b68ca7eb30d08afb740033e0d36abe55 upstream. @@ -48331,10 +46041,10 @@ index 879df8781ed5..e403b1343328 100644 2.18.4 -From 033d635719919f8b3c97456763186d6f4762eccd Mon Sep 17 00:00:00 2001 +From 3058815a5f37bd5931847a4dacc547b1e2191576 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 23 Apr 2020 15:54:04 -0600 -Subject: [PATCH 057/159] crypto: arch/lib - limit simd usage to 4k chunks +Subject: [PATCH 053/157] crypto: arch/lib - limit simd usage to 4k chunks commit 706024a52c614b478b63f7728d202532ce6591a9 upstream. @@ -48374,10 +46084,9 @@ Signed-off-by: Jason A. Donenfeld arch/arm/crypto/poly1305-glue.c | 15 +++++++++++---- arch/arm64/crypto/chacha-neon-glue.c | 14 +++++++++++--- arch/arm64/crypto/poly1305-glue.c | 15 +++++++++++---- - arch/x86/crypto/blake2s-glue.c | 10 ++++------ arch/x86/crypto/chacha_glue.c | 14 +++++++++++--- arch/x86/crypto/poly1305_glue.c | 13 ++++++------- - 7 files changed, 65 insertions(+), 30 deletions(-) + 6 files changed, 61 insertions(+), 24 deletions(-) diff --git a/arch/arm/crypto/chacha-glue.c b/arch/arm/crypto/chacha-glue.c index 893692ed12b7..cd131b454c2e 100644 @@ -48487,42 +46196,6 @@ index e97b092f56b8..f33ada70c4ed 100644 nbytes %= POLY1305_BLOCK_SIZE; } -diff --git a/arch/x86/crypto/blake2s-glue.c b/arch/x86/crypto/blake2s-glue.c -index 1d9ff8a45e1f..94ac5bdd9f6f 100644 ---- a/arch/x86/crypto/blake2s-glue.c -+++ b/arch/x86/crypto/blake2s-glue.c -@@ -32,16 +32,16 @@ void blake2s_compress_arch(struct blake2s_state *state, - const u32 inc) - { - /* SIMD disables preemption, so relax after processing each page. */ -- BUILD_BUG_ON(PAGE_SIZE / BLAKE2S_BLOCK_SIZE < 8); -+ BUILD_BUG_ON(SZ_4K / BLAKE2S_BLOCK_SIZE < 8); - - if (!static_branch_likely(&blake2s_use_ssse3) || !crypto_simd_usable()) { - blake2s_compress_generic(state, block, nblocks, inc); - return; - } - -- for (;;) { -+ do { - const size_t blocks = min_t(size_t, nblocks, -- PAGE_SIZE / BLAKE2S_BLOCK_SIZE); -+ SZ_4K / BLAKE2S_BLOCK_SIZE); - - kernel_fpu_begin(); - if (IS_ENABLED(CONFIG_AS_AVX512) && -@@ -52,10 +52,8 @@ void blake2s_compress_arch(struct blake2s_state *state, - kernel_fpu_end(); - - nblocks -= blocks; -- if (!nblocks) -- break; - block += blocks * BLAKE2S_BLOCK_SIZE; -- } -+ } while (nblocks); - } - EXPORT_SYMBOL(blake2s_compress_arch); - diff --git a/arch/x86/crypto/chacha_glue.c b/arch/x86/crypto/chacha_glue.c index 1bebe11b9ec9..f3bfce21bc0d 100644 --- a/arch/x86/crypto/chacha_glue.c @@ -48592,10 +46265,10 @@ index 79bb58737d52..61b2bc8b6986 100644 2.18.4 -From b970b5e007921f7df1360cc6e86a027edaeaec0e Mon Sep 17 00:00:00 2001 +From f0bcb2d835a733aae12eb156a976e9acec149bb1 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 8 Jul 2020 12:41:13 +1000 -Subject: [PATCH 058/159] crypto: lib/chacha20poly1305 - Add missing function +Subject: [PATCH 054/157] crypto: lib/chacha20poly1305 - Add missing function declaration commit 06cc2afbbdf9a9e8df3e2f8db724997dd6e1b4ac upstream. @@ -48638,10 +46311,10 @@ index ad0699ce702f..431e04280332 100644 2.18.4 -From 36626b1de5546ef487681f5c85432dabd8b51a6c Mon Sep 17 00:00:00 2001 +From 806d2055c44a2c56cbf7598f8a86ec3262a7834e Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Wed, 8 Jul 2020 12:11:18 +0300 -Subject: [PATCH 059/159] crypto: x86/chacha-sse3 - use unaligned loads for +Subject: [PATCH 055/157] crypto: x86/chacha-sse3 - use unaligned loads for state array commit e79a31715193686e92dadb4caedfbb1f5de3659c upstream. @@ -48777,7 +46450,7 @@ index f3bfce21bc0d..4c4dc64398cb 100644 if (req->cryptlen > CHACHA_BLOCK_SIZE && crypto_simd_usable()) { diff --git a/include/crypto/chacha.h b/include/crypto/chacha.h -index 2676f4fbd4c1..3a1c72fdb7cf 100644 +index d4bfc9cb770e..b73c9931f943 100644 --- a/include/crypto/chacha.h +++ b/include/crypto/chacha.h @@ -25,11 +25,7 @@ @@ -48796,10 +46469,10 @@ index 2676f4fbd4c1..3a1c72fdb7cf 100644 2.18.4 -From 88a39c1b9c29ccb4ef7e7b77db74581e57153d2c Mon Sep 17 00:00:00 2001 +From df3bd7f95ba2a63ce9298054d8c8ac1867f55982 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 23 Jul 2020 17:50:48 +1000 -Subject: [PATCH 060/159] crypto: x86/curve25519 - Remove unused carry +Subject: [PATCH 056/157] crypto: x86/curve25519 - Remove unused carry variables commit 054a5540fb8f7268e2c79e9deab4242db15c8cba upstream. @@ -48849,10 +46522,10 @@ index 8a17621f7d3a..8acbb6584a37 100644 2.18.4 -From e053f5cdce8f5a4a0c52a67694c8708a7d76119e Mon Sep 17 00:00:00 2001 +From 725f1a8d966368e6f3afa40b585acb55f6f955ff Mon Sep 17 00:00:00 2001 From: Fabio Estevam Date: Mon, 24 Aug 2020 11:09:53 -0300 -Subject: [PATCH 061/159] crypto: arm/curve25519 - include +Subject: [PATCH 057/157] crypto: arm/curve25519 - include commit 6779d0e6b0fe193ab3010ea201782ca6f75a3862 upstream. @@ -48892,10 +46565,10 @@ index 776ae07e0469..31eb75b6002f 100644 2.18.4 -From ee0eea9b58d8581aa5cbf815dc25ca97d83a5775 Mon Sep 17 00:00:00 2001 +From 2bf284a82ba0a87787de6a7efc0c9cca3322a613 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 25 Aug 2020 11:23:00 +1000 -Subject: [PATCH 062/159] crypto: arm/poly1305 - Add prototype for +Subject: [PATCH 058/157] crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon commit 51982ea02aef972132eb35c583d3e4c5b83166e5 upstream. @@ -48932,10 +46605,10 @@ index 13cfef4ae22e..3023c1acfa19 100644 2.18.4 -From cb74e81c95064361b1c01f524d40be0b7ec7f245 Mon Sep 17 00:00:00 2001 +From 57953fa9e426e4ddea5af1fc86a8fe2f82f3267a Mon Sep 17 00:00:00 2001 From: Uros Bizjak Date: Thu, 27 Aug 2020 19:30:58 +0200 -Subject: [PATCH 063/159] crypto: curve25519-x86_64 - Use XORL r32,32 +Subject: [PATCH 059/157] crypto: curve25519-x86_64 - Use XORL r32,32 commit db719539fd3889836900bf912755aa30a5985e9a upstream. @@ -49199,10 +46872,10 @@ index 8acbb6584a37..a9edb6f8a0ba 100644 2.18.4 -From ee7a3e0414d6f669271c911a470e7ca01ccb355e Mon Sep 17 00:00:00 2001 +From 25ab2f98a60c7016d6b3145da385453f3a0d6df4 Mon Sep 17 00:00:00 2001 From: Uros Bizjak Date: Thu, 27 Aug 2020 19:38:31 +0200 -Subject: [PATCH 064/159] crypto: poly1305-x86_64 - Use XORL r32,32 +Subject: [PATCH 060/157] crypto: poly1305-x86_64 - Use XORL r32,32 commit 7dfd1e01b3dfc13431b1b25720cf2692a7e111ef upstream. @@ -49264,10 +46937,10 @@ index 80061bea6b16..5b593990501d 100644 2.18.4 -From d058d6b26e98992dfb0bfe42a80c889b6a182535 Mon Sep 17 00:00:00 2001 +From f2ff7ad9516f862670b023b9237e2408fa1b666d Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 24 Sep 2020 13:29:04 +1000 -Subject: [PATCH 065/159] crypto: x86/poly1305 - Remove assignments with no +Subject: [PATCH 061/157] crypto: x86/poly1305 - Remove assignments with no effect commit 4a0c1de64bf9d9027a6f19adfba89fc27893db23 upstream. @@ -49300,10 +46973,10 @@ index 61b2bc8b6986..7de5046fe583 100644 2.18.4 -From 0849b529cf7d4fc514939c470f4a78fd9502dbb3 Mon Sep 17 00:00:00 2001 +From bb5e5613531fe420203f8a7bf7a7cae5493fa070 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 23 Oct 2020 15:27:48 -0700 -Subject: [PATCH 066/159] crypto: x86/poly1305 - add back a needed assignment +Subject: [PATCH 062/157] crypto: x86/poly1305 - add back a needed assignment commit c3a98c3ad5c0dc60a1ac66bf91147a3f39cac96b upstream. @@ -49339,10 +47012,10 @@ index 7de5046fe583..b69e362730d0 100644 2.18.4 -From b9d1317977853b9eaf295bb98e1befbfb6951e88 Mon Sep 17 00:00:00 2001 +From 42177d7f0eaf5d152bb20ce309523aa79a757db4 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 2 Nov 2020 14:48:15 +0100 -Subject: [PATCH 067/159] crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires +Subject: [PATCH 063/157] crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager commit 6569e3097f1c4a490bdf2b23d326855e04942dfd upstream. @@ -49362,7 +47035,7 @@ Signed-off-by: Jason A. Donenfeld 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/Kconfig b/crypto/Kconfig -index 626032b9f085..eaf21eaca136 100644 +index d655647f4c75..deb98b9484de 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -145,7 +145,7 @@ config CRYPTO_MANAGER_DISABLE_TESTS @@ -49378,10 +47051,10 @@ index 626032b9f085..eaf21eaca136 100644 2.18.4 -From beb6343c6c16bf6c6767d1d7202d173b395b4e69 Mon Sep 17 00:00:00 2001 +From eb941d0201c2f35b85ee067dd49a17c5480ae284 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Tue, 3 Nov 2020 17:28:09 +0100 -Subject: [PATCH 068/159] crypto: arm/chacha-neon - optimize for non-block size +Subject: [PATCH 064/157] crypto: arm/chacha-neon - optimize for non-block size multiples commit 86cd97ec4b943af35562a74688bc4e909b32c3d1 upstream. @@ -49658,10 +47331,10 @@ index eb22926d4912..13d12f672656 100644 2.18.4 -From fa5d1e873c6f9c8e7ccaed5367c3ba8ce8aaec26 Mon Sep 17 00:00:00 2001 +From 9833fb53c1de34119c26dbf1fd8ddd8bafd35d06 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 6 Nov 2020 17:39:38 +0100 -Subject: [PATCH 069/159] crypto: arm64/chacha - simplify tail block handling +Subject: [PATCH 065/157] crypto: arm64/chacha - simplify tail block handling commit c4fc6328d6c67690a7e6e03f43a5a976a13120ef upstream. @@ -49988,10 +47661,10 @@ index 706c4e10e9e2..50d9dd173be7 100644 2.18.4 -From e53d731d485e0231411040943d747a6ce858d124 Mon Sep 17 00:00:00 2001 +From d1463b0e37da7954a63075dc4a27ee0ba8656e2a Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 15 Jan 2021 20:30:12 +0100 -Subject: [PATCH 070/159] crypto: lib/chacha20poly1305 - define empty module +Subject: [PATCH 066/157] crypto: lib/chacha20poly1305 - define empty module exit function commit ac88c322d0f2917d41d13553c69e9d7f043c8b6f upstream. @@ -50031,10 +47704,10 @@ index 431e04280332..1fec56e5dd51 100644 2.18.4 -From 8514eccd235e07c3375ac5e76995a5855f4e1822 Mon Sep 17 00:00:00 2001 +From 68fcc72c9541742b4f52c14874e9b12e9e45f0cd Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Sun, 13 Dec 2020 15:39:29 +0100 -Subject: [PATCH 071/159] crypto: arm/chacha-neon - add missing counter +Subject: [PATCH 067/157] crypto: arm/chacha-neon - add missing counter increment commit fd16931a2f518a32753920ff20895e5cf04c8ff1 upstream. @@ -50076,10 +47749,10 @@ index f603184dc0f5..a408f4bcfd62 100644 2.18.4 -From de2cdbb8ba2e27f87a398ccd0e15bace6680b928 Mon Sep 17 00:00:00 2001 +From be7049e60c52477a696f68558e2efe00bac89ca4 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 9 Dec 2019 00:27:34 +0100 -Subject: [PATCH 072/159] net: WireGuard secure network tunnel +Subject: [PATCH 068/157] net: WireGuard secure network tunnel commit e7096c131e5161fa3b8e52a650d7719d2857adfd upstream. @@ -50198,20 +47871,20 @@ Signed-off-by: David S. Miller Signed-off-by: Jason A. Donenfeld --- MAINTAINERS | 8 + - drivers/net/Kconfig | 41 + + drivers/net/Kconfig | 39 + drivers/net/Makefile | 1 + drivers/net/wireguard/Makefile | 18 + - drivers/net/wireguard/allowedips.c | 381 +++++++++ + drivers/net/wireguard/allowedips.c | 381 ++++++++ drivers/net/wireguard/allowedips.h | 59 ++ - drivers/net/wireguard/cookie.c | 236 ++++++ + drivers/net/wireguard/cookie.c | 236 +++++ drivers/net/wireguard/cookie.h | 59 ++ drivers/net/wireguard/device.c | 458 ++++++++++ drivers/net/wireguard/device.h | 65 ++ drivers/net/wireguard/main.c | 64 ++ drivers/net/wireguard/messages.h | 128 +++ - drivers/net/wireguard/netlink.c | 648 +++++++++++++++ + drivers/net/wireguard/netlink.c | 648 ++++++++++++++ drivers/net/wireguard/netlink.h | 12 + - drivers/net/wireguard/noise.c | 828 +++++++++++++++++++ + drivers/net/wireguard/noise.c | 861 +++++++++++++++++++ drivers/net/wireguard/noise.h | 137 +++ drivers/net/wireguard/peer.c | 240 ++++++ drivers/net/wireguard/peer.h | 83 ++ @@ -50233,7 +47906,7 @@ Signed-off-by: Jason A. Donenfeld drivers/net/wireguard/version.h | 1 + include/uapi/linux/wireguard.h | 196 +++++ tools/testing/selftests/wireguard/netns.sh | 537 ++++++++++++ - 36 files changed, 7753 insertions(+) + 36 files changed, 7784 insertions(+) create mode 100644 drivers/net/wireguard/Makefile create mode 100644 drivers/net/wireguard/allowedips.c create mode 100644 drivers/net/wireguard/allowedips.h @@ -50269,10 +47942,10 @@ Signed-off-by: Jason A. Donenfeld create mode 100755 tools/testing/selftests/wireguard/netns.sh diff --git a/MAINTAINERS b/MAINTAINERS -index 1407008df749..2395dfb37d1a 100644 +index f45d6548a4aa..a3a2e28bd617 100644 --- a/MAINTAINERS +++ b/MAINTAINERS -@@ -17584,6 +17584,14 @@ L: linux-gpio@vger.kernel.org +@@ -17585,6 +17585,14 @@ L: linux-gpio@vger.kernel.org S: Maintained F: drivers/gpio/gpio-ws16c48.c @@ -50288,10 +47961,10 @@ index 1407008df749..2395dfb37d1a 100644 M: Miloslav Trmac S: Maintained diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig -index df3cd2589bcf..16ad145e22c9 100644 +index df3cd2589bcf..ce59889f0da7 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig -@@ -71,6 +71,47 @@ config DUMMY +@@ -71,6 +71,45 @@ config DUMMY To compile this driver as a module, choose M here: the module will be called dummy. @@ -50304,10 +47977,8 @@ index df3cd2589bcf..16ad145e22c9 100644 + select CRYPTO + select CRYPTO_LIB_CURVE25519 + select CRYPTO_LIB_CHACHA20POLY1305 -+ select CRYPTO_LIB_BLAKE2S + select CRYPTO_CHACHA20_X86_64 if X86 && 64BIT + select CRYPTO_POLY1305_X86_64 if X86 && 64BIT -+ select CRYPTO_BLAKE2S_X86 if X86 && 64BIT + select CRYPTO_CURVE25519_X86 if X86 && 64BIT + select CRYPTO_CHACHA20_NEON if (ARM || ARM64) && KERNEL_MODE_NEON + select CRYPTO_POLY1305_NEON if ARM64 && KERNEL_MODE_NEON @@ -52547,10 +50218,10 @@ index 000000000000..15100d92e2e3 +#endif /* _WG_NETLINK_H */ diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c new file mode 100644 -index 000000000000..d71c8db68a8c +index 000000000000..26470134a33c --- /dev/null +++ b/drivers/net/wireguard/noise.c -@@ -0,0 +1,828 @@ +@@ -0,0 +1,861 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. @@ -52862,6 +50533,41 @@ index 000000000000..d71c8db68a8c + static_identity->static_public, private_key); +} + ++static void hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, const size_t keylen) ++{ ++ struct blake2s_state state; ++ u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; ++ u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); ++ int i; ++ ++ if (keylen > BLAKE2S_BLOCK_SIZE) { ++ blake2s_init(&state, BLAKE2S_HASH_SIZE); ++ blake2s_update(&state, key, keylen); ++ blake2s_final(&state, x_key); ++ } else ++ memcpy(x_key, key, keylen); ++ ++ for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) ++ x_key[i] ^= 0x36; ++ ++ blake2s_init(&state, BLAKE2S_HASH_SIZE); ++ blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); ++ blake2s_update(&state, in, inlen); ++ blake2s_final(&state, i_hash); ++ ++ for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) ++ x_key[i] ^= 0x5c ^ 0x36; ++ ++ blake2s_init(&state, BLAKE2S_HASH_SIZE); ++ blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); ++ blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); ++ blake2s_final(&state, i_hash); ++ ++ memcpy(out, i_hash, BLAKE2S_HASH_SIZE); ++ memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); ++ memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); ++} ++ +/* This is Hugo Krawczyk's HKDF: + * - https://eprint.iacr.org/2010/264.pdf + * - https://tools.ietf.org/html/rfc5869 @@ -52882,14 +50588,14 @@ index 000000000000..d71c8db68a8c + ((third_len || third_dst) && (!second_len || !second_dst)))); + + /* Extract entropy from data into secret */ -+ blake2s256_hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); ++ hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); + + if (!first_dst || !first_len) + goto out; + + /* Expand first key: key = secret, data = 0x1 */ + output[0] = 1; -+ blake2s256_hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); ++ hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); + memcpy(first_dst, output, first_len); + + if (!second_dst || !second_len) @@ -52897,8 +50603,7 @@ index 000000000000..d71c8db68a8c + + /* Expand second key: key = secret, data = first-key || 0x2 */ + output[BLAKE2S_HASH_SIZE] = 2; -+ blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, -+ BLAKE2S_HASH_SIZE); ++ hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); + memcpy(second_dst, output, second_len); + + if (!third_dst || !third_len) @@ -52906,8 +50611,7 @@ index 000000000000..d71c8db68a8c + + /* Expand third key: key = secret, data = second-key || 0x3 */ + output[BLAKE2S_HASH_SIZE] = 3; -+ blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, -+ BLAKE2S_HASH_SIZE); ++ hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); + memcpy(third_dst, output, third_len); + +out: @@ -58256,10 +55960,10 @@ index 000000000000..e7310d9390f7 2.18.4 -From 1d825b72d0f5fef931c56737609485205ebccb23 Mon Sep 17 00:00:00 2001 +From 780920c4e22164c317bcce78bcf8ec0948961619 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 15 Dec 2019 22:08:00 +0100 -Subject: [PATCH 073/159] wireguard: selftests: import harness makefile for +Subject: [PATCH 069/157] wireguard: selftests: import harness makefile for test suite commit 65d88d04114bca7d85faebd5fed61069cb2b632c upstream. @@ -59393,10 +57097,10 @@ index 000000000000..9cca30206014 2.18.4 -From ad8b017258a0c506604ff13931703f812570d1e5 Mon Sep 17 00:00:00 2001 +From 9c8594812ba101bc32d52162c9afd637122e41d8 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 15 Dec 2019 22:08:01 +0100 -Subject: [PATCH 074/159] wireguard: Kconfig: select parent dependency for +Subject: [PATCH 070/157] wireguard: Kconfig: select parent dependency for crypto commit d7c68a38bb4f9b7c1a2e4a772872c752ee5c44a6 upstream. @@ -59414,12 +57118,12 @@ Signed-off-by: Jason A. Donenfeld 1 file changed, 2 insertions(+) diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig -index 16ad145e22c9..57f1ba924f4e 100644 +index ce59889f0da7..2fefe588edf7 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig -@@ -85,6 +85,8 @@ config WIREGUARD +@@ -83,6 +83,8 @@ config WIREGUARD + select CRYPTO_CHACHA20_X86_64 if X86 && 64BIT select CRYPTO_POLY1305_X86_64 if X86 && 64BIT - select CRYPTO_BLAKE2S_X86 if X86 && 64BIT select CRYPTO_CURVE25519_X86 if X86 && 64BIT + select ARM_CRYPTO if ARM + select ARM64_CRYPTO if ARM64 @@ -59430,10 +57134,10 @@ index 16ad145e22c9..57f1ba924f4e 100644 2.18.4 -From 54f32a7d2c46104c19c7d7f76cc4abc007c55228 Mon Sep 17 00:00:00 2001 +From ca56d1c6b44157a41e28b9d01932c61d9299f896 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 15 Dec 2019 22:08:02 +0100 -Subject: [PATCH 075/159] wireguard: global: fix spelling mistakes in comments +Subject: [PATCH 071/157] wireguard: global: fix spelling mistakes in comments commit a2ec8b5706944d228181c8b91d815f41d6dd8e7b upstream. @@ -59504,10 +57208,10 @@ index dd8a47c4ad11..ae88be14c947 100644 2.18.4 -From 190e0da89f127c3bb963d72c42819fd59fce10d4 Mon Sep 17 00:00:00 2001 +From 665aba5314a36133afd94e9b0bb39b1716452fd2 Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Sun, 15 Dec 2019 22:08:03 +0100 -Subject: [PATCH 076/159] wireguard: main: remove unused include +Subject: [PATCH 072/157] wireguard: main: remove unused include commit 43967b6ff91e53bcce5ae08c16a0588a475b53a1 upstream. @@ -59539,10 +57243,10 @@ index 10c0a40f6a9e..7a7d5f1a80fc 100644 2.18.4 -From 2ed8d9449245a0a859b3ad4f7f60e17dc91c2ab8 Mon Sep 17 00:00:00 2001 +From 7e08991b1fe9675b8a92335d2af87c3e338fc7c4 Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Sun, 15 Dec 2019 22:08:04 +0100 -Subject: [PATCH 077/159] wireguard: allowedips: use kfree_rcu() instead of +Subject: [PATCH 073/157] wireguard: allowedips: use kfree_rcu() instead of call_rcu() commit d89ee7d5c73af15c1c6f12b016cdf469742b5726 upstream. @@ -59587,10 +57291,10 @@ index 72667d5399c3..121d9ea0f135 100644 2.18.4 -From ff277c195322adadab8236500f1cdbc707278a9e Mon Sep 17 00:00:00 2001 +From b9b9879dc9b1ed15634d3ed163db8068e7d730e2 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 2 Jan 2020 17:47:49 +0100 -Subject: [PATCH 078/159] wireguard: selftests: remove ancient kernel +Subject: [PATCH 074/157] wireguard: selftests: remove ancient kernel compatibility code commit 9a69a4c8802adf642bc4a13d471b5a86b44ed434 upstream. @@ -59974,10 +57678,10 @@ index 9cca30206014..af9323a0b6e0 100644 2.18.4 -From 04113a269d350031d566a8f84c8fb2aae907b7d1 Mon Sep 17 00:00:00 2001 +From ae5ae94a2eb93d61ae7787fb1c68193034aa5a37 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 2 Jan 2020 17:47:50 +0100 -Subject: [PATCH 079/159] wireguard: queueing: do not account for pfmemalloc +Subject: [PATCH 075/157] wireguard: queueing: do not account for pfmemalloc when clearing skb header commit 04d2ea92a18417619182cbb79063f154892b0150 upstream. @@ -60019,10 +57723,10 @@ index 58fdd630b246..e62c714a548e 100644 2.18.4 -From c3f9586a3fa344be87ea231994d5f424c682efdc Mon Sep 17 00:00:00 2001 +From 52432e276d8e3fb3d05b2847235f7c3965013deb Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 2 Jan 2020 17:47:51 +0100 -Subject: [PATCH 080/159] wireguard: socket: mark skbs as not on list when +Subject: [PATCH 076/157] wireguard: socket: mark skbs as not on list when receiving via gro commit 736775d06bac60d7a353e405398b48b2bd8b1e54 upstream. @@ -60059,10 +57763,10 @@ index c46256d0d81c..262f3b5c819d 100644 2.18.4 -From 908335e5256a1c28c785f3c9b9f7321c433657ac Mon Sep 17 00:00:00 2001 +From 9040be2e7caf3768153f17e65cb884ed02225e74 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Tue, 4 Feb 2020 22:17:25 +0100 -Subject: [PATCH 081/159] wireguard: allowedips: fix use-after-free in +Subject: [PATCH 077/157] wireguard: allowedips: fix use-after-free in root_remove_peer_lists commit 9981159fc3b677b357f84e069a11de5a5ec8a2a8 upstream. @@ -60229,10 +57933,10 @@ index 121d9ea0f135..3725e9cd85f4 100644 2.18.4 -From 74f8391d6fad8d907b8aa1ca3275a90eb88067d5 Mon Sep 17 00:00:00 2001 +From 8a633a6cd4d5ed51038e6f1a68c04640a3f73c72 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 4 Feb 2020 22:17:26 +0100 -Subject: [PATCH 082/159] wireguard: noise: reject peers with low order public +Subject: [PATCH 078/157] wireguard: noise: reject peers with low order public keys commit ec31c2676a10e064878927b243fada8c2fb0c03c upstream. @@ -60439,7 +58143,7 @@ index 0739a2cd1920..45a631e79d7a 100644 wg_cookie_checker_precompute_device_keys(&wg->cookie_checker); up_write(&wg->static_identity.lock); diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c -index d71c8db68a8c..919d9d866446 100644 +index 26470134a33c..d16d60077e09 100644 --- a/drivers/net/wireguard/noise.c +++ b/drivers/net/wireguard/noise.c @@ -46,17 +46,21 @@ void __init wg_noise_init(void) @@ -60471,10 +58175,10 @@ index d71c8db68a8c..919d9d866446 100644 2.18.4 -From a3302b7dd94d8b0b48cf23d2fdfaf968ff27c4f0 Mon Sep 17 00:00:00 2001 +From 0598579518cddfb3a1ec7456846cd5afce688d30 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 4 Feb 2020 22:17:27 +0100 -Subject: [PATCH 083/159] wireguard: selftests: ensure non-addition of peers +Subject: [PATCH 079/157] wireguard: selftests: ensure non-addition of peers with failed precomputation commit f9398acba6a4ae9cb98bfe4d56414d376eff8d57 upstream. @@ -60511,10 +58215,10 @@ index d5c85c7494f2..b03647d1bbf6 100755 2.18.4 -From ccdc1141d1e8425dd71611f57feb04bf08e0910e Mon Sep 17 00:00:00 2001 +From 7a299307ec711df8f76819495b44d6d5e98175df Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 4 Feb 2020 22:17:29 +0100 -Subject: [PATCH 084/159] wireguard: selftests: tie socket waiting to target +Subject: [PATCH 080/157] wireguard: selftests: tie socket waiting to target pid commit 88f404a9b1d75388225b1c67b6dd327cb2182777 upstream. @@ -60595,10 +58299,10 @@ index b03647d1bbf6..f5ab1cda8bb5 100755 2.18.4 -From e4a4eda6e1cf63d1dc1b3ea357128898e4caa4ad Mon Sep 17 00:00:00 2001 +From c5805fe71758e959cb64af9332c5dc1d8c83769b Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 11 Feb 2020 20:47:08 +0100 -Subject: [PATCH 085/159] wireguard: device: use icmp_ndo_send helper +Subject: [PATCH 081/157] wireguard: device: use icmp_ndo_send helper commit a12d7f3cbdc72c7625881c8dc2660fc2c979fdf2 upstream. @@ -60667,10 +58371,10 @@ index f5ab1cda8bb5..138d46b3f330 100755 2.18.4 -From a68b30df238a985fed0545373b88a974f5c4b11c Mon Sep 17 00:00:00 2001 +From 92d2e39be8de73e9962ce74fc823b218c205d0a3 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 14 Feb 2020 23:57:20 +0100 -Subject: [PATCH 086/159] wireguard: selftests: reduce complexity and fix make +Subject: [PATCH 082/157] wireguard: selftests: reduce complexity and fix make races commit 04ddf1208f03e1dbc39a4619c40eba640051b950 upstream. @@ -60777,10 +58481,10 @@ index f10aa3590adc..28d477683e8a 100644 2.18.4 -From ab6c214e4ef40743742c7adeb064eb4342937c1a Mon Sep 17 00:00:00 2001 +From bc38ce88114a20cc3db44adcc1865741df6e4294 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 14 Feb 2020 23:57:21 +0100 -Subject: [PATCH 087/159] wireguard: receive: reset last_under_load to zero +Subject: [PATCH 083/157] wireguard: receive: reset last_under_load to zero commit 2a8a4df36462aa85b0db87b7c5ea145ba67e34a8 upstream. @@ -60821,10 +58525,10 @@ index 9c6bab9c981f..4a153894cee2 100644 2.18.4 -From dc4954b44ef31203c240c07d04aeb0d26c6eae56 Mon Sep 17 00:00:00 2001 +From f93c7ffeb9e9ec9d060c4edd94cbd581f0c566fd Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 14 Feb 2020 23:57:22 +0100 -Subject: [PATCH 088/159] wireguard: send: account for mtu=0 devices +Subject: [PATCH 084/157] wireguard: send: account for mtu=0 devices commit 175f1ca9a9ed8689d2028da1a7c624bb4fb4ff7e upstream. @@ -60924,10 +58628,10 @@ index c13260563446..7348c10cbae3 100644 2.18.4 -From ddce0b4edb82f40a6830b7681cb271ae89f121ae Mon Sep 17 00:00:00 2001 +From 81a05559f0f9634b9f0dc0b7217842b54eac486b Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 14 Feb 2020 23:57:23 +0100 -Subject: [PATCH 089/159] wireguard: socket: remove extra call to +Subject: [PATCH 085/157] wireguard: socket: remove extra call to synchronize_net commit 1fbc33b0a7feb6ca72bf7dc8a05d81485ee8ee2e upstream. @@ -60963,10 +58667,10 @@ index 262f3b5c819d..b0d6541582d3 100644 2.18.4 -From c94075516f125423e5382c6d531b84d7bc454912 Mon Sep 17 00:00:00 2001 +From 1bc5b20a693f67c04904b0389adcf777cb7bc2bb Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Wed, 18 Mar 2020 18:30:43 -0600 -Subject: [PATCH 090/159] wireguard: selftests: remove duplicated include +Subject: [PATCH 086/157] wireguard: selftests: remove duplicated include commit 166391159c5deb84795d2ff46e95f276177fa5fb upstream. @@ -60997,10 +58701,10 @@ index 90bc9813cadc..c9698120ac9d 100644 2.18.4 -From fb8140e5bdf7f2432d3c30d6ff0085e287556f7f Mon Sep 17 00:00:00 2001 +From f8a92fdcdf94986167e14791426acf44b63df719 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 18 Mar 2020 18:30:45 -0600 -Subject: [PATCH 091/159] wireguard: queueing: account for skb->protocol==0 +Subject: [PATCH 087/157] wireguard: queueing: account for skb->protocol==0 commit a5588604af448664e796daf3c1d5a4523c60667b upstream. @@ -61107,10 +58811,10 @@ index 4a153894cee2..243ed7172dd2 100644 2.18.4 -From bd57c34e5777ecd07e15a7e3811fd588e890089f Mon Sep 17 00:00:00 2001 +From 8f3c8ba1fd1e5fd3b4abb93af863622661cd450f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 18 Mar 2020 18:30:46 -0600 -Subject: [PATCH 092/159] wireguard: receive: remove dead code from default +Subject: [PATCH 088/157] wireguard: receive: remove dead code from default packet type case commit 2b8765c52db24c0fbcc81bac9b5e8390f2c7d3c8 upstream. @@ -61148,10 +58852,10 @@ index 243ed7172dd2..da3b782ab7d3 100644 2.18.4 -From 839bd96554620eda40cc387d32db6ae2dd65d441 Mon Sep 17 00:00:00 2001 +From 1cde4a22adcad86c0bc7746a8df602f8b17b3170 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 18 Mar 2020 18:30:47 -0600 -Subject: [PATCH 093/159] wireguard: noise: error out precomputed DH during +Subject: [PATCH 089/157] wireguard: noise: error out precomputed DH during handshake rather than config commit 11a7686aa99c7fe4b3f80f6dcccd54129817984d upstream. @@ -61207,7 +58911,7 @@ index 45a631e79d7a..ab6cbe95a652 100644 } wg_cookie_checker_precompute_device_keys(&wg->cookie_checker); diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c -index 919d9d866446..708dc61c974f 100644 +index d16d60077e09..c9ae946918fc 100644 --- a/drivers/net/wireguard/noise.c +++ b/drivers/net/wireguard/noise.c @@ -44,32 +44,23 @@ void __init wg_noise_init(void) @@ -61261,7 +58965,7 @@ index 919d9d866446..708dc61c974f 100644 } static void handshake_zero(struct noise_handshake *handshake) -@@ -403,6 +394,19 @@ static bool __must_check mix_dh(u8 chaining_key[NOISE_HASH_LEN], +@@ -436,6 +427,19 @@ static bool __must_check mix_dh(u8 chaining_key[NOISE_HASH_LEN], return true; } @@ -61281,7 +58985,7 @@ index 919d9d866446..708dc61c974f 100644 static void mix_hash(u8 hash[NOISE_HASH_LEN], const u8 *src, size_t src_len) { struct blake2s_state blake; -@@ -531,10 +535,9 @@ wg_noise_handshake_create_initiation(struct message_handshake_initiation *dst, +@@ -564,10 +568,9 @@ wg_noise_handshake_create_initiation(struct message_handshake_initiation *dst, NOISE_PUBLIC_KEY_LEN, key, handshake->hash); /* ss */ @@ -61295,7 +58999,7 @@ index 919d9d866446..708dc61c974f 100644 /* {t} */ tai64n_now(timestamp); -@@ -595,9 +598,9 @@ wg_noise_handshake_consume_initiation(struct message_handshake_initiation *src, +@@ -628,9 +631,9 @@ wg_noise_handshake_consume_initiation(struct message_handshake_initiation *src, handshake = &peer->handshake; /* ss */ @@ -61386,10 +59090,10 @@ index 138d46b3f330..936e1ca9410e 100755 2.18.4 -From 42087d852f7fbdbb937f649826bc2012e54e8ceb Mon Sep 17 00:00:00 2001 +From bdca07db6695d45842dd5172b82c6640c2ad6d06 Mon Sep 17 00:00:00 2001 From: Sultan Alsawaf Date: Wed, 29 Apr 2020 14:59:20 -0600 -Subject: [PATCH 094/159] wireguard: send: remove errant newline from +Subject: [PATCH 090/157] wireguard: send: remove errant newline from packet_encrypt_worker commit d6833e42786e050e7522d6a91a9361e54085897d upstream. @@ -61421,10 +59125,10 @@ index 7348c10cbae3..3e030d614df5 100644 2.18.4 -From b434dfa7f80a0af1bfaac58ac7b03caad655c25c Mon Sep 17 00:00:00 2001 +From 1c86662d9e8563009bc8cec17d5c4d89e6aba57b Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 29 Apr 2020 14:59:21 -0600 -Subject: [PATCH 095/159] wireguard: queueing: cleanup ptr_ring in error path +Subject: [PATCH 091/157] wireguard: queueing: cleanup ptr_ring in error path of packet_queue_init commit 130c58606171326c81841a49cc913cd354113dd9 upstream. @@ -61462,10 +59166,10 @@ index 5c964fcb994e..71b8e80b58e1 100644 2.18.4 -From 658eb527acfb87d38fff4ea9aae681e8529eb3ca Mon Sep 17 00:00:00 2001 +From dc68a601065f7b002d65db8b0a7648e904650277 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= Date: Wed, 29 Apr 2020 14:59:22 -0600 -Subject: [PATCH 096/159] wireguard: receive: use tunnel helpers for +Subject: [PATCH 092/157] wireguard: receive: use tunnel helpers for decapsulating ECN markings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -61518,10 +59222,10 @@ index da3b782ab7d3..267f202f1931 100644 2.18.4 -From 193ea133c5a6aa738d44b2347d555478b4ecdf10 Mon Sep 17 00:00:00 2001 +From 4d3b402999d36520e18acebb07eb626d669c4074 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:02 -0600 -Subject: [PATCH 097/159] wireguard: selftests: use normal kernel stack size on +Subject: [PATCH 093/157] wireguard: selftests: use normal kernel stack size on ppc64 commit a0fd7cc87a018df1a17f9d3f0bd994c1f22c6b34 upstream. @@ -61553,10 +59257,10 @@ index 990c510a9cfa..f52f1e2bc7f6 100644 2.18.4 -From 221a926ed0bea09eb3e94b7bb2638ebca958f45b Mon Sep 17 00:00:00 2001 +From 3d05f300717fa3e5eb005d3caea18da827d51703 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:03 -0600 -Subject: [PATCH 098/159] wireguard: socket: remove errant restriction on +Subject: [PATCH 094/157] wireguard: socket: remove errant restriction on looping to self commit b673e24aad36981f327a6570412ffa7754de8911 upstream. @@ -61723,10 +59427,10 @@ index 936e1ca9410e..17a1f53ceba0 100755 2.18.4 -From 7c887a7781d29464cd8eb5a3844f313c9eecc2c6 Mon Sep 17 00:00:00 2001 +From ccf029b122b81fb0cfe572a7f2ded28642c513ce Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:04 -0600 -Subject: [PATCH 099/159] wireguard: send/receive: cond_resched() when +Subject: [PATCH 095/157] wireguard: send/receive: cond_resched() when processing worker ringbuffers commit 4005f5c3c9d006157ba716594e0d70c88a235c5e upstream. @@ -61789,10 +59493,10 @@ index 3e030d614df5..dc3079e17c7f 100644 2.18.4 -From d8f7268260336e15345496acc1d75c4199f8b05e Mon Sep 17 00:00:00 2001 +From adebeedaa32265006ce31415800d25a40522c04a Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:05 -0600 -Subject: [PATCH 100/159] wireguard: selftests: initalize ipv6 members to NULL +Subject: [PATCH 096/157] wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning commit 4fed818ef54b08d4b29200e416cce65546ad5312 upstream. @@ -61846,10 +59550,10 @@ index bcd6462e4540..007cd4457c5f 100644 2.18.4 -From c7250d8e00285a6974cdc6d1435fbe37504a25bc Mon Sep 17 00:00:00 2001 +From 45894ecebf5f3552b3b0b854c1138081aceecf7c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:06 -0600 -Subject: [PATCH 101/159] wireguard: send/receive: use explicit unlikely branch +Subject: [PATCH 097/157] wireguard: send/receive: use explicit unlikely branch instead of implicit coalescing commit 243f2148937adc72bcaaa590d482d599c936efde upstream. @@ -61942,10 +59646,10 @@ index dc3079e17c7f..6687db699803 100644 2.18.4 -From a95a3b978152ddf6fd80dba9f92c1717d46e39f3 Mon Sep 17 00:00:00 2001 +From 5842e9e2879fef40ec745257b60d57f66f3d9364 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 19 May 2020 22:49:27 -0600 -Subject: [PATCH 102/159] wireguard: selftests: use newer iproute2 for gcc-10 +Subject: [PATCH 098/157] wireguard: selftests: use newer iproute2 for gcc-10 commit ee3c1aa3f34b7842c1557cfe5d8c3f7b8c692de8 upstream. @@ -61979,10 +59683,10 @@ index 28d477683e8a..2dab4f57516d 100644 2.18.4 -From d4fcd84119fa87338a6c91c85476beabcd9e4938 Mon Sep 17 00:00:00 2001 +From ae3432a7b979f335af2dc566e9fb44e080dd47ab Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 19 May 2020 22:49:28 -0600 -Subject: [PATCH 103/159] wireguard: noise: read preshared key while taking +Subject: [PATCH 099/157] wireguard: noise: read preshared key while taking lock commit bc67d371256f5c47d824e2eec51e46c8d62d022e upstream. @@ -62006,10 +59710,10 @@ Signed-off-by: Jason A. Donenfeld 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c -index 708dc61c974f..07eb438a6dee 100644 +index c9ae946918fc..7c9d853e8725 100644 --- a/drivers/net/wireguard/noise.c +++ b/drivers/net/wireguard/noise.c -@@ -715,6 +715,7 @@ wg_noise_handshake_consume_response(struct message_handshake_response *src, +@@ -748,6 +748,7 @@ wg_noise_handshake_consume_response(struct message_handshake_response *src, u8 e[NOISE_PUBLIC_KEY_LEN]; u8 ephemeral_private[NOISE_PUBLIC_KEY_LEN]; u8 static_private[NOISE_PUBLIC_KEY_LEN]; @@ -62017,7 +59721,7 @@ index 708dc61c974f..07eb438a6dee 100644 down_read(&wg->static_identity.lock); -@@ -733,6 +734,8 @@ wg_noise_handshake_consume_response(struct message_handshake_response *src, +@@ -766,6 +767,8 @@ wg_noise_handshake_consume_response(struct message_handshake_response *src, memcpy(chaining_key, handshake->chaining_key, NOISE_HASH_LEN); memcpy(ephemeral_private, handshake->ephemeral_private, NOISE_PUBLIC_KEY_LEN); @@ -62026,7 +59730,7 @@ index 708dc61c974f..07eb438a6dee 100644 up_read(&handshake->lock); if (state != HANDSHAKE_CREATED_INITIATION) -@@ -750,7 +753,7 @@ wg_noise_handshake_consume_response(struct message_handshake_response *src, +@@ -783,7 +786,7 @@ wg_noise_handshake_consume_response(struct message_handshake_response *src, goto fail; /* psk */ @@ -62035,7 +59739,7 @@ index 708dc61c974f..07eb438a6dee 100644 /* {} */ if (!message_decrypt(NULL, src->encrypted_nothing, -@@ -783,6 +786,7 @@ wg_noise_handshake_consume_response(struct message_handshake_response *src, +@@ -816,6 +819,7 @@ wg_noise_handshake_consume_response(struct message_handshake_response *src, memzero_explicit(chaining_key, NOISE_HASH_LEN); memzero_explicit(ephemeral_private, NOISE_PUBLIC_KEY_LEN); memzero_explicit(static_private, NOISE_PUBLIC_KEY_LEN); @@ -62047,10 +59751,10 @@ index 708dc61c974f..07eb438a6dee 100644 2.18.4 -From f57b46e11fc69243275ce9c3379c8b8fc2bbbb52 Mon Sep 17 00:00:00 2001 +From adc428f2c3c859b7e36c987b75a21815268cf035 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 19 May 2020 22:49:29 -0600 -Subject: [PATCH 104/159] wireguard: queueing: preserve flow hash across packet +Subject: [PATCH 100/157] wireguard: queueing: preserve flow hash across packet scrubbing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -62175,10 +59879,10 @@ index 6687db699803..2f5119ff93d8 100644 2.18.4 -From e84160556e579c2d0c185c03dd0bfa88751b66a4 Mon Sep 17 00:00:00 2001 +From fa47c7fcd6354e12d4ad60979ac480ccffc88498 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 19 May 2020 22:49:30 -0600 -Subject: [PATCH 105/159] wireguard: noise: separate receive counter from send +Subject: [PATCH 101/157] wireguard: noise: separate receive counter from send counter commit a9e90d9931f3a474f04bab782ccd9d77904941e9 upstream. @@ -62227,7 +59931,7 @@ Signed-off-by: Jason A. Donenfeld 5 files changed, 48 insertions(+), 53 deletions(-) diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c -index 07eb438a6dee..626433690abb 100644 +index 7c9d853e8725..f14fd065916d 100644 --- a/drivers/net/wireguard/noise.c +++ b/drivers/net/wireguard/noise.c @@ -104,6 +104,7 @@ static struct noise_keypair *keypair_create(struct wg_peer *peer) @@ -62238,7 +59942,7 @@ index 07eb438a6dee..626433690abb 100644 keypair->internal_id = atomic64_inc_return(&keypair_counter); keypair->entry.type = INDEX_HASHTABLE_KEYPAIR; keypair->entry.peer = peer; -@@ -358,25 +359,16 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, +@@ -391,25 +392,16 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, memzero_explicit(output, BLAKE2S_HASH_SIZE + 1); } @@ -62520,10 +60224,10 @@ index 2f5119ff93d8..f74b9341ab0f 100644 2.18.4 -From b4c3c026f618bb4d6769d1c2410f5670399032c8 Mon Sep 17 00:00:00 2001 +From 97426523d8ab23b0f9680d5a4f84fdd7a42c3caa Mon Sep 17 00:00:00 2001 From: Frank Werner-Krippendorf Date: Tue, 23 Jun 2020 03:59:44 -0600 -Subject: [PATCH 106/159] wireguard: noise: do not assign initiation time in if +Subject: [PATCH 102/157] wireguard: noise: do not assign initiation time in if condition commit 558b353c9c2a717509f291c066c6bd8f5f5e21be upstream. @@ -62541,10 +60245,10 @@ Signed-off-by: Jason A. Donenfeld 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c -index 626433690abb..201a22681945 100644 +index f14fd065916d..caabe90c3d05 100644 --- a/drivers/net/wireguard/noise.c +++ b/drivers/net/wireguard/noise.c -@@ -617,8 +617,8 @@ wg_noise_handshake_consume_initiation(struct message_handshake_initiation *src, +@@ -650,8 +650,8 @@ wg_noise_handshake_consume_initiation(struct message_handshake_initiation *src, memcpy(handshake->hash, hash, NOISE_HASH_LEN); memcpy(handshake->chaining_key, chaining_key, NOISE_HASH_LEN); handshake->remote_index = src->sender_index; @@ -62559,10 +60263,10 @@ index 626433690abb..201a22681945 100644 2.18.4 -From 72624ee52eb3223b0032630318a5b22a010fefce Mon Sep 17 00:00:00 2001 +From 27b68a9e1ace9c4a9fcf09e0d8f509b86fea6448 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 23 Jun 2020 03:59:45 -0600 -Subject: [PATCH 107/159] wireguard: device: avoid circular netns references +Subject: [PATCH 103/157] wireguard: device: avoid circular netns references commit 900575aa33a3eaaef802b31de187a85c4a4b4bd0 upstream. @@ -62869,10 +60573,10 @@ index 17a1f53ceba0..d77f4829f1e0 100755 2.18.4 -From aa2087c061688e1d108e1f7524d99784c0354594 Mon Sep 17 00:00:00 2001 +From 6ecd8f560c58f83b0e9d8932daca21e48b2d205c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 24 Jun 2020 16:06:03 -0600 -Subject: [PATCH 108/159] wireguard: receive: account for napi_gro_receive +Subject: [PATCH 104/157] wireguard: receive: account for napi_gro_receive never returning GRO_DROP commit df08126e3833e9dca19e2407db5f5860a7c194fb upstream. @@ -62917,10 +60621,10 @@ index 91438144e4f7..9b2ab6fc91cd 100644 2.18.4 -From 5ce84ff9d703009ecc3adaa7779466b65fe099ac Mon Sep 17 00:00:00 2001 +From 50e6630ef2021a4614c915aa704fea46d01db7ae Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Jun 2020 19:06:18 -0600 -Subject: [PATCH 109/159] net: ip_tunnel: add header_ops for layer 3 devices +Subject: [PATCH 105/157] net: ip_tunnel: add header_ops for layer 3 devices commit 2606aff916854b61234bf85001be9777bab2d5f8 upstream. @@ -62983,10 +60687,10 @@ index 1452a97914a0..cfe21c3ddfc2 100644 2.18.4 -From 90d1c8c4e3068a1bb99d484a09e589bc605624d1 Mon Sep 17 00:00:00 2001 +From 41bc209d8f095b15cbd5e8a87a12c0ef9753202b Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Jun 2020 19:06:20 -0600 -Subject: [PATCH 110/159] wireguard: implement header_ops->parse_protocol for +Subject: [PATCH 106/157] wireguard: implement header_ops->parse_protocol for AF_PACKET commit 01a4967c71c004f8ecad4ab57021348636502fa9 upstream. @@ -63026,10 +60730,10 @@ index a8f151b1b5fa..c9f65e96ccb0 100644 2.18.4 -From 3c6fc2bb9be392b8a80faba6d148133dc4d86027 Mon Sep 17 00:00:00 2001 +From 2cde3cd09dd90c04a8ac84db36a953f5d78e1d11 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Jun 2020 19:06:21 -0600 -Subject: [PATCH 111/159] wireguard: queueing: make use of +Subject: [PATCH 107/157] wireguard: queueing: make use of ip_tunnel_parse_protocol commit 1a574074ae7d1d745c16f7710655f38a53174c27 upstream. @@ -63103,10 +60807,10 @@ index 9b2ab6fc91cd..2c9551ea6dc7 100644 2.18.4 -From f2bd320fc50e49b8b362ea9c7cb3967db8d7031a Mon Sep 17 00:00:00 2001 +From 70a3158cfbc98276f368d46e96d23c30d57af0e3 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 18 Aug 2020 10:17:31 +0200 -Subject: [PATCH 112/159] netlink: consistently use NLA_POLICY_EXACT_LEN() +Subject: [PATCH 108/157] netlink: consistently use NLA_POLICY_EXACT_LEN() commit 8140860c817f3e9f78bcd1e420b9777ddcbaa629 upstream. @@ -63158,10 +60862,10 @@ index 9756239416fd..2a14f564033a 100644 2.18.4 -From f28ea95bad5576c73d45b15b20c1dcdae55b9dbd Mon Sep 17 00:00:00 2001 +From 7c66c32c34e5cf50b3a52cf177c9a6d138e21dd2 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 18 Aug 2020 10:17:32 +0200 -Subject: [PATCH 113/159] netlink: consistently use NLA_POLICY_MIN_LEN() +Subject: [PATCH 109/157] netlink: consistently use NLA_POLICY_MIN_LEN() commit bc0435855041d7fff0b83dd992fc4be34aa11afb upstream. @@ -63203,10 +60907,10 @@ index 2a14f564033a..1c69eb8735d5 100644 2.18.4 -From 7277c3076a0c2167089081662a0d6da752cd4782 Mon Sep 17 00:00:00 2001 +From dcac70adaa29880f20972bd88e046740279bff23 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 9 Sep 2020 13:58:14 +0200 -Subject: [PATCH 114/159] wireguard: noise: take lock when removing handshake +Subject: [PATCH 110/157] wireguard: noise: take lock when removing handshake entry from table commit 9179ba31367bcf481c3c79b5f028c94faad9f30a upstream. @@ -63312,7 +61016,7 @@ Signed-off-by: Jason A. Donenfeld 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c -index 201a22681945..27cb5045bed2 100644 +index caabe90c3d05..849dda712782 100644 --- a/drivers/net/wireguard/noise.c +++ b/drivers/net/wireguard/noise.c @@ -87,15 +87,12 @@ static void handshake_zero(struct noise_handshake *handshake) @@ -63336,10 +61040,10 @@ index 201a22681945..27cb5045bed2 100644 2.18.4 -From 785185700459d9f4134dbd31eec092219b75527e Mon Sep 17 00:00:00 2001 +From 6076d6786ca79c28ff2488f069e6bd1e96a6b361 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 9 Sep 2020 13:58:15 +0200 -Subject: [PATCH 115/159] wireguard: peerlookup: take lock before checking hash +Subject: [PATCH 111/157] wireguard: peerlookup: take lock before checking hash in replace operation commit 6147f7b1e90ff09bd52afc8b9206a7fcd133daf7 upstream. @@ -63404,10 +61108,10 @@ index e4deb331476b..f2783aa7a88f 100644 2.18.4 -From c39d741f91a7ec9a8fe2652e86dedbc53ff0c58b Mon Sep 17 00:00:00 2001 +From d2c662cf5b0f693410e958ba54bd9f0e7e7bc7e5 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 29 Oct 2020 03:56:05 +0100 -Subject: [PATCH 116/159] wireguard: selftests: check that route_me_harder +Subject: [PATCH 112/157] wireguard: selftests: check that route_me_harder packets use the right sk commit af8afcf1fdd5f365f70e2386c2d8c7a1abd853d7 upstream. @@ -63468,10 +61172,10 @@ index af9323a0b6e0..9864d106e818 100644 2.18.4 -From a1886296d9d7cef2fae8bd69cc206632f82b355c Mon Sep 17 00:00:00 2001 +From 896f59efea3a1e672c78e038953d9b939faa7806 Mon Sep 17 00:00:00 2001 From: Antonio Quartulli Date: Mon, 22 Feb 2021 17:25:43 +0100 -Subject: [PATCH 117/159] wireguard: avoid double unlikely() notation when +Subject: [PATCH 113/157] wireguard: avoid double unlikely() notation when using IS_ERR() commit 30ac4e2f54ec067b7b9ca0db27e75681581378d6 upstream. @@ -63531,10 +61235,10 @@ index c33e2c81635f..e9c35130846c 100644 2.18.4 -From b337bd2483397eb87d9a4c2d6f66f613569da8fc Mon Sep 17 00:00:00 2001 +From 0460b6d2fc28192713f22d037cbe615a5da2d016 Mon Sep 17 00:00:00 2001 From: Jann Horn Date: Mon, 22 Feb 2021 17:25:44 +0100 -Subject: [PATCH 118/159] wireguard: socket: remove bogus __be32 annotation +Subject: [PATCH 114/157] wireguard: socket: remove bogus __be32 annotation commit 7f57bd8dc22de35ddd895294aa554003e4f19a72 upstream. @@ -63589,10 +61293,10 @@ index e9c35130846c..e8eceeb0b62a 100644 2.18.4 -From ef3474273055ff35b642ed4e79d17de5635dac73 Mon Sep 17 00:00:00 2001 +From a3223b08c14c246ba045350657fa715ee78759e8 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 22 Feb 2021 17:25:45 +0100 -Subject: [PATCH 119/159] wireguard: selftests: test multiple parallel streams +Subject: [PATCH 115/157] wireguard: selftests: test multiple parallel streams commit d5a49aa6c3e264a93a7d08485d66e346be0969dd upstream. @@ -63647,10 +61351,10 @@ index 74c69b75f6f5..7ed7cd95e58f 100755 2.18.4 -From d45524b2bac7a1e43f478997cca17b0dee03f166 Mon Sep 17 00:00:00 2001 +From b73388a4352c4cb46e9135962108e052ccccc78a Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 22 Feb 2021 17:25:46 +0100 -Subject: [PATCH 120/159] wireguard: peer: put frequently used members above +Subject: [PATCH 116/157] wireguard: peer: put frequently used members above cache lines commit 5a0598695634a6bb4126818902dd9140cd9df8b6 upstream. @@ -63695,10 +61399,10 @@ index 23af40922997..aaff8de6e34b 100644 2.18.4 -From 8ca718aeae36efe07ebc676c6b88785c1f126c1b Mon Sep 17 00:00:00 2001 +From be196fcfbfb4f046aec4967bc6c6b025c83cb5e7 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 22 Feb 2021 17:25:47 +0100 -Subject: [PATCH 121/159] wireguard: device: do not generate ICMP for non-IP +Subject: [PATCH 117/157] wireguard: device: do not generate ICMP for non-IP packets commit 99fff5264e7ab06f45b0ad60243475be0a8d0559 upstream. @@ -63749,10 +61453,10 @@ index 46ecec72f214..5aeef63c4393 100644 2.18.4 -From 019fa59c538d1525831d43caf33a06daf36ec588 Mon Sep 17 00:00:00 2001 +From 16187357726c595dd72a79668227f4e05f596e8f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 22 Feb 2021 17:25:48 +0100 -Subject: [PATCH 122/159] wireguard: queueing: get rid of per-peer ring buffers +Subject: [PATCH 118/157] wireguard: queueing: get rid of per-peer ring buffers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -64329,10 +62033,10 @@ index f74b9341ab0f..5368f7c35b4b 100644 2.18.4 -From a2666761f7612e036b2ef3353552a5b18f4dbbbe Mon Sep 17 00:00:00 2001 +From d8cffccf2c02ab70dbb4ce3cab95b2ada9e09da5 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 22 Feb 2021 17:25:49 +0100 -Subject: [PATCH 123/159] wireguard: kconfig: use arm chacha even with no neon +Subject: [PATCH 119/157] wireguard: kconfig: use arm chacha even with no neon commit bce2473927af8de12ad131a743f55d69d358c0b9 upstream. @@ -64349,10 +62053,10 @@ Signed-off-by: Jason A. Donenfeld 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig -index 57f1ba924f4e..4e09901dac5c 100644 +index 2fefe588edf7..0dae5c60d1a8 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig -@@ -87,7 +87,7 @@ config WIREGUARD +@@ -85,7 +85,7 @@ config WIREGUARD select CRYPTO_CURVE25519_X86 if X86 && 64BIT select ARM_CRYPTO if ARM select ARM64_CRYPTO if ARM64 @@ -64365,10 +62069,10 @@ index 57f1ba924f4e..4e09901dac5c 100644 2.18.4 -From a52b91ed5d58f222f950bc15486271ecb3edec21 Mon Sep 17 00:00:00 2001 +From 19e027d0cc3627919a49aa2c9faa122ffc5ac987 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" Date: Thu, 11 Mar 2021 21:50:47 -0700 -Subject: [PATCH 124/159] crypto: mips/poly1305 - enable for all MIPS +Subject: [PATCH 120/157] crypto: mips/poly1305 - enable for all MIPS processors commit 6c810cf20feef0d4338e9b424ab7f2644a8b353e upstream. @@ -64407,10 +62111,10 @@ index 8e1deaf00e0c..5e4105cccf9f 100644 quiet_cmd_perlasm = PERLASM $@ cmd_perlasm = $(PERL) $(<) $(perlasm-flavour-y) $(@) diff --git a/crypto/Kconfig b/crypto/Kconfig -index eaf21eaca136..e44644fb16d5 100644 +index deb98b9484de..98e67c3f8b4b 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig -@@ -740,7 +740,7 @@ config CRYPTO_POLY1305_X86_64 +@@ -716,7 +716,7 @@ config CRYPTO_POLY1305_X86_64 config CRYPTO_POLY1305_MIPS tristate "Poly1305 authenticator algorithm (MIPS optimized)" @@ -64420,10 +62124,10 @@ index eaf21eaca136..e44644fb16d5 100644 config CRYPTO_MD4 diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig -index 4e09901dac5c..575b6c28a391 100644 +index 0dae5c60d1a8..c96f8611ce11 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig -@@ -92,7 +92,7 @@ config WIREGUARD +@@ -90,7 +90,7 @@ config WIREGUARD select CRYPTO_POLY1305_ARM if ARM select CRYPTO_CURVE25519_NEON if ARM && KERNEL_MODE_NEON select CRYPTO_CHACHA_MIPS if CPU_MIPS32_R2 @@ -64436,10 +62140,10 @@ index 4e09901dac5c..575b6c28a391 100644 2.18.4 -From de95c873bb8ac83293e01e4a84ccd98ffc0d2668 Mon Sep 17 00:00:00 2001 +From 282daa8202c1f781f36adefd0d46ada56b2a054b Mon Sep 17 00:00:00 2001 From: Ilya Lipnitskiy Date: Sat, 27 Mar 2021 19:39:43 -0700 -Subject: [PATCH 125/159] crypto: mips: add poly1305-core.S to .gitignore +Subject: [PATCH 121/157] crypto: mips: add poly1305-core.S to .gitignore commit dc92d0df51dc61de88bf6f4884a17bf73d5c6326 upstream. @@ -64467,10 +62171,10 @@ index 000000000000..0d47d4f21c6d 2.18.4 -From 9baab4a81a5ad7d2ffe694ffe79cd708f066ddad Mon Sep 17 00:00:00 2001 +From 5c1c971b6f19f5d34710aec8017974ad0dfa2395 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Mon, 22 Mar 2021 18:05:15 +0100 -Subject: [PATCH 126/159] crypto: poly1305 - fix poly1305_core_setkey() +Subject: [PATCH 122/157] crypto: poly1305 - fix poly1305_core_setkey() declaration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -64662,10 +62366,10 @@ index 9d2d14df0fee..26d87fc3823e 100644 2.18.4 -From 96a3fa370639d4c65d0add0fb43db1fed7909e6c Mon Sep 17 00:00:00 2001 +From 30d71616ded35c244a17820d7a71d204a737546f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Jun 2021 17:17:30 +0200 -Subject: [PATCH 127/159] wireguard: selftests: remove old conntrack kconfig +Subject: [PATCH 123/157] wireguard: selftests: remove old conntrack kconfig value commit acf2492b51c9a3c4dfb947f4d3477a86d315150f upstream. @@ -64698,10 +62402,10 @@ index 9864d106e818..9e413e0ffa3f 100644 2.18.4 -From 457b02f3c67c0ab2ad095e70e689b438097b413f Mon Sep 17 00:00:00 2001 +From d9159eb570dc34230246e0edc062620c15189c9c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Jun 2021 17:17:31 +0200 -Subject: [PATCH 128/159] wireguard: selftests: make sure rp_filter is disabled +Subject: [PATCH 124/157] wireguard: selftests: make sure rp_filter is disabled on vethc commit f8873d11d4121aad35024f9379e431e0c83abead upstream. @@ -64735,10 +62439,10 @@ index 7ed7cd95e58f..ebc4ee0fe179 100755 2.18.4 -From 6cec26cdf35faccea200dbcd556c63a762e86689 Mon Sep 17 00:00:00 2001 +From bfe183ed8e4e09e9006a9bb0c324c58c050cd2bb Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Jun 2021 17:17:32 +0200 -Subject: [PATCH 129/159] wireguard: do not use -O3 +Subject: [PATCH 125/157] wireguard: do not use -O3 commit cc5060ca0285efe2728bced399a1955a7ce808b2 upstream. @@ -64774,10 +62478,10 @@ index fc52b2cb500b..dbe1f8514efc 100644 2.18.4 -From f30acbb098cf98d8bb0e52deb3d689a176d91d08 Mon Sep 17 00:00:00 2001 +From 6d881a4b9fcc5af701b7f3999528b73375f073f2 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Jun 2021 17:17:33 +0200 -Subject: [PATCH 130/159] wireguard: use synchronize_net rather than +Subject: [PATCH 126/157] wireguard: use synchronize_net rather than synchronize_rcu commit 24b70eeeb4f46c09487f8155239ebfb1f875774a upstream. @@ -64849,10 +62553,10 @@ index e8eceeb0b62a..04739763e303 100644 2.18.4 -From bc0e50517d68b8113586025466a30ba7ce79137f Mon Sep 17 00:00:00 2001 +From 0b6f56a494f975a20767e58cb7e43d329aefce9c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Jun 2021 17:17:34 +0200 -Subject: [PATCH 131/159] wireguard: peer: allocate in kmem_cache +Subject: [PATCH 127/157] wireguard: peer: allocate in kmem_cache commit a4e9f8e3287c9eb6bf70df982870980dd3341863 upstream. @@ -64984,10 +62688,10 @@ index 8d53b687a1d1..76e4d3128ad4 100644 2.18.4 -From b385a78d21fe1c955ceaa0f0de654d1dfe532c23 Mon Sep 17 00:00:00 2001 +From 6b5aac16564eeab9c4d76f1c3dd595e1c5e05316 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Jun 2021 17:17:35 +0200 -Subject: [PATCH 132/159] wireguard: allowedips: initialize list head in +Subject: [PATCH 128/157] wireguard: allowedips: initialize list head in selftest commit 46cfe8eee285cde465b420637507884551f5d7ca upstream. @@ -65034,10 +62738,10 @@ index 846db14cb046..0d2a43a2d400 100644 2.18.4 -From 267ce66df0b5bc92daa515f05b81287e66eaa0bd Mon Sep 17 00:00:00 2001 +From 23709a1259c170ace9d9a2c147c028c6460148ba Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Jun 2021 17:17:36 +0200 -Subject: [PATCH 133/159] wireguard: allowedips: remove nodes in O(1) +Subject: [PATCH 129/157] wireguard: allowedips: remove nodes in O(1) commit f634f418c227c912e7ea95a3299efdc9b10e4022 upstream. @@ -65280,10 +62984,10 @@ index e5c83cafcef4..f08f552e6852 100644 2.18.4 -From 28fa06acf3f3904f11904366444471056886adb7 Mon Sep 17 00:00:00 2001 +From e9580a5556a43565c663a3bc007574eebdfbc275 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Jun 2021 17:17:37 +0200 -Subject: [PATCH 134/159] wireguard: allowedips: allocate nodes in kmem_cache +Subject: [PATCH 130/157] wireguard: allowedips: allocate nodes in kmem_cache commit dc680de28ca849dfe589dc15ac56d22505f0ef11 upstream. @@ -65463,10 +63167,10 @@ index 0a3ebfdac794..75dbe77b0b4b 100644 2.18.4 -From dee85ed266242c85a8433bb0136aa44c0fe528ef Mon Sep 17 00:00:00 2001 +From dee08175a4a5429f78790fa8a653eefa3a027edc Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 4 Jun 2021 17:17:38 +0200 -Subject: [PATCH 135/159] wireguard: allowedips: free empty intermediate nodes +Subject: [PATCH 131/157] wireguard: allowedips: free empty intermediate nodes when removing single node commit bf7b042dc62a31f66d3a41dd4dfc7806f267b307 upstream. @@ -65994,10 +63698,10 @@ index 0d2a43a2d400..e173204ae7d7 100644 2.18.4 -From 0894a3a392220a19014f61a058c21456407c3e98 Mon Sep 17 00:00:00 2001 +From 428ca3d8f9ace2f02f38a4bb945603ba171cb28a Mon Sep 17 00:00:00 2001 From: Hangbin Liu Date: Thu, 3 Jun 2021 01:53:40 -0400 -Subject: [PATCH 136/159] crypto: x86/curve25519 - fix cpu feature checking +Subject: [PATCH 132/157] crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit commit 1b82435d17774f3eaab35dce239d354548aa9da2 upstream. @@ -66035,10 +63739,10 @@ index a9edb6f8a0ba..3fcbe873f2f5 100644 2.18.4 -From 8ac21f5c3fdad33bfe669bd60ece67de5495c4a6 Mon Sep 17 00:00:00 2001 +From 9298138b30f7f5045814215dba1d35067b7adf6e Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Nov 2021 10:39:20 -0500 -Subject: [PATCH 137/159] wireguard: allowedips: add missing __rcu annotation +Subject: [PATCH 133/157] wireguard: allowedips: add missing __rcu annotation to satisfy sparse commit ae9287811ba75571cd69505d50ab0e612ace8572 upstream. @@ -66071,10 +63775,10 @@ index b7197e80f226..9a4c8ff32d9d 100644 2.18.4 -From c33ba5946375a71529003186bb5914f6ac46642a Mon Sep 17 00:00:00 2001 +From ce7f9d78d8d74ec00b5911b137a084cd4eec51f2 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Nov 2021 10:39:21 -0500 -Subject: [PATCH 138/159] wireguard: selftests: increase default dmesg log size +Subject: [PATCH 134/157] wireguard: selftests: increase default dmesg log size commit 03ff1b1def73f817e196bf96ab36ac259490bd7c upstream. @@ -66108,10 +63812,10 @@ index 9e413e0ffa3f..30925b799b77 100644 2.18.4 -From 32375bde8ddd93c82f5507c6662d76d01c184db4 Mon Sep 17 00:00:00 2001 +From e28bb21f8bf05144c997fc9ec84f019115423db4 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Nov 2021 10:39:22 -0500 -Subject: [PATCH 139/159] wireguard: selftests: actually test for routing loops +Subject: [PATCH 135/157] wireguard: selftests: actually test for routing loops commit 782c72af567fc2ef09bd7615d0307f24de72c7e0 upstream. @@ -66153,10 +63857,10 @@ index ebc4ee0fe179..2e5c1630885e 100755 2.18.4 -From 85dfb835574aff01f906830b248c57fe0b5cbcc7 Mon Sep 17 00:00:00 2001 +From 84042297e06e182072fb77335a5904ae590e8b1a Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Mon, 29 Nov 2021 10:39:23 -0500 -Subject: [PATCH 140/159] wireguard: main: rename 'mod_init' & 'mod_exit' +Subject: [PATCH 136/157] wireguard: main: rename 'mod_init' & 'mod_exit' functions to be module-specific commit b251b711a92189d558b07fde5a7ccd5a7915ebdd upstream. @@ -66214,10 +63918,10 @@ index 75dbe77b0b4b..ee4da9ab8013 100644 2.18.4 -From 1aa54a9435e852d44fe6c117b693104245a5b9fa Mon Sep 17 00:00:00 2001 +From 221e51c4b4f4db4a46973faffec43aaf209338c2 Mon Sep 17 00:00:00 2001 From: Li Zhijian Date: Mon, 29 Nov 2021 10:39:24 -0500 -Subject: [PATCH 141/159] wireguard: selftests: rename DEBUG_PI_LIST to +Subject: [PATCH 137/157] wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST commit 7e938beb8321d34f040557b8915b228af125f73c upstream. @@ -66251,10 +63955,10 @@ index b9c72706fe4d..80501d4e6ae3 100644 2.18.4 -From 5bcfe8a7358e4cbc0b7af097dd436ec7aa7573f6 Mon Sep 17 00:00:00 2001 +From 52bcdce4ea30f4d9150b7039f708a0742c233961 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Nov 2021 10:39:25 -0500 -Subject: [PATCH 142/159] wireguard: device: reset peer src endpoint when netns +Subject: [PATCH 138/157] wireguard: device: reset peer src endpoint when netns exits MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -66429,10 +64133,10 @@ index 2e5c1630885e..8a9461aa0878 100755 2.18.4 -From 4a1142bacd8c12d25870f02d2f0515a55cc242b6 Mon Sep 17 00:00:00 2001 +From 520b1ef571c97638ee5049bbb800751519812059 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Nov 2021 10:39:26 -0500 -Subject: [PATCH 143/159] wireguard: receive: use ring buffer for incoming +Subject: [PATCH 139/157] wireguard: receive: use ring buffer for incoming handshakes commit 886fcee939adb5e2af92741b90643a59f2b54f97 upstream. @@ -66693,10 +64397,10 @@ index 7dc84bcca261..f4e537e3e8ec 100644 2.18.4 -From b71a0a1abcf58d5ae7c981f0675cbc9dc9b2e2f1 Mon Sep 17 00:00:00 2001 +From a66b4743c97cb584c40efbd7d6afbca63e46ced6 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Nov 2021 10:39:27 -0500 -Subject: [PATCH 144/159] wireguard: receive: drop handshakes if queue lock is +Subject: [PATCH 140/157] wireguard: receive: drop handshakes if queue lock is contended commit fb32f4f606c17b869805d7cede8b03d78339b50a upstream. @@ -66748,10 +64452,10 @@ index f4e537e3e8ec..7b8df406c773 100644 2.18.4 -From 970c91b091d64b01e2586e3316ad234c759df0b0 Mon Sep 17 00:00:00 2001 +From e019190b1489b1c708a3e6d3abf6f327aad8d715 Mon Sep 17 00:00:00 2001 From: "Gustavo A. R. Silva" Date: Mon, 29 Nov 2021 10:39:28 -0500 -Subject: [PATCH 145/159] wireguard: ratelimiter: use kvcalloc() instead of +Subject: [PATCH 141/157] wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() commit 4e3fd721710553832460c179c2ee5ce67ef7f1e0 upstream. @@ -66794,10 +64498,10 @@ index 3fedd1d21f5e..dd55e5c26f46 100644 2.18.4 -From 5bd6979f42e9bec16fa3d1c9f92f09df2d6abf95 Mon Sep 17 00:00:00 2001 +From 73b272f90dd91ed4e03aeb317f496b59a536cd89 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 14 Dec 2021 17:01:46 +0100 -Subject: [PATCH 146/159] crypto: x86/curve25519 - use in/out register +Subject: [PATCH 142/157] crypto: x86/curve25519 - use in/out register constraints more precisely commit acd93f8a4ca784d8eff303c6cae49f3bf7b3a499 upstream. @@ -67865,246 +65569,10 @@ index 3fcbe873f2f5..d55fa9e9b9e6 100644 2.18.4 -From cdba9cf630ca05840d52570d79d8622c16f9bd14 Mon Sep 17 00:00:00 2001 -From: "Jason A. Donenfeld" -Date: Tue, 11 Jan 2022 14:37:41 +0100 -Subject: [PATCH 147/159] lib/crypto: blake2s: move hmac construction into - wireguard - -commit d8d83d8ab0a453e17e68b3a3bed1f940c34b8646 upstream. - -Basically nobody should use blake2s in an HMAC construction; it already -has a keyed variant. But unfortunately for historical reasons, Noise, -used by WireGuard, uses HKDF quite strictly, which means we have to use -this. Because this really shouldn't be used by others, this commit moves -it into wireguard's noise.c locally, so that kernels that aren't using -WireGuard don't get this superfluous code baked in. On m68k systems, -this shaves off ~314 bytes. - -Cc: Herbert Xu -Tested-by: Geert Uytterhoeven -Acked-by: Ard Biesheuvel -Signed-off-by: Jason A. Donenfeld ---- - drivers/net/wireguard/noise.c | 45 ++++++++++++++++++++++++++++++----- - include/crypto/blake2s.h | 3 --- - lib/crypto/blake2s-selftest.c | 31 ------------------------ - lib/crypto/blake2s.c | 37 ---------------------------- - 4 files changed, 39 insertions(+), 77 deletions(-) - -diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c -index 27cb5045bed2..849dda712782 100644 ---- a/drivers/net/wireguard/noise.c -+++ b/drivers/net/wireguard/noise.c -@@ -302,6 +302,41 @@ void wg_noise_set_static_identity_private_key( - static_identity->static_public, private_key); - } - -+static void hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, const size_t keylen) -+{ -+ struct blake2s_state state; -+ u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; -+ u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); -+ int i; -+ -+ if (keylen > BLAKE2S_BLOCK_SIZE) { -+ blake2s_init(&state, BLAKE2S_HASH_SIZE); -+ blake2s_update(&state, key, keylen); -+ blake2s_final(&state, x_key); -+ } else -+ memcpy(x_key, key, keylen); -+ -+ for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) -+ x_key[i] ^= 0x36; -+ -+ blake2s_init(&state, BLAKE2S_HASH_SIZE); -+ blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); -+ blake2s_update(&state, in, inlen); -+ blake2s_final(&state, i_hash); -+ -+ for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) -+ x_key[i] ^= 0x5c ^ 0x36; -+ -+ blake2s_init(&state, BLAKE2S_HASH_SIZE); -+ blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); -+ blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); -+ blake2s_final(&state, i_hash); -+ -+ memcpy(out, i_hash, BLAKE2S_HASH_SIZE); -+ memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); -+ memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); -+} -+ - /* This is Hugo Krawczyk's HKDF: - * - https://eprint.iacr.org/2010/264.pdf - * - https://tools.ietf.org/html/rfc5869 -@@ -322,14 +357,14 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, - ((third_len || third_dst) && (!second_len || !second_dst)))); - - /* Extract entropy from data into secret */ -- blake2s256_hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); -+ hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); - - if (!first_dst || !first_len) - goto out; - - /* Expand first key: key = secret, data = 0x1 */ - output[0] = 1; -- blake2s256_hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); -+ hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); - memcpy(first_dst, output, first_len); - - if (!second_dst || !second_len) -@@ -337,8 +372,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, - - /* Expand second key: key = secret, data = first-key || 0x2 */ - output[BLAKE2S_HASH_SIZE] = 2; -- blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, -- BLAKE2S_HASH_SIZE); -+ hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); - memcpy(second_dst, output, second_len); - - if (!third_dst || !third_len) -@@ -346,8 +380,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, - - /* Expand third key: key = secret, data = second-key || 0x3 */ - output[BLAKE2S_HASH_SIZE] = 3; -- blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, -- BLAKE2S_HASH_SIZE); -+ hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); - memcpy(third_dst, output, third_len); - - out: -diff --git a/include/crypto/blake2s.h b/include/crypto/blake2s.h -index b471deac28ff..00472cb95ead 100644 ---- a/include/crypto/blake2s.h -+++ b/include/crypto/blake2s.h -@@ -100,7 +100,4 @@ static inline void blake2s(u8 *out, const u8 *in, const u8 *key, - blake2s_final(&state, out); - } - --void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, -- const size_t keylen); -- - #endif /* BLAKE2S_H */ -diff --git a/lib/crypto/blake2s-selftest.c b/lib/crypto/blake2s-selftest.c -index 79ef404a990d..7a9edc96dddd 100644 ---- a/lib/crypto/blake2s-selftest.c -+++ b/lib/crypto/blake2s-selftest.c -@@ -15,7 +15,6 @@ - * #include - * - * #include -- * #include - * - * #define BLAKE2S_TESTVEC_COUNT 256 - * -@@ -58,16 +57,6 @@ - * } - * printf("};\n\n"); - * -- * printf("static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = {\n"); -- * -- * HMAC(EVP_blake2s256(), key, sizeof(key), buf, sizeof(buf), hash, NULL); -- * print_vec(hash, BLAKE2S_OUTBYTES); -- * -- * HMAC(EVP_blake2s256(), buf, sizeof(buf), key, sizeof(key), hash, NULL); -- * print_vec(hash, BLAKE2S_OUTBYTES); -- * -- * printf("};\n"); -- * - * return 0; - *} - */ -@@ -554,15 +543,6 @@ static const u8 blake2s_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { - 0xd6, 0x98, 0x6b, 0x07, 0x10, 0x65, 0x52, 0x65, }, - }; - --static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { -- { 0xce, 0xe1, 0x57, 0x69, 0x82, 0xdc, 0xbf, 0x43, 0xad, 0x56, 0x4c, 0x70, -- 0xed, 0x68, 0x16, 0x96, 0xcf, 0xa4, 0x73, 0xe8, 0xe8, 0xfc, 0x32, 0x79, -- 0x08, 0x0a, 0x75, 0x82, 0xda, 0x3f, 0x05, 0x11, }, -- { 0x77, 0x2f, 0x0c, 0x71, 0x41, 0xf4, 0x4b, 0x2b, 0xb3, 0xc6, 0xb6, 0xf9, -- 0x60, 0xde, 0xe4, 0x52, 0x38, 0x66, 0xe8, 0xbf, 0x9b, 0x96, 0xc4, 0x9f, -- 0x60, 0xd9, 0x24, 0x37, 0x99, 0xd6, 0xec, 0x31, }, --}; -- - bool __init blake2s_selftest(void) - { - u8 key[BLAKE2S_KEY_SIZE]; -@@ -607,16 +587,5 @@ bool __init blake2s_selftest(void) - } - } - -- if (success) { -- blake2s256_hmac(hash, buf, key, sizeof(buf), sizeof(key)); -- success &= !memcmp(hash, blake2s_hmac_testvecs[0], BLAKE2S_HASH_SIZE); -- -- blake2s256_hmac(hash, key, buf, sizeof(key), sizeof(buf)); -- success &= !memcmp(hash, blake2s_hmac_testvecs[1], BLAKE2S_HASH_SIZE); -- -- if (!success) -- pr_err("blake2s256_hmac self-test: FAIL\n"); -- } -- - return success; - } -diff --git a/lib/crypto/blake2s.c b/lib/crypto/blake2s.c -index 41025a30c524..537da0d7698f 100644 ---- a/lib/crypto/blake2s.c -+++ b/lib/crypto/blake2s.c -@@ -70,43 +70,6 @@ void blake2s_final(struct blake2s_state *state, u8 *out) - } - EXPORT_SYMBOL(blake2s_final); - --void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, -- const size_t keylen) --{ -- struct blake2s_state state; -- u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; -- u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); -- int i; -- -- if (keylen > BLAKE2S_BLOCK_SIZE) { -- blake2s_init(&state, BLAKE2S_HASH_SIZE); -- blake2s_update(&state, key, keylen); -- blake2s_final(&state, x_key); -- } else -- memcpy(x_key, key, keylen); -- -- for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) -- x_key[i] ^= 0x36; -- -- blake2s_init(&state, BLAKE2S_HASH_SIZE); -- blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); -- blake2s_update(&state, in, inlen); -- blake2s_final(&state, i_hash); -- -- for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) -- x_key[i] ^= 0x5c ^ 0x36; -- -- blake2s_init(&state, BLAKE2S_HASH_SIZE); -- blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); -- blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); -- blake2s_final(&state, i_hash); -- -- memcpy(out, i_hash, BLAKE2S_HASH_SIZE); -- memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); -- memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); --} --EXPORT_SYMBOL(blake2s256_hmac); -- - static int __init mod_init(void) - { - if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && --- -2.18.4 - - -From 6a390dbc410d9aac7d8487605263ef4ef4c4a808 Mon Sep 17 00:00:00 2001 +From e8c909fc21a7a5f699eaa5c450f6a5beeb270488 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 29 Mar 2022 21:31:24 -0400 -Subject: [PATCH 148/159] wireguard: queueing: use CFI-safe ptr_ring cleanup +Subject: [PATCH 143/157] wireguard: queueing: use CFI-safe ptr_ring cleanup function commit ec59f128a9bd4255798abb1e06ac3b442f46ef68 upstream. @@ -68150,10 +65618,10 @@ index 1de413b19e34..8084e7408c0a 100644 2.18.4 -From 4e1722d4a34af77443bc1876f6bd9eb9657585f2 Mon Sep 17 00:00:00 2001 +From 70202561dcabb3031ce42079de118826cba0862a Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 29 Mar 2022 21:31:25 -0400 -Subject: [PATCH 149/159] wireguard: selftests: simplify RNG seeding +Subject: [PATCH 144/157] wireguard: selftests: simplify RNG seeding commit ca93ca23409b827b48a2fc0a692496d3f7b67944 upstream. @@ -68221,10 +65689,10 @@ index c9698120ac9d..0b45055d9de0 100644 2.18.4 -From b38cc8f43b38fad8ec6422ef751a521c4262aaea Mon Sep 17 00:00:00 2001 +From 0e9725840f931ae3e3098c90c19eac8069a35788 Mon Sep 17 00:00:00 2001 From: Wang Hai Date: Tue, 29 Mar 2022 21:31:26 -0400 -Subject: [PATCH 150/159] wireguard: socket: free skb in send6 when ipv6 is +Subject: [PATCH 145/157] wireguard: socket: free skb in send6 when ipv6 is disabled commit bbbf962d9460194993ee1943a793a0a0af4a7fbf upstream. @@ -68278,10 +65746,10 @@ index bd887f33a3a8..db0d61e77d40 100644 2.18.4 -From 77cff06b1cd088c7427d8f7ec64b031d42981443 Mon Sep 17 00:00:00 2001 +From 44f1d90bed83ea07497435fcab1c066c683d710e Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 29 Mar 2022 21:31:27 -0400 -Subject: [PATCH 151/159] wireguard: socket: ignore v6 endpoints when ipv6 is +Subject: [PATCH 146/157] wireguard: socket: ignore v6 endpoints when ipv6 is disabled commit 77fc73ac89be96ec8f39e8efa53885caa7cb3645 upstream. @@ -68328,10 +65796,10 @@ index db0d61e77d40..9e0af9320c6b 100644 2.18.4 -From 8d0dd9ef0bc62f80f824418490ae28e877661963 Mon Sep 17 00:00:00 2001 +From 0cda875126ddc39774f76e30939974e4e3d4b02c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 21 Apr 2022 15:48:04 +0200 -Subject: [PATCH 152/159] wireguard: selftests: enable ACPI for SMP +Subject: [PATCH 147/157] wireguard: selftests: enable ACPI for SMP commit 00f3d2ed9dac8fc8674a021765a0772f74c6127b upstream. @@ -68370,10 +65838,10 @@ index 00a1ef4869d5..45dd53a0d760 100644 2.18.4 -From f7a4e7d155da36990d7923c345f2a5f5b3d86337 Mon Sep 17 00:00:00 2001 +From 5ea67e6bc9fa50223d3ef6348866af23ed39c297 Mon Sep 17 00:00:00 2001 From: Nikolay Aleksandrov Date: Thu, 21 Apr 2022 15:48:05 +0200 -Subject: [PATCH 153/159] wireguard: device: check for metadata_dst with +Subject: [PATCH 148/157] wireguard: device: check for metadata_dst with skb_valid_dst() commit 45ac774c33d834fe9d4de06ab5f1022fe8cd2071 upstream. @@ -68473,10 +65941,10 @@ index efe5ace9d340..6f1edb22d900 100644 2.18.4 -From 4f21681464a73881c2f04931d1b453c6c12e5d8c Mon Sep 17 00:00:00 2001 +From 4fa8bc1fdd6d843f8d6a1d6a78dda2cf8baab0c2 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 4 May 2022 22:29:15 +0200 -Subject: [PATCH 154/159] wireguard: selftests: make routing loop test +Subject: [PATCH 149/157] wireguard: selftests: make routing loop test non-fatal commit ae2de669c14a18b5144cdacf49933ad400ed7e1c upstream. @@ -68526,10 +65994,10 @@ index 8a9461aa0878..8a543200a61a 100755 2.18.4 -From 6c44f139320c14465f00d6f139be6a66fae1b361 Mon Sep 17 00:00:00 2001 +From 3df15ef0911a727f0a0b7d89bcaf4ab583498884 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 4 May 2022 22:29:16 +0200 -Subject: [PATCH 155/159] wireguard: selftests: limit parallelism to $(nproc) +Subject: [PATCH 150/157] wireguard: selftests: limit parallelism to $(nproc) tests at once commit 39f02bf1e5ce9d72045de01e3d618ade1067158c upstream. @@ -68595,10 +66063,10 @@ index 8a543200a61a..69c7796c7ca9 100755 2.18.4 -From c4573b19364644448f8d7f823397dfd0fa34676e Mon Sep 17 00:00:00 2001 +From 7bae33e788ef78f8b93b32545d4395addb70d375 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 4 May 2022 22:29:17 +0200 -Subject: [PATCH 156/159] wireguard: selftests: use newer toolchains to fill +Subject: [PATCH 151/157] wireguard: selftests: use newer toolchains to fill out architectures commit d5d9b29bc963cc084c5c0f3a7c28e2632a22e0c4 upstream. @@ -69066,10 +66534,10 @@ index 000000000000..274a44f4e49c 2.18.4 -From 526ce27dafaa5756876cbac6bc0b0daae91b7bf2 Mon Sep 17 00:00:00 2001 +From b16c995fe5656941cdab37ac6fea252f5cebf83b Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 4 May 2022 22:29:18 +0200 -Subject: [PATCH 157/159] wireguard: selftests: restore support for ccache +Subject: [PATCH 152/157] wireguard: selftests: restore support for ccache commit d261ba6aa411e03c27da266b7df4bef771e8105e upstream. @@ -69142,10 +66610,10 @@ index 1031477d2d88..987eb2f952a0 100644 2.18.4 -From 5e18bf854a8b471b85e409e423d55e852ae54b7f Mon Sep 17 00:00:00 2001 +From 19b81aa9ed3358d08e4b691d8dd2ad88d38b3e34 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 4 May 2022 22:29:19 +0200 -Subject: [PATCH 158/159] wireguard: selftests: bump package deps +Subject: [PATCH 153/157] wireguard: selftests: bump package deps commit a6b8ea9144340c0aaa66c817a3bbb6bca47f0321 upstream. @@ -69207,10 +66675,10 @@ index 987eb2f952a0..51649cffc06d 100644 2.18.4 -From 4bec9f1b8fea460774e788382d8178220bd864d9 Mon Sep 17 00:00:00 2001 +From b33b459a4c28a40e53c812afd8e40caff2e436ed Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 4 May 2022 22:29:20 +0200 -Subject: [PATCH 159/159] wireguard: selftests: set panic_on_warn=1 from +Subject: [PATCH 154/157] wireguard: selftests: set panic_on_warn=1 from cmdline commit 3fc1b11e5d7278437bdfff0e01f51e777eefb222 upstream. @@ -69430,3 +66898,291 @@ index 0b45055d9de0..2a0f48fac925 100644 -- 2.18.4 + +From d0d610c254ea3e8b0ced33a2853efb3a2e8ee9f9 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Thu, 7 Jul 2022 02:31:52 +0200 +Subject: [PATCH 155/157] wireguard: selftests: set fake real time in init + +commit 829be057dbc1e71383b8d7de8edb31dcf07b4aa0 upstream. + +Not all platforms have an RTC, and rather than trying to force one into +each, it's much easier to just set a fixed time. This is necessary +because WireGuard's latest handshakes parameter is returned in wallclock +time, and if the system time isn't set, and the system is really fast, +then this returns 0, which trips the test. + +Turning this on requires setting CONFIG_COMPAT_32BIT_TIME=y, as musl +doesn't support settimeofday without it. + +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + .../testing/selftests/wireguard/qemu/arch/arm.config | 1 + + .../selftests/wireguard/qemu/arch/armeb.config | 1 + + .../testing/selftests/wireguard/qemu/arch/i686.config | 1 + + .../testing/selftests/wireguard/qemu/arch/m68k.config | 1 + + .../testing/selftests/wireguard/qemu/arch/mips.config | 1 + + .../selftests/wireguard/qemu/arch/mipsel.config | 1 + + .../selftests/wireguard/qemu/arch/powerpc.config | 1 + + tools/testing/selftests/wireguard/qemu/init.c | 11 +++++++++++ + 8 files changed, 18 insertions(+) + +diff --git a/tools/testing/selftests/wireguard/qemu/arch/arm.config b/tools/testing/selftests/wireguard/qemu/arch/arm.config +index fc7959bef9c2..0579c66be83e 100644 +--- a/tools/testing/selftests/wireguard/qemu/arch/arm.config ++++ b/tools/testing/selftests/wireguard/qemu/arch/arm.config +@@ -7,6 +7,7 @@ CONFIG_SERIAL_AMBA_PL011_CONSOLE=y + CONFIG_VIRTIO_MENU=y + CONFIG_VIRTIO_MMIO=y + CONFIG_VIRTIO_CONSOLE=y ++CONFIG_COMPAT_32BIT_TIME=y + CONFIG_CMDLINE_BOOL=y + CONFIG_CMDLINE="console=ttyAMA0 wg.success=vport0p1 panic_on_warn=1" + CONFIG_FRAME_WARN=1024 +diff --git a/tools/testing/selftests/wireguard/qemu/arch/armeb.config b/tools/testing/selftests/wireguard/qemu/arch/armeb.config +index f3066be81c19..2a3307bbe534 100644 +--- a/tools/testing/selftests/wireguard/qemu/arch/armeb.config ++++ b/tools/testing/selftests/wireguard/qemu/arch/armeb.config +@@ -7,6 +7,7 @@ CONFIG_SERIAL_AMBA_PL011_CONSOLE=y + CONFIG_VIRTIO_MENU=y + CONFIG_VIRTIO_MMIO=y + CONFIG_VIRTIO_CONSOLE=y ++CONFIG_COMPAT_32BIT_TIME=y + CONFIG_CMDLINE_BOOL=y + CONFIG_CMDLINE="console=ttyAMA0 wg.success=vport0p1 panic_on_warn=1" + CONFIG_CPU_BIG_ENDIAN=y +diff --git a/tools/testing/selftests/wireguard/qemu/arch/i686.config b/tools/testing/selftests/wireguard/qemu/arch/i686.config +index 6d90892a85a2..cd864b9be6fb 100644 +--- a/tools/testing/selftests/wireguard/qemu/arch/i686.config ++++ b/tools/testing/selftests/wireguard/qemu/arch/i686.config +@@ -1,6 +1,7 @@ + CONFIG_ACPI=y + CONFIG_SERIAL_8250=y + CONFIG_SERIAL_8250_CONSOLE=y ++CONFIG_COMPAT_32BIT_TIME=y + CONFIG_CMDLINE_BOOL=y + CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1 panic_on_warn=1" + CONFIG_FRAME_WARN=1024 +diff --git a/tools/testing/selftests/wireguard/qemu/arch/m68k.config b/tools/testing/selftests/wireguard/qemu/arch/m68k.config +index 82c925e49beb..9639bfe06074 100644 +--- a/tools/testing/selftests/wireguard/qemu/arch/m68k.config ++++ b/tools/testing/selftests/wireguard/qemu/arch/m68k.config +@@ -5,5 +5,6 @@ CONFIG_MAC=y + CONFIG_SERIAL_PMACZILOG=y + CONFIG_SERIAL_PMACZILOG_TTYS=y + CONFIG_SERIAL_PMACZILOG_CONSOLE=y ++CONFIG_COMPAT_32BIT_TIME=y + CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1 panic_on_warn=1" + CONFIG_FRAME_WARN=1024 +diff --git a/tools/testing/selftests/wireguard/qemu/arch/mips.config b/tools/testing/selftests/wireguard/qemu/arch/mips.config +index d7ec63c17b30..2a84402353ab 100644 +--- a/tools/testing/selftests/wireguard/qemu/arch/mips.config ++++ b/tools/testing/selftests/wireguard/qemu/arch/mips.config +@@ -6,6 +6,7 @@ CONFIG_POWER_RESET=y + CONFIG_POWER_RESET_SYSCON=y + CONFIG_SERIAL_8250=y + CONFIG_SERIAL_8250_CONSOLE=y ++CONFIG_COMPAT_32BIT_TIME=y + CONFIG_CMDLINE_BOOL=y + CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1 panic_on_warn=1" + CONFIG_FRAME_WARN=1024 +diff --git a/tools/testing/selftests/wireguard/qemu/arch/mipsel.config b/tools/testing/selftests/wireguard/qemu/arch/mipsel.config +index 18a498293737..56146a101e7e 100644 +--- a/tools/testing/selftests/wireguard/qemu/arch/mipsel.config ++++ b/tools/testing/selftests/wireguard/qemu/arch/mipsel.config +@@ -7,6 +7,7 @@ CONFIG_POWER_RESET=y + CONFIG_POWER_RESET_SYSCON=y + CONFIG_SERIAL_8250=y + CONFIG_SERIAL_8250_CONSOLE=y ++CONFIG_COMPAT_32BIT_TIME=y + CONFIG_CMDLINE_BOOL=y + CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1 panic_on_warn=1" + CONFIG_FRAME_WARN=1024 +diff --git a/tools/testing/selftests/wireguard/qemu/arch/powerpc.config b/tools/testing/selftests/wireguard/qemu/arch/powerpc.config +index 5e04882e8e35..174a9ffe2a36 100644 +--- a/tools/testing/selftests/wireguard/qemu/arch/powerpc.config ++++ b/tools/testing/selftests/wireguard/qemu/arch/powerpc.config +@@ -4,6 +4,7 @@ CONFIG_PPC_85xx=y + CONFIG_PHYS_64BIT=y + CONFIG_SERIAL_8250=y + CONFIG_SERIAL_8250_CONSOLE=y ++CONFIG_COMPAT_32BIT_TIME=y + CONFIG_MATH_EMULATION=y + CONFIG_CMDLINE_BOOL=y + CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1 panic_on_warn=1" +diff --git a/tools/testing/selftests/wireguard/qemu/init.c b/tools/testing/selftests/wireguard/qemu/init.c +index 2a0f48fac925..542c34b00eb0 100644 +--- a/tools/testing/selftests/wireguard/qemu/init.c ++++ b/tools/testing/selftests/wireguard/qemu/init.c +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -67,6 +68,15 @@ static void seed_rng(void) + close(fd); + } + ++static void set_time(void) ++{ ++ if (time(NULL)) ++ return; ++ pretty_message("[+] Setting fake time..."); ++ if (stime(&(time_t){1433512680}) < 0) ++ panic("settimeofday()"); ++} ++ + static void mount_filesystems(void) + { + pretty_message("[+] Mounting filesystems..."); +@@ -256,6 +266,7 @@ int main(int argc, char *argv[]) + print_banner(); + mount_filesystems(); + seed_rng(); ++ set_time(); + kmod_selftests(); + enable_logging(); + clear_leaks(); +-- +2.18.4 + + +From d464ac26e127868e565fbcdff0d3cb048a18be67 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Thu, 7 Jul 2022 02:31:54 +0200 +Subject: [PATCH 156/157] wireguard: selftests: always call kernel makefile + +commit 1a087eec257154e26a81a7a0a15380d7a2431765 upstream. + +These selftests are used for much more extensive changes than just the +wireguard source files. So always call the kernel's build file, which +will do something or nothing after checking the whole tree, per usual. + +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + tools/testing/selftests/wireguard/qemu/Makefile | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/tools/testing/selftests/wireguard/qemu/Makefile b/tools/testing/selftests/wireguard/qemu/Makefile +index 51649cffc06d..8e053d0a3560 100644 +--- a/tools/testing/selftests/wireguard/qemu/Makefile ++++ b/tools/testing/selftests/wireguard/qemu/Makefile +@@ -19,8 +19,6 @@ endif + MIRROR := https://download.wireguard.com/qemu-test/distfiles/ + + KERNEL_BUILD_PATH := $(BUILD_PATH)/kernel$(if $(findstring yes,$(DEBUG_KERNEL)),-debug) +-rwildcard=$(foreach d,$(wildcard $1*),$(call rwildcard,$d/,$2) $(filter $(subst *,%,$2),$d)) +-WIREGUARD_SOURCES := $(call rwildcard,$(KERNEL_PATH)/drivers/net/wireguard/,*) + + default: qemu + +@@ -302,8 +300,9 @@ $(KERNEL_BUILD_PATH)/.config: $(TOOLCHAIN_PATH)/.installed kernel.config arch/$( + cd $(KERNEL_BUILD_PATH) && ARCH=$(KERNEL_ARCH) $(KERNEL_PATH)/scripts/kconfig/merge_config.sh -n $(KERNEL_BUILD_PATH)/.config $(KERNEL_BUILD_PATH)/minimal.config + $(if $(findstring yes,$(DEBUG_KERNEL)),cp debug.config $(KERNEL_BUILD_PATH) && cd $(KERNEL_BUILD_PATH) && ARCH=$(KERNEL_ARCH) $(KERNEL_PATH)/scripts/kconfig/merge_config.sh -n $(KERNEL_BUILD_PATH)/.config debug.config,) + +-$(KERNEL_BZIMAGE): $(TOOLCHAIN_PATH)/.installed $(KERNEL_BUILD_PATH)/.config $(BUILD_PATH)/init-cpio-spec.txt $(IPERF_PATH)/src/iperf3 $(IPUTILS_PATH)/ping $(BASH_PATH)/bash $(IPROUTE2_PATH)/misc/ss $(IPROUTE2_PATH)/ip/ip $(IPTABLES_PATH)/iptables/xtables-legacy-multi $(NMAP_PATH)/ncat/ncat $(WIREGUARD_TOOLS_PATH)/src/wg $(BUILD_PATH)/init ../netns.sh $(WIREGUARD_SOURCES) ++$(KERNEL_BZIMAGE): $(TOOLCHAIN_PATH)/.installed $(KERNEL_BUILD_PATH)/.config $(BUILD_PATH)/init-cpio-spec.txt $(IPERF_PATH)/src/iperf3 $(IPUTILS_PATH)/ping $(BASH_PATH)/bash $(IPROUTE2_PATH)/misc/ss $(IPROUTE2_PATH)/ip/ip $(IPTABLES_PATH)/iptables/xtables-legacy-multi $(NMAP_PATH)/ncat/ncat $(WIREGUARD_TOOLS_PATH)/src/wg $(BUILD_PATH)/init + $(MAKE) -C $(KERNEL_PATH) O=$(KERNEL_BUILD_PATH) ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(CROSS_COMPILE) ++.PHONY: $(KERNEL_BZIMAGE) + + $(TOOLCHAIN_PATH)/$(CHOST)/include/linux/.installed: | $(KERNEL_BUILD_PATH)/.config $(TOOLCHAIN_PATH)/.installed + rm -rf $(TOOLCHAIN_PATH)/$(CHOST)/include/linux +-- +2.18.4 + + +From 75b996084918a6c2877ccb4808ecf715c6cfb438 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Thu, 7 Jul 2022 02:31:55 +0200 +Subject: [PATCH 157/157] wireguard: selftests: use microvm on x86 + +commit b83fdcd9fb8ad7e59f4188ba9ec221917f463a17 upstream. + +This makes for faster tests, faster compile time, and allows us to ditch +ACPI finally. + +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + tools/testing/selftests/wireguard/qemu/Makefile | 12 ++++++------ + .../selftests/wireguard/qemu/arch/i686.config | 7 +++++-- + .../selftests/wireguard/qemu/arch/x86_64.config | 7 +++++-- + 3 files changed, 16 insertions(+), 10 deletions(-) + +diff --git a/tools/testing/selftests/wireguard/qemu/Makefile b/tools/testing/selftests/wireguard/qemu/Makefile +index 8e053d0a3560..72a94053764d 100644 +--- a/tools/testing/selftests/wireguard/qemu/Makefile ++++ b/tools/testing/selftests/wireguard/qemu/Makefile +@@ -107,22 +107,22 @@ CHOST := x86_64-linux-musl + QEMU_ARCH := x86_64 + KERNEL_ARCH := x86_64 + KERNEL_BZIMAGE := $(KERNEL_BUILD_PATH)/arch/x86/boot/bzImage ++QEMU_VPORT_RESULT := virtio-serial-device + ifeq ($(HOST_ARCH),$(ARCH)) +-QEMU_MACHINE := -cpu host -machine q35,accel=kvm ++QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off -no-acpi + else +-QEMU_MACHINE := -cpu Skylake-Server -machine q35 +-CFLAGS += -march=skylake-avx512 ++QEMU_MACHINE := -cpu max -machine microvm -no-acpi + endif + else ifeq ($(ARCH),i686) + CHOST := i686-linux-musl + QEMU_ARCH := i386 + KERNEL_ARCH := x86 + KERNEL_BZIMAGE := $(KERNEL_BUILD_PATH)/arch/x86/boot/bzImage ++QEMU_VPORT_RESULT := virtio-serial-device + ifeq ($(subst x86_64,i686,$(HOST_ARCH)),$(ARCH)) +-QEMU_MACHINE := -cpu host -machine q35,accel=kvm ++QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off -no-acpi + else +-QEMU_MACHINE := -cpu coreduo -machine q35 +-CFLAGS += -march=prescott ++QEMU_MACHINE := -cpu coreduo -machine microvm -no-acpi + endif + else ifeq ($(ARCH),mips64) + CHOST := mips64-linux-musl +diff --git a/tools/testing/selftests/wireguard/qemu/arch/i686.config b/tools/testing/selftests/wireguard/qemu/arch/i686.config +index cd864b9be6fb..35b06502606f 100644 +--- a/tools/testing/selftests/wireguard/qemu/arch/i686.config ++++ b/tools/testing/selftests/wireguard/qemu/arch/i686.config +@@ -1,7 +1,10 @@ +-CONFIG_ACPI=y + CONFIG_SERIAL_8250=y + CONFIG_SERIAL_8250_CONSOLE=y ++CONFIG_VIRTIO_MENU=y ++CONFIG_VIRTIO_MMIO=y ++CONFIG_VIRTIO_CONSOLE=y ++CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y + CONFIG_COMPAT_32BIT_TIME=y + CONFIG_CMDLINE_BOOL=y +-CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1 panic_on_warn=1" ++CONFIG_CMDLINE="console=ttyS0 wg.success=vport0p1 panic_on_warn=1 reboot=t" + CONFIG_FRAME_WARN=1024 +diff --git a/tools/testing/selftests/wireguard/qemu/arch/x86_64.config b/tools/testing/selftests/wireguard/qemu/arch/x86_64.config +index efa00693e08b..cf2d1376d121 100644 +--- a/tools/testing/selftests/wireguard/qemu/arch/x86_64.config ++++ b/tools/testing/selftests/wireguard/qemu/arch/x86_64.config +@@ -1,6 +1,9 @@ +-CONFIG_ACPI=y + CONFIG_SERIAL_8250=y + CONFIG_SERIAL_8250_CONSOLE=y ++CONFIG_VIRTIO_MENU=y ++CONFIG_VIRTIO_MMIO=y ++CONFIG_VIRTIO_CONSOLE=y ++CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y + CONFIG_CMDLINE_BOOL=y +-CONFIG_CMDLINE="console=ttyS0 wg.success=ttyS1 panic_on_warn=1" ++CONFIG_CMDLINE="console=ttyS0 wg.success=vport0p1 panic_on_warn=1 reboot=t" + CONFIG_FRAME_WARN=1280 +-- +2.18.4 + diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index f8c697b..f0d0f48 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -89,7 +89,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 199 +%define stable_update 206 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -3009,6 +3009,9 @@ fi # # %changelog +* Sat Jul 16 2022 Pablo Greco - 5.4.206-200 +- Update to version v5.4.206 + * Sun Jun 19 2022 Pablo Greco - 5.4.199-200 - Update to version v5.4.199