Lines Matching +full:conv +full:- +full:period
3 * Based on NIST Recommended DRBG from NIST SP800-90A with the following
5 * * CTR DRBG with DF with AES-128, AES-192, AES-256 cores
6 * * Hash DRBG with DF with SHA-1, SHA-256, SHA-384, SHA-512 cores
7 * * HMAC DRBG with DF with SHA-1, SHA-256, SHA-384, SHA-512 cores
29 * the restrictions contained in a BSD-style copyright.)
46 * The SP 800-90A DRBG allows the user to specify a personalization string
52 * ---------------------------------
63 * -------------------------------------------------------
68 * char personalization[11] = "some-string";
72 * // The reset completely re-initializes the DRBG with the provided
80 * ---------------------------------------------------------------------
84 * char addtl_string[11] = "some-string";
96 * -------------------------------------------------------------
116 * HMAC-SHA512 / SHA256 / AES 256 over other ciphers. Thus, the
192 * Return strength of DRBG according to SP800-90A section 8.4
214 * FIPS 140-2 continuous self test for the noise source
222 * drbg->drbg_mutex must have been taken.
229 * -EAGAIN on when the CTRNG is not yet primed
235 unsigned short entropylen = drbg_sec_strength(drbg->core->flags); in drbg_fips_continuous_test()
242 if (list_empty(&drbg->test_data.list)) in drbg_fips_continuous_test()
248 if (!drbg->fips_primed) { in drbg_fips_continuous_test()
250 memcpy(drbg->prev, entropy, entropylen); in drbg_fips_continuous_test()
251 drbg->fips_primed = true; in drbg_fips_continuous_test()
253 return -EAGAIN; in drbg_fips_continuous_test()
255 ret = memcmp(drbg->prev, entropy, entropylen); in drbg_fips_continuous_test()
258 memcpy(drbg->prev, entropy, entropylen); in drbg_fips_continuous_test()
266 * The byte representation is big-endian
269 * @buf buffer holding the converted integer -- caller must ensure that
276 __be32 conv; in drbg_cpu_to_be32() member
280 conversion->conv = cpu_to_be32(val); in drbg_cpu_to_be32()
323 const unsigned char *pos = curr->buf; in drbg_ctr_bcc()
324 size_t len = curr->len; in drbg_ctr_bcc()
337 len--; in drbg_ctr_bcc()
353 * start: drbg->scratchpad
356 * blocklen-wise. Now, when the statelen is not a multiple
361 * start: drbg->scratchpad +
391 int ret = -EFAULT; in drbg_ctr_df()
417 /* 10.4.2 step 1 is implicit as we work byte-wise */ in drbg_ctr_df()
421 return -EINVAL; in drbg_ctr_df()
423 /* 10.4.2 step 2 -- calculate the entire length of all input data */ in drbg_ctr_df()
425 inputlen += seed->len; in drbg_ctr_df()
435 padlen = drbg_blocklen(drbg) - padlen; in drbg_ctr_df()
444 /* 10.4.2 step 4 -- first fill the linked list and then order it */ in drbg_ctr_df()
456 * 10.4.2 step 9.1 - the padding is implicit as the buffer in drbg_ctr_df()
457 * holds zeros after allocation -- even the increment of i in drbg_ctr_df()
461 /* 10.4.2 step 9.2 -- BCC and concatenation with temp */ in drbg_ctr_df()
489 (bytes_to_return - generated_len)) ? in drbg_ctr_df()
491 (bytes_to_return - generated_len); in drbg_ctr_df()
524 int ret = -EFAULT; in drbg_ctr_update()
526 unsigned char *temp = drbg->scratchpad; in drbg_ctr_update()
527 unsigned char *df_data = drbg->scratchpad + drbg_statelen(drbg) + in drbg_ctr_update()
537 * but SP800-90A requires that the counter is incremented before in drbg_ctr_update()
541 crypto_inc(drbg->V, drbg_blocklen(drbg)); in drbg_ctr_update()
543 ret = crypto_skcipher_setkey(drbg->ctr_handle, drbg->C, in drbg_ctr_update()
562 ret = crypto_skcipher_setkey(drbg->ctr_handle, temp, in drbg_ctr_update()
567 memcpy(drbg->V, temp + drbg_keylen(drbg), drbg_blocklen(drbg)); in drbg_ctr_update()
569 crypto_inc(drbg->V, drbg_blocklen(drbg)); in drbg_ctr_update()
645 int ret = -EFAULT; in drbg_hmac_update()
652 /* 10.1.2.3 step 2 -- memset(0) of C is implicit with kzalloc */ in drbg_hmac_update()
653 memset(drbg->V, 1, drbg_statelen(drbg)); in drbg_hmac_update()
654 drbg_kcapi_hmacsetkey(drbg, drbg->C); in drbg_hmac_update()
657 drbg_string_fill(&seed1, drbg->V, drbg_statelen(drbg)); in drbg_hmac_update()
666 drbg_string_fill(&vdata, drbg->V, drbg_statelen(drbg)); in drbg_hmac_update()
668 for (i = 2; 0 < i; i--) { in drbg_hmac_update()
673 /* 10.1.2.2 step 1 and 4 -- concatenation and HMAC for key */ in drbg_hmac_update()
675 ret = drbg_kcapi_hash(drbg, drbg->C, &seedlist); in drbg_hmac_update()
678 drbg_kcapi_hmacsetkey(drbg, drbg->C); in drbg_hmac_update()
680 /* 10.1.2.2 step 2 and 5 -- HMAC for V */ in drbg_hmac_update()
681 ret = drbg_kcapi_hash(drbg, drbg->V, &vdatalist); in drbg_hmac_update()
711 drbg_string_fill(&data, drbg->V, drbg_statelen(drbg)); in drbg_hmac_generate()
716 ret = drbg_kcapi_hash(drbg, drbg->V, &datalist); in drbg_hmac_generate()
719 outlen = (drbg_blocklen(drbg) < (buflen - len)) ? in drbg_hmac_generate()
720 drbg_blocklen(drbg) : (buflen - len); in drbg_hmac_generate()
723 memcpy(buf + len, drbg->V, outlen); in drbg_hmac_generate()
774 dstptr = dst + (dstlen-1); in drbg_add_buf()
775 addptr = add + (addlen-1); in drbg_add_buf()
780 len--; dstptr--; addptr--; in drbg_add_buf()
782 len = dstlen - addlen; in drbg_add_buf()
787 len--; dstptr--; in drbg_add_buf()
795 * start: drbg->scratchpad
798 * start: drbg->scratchpad + drbg_statelen(drbg)
814 unsigned char *tmp = drbg->scratchpad + drbg_statelen(drbg); in drbg_hash_df()
821 /* 10.4.1 step 4.1 -- concatenation of data for input into hash */ in drbg_hash_df()
834 blocklen = (drbg_blocklen(drbg) < (outlen - len)) ? in drbg_hash_df()
835 drbg_blocklen(drbg) : (outlen - len); in drbg_hash_df()
853 unsigned char *V = drbg->scratchpad; in drbg_hash_update()
857 return -EINVAL; in drbg_hash_update()
861 memcpy(V, drbg->V, drbg_statelen(drbg)); in drbg_hash_update()
870 ret = drbg_hash_df(drbg, drbg->V, drbg_statelen(drbg), &datalist); in drbg_hash_update()
878 drbg_string_fill(&data2, drbg->V, drbg_statelen(drbg)); in drbg_hash_update()
881 ret = drbg_hash_df(drbg, drbg->C, drbg_statelen(drbg), &datalist2); in drbg_hash_update()
884 memset(drbg->scratchpad, 0, drbg_statelen(drbg)); in drbg_hash_update()
903 drbg_string_fill(&data2, drbg->V, drbg_statelen(drbg)); in drbg_hash_process_addtl()
907 ret = drbg_kcapi_hash(drbg, drbg->scratchpad, &datalist); in drbg_hash_process_addtl()
912 drbg_add_buf(drbg->V, drbg_statelen(drbg), in drbg_hash_process_addtl()
913 drbg->scratchpad, drbg_blocklen(drbg)); in drbg_hash_process_addtl()
916 memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); in drbg_hash_process_addtl()
927 unsigned char *src = drbg->scratchpad; in drbg_hash_hashgen()
928 unsigned char *dst = drbg->scratchpad + drbg_statelen(drbg); in drbg_hash_hashgen()
933 memcpy(src, drbg->V, drbg_statelen(drbg)); in drbg_hash_hashgen()
945 outlen = (drbg_blocklen(drbg) < (buflen - len)) ? in drbg_hash_hashgen()
946 drbg_blocklen(drbg) : (buflen - len); in drbg_hash_hashgen()
956 memset(drbg->scratchpad, 0, in drbg_hash_hashgen()
987 drbg_string_fill(&data2, drbg->V, drbg_statelen(drbg)); in drbg_hash_generate()
989 ret = drbg_kcapi_hash(drbg, drbg->scratchpad, &datalist); in drbg_hash_generate()
996 drbg_add_buf(drbg->V, drbg_statelen(drbg), in drbg_hash_generate()
997 drbg->scratchpad, drbg_blocklen(drbg)); in drbg_hash_generate()
998 drbg_add_buf(drbg->V, drbg_statelen(drbg), in drbg_hash_generate()
999 drbg->C, drbg_statelen(drbg)); in drbg_hash_generate()
1000 u.req_int = cpu_to_be64(drbg->reseed_ctr); in drbg_hash_generate()
1001 drbg_add_buf(drbg->V, drbg_statelen(drbg), u.req, 8); in drbg_hash_generate()
1004 memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); in drbg_hash_generate()
1027 int ret = drbg->d_ops->update(drbg, seed, reseed); in __drbg_seed()
1032 drbg->seeded = new_seed_state; in __drbg_seed()
1033 drbg->last_seed_time = jiffies; in __drbg_seed()
1035 drbg->reseed_ctr = 1; in __drbg_seed()
1037 switch (drbg->seeded) { in __drbg_seed()
1046 drbg->reseed_threshold = 50; in __drbg_seed()
1054 drbg->reseed_threshold = drbg_max_requests(drbg); in __drbg_seed()
1070 if (ret && ret != -EAGAIN) in drbg_get_random_bytes()
1081 unsigned int entropylen = drbg_sec_strength(drbg->core->flags); in drbg_seed_from_random()
1107 if (list_empty(&drbg->test_data.list)) in drbg_nopr_reseed_interval_elapsed()
1114 * that the period of 300s has been chosen to match the in drbg_nopr_reseed_interval_elapsed()
1118 next_reseed = drbg->last_seed_time + 300 * HZ; in drbg_nopr_reseed_interval_elapsed()
1138 unsigned int entropylen = drbg_sec_strength(drbg->core->flags); in drbg_seed()
1144 if (pers && pers->len > (drbg_max_addtl(drbg))) { in drbg_seed()
1146 pers->len); in drbg_seed()
1147 return -EINVAL; in drbg_seed()
1150 if (list_empty(&drbg->test_data.list)) { in drbg_seed()
1151 drbg_string_fill(&data1, drbg->test_data.buf, in drbg_seed()
1152 drbg->test_data.len); in drbg_seed()
1168 /* Get seed from in-kernel /dev/urandom */ in drbg_seed()
1176 if (!drbg->jent) { in drbg_seed()
1185 ret = crypto_rng_get_bytes(drbg->jent, in drbg_seed()
1198 * SP800-90A allowing us to treat the in drbg_seed()
1205 if (!reseed || ret != -EAGAIN) in drbg_seed()
1221 if (pers && pers->buf && 0 < pers->len) { in drbg_seed()
1222 list_add_tail(&pers->list, &seedlist); in drbg_seed()
1227 memset(drbg->V, 0, drbg_statelen(drbg)); in drbg_seed()
1228 memset(drbg->C, 0, drbg_statelen(drbg)); in drbg_seed()
1244 kfree_sensitive(drbg->Vbuf); in drbg_dealloc_state()
1245 drbg->Vbuf = NULL; in drbg_dealloc_state()
1246 drbg->V = NULL; in drbg_dealloc_state()
1247 kfree_sensitive(drbg->Cbuf); in drbg_dealloc_state()
1248 drbg->Cbuf = NULL; in drbg_dealloc_state()
1249 drbg->C = NULL; in drbg_dealloc_state()
1250 kfree_sensitive(drbg->scratchpadbuf); in drbg_dealloc_state()
1251 drbg->scratchpadbuf = NULL; in drbg_dealloc_state()
1252 drbg->reseed_ctr = 0; in drbg_dealloc_state()
1253 drbg->d_ops = NULL; in drbg_dealloc_state()
1254 drbg->core = NULL; in drbg_dealloc_state()
1256 kfree_sensitive(drbg->prev); in drbg_dealloc_state()
1257 drbg->prev = NULL; in drbg_dealloc_state()
1258 drbg->fips_primed = false; in drbg_dealloc_state()
1263 * Allocate all sub-structures for a DRBG state.
1268 int ret = -ENOMEM; in drbg_alloc_state()
1271 switch (drbg->core->flags & DRBG_TYPE_MASK) { in drbg_alloc_state()
1274 drbg->d_ops = &drbg_hmac_ops; in drbg_alloc_state()
1279 drbg->d_ops = &drbg_hash_ops; in drbg_alloc_state()
1284 drbg->d_ops = &drbg_ctr_ops; in drbg_alloc_state()
1288 ret = -EOPNOTSUPP; in drbg_alloc_state()
1292 ret = drbg->d_ops->crypto_init(drbg); in drbg_alloc_state()
1296 drbg->Vbuf = kmalloc(drbg_statelen(drbg) + ret, GFP_KERNEL); in drbg_alloc_state()
1297 if (!drbg->Vbuf) { in drbg_alloc_state()
1298 ret = -ENOMEM; in drbg_alloc_state()
1301 drbg->V = PTR_ALIGN(drbg->Vbuf, ret + 1); in drbg_alloc_state()
1302 drbg->Cbuf = kmalloc(drbg_statelen(drbg) + ret, GFP_KERNEL); in drbg_alloc_state()
1303 if (!drbg->Cbuf) { in drbg_alloc_state()
1304 ret = -ENOMEM; in drbg_alloc_state()
1307 drbg->C = PTR_ALIGN(drbg->Cbuf, ret + 1); in drbg_alloc_state()
1309 if (drbg->core->flags & DRBG_HMAC) in drbg_alloc_state()
1311 else if (drbg->core->flags & DRBG_CTR) in drbg_alloc_state()
1321 drbg->scratchpadbuf = kzalloc(sb_size + ret, GFP_KERNEL); in drbg_alloc_state()
1322 if (!drbg->scratchpadbuf) { in drbg_alloc_state()
1323 ret = -ENOMEM; in drbg_alloc_state()
1326 drbg->scratchpad = PTR_ALIGN(drbg->scratchpadbuf, ret + 1); in drbg_alloc_state()
1330 drbg->prev = kzalloc(drbg_sec_strength(drbg->core->flags), in drbg_alloc_state()
1332 if (!drbg->prev) { in drbg_alloc_state()
1333 ret = -ENOMEM; in drbg_alloc_state()
1336 drbg->fips_primed = false; in drbg_alloc_state()
1342 drbg->d_ops->crypto_fini(drbg); in drbg_alloc_state()
1353 * DRBG generate function as required by SP800-90A - this function
1357 * @buf Buffer where to store the random numbers -- the buffer must already
1358 * be pre-allocated by caller
1359 * @buflen Length of output buffer - this value defines the number of random
1361 * @addtl Additional input that is mixed into state, may be NULL -- note
1363 * as defined in SP800-90A. The additional input is mixed into
1375 if (!drbg->core) { in drbg_generate()
1377 return -EINVAL; in drbg_generate()
1381 return -EINVAL; in drbg_generate()
1383 if (addtl && NULL == addtl->buf && 0 < addtl->len) { in drbg_generate()
1385 return -EINVAL; in drbg_generate()
1389 len = -EINVAL; in drbg_generate()
1399 if (addtl && addtl->len > (drbg_max_addtl(drbg))) { in drbg_generate()
1401 addtl->len); in drbg_generate()
1410 if (drbg->reseed_threshold < drbg->reseed_ctr) in drbg_generate()
1411 drbg->seeded = DRBG_SEED_STATE_UNSEEDED; in drbg_generate()
1413 if (drbg->pr || drbg->seeded == DRBG_SEED_STATE_UNSEEDED) { in drbg_generate()
1416 str_true_false(drbg->pr), in drbg_generate()
1417 (drbg->seeded == DRBG_SEED_STATE_FULL ? in drbg_generate()
1426 (drbg->seeded == DRBG_SEED_STATE_PARTIAL || in drbg_generate()
1433 if (addtl && 0 < addtl->len) in drbg_generate()
1434 list_add_tail(&addtl->list, &addtllist); in drbg_generate()
1436 len = drbg->d_ops->generate(drbg, buf, buflen, &addtllist); in drbg_generate()
1439 drbg->reseed_ctr++; in drbg_generate()
1444 * Section 11.3.3 requires to re-perform self tests after some in drbg_generate()
1459 if (drbg->reseed_ctr && !(drbg->reseed_ctr % 4096)) { in drbg_generate()
1462 if (drbg->core->flags & DRBG_HMAC) in drbg_generate()
1465 else if (drbg->core->flags & DRBG_CTR) in drbg_generate()
1499 * Return codes: see drbg_generate -- if one drbg_generate request fails,
1511 slice = ((buflen - len) / drbg_max_request_bytes(drbg)); in drbg_generate_long()
1512 chunk = slice ? drbg_max_request_bytes(drbg) : (buflen - len); in drbg_generate_long()
1513 mutex_lock(&drbg->drbg_mutex); in drbg_generate_long()
1515 mutex_unlock(&drbg->drbg_mutex); in drbg_generate_long()
1526 if (list_empty(&drbg->test_data.list)) in drbg_prepare_hrng()
1529 drbg->jent = crypto_alloc_rng("jitterentropy_rng", 0, 0); in drbg_prepare_hrng()
1530 if (IS_ERR(drbg->jent)) { in drbg_prepare_hrng()
1531 const int err = PTR_ERR(drbg->jent); in drbg_prepare_hrng()
1533 drbg->jent = NULL; in drbg_prepare_hrng()
1543 * DRBG instantiation function as required by SP800-90A - this function
1545 * checks required by SP800-90A
1547 * @drbg memory of state -- if NULL, new memory is allocated
1548 * @pers Personalization string that is mixed into state, may be NULL -- note
1550 * as defined in SP800-90A. The additional input is mixed into
1567 mutex_lock(&drbg->drbg_mutex); in drbg_instantiate()
1573 * and the flag is copied into drbg->flags -- in drbg_instantiate()
1579 if (!drbg->core) { in drbg_instantiate()
1580 drbg->core = &drbg_cores[coreref]; in drbg_instantiate()
1581 drbg->pr = pr; in drbg_instantiate()
1582 drbg->seeded = DRBG_SEED_STATE_UNSEEDED; in drbg_instantiate()
1583 drbg->last_seed_time = 0; in drbg_instantiate()
1584 drbg->reseed_threshold = drbg_max_requests(drbg); in drbg_instantiate()
1602 mutex_unlock(&drbg->drbg_mutex); in drbg_instantiate()
1606 mutex_unlock(&drbg->drbg_mutex); in drbg_instantiate()
1610 mutex_unlock(&drbg->drbg_mutex); in drbg_instantiate()
1616 * DRBG uninstantiate function as required by SP800-90A - this function
1626 if (!IS_ERR_OR_NULL(drbg->jent)) in drbg_uninstantiate()
1627 crypto_free_rng(drbg->jent); in drbg_uninstantiate()
1628 drbg->jent = NULL; in drbg_uninstantiate()
1630 if (drbg->d_ops) in drbg_uninstantiate()
1631 drbg->d_ops->crypto_fini(drbg); in drbg_uninstantiate()
1633 /* no scrubbing of test_data -- this shall survive an uninstantiate */ in drbg_uninstantiate()
1649 mutex_lock(&drbg->drbg_mutex); in drbg_kcapi_set_entropy()
1650 drbg_string_fill(&drbg->test_data, data, len); in drbg_kcapi_set_entropy()
1651 mutex_unlock(&drbg->drbg_mutex); in drbg_kcapi_set_entropy()
1669 tfm = crypto_alloc_shash(drbg->core->backend_cra_name, 0, 0); in drbg_init_hash_kernel()
1672 drbg->core->backend_cra_name); in drbg_init_hash_kernel()
1680 return -ENOMEM; in drbg_init_hash_kernel()
1683 sdesc->shash.tfm = tfm; in drbg_init_hash_kernel()
1684 drbg->priv_data = sdesc; in drbg_init_hash_kernel()
1691 struct sdesc *sdesc = drbg->priv_data; in drbg_fini_hash_kernel()
1693 crypto_free_shash(sdesc->shash.tfm); in drbg_fini_hash_kernel()
1696 drbg->priv_data = NULL; in drbg_fini_hash_kernel()
1703 struct sdesc *sdesc = drbg->priv_data; in drbg_kcapi_hmacsetkey()
1705 crypto_shash_setkey(sdesc->shash.tfm, key, drbg_statelen(drbg)); in drbg_kcapi_hmacsetkey()
1711 struct sdesc *sdesc = drbg->priv_data; in drbg_kcapi_hash()
1714 crypto_shash_init(&sdesc->shash); in drbg_kcapi_hash()
1716 crypto_shash_update(&sdesc->shash, input->buf, input->len); in drbg_kcapi_hash()
1717 return crypto_shash_final(&sdesc->shash, outval); in drbg_kcapi_hash()
1725 (struct crypto_cipher *)drbg->priv_data; in drbg_fini_sym_kernel()
1728 drbg->priv_data = NULL; in drbg_fini_sym_kernel()
1730 if (drbg->ctr_handle) in drbg_fini_sym_kernel()
1731 crypto_free_skcipher(drbg->ctr_handle); in drbg_fini_sym_kernel()
1732 drbg->ctr_handle = NULL; in drbg_fini_sym_kernel()
1734 if (drbg->ctr_req) in drbg_fini_sym_kernel()
1735 skcipher_request_free(drbg->ctr_req); in drbg_fini_sym_kernel()
1736 drbg->ctr_req = NULL; in drbg_fini_sym_kernel()
1738 kfree(drbg->outscratchpadbuf); in drbg_fini_sym_kernel()
1739 drbg->outscratchpadbuf = NULL; in drbg_fini_sym_kernel()
1752 tfm = crypto_alloc_cipher(drbg->core->backend_cra_name, 0, 0); in drbg_init_sym_kernel()
1755 drbg->core->backend_cra_name); in drbg_init_sym_kernel()
1759 drbg->priv_data = tfm; in drbg_init_sym_kernel()
1762 drbg->core->backend_cra_name) >= CRYPTO_MAX_ALG_NAME) { in drbg_init_sym_kernel()
1764 return -EINVAL; in drbg_init_sym_kernel()
1773 drbg->ctr_handle = sk_tfm; in drbg_init_sym_kernel()
1774 crypto_init_wait(&drbg->ctr_wait); in drbg_init_sym_kernel()
1780 return -ENOMEM; in drbg_init_sym_kernel()
1782 drbg->ctr_req = req; in drbg_init_sym_kernel()
1785 crypto_req_done, &drbg->ctr_wait); in drbg_init_sym_kernel()
1788 drbg->outscratchpadbuf = kmalloc(DRBG_OUTSCRATCHLEN + alignmask, in drbg_init_sym_kernel()
1790 if (!drbg->outscratchpadbuf) { in drbg_init_sym_kernel()
1792 return -ENOMEM; in drbg_init_sym_kernel()
1794 drbg->outscratchpad = (u8 *)PTR_ALIGN(drbg->outscratchpadbuf, in drbg_init_sym_kernel()
1797 sg_init_table(&drbg->sg_in, 1); in drbg_init_sym_kernel()
1798 sg_init_one(&drbg->sg_out, drbg->outscratchpad, DRBG_OUTSCRATCHLEN); in drbg_init_sym_kernel()
1806 struct crypto_cipher *tfm = drbg->priv_data; in drbg_kcapi_symsetkey()
1814 struct crypto_cipher *tfm = drbg->priv_data; in drbg_kcapi_sym()
1817 BUG_ON(in->len < drbg_blocklen(drbg)); in drbg_kcapi_sym()
1818 crypto_cipher_encrypt_one(tfm, outval, in->buf); in drbg_kcapi_sym()
1826 struct scatterlist *sg_in = &drbg->sg_in, *sg_out = &drbg->sg_out; in drbg_kcapi_sym_ctr()
1831 /* Use caller-provided input buffer */ in drbg_kcapi_sym_ctr()
1834 /* Use scratchpad for in-place operation */ in drbg_kcapi_sym_ctr()
1836 memset(drbg->outscratchpad, 0, scratchpad_use); in drbg_kcapi_sym_ctr()
1837 sg_set_buf(sg_in, drbg->outscratchpad, scratchpad_use); in drbg_kcapi_sym_ctr()
1844 skcipher_request_set_crypt(drbg->ctr_req, sg_in, sg_out, in drbg_kcapi_sym_ctr()
1845 cryptlen, drbg->V); in drbg_kcapi_sym_ctr()
1846 ret = crypto_wait_req(crypto_skcipher_encrypt(drbg->ctr_req), in drbg_kcapi_sym_ctr()
1847 &drbg->ctr_wait); in drbg_kcapi_sym_ctr()
1851 crypto_init_wait(&drbg->ctr_wait); in drbg_kcapi_sym_ctr()
1853 memcpy(outbuf, drbg->outscratchpad, cryptlen); in drbg_kcapi_sym_ctr()
1854 memzero_explicit(drbg->outscratchpad, cryptlen); in drbg_kcapi_sym_ctr()
1856 outlen -= cryptlen; in drbg_kcapi_sym_ctr()
1900 len = strlen(cra_driver_name) - start; in drbg_convert_tfm_core()
1914 mutex_init(&drbg->drbg_mutex); in drbg_kcapi_init()
1994 int rc = -EFAULT; in drbg_healthcheck_sanity()
2016 return -ENOMEM; in drbg_healthcheck_sanity()
2018 mutex_init(&drbg->drbg_mutex); in drbg_healthcheck_sanity()
2019 drbg->core = &drbg_cores[coreref]; in drbg_healthcheck_sanity()
2020 drbg->reseed_threshold = drbg_max_requests(drbg); in drbg_healthcheck_sanity()
2025 * string lengths -- in case the error handling does not succeed in drbg_healthcheck_sanity()
2066 memcpy(alg->base.cra_name, "stdrng", 6); in drbg_fill_array()
2068 memcpy(alg->base.cra_driver_name, "drbg_pr_", 8); in drbg_fill_array()
2071 memcpy(alg->base.cra_driver_name, "drbg_nopr_", 10); in drbg_fill_array()
2074 memcpy(alg->base.cra_driver_name + pos, core->cra_name, in drbg_fill_array()
2075 strlen(core->cra_name)); in drbg_fill_array()
2077 alg->base.cra_priority = priority; in drbg_fill_array()
2085 alg->base.cra_priority += 200; in drbg_fill_array()
2087 alg->base.cra_ctxsize = sizeof(struct drbg_state); in drbg_fill_array()
2088 alg->base.cra_module = THIS_MODULE; in drbg_fill_array()
2089 alg->base.cra_init = drbg_kcapi_init; in drbg_fill_array()
2090 alg->base.cra_exit = drbg_kcapi_cleanup; in drbg_fill_array()
2091 alg->generate = drbg_kcapi_random; in drbg_fill_array()
2092 alg->seed = drbg_kcapi_seed; in drbg_fill_array()
2093 alg->set_ent = drbg_kcapi_set_entropy; in drbg_fill_array()
2094 alg->seedsize = 0; in drbg_fill_array()
2111 return -EFAULT; in drbg_init()
2148 MODULE_DESCRIPTION("NIST SP800-90A Deterministic Random Bit Generator (DRBG) "