platform/kernel/linux-starfive.git
9 years agomac802154: Switch to new AEAD interface
Herbert Xu [Wed, 27 May 2015 08:03:48 +0000 (16:03 +0800)]
mac802154: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoesp6: Switch to new AEAD interface
Herbert Xu [Wed, 27 May 2015 08:03:47 +0000 (16:03 +0800)]
esp6: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.  The
IV generation is also now carried out through normal AEAD methods.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoesp4: Switch to new AEAD interface
Herbert Xu [Wed, 27 May 2015 08:03:46 +0000 (16:03 +0800)]
esp4: Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.  The
IV generation is also now carried out through normal AEAD methods.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoipsec: Add IV generator information to xfrm_state
Herbert Xu [Wed, 27 May 2015 08:03:45 +0000 (16:03 +0800)]
ipsec: Add IV generator information to xfrm_state

This patch adds IV generator information to xfrm_state.  This
is currently obtained from our own list of algorithm descriptions.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoxfrm: Add IV generator information to xfrm_algo_desc
Herbert Xu [Wed, 27 May 2015 08:03:44 +0000 (16:03 +0800)]
xfrm: Add IV generator information to xfrm_algo_desc

This patch adds IV generator information for each AEAD and block
cipher to xfrm_algo_desc.  This will be used to access the new
AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: testmgr - Switch to new AEAD interface
Herbert Xu [Wed, 27 May 2015 08:03:43 +0000 (16:03 +0800)]
crypto: testmgr - Switch to new AEAD interface

This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: seqiv - Fix module unload/reload crash
Herbert Xu [Wed, 27 May 2015 06:37:40 +0000 (14:37 +0800)]
crypto: seqiv - Fix module unload/reload crash

On module unload we weren't unregistering the seqniv template,
thus leading to a crash the next time someone walks the template
list.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: seqiv - Fix IV size in context size calculation
Herbert Xu [Wed, 27 May 2015 06:37:39 +0000 (14:37 +0800)]
crypto: seqiv - Fix IV size in context size calculation

This patch fixes a bug in the context size calculation where we
were still referring to the old cra_aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: seqiv - Use common IV generation code
Herbert Xu [Wed, 27 May 2015 06:37:37 +0000 (14:37 +0800)]
crypto: seqiv - Use common IV generation code

This patch makes use of the new common IV generation code.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: seqiv - Copy AD along with plain/cipher text
Herbert Xu [Wed, 27 May 2015 06:37:36 +0000 (14:37 +0800)]
crypto: seqiv - Copy AD along with plain/cipher text

As the AD does not necessarily exist in the destination buffer
it must be copied along with the plain/cipher text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: echainiv - Fix IV size in context size calculation
Herbert Xu [Wed, 27 May 2015 06:37:34 +0000 (14:37 +0800)]
crypto: echainiv - Fix IV size in context size calculation

This patch fixes a bug in the context size calculation where we
were still referring to the old cra_aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: echainiv - Use common IV generation code
Herbert Xu [Wed, 27 May 2015 06:37:33 +0000 (14:37 +0800)]
crypto: echainiv - Use common IV generation code

This patch makes use of the new common IV generation code.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: echainiv - Copy AD along with plain text
Herbert Xu [Wed, 27 May 2015 06:37:31 +0000 (14:37 +0800)]
crypto: echainiv - Copy AD along with plain text

As the AD does not necessarily exist in the destination buffer
it must be copied along with the plain text.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Add common IV generation code
Herbert Xu [Wed, 27 May 2015 06:37:30 +0000 (14:37 +0800)]
crypto: aead - Add common IV generation code

This patch adds some common IV generation code currently duplicated
by seqiv and echainiv.  For example, the setkey and setauthsize
functions are completely identical.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Preserve in-place processing in old_crypt
Herbert Xu [Wed, 27 May 2015 06:37:29 +0000 (14:37 +0800)]
crypto: aead - Preserve in-place processing in old_crypt

This patch tries to preserve in-place processing in old_crypt as
various algorithms are optimised for in-place processing where
src == dst.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: scatterwalk - Add missing sg_init_table to scatterwalk_ffwd
Herbert Xu [Wed, 27 May 2015 06:37:27 +0000 (14:37 +0800)]
crypto: scatterwalk - Add missing sg_init_table to scatterwalk_ffwd

We need to call sg_init_table as otherwise the first entry may
inadvertently become the last.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Document behaviour of AD in destination buffer
Herbert Xu [Wed, 27 May 2015 06:37:26 +0000 (14:37 +0800)]
crypto: aead - Document behaviour of AD in destination buffer

This patch defines the behaviour of AD in the new interface more
clearly.  In particular, it specifies that if the user must copy
the AD to the destination manually when src != dst if they wish
to guarantee that the destination buffer contains a copy of the
AD.

The reason for this is that otherwise every AEAD implementation
would have to perform such a copy when src != dst.  In reality
most users do in-place processing where src == dst so this is
not an issue.

This patch also kills some remaining references to cryptoff.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Herbert Xu [Thu, 28 May 2015 03:16:41 +0000 (11:16 +0800)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6

Merge the crypto tree for 4.1 to pull in the changeset that disables
algif_aead.

9 years agocrypto: ccp - Remove unused structure field
Tom Lendacky [Tue, 26 May 2015 18:06:30 +0000 (13:06 -0500)]
crypto: ccp - Remove unused structure field

Remove the length field from the ccp_sg_workarea since it is unused.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: ccp - Remove manual check and set of dma_mask pointer
Tom Lendacky [Tue, 26 May 2015 18:06:24 +0000 (13:06 -0500)]
crypto: ccp - Remove manual check and set of dma_mask pointer

The underlying device support will set the device dma_mask pointer
if DMA is set up properly for the device.  Remove the check for and
assignment of dma_mask when it is null. Instead, just error out if
the dma_set_mask_and_coherent function fails because dma_mask is null.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: jitterentropy - add jitterentropy RNG
Stephan Mueller [Mon, 25 May 2015 13:10:20 +0000 (15:10 +0200)]
crypto: jitterentropy - add jitterentropy RNG

The CPU Jitter RNG provides a source of good entropy by
collecting CPU executing time jitter. The entropy in the CPU
execution time jitter is magnified by the CPU Jitter Random
Number Generator. The CPU Jitter Random Number Generator uses
the CPU execution timing jitter to generate a bit stream
which complies with different statistical measurements that
determine the bit stream is random.

The CPU Jitter Random Number Generator delivers entropy which
follows information theoretical requirements. Based on these
studies and the implementation, the caller can assume that
one bit of data extracted from the CPU Jitter Random Number
Generator holds one bit of entropy.

The CPU Jitter Random Number Generator provides a decentralized
source of entropy, i.e. every caller can operate on a private
state of the entropy pool.

The RNG does not have any dependencies on any other service
in the kernel. The RNG only needs a high-resolution time
stamp.

Further design details, the cryptographic assessment and
large array of test results are documented at
http://www.chronox.de/jent.html.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: drbg - use Jitter RNG to obtain seed
Stephan Mueller [Mon, 25 May 2015 13:09:59 +0000 (15:09 +0200)]
crypto: drbg - use Jitter RNG to obtain seed

During initialization, the DRBG now tries to allocate a handle of the
Jitter RNG. If such a Jitter RNG is available during seeding, the DRBG
pulls the required entropy/nonce string from get_random_bytes and
concatenates it with a string of equal size from the Jitter RNG. That
combined string is now the seed for the DRBG.

Written differently, the initial seed of the DRBG is now:

get_random_bytes(entropy/nonce) || jitterentropy (entropy/nonce)

If the Jitter RNG is not available, the DRBG only seeds from
get_random_bytes.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: drbg - add async seeding operation
Stephan Mueller [Mon, 25 May 2015 13:09:36 +0000 (15:09 +0200)]
crypto: drbg - add async seeding operation

The async seeding operation is triggered during initalization right
after the first non-blocking seeding is completed. As required by the
asynchronous operation of random.c, a callback function is provided that
is triggered by random.c once entropy is available. That callback
function performs the actual seeding of the DRBG.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: drbg - prepare for async seeding
Stephan Mueller [Mon, 25 May 2015 13:09:14 +0000 (15:09 +0200)]
crypto: drbg - prepare for async seeding

In order to prepare for the addition of the asynchronous seeding call,
the invocation of seeding the DRBG is moved out into a helper function.

In addition, a block of memory is allocated during initialization time
that will be used as a scratchpad for obtaining entropy. That scratchpad
is used for the initial seeding operation as well as by the
asynchronous seeding call. The memory must be zeroized every time the
DRBG seeding call succeeds to avoid entropy data lingering in memory.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agorandom: Blocking API for accessing nonblocking_pool
Stephan Mueller [Mon, 25 May 2015 13:08:47 +0000 (15:08 +0200)]
random: Blocking API for accessing nonblocking_pool

The added API calls provide a synchronous function call
get_blocking_random_bytes where the caller is blocked until
the nonblocking_pool is initialized.

CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agorandom: Wake up all getrandom(2) callers when pool is ready
Herbert Xu [Thu, 21 May 2015 08:19:54 +0000 (16:19 +0800)]
random: Wake up all getrandom(2) callers when pool is ready

If more than one application invokes getrandom(2) before the pool
is ready, then all bar one will be stuck forever because we use
wake_up_interruptible which wakes up a single task.

This patch replaces it with wake_up_all.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: algif_aead - Disable AEAD user-space for now
Herbert Xu [Tue, 26 May 2015 07:32:42 +0000 (15:32 +0800)]
crypto: algif_aead - Disable AEAD user-space for now

The newly added AEAD user-space isn't quite ready for prime time
just yet.  In particular it is conflicting with the AEAD single
SG list interface change so this patch disables it now.

Once the SG list stuff is completely done we can then renable
this interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Remove unused cryptoff parameter
Herbert Xu [Sat, 23 May 2015 07:41:57 +0000 (15:41 +0800)]
crypto: aead - Remove unused cryptoff parameter

This patch removes the cryptoff parameter now that all users
set it to zero.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: seqiv - Stop using cryptoff
Herbert Xu [Sat, 23 May 2015 07:41:56 +0000 (15:41 +0800)]
crypto: seqiv - Stop using cryptoff

The cryptoff parameter was added to facilitate the skipping of
IVs that sit between the AD and the plain/cipher text.  However,
it was never implemented correctly as and we do not handle users
such as IPsec setting cryptoff.  It is simply ignored.

Implementing correctly is in fact more trouble than what it's
worth.

This patch removes the uses of cryptoff by moving the AD forward
to fill the gap left by the IV.  The AD is moved back after the
underlying AEAD processing is finished.

This is in fact beter than the cryptoff solution because it allows
algorithms that use seqniv (i.e., GCM and CCM) to hash the whole
packet as a single piece, while cryptoff meant that there was
guaranteed to be a gap.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: echainiv - Stop using cryptoff
Herbert Xu [Sat, 23 May 2015 07:41:54 +0000 (15:41 +0800)]
crypto: echainiv - Stop using cryptoff

The cryptoff parameter was added to facilitate the skipping of
IVs that sit between the AD and the plain/cipher text.  However,
it was never implemented correctly as and we do not handle users
such as IPsec setting cryptoff.  It is simply ignored.

Implementing correctly is in fact more trouble than what it's
worth.

This patch removes the uses of cryptoff and simply falls back
to using the old AEAD interface as it's only needed for old AEAD
implementations.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Do not set cra_type for new style instances
Herbert Xu [Sat, 23 May 2015 07:41:53 +0000 (15:41 +0800)]
crypto: aead - Do not set cra_type for new style instances

The function aead_geniv_alloc currently sets cra_type even for
new style instances.  This is unnecessary and may hide bugs such
as when our caller uses crypto_register_instance instead of the
correct aead_register_instance.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: echainiv - Use aead_register_instance
Herbert Xu [Sat, 23 May 2015 07:41:52 +0000 (15:41 +0800)]
crypto: echainiv - Use aead_register_instance

New style AEAD instances must use aead_register_instance.  This
worked by chance because aead_geniv_alloc is still setting things
the old way.

This patch converts the template over to the create model where
we are responsible for instance registration so that we can call
the correct function.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: seqiv - Use aead_register_instance
Herbert Xu [Sat, 23 May 2015 07:41:51 +0000 (15:41 +0800)]
crypto: seqiv - Use aead_register_instance

New style AEAD instances must use aead_register_instance.  This
worked by chance because aead_geniv_alloc is still setting things
the old way.

This patch converts the template over to the create model where
we are responsible for instance registration so that we can call
the correct function.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Use tmpl->create
Herbert Xu [Sat, 23 May 2015 07:41:49 +0000 (15:41 +0800)]
crypto: aead - Use tmpl->create

Newer templates use tmpl->create and have a NULL tmpl->alloc.  So
we must use tmpl->create if it is set.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: skcipher - Use tmpl->create
Herbert Xu [Sat, 23 May 2015 07:41:48 +0000 (15:41 +0800)]
crypto: skcipher - Use tmpl->create

Newer templates use tmpl->create and have a NULL tmpl->alloc.  So
we must use tmpl->create if it is set.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: echainiv - echainiv_read_iv() can be static
Wu Fengguang [Sat, 23 May 2015 03:22:47 +0000 (11:22 +0800)]
crypto: echainiv - echainiv_read_iv() can be static

Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: mv_cesa - request registers memory region
Boris BREZILLON [Fri, 22 May 2015 13:33:47 +0000 (15:33 +0200)]
crypto: mv_cesa - request registers memory region

The mv_cesa driver does not request the CESA registers memory region.
Since we're about to add a new CESA driver, we need to make sure only one
of these drivers probe the CESA device, and requesting the registers memory
region is a good way to achieve that.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: pcrypt - Make tfm_count an atomic_t
Herbert Xu [Fri, 22 May 2015 12:34:22 +0000 (20:34 +0800)]
crypto: pcrypt - Make tfm_count an atomic_t

The variable tfm_count is accessed by multiple threads without
locking.  This patch converts it to an atomic_t.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Add crypto_aead_alg_ivsize/maxauthsize
Herbert Xu [Fri, 22 May 2015 08:30:48 +0000 (16:30 +0800)]
crypto: aead - Add crypto_aead_alg_ivsize/maxauthsize

AEAD algorithm implementors need to figure out a given algorithm's
IV size and maximum authentication size.  During the transition
this is difficult to do as an algorithm could be new style or old
style.

This patch creates two helpers to make this easier.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: testmgr - Added one larger ghash testvector (400 bytes) to the testmgr.
Harald Freudenberger [Thu, 21 May 2015 15:34:31 +0000 (17:34 +0200)]
crypto: testmgr - Added one larger ghash testvector (400 bytes) to the testmgr.

Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: echainiv - Add encrypted chain IV generator
Herbert Xu [Thu, 21 May 2015 07:11:15 +0000 (15:11 +0800)]
crypto: echainiv - Add encrypted chain IV generator

This patch adds a new AEAD IV generator echainiv.  It is intended
to replace the existing skcipher IV generator eseqiv.

If the underlying AEAD algorithm is using the old AEAD interface,
then echainiv will simply use its IV generator.

Otherwise, echainiv will encrypt a counter just like eseqiv but
it'll first xor it against a previously stored IV similar to
chainiv.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: seqiv - Add seqniv
Herbert Xu [Thu, 21 May 2015 07:11:14 +0000 (15:11 +0800)]
crypto: seqiv - Add seqniv

This patch adds a new IV generator seqniv which is identical to
seqiv except that it skips the IV when authenticating.  This is
intended to be used by algorithms such as rfc4106 that does the
IV authentication implicitly.

Note that the code used for seqniv is in fact identical to the
compatibility case for seqiv.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: seqiv - Add support for new AEAD interface
Herbert Xu [Thu, 21 May 2015 07:11:13 +0000 (15:11 +0800)]
crypto: seqiv - Add support for new AEAD interface

This patch converts the seqiv IV generator to work with the new
AEAD interface where IV generators are just normal AEAD algorithms.

Full backwards compatibility is paramount at this point since
no users have yet switched over to the new interface.  Nor can
they switch to the new interface until IV generation is fully
supported by it.

So this means we are adding two versions of seqiv alongside the
existing one.  The first one is the one that will be used when
the underlying AEAD algorithm has switched over to the new AEAD
interface.  The second one handles the current case where the
underlying AEAD algorithm still uses the old interface.

Both versions export themselves through the new AEAD interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: scatterwalk - Check for same address in map_and_copy
Herbert Xu [Thu, 21 May 2015 07:11:12 +0000 (15:11 +0800)]
crypto: scatterwalk - Check for same address in map_and_copy

This patch adds a check for in scatterwalk_map_and_copy to avoid
copying from the same address to the same address.  This is going
to be used for IV copying in AEAD IV generators.

There is no provision for partial overlaps.

This patch also uses the new scatterwalk_ffwd instead of doing
it by hand in scatterwalk_map_and_copy.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: gcm - Use default null skcipher
Herbert Xu [Thu, 21 May 2015 07:11:11 +0000 (15:11 +0800)]
crypto: gcm - Use default null skcipher

This patch makes gcm use the default null skcipher instead of
allocating a new one for each tfm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: null - Add default null skcipher
Herbert Xu [Thu, 21 May 2015 07:11:09 +0000 (15:11 +0800)]
crypto: null - Add default null skcipher

This patch adds a default null skcipher for users such as gcm
to perform copies on SG lists.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Add support for new AEAD implementations
Herbert Xu [Thu, 21 May 2015 07:11:08 +0000 (15:11 +0800)]
crypto: aead - Add support for new AEAD implementations

This patch adds the basic structure of the new AEAD type.  Unlike
the current version, there is no longer any concept of geniv.  IV
generation will still be carried out by wrappers but they will be
normal AEAD algorithms that simply take the IPsec sequence number
as the IV.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - Remove unnecessary maxauthsize check
Herbert Xu [Thu, 21 May 2015 07:11:07 +0000 (15:11 +0800)]
crypto: nx - Remove unnecessary maxauthsize check

The crypto layer already checks maxauthsize when setauthsize is
called.  So there is no need to check it again within setauthsize.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: ixp4xx - Use crypto_aead_maxauthsize
Herbert Xu [Thu, 21 May 2015 07:11:06 +0000 (15:11 +0800)]
crypto: ixp4xx - Use crypto_aead_maxauthsize

This patch uses the helper crypto_aead_maxauthsize instead of
directly dereferencing aead_alg.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Add crypto_aead_maxauthsize
Herbert Xu [Thu, 21 May 2015 07:11:05 +0000 (15:11 +0800)]
crypto: aead - Add crypto_aead_maxauthsize

This patch adds the helper crypto_aead_maxauthsize to remove the
need to directly dereference aead_alg internals by AEAD implementors.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Use old_aead_alg
Herbert Xu [Thu, 21 May 2015 07:11:03 +0000 (15:11 +0800)]
crypto: caam - Use old_aead_alg

This patch replaces references to aead_alg with old_aead_alg.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Rename aead_alg to old_aead_alg
Herbert Xu [Thu, 21 May 2015 07:11:02 +0000 (15:11 +0800)]
crypto: aead - Rename aead_alg to old_aead_alg

This patch is the first step in the introduction of a new AEAD
alg type.  Unlike normal conversions this patch only renames the
existing aead_alg structure because there are external references
to it.

Those references will be removed after this patch.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Add new interface with single SG list
Herbert Xu [Thu, 21 May 2015 07:11:01 +0000 (15:11 +0800)]
crypto: aead - Add new interface with single SG list

The primary user of AEAD, IPsec includes the IV in the AD in
most cases, except where it is implicitly authenticated by the
underlying algorithm.

The way it is currently implemented is a hack because we pass
the data in piecemeal and the underlying algorithms try to stitch
them back up into one piece.

This is why this patch is adding a new interface that allows a
single SG list to be passed in that contains everything so the
algorithm implementors do not have to stitch.

The new interface accepts a single source SG list and a single
destination SG list.  Both must be laid out as follows:

AD, skipped data, plain/cipher text, ICV

The ICV is not present from the source during encryption and from
the destination during decryption.

For the top-level IPsec AEAD algorithm the plain/cipher text will
contain the generated (or received) IV.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: scatterwalk - Add scatterwalk_ffwd helper
Herbert Xu [Thu, 21 May 2015 07:10:59 +0000 (15:10 +0800)]
crypto: scatterwalk - Add scatterwalk_ffwd helper

This patch adds the scatterwalk_ffwd helper which can create an
SG list that starts in the middle of an existing SG list.  The
new list may either be part of the existing list or be a chain
that latches onto part of the existing list.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: pcrypt - Use crypto_grab_aead
Herbert Xu [Thu, 21 May 2015 07:10:58 +0000 (15:10 +0800)]
crypto: pcrypt - Use crypto_grab_aead

As AEAD has switched over to using frontend types, the function
crypto_init_spawn must not be used since it does not specify a
frontend type.  Otherwise it leads to a crash when the spawn is
used.

This patch fixes it by switching over to crypto_grab_aead instead.

Fixes: 5d1d65f8bea6 ("crypto: aead - Convert top level interface to new style")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: cryptd - Use crypto_grab_aead
Herbert Xu [Thu, 21 May 2015 07:10:57 +0000 (15:10 +0800)]
crypto: cryptd - Use crypto_grab_aead

As AEAD has switched over to using frontend types, the function
crypto_init_spawn must not be used since it does not specify a
frontend type.  Otherwise it leads to a crash when the spawn is
used.

This patch fixes it by switching over to crypto_grab_aead instead.

Fixes: 5d1d65f8bea6 ("crypto: aead - Convert top level interface to new style")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: doc - change header file locations
Stephan Mueller [Wed, 20 May 2015 13:21:54 +0000 (15:21 +0200)]
crypto: doc - change header file locations

Due to the recent update of the kernel crypto API header files,
locations of function definitions and their documentation have changed.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: s390/ghash - Fix incorrect ghash icv buffer handling.
Harald Freudenberger [Thu, 21 May 2015 08:01:11 +0000 (10:01 +0200)]
crypto: s390/ghash - Fix incorrect ghash icv buffer handling.

Multitheaded tests showed that the icv buffer in the current ghash
implementation is not handled correctly. A move of this working ghash
buffer value to the descriptor context fixed this. Code is tested and
verified with an multithreaded application via af_alg interface.

Cc: stable@vger.kernel.org
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Gerald Schaefer <geraldsc@linux.vnet.ibm.com>
Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: omap-sham - Add support for omap3 devices
Pali Rohár [Thu, 26 Feb 2015 13:49:53 +0000 (14:49 +0100)]
crypto: omap-sham - Add support for omap3 devices

omap3 support is same as omap2, just with different IO address (specified in DT)

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: octeon - use md5 IV MD5_HX instead of their raw value
LABBE Corentin [Sun, 17 May 2015 10:54:17 +0000 (12:54 +0200)]
crypto: octeon - use md5 IV MD5_HX instead of their raw value

Since MD5 IV are now available in crypto/md5.h, use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: n2 - use md5 IV MD5_HX instead of their raw value
LABBE Corentin [Sun, 17 May 2015 10:54:16 +0000 (12:54 +0200)]
crypto: n2 - use md5 IV MD5_HX instead of their raw value

Since MD5 IV are now available in crypto/md5.h, use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: sparc/md5 - use md5 IV MD5_HX instead of their raw value
LABBE Corentin [Sun, 17 May 2015 10:54:15 +0000 (12:54 +0200)]
crypto: sparc/md5 - use md5 IV MD5_HX instead of their raw value

Since MD5 IV are now available in crypto/md5.h, use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: powerpc/md5 - use md5 IV MD5_HX instead of their raw value
LABBE Corentin [Sun, 17 May 2015 10:54:14 +0000 (12:54 +0200)]
crypto: powerpc/md5 - use md5 IV MD5_HX instead of their raw value

Since MD5 IV are now available in crypto/md5.h, use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: md5 - use md5 IV MD5_HX instead of their raw value
LABBE Corentin [Sun, 17 May 2015 10:54:13 +0000 (12:54 +0200)]
crypto: md5 - use md5 IV MD5_HX instead of their raw value

Since MD5 IV are now available in crypto/md5.h, use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: md5 - add MD5 initial vectors
LABBE Corentin [Sun, 17 May 2015 10:54:12 +0000 (12:54 +0200)]
crypto: md5 - add MD5 initial vectors

This patch simply adds the MD5 IV in the md5 header.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - remove 842-nx null checks
Dan Streetman [Fri, 15 May 2015 15:07:33 +0000 (11:07 -0400)]
crypto: nx - remove 842-nx null checks

Remove the null checks for tfm, src, slen, dst, dlen; tfm will never
be null and the other fields are always expected to be set correctly.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: algif_aead - fix invalid sgl linking
Tadeusz Struk [Fri, 15 May 2015 17:18:37 +0000 (10:18 -0700)]
crypto: algif_aead - fix invalid sgl linking

This patch fixes it.
Also minor updates to comments.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: vmx - fix two mistyped texts
Paulo Flabiano Smorigo [Thu, 14 May 2015 15:21:04 +0000 (12:21 -0300)]
crypto: vmx - fix two mistyped texts

One mistyped description and another mistyped target were corrected.

Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - rm unneeded header include
Tadeusz Struk [Wed, 13 May 2015 21:45:31 +0000 (14:45 -0700)]
crypto: qat - rm unneeded header include

Don't need proc_fs.h

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - remove unused structure members
Tadeusz Struk [Wed, 13 May 2015 21:45:30 +0000 (14:45 -0700)]
crypto: qat - remove unused structure members

Cleanup unused structure members.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: omap-sham - Check for return value from pm_runtime_get_sync
Pali Rohár [Sun, 8 Mar 2015 10:01:01 +0000 (11:01 +0100)]
crypto: omap-sham - Check for return value from pm_runtime_get_sync

Function pm_runtime_get_sync could fail and we need to check return
value to prevent kernel crash.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agolib: correct 842 decompress for 32 bit
Dan Streetman [Mon, 11 May 2015 22:53:36 +0000 (18:53 -0400)]
lib: correct 842 decompress for 32 bit

Avoid 64 bit mod operation, which won't work on 32 bit systems.
Simple subtraction can be used instead in this case.

Reported-By: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: talitos - static code checker fixes
Horia Geant? [Mon, 11 May 2015 17:04:56 +0000 (20:04 +0300)]
crypto: talitos - static code checker fixes

-change req_ctx->nbuf from u64 to unsigned int to silence checker
warnings; this is safe since nbuf value is <= HASH_MAX_BLOCK_SIZE
-remove unused value read from TALITOS_CCPSR; there is no requirement
to read upper 32b before reading lower 32b of a 64b register;
SEC RM mentions: "reads can always be done by byte, word, or dword"
-remove unused return value of sg_to_link_tbl()
-change "len" parameter of map_single_talitos_ptr() and
to_talitos_ptr_len() to unsigned int; later, cpu_to_be16 will __force
downcast the value to unsigned short without any checker warning

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: talitos - avoid out of bound scatterlist iterator
Horia Geant? [Tue, 12 May 2015 08:28:05 +0000 (11:28 +0300)]
crypto: talitos - avoid out of bound scatterlist iterator

Check return value of scatterlist_sg_next(), i.e. don't rely solely
on number of bytes to be processed or number of scatterlist entries.

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoRevert "crypto: talitos - convert to use be16_add_cpu()"
Horia Geant? [Mon, 11 May 2015 17:04:49 +0000 (20:04 +0300)]
Revert "crypto: talitos - convert to use be16_add_cpu()"

This reverts commit 7291a932c6e27d9768e374e9d648086636daf61c.

The conversion to be16_add_cpu() is incorrect in case cryptlen is
negative due to premature (i.e. before addition / subtraction)
implicit conversion of cryptlen (int -> u16) leading to sign loss.

Cc: <stable@vger.kernel.org> # 3.10+
Cc: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: talitos - avoid memleak in talitos_alg_alloc()
Horia Geant? [Mon, 11 May 2015 17:03:24 +0000 (20:03 +0300)]
crypto: talitos - avoid memleak in talitos_alg_alloc()

Cc: <stable@vger.kernel.org> # 3.2+
Fixes: 1d11911a8c57 ("crypto: talitos - fix warning: 'alg' may be used uninitialized in this function")
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agolib: make lib/842 decompress functions static
Dan Streetman [Mon, 11 May 2015 11:22:35 +0000 (07:22 -0400)]
lib: make lib/842 decompress functions static

Make the do_index and do_op functions static.

They are used only internally by the 842 decompression function,
and should be static.

Reported-By: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: talitos - fix size calculation in talitos_edesc_alloc()
Dan Carpenter [Mon, 11 May 2015 10:10:09 +0000 (13:10 +0300)]
crypto: talitos - fix size calculation in talitos_edesc_alloc()

The + operation has higher precedence than ?: so we need parentheses
here.  Otherwise we may end up allocating a max of only one "cryptlen"
instead of two.

Fixes: 6f65f6ac5fb3 ('crypto: talitos - implement scatter/gather copy for SEC1')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Convert top level interface to new style
Herbert Xu [Mon, 11 May 2015 09:48:12 +0000 (17:48 +0800)]
crypto: aead - Convert top level interface to new style

This patch converts the top-level aead interface to the new style.
All user-level AEAD interface code have been moved into crypto/aead.h.

The allocation/free functions have switched over to the new way of
allocating tfms.

This patch also removes the double indrection on setkey so the
indirection now exists only at the alg level.

Apart from these there are no user-visible changes.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: cryptd - Add missing aead.h inclusion
Herbert Xu [Mon, 11 May 2015 09:48:11 +0000 (17:48 +0800)]
crypto: cryptd - Add missing aead.h inclusion

cryptd.h needs to include crypto/aead.h because it uses crypto_aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:48:09 +0000 (17:48 +0800)]
crypto: qat - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: picoxcell - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:48:08 +0000 (17:48 +0800)]
crypto: picoxcell - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: ixp4xx - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:48:06 +0000 (17:48 +0800)]
crypto: ixp4xx - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aesni - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:48:04 +0000 (17:48 +0800)]
crypto: aesni - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: seqiv - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:48:03 +0000 (17:48 +0800)]
crypto: seqiv - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: pcrypt - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:48:01 +0000 (17:48 +0800)]
crypto: pcrypt - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: gcm - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:47:59 +0000 (17:47 +0800)]
crypto: gcm - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: cryptd - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:47:58 +0000 (17:47 +0800)]
crypto: cryptd - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: ccm - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:47:56 +0000 (17:47 +0800)]
crypto: ccm - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: authencesn - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:47:55 +0000 (17:47 +0800)]
crypto: authencesn - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: authenc - Use crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:47:53 +0000 (17:47 +0800)]
crypto: authenc - Use crypto_aead_set_reqsize helper

This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: aead - Add crypto_aead_set_reqsize helper
Herbert Xu [Mon, 11 May 2015 09:47:52 +0000 (17:47 +0800)]
crypto: aead - Add crypto_aead_set_reqsize helper

This patch adds the helper crypto_aead_set_reqsize so that people
don't have to directly access the aead internals to set the reqsize.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Remove unnecessary reference to crt_aead
Herbert Xu [Mon, 11 May 2015 09:47:50 +0000 (17:47 +0800)]
crypto: caam - Remove unnecessary reference to crt_aead

crt_aead is an internal implementation detail and must not be
used outside of the crypto API itself.  This patch replaces the
unnecessary uses of crt_aead with crypto_aead_ivsize.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: blkcipher - Include crypto/aead.h
Herbert Xu [Mon, 11 May 2015 09:47:49 +0000 (17:47 +0800)]
crypto: blkcipher - Include crypto/aead.h

All users of AEAD should include crypto/aead.h instead of
include/linux/crypto.h.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: talitos - Include internal/aead.h
Herbert Xu [Mon, 11 May 2015 09:47:48 +0000 (17:47 +0800)]
crypto: talitos - Include internal/aead.h

All AEAD implementations must include internal/aead.h in order
to access required helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - Include internal/aead.h
Herbert Xu [Mon, 11 May 2015 09:47:46 +0000 (17:47 +0800)]
crypto: qat - Include internal/aead.h

All AEAD implementations must include internal/aead.h in order
to access required helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - Include internal/aead.h
Herbert Xu [Mon, 11 May 2015 09:47:45 +0000 (17:47 +0800)]
crypto: nx - Include internal/aead.h

All AEAD implementations must include internal/aead.h in order
to access required helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: ixp4xx - Include internal/aead.h
Herbert Xu [Mon, 11 May 2015 09:47:44 +0000 (17:47 +0800)]
crypto: ixp4xx - Include internal/aead.h

All AEAD implementations must include internal/aead.h in order
to access required helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - Include internal/aead.h
Herbert Xu [Mon, 11 May 2015 09:47:43 +0000 (17:47 +0800)]
crypto: caam - Include internal/aead.h

All AEAD implementations must include internal/aead.h in order
to access required helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: authencesn - Include internal/aead.h
Herbert Xu [Mon, 11 May 2015 09:47:42 +0000 (17:47 +0800)]
crypto: authencesn - Include internal/aead.h

All AEAD implementations must include internal/aead.h in order
to access required helpers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>