Commit Graph

494550 Commits

Author SHA1 Message Date
Cristian Stoica
c47689931f crypto: tcrypt - fix buflen reminder calculation
- This fixes the intent of the code to limit the last scatterlist to
  either a full PAGE or a fraction of it, depending on the number of
  pages needed by buflen and the available space advertised by XBUFLEN.

  The original code always sets the last scatterlist to a fraction of a
  PAGE because the first 'if' is never executed.

- Rearrange the second part of the code to remove the conditional from
  the loop

Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-02-04 20:59:41 +11:00
Jarod Wilson
db71f29a1c crypto: testmgr - mark rfc4106(gcm(aes)) as fips_allowed
This gcm variant is popular for ipsec use, and there are folks who would
like to use it while in fips mode. Mark it with fips_allowed=1 to
facilitate that.

CC: LKML <linux-kernel@vger.kernel.org>
CC: Stephan Mueller <smueller@atsec.com>
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Stephan Mueller <smueller@atsec.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:32 +11:00
Cristian Stoica
cbceeefd87 crypto: caam - fix resource clean-up on error path for caam_jr_init
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:25 +11:00
Cristian Stoica
c6bf62e4f3 crypto: caam - pair irq map and dispose in the same function
irq_dispose_mapping is not called on all error paths from caam_jr_init.
This takes care of several clean-up issues by performing resource
clean-up and allocation at the same level.

Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:25 +11:00
Andrey Ryabinin
490f702286 crypto: ccp - terminate ccp_support array with empty element
x86_match_cpu() expects array of x86_cpu_ids terminated
with empty element.

Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:24 +11:00
Cristian Stoica
467707b2b7 crypto: caam - remove unused local variable
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:24 +11:00
Cristian Stoica
35b82e5540 crypto: caam - remove dead code
- assoc_nents and src_nents are never zero when all_contig is false
- iv_contig is zero on the else branch

Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Reviewed-by: Richard Schmitt <richard.schmitt@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:23 +11:00
Kim Phillips
3f80be0239 crypto: caam - don't emit ICV check failures to dmesg
ICV check failures are part of normal operation;
leave user notification up to the higher levels,
as is done in s/w algorithm implementations.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:23 +11:00
Michael S. Tsirkin
e20016a9c6 hwrng: virtio - drop extra empty line
makes code look a bit prettier.

Cc: linux-crypto@vger.kernel.org.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:23 +11:00
Cristian Stoica
5be4d4c94b crypto: replace scatterwalk_sg_next with sg_next
Modify crypto drivers to use the generic SG helper since
both of them are equivalent and the one from crypto is redundant.

See also:
  468577abe3   reverted in
  b2ab4a57b0

Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:22 +11:00
Christophe Jaillet
088f628cc0 crypto: atmel - Free memory in error path
If only one of the 2 __get_free_pages fails, then there is a memory leak.

Signed-off-by: Christophe Jaillet <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26 11:34:21 +11:00
Stephan Mueller
379dcfb406 crypto: doc - remove colons in comments
As documented in Documentation/kernel-doc-nano-HOWTO.txt lines
terminated with a colon are treated as headings.

The current layout of the documentation when compiling the kernel
crypto API DocBook documentation is messed up by by treating some lines
as headings. The patch removes colons from comments that shall not be
treated as headings.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-20 14:44:19 +11:00
Herbert Xu
c0ecf8916d crypto: seqiv - Ensure that IV size is at least 8 bytes
Since seqiv is designed for IPsec we need to be able to accomodate
the whole IPsec sequence number in order to ensure the uniqueness
of the IV.

This patch forbids any algorithm with an IV size of less than 8
from using it.  This should have no impact on existing users since
they all have an IV size of 8.

Reported-by: Maciej ?enczykowski <zenczykowski@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Maciej ?enczykowski <zenczykowski@gmail.com>
2015-01-20 14:44:16 +11:00
Herbert Xu
988dc01744 crypto: cts - Weed out non-CBC algorithms
The cts algorithm as currently implemented assumes the underlying
is a CBC-mode algorithm.  So this patch adds a check for that to
eliminate bogus combinations of cts with non-CBC modes.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-20 14:44:15 +11:00
Michael S. Tsirkin
3eda71676b MAINTAINERS: add linux-crypto to hw random
hw random is crypto-related, Cc the linux-crypto list
on patches.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-20 14:44:15 +11:00
Herbert Xu
0c5c8e646c crypto: cts - Remove bogus use of seqiv
The seqiv generator is completely inappropriate for cts as it's
designed for IPsec algorithms.  Since cts users do not actually
use the IV generator we can just fall back to the default.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Maciej ?enczykowski <zenczykowski@gmail.com>
2015-01-20 14:44:15 +11:00
Tadeusz Struk
b2c3f7cdad crypto: qat - don't need qat_auth_state struct
We don't need the qat_auth_state structure anymore.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-16 10:41:40 +11:00
Wei Yongjun
598de36952 crypto: algif_rng - fix sparse non static symbol warning
Fixes the following sparse warnings:

crypto/algif_rng.c:185:13: warning:
 symbol 'rng_exit' was not declared. Should it be static?

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-14 21:57:57 +11:00
Herbert Xu
48eb3691e8 crypto: qat - Ensure ipad and opad are zeroed
The patch ad511e260a (crypto: qat -
Fix incorrect uses of memzero_explicit) broke hashing because the
code was in fact overwriting the qat_auth_state variable.

In fact there is no reason for the variable to exist anyway since
all we are using it for is to store ipad and opad.  So we could
simply create ipad and opad directly and avoid this whole mess.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-14 21:57:56 +11:00
Timothy McCaffrey
e31ac32d3b crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106
These patches fix the RFC4106 implementation in the aesni-intel
module so it supports 192 & 256 bit keys.

Since the AVX support that was added to this module also only
supports 128 bit keys, and this patch only affects the SSE
implementation, changes were also made to use the SSE version
if key sizes other than 128 are specified.

RFC4106 specifies that 192 & 256 bit keys must be supported (section
8.4).

Also, this should fix Strongswan issue 341 where the aesni module
needs to be unloaded if 256 bit keys are used:

http://wiki.strongswan.org/issues/341

This patch has been tested with Sandy Bridge and Haswell processors.
With 128 bit keys and input buffers > 512 bytes a slight performance
degradation was noticed (~1%).  For input buffers of less than 512
bytes there was no performance impact.  Compared to 128 bit keys,
256 bit key size performance is approx. .5 cycles per byte slower
on Sandy Bridge, and .37 cycles per byte slower on Haswell (vs.
SSE code).

This patch has also been tested with StrongSwan IPSec connections
where it worked correctly.

I created this diff from a git clone of crypto-2.6.git.

Any questions, please feel free to contact me.

Signed-off-by: Timothy McCaffrey <timothy.mccaffrey@unisys.com>
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-14 21:56:51 +11:00
Mathias Krause
d8219f52a7 crypto: x86/des3_ede - drop bogus module aliases
This module implements variations of "des3_ede" only. Drop the bogus
module aliases for "des".

Cc: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:52 +11:00
Mathias Krause
97ef8ef5a8 crypto: sparc64/md5 - fix module description
MD5 is not SHA1.

Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:48 +11:00
Mathias Krause
5001323b70 crypto: sparc64/des - add "des3_ede" module alias
This module provides implementations for "des3_ede", too. Announce those
via an appropriate crypto module alias so it can be used in favour to
the generic C implementation.

Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:48 +11:00
Mathias Krause
7d676fdbb4 crypto: sparc64/camellia - fix module alias
The module alias should be "camellia", not "aes".

Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:47 +11:00
Mathias Krause
b01264170c crypto: sparc64/aes - fix module description
AES is a block cipher, not a hash.

Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:47 +11:00
Allan, Bruce W
6a24efda80 crypto: qat - remove unnecessary include of atomic.h header file
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:47 +11:00
Allan, Bruce W
a6bcc1e443 crypto: qat - use pci_wait_for_pending_transaction()
Prior to resetting the hardware, use pci_wait_for_pending_transaction()
instead of open coding similar functionality.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Acked-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:46 +11:00
Allan, Bruce W
fd98d692bb crypto: qat - adf_ae_stop() is never called
In adf_dev_stop(), adf_ae_stop() is never called because adf_dev_started()
will always return false since the ADF_STATUS_STARTED bit is cleared
earlier in the function.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Acked-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:46 +11:00
Allan, Bruce W
53bc0251b1 crypto: qat - correctly type a boolean
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:45 +11:00
Allan, Bruce W
22e4dda06d crypto: qat - fix device reset flow
When the device needs a reset, e.g. when an uncorrectable PCIe AER event
occurs, various services/data structures need to be cleaned up, the
hardware reset and the services/data structures initialized and started.
The code to perform the cleanup and initialization was not performed when
a device reset was done.

This patch moves some of the initialization code out of the .probe entry-
point into a separate function that is now called during probe as well as
after the hardware has been reset.  Similarly, a new function is added for
first cleaning up these services/data structures prior to resetting.  The
new functions are adf_dev_init() and adf_dev_shutdown(), respectively, for
which there are already prototypes but no actual functions just yet and are
now called when the device is reset and during probe/cleanup of the driver.
The down and up flows via ioctl calls has similarly been updated.

In addition, there are two other bugs in the reset flow - one in the logic
for determining whether to schedule a device reset upon receiving an
uncorrectable AER event which prevents the reset flow from being initiated,
and another with clearing the status bit indicating a device is configured
(when resetting the device the configuration remains across the reset so
the bit should not be cleared, otherwise, the necessary services will not
be re-started in adf_dev_start() after the reset - clear the bit only when
actually deleting the configuration).

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:45 +11:00
Rabin Vincent
8a45ac12ec crypto: testmgr - don't use interruptible wait in tests
tcrypt/testmgr uses wait_for_completion_interruptible() everywhere when
it waits for a request to be completed.  If it's interrupted, then the
test is aborted and the request is freed.

However, if any of these calls actually do get interrupted, the result
will likely be a kernel crash, when the driver handles the now-freed
request.  Use wait_for_completion() instead.

Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-13 22:30:44 +11:00
Daniel Borkmann
8155330aad lib: memzero_explicit: add comment for its usage
Lets improve the comment to add a note on when to use memzero_explicit()
for those not digging through the git logs. We don't want people to
pollute places with memzero_explicit() where it's not really necessary.

Reference: https://lkml.org/lkml/2015/1/4/190
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-08 21:46:19 +11:00
Herbert Xu
ad511e260a crypto: qat - Fix incorrect uses of memzero_explicit
memzero_explicit should only be used on stack variables that get
zapped just before they go out of scope.

This patch replaces all unnecessary uses of memzero_explicit with
memset, removes two memzero_explicit calls altogether as the tfm
context comes pre-zeroed, and adds a missing memzero_explicit of
the stack variable buff in qat_alg_do_precomputes.  The memzeros
on ipad/opad + digest_size/auth_keylen are also removed as the
entire auth_state is already zeroed on entry.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Tadeusz Struk <tadeusz.struk@intel.com>
2015-01-08 21:46:19 +11:00
Stephan Mueller
15acabfd02 crypto: aead - add check for presence of auth tag
The AEAD decryption operation requires the authentication tag to be
present as part of the cipher text buffer. The added check verifies that
the caller provides a cipher text with at least the authentication tag.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-08 21:46:18 +11:00
Asaf Vertz
42d2e780c6 crypto: omap-des - fix BUG_ON condition
dd->total is unsigned so it won't do any good to check for negative
value after subtracting instead of that we should check if the
subtracted value is bigger than him

This was partially found by using a static code analysis program
called cppcheck.

Signed-off-by: Asaf Vertz <asaf.vertz@tandemg.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-08 21:46:17 +11:00
Masanari Iida
28c29f5657 crypto: bfin_crc - Remove unnecessary KERN_ERR in bfin_crc.c
This patch removes unnecessary KERN_ERR from bfin_crypto_crc_mod_init().

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-05 21:36:07 +11:00
Rickard Strandqvist
4c1ada872d crypto: amcc - Remove unused function
Remove the function get_dynamic_sa_offset_iv_field() that is not used anywhere.

This was partially found by using a static code analysis program called cppcheck.

Signed-off-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-05 21:36:07 +11:00
Herbert Xu
1471f09f9b Revert "crypto: drbg - use memzero_explicit() for clearing sensitive data"
This reverts commit 421d82f5b3.

None of the data zeroed are on the stack so the compiler cannot
optimise them away.
    
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-05 10:44:09 +11:00
Stephan Mueller
2f3755381d crypto: algif_rng - enable RNG interface compilation
Enable compilation of the RNG AF_ALG support and provide a Kconfig
option to compile the RNG AF_ALG support.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-29 21:39:27 +11:00
Stephan Mueller
5afdfd22e6 crypto: algif_rng - add random number generator support
This patch adds the random number generator support for AF_ALG.

A random number generator's purpose is to generate data without
requiring the caller to provide any data. Therefore, the AF_ALG
interface handler for RNGs only implements a callback handler for
recvmsg.

The following parameters provided with a recvmsg are processed by the
RNG callback handler:

	* sock - to resolve the RNG context data structure accessing the
	  RNG instance private to the socket

	* len - this parameter allows userspace callers to specify how
	  many random bytes the RNG shall produce and return. As the
	  kernel context for the RNG allocates a buffer of 128 bytes to
	  store random numbers before copying them to userspace, the len
	  parameter is checked that it is not larger than 128. If a
	  caller wants more random numbers, a new request for recvmsg
	  shall be made.

The size of 128 bytes is chose because of the following considerations:

	* to increase the memory footprint of the kernel too much (note,
	  that would be 128 bytes per open socket)

	* 128 is divisible by any typical cryptographic block size an
	  RNG may have

	* A request for random numbers typically only shall supply small
	  amount of data like for keys or IVs that should only require
	  one invocation of the recvmsg function.

Note, during instantiation of the RNG, the code checks whether the RNG
implementation requires seeding. If so, the RNG is seeded with output
from get_random_bytes.

A fully working example using all aspects of the RNG interface is
provided at http://www.chronox.de/libkcapi.html

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-29 21:37:59 +11:00
Stephan Mueller
ad202c8c15 crypto: af_alg - zeroize key data
alg_setkey should zeroize the sensitive data after use.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-26 08:33:36 +11:00
Herbert Xu
90ac41bd40 hwrng: core - Move hwrng_init call into set_current_rng
We always do hwrng_init in set_current_rng.  In fact, our current
reference count system relies on this.  So make this explicit by
moving hwrng_init into set_current_rng.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-26 08:33:36 +11:00
Herbert Xu
ff77c150f7 hwrng: core - Drop current rng in set_current_rng
Rather than having callers of set_current_rng call drop_current_rng,
we can do it directly in set_current_rng.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-26 08:33:35 +11:00
Herbert Xu
ac3a497f13 hwrng: core - Do not register device opportunistically
Currently we only register the device when a valid RNG is added.
However the way it's done is buggy because we test whether there
is a current RNG to determine whether we need to register.  As
the current RNG may be missing due to a reinitialisation error
this can lead to a reregistration of the device.

As the device already has to handle a NULL current RNG anyway,
let's just register the device always and remove the complexity.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-26 08:33:35 +11:00
Herbert Xu
15b66cd542 hwrng: core - Fix current_rng init/cleanup race yet again
The kref solution is still buggy because we were only focusing
on the register/unregister race.  The same race affects the
setting of current_rng through sysfs.

This patch fixes it by using kref_get_unless_zero.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-26 08:33:34 +11:00
Herbert Xu
77584ee574 hwrng: core - Use struct completion for cleanup_done
There is no point in doing a manual completion for cleanup_done
when struct completion fits in perfectly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-26 08:33:34 +11:00
Aaro Koskinen
d69e75deff crypto: octeon - enable OCTEON MD5 module selection
Enable user to select OCTEON MD5 module.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-24 08:14:24 +11:00
Aaro Koskinen
1953c22f53 crypto: octeon - add MD5 module
Add OCTEON MD5 module.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-24 08:14:23 +11:00
Aaro Koskinen
011f3c6cbb MIPS: OCTEON: reintroduce crypto features check
Reintroduce run-time check for crypto features. The old one was deleted
because it was unreliable, now decide the crypto availability on early
boot when the model string is constructed.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-24 08:14:22 +11:00
Aaro Koskinen
1e585ef51c crypto: octeon - add instruction definitions for MD5
Add instruction definitions for MD5. Based on information extracted
from EdgeRouter Pro GPL source tarball.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-12-24 08:14:22 +11:00