Linux kernel source tree https://git.amat.us/linux/atom/crypto/Makefile?h=v2.6.30 2009-03-04T07:16:19Z 2009-03-04T07:16:19Z Geert Uytterhoeven Geert.Uytterhoeven@sonycom.com 2009-03-04T07:15:49Z urn:sha1:bf68e65ec9ea61e32ab71bef59aa5d24d255241f Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2009-03-04T07:05:33Z Geert Uytterhoeven Geert.Uytterhoeven@sonycom.com 2009-03-04T07:05:33Z urn:sha1:a1d2f09544065b60598b8167d94a6371bff3e892 The current "comp" crypto interface supports one-shot (de)compression only, i.e. the whole data buffer to be (de)compressed must be passed at once, and the whole (de)compressed data buffer will be received at once. In several use-cases (e.g. compressed file systems that store files in big compressed blocks), this workflow is not suitable. Furthermore, the "comp" type doesn't provide for the configuration of (de)compression parameters, and always allocates workspace memory for both compression and decompression, which may waste memory. To solve this, add a "pcomp" partial (de)compression interface that provides the following operations: - crypto_compress_{init,update,final}() for compression, - crypto_decompress_{init,update,final}() for decompression, - crypto_{,de}compress_setup(), to configure (de)compression parameters (incl. allocating workspace memory). The (de)compression methods take a struct comp_request, which was mimicked after the z_stream object in zlib, and contains buffer pointer and length pairs for input and output. The setup methods take an opaque parameter pointer and length pair. Parameters are supposed to be encoded using netlink attributes, whose meanings depend on the actual (name of the) (de)compression algorithm. Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2009-02-19T06:33:40Z Huang Ying ying.huang@intel.com 2009-02-19T06:33:40Z urn:sha1:25c38d3fb92fc23af7730a1601bc20af8216ae44 Use dedicated workqueue for crypto subsystem A dedicated workqueue named kcrypto_wq is created to be used by crypto subsystem. The system shared keventd_wq is not suitable for encryption/decryption, because of potential starvation problem. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-12-25T00:01:26Z Herbert Xu herbert@gondor.apana.org.au 2008-08-31T05:47:27Z urn:sha1:7b5a080b3c46f0cac71c0d0262634c6517d4ee4f The shash interface replaces the current synchronous hash interface. It improves over hash in two ways. Firstly shash is reentrant, meaning that the same tfm may be used by two threads simultaneously as all hashing state is stored in a local descriptor. The other enhancement is that shash no longer takes scatter list entries. This is because shash is specifically designed for synchronous algorithms and as such scatter lists are unnecessary. All existing hash users will be converted to shash once the algorithms have been completely converted. There is also a new finup function that combines update with final. This will be extended to ahash once the algorithm conversion is done. This is also the first time that an algorithm type has their own registration function. Existing algorithm types will be converted to this way in due course. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-12-10T12:29:44Z Herbert Xu herbert@gondor.apana.org.au 2008-12-10T12:29:44Z urn:sha1:6a0fcbb4dad15f02ca8f8ae6324fcd3fc43b9d35 If we have at least one algorithm built-in then it no longer makes sense to have the testing framework, and hence cryptomgr to be a module. It should be either on or off, i.e., built-in or disabled. This just happens to stop a potential runaway modprobe loop that seems to trigger on at least one distro. With fixes from Evgeniy Polyakov. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-08-29T05:50:04Z Neil Horman nhorman@tuxdriver.com 2008-08-14T12:15:52Z urn:sha1:17f0f4a47df9aea9ee26c939f8057c35e0be1847 This patch adds a random number generator interface as well as a cryptographic pseudo-random number generator based on AES. It is meant to be used in cases where a deterministic CPRNG is required. One of the first applications will be as an input in the IPsec IV generation process. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-08-29T05:50:02Z Neil Horman nhorman@tuxdriver.com 2008-08-05T06:13:08Z urn:sha1:ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4 Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-08-29T05:50:00Z Herbert Xu herbert@gondor.apana.org.au 2008-08-17T08:04:30Z urn:sha1:5be5e667a9a5d8d5553e009e67bc692d95e5916a This patch moves the default IV generators into their own modules in order to break a dependency loop between cryptomgr, rng, and blkcipher. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-08-29T05:49:55Z Herbert Xu herbert@gondor.apana.org.au 2008-07-31T09:08:25Z urn:sha1:da7f033ddc9fdebb3223b0bf88a2a2ab5b797608 This patch moves the newly created alg_test infrastructure into cryptomgr. This shall allow us to use it for testing at algorithm registrations. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2008-07-15T15:46:24Z Herbert Xu herbert@gondor.apana.org.au 2008-07-15T15:46:24Z urn:sha1:7890ea1f95fa8968fa6f5bb5860e6632932abfd3 This patch is clearly not ready yet for prime time. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>