diff options
44 files changed, 7420 insertions, 7106 deletions
diff --git a/arch/s390/crypto/Makefile b/arch/s390/crypto/Makefile index 14e552c5cc4..6a1157fa4f9 100644 --- a/arch/s390/crypto/Makefile +++ b/arch/s390/crypto/Makefile @@ -2,8 +2,9 @@ # Cryptographic API # -obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o -obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o +obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o sha_common.o +obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o sha_common.o +obj-$(CONFIG_CRYPTO_SHA512_S390) += sha512_s390.o sha_common.o obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o des_check_key.o obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o obj-$(CONFIG_S390_PRNG) += prng.o diff --git a/arch/s390/crypto/crypt_s390.h b/arch/s390/crypto/crypt_s390.h index 95f5160df27..9992f95ef99 100644 --- a/arch/s390/crypto/crypt_s390.h +++ b/arch/s390/crypto/crypt_s390.h @@ -82,6 +82,7 @@ enum crypt_s390_kimd_func { KIMD_QUERY = CRYPT_S390_KIMD | 0, KIMD_SHA_1 = CRYPT_S390_KIMD | 1, KIMD_SHA_256 = CRYPT_S390_KIMD | 2, + KIMD_SHA_512 = CRYPT_S390_KIMD | 3, }; /* @@ -92,6 +93,7 @@ enum crypt_s390_klmd_func { KLMD_QUERY = CRYPT_S390_KLMD | 0, KLMD_SHA_1 = CRYPT_S390_KLMD | 1, KLMD_SHA_256 = CRYPT_S390_KLMD | 2, + KLMD_SHA_512 = CRYPT_S390_KLMD | 3, }; /* diff --git a/arch/s390/crypto/sha.h b/arch/s390/crypto/sha.h new file mode 100644 index 00000000000..1ceafa571ea --- /dev/null +++ b/arch/s390/crypto/sha.h @@ -0,0 +1,35 @@ +/* + * Cryptographic API. + * + * s390 generic implementation of the SHA Secure Hash Algorithms. + * + * Copyright IBM Corp. 2007 + * Author(s): Jan Glauber (jang@de.ibm.com) + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#ifndef _CRYPTO_ARCH_S390_SHA_H +#define _CRYPTO_ARCH_S390_SHA_H + +#include <linux/crypto.h> +#include <crypto/sha.h> + +/* must be big enough for the largest SHA variant */ +#define SHA_MAX_STATE_SIZE 16 +#define SHA_MAX_BLOCK_SIZE SHA512_BLOCK_SIZE + +struct s390_sha_ctx { + u64 count; /* message length in bytes */ + u32 state[SHA_MAX_STATE_SIZE]; + u8 buf[2 * SHA_MAX_BLOCK_SIZE]; + int func; /* KIMD function to use */ +}; + +void s390_sha_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len); +void s390_sha_final(struct crypto_tfm *tfm, u8 *out); + +#endif diff --git a/arch/s390/crypto/sha1_s390.c b/arch/s390/crypto/sha1_s390.c index 9cf9eca2274..b3cb5a89b00 100644 --- a/arch/s390/crypto/sha1_s390.c +++ b/arch/s390/crypto/sha1_s390.c @@ -29,16 +29,11 @@ #include <crypto/sha.h> #include "crypt_s390.h" - -struct s390_sha1_ctx { - u64 count; /* message length */ - u32 state[5]; - u8 buf[2 * SHA1_BLOCK_SIZE]; -}; +#include "sha.h" static void sha1_init(struct crypto_tfm *tfm) { - struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm); + struct s390_sha_ctx *sctx = crypto_tfm_ctx(tfm); sctx->state[0] = SHA1_H0; sctx->state[1] = SHA1_H1; @@ -46,79 +41,7 @@ static void sha1_init(struct crypto_tfm *tfm) sctx->state[3] = SHA1_H3; sctx->state[4] = SHA1_H4; sctx->count = 0; -} - -static void sha1_update(struct crypto_tfm *tfm, const u8 *data, - unsigned int len) -{ - struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm); - unsigned int index; - int ret; - - /* how much is already in the buffer? */ - index = sctx->count & 0x3f; - - sctx->count += len; - - if (index + len < SHA1_BLOCK_SIZE) - goto store; - - /* process one stored block */ - if (index) { - memcpy(sctx->buf + index, data, SHA1_BLOCK_SIZE - index); - ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, sctx->buf, - SHA1_BLOCK_SIZE); - BUG_ON(ret != SHA1_BLOCK_SIZE); - data += SHA1_BLOCK_SIZE - index; - len -= SHA1_BLOCK_SIZE - index; - } - - /* process as many blocks as possible */ - if (len >= SHA1_BLOCK_SIZE) { - ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, data, - len & ~(SHA1_BLOCK_SIZE - 1)); - BUG_ON(ret != (len & ~(SHA1_BLOCK_SIZE - 1))); - data += ret; - len -= ret; - } - -store: - /* anything left? */ - if (len) - memcpy(sctx->buf + index , data, len); -} - -/* Add padding and return the message digest. */ -static void sha1_final(struct crypto_tfm *tfm, u8 *out) -{ - struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm); - u64 bits; - unsigned int index, end; - int ret; - - /* must perform manual padding */ - index = sctx->count & 0x3f; - end = (index < 56) ? SHA1_BLOCK_SIZE : (2 * SHA1_BLOCK_SIZE); - - /* start pad with 1 */ - sctx->buf[index] = 0x80; - - /* pad with zeros */ - index++; - memset(sctx->buf + index, 0x00, end - index - 8); - - /* append message length */ - bits = sctx->count * 8; - memcpy(sctx->buf + end - 8, &bits, sizeof(bits)); - - ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, sctx->buf, end); - BUG_ON(ret != end); - - /* copy digest to out */ - memcpy(out, sctx->state, SHA1_DIGEST_SIZE); - - /* wipe context */ - memset(sctx, 0, sizeof *sctx); + sctx->func = KIMD_SHA_1; } static struct crypto_alg alg = { @@ -127,21 +50,20 @@ static struct crypto_alg alg = { .cra_priority = CRYPT_S390_PRIORITY, .cra_flags = CRYPTO_ALG_TYPE_DIGEST, .cra_blocksize = SHA1_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct s390_sha1_ctx), + .cra_ctxsize = sizeof(struct s390_sha_ctx), .cra_module = THIS_MODULE, .cra_list = LIST_HEAD_INIT(alg.cra_list), .cra_u = { .digest = { .dia_digestsize = SHA1_DIGEST_SIZE, .dia_init = sha1_init, - .dia_update = sha1_update, - .dia_final = sha1_final } } + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } }; static int __init sha1_s390_init(void) { if (!crypt_s390_func_available(KIMD_SHA_1)) return -EOPNOTSUPP; - return crypto_register_alg(&alg); } @@ -154,6 +76,5 @@ module_init(sha1_s390_init); module_exit(sha1_s390_fini); MODULE_ALIAS("sha1"); - MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); diff --git a/arch/s390/crypto/sha256_s390.c b/arch/s390/crypto/sha256_s390.c index 2a3d756b35d..19c03fb6ba7 100644 --- a/arch/s390/crypto/sha256_s390.c +++ b/arch/s390/crypto/sha256_s390.c @@ -22,16 +22,11 @@ #include <crypto/sha.h> #include "crypt_s390.h" - -struct s390_sha256_ctx { - u64 count; /* message length */ - u32 state[8]; - u8 buf[2 * SHA256_BLOCK_SIZE]; -}; +#include "sha.h" static void sha256_init(struct crypto_tfm *tfm) { - struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm); + struct s390_sha_ctx *sctx = crypto_tfm_ctx(tfm); sctx->state[0] = SHA256_H0; sctx->state[1] = SHA256_H1; @@ -42,79 +37,7 @@ static void sha256_init(struct crypto_tfm *tfm) sctx->state[6] = SHA256_H6; sctx->state[7] = SHA256_H7; sctx->count = 0; -} - -static void sha256_update(struct crypto_tfm *tfm, const u8 *data, - unsigned int len) -{ - struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm); - unsigned int index; - int ret; - - /* how much is already in the buffer? */ - index = sctx->count & 0x3f; - - sctx->count += len; - - if ((index + len) < SHA256_BLOCK_SIZE) - goto store; - - /* process one stored block */ - if (index) { - memcpy(sctx->buf + index, data, SHA256_BLOCK_SIZE - index); - ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, sctx->buf, - SHA256_BLOCK_SIZE); - BUG_ON(ret != SHA256_BLOCK_SIZE); - data += SHA256_BLOCK_SIZE - index; - len -= SHA256_BLOCK_SIZE - index; - } - - /* process as many blocks as possible */ - if (len >= SHA256_BLOCK_SIZE) { - ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, data, - len & ~(SHA256_BLOCK_SIZE - 1)); - BUG_ON(ret != (len & ~(SHA256_BLOCK_SIZE - 1))); - data += ret; - len -= ret; - } - -store: - /* anything left? */ - if (len) - memcpy(sctx->buf + index , data, len); -} - -/* Add padding and return the message digest */ -static void sha256_final(struct crypto_tfm *tfm, u8 *out) -{ - struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm); - u64 bits; - unsigned int index, end; - int ret; - - /* must perform manual padding */ - index = sctx->count & 0x3f; - end = (index < 56) ? SHA256_BLOCK_SIZE : (2 * SHA256_BLOCK_SIZE); - - /* start pad with 1 */ - sctx->buf[index] = 0x80; - - /* pad with zeros */ - index++; - memset(sctx->buf + index, 0x00, end - index - 8); - - /* append message length */ - bits = sctx->count * 8; - memcpy(sctx->buf + end - 8, &bits, sizeof(bits)); - - ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, sctx->buf, end); - BUG_ON(ret != end); - - /* copy digest to out */ - memcpy(out, sctx->state, SHA256_DIGEST_SIZE); - - /* wipe context */ - memset(sctx, 0, sizeof *sctx); + sctx->func = KIMD_SHA_256; } static struct crypto_alg alg = { @@ -123,14 +46,14 @@ static struct crypto_alg alg = { .cra_priority = CRYPT_S390_PRIORITY, .cra_flags = CRYPTO_ALG_TYPE_DIGEST, .cra_blocksize = SHA256_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct s390_sha256_ctx), + .cra_ctxsize = sizeof(struct s390_sha_ctx), .cra_module = THIS_MODULE, .cra_list = LIST_HEAD_INIT(alg.cra_list), .cra_u = { .digest = { .dia_digestsize = SHA256_DIGEST_SIZE, .dia_init = sha256_init, - .dia_update = sha256_update, - .dia_final = sha256_final } } + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } }; static int sha256_s390_init(void) @@ -150,6 +73,5 @@ module_init(sha256_s390_init); module_exit(sha256_s390_fini); MODULE_ALIAS("sha256"); - MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm"); diff --git a/arch/s390/crypto/sha512_s390.c b/arch/s390/crypto/sha512_s390.c new file mode 100644 index 00000000000..23c7861f6ae --- /dev/null +++ b/arch/s390/crypto/sha512_s390.c @@ -0,0 +1,114 @@ +/* + * Cryptographic API. + * + * s390 implementation of the SHA512 and SHA38 Secure Hash Algorithm. + * + * Copyright IBM Corp. 2007 + * Author(s): Jan Glauber (jang@de.ibm.com) + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#include <linux/init.h> +#include <linux/module.h> +#include <linux/crypto.h> + +#include "sha.h" +#include "crypt_s390.h" + +static void sha512_init(struct crypto_tfm *tfm) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + + *(__u64 *)&ctx->state[0] = 0x6a09e667f3bcc908ULL; + *(__u64 *)&ctx->state[2] = 0xbb67ae8584caa73bULL; + *(__u64 *)&ctx->state[4] = 0x3c6ef372fe94f82bULL; + *(__u64 *)&ctx->state[6] = 0xa54ff53a5f1d36f1ULL; + *(__u64 *)&ctx->state[8] = 0x510e527fade682d1ULL; + *(__u64 *)&ctx->state[10] = 0x9b05688c2b3e6c1fULL; + *(__u64 *)&ctx->state[12] = 0x1f83d9abfb41bd6bULL; + *(__u64 *)&ctx->state[14] = 0x5be0cd19137e2179ULL; + ctx->count = 0; + ctx->func = KIMD_SHA_512; +} + +static struct crypto_alg sha512_alg = { + .cra_name = "sha512", + .cra_driver_name = "sha512-s390", + .cra_priority = CRYPT_S390_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_DIGEST, + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s390_sha_ctx), + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(sha512_alg.cra_list), + .cra_u = { .digest = { + .dia_digestsize = SHA512_DIGEST_SIZE, + .dia_init = sha512_init, + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } +}; + +MODULE_ALIAS("sha512"); + +static void sha384_init(struct crypto_tfm *tfm) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + + *(__u64 *)&ctx->state[0] = 0xcbbb9d5dc1059ed8ULL; + *(__u64 *)&ctx->state[2] = 0x629a292a367cd507ULL; + *(__u64 *)&ctx->state[4] = 0x9159015a3070dd17ULL; + *(__u64 *)&ctx->state[6] = 0x152fecd8f70e5939ULL; + *(__u64 *)&ctx->state[8] = 0x67332667ffc00b31ULL; + *(__u64 *)&ctx->state[10] = 0x8eb44a8768581511ULL; + *(__u64 *)&ctx->state[12] = 0xdb0c2e0d64f98fa7ULL; + *(__u64 *)&ctx->state[14] = 0x47b5481dbefa4fa4ULL; + ctx->count = 0; + ctx->func = KIMD_SHA_512; +} + +static struct crypto_alg sha384_alg = { + .cra_name = "sha384", + .cra_driver_name = "sha384-s390", + .cra_priority = CRYPT_S390_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_DIGEST, + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s390_sha_ctx), + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(sha384_alg.cra_list), + .cra_u = { .digest = { + .dia_digestsize = SHA384_DIGEST_SIZE, + .dia_init = sha384_init, + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } +}; + +MODULE_ALIAS("sha384"); + +static int __init init(void) +{ + int ret; + + if (!crypt_s390_func_available(KIMD_SHA_512)) + return -EOPNOTSUPP; + if ((ret = crypto_register_alg(&sha512_alg)) < 0) + goto out; + if ((ret = crypto_register_alg(&sha384_alg)) < 0) + crypto_unregister_alg(&sha512_alg); +out: + return ret; +} + +static void __exit fini(void) +{ + crypto_unregister_alg(&sha512_alg); + crypto_unregister_alg(&sha384_alg); +} + +module_init(init); +module_exit(fini); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("SHA512 and SHA-384 Secure Hash Algorithm"); diff --git a/arch/s390/crypto/sha_common.c b/arch/s390/crypto/sha_common.c new file mode 100644 index 00000000000..9d6eb8c3d37 --- /dev/null +++ b/arch/s390/crypto/sha_common.c @@ -0,0 +1,97 @@ +/* + * Cryptographic API. + * + * s390 generic implementation of the SHA Secure Hash Algorithms. + * + * Copyright IBM Corp. 2007 + * Author(s): Jan Glauber (jang@de.ibm.com) + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ + +#include <linux/crypto.h> +#include "sha.h" +#include "crypt_s390.h" + +void s390_sha_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + unsigned int bsize = crypto_tfm_alg_blocksize(tfm); + unsigned int index; + int ret; + + /* how much is already in the buffer? */ + index = ctx->count & (bsize - 1); + ctx->count += len; + + if ((index + len) < bsize) + goto store; + + /* process one stored block */ + if (index) { + memcpy(ctx->buf + index, data, bsize - index); + ret = crypt_s390_kimd(ctx->func, ctx->state, ctx->buf, bsize); + BUG_ON(ret != bsize); + data += bsize - index; + len -= bsize - index; + } + + /* process as many blocks as possible */ + if (len >= bsize) { + ret = crypt_s390_kimd(ctx->func, ctx->state, data, + len & ~(bsize - 1)); + BUG_ON(ret != (len & ~(bsize - 1))); + data += ret; + len -= ret; + } +store: + if (len) + memcpy(ctx->buf + index , data, len); +} +EXPORT_SYMBOL_GPL(s390_sha_update); + +void s390_sha_final(struct crypto_tfm *tfm, u8 *out) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + unsigned int bsize = crypto_tfm_alg_blocksize(tfm); + u64 bits; + unsigned int index, end, plen; + int ret; + + /* SHA-512 uses 128 bit padding length */ + plen = (bsize > SHA256_BLOCK_SIZE) ? 16 : 8; + + /* must perform manual padding */ + index = ctx->count & (bsize - 1); + end = (index < bsize - plen) ? bsize : (2 * bsize); + + /* start pad with 1 */ + ctx->buf[index] = 0x80; + index++; + + /* pad with zeros */ + memset(ctx->buf + index, 0x00, end - index - 8); + + /* + * Append message length. Well, SHA-512 wants a 128 bit lenght value, + * nevertheless we use u64, should be enough for now... + */ + bits = ctx->count * 8; + memcpy(ctx->buf + end - 8, &bits, sizeof(bits)); + + ret = crypt_s390_kimd(ctx->func, ctx->state, ctx->buf, end); + BUG_ON(ret != end); + + /* copy digest to out */ + memcpy(out, ctx->state, crypto_hash_digestsize(crypto_hash_cast(tfm))); + /* wipe context */ + memset(ctx, 0, sizeof *ctx); +} +EXPORT_SYMBOL_GPL(s390_sha_final); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("s390 SHA cipher common functions"); diff --git a/arch/x86/crypto/aes-i586-asm_32.S b/arch/x86/crypto/aes-i586-asm_32.S index 1093bede3e0..e41b147f450 100644 --- a/arch/x86/crypto/aes-i586-asm_32.S +++ b/arch/x86/crypto/aes-i586-asm_32.S @@ -289,7 +289,6 @@ aes_enc_blk: pop %ebx mov %r0,(%ebp) pop %ebp - mov $1,%eax ret // AES (Rijndael) Decryption Subroutine @@ -365,6 +364,4 @@ aes_dec_blk: pop %ebx mov %r0,(%ebp) pop %ebp - mov $1,%eax ret - diff --git a/crypto/Kconfig b/crypto/Kconfig index 69f1be6816f..864456c140f 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -13,12 +13,14 @@ source "crypto/async_tx/Kconfig" # Cryptographic API Configuration # menuconfig CRYPTO - bool "Cryptographic API" + tristate "Cryptographic API" help This option provides the core Cryptographic API. if CRYPTO +comment "Crypto core or helper" + config CRYPTO_ALGAPI tristate help @@ -32,15 +34,6 @@ config CRYPTO_BLKCIPHER tristate select CRYPTO_ALGAPI -config CRYPTO_SEQIV - tristate "Sequence Number IV Generator" - select CRYPTO_AEAD - select CRYPTO_BLKCIPHER - help - This IV generator generates an IV based on a sequence number by - xoring it with a salt. This algorithm is mainly useful for CTR - and similar modes. - config CRYPTO_HASH tristate select CRYPTO_ALGAPI @@ -52,24 +45,15 @@ config CRYPTO_MANAGER Create default cryptographic template instantiations such as cbc(aes). -config CRYPTO_HMAC - tristate "HMAC support" - select CRYPTO_HASH - select CRYPTO_MANAGER - help - HMAC: Keyed-Hashing for Message Authentication (RFC2104). - This is required for IPSec. - -config CRYPTO_XCBC - tristate "XCBC support" +config CRYPTO_GF128MUL + tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" depends on EXPERIMENTAL - select CRYPTO_HASH - select CRYPTO_MANAGER help - XCBC: Keyed-Hashing with encryption algorithm - http://www.ietf.org/rfc/rfc3566.txt - http://csrc.nist.gov/encryption/modes/proposedmodes/ - xcbc-mac/xcbc-mac-spec.pdf + Efficient table driven implementation of multiplications in the + field GF(2^128). This is needed by some cypher modes. This + option will be selected automatically if you select such a + cipher mode. Only select this option by hand if you expect to load + an external module that requires these functions. config CRYPTO_NULL tristate "Null algorithms" @@ -78,107 +62,98 @@ config CRYPTO_NULL help These are 'Null' algorithms, used by IPsec, which do nothing. -config CRYPTO_MD4 - tristate "MD4 digest algorithm" - select CRYPTO_ALGAPI - help - MD4 message digest algorithm (RFC1320). - -config CRYPTO_MD5 - tristate "MD5 digest algorithm" - select CRYPTO_ALGAPI +config CRYPTO_CRYPTD + tristate "Software async crypto daemon" + select CRYPTO_BLKCIPHER + select CRYPTO_MANAGER help - MD5 message digest algorithm (RFC1321). + This is a generic software asynchronous crypto daemon that + converts an arbitrary synchronous software crypto algorithm + into an asynchronous algorithm that executes in a kernel thread. -config CRYPTO_SHA1 - tristate "SHA1 digest algorithm" - select CRYPTO_ALGAPI +config CRYPTO_AUTHENC + tristate "Authenc support" + select CRYPTO_AEAD + select CRYPTO_BLKCIPHER + select CRYPTO_MANAGER + select CRYPTO_HASH help - SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2). + Authenc: Combined mode wrapper for IPsec. + This is required for IPSec. -config CRYPTO_SHA256 - tristate "SHA224 and SHA256 digest algorithm" +config CRYPTO_TEST + tristate "Testing module" + depends on m select CRYPTO_ALGAPI + select CRYPTO_AEAD + select CRYPTO_BLKCIPHER help - SHA256 secure hash standard (DFIPS 180-2). - - This version of SHA implements a 256 bit hash with 128 bits of - security against collision attacks. + Quick & dirty crypto test module. - This code also includes SHA-224, a 224 bit hash with 112 bits - of security against collision attacks. +comment "Authenticated Encryption with Associated Data" -config CRYPTO_SHA512 - tristate "SHA384 and SHA512 digest algorithms" - select CRYPTO_ALGAPI +config CRYPTO_CCM + tristate "CCM support" + select CRYPTO_CTR + select CRYPTO_AEAD help - SHA512 secure hash standard (DFIPS 180-2). - - This version of SHA implements a 512 bit hash with 256 bits of - security against collision attacks. - - This code also includes SHA-384, a 384 bit hash with 192 bits - of security against collision attacks. + Support for Counter with CBC MAC. Required for IPsec. -config CRYPTO_WP512 - tristate "Whirlpool digest algorithms" - select CRYPTO_ALGAPI +config CRYPTO_GCM + tristate "GCM/GMAC support" + select CRYPTO_CTR + select CRYPTO_AEAD + select CRYPTO_GF128MUL help - Whirlpool hash algorithm 512, 384 and 256-bit hashes - - Whirlpool-512 is part of the NESSIE cryptographic primitives. - Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard - - See also: - <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html> + Support for Galois/Counter Mode (GCM) and Galois Message + Authentication Code (GMAC). Required for IPSec. -config CRYPTO_TGR192 - tristate "Tiger digest algorithms" - select CRYPTO_ALGAPI +config CRYPTO_SEQIV + tristate "Sequence Number IV Generator" + select CRYPTO_AEAD + select CRYPTO_BLKCIPHER help - Tiger hash algorithm 192, 160 and 128-bit hashes - - Tiger is a hash function optimized for 64-bit processors while - still having decent performance on 32-bit processors. - Tiger was developed by Ross Anderson and Eli Biham. - - See also: - <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>. + This IV generator generates an IV based on a sequence number by + xoring it with a salt. This algorithm is mainly useful for CTR -config CRYPTO_GF128MUL - tristate "GF(2^128) multiplication functions (EXPERIMENTAL)" - depends on EXPERIMENTAL - help - Efficient table driven implementation of multiplications in the - field GF(2^128). This is needed by some cypher modes. This - option will be selected automatically if you select such a - cipher mode. Only select this option by hand if you expect to load - an external module that requires these functions. +comment "Block modes" -config CRYPTO_ECB - tristate "ECB support" +config CRYPTO_CBC + tristate "CBC support" select CRYPTO_BLKCIPHER select CRYPTO_MANAGER help - ECB: Electronic CodeBook mode - This is the simplest block cipher algorithm. It simply encrypts - the input block by block. + CBC: Cipher Block Chaining mode + This block cipher algorithm is required for IPSec. -config CRYPTO_CBC - tristate "CBC support" +config CRYPTO_CTR + tristate "CTR support" select CRYPTO_BLKCIPHER + select CRYPTO_SEQIV select CRYPTO_MANAGER help - CBC: Cipher Block Chaining mode + CTR: Counter mode This block cipher algorithm is required for IPSec. -config CRYPTO_PCBC - tristate "PCBC support" +config CRYPTO_CTS + tristate "CTS support" + select CRYPTO_BLKCIPHER + help + CTS: Cipher Text Stealing + This is the Cipher Text Stealing mode as described by + Section 8 of rfc2040 and referenced by rfc3962. + (rfc3962 includes errata information in its Appendix A) + This mode is required for Kerberos gss mechanism support + for AES encryption. + +config CRYPTO_ECB + tristate "ECB support" select CRYPTO_BLKCIPHER select CRYPTO_MANAGER help - PCBC: Propagating Cipher Block Chaining mode - This block cipher algorithm is required for RxRPC. + ECB: Electronic CodeBook mode + This is the simplest |