From b6d44341864b50a308f932c39f03fb8ad5efb021 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Wed, 16 Jul 2008 19:28:00 +0800 Subject: crypto: Kconfig - Replace leading spaces with tabs Instead of tabs there were two spaces. Signed-off-by: Adrian Bunk Signed-off-by: Herbert Xu --- crypto/Kconfig | 81 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 42 insertions(+), 39 deletions(-) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index d83185915ee..4f72b308606 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -219,7 +219,7 @@ config CRYPTO_CRC32C Castagnoli, et al Cyclic Redundancy-Check Algorithm. Used by iSCSI for header and data digests and by others. See Castagnoli93. This implementation uses lib/libcrc32c. - Module will be crc32c. + Module will be crc32c. config CRYPTO_MD4 tristate "MD4 digest algorithm" @@ -243,55 +243,58 @@ config CRYPTO_MICHAEL_MIC of the algorithm. config CRYPTO_RMD128 - tristate "RIPEMD-128 digest algorithm" - select CRYPTO_ALGAPI - help - RIPEMD-128 (ISO/IEC 10118-3:2004). + tristate "RIPEMD-128 digest algorithm" + select CRYPTO_ALGAPI + help + RIPEMD-128 (ISO/IEC 10118-3:2004). - RIPEMD-128 is a 128-bit cryptographic hash function. It should only - to be used as a secure replacement for RIPEMD. For other use cases - RIPEMD-160 should be used. + RIPEMD-128 is a 128-bit cryptographic hash function. It should only + to be used as a secure replacement for RIPEMD. For other use cases + RIPEMD-160 should be used. - Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. - See + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. + See config CRYPTO_RMD160 - tristate "RIPEMD-160 digest algorithm" - select CRYPTO_ALGAPI - help - RIPEMD-160 (ISO/IEC 10118-3:2004). + tristate "RIPEMD-160 digest algorithm" + select CRYPTO_ALGAPI + help + RIPEMD-160 (ISO/IEC 10118-3:2004). - RIPEMD-160 is a 160-bit cryptographic hash function. It is intended - to be used as a secure replacement for the 128-bit hash functions - MD4, MD5 and it's predecessor RIPEMD (not to be confused with RIPEMD-128). + RIPEMD-160 is a 160-bit cryptographic hash function. It is intended + to be used as a secure replacement for the 128-bit hash functions + MD4, MD5 and it's predecessor RIPEMD + (not to be confused with RIPEMD-128). - It's speed is comparable to SHA1 and there are no known attacks against - RIPEMD-160. + It's speed is comparable to SHA1 and there are no known attacks + against RIPEMD-160. - Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. - See + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. + See config CRYPTO_RMD256 - tristate "RIPEMD-256 digest algorithm" - select CRYPTO_ALGAPI - help - RIPEMD-256 is an optional extension of RIPEMD-128 with a 256 bit hash. - It is intended for applications that require longer hash-results, without - needing a larger security level (than RIPEMD-128). + tristate "RIPEMD-256 digest algorithm" + select CRYPTO_ALGAPI + help + RIPEMD-256 is an optional extension of RIPEMD-128 with a + 256 bit hash. It is intended for applications that require + longer hash-results, without needing a larger security level + (than RIPEMD-128). - Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. - See + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. + See config CRYPTO_RMD320 - tristate "RIPEMD-320 digest algorithm" - select CRYPTO_ALGAPI - help - RIPEMD-320 is an optional extension of RIPEMD-160 with a 320 bit hash. - It is intended for applications that require longer hash-results, without - needing a larger security level (than RIPEMD-160). + tristate "RIPEMD-320 digest algorithm" + select CRYPTO_ALGAPI + help + RIPEMD-320 is an optional extension of RIPEMD-160 with a + 320 bit hash. It is intended for applications that require + longer hash-results, without needing a larger security level + (than RIPEMD-160). - Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. - See + Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. + See config CRYPTO_SHA1 tristate "SHA1 digest algorithm" @@ -308,8 +311,8 @@ config CRYPTO_SHA256 This version of SHA implements a 256 bit hash with 128 bits of security against collision attacks. - This code also includes SHA-224, a 224 bit hash with 112 bits - of security against collision attacks. + This code also includes SHA-224, a 224 bit hash with 112 bits + of security against collision attacks. config CRYPTO_SHA512 tristate "SHA384 and SHA512 digest algorithms" -- cgit v1.2.3 From 8cb51ba8e06570a5fff674b3744d12a1b089f2d0 Mon Sep 17 00:00:00 2001 From: Austin Zhang Date: Thu, 7 Aug 2008 09:57:03 +0800 Subject: crypto: crc32c - Use Intel CRC32 instruction From NHM processor onward, Intel processors can support hardware accelerated CRC32c algorithm with the new CRC32 instruction in SSE 4.2 instruction set. The patch detects the availability of the feature, and chooses the most proper way to calculate CRC32c checksum. Byte code instructions are used for compiler compatibility. No MMX / XMM registers is involved in the implementation. Signed-off-by: Austin Zhang Signed-off-by: Kent Liu Signed-off-by: Herbert Xu --- crypto/Kconfig | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 4f72b308606..797b9e15d72 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -221,6 +221,18 @@ config CRYPTO_CRC32C See Castagnoli93. This implementation uses lib/libcrc32c. Module will be crc32c. +config CRYPTO_CRC32C_INTEL + tristate "CRC32c INTEL hardware acceleration" + depends on X86 + select CRYPTO_HASH + help + In Intel processor with SSE4.2 supported, the processor will + support CRC32C implementation using hardware accelerated CRC32 + instruction. This option will create 'crc32c-intel' module, + which will enable any routine to use the CRC32 instruction to + gain performance compared with software implementation. + Module will be crc32c-intel. + config CRYPTO_MD4 tristate "MD4 digest algorithm" select CRYPTO_ALGAPI -- cgit v1.2.3 From da7f033ddc9fdebb3223b0bf88a2a2ab5b797608 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 31 Jul 2008 17:08:25 +0800 Subject: crypto: cryptomgr - Add test infrastructure This patch moves the newly created alg_test infrastructure into cryptomgr. This shall allow us to use it for testing at algorithm registrations. Signed-off-by: Herbert Xu --- crypto/Kconfig | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 797b9e15d72..776f90d249a 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -40,7 +40,9 @@ config CRYPTO_HASH config CRYPTO_MANAGER tristate "Cryptographic algorithm manager" - select CRYPTO_ALGAPI + select CRYPTO_AEAD + select CRYPTO_HASH + select CRYPTO_BLKCIPHER help Create default cryptographic template instantiations such as cbc(aes). @@ -85,9 +87,7 @@ config CRYPTO_AUTHENC config CRYPTO_TEST tristate "Testing module" depends on m - select CRYPTO_ALGAPI - select CRYPTO_AEAD - select CRYPTO_BLKCIPHER + select CRYPTO_MANAGER help Quick & dirty crypto test module. -- cgit v1.2.3 From ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4 Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Tue, 5 Aug 2008 14:13:08 +0800 Subject: crypto: api - Add fips_enable flag Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman Signed-off-by: Herbert Xu --- crypto/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 776f90d249a..a784c2dce57 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -21,6 +21,14 @@ if CRYPTO comment "Crypto core or helper" +config CRYPTO_FIPS + bool "FIPS 200 compliance" + help + This options enables the fips boot option which is + required if you want to system to operate in a FIPS 200 + certification. You should say no unless you know what + this is. + config CRYPTO_ALGAPI tristate help -- cgit v1.2.3 From 17f0f4a47df9aea9ee26c939f8057c35e0be1847 Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Thu, 14 Aug 2008 22:15:52 +1000 Subject: crypto: rng - RNG interface and implementation This patch adds a random number generator interface as well as a cryptographic pseudo-random number generator based on AES. It is meant to be used in cases where a deterministic CPRNG is required. One of the first applications will be as an input in the IPsec IV generation process. Signed-off-by: Neil Horman Signed-off-by: Herbert Xu --- crypto/Kconfig | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index a784c2dce57..2274293e71e 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -46,6 +46,10 @@ config CRYPTO_HASH tristate select CRYPTO_ALGAPI +config CRYPTO_RNG + tristate + select CRYPTO_ALGAPI + config CRYPTO_MANAGER tristate "Cryptographic algorithm manager" select CRYPTO_AEAD @@ -689,6 +693,18 @@ config CRYPTO_LZO help This is the LZO algorithm. +comment "Random Number Generation" + +config CRYPTO_ANSI_CPRNG + tristate "Pseudo Random Number Generation for Cryptographic modules" + select CRYPTO_AES + select CRYPTO_RNG + select CRYPTO_FIPS + help + This option enables the generic pseudo random number generator + for cryptographic modules. Uses the Algorithm specified in + ANSI X9.31 A.2.4 + source "drivers/crypto/Kconfig" endif # if CRYPTO -- cgit v1.2.3 From a0f000ec9b61b99111757df138b11144236fc59b Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 14 Aug 2008 22:21:31 +1000 Subject: crypto: skcipher - Use RNG interface instead of get_random_bytes This patch makes the IV generators use the new RNG interface so that the user can pick an RNG other than the default get_random_bytes. Signed-off-by: Herbert Xu --- crypto/Kconfig | 2 ++ 1 file changed, 2 insertions(+) (limited to 'crypto/Kconfig') diff --git a/crypto/Kconfig b/crypto/Kconfig index 2274293e71e..39dbd8e4dde 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -41,6 +41,7 @@ config CRYPTO_AEAD config CRYPTO_BLKCIPHER tristate select CRYPTO_ALGAPI + select CRYPTO_RNG config CRYPTO_HASH tristate @@ -125,6 +126,7 @@ config CRYPTO_SEQIV tristate "Sequence Number IV Generator" select CRYPTO_AEAD select CRYPTO_BLKCIPHER + select CRYPTO_RNG help This IV generator generates an IV based on a sequence number by xoring it with a salt. This algorithm is mainly useful for CTR -- cgit v1.2.3