linux.git/crypto/Kconfig, branch v2.6.33 Linux kernel source tree crypto: ghash-intel - Fix building failure on x86_32 2009-10-27T11:07:24+00:00 Huang Ying ying.huang@intel.com 2009-10-27T11:07:24+00:00 3e02e5cb47e049727a26c9c110867a26972bd0d6 CLMUL-NI accelerated GHASH should be turned off on non-x86_64 machine. Reported-by: Dave Young <hidave.darkstar@gmail.com> Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
CLMUL-NI accelerated GHASH should be turned off on non-x86_64 machine.

Reported-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ghash - Add PCLMULQDQ accelerated implementation 2009-10-19T02:53:06+00:00 Huang Ying ying.huang@intel.com 2009-10-19T02:53:06+00:00 0e1227d356e9b2fe0500d6cc7084f752040a1e0e PCLMULQDQ is used to accelerate the most time-consuming part of GHASH, carry-less multiplication. More information about PCLMULQDQ can be found at: http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode/ Because PCLMULQDQ changes XMM state, its usage must be enclosed with kernel_fpu_begin/end, which can be used only in process context, the acceleration is implemented as crypto_ahash. That is, request in soft IRQ context will be defered to the cryptd kernel thread. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
PCLMULQDQ is used to accelerate the most time-consuming part of GHASH,
carry-less multiplication. More information about PCLMULQDQ can be
found at:

http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode/

Because PCLMULQDQ changes XMM state, its usage must be enclosed with
kernel_fpu_begin/end, which can be used only in process context, the
acceleration is implemented as crypto_ahash. That is, request in soft
IRQ context will be defered to the cryptd kernel thread.

Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: vmac - New hash algorithm for intel_txt support 2009-09-02T10:05:22+00:00 Shane Wang shane.wang@intel.com 2009-09-02T10:05:22+00:00 f1939f7c56456d22a559d2c75156e91912a2e97e This patch adds VMAC (a fast MAC) support into crypto framework. Signed-off-by: Shane Wang <shane.wang@intel.com> Signed-off-by: Joseph Cihula <joseph.cihula@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch adds VMAC (a fast MAC) support into crypto framework.

Signed-off-by: Shane Wang <shane.wang@intel.com>
Signed-off-by: Joseph Cihula <joseph.cihula@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: fips - Depend on ansi_cprng 2009-08-20T07:54:16+00:00 Neil Horman nhorman@tuxdriver.com 2009-08-20T07:54:16+00:00 4e4ed83be6a64c8c9fe69c77f37a26bb62ed21f7 What about something like this? It defaults the CPRNG to m and makes FIPS dependent on the CPRNG. That way you get a module build by default, but you can change it to y manually during config and still satisfy the dependency, and if you select N it disables FIPS as well. I rather like that better than making FIPS a tristate. I just tested it out here and it seems to work well. Let me know what you think Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
What about something like this?  It defaults the CPRNG to m and makes FIPS
dependent on the CPRNG.  That way you get a module build by default, but you can
change it to y manually during config and still satisfy the dependency, and if
you select N it disables FIPS as well.  I rather like that better than making
FIPS a tristate.  I just tested it out here and it seems to work well.  Let me
know what you think

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Revert crypto: fips - Select CPRNG 2009-08-13T12:41:25+00:00 Herbert Xu herbert@gondor.apana.org.au 2009-08-13T11:33:06+00:00 73fec1209433d6b33924c1b06122ee217ce98931 This reverts commit 215ccd6f55a2144bd553e0a3d12e1386f02309fd. It causes CPRNG and everything selected by it to be built-in whenever FIPS is enabled. The problem is that it is selecting a tristate from a bool, which is usually not what is intended. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This reverts commit 215ccd6f55a2144bd553e0a3d12e1386f02309fd.

It causes CPRNG and everything selected by it to be built-in
whenever FIPS is enabled.  The problem is that it is selecting
a tristate from a bool, which is usually not what is intended.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: gcm - Use GHASH digest algorithm 2009-08-06T05:34:26+00:00 Huang Ying ying.huang@intel.com 2009-08-06T05:34:26+00:00 9382d97af586a47dad312765e35c61aa7ad7fcdd Remove the dedicated GHASH implementation in GCM, and uses the GHASH digest algorithm instead. This will make GCM uses hardware accelerated GHASH implementation automatically if available. ahash instead of shash interface is used, because some hardware accelerated GHASH implementation needs asynchronous interface. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Remove the dedicated GHASH implementation in GCM, and uses the GHASH
digest algorithm instead. This will make GCM uses hardware accelerated
GHASH implementation automatically if available.

ahash instead of shash interface is used, because some hardware
accelerated GHASH implementation needs asynchronous interface.

Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ghash - Add GHASH digest algorithm for GCM 2009-08-06T05:32:38+00:00 Huang Ying ying.huang@intel.com 2009-08-06T05:32:38+00:00 2cdc6899a88e2b9c6cb82ebd547bf58932d534df GHASH is implemented as a shash algorithm. The actual implementation is copied from gcm.c. This makes it possible to add architecture/hardware accelerated GHASH implementation. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
GHASH is implemented as a shash algorithm. The actual implementation
is copied from gcm.c. This makes it possible to add
architecture/hardware accelerated GHASH implementation.

Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: fips - Select CPRNG 2009-06-21T13:38:03+00:00 Neil Horman nhorman@tuxdriver.com 2009-06-21T13:38:03+00:00 215ccd6f55a2144bd553e0a3d12e1386f02309fd The ANSI CPRNG has no dependence on FIPS support. FIPS support however, requires the use of the CPRNG. Adjust that depedency relationship in Kconfig. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The ANSI CPRNG has no dependence on FIPS support.  FIPS support however,
requires the use of the CPRNG.  Adjust that depedency relationship in Kconfig.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: ansi_cprng - Do not select FIPS 2009-06-19T12:32:58+00:00 Herbert Xu herbert@gondor.apana.org.au 2009-06-19T12:32:58+00:00 27300176d75e4723e2125e745a98a77bf0133f72 The RNG should work with FIPS disabled. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The RNG should work with FIPS disabled.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: aes-ni - Add support for more modes 2009-06-02T04:04:16+00:00 Huang Ying ying.huang@intel.com 2009-03-29T07:41:20+00:00 2cf4ac8beb9dc50a315a6155b7b70e754d511958 Because kernel_fpu_begin() and kernel_fpu_end() operations are too slow, the performance gain of general mode implementation + aes-aesni is almost all compensated. The AES-NI support for more modes are implemented as follow: - Add a new AES algorithm implementation named __aes-aesni without kernel_fpu_begin/end() - Use fpu(<mode>(AES)) to provide kenrel_fpu_begin/end() invoking - Add <mode>(AES) ablkcipher, which uses cryptd(fpu(<mode>(AES))) to defer cryption to cryptd context in soft_irq context. Now the ctr, lrw, pcbc and xts support are added. Performance testing based on dm-crypt shows that cryption time can be reduced to 50% of general mode implementation + aes-aesni implementation. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Because kernel_fpu_begin() and kernel_fpu_end() operations are too
slow, the performance gain of general mode implementation + aes-aesni
is almost all compensated.

The AES-NI support for more modes are implemented as follow:

- Add a new AES algorithm implementation named __aes-aesni without
  kernel_fpu_begin/end()

- Use fpu(<mode>(AES)) to provide kenrel_fpu_begin/end() invoking

- Add <mode>(AES) ablkcipher, which uses cryptd(fpu(<mode>(AES))) to
  defer cryption to cryptd context in soft_irq context.

Now the ctr, lrw, pcbc and xts support are added.

Performance testing based on dm-crypt shows that cryption time can be
reduced to 50% of general mode implementation + aes-aesni implementation.

Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>