2005-04-17 00:20:36 +02:00
|
|
|
#
|
|
|
|
# Cryptographic API
|
|
|
|
#
|
|
|
|
|
2008-03-30 10:36:09 +02:00
|
|
|
obj-$(CONFIG_CRYPTO) += crypto.o
|
2010-11-27 09:32:57 +01:00
|
|
|
crypto-y := api.o cipher.o compress.o
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2009-02-19 07:33:40 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_WORKQUEUE) += crypto_wq.o
|
|
|
|
|
2008-08-05 08:13:08 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_FIPS) += fips.o
|
|
|
|
|
2006-08-21 13:08:13 +02:00
|
|
|
crypto_algapi-$(CONFIG_PROC_FS) += proc.o
|
2010-11-27 09:32:57 +01:00
|
|
|
crypto_algapi-y := algapi.o scatterwalk.o $(crypto_algapi-y)
|
2008-12-10 13:29:44 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_ALGAPI2) += crypto_algapi.o
|
2005-04-17 00:20:36 +02:00
|
|
|
|
2008-12-10 13:29:44 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_AEAD2) += aead.o
|
2007-11-27 12:48:27 +01:00
|
|
|
|
2010-11-27 09:32:57 +01:00
|
|
|
crypto_blkcipher-y := ablkcipher.o
|
|
|
|
crypto_blkcipher-y += blkcipher.o
|
2008-12-10 13:29:44 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_BLKCIPHER2) += crypto_blkcipher.o
|
|
|
|
obj-$(CONFIG_CRYPTO_BLKCIPHER2) += chainiv.o
|
|
|
|
obj-$(CONFIG_CRYPTO_BLKCIPHER2) += eseqiv.o
|
2007-11-30 11:38:37 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o
|
2006-08-21 16:07:53 +02:00
|
|
|
|
2010-11-27 09:32:57 +01:00
|
|
|
crypto_hash-y += ahash.o
|
|
|
|
crypto_hash-y += shash.o
|
2008-12-10 13:29:44 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o
|
2006-08-19 14:24:23 +02:00
|
|
|
|
2010-06-03 12:33:06 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_PCOMP2) += pcompress.o
|
crypto: compress - Add pcomp interface
The current "comp" crypto interface supports one-shot (de)compression only,
i.e. the whole data buffer to be (de)compressed must be passed at once, and
the whole (de)compressed data buffer will be received at once.
In several use-cases (e.g. compressed file systems that store files in big
compressed blocks), this workflow is not suitable.
Furthermore, the "comp" type doesn't provide for the configuration of
(de)compression parameters, and always allocates workspace memory for both
compression and decompression, which may waste memory.
To solve this, add a "pcomp" partial (de)compression interface that provides
the following operations:
- crypto_compress_{init,update,final}() for compression,
- crypto_decompress_{init,update,final}() for decompression,
- crypto_{,de}compress_setup(), to configure (de)compression parameters
(incl. allocating workspace memory).
The (de)compression methods take a struct comp_request, which was mimicked
after the z_stream object in zlib, and contains buffer pointer and length
pairs for input and output.
The setup methods take an opaque parameter pointer and length pair. Parameters
are supposed to be encoded using netlink attributes, whose meanings depend on
the actual (name of the) (de)compression algorithm.
Signed-off-by: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-03-04 08:05:33 +01:00
|
|
|
|
2010-11-27 09:32:57 +01:00
|
|
|
cryptomgr-y := algboss.o testmgr.o
|
2008-07-31 11:08:25 +02:00
|
|
|
|
2008-12-10 13:29:44 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o
|
2005-04-17 00:20:36 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
|
2009-09-02 12:05:22 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_VMAC) += vmac.o
|
2006-10-28 05:15:24 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o
|
2005-04-17 00:20:36 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o
|
|
|
|
obj-$(CONFIG_CRYPTO_MD4) += md4.o
|
|
|
|
obj-$(CONFIG_CRYPTO_MD5) += md5.o
|
2008-05-07 16:14:10 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_RMD128) += rmd128.o
|
|
|
|
obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o
|
2008-05-09 15:27:02 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_RMD256) += rmd256.o
|
|
|
|
obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o
|
2007-10-08 05:45:10 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
|
|
|
|
obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
|
2008-03-06 12:55:38 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
|
2005-04-17 00:20:36 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_WP512) += wp512.o
|
|
|
|
obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
|
2006-11-29 08:59:44 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
|
2006-09-21 03:44:08 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_ECB) += ecb.o
|
|
|
|
obj-$(CONFIG_CRYPTO_CBC) += cbc.o
|
2006-12-16 02:09:02 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
|
2008-03-24 14:26:16 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_CTS) += cts.o
|
2006-11-25 23:43:10 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_LRW) += lrw.o
|
2007-09-19 14:23:13 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_XTS) += xts.o
|
[CRYPTO] ctr: Add CTR (Counter) block cipher mode
This patch implements CTR mode for IPsec.
It is based off of RFC 3686.
Please note:
1. CTR turns a block cipher into a stream cipher.
Encryption is done in blocks, however the last block
may be a partial block.
A "counter block" is encrypted, creating a keystream
that is xor'ed with the plaintext. The counter portion
of the counter block is incremented after each block
of plaintext is encrypted.
Decryption is performed in same manner.
2. The CTR counterblock is composed of,
nonce + IV + counter
The size of the counterblock is equivalent to the
blocksize of the cipher.
sizeof(nonce) + sizeof(IV) + sizeof(counter) = blocksize
The CTR template requires the name of the cipher
algorithm, the sizeof the nonce, and the sizeof the iv.
ctr(cipher,sizeof_nonce,sizeof_iv)
So for example,
ctr(aes,4,8)
specifies the counterblock will be composed of 4 bytes
from a nonce, 8 bytes from the iv, and 4 bytes for counter
since aes has a blocksize of 16 bytes.
3. The counter portion of the counter block is stored
in big endian for conformance to rfc 3686.
Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-10-23 02:50:32 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_CTR) += ctr.o
|
2007-11-26 15:24:11 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_GCM) += gcm.o
|
2007-12-12 13:25:13 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_CCM) += ccm.o
|
2010-01-07 05:57:19 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o
|
2007-04-16 12:49:20 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
|
2007-10-05 10:42:03 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_DES) += des_generic.o
|
2006-12-16 02:13:14 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
|
2005-04-17 00:20:36 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
|
2010-06-03 13:02:51 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o
|
2006-06-20 12:37:23 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
|
2005-04-17 00:20:36 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
|
2007-10-05 10:52:01 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_AES) += aes_generic.o
|
2007-01-24 11:47:48 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o
|
2005-04-17 00:20:36 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
|
|
|
|
obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
|
|
|
|
obj-$(CONFIG_CRYPTO_ARC4) += arc4.o
|
|
|
|
obj-$(CONFIG_CRYPTO_TEA) += tea.o
|
|
|
|
obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
|
|
|
|
obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
|
2007-08-21 14:01:03 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_SEED) += seed.o
|
2007-11-23 12:45:00 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_SALSA20) += salsa20_generic.o
|
2005-04-17 00:20:36 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
|
2009-03-04 08:15:49 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_ZLIB) += zlib.o
|
2005-04-17 00:20:36 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
|
|
|
|
obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 10:24:15 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o
|
2007-12-07 09:53:23 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_LZO) += lzo.o
|
2008-12-10 13:29:44 +01:00
|
|
|
obj-$(CONFIG_CRYPTO_RNG2) += rng.o
|
|
|
|
obj-$(CONFIG_CRYPTO_RNG2) += krng.o
|
2008-08-14 14:15:52 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o
|
2005-04-17 00:20:36 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
|
2009-08-06 07:32:38 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_GHASH) += ghash-generic.o
|
2010-10-19 15:12:39 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_USER_API) += af_alg.o
|
2010-10-19 15:23:00 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_USER_API_HASH) += algif_hash.o
|
2010-10-19 15:31:55 +02:00
|
|
|
obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o
|
2007-07-09 20:56:42 +02:00
|
|
|
|
|
|
|
#
|
|
|
|
# generic algorithms and the async_tx api
|
|
|
|
#
|
|
|
|
obj-$(CONFIG_XOR_BLOCKS) += xor.o
|
async_tx: add the async_tx api
The async_tx api provides methods for describing a chain of asynchronous
bulk memory transfers/transforms with support for inter-transactional
dependencies. It is implemented as a dmaengine client that smooths over
the details of different hardware offload engine implementations. Code
that is written to the api can optimize for asynchronous operation and the
api will fit the chain of operations to the available offload resources.
I imagine that any piece of ADMA hardware would register with the
'async_*' subsystem, and a call to async_X would be routed as
appropriate, or be run in-line. - Neil Brown
async_tx exploits the capabilities of struct dma_async_tx_descriptor to
provide an api of the following general format:
struct dma_async_tx_descriptor *
async_<operation>(..., struct dma_async_tx_descriptor *depend_tx,
dma_async_tx_callback cb_fn, void *cb_param)
{
struct dma_chan *chan = async_tx_find_channel(depend_tx, <operation>);
struct dma_device *device = chan ? chan->device : NULL;
int int_en = cb_fn ? 1 : 0;
struct dma_async_tx_descriptor *tx = device ?
device->device_prep_dma_<operation>(chan, len, int_en) : NULL;
if (tx) { /* run <operation> asynchronously */
...
tx->tx_set_dest(addr, tx, index);
...
tx->tx_set_src(addr, tx, index);
...
async_tx_submit(chan, tx, flags, depend_tx, cb_fn, cb_param);
} else { /* run <operation> synchronously */
...
<operation>
...
async_tx_sync_epilog(flags, depend_tx, cb_fn, cb_param);
}
return tx;
}
async_tx_find_channel() returns a capable channel from its pool. The
channel pool is organized as a per-cpu array of channel pointers. The
async_tx_rebalance() routine is tasked with managing these arrays. In the
uniprocessor case async_tx_rebalance() tries to spread responsibility
evenly over channels of similar capabilities. For example if there are two
copy+xor channels, one will handle copy operations and the other will
handle xor. In the SMP case async_tx_rebalance() attempts to spread the
operations evenly over the cpus, e.g. cpu0 gets copy channel0 and xor
channel0 while cpu1 gets copy channel 1 and xor channel 1. When a
dependency is specified async_tx_find_channel defaults to keeping the
operation on the same channel. A xor->copy->xor chain will stay on one
channel if it supports both operation types, otherwise the transaction will
transition between a copy and a xor resource.
Currently the raid5 implementation in the MD raid456 driver has been
converted to the async_tx api. A driver for the offload engines on the
Intel Xscale series of I/O processors, iop-adma, is provided in a later
commit. With the iop-adma driver and async_tx, raid456 is able to offload
copy, xor, and xor-zero-sum operations to hardware engines.
On iop342 tiobench showed higher throughput for sequential writes (20 - 30%
improvement) and sequential reads to a degraded array (40 - 55%
improvement). For the other cases performance was roughly equal, +/- a few
percentage points. On a x86-smp platform the performance of the async_tx
implementation (in synchronous mode) was also +/- a few percentage points
of the original implementation. According to 'top' on iop342 CPU
utilization drops from ~50% to ~15% during a 'resync' while the speed
according to /proc/mdstat doubles from ~25 MB/s to ~50 MB/s.
The tiobench command line used for testing was: tiobench --size 2048
--block 4096 --block 131072 --dir /mnt/raid --numruns 5
* iop342 had 1GB of memory available
Details:
* if CONFIG_DMA_ENGINE=n the asynchronous path is compiled away by making
async_tx_find_channel a static inline routine that always returns NULL
* when a callback is specified for a given transaction an interrupt will
fire at operation completion time and the callback will occur in a
tasklet. if the the channel does not support interrupts then a live
polling wait will be performed
* the api is written as a dmaengine client that requests all available
channels
* In support of dependencies the api implicitly schedules channel-switch
interrupts. The interrupt triggers the cleanup tasklet which causes
pending operations to be scheduled on the next channel
* Xor engines treat an xor destination address differently than a software
xor routine. To the software routine the destination address is an implied
source, whereas engines treat it as a write-only destination. This patch
modifies the xor_blocks routine to take a an explicit destination address
to mirror the hardware.
Changelog:
* fixed a leftover debug print
* don't allow callbacks in async_interrupt_cond
* fixed xor_block changes
* fixed usage of ASYNC_TX_XOR_DROP_DEST
* drop dma mapping methods, suggested by Chris Leech
* printk warning fixups from Andrew Morton
* don't use inline in C files, Adrian Bunk
* select the API when MD is enabled
* BUG_ON xor source counts <= 1
* implicitly handle hardware concerns like channel switching and
interrupts, Neil Brown
* remove the per operation type list, and distribute operation capabilities
evenly amongst the available channels
* simplify async_tx_find_channel to optimize the fast path
* introduce the channel_table_initialized flag to prevent early calls to
the api
* reorganize the code to mimic crypto
* include mm.h as not all archs include it in dma-mapping.h
* make the Kconfig options non-user visible, Adrian Bunk
* move async_tx under crypto since it is meant as 'core' functionality, and
the two may share algorithms in the future
* move large inline functions into c files
* checkpatch.pl fixes
* gpl v2 only correction
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Acked-By: NeilBrown <neilb@suse.de>
2007-01-02 19:10:44 +01:00
|
|
|
obj-$(CONFIG_ASYNC_CORE) += async_tx/
|