diff options
author | Cristian Stoica <cristian.stoica@freescale.com> | 2013-10-31 18:05:12 (GMT) |
---|---|---|
committer | Jose Rivera <German.Rivera@freescale.com> | 2014-03-28 13:38:03 (GMT) |
commit | 6b9a65077f314d5ede4a0a917e6cfde93c5377a9 (patch) | |
tree | 3632f428ff9e02921b81170ba654d3c84d2671ae /crypto/Kconfig | |
parent | 887fd86a5f104695084a815035040fd0c3866cc1 (diff) | |
download | linux-fsl-qoriq-6b9a65077f314d5ede4a0a917e6cfde93c5377a9.tar.xz |
crypto: add support for TLS 1.0 record encryption
This patch adds kernel support for encryption/decryption of TLS 1.0
records using block ciphers. Implementation is similar to authenc in the
sense that the base algorithms (AES, SHA1) are combined in a template to
produce TLS encapsulation frames. The composite algorithm will be called
"tls10(hmac(<digest>),cbc(<cipher>))". The cipher and hmac keys are
wrapped in the same format used by authenc.c
Change-Id: If2211062f1e8805ee1fe9e6684e7c0902bf44467
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Reviewed-on: http://git.am.freescale.net:8181/6211
Reviewed-by: Mircea Pop <mircea.pop@freescale.com>
Reviewed-by: Thomas Trefny <Tom.Trefny@freescale.com>
Tested-by: Review Code-CDREVIEW <CDREVIEW@freescale.com>
Reviewed-by: Jose Rivera <German.Rivera@freescale.com>
(cherry picked from commit e2fe61d3fe94949f9fc5766f7b27a1d19c9d4d6e)
Conflicts:
crypto/tcrypt.c
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Change-Id: I6ecb63c7cb8c64aef984e71e439dab6000666b29
Reviewed-on: http://git.am.freescale.net:8181/10373
Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
Reviewed-by: Mircea Pop <mircea.pop@freescale.com>
Reviewed-by: Alexandru Porosanu <alexandru.porosanu@freescale.com>
Tested-by: Review Code-CDREVIEW <CDREVIEW@freescale.com>
Reviewed-by: Jose Rivera <German.Rivera@freescale.com>
Diffstat (limited to 'crypto/Kconfig')
-rw-r--r-- | crypto/Kconfig | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index 7bcb70d..6c37bdb 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -211,6 +211,24 @@ config CRYPTO_SEQIV This IV generator generates an IV based on a sequence number by xoring it with a salt. This algorithm is mainly useful for CTR +config CRYPTO_TLS + tristate "TLS support" + select CRYPTO_AEAD + select CRYPTO_BLKCIPHER + select CRYPTO_MANAGER + select CRYPTO_HASH + help + Support for TLS 1.0 record encryption and decryption + + This module adds support for encryption/decryption of TLS 1.0 frames + using blockcipher algorithms. The name of the resulting algorithm is + "tls10(hmac(<digest>),cbc(<cipher>))". By default, the generic base + algorithms are used (e.g. aes-generic, sha1-generic), but hardware + accelerated versions will be used automatically if available. + + User-space applications (OpenSSL, GnuTLS) can offload TLS 1.0 + operations through AF_ALG or cryptodev interfaces + comment "Block modes" config CRYPTO_CBC |