diff options
Diffstat (limited to 'recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch')
-rw-r--r-- | recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch new file mode 100644 index 0000000..34d6ade --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0011-add-support-for-TLSv1.1-record-offload.patch | |||
@@ -0,0 +1,76 @@ | |||
1 | From 73c20be9ae1ed57d8c428c86471f42d953e79fba Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 31 Mar 2015 16:15:47 +0300 | ||
4 | Subject: [PATCH 11/38] add support for TLSv1.1 record offload | ||
5 | |||
6 | This adds support for composite algorithm offload in a single crypto | ||
7 | (cipher + hmac) operation. | ||
8 | |||
9 | Supported cipher suites: | ||
10 | - 3des-ede-cbc-sha | ||
11 | - aes-128-cbc-hmac-sha | ||
12 | - aes-256-cbc-hmac-sha | ||
13 | |||
14 | It requires either software or hardware TLS support in the Linux kernel | ||
15 | and can be used with Freescale B*, P* and T* platforms that have support | ||
16 | for hardware TLS acceleration. | ||
17 | |||
18 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
19 | Change-Id: Ia5f3fa7ec090d5643d71b0f608c68a274ec6b51f | ||
20 | Reviewed-on: http://git.am.freescale.net:8181/33998 | ||
21 | Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
22 | Tested-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
23 | --- | ||
24 | crypto/cryptodev.h | 4 +++- | ||
25 | ioctl.c | 14 ++++++++++++-- | ||
26 | 2 files changed, 15 insertions(+), 3 deletions(-) | ||
27 | |||
28 | diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h | ||
29 | index 07f40b2..61e8599 100644 | ||
30 | --- a/crypto/cryptodev.h | ||
31 | +++ b/crypto/cryptodev.h | ||
32 | @@ -54,8 +54,10 @@ enum cryptodev_crypto_op_t { | ||
33 | CRYPTO_SHA2_384, | ||
34 | CRYPTO_SHA2_512, | ||
35 | CRYPTO_SHA2_224_HMAC, | ||
36 | - CRYPTO_TLS10_AES_CBC_HMAC_SHA1, | ||
37 | CRYPTO_TLS10_3DES_CBC_HMAC_SHA1, | ||
38 | + CRYPTO_TLS10_AES_CBC_HMAC_SHA1, | ||
39 | + CRYPTO_TLS11_3DES_CBC_HMAC_SHA1, | ||
40 | + CRYPTO_TLS11_AES_CBC_HMAC_SHA1, | ||
41 | CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ | ||
42 | }; | ||
43 | |||
44 | diff --git a/ioctl.c b/ioctl.c | ||
45 | index 574e913..ba82387 100644 | ||
46 | --- a/ioctl.c | ||
47 | +++ b/ioctl.c | ||
48 | @@ -186,13 +186,23 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop) | ||
49 | stream = 1; | ||
50 | aead = 1; | ||
51 | break; | ||
52 | + case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: | ||
53 | + alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; | ||
54 | + stream = 0; | ||
55 | + aead = 1; | ||
56 | + break; | ||
57 | case CRYPTO_TLS10_AES_CBC_HMAC_SHA1: | ||
58 | alg_name = "tls10(hmac(sha1),cbc(aes))"; | ||
59 | stream = 0; | ||
60 | aead = 1; | ||
61 | break; | ||
62 | - case CRYPTO_TLS10_3DES_CBC_HMAC_SHA1: | ||
63 | - alg_name = "tls10(hmac(sha1),cbc(des3_ede))"; | ||
64 | + case CRYPTO_TLS11_3DES_CBC_HMAC_SHA1: | ||
65 | + alg_name = "tls11(hmac(sha1),cbc(des3_ede))"; | ||
66 | + stream = 0; | ||
67 | + aead = 1; | ||
68 | + break; | ||
69 | + case CRYPTO_TLS11_AES_CBC_HMAC_SHA1: | ||
70 | + alg_name = "tls11(hmac(sha1),cbc(aes))"; | ||
71 | stream = 0; | ||
72 | aead = 1; | ||
73 | break; | ||
74 | -- | ||
75 | 2.7.0 | ||
76 | |||