1 files changed, 72 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch b/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch
new file mode 100644
index 0000000..b7a7268
--- /dev/null
+++ b/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,72 @@
+From f1a519d9eed072bd45a45d251603c64f942814fb Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@freescale.com>
+Date: Tue, 31 Mar 2015 16:16:28 +0300
+Subject: [PATCH 12/38] add support for TLSv1.2 record offload
+This adds support for composite algorithm offload in a single crypto
+(cipher + hmac) operation.
+Supported cipher suites:
+- 3des-ede-cbc-sha
+- aes-128-cbc-hmac-sha
+- aes-256-cbc-hmac-sha
+- aes-128-cbc-hmac-sha256
+- aes-256-cbc-hmac-sha256
+It requires either software or hardware TLS support in the Linux kernel
+and can be used with Freescale B*, P* and T* platforms that have support
+for hardware TLS acceleration.
+Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
+Change-Id: I21f45993505fc3dad09848a13aa20f778a7c2de0
+Reviewed-on: http://git.am.freescale.net:8181/33999
+Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
+Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
+---
+ crypto/cryptodev.h |  3 +++
+ ioctl.c            | 15 +++++++++++++++
+ 2 files changed, 18 insertions(+)
+diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
+index 61e8599..f6058ca 100644
+--- a/crypto/cryptodev.h
+++ b/crypto/cryptodev.h
+@@ -58,6 +58,9 @@ enum cryptodev_crypto_op_t {
+        CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
+        CRYPTO_TLS11_3DES_CBC_HMAC_SHA1,
+        CRYPTO_TLS11_AES_CBC_HMAC_SHA1,
+       CRYPTO_TLS12_3DES_CBC_HMAC_SHA1,
+       CRYPTO_TLS12_AES_CBC_HMAC_SHA1,
+       CRYPTO_TLS12_AES_CBC_HMAC_SHA256,
+        CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
+ };
+ 
+diff --git a/ioctl.c b/ioctl.c
+index ba82387..fb4c4e3 100644
+--- a/ioctl.c
+++ b/ioctl.c
+@@ -206,6 +206,21 @@ crypto_create_session(struct fcrypt *fcr, struct session_op *sop)
+                stream = 0;
+                aead = 1;
+                break;
+       case CRYPTO_TLS12_3DES_CBC_HMAC_SHA1:
+               alg_name = "tls12(hmac(sha1),cbc(des3_ede))";
+               stream = 0;
+               aead = 1;
+               break;
+       case CRYPTO_TLS12_AES_CBC_HMAC_SHA1:
+               alg_name = "tls12(hmac(sha1),cbc(aes))";
+               stream = 0;
+               aead = 1;
+               break;
+       case CRYPTO_TLS12_AES_CBC_HMAC_SHA256:
+               alg_name = "tls12(hmac(sha256),cbc(aes))";
+               stream = 0;
+               aead = 1;
+               break;
+        case CRYPTO_NULL:
+                alg_name = "ecb(cipher_null)";
+                stream = 1;
+-- 
+2.7.0

diff --git a/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch b/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch new file mode 100644 index 0000000..b7a7268 --- /dev/null +++ b/recipes-kernel/cryptodev/sdk_patches/0012-add-support-for-TLSv1.2-record-offload.patch
@@ -0,0 +1,72 @@
	1	From f1a519d9eed072bd45a45d251603c64f942814fb Mon Sep 17 00:00:00 2001
	2	From: Tudor Ambarus <tudor.ambarus@freescale.com>
	3	Date: Tue, 31 Mar 2015 16:16:28 +0300
	4	Subject: [PATCH 12/38] add support for TLSv1.2 record offload
	5
	6	This adds support for composite algorithm offload in a single crypto
	7	(cipher + hmac) operation.
	8
	9	Supported cipher suites:
	10	- 3des-ede-cbc-sha
	11	- aes-128-cbc-hmac-sha
	12	- aes-256-cbc-hmac-sha
	13	- aes-128-cbc-hmac-sha256
	14	- aes-256-cbc-hmac-sha256
	15
	16	It requires either software or hardware TLS support in the Linux kernel
	17	and can be used with Freescale B, P and T* platforms that have support
	18	for hardware TLS acceleration.
	19
	20	Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
	21	Change-Id: I21f45993505fc3dad09848a13aa20f778a7c2de0
	22	Reviewed-on: http://git.am.freescale.net:8181/33999
	23	Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com>
	24	Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
	25	---
	26	crypto/cryptodev.h \| 3 +++
	27	ioctl.c \| 15 +++++++++++++++
	28	2 files changed, 18 insertions(+)
	29
	30	diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h
	31	index 61e8599..f6058ca 100644
	32	--- a/crypto/cryptodev.h
	33	+++ b/crypto/cryptodev.h
	34	@@ -58,6 +58,9 @@ enum cryptodev_crypto_op_t {
	35	CRYPTO_TLS10_AES_CBC_HMAC_SHA1,
	36	CRYPTO_TLS11_3DES_CBC_HMAC_SHA1,
	37	CRYPTO_TLS11_AES_CBC_HMAC_SHA1,
	38	+ CRYPTO_TLS12_3DES_CBC_HMAC_SHA1,
	39	+ CRYPTO_TLS12_AES_CBC_HMAC_SHA1,
	40	+ CRYPTO_TLS12_AES_CBC_HMAC_SHA256,
	41	CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
	42	};
	43
	44	diff --git a/ioctl.c b/ioctl.c
	45	index ba82387..fb4c4e3 100644
	46	--- a/ioctl.c
	47	+++ b/ioctl.c
	48	@@ -206,6 +206,21 @@ crypto_create_session(struct fcrypt fcr, struct session_op sop)
	49	stream = 0;
	50	aead = 1;
	51	break;
	52	+ case CRYPTO_TLS12_3DES_CBC_HMAC_SHA1:
	53	+ alg_name = "tls12(hmac(sha1),cbc(des3_ede))";
	54	+ stream = 0;
	55	+ aead = 1;
	56	+ break;
	57	+ case CRYPTO_TLS12_AES_CBC_HMAC_SHA1:
	58	+ alg_name = "tls12(hmac(sha1),cbc(aes))";
	59	+ stream = 0;
	60	+ aead = 1;
	61	+ break;
	62	+ case CRYPTO_TLS12_AES_CBC_HMAC_SHA256:
	63	+ alg_name = "tls12(hmac(sha256),cbc(aes))";
	64	+ stream = 0;
	65	+ aead = 1;
	66	+ break;
	67	case CRYPTO_NULL:
	68	alg_name = "ecb(cipher_null)";
	69	stream = 1;
	70	--
	71	2.7.0
	72