User`s guide
Cryptography
34
• Add a sysfs node to present frequency transition information for power management. (3.8)
A.4 Cryptography
• Ablkcipher now support encryption and decryption for AES, DES, and 3DES. (3.1)
• Add an eCryptfs mount option to check that the UID of the device being mounted is the same as the
expected UID. (3.1).
• The encrypted key type has been extended with the introduction of the ecryptfs format, intended for
use with the eCryptfs file system. The ecryptfs format stores an authentication token structure inside
an encrypted key payload, containing a randomly generated symmetric key. (3.1)
• An new user-space configuration API enables the instantiation, removal, and display of cryptographic
algorithms from user space. (3.2)
• An x86-64 implementation of Blowfish provides two sets of assembler functions:
• Regular one-block-at-a-time (1-way) encryption and decryption functions
• Four-blocks-at-a-time (4-way) functions that provide improved performance on out-of-order CPUs
On in-order CPUs, the performance of 4-way functions should be equal to that of 1-way functions. (3.2)
• An x86-64 assembler implementation of the SHA1 algorithm uses Supplemental Streaming SIMD
Extensions 3 (SSSE3) instructions or Advanced Vector Extensions (AVX) if available. Testing with
the tcrypt module demonstrates that raw hash performance is up to 2.3 times faster than the C
implementation. (3.2)
• A 3-way parallel x86-64 assembler implementation of Twofish encrypts data in three-block chunks, which
improves cipher performance on out-of-order CPUs. (3.2)
• Add support for MD5 algorithms to CAAM. (3.3)
• RSA digital-signature verification is implemented using the multiprecision math library from GnuPG, and
is used by the IMA/EVM digital signature extension. (3.3)
• A 4-way parallel i586/SSE2 assembler implementation of Serpent encrypts data in 4-block chunks. (3.3)
• An 8-way parallel x86-64/SSE2 assembler implementation of Serpent encrypts data in 8-block chunks
(two 4-block chunk SSE2 operations are performed in parallel to improve performance on out-of-order
CPUs). (3.3)
• LRW and XTS support added to Serpent-sse2. (3.3)
• HMAC algorithms added to Talitos. (3.3)
• XTS support added to twofish-x86_64-3way. (3.3)
• Add sha224 and sha384 variants to existing AEAD algorithms in CAAM. (3.4)
• Add x86-64 assembler implementation of the Camellia block cipher. Two sets of functions are provided:
• Regular one-block-at-a-time (1-way) encryption and decryption functions
• Two-blocks-at-a-time (2-way) functions that provide improved performance on out-of-order CPUs
On in-order CPUs, the performance of 2-way functions should be equal to that of 1-way functions. (3.4)










