"Michael T. Babcock" wrote: > <snip> > Session = CryptoAccel_Init(); > if (CryptoAccel_Available(CRYPTA_SHA1)) > /* send data to be accelerated */ > else > /* do it yourself, or let the un-accelerated library do it */ <snip> What we have so far is the following (w/o error checking): userspace scans /proc/cipher/* for a cipher-id, kernel spaces can search a table. with this ID you do: (look at driver/block/loop_gen.c in a kernel patched with the kerneli patch) struct cipher_implementation *ci; struct cipher_context *cx; ci = find_cipher_by_id(cipherid); /* in case the cipher is implemented in a loadable module: */ ci->lock() cx = (struct cipher_context *) kmalloc( sizeof(struct cipher_context),GFP_KERNEL); cx->ci=ci; cx->keyinfo = kmalloc(ci->key_schedule_size, GFP_KERNEL); ci->set_key(cx,key,keysize); /* save away cx and later: */ cx->iv = ... /* for modes requiring an IV */ cx->ci->encrypt(cx,plaintext,ciphertext,length); /* or */ cx->ci->decrypt(cx,ciphertext,plaintext,length); /* or for re-keying */ cx->ci->setkey(cx,newkey,newkeylength); /* if you don't need it anymoe */ kfree(cx->keyinfo); kfree(cx); ci->unlock(); It would be easy to hide knowledge of ci->key_schedule_size from the user of this api and make the second kmalloc call inside ci->setkey. Also, we could add constructors and destructors (ci->init and ci->exit, e.g.). For now, they would be no-ops, but they might be necessary for hw crypto. I think that with some minor additions and changes this api (which, btw, does exist similarly for hash functions) would be capable of carrying even hw crypto. The backend has to be changed, of course, but the user interface would be stable. And something we are working on, too, is to benchmark cipher implementations on boot/module load and publish the results via /proc, so kernelspace users of this api can choose a suiting implementation by having a userspace deamon look at the encryption speed vs. key agility figures. And the best: It's there! Get it at ftp.*.kernel.org/pub/linux/kernel/crypto/. Marc -- Marc Mutz <Marc@xxxxxxxx> http://marc.mutz.com/Encryption-HOWTO/ University of Bielefeld, Dep. of Mathematics / Dep. of Physics PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
