Hi, I want this user interface to be compatible with OpenSSL. Therefore, it musts have the sample API as OpenSSL. Internally, it would wrap around Linux CryptoAPI instead OCF-Linux. Each file descriptor would allow you to create any number of cloned fd to create transformation via I/O CTL call. Let me summary: 1. One sharable fd to issue I/O ctrl 2. I/O ctrl to create transformation on cloned fd 3. I/O ctrl to encrypt/decript/hash (structure of parameter will determine type of operation) 4. I/O ctrl as below (taken from OCF-Linux): /* * done against open of /dev/crypto, to get a cloned descriptor. * Please use F_SETFD against the cloned descriptor. */ #define CRIOGET _IOWR('c', 100, u_int32_t) #define CRIOASYMFEAT CIOCASYMFEAT #define CRIOFINDDEV CIOCFINDDEV /* the following are done against the cloned descriptor */ #define CIOCGSESSION _IOWR('c', 101, struct session_op) #define CIOCFSESSION _IOW('c', 102, u_int32_t) #define CIOCCRYPT _IOWR('c', 103, struct crypt_op) #define CIOCKEY _IOWR('c', 104, struct crypt_kop) #define CIOCASYMFEAT _IOR('c', 105, u_int32_t) #define CIOCGSESSION2 _IOWR('c', 106, struct session2_op) #define CIOCKEY2 _IOWR('c', 107, struct crypt_kop) #define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op) Any comments? -Loc -----Original Message----- From: Evgeniy Polyakov [mailto:johnpol@xxxxxxxxxxx] Sent: Tuesday, March 25, 2008 5:27 AM To: Herbert Xu Cc: Loc Ho; linux-crypto@xxxxxxxxxxxxxxx Subject: Re: User Space API for CryptoAPI Hi. On Tue, Mar 25, 2008 at 11:07:23AM +0800, Herbert Xu (herbert@xxxxxxxxxxxxxxxxxxx) wrote: > > Is there an user space API driver wrap around Linux CryptoAPI? I > > notice there is OCF-Linux which has an user interface that works with OpenSSL. > > It seems to use Linux CryptoAPI if there is no hardware offload with > > OCF. In addition, there is a fellow which developed cryptodev patch > > around Linux CryptoAPI but it is limited and doesn't support > > everything and not compatible with OpenSSL. Are there anything else? > > Evgeniy might have an implementation as well. What I had for acrypto is not very well suitable for what we have right now, so better create it from scratch. > I haven't had much time to look at this recently, but an fd-based > scheme involving splice could be interesting. Yes, I belive the simpler it is, the better result. Like creating tfm per opened file descriptor with ability to change cipher/mode/whatever via ioctl. -- Evgeniy Polyakov -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html