RE: User Space API for CryptoAPI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I want this user interface to be compatible with OpenSSL. Therefore, it
musts have the sample API as OpenSSL. Internally, it would wrap around
Linux CryptoAPI instead OCF-Linux. Each file descriptor would allow you
to create any number of cloned fd to create transformation via I/O CTL
call. Let me summary:

1. One sharable fd to issue I/O ctrl
2. I/O ctrl to create transformation on cloned fd
3. I/O ctrl to encrypt/decript/hash (structure of parameter will
determine type of operation)
4. I/O ctrl as below (taken from OCF-Linux):

/*
 * done against open of /dev/crypto, to get a cloned descriptor.
 * Please use F_SETFD against the cloned descriptor.
 */
#define CRIOGET         _IOWR('c', 100, u_int32_t)
#define CRIOASYMFEAT    CIOCASYMFEAT
#define CRIOFINDDEV     CIOCFINDDEV

/* the following are done against the cloned descriptor */
#define CIOCGSESSION    _IOWR('c', 101, struct session_op)
#define CIOCFSESSION    _IOW('c', 102, u_int32_t)
#define CIOCCRYPT       _IOWR('c', 103, struct crypt_op)
#define CIOCKEY         _IOWR('c', 104, struct crypt_kop)
#define CIOCASYMFEAT    _IOR('c', 105, u_int32_t)
#define CIOCGSESSION2   _IOWR('c', 106, struct session2_op)
#define CIOCKEY2        _IOWR('c', 107, struct crypt_kop)
#define CIOCFINDDEV     _IOWR('c', 108, struct crypt_find_op)

Any comments?

-Loc

-----Original Message-----
From: Evgeniy Polyakov [mailto:johnpol@xxxxxxxxxxx] 
Sent: Tuesday, March 25, 2008 5:27 AM
To: Herbert Xu
Cc: Loc Ho; linux-crypto@xxxxxxxxxxxxxxx
Subject: Re: User Space API for CryptoAPI

Hi.

On Tue, Mar 25, 2008 at 11:07:23AM +0800, Herbert Xu
(herbert@xxxxxxxxxxxxxxxxxxx) wrote:
> > Is there an user space API driver wrap around Linux CryptoAPI? I 
> > notice there is OCF-Linux which has an user interface that works
with OpenSSL.
> > It seems to use Linux CryptoAPI if there is no hardware offload with

> > OCF. In addition, there is a fellow which developed cryptodev patch 
> > around Linux CryptoAPI but it is limited and doesn't support 
> > everything and not compatible with OpenSSL. Are there anything else?
> 
> Evgeniy might have an implementation as well.

What I had for acrypto is not very well suitable for what we have right
now, so better create it from scratch.

> I haven't had much time to look at this recently, but an fd-based 
> scheme involving splice could be interesting.

Yes, I belive the simpler it is, the better result.
Like creating tfm per opened file descriptor with ability to change
cipher/mode/whatever via ioctl.

-- 
	Evgeniy Polyakov
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux