RFC: Crypto API User-interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi:

This is what I am proposing for the Crypto API user-interface.

Note that this is the interface for operations.  There will be
a separate interface (most likely netlink) for configuring crypto
algorithms, e.g., picking a specific AES implementation as the
system default.

First of all let's have a quick look at what the user-space side
looks like for AEAD:

	int op;

	/* This fd corresponds to a tfm object. */
	tfmfd = socket(AF_ALG, SOCK_STREAM, 0);

	alg.type = "aead";
	alg.name = "ccm(aes)";
	bind(tfmfd, &alg, sizeof(alg));

	setsockopt(tfmfd, SOL_ALG, ALG_AEAD_SET_KEY, key, keylen);

The idea here is that each tfm corresponds to a listening socket.

	/* Each listen call generates one or more fds for input/output
	 * that behave like pipes.
	 */
	listen(tfmfd, 0);
	/* fd for encryption/decryption */
	opfd = accept(tfmfd, NULL, 0);
	/* fd for associated data */
	adfd = accept(tfmfd, NULL, 0);

Each session corresponds to one or more connections obtained from
that socket.  The number depends on the number of inputs/outputs
of that particular type of operation.  For most types, there will
be a s ingle connection/file descriptor that is used for both input
and output.  AEAD is one of the few that require two inputs.

	/* These may also be set through sendmsg(2) cmsgs. */
	op = ALG_AEAD_OP_ENCRYPT;
	setsockopt(opfd, SOL_ALG, ALG_AEAD_OP, op, sizeof(op));
	setsockopt(opfd, SOL_ALG, ALG_AEAD_SET_IV, iv, ivlen);

	/* Like pipes, larges writes will block!
	 * For AEAD, ensure the socket buffer is large enough.
	 * For ciphers, whenever the write blocks start reading.
	 * For hashes, writes should never block.
	 */
	write(opfd, plain, datalen);
	write(adfd, ad, adlen);

	/* The first read triggers the operation. */
	read(opfd, crypt, datalen);

	op = ALG_AEAD_OP_DECRYPT;
	setsockopt(opfd, SOL_ALG, ALG_AEAD_OP, op, sizeof(op));

	write(opfd, crypt, datalen);
	write(adfd, ad, adlen);

	/* Returns -1 with errno EBADMSG if auth fails */
	read(defd, plain, datalen);

	/* Zero-copy */
	splice(cryptfd, NULL, opfd, NULL, datalen, SPLICE_F_MOVE|SPLIFE_F_MORE);
	/* We allow writes to be split into multiple system calls. */
	splice(cryptfd2, NULL, opfd, NULL, datalen, SPLICE_F_MOVE);
	splice(adatafd, NULL, adfd, NULL, adlen, SPLICE_F_MOVE);

	/* For now reading is copy-only, if and when vmsplice
	 * starts supporting zero-copy to user then we can do it
	 * as well.
	 */
	read(opfd, plain, datalen);

Ciphers/compression are pretty much the same sans adfd.

For hashes:

	/* This fd corresponds to a tfm object. */
	tfmfd = socket(AF_ALG, SOCK_STREAM, 0);

	alg.type = "hash";
	alg.name = "xcbc(aes)";
	bind(tfmfd, &alg, sizeof(alg));

	setsockopt(tfmfd, SOL_ALG, ALG_HASH_SET_KEY, key, keylen);

	/* Each listen call generates one or more fds for input/output
	 * that behave like pipes.
	 */
	listen(tfmfd, 0);
	/* fd for hashing */
	opfd = accept(tfmfd, NULL, 0);

	/* MSG_MORE prevents finalisation */
	send(opfd, plain, datalen, MSG_MORE);

	/* Reads partial hash state */
	read(opfd, state, statelen);

	/* Restore from a partial hash state */
	send(opfd, state, statelen, MSG_OOB);

	/* Finalise */
	send(opfd, plain, 0, 0);
	read(opfd, hash, hashlen);

Please comment.

Thanks,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux