api-intro.txt 6.1 KB
Newer Older
L
Linus Torvalds 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225

                    Scatterlist Cryptographic API
                   
INTRODUCTION

The Scatterlist Crypto API takes page vectors (scatterlists) as
arguments, and works directly on pages.  In some cases (e.g. ECB
mode ciphers), this will allow for pages to be encrypted in-place
with no copying.

One of the initial goals of this design was to readily support IPsec,
so that processing can be applied to paged skb's without the need
for linearization.


DETAILS

At the lowest level are algorithms, which register dynamically with the
API.

'Transforms' are user-instantiated objects, which maintain state, handle all
of the implementation logic (e.g. manipulating page vectors), provide an 
abstraction to the underlying algorithms, and handle common logical 
operations (e.g. cipher modes, HMAC for digests).  However, at the user 
level they are very simple.

Conceptually, the API layering looks like this:

  [transform api]  (user interface)
  [transform ops]  (per-type logic glue e.g. cipher.c, digest.c)
  [algorithm api]  (for registering algorithms)
  
The idea is to make the user interface and algorithm registration API
very simple, while hiding the core logic from both.  Many good ideas
from existing APIs such as Cryptoapi and Nettle have been adapted for this.

The API currently supports three types of transforms: Ciphers, Digests and
Compressors.  The compression algorithms especially seem to be performing
very well so far.

Support for hardware crypto devices via an asynchronous interface is
under development.

Here's an example of how to use the API:

	#include <linux/crypto.h>
	
	struct scatterlist sg[2];
	char result[128];
	struct crypto_tfm *tfm;
	
	tfm = crypto_alloc_tfm("md5", 0);
	if (tfm == NULL)
		fail();
		
	/* ... set up the scatterlists ... */
	
	crypto_digest_init(tfm);
	crypto_digest_update(tfm, &sg, 2);
	crypto_digest_final(tfm, result);
	
	crypto_free_tfm(tfm);

    
Many real examples are available in the regression test module (tcrypt.c).


CONFIGURATION NOTES

As Triple DES is part of the DES module, for those using modular builds,
add the following line to /etc/modprobe.conf:

  alias des3_ede des

The Null algorithms reside in the crypto_null module, so these lines
should also be added:

  alias cipher_null crypto_null
  alias digest_null crypto_null
  alias compress_null crypto_null

The SHA384 algorithm shares code within the SHA512 module, so you'll
also need:
  alias sha384 sha512


DEVELOPER NOTES

Transforms may only be allocated in user context, and cryptographic
methods may only be called from softirq and user contexts.

When using the API for ciphers, performance will be optimal if each
scatterlist contains data which is a multiple of the cipher's block
size (typically 8 bytes).  This prevents having to do any copying
across non-aligned page fragment boundaries.


ADDING NEW ALGORITHMS

When submitting a new algorithm for inclusion, a mandatory requirement
is that at least a few test vectors from known sources (preferably
standards) be included.

Converting existing well known code is preferred, as it is more likely
to have been reviewed and widely tested.  If submitting code from LGPL
sources, please consider changing the license to GPL (see section 3 of
the LGPL).

Algorithms submitted must also be generally patent-free (e.g. IDEA
will not be included in the mainline until around 2011), and be based
on a recognized standard and/or have been subjected to appropriate
peer review.

Also check for any RFCs which may relate to the use of specific algorithms,
as well as general application notes such as RFC2451 ("The ESP CBC-Mode
Cipher Algorithms").

It's a good idea to avoid using lots of macros and use inlined functions
instead, as gcc does a good job with inlining, while excessive use of
macros can cause compilation problems on some platforms.

Also check the TODO list at the web site listed below to see what people
might already be working on.


BUGS

Send bug reports to:
James Morris <jmorris@redhat.com>
Cc: David S. Miller <davem@redhat.com>


FURTHER INFORMATION

For further patches and various updates, including the current TODO
list, see:
http://samba.org/~jamesm/crypto/


AUTHORS

James Morris
David S. Miller


CREDITS

The following people provided invaluable feedback during the development
of the API:

  Alexey Kuznetzov
  Rusty Russell
  Herbert Valerio Riedel
  Jeff Garzik
  Michael Richardson
  Andrew Morton
  Ingo Oeser
  Christoph Hellwig

Portions of this API were derived from the following projects:
  
  Kerneli Cryptoapi (http://www.kerneli.org/)
    Alexander Kjeldaas
    Herbert Valerio Riedel
    Kyle McMartin
    Jean-Luc Cooke
    David Bryson
    Clemens Fruhwirth
    Tobias Ringstrom
    Harald Welte

and;
  
  Nettle (http://www.lysator.liu.se/~nisse/nettle/)
    Niels Möller

Original developers of the crypto algorithms:

  Dana L. How (DES)
  Andrew Tridgell and Steve French (MD4)
  Colin Plumb (MD5)
  Steve Reid (SHA1)
  Jean-Luc Cooke (SHA256, SHA384, SHA512)
  Kazunori Miyazawa / USAGI (HMAC)
  Matthew Skala (Twofish)
  Dag Arne Osvik (Serpent)
  Brian Gladman (AES)
  Kartikey Mahendra Bhatt (CAST6)
  Jon Oberheide (ARC4)
  Jouni Malinen (Michael MIC)

SHA1 algorithm contributors:
  Jean-Francois Dive
  
DES algorithm contributors:
  Raimar Falke
  Gisle Sælensminde
  Niels Möller

Blowfish algorithm contributors:
  Herbert Valerio Riedel
  Kyle McMartin

Twofish algorithm contributors:
  Werner Koch
  Marc Mutz

SHA256/384/512 algorithm contributors:
  Andrew McDonald
  Kyle McMartin
  Herbert Valerio Riedel
  
AES algorithm contributors:
  Alexander Kjeldaas
  Herbert Valerio Riedel
  Kyle McMartin
  Adam J. Richter
  Fruhwirth Clemens (i586)
  Linus Torvalds (i586)

CAST5 algorithm contributors:
  Kartikey Mahendra Bhatt (original developers unknown, FSF copyright).

TEA/XTEA algorithm contributors:
  Aaron Grothe
A
Aaron Grothe 已提交
226
  Michael Ringe
L
Linus Torvalds 已提交
227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245

Khazad algorithm contributors:
  Aaron Grothe

Whirlpool algorithm contributors:
  Aaron Grothe
  Jean-Luc Cooke

Anubis algorithm contributors:
  Aaron Grothe

Tiger algorithm contributors:
  Aaron Grothe

Generic scatterwalk code by Adam J. Richter <adam@yggdrasil.com>

Please send any credits updates or corrections to:
James Morris <jmorris@redhat.com>