• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1
2                    Scatterlist Cryptographic API
3
4INTRODUCTION
5
6The Scatterlist Crypto API takes page vectors (scatterlists) as
7arguments, and works directly on pages.  In some cases (e.g. ECB
8mode ciphers), this will allow for pages to be encrypted in-place
9with no copying.
10
11One of the initial goals of this design was to readily support IPsec,
12so that processing can be applied to paged skb's without the need
13for linearization.
14
15
16DETAILS
17
18At the lowest level are algorithms, which register dynamically with the
19API.
20
21'Transforms' are user-instantiated objects, which maintain state, handle all
22of the implementation logic (e.g. manipulating page vectors) and provide an
23abstraction to the underlying algorithms.  However, at the user
24level they are very simple.
25
26Conceptually, the API layering looks like this:
27
28  [transform api]  (user interface)
29  [transform ops]  (per-type logic glue e.g. cipher.c, compress.c)
30  [algorithm api]  (for registering algorithms)
31
32The idea is to make the user interface and algorithm registration API
33very simple, while hiding the core logic from both.  Many good ideas
34from existing APIs such as Cryptoapi and Nettle have been adapted for this.
35
36The API currently supports five main types of transforms: AEAD (Authenticated
37Encryption with Associated Data), Block Ciphers, Ciphers, Compressors and
38Hashes.
39
40Please note that Block Ciphers is somewhat of a misnomer.  It is in fact
41meant to support all ciphers including stream ciphers.  The difference
42between Block Ciphers and Ciphers is that the latter operates on exactly
43one block while the former can operate on an arbitrary amount of data,
44subject to block size requirements (i.e., non-stream ciphers can only
45process multiples of blocks).
46
47Support for hardware crypto devices via an asynchronous interface is
48under development.
49
50Here's an example of how to use the API:
51
52	#include <linux/crypto.h>
53	#include <linux/err.h>
54	#include <linux/scatterlist.h>
55
56	struct scatterlist sg[2];
57	char result[128];
58	struct crypto_hash *tfm;
59	struct hash_desc desc;
60
61	tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
62	if (IS_ERR(tfm))
63		fail();
64
65	/* ... set up the scatterlists ... */
66
67	desc.tfm = tfm;
68	desc.flags = 0;
69
70	if (crypto_hash_digest(&desc, sg, 2, result))
71		fail();
72
73	crypto_free_hash(tfm);
74
75
76Many real examples are available in the regression test module (tcrypt.c).
77
78
79DEVELOPER NOTES
80
81Transforms may only be allocated in user context, and cryptographic
82methods may only be called from softirq and user contexts.  For
83transforms with a setkey method it too should only be called from
84user context.
85
86When using the API for ciphers, performance will be optimal if each
87scatterlist contains data which is a multiple of the cipher's block
88size (typically 8 bytes).  This prevents having to do any copying
89across non-aligned page fragment boundaries.
90
91
92ADDING NEW ALGORITHMS
93
94When submitting a new algorithm for inclusion, a mandatory requirement
95is that at least a few test vectors from known sources (preferably
96standards) be included.
97
98Converting existing well known code is preferred, as it is more likely
99to have been reviewed and widely tested.  If submitting code from LGPL
100sources, please consider changing the license to GPL (see section 3 of
101the LGPL).
102
103Algorithms submitted must also be generally patent-free (e.g. IDEA
104will not be included in the mainline until around 2011), and be based
105on a recognized standard and/or have been subjected to appropriate
106peer review.
107
108Also check for any RFCs which may relate to the use of specific algorithms,
109as well as general application notes such as RFC2451 ("The ESP CBC-Mode
110Cipher Algorithms").
111
112It's a good idea to avoid using lots of macros and use inlined functions
113instead, as gcc does a good job with inlining, while excessive use of
114macros can cause compilation problems on some platforms.
115
116Also check the TODO list at the web site listed below to see what people
117might already be working on.
118
119
120BUGS
121
122Send bug reports to:
123linux-crypto@vger.kernel.org
124Cc: Herbert Xu <herbert@gondor.apana.org.au>,
125    David S. Miller <davem@redhat.com>
126
127
128FURTHER INFORMATION
129
130For further patches and various updates, including the current TODO
131list, see:
132http://gondor.apana.org.au/~herbert/crypto/
133
134
135AUTHORS
136
137James Morris
138David S. Miller
139Herbert Xu
140
141
142CREDITS
143
144The following people provided invaluable feedback during the development
145of the API:
146
147  Alexey Kuznetzov
148  Rusty Russell
149  Herbert Valerio Riedel
150  Jeff Garzik
151  Michael Richardson
152  Andrew Morton
153  Ingo Oeser
154  Christoph Hellwig
155
156Portions of this API were derived from the following projects:
157
158  Kerneli Cryptoapi (http://www.kerneli.org/)
159    Alexander Kjeldaas
160    Herbert Valerio Riedel
161    Kyle McMartin
162    Jean-Luc Cooke
163    David Bryson
164    Clemens Fruhwirth
165    Tobias Ringstrom
166    Harald Welte
167
168and;
169
170  Nettle (http://www.lysator.liu.se/~nisse/nettle/)
171    Niels Möller
172
173Original developers of the crypto algorithms:
174
175  Dana L. How (DES)
176  Andrew Tridgell and Steve French (MD4)
177  Colin Plumb (MD5)
178  Steve Reid (SHA1)
179  Jean-Luc Cooke (SHA256, SHA384, SHA512)
180  Kazunori Miyazawa / USAGI (HMAC)
181  Matthew Skala (Twofish)
182  Dag Arne Osvik (Serpent)
183  Brian Gladman (AES)
184  Kartikey Mahendra Bhatt (CAST6)
185  Jon Oberheide (ARC4)
186  Jouni Malinen (Michael MIC)
187  NTT(Nippon Telegraph and Telephone Corporation) (Camellia)
188
189SHA1 algorithm contributors:
190  Jean-Francois Dive
191
192DES algorithm contributors:
193  Raimar Falke
194  Gisle Sælensminde
195  Niels Möller
196
197Blowfish algorithm contributors:
198  Herbert Valerio Riedel
199  Kyle McMartin
200
201Twofish algorithm contributors:
202  Werner Koch
203  Marc Mutz
204
205SHA256/384/512 algorithm contributors:
206  Andrew McDonald
207  Kyle McMartin
208  Herbert Valerio Riedel
209
210AES algorithm contributors:
211  Alexander Kjeldaas
212  Herbert Valerio Riedel
213  Kyle McMartin
214  Adam J. Richter
215  Fruhwirth Clemens (i586)
216  Linus Torvalds (i586)
217
218CAST5 algorithm contributors:
219  Kartikey Mahendra Bhatt (original developers unknown, FSF copyright).
220
221TEA/XTEA algorithm contributors:
222  Aaron Grothe
223  Michael Ringe
224
225Khazad algorithm contributors:
226  Aaron Grothe
227
228Whirlpool algorithm contributors:
229  Aaron Grothe
230  Jean-Luc Cooke
231
232Anubis algorithm contributors:
233  Aaron Grothe
234
235Tiger algorithm contributors:
236  Aaron Grothe
237
238VIA PadLock contributors:
239  Michal Ludvig
240
241Camellia algorithm contributors:
242  NTT(Nippon Telegraph and Telephone Corporation) (Camellia)
243
244Generic scatterwalk code by Adam J. Richter <adam@yggdrasil.com>
245
246Please send any credits updates or corrections to:
247Herbert Xu <herbert@gondor.apana.org.au>
248
249