Crypto API (Linux)

From HandWiki
Revision as of 14:05, 6 February 2024 by John Stpola (talk | contribs) (fixing)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Crypto API is a cryptography framework in the Linux kernel, for various parts of the kernel that deal with cryptography, such as IPsec and dm-crypt. It was introduced in kernel version 2.5.45[1] and has since expanded to include essentially all popular block ciphers and hash functions.

Userspace interfaces

Many platforms that provide hardware acceleration of AES encryption expose this to programs through an extension of the instruction set architecture (ISA) of the various chipsets (e.g. AES instruction set for x86). With this sort of implementation, any program (kernel-mode or user-space) may utilize these features directly.

Some platforms, such as the ARM Kirkwood SheevaPlug and AMD Geode processors, however, are not implemented as ISA extensions, and are only accessible through kernel-mode drivers. In order for user-mode applications that utilize encryption, such as wolfSSL, OpenSSL or GnuTLS, to take advantage of such acceleration, they must interface with the kernel.[2]

AF_ALG
A netlink-based interface that adds an AF_ALG address family;[3] it was merged into version 2.6.38 of the Linux kernel mainline.[4][5] There was once a plugin to OpenSSL to support AF_ALG,[6] which has been submitted for merging.[7] In version 1.1.0, OpenSSL landed another patch for AF_ALG contributed by Intel.[8] wolfSSL can make use of AF_ALG and cryptodev[9]
cryptodev
The OpenBSD Cryptographic Framework /dev/crypto interface of OpenBSD was ported to Linux,[10][11][12] but never merged.

See also

References

  1. "Kernel development". LWN.net. 2002. https://lwn.net/Articles/13587/. 
  2. Xiao, Yuan; Li, Mengyuan; Chen, Sanchuan; Zhang, Yinqian (2017-10-30). "STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves". Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS '17 (New York, NY, USA: Association for Computing Machinery): 859–874. doi:10.1145/3133956.3134016. ISBN 978-1-4503-4946-8. https://dl.acm.org/doi/10.1145/3133956.3134016. 
  3. Edge, Jake (October 20, 2010). "A netlink-based user-space crypto API". LWN.net. https://lwn.net/Articles/410763/. 
  4. Linux_2_6_38 changes
  5. 03c8efc fe869cd 8ff5909
  6. Markus (2011-10-22). "OpenSSL - AF_ALG". http://carnivore.it/2011/04/23/openssl_-_af_alg. 
  7. Markus nepenthesdev at gmail.com (2011-07-03). "#2554: Patch: AF_ALG dynamic engine for linux >= 2.6.38". OpenSSL. http://rt.openssl.org/Ticket/Display.html?id=2554&user=guest&pass=guest. 
  8. clucey (2016-02-17). "ALG: Add AFALG engine". OpenSSL. https://github.com/openssl/openssl/commit/7f458a48ff3a231d5841466525d2aacbcd4f6b77#commitcomment-18836199. 
  9. Jacob (19 December 2018). "AF_ALG + Cryptodev-linux". https://www.wolfssl.com/af_alg-cryptodev-linux/. 
  10. Ludvig, Michal. "CryptoDev for Linux". http://www.logix.cz/michal/devel/cryptodev/. 
  11. Mavrogiannopoulos, Nikos. "cryptodev-linux". http://home.gna.org/cryptodev-linux/. 
  12. Edge, Jake (August 25, 2010). "An API for user-space access to kernel cryptography". LWN.net. https://lwn.net/Articles/401548/.