Hello,
following is a patchset providing an user-space interface to the kernel crypto
API. It is based on the older, BSD-compatible, implementation, but the
user-space interface is different.
Major changes since the previous post:
* struct nlattr-based extensible attributes used for
This patch introduces the new user-space API, ncr.h.
Quick overview:
* open(/dev/crypto) to get a FD, which acts as a namespace for key and
session identifiers.
* ioctl(NCRIO_KEY_INIT) to allocate a key object; then generate the key
material inside the kernel, load a plaintext key, unwrap a
---
crypto/Kconfig|5 +
crypto/Makefile |2 ++
crypto/userspace/Makefile |1 +
3 files changed, 8 insertions(+), 0 deletions(-)
create mode 100644 crypto/userspace/Makefile
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 81c185a..022768a 100644
---
That's it, .c files will finally follow in the next patch.
---
crypto/userspace/cryptodev_int.h | 82 +
crypto/userspace/ncr-dh.h| 25
crypto/userspace/ncr-int.h | 245 ++
crypto/userspace/ncr-pk.h| 55 +
4
Right now only key objects, not crypto sessions, are limited.
---
crypto/userspace/Makefile |2 +-
crypto/userspace/ncr-limits.c | 247 +
2 files changed, 248 insertions(+), 1 deletions(-)
create mode 100644 crypto/userspace/ncr-limits.c
diff
This encapsulates allocation/deallocation of all necessary objects,
dealing with the asynchronous nature of ablkcipher/ahash.
Long term, I'm not quite sure this layer makes sense; For now, it
provides a truly simple API for internal callers in libtomcrypt, at
least.
---
crypto/userspace/Makefile
Main entry points:
NCR_GET_INPUT_ARGS:
Read a fixed struct and any attached attributes from userspace
NCR_GET_INPUT_ARGS_NO_OUTPUT:
Same as above, and inform the users the kernel will attach no
additional attributes.
NCR_OUT_INIT/ncr_out_free:
Allocate and free a
Same as the previous patch - the header file dependencies do not allow
otherwise.
(Reviewing this in detail is probably premature, we are considering
replacing the implementation by something based on libgcrypt, which is
more actively maintained and has been probably more thorouhgly examined
for
---
crypto/userspace/cryptodev_main.c | 130 +
1 files changed, 130 insertions(+), 0 deletions(-)
diff --git a/crypto/userspace/cryptodev_main.c
b/crypto/userspace/cryptodev_main.c
index a6712db..6ba9bd6 100644
--- a/crypto/userspace/cryptodev_main.c
+++
Add ioctl and compat_ioctl handling. This is the only file that
directly accesses structured data from userspace (other files may access
unformated data such as cipher input or multiple-precision integers).
Also add the last operation, ncr_master_key_set.
---
crypto/userspace/ncr.c | 405
This includes:
- ncr_session_init
- ncr_session_update
- ncr_session_final
- ncr_session_once
The ncr_session_*_from_nla() functions are separate from the main
session code because they belong into ncr.c along with other code that
deals directly with user-space data structures and handles
---
crypto/userspace/cryptodev_main.c | 87 +
1 files changed, 87 insertions(+), 0 deletions(-)
diff --git a/crypto/userspace/cryptodev_main.c
b/crypto/userspace/cryptodev_main.c
index c6419f4..a6712db 100644
--- a/crypto/userspace/cryptodev_main.c
+++
This includes:
- ncr_key_init
- ncr_key_deinit
- ncr_key_export (as plaintext)
- ncr_key_import
- ncr_key_generate
- ncr_key_generate_pair
- ncr_key_derive
- ncr_key_get_info
and supporting infrastructure.
---
crypto/userspace/Makefile |2 +-
crypto/userspace/ncr-key.c | 689
Add basic Diffie-Hellman implementation, because it is not provided by
libtomcrypt.
Finally, add an algorithm-independent pubkey interface that encapsulates
the separate pubkey algorithm implementations.
---
crypto/userspace/Makefile |2 +-
crypto/userspace/ncr-dh.c | 282
Posted separately for review on linux-audit
---
include/linux/audit.h | 38 ++
kernel/auditfilter.c |2 +
kernel/auditsc.c | 136 +
3 files changed, 176 insertions(+), 0 deletions(-)
diff --git a/include/linux/audit.h
Pointers to this table are used to identify algorithms throughout the
code.
---
crypto/userspace/Makefile |2 +-
crypto/userspace/ncr-sessions.c | 150 +++
2 files changed, 151 insertions(+), 1 deletions(-)
create mode 100644
Not a good patch to start with, but the header file dependencies do not
allow otherwise.
(Reviewing this in detail is probably premature, we are considering
replacing the implementation by something based on libgcrypt, which is
more actively maintained and has been probably more thorouhgly
Miloslav Trmač wrote:
--- /dev/null
+++ b/include/linux/ncr.h
[...]
+struct ncr_session_input_data {
+ const void __user *data;
+ __kernel_size_t data_size;
+};
+
+struct ncr_session_output_buffer {
+ void __user *buffer;
+ __kernel_size_t buffer_size;
+
Miloslav Trmač wrote:
--- /dev/null
+++ b/crypto/userspace/utils.c
[...]
+#ifdef CONFIG_COMPAT
+/* max() is too clever for compile-time constants */
+#define CONST_MAX(A, B) ((A) (B) ? (A) : (B))
+
+#define MAX_SESSION_INPUT_DATA_SIZE \
+
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@nokia.com
---
arch/arm/mach-omap2/clock2420_data.c |2 +-
arch/arm/mach-omap2/clock2430_data.c |2 +-
arch/arm/mach-omap2/clock3xxx_data.c |2 +-
arch/arm/mach-omap2/devices.c| 71 ++
4 files
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@nokia.com
---
drivers/crypto/Kconfig|8 +
drivers/crypto/Makefile |1 +
drivers/crypto/omap-aes.c | 948 +
3 files changed, 957 insertions(+), 0 deletions(-)
create mode 100644
This set of patches provides implementation of the driver for
OMAP2/3 AES hw accelerator.
Dmitry Kasatkin (2):
crypto: updates to enable omap aes
crypto: omap-aes: OMAP2/3 AES hw accelerator driver
arch/arm/mach-omap2/clock2420_data.c |2 +-
arch/arm/mach-omap2/clock2430_data.c |2
On Fri, Aug 20, 2010 at 10:45:43AM +0200, Miloslav Trmač wrote:
Hello, following is a patchset providing an user-space interface to
the kernel crypto API. It is based on the older, BSD-compatible,
implementation, but the user-space interface is different.
What's the goal of exporting the
On 08/20/2010 03:56 PM, Ted Ts'o wrote:
On Fri, Aug 20, 2010 at 10:45:43AM +0200, Miloslav Trmač wrote:
Hello, following is a patchset providing an user-space interface to
the kernel crypto API. It is based on the older, BSD-compatible,
implementation, but the user-space interface is
On Fri, 20 Aug 2010 10:45:44 +0200 Miloslav Trmač wrote:
+#define NCRIO_KEY_INIT _IO('c', 204)
+/* generate a secret key */
+#define NCRIO_KEY_GENERATE _IOWR('c', 205, struct ncr_key_generate)
+/* generate a public key pair */
+#define NCRIO_KEY_GENERATE_PAIR
On Fri, Aug 20, 2010 at 07:03:18PM +0200, Nikos Mavrogiannopoulos wrote:
On 08/20/2010 03:56 PM, Ted Ts'o wrote:
On Fri, Aug 20, 2010 at 10:45:43AM +0200, Miloslav Trmač wrote:
Hello, following is a patchset providing an user-space interface to
the kernel crypto API. It is based on the
- Stefan Richter stef...@s5r6.in-berlin.de wrote:
Miloslav Trmač wrote:
--- /dev/null
+++ b/crypto/userspace/utils.c
[...]
+#ifdef CONFIG_COMPAT
+/* max() is too clever for compile-time constants */
+#define CONST_MAX(A, B) ((A) (B) ? (A) : (B))
+
+#define
27 matches
Mail list logo