Crypto API (Linux)
   HOME

TheInfoList



Click Here for Items Related To - Crypto API (Linux)
OR:
Crypto API (Linux) on:   [Wikipedia]   [Google]   [Amazon]

Crypto API is a
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adv ...
framework A framework is a generic term commonly referring to an essential supporting structure which other things are built on top of. Framework may refer to: Computing * Application framework, used to implement the structure of an application for an op ...
in the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ...
, for various parts of the kernel that deal with cryptography, such as
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
and
dm-crypt dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike it ...
. It was introduced in kernel version 2.5.45 and has since expanded to include essentially all popular
block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified elementary components in the design of many cryptographic protocols and are widely used to en ...
s and
hash function A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually ...
s.


Userspace interfaces

Many platforms that provide hardware acceleration of
AES encryption The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...
expose this to programs through an extension of the
instruction set architecture In computer science, an instruction set architecture (ISA), also called computer architecture, is an abstract model of a computer. A device that executes instructions described by that ISA, such as a central processing unit (CPU), is called an ...
(ISA) of the various chipsets (e.g.
AES instruction set An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using Advanced Encryption Standard ...
for x86). With this sort of implementation any program (
kernel-mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Compu ...
or
user-space A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kerne ...
) may utilize these features directly. Some platforms, such as the ARM Kirkwood SheevaPlug and AMD Geode processors, however, are not implemented as ISA extensions, and are only accessible through kernel-mode drivers. In order for user-mode applications that utilize encryption, such as wolfSSL,
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HT ...
or GnuTLS, to take advantage of such acceleration, they must interface with the kernel. ; AF_ALG : A
netlink Netlink is a socket family used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets available on certain Unix-like oper ...
-based interface that adds an AF_ALG address family; it was merged into version 2.6.38 of the
Linux kernel mainline The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU o ...
. There was once a plugin to
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HT ...
to support AF_ALG, which has been submitted for merging. In version 1.1.0, OpenSSL landed another patch for AF_ALG contributed by Intel. wolfSSL can make use of AF_ALG and cryptodev ; cryptodev : The
OpenBSD Cryptographic Framework The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2 ...
/dev/crypto interface of OpenBSD was ported to Linux, but never merged.


See also

* Microsoft CryptoAPI


References

Application programming interfaces Cryptographic software Linux security software Linux kernel features {{Linux-stub