HOME

TheInfoList



Click Here for Items Related To - Crypto API (Linux)
OR:
Crypto API (Linux) on:   [Wikipedia]   [Google]   [Amazon]

Crypto API is a
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
framework A framework is a generic term commonly referring to an essential supporting structure which other things are built on top of. Framework may refer to: Computing * Application framework, used to implement the structure of an application for an op ...
in the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
, for various parts of the kernel that deal with cryptography, such as
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
and
dm-crypt dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its ...
. It was introduced in kernel version 2.5.45 and has since expanded to include essentially all popular
block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
s and
hash function A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually u ...
s.


Userspace interfaces

Many platforms that provide hardware acceleration of
AES encryption The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...
expose this to programs through an extension of the
instruction set architecture In computer science, an instruction set architecture (ISA), also called computer architecture, is an abstract model of a computer. A device that executes instructions described by that ISA, such as a central processing unit (CPU), is called an ' ...
(ISA) of the various chipsets (e.g.
AES instruction set An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using Advanced Encryption Standard ...
for
x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...
). With this sort of implementation any program (
kernel-mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
or
user-space A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kernel ...
) may utilize these features directly. Some platforms, such as the ARM Kirkwood
SheevaPlug The SheevaPlug is a "plug computer" designed to allow standard computing features in as small a space as possible. As one of the first such computers on the market, the device has a 1.2 GHz Marvell Technology Group, Marvell Kirkwood 6281 AR ...
and
AMD Geode Geode was a series of x86-compatible system-on-a-chip microprocessors and I/O companions produced by AMD, targeted at the embedded computing market. The series was originally launched by National Semiconductor as the Geode family in 1999. The or ...
processors, however, are not implemented as ISA extensions, and are only accessible through kernel-mode drivers. In order for user-mode applications that utilize encryption, such as
wolfSSL wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS (SSL 3.0, TLS 1.0, 1.1, 1.2, 1.3, and DTLS 1.0, 1.2, and 1.3) written in the C programming lan ...
,
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...
or
GnuTLS GnuTLS (, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network trans ...
, to take advantage of such acceleration, they must interface with the kernel. ; AF_ALG : A
netlink Netlink is a socket family used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets available on certain Unix-like operati ...
-based interface that adds an AF_ALG address family; it was merged into version 2.6.38 of the
Linux kernel mainline The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU oper ...
. There was once a plugin to
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...
to support AF_ALG, which has been submitted for merging. In version 1.1.0, OpenSSL landed another patch for AF_ALG contributed by Intel.
wolfSSL wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS (SSL 3.0, TLS 1.0, 1.1, 1.2, 1.3, and DTLS 1.0, 1.2, and 1.3) written in the C programming lan ...
can make use of AF_ALG and cryptodev ; cryptodev : The
OpenBSD Cryptographic Framework The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2 ...
/dev/crypto interface of OpenBSD was ported to Linux, but never merged.


See also

*
Microsoft CryptoAPI The Microsoft Windows platform specific Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI) is an application programming interface included with Microsoft Windows ...


References

Application programming interfaces Cryptographic software Linux security software Linux kernel features {{Linux-stub