basics for cryptodev support

Simon Josefsson simon at josefsson.org
Wed Mar 19 13:49:58 CET 2008 

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> I'm working slowly into adding some support for hw crypto
> devices. Currently the easiest way to achieve this is by using the
> kernel crypto hw support (in linux there is already support for via
> and geode aes implementations and there is also ocf-linux[0] which
> provides more hw).

Cool!

> For this reason I added an API to register ciphers and macs

Will this API be stable?  I'd like to push out a stable 2.4.0 in a few
weeks.  If there is any risk that this API will change during 2.5.x, I
think we should revert this change and add it for the next development
cycle instead.

>(rnd + pki will follow on my next burst).

When I migrated the code to use gnulib for low-level crypto, I gave up
on mpi stuff, since it was rather libgcrypt-specific right now.
Finishing this would be really great.

/Simon

> Initially to test this support I'll need to add support for
> /dev/crypto when it is available (freebsd/openbsd, linux with ocf).
>
> If anyone is interested in helping in any of these, please contact me.
>
> The current API to register ciphers and hash/hmac is:
>
> typedef struct gnutls_crypto_cipher {
>   int (*init)( void** ctx);
>   int (*setkey)( void* ctx, const void * key, int keysize);
>   int (*setiv)(void* ctx, const void* iv, int ivsize);
>   int (*encrypt)(void* ctx, const void* plain, int plainsize, void*
> encr, int encrsize);
>   int (*decrypt)(void* ctx, const void* encr, int encrsize, void*
> plain, int plainsize);
>   void (*deinit)( void* ctx);
> } gnutls_crypto_cipher_st;
>
> typedef struct gnutls_crypto_mac {
>   int (*init)( void** ctx);
>   int (*setkey)( void* ctx, const void * key, int keysize);
>   int (*hash)( void* ctx, const void * text, int textsize);
>   int (*copy)( void** dst_ctx, void* src_ctx);
>   int (*output) ( void* src_ctx, void* digest, int digestsize);
>   void (*deinit)( void* ctx);
> } gnutls_crypto_mac_st;
>
> /* the same... setkey should be null */
> typedef gnutls_crypto_mac_st gnutls_crypto_digest_st;
>
> int gnutls_crypto_cipher_register( gnutls_cipher_algorithm_t
> algorithm, int priority, gnutls_crypto_cipher_st* s);
> int gnutls_crypto_mac_register( gnutls_mac_algorithm_t algorithm, int
> priority, gnutls_crypto_mac_st* s);
> int gnutls_crypto_digest_register( gnutls_digest_algorithm_t
> algorithm, int priority, gnutls_crypto_digest_st* s)
>
>
> [0]. http://ocf-linux.sourceforge.net/
>
>
> regards,
> Nikos

More information about the Gnutls-devel mailing list