basics for cryptodev support
Simon Josefsson
simon at josefsson.org
Wed Mar 19 13:49:58 CET 2008
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> I'm working slowly into adding some support for hw crypto
> devices. Currently the easiest way to achieve this is by using the
> kernel crypto hw support (in linux there is already support for via
> and geode aes implementations and there is also ocf-linux[0] which
> provides more hw).
Cool!
> For this reason I added an API to register ciphers and macs
Will this API be stable? I'd like to push out a stable 2.4.0 in a few
weeks. If there is any risk that this API will change during 2.5.x, I
think we should revert this change and add it for the next development
cycle instead.
>(rnd + pki will follow on my next burst).
When I migrated the code to use gnulib for low-level crypto, I gave up
on mpi stuff, since it was rather libgcrypt-specific right now.
Finishing this would be really great.
/Simon
> Initially to test this support I'll need to add support for
> /dev/crypto when it is available (freebsd/openbsd, linux with ocf).
>
> If anyone is interested in helping in any of these, please contact me.
>
> The current API to register ciphers and hash/hmac is:
>
> typedef struct gnutls_crypto_cipher {
> int (*init)( void** ctx);
> int (*setkey)( void* ctx, const void * key, int keysize);
> int (*setiv)(void* ctx, const void* iv, int ivsize);
> int (*encrypt)(void* ctx, const void* plain, int plainsize, void*
> encr, int encrsize);
> int (*decrypt)(void* ctx, const void* encr, int encrsize, void*
> plain, int plainsize);
> void (*deinit)( void* ctx);
> } gnutls_crypto_cipher_st;
>
> typedef struct gnutls_crypto_mac {
> int (*init)( void** ctx);
> int (*setkey)( void* ctx, const void * key, int keysize);
> int (*hash)( void* ctx, const void * text, int textsize);
> int (*copy)( void** dst_ctx, void* src_ctx);
> int (*output) ( void* src_ctx, void* digest, int digestsize);
> void (*deinit)( void* ctx);
> } gnutls_crypto_mac_st;
>
> /* the same... setkey should be null */
> typedef gnutls_crypto_mac_st gnutls_crypto_digest_st;
>
> int gnutls_crypto_cipher_register( gnutls_cipher_algorithm_t
> algorithm, int priority, gnutls_crypto_cipher_st* s);
> int gnutls_crypto_mac_register( gnutls_mac_algorithm_t algorithm, int
> priority, gnutls_crypto_mac_st* s);
> int gnutls_crypto_digest_register( gnutls_digest_algorithm_t
> algorithm, int priority, gnutls_crypto_digest_st* s)
>
>
> [0]. http://ocf-linux.sourceforge.net/
>
>
> regards,
> Nikos
More information about the Gnutls-devel
mailing list