1*4882a593Smuzhiyun.. SPDX-License-Identifier: GPL-2.0 2*4882a593Smuzhiyun 3*4882a593Smuzhiyun============================= 4*4882a593SmuzhiyunScatterlist Cryptographic API 5*4882a593Smuzhiyun============================= 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunIntroduction 8*4882a593Smuzhiyun============ 9*4882a593Smuzhiyun 10*4882a593SmuzhiyunThe Scatterlist Crypto API takes page vectors (scatterlists) as 11*4882a593Smuzhiyunarguments, and works directly on pages. In some cases (e.g. ECB 12*4882a593Smuzhiyunmode ciphers), this will allow for pages to be encrypted in-place 13*4882a593Smuzhiyunwith no copying. 14*4882a593Smuzhiyun 15*4882a593SmuzhiyunOne of the initial goals of this design was to readily support IPsec, 16*4882a593Smuzhiyunso that processing can be applied to paged skb's without the need 17*4882a593Smuzhiyunfor linearization. 18*4882a593Smuzhiyun 19*4882a593Smuzhiyun 20*4882a593SmuzhiyunDetails 21*4882a593Smuzhiyun======= 22*4882a593Smuzhiyun 23*4882a593SmuzhiyunAt the lowest level are algorithms, which register dynamically with the 24*4882a593SmuzhiyunAPI. 25*4882a593Smuzhiyun 26*4882a593Smuzhiyun'Transforms' are user-instantiated objects, which maintain state, handle all 27*4882a593Smuzhiyunof the implementation logic (e.g. manipulating page vectors) and provide an 28*4882a593Smuzhiyunabstraction to the underlying algorithms. However, at the user 29*4882a593Smuzhiyunlevel they are very simple. 30*4882a593Smuzhiyun 31*4882a593SmuzhiyunConceptually, the API layering looks like this:: 32*4882a593Smuzhiyun 33*4882a593Smuzhiyun [transform api] (user interface) 34*4882a593Smuzhiyun [transform ops] (per-type logic glue e.g. cipher.c, compress.c) 35*4882a593Smuzhiyun [algorithm api] (for registering algorithms) 36*4882a593Smuzhiyun 37*4882a593SmuzhiyunThe idea is to make the user interface and algorithm registration API 38*4882a593Smuzhiyunvery simple, while hiding the core logic from both. Many good ideas 39*4882a593Smuzhiyunfrom existing APIs such as Cryptoapi and Nettle have been adapted for this. 40*4882a593Smuzhiyun 41*4882a593SmuzhiyunThe API currently supports five main types of transforms: AEAD (Authenticated 42*4882a593SmuzhiyunEncryption with Associated Data), Block Ciphers, Ciphers, Compressors and 43*4882a593SmuzhiyunHashes. 44*4882a593Smuzhiyun 45*4882a593SmuzhiyunPlease note that Block Ciphers is somewhat of a misnomer. It is in fact 46*4882a593Smuzhiyunmeant to support all ciphers including stream ciphers. The difference 47*4882a593Smuzhiyunbetween Block Ciphers and Ciphers is that the latter operates on exactly 48*4882a593Smuzhiyunone block while the former can operate on an arbitrary amount of data, 49*4882a593Smuzhiyunsubject to block size requirements (i.e., non-stream ciphers can only 50*4882a593Smuzhiyunprocess multiples of blocks). 51*4882a593Smuzhiyun 52*4882a593SmuzhiyunHere's an example of how to use the API:: 53*4882a593Smuzhiyun 54*4882a593Smuzhiyun #include <crypto/hash.h> 55*4882a593Smuzhiyun #include <linux/err.h> 56*4882a593Smuzhiyun #include <linux/scatterlist.h> 57*4882a593Smuzhiyun 58*4882a593Smuzhiyun struct scatterlist sg[2]; 59*4882a593Smuzhiyun char result[128]; 60*4882a593Smuzhiyun struct crypto_ahash *tfm; 61*4882a593Smuzhiyun struct ahash_request *req; 62*4882a593Smuzhiyun 63*4882a593Smuzhiyun tfm = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC); 64*4882a593Smuzhiyun if (IS_ERR(tfm)) 65*4882a593Smuzhiyun fail(); 66*4882a593Smuzhiyun 67*4882a593Smuzhiyun /* ... set up the scatterlists ... */ 68*4882a593Smuzhiyun 69*4882a593Smuzhiyun req = ahash_request_alloc(tfm, GFP_ATOMIC); 70*4882a593Smuzhiyun if (!req) 71*4882a593Smuzhiyun fail(); 72*4882a593Smuzhiyun 73*4882a593Smuzhiyun ahash_request_set_callback(req, 0, NULL, NULL); 74*4882a593Smuzhiyun ahash_request_set_crypt(req, sg, result, 2); 75*4882a593Smuzhiyun 76*4882a593Smuzhiyun if (crypto_ahash_digest(req)) 77*4882a593Smuzhiyun fail(); 78*4882a593Smuzhiyun 79*4882a593Smuzhiyun ahash_request_free(req); 80*4882a593Smuzhiyun crypto_free_ahash(tfm); 81*4882a593Smuzhiyun 82*4882a593Smuzhiyun 83*4882a593SmuzhiyunMany real examples are available in the regression test module (tcrypt.c). 84*4882a593Smuzhiyun 85*4882a593Smuzhiyun 86*4882a593SmuzhiyunDeveloper Notes 87*4882a593Smuzhiyun=============== 88*4882a593Smuzhiyun 89*4882a593SmuzhiyunTransforms may only be allocated in user context, and cryptographic 90*4882a593Smuzhiyunmethods may only be called from softirq and user contexts. For 91*4882a593Smuzhiyuntransforms with a setkey method it too should only be called from 92*4882a593Smuzhiyunuser context. 93*4882a593Smuzhiyun 94*4882a593SmuzhiyunWhen using the API for ciphers, performance will be optimal if each 95*4882a593Smuzhiyunscatterlist contains data which is a multiple of the cipher's block 96*4882a593Smuzhiyunsize (typically 8 bytes). This prevents having to do any copying 97*4882a593Smuzhiyunacross non-aligned page fragment boundaries. 98*4882a593Smuzhiyun 99*4882a593Smuzhiyun 100*4882a593SmuzhiyunAdding New Algorithms 101*4882a593Smuzhiyun===================== 102*4882a593Smuzhiyun 103*4882a593SmuzhiyunWhen submitting a new algorithm for inclusion, a mandatory requirement 104*4882a593Smuzhiyunis that at least a few test vectors from known sources (preferably 105*4882a593Smuzhiyunstandards) be included. 106*4882a593Smuzhiyun 107*4882a593SmuzhiyunConverting existing well known code is preferred, as it is more likely 108*4882a593Smuzhiyunto have been reviewed and widely tested. If submitting code from LGPL 109*4882a593Smuzhiyunsources, please consider changing the license to GPL (see section 3 of 110*4882a593Smuzhiyunthe LGPL). 111*4882a593Smuzhiyun 112*4882a593SmuzhiyunAlgorithms submitted must also be generally patent-free (e.g. IDEA 113*4882a593Smuzhiyunwill not be included in the mainline until around 2011), and be based 114*4882a593Smuzhiyunon a recognized standard and/or have been subjected to appropriate 115*4882a593Smuzhiyunpeer review. 116*4882a593Smuzhiyun 117*4882a593SmuzhiyunAlso check for any RFCs which may relate to the use of specific algorithms, 118*4882a593Smuzhiyunas well as general application notes such as RFC2451 ("The ESP CBC-Mode 119*4882a593SmuzhiyunCipher Algorithms"). 120*4882a593Smuzhiyun 121*4882a593SmuzhiyunIt's a good idea to avoid using lots of macros and use inlined functions 122*4882a593Smuzhiyuninstead, as gcc does a good job with inlining, while excessive use of 123*4882a593Smuzhiyunmacros can cause compilation problems on some platforms. 124*4882a593Smuzhiyun 125*4882a593SmuzhiyunAlso check the TODO list at the web site listed below to see what people 126*4882a593Smuzhiyunmight already be working on. 127*4882a593Smuzhiyun 128*4882a593Smuzhiyun 129*4882a593SmuzhiyunBugs 130*4882a593Smuzhiyun==== 131*4882a593Smuzhiyun 132*4882a593SmuzhiyunSend bug reports to: 133*4882a593Smuzhiyun linux-crypto@vger.kernel.org 134*4882a593Smuzhiyun 135*4882a593SmuzhiyunCc: 136*4882a593Smuzhiyun Herbert Xu <herbert@gondor.apana.org.au>, 137*4882a593Smuzhiyun David S. Miller <davem@redhat.com> 138*4882a593Smuzhiyun 139*4882a593Smuzhiyun 140*4882a593SmuzhiyunFurther Information 141*4882a593Smuzhiyun=================== 142*4882a593Smuzhiyun 143*4882a593SmuzhiyunFor further patches and various updates, including the current TODO 144*4882a593Smuzhiyunlist, see: 145*4882a593Smuzhiyunhttp://gondor.apana.org.au/~herbert/crypto/ 146*4882a593Smuzhiyun 147*4882a593Smuzhiyun 148*4882a593SmuzhiyunAuthors 149*4882a593Smuzhiyun======= 150*4882a593Smuzhiyun 151*4882a593Smuzhiyun- James Morris 152*4882a593Smuzhiyun- David S. Miller 153*4882a593Smuzhiyun- Herbert Xu 154*4882a593Smuzhiyun 155*4882a593Smuzhiyun 156*4882a593SmuzhiyunCredits 157*4882a593Smuzhiyun======= 158*4882a593Smuzhiyun 159*4882a593SmuzhiyunThe following people provided invaluable feedback during the development 160*4882a593Smuzhiyunof the API: 161*4882a593Smuzhiyun 162*4882a593Smuzhiyun - Alexey Kuznetzov 163*4882a593Smuzhiyun - Rusty Russell 164*4882a593Smuzhiyun - Herbert Valerio Riedel 165*4882a593Smuzhiyun - Jeff Garzik 166*4882a593Smuzhiyun - Michael Richardson 167*4882a593Smuzhiyun - Andrew Morton 168*4882a593Smuzhiyun - Ingo Oeser 169*4882a593Smuzhiyun - Christoph Hellwig 170*4882a593Smuzhiyun 171*4882a593SmuzhiyunPortions of this API were derived from the following projects: 172*4882a593Smuzhiyun 173*4882a593Smuzhiyun Kerneli Cryptoapi (http://www.kerneli.org/) 174*4882a593Smuzhiyun - Alexander Kjeldaas 175*4882a593Smuzhiyun - Herbert Valerio Riedel 176*4882a593Smuzhiyun - Kyle McMartin 177*4882a593Smuzhiyun - Jean-Luc Cooke 178*4882a593Smuzhiyun - David Bryson 179*4882a593Smuzhiyun - Clemens Fruhwirth 180*4882a593Smuzhiyun - Tobias Ringstrom 181*4882a593Smuzhiyun - Harald Welte 182*4882a593Smuzhiyun 183*4882a593Smuzhiyunand; 184*4882a593Smuzhiyun 185*4882a593Smuzhiyun Nettle (https://www.lysator.liu.se/~nisse/nettle/) 186*4882a593Smuzhiyun - Niels Möller 187*4882a593Smuzhiyun 188*4882a593SmuzhiyunOriginal developers of the crypto algorithms: 189*4882a593Smuzhiyun 190*4882a593Smuzhiyun - Dana L. How (DES) 191*4882a593Smuzhiyun - Andrew Tridgell and Steve French (MD4) 192*4882a593Smuzhiyun - Colin Plumb (MD5) 193*4882a593Smuzhiyun - Steve Reid (SHA1) 194*4882a593Smuzhiyun - Jean-Luc Cooke (SHA256, SHA384, SHA512) 195*4882a593Smuzhiyun - Kazunori Miyazawa / USAGI (HMAC) 196*4882a593Smuzhiyun - Matthew Skala (Twofish) 197*4882a593Smuzhiyun - Dag Arne Osvik (Serpent) 198*4882a593Smuzhiyun - Brian Gladman (AES) 199*4882a593Smuzhiyun - Kartikey Mahendra Bhatt (CAST6) 200*4882a593Smuzhiyun - Jon Oberheide (ARC4) 201*4882a593Smuzhiyun - Jouni Malinen (Michael MIC) 202*4882a593Smuzhiyun - NTT(Nippon Telegraph and Telephone Corporation) (Camellia) 203*4882a593Smuzhiyun 204*4882a593SmuzhiyunSHA1 algorithm contributors: 205*4882a593Smuzhiyun - Jean-Francois Dive 206*4882a593Smuzhiyun 207*4882a593SmuzhiyunDES algorithm contributors: 208*4882a593Smuzhiyun - Raimar Falke 209*4882a593Smuzhiyun - Gisle Sælensminde 210*4882a593Smuzhiyun - Niels Möller 211*4882a593Smuzhiyun 212*4882a593SmuzhiyunBlowfish algorithm contributors: 213*4882a593Smuzhiyun - Herbert Valerio Riedel 214*4882a593Smuzhiyun - Kyle McMartin 215*4882a593Smuzhiyun 216*4882a593SmuzhiyunTwofish algorithm contributors: 217*4882a593Smuzhiyun - Werner Koch 218*4882a593Smuzhiyun - Marc Mutz 219*4882a593Smuzhiyun 220*4882a593SmuzhiyunSHA256/384/512 algorithm contributors: 221*4882a593Smuzhiyun - Andrew McDonald 222*4882a593Smuzhiyun - Kyle McMartin 223*4882a593Smuzhiyun - Herbert Valerio Riedel 224*4882a593Smuzhiyun 225*4882a593SmuzhiyunAES algorithm contributors: 226*4882a593Smuzhiyun - Alexander Kjeldaas 227*4882a593Smuzhiyun - Herbert Valerio Riedel 228*4882a593Smuzhiyun - Kyle McMartin 229*4882a593Smuzhiyun - Adam J. Richter 230*4882a593Smuzhiyun - Fruhwirth Clemens (i586) 231*4882a593Smuzhiyun - Linus Torvalds (i586) 232*4882a593Smuzhiyun 233*4882a593SmuzhiyunCAST5 algorithm contributors: 234*4882a593Smuzhiyun - Kartikey Mahendra Bhatt (original developers unknown, FSF copyright). 235*4882a593Smuzhiyun 236*4882a593SmuzhiyunTEA/XTEA algorithm contributors: 237*4882a593Smuzhiyun - Aaron Grothe 238*4882a593Smuzhiyun - Michael Ringe 239*4882a593Smuzhiyun 240*4882a593SmuzhiyunKhazad algorithm contributors: 241*4882a593Smuzhiyun - Aaron Grothe 242*4882a593Smuzhiyun 243*4882a593SmuzhiyunWhirlpool algorithm contributors: 244*4882a593Smuzhiyun - Aaron Grothe 245*4882a593Smuzhiyun - Jean-Luc Cooke 246*4882a593Smuzhiyun 247*4882a593SmuzhiyunAnubis algorithm contributors: 248*4882a593Smuzhiyun - Aaron Grothe 249*4882a593Smuzhiyun 250*4882a593SmuzhiyunTiger algorithm contributors: 251*4882a593Smuzhiyun - Aaron Grothe 252*4882a593Smuzhiyun 253*4882a593SmuzhiyunVIA PadLock contributors: 254*4882a593Smuzhiyun - Michal Ludvig 255*4882a593Smuzhiyun 256*4882a593SmuzhiyunCamellia algorithm contributors: 257*4882a593Smuzhiyun - NTT(Nippon Telegraph and Telephone Corporation) (Camellia) 258*4882a593Smuzhiyun 259*4882a593SmuzhiyunGeneric scatterwalk code by Adam J. Richter <adam@yggdrasil.com> 260*4882a593Smuzhiyun 261*4882a593SmuzhiyunPlease send any credits updates or corrections to: 262*4882a593SmuzhiyunHerbert Xu <herbert@gondor.apana.org.au> 263