15846551bSMauro Carvalho Chehab.. SPDX-License-Identifier: GPL-2.0 25846551bSMauro Carvalho Chehab 35846551bSMauro Carvalho Chehab============================= 45846551bSMauro Carvalho ChehabScatterlist Cryptographic API 55846551bSMauro Carvalho Chehab============================= 65846551bSMauro Carvalho Chehab 75846551bSMauro Carvalho ChehabIntroduction 85846551bSMauro Carvalho Chehab============ 95846551bSMauro Carvalho Chehab 105846551bSMauro Carvalho ChehabThe Scatterlist Crypto API takes page vectors (scatterlists) as 115846551bSMauro Carvalho Chehabarguments, and works directly on pages. In some cases (e.g. ECB 125846551bSMauro Carvalho Chehabmode ciphers), this will allow for pages to be encrypted in-place 135846551bSMauro Carvalho Chehabwith no copying. 145846551bSMauro Carvalho Chehab 155846551bSMauro Carvalho ChehabOne of the initial goals of this design was to readily support IPsec, 165846551bSMauro Carvalho Chehabso that processing can be applied to paged skb's without the need 175846551bSMauro Carvalho Chehabfor linearization. 185846551bSMauro Carvalho Chehab 195846551bSMauro Carvalho Chehab 205846551bSMauro Carvalho ChehabDetails 215846551bSMauro Carvalho Chehab======= 225846551bSMauro Carvalho Chehab 235846551bSMauro Carvalho ChehabAt the lowest level are algorithms, which register dynamically with the 245846551bSMauro Carvalho ChehabAPI. 255846551bSMauro Carvalho Chehab 265846551bSMauro Carvalho Chehab'Transforms' are user-instantiated objects, which maintain state, handle all 275846551bSMauro Carvalho Chehabof the implementation logic (e.g. manipulating page vectors) and provide an 285846551bSMauro Carvalho Chehababstraction to the underlying algorithms. However, at the user 295846551bSMauro Carvalho Chehablevel they are very simple. 305846551bSMauro Carvalho Chehab 315846551bSMauro Carvalho ChehabConceptually, the API layering looks like this:: 325846551bSMauro Carvalho Chehab 335846551bSMauro Carvalho Chehab [transform api] (user interface) 345846551bSMauro Carvalho Chehab [transform ops] (per-type logic glue e.g. cipher.c, compress.c) 355846551bSMauro Carvalho Chehab [algorithm api] (for registering algorithms) 365846551bSMauro Carvalho Chehab 375846551bSMauro Carvalho ChehabThe idea is to make the user interface and algorithm registration API 385846551bSMauro Carvalho Chehabvery simple, while hiding the core logic from both. Many good ideas 395846551bSMauro Carvalho Chehabfrom existing APIs such as Cryptoapi and Nettle have been adapted for this. 405846551bSMauro Carvalho Chehab 415846551bSMauro Carvalho ChehabThe API currently supports five main types of transforms: AEAD (Authenticated 425846551bSMauro Carvalho ChehabEncryption with Associated Data), Block Ciphers, Ciphers, Compressors and 435846551bSMauro Carvalho ChehabHashes. 445846551bSMauro Carvalho Chehab 455846551bSMauro Carvalho ChehabPlease note that Block Ciphers is somewhat of a misnomer. It is in fact 465846551bSMauro Carvalho Chehabmeant to support all ciphers including stream ciphers. The difference 475846551bSMauro Carvalho Chehabbetween Block Ciphers and Ciphers is that the latter operates on exactly 485846551bSMauro Carvalho Chehabone block while the former can operate on an arbitrary amount of data, 495846551bSMauro Carvalho Chehabsubject to block size requirements (i.e., non-stream ciphers can only 505846551bSMauro Carvalho Chehabprocess multiples of blocks). 515846551bSMauro Carvalho Chehab 525846551bSMauro Carvalho ChehabHere's an example of how to use the API:: 535846551bSMauro Carvalho Chehab 545846551bSMauro Carvalho Chehab #include <crypto/hash.h> 555846551bSMauro Carvalho Chehab #include <linux/err.h> 565846551bSMauro Carvalho Chehab #include <linux/scatterlist.h> 575846551bSMauro Carvalho Chehab 585846551bSMauro Carvalho Chehab struct scatterlist sg[2]; 595846551bSMauro Carvalho Chehab char result[128]; 605846551bSMauro Carvalho Chehab struct crypto_ahash *tfm; 615846551bSMauro Carvalho Chehab struct ahash_request *req; 625846551bSMauro Carvalho Chehab 635846551bSMauro Carvalho Chehab tfm = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC); 645846551bSMauro Carvalho Chehab if (IS_ERR(tfm)) 655846551bSMauro Carvalho Chehab fail(); 665846551bSMauro Carvalho Chehab 675846551bSMauro Carvalho Chehab /* ... set up the scatterlists ... */ 685846551bSMauro Carvalho Chehab 695846551bSMauro Carvalho Chehab req = ahash_request_alloc(tfm, GFP_ATOMIC); 705846551bSMauro Carvalho Chehab if (!req) 715846551bSMauro Carvalho Chehab fail(); 725846551bSMauro Carvalho Chehab 735846551bSMauro Carvalho Chehab ahash_request_set_callback(req, 0, NULL, NULL); 745846551bSMauro Carvalho Chehab ahash_request_set_crypt(req, sg, result, 2); 755846551bSMauro Carvalho Chehab 765846551bSMauro Carvalho Chehab if (crypto_ahash_digest(req)) 775846551bSMauro Carvalho Chehab fail(); 785846551bSMauro Carvalho Chehab 795846551bSMauro Carvalho Chehab ahash_request_free(req); 805846551bSMauro Carvalho Chehab crypto_free_ahash(tfm); 815846551bSMauro Carvalho Chehab 825846551bSMauro Carvalho Chehab 835846551bSMauro Carvalho ChehabMany real examples are available in the regression test module (tcrypt.c). 845846551bSMauro Carvalho Chehab 855846551bSMauro Carvalho Chehab 865846551bSMauro Carvalho ChehabDeveloper Notes 875846551bSMauro Carvalho Chehab=============== 885846551bSMauro Carvalho Chehab 895846551bSMauro Carvalho ChehabTransforms may only be allocated in user context, and cryptographic 905846551bSMauro Carvalho Chehabmethods may only be called from softirq and user contexts. For 915846551bSMauro Carvalho Chehabtransforms with a setkey method it too should only be called from 925846551bSMauro Carvalho Chehabuser context. 935846551bSMauro Carvalho Chehab 945846551bSMauro Carvalho ChehabWhen using the API for ciphers, performance will be optimal if each 955846551bSMauro Carvalho Chehabscatterlist contains data which is a multiple of the cipher's block 965846551bSMauro Carvalho Chehabsize (typically 8 bytes). This prevents having to do any copying 975846551bSMauro Carvalho Chehabacross non-aligned page fragment boundaries. 985846551bSMauro Carvalho Chehab 995846551bSMauro Carvalho Chehab 1005846551bSMauro Carvalho ChehabAdding New Algorithms 1015846551bSMauro Carvalho Chehab===================== 1025846551bSMauro Carvalho Chehab 1035846551bSMauro Carvalho ChehabWhen submitting a new algorithm for inclusion, a mandatory requirement 1045846551bSMauro Carvalho Chehabis that at least a few test vectors from known sources (preferably 1055846551bSMauro Carvalho Chehabstandards) be included. 1065846551bSMauro Carvalho Chehab 1075846551bSMauro Carvalho ChehabConverting existing well known code is preferred, as it is more likely 1085846551bSMauro Carvalho Chehabto have been reviewed and widely tested. If submitting code from LGPL 1095846551bSMauro Carvalho Chehabsources, please consider changing the license to GPL (see section 3 of 1105846551bSMauro Carvalho Chehabthe LGPL). 1115846551bSMauro Carvalho Chehab 1125846551bSMauro Carvalho ChehabAlgorithms submitted must also be generally patent-free (e.g. IDEA 1135846551bSMauro Carvalho Chehabwill not be included in the mainline until around 2011), and be based 1145846551bSMauro Carvalho Chehabon a recognized standard and/or have been subjected to appropriate 1155846551bSMauro Carvalho Chehabpeer review. 1165846551bSMauro Carvalho Chehab 1175846551bSMauro Carvalho ChehabAlso check for any RFCs which may relate to the use of specific algorithms, 1185846551bSMauro Carvalho Chehabas well as general application notes such as RFC2451 ("The ESP CBC-Mode 1195846551bSMauro Carvalho ChehabCipher Algorithms"). 1205846551bSMauro Carvalho Chehab 1215846551bSMauro Carvalho ChehabIt's a good idea to avoid using lots of macros and use inlined functions 1225846551bSMauro Carvalho Chehabinstead, as gcc does a good job with inlining, while excessive use of 1235846551bSMauro Carvalho Chehabmacros can cause compilation problems on some platforms. 1245846551bSMauro Carvalho Chehab 1255846551bSMauro Carvalho ChehabAlso check the TODO list at the web site listed below to see what people 1265846551bSMauro Carvalho Chehabmight already be working on. 1275846551bSMauro Carvalho Chehab 1285846551bSMauro Carvalho Chehab 1295846551bSMauro Carvalho ChehabBugs 1305846551bSMauro Carvalho Chehab==== 1315846551bSMauro Carvalho Chehab 1325846551bSMauro Carvalho ChehabSend bug reports to: 1335846551bSMauro Carvalho Chehab linux-crypto@vger.kernel.org 1345846551bSMauro Carvalho Chehab 1355846551bSMauro Carvalho ChehabCc: 1365846551bSMauro Carvalho Chehab Herbert Xu <herbert@gondor.apana.org.au>, 1375846551bSMauro Carvalho Chehab David S. Miller <davem@redhat.com> 1385846551bSMauro Carvalho Chehab 1395846551bSMauro Carvalho Chehab 1405846551bSMauro Carvalho ChehabFurther Information 1415846551bSMauro Carvalho Chehab=================== 1425846551bSMauro Carvalho Chehab 1435846551bSMauro Carvalho ChehabFor further patches and various updates, including the current TODO 1445846551bSMauro Carvalho Chehablist, see: 1455846551bSMauro Carvalho Chehabhttp://gondor.apana.org.au/~herbert/crypto/ 1465846551bSMauro Carvalho Chehab 1475846551bSMauro Carvalho Chehab 1485846551bSMauro Carvalho ChehabAuthors 1495846551bSMauro Carvalho Chehab======= 1505846551bSMauro Carvalho Chehab 1515846551bSMauro Carvalho Chehab- James Morris 1525846551bSMauro Carvalho Chehab- David S. Miller 1535846551bSMauro Carvalho Chehab- Herbert Xu 1545846551bSMauro Carvalho Chehab 1555846551bSMauro Carvalho Chehab 1565846551bSMauro Carvalho ChehabCredits 1575846551bSMauro Carvalho Chehab======= 1585846551bSMauro Carvalho Chehab 1595846551bSMauro Carvalho ChehabThe following people provided invaluable feedback during the development 1605846551bSMauro Carvalho Chehabof the API: 1615846551bSMauro Carvalho Chehab 1625846551bSMauro Carvalho Chehab - Alexey Kuznetzov 1635846551bSMauro Carvalho Chehab - Rusty Russell 1645846551bSMauro Carvalho Chehab - Herbert Valerio Riedel 1655846551bSMauro Carvalho Chehab - Jeff Garzik 1665846551bSMauro Carvalho Chehab - Michael Richardson 1675846551bSMauro Carvalho Chehab - Andrew Morton 1685846551bSMauro Carvalho Chehab - Ingo Oeser 1695846551bSMauro Carvalho Chehab - Christoph Hellwig 1705846551bSMauro Carvalho Chehab 1715846551bSMauro Carvalho ChehabPortions of this API were derived from the following projects: 1725846551bSMauro Carvalho Chehab 1735846551bSMauro Carvalho Chehab Kerneli Cryptoapi (http://www.kerneli.org/) 1745846551bSMauro Carvalho Chehab - Alexander Kjeldaas 1755846551bSMauro Carvalho Chehab - Herbert Valerio Riedel 1765846551bSMauro Carvalho Chehab - Kyle McMartin 1775846551bSMauro Carvalho Chehab - Jean-Luc Cooke 1785846551bSMauro Carvalho Chehab - David Bryson 1795846551bSMauro Carvalho Chehab - Clemens Fruhwirth 1805846551bSMauro Carvalho Chehab - Tobias Ringstrom 1815846551bSMauro Carvalho Chehab - Harald Welte 1825846551bSMauro Carvalho Chehab 1835846551bSMauro Carvalho Chehaband; 1845846551bSMauro Carvalho Chehab 185*2324d50dSLinus Torvalds Nettle (https://www.lysator.liu.se/~nisse/nettle/) 1865846551bSMauro Carvalho Chehab - Niels Möller 1875846551bSMauro Carvalho Chehab 1885846551bSMauro Carvalho ChehabOriginal developers of the crypto algorithms: 1895846551bSMauro Carvalho Chehab 1905846551bSMauro Carvalho Chehab - Dana L. How (DES) 1915846551bSMauro Carvalho Chehab - Andrew Tridgell and Steve French (MD4) 1925846551bSMauro Carvalho Chehab - Colin Plumb (MD5) 1935846551bSMauro Carvalho Chehab - Steve Reid (SHA1) 1945846551bSMauro Carvalho Chehab - Jean-Luc Cooke (SHA256, SHA384, SHA512) 1955846551bSMauro Carvalho Chehab - Kazunori Miyazawa / USAGI (HMAC) 1965846551bSMauro Carvalho Chehab - Matthew Skala (Twofish) 1975846551bSMauro Carvalho Chehab - Dag Arne Osvik (Serpent) 1985846551bSMauro Carvalho Chehab - Brian Gladman (AES) 1995846551bSMauro Carvalho Chehab - Kartikey Mahendra Bhatt (CAST6) 2005846551bSMauro Carvalho Chehab - Jon Oberheide (ARC4) 2015846551bSMauro Carvalho Chehab - Jouni Malinen (Michael MIC) 2025846551bSMauro Carvalho Chehab - NTT(Nippon Telegraph and Telephone Corporation) (Camellia) 2035846551bSMauro Carvalho Chehab 2045846551bSMauro Carvalho ChehabSHA1 algorithm contributors: 2055846551bSMauro Carvalho Chehab - Jean-Francois Dive 2065846551bSMauro Carvalho Chehab 2075846551bSMauro Carvalho ChehabDES algorithm contributors: 2085846551bSMauro Carvalho Chehab - Raimar Falke 2095846551bSMauro Carvalho Chehab - Gisle Sælensminde 2105846551bSMauro Carvalho Chehab - Niels Möller 2115846551bSMauro Carvalho Chehab 2125846551bSMauro Carvalho ChehabBlowfish algorithm contributors: 2135846551bSMauro Carvalho Chehab - Herbert Valerio Riedel 2145846551bSMauro Carvalho Chehab - Kyle McMartin 2155846551bSMauro Carvalho Chehab 2165846551bSMauro Carvalho ChehabTwofish algorithm contributors: 2175846551bSMauro Carvalho Chehab - Werner Koch 2185846551bSMauro Carvalho Chehab - Marc Mutz 2195846551bSMauro Carvalho Chehab 2205846551bSMauro Carvalho ChehabSHA256/384/512 algorithm contributors: 2215846551bSMauro Carvalho Chehab - Andrew McDonald 2225846551bSMauro Carvalho Chehab - Kyle McMartin 2235846551bSMauro Carvalho Chehab - Herbert Valerio Riedel 2245846551bSMauro Carvalho Chehab 2255846551bSMauro Carvalho ChehabAES algorithm contributors: 2265846551bSMauro Carvalho Chehab - Alexander Kjeldaas 2275846551bSMauro Carvalho Chehab - Herbert Valerio Riedel 2285846551bSMauro Carvalho Chehab - Kyle McMartin 2295846551bSMauro Carvalho Chehab - Adam J. Richter 2305846551bSMauro Carvalho Chehab - Fruhwirth Clemens (i586) 2315846551bSMauro Carvalho Chehab - Linus Torvalds (i586) 2325846551bSMauro Carvalho Chehab 2335846551bSMauro Carvalho ChehabCAST5 algorithm contributors: 2345846551bSMauro Carvalho Chehab - Kartikey Mahendra Bhatt (original developers unknown, FSF copyright). 2355846551bSMauro Carvalho Chehab 2365846551bSMauro Carvalho ChehabTEA/XTEA algorithm contributors: 2375846551bSMauro Carvalho Chehab - Aaron Grothe 2385846551bSMauro Carvalho Chehab - Michael Ringe 2395846551bSMauro Carvalho Chehab 2405846551bSMauro Carvalho ChehabKhazad algorithm contributors: 2415846551bSMauro Carvalho Chehab - Aaron Grothe 2425846551bSMauro Carvalho Chehab 2435846551bSMauro Carvalho ChehabWhirlpool algorithm contributors: 2445846551bSMauro Carvalho Chehab - Aaron Grothe 2455846551bSMauro Carvalho Chehab - Jean-Luc Cooke 2465846551bSMauro Carvalho Chehab 2475846551bSMauro Carvalho ChehabAnubis algorithm contributors: 2485846551bSMauro Carvalho Chehab - Aaron Grothe 2495846551bSMauro Carvalho Chehab 2505846551bSMauro Carvalho ChehabTiger algorithm contributors: 2515846551bSMauro Carvalho Chehab - Aaron Grothe 2525846551bSMauro Carvalho Chehab 2535846551bSMauro Carvalho ChehabVIA PadLock contributors: 2545846551bSMauro Carvalho Chehab - Michal Ludvig 2555846551bSMauro Carvalho Chehab 2565846551bSMauro Carvalho ChehabCamellia algorithm contributors: 2575846551bSMauro Carvalho Chehab - NTT(Nippon Telegraph and Telephone Corporation) (Camellia) 2585846551bSMauro Carvalho Chehab 2595846551bSMauro Carvalho ChehabGeneric scatterwalk code by Adam J. Richter <adam@yggdrasil.com> 2605846551bSMauro Carvalho Chehab 2615846551bSMauro Carvalho ChehabPlease send any credits updates or corrections to: 2625846551bSMauro Carvalho ChehabHerbert Xu <herbert@gondor.apana.org.au> 263