[GitHub/moto-9609/android_kernel_motorola_exynos9610.git] / Documentation / crypto / api-intro.txt


                    Scatterlist Cryptographic API
                   
INTRODUCTION

The Scatterlist Crypto API takes page vectors (scatterlists) as
arguments, and works directly on pages.  In some cases (e.g. ECB
mode ciphers), this will allow for pages to be encrypted in-place
with no copying.

One of the initial goals of this design was to readily support IPsec,
so that processing can be applied to paged skb's without the need
for linearization.


DETAILS

At the lowest level are algorithms, which register dynamically with the
API.

'Transforms' are user-instantiated objects, which maintain state, handle all
of the implementation logic (e.g. manipulating page vectors) and provide an 
abstraction to the underlying algorithms.  However, at the user 
level they are very simple.

Conceptually, the API layering looks like this:

  [transform api]  (user interface)
  [transform ops]  (per-type logic glue e.g. cipher.c, compress.c)
  [algorithm api]  (for registering algorithms)
  
The idea is to make the user interface and algorithm registration API
very simple, while hiding the core logic from both.  Many good ideas
from existing APIs such as Cryptoapi and Nettle have been adapted for this.

The API currently supports five main types of transforms: AEAD (Authenticated
Encryption with Associated Data), Block Ciphers, Ciphers, Compressors and
Hashes.

Please note that Block Ciphers is somewhat of a misnomer.  It is in fact
meant to support all ciphers including stream ciphers.  The difference
between Block Ciphers and Ciphers is that the latter operates on exactly
one block while the former can operate on an arbitrary amount of data,
subject to block size requirements (i.e., non-stream ciphers can only
process multiples of blocks).

Here's an example of how to use the API:

	#include <crypto/hash.h>
	#include <linux/err.h>
	#include <linux/scatterlist.h>
	
	struct scatterlist sg[2];
	char result[128];
	struct crypto_ahash *tfm;
	struct ahash_request *req;
	
	tfm = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC);
	if (IS_ERR(tfm))
		fail();
		
	/* ... set up the scatterlists ... */

	req = ahash_request_alloc(tfm, GFP_ATOMIC);
	if (!req)
		fail();

	ahash_request_set_callback(req, 0, NULL, NULL);
	ahash_request_set_crypt(req, sg, result, 2);
	
	if (crypto_ahash_digest(req))
		fail();

	ahash_request_free(req);
	crypto_free_ahash(tfm);

    
Many real examples are available in the regression test module (tcrypt.c).


DEVELOPER NOTES

Transforms may only be allocated in user context, and cryptographic
methods may only be called from softirq and user contexts.  For
transforms with a setkey method it too should only be called from
user context.

When using the API for ciphers, performance will be optimal if each
scatterlist contains data which is a multiple of the cipher's block
size (typically 8 bytes).  This prevents having to do any copying
across non-aligned page fragment boundaries.


ADDING NEW ALGORITHMS

When submitting a new algorithm for inclusion, a mandatory requirement
is that at least a few test vectors from known sources (preferably
standards) be included.

Converting existing well known code is preferred, as it is more likely
to have been reviewed and widely tested.  If submitting code from LGPL
sources, please consider changing the license to GPL (see section 3 of
the LGPL).

Algorithms submitted must also be generally patent-free (e.g. IDEA
will not be included in the mainline until around 2011), and be based
on a recognized standard and/or have been subjected to appropriate
peer review.

Also check for any RFCs which may relate to the use of specific algorithms,
as well as general application notes such as RFC2451 ("The ESP CBC-Mode
Cipher Algorithms").

It's a good idea to avoid using lots of macros and use inlined functions
instead, as gcc does a good job with inlining, while excessive use of
macros can cause compilation problems on some platforms.

Also check the TODO list at the web site listed below to see what people
might already be working on.


BUGS

Send bug reports to:
linux-crypto@vger.kernel.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
    David S. Miller <davem@redhat.com>


FURTHER INFORMATION

For further patches and various updates, including the current TODO
list, see:
http://gondor.apana.org.au/~herbert/crypto/


AUTHORS

James Morris
David S. Miller
Herbert Xu


CREDITS

The following people provided invaluable feedback during the development
of the API:

  Alexey Kuznetzov
  Rusty Russell
  Herbert Valerio Riedel
  Jeff Garzik
  Michael Richardson
  Andrew Morton
  Ingo Oeser
  Christoph Hellwig

Portions of this API were derived from the following projects:
  
  Kerneli Cryptoapi (http://www.kerneli.org/)
    Alexander Kjeldaas
    Herbert Valerio Riedel
    Kyle McMartin
    Jean-Luc Cooke
    David Bryson
    Clemens Fruhwirth
    Tobias Ringstrom
    Harald Welte

and;
  
  Nettle (http://www.lysator.liu.se/~nisse/nettle/)
    Niels Möller

Original developers of the crypto algorithms:

  Dana L. How (DES)
  Andrew Tridgell and Steve French (MD4)
  Colin Plumb (MD5)
  Steve Reid (SHA1)
  Jean-Luc Cooke (SHA256, SHA384, SHA512)
  Kazunori Miyazawa / USAGI (HMAC)
  Matthew Skala (Twofish)
  Dag Arne Osvik (Serpent)
  Brian Gladman (AES)
  Kartikey Mahendra Bhatt (CAST6)
  Jon Oberheide (ARC4)
  Jouni Malinen (Michael MIC)
  NTT(Nippon Telegraph and Telephone Corporation) (Camellia)

SHA1 algorithm contributors:
  Jean-Francois Dive
  
DES algorithm contributors:
  Raimar Falke
  Gisle Sælensminde
  Niels Möller

Blowfish algorithm contributors:
  Herbert Valerio Riedel
  Kyle McMartin

Twofish algorithm contributors:
  Werner Koch
  Marc Mutz

SHA256/384/512 algorithm contributors:
  Andrew McDonald
  Kyle McMartin
  Herbert Valerio Riedel
  
AES algorithm contributors:
  Alexander Kjeldaas
  Herbert Valerio Riedel
  Kyle McMartin
  Adam J. Richter
  Fruhwirth Clemens (i586)
  Linus Torvalds (i586)

CAST5 algorithm contributors:
  Kartikey Mahendra Bhatt (original developers unknown, FSF copyright).

TEA/XTEA algorithm contributors:
  Aaron Grothe
  Michael Ringe

Khazad algorithm contributors:
  Aaron Grothe

Whirlpool algorithm contributors:
  Aaron Grothe
  Jean-Luc Cooke

Anubis algorithm contributors:
  Aaron Grothe

Tiger algorithm contributors:
  Aaron Grothe

VIA PadLock contributors:
  Michal Ludvig

Camellia algorithm contributors:
  NTT(Nippon Telegraph and Telephone Corporation) (Camellia)

Generic scatterwalk code by Adam J. Richter <adam@yggdrasil.com>

Please send any credits updates or corrections to:
Herbert Xu <herbert@gondor.apana.org.au>
Commit	Line	Data
1da177e4 LT	1
	2	Scatterlist Cryptographic API
	3
	4	INTRODUCTION
	5
	6	The Scatterlist Crypto API takes page vectors (scatterlists) as
	7	arguments, and works directly on pages. In some cases (e.g. ECB
	8	mode ciphers), this will allow for pages to be encrypted in-place
	9	with no copying.
	10
	11	One of the initial goals of this design was to readily support IPsec,
	12	so that processing can be applied to paged skb's without the need
	13	for linearization.
	14
	15
	16	DETAILS
	17
	18	At the lowest level are algorithms, which register dynamically with the
	19	API.
	20
	21	'Transforms' are user-instantiated objects, which maintain state, handle all
878b9014 HX	22	of the implementation logic (e.g. manipulating page vectors) and provide an
878b9014 HX	23	abstraction to the underlying algorithms. However, at the user
1da177e4 LT	24	level they are very simple.
	25
	26	Conceptually, the API layering looks like this:
	27
	28	[transform api] (user interface)
878b9014	29	[transform ops] (per-type logic glue e.g. cipher.c, compress.c)
1da177e4 LT	30	[algorithm api] (for registering algorithms)
	31
	32	The idea is to make the user interface and algorithm registration API
	33	very simple, while hiding the core logic from both. Many good ideas
	34	from existing APIs such as Cryptoapi and Nettle have been adapted for this.
	35
86f578de HX	36	The API currently supports five main types of transforms: AEAD (Authenticated
	37	Encryption with Associated Data), Block Ciphers, Ciphers, Compressors and
	38	Hashes.
	39
	40	Please note that Block Ciphers is somewhat of a misnomer. It is in fact
	41	meant to support all ciphers including stream ciphers. The difference
	42	between Block Ciphers and Ciphers is that the latter operates on exactly
	43	one block while the former can operate on an arbitrary amount of data,
	44	subject to block size requirements (i.e., non-stream ciphers can only
	45	process multiples of blocks).
1da177e4	46
1da177e4 LT	47	Here's an example of how to use the API:
1da177e4 LT	48
450a6c30	49	#include <crypto/hash.h>
878b9014 HX	50	#include <linux/err.h>
878b9014 HX	51	#include <linux/scatterlist.h>
1da177e4 LT	52
	53	struct scatterlist sg[2];
	54	char result[128];
8bc618d6 HX	55	struct crypto_ahash *tfm;
8bc618d6 HX	56	struct ahash_request *req;
1da177e4	57
8bc618d6	58	tfm = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC);
878b9014	59	if (IS_ERR(tfm))
1da177e4 LT	60	fail();
	61
	62	/* ... set up the scatterlists ... */
878b9014	63
8bc618d6 HX	64	req = ahash_request_alloc(tfm, GFP_ATOMIC);
8bc618d6 HX	65	if (!req)
878b9014	66	fail();
8bc618d6 HX	67
	68	ahash_request_set_callback(req, 0, NULL, NULL);
	69	ahash_request_set_crypt(req, sg, result, 2);
1da177e4	70
8bc618d6 HX	71	if (crypto_ahash_digest(req))
	72	fail();
	73
	74	ahash_request_free(req);
	75	crypto_free_ahash(tfm);
1da177e4 LT	76
	77
	78	Many real examples are available in the regression test module (tcrypt.c).
	79
	80
1da177e4 LT	81	DEVELOPER NOTES
	82
	83	Transforms may only be allocated in user context, and cryptographic
86f578de HX	84	methods may only be called from softirq and user contexts. For
	85	transforms with a setkey method it too should only be called from
	86	user context.
1da177e4 LT	87
	88	When using the API for ciphers, performance will be optimal if each
	89	scatterlist contains data which is a multiple of the cipher's block
	90	size (typically 8 bytes). This prevents having to do any copying
	91	across non-aligned page fragment boundaries.
	92
	93
	94	ADDING NEW ALGORITHMS
	95
	96	When submitting a new algorithm for inclusion, a mandatory requirement
	97	is that at least a few test vectors from known sources (preferably
	98	standards) be included.
	99
	100	Converting existing well known code is preferred, as it is more likely
	101	to have been reviewed and widely tested. If submitting code from LGPL
	102	sources, please consider changing the license to GPL (see section 3 of
	103	the LGPL).
	104
	105	Algorithms submitted must also be generally patent-free (e.g. IDEA
	106	will not be included in the mainline until around 2011), and be based
	107	on a recognized standard and/or have been subjected to appropriate
	108	peer review.
	109
	110	Also check for any RFCs which may relate to the use of specific algorithms,
	111	as well as general application notes such as RFC2451 ("The ESP CBC-Mode
	112	Cipher Algorithms").
	113
	114	It's a good idea to avoid using lots of macros and use inlined functions
	115	instead, as gcc does a good job with inlining, while excessive use of
	116	macros can cause compilation problems on some platforms.
	117
	118	Also check the TODO list at the web site listed below to see what people
	119	might already be working on.
	120
	121
	122	BUGS
	123
	124	Send bug reports to:
86f578de HX	125	linux-crypto@vger.kernel.org
	126	Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	127	David S. Miller <davem@redhat.com>
1da177e4 LT	128
	129
	130	FURTHER INFORMATION
	131
	132	For further patches and various updates, including the current TODO
	133	list, see:
878b9014	134	http://gondor.apana.org.au/~herbert/crypto/
1da177e4 LT	135
	136
	137	AUTHORS
	138
	139	James Morris
	140	David S. Miller
878b9014	141	Herbert Xu
1da177e4 LT	142
	143
	144	CREDITS
	145
	146	The following people provided invaluable feedback during the development
	147	of the API:
	148
	149	Alexey Kuznetzov
	150	Rusty Russell
	151	Herbert Valerio Riedel
	152	Jeff Garzik
	153	Michael Richardson
	154	Andrew Morton
	155	Ingo Oeser
	156	Christoph Hellwig
	157
	158	Portions of this API were derived from the following projects:
	159
	160	Kerneli Cryptoapi (http://www.kerneli.org/)
	161	Alexander Kjeldaas
	162	Herbert Valerio Riedel
	163	Kyle McMartin
	164	Jean-Luc Cooke
	165	David Bryson
	166	Clemens Fruhwirth
	167	Tobias Ringstrom
	168	Harald Welte
	169
	170	and;
	171
	172	Nettle (http://www.lysator.liu.se/~nisse/nettle/)
be2a608b	173	Niels Möller
1da177e4 LT	174
	175	Original developers of the crypto algorithms:
	176
	177	Dana L. How (DES)
	178	Andrew Tridgell and Steve French (MD4)
	179	Colin Plumb (MD5)
	180	Steve Reid (SHA1)
	181	Jean-Luc Cooke (SHA256, SHA384, SHA512)
	182	Kazunori Miyazawa / USAGI (HMAC)
	183	Matthew Skala (Twofish)
	184	Dag Arne Osvik (Serpent)
	185	Brian Gladman (AES)
	186	Kartikey Mahendra Bhatt (CAST6)
	187	Jon Oberheide (ARC4)
	188	Jouni Malinen (Michael MIC)
dc2e2f33	189	NTT(Nippon Telegraph and Telephone Corporation) (Camellia)
1da177e4 LT	190
	191	SHA1 algorithm contributors:
	192	Jean-Francois Dive
	193
	194	DES algorithm contributors:
	195	Raimar Falke
be2a608b JAKJ	196	Gisle Sælensminde
be2a608b JAKJ	197	Niels Möller
1da177e4 LT	198
	199	Blowfish algorithm contributors:
	200	Herbert Valerio Riedel
	201	Kyle McMartin
	202
	203	Twofish algorithm contributors:
	204	Werner Koch
	205	Marc Mutz
	206
	207	SHA256/384/512 algorithm contributors:
	208	Andrew McDonald
	209	Kyle McMartin
	210	Herbert Valerio Riedel
	211
	212	AES algorithm contributors:
	213	Alexander Kjeldaas
	214	Herbert Valerio Riedel
	215	Kyle McMartin
	216	Adam J. Richter
	217	Fruhwirth Clemens (i586)
	218	Linus Torvalds (i586)
	219
	220	CAST5 algorithm contributors:
	221	Kartikey Mahendra Bhatt (original developers unknown, FSF copyright).
	222
	223	TEA/XTEA algorithm contributors:
	224	Aaron Grothe
fb4f10ed	225	Michael Ringe
1da177e4 LT	226
	227	Khazad algorithm contributors:
	228	Aaron Grothe
	229
	230	Whirlpool algorithm contributors:
	231	Aaron Grothe
	232	Jean-Luc Cooke
	233
	234	Anubis algorithm contributors:
	235	Aaron Grothe
	236
	237	Tiger algorithm contributors:
	238	Aaron Grothe
	239
878b9014 HX	240	VIA PadLock contributors:
	241	Michal Ludvig
	242
dc2e2f33 NT	243	Camellia algorithm contributors:
	244	NTT(Nippon Telegraph and Telephone Corporation) (Camellia)
	245
1da177e4 LT	246	Generic scatterwalk code by Adam J. Richter <adam@yggdrasil.com>
	247
	248	Please send any credits updates or corrections to:
878b9014	249	Herbert Xu <herbert@gondor.apana.org.au>
1da177e4	250