LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

An API for user-space access to kernel cryptography

An API for user-space access to kernel cryptography

Posted Aug 26, 2010 10:16 UTC (Thu) by alankila (subscriber, #47141)
In reply to: An API for user-space access to kernel cryptography by ringerc
Parent article: An API for user-space access to kernel cryptography

Wouldn't these facilities be accessed just by executing some instructions made for this purpose, and therefore they are available to any program?

(Log in to post comments)

An API for user-space access to kernel cryptography

Posted Aug 27, 2010 7:51 UTC (Fri) by cladisch (✭ supporter ✭, #50193) [Link]

There are hardware accelerators that are not integrated into the CPU execution units but that exist as separate devices.

An API for user-space access to kernel cryptography

Posted Aug 28, 2010 9:25 UTC (Sat) by jengelh (subscriber, #33263) [Link]

Perhaps it's better to do the crypto stuff like libusb, that is, have the kernel export only the data channel and have an userspace library (perhaps even daemon if there is concurrency to deal with) to do the crypto context setup etc.

An API for user-space access to kernel cryptography

Posted Aug 28, 2010 15:27 UTC (Sat) by kleptog (subscriber, #1183) [Link]

Oh, I was thinking that the logical step would be cryptfs, where you mount a file system and get a bunch of directories representing encryption algorithms and you just open() the one you want and then use send/recvmsg with options to do the work you want.

No seriously, I don't understand why this needs to be in the kernel, a root-owned daemon should be more than enough.

An API for user-space access to kernel cryptography

Posted Aug 30, 2010 10:19 UTC (Mon) by michaeljt (subscriber, #39183) [Link]

> There are hardware accelerators that are not integrated into the CPU execution units but that exist as separate devices.

To me it would seem reasonable to have a crypto API in the kernel with no software fallback, so that it is available if it makes sense to do it in hardware, but the interface user has to handle the fallback themselves if the hardware isn't there.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds