匿名
未登录
登录
百问网嵌入式Linux wiki
搜索
查看“Crypto API overview”的源代码
来自百问网嵌入式Linux wiki
名字空间
页面
讨论
更多
更多
页面选项
Read
查看源代码
历史
←
Crypto API overview
因为以下原因,您没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
The Crypto API is a cryptography framework in the Linux<sup>®</sup> kernel. It is dedicated to the parts of the kernel that deal with cryptography, such as IPsec and dm-crypt. == Framework purpose == The purpose of this article is to introduce the Crypto API framework: * general information * main component/stakeholders * how to use the Crypto API * use cases The Crypto API framework mainly includes all popular '''hash''' and '''block ciphers''' (encryption) functions. A '''hash''' is a string or number generated from a text string. The length of the resulting string or number is fixed and widely varies with small variations of the input. The best hashing algorithms are designed so that it is impossible to turn a hash back into its original string. Hashing is particularly useful to compare a value with a stored value. However it cannot store its plain representation for security reasons. This makes hashing an ideal solution to store passwords. '''Encryption''' turns data into a series of unreadable characters which length is not fixed. The encrypted strings can reversed back into their original decrypted form if the right key is not provided. Encrypting a confidential file is a good way to prevent anyone from accessing its content. Drivers for CRYP (block cipher), HASH (hash) and CRC (cyclic redundancy check) are integrated within the Crypto API kernel service. ==System overview== [[File:cryptoapi.png|thumb|center|766px|link=|alt=Alternate text|Crypto API]] ===Description of the components=== {{Info| OpenSSL and dm-crypt are not part of the Crypto API framework but they are typical users of the Crypto API services.}} ''From User space to hardware'' *'''OpenSSL''' (User space) OpenSSL<ref>[https://www.openssl.org/ OpenSSL] a software library supporting the TLS and SSL protocols as well as cryptographic functions.</ref> is a software library supporting the TLS and SSL protocols as well as cryptographic functions. Openssl is available in OpenSTLinux distribution. *'''dm-crypt''' (Kernel space) dm-crypt<ref>[https://en.wikipedia.org/wiki/Dm-crypt dm-crypt] a kernel disk encryption subsystem</ref> is a kernel disk encryption subsystem. It is natively available in the standard Linux kernel. *'''Cryptodev''' (Kernel space) Cryptodev<ref>[http://www.logix.cz/michal/devel/cryptodev/ Cryptodev] a device driver which provides a general interface for userland applications</ref> is a device driver which provides a general interface for userland applications. Although it is not part of the standard Linux kernel, it is available in OpenSTLinux distribution. *'''CryptoAPI core''' (Kernel space) This layer represents the standard Linux kernel cryptographic framework. *'''hash''', '''cryp''' and '''crc32''' (Kernel space) These are the cryptographic Linux drivers handling the HW blocks. *'''HASH''', '''CRYP''' and '''CRC''' (Hardware) These HW blocks handle hash, ciphering, and CRC checksum. ===API description=== The Crypto API is documented in the Linux Kernel Crypto API section of the Linux Kernel documentation<ref>[https://www.kernel.org/doc/html/latest/crypto/index.html Linux Kernel Crypto API] the official crypto API kernel documentation</ref>. It offers both a kernel and a userland interface: *kernel internal interface, used in particular by dm-crypt. *userland algorithm interface (socket) named AF_ALG<ref>[https://www.kernel.org/doc/html/latest/crypto/userspace-if.html Crypto API Userland interface] specification of the userland API</ref>. OpenSSL can use this interface. In addition to the socket user interface, a more friendly interface, the cryptodev, can be used. It offers the /dev/crypto ioctl API. It is roughly described by the cryptodev.h<ref>[https://github.com/nmav/cryptodev-linux/blob/master/crypto/cryptodev.h cryptodev.h] cryptodev header file specifying the userland API</ref> header file. OpenSSL can be configured to use this interface as an alternative to the historical AF_ALG interface. ==Configuration == ===Kernal configuration === The Crypto API is activated by default in ST deliveries. Nevertheless, if a specific configuration is required, you can use Linux Menuconfig tool: [[Menuconfig or how to configure kernel | Menuconfig or how to configure kernel ]] and select: <pre> [*] Cryptographic API ---> [*] Hardware crypto devices ---> [*] Support for STM32 crc accelerators [*] Support for STM32 hash accelerators [*] Support for STM32 crypto accelerators </pre> ===Devicetree configuration === By default the drivers are not enabled, so this needs to be added if you want to use HW accelerators. * crc: [[CRC_device_tree_configuration]]. * hash: [[HASH_device_tree_configuration]]. * crypto: [[CRYP_device_tree_configuration]]. == How to use the Crypto API framework== The Crypto API framework can be used by other kernel modules. The Crypto API documentation provides kernel code examples<ref>[https://www.kernel.org/doc/html/latest/crypto/api-samples.html Crypto API kernel code examples] some kernel code examples using the Crypto API framework</ref>: * Symmetric-key cipher operation. * Operational state memory with SHASH. == Use cases== * Disk encryption This is a typical example of Crypto API framework usage. Refer to LUKS<ref>[https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md LUKS (Linux Unified Key Setup )] a disk encryption specification</ref> for a standard disk encryption process. ==How to trace and debug the framework== === How to monitor === The list of available ciphers is given in /proc/crypto: {{Board$}} cat /proc/crypto Output part showing that an STM32 driver provides with the CRC32 cipher: ... name : '''crc32''' driver : '''stm32-crc32''' module : kernel priority : 200 refcnt : 1 selftest : passed internal : no type : shash blocksize : 1 digestsize : 4 ... === How to trace === There are no specific traces for this framework. === How to debug === There are no specific debug means for this framework. ==Generic source code location== *{{CodeSource | Linux kernel | crypto | CryptoAPI core}} *{{CodeSource | Linux kernel | include/linux/crypto.h | CryptoAPI interface}} *{{CodeSource | Linux kernel | drivers/crypto/stm32 | stm32 crypto drivers}} ==References== <references /> <noinclude> [[Category:Crypto|0]] {{PublicationRequestId | 7954 | 2018-06-29 | AnneJ}} {{ArticleBasedOnModel | Framework overview article model}} {{ReviewsComments|JCT 1840: alignment needed with the last version of the model [[Category:ToBeAlignedWithModel]] }} </noinclude>
该页面使用的模板:
模板:ArticleBasedOnModel
(
查看源代码
)
模板:Board$
(
查看源代码
)
模板:CodeSource
(
查看源代码
)
模板:Info
(
查看源代码
)
模板:PublicationRequestId
(
查看源代码
)
模板:ReviewsComments
(
查看源代码
)
模板:STDarkBlue
(
查看源代码
)
返回至
Crypto API overview
。
导航
导航
WIKI首页
官方店铺
资料下载中心
所有页面
Wiki工具
Wiki工具
特殊页面
页面工具
页面工具
用户页面工具
更多
链入页面
相关更改
页面信息
页面日志