2008-07-10 09:18:23

by Arturas K

[permalink] [raw]
Subject: Ideas about Linux CryptoAPI userspace interface


I run trough mailing list archives back to "ancient times" and from time
to time there is a noise about the lack of cryptoapi userspace
interface. There were just wining ( like me :D ), there were some
attempts to do something reasonable/usable - but nothing reached
mainline kernel...

I am not good at C or C++, so I will limit my contribution to some

* in user space, openssl is the defacto cryptography provider. it even
supports some hardware accelerators.

* the biggest desire for cryptoapi userspace interface comes from corner
cases there kernel supports hardware acceleration, while openssl does
not (like geode aes engine).

* for this interface to achieve reasonable adoption (succeed),
it must be exposed to openssl (aka some sort of openssl engine)

* there were attempts to port cryptodev, but filed due some gurus don't
like the interface or the implementation or both.

* despite cryptodev is far from ideal interface - it already has support
in openssl.

* unless there are willing ones to code on both (kernel and openssl),
why not to properly implement cryptodev, mark it as highly experimental
and add a fat warning what it will be tiered apart once someone comes
with something better?

* I beleve, there will be more willing ones to create proper interface
once there is actual user base instead of targeted one :)

teaser: I dream about cheap stock vga card acting as cryptography
accelerator to feed 10G ethernet links at no cost :D