How can i add more algorithm in cryptoAPI in linux

Question

When i check /proc/crypto it shows me:

abhi@ubuntu:/proc$ cat crypto 
name         : stdrng
driver       : krng
module       : kernel
priority     : 200
refcnt       : 1
selftest     : passed
type         : rng
seedsize     : 0

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

I need to use aes256 for one of my projects.

Can someone point out how I can add this algo to crypto api or is there any other way i can achieve this in (ubuntu 10.4, 2.6.32-35).

Is there a list of supported (by default) algorithms that are implemented with the cryptoapi for kernel 2.6?

That's stuff built into the kernel. Nothing stops you from using external crypto libraries (e.g. OpenSSL). — Marc B, Apr 28 '12 at 14:36
@MarcB i read about the api and was having a notation that new algos can be added to it(it facilitates for that). 2.) Is there a list of supported (by defualt) algos that are implemented with the cryptoapi for kernel 2.6 ? — abhi, Apr 28 '12 at 14:42
Sure, but you'll have to recompile the kernel, or build them as modules. You'd have to look in the kernel modules directory to see which ones in particular came with your kernel. If there's more, you can use `insmod` to load them — Marc B, Apr 28 '12 at 14:43
@MarcB yes i was looking for a similar resource only which can guide as in how to start with the addition of algos in cryptoAPI.. One more question when we actually have user space libs as openssl then what is the actual use of system space API like CRYPToAPI..many thanks — abhi, Apr 29 '12 at 13:35

osgx · Accepted Answer · 2013-03-11T23:30:14.603

Abhi, Kernel crypto API was created in 2002 for protocols, which requires cryptography inside the kernel (in the kernel mode, when you has no reliable way of using user-space crypto):

Although initially aimed at supporting IPSec, the API has been designed as a general-purpose facility, with potential applications including encrypted files, encrypted filesystems, strong filesystem integrity, the random character device (/dev/random), network filesystem security (for example, CIFS) and other kernel networking services requiring cryptography.

So, If you are working in the user-space and has no plans to move into kernel as new FS or new part of network stack, it is easier and more portable to use user-space library for crypto. User-space lib may use or not use kernel API for some ciphers, but likely it will use user-space implementation. There are a lot of such libs, e.g. openssl, Libgcrypt etc. Some huge frameworks, like Qt may include some popular crypto too.

To expand cryptoapi in kernel with new algo you should have this algo implemented and compiled for your kernel (either as module or as part of kernel binary). To find name of modules compiled for your kernel, try ls /lib/modules/*/*/arch/*/crypto/ /lib/modules/*/*/crypto/; then you can call for example modprobe aes_generic or modprobe aes-x86_64 to load additional crypto module in API.

After modprobe aes-x86_64 I have:

# cat /proc/crypto |grep aes
name         : aes
driver       : aes-asm
module       : aes_x86_64
name         : aes
driver       : aes-generic
module       : aes_generic

score -1 · Answer 2 · answered Mar 08 '13 at 08:25

-1

you can take aes-generic.c as an example

answered Mar 08 '13 at 08:25

JohnsonDiao

167
1
1
7

Who is the Mr. aes-generic.c ? – osgx Mar 09 '13 at 19:27
aes-generic.c is a kernel driver, whick local at /linux/crypto/. If you want to add your own alg into the kernel, you can take this file as an example. – JohnsonDiao Mar 11 '13 at 06:31
And where is the `/linux/crypto` located? – osgx Mar 11 '13 at 23:29
1

in the linux kernel source. http://lxr.free-electrons.com/source/crypto/aes_generic.c?v=2.6.38;a=arm – JohnsonDiao Mar 13 '13 at 06:31

How can i add more algorithm in cryptoAPI in linux

2 Answers2

Linked