diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-19 00:06:59 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-19 00:06:59 +0200 |
| commit | b8859274b0e841b58f258d60f8d72311c1668452 (patch) | |
| tree | 0c9cc29494dbc68ea14efbe0e320c5254da638eb /README | |
| parent | 3f8bcff5fb6cf236f73a403095bed0785cedf698 (diff) | |
| download | kernel-crypto-b8859274b0e841b58f258d60f8d72311c1668452.tar.gz kernel-crypto-b8859274b0e841b58f258d60f8d72311c1668452.tar.xz kernel-crypto-b8859274b0e841b58f258d60f8d72311c1668452.zip | |
Documented stuff about the newapi.
Diffstat (limited to 'README')
| -rw-r--r-- | README | 19 |
1 files changed, 15 insertions, 4 deletions
@@ -1,7 +1,18 @@ -This is a /dev/crypto device driver, equivalent to those in OpenBSD or -FreeBSD. The main idea is to access of existing ciphers in kernel space -from userspace, thus enabling re-use of a hardware implementation of a -cipher. +This is the linux-cryptodev [newapi] branch. Here a new API is being +designed. The ioctl() API is in ncr.h and the userspace in ncrypto.h. + +For the new API to fully operate, root must load a system key (constant +per system) using the setkey program. After this stage the new API should +be fully operational. + +The main concept of the new API is disallow userspace applications +access to cryptographic keys. Operations should be possible (such +as encryption/decryption/signing/verifying), but raw access to the +keys will not be possible. + + + +The old OpenBSD API via /dev/crypto device driver is still supported. It was initially written for linux 2.6.8 by Michal Ludvig. Compatibility fixes for *BSD cryptodev as well as porting to 2.6.27 blkcipher API |