basics for cryptodev support

Nikos Mavrogiannopoulos nmav at
Sun Mar 16 17:47:31 CET 2008

I'm working slowly into adding some support for hw crypto devices. 
Currently the easiest way to achieve this is by using the kernel crypto 
hw support (in linux there is already support for via and geode aes 
implementations and there is also ocf-linux[0] which provides more hw).

For this reason I added an API to register ciphers and macs (rnd + pki 
will follow on my next burst).

Initially to test this support I'll need to add support for /dev/crypto 
when it is available (freebsd/openbsd, linux with ocf).

If anyone is interested in helping in any of these, please contact me.

The current API to register ciphers and hash/hmac is:

typedef struct gnutls_crypto_cipher {
   int (*init)( void** ctx);
   int (*setkey)( void* ctx, const void * key, int keysize);
   int (*setiv)(void* ctx, const void* iv, int ivsize);
   int (*encrypt)(void* ctx, const void* plain, int plainsize, void* 
encr, int encrsize);
   int (*decrypt)(void* ctx, const void* encr, int encrsize, void* 
plain, int plainsize);
   void (*deinit)( void* ctx);
} gnutls_crypto_cipher_st;

typedef struct gnutls_crypto_mac {
   int (*init)( void** ctx);
   int (*setkey)( void* ctx, const void * key, int keysize);
   int (*hash)( void* ctx, const void * text, int textsize);
   int (*copy)( void** dst_ctx, void* src_ctx);
   int (*output) ( void* src_ctx, void* digest, int digestsize);
   void (*deinit)( void* ctx);
} gnutls_crypto_mac_st;

/* the same... setkey should be null */
typedef gnutls_crypto_mac_st gnutls_crypto_digest_st;

int gnutls_crypto_cipher_register( gnutls_cipher_algorithm_t algorithm, 
int priority, gnutls_crypto_cipher_st* s);
int gnutls_crypto_mac_register( gnutls_mac_algorithm_t algorithm, int 
priority, gnutls_crypto_mac_st* s);
int gnutls_crypto_digest_register( gnutls_digest_algorithm_t algorithm, 
int priority, gnutls_crypto_digest_st* s)



More information about the Gnutls-devel mailing list