Ideas about Linux CryptoAPI userspace interface

Ideas about Linux CryptoAPI userspace interface

[Arturas K]

Hi,

I run trough mailing list archives back to "ancient times" and from time 
to time there is a noise about the lack of cryptoapi userspace 
interface. There were just wining ( like me :D ), there were some 
attempts to do something reasonable/usable - but nothing reached 
mainline kernel...

I am not good at C or C++, so I will limit my contribution to some 
observations/ideas:

* in user space, openssl is the defacto cryptography provider. it even 
supports some hardware accelerators.

* the biggest desire for cryptoapi userspace interface comes from corner 
cases there kernel supports hardware acceleration, while openssl does 
not (like geode aes engine).

* for this interface to achieve reasonable adoption (succeed),
it must be exposed to openssl (aka some sort of openssl engine)

* there were attempts to port cryptodev, but filed due some gurus don't 
like the interface or the implementation or both.

* despite cryptodev is far from ideal interface - it already has support 
in openssl.

* unless there are willing ones to code on both (kernel and openssl), 
why not to properly implement cryptodev, mark it as highly experimental 
and add a fat warning what it will be tiered apart once someone comes 
with something better?

* I beleve, there will be more willing ones to create proper interface 
once there is actual user base instead of targeted one :)

---
teaser: I dream about cheap stock vga card acting as cryptography 
accelerator to feed 10G ethernet links at no cost :D
---
ArturasK.