- 加密框架將算法的屬性抽象為算法說明數據結構struct crypto_alg,加密框架中的每一個算法(基礎算法和衍生算法)都表示為一個算法說明數據結構的實例,因此將struct crypto_alg稱為通用算法說明數據結構。
- 后續章節中如無特殊說明,算法說明數據結構和通用算法數據結構均指的是struct crypto_alg。
- crypto.h - include/linux/crypto.h - Linux source code (v5.15.11) - Bootlin
/*** struct crypto_alg - definition of a cryptograpic cipher algorithm* @cra_flags: Flags describing this transformation. See include/linux/crypto.h* CRYPTO_ALG_* flags for the flags which go in here. Those are* used for fine-tuning the description of the transformation* algorithm.* @cra_blocksize: Minimum block size of this transformation. The size in bytes* of the smallest possible unit which can be transformed with* this algorithm. The users must respect this value.* In case of HASH transformation, it is possible for a smaller* block than @cra_blocksize to be passed to the crypto API for* transformation, in case of any other transformation type, an* error will be returned upon any attempt to transform smaller* than @cra_blocksize chunks.* @cra_ctxsize: Size of the operational context of the transformation. This* value informs the kernel crypto API about the memory size* needed to be allocated for the transformation context.* @cra_alignmask: Alignment mask for the input and output data buffer. The data* buffer containing the input data for the algorithm must be* aligned to this alignment mask. The data buffer for the* output data must be aligned to this alignment mask. Note that* the Crypto API will do the re-alignment in software, but* only under special conditions and there is a performance hit.* The re-alignment happens at these occasions for different* @cra_u types: cipher -- For both input data and output data* buffer; ahash -- For output hash destination buf; shash --* For output hash destination buf.* This is needed on hardware which is flawed by design and* cannot pick data from arbitrary addresses.* @cra_priority: Priority of this transformation implementation. In case* multiple transformations with same @cra_name are available to* the Crypto API, the kernel will use the one with highest* @cra_priority.* @cra_name: Generic name (usable by multiple implementations) of the* transformation algorithm. This is the name of the transformation* itself. This field is used by the kernel when looking up the* providers of particular transformation.* @cra_driver_name: Unique name of the transformation provider. This is the* name of the provider of the transformation. This can be any* arbitrary value, but in the usual case, this contains the* name of the chip or provider and the name of the* transformation algorithm.* @cra_type: Type of the cryptographic transformation. This is a pointer to* struct crypto_type, which implements callbacks common for all* transformation types. There are multiple options, such as* &crypto_skcipher_type, &crypto_ahash_type, &crypto_rng_type.* This field might be empty. In that case, there are no common* callbacks. This is the case for: cipher, compress, shash.* @cra_u: Callbacks implementing the transformation. This is a union of* multiple structures. Depending on the type of transformation selected* by @cra_type and @cra_flags above, the associated structure must be* filled with callbacks. This field might be empty. This is the case* for ahash, shash.* @cra_init: Initialize the cryptographic transformation object. This function* is used to initialize the cryptographic transformation object.* This function is called only once at the instantiation time, right* after the transformation context was allocated. In case the* cryptographic hardware has some special requirements which need to* be handled by software, this function shall check for the precise* requirement of the transformation and put any software fallbacks* in place.* @cra_exit: Deinitialize the cryptographic transformation object. This is a* counterpart to @cra_init, used to remove various changes set in* @cra_init.* @cra_u.cipher: Union member which contains a single-block symmetric cipher* definition. See @struct @cipher_alg.* @cra_u.compress: Union member which contains a (de)compression algorithm.* See @struct @compress_alg.* @cra_module: Owner of this transformation implementation. Set to THIS_MODULE* @cra_list: internally used* @cra_users: internally used* @cra_refcnt: internally used* @cra_destroy: internally used** @stats: union of all possible crypto_istat_xxx structures* @stats.aead: statistics for AEAD algorithm* @stats.akcipher: statistics for akcipher algorithm* @stats.cipher: statistics for cipher algorithm* @stats.compress: statistics for compress algorithm* @stats.hash: statistics for hash algorithm* @stats.rng: statistics for rng algorithm* @stats.kpp: statistics for KPP algorithm** The struct crypto_alg describes a generic Crypto API algorithm and is common* for all of the transformations. Any variable not documented here shall not* be used by a cipher implementation as it is internal to the Crypto API.*/struct crypto_alg {struct list_head cra_list;struct list_head cra_users;u32 cra_flags;unsigned int cra_blocksize;unsigned int cra_ctxsize;unsigned int cra_alignmask;int cra_priority;atomic_t cra_refcnt;char cra_name[CRYPTO_MAX_ALG_NAME];char cra_driver_name[CRYPTO_MAX_ALG_NAME];const struct crypto_type *cra_type;union {struct ablkcipher_alg ablkcipher;struct aead_alg aead;struct blkcipher_alg blkcipher;struct cipher_alg cipher;struct compress_alg compress;struct rng_alg rng;} cra_u;int (*cra_init)(struct crypto_tfm *tfm);void (*cra_exit)(struct crypto_tfm *tfm);void (*cra_destroy)(struct crypto_alg *alg);struct module *cra_module;
}
struct crypto_alg {struct list_head cra_list;struct list_head cra_users;u32 cra_flags;unsigned int cra_blocksize;unsigned int cra_ctxsize;unsigned int cra_alignmask;int cra_priority;refcount_t cra_refcnt;char cra_name[CRYPTO_MAX_ALG_NAME];char cra_driver_name[CRYPTO_MAX_ALG_NAME];const struct crypto_type *cra_type;union {struct cipher_alg cipher;struct compress_alg compress;} cra_u;int (*cra_init)(struct crypto_tfm *tfm);void (*cra_exit)(struct crypto_tfm *tfm);void (*cra_destroy)(struct crypto_alg *alg);struct module *cra_module;#ifdef CONFIG_CRYPTO_STATSunion {struct crypto_istat_aead aead;struct crypto_istat_akcipher akcipher;struct crypto_istat_cipher cipher;struct crypto_istat_compress compress;struct crypto_istat_hash hash;struct crypto_istat_rng rng;struct crypto_istat_kpp kpp;} stats;
#endif /* CONFIG_CRYPTO_STATS */} CRYPTO_MINALIGN_ATTR;- ?內核版本 V5.15.1
數據結構struct crypto_alg中各成員變量含義如下所示,其中前綴cra為crypto_alg的縮寫:
- crypto_alg是個基類,任何算法都可以基于它派生出衍生類;每個算法都對應著一個struct crypto_alg實例,一般在module_init中調用crypto_register_alg接口將具體的crypto_alg對象添加到crypto_alg_list鏈表中。
- 1)cra_list:算法管理鏈表節點,向加密框架注冊算法實際上就是將cra_list添加到全局的算法管理鏈表的過程,管理算法鏈表的表頭為crypto_alg_list;
- 2)cra_users:算法用戶鏈表表頭,將由算法根據算法模板創建的新算法視為本算法的一個用戶;此算法被引用的所有crypto_spawn實例鏈表。
- 3)cra_flag:算法標志,包括算法狀態和算法類型等標志位,其中低4比特表示算法類型;
- 4)cra_blocksize:算法分組長度,單位:字節;是單個處理數據塊大小
- 5)cra_ctxsize:算法上下文空間大小,單位:字節;為transformation context大小
- 6)cra_alignmask:算法輸入輸出數據地址對齊要求屏蔽位,alignmask+1表示地址對齊要求,如算法輸入輸出數據地址要求4字節對齊,則alignmask=3;
- 7)cra_priority:算法優先級;
- 8)cra_refcnt:算法引用計數;
- 9)cra_name[CRYPTO_MAX_ALG_NAME]:算法名,最多為64個字符;
- 10)cra_driver_name[CRYPTO_MAX_ALG_NAME]:算法驅動名,最多為64個字符。注冊時,如果未指定算法驅動名,則按“算法名-generic”規則定義算法驅動名;
- 11)cra_type:算法類型,其數據類型為const,因此稱之為算法類型常量。如果算法能夠提供某種密碼服務,必須設置cra_type,并且與cra_flag中的算法類型保持一致;
- 12)cra_u:算法個性化屬性,聯合體變量,其各成員變量含義如下:
- a)ablkcipher:異步塊加密算法個性化屬性;
- b)aead:認證加密算法個性化屬性;
- c)blkcipher:塊加密算法個性化屬性;
- d)cipher:分組算法個性化屬性;
- e)compress:壓縮算法個性化屬性;
- f)rng:偽隨機數算法個性化屬性;
- 這里有一個很重要的數據成員cra_u,因為它體現了kernel crypto架構設計者的設計思想:它將四種比較常用的算法類型的處理方式抽象到基類當中,即如果你要添加的算法為這4類,就只需要實現這4類算法所對應的方法,如果不是這4類當中,就需要在基類上做派生,實現特定的crypto_type。具體內核版本不同? ?差異很大
- 13)cra_init:算法實例初始化接口,由算法模板使用;
- 14)cra_exit:算法實例析構接口,由算法模板使用;
- 15)cra_destroy:算法說明實例的銷毀接口,由無驅動的算法說明實例使用,如算法幼蟲;
- 16)cra_module:算法所屬的模塊,一般為THIS_MODULE,編譯時確定。
- 算法說明數據結構的成員變量分為通用屬性成員變量和個性化屬性成員變量,通用屬性成員變量如cra_list、cra_users、cra_name、cra_driver_name等,個性化屬性成員變量指的是聯合體成員變量cra_u,包括算法接口和個性化參數等。為方便訪問個性化屬性成員變量,在crypto.h定義了一系列宏,如下所示。
#define cra_cipher cra_u.cipher
#define cra_compress cra_u.compress預測未來值)
)
