Documentation/crypto/intro.rst
Source file repositories/reference/linux-study-clean/Documentation/crypto/intro.rst
File Facts
- System
- Linux kernel
- Corpus path
Documentation/crypto/intro.rst- Extension
.rst- Size
- 3158 bytes
- Lines
- 75
- Domain
- Support Tooling And Documentation
- Bucket
- Documentation
- Inferred role
- Support Tooling And Documentation: documentation
- Status
- atlas-only
Why This File Exists
Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
- Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
Dependency Surface
- No C-style include directives detected by the generator.
Detected Declarations
- No top-level syscall, struct, function, initcall, or export declaration detected by the generator.
Annotated Snippet
Kernel Crypto API Interface Specification
=========================================
Introduction
------------
The kernel crypto API offers a rich set of cryptographic ciphers as well
as other data transformation mechanisms and methods to invoke these.
This document contains a description of the API and provides example
code.
To understand and properly use the kernel crypto API a brief explanation
of its structure is given. Based on the architecture, the API can be
separated into different components. Following the architecture
specification, hints to developers of ciphers are provided. Pointers to
the API function call documentation are given at the end.
The kernel crypto API refers to all algorithms as "transformations".
Therefore, a cipher handle variable usually has the name "tfm". Besides
cryptographic operations, the kernel crypto API also knows compression
transformations and handles them the same way as ciphers.
The kernel crypto API serves the following entity types:
- consumers requesting cryptographic services
- data transformation implementations (typically ciphers) that can be
called by consumers using the kernel crypto API
This specification is intended for consumers of the kernel crypto API as
well as for developers implementing ciphers. This API specification,
however, does not discuss all API calls available to data transformation
implementations (i.e. implementations of ciphers and other
transformations (such as CRC or even compression algorithms) that can
register with the kernel crypto API).
Note: The terms "transformation" and cipher algorithm are used
interchangeably.
Terminology
-----------
The transformation implementation is an actual code or interface to
hardware which implements a certain transformation with precisely
defined behavior.
The transformation object (TFM) is an instance of a transformation
implementation. There can be multiple transformation objects associated
with a single transformation implementation. Each of those
transformation objects is held by a crypto API consumer or another
transformation. Transformation object is allocated when a crypto API
consumer requests a transformation implementation. The consumer is then
provided with a structure, which contains a transformation object (TFM).
The structure that contains transformation objects may also be referred
to as a "cipher handle". Such a cipher handle is always subject to the
following phases that are reflected in the API calls applicable to such
a cipher handle:
1. Initialization of a cipher handle.
2. Execution of all intended cipher operations applicable for the handle
where the cipher handle must be furnished to every API call.
3. Destruction of a cipher handle.
When using the initialization API calls, a cipher handle is created and
returned to the consumer. Therefore, please refer to all initialization
API calls that refer to the data structure type a consumer is expected
to receive and subsequently to use. The initialization API calls have
Annotation
- Atlas domain: Support Tooling And Documentation / Documentation.
- Implementation status: atlas-only.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.