- 加密框架将算法的属性抽象为算法说明数据结构struct crypto_alg,加密框架中的每一个算法(基础算法和衍生算法)都表示为一个算法说明数据结构的实例,因此将struct crypto_alg称为通用算法说明数据结构。
- 后续章节中如无特殊说明,算法说明数据结构和通用算法数据结构均指的是struct crypto_alg。
- crypto.h - include/linux/crypto.h - Linux source code (v5.15.11) - Bootlin
/*** struct crypto_alg - definition of a cryptograpic cipher algorithm* @cra_flags: Flags describing this transformation. See include/linux/crypto.h* CRYPTO_ALG_* flags for the flags which go in here. Those are* used for fine-tuning the description of the transformation* algorithm.* @cra_blocksize: Minimum block size of this transformation. The size in bytes* of the smallest possible unit which can be transformed with* this algorithm. The users must respect this value.* In case of HASH transformation, it is possible for a smaller* block than @cra_blocksize to be passed to the crypto API for* transformation, in case of any other transformation type, an* error will be returned upon any attempt to transform smaller* than @cra_blocksize chunks.* @cra_ctxsize: Size of the operational context of the transformation. This* value informs the kernel crypto API about the memory size* needed to be allocated for the transformation context.* @cra_alignmask: Alignment mask for the input and output data buffer. The data* buffer containing the input data for the algorithm must be* aligned to this alignment mask. The data buffer for the* output data must be aligned to this alignment mask. Note that* the Crypto API will do the re-alignment in software, but* only under special conditions and there is a performance hit.* The re-alignment happens at these occasions for different* @cra_u types: cipher -- For both input data and output data* buffer; ahash -- For output hash destination buf; shash --* For output hash destination buf.* This is needed on hardware which is flawed by design and* cannot pick data from arbitrary addresses.* @cra_priority: Priority of this transformation implementation. In case* multiple transformations with same @cra_name are available to* the Crypto API, the kernel will use the one with highest* @cra_priority.* @cra_name: Generic name (usable by multiple implementations) of the* transformation algorithm. This is the name of the transformation* itself. This field is used by the kernel when looking up the* providers of particular transformation.* @cra_driver_name: Unique name of the transformation provider. This is the* name of the provider of the transformation. This can be any* arbitrary value, but in the usual case, this contains the* name of the chip or provider and the name of the* transformation algorithm.* @cra_type: Type of the cryptographic transformation. This is a pointer to* struct crypto_type, which implements callbacks common for all* transformation types. There are multiple options, such as* &crypto_skcipher_type, &crypto_ahash_type, &crypto_rng_type.* This field might be empty. In that case, there are no common* callbacks. This is the case for: cipher, compress, shash.* @cra_u: Callbacks implementing the transformation. This is a union of* multiple structures. Depending on the type of transformation selected* by @cra_type and @cra_flags above, the associated structure must be* filled with callbacks. This field might be empty. This is the case* for ahash, shash.* @cra_init: Initialize the cryptographic transformation object. This function* is used to initialize the cryptographic transformation object.* This function is called only once at the instantiation time, right* after the transformation context was allocated. In case the* cryptographic hardware has some special requirements which need to* be handled by software, this function shall check for the precise* requirement of the transformation and put any software fallbacks* in place.* @cra_exit: Deinitialize the cryptographic transformation object. This is a* counterpart to @cra_init, used to remove various changes set in* @cra_init.* @cra_u.cipher: Union member which contains a single-block symmetric cipher* definition. See @struct @cipher_alg.* @cra_u.compress: Union member which contains a (de)compression algorithm.* See @struct @compress_alg.* @cra_module: Owner of this transformation implementation. Set to THIS_MODULE* @cra_list: internally used* @cra_users: internally used* @cra_refcnt: internally used* @cra_destroy: internally used** @stats: union of all possible crypto_istat_xxx structures* @stats.aead: statistics for AEAD algorithm* @stats.akcipher: statistics for akcipher algorithm* @stats.cipher: statistics for cipher algorithm* @stats.compress: statistics for compress algorithm* @stats.hash: statistics for hash algorithm* @stats.rng: statistics for rng algorithm* @stats.kpp: statistics for KPP algorithm** The struct crypto_alg describes a generic Crypto API algorithm and is common* for all of the transformations. Any variable not documented here shall not* be used by a cipher implementation as it is internal to the Crypto API.*/struct crypto_alg {struct list_head cra_list;struct list_head cra_users;u32 cra_flags;unsigned int cra_blocksize;unsigned int cra_ctxsize;unsigned int cra_alignmask;int cra_priority;atomic_t cra_refcnt;char cra_name[CRYPTO_MAX_ALG_NAME];char cra_driver_name[CRYPTO_MAX_ALG_NAME];const struct crypto_type *cra_type;union {struct ablkcipher_alg ablkcipher;struct aead_alg aead;struct blkcipher_alg blkcipher;struct cipher_alg cipher;struct compress_alg compress;struct rng_alg rng;} cra_u;int (*cra_init)(struct crypto_tfm *tfm);void (*cra_exit)(struct crypto_tfm *tfm);void (*cra_destroy)(struct crypto_alg *alg);struct module *cra_module;
}
struct crypto_alg {struct list_head cra_list;struct list_head cra_users;u32 cra_flags;unsigned int cra_blocksize;unsigned int cra_ctxsize;unsigned int cra_alignmask;int cra_priority;refcount_t cra_refcnt;char cra_name[CRYPTO_MAX_ALG_NAME];char cra_driver_name[CRYPTO_MAX_ALG_NAME];const struct crypto_type *cra_type;union {struct cipher_alg cipher;struct compress_alg compress;} cra_u;int (*cra_init)(struct crypto_tfm *tfm);void (*cra_exit)(struct crypto_tfm *tfm);void (*cra_destroy)(struct crypto_alg *alg);struct module *cra_module;#ifdef CONFIG_CRYPTO_STATSunion {struct crypto_istat_aead aead;struct crypto_istat_akcipher akcipher;struct crypto_istat_cipher cipher;struct crypto_istat_compress compress;struct crypto_istat_hash hash;struct crypto_istat_rng rng;struct crypto_istat_kpp kpp;} stats;
#endif /* CONFIG_CRYPTO_STATS */} CRYPTO_MINALIGN_ATTR;- 内核版本 V5.15.1
数据结构struct crypto_alg中各成员变量含义如下所示,其中前缀cra为crypto_alg的缩写:
- crypto_alg是个基类,任何算法都可以基于它派生出衍生类;每个算法都对应着一个struct crypto_alg实例,一般在module_init中调用crypto_register_alg接口将具体的crypto_alg对象添加到crypto_alg_list链表中。
- 1)cra_list:算法管理链表节点,向加密框架注册算法实际上就是将cra_list添加到全局的算法管理链表的过程,管理算法链表的表头为crypto_alg_list;
- 2)cra_users:算法用户链表表头,将由算法根据算法模板创建的新算法视为本算法的一个用户;此算法被引用的所有crypto_spawn实例链表。
- 3)cra_flag:算法标志,包括算法状态和算法类型等标志位,其中低4比特表示算法类型;
- 4)cra_blocksize:算法分组长度,单位:字节;是单个处理数据块大小
- 5)cra_ctxsize:算法上下文空间大小,单位:字节;为transformation context大小
- 6)cra_alignmask:算法输入输出数据地址对齐要求屏蔽位,alignmask+1表示地址对齐要求,如算法输入输出数据地址要求4字节对齐,则alignmask=3;
- 7)cra_priority:算法优先级;
- 8)cra_refcnt:算法引用计数;
- 9)cra_name[CRYPTO_MAX_ALG_NAME]:算法名,最多为64个字符;
- 10)cra_driver_name[CRYPTO_MAX_ALG_NAME]:算法驱动名,最多为64个字符。注册时,如果未指定算法驱动名,则按“算法名-generic”规则定义算法驱动名;
- 11)cra_type:算法类型,其数据类型为const,因此称之为算法类型常量。如果算法能够提供某种密码服务,必须设置cra_type,并且与cra_flag中的算法类型保持一致;
- 12)cra_u:算法个性化属性,联合体变量,其各成员变量含义如下:
- a)ablkcipher:异步块加密算法个性化属性;
- b)aead:认证加密算法个性化属性;
- c)blkcipher:块加密算法个性化属性;
- d)cipher:分组算法个性化属性;
- e)compress:压缩算法个性化属性;
- f)rng:伪随机数算法个性化属性;
- 这里有一个很重要的数据成员cra_u,因为它体现了kernel crypto架构设计者的设计思想:它将四种比较常用的算法类型的处理方式抽象到基类当中,即如果你要添加的算法为这4类,就只需要实现这4类算法所对应的方法,如果不是这4类当中,就需要在基类上做派生,实现特定的crypto_type。具体内核版本不同 差异很大
- 13)cra_init:算法实例初始化接口,由算法模板使用;
- 14)cra_exit:算法实例析构接口,由算法模板使用;
- 15)cra_destroy:算法说明实例的销毁接口,由无驱动的算法说明实例使用,如算法幼虫;
- 16)cra_module:算法所属的模块,一般为THIS_MODULE,编译时确定。
- 算法说明数据结构的成员变量分为通用属性成员变量和个性化属性成员变量,通用属性成员变量如cra_list、cra_users、cra_name、cra_driver_name等,个性化属性成员变量指的是联合体成员变量cra_u,包括算法接口和个性化参数等。为方便访问个性化属性成员变量,在crypto.h定义了一系列宏,如下所示。
#define cra_cipher cra_u.cipher
#define cra_compress cra_u.compress预测未来值)
)
