The Scatterlist Crypto API takes page vectors (scatterlists) as arguments, and works directly on pages. In some cases (e.g. ECB mode ciphers), this will allow for pages to be encrypted in-place with no copying.
Scatterlist Crypto API使用頁向量(scatterlists)作為參數,並且直接按頁面工作。在某些情況下(例如ECB模式密碼),這將允許頁面不需復制而按原地加密。
One of the initial goals of this design was to readily support IPsec, so that processing can be applied to paged skb's without the need for linearization.
這個設計的初始目標之壹是快捷地支持IPsec,因此處理過程能夠應用於頁面式緩沖區(paged skb)而無需線性化。
DETAILS
At the lowest level are algorithms, which register dynamically with the API.
處於最底層的是算法,需動態地註冊到API中。
'Transforms' are user-instantiated objects, which maintain state, handle all of the implementation logic (e.g. manipulating page vectors) and provide an abstraction to the underlying algorithms. However, at the user level they are very simple.
“轉換”是由用戶實例化的對象,它維護狀態、處理所有執行邏輯(例如操縱頁面向量)並且對底層算法提供壹個抽象接口。然而,在用戶層它們是非常簡單的。
Conceptually, the API layering looks like this:
[transform api] (user interface)
[transform ops] (per-type logic glue e.g. cipher.c, compress.c)
[algorithm api] (for registering algorithms)
從概念上講,API分層看似這樣:
[“轉換”API](用戶界面)
[“轉換”OPS](每種類型的接口邏輯模塊,例如cipher.c, compress.c)
[“算法”API](用於註冊算法)
The idea is to make the user interface and algorithm registration API very simple, while hiding the core logic from both. Many good ideas from existing APIs such as Cryptoapi and Nettle have been adapted for this.
這樣做是為了使得“用戶界面”和“算法註冊”API更加簡單,而隱藏了兩者之間的核心邏輯。諸如Cryptoapi和Nettle等許多現存API的良好設計都做了這方面改編。
The API currently supports five main types of transforms: AEAD (Authenticated Encryption with Associated Data), Block Ciphers, Ciphers, Compressors and Hashes.
API目前支持五種主要類型“轉換”:AEAD(帶關聯數據的加密認證)、分組加密、加密、壓縮和哈希算法。
Please note that Block Ciphers is somewhat of a misnomer. It is in fact meant to support all ciphers including stream ciphers. The difference between Block Ciphers and Ciphers is that the latter operates on exactly one block while the former can operate on an arbitrary amount of data, subject to block size requirements (i.e., non-stream ciphers can only process multiples of blocks).
請註意,分組加密多少有些用詞不準。它實際上意味著支持所有加密,包含流加密。分組加密和加密之間不同之處是後者作用於壹個精確的數據塊而前者可以作用於任意數量的數據,但要求以數據塊大小為單位(例如非流密碼只能處理數據塊整數倍的數據)
Support for hardware crypto devices via an asynchronous interface is under development.
通過壹個異步接口支持硬件加密設備的工作正在開發中。