Cryptodev-linux module
[Overview]

Cryptodev-linux is a device that allows access to Linux kernel cryptographic drivers; thus allowing of userspace applications to take advantage of hardware accelerators. Cryptodev-linux is implemented as a standalone module that requires no dependencies other than a stock linux kernel. Its API is compatible with OpenBSD's cryptodev userspace API (/dev/crypto).

• Self contained linux kernel module
• Exact simulation of the /dev/crypto interface
• Support for all major cipher and hash algorithms
• Zero copy of data
• Support for additional features to optimize TLS and SRTP protocols
• Support for AEAD ciphers
• Asynchronous and synchronous interfaces

Several small systems include a hardware crypto device that optimizes cryptographic operations with a 100x factor or even more comparing to a plain software implementation. Those systems usually provide kernel space drivers for those accelerators but they are not accessible from typical usespace programs and libraries such as GnuTLS or OpenSSL. The /dev/crypto device is a middleware allowing access to the hardware cryptographic modules from user-space applications and thus providing cryptographic operations acceleration.

• It provides better performance than any of the alternatives including AF_ALG;
• It has an API-compatible interface with FreeBSD and OpenBSD cryptodev;
• It uses the native Linux kernel crypto drivers.

• NCR a Cryptographic Framework for Linux originally based on this one. Instead of simply providing cryptographic operations, it acts as a software security module.
• OCF-linux is a port of the OpenBSD Cryptographic Framework to Linux that also includes the /dev/crypto interface. This unlike cryptodev-linux does not use the native Linux crypto interfaces.
• Linux 2.6.38 AF_ALG. Linux 2.6.38 introduced a sockets-based protocol to perform cryptographic operations. It is very inefficient in modern hardware; we made a performance comparison with cryptodev-linux.