SlideShare a Scribd company logo
1 of 33
Download to read offline
©ARM 2017
Linux Kernel Cryptographic
API and use cases
Gilad Ben-Yossef
KernelTel-Aviv Meetup
Principal Software Engineer
Security IP - Systems & Software Group
15 March 2017
©ARM 20172
About me
 I’m Gilad Ben-Yossef
 I work on upstream Linux kernel cryptography and security in general and
Arm® TrustZone® CryptoCell® support in particular.
 I’m working in various forms on the Linux kernel and other Open Source
project for close to twenty years – i.e. I’m an old bugger… 
 I co-authored “Building Embedded Linux Systems” 2nd edition from O’Reilly.
 I’m a co-founder of HaMakor, an Israeli NPO for free and open source software
and of August Penguin.
 During my B.A. I once took a course in Cryptography but never finished it
because the home assignments were too time consuming – i.e. I am not a
cryptographer.
©ARM 20174
Agenda
Topic
19:15 About me
19:20 Alice, meet Bob - a (very) short introduction to cryptography
19:35 Here be Dragons - the Linux crypto API
21:00 Tea break
21:15 DM-Crypt and DM-Verity – protecting your file systems from the
scum of the universe
21:50 Q&A
AES SHA-1 SHA-2 SHA-3
SHA-256 MD5 DES 3DES
CBC OFB MAC HMAC
GMAC ECB CFB CTR RSA
DSA DH ECDH ECC FIPS
ECDSA EDDSA NIST NSA
©ARM 20176
Alice, meet Bob –
A (very) short introduction to Cryptography
©ARM 20177
Symmetric Encryption
EP C
K
DC P
K
C = E(k, P) P = D(k, C)
P: Plain text
C: Cipher text
K: Key
E: Encryption
D: Decryption
E is a function that takes a key and a block of plain text* and outputs a block of
random looking cipher text *.
D is the inverse function to D which takes the random looking cipher text* and the
same key as input and outputs the original plain text*.
*Which doesn’t have to be and often isn’t text but rather binary data.
©ARM 20178
Block Ciphers
P = P1 P2 … Pi … Pn
C = C1 C2 … Ci … Cn
P: Plain text
C: Cipher text
K: Key
E: Encryption
D: Decryption
Ek Ek Ek Ek
Break down message to blocks, encrypt each block using the key
Examples: DES, 3DES,AES
©ARM 20179
The problem with block ciphers
Identical plain text block yield identical cipher text blocks
Tux the Penguin, the Linux mascot. Created in 1996 by Larry Ewing with The GIMP.
"Permission to use and/or modify this image is granted provided you acknowledge me lewing@isc.tamu.edu and The GIMP if someone asks.”
ECB Tux taken from Wikipedia: https://commons.wikimedia.org/wiki/File:Tux_ecb.jpg
©ARM 201710
Modes of Operation
 Symmetric cryptographic functions E and D can be treated as black boxes.
 We can define different ways to use these black boxes to encrypt/decrypt our
messages.
 These are referred to as the Modes of Operation of the symmetric cipher –
how we choose to use it.
 We previously saw the most basic mode of operation called Electronic Code
Book mode, or ECB mode for short.
 Other modes of operations are defined that can, among other things, turn a
block cipher into a stream cipher, thus making it more secure.
©ARM 201711
Cipher Chaining
EK
P1
IV
C1
EK
P2
C2
EK
P2
C2
P: Plain text
C: Cipher text
K: Key
E: Encryption
D: Decryption
IV: InitialVector
This is the Cipher Block Chaining mode, or CBC mode for short:
Each cipher block is dependent on the key and the previous blocks.
Other operation modes include Output FeedBack, Cipher FeedBack and CounTeR modes.
C0 = IV
Ci = Ek(Pi  Ci-1)
Pi = Dk(Ci)  Ci-1
©ARM 201712
Cryptographic Hashes (Digests)
 The ideal cryptographic hash function is:
 Deterministic
 Quick to compute
 Infeasible to generate a message from its hash
value except by brute force
 A small change to a message changes the hash
value so extensively that the new hash value
appears uncorrelated with the old hash value
 Infeasible to find two different messages with
the same hash value
Examples: MD5, SHA1, SHA2, SHA3
“Regular” hash
function requirements
Source: Wikipedia
©ARM 201713
Message Authentication Codes
 Message Authentication Code, or MAC for short, is a method for generating a
value that is computed from a message and a secret (key) that can tells the
recipient:
 That the message has not be changed from the way it was originally sent
 That the sender knows the secret (key)
 For example, this can be a (bad!) MAC built on top of a cryptographic hash
function:
 Example MACs: CBC-MAC, HMAC, GMAC
MACk(M) = H(K || M)
©ARM 201714
Hash Based Message Authentication Codes
 Where
 H is a cryptographic hash function,
 K is the secret key,
 m is the message to be authenticated,
 K' is another secret key, derived from the original key K (by
padding K to the right with extra zeroes to the input block size
of the hash function, or by hashing K if it is longer than that
block size),
 || denotes concatenation,
 ⊕ denotes exclusive or (XOR),
 opad is the outer padding (0x5c5c5c…5c5c)
 ipad is the inner padding (0x363636…3636).
HMAC(K, m) = H((K’  opad) || H(K’  ipad) || m))
Source: Wikipedia
©ARM 201715
Authenticated Encryption
 Authenticated Encryption with Associated Data (AEAD)
is a form of encryption which simultaneously provides
confidentiality, integrity, and authenticity assurances on the
data; decryption is combined in single step with integrity
verification.
 These attributes are provided under a single, easy to use
programming interface.
 An example of an AEAD in common use is Galois/Counter
Mode, or GCM for short, shown in the picture above.
 GCM is considered a very efficient AEAD since it can produce both
the cipher text and the MAC in a single pass on the data.
©ARM 201716
Here be Dragons -
The Linux kernel Crypto API
©ARM 201717
Transformations
 A transformation is an algorithm that transforms data.
 A transformation can be a cipher (i.e. encryption and decryption), whether symmetric or
asymmetric, a hash, compression of data, IV generation and random number generation
 This is why handle to crypto API object is typically named “tfm”.
 A transformation implementation is a code module that registers with the
kernel that can provide a transformation.
 It can be just code running on the CPU, code that uses a special instruction as part of the
CPU or a driver to some piece of hardware off of the CPU.
 Multiple transformation implementation can exist that provide that same
transformation.
 E.g. in x86_64 there are at least implementation of AES: AES-NI, assembler implementation,
and plain C.
©ARM 201718
Templates
 A transformation can be self contained (.e.g AES or SHA-2) but it can also be a
template that works on another transformation:
 CTS(AES) is AES working in Counter operation mode.
 HMAC(SHA256) is SHA 256 being used as an HMAC.
 Templates can be cascaded
 E.g. RFC4106(GCM(AES))) is AES in GCM operation mode as used in IPsec.
 Templates can also express generic implementation augmentation.
 For example CRYPTD(AES) refers to code that runs an AES implementation in parallel inside
kernel threads on all the system CPUs in parallel.
 The same template works on multiple underlying transformations.
 E.g. CTS(AES) and CTS(3DES)
©ARM 201719
Priorities and true names
 There can be multiple transformation implementation, including template
implementation, which provided the exact same transformation
 E.g. aes-ni, aes-asm and aes-generic are three different AES implementation on x86_64
 When you use a generic name (e.g. aes) to refer to a transformation, the
Crypto API will provide you the implementation with the highest priority that
matches your request, based on priority value provided by the implementation
when they register with the Crypto API.
 As we will see ahead you can limit the Crypto API to ignore certain type of providers based
on their properties as we will see ahead.
 If you want to refer to a specific implementation, use its driver name to refer
to it.
 E.g.“aes-ni” forces the selection of the implementation that uses the AES-NI instruction.
©ARM 201720
/proc/crypto
gby@gby:~$ cat /proc/crypto | grep name
name : crc32
name : xts(aes)
name : lrw(aes)
name : __xts-aes-aesni
name : __lrw-aes-aesni
name : pcbc(aes)
name : rfc4106(gcm(aes))
name : __gcm-aes-aesni
name : ctr(aes)
name : __ctr-aes-aesni
name : cbc(aes)
name : __ecb-aes-aesni
name : ecb(aes)
name : __cbc-aes-aesni
name : __ecb-aes-aesni
name : __aes-aesni
name : aes
name : aes
name : crct10dif
name : crct10dif
name : crc32c
name : stdrng
name : lzo
name : aes
name : sha1
name : md5
We have 3 different implementations of AES
We can use AES in 6 different operation modes
©ARM 201721
/proc/crypto
gby@gby:~$ cat /proc/crypto
name : crc32
driver : crc32-pclmul
module : crc32_pclmul
priority : 200
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 4
name : xts(aes)
driver : xts-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
Generic name Driver namePriority
©ARM 201722
Synchronous versus Asynchronous
 A transformation implementation may be either synchronous or asynchronous
 Synchronous implementations
 Run wholly on the CPU itself in a synchronous fashion (take CPU cycles during all the run)
 Access virtual memory using the CPU MMU mechanism
 Asynchronous implementations
 MAY be implemented using off-CPU resources (i.e. typically dedicated hardware), or not
 MAY access memory via DMA and not have access to MMU, or not.
 In fact, synchronous implementation are a sub group of asynchronous ones!
 E.g. cryptd(aes-ni) turns the synchronous aes-ni implementation into an asynchronous
implementation by running it on several cores in parallel.
 You can limit yourself to working only with synchronous implementations by
passing the CRYPTO_ALG_ASYNC ask flag to allocation calls.
©ARM 201723
Backlog
 Transformation implementations have a certain capacity for in flight requests
 i.e. descriptor ring space, hardware FIFO etc.
 If you pass the CRYPTO_TFM_REQ_MAY_BACKLOG flag to callback setting
API call, you will allow the implementation provider to queue up back log word
to a software queue if it doesn’t have enough capacity.
 If this happens, your callback function will be called twice:
 Once with err set to –EINPROGRESS to indicate it got queued off of the backlog.
 A second time when it is actually processed
 The kernel now has a generic implementation of this mechanism for
transformation providers can use to implement this.
 However, the author believes it is currently buggy and is working to fix it… 
©ARM 201724
API Typical Life Cycle
 Allocate a transformation object (tfm)
 Get properties of the transformation chosen by the kernel (e.g. digest size)
 Set global transformation properties (e.g. encryption key)
 Allocate a request object
 Set request specific parameters, such as GFP flags and callback function to call
when operation finish
 Initialize the request
 Feed data (e.g. buffers to encrypt or hash)
 Finalize (e.g. read final HMAC value)
 Free request object
 Free transformation object
©ARM 201725
API documentation and code examples
 No use copy & paste them here, so just go to:
 Documentation/crypto
or
 http://www.chronox.de/crypto-API/crypto/index.html
©ARM 201726
Pitfalls to look out for
 This call requests only synchronous implementations
tfm = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC);
 Yes, it’s totally backwards – the mask flag masks out the async. Implementations!
 If you see code that passes NULL as a callback like the following, it’s probably
used the mask flag (see above) to request only synchronous implementations:
ahash_request_set_callback(req, 0, NULL, NULL);
 Remember that operation may complete synchronously or asynchronously
based on the transformation provider discretion only and you need to handle
both cases!
 Don’t ignore the err parameter of the callback.
 Remember that ff you passed the CRYPTO_TFM_REQ_MAY_BACKLOG flag
when setting the callback, your callback may be called twice!
 Even the request init function might sometime complete asynchronously.
©ARM 201727
DM-Crypt and DM-Verity -
Protecting your file systems from the scum of the universe
©ARM 201728
DM-Crypt
 dm-crypt is a transparent disk encryption subsystem in Linux
 It is part of the device mapper infrastructure, and uses cryptographic routines
from the kernel's Crypto API.
 dm-crypt was designed to support advanced modes of operation, such as XTS,
LRW and ESSIV, in order to avoid watermarking attacks.
 dm-crypt is implemented as a device mapper target and may be stacked on top
of other device mapper transformations.
 It can thus encrypt whole disks (including removable media), partitions, software RAID
volumes, logical volumes, as well as files.
 It appears as a block device, which can be used to back file systems, swap or as an LVM
physical volume.
 It is used by Android devices to implement Full Disk Encryption.
©ARM 201729
Simple dm-crypt setup example
# cryptsetup luksFormat fs3.img
# cryptsetup open --type luks fs3.img croot
# mke2fs /dev/mapper/croot
# mount -t ext2 /dev/mapper/croot /media
# umount /media/
# cryptsetup close croot
This examples uses AES in XTS operating mode to protect a loopback
mounted partition file.
Make sure to remember your chosen key or your data is lost!
©ARM 201730
DM-Verity
 Device-Mapper's "verity" target provides transparent integrity checking of block
devices using a cryptographic digest provided by the kernel crypto API.T
 This target is read-only.
 dm-verity helps prevent persistent rootkits that can hold onto root privileges
and compromise devices.
 The dm-verity feature lets you look at a block device, the underlying storage
layer of the file system, and determine if it matches its expected configuration.
 It does this using a cryptographic hash tree. For every block (typically 4k), there
is a SHA256 hash.
 Dm-verity can optionally FEC to protect against hash data corruptions.
 DM-Verity is used by Android devices.
©ARM 201731
How does DM-Verity work?
 Dm-verity uses a Merkle tree of storage blocks to protect the integrity of the
read only data on the storage device, in a way that the integrity can be
evaluated in a lazy fashion during runtime instead of pre-mount time.
 It needs a singular trusted root hash to achieve security
©ARM 201732
Simple dm-verity setup example
# veritysetup format filesystem.img signature.img
# veritysetup create vroot filesystem.img signature.img 
ffa0a985fd78462d95c9b1ae7c9e49…5e3f13c10e4700058b8ed28
# mount -t ext2 /dev/mapper/vroot /media/
# umount /media
# veritysetup remove vroot
This examples uses SHA 256 to protect the integrity of the loopback
file system provided the root hash is secure.
The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited
(or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be
trademarks of their respective owners.
Copyright © 2017 ARM Limited
©ARM 2017
Thank you for listening!
Questions?
@gilad
gilad@benyossef.com

More Related Content

What's hot

[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] LimaAkihiro Suda
 
Web applications support on AGL
Web applications support on AGLWeb applications support on AGL
Web applications support on AGLIgalia
 
Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimePhil Estes
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Android Binder IPC for Linux
Android Binder IPC for LinuxAndroid Binder IPC for Linux
Android Binder IPC for LinuxYu-Hsin Hung
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
 
K8s security best practices
K8s security best practicesK8s security best practices
K8s security best practicesSharon Vendrov
 
A deep dive into Android OpenSource Project(AOSP)
A deep dive into Android OpenSource Project(AOSP)A deep dive into Android OpenSource Project(AOSP)
A deep dive into Android OpenSource Project(AOSP)Siji Sunny
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEANGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEAAine Long
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirusCsaba Fitzl
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOSAkihiro Suda
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
 
Conan.io - The C/C++ package manager for Developers
Conan.io - The C/C++ package manager for DevelopersConan.io - The C/C++ package manager for Developers
Conan.io - The C/C++ package manager for DevelopersUilian Ries
 
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...The Linux Foundation
 
인프콘 2022 - Rust 크로스 플랫폼 프로그래밍
인프콘 2022 - Rust 크로스 플랫폼 프로그래밍인프콘 2022 - Rust 크로스 플랫폼 프로그래밍
인프콘 2022 - Rust 크로스 플랫폼 프로그래밍Chris Ohk
 
Advanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAdvanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAlan Renouf
 

What's hot (20)

[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima[CNCF TAG-Runtime 2022-10-06] Lima
[CNCF TAG-Runtime 2022-10-06] Lima
 
Web applications support on AGL
Web applications support on AGLWeb applications support on AGL
Web applications support on AGL
 
Explore Android Internals
Explore Android InternalsExplore Android Internals
Explore Android Internals
 
Android Binder: Deep Dive
Android Binder: Deep DiveAndroid Binder: Deep Dive
Android Binder: Deep Dive
 
Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container Runtime
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time Optimization
 
Android Binder IPC for Linux
Android Binder IPC for LinuxAndroid Binder IPC for Linux
Android Binder IPC for Linux
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
K8s security best practices
K8s security best practicesK8s security best practices
K8s security best practices
 
A deep dive into Android OpenSource Project(AOSP)
A deep dive into Android OpenSource Project(AOSP)A deep dive into Android OpenSource Project(AOSP)
A deep dive into Android OpenSource Project(AOSP)
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEANGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirus
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
 
Ingress overview
Ingress overviewIngress overview
Ingress overview
 
Conan.io - The C/C++ package manager for Developers
Conan.io - The C/C++ package manager for DevelopersConan.io - The C/C++ package manager for Developers
Conan.io - The C/C++ package manager for Developers
 
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
 
인프콘 2022 - Rust 크로스 플랫폼 프로그래밍
인프콘 2022 - Rust 크로스 플랫폼 프로그래밍인프콘 2022 - Rust 크로스 플랫폼 프로그래밍
인프콘 2022 - Rust 크로스 플랫폼 프로그래밍
 
Advanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAdvanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtop
 

Viewers also liked

DMA Survival Guide
DMA Survival GuideDMA Survival Guide
DMA Survival GuideKernel TLV
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux InterruptsKernel TLV
 
WiFi and the Beast
WiFi and the BeastWiFi and the Beast
WiFi and the BeastKernel TLV
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingKernel TLV
 
Switchdev - No More SDK
Switchdev - No More SDKSwitchdev - No More SDK
Switchdev - No More SDKKernel TLV
 
Userfaultfd and Post-Copy Migration
Userfaultfd and Post-Copy MigrationUserfaultfd and Post-Copy Migration
Userfaultfd and Post-Copy MigrationKernel TLV
 
FreeBSD and Drivers
FreeBSD and DriversFreeBSD and Drivers
FreeBSD and DriversKernel TLV
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing LandscapeKernel TLV
 
grsecurity and PaX
grsecurity and PaXgrsecurity and PaX
grsecurity and PaXKernel TLV
 
Windows Internals for Linux Kernel Developers
Windows Internals for Linux Kernel DevelopersWindows Internals for Linux Kernel Developers
Windows Internals for Linux Kernel DevelopersKernel TLV
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelKernel TLV
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDKKernel TLV
 
Linux Security Overview
Linux Security OverviewLinux Security Overview
Linux Security OverviewKernel TLV
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking MechanismsKernel TLV
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init ProcessKernel TLV
 

Viewers also liked (20)

DMA Survival Guide
DMA Survival GuideDMA Survival Guide
DMA Survival Guide
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux Interrupts
 
WiFi and the Beast
WiFi and the BeastWiFi and the Beast
WiFi and the Beast
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet Processing
 
Switchdev - No More SDK
Switchdev - No More SDKSwitchdev - No More SDK
Switchdev - No More SDK
 
Userfaultfd and Post-Copy Migration
Userfaultfd and Post-Copy MigrationUserfaultfd and Post-Copy Migration
Userfaultfd and Post-Copy Migration
 
FreeBSD and Drivers
FreeBSD and DriversFreeBSD and Drivers
FreeBSD and Drivers
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing Landscape
 
grsecurity and PaX
grsecurity and PaXgrsecurity and PaX
grsecurity and PaX
 
Windows Internals for Linux Kernel Developers
Windows Internals for Linux Kernel DevelopersWindows Internals for Linux Kernel Developers
Windows Internals for Linux Kernel Developers
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network Interfaces
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network Stack
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux Kernel
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDK
 
Linux Security Overview
Linux Security OverviewLinux Security Overview
Linux Security Overview
 
Linux interrupts
Linux interruptsLinux interrupts
Linux interrupts
 
Linux IO
Linux IOLinux IO
Linux IO
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking Mechanisms
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init Process
 

Similar to Linux Kernel Cryptographic API and Use Cases

Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoHarry Potter
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoJames Wong
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoYoung Alista
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoDavid Hoen
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoLuis Goldster
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoFraboni Ec
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoTony Nguyen
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
 
CCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systemsCCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systemsAhmed Habib
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...ams1ams11
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and AuthenticityHardik Manocha
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 
Mirage: ML kernels in the cloud (ML Workshop 2010)
Mirage: ML kernels in the cloud (ML Workshop 2010)Mirage: ML kernels in the cloud (ML Workshop 2010)
Mirage: ML kernels in the cloud (ML Workshop 2010)Anil Madhavapeddy
 
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...IJCSIS Research Publications
 

Similar to Linux Kernel Cryptographic API and Use Cases (20)

Moein
MoeinMoein
Moein
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Hybrid AES DES
Hybrid AES DESHybrid AES DES
Hybrid AES DES
 
CCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systemsCCNA Security 012- cryptographic systems
CCNA Security 012- cryptographic systems
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
 
Web cryptography javascript
Web cryptography javascriptWeb cryptography javascript
Web cryptography javascript
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsa
 
Mirage: ML kernels in the cloud (ML Workshop 2010)
Mirage: ML kernels in the cloud (ML Workshop 2010)Mirage: ML kernels in the cloud (ML Workshop 2010)
Mirage: ML kernels in the cloud (ML Workshop 2010)
 
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
FPGA and ASIC Implementation of Speech Encryption and Decryption using AES Al...
 

More from Kernel TLV

Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution EnvironmentKernel TLV
 
Kernel Proc Connector and Containers
Kernel Proc Connector and ContainersKernel Proc Connector and Containers
Kernel Proc Connector and ContainersKernel TLV
 
Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Kernel TLV
 
Present Absence of Linux Filesystem Security
Present Absence of Linux Filesystem SecurityPresent Absence of Linux Filesystem Security
Present Absence of Linux Filesystem SecurityKernel TLV
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to BottomKernel TLV
 
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsMake Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsKernel TLV
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Kernel TLV
 
File Systems: Why, How and Where
File Systems: Why, How and WhereFile Systems: Why, How and Where
File Systems: Why, How and WhereKernel TLV
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
KernelTLV Speaker Guidelines
KernelTLV Speaker GuidelinesKernelTLV Speaker Guidelines
KernelTLV Speaker GuidelinesKernel TLV
 
Userfaultfd: Current Features, Limitations and Future Development
Userfaultfd: Current Features, Limitations and Future DevelopmentUserfaultfd: Current Features, Limitations and Future Development
Userfaultfd: Current Features, Limitations and Future DevelopmentKernel TLV
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageKernel TLV
 

More from Kernel TLV (15)

DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCC
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution Environment
 
Fun with FUSE
Fun with FUSEFun with FUSE
Fun with FUSE
 
Kernel Proc Connector and Containers
Kernel Proc Connector and ContainersKernel Proc Connector and Containers
Kernel Proc Connector and Containers
 
Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545
 
Present Absence of Linux Filesystem Security
Present Absence of Linux Filesystem SecurityPresent Absence of Linux Filesystem Security
Present Absence of Linux Filesystem Security
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to Bottom
 
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsMake Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance Tools
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
 
File Systems: Why, How and Where
File Systems: Why, How and WhereFile Systems: Why, How and Where
File Systems: Why, How and Where
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptables
 
KernelTLV Speaker Guidelines
KernelTLV Speaker GuidelinesKernelTLV Speaker Guidelines
KernelTLV Speaker Guidelines
 
Userfaultfd: Current Features, Limitations and Future Development
Userfaultfd: Current Features, Limitations and Future DevelopmentUserfaultfd: Current Features, Limitations and Future Development
Userfaultfd: Current Features, Limitations and Future Development
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast Storage
 

Recently uploaded

Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profileakrivarotava
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Anthony Dahanne
 

Recently uploaded (20)

Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profile
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024
 

Linux Kernel Cryptographic API and Use Cases

  • 1. ©ARM 2017 Linux Kernel Cryptographic API and use cases Gilad Ben-Yossef KernelTel-Aviv Meetup Principal Software Engineer Security IP - Systems & Software Group 15 March 2017
  • 2. ©ARM 20172 About me  I’m Gilad Ben-Yossef  I work on upstream Linux kernel cryptography and security in general and Arm® TrustZone® CryptoCell® support in particular.  I’m working in various forms on the Linux kernel and other Open Source project for close to twenty years – i.e. I’m an old bugger…   I co-authored “Building Embedded Linux Systems” 2nd edition from O’Reilly.  I’m a co-founder of HaMakor, an Israeli NPO for free and open source software and of August Penguin.  During my B.A. I once took a course in Cryptography but never finished it because the home assignments were too time consuming – i.e. I am not a cryptographer.
  • 3.
  • 4. ©ARM 20174 Agenda Topic 19:15 About me 19:20 Alice, meet Bob - a (very) short introduction to cryptography 19:35 Here be Dragons - the Linux crypto API 21:00 Tea break 21:15 DM-Crypt and DM-Verity – protecting your file systems from the scum of the universe 21:50 Q&A
  • 5. AES SHA-1 SHA-2 SHA-3 SHA-256 MD5 DES 3DES CBC OFB MAC HMAC GMAC ECB CFB CTR RSA DSA DH ECDH ECC FIPS ECDSA EDDSA NIST NSA
  • 6. ©ARM 20176 Alice, meet Bob – A (very) short introduction to Cryptography
  • 7. ©ARM 20177 Symmetric Encryption EP C K DC P K C = E(k, P) P = D(k, C) P: Plain text C: Cipher text K: Key E: Encryption D: Decryption E is a function that takes a key and a block of plain text* and outputs a block of random looking cipher text *. D is the inverse function to D which takes the random looking cipher text* and the same key as input and outputs the original plain text*. *Which doesn’t have to be and often isn’t text but rather binary data.
  • 8. ©ARM 20178 Block Ciphers P = P1 P2 … Pi … Pn C = C1 C2 … Ci … Cn P: Plain text C: Cipher text K: Key E: Encryption D: Decryption Ek Ek Ek Ek Break down message to blocks, encrypt each block using the key Examples: DES, 3DES,AES
  • 9. ©ARM 20179 The problem with block ciphers Identical plain text block yield identical cipher text blocks Tux the Penguin, the Linux mascot. Created in 1996 by Larry Ewing with The GIMP. "Permission to use and/or modify this image is granted provided you acknowledge me lewing@isc.tamu.edu and The GIMP if someone asks.” ECB Tux taken from Wikipedia: https://commons.wikimedia.org/wiki/File:Tux_ecb.jpg
  • 10. ©ARM 201710 Modes of Operation  Symmetric cryptographic functions E and D can be treated as black boxes.  We can define different ways to use these black boxes to encrypt/decrypt our messages.  These are referred to as the Modes of Operation of the symmetric cipher – how we choose to use it.  We previously saw the most basic mode of operation called Electronic Code Book mode, or ECB mode for short.  Other modes of operations are defined that can, among other things, turn a block cipher into a stream cipher, thus making it more secure.
  • 11. ©ARM 201711 Cipher Chaining EK P1 IV C1 EK P2 C2 EK P2 C2 P: Plain text C: Cipher text K: Key E: Encryption D: Decryption IV: InitialVector This is the Cipher Block Chaining mode, or CBC mode for short: Each cipher block is dependent on the key and the previous blocks. Other operation modes include Output FeedBack, Cipher FeedBack and CounTeR modes. C0 = IV Ci = Ek(Pi  Ci-1) Pi = Dk(Ci)  Ci-1
  • 12. ©ARM 201712 Cryptographic Hashes (Digests)  The ideal cryptographic hash function is:  Deterministic  Quick to compute  Infeasible to generate a message from its hash value except by brute force  A small change to a message changes the hash value so extensively that the new hash value appears uncorrelated with the old hash value  Infeasible to find two different messages with the same hash value Examples: MD5, SHA1, SHA2, SHA3 “Regular” hash function requirements Source: Wikipedia
  • 13. ©ARM 201713 Message Authentication Codes  Message Authentication Code, or MAC for short, is a method for generating a value that is computed from a message and a secret (key) that can tells the recipient:  That the message has not be changed from the way it was originally sent  That the sender knows the secret (key)  For example, this can be a (bad!) MAC built on top of a cryptographic hash function:  Example MACs: CBC-MAC, HMAC, GMAC MACk(M) = H(K || M)
  • 14. ©ARM 201714 Hash Based Message Authentication Codes  Where  H is a cryptographic hash function,  K is the secret key,  m is the message to be authenticated,  K' is another secret key, derived from the original key K (by padding K to the right with extra zeroes to the input block size of the hash function, or by hashing K if it is longer than that block size),  || denotes concatenation,  ⊕ denotes exclusive or (XOR),  opad is the outer padding (0x5c5c5c…5c5c)  ipad is the inner padding (0x363636…3636). HMAC(K, m) = H((K’  opad) || H(K’  ipad) || m)) Source: Wikipedia
  • 15. ©ARM 201715 Authenticated Encryption  Authenticated Encryption with Associated Data (AEAD) is a form of encryption which simultaneously provides confidentiality, integrity, and authenticity assurances on the data; decryption is combined in single step with integrity verification.  These attributes are provided under a single, easy to use programming interface.  An example of an AEAD in common use is Galois/Counter Mode, or GCM for short, shown in the picture above.  GCM is considered a very efficient AEAD since it can produce both the cipher text and the MAC in a single pass on the data.
  • 16. ©ARM 201716 Here be Dragons - The Linux kernel Crypto API
  • 17. ©ARM 201717 Transformations  A transformation is an algorithm that transforms data.  A transformation can be a cipher (i.e. encryption and decryption), whether symmetric or asymmetric, a hash, compression of data, IV generation and random number generation  This is why handle to crypto API object is typically named “tfm”.  A transformation implementation is a code module that registers with the kernel that can provide a transformation.  It can be just code running on the CPU, code that uses a special instruction as part of the CPU or a driver to some piece of hardware off of the CPU.  Multiple transformation implementation can exist that provide that same transformation.  E.g. in x86_64 there are at least implementation of AES: AES-NI, assembler implementation, and plain C.
  • 18. ©ARM 201718 Templates  A transformation can be self contained (.e.g AES or SHA-2) but it can also be a template that works on another transformation:  CTS(AES) is AES working in Counter operation mode.  HMAC(SHA256) is SHA 256 being used as an HMAC.  Templates can be cascaded  E.g. RFC4106(GCM(AES))) is AES in GCM operation mode as used in IPsec.  Templates can also express generic implementation augmentation.  For example CRYPTD(AES) refers to code that runs an AES implementation in parallel inside kernel threads on all the system CPUs in parallel.  The same template works on multiple underlying transformations.  E.g. CTS(AES) and CTS(3DES)
  • 19. ©ARM 201719 Priorities and true names  There can be multiple transformation implementation, including template implementation, which provided the exact same transformation  E.g. aes-ni, aes-asm and aes-generic are three different AES implementation on x86_64  When you use a generic name (e.g. aes) to refer to a transformation, the Crypto API will provide you the implementation with the highest priority that matches your request, based on priority value provided by the implementation when they register with the Crypto API.  As we will see ahead you can limit the Crypto API to ignore certain type of providers based on their properties as we will see ahead.  If you want to refer to a specific implementation, use its driver name to refer to it.  E.g.“aes-ni” forces the selection of the implementation that uses the AES-NI instruction.
  • 20. ©ARM 201720 /proc/crypto gby@gby:~$ cat /proc/crypto | grep name name : crc32 name : xts(aes) name : lrw(aes) name : __xts-aes-aesni name : __lrw-aes-aesni name : pcbc(aes) name : rfc4106(gcm(aes)) name : __gcm-aes-aesni name : ctr(aes) name : __ctr-aes-aesni name : cbc(aes) name : __ecb-aes-aesni name : ecb(aes) name : __cbc-aes-aesni name : __ecb-aes-aesni name : __aes-aesni name : aes name : aes name : crct10dif name : crct10dif name : crc32c name : stdrng name : lzo name : aes name : sha1 name : md5 We have 3 different implementations of AES We can use AES in 6 different operation modes
  • 21. ©ARM 201721 /proc/crypto gby@gby:~$ cat /proc/crypto name : crc32 driver : crc32-pclmul module : crc32_pclmul priority : 200 refcnt : 1 selftest : passed type : shash blocksize : 1 digestsize : 4 name : xts(aes) driver : xts-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed type : ablkcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 geniv : <default> Generic name Driver namePriority
  • 22. ©ARM 201722 Synchronous versus Asynchronous  A transformation implementation may be either synchronous or asynchronous  Synchronous implementations  Run wholly on the CPU itself in a synchronous fashion (take CPU cycles during all the run)  Access virtual memory using the CPU MMU mechanism  Asynchronous implementations  MAY be implemented using off-CPU resources (i.e. typically dedicated hardware), or not  MAY access memory via DMA and not have access to MMU, or not.  In fact, synchronous implementation are a sub group of asynchronous ones!  E.g. cryptd(aes-ni) turns the synchronous aes-ni implementation into an asynchronous implementation by running it on several cores in parallel.  You can limit yourself to working only with synchronous implementations by passing the CRYPTO_ALG_ASYNC ask flag to allocation calls.
  • 23. ©ARM 201723 Backlog  Transformation implementations have a certain capacity for in flight requests  i.e. descriptor ring space, hardware FIFO etc.  If you pass the CRYPTO_TFM_REQ_MAY_BACKLOG flag to callback setting API call, you will allow the implementation provider to queue up back log word to a software queue if it doesn’t have enough capacity.  If this happens, your callback function will be called twice:  Once with err set to –EINPROGRESS to indicate it got queued off of the backlog.  A second time when it is actually processed  The kernel now has a generic implementation of this mechanism for transformation providers can use to implement this.  However, the author believes it is currently buggy and is working to fix it… 
  • 24. ©ARM 201724 API Typical Life Cycle  Allocate a transformation object (tfm)  Get properties of the transformation chosen by the kernel (e.g. digest size)  Set global transformation properties (e.g. encryption key)  Allocate a request object  Set request specific parameters, such as GFP flags and callback function to call when operation finish  Initialize the request  Feed data (e.g. buffers to encrypt or hash)  Finalize (e.g. read final HMAC value)  Free request object  Free transformation object
  • 25. ©ARM 201725 API documentation and code examples  No use copy & paste them here, so just go to:  Documentation/crypto or  http://www.chronox.de/crypto-API/crypto/index.html
  • 26. ©ARM 201726 Pitfalls to look out for  This call requests only synchronous implementations tfm = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC);  Yes, it’s totally backwards – the mask flag masks out the async. Implementations!  If you see code that passes NULL as a callback like the following, it’s probably used the mask flag (see above) to request only synchronous implementations: ahash_request_set_callback(req, 0, NULL, NULL);  Remember that operation may complete synchronously or asynchronously based on the transformation provider discretion only and you need to handle both cases!  Don’t ignore the err parameter of the callback.  Remember that ff you passed the CRYPTO_TFM_REQ_MAY_BACKLOG flag when setting the callback, your callback may be called twice!  Even the request init function might sometime complete asynchronously.
  • 27. ©ARM 201727 DM-Crypt and DM-Verity - Protecting your file systems from the scum of the universe
  • 28. ©ARM 201728 DM-Crypt  dm-crypt is a transparent disk encryption subsystem in Linux  It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API.  dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks.  dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations.  It can thus encrypt whole disks (including removable media), partitions, software RAID volumes, logical volumes, as well as files.  It appears as a block device, which can be used to back file systems, swap or as an LVM physical volume.  It is used by Android devices to implement Full Disk Encryption.
  • 29. ©ARM 201729 Simple dm-crypt setup example # cryptsetup luksFormat fs3.img # cryptsetup open --type luks fs3.img croot # mke2fs /dev/mapper/croot # mount -t ext2 /dev/mapper/croot /media # umount /media/ # cryptsetup close croot This examples uses AES in XTS operating mode to protect a loopback mounted partition file. Make sure to remember your chosen key or your data is lost!
  • 30. ©ARM 201730 DM-Verity  Device-Mapper's "verity" target provides transparent integrity checking of block devices using a cryptographic digest provided by the kernel crypto API.T  This target is read-only.  dm-verity helps prevent persistent rootkits that can hold onto root privileges and compromise devices.  The dm-verity feature lets you look at a block device, the underlying storage layer of the file system, and determine if it matches its expected configuration.  It does this using a cryptographic hash tree. For every block (typically 4k), there is a SHA256 hash.  Dm-verity can optionally FEC to protect against hash data corruptions.  DM-Verity is used by Android devices.
  • 31. ©ARM 201731 How does DM-Verity work?  Dm-verity uses a Merkle tree of storage blocks to protect the integrity of the read only data on the storage device, in a way that the integrity can be evaluated in a lazy fashion during runtime instead of pre-mount time.  It needs a singular trusted root hash to achieve security
  • 32. ©ARM 201732 Simple dm-verity setup example # veritysetup format filesystem.img signature.img # veritysetup create vroot filesystem.img signature.img ffa0a985fd78462d95c9b1ae7c9e49…5e3f13c10e4700058b8ed28 # mount -t ext2 /dev/mapper/vroot /media/ # umount /media # veritysetup remove vroot This examples uses SHA 256 to protect the integrity of the loopback file system provided the root hash is secure.
  • 33. The trademarks featured in this presentation are registered and/or unregistered trademarks of ARM Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. Copyright © 2017 ARM Limited ©ARM 2017 Thank you for listening! Questions? @gilad gilad@benyossef.com