LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-11-2017, 06:08 AM   #1
yankovic
LQ Newbie
 
Registered: May 2017
Posts: 1

Rep: Reputation: Disabled
Data integrity in asyncronous CryptoApi in Linux


I work on implementation of driver for Linuc CryptoApi. Encryption/decryption will be performed in hardware and I want to use asynchronous operation of CryptoApi, which perfectly suitable for this purpose. Main purpose of driver is using with ipsec.

Citation from documentation:

Asynchronous operation is provided by the kernel crypto API which implies that the invocation of a cipher operation will complete almost instantly. That invocation triggers the cipher operation but it does not signal its completion. Before invoking a cipher operation, the caller must provide a callback function the kernel crypto API can invoke to signal the completion of the cipher operation. Furthermore, the caller must ensure it can handle such asynchronous events by applying appropriate locking around its data. The kernel crypto API does not perform any special serialization operation to protect the callerís data integrity.

Common mechanism of work: driver get query for processing data, make child process which will communicate with hardware, then driver(not child process) return special code("in progress") to caller. Caller now can create one else query or do another useful work. When data processing complete child process call callback function, which registered by caller, and die.

But caller of the driver can be killed, for example, before data will be handled by hardware. If caller process not exist anymore in system, execution callback function can corrupt system. Besides that, before execution of callback function child process get encrypted/decrypted data from hardware and write it to some buffer, which was provided by caller. And this is one more scenario of system corruption. If caller not exist anymore driver should not use buffer.

How did kernel developers planned me to resolve this issue? What mechanism of synchronization between my driver and customer application should I use?

And I want to go back to upper citation: Furthermore, the caller must ensure it can handle such asynchronous events by applying appropriate locking around its data. The kernel crypto API does not perform any special serialization operation to protect the callerís data integrity.

I don't know, but it can concern to issue I research. In that case it's not problem of my driver to control data integrity. Then maybe it's a problem of ipsec level? For example, xfrm subsystem?

Any comments or ideas, please?

And I create appropriate topic at stackoverflow, maybe it will be helpfull too.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mv command, data integrity Willard Linux - Software 6 06-03-2012 07:16 PM
LXer: Oracle contributes data-integrity code to Linux kernel LXer Syndicated Linux News 0 12-04-2008 04:20 AM
LXer: Oracle, Emulex grant Linux data integrity LXer Syndicated Linux News 0 12-03-2008 11:20 AM
protecting data integrity of a server which is always on DJOtaku *BSD 4 09-22-2007 11:53 AM
Data Integrity Checks itnaa Linux - Software 7 12-22-2006 01:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration