torvalds/linux
Crypto
Purpose
crypto/ implements the kernel's cryptographic API and a substantial set of software algorithm implementations. Hardware-accelerated alternatives live in drivers/crypto/. The crypto API is consumed by fs/crypto/ (fscrypt), fs/verity/ (fs-verity), net/tls/, net/xfrm/ (IPsec), block/blk-crypto*, the keyring framework, and many drivers.
Directory layout
crypto/
├── Kconfig, Makefile
├── api.c, algapi.c, ahash.c, shash.c, akcipher.c, aead.c, kpp.c, sig.c, scompress.c, acompress.c
├── algboss.c, algif_*.c # Async algorithm registration; AF_ALG sockets
├── crypto_*.{c,h} # Engine, queue, internal helpers
├── *.c # Per-algorithm implementations (aes, sha2, sha3, chacha20, poly1305, des, 3des, ecdh, rsa, dsa, drbg, hmac, …)
├── asymmetric_keys/ # X.509 / PKCS#7 / TPM-backed keys
├── async_tx/ # Async crypto via DMA engines
├── lib/, math/, lz*/, lzo/, deflate*, zstd_*, 842* # Compression algos
├── ecc.c, ecdh.c, eddsa.c, curve25519*.c
└── tests/, testmgr.c, testmgr.h # Self-test frameworkAPI at a glance
The kernel crypto API has separate "transformations":
- shash / ahash — hashes (synchronous and asynchronous).
crypto_shash_*is the common one for in-place small hashes;crypto_ahash_*for offload-capable. - skcipher — symmetric block/stream ciphers (AES-CBC, AES-XTS, ChaCha20).
- aead — authenticated encryption (AES-GCM, ChaCha20-Poly1305).
- akcipher / sig — public-key encryption and signatures.
- kpp — key-pair primitives (DH, ECDH).
- rng — (P)RNGs.
- acomp / scomp — compression.
Allocation pattern:
struct crypto_shash *tfm = crypto_alloc_shash("sha256", 0, 0);
SHASH_DESC_ON_STACK(desc, tfm);
desc->tfm = tfm;
crypto_shash_digest(desc, data, len, out);
crypto_free_shash(tfm);The API picks the best registered implementation by name, allowing software fallbacks when hardware is absent.
Self-tests and FIPS
crypto/testmgr.c and tests/ contain self-test vectors run at module load time when CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n. FIPS-mode (fips=1) enforces FIPS-approved algorithms only.
AF_ALG
crypto/algif_*.c implements AF_ALG, a socket family that exposes the crypto API to user space. Used by some user-space crypto libraries when hardware acceleration is desired.
Asymmetric keys
crypto/asymmetric_keys/ parses X.509 certificates, PKCS#7 messages, and PGP-style trust chains. Used for module signing, IMA appraisal, kexec image verification, and the kernel keyring.
Compression
The kernel uses multiple compression backends — lzo, lz4, lz4hc, zstd, deflate, 842, lzx — for compressed swap (zswap), btrfs/squashfs, jbd2, and others.
Hardware integration
drivers/crypto/ contains accelerator drivers: Intel QAT, Cavium/Marvell OcteonTX, ARM Crypto Cell, AMD CCP, NXP CAAM, Qualcomm QCE, etc. They register implementations against the same API names; the API picks them when available and faster.
Integration points
- fs/crypto/: fscrypt uses skcipher + aead.
- fs/verity/: fs-verity uses shash.
- net/tls/: KTLS uses aead.
- net/xfrm/: IPsec uses aead, skcipher, ahash.
- block/blk-crypto/: inline encryption uses skcipher.
- security/keys/: keyring uses asymmetric_keys.
- drivers/char/random: RNG via the crypto subsystem.
- EFI module signing, kexec verification: PKCS#7.
Key source files
| File | Purpose |
|---|---|
crypto/api.c |
The lookup-by-name machinery. |
crypto/algapi.c |
Algorithm registration. |
crypto/aead.c |
AEAD interface. |
crypto/skcipher.c |
Symmetric cipher interface. |
crypto/shash.c |
Synchronous hash interface. |
crypto/testmgr.c |
Self-tests. |
crypto/asymmetric_keys/x509_cert_parser.c |
X.509 parser. |
Entry points for modification
- New algorithm: implement the relevant struct (
shash_alg,aead_alg, etc.), register, add test vectors totestmgr.h. Often the algorithm is a single C file undercrypto/. - New hardware accelerator: write a driver in
drivers/crypto/that registers algorithms withcrypto_register_aeadetc. - Performance work: see
crypto/lib/and per-arch implementations underarch/<arch>/crypto/.
Related pages
- Drivers —
drivers/crypto/accelerators. - Filesystems — fscrypt, fs-verity.
- Networking — KTLS, IPsec.
- Block layer — inline encryption.
- Security — module signing, IMA.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.