The crypto engine API (CE), is a crypto queue manager.


You have to put at start of your tfm_ctx the struct crypto_engine_ctx:

struct your_tfm_ctx {
      struct crypto_engine_ctx enginectx;

Why: Since CE manage only crypto_async_request, it cannot know the underlying request_type and so have access only on the TFM. So using container_of for accessing __ctx is impossible. Furthermore, the crypto engine cannot know the “struct your_tfm_ctx”, so it must assume that crypto_engine_ctx is at start of it.

Order of operations

You have to obtain a struct crypto_engine via crypto_engine_alloc_init(). And start it via crypto_engine_start().

Before transferring any request, you have to fill the enginectx. - prepare_request: (taking a function pointer) If you need to do some processing before doing the request - unprepare_request: (taking a function pointer) Undoing what’s done in prepare_request - do_one_request: (taking a function pointer) Do encryption for current request

Note: that those three functions get the crypto_async_request associated with the received request. So your need to get the original request via container_of(areq, struct yourrequesttype_request, base);

When your driver receive a crypto_request, you have to transfer it to the cryptoengine via one of: - crypto_transfer_ablkcipher_request_to_engine() - crypto_transfer_aead_request_to_engine() - crypto_transfer_akcipher_request_to_engine() - crypto_transfer_hash_request_to_engine() - crypto_transfer_skcipher_request_to_engine()

At the end of the request process, a call to one of the following function is needed: - crypto_finalize_ablkcipher_request - crypto_finalize_aead_request - crypto_finalize_akcipher_request - crypto_finalize_hash_request - crypto_finalize_skcipher_request