linux2.6.38提供了一些应用层掉内核层加解密模块的接口,据说还支持硬件加密卡(未试)。
 
下面是用openssl 和 内核分别进行aes加密的比较:
 
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <openssl/aes.h>
#include <sys/socket.h>
#include <linux/if_alg.h>
#ifndef AF_ALG
#define AF_ALG 38
#define SOL_ALG 279
#endif
#define BUF_SIZE 16
static void crypt_ssl(char *in, int inlen, char *out,const char *key, char *iv)
{
 AES_KEY akey;
 AES_set_encrypt_key(key, 128, &akey);
 AES_cbc_encrypt(in, out, inlen, &akey, iv, 1);
}
static void crypt_kernel(char *in, int inlen, char *out, const char *key, char *oiv)
{
 int opfd;
 int tfmfd;
 struct sockaddr_alg sa = {
  .salg_family = AF_ALG,
  .salg_type = "skcipher",
  .salg_name = "cbc(aes)"
 };
 struct msghdr msg = {};
 struct cmsghdr *cmsg;
 char cbuf[CMSG_SPACE(4) + CMSG_SPACE(20)] = {};
 struct af_alg_iv *iv;
 struct iovec iov;
 tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
 bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa));
 setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, key, 16);
 opfd = accept(tfmfd, NULL, 0);
 msg.msg_control = cbuf;
 msg.msg_controllen = sizeof(cbuf);
 cmsg = CMSG_FIRSTHDR(&msg);
 cmsg->cmsg_level = SOL_ALG;
 cmsg->cmsg_type = ALG_SET_OP;
 cmsg->cmsg_len = CMSG_LEN(4);
 *(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT; 
 
 cmsg = CMSG_NXTHDR(&msg, cmsg); 
 cmsg->cmsg_level = SOL_ALG; 
 cmsg->cmsg_type = ALG_SET_IV; 
 cmsg->cmsg_len = CMSG_LEN(20); 
 iv = (void *)CMSG_DATA(cmsg); 
 memcpy(iv->iv, oiv, 16);
 iv->ivlen = 16;
 iov.iov_base = in;
 iov.iov_len = inlen;
 msg.msg_iov = &iov;
 msg.msg_iovlen = 1;
 sendmsg(opfd, &msg, 0);
 read(opfd, out, inlen);
 close(opfd);
 close(tfmfd);
}

int main(int argc, char **argv)
{
 int i;
 char out[BUF_SIZE] = {0};
 char in[BUF_SIZE] = "Single block msg";
 const char key[16] =
  "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
  "\x51\x2e\x03\xd5\x34\x12\x00\x06";
 char iv[16] =
  "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
  "\xb4\x22\xda\x80\x2c\x9f\xac\x41";
 if(argc != 2)
 {
  printf("usage:\n\tcompare openssl / compare kernel\n");
 }
 if(strncmp(argv[1], "openssl", 7) == 0)
 {
  printf("encrypt by openssl...\n");
  crypt_ssl(in, BUF_SIZE, out, key, iv);
 }
 if(strncmp(argv[1], "kernel", 6) == 0)
 {
  printf("encrypt by kernel...\n");
  crypt_kernel(in, BUF_SIZE, out, key, iv);
 }
 for (i = 0; i < BUF_SIZE; i++)
  printf("%02x", (unsigned char)out[i]);
 printf("\n");
 return 0;
}
 
Makefile的内容如下:
development:/westone/af_alg/compare # cat Makefile
INCLUDES=-I/westone/linux-2.6.38.4/include \
         -I/westone/openssl/include/openssl
LIBS=-L/westone/openssl/lib -lcrypto -lssl
CROSS_COMPILE=586-
CC=$(CROSS_COMPILE)gcc
FLAGS+=-Wall  #-Werror
C_SOURCES=$(wildcard *.c)
C_OBJS=$(patsubst %.c, %.o, $(C_SOURCES))
APP=compare
all:clean $(APP)
compare:$(C_OBJS)
        $(CC) $(FLAGS) -o compare $^ $(LIBS)
.c.o:
        $(CC) -c -o $*.o $(FLAGS) $(INCLUDES) $*.c
compile:$(C_OBJS)
        $(CC) $(LINKFLAGS) -o  $(TARGET) $^ $(LIBS)
clean:
        rm -f $(C_OBJS)
        rm -f $(APP)
 
 
执行后结果如下:
# ./compare kernel
encrypt by kernel...
e353779c1079aeb82708942dbe77181a
# ./compare openssl
encrypt by openssl...
e353779c1079aeb82708942dbe77181a