Zinc is a new minimal cryptography API for the kernel that is in the process of being upstreamed. Rather than providing an abstracted framework, Zinc provides simple functions. This talk will address the design considerations of the new API, its approach to implementation choice and fuzzing, and touch on formally verified cryptography implementations. We’ll explore the difference between, on one hand, reference code for a particular algorithm, and on the other hand, the present crypto API with its large and complicated abstractions, and how Zinc fits into the middle of these extremes. We’ll also examine issues relating to using SIMD from kernel space and the costs associated with it, and what we can do about it.

Jason Donenfeld