Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4167227imm; Tue, 11 Sep 2018 07:57:36 -0700 (PDT) X-Google-Smtp-Source: ANB0VdadxvPyG1YaVBQWHc70fcE7PdUnnUws1CzTJgtiy9tu3DOZYc6UwwQ9s2Ui2IR91VZdubuM X-Received: by 2002:a17:902:14e:: with SMTP id 72-v6mr27467142plb.299.1536677856170; Tue, 11 Sep 2018 07:57:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536677856; cv=none; d=google.com; s=arc-20160816; b=e0hv6nV4vWKcvHjv/5H9JgtZ6UnNOBRKdT9fvdg8n/tl4t00PSgYg6+Qi/NCDjPTXa VbWfjXv53Rqj6pPaWjtNgXfKCInJrW3PqhpxVUMd4ADT3hzNpDc2EsGKiGZbcy4n5q+a zzqx4MgPgRBDG5JL2NucEoAYFFD7Dnlcsyq/oGQ/wbx8s78T8rzkog0IXnzqxkCQlMJx gb53PuvFZlwWEcxwP/OUolpXlPFvO7zh5ff8i92WwFyjaWolL7srfVLAuyB1CXSwpUK2 McS5h4yG1AVFKDF5qPSy6gyKNGqdTHC7J87BgYdlQIp+6nFMTq9cmAbZrxy3GGiE+JcN c9dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Q79B4XYC86nbwznGydEk473t5Yry3aZ2bsy+EWNN0Vc=; b=PWxgwqzzUysbKA+McSYBZuQOdajhXJmLe3hTsdoQNfefhXuSOQgg+RU0ZlyOTUvpK+ hYXUbE2QmSrwTDsE0JzLZKX/eLe+LDM194FD1L86EBqD5MD3AuVNUOsyGna4GKyGyf/t d9Rb56SHyg1qjrNWcCg2kiyFwpOazodiTH4cfyITXLRo8m1rUqghONIJK0SzjFmiMpUj 8U7JsczwZfdqL8pq22oX2uZ0PA8ma8UAVk9gjumVTJrvfRSRazb/jCJsfM9Zkc8qhaz8 yqbTs4qg8kRBHOnuTd3w2+mptE51iruV7BaPy4vAJlsQn8htpSzwiMKO1m1witOH7gr+ 5leg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p21-v6si18263509plo.182.2018.09.11.07.56.50; Tue, 11 Sep 2018 07:57:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728014AbeIKT4I (ORCPT + 99 others); Tue, 11 Sep 2018 15:56:08 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:32906 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726622AbeIKT4I (ORCPT ); Tue, 11 Sep 2018 15:56:08 -0400 Received: from localhost (ip-213-127-74-90.ip.prioritytelecom.net [213.127.74.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 0061FEDB; Tue, 11 Sep 2018 14:56:26 +0000 (UTC) Date: Tue, 11 Sep 2018 16:56:24 +0200 From: Greg Kroah-Hartman To: Ard Biesheuvel Cc: "Jason A. Donenfeld" , Linux Kernel Mailing List , "" , "David S. Miller" , Andy Lutomirski , Samuel Neves , Jean-Philippe Aumasson , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" Subject: Re: [PATCH net-next v3 02/17] zinc: introduce minimal cryptography library Message-ID: <20180911145624.GA21635@kroah.com> References: <20180911010838.8818-1-Jason@zx2c4.com> <20180911010838.8818-3-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 11, 2018 at 12:08:56PM +0200, Ard Biesheuvel wrote: > > As Zinc is simply library code, its config options are un-menued, with > > the exception of CONFIG_ZINC_DEBUG, which enables various selftests and > > BUG_ONs. > > > > In spite of the wall of text, you fail to point out exactly why the > existing AEAD API in unsuitable, and why fixing it is not an option. > > As I pointed out in a previous version, I don't think we need a > separate crypto API/library in the kernel, and I don't think you have > convinced anyone else yet either. Um, then why do people keep sprinkling new crypto/hash code all around the kernel tree? It's because what we have as a crypto api is complex and is hard to use for many in-kernel users. Something like this new interface (zinc) is a much "saner" api for writing kernel code that has to interact with crypto/hash primitives. I see no reason why the existing crypto code can be redone to use the zinc crypto primitives over time, making there only be one main location for the crypto algorithms. But to do it the other way around is pretty much impossible given the complexities in the existing api that has been created over time. Not to say that the existing api is not a viable one, but ugh, really? You have to admit it is a pain to try to use in any "normal" type of "here's a bytestream, go give me a hash" type of method, right? Also there is the added benefit that the crypto primitives here have been audited by a number of people (so Jason stated), and they are written in a way that the crypto community can more easily interact and contribute to. Which is _way_ better than what we have today. So this gets my "stamp of approval" for whatever it is worth :) thanks, greg k-h