Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp757555imm; Thu, 13 Sep 2018 07:19:09 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYUmbzgQhy2XnARjFVFV/umZ0VZ2DyEwnAbVKA3PE5Q68zSQFpO0DRCGzYZvHp+pnB3vehj X-Received: by 2002:a62:9b46:: with SMTP id r67-v6mr7657946pfd.105.1536848349848; Thu, 13 Sep 2018 07:19:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536848349; cv=none; d=google.com; s=arc-20160816; b=hFU8lWegdaoWz3D4grLh+eEkFmQ9VZq5wa2xvWkhB5eZPZjZGHeImHDuq2TtXMTQBO riAIGi99/YSVX86hpitLJ3MQO0C8yrk/de38BlLtD61z5aO1umuxnOGyyCRGTEI0zNXe bwiBgjuufcGzoLVI9dxDUfph+MLWnGmKcve2bToUf0Bg0GZeOxr9E4Ex8t6oqGjWhiI2 msOSzUWsRZ4N429Q8YSGd6XGiPEezqvAdqrgzPM8JpETSmmbkSEyCJP2pKNigqB+YGgS p+lZ5SOl5lCikGoJu6gPgzNsW+sEHI7kYbdiqU2Wt5dTvhU5Ii3QWd0c+PtyQ1V0k9IG 6H8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=jW9ZKAvtFj2BJfsCOxg/lLl3gxN/RN9BltgkUG1zE5A=; b=EPkXpuqz9Nm4dEKpFI5QilsIqeJ/OP0zjWAz/46WKBAolkXmRfudyfMgsQLx9i6xlG V5Sp7mh4F0tnRWshuyuolTPhQW/tC76vue12ejWHhBT8pq8go9P+2dN4R6uXI1UCZ2cK MgidAcOLT+31oMwEiBQS4IkupoH8iRJM2UReaiJUwqeD1xPdQKkhqeEh7jRuvXd8W/xg zcfSwtKYTJV5kANpXJd/i7RBp9rgzXgBeP4rFVsjGL6wgkDUmFE1yzFJbYOi5b1bUWE5 ZQlj3hzR+2WpYgnPr8HoyMref3ThS6OyGbDp4Mz1/92bCKLgwmG8kn1bB/myAMK83r03 CrAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=hu5uB6md; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 72-v6si4156147pfq.6.2018.09.13.07.18.48; Thu, 13 Sep 2018 07:19:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=hu5uB6md; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728514AbeIMT20 (ORCPT + 99 others); Thu, 13 Sep 2018 15:28:26 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:36191 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727876AbeIMT2Z (ORCPT ); Thu, 13 Sep 2018 15:28:25 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id e7457ea0; Thu, 13 Sep 2018 14:01:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=XeBBJ3q0RSrBChF3c4/O2/jZAFc=; b=hu5uB6 mdqTNACJ4ANfwQmPUBrkSVCPtPVq1pv37q4CJhSp5YVtFYBrQZAuI+0sWC5RrhE1 kgj425meEzquyeO8UteBmdYiQd+IlX00lPYnGS/s/h9Z+SQWiINu9fkipvnH+gM+ /g0Xfvcwms7OerUuVmYXheNzXgP9er07sviZYYh+ofAl3rZs+H9MXzkg32h3WSIM xECe8eSnrQ3RqyAWV53wzFbbwvzLBu347A8xrogGw3mpYjCF4mtoOSo/pz8N9taz m4VlMLh3+sTzIXpmtkjcUfvV7BuXHRNAudWcRlAZ/mWfs1jKhjqJ2Sm7MhjlRbZf 8/jR6hx/x1EGHugQ== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id d6fc8ea4 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Thu, 13 Sep 2018 14:01:45 +0000 (UTC) Received: by mail-ot1-f46.google.com with SMTP id v10-v6so1370950otk.7; Thu, 13 Sep 2018 07:18:40 -0700 (PDT) X-Gm-Message-State: APzg51ASekd0bnCQvHDi6WtEFWbSRcuJwUZ9Q7jEqTDf/deSy3kIy4wa 0oaTYElJrxe8j8Qi0VKT5cmJDjW/QKEQ6ZrJ4eQ= X-Received: by 2002:a9d:3a34:: with SMTP id j49-v6mr1296817otc.317.1536848319595; Thu, 13 Sep 2018 07:18:39 -0700 (PDT) MIME-Version: 1.0 References: <20180911010838.8818-1-Jason@zx2c4.com> <20180911010838.8818-3-Jason@zx2c4.com> In-Reply-To: From: "Jason A. Donenfeld" Date: Thu, 13 Sep 2018 16:18:28 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH net-next v3 02/17] zinc: introduce minimal cryptography library To: Andrew Lutomirski Cc: Ard Biesheuvel , LKML , Netdev , David Miller , Greg Kroah-Hartman , Samuel Neves , Jean-Philippe Aumasson , Linux Crypto Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 13, 2018 at 1:45 AM Andy Lutomirski wrote: > I'm not convinced that there's any real need for *all* crypto > algorithms to move into lib/zinc or to move at all. As I see it, > there are two classes of crypto algorithms in the kernel: > > a) Crypto that is used by code that chooses its algorithm statically > and wants synchronous operations. These include everything in > drivers/char/random.c, but also a bunch of various networking things > that are hardcoded and basically everything that uses stack buffers. > (This means it includes all the code that I broke when I did > VMAP_STACK. Sign.) Right, exactly. This is what will wind up using Zinc. I'm working on an example usage of this for v4 of the patch submission, which you can ogle in a preview here if you're curious: https://git.zx2c4.com/linux-dev/commit/?h=big_key_rewrite 28 insertions, 206 deletions :-D > b) Crypto that is used dynamically. This includes dm-crypt > (aes-xts-plain64, aes-cbc-essiv, etc), all the ALG_IF interfaces, a > lot of IPSEC stuff, possibly KCM, and probably many more. These will > get comparatively little benefit from being converted to a zinc-like > interface. For some of these cases, it wouldn't make any sense at all > to convert them. Certainly the ones that do async hardware crypto > using DMA engines will never look at all like zinc, even under the > hood. Right, this is what the crypto API will continue to be used for. > I think that, as a short-term goal, it makes a lot of sense to have > implementations of the crypto that *new* kernel code (like Wireguard) > wants to use in style (a) that live in /lib, and it obviously makes > sense to consolidate their implementations with the crypto/ > implementations in a timely manner. As a medium-term goal, adding > more algorithms as needed for things that could use the simpler APIs > (Bluetooth, perhaps) would make sense. Agreed 100%. With regards to "consolidate their implementations" -- I've actually already done this after your urging yesterday, and so that will be a part of v4. > But I see no reason at all that /lib should ever contain a grab-bag of > crypto implementations just for the heck of it. They should have real > in-kernel users IMO. And this means that there will probably always > be some crypto implementations in crypto/ for things like aes-xts. Right, precisely. Jason