Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp857343imm; Thu, 13 Sep 2018 08:46:45 -0700 (PDT) X-Google-Smtp-Source: ANB0VdY3JPCY6HbtJkW8LRxfqGa38Gc5FzlF/iwfkF8vP2FBCUbphRt0pFt3WFfF5lU/ynHVqzFS X-Received: by 2002:a63:1823:: with SMTP id y35-v6mr7730426pgl.438.1536853605300; Thu, 13 Sep 2018 08:46:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536853605; cv=none; d=google.com; s=arc-20160816; b=NRmBJ2JtYM2l2SseGmtop8PbiYexcNtFZTx8OE0Uq6c/FA8sYnGzYbjfZv7aFOAnT6 NJ5xw8F+oD3CXSgPEJCMHjkddwfEKQ8I+i8/We7NvvFVD5k8VPuVetEY5VWw15P0D6Iq XHhMqD2AwPDUarhJb475ww5/aFtXnhPYoTpQIIshV4p+4umfyKxcEC4oX0Fcu8oSGpSW xYt7EOodox473myyKtCJsGVfUhFjhtCK/lqvsoOwERJFpIzgWxuNeaMXdqIFY/biCYrS kDFuOihVeJGqgk1oOWdwyhy6/O7k6f6kauedzGLTUOxBTexqt0ayr75Id/X1UZT9+s1R vDuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=eXdh+ubOBqTXjhcqC9pCpTqUqa3H05YryuE243ZPt2s=; b=pZY8UEQ6yIJlPBf1kwP8Ys7N+mdkl7BbxWNukGn6LvdU9qs95PsIYMMec5fikGDh/b NcBZSfKm8Ey4oeqNE+kIR+fg5x8dHC9diEyiE/ewAkLKP/Dxyy0BwZkiUCvmAxC+ZFWS URMWBHwptnZuZ+XAioE3X5Y/RgBgBS6HdNExqxt2gcm7DB+E/O9LpypX/bIleQvr34Dn Ehksez6t5c/R5+AKVVeX2VJSDdYQsg82mltXuMyLjrgT4b3l9ZDgP1Je4V2lBPOMZTt3 CADmEETyLppbPaT/HC0zRLcUajq4LGjgMO2Gh8G+enGecP+A0iPXiKSJOOyyiHRSjIEV mSgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=yerT4ZOI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y65-v6si4187850pgb.5.2018.09.13.08.46.17; Thu, 13 Sep 2018 08:46:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=yerT4ZOI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728133AbeIMU4L (ORCPT + 99 others); Thu, 13 Sep 2018 16:56:11 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:52699 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726819AbeIMU4K (ORCPT ); Thu, 13 Sep 2018 16:56:10 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id f0c530a2; Thu, 13 Sep 2018 15:29:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=RdZUR/tpm7SsDg97avDsa3jlRlc=; b=yerT4Z OIDq4Wez5inXEbSALNOoYljD6YskWi/V0asl2jocOOhfn8X89tfetxNV6wbmvMsT rEANuQtlJPB+XEXr4lCdYcWABToisb1+0nTp9qwp6tLrh4zncctZpMDpQ43yTYXS VqGxnoA6Smbp6hTAJvQRP6rXai0nlWmniXjQfVaYyuq3bPWlYKkl0T85WxmapO4O UDIJtONMxsi/O/z4smaMVw+uzCueatmFkwlELMWjFOZ7pw0Zg7alYV3b6snEj2G6 Bkjy0zjWbQpYvQEHARYOuTGgEo1m6SE/Eq9fWEZ38oSmEgremfTziGC+Zzl7UHfO scEC02Hil1wNXIBA== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id b1d7cf17 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Thu, 13 Sep 2018 15:29:06 +0000 (UTC) Received: by mail-oi0-f46.google.com with SMTP id k12-v6so9864966oiw.8; Thu, 13 Sep 2018 08:46:02 -0700 (PDT) X-Gm-Message-State: APzg51BaK2rtJJXcLgVYyqWiD88RFAOxyT6PjSAvu31xJOHrwVt/Iej3 Hsk6ez0HWZA+8Tf/xgGGRSE/5m7y5YWpKOufmLc= X-Received: by 2002:aca:dc82:: with SMTP id t124-v6mr6560415oig.189.1536853561789; Thu, 13 Sep 2018 08:46:01 -0700 (PDT) MIME-Version: 1.0 References: <20180911010838.8818-1-Jason@zx2c4.com> <20180911010838.8818-3-Jason@zx2c4.com> In-Reply-To: From: "Jason A. Donenfeld" Date: Thu, 13 Sep 2018 17:45:49 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH net-next v3 02/17] zinc: introduce minimal cryptography library To: Ard Biesheuvel Cc: LKML , Netdev , David Miller , Greg Kroah-Hartman , Andrew Lutomirski , Samuel Neves , Jean-Philippe Aumasson , Linux Crypto Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 13, 2018 at 5:04 PM Ard Biesheuvel wrote: > > The code still benefits from the review that's gone into OpenSSL. It's > > not modified in ways that would affect the cryptographic operations > > being done. It's modified to be suitable for kernel space. > > So could we please at least have those changes as a separate patch then? I'll experiment with a couple ways of trying to communicate with precision what's been changed from OpenSSL for the next round of patches. > > That's interesting. I'll bring this up with AndyP. FWIW, if you think > > you have a real and compelling claim here, I'd be much more likely to > > accept a different ChaCha20 implementation than I would be to accept a > > different Poly1305 implementation. (It's a *lot* harder to screw up > > ChaCha20 than it is to screw up Poly1305.) > > The question is really whether we want different implementations in > the crypto API and in zinc. Per earlier in this discussion, I've already authored patches that replaces the crypto API's implementations with simple calls to Zinc, so that code isn't duplicated. These will be in v4 and you can comment on the approach then. > You are completely missing my point. I am not particularly invested in > the crypto API, and I share the concerns about its usability. That is > why I want to make sure that your solution actually results in a net > improvement for everybody, not just for WireGuard, in a maintainable > way. Right, likewise. I've put quite a bit of effort into separating Zinc into Zinc and not into something part of WireGuard. The motivation for doing so is a decent amount of call sites all around the kernel that I'd like to gradually fix up.