Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp988467imm;
        Wed, 19 Sep 2018 10:04:46 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdbSrlmlBjaQcX4Wyy+NnBpqUOXhk45cz1lIoRXXrGZCWqTv8+8mx+ZjMK1Ovg3Zfu4UsfKc
X-Received: by 2002:a62:990f:: with SMTP id d15-v6mr37134324pfe.162.1537376686518;
        Wed, 19 Sep 2018 10:04:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1537376686; cv=none;
        d=google.com; s=arc-20160816;
        b=a8ZCpsSXXLzGEnd8Bup2Cgl/mPE7S8JGOhaSHSsgvTL+qQQVdrv8Ef7Vrz3L2vggTr
         cTRSbYsGVkorIxRYPZeTORr8PSnqOzHaBb1BPQ1fRLYrdTkd/Xa2wWPUt9ixRVSopw+H
         b2idayMPgL/O5d5XZTR4moJbYAHjR09w0AxIs6hn7oQuOuP3N512QlW59XBiCYsEaQJx
         WC55aHm2VlX3Vl+Xzquh6w/sWQW72+axGCxNhvspmMuypGtm3QdqOVyBE77eOAjE0m99
         86FN+SUcgTnA62kUCMofJf5UNQJxpKjkcVLC4UMvaqAvPtkP8ZYbtO8xz/UR/+hiavs3
         dg5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature;
        bh=bYN4nchF7JLla5tLmZryLNZGGqi8p5WF3W8RE2ECWQc=;
        b=XYxTpALN2j7F8vxDh2Pcom8iRPWovNvRuwDTfrmqnEAwfKxkangbN6QxVQZf4/Z6t7
         mu18+Gg4tg0nuM1XQBS2sjLv72jGihfDA5C6UDrXDlprI4h9SQjWstWR4aJEFvOO/NEu
         CSYvwpLXHk8OllLL2Y9xdeiy8I2l2QlpWEKkTsIyp1RbmengBAH1bAllZMevqihwlHZk
         3RjOizMC8xXJ3jOfsLrBjeVxc8vjiOOGV7WKpo2m47zj6RN0piKzWmJmLwo709xZdPQz
         pM5B2j09542S8BPOHIwhVCQtIE9mjaKuyzjiG0aHc0D+IglsPBfyd2rbc0xszLx4FfKM
         pntw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=eZgxHWlz;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h9-v6si25204041plk.461.2018.09.19.10.04.29;
        Wed, 19 Sep 2018 10:04:46 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=eZgxHWlz;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732761AbeISWeV (ORCPT <rfc822;0330sisy@gmail.com> + 99 others);
        Wed, 19 Sep 2018 18:34:21 -0400
Received: from mail-io1-f68.google.com ([209.85.166.68]:40035 "EHLO
        mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731592AbeISWeU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 19 Sep 2018 18:34:20 -0400
Received: by mail-io1-f68.google.com with SMTP id l14-v6so5050709iob.7
        for <linux-kernel@vger.kernel.org>; Wed, 19 Sep 2018 09:55:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=bYN4nchF7JLla5tLmZryLNZGGqi8p5WF3W8RE2ECWQc=;
        b=eZgxHWlzBnrJvDxgFchvKp1iqgLj+ZM3ZJVDhvyu7Z/NBuKUyRDX9EYrHPPsnTshZs
         fu8HY8pYgBMHlmPCkI21JNvWpbKiODHhDJCwOV6A+sxCSKSslMOS6iUGKQs5oxFewPRg
         LlW+REHtDMP0P4aGV3+zYVgIFYBt54nCNy1bg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=bYN4nchF7JLla5tLmZryLNZGGqi8p5WF3W8RE2ECWQc=;
        b=hQOMEu/PbKXdOPGOzYTiPeqHhBtjDdO3+unxlte3cp+DnNYmObVHhYI7oyL4Xelnsb
         xXOR7tBKMvdJnm8cjwXtNFo1b4clnTDta1dbQMC7vrkumJnaac4faw8lT3t2PXXYZotq
         dvjSykHrdhqoKaJvsZoLH1W4IaDhnxm1JEVWXd0KQVxbpmykIt226aFp0W5bShGWUXNb
         bsusQrf0izn5Kb77qRBB7k/T6AyEWfamZMaCADbMTJAxTBE6jqHbKSW/tuWLD3BX2Hzm
         Yhxu91hV78Tp2+h+4nlv0dPTqTlGrSJKXIZtxpJI7sq0yRrJYKRP1+4zDYs49mpn9cJl
         WgOA==
X-Gm-Message-State: APzg51D88ez8va2uGH8ZV59xnFvzNK7os+lw41t2i7AE5kRi+K7fMHcQ
        8yZnONI34k2mg/EkhU+udficNC6iJeJ8+EHk76VHIQ==
X-Received: by 2002:a6b:be83:: with SMTP id o125-v6mr29617290iof.173.1537376133959;
 Wed, 19 Sep 2018 09:55:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a6b:2848:0:0:0:0:0 with HTTP; Wed, 19 Sep 2018 09:55:32
 -0700 (PDT)
In-Reply-To: <20180918203658.GA28723@zx2c4.com>
References: <20180911214737.GA81235@gmail.com> <CAHmME9rFUruF-VN1pmU-k5nFsb9ppAPhPpW-5Ho9dKL2HCg4kA@mail.gmail.com>
 <20180911233015.GD11474@lunn.ch> <20180911.165739.2032677219588723041.davem@davemloft.net>
 <CALCETrXrJPcs3h9CtF50N4k2AGx3qzspJd_UW3t+KGYOj7+p=Q@mail.gmail.com>
 <CAKv+Gu8QgRo-Oex2Sk5unET3FMq+1Cp2btAWXCB8xsALxjatHg@mail.gmail.com>
 <CAHmME9qwRzuoo-3Hxahwu=Li2LCz06Uowaq1GFmkts6tsffM7w@mail.gmail.com>
 <CAKv+Gu8OKyVvvgLy48GDV2KJt-UmmHbf5x0qNxQC_SDiddb9-g@mail.gmail.com> <20180918203658.GA28723@zx2c4.com>
From:   Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date:   Wed, 19 Sep 2018 09:55:32 -0700
Message-ID: <CAKv+Gu-JVLCbMuqFzsdC5TwOu0_jS4OeekD_GQcunV_7zGxAbQ@mail.gmail.com>
Subject: Re: [PATCH net-next v3 02/17] zinc: introduce minimal cryptography library
To:     "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc:     Andrew Lutomirski <luto@kernel.org>,
        David Miller <davem@davemloft.net>,
        Andrew Lunn <andrew@lunn.ch>,
        Eric Biggers <ebiggers@kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Netdev <netdev@vger.kernel.org>, Samuel Neves <sneves@dei.uc.pt>,
        Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>,
        Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 18 September 2018 at 13:36, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> Hi Ard,
>
> On Tue, Sep 18, 2018 at 11:53:11AM -0700, Ard Biesheuvel wrote:
>> On 17 September 2018 at 08:52, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>> > Hi Ard,
>> >
>>
>> Given that you show no interest whatsoever in gaining an understanding
>> of the underlying requirements that we have to deal with in the crypto
>> API, the only way to get my point across is by repeatedly stating it
>
> Sorry if I've come across that way, but I am certainly interested in
> gaining such an understanding of said requirements.
>

Excellent.

So you are probably aware that there is a big push in the industry
these days towards high-performance accelerators on a coherent fabric,
potentially with device side caches, and this is the main reason that
the crypto API abstractions are the way they are today.

So while standardizing on Chacha20Poly1305 in WireGuard [while still a
policy decision in my view] seems reasonable to me, the decision to
limit WireGuard to synchronous software implementations seems to me
like something we may want to revisit in the future. What is your view
on that? And is the ChaCha20/Poly1305 AEAD construction in WireGuard
identical to the one in RFC 7539, i.e., could an accelerator built for
the IPsec flavor of ChaCha20Poly1305 potentially be reused for
WireGuard?