Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1453209imm; Fri, 28 Sep 2018 19:41:01 -0700 (PDT) X-Google-Smtp-Source: ACcGV6084EdKTwmDgJzFqiInYxf0mczwNpUSSb7EUNYpw+HlNUBYI+Q4gS3MpZf0X8B9edi8FnKm X-Received: by 2002:a63:1b0b:: with SMTP id b11-v6mr1224300pgb.66.1538188861345; Fri, 28 Sep 2018 19:41:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538188861; cv=none; d=google.com; s=arc-20160816; b=EILtnueeT9ieHCgdbcjNLQeXTEoJEymvwetmG5WR5wIJyekDsd/X4JoOx0TCqqwOz6 m418+Bys5UEwZO8vjWJImzETgcjoFfVEvbagMS0msrZtrdtn+i74LrTv3NcS/zlo29tM HTRepfVDelqupTsJ0DUCrofkrihIv6lc8pnMbDcqRocxMXwWG8R513Pc+9xp9RocfqEH 2EohYubG1h5BfMwvCM//dfE/9sW7BP0Ob0NQLF51tcASRM/RIKO6pmEWW34Q2IO0VY7G wGmFn5vWLI0MJVP8gdEww+C+61c6rJ5FQBrd8P/yEfDnc8IxOd2/iuzCGUE5bg22mSL4 I8dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=19eaPlwlvnNHZ2/qEvbGy5lk9YhPNVA0REx8mxBts7U=; b=OdASUVw7WHoiIRPLZsm6yao2WfvBuxfI87vMaFUZYyNdOZemV9fGPXHq+WnNIyaRH6 X2671q1hwERKY3vTOu+fmKsoQmHw4vYjqrRC8XLqdeJx/biWXapbD/4P81W0rqaD4MVr 3IDMw/ZH1ZUQ1fb8nHENIFDITVlnVJ3l0LOT3XCJZxRcn8icx1N5BlAVZ1xT5XnR/C3D pnc56fFdu9QltyxbMr1uxMTyRGMs6FAD8xTN5UgbL0HD9bYruT6QQW4ZEOhR+cefWibR M4s5NycTSXD9M3BoQadK7+NouqAOa0W6cSAVklQOdQVjwahXcM+xvtr8vlEoV+2QLsVv IdDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=K2YUaQyb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9-v6si1706731pfk.27.2018.09.28.19.40.46; Fri, 28 Sep 2018 19:41:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=K2YUaQyb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727477AbeI2JGz (ORCPT + 99 others); Sat, 29 Sep 2018 05:06:55 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:57477 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727370AbeI2JGy (ORCPT ); Sat, 29 Sep 2018 05:06:54 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 72608233; Sat, 29 Sep 2018 02:21:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=MsjPlVNHvEQq3hckMbNmcjdwyww=; b=K2YUaQ ybDBADnUBypmuBvnPAovCw8H/nQAeTg28eFtA+EG67ZjIDSiyPOqnktHosobfPCR uZLRBRDVdzI1luj1of+7GMrmOPZ38qdScQemJNKOxRR+AMALF/3rYQO+8+sUhX2e 3Q3Ez2n67xp/uUBc1HwGSlownXp9JoTbAfgKTB6+ssR9lHwOsObYM5KtVFgLHBUx 0oGQX/LJmvknSOG4Q1vPD9wQxLuJo/QhU4itzzAYW0udkwkH6jh+MQf9u1Ex60Gz J3HfeW956I4kzH57xmizCMPKA/Usivdep4zSbqCflFpNyt2DG8O/iMGEeMfq1rmO 7jDYaK/FAebK36ig== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id f469b0e0 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Sat, 29 Sep 2018 02:21:24 +0000 (UTC) Received: by mail-oi1-f169.google.com with SMTP id k64-v6so7003390oia.13; Fri, 28 Sep 2018 19:40:15 -0700 (PDT) X-Gm-Message-State: ABuFfog7i4267NCgd2Dtnqt7q9J8bRhTfFkZh7KzDkWKVW2l0EItrl6J vLQyfqOTQ4kvh52rYSSgPPZlu4094s81Dr1zYhA= X-Received: by 2002:aca:d489:: with SMTP id l131-v6mr607985oig.15.1538188814760; Fri, 28 Sep 2018 19:40:14 -0700 (PDT) MIME-Version: 1.0 References: <20180925145622.29959-1-Jason@zx2c4.com> <20180927182944.GA22921@gmail.com> <20180927213537.GA27576@zx2c4.com> <20180928011726.GA98113@gmail.com> <20180928023546.GA20765@zx2c4.com> <20180928045542.GA545@zzz.localdomain> In-Reply-To: From: "Jason A. Donenfeld" Date: Sat, 29 Sep 2018 04:40:03 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH net-next v6 00/23] WireGuard: Secure Network Tunnel To: Ard Biesheuvel , Willy Tarreau Cc: Eric Biggers , LKML , Netdev , Linux Crypto Mailing List , David Miller , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [+Willy] Hi Ard, On Fri, Sep 28, 2018 at 7:47 PM Ard Biesheuvel wrote: > > On 28 September 2018 at 07:46, Jason A. Donenfeld wrote: > > WireGuard is indeed quite opinionated in its primitive choices, but I > > don't think it'd be wise to apply the same design to Zinc. There are > > APIs where the goal is to have a limited set of high-level functions, > > and have those implemented in only a preferred set of primitives. NaCl > > is a good example of this -- functions like "crypto_secretbox" that > > are actually xsalsapoly under the hood. Zinc doesn't intend to become > > an API like those, but rather to provide the actual primitives for use > > cases where that specific primitive is used. Sometimes the kernel is > > in the business of being able to pick its own crypto -- random.c, tcp > > sequence numbers, big_key.c, etc -- but most of the time the kernel is > > in the business of implementing other people's crypto, for specific > > devices/protocols/diskformats. And for those use cases we need not > > some high-level API like NaCl, but rather direct access to the > > primitives that are required to implement those drivers. WireGuard is > > one such example, but so would be Bluetooth, CIFS/SMB, WiFi, and so > > on. We're in the business of writing drivers, after all. So, no, I > > don't think I'd knock down the addition of a primitive because of a > > simple preference for a different primitive, if it was clearly the > > case that the driver requiring it really benefited from having > > accessible via the plain Zinc function calls. Sorry if I hadn't made > > this clear earlier -- I thought Ard had asked more or less the same > > thing about DES and I answered accordingly, but maybe that wasn't made > > clear enough there. > > > > CRC32 is another case study that I would like to bring up: > - the current status is a bit of a mess, where we treat crc32() and > crc32c() differently - the latter is exposed by libcrc32.ko as a > wrapper around the crypto API, and there is some networking code (SCTP > iirc) that puts another kludge on top of that to ensure that the code > is not used before the module is loaded > - we have C versions, scalar hw instruction based versions and > carryless multiplication based versions for various architectures > - on ST platforms, we have a synchronous hw accelerator that is 10x > faster than C code on the same platform. > > AFAICT none of its current users rely on the async interface or > runtime dispatch of the 'hash'. I've added Willy to the CC, as we were actually discussing the crc32 case together two days ago. If my understanding was correct, he seemed to think it'd be pretty useful too. It seems like unifying the crc32 implementations at some point would make sense, and since there's no usage of these as part of the crypto api, providing crc32 via a vanilla function call seems reasonable. It's not clear that on some strict formal level, crc32 belongs anywhere near Zinc, since it's not _exactly_ in the same category... But one could broaden the scope a bit and make the argument that this general idea of accepting some bytes, doing some "pure" arithmetic operations from a particular discipline on them in slightly different ways depending on the architecture, and then returning some other bytes, is what in essence is happening with these all of these function calls, no matter their security or intended use; so if crc32 would benefit from being implemented using the exact same design patterns, then it might as well be grouped in with the rest of Zinc. On the other hand, this might be a bit of a slippery slope ("are compression functions next?"), and a libcrc32.ko could just as well exist as a standalone thing. I can see it both ways and some other arguments too, but also this might form a good setting for some much needed cleanup of the crc32. So that's definitely something we can consider. Regarding the synchronous ST driver: I'll give it a thorough read through, but I do wonder off the bat if actually it'd be possible to incorporate that into the Zinc paradigm in a fairly non-intrusive way. I'll give that some thought and play around a bit with it. Jason