From: "Jason A. Donenfeld" Subject: Re: [kernel-hardening] Re: Remaining crypto API regressions with CONFIG_VMAP_STACK Date: Sat, 10 Dec 2016 15:45:56 +0100 Message-ID: References: <20161209230851.GB64048@google.com> <20161210053711.GB27951@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: Andy Lutomirski , Eric Biggers , linux-crypto@vger.kernel.org, "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , Andrew Lutomirski , Stephan Mueller To: kernel-hardening@lists.openwall.com Return-path: Received: from frisell.zx2c4.com ([192.95.5.64]:35614 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752323AbcLJOqC (ORCPT ); Sat, 10 Dec 2016 09:46:02 -0500 In-Reply-To: <20161210053711.GB27951@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org List-ID: Hi Herbert, On Sat, Dec 10, 2016 at 6:37 AM, Herbert Xu wrote: > As for AEAD we never had a sync interface to begin with and I > don't think I'm going to add one. That's too bad to hear. I hope you'll reconsider. Modern cryptographic design is heading more and more in the direction of using AEADs for interesting things, and having a sync interface would be a lot easier for implementing these protocols. In the same way many protocols need a hash of some data, now protocols often want some particular data encrypted with an AEAD using a particular key and nonce and AD. One protocol that comes to mind is Noise [1]. I know that in my own [currently external to the tree] kernel code, I just forego the use of the crypto API all together, and one of the primary reasons for that is lack of a sync interface for AEADs. When I eventually send this upstream, presumably everyone will want me to use the crypto API, and having a sync AEAD interface would be personally helpful for that. I guess I could always write the sync interface myself, but I imagine you'd prefer having the design control etc. Jason [1] http://noiseprotocol.org/