LinuxLists.cc - Question About Asymmetric Crypto

2009-12-09 09:58:42

Subject: Question About Asymmetric Crypto

Hi, all

Sorry for that I have to ask the question once more for asymmetric crypto.
And another question is about FIPS.

My problem is our SOC chip is the application processor, and provide the Crypto hardware engine with hash, symmetric crypto (aes, 3des, etc) and asymmetric crypto (PKCS-RSA, ECC, etc).

We want use the Linux CryptoAPI to enable the crypto engine. But now Linux CryptoAPI has supported (a)hash and (a)blockcipher well, but can NOT support asymmetric crypto.

So question is: Does Linux CryptoAPI will be a general crypto engine accelerator framework for Linux platform, or just only dedicated for Linux Kernel?
Like the thread has discussed, http://osdir.com/ml/linux.kernel.cryptoapi/2007/msg00307.html,
Some guys think that nobody wants to use RSA in the kernel, but if Linux CryptoAPI wants support user space (As Herbert has mentioned it in the September's conference), then the scenario is changing.
For example, if the browsers use the OpenSSL, and OpenSSL can call the Linux CryptoAPI to get the HW acceleration, and eventually optimize its performance.

So I want get more clearly for this point. Any comment is appreciated. Thanks a lot.

Best Regards,
Leo Yan

?
Best Regards,
Leo Yan
?
Ext: 24880

2009-12-11 06:31:56

by Herbert Xu

[permalink] [raw]

Subject: Re: Question About Asymmetric Crypto

Leo Yan <[email protected]> wrote:
>
> So question is: Does Linux CryptoAPI will be a general crypto engine accelerator framework for Linux platform, or just only dedicated for Linux Kernel?
> Like the thread has discussed, http://osdir.com/ml/linux.kernel.cryptoapi/2007/msg00307.html,
> Some guys think that nobody wants to use RSA in the kernel, but if Linux CryptoAPI wants support user space (As Herbert has mentioned it in the September's conference), then the scenario is changing.
> For example, if the browsers use the OpenSSL, and OpenSSL can call the Linux CryptoAPI to get the HW acceleration, and eventually optimize its performance.

I have nothing against having asymmetric crypto per se. However,
until the user-space API exists there is no point in adding any
asymmetric infrastructure in the kernel as we have no in-kernel
users for them.

So please help in creating the user-space API first.

Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt