On Thu, Jun 01, 2000 at 11:41:18PM -0500, David Marshall wrote:
> In other words, putting in a crypto API with support for all sorts of
> algorithms is one thing, and has its own technical issues. Putting in
> support for specific algorithms can be made relatively simple: the
> programmer literally just drops the code in, and writes init, release,
> status, key generation and handling, encrypt, and decrypt functions.
> How is block chaining done in the current kerneli setup?
IIRC, macros generate the CBC mode cipher from the supplied ECB mode
cipher. (As you probably guessed)
> Is it possible to perhaps put in a crypto API like I mentioned above,
> and let people drop in their own crypto algorithms with some patch?
> Ideally the API would even handle the various block chaining schemes.
That would be a Good Thing, AFAICS. Put the infrastructure in the
main kernel distribution, and seperate individual implementations
of particular, ``thorny'' algorithms.
> From the looks of it, we already have something pretty close in
> drivers/block/loop.c. In particular, look at the top of the file. Two
> transfer functions are defined. One is a straight passthrough function
> (i.e. no transformation/crypto at all). The other is a cheezy (and
> horribly insecure, if anyone is actually clueless enough to use it)
> XOR encryption scheme. I would assume that someone could write
> transfer and other support functions for real crypto algorithms and
> just drop them in without having to modify much of anything in the
> kernel tree other than the Config.in file and the Makefile.
You should look at the kerneli patch, it adds a lot to the loop
driver, IIRC. (It extends the existing infrastructure present in that
driver) Although it also provides a library of cryptographic
primitives, seperate from the loop driver.
-- -/ |/| Julian Squires <email@example.com> /-
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:14 EST