Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?

To: sommerfeld%netbsd.org@localhost
Subject: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
From: Jonathan Stone <jonathan%DSG.Stanford.EDU@localhost>
Date: Tue, 18 Nov 2003 20:47:57 -0800

I'm with Bill: the knob really doesn't make sense.  FreeBSD has the
knob disconnected, and always passes a constant 1 (meaning, userlevel
requests get hardware crypto only) to the appropriate function.

I would rather not support it at all, except in case of debugging
(or just possibly, diagnosig bad hardware). And if thats all its for, I
care so much how ugly it is.

>And a knob doesn't make sense for that because userland wouldn't have
>access to the keys in the first place in that case..

But it _might_ make sense to move (for example) Diffie-Hellman session
key exchange machinery, completely into the kernel, so that you don't
do it in userspace at all. In which case you might want the kernel to
do the D-H/session-key machinery in software.  There's a separate knob
for that (and public/private key ops too, I think).

IIIRC, isakmpd uses kernel ocf calls for Diffie-Hellman; I dunno if it
has a separate userspace bignum/DH library as well.

References:
- Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
  - From: Bill Sommerfeld

Prev by Date: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
Next by Date: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
Previous by Thread: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
Next by Thread: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
Indexes:

Home | Main Index | Thread Index | Old Index