Robert Varga wrote:
> A couple questions:
> Is encrypted loopback the only place in kernel where encryption can be used?
No. But loop driver has a good interface for different ciphers. Crypto-api
for loop devices adds an extra unnecessary layer. Small and fast is
beautiful.
> Is AES the only cipher worthy enough to be used ?
How many ciphers does one need? One good one will fill most peoples' needs.
> Is it better to have aes_set_key, des_set_key, and probably quite a few others
> rather than:
>
> struct crypto_ctx *ctx = crypto_newctx("aes");
> crypto_setkey(ctx, "blahblah");
> crypto_encrypt(ctx, dest, src, len);
> ?
Above code is AES specific (since you hardcoded the string "aes"), so yes.
:-)
Using low-level functions (aes_set_key(), aes_encrypt(), and aes_decrypt())
directly gives programmer more flexibility over block chaining and
initialization issues. It would be silly to expect crypto_encrypt() to
support all possible weirdo setups. Operation of aes_encrypt() will not
change. Code calling aes_encrypt() may change to adapt to different
situations: running in Linux kernel, userspace, or other operating systems,
whatever.
> <flame>
> Do you think of VFS as "kernel bloat" ?
> </flame>
No.
Regards,
Jari Ruusu <jari.ruusu@xxxxxxxxxx>
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
