RE: [RFC] MPI module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I would like to add that you can even handle the TLS/DTLS/SSL packet formation in the kernel as well if you provide an algorithms that does just that. Right now, most user just use the kernel for the hashing and cipher parts. There is no reason that the current framework cannot handle processing the full packet in hardware. All you need is to create another algorithm name that is aead type. Then, from user space (using Linux CryptoAPI user space interface) creates that algorithms. The underlying CryptoAPI will call the appropriate function that provided by your driver and the result of the operation will be an TLS/DTLS/SSL packet formation. 

We currently does this for testing our hardware for non-IPSec protocol.

-Loc


-----Original Message-----
From: linux-crypto-owner@xxxxxxxxxxxxxxx [mailto:linux-crypto-owner@xxxxxxxxxxxxxxx] On Behalf Of Herbert Xu
Sent: Friday, January 30, 2009 4:41 AM
To: Pierre Habouzit
Cc: linux-crypto@xxxxxxxxxxxxxxx
Subject: Re: [RFC] MPI module

Pierre Habouzit <madcoder@xxxxxxxxxx> wrote:
>
> So let me rephrase that to be sure we've understood each other. What you
> suggest is to have an IKE-like daemon dealing with the keys and all the
> handshakes, and that the kernel would only deal with the symmetric
> ciphers used on the data path. Is that right ?

Either a daemon or a library in user-space should handle the
hard work of negotiating the keys.  You can leave the easy work
of encrypting/decrypting the data to the kernel :)

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux