On Thu, Apr 08, 2010 at 06:35:33PM +0200, Dmitry.Kasatkin@xxxxxxxxx wrote: > > Sha1 only is also very useful. We calcluate hashes of all binaries for integrity verification. We do not need hmac there. But do we do that in the Linux kernel? Of course it would be useful if we had a user-space API, but that is still on the TODO list. > But in general it is possible do add algo hmac(sha1) to the driver and implement it internally without import/export. No we don't want to add hmac to every single driver that does sha1. So this would not be a good precedent. In any case, some form of import/export must be possible (maybe not in our current format) because our API requires the ability to perform a partial update and postpone the finalisation indefinitely. If you couldn't import/export, that would imply that the hardware must have infinite memory. > I have to check on documentation publicity. Thanks! -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
