Hi,
btw. patch to mv_cesa is actually adding hmac to the driver.
How would you comment that?
The same way could be also used here.
I could calc final output with sw.
Any comments?
- Dmitry
On 13/04/10 11:59, ext Herbert Xu wrote:
On Thu, Apr 08, 2010 at 06:35:33PM +0200, Dmitry.Kasatkin@xxxxxxxxx wrote:
Sha1 only is also very useful. We calcluate hashes of all binaries for integrity verification. We do not need hmac there.
But do we do that in the Linux kernel?
Of course it would be useful if we had a user-space API, but
that is still on the TODO list.
But in general it is possible do add algo hmac(sha1) to the driver and implement it internally without import/export.
No we don't want to add hmac to every single driver that does
sha1. So this would not be a good precedent. In any case,
some form of import/export must be possible (maybe not in our
current format) because our API requires the ability to perform
a partial update and postpone the finalisation indefinitely.
If you couldn't import/export, that would imply that the hardware
must have infinite memory.
I have to check on documentation publicity.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html