Re: [PATCH] Enable specific ioctl calls for ICA crypto card (s390)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Damien Miller wrote:
On Tue, 28 Feb 2017, Eduardo Barretto wrote:

On 13-02-2017 13:23, Eduardo Barretto wrote:
> This patch enables specific ioctl calls for ICA crypto card on s390
> platform. Without this patch, users using the IBMCA engine are not able
> to perform ssh login as the filter blocks the communication with the
> crypto card.
>
> Signed-off-by: Harald Freudenberger <freude@xxxxxxxxxxxxxxxxxx>
> Signed-off-by: Eduardo Barretto <ebarretto@xxxxxxxxxxxxxxxxxx>
> ---
>  sandbox-seccomp-filter.c | 24 +++++++++++++++++++++---
>  1 file changed, 21 insertions(+), 3 deletions(-)
>
> diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
> index 2e1ed2c..264e146 100644
> --- a/sandbox-seccomp-filter.c
> +++ b/sandbox-seccomp-filter.c

[snip]

Hi there,

Do you have any feedback on this patch?

It's hard to evaluate it without reference to some public documentation
for the crypto card and the syscalls needed to use it. Is it a standard
part of s390 machines or an option?

Hi,

let me step in for Eduardo so that the thread doesn't hibernate.

As far as I know it is an optional piece of hardware, that may or may not be present in the system. OpenSSL is typically configured to load the libica engine (alongside any other possibly available ones).

As for the syscalls, would https://sourceforge.net/p/opencryptoki/libica/ci/master/tree/src/ica_api.c and http://lxr.free-electrons.com/source/arch/s390/include/uapi/asm/zcrypt.h#L259 be enough?

Does it provide substantial benefit for the crypto used in the pre-auth
stage of the protocol? (private key operations and DH/ECDH key agreement)

It should speed up some these:
https://sourceforge.net/p/opencryptoki/libica/ci/master/tree/doc/icainfo.1

Thanks
Kind regards
	Petr
--
Petr Cerny
Mozilla/OpenSSH maintainer for SUSE Linux

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux