Re: RSA support into kernel?
On Thu, Jul 05, 2007 at 03:48:51PM -0700, Gautam Singaraju ([EMAIL PROTECTED]) wrote: Is there any attempts being made to provide software based RSA cryptographic support in kernel level? I see that 2.6.21 supports Hardware devices such as VIA Padlock ACE. Has anybody had a change to use such a system? VIA padlock engine or RSA? The former is heavily used in the wild, but why would anyone want to use RSA in the kernel? -GS -- Evgeniy Polyakov - To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA support into kernel?
From: Evgeniy Polyakov [EMAIL PROTECTED] Date: Fri, 6 Jul 2007 14:37:31 +0400 On Thu, Jul 05, 2007 at 03:48:51PM -0700, Gautam Singaraju ([EMAIL PROTECTED]) wrote: Is there any attempts being made to provide software based RSA cryptographic support in kernel level? I see that 2.6.21 supports Hardware devices such as VIA Padlock ACE. Has anybody had a change to use such a system? VIA padlock engine or RSA? The former is heavily used in the wild, but why would anyone want to use RSA in the kernel? Automatic SSL done in-kernel on user data for socket I/O, with hardware offload from the crypto layer when available. Solaris has done this for quite some time and it helps a lot for things like the VIA and Niagara. - To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA support into kernel?
On Fri, Jul 06, 2007 at 04:05:33AM -0700, David Miller ([EMAIL PROTECTED]) wrote: From: Evgeniy Polyakov [EMAIL PROTECTED] Date: Fri, 6 Jul 2007 14:37:31 +0400 On Thu, Jul 05, 2007 at 03:48:51PM -0700, Gautam Singaraju ([EMAIL PROTECTED]) wrote: Is there any attempts being made to provide software based RSA cryptographic support in kernel level? I see that 2.6.21 supports Hardware devices such as VIA Padlock ACE. Has anybody had a change to use such a system? VIA padlock engine or RSA? The former is heavily used in the wild, but why would anyone want to use RSA in the kernel? Automatic SSL done in-kernel on user data for socket I/O, with hardware offload from the crypto layer when available. Solaris has done this for quite some time and it helps a lot for things like the VIA and Niagara. I.e. for userspace stuff? That is obviously the right usage, but Linux cryptoapi does not have userspace interface, so was my question. Actually I was several times already asked after acrypto was closed, how userspace can use new hardware drivers, and frankly I do not know what the best userspace API would look like (in one of the projects I already used all three methods one-by-one and failed to determine the best). Simple char device read/write or ioctl, or blocking/nonblocking syscall over file descriptor, or anything else? -- Evgeniy Polyakov - To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA support into kernel?
David Miller [EMAIL PROTECTED] wrote: VIA padlock engine or RSA? The former is heavily used in the wild, but why would anyone want to use RSA in the kernel? Automatic SSL done in-kernel on user data for socket I/O, with hardware offload from the crypto layer when available. AFAIK asymmetric crypto is only used for SSL key exchange and not on the data transfers so I'm not sure whether this would be that useful. This is pretty much the same situation with IPsec where we delegate the key exchange to the userspace KMs. Now having in-kernel SSL data exchange support using the crypto API would be pretty cool and would provide the same level of crypto support to SSL users as we do for IPsec. So far the only proposed user for RSA in-kernel seems to be module signing and I'm staying well away from that debate :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA support into kernel?
On Fri, Jul 06, 2007 at 09:12:52PM +0800, Herbert Xu wrote: So far the only proposed user for RSA in-kernel seems to be module signing and I'm staying well away from that debate :) eCryptfs uses RSA. Right now it has to defer to a userspace daemon to perform the operation. Mike .___. Michael A. Halcrow Security Software Engineer, IBM Linux Technology Center GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769 This is about humans being human. - Carl Sagan signature.asc Description: Digital signature
Re: RSA support into kernel?
I am considering RSA as an option for research purposes; though I need it only for decryption purposes. Any specific reason for running the daemon in user space? Gautam On 7/6/07, Michael Halcrow [EMAIL PROTECTED] wrote: On Fri, Jul 06, 2007 at 09:12:52PM +0800, Herbert Xu wrote: So far the only proposed user for RSA in-kernel seems to be module signing and I'm staying well away from that debate :) eCryptfs uses RSA. Right now it has to defer to a userspace daemon to perform the operation. Mike .___. Michael A. Halcrow Security Software Engineer, IBM Linux Technology Center GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769 This is about humans being human. - Carl Sagan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBRo5FZNtAhTFtyodpAQO9jAgAmCPiGap1u/Qd5Zogb/hxtpoNF8/7Vx+z FWnIbzI9jK8g1PBxXGkYVASQ/rPbT/yhX3Zg53jrJm+8RqDAQDY/Ca1qAUvDtD57 R5Mo/eSSlwuvAMVsLFDYYINeER3fpIX7wdrwB5VTN6YKz9eJFhsNqMUSQ8mCSbbV qEzFUq8EdcYsaxSZ56uIXSSphneKXIDAzWCu5hjbLtr71WSkvXKe4kVZKElb1LrB SGxxPajTCnjuw1z9VL5Tp2pOfyX3pWRSnoiCxUjwl2Aco0hu+Nl+0X2qsVkkmBSx 0MoeTrZ+FAY0QBDlPbtR6N5kD4NvV94WXnfQPi5DC66730nwLufk4Q== =4vHb -END PGP SIGNATURE- -- --- Gautam - To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA support into kernel?
On Fri, Jul 06, 2007 at 08:36:37AM -0500, Michael Halcrow wrote: eCryptfs uses RSA. Right now it has to defer to a userspace daemon to perform the operation. OK that'd be the most convincing case for me then. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html