On Thu, Dec 13, 2018 at 11:07:23PM +0900, Ryota Ozaki wrote: > On Thu, Dec 13, 2018 at 6:30 AM Joerg Sonnenberger <jo...@bec.de> wrote: > > > > On Thu, Dec 13, 2018 at 12:58:21AM +0900, Ryota Ozaki wrote: > > > Before that, I want to ask about how to import cryptography > > > libraries needed tor the implementation. The libraries are > > > libb2[1] and libsodium[2]: the former is for blake2s and > > > the latter is for curve25519 and [x]chacha20-poly1305. > > > > I don't really have a problem with Blake2s, but I have serious concerns > > for doing asymmetric cryptography in the kernel. In fact, it is one of > > the IMHO very questionable design decisions behind WireGuard and > > something I don't want to see repeated in NetBSD. > > Can you clarify the concerns?
Asymmetrical cryptography is slow and complex. On many architectures, the kernel will only be able to use slower non-SIMD implementations. ECC still easily requires 10k cycles per operation. The implementation is non-trivial in terms of code size and historically riddled with tiny tricky issues ranging from corner cases in the math to timing. I haven't yet heard a really good argument why the key exchange must be part of the kernel beyond the inability of the Linux community to coordinate different projects. Joerg