[OpenAFS-devel] crypto backend and integration for rxgk
Derek Atkins
warlord@MIT.EDU
Fri, 03 May 2013 14:58:55 -0400
Benjamin Kaduk <kaduk@MIT.EDU> writes:
> On Thu, 2 May 2013, Derek Atkins wrote:
>
>> Benjamin Kaduk <kaduk@MIT.EDU> writes:
>>
>>> Necessary is debatable. Desirable, well, all the reasons Debian tries
>>> hard to eliminate bundled libraries. The kernel's crypto library (or
>>> even an openssl krb5 backend) will offer aesni acceleration, which
>>> hcrypto does not.
>>
>> OpenAFS cannot use the Linux kernel's crypto because last I checked the
>> Linux KCrypto was GPLONLY, and OpenAFS was not GPL and therefore
>> couldn't use the API.
>
> When I say "the kernel", I mean "the kernel that the openafs kernel
> module is running in", which is by no means limited to linux.
Sure, but your text seemed to imply all kernels, so I was just pointing
out a counter-example. Moreover, it's not necessarily true that a
"kernel's crypto library ... WILL offer aesni acceleration" (emphasis
mine). It is *likely* but certainly not guaranteed.
> Certainly the FreeBSD kernel (my personal choice) exposes crypto APIs
> to all loadable modules; it appears that OS X does so as well if I am
> reading XCode correctly.
It's probably just Linux that's the exception. But it's a BIG
exception.
>>> I'm all for the initial implementation being hcrypto-only, but I think
>>> that it makes sense to leave room for future expansion.
>>
>> I think it's a reasonable goal, but it's going to require lots of
>> various plug-ins to support it on each platform/environment.
>
> We know at build-time what platform is being targetted; I am imagining
> that we would just build a platform-specific file instead of a common
> one, to get the platform-specific features.
Yeah, we would need to have user-space and kernel-space implementations
for each platform.
> -Ben
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available