[OpenAFS-devel] crypto backend and integration for rxgk

Derek Atkins warlord@MIT.EDU
Fri, 03 May 2013 14:58:55 -0400


Benjamin Kaduk <kaduk@MIT.EDU> writes:

> On Thu, 2 May 2013, Derek Atkins wrote:
>
>> Benjamin Kaduk <kaduk@MIT.EDU> writes:
>>
>>> Necessary is debatable.  Desirable, well, all the reasons Debian tries
>>> hard to eliminate bundled libraries.  The kernel's crypto library (or
>>> even an openssl krb5 backend) will offer aesni acceleration, which
>>> hcrypto does not.
>>
>> OpenAFS cannot use the Linux kernel's crypto because last I checked the
>> Linux KCrypto was GPLONLY, and OpenAFS was not GPL and therefore
>> couldn't use the API.
>
> When I say "the kernel", I mean "the kernel that the openafs kernel
> module is running in", which is by no means limited to linux.

Sure, but your text seemed to imply all kernels, so I was just pointing
out a counter-example.  Moreover, it's not necessarily true that a
"kernel's crypto library ... WILL offer aesni acceleration" (emphasis
mine).  It is *likely* but certainly not guaranteed.

> Certainly the FreeBSD kernel (my personal choice) exposes crypto APIs
> to all loadable modules; it appears that OS X does so as well if I am
> reading XCode correctly.

It's probably just Linux that's the exception.  But it's a BIG
exception.

>>> I'm all for the initial implementation being hcrypto-only, but I think
>>> that it makes sense to leave room for future expansion.
>>
>> I think it's a reasonable goal, but it's going to require lots of
>> various plug-ins to support it on each platform/environment.
>
> We know at build-time what platform is being targetted; I am imagining
> that we would just build a platform-specific file instead of a common
> one, to get the platform-specific features.

Yeah, we would need to have user-space and kernel-space implementations
for each platform.

> -Ben

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available