| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4B57E489.6010707@cn.fujitsu.com>
Date: Thu, 21 Jan 2010 13:22:17 +0800
From: Li Yewang <lyw@...fujitsu.com>
To: David Miller <davem@...emloft.net>
CC: herbert@...dor.apana.org.au, netdev@...r.kernel.org
Subject: Re: [PATCH][XFRM] Use the simple name when adding SAD with ip xfrm
state
Sorry, I am new to crypto.
I searched the soucre code in the directory of /crypto,
and found that, all cryptos use shortname, for example:
crypto/xcbc.c
static struct crypto_template crypto_xcbc_tmpl = {
.name = "xcbc",
.create = xcbc_create,
.free = shash_free_instance,
.module = THIS_MODULE,
};
The name such as rfc3686(ctr(aes)) only used by "ip xfrm state" command to set SAD.
David Miller wrote:
> From: Li Yewang <lyw@...fujitsu.com>
> Date: Tue, 19 Jan 2010 16:25:22 +0800
>
>>
>> Herbert Xu wrote:
>>> Li Yewang <lyw@...fujitsu.com> wrote:
>>>> The encryption name such as "rfc3686(ctr(aes))" is too complex.
>>>> I think simple name is better for user when using "ip xfrm state ..." command.
>>>>
>>>>
>>>> Signed-off-by: Li Yewang <lyw@...fujitsu.com>
>>> Nack. If we want to support simple names such as these, they
>>> should be done in the crypto layer. Otherwise every crypto user
>>> that wants this would have to reinvent it.
>> But user sets SAD for ipsec with "ip xfrm state ..." must use the name such as "rfc3686(ctr(aes))".
>> Is that reasonable? Maybe user can not remember this complex name.
>>
>> There are some simple names for other encryptions,
>> such as "cbc(blowfish)", you can use "ip xfrm state ... enc blowfish ...".
>
> You're not reading what Herbert is saying.
>
> He's fine with the shorter name, he just wants you to implement
> is in the crypto layer core instead of the XFRM specific code.
>
> That way all crypto users will benefit from the shorter naming.
>
>
>
--
Regards
Li Yewang
--------------------------------------------------
Li Yewang
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
8/F., Civil Defense Building, No.189 Guangzhou Road,
Nanjing, 210029, China
TEL: +86+25-86630566-888
COINS: 79955-888
FAX: +86+25-83317685
MAIL: lyw@...fujitsu.com
--------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists