A netlink-based user-space crypto API
Posted Oct 21, 2010 20:54 UTC (Thu) by alonz
Parent article: A netlink-based user-space crypto API
Well, speaking as the architect of a hardware cryptography device…
I also dislike for Xu's proposal. Sorry.
My issues with this API (unlike the previous commenters) relate to function, not form:
- It creates unnatural semantic linkages between sockets (most importantly these pairs of sockets used for AEAD, which need to be written to/read from in a very particular ordering)
- There is no way to achieve zero-copy cipher operation with this API (at least one of the sendmsg()/recv() will have to copy data to/from an skbuff).
I don't really have a good alternative API; crypto just doesn't appear to map cleanly to the Unix abstractions. Maybe
a specialized system call ("sendrecvmsg()"/"servercall()" or somesuch) could help with the second point.
to post comments)