User: Password:
|
|
Subscribe / Log in / New account

What about PKI? And other comments.

What about PKI? And other comments.

Posted Oct 29, 2010 15:49 UTC (Fri) by deviantmaru (guest, #70901)
Parent article: A netlink-based user-space crypto API

1) I see no mention of PKI algorithms. How would they be implemented?
2) I would have to agree with ken and alonz in that the netlink-based system
seems more like a hack than a proper design.
3) I would also agree with alonz that crypto operations don't seem to fit
well into any of the current Unix abstractions.
4) I am new to ioctl-based programming, so can anyone please tell me what is
awful about it?

Disclaimer: I am a kernel-driver who is currently hacking (learning) on an
ioctl-based, /dev/blah driver for a hardware (PCI) crypto device.


(Log in to post comments)

What about PKI? And other comments.

Posted Nov 1, 2010 15:26 UTC (Mon) by eparis (subscriber, #33060) [Link]

4) I am new to ioctl-based programming, so can anyone please tell me what is
awful about it?

The biggest problem with ioctl is by FAR that people get it wrong. ioctl is the equivalent of typing everything in C void * and wondering why your program isn't behaving correctly. Look at ioctl vs getsockopt() and setsockopt()

int ioctl(int d, int request, ...);

int getsockopt(int sockfd, int level, int optname, void *optval, socklen_t *optlen);
int setsockopt(int sockfd, int level, int optname, const void *optval, socklen_t optlen);

They provide the same ability to be generic and to move data back and forth but the socket functions encode size and direction into the call. It means you can easily do sane checks in the kernel.

Linus has recently pushed a bit that syscalls are the right way to go (not in this discussion, just in general discussions about kernel/userspace ABI). A good syscall is going to provide size, direction, and strong typing of arguments.

The more information an interface encodes and enforces the more likely it is that the interface will be used correctly.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds