Zinc: a new kernel cryptography API

Posted Nov 7, 2018 2:54 UTC (Wed) by pj (subscriber, #4506)
In reply to: Zinc: a new kernel cryptography API by k8to
Parent article: Zinc: a new kernel cryptography API

Don't guess. Check out the 4.17 Crypto API docs in all their glory... and see what you think.

Zinc: a new kernel cryptography API

Posted Nov 7, 2018 4:15 UTC (Wed) by robert.cohen@anu.edu.au (subscriber, #6281) [Link]

That is an example of an API and yes it contains opaque blobs.

But that doesnt mean that all API's have to contain opaque blobs.

I would agree that the set of mechanisms that are used to programatically access the functionality of a package are the API of the package.

Just because there are many bad complicated API's out there doesnt mean all API's have to be confusing and complicated.

Zinc: a new kernel cryptography API

Posted Nov 7, 2018 4:15 UTC (Wed) by WolfWings (subscriber, #56790) [Link]

I mean for doing one-off encryption tasks with fixed blocks of data, or PBKDF2? The existing Linux Crypto API is pretty easy to use for that.

There's no scatter-gather needed or anything beyond basic socket handling (socket, bind, setsockopt, accept, write/sendto, read/recvfrom) but it's half the speed or slower than other approaches due to all the resulting syscalls in testing PBKDF2 for example, versus a standalone library. Upside? It's <800 bytes compiled for a full PBKDF2 implementation w/ proper error checking and fail-out.

But for a constant-stream-of-data system like a VPN or if you're trying to go As Fast As Possible? Yeah, it's sucky complexity once you hit using the scatter-gather functions instead or try to gin things up with zero-copy.

The existing kernel crypto API is meant to avoid having to roll your own libraries, and get faster versions if they're available, but it's got a lot of fixed overhead either in code complexity to make it scream, or syscall count if you don't care about speed.

Zinc: a new kernel cryptography API

Posted Nov 7, 2018 4:28 UTC (Wed) by k8to (guest, #15413) [Link] (2 responses)

Full disclosure, when I wrote that, I was thinking of various corporate "REST" apis that are anything but REST, overly complicated java libraries that resort to XML to "simplify", and OpenSSL. It wasn't really meant as a comment on anything directly related, whether apropos or not.

Zinc: a new kernel cryptography API

Posted Nov 7, 2018 17:20 UTC (Wed) by rweikusat2 (subscriber, #117920) [Link] (1 responses)

API has a technical meaning: Application programming interface. This can be anything. Eg open, close, read, write, lseek, ftruncate are the basic UNIX file access API and they're all "just functions". There' also "an API" for network configuration which is build on top of AF_NETLINK sockets which is a rather different animal (and not a particularly cute or pretty one).

API is also a marketing term. Then, it means "we do stuff on the web and we're so absoluetely MODERN! that we won't even know what until next week!" (presumably, this usage is meanwhile somewhat dated).

:->

Zinc: a new kernel cryptography API

Posted Nov 7, 2018 20:44 UTC (Wed) by k8to (guest, #15413) [Link]

I'm having trouble relating this comment to mine. I described my personal associations for the term, and you seem to be defining the term.