On Mon, Aug 23, 2010 at 11:37:40AM -0400, Miloslav Trmac wrote:
I can see almost no overlap between the two sets of requirements. Probably
the only common use case is handling session keys (e.g. keys used in a
kerberos ticket), which should be stored in the kernel for the duration of
the
- Herbert Xu herb...@gondor.hengli.com.au wrote:
On Mon, Aug 23, 2010 at 11:37:40AM -0400, Miloslav Trmac wrote:
I can see almost no overlap between the two sets of requirements.
Probably the only common use case is handling session keys (e.g. keys
used in a kerberos ticket), which
On Mon, Sep 6, 2010 at 11:50, Miloslav Trmac m...@redhat.com wrote:
- Herbert Xu herb...@gondor.hengli.com.au wrote:
On Mon, Aug 23, 2010 at 11:37:40AM -0400, Miloslav Trmac wrote:
I have seriously considered the keyring API, and this is what I came
up with - but I'd love to be shown a
On Mon, Sep 6, 2010 at 15:13, Nikos Mavrogiannopoulos
n.mavrogiannopou...@gmail.com wrote:
On 09/06/2010 08:00 PM, Kyle Moffett wrote:
The kernel keyring service is basically a system-wide data storage
service. /dev/crypto needs a quick way to refer to short-lived,
usually process-local,
- Kyle Moffett k...@moffetthome.net wrote:
On Mon, Sep 6, 2010 at 11:50, Miloslav Trmac m...@redhat.com wrote:
- Herbert Xu herb...@gondor.hengli.com.au wrote:
On Mon, Aug 23, 2010 at 11:37:40AM -0400, Miloslav Trmac wrote:
I have seriously considered the keyring API, and this is
On Mon, Sep 6, 2010 at 17:11, Nikos Mavrogiannopoulos
n.mavrogiannopou...@gmail.com wrote:
I suppose you mean the reference to the internal representation of the
key. This might be valid for few seconds until the required operation is
over.
This is not really what I would call storage. The
On Fri, Aug 20, 2010 at 10:45:44AM +0200, Miloslav Trmač wrote:
This patch introduces the new user-space API, ncr.h.
Quick overview:
* open(/dev/crypto) to get a FD, which acts as a namespace for key and
session identifiers.
* ioctl(NCRIO_KEY_INIT) to allocate a key object; then
On 09/03/2010 11:18 AM, Herbert Xu wrote:
I will be looking at this myself so please stay tuned and be ready
to yell if you see that your requirements are not met.
On 08/20/2010 03:56 PM, Ted Ts'o wrote:
So I'm bit at a list what's the whole point of this patch series.
Could you explain that
- Kyle Moffett k...@moffetthome.net wrote:
On Fri, Aug 20, 2010 at 04:45, Miloslav Trmač m...@redhat.com
wrote:
* ioctl(NCRIO_KEY_INIT) to allocate a key object; then generate the key
material inside the kernel, load a plaintext key, unwrap a key, or
derive a key. Similarly the key
Nikos Mavrogiannopoulos n...@gnutls.org wrote:
It is not that simple. My understanding of the keyring API is that it
allows exporting of the keys to user-space and this crypto API
explicitly prevents that
That's simple. Don't provide a read() key type operation, then.
David
--
To
2010/8/20 Stefan Richter stef...@s5r6.in-berlin.de:
+struct ncr_session_input_data {
+ const void __user *data;
+ __kernel_size_t data_size;
+};
+
+};
Why not using fixed-size fit-all members?
struct ncr_session_input_data {
__u64 data; /* user pointer, cast
- Stefan Richter stef...@s5r6.in-berlin.de wrote:
Miloslav Trmač wrote:
--- /dev/null
+++ b/include/linux/ncr.h
[...]
+struct ncr_session_input_data {
+ const void __user *data;
+ __kernel_size_t data_size;
+};
Why not using fixed-size fit-all members?
struct
On Fri, Aug 20, 2010 at 04:45, Miloslav Trmač m...@redhat.com wrote:
This patch introduces the new user-space API, ncr.h.
Quick overview:
* open(/dev/crypto) to get a FD, which acts as a namespace for key and
session identifiers.
* ioctl(NCRIO_KEY_INIT) to allocate a key object; then
This patch introduces the new user-space API, ncr.h.
Quick overview:
* open(/dev/crypto) to get a FD, which acts as a namespace for key and
session identifiers.
* ioctl(NCRIO_KEY_INIT) to allocate a key object; then generate the key
material inside the kernel, load a plaintext key, unwrap a
Miloslav Trmač wrote:
--- /dev/null
+++ b/include/linux/ncr.h
[...]
+struct ncr_session_input_data {
+ const void __user *data;
+ __kernel_size_t data_size;
+};
+
+struct ncr_session_output_buffer {
+ void __user *buffer;
+ __kernel_size_t buffer_size;
+
On Fri, 20 Aug 2010 10:45:44 +0200 Miloslav Trmač wrote:
+#define NCRIO_KEY_INIT _IO('c', 204)
+/* generate a secret key */
+#define NCRIO_KEY_GENERATE _IOWR('c', 205, struct ncr_key_generate)
+/* generate a public key pair */
+#define NCRIO_KEY_GENERATE_PAIR
16 matches
Mail list logo