Re: [RFC]: linux/drivers/compression

C. Scott Ananian (cananian@lcs.mit.edu)
Thu, 15 Jan 1998 23:58:15 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kirk Petersen: "kmod, the kerneld replacement"
Previous message: Michael L. Galbraith: "Re: kernel debugger"

On Thu, 15 Jan 1998, linux kernel account wrote:

> On Thu, 15 Jan 1998, C. Scott Ananian wrote:
>
> > IIRC, the linux kernel is *very* cautious about even *mentioning* any type
> > of crypto because of the *extremely stringent* French crypto laws.
> > Putting crypto hooks of any kind in the kernel could prevent French
> > citizens from using Linux.
>
> Whould these laws allow generic block translation hooks? I.e. a module
> could reg itself with loopback as being able to handle 'swapbytes'
> translation. The mount call could pass to the loop the name of the desired
> translation scheme and any possible options (like byte order)..

Hmm. Take a look at the standard kernel. I was surprised to see explicit
hooks for des and idea encryption. The method in which the encryption is
applied is not particularly well thought out, but it's there (along with
XOR "encryption", which seems to be export-safe).

What's missing is a way for modules to be loaded into the kernel to
support encryption.

I've got a patch set (originally written by Ian Goldberg) that patches up
the kernel and mount(8) with steganography support and a decent
passphrase interface, separated into "exportable" and "us-only" pieces.
It also fixed the xform functions for security (CBC mode used).
The "us-only" pieces only include the standard des and idea code
(linux/drivers/block/idea.c and linux/kernel/des.c). It wasn't included
in the standard kernel because (if I've understood correctly):
a) steganography is verboten. [I have trouble believing this.]
b) someone else claimed to have a "better" patch. I've never seen it.
Mine works fine.

A modules interface would probably be preferable to patching the kernel.
But until I know what happened to the rumored "standard" loopback
enhancements, I'm not touching the code, for fear that my efforts will be
thrown out again. Like I said, I've got a patch that works for me, so I'm
not particularly worked up about this.
--Scott
@ @
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-oOO-(_)-OOo-=-=-=-=-=
C. Scott Ananian: cananian@lcs.mit.edu / Declare the Truth boldly and
Laboratory for Computer Science/Crypto / without hindrance.
Massachusetts Institute of Technology /META-PARRESIAS AKOLUTOS:Acts 28:31
-.-. .-.. .. ..-. ..-. --- .-. -.. ... -.-. --- - - .- -. .- -. .. .- -.
PGP key available via finger and from http://www.pdos.lcs.mit.edu/~cananian

Next message: Kirk Petersen: "kmod, the kerneld replacement"
Previous message: Michael L. Galbraith: "Re: kernel debugger"