lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 23 May 2015 07:20:15 -0700
From:	Tadeusz Struk <tadeusz.struk@...el.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>
CC:	Linux Kernel Developers List <linux-kernel@...r.kernel.org>,
	keescook@...omium.org, jwboyer@...hat.com, richard@....at,
	steved@...hat.com, qat-linux@...el.com, dhowells@...hat.com,
	linux-crypto@...r.kernel.org, james.l.morris@...cle.com,
	jkosina@...e.cz, zohar@...ux.vnet.ibm.com, davem@...emloft.net,
	vgoyal@...hat.com
Subject: Re: [PATCH RFC v2 1/2] crypto: add PKE API

On 05/22/2015 10:47 PM, Herbert Xu wrote:
>> struct akcipher_request {
>> > 	struct crypto_async_request base;
>> > 	struct scatterlist *inparams;
>> > 	struct scatterlist *outparams;
>> > 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
>> > };
> I think you should rename them to src/dst and add a length argument.
> Limiting them to one entry also seems strange.  When do you need more
> one parameter?

The length would be redundant. It can be obtained by sg_nents(reg->inparams)
I don't limit the number of parameters. You can pass as many as you want. For instance to pass 3 in and 2 out you do:

	struct scatterlist in[3];
	struct scatterlist out[2];

	sg_init_table(in, 3);
	sg_init_table(out, 2);

	sg_set_buf(in, first_in_param, len_of_first_in_param);
	sg_set_buf(in + 1, second_in_param, len_of_second_in_param);
	sg_set_buf(in + 2, third_in_param, len_of_third_in_param);
		
	sg_set_buf(out, first_out_param, len_of_first_out_param);
	sg_set_buf(out + 1, second_out_param, len_of_second_out_param);

	akcipher_request_set_crypt(req, &in, &out);

The limitation here is that one parameter can not span multiple sgs. This should be ok as they will never be bigger than one page.
In fact MPI limits it to 2K max with #define MAX_EXTERN_MPI_BITS 16384.
I'm ok to rename it to src and dst.

> 
>> struct akcipher_alg {
>> > 	int (*sign)(struct akcipher_request *req);
>> > 	int (*verify)(struct akcipher_request *req);
>> > 	int (*encrypt)(struct akcipher_request *req);
>> > 	int (*decrypt)(struct akcipher_request *req);
> Looks good.  You'll also need a setkey (or perhaps two) function.

I have these two:

/**
 * crypto_akcipher_setkey() -- assign a public key to an AKCIPHER tfm handle
 *
 * @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
 * @pkey: public key
 */
static inline void crypto_akcipher_setkey(struct crypto_akcipher *tfm,
					  const struct public_key *pkey);

/**
 * crypto_akcipher_getkey() -- obtain a public key from an AKCIPHER tfm handle
 *
 * @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
 *
 * Return: public key
 */
static inline const struct public_key *crypto_akcipher_getkey(
	struct crypto_akcipher *tfm);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ