lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 28 May 2015 12:08:56 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Tadeusz Struk <tadeusz.struk@...el.com>
Cc:	Linux Kernel Developers List <linux-kernel@...r.kernel.org>,
	keescook@...omium.org, jwboyer@...hat.com, richard@....at,
	steved@...hat.com, qat-linux@...el.com, dhowells@...hat.com,
	linux-crypto@...r.kernel.org, james.l.morris@...cle.com,
	jkosina@...e.cz, zohar@...ux.vnet.ibm.com, davem@...emloft.net,
	vgoyal@...hat.com
Subject: Re: [PATCH RFC v2 1/2] crypto: add PKE API

On Sat, May 23, 2015 at 07:20:15AM -0700, Tadeusz Struk wrote:
>
> The length would be redundant. It can be obtained by sg_nents(reg->inparams)
> I don't limit the number of parameters. You can pass as many as you want. For instance to pass 3 in and 2 out you do:
> 
> 	struct scatterlist in[3];
> 	struct scatterlist out[2];
> 
> 	sg_init_table(in, 3);
> 	sg_init_table(out, 2);
> 
> 	sg_set_buf(in, first_in_param, len_of_first_in_param);
> 	sg_set_buf(in + 1, second_in_param, len_of_second_in_param);
> 	sg_set_buf(in + 2, third_in_param, len_of_third_in_param);
> 		
> 	sg_set_buf(out, first_out_param, len_of_first_out_param);
> 	sg_set_buf(out + 1, second_out_param, len_of_second_out_param);
> 
> 	akcipher_request_set_crypt(req, &in, &out);
> 
> The limitation here is that one parameter can not span multiple sgs. This should be ok as they will never be bigger than one page.
> In fact MPI limits it to 2K max with #define MAX_EXTERN_MPI_BITS 16384.
> I'm ok to rename it to src and dst.

Do you have a specific piece of hardware in mind? What are its
capabilities?

If we are going to go with just contiguous memory then we might
as well just do u8 *src, *dst, unsigned int slen, dlen.

The whole point of the SG complexity is to deal with non-contiguous
memory (e.g., fragmented packets with IPsec).  If you can't do that
then why add the SG complexity?

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ