[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55608C9F.7040500@intel.com>
Date: Sat, 23 May 2015 07:20:15 -0700
From: Tadeusz Struk <tadeusz.struk@...el.com>
To: Herbert Xu <herbert@...dor.apana.org.au>
CC: Linux Kernel Developers List <linux-kernel@...r.kernel.org>,
keescook@...omium.org, jwboyer@...hat.com, richard@....at,
steved@...hat.com, qat-linux@...el.com, dhowells@...hat.com,
linux-crypto@...r.kernel.org, james.l.morris@...cle.com,
jkosina@...e.cz, zohar@...ux.vnet.ibm.com, davem@...emloft.net,
vgoyal@...hat.com
Subject: Re: [PATCH RFC v2 1/2] crypto: add PKE API
On 05/22/2015 10:47 PM, Herbert Xu wrote:
>> struct akcipher_request {
>> > struct crypto_async_request base;
>> > struct scatterlist *inparams;
>> > struct scatterlist *outparams;
>> > void *__ctx[] CRYPTO_MINALIGN_ATTR;
>> > };
> I think you should rename them to src/dst and add a length argument.
> Limiting them to one entry also seems strange. When do you need more
> one parameter?
The length would be redundant. It can be obtained by sg_nents(reg->inparams)
I don't limit the number of parameters. You can pass as many as you want. For instance to pass 3 in and 2 out you do:
struct scatterlist in[3];
struct scatterlist out[2];
sg_init_table(in, 3);
sg_init_table(out, 2);
sg_set_buf(in, first_in_param, len_of_first_in_param);
sg_set_buf(in + 1, second_in_param, len_of_second_in_param);
sg_set_buf(in + 2, third_in_param, len_of_third_in_param);
sg_set_buf(out, first_out_param, len_of_first_out_param);
sg_set_buf(out + 1, second_out_param, len_of_second_out_param);
akcipher_request_set_crypt(req, &in, &out);
The limitation here is that one parameter can not span multiple sgs. This should be ok as they will never be bigger than one page.
In fact MPI limits it to 2K max with #define MAX_EXTERN_MPI_BITS 16384.
I'm ok to rename it to src and dst.
>
>> struct akcipher_alg {
>> > int (*sign)(struct akcipher_request *req);
>> > int (*verify)(struct akcipher_request *req);
>> > int (*encrypt)(struct akcipher_request *req);
>> > int (*decrypt)(struct akcipher_request *req);
> Looks good. You'll also need a setkey (or perhaps two) function.
I have these two:
/**
* crypto_akcipher_setkey() -- assign a public key to an AKCIPHER tfm handle
*
* @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
* @pkey: public key
*/
static inline void crypto_akcipher_setkey(struct crypto_akcipher *tfm,
const struct public_key *pkey);
/**
* crypto_akcipher_getkey() -- obtain a public key from an AKCIPHER tfm handle
*
* @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
*
* Return: public key
*/
static inline const struct public_key *crypto_akcipher_getkey(
struct crypto_akcipher *tfm);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists