lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150604064929.GA22158@gondor.apana.org.au>
Date:	Thu, 4 Jun 2015 14:49:29 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Tadeusz Struk <tadeusz.struk@...el.com>
Cc:	linux-kernel@...r.kernel.org, keescook@...omium.org,
	jwboyer@...hat.com, richard@....at, steved@...hat.com,
	qat-linux@...el.com, dhowells@...hat.com,
	linux-crypto@...r.kernel.org, james.l.morris@...cle.com,
	jkosina@...e.cz, zohar@...ux.vnet.ibm.com, davem@...emloft.net,
	vgoyal@...hat.com
Subject: Re: [PATCH RFC v3 1/3] crypto: add PKE API

On Wed, Jun 03, 2015 at 03:44:08PM -0700, Tadeusz Struk wrote:
>
> +/**
> + * struct akcipher_alg - generic public key algorithm
> + *
> + * @sign:	Function performs a sign operation as defined by public key
> + *		algorithm
> + * @verify:	Function performs a sign operation as defined by public key
> + *		algorithm
> + * @encrypt:	Function performs an encrytp operation as defined by public key
> + *		algorithm
> + * @decrypt:	Function performs a decrypt operation as defined by public key
> + *		algorithm
> + * @reqsize:	Request context size required by algorithm implementation
> + * @base:	Common crypto API algorithm data structure
> + */
> +struct akcipher_alg {
> +	int (*sign)(struct akcipher_request *req);
> +	int (*verify)(struct akcipher_request *req);
> +	int (*encrypt)(struct akcipher_request *req);
> +	int (*decrypt)(struct akcipher_request *req);
> +
> +	unsigned int reqsize;
> +	struct crypto_alg base;
> +};

Because the caller is going to be allocating memory for the output,
we need to provide a way for them to know how much memory to
allocate.

This presumably will depend on the key size.

So something like

	int (*maxsize)(struct crypto_akcipher *tfm);

is needed.

You should also provide setkey here.  You can't just save a pointer
to the key.  The transform must hold the key physically as the
original may go away.  It should also ensure that the key is
actually valid for the transform.

> +/**
> + * struct crypto_akcipher - user-instantiated objects which encapsulate
> + * algorithms and core processing logic
> + *
> + * @base:	Common crypto API algorithm data structure
> + * @pkey:	Key representation. Note: this can be both public or private
> + *		key, depending on the operation.
> + * @__ctx:	Start of private context data
> + */
> +struct crypto_akcipher {
> +	struct crypto_tfm base;
> +	const struct public_key *pkey;
> +	void *__ctx[] CRYPTO_MINALIGN_ATTR;
> +};

base already has ctx so you should get rid of ctx and move base
to the end of the struct.

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ