From: "Horia Geantă" <horia.geanta@freescale.com>
To: Herbert Xu <herbert@gondor.hengli.com.au>,
David Howells <dhowells@redhat.com>,
James Morris - <james.l.morris@oracle.com>
Cc: "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
Kim Phillips <kim.phillips@freescale.com>
Subject: Asymmetric cryptography HW offloading
Date: Mon, 23 Sep 2013 15:31:29 +0300 [thread overview]
Message-ID: <524034A1.70204@freescale.com> (raw)
Hi,
CAAM crypto engine (drivers/crypto/caam/*) is capable of asymmetric
operations, like: modular exponentiation, RSA
sign/verify/encrypt/decrypt, (EC)DSA sign etc.
I would appreciate some design guidelines on how to harness these
capabilities, for crypto engines in general.
1. In-kernel interface for asymmetric crypto
Should crypto/asymmetric_keys/* be used, i.e. appended with modular
exponentiation, other asymmetric operations? I am asking since this
seems to be closer to key management than to asymmetric crypto...
If so, should an algorithm priority be defined, similar to Crypto API
interface for symmetric algos (so that for e.g. a HW implementation of
RSA verify would be preferred over a SW implementation)? Currently
interface does not allow for two or more implementers of the same
algo/operation.
Currently, SW implementation of modular exponentiation - mpi_powm() - is
used by crypto/asymmetric_keys/rsa.c and lib/digsig.c. AFAICT, its users
could benefit from a HW-accelerated version.
2. User space interface
Should AF_ALG be expanded to provide access to this new asymmetric cypto
API?
The API would allow user space applications to offload PKC operations in HW.
Possible use: offloading compute-intensive parts of TLS handshake, IKE.
Thanks,
Horia
next reply other threads:[~2013-09-23 12:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-23 12:31 Horia Geantă [this message]
2013-09-23 13:28 ` Asymmetric cryptography HW offloading Nikos Mavrogiannopoulos
2013-09-27 10:58 ` Horia Geantă
2013-09-29 17:50 ` Nikos Mavrogiannopoulos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=524034A1.70204@freescale.com \
--to=horia.geanta@freescale.com \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.hengli.com.au \
--cc=james.l.morris@oracle.com \
--cc=kim.phillips@freescale.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.