Linux cryptographic layer development
 help / color / mirror / Atom feed
From: Salvatore Benedetto <salvatore.benedetto@intel.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Subject: Re: [PATCH v5 1/3] crypto: Key-agreement Protocol Primitives API (KPP)
Date: Wed, 8 Jun 2016 12:45:47 +0100	[thread overview]
Message-ID: <20160608114547.GA26661@sbenedet-virtual-machine> (raw)
In-Reply-To: <20160608025451.GB12283@gondor.apana.org.au>

On Wed, Jun 08, 2016 at 10:54:51AM +0800, Herbert Xu wrote:
> On Thu, Jun 02, 2016 at 12:06:48PM +0000, Benedetto, Salvatore wrote:
> >
> > Off the top of my head, with ECDH when the user gets a EGAIN, he wants
> > to reset the secret key only, not the params.
> 
> I don't see any performance benefit in changing one and not the
> other.  Besides, you could always check the params in the algo
> and only update if necessary.
>

I'm OK with merging set_params and set_key and allow the user to
pass either both, or only the key in which case params previously
set are reused, although I don't see any particular benefit with this.

> > > >  * generate_public_key() - It generates the public key to be sent to
> > > >    the other counterpart involved in the key-agreement session. The
> > > >    function has to be called after set_params() and set_secret()
> > > >  * generate_secret() - It generates the shared secret for the session
> > > 
> > > Ditto, we only need one operation and that is multiplication by the secret.
> > 
> > Sorry, but I don't understand your point.
> > We do always need one math operation with different params.
> 
> Look at your actual implementations of DH and ECDH, they are the
> same except for the multiplicand, which is fixed to G for the
> public key.
> 
> Now you could argue that having to reparse G every time could be
> bad for performance, but that's easily fixed by making the case
> of a zero-length input value an implicit request to use G.
> 
> Even better, just drop G from the params and you won't need to
> reparse it or do anything special.
> 
> The point of all this is to make the lives of future driver authors
> simpler, the less they have to do the less that could go wrong.

I really would like to keep the interface as it is because it's
very clear what each function does. I'm OK with remapping both
function to the same one, and if src is zero, g/G will be used.

Keep in mind that while for DH g is always provided by the user,
for ECDH G is a public value which we already have and I don't see
why the user should pass that.

Having said that, are you OK with as far as the interface goes
to only merge set_param and set_key, and keeping the rest as it is?
For the implementation of DH and ECDH I'll merge the two operations
functions into one as you suggested. If so, I'll send a new version.

Thanks for your inputs.

Regards,
Salvatore

> Cheers,
> -- 
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

  reply	other threads:[~2016-06-08 12:15 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-09 21:40 [PATCH v5 0/3] Key-agreement Protocol Primitives (KPP) API Salvatore Benedetto
2016-05-09 21:40 ` [PATCH v5 1/3] crypto: Key-agreement Protocol Primitives API (KPP) Salvatore Benedetto
2016-05-31  6:42   ` Herbert Xu
2016-06-02 12:06     ` Benedetto, Salvatore
2016-06-08  2:54       ` Herbert Xu
2016-06-08 11:45         ` Salvatore Benedetto [this message]
2016-06-13  8:59           ` Herbert Xu
2016-05-09 21:40 ` [PATCH v5 2/3] crypto: kpp - Add DH software implementation Salvatore Benedetto
2016-05-31  6:52   ` Herbert Xu
2016-05-31  8:56     ` Benedetto, Salvatore
2016-05-09 21:40 ` [PATCH v5 3/3] crypto: kpp - Add ECDH software support Salvatore Benedetto
2016-05-31  6:55   ` Herbert Xu
2016-05-31  8:41     ` Benedetto, Salvatore
2016-05-10  7:02 ` [PATCH v5 0/3] Key-agreement Protocol Primitives (KPP) API Stephan Mueller
2016-05-10 12:49   ` Benedetto, Salvatore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160608114547.GA26661@sbenedet-virtual-machine \
    --to=salvatore.benedetto@intel.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox