From: "Horia Geantă" <horia.geanta@freescale.com>
To: Tadeusz Struk <tadeusz.struk@intel.com>, <herbert@gondor.apana.org.au>
Cc: <corbet@lwn.net>, <keescook@chromium.org>, <qat-linux@intel.com>,
<jwboyer@redhat.com>, <richard@nod.at>, <d.kasatkin@samsung.com>,
<linux-kernel@vger.kernel.org>, <steved@redhat.com>,
<dhowells@redhat.com>, <vgoyal@redhat.com>,
<james.l.morris@oracle.com>, <jkosina@suse.cz>,
<zohar@linux.vnet.ibm.com>, <davem@davemloft.net>,
<jdelvare@suse.de>, <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API
Date: Mon, 4 May 2015 16:16:01 +0300 [thread overview]
Message-ID: <55477111.2050803@freescale.com> (raw)
In-Reply-To: <20150430223647.10157.82156.stgit@tstruk-mobl1>
On 5/1/2015 1:36 AM, Tadeusz Struk wrote:
> This patch set introduces a Public Key Encryption API.
> What is proposed is a new crypto type called crypto_pke_type
> plus new struct pke_alg and struct pke_tfm together with number
> of helper functions to register pke type algorithms and allocate
> tfm instances. This is to make it similar to how the existing crypto
> API works for the ablkcipher, ahash, and aead types.
> The operations the new interface will allow to provide are:
>
> int (*sign)(struct pke_request *pkereq);
> int (*verify)(struct pke_request *pkereq);
> int (*encrypt)(struct pke_request *pkereq);
> int (*decrypt)(struct pke_request *pkereq);
Where would be the proper place for keygen operation?
>
> The benefits it gives comparing to the struct public_key_algorithm
> interface are:
> - drivers can add many implementations of RSA or DSA
> algorithms and user will allocate instances (tfms) of these, base on
> algorithm priority, in the same way as it is with the symmetric ciphers.
> - the new interface allows for asynchronous implementations that
> can use crypto hardware to offload the calculations to.
> - integrating it with linux crypto api allows using all its benefits
> i.e. managing algorithms using NETLINK_CRYPTO, monitoring implementations
> using /proc/crypto. etc
>
> New helper functions have been added to allocate pke_tfm instances
> and invoke the operations to make it easier to use.
> For instance to verify a public_signature against a public_key using
> the RSA algorithm a user would do:
>
> struct crypto_pke *tfm = crypto_alloc_pke("rsa", 0, 0);
> struct pke_request *req = pke_request_alloc(tfm, GFP_KERNEL);
> pke_request_set_crypt(req, pub_key, signature);
> int ret = crypto_pke_verify(req);
> pke_request_free(req);
> crypto_free_pke(tfm);
> return ret;
>
> Additionally existing public_key and rsa code have been reworked to
> use the new interface for verifying signed modules.
> As part of the rework the enum pkey_algo has been removed as the algorithm
> to allocate will be indicated by a string - for instance "rsa" or "dsa",
> similarly as it is with the symmetric algs e.g. "aes".
> It will also make it easier to extend in the future when new algorithms
> will be added.
AFAICT algorithms currently map to primitives + encoding methods, which
is not flexible. For e.g. current RSA implementation hardcodes the
PKCS1-v1_5 encoding method, making it hard to add OAEP(+) etc.
One solution would be to map algorithms to primitives only. Encoding
methods need to be abstracted somehow, maybe using templates to wrap the
algorithms.
Regards,
Horia
next prev parent reply other threads:[~2015-05-04 13:16 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-30 22:36 [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API Tadeusz Struk
2015-04-30 22:36 ` [PATCH RFC 1/2] crypto: add PKE API Tadeusz Struk
2015-04-30 22:43 ` Herbert Xu
2015-04-30 23:04 ` Tadeusz Struk
2015-05-01 7:24 ` Stephan Mueller
2015-05-01 17:30 ` Tadeusz Struk
2015-04-30 22:36 ` [PATCH RFC 2/2] crypto: RSA: KEYS: convert rsa and public key to new " Tadeusz Struk
2015-05-01 8:47 ` [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API Jean Delvare
2015-05-01 17:32 ` Tadeusz Struk
2015-05-01 15:53 ` David Howells
2015-05-01 16:04 ` [PATCH RFC 1/2] crypto: add PKE API David Howells
2015-05-01 18:17 ` Tadeusz Struk
2015-05-03 0:07 ` Herbert Xu
2015-05-04 19:26 ` Tadeusz Struk
2015-05-05 1:33 ` Herbert Xu
2015-05-01 16:21 ` [PATCH RFC 2/2] crypto: RSA: KEYS: convert rsa and public key to new " David Howells
2015-05-01 19:27 ` Tadeusz Struk
2015-05-04 13:16 ` Horia Geantă [this message]
2015-05-04 20:42 ` [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API Tadeusz Struk
2015-05-06 11:31 ` Horia Geantă
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55477111.2050803@freescale.com \
--to=horia.geanta@freescale.com \
--cc=corbet@lwn.net \
--cc=d.kasatkin@samsung.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=james.l.morris@oracle.com \
--cc=jdelvare@suse.de \
--cc=jkosina@suse.cz \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=qat-linux@intel.com \
--cc=richard@nod.at \
--cc=steved@redhat.com \
--cc=tadeusz.struk@intel.com \
--cc=vgoyal@redhat.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).