From: Tadeusz Struk <tadeusz.struk@intel.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
Stephan Mueller <smueller@chronox.de>
Cc: linux-crypto <linux-crypto@vger.kernel.org>,
"Marcel Holtmann" <marcel@holtmann.org>,
"Horia Geantă" <horia.geanta@freescale.com>
Subject: Re: akcipher API: plans
Date: Wed, 26 Aug 2015 12:39:52 -0700 [thread overview]
Message-ID: <55DE1608.1010606@intel.com> (raw)
In-Reply-To: <20150826135156.GA24618@gondor.apana.org.au>
Hi,
On 08/26/2015 06:51 AM, Herbert Xu wrote:
>> - Type of input data: currently, the akcipher API uses linear buffers. The
>> > question was raised to convert it to scatter lists. Linear buffers were seen
>> > as appropriate as the data to be operated on is usually quite small. However,
>> > some hardware seems to support scatter lists (CAAM was mentioned).
> I think an SG interface makes sense even if today's algorithms
> don't need it. The user-space interface is naturally SG based
> for example.
>
>> > - Split of setkey into public/private setkey function. The current
>> > implementation provides ASN.1 structure that allows setting all three
>> > components forming a public and private key. However, considering the next
>> > bullet, a split int pub/priv key may need to be considered.
> I think this makes sense too.
>
>> > - Structure of keys: The current ASN.1 structure is used solely in the kernel.
>> > Thus, DER keys generated in user space (like by OpenSSL) can only be loaded
>> > after a conversion. To support such DER keys out of the box, I think only the
>> > ASN.1 definition must be changed. In addition, the setkey function must be
>> > split as the ASN.1 structures of a DER pub and private key are completely
>> > different.
> Ditto.
So I'll rework the API to accommodate your suggestion. I don't really see how sgl
support would be beneficial for buffers that will never be bigger that one page
(in most cases they will not be bigger than 512 bytes) but if you think that the
way to go I fine with that. The split for private and public set_key functions,
even though is not needed for RSA (I think) might be required for other asymmetric
algorithms, so I'll change it.
For RSA I still think I can get both working on existing interface and with
the same ASN.1 definition.
Thanks for your feedback.
T
prev parent reply other threads:[~2015-08-26 19:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-26 8:38 akcipher API: plans Stephan Mueller
2015-08-26 13:51 ` Herbert Xu
2015-08-26 19:39 ` Tadeusz Struk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55DE1608.1010606@intel.com \
--to=tadeusz.struk@intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@freescale.com \
--cc=linux-crypto@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).