From: Jean Delvare <jdelvare@suse.de>
To: Tadeusz Struk <tadeusz.struk@intel.com>
Cc: herbert@gondor.apana.org.au, corbet@lwn.net,
keescook@chromium.org, qat-linux@intel.com, jwboyer@redhat.com,
richard@nod.at, d.kasatkin@samsung.com,
linux-kernel@vger.kernel.org, steved@redhat.com,
dhowells@redhat.com, vgoyal@redhat.com,
james.l.morris@oracle.com, jkosina@suse.cz,
zohar@linux.vnet.ibm.com, davem@davemloft.net,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API
Date: Fri, 1 May 2015 10:47:51 +0200 [thread overview]
Message-ID: <20150501104751.53f992cf@endymion.delvare> (raw)
In-Reply-To: <20150430223647.10157.82156.stgit@tstruk-mobl1>
I have nothing to do with this, please drop me from Cc.
Thanks,
Jean
On Thu, 30 Apr 2015 15:36:47 -0700, Tadeusz Struk wrote:
> This patch set introduces a Public Key Encryption API.
> What is proposed is a new crypto type called crypto_pke_type
> plus new struct pke_alg and struct pke_tfm together with number
> of helper functions to register pke type algorithms and allocate
> tfm instances. This is to make it similar to how the existing crypto
> API works for the ablkcipher, ahash, and aead types.
> The operations the new interface will allow to provide are:
>
> int (*sign)(struct pke_request *pkereq);
> int (*verify)(struct pke_request *pkereq);
> int (*encrypt)(struct pke_request *pkereq);
> int (*decrypt)(struct pke_request *pkereq);
>
> The benefits it gives comparing to the struct public_key_algorithm
> interface are:
> - drivers can add many implementations of RSA or DSA
> algorithms and user will allocate instances (tfms) of these, base on
> algorithm priority, in the same way as it is with the symmetric ciphers.
> - the new interface allows for asynchronous implementations that
> can use crypto hardware to offload the calculations to.
> - integrating it with linux crypto api allows using all its benefits
> i.e. managing algorithms using NETLINK_CRYPTO, monitoring implementations
> using /proc/crypto. etc
>
> New helper functions have been added to allocate pke_tfm instances
> and invoke the operations to make it easier to use.
> For instance to verify a public_signature against a public_key using
> the RSA algorithm a user would do:
>
> struct crypto_pke *tfm = crypto_alloc_pke("rsa", 0, 0);
> struct pke_request *req = pke_request_alloc(tfm, GFP_KERNEL);
> pke_request_set_crypt(req, pub_key, signature);
> int ret = crypto_pke_verify(req);
> pke_request_free(req);
> crypto_free_pke(tfm);
> return ret;
>
> Additionally existing public_key and rsa code have been reworked to
> use the new interface for verifying signed modules.
> As part of the rework the enum pkey_algo has been removed as the algorithm
> to allocate will be indicated by a string - for instance "rsa" or "dsa",
> similarly as it is with the symmetric algs e.g. "aes".
> It will also make it easier to extend in the future when new algorithms
> will be added.
> ---
> Tadeusz Struk (2):
> crypto: add PKE API
> crypto: RSA: KEYS: convert rsa and public key to new PKE API
>
>
> Documentation/crypto/asymmetric-keys.txt | 10 +-
> crypto/Kconfig | 6 +
> crypto/Makefile | 1
> crypto/asymmetric_keys/Kconfig | 1
> crypto/asymmetric_keys/pkcs7_parser.c | 4 -
> crypto/asymmetric_keys/pkcs7_trust.c | 2
> crypto/asymmetric_keys/pkcs7_verify.c | 5 -
> crypto/asymmetric_keys/public_key.c | 73 +++++++----
> crypto/asymmetric_keys/public_key.h | 36 -----
> crypto/asymmetric_keys/rsa.c | 47 ++++++-
> crypto/asymmetric_keys/x509_cert_parser.c | 14 ++
> crypto/asymmetric_keys/x509_public_key.c | 14 +-
> crypto/crypto_user.c | 23 +++
> crypto/pke.c | 114 +++++++++++++++++
> include/crypto/algapi.h | 6 +
> include/crypto/public_key.h | 24 +---
> include/linux/crypto.h | 191 +++++++++++++++++++++++++++++
> include/linux/cryptouser.h | 7 +
> kernel/module_signing.c | 9 +
> 19 files changed, 471 insertions(+), 116 deletions(-)
> delete mode 100644 crypto/asymmetric_keys/public_key.h
> create mode 100644 crypto/pke.c
>
next prev parent reply other threads:[~2015-05-01 8:48 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-30 22:36 [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API Tadeusz Struk
2015-04-30 22:36 ` [PATCH RFC 1/2] crypto: add PKE API Tadeusz Struk
2015-04-30 22:43 ` Herbert Xu
2015-04-30 23:04 ` Tadeusz Struk
2015-05-01 7:24 ` Stephan Mueller
2015-05-01 17:30 ` Tadeusz Struk
2015-04-30 22:36 ` [PATCH RFC 2/2] crypto: RSA: KEYS: convert rsa and public key to new " Tadeusz Struk
2015-05-01 8:47 ` Jean Delvare [this message]
2015-05-01 17:32 ` [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API Tadeusz Struk
2015-05-01 15:53 ` David Howells
2015-05-01 16:04 ` [PATCH RFC 1/2] crypto: add PKE API David Howells
2015-05-01 18:17 ` Tadeusz Struk
2015-05-03 0:07 ` Herbert Xu
2015-05-04 19:26 ` Tadeusz Struk
2015-05-05 1:33 ` Herbert Xu
2015-05-01 16:21 ` [PATCH RFC 2/2] crypto: RSA: KEYS: convert rsa and public key to new " David Howells
2015-05-01 19:27 ` Tadeusz Struk
2015-05-04 13:16 ` [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API Horia Geantă
2015-05-04 20:42 ` Tadeusz Struk
2015-05-06 11:31 ` Horia Geantă
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150501104751.53f992cf@endymion.delvare \
--to=jdelvare@suse.de \
--cc=corbet@lwn.net \
--cc=d.kasatkin@samsung.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=james.l.morris@oracle.com \
--cc=jkosina@suse.cz \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=qat-linux@intel.com \
--cc=richard@nod.at \
--cc=steved@redhat.com \
--cc=tadeusz.struk@intel.com \
--cc=vgoyal@redhat.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).