Re: [PATCH RFC v2 1/2] crypto: add PKE API

Fri, 22 May 2015 22:48:15 -0700 

On Fri, May 22, 2015 at 11:37:49AM -0700, Tadeusz Struk wrote:
>
> /**
>  * struct akcipher_request - public key request
>  *
>  * @base:     Common attributes for async crypto requests
>  * @inparams: scatterlist of input parameters (one ent per parameter)
>  *            for the operation as defined in RFC.
>  *            For instance for rsa encrypt only one input param is required,
>  *            (i.e. 'm' - message) as specified in RFC3447 sec 5.1.1
>  *            (Note: the key belongs to the tfm)
>  * @outparams:        scatterlist of output parameters (one ent per parameter)
>  *            for the operation as defined in RFC.
>  *            For instance for rsa encrypt only one output param will be
>  *            produced (i.e. 'c' - cipher text) as specified in
>  *            RFC3447 sec 5.1.1
>  *
>  * @__ctx:    Start of private context data
>  */
> struct akcipher_request {
>       struct crypto_async_request base;
>       struct scatterlist *inparams;
>       struct scatterlist *outparams;
>       void *__ctx[] CRYPTO_MINALIGN_ATTR;
> };

I think you should rename them to src/dst and add a length argument.
Limiting them to one entry also seems strange.  When do you need more
one parameter?

> /**
>  * struct akcipher_alg - generic public key algorithm
>  *
>  * @sign:     Function performs a sign operation as defined by public key
>  *            algorithm
>  * @verify:   Function performs a sign operation as defined by public key
>  *            algorithm
>  * @encrypt:  Function performs an encrypt operation as defined by public key
>  *            algorithm
>  * @decrypt:  Function performs a decrypt operation as defined by public key
>  *            algorithm
>  * @reqsize:  Request context size required by algorithm implementation
>  *
>  * @base:     Common crypto API algorithm data structure
>  */
> struct akcipher_alg {
>       int (*sign)(struct akcipher_request *req);
>       int (*verify)(struct akcipher_request *req);
>       int (*encrypt)(struct akcipher_request *req);
>       int (*decrypt)(struct akcipher_request *req);

Looks good.  You'll also need a setkey (or perhaps two) function.

Thanks,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to