Re: [PATCH RFC v3 1/3] crypto: add PKE API

2015-06-04 Thread Tadeusz Struk 
Hi Herbert,
On 06/03/2015 11:49 PM, Herbert Xu wrote:
> Because the caller is going to be allocating memory for the output,
> we need to provide a way for them to know how much memory to
> allocate.
> 
> This presumably will depend on the key size.
> 
> So something like
> 
>   int (*maxsize)(struct crypto_akcipher *tfm);
> 
> is needed.
> 
> You should also provide setkey here.  You can't just save a pointer
> to the key.  The transform must hold the key physically as the
> original may go away.  It should also ensure that the key is
> actually valid for the transform.
> 
> base already has ctx so you should get rid of ctx and move base
> to the end of the struct.

right, will do that.
Thanks for quick response.




--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH RFC v3 1/3] crypto: add PKE API

2015-06-03 Thread Herbert Xu 
On Wed, Jun 03, 2015 at 03:44:08PM -0700, Tadeusz Struk wrote:
>
> +/**
> + * struct akcipher_alg - generic public key algorithm
> + *
> + * @sign:Function performs a sign operation as defined by public key
> + *   algorithm
> + * @verify:  Function performs a sign operation as defined by public key
> + *   algorithm
> + * @encrypt: Function performs an encrytp operation as defined by public key
> + *   algorithm
> + * @decrypt: Function performs a decrypt operation as defined by public key
> + *   algorithm
> + * @reqsize: Request context size required by algorithm implementation
> + * @base:Common crypto API algorithm data structure
> + */
> +struct akcipher_alg {
> + int (*sign)(struct akcipher_request *req);
> + int (*verify)(struct akcipher_request *req);
> + int (*encrypt)(struct akcipher_request *req);
> + int (*decrypt)(struct akcipher_request *req);
> +
> + unsigned int reqsize;
> + struct crypto_alg base;
> +};

Because the caller is going to be allocating memory for the output,
we need to provide a way for them to know how much memory to
allocate.

This presumably will depend on the key size.

So something like

int (*maxsize)(struct crypto_akcipher *tfm);

is needed.

You should also provide setkey here.  You can't just save a pointer
to the key.  The transform must hold the key physically as the
original may go away.  It should also ensure that the key is
actually valid for the transform.

> +/**
> + * struct crypto_akcipher - user-instantiated objects which encapsulate
> + * algorithms and core processing logic
> + *
> + * @base:Common crypto API algorithm data structure
> + * @pkey:Key representation. Note: this can be both public or private
> + *   key, depending on the operation.
> + * @__ctx:   Start of private context data
> + */
> +struct crypto_akcipher {
> + struct crypto_tfm base;
> + const struct public_key *pkey;
> + void *__ctx[] CRYPTO_MINALIGN_ATTR;
> +};

base already has ctx so you should get rid of ctx and move base
to the end of the struct.

Cheers,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH RFC v3 1/3] crypto: add PKE API

2015-06-03 Thread Tadeusz Struk 
Add Public Key Encryption API.

Signed-off-by: Tadeusz Struk 
---
 crypto/Kconfig |6 +
 crypto/Makefile|1 
 crypto/akcipher.c  |  100 +++
 crypto/crypto_user.c   |   23 +++
 include/crypto/akcipher.h  |  385 
 include/linux/crypto.h |1 
 include/linux/cryptouser.h |6 +
 7 files changed, 522 insertions(+)
 create mode 100644 crypto/akcipher.c
 create mode 100644 include/crypto/akcipher.h

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 0ff4cd4..917f880 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -87,6 +87,12 @@ config CRYPTO_PCOMP2
tristate
select CRYPTO_ALGAPI2
 
+config CRYPTO_AKCIPHER
+   tristate "Public Key Algorithms API"
+   select CRYPTO_ALGAPI
+   help
+ Crypto API interface for public key algorithms.
+
 config CRYPTO_MANAGER
tristate "Cryptographic algorithm manager"
select CRYPTO_MANAGER2
diff --git a/crypto/Makefile b/crypto/Makefile
index 5db5b95..1ed2929 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -28,6 +28,7 @@ crypto_hash-y += shash.o
 obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o
 
 obj-$(CONFIG_CRYPTO_PCOMP2) += pcompress.o
+obj-$(CONFIG_CRYPTO_AKCIPHER) += akcipher.o
 
 cryptomgr-y := algboss.o testmgr.o
 
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
new file mode 100644
index 000..92da8da8
--- /dev/null
+++ b/crypto/akcipher.c
@@ -0,0 +1,100 @@
+/*
+ * Public Key Encryption
+ *
+ * Copyright (c) 2015, Intel Corporation
+ * Authors: Tadeusz Struk 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "internal.h"
+
+#ifdef CONFIG_NET
+static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
+{
+   struct crypto_report_akcipher rakcipher;
+
+   strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
+   strncpy(rakcipher.subtype, alg->cra_name, sizeof(rakcipher.subtype));
+
+   if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
+   sizeof(struct crypto_report_akcipher), &rakcipher))
+   goto nla_put_failure;
+   return 0;
+
+nla_put_failure:
+   return -EMSGSIZE;
+}
+#else
+static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
+{
+   return -ENOSYS;
+}
+#endif
+
+static void crypto_akcipher_show(struct seq_file *m, struct crypto_alg *alg)
+   __attribute__ ((unused));
+
+static void crypto_akcipher_show(struct seq_file *m, struct crypto_alg *alg)
+{
+   seq_puts(m, "type : akcipher\n");
+   seq_printf(m, "subtype  : %s\n", alg->cra_name);
+}
+
+static int crypto_akcipher_init(struct crypto_tfm *tfm)
+{
+   return 0;
+}
+
+static const struct crypto_type crypto_akcipher_type = {
+   .extsize = crypto_alg_extsize,
+   .init_tfm = crypto_akcipher_init,
+#ifdef CONFIG_PROC_FS
+   .show = crypto_akcipher_show,
+#endif
+   .report = crypto_akcipher_report,
+   .maskclear = ~CRYPTO_ALG_TYPE_MASK,
+   .maskset = CRYPTO_ALG_TYPE_MASK,
+   .type = CRYPTO_ALG_TYPE_AKCIPHER,
+   .tfmsize = offsetof(struct crypto_akcipher, base),
+};
+
+struct crypto_akcipher *crypto_alloc_akcipher(const char *alg_name, u32 type,
+ u32 mask)
+{
+   return crypto_alloc_tfm(alg_name, &crypto_akcipher_type, type, mask);
+}
+EXPORT_SYMBOL_GPL(crypto_alloc_akcipher);
+
+int crypto_register_akcipher(struct akcipher_alg *alg)
+{
+   struct crypto_alg *base = &alg->base;
+
+   base->cra_type = &crypto_akcipher_type;
+   base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
+   base->cra_flags |= CRYPTO_ALG_TYPE_AKCIPHER;
+   return crypto_register_alg(base);
+}
+EXPORT_SYMBOL_GPL(crypto_register_akcipher);
+
+void crypto_unregister_akcipher(struct akcipher_alg *alg)
+{
+   crypto_unregister_alg(&alg->base);
+}
+EXPORT_SYMBOL_GPL(crypto_unregister_akcipher);
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Generic public key cihper type");
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 41dfe76..508e71d 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -27,6 +27,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "internal.h"
 
@@ -110,6 +111,22 @@ nla_put_failure:
return -EMSGSIZE;
 }
 
+static int crypto_report_akcipher(struct sk_buff *skb, struct crypto_alg *alg)
+{
+   struct crypto_report_akcipher rakcipher;
+
+   strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
+   strncpy(rakcipher.subtype, alg->cra_name, sizeof(rakcipher.subtype));
+
+   if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
+   sizeof(