Re: [PATCH RFC v3 1/3] crypto: add PKE API
Hi Herbert, On 06/03/2015 11:49 PM, Herbert Xu wrote: > Because the caller is going to be allocating memory for the output, > we need to provide a way for them to know how much memory to > allocate. > > This presumably will depend on the key size. > > So something like > > int (*maxsize)(struct crypto_akcipher *tfm); > > is needed. > > You should also provide setkey here. You can't just save a pointer > to the key. The transform must hold the key physically as the > original may go away. It should also ensure that the key is > actually valid for the transform. > > base already has ctx so you should get rid of ctx and move base > to the end of the struct. right, will do that. Thanks for quick response. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH RFC v3 1/3] crypto: add PKE API
On Wed, Jun 03, 2015 at 03:44:08PM -0700, Tadeusz Struk wrote:
>
> +/**
> + * struct akcipher_alg - generic public key algorithm
> + *
> + * @sign:Function performs a sign operation as defined by public key
> + * algorithm
> + * @verify: Function performs a sign operation as defined by public key
> + * algorithm
> + * @encrypt: Function performs an encrytp operation as defined by public key
> + * algorithm
> + * @decrypt: Function performs a decrypt operation as defined by public key
> + * algorithm
> + * @reqsize: Request context size required by algorithm implementation
> + * @base:Common crypto API algorithm data structure
> + */
> +struct akcipher_alg {
> + int (*sign)(struct akcipher_request *req);
> + int (*verify)(struct akcipher_request *req);
> + int (*encrypt)(struct akcipher_request *req);
> + int (*decrypt)(struct akcipher_request *req);
> +
> + unsigned int reqsize;
> + struct crypto_alg base;
> +};
Because the caller is going to be allocating memory for the output,
we need to provide a way for them to know how much memory to
allocate.
This presumably will depend on the key size.
So something like
int (*maxsize)(struct crypto_akcipher *tfm);
is needed.
You should also provide setkey here. You can't just save a pointer
to the key. The transform must hold the key physically as the
original may go away. It should also ensure that the key is
actually valid for the transform.
> +/**
> + * struct crypto_akcipher - user-instantiated objects which encapsulate
> + * algorithms and core processing logic
> + *
> + * @base:Common crypto API algorithm data structure
> + * @pkey:Key representation. Note: this can be both public or private
> + * key, depending on the operation.
> + * @__ctx: Start of private context data
> + */
> +struct crypto_akcipher {
> + struct crypto_tfm base;
> + const struct public_key *pkey;
> + void *__ctx[] CRYPTO_MINALIGN_ATTR;
> +};
base already has ctx so you should get rid of ctx and move base
to the end of the struct.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH RFC v3 1/3] crypto: add PKE API
Hi Herbert, On 06/03/2015 11:49 PM, Herbert Xu wrote: Because the caller is going to be allocating memory for the output, we need to provide a way for them to know how much memory to allocate. This presumably will depend on the key size. So something like int (*maxsize)(struct crypto_akcipher *tfm); is needed. You should also provide setkey here. You can't just save a pointer to the key. The transform must hold the key physically as the original may go away. It should also ensure that the key is actually valid for the transform. base already has ctx so you should get rid of ctx and move base to the end of the struct. right, will do that. Thanks for quick response. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH RFC v3 1/3] crypto: add PKE API
On Wed, Jun 03, 2015 at 03:44:08PM -0700, Tadeusz Struk wrote:
+/**
+ * struct akcipher_alg - generic public key algorithm
+ *
+ * @sign:Function performs a sign operation as defined by public key
+ * algorithm
+ * @verify: Function performs a sign operation as defined by public key
+ * algorithm
+ * @encrypt: Function performs an encrytp operation as defined by public key
+ * algorithm
+ * @decrypt: Function performs a decrypt operation as defined by public key
+ * algorithm
+ * @reqsize: Request context size required by algorithm implementation
+ * @base:Common crypto API algorithm data structure
+ */
+struct akcipher_alg {
+ int (*sign)(struct akcipher_request *req);
+ int (*verify)(struct akcipher_request *req);
+ int (*encrypt)(struct akcipher_request *req);
+ int (*decrypt)(struct akcipher_request *req);
+
+ unsigned int reqsize;
+ struct crypto_alg base;
+};
Because the caller is going to be allocating memory for the output,
we need to provide a way for them to know how much memory to
allocate.
This presumably will depend on the key size.
So something like
int (*maxsize)(struct crypto_akcipher *tfm);
is needed.
You should also provide setkey here. You can't just save a pointer
to the key. The transform must hold the key physically as the
original may go away. It should also ensure that the key is
actually valid for the transform.
+/**
+ * struct crypto_akcipher - user-instantiated objects which encapsulate
+ * algorithms and core processing logic
+ *
+ * @base:Common crypto API algorithm data structure
+ * @pkey:Key representation. Note: this can be both public or private
+ * key, depending on the operation.
+ * @__ctx: Start of private context data
+ */
+struct crypto_akcipher {
+ struct crypto_tfm base;
+ const struct public_key *pkey;
+ void *__ctx[] CRYPTO_MINALIGN_ATTR;
+};
base already has ctx so you should get rid of ctx and move base
to the end of the struct.
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH RFC v3 1/3] crypto: add PKE API
Add Public Key Encryption API.
Signed-off-by: Tadeusz Struk
---
crypto/Kconfig |6 +
crypto/Makefile|1
crypto/akcipher.c | 100 +++
crypto/crypto_user.c | 23 +++
include/crypto/akcipher.h | 385
include/linux/crypto.h |1
include/linux/cryptouser.h |6 +
7 files changed, 522 insertions(+)
create mode 100644 crypto/akcipher.c
create mode 100644 include/crypto/akcipher.h
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 0ff4cd4..917f880 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -87,6 +87,12 @@ config CRYPTO_PCOMP2
tristate
select CRYPTO_ALGAPI2
+config CRYPTO_AKCIPHER
+ tristate "Public Key Algorithms API"
+ select CRYPTO_ALGAPI
+ help
+ Crypto API interface for public key algorithms.
+
config CRYPTO_MANAGER
tristate "Cryptographic algorithm manager"
select CRYPTO_MANAGER2
diff --git a/crypto/Makefile b/crypto/Makefile
index 5db5b95..1ed2929 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -28,6 +28,7 @@ crypto_hash-y += shash.o
obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o
obj-$(CONFIG_CRYPTO_PCOMP2) += pcompress.o
+obj-$(CONFIG_CRYPTO_AKCIPHER) += akcipher.o
cryptomgr-y := algboss.o testmgr.o
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
new file mode 100644
index 000..92da8da8
--- /dev/null
+++ b/crypto/akcipher.c
@@ -0,0 +1,100 @@
+/*
+ * Public Key Encryption
+ *
+ * Copyright (c) 2015, Intel Corporation
+ * Authors: Tadeusz Struk
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include "internal.h"
+
+#ifdef CONFIG_NET
+static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_report_akcipher rakcipher;
+
+ strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
+ strncpy(rakcipher.subtype, alg->cra_name, sizeof(rakcipher.subtype));
+
+ if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
+ sizeof(struct crypto_report_akcipher), ))
+ goto nla_put_failure;
+ return 0;
+
+nla_put_failure:
+ return -EMSGSIZE;
+}
+#else
+static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ return -ENOSYS;
+}
+#endif
+
+static void crypto_akcipher_show(struct seq_file *m, struct crypto_alg *alg)
+ __attribute__ ((unused));
+
+static void crypto_akcipher_show(struct seq_file *m, struct crypto_alg *alg)
+{
+ seq_puts(m, "type : akcipher\n");
+ seq_printf(m, "subtype : %s\n", alg->cra_name);
+}
+
+static int crypto_akcipher_init(struct crypto_tfm *tfm)
+{
+ return 0;
+}
+
+static const struct crypto_type crypto_akcipher_type = {
+ .extsize = crypto_alg_extsize,
+ .init_tfm = crypto_akcipher_init,
+#ifdef CONFIG_PROC_FS
+ .show = crypto_akcipher_show,
+#endif
+ .report = crypto_akcipher_report,
+ .maskclear = ~CRYPTO_ALG_TYPE_MASK,
+ .maskset = CRYPTO_ALG_TYPE_MASK,
+ .type = CRYPTO_ALG_TYPE_AKCIPHER,
+ .tfmsize = offsetof(struct crypto_akcipher, base),
+};
+
+struct crypto_akcipher *crypto_alloc_akcipher(const char *alg_name, u32 type,
+ u32 mask)
+{
+ return crypto_alloc_tfm(alg_name, _akcipher_type, type, mask);
+}
+EXPORT_SYMBOL_GPL(crypto_alloc_akcipher);
+
+int crypto_register_akcipher(struct akcipher_alg *alg)
+{
+ struct crypto_alg *base = >base;
+
+ base->cra_type = _akcipher_type;
+ base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
+ base->cra_flags |= CRYPTO_ALG_TYPE_AKCIPHER;
+ return crypto_register_alg(base);
+}
+EXPORT_SYMBOL_GPL(crypto_register_akcipher);
+
+void crypto_unregister_akcipher(struct akcipher_alg *alg)
+{
+ crypto_unregister_alg(>base);
+}
+EXPORT_SYMBOL_GPL(crypto_unregister_akcipher);
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Generic public key cihper type");
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 41dfe76..508e71d 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -27,6 +27,7 @@
#include
#include
#include
+#include
#include "internal.h"
@@ -110,6 +111,22 @@ nla_put_failure:
return -EMSGSIZE;
}
+static int crypto_report_akcipher(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_report_akcipher rakcipher;
+
+ strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
+ strncpy(rakcipher.subtype, alg->cra_name, sizeof(rakcipher.subtype));
+
+ if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
+ sizeof(struct crypto_report_akcipher),
[PATCH RFC v3 1/3] crypto: add PKE API
Add Public Key Encryption API.
Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com
---
crypto/Kconfig |6 +
crypto/Makefile|1
crypto/akcipher.c | 100 +++
crypto/crypto_user.c | 23 +++
include/crypto/akcipher.h | 385
include/linux/crypto.h |1
include/linux/cryptouser.h |6 +
7 files changed, 522 insertions(+)
create mode 100644 crypto/akcipher.c
create mode 100644 include/crypto/akcipher.h
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 0ff4cd4..917f880 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -87,6 +87,12 @@ config CRYPTO_PCOMP2
tristate
select CRYPTO_ALGAPI2
+config CRYPTO_AKCIPHER
+ tristate Public Key Algorithms API
+ select CRYPTO_ALGAPI
+ help
+ Crypto API interface for public key algorithms.
+
config CRYPTO_MANAGER
tristate Cryptographic algorithm manager
select CRYPTO_MANAGER2
diff --git a/crypto/Makefile b/crypto/Makefile
index 5db5b95..1ed2929 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -28,6 +28,7 @@ crypto_hash-y += shash.o
obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o
obj-$(CONFIG_CRYPTO_PCOMP2) += pcompress.o
+obj-$(CONFIG_CRYPTO_AKCIPHER) += akcipher.o
cryptomgr-y := algboss.o testmgr.o
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
new file mode 100644
index 000..92da8da8
--- /dev/null
+++ b/crypto/akcipher.c
@@ -0,0 +1,100 @@
+/*
+ * Public Key Encryption
+ *
+ * Copyright (c) 2015, Intel Corporation
+ * Authors: Tadeusz Struk tadeusz.st...@intel.com
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+#include linux/errno.h
+#include linux/kernel.h
+#include linux/module.h
+#include linux/seq_file.h
+#include linux/slab.h
+#include linux/string.h
+#include linux/crypto.h
+#include crypto/algapi.h
+#include linux/cryptouser.h
+#include net/netlink.h
+#include crypto/akcipher.h
+#include internal.h
+
+#ifdef CONFIG_NET
+static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_report_akcipher rakcipher;
+
+ strncpy(rakcipher.type, akcipher, sizeof(rakcipher.type));
+ strncpy(rakcipher.subtype, alg-cra_name, sizeof(rakcipher.subtype));
+
+ if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
+ sizeof(struct crypto_report_akcipher), rakcipher))
+ goto nla_put_failure;
+ return 0;
+
+nla_put_failure:
+ return -EMSGSIZE;
+}
+#else
+static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ return -ENOSYS;
+}
+#endif
+
+static void crypto_akcipher_show(struct seq_file *m, struct crypto_alg *alg)
+ __attribute__ ((unused));
+
+static void crypto_akcipher_show(struct seq_file *m, struct crypto_alg *alg)
+{
+ seq_puts(m, type : akcipher\n);
+ seq_printf(m, subtype : %s\n, alg-cra_name);
+}
+
+static int crypto_akcipher_init(struct crypto_tfm *tfm)
+{
+ return 0;
+}
+
+static const struct crypto_type crypto_akcipher_type = {
+ .extsize = crypto_alg_extsize,
+ .init_tfm = crypto_akcipher_init,
+#ifdef CONFIG_PROC_FS
+ .show = crypto_akcipher_show,
+#endif
+ .report = crypto_akcipher_report,
+ .maskclear = ~CRYPTO_ALG_TYPE_MASK,
+ .maskset = CRYPTO_ALG_TYPE_MASK,
+ .type = CRYPTO_ALG_TYPE_AKCIPHER,
+ .tfmsize = offsetof(struct crypto_akcipher, base),
+};
+
+struct crypto_akcipher *crypto_alloc_akcipher(const char *alg_name, u32 type,
+ u32 mask)
+{
+ return crypto_alloc_tfm(alg_name, crypto_akcipher_type, type, mask);
+}
+EXPORT_SYMBOL_GPL(crypto_alloc_akcipher);
+
+int crypto_register_akcipher(struct akcipher_alg *alg)
+{
+ struct crypto_alg *base = alg-base;
+
+ base-cra_type = crypto_akcipher_type;
+ base-cra_flags = ~CRYPTO_ALG_TYPE_MASK;
+ base-cra_flags |= CRYPTO_ALG_TYPE_AKCIPHER;
+ return crypto_register_alg(base);
+}
+EXPORT_SYMBOL_GPL(crypto_register_akcipher);
+
+void crypto_unregister_akcipher(struct akcipher_alg *alg)
+{
+ crypto_unregister_alg(alg-base);
+}
+EXPORT_SYMBOL_GPL(crypto_unregister_akcipher);
+MODULE_LICENSE(GPL);
+MODULE_DESCRIPTION(Generic public key cihper type);
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 41dfe76..508e71d 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -27,6 +27,7 @@
#include net/net_namespace.h
#include crypto/internal/aead.h
#include crypto/internal/skcipher.h
+#include crypto/akcipher.h
#include internal.h
@@ -110,6 +111,22 @@ nla_put_failure:
return -EMSGSIZE;
}
+static int crypto_report_akcipher(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct
