Add key-agreement protocol primitives (kpp) API which allows to
implement primitives required by protocols such as DH and ECDH.
The API is composed mainly by the following functions
* set_params() - It allows the user to set the parameters known to
both parties involved in the key-agreement ses
Hi Herb,
the following patchset introduces a new API for abstracting key-agreement
protocols such as DH and ECDH. It provides the primitives required for
implementing
the protocol, thus the name KPP (Key-agreement Protocol Primitives).
Regards,
Salvatore
Changes from v5:
* Fix ecdh loading in f
* Implement ECDH under kpp API
* Provide ECC software support for curve P-192 and
P-256.
* Add kpp test for ECDH with data generated by OpenSSL
Signed-off-by: Salvatore Benedetto
---
crypto/Kconfig |5 +
crypto/Makefile |3 +
crypto/ecc.c| 1016
* Implement MPI based Diffie-Hellman under kpp API
* Test provided uses data generad by OpenSSL
Signed-off-by: Salvatore Benedetto
---
crypto/Kconfig | 8 ++
crypto/Makefile | 2 +
crypto/dh.c | 224
crypto/testmgr.c
>
>
> From: Herbert Xu
> Sent: Tuesday, May 10, 2016 12:46 PM
> To: Catalin Vasile
> Cc: linux-crypto@vger.kernel.org; linux-crypto-ow...@vger.kernel.org; Horia
> Ioan Geanta Neag; Alexandru Porosanu; Scott Wood; Catalin Vasile
> Subject: Re: [PATCH] cry
From: Zhaoxiu Zeng
When I do "grep parity -r linux", I found many parity calculations
distributed in many drivers.
This patch series does:
1. provide generic and architecture-specific parity calculations
2. remove drivers' local parity calculations, use bitops' parity
functions instead
Am Mittwoch, 11. Mai 2016, 08:26:00 schrieb Salvatore Benedetto:
Hi Salvatore,
> Changes from v5:
> * Fix ecdh loading in fips mode.
Thanks.
As I do not readily see how you solved the issue, may I ask for a pointer to
the code that handles that?
Ciao
Stephan
--
To unsubscribe from this list:
From: Zhaoxiu Zeng
Signed-off-by: Zhaoxiu Zeng
---
drivers/crypto/sahara.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c
index c3f3d89..5c44a15 100644
--- a/drivers/crypto/sahara.c
+++ b/drivers/crypto/sahara.c
@@ -783,7 +7
From: Zhaoxiu Zeng
Signed-off-by: Zhaoxiu Zeng
---
drivers/crypto/qat/qat_common/qat_hal.c | 32 ++--
1 file changed, 10 insertions(+), 22 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_hal.c
b/drivers/crypto/qat/qat_common/qat_hal.c
index 1e480f1..318
Users of rwlocks should include spinlock.h instead including this
header file. The current users of rwlocks_types.h are internal.
Signed-off-by: Sebastian Andrzej Siewior
---
drivers/crypto/ccp/ccp-dev.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/crypto/ccp/ccp-dev.c b/drivers/cr
Hi Herbert,
> On Fri, Apr 29, 2016 at 03:51:46PM +0300, Tudor Ambarus wrote:
> >
> > struct rsa_key {
> > + u8 *n;
> > + u8 *e;
> > + u8 *d;
> > + dma_addr_t dma_n;
> > + dma_addr_t dma_e;
> > + dma_addr_t dma_d;
> > + size_t n_sz;
> > + size_t e_sz;
> > + bool coherent;
> > +
On Wed, May 11, 2016 at 07:41:31AM +, Tudor-Dan Ambarus wrote:
>
> If I move the DMA primitives to the driver context,
> I can't assure software coherency enforcement in rsa helper.
>
> If so, after the ANS.1 parsing, if a driver needs to enforce software
> coherency, it will have to allocate
On Wed, May 11, 2016 at 07:53:19AM +, Catalin Vasile wrote:
>
> Every request will be queued and eventually done.
> The hardware equipment has a constraint on the number of tfms it can have.
> Is there a requirement to support an infinite number of tfms on a device?
>
> > You should use a soft
Hi Stephan,
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org [mailto:linux-crypto-
> ow...@vger.kernel.org] On Behalf Of Stephan Mueller
> Sent: Wednesday, May 11, 2016 10:05 AM
> To: Benedetto, Salvatore
> Cc: herb...@gondor.apana.org.au; linux-crypto@vger.kernel.org
> Sub
Tudor Ambarus wrote:
> A kernel taint results when loading the rsa_generic module:
>
> root@(none):~# modprobe rsa_generic
> asn1_decoder: module license 'unspecified' taints kernel.
> Disabling lock debugging due to kernel taint
>
> "Tainting" of the kernel is (usually) a way of indicating tha
Tadeusz Struk wrote:
> > (2) rsa-pkcs1pad needs to indicate what the maximum content size is, given
> > the minimum possible padding for the specified hash type (ie. a
> > particular OID).
>
> The user needs to use crypto_akcipher_maxsize(tfm) to get the required buffer
> size for a g
Here's a set of patches that provides keyctl access for asymmetric keys,
including a query function, and functions to do encryption, decryption,
signature creation and signature verification.
I've added a PKCS#8 asymmetric key parser so that you can load an RSA private
key into the kernel. Curre
Provide a query function for the software public key implementation. This
permits information about such a key to be obtained using
query_asymmetric_key() or KEYCTL_PKEY_QUERY.
Signed-off-by: David Howells
---
crypto/asymmetric_keys/public_key.c | 96 ++-
1 fi
Put a flag in the public_key struct to indicate if the structure is holding
a private key. The private key must be held ASN.1 encoded in the format
specified in RFC 3447 A.1.2. This is the form required by crypto/rsa.c.
The software encryption subtype's verification and query functions then
need
Implement PKCS#8 RSA Private Key format [RFC 5208] parser for the
asymmetric key type. For the moment, this will only support unencrypted
DER blobs. PEM and decryption can be added later.
PKCS#8 keys can be loaded like this:
openssl pkcs8 -in private_key.pem -topk8 -nocrypt -outform DER
Implement the encrypt, decrypt and sign operations for the software
asymmetric key subtype. This mostly involves offloading the call to the
crypto layer.
Note that the decrypt and sign operations require a private key to be
supplied. Encrypt (and also verify) will work with either a public or a
Provide the missing asymmetric key subops for new key type ops. This
include query, encrypt, decrypt and create signature. Verify signature
already exists. Also provided are accessor functions for this:
int query_asymmetric_key(const struct key *key,
con
Provide five keyctl functions that permit userspace to make use of the new
key type ops for accessing and driving asymmetric keys.
(*) Query an asymmetric key.
long keyctl(KEYCTL_PKEY_QUERY,
key_serial_t key, key_serial_t password,
struct keyctl_pk
Make the X.509 and PKCS7 parsers fill in the signature encoding type field
recently added to the public_key_signature struct.
Signed-off-by: David Howells
---
crypto/asymmetric_keys/pkcs7_parser.c |1 +
crypto/asymmetric_keys/x509_cert_parser.c | 21 +
2 files chan
Provide five new operations in the key_type struct that can be used to
provide access to asymmetric key operations. These will be implemented for
the asymmetric key type in a later patch and may refer to a key retained in
RAM by the kernel or a key retained in crypto hardware.
int (*asym_que
Tadeusz Struk wrote:
> This is the same v5 version as before rebased on top of
> http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-asym-keyctl
I've just reposted this. The interface you're using should be the same, I
think, but the details underneath have changed.
A
On 05/11/2016 05:06 AM, Sebastian Andrzej Siewior wrote:
> Users of rwlocks should include spinlock.h instead including this
> header file. The current users of rwlocks_types.h are internal.
>
> Signed-off-by: Sebastian Andrzej Siewior
There's already been a patch submitted and accepted for this
On Wed, 2016-05-11 at 15:22 +0100, David Howells wrote:
> Implement PKCS#8 RSA Private Key format [RFC 5208] parser for the
> asymmetric key type. For the moment, this will only support unencrypted
> DER blobs. PEM and decryption can be added later.
I would recommend *not* adding PEM and decrypt
Remove the unused variable ret, and return 0 explicitly.
Signed-off-by: Muhammad Falak R Wani
---
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c
b/drivers/crypto/qat/qat_common/adf_ctl
On 05/11/2016 12:28 PM, Muhammad Falak R Wani wrote:
> Remove the unused variable ret, and return 0 explicitly.
Thanks for the patch. In this case it will be even better
to change the adf_ctl_stop_devices() to a void function.
---8<---
Subject: [PATCH] crypto: qat - change the adf_ctl_stop_devices
On 05/11/2016 06:55 AM, David Howells wrote:
> Tadeusz Struk wrote:
>
>>> (2) rsa-pkcs1pad needs to indicate what the maximum content size is, given
>>> the minimum possible padding for the specified hash type (ie. a
>>> particular OID).
>>
>> The user needs to use crypto_akcipher_maxs
On Wed, 11 May 2016, David Howells wrote:
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index ca72b70a24b9..01c2ae28a8c0 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
+ If the key needs to be unlocked with a password, a l
On Wed, 11 May 2016, David Howells wrote:
Provide a query function for the software public key implementation. This
permits information about such a key to be obtained using
query_asymmetric_key() or KEYCTL_PKEY_QUERY.
Signed-off-by: David Howells
---
crypto/asymmetric_keys/public_key.c |
On Wed, 11 May 2016, David Howells wrote:
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index 6516855bec18..417035a53e98 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -34,6 +34,19 @@ clean-files += x509_akid-asn1.c x509_a
On 05/11/2016 04:50 PM, Mat Martineau wrote:
>
>> +len = crypto_akcipher_maxsize(tfm);
>> +info->key_size = len * 8;
>> +info->max_data_size = len;
>> +info->max_sig_size = len;
>> +info->max_enc_size = len;
>> +info->max_dec_size = len;
>
> If len > UINT16_MAX, should UIN
35 matches
Mail list logo
