subject:"RE\: \[PATCH v6 0\/3\] Key\-agreement Protocol Primitives \(KPP\) API"

Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

2016-05-23 Thread Stephan Mueller

Am Montag, 23. Mai 2016, 20:26:15 schrieb Benedetto, Salvatore:

Hi Salvatore,

> 
> http://permalink.gmane.org/gmane.linux.kernel.lsm/27456
> 
> As mentioned in the cover letter of that patch, KEYCTL_DH_COMPUTE will be
> converted to kpp once accepted.

Ok, I have overlooked that one :-)

Nevermind then and thanks

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

2016-05-23 Thread Benedetto, Salvatore

Hi Stephan,

> -Original Message-
> From: Stephan Mueller [mailto:smuel...@chronox.de]
> Sent: Monday, May 23, 2016 7:44 PM
> To: Benedetto, Salvatore <salvatore.benede...@intel.com>
> Cc: herb...@gondor.apana.org.au; linux-crypto@vger.kernel.org
> Subject: Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API
> 
> Am Mittwoch, 11. Mai 2016, 08:26:00 schrieb Salvatore Benedetto:
> 
> Hi Salvatore,
> 
> > Hi Herb,
> >
> > the following patchset introduces a new API for abstracting
> > key-agreement protocols such as DH and ECDH. It provides the
> > primitives required for implementing the protocol, thus the name KPP
> > (Key-agreement Protocol Primitives).
> 
> I just saw that in Linus' tree, a DH implementation popped up at
> security/keys/dh.c
> 
> Note, the implementation is also from an Intel developer.
> 
> Would it make sense that both implementations are synced so that we only
> have one and that we need to worry about side channels only once?
> 

http://permalink.gmane.org/gmane.linux.kernel.lsm/27456

As mentioned in the cover letter of that patch, KEYCTL_DH_COMPUTE will be 
converted
to kpp once accepted.

Regards,
Salvatore
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

2016-05-23 Thread Stephan Mueller

Am Mittwoch, 11. Mai 2016, 08:26:00 schrieb Salvatore Benedetto:

Hi Salvatore,

> Hi Herb,
> 
> the following patchset introduces a new API for abstracting key-agreement
> protocols such as DH and ECDH. It provides the primitives required for
> implementing the protocol, thus the name KPP (Key-agreement Protocol
> Primitives).

I just saw that in Linus' tree, a DH implementation popped up at 
security/keys/dh.c

Note, the implementation is also from an Intel developer.

Would it make sense that both implementations are synced so that we only have 
one and that we need to worry about side channels only once?

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

2016-05-12 Thread Marcel Holtmann

Hi Herbert,

> the following patchset introduces a new API for abstracting key-agreement
> protocols such as DH and ECDH. It provides the primitives required for 
> implementing
> the protocol, thus the name KPP (Key-agreement Protocol Primitives).
> 
> Regards,
> Salvatore
> 
> Changes from v5:
> * Fix ecdh loading in fips mode.
> 
> Changes from v4:
> * If fips_enabled is set allow only P256 (or higher) as Stephan suggested
> * Pass ndigits as argument to ecdh_make_pub_key and ecdh_shared_secret
>  so that VLA can be used like in the rest of the module
> 
> Changes from v3:
> * Move curve ID definition to public header ecdh.h as users need to
>  have access to those ids when selecting the curve
> 
> Changes from v2:
> * Add support for ECDH (curve P192 and P256). I reused the ecc module
>  already present in net/bluetooth and extended it in order to select
>  different curves at runtime. Code for P192 was taken from tinycrypt.
> 
> Changes from v1:
> * Change check in dh_check_params_length based on Stephan review
> 
> 
> Salvatore Benedetto (3):
>  crypto: Key-agreement Protocol Primitives API (KPP)
>  crypto: kpp - Add DH software implementation
>  crypto: kpp - Add ECDH software support

we have tested this with the Bluetooth subsystem to use ECDH for key generation 
and shared secret generation. This seems to work as expected. Feel free to 
merge this patchset.

Acked-by: Marcel Holtmann 

Regards

Marcel

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

2016-05-11 Thread Benedetto, Salvatore

Hi Stephan,

> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org [mailto:linux-crypto-
> ow...@vger.kernel.org] On Behalf Of Stephan Mueller
> Sent: Wednesday, May 11, 2016 10:05 AM
> To: Benedetto, Salvatore <salvatore.benede...@intel.com>
> Cc: herb...@gondor.apana.org.au; linux-crypto@vger.kernel.org
> Subject: Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API
> 
> Am Mittwoch, 11. Mai 2016, 08:26:00 schrieb Salvatore Benedetto:
> 
> Hi Salvatore,
> 
> > Changes from v5:
> > * Fix ecdh loading in fips mode.
> 
> Thanks.
> 
> As I do not readily see how you solved the issue, may I ask for a pointer to
> the code that handles that?
>

Loading kpp ecdh was indeed calling panic() before because the P192 test was run
anyway. Now when fips=1 is passed and CONFIG_CRYPTO_FIPS is set the P192 is
not run.

Regards,
Salvatore  
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

2016-05-11 Thread Stephan Mueller

Am Mittwoch, 11. Mai 2016, 08:26:00 schrieb Salvatore Benedetto:

Hi Salvatore,

> Changes from v5:
> * Fix ecdh loading in fips mode.

Thanks.

As I do not readily see how you solved the issue, may I ask for a pointer to 
the code that handles that?

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

RE: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

RE: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

Re: [PATCH v6 0/3] Key-agreement Protocol Primitives (KPP) API

6 matches

Site Navigation

Mail list logo

Footer information