Similar to algif_skcipher and algif_hash, algif_akcipher needs
to prevent user space from using the interface in an improper way.
This patch adds nokey ops handlers, which do just that.
Signed-off-by: Tadeusz Struk <tadeusz.st...@intel.com>
---
crypto/algif_akcipher.c
---
Stephan Mueller (4):
crypto: AF_ALG -- add sign/verify API
crypto: AF_ALG -- add setpubkey setsockopt call
crypto: AF_ALG -- add asymmetric cipher interface
crypto: algif_akcipher - enable compilation
Tadeusz Struk (2):
crypto: algif_akcipher - add ops_nokey
or
invoke operations defined by a given subtype, depending on the
key type.
Signed-off-by: Tadeusz Struk <tadeusz.st...@intel.com>
---
crypto/af_alg.c | 10 ++
crypto/algif_akcipher.c | 207 ++-
include/crypto/if_alg.h |1
i
From: Stephan Mueller <smuel...@chronox.de>
Add the Makefile and Kconfig updates to allow algif_akcipher to be
compiled.
Signed-off-by: Stephan Mueller <smuel...@chronox.de>
Signed-off-by: Tadeusz Struk <tadeusz.st...@intel.com>
---
crypto/Kconfig |9 +
crypto/Ma
ed-off-by: Stephan Mueller <smuel...@chronox.de>
Signed-off-by: Tadeusz Struk <tadeusz.st...@intel.com>
---
crypto/algif_akcipher.c | 542 +++
1 file changed, 542 insertions(+)
create mode 100644 crypto/algif_akcipher.c
diff --git a/crypto/algif_a
From: Stephan Mueller <smuel...@chronox.de>
For supporting asymmetric ciphers, user space must be able to set the
public key. The patch adds a new setsockopt call for setting the public
key.
Signed-off-by: Stephan Mueller <smuel...@chronox.de>
Signed-off-by: Tadeusz Struk
From: Stephan Mueller <smuel...@chronox.de>
Add the flags for handling signature generation and signature
verification.
Also, the patch adds the interface for setting a public key.
Signed-off-by: Stephan Mueller <smuel...@chronox.de>
Signed-off-by: Tadeusz Struk <tadeusz.
The vf2pf_init and vf2pf_exit are exactly the same for all VFs
so move them to common and reuse.
Tested-by: Suman Bangalore Sathyanarayana
<sumanx.bangalore.sathyanaray...@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.st...@intel.com>
---
.../crypto/qat/qat_c3xxxvf/adf_c3xxx
IRQs need to be enabled when VFs go down in case some VF to PF
comms happens.
Tested-by: Suman Bangalore Sathyanarayana
<sumanx.bangalore.sathyanaray...@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.st...@intel.com>
---
drivers/crypto/qat/qat_common/adf_init.c | 3 ++-
1 fil
Before VF sends a signal to PF it should check if PF
is still running.
Tested-by: Suman Bangalore Sathyanarayana
<sumanx.bangalore.sathyanaray...@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.st...@intel.com>
---
drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 2 ++
driver
Subject: [PATCH] crypto: qat - fix section mismatch warning
Fix Section mismatch warinig in adf_exit_vf_wq()
Reported-by: kbuild test robot <fengguang...@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.st...@intel.com>
---
drivers/crypto/qat/qat_common/adf_vf_isr.c | 2 +-
1 fil
On 04/15/2016 12:52 PM, kbuild test robot wrote:
> tree:
> https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
> master
> head: 5f575efea79caae69b81f922d99b221302a2c003
> commit: d6064165ba4449ea085a389724d728258a3180ec [43/49] crypto: qat -
> adf_dev_stop should not
;
> url:
> https://github.com/0day-ci/linux/commits/Tadeusz-Struk/crypto-algif-add-akcipher/20160416-043207
> base:
> https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
> master
> config: i386-allmodconfig (attached as .config)
> reproduce:
>
Hi Fridolin,
On 04/12/2016 04:13 AM, Fridolin Pokorny wrote:
> we were experimenting with this. We have a prove of concept of a kernel
> TLS type socket, so called AF_KTLS, which is based on Dave Watson's
> RFC5288 patch. It handles both TLS and DTLS, unfortunately it is not
> ready now to be
Hi,
On 07/26/2016 04:54 AM, Stephan Mueller wrote:
>> > Is it true that the key (defined via setsockopt) is common to all the
>> > connections but the IV (defined through message control header) is
>> > specific to each connection ?
> Yes.
I think that's not correct. Please define a "connection".
wrong is that the child_req should be at
the end of the structure. This is build tested only.
---8<---
From: Tadeusz Struk <tadeusz.st...@intel.com>
Subject: [PATCH] crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct
To allow for child request context the struct akcipher_request
Hi Mat,
On 06/29/2016 11:43 AM, Mat Martineau wrote:
>> +ret = verify_signature(key, );
>> +if (!ret) {
>> +req->dst_len = sizeof(digest);
>
> I think you fixed the BUG_ON() problem but there's still an issue with
> the handling of the digest. Check the use of sig->digest in
>
Hi Mat,
On 07/06/2016 12:38 PM, Mat Martineau wrote:
>> So it looks like the only thing that we need to return to the user in
>> this case is the return code. Do you agree?
>
> The way verify_signature is implemented today, the only output is the
> return code. For verify, maybe no read is
On 07/08/2016 09:38 AM, Mat Martineau wrote:
> Are the inputs and outputs defined for ALG_OP_VERIFY in SET_KEY mode
> going to work for hardware keys (like TPM) in SET_KEY_ID mode? That's
> needed if the verify SET_KEY_ID mode is to be added later.
Yes, we will just need to change the
Hi Corentin,
On 03/01/2017 04:04 AM, Corentin Labbe wrote:
>> I would think the issue is that the OpenSSL BIGNUM lib has some issues: when
>> calculating m^e mod n, m has to be equal to the key size. The kernel's MPI
>> code handles the case where m is smaller than the key size.
>>
>> Note, in
Hi Stephan,
On 03/01/2017 10:08 PM, Stephan Müller wrote:
>> memset(ptextp, 0, 256);
>> memcpy(ptextp + 64 - 8, ptext_ex, plen);
> I actually have tested that and it did not return the data the kernel
> implementation would return
It did for me:
Result 64 plen=8
63 1c cd 7b e1 7e e4 de
On 03/01/2017 10:21 PM, Corentin Labbe wrote:
> I am finishing a patch that made testmgr test both (padded and unpadded).
Even if you patch the test vectors there is no guarantee that a user
of the API will always have the plain text padded.
It can be anything between 1 and the key size.
This
On 9/17/18 1:28 PM, Dan Aloni wrote:
> On Mon, Sep 17, 2018 at 12:52:44PM -0700, Tadeusz Struk wrote:
>> On 9/17/18 10:24 AM, Dan Aloni wrote:
>>> The encryption mode of pkcs1pad never uses out_sg and out_buf, so
>>> there's no need to allocate the buffer, which pres
On 9/17/18 10:24 AM, Dan Aloni wrote:
> The encryption mode of pkcs1pad never uses out_sg and out_buf, so
> there's no need to allocate the buffer, which presently is not even
> being freed.
It is used and freed in pkcs1pad_decrypt_complete().
--
Tadeusz
On 9/17/18 3:04 PM, Dan Aloni wrote:
> That's also true, but what I still don't understand is how
> pkcs1pad_decrypt_complete() would be called when a higher layer calls to
> *encrypt* in roughly this API call sequence:
>
>ak_tfm = crypto_alloc_akcipher("pkcs1pad(rsa,sha256)", 0, 0);
>
501 - 525 of 525 matches
Mail list logo