Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-12 Thread Tadeusz Struk
On 06/11/2015 07:42 PM, Herbert Xu wrote: >> The testmgr code can mark an entire cipher implementation as fips_allowed=1 >> as >> > already done for RSA. However, unlike with the other ciphers, that flag >> > must >> > go in conjunction with the used key sizes. >> > >> > For FIPS mode, the fol

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Herbert Xu
On Thu, Jun 11, 2015 at 11:50:06PM -0700, Tadeusz Struk wrote: > > Should I make it MPI[] rather than void * It should be in encoded format since only the algorithms should be decoding it. Otherwise you have craziness where RSA-specific knowledge is placed into x509_cert_parser.c to parse RSA key

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Tadeusz Struk
On 06/11/2015 07:59 PM, Herbert Xu wrote: >> +int crypto_akcipher_setkey(struct crypto_akcipher *tfm, >> > + const struct public_key *pkey) >> > +{ >> > + if (tfm->pkey) >> > + akcipher_free_key(tfm->pkey); >> > + >> > + return akcipher_clone_key(tfm, pkey); >> > +} >

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Herbert Xu
On Thu, Jun 11, 2015 at 12:05:44PM -0700, Tadeusz Struk wrote: > > +int crypto_akcipher_setkey(struct crypto_akcipher *tfm, > +const struct public_key *pkey) > +{ > + if (tfm->pkey) > + akcipher_free_key(tfm->pkey); > + > + return akcipher_clone_key(tfm,

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Herbert Xu
On Fri, Jun 12, 2015 at 10:42:46AM +0800, Herbert Xu wrote: > On Fri, Jun 12, 2015 at 03:00:42AM +0200, Stephan Mueller wrote: > > > > The testmgr code can mark an entire cipher implementation as fips_allowed=1 > > as > > already done for RSA. However, unlike with the other ciphers, that flag >

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Herbert Xu
On Fri, Jun 12, 2015 at 03:00:42AM +0200, Stephan Mueller wrote: > > The testmgr code can mark an entire cipher implementation as fips_allowed=1 > as > already done for RSA. However, unlike with the other ciphers, that flag must > go in conjunction with the used key sizes. > > For FIPS mode, th

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Stephan Mueller
Am Thursday 11 June 2015, 12:05:44 schrieb Tadeusz Struk: Hi Tadeusz, >+ >+static int akcipher_clone_key(struct crypto_akcipher *tfm, >+const struct public_key *pkey) >+{ >+ int i, ret = 0; >+ >+ tfm->pkey = kzalloc(sizeof(*tfm->pkey), GFP_KERNEL); >+ >+

[PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Tadeusz Struk
Add Public Key Encryption API. Signed-off-by: Tadeusz Struk --- crypto/Kconfig |6 + crypto/Makefile|1 crypto/akcipher.c | 154 + crypto/crypto_user.c | 23 ++ include/crypto/akcipher.h | 408 ++