Hi,
CAAM crypto engine (drivers/crypto/caam/*) is capable of asymmetric
operations, like: modular exponentiation, RSA
sign/verify/encrypt/decrypt, (EC)DSA sign etc.
I would appreciate some design guidelines on how to harness these
capabilities, for crypto engines in general.
1. In-kernel interface for asymmetric crypto
Should crypto/asymmetric_keys/* be used, i.e. appended with modular
exponentiation, other asymmetric operations? I am asking since this
seems to be closer to key management than to asymmetric crypto...
If so, should an algorithm priority be defined, similar to Crypto API
interface for symmetric algos (so that for e.g. a HW implementation of
RSA verify would be preferred over a SW implementation)? Currently
interface does not allow for two or more implementers of the same
algo/operation.
Currently, SW implementation of modular exponentiation - mpi_powm() - is
used by crypto/asymmetric_keys/rsa.c and lib/digsig.c. AFAICT, its users
could benefit from a HW-accelerated version.
2. User space interface
Should AF_ALG be expanded to provide access to this new asymmetric cypto
API?
The API would allow user space applications to offload PKC operations in HW.
Possible use: offloading compute-intensive parts of TLS handshake, IKE.
Thanks,
Horia
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
