RE: [PATCH V2] crypto: implement DH primitives under akcipher API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Herbert,

> -----Original Message-----
> From: Herbert Xu [mailto:herbert@xxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, April 5, 2016 12:09 PM
> To: Marcel Holtmann <marcel@xxxxxxxxxxxx>
> Cc: Benedetto, Salvatore <salvatore.benedetto@xxxxxxxxx>; linux-
> crypto@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH V2] crypto: implement DH primitives under akcipher API
> 
> On Thu, Mar 03, 2016 at 08:23:48AM -0800, Marcel Holtmann wrote:
> > Hi Salvatore,
> >
> > > Implement Diffie-Hellman primitives required by the scheme under the
> > > akcipher API. Here is how it works.
> > > 1) Call set_pub_key() by passing DH parameters (p,g) in PKCS3 format
> > > 2) Call set_priv_key() to set your own private key (xa) in raw
> > > format
> > > 3) Call decrypt() without passing any data as input to get back the
> > >   public part which will be computed as g^xa mod p
> > > 4) Call encrypt() by passing the counter part public key (yb) in raw format
> > >   as input to get back the shared secret calculated as zz = yb^xa
> > > mod p
> >
> > I am still not convinced that akcipher is good match for key exchange
> methods. I think we should try to introduce a new abstraction here.
> >
> > Overloading set_pub_key() with DH params and using decrypt() for
> private/public key pair generation seems not a good fit. It does not really
> match.
> >
> > And as I said before, we know for certain that ECDH has to happen as well.
> So we need to forward look into making that fit as well.
> 
> I agree that akcipher is poor choice for this.  If we are going to add DH to the
> crypto API then it should be of its own type.
> 
> But before we even go there what does the hardware acceleration actually
> look like?
>

I'm not sure what you mean by that, but in the case of DH, the hardware will
receive as input 3 buffers containing base, exponent and module, compute the
value and return it into the given output buffer. That's it. More or less the same
will be for ECDH.

Thanks,
Salvatore
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux