Hi Herbert, > -----Original Message----- > From: Herbert Xu [mailto:herbert@xxxxxxxxxxxxxxxxxxx] > Sent: Tuesday, April 5, 2016 12:09 PM > To: Marcel Holtmann <marcel@xxxxxxxxxxxx> > Cc: Benedetto, Salvatore <salvatore.benedetto@xxxxxxxxx>; linux- > crypto@xxxxxxxxxxxxxxx > Subject: Re: [PATCH V2] crypto: implement DH primitives under akcipher API > > On Thu, Mar 03, 2016 at 08:23:48AM -0800, Marcel Holtmann wrote: > > Hi Salvatore, > > > > > Implement Diffie-Hellman primitives required by the scheme under the > > > akcipher API. Here is how it works. > > > 1) Call set_pub_key() by passing DH parameters (p,g) in PKCS3 format > > > 2) Call set_priv_key() to set your own private key (xa) in raw > > > format > > > 3) Call decrypt() without passing any data as input to get back the > > > public part which will be computed as g^xa mod p > > > 4) Call encrypt() by passing the counter part public key (yb) in raw format > > > as input to get back the shared secret calculated as zz = yb^xa > > > mod p > > > > I am still not convinced that akcipher is good match for key exchange > methods. I think we should try to introduce a new abstraction here. > > > > Overloading set_pub_key() with DH params and using decrypt() for > private/public key pair generation seems not a good fit. It does not really > match. > > > > And as I said before, we know for certain that ECDH has to happen as well. > So we need to forward look into making that fit as well. > > I agree that akcipher is poor choice for this. If we are going to add DH to the > crypto API then it should be of its own type. > > But before we even go there what does the hardware acceleration actually > look like? > I'm not sure what you mean by that, but in the case of DH, the hardware will receive as input 3 buffers containing base, exponent and module, compute the value and return it into the given output buffer. That's it. More or less the same will be for ECDH. Thanks, Salvatore -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html