Re: [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API

From: Tadeusz Struk
Date: Mon May 04 2015 - 16:45:27 EST


Hi Horia,
On 05/04/2015 06:16 AM, Horia GeantÄ wrote:
>> int (*sign)(struct pke_request *pkereq);
>> > int (*verify)(struct pke_request *pkereq);
>> > int (*encrypt)(struct pke_request *pkereq);
>> > int (*decrypt)(struct pke_request *pkereq);
> Where would be the proper place for keygen operation?

This will need to be extended to support keygen.

>
> AFAICT algorithms currently map to primitives + encoding methods, which
> is not flexible. For e.g. current RSA implementation hardcodes the
> PKCS1-v1_5 encoding method, making it hard to add OAEP(+) etc.
>
> One solution would be to map algorithms to primitives only. Encoding
> methods need to be abstracted somehow, maybe using templates to wrap the
> algorithms.

So far there is only one rsa implementation in kernel and it is only used
by module signing code.
Later we can add templates or simply one can register "oaep-rsa" algorithm.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/