diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-10-17 17:15:34 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-12-27 09:36:13 +0100 |
| commit | 1deb8c8ee83cd4e46f21c32dc3369dff68a1d9ec (patch) | |
| tree | e932d774643215f3bedcc4ab2fc6016d573d0f40 | |
| parent | f595473369ba6cf438f9d3d90741e9760a0b880c (diff) | |
| download | man-pages-1deb8c8ee83cd4e46f21c32dc3369dff68a1d9ec.tar.gz | |
keyctl.2: Improve KEYCTL_DH_COMPUTE details
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
| -rw-r--r-- | man2/keyctl.2 | 50 |
1 files changed, 30 insertions, 20 deletions
diff --git a/man2/keyctl.2 b/man2/keyctl.2 index 9d5ef7f2a0..685f6cd9c1 100644 --- a/man2/keyctl.2 +++ b/man2/keyctl.2 @@ -1252,21 +1252,21 @@ via the function .BR keyctl_get_persistent (3). .TP .BR KEYCTL_DH_COMPUTE " (since Linux 4.7)" -Compute Diffie-Hellman values. +Compute a Diffie-Hellman shared secret or public key. + The .I arg2 -argument is a pointer to -.I struct keyctl_dh_params -which is defined in -.I <linux/keyctl.h> -as follows: +argument is a pointer to a set of parameters containing +serial numbers for three keys used in the Diffie-Hellman calculation, +packaged in a structure of the following form: .nf .in +4n struct keyctl_dh_params { - int32_t private; - int32_t prime; - int32_t base; + int32_t private; /* The local private key */ + int32_t prime; /* The prime, known to both parties */ + int32_t base; /* The base integer: either a shared + generator or the remote public key */ }; .in .fi @@ -1275,21 +1275,30 @@ The .IR private ", " prime " and " base fields are IDs of the keys, payload of which would be used for DH values calculation. -The result is calculated as -.IR "base^private mod prime" . +The result is calculated as: + + base ^ private mod prime + +If the base is the shared generator, the result is the local public key. +If the base is the remote public key, the result is the shared secret. The .I arg3 argument (cast to .IR "char\ *" ) -should point to an output buffer whose size is passed in the +points to a buffer where the result of the calculation is placed. +The size of that buffer is specified in .I arg4 -argument (cast to +(cast to .IR size_t ). -The buffer should be big enough in order to accommodate the output data, + +The buffer must be large enough to accommodate the output data, otherwise an error is returned. -A NULL pointer can be provided as buffer in order -to obtain the required buffer size. +If +.I arg4 +is specified zero, +the operation returns the minimum required buffer size +(i.e., the length of the prime). The .I arg5 @@ -1334,7 +1343,9 @@ irrespective of the provided buffer size. The ID of the persistent keyring. .TP .B KEYCTL_DH_COMPUTE -Amount of bytes being copied. +The number of bytes copied to the buffer, or, if +.I arg4 +is 0, the required buffer size. .TP All other commands Zero. @@ -1438,9 +1449,8 @@ or a kernel thread. .I option is .B KEYCTL_DH_COMPUTE -and the buffer size provided is not enough for the result to fit in. -Provide 0 as -a buffer size in order to obtain minimum buffer size first. +and the buffer size provided is not enough to hold the result. +Provide 0 as a buffer size in order to obtain the minimum buffer size. .SH VERSIONS This system call first appeared in Linux 2.6.11. .SH CONFORMING TO |