From: Denis Kenzior <denkenz@gmail.com>
To: Vitaly Chikunov <vt@altlinux.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
David Howells <dhowells@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v9 05/10] X.509: parse public key parameters from x509 for akcipher
Date: Thu, 11 Apr 2019 17:18:36 +0000 [thread overview]
Message-ID: <48828e0e-0aef-dece-e7ad-4c0ea9cefbe7@gmail.com> (raw)
In-Reply-To: <20190411155122.13245-6-vt@altlinux.org>
Hi Vitaly,
On 04/11/2019 10:51 AM, Vitaly Chikunov wrote:
> Some public key algorithms (like EC-DSA) keep in parameters field
> important data such as digest and curve OIDs (possibly more for
> different EC-DSA variants). Thus, just setting a public key (as
> for RSA) is not enough.
>
> Append parameters into the key stream for akcipher_set_{pub,priv}_key.
> Appended data is: (u32) algo OID, (u32) parameters length, parameters
> data.
>
> This does not affect current akcipher API nor RSA ciphers (they could
> ignore it). Idea of appending parameters to the key stream is by Herbert
> Xu.
>
> Cc: David Howells <dhowells@redhat.com>
> Cc: Denis Kenzior <denkenz@gmail.com>
> Cc: keyrings@vger.kernel.org
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> ---
> crypto/asymmetric_keys/asym_tpm.c | 9 +++-
> crypto/asymmetric_keys/public_key.c | 72 ++++++++++++++++++++++++-------
> crypto/asymmetric_keys/x509.asn1 | 2 +-
> crypto/asymmetric_keys/x509_cert_parser.c | 31 +++++++++++++
> crypto/testmgr.c | 24 +++++++++--
> crypto/testmgr.h | 5 +++
> include/crypto/akcipher.h | 18 ++++----
> include/crypto/public_key.h | 4 ++
> 8 files changed, 136 insertions(+), 29 deletions(-)
>
Looks good to me.
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
By the way:
> @@ -400,11 +401,12 @@ static inline int crypto_akcipher_set_pub_key(struct crypto_akcipher *tfm,
> * crypto_akcipher_set_priv_key() - Invoke set private key operation
> *
> * Function invokes the algorithm specific set key function, which knows
> - * how to decode and interpret the encoded key
> + * how to decode and interpret the encoded keya and parameters
Seems to be a stray 'a' after 'key'?
Regards,
-Denis
WARNING: multiple messages have this Message-ID (diff)
From: Denis Kenzior <denkenz@gmail.com>
To: Vitaly Chikunov <vt@altlinux.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
David Howells <dhowells@redhat.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v9 05/10] X.509: parse public key parameters from x509 for akcipher
Date: Thu, 11 Apr 2019 12:18:36 -0500 [thread overview]
Message-ID: <48828e0e-0aef-dece-e7ad-4c0ea9cefbe7@gmail.com> (raw)
In-Reply-To: <20190411155122.13245-6-vt@altlinux.org>
Hi Vitaly,
On 04/11/2019 10:51 AM, Vitaly Chikunov wrote:
> Some public key algorithms (like EC-DSA) keep in parameters field
> important data such as digest and curve OIDs (possibly more for
> different EC-DSA variants). Thus, just setting a public key (as
> for RSA) is not enough.
>
> Append parameters into the key stream for akcipher_set_{pub,priv}_key.
> Appended data is: (u32) algo OID, (u32) parameters length, parameters
> data.
>
> This does not affect current akcipher API nor RSA ciphers (they could
> ignore it). Idea of appending parameters to the key stream is by Herbert
> Xu.
>
> Cc: David Howells <dhowells@redhat.com>
> Cc: Denis Kenzior <denkenz@gmail.com>
> Cc: keyrings@vger.kernel.org
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> ---
> crypto/asymmetric_keys/asym_tpm.c | 9 +++-
> crypto/asymmetric_keys/public_key.c | 72 ++++++++++++++++++++++++-------
> crypto/asymmetric_keys/x509.asn1 | 2 +-
> crypto/asymmetric_keys/x509_cert_parser.c | 31 +++++++++++++
> crypto/testmgr.c | 24 +++++++++--
> crypto/testmgr.h | 5 +++
> include/crypto/akcipher.h | 18 ++++----
> include/crypto/public_key.h | 4 ++
> 8 files changed, 136 insertions(+), 29 deletions(-)
>
Looks good to me.
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
By the way:
> @@ -400,11 +401,12 @@ static inline int crypto_akcipher_set_pub_key(struct crypto_akcipher *tfm,
> * crypto_akcipher_set_priv_key() - Invoke set private key operation
> *
> * Function invokes the algorithm specific set key function, which knows
> - * how to decode and interpret the encoded key
> + * how to decode and interpret the encoded keya and parameters
Seems to be a stray 'a' after 'key'?
Regards,
-Denis
next prev parent reply other threads:[~2019-04-11 17:18 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-11 15:51 [PATCH v9 00/10] crypto: add EC-RDSA (GOST 34.10) algorithm Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 01/10] crypto: akcipher - default implementations for request callbacks Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 02/10] crypto: rsa - unimplement sign/verify for raw RSA backends Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 03/10] crypto: akcipher - new verify API for public key algorithms Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 04/10] KEYS: do not kmemdup digest in {public,tpm}_key_verify_signature Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 05/10] X.509: parse public key parameters from x509 for akcipher Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 17:18 ` Denis Kenzior [this message]
2019-04-11 17:18 ` Denis Kenzior
2019-04-11 21:08 ` Vitaly Chikunov
2019-04-12 3:28 ` Herbert Xu
2019-04-11 15:51 ` [PATCH v9 06/10] crypto: Kconfig - create Public-key cryptography section Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 07/10] crypto: ecc - make ecc into separate module Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 08/10] crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 09/10] crypto: ecrdsa - add EC-RDSA test vectors to testmgr Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-11 15:51 ` [PATCH v9 10/10] integrity: support EC-RDSA signatures for asymmetric_verify Vitaly Chikunov
2019-04-11 15:51 ` Vitaly Chikunov
2019-04-18 14:25 ` [PATCH v9 00/10] crypto: add EC-RDSA (GOST 34.10) algorithm Herbert Xu
2019-04-18 14:25 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48828e0e-0aef-dece-e7ad-4c0ea9cefbe7@gmail.com \
--to=denkenz@gmail.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=vt@altlinux.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.