From: Tadeusz Struk <tadeusz.struk@intel.com>
To: David Howells <dhowells@redhat.com>
Cc: herbert@gondor.apana.org.au, corbet@lwn.net,
keescook@chromium.org, qat-linux@intel.com, jwboyer@redhat.com,
richard@nod.at, d.kasatkin@samsung.com,
linux-kernel@vger.kernel.org, steved@redhat.com,
vgoyal@redhat.com, james.l.morris@oracle.com, jkosina@suse.cz,
zohar@linux.vnet.ibm.com, davem@davemloft.net, jdelvare@suse.de,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH RFC 2/2] crypto: RSA: KEYS: convert rsa and public key to new PKE API
Date: Fri, 01 May 2015 12:27:58 -0700 [thread overview]
Message-ID: <5543D3BE.3000904@intel.com> (raw)
In-Reply-To: <4394.1430497303@warthog.procyon.org.uk>
On 05/01/2015 09:21 AM, David Howells wrote:
>> + .verify = RSA_verify_signature,
>> > + .capabilities = PKEY_CAN_VERIFY,
> Can we keep .verify_signature as the name of the first. The second is
> redundant given the function pointers.
I'm thinking that .verify will be more generic. If in the future
we would like to implement something that verifies not a signature, but
for instance is a number is a prime, then we can register a "prime" alg
that implements verify and returns true if a number is a prime.
>
> Given that X.509 certs can hang around for a very long time, having a tfm in
> the cert is probably a bad idea as it may pin resources such as crypto h/w.
>
>> > - ctx->cert->pub->pkey_algo = PKEY_ALGO_RSA;
>> > -
> I think you need this rather than the above. You should only get the tfm when
> you actually need it.
>
That's a good point.
Thank you David for all your comments. I'll rework my patches and send v2 soon.
I'll also try to integrate it with your sign-file as you suggested.
Thanks
T
next prev parent reply other threads:[~2015-05-01 19:31 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-30 22:36 [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API Tadeusz Struk
2015-04-30 22:36 ` [PATCH RFC 1/2] crypto: add PKE API Tadeusz Struk
2015-04-30 22:43 ` Herbert Xu
2015-04-30 23:04 ` Tadeusz Struk
2015-05-01 7:24 ` Stephan Mueller
2015-05-01 17:30 ` Tadeusz Struk
2015-05-01 16:04 ` David Howells
2015-05-01 18:17 ` Tadeusz Struk
2015-05-03 0:07 ` Herbert Xu
2015-05-04 19:26 ` Tadeusz Struk
2015-05-05 1:33 ` Herbert Xu
2015-04-30 22:36 ` [PATCH RFC 2/2] crypto: RSA: KEYS: convert rsa and public key to new " Tadeusz Struk
2015-05-01 16:21 ` David Howells
2015-05-01 19:27 ` Tadeusz Struk [this message]
2015-05-01 8:47 ` [PATCH RFC 0/2] crypto: Introduce Public Key Encryption API Jean Delvare
2015-05-01 17:32 ` Tadeusz Struk
2015-05-01 15:53 ` David Howells
2015-05-04 13:16 ` Horia Geantă
2015-05-04 20:42 ` Tadeusz Struk
2015-05-06 11:31 ` Horia Geantă
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5543D3BE.3000904@intel.com \
--to=tadeusz.struk@intel.com \
--cc=corbet@lwn.net \
--cc=d.kasatkin@samsung.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=james.l.morris@oracle.com \
--cc=jdelvare@suse.de \
--cc=jkosina@suse.cz \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=qat-linux@intel.com \
--cc=richard@nod.at \
--cc=steved@redhat.com \
--cc=vgoyal@redhat.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.