From: Tadeusz Struk <tadeusz.struk@intel.com>
To: Marcel Holtmann <marcel@holtmann.org>,
David Howells <dhowells@redhat.com>
Cc: Stephan Mueller <smueller@chronox.de>, linux-crypto@vger.kernel.org
Subject: Re: Limited usefulness of RSA set key function
Date: Mon, 03 Aug 2015 10:52:28 -0700 [thread overview]
Message-ID: <55BFAA5C.6010101@intel.com> (raw)
In-Reply-To: <6C3A9837-2B02-4133-B916-40F0F1BAF51B@holtmann.org>
On 08/03/2015 10:39 AM, Marcel Holtmann wrote:
> I already have patches for that actually. The question is just which approach to take?
>
> My current proposal is to separate the current crypto_akcipher_setkey into two functions. Use the crypto_akcipher_setkey for loading combined private and public key formats and crypto_akcipher_setpubkey for just loading the public key only format.
I would prefer to have one setkey function if possible.
>
> One other option is actually for crypto_akcipher_setkey to use struct public_key from include/crypto/public_key.h. I mean we have this all defined. Why do we operate on binary blobs for the keys in the first place. For example if the key comes from a certificate in the keyring, lets just use that data. Most likely the asymmetric key type already decoded it nicely for us. No need to do this again.
That was the first proposal to use this struct, but it was rejected. Looks like MPIs are not acceptable on the API.
I think it make sense now as it will only be useful for the SW implementation. For hardware the easiest way is to take
it in this form.
>
> I mean there is more than RSA out there and this would allow us to express struct public_key_algorithm in addition to the allowed applications of said key as well. This would properly also allow us to combine the crypto/asymmetric_keys/rsa.c and crypto/rsa.c so that we only have a single RSA implementation. Not to mention that we also have lib/digsig.c in the kernel.
The crypto/asymmetric_keys/ will be converted to the new api and crypto/asymmetric_keys/rsa.c removed soon.
next prev parent reply other threads:[~2015-08-03 17:53 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-03 4:16 Limited usefulness of RSA set key function Marcel Holtmann
2015-08-03 6:45 ` Stephan Mueller
2015-08-03 7:14 ` Marcel Holtmann
2015-08-03 7:18 ` Stephan Mueller
2015-08-03 7:30 ` Marcel Holtmann
2015-08-03 17:11 ` Tadeusz Struk
2015-08-03 17:39 ` Marcel Holtmann
2015-08-03 17:52 ` Tadeusz Struk [this message]
2015-08-03 18:20 ` Marcel Holtmann
2015-08-03 18:32 ` Tadeusz Struk
2015-08-03 18:11 ` Marcel Holtmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55BFAA5C.6010101@intel.com \
--to=tadeusz.struk@intel.com \
--cc=dhowells@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.