From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Lukas Wunner" <lukas@wunner.de>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
"Eric Biggers" <ebiggers@google.com>,
"Stefan Berger" <stefanb@linux.ibm.com>,
"Vitaly Chikunov" <vt@altlinux.org>,
"Tadeusz Struk" <tstruk@gigaio.com>
Cc: "David Howells" <dhowells@redhat.com>,
"Andrew Zaborowski" <andrew.zaborowski@intel.com>,
"Saulo Alessandre" <saulo.alessandre@tse.jus.br>,
"Jonathan Cameron" <Jonathan.Cameron@huawei.com>,
"Ignat Korchagin" <ignat@cloudflare.com>,
"Marek Behun" <kabel@kernel.org>,
"Varad Gautam" <varadgautam@google.com>,
"Stephan Mueller" <smueller@chronox.de>,
"Denis Kenzior" <denkenz@gmail.com>,
<linux-crypto@vger.kernel.org>, <keyrings@vger.kernel.org>
Subject: Re: [PATCH v2 02/19] crypto: sig - Introduce sig_alg backend
Date: Wed, 11 Sep 2024 15:12:33 +0300 [thread overview]
Message-ID: <D43G1XSAWTQF.OG1Z8K18DUVF@kernel.org> (raw)
In-Reply-To: <688e92e7db6f2de1778691bb7cdafe3bb39e73c6.1725972334.git.lukas@wunner.de>
On Tue Sep 10, 2024 at 5:30 PM EEST, Lukas Wunner wrote:
> Commit 6cb8815f41a9 ("crypto: sig - Add interface for sign/verify")
> began a transition of asymmetric sign/verify operations from
> crypto_akcipher to a new crypto_sig frontend.
>
> Internally, the crypto_sig frontend still uses akcipher_alg as backend,
> however:
>
> "The link between sig and akcipher is meant to be temporary. The
> plan is to create a new low-level API for sig and then migrate
> the signature code over to that from akcipher."
> https://lore.kernel.org/r/ZrG6w9wsb-iiLZIF@gondor.apana.org.au/
>
> "having a separate alg for sig is definitely where we want to
> be since there is very little that the two types actually share."
> https://lore.kernel.org/r/ZrHlpz4qnre0zWJO@gondor.apana.org.au/
>
> Take the next step of that migration and augment the crypto_sig frontend
> with a sig_alg backend to which all algorithms can be moved.
>
> During the migration, there will briefly be signature algorithms that
> are still based on crypto_akcipher, whilst others are already based on
> crypto_sig. Allow for that by building a fork into crypto_sig_*() API
> calls (i.e. crypto_sig_maxsize() and friends) such that one of the two
> backends is selected based on the transform's cra_type.
>
> Signed-off-by: Lukas Wunner <lukas@wunner.de>
> ---
> Documentation/crypto/api-sig.rst | 15 +++
> Documentation/crypto/api.rst | 1 +
> Documentation/crypto/architecture.rst | 2 +
> crypto/sig.c | 143 +++++++++++++++++++++++++-
> crypto/testmgr.c | 115 +++++++++++++++++++++
> crypto/testmgr.h | 13 +++
> include/crypto/internal/sig.h | 80 ++++++++++++++
> include/crypto/sig.h | 61 +++++++++++
> include/uapi/linux/cryptouser.h | 5 +
> 9 files changed, 433 insertions(+), 2 deletions(-)
> create mode 100644 Documentation/crypto/api-sig.rst
>
> diff --git a/Documentation/crypto/api-sig.rst b/Documentation/crypto/api-sig.rst
> new file mode 100644
> index 000000000000..e5e87e106884
> --- /dev/null
> +++ b/Documentation/crypto/api-sig.rst
> @@ -0,0 +1,15 @@
> +Asymmetric Signature Algorithm Definitions
> +------------------------------------------
> +
> +.. kernel-doc:: include/crypto/sig.h
> + :functions: sig_alg
> +
> +Asymmetric Signature API
> +------------------------
> +
> +.. kernel-doc:: include/crypto/sig.h
> + :doc: Generic Public Key Signature API
> +
> +.. kernel-doc:: include/crypto/sig.h
> + :functions: crypto_alloc_sig crypto_free_sig crypto_sig_set_pubkey crypto_sig_set_privkey crypto_sig_maxsize crypto_sig_sign crypto_sig_verify
> +
> diff --git a/Documentation/crypto/api.rst b/Documentation/crypto/api.rst
> index ff31c30561d4..8b2a90521886 100644
> --- a/Documentation/crypto/api.rst
> +++ b/Documentation/crypto/api.rst
> @@ -10,4 +10,5 @@ Programming Interface
> api-digest
> api-rng
> api-akcipher
> + api-sig
> api-kpp
> diff --git a/Documentation/crypto/architecture.rst b/Documentation/crypto/architecture.rst
> index 646c3380a7ed..15dcd62fd22f 100644
> --- a/Documentation/crypto/architecture.rst
> +++ b/Documentation/crypto/architecture.rst
> @@ -214,6 +214,8 @@ the aforementioned cipher types:
>
> - CRYPTO_ALG_TYPE_AKCIPHER Asymmetric cipher
>
> +- CRYPTO_ALG_TYPE_SIG Asymmetric signature
> +
> - CRYPTO_ALG_TYPE_PCOMPRESS Enhanced version of
> CRYPTO_ALG_TYPE_COMPRESS allowing for segmented compression /
> decompression instead of performing the operation on one segment
I'd split the documentation update. It's not strictly necessary as it is
still part of crypto (e.g. not kernel-parameters.txt) but they are still
too disjoint logical artifacts that you need to review separately.
> diff --git a/crypto/sig.c b/crypto/sig.c
> index 7645bedf3a1f..4f36ceb7a90b 100644
> --- a/crypto/sig.c
> +++ b/crypto/sig.c
> @@ -21,14 +21,38 @@
>
> static const struct crypto_type crypto_sig_type;
>
> +static void crypto_sig_exit_tfm(struct crypto_tfm *tfm)
> +{
> + struct crypto_sig *sig = __crypto_sig_tfm(tfm);
> + struct sig_alg *alg = crypto_sig_alg(sig);
> +
> + alg->exit(sig);
> +}
> +
> static int crypto_sig_init_tfm(struct crypto_tfm *tfm)
> {
> if (tfm->__crt_alg->cra_type != &crypto_sig_type)
> return crypto_init_akcipher_ops_sig(tfm);
>
> + struct crypto_sig *sig = __crypto_sig_tfm(tfm);
> + struct sig_alg *alg = crypto_sig_alg(sig);
> +
> + if (alg->exit)
> + sig->base.exit = crypto_sig_exit_tfm;
> +
> + if (alg->init)
> + return alg->init(sig);
1. alg->exit == NULL, alg->init == NULL
2. alg->exit != NULL, alg->init == NULL
3. alg->exit == NULL, alg->init != NULL
Which of the three are legit use of the API and which are not?
BR, Jarkko
next prev parent reply other threads:[~2024-09-11 12:12 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-10 14:30 [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-09-10 14:30 ` Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 01/19] crypto: ecdsa - Drop unused test vector elements Lukas Wunner
2024-09-10 18:49 ` Stefan Berger
2024-09-11 11:52 ` Jarkko Sakkinen
2024-09-12 7:59 ` Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 02/19] crypto: sig - Introduce sig_alg backend Lukas Wunner
2024-09-11 12:12 ` Jarkko Sakkinen [this message]
2024-09-12 7:54 ` Lukas Wunner
2024-09-12 14:19 ` Jarkko Sakkinen
2024-09-12 15:27 ` Lukas Wunner
2024-09-12 17:14 ` Jarkko Sakkinen
2024-11-18 7:56 ` Jarkko Sakkinen
2024-09-13 18:40 ` Jonathan Cameron
2024-09-10 14:30 ` [PATCH v2 03/19] crypto: ecdsa - Migrate to " Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 04/19] crypto: ecrdsa " Lukas Wunner
2024-09-11 12:49 ` Jarkko Sakkinen
2024-09-12 8:05 ` Lukas Wunner
2024-09-12 14:20 ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 05/19] crypto: rsa-pkcs1pad - Deduplicate set_{pub,priv}_key callbacks Lukas Wunner
2024-09-10 19:03 ` Stefan Berger
2024-09-11 12:54 ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 06/19] crypto: rsassa-pkcs1 - Migrate to sig_alg backend Lukas Wunner
2024-09-11 12:56 ` Jarkko Sakkinen
2024-10-21 16:08 ` Klara Modin
2024-10-21 19:02 ` Lukas Wunner
2024-10-22 10:15 ` Klara Modin
2024-10-23 10:19 ` Klara Modin
2024-10-25 7:17 ` Lukas Wunner
2024-10-25 16:50 ` Eric Biggers
2024-10-26 9:40 ` Klara Modin
2024-10-28 11:45 ` Klara Modin
2024-09-10 14:30 ` [PATCH v2 07/19] crypto: rsassa-pkcs1 - Harden digest length verification Lukas Wunner
2024-09-11 12:58 ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 08/19] crypto: rsassa-pkcs1 - Avoid copying hash prefix Lukas Wunner
2024-09-11 13:00 ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 09/19] crypto: virtio - Drop sign/verify operations Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 10/19] crypto: drivers " Lukas Wunner
2024-09-10 14:30 ` Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 11/19] crypto: akcipher " Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 12/19] crypto: sig - Move crypto_sig_*() API calls to include file Lukas Wunner
2024-09-10 19:24 ` Stefan Berger
2024-09-10 14:30 ` [PATCH v2 13/19] ASN.1: Clean up include statements in public headers Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 14/19] crypto: ecdsa - Avoid signed integer overflow on signature decoding Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 15/19] crypto: ecdsa - Move X9.62 signature decoding into template Lukas Wunner
2024-09-10 20:46 ` Stefan Berger
2024-09-10 14:30 ` [PATCH v2 16/19] crypto: sig - Rename crypto_sig_maxsize() to crypto_sig_keysize() Lukas Wunner
2024-09-11 13:02 ` Jarkko Sakkinen
2024-09-12 8:12 ` Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 17/19] crypto: ecdsa - Move X9.62 signature size calculation into template Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 18/19] crypto: ecdsa - Support P1363 signature decoding Lukas Wunner
2024-09-10 21:46 ` Stefan Berger
2024-09-10 14:30 ` [PATCH v2 19/19] crypto: ecrdsa - Fix signature size calculation Lukas Wunner
2024-10-01 9:17 ` [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-10-01 9:17 ` Lukas Wunner
2024-10-05 5:27 ` Herbert Xu
2024-10-05 5:27 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D43G1XSAWTQF.OG1Z8K18DUVF@kernel.org \
--to=jarkko@kernel.org \
--cc=Jonathan.Cameron@huawei.com \
--cc=andrew.zaborowski@intel.com \
--cc=davem@davemloft.net \
--cc=denkenz@gmail.com \
--cc=dhowells@redhat.com \
--cc=ebiggers@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=kabel@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=saulo.alessandre@tse.jus.br \
--cc=smueller@chronox.de \
--cc=stefanb@linux.ibm.com \
--cc=tstruk@gigaio.com \
--cc=varadgautam@google.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.