Re: [PATCH RFC v3 2/3] crypto: RSA: KEYS: convert rsa and public key to new PKE API

linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Paul Bolle <pebolle@tiscali.nl>
To: Tadeusz Struk <tadeusz.struk@intel.com>
Cc: herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org,
	keescook@chromium.org, jwboyer@redhat.com, richard@nod.at,
	steved@redhat.com, qat-linux@intel.com, dhowells@redhat.com,
	linux-crypto@vger.kernel.org, james.l.morris@oracle.com,
	jkosina@suse.cz, zohar@linux.vnet.ibm.com, davem@davemloft.net,
	vgoyal@redhat.com
Subject: Re: [PATCH RFC v3 2/3] crypto: RSA: KEYS: convert rsa and public key to new PKE API
Date: Fri, 05 Jun 2015 10:50:12 +0200	[thread overview]
Message-ID: <1433494212.3358.16.camel@x220> (raw)
In-Reply-To: <20150603224414.22310.17260.stgit@tstruk-mobl1>

A few remarks, perhaps not of the kind you'd like for an RFC, that I
hope are still relevant after Herbert's comment.

On Wed, 2015-06-03 at 15:44 -0700, Tadeusz Struk wrote:
> --- a/crypto/asymmetric_keys/Makefile
> +++ b/crypto/asymmetric_keys/Makefile
> @@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
>  
>  obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
>  obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o
> +obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa_pkcs1_v1_5.o

This builds two modules if PUBLIC_KEY_ALGO_RSA = 'm': rsa.ko and
rsa_pkcs1_v1_5.ko. Is that what you want?
 
> --- a/crypto/asymmetric_keys/public_key.c
> +++ b/crypto/asymmetric_keys/public_key.c

> +int rsa_pkcs1_v1_5_verify_signature(const struct public_key *pkey,
> +				    const struct public_key_signature *sig);
> +

> -int public_key_verify_signature(const struct public_key *pk,
> +int public_key_verify_signature(const struct public_key *pkey,
>  				const struct public_key_signature *sig)
>  {
> [...]
> -	return algo->verify_signature(pk, sig);
> +	return rsa_pkcs1_v1_5_verify_signature(pkey, sig);
>  }


> --- a/crypto/asymmetric_keys/rsa.c
> +++ b/crypto/asymmetric_keys/rsa.c
 
>  MODULE_LICENSE("GPL");
>  MODULE_DESCRIPTION("RSA Public Key Algorithm");

> +static int rsa_init(void)
> +{
> +	return crypto_register_akcipher(&rsa);
> +}

Is there a reason not to mark this __init? (This is not a rhetorical
question, perhaps there really is.)

> +static void rsa_exit(void)
> +{
> +	crypto_unregister_akcipher(&rsa);
> +}

Ditto for __exit.

> +module_init(rsa_init);
> +module_exit(rsa_exit);
> +MODULE_ALIAS_CRYPTO("rsa");

Could the MODULE_* macros be grouped in one place please?

> --- /dev/null
> +++ b/crypto/asymmetric_keys/rsa_pkcs1_v1_5.c

> +/*
> + * Perform the verification step [RFC3447 sec 8.2.2].
> + */
> +int rsa_pkcs1_v1_5_verify_signature(const struct public_key *pkey,
> +				    const struct public_key_signature *sig)
> +{
> [...]
> +}

public_key.c uses this, so it can end up in public_key.ko. But it's not
exported. So a _quick and dirty_ build test generated:
    WARNING: "rsa_pkcs1_v1_5_verify_signature" [[...]/crypto/asymmetric_keys/public_key.ko] undefined!

Also no MODULE_LICENSE() macro, so loading rsa_pkcs1_v1_5.ko should
trigger a warning and taint the kernel.

Thanks,


Paul Bolle

next prev parent reply	other threads:[~2015-06-05  8:50 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-03 22:44 [PATCH RFC v3 0/3] crypto: Introduce Public Key Encryption API Tadeusz Struk
2015-06-03 22:44 ` [PATCH RFC v3 1/3] crypto: add PKE API Tadeusz Struk
2015-06-04  6:49   ` Herbert Xu
2015-06-04 17:23     ` Tadeusz Struk
2015-06-03 22:44 ` [PATCH RFC v3 2/3] crypto: RSA: KEYS: convert rsa and public key to new " Tadeusz Struk
2015-06-04  6:53   ` Herbert Xu
2015-06-04 17:23     ` Tadeusz Struk
2015-06-05  8:50   ` Paul Bolle [this message]
2015-06-05 16:42     ` Tadeusz Struk
2015-06-03 22:44 ` [PATCH RFC v3 3/3] crypto: add tests vectors for RSA Tadeusz Struk
2015-06-04  0:15   ` Stephan Mueller
2015-06-04 16:28     ` Tadeusz Struk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1433494212.3358.16.camel@x220 \
    --to=pebolle@tiscali.nl \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=james.l.morris@oracle.com \
    --cc=jkosina@suse.cz \
    --cc=jwboyer@redhat.com \
    --cc=keescook@chromium.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=qat-linux@intel.com \
    --cc=richard@nod.at \
    --cc=steved@redhat.com \
    --cc=tadeusz.struk@intel.com \
    --cc=vgoyal@redhat.com \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).