From: Stephan Mueller <smueller@chronox.de>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: Tadeusz Struk <tadeusz.struk@intel.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
David Howells <dhowells@redhat.com>,
linux-crypto@vger.kernel.org
Subject: Re: Proposal for adding setpubkey callback to akcipher_alg
Date: Mon, 03 Aug 2015 09:15:12 +0200 [thread overview]
Message-ID: <14682477.78a1L9JDin@myon.chronox.de> (raw)
In-Reply-To: <70C201C0-233D-4912-9856-C8C0E7A6A0FA@holtmann.org>
Am Montag, 3. August 2015, 00:03:03 schrieb Marcel Holtmann:
Hi Marcel,
> Hi Stephan,
>
> >> I think we need to split the akcipher_alg setkey callback into a setkey
> >> and
> >> setpubkey.
> >>
> >> diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
> >> index 69d163e39101..ca93952b6d19 100644
> >> --- a/include/crypto/akcipher.h
> >> +++ b/include/crypto/akcipher.h
> >> @@ -91,6 +91,8 @@ struct akcipher_alg {
> >>
> >> int (*decrypt)(struct akcipher_request *req);
> >> int (*setkey)(struct crypto_akcipher *tfm, const void *key,
> >>
> >> unsigned int keylen);
> >>
> >> + int (*setpubkey)(struct crypto_akcipher *tfm, const void *key,
> >> + unsigned int keylen);
> >>
> >> int (*init)(struct crypto_akcipher *tfm);
> >> void (*exit)(struct crypto_akcipher *tfm);
> >>
> >> If the cipher actually uses two different formats for the public +
> >> private
> >
> > The public key is n + e.
> >
> > The private key is n + d.
>
> for RSA Public Key it is just n and e. However for RSA Private Key it is n
> and e and d and also version, primes etc. So the RSA Public Key contains a
> sequence of 2 integers and the RSA Private Key contains a sequence of 9
> integers.
> > Both are encoded in the BER structure the current API requires. It is
> > perfectly valid to provide only n + e when you do public key operations.
>
> And from an API perspective that is fully wrong from my point of view. We
> just invented another format that is not in any standard. The two standard
> key formats for RSA are RSA Private Key and RSA Public Key. These are the
> ones we should support.
>
> The format with n plus e and optionally d is total Linux invention as far as
> I can tell. And I do not want this exposed to userspace.
>
> For a clean separation I think splitting this into setkey for the RSA
> Private Key and setpubkey for the RSA Public Key is pretty obvious choice.
Please define exactly what your pubkey and your privkey contains. Even when I
think of the DER keys from OpenSSL, we once have n+e and once n+e+d (see
asn1dump), no?
> > Please see in the testmgr.h for the 2048 bit key test vector (i.e. the one
> > with public_key_vec = true). The BER structure has nice comments from
> > Tadeusz to indicate it only contains n and e without d.
>
> And it is totally made up format. Why would you force conversion of a RSA
BER is a made up implementation? I do not think so:
https://en.wikipedia.org/wiki/Basic_Encoding_Rules
Or do you say that the kernel's implementation of BER is broken?
> Public Key or RSA Private Key in DER format into this format. This Linux
> only input format makes it just complicated for no reason. It is also not
> documented anywhere as I can tell. I had to dig this out of the code and
> rsakey.asn1.
>
> As mentioned above, splitting this into two functions makes this simpler.
> For all intense and purposes this is akcipher so we always either have
> public/private key pair or we just have the public key. And at least with
> RSA they are defined as two independent formats.
I can see that user space (e.g. libkcapi) has such two functions. But
currently I do not see such distinction necessary in the kernel as mentioned
above.
>
> Since the parsing of the key data is not a generic handling, I do not see a
> good enough reason to invent new formats. Use the format the cipher you
> implement already has defined.
> > Thus, I do not currently understand your request. May I ask you to give
> > more explanation why the use of BER is insufficient?
>
> Tell me how you create this Linux specific BER encoded key. I would like
> someone to provide the magic OpenSSL conversion command line to get this.
Again: there is no DER to BER converter that I am aware of. Agreed, that
should be there. But currently I do not see that the kernel should do that.
> Hand crafting such keys when there is a standard format for RSA Private Key
> and RSA Public Key makes no sense whatsoever.
Fully agreed. Thus, a BER encoder is on my agenda for libkcapi.
--
Ciao
Stephan
next prev parent reply other threads:[~2015-08-03 7:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-03 5:28 Proposal for adding setpubkey callback to akcipher_alg Marcel Holtmann
2015-08-03 6:39 ` Stephan Mueller
2015-08-03 7:03 ` Marcel Holtmann
2015-08-03 7:15 ` Stephan Mueller [this message]
2015-08-03 7:25 ` Marcel Holtmann
2015-08-05 2:46 ` Herbert Xu
2015-08-05 4:02 ` Marcel Holtmann
2015-08-05 4:06 ` Herbert Xu
2015-08-05 4:33 ` Marcel Holtmann
2015-08-05 5:10 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14682477.78a1L9JDin@myon.chronox.de \
--to=smueller@chronox.de \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=tadeusz.struk@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox