From: David Howells <dhowells@redhat.com>
To: Andrew Zaborowski <balrogg@googlemail.com>
Cc: dhowells@redhat.com, Tadeusz Struk <tadeusz.struk@intel.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
zohar@linux.vnet.ibm.com, linux-kernel@vger.kernel.org,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer
Date: Fri, 26 Feb 2016 11:42:14 +0000 [thread overview]
Message-ID: <8830.1456486934@warthog.procyon.org.uk> (raw)
In-Reply-To: <CAOq732KiaTLY9PidbHZ5H8GvDgi5kpxRopd8rDqvrXpCUtwgTg@mail.gmail.com>
Andrew Zaborowski <balrogg@googlemail.com> wrote:
> Without overhauling akcipher you could modify pkcs1pad so that sign
> takes the hash as input, adds the DER struct in front of it to build
> the signature, and the verify operation could at most check that the
> DER string matches the hash type and return the hash. But I think
> RFC2437 suggests that you rather compare the signatures, not the
> hashes.
Whilst that is true about what RFC2437 shows, I wonder how strict it wants to
be about that rather than it just being a convenient way of describing the
algorithm.
The advantage of doing it the way the RFC suggests is that you get to use the
EMSA-PKCS1-V1_5-ENCODE operation twice, thereby saving code and only having
one place for bugs to occur instead of two - but you can argue this either
way.
That said, I would be okay with it returning just the message hash with the
padding stripped off, providing the padding is validated in the crypto layer,
if that's necessary.
David
prev parent reply other threads:[~2016-02-26 11:42 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20160219171806.17223.91381.stgit@warthog.procyon.org.uk>
2016-02-22 19:59 ` [PATCH 0/8] X.509: Software public key subtype changes Tadeusz Struk
[not found] ` <20160219171836.17223.9507.stgit@warthog.procyon.org.uk>
2016-02-22 19:59 ` [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer Tadeusz Struk
2016-02-22 22:28 ` David Howells
2016-02-22 23:35 ` Tadeusz Struk
2016-02-23 10:53 ` David Howells
2016-02-24 17:12 ` [PATCH 0/2] KEYS: Use pkcs1pad for padding in software_pkey Tadeusz Struk
2016-02-24 17:12 ` [PATCH 1/2] crypto: Add hash param to pkcs1pad Tadeusz Struk
2016-02-24 17:12 ` [PATCH 2/2] crypto: remove padding logic from rsa.c Tadeusz Struk
2016-02-26 14:00 ` David Howells
2016-02-26 15:02 ` David Howells
2016-02-27 18:40 ` Herbert Xu
2016-02-28 3:20 ` Tadeusz Struk
2016-02-24 17:28 ` [PATCH 0/2] KEYS: Use pkcs1pad for padding in software_pkey David Howells
2016-02-23 0:01 ` [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer Andrew Zaborowski
2016-02-23 10:55 ` David Howells
2016-02-23 11:25 ` Andrew Zaborowski
2016-02-26 11:42 ` David Howells [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8830.1456486934@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=balrogg@googlemail.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=tadeusz.struk@intel.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).