* Re: [PATCH v2 0/2] crypto: streebog - add Streebog hash function
[not found] ` <20181017060851.r5mxvpq3l2ycvpio@gondor.apana.org.au>
@ 2018-11-03 5:51 ` Vitaly Chikunov
2018-11-05 12:48 ` Mimi Zohar
0 siblings, 1 reply; 4+ messages in thread
From: Vitaly Chikunov @ 2018-11-03 5:51 UTC (permalink / raw)
To: Herbert Xu
Cc: David S. Miller, linux-crypto, linux-kernel, linux-integrity,
Mimi Zohar, Dmitry Kasatkin
Herbert,
On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote:
> On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote:
> >
> > It is the first part of attempts to add to the Integrity subsystem
> > ability of verifying file and module signatures by Russian GOST
> > algorithms.
>
> It would be better if these patches are posted together. That
> way we don't end up with a situation where the algorithm goes into
> the kernel but the ultimate user is rejected.
IMA does not need any particular patching inside of their subtree to
support new hash, because it is using any hash registered in Hash Info
which is still under crypto subtree. I added appropriate patch into v3
which is already posted a week ago, and tested it to work correctly with
ima_appraise=fix.
Thanks,
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] crypto: streebog - add Streebog hash function
2018-11-03 5:51 ` [PATCH v2 0/2] crypto: streebog - add Streebog hash function Vitaly Chikunov
@ 2018-11-05 12:48 ` Mimi Zohar
2018-11-05 12:55 ` Vitaly Chikunov
0 siblings, 1 reply; 4+ messages in thread
From: Mimi Zohar @ 2018-11-05 12:48 UTC (permalink / raw)
To: Vitaly Chikunov, Herbert Xu
Cc: David S. Miller, linux-crypto, linux-kernel, linux-integrity,
Mimi Zohar, Dmitry Kasatkin
On Sat, 2018-11-03 at 08:51 +0300, Vitaly Chikunov wrote:
> Herbert,
>
> On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote:
> > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote:
> > >
> > > It is the first part of attempts to add to the Integrity subsystem
> > > ability of verifying file and module signatures by Russian GOST
> > > algorithms.
> >
> > It would be better if these patches are posted together. That
> > way we don't end up with a situation where the algorithm goes into
> > the kernel but the ultimate user is rejected.
>
> IMA does not need any particular patching inside of their subtree to
> support new hash, because it is using any hash registered in Hash Info
> which is still under crypto subtree. I added appropriate patch into v3
> which is already posted a week ago, and tested it to work correctly with
> ima_appraise=fix.
That's true, but the target subsystem should be made aware of the new
usage.
Thanks, Herbert.
Mimi
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] crypto: streebog - add Streebog hash function
2018-11-05 12:48 ` Mimi Zohar
@ 2018-11-05 12:55 ` Vitaly Chikunov
2018-11-05 13:01 ` Mimi Zohar
0 siblings, 1 reply; 4+ messages in thread
From: Vitaly Chikunov @ 2018-11-05 12:55 UTC (permalink / raw)
To: Mimi Zohar
Cc: Herbert Xu, David S. Miller, linux-crypto, linux-kernel,
linux-integrity, Mimi Zohar, Dmitry Kasatkin
Mimi,
On Mon, Nov 05, 2018 at 07:48:33AM -0500, Mimi Zohar wrote:
> On Sat, 2018-11-03 at 08:51 +0300, Vitaly Chikunov wrote:
> > On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote:
> > > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote:
> > > >
> > > > It is the first part of attempts to add to the Integrity subsystem
> > > > ability of verifying file and module signatures by Russian GOST
> > > > algorithms.
> > >
> > > It would be better if these patches are posted together. That
> > > way we don't end up with a situation where the algorithm goes into
> > > the kernel but the ultimate user is rejected.
> >
> > IMA does not need any particular patching inside of their subtree to
> > support new hash, because it is using any hash registered in Hash Info
> > which is still under crypto subtree. I added appropriate patch into v3
> > which is already posted a week ago, and tested it to work correctly with
> > ima_appraise=fix.
>
> That's true, but the target subsystem should be made aware of the new
> usage.
Did you mean by re-sending the patch with Cc to linux-integrity? Or
something more?
Thanks,
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] crypto: streebog - add Streebog hash function
2018-11-05 12:55 ` Vitaly Chikunov
@ 2018-11-05 13:01 ` Mimi Zohar
0 siblings, 0 replies; 4+ messages in thread
From: Mimi Zohar @ 2018-11-05 13:01 UTC (permalink / raw)
To: Vitaly Chikunov
Cc: Herbert Xu, David S. Miller, linux-crypto, linux-kernel,
linux-integrity, Mimi Zohar, Dmitry Kasatkin
On Mon, 2018-11-05 at 15:55 +0300, Vitaly Chikunov wrote:
> Mimi,
>
> On Mon, Nov 05, 2018 at 07:48:33AM -0500, Mimi Zohar wrote:
> > On Sat, 2018-11-03 at 08:51 +0300, Vitaly Chikunov wrote:
> > > On Wed, Oct 17, 2018 at 02:08:51PM +0800, Herbert Xu wrote:
> > > > On Fri, Oct 12, 2018 at 09:41:05AM +0300, Vitaly Chikunov wrote:
> > > > >
> > > > > It is the first part of attempts to add to the Integrity subsystem
> > > > > ability of verifying file and module signatures by Russian GOST
> > > > > algorithms.
> > > >
> > > > It would be better if these patches are posted together. That
> > > > way we don't end up with a situation where the algorithm goes into
> > > > the kernel but the ultimate user is rejected.
> > >
> > > IMA does not need any particular patching inside of their subtree to
> > > support new hash, because it is using any hash registered in Hash Info
> > > which is still under crypto subtree. I added appropriate patch into v3
> > > which is already posted a week ago, and tested it to work correctly with
> > > ima_appraise=fix.
> >
> > That's true, but the target subsystem should be made aware of the new
> > usage.
>
> Did you mean by re-sending the patch with Cc to linux-integrity? Or
> something more?
Just as future reference. For now, please feel free to add my
Reviewed-by on the "crypto: streebog - register Streebog in hash info
for IMA" patch.
Mimi
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-11-05 13:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20181010121254.12220-1-vt@altlinux.org>
[not found] ` <20181012061659.mextetc3v7urqkzx@gondor.apana.org.au>
[not found] ` <20181012064105.bchujbwoaszrcu3l@sole.flsd.net>
[not found] ` <20181017060851.r5mxvpq3l2ycvpio@gondor.apana.org.au>
2018-11-03 5:51 ` [PATCH v2 0/2] crypto: streebog - add Streebog hash function Vitaly Chikunov
2018-11-05 12:48 ` Mimi Zohar
2018-11-05 12:55 ` Vitaly Chikunov
2018-11-05 13:01 ` Mimi Zohar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).