lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 18 Jan 2012 12:49:56 +0000
From:	David Howells <dhowells@...hat.com>
To:	"Kasatkin, Dmitry" <dmitry.kasatkin@...el.com>
Cc:	dhowells@...hat.com, keyrings@...ux-nfs.org,
	linux-crypto@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, zohar@...ux.vnet.ibm.com,
	arjan.van.de.ven@...el.com, alan.cox@...el.com
Subject: Re: [PATCH 16/21] KEYS: PGP-based public key signature verification [ver #3]

Kasatkin, Dmitry <dmitry.kasatkin@...el.com> wrote:

> Synchronous hash SHASH is used only for software hash implementation...
> HW acceleration is not supported by this hash.
> It is good for short data.
> But when calculating a hash over long data as files can be,
> async hash AHASH is a preferred choice as enables HW acceleration.

Indeed.  The asynchronous hash is a pain to use in the kernel, though, for a
couple of reasons: kernel addresses don't necessarily correspond to addresses
the h/w accel will see and you have to handle the h/w not signalling
completion.  Herbert created shash to make it easier, and for module signing,
they're perfectly sufficient.

> As in my response to [PATCH 08/21] KEYS: Add signature verification facility
> [ver #3] It would be nice to have API to pass pre-computed hash, then client
> might tackle async peculiarities by itself...

True.  If you can give me the completed hash data, then I don't need to care
how you managed it.  If you give me an uncompleted hash, I then have to deal
with the async hash in the kernel.

It might make sense for me to provide an API call to give you the postamble you
need to add to the hash to complete it.  That call could also indicate which
hash you require and could also be combined with the call to find the
appropriate key.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ