[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.OSX.2.20.1606230832370.22282@alvander-mobl1.amr.corp.intel.com>
Date: Thu, 23 Jun 2016 08:46:42 -0700 (PDT)
From: Mat Martineau <mathew.j.martineau@...ux.intel.com>
To: David Howells <dhowells@...hat.com>
cc: mathew.j.martineau@...ux.intel.com, dwmw2@...radead.org,
tadeusz.struk@...el.com, linux-security-module@...r.kernel.org,
keyrings@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-crypto@...r.kernel.org
Subject: Re: [PATCH 5/8] KEYS: Provide software public key query function
[ver #2]
David,
On Thu, 23 Jun 2016, David Howells wrote:
> Provide a query function for the software public key implementation. This
> permits information about such a key to be obtained using
> query_asymmetric_key() or KEYCTL_PKEY_QUERY.
>
> Signed-off-by: David Howells <dhowells@...hat.com>
> ---
>
> crypto/asymmetric_keys/public_key.c | 96 ++++++++++++++++++++++++++++++-----
> 1 file changed, 82 insertions(+), 14 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
> index fd76b5fc3b3a..a48a47a1dff0 100644
> --- a/crypto/asymmetric_keys/public_key.c
> +++ b/crypto/asymmetric_keys/public_key.c
> @@ -57,6 +57,81 @@ static void public_key_destroy(void *payload0, void *payload3)
> public_key_signature_free(payload3);
> }
>
> +/*
> + * Determine the crypto algorithm name.
> + */
> +static
> +int software_key_determine_akcipher(const char *encoding,
> + const char *hash_algo,
> + const struct public_key *pkey,
> + char alg_name[CRYPTO_MAX_ALG_NAME])
> +{
> + int n;
> +
> + if (strcmp(encoding, "pkcs1") == 0) {
> + /* The data wangled by the RSA algorithm is typically padded
> + * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
> + * sec 8.2].
> + */
> + if (!hash_algo)
> + n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
> + "pkcs1pad(%s)",
> + pkey->pkey_algo);
Did you see Herbert's patch that strips out non-hash pkcs1pad capabilities
(and the ensuing discussion)?
http://www.spinics.net/lists/linux-crypto/index.html#20432
I'm making use of pkcs1pad(rsa) with a TLS implementation, so it's good to
see it supported here.
> + else
> + n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
> + "pkcs1pad(%s,%s)",
> + pkey->pkey_algo, hash_algo);
> + return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
> + }
> +
> + if (strcmp(encoding, "raw") == 0) {
> + strcpy(alg_name, pkey->pkey_algo);
> + return 0;
> + }
> +
> + return -ENOPKG;
> +}
Regards,
--
Mat Martineau
Intel OTC
Powered by blists - more mailing lists