lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 23 Jun 2016 08:46:42 -0700 (PDT)
From:	Mat Martineau <mathew.j.martineau@...ux.intel.com>
To:	David Howells <dhowells@...hat.com>
cc:	mathew.j.martineau@...ux.intel.com, dwmw2@...radead.org,
	tadeusz.struk@...el.com, linux-security-module@...r.kernel.org,
	keyrings@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-crypto@...r.kernel.org
Subject: Re: [PATCH 5/8] KEYS: Provide software public key query function
 [ver #2]


David,

On Thu, 23 Jun 2016, David Howells wrote:

> Provide a query function for the software public key implementation.  This
> permits information about such a key to be obtained using
> query_asymmetric_key() or KEYCTL_PKEY_QUERY.
>
> Signed-off-by: David Howells <dhowells@...hat.com>
> ---
>
> crypto/asymmetric_keys/public_key.c |   96 ++++++++++++++++++++++++++++++-----
> 1 file changed, 82 insertions(+), 14 deletions(-)
>
> diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
> index fd76b5fc3b3a..a48a47a1dff0 100644
> --- a/crypto/asymmetric_keys/public_key.c
> +++ b/crypto/asymmetric_keys/public_key.c
> @@ -57,6 +57,81 @@ static void public_key_destroy(void *payload0, void *payload3)
> 	public_key_signature_free(payload3);
> }
>
> +/*
> + * Determine the crypto algorithm name.
> + */
> +static
> +int software_key_determine_akcipher(const char *encoding,
> +				    const char *hash_algo,
> +				    const struct public_key *pkey,
> +				    char alg_name[CRYPTO_MAX_ALG_NAME])
> +{
> +	int n;
> +
> +	if (strcmp(encoding, "pkcs1") == 0) {
> +		/* The data wangled by the RSA algorithm is typically padded
> +		 * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
> +		 * sec 8.2].
> +		 */
> +		if (!hash_algo)
> +			n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
> +				     "pkcs1pad(%s)",
> +				     pkey->pkey_algo);

Did you see Herbert's patch that strips out non-hash pkcs1pad capabilities 
(and the ensuing discussion)?

http://www.spinics.net/lists/linux-crypto/index.html#20432

I'm making use of pkcs1pad(rsa) with a TLS implementation, so it's good to 
see it supported here.

> +		else
> +			n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
> +				     "pkcs1pad(%s,%s)",
> +				     pkey->pkey_algo, hash_algo);
> +		return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
> +	}
> +
> +	if (strcmp(encoding, "raw") == 0) {
> +		strcpy(alg_name, pkey->pkey_algo);
> +		return 0;
> +	}
> +
> +	return -ENOPKG;
> +}


Regards,

--
Mat Martineau
Intel OTC

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ