lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160624100215.GA19150@gondor.apana.org.au>
Date:	Fri, 24 Jun 2016 18:02:15 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Mat Martineau <mathew.j.martineau@...ux.intel.com>
Cc:	dhowells@...hat.com, mathew.j.martineau@...ux.intel.com,
	dwmw2@...radead.org, tadeusz.struk@...el.com,
	linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
	Christoph Hellwig <hch@....de>, Theodore Ts'o <tytso@....edu>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	James Morris <jmorris@...ei.org>
Subject: Re: [PATCH 5/8] KEYS: Provide software public key query function
 [ver #2]

Mat Martineau <mathew.j.martineau@...ux.intel.com> wrote:
>
>> +     if (strcmp(encoding, "pkcs1") == 0) {
>> +             /* The data wangled by the RSA algorithm is typically padded
>> +              * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
>> +              * sec 8.2].
>> +              */
>> +             if (!hash_algo)
>> +                     n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
>> +                                  "pkcs1pad(%s)",
>> +                                  pkey->pkey_algo);
> 
> Did you see Herbert's patch that strips out non-hash pkcs1pad capabilities 
> (and the ensuing discussion)?
> 
> http://www.spinics.net/lists/linux-crypto/index.html#20432
> 
> I'm making use of pkcs1pad(rsa) with a TLS implementation, so it's good to 
> see it supported here.

Indeed I'm nacking this patch because it's exporting a purely
software algorithm to user-space for no good reason.  AFAICS
there is nothing in the pkcs1pad code that cannot be done in
user-space, even assuming that your private key is secret and
only accessible from the kernel.

IOW exporting the raw RSA might make sense because the key may
not be visible to user-space, or that the RSA might be implemented
in hardware offload, but there is no sane reason to export pkcs1pad.

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ