[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190125100009.i2ggpc7k7qvzayvj@gondor.apana.org.au>
Date: Fri, 25 Jan 2019 18:00:09 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: David Howells <dhowells@...hat.com>,
Tudor Ambarus <tudor-dan.ambarus@....com>,
"David S. Miller" <davem@...emloft.net>,
Maxime Coquelin <mcoquelin.stm32@...il.com>,
Alexandre Torgue <alexandre.torgue@...com>,
Horia Geantă <horia.geanta@....com>,
Aymen Sghaier <aymen.sghaier@....com>,
Tom Lendacky <thomas.lendacky@....com>,
Gary Hook <gary.hook@....com>,
Giovanni Cabiddu <giovanni.cabiddu@...el.com>,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
keyrings@...r.kernel.org, linux-stm32@...md-mailman.stormreply.com,
linux-arm-kernel@...ts.infradead.org, qat-linux@...el.com
Subject: Re: [RFC PATCH v2] akcipher: Introduce verify_rsa/verify for public
key algorithms
On Fri, Jan 18, 2019 at 11:41:00PM +0300, Vitaly Chikunov wrote:
>
> a) RSA verify works differently (is it just disguised encrypt),
> b) We have separate wrapper module for it (pkcs1pad). Thus:
>
> Old API can not be removed. In other words, we can not replace
> .verify_rsa with .verify in these drivers or PKCS1 will not work.
>
> We can replace .verify_rsa with .verify in pkcs1pad, but there is no
> need for that if we stay with two API calls, which we can't avoid.
I think having two API calls during a transition period is fine.
But it must not be the long-term outcome.
In order to keep existing drivers working, I think we should make
the API wrap the legacy verify_rsa and implement verify directly
on top of it. IOW the driver remains unchanged for now but the
crypto API code should provide a verify API that is implemented
on top of the driver's verify_rsa call.
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists