lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 11 Apr 2019 12:18:36 -0500
From:   Denis Kenzior <denkenz@...il.com>
To:     Vitaly Chikunov <vt@...linux.org>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        David Howells <dhowells@...hat.com>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
        linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
        linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v9 05/10] X.509: parse public key parameters from x509 for
 akcipher

Hi Vitaly,

On 04/11/2019 10:51 AM, Vitaly Chikunov wrote:
> Some public key algorithms (like EC-DSA) keep in parameters field
> important data such as digest and curve OIDs (possibly more for
> different EC-DSA variants). Thus, just setting a public key (as
> for RSA) is not enough.
> 
> Append parameters into the key stream for akcipher_set_{pub,priv}_key.
> Appended data is: (u32) algo OID, (u32) parameters length, parameters
> data.
> 
> This does not affect current akcipher API nor RSA ciphers (they could
> ignore it). Idea of appending parameters to the key stream is by Herbert
> Xu.
> 
> Cc: David Howells <dhowells@...hat.com>
> Cc: Denis Kenzior <denkenz@...il.com>
> Cc: keyrings@...r.kernel.org
> Signed-off-by: Vitaly Chikunov <vt@...linux.org>
> ---
>   crypto/asymmetric_keys/asym_tpm.c         |  9 +++-
>   crypto/asymmetric_keys/public_key.c       | 72 ++++++++++++++++++++++++-------
>   crypto/asymmetric_keys/x509.asn1          |  2 +-
>   crypto/asymmetric_keys/x509_cert_parser.c | 31 +++++++++++++
>   crypto/testmgr.c                          | 24 +++++++++--
>   crypto/testmgr.h                          |  5 +++
>   include/crypto/akcipher.h                 | 18 ++++----
>   include/crypto/public_key.h               |  4 ++
>   8 files changed, 136 insertions(+), 29 deletions(-)
> 

Looks good to me.

Reviewed-by: Denis Kenzior <denkenz@...il.com>

By the way:

> @@ -400,11 +401,12 @@ static inline int crypto_akcipher_set_pub_key(struct crypto_akcipher *tfm,
>    * crypto_akcipher_set_priv_key() - Invoke set private key operation
>    *
>    * Function invokes the algorithm specific set key function, which knows
> - * how to decode and interpret the encoded key
> + * how to decode and interpret the encoded keya and parameters

Seems to be a stray 'a' after 'key'?

Regards,
-Denis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ