lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D3K2WJR5TW80.1NNF9E2RUW4TX@kernel.org>
Date: Mon, 19 Aug 2024 20:53:37 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Roberto Sassu" <roberto.sassu@...weicloud.com>, <dhowells@...hat.com>,
 <dwmw2@...radead.org>, <herbert@...dor.apana.org.au>, <davem@...emloft.net>
Cc: <linux-kernel@...r.kernel.org>, <keyrings@...r.kernel.org>,
 <linux-crypto@...r.kernel.org>, <zohar@...ux.ibm.com>,
 <linux-integrity@...r.kernel.org>, "Roberto Sassu"
 <roberto.sassu@...wei.com>
Subject: Re: [PATCH v2 00/14] KEYS: Add support for PGP keys and signatures

On Sun Aug 18, 2024 at 7:57 PM EEST, Roberto Sassu wrote:
> The patch set includes two preliminary patches: patch 1 introduces
> mpi_key_length(), to get the number of bits and bytes of an MPI; patch 2
> introduces rsa_parse_priv_key_raw() and rsa_parse_pub_key_raw(), to parse
> an RSA key in RAW format if the ASN.1 parser returns an error.

I'd leave the discussion about these patches and delete the whole
paragraph. Preliminary patches happen they are not a goal and definitely
do not require a disclaimer in the cover letter.

>
> Patches 3-5 introduce the library necessary to parse PGP keys and
> signatures, whose support is added with patches 6-10. Patch 11 introduces
> verify_pgp_signature() to be used by kernel subsystems (e.g. fsverity and
> IMA). Patch 12 is for testing of PGP signatures. Finally, patches 13-14
> allow loading a set of PGP keys from a supplied blob at boot time.

Write a high-level description of the pieces that lead to solution and
leave patch numbers out.

I'd suggest rewrite the previous paragraphs simply as:

"PGP signatures center around verify_pgp_signature(). The patches
prepending it introduce helpers necessary to operate with the PGP
signatures."

That's all information they have.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ