Hi Stephan,
>> I think we need to split the akcipher_alg setkey callback into a setkey and
>> setpubkey.
>>
>> diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
>> index 69d163e39101..ca93952b6d19 100644
>> --- a/include/crypto/akcipher.h
>> +++ b/include/crypto/akcipher.h
>> @@ -91,6 +91,8 @@ struct akcipher_alg {
>> int (*decrypt)(struct akcipher_request *req);
>> int (*setkey)(struct crypto_akcipher *tfm, const void *key,
>> unsigned int keylen);
>> + int (*setpubkey)(struct crypto_akcipher *tfm, const void *key,
>> + unsigned int keylen);
>> int (*init)(struct crypto_akcipher *tfm);
>> void (*exit)(struct crypto_akcipher *tfm);
>>
>> If the cipher actually uses two different formats for the public + private
>
> The public key is n + e.
>
> The private key is n + d.
for RSA Public Key it is just n and e. However for RSA Private Key it is n and
e and d and also version, primes etc. So the RSA Public Key contains a sequence
of 2 integers and the RSA Private Key contains a sequence of 9 integers.
> Both are encoded in the BER structure the current API requires. It is
> perfectly valid to provide only n + e when you do public key operations.
And from an API perspective that is fully wrong from my point of view. We just
invented another format that is not in any standard. The two standard key
formats for RSA are RSA Private Key and RSA Public Key. These are the ones we
should support.
The format with n plus e and optionally d is total Linux invention as far as I
can tell. And I do not want this exposed to userspace.
For a clean separation I think splitting this into setkey for the RSA Private
Key and setpubkey for the RSA Public Key is pretty obvious choice.
> Please see in the testmgr.h for the 2048 bit key test vector (i.e. the one
> with public_key_vec = true). The BER structure has nice comments from Tadeusz
> to indicate it only contains n and e without d.
And it is totally made up format. Why would you force conversion of a RSA
Public Key or RSA Private Key in DER format into this format. This Linux only
input format makes it just complicated for no reason. It is also not documented
anywhere as I can tell. I had to dig this out of the code and rsakey.asn1.
As mentioned above, splitting this into two functions makes this simpler. For
all intense and purposes this is akcipher so we always either have
public/private key pair or we just have the public key. And at least with RSA
they are defined as two independent formats.
Since the parsing of the key data is not a generic handling, I do not see a
good enough reason to invent new formats. Use the format the cipher you
implement already has defined.
> Thus, I do not currently understand your request. May I ask you to give more
> explanation why the use of BER is insufficient?
Tell me how you create this Linux specific BER encoded key. I would like
someone to provide the magic OpenSSL conversion command line to get this. Hand
crafting such keys when there is a standard format for RSA Private Key and RSA
Public Key makes no sense whatsoever.
Regards
Marcel
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
