Re: [PATCH RFC v4 2/4] crypto: add PKE API
On 06/11/2015 07:59 PM, Herbert Xu wrote: +int crypto_akcipher_setkey(struct crypto_akcipher *tfm, + const struct public_key *pkey) +{ + if (tfm-pkey) + akcipher_free_key(tfm-pkey); + + return akcipher_clone_key(tfm, pkey); +} No please do not expose the struct public_key crap to the new API. The key should be completely opaque to entities outside of the algorithm. So make it raw and read out the MPIs from it. The contents of the function must go into the algorithm setkey function, not the crypto API. So RSA would read out however many MPIs it needs and verify it, and so on. Should I make it MPI[] rather than void * -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC v4 2/4] crypto: add PKE API
On Thu, Jun 11, 2015 at 11:50:06PM -0700, Tadeusz Struk wrote: Should I make it MPI[] rather than void * It should be in encoded format since only the algorithms should be decoding it. Otherwise you have craziness where RSA-specific knowledge is placed into x509_cert_parser.c to parse RSA keys. It's probably easiest to go with the BER encoding that the only current user is using. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC v4 2/4] crypto: add PKE API
On 06/11/2015 07:42 PM, Herbert Xu wrote: The testmgr code can mark an entire cipher implementation as fips_allowed=1 as already done for RSA. However, unlike with the other ciphers, that flag must go in conjunction with the used key sizes. For FIPS mode, the following restrictions apply: - RSA: 2048/3072 - DSA: L 2048 / N 224; L 2048 / N 256; L 3072 / N 256 - ECDSA: only the NIST curves Any other key sizes for the given ciphers is not allowed in FIPS mode. Should that constraint be considered here? Yes. However it should be placed into a helper that everybody can call so that future hardware implementations can also make the same checks. I will make the algorithm marked as fips allowed always and then fail in setkey if fips is enabled and the given key doesn't meet the fips requirement. Thanks -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC v4 2/4] crypto: add PKE API
On Fri, Jun 12, 2015 at 10:42:46AM +0800, Herbert Xu wrote: On Fri, Jun 12, 2015 at 03:00:42AM +0200, Stephan Mueller wrote: The testmgr code can mark an entire cipher implementation as fips_allowed=1 as already done for RSA. However, unlike with the other ciphers, that flag must go in conjunction with the used key sizes. For FIPS mode, the following restrictions apply: - RSA: 2048/3072 - DSA: L 2048 / N 224; L 2048 / N 256; L 3072 / N 256 - ECDSA: only the NIST curves Any other key sizes for the given ciphers is not allowed in FIPS mode. Should that constraint be considered here? Yes. However it should be placed into a helper that everybody can call so that future hardware implementations can also make the same checks. Ugh I didn't notice this was the generic API setkey function. No it should go into the algorithm-specific setkey function and then be in the form of a helper so that all implementations of that algorithm can call it. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC v4 2/4] crypto: add PKE API
On Thu, Jun 11, 2015 at 12:05:44PM -0700, Tadeusz Struk wrote: +int crypto_akcipher_setkey(struct crypto_akcipher *tfm, +const struct public_key *pkey) +{ + if (tfm-pkey) + akcipher_free_key(tfm-pkey); + + return akcipher_clone_key(tfm, pkey); +} No please do not expose the struct public_key crap to the new API. The key should be completely opaque to entities outside of the algorithm. So make it raw and read out the MPIs from it. The contents of the function must go into the algorithm setkey function, not the crypto API. So RSA would read out however many MPIs it needs and verify it, and so on. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC v4 2/4] crypto: add PKE API
Am Thursday 11 June 2015, 12:05:44 schrieb Tadeusz Struk: Hi Tadeusz, + +static int akcipher_clone_key(struct crypto_akcipher *tfm, +const struct public_key *pkey) +{ + int i, ret = 0; + + tfm-pkey = kzalloc(sizeof(*tfm-pkey), GFP_KERNEL); + + if (!tfm-pkey) + return -ENOMEM; + + for (i = 0; i ARRAY_SIZE(tfm-pkey-mpi); i++) { + if (!pkey-mpi[i]) + continue; + + if (mpi_copy(tfm-pkey-mpi[i], pkey-mpi[i])) { + akcipher_free_key(tfm-pkey); + tfm-pkey = NULL; + ret = -ENOMEM; + break; + } + } + return ret; +} The testmgr code can mark an entire cipher implementation as fips_allowed=1 as already done for RSA. However, unlike with the other ciphers, that flag must go in conjunction with the used key sizes. For FIPS mode, the following restrictions apply: - RSA: 2048/3072 - DSA: L 2048 / N 224; L 2048 / N 256; L 3072 / N 256 - ECDSA: only the NIST curves Any other key sizes for the given ciphers is not allowed in FIPS mode. Should that constraint be considered here? Ciao Stephan -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH RFC v4 2/4] crypto: add PKE API
On Fri, Jun 12, 2015 at 03:00:42AM +0200, Stephan Mueller wrote: The testmgr code can mark an entire cipher implementation as fips_allowed=1 as already done for RSA. However, unlike with the other ciphers, that flag must go in conjunction with the used key sizes. For FIPS mode, the following restrictions apply: - RSA: 2048/3072 - DSA: L 2048 / N 224; L 2048 / N 256; L 3072 / N 256 - ECDSA: only the NIST curves Any other key sizes for the given ciphers is not allowed in FIPS mode. Should that constraint be considered here? Yes. However it should be placed into a helper that everybody can call so that future hardware implementations can also make the same checks. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html