Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-12 Thread Tadeusz Struk 
On 06/11/2015 07:59 PM, Herbert Xu wrote:
 +int crypto_akcipher_setkey(struct crypto_akcipher *tfm,
  + const struct public_key *pkey)
  +{
  +  if (tfm-pkey)
  +  akcipher_free_key(tfm-pkey);
  +
  +  return akcipher_clone_key(tfm, pkey);
  +}
 No please do not expose the struct public_key crap to the new
 API.  The key should be completely opaque to entities outside
 of the algorithm.  So make it raw and read out the MPIs from
 it.
 
 The contents of the function must go into the algorithm setkey
 function, not the crypto API.  So RSA would read out however
 many MPIs it needs and verify it, and so on.

Should I make it MPI[] rather than void *
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-12 Thread Herbert Xu 
On Thu, Jun 11, 2015 at 11:50:06PM -0700, Tadeusz Struk wrote:

 Should I make it MPI[] rather than void *

It should be in encoded format since only the algorithms should
be decoding it.  Otherwise you have craziness where RSA-specific
knowledge is placed into x509_cert_parser.c to parse RSA keys.

It's probably easiest to go with the BER encoding that the only
current user is using.

Cheers,
-- 
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-12 Thread Tadeusz Struk 
On 06/11/2015 07:42 PM, Herbert Xu wrote:
 The testmgr code can mark an entire cipher implementation as fips_allowed=1 
 as 
  already done for RSA. However, unlike with the other ciphers, that flag 
  must 
  go in conjunction with the used key sizes.
  
  For FIPS mode, the following restrictions apply:
  
  - RSA: 2048/3072
  
  - DSA: L 2048 / N 224; L 2048 / N 256; L 3072 / N 256
  
  - ECDSA: only the NIST curves
  
  Any other key sizes for the given ciphers is not allowed in FIPS mode.
  
  Should that constraint be considered here?
 Yes.  However it should be placed into a helper that everybody
 can call so that future hardware implementations can also make
 the same checks.

I will make the algorithm marked as fips allowed always and then fail in setkey 
if fips is enabled
and the given key doesn't meet the fips requirement.
Thanks
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Herbert Xu 
On Fri, Jun 12, 2015 at 10:42:46AM +0800, Herbert Xu wrote:
 On Fri, Jun 12, 2015 at 03:00:42AM +0200, Stephan Mueller wrote:
 
  The testmgr code can mark an entire cipher implementation as fips_allowed=1 
  as 
  already done for RSA. However, unlike with the other ciphers, that flag 
  must 
  go in conjunction with the used key sizes.
  
  For FIPS mode, the following restrictions apply:
  
  - RSA: 2048/3072
  
  - DSA: L 2048 / N 224; L 2048 / N 256; L 3072 / N 256
  
  - ECDSA: only the NIST curves
  
  Any other key sizes for the given ciphers is not allowed in FIPS mode.
  
  Should that constraint be considered here?
 
 Yes.  However it should be placed into a helper that everybody
 can call so that future hardware implementations can also make
 the same checks.

Ugh I didn't notice this was the generic API setkey function.
No it should go into the algorithm-specific setkey function and
then be in the form of a helper so that all implementations of
that algorithm can call it.

Cheers,
-- 
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Herbert Xu 
On Thu, Jun 11, 2015 at 12:05:44PM -0700, Tadeusz Struk wrote:

 +int crypto_akcipher_setkey(struct crypto_akcipher *tfm,
 +const struct public_key *pkey)
 +{
 + if (tfm-pkey)
 + akcipher_free_key(tfm-pkey);
 +
 + return akcipher_clone_key(tfm, pkey);
 +}

No please do not expose the struct public_key crap to the new
API.  The key should be completely opaque to entities outside
of the algorithm.  So make it raw and read out the MPIs from
it.

The contents of the function must go into the algorithm setkey
function, not the crypto API.  So RSA would read out however
many MPIs it needs and verify it, and so on.

Cheers,
-- 
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Stephan Mueller 
Am Thursday 11 June 2015, 12:05:44 schrieb Tadeusz Struk:

Hi Tadeusz,

+
+static int akcipher_clone_key(struct crypto_akcipher *tfm,
+const struct public_key *pkey)
+{
+  int i, ret = 0;
+
+  tfm-pkey = kzalloc(sizeof(*tfm-pkey), GFP_KERNEL);
+
+  if (!tfm-pkey)
+  return -ENOMEM;
+
+  for (i = 0; i  ARRAY_SIZE(tfm-pkey-mpi); i++) {
+  if (!pkey-mpi[i])
+  continue;
+
+  if (mpi_copy(tfm-pkey-mpi[i], pkey-mpi[i])) {
+  akcipher_free_key(tfm-pkey);
+  tfm-pkey = NULL;
+  ret = -ENOMEM;
+  break;
+  }
+  }
+  return ret;
+}

The testmgr code can mark an entire cipher implementation as fips_allowed=1 as 
already done for RSA. However, unlike with the other ciphers, that flag must 
go in conjunction with the used key sizes.

For FIPS mode, the following restrictions apply:

- RSA: 2048/3072

- DSA: L 2048 / N 224; L 2048 / N 256; L 3072 / N 256

- ECDSA: only the NIST curves

Any other key sizes for the given ciphers is not allowed in FIPS mode.

Should that constraint be considered here?

Ciao
Stephan
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH RFC v4 2/4] crypto: add PKE API

2015-06-11 Thread Herbert Xu 
On Fri, Jun 12, 2015 at 03:00:42AM +0200, Stephan Mueller wrote:

 The testmgr code can mark an entire cipher implementation as fips_allowed=1 
 as 
 already done for RSA. However, unlike with the other ciphers, that flag must 
 go in conjunction with the used key sizes.
 
 For FIPS mode, the following restrictions apply:
 
 - RSA: 2048/3072
 
 - DSA: L 2048 / N 224; L 2048 / N 256; L 3072 / N 256
 
 - ECDSA: only the NIST curves
 
 Any other key sizes for the given ciphers is not allowed in FIPS mode.
 
 Should that constraint be considered here?

Yes.  However it should be placed into a helper that everybody
can call so that future hardware implementations can also make
the same checks.

Cheers,
-- 
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html