Hi Dmitry,
Thanks for pointing out that patch. I does make bringing a full RSA
API into the kernel easier, but it doesn't do it. I may end up doing it
myself, and could certainly use the MPI library you're adding with that
patch, but I'd rather not since I already have a lot on my plate.
--
[
Hi,
Please look to the patch just before your email...
[RFC v1.1 2/5] crypto: ksign - digital signature verification support
It implements RSA verification for IMA/EVM.
May be it would be interesting to you.
- Dmitry
On 11/08/11 21:30, Michel Machado wrote:
> Hi there,
>
>I'm implementing a
Hi there,
I'm implementing a new network stack in Linux's kernel [1], and I
need a RSA implementation to keep the guarantees of the design [2].
Searching the archive of Linux's mailing lists, I've found that
adding RSA to the kernel has been already tried, but it was left out
because the us
The ablkcipher structure in ablk_ecb_alg is lacking an ivsize setting.
This causes the algorithm to fail it's self-test when it's registered
with the error message:
[0.806920] alg: skcipher: Failed to load transform for ecb-aes-aesni: -2
crypto_lookup_skcipher doesn't like a missing ivsize.
> Fedora has had a bug[1] open for a while with people seeing this upon boot:
> [0.807387] alg: skcipher: Failed to load transform for ecb-aes-aesni: -2
> We're still seeing it with the 3.0 kernel, so I poked at it today.
> So it seems that the aesni module is trying to register the ecb(ae
From: Dmitry Kasatkin
Allows to specify keyring to search in for the key. Later patches
will use special keyrings to store EVM and IMA public keys.
Signed-off-by: Dmitry Kasatkin
Acked-by: Mimi Zohar
---
crypto/ksign.c | 17 ++---
include/linux/crypto/ksign.h |
Hello,
As EVM patches were recently merged to security-testing-2.6#next,
it is a good time to resend evm signature verification patches for active
discussion. Last time I forgot --cc linux-crypto. Here it is.
This patchset introduces digital signature extensions for the IMA/EVM kernel
integrity s
From: Dmitry Kasatkin
When building an image, which has to be flashed to different devices,
an HMAC cannot be used to sign file metadata, as the HMAC key is different
on every device. File metadata can be protected using digital signature.
This patch enables RSA signature based integrity verifica
From: Dmitry Kasatkin
EVM/IMA might perform lots of signature verification operations.
For that reason performance is very critical. This patch adds
evm_keyring to store public keys used by EVM only.
Signed-off-by: Dmitry Kasatkin
Acked-by: Mimi Zohar
---
security/integrity/evm/evm.h |
From: Dmitry Kasatkin
This patch implements RSA digital signature verification using GnuPG library.
Signature and public key have a special format and have special headers.
Signature header contains keyid, which is used to identify the key,
needed for signature verification.
Payload of the signa
On Thu, Aug 11, 2011 at 11:08 AM, Herbert Xu
wrote:
> On Thu, Aug 11, 2011 at 10:50:49AM -0400, Andy Lutomirski wrote:
>>
>>> This is pretty similar to the situation with the Intel AES code.
>>> Over there they solved it by using the asynchronous interface and
>>> deferring the processing to a wor
On Thu, Aug 11, 2011 at 10:50:49AM -0400, Andy Lutomirski wrote:
>
>> This is pretty similar to the situation with the Intel AES code.
>> Over there they solved it by using the asynchronous interface and
>> deferring the processing to a work queue.
>
> I have vague plans to clean up extended state
On 08/04/2011 02:44 AM, Herbert Xu wrote:
On Sun, Jul 24, 2011 at 07:53:14PM +0200, Mathias Krause wrote:
With this algorithm I was able to increase the throughput of a single
IPsec link from 344 Mbit/s to 464 Mbit/s on a Core 2 Quad CPU using
the SSSE3 variant -- a speedup of +34.8%.
Were yo
Signed-off-by: Steffen Klassert
---
crypto/crypto_user.c | 21 +
include/linux/cryptouser.h |1 +
2 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 82f9fad..be6a193 100644
--- a/crypto/crypto_user.c
+
Signed-off-by: Steffen Klassert
---
crypto/crypto_user.c | 29 +
include/linux/cryptouser.h |8
2 files changed, 37 insertions(+), 0 deletions(-)
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index fa68965..82f9fad 100644
--- a/crypto/
Signed-off-by: Steffen Klassert
---
crypto/rng.c | 24
include/linux/cryptouser.h |6 ++
2 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/crypto/rng.c b/crypto/rng.c
index 45229ae..3051375 100644
--- a/crypto/rng.c
+++ b/crypto/rng.
Signed-off-by: Steffen Klassert
---
crypto/pcompress.c | 22 ++
include/linux/cryptouser.h |5 +
2 files changed, 27 insertions(+), 0 deletions(-)
diff --git a/crypto/pcompress.c b/crypto/pcompress.c
index f7c4a7d..3fc8ed7 100644
--- a/crypto/pcompress.c
++
Signed-off-by: Steffen Klassert
---
crypto/aead.c | 29 +
include/linux/cryptouser.h |1 +
2 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/crypto/aead.c b/crypto/aead.c
index 25793b7..218ecc8 100644
--- a/crypto/aead.c
+++ b/crypto/a
Signed-off-by: Steffen Klassert
---
crypto/aead.c | 31 +++
include/linux/cryptouser.h | 10 ++
2 files changed, 41 insertions(+), 0 deletions(-)
diff --git a/crypto/aead.c b/crypto/aead.c
index 6729e8f..25793b7 100644
--- a/crypto/aead.c
+++
Signed-off-by: Steffen Klassert
---
crypto/ablkcipher.c| 29 +
include/linux/cryptouser.h |1 +
2 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index d9b6717..c19d14b 100644
--- a/crypto/ablkciphe
Signed-off-by: Steffen Klassert
---
crypto/ablkcipher.c| 31 +++
include/linux/cryptouser.h | 11 +++
2 files changed, 42 insertions(+), 0 deletions(-)
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index fdc67d3..d9b6717 100644
--- a/cryp
Signed-off-by: Steffen Klassert
---
crypto/blkcipher.c | 29 +
include/linux/cryptouser.h | 10 ++
2 files changed, 39 insertions(+), 0 deletions(-)
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 7a72192..b85a67d 100644
--- a/crypto/bl
Signed-off-by: Steffen Klassert
---
crypto/ahash.c | 27 +++
include/linux/cryptouser.h |8
2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index f669822..5dce6a0 100644
--- a/crypto/ahash.c
+++ b/
Signed-off-by: Steffen Klassert
---
crypto/shash.c | 25 +
include/linux/cryptouser.h |7 +++
2 files changed, 32 insertions(+), 0 deletions(-)
diff --git a/crypto/shash.c b/crypto/shash.c
index 76f74b9..d27a134 100644
--- a/crypto/shash.c
+++ b/cry
Signed-off-by: Steffen Klassert
---
crypto/crypto_user.c | 13 +
include/linux/cryptouser.h |6 ++
2 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 49f302a..fa68965 100644
--- a/crypto/crypto_user.c
+++
We add a report function pointer to struct crypto_type. This function
pointer is used from the crypto userspace configuration API to report
crypto algorithms to userspace.
Signed-off-by: Steffen Klassert
---
crypto/crypto_user.c|8
include/crypto/algapi.h |2 ++
2 files chan
This patch adds a basic userspace configuration API for the crypto layer.
With this it is possible to instantiate, update, remove and to show
crypto algorithms from userspace.
Signed-off-by: Steffen Klassert
---
crypto/Kconfig |7 +
crypto/Makefile|1 +
crypto/cry
The upcomming crypto user configuration api needs to identify
crypto instances. This patch adds a flag that is set if the
algorithm is an instance that is build from templates.
Signed-off-by: Steffen Klassert
---
crypto/algapi.c|1 +
include/linux/crypto.h |5 +
2 files chang
Most crypto algorithms simply take the priority value of the underlying
algorithm and add some value to calculate the algorithms priority.
The only exeptions are the authenc algorithms. We change the authenc
algorithms to calculate their priority to the sum of the underlying
algorithms plus 100. Wi
This patchset adds a netlink based user configuration API for the crypto
layer, similar to the configuration API of xfrm.
The patchset is based on the current cryptodev-2.6 tree and also available
at branch 'crypto-user-config-api' of
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/linux-s
30 matches
Mail list logo