Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Mimi Zohar wrote: > memset(, 0, sizeof(pks)); > > + pks.pkey_algo = PKEY_ALGO_RSA; > pks.pkey_hash_algo = hdr->hash_algo; > pks.digest = (u8 *)data; > pks.digest_size = datalen; I've updated the patch. David

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Mimi Zohar wrote: > memset(, 0, sizeof(pks)); > > + pks.pkey_algo = PKEY_ALGO_RSA; > pks.pkey_hash_algo = hdr->hash_algo; > pks.digest = (u8 *)data; > pks.digest_size = datalen; I've updated the patch. David

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Andrew Zaborowski wrote: > Without overhauling akcipher you could modify pkcs1pad so that sign > takes the hash as input, adds the DER struct in front of it to build > the signature, and the verify operation could at most check that the > DER string matches the hash type

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Andrew Zaborowski wrote: > Without overhauling akcipher you could modify pkcs1pad so that sign > takes the hash as input, adds the DER struct in front of it to build > the signature, and the verify operation could at most check that the > DER string matches the hash type and return the hash.

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

On Wed, 2016-02-24 at 00:04 -0500, Mimi Zohar wrote: > On Fri, 2016-02-19 at 17:18 +, David Howells wrote: > > > /* > > * Verify a signature using a public key. > > */ > > int public_key_verify_signature(const struct public_key *pkey, > > const struct

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

On Wed, 2016-02-24 at 00:04 -0500, Mimi Zohar wrote: > On Fri, 2016-02-19 at 17:18 +, David Howells wrote: > > > /* > > * Verify a signature using a public key. > > */ > > int public_key_verify_signature(const struct public_key *pkey, > > const struct

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

On Fri, 2016-02-19 at 17:18 +, David Howells wrote: > /* > * Verify a signature using a public key. > */ > int public_key_verify_signature(const struct public_key *pkey, > const struct public_key_signature *sig) > { > + struct public_key_completion

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

On Fri, 2016-02-19 at 17:18 +, David Howells wrote: > /* > * Verify a signature using a public key. > */ > int public_key_verify_signature(const struct public_key *pkey, > const struct public_key_signature *sig) > { > + struct public_key_completion

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Hi David, On 23 February 2016 at 11:55, David Howells wrote: > Andrew Zaborowski wrote: > >> AIUI Tadeusz is proposing adding the hashing as a new feature. Note >> though that the hash paremeter won't make sense for the encrypt, >> decrypt or verify

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Hi David, On 23 February 2016 at 11:55, David Howells wrote: > Andrew Zaborowski wrote: > >> AIUI Tadeusz is proposing adding the hashing as a new feature. Note >> though that the hash paremeter won't make sense for the encrypt, >> decrypt or verify operations. > > The hash parameter is

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Andrew Zaborowski wrote: > AIUI Tadeusz is proposing adding the hashing as a new feature. Note > though that the hash paremeter won't make sense for the encrypt, > decrypt or verify operations. The hash parameter is necessary for the verify operation. From my

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Andrew Zaborowski wrote: > AIUI Tadeusz is proposing adding the hashing as a new feature. Note > though that the hash paremeter won't make sense for the encrypt, > decrypt or verify operations. The hash parameter is necessary for the verify operation. From my perspective, I want a verify

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Tadeusz Struk wrote: > > Ummm... Possibly. Is that how it's used? > > > > warthog>git grep pkcs1pad -- Documentation > > warthog1> > > Yes, no docs. Sorry. Can I suggest you at least stick a quick usage summary in the banner comment at the top of the file?

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Tadeusz Struk wrote: > > Ummm... Possibly. Is that how it's used? > > > > warthog>git grep pkcs1pad -- Documentation > > warthog1> > > Yes, no docs. Sorry. Can I suggest you at least stick a quick usage summary in the banner comment at the top of the file? > > Anyway, the problem I

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Hi, On 22 February 2016 at 23:28, David Howells wrote: > Tadeusz Struk wrote: > >> I wonder if this should be merged with the crypto/rsa-pkcs1pad.c template >> that we already have. Looks like the two do the same padding now. I think that'd be a

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Hi, On 22 February 2016 at 23:28, David Howells wrote: > Tadeusz Struk wrote: > >> I wonder if this should be merged with the crypto/rsa-pkcs1pad.c template >> that we already have. Looks like the two do the same padding now. I think that'd be a good thing to do. >> Should we merge then and

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

On 02/22/2016 02:28 PM, David Howells wrote: > Tadeusz Struk wrote: > >> I wonder if this should be merged with the crypto/rsa-pkcs1pad.c template >> that we already have. Looks like the two do the same padding now. >> Should we merge then and pass the hash param as a

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

On 02/22/2016 02:28 PM, David Howells wrote: > Tadeusz Struk wrote: > >> I wonder if this should be merged with the crypto/rsa-pkcs1pad.c template >> that we already have. Looks like the two do the same padding now. >> Should we merge then and pass the hash param as a separate template param, >>

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Tadeusz Struk wrote: > I wonder if this should be merged with the crypto/rsa-pkcs1pad.c template > that we already have. Looks like the two do the same padding now. > Should we merge then and pass the hash param as a separate template param, > e.g the public_key would

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Tadeusz Struk wrote: > I wonder if this should be merged with the crypto/rsa-pkcs1pad.c template > that we already have. Looks like the two do the same padding now. > Should we merge then and pass the hash param as a separate template param, > e.g the public_key would allocate "pkcs1pad(rsa,

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

On 02/19/2016 09:18 AM, David Howells wrote: > Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key > subtype to the rsa crypto module. This means that the public_key subtype > no longer has any dependencies on public key type. > > To make this work, I've made the following

Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

On 02/19/2016 09:18 AM, David Howells wrote: > Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key > subtype to the rsa crypto module. This means that the public_key subtype > no longer has any dependencies on public key type. > > To make this work, I've made the following

[PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key subtype to the rsa crypto module. This means that the public_key subtype no longer has any dependencies on public key type. To make this work, I've made the following changes: (1) An indicator as to the hash algorithm

[PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key subtype to the rsa crypto module. This means that the public_key subtype no longer has any dependencies on public key type. To make this work, I've made the following changes: (1) An indicator as to the hash algorithm