From: Nicolai Stange <nstange@suse.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Nicolai Stange" <nstange@suse.de>,
"David S. Miller" <davem@davemloft.net>,
"Stephan Müller" <smueller@chronox.de>,
"Hannes Reinecke" <hare@suse.de>, "Torsten Duwe" <duwe@suse.de>,
"David Howells" <dhowells@redhat.com>,
"Jarkko Sakkinen" <jarkko@kernel.org>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
keyrings@vger.kernel.org
Subject: Re: [PATCH v3 11/15] crypto: dh - allow for passing NULL to the ffdheXYZ(dh)s' ->set_secret()
Date: Mon, 14 Feb 2022 09:53:40 +0100 [thread overview]
Message-ID: <87bkz9q163.fsf@suse.de> (raw)
In-Reply-To: <YgYnu8ZzhSnr+OgZ@gondor.apana.org.au> (Herbert Xu's message of "Fri, 11 Feb 2022 20:09:15 +1100")
Herbert Xu <herbert@gondor.apana.org.au> writes:
> On Wed, Feb 02, 2022 at 11:40:08AM +0100, Nicolai Stange wrote:
>> Ephemeral key generation can be requested from any of the ffdheXYZ(dh)
>> variants' common ->set_secret() by passing it an (encoded) struct dh
>> with the key parameter being unset, i.e. with ->key_size == 0. As the
>> whole purpose of the ffdheXYZ(dh) templates is to fill in the group
>> parameters as appropriate, they expect ->p and ->g to be unset in any
>> input struct dh as well. This means that a user would have to encode an
>> all-zeroes struct dh instance via crypto_dh_encode_key() when requesting
>> ephemeral key generation from a ffdheXYZ(dh) instance, which is kind of
>> pointless.
>>
>> Make dh_safe_prime_set_secret() to decode a struct dh from the supplied
>> buffer only if the latter is non-NULL and initialize it with all zeroes
>> otherwise.
>>
>> That is, it is now possible to call
>>
>> crypto_kpp_set_secret(tfm, NULL, 0);
>>
>> on any ffdheXYZ(dh) tfm for requesting ephemeral key generation.
>
> Why do we need to support the non-NULL case? IOW what in the kernel
> will be using these new templates with a non-NULL parameter?
The only "real" user, NVME in-band auth, will indeed only use ephemeral
keys AFAICT, but the known-answer selftests install a static key each.
So those will have to invoke ->set_secret() with a non-NULL parameter.
Thanks,
Nicolai
--
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg), GF: Ivo Totev
next prev parent reply other threads:[~2022-02-14 8:53 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-02 10:39 [PATCH v3 00/15] crypto: dh - infrastructure for NVM in-band auth and FIPS conformance Nicolai Stange
2022-02-02 10:39 ` [PATCH v3 01/15] crypto: kpp - provide support for KPP template instances Nicolai Stange
2022-02-02 10:39 ` [PATCH v3 02/15] crypto: kpp - provide support for KPP spawns Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 03/15] crypto: dh - remove struct dh's ->q member Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 04/15] crypto: dh - constify struct dh's pointer members Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 05/15] crypto: dh - split out deserialization code from crypto_dh_decode() Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 06/15] crypto: dh - introduce common code for built-in safe-prime group support Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 07/15] crypto: dh - implement ffdheXYZ(dh) templates Nicolai Stange
2022-02-11 9:09 ` Herbert Xu
2022-02-14 8:38 ` Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 08/15] crypto: testmgr - add known answer tests for " Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 09/15] crypto: dh - implement private key generation primitive for ffdheXYZ(dh) Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 10/15] crypto: testmgr - add keygen tests for ffdheXYZ(dh) templates Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 11/15] crypto: dh - allow for passing NULL to the ffdheXYZ(dh)s' ->set_secret() Nicolai Stange
2022-02-11 9:09 ` Herbert Xu
2022-02-14 8:53 ` Nicolai Stange [this message]
2022-02-02 10:40 ` [PATCH v3 12/15] crypto: api - allow algs only in specific constructions in FIPS mode Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 13/15] crypto: dh - disallow plain "dh" usage " Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 14/15] lib/mpi: export mpi_rshift Nicolai Stange
2022-02-02 10:40 ` [PATCH v3 15/15] crypto: dh - calculate Q from P for the full public key verification Nicolai Stange
2022-02-03 17:11 ` [PATCH v3 00/15] crypto: dh - infrastructure for NVM in-band auth and FIPS conformance Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bkz9q163.fsf@suse.de \
--to=nstange@suse.de \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=duwe@suse.de \
--cc=hare@suse.de \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.