From: Vitaly Chikunov <vt@altlinux.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Howells <dhowells@redhat.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 1/4] X.509: Parse public key parameters from x509 for akcipher
Date: Thu, 28 Feb 2019 10:04:49 +0300 [thread overview]
Message-ID: <20190228070449.gjwoq4c2b3x5grie@altlinux.org> (raw)
In-Reply-To: <20190228061444.3escryzoit3idtwg@gondor.apana.org.au>
Herbert,
On Thu, Feb 28, 2019 at 02:14:44PM +0800, Herbert Xu wrote:
> On Sun, Feb 24, 2019 at 09:48:40AM +0300, Vitaly Chikunov wrote:
> >
> > If we pass SubjectPublicKeyInfo into set_pub_key itself (making
> > set_params not needed) we will break ABI and compatibility with RSA
> > drivers, because whole SubjectPublicKeyInfo is not expected by the
>
> This compatibility does not matter. We can always add translating
> layers into the crypto API to deal with this. The only ABI that
> matters is the one to user-space.
It seems that you insist on set_params to be removed and both key and
params to be passed into set_{pub,priv}_key. This means reworking all
existing RSA drivers and callers, right? Can you please confirm that
huge rework to avoid misunderstanding?
I think to pass SubjectPublicKeyInfo into set_*_key would be overkill,
because TPM drivers may not have it and we would need BER encoder just
for that.
So, probably, something simple like length, key data, length, params data
will be enough?
Thanks,
WARNING: multiple messages have this Message-ID (diff)
From: Vitaly Chikunov <vt@altlinux.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Howells <dhowells@redhat.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 1/4] X.509: Parse public key parameters from x509 for akcipher
Date: Thu, 28 Feb 2019 07:04:49 +0000 [thread overview]
Message-ID: <20190228070449.gjwoq4c2b3x5grie@altlinux.org> (raw)
In-Reply-To: <20190228061444.3escryzoit3idtwg@gondor.apana.org.au>
Herbert,
On Thu, Feb 28, 2019 at 02:14:44PM +0800, Herbert Xu wrote:
> On Sun, Feb 24, 2019 at 09:48:40AM +0300, Vitaly Chikunov wrote:
> >
> > If we pass SubjectPublicKeyInfo into set_pub_key itself (making
> > set_params not needed) we will break ABI and compatibility with RSA
> > drivers, because whole SubjectPublicKeyInfo is not expected by the
>
> This compatibility does not matter. We can always add translating
> layers into the crypto API to deal with this. The only ABI that
> matters is the one to user-space.
It seems that you insist on set_params to be removed and both key and
params to be passed into set_{pub,priv}_key. This means reworking all
existing RSA drivers and callers, right? Can you please confirm that
huge rework to avoid misunderstanding?
I think to pass SubjectPublicKeyInfo into set_*_key would be overkill,
because TPM drivers may not have it and we would need BER encoder just
for that.
So, probably, something simple like length, key data, length, params data
will be enough?
Thanks,
next prev parent reply other threads:[~2019-02-28 7:04 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-06 13:36 [RFC PATCH 0/4] crypto: Add EC-RDSA algorithm Vitaly Chikunov
2019-01-06 13:36 ` Vitaly Chikunov
2019-01-06 13:36 ` [RFC PATCH 1/4] X.509: Parse public key parameters from x509 for akcipher Vitaly Chikunov
2019-01-06 13:36 ` Vitaly Chikunov
2019-02-09 21:42 ` Vitaly Chikunov
2019-02-09 21:42 ` Vitaly Chikunov
2019-02-10 18:46 ` Vitaly Chikunov
2019-02-10 18:46 ` Vitaly Chikunov
2019-02-19 4:37 ` Herbert Xu
2019-02-19 4:37 ` Herbert Xu
2019-02-24 6:48 ` Vitaly Chikunov
2019-02-24 6:48 ` Vitaly Chikunov
2019-02-28 6:14 ` Herbert Xu
2019-02-28 6:14 ` Herbert Xu
2019-02-28 7:04 ` Vitaly Chikunov [this message]
2019-02-28 7:04 ` Vitaly Chikunov
2019-02-28 7:11 ` Vitaly Chikunov
2019-02-28 7:11 ` Vitaly Chikunov
2019-02-28 7:51 ` Herbert Xu
2019-02-28 7:51 ` Herbert Xu
2019-02-28 8:28 ` Vitaly Chikunov
2019-02-28 8:28 ` Vitaly Chikunov
2019-02-28 9:01 ` Herbert Xu
2019-02-28 9:01 ` Herbert Xu
2019-02-28 10:33 ` Vitaly Chikunov
2019-02-28 10:33 ` Vitaly Chikunov
2019-02-28 10:37 ` Herbert Xu
2019-02-28 10:37 ` Herbert Xu
2019-03-01 16:06 ` Vitaly Chikunov
2019-03-01 16:06 ` Vitaly Chikunov
2019-01-06 13:36 ` [RFC PATCH 2/4] akcipher: Introduce verify2 for public key algorithms Vitaly Chikunov
2019-01-06 13:36 ` Vitaly Chikunov
2019-01-06 13:36 ` [RFC PATCH 3/4] KEYS: set correct flags for keyctl if encrypt is not supported Vitaly Chikunov
2019-01-06 13:36 ` Vitaly Chikunov
2019-01-06 13:36 ` [RFC PATCH 4/4] crypto: Add EC-RDSA algorithm Vitaly Chikunov
2019-01-06 13:36 ` Vitaly Chikunov
2019-01-06 18:11 ` Stephan Müller
2019-01-06 18:11 ` Stephan Müller
2019-01-07 8:07 ` Vitaly Chikunov
2019-01-07 8:07 ` Vitaly Chikunov
2019-01-07 8:31 ` Stephan Mueller
2019-01-07 8:31 ` Stephan Mueller
2019-01-07 9:04 ` Vitaly Chikunov
2019-01-07 9:04 ` Vitaly Chikunov
2019-01-16 16:15 ` David Howells
2019-01-16 16:19 ` [RFC PATCH 2/4] akcipher: Introduce verify2 for public key algorithms David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190228070449.gjwoq4c2b3x5grie@altlinux.org \
--to=vt@altlinux.org \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.