Re: [PATCH v5 1/4] crypto: Add support for ECDSA signature verification

Re: [PATCH v5 1/4] crypto: Add support for ECDSA signature verification

[Herbert Xu]

On Fri, Jan 29, 2021 at 10:03:52AM -0500, Stefan Berger wrote:
>
> +		.cra_name = "ecdsa-nist-p256",
> +		.cra_driver_name = "ecdsa-nist-p256",

The driver name should have a "-generic" suffix in case a driver
provides this algorithm too.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH v5 4/4] ima: Support EC keys for signature verification

[David Howells]

Vitaly Chikunov <vt@altlinux.org> wrote:

> > +static inline
> > +const struct public_key *asymmetric_key_public_key(const struct key *key)
> > +{
> > +	return key->payload.data[asym_crypto];
> > +}
> 
> I wonder why use this accessor which does nothing else, because in all
> other places payload.data[asym_crypto] accessed directly.

We should probably move to using wrappers rather than accessing directly for
type safety.

David

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[David Howells]

Stefan Berger <stefanb@linux.vnet.ibm.com> wrote:

> From: Stefan Berger <stefanb@linux.ibm.com>
> 
> Detect whether a key is an sm2 type of key by its OID in the parameters
> array rather than assuming that everything under OID_id_ecPublicKey
> is sm2, which is not the case.
> 
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: keyrings@vger.kernel.org

I presume these cc's are intentionally not on the first patch or the cover (if
there is one)?

Do you have a branch you want me to pull or did you want me to take just
patches 2-4?

David

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[Stefan Berger]

On 2/1/21 8:23 AM, David Howells wrote:
> Stefan Berger <stefanb@linux.vnet.ibm.com> wrote:
>
>> From: Stefan Berger <stefanb@linux.ibm.com>
>>
>> Detect whether a key is an sm2 type of key by its OID in the parameters
>> array rather than assuming that everything under OID_id_ecPublicKey
>> is sm2, which is not the case.
>>
>> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
>> Cc: David Howells <dhowells@redhat.com>
>> Cc: keyrings@vger.kernel.org
> I presume these cc's are intentionally not on the first patch or the cover (if
> there is one)?

No, this is not intentional. I guess this is a case of wrong use of cc: 
versus mailing lists - my bad. I posted the whole series to 
linux-crypto, linux-integrity, keyrings and lkml.

V6 is at least visible here now:

- https://lkml.org/lkml/2021/1/31/323

- https://marc.info/?l=linux-crypto-vger&m=161213604618722&w=2

- 
https://lore.kernel.org/linux-integrity/20210131233301.1301787-1-stefanb@linux.ibm.com/T/#mbc9fae5facb4178f64c1145e2654258c0af8fa96

- https://marc.info/?l=linux-keyrings&m=161213608818735&w=2



>
> Do you have a branch you want me to pull or did you want me to take just
> patches 2-4?

Please take it from the mailing list. If there are requests for more 
changes on the crypto level, I will send another series. I personally am 
waiting for some sort of verdict on the crypto level...

    Stefan

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[Mimi Zohar]

On Mon, 2021-02-01 at 09:35 -0500, Stefan Berger wrote:
> On 2/1/21 8:23 AM, David Howells wrote:
> > Stefan Berger <stefanb@linux.vnet.ibm.com> wrote:
> >
> >> From: Stefan Berger <stefanb@linux.ibm.com>
> >>
> >> Detect whether a key is an sm2 type of key by its OID in the parameters
> >> array rather than assuming that everything under OID_id_ecPublicKey
> >> is sm2, which is not the case.
> >>
> >> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> >> Cc: David Howells <dhowells@redhat.com>
> >> Cc: keyrings@vger.kernel.org
> > I presume these cc's are intentionally not on the first patch or the cover (if
> > there is one)?
> 
> No, this is not intentional. I guess this is a case of wrong use of cc: 
> versus mailing lists - my bad. I posted the whole series to 
> linux-crypto, linux-integrity, keyrings and lkml.
> 
> V6 is at least visible here now:
> 
> - https://lkml.org/lkml/2021/1/31/323
> 
> - https://marc.info/?l=linux-crypto-vger&m=161213604618722&w=2
> 
> - 
> https://lore.kernel.org/linux-integrity/20210131233301.1301787-1-stefanb@linux.ibm.com/T/#mbc9fae5facb4178f64c1145e2654258c0af8fa96
> 
> - https://marc.info/?l=linux-keyrings&m=161213608818735&w=2
> 
> 
> 
> >
> > Do you have a branch you want me to pull or did you want me to take just
> > patches 2-4?
> 
> Please take it from the mailing list. If there are requests for more 
> changes on the crypto level, I will send another series. I personally am 
> waiting for some sort of verdict on the crypto level...

The entire patch set should be upstreamed as a single patch set, after
having each of the maintainer's Ack it.  In addition, the v6 version is
missing some Reviewed-by tags.  (Stefan will re-post a v7 patch set.)

David, I don't have problem with this patch set being upstreamed via
the keys subsystem, assuming it's been tested.

thanks,

Mimi

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[David Howells]

Mimi Zohar <zohar@linux.ibm.com> wrote:

> > > Do you have a branch you want me to pull or did you want me to take just
> > > patches 2-4?
> > 
> > Please take it from the mailing list. If there are requests for more 
> > changes on the crypto level, I will send another series. I personally am 
> > waiting for some sort of verdict on the crypto level...
> 
> The entire patch set should be upstreamed as a single patch set, after
> having each of the maintainer's Ack it.  In addition, the v6 version is
> missing some Reviewed-by tags.  (Stefan will re-post a v7 patch set.)
> 
> David, I don't have problem with this patch set being upstreamed via
> the keys subsystem, assuming it's been tested.

Herbert wants the first patch to go through the crypto tree.  Maybe all of
them should proceed by that route if Herbert is willing?

What do patches 2-4 do if patch 1 isn't applied?

David

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[Herbert Xu]

On Mon, Feb 01, 2021 at 03:07:35PM +0000, David Howells wrote:
>
> Herbert wants the first patch to go through the crypto tree.  Maybe all of
> them should proceed by that route if Herbert is willing?

I'm not actually all that fussed about where it goes through.  It's
just the first patch happens to touch an area that is still under
discussion for the Crypto API.  So once that's settled I'm more than
happy for it to go through your tree if that's the easiest way to go.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[David Howells]

Herbert Xu <herbert@gondor.apana.org.au> wrote:

> > Herbert wants the first patch to go through the crypto tree.  Maybe all of
> > them should proceed by that route if Herbert is willing?
> 
> I'm not actually all that fussed about where it goes through.  It's
> just the first patch happens to touch an area that is still under
> discussion for the Crypto API.  So once that's settled I'm more than
> happy for it to go through your tree if that's the easiest way to go.

Should I defer it till the next merge window?

David

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[Herbert Xu]

On Tue, Feb 02, 2021 at 08:27:35AM +0000, David Howells wrote:
>
> Should I defer it till the next merge window?

Is there any specific reason why this has to be in the current
one?

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[David Howells]

Herbert Xu <herbert@gondor.apana.org.au> wrote:

> > Should I defer it till the next merge window?
> 
> Is there any specific reason why this has to be in the current
> one?

No idea.  It seems straightforward enough, at least on the keyrings side, that
I was going to add it.

David

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[Herbert Xu]

On Tue, Feb 02, 2021 at 09:33:23AM +0000, David Howells wrote:
>
> No idea.  It seems straightforward enough, at least on the keyrings side, that
> I was going to add it.

In that case please wait for the discussion on how we handle curves
to be finalised.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH v5 2/4] x509: Detect sm2 keys by their parameters OID

[David Howells]

Herbert Xu <herbert@gondor.apana.org.au> wrote:

> > No idea.  It seems straightforward enough, at least on the keyrings side, that
> > I was going to add it.
> 
> In that case please wait for the discussion on how we handle curves
> to be finalised.

Sure.  Will do.

David