From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D0DDC43387 for ; Wed, 16 Jan 2019 16:19:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D58D120651 for ; Wed, 16 Jan 2019 16:19:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730994AbfAPQTO (ORCPT ); Wed, 16 Jan 2019 11:19:14 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41574 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730514AbfAPQTO (ORCPT ); Wed, 16 Jan 2019 11:19:14 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0AC2F8E584; Wed, 16 Jan 2019 16:19:14 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-244.rdu2.redhat.com [10.10.120.244]) by smtp.corp.redhat.com (Postfix) with ESMTP id 66B9A600C8; Wed, 16 Jan 2019 16:19:12 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <20190106133608.820-3-vt@altlinux.org> References: <20190106133608.820-3-vt@altlinux.org> <20190106133608.820-1-vt@altlinux.org> To: Vitaly Chikunov Cc: dhowells@redhat.com, Herbert Xu , Mimi Zohar , Dmitry Kasatkin , linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH 2/4] akcipher: Introduce verify2 for public key algorithms MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <21753.1547655551.1@warthog.procyon.org.uk> Date: Wed, 16 Jan 2019 16:19:11 +0000 Message-ID: <21754.1547655551@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 16 Jan 2019 16:19:14 +0000 (UTC) Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Vitaly Chikunov wrote: > Current akcipher .verify() just decrypts signature to uncover message > hash, which is then verified in upper level public_key_verify_signature > by memcmp with the expected signature value, which is never passed into > verify(). I think it would be better to make ->verify() take the data hash we've been given rather than returning the expected hash for the caller to compare. That way the callers don't have to do two different things, depending on how the crypto algo works. David