Hi Herbert,
I work on kernel RSA verification for IMA/EVM.
Currently I have a patch which provides "direct" API like ksign_verify()
to get signature verified.
I was thinking about doing it via crypto interface as usual but for now
I have done it directly.
I have found some very old (5y) patches where someone tried to have it
as kind of hash API.
update(), update(), final...
As RSA, in contrast to hash, has like sign/verify operations.
For the kernel there is only verify.
Snippet from the code:
-----------------------------------------------------------------------
desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
GFP_KERNEL);
if (!desc)
goto err;
desc->tfm = shash;
desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
crypto_shash_init(desc);
crypto_shash_update(desc, digest, digestlen);
crypto_shash_update(desc, sig, sizeof(*sh));
crypto_shash_final(desc, h);
kfree(desc);
/* pass signature mpis address */
err = ksign_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh),
h, sizeof(h));
-----------------------------------------------------------------------
So hash is calculated which is then verified against
signature.
Do you think it make sense to have it as a crypto "algo"
What kind of API you would have in mind?
Thanks,
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
