Tadeusz Struk <tadeusz.struk@xxxxxxxxx> wrote:
> +Additionally public key algorithm names are defined:
> +#define PKEY_ALGO_DSA "dsa"
> +#define PKEY_ALGO_RSA "rsa"
> +These will be used to allocate public key tfm instances.
These should be a blank line either side of the two #defines and the #defines
should be indented a tab.
> - BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA);
> + BUG_ON(strcmp(ctx->sinfo->sig.pkey_algo, PKEY_ALGO_RSA));
If you make PKEY_ALGO_RSA a const char [] can you use != here?
Oh, and can you do either != 0 or == 0 on the end of your strcmp()? It's a
bit more obvious since strcmp()'s return is sort of inverse.
> + .verify = RSA_verify_signature,
> + .capabilities = PKEY_CAN_VERIFY,
Can we keep .verify_signature as the name of the first. The second is
redundant given the function pointers.
> + if (cert->pub && !IS_ERR(cert->pub->tfm))
> + crypto_free_pke(cert->pub->tfm);
> ...
> +
> + cert->pub->tfm = crypto_alloc_pke(ctx->cert->sig.pkey_algo, 0, 0);
> + if (IS_ERR(cert->pub->tfm)) {
> + pr_err("Failed to alloc pkey algo %s\n",
> + ctx->cert->sig.pkey_algo);
> + goto error_decode;
> + }
> +
Given that X.509 certs can hang around for a very long time, having a tfm in
the cert is probably a bad idea as it may pin resources such as crypto h/w.
> - ctx->cert->pub->pkey_algo = PKEY_ALGO_RSA;
> -
I think you need this rather than the above. You should only get the tfm when
you actually need it.
> - pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]);
> + pr_devel("Cert Key Algo: %s\n", pke_alg_name(cert->pub->tfm));
pkey_algo_name() perhaps?
> + pr_devel("Cert Signature: %s + %s\n", cert->sig.pkey_algo,
Split line at that comma please. That way all the arguments line up.
> - cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
Might still need this.
> -enum pkey_algo {
> - PKEY_ALGO_DSA,
> - PKEY_ALGO_RSA,
> - PKEY_ALGO__LAST
> -};
This represents a value seen external to the kernel - at least for the
moment. Switching to PKCS#7 module sigs would cure that.
> +#define PKEY_ALGO_DSA "dsa"
> +#define PKEY_ALGO_RSA "rsa"
const char []
> +int public_key_verify_signature(const struct public_key *pk,
> + const struct public_key_signature *sig);
Retain the extern please and the following blank line.
> +static const char *const pkey_algo_name[] = {
> + PKEY_ALGO_DSA, PKEY_ALGO_RSA
> +};
> +
Split the list over multiple lines, please. Better still, move to PKCS#7.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
