Re: [PATCH RFC 2/2] crypto: RSA: KEYS: convert rsa and public key to new PKE API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tadeusz Struk <tadeusz.struk@xxxxxxxxx> wrote:

> +Additionally public key algorithm names are defined:
> +#define PKEY_ALGO_DSA "dsa"
> +#define PKEY_ALGO_RSA "rsa"
> +These will be used to allocate public key tfm instances.

These should be a blank line either side of the two #defines and the #defines
should be indented a tab.

> -	BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA);
> +	BUG_ON(strcmp(ctx->sinfo->sig.pkey_algo, PKEY_ALGO_RSA));

If you make PKEY_ALGO_RSA a const char [] can you use != here?

Oh, and can you do either != 0 or == 0 on the end of your strcmp()?  It's a
bit more obvious since strcmp()'s return is sort of inverse.

> +			.verify = RSA_verify_signature,
> +			.capabilities = PKEY_CAN_VERIFY,

Can we keep .verify_signature as the name of the first.  The second is
redundant given the function pointers.

> +		if (cert->pub && !IS_ERR(cert->pub->tfm))
> +			crypto_free_pke(cert->pub->tfm);
> ...
> +
> +	cert->pub->tfm = crypto_alloc_pke(ctx->cert->sig.pkey_algo, 0, 0);
> +	if (IS_ERR(cert->pub->tfm)) {
> +		pr_err("Failed to alloc pkey algo %s\n",
> +		       ctx->cert->sig.pkey_algo);
> +		goto error_decode;
> +	}
> +

Given that X.509 certs can hang around for a very long time, having a tfm in
the cert is probably a bad idea as it may pin resources such as crypto h/w.

> -	ctx->cert->pub->pkey_algo = PKEY_ALGO_RSA;
> -

I think you need this rather than the above.  You should only get the tfm when
you actually need it.

> -	pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]);
> +	pr_devel("Cert Key Algo: %s\n", pke_alg_name(cert->pub->tfm));

pkey_algo_name() perhaps?

> +	pr_devel("Cert Signature: %s + %s\n", cert->sig.pkey_algo,

Split line at that comma please.  That way all the arguments line up.

> -	cert->pub->algo = pkey_algo[cert->pub->pkey_algo];

Might still need this.

> -enum pkey_algo {
> -	PKEY_ALGO_DSA,
> -	PKEY_ALGO_RSA,
> -	PKEY_ALGO__LAST
> -};

This represents a value seen external to the kernel - at least for the
moment.  Switching to PKCS#7 module sigs would cure that.

> +#define PKEY_ALGO_DSA "dsa"
> +#define PKEY_ALGO_RSA "rsa"

const char []

> +int public_key_verify_signature(const struct public_key *pk,
> +				const struct public_key_signature *sig);

Retain the extern please and the following blank line.

> +static const char *const pkey_algo_name[] = {
> +	PKEY_ALGO_DSA, PKEY_ALGO_RSA
> +};
> +

Split the list over multiple lines, please.  Better still, move to PKCS#7.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux