Re: [PATCH RFC v4 2/4] crypto: add PKE API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 11, 2015 at 12:05:44PM -0700, Tadeusz Struk wrote:
>
> +int crypto_akcipher_setkey(struct crypto_akcipher *tfm,
> +			   const struct public_key *pkey)
> +{
> +	if (tfm->pkey)
> +		akcipher_free_key(tfm->pkey);
> +
> +	return akcipher_clone_key(tfm, pkey);
> +}

No please do not expose the struct public_key crap to the new
API.  The key should be completely opaque to entities outside
of the algorithm.  So make it raw and read out the MPIs from
it.

The contents of the function must go into the algorithm setkey
function, not the crypto API.  So RSA would read out however
many MPIs it needs and verify it, and so on.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux