Hi Tadeusz,
I have been working with the AF_ALG patches for akcipher lately and I find the RSA set key function way too limited. Especially the fact that it uses a format that I can not find a single reference / standard for worries me.
RsaKey ::= SEQUENCE {
n INTEGER ({ rsa_get_n }),
e INTEGER ({ rsa_get_e }),
d INTEGER ({ rsa_get_d })
}
So where is this format coming from? I can find the RSA Public Key format which is a sequence of n and e. If you have a DER encoded RSA public key, then you can use it to encrypt and verify. So that is okay.
However if you have a standard Public Key that OpenSSL would create by default, then things do not work since that is actually a more complicated DER encoded format. However in the end, I would expect that we could also load such a key here. The RSA set key function should auto detect it and extract the right information if it is marked as rsaEncryption type.
My biggest concern however is that this does not reassemble the RSA Private Key at all. That key format is a sequence of 9 integers starting with a version. So logically I would expect that I can just set a RSA Private Key and then utilize the encrypt and decrypt features of the RSA cipher.
When it comes to exposing RSA via AF_ALG and akcipher, I really want standard format for the set key operation. Asking userspace to construct this Linux kernel only key format is not helpful. You want to be able to just load the RSA Private Key in DER format and be done with it.
Any ideas on how we can fix this to allow a sensible userspace API?
Regards
Marcel
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
