Re: Proposal for adding setpubkey callback to akcipher_alg

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stephan,

>> I think we need to split the akcipher_alg setkey callback into a setkey and
>> setpubkey.
>> 
>> diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
>> index 69d163e39101..ca93952b6d19 100644
>> --- a/include/crypto/akcipher.h
>> +++ b/include/crypto/akcipher.h
>> @@ -91,6 +91,8 @@ struct akcipher_alg {
>>       int (*decrypt)(struct akcipher_request *req);
>>       int (*setkey)(struct crypto_akcipher *tfm, const void *key,
>>                     unsigned int keylen);
>> +       int (*setpubkey)(struct crypto_akcipher *tfm, const void *key,
>> +                        unsigned int keylen);
>>       int (*init)(struct crypto_akcipher *tfm);
>>       void (*exit)(struct crypto_akcipher *tfm);
>> 
>> If the cipher actually uses two different formats for the public + private
> 
> The public key is n + e.
> 
> The private key is n + d.

for RSA Public Key it is just n and e. However for RSA Private Key it is n and e and d and also version, primes etc. So the RSA Public Key contains a sequence of 2 integers and the RSA Private Key contains a sequence of 9 integers.

> Both are encoded in the BER structure the current API requires. It is 
> perfectly valid to provide only n + e when you do public key operations.

And from an API perspective that is fully wrong from my point of view. We just invented another format that is not in any standard. The two standard key formats for RSA are RSA Private Key and RSA Public Key. These are the ones we should support.

The format with n plus e and optionally d is total Linux invention as far as I can tell. And I do not want this exposed to userspace.

For a clean separation I think splitting this into setkey for the RSA Private Key and setpubkey for the RSA Public Key is pretty obvious choice.

> Please see in the testmgr.h for the 2048 bit key test vector (i.e. the one 
> with public_key_vec = true). The BER structure has nice comments from Tadeusz 
> to indicate it only contains n and e without d.

And it is totally made up format. Why would you force conversion of a RSA Public Key or RSA Private Key in DER format into this format. This Linux only input format makes it just complicated for no reason. It is also not documented anywhere as I can tell. I had to dig this out of the code and rsakey.asn1.

As mentioned above, splitting this into two functions makes this simpler. For all intense and purposes this is akcipher so we always either have public/private key pair or we just have the public key. And at least with RSA they are defined as two independent formats.

Since the parsing of the key data is not a generic handling, I do not see a good enough reason to invent new formats. Use the format the cipher you implement already has defined.

> Thus, I do not currently understand your request. May I ask you to give more 
> explanation why the use of BER is insufficient?

Tell me how you create this Linux specific BER encoded key. I would like someone to provide the magic OpenSSL conversion command line to get this. Hand crafting such keys when there is a standard format for RSA Private Key and RSA Public Key makes no sense whatsoever.

Regards

Marcel

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux