Am Freitag, 28. August 2015, 07:28:58 schrieb Marcel Holtmann: Hi Marcel, >The RSA algorithm provides two ASN.1 key types. One for RSA Private Key >and another for RSA Public Key. Use these two already defined ASN.1 >definitions instead of inventing a new one. > >Signed-off-by: Marcel Holtmann <marcel@xxxxxxxxxxxx> >--- > crypto/Makefile | 9 ++++++--- > crypto/rsa_helper.c | 13 +++++++++---- > crypto/rsakey.asn1 | 5 ----- > crypto/rsaprivatekey.asn1 | 13 +++++++++++++ > crypto/rsapublickey.asn1 | 4 ++++ > 5 files changed, 32 insertions(+), 12 deletions(-) > delete mode 100644 crypto/rsakey.asn1 > create mode 100644 crypto/rsaprivatekey.asn1 > create mode 100644 crypto/rsapublickey.asn1 > >diff --git a/crypto/Makefile b/crypto/Makefile >index 3cc91c3301c7..0b056c411aa7 100644 >--- a/crypto/Makefile >+++ b/crypto/Makefile >@@ -31,10 +31,13 @@ obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o > obj-$(CONFIG_CRYPTO_PCOMP2) += pcompress.o > obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o > >-$(obj)/rsakey-asn1.o: $(obj)/rsakey-asn1.c $(obj)/rsakey-asn1.h >-clean-files += rsakey-asn1.c rsakey-asn1.h >+$(obj)/rsapublickey-asn1.o: $(obj)/rsapublickey-asn1.c >$(obj)/rsapublickey-asn1.h +clean-files += rsapublickey-asn1.c >rsapublickey-asn1.h > >-rsa_generic-y := rsakey-asn1.o >+$(obj)/rsaprivatekey-asn1.o: $(obj)/rsaprivatekey-asn1.c >$(obj)/rsaprivatekey-asn1.h +clean-files += rsaprivatekey-asn1.c >rsaprivatekey-asn1.h >+ >+rsa_generic-y := rsapublickey-asn1.o rsaprivatekey-asn1.o > rsa_generic-y += rsa.o > rsa_generic-y += rsa_helper.o > obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o >diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c >index 8d96ce969b44..26617e3132fb 100644 >--- a/crypto/rsa_helper.c >+++ b/crypto/rsa_helper.c >@@ -15,7 +15,8 @@ > #include <linux/err.h> > #include <linux/fips.h> > #include <crypto/internal/rsa.h> >-#include "rsakey-asn1.h" >+#include "rsapublickey-asn1.h" >+#include "rsaprivatekey-asn1.h" > > int rsa_get_n(void *context, size_t hdrlen, unsigned char tag, > const void *value, size_t vlen) >@@ -109,9 +110,13 @@ int rsa_parse_key(struct rsa_key *rsa_key, const void >*key, int ret; > > free_mpis(rsa_key); >- ret = asn1_ber_decoder(&rsakey_decoder, rsa_key, key, key_len); >- if (ret < 0) >- goto error; >+ ret = asn1_ber_decoder(&rsapublickey_decoder, rsa_key, key, key_len); >+ if (ret < 0) { >+ ret = asn1_ber_decoder(&rsaprivatekey_decoder, rsa_key, >+ key, key_len); Wouldn't it be better to have 2 parse_key functions here? We (will) have 2 setkey functions which are the callers of parse_key. The reason is that the added if requires CPU cycles that can be easily avoided. Hence I propose: rsa_parse_pubkey() rsapublickey_decoder rsa_parse_privkey() rsaprivatekey_decoder to avoid parsing a key as pub key even though we already know it is a priv key. >+ if (ret < 0) >+ goto error; >+ } > > return 0; > error: >diff --git a/crypto/rsakey.asn1 b/crypto/rsakey.asn1 >deleted file mode 100644 >index 3c7b5df7b428..000000000000 >--- a/crypto/rsakey.asn1 >+++ /dev/null >@@ -1,5 +0,0 @@ >-RsaKey ::= SEQUENCE { >- n INTEGER ({ rsa_get_n }), >- e INTEGER ({ rsa_get_e }), >- d INTEGER ({ rsa_get_d }) >-} >diff --git a/crypto/rsaprivatekey.asn1 b/crypto/rsaprivatekey.asn1 >new file mode 100644 >index 000000000000..58dddc7c1536 >--- /dev/null >+++ b/crypto/rsaprivatekey.asn1 >@@ -0,0 +1,13 @@ >+RSAPrivateKey ::= SEQUENCE { >+ version Version, >+ modulus INTEGER ({ rsa_get_n }), -- n >+ publicExponent INTEGER ({ rsa_get_e }), -- e >+ privateExponent INTEGER ({ rsa_get_d }), -- d >+ prime1 INTEGER, -- p >+ prime2 INTEGER, -- q >+ exponent1 INTEGER, -- d mod (p-1) >+ exponent2 INTEGER, -- d mod (q-1) >+ coefficient INTEGER -- (inverse of q) mod p >+} >+ >+Version ::= INTEGER >diff --git a/crypto/rsapublickey.asn1 b/crypto/rsapublickey.asn1 >new file mode 100644 >index 000000000000..8f7f8760f2a9 >--- /dev/null >+++ b/crypto/rsapublickey.asn1 >@@ -0,0 +1,4 @@ >+RSAPublicKey ::= SEQUENCE { >+ modulus INTEGER ({ rsa_get_n }), -- n >+ publicExponent INTEGER ({ rsa_get_e }) -- e >+} Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html