Herbert,
On Wed, 22 Jun 2016, Herbert Xu wrote:
On Wed, Jun 22, 2016 at 09:30:12AM -0500, Denis Kenzior wrote:
We live on the bleeding edge :)
I realize that these features are not upstream yet, but that doesn't
mean that we can't influence / see the direction that the kernel is
taking and act accordingly.
We'd like to have both pkcs1pad + hash, and simple pkcs1pad go
upstream. That will make our job in userspace much easier. Andrew
submitted pkcs1pad transform to the kernel specifically so we could
get rid of this logic in our userspace code. So please consider
leaving both versions for upstream inclusion.
Sorry but the crypto API isn't a repository for general algorithms.
It's first and foremost a place for algorithms that we use in the
kernel.
The user-space interface (if we ever add one for akcipher, right now
there are strong objections against it) is mainly there to allow
access to hardware accelerators. So I'm afraid I cannot keep the
hashless pkcs1pad until such a time that either we have a kernel
user for it or there is a piece of hardware implementing it.
David Howells has a keyctl patch set in progress that makes use of
pkcs1pad, with or without a hash:
https://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/commit/?h=keys-asym-keyctl&id=6fe3b4aa7df524f4867868b01d4cb4345b1bf2de
Please leave the non-hash code in, or consider deferring this patch until
we can also discuss the issue at the upcoming security summit. We've been
having a lot of trouble getting agreement on userspace access to
asymmetric ciphers and I think we could make some progress with in-person
discussion. (Mailing list discussion is also important because not
everyone concerned can attend the summit)
Thanks,
--
Mat Martineau
Intel OTC
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html