Re: [PATCH 2/5] crypto: akcipher - Drop usage of sglists for verify op

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 06, 2024 at 10:32:55AM +0200, Lukas Wunner wrote:
>
> I'm looking through the code right now to understand what would be
> necessary to get there.

Great :)

> One issue I see is an algorithm name collision in rsa-pkcs1pad.c:
> I think I'd have to register two instances in pkcs1pad_create(),
> an akcipher_instance and a sig_instance.

Since there is precisely one user -- crypto/asymmetric, we could
simply rename the sig version of pkcs1pad to something else without
causing too much churn.  Perhaps leave the akcipher pkcs1pad as is
and create a new template for sig called pkcs1sig.

So you could do it in a little series without breaking bisection:

1) Add sig type and then create the pkcs1sig template;
2) Switch to pkcs1sig when signing in crypto/asymmetric;
3) Remove now-unused signing code from pkcs1pad.

> The last couple of days I've been contemplating amending
> struct akcipher_alg with additional callbacks to get the
> max_sig_size and max_data_size.  For RSA it's the same as
> the keysize (which is available through the existing ->max_size
> callback), but for ECDSA it's different depending on the
> template.  Adding those new callbacks to a new struct sig_alg
> would be cleaner of course than shoehorning them into struct
> akcipher_alg.

Yes having a separate alg for sig is definitely where we want to
be since there is very little that the two types actually share.

The only place where they currently intersect is pkcs1pad :)

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux