Re: RSA signature verification
Hi, As I have said in my email that it will be used by IMA/EVM subsystem. See security/integrity subdirectory in Linux kernel... Indeed, use of HW accelerator is also on of the targets... - Dmitry On 21/03/11 16:06, ext Herbert Xu wrote: On Mon, Mar 21, 2011 at 04:04:41PM +0200, Dmitry Kasatkin wrote: Do you think it make sense to have it as a crypto algo What kind of API you would have in mind? So the obvious question is who will use this functionality in the kernel? If the only use is going to be in user-space, then the next question is are you doing this for hardware enablement. Cheers, -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA signature verification
To elaborate a bit. Signing of some has is usually done instead of signing some input data directly. For that reason signature verification is basically a combination of hash calculation with signature verification... The issue here is that different padding schemes can be applied to the has before it is signed. So after RSA decryption, de-padding has to be done, before comparing result to the calculated hash. - Dmitry On 22/03/11 08:59, Dmitry Kasatkin wrote: Hi, As I have said in my email that it will be used by IMA/EVM subsystem. See security/integrity subdirectory in Linux kernel... Indeed, use of HW accelerator is also on of the targets... - Dmitry On 21/03/11 16:06, ext Herbert Xu wrote: On Mon, Mar 21, 2011 at 04:04:41PM +0200, Dmitry Kasatkin wrote: Do you think it make sense to have it as a crypto algo What kind of API you would have in mind? So the obvious question is who will use this functionality in the kernel? If the only use is going to be in user-space, then the next question is are you doing this for hardware enablement. Cheers, -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA signature verification
On Tue, Mar 22, 2011 at 08:59:56AM +0200, Dmitry Kasatkin wrote: As I have said in my email that it will be used by IMA/EVM subsystem. See security/integrity subdirectory in Linux kernel... Has the use of software asymmetric crypto in the kernel been accepted for that purpose? Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA signature verification
Hi, Accepted by whom? We extend functionality of Integrity subsystem in order to support flashable images which can be verified with public keys... - Dmitry On 22/03/11 09:34, ext Herbert Xu wrote: On Tue, Mar 22, 2011 at 08:59:56AM +0200, Dmitry Kasatkin wrote: As I have said in my email that it will be used by IMA/EVM subsystem. See security/integrity subdirectory in Linux kernel... Has the use of software asymmetric crypto in the kernel been accepted for that purpose? Thanks, -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA signature verification
On Tue, Mar 22, 2011 at 10:57:55AM +0200, Dmitry Kasatkin wrote: Hi, Accepted by whom? We extend functionality of Integrity subsystem in order to support flashable images which can be verified with public keys... Whoever that's going to merge the use-case for this :) I'm not adding a whole new API unless we have a solid in-kernel user or we're doing this for hardware enablement. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: RSA signature verification
On Mon, Mar 21, 2011 at 04:04:41PM +0200, Dmitry Kasatkin wrote: Do you think it make sense to have it as a crypto algo What kind of API you would have in mind? So the obvious question is who will use this functionality in the kernel? If the only use is going to be in user-space, then the next question is are you doing this for hardware enablement. Cheers, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
