Similar to algif_skcipher and algif_hash, algif_akcipher needs
to prevent user space from using the interface in an improper way.
This patch adds nokey ops handlers, which do just that.
Signed-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 159
From: Stephan Mueller
Add the flags for handling signature generation and signature
verification.
Also, the patch adds the interface for setting a public key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
include/uapi/linux/if_alg.h |3 +++
1 file changed, 3 insertions
akcipher api or
invoke operations defined by a given subtype, depending on the
key type.
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 10 ++
crypto/algif_akcipher.c | 207 ++-
include/crypto/if_alg.h |1
include/uapi/linux
Hi Jamie,
On 05/03/2016 01:35 PM, David Howells wrote:
> (cc'ing Tadeusz as he did the pkcs1 padding function)
>
> Jamie Heilman wrote:
>
Problem loading in-kernel X.509 certificate (-2)
>>>
>>> ENOENT? Hmmm... The only place that is generated is in the crypto layer.
>>> That suggests
Hi Mat,
On 05/13/2016 04:32 PM, Mat Martineau wrote:
>
>> +params.data_len = req->src_len;
>> +params.enc_len = req->dst_len;
Thanks for info. I have sent an update for this.
>
> The params member names have changed (now in_len and out_len).
>> +ret = encrypt_blob(, in, out);
>
>
On 05/14/2016 09:16 PM, Tadeusz Struk wrote:
> First four patches are a resend of the v3 algif_akcipher from
> Stephan Mueller, with minor changes after rebase on top of 4.6-rc1.
>
> The next three patches add support for keys stored in system
> keyring subsystem.
>
On 10/18/2015 03:45 AM, Stephan Mueller wrote:
> The patch fixes the analysis of the input data which contains an off
> by one.
>
> The issue is visible when the SGL contains one byte per SG entry.
> The code for checking for zero bytes does not operate on the data byte.
>
> Signed-off-by:
msg_iocb needs to be initialized on the recv/recvfrom path.
Otherwise afalg will wrongly interpret it as an async call.
Cc: sta...@vger.kernel.org
Reported-by: Harald Freudenberger
Signed-off-by: Tadeusz Struk
---
net/socket.c |1 +
1 file changed, 1 insertion(+)
diff --git a/net/socket.c
On 12/15/2015 11:02 AM, Eric Dumazet wrote:
> On Tue, 2015-12-15 at 10:46 -0800, Tadeusz Struk wrote:
>> msg_iocb needs to be initialized on the recv/recvfrom path.
>> Otherwise afalg will wrongly interpret it as an async call.
>>
>> Cc: sta...@vger.kernel.org
>>
Hi Herbert,
On 01/18/2016 04:34 PM, Herbert Xu wrote:
>> My understanding is that the sock_kmalloc is mainly used for allocations
>> > of the user provided data, because it keeps tracks of how much memory
>> > is allocated by a socket, and makes sure that is will not exceed the
>> >
From: Tadeusz Struk
Created on top of patchset from Stephan Mueller
https://patchwork.kernel.org/patch/7877921/
https://patchwork.kernel.org/patch/7877971/
https://patchwork.kernel.org/patch/7877961/
This patch adds support for asymmetric key type to AF_ALG.
It will work as follows: A new
Hi,
On 12/19/2015 03:49 PM, kbuild test robot wrote:
> Hi Tadeusz,
>
> [auto build test ERROR on crypto/master]
> [also build test ERROR on v4.4-rc5 next-20151218]
>
> url:
> https://github.com/0day-ci/linux/commits/Tadeusz-Struk/crypto-KEYS-convert-public-key-to-akciphe
Hi Stephan,
On 12/21/2015 01:27 PM, Stephan Mueller wrote:
>> @@ -192,7 +194,30 @@ static int alg_setkey(struct sock *sk, char __user
>> > *ukey, if (copy_from_user(key, ukey, keylen))
>> >goto out;
>> >
>> > - err = setkey(ask->private, key, keylen);
>> > + if (key_id) {
> Wouldn't
Hi Herbert
On 12/22/2015 04:09 AM, Herbert Xu wrote:
> On Mon, Dec 21, 2015 at 12:59:59PM -0800, Tadeusz Struk wrote:
>>
>> The previous patch was broken, re-sending again, sorry.
>>
>> I think there is something missing in this configuration.
>> cat .config | gr
On 12/22/2015 06:33 PM, Herbert Xu wrote:
>> What about the first two. This one is completely unrelated.
>> > It only supposed to fix some random configuration issue
>> > reported by a build robot, which isn't really important now.
>> > The other two convert the module verifier to the new API.
>
of the signature_v2_hdr.
- Select CRYPTO_RSA when INTEGRITY_ASYMMETRIC_KEYS is selected.
---
Tadeusz Struk (2):
crypto: KEYS: convert public key to the akcipher api
integrity: convert digsig to akcipher api
crypto/asymmetric_keys/Kconfig|2
crypto/asymmetric_keys/Makefile
This patch converts the module verification code to the new akcipher API.
Signed-off-by: Tadeusz Struk
---
crypto/asymmetric_keys/Kconfig|2
crypto/asymmetric_keys/Makefile |7 -
crypto/asymmetric_keys/pkcs7_parser.c | 12 +-
crypto/asymmetric_keys
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk
---
security/integrity/Kconfig |1 +
security/integrity/digsig_asymmetric.c | 10 +++---
2 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/security/integrity/Kconfig b/security/integrity
public_key_signature is setup. The pointer s needs to
point to the signature instread of the signature_v2_hdr.
- Select CRYPTO_RSA when INTEGRITY_ASYMMETRIC_KEYS is selected.
Signed-off-by: Tadeusz Struk
---
crypto/asymmetric_keys/Kconfig|2
crypto/asymmetric_keys/Makefile |7
On 12/23/2015 06:51 AM, Herbert Xu wrote:
>> > Changes in v4:
>> > - Flatten both patches into one to avoid bisect compilation problems.
> Why is this necessary?
Because the first patch modifies the struct public_key and removes the MPIs
from it,
which the code modified in the second patch still
On 12/23/2015 12:21 PM, Herbert Xu wrote:
> Why not just leave the MPIs in the structure and only remove them
> by adding a third patch?
Right, I think that's a better way of resolving this. v5 on it's way.
Thanks,
--
TS
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel"
.
- Select CRYPTO_RSA when INTEGRITY_ASYMMETRIC_KEYS is selected.
---
Tadeusz Struk (3):
crypto: KEYS: convert public key and digsig asym to the akcipher api
integrity: convert digsig to akcipher api
crypto: public_key: remove MPIs from public_key_signature struct
crypto
After digsig_asymmetric.c is converted the MPIs can be now
safely removed from the public_key_signature structure.
Signed-off-by: Tadeusz Struk
---
include/crypto/public_key.h | 14 +-
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/include/crypto/public_key.h b
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk
---
security/integrity/Kconfig |1 +
security/integrity/digsig_asymmetric.c | 10 +++---
2 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/security/integrity/Kconfig b/security/integrity
This patch converts the module verification code to the new akcipher API.
Signed-off-by: Tadeusz Struk
---
crypto/asymmetric_keys/Kconfig|2
crypto/asymmetric_keys/Makefile |7 -
crypto/asymmetric_keys/pkcs7_parser.c | 12 +-
crypto/asymmetric_keys
Hi Marcel,
On 10/26/2015 09:54 PM, Marcel Holtmann wrote:
> after having discussions with David Howells and David Woodhouse, I don't
> think we should expose akcipher via AF_ALG at all. I think the akcipher
> operations for sign/verify/encrypt/decrypt should operate on asymmetric keys
> in the
with software as well as HW RSA implementations.
Patches generated against cryptodev-2.6
---
Tadeusz Struk (2):
crypto: KEYS: convert public key to the akcipher api
integrity: convert digsig to akcipher api
crypto/asymmetric_keys/Kconfig|2
crypto/asymmetric_keys
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk
---
security/integrity/digsig_asymmetric.c | 10 +++---
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/security/integrity/digsig_asymmetric.c
b/security/integrity/digsig_asymmetric.c
index 4fec181
This patch converts the module verification code to the new akcipher API.
Signed-off-by: Tadeusz Struk
---
crypto/asymmetric_keys/Kconfig|2
crypto/asymmetric_keys/Makefile |7 -
crypto/asymmetric_keys/pkcs7_parser.c | 12 +-
crypto/asymmetric_keys
Hi Mimi,
On 12/10/2015 10:25 AM, Mimi Zohar wrote:
>> This patch set converts the module verification and digital signature
>> > code to the new akcipher API.
>> > RSA implementation has been removed from crypto/asymmetric_keys and the
>> > new API is used for cryptographic primitives.
>> > There
On 02/09/2016 08:49 AM, David Howells wrote:
> Are these in a public git branch somewhere that I can just merge?
>
No, after Herbert reverted them they only exist as separate patches:
https://patchwork.kernel.org/patch/8193021/raw/
https://patchwork.kernel.org/patch/8193001/raw/
Hi David,
On 02/11/2016 02:08 AM, David Howells wrote:
> David Howells wrote:
>
>> > Tadeusz Struk wrote:
>> >
>>>> > > > Why didn't you put the RSA signature parsing - ie. where the OID and
>>>> > > > the other
>>>&g
Hi David,
On 04/14/2016 03:00 PM, David Howells wrote:
> diff --git a/crypto/asymmetric_keys/signature.c
> b/crypto/asymmetric_keys/signature.c
> index 11b7ba170904..8ecbeda16b53 100644
> --- a/crypto/asymmetric_keys/signature.c
> +++ b/crypto/asymmetric_keys/signature.c
Since this file
or
invoke operations defined by a given subtype, depending on the
key type.
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 10 ++
crypto/algif_akcipher.c | 207 ++-
include/crypto/if_alg.h |1
include/uapi/linux/if_alg.h |2
From: Stephan Mueller
Add the Makefile and Kconfig updates to allow algif_akcipher to be
compiled.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/Kconfig |9 +
crypto/Makefile |1 +
2 files changed, 10 insertions(+)
diff --git a/crypto/Kconfig b
Similar to algif_skcipher and algif_hash, algif_akcipher needs
to prevent user space from using the interface in an improper way.
This patch adds nokey ops handlers, which do just that.
Signed-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 159
---
Stephan Mueller (4):
crypto: AF_ALG -- add sign/verify API
crypto: AF_ALG -- add setpubkey setsockopt call
crypto: AF_ALG -- add asymmetric cipher interface
crypto: algif_akcipher - enable compilation
Tadeusz Struk (2):
crypto: algif_akcipher - add ops_nokey
From: Stephan Mueller
For supporting asymmetric ciphers, user space must be able to set the
public key. The patch adds a new setsockopt call for setting the public
key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 18 +-
include
From: Stephan Mueller
Add the flags for handling signature generation and signature
verification.
Also, the patch adds the interface for setting a public key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
include/uapi/linux/if_alg.h |3 +++
1 file changed, 3 insertions
-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 542 +++
1 file changed, 542 insertions(+)
create mode 100644 crypto/algif_akcipher.c
diff --git a/crypto/algif_akcipher.c b/crypto/algif_akcipher.c
new file mode 100644
index 000..6342b6e
--- /dev
;
> url:
> https://github.com/0day-ci/linux/commits/Tadeusz-Struk/crypto-algif-add-akcipher/20160416-043207
> base:
> https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
> master
> config: i386-allmodconfig (attached as .config)
> reproduce:
>
mb to be
written at an invalid address if lzeros > 0. This incremental patch
fixes it.
---8<---
Subject: [PATCH] lib/mpi: fix pointer arithmetic issue in mpi_read_buffer
Fix pointer arithmetic issue, which causes the first limb to be
written at invalid address if lzeros > 0.
Signed-off-b
On 03/22/2016 12:06 AM, Nicolai Stange wrote:
> Ugh. I'll send a v3 fixing this up during the course of the day. Or do
> you prefer to apply your incremental patch below to this v2 as it
> stands?
Either way is fine with me.
Thanks,
--
TS
Hi David,
On 03/30/2016 09:31 AM, David Howells wrote:
>> +keyring = request_key(_type_asymmetric, key_name, NULL);
>> > +
>> > + err = -ENOKEY;
>> > + if (IS_ERR(keyring))
>> > + goto out;
>> > +
>> > + pkey = keyring->payload.data[asym_crypto];
> NAK. This is liable to crash in
-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 542 +++
1 file changed, 542 insertions(+)
create mode 100644 crypto/algif_akcipher.c
diff --git a/crypto/algif_akcipher.c b/crypto/algif_akcipher.c
new file mode 100644
index 000..6342b6e
--- /dev
From: Stephan Mueller
For supporting asymmetric ciphers, user space must be able to set the
public key. The patch adds a new setsockopt call for setting the public
key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 18 +-
include
From: Stephan Mueller
Add the flags for handling signature generation and signature
verification.
Also, the patch adds the interface for setting a public key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
include/uapi/linux/if_alg.h |3 +++
1 file changed, 3 insertions
to base_req
- dropped 3/3
---
Stephan Mueller (4):
crypto: AF_ALG -- add sign/verify API
crypto: AF_ALG -- add setpubkey setsockopt call
crypto: AF_ALG -- add asymmetric cipher interface
crypto: algif_akcipher - enable compilation
Tadeusz Struk (3):
crypto: algif_akcipher
From: Stephan Mueller
Add the Makefile and Kconfig updates to allow algif_akcipher to be
compiled.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/Kconfig |9 +
crypto/Makefile |1 +
2 files changed, 10 insertions(+)
diff --git a/crypto/Kconfig b
Similar to algif_skcipher and algif_hash, algif_akcipher needs
to prevent user space from using the interface in an improper way.
This patch adds nokey ops handlers, which do just that.
Signed-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 159
or
invoke operations defined by a given subtype, depending on the
key type.
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 10 +++
crypto/algif_akcipher.c | 146 ++-
include/crypto/if_alg.h |1
include/uapi/linux/if_alg.h |2
This adds generic sign, verify, encrypt, decrypt accessor
functions to the asymmetric key type. These will be defined by
asymmetric subtypes, similarly to how public_key currently defines
the verify_signature function.
Signed-off-by: Tadeusz Struk
---
crypto/asymmetric_keys/asymmetric_type.c
Hi Herbert,
On 04/05/2016 04:29 AM, Herbert Xu wrote:
> On Sat, Mar 05, 2016 at 05:20:44PM -0800, Tadeusz Struk wrote:
>> > Hi,
>> > The following series adds TLS type authentication. To do this a new
>> > template, encauth, is introduced. It is derived from the
API
crypto: AF_ALG -- add setpubkey setsockopt call
crypto: AF_ALG -- add asymmetric cipher interface
crypto: algif_akcipher - enable compilation
Tadeusz Struk (3):
crypto: algif_akcipher - add ops_nokey
crypto: KEYS - add public_key info query
crypto: AF_ALG
it, etc.
Signed-off-by: Tadeusz Struk
---
crypto/asymmetric_keys/x509_cert_parser.c |1 +
include/crypto/public_key.h | 31 +
2 files changed, 32 insertions(+)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c
b/crypto/asymmetric_keys
From: Stephan Mueller
Add the flags for handling signature generation and signature
verification.
Also, the patch adds the interface for setting a public key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
include/uapi/linux/if_alg.h |3 +++
1 file changed, 3 insertions
From: Stephan Mueller
Add the Makefile and Kconfig updates to allow algif_akcipher to be
compiled.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/Kconfig |9 +
crypto/Makefile |1 +
2 files changed, 10 insertions(+)
diff --git a/crypto/Kconfig b
crypto API functions, either the
crypto_akcipher_set_priv_key or the crypto_akcipher_set_pub_key,
depending on the used option. Subsequently the asymmetric key
will be freed and return code returned back to the user.
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 50
-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 542 +++
1 file changed, 542 insertions(+)
create mode 100644 crypto/algif_akcipher.c
diff --git a/crypto/algif_akcipher.c b/crypto/algif_akcipher.c
new file mode 100644
index 000..6342b6e
--- /dev
Similar to algif_skcipher and algif_hash, algif_akcipher needs
to prevent user space from using the interface in an improper way.
This patch adds nokey ops handlers, which do just that.
Signed-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 159
From: Stephan Mueller
For supporting asymmetric ciphers, user space must be able to set the
public key. The patch adds a new setsockopt call for setting the public
key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 18 +-
include
improving the system]
>
> url:
> https://github.com/0day-ci/linux/commits/Tadeusz-Struk/crypto-algif-add-akcipher/20160330-090754
> config: i386-randconfig-i1-03292045 (attached as .config)
> reproduce:
> # save the attached .config to linux build tree
> make AR
Similar to algif_skcipher and algif_hash, algif_akcipher needs
to prevent user space from using the interface in an improper way.
This patch adds nokey ops handlers, which do just that.
Signed-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 159
compilation
Tadeusz Struk (2):
crypto: algif_akcipher - add ops_nokey
crypto: AF_ALG - add support for key_id
crypto/Kconfig |9
crypto/Makefile |1
crypto/af_alg.c | 28 +
crypto/algif_akcipher.c | 878
From: Stephan Mueller
Add the flags for handling signature generation and signature
verification.
Also, the patch adds the interface for setting a public key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
include/uapi/linux/if_alg.h |3 +++
1 file changed, 3 insertions
or
invoke operations defined by a given subtype, depending on the
key type.
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 10 ++
crypto/algif_akcipher.c | 212 ++-
include/crypto/if_alg.h |1
include/uapi/linux/if_alg.h |2
From: Stephan Mueller
Add the Makefile and Kconfig updates to allow algif_akcipher to be
compiled.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/Kconfig |9 +
crypto/Makefile |1 +
2 files changed, 10 insertions(+)
diff --git a/crypto/Kconfig b
on the output
buffer size.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/algif_akcipher.c | 531 +++
1 file changed, 531 insertions(+)
create mode 100644 crypto/algif_akcipher.c
diff --git a/crypto/algif_akcipher.c b/crypto
From: Stephan Mueller
For supporting asymmetric ciphers, user space must be able to set the
public key. The patch adds a new setsockopt call for setting the public
key.
Signed-off-by: Stephan Mueller
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c | 18 +-
include
Hi Mat,
On 06/29/2016 11:43 AM, Mat Martineau wrote:
>> +ret = verify_signature(key, );
>> +if (!ret) {
>> +req->dst_len = sizeof(digest);
>
> I think you fixed the BUG_ON() problem but there's still an issue with
> the handling of the digest. Check the use of sig->digest in
>
Hi Mat,
On 07/06/2016 12:38 PM, Mat Martineau wrote:
>> So it looks like the only thing that we need to return to the user in
>> this case is the return code. Do you agree?
>
> The way verify_signature is implemented today, the only output is the
> return code. For verify, maybe no read is
On 07/08/2016 09:38 AM, Mat Martineau wrote:
> Are the inputs and outputs defined for ALG_OP_VERIFY in SET_KEY mode
> going to work for hardware keys (like TPM) in SET_KEY_ID mode? That's
> needed if the verify SET_KEY_ID mode is to be added later.
Yes, we will just need to change the
Hi Herbert,
On 02/27/2016 10:40 AM, Herbert Xu wrote:
> Tadeusz Struk wrote:
>>
>> diff --git a/crypto/rsa.c b/crypto/rsa.c
>> index 9a7c9ca..77d737f 100644
>> --- a/crypto/rsa.c
>> +++ b/crypto/rsa.c
>> @@ -16,78 +16,6 @@
>> #include
>>
>&g
for outstanding
request
Signed-off-by: Tadeusz Struk
---
crypto/algif_aead.c | 268 +--
1 file changed, 237 insertions(+), 31 deletions(-)
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 147069c..80a0f1a 100644
--- a/crypto/algif_aead.c
Move the helper function to common header for everybody to use.
Signed-off-by: Tadeusz Struk
---
drivers/crypto/atmel-aes.c |6 --
include/crypto/aead.h |6 ++
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel
for memory allocation
- use sock_hold instead of separate atomic ctr to wait for outstanding request
Signed-off-by: Tadeusz Struk
---
crypto/algif_aead.c | 278 +--
1 file changed, 248 insertions(+), 30 deletions(-)
diff --git a/crypto/algif_aead.c b
;
> url:
> https://github.com/0day-ci/linux/commits/Tadeusz-Struk/crypto-af_alg-add-async-support-to-algif_aead/20160128-061818
> base:
> https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
> master
> config: x86_64-randconfig-x011-01270835 (attached as
Hi Stephan,
On 01/27/2016 10:26 PM, Stephan Mueller wrote:
>> +for (i = 0; i < areq->tsgls; i++)
>> > + put_page(sg_page(sg + i));
> Shouldn't here be the same logic as in put_sgl? I.e.
>
> for (i = 0; i < sgl->cur; i++) {
> if (!sg_page(sg + i))
>
On 01/28/2016 09:09 AM, Stephan Mueller wrote:
> Am Donnerstag, 28. Januar 2016, 08:00:25 schrieb Tadeusz Struk:
>
> Hi Tadeusz,
>
>> Hi Stephan,
>>
>> On 01/27/2016 10:26 PM, Stephan Mueller wrote:
>>>> + for (i = 0; i < areq->tsgls; i
ation type.
---
Tadeusz Struk (3):
crypto: authenc - add TLS type encryption
crypto: af_alg - add AEAD operation type
crypto: algif_aead - modify algif aead interface to work with encauth
crypto/Makefile |2
crypto/af_alg.c |6 +
crypto/algif_aead.c
We need to allow the user to set the authentication type.
This adds a new operation that sets IPSec or TLS authentication mode.
Signed-off-by: Tadeusz Struk
---
crypto/af_alg.c |6 ++
include/crypto/if_alg.h |1 +
include/uapi/linux/if_alg.h |4
3 files
Updates to algif_aead to allow it to work with the new TLS authentication
mode. This patch is generated on top of the algif_aead async patch:
https://patchwork.kernel.org/patch/8182971/
Signed-off-by: Tadeusz Struk
---
crypto/algif_aead.c | 93
len + plaintext len + hash size + cipher block size
On decrypt first the whole buffer is decrypted, and then
verification of the authdata and padding is performed.
Signed-off-by: Tadeusz Struk
---
crypto/Makefile |2
crypto/encauth.c | 510
This patch converts the module verification code to the new akcipher API.
Signed-off-by: Tadeusz Struk
---
crypto/asymmetric_keys/Kconfig|2
crypto/asymmetric_keys/Makefile |7 -
crypto/asymmetric_keys/pkcs7_parser.c | 12 +-
crypto/asymmetric_keys
instread of the signature_v2_hdr.
- Select CRYPTO_RSA when INTEGRITY_ASYMMETRIC_KEYS is selected.
---
Tadeusz Struk (3):
crypto: KEYS: convert public key and digsig asym to the akcipher api
integrity: convert digsig to akcipher api
crypto: public_key: remove MPIs from
After digsig_asymmetric.c is converted the MPIs can be now
safely removed from the public_key_signature structure.
Signed-off-by: Tadeusz Struk
---
include/crypto/public_key.h | 14 +-
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/include/crypto/public_key.h b
Convert asymmetric_verify to akcipher api.
Signed-off-by: Tadeusz Struk
---
security/integrity/Kconfig |1 +
security/integrity/digsig_asymmetric.c | 10 +++---
2 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/security/integrity/Kconfig b/security/integrity
Hi Cristian,
On 03/07/2016 01:05 AM, Cristian Stoica wrote:
> Hi Tadeusz,
>
>
> +static int crypto_encauth_dgst_verify(struct aead_request *req,
> + unsigned int flags)
> +{
> + struct crypto_aead *tfm = crypto_aead_reqtfm(req);
> + unsigned int
Hi Cristian,
On 03/08/2016 12:20 AM, Cristian Stoica wrote:
> There is also a follow-up in the next paragraph:
>
> "That pretty much sums up the new attack: the side-channel defenses that were
> hoped to be sufficient were found not to be (again). So the answer, this time
> I believe, is to
This adds hash param to pkcs1pad.
The pkcs1pad template can work with or without the hash.
When hash param is provided then the verify operation will
also verify the output against the known digest.
Signed-off-by: Tadeusz Struk
---
crypto/rsa-pkcs1pad.c | 182
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-rsa
---
Tadeusz Struk (2):
crypto: Add hash param to pkcs1pad
crypto: remove paddings logic from rsa.c
crypto/asymmetric_keys/software_pkey.c | 28
crypto/rsa-pkcs1pad.c | 182
and the hash param is passed via pksc1pad.
Signed-off-by: Tadeusz Struk
---
crypto/asymmetric_keys/software_pkey.c | 28
crypto/rsa.c | 210 +---
crypto/testmgr.c |5 -
include/crypto/akcipher.h |7
On 06/09/2016 11:36 AM, Stephan Mueller wrote:
> Am Donnerstag, 9. Juni 2016, 11:27:13 schrieb Mat Martineau:
>
> Hi Mat, Tadeusz,
>
>> On Thu, 9 Jun 2016, Stephan Mueller wrote:
>>> Am Donnerstag, 9. Juni 2016, 11:18:04 schrieb Mat Martineau:
>>>
>>> Hi Mat,
>>>
> Or is your concern that
Hi Mat,
On 05/25/2016 05:45 PM, Mat Martineau wrote:
>
> On Sat, 14 May 2016, Tadeusz Struk wrote:
>
>> diff --git a/crypto/algif_akcipher.c b/crypto/algif_akcipher.c
>> index e00793d..6733df1 100644
>> --- a/crypto/algif_akcipher.c
>> +++ b/crypto/algif_akcipher
On 04/12/2016 03:10 PM, David Howells wrote:
>> +/**
>> > + * asymmetric_key_verify_signature - invoke verify signature operation on
>> > a key
>> > + * of the asymmetric subtype
>> > + * @key: key from the system keyring
>> > + * @sig: signature to verify
>> >
Hi Fridolin,
On 04/12/2016 04:13 AM, Fridolin Pokorny wrote:
> we were experimenting with this. We have a prove of concept of a kernel
> TLS type socket, so called AF_KTLS, which is based on Dave Watson's
> RFC5288 patch. It handles both TLS and DTLS, unfortunately it is not
> ready now to be
On 04/21/2016 04:07 AM, Sowmini Varadhan wrote:
>
> Commit 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") added
> mpi_write_to_sgl() which generates traps due to unaligned
> access on some platforms like sparc. Fix this by using
> the get_unaligned* and put_unaligned* functions.
>
> Fixes:
Hi David,
On 02/10/2016 06:17 AM, David Howells wrote:
> Why didn't you put the RSA signature parsing - ie. where the OID and the other
> bits are checked - into crypto/rsa.c?
>
Do you want to get rid of the crypto/asymmetric_keys/rsa.c completely?
I wanted to make the conversion churn as small
ad of enum
> X.509: Make the public_key asymmetric key type internal data private
> X.509: Rename public_key.c to software_pkey.c
> X.509: Rename public_key* to software_pkey*
>
> Tadeusz Struk (3):
> crypto: KEYS: convert public key and digsig asym to the akcipher
On 02/19/2016 09:18 AM, David Howells wrote:
> Move the RSA EMSA-PKCS1-v1_5 encoding from the asymmetric-key public_key
> subtype to the rsa crypto module. This means that the public_key subtype
> no longer has any dependencies on public key type.
>
> To make this work, I've made the following
501 - 600 of 611 matches
Mail list logo