Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer

From: David Howells
Date: Fri Feb 26 2016 - 06:42:21 EST

Next message: Xiao Guangrong: "Re: [PATCH] KVM: x86: fix missed hardware breakpoints"
Previous message: Paolo Bonzini: "Re: [PATCH] KVM: x86: fix missed hardware breakpoints"
In reply to: David Howells: "Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Zaborowski <balrogg@xxxxxxxxxxxxxx> wrote:

> Without overhauling akcipher you could modify pkcs1pad so that sign
> takes the hash as input, adds the DER struct in front of it to build
> the signature, and the verify operation could at most check that the
> DER string matches the hash type and return the hash. But I think
> RFC2437 suggests that you rather compare the signatures, not the
> hashes.

Whilst that is true about what RFC2437 shows, I wonder how strict it wants to
be about that rather than it just being a convenient way of describing the
algorithm.

The advantage of doing it the way the RFC suggests is that you get to use the
EMSA-PKCS1-V1_5-ENCODE operation twice, thereby saving code and only having
one place for bugs to occur instead of two - but you can argue this either
way.

That said, I would be okay with it returning just the message hash with the
padding stripped off, providing the padding is validated in the crypto layer,
if that's necessary.

David

Next message: Xiao Guangrong: "Re: [PATCH] KVM: x86: fix missed hardware breakpoints"
Previous message: Paolo Bonzini: "Re: [PATCH] KVM: x86: fix missed hardware breakpoints"
In reply to: David Howells: "Re: [PATCH 4/8] akcipher: Move the RSA DER encoding to the crypto layer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]