Re: [RFC PATCH v2] akcipher: Introduce verify_rsa/verify for public key algorithms

From: David Howells
Date: Wed Jan 16 2019 - 12:12:29 EST


Umm... What do I apply this patch to?

In your modified public_key_verify_signature():

> - sg_init_one(&digest_sg, output, outlen);
> - akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
> + sg_init_one(&output_sg, output, outlen);
> + akcipher_request_set_crypt(req, &sig_sg, &output_sg, sig->s_size,
> outlen);

Why is the output necessary? It was there for the decoded hash to be placed
in prior to comparison - but now that's not necessary.

> - ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
> + ret = crypto_wait_req(crypto_akcipher_verify(req, sig->digest,
> + sig->digest_size), &cwait);

I see sig->digest is passed in here. Should it be passed in in place of
output_sg above?

> - inst->alg.verify = pkcs1pad_verify;
> + inst->alg.verify_rsa = pkcs1pad_verify;

Is there a reason that pkcs1pad_verify() can't do the comparison?

> - .verify = rsa_verify,
> + .verify_rsa = rsa_verify,

Likewise verify_rsa()?

Granted, this might involve pkcs1pad_verify() dressing up the signature in the
appropriate wrappings and passing it along to verify_rsa() to do the actual
comparison there (ie. what pkcs1pad_verify_complete() does).

> - .verify = caam_rsa_enc,
> + .verify_rsa = caam_rsa_enc,

I presume this is the reason - because this reuses its encrypt operation
directly. But could this instead perform the comparison upon completion, say
in rsa_pub_done()?

> - .verify = qat_rsa_enc,
> + .verify_rsa = qat_rsa_enc,

Again, this could do the comparison, say, in qat_rsa_cb().

David