Re: [RFC PATCH] akcipher: Introduce verify2 for public key algorithms

From: Herbert Xu
Date: Thu Dec 13 2018 - 05:12:43 EST

Vitaly Chikunov <vt@xxxxxxxxxxxx> wrote:
> Current akcipher .verify() just decrypts signature to uncover message
> hash, which is then verified in upper level public_key_verify_signature
> by memcmp with the expected signature value, which is never passed into
> verify().
> This approach is incompatible with ECDSA algorithms, because, to verify
> a signature ECDSA algorithm also needs a hash value as input; also, hash
> is used in ECDSA (together with a signature divided into halves `r||s`),
> not to produce hash, but to produce a number, which is then compared to
> `r` (first part of the signature) to determine if the signature is
> correct. Thus, for ECDSA, nor requirements of .verify() itself, nor its
> output expectations in public_key_verify_signature aren't satisfied.
> Make alternative .verify2() call which gets hash value and produce
> complete signature check (without any output, thus max_size() call will
> not be needed for verify2() operation).
> If .verify2() call is present, it should be used in place of .verify().
> Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx>

We should convert all existing users to this interface and not
have both verify/verify2 forever.

Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page:
PGP Key: