Re: [PATCH v5 5/5] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE

From: Jarkko Sakkinen
Date: Thu May 23 2024 - 18:03:01 EST


On Fri May 24, 2024 at 12:52 AM EEST, Jarkko Sakkinen wrote:
> On Fri May 24, 2024 at 12:39 AM EEST, Jarkko Sakkinen wrote:
> > On Fri May 24, 2024 at 12:25 AM EEST, Jarkko Sakkinen wrote:
> > > + /*
> > > + * ABI requires this according include/crypto/akcipher.h, which says
> > > + * that there is epilogue with algorithm OID and parameters length.
> > > + * Neither size nor semantics is documented *anywhere*, and there's no
> > > + * struct to hold them.
> > > + *
> > > + * So zeroing out the last eight bytes after the key blob seems like the
> > > + * best bet, given no better (or any) information. The size of the
> > > + * parameters (two u32's) was found from crypto/asymmetric/public_key.c.
> > > + */
> > > + memset(work, 0, 8);
> >
> > This is a mystery (or nightmare).
>
> This is from akchiper_alg documentation:
>
> * @set_pub_key: Function invokes the algorithm specific set public key
> * function, which knows how to decode and interpret
> * the BER encoded public key and parameters
>
> No struct, no size information and no description what they are used for.
>
> Can we get these properly documented? My documentation at the moment
> is grep and kprobes, literally.

That said, zero issues with the interface, just pointing out the
part that is not right, and should be fixed.

I mean I have three layers: this, rsa-pcks1 and rsa. How I can be
sure that either of two layers below never ever up until sun melts
will do any changes that would break, with the data that I put
there? Is this a contract that will hold forever?

This is concerning so I have to point this out.

BR, Jarkko