Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp662966imu;
        Thu, 13 Dec 2018 02:13:54 -0800 (PST)
X-Google-Smtp-Source: AFSGD/WE932nn6mZkI3KFuznezhCN7PnDnNto8rtGY3YHAPAZI7u7wpJKrRQ3OULcNIp9Oy+XQ/N
X-Received: by 2002:a17:902:4:: with SMTP id 4mr23177697pla.20.1544696034090;
        Thu, 13 Dec 2018 02:13:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544696034; cv=none;
        d=google.com; s=arc-20160816;
        b=LqbEJ4HLh8N1AUvIp1OFZMwitO+J2hLFO/gfqQO5JHqMJJ+cq/bOgdl7ywOm7z8gpW
         zK+oEZC19tmok2Y6dX1a73azaC4HEais3z+zMOUw7aNkgt/kWftMAdro2WnYfVBRMSZw
         NqJWbcJEewfqyg2U7yj3bOVZn7r0mVUNq+XTp+ojZ4TWyO9iASUoWSpAeI/VnMVDdtdA
         qrdKrQUc3GuuAB7owuFVchf2OfwTosA8/NGOQS4I4u/ftE7Hde0C23LjxswPBG5bB9Ie
         CTNtzFNxeGp0P0lYPN5uYADEoecc0L4yrMg2pt6y0d6QKY68tclVnsvqVofgriZlfmeI
         qqCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:organization:in-reply-to
         :content-disposition:mime-version:message-id:subject:cc:to:from:date;
        bh=lxfTEdeR0l2gNNv3npPAqUIW2EKWDw6yiUPIi3MhfcE=;
        b=0RfB83bRn2/kVGDioDJYVMlK2ni0rg2vFPpnn2rrhMhACDCqSHM2/fIYdJgamdRZpF
         DY/Ew4OVDc9rDB5wdIxKnJz4MAL0tI2dKApbTvnnisYO4W8/ELnBQhYj8VQOZeGZ+MqJ
         xfoTcSKifMs+WoUdmrOjZ1ogO+UcYCHB3LK4V1xsw5SivD4INklfTd978ypRyWpvLXfL
         oCxDZN+kpRODSMFIelESqmYS8TgUWG20gDj7epqM610jlBwhk5bo51okZAeHDaDVA5cy
         ets6ZC5wV4JeRsG5N7oREvXToAwpaZhNphuN0QpV1KUPWYQ8dzEQYUgl2gOS3lTJeMJO
         rk2w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d69si1305217pga.184.2018.12.13.02.13.38;
        Thu, 13 Dec 2018 02:13:54 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728099AbeLMKMl (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Thu, 13 Dec 2018 05:12:41 -0500
Received: from orcrist.hmeau.com ([104.223.48.154]:50394 "EHLO
        deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727489AbeLMKMl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Dec 2018 05:12:41 -0500
Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar)
        by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian))
        id 1gXNyu-0002uR-71; Thu, 13 Dec 2018 18:12:36 +0800
Received: from herbert by gondobar with local (Exim 4.89)
        (envelope-from <herbert@gondor.apana.org.au>)
        id 1gXNyr-0004XO-Rh; Thu, 13 Dec 2018 18:12:33 +0800
Date:   Thu, 13 Dec 2018 18:12:33 +0800
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     Vitaly Chikunov <vt@altlinux.org>
Cc:     dhowells@redhat.com, davem@davemloft.net, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH] akcipher: Introduce verify2 for public key algorithms
Message-ID: <20181213101233.6t7d5mxxkkavo46h@gondor.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20181211165938.1150-1-vt@altlinux.org>
X-Newsgroups: apana.lists.os.linux.cryptoapi,apana.lists.os.linux.kernel
Organization: Core
User-Agent: NeoMutt/20170113 (1.7.2)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Vitaly Chikunov <vt@altlinux.org> wrote:
> Current akcipher .verify() just decrypts signature to uncover message
> hash, which is then verified in upper level public_key_verify_signature
> by memcmp with the expected signature value, which is never passed into
> verify().
> 
> This approach is incompatible with ECDSA algorithms, because, to verify
> a signature ECDSA algorithm also needs a hash value as input; also, hash
> is used in ECDSA (together with a signature divided into halves `r||s`),
> not to produce hash, but to produce a number, which is then compared to
> `r` (first part of the signature) to determine if the signature is
> correct.  Thus, for ECDSA, nor requirements of .verify() itself, nor its
> output expectations in public_key_verify_signature aren't satisfied.
> 
> Make alternative .verify2() call which gets hash value and produce
> complete signature check (without any output, thus max_size() call will
> not be needed for verify2() operation).
> 
> If .verify2() call is present, it should be used in place of .verify().
> 
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>

We should convert all existing users to this interface and not
have both verify/verify2 forever.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt