Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1214130imu;
        Wed, 16 Jan 2019 14:58:57 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7mJJacohtvSnRFMOjhI5v9imXi5MdZRvf6AIIIwITNiim4qVn9vWwwGWqNB8TGTczyXK+0
X-Received: by 2002:a62:3006:: with SMTP id w6mr12350295pfw.258.1547679537121;
        Wed, 16 Jan 2019 14:58:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547679537; cv=none;
        d=google.com; s=arc-20160816;
        b=0epg3YSKsHaCxQDD61Y2cZn4393JIewKzyA4RYtWaH15cRZYzSDVAKn0ruO1bByTfr
         SlT8pKHdiB+TjkDrTsjXLfCTTazd7AFgTWQ1fSsiXKhh/jx5CnnZK7UZBSAYrDo5fidA
         bqWNqJ9RuG6zCc0NEJGenJtT6Ri4jf9SA5UOgschznq0wjwyiyEkYwpPtQodRhDIMWFj
         xQ8LtCeTMP6w0p4Tt67JGh4y6yMH84B3M+3Qo2Lwf/bK3zU1xj9tYrVsnJKX4dWfj1K+
         RK0ha+RmbQd1kyhRHGPZEV3QTOIXoyFUCGhaHp8pvzh9FDxq9wHUHaVlXHyIFvU7P6CA
         R3Aw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:content-id:mime-version
         :subject:cc:to:references:in-reply-to:from:organization;
        bh=l25KvHleYTlv+mMhsVQEvAWaEgfs1ufCcDeYdODqdYA=;
        b=CnRlDPEl1pfRpTnqHYq7hSGZdTVzwm8bpDPk6MCBq5k473CB61cd1qRTA4Oc3hKLwd
         gYcAFzJSXX63kYEnUe9YeNSLpBS1yGLDzcgdTm5ofQCt9+PGBsYGKB+Aqjp4yzePVxU0
         VB9AbFfVITosHYEruqrw8O4dJPoRGcyHy8Rn20GQolT3U3MyPTJBY7NOXcEk5MVn6GhZ
         fZ4BqprWvgFzGNceFU60JgPB9EPO09Vlx06kges7rQSR/upjMJ/V3zN7exFV+s6p+wJ7
         /eHXKeiP2kKtqJ7tmc6U1DbDzB7t9COI1NSGUn5/RS3GsY1cYQl3SVBZzCZ3TqcOiisH
         1ovQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 9si7843686pfq.129.2019.01.16.14.58.39;
        Wed, 16 Jan 2019 14:58:57 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2405380AbfAPQTO (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Wed, 16 Jan 2019 11:19:14 -0500
Received: from mx1.redhat.com ([209.132.183.28]:41574 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730514AbfAPQTO (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 16 Jan 2019 11:19:14 -0500
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 0AC2F8E584;
        Wed, 16 Jan 2019 16:19:14 +0000 (UTC)
Received: from warthog.procyon.org.uk (ovpn-120-244.rdu2.redhat.com [10.10.120.244])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 66B9A600C8;
        Wed, 16 Jan 2019 16:19:12 +0000 (UTC)
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
        Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
        Kingdom.
        Registered in England and Wales under Company Registration No. 3798903
From:   David Howells <dhowells@redhat.com>
In-Reply-To: <20190106133608.820-3-vt@altlinux.org>
References: <20190106133608.820-3-vt@altlinux.org> <20190106133608.820-1-vt@altlinux.org>
To:     Vitaly Chikunov <vt@altlinux.org>
Cc:     dhowells@redhat.com, Herbert Xu <herbert@gondor.apana.org.au>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 2/4] akcipher: Introduce verify2 for public key algorithms
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <21753.1547655551.1@warthog.procyon.org.uk>
Date:   Wed, 16 Jan 2019 16:19:11 +0000
Message-ID: <21754.1547655551@warthog.procyon.org.uk>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 16 Jan 2019 16:19:14 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Vitaly Chikunov <vt@altlinux.org> wrote:

> Current akcipher .verify() just decrypts signature to uncover message
> hash, which is then verified in upper level public_key_verify_signature
> by memcmp with the expected signature value, which is never passed into
> verify().

I think it would be better to make ->verify() take the data hash we've been
given rather than returning the expected hash for the caller to compare.  That
way the callers don't have to do two different things, depending on how the
crypto algo works.

David