Vitaly Chikunov <v...@altlinux.org> wrote: > Some public key algorithms (like ECDSA) keep in parameters field > important data such as digest and curve OIDs (possibly more for > different ECDSA variants). Thus, just setting a public key (as > for RSA) is not enough. > > Introduce set_params() callback for akcipher which will be used to > pass BER encoded parameters array, with additional argument of > algorithm OID. > > This is done with the intent of adding support for EC-RDSA (ISO/IEC > 14888-3:2018, RFC 7091, and basically ECDSA variant) public keys (which > will be finally used in IMA subsystem). Thus, also oid_registry.h is > updated. > > Rationale: > > - For such keys just setting public key without parameters is > meaningless, so it would be possible to add parameters in > crypto_akcipher_set_pub_key (and .set_pub_key) calls. But, this will > needlessly change API for RSA akcipher. Also, additional callback > making it possible to pass parameters after > crypto_akcipher_set_priv_key (and .set_priv_key) in the future. > > - Algorithm OID is passed to be validated in .set_params callback, > otherwise, it could have the wrong value. > > - Particular algorithm OIDs are checked in x509_note_params, (because > this is called from AlgorithmIdentifier (ASN.1) parser, which is > called multiple times, as it's used multiple times in X.509 > certificate), to distinguish a public key call from a signature call. > > Signed-off-by: Vitaly Chikunov <v...@altlinux.org>
Please post this with a patch that actually uses the set_params callback. Thanks, -- Email: Herbert Xu <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
