Re: [GIT PULL] Asymmetric keys and module signing

2012-09-24 Thread David Howells
David Howells wrote: > Note, this implementation of the X.509 certificate parser uses a couple of > patterns to drive a reusable ASN.1 decoder. I do, however, have a direct > in-line decoder implementation also that can only decode X.509 certs. The > stack space usage is greater, but the code s

[GIT PULL] Asymmetric keys and module signing

2012-09-24 Thread David Howells
Hi Herbert, Rusty, Here are my latest module signing patches on top of the asymmetric key crypto patches, which I hope Herbert will consider taking, at least from the crypto-keys-post-KS branch: http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads

Re: [PATCH 0/1] dm-integrity: integrity protection device-mapper target

2012-09-24 Thread Kasatkin, Dmitry
On Mon, Sep 24, 2012 at 4:47 PM, Milan Broz wrote: > On 09/24/2012 11:55 AM, Dmitry Kasatkin wrote: >> Both dm-verity and dm-crypt provide block level integrity protection. > > This is not correct. dm-crypt is transparent block encryption target, > where always size of plaintext == size of ciphert

Re: [PATCH 0/1] dm-integrity: integrity protection device-mapper target

2012-09-24 Thread Milan Broz
On 09/24/2012 11:55 AM, Dmitry Kasatkin wrote: > Both dm-verity and dm-crypt provide block level integrity protection. This is not correct. dm-crypt is transparent block encryption target, where always size of plaintext == size of ciphertext. So it can provide confidentiality but it CANNOT provid

Re: [PATCH 1/4] drivers/crypto/ux500/cryp/cryp_core.c: fix error return code

2012-09-24 Thread Arun Murthy
On Mon, Sep 17, 2012 at 10:58 PM, Peter Senna Tschudin wrote: > From: Peter Senna Tschudin > > Convert a nonnegative error return code to a negative one, as returned > elsewhere in the function. > > A simplified version of the semantic match that finds this problem is as > follows: (http://coccin

[PATCH 0/1] dm-integrity: integrity protection device-mapper target

2012-09-24 Thread Dmitry Kasatkin
There are two existing offline integrity models: file level integrity (linux-integrity subsystem EVM/IMA-appraisal) and block level integrity (dm-verity, dm-crypt). This patch provides a new block level method called device-mapper "integrity" target (dm-integrity), which provides transparent crypt

[PATCH 1/1] dm-integrity: integrity protection device-mapper target

2012-09-24 Thread Dmitry Kasatkin
Device-mapper "integrity" target provides transparent cryptographic integrity protection of the underlying read-write block device using hash-based message authentication codes (HMACs). HMACs can be stored on the same or different block device. dm-integrity uses an encrypted key type, stored on th