[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [External] [virtio-comment] [V3 PATCH 0/1] Introduce virtio asymmetric crypto service
> On Apr 12, 2022, at 4:55 PM, Paolo Bonzini <pbonzini@redhat.com> wrote: > > On Tue, Apr 12, 2022 at 10:15 AM Cornelia Huck <cohuck@redhat.com> wrote: >> +#define VIRTIO_CRYPTO_RSA_NO_HASH 0 >> +#define VIRTIO_CRYPTO_RSA_MD2 1 >> +#define VIRTIO_CRYPTO_RSA_MD3 2 >> +#define VIRTIO_CRYPTO_RSA_MD4 3 >> +#define VIRTIO_CRYPTO_RSA_MD5 4 >> +#define VIRTIO_CRYPTO_RSA_SHA1 5 >> +#define VIRTIO_CRYPTO_RSA_SHA256 6 >> +#define VIRTIO_CRYPTO_RSA_SHA384 7 >> +#define VIRTIO_CRYPTO_RSA_SHA512 8 >> +#define VIRTIO_CRYPTO_RSA_SHA224 9 > > Hi, should virtio-crypto really support outdated hashes such as MD2-MD5? > The kernel driver that has been merged only uses SHA1 or raw. > > Paolo > Removing these outdated hash algorithms is OK for me, there are two reasons to keep these outdated hashing algorithms: 1. In the early stage of development, I referred to OpenSSL, and those hash algorithms are all supported by OpenSSL. 2. When providing signing/verifying services, we only need to use their corresponding OIDs instead of doing the actual hashing. Now that hashing algorithms like md2 are considered outdated by everyone, it is better to remove them before the protocol is updated. As Daniel said, we can also use VIRTIO_CRYPTO_HASH_XXX directly to specify the hash algorithm for rsa-pkcs1pad. But there is a little problem here: linux kernelâs built-in rsa-pkcs1pad implementation can recognize rmd160. Should we add a constant like âVIRTIO_CRYPTO_HASH_RMD160â ?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]