OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

virtio-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [External] [virtio-comment] [V3 PATCH 0/1] Introduce virtio asymmetric crypto service

> On Apr 12, 2022, at 4:55 PM, Paolo Bonzini <pbonzini@redhat.com> wrote:
> On Tue, Apr 12, 2022 at 10:15 AM Cornelia Huck <cohuck@redhat.com> wrote:
>> +#define VIRTIO_CRYPTO_RSA_MD2       1
>> +#define VIRTIO_CRYPTO_RSA_MD3       2
>> +#define VIRTIO_CRYPTO_RSA_MD4       3
>> +#define VIRTIO_CRYPTO_RSA_MD5       4
>> +#define VIRTIO_CRYPTO_RSA_SHA1      5
>> +#define VIRTIO_CRYPTO_RSA_SHA256    6
>> +#define VIRTIO_CRYPTO_RSA_SHA384    7
>> +#define VIRTIO_CRYPTO_RSA_SHA512    8
>> +#define VIRTIO_CRYPTO_RSA_SHA224    9
> Hi, should virtio-crypto really support outdated hashes such as MD2-MD5?
> The kernel driver that has been merged only uses SHA1 or raw.
> Paolo

Removing these outdated hash algorithms is OK for me,  there are two reasons to keep
these outdated hashing algorithms:
1. In the early stage of development, I referred to OpenSSL, and those hash
 algorithms are all supported by OpenSSL.
2. When providing signing/verifying services, we only need to use their corresponding
 OIDs instead of doing the actual hashing.
Now that hashing algorithms like md2 are considered outdated by everyone, it is better to
remove them before the protocol is updated.

As Daniel said, we can also use VIRTIO_CRYPTO_HASH_XXX directly to specify the 
hash algorithm for rsa-pkcs1pad. But there is a little problem here: linux kernelâs 
built-in rsa-pkcs1pad implementation can recognize rmd160. 
Should we add a constant like âVIRTIO_CRYPTO_HASH_RMD160â ?	

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]