d@nny disc@ mc²5d ago

can someone explain why the guy who posted 45 patches to "rewrite the kernel in c++" in 2018 is posting completely insane modifications to crypto/ in his linux-fs tree (edit: this is all on master and i assume it's going in the 7.0 rc) https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?h=keys-pqc&id=f3eccecd782dbaf33d5ad0d1fd22ea277300acdb

pkcs7: Allow the signing algo to do whatever digestion it wants itself

Allow the data to be verified in a PKCS#7 or CMS message to be passed
directly to an asymmetric cipher algorithm (e.g. ML-DSA) if it wants to do
whatever passes for hashing/digestion itself. The normal digestion of the
data is then skipped as that would be ignored unless another signed info in
the message has some other algorithm that needs it.

so already this is framing ML-DSA as like doing something extra but the NIST publication indicates that's the job of HashML-DSA

https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf

this exact fucking guy has an entirely separate "keyutils" repo (he apparently has a patent in this space?) https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/ no activity for 3 years

Rename ->digest and ->digest_len to ->m and ->m_size to represent the input
to the signature verification algorithm, reflecting that ->digest may no
longer actually *be* a digest.

https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?h=keys-pqc&id=f728074f1f577565c97e465652c3d4afb0964013

diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 348966ea2175c9..2326743310b1ee 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -593,10 +593,10 @@ static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
{
struct public_key_signature sig = {
.s_size = params->in2_len,
- .digest_size = params->in_len,
+ .m_size = params->in_len,
.encoding = params->encoding,
.hash_algo = params->hash_algo,
- .digest = (void *)in,
+ .m = (void *)in,
.s = (void *)in2,
};
pkcs7: Allow the signing algo to do whatever digestion it wants itself - kernel/git/dhowells/linux-fs.git - VFS and Filesystem bits

Show threadd@nny disc@ mc²5d ago
i'm gonna have to send an email. this is accepted in 7.0 rc and on my laptop because i pulled master
Show threadd@nny disc@ mc²5d ago
reading the nist doc first. you will never guess that it says "strongly unforgeable" without citation and with no glossary entry. looking it up and "strongly unforgeable" appears to be strictly a thing for module-learning with errors lattice
Show threadd@nny disc@ mc²5d ago

https://eprint.iacr.org/2010/070.pdf

Our construction offers the same efficiency as the “bonsai tree” scheme but supports the stronger notion of strong unforgeability.

hmmmmm sounds fascist

Show threadd@nny disc@ mc²5d ago
bonsai tree definitely sounds tougher. you know they don't choose specially cultured trees for those? that's a real tree and it was made tough and beautiful
Show threadd@nny disc@ mc²5d ago

Over the past several years, there has been steady progress toward building quantum computers. The
security of many commonly used public-key cryptosystems will be at risk if large-scale quantum computers
are ever realized. This would include key-establishment schemes and digital signatures that are based on
integer factorization and discrete logarithms (both over finite fields and elliptic curves).

with you

As a result, in 2016, NIST

you've lost me there

Show threadd@nny disc@ mc²5d ago

choose a normal fucking name what's wrong with you

ML-DSA is derived from one of the selected schemes, CRYSTALS-DILITHIUM [5, 6]

Show threadd@nny disc@ mc²5d ago

well into the foreseeable future, including after the advent of cryptographically relevant quantum computers.

"cryptographically relevant" makes no fucking sense. 25. cmon. a horse can be trained to factor 25

Show threadd@nny disc@ mc²5d ago

destroy:
An action applied to a key or a piece of secret data. After a key or a piece of
secret data is destroyed, no information about its value can be recovered.

Show threadd@nny disc@ mc²5d ago
the definition of digital signature is complete word salad
Show threadd@nny disc@ mc²5d ago

The result of a cryptographic transformation of data that, when properly implemented, provides a mechanism to verify origin authenticity and data integrity and to enforce signatory non-repudiation.

"when properly implemented". psh yeah you can do cryptographic transformation of data, but can you provide a mechanism to verify origin authenticity and data integrity and to enforce signatory non-repudiation?????

Show threadNosirrahSec 🏴‍☠️ guillotine enthusiast4d ago
@hipsterelectron that's not how people that know what they're doing speak.
Show threadd@nny disc@ mc²
@NosirrahSec it's INSANE to see the FUCKING CRYPTOGRAPHIC STANDARDS BODY say that. it's WILDLY unprofessional and indicates oh yeah maybe they did succeed in removing the few career staff
Mar 22 at 4:03pmWeb