1
[2] https://github.com/varadgautam/kernel/tree/rsassa-psspad
[3] https://github.com/google/wycheproof/blob/master/testvectors/
[4]
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures#rsavs
[5] https://github.com/varadgautam/keyctl-rsa-tests
Varad G
different from the hash function used for signature generation,
although this is allowed in RFC8017.
References: https://tools.ietf.org/html/rfc8017#appendix-C
Signed-off-by: Varad Gautam
---
crypto/asymmetric_keys/Makefile | 5 +-
crypto/asymmetric_keys/x509_cert_parser.c | 152
The existing RSA implementation supports PKCSv1.5 style signature
paddings via rsa-pkcs1pad. A lot of the functionality implemented
for rsa-pkcs1pad can be reused across other RSA padding schemes.
Rename such functions as rsapad_* before moving them out of
rsa-pkcs1pad.c.
Signed-off-by: Varad
which can be reused by other signature padding schemes as
rsapad_akcipher_create. This will be moved out of rsa-pkcs1pad.c to
be used across rsa-*pad implementations.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 48 ++-
1 file changed, 34
Use generic naming to share with other padding scheme implementations.
These will be moved out of rsa-pkcs1pad.c.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 62 +--
1 file changed, 31 insertions(+), 31 deletions(-)
diff --git a/crypto/rsa
Pull out more common code from rsa-pkcs1pad into rsa-common.
Signed-off-by: Varad Gautam
---
crypto/rsa-common.c | 31 +++
crypto/rsa-pkcs1pad.c| 32
include/crypto/internal/rsa-common.h | 9
3 files
pkcs1pad operations to use
these.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 106 +++---
1 file changed, 49 insertions(+), 57 deletions(-)
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 849573f6b44b..6329c79316d2 100644
--- a/crypto/rsa
Move out helpers from rsa-pkcs1pad.c which will be shared across
rsa-*pad implementations.
Signed-off-by: Varad Gautam
---
crypto/Makefile | 1 +
crypto/rsa-common.c | 76 ++
crypto/rsa-pkcs1pad.c| 97
Add a crypto_template for rsa-psspad, hidden behind
CONFIG_CRYPTO_RSASSA_PSS. Set the sign/verify/encrypt/decrypt
operations to return -EOPNOTSUPP, to be implemented in the future
Signed-off-by: Varad Gautam
---
crypto/Kconfig| 6 ++
crypto/Makefile | 1
Move helpers for setting public/private keys, RSA akcipher
instance setup, keysize querying etc. to rsa-common.c.
Signed-off-by: Varad Gautam
---
crypto/rsa-common.c | 183 +++
crypto/rsa-pkcs1pad.c| 183
definition to rsa.h to help RSA
sub-implementations query the MPI values.
Signed-off-by: Varad Gautam
---
crypto/rsa.c | 6 --
include/crypto/internal/rsa.h | 7 +++
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 4cdbec95d077
RSASSA-PSS verify operation needs to compute digests for its
Mask Generation Function (MGF1), and for digest comparison.
Add helpers to populate a crypto_shash and desc for use in both cases.
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 24
1 file changed, 24
Implement akcipher_alg->set_sig_params for rsassa-psspad to receive the
salt length for the signature being verified.
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 20 +++-
include/crypto/internal/rsa-common.h | 1 +
2 files changed, 20 insertions(+)
For certain signature encoding schemes (eg. RSASSA-PSS), the
verify/sign operation behavior depends on information contained in
the signature blob. Allow passing this down to the crypto_template by
introducing a crypto_akcipher_set_sig_params() call.
Signed-off-by: Varad Gautam
---
crypto/rsa
Accept pss encoding for public_key_verify_signature. If
CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will
fail to find a pss backend anyway.
Signed-off-by: Varad Gautam
---
crypto/asymmetric_keys/public_key.c | 18 +-
1 file changed, 13 insertions(+), 5 deletions
: Varad Gautam
---
crypto/rsa-psspad.c | 107 +++-
1 file changed, 106 insertions(+), 1 deletion(-)
diff --git a/crypto/rsa-psspad.c b/crypto/rsa-psspad.c
index 1ca17b8b93f2..2ce750c5a23f 100644
--- a/crypto/rsa-psspad.c
+++ b/crypto/rsa-psspad.c
@@ -8,6 +8,7
signing/verification process with
encoding RSASSA-PSS.
Reference: https://tools.ietf.org/html/rfc8017#appendix-B.2.1
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 54 +
1 file changed, 54 insertions(+)
diff --git a/crypto/rsa-psspad.c b/crypt
keyctl pkey_* operations accept enc and hash parameters at present.
RSASSA-PSS signatures also require passing in the signature salt
length.
Add another parameter 'slen' to feed in salt length of a PSS
signature.
Signed-off-by: Varad Gautam
---
crypto/asymmetric_keys/asymmetric_
Trigger RSA transform on the signature being verified from
psspad_verify, to produce intermediary data which will be handled
in the psspad_verify_complete callback.
Reference: https://tools.ietf.org/html/rfc8017#section-8.1.2
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 53
On 4/1/21 3:09 AM, Herbert Xu wrote:
> On Tue, Mar 30, 2021 at 10:28:12PM +0200, Varad Gautam wrote:
>> An X.509 wrapper for a RSASSA-PSS signature contains additional
>> signature parameters over the PKCSv.15 encoding scheme. Extend the
>> x509 parser to allow parsi
.@gmail.com/
[3]
https://patchwork.kernel.org/project/linux-crypto/patch/20210330202829.4825-2-varad.gau...@suse.com/
[4]
https://patchwork.kernel.org/project/linux-crypto/patch/1617802906-30513-4-git-send-email-herbert.tenc...@gmail.com/
Regards,
Varad
> Best regards
>
> Hongbo
>
> Va
[7] https://github.com/varadgautam/kernel/tree/rsassa-psspad
Varad Gautam (18):
X.509: Parse RSASSA-PSS style certificates
crypto: rsa-pkcs1pad: Rename pkcs1pad-specific functions to rsapad
crypto: rsa-pkcs1pad: Extract pkcs1pad_create into a generic helper
crypto: rsa-pkcs1pad: Pull out
-off-by: Varad Gautam
---
v2: Remove check to reject certificates with differing mgf hash and digest
hash algorithms from x509_note_pkey_algo.
crypto/asymmetric_keys/Makefile | 5 +-
crypto/asymmetric_keys/x509_cert_parser.c | 148 ++
crypto/asymmetric_keys
which can be reused by other signature padding schemes as
rsapad_akcipher_create. This will be moved out of rsa-pkcs1pad.c to
be used across rsa-*pad implementations.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 48 ++-
1 file changed, 34
The existing RSA implementation supports PKCSv1.5 style signature
paddings via rsa-pkcs1pad. A lot of the functionality implemented
for rsa-pkcs1pad can be reused across other RSA padding schemes.
Rename such functions as rsapad_* before moving them out of
rsa-pkcs1pad.c.
Signed-off-by: Varad
pkcs1pad operations to use
these.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 106 +++---
1 file changed, 49 insertions(+), 57 deletions(-)
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 849573f6b44b3..6329c79316d24 100644
--- a/crypto
Use generic naming to share with other padding scheme implementations.
These will be moved out of rsa-pkcs1pad.c.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 62 +--
1 file changed, 31 insertions(+), 31 deletions(-)
diff --git a/crypto/rsa
Pull out more common code from rsa-pkcs1pad into rsa-common.
Signed-off-by: Varad Gautam
---
crypto/rsa-common.c | 31 +++
crypto/rsa-pkcs1pad.c| 32
include/crypto/internal/rsa-common.h | 9
3 files
Move out helpers from rsa-pkcs1pad.c which will be shared across
rsa-*pad implementations.
Signed-off-by: Varad Gautam
---
crypto/Makefile | 1 +
crypto/rsa-common.c | 76 ++
crypto/rsa-pkcs1pad.c| 97
For certain signature encoding schemes (eg. RSASSA-PSS), the
verify/sign operation behavior depends on information contained in
the signature blob. Allow passing this down to the crypto_template by
introducing a crypto_akcipher_set_sig_params() call.
Signed-off-by: Varad Gautam
---
crypto/rsa
Move helpers for setting public/private keys, RSA akcipher
instance setup, keysize querying etc. to rsa-common.c.
Signed-off-by: Varad Gautam
---
crypto/rsa-common.c | 183 +++
crypto/rsa-pkcs1pad.c| 183
definition to rsa.h to help RSA
sub-implementations query the MPI values.
Signed-off-by: Varad Gautam
---
crypto/rsa.c | 6 --
include/crypto/internal/rsa.h | 7 +++
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 4cdbec95d0779
Add a crypto_template for rsa-psspad, hidden behind
CONFIG_CRYPTO_RSASSA_PSS. Set the sign/verify/encrypt/decrypt
operations to return -EOPNOTSUPP, to be implemented in the future
Signed-off-by: Varad Gautam
---
crypto/Kconfig| 6 ++
crypto/Makefile | 1
: Varad Gautam
---
v2: Allow mgf_hash_algo to be different from digest hash algorithm.
crypto/rsa-psspad.c | 114 +++-
1 file changed, 113 insertions(+), 1 deletion(-)
diff --git a/crypto/rsa-psspad.c b/crypto/rsa-psspad.c
index 4ba4d69f6ce17..87e90479a4fa7
RSASSA-PSS verify operation needs to compute digests for its
Mask Generation Function (MGF1), and for digest comparison.
Add helpers to populate a crypto_shash and desc for use in both cases.
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 24
1 file changed, 24
Implement akcipher_alg->set_sig_params for rsassa-psspad to receive the
salt length and MGF hash function for the signature being verified.
Signed-off-by: Varad Gautam
---
v2: Set mgf_hash_algo in psspad_set_sig_params. v1 assumed this to be the same
as the digest hash.
crypto/rsa-psspa
Trigger RSA transform on the signature being verified from
psspad_verify, to produce intermediary data which will be handled
in the psspad_verify_complete callback.
Reference: https://tools.ietf.org/html/rfc8017#section-8.1.2
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 53
signing/verification process with
encoding RSASSA-PSS.
Reference: https://tools.ietf.org/html/rfc8017#appendix-B.2.1
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 54 +
1 file changed, 54 insertions(+)
diff --git a/crypto/rsa-psspad.c b/crypt
sed for MGF.
Signed-off-by: Varad Gautam
CC: Jarkko Sakkinen
---
v2: Accept 'mgfhash' as a parameter. v1 assumed this to be the same
as the digest hash.
crypto/asymmetric_keys/asymmetric_type.c | 2 ++
include/linux/keyctl.h | 2 ++
security/keys/k
Accept pss encoding for public_key_verify_signature. If
CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will
fail to find a pss backend anyway.
Signed-off-by: Varad Gautam
Acked-by: Jarkko Sakkinen
---
crypto/asymmetric_keys/public_key.c | 18 +-
1 file changed, 13
On 4/8/21 4:29 AM, hongbo li wrote:
> Hi Varad,
>
> Varad Gautam mailto:varad.gau...@suse.com>>
> 于2021年4月8日周四 上午5:20写道:
>>
>> Hi Hongbo,
>>
>> On 4/7/21 10:27 AM, hongbo li wrote:
>> > Hello Varad,
>> >
>> > I also made a
Hi,
On 3/9/21 10:10 AM, Lee, Chun-Yi wrote:
> This patch adds the logic for parsing the CodeSign extended key usage
> extension in X.509. The parsing result will be set to the eku flag
> which is carried by public key. It can be used in the PKCS#7
> verification.
>
> Signed-off-by: "Lee, Chun-Yi"
Hi Joey,
On 4/9/21 4:46 AM, Lee, Chun-Yi wrote:
> This patch adds the logic for checking the CodeSigning extended
> key usage when verifying signature of kernel module or
> kexec PE binary in PKCS#7.
>
> Signed-off-by: "Lee, Chun-Yi"
> ---
> certs/system_keyring.c | 2 +-
> crypt
The existing RSA implementation supports PKCSv1.5 style signature
paddings via rsa-pkcs1pad. A lot of the functionality implemented
for rsa-pkcs1pad can be reused across other RSA padding schemes.
Rename such functions as rsapad_* before moving them out of
rsa-pkcs1pad.c.
Signed-off-by: Varad
ital-signatures#rsavs
[5] https://github.com/varadgautam/keyctl-rsa-tests
Varad Gautam (18):
X.509: Parse RSASSA-PSS style certificates
crypto: rsa-pkcs1pad: Rename pkcs1pad-specific functions to rsapad
crypto: rsa-pkcs1pad: Extract pkcs1pad_create into a generic helper
crypto: rsa-pkcs1pad
which can be reused by other signature padding schemes as
rsapad_akcipher_create. This will be moved out of rsa-pkcs1pad.c to
be used across rsa-*pad implementations.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 48 ++-
1 file changed, 34
Use generic naming to share with other padding scheme implementations.
These will be moved out of rsa-pkcs1pad.c.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 62 +--
1 file changed, 31 insertions(+), 31 deletions(-)
diff --git a/crypto/rsa
Move out helpers from rsa-pkcs1pad.c which will be shared across
rsa-*pad implementations.
Signed-off-by: Varad Gautam
---
crypto/Makefile | 1 +
crypto/rsa-common.c | 76 ++
crypto/rsa-pkcs1pad.c| 97
Move helpers for setting public/private keys, RSA akcipher
instance setup, keysize querying etc. to rsa-common.c.
Signed-off-by: Varad Gautam
---
crypto/rsa-common.c | 183 +++
crypto/rsa-pkcs1pad.c| 183
-off-by: Varad Gautam
---
crypto/asymmetric_keys/Makefile | 5 +-
crypto/asymmetric_keys/x509_cert_parser.c | 148 ++
crypto/asymmetric_keys/x509_rsassa.asn1 | 17 +++
include/crypto/public_key.h | 4 +
include/linux/oid_registry.h
pkcs1pad operations to use
these.
Signed-off-by: Varad Gautam
---
crypto/rsa-pkcs1pad.c | 106 +++---
1 file changed, 49 insertions(+), 57 deletions(-)
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 849573f6b44b3..6329c79316d24 100644
--- a/crypto
Pull out more common code from rsa-pkcs1pad into rsa-common.
Signed-off-by: Varad Gautam
---
crypto/rsa-common.c | 31 +++
crypto/rsa-pkcs1pad.c| 32
include/crypto/internal/rsa-common.h | 9
3 files
signing/verification process with
encoding RSASSA-PSS.
Reference: https://tools.ietf.org/html/rfc8017#appendix-B.2.1
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 54 +
1 file changed, 54 insertions(+)
diff --git a/crypto/rsa-psspad.c b/crypt
Trigger RSA transform on the signature being verified from
psspad_verify, to produce intermediary data which will be handled
in the psspad_verify_complete callback.
Reference: https://tools.ietf.org/html/rfc8017#section-8.1.2
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 53
For certain signature encoding schemes (eg. RSASSA-PSS), the
verify/sign operation behavior depends on information contained in
the signature blob. Allow passing this down to the crypto_template by
introducing a crypto_akcipher_set_sig_params() call.
Signed-off-by: Varad Gautam
---
crypto/rsa
: Varad Gautam
---
crypto/rsa-psspad.c | 114 +++-
1 file changed, 113 insertions(+), 1 deletion(-)
diff --git a/crypto/rsa-psspad.c b/crypto/rsa-psspad.c
index 4e8525d89172d..c6f8fb43cb01e 100644
--- a/crypto/rsa-psspad.c
+++ b/crypto/rsa-psspad.c
@@ -8,6 +8,7
Accept pss encoding for public_key_verify_signature. If
CONFIG_CRYPTO_RSASSA_PSS is disabled, crypto_alloc_akcipher will
fail to find a pss backend anyway.
Signed-off-by: Varad Gautam
Acked-by: Jarkko Sakkinen
---
crypto/asymmetric_keys/public_key.c | 18 +-
1 file changed, 13
unction used for MGF.
Signed-off-by: Varad Gautam
CC: Jarkko Sakkinen
CC: Ben Boeckel
---
v3: Rename slen to saltlen, update Documentation/security/keys/core.rst.
Documentation/security/keys/core.rst | 14 +-
crypto/asymmetric_keys/asymmetric_type.c | 2 ++
include/linux/keyctl.h
On 4/9/21 4:15 PM, Ben Boeckel wrote:
> On Thu, Apr 08, 2021 at 16:15:16 +0200, Varad Gautam wrote:
>> keyctl pkey_* operations accept enc and hash parameters at present.
>> RSASSA-PSS signatures also require passing in the signature salt
>> length and the mgf hash function.
Hi David,
On 4/8/21 5:08 PM, David Howells wrote:
> Varad Gautam wrote:
>
>> The test harness is available at [5].
>
> Can you add this to the keyutils testsuite?
>
These are two separate things IMO - the keyutils tests test
for "the keyctl interface behaves a
Implement akcipher_alg->set_sig_params for rsassa-psspad to receive the
salt length and MGF hash function for the signature being verified.
Signed-off-by: Varad Gautam
---
crypto/rsa-psspad.c | 21 -
include/crypto/internal/rsa-common.h | 2 ++
2 fi
definition to rsa.h to help RSA
sub-implementations query the MPI values.
Signed-off-by: Varad Gautam
---
crypto/rsa.c | 6 --
include/crypto/internal/rsa.h | 7 +++
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 4cdbec95d0779
Add a crypto_template for rsa-psspad, hidden behind
CONFIG_CRYPTO_RSASSA_PSS. Set the sign/verify/encrypt/decrypt
operations to return -EOPNOTSUPP, to be implemented in the future
Signed-off-by: Varad Gautam
---
crypto/Kconfig| 6 ++
crypto/Makefile | 1
RSASSA-PSS verify operation needs to compute digests for its
Mask Generation Function (MGF1), and for digest comparison.
Add helpers to populate a crypto_shash and desc for use in both cases.
Signed-off-by: Varad Gautam
---
v3: Add psspad_check_hash_algo to only allow valid hash algorithms in
64 matches
Mail list logo
