From: Anshuman Gupta <anshuman.gupta@intel.com>
To: Stephan Mueller <smueller@chronox.de>
Cc: linux-crypto@vger.kernel.org
Subject: Re: [Query] RSA SHA-384 signature verification
Date: Wed, 17 Jun 2020 15:39:16 +0530 [thread overview]
Message-ID: <20200617100916.GL14085@intel.com> (raw)
In-Reply-To: <13970611.Hd4P73xESc@tauon.chronox.de>
On 2020-06-16 at 07:03:28 +0200, Stephan Mueller wrote:
> Am Dienstag, 16. Juni 2020, 05:56:04 CEST schrieb Anshuman Gupta:
>
> Hi Anshuman,
>
> > On 2020-06-15 at 21:25:58 +0200, Stephan Mueller wrote:
> > > Am Montag, 15. Juni 2020, 19:04:14 CEST schrieb Anshuman Gupta:
> > >
> > > Hi Anshuman,
> > >
> > > > Hi ,
> > > > I wanted to verify a RSA SHA-384 signature.
> > > > I am using crypto_alloc_shash(), crypto_shash_digest() API to extract
> > > > the SHA-384 digest.
> > > > I am having public key along with the sha-384 digest extracted from raw
> > > > data and signature. AFAIU understand from crypto documentation that i
> > > > need to verify the signature by importing public key to
> > > > akcipher/skcipher API. Here i am not sure which cipher API to prefer
> > > > symmetric key cipher or asymmetric key cipher API.
> > > >
> > > > There are two types of API to import the key.
> > > > crypto_skcipher_setkey()
> > > > crypto_akcipher_set_pub_key()
> > > >
> > > > Also i am not sure exactly which algo to use for RSA-SHA384 signature
> > > > verification.
> > > >
> > > > Any help or inputs from crypto community will highly appreciated.
> > >
> > > akcipher: asymmetric key crypto
> > >
> > > skcipher: symmetric key crypto
> >
> > Many thanks for your input, based upon your inputs i should use
> > akcipher.
> > Actually tried to grep crypto_akcipher_set_pub_key() but there are not any
> > usages of this API in Linux drivers.
> > What is the preferred method to verify a RSA signature inside any Linux
> > GPL driver, is there any standard interface API to verify RSA signature
> > by importing input of raw data and public key or else
> > it is recommended method to use below set low level of API
> > crypto_alloc_akcipher(), akcipher_request_alloc(),
> > akcipher_request_set_crypt(), crypto_akcipher_verify().
>
> You can use that API directly or you can go through the intermediary of the
> crypto/asymmetric_keys API. One use case is the kernel signature verification
> as implemented in kernel/module_signing.c
Thanks Stephan :)
>
> > Thanks,
> > Anshuman.
> >
> > > > Thanks ,
> > > > Anshuman Gupta.
> > >
> > > Ciao
> > > Stephan
>
>
> Ciao
> Stephan
>
>
prev parent reply other threads:[~2020-06-17 10:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-15 17:04 [Query] RSA SHA-384 signature verification Anshuman Gupta
2020-06-15 19:25 ` Stephan Mueller
2020-06-16 3:56 ` Anshuman Gupta
2020-06-16 5:03 ` Stephan Mueller
2020-06-17 10:09 ` Anshuman Gupta [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200617100916.GL14085@intel.com \
--to=anshuman.gupta@intel.com \
--cc=linux-crypto@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.