Re: [PATCH v5 1/2] certs: Move RSA self-test data to separate file

["Jarkko Sakkinen" <jarkko@kernel.org>]

On Tue May 14, 2024 at 5:36 AM EEST, Joachim Vandersmissen wrote:
> On 5/13/24 3:26 PM, Jarkko Sakkinen wrote:
> > On Mon May 13, 2024 at 7:55 AM EEST, Joachim Vandersmissen wrote:
> >> +	pkcs7 = pkcs7_parse_message(sig, sig_len);
> >> +	if (IS_ERR(pkcs7))
> >> +		panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret);
> > Off-topic: wondering if Linux had similar helpers for PKCS#1 padding
> > (and if not, are they difficult to add)?
> PKCS#7 here refers to the message container format, rather than the 
> padding. Internally, the PKCS#1 v1.5 padding scheme will be used (see 
> software_key_determine_akcipher). Unless you are referring to PSS 
> padding (also defined in PKCS#1)?

I think it should be PCKS#1 v1.5 padding as described in RFC 8017 [1]
but just for doing step 5:

https://www.rfc-editor.org/rfc/rfc8017#section-9.2.

This is for refreshing this old patch:

https://lore.kernel.org/all/20200518172704.29608-18-prestwoj@gmail.com/

I asked James if he could refresh it and one of the remarks was that
there is duplicate snippets with:

https://elixir.bootlin.com/linux/v6.9-rc6/source/crypto/rsa-pkcs1pad.c

But now that I look at this padding is not the issue here, but it is
the duplicate digest_info instances.

James has this construct in the old patch:

static const struct asn1_template {
	const char	*name;
	const u8	*data;
	size_t		size;
} asn1_templates[] = {
#define _(X) { #X, digest_info_##X, sizeof(digest_info_##X) }
	_(md5),
	_(sha1),
	_(rmd160),
	_(sha256),
	_(sha384),
	_(sha512),
	_(sha224),
	{ NULL }
#undef _
};

static const struct asn1_template *lookup_asn1(const char *name)
{
	const struct asn1_template *p;

	for (p = asn1_templates; p->name; p++)
		if (strcmp(name, p->name) = 0)
			return p;
	return NULL;
}

Looking at this the very first thing I spot is that the last field
is redundant so let's scrape that away. I neither get why use u8*
instead of struct digest_info * so let's switch to that.

So with those substitutions, renaming and a bit of polishing (but
not yet compiling ;-)) this what I end up with:

static const struct digest_info_mapping {
	char *name;
	struct digest_info *info;
} digest_info_map[] = {
#define _(X) { #X, digest_info_##X, }
	_(md5),
	_(sha1),
	_(rmd160),
	_(sha256),
	_(sha384),
	_(sha512),
	_(sha224),
	{ NULL }
#undef _
};

/**
 * find_digest_info() - Find digest info by the hash name
 * @name:	hash name
 *
 * Returns the digest info on success, and NULL on failure.
 *
struct digest_info *find_digest_info(const char *name)
{
	struct digest_info *mapping;
	int i;

	for (i = 0; digest_info_map[i] != NULL; i++) {
		mapping = digest_info_map[i];
	
		if (!strcmp(name, mapping->name))
			return mapping->info;
	}

	return NULL;
}
EXPORT_SYMBOL_GPL(find_digest_info);

The instances live in rsa-pcks1pad.c so it is the most trivial
place to add this.

BR, Jarkko