From: Anshuman Gupta <anshuman.gupta@intel.com>
To: Stephan Mueller <smueller@chronox.de>
Cc: linux-crypto@vger.kernel.org
Subject: Re: [Query] RSA SHA-384 signature verification
Date: Wed, 17 Jun 2020 15:39:16 +0530 [thread overview]
Message-ID: <20200617100916.GL14085@intel.com> (raw)
In-Reply-To: <13970611.Hd4P73xESc@tauon.chronox.de>
On 2020-06-16 at 07:03:28 +0200, Stephan Mueller wrote:
> Am Dienstag, 16. Juni 2020, 05:56:04 CEST schrieb Anshuman Gupta:
>
> Hi Anshuman,
>
> > On 2020-06-15 at 21:25:58 +0200, Stephan Mueller wrote:
> > > Am Montag, 15. Juni 2020, 19:04:14 CEST schrieb Anshuman Gupta:
> > >
> > > Hi Anshuman,
> > >
> > > > Hi ,
> > > > I wanted to verify a RSA SHA-384 signature.
> > > > I am using crypto_alloc_shash(), crypto_shash_digest() API to extract
> > > > the SHA-384 digest.
> > > > I am having public key along with the sha-384 digest extracted from raw
> > > > data and signature. AFAIU understand from crypto documentation that i
> > > > need to verify the signature by importing public key to
> > > > akcipher/skcipher API. Here i am not sure which cipher API to prefer
> > > > symmetric key cipher or asymmetric key cipher API.
> > > >
> > > > There are two types of API to import the key.
> > > > crypto_skcipher_setkey()
> > > > crypto_akcipher_set_pub_key()
> > > >
> > > > Also i am not sure exactly which algo to use for RSA-SHA384 signature
> > > > verification.
> > > >
> > > > Any help or inputs from crypto community will highly appreciated.
> > >
> > > akcipher: asymmetric key crypto
> > >
> > > skcipher: symmetric key crypto
> >
> > Many thanks for your input, based upon your inputs i should use
> > akcipher.
> > Actually tried to grep crypto_akcipher_set_pub_key() but there are not any
> > usages of this API in Linux drivers.
> > What is the preferred method to verify a RSA signature inside any Linux
> > GPL driver, is there any standard interface API to verify RSA signature
> > by importing input of raw data and public key or else
> > it is recommended method to use below set low level of API
> > crypto_alloc_akcipher(), akcipher_request_alloc(),
> > akcipher_request_set_crypt(), crypto_akcipher_verify().
>
> You can use that API directly or you can go through the intermediary of the
> crypto/asymmetric_keys API. One use case is the kernel signature verification
> as implemented in kernel/module_signing.c
Thanks Stephan :)
>
> > Thanks,
> > Anshuman.
> >
> > > > Thanks ,
> > > > Anshuman Gupta.
> > >
> > > Ciao
> > > Stephan
>
>
> Ciao
> Stephan
>
>
prev parent reply other threads:[~2020-06-17 10:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-15 17:04 [Query] RSA SHA-384 signature verification Anshuman Gupta
2020-06-15 19:25 ` Stephan Mueller
2020-06-16 3:56 ` Anshuman Gupta
2020-06-16 5:03 ` Stephan Mueller
2020-06-17 10:09 ` Anshuman Gupta [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200617100916.GL14085@intel.com \
--to=anshuman.gupta@intel.com \
--cc=linux-crypto@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).