public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed
From: David Howells <dhowells@redhat.com>
To: Ignat Korchagin <ignat@cloudflare.com>
Cc: dhowells@redhat.com, Lukas Wunner <lukas@wunner.de>,
	Jarkko Sakkinen <jarkko@kernel.org>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Eric Biggers <ebiggers@kernel.org>,
	Luis Chamberlain <mcgrof@kernel.org>,
	Petr Pavlu <petr.pavlu@suse.com>,
	Daniel Gomez <da.gomez@kernel.org>,
	Sami Tolvanen <samitolvanen@google.com>,
	"Jason A . Donenfeld" <Jason@zx2c4.com>,
	Ard Biesheuvel <ardb@kernel.org>,
	Stephan Mueller <smueller@chronox.de>,
	linux-crypto@vger.kernel.org, keyrings@vger.kernel.org,
	linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v11 2/8] pkcs7: Allow the signing algo to calculate the digest itself
Date: Thu, 08 Jan 2026 12:59:21 +0000	[thread overview]
Message-ID: <2727729.1767877161@warthog.procyon.org.uk> (raw)
In-Reply-To: <2366240.1767794004@warthog.procyon.org.uk>

David Howells <dhowells@redhat.com> wrote:

> Also, we probably don't actually need to copy the authattrs, just retain a
> pointer into the source buffer and the length since we don't intend to keep
> the digest around beyond the verification procedure.  So I might be able to
> get away with just a flag saying I don't need to free it.

Actually, we probably do need to copy it.  The problem is that we have to
modify the tag on the authenticatedAttributes (PKCS#7)/signedAttrs (CMS) blob
before we digest it, e.g. in pkcs7_digest():

	memcpy(sig->digest, sinfo->authattrs, sinfo->authattrs_len);
	((u8 *)sig->digest)[0] = ASN1_CONS_BIT | ASN1_SET;

as specified in RFC9882 and other places:

	3.2.  Signature Generation and Verification
	...
	When signed attributes are included, ML-DSA (pure mode) signatures are
	computed over the complete DER encoding of the SignedAttrs value
	contained in the SignerInfo's signedAttrs field.  As described in
	Section 5.4 of [RFC5652], this encoding includes the tag and length
	octets, but an EXPLICIT SET OF tag is used rather than the IMPLICIT
	[0] tag that appears in the final message. ...

We might be able to get away with modifying it in place - but I don't know
that that's true for all users.

David


  parent reply	other threads:[~2026-01-08 12:59 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-05 15:21 [PATCH v11 0/8] x509, pkcs7, crypto: Add ML-DSA and RSASSA-PSS signing David Howells
2026-01-05 15:21 ` [PATCH v11 1/8] crypto: Add ML-DSA crypto_sig support David Howells
2026-01-05 15:21 ` [PATCH v11 2/8] pkcs7: Allow the signing algo to calculate the digest itself David Howells
2026-01-05 20:19   ` Ignat Korchagin
2026-01-07 13:53     ` David Howells
2026-01-07 13:59       ` Ignat Korchagin
2026-01-08 12:59       ` David Howells [this message]
2026-01-05 15:21 ` [PATCH v11 3/8] pkcs7, x509: Add ML-DSA support David Howells
2026-01-06  8:02   ` Eric Biggers
2026-01-06  8:22     ` Eric Biggers
2026-01-06  9:37     ` David Howells
2026-01-08 14:38     ` David Howells
2026-01-05 15:21 ` [PATCH v11 4/8] modsign: Enable ML-DSA module signing David Howells
2026-01-06  8:10   ` Eric Biggers
2026-01-05 15:21 ` [PATCH v11 5/8] crypto: Add supplementary info param to asymmetric key signature verification David Howells
2026-01-07 14:23   ` Ignat Korchagin
2026-01-05 15:21 ` [PATCH v11 6/8] crypto: Add RSASSA-PSS support David Howells
2026-01-07 16:24   ` Ignat Korchagin
2026-01-08 11:29     ` David Howells
2026-01-08 13:15   ` Jarkko Sakkinen
2026-01-08 14:39     ` David Howells
2026-01-05 15:21 ` [PATCH v11 7/8] pkcs7, x509: " David Howells
2026-01-07 16:36   ` Ignat Korchagin
2026-01-08 11:53     ` David Howells
2026-01-05 15:21 ` [PATCH v11 8/8] modsign: Enable RSASSA-PSS module signing David Howells
2026-01-07 16:38   ` Ignat Korchagin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2727729.1767877161@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=Jason@zx2c4.com \
    --cc=ardb@kernel.org \
    --cc=da.gomez@kernel.org \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=ignat@cloudflare.com \
    --cc=jarkko@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-modules@vger.kernel.org \
    --cc=lukas@wunner.de \
    --cc=mcgrof@kernel.org \
    --cc=petr.pavlu@suse.com \
    --cc=samitolvanen@google.com \
    --cc=smueller@chronox.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox