RSA signature verification

RSA signature verification

[Dmitry Kasatkin]

Hi Herbert,

I work on kernel RSA verification for IMA/EVM.

Currently I have a patch which provides "direct" API like ksign_verify()
to get signature verified.
I was thinking about doing it via crypto interface as usual but for now
I have done it directly.
I have found some very old (5y) patches where someone tried to have it
as kind of hash API.
update(), update(), final...

As RSA, in contrast to hash, has like sign/verify operations.
For the kernel there is only verify.

Snippet from the code:

-----------------------------------------------------------------------
    desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
               GFP_KERNEL);
    if (!desc)
        goto err;

    desc->tfm = shash;
    desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;

    crypto_shash_init(desc);
    crypto_shash_update(desc, digest, digestlen);
    crypto_shash_update(desc, sig, sizeof(*sh));
    crypto_shash_final(desc, h);

    kfree(desc);

    /* pass signature mpis address */
    err = ksign_verify_rsa(key, sig + sizeof(*sh), siglen - sizeof(*sh),
                 h, sizeof(h));

-----------------------------------------------------------------------

So hash is calculated which is then verified against
signature.

Do you think it make sense to have it as a crypto "algo"
What kind of API you would have in mind?

Thanks,
Dmitry

Re: RSA signature verification

[Herbert Xu]

On Mon, Mar 21, 2011 at 04:04:41PM +0200, Dmitry Kasatkin wrote:
>
> Do you think it make sense to have it as a crypto "algo"
> What kind of API you would have in mind?

So the obvious question is who will use this functionality in
the kernel? If the only use is going to be in user-space, then
the next question is are you doing this for hardware enablement.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: RSA signature verification

[Dmitry Kasatkin]

Hi,

As I have said in my email that it will be used by IMA/EVM subsystem.
See security/integrity subdirectory in Linux kernel...

Indeed, use of HW accelerator is also on of the targets...

- Dmitry



On 21/03/11 16:06, ext Herbert Xu wrote:
> On Mon, Mar 21, 2011 at 04:04:41PM +0200, Dmitry Kasatkin wrote:
>> Do you think it make sense to have it as a crypto "algo"
>> What kind of API you would have in mind?
> So the obvious question is who will use this functionality in
> the kernel? If the only use is going to be in user-space, then
> the next question is are you doing this for hardware enablement.
>
> Cheers,

Re: RSA signature verification

[Dmitry Kasatkin]

To elaborate a bit.

Signing of some has is usually done instead of signing some input data
directly.
For that reason signature verification is basically a combination of
hash calculation with signature verification...
The issue here is that different padding schemes can be applied to the
has before it is signed.
So after RSA decryption, de-padding has to be done, before comparing
result to the calculated hash.

- Dmitry



On 22/03/11 08:59, Dmitry Kasatkin wrote:
> Hi,
>
> As I have said in my email that it will be used by IMA/EVM subsystem.
> See security/integrity subdirectory in Linux kernel...
>
> Indeed, use of HW accelerator is also on of the targets...
>
> - Dmitry
>
>
>
> On 21/03/11 16:06, ext Herbert Xu wrote:
>> On Mon, Mar 21, 2011 at 04:04:41PM +0200, Dmitry Kasatkin wrote:
>>> Do you think it make sense to have it as a crypto "algo"
>>> What kind of API you would have in mind?
>> So the obvious question is who will use this functionality in
>> the kernel? If the only use is going to be in user-space, then
>> the next question is are you doing this for hardware enablement.
>>
>> Cheers,

Re: RSA signature verification

[Herbert Xu]

On Tue, Mar 22, 2011 at 08:59:56AM +0200, Dmitry Kasatkin wrote:
> 
> As I have said in my email that it will be used by IMA/EVM subsystem.
> See security/integrity subdirectory in Linux kernel...

Has the use of software asymmetric crypto in the kernel been
accepted for that purpose?

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: RSA signature verification

[Dmitry Kasatkin]

Hi,

Accepted by whom?
We extend functionality of Integrity subsystem in order to support
flashable images which can be verified with public keys...

- Dmitry

On 22/03/11 09:34, ext Herbert Xu wrote:
> On Tue, Mar 22, 2011 at 08:59:56AM +0200, Dmitry Kasatkin wrote:
>> As I have said in my email that it will be used by IMA/EVM subsystem.
>> See security/integrity subdirectory in Linux kernel...
> Has the use of software asymmetric crypto in the kernel been
> accepted for that purpose?
>
> Thanks,

Re: RSA signature verification

[Herbert Xu]

On Tue, Mar 22, 2011 at 10:57:55AM +0200, Dmitry Kasatkin wrote:
> Hi,
> 
> Accepted by whom?
> We extend functionality of Integrity subsystem in order to support
> flashable images which can be verified with public keys...

Whoever that's going to merge the use-case for this :)

I'm not adding a whole new API unless we have a solid in-kernel
user or we're doing this for hardware enablement.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt