From: "herberthbli(李弘博)" <herberthbli@tencent.com>
To: Jarkko Sakkinen <jarkko@kernel.org>,
Hongbo Li <herbert.tencent@gmail.com>
Cc: "keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"zohar@linux.ibm.com" <zohar@linux.ibm.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>
Subject: Re: [PATCH 0/5] crypto: add rsa pss support for x509(Internet mail)
Date: Wed, 7 Apr 2021 08:54:39 +0000 [thread overview]
Message-ID: <0115cbd5a3154e8d868e98d564eba997@tencent.com> (raw)
In-Reply-To: YG1vakmzanwPGsvU@kernel.org
在 2021/4/7 16:38, Jarkko Sakkinen 写道:
> On Tue, Apr 06, 2021 at 09:11:21PM +0800, Hongbo Li wrote:
>> From: Hongbo Li <herberthbli@tencent.com>
>>
>> This series of patches adds support for x509 cert signed by RSA
>> with PSS encoding method. RSA PSS is described in rfc8017.
> Please also briefly describe it here AND also provide link to the
> RFC. In the way this currently is, it is too time consuming to
> review the patch set.
>
> /Jarkko
Thanks, will add that in the following patches.
>> This series of patches adds support for x509 cert signed by RSA
>> with PSS encoding method. RSA PSS is described in rfc8017.
>>
>> Patch1 make x509 support rsa pss algo and parse hash parameter.
>>
>> Patch2 add rsa pss template.
>>
>> Patch3 add test vector for rsa pss.
>>
>> Patch4 is the ecdsa ima patch borrowed from Stefan Berge's ecdsa
>> patch series, rsa-pss's ima patch is made on top of this patch.
>>
>> Patch5 is the rsa-pss's ima patch.
>>
>> Test by the following script, it tests different saltlen, hash, mgfhash.
>>
>> keyctl newring test @u
>>
>> while :; do
>> for modbits in 1024 2048 4096; do
>> if [ $modbits -eq 1024 ]; then
>> saltlen=(-1 -2 0 20 32 48 64 94)
>> elif [ $modbits -eq 2048 ]; then
>> saltlen=(-1 -2 0 20 32 48 64 222)
>> else
>> saltlen=(-1 -2 0 20 32 48 64 478)
>> fi
>>
>> for slen in ${saltlen[@]}; do
>> for hash in sha1 sha224 sha256 sha384 sha512; do
>> for mgfhash in sha1 sha224 sha256 sha384 sha512; do
>> certfile="cert.der"
>> echo slen $slen
>> openssl req \
>> -x509 \
>> -${hash} \
>> -newkey rsa:$modbits \
>> -keyout key.pem \
>> -days 365 \
>> -subj '/CN=test' \
>> -nodes \
>> -sigopt rsa_padding_mode:pss \
>> -sigopt rsa_mgf1_md:$mgfhash \
>> -sigopt rsa_pss_saltlen:${slen} \
>> -outform der \
>> -out ${certfile} 2>/dev/null
>>
>> exp=0
>> id=$(keyctl padd asymmetric testkey %keyring:test < "${certfile}")
>> rc=$?
>> if [ $rc -ne $exp ]; then
>> case "$exp" in
>> 0) echo "Error: Could not load rsa-pss certificate!";;
>> esac
>> echo "modbits $modbits sha: $hash mgfhash $mgfhash saltlen: $slen"
>> exit 1
>> else
>> case "$rc" in
>> 0) echo "load cert: keyid: $id modbits $modbits hash: $hash mgfhash $mgfhash saltlen $slen"
>> esac
>> fi
>> done
>> done
>> done
>> done
>> done
>>
>> Hongbo Li (5):
>> x509: add support for rsa-pss
>> crypto: support rsa-pss encoding
>> crypto: add rsa pss test vector
>> crypto: ecdsa ima support
>> ima: add support for rsa pss verification
>>
>> crypto/Makefile | 7 +-
>> crypto/asymmetric_keys/Makefile | 7 +-
>> crypto/asymmetric_keys/public_key.c | 5 ++
>> crypto/asymmetric_keys/x509_cert_parser.c | 71 ++++++++++++++++-
>> crypto/rsa.c | 14 ++--
>> crypto/rsa_helper.c | 127 ++++++++++++++++++++++++++++++
>> crypto/testmgr.c | 7 ++
>> crypto/testmgr.h | 87 ++++++++++++++++++++
>> include/crypto/internal/rsa.h | 25 +++++-
>> include/keys/asymmetric-type.h | 6 ++
>> include/linux/oid_registry.h | 2 +
>> security/integrity/digsig_asymmetric.c | 34 ++++----
>> 12 files changed, 363 insertions(+), 29 deletions(-)
>>
>> --
>> 1.8.3.1
>>
>>
>
prev parent reply other threads:[~2021-04-07 9:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-06 13:11 [PATCH 0/5] crypto: add rsa pss support for x509 Hongbo Li
2021-04-06 13:11 ` [PATCH 1/5] x509: add support for rsa-pss Hongbo Li
2021-04-06 16:06 ` kernel test robot
2021-04-06 13:11 ` [PATCH 2/5] crypto: support rsa-pss encoding Hongbo Li
2021-04-06 17:23 ` kernel test robot
2021-04-06 13:11 ` [PATCH 3/5] crypto: add rsa pss test vector Hongbo Li
2021-04-06 13:11 ` [PATCH 4/5] crypto: ecdsa ima support Hongbo Li
2021-04-06 13:11 ` [PATCH 5/5] ima: add support for rsa pss verification Hongbo Li
2021-04-07 8:38 ` [PATCH 0/5] crypto: add rsa pss support for x509 Jarkko Sakkinen
2021-04-07 8:54 ` herberthbli(李弘博) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0115cbd5a3154e8d868e98d564eba997@tencent.com \
--to=herberthbli@tencent.com \
--cc=dhowells@redhat.com \
--cc=herbert.tencent@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).