From: joeyli <jlee@suse.com>
To: Phil Carmody <phil.carmody@partner.samsung.com>
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org,
linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org,
opensuse-kernel@opensuse.org, David Howells <dhowells@redhat.com>,
"Rafael J. Wysocki" <rjw@sisk.pl>,
Matthew Garrett <mjg59@srcf.uc>
Subject: Re: [PATCH V4 02/15] asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa
Date: Thu, 26 Sep 2013 15:08:30 +0800 [thread overview]
Message-ID: <1380179310.32302.58.camel@linux-s257.site> (raw)
In-Reply-To: <20130923164931.GD6772@samsung.com>
Hi Phil,
First! Thanks for your time to review my patch!
於 一,2013-09-23 於 19:49 +0300,Phil Carmody 提到:
> On Sun, Sep 15, 2013 at 08:56:48AM +0800, Lee, Chun-Yi wrote:
> > Implement EMSA_PKCS1-v1_5-ENCODE [RFC3447 sec 9.2] in rsa.c. It's the
> > first step of signature generation operation (RSASSA-PKCS1-v1_5-SIGN).
> >
> > This patch is temporary set emLen to pks->k, and temporary set EM to
> > pks->S for debugging. We will replace the above values to real signature
> > after implement RSASP1.
> >
> > The naming of EMSA_PKCS1_v1_5_ENCODE and the variables used in this function
> > accord PKCS#1 spec but not follow kernel naming convention, it useful when look
> > at them with spec.
> >
> > Reference: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1v2/pkcs1ietffinal.txt
> > Reference: http://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf
> >
> > V2:
>
> You're now at V4.
The V4 is for whole patchset, I didn't do any modify in this patch in
this version.
The version define maybe confuse between separate and whole patchset, I
will avoid it.
>
> > - Clean up naming of variable: replace _EM by EM, replace EM by EM_tmp.
> > - Add comment to EMSA_PKCS1-v1_5-ENCODE function.
> >
> > Cc: Pavel Machek <pavel@ucw.cz>
> > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > ---
> > crypto/asymmetric_keys/rsa.c | 163 +++++++++++++++++++++++++++++++++++++++++-
> > include/crypto/public_key.h | 2 +
> > 2 files changed, 164 insertions(+), 1 deletions(-)
> >
> > diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
> > index 47f3be4..352ba45 100644
> > --- a/crypto/asymmetric_keys/rsa.c
> > +++ b/crypto/asymmetric_keys/rsa.c
> > @@ -13,6 +13,7 @@
> > #include <linux/module.h>
> > #include <linux/kernel.h>
> > #include <linux/slab.h>
> > +#include <crypto/hash.h>
> > #include "public_key.h"
> > #include "private_key.h"
> >
> > @@ -152,6 +153,132 @@ static int RSA_I2OSP(MPI x, size_t xLen, u8 **_X)
> > }
> >
> > /*
> > + * EMSA_PKCS1-v1_5-ENCODE [RFC3447 sec 9.2]
> > + * @M: message to be signed, an octet string
> > + * @emLen: intended length in octets of the encoded message
> > + * @hash_algo: hash function (option)
> > + * @hash: true means hash M, otherwise M is already a digest
> > + * @EM: encoded message, an octet string of length emLen
> > + *
> > + * This function is a implementation of the EMSA-PKCS1-v1_5 encoding operation
> > + * in RSA PKCS#1 spec. It used by the signautre generation operation of
> > + * RSASSA-PKCS1-v1_5 to encode message M to encoded message EM.
> > + *
> > + * The variables used in this function accord PKCS#1 spec but not follow kernel
> > + * naming convention, it useful when look at them with spec.
> > + */
> > +static int EMSA_PKCS1_v1_5_ENCODE(const u8 *M, size_t emLen,
> > + enum pkey_hash_algo hash_algo, const bool hash,
> > + u8 **EM, struct public_key_signature *pks)
> > +{
> > + u8 *digest;
> > + struct crypto_shash *tfm;
> > + struct shash_desc *desc;
> > + size_t digest_size, desc_size;
> > + size_t tLen;
> > + u8 *T, *PS, *EM_tmp;
> > + int i, ret;
> > +
> > + pr_info("EMSA_PKCS1_v1_5_ENCODE start\n");
> > +
> > + if (!RSA_ASN1_templates[hash_algo].data)
> > + ret = -ENOTSUPP;
>
> ...
>
> > + else
> > + pks->pkey_hash_algo = hash_algo;
> > +
> > + /* 1) Apply the hash function to the message M to produce a hash value H */
> > + tfm = crypto_alloc_shash(pkey_hash_algo[hash_algo], 0, 0);
> > + if (IS_ERR(tfm))
> > + return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
> > +
> > + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
> > + digest_size = crypto_shash_digestsize(tfm);
> > +
> > + ret = -ENOMEM;
>
> The earlier "ret = -ENOTSUPP;" is either unused because you return at the IS_ERR,
> or unused because you overwrite it here. I'm a little disappointed that
> the compiler didn't recognise that something was assigned to a value that
> is never used.
>
> Phil
Yes, Dmitry also pointed out this issue, I should not go on the hash
process if the hash algorithm didn't support.
I will change fix this problem in next version.
Thanks a lot!
Joey Lee
next prev parent reply other threads:[~2013-09-26 7:08 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-15 0:56 [RFC V4 PATCH 00/15] Signature verification of hibernate snapshot Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 01/15] asymmetric keys: add interface and skeleton for implement signature generation Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 02/15] asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa Lee, Chun-Yi
2013-09-17 21:51 ` Dmitry Kasatkin
2013-09-18 9:08 ` joeyli
2013-09-17 22:29 ` Dmitry Kasatkin
2013-09-23 16:49 ` Phil Carmody
2013-09-26 7:08 ` joeyli [this message]
2013-09-15 0:56 ` [PATCH V4 03/15] asymmetric keys: separate the length checking of octet string from RSA_I2OSP Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 04/15] asymmetric keys: implement OS2IP in rsa Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 05/15] asymmetric keys: implement RSASP1 Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 06/15] asymmetric keys: support parsing PKCS #8 private key information Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 07/15] asymmetric keys: explicitly add the leading zero byte to encoded message Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 08/15] Hibernate: introduced RSA key-pair to verify signature of snapshot Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 09/15] Hibernate: generate and " Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH 10/15] Hibernate: Avoid S4 sign key data included in snapshot image Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 11/15] Hibernate: taint kernel when signature check fail Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 12/15] Hibernate: show the verification time for monitor performance Lee, Chun-Yi
2013-09-15 0:56 ` [PATCH V4 13/15] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm Lee, Chun-Yi
2013-09-18 13:45 ` Pavel Machek
2013-09-26 1:43 ` joeyli
2013-09-26 8:21 ` Pavel Machek
2013-09-15 0:57 ` [PATCH V4 14/15] Hibernate: notify bootloader regenerate key-pair for snapshot verification Lee, Chun-Yi
2013-09-15 0:57 ` [PATCH V4 15/15] Hibernate: adapt to UEFI secure boot with signature check Lee, Chun-Yi
2013-09-25 21:04 ` [RFC V4 PATCH 00/15] Signature verification of hibernate snapshot David Howells
2013-09-25 21:25 ` Alan Stern
2013-09-25 22:16 ` James Bottomley
2013-09-26 0:27 ` Pavel Machek
2013-09-26 2:32 ` James Bottomley
2013-09-26 6:24 ` Jiri Kosina
2013-09-26 14:44 ` James Bottomley
2013-09-26 14:48 ` Jiri Kosina
2013-09-26 14:56 ` Vojtech Pavlik
2013-09-26 4:40 ` joeyli
2013-09-26 1:11 ` Alan Stern
2013-09-26 2:19 ` joeyli
2013-09-26 10:43 ` joeyli
2013-09-26 12:06 ` Pavel Machek
2013-09-26 12:21 ` Michal Marek
2013-09-26 12:23 ` Vojtech Pavlik
2013-09-26 12:22 ` Vojtech Pavlik
2013-09-26 13:20 ` joeyli
2013-09-26 12:56 ` joeyli
2013-09-26 1:36 ` joeyli
2013-10-17 14:18 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1380179310.32302.58.camel@linux-s257.site \
--to=jlee@suse.com \
--cc=dhowells@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@srcf.uc \
--cc=opensuse-kernel@opensuse.org \
--cc=phil.carmody@partner.samsung.com \
--cc=rjw@sisk.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox